aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* dropbear: disable MD5 HMAC and switch to sha1 fingerprintsMartin Schiller2017-12-122-3/+5
| | | | | | | | | | | | As MD5 is known weak for many years and more and more penetration test tools complain about enabled MD5 HMAC I think it's time to drop it. By disabling the MD5 HMAC support dropbear will also automatically use SHA1 for fingerprints. This shouldn't be a problem too. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* treewide: add only one device when appending to TARGET_DEVICESLuis Araneda2017-12-1210-50/+216
| | | | | | | | | This will avoid some conflicts when doing a git rebase or merge, specially when adding support to a new device. Signed-off-by: Luis Araneda <luaraneda@gmail.com> [drop brcm47xx changes which rename the images] Signed-off-by: Mathias Kresin <dev@kresin.me>
* rules.mk: export TMPDIRJo-Philipp Wich2017-12-121-0/+1
| | | | | | | | Set TMPDIR to the same value as the existing TMP_DIR variable in order to let gcc and various other utilities use the local temporary directory instead of the system-wide one. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wolfssl: update to 3.12.2 (1 CVE)Jo-Philipp Wich2017-12-123-5/+147
| | | | | | | | | | Update wolfssl to the latest release v3.12.2 and backport an upstream pending fix for CVE-2017-13099 ("ROBOT vulnerability"). Ref: https://github.com/wolfSSL/wolfssl/pull/1229 Ref: https://robotattack.org/ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* build: allow PKG_PREPARED_DEPENDS and PKG_CONFIG_DEPENDS to be changed after ↵Felix Fietkau2017-12-122-3/+6
| | | | | | | | | including package.mk Reverts commit a9c96ef0ac7ac99e4928f5312f3d0d1252c98328 and replaces it with a different approach Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mwlwifi: update to version 10.3.4.0 / 2017-11-29Kabuli Chana2017-12-121-3/+3
| | | | | | Improves stability on WRT3200ACM Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
* ar71xx: fix board detection with newer RouterBOOT versionsGabor Juhos2017-12-122-0/+86
| | | | | | | | | | | | | | | Recent RouterBOOT version (at least version 3.41 on RB911G-5HPacD) use "Board=" kernel parameter instead of "board=" to pass the board name to the kernel. Due to this change the board detection code is not working on the devices shipped with the new RouterBOOT version. Because the kernel is unable to identify these boards they become unusable despite that they are supported by the current code. Update the prom_init code to convert the 'Board' kernel parameter to 'board'. After this change, the board detection works also with the new RouterBOOT versions. Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
* brcm47xx: remove versions from linksys-e1000 targetMoritz Warning2017-12-111-2/+2
| | | | | | | | | | The target name does not need to included a revision if all revisions are supported. This target supports all revisions (v1, v2, v2.1). Signed-off-by: Moritz Warning <moritzwarning@web.de> [Keep the version numbers in the device title, it doesn't harm] Signed-off-by: Mathias Kresin <dev@kresin.me>
* brcm47xx: use proper region code in image nameMoritz Warning2017-12-111-9/+9
| | | | | | | Replace 'north-america' by 'na' and remove 'other-regions' in image files for Netgear WGR614 v10. Signed-off-by: Moritz Warning <moritzwarning@web.de>
* lantiq: dgn3500 drop worldwide suffixMathias Kresin2017-12-111-6/+6
| | | | | | | | | | Remove the WW suffix, everything without a region suffix is world wide anyway. While at it, normalise the image filenames by using only lower case characters. Signed-off-by: Mathias Kresin <dev@kresin.me>
* kernel: fix spelling in CONFIG_DEVTMPFS help textSascha Paunovic2017-12-111-1/+1
| | | | | | Change "ti" to "to", as that's the correct spelling. Signed-off-by: Sascha Paunovic <azarus@posteo.net>
* lantiq: nand: drop ubifs imagesMathias Kresin2017-12-112-2/+2
| | | | | | | | | | | | | | | Users are confused which image type they should use and there are more drawbacks than adavantages in using a r/w ubifs rootfs in constrast to a read-only squashfs rootfs like: - less available free flash space due to better compression of squashfs images - no support for factory reset due to r/w filesystem - possibility to break failsafe due to r/w filesystem Therefore, drop support for r/w ubifs rootfs images. Signed-off-by: Mathias Kresin <dev@kresin.me>
* dnsmasq: add DHCP build switch support in full variantHans Dedecker2017-12-101-5/+10
| | | | | | | | Add config option which allows to enable/disable DHCP support at compile time. Make DHCPv6 support dependant on DHCP support as DHCPv6 support implies having DHCP support. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: fix glibc libresolv dependency for LEDE nslook appletJo-Philipp Wich2017-12-101-1/+1
| | | | | | | Fixes d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config. Fixes FS#1212. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: remove remaining uses of %N, and drop VERSION_NICK config symbolMatthias Schiffer2017-12-092-10/+3
| | | | | | Fixes d23e1e1e1a "merge: properly remove %n / %N references" Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* merge: properly remove %n / %N referencesJo-Philipp Wich2017-12-093-7/+4
| | | | | | | | | | - use %d instead of %n for opkg feed identifiers - remove %n / %N references from version files Fixes bf5cef47b3 merge: release/banner: drop release name and update banner. Fixes FS#1213. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ramips: fix a typo in 02_networkPavel Kubelun2017-12-081-1/+1
| | | | | | | The typo in network defaults script in ramips target that prevents defaults to initialize. Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
* netifd: always send DHCPv4 hostnameMathias Kresin2017-12-081-0/+1
| | | | | | | | | | | udhcpc doesn't send a hostname by default. Use the system hostname if nothing else is specified, to always send a hostname. It syncs the behaviour to odhcpc, which always sends a hostname. Signed-off-by: Mathias Kresin <dev@kresin.me> Acked-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: nand: remove nand_board_name platform overrideMathias Kresin2017-12-081-9/+0
| | | | | | It isn't uses anymore by any target. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ar71xx: remove nand_board_name platform overrideMathias Kresin2017-12-081-9/+0
| | | | | | | The boardname isn't used any longer to find the subdirectory in the sysupgrade tar archive, which makes this override useless. Signed-off-by: Mathias Kresin <dev@kresin.me>
* procd: nand: dont rely on boardname in nand_upgrade_tarMathias Kresin2017-12-081-7/+9
| | | | | | | | | | | | | | | | Kernel and rootfs in a subdirectory matching the userspace boardname, was intended to use a single sysupgrade-tar archive for multiple boards with different kernel/rootfs images. This feature was never used. Use the first found directory in the tar archive instead of relying on a directory named according to the userspace boardname. It allows to change the boardname without adding another compatibility layer - using the nand_board_name() function - for (sub)targets using the metadata based image validation in favour to nand_do_platform_check(). Signed-off-by: Mathias Kresin <dev@kresin.me>
* kernel: MIPS compile out no-op DMA mapping ops where possibleFelix Fietkau2017-12-083-1/+173
| | | | | | Slightly improves networking throughput on some devices Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ag71xx: Reduce NAPI weight to 32.Rosen Penev2017-12-081-1/+6
| | | | | | | | | | | | | | Qualcomm claims this reduces cache misses. Original commit message below: From: Ben Menchaca <ben.menchaca@qca.qualcomm.com> Date: Tue, 11 Jun 2013 12:18:46 -0500 Subject: [ag71xx] reduce NAPI weight In an attempt to increase our cache warmth, we are decreasing NAPI. This increases the warmth of the reused SKBs. Signed-off-by: Ben Menchaca <ben.menchaca@qca.qualcomm.com> Signed-off-by: Rosen Penev <rosenp@gmail.com>
* Revert "ag71xx: Switch from driver to kernel macro for NAPI_WEIGHT."Rosen Penev2017-12-083-6/+7
| | | | | | The motivation for this was misguided. It turns out tuning the NAPI weight could be useful for testing purposes. Therefore reverting. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* toolchain: musl: update to current HEADChristian Lamparter2017-12-082-21/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: 72656157 fix fgetwc when decoding a character that crosses buffer boundary a223dbd2 add reverse iconv mappings for JIS-based encodings 105eff9d generalize iconv framework for 8-bit codepages a71b46cf fix malloc state corruption when ldso rejects loading a second libc d060edf6 reformat cjk iconv tables to be diff-friendly, match tool output c21051e9 prevent fork's errno from being clobbered by atfork handlers a39f20bf add iso-2022-jp support (decoding only) to iconv 5b546faa add iconv framework for decoding stateful encodings 0df5b39a simplify/optimize iconv utf-8 case 9eb6dd51 handle ascii range individually in each iconv case bff59d13 move iconv_close to its own translation unit 79f49eff refactor iconv conversion descriptor encoding/decoding 30fdda6c fix getaddrinfo error code for non-numeric service with AI_NUMERICSERV 67b29947 fix mismatched type of __pthread_tsd_run_dtors weak definition 13935337 s390x: use generic ioctl.h 4dc44ce8 microblaze: add statx syscall from linux v4.13 ffd048a0 aarch64: add extra_context struct from linux v4.13 6651ef1f add new tcp.h socket options from linux v4.13 14ced228 add new fcntl.h macros from linux v4.13 754f66af ioctl TIOCGPTPEER from linux v4.13 c35a8bf4 add SO_ getsockopt options from linux v4.13 5daaed6a s390x: add syscall number for s390_guarded_storage from linux v4.12 2dc6760f i386: add arch_prctl syscall number from linux v4.12 840d45be aarch64: add new HWCAP_* flags from linux v4.12 4c811227 add ARPHDR_VSOCKMON from linux v4.12 54f04d99 add new SO_ socket options from linux v4.12 9864f60e add statx syscall numbers from linux v4.11 c519658c add TCP_NLA_* enums from linux v4.11 ee3ae782 add TCP_FASTOPEN_CONNECT tcp socket option from linux v4.11 3eb82f73 add ETH_P_IBOE from linux v4.11 bd1560f6 update aarch64 hwcap.h for linux v4.11 cee73f0c add kexec_file_load syscall number on powerpc from linux v4.10 8f569557 add microblaze syscall numbers from linux v4.10 d8004030 add TFD_TIMER_CANCEL_ON_SET that timerfd.h was missing f5638c22 add ETH_MIN_MTU and ETH_MAX_MTU from linux v4.10 01369691 add IP_RECVFRAGSIZE and IPV6_RECVFRAGSIZE from linux v4.10 5c596ed8 add SCM_TIMESTAMPING_OPT_STATS and related TCP_ enums from linux v4.10 6fc6ca1a adjust posix_spawn dup2 action behavior to match future requirements Cc: Syrone Wong <wong.syrone@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* base-files: upgrade: make get_partitions() endian agnosticChristian Lamparter2017-12-081-5/+13
| | | | | | | | | | | | | | | | | | | | | | | | This patch fixes two issues with the current get_partitions() function. First: "Invalid partition table on $disk" will pop up on legitimate images on big endian system. This is because the little-endian representation of "55 AA" is assumed in the context of little-endian architectures. On these comparing it to the 16-bit word 0xAA55 does work as intented. Whereas on big-endian systems, this would have to be 0x55AA. This patch fixes the issue by replacing the integer conversion and value match check with just a string comparision. Second: The extraction of the type, start LBA and LBA num from the partition table has the same endianness issue. This has been fixed by using the new hex_le32_to_cpu() function. This function will translate the stored little-endian data to the correct byte-order if necessary. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.2.1-00058Christian Lamparter2017-12-081-4/+4
| | | | | | | | This patch updates ath10k-firmware to use the firmware-5.bin_10.4-3.2.1-00058 firmware for the QCA4019. Cc: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* merge: etc: update remaining filesZoltan HERPAI2017-12-084-4/+4
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: uhttpd: update cert generation to match system defaultsZoltan HERPAI2017-12-081-1/+1
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patchZoltan HERPAI2017-12-083-16/+16
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: packages: update branding in core packagesZoltan HERPAI2017-12-087-10/+10
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: ssid: update default ssidZoltan HERPAI2017-12-084-5/+5
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: targets: update image generation and targetsZoltan HERPAI2017-12-0822-48/+49
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: release/banner: drop release name and update bannerZoltan HERPAI2017-12-082-20/+10
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: base: update base-files and basic configZoltan HERPAI2017-12-0810-19/+19
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* mt76: update to the latest version, fixes setting per-vif mac addressFelix Fietkau2017-12-081-3/+3
| | | | | | | | | | | | | | d02a05b mt7603: update firmware to version 20160107100755 4d4cd05 Partially revert "mt7603: use mcu command to set timing registers, fix OFDM timeout values" 170f334 mt76x2: remove MAC address limitation for multi-vif setups 3563b8f mt76x2: clean up MAC/BSSID address initialization 9de77e1 mt76x2: drop wiphy->addresses a6a6e25 mt76x2: init: disable APCLI by default c64633e mt76x2: configure rx filter based on monitor mode setting ac815fa mt76x2: init: fix rx filter default value during init e504656 mt7603: configure other-unicast drop based on monitor mode setting Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ar71xx: C58/C59 fix LAN1 working incorrectlyDavid Bauer2017-12-081-1/+1
| | | | | | | This commit fixes LAN Port 1 not transferring data in case no other LAN Port has active link-state on TP-Link Archer C58/C59. Signed-off-by: David Bauer <mail@david-bauer.net>
* openssl: update to 1.0.2nPeter Wagner2017-12-081-3/+3
| | | | | | | | add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s) Fixes CVEs: CVE-2017-3737, CVE-2017-3738 Signed-off-by: Peter Wagner <tripolar@gmx.at>
* tools/sstrip: Fix compile under standard linux.Rosen Penev2017-12-081-4/+5
| | | | | | bswap32 undefined is the issue. Added the proper header. Also fixed a few format/conversion warnings that clang complained about without -Wall or -Wextra. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* odhcpd: fix faulty PKG_SOURCE_DATE in 711a816Hans Dedecker2017-12-071-1/+1
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* opkg: bump to version 2017-12-07Rafał Miłecki2017-12-071-3/+3
| | | | | | | | | | | | | Changes: 3b417b9 opkg_download: decode file:/ URLs 71c27cb file_util: implement urldecode_path() d1fe095 file_util: consolidate hex/unhex routines ebdfc12 add opkg option http_timeout 9f003e3 opkg: encode archive filenames while constructing download URLs 73e6c81 file_util: implement urlencode_path() helper 468158f libopkg: fix SHA256 calculation for big endian system Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* rpcd: update to version from 2017-12-07Daniel Golle2017-12-071-3/+3
| | | | | | | cfe1e75c91bc1 sys: packagelist: allow listing all packages 74a784f037867 sys: fix passwd path Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: write atomic host fileHans Dedecker2017-12-072-4/+6
| | | | | | | | | | | Different invocations of the dnsmasq init script (e.g. at startup by procd) will rewrite the dhcp host file which might result into dnsmasq reading an empty dhcp host file as it is being rewritten by the dnsmasq init script. Let the dnsmasq init script first write to a temp dhcp host file so it does not overwrite the contents of the existing dhcp host file. Reported-by: Hartmut Birr <e9hack@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* strace: Update to 4.20Rosen Penev2017-12-071-3/+2
| | | | | | | Compiled and tested on mvebu. Mainly a kernel 4.14 change. Also reordered the Makefile a little bit. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* hostapd: backport fix for wnm_sleep_mode=0Timo Sigurdsson2017-12-072-1/+36
| | | | | | | | | | | | | wpa_disable_eapol_key_retries can't prevent attacks against the Wireless Network Management (WNM) Sleep Mode handshake. Currently, hostapd processes WNM Sleep Mode requests from clients regardless of the setting wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in order to ignore such requests by clients when wnm_sleep_mode is disabled (which is the default). Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de> [rewrite commit subject (<= 50 characters), bump PKG_RELEASE] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: Expose the tdls_prohibit option to UCITimo Sigurdsson2017-12-071-1/+6
| | | | | | | | | | | | | | | | wpa_disable_eapol_key_retries can't prevent attacks against the Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested that the existing hostapd option tdls_prohibit can be used to further complicate this possibility at the AP side. tdls_prohibit=1 makes hostapd advertise that use of TDLS is not allowed in the BSS. Note: If an attacker manages to lure both TDLS peers into a fake AP, hiding the tdls_prohibit advertisement from them, it might be possible to bypass this protection. Make this option configurable via UCI, but disabled by default. Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
* kernel: bump 4.9 to 4.9.67Stijn Tintel2017-12-0724-389/+23
| | | | | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: - generic/190-1-5-e1000e-Fix-error-path-in-link-detection.patch - generic/190-3-5-e1000e-Fix-return-value-test.patch - generic/190-4-5-e1000e-Separate-signaling-for-link-check-link-up.patch - generic/190-5-5-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch - ramips/0102-MIPS-ralink-Fix-MT7628-pinmux.patch - ramips/0103-MIPS-ralink-Fix-typo-in-mt7628-pinmux-function Update patches that no longer apply: - layerscape/815-spi-support-layerscape.patch - ramips/0099-pci-mt7620.patch Compile-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64. Runtime-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* iproute2: align ip help text for tiny variantHans Dedecker2017-12-061-1/+18
| | | | | | | | Tiny variant supports a subset of the ip commands; align the ip help text so it actually reflects which commands are supported in the tiny variant. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: update to v4.14.1Russell Senior2017-12-0610-66/+64
| | | | | | | Preserves optionality of libmnl by letting configuration script follow the HAVE_MNL environment variable. Signed-off-by: Russell Senior <russell@personaltelco.net>
* odhcpd: update to latest git HEADHans Dedecker2017-12-061-4/+4
| | | | | | c516801 dhcpv4: notify DHCP ACK and RELEASE via ubus Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>