aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* busybox: enable find -newer needed for shorewall firewall, no size increase ↵Lucian Cristian2017-12-142-2/+2
| | | | | | on binary Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* base-files: fix sysupgrade -b/-l when -c is usedLuiz Angelo Daros de Luca2017-12-141-10/+11
| | | | | | | | | | | | | Since /overlay/upper appeared, -b ignored -c silently (cause it was still checking for /overlay/etc). Now, if /overlay/upper is absent, sysupgrade -c will fail and exit verbosely. Fix -l to consider -c (it never did). Clean up to always use /overlay/upper/xxx instead of still checking for /overlay/xxx. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* e2fsprogs: Update to 1.43.7Rosen Penev2017-12-141-2/+2
| | | | | | Compiled and tested on ramips with no noticeable problems. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* base-files: unify get_dt_led helper functionChristian Lamparter2017-12-141-0/+12
| | | | | | | | | | | | | | Lantiq and IPQ806X (which includes IPQ40XX) both define the same custom function {ipq806x|lantiq}_get_dt_led. This patch moves the function into the base-file package at lib/functions/leds.sh to make it more accessible for other targets as well. Cc: Mathias Kresin <dev@kresin.me> Cc: John Crispin <john@phrozen.org> Cc: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* base-files: make including distfeeds.conf optionalJonas Gorski2017-12-131-3/+5
| | | | | | | | | | | To not clutter the system when building an opkg free image, generate the distfeeds.conf only if CLEAN_IPKG is unset. Since opkg is now a shared package, we can't rely on PACKAGE_opkg, but since opkg is not reasonably usable without the status information, we can tie the distfeeds.conf to it. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* base-files: create /etc/opkg before generating distfeeds.confJonas Gorski2017-12-131-0/+1
| | | | | | | | Ensure /etc/opkg exists before trying to write there. This fixes a build failure if SIGNED_PACKAGES is disabled. Reported-by: Matthias Schiffer <mschiffer@universe-factory.net> Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* package: move distfeeds.conf from opkg to base-filesJonas Gorski2017-12-132-14/+12
| | | | | | | | | | | All the relevant options used for distfeeds.conf are part of base-files, so it makes more sense to move the file there as well. This has the added benefit that the we can share the opkg package again, reducing the amount of target specific packages. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* wireguard: bump to 20171211Kevin Darbyshire-Bryant2017-12-122-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump to latest WireGuard snapshot release: 44f8e4d version: bump snapshot bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x 679e53a chacha20: avx512vl implementation 10b1232 poly1305: fix avx512f alignment bug 5fce163 chacha20poly1305: cleaner generic code 63a0031 blake2s-x86_64: fix spacing d2e13a8 global: add SPDX tags to all files d94f3dc chacha20-arm: fix with clang -fno-integrated-as. 3004f6b poly1305: update x86-64 kernel to AVX512F only d452d86 tools: no need to put this on the stack 0ff098f tools: remove undocumented unused syntax b1aa43c contrib: keygen-html for generating keys in the browser e35e45a kernel-tree: jury rig is the more common spelling 210845c netlink: rename symbol to avoid clashes fcf568e device: clear last handshake timer on ifdown d698467 compat: fix 3.10 backport 5342867 device: do not clear keys during sleep on Android 88624d4 curve25519: explictly depend on AS_AVX c45ed55 compat: support RAP in assembly 7f29cf9 curve25519: modularize dispatch Refresh patches. Compile-test-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dropbear: disable MD5 HMAC and switch to sha1 fingerprintsMartin Schiller2017-12-122-3/+5
| | | | | | | | | | | | As MD5 is known weak for many years and more and more penetration test tools complain about enabled MD5 HMAC I think it's time to drop it. By disabling the MD5 HMAC support dropbear will also automatically use SHA1 for fingerprints. This shouldn't be a problem too. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* wolfssl: update to 3.12.2 (1 CVE)Jo-Philipp Wich2017-12-123-5/+147
| | | | | | | | | | Update wolfssl to the latest release v3.12.2 and backport an upstream pending fix for CVE-2017-13099 ("ROBOT vulnerability"). Ref: https://github.com/wolfSSL/wolfssl/pull/1229 Ref: https://robotattack.org/ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mwlwifi: update to version 10.3.4.0 / 2017-11-29Kabuli Chana2017-12-121-3/+3
| | | | | | Improves stability on WRT3200ACM Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
* dnsmasq: add DHCP build switch support in full variantHans Dedecker2017-12-101-5/+10
| | | | | | | | Add config option which allows to enable/disable DHCP support at compile time. Make DHCPv6 support dependant on DHCP support as DHCPv6 support implies having DHCP support. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: fix glibc libresolv dependency for LEDE nslook appletJo-Philipp Wich2017-12-101-1/+1
| | | | | | | Fixes d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config. Fixes FS#1212. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: remove remaining uses of %N, and drop VERSION_NICK config symbolMatthias Schiffer2017-12-092-10/+3
| | | | | | Fixes d23e1e1e1a "merge: properly remove %n / %N references" Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* merge: properly remove %n / %N referencesJo-Philipp Wich2017-12-092-4/+1
| | | | | | | | | | - use %d instead of %n for opkg feed identifiers - remove %n / %N references from version files Fixes bf5cef47b3 merge: release/banner: drop release name and update banner. Fixes FS#1213. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: always send DHCPv4 hostnameMathias Kresin2017-12-081-0/+1
| | | | | | | | | | | udhcpc doesn't send a hostname by default. Use the system hostname if nothing else is specified, to always send a hostname. It syncs the behaviour to odhcpc, which always sends a hostname. Signed-off-by: Mathias Kresin <dev@kresin.me> Acked-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: nand: remove nand_board_name platform overrideMathias Kresin2017-12-081-9/+0
| | | | | | It isn't uses anymore by any target. Signed-off-by: Mathias Kresin <dev@kresin.me>
* procd: nand: dont rely on boardname in nand_upgrade_tarMathias Kresin2017-12-081-7/+9
| | | | | | | | | | | | | | | | Kernel and rootfs in a subdirectory matching the userspace boardname, was intended to use a single sysupgrade-tar archive for multiple boards with different kernel/rootfs images. This feature was never used. Use the first found directory in the tar archive instead of relying on a directory named according to the userspace boardname. It allows to change the boardname without adding another compatibility layer - using the nand_board_name() function - for (sub)targets using the metadata based image validation in favour to nand_do_platform_check(). Signed-off-by: Mathias Kresin <dev@kresin.me>
* base-files: upgrade: make get_partitions() endian agnosticChristian Lamparter2017-12-081-5/+13
| | | | | | | | | | | | | | | | | | | | | | | | This patch fixes two issues with the current get_partitions() function. First: "Invalid partition table on $disk" will pop up on legitimate images on big endian system. This is because the little-endian representation of "55 AA" is assumed in the context of little-endian architectures. On these comparing it to the 16-bit word 0xAA55 does work as intented. Whereas on big-endian systems, this would have to be 0x55AA. This patch fixes the issue by replacing the integer conversion and value match check with just a string comparision. Second: The extraction of the type, start LBA and LBA num from the partition table has the same endianness issue. This has been fixed by using the new hex_le32_to_cpu() function. This function will translate the stored little-endian data to the correct byte-order if necessary. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.2.1-00058Christian Lamparter2017-12-081-4/+4
| | | | | | | | This patch updates ath10k-firmware to use the firmware-5.bin_10.4-3.2.1-00058 firmware for the QCA4019. Cc: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* merge: uhttpd: update cert generation to match system defaultsZoltan HERPAI2017-12-081-1/+1
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patchZoltan HERPAI2017-12-083-16/+16
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: packages: update branding in core packagesZoltan HERPAI2017-12-087-10/+10
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: ssid: update default ssidZoltan HERPAI2017-12-083-4/+4
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: targets: update image generation and targetsZoltan HERPAI2017-12-081-1/+1
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: release/banner: drop release name and update bannerZoltan HERPAI2017-12-081-10/+8
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: base: update base-files and basic configZoltan HERPAI2017-12-085-12/+12
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* mt76: update to the latest version, fixes setting per-vif mac addressFelix Fietkau2017-12-081-3/+3
| | | | | | | | | | | | | | d02a05b mt7603: update firmware to version 20160107100755 4d4cd05 Partially revert "mt7603: use mcu command to set timing registers, fix OFDM timeout values" 170f334 mt76x2: remove MAC address limitation for multi-vif setups 3563b8f mt76x2: clean up MAC/BSSID address initialization 9de77e1 mt76x2: drop wiphy->addresses a6a6e25 mt76x2: init: disable APCLI by default c64633e mt76x2: configure rx filter based on monitor mode setting ac815fa mt76x2: init: fix rx filter default value during init e504656 mt7603: configure other-unicast drop based on monitor mode setting Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openssl: update to 1.0.2nPeter Wagner2017-12-081-3/+3
| | | | | | | | add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s) Fixes CVEs: CVE-2017-3737, CVE-2017-3738 Signed-off-by: Peter Wagner <tripolar@gmx.at>
* odhcpd: fix faulty PKG_SOURCE_DATE in 711a816Hans Dedecker2017-12-071-1/+1
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* opkg: bump to version 2017-12-07Rafał Miłecki2017-12-071-3/+3
| | | | | | | | | | | | | Changes: 3b417b9 opkg_download: decode file:/ URLs 71c27cb file_util: implement urldecode_path() d1fe095 file_util: consolidate hex/unhex routines ebdfc12 add opkg option http_timeout 9f003e3 opkg: encode archive filenames while constructing download URLs 73e6c81 file_util: implement urlencode_path() helper 468158f libopkg: fix SHA256 calculation for big endian system Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* rpcd: update to version from 2017-12-07Daniel Golle2017-12-071-3/+3
| | | | | | | cfe1e75c91bc1 sys: packagelist: allow listing all packages 74a784f037867 sys: fix passwd path Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: write atomic host fileHans Dedecker2017-12-072-4/+6
| | | | | | | | | | | Different invocations of the dnsmasq init script (e.g. at startup by procd) will rewrite the dhcp host file which might result into dnsmasq reading an empty dhcp host file as it is being rewritten by the dnsmasq init script. Let the dnsmasq init script first write to a temp dhcp host file so it does not overwrite the contents of the existing dhcp host file. Reported-by: Hartmut Birr <e9hack@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* strace: Update to 4.20Rosen Penev2017-12-071-3/+2
| | | | | | | Compiled and tested on mvebu. Mainly a kernel 4.14 change. Also reordered the Makefile a little bit. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* hostapd: backport fix for wnm_sleep_mode=0Timo Sigurdsson2017-12-072-1/+36
| | | | | | | | | | | | | wpa_disable_eapol_key_retries can't prevent attacks against the Wireless Network Management (WNM) Sleep Mode handshake. Currently, hostapd processes WNM Sleep Mode requests from clients regardless of the setting wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in order to ignore such requests by clients when wnm_sleep_mode is disabled (which is the default). Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de> [rewrite commit subject (<= 50 characters), bump PKG_RELEASE] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: Expose the tdls_prohibit option to UCITimo Sigurdsson2017-12-071-1/+6
| | | | | | | | | | | | | | | | wpa_disable_eapol_key_retries can't prevent attacks against the Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested that the existing hostapd option tdls_prohibit can be used to further complicate this possibility at the AP side. tdls_prohibit=1 makes hostapd advertise that use of TDLS is not allowed in the BSS. Note: If an attacker manages to lure both TDLS peers into a fake AP, hiding the tdls_prohibit advertisement from them, it might be possible to bypass this protection. Make this option configurable via UCI, but disabled by default. Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
* iproute2: align ip help text for tiny variantHans Dedecker2017-12-061-1/+18
| | | | | | | | Tiny variant supports a subset of the ip commands; align the ip help text so it actually reflects which commands are supported in the tiny variant. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: update to v4.14.1Russell Senior2017-12-0610-66/+64
| | | | | | | Preserves optionality of libmnl by letting configuration script follow the HAVE_MNL environment variable. Signed-off-by: Russell Senior <russell@personaltelco.net>
* odhcpd: update to latest git HEADHans Dedecker2017-12-061-4/+4
| | | | | | c516801 dhcpv4: notify DHCP ACK and RELEASE via ubus Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: backport infinite dns retries fixHans Dedecker2017-12-063-3/+48
| | | | | | | | | | If all configured dns servers return refused in response to a query in strict mode; dnsmasq will end up in an infinite loop retransmitting the dns query resulting into high CPU load. Problem is fixed by checking for the end of a dns server list iteration in strict mode. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* samba36: backport an upstream fix for an information leak (CVE-2017-15275)Felix Fietkau2017-12-042-1/+41
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mt76: update to the latest version, adds stability fixesFelix Fietkau2017-12-031-3/+3
| | | | | | | | | | | | | | | | | | | | | 11f42a8 mt76x2: add channel argument to eeprom tx power functions 3bd7e76 mt76x2: initialize channel power limits 19fff41 mt76x2: convert between per-chain tx power and combined output 737cf2b mt7603: rename mt7603_mac_reset to mt7603_pse_reset 8026638 mt7603: rename MT_PSE_RESET register c4dd32a mt7603: remove watchdog reset on interface stop d99092b mt7603: remove WARN_ON_ONCE for workaround checks c8807b4 mt7603: simplify PSE reset d8a5990 mt7603: warn if PSE reset fails c079960 mt7603: clean up dma debug reads 96817d6 mt7603: make mt7603_mac_watchdog_reset() static e953c78 mt7603: clear wtbl PS bit for powersave responses 57a2e33 mt7603: set tx-skip flag for powersave clients c8e5ab1 mt7603: initialize wtbl ps flag on station add b4034cf mt76x2: remove some harmless WARN_ONs in tx status and rx path 8e17d36 mt7603: remove some harmless WARN_ONs in rx path Signed-off-by: Felix Fietkau <nbd@nbd.name>
* layerscape: rename firmware packages to avoid name collisionsTed Hess2017-12-025-16/+16
| | | | | | | | | | layerscape firmware package names collide with existing package contributions. Ex: layerscape mc and midnight-commander(mc) are in conflict. Firmware packages: mc, ppa, rcw and dpl are renamed to ls-mc, ls-ppa, ls-rcw and ls-dpl respectively. Signed-off-by: Ted Hess <thess@kitschensync.net>
* packages: dnsmasq: remove unused stamp fileRoman Yeryomin2017-12-022-5/+1
| | | | | Signed-off-by: Roman Yeryomin <roman@advem.lv> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* curl: bump to 7.57.0 (3 CVEs)Hans Dedecker2017-11-302-4/+4
| | | | | | | | | | CVE-2017-8816: NTLM buffer overflow via integer overflow CVE-2017-8817: FTP wildcard out of bounds read CVE-2017-8818: SSL out of buffer access For other bugfixes and changes in 7.57.0 see https://curl.haxx.se/changes.html Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ltq-ifxos: fix compilation against glibcYousong Zhou2017-11-302-3/+60
| | | | | | Fixes FS#1196 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* dnsmasq: add interface to ubus notificationBorja Salazar2017-11-291-5/+7
| | | | Signed-off-by: Borja Salazar <borja.salazar@fon.com>
* mt76: update to the latest version, fixes encrypted mesh support and HT20 issuesFelix Fietkau2017-11-291-3/+3
| | | | | | | | | fc28872 mac80211: add missing include a4c82ca mt7603: add missing include required on newer kernels 792859b mt76x2: fix transmission of encrypted management frames a51358e mt76x2: increase OFDM SIFS time Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: tweak TSQ settingsFelix Fietkau2017-11-292-1/+16
| | | | | | | | | | Latencies can be much higher on wifi devices, especially with aggregation. Tune the network stack setting introduced in the previous commit to account for that. This commit reintroduces the previously reverted one with a fix for the crash issues Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: fix dhcp-host entries with empty macsJo-Philipp Wich2017-11-281-3/+1
| | | | | | | | | | | | | | Due to improper localization of helper variables, "config host" entries without a given mac address may inherit the mac address of a preceeding, leading to invalid generated netive configuration. Fix the issue by marking the "macs" and "tags" helper variables in dhcp_host_add() local, avoiding the need for explicitely resetting them with each invocation. Reported-by: Russell Senior <russell@personaltelco.net> Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Jo-Philipp Wich <jo@mein.io>