aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* ugps: Add option disabledBruno Randolf2018-08-292-0/+4
| | | | | | Like many other packages, an option to disable can be practical. Signed-off-by: Bruno Randolf <br1@einfach.org>
* ethtool: Update to 4.18Robert Marko2018-08-281-2/+2
| | | | | | | | | | | Tested on 8devices Jalapeno(ipq40xx) Introduces following changes: Feature: Add support for WAKE_FILTER (WoL using filters) Feature: Add support for action value -2 (wake-up filter) Fix: document WoL filters option also in help message Feature: ixgbe dump strings for security registers Signed-off-by: Robert Marko <robimarko@gmail.com>
* strace: update strace to version 4.24Hauke Mehrtens2018-08-282-3/+3
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* linux-firmware: realtek: Add FW for rtl8192eu, rtl8723au and rtl8723buHauke Mehrtens2018-08-271-0/+23
| | | | | | | These devices are more or less supported by the kmod-rtl8xxxu driver. Fixes: FS#1789 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* nghttp2: bump to 1.32.1Hans Dedecker2018-08-271-2/+2
| | | | | | | | | 4c76aaee Update manual pages 2b51ad67 Bump up version number to 1.32.1, LT revision to 30:3:16 708379dc Tweak nghttp2_session_set_stream_user_data 73106b0d Compile with clang-6.0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ath10k-firmware: update both QCA988X CT variantsStijn Tintel2018-08-261-4/+4
| | | | | | This fixes slow performance with 802.11w enabled. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ath10k-ct: bump to git HEADStijn Tintel2018-08-261-3/+3
| | | | | | | | | | e0d2ce0 ath10k: Support setting tx_antenna in descriptor field. 29c644f Update to latest 4.13 and 4.16 ath10k-ct drivers. 20db9db ath10k: Support vdev stats for 4.9, 4.16 kernel fd92066 ath10k: Support 'ct-sta-mode' for 9984 firmware that supports it. 34954f0 ath10k: get_tsf, PMF Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* iproute2: update to 4.18.0Hans Dedecker2018-08-252-40/+3
| | | | | | | | Update to the latest version of iproute2; see https://lwn.net/Articles/762515/ for a full overview of the changes in 4.18. Remove upstream patch 001-rdma-sync-some-IP-headers-with-glibc Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ath9k: fix setting up tx99 with a monitor mode interfaceFelix Fietkau2018-08-251-0/+92
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add missing dependency to regmap to kmod-gpio-mcp23s08Hauke Mehrtens2018-08-251-1/+1
| | | | | | | This fixes a build problem recently introduced. Fixes: a904003b9b5f ("kernel: fix kmod-gpio-mcp23s08 for linux 4.14") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: add kmod-tcp-bbrKeith Wong2018-08-253-0/+40
| | | | | | | | | | | | This adds support for BBR (Bottleneck Bandwidth and RTT) TCP congestion control. Applications (e.g. webservers, VPN client/server) which initiate connections from router side can benefit from this. This provide an easier way for users to use BBR by selecting / installing kmod-tcp-bbr instead of altering kernel config and compiling firmware by themselves. Signed-off-by: Keith Wong <keithwky@gmail.com>
* libbsd: Update to 0.8.7Daniel Engberg2018-08-254-45/+272
| | | | | | | | | | Update libbsd to 0.8.7 Remove glibc dependency Clean up InstallDev and install entries Use /usr path for consistency Cherry pick patches from upstream to fix musl compilation Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* imx6: Initial support for SolidRun CuBox-i devices based on i.MX6 processors ↵Vladimir Vid2018-08-251-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (i1, i2, i2eX, and i4Pro). - Specifications - CuBox i1: - SoC: i.MX6 Solo - Cores: 1 - Memory Size: 512MB - GPU: GC880 - Wifi/Bluetooth: Optional - USB 2.0 ports: 2 - Ethernet: 10/100/1000 Mbps CuBox i2 | i2eX: - SoC: i.MX6 Dual Lite - Cores: 2 - Memory Size: 1GB - GPU: GC2000 - Wifi/Bluetooth: Optional - USB 2.0 ports: 2 - Ethernet: 10/100/1000 Mbps CuBox i4Pro | i4x4: - SoC: i.MX6 Quad - Cores: 4 - Memory Size: 2/4 GB - GPU: GC2000 - Wifi/Bluetooth: Build In - USB 2.0 ports: 2 - Ethernet: 10/100/1000 Mbps Built-in u-boot requires SPL (secondary program loader) to be present on the SD-card regardless of the image type which will be loaded. SPL is generated by the u-boot-mx6cuboxi package which is preselected by the target device and can be found in bin/u-boot-mx6cuboxi directory. Flashing the SPL: dd if=/dev/zero of=/dev/mmcblk0 bs=1M count=4 dd if=bin/targets/imx6/generic/u-boot-mx6cuboxi/SPL of=/dev/mmcblk0 bs=1K seek=1 Preparing the firmware on the SD-card: (echo o; echo n; echo p; echo 1; echo ''; echo ''; echo w) | fdisk /dev/mmcblk0 mkfs.ext4 /dev/mmcblk0p1 mount /dev/mmcblk0p1 /mnt tar -xzf bin/targets/imx6/generic/openwrt-imx6-device-cubox-i-rootfs.tar.gz -C /mnt/ mkdir -p /mnt/boot cp bin/targets/imx6/generic/{*-uImage,*.dtb,*.scr} /mnt/boot/ Generated u-boot.img needs to be placed on the first partition: cp bin/targets/imx6/generic/u-boot-mx6cuboxi/u-boot.img /mnt/ To boot from the SD card: Boot script which sets mmc/dtb parameters and boots the board is automatically sourced. If this does not work for any reason: mmc dev 0; load mmc 0:1 $scriptaddr boot/boot.scr; source $scriptaddr Currently imx6dl-cubox-i.dtb (Dual Lite) and imx6q-cubox-i.dtb (Quad) device trees are available. Tested on i4Pro, MMC, USB (+ HiD), HDMI and ethernet ports are working. Wireless and bluetooth are broken ATM. According to SolidRun forums, BCM4329/BCM4330 firmware is used which works fine on older kernels. Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
* mac80211: mwl8k: Expand non-DFS 5G channelsAntonio Silverio2018-08-251-0/+37
| | | | | | | Add non-DFS 5G upper channels (149-165) besides existed 4 lower channels (36, 40, 44, 48). Signed-off-by: Antonio Silverio <menion@gmail.com>
* kernel: fix kmod-gpio-mcp23s08 for linux 4.14Martin Schiller2018-08-251-3/+7
| | | | Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* uboot-zynq: add support for the zybo z7 boardLuis Araneda2018-08-254-6/+612
| | | | | | | | Backport board support from the upcoming v2018.09 release, and add an additional patch to read the MAC address from flash memory Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* libevent2: Switch to using release tarballRosen Penev2018-08-252-45/+8
| | | | | | | | | | | | | Starting with version 2.1.8, a release tarball is available. Simplifies the Makefile slightly. Updated the project URL. HTTPS is broken. Issue has been reported upstream Adjusted patches. CMake support is not present in the tarball. It's made for Windows anyway. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mt76: update to the latest versionFelix Fietkau2018-08-241-3/+3
| | | | | | | | 7daf962 mt7603: add survey support 980c606 mt7603: add fix for CCA signal configuration 30b8371 mt7603: fix BAR rate Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: backport upstream fix for CVE-2018-15599Hans Dedecker2018-08-243-3/+224
| | | | | | | | | | CVE description : The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wolfssl: disable broken shipped Job server macroJo-Philipp Wich2018-08-231-0/+21
| | | | | | | | | | | | | | | | The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on plain POSIX shells due to the use of `let`. Shells lacking `let` will fail to run the generated m4sh code and end up invoking "make" with "-jyes" as argument, fialing the build. Since there is no reason in the first place for some random package to muck with the make job server settings and since we do not want it to randomly override "-j" either, simply remove references to this defunct macro to let the build succeed on platforms which not happen to use bash as default shell. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* grub2: rebase patchesJo-Philipp Wich2018-08-231-8/+4
| | | | | | | | | Patch 300-CVE-2015-8370.patch was added without proper rebasing on the version used by OpenWrt, make it apply and refresh the patch to fix compilation. Fixes: 7e73e9128f ("grub2: Fix CVE-2015-8370") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: support multiple Lua prefixesJo-Philipp Wich2018-08-233-21/+32
| | | | | | | | | | | | | | | | | | | Update to latest git HEAD in order to support configuring multiple concurrent Lua prefixes in a single uhttpd instance: b741dec lua: support multiple Lua prefixes Additionally rework the init script and update the default configuration example to treat the lua_prefix option as key=value uci list, similar to the interpreter extension mapping. Support for the old "option lua_prefix" plus "option lua_handler" notation is still present. Finally drop the sed postinstall hack in uhttpd-mod-lua to avoid mangling files belonging to other packages. Since Lua prefixes have precedence over CGI prefixes, simply register `/cgi-bin/luci` as Lua handler which will only become active if both luci-base and uhttpd-mod-lua is installed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* grub2: Fix CVE-2015-8370Rosen Penev2018-08-232-1/+45
| | | | | | | | | | | This CVE is a culmination of multiple integer overflow issues that cause multiple issues like Denial of Service and authentication bypass. More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370 Taken from Fedora. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* bzip2: Fix CVE-2016-3189Rosen Penev2018-08-232-1/+12
| | | | | | | | | | Issue causes a crash with specially crafted bzip2 files. More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 Taken from Fedora. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: Enable umdnsd supportRosen Penev2018-08-222-1/+2
| | | | | | | | | | Allows discovery without having to use NetBIOS. Useful for mobile devices. Could eventually throw nbmd away. But that requires Windows 10... Tested on Fedora 28 with avahi-discover. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* yamonenv: Remove dead URLsRosen Penev2018-08-221-2/+1
| | | | | | uscan errors on the URL as it is no longer available. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* fconfig: Remove dead URLsRosen Penev2018-08-221-2/+1
| | | | | | uscan errors on the URL as it is no longer available. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* apex: Remove dead URL.Rosen Penev2018-08-221-2/+1
| | | | | | | | uscan errors on the URL as it is no longer available. Also switched the download URL to HTTPS. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* iptables: make iptables-mod-conntrack-extra depend on kmod-ipt-rawJo-Philipp Wich2018-08-221-2/+2
| | | | | | | Since kernel 4.14 there is no auto assignment of conntrack helpers anymore so fw3 needs raw table support in order to stage ct helper assignment rules. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: remove creation of /etc/ethersHans Dedecker2018-08-212-4/+1
| | | | | | | | Remove creation of file /etc/ethers in dnsmasq init script as the file is now created by default in the base-files package by commit fa3301a28e Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: create /etc/ethers by defaultLuiz Angelo Daros de Luca2018-08-212-0/+7
| | | | | | | | | | | /etc/ethers is missing on /rom but always created when dnsmasq runs. It is better to have it in place and avoid an extra change in flash after firstboot. It will generate an extra /etc/ethers-opkg when it has changed. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uhttpd: update to latest Git headJo-Philipp Wich2018-08-211-3/+3
| | | | | | | 952bf9d build: use _DEFAULT_SOURCE 30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mwlwifi: Update to 10.3.8.0-20180810Daniel Engberg2018-08-211-3/+3
| | | | | Update mwlwifi to 10.3.8.0-20180810 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* netifd: update to latest git HEADHans Dedecker2018-08-201-3/+3
| | | | | | | | | 7454d12 interface: let interface_set_down() return void 32f11a8 interface: make __interface_set_down() static b9d5a8c interface: extend interface error messages in interface_set_up() de394b3 interface: ensure NO_DEVICE error is always reported Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: process all CSA parametersYury Shvedov2018-08-201-6/+31
| | | | | | | This adds processing of all CSA arguments from ubus switch_chan request in the same manner as in the control interface API. Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
* util-linux: Update to 2.32.1Daniel Engberg2018-08-161-3/+3
| | | | | | | | Update util-linux to 2.32.1 For release notes see https://lwn.net/Articles/759922/ Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* treewide: consolidate upgrade state setMathias Kresin2018-08-162-0/+6
| | | | | | | | | | Set the (sys)upgrade state when sourcing the stage2 script instead of setting the state for each target individual. This change fixes the, due to a missing state set, not working upgrade led on ath79 and apm821xx. Signed-off-by: Mathias Kresin <dev@kresin.me>
* rpcd: update to latest git HEADJo-Philipp Wich2018-08-161-3/+3
| | | | | | | | | | 41333ab uci: tighten uci reorder operation error handling f91751b uci: tighten uci delete operation error handling c2c612b uci: tighten uci set operation error handling 948bb51 uci: tighten uci add operation error handling 51980c6 uci: reject invalid section and option names Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openssl: update to version 1.0.2pHauke Mehrtens2018-08-153-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libubox: set RPATH for host buildJo-Philipp Wich2018-08-141-0/+3
| | | | | | | This is required for programs that indirectly link libjson-c through the libubox blobmsg_json library. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to latest git HEADHans Dedecker2018-08-141-3/+3
| | | | | | 522456b device: gracefully handle device names exceeding IFNAMESIZ Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: bump to git HEADStijn Tintel2018-08-131-3/+3
| | | | | | | | 12a7cf9 Add support for DSCP matches and target 06fa692 defaults: use a generic check_kmod() function 1c4d5bc defaults: fix check_kmod() function Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* packages: nvram: make it possible to include it for ath79 targetsChristian Lamparter2018-08-131-1/+1
| | | | | | | | | The WD My Net Range Extender stores the MAC addresses inside the nvram partition. This utility can extract it, but it's currently not avilable on the ath79 target. Hence, this patch adds the necessary target declaration, so it can be built. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* uboot-zynq: update to 2018.07Luis Araneda2018-08-133-3/+46
| | | | Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* wireguard: bump to 0.0.20180809Jason A. Donenfeld2018-08-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * send: switch handshake stamp to an atomic Rather than abusing the handshake lock, we're much better off just using a boring atomic64 for this. It's simpler and performs better. Also, while we're at it, we set the handshake stamp both before and after the calculations, in case the calculations block for a really long time waiting for the RNG to initialize. * compat: better atomic acquire/release backport This should fix compilation and correctness on several platforms. * crypto: move simd context to specific type This was a suggestion from Andy Lutomirski on LKML. * chacha20poly1305: selftest: use arrays for test vectors We no longer have lines so long that they're rejected by SMTP servers. * qemu: add easy git harness This makes it a bit easier to use our qemu harness for testing our mainline integration tree. * curve25519-x86_64: avoid use of r12 This causes problems with RAP and KERNEXEC for PaX, as r12 is a reserved register. * chacha20: use memmove in case buffers overlap A small correctness fix that we never actually hit in WireGuard but is important especially for moving this into a general purpose library. * curve25519-hacl64: simplify u64_eq_mask * curve25519-hacl64: correct u64_gte_mask Two bitmath fixes from Samuel, which come complete with a z3 script proving their correctness. * timers: include header in right file This fixes compilation in some environments. * netlink: don't start over iteration on multipart non-first allowedips Matt Layher found a bug where a netlink dump of peers would never terminate in some circumstances, causing wg(8) to keep trying forever. We now have a fix as well as a unit test to mitigate this, and we'll be looking to create a fuzzer out of Matt's nice library. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* base-files: add function to get mac as text from flashMathias Kresin2018-08-111-0/+23
| | | | | | | | | Add a function to get a mac stored as text from flash. The octets of the mac address need to be separated by any separator supported by macaddr_canonicalize(). Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com> Signed-off-by: Mathias Kresin <dev@kresin.me>
* base-files: use consistent coding styleMathias Kresin2018-08-111-8/+4
| | | | | | | | Add the opening bracket right after the function name, to do it the same way for all functions in this file. Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com> Signed-off-by: Mathias Kresin <dev@kresin.me>
* uci: bump to source date 2018-08-11Yousong Zhou2018-08-111-3/+3
| | | | | | Fixes segfault when parsing malformed delta lines Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* wpa_supplicant: fix CVE-2018-14526John Crispin2018-08-101-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unauthenticated EAPOL-Key decryption in wpa_supplicant Published: August 8, 2018 Identifiers: - CVE-2018-14526 Latest version available from: https://w1.fi/security/2018-1/ Vulnerability A vulnerability was found in how wpa_supplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpa_supplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being authenticated. This has a potential issue in the case where WPA2/RSN style of EAPOL-Key construction is used with TKIP negotiated as the pairwise cipher. It should be noted that WPA2 is not supposed to be used with TKIP as the pairwise cipher. Instead, CCMP is expected to be used and with that pairwise cipher, this vulnerability is not applicable in practice. When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data field is encrypted using RC4. This vulnerability allows unauthenticated EAPOL-Key frames to be processed and due to the RC4 design, this makes it possible for an attacker to modify the plaintext version of the Key Data field with bitwise XOR operations without knowing the contents. This can be used to cause a denial of service attack by modifying GTK/IGTK on the station (without the attacker learning any of the keys) which would prevent the station from accepting received group-addressed frames. Furthermore, this might be abused by making wpa_supplicant act as a decryption oracle to try to recover some of the Key Data payload (GTK/IGTK) to get knowledge of the group encryption keys. Full recovery of the group encryption keys requires multiple attempts (128 connection attempts per octet) and each attempt results in disconnection due to a failure to complete the 4-way handshake. These failures can result in the AP/network getting disabled temporarily or even permanently (requiring user action to re-enable) which may make it impractical to perform the attack to recover the keys before the AP has already changes the group keys. By default, wpa_supplicant is enforcing at minimum a ten second wait time between each failed connection attempt, i.e., over 20 minutes waiting to recover each octet while hostapd AP implementation uses 10 minute default for GTK rekeying when using TKIP. With such timing behavior, practical attack would need large number of impacted stations to be trying to connect to the same AP to be able to recover sufficient information from the GTK to be able to determine the key before it gets changed. Vulnerable versions/configurations All wpa_supplicant versions. Acknowledgments Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU Leuven for discovering and reporting this issue. Possible mitigation steps - Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This can be done also on the AP side. - Merge the following commits to wpa_supplicant and rebuild: WPA: Ignore unauthenticated encrypted EAPOL-Key data This patch is available from https://w1.fi/security/2018-1/ - Update to wpa_supplicant v2.7 or newer, once available Signed-off-by: John Crispin <john@phrozen.org>
* base-files: make wifi report unknown commandThibaut VARÈNE2018-08-101-2/+3
| | | | | | | | | | | Avoid having /sbin/wifi silently ignore unknown keywords and execute "up"; instead display the help message and exit with an error. Spell out the "up" keyword (which has users), add it to usage output, and preserve the implicit assumption that runing /sbin/wifi without argument performs "up". Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>