summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* LEDE v17.01.0-rc2: adjust config defaultsv17.01.0-rc2Jo-Philipp Wich2017-02-075-8/+10
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* arc770: fix broken upstream changeJo-Philipp Wich2017-02-071-0/+31
| | | | | | | Add a patch to revert upstream commit 9aed02feae57bf7a40cb04ea0e3017cb7a998db4 which introduces syntax errors. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* tcpdump: update to version 4.9.0Hauke Mehrtens2017-02-064-81/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following 41 security problems: + CVE-2016-7922: buffer overflow in print-ah.c:ah_print(). + CVE-2016-7923: buffer overflow in print-arp.c:arp_print(). + CVE-2016-7924: buffer overflow in print-atm.c:oam_print(). + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print(). + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print(). + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print(). + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print(). + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header(). + CVE-2016-7930: buffer overflow in print-llc.c:llc_print(). + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print(). + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum(). + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print(). + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print(). + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print(). + CVE-2016-7936: buffer overflow in print-udp.c:udp_print(). + CVE-2016-7937: buffer overflow in print-udp.c:vat_print(). + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame(). + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions. + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions. + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions. + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions. + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print(). + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print(). + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print(). + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print(). + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions. + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print(). + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print(). + CVE-2016-8575: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print(). + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print(). + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print(). + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print(). + CVE-2017-5341: buffer overflow in print-otv.c:otv_print(). + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). + CVE-2017-5482: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse(). + CVE-2017-5484: buffer overflow in print-atm.c:sig_print(). + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap(). + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print(). The size of the package is only incread very little: new size: 306430 tcpdump_4.9.0-1_mips_24kc.ipk 130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk old size: 302782 tcpdump_4.8.1-1_mips_24kc.ipk 129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* bcm53xx: set Netgear R8000 USB LEDsRafał Miłecki2017-02-061-0/+18
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: update kernel 4.4 to version 4.4.47Stijn Tintel2017-02-064-9/+9
| | | | | | | | | | | | | | | Refresh patches for all targets that support kernel 4.4. Compile-tested on all targets that use kernel 4.4 and aren't marked broken, except arc770 and arch38 due to broken toolchain. Runtime-tested on ar71xx, octeon, ramips and x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit d2c4041f0266cc93447998ddd67c7d6b6a4c2ee3) Conflicts: include/kernel-version.mk target/linux/ramips/patches-4.4/997-ralink-Introduce-fw_passed_dtb-to-arch-mips-ralink.patch
* kernel: bump to 4.4.46Koen Vandeputte2017-02-062-3/+3
| | | | | | | | | | | | Refreshed patches for all supported targets. Compile-tested on ar71xx, cns3xxx, imx6, mt7621, oxnas and x86/64. Run-tested on ar71xx, cns3xxx, imx6 and mt7621. Tested-by: Stijn Segers <francesco.borromini@inventati.org> Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 3becadd56cddfb8abff50cdb0ef1cb3f90b0809a) Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump to 4.4.45Koen Vandeputte2017-02-063-5/+5
| | | | | | | | | | | | | Refreshed patches for all supported targets. Compiled & tested on cns3xxx & imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 4d1515070baeca64fedaca957b6b4156976f3b3a) Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Conflicts: target/linux/ar71xx/patches-4.4/920-usb-chipidea-AR933x-platform-support.patch
* Kernel: bump to 4.4.44Stijn Segers2017-02-0614-76/+41
| | | | | | | | | | | | | | Bump kernel to 4.4.44. Compile-tested on ar71xx, ramips/mt7621 and x86/64. .44 has been run-tested on the 17.01 branch here on ar71xx and mt7621. Signed-off-by: Stijn Segers <francesco.borromini@inventati.org> (cherry picked from commit 20996edd68b8a0b139bdb36b3aafa29c037d4bda) Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Conflicts: target/linux/ar71xx/patches-4.4/920-usb-chipidea-AR933x-platform-support.patch target/linux/ar71xx/patches-4.4/930-chipidea-pullup.patch
* bcm53xx: refresh Linux 4.4 configRafał Miłecki2017-02-061-0/+7
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: image: use one style of adding TARGET_DEVICES entriesRafał Miłecki2017-02-061-4/+4
| | | | | | | It just makes code consistent. This trivial change may be a 17.01 candidate to provide simpler backporting experience. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: backport upstream DTS files for Linksys devicesRafał Miłecki2017-02-063-16/+92
| | | | | | | We dont't build officialy images for them yet due to partitioning issues. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: use accepted BCM5301X patches for R8000 and Luxul devicesRafał Miłecki2017-02-063-0/+9
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport wowlan netdetect fixesRafał Miłecki2017-02-064-2/+149
| | | | | | | | | | | | | | I needed a moment to figure out relation between this patchset and the nl80211: fix validation of scheduled scan info for wowlan netdetect It appears nl80211 commit will go on top of brcmfmac changes so it's safe to backport these patches. One patch that was excluded is commit 2a2a5d1835b6 ("brcmfmac: add .update_connect_params() callback") as it depends on missing commit 088e8df82f91 ("cfg80211: Add support to update connection parameters"). Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport PSM watchdog improvementsRafał Miłecki2017-02-062-0/+96
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport minor code cleanupsRafał Miłecki2017-02-069-1/+363
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport 4.10 fixes & typo fixRafał Miłecki2017-02-063-0/+111
| | | | | | This includes memory leak fix in initialization path. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport scheduled scan cleanup and chip supportRafał Miłecki2017-02-0618-11/+2200
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport some old patches from 2016Rafał Miłecki2017-02-068-8/+332
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: rename brcmfmac patches to use higher prefixRafał Miłecki2017-02-063-0/+0
| | | | | | There are more patches to backport that should go before these. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: backport bgmac support for external PHYsRafał Miłecki2017-02-055-4/+540
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: use upstream accepted bgmac fix for BCM47186B0Rafał Miłecki2017-02-051-1/+4
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: rename bgmac patches to squeeze themRafał Miłecki2017-02-0526-0/+0
| | | | | | | This is a pure rename without any changes. It makes maintaining bgmac simpler and will hopefully make adding new kernel a bit easier. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: start hostapd with logging wpa_printf messages to syslogRafał Miłecki2017-02-051-1/+1
| | | | | | | Some debugging/error messages are printed using wpa_printf and this change allows finally reading them out of the syslog. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* hostapd: enable support for logging wpa_printf messages to syslogRafał Miłecki2017-02-052-0/+6
| | | | | | | This will allow starting hostapd with the new -s parameter and finally read all (error) messages from the syslog. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* hostapd: backport support for sending debug messages to the syslogRafał Miłecki2017-02-056-24/+169
| | | | | | | | | | | | | | | | | It wasn't possible to read hostapd wpa_printf messages unless running hostapd manually. It was because hostapd was printing them using vprintf and not directly to the syslog. We were trying to workaround this problem by redirecting STDIN_FILENO and STDOUT_FILENO but it was working only for the initialization phase. As soon as hostapd did os_daemonize our solution stopped working. Please note despite the subject this change doesn't affect debug level messages only but just everything printed by hostapd with wpa_printf including MSG_ERROR-s. This makes it even more important as reading error messages can be quite useful for debugging. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ramips: fix Airlink AR725W factory image buildMathias Kresin2017-02-041-2/+5
| | | | | | | | | | | | | The factory image can't be bigger than 3328 KByte. If the image is bigger than that, the gemtek-header tool throws an error and breaks the build. Make sure the output file to which the gemtek header should be added exists and wasn't removed during the check-size step because of it size. This will prevent hard errors in case the factory image is to big similar to what is done for sysupgrade images. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ipq806x: fix wireless macsHannu Nyman2017-02-031-1/+1
| | | | | | | | | | | | Commit 71a39b8 ("ipq806x: Fix wireless support for Netgear Nighthawk X4S D7800") added a trailing TAB char after the backslash which prevents the assignment of the correct MACs for wifi devices. Fixes: FS#451 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> [reworded commit message] Signed-off-by: Mathias Kresin <dev@kresin.me>
* bcm53xx: set WAN MAC address to don't share one with LAN interfaceRafał Miłecki2017-02-031-1/+10
| | | | | | | | | After analyzing numerous NVRAMs and vendor firmwares it seems the base MAC address is used for LAN interface. WAN interface has different one which sometimes is set directly in NVRAM and sometines needs to be calculated. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ipq806x: fixup nbg6817 internal mmc and switch configuration in DTSAndré Valentin2017-02-022-4/+1
| | | | | | | | | | | | | The setting mmc-ddr-1_8v in the platform dts leads to read errors. The device is unusable and system reboots in a loop. Because NBG6817 is the only mmc device, I removed it in base dts. The second change removes settings now present in base dts. The third change references was a wrong conversion of constants in the switch settings. Switch now initializes again. Signed-off-by: André Valentin <avalentin@marcant.net>
* ccache, samba36: fix samba.org addresses to use httpsHannu Nyman2017-02-024-7/+8
| | | | | | | | | | | | samba.org has started to enforce https and currently plain http downloads with curl/wget fail, so convert samba.org download links to use https. Modernise links at the same time. Also convert samba.org URL fields to have https. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* kernel: fix BCM54612E PHY supportRafał Miłecki2017-02-011-4/+87
| | | | | | | This backports upstream commit 62e13097c46c ("net: phy: broadcom: rehook BCM54612E specific init") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* musl: update musl to 1.1.16+ and switch to download from gitChristian Lamparter2017-02-0131-1595/+7
| | | | | | | | | | | | | | | | | | | | | This patch updates musl to 1.1.16+ [0] and removes all the backported patches. This is a major release and tagged as such. For more information visit musl-libc.org or read the WHATSNEW. Furthermore, this patch also changes musl to download directly from git. This makes it easier to update musl in the future. The patch custom Add-format-attribute-to-some-function-declarations.patch was assigned a new 400- number. This should avoid confusion since 0xx numbers are usually assigned to backports. [0] <http://git.musl-libc.org/cgit/musl/commit/?id=769f53598e781ffc89191520f3f8a93cb58db91f> Cc: Hannu Nyman <hannu.nyman@iki.fi> Cc: Koen Vandeputte <koen.vandeputte@ncentric.com> Cc: Jo-Philipp Wich <jo@mein.io> Cc: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
* ar71xx: fix netgear wndr3700 v1/v2, wndr3800/wndr3800ch switch port mappingQian Zheng2017-02-011-2/+5
| | | | Signed-off-by: Qian Zheng <sotux82@gmail.com>
* ar71xx: fix netgear wnr2000 v3 switch port mappingQian Zheng2017-02-011-2/+2
| | | | | | Signed-off-by: Qian Zheng <sotux82@gmail.com> [Jo-Philipp Wich: fix alphabetical order after merging with gl-ar300 case] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ar71xx: fix tl-wr841n-v7 switch port mappingQian Zheng2017-02-011-1/+5
| | | | | | Signed-off-by: Qian Zheng <sotux82@gmail.com> [Jo-Philipp Wich: fix alphabetical order] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mvebu: fix usb port ledsMathias Kresin2017-02-011-10/+15
| | | | | | | | | | | | | | | | | | | All mvebu boards have three USB LEDs. The first one is used for the USB1 port. There are two LEDs related to the second USB port. The top (bar) LED gets bright in case any USB device is connected to the second USB port. If the connected device is an USB 3 (SuperSpeed) device, the small dot LED bellow the "bar" LED gets also bright. While at it, use a name for the USB LEDs that matches the names printed on the case. Fixes: FS#423, FS#425 Signed-off-by: Kabuli Chana <newtownbuild@gmail.com> Signed-off-by: Mathias Kresin <dev@kresin.me>
* mvebu: set fan_ctrl.sh only on mambaHans Geiblinger2017-02-012-1/+23
| | | | | Signed-off-by: Hans Geiblinger <cybrnook2002yahoo.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
* x86: add kernel module for sp5100_tco watchdogChris Blake2017-02-011-0/+15
| | | | | | | | | | | This change adds the sp5100_tco driver as a kernel module for the x86 target. Specifically, this can be used by the PCEngines APU2/APU3. The reason for having this as a kernel module is to allow users to load/unload it on demand, as the I2C interface on the APU2/APU3 will not work while this module is loaded. More info can be found on GitHub at https://github.com/riptidewave93/LEDE-APU2/pull/5#issuecomment-255667736 Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
* x86: Add sp5100_tco AMD patchesChris Blake2017-02-014-0/+217
| | | | | | | | | | | | | | This adds the following patches to the x86 target: sp5100_tco: Add AMD Mullins platform support sp5100_tco: Add AMD Carrizo platform support sp5100_tco: fix the device check for SB800 and later chipsets watchdog: sp5100_tco: properly check for new register layouts With these added, the sp5100_tco driver can then be used on newer AMD platforms, such as the PCEngines APU2/APU3 boards. Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
* octeon: fix mtd partitions for erlite on cmdlineJiri Kastner2017-02-011-1/+1
| | | | | | | | | erlite mtdparts exposes boot0, boot1 and eeprom regions as read/write. this patch adds readonly flags, so these regions can't be modified. same as it is already for ER profile. Signed-off-by: Jiri Kastner <cz172638@gmail.com>
* ipq806x: Fix wireless support for Netgear Nighthawk X4S D7800Zhang Jingye2017-02-012-11/+15
| | | | | | | | | | D7800 has a simular hardware to R7800 and uses dual QCA9980 for both 2.4GHz and 5GHz band. However there is no proper initialization for them, which causes a kernel panic due to failed firmware loading. This patch adds d7800 to ath10k caldata extraction list. I can get two functional wireless bands after making change to it. Signed-off-by: Zhang Jingye <934526987@qq.com>
* package-ipkg: Do not fail build without base-filesFlorian Fainelli2017-02-011-0/+2
| | | | | | | | | | | | | | | | | | | | | | | If the base-files package is not selected, we will fail executing the very first postinst script: make[3]: Leaving directory `/local/users/fainelli/openwrt/trunk' cp -fpR /local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root-orion /local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root.orig-orion ./usr/lib/opkg/info/busybox.postinst: line 3: /local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root-orion/lib/functions.sh: No such file or directory ./usr/lib/opkg/info/busybox.postinst: line 4: default_postinst: command not found postinst script ./usr/lib/opkg/info/busybox.postinst has failed with exit code 127 make[2]: *** [package/install] Error 1 Check for the existence of lib/functions.sh, and if it does not exist, just bail out gracefully. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* Fix dependency for hostapdWilco Baan Hofman2017-02-011-1/+1
| | | | Signed-off-by: Wilco Baan Hofman <wilco@baanhofman.nl>
* iproute2: cake: update cake supportKevin Darbyshire-Bryant2017-02-012-11/+24
| | | | | | | Updated cake's tc patch to match the official cake repository formatting. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* kmod-sched-cake: Bump to latest versionKevin Darbyshire-Bryant2017-02-011-4/+4
| | | | | | | | | wash, mpu & some memory optimisation have now made it to the official cake repository. Point LEDE to the official repository. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* libtool: don't clobber host libtool infrastructureJo-Philipp Wich2017-02-011-7/+7
| | | | | | | | | | | | | | | | The libtool target package stages its files into the host staging directory and moves the libltdl library parts from there into the target staging directory afterwards. By doing so, the package essentially renders the host libtool infrastructure unusable, leading to the below error in subsequent package builds: libtoolize: $pkgltdldir is not a directory: `.../hostpkg/share/libtool` Prevent this problem by using a dedicated libltdl install prefix in order to avoid overwriting and moving away preexisting files belonging to tools/libtool. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* build: properly pass CPP and CXX flags in HOST_MAKE_VARSJo-Philipp Wich2017-02-011-1/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* build: introduce default HOST_MAKE_VARS for host-buildsAlexandru Ardelean2017-02-011-1/+7
| | | | | | Inspired/adapted from `package-defaults.mk` MAKE_VARS. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* tools/cmake: remove HOST_CONFIGURE_CMD and re-distribute the args & varsAlexandru Ardelean2017-02-011-5/+2
| | | | | | | | | | The final semantic is the same, but this is a bit more correct. Build tested on Windows 10 (yes, there is some Ubuntu mode for Windows 10, and I've been also building LEDE on it for a few weeks). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* odhcp6c: use LEDE_GIT in package source urlHans Dedecker2017-02-011-1/+1
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>