aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* odhcp6c: add defaultreqopts config optionHans Dedecker2018-02-012-3/+6
| | | | | | | | | By default odhcp6c asks for a default list of options; the config option defaultreqopts allows to tweak this behavior. When set to 0 odhcp6c will not ask for any options except for the options specified in the reqopts config option. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netfilter: add missing dependency to kmod-ipt-tproxyMatthias Schiffer2018-01-311-1/+1
| | | | | Fixes: e7e025426a "netfilter: clean up dependencies of kernel modules" Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* mac80211: replace revert for 11s compatiblity with upstream fixMatthias Schiffer2018-01-312-60/+55
| | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* netfilter: add packages for arp and bridge tables of nftablesMatthias Schiffer2018-01-311-2/+26
| | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* nftables: remove dependency on kmod-nf-natMatthias Schiffer2018-01-311-1/+1
| | | | | | | | | | | | For minimal firewall setups, NAT support may be unnecessary. It would be possible to further reduce the minimum number of installed modules, e.g. by separating IPv4 and IPv6 support or moving conntrack support into a separate kmod package. We go with a more complete kmod-nft-core for now, until a concrete usecase for smaller packages arises. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* netfilter: clean up dependencies of kernel modulesMatthias Schiffer2018-01-311-15/+38
| | | | | | | | | The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate packages, as they are a common dependency of ip(6)tables and nftables. This avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables modules depend on nf-conntrack(6) now. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* openssl: remove call to now absent clean-staging make targetYousong Zhou2018-01-301-3/+0
| | | | | | | | | It's not needed now since commit a621b8c ("include: clean package staging dir files before configure") Fixes FS#1309 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* kernel: add test MTD driver packageHans Dedecker2018-01-291-0/+16
| | | | | | Allows to test MTD driver using RAM Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netdevices.mk: add missing dependency to kmod-hwmon-coreHauke Mehrtens2018-01-291-2/+2
| | | | | | | The IGB and IXGBE drivers depend on kmod-hwmon core now. Fixes: af707a178fa5 ("netdevices.mk: add hwmon to IGB and IXGBE drivers") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* netdevices.mk: add hwmon to IGB and IXGBE driversPhilip Prindeville2018-01-291-4/+4
| | | | | | | | | | Off-chip NICs can run hotter than the CPU, so they're definitely worth instrumenting. Adding hardware monitoring increases by ~3744 and ~2672 bytes, respectively, the sizes of the igb.ko and ixgbe.ko drivers. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* curl: bump to 7.58.0Hans Dedecker2018-01-282-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a0b5e8944 progress-bar: get screen width on windows 65ceb20df test1454: --connect-to with IPv6 address w/o IPv6 support! eb6e3c4f6 CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support 96186de1f docs: fix man page syntax to make test 1140 OK again af32cd385 http: prevent custom Authorization headers in redirects 993dd5651 curl: progress bar refresh, get width using ioctl() 9d82cde7b RELEASE-NOTES: synced with bb0ffcc36 bb0ffcc36 libcurl-env.3: first take ec122c4c8 TODO: two possible name resolver improvements a5e6d6ebc http2: don't close connection when single transfer is stopped 87ddeee59 test558: fix for multissl builds da07dbb86 examples/url2file.c: add missing curl_global_cleanup() call ddafd45af SSH: Fix state machine for ssh-agent authentication 9e4ad1e2a openssl: fix potential memory leak in SSLKEYLOGFILE logic ca9c93e3e openssl: fix the libressl build again 2c0c4dff0 unit1307: test many wildcards too 2a1b2b4ef curl_fnmatch: only allow 5 '*' sections in a single pattern cb5accab9 ftp-wildcard: fix matching an empty string with "*[^a]" 25c40c9af SMB: fix numeric constant suffix and variable types 945df7410 CURLOPT_TCP_NODELAY.3: fix typo 8dd4edeb9 smtp/pop3/imap_get_message: decrease the data length too... 84fcaa2e7 openssl: enable SSLKEYLOGFILE support by default e44ddfd47 mime: clone mime tree upon easy handle duplication. 2c821bba8 docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata a06311be2 test395: HTTP with overflow Content-Length value 67595e7d2 test394: verify abort of rubbish in Content-Length: value ac17d7947 test393: verify --max-filesize with excessive Content-Length f68e67271 HTTP: bail out on negative Content-Length: values 0616dfa1e configure.ac: append extra linker flags instead of prepending them. 650b9c1d6 RELEASE-NOTES: synced with 6fa10c8fa 6fa10c8fa setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values 3b548ffde setopt: reintroduce non-static Curl_vsetopt() for OS400 support fa3dbb9a1 http2: fix incorrect trailer buffer size 2a6dbb815 easy: fix connection ownership in curl_easy_pause 89f680473 system.h: Additionally check __LONG_MAX__ for defining curl_off_t 14d07be37 COPYING: it's 2018! a8ce5efba progress: calculate transfer speed on milliseconds if possible d4e40f069 scripts: allow all perl scripts to be run directly e4f86025d mail-rcpt.d: fix short-text description 908a9a674 build: remove HAVE_LIMITS_H check 129390a51 openssl: fix memory leak of SSLKEYLOGFILE filename 272613df0 Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX" 481539e90 test1554: improve the error handling 593dcc553 test1554: add global initialization and cleanup dc831260b curl_version_info.3: call the argument 'age' 58d7cd28a brotli: data at the end of content can be lost a0f3eaf25 examples/cacertinmem: ignore cert-already-exists error 859ac3602 tool_getparam: Support size modifiers for --max-filesize b399b0490 build: Fixed incorrect script termination from commit ad1dc10e61 a9b774a77 Makefile.vc: Added our standard copyright header 22fddb85a winbuild: Added support for VC15 ad1dc10e6 build: Added Visual Studio 2017 project files d409640d6 build-wolfssl.bat: Added support for VC15 a4e88317d build-openssl.bat: Added support for VC15 c97648b55 curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX b43755789 examples/rtsp: fix error handling macros f009bbe1f curl_easy_reset: release mime-related data. 4acc9d3d1 content_encoding: rework zlib_inflate e639d4ca4 brotli: allow compiling with version 0.6.0. 9c6a6be88 CURLOPT_READFUNCTION.3: refer to argument with correct name 02f207a76 rand: add a clang-analyzer work-around 13ce373a5 krb5: fix a potential access of uninitialized memory 41982b6ac conncache: fix a return code [regression] 5d0ba70e1 curl: support >256 bytes warning messsages 188a43a8f libssh: fix a syntax error in configure.ac 7ef0c2d86 examples/smtp-mail.c: use separate defines for options and mail 621b24505 THANKS: added missing names cc0cca1ba mailmap: added/clarified several names 9d7a59c8f setopt: less *or equal* than INT_MAX/1000 should be fine 2437dbbf1 vtls: replaced getenv() with curl_getenv() ef5633d4b RELEASE-NOTES: synced with 3b9ea70ee 3b9ea70ee TODO: Expose tried IP addresses that failed 48c184a60 curl.1: mention http:// and https:// as valid proxy prefixes 76db03dd9 curl.1: documented two missing valid exit codes 63e58b8b4 CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference 671f0b506 Revert "curl: don't set CURLOPT_INTERLEAVEDATA" 4b6f3cff7 tests: mark data files as non-executable in git 98c572ed3 tests: update .gitignore for libtests e959f16c5 multi_done: prune DNS cache 06a0a26fb mailmap: fixup two old git Author "aliases" 7ab4e7adb openssl: Disable file buffering for Win32 SSLKEYLOGFILE b1b94305d RESOLVE: output verbose text when trying to set a duplicate name bbea75ad6 CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE a4a56ec93 sftp: allow quoted commands to use relative paths 9fb5a943f CURLOPT_PRIVATE.3: fix grammar 179ee78e8 curl: remove __EMX__ #ifdefs 9dfb19483 openssl: improve data-pending check for https proxy 9ffad8eb1 curl: don't set CURLOPT_INTERLEAVEDATA 912324024 curl.h: remove incorrect comment about ERRORBUFFER ebaab4d17 configure: add AX_CODE_COVERAGE only if using gcc b5881d1fb curl: limit -# update frequency for unknown total size 546e7db78 BINDINGS: another PostgreSQL client 55e609890 CONNECT: keep close connection flag in http_connect_state struct c103cac3c include: get netinet/in.h before linux/tcp.h 00cda0f9b openldap: fix checksrc nits ff07f07cc openldap: add commented out debug possibilities bb0ca2d44 examples: move threaded-shared-conn.c to the "complicated" ones 4fb85b87b RELEASE-NOTES: synced with b261c44e8 b261c44e8 URL: tolerate backslash after drive letter for FILE: 24dcd7466 tests: added netinet/in6.h includes in test servers 76ebd5417 configure: check for netinet/in6.h 0c65678e7 curl-config: add --ssl-backends ea3a5d07d conncache: only allow multiplexing within same multi handle 415b8dff8 threaded-shared-conn.c: fixed typo in commenta 5254d8bf2 threaded-shared-conn.c: new example 07cb27c98 conncache: fix several lock issues 85f0133ea libssh: remove dead code in sftp_qoute 615edc1f7 sasl_getmesssage: make sure we have a long enough string to pass 440140946 libssh2: remove dead code from SSH_SFTP_QUOTE 6401ddad4 ssh-libssh.c: please checksrc 918530752 libssh: fixed dereference in statvfs access 8dad32bcf RESOURCES: update spec names a08f5a77c libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS 8843c0939 libssh: no need to call sftp_get_error as ssh_get_error is sufficient 3cef6f22e libssh: fix minor static code analyzer nits 10bb0b471 openssl: pkcs12 is supported by boringssl 8eff32f0b travis: use pip2 instead of pip b7f534597 lib582: do not verify host for SFTP a2f396680 libssh: added SFTP support c75c9d4fb symbols-in-versions: added new symbols with 7.56.3 version 05675ab5a .travis.yml: added build --with-libssh 38aef6dc4 libssh2: return CURLE_UPLOAD_FAILED on failure to upload 75427291e libssh2: send the correct CURLE error code on scp file not found c92d2e14c Added support for libssh SSH SCP back-end 3973ee6a6 RELEASE-NOTES: synced with af8cc7a69 af8cc7a69 curlver: towards 7.57.1 4b4142491 lib: don't export all symbols, just everything curl_* 9194a9959 SSL: Avoid magic allocation of SSL backend specific data 744ee5838 examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL 270494e1a travis: add boringssl build Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "netdevices.mk: add hwmon to IGB and IXGBE drivers"John Crispin2018-01-281-4/+4
| | | | | | This reverts commit af707a178fa5f23dcf149da3e545958c0085500a. Signed-off-by: John Crispin <john@phrozen.org>
* Revert "netdevices.mk: add missing dependency to kmod-hwmon-core"John Crispin2018-01-281-2/+2
| | | | | | | | | This reverts commit 53f62bc5e5c36c1a08e162d8b26de7d831fc36e5. commit made the builders fail with "Package kmod-igb is missing dependencies for the following libraries: hwmon.ko" Signed-off-by: John Crispin <john@phrozen.org>
* procd: fix procd_lock() when prepare_roofsYousong Zhou2018-01-282-3/+3
| | | | | | | | | | | | This fixes the following errors when doing "make package/install" /home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory flock: 1000: Bad file descriptor Fixes FS#1260 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netdevices.mk: add missing dependency to kmod-hwmon-coreHauke Mehrtens2018-01-281-2/+2
| | | | | | | The IGB and IXGBE drivers depend on kmod-hwmon core now. Fixes: af707a178fa5 ("netdevices.mk: add hwmon to IGB and IXGBE drivers") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build: cleanup SSP_SUPPORT configure optionJulien Dusser2018-01-271-1/+1
| | | | | | | | | | | | | | | | | | Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh, avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain and depends it means 'build gcc with libssp'. Musl no longer uses libssp (1877bc9d8f), it has internal support, so SSP_SUPPORT was disabled leading some package to not use SSP. No information why Glibc and uClibc use libssp, but they may also provide their own SSP support. uClibc used it own with commit 933b588e25 but it was reverted in f3cacb9e84 without details. Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT if either USE_MUSL or GCC_LIBSSP. Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* build: add hardened builds with PIE (ASLR) supportJulien Dusser2018-01-271-0/+3
| | | | | | | | | | | | | | | | | | Introduce a configuration option to build a "hardened" OpenWrt with ASLR PIE support. Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR) by building Position Independent Executables (PIE). This new option protects against "return-to-text" attacks. Busybox need a special care, link is done with ld, not gcc, leading to unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE. If other failing packages were found, PKG_ASLR_PIE:=0 should be added to their Makefiles. Original Work by: Yongkui Han <yonhan@cisco.com> Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* hostapd: add support for hostapd's radius_client_addrStephan Brunner2018-01-271-1/+3
| | | | | | | | Add support for hostapd's radius_client_addr in order to force hostapd to send RADIUS packets from the correct source interface rather than letting linux select the most appropriate. Signed-off-by: Stephan Brunner <s.brunner@stephan-brunner.net>
* perf: use libunwindMaxim Gorbachyov2018-01-271-1/+1
| | | | | | | Without libunwind perf does not show userspace stack frames. Tested on mvebu. Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
* libunwind: enable build for armMaxim Gorbachyov2018-01-271-1/+1
| | | | | | Tested with perf on mvebu. Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
* netdevices.mk: add hwmon to IGB and IXGBE driversPhilip Prindeville2018-01-271-4/+4
| | | | | | | | | | Off-chip NICs can run hotter than the CPU, so they're definitely worth instrumenting. Adding hardware monitoring increases by ~3744 and ~2672 bytes, respectively, the sizes of the igb.ko and ixgbe.ko drivers. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* kernel/modules/other: disable Nokia BT UARTTim Harvey2018-01-271-0/+1
| | | | | | disable the Nokia BT UART present on Nikia N9, N900 & N950 added in 4.12. Signed-off-by: Tim Harvey <tharvey@gateworks.com>
* toolchain/arc: update to the most recent release arc-2017.09Evgeniy Didin2018-01-271-3/+3
| | | | | | | | | | | | | | | This commit finally bumps ARC tools to the most recent arc-2017.09 release version. ARC GNU tools of version arc-2017.09 bring some quite significant changes like: * Binutils v2.29 with additional ARC patches * GCC 7.1.1 with additional ARC patches More information on this release could be found here: https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2017.09-release Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com> CC: Alexey Brodkin <abrodkin@synopsys.com> CC: John Crispin <john@phrozen.org>
* mac80211: revert "wireless: set correct mandatory rate flags"Matthias Schiffer2018-01-262-1/+61
| | | | | | | | | Revert upstream commit 1bd773c077de "wireless: set correct mandatory rate flags", as it breaks 11s interoperability: nodes can only associate when neither or both have this patch. As this is a regression from released versions, revert to the old code for now. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* openssl: tell the build system that we are doing CROSS_COMPILEYousong Zhou2018-01-261-0/+5
| | | | | | | | | | So that it will not try to run c_rehash with the just built binaries on certs/demo. Fixes openwrt/packages#5432 Reported-by: Val Kulkov <val.kulkov@gmail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* iptables: make kmod-ipt-debug part of default ALL buildYousong Zhou2018-01-262-4/+3
| | | | | | | | | The iptables TRACE target is only available in raw table that's why the dependency was moved from iptables-mod-trace into kmod-ipt-debug Fixes FS#1219 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* wireguard: bump to 20180118Kevin Darbyshire-Bryant2018-01-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Bump to latest wireguard release snapshot: 9a93a3d version: bump snapshot 7bc0579 contrib: keygen-html: update curve25519 implementation ffc13a3 tools: import new curve25519 implementations 0ae7356 curve25519: wire up new impls and remove donna f90e36b curve25519: resolve symbol clash between fe types 505bc05 curve25519: import 64-bit hacl-star implementation 8c02050 curve25519: import 32-bit fiat-crypto implementation 96157fd curve25519: modularize implementation 4830fc7 poly1305: remove indirect calls bfd1a5e tools: plug memleak in config error path 09bf49b external-tests: add python implementation b4d5801 wg-quick: ifnames have max len of 15 6fcd86c socket: check for null socket before fishing out sport ddb8270 global: year bump 399d766 receive: treat packet checking as irrelevant for timers No patch refresh required. Compile-tested-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* Revert "mt76: update to the latest version"Felix Fietkau2018-01-251-3/+3
| | | | | | | This reverts commit 99eb128acaf76a69119fd2de8e194f2b2bbb0427. Connectivity issues reported by users, needs rework Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mt76: update to the latest versionFelix Fietkau2018-01-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | 2b7fae4 mt76: fix returnvar.cocci warnings 939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params() cf59170 mt76x2: dfs: add set_domain handler 5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params() f76e25f mt76x2: fix WMM parameter configuration 34d612d mt76: retry rx polling as long as there is budget left 0f8327a mt76x2: fix TSF value in probe responses ad3f8e9 mt76: add an intermediate struct for rx status information 58a41f1 mt76: get station pointer by wcid and pass it to mac80211 b0508d3 mt76: implement A-MPDU rx reordering in the driver code cf3cfc4 mt76: split mt76_rx_complete 461cdf9 mt76: pass the per-vif wcid to the core for multicast rx 9b2c778 mt76: validate rx CCMP PN 302af90 mt76x2: init: disable all pending tasklets during device removal 9f685fe mt7603: init: disable tbtt tasklet during device removal c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames 3968dae mt7603: fix 40 mhz channel bandwidth reporting 9c2e03d mt7603: fix rx LDPC reporting Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: mesh: drop frames appearing to be from usFelix Fietkau2018-01-251-0/+25
| | | | | | | Upstream backport to fix issues arising from devices with duplicate MAC addresses Signed-off-by: Felix Fietkau <nbd@nbd.name>
* vxlan: add options to enable and disable UDP checksumsMatthias Schiffer2018-01-242-3/+5
| | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* netifd: update to latest git HEADMatthias Schiffer2018-01-241-3/+3
| | | | | | af3cadb system-linux: VXLAN: add options to enable and disable UDP checksums Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* procd: update to latest git HEADHans Dedecker2018-01-231-3/+3
| | | | | | | 653629f trace: check asprintf() return value 67eb7e6 trace: add missing limits.h include Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "kernel: add IEEE-1284 parallel port support"Jo-Philipp Wich2018-01-221-38/+5
| | | | | | | | | This reverts commit 666e9cf2220b11ccd024cad13ad54ca71d40c5b3. The change has not been build-tested on non-x86 targets and leads to stalled kernel builds due to unset configuration symbols there. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to latest git HEADJohn Crispin2018-01-221-4/+4
| | | | | | 846e20c procd: add timing to start/stop logging Signed-off-by: John Crispin <john@phrozen.org>
* uqmi: silence error on pin verificationKoen Vandeputte2018-01-221-1/+1
| | | | | | | | | | | | If a device only supports the 2nd verification method (uim), the first method will fail as expected reporting an error: "Command not supported" Silence both separate methods and only report an error regarding pin verification if both fail. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: add IEEE-1284 parallel port supportDaniel Gimpelevich2018-01-221-5/+38
| | | | | | | | | | The kmod-lp package included both lp.ko and ppdev.ko, but ECP device drivers may or may not require lp NOT to be loaded, needing only ppdev. Additionally, There were no packages for any parport interface modules, such as uss720 or parport_pc, provided here. It has not been otherwise possible to use PC-style parport hardware for kmod-lp. Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* kernel: use upstream patches for muslHauke Mehrtens2018-01-203-136/+164
| | | | | | | | | | This replaces the current patches used to make the kernel headers compatible with musl with the version which was accepted upstream. This is included in upstream kernel 4.15. This was compile tested with iproute2 build on all supported kernel versions with musl and one one with glibc. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ubus: fix PKG_MIRROR_HASHHauke Mehrtens2018-01-201-1/+1
| | | | | Fixes: dd975d15a71f ("ubus: fix wrong PKG_SOURCE_DATE") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* nftables: update to 0.8.1Philip Prindeville2018-01-202-81/+6
| | | | | | | Note this requires libnftnl-1.0.8 or higher, so that update needs to be merged first. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* libnftnl: update to 1.0.9Philip Prindeville2018-01-201-7/+7
| | | | | | | | Also, drop unsupported configure options. Don't use git retrieve but released tarball instead. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* dnsmasq: backport validation fix in dnssec security fixKevin Darbyshire-Bryant2018-01-202-2/+2
| | | | | | | | A DNSSEC validation error was introduced in the fix for CVE-2017-15107 Backport the upstream fix to the fix (a simple typo) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: backport dnssec security fixKevin Darbyshire-Bryant2018-01-192-1/+203
| | | | | | | | | | | | | | | | | | | | | | | | | CVE-2017-15107 An interesting problem has turned up in DNSSEC validation. It turns out that NSEC records expanded from wildcards are allowed, so a domain can include an NSEC record for *.example.org and an actual query reply could expand that to anything in example.org and still have it signed by the signature for the wildcard. So, for example !.example.org NSEC zz.example.org is fine. The problem is that most implementers (your author included, but also the Google public DNS people, powerdns and Unbound) then took that record to prove the nothing exists between !.example.org and zz.example.org, whereas in fact it only provides that proof between *.example.org and zz.example.org. This gives an attacker a way to prove that anything between !.example.org and *.example.org doesn't exists, when it may well do so. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ipq-wifi: align AVM FRITZ!Box 4040's board-2.bin packageChristian Lamparter2018-01-182-2/+2
| | | | | | | This patch renames the AVM FRITZ!Box 4040's board-2.bin file and package to match the 'vendor_product' format. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* firmware: ath10k-firmware: update QCA988x firmware to 10.2.4-1.0-00033Christian Lamparter2018-01-181-1/+1
| | | | | | | This patch updates ath10k-firmware to use the firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA988x. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* firmware: ath10k-firmware: update QCA9887 firmware to 10.2.4-1.0-00033Christian Lamparter2018-01-181-1/+1
| | | | | | | This patch updates ath10k-firmware to use the firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA9887. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* firmware: ath10k-firmware: update QCA9888 firmware to 10.4-3.4-00104Christian Lamparter2018-01-181-1/+1
| | | | | | | This patch updates ath10k-firmware to use the firmware-5.bin_10.4-3.4-00104 firmware for the QCA9888. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* firmware: ath10k-firmware: update QCA9984 firmware to 10.4-3.4-00104Christian Lamparter2018-01-181-1/+1
| | | | | | | This patch updates ath10k-firmware to use the firmware-5.bin_10.4-3.4-00104 firmware for the QCA9984. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.4-00104Christian Lamparter2018-01-181-1/+1
| | | | | | | This patch updates ath10k-firmware to use the firmware-5.bin_10.4-3.4-00104 firmware for the QCA4019. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* firmware: ath10k-firmware: update to 2017-12-20Christian Lamparter2018-01-181-3/+3
| | | | | | | This update automatically includes a new firmware for the QCA6174: firmware-6.bin_WLAN.RM.4.4.1-00079-QCARMSWPZ-1 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>