aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-181-1/+1
| | | | | | | | | | The previous commit did not adjust PKG_RELEASE, therefore the hostapd/wpad/wpa_supplicant packages containing the AP-side workaround for KRACK do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* wireguard: version bump to 0.0.20171017Jason A. Donenfeld2017-10-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a simple version bump. Changes: * noise: handshake constants can be read-only after init * noise: no need to take the RCU lock if we're not dereferencing * send: improve dead packet control flow * receive: improve control flow * socket: eliminate dead code * device: our use of queues means this check is worthless * device: no need to take lock for integer comparison * blake2s: modernize API and have faster _final * compat: support READ_ONCE * compat: just make ro_after_init read_mostly Assorted cleanups to the module, including nice things like marking our precomputations as const. * Makefile: even prettier output * Makefile: do not clean before cloc * selftest: better test index for rate limiter * netns: disable accept_dad for all interfaces Fixes in our testing and build infrastructure. Now works on the 4.14 rc series. * qemu: add build-only target * qemu: work on ubuntu toolchain * qemu: add more debugging options to main makefile * qemu: simplify shutdown * qemu: open /dev/console if we're started early * qemu: phase out bitbanging * qemu: always create directory before untarring * qemu: newer packages * qemu: put hvc directive into configuration This is the beginning of working out a cross building test suite, so we do several tricks to be less platform independent. * tools: encoding: be more paranoid * tools: retry resolution except when fatal * tools: don't insist on having a private key * tools: add pass example to wg-quick man page * tools: style * tools: newline after warning * tools: account for padding being in zero attribute Several important tools fixes, one of which suppresses a needless warning. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: add wpa_disable_eapol_key_retries optionStijn Tintel2017-10-171-0/+5
| | | | | | | | | | | | | | Commit 2127425434046ae2b9f02fdbbdd37cac447af19c introduced an AP-side workaround for key reinstallation attacks. This option can be used to mitigate KRACK on the station side, in case those stations cannot be updated. Since many devices are out there will not receive an update anytime soon (if at all), it makes sense to include this workaround. Unfortunately this can cause interoperability issues and reduced robustness of key negotiation, so disable the workaround by default, and add an option to allow the user to enable it if he deems necessary. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: backport extra changes related to KRACKStijn Tintel2017-10-179-9/+442
| | | | | | | | While these changes are not included in the advisory, upstream encourages users to merge them. See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-171-1/+1
| | | | | | | | | The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* mac80211: backport kernel fix for CVE-2017-13080Stijn Tintel2017-10-171-0/+81
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ppp: make the patches apply correctly againHauke Mehrtens2017-10-161-1/+1
| | | | | | | This fixes a compile problem recently introduced by me. Fixes: f40fd43ab2f ("ppp: fix compile warning") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wireguard: add wireguard to base packagesJason A. Donenfeld2017-10-162-0/+308
| | | | | | | | | | | | | | | | | | | | | | | Move wireguard from openwrt/packages to base a package. This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving experimental kernel module that many find essential and useful. The other is a VPN client. Both are inside of core. When you combine the two characteristics, you get WireGuard. Generally speaking, because of the extremely lightweight nature and "stateless" configuration of WireGuard, many view it as a core and essential utility, initiated at boot time and immediately configured by netifd, much like the use of things like GRE tunnels. WireGuard has a backwards and forwards compatible Netlink API, which means the userspace tools should work with both newer and older kernels as things change. There should be no versioning requirements, therefore, between kernel bumps and userspace package bumps. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Acked-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Felix Fietkau <nbd@nbd.name>
* hostapd: merge fixes for WPA packet number reuse with replayed messages and ↵Felix Fietkau2017-10-1614-29/+965
| | | | | | | | | | | | | | | | | | | | | key reinstallation Fixes: - CERT case ID: VU#228519 - CVE-2017-13077 - CVE-2017-13078 - CVE-2017-13079 - CVE-2017-13080 - CVE-2017-13081 - CVE-2017-13082 - CVE-2017-13086 - CVE-2017-13087 - CVE-2017-13088 For more information see: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ppp: fix compile warningHauke Mehrtens2017-10-151-0/+1
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: xrx200: rename nas0/ptm0 to dsl0Martin Schiller2017-10-152-2/+10
| | | | | | | | | | | | | This change makes it possible to configure the wan/dsl ppp interface settings independantly from the used TC-Layer (ATM/PTM). Now you can move a device from an ADSL/ATM port to an VDSL/PTM port without any configuration changes for example. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [use the dsl0 interface name for the default netdev trigger in 01_led, add ip dependency] Signed-off-by: Mathias Kresin <dev@kresin.me>
* mac80211: ath6kl: add missing usb-core dependency to kmod-ath6kl-usbHauke Mehrtens2017-10-151-1/+1
| | | | | | | This fixes a build problem with many targets. Fixes 618ed77a17422a ("mac80211: add ath6kl kernel modules") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: kmod-macsec module for 4.9Christian Lamparter2017-10-151-0/+15
| | | | | | | | | | | | | | | | | | | MACsec/IEEE 802.1AE is useful to secure communication to and from endpoints at Layer 2. Starting with 4.6, the linux kernel provides a universal macsec driver for authentication and encryption of traffic in a LAN, typically with GCM-AES-128, and optional replay protection. http://standards.ieee.org/getieee802/download/802.1AE-2006.pdf Note: LEDE can utilize MACsec with a static connectivity association key (static PSK) with the ip-full package installed. <http://man7.org/linux/man-pages/man8/ip-macsec.8.html> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* libs/libnl: Update to 3.3.0Daniel Engberg2017-10-156-115/+298
| | | | | | | | | | Update libnl to 3.3.0 Import patches to fix compilation Source: https://git.busybox.net/buildroot/tree/package/libnl Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287 Use more automatic toolchain logic Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* package/kernel/leds-apu2: add apu3 board detectionFlorian Eckert2017-10-151-1/+4
| | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* package/kernel/leds-apu2: fix whitespacesFlorian Eckert2017-10-151-15/+15
| | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* wpan-tools: add the wpan-ping to test the 6LoWPAN networkYunhui Fu2017-10-151-0/+1
| | | | | | | This patch adds the help tool wpan-ping to test the 6LoWPAN network to help the user debug network problem. Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
* mac80211: add ath6kl kernel modulesBen Whitten2017-10-151-2/+47
| | | | | | Allow board to include the ath6kl kernel modules. Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
* linux-firmware: add ath6k firmware to packageBen Whitten2017-10-151-0/+10
| | | | | | | Systems which include the ath6k chipset need to have the firmware included in the image. Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
* busybox: provide "ip"Hans Dedecker2017-10-141-0/+1
| | | | | | | Let busybox provide "ip" as it supports the ip applets link, address, route, rule and neighbor Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* at91bootstrap: remove manual copy of binaries to BIN_DIRSandeep Sheriker Mallikarjun2017-10-141-2/+10
| | | | | | | removed copying of binaries to BIN_DIR during install and using default/install to install binaries to BIN_DIR folder. Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
* at91bootstrap: Add BUILD_SUBTARGET variableSandeep Sheriker Mallikarjun2017-10-141-2/+3
| | | | | | | | | Added sama5 to BUILD_SUBTARGET variable.This will populate at91bootstrap menu options in bootloader menu only when SAMA5 devices are selected as SUBTARGET and to avoid showing up this menu when legacy device is selected as SUBTARGET and fixed typo mistake: sama5d3 -> sama5d2. Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
* uboot-at91: multiple build fixesHauke Mehrtens2017-10-141-21/+23
| | | | | | | | | | | This fixes the following problems: * Add BUILD_DEVICES for legacy subtarget * Use features from u-boot.mk for sama5 subtarget This is mainly done by changing the prefix from uboot to U-Boot. This makes them depend on the sama5 subtarget and not selectable for the legacy subtarget any more Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iproute2: bump to 4.13Hans Dedecker2017-10-1311-38/+51
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mac80211: fix tx power regressionFelix Fietkau2017-10-131-1/+1
| | | | | | | Revert an accidental change that was introduced by having an old version of the patch in my git tree, which was merged in 609208597b6d Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: add listen_address parameterChristian Lamparter2017-10-132-1/+6
| | | | | | | | | | | | | | | | | | | | | | | This patch adds a parser for the uci representation of dnsmasq's "-a | --listen-address" option. In summary, this option forces dnsmasq to listen on the given IP address(es). Both interface and listen-address options may be given, in which case the set of both interfaces and addresses is used. Note that if no interface option is given, but listen_address is, dnsmasq will not automatically listen on the loopback interface. To achieve this, the loopback IP addresses, 127.0.0.1 and/or ::1 must be explicitly added. This option is useful for ujailed dnsmasq instances, that would otherwise fail to work properly, because listening to the "This host on this network" address (aka 0.0.0.0 see rfc1700 page 4) may not be allowed. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
* mt76: update to the latest versionFelix Fietkau2017-10-132-89/+3
| | | | | | | e781569 update to latest mac80211/cfg80211 API changes 37654d7 mt76x2: fix tx status ampdu length corner case Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: update to wireless-testing 2017-10-06Felix Fietkau2017-10-1316-202/+351
| | | | | | | Rework the code to get rid of some extra kernel module dependencies introduced in the last update. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ath10k-ct: activate user space firmware loading againHauke Mehrtens2017-10-124-10/+46
| | | | | | | | | This backports a patch from kernel 4.14 to the ath10k-ct version based on kernel 4.13. Some devices are using a user space script to load the calibration data from the flash and this was not trigged any more. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ath10k-ct driver: use dma_alloc_coherent, 4.13 based driverBen Greear2017-10-121-6/+11
| | | | | | | | | | This should help ath10k work on systems with little or no IOMMU memory. apu2 can boot two 9888 NICs now, for instance. From upstream patch by Adrian Chadd. And, start building the 4.13 based CT ath10k driver. Signed-off-by: Ben Greear <greearb@candelatech.com>
* ath10k-ct firmware: Tx-hang and EAPOL handling fixes for wave-2 firmware.Ben Greear2017-10-121-10/+10
| | | | | | | | | | | | | | | | | | Changes since last LEDE release include: * Fix key-setting bug that broke sending the EAPOL 2/4 in some cases. This was a bug I introduced some time back while trying to fix .11r and simplify the key handling logic. (Patch to wpa_supplicant fixed the race with sending the 4/4 and setting the key...un-patched supplicant will still have this race and the 4-way auth will not work as reliably.) * Increase amount of active-tids that can be scheduled. This fixes a tx-stall seen with many station vdevs. * Fix bug in upstream code that would cause the maximum peer to never be scheduled for tx. Signed-off-by: Ben Greear <greearb@candelatech.com>
* net: uqmi: fix blocking in endless loops when unplugging deviceAlexandru Ardelean2017-10-091-0/+2
| | | | | | | | | | | If you unplug a QMI device, the /dev/cdc-wdmX device disappears but uqmi will continue to poll it endlessly. Then, when you plug it back, you have 2 uqmi processes, and that's bad, because 2 processes talking QMI to the same device [and the same time] doesn't seem to work well. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* conntrack-tools: switch to gitStijn Tintel2017-10-091-7/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There have been a number of interesting fixes in conntrack-tools since the current latest release. Most notable is that this fixes IPv6 conntrack table syncing when cross-compiling conntrack-tools. 7e7748d src/main: refresh help message fe32043 conntrackd.8: refresh file 47a4dda conntrackd.8: add reference to systemd 0cfe7ff doc/manual: include some bits about init systems 74a418b conntrackd: cthelper: ftp: Set match offset/len for PORT mangling d833bed conntrackd: cthelper: ftp: Fix debug print dd4b5a1 conntrackd: cthelper: Add new mdns helper 498d698 Link nfct and helper modules with `-z lazy` 9e94e85 sync-mode: print errno message on failure ab81c35 log: print messages to stdout/sderr if running in console mode 631d92b log: introduce a mechanism to know if log was initialized ccb1c8b conntrackd: replace error reporting in the config parser with dlog() bee121e conntrackd: replace fprintf calls with dlog() 5a51b04 conntrack-tools: update Arturo Borrero Gonzalez email address abb9984 helper: remove copy and paste from uapi kernel header a91a004 src: add log message when resync is requested by other node c2d8be1 systemd: fix missing log.h include f6ca216 config: drop old/obsolete/deprecated conntrackd.conf config options 8b83771 conntrack: send mark filter to kernel iff set 1ba5e76 conntrackd: cthelper: Don't leak nat_tuple 832166d conntrackd: cthelper: Free pktb after use ff843bc conntrackd: config: Do not strdup() tokens b61c454 conntrackd: cthelper: ssdp: Track UPnP eventing 8ea394e conntrackd: Remove obsolete rule to catch ambiguous Checksum option 39398cd conntrackd: CommitTimeout breaks DisableExternalCache set On 29b390a conntrack: Support IPv6 NAT 381827a conntrackd: factorice tx_queue functions 131df89 conntrackd: factorize resync operations d31bacc conntrackd: consolidate more code to use resync_send() 3d98496 conntrackd: request resync at startup ef410bf conntrackd: remove use of HAVE_INET_PTON_IPV6 9d38445 conntrackd: evaluate configuration earlier 6feded7 conntrackd: cleanup if failed forking dbfdea7 conntrackd: deprecate unix backlog configuration 210f542 conntrackd: make the daemon run in RT mode by default 37cc7f0 conntrackd: remove warning for -S d2849d1 conntrack: Show multiple CPUs stats from proc bc0b49a conntrackd: cthelper: ssdp: fix build with musl 0c77a25 tests: don't fail on modprobe since the driver might be built-in eefe649 conntrack.8: refresh manpage Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* libnetfilter_conntrack: switch to gitStijn Tintel2017-10-091-6/+6
| | | | | | | | | | | | | | In order to build conntrack-tools from git, a newer version of libnetfilter_conntrack is required. As 1.0.6 is currently the latest release, switch to git. b0a7cf7 include: expose a copy of nf_conntrack_common.h f68f7b3 conntrack: fix missing break in setobjopt_undo_dnat() 79dac5a conntrack: revert getobjopt_is_nat() condition b266523 libnetfilter_conntrack: bump version to 1.0.7 e870432 labels: don't crash on NULL labelmap Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* libnetfilter_queue: bump to git HEADStijn Tintel2017-10-092-13/+11
| | | | | | | | | | | | | b39cac7 src: Correct typo in the location of internal.h in #include 58cb066 src: Declare the define visibility attribute together e84b559 Revert "src: Declare the define visibility attribute together" 003c2b1 examples: set dummy connmark value to show use of NFQA_CT nested attribute 63973da doc: extend the doxygen section about NFQA_CFG_F_GSO d7f74c7 build: bump version to 1.0.3 3f9eb57 build: bump library release version too 601abd1 doc: Add information about retrieving UID/GID/SECCTX fields Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* treewide: switch git.netfilter.org to HTTPSStijn Tintel2017-10-085-5/+5
| | | | | | | As git.netfilter.org seems to support HTTPS, use that instead of HTTP which is insecure, or GIT which is blocked on many corporate networks. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ipset-dns: bump to git HEADStijn Tintel2017-10-082-60/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* uboot-sunxi: build for NanoPi NEODaniel Golle2017-10-081-0/+7
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* layerscape: update packages with LSDK git treesYangbo Lu2017-10-078-36/+215
| | | | | | | | | | | | | | | | | NXP Layerscape LSDK had set up its own open source web site and github for release. https://lsdk.github.io https://github.com/qoriq-open-source This patch is to update rcw/fman_ucode/u-boot packages with LSDK git trees. Also add some patches of packages to support LEDE. Since ARMv8 32-bit u-boot images are same with ARMv8 64-bit images but 64-bit toolchain couldn't be used for 32-bit targets, we still use a private tree for ARMv8 32-bit u-boot images. This is in plan to move this private tree to NXP Layerscape github. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: rename subtargets and update makefile filesYangbo Lu2017-10-072-10/+10
| | | | | | | | Rename subtargets 32b/64b with armv8_32b/armv8_64b which are more proper, and update makefile files. There also will be other subtargets added in the future, like armv7. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* curl: add nghttp2 supportHans Dedecker2017-10-072-2/+9
| | | | | | Add config option support for nghttp2 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nghttp2: add libnghttp2 packageHans Dedecker2017-10-071-0/+47
| | | | | | | | The nghttp2 library is an implementation of the Hypertext Transfer Protocol version 2 in C; it supports RFC7540 and RFC7541. The package enables only the reusable C library; binary size is 130K (X86) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* rbcfg: Implement CPU frequency controlThibaut VARENE2017-10-073-4/+139
| | | | | | | | | | | | | | | | | | | | | | This patch implements CPU frequency control as found on several routerboard devices. Supported SoCs: - QCA953X - AR9344 Tested on hAP lite and mAP lite (QCA953x): steps of 50MHz Tested on LHG 5 (AR9344): steps of 50MHz On unsupported hardware, this patch is a NOP: it will not alter the new field. "rbcfg help" will display an empty "cpu_freq" help listing. "rbcfg show" will not show the cpu_freq field. "rbcfg set/get cpu_freq" will return an error code. Signed-off-by: Thibaut VARENE <hacks@slashdirt.org> [adjusted subject] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: escape double quoutes in wpad CFLAGSStijn Tintel2017-10-071-0/+1
| | | | | | | | | | | | | | | | | | A recent commit in hostapd added a build option to specify the default TLS ciphers. This build option is passed via CFLAGS. Due to the way CFLAGS are handled when building wpad, the compiler tries to recursively expand TLS_DEFAULT_CIPHERS, resulting in the following error: ../src/crypto/tls_openssl.c: In function 'tls_init': <command-line>:0:21: error: 'DEFAULT' undeclared (first use in this function) ../src/crypto/tls_openssl.c:1028:13: note: in expansion of macro 'TLS_DEFAULT_CIPHERS' ciphers = TLS_DEFAULT_CIPHERS; ^ Escape double quotes in the .cflags file to avoid this. Fixes: 2f78034c3ef ("hostapd: update to version 2017-08-24") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update to version 2017-08-24Koen Vandeputte2017-10-0725-478/+145
| | | | | | | | | | | | - Deleted upstreamed patches & parts - Refreshed all Compile tested: full-option package + tools (hostapd + wpa_supplicant) Run-tested: hostapd wpa2 hotspot & wpa_supplicant IBSS link Targets: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* netifd: update to latest git HEAD version (FS#1030)Hans Dedecker2017-10-061-3/+3
| | | | | | | 5df3f01 config: suppress error if no wireless config present (FS#1030) 3429bd8 system-linux: add support for hotplug event 'move' Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: fix PKG_CONFIG_DEPENDSHans Dedecker2017-10-061-1/+4
| | | | | | Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uci: bump to git HEAD versionHans Dedecker2017-10-041-3/+3
| | | | | | 5ad59ad Add bitfield_set function from libubox Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* libubox: bump to git HEAD versionHans Dedecker2017-10-041-3/+3
| | | | | | | 632688e utils: nuke bitfield functions and macros f714be1 uloop: make SIGCHLD signal handling optional Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ltq-vmmc: disable for falconMathias Kresin2017-10-041-1/+1
| | | | | | | The module fails to compile with falcon. Remove the falcon depends from the module to not (try to) compile it for falcon any longer. Signed-off-by: Mathias Kresin <dev@kresin.me>