aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* uboot-fritz4040: update to 2019-09-07David Bauer2019-09-251-3/+3
| | | | | | | | | | | | | | 572ff7f fritzcreator: actually add checksum spacer 6edce1a fritzcreator: replace obscure padding generation with something more portable 2ff189f add ASUS RT-AC58U "easy install" factory u-boot shim b91f9c2 readd spi-nand support 486ae53 improve cmd_sysupgrade b0933f1 replace sstrip with strip 882e48a do not include generated files into git 0c5aa5f fix bugs in ipq40xx_cdp.c Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit af63436d2d0dc3c07d1cb11b018e486994942c6c)
* ath10k-ct: update to version 2019-09-09Koen Vandeputte2019-09-248-17/+17
| | | | | | | | | | 5e8cd86f90da ath10k-ct: Backport ap-vlan code from 5.2 to 4.20 and 4.19 drivers. 0c518586bd7f ath10k-ct: Fix a few warning splats. Adds AP VLAN. Refreshed all patches. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ath10k-firmware: update Candela Tech firmware imagesRobert Marko2019-09-241-20/+20
| | | | | | | | This enables a feature flag in the wave-2 firmware wmi-services indicating it can send software-encrypted raw frames. This should in turn allow the AP-VLAN feature to work. Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 7c930990af911f6634b422d7253f09df2bb164bf)
* openssl: bump to 1.1.1dEneas U de Queiroz2019-09-2312-2524/+223
| | | | | | | | | | | | | | This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d868d0a5d7e1d76bb1a8980346d222fae55fa18b)
* hostapd: Fix AP mode PMF disconnection protection bypassHauke Mehrtens2019-09-214-6/+72
| | | | | | | | | This fixes * CVE-2019-16275 AP mode PMF disconnection protection bypass https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit a6981604b30bc1ddc1713b368fe853d89c2ba40d)
* uClibc++: Remove faulty patchRosen Penev2019-09-212-14/+1
| | | | | | | | | | | | | | | | This patch was originally added to fix compilation with v4l2rtspserver. Turns out it was v4l2rtspserver that was broken, not uClibc++. This now causes issues with a different package where the arguments are being split. Note that with this patch, shellcheck throws an error: SC2068: Double quote array expansions to avoid re-splitting elements. More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 977a8fc5fc2e1be6d159b2d9e1c617826b5d9701)
* mbedtls: update to 2.16.3Magnus Kroken2019-09-213-52/+25
| | | | | | | | Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch, the issue has been fixed upstream. Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 49d96ffc5c47e40b7f3d99a91a42ea8a54a38bd9)
* ltq-vdsl-fw: update firmware filename and download URLDaniel Golle2019-09-213-5/+5
| | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 4fc0a61ed3da96330d30703a2a039a6a06dc0b2f)
* kernel: add module for Emulex OneConnect 10GbitAlberto Bursi2019-09-211-0/+22
| | | | | | | | | | add module to support Emulex OneConnect common in 10Gbit SFP+ cards by Dell/HP/IBM supports OneConnect OCe10xxx OCe11xxx OCe14xxx, LightPulse LPe12xxx Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it> (cherry picked from commit 827f47749b75dcc6b650297b9303c27127b15201)
* procd: fix invalid JSON filter expression in procd_running()Jo-Philipp Wich2019-09-192-2/+2
| | | | | | | | | | Since service and instance names may contain characters which are not allowed in JSON path labels, such as dashes or spaces, change the filter expression to array square bracket notation to properly match these cases as well. Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit c933b6d22478c1113629ef549beea6337f978d62)
* firewall: update to latest Git HEADJo-Philipp Wich2019-09-181-3/+3
| | | | | | | | | | | | | | | | | | | | 383eb58 ubus: do not overwrite ipset name attribute c26f890 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type 487bd0d utils: Fix string format message 4d0c703 firewall3: Fix some format string problems 8c404ef iptables.c: lock the xtables.lock c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Petr Štetiar <ynezz@true.cz> [cherry picked and squashed from commits 7db655991443a98f84e4c39e733232d41d2d6137, 359bff605244c2cf2bff75bce0f0b16b496a6a77, 2cf209ce9166575d8259b5b4176ee91d8b48d2ff, 5ef9e4f107a94c502908403fdf56cf6bcdc08dd2] Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to the latest git HEADRafał Miłecki2019-09-181-3/+3
| | | | | | | | 62dc8c0 system: sysupgrade: send reply on error 2710c65 system: refuse sysupgrade with backup if it's unsupported Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 04e912d21720b2d906d84aaf172af79a25076a41)
* mac80211: brcmfmac: backport the last 5.4 changesRafał Miłecki2019-09-164-1/+413
| | | | | | | | This makes brcmfmac use the same wiphy after PCIe reset to help user space handle corner cases (e.g. firmware crash). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit f39f4b2f6d4300995270f635261b07197e8cf61e)
* treewide: sysupgrade: use $UPGRADE_BACKUP to check for backupRafał Miłecki2019-09-163-3/+2
| | | | | | | | Now that $UPGRADE_BACKUP is set conditionally there is no need to check the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit a858db313687ddfa6ed1ddba76bd74844a7b89dc)
* procd: update to the latest git HEADRafał Miłecki2019-09-161-3/+3
| | | | | | | | | | b8238df sysupgrade: support "backup" attribute This update requires "sysupgrade" method callers to pass "backup" attribute if $UPGRADE_BACKUP is used in the project. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 9785a9121d2d7a0a25bcd2924ee78fafada056da)
* base-files: sysupgrade: pass "backup" ubus attributeRafał Miłecki2019-09-161-0/+3
| | | | | | | | | This explicitly tells procd what backup file should be used during sysupgrade (if any). It's much more generic this way compared to the magic /tmp/sysupgrade.tgz file that had to be created before a call. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit c5223b26a40ae61fc7750bf865464048af328ab1)
* odhcpd: retry failed PD assignments on addrlist changeHans Dedecker2019-09-151-3/+3
| | | | | | 88d9ab6 dhcpv6: retry failed PD assignments on addrlist change Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iwinfo: update to latest Git HEADDavid Bauer2019-09-151-3/+3
| | | | | | | | a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886 1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887 Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 7db2f1a71f202023154e80758079193fc47352eb)
* base-files: validate firmware for compatibility with backupRafał Miłecki2019-09-121-0/+7
| | | | | | | | | | This allows platform code to check if firmware image can be used with preserving a backup. It may be used e.g. when installing vendor firmwares that won't restore appended backup archive. Suggested-by: Luis Araneda <luaraneda@gmail.com> Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 1c510fe2980cd787602786e82f44602549d607d4)
* treewide: use new procd sysupgrade $UPGRADE_BACKUP variableRafał Miłecki2019-09-122-2/+1
| | | | | | | | | | | It's a variable set by procd that should replace hardcoded /tmp/sysupgrade.tgz. This change requires the most recent procd with the commit 0f3c136 ("sysupgrade: set UPGRADE_BACKUP env variable"). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 641f6b6c26cb9ab5e1198810015e5f4b2b5b34ad)
* treewide: don't hardcode "sysupgrade.tgz" file nameRafał Miłecki2019-09-122-1/+3
| | | | | | | | | 1) Add BACKUP_FILE and use it when copying an archive to be restored after sysupgrade (on the next preinit). 2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit bf390478727ac5f4f9d6fb684de48b8150bcec67)
* hostapd: SAE/EAP-pwd side-channel attack updateHauke Mehrtens2019-09-109-1/+397
| | | | | | | | | Fixes this security problem: * SAE/EAP-pwd side-channel attack update https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)
* hostapd: Fix security problem in EAP-pwdHauke Mehrtens2019-09-103-1/+81
| | | | | | | | | | | | This fixes: CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment" https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt This should not affect OpenWrt in the default settings as we do not use EAP-pwd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 9f34bf51d60a237696b1d4cc9b5f4835b95e7ea2)
* mac80211: brcmfmac: backport more kernel 5.4 changesRafał Miłecki2019-09-098-9/+283
| | | | | | | | Patch getting RAM info got upstreamed. A debugging fs entry for testing reset feature was added. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 681acdcc54d2e59135bb706c38bed942f74ccf74)
* odhcp6c: update to latest git HEADHans Dedecker2019-09-071-2/+2
| | | | | | | e199804 dhcpv6: sanitize oro options Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 1855c237948e211849d79765ca749cdea6a79987)
* procd: update to the latest git HEADRafał Miłecki2019-09-061-3/+3
| | | | | | | | | | | 0f3c136 sysupgrade: set UPGRADE_BACKUP env variable 0bcbbbf system: fix uninitialized variables in firmware validation code This update includes a fix for uninitialized variable usage. Fixes: db5164d3d056 ("procd: update to the latest git HEAD") Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit e8dcbbc865cb6acef1cfbafe77f30c1f003c3dc3)
* procd: update to the latest git HEADRafał Miłecki2019-09-041-3/+3
| | | | | | | | | | | | | 34ac88c system: reject sysupgrade of invalid firmware images by default f55c235 system: reject sysupgrade of broken firmware images e990e21 system: add "validate_firmware_image" ubus method This update changes "sysupgrade" ubus method API. It's now required to pass "force" attribute whenever invalid firmware is meant to be installed. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 7290963d0992b9aa412e0066dcf721857fbd40f7)
* base-files: pass "force" parameter to the "sysupgrade" callRafał Miłecki2019-09-041-0/+3
| | | | | | | | This makes sysupgrade work with the most recent procd that validates firmware before proceeding. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit b71962da16c2e2b93d633d7bde1436b3da2bf740)
* uci: update to latest Git HEADHauke Mehrtens2019-09-041-3/+3
| | | | | | | 415f9e4 uci/file: replace mktemp() with mkstemp() Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 6aa962a62288952aec08c1f67fb0735f420f720e)
* iwinfo: update to latest Git HEADHauke Mehrtens2019-09-041-3/+3
| | | | | | | | | f599a8d iwinfo: Fix rate buffer size 71ec9be iwinfo: Fix buffer size f8ef450 iwinfo: Add support for WPA3 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 6658447534152b72a3341b369f1eb545618fa7cf)
* nftables: bump to version 0.9.2Konstantin Demin2019-09-042-31/+4
| | | | | | | | | | | | | | | - exclude Python-related stuff from build - drop patches: * 010-uclibc-ng.patch, applied upstream ipkg size decrease by 2.8%: old: 194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk new: 189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit b74f1f335a792a15feb0fd839a69486050d3531f)
* libnftnl: bump to version 1.1.4Konstantin Demin2019-09-041-2/+2
| | | | | | | | | | | | | ABI version is same. The ipkg size increase by about 2.2%: old: 47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk new: 48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit 699955a684eb8f6eb39123632ec7e193fa132753)
* rpcd: update to latest Git HEADJo-Philipp Wich2019-09-041-3/+3
| | | | | | | | 821045f file: add path based read/write/exec ACL checks fb337e5 file: add stat() information to directory listings Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 02169bd3f8ccfa3076bb4d46e979d2fdcc7d413e)
* uhttpd: add support to generate EC keysEneas U de Queiroz2019-09-043-2/+14
| | | | | | | | | This adds the key_type and ec_curve options to enable the generation of EC keys during initialization, using openssl or the new options added to px5g. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 7f2b230b3b9d0a7fb758db3a9b1958845506a5a3)
* px5g: support EC keysEneas U de Queiroz2019-09-042-19/+71
| | | | | | | | | | | | | | | | | | | This adds an 'eckey' command to generate an EC key, with an optional curve name argument, with P-256 as default. For the 'selfsigned' command, it adds an 'ec' algorithm argument to the '-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option, mirroring the way openssl specifies the curve name. Notice that curve names are not necessarily the same in mbedtls and openssl. In particular, secp256r1 works for mbedtls, but openssl uses prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256 and P-384 are specifically supported. Package size increased by about 900 bytes (arm). Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit a552ababd4ff8e91d3f03f7496f12d080a71ba28)
* openssl: always build with EC supportEneas U de Queiroz2019-09-042-19/+2
| | | | | Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit f40262697f5aebed25313a1b2eb8f68d37c97e60)
* libnfnetlink: Avoid passing both -fPIC and -fpicRosen Penev2019-09-041-3/+4
| | | | | | | | | Instead, instruct the configure script to use $(FPIC) only. Mixing -fPIC and -fpic can cause issues on some platforms like PPC. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 926157c2ccb02aa06b343662ecbd2571faf6eddd)
* ncurses: Do not pass both -fPIC and -fpicRosen Penev2019-09-041-2/+4
| | | | | | | | | | | The configure scripts matches Linux with -fPIC, which is not exactly what is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to avoid passing -fPIC. Removed PKG_BUILD_DIR as it is already the default value. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit e2ecf39e8e49e43b4d358853f9da51e3897d042c)
* base-files: use JSON for storing firmware validation infoRafał Miłecki2019-09-042-14/+73
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So far firmware validation result was binary limited: it was either successful or not. That meant various limitations, e.g.: 1) Lack of proper feedback on validation problems 2) No way of marking firmware as totally broken (impossible to install) This change introduces JSON for storing detailed validation info. It provides a list of performed validation tests and their results. It allows marking firmware as non-forceable (broken image that can't be even forced to install). Example: { "tests": { "fwtool_signature": true, "fwtool_device_match": true }, "valid": true, "forceable": true } Implementation is based on *internal* check_image bash script that: 1) Uses existing validation functions 2) Provides helpers for setting extra validation info This allows e.g. platform_check_image() to call notify_check_broken() when needed & prevent user from bricking a device. Right now the new JSON info is used by /sbin/sysupgrade only. It still doesn't make use of "forceable" as that is planned for later development. Further plans for this feature are: 1) Expose firmware validation using some new ubus method 2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus method so: a) It's possible to safely sysupgrade using ubus only b) /sbin/sysupgrade can be more like just a CLI Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit f522047958f99ab7b506ec550f796c0460af1a85)
* procd: fix compile issue with glibc (FS#2469)Hans Dedecker2019-09-041-3/+3
| | | | | | | 0430252 sysupgrade: add missing _GNU_SOURCE define (FS#2469) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 6e45ba4699eb8424951648cfeddc0a8633f8891e)
* openssl: refresh patchesChristian Lamparter2019-09-043-7/+7
| | | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 5ef3fe614c1e8c350ca0083f61577a89c002bc53)
* treewide: sysupgrade: pass "save_partitions" option to the "sysupgrade" methodRafał Miłecki2019-09-042-12/+2
| | | | | | | | This explicitly lets stage2 know if partitions should be preserved. No more "touch /tmp/sysupgrade.always.overwrite.bootdisk.partmap" hack. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit b6f4cd57e19a8cfcd9ff52582b65164ce6213c3d)
* base-files: pass "save_config" option to the "sysupgrade" methodRafał Miłecki2019-09-044-5/+6
| | | | | | | This explicitly lets stage2 know if config should be preserved. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit b534ba96110012d2697d19d71b7dcd60bd4cd375)
* procd: update to latest git HEADRafał Miłecki2019-09-041-3/+3
| | | | | | | 9558031 system: support passing "options" to the "sysupgrade" ubus method Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 2b1a6d263cc84ac6189447fe971b52d8b34cea51)
* firewall: update to latest git HEADKevin Darbyshire-Bryant2019-09-041-3/+3
| | | | | | | bf29c1e firewall3: ipset: Handle reload_set properly Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit bd01346bb463d371627739fad539310ef5bd4146)
* elfutils: bump to 0.177Luiz Angelo Daros de Luca2019-09-042-43/+4
| | | | | | | 200-uclibc-ng-compat.patch is upstream now. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> (cherry picked from commit 0851ce4ff97260a0fab2a507ee8370e60f78370d)
* iftop: update to HEAD of 2018-10-03 - 77901cChristian Lamparter2019-09-041-3/+3
| | | | | | | | | | | | | Update iftop to commit 77901c8c53e01359d83b8090aacfe62214658183 git log --pretty=oneline --abbrev-commit 949ed0f7..77901c8c 77901c8 Support scales beyond 1Gbps Created with the help of the make-package-update-commit.sh script. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit cfd0748497c5c27c6d0f80b0ad3698ffe4428352)
* nghttp2: bump to 1.39.2Hans Dedecker2019-09-041-2/+2
| | | | | | | | | | 957abacf Bump up version number to 1.39.2, LT revision to 32:0:18 83d362c6 Don't read too greedily a76d0723 Add nghttp2_option_set_max_outbound_ack db2f612a nghttpx: Fix request stall Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 58f929077f8687adbf75338504f319d054a96153)
* ltq-ifxos: refer to https://bugs.openwrt.orgYousong Zhou2019-09-041-1/+1
| | | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit f0f5cb26cb7ced03c70063d08c90d211f80b7a31)
* ct-bugcheck: report to https://openwrt.org by defaultYousong Zhou2019-09-041-1/+1
| | | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit 26615ededcdc7c6d30c72d77c3a890be1f777b32)
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-12 04:30:35 +0000