aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
...
* base-files: sysupgrade: pass "backup" ubus attributeRafał Miłecki2019-09-111-0/+3
| | | | | | | | This explicitly tells procd what backup file should be used during sysupgrade (if any). It's much more generic this way compared to the magic /tmp/sysupgrade.tgz file that had to be created before a call. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* hostapd: SAE/EAP-pwd side-channel attack updateHauke Mehrtens2019-09-109-1/+397
| | | | | | | | Fixes this security problem: * SAE/EAP-pwd side-channel attack update https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Fix security problemHauke Mehrtens2019-09-103-1/+81
| | | | | | | | | | | This fixes: CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment" https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt This shouöld not affect OpenWrt in the default settings as we do not use EAP-pwd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-09-101-3/+3
| | | | | | e2a7bc4 iwinfo: add WPA3 support Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mac80211: brcmfmac: backport more kernel 5.4 changesRafał Miłecki2019-09-098-9/+283
| | | | | | | Patch getting RAM info got upstreamed. A debugging fs entry for testing reset feature was added. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-09-081-4/+4
| | | | | | | | | | | 69eeb1b file: refactor message parsing and permission checking f65527a iwinfo: expose all rate info fields in assoclist reply 7fec636 sys: fix symbol redeclaration 27c24c7 rpcd: sys: actually move timespec declaration 345363b file: add remove operation 604db20 rpcd: Switch to nanosleep Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall: update to latest git HEADHauke Mehrtens2019-09-081-3/+3
| | | | | | 487bd0d utils: Fix string format message Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* base-files: validate firmware for compatibility with backupRafał Miłecki2019-09-081-0/+7
| | | | | | | | | This allows platform code to check if firmware image can be used with preserving a backup. It may be used e.g. when installing vendor firmwares that won't restore appended backup archive. Suggested-by: Luis Araneda <luaraneda@gmail.com> Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* firewal: update to latest git HEADHans Dedecker2019-09-071-3/+3
| | | | | | | | 4d0c703 firewall3: Fix some format string problems 8c404ef iptables.c: lock the xtables.lock c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: update to latest git HEADHans Dedecker2019-09-071-2/+2
| | | | | | e199804 dhcpv6: sanitize oro options Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uboot-fritz4040: build with ipq40xx "generic" subtargetYousong Zhou2019-09-061-0/+1
| | | | | | Fixes: 853e4dd3 ("ipqx0xx: add Generic subtarget") Ref: https://forum.openwrt.org/t/ipq40xx-snapshot-not-updated-since-22nd-august/44126 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* treewide: use new procd sysupgrade $UPGRADE_BACKUP variableRafał Miłecki2019-09-052-2/+1
| | | | | | | | | | It's a variable set by procd that should replace hardcoded /tmp/sysupgrade.tgz. This change requires the most recent procd with the commit 0f3c136 ("sysupgrade: set UPGRADE_BACKUP env variable"). Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* procd: update to the latest git HEADRafał Miłecki2019-09-051-3/+3
| | | | | | | | | | 0f3c136 sysupgrade: set UPGRADE_BACKUP env variable 0bcbbbf system: fix uninitialized variables in firmware validation code This update includes a fix for uninitialized variable usage. Fixes: 7290963d0992 ("procd: update to the latest git HEAD") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: use get_mac_binary() in mtd_get_mac_binary_ubi()Adrian Schmutzler2019-09-051-6/+1
| | | | | | | | | | | | The actual retrieval of the MAC address in mtd_get_mac_binary_ubi() is the same as in get_mac_binary(). Thus, use the latter function in the former to reduce duplicate code. This will also allow to benefit from the enhanced path check there and bring mtd_get_mac_binary_ubi() more in line with the similar mtd_get_mac_binary(). Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* base-files: fix mtd_get_mac_text not accepting hex offsetsDavid Bauer2019-09-051-1/+1
| | | | | | | | | | | The mtd_get_mac_text helper method did not support hexadecimal offset values, resulting them to break after 75bfc393ba6c ("treewide: convert MAC address location offsets to hexadecimal") This commit fixes this by evaluating the hexadecimal input, converting them to decimal. Signed-off-by: David Bauer <mail@david-bauer.net>
* treewide: don't hardcode "sysupgrade.tgz" file nameRafał Miłecki2019-09-052-1/+3
| | | | | | | | 1) Add BACKUP_FILE and use it when copying an archive to be restored after sysupgrade (on the next preinit). 2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* uboot-envtools: Update to U-Boot version 2019.07Hauke Mehrtens2019-09-042-7/+7
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* brcm2708-gpu-fw: update to latest firmwareÁlvaro Fernández Rojas2019-09-041-15/+15
| | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* procd: update to the latest git HEADRafał Miłecki2019-09-041-3/+3
| | | | | | | | | | | | 34ac88c system: reject sysupgrade of invalid firmware images by default f55c235 system: reject sysupgrade of broken firmware images e990e21 system: add "validate_firmware_image" ubus method This update changes "sysupgrade" ubus method API. It's now required to pass "force" attribute whenever invalid firmware is meant to be installed. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: pass "force" parameter to the "sysupgrade" callRafał Miłecki2019-09-041-0/+3
| | | | | | | This makes sysupgrade work with the most recent procd that validates firmware before proceeding. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* uci: update to latest Git HEADHauke Mehrtens2019-09-011-3/+3
| | | | | | 415f9e4 uci/file: replace mktemp() with mkstemp() Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iwinfo: update to latest Git HEADHauke Mehrtens2019-09-011-3/+3
| | | | | | | | f599a8d iwinfo: Fix rate buffer size 71ec9be iwinfo: Fix buffer size f8ef450 iwinfo: Add support for WPA3 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* grub2: bump to 2.04Tomasz Maciej Nowak2019-09-017-187/+11
| | | | | | | | | | | | | | | | | | | | | * GCC 8 and 9 support. * Gnulib integration overhaul. * RISC-V support. * Xen PVH support. * Native UEFI secure boot support. * UEFI TPM driver. * New IEEE 1275 obdisk driver. * Btrfs RAID 5 and RIAD 6 support. * bootin from F2FS support. * PARTUUID support. * VLAN support. * Native DHCP support. * Many ARM and ARM64 fixes. * Many SPARC fixes. * Many IEEE 1275 fixes. * ...and tons of other fixes and cleanups... Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
* uboot-zynq: update to 2019.07Luis Araneda2019-09-015-569/+28
| | | | Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* nftables: bump to version 0.9.2Konstantin Demin2019-09-012-31/+4
| | | | | | | | | | | | | | - exclude Python-related stuff from build - drop patches: * 010-uclibc-ng.patch, applied upstream ipkg size decrease by 2.8%: old: 194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk new: 189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* libnftnl: bump to version 1.1.4Konstantin Demin2019-09-011-2/+2
| | | | | | | | | | | | ABI version is same. The ipkg size increase by about 2.2%: old: 47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk new: 48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-09-011-3/+3
| | | | | | | 821045f file: add path based read/write/exec ACL checks fb337e5 file: add stat() information to directory listings Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: add support to generate EC keysEneas U de Queiroz2019-09-013-2/+14
| | | | | | | | This adds the key_type and ec_curve options to enable the generation of EC keys during initialization, using openssl or the new options added to px5g. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* px5g: support EC keysEneas U de Queiroz2019-09-012-19/+71
| | | | | | | | | | | | | | | | | | This adds an 'eckey' command to generate an EC key, with an optional curve name argument, with P-256 as default. For the 'selfsigned' command, it adds an 'ec' algorithm argument to the '-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option, mirroring the way openssl specifies the curve name. Notice that curve names are not necessarily the same in mbedtls and openssl. In particular, secp256r1 works for mbedtls, but openssl uses prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256 and P-384 are specifically supported. Package size increased by about 900 bytes (arm). Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: always build with EC supportEneas U de Queiroz2019-09-012-19/+2
| | | | Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libnfnetlink: Avoid passing both -fPIC and -fpicRosen Penev2019-08-311-3/+4
| | | | | | | | Instead, instruct the configure script to use $(FPIC) only. Mixing -fPIC and -fpic can cause issues on some platforms like PPC. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ncurses: Do not pass both -fPIC and -fpicRosen Penev2019-08-311-2/+4
| | | | | | | | | | The configure scripts matches Linux with -fPIC, which is not exactly what is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to avoid passing -fPIC. Removed PKG_BUILD_DIR as it is already the default value. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* lua: create lua symlink for host installationDavid Bauer2019-08-311-1/+3
| | | | | | | | | Since the binaries for both lua as well as lua5.3 contain the version number, invocations of the "lua" binary are failing, as it's not created anymore for the host package. Fixes: fe59b46 ("lua: include version number in installed files") Signed-off-by: David Bauer <mail@david-bauer.net>
* base-files: use JSON for storing firmware validation infoRafał Miłecki2019-08-302-14/+73
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So far firmware validation result was binary limited: it was either successful or not. That meant various limitations, e.g.: 1) Lack of proper feedback on validation problems 2) No way of marking firmware as totally broken (impossible to install) This change introduces JSON for storing detailed validation info. It provides a list of performed validation tests and their results. It allows marking firmware as non-forceable (broken image that can't be even forced to install). Example: { "tests": { "fwtool_signature": true, "fwtool_device_match": true }, "valid": true, "forceable": true } Implementation is based on *internal* check_image bash script that: 1) Uses existing validation functions 2) Provides helpers for setting extra validation info This allows e.g. platform_check_image() to call notify_check_broken() when needed & prevent user from bricking a device. Right now the new JSON info is used by /sbin/sysupgrade only. It still doesn't make use of "forceable" as that is planned for later development. Further plans for this feature are: 1) Expose firmware validation using some new ubus method 2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus method so: a) It's possible to safely sysupgrade using ubus only b) /sbin/sysupgrade can be more like just a CLI Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* linux-firmware: add mediatek BT firmwareJohn Crispin2019-08-301-0/+9
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* mac80211: rt2x00: revert commit causing regression in 5GHz bandDaniel Golle2019-08-298-14/+84
| | | | | | | | | | | | | | | | | | | From: Stanislaw Gruszka <sgruszka@redhat.com> This reverts commit 9ad3b55654455258a9463384edb40077439d879f. As reported by Sergey: "I got some problem after upgrade kernel to 5.2 version (debian testing linux-image-5.2.0-2-amd64). 5Ghz client stopped to see AP. Some tests with 1metre distance between client-AP: 2.4Ghz -22dBm, for 5Ghz - 53dBm !, for longer distance (8m + walls) 2.4 - 61dBm, 5Ghz not visible." It was identified that rx signal level degradation was caused by 9ad3b5565445 ("rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band"). So revert this commit. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: fix compile issue with glibc (FS#2469)Hans Dedecker2019-08-281-3/+3
| | | | | | 0430252 sysupgrade: add missing _GNU_SOURCE define (FS#2469) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ath9k: backport dynack improvementsKoen Vandeputte2019-08-284-0/+300
| | | | | | | | | | | | | | | | | | | | | | | | | Close cooperation with Lorenzo Bianconi resulted in these patches which fix all remaining seen issues when using dynack. Fix link losses when: - Late Ack's are not seen or not present - switching from too low static coverage class to dynack on a live link These are fixed by setting the Ack Timeout/Slottime to the max possible value for the currently used channel width when a new station has been discovered. When traffic flows, dynack is able to adjust to optimal values within a few packets received (typically < 1 second) These changes have been thoroughly tested on ~60 offshore devices all interconnected using mesh over IBSS and dynack enabled on all. Distances between devices varied from <100m up to ~35km Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
* fstools: update to latest Git HEADJo-Philipp Wich2019-08-282-5/+5
| | | | | | | | | 6a61b9a probe: fallback to libblkid.so.1 when libblkid.so does not exist Also remove deprecation notices from init script while we're at it. Fixes: FS#2274 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-08-281-3/+3
| | | | | | | | a9f9557 nl80211: support reading hardware id from phy directly c586cd3 iwinfo: add device id for MediaTek MT7612E d4382dd iwinfo: add device id for Atheros AR9390 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* brcm2708-gpu-fw: update to latest firmwareÁlvaro Fernández Rojas2019-08-271-12/+12
| | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* mtd-utils: update to 2.1.1DENG Qingfang2019-08-272-32/+4
| | | | | | | Removed upstream patch Compile and run tested on mvebu Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* ath10k-firmware: update Candela Tech firmware imagesKoen Vandeputte2019-08-271-24/+24
| | | | | | | | | | | | | | | | | | | | | | | | | This should fix a problem with 1560 MTU, 160Mhz on DFS channels, some other small issues on < 5.2 kernels, and for 5.2 driver, it pulls in some upstream stable fixes. wave-1 firmware changes since last update: * June 24, 2019: Try allocating low-priority WMI msgs if high-prio are not available. * June 24, 2019: Init rate-ctrl to start at lowest rate instead of in the middle. Hoping this helps DHCP when station connects from a long distance. wave-2: * June 24, 2019 Start rate-ctrl at minimal values to help DHCP work better for far-away peers. * July 24, 2019 Fix old regression that made /a (and probably /b/g) perform poorly, at least on diet-compiled images. * Aug 8, 2019 Improve a/b/g rate-ctrl by damping the PER swings caused by the all-or-nothing logic of transmitting non-block-ack frames one at a time. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: move crypto-arc4 into a moduleFelix Fietkau2019-08-263-1/+13
| | | | | | It is no longer required by wireless drivers, so we can save some space here Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mt76: update to the latest versionFelix Fietkau2019-08-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fb0f432834c0 mt76: stop rx aggregation on station removal 76aada563b66 mt76: dma: reset q->rx_buf on rx reset 3245ca8b8aeb mt76: check of_get_mac_address for NULL as well to restore old kernel compat 8e495245ab3d mt76: mt7615: move mt7615_mac_get_key_info in mac.c e4f48a8df6aa mt76: mt7615: add mt7615_mac_wtbl_addr routine e8c95e5a41f0 mt76: mt7615: introduce mt7615_mac_wtbl_set_key routine d998b90c4bed mt76: mt7615: remove wtbl_sec_key definition 60d279ec2762 mt76: mt7615: add set_key_cmd and mt76_wcid to mt7615_mac_wtbl_set_key signature 4947ad4eab6a mt76: introduce mt76_mmio_read_copy routine 4d9001b8ab1d mt76: mt7615: fix MT7615_WATCHDOG_TIME definition 3d6796b867b6 mt76: mt7603: fix watchdog rescheduling in mt7603_set_channel 8d7a48030005 mt76: mt7615: add 4 WMM sets support ae0f11149248 mt76: mt7615: update cw_min/max related settings 8b7bbd017654 mt76: mt7603: fix some checkpatch warnings e6045467848d mt76: mt7615: fix some checkpatch warnings c415c676e255 mt76: mt76x02: fix some checkpatch warnings f625afcedc9b mt76: switch to SPDX tag instead of verbose boilerplate text 4d57f1cee4aa mt76: mt7615: rework locking scheme for mt7615_set_channel 2becd13be766 mt76: mt7615: add Smart Carrier Sense support 20f0c196722a mt76: mt76x02: introduce mt76x02_pre_tbtt_enable and mt76x02_beacon_enable macros ae83a05b1050 mt76: mt76x02: do not copy beacon skb in mt76x02_mac_set_beacon_enable 92fa62ace198 mt76: mt76x02u: enable multi-vif support c6dabfe953af mt76: mt76x02u: enable survey support 1f44159b41ff mt76: mt7603: move survey_time in mt76_dev 9657e6304322 mt76: mt7615: enable survey support af860c0decb1 mt76: move mt76_tx_tasklet in mt76 module a9d2a28b39fc mt76: mt7603: remove unnecessary mcu queue initialization 281b10fc1fe6 mt76: mt7615: add BIP_CMAC_128 cipher support 37673a4181e4 mt76: fix some checkpatch warnings a7fa32603981 mt76: add default implementation for mt76_sw_scan/mt76_sw_scan_complete 5c35bdf057af mt7615: apply calibration-free data from OTP 0e3baf0213c9 mt76: fix a leaked reference by adding a missing of_node_put 2d5928fef23d net: Remove dev_err() usage after platform_get_irq() a0824197ab00 mt76: mt76x0e: disable 5GHz band for MT7630E 4d8a9f20610f mt76: do not send BAR frame on tx aggregation flush stop 2a0edbb4473b mt76: remove offchannel check in tx scheduling Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: refresh patchesChristian Lamparter2019-08-2415-40/+38
| | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* openssl: refresh patchesChristian Lamparter2019-08-243-7/+7
| | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* fstools: update to HEAD of 2019-07-01 - 1539b5Christian Lamparter2019-08-241-4/+4
| | | | | | | | | | | | | | | Update fstools to commit 1539b535ac327a3bc599d1ca871e14fd0dc3bba1 git log --pretty=oneline --abbrev-commit ff1ded63..1539b535 1539b53 libblkid-tiny: increment label size to 256 d563f3c libblkid-tiny: fix wrong btrfs label length 3957dd3 block: prevent mount point confusion 9b36dc2 libfstools: avoid false positives when matching devices and volumes Created with the help of the make-package-update-commit.sh script. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ath10k-ct: update to HEAD of 2019-08-14 - 9e5ab2Christian Lamparter2019-08-247-41/+96
| | | | | | | | | | | | | Update ath10k-ct to commit 9e5ab25027e0971fa24ccf93373324c08c4e992d git log --pretty=oneline --abbrev-commit f0aa8130..9e5ab250 9e5ab25 ath10k-ct: Update to latest 5.2 upstream, support bigger mtu, 160Mhz Created with the help of the make-package-update-commit.sh script and refresh patches. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* mvebu: uDPU: add sysupgrade supportVladimir Vid2019-08-241-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | This patch adds sysupgrade, uboot-env and networking support for Methode uDPU device. Device features 4 partitions: ----------------------------------------- | boot | recovery | rootfs | misc | | (ext4) | (ext4) | (fsf2) | (f2fs) | _________________________________________ Idea was to use f2fs only but the u-boot currently lacks support so first 2 partition are ext4 to be u-boot readable, and this was a reason why custom build and sysupgrade sections were required. On the sysupgrade, boot and rootfs partitions are updated, firmare image and user configuration is saved on the misc partition and if the upgrade was successfull, recovery partition will be updated on after the reboot from preinit script. If the sysupgrade fails for any reason, device will fallback to recovery initramfs image. Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>