aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* procd: assign /dev/tty* nodes to "tty" groupJo-Philipp Wich2017-06-262-1/+5
| | | | | | | | Adjust default permissions and ownership of /dev/tty* nodes from 0600/root:root to 0660/root:tty in order to support granting unprivileged user access when needed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: add "tty" user groupJo-Philipp Wich2017-06-261-0/+1
| | | | | | | | This is needed for an upcoming change to the hotplug default rules which will cause /dev/tty* nodes to get assigned to the "tty" group in order to support unprivileged user access when needed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: update to 2.4.3Magnus Kroken2017-06-265-13/+14
| | | | | | | | | | | | | | | | | | | | Fixes for security and other issues. See security announcement for more details: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 * Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508) * Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520) * Potential double-free in --x509-alt-username (CVE-2017-7521) * Remote-triggerable memory leaks (CVE-2017-7512) * Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522) * Null-pointer dereference in establish_http_proxy_passthru() * Restrict --x509-alt-username extension types * Fix potential 1-byte overread in TCP option parsing * Fix mbedtls fingerprint calculation * openssl: fix overflow check for long --tls-cipher option * Ensure option array p[] is always NULL-terminated * Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to 2.5.1Magnus Kroken2017-06-262-27/+27
| | | | | | | | | | | | | | | Fixes some security issues (no remote exploits), and introduces some changes. See release notes for details: https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read() * Adds exponent blinding to RSA private operations * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()) * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification. * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes. * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* treewide: add license tagsFlorian Eckert2017-06-2410-0/+16
| | | | | | Add licence tags where missing. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* fritz_tffs_read: get tffs size from input fileMathias Kresin2017-06-241-3/+7
| | | | | | | | | | Use the size of the input file as maximum tffs size instead of a fixed value. The tffs on a AVM Fritz 300E can be up to 512KByte for example. Fixes a read error for the AVM Fritz 3370 where the tffs partition size is 64Kbyte and smaller than the former default value of 256KByte. Signed-off-by: Mathias Kresin <dev@kresin.me>
* libreadline: add host-buildDaniel Golle2017-06-242-0/+2
| | | | | | Also make sure that the PKG_NAME and folder name are equal. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* valgrind: bump to 3.13.0Luiz Angelo Daros de Luca2017-06-243-49/+4
| | | | Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* ca-certificates: Update to version 20161130+nmu1Christian Schoenebeck2017-06-241-3/+3
| | | | Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* busybox: ash/hush fix for read-builtin commandBastian Bittorf2017-06-241-0/+147
| | | | | | | | | | | this is a cherrypick from busybox-git HEAD: f5470419404d643070db99d058405b714695b817 and can be removed when upgrading to next busybox release. discussion here: http://lists.busybox.net/pipermail/busybox/2017-May/085439.html Signed-off-by: Bastian Bittorf <bb@npl.de>
* hostapd: add support for acs_chan_bias optionKevin Darbyshire-Bryant2017-06-242-2/+6
| | | | | | | | | | During auto channel selection we may wish to prefer certain channels over others. e.g. we can just squeeze 4 channels into europe so '1:0.8 5:0.8 9:0.8 13:0.8' does that. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'Stefan Tomanek2017-06-241-0/+145
| | | | | | | | This is a backport from the busybox repository (192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the suppress_{prefixlength,ifgroup} flags for policy routing rules. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
* procd: update to latest versionHans Dedecker2017-06-231-3/+3
| | | | | | e5e99c4 watchdog: add support for starting/stopping kernel watchdog Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: fix PKG_CONFIG_DEPENDS to include version.mk entriesRafał Miłecki2017-06-221-1/+2
| | | | | | | | Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for VERSION_SED command. We should keep these configs to make sure package gets refreshed when needed. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* dnsmasq: add dhcp-range tags configurationGrégoire Delattre2017-06-202-2/+9
| | | | | | | | | | | | | | | | | | | dnsmasq can match tags in its dhcp-range configuration, this commit adds the option to configure it in the dhcp section uci configuration: config dhcp 'lan' option interface 'lan' list tag 'blue' list tag '!red' option start '10' option limit '150' option leasetime '12h' generated dnsmasq configuration: dhcp-range=tag:blue,tag:!red,set:lan,192.168.1.10,192.168.1.159,255.255.255.0,12h Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
* procd: update to latest git HEADDaniel Golle2017-06-191-3/+3
| | | | | | | | | | | 453116e system: introduce new attribute board_name e5b963a preinit: define _GNU_SOURCE e5ff8ca upgraded: cmake: Find and include uloop.h f367ec6 hotplug: fix a memory leak in handle_button_complete() 796ba3b service/service_stopped(): fix a use-after-free 79bbe6d system: return legacy board name Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libunwind: update to version 1.2.1Yousong Zhou2017-06-192-48/+2
| | | | | | | | | | Changes since 1.2 a77b0cd Bump version to v1.2.1 5f354cb mips/tilegx: Add missing unwind_i.h header file 620d1c3 Add aarch64 getcontext functionality. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netifd: update to the latest versionHans Dedecker2017-06-181-3/+3
| | | | | | | | ef5f7a0 ubus: remove superfluous error check in netifd_add_dynamic 5a68693 iprule: coding style line up 90e2e2c iprule: Add option to suppress unspecific routing lookups Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: allocate uid/gid starting from 65536Yousong Zhou2017-06-182-5/+5
| | | | | | | | | | | There already exist static assignment of uid/gid 65533 in packages feed and we have nobody/nogroup taking 65534 as their ids. Let's change the pid of dynamic assignment to start from 65536 so that the two assignment scheme will not collide with each other While at it, fix the scan command checking existence of uid/gid Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* base-files: make ucidef_set_led_rssi offset and factor optionalMathias Kresin2017-06-171-2/+2
| | | | | | | | | | The offset and factor are only related for LEDs which can have different brightness values. But binary LEDs are more common and don't require any further configuation than setting the factor to 1. Use offset = 0 and factor = 1 in case nothing else is specified. Signed-off-by: Mathias Kresin <dev@kresin.me>
* mt76: update to the latest version, fixes rate control issuesFelix Fietkau2017-06-171-3/+3
| | | | | | Should improve performance considerably in many cases Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: update to the latest version, fixes a runqueue use-after-free bugFelix Fietkau2017-06-171-3/+3
| | | | | | | | | | | 7237302 md5: add "const" qualifier to the "file" argument fa9937c json_script: enable custom expr handler callback 368fd26 uloop: allow specifying a timeout for uloop_run() 6a7fb7d runqueue: fix use-after-free bug 4bc3dec uloop: fix a regression in timeout handling fd57eea uloop: allow passing 0 as timeout to uloop_run Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: refresh patchesFelix Fietkau2017-06-1744-323/+144
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ipq806x: qca99xx: fix wifi calibrationPavel Kubelun2017-06-171-6/+0
| | | | | | | | | | As of now OTP is being correctly parsed and the driver requires to parse pre-caldata to follow corresponding routine. Rename cal file into pre-calfile so the board initialized correctly with API 2 board data (board-2.bin). Also remove the now unneeded for qca9984 board.bin symlink to 5GHz calfile. Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
* ath10k: increase bmi timeout to fix OTP on qca99xx boards and add bmi ↵Pavel Kubelun2017-06-177-11/+196
| | | | | | | | | identification through pre-cal file Backporting upstream patches. Signed-off-by: Pavel Kubelun <be.dissent@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh, rename patches]
* dropbear: fix service trigger syntax errorKevin Darbyshire-Bryant2017-06-162-2/+2
| | | | | | The classic single '&' when double '&&' conditional was meant. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* Revert "dnsmasq: manage resolv.conf if when listening on 127.0.0.1#53"Hans Dedecker2017-06-142-36/+26
| | | | | | This reverts commit a53f8ba6771de64c9c82a2e6867791226f3003cb. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: manage resolv.conf if when listening on 127.0.0.1#53Paul Oranje2017-06-122-26/+36
| | | | | | | | | | With this patch the dnsmasq init script manages resolv.conf if and only if when dnsmasq will listen on 127.0.0.1#53 (is main resolver instance). Also, resolvfile is now set irrespective of the value of noresolv. Fixes (partially) FS#785 Signed-off-by: Paul Oranje <por@xs4all.nl>
* dnsmasq: make bind-dynamic 'non-wildcard' interfaces defaultKevin Darbyshire-Bryant2017-06-113-4/+6
| | | | | | | | | | | | | | | 'non-wildcard' interfaces enables dnsmasq's '--bind-dynamic' mode. This binds to interfaces rather than wildcard addresses *and* keeps track of interface comings/goings via a unique Linux api. Quoting dnsmasq's author "bind-dynamic (bind individual addresses, keep up with changes in interface config) ... On linux, there's actually no sane reason not to use --bind-dynamic, and it's only not the default for historical reasons." Let's change history, well on LEDE at least, and change the default! Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* base-files: board.json's switch reset means existence, not argumentJonas Gorski2017-06-111-1/+4
| | | | | | | Don't pass the value unconditionally to swconfig as a parameter but instead only call reset if it is 1. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* kexec-tools: bump version and add support for crashdump kernelDaniel Golle2017-06-095-24/+265
| | | | | | | | | | | | | | | | | | | | | | | split kexec-tools into two packages, kexec and kdump. * kexec to simply execute a new kernel * kdump is for loading and collecting debris of a crashed kernel with support for kdump forensics. In order to properly support booting into a crashkernel, an init script as well as UCI configuration has been added. As modifying the kernel cmdline is required for this to work in x86 platforms use an uci-defaults script to modify /boot/grub/grub.cfg. To test collecting crash information, use the 'c' sysrq-trigger, ie. echo c > /proc/sysrq-trigger This should result in the crash kernel being executed and (depending on the configution) dmesg and/or vmcore getting saved. To check if the crash kernel was loaded properly, use the 'status' command of the kdump init script. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: add dhcp-script hook conditionallyHans Dedecker2017-06-092-2/+14
| | | | | | | | | | | | Commit b32689afd6a661339861086c669e15c936293cf8 added support for dhcp-script hook. Adding dhcp-script config option results into two instances of dnsmasq being run which triggered oom issues on platforms having low memory. The dnsmasq dhcp-script config option will now only be added if at least one of the dhcp, tftp, neigh hotplug dirs has a regular hotplug file or if the dhcpscript uci config option is specified. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: network.sh: fix a number of IPv6 logic flawsJo-Philipp Wich2017-06-081-17/+48
| | | | | | | | | | | | | | | | | | | | | | * Change network_get_subnet6() to sensibly guess a suitable prefix Attempt to return the first non-linklocal, non-ula range, then attempt to return the first non-linklocal range and finally fall back to the previous behaviour of simply returning the first found item. * Fix network_get_ipaddrs_all() Instead of replicating the flawed logic appending a fixed ":1" suffix to IPv6 addresses, rely on network_get_ipaddrs() and network_get_ipaddrs6() to build a single list of all interface addresses. * Fix network_get_subnets6() Instead of replicating the flawed logic appending a fixed ":1" suffix to IPv6 addresses, rely on the ipv6-prefix-assignment.local-address field to figure out the proper network address. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mwlwifi: update to version 10.3.4.0 / 2017-06-06Jo-Philipp Wich2017-06-081-3/+3
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: network.sh: properly report local IPv6 addressesJo-Philipp Wich2017-06-082-18/+14
| | | | | | | | | | Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to fetch the effective local IPv6 address of delegated prefix from the "local-address" field instead of naively hardcoding ":1" as static suffix. Fixes FS#829. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* gdb: disable simulator ; it's broken on ppcAlexandru Ardelean2017-06-071-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Error is: ``` ompile-loc2c.o compile-c-support.o inflow.o init.o \ ../sim/ppc/libsim.a -lreadline ../opcodes/libopcodes.a ../bfd/libbfd.a -L./../zlib -lz ../libiberty/libiberty.a ../libdecnumber/libdecnumber.a -lncurses -lm ../libiberty/libiberty.a build-gnulib/import/libgnu.a -ldl -Wl,--dynamic-list=./proc-service.list ../sim/ppc/libsim.a(idecode.o): In function `update_time_from_event': idecode.c:(.text+0x170): undefined reference to `error' ../sim/ppc/libsim.a(idecode.o): In function `event_queue_tick': idecode.c:(.text+0x1cc): undefined reference to `error' idecode.c:(.text+0x28c): undefined reference to `error' idecode.c:(.text+0x318): undefined reference to `error' ../sim/ppc/libsim.a(idecode.o): In function `cpu_halt.constprop.6': idecode.c:(.text+0x398): undefined reference to `error' ../sim/ppc/libsim.a(idecode.o):idecode.c:(.text+0x4e4): more undefined references to `error' follow collect2: error: ld returned 1 exit status Makefile:1420: recipe for target 'gdb' failed make[5]: *** [gdb] Error 1 ``` Seems others are running into this as well. The problem seems to be that some code may be built as C++ and not C, which may explain the linker error. On this thread reply: https://sourceware.org/ml/gdb/2016-11/msg00045.html it mentions that the simulator should not call GDB's "error" function directly, but rather use the "host_callback" struct. I have no idea about the use of the GDB simulator within the OpenWrt/LEDE community. So, I took the easier route, which is to disable the simulator. (Also suggested here: https://sourceware.org/ml/gdb/2016-11/msg00047.html ) If needed, I can make an effort to fix the simulator for PPC. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* gdb: remove Build/Compile rule ; default one worksAlexandru Ardelean2017-06-071-7/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* package/grub2: update to 2.02Alif M. Ahmad2017-06-071-6/+3
| | | | | | Update to version 2.02 Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
* mac80211: use KERNEL_MAKEOPTSFelix Fietkau2017-06-072-6/+12
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mkFelix Fietkau2017-06-072-2/+2
| | | | | | | | This allows packages to use kernel make options without the forced -C $(LINUX_DIR). It also makes it more clear that it to be called from kernel module packages directly. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* perf: Depend on KERNEL_PERF_EVENTSFlorian Fainelli2017-06-051-1/+1
| | | | | | | | | | | | | | | | | | | | The kernel needs to have PERF_EVENTS built otherwise we will run into the following: root@(none):/# perf top perf_event_open(..., PERF_FLAG_FD_CLOEXEC) failed with unexpected error 89 (Function not implemented) perf_event_open(..., 0) failed unexpectedly with error 89 (Function not implemented) Error: The sys_perf_event_open() syscall returned with 89 (Function not implemented) for event (cycles). /bin/dmesg may provide additional information. No CONFIG_PERF_EVENTS=y kernel support configured? Make sure this functional dependency is captured. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* mdadm: Do not check RUN_DIRFlorian Fainelli2017-06-051-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Fixes build failure on hosts that do not have mdadm installed/configured: make[3]: Entering directory `/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0' ***** Parent of /run/mdadm does not exist. Maybe set different RUN_DIR= ***** e.g. make RUN_DIR=/dev/.mdadm ***** or set CHECK_RUN_DIR=0 make[3]: *** [check_rundir] Error 1 make[3]: Leaving directory `/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0' make[2]: *** [/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0/.built] Error 2 make[2]: Leaving directory `/local/users/fainelli/openwrt/trunk/package/utils/mdadm' make[1]: *** [package/utils/mdadm/compile] Error 2 make[1]: Leaving directory `/local/users/fainelli/openwrt/trunk' make: *** [package/mdadm/compile] Error 2 Fixes: 980c41f8e04f ("utils/mdadm: Update to 4.0") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* lantiq: fix lantiq_mei.c and amazonse.dsti for adsl modem firmwareTino Reichardt2017-06-031-31/+29
| | | | | | | | | | | The ltq-adsl-mei package is used for 3 lantiq device types: danube, amazon-se and ar9. These different SoC's need also different definitions. Signed-off-by: Tino Reichardt <milky-lede@mcmilk.de> [fix LTQ_USB_OC_INT for AR9 to match documentation] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: fix ifxmips_atm_amazon_se.cTino Reichardt2017-06-031-8/+0
| | | | | | Remove 6 defines, which were defined already some lines above. Signed-off-by: Tino Reichardt <milky-lede@mcmilk.de>
* kernel: properly package 8250 serial PCI moduleDaniel Golle2017-06-031-4/+7
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Lantiq: make possible to tweak DSL SRN from UCIAndrea Merello2017-06-031-1/+26
| | | | | | | | | | | | | | | | | | | | | This patch makes possible to tweak the downstream SNR margin on Lantiq DSL devices. The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR margin offset. It accepts values in range -50 to +50 in 0.1 dB units. The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB steps. Currently this should only affect ADSL (not VDSL). It should be very easy to make this work also on VDSL lines, but since I couldn't test on VDSL lines this patch does not do that yet. I have also a patch for LUCI about this, that I could submit. Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line. Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
* umdns: remove superfluous include in init scriptJo-Philipp Wich2017-06-021-2/+0
| | | | | | | | | | | | | The umdns init script includes function/network.sh globally, outside of any service procedure. This causes init script activation to fail in buildroot and IB context if umdns is set to builtin. Additionally, the network.sh helper is not actually used. Drop the entire include in order to repair init script activation in build host context. Fixes FS#658. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: bump to 2.77Kevin Darbyshire-Bryant2017-06-011-4/+4
| | | | | | Bump to the 2.77 release after quite a few test & release candidates. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* mvebu: fix sysupgradeMatthias Schiffer2017-06-011-1/+1
| | | | | | | | | | | | | | | | | mvebu was modifying RAMFS_COPY_BIN and RAMFS_COPY_DATA from a sysupgrade_pre_upgrade hook. As the ramfs is created from stage2, this did not have an effect anymore after the staged sysupgrade changes. As it doesn't really hurt to copy fw_printenv and fw_setenv unconditionally, simply add them in /lib/upgrade/platform.sh, so stage2 will see them. Config copying is moved to a function called by platform_copy_config, where it belongs. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Fixes: FS#821 Fixes: 30f61a34b4cf "base-files: always use staged sysupgrade"
* ppp: propagate master firewall zone to dynamic slave interfaceHans Dedecker2017-05-312-1/+4
| | | | | | | | | | Assign the virtual DHCPv6 interface the firewall zone of the parent interface so fw3 knows the zone to which the virtual DHCPv6 interface belongs. This guarantees the firewall settings are applied correctly for the virtual DHCPv6 interface and allows to query the zone to which the virtual DHCPv6 interface belongs via the fw3 network option. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>