aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* kernel: add packaging for Xeon iTCO watchdog timerPhilip Prindeville2017-09-171-0/+17
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* mwlwifi: update to version 10.3.4.0 / 2017-08-10Kabuli Chana2017-09-171-3/+3
| | | | | | Update mwlwifi Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
* libs/wolfssl: bump to version 3.12.0 ; add myself as maintainerAlexandru Ardelean2017-09-171-3/+4
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: adjust symbol defaults against libwolfssl defaultsAlexandru Ardelean2017-09-171-7/+7
| | | | | | | | Some symbols have been renamed. Some are default enabled/disabled, so we need to adjust semantics against that. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: disable hardening check in `settings.h`Alexandru Ardelean2017-09-171-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This seems to cause a false-positive warning/error while building `libwebsockets-cyassl`. ``` make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1' make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1' [ 2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0, from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33, from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30, from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256, from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43: /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp] #warning "For timing resistance / side-channel attack prevention consider using harden options" ``` Hardening is enabled by default in libwolfssl at build-time. However, the `settings.h` header is exported (along with other headers) for build (via Build/InstallDev). This looks like a small bug/issue with wolfssl. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`Alexandru Ardelean2017-09-176-44/+44
| | | | | | | | | | | | This is to eliminate any ambiguity about the cyassl/wolfssl lib. The rename happened some time ago (~3+ years). As time goes by, people will start to forget cyassl and start to get confused about the wolfSSL vs cyassl thing. It's a good idea to keep up with the times (moving forward). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: add libcysassl to PROVIDES field (for backwards compat)Alexandru Ardelean2017-09-171-0/+1
| | | | | | | | Until other packages from feeds decide to rename the dependency of `+libcyassl` to `+libwolfssl`, this allows for a bit of backwards compatibility with those packages. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* wwan: json format in some modem definitionsAlexandru Ardelean2017-09-16268-349/+349
| | | | | | | | | | | | | | | | | | | | Method used: ``` cd package/network/utils/wwan/files/data sed -e 's/}}/}/g' -i * sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i * sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i * ``` Manually adjusted commas. Validated with ``` for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done ``` Thanks to @lynxis for pointing out the commas. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* odhcpd: don't enable server mode on non-static lan portKarl Palsson2017-09-162-4/+19
| | | | | | | | | | | | Instead of blindly enabling the odhcpd v6 server and RA server on the lan port, only do that if the lan port protocol is "static" This prevents the unhelpful case of a device being a dhcpv4 client and v6 server on the same ethernet port. Signed-off-by: Karl Palsson <karlp@etactica.com> [PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup] Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to git HEAD versionHans Dedecker2017-09-131-3/+3
| | | | | | | | | | | | | | | | f0bce9c dhcpv4: fix memset compile issue 0ba3278 dhcpv4: rework assignment lookup e3b49f3 dhcpv4: cleanup dhcpv4_test usage 47fe122 dhcpv4: rework lease expire handling logic 028ab85 dhcpv4: force renew nonce authentication support a827fca dhcpv4: avoid segfault when there's no IPv4 prefix bea088b ndp: detect ifindex changes via interface netlink events f66103e ubus: display accept reconf status for DHCPv6 assignments f0e354b treewide: replace RELAYD prefix naming in macros 1a313f9 dhcpv4: fix possible segfault when lease is not created e2d6eb4 dhcpv4: dhcpv4: move interface lease list insertion out of dhcpv4_assign Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* treewide: fix shellscript syntax errors/typosLorenzo Santina2017-09-139-10/+9
| | | | | | | | | Fix multiple syntax errors in shelscripts (of packages only) These errors were causing many conditions to not working properly Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [increase PKG_RELEASE, drop command substitution from directip.sh] Signed-off-by: Mathias Kresin <dev@kresin.em>
* basefiles: allow suid coredumpsKevin Darbyshire-Bryant2017-09-122-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set sysctl fs.suid_dumpable = 2 This allows suid processes to dump core according to kernel.core_pattern setting. LEDE typically uses suid to drop root priviledge rather than gain it but without this setting any suid process would be unable to produce coredumps (e.g. dnsmasq) Processes still need to set a non zero core file process limit ('ulimit -c unlimited' or if procd used 'procd_set_param limits core="unlimited"') in order to produce a core. This setting removes an obscure stumbling block along the way. >From https://www.kernel.org/doc/Documentation/sysctl/fs.txt suid_dumpable: This value can be used to query and set the core dump mode for setuid or otherwise protected/tainted binaries. The modes are 0 - (default) - traditional behaviour. Any process which has changed privilege levels or is execute only will not be dumped. 1 - (debug) - all processes dump core when possible. The core dump is owned by the current user and no security is applied. This is intended for system debugging situations only. Ptrace is unchecked. This is insecure as it allows regular users to examine the memory contents of privileged processes. 2 - (suidsafe) - any binary which normally would not be dumped is dumped anyway, but only if the "core_pattern" kernel sysctl is set to either a pipe handler or a fully qualified path. (For more details on this limitation, see CVE-2006-2451.) This mode is appropriate when administrators are attempting to debug problems in a normal environment, and either have a core dump pipe handler that knows to treat privileged core dumps with care, or specific directory defined for catching core dumps. If a core dump happens without a pipe handler or fully qualifid path, a message will be emitted to syslog warning about the lack of a correct setting. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* ath10k: Re-enable intermediate softqueues for all devicesToke Høiland-Jørgensen2017-09-112-2/+29
| | | | | | | | | | | | The upstream ath10k driver disables the intermediate softqueues for some devices. This patch reverts that behaviour and always enables the softqueues (and associated bufferbloat fixes). We have had reports of people running this with good results: https://lists.bufferbloat.net/pipermail/make-wifi-fast/2017-September/001497.html This also refreshes mac80211 patches. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* strace: bump to 4.19Stijn Tintel2017-09-111-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* mbedtls: update to 2.6.0 CVE-2017-14032Kevin Darbyshire-Bryant2017-09-112-28/+28
| | | | | | | | | | | | | | | Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>
* tcpdump: bump to 4.9.2Stijn Tintel2017-09-112-37/+41
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* lldpd: bump to 0.9.8Stijn Tintel2017-09-111-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: fix iapp_interface optionLorenzo Santina2017-09-101-1/+1
| | | | | | | ifname variable were not assigned due to syntax error causing the hostapd config file to have an empty iapp_interface= option Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
* dnsmasq: backport arcount edns0 fixKevin Darbyshire-Bryant2017-09-082-1/+45
| | | | | | | | | Don't return arcount=1 if EDNS0 RR won't fit in the packet. Omitting the EDNS0 RR but setting arcount gives a malformed packet. Also, don't accept UDP packet size less than 512 in received EDNS0. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: backport official fix for CVE-2017-13704Kevin Darbyshire-Bryant2017-09-073-38/+95
| | | | | | | | | Remove LEDE partial fix for CVE-2017-13704. Backport official fix from upstream. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
* uclient: update to 2017-09-06Matthias Schiffer2017-09-061-3/+3
| | | | | | | 24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses 83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* odhcp6c: add workaround for broken extendprefix scenarioHans Dedecker2017-09-052-3/+20
| | | | | | | | | | | | Extendprefix is typically used to extend an IPv6 RA prefix from a mobile wan link to the LAN; such scenario requires correct RA prefix settings like the on link flag not being set. However some mobile manufacter set the RA prefix on link flag which breaks basic IPv6 routing. Work around this issue by filtering out the route being equal to the extended prefix. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: fix mt76x8 dependenciesJohn Crispin2017-09-051-1/+1
| | | | | | | The commit merging mt7628 and mt7688 failed to update some dependencies. Signed-off-by: John Crispin <john@phrozen.org>
* odhcp6c: add ra_holdoff config option and update to git HEAD version (FS#964)Hans Dedecker2017-09-032-6/+9
| | | | | | | | | 51733a6 ra: align RA update interval with RFC4861 (FS#964) Add ra_holdoff config option which allows to configure the RA minimum update interval which is by default 3 seconds as stated in RFC4861. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: add /etc/profile.d to conffilesStijn Tintel2017-09-031-0/+1
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* base-files: order conffiles alphabeticallyStijn Tintel2017-09-031-10/+10
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ubox: update to git HEAD versionHans Dedecker2017-09-011-3/+3
| | | | | | | | | | | | | | b1bc8d5 kmodloader: log error message in case of out of memory f346111 kmodloader: lift restriction on module alias info f1ef2c3 kmodloader: fix possible segfaults 9cb63df kmodloader: fix endianess check 2cff779 kmodloader: Check module endian before loading d54f38a kmodloader/get_module_info: initialized aliases to make it more clean a0b6fef kmodloader: insmod: fix a memoryleak in error case 278c4c4 kmodloader/get_module_name: null-terminate the string 16f7e16 syslog: remove unnecessary sizeof struct between messages Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: mdns: Support txt values with spacesKarl Palsson2017-09-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Properly quote the arguments so that you can register a service with TXT entries that contains spaces. Example: procd_add_mdns myservice tcp 9999 "key=descriptive text field 1" \ "another=something equally verbose" Output before: $ avahi-browse -r -v _myservice._tcp _myservice._tcp local hostname = [blah.local] address = [192.168.255.74] port = [9999] txt = ["verbose" "equally" "another=something" "1" "field" "text" "key=descriptive"] Output now: $ avahi-browse -r -v _myservice._tcp _myservice._tcp local hostname = [blah.local] address = [192.168.255.74] port = [9999] txt = ["another=something equally verbose" "key=descriptive text field 1"] Signed-off-by: Karl Palsson <karlp@etactica.com>
* Revert "dropbear: Link ssh and scp command to /bin instead of /usr/bin"John Crispin2017-08-311-3/+3
| | | | | | This reverts commit f7528ed0a8586434e18e9007b1bf0d05a18d6418. Signed-off-by: John Crispin <john@phrozen.org>
* dropbear: Link ssh and scp command to /bin instead of /usr/binRosen Penev2017-08-311-3/+3
| | | | | | | | ssh and scp commands interfere with OpenSSH when installed in /usr/bin . One use case is when installing dropbear to get root access when only OpenSSH is available (OpenSSH disallows root password logins). Once dropbear installs, it replaces OpenSSH's executables, even when removed with opkg. OpenSSH must be reinstalled to get them back. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* busybox: update to 1.27.2Magnus Kroken2017-08-3030-1121/+951
| | | | | | | | | | Refresh patches, delete patches backported from upstream. This fixes ntpd sync issues (ntpd would not sync if the first provided peer address was unreachable). Signed-off-by: Magnus Kroken <mkroken@gmail.com> Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* uboot-envtools: Add support for IPQ806x AP148 and DB149Ram Chandra Jangir2017-08-301-0/+21
| | | | | | | | | IPQ806x AP148 and DB149 boards didn't have the UCI ubootenv section initialized, so the usage of fw_printenv required manual configuration. With this change, the "fw_printenv" and "fw_setenv" command will automatically work on NOR and NAND based platforms. Signed-off-by: Ram Chandra Jangir <rjangir@codeaurora.org>
* busybox: move passwd applet to /binDaniel Golle2017-08-301-0/+11
| | | | | | | | | | busybox currently installs passwd into /usr/bin which prevents its 'full' shadow-utils variant from being installed. Move the passwd applet to /bin to avoid that collision. shadow also provides /usr/bin/login which doesn't collide with busybox as the busybox login applet is installed at /bin/login. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* busybox: move traceroute applets to /binDaniel Golle2017-08-302-8/+13
| | | | | | | | | | | busybox currently installs traceroute and traceroute6 into /usr/bin which prevents their 'full' iputils variants from being installed. Move those applets to /bin so they can coexist with their iputils siblings using the same PATH convention already applied for coreutils and other drop-in 'full' versions. Refresh existing patch while at it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* samba36: Remove syslog and load printers lines.Rosen Penev2017-08-301-2/+0
| | | | | | printer support is removed using 200-remove_printer_support.patch. the syslog parameter requires samba to be compiled with --with-syslog. Currently samba does not log to syslog and probably has not for a long time. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: Don't resolve interfaces.Rosen Penev2017-08-302-7/+2
| | | | | | | It's redundant and also buggy. IPv6 link local addresses and ::1 are not resolved for example. Doesn't matter since lo and br-lan for example, resolve to them. Signed-off-by: Rosen Penev <rosenp@gmail.com> Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* samba36: Remove guest ok since LuCI configures it.Rosen Penev2017-08-301-2/+1
| | | | | | guest ok is set per share and as such, don't override it. also, fix an error introduced in the last commit. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* dnsmasq: forward.c: fix CVE-2017-13704Kevin Darbyshire-Bryant2017-08-302-1/+38
| | | | | | | | | | | | | | | | Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset() is called with header & limit pointing at the same address and thus tries to clear memory from before the buffer begins. answer_request() is called with an invalid edns packet size provided by the client. Ensure the udp_size provided by the client is bounded by 512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512 MUST be treated as equal to 512" The client that exposed the problem provided a payload udp size of 0. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to git HEAD versionHans Dedecker2017-08-291-3/+3
| | | | | | 7d94ede system-linux: parse map-e fmrs parameters as nested data json object Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* map: use nested json data object to store map-e fmrs parametersHans Dedecker2017-08-292-7/+11
| | | | | | | Replace the string array containing the fmrs parameters by a nested data json object holding an array of fmrs parameters Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* lantiq: ltq-ptm: fix ADSL showtime handlerDaniel Golle2017-08-291-1/+1
| | | | | | | commit 2d6c7c2526b6 introduced a reference to g_xdata_addr which isn't defined in that context. Use xdata_addr here instead. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* map: fix boolean argument passed to blobmsg_check_attr in mapcalcHans Dedecker2017-08-262-2/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: fix indentationHans Dedecker2017-08-251-3/+3
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: add support for multiple tags for each host.Kuang Rufan2017-08-252-2/+7
| | | | | | | | | | | | | | | | | | | | | | | Currently, dnsmasq support assigning multiple tags to a host record (--dhcp-host), but we only support only 1 tag for a host. The commit makes the following config to be valid: config host option name 'computer' option mac '00:11:22:33:44:55' option ip '192.168.1.100' list tag 'vendor_class' list tag 'vendor_id' config tag 'vendor_class' list dhcp_option 'option:vendor-class,00:...<omitted>' config tag 'vendor_id' option force '1' list dhcp_option 'option:vendor-id-encap,00:...<omitted>' Signed-off-by: Kuang Rufan <kuangrufan@pset.suntec.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* f2fs-tools: fix mkfs.f2fs on big-endian systemsStijn Tintel2017-08-252-1/+67
| | | | | | Fixes: FS#749 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* f2fs-tools: drop musl compat patchStijn Tintel2017-08-251-10/+0
| | | | | | It is no longer needed since version 1.4.1. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* f2fs-tools: drop patch in favour of CONFIGURE_VARSStijn Tintel2017-08-252-19/+3
| | | | | | | | Override the failing check in configure with CONFIGURE_VARS instead of carrying a patch that's unlikely to be accepted by upstream. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: John Crispin <john@phrozen.org>
* map: add ealen as configurable uci parameterHans Dedecker2017-08-242-1/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* xtables-addons: update to version 2.13Koen Vandeputte2017-08-241-2/+2
| | | | | | | | | | | | | | | | | Changes: 89d1b80 xt_condition: namespace support #2 c839e87 xt_geoip: check for allocation overflow a587f95 compat_xtables: use more accurate printf format for NIPQUAD 1874fcd xt_DNETMAP: fix a buffer overflow 21ea7b7 xt_LOGMARK: resolve new gcc7 warnings ee8da2b build: support for Linux 4.12 19a4359 xt_condition: add support for namespaces 1b37966 xt_psd: resolve compiler warning Tested on cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* Revert "iputils: switch to new upstream"John Crispin2017-08-248-101/+330
| | | | | | | This reverts commit 77d3ac8e3ecd7989a7cffb575c4a42bc68190b6c. This reverts commit e665b3df2a47ba5bb049d13358937ac67b860b70. Signed-off-by: John Crispin <john@phrozen.org>