aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* bcm53xx: add missing system.sh includeRafał Miłecki2017-02-071-0/+1
| | | | | | | It's needed for macaddr_add. Fixes: 50efd403e67c ("bcm53xx: set WAN MAC address to don't share one with LAN interface") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: fix build error in mtdsplit driverKoen Vandeputte2017-02-071-1/+1
| | | | | | | Add missing parentheses. Fixes kernel build issue when using this driver. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* cns3xxx: use proper macro's for ID handlingKoen Vandeputte2017-02-071-3/+3
| | | | | | Compiled & tested on cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* mac80211: fix ath9k kernel crash with linux 4.9Felix Fietkau2017-02-071-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ar71xx/ipq806x/mediatek/mvebu: fix network defaultsJo-Philipp Wich2017-02-074-29/+29
| | | | | | | | | | | After "73d923e base-files: emit tagged switch configuration by default" some default network configurations are broken because the lan and wan ifnames are forcibly set to untagged netdevs. Adjust the offending set_interfaces_lan_wan() calls to use the proper tagged device names. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* arc770: fix broken upstream changeJo-Philipp Wich2017-02-071-0/+31
| | | | | | | Add a patch to revert upstream commit 9aed02feae57bf7a40cb04ea0e3017cb7a998db4 which introduces syntax errors. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* tcpdump: update to version 4.9.0Hauke Mehrtens2017-02-064-81/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following 41 security problems: + CVE-2016-7922: buffer overflow in print-ah.c:ah_print(). + CVE-2016-7923: buffer overflow in print-arp.c:arp_print(). + CVE-2016-7924: buffer overflow in print-atm.c:oam_print(). + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print(). + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print(). + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print(). + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print(). + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header(). + CVE-2016-7930: buffer overflow in print-llc.c:llc_print(). + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print(). + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum(). + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print(). + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print(). + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print(). + CVE-2016-7936: buffer overflow in print-udp.c:udp_print(). + CVE-2016-7937: buffer overflow in print-udp.c:vat_print(). + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame(). + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions. + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions. + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions. + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions. + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print(). + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print(). + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print(). + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print(). + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions. + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print(). + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print(). + CVE-2016-8575: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print(). + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print(). + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print(). + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print(). + CVE-2017-5341: buffer overflow in print-otv.c:otv_print(). + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). + CVE-2017-5482: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse(). + CVE-2017-5484: buffer overflow in print-atm.c:sig_print(). + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap(). + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print(). The size of the package is only incread very little: new size: 306430 tcpdump_4.9.0-1_mips_24kc.ipk 130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk old size: 302782 tcpdump_4.8.1-1_mips_24kc.ipk 129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* brcm2708-gpu-fw: update to latest versionÁlvaro Fernández Rojas2017-02-061-8/+8
| | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* brcm2708: update linux 4.4 patches to latest versionÁlvaro Fernández Rojas2017-02-06560-529/+2859
| | | | | | | | n As usual these patches were extracted and rebased from the raspberry pi repo: https://github.com/raspberrypi/linux/tree/rpi-4.4.y Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm53xx: set Netgear R8000 USB LEDsRafał Miłecki2017-02-061-0/+18
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: refresh Linux 4.4 configRafał Miłecki2017-02-061-0/+7
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: image: use one style of adding TARGET_DEVICES entriesRafał Miłecki2017-02-061-4/+4
| | | | | | | It just makes code consistent. This trivial change may be a 17.01 candidate to provide simpler backporting experience. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: merge b53 API patch with the one handling all switch driversRafał Miłecki2017-02-062-88/+88
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* Revert "uClibc-ng: update to 1.0.21"Jo-Philipp Wich2017-02-062-2/+2
| | | | | | | | | This reverts commit dde5c729ec92cbb11cf6367d93887e634b0ac756. The uClibc update was completely untested, does not build with Kernel 4.4 and did not adjust the configuration to predeclare new config symbols. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mac80211: update to wireless-testing 2017-01-31Felix Fietkau2017-02-06204-12870/+1419
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add missing config symbols for 4.9Felix Fietkau2017-02-061-0/+25
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: fix crashlog build error on 4.9Felix Fietkau2017-02-061-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add compile fix for linux 4.9 on x86Felix Fietkau2017-02-061-0/+13
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: port b53 to use kernel 4.5+ APIRafał Miłecki2017-02-063-17/+96
| | | | | | For backward 4.4 compatibility I added patch reverting my changes. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: move bcm47xx_sprom driver to 4.4 specific directoryRafał Miłecki2017-02-061-0/+0
| | | | | | | In kernel 4.9 it's already present so we don't want to overwite it (with older & API incompatible version). Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: add Linux 4.9 patchesRafał Miłecki2017-02-0634-0/+3107
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: backport upstream DTS files for Linksys devicesRafał Miłecki2017-02-063-16/+92
| | | | | | | We dont't build officialy images for them yet due to partitioning issues. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: update kernel 4.4 to version 4.4.47Stijn Tintel2017-02-065-10/+10
| | | | | | | | | | Refresh patches for all targets that support kernel 4.4. Compile-tested on all targets that use kernel 4.4 and aren't marked broken, except arc770 and arch38 due to broken toolchain. Runtime-tested on ar71xx, octeon, ramips and x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dnsmasq: update to dnsmasq 2.77test1Kevin Darbyshire-Bryant2017-02-056-257/+145
| | | | | | | | | | | | | | | | | | | | | | | Bump to dnsmasq 2.77test1 - this includes a number of fixes since 2.76 and allows dropping of 2 LEDE carried patches. Notable fix in rrfilter code when talking to Nominum's DNS servers especially with DNSSEC. A patch to switch dnsmasq back to 'soft fail' for SERVFAIL responses from dns servers is also included. This mean dnsmasq tries all configured servers before giving up. A 'localise queries' enhancement has also been backported (it will appear in test2/rc'n') this is especially important if using the recently imported to LEDE 'use dnsmasq standalone' feature 9525743c I have been following dnsmasq HEAD ever since 2.76 release. Compile & Run tested: ar71xx, Archer C7 v2 Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dnsmasq: fix instances in dhcp_add()Eric Luehrsen2017-02-051-2/+2
| | | | | | | | | ref commit 9525743c076393336cd2129539c974f8a01c7894 dnsmasq: make DHCPv6 viable for standalone dnsmasq install Above commit broke instancing by missing filter_dnsmasq() as part of the dhcp_add() execution. Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* ramips: add support for Sanlinking D240Kristian Evensen2017-02-057-0/+175
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Sanlinking Technologies D240 (http://www.sanlinking.com/en/29-dual-4g-wifi-router.html) is basically the same device as the ZBT WE826, so adding support for it in LEDE is straight forward. The differences is that the D240 has two mini-PCIe slots (instead of one), blue LEDs and supports PoE. Specification: * CPU: MT7620A * 1x 10/100Mbps POE (802.3af/802.3at) Ethernet, 4x 10/100Mbps. * 16 MB Flash. * 128 MB RAM. * 1x USB 2.0 port. * 2x mini-PCIe slots. * 2x SIM slots. * 1x 2.4Ghz WIFI. * 1x button. Wifi, USB, switch and both mini-PCIe slots are working. I have not been able to test the SD card reader. The device comes pre-installed with an older version of OpenWRT, including Luci. In order to install LEDE, you need to follow the existing procedure for updating OpenWRT/LEDE using Luci. I.e., you need to access the UI and update the firmware using the sysupgrade-image. Remember to select that you do not want to keep existing settings. The default router address is 192.168.10.1 and username/password admin/root (at least on my devices). If you brick the device, the procedure for recovery is the same as for the WE826. Please see the wiki page for that device for instructions. Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
* build: add missing wildcard for ignoring .pkgdir in dependency checksFelix Fietkau2017-02-051-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: honor quietdhcp option for DHCPv6Arjen de Korte2017-02-051-0/+1
| | | | | | | | | | | Do not spam the syslog with DHCPv6 lease info if quietdhcp option is selected. This already works for DHCPv4, make it work in the same way for DHCPv6. Signed-off-by: Arjen de Korte <build+lede@de-korte.org> [Originally written by Arjen de Korte on GitHub but had issues providing a SoB in correct format.] Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* kernel: add linux 4.9 supportFelix Fietkau2017-02-04169-0/+27747
| | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Tim Harvey <tharvey@gateworks.com> [fixes]
* build: centralize fakeroot codeJoseph C. Lehner2017-02-045-32/+19
| | | | | | | | | | | | | This patch moves the fakeroot code required by some devices to `image-commands.mk`. Create the fakeroot on the fly by using the undocumented -s (skip copy) parameter of mkimage. Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com> [remove unused NETGEAR_KERNEL_MAGIC, remove workarounds to have a dummy rootfs for mkimage] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: fix Airlink AR725W device titleMathias Kresin2017-02-041-1/+1
| | | | | | Gemtek is the ODM but the board was sold by Airlink101. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: fix Airlink AR725W factory image buildMathias Kresin2017-02-041-2/+5
| | | | | | | | | | | | | The factory image can't be bigger than 3328 KByte. If the image is bigger than that, the gemtek-header tool throws an error and breaks the build. Make sure the output file to which the gemtek header should be added exists and wasn't removed during the check-size step because of it size. This will prevent hard errors in case the factory image is to big similar to what is done for sysupgrade images. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ubus: update to the latest versionFelix Fietkau2017-02-041-3/+3
| | | | | | | | | Adds the following fixes: 91acde6 libubus: do not modify uloop_cancelled 763b9b2 libubus: reset ctx->sock.eof to fix reconnect issues Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: update to the latest versionFelix Fietkau2017-02-041-3/+3
| | | | | | | | | | | | | | | Adds the following changes: de3f14b uloop: add uloop_cancelling function 3b6181b utils: fix build on Mac OS X 10.12 7f671b1 blobmsg: add support for double 0fe1374 utils: add helper functions useful for allocating a ring buffer 8fc1c30 libubox: replace strtok with _r version. 4a9f74f libubox: allow reading out the pid of uloop process in lua 372e1e6 uloop: remove useless epoll data assignment f9db1cb libubox: allow reading out the remaining time of a uloop timer in Lua Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mt76: update to the latest version, fixes a MAC address handling regressionFelix Fietkau2017-02-041-3/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ipq806x: fix wireless macsHannu Nyman2017-02-031-1/+1
| | | | | | | | | | | | Commit 71a39b8 ("ipq806x: Fix wireless support for Netgear Nighthawk X4S D7800") added a trailing TAB char after the backslash which prevents the assignment of the correct MACs for wifi devices. Fixes: FS#451 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> [reworded commit message] Signed-off-by: Mathias Kresin <dev@kresin.me>
* kernel: update phy drivers for 4.9Felix Fietkau2017-02-039-134/+1194
| | | | | | add backport patches for older kernels Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: update mtdsplit for linux 4.9Felix Fietkau2017-02-0312-15/+300
| | | | | | add backport patches for older kernels Signed-off-by: Felix Fietkau <nbd@nbd.name>
* acx-mac80211: fix scan API error that could lead to a crashFelix Fietkau2017-02-031-0/+29
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* bcm53xx: set WAN MAC address to don't share one with LAN interfaceRafał Miłecki2017-02-031-1/+10
| | | | | | | | | After analyzing numerous NVRAMs and vendor firmwares it seems the base MAC address is used for LAN interface. WAN interface has different one which sometimes is set directly in NVRAM and sometines needs to be calculated. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ar71xx: image: fix DEVICE_TITLE for several devicesPiotr Dymacz2017-02-033-4/+4
| | | | | | Be consistent with form and format of the vendor names. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: fix indentation in Kconfig.openwrtPiotr Dymacz2017-02-031-38/+40
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: drop help sections from Kconfig.openwrtPiotr Dymacz2017-02-031-19/+0
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: fix up mikrotik subtarget kernel configPiotr Dymacz2017-02-031-0/+4
| | | | | | Disable all devices which do not belong to the mikrotik subtarget. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: fix up nand subtarget kernel configPiotr Dymacz2017-02-031-1/+103
| | | | | | Disable all devices which do not belong to the nand subtarget. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: select ATH79_NVRAM only by boards actually use itPiotr Dymacz2017-02-031-4/+5
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* rt5350: added pcm interface in .dtsiGiuseppe Lippolis2017-02-031-0/+13
| | | | | | | | Added the missing audio pcm interface in the .dtsi file for the rt5350 device. The update has been verified from the data get from the datasheet and is very similar to the mt7620a.dtsi Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
* openvpn: adding key_direction to append_params.Brandon Koepke2017-02-031-2/+2
| | | | | | key_direction shows up as an openvpn option in the user-interface but does not end up in the /var/etc/openvpn*.conf file. Adding it to the list here fixed the issue for me. Signed-off-by: Brandon Koepke <bdkoepke@fastmail.com>
* generic: rtl8366rb: fix compatible stringMathias Kresin2017-02-034-4/+4
| | | | | | | Use a vendor prefix as it has to be for all not core driver. Update the compatible string in the device tree files accordingly. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: fix Sercomm NA930 compatible stringMathias Kresin2017-02-031-1/+1
| | | | | | | The Sercomm NA930 is not a mt7620a evaluation board and shouldn't use the eval board compatible string. Signed-off-by: Mathias Kresin <dev@kresin.me>