From: Zoltan Herpai Date: Fri, 8 Dec 2017 10:07:24 +0000 (+0100) Subject: Merge pull request #580 from wigyori/cc-libpcap X-Git-Url: https://git.archive.openwrt.org/?p=15.05%2Fopenwrt.git;a=commitdiff_plain;h=HEAD;hp=8ed1685652c4fba9716ca6374ec5db93ca5c0b9b Merge pull request #580 from wigyori/cc-libpcap CC: upgrade libpcap to 1.8.1 --- diff --git a/include/download.mk b/include/download.mk index e518cce4b2..a7b7617afe 100644 --- a/include/download.mk +++ b/include/download.mk @@ -13,7 +13,7 @@ DOWNLOAD_RDEP=$(STAMP_PREPARED) $(HOST_STAMP_PREPARED) define dl_method $(strip \ $(if $(2),$(2), \ - $(if $(filter @GNOME/% @GNU/% @KERNEL/% @SF/% @SAVANNAH/% ftp://% http://% https://% file://%,$(1)),default, \ + $(if $(filter @APACHE/% @GITHUB/% @GNOME/% @GNU/% @KERNEL/% @SF/% @SAVANNAH/% ftp://% http://% https://% file://%,$(1)),default, \ $(if $(filter git://%,$(1)),git, \ $(if $(filter svn://%,$(1)),svn, \ $(if $(filter cvs://%,$(1)),cvs, \ diff --git a/include/kernel-version.mk b/include/kernel-version.mk index 2f6d2790b1..9a95ef398a 100644 --- a/include/kernel-version.mk +++ b/include/kernel-version.mk @@ -2,9 +2,9 @@ LINUX_RELEASE?=1 -LINUX_VERSION-3.18 = .45 +LINUX_VERSION-3.18 = .84 -LINUX_KERNEL_MD5SUM-3.18.45 = c527bae0aa1a5d6f3ebe31ad348c5339 +LINUX_KERNEL_MD5SUM-3.18.84 = e79685de43fcf3c4ada7d4fc5230a518 ifdef KERNEL_PATCHVER LINUX_VERSION:=$(KERNEL_PATCHVER)$(strip $(LINUX_VERSION-$(KERNEL_PATCHVER))) diff --git a/package/base-files/files/bin/login.sh b/package/base-files/files/bin/login.sh index 25627b66b2..754d290857 100755 --- a/package/base-files/files/bin/login.sh +++ b/package/base-files/files/bin/login.sh @@ -10,8 +10,7 @@ then else cat << EOF === IMPORTANT ============================ - Use 'passwd' to set your login password - this will disable telnet and enable SSH + Use 'passwd' to set your login password! ------------------------------------------ EOF fi diff --git a/package/base-files/files/lib/preinit/99_10_failsafe_login b/package/base-files/files/lib/preinit/99_10_failsafe_login index 15dcbd884f..b12e31702a 100644 --- a/package/base-files/files/lib/preinit/99_10_failsafe_login +++ b/package/base-files/files/lib/preinit/99_10_failsafe_login @@ -1,9 +1,10 @@ #!/bin/sh -# Copyright (C) 2006 OpenWrt.org +# Copyright (C) 2006-2015 OpenWrt.org # Copyright (C) 2010 Vertical Communications failsafe_netlogin () { - telnetd -l /bin/login.sh <> /dev/null 2>&1 + dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key + dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1 } failsafe_shell() { diff --git a/package/kernel/brcm2708-gpu-fw/Makefile b/package/kernel/brcm2708-gpu-fw/Makefile index 286984b6e3..370be7d511 100644 --- a/package/kernel/brcm2708-gpu-fw/Makefile +++ b/package/kernel/brcm2708-gpu-fw/Makefile @@ -14,7 +14,7 @@ PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_REV).tar.gz PKG_SOURCE_URL:=https://github.com/Hexxeh/rpi-firmware/archive/ -PKG_MD5SUM:=f5683c1dcb255714942f7c9fd61b3a0a +PKG_MD5SUM:=edefa7a1684d5b0a2b11acd058adceff PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)/rpi-firmware-$(PKG_REV) diff --git a/package/kernel/mac80211/patches/090-remove-cred.patch b/package/kernel/mac80211/patches/090-remove-cred.patch new file mode 100644 index 0000000000..3adb2afb86 --- /dev/null +++ b/package/kernel/mac80211/patches/090-remove-cred.patch @@ -0,0 +1,15 @@ +This is only needed for kernel < 2.6.29 and conflicts with kernel 4.4.42 + +--- a/backport-include/linux/cred.h ++++ /dev/null +@@ -1,10 +0,0 @@ +-#ifndef __BACKPORT_LINUX_CRED_H +-#define __BACKPORT_LINUX_CRED_H +-#include_next +-#include +- +-#ifndef current_user_ns +-#define current_user_ns() (current->nsproxy->user_ns) +-#endif +- +-#endif /* __BACKPORT_LINUX_CRED_H */ diff --git a/package/libs/lzo/Makefile b/package/libs/lzo/Makefile index 6a88a6f384..b631759705 100644 --- a/package/libs/lzo/Makefile +++ b/package/libs/lzo/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2012 OpenWrt.org +# Copyright (C) 2006-2016 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lzo -PKG_VERSION:=2.08 +PKG_VERSION:=2.10 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.oberhumer.com/opensource/lzo/download/ -PKG_MD5SUM:=fcec64c26a0f4f4901468f360029678f +PKG_MD5SUM:=39d3f3f9c55c87b1e5d6888e1420f4b5 PKG_FIXUP:=autoreconf PKG_INSTALL:=1 diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch new file mode 100644 index 0000000000..54910b95a2 --- /dev/null +++ b/package/libs/mbedtls/patches/200-config.patch @@ -0,0 +1,208 @@ +--- a/include/mbedtls/config.h ++++ b/include/mbedtls/config.h +@@ -185,7 +185,7 @@ + * + * Uncomment to get errors on using deprecated functions. + */ +-//#define MBEDTLS_DEPRECATED_REMOVED ++#define MBEDTLS_DEPRECATED_REMOVED + + /* \} name SECTION: System support */ + +@@ -341,7 +341,7 @@ + * + * Enable Cipher Feedback mode (CFB) for symmetric ciphers. + */ +-#define MBEDTLS_CIPHER_MODE_CFB ++//#define MBEDTLS_CIPHER_MODE_CFB + + /** + * \def MBEDTLS_CIPHER_MODE_CTR +@@ -435,13 +435,13 @@ + * + * Comment macros to disable the curve and functions for it + */ +-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED +-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED ++//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED ++//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED + #define MBEDTLS_ECP_DP_SECP256R1_ENABLED + #define MBEDTLS_ECP_DP_SECP384R1_ENABLED + #define MBEDTLS_ECP_DP_SECP521R1_ENABLED +-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED +-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED ++//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED ++//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED + #define MBEDTLS_ECP_DP_SECP256K1_ENABLED + #define MBEDTLS_ECP_DP_BP256R1_ENABLED + #define MBEDTLS_ECP_DP_BP384R1_ENABLED +@@ -517,7 +517,7 @@ + * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA + */ +-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED ++//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + + /** + * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +@@ -562,7 +562,7 @@ + * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA + */ +-#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ++//#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED + + /** + * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +@@ -616,7 +616,7 @@ + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + */ +-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ++//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + + /** + * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +@@ -689,7 +689,7 @@ + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + */ +-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ++//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + + /** + * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +@@ -713,7 +713,7 @@ + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 + */ +-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ++//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + + /** + * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +@@ -879,7 +879,7 @@ + * + * Comment this macro to disable support for external private RSA keys. + */ +-#define MBEDTLS_PK_RSA_ALT_SUPPORT ++//#define MBEDTLS_PK_RSA_ALT_SUPPORT + + /** + * \def MBEDTLS_PKCS1_V15 +@@ -911,14 +911,14 @@ + * Uncomment this macro to disable the use of CRT in RSA. + * + */ +-//#define MBEDTLS_RSA_NO_CRT ++#define MBEDTLS_RSA_NO_CRT + + /** + * \def MBEDTLS_SELF_TEST + * + * Enable the checkup functions (*_self_test). + */ +-#define MBEDTLS_SELF_TEST ++//#define MBEDTLS_SELF_TEST + + /** + * \def MBEDTLS_SHA256_SMALLER +@@ -934,7 +934,7 @@ + * + * Uncomment to enable the smaller implementation of SHA256. + */ +-//#define MBEDTLS_SHA256_SMALLER ++#define MBEDTLS_SHA256_SMALLER + + /** + * \def MBEDTLS_SSL_AEAD_RANDOM_IV +@@ -1271,7 +1271,7 @@ + * + * Comment this macro to disable support for truncated HMAC in SSL + */ +-#define MBEDTLS_SSL_TRUNCATED_HMAC ++//#define MBEDTLS_SSL_TRUNCATED_HMAC + + /** + * \def MBEDTLS_THREADING_ALT +@@ -1507,7 +1507,7 @@ + * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA + * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA + */ +-#define MBEDTLS_ARC4_C ++//#define MBEDTLS_ARC4_C + + /** + * \def MBEDTLS_ASN1_PARSE_C +@@ -1572,7 +1572,7 @@ + * + * Module: library/blowfish.c + */ +-#define MBEDTLS_BLOWFISH_C ++//#define MBEDTLS_BLOWFISH_C + + /** + * \def MBEDTLS_CAMELLIA_C +@@ -1627,7 +1627,7 @@ + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +-#define MBEDTLS_CAMELLIA_C ++//#define MBEDTLS_CAMELLIA_C + + /** + * \def MBEDTLS_CCM_C +@@ -1641,7 +1641,7 @@ + * This module enables the AES-CCM ciphersuites, if other requisites are + * enabled as well. + */ +-#define MBEDTLS_CCM_C ++//#define MBEDTLS_CCM_C + + /** + * \def MBEDTLS_CERTS_C +@@ -1653,7 +1653,7 @@ + * + * This module is used for testing (ssl_client/server). + */ +-#define MBEDTLS_CERTS_C ++//#define MBEDTLS_CERTS_C + + /** + * \def MBEDTLS_CIPHER_C +@@ -1693,7 +1693,7 @@ + * + * This module provides debugging functions. + */ +-#define MBEDTLS_DEBUG_C ++//#define MBEDTLS_DEBUG_C + + /** + * \def MBEDTLS_DES_C +@@ -1733,7 +1733,7 @@ + * This module is used by the following key exchanges: + * DHE-RSA, DHE-PSK + */ +-#define MBEDTLS_DHM_C ++//#define MBEDTLS_DHM_C + + /** + * \def MBEDTLS_ECDH_C +@@ -2151,7 +2151,7 @@ + * Caller: library/mbedtls_md.c + * + */ +-#define MBEDTLS_RIPEMD160_C ++//#define MBEDTLS_RIPEMD160_C + + /** + * \def MBEDTLS_RSA_C +@@ -2461,7 +2461,7 @@ + * Module: library/xtea.c + * Caller: + */ +-#define MBEDTLS_XTEA_C ++//#define MBEDTLS_XTEA_C + + /* \} name SECTION: mbed TLS modules */ + diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index ea68f167fb..3d563e18e9 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.0.2 -PKG_BUGFIX:=j +PKG_BUGFIX:=m PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_RELEASE:=1 PKG_USE_MIPS16:=0 @@ -21,7 +21,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \ http://www.openssl.org/source/old/$(PKG_BASE)/ \ ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_MD5SUM:=96322138f0b69e61b7212bc53d5e912b +PKG_MD5SUM:=10e9e37f492094b9ef296f68f24a7666 PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE diff --git a/package/libs/openssl/patches/110-optimize-for-size.patch b/package/libs/openssl/patches/110-optimize-for-size.patch index 172184228e..0f174a3469 100644 --- a/package/libs/openssl/patches/110-optimize-for-size.patch +++ b/package/libs/openssl/patches/110-optimize-for-size.patch @@ -1,6 +1,6 @@ --- a/Configure +++ b/Configure -@@ -468,6 +468,12 @@ my %table=( +@@ -470,6 +470,12 @@ my %table=( "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", diff --git a/package/libs/openssl/patches/140-makefile-dirs.patch b/package/libs/openssl/patches/140-makefile-dirs.patch index 7503dfc1f6..83c412f444 100644 --- a/package/libs/openssl/patches/140-makefile-dirs.patch +++ b/package/libs/openssl/patches/140-makefile-dirs.patch @@ -1,6 +1,6 @@ --- a/Makefile.org +++ b/Makefile.org -@@ -136,7 +136,7 @@ FIPSCANLIB= +@@ -137,7 +137,7 @@ FIPSCANLIB= BASEADDR= diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch index f509d28bd2..f8c5d6e6cd 100644 --- a/package/libs/openssl/patches/150-no_engines.patch +++ b/package/libs/openssl/patches/150-no_engines.patch @@ -1,6 +1,6 @@ --- a/Configure +++ b/Configure -@@ -2109,6 +2109,11 @@ EOF +@@ -2129,6 +2129,11 @@ EOF close(OUT); } diff --git a/package/libs/openssl/patches/160-disable_doc_tests.patch b/package/libs/openssl/patches/160-disable_doc_tests.patch index a3bee38721..e38d44a768 100644 --- a/package/libs/openssl/patches/160-disable_doc_tests.patch +++ b/package/libs/openssl/patches/160-disable_doc_tests.patch @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -138,7 +138,7 @@ FIPSCANLIB= +@@ -139,7 +139,7 @@ FIPSCANLIB= BASEADDR=0xFB00000 @@ -9,7 +9,7 @@ ENGDIRS= ccgost SHLIBDIRS= crypto ssl -@@ -156,7 +156,7 @@ SDIRS= \ +@@ -157,7 +157,7 @@ SDIRS= \ # tests to perform. "alltests" is a special word indicating that all tests # should be performed. @@ -18,7 +18,7 @@ MAKEFILE= Makefile -@@ -170,7 +170,7 @@ SHELL=/bin/sh +@@ -171,7 +171,7 @@ SHELL=/bin/sh TOP= . ONEDIRS=out tmp @@ -27,7 +27,7 @@ WDIRS= windows LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) -@@ -273,7 +273,7 @@ reflect: +@@ -276,7 +276,7 @@ reflect: sub_all: build_all @@ -36,7 +36,7 @@ build_libs: build_libcrypto build_libssl openssl.pc -@@ -530,7 +530,7 @@ dist: +@@ -542,7 +542,7 @@ dist: @$(MAKE) SDIRS='$(SDIRS)' clean @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar @@ -47,7 +47,7 @@ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ --- a/Makefile.org +++ b/Makefile.org -@@ -528,7 +528,7 @@ dist: +@@ -540,7 +540,7 @@ dist: @$(MAKE) SDIRS='$(SDIRS)' clean @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar diff --git a/package/libs/openssl/patches/190-remove_timestamp_check.patch b/package/libs/openssl/patches/190-remove_timestamp_check.patch index ffc2f2db2b..424e66063c 100644 --- a/package/libs/openssl/patches/190-remove_timestamp_check.patch +++ b/package/libs/openssl/patches/190-remove_timestamp_check.patch @@ -1,6 +1,6 @@ --- a/Makefile.org +++ b/Makefile.org -@@ -184,7 +184,7 @@ TARFILE= ../$(NAME).tar +@@ -185,7 +185,7 @@ TARFILE= ../$(NAME).tar EXHEADER= e_os2.h HEADER= e_os.h @@ -9,7 +9,7 @@ # as we stick to -e, CLEARENV ensures that local variables in lower # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn -@@ -400,11 +400,6 @@ openssl.pc: Makefile +@@ -404,11 +404,6 @@ openssl.pc: Makefile echo 'Version: '$(VERSION); \ echo 'Requires: libssl libcrypto' ) > openssl.pc diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/200-parallel_build.patch index e3a0bb2b01..f2acc4a27b 100644 --- a/package/libs/openssl/patches/200-parallel_build.patch +++ b/package/libs/openssl/patches/200-parallel_build.patch @@ -1,6 +1,6 @@ --- a/Makefile.org +++ b/Makefile.org -@@ -279,17 +279,17 @@ build_libcrypto: build_crypto build_engi +@@ -282,17 +282,17 @@ build_libcrypto: build_crypto build_engi build_libssl: build_ssl libssl.pc build_crypto: @@ -24,7 +24,7 @@ all_testapps: build_libs build_testapps build_testapps: -@@ -461,7 +461,7 @@ update: errors stacks util/libeay.num ut +@@ -473,7 +473,7 @@ update: errors stacks util/libeay.num ut @set -e; target=update; $(RECURSIVE_BUILD_CMD) depend: @@ -33,7 +33,7 @@ lint: @set -e; target=lint; $(RECURSIVE_BUILD_CMD) -@@ -523,9 +523,9 @@ dist: +@@ -535,9 +535,9 @@ dist: @$(MAKE) SDIRS='$(SDIRS)' clean @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar @@ -45,7 +45,7 @@ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -534,12 +534,19 @@ install_sw: +@@ -546,12 +546,19 @@ install_sw: $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ $(INSTALL_PREFIX)$(OPENSSLDIR)/private @@ -66,7 +66,7 @@ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ do \ if [ -f "$$i" ]; then \ -@@ -623,12 +630,7 @@ install_html_docs: +@@ -635,12 +642,7 @@ install_html_docs: done; \ done @@ -164,7 +164,7 @@ ctags $(SRC) --- a/test/Makefile +++ b/test/Makefile -@@ -139,7 +139,7 @@ install: +@@ -144,7 +144,7 @@ install: tags: ctags $(SRC) @@ -173,7 +173,7 @@ apps: @(cd ..; $(MAKE) DIRS=apps all) -@@ -557,7 +557,7 @@ $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFT +@@ -578,7 +578,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssl # fi dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) diff --git a/package/libs/polarssl/Makefile b/package/libs/polarssl/Makefile index dc13679e41..7ac161dd8d 100644 --- a/package/libs/polarssl/Makefile +++ b/package/libs/polarssl/Makefile @@ -9,13 +9,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=polarssl SRC_PKG_NAME:=mbedtls -PKG_VERSION:=1.3.14 +PKG_VERSION:=1.3.17 PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_SOURCE:=$(SRC_PKG_NAME)-$(PKG_VERSION)-gpl.tgz -PKG_SOURCE_URL:=https://polarssl.org/download/ -PKG_MD5SUM:=869c7b5798b8769902880c7cf0212fed +PKG_SOURCE_URL:=https://tls.mbed.org/download/ +PKG_MD5SUM:=a6ed92fc377ef60f7c24d42b900e0dad PKG_BUILD_DIR:=$(BUILD_DIR)/$(SRC_PKG_NAME)-$(PKG_VERSION) diff --git a/package/libs/polarssl/patches/100-disable_sslv3.patch b/package/libs/polarssl/patches/100-disable_sslv3.patch deleted file mode 100644 index 56c6c4d235..0000000000 --- a/package/libs/polarssl/patches/100-disable_sslv3.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/include/polarssl/config.h -+++ b/include/polarssl/config.h -@@ -1011,8 +1011,8 @@ - * POLARSSL_SHA1_C - * - * Comment this macro to disable support for SSL 3.0 -- */ - #define POLARSSL_SSL_PROTO_SSL3 -+ */ - - /** - * \def POLARSSL_SSL_PROTO_TLS1 diff --git a/package/libs/polarssl/patches/200-reduce_config.patch b/package/libs/polarssl/patches/200-reduce_config.patch index 80b07ef93f..9e2734aa6c 100644 --- a/package/libs/polarssl/patches/200-reduce_config.patch +++ b/package/libs/polarssl/patches/200-reduce_config.patch @@ -100,7 +100,7 @@ /** * \def POLARSSL_SSL_AEAD_RANDOM_IV -@@ -1138,8 +1138,8 @@ +@@ -1151,8 +1151,8 @@ * Requires: POLARSSL_VERSION_C * * Comment this to disable run-time checking and save ROM space @@ -110,7 +110,7 @@ /** * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 -@@ -1457,8 +1457,8 @@ +@@ -1470,8 +1470,8 @@ * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 @@ -120,7 +120,7 @@ /** * \def POLARSSL_CCM_C -@@ -1485,8 +1485,8 @@ +@@ -1498,8 +1498,8 @@ * Requires: POLARSSL_PEM_PARSE_C * * This module is used for testing (ssl_client/server). @@ -130,7 +130,7 @@ /** * \def POLARSSL_CIPHER_C -@@ -1525,8 +1525,8 @@ +@@ -1538,8 +1538,8 @@ * library/ssl_tls.c * * This module provides debugging functions. @@ -140,7 +140,7 @@ /** * \def POLARSSL_DES_C -@@ -1581,8 +1581,8 @@ +@@ -1594,8 +1594,8 @@ * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK * * Requires: POLARSSL_ECP_C @@ -150,7 +150,7 @@ /** * \def POLARSSL_ECDSA_C -@@ -1596,8 +1596,8 @@ +@@ -1609,8 +1609,8 @@ * ECDHE-ECDSA * * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C @@ -160,7 +160,7 @@ /** * \def POLARSSL_ECP_C -@@ -1609,8 +1609,8 @@ +@@ -1622,8 +1622,8 @@ * library/ecdsa.c * * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED @@ -170,17 +170,7 @@ /** * \def POLARSSL_ENTROPY_C -@@ -1649,8 +1649,8 @@ - * - * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other - * requisites are enabled as well. -- */ - #define POLARSSL_GCM_C -+ */ - - /** - * \def POLARSSL_HAVEGE_C -@@ -1686,8 +1686,8 @@ +@@ -1699,8 +1699,8 @@ * Requires: POLARSSL_MD_C * * Uncomment to enable the HMAC_DRBG random number geerator. @@ -190,7 +180,7 @@ /** * \def POLARSSL_MD_C -@@ -1813,8 +1813,8 @@ +@@ -1826,8 +1826,8 @@ * Requires: POLARSSL_HAVE_ASM * * This modules adds support for the VIA PadLock on x86. @@ -200,7 +190,7 @@ /** * \def POLARSSL_PBKDF2_C -@@ -1979,8 +1979,8 @@ +@@ -1992,8 +1992,8 @@ * Module: library/ripemd160.c * Caller: library/md.c * @@ -210,7 +200,7 @@ /** * \def POLARSSL_RSA_C -@@ -2059,8 +2059,8 @@ +@@ -2072,8 +2072,8 @@ * Caller: * * Requires: POLARSSL_SSL_CACHE_C @@ -220,7 +210,7 @@ /** * \def POLARSSL_SSL_CLI_C -@@ -2136,8 +2136,8 @@ +@@ -2149,8 +2149,8 @@ * Caller: library/havege.c * * This module is used by the HAVEGE random number generator. @@ -230,7 +220,7 @@ /** * \def POLARSSL_VERSION_C -@@ -2147,8 +2147,8 @@ +@@ -2160,8 +2160,8 @@ * Module: library/version.c * * This module provides run-time version information. @@ -240,7 +230,7 @@ /** * \def POLARSSL_X509_USE_C -@@ -2257,8 +2257,8 @@ +@@ -2270,8 +2270,8 @@ * * Module: library/xtea.c * Caller: diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 19a8df9009..9f38de1831 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.73 +PKG_VERSION:=2.78 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq -PKG_MD5SUM:=b8bfe96d22945c8cf4466826ba9b21bd +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/ +PKG_MD5SUM:=6d0241b72c79d2b510776ccc4ed69ca4 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING @@ -24,6 +24,7 @@ PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \ CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \ + CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid \ CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \ CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset @@ -50,7 +51,7 @@ endef define Package/dnsmasq-full $(call Package/dnsmasq/Default) - TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset enabled by default) + TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset, NO_ID enabled by default) DEPENDS:=+PACKAGE_dnsmasq_full_dnssec:libnettle \ +PACKAGE_dnsmasq_full_dhcpv6:kmod-ipv6 \ +PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset @@ -70,8 +71,8 @@ endef define Package/dnsmasq-full/description $(call Package/dnsmasq/description) -This is a fully configurable variant with DHCPv6, DNSSEC, Authroitative DNS and -IPset support enabled by default. +This is a fully configurable variant with DHCPv6, DNSSEC, Authoritative DNS and +IPset, NO_ID support enabled by default. endef define Package/dnsmasq/conffiles @@ -88,6 +89,9 @@ define Package/dnsmasq-full/config config PACKAGE_dnsmasq_full_dnssec bool "Build with DNSSEC support." default y + config PACKAGE_dnsmasq_full_noid + bool "Build with NO_ID. (hide *.bind pseudo domain)" + default y config PACKAGE_dnsmasq_full_auth bool "Build with the facility to act as an authoritative DNS server." default y @@ -113,10 +117,11 @@ ifeq ($(BUILD_VARIANT),full) COPTS += $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6),,-DNO_DHCP6) \ $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec),-DHAVE_DNSSEC) \ $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth),,-DNO_AUTH) \ + $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid),-DNO_ID,) \ $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET) COPTS += $(if $(CONFIG_LIBNETTLE_MINI),-DNO_GMP,) else - COPTS += -DNO_AUTH -DNO_IPSET + COPTS += -DNO_AUTH -DNO_IPSET -DNO_ID endif MAKE_FLAGS := \ diff --git a/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch deleted file mode 100644 index a502a60aee..0000000000 --- a/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch +++ /dev/null @@ -1,47 +0,0 @@ ---- a/src/dhcp.c -+++ b/src/dhcp.c -@@ -146,7 +146,7 @@ void dhcp_packet(time_t now, int pxe_fd) - struct iovec iov; - ssize_t sz; - int iface_index = 0, unicast_dest = 0, is_inform = 0; -- struct in_addr iface_addr; -+ struct in_addr iface_addr, *addrp = NULL; - struct iface_param parm; - #ifdef HAVE_LINUX_NETWORK - struct arpreq arp_req; -@@ -272,11 +272,9 @@ void dhcp_packet(time_t now, int pxe_fd) - { - ifr.ifr_addr.sa_family = AF_INET; - if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 ) -- iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; -- else - { -- my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); -- return; -+ addrp = &iface_addr; -+ iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; - } - - for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next) -@@ -295,7 +293,7 @@ void dhcp_packet(time_t now, int pxe_fd) - parm.relay_local.s_addr = 0; - parm.ind = iface_index; - -- if (!iface_check(AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name, NULL)) -+ if (!iface_check(AF_INET, (struct all_addr *)addrp, ifr.ifr_name, NULL)) - { - /* If we failed to match the primary address of the interface, see if we've got a --listen-address - for a secondary */ -@@ -315,6 +313,12 @@ void dhcp_packet(time_t now, int pxe_fd) - complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm); - } - -+ if (!addrp) -+ { -+ my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); -+ return; -+ } -+ - if (!iface_enumerate(AF_INET, &parm, complete_context)) - return; - diff --git a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch index 61b09d5b2c..88e334b0fc 100644 --- a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch +++ b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch @@ -44,67 +44,22 @@ (buffer = safe_malloc(BUFF_SZ)) && (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 && (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1)) -@@ -168,62 +149,16 @@ static int new_add_to_ipset(const char * - } - - --static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove) --{ -- socklen_t size; -- struct ip_set_req_adt_get { -- unsigned op; -- unsigned version; -- union { -- char name[IPSET_MAXNAMELEN]; -- uint16_t index; -- } set; -- char typename[IPSET_MAXNAMELEN]; -- } req_adt_get; -- struct ip_set_req_adt { -- unsigned op; -- uint16_t index; -- uint32_t ip; -- } req_adt; -- -- if (strlen(setname) >= sizeof(req_adt_get.set.name)) -- { -- errno = ENAMETOOLONG; -- return -1; -- } -- -- req_adt_get.op = 0x10; -- req_adt_get.version = 3; -- strcpy(req_adt_get.set.name, setname); -- size = sizeof(req_adt_get); -- if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0) -- return -1; -- req_adt.op = remove ? 0x102 : 0x101; -- req_adt.index = req_adt_get.set.index; -- req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr); -- if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0) -- return -1; -- -- return 0; --} -- -- -- - int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove) - { - int af = AF_INET; - - #ifdef HAVE_IPV6 +@@ -217,17 +198,10 @@ int add_to_ipset(const char *setname, co if (flags & F_IPV6) -- { + { af = AF_INET6; - /* old method only supports IPv4 */ - if (old_kernel) -- return -1; -- } +- { +- errno = EAFNOSUPPORT ; +- ret = -1; +- } + } #endif -- return old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); -+ return new_add_to_ipset(setname, ipaddr, af, remove); - } +- if (ret != -1) +- ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); ++ ret = new_add_to_ipset(setname, ipaddr, af, remove); - #endif + if (ret == -1) + my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno)); diff --git a/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch index 97dfe3bdbf..2f854d490b 100644 --- a/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch +++ b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch @@ -10,40 +10,38 @@ Signed-off-by: Steven Barth --- a/src/dnssec.c +++ b/src/dnssec.c -@@ -432,17 +432,24 @@ static int back_to_the_future; +@@ -462,17 +462,24 @@ static time_t timestamp_time; int setup_timestamp(void) { struct stat statbuf; -- + time_t now; + time_t base = 1420070400; /* 1-1-2015 */ -+ - back_to_the_future = 0; + + daemon->back_to_the_future = 0; if (!daemon->timestamp_file) return 0; -- + + now = time(NULL); + + if (!stat("/proc/self/exe", &statbuf) && difftime(statbuf.st_mtime, base) > 0) + base = statbuf.st_mtime; -+ + if (stat(daemon->timestamp_file, &statbuf) != -1) { timestamp_time = statbuf.st_mtime; check_and_exit: - if (difftime(timestamp_time, time(0)) <= 0) -+ if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <= 0) ++ if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <= 0) { /* time already OK, update timestamp, and do key checking from the start. */ - if (utime(daemon->timestamp_file, NULL) == -1) -@@ -463,7 +470,7 @@ int setup_timestamp(void) + if (utimes(daemon->timestamp_file, NULL) == -1) +@@ -493,7 +500,7 @@ int setup_timestamp(void) close(fd); -- timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */ -+ timestamp_time = timbuf.actime = timbuf.modtime = base; - if (utime(daemon->timestamp_file, &timbuf) == 0) - goto check_and_exit; - } +- timestamp_time = 1420070400; /* 1-1-2015 */ ++ timestamp_time = base; /* 1-1-2015 */ + tv[0].tv_sec = tv[1].tv_sec = timestamp_time; + tv[0].tv_usec = tv[1].tv_usec = 0; + if (utimes(daemon->timestamp_file, tv) == 0) diff --git a/package/network/services/dnsmasq/patches/230-fix-poll-h-include-warning-on-musl.patch b/package/network/services/dnsmasq/patches/230-fix-poll-h-include-warning-on-musl.patch new file mode 100644 index 0000000000..37b11abc1d --- /dev/null +++ b/package/network/services/dnsmasq/patches/230-fix-poll-h-include-warning-on-musl.patch @@ -0,0 +1,18 @@ +dnsmasq: fix warning with poll.h include on musl + +Warning is: + #warning redirecting incorrect #include to + +Signed-off-by: Kevin Darbyshire-Bryant + +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -88,7 +88,7 @@ typedef unsigned long long u64; + #if defined(HAVE_SOLARIS_NETWORK) + # include + #endif +-#include ++#include + #include + #include + #include diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in index e2a761034f..7c2edd79f2 100644 --- a/package/network/services/dropbear/Config.in +++ b/package/network/services/dropbear/Config.in @@ -1,6 +1,15 @@ menu "Configuration" depends on PACKAGE_dropbear +config DROPBEAR_CURVE25519 + bool "Curve25519 support" + default y + help + This enables the following key exchange algorithm: + curve25519-sha256@libssh.org + + Increases binary size by about 13 kB uncompressed (MIPS). + config DROPBEAR_ECC bool "Elliptic curve cryptography (ECC)" default n @@ -12,7 +21,6 @@ config DROPBEAR_ECC ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 - curve25519-sha256@libssh.org Public key algorithms: ecdsa-sha2-nistp256 @@ -22,6 +30,21 @@ config DROPBEAR_ECC Does not generate ECC host keys by default (ECC key exchange will not be used, only ECC public key auth). - Increases binary size by about 36 kB (MIPS). + Increases binary size by about 23 kB (MIPS). + +config DROPBEAR_UTMP + bool "Utmp support" + default n + depends on BUSYBOX_CONFIG_FEATURE_UTMP + help + This enables dropbear utmp support, the file /var/run/utmp is used to + track who is currently logged in. + +config DROPBEAR_PUTUTLINE + bool "Pututline support" + default n + depends on DROPBEAR_UTMP + help + Dropbear will use pututline() to write the utmp structure into the utmp file. endmenu diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 35958d332c..55b39d1700 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2014 OpenWrt.org +# Copyright (C) 2006-2016 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2015.67 +PKG_VERSION:=2017.75 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ http://matt.ucc.asn.au/dropbear/releases/ \ https://dropbear.nl/mirror/releases/ -PKG_MD5SUM:=e967e320344cd4bfebe321e3ab8514d6 +PKG_MD5SUM:=e57e9b9d25705dcb073ba15c416424fd PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE @@ -23,10 +23,14 @@ PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE PKG_BUILD_PARALLEL:=1 PKG_USE_MIPS16:=0 -PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC +PKG_CONFIG_DEPENDS:=CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_CURVE25519 include $(INCLUDE_DIR)/package.mk +ifneq ($(DUMP),1) + STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell $(SH_FUNC) echo $(CONFIG_TARGET_INIT_PATH) | md5s) +endif + define Package/dropbear/Default URL:=http://matt.ucc.asn.au/dropbear/ endef @@ -48,7 +52,6 @@ endef define Package/dropbear/conffiles /etc/dropbear/dropbear_rsa_host_key -/etc/dropbear/dropbear_dss_host_key /etc/config/dropbear endef @@ -65,25 +68,34 @@ CONFIGURE_ARGS += \ --enable-syslog \ $(if $(CONFIG_SHADOW_PASSWORDS),,--disable-shadow) \ --disable-lastlog \ - --disable-utmp \ - --disable-utmpx \ + $(if $(CONFIG_DROPBEAR_UTMP),,--disable-utmp) \ --disable-wtmp \ --disable-wtmpx \ --disable-loginfunc \ - --disable-pututline \ + $(if $(CONFIG_DROPBEAR_PUTUTLINE),,--disable-pututline) \ --disable-pututxline \ --disable-zlib \ --enable-bundled-libtom -TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections +TARGET_CFLAGS += -DDEFAULT_PATH=\\\"$(TARGET_INIT_PATH)\\\" -DARGTYPE=3 -ffunction-sections -fdata-sections TARGET_LDFLAGS += -Wl,--gc-sections define Build/Configure $(Build/Configure/Default) + $(SED) 's,^#define DEFAULT_PATH .*$$$$,#define DEFAULT_PATH "$(TARGET_INIT_PATH)",g' \ + $(PKG_BUILD_DIR)/options.h + + awk 'BEGIN { rc = 1 } \ + /'DROPBEAR_CURVE25519'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_CURVE25519),,// )#define 'DROPBEAR_CURVE25519'"; rc = 0 } \ + { print } \ + END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \ + >$(PKG_BUILD_DIR)/options.h.new && \ + mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h + # Enforce that all replacements are made, otherwise options.h has changed # format and this logic is broken. - for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \ + for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH; do \ awk 'BEGIN { rc = 1 } \ /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \ { print } \ @@ -91,6 +103,13 @@ define Build/Configure >$(PKG_BUILD_DIR)/options.h.new && \ mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \ done + + # remove protocol idented software version number + $(SED) 's,^#define LOCAL_IDENT .*$$$$,#define LOCAL_IDENT "SSH-2.0-dropbear",g' \ + $(PKG_BUILD_DIR)/sysoptions.h + + # Enforce rebuild of svr-chansession.c + rm -f $(PKG_BUILD_DIR)/svr-chansession.o endef define Build/Compile @@ -118,7 +137,6 @@ define Package/dropbear/install $(INSTALL_DIR) $(1)/usr/lib/opkg/info $(INSTALL_DIR) $(1)/etc/dropbear touch $(1)/etc/dropbear/dropbear_rsa_host_key - touch $(1)/etc/dropbear/dropbear_dss_host_key endef define Package/dropbearconvert/install diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init index 6de0142728..5c3345d40c 100755 --- a/package/network/services/dropbear/files/dropbear.init +++ b/package/network/services/dropbear/files/dropbear.init @@ -37,7 +37,6 @@ validate_section_dropbear() 'RootPasswordAuth:bool:1' \ 'RootLogin:bool:1' \ 'rsakeyfile:file' \ - 'dsskeyfile:file' \ 'BannerFile:file' \ 'Port:list(port):22' \ 'SSHKeepAlive:uinteger:300' \ @@ -49,7 +48,7 @@ dropbear_instance() { local PasswordAuth enable Interface GatewayPorts \ RootPasswordAuth RootLogin rsakeyfile \ - dsskeyfile BannerFile Port SSHKeepAlive IdleTimeout \ + BannerFile Port SSHKeepAlive IdleTimeout \ mdns ipaddrs validate_section_dropbear "${1}" || { @@ -75,18 +74,18 @@ dropbear_instance() [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g [ "${RootLogin}" -eq 0 ] && procd_append_param command -w [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}" - [ -n "${dsskeyfile}" ] && procd_append_param command -d "${dsskeyfile}" [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}" append_ports "${ipaddrs}" "${Port}" [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}" [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}" [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear" + procd_set_param respawn procd_close_instance } keygen() { - for keytype in rsa dss; do + for keytype in rsa; do # check for keys key=dropbear/dropbear_${keytype}_host_key [ -f /tmp/$key -o -s /etc/$key ] || { @@ -107,10 +106,15 @@ keygen() chmod 0700 /etc/dropbear } +load_interfaces() +{ + config_get interface "$1" Interface + interfaces=" ${interface} ${interfaces}" +} + start_service() { - [ -s /etc/dropbear/dropbear_rsa_host_key -a \ - -s /etc/dropbear/dropbear_dss_host_key ] || keygen + [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen . /lib/functions.sh . /lib/functions/network.sh @@ -121,7 +125,21 @@ start_service() service_triggers() { - procd_add_reload_trigger "dropbear" + local interfaces + + procd_open_trigger + procd_add_config_trigger "config.change" "dropbear" /etc/init.d/dropbear reload + + config_load "${NAME}" + config_foreach load_interfaces dropbear + + [ -n "${interfaces}" ] & { + for n in $interfaces ; do + procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload + done + } + procd_close_trigger + procd_add_validation validate_section_dropbear } diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch b/package/network/services/dropbear/patches/100-pubkey_path.patch index 456874b730..401c7e1ba5 100644 --- a/package/network/services/dropbear/patches/100-pubkey_path.patch +++ b/package/network/services/dropbear/patches/100-pubkey_path.patch @@ -1,6 +1,6 @@ --- a/svr-authpubkey.c +++ b/svr-authpubkey.c -@@ -208,17 +208,21 @@ static int checkpubkey(unsigned char* al +@@ -220,14 +220,20 @@ static int checkpubkey(char* algo, unsig goto out; } @@ -12,9 +12,6 @@ - filename = m_malloc(len + 22); - snprintf(filename, len + 22, "%s/.ssh/authorized_keys", - ses.authstate.pw_dir); -- -- /* open the file */ -- authfile = fopen(filename, "r"); + if (ses.authstate.pw_uid != 0) { + /* we don't need to check pw and pw_dir for validity, since + * its been done in checkpubkeyperms. */ @@ -22,18 +19,17 @@ + /* allocate max required pathname storage, + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ + filename = m_malloc(len + 22); -+ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -+ ses.authstate.pw_dir); -+ -+ /* open the file */ -+ authfile = fopen(filename, "r"); ++ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", ++ ses.authstate.pw_dir); + } else { -+ authfile = fopen("/etc/dropbear/authorized_keys","r"); ++ filename = m_malloc(30); ++ strncpy(filename, "/etc/dropbear/authorized_keys", 30); + } - if (authfile == NULL) { - goto out; - } -@@ -371,26 +375,35 @@ static int checkpubkeyperms() { ++ + + /* open the file as the authenticating user. */ + origuid = getuid(); +@@ -396,26 +402,35 @@ static int checkpubkeyperms() { goto out; } diff --git a/package/network/services/dropbear/patches/110-change_user.patch b/package/network/services/dropbear/patches/110-change_user.patch index 7982af6315..4b5c1cb51b 100644 --- a/package/network/services/dropbear/patches/110-change_user.patch +++ b/package/network/services/dropbear/patches/110-change_user.patch @@ -1,6 +1,6 @@ --- a/svr-chansession.c +++ b/svr-chansession.c -@@ -920,12 +920,12 @@ static void execchild(void *user_data) { +@@ -922,12 +922,12 @@ static void execchild(void *user_data) { /* We can only change uid/gid as root ... */ if (getuid() == 0) { diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index 48dae73b1f..b49a95ce93 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -18,20 +18,49 @@ /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */ #define ENABLE_USER_ALGO_LIST -@@ -126,9 +126,9 @@ much traffic. */ +@@ -91,16 +91,16 @@ much traffic. */ + * Including multiple keysize variants the same cipher + * (eg AES256 as well as AES128) will result in a minimal size increase.*/ + #define DROPBEAR_AES128 +-#define DROPBEAR_3DES ++/*#define DROPBEAR_3DES*/ + #define DROPBEAR_AES256 + /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ + /*#define DROPBEAR_BLOWFISH*/ +-#define DROPBEAR_TWOFISH256 +-#define DROPBEAR_TWOFISH128 ++/*#define DROPBEAR_TWOFISH256*/ ++/*#define DROPBEAR_TWOFISH128*/ + + /* Enable CBC mode for ciphers. This has security issues though + * is the most compatible with older SSH implementations */ +-#define DROPBEAR_ENABLE_CBC_MODE ++/*#define DROPBEAR_ENABLE_CBC_MODE*/ + + /* Enable "Counter Mode" for ciphers. This is more secure than normal + * CBC mode against certain attacks. It is recommended for security +@@ -131,9 +131,9 @@ If you test it please contact the Dropbe * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, * which are not the standard form. */ #define DROPBEAR_SHA1_HMAC -#define DROPBEAR_SHA1_96_HMAC --#define DROPBEAR_SHA2_256_HMAC --#define DROPBEAR_SHA2_512_HMAC +/*#define DROPBEAR_SHA1_96_HMAC*/ -+/*#define DROPBEAR_SHA2_256_HMAC*/ + #define DROPBEAR_SHA2_256_HMAC +-#define DROPBEAR_SHA2_512_HMAC +/*#define DROPBEAR_SHA2_512_HMAC*/ #define DROPBEAR_MD5_HMAC /* You can also disable integrity. Don't bother disabling this if you're -@@ -184,7 +184,7 @@ much traffic. */ +@@ -146,7 +146,7 @@ If you test it please contact the Dropbe + * Removing either of these won't save very much space. + * SSH2 RFC Draft requires dss, recommends rsa */ + #define DROPBEAR_RSA +-#define DROPBEAR_DSS ++/*#define DROPBEAR_DSS*/ + /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC + * code (either ECDSA or ECDH) increases binary size - around 30kB + * on x86-64 */ +@@ -194,7 +194,7 @@ If you test it please contact the Dropbe /* Whether to print the message of the day (MOTD). This doesn't add much code * size */ @@ -40,7 +69,7 @@ /* The MOTD file path */ #ifndef MOTD_FILENAME -@@ -226,7 +226,7 @@ much traffic. */ +@@ -242,7 +242,7 @@ Homedir is prepended unless path begins * note that it will be provided for all "hidden" client-interactive * style prompts - if you want something more sophisticated, use * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ diff --git a/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch b/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch deleted file mode 100644 index edb29093ae..0000000000 --- a/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- a/cli-runopts.c -+++ b/cli-runopts.c -@@ -315,6 +315,10 @@ void cli_getopts(int argc, char ** argv) - debug_trace = 1; - break; - #endif -+ case 'o': -+ next = &dummy; -+ case 'x': -+ break; - case 'F': - case 'e': - #ifndef ENABLE_USER_ALGO_LIST -@@ -332,7 +336,6 @@ void cli_getopts(int argc, char ** argv) - print_version(); - exit(EXIT_SUCCESS); - break; -- case 'o': - case 'b': - next = &dummy; - default: diff --git a/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch b/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch new file mode 100644 index 0000000000..ab09c2f3dc --- /dev/null +++ b/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch @@ -0,0 +1,11 @@ +--- a/cli-runopts.c ++++ b/cli-runopts.c +@@ -296,6 +296,8 @@ void cli_getopts(int argc, char ** argv) + debug_trace = 1; + break; + #endif ++ case 'x': ++ break; + case 'F': + case 'e': + #ifndef ENABLE_USER_ALGO_LIST diff --git a/package/network/services/dropbear/patches/140-disable_assert.patch b/package/network/services/dropbear/patches/140-disable_assert.patch index 0717228ef3..78b54acfa0 100644 --- a/package/network/services/dropbear/patches/140-disable_assert.patch +++ b/package/network/services/dropbear/patches/140-disable_assert.patch @@ -1,6 +1,6 @@ --- a/dbutil.h +++ b/dbutil.h -@@ -101,7 +101,11 @@ int m_str_to_uint(const char* str, unsig +@@ -78,7 +78,11 @@ int m_str_to_uint(const char* str, unsig #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} /* Dropbear assertion */ diff --git a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch index 367dc2c681..ccc2cb7925 100644 --- a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch +++ b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch @@ -1,8 +1,8 @@ --- a/options.h +++ b/options.h @@ -5,6 +5,11 @@ - #ifndef _OPTIONS_H_ - #define _OPTIONS_H_ + #ifndef DROPBEAR_OPTIONS_H_ + #define DROPBEAR_OPTIONS_H_ +#if !defined(DROPBEAR_CLIENT) && !defined(DROPBEAR_SERVER) +#define DROPBEAR_SERVER diff --git a/package/network/services/dropbear/patches/500-set-default-path.patch b/package/network/services/dropbear/patches/500-set-default-path.patch index e2add9415f..da6b9ae0ce 100644 --- a/package/network/services/dropbear/patches/500-set-default-path.patch +++ b/package/network/services/dropbear/patches/500-set-default-path.patch @@ -1,11 +1,12 @@ --- a/options.h +++ b/options.h -@@ -336,7 +336,7 @@ be overridden at runtime with -I. 0 disa +@@ -352,7 +352,9 @@ be overridden at runtime with -I. 0 disa #define DEFAULT_IDLE_TIMEOUT 0 /* The default path. This will often get replaced by the shell */ --#define DEFAULT_PATH "/usr/bin:/bin" -+#define DEFAULT_PATH "/bin:/sbin:/usr/bin:/usr/sbin" ++#ifndef DEFAULT_PATH + #define DEFAULT_PATH "/usr/bin:/bin" ++#endif /* Some other defines (that mostly should be left alone) are defined * in sysoptions.h */ diff --git a/package/network/services/dropbear/patches/600-allow-blank-root-password.patch b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch new file mode 100644 index 0000000000..7c67b086bb --- /dev/null +++ b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch @@ -0,0 +1,11 @@ +--- a/svr-auth.c ++++ b/svr-auth.c +@@ -149,7 +149,7 @@ void recv_msg_userauth_request() { + AUTH_METHOD_NONE_LEN) == 0) { + TRACE(("recv_msg_userauth_request: 'none' request")) + if (valid_user +- && svr_opts.allowblankpass ++ && (svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root")) + && !svr_opts.noauthpass + && !(svr_opts.norootpass && ses.authstate.pw_uid == 0) + && ses.authstate.pw_passwd[0] == '\0') diff --git a/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch new file mode 100644 index 0000000000..f6453a4626 --- /dev/null +++ b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch @@ -0,0 +1,18 @@ +--- a/svr-runopts.c ++++ b/svr-runopts.c +@@ -488,6 +488,7 @@ void load_all_hostkeys() { + m_free(hostkey_file); + } + ++ if (svr_opts.num_hostkey_files <= 0) { + #ifdef DROPBEAR_RSA + loadhostkey(RSA_PRIV_FILENAME, 0); + #endif +@@ -499,6 +500,7 @@ void load_all_hostkeys() { + #ifdef DROPBEAR_ECDSA + loadhostkey(ECDSA_PRIV_FILENAME, 0); + #endif ++ } + + #ifdef DROPBEAR_DELAY_HOSTKEY + if (svr_opts.delay_hostkey) { diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 8e706dc5a3..462a4cf7b6 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -7,9 +7,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_VERSION:=2015-03-25 -PKG_RELEASE:=1 -PKG_REV:=8278138e679174b1ec8af7f169c2810a8888e202 +PKG_VERSION:=2016-06-15 +PKG_RELEASE:=2 +PKG_REV:=31d3692fe5d56c05753ed4a70c7943979e1d29e7 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=git://w1.fi/srv/git/hostap.git @@ -40,6 +40,10 @@ LOCAL_TYPE=$(strip \ hostapd \ ))) LOCAL_VARIANT=$(patsubst wpad-%,%,$(patsubst supplicant-%,%,$(BUILD_VARIANT))) +CONFIG_VARIANT:=$(LOCAL_VARIANT) +ifeq ($(LOCAL_VARIANT),mesh) + CONFIG_VARIANT:=full +endif ifeq ($(LOCAL_TYPE),supplicant) ifeq ($(LOCAL_VARIANT),full) @@ -47,10 +51,6 @@ ifeq ($(LOCAL_TYPE),supplicant) CONFIG_WPA_SUPPLICANT_INTERNAL \ CONFIG_WPA_SUPPLICANT_OPENSSL endif - ifeq ($(LOCAL_VARIANT),mesh) - PKG_CONFIG_DEPENDS += \ - CONFIG_WPA_SUPPLICANT_OPENSSL - endif endif PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) @@ -82,7 +82,7 @@ ifneq ($(LOCAL_TYPE),hostapd) endif endif ifeq ($(LOCAL_VARIANT),mesh) - DRIVER_MAKEOPTS += CONFIG_TLS=openssl + DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_AP=y CONFIG_SAE=y CONFIG_MESH=y TARGET_LDFLAGS += -lcrypto -lssl endif ifdef CONFIG_WPA_SUPPLICANT_NO_TIMESTAMP_CHECK @@ -177,8 +177,7 @@ endef define Package/wpad-mesh $(call Package/wpad/Default) TITLE+= (with 802.11s mesh and SAE support) - DEPENDS:=$(DRV_DEPENDS) +libubus +libopenssl +@CONFIG_WPA_SUPPLICANT_OPENSSL @(!TARGET_uml||BROKEN) - CONFLICTS:=@WPA_SUPPLICANT_INTERNAL + DEPENDS:=$(DRV_DEPENDS) +libubus +PACKAGE_wpad-mesh:libopenssl @(!TARGET_uml||BROKEN) VARIANT:=wpad-mesh endef @@ -284,10 +283,10 @@ endif define Build/Configure $(Build/Configure/rebuild) - $(if $(wildcard ./files/hostapd-$(LOCAL_VARIANT).config), \ - $(CP) ./files/hostapd-$(LOCAL_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \ + $(if $(wildcard ./files/hostapd-$(CONFIG_VARIANT).config), \ + $(CP) ./files/hostapd-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \ ) - $(CP) ./files/wpa_supplicant-$(LOCAL_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config + $(CP) ./files/wpa_supplicant-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config endef TARGET_CPPFLAGS := \ diff --git a/package/network/services/hostapd/files/netifd.sh b/package/network/services/hostapd/files/netifd.sh index 23d2e7e83e..21762e9ddb 100644 --- a/package/network/services/hostapd/files/netifd.sh +++ b/package/network/services/hostapd/files/netifd.sh @@ -120,6 +120,7 @@ hostapd_common_add_bss_config() { config_add_boolean rsn_preauth auth_cache config_add_int ieee80211w + config_add_int eapol_version config_add_string 'auth_server:host' 'server:host' config_add_string auth_secret @@ -182,7 +183,7 @@ hostapd_set_bss_options() { wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 \ wps_device_type wps_device_name wps_manufacturer wps_pin \ macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \ - iapp_interface + iapp_interface eapol_version set_default isolate 0 set_default maxassoc 0 @@ -192,6 +193,7 @@ hostapd_set_bss_options() { set_default hidden 0 set_default wmm 1 set_default uapsd 1 + set_default eapol_version 0 append bss_conf "ctrl_interface=/var/run/hostapd" if [ "$isolate" -gt 0 ]; then @@ -237,6 +239,8 @@ hostapd_set_bss_options() { [ -e "$wpa_psk_file" ] || touch "$wpa_psk_file" append bss_conf "wpa_psk_file=$wpa_psk_file" "$N" } + [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" + wps_possible=1 append wpa_key_mgmt "WPA-PSK" ;; @@ -292,6 +296,8 @@ hostapd_set_bss_options() { [ -n "$vlan_tagged_interface" ] && \ append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N" } + + [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" ;; wep) local wep_keyidx=0 diff --git a/package/network/services/hostapd/files/wpa_supplicant-mesh.config b/package/network/services/hostapd/files/wpa_supplicant-mesh.config deleted file mode 100644 index 36e29088c4..0000000000 --- a/package/network/services/hostapd/files/wpa_supplicant-mesh.config +++ /dev/null @@ -1,407 +0,0 @@ -# Example wpa_supplicant build time configuration -# -# This file lists the configuration options that are used when building the -# hostapd binary. All lines starting with # are ignored. Configuration option -# lines must be commented out complete, if they are not to be included, i.e., -# just setting VARIABLE=n is not disabling that variable. -# -# This file is included in Makefile, so variables like CFLAGS and LIBS can also -# be modified from here. In most cases, these lines should use += in order not -# to override previous values of the variables. - - -# Uncomment following two lines and fix the paths if you have installed OpenSSL -# or GnuTLS in non-default location -#CFLAGS += -I/usr/local/openssl/include -#LIBS += -L/usr/local/openssl/lib - -# Some Red Hat versions seem to include kerberos header files from OpenSSL, but -# the kerberos files are not in the default include path. Following line can be -# used to fix build issues on such systems (krb5.h not found). -#CFLAGS += -I/usr/include/kerberos - -# Example configuration for various cross-compilation platforms - -#### sveasoft (e.g., for Linksys WRT54G) ###################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS += -I../src/include -I../../src/router/openssl/include -#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl -############################################################################### - -#### openwrt (e.g., for Linksys WRT54G) ####################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ -# -I../WRT54GS/release/src/include -#LIBS = -lssl -############################################################################### - - -# Driver interface for Host AP driver -CONFIG_DRIVER_HOSTAP=y - -# Driver interface for Agere driver -#CONFIG_DRIVER_HERMES=y -# Change include directories to match with the local setup -#CFLAGS += -I../../hcf -I../../include -I../../include/hcf -#CFLAGS += -I../../include/wireless - -# Driver interface for ndiswrapper -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_NDISWRAPPER=y - -# Driver interface for Atmel driver -# CONFIG_DRIVER_ATMEL=y - -# Driver interface for old Broadcom driver -# Please note that the newer Broadcom driver ("hybrid Linux driver") supports -# Linux wireless extensions and does not need (or even work) with the old -# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. -#CONFIG_DRIVER_BROADCOM=y -# Example path for wlioctl.h; change to match your configuration -#CFLAGS += -I/opt/WRT54GS/release/src/include - -# Driver interface for Intel ipw2100/2200 driver -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_IPW=y - -# Driver interface for Ralink driver -#CONFIG_DRIVER_RALINK=y - -# Driver interface for generic Linux wireless extensions -CONFIG_DRIVER_WEXT=y - -# Driver interface for Linux drivers using the nl80211 kernel interface -CONFIG_DRIVER_NL80211=y - -# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) -#CONFIG_DRIVER_BSD=y -#CFLAGS += -I/usr/local/include -#LIBS += -L/usr/local/lib -#LIBS_p += -L/usr/local/lib -#LIBS_c += -L/usr/local/lib - -# Driver interface for Windows NDIS -#CONFIG_DRIVER_NDIS=y -#CFLAGS += -I/usr/include/w32api/ddk -#LIBS += -L/usr/local/lib -# For native build using mingw -#CONFIG_NATIVE_WINDOWS=y -# Additional directories for cross-compilation on Linux host for mingw target -#CFLAGS += -I/opt/mingw/mingw32/include/ddk -#LIBS += -L/opt/mingw/mingw32/lib -#CC=mingw32-gcc -# By default, driver_ndis uses WinPcap for low-level operations. This can be -# replaced with the following option which replaces WinPcap calls with NDISUIO. -# However, this requires that WZC is disabled (net stop wzcsvc) before starting -# wpa_supplicant. -# CONFIG_USE_NDISUIO=y - -# Driver interface for development testing -#CONFIG_DRIVER_TEST=y - -# Include client MLME (management frame processing) for test driver -# This can be used to test MLME operations in hostapd with the test interface. -# space. -#CONFIG_CLIENT_MLME=y - -# Driver interface for wired Ethernet drivers -CONFIG_DRIVER_WIRED=y - -# Driver interface for the Broadcom RoboSwitch family -#CONFIG_DRIVER_ROBOSWITCH=y - -# Driver interface for no driver (e.g., WPS ER only) -#CONFIG_DRIVER_NONE=y - -# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is -# included) -CONFIG_IEEE8021X_EAPOL=y - -# EAP-MD5 -CONFIG_EAP_MD5=y - -# EAP-MSCHAPv2 -CONFIG_EAP_MSCHAPV2=y - -# EAP-TLS -CONFIG_EAP_TLS=y - -# EAL-PEAP -CONFIG_EAP_PEAP=y - -# EAP-TTLS -CONFIG_EAP_TTLS=y - -# EAP-FAST -# Note: Default OpenSSL package does not include support for all the -# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, -# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) -# to add the needed functions. -#CONFIG_EAP_FAST=y - -# EAP-GTC -CONFIG_EAP_GTC=y - -# EAP-OTP -CONFIG_EAP_OTP=y - -# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) -#CONFIG_EAP_SIM=y - -# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) -#CONFIG_EAP_PSK=y - -# EAP-PAX -#CONFIG_EAP_PAX=y - -# LEAP -CONFIG_EAP_LEAP=y - -# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) -#CONFIG_EAP_AKA=y - -# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). -# This requires CONFIG_EAP_AKA to be enabled, too. -#CONFIG_EAP_AKA_PRIME=y - -# Enable USIM simulator (Milenage) for EAP-AKA -#CONFIG_USIM_SIMULATOR=y - -# EAP-SAKE -#CONFIG_EAP_SAKE=y - -# EAP-GPSK -#CONFIG_EAP_GPSK=y -# Include support for optional SHA256 cipher suite in EAP-GPSK -#CONFIG_EAP_GPSK_SHA256=y - -# EAP-TNC and related Trusted Network Connect support (experimental) -#CONFIG_EAP_TNC=y - -# Wi-Fi Protected Setup (WPS) -CONFIG_WPS=y - -# EAP-IKEv2 -#CONFIG_EAP_IKEV2=y - -# PKCS#12 (PFX) support (used to read private key and certificate file from -# a file that usually has extension .p12 or .pfx) -CONFIG_PKCS12=y - -# Smartcard support (i.e., private key on a smartcard), e.g., with openssl -# engine. -CONFIG_SMARTCARD=y - -# PC/SC interface for smartcards (USIM, GSM SIM) -# Enable this if EAP-SIM or EAP-AKA is included -#CONFIG_PCSC=y - -# Development testing -#CONFIG_EAPOL_TEST=y - -# Select control interface backend for external programs, e.g, wpa_cli: -# unix = UNIX domain sockets (default for Linux/*BSD) -# udp = UDP sockets using localhost (127.0.0.1) -# named_pipe = Windows Named Pipe (default for Windows) -# y = use default (backwards compatibility) -# If this option is commented out, control interface is not included in the -# build. -CONFIG_CTRL_IFACE=y - -# Include support for GNU Readline and History Libraries in wpa_cli. -# When building a wpa_cli binary for distribution, please note that these -# libraries are licensed under GPL and as such, BSD license may not apply for -# the resulting binary. -#CONFIG_READLINE=y - -# Remove debugging code that is printing out debug message to stdout. -# This can be used to reduce the size of the wpa_supplicant considerably -# if debugging code is not needed. The size reduction can be around 35% -# (e.g., 90 kB). -#CONFIG_NO_STDOUT_DEBUG=y - -# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save -# 35-50 kB in code size. -#CONFIG_NO_WPA=y - -# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to -# save about 1 kB in code size when building only WPA-Personal (no EAP support) -# or 6 kB if building for WPA-Enterprise. -#CONFIG_NO_WPA2=y - -# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support -# This option can be used to reduce code size by removing support for -# converting ASCII passphrases into PSK. If this functionality is removed, the -# PSK can only be configured as the 64-octet hexstring (e.g., from -# wpa_passphrase). This saves about 0.5 kB in code size. -#CONFIG_NO_WPA_PASSPHRASE=y - -# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. -# This can be used if ap_scan=1 mode is never enabled. -#CONFIG_NO_SCAN_PROCESSING=y - -# Select configuration backend: -# file = text file (e.g., wpa_supplicant.conf; note: the configuration file -# path is given on command line, not here; this option is just used to -# select the backend that allows configuration files to be used) -# winreg = Windows registry (see win_example.reg for an example) -CONFIG_BACKEND=file - -# Remove configuration write functionality (i.e., to allow the configuration -# file to be updated based on runtime configuration changes). The runtime -# configuration can still be changed, the changes are just not going to be -# persistent over restarts. This option can be used to reduce code size by -# about 3.5 kB. -#CONFIG_NO_CONFIG_WRITE=y - -# Remove support for configuration blobs to reduce code size by about 1.5 kB. -#CONFIG_NO_CONFIG_BLOBS=y - -# Select program entry point implementation: -# main = UNIX/POSIX like main() function (default) -# main_winsvc = Windows service (read parameters from registry) -# main_none = Very basic example (development use only) -#CONFIG_MAIN=main - -# Select wrapper for operatins system and C library specific functions -# unix = UNIX/POSIX like systems (default) -# win32 = Windows systems -# none = Empty template -#CONFIG_OS=unix - -# Select event loop implementation -# eloop = select() loop (default) -# eloop_win = Windows events and WaitForMultipleObject() loop -# eloop_none = Empty template -#CONFIG_ELOOP=eloop - -# Select layer 2 packet implementation -# linux = Linux packet socket (default) -# pcap = libpcap/libdnet/WinPcap -# freebsd = FreeBSD libpcap -# winpcap = WinPcap with receive thread -# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) -# none = Empty template -#CONFIG_L2_PACKET=linux - -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - -# IEEE 802.11w (management frame protection) -# This version is an experimental implementation based on IEEE 802.11w/D1.0 -# draft and is subject to change since the standard has not yet been finalized. -# Driver support is also needed for IEEE 802.11w. -CONFIG_IEEE80211W=y - -# Select TLS implementation -# openssl = OpenSSL (default) -# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) -# internal = Internal TLSv1 implementation (experimental) -# none = Empty template -CONFIG_TLS=internal - -# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. -# You need CONFIG_TLS=gnutls for this to have any effect. Please note that -# even though the core GnuTLS library is released under LGPL, this extra -# library uses GPL and as such, the terms of GPL apply to the combination -# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not -# apply for distribution of the resulting binary. -#CONFIG_GNUTLS_EXTRA=y - -# If CONFIG_TLS=internal is used, additional library and include paths are -# needed for LibTomMath. Alternatively, an integrated, minimal version of -# LibTomMath can be used. See beginning of libtommath.c for details on benefits -# and drawbacks of this option. -CONFIG_INTERNAL_LIBTOMMATH=y -#ifndef CONFIG_INTERNAL_LIBTOMMATH -#LTM_PATH=/usr/src/libtommath-0.39 -#CFLAGS += -I$(LTM_PATH) -#LIBS += -L$(LTM_PATH) -#LIBS_p += -L$(LTM_PATH) -#endif -# At the cost of about 4 kB of additional binary size, the internal LibTomMath -# can be configured to include faster routines for exptmod, sqr, and div to -# speed up DH and RSA calculation considerably -CONFIG_INTERNAL_LIBTOMMATH_FAST=y - -# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. -# This is only for Windows builds and requires WMI-related header files and -# WbemUuid.Lib from Platform SDK even when building with MinGW. -#CONFIG_NDIS_EVENTS_INTEGRATED=y -#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" - -# Add support for old DBus control interface -# (fi.epitest.hostap.WPASupplicant) -#CONFIG_CTRL_IFACE_DBUS=y - -# Add support for new DBus control interface -# (fi.w1.hostap.wpa_supplicant1) -#CONFIG_CTRL_IFACE_DBUS_NEW=y - -# Add introspection support for new DBus control interface -#CONFIG_CTRL_IFACE_DBUS_INTRO=y - -# Add support for loading EAP methods dynamically as shared libraries. -# When this option is enabled, each EAP method can be either included -# statically (CONFIG_EAP_=y) or dynamically (CONFIG_EAP_=dyn). -# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to -# be loaded in the beginning of the wpa_supplicant configuration file -# (see load_dynamic_eap parameter in the example file) before being used in -# the network blocks. -# -# Note that some shared parts of EAP methods are included in the main program -# and in order to be able to use dynamic EAP methods using these parts, the -# main program must have been build with the EAP method enabled (=y or =dyn). -# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries -# unless at least one of them was included in the main build to force inclusion -# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included -# in the main build to be able to load these methods dynamically. -# -# Please also note that using dynamic libraries will increase the total binary -# size. Thus, it may not be the best option for targets that have limited -# amount of memory/flash. -#CONFIG_DYNAMIC_EAP_METHODS=y - -# IEEE Std 802.11r-2008 (Fast BSS Transition) -#CONFIG_IEEE80211R=y - -# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) -#CONFIG_DEBUG_FILE=y - -# Enable privilege separation (see README 'Privilege separation' for details) -#CONFIG_PRIVSEP=y - -# Enable mitigation against certain attacks against TKIP by delaying Michael -# MIC error reports by a random amount of time between 0 and 60 seconds -#CONFIG_DELAYED_MIC_ERROR_REPORT=y - -# Enable tracing code for developer debugging -# This tracks use of memory allocations and other registrations and reports -# incorrect use with a backtrace of call (or allocation) location. -#CONFIG_WPA_TRACE=y -# For BSD, comment out these. -#LIBS += -lexecinfo -#LIBS_p += -lexecinfo -#LIBS_c += -lexecinfo - -# Use libbfd to get more details for developer debugging -# This enables use of libbfd to get more detailed symbols for the backtraces -# generated by CONFIG_WPA_TRACE=y. -#CONFIG_WPA_TRACE_BFD=y -# For BSD, comment out these. -#LIBS += -lbfd -liberty -lz -#LIBS_p += -lbfd -liberty -lz -#LIBS_c += -lbfd -liberty -lz - -CONFIG_NO_RANDOM_POOL=y -NEED_80211_COMMON=y - -CONFIG_IBSS_RSN=y - -CONFIG_MESH=y -CONFIG_SAE=y -CONFIG_AP=y diff --git a/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch b/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch deleted file mode 100644 index e408fbe383..0000000000 --- a/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Tue, 7 Apr 2015 11:32:11 +0300 -Subject: [PATCH] P2P: Validate SSID element length before copying it - (CVE-2015-1863) - -This fixes a possible memcpy overflow for P2P dev->oper_ssid in -p2p_add_device(). The length provided by the peer device (0..255 bytes) -was used without proper bounds checking and that could have resulted in -arbitrary data of up to 223 bytes being written beyond the end of the -dev->oper_ssid[] array (of which about 150 bytes would be beyond the -heap allocation) when processing a corrupted management frame for P2P -peer discovery purposes. - -This could result in corrupted state in heap, unexpected program -behavior due to corrupted P2P peer device information, denial of service -due to process crash, exposure of memory contents during GO Negotiation, -and potentially arbitrary code execution. - -Thanks to Google security team for reporting this issue and smart -hardware research group of Alibaba security team for discovering it. - -Signed-off-by: Jouni Malinen ---- - src/p2p/p2p.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/src/p2p/p2p.c -+++ b/src/p2p/p2p.c -@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, - if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0) - os_memcpy(dev->interface_addr, addr, ETH_ALEN); - if (msg.ssid && -+ msg.ssid[1] <= sizeof(dev->oper_ssid) && - (msg.ssid[1] != P2P_WILDCARD_SSID_LEN || - os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) - != 0)) { diff --git a/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch b/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch deleted file mode 100644 index bc4d60fcc1..0000000000 --- a/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Wed, 29 Apr 2015 02:21:53 +0300 -Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser - -The length of the WMM Action frame was not properly validated and the -length of the information elements (int left) could end up being -negative. This would result in reading significantly past the stack -buffer while parsing the IEs in ieee802_11_parse_elems() and while doing -so, resulting in segmentation fault. - -This can result in an invalid frame being used for a denial of service -attack (hostapd process killed) against an AP with a driver that uses -hostapd for management frame processing (e.g., all mac80211-based -drivers). - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen ---- - src/ap/wmm.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/src/ap/wmm.c -+++ b/src/ap/wmm.c -@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_d - return; - } - -+ if (left < 0) -+ return; /* not a valid WMM Action frame */ -+ - /* extract the tspec info element */ - if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) { - hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, diff --git a/package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch b/package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch deleted file mode 100644 index 36b4ca2946..0000000000 --- a/package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 5acd23f4581da58683f3cf5e36cb71bbe4070bd7 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Tue, 28 Apr 2015 17:08:33 +0300 -Subject: [PATCH] WPS: Fix HTTP chunked transfer encoding parser - -strtoul() return value may end up overflowing the int h->chunk_size and -resulting in a negative value to be stored as the chunk_size. This could -result in the following memcpy operation using a very large length -argument which would result in a buffer overflow and segmentation fault. - -This could have been used to cause a denial service by any device that -has been authorized for network access (either wireless or wired). This -would affect both the WPS UPnP functionality in a WPS AP (hostapd with -upnp_iface parameter set in the configuration) and WPS ER -(wpa_supplicant with WPS_ER_START control interface command used). - -Validate the parsed chunk length value to avoid this. In addition to -rejecting negative values, we can also reject chunk size that would be -larger than the maximum configured body length. - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen ---- - src/wps/httpread.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/wps/httpread.c b/src/wps/httpread.c -index 2f08f37..d2855e3 100644 ---- a/src/wps/httpread.c -+++ b/src/wps/httpread.c -@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx) - if (!isxdigit(*cbp)) - goto bad; - h->chunk_size = strtoul(cbp, NULL, 16); -+ if (h->chunk_size < 0 || -+ h->chunk_size > h->max_bytes) { -+ wpa_printf(MSG_DEBUG, -+ "httpread: Invalid chunk size %d", -+ h->chunk_size); -+ goto bad; -+ } - /* throw away chunk header - * so we have only real data - */ --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch b/package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch deleted file mode 100644 index 91627fb7b7..0000000000 --- a/package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch +++ /dev/null @@ -1,73 +0,0 @@ -From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Fri, 1 May 2015 16:37:45 +0300 -Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit - and Confirm - -The length of the received Commit and Confirm message payloads was not -checked before reading them. This could result in a buffer read -overflow when processing an invalid message. - -Fix this by verifying that the payload is of expected length before -processing it. In addition, enforce correct state transition sequence to -make sure there is no unexpected behavior if receiving a Commit/Confirm -message before the previous exchanges have been completed. - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 29 +++++++++++++++++++++++++++++ - 1 file changed, 29 insertions(+) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index f2b0926..a629437 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -355,6 +355,23 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data, - BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL; - u16 offset; - u8 *ptr, *scalar = NULL, *element = NULL; -+ size_t prime_len, order_len; -+ -+ if (data->state != PWD_Commit_Req) { -+ ret->ignore = TRUE; -+ goto fin; -+ } -+ -+ prime_len = BN_num_bytes(data->grp->prime); -+ order_len = BN_num_bytes(data->grp->order); -+ -+ if (payload_len != 2 * prime_len + order_len) { -+ wpa_printf(MSG_INFO, -+ "EAP-pwd: Unexpected Commit payload length %u (expected %u)", -+ (unsigned int) payload_len, -+ (unsigned int) (2 * prime_len + order_len)); -+ goto fin; -+ } - - if (((data->private_value = BN_new()) == NULL) || - ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) || -@@ -554,6 +571,18 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data, - u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr; - int offset; - -+ if (data->state != PWD_Confirm_Req) { -+ ret->ignore = TRUE; -+ goto fin; -+ } -+ -+ if (payload_len != SHA256_MAC_LEN) { -+ wpa_printf(MSG_INFO, -+ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)", -+ (unsigned int) payload_len, SHA256_MAC_LEN); -+ goto fin; -+ } -+ - /* - * first build up the ciphersuite which is group | random_function | - * prf --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch b/package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch deleted file mode 100644 index 5dca20b277..0000000000 --- a/package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch +++ /dev/null @@ -1,66 +0,0 @@ -From e28a58be26184c2a23f80b410e0997ef1bd5d578 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Fri, 1 May 2015 16:40:44 +0300 -Subject: [PATCH 2/5] EAP-pwd server: Fix payload length validation for Commit - and Confirm - -The length of the received Commit and Confirm message payloads was not -checked before reading them. This could result in a buffer read -overflow when processing an invalid message. - -Fix this by verifying that the payload is of expected length before -processing it. In addition, enforce correct state transition sequence to -make sure there is no unexpected behavior if receiving a Commit/Confirm -message before the previous exchanges have been completed. - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen ---- - src/eap_server/eap_server_pwd.c | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c -index 66bd5d2..3189105 100644 ---- a/src/eap_server/eap_server_pwd.c -+++ b/src/eap_server/eap_server_pwd.c -@@ -656,9 +656,21 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data, - BIGNUM *x = NULL, *y = NULL, *cofactor = NULL; - EC_POINT *K = NULL, *point = NULL; - int res = 0; -+ size_t prime_len, order_len; - - wpa_printf(MSG_DEBUG, "EAP-pwd: Received commit response"); - -+ prime_len = BN_num_bytes(data->grp->prime); -+ order_len = BN_num_bytes(data->grp->order); -+ -+ if (payload_len != 2 * prime_len + order_len) { -+ wpa_printf(MSG_INFO, -+ "EAP-pwd: Unexpected Commit payload length %u (expected %u)", -+ (unsigned int) payload_len, -+ (unsigned int) (2 * prime_len + order_len)); -+ goto fin; -+ } -+ - if (((data->peer_scalar = BN_new()) == NULL) || - ((data->k = BN_new()) == NULL) || - ((cofactor = BN_new()) == NULL) || -@@ -774,6 +786,13 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data, - u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr; - int offset; - -+ if (payload_len != SHA256_MAC_LEN) { -+ wpa_printf(MSG_INFO, -+ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)", -+ (unsigned int) payload_len, SHA256_MAC_LEN); -+ goto fin; -+ } -+ - /* build up the ciphersuite: group | random_function | prf */ - grp = htons(data->group_num); - ptr = (u8 *) &cs; --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch b/package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch deleted file mode 100644 index 4d2f9d8aef..0000000000 --- a/package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 477c74395acd0123340457ba6f15ab345d42016e Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sat, 2 May 2015 19:23:04 +0300 -Subject: [PATCH 3/5] EAP-pwd peer: Fix Total-Length parsing for fragment - reassembly - -The remaining number of bytes in the message could be smaller than the -Total-Length field size, so the length needs to be explicitly checked -prior to reading the field and decrementing the len variable. This could -have resulted in the remaining length becoming negative and interpreted -as a huge positive integer. - -In addition, check that there is no already started fragment in progress -before allocating a new buffer for reassembling fragments. This avoid a -potential memory leak when processing invalid message. - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index a629437..1d2079b 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -866,11 +866,23 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, - * if it's the first fragment there'll be a length field - */ - if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { -+ if (len < 2) { -+ wpa_printf(MSG_DEBUG, -+ "EAP-pwd: Frame too short to contain Total-Length field"); -+ ret->ignore = TRUE; -+ return NULL; -+ } - tot_len = WPA_GET_BE16(pos); - wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose " - "total length = %d", tot_len); - if (tot_len > 15000) - return NULL; -+ if (data->inbuf) { -+ wpa_printf(MSG_DEBUG, -+ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use"); -+ ret->ignore = TRUE; -+ return NULL; -+ } - data->inbuf = wpabuf_alloc(tot_len); - if (data->inbuf == NULL) { - wpa_printf(MSG_INFO, "Out of memory to buffer " --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch b/package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch deleted file mode 100644 index 7edef099eb..0000000000 --- a/package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 3035cc2894e08319b905bd6561e8bddc8c2db9fa Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sat, 2 May 2015 19:26:06 +0300 -Subject: [PATCH 4/5] EAP-pwd server: Fix Total-Length parsing for fragment - reassembly - -The remaining number of bytes in the message could be smaller than the -Total-Length field size, so the length needs to be explicitly checked -prior to reading the field and decrementing the len variable. This could -have resulted in the remaining length becoming negative and interpreted -as a huge positive integer. - -In addition, check that there is no already started fragment in progress -before allocating a new buffer for reassembling fragments. This avoid a -potential memory leak when processing invalid message. - -Signed-off-by: Jouni Malinen ---- - src/eap_server/eap_server_pwd.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c -index 3189105..2bfc3c2 100644 ---- a/src/eap_server/eap_server_pwd.c -+++ b/src/eap_server/eap_server_pwd.c -@@ -942,11 +942,21 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, - * the first fragment has a total length - */ - if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { -+ if (len < 2) { -+ wpa_printf(MSG_DEBUG, -+ "EAP-pwd: Frame too short to contain Total-Length field"); -+ return; -+ } - tot_len = WPA_GET_BE16(pos); - wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total " - "length = %d", tot_len); - if (tot_len > 15000) - return; -+ if (data->inbuf) { -+ wpa_printf(MSG_DEBUG, -+ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use"); -+ return; -+ } - data->inbuf = wpabuf_alloc(tot_len); - if (data->inbuf == NULL) { - wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to " --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch b/package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch deleted file mode 100644 index a601323f14..0000000000 --- a/package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 28a069a545b06b99eb55ad53f63f2c99e65a98f6 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sat, 2 May 2015 19:26:28 +0300 -Subject: [PATCH 5/5] EAP-pwd peer: Fix asymmetric fragmentation behavior - -The L (Length) and M (More) flags needs to be cleared before deciding -whether the locally generated response requires fragmentation. This -fixes an issue where these flags from the server could have been invalid -for the following message. In some cases, this could have resulted in -triggering the wpabuf security check that would terminate the process -due to invalid buffer allocation. - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index 1d2079b..e58b13a 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -968,6 +968,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, - /* - * we have output! Do we need to fragment it? - */ -+ lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch); - len = wpabuf_len(data->outbuf); - if ((len + EAP_PWD_HDR_SIZE) > data->mtu) { - resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu, --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch b/package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch deleted file mode 100644 index dd3462465e..0000000000 --- a/package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch +++ /dev/null @@ -1,61 +0,0 @@ -From df9079e72760ceb7ebe7fb11538200c516bdd886 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Tue, 7 Jul 2015 21:57:28 +0300 -Subject: [PATCH] NFC: Fix payload length validation in NDEF record parser - -It was possible for the 32-bit record->total_length value to end up -wrapping around due to integer overflow if the longer form of payload -length field is used and record->payload_length gets a value close to -2^32. This could result in ndef_parse_record() accepting a too large -payload length value and the record type filter reading up to about 20 -bytes beyond the end of the buffer and potentially killing the process. -This could also result in an attempt to allocate close to 2^32 bytes of -heap memory and if that were to succeed, a buffer read overflow of the -same length which would most likely result in the process termination. -In case of record->total_length ending up getting the value 0, there -would be no buffer read overflow, but record parsing would result in an -infinite loop in ndef_parse_records(). - -Any of these error cases could potentially be used for denial of service -attacks over NFC by using a malformed NDEF record on an NFC Tag or -sending them during NFC connection handover if the application providing -the NDEF message to hostapd/wpa_supplicant did no validation of the -received records. While such validation is likely done in the NFC stack -that needs to parse the NFC messages before further processing, -hostapd/wpa_supplicant better be prepared for any data being included -here. - -Fix this by validating record->payload_length value in a way that -detects integer overflow. (CID 122668) - -Signed-off-by: Jouni Malinen ---- - src/wps/ndef.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/wps/ndef.c b/src/wps/ndef.c -index 5604b0a..50d018f 100644 ---- a/src/wps/ndef.c -+++ b/src/wps/ndef.c -@@ -48,6 +48,8 @@ static int ndef_parse_record(const u8 *data, u32 size, - if (size < 6) - return -1; - record->payload_length = ntohl(*(u32 *)pos); -+ if (record->payload_length > size - 6) -+ return -1; - pos += sizeof(u32); - } - -@@ -68,7 +70,8 @@ static int ndef_parse_record(const u8 *data, u32 size, - pos += record->payload_length; - - record->total_length = pos - data; -- if (record->total_length > size) -+ if (record->total_length > size || -+ record->total_length < record->payload_length) - return -1; - return 0; - } --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch b/package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch deleted file mode 100644 index 00e5b7c771..0000000000 --- a/package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6b12d93d2c7428a34bfd4b3813ba339ed57b698a Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sun, 25 Oct 2015 15:45:50 +0200 -Subject: [PATCH] WNM: Ignore Key Data in WNM Sleep Mode Response frame if no - PMF in use - -WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is -enabled. Verify that PMF is in use before using this field on station -side to avoid accepting unauthenticated key updates. (CVE-2015-5310) - -Signed-off-by: Jouni Malinen ---- - wpa_supplicant/wnm_sta.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c -index 954de67..7d79499 100644 ---- a/wpa_supplicant/wnm_sta.c -+++ b/wpa_supplicant/wnm_sta.c -@@ -187,6 +187,12 @@ static void wnm_sleep_mode_exit_success(struct wpa_supplicant *wpa_s, - end = ptr + key_len_total; - wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total); - -+ if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) { -+ wpa_msg(wpa_s, MSG_INFO, -+ "WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled"); -+ return; -+ } -+ - while (ptr + 1 < end) { - if (ptr + 2 + ptr[1] > end) { - wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element " diff --git a/package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch b/package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch deleted file mode 100644 index 82c26398b6..0000000000 --- a/package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 8057821706784608b828e769ccefbced95591e50 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sun, 1 Nov 2015 18:18:17 +0200 -Subject: [PATCH] EAP-pwd peer: Fix last fragment length validation - -All but the last fragment had their length checked against the remaining -room in the reassembly buffer. This allowed a suitably constructed last -fragment frame to try to add extra data that would go beyond the buffer. -The length validation code in wpabuf_put_data() prevents an actual -buffer write overflow from occurring, but this results in process -termination. (CVE-2015-5315) - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index 1f78544..75ceef1 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -903,7 +903,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, - /* - * buffer and ACK the fragment - */ -- if (EAP_PWD_GET_MORE_BIT(lm_exch)) { -+ if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) { - data->in_frag_pos += len; - if (data->in_frag_pos > wpabuf_size(data->inbuf)) { - wpa_printf(MSG_INFO, "EAP-pwd: Buffer overflow attack " -@@ -916,7 +916,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, - return NULL; - } - wpabuf_put_data(data->inbuf, pos, len); -- -+ } -+ if (EAP_PWD_GET_MORE_BIT(lm_exch)) { - resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, - EAP_PWD_HDR_SIZE, - EAP_CODE_RESPONSE, eap_get_id(reqData)); -@@ -930,10 +931,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, - * we're buffering and this is the last fragment - */ - if (data->in_frag_pos) { -- wpabuf_put_data(data->inbuf, pos, len); - wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes", - (int) len); -- data->in_frag_pos += len; - pos = wpabuf_head_u8(data->inbuf); - len = data->in_frag_pos; - } --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch b/package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch deleted file mode 100644 index bfc4c74e95..0000000000 --- a/package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch +++ /dev/null @@ -1,51 +0,0 @@ -From bef802ece03f9ae9d52a21f0cf4f1bc2c5a1f8aa Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sun, 1 Nov 2015 18:24:16 +0200 -Subject: [PATCH] EAP-pwd server: Fix last fragment length validation - -All but the last fragment had their length checked against the remaining -room in the reassembly buffer. This allowed a suitably constructed last -fragment frame to try to add extra data that would go beyond the buffer. -The length validation code in wpabuf_put_data() prevents an actual -buffer write overflow from occurring, but this results in process -termination. (CVE-2015-5314) - -Signed-off-by: Jouni Malinen ---- - src/eap_server/eap_server_pwd.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c -index cb83ff7..9f787ab 100644 ---- a/src/eap_server/eap_server_pwd.c -+++ b/src/eap_server/eap_server_pwd.c -@@ -970,7 +970,7 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, - /* - * the first and all intermediate fragments have the M bit set - */ -- if (EAP_PWD_GET_MORE_BIT(lm_exch)) { -+ if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) { - if ((data->in_frag_pos + len) > wpabuf_size(data->inbuf)) { - wpa_printf(MSG_DEBUG, "EAP-pwd: Buffer overflow " - "attack detected! (%d+%d > %d)", -@@ -981,6 +981,8 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, - } - wpabuf_put_data(data->inbuf, pos, len); - data->in_frag_pos += len; -+ } -+ if (EAP_PWD_GET_MORE_BIT(lm_exch)) { - wpa_printf(MSG_DEBUG, "EAP-pwd: Got a %d byte fragment", - (int) len); - return; -@@ -990,8 +992,6 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, - * buffering fragments so that's how we know it's the last) - */ - if (data->in_frag_pos) { -- wpabuf_put_data(data->inbuf, pos, len); -- data->in_frag_pos += len; - pos = wpabuf_head_u8(data->inbuf); - len = data->in_frag_pos; - wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes", --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch b/package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch deleted file mode 100644 index 3088f6a6dc..0000000000 --- a/package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 95577884ca4fa76be91344ff7a8d5d1e6dc3da61 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sun, 1 Nov 2015 19:35:44 +0200 -Subject: [PATCH] EAP-pwd peer: Fix error path for unexpected Confirm message - -If the Confirm message is received from the server before the Identity -exchange has been completed, the group has not yet been determined and -data->grp is NULL. The error path in eap_pwd_perform_confirm_exchange() -did not take this corner case into account and could end up -dereferencing a NULL pointer and terminating the process if invalid -message sequence is received. (CVE-2015-5316) - -Signed-off-by: Jouni Malinen ---- - src/eap_peer/eap_pwd.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c -index 75ceef1..892b590 100644 ---- a/src/eap_peer/eap_pwd.c -+++ b/src/eap_peer/eap_pwd.c -@@ -774,7 +774,8 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data, - wpabuf_put_data(data->outbuf, conf, SHA256_MAC_LEN); - - fin: -- bin_clear_free(cruft, BN_num_bytes(data->grp->prime)); -+ if (data->grp) -+ bin_clear_free(cruft, BN_num_bytes(data->grp->prime)); - BN_clear_free(x); - BN_clear_free(y); - if (data->outbuf == NULL) { --- -1.9.1 - diff --git a/package/network/services/hostapd/patches/014-nl80211-Try-running-without-mgmt-frame-subscription-.patch b/package/network/services/hostapd/patches/014-nl80211-Try-running-without-mgmt-frame-subscription-.patch deleted file mode 100644 index 25ba87d8d1..0000000000 --- a/package/network/services/hostapd/patches/014-nl80211-Try-running-without-mgmt-frame-subscription-.patch +++ /dev/null @@ -1,48 +0,0 @@ -From f4830bed661f4adff51f50a0d37c64ceb748e780 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Mon, 25 Apr 2016 17:10:47 +0200 -Subject: [PATCH] nl80211: Try running without mgmt frame subscription (driver - AP SME) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -One of supported code paths already allows this scenario. It is used if -driver doesn't report NL80211_ATTR_DEVICE_AP_SME and doesn't support -monitor interface. In such situation: -1) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails -2) We don't try subscribing for WLAN_FC_STYPE_ACTION -3) We fallback to AP SME mode after failing to create monitor interface -4) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails -Above scenario is used, e.g., with brcmfmac. As you can see - thanks to -events provided by cfg80211 - it's not really required to receive Probe -Request or action frames. - -However, the previous implementation did not allow using hostapd with -drivers that: -1) Report NL80211_ATTR_DEVICE_AP_SME -2) Don't support subscribing for PROBE_REQ and/or ACTION frames -In case of using such a driver hostapd will cancel setup after failing -to subscribe for WLAN_FC_STYPE_ACTION. I noticed it after setting flag -WIPHY_FLAG_HAVE_AP_SME in brcmfmac driver for my experiments. - -This patch allows working with such drivers with just a small warning -printed as debug message. - -Signed-off-by: Rafał Miłecki ---- - src/drivers/driver_nl80211.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/src/drivers/driver_nl80211.c -+++ b/src/drivers/driver_nl80211.c -@@ -4108,7 +4108,8 @@ static int nl80211_setup_ap(struct i802_ - - if (drv->device_ap_sme && !drv->use_monitor) - if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) -- return -1; -+ wpa_printf(MSG_DEBUG, -+ "nl80211: Failed to subscribe for mgmt frames from SME driver - trying to run without it"); - - if (!drv->device_ap_sme && drv->use_monitor && - nl80211_create_monitor_interface(drv) && diff --git a/package/network/services/hostapd/patches/100-mesh_mode_fix.patch b/package/network/services/hostapd/patches/100-mesh_mode_fix.patch new file mode 100644 index 0000000000..ceb4c53afa --- /dev/null +++ b/package/network/services/hostapd/patches/100-mesh_mode_fix.patch @@ -0,0 +1,12 @@ +--- a/src/drivers/driver_nl80211.c ++++ b/src/drivers/driver_nl80211.c +@@ -2332,7 +2332,8 @@ wpa_driver_nl80211_finish_drv_init(struc + + if (drv->hostapd || bss->static_ap) + nlmode = NL80211_IFTYPE_AP; +- else if (bss->if_dynamic) ++ else if (bss->if_dynamic || ++ nl80211_get_ifmode(bss) == NL80211_IFTYPE_MESH_POINT) + nlmode = nl80211_get_ifmode(bss); + else + nlmode = NL80211_IFTYPE_STATION; diff --git a/package/network/services/hostapd/patches/110-bool_fix.patch b/package/network/services/hostapd/patches/110-bool_fix.patch deleted file mode 100644 index 865c014ee3..0000000000 --- a/package/network/services/hostapd/patches/110-bool_fix.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- a/src/ap/ieee802_1x.c -+++ b/src/ap/ieee802_1x.c -@@ -2332,9 +2332,9 @@ void ieee802_1x_notify_pre_auth(struct e - } - - --static const char * bool_txt(Boolean bool) -+static const char * bool_txt(Boolean bool_val) - { -- return bool ? "TRUE" : "FALSE"; -+ return bool_val ? "TRUE" : "FALSE"; - } - - diff --git a/package/network/services/hostapd/patches/120-daemonize_fix.patch b/package/network/services/hostapd/patches/120-daemonize_fix.patch index 032e2072a3..0389406a98 100644 --- a/package/network/services/hostapd/patches/120-daemonize_fix.patch +++ b/package/network/services/hostapd/patches/120-daemonize_fix.patch @@ -8,7 +8,7 @@ #ifdef ANDROID #include -@@ -155,59 +156,46 @@ int os_gmtime(os_time_t t, struct os_tm +@@ -179,59 +180,46 @@ int os_gmtime(os_time_t t, struct os_tm return 0; } @@ -60,13 +60,13 @@ + if (chdir("/") < 0) return -1; - } -- + - return 0; -} -#else /* __APPLE__ */ -#define os_daemon daemon -#endif /* __APPLE__ */ - +- - -int os_daemonize(const char *pid_file) -{ diff --git a/package/network/services/hostapd/patches/130-no_eapol_fix.patch b/package/network/services/hostapd/patches/130-no_eapol_fix.patch index d23b47b03c..5aee3d07f1 100644 --- a/package/network/services/hostapd/patches/130-no_eapol_fix.patch +++ b/package/network/services/hostapd/patches/130-no_eapol_fix.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -252,9 +252,10 @@ void wpa_supplicant_cancel_auth_timeout( +@@ -257,9 +257,10 @@ void wpa_supplicant_cancel_auth_timeout( */ void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s) { diff --git a/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch b/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch index 6337d8d737..fdd5da9bf5 100644 --- a/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch +++ b/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch @@ -1,6 +1,6 @@ --- a/src/l2_packet/l2_packet_linux.c +++ b/src/l2_packet/l2_packet_linux.c -@@ -307,8 +307,7 @@ struct l2_packet_data * l2_packet_init_b +@@ -337,8 +337,7 @@ struct l2_packet_data * l2_packet_init_b l2 = l2_packet_init(br_ifname, own_addr, protocol, rx_callback, rx_callback_ctx, l2_hdr); @@ -8,5 +8,5 @@ - return NULL; + return l2; + #ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR /* - * The Linux packet socket behavior has changed over the years and there diff --git a/package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch b/package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch deleted file mode 100644 index 66c682fbd3..0000000000 --- a/package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch +++ /dev/null @@ -1,67 +0,0 @@ -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Mon, 11 Jan 2016 19:18:06 +0100 -Subject: [PATCH] nl80211: Report disassociated STA / lost peer for the correct - BSS -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We shouldn't use drv->ctx as it always points to the first BSS. When -using FullMAC driver with multi-BSS support it resulted in incorrect -treating nl80211 events. I noticed with with brcmfmac and BCM43602. - -Before my change I was getting "disassociated" on a wrong interface: -wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated -wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN) -wlan0: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated - -With this patch it works as expected: -wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated -wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN) -wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated - -This doesn't apply to hostapd dealing with SoftMAC drivers when handling -AP SME & MLME is done it hostapd not the firmware. - -Signed-off-by: Rafał Miłecki ---- - src/drivers/driver_nl80211_event.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - ---- a/src/drivers/driver_nl80211_event.c -+++ b/src/drivers/driver_nl80211_event.c -@@ -1154,6 +1154,7 @@ static void nl80211_new_station_event(st - - - static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, -+ struct i802_bss *bss, - struct nlattr **tb) - { - u8 *addr; -@@ -1166,7 +1167,7 @@ static void nl80211_del_station_event(st - MAC2STR(addr)); - - if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { -- drv_event_disassoc(drv->ctx, addr); -+ drv_event_disassoc(bss->ctx, addr); - return; - } - -@@ -1175,7 +1176,7 @@ static void nl80211_del_station_event(st - - os_memset(&data, 0, sizeof(data)); - os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); -- wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); -+ wpa_supplicant_event(bss->ctx, EVENT_IBSS_PEER_LOST, &data); - } - - -@@ -1939,7 +1940,7 @@ static void do_process_drv_event(struct - nl80211_new_station_event(drv, bss, tb); - break; - case NL80211_CMD_DEL_STATION: -- nl80211_del_station_event(drv, tb); -+ nl80211_del_station_event(drv, bss, tb); - break; - case NL80211_CMD_SET_REKEY_OFFLOAD: - nl80211_rekey_offload_event(drv, tb); diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch index de4a3a8e7f..e9d49d40fa 100644 --- a/package/network/services/hostapd/patches/200-multicall.patch +++ b/package/network/services/hostapd/patches/200-multicall.patch @@ -1,15 +1,25 @@ --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -17,6 +17,7 @@ export BINDIR ?= /usr/local/bin/ - # CFLAGS += -DUSE_KERNEL_HEADERS -I/usr/src/linux/include +@@ -28,6 +28,7 @@ CFLAGS += -I$(abspath ../src/utils) + export BINDIR ?= /usr/local/bin/ -include .config +-include $(if $(MULTICALL), ../wpa_supplicant/.config) - ifdef CONFIG_TESTING_OPTIONS - CFLAGS += -DCONFIG_TESTING_OPTIONS -@@ -242,10 +243,14 @@ ifdef CONFIG_IEEE80211AC - CFLAGS += -DCONFIG_IEEE80211AC + ifndef CONFIG_NO_GITVER + # Add VERSION_STR postfix for builds from a git repository +@@ -190,7 +191,8 @@ endif + + ifdef CONFIG_NO_VLAN + CFLAGS += -DCONFIG_NO_VLAN +-else ++endif ++ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN) + OBJS += ../src/ap/vlan_init.o + OBJS += ../src/ap/vlan_ifconfig.o + OBJS += ../src/ap/vlan.o +@@ -315,10 +317,14 @@ CFLAGS += -DCONFIG_MBO + OBJS += ../src/ap/mbo_ap.o endif +ifndef MULTICALL @@ -26,7 +36,7 @@ LIBS += $(DRV_AP_LIBS) ifdef CONFIG_L2_PACKET -@@ -941,6 +946,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) +@@ -1051,6 +1057,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) BCHECK=../src/drivers/build.hostapd @@ -39,7 +49,7 @@ hostapd: $(BCHECK) $(OBJS) $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS) @$(E) " LD " $@ -@@ -980,6 +991,12 @@ HOBJS += ../src/crypto/aes-internal.o +@@ -1092,6 +1104,12 @@ HOBJS += ../src/crypto/aes-internal.o HOBJS += ../src/crypto/aes-internal-enc.o endif @@ -54,15 +64,15 @@ @$(E) " LD " $@ --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -15,6 +15,7 @@ CFLAGS += -I$(abspath ../src) +@@ -27,6 +27,7 @@ CFLAGS += -I$(abspath ../src) CFLAGS += -I$(abspath ../src/utils) -include .config +-include $(if $(MULTICALL),../hostapd/.config) - ifdef CONFIG_TESTING_OPTIONS - CFLAGS += -DCONFIG_TESTING_OPTIONS -@@ -773,6 +774,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS + ifndef CONFIG_NO_GITVER + # Add VERSION_STR postfix for builds from a git repository +@@ -803,6 +804,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS LIBS += -ldl -rdynamic endif @@ -73,7 +83,7 @@ endif ifdef CONFIG_MACSEC -@@ -793,9 +798,11 @@ NEED_EAP_COMMON=y +@@ -823,9 +828,11 @@ NEED_EAP_COMMON=y NEED_RSN_AUTHENTICATOR=y CFLAGS += -DCONFIG_AP OBJS += ap.o @@ -85,7 +95,7 @@ OBJS += ../src/ap/hostapd.o OBJS += ../src/ap/wpa_auth_glue.o OBJS += ../src/ap/utils.o -@@ -858,10 +865,18 @@ endif +@@ -898,10 +905,18 @@ endif ifdef CONFIG_HS20 OBJS += ../src/ap/hs20.o endif @@ -104,7 +114,7 @@ NEED_AES_WRAP=y OBJS += ../src/ap/wpa_auth.o OBJS += ../src/ap/wpa_auth_ie.o -@@ -1603,6 +1618,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) +@@ -1680,6 +1695,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) $(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config @@ -117,8 +127,8 @@ wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs) $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS) @$(E) " LD " $@ -@@ -1694,6 +1715,12 @@ endif - $(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@ +@@ -1782,6 +1803,12 @@ endif + -e 's|\@DBUS_INTERFACE\@|$(DBUS_INTERFACE)|g' $< >$@ @$(E) " sed" $< +dump_cflags: @@ -132,7 +142,7 @@ wpa_cli.exe: wpa_cli --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -4581,8 +4581,8 @@ union wpa_event_data { +@@ -4794,8 +4794,8 @@ union wpa_event_data { * Driver wrapper code should call this function whenever an event is received * from the driver. */ @@ -141,11 +151,20 @@ +extern void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); + /** + * wpa_supplicant_event_global - Report a driver event for wpa_supplicant +@@ -4807,7 +4807,7 @@ void wpa_supplicant_event(void *ctx, enu + * Same as wpa_supplicant_event(), but we search for the interface in + * wpa_global. + */ +-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event, ++extern void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); /* --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c -@@ -1075,8 +1075,8 @@ static void hostapd_event_dfs_cac_starte +@@ -1157,8 +1157,8 @@ static void hostapd_event_dfs_cac_starte #endif /* NEED_AP_MLME */ @@ -156,9 +175,18 @@ { struct hostapd_data *hapd = ctx; #ifndef CONFIG_NO_STDOUT_DEBUG +@@ -1367,7 +1367,7 @@ void wpa_supplicant_event(void *ctx, enu + } + + +-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event, ++void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event, + union wpa_event_data *data) + { + struct hapd_interfaces *interfaces = ctx; --- a/wpa_supplicant/wpa_priv.c +++ b/wpa_supplicant/wpa_priv.c -@@ -819,8 +819,8 @@ static void wpa_priv_send_ft_response(st +@@ -940,8 +940,8 @@ static void wpa_priv_send_ft_response(st } @@ -169,17 +197,27 @@ { struct wpa_priv_interface *iface = ctx; -@@ -961,6 +961,7 @@ int main(int argc, char *argv[]) +@@ -1010,7 +1010,7 @@ void wpa_supplicant_event(void *ctx, enu + } + + +-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event, ++void supplicant_event_global(void *ctx, enum wpa_event_type event, + union wpa_event_data *data) + { + struct wpa_priv_global *global = ctx; +@@ -1122,6 +1122,8 @@ int main(int argc, char *argv[]) if (os_program_init()) return -1; + wpa_supplicant_event = supplicant_event; ++ wpa_supplicant_event_global = supplicant_event_global; wpa_priv_fd_workaround(); - for (;;) { + os_memset(&global, 0, sizeof(global)); --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c -@@ -3138,8 +3138,8 @@ static void wpa_supplicant_event_assoc_a +@@ -3384,8 +3384,8 @@ static void wpa_supplicant_event_assoc_a } @@ -189,88 +227,125 @@ + union wpa_event_data *data) { struct wpa_supplicant *wpa_s = ctx; + int resched; +@@ -4051,7 +4051,7 @@ void wpa_supplicant_event(void *ctx, enu + #endif /* CONFIG_AP */ + break; + case EVENT_ACS_CHANNEL_SELECTED: +-#ifdef CONFIG_ACS ++#if defined(CONFIG_ACS) && defined(CONFIG_AP) + if (!wpa_s->ap_iface) + break; + hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0], +@@ -4065,7 +4065,7 @@ void wpa_supplicant_event(void *ctx, enu + } + +-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event, ++void supplicant_event_global(void *ctx, enum wpa_event_type event, + union wpa_event_data *data) + { + struct wpa_supplicant *wpa_s; --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -4300,6 +4300,9 @@ static void wpa_supplicant_deinit_iface( - os_free(wpa_s); +@@ -4982,7 +4982,6 @@ struct wpa_interface * wpa_supplicant_ma + return NULL; } +- + /** + * wpa_supplicant_match_existing - Match existing interfaces + * @global: Pointer to global data from wpa_supplicant_init() +@@ -5019,6 +5018,11 @@ static int wpa_supplicant_match_existing + + #endif /* CONFIG_MATCH_IFACE */ + +extern void supplicant_event(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); + ++extern void supplicant_event_global(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); /** * wpa_supplicant_add_iface - Add a new network interface -@@ -4526,6 +4529,7 @@ struct wpa_global * wpa_supplicant_init( +@@ -5274,6 +5278,8 @@ struct wpa_global * wpa_supplicant_init( #ifndef CONFIG_NO_WPA_MSG wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb); #endif /* CONFIG_NO_WPA_MSG */ + wpa_supplicant_event = supplicant_event; ++ wpa_supplicant_event_global = supplicant_event_global; if (params->wpa_debug_file_path) wpa_debug_open_file(params->wpa_debug_file_path); --- a/hostapd/main.c +++ b/hostapd/main.c -@@ -511,6 +511,9 @@ static int hostapd_get_ctrl_iface_group( - return 0; +@@ -583,6 +583,11 @@ fail: + return -1; } +void hostapd_wpa_event(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); + ++void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); #ifdef CONFIG_WPS static int gen_uuid(const char *txt_addr) -@@ -562,6 +565,7 @@ int main(int argc, char *argv[]) - interfaces.global_iface_name = NULL; +@@ -660,6 +665,8 @@ int main(int argc, char *argv[]) interfaces.global_ctrl_sock = -1; + dl_list_init(&interfaces.global_ctrl_dst); + wpa_supplicant_event = hostapd_wpa_event; ++ wpa_supplicant_event_global = hostapd_wpa_event_global; for (;;) { - c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:"); + c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:"); if (c < 0) --- a/src/drivers/drivers.c +++ b/src/drivers/drivers.c -@@ -10,6 +10,9 @@ +@@ -10,6 +10,11 @@ #include "utils/common.h" #include "driver.h" +void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); ++void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); + #ifdef CONFIG_DRIVER_WEXT extern struct wpa_driver_ops wpa_driver_wext_ops; /* driver_wext.c */ #endif /* CONFIG_DRIVER_WEXT */ --- a/wpa_supplicant/eapol_test.c +++ b/wpa_supplicant/eapol_test.c -@@ -28,8 +28,12 @@ +@@ -29,7 +29,12 @@ #include "ctrl_iface.h" #include "pcsc_funcs.h" #include "wpas_glue.h" +#include "drivers/driver.h" - +void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); -+ - struct wpa_driver_ops *wpa_drivers[] = { NULL }; ++void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); + const struct wpa_driver_ops *const wpa_drivers[] = { NULL }; -@@ -1203,6 +1207,8 @@ static void usage(void) +@@ -1295,6 +1300,10 @@ static void usage(void) "option several times.\n"); } +extern void supplicant_event(void *ctx, enum wpa_event_type event, + union wpa_event_data *data); ++extern void supplicant_event_global(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); int main(int argc, char *argv[]) { -@@ -1221,6 +1227,7 @@ int main(int argc, char *argv[]) +@@ -1315,6 +1324,8 @@ int main(int argc, char *argv[]) if (os_program_init()) return -1; + wpa_supplicant_event = supplicant_event; ++ wpa_supplicant_event_global = supplicant_event_global; hostapd_logger_register_cb(hostapd_logger_cb); os_memset(&eapol_test, 0, sizeof(eapol_test)); diff --git a/package/network/services/hostapd/patches/300-noscan.patch b/package/network/services/hostapd/patches/300-noscan.patch index 57d8fe27bf..bb3d57b0ea 100644 --- a/package/network/services/hostapd/patches/300-noscan.patch +++ b/package/network/services/hostapd/patches/300-noscan.patch @@ -1,6 +1,6 @@ --- a/hostapd/config_file.c +++ b/hostapd/config_file.c -@@ -2771,6 +2771,10 @@ static int hostapd_config_fill(struct ho +@@ -2861,6 +2861,10 @@ static int hostapd_config_fill(struct ho } #endif /* CONFIG_IEEE80211W */ #ifdef CONFIG_IEEE80211N @@ -13,7 +13,7 @@ } else if (os_strcmp(buf, "ht_capab") == 0) { --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h -@@ -619,6 +619,8 @@ struct hostapd_config { +@@ -655,6 +655,8 @@ struct hostapd_config { int ht_op_mode_fixed; u16 ht_capab; @@ -21,21 +21,22 @@ + int no_ht_coex; int ieee80211n; int secondary_channel; - int require_ht; + int no_pri_sec_switch; --- a/src/ap/hw_features.c +++ b/src/ap/hw_features.c -@@ -461,7 +461,7 @@ static int ieee80211n_check_40mhz(struct - struct wpa_driver_scan_params params; +@@ -474,7 +474,8 @@ static int ieee80211n_check_40mhz(struct int ret; -- if (!iface->conf->secondary_channel) -+ if (!iface->conf->secondary_channel || iface->conf->noscan) - return 0; /* HT40 not used */ + /* Check that HT40 is used and PRI / SEC switch is allowed */ +- if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch) ++ if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch || ++ iface->conf->noscan) + return 0; hostapd_set_state(iface, HAPD_IFACE_HT_SCAN); --- a/src/ap/ieee802_11_ht.c +++ b/src/ap/ieee802_11_ht.c -@@ -221,6 +221,9 @@ void hostapd_2040_coex_action(struct hos +@@ -244,6 +244,9 @@ void hostapd_2040_coex_action(struct hos if (!(iface->conf->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) return; @@ -45,7 +46,7 @@ if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) return; -@@ -346,6 +349,9 @@ void ht40_intolerant_add(struct hostapd_ +@@ -368,6 +371,9 @@ void ht40_intolerant_add(struct hostapd_ if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) return; diff --git a/package/network/services/hostapd/patches/310-rescan_immediately.patch b/package/network/services/hostapd/patches/310-rescan_immediately.patch index 7be8c32e3b..d9486ed405 100644 --- a/package/network/services/hostapd/patches/310-rescan_immediately.patch +++ b/package/network/services/hostapd/patches/310-rescan_immediately.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -3249,7 +3249,7 @@ wpa_supplicant_alloc(struct wpa_supplica +@@ -3548,7 +3548,7 @@ wpa_supplicant_alloc(struct wpa_supplica if (wpa_s == NULL) return NULL; wpa_s->scan_req = INITIAL_SCAN_REQ; @@ -8,4 +8,4 @@ + wpa_s->scan_interval = 1; wpa_s->new_connection = 1; wpa_s->parent = parent ? parent : wpa_s; - wpa_s->sched_scanning = 0; + wpa_s->p2pdev = wpa_s->parent; diff --git a/package/network/services/hostapd/patches/320-optional_rfkill.patch b/package/network/services/hostapd/patches/320-optional_rfkill.patch index 75b4b07f82..cf2a2c108b 100644 --- a/package/network/services/hostapd/patches/320-optional_rfkill.patch +++ b/package/network/services/hostapd/patches/320-optional_rfkill.patch @@ -1,14 +1,14 @@ --- a/src/drivers/drivers.mak +++ b/src/drivers/drivers.mak -@@ -34,7 +34,6 @@ NEED_SME=y +@@ -36,7 +36,6 @@ NEED_SME=y NEED_AP_MLME=y NEED_NETLINK=y NEED_LINUX_IOCTL=y -NEED_RFKILL=y + NEED_RADIOTAP=y ifdef CONFIG_LIBNL32 - DRV_LIBS += -lnl-3 -@@ -116,7 +115,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT +@@ -123,7 +122,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT CONFIG_WIRELESS_EXTENSION=y NEED_NETLINK=y NEED_LINUX_IOCTL=y @@ -16,7 +16,7 @@ endif ifdef CONFIG_DRIVER_NDIS -@@ -142,7 +140,6 @@ endif +@@ -149,7 +147,6 @@ endif ifdef CONFIG_WIRELESS_EXTENSION DRV_WPA_CFLAGS += -DCONFIG_WIRELESS_EXTENSION DRV_WPA_OBJS += ../src/drivers/driver_wext.o @@ -24,14 +24,14 @@ endif ifdef NEED_NETLINK -@@ -155,6 +152,7 @@ endif +@@ -162,6 +159,7 @@ endif ifdef NEED_RFKILL DRV_OBJS += ../src/drivers/rfkill.o +DRV_WPA_CFLAGS += -DCONFIG_RFKILL endif - ifdef CONFIG_VLAN_NETLINK + ifdef NEED_RADIOTAP --- a/src/drivers/rfkill.h +++ b/src/drivers/rfkill.h @@ -18,8 +18,24 @@ struct rfkill_config { diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch index dd90877e90..ca4601247b 100644 --- a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch +++ b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch @@ -1,6 +1,6 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -3616,7 +3616,7 @@ static int nl80211_set_channel(struct i8 +@@ -3795,7 +3795,7 @@ static int nl80211_set_channel(struct i8 freq->freq, freq->ht_enabled, freq->vht_enabled, freq->bandwidth, freq->center_freq1, freq->center_freq2); diff --git a/package/network/services/hostapd/patches/340-reload_freq_change.patch b/package/network/services/hostapd/patches/340-reload_freq_change.patch index 91b61964dd..086ade9ced 100644 --- a/package/network/services/hostapd/patches/340-reload_freq_change.patch +++ b/package/network/services/hostapd/patches/340-reload_freq_change.patch @@ -1,6 +1,6 @@ --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -76,6 +76,16 @@ static void hostapd_reload_bss(struct ho +@@ -80,6 +80,16 @@ static void hostapd_reload_bss(struct ho #endif /* CONFIG_NO_RADIUS */ ssid = &hapd->conf->ssid; @@ -17,7 +17,7 @@ if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next && ssid->wpa_passphrase_set && ssid->wpa_passphrase) { /* -@@ -175,21 +185,12 @@ int hostapd_reload_config(struct hostapd +@@ -179,21 +189,12 @@ int hostapd_reload_config(struct hostapd oldconf = hapd->iconf; iface->conf = newconf; diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch index a14fa03527..247f154e30 100644 --- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch +++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch @@ -1,6 +1,6 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -2254,13 +2254,18 @@ wpa_driver_nl80211_finish_drv_init(struc +@@ -2394,13 +2394,18 @@ wpa_driver_nl80211_finish_drv_init(struc } @@ -22,7 +22,7 @@ return send_and_recv_msgs(drv, msg, NULL, NULL); } -@@ -2311,7 +2316,7 @@ static void wpa_driver_nl80211_deinit(st +@@ -2452,7 +2457,7 @@ static void wpa_driver_nl80211_deinit(st nl80211_remove_monitor_interface(drv); if (is_ap_interface(drv->nlmode)) @@ -31,7 +31,7 @@ if (drv->eapol_sock >= 0) { eloop_unregister_read_sock(drv->eapol_sock); -@@ -4140,8 +4145,7 @@ static void nl80211_teardown_ap(struct i +@@ -4385,8 +4390,7 @@ static void nl80211_teardown_ap(struct i nl80211_remove_monitor_interface(drv); else nl80211_mgmt_unsubscribe(bss, "AP teardown"); @@ -41,7 +41,7 @@ } -@@ -6066,8 +6070,6 @@ static int wpa_driver_nl80211_if_remove( +@@ -6387,8 +6391,6 @@ static int wpa_driver_nl80211_if_remove( } else { wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); nl80211_teardown_ap(bss); @@ -50,7 +50,7 @@ nl80211_destroy_bss(bss); if (!bss->added_if) i802_set_iface_flags(bss, 0); -@@ -6389,8 +6391,7 @@ static int wpa_driver_nl80211_deinit_ap( +@@ -6750,8 +6752,7 @@ static int wpa_driver_nl80211_deinit_ap( struct wpa_driver_nl80211_data *drv = bss->drv; if (!is_ap_interface(drv->nlmode)) return -1; @@ -60,7 +60,7 @@ /* * If the P2P GO interface was dynamically added, then it is -@@ -6409,8 +6410,7 @@ static int wpa_driver_nl80211_stop_ap(vo +@@ -6770,8 +6771,7 @@ static int wpa_driver_nl80211_stop_ap(vo struct wpa_driver_nl80211_data *drv = bss->drv; if (!is_ap_interface(drv->nlmode)) return -1; diff --git a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch index 06b005ea3a..1e405cbf0e 100644 --- a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch +++ b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch @@ -1,22 +1,22 @@ --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c -@@ -45,6 +45,7 @@ - #include "wps/wps.h" +@@ -54,6 +54,7 @@ + #include "fst/fst_ctrl_iface.h" #include "config_file.h" #include "ctrl_iface.h" +#include "config_file.h" - struct wpa_ctrl_dst { -@@ -55,6 +56,7 @@ struct wpa_ctrl_dst { - int errors; - }; + #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256 +@@ -72,6 +73,7 @@ static void hostapd_ctrl_iface_send(stru + enum wpa_msg_type type, + const char *buf, size_t len); +static char *reload_opts = NULL; - static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level, - const char *buf, size_t len); -@@ -164,6 +166,61 @@ static int hostapd_ctrl_iface_new_sta(st + static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd, + struct sockaddr_storage *from, +@@ -123,6 +125,61 @@ static int hostapd_ctrl_iface_new_sta(st return 0; } @@ -78,7 +78,7 @@ #ifdef CONFIG_IEEE80211W #ifdef NEED_AP_MLME -@@ -2086,6 +2143,8 @@ static void hostapd_ctrl_iface_receive(i +@@ -2483,6 +2540,8 @@ static int hostapd_ctrl_iface_receive_pr } else if (os_strncmp(buf, "VENDOR ", 7) == 0) { reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply, reply_size); @@ -89,7 +89,7 @@ #ifdef RADIUS_SERVER --- a/src/ap/ctrl_iface_ap.c +++ b/src/ap/ctrl_iface_ap.c -@@ -541,5 +541,11 @@ int hostapd_parse_csa_settings(const cha +@@ -593,7 +593,13 @@ int hostapd_parse_csa_settings(const cha int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd) { @@ -102,3 +102,5 @@ + + return 0; } + + diff --git a/package/network/services/hostapd/patches/370-ap_sta_support.patch b/package/network/services/hostapd/patches/370-ap_sta_support.patch index ea235e6778..6b70215c43 100644 --- a/package/network/services/hostapd/patches/370-ap_sta_support.patch +++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h -@@ -110,6 +110,11 @@ struct wpa_interface { +@@ -100,6 +100,11 @@ struct wpa_interface { const char *ifname; /** @@ -12,8 +12,8 @@ * bridge_ifname - Optional bridge interface name * * If the driver interface (ifname) is included in a Linux bridge -@@ -442,6 +447,8 @@ struct wpa_supplicant { - #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */ +@@ -484,6 +489,8 @@ struct wpa_supplicant { + #endif /* CONFIG_CTRL_IFACE_BINDER */ char bridge_ifname[16]; + struct wpa_ctrl *hostapd; @@ -23,7 +23,7 @@ --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -14,6 +14,10 @@ CFLAGS += $(EXTRA_CFLAGS) +@@ -26,6 +26,10 @@ CFLAGS += $(EXTRA_CFLAGS) CFLAGS += -I$(abspath ../src) CFLAGS += -I$(abspath ../src/utils) @@ -34,7 +34,7 @@ -include .config -include $(if $(MULTICALL),../hostapd/.config) -@@ -84,6 +88,8 @@ OBJS_c += ../src/utils/wpa_debug.o +@@ -113,6 +117,8 @@ OBJS_c += ../src/utils/wpa_debug.o OBJS_c += ../src/utils/common.o OBJS += wmm_ac.o @@ -45,7 +45,7 @@ CONFIG_OS=win32 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -107,6 +107,55 @@ const char *wpa_supplicant_full_license5 +@@ -112,6 +112,55 @@ const char *const wpa_supplicant_full_li "\n"; #endif /* CONFIG_NO_STDOUT_DEBUG */ @@ -73,7 +73,7 @@ + int ret; + + if (!bss) -+ return; ++ return -1; + + if (bss->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) { + int sec = bss->ht_param & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK; @@ -101,7 +101,7 @@ /* Configure default/group WEP keys for static WEP */ int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { -@@ -743,8 +792,12 @@ void wpa_supplicant_set_state(struct wpa +@@ -812,8 +861,12 @@ void wpa_supplicant_set_state(struct wpa wpas_p2p_completed(wpa_s); sme_sched_obss_scan(wpa_s, 1); @@ -114,7 +114,7 @@ wpa_s->new_connection = 1; wpa_drv_set_operstate(wpa_s, 0); #ifndef IEEE8021X_EAPOL -@@ -4038,6 +4091,20 @@ static int wpa_supplicant_init_iface(str +@@ -4638,6 +4691,20 @@ static int wpa_supplicant_init_iface(str sizeof(wpa_s->bridge_ifname)); } @@ -135,7 +135,7 @@ /* RSNA Supplicant Key Management - INITIALIZE */ eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); eapol_sm_notify_portValid(wpa_s->eapol, FALSE); -@@ -4280,6 +4347,11 @@ static void wpa_supplicant_deinit_iface( +@@ -4929,6 +4996,11 @@ static void wpa_supplicant_deinit_iface( if (terminate) wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING); @@ -157,7 +157,7 @@ #include "drivers/driver.h" #include "wpa_supplicant_i.h" #include "config.h" -@@ -277,6 +278,10 @@ static void calculate_update_time(const +@@ -287,6 +288,10 @@ static void calculate_update_time(const static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src, struct os_reltime *fetch_time) { @@ -168,7 +168,7 @@ dst->flags = src->flags; os_memcpy(dst->bssid, src->bssid, ETH_ALEN); dst->freq = src->freq; -@@ -289,6 +294,15 @@ static void wpa_bss_copy_res(struct wpa_ +@@ -299,6 +304,15 @@ static void wpa_bss_copy_res(struct wpa_ dst->est_throughput = src->est_throughput; dst->snr = src->snr; @@ -186,7 +186,7 @@ --- a/wpa_supplicant/main.c +++ b/wpa_supplicant/main.c -@@ -33,7 +33,7 @@ static void usage(void) +@@ -34,7 +34,7 @@ static void usage(void) "vW] [-P] " "[-g] \\\n" " [-G] \\\n" @@ -195,24 +195,24 @@ "[-p] \\\n" " [-b] [-e]" #ifdef CONFIG_DEBUG_FILE -@@ -84,6 +84,7 @@ static void usage(void) - #endif /* CONFIG_DEBUG_LINUX_TRACING */ - printf(" -t = include timestamp in debug messages\n" +@@ -74,6 +74,7 @@ static void usage(void) + " -g = global ctrl_interface\n" + " -G = global ctrl_interface group\n" " -h = show this help text\n" + " -H = connect to a hostapd instance to manage state changes\n" - " -L = show license (BSD)\n" - " -o = override driver parameter for new interfaces\n" - " -O = override ctrl_interface parameter for new interfaces\n" -@@ -175,7 +176,7 @@ int main(int argc, char *argv[]) + " -i = interface name\n" + " -I = additional configuration file\n" + " -K = include keys (passwords, etc.) in debug output\n" +@@ -201,7 +202,7 @@ int main(int argc, char *argv[]) for (;;) { c = getopt(argc, argv, -- "b:Bc:C:D:de:f:g:G:hi:I:KLm:No:O:p:P:qsTtuvW"); -+ "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuvW"); +- "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW"); ++ "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuvW"); if (c < 0) break; switch (c) { -@@ -222,6 +223,9 @@ int main(int argc, char *argv[]) +@@ -248,6 +249,9 @@ int main(int argc, char *argv[]) usage(); exitcode = 0; goto out; @@ -224,8 +224,8 @@ break; --- a/wpa_supplicant/bss.h +++ b/wpa_supplicant/bss.h -@@ -72,6 +72,10 @@ struct wpa_bss { - u8 ssid[32]; +@@ -79,6 +79,10 @@ struct wpa_bss { + u8 ssid[SSID_MAX_LEN]; /** Length of SSID */ size_t ssid_len; + /** HT caapbilities */ diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch index 3a41b8219e..ef9c9db9a5 100644 --- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch +++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch @@ -1,18 +1,18 @@ --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -168,6 +168,9 @@ endif +@@ -212,6 +212,9 @@ endif ifdef CONFIG_NO_CTRL_IFACE CFLAGS += -DCONFIG_NO_CTRL_IFACE else +ifdef CONFIG_CTRL_IFACE_MIB +CFLAGS += -DCONFIG_CTRL_IFACE_MIB +endif - OBJS += ctrl_iface.o - OBJS += ../src/ap/ctrl_iface_ap.o - endif + ifeq ($(CONFIG_CTRL_IFACE), udp) + CFLAGS += -DCONFIG_CTRL_IFACE_UDP + else --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c -@@ -1953,6 +1953,7 @@ static void hostapd_ctrl_iface_receive(i +@@ -2342,6 +2342,7 @@ static int hostapd_ctrl_iface_receive_pr reply_size); } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) { reply_len = hostapd_drv_status(hapd, reply, reply_size); @@ -20,18 +20,18 @@ } else if (os_strcmp(buf, "MIB") == 0) { reply_len = ieee802_11_get_mib(hapd, reply, reply_size); if (reply_len >= 0) { -@@ -1994,6 +1995,7 @@ static void hostapd_ctrl_iface_receive(i +@@ -2383,6 +2384,7 @@ static int hostapd_ctrl_iface_receive_pr } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply, reply_size); +#endif } else if (os_strcmp(buf, "ATTACH") == 0) { - if (hostapd_ctrl_iface_attach(hapd, &from, fromlen)) + if (hostapd_ctrl_iface_attach(hapd, from, fromlen)) reply_len = -1; --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -837,6 +837,9 @@ ifdef CONFIG_WNM - OBJS += ../src/ap/wnm_ap.o +@@ -872,6 +872,9 @@ ifdef CONFIG_MBO + OBJS += ../src/ap/mbo_ap.o endif ifdef CONFIG_CTRL_IFACE +ifdef CONFIG_CTRL_IFACE_MIB @@ -42,7 +42,7 @@ --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c -@@ -1795,7 +1795,7 @@ static int wpa_supplicant_ctrl_iface_sta +@@ -1895,7 +1895,7 @@ static int wpa_supplicant_ctrl_iface_sta pos += ret; } @@ -51,7 +51,7 @@ if (wpa_s->ap_iface) { pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos, end - pos, -@@ -7896,6 +7896,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -8687,6 +8687,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = -1; } else if (os_strncmp(buf, "NOTE ", 5) == 0) { wpa_printf(MSG_INFO, "NOTE: %s", buf + 5); @@ -59,7 +59,7 @@ } else if (os_strcmp(buf, "MIB") == 0) { reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size); if (reply_len >= 0) { -@@ -7903,6 +7904,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -8694,6 +8695,7 @@ char * wpa_supplicant_ctrl_iface_process reply + reply_len, reply_size - reply_len); } @@ -67,7 +67,7 @@ } else if (os_strncmp(buf, "STATUS", 6) == 0) { reply_len = wpa_supplicant_ctrl_iface_status( wpa_s, buf + 6, reply, reply_size); -@@ -8353,6 +8355,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -9164,6 +9166,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = wpa_supplicant_ctrl_iface_bss( wpa_s, buf + 4, reply, reply_size); #ifdef CONFIG_AP @@ -75,7 +75,7 @@ } else if (os_strcmp(buf, "STA-FIRST") == 0) { reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size); } else if (os_strncmp(buf, "STA ", 4) == 0) { -@@ -8361,12 +8364,15 @@ char * wpa_supplicant_ctrl_iface_process +@@ -9172,12 +9175,15 @@ char * wpa_supplicant_ctrl_iface_process } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply, reply_size); @@ -93,15 +93,15 @@ reply_len = -1; --- a/src/ap/ctrl_iface_ap.c +++ b/src/ap/ctrl_iface_ap.c -@@ -22,6 +22,7 @@ - #include "ctrl_iface_ap.h" +@@ -24,6 +24,7 @@ #include "ap_drv_ops.h" + #include "mbo_ap.h" +#ifdef CONFIG_CTRL_IFACE_MIB static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd, struct sta_info *sta, -@@ -224,6 +225,7 @@ int hostapd_ctrl_iface_sta_next(struct h +@@ -249,6 +250,7 @@ int hostapd_ctrl_iface_sta_next(struct h return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen); } @@ -111,33 +111,33 @@ static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype, --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c -@@ -2337,6 +2337,7 @@ static const char * bool_txt(Boolean boo - return bool_val ? "TRUE" : "FALSE"; +@@ -2441,6 +2441,7 @@ static const char * bool_txt(Boolean val + return val ? "TRUE" : "FALSE"; } +#ifdef CONFIG_CTRL_IFACE_MIB int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) { -@@ -2512,6 +2513,7 @@ int ieee802_1x_get_mib_sta(struct hostap +@@ -2616,6 +2617,7 @@ int ieee802_1x_get_mib_sta(struct hostap return len; } +#endif - static void ieee802_1x_finished(struct hostapd_data *hapd, - struct sta_info *sta, int success, + #ifdef CONFIG_HS20 + static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx) --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c -@@ -2999,6 +2999,7 @@ static const char * wpa_bool_txt(int boo - return bool ? "TRUE" : "FALSE"; +@@ -3069,6 +3069,7 @@ static const char * wpa_bool_txt(int val + return val ? "TRUE" : "FALSE"; } +#ifdef CONFIG_CTRL_IFACE_MIB #define RSN_SUITE "%02x-%02x-%02x-%d" #define RSN_SUITE_ARG(s) \ -@@ -3143,7 +3144,7 @@ int wpa_get_mib_sta(struct wpa_state_mac +@@ -3213,7 +3214,7 @@ int wpa_get_mib_sta(struct wpa_state_mac return len; } @@ -148,7 +148,7 @@ { --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c -@@ -2032,6 +2032,8 @@ static u32 wpa_key_mgmt_suite(struct wpa +@@ -2108,6 +2108,8 @@ static u32 wpa_key_mgmt_suite(struct wpa } @@ -157,7 +157,7 @@ #define RSN_SUITE "%02x-%02x-%02x-%d" #define RSN_SUITE_ARG(s) \ ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff -@@ -2115,6 +2117,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch +@@ -2191,6 +2193,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch return (int) len; } @@ -167,7 +167,7 @@ --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c -@@ -1015,7 +1015,7 @@ int wpas_ap_wps_nfc_report_handover(stru +@@ -1114,7 +1114,7 @@ int wpas_ap_wps_nfc_report_handover(stru #endif /* CONFIG_WPS */ diff --git a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch index 1065a7f125..c9e7bf4209 100644 --- a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch +++ b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch @@ -1,6 +1,6 @@ --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c -@@ -1228,6 +1228,31 @@ u32 wpa_akm_to_suite(int akm) +@@ -1244,6 +1244,31 @@ u32 wpa_akm_to_suite(int akm) } @@ -32,7 +32,7 @@ int wpa_compare_rsn_ie(int ft_initial_assoc, const u8 *ie1, size_t ie1len, const u8 *ie2, size_t ie2len) -@@ -1235,8 +1260,19 @@ int wpa_compare_rsn_ie(int ft_initial_as +@@ -1251,8 +1276,19 @@ int wpa_compare_rsn_ie(int ft_initial_as if (ie1 == NULL || ie2 == NULL) return -1; diff --git a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch index 083af5b450..f5872cd597 100644 --- a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch +++ b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch @@ -1,25 +1,22 @@ --- a/src/ap/wps_hostapd.c +++ b/src/ap/wps_hostapd.c -@@ -1052,11 +1052,9 @@ int hostapd_init_wps(struct hostapd_data - - if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) +@@ -352,8 +352,7 @@ static int hapd_wps_reconfig_in_memory(s + bss->wpa_pairwise |= WPA_CIPHER_GCMP; + else + bss->wpa_pairwise |= WPA_CIPHER_CCMP; +- } +- if (cred->encr_type & WPS_ENCR_TKIP) ++ } else if (cred->encr_type & WPS_ENCR_TKIP) + bss->wpa_pairwise |= WPA_CIPHER_TKIP; + bss->rsn_pairwise = bss->wpa_pairwise; + bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, +@@ -1073,8 +1072,7 @@ int hostapd_init_wps(struct hostapd_data + if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) { wps->encr_types |= WPS_ENCR_AES; -- if (conf->rsn_pairwise & WPA_CIPHER_TKIP) -+ else if (conf->rsn_pairwise & WPA_CIPHER_TKIP) + wps->encr_types_rsn |= WPS_ENCR_AES; +- } +- if (conf->rsn_pairwise & WPA_CIPHER_TKIP) { ++ } else if (conf->rsn_pairwise & WPA_CIPHER_TKIP) { wps->encr_types |= WPS_ENCR_TKIP; -- } -- -- if (conf->wpa & WPA_PROTO_WPA) { -+ } else if (conf->wpa & WPA_PROTO_WPA) { - if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) - wps->auth_types |= WPS_AUTH_WPAPSK; - if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) -@@ -1064,7 +1062,7 @@ int hostapd_init_wps(struct hostapd_data - - if (conf->wpa_pairwise & WPA_CIPHER_CCMP) - wps->encr_types |= WPS_ENCR_AES; -- if (conf->wpa_pairwise & WPA_CIPHER_TKIP) -+ else if (conf->wpa_pairwise & WPA_CIPHER_TKIP) - wps->encr_types |= WPS_ENCR_TKIP; - } - + wps->encr_types_rsn |= WPS_ENCR_TKIP; + } diff --git a/package/network/services/hostapd/patches/410-limit_debug_messages.patch b/package/network/services/hostapd/patches/410-limit_debug_messages.patch index da887321c6..a48b6962ee 100644 --- a/package/network/services/hostapd/patches/410-limit_debug_messages.patch +++ b/package/network/services/hostapd/patches/410-limit_debug_messages.patch @@ -64,7 +64,7 @@ #ifdef CONFIG_DEBUG_FILE static char *last_path = NULL; #endif /* CONFIG_DEBUG_FILE */ -@@ -602,7 +576,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_ +@@ -604,7 +578,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_ } @@ -73,7 +73,7 @@ { va_list ap; char *buf; -@@ -640,7 +614,7 @@ void wpa_msg(void *ctx, int level, const +@@ -642,7 +616,7 @@ void wpa_msg(void *ctx, int level, const } @@ -183,7 +183,7 @@ /* * wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce -@@ -181,7 +222,12 @@ void wpa_hexdump_ascii_key(int level, co +@@ -182,7 +223,12 @@ void wpa_hexdump_ascii_key(int level, co * * Note: New line '\n' is added to the end of the text when printing to stdout. */ @@ -197,7 +197,7 @@ /** * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors -@@ -195,8 +241,13 @@ void wpa_msg(void *ctx, int level, const +@@ -196,8 +242,13 @@ void wpa_msg(void *ctx, int level, const * attached ctrl_iface monitors. In other words, it can be used for frequent * events that do not need to be sent to syslog. */ diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch index 64c92df6bb..335e71eb51 100644 --- a/package/network/services/hostapd/patches/420-indicate-features.patch +++ b/package/network/services/hostapd/patches/420-indicate-features.patch @@ -8,16 +8,16 @@ #include "crypto/random.h" #include "crypto/tls.h" #include "common/version.h" -@@ -567,7 +568,7 @@ int main(int argc, char *argv[]) - +@@ -668,7 +669,7 @@ int main(int argc, char *argv[]) wpa_supplicant_event = hostapd_wpa_event; + wpa_supplicant_event_global = hostapd_wpa_event_global; for (;;) { -- c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:"); -+ c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:g:G:v::"); +- c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:"); ++ c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:g:G:v::"); if (c < 0) break; switch (c) { -@@ -604,6 +605,8 @@ int main(int argc, char *argv[]) +@@ -705,6 +706,8 @@ int main(int argc, char *argv[]) break; #endif /* CONFIG_DEBUG_LINUX_TRACING */ case 'v': @@ -33,19 +33,19 @@ #include "common.h" +#include "build_features.h" + #include "fst/fst.h" #include "wpa_supplicant_i.h" #include "driver_i.h" - #include "p2p_supplicant.h" -@@ -176,7 +177,7 @@ int main(int argc, char *argv[]) +@@ -202,7 +203,7 @@ int main(int argc, char *argv[]) for (;;) { c = getopt(argc, argv, -- "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuvW"); -+ "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuv::W"); +- "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuvW"); ++ "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuv::W"); if (c < 0) break; switch (c) { -@@ -279,8 +280,12 @@ int main(int argc, char *argv[]) +@@ -305,8 +306,12 @@ int main(int argc, char *argv[]) break; #endif /* CONFIG_DBUS */ case 'v': diff --git a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch index 85d2e1603b..d07b747c3d 100644 --- a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch +++ b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch @@ -1,6 +1,6 @@ --- a/hostapd/hostapd_cli.c +++ b/hostapd/hostapd_cli.c -@@ -67,7 +67,6 @@ static const char *commands_help = +@@ -69,7 +69,6 @@ static const char *const commands_help = #ifdef CONFIG_IEEE80211W " sa_query send SA Query to a station\n" #endif /* CONFIG_IEEE80211W */ @@ -8,7 +8,7 @@ " wps_pin [timeout] [addr] add WPS Enrollee PIN\n" " wps_check_pin verify PIN checksum\n" " wps_pbc indicate button pushed to initiate PBC\n" -@@ -80,7 +79,6 @@ static const char *commands_help = +@@ -82,7 +81,6 @@ static const char *const commands_help = " wps_ap_pin [params..] enable/disable AP PIN\n" " wps_config configure AP\n" " wps_get_status show current WPS status\n" @@ -16,7 +16,7 @@ " get_config show current configuration\n" " help show this usage help\n" " interface [ifname] show interfaces/select interface\n" -@@ -353,7 +351,6 @@ static int hostapd_cli_cmd_sa_query(stru +@@ -418,7 +416,6 @@ static int hostapd_cli_cmd_sa_query(stru #endif /* CONFIG_IEEE80211W */ @@ -24,7 +24,7 @@ static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc, char *argv[]) { -@@ -579,7 +576,6 @@ static int hostapd_cli_cmd_wps_config(st +@@ -644,7 +641,6 @@ static int hostapd_cli_cmd_wps_config(st ssid_hex, argv[1]); return wpa_ctrl_command(ctrl, buf); } @@ -32,7 +32,7 @@ static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc, -@@ -1027,7 +1023,6 @@ static struct hostapd_cli_cmd hostapd_cl +@@ -1236,7 +1232,6 @@ static const struct hostapd_cli_cmd host #ifdef CONFIG_IEEE80211W { "sa_query", hostapd_cli_cmd_sa_query }, #endif /* CONFIG_IEEE80211W */ @@ -40,7 +40,7 @@ { "wps_pin", hostapd_cli_cmd_wps_pin }, { "wps_check_pin", hostapd_cli_cmd_wps_check_pin }, { "wps_pbc", hostapd_cli_cmd_wps_pbc }, -@@ -1041,7 +1036,6 @@ static struct hostapd_cli_cmd hostapd_cl +@@ -1250,7 +1245,6 @@ static const struct hostapd_cli_cmd host { "wps_ap_pin", hostapd_cli_cmd_wps_ap_pin }, { "wps_config", hostapd_cli_cmd_wps_config }, { "wps_get_status", hostapd_cli_cmd_wps_get_status }, diff --git a/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch b/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch index 874ff4bccc..256f6b5977 100644 --- a/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch +++ b/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch @@ -1,13 +1,12 @@ --- a/wpa_supplicant/wpa_cli.c +++ b/wpa_supplicant/wpa_cli.c -@@ -26,6 +26,10 @@ +@@ -25,6 +25,9 @@ + #include #endif /* ANDROID */ - +#ifndef CONFIG_P2P +#define CONFIG_P2P +#endif -+ - static const char *wpa_cli_version = + + static const char *const wpa_cli_version = "wpa_cli v" VERSION_STR "\n" - "Copyright (c) 2004-2015, Jouni Malinen and contributors"; diff --git a/package/network/services/hostapd/patches/440-max_num_sta_probe.patch b/package/network/services/hostapd/patches/440-max_num_sta_probe.patch deleted file mode 100644 index 74aef26d64..0000000000 --- a/package/network/services/hostapd/patches/440-max_num_sta_probe.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- a/src/ap/beacon.c -+++ b/src/ap/beacon.c -@@ -664,6 +664,10 @@ void handle_probe_req(struct hostapd_dat - return; - } - -+ if (!sta && hapd->num_sta >= hapd->conf->max_num_sta) -+ wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " ignored," -+ " too many connected stations.", MAC2STR(mgmt->sa)); -+ - #ifdef CONFIG_INTERWORKING - if (hapd->conf->interworking && - elems.interworking && elems.interworking_len >= 1) { diff --git a/package/network/services/hostapd/patches/450-scan_wait.patch b/package/network/services/hostapd/patches/450-scan_wait.patch index 87ebd4552f..78cf3064fa 100644 --- a/package/network/services/hostapd/patches/450-scan_wait.patch +++ b/package/network/services/hostapd/patches/450-scan_wait.patch @@ -1,6 +1,6 @@ --- a/hostapd/main.c +++ b/hostapd/main.c -@@ -36,6 +36,8 @@ struct hapd_global { +@@ -37,6 +37,8 @@ struct hapd_global { }; static struct hapd_global global; @@ -9,7 +9,7 @@ #ifndef CONFIG_NO_HOSTAPD_LOGGER -@@ -142,6 +144,14 @@ static void hostapd_logger_cb(void *ctx, +@@ -143,6 +145,14 @@ static void hostapd_logger_cb(void *ctx, } #endif /* CONFIG_NO_HOSTAPD_LOGGER */ @@ -24,7 +24,7 @@ /** * hostapd_driver_init - Preparate driver interface -@@ -160,6 +170,8 @@ static int hostapd_driver_init(struct ho +@@ -161,6 +171,8 @@ static int hostapd_driver_init(struct ho return -1; } @@ -33,7 +33,7 @@ /* Initialize the driver interface */ if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5])) b = NULL; -@@ -381,8 +393,6 @@ static void hostapd_global_deinit(const +@@ -401,8 +413,6 @@ static void hostapd_global_deinit(const #endif /* CONFIG_NATIVE_WINDOWS */ eap_server_unregister_methods(); @@ -42,19 +42,26 @@ } -@@ -408,11 +418,6 @@ static int hostapd_global_run(struct hap +@@ -428,18 +438,6 @@ static int hostapd_global_run(struct hap } #endif /* EAP_SERVER_TNC */ -- if (daemonize && os_daemonize(pid_file)) { -- wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno)); -- return -1; +- if (daemonize) { +- if (os_daemonize(pid_file)) { +- wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno)); +- return -1; +- } +- if (eloop_sock_requeue()) { +- wpa_printf(MSG_ERROR, "eloop_sock_requeue: %s", +- strerror(errno)); +- return -1; +- } - } - eloop_run(); return 0; -@@ -542,8 +547,7 @@ int main(int argc, char *argv[]) +@@ -638,8 +636,7 @@ int main(int argc, char *argv[]) struct hapd_interfaces interfaces; int ret = 1; size_t i, j; diff --git a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch index 217e701501..ec84b9a4b2 100644 --- a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch +++ b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch @@ -20,9 +20,9 @@ Signed-hostap: Antonio Quartulli +#include "drivers/nl80211_copy.h" #include "common/defs.h" + #include "common/ieee802_11_defs.h" #include "utils/list.h" - -@@ -538,6 +539,9 @@ struct wpa_driver_associate_params { +@@ -587,6 +588,9 @@ struct wpa_driver_associate_params { * responsible for selecting with which BSS to associate. */ const u8 *bssid; @@ -34,15 +34,15 @@ Signed-hostap: Antonio Quartulli * --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c -@@ -15,6 +15,7 @@ - #include "rsn_supp/wpa.h" +@@ -16,6 +16,7 @@ #include "eap_peer/eap.h" #include "p2p/p2p.h" + #include "fst/fst.h" +#include "drivers/nl80211_copy.h" #include "config.h" -@@ -1722,6 +1723,97 @@ static char * wpa_config_write_mesh_basi +@@ -1816,6 +1817,97 @@ static char * wpa_config_write_mesh_basi #endif /* CONFIG_MESH */ @@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli /* Helper macros for network block parser */ #ifdef OFFSET -@@ -1947,6 +2039,9 @@ static const struct parse_data ssid_fiel +@@ -2047,6 +2139,9 @@ static const struct parse_data ssid_fiel { INT(ap_max_inactivity) }, { INT(dtim_period) }, { INT(beacon_int) }, @@ -158,9 +158,9 @@ Signed-hostap: Antonio Quartulli #include "eap_peer/eap_config.h" +#include "drivers/nl80211_copy.h" - #define MAX_SSID_LEN 32 -@@ -675,6 +676,9 @@ struct wpa_ssid { + #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1) +@@ -711,6 +712,9 @@ struct wpa_ssid { */ void *parent_cred; @@ -172,7 +172,7 @@ Signed-hostap: Antonio Quartulli * macsec_policy - Determines the policy for MACsec secure session --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2266,6 +2266,13 @@ static void wpas_start_assoc_cb(struct w +@@ -2510,6 +2510,13 @@ static void wpas_start_assoc_cb(struct w params.beacon_int = ssid->beacon_int; else params.beacon_int = wpa_s->conf->beacon_int; diff --git a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch index 730cc31650..459bdb944a 100644 --- a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch +++ b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch @@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -4398,7 +4398,7 @@ static int wpa_driver_nl80211_ibss(struc +@@ -4644,7 +4644,7 @@ static int wpa_driver_nl80211_ibss(struc struct wpa_driver_associate_params *params) { struct nl_msg *msg; @@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli int count = 0; wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); -@@ -4425,6 +4425,37 @@ retry: +@@ -4671,6 +4671,37 @@ retry: nl80211_put_beacon_int(msg, params->beacon_int)) goto fail; diff --git a/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch b/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch index 30bb2dc14c..e2bd37d7a5 100644 --- a/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch +++ b/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch @@ -16,7 +16,7 @@ Signed-off-by: Antonio Quartulli --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -541,6 +541,8 @@ struct wpa_driver_associate_params { +@@ -590,6 +590,8 @@ struct wpa_driver_associate_params { unsigned char rates[NL80211_MAX_SUPP_RATES]; int mcast_rate; @@ -27,7 +27,7 @@ Signed-off-by: Antonio Quartulli * bssid_hint - BSSID of a proposed AP --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -4456,6 +4456,22 @@ retry: +@@ -4702,6 +4702,22 @@ retry: nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate); } @@ -52,7 +52,7 @@ Signed-off-by: Antonio Quartulli goto fail; --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c -@@ -1754,6 +1754,71 @@ static char * wpa_config_write_mcast_rat +@@ -1848,6 +1848,71 @@ static char * wpa_config_write_mcast_rat } #endif /* NO_CONFIG_WRITE */ @@ -124,7 +124,7 @@ Signed-off-by: Antonio Quartulli static int wpa_config_parse_rates(const struct parse_data *data, struct wpa_ssid *ssid, int line, const char *value) -@@ -2042,6 +2107,7 @@ static const struct parse_data ssid_fiel +@@ -2142,6 +2207,7 @@ static const struct parse_data ssid_fiel { INT_RANGE(fixed_freq, 0, 1) }, { FUNC(rates) }, { FUNC(mcast_rate) }, @@ -134,7 +134,7 @@ Signed-off-by: Antonio Quartulli #endif /* CONFIG_MACSEC */ --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h -@@ -678,6 +678,8 @@ struct wpa_ssid { +@@ -714,6 +714,8 @@ struct wpa_ssid { unsigned char rates[NL80211_MAX_SUPP_RATES]; double mcast_rate; @@ -145,7 +145,7 @@ Signed-off-by: Antonio Quartulli /** --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2273,6 +2273,8 @@ static void wpas_start_assoc_cb(struct w +@@ -2517,6 +2517,8 @@ static void wpas_start_assoc_cb(struct w i++; } params.mcast_rate = ssid->mcast_rate; diff --git a/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch b/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch deleted file mode 100644 index e6bbdddc50..0000000000 --- a/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/ap/sta_info.h -+++ b/src/ap/sta_info.h -@@ -179,7 +179,7 @@ struct sta_info { - * AP_DISASSOC_DELAY seconds. Similarly, the station will be deauthenticated - * after AP_DEAUTH_DELAY seconds has passed after disassociation. */ - #define AP_MAX_INACTIVITY (5 * 60) --#define AP_DISASSOC_DELAY (1) -+#define AP_DISASSOC_DELAY (3) - #define AP_DEAUTH_DELAY (1) - /* Number of seconds to keep STA entry with Authenticated flag after it has - * been disassociated. */ diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch index df2eac873c..55da4b678d 100644 --- a/package/network/services/hostapd/patches/600-ubus_support.patch +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -1,6 +1,6 @@ --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -121,6 +121,11 @@ OBJS += ../src/common/hw_features_common +@@ -157,6 +157,11 @@ OBJS += ../src/common/hw_features_common OBJS += ../src/eapol_auth/eapol_auth_sm.o @@ -22,7 +22,7 @@ struct wpa_ctrl_dst; struct radius_server_data; -@@ -103,6 +104,7 @@ struct hostapd_data { +@@ -118,6 +119,7 @@ struct hostapd_data { struct hostapd_iface *iface; struct hostapd_config *iconf; struct hostapd_bss_config *conf; @@ -30,7 +30,7 @@ int interface_added; /* virtual interface added for this BSS */ unsigned int started:1; unsigned int disabled:1; -@@ -286,6 +288,8 @@ struct hostapd_iface { +@@ -323,6 +325,8 @@ struct hostapd_iface { struct hostapd_config *conf; char phy[16]; /* Name of the PHY (radio) */ @@ -41,7 +41,7 @@ HAPD_IFACE_DISABLED, --- /dev/null +++ b/src/ap/ubus.c -@@ -0,0 +1,511 @@ +@@ -0,0 +1,536 @@ +/* + * hostapd / ubus support + * Copyright (c) 2013, Felix Fietkau @@ -58,6 +58,8 @@ +#include "wps_hostapd.h" +#include "sta_info.h" +#include "ubus.h" ++#include "ap_drv_ops.h" ++#include "beacon.h" + +static struct ubus_context *ctx; +static struct blob_buf b; @@ -417,6 +419,10 @@ +{ + struct blob_attr *tb[__VENDOR_ELEMENTS_MAX]; + struct hostapd_data *hapd = get_hapd_from_object(obj); ++ struct hostapd_bss_config *bss = hapd->conf; ++ struct wpabuf *elems; ++ const char *pos; ++ size_t len; + + blobmsg_parse(ve_policy, __VENDOR_ELEMENTS_MAX, tb, + blob_data(msg), blob_len(msg)); @@ -424,10 +430,29 @@ + if (!tb[VENDOR_ELEMENTS]) + return UBUS_STATUS_INVALID_ARGUMENT; + -+ const char *vendor_elements = blobmsg_data(tb[VENDOR_ELEMENTS]); -+ if (hostapd_set_iface(hapd->iconf, hapd->conf, "vendor_elements", -+ vendor_elements) != 0) -+ return UBUS_STATUS_NOT_SUPPORTED; ++ pos = blobmsg_data(tb[VENDOR_ELEMENTS]); ++ len = os_strlen(pos); ++ if (len & 0x01) ++ return UBUS_STATUS_INVALID_ARGUMENT; ++ ++ len /= 2; ++ if (len == 0) { ++ wpabuf_free(bss->vendor_elements); ++ bss->vendor_elements = NULL; ++ return 0; ++ } ++ ++ elems = wpabuf_alloc(len); ++ if (elems == NULL) ++ return 1; ++ ++ if (hexstr2bin(pos, wpabuf_put(elems, len), len)) { ++ wpabuf_free(elems); ++ return UBUS_STATUS_INVALID_ARGUMENT; ++ } ++ ++ wpabuf_free(bss->vendor_elements); ++ bss->vendor_elements = elems; + + /* update beacons if vendor elements were set successfully */ + if (ieee802_11_update_beacons(hapd->iface) != 0) @@ -636,7 +661,7 @@ +#endif --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -277,6 +277,7 @@ static void hostapd_free_hapd_data(struc +@@ -284,6 +284,7 @@ static void hostapd_free_hapd_data(struc hapd->started = 0; wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface); @@ -644,7 +669,7 @@ iapp_deinit(hapd->iapp); hapd->iapp = NULL; accounting_deinit(hapd); -@@ -1098,6 +1099,8 @@ static int hostapd_setup_bss(struct host +@@ -1139,6 +1140,8 @@ static int hostapd_setup_bss(struct host if (hapd->driver && hapd->driver->set_operstate) hapd->driver->set_operstate(hapd->drv_priv, 1); @@ -653,7 +678,7 @@ return 0; } -@@ -1384,6 +1387,7 @@ int hostapd_setup_interface_complete(str +@@ -1664,6 +1667,7 @@ static int hostapd_setup_interface_compl if (err) goto fail; @@ -661,15 +686,15 @@ wpa_printf(MSG_DEBUG, "Completing interface initialization"); if (iface->conf->channel) { #ifdef NEED_AP_MLME -@@ -1544,6 +1548,7 @@ dfs_offload: +@@ -1844,6 +1848,7 @@ dfs_offload: fail: wpa_printf(MSG_ERROR, "Interface initialization failed"); + hostapd_ubus_free_iface(iface); hostapd_set_state(iface, HAPD_IFACE_DISABLED); wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED); - if (iface->interfaces && iface->interfaces->terminate_on_error) -@@ -1873,6 +1878,7 @@ void hostapd_interface_deinit_free(struc + #ifdef CONFIG_FST +@@ -2277,6 +2282,7 @@ void hostapd_interface_deinit_free(struc (unsigned int) iface->conf->num_bss); driver = iface->bss[0]->driver; drv_priv = iface->bss[0]->drv_priv; @@ -679,7 +704,7 @@ __func__, driver, drv_priv); --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c -@@ -881,7 +881,8 @@ int auth_sae_init_committed(struct hosta +@@ -980,7 +980,8 @@ int auth_sae_init_committed(struct hosta static void handle_auth(struct hostapd_data *hapd, @@ -689,7 +714,7 @@ { u16 auth_alg, auth_transaction, status_code; u16 resp = WLAN_STATUS_SUCCESS; -@@ -897,6 +898,11 @@ static void handle_auth(struct hostapd_d +@@ -996,6 +997,11 @@ static void handle_auth(struct hostapd_d char *identity = NULL; char *radius_cui = NULL; u16 seq_ctrl; @@ -699,9 +724,9 @@ + .frame_info = fi, + }; - if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { - wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", -@@ -983,6 +989,14 @@ static void handle_auth(struct hostapd_d + os_memset(&vlan_id, 0, sizeof(vlan_id)); + +@@ -1149,6 +1155,14 @@ static void handle_auth(struct hostapd_d resp = WLAN_STATUS_UNSPECIFIED_FAILURE; goto fail; } @@ -716,7 +741,7 @@ if (res == HOSTAPD_ACL_PENDING) { wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR " waiting for an external authentication", -@@ -1694,13 +1708,18 @@ static void send_assoc_resp(struct hosta +@@ -2033,13 +2047,18 @@ static u16 send_assoc_resp(struct hostap static void handle_assoc(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len, @@ -724,7 +749,7 @@ + int reassoc, struct hostapd_frame_info *fi) { u16 capab_info, listen_interval, seq_ctrl, fc; - u16 resp = WLAN_STATUS_SUCCESS; + u16 resp = WLAN_STATUS_SUCCESS, reply_res; const u8 *pos; int left, i; struct sta_info *sta; @@ -736,9 +761,9 @@ if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : sizeof(mgmt->u.assoc_req))) { -@@ -1820,6 +1839,13 @@ static void handle_assoc(struct hostapd_ - goto fail; +@@ -2159,6 +2178,13 @@ static void handle_assoc(struct hostapd_ } + #endif /* CONFIG_MBO */ + if (hostapd_ubus_handle_event(hapd, &req)) { + wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n", @@ -747,10 +772,10 @@ + goto fail; + } + - sta->capability = capab_info; - sta->listen_interval = listen_interval; - -@@ -2236,7 +2262,7 @@ int ieee802_11_mgmt(struct hostapd_data + /* + * sta->capability is used in check_assoc_ies() for RRM enabled + * capability element. +@@ -2639,7 +2665,7 @@ int ieee802_11_mgmt(struct hostapd_data if (stype == WLAN_FC_STYPE_PROBE_REQ) { @@ -759,7 +784,7 @@ return 1; } -@@ -2251,17 +2277,17 @@ int ieee802_11_mgmt(struct hostapd_data +@@ -2657,17 +2683,17 @@ int ieee802_11_mgmt(struct hostapd_data switch (stype) { case WLAN_FC_STYPE_AUTH: wpa_printf(MSG_DEBUG, "mgmt::auth"); @@ -782,7 +807,7 @@ case WLAN_FC_STYPE_DISASSOC: --- a/src/ap/beacon.c +++ b/src/ap/beacon.c -@@ -542,7 +542,7 @@ static enum ssid_match_result ssid_match +@@ -675,7 +675,7 @@ sta_track_seen_on(struct hostapd_iface * void handle_probe_req(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len, @@ -791,22 +816,23 @@ { u8 *resp; struct ieee802_11_elems elems; -@@ -550,8 +550,14 @@ void handle_probe_req(struct hostapd_dat - size_t ie_len; - struct sta_info *sta = NULL; +@@ -684,9 +684,15 @@ void handle_probe_req(struct hostapd_dat size_t i, resp_len; -+ int ssi_signal = fi->ssi_signal; int noack; enum ssid_match_result res; ++ int ssi_signal = fi->ssi_signal; + int ret; + u16 csa_offs[2]; + size_t csa_offs_len; + struct hostapd_ubus_request req = { + .type = HOSTAPD_UBUS_PROBE_REQ, + .mgmt_frame = mgmt, + .frame_info = fi, + }; - ie = mgmt->u.probe_req.variable; - if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req)) -@@ -710,6 +716,12 @@ void handle_probe_req(struct hostapd_dat + if (len < IEEE80211_HDRLEN) + return; +@@ -838,6 +844,12 @@ void handle_probe_req(struct hostapd_dat } #endif /* CONFIG_P2P */ @@ -832,7 +858,7 @@ int ieee802_11_update_beacons(struct hostapd_iface *iface); --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c -@@ -49,6 +49,10 @@ int hostapd_notif_assoc(struct hostapd_d +@@ -52,6 +52,10 @@ int hostapd_notif_assoc(struct hostapd_d u16 reason = WLAN_REASON_UNSPECIFIED; u16 status = WLAN_STATUS_SUCCESS; const u8 *p2p_dev_addr = NULL; @@ -843,9 +869,9 @@ if (addr == NULL) { /* -@@ -113,6 +117,12 @@ int hostapd_notif_assoc(struct hostapd_d +@@ -124,6 +128,12 @@ int hostapd_notif_assoc(struct hostapd_d + goto fail; } - sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); + if (hostapd_ubus_handle_event(hapd, &req)) { + wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n", diff --git a/package/network/services/hostapd/patches/901-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/package/network/services/hostapd/patches/901-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch new file mode 100644 index 0000000000..727684865d --- /dev/null +++ b/package/network/services/hostapd/patches/901-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +++++++++++++--- + src/ap/wpa_auth.c | 11 +++++++++++ + src/ap/wpa_auth.h | 3 ++- + src/ap/wpa_auth_ft.c | 10 ++++++++++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* + * Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, + * FT-over-the-DS, where a station re-associates back to the same AP but + * skips the authentication flow, or if working with a driver that + * does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. + */ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, + sta->vht_opmode, sta->p2p_ie ? 1 : 0, +- sta->added_unassoc)) { ++ set)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, + "Could not %s STA to kernel driver", +- sta->added_unassoc ? "set" : "add"); ++ set ? "set" : "add"); + + if (sta->added_unassoc) { + hostapd_drv_sta_remove(hapd, sta->addr); +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 3587086..707971d 100644 +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) + #else /* CONFIG_IEEE80211R */ + break; + #endif /* CONFIG_IEEE80211R */ ++ case WPA_DRV_STA_REMOVED: ++ sm->tk_already_set = FALSE; ++ return 0; + } + + #ifdef CONFIG_IEEE80211R +@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) + } + + ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) ++{ ++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) ++ return 0; ++ return sm->tk_already_set; ++} ++ ++ + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry) + { +diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h +index 0de8d97..97461b0 100644 +--- a/src/ap/wpa_auth.h ++++ b/src/ap/wpa_auth.h +@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, + u8 *data, size_t data_len); + enum wpa_event { + WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, +- WPA_REAUTH_EAPOL, WPA_ASSOC_FT ++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED + }; + void wpa_remove_ptk(struct wpa_state_machine *sm); + int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); +@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); + int wpa_auth_get_pairwise(struct wpa_state_machine *sm); + int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); + int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry); + struct rsn_pmksa_cache_entry * +diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c +index 42242a5..e63b99a 100644 +--- a/src/ap/wpa_auth_ft.c ++++ b/src/ap/wpa_auth_ft.c +@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) + return; + } + ++ if (sm->tk_already_set) { ++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX ++ * PN in the driver */ ++ wpa_printf(MSG_DEBUG, ++ "FT: Do not re-install same PTK to the driver"); ++ return; ++ } ++ + /* FIX: add STA entry to kernel/driver here? The set_key will fail + * most likely without this.. At the moment, STA entry is added only + * after association has been completed. This function will be called +@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) + + /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ + sm->pairwise_set = TRUE; ++ sm->tk_already_set = TRUE; + } + + +@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, + + sm->pairwise = pairwise; + sm->PTK_valid = TRUE; ++ sm->tk_already_set = FALSE; + wpa_ft_install_ptk(sm); + + buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + +diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h +index 72b7eb3..7fd8f05 100644 +--- a/src/ap/wpa_auth_i.h ++++ b/src/ap/wpa_auth_i.h +@@ -65,6 +65,7 @@ struct wpa_state_machine { + struct wpa_ptk PTK; + Boolean PTK_valid; + Boolean pairwise_set; ++ Boolean tk_already_set; + int keycount; + Boolean Pair; + struct wpa_key_replay_counter { +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/902-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/package/network/services/hostapd/patches/902-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch new file mode 100644 index 0000000000..1802d664ad --- /dev/null +++ b/package/network/services/hostapd/patches/902-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch @@ -0,0 +1,250 @@ +From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Wed, 12 Jul 2017 16:03:24 +0200 +Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key + +Track the current GTK and IGTK that is in use and when receiving a +(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do +not install the given key if it is already in use. This prevents an +attacker from trying to trick the client into resetting or lowering the +sequence counter associated to the group key. + +Signed-off-by: Mathy Vanhoef +--- + src/common/wpa_common.h | 11 +++++ + src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ + src/rsn_supp/wpa_i.h | 4 ++ + 3 files changed, 87 insertions(+), 44 deletions(-) + +diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h +index af1d0f0..d200285 100644 +--- a/src/common/wpa_common.h ++++ b/src/common/wpa_common.h +@@ -217,6 +217,17 @@ struct wpa_ptk { + size_t tk_len; + }; + ++struct wpa_gtk { ++ u8 gtk[WPA_GTK_MAX_LEN]; ++ size_t gtk_len; ++}; ++ ++#ifdef CONFIG_IEEE80211W ++struct wpa_igtk { ++ u8 igtk[WPA_IGTK_MAX_LEN]; ++ size_t igtk_len; ++}; ++#endif /* CONFIG_IEEE80211W */ + + /* WPA IE version 1 + * 00-50-f2:1 (OUI:OUI type) +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 3c47879..95bd7be 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + const u8 *_gtk = gd->gtk; + u8 gtk_buf[32]; + ++ /* Detect possible key reinstallation */ ++ if (sm->gtk.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", ++ gd->keyidx, gd->tx, gd->gtk_len); ++ return 0; ++ } ++ + wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", +@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + } + os_memset(gtk_buf, 0, sizeof(gtk_buf)); + ++ sm->gtk.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ + return 0; + } + +@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, + } + + ++#ifdef CONFIG_IEEE80211W ++static int wpa_supplicant_install_igtk(struct wpa_sm *sm, ++ const struct wpa_igtk_kde *igtk) ++{ ++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); ++ u16 keyidx = WPA_GET_LE16(igtk->keyid); ++ ++ /* Detect possible key reinstallation */ ++ if (sm->igtk.igtk_len == len && ++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", ++ keyidx); ++ return 0; ++ } ++ ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", ++ keyidx, MAC2STR(igtk->pn)); ++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); ++ if (keyidx > 4095) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Invalid IGTK KeyID %d", keyidx); ++ return -1; ++ } ++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), ++ broadcast_ether_addr, ++ keyidx, 0, igtk->pn, sizeof(igtk->pn), ++ igtk->igtk, len) < 0) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Failed to configure IGTK to the driver"); ++ return -1; ++ } ++ ++ sm->igtk.igtk_len = len; ++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ ++ return 0; ++} ++#endif /* CONFIG_IEEE80211W */ ++ ++ + static int ieee80211w_set_keys(struct wpa_sm *sm, + struct wpa_eapol_ie_parse *ie) + { +@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, + if (ie->igtk) { + size_t len; + const struct wpa_igtk_kde *igtk; +- u16 keyidx; ++ + len = wpa_cipher_key_len(sm->mgmt_group_cipher); + if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) + return -1; ++ + igtk = (const struct wpa_igtk_kde *) ie->igtk; +- keyidx = WPA_GET_LE16(igtk->keyid); +- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " +- "pn %02x%02x%02x%02x%02x%02x", +- keyidx, MAC2STR(igtk->pn)); +- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", +- igtk->igtk, len); +- if (keyidx > 4095) { +- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, +- "WPA: Invalid IGTK KeyID %d", keyidx); +- return -1; +- } +- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), +- broadcast_ether_addr, +- keyidx, 0, igtk->pn, sizeof(igtk->pn), +- igtk->igtk, len) < 0) { +- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, +- "WPA: Failed to configure IGTK to the driver"); ++ if (wpa_supplicant_install_igtk(sm, igtk) < 0) + return -1; +- } + } + + return 0; +@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) + */ + void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + { +- int clear_ptk = 1; ++ int clear_keys = 1; + + if (sm == NULL) + return; +@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + /* Prepare for the next transition */ + wpa_ft_prepare_auth_request(sm, NULL); + +- clear_ptk = 0; ++ clear_keys = 0; + } + #endif /* CONFIG_IEEE80211R */ + +- if (clear_ptk) { ++ if (clear_keys) { + /* + * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if + * this is not part of a Fast BSS Transition. +@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + sm->tptk_set = 0; + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); ++ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++#ifdef CONFIG_IEEE80211W ++ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++#endif /* CONFIG_IEEE80211W */ + } + + #ifdef CONFIG_TDLS +@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) + os_memset(sm->pmk, 0, sizeof(sm->pmk)); + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); ++ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++#ifdef CONFIG_IEEE80211W ++ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++#endif /* CONFIG_IEEE80211W */ + #ifdef CONFIG_IEEE80211R + os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); + os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); +@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) + os_memset(&gd, 0, sizeof(gd)); + #ifdef CONFIG_IEEE80211W + } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { +- struct wpa_igtk_kde igd; +- u16 keyidx; +- +- os_memset(&igd, 0, sizeof(igd)); +- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); +- os_memcpy(igd.keyid, buf + 2, 2); +- os_memcpy(igd.pn, buf + 4, 6); +- +- keyidx = WPA_GET_LE16(igd.keyid); +- os_memcpy(igd.igtk, buf + 10, keylen); +- +- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", +- igd.igtk, keylen); +- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), +- broadcast_ether_addr, +- keyidx, 0, igd.pn, sizeof(igd.pn), +- igd.igtk, keylen) < 0) { +- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " +- "WNM mode"); +- os_memset(&igd, 0, sizeof(igd)); ++ const struct wpa_igtk_kde *igtk; ++ ++ igtk = (const struct wpa_igtk_kde *) (buf + 2); ++ if (wpa_supplicant_install_igtk(sm, igtk) < 0) + return -1; +- } +- os_memset(&igd, 0, sizeof(igd)); + #endif /* CONFIG_IEEE80211W */ + } else { + wpa_printf(MSG_DEBUG, "Unknown element id"); +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index f653ba6..afc9e37 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -31,6 +31,10 @@ struct wpa_sm { + u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; + int rx_replay_counter_set; + u8 request_counter[WPA_REPLAY_COUNTER_LEN]; ++ struct wpa_gtk gtk; ++#ifdef CONFIG_IEEE80211W ++ struct wpa_igtk igtk; ++#endif /* CONFIG_IEEE80211W */ + + struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ + +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/903-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/package/network/services/hostapd/patches/903-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch new file mode 100644 index 0000000000..e2937b851a --- /dev/null +++ b/package/network/services/hostapd/patches/903-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch @@ -0,0 +1,184 @@ +From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sun, 1 Oct 2017 12:12:24 +0300 +Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep + Mode cases + +This extends the protection to track last configured GTK/IGTK value +separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a +corner case where these two different mechanisms may get used when the +GTK/IGTK has changed and tracking a single value is not sufficient to +detect a possible key reconfiguration. + +Signed-off-by: Jouni Malinen +--- + src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- + src/rsn_supp/wpa_i.h | 2 ++ + 2 files changed, 40 insertions(+), 15 deletions(-) + +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 95bd7be..7a2c68d 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -709,14 +709,17 @@ struct wpa_gtk_data { + + static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + const struct wpa_gtk_data *gd, +- const u8 *key_rsc) ++ const u8 *key_rsc, int wnm_sleep) + { + const u8 *_gtk = gd->gtk; + u8 gtk_buf[32]; + + /* Detect possible key reinstallation */ +- if (sm->gtk.gtk_len == (size_t) gd->gtk_len && +- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { ++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || ++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, ++ sm->gtk_wnm_sleep.gtk_len) == 0)) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", + gd->keyidx, gd->tx, gd->gtk_len); +@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + } + os_memset(gtk_buf, 0, sizeof(gtk_buf)); + +- sm->gtk.gtk_len = gd->gtk_len; +- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ if (wnm_sleep) { ++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, ++ sm->gtk_wnm_sleep.gtk_len); ++ } else { ++ sm->gtk.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ } + + return 0; + } +@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, + (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, + gtk_len, gtk_len, + &gd.key_rsc_len, &gd.alg) || +- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { ++ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "RSN: Failed to install GTK"); + os_memset(&gd, 0, sizeof(gd)); +@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, + + #ifdef CONFIG_IEEE80211W + static int wpa_supplicant_install_igtk(struct wpa_sm *sm, +- const struct wpa_igtk_kde *igtk) ++ const struct wpa_igtk_kde *igtk, ++ int wnm_sleep) + { + size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); + u16 keyidx = WPA_GET_LE16(igtk->keyid); + + /* Detect possible key reinstallation */ +- if (sm->igtk.igtk_len == len && +- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { ++ if ((sm->igtk.igtk_len == len && ++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || ++ (sm->igtk_wnm_sleep.igtk_len == len && ++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, ++ sm->igtk_wnm_sleep.igtk_len) == 0)) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", + keyidx); +@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, + return -1; + } + +- sm->igtk.igtk_len = len; +- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ if (wnm_sleep) { ++ sm->igtk_wnm_sleep.igtk_len = len; ++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, ++ sm->igtk_wnm_sleep.igtk_len); ++ } else { ++ sm->igtk.igtk_len = len; ++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ } + + return 0; + } +@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, + return -1; + + igtk = (const struct wpa_igtk_kde *) ie->igtk; +- if (wpa_supplicant_install_igtk(sm, igtk) < 0) ++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) + return -1; + } + +@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, + if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) + key_rsc = null_rsc; + +- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || ++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || + wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) + goto failed; + os_memset(&gd, 0, sizeof(gd)); +@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + sm->tptk_set = 0; + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); + #ifdef CONFIG_IEEE80211W + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); + #endif /* CONFIG_IEEE80211W */ + } + +@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); + #ifdef CONFIG_IEEE80211W + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); + #endif /* CONFIG_IEEE80211W */ + #ifdef CONFIG_IEEE80211R + os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); +@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) + + wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", + gd.gtk, gd.gtk_len); +- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { ++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { + os_memset(&gd, 0, sizeof(gd)); + wpa_printf(MSG_DEBUG, "Failed to install the GTK in " + "WNM mode"); +@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) + const struct wpa_igtk_kde *igtk; + + igtk = (const struct wpa_igtk_kde *) (buf + 2); +- if (wpa_supplicant_install_igtk(sm, igtk) < 0) ++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) + return -1; + #endif /* CONFIG_IEEE80211W */ + } else { +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index afc9e37..9a54631 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -32,8 +32,10 @@ struct wpa_sm { + int rx_replay_counter_set; + u8 request_counter[WPA_REPLAY_COUNTER_LEN]; + struct wpa_gtk gtk; ++ struct wpa_gtk gtk_wnm_sleep; + #ifdef CONFIG_IEEE80211W + struct wpa_igtk igtk; ++ struct wpa_igtk igtk_wnm_sleep; + #endif /* CONFIG_IEEE80211W */ + + struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/904-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch b/package/network/services/hostapd/patches/904-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch new file mode 100644 index 0000000000..22ee217947 --- /dev/null +++ b/package/network/services/hostapd/patches/904-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch @@ -0,0 +1,79 @@ +From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 29 Sep 2017 04:22:51 +0200 +Subject: [PATCH 4/8] Prevent installation of an all-zero TK + +Properly track whether a PTK has already been installed to the driver +and the TK part cleared from memory. This prevents an attacker from +trying to trick the client into installing an all-zero TK. + +This fixes the earlier fix in commit +ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the +driver in EAPOL-Key 3/4 retry case') which did not take into account +possibility of an extra message 1/4 showing up between retries of +message 3/4. + +Signed-off-by: Mathy Vanhoef +--- + src/common/wpa_common.h | 1 + + src/rsn_supp/wpa.c | 5 ++--- + src/rsn_supp/wpa_i.h | 1 - + 3 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h +index d200285..1021ccb 100644 +--- a/src/common/wpa_common.h ++++ b/src/common/wpa_common.h +@@ -215,6 +215,7 @@ struct wpa_ptk { + size_t kck_len; + size_t kek_len; + size_t tk_len; ++ int installed; /* 1 if key has already been installed to driver */ + }; + + struct wpa_gtk { +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 7a2c68d..0550a41 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, + os_memset(buf, 0, sizeof(buf)); + } + sm->tptk_set = 1; +- sm->tk_to_set = 1; + + kde = sm->assoc_wpa_ie; + kde_len = sm->assoc_wpa_ie_len; +@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, + enum wpa_alg alg; + const u8 *key_rsc; + +- if (!sm->tk_to_set) { ++ if (sm->ptk.installed) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Do not re-install same PTK to the driver"); + return 0; +@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, + + /* TK is not needed anymore in supplicant */ + os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); +- sm->tk_to_set = 0; ++ sm->ptk.installed = 1; + + if (sm->wpa_ptk_rekey) { + eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index 9a54631..41f371f 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -24,7 +24,6 @@ struct wpa_sm { + struct wpa_ptk ptk, tptk; + int ptk_set, tptk_set; + unsigned int msg_3_of_4_ok:1; +- unsigned int tk_to_set:1; + u8 snonce[WPA_NONCE_LEN]; + u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ + int renew_snonce; +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/905-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/package/network/services/hostapd/patches/905-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch new file mode 100644 index 0000000000..c19c4c7102 --- /dev/null +++ b/package/network/services/hostapd/patches/905-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch @@ -0,0 +1,64 @@ +From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sun, 1 Oct 2017 12:32:57 +0300 +Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce + +The Authenticator state machine path for PTK rekeying ended up bypassing +the AUTHENTICATION2 state where a new ANonce is generated when going +directly to the PTKSTART state since there is no need to try to +determine the PMK again in such a case. This is far from ideal since the +new PTK would depend on a new nonce only from the supplicant. + +Fix this by generating a new ANonce when moving to the PTKSTART state +for the purpose of starting new 4-way handshake to rekey PTK. + +Signed-off-by: Jouni Malinen +--- + src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) + +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 707971d..bf10cc1 100644 +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) + } + + ++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) ++{ ++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { ++ wpa_printf(MSG_ERROR, ++ "WPA: Failed to get random data for ANonce"); ++ sm->Disconnect = TRUE; ++ return -1; ++ } ++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, ++ WPA_NONCE_LEN); ++ sm->TimeoutCtr = 0; ++ return 0; ++} ++ ++ + SM_STATE(WPA_PTK, INITPMK) + { + u8 msk[2 * PMK_LEN]; +@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) + SM_ENTER(WPA_PTK, AUTHENTICATION); + else if (sm->ReAuthenticationRequest) + SM_ENTER(WPA_PTK, AUTHENTICATION2); +- else if (sm->PTKRequest) +- SM_ENTER(WPA_PTK, PTKSTART); +- else switch (sm->wpa_ptk_state) { ++ else if (sm->PTKRequest) { ++ if (wpa_auth_sm_ptk_update(sm) < 0) ++ SM_ENTER(WPA_PTK, DISCONNECTED); ++ else ++ SM_ENTER(WPA_PTK, PTKSTART); ++ } else switch (sm->wpa_ptk_state) { + case WPA_PTK_INITIALIZE: + break; + case WPA_PTK_DISCONNECT: +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/906-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/package/network/services/hostapd/patches/906-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch new file mode 100644 index 0000000000..e1bd5a5726 --- /dev/null +++ b/package/network/services/hostapd/patches/906-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch @@ -0,0 +1,132 @@ +From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 22 Sep 2017 11:03:15 +0300 +Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration + +Do not try to reconfigure the same TPK-TK to the driver after it has +been successfully configured. This is an explicit check to avoid issues +related to resetting the TX/RX packet number. There was already a check +for this for TPK M2 (retries of that message are ignored completely), so +that behavior does not get modified. + +For TPK M3, the TPK-TK could have been reconfigured, but that was +followed by immediate teardown of the link due to an issue in updating +the STA entry. Furthermore, for TDLS with any real security (i.e., +ignoring open/WEP), the TPK message exchange is protected on the AP path +and simple replay attacks are not feasible. + +As an additional corner case, make sure the local nonce gets updated if +the peer uses a very unlikely "random nonce" of all zeros. + +Signed-off-by: Jouni Malinen +--- + src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++-- + 1 file changed, 36 insertions(+), 2 deletions(-) + +diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c +index e424168..9eb9738 100644 +--- a/src/rsn_supp/tdls.c ++++ b/src/rsn_supp/tdls.c +@@ -112,6 +112,7 @@ struct wpa_tdls_peer { + u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ + } tpk; + int tpk_set; ++ int tk_set; /* TPK-TK configured to the driver */ + int tpk_success; + int tpk_in_progress; + +@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) + u8 rsc[6]; + enum wpa_alg alg; + ++ if (peer->tk_set) { ++ /* ++ * This same TPK-TK has already been configured to the driver ++ * and this new configuration attempt (likely due to an ++ * unexpected retransmitted frame) would result in clearing ++ * the TX/RX sequence number which can break security, so must ++ * not allow that to happen. ++ */ ++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR ++ " has already been configured to the driver - do not reconfigure", ++ MAC2STR(peer->addr)); ++ return -1; ++ } ++ + os_memset(rsc, 0, 6); + + switch (peer->cipher) { +@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) + return -1; + } + ++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, ++ MAC2STR(peer->addr)); + if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, + rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { + wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " + "driver"); + return -1; + } ++ peer->tk_set = 1; + return 0; + } + +@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer) + peer->cipher = 0; + peer->qos_info = 0; + peer->wmm_capable = 0; +- peer->tpk_set = peer->tpk_success = 0; ++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; + peer->chan_switch_enabled = 0; + os_memset(&peer->tpk, 0, sizeof(peer->tpk)); + os_memset(peer->inonce, 0, WPA_NONCE_LEN); +@@ -1159,6 +1177,7 @@ skip_rsnie: + wpa_tdls_peer_free(sm, peer); + return -1; + } ++ peer->tk_set = 0; /* A new nonce results in a new TK */ + wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", + peer->inonce, WPA_NONCE_LEN); + os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); +@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer, + } + + ++static int tdls_nonce_set(const u8 *nonce) ++{ ++ int i; ++ ++ for (i = 0; i < WPA_NONCE_LEN; i++) { ++ if (nonce[i]) ++ return 1; ++ } ++ ++ return 0; ++} ++ ++ + static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, + const u8 *buf, size_t len) + { +@@ -2004,7 +2036,8 @@ skip_rsn: + peer->rsnie_i_len = kde.rsn_ie_len; + peer->cipher = cipher; + +- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { ++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || ++ !tdls_nonce_set(peer->inonce)) { + /* + * There is no point in updating the RNonce for every obtained + * TPK M1 frame (e.g., retransmission due to timeout) with the +@@ -2020,6 +2053,7 @@ skip_rsn: + "TDLS: Failed to get random data for responder nonce"); + goto error; + } ++ peer->tk_set = 0; /* A new nonce results in a new TK */ + } + + #if 0 +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/907-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch b/package/network/services/hostapd/patches/907-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch new file mode 100644 index 0000000000..85ea1d62bc --- /dev/null +++ b/package/network/services/hostapd/patches/907-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch @@ -0,0 +1,43 @@ +From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 22 Sep 2017 11:25:02 +0300 +Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending + request + +Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep +Mode Response if WNM-Sleep Mode has not been used') started ignoring the +response when no WNM-Sleep Mode Request had been used during the +association. This can be made tighter by clearing the used flag when +successfully processing a response. This adds an additional layer of +protection against unexpected retransmissions of the response frame. + +Signed-off-by: Jouni Malinen +--- + wpa_supplicant/wnm_sta.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c +index 1b3409c..67a07ff 100644 +--- a/wpa_supplicant/wnm_sta.c ++++ b/wpa_supplicant/wnm_sta.c +@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, + + if (!wpa_s->wnmsleep_used) { + wpa_printf(MSG_DEBUG, +- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); ++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); + return; + } + +@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, + return; + } + ++ wpa_s->wnmsleep_used = 0; ++ + if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || + wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { + wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " +-- +2.7.4 + diff --git a/package/network/services/hostapd/patches/908-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/package/network/services/hostapd/patches/908-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch new file mode 100644 index 0000000000..b9678f6815 --- /dev/null +++ b/package/network/services/hostapd/patches/908-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch @@ -0,0 +1,82 @@ +From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 22 Sep 2017 12:06:37 +0300 +Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames + +The driver is expected to not report a second association event without +the station having explicitly request a new association. As such, this +case should not be reachable. However, since reconfiguring the same +pairwise or group keys to the driver could result in nonce reuse issues, +be extra careful here and do an additional state check to avoid this +even if the local driver ends up somehow accepting an unexpected +Reassociation Response frame. + +Signed-off-by: Jouni Malinen +--- + src/rsn_supp/wpa.c | 3 +++ + src/rsn_supp/wpa_ft.c | 8 ++++++++ + src/rsn_supp/wpa_i.h | 1 + + 3 files changed, 12 insertions(+) + +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 0550a41..2a53c6f 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) + #ifdef CONFIG_TDLS + wpa_tdls_disassoc(sm); + #endif /* CONFIG_TDLS */ ++#ifdef CONFIG_IEEE80211R ++ sm->ft_reassoc_completed = 0; ++#endif /* CONFIG_IEEE80211R */ + + /* Keys are not needed in the WPA state machine anymore */ + wpa_sm_drop_sa(sm); +diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c +index 205793e..d45bb45 100644 +--- a/src/rsn_supp/wpa_ft.c ++++ b/src/rsn_supp/wpa_ft.c +@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, + u16 capab; + + sm->ft_completed = 0; ++ sm->ft_reassoc_completed = 0; + + buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + + 2 + sm->r0kh_id_len + ric_ies_len + 100; +@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, + return -1; + } + ++ if (sm->ft_reassoc_completed) { ++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); ++ return 0; ++ } ++ + if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { + wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); + return -1; +@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, + return -1; + } + ++ sm->ft_reassoc_completed = 1; ++ + if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) + return -1; + +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index 41f371f..56f88dc 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -128,6 +128,7 @@ struct wpa_sm { + size_t r0kh_id_len; + u8 r1kh_id[FT_R1KH_ID_LEN]; + int ft_completed; ++ int ft_reassoc_completed; + int over_the_ds_in_progress; + u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ + int set_ptk_after_assoc; +-- +2.7.4 + diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile index 81d800719a..d3158b5952 100644 --- a/package/network/services/openvpn/Makefile +++ b/package/network/services/openvpn/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn -PKG_VERSION:=2.3.6 -PKG_RELEASE:=5 +PKG_VERSION:=2.3.18 +PKG_RELEASE:=1 PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_MD5SUM:=6ca03fe0fd093e0d01601abee808835c +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_MD5SUM:=844ec9c64aae62051478784b8562f881 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) @@ -72,15 +72,13 @@ define Build/Configure --disable-systemd \ --disable-plugins \ --disable-debug \ - --disable-eurephia \ --disable-pkcs11 \ - --enable-password-save \ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZO),--enable,--disable)-lzo \ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_X509_ALT_USERNAME),enable,disable-x509-alt-username)-ssl \ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SERVER),--enable,--disable)-server \ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MANAGEMENT),--enable,--disable)-management \ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SOCKS),--enable,--disable)-socks \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_HTTP),--enable,--disable)-http \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_HTTP),--enable,--disable)-http-proxy \ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_FRAGMENT),--enable,--disable)-fragment \ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MULTIHOME),--enable,--disable)-multihome \ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_IPROUTE2),--enable,--disable)-iproute2 \ diff --git a/package/network/services/openvpn/files/openvpn.init b/package/network/services/openvpn/files/openvpn.init index 861d0d62b3..0fcdc7eea0 100644 --- a/package/network/services/openvpn/files/openvpn.init +++ b/package/network/services/openvpn/files/openvpn.init @@ -42,7 +42,8 @@ append_params() { config_get v "$s" "$p" IFS="$LIST_SEP" for v in $v; do - [ -n "$v" ] && append_param "$s" "$p" && echo " $v" >> "/var/etc/openvpn-$s.conf" + [ -n "$v" ] && [ "$p" != "push" ] && append_param "$s" "$p" && echo " $v" >> "/var/etc/openvpn-$s.conf" + [ -n "$v" ] && [ "$p" == "push" ] && append_param "$s" "$p" && echo " \"$v\"" >> "/var/etc/openvpn-$s.conf" done unset IFS done @@ -107,7 +108,7 @@ start_instance() { # append params append_params "$s" \ - cd askpass auth auth_retry auth_user_pass auth_user_pass_verify bcast_buffers ca cert \ + cd askpass auth auth_retry auth_user_pass auth_user_pass_verify bcast_buffers ca cert capath \ chroot cipher client_config_dir client_connect client_disconnect comp_lzo connect_freq \ connect_retry connect_timeout connect_retry_max crl_verify dev dev_node dev_type dh \ echo engine explicit_exit_notify fragment group hand_window hash_size \ @@ -120,10 +121,11 @@ start_instance() { redirect_gateway remap_usr1 remote remote_cert_eku remote_cert_ku remote_cert_tls \ reneg_bytes reneg_pkts reneg_sec \ replay_persist replay_window resolv_retry route route_delay route_gateway \ - route_metric route_up rport script_security secret server server_bridge setenv shaper sndbuf \ - socks_proxy status status_version syslog tcp_queue_limit tls_auth \ + route_metric route_pre_down route_up rport script_security secret server server_bridge setenv shaper sndbuf \ + socks_proxy status status_version syslog tcp_queue_limit tls_auth tls_version_min \ tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \ tun_mtu tun_mtu_extra txqueuelen user verb down push up \ + verify_x509_name x509_username_field \ ifconfig_ipv6 route_ipv6 server_ipv6 ifconfig_ipv6_pool ifconfig_ipv6_push iroute_ipv6 openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf" @@ -152,3 +154,7 @@ start_service() { fi done } + +service_triggers() { + procd_add_reload_trigger openvpn +} diff --git a/package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch b/package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch deleted file mode 100644 index af445e3bc8..0000000000 --- a/package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch +++ /dev/null @@ -1,57 +0,0 @@ -commit 98156e90e1e83133a6a6a020db8e7333ada6156b -Author: Steffan Karger -Date: Tue Dec 2 21:42:00 2014 +0100 - - Really fix '--cipher none' regression - - ... by not incorrectly hinting to the compiler the function argument of - cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the - case. - - Verified the fix on Debian Wheezy, one of the platforms the reporter in - trac #473 mentions with a compiler that would optimize out the required - checks. - - Also add a testcase for --cipher none to t_lpback, to prevent further - regressions. - - Signed-off-by: Steffan Karger - Acked-by: Gert Doering - Message-Id: <1417552920-31770-1-git-send-email-steffan@karger.me> - URL: http://article.gmane.org/gmane.network.openvpn.devel/9300 - Signed-off-by: Gert Doering - ---- a/src/openvpn/crypto_backend.h -+++ b/src/openvpn/crypto_backend.h -@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *c - * - * @return true iff the cipher is a CBC mode cipher. - */ --bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) -- __attribute__((nonnull)); -+bool cipher_kt_mode_cbc(const cipher_kt_t *cipher); - - /** - * Check if the supplied cipher is a supported OFB or CFB mode cipher. -@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_ - * - * @return true iff the cipher is a OFB or CFB mode cipher. - */ --bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) -- __attribute__((nonnull)); -+bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher); - - - /** ---- a/tests/t_lpback.sh -+++ b/tests/t_lpback.sh -@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/op - # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5) - CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' ) - -+# Also test cipher 'none' -+CIPHERS=${CIPHERS}$(printf "\nnone") -+ - "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$ - set +e - diff --git a/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch new file mode 100644 index 0000000000..c7955c2460 --- /dev/null +++ b/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch @@ -0,0 +1,11 @@ +--- a/src/openvpn/ssl_polarssl.c ++++ b/src/openvpn/ssl_polarssl.c +@@ -1156,7 +1156,7 @@ const char * + get_ssl_library_version(void) + { + static char polar_version[30]; +- unsigned int pv = version_get_number(); ++ unsigned int pv = POLARSSL_VERSION_NUMBER; + sprintf( polar_version, "PolarSSL %d.%d.%d", + (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff ); + return polar_version; diff --git a/package/network/services/openvpn/patches/100-polarssl_compat.h b/package/network/services/openvpn/patches/100-polarssl_compat.h deleted file mode 100644 index 4def9670f0..0000000000 --- a/package/network/services/openvpn/patches/100-polarssl_compat.h +++ /dev/null @@ -1,257 +0,0 @@ ---- a/src/openvpn/ssl_polarssl.h -+++ b/src/openvpn/ssl_polarssl.h -@@ -38,6 +38,8 @@ - #include - #endif - -+#include -+ - typedef struct _buffer_entry buffer_entry; - - struct _buffer_entry { ---- a/src/openvpn/ssl_polarssl.c -+++ b/src/openvpn/ssl_polarssl.c -@@ -46,7 +46,7 @@ - #include "manage.h" - #include "ssl_common.h" - --#include -+#include - #include - - #include "ssl_verify_polarssl.h" -@@ -212,13 +212,13 @@ tls_ctx_load_dh_params (struct tls_root_ - { - if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_inline) - { -- if (0 != x509parse_dhm(ctx->dhm_ctx, (const unsigned char *) dh_inline, -+ if (0 != dhm_parse_dhm(ctx->dhm_ctx, (const unsigned char *) dh_inline, - strlen(dh_inline))) - msg (M_FATAL, "Cannot read inline DH parameters"); - } - else - { -- if (0 != x509parse_dhmfile(ctx->dhm_ctx, dh_file)) -+ if (0 != dhm_parse_dhmfile(ctx->dhm_ctx, dh_file)) - msg (M_FATAL, "Cannot read DH parameters from file %s", dh_file); - } - -@@ -253,13 +253,13 @@ tls_ctx_load_cert_file (struct tls_root_ - - if (!strcmp (cert_file, INLINE_FILE_TAG) && cert_inline) - { -- if (0 != x509parse_crt(ctx->crt_chain, -+ if (0 != x509_crt_parse(ctx->crt_chain, - (const unsigned char *) cert_inline, strlen(cert_inline))) - msg (M_FATAL, "Cannot load inline certificate file"); - } - else - { -- if (0 != x509parse_crtfile(ctx->crt_chain, cert_file)) -+ if (0 != x509_crt_parse_file(ctx->crt_chain, cert_file)) - msg (M_FATAL, "Cannot load certificate file %s", cert_file); - } - } -@@ -277,7 +277,7 @@ tls_ctx_load_priv_file (struct tls_root_ - status = x509parse_key(ctx->priv_key, - (const unsigned char *) priv_key_inline, strlen(priv_key_inline), - NULL, 0); -- if (POLARSSL_ERR_X509_PASSWORD_REQUIRED == status) -+ if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status) - { - char passbuf[512] = {0}; - pem_password_callback(passbuf, 512, 0, NULL); -@@ -289,7 +289,7 @@ tls_ctx_load_priv_file (struct tls_root_ - else - { - status = x509parse_keyfile(ctx->priv_key, priv_key_file, NULL); -- if (POLARSSL_ERR_X509_PASSWORD_REQUIRED == status) -+ if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status) - { - char passbuf[512] = {0}; - pem_password_callback(passbuf, 512, 0, NULL); -@@ -480,14 +480,14 @@ void tls_ctx_load_ca (struct tls_root_ct - - if (ca_file && !strcmp (ca_file, INLINE_FILE_TAG) && ca_inline) - { -- if (0 != x509parse_crt(ctx->ca_chain, (const unsigned char *) ca_inline, -+ if (0 != x509_crt_parse(ctx->ca_chain, (const unsigned char *) ca_inline, - strlen(ca_inline))) - msg (M_FATAL, "Cannot load inline CA certificates"); - } - else - { - /* Load CA file for verifying peer supplied certificate */ -- if (0 != x509parse_crtfile(ctx->ca_chain, ca_file)) -+ if (0 != x509_crt_parse_file(ctx->ca_chain, ca_file)) - msg (M_FATAL, "Cannot load CA certificate file %s", ca_file); - } - } -@@ -501,14 +501,14 @@ tls_ctx_load_extra_certs (struct tls_roo - - if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_inline) - { -- if (0 != x509parse_crt(ctx->crt_chain, -+ if (0 != x509_crt_parse(ctx->crt_chain, - (const unsigned char *) extra_certs_inline, - strlen(extra_certs_inline))) - msg (M_FATAL, "Cannot load inline extra-certs file"); - } - else - { -- if (0 != x509parse_crtfile(ctx->crt_chain, extra_certs_file)) -+ if (0 != x509_crt_parse_file(ctx->crt_chain, extra_certs_file)) - msg (M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file); - } - } -@@ -724,7 +724,7 @@ void key_state_ssl_init(struct key_state - external_key_len ); - else - #endif -- ssl_set_own_cert( ks_ssl->ctx, ssl_ctx->crt_chain, ssl_ctx->priv_key ); -+ ssl_set_own_cert_rsa( ks_ssl->ctx, ssl_ctx->crt_chain, ssl_ctx->priv_key ); - - /* Initialise SSL verification */ - #if P2MP_SERVER -@@ -1068,7 +1068,7 @@ print_details (struct key_state_ssl * ks - cert = ssl_get_peer_cert(ks_ssl->ctx); - if (cert != NULL) - { -- openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8); -+ openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) pk_rsa(cert->pk)->len * 8); - } - - msg (D_HANDSHAKE, "%s%s", s1, s2); ---- a/src/openvpn/crypto_polarssl.c -+++ b/src/openvpn/crypto_polarssl.c -@@ -487,7 +487,12 @@ cipher_ctx_get_cipher_kt (const cipher_c - - int cipher_ctx_reset (cipher_context_t *ctx, uint8_t *iv_buf) - { -- return 0 == cipher_reset(ctx, iv_buf); -+ int retval = cipher_reset(ctx); -+ -+ if (0 == retval) -+ cipher_set_iv(ctx, iv_buf, ctx->cipher_info->iv_size); -+ -+ return 0 == retval; - } - - int cipher_ctx_update (cipher_context_t *ctx, uint8_t *dst, int *dst_len, ---- a/src/openvpn/ssl_verify_polarssl.h -+++ b/src/openvpn/ssl_verify_polarssl.h -@@ -34,6 +34,7 @@ - #include "misc.h" - #include "manage.h" - #include -+#include - - #ifndef __OPENVPN_X509_CERT_T_DECLARED - #define __OPENVPN_X509_CERT_T_DECLARED ---- a/src/openvpn/ssl_verify_polarssl.c -+++ b/src/openvpn/ssl_verify_polarssl.c -@@ -40,6 +40,7 @@ - #include "ssl_verify.h" - #include - #include -+#include - #include - - #define MAX_SUBJECT_LENGTH 256 -@@ -102,7 +103,7 @@ x509_get_username (char *cn, int cn_len, - /* Find common name */ - while( name != NULL ) - { -- if( memcmp( name->oid.p, OID_CN, OID_SIZE(OID_CN) ) == 0) -+ if( memcmp( name->oid.p, OID_AT_CN, OID_SIZE(OID_AT_CN) ) == 0) - break; - - name = name->next; -@@ -224,60 +225,18 @@ x509_setenv (struct env_set *es, int cer - while( name != NULL ) - { - char name_expand[64+8]; -+ const char *shortname; - -- if( name->oid.len == 2 && memcmp( name->oid.p, OID_X520, 2 ) == 0 ) -+ if( 0 == oid_get_attr_short_name(&name->oid, &shortname) ) - { -- switch( name->oid.p[2] ) -- { -- case X520_COMMON_NAME: -- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_CN", -- cert_depth); break; -- -- case X520_COUNTRY: -- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_C", -- cert_depth); break; -- -- case X520_LOCALITY: -- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_L", -- cert_depth); break; -- -- case X520_STATE: -- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_ST", -- cert_depth); break; -- -- case X520_ORGANIZATION: -- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_O", -- cert_depth); break; -- -- case X520_ORG_UNIT: -- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_OU", -- cert_depth); break; -- -- default: -- openvpn_snprintf (name_expand, sizeof(name_expand), -- "X509_%d_0x%02X", cert_depth, name->oid.p[2]); -- break; -- } -+ openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_%s", -+ cert_depth, shortname); -+ } -+ else -+ { -+ openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_\?\?", -+ cert_depth); - } -- else if( name->oid.len == 8 && memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 ) -- { -- switch( name->oid.p[8] ) -- { -- case PKCS9_EMAIL: -- openvpn_snprintf (name_expand, sizeof(name_expand), -- "X509_%d_emailAddress", cert_depth); break; -- -- default: -- openvpn_snprintf (name_expand, sizeof(name_expand), -- "X509_%d_0x%02X", cert_depth, name->oid.p[8]); -- break; -- } -- } -- else -- { -- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_\?\?", -- cert_depth); -- } - - for( i = 0; i < name->val.len; i++ ) - { ---- a/configure.ac -+++ b/configure.ac -@@ -819,13 +819,13 @@ if test "${with_crypto_library}" = "pola - #include - ]], - [[ --#if POLARSSL_VERSION_NUMBER < 0x01020A00 || POLARSSL_VERSION_NUMBER >= 0x01030000 -+#if POLARSSL_VERSION_NUMBER < 0x01030000 - #error invalid version - #endif - ]] - )], - [AC_MSG_RESULT([ok])], -- [AC_MSG_ERROR([PolarSSL 1.2.x required and must be 1.2.10 or later])] -+ [AC_MSG_ERROR([PolarSSL 1.3.x required])] - ) - - polarssl_with_pkcs11="no" diff --git a/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch b/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch new file mode 100644 index 0000000000..2155a4c79b --- /dev/null +++ b/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch @@ -0,0 +1,33 @@ +openvpn: fix build without POLARSSL_DEBUG_C + +Backport of upstream master commit +b63f98633dbe2ca92cd43fc6f8597ab283a600bf. + +Signed-off-by: Magnus Kroken + +From b63f98633dbe2ca92cd43fc6f8597ab283a600bf Mon Sep 17 00:00:00 2001 +From: Steffan Karger +Date: Tue, 14 Jun 2016 22:00:03 +0200 +Subject: [PATCH] mbedtls: don't set debug threshold if compiled without + MBEDTLS_DEBUG_C + +For targets with space constraints, one might want to compile mbed TLS +without MBEDTLS_DEBUG_C defined, to save some tens of kilobytes. Make +sure OpenVPN still compiles if that is the case. + +Signed-off-by: Steffan Karger +Acked-by: Gert Doering +Message-Id: <1465934403-22226-1-git-send-email-steffan@karger.me> +URL: http://article.gmane.org/gmane.network.openvpn.devel/11922 +Signed-off-by: Gert Doering +--- a/src/openvpn/ssl_polarssl.c ++++ b/src/openvpn/ssl_polarssl.c +@@ -747,7 +747,9 @@ void key_state_ssl_init(struct key_state + if (polar_ok(ssl_init(ks_ssl->ctx))) + { + /* Initialise SSL context */ ++ #ifdef POLARSSL_DEBUG_C + debug_set_threshold(3); ++ #endif + ssl_set_dbg (ks_ssl->ctx, my_debug, NULL); + ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint); diff --git a/package/network/services/openvpn/patches/110-musl_compat.patch b/package/network/services/openvpn/patches/110-musl_compat.patch deleted file mode 100644 index 566c17f062..0000000000 --- a/package/network/services/openvpn/patches/110-musl_compat.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- a/src/openvpn/syshead.h -+++ b/src/openvpn/syshead.h -@@ -214,10 +214,6 @@ - - #ifdef TARGET_LINUX - --#if defined(HAVE_NETINET_IF_ETHER_H) --#include --#endif -- - #ifdef HAVE_LINUX_IF_TUN_H - #include - #endif diff --git a/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch b/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch deleted file mode 100644 index 9e1511b6b6..0000000000 --- a/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch +++ /dev/null @@ -1,16 +0,0 @@ -Index: openvpn-2.3.6/src/openvpn/ssl_polarssl.c -=================================================================== ---- openvpn-2.3.6.orig/src/openvpn/ssl_polarssl.c -+++ openvpn-2.3.6/src/openvpn/ssl_polarssl.c -@@ -707,6 +707,11 @@ void key_state_ssl_init(struct key_state - if (ssl_ctx->allowed_ciphers) - ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers); - -+ /* Disable record splitting (breaks current ssl handling) */ -+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING) -+ ssl_set_cbc_record_splitting (ks_ssl->ctx, SSL_CBC_RECORD_SPLITTING_DISABLED); -+#endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */ -+ - /* Initialise authentication information */ - if (is_server) - ssl_set_dh_param_ctx (ks_ssl->ctx, ssl_ctx->dhm_ctx ); diff --git a/package/network/services/openvpn/patches/130-polarssl-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/130-polarssl-disable-runtime-version-check.patch deleted file mode 100644 index c97e9f26af..0000000000 --- a/package/network/services/openvpn/patches/130-polarssl-disable-runtime-version-check.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/openvpn/ssl_polarssl.c -+++ b/src/openvpn/ssl_polarssl.c -@@ -1119,7 +1119,7 @@ const char * - get_ssl_library_version(void) - { - static char polar_version[30]; -- unsigned int pv = version_get_number(); -+ unsigned int pv = POLARSSL_VERSION_NUMBER; - sprintf( polar_version, "PolarSSL %d.%d.%d", - (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff ); - return polar_version; diff --git a/package/network/services/openvpn/patches/200-small_build_enable_occ.patch b/package/network/services/openvpn/patches/200-small_build_enable_occ.patch new file mode 100644 index 0000000000..eef4da2d26 --- /dev/null +++ b/package/network/services/openvpn/patches/200-small_build_enable_occ.patch @@ -0,0 +1,12 @@ +--- a/src/openvpn/syshead.h ++++ b/src/openvpn/syshead.h +@@ -602,9 +602,7 @@ socket_defined (const socket_descriptor_ + /* + * Should we include OCC (options consistency check) code? + */ +-#ifndef ENABLE_SMALL + #define ENABLE_OCC +-#endif + + /* + * Should we include NTLM proxy functionality diff --git a/package/network/services/samba36/Makefile b/package/network/services/samba36/Makefile index 98ab31cab8..2e6518336e 100644 --- a/package/network/services/samba36/Makefile +++ b/package/network/services/samba36/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=samba PKG_VERSION:=3.6.25 -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_SOURCE_URL:=http://ftp.samba.org/pub/samba \ http://ftp.samba.org/pub/samba/stable diff --git a/package/network/services/samba36/patches/028-CVE-2017-7494-v3-6.patch b/package/network/services/samba36/patches/028-CVE-2017-7494-v3-6.patch new file mode 100644 index 0000000000..17b020d88a --- /dev/null +++ b/package/network/services/samba36/patches/028-CVE-2017-7494-v3-6.patch @@ -0,0 +1,29 @@ +From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001 +From: Volker Lendecke +Date: Mon, 8 May 2017 21:40:40 +0200 +Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with / + inside + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780 + +Signed-off-by: Volker Lendecke +Reviewed-by: Jeremy Allison +Reviewed-by: Stefan Metzmacher +--- + source3/rpc_server/srv_pipe.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_f + pipename += 1; + } + ++ if (strchr(pipename, '/')) { ++ DEBUG(1, ("Refusing open on pipe %s\n", pipename)); ++ return false; ++ } ++ + if (lp_disable_spoolss() && strequal(pipename, "spoolss")) { + DEBUG(10, ("refusing spoolss access\n")); + return false; diff --git a/package/network/services/samba36/patches/310-remove_error_strings.patch b/package/network/services/samba36/patches/310-remove_error_strings.patch index ee3460dfdb..596a327f6f 100644 --- a/package/network/services/samba36/patches/310-remove_error_strings.patch +++ b/package/network/services/samba36/patches/310-remove_error_strings.patch @@ -303,7 +303,7 @@ --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c -@@ -991,7 +991,6 @@ static bool api_pipe_bind_req(struct pip +@@ -996,7 +996,6 @@ static bool api_pipe_bind_req(struct pip if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("api_pipe_bind_req: invalid pdu: %s\n", nt_errstr(status))); @@ -311,7 +311,7 @@ goto err_exit; } -@@ -1325,7 +1324,6 @@ bool api_pipe_bind_auth3(struct pipes_st +@@ -1330,7 +1329,6 @@ bool api_pipe_bind_auth3(struct pipes_st if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("api_pipe_bind_auth3: invalid pdu: %s\n", nt_errstr(status))); @@ -319,7 +319,7 @@ goto err; } -@@ -1483,7 +1481,6 @@ static bool api_pipe_alter_context(struc +@@ -1488,7 +1486,6 @@ static bool api_pipe_alter_context(struc if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("api_pipe_alter_context: invalid pdu: %s\n", nt_errstr(status))); @@ -327,7 +327,7 @@ goto err_exit; } -@@ -2057,7 +2054,6 @@ static bool process_request_pdu(struct p +@@ -2062,7 +2059,6 @@ static bool process_request_pdu(struct p if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("process_request_pdu: invalid pdu: %s\n", nt_errstr(status))); diff --git a/package/network/services/wireguard/Makefile b/package/network/services/wireguard/Makefile new file mode 100644 index 0000000000..10845ccf89 --- /dev/null +++ b/package/network/services/wireguard/Makefile @@ -0,0 +1,116 @@ +# +# Copyright (C) 2016-2017 Jason A. Donenfeld +# Copyright (C) 2016 Baptiste Jonglez +# Copyright (C) 2016-2017 Dan Luedtke +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=wireguard + +PKG_VERSION:=0.0.20171017 +PKG_RELEASE:=1 + +PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz +PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/ +PKG_MD5SUM:=1184c5734f7cd3b5895157835a336b3d + +PKG_LICENSE:=GPL-2.0 Apache-2.0 +PKG_LICENSE_FILES:=COPYING + +PKG_BUILD_DIR:=$(BUILD_DIR)/WireGuard-$(PKG_VERSION) +PKG_BUILD_PARALLEL:=1 +PKG_USE_MIPS16:=0 + +# WireGuard's makefile needs this to know where to build the kernel module +export KERNELDIR:=$(LINUX_DIR) + +include $(INCLUDE_DIR)/package.mk + +define Package/wireguard/Default + SECTION:=net + CATEGORY:=Network + SUBMENU:=VPN + URL:=https://www.wireguard.com + MAINTAINER:=Baptiste Jonglez , \ + Kevin Darbyshire-Bryant , \ + Dan Luedtke , \ + Jason A. Donenfeld +endef + +define Package/wireguard/Default/description + WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes + state-of-the-art cryptography. It aims to be faster, simpler, leaner, and + more useful than IPSec, while avoiding the massive headache. It intends to + be considerably more performant than OpenVPN. WireGuard is designed as a + general purpose VPN for running on embedded interfaces and super computers + alike, fit for many different circumstances. It uses UDP. +endef + +define Package/wireguard + $(call Package/wireguard/Default) + TITLE:=WireGuard meta-package + DEPENDS:=+wireguard-tools +kmod-wireguard +endef + +include $(INCLUDE_DIR)/kernel-defaults.mk +include $(INCLUDE_DIR)/package-defaults.mk + +# Used by Build/Compile/Default +MAKE_PATH:=src/tools + +define Build/Compile + $(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules + $(call Build/Compile/Default) +endef + +define Package/wireguard/install + true +endef + +define Package/wireguard/description + $(call Package/wireguard/Default/description) +endef + +define Package/wireguard-tools + $(call Package/wireguard/Default) + TITLE:=WireGuard userspace control program (wg) + DEPENDS:=+libmnl +ip +endef + +define Package/wireguard-tools/description + $(call Package/wireguard/Default/description) + + This package provides the userspace control program for WireGuard, + `wg(8)`, and a netifd protocol helper. +endef + +define Package/wireguard-tools/install + $(INSTALL_DIR) $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/tools/wg $(1)/usr/bin/ + $(INSTALL_DIR) $(1)/lib/netifd/proto/ + $(INSTALL_BIN) ./files/wireguard.sh $(1)/lib/netifd/proto/ +endef + +define KernelPackage/wireguard + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Support + TITLE:=WireGuard kernel module + DEPENDS:=+IPV6:kmod-udptunnel6 +IPV6:kmod-ipv6 +kmod-udptunnel4 +kmod-crypto-core + FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX) + AUTOLOAD:=$(call AutoProbe,wireguard) +endef + +define KernelPackage/wireguard/description + $(call Package/wireguard/Default/description) + + This package provides the kernel module for WireGuard. +endef + +$(eval $(call BuildPackage,wireguard)) +$(eval $(call BuildPackage,wireguard-tools)) +$(eval $(call KernelPackage,wireguard)) diff --git a/package/network/services/wireguard/files/wireguard.sh b/package/network/services/wireguard/files/wireguard.sh new file mode 100644 index 0000000000..7b18a2e0ec --- /dev/null +++ b/package/network/services/wireguard/files/wireguard.sh @@ -0,0 +1,192 @@ +#!/bin/sh +# Copyright 2016-2017 Dan Luedtke +# Licensed to the public under the Apache License 2.0. + + +WG=/usr/bin/wg +if [ ! -x $WG ]; then + logger -t "wireguard" "error: missing wireguard-tools (${WG})" + exit 0 +fi + + +[ -n "$INCLUDE_ONLY" ] || { + . /lib/functions.sh + . ../netifd-proto.sh + init_proto "$@" +} + + +proto_wireguard_init_config() { + proto_config_add_string "private_key" + proto_config_add_int "listen_port" + proto_config_add_int "mtu" + proto_config_add_string "fwmark" + available=1 + no_proto_task=1 +} + + +proto_wireguard_setup_peer() { + local peer_config="$1" + + local public_key + local preshared_key + local allowed_ips + local route_allowed_ips + local endpoint_host + local endpoint_port + local persistent_keepalive + + config_get public_key "${peer_config}" "public_key" + config_get preshared_key "${peer_config}" "preshared_key" + config_get allowed_ips "${peer_config}" "allowed_ips" + config_get_bool route_allowed_ips "${peer_config}" "route_allowed_ips" 0 + config_get endpoint_host "${peer_config}" "endpoint_host" + config_get endpoint_port "${peer_config}" "endpoint_port" + config_get persistent_keepalive "${peer_config}" "persistent_keepalive" + + # peer configuration + echo "[Peer]" >> "${wg_cfg}" + echo "PublicKey=${public_key}" >> "${wg_cfg}" + if [ "${preshared_key}" ]; then + echo "PresharedKey=${preshared_key}" >> "${wg_cfg}" + fi + for allowed_ip in $allowed_ips; do + echo "AllowedIPs=${allowed_ip}" >> "${wg_cfg}" + done + if [ "${endpoint_host}" ]; then + case "${endpoint_host}" in + *:*) + endpoint="[${endpoint_host}]" + ;; + *) + endpoint="${endpoint_host}" + ;; + esac + if [ "${endpoint_port}" ]; then + endpoint="${endpoint}:${endpoint_port}" + else + endpoint="${endpoint}:51820" + fi + echo "Endpoint=${endpoint}" >> "${wg_cfg}" + fi + if [ "${persistent_keepalive}" ]; then + echo "PersistentKeepalive=${persistent_keepalive}" >> "${wg_cfg}" + fi + + # add routes for allowed ips + if [ ${route_allowed_ips} -ne 0 ]; then + for allowed_ip in ${allowed_ips}; do + case "${allowed_ip}" in + *:*/*) + proto_add_ipv6_route "${allowed_ip%%/*}" "${allowed_ip##*/}" + ;; + *.*/*) + proto_add_ipv4_route "${allowed_ip%%/*}" "${allowed_ip##*/}" + ;; + *:*) + proto_add_ipv6_route "${allowed_ip%%/*}" "128" + ;; + *.*) + proto_add_ipv4_route "${allowed_ip%%/*}" "32" + ;; + esac + done + fi +} + + +proto_wireguard_setup() { + local config="$1" + local wg_dir="/tmp/wireguard" + local wg_cfg="${wg_dir}/${config}" + + local private_key + local listen_port + local mtu + + # load configuration + config_load network + config_get private_key "${config}" "private_key" + config_get listen_port "${config}" "listen_port" + config_get addresses "${config}" "addresses" + config_get mtu "${config}" "mtu" + config_get fwmark "${config}" "fwmark" + + # create interface + ip link del dev "${config}" 2>/dev/null + ip link add dev "${config}" type wireguard + + if [ "${mtu}" ]; then + ip link set mtu "${mtu}" dev "${config}" + fi + + proto_init_update "${config}" 1 + + # generate configuration file + umask 077 + mkdir -p "${wg_dir}" + echo "[Interface]" > "${wg_cfg}" + echo "PrivateKey=${private_key}" >> "${wg_cfg}" + if [ "${listen_port}" ]; then + echo "ListenPort=${listen_port}" >> "${wg_cfg}" + fi + if [ "${fwmark}" ]; then + echo "FwMark=${fwmark}" >> "${wg_cfg}" + fi + config_foreach proto_wireguard_setup_peer "wireguard_${config}" + + # apply configuration file + ${WG} setconf ${config} "${wg_cfg}" + WG_RETURN=$? + + # delete configuration file + rm -f "${wg_cfg}" + + # check status + if [ ${WG_RETURN} -ne 0 ]; then + sleep 5 + proto_setup_failed "${config}" + exit 1 + fi + + # add ip addresses + for address in ${addresses}; do + case "${address}" in + *:*/*) + proto_add_ipv6_address "${address%%/*}" "${address##*/}" + ;; + *.*/*) + proto_add_ipv4_address "${address%%/*}" "${address##*/}" + ;; + *:*) + proto_add_ipv6_address "${address%%/*}" "128" + ;; + *.*) + proto_add_ipv4_address "${address%%/*}" "32" + ;; + esac + done + + # endpoint dependency + wg show "${config}" endpoints | \ + sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \ + while IFS=$'\t ' read -r key address port; do + [ -n "${port}" ] || continue + proto_add_host_dependency "${config}" "${address}" + done + + proto_send_update "${config}" +} + + +proto_wireguard_teardown() { + local config="$1" + ip link del dev "${config}" >/dev/null 2>&1 +} + + +[ -n "$INCLUDE_ONLY" ] || { + add_protocol wireguard +} diff --git a/package/network/utils/iproute2/Makefile b/package/network/utils/iproute2/Makefile index 308ec578e1..7dd169d289 100644 --- a/package/network/utils/iproute2/Makefile +++ b/package/network/utils/iproute2/Makefile @@ -12,7 +12,7 @@ PKG_VERSION:=4.0.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=http://kernel.org/pub/linux/utils/net/iproute2/ +PKG_SOURCE_URL:=@KERNEL/linux/utils/net/iproute2/ PKG_MD5SUM:=3adc263ade4ee76c35032e8f50b54108 PKG_BUILD_PARALLEL:=1 PKG_LICENSE:=GPL-2.0 diff --git a/package/network/utils/tcpdump/Makefile b/package/network/utils/tcpdump/Makefile index 8e33a2bb7b..3a760c1a48 100644 --- a/package/network/utils/tcpdump/Makefile +++ b/package/network/utils/tcpdump/Makefile @@ -8,15 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tcpdump -PKG_VERSION:=4.5.1 -PKG_RELEASE:=4 +PKG_VERSION:=4.9.2 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.tcpdump.org/release/ \ - http://ftp.gwdg.de/pub/misc/tcpdump/ \ - http://www.at.tcpdump.org/ \ - http://www.br.tcpdump.org/ -PKG_MD5SUM:=973a2513d0076e34aa9da7e15ed98e1b + http://www.at.tcpdump.org/ +PKG_MD5SUM:=9bbc1ee33dab61302411b02dd0515576 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) PKG_BUILD_PARALLEL:=1 diff --git a/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch b/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch index d2c724d509..0588f39cca 100644 --- a/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch +++ b/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch @@ -1,23 +1,100 @@ ---- a/tcpdump.c -+++ b/tcpdump.c -@@ -1095,20 +1095,6 @@ main(int argc, char **argv) - error("invalid data link type %s", gndo->ndo_dltname); - break; +--- a/configure ++++ b/configure +@@ -6259,97 +6259,6 @@ $as_echo "no" >&6; } + fi + fi --#if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) -- case 'Y': -- { -- /* Undocumented flag */ --#ifdef HAVE_PCAP_DEBUG -- extern int pcap_debug; -- pcap_debug = 1; --#else +-# +-# Check for special debugging functions +-# +-for ac_func in pcap_set_parser_debug +-do : +- ac_fn_c_check_func "$LINENO" "pcap_set_parser_debug" "ac_cv_func_pcap_set_parser_debug" +-if test "x$ac_cv_func_pcap_set_parser_debug" = xyes; then : +- cat >>confdefs.h <<_ACEOF +-#define HAVE_PCAP_SET_PARSER_DEBUG 1 +-_ACEOF +- +-fi +-done +- +-if test "$ac_cv_func_pcap_set_parser_debug" = "no" ; then +- # +- # OK, we don't have pcap_set_parser_debug() to set the libpcap +- # filter expression parser debug flag; can we directly set the +- # flag? +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pcap_debug is defined by libpcap" >&5 +-$as_echo_n "checking whether pcap_debug is defined by libpcap... " >&6; } +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +- +-int +-main () +-{ +- +- extern int pcap_debug; +- +- return pcap_debug; +- +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_link "$LINENO"; then : +- ac_lbl_cv_pcap_debug_defined=yes +-else +- ac_lbl_cv_pcap_debug_defined=no +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +- if test "$ac_lbl_cv_pcap_debug_defined" = yes ; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- +-$as_echo "#define HAVE_PCAP_DEBUG 1" >>confdefs.h +- +- else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- # +- # OK, what about "yydebug"? +- # +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether yydebug is defined by libpcap" >&5 +-$as_echo_n "checking whether yydebug is defined by libpcap... " >&6; } +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +- +-int +-main () +-{ +- - extern int yydebug; -- yydebug = 1; --#endif -- } -- break; --#endif - case 'z': - if (optarg) { - zflag = strdup(optarg); +- +- return yydebug; +- +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_link "$LINENO"; then : +- ac_lbl_cv_yydebug_defined=yes +-else +- ac_lbl_cv_yydebug_defined=no +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +- if test "$ac_lbl_cv_yydebug_defined" = yes ; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- +-$as_echo "#define HAVE_YYDEBUG 1" >>confdefs.h +- +- else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- fi +- fi +-fi + for ac_func in pcap_set_optimizer_debug + do : + ac_fn_c_check_func "$LINENO" "pcap_set_optimizer_debug" "ac_cv_func_pcap_set_optimizer_debug" diff --git a/package/network/utils/tcpdump/patches/002-remove_static_libpcap_check.patch b/package/network/utils/tcpdump/patches/002-remove_static_libpcap_check.patch index c8bdf1499e..6d96c2eacd 100644 --- a/package/network/utils/tcpdump/patches/002-remove_static_libpcap_check.patch +++ b/package/network/utils/tcpdump/patches/002-remove_static_libpcap_check.patch @@ -1,35 +1,44 @@ --- a/configure +++ b/configure -@@ -5813,28 +5813,6 @@ $as_echo "Using $pfopen" >&6; } +@@ -5471,37 +5471,6 @@ $as_echo "Using $pfopen" >&6; } LIBS="$LIBS $pfopen" fi fi -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for local pcap library" >&5 +- libpcap=FAIL +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for local pcap library" >&5 -$as_echo_n "checking for local pcap library... " >&6; } -- libpcap=FAIL -- lastdir=FAIL -- places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \ -- egrep '/libpcap-[0-9]+\.[0-9]+(\.[0-9]*)?([ab][0-9]*|-PRE-GIT)?$'` -- for dir in $places $srcdir/../libpcap $srcdir/libpcap ; do -- basedir=`echo $dir | sed -e 's/[ab][0-9]*$//' | \ -- sed -e 's/-PRE-GIT$//' ` -- if test $lastdir = $basedir ; then -- continue; -- fi -- lastdir=$dir -- if test -r $dir/libpcap.a ; then -- libpcap=$dir/libpcap.a -- d=$dir -- fi -- done +- +-# Check whether --with-system-libpcap was given. +-if test "${with_system_libpcap+set}" = set; then : +- withval=$with_system_libpcap; +-fi +- +- if test "x$with_system_libpcap" != xyes ; then +- lastdir=FAIL +- places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \ +- egrep '/libpcap-[0-9]+\.[0-9]+(\.[0-9]*)?([ab][0-9]*|-PRE-GIT)?$'` +- places2=`ls .. | sed -e 's,/$,,' -e "s,^,../," | \ +- egrep '/libpcap-[0-9]+\.[0-9]+(\.[0-9]*)?([ab][0-9]*|-PRE-GIT)?$'` +- for dir in $places $srcdir/../libpcap ../libpcap $srcdir/libpcap $places2 ; do +- basedir=`echo $dir | sed -e 's/[ab][0-9]*$//' | \ +- sed -e 's/-PRE-GIT$//' ` +- if test $lastdir = $basedir ; then +- continue; +- fi +- lastdir=$dir +- if test -r $dir/libpcap.a ; then +- libpcap=$dir/libpcap.a +- d=$dir +- fi +- done +- fi - if test $libpcap = FAIL ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 -$as_echo "not found" >&6; } -- + # # Look for pcap-config. - # -@@ -5989,41 +5967,6 @@ if test "x$ac_cv_lib_pcap_main" = xyes; +@@ -5657,51 +5626,6 @@ if test "x$ac_cv_lib_pcap_main" = xyes; libpcap="-lpcap" fi @@ -59,13 +68,23 @@ - V_PCAPDEP=$libpcap - places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \ - egrep '/libpcap-[0-9]*.[0-9]*(.[0-9]*)?([ab][0-9]*)?$'` +- places2=`ls .. | sed -e 's,/$,,' -e "s,^,../," | \ +- egrep '/libpcap-[0-9]*.[0-9]*(.[0-9]*)?([ab][0-9]*)?$'` +- pcapH=FAIL - if test -r $d/pcap.h; then -- V_INCLS="-I$d $V_INCLS" -- elif test -r $places/pcap.h; then -- V_INCLS="-I$places $V_INCLS" +- pcapH=$d - else -- as_fn_error see INSTALL "cannot find pcap.h" "$LINENO" 5 +- for dir in $places $srcdir/../libpcap ../libpcap $srcdir/libpcap $places2 ; do +- if test -r $dir/pcap.h ; then +- pcapH=$dir +- fi +- done +- fi +- +- if test $pcapH = FAIL ; then +- as_fn_error $? "cannot find pcap.h: see INSTALL" "$LINENO" 5 - fi +- V_INCLS="-I$pcapH $V_INCLS" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libpcap" >&5 -$as_echo "$libpcap" >&6; } # Extract the first word of "pcap-config", so it can be a program name with args. diff --git a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch index 8d07be6b40..5d8a269075 100644 --- a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch +++ b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch @@ -1,74 +1,117 @@ --- a/Makefile.in +++ b/Makefile.in -@@ -71,6 +71,22 @@ DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@ - @rm -f $@ - $(CC) $(FULL_CFLAGS) -c $(srcdir)/$*.c +@@ -72,6 +72,80 @@ DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@ + + CSRC = setsignal.c tcpdump.c +ifdef TCPDUMP_MINI + -+CSRC = addrtoname.c af.c checksum.c cpack.c gmpls.c oui.c gmt2local.c ipproto.c \ -+ nlpid.c l2vpn.c machdep.c parsenfsfh.c in_cksum.c \ -+ print-802_11.c print-aodv.c print-arp.c print-ascii.c \ -+ print-bgp.c print-bootp.c print-cdp.c print-domain.c print-eap.c print-ether.c \ -+ print-gre.c print-icmp.c print-igmp.c print-ip.c \ -+ print-l2tp.c print-lldp.c print-llc.c \ -+ print-nfs.c print-ntp.c print-null.c print-olsr.c print-ospf.c \ -+ print-ppp.c print-pppoe.c print-pptp.c print-radius.c print-raw.c print-rsvp.c \ -+ print-sctp.c print-sip.c print-sll.c print-snmp.c print-stp.c print-sunrpc.c \ -+ print-syslog.c print-tcp.c print-telnet.c print-tftp.c print-udp.c \ -+ setsignal.c tcpdump.c util.c signature.c print-ipnet.c print-forces.c ++LIBNETDISSECT_SRC=\ ++ netdissect.c \ ++ addrtoname.c \ ++ addrtostr.c \ ++ af.c \ ++ ascii_strcasecmp.c \ ++ checksum.c \ ++ cpack.c \ ++ gmpls.c \ ++ gmt2local.c \ ++ in_cksum.c \ ++ ipproto.c \ ++ l2vpn.c \ ++ machdep.c \ ++ nlpid.c \ ++ oui.c \ ++ parsenfsfh.c \ ++ print.c \ ++ print-802_11.c \ ++ print-aodv.c \ ++ print-arp.c \ ++ print-ascii.c \ ++ print-bootp.c \ ++ print-dhcp6.c \ ++ print-domain.c \ ++ print-eap.c \ ++ print-ether.c \ ++ print-ftp.c \ ++ print-gre.c \ ++ print-http.c \ ++ print-icmp.c \ ++ print-icmp6.c \ ++ print-igmp.c \ ++ print-ip.c \ ++ print-ip6.c \ ++ print-ip6opts.c \ ++ print-ipnet.c \ ++ print-l2tp.c \ ++ print-llc.c \ ++ print-lldp.c \ ++ print-loopback.c \ ++ print-nfs.c \ ++ print-ntp.c \ ++ print-null.c \ ++ print-olsr.c \ ++ print-ospf.c \ ++ print-ospf6.c \ ++ print-ppp.c \ ++ print-pppoe.c \ ++ print-pptp.c \ ++ print-radius.c \ ++ print-raw.c \ ++ print-rsvp.c \ ++ print-rt6.c \ ++ print-rtsp.c \ ++ print-sip.c \ ++ print-sll.c \ ++ print-smtp.c \ ++ print-snmp.c \ ++ print-stp.c \ ++ print-sunrpc.c \ ++ print-syslog.c \ ++ print-tcp.c \ ++ print-telnet.c \ ++ print-tftp.c \ ++ print-udp.c \ ++ signature.c \ ++ strtoaddr.c \ ++ util-print.c + +else + - CSRC = addrtoname.c af.c checksum.c cpack.c gmpls.c oui.c gmt2local.c ipproto.c \ - nlpid.c l2vpn.c machdep.c parsenfsfh.c in_cksum.c \ - print-802_11.c print-802_15_4.c print-ap1394.c print-ah.c \ -@@ -103,6 +119,8 @@ LIBNETDISSECT_SRC=print-isakmp.c - LIBNETDISSECT_OBJ=$(LIBNETDISSECT_SRC:.c=.o) - LIBNETDISSECT=libnetdissect.a + LIBNETDISSECT_SRC=\ + addrtoname.c \ + addrtostr.c \ +@@ -237,6 +311,8 @@ LIBNETDISSECT_SRC=\ + strtoaddr.c \ + util-print.c +endif + LOCALSRC = @LOCALSRC@ GENSRC = version.c LIBOBJS = @LIBOBJS@ -@@ -286,10 +304,12 @@ $(PROG): $(OBJ) @V_PCAPDEP@ - @rm -f $@ - $(CC) $(FULL_CFLAGS) $(LDFLAGS) -o $@ $(OBJ) $(LIBS) - -+ifndef TCPDUMP_MINI - $(LIBNETDISSECT): $(LIBNETDISSECT_OBJ) - @rm -f $@ - $(AR) cr $@ $(LIBNETDISSECT_OBJ) - $(RANLIB) $@ -+endif - - datalinks.o: $(srcdir)/missing/datalinks.c - $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/datalinks.c --- a/addrtoname.c +++ b/addrtoname.c -@@ -556,10 +556,10 @@ linkaddr_string(const u_char *ep, const - +@@ -578,8 +578,10 @@ linkaddr_string(netdissect_options *ndo, if (type == LINKADDR_ETHER && len == ETHER_ADDR_LEN) - return (etheraddr_string(ep)); -- + return (etheraddr_string(ndo, ep)); + +#ifndef TCPDUMP_MINI if (type == LINKADDR_FRELAY) - return (q922_string(ep)); -- + return (q922_string(ndo, ep, len)); +#endif - tp = lookup_bytestring(ep, len); - if (tp->e_name) - return (tp->e_name); -@@ -1159,6 +1159,7 @@ init_addrtoname(u_int32_t localnet, u_in - init_ipxsaparray(); + + tp = lookup_bytestring(ndo, ep, len); + if (tp->bs_name) +@@ -1214,6 +1216,7 @@ init_addrtoname(netdissect_options *ndo, + init_ipxsaparray(ndo); } +#ifndef TCPDUMP_MINI const char * - dnaddr_string(u_short dnaddr) + dnaddr_string(netdissect_options *ndo, u_short dnaddr) { -@@ -1178,6 +1179,7 @@ dnaddr_string(u_short dnaddr) +@@ -1233,6 +1236,7 @@ dnaddr_string(netdissect_options *ndo, u return(tp->name); } @@ -76,384 +119,475 @@ /* Return a zero'ed hnamemem struct and cuts down on calloc() overhead */ struct hnamemem * +--- a/print.c ++++ b/print.c +@@ -48,6 +48,7 @@ static const struct printer printers[] = + #ifdef DLT_IPNET + { ipnet_if_print, DLT_IPNET }, + #endif ++#ifndef TCPDUMP_MINI + #ifdef DLT_IEEE802_15_4 + { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, + #endif +@@ -57,12 +58,14 @@ static const struct printer printers[] = + #ifdef DLT_PPI + { ppi_if_print, DLT_PPI }, + #endif ++#endif + #ifdef DLT_NETANALYZER + { netanalyzer_if_print, DLT_NETANALYZER }, + #endif + #ifdef DLT_NETANALYZER_TRANSPARENT + { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, + #endif ++#ifndef TCPDUMP_MINI + #if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H) + { nflog_if_print, DLT_NFLOG}, + #endif +@@ -75,10 +78,12 @@ static const struct printer printers[] = + #ifdef DLT_IP_OVER_FC + { ipfc_if_print, DLT_IP_OVER_FC }, + #endif ++#endif + { null_if_print, DLT_NULL }, + #ifdef DLT_LOOP + { null_if_print, DLT_LOOP }, + #endif ++#ifndef TCPDUMP_MINI + #ifdef DLT_APPLE_IP_OVER_IEEE1394 + { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, + #endif +@@ -92,7 +97,9 @@ static const struct printer printers[] = + #ifdef DLT_ARCNET_LINUX + { arcnet_linux_if_print, DLT_ARCNET_LINUX }, + #endif ++#endif + { raw_if_print, DLT_RAW }, ++#ifndef TCPDUMP_MINI + #ifdef DLT_IPV4 + { raw_if_print, DLT_IPV4 }, + #endif +@@ -116,17 +123,21 @@ static const struct printer printers[] = + #ifdef DLT_HDLC + { chdlc_if_print, DLT_HDLC }, + #endif ++#endif + #ifdef DLT_PPP_ETHER + { pppoe_if_print, DLT_PPP_ETHER }, + #endif ++#ifndef TCPDUMP_MINI + #if defined(DLT_PFLOG) && defined(HAVE_NET_IF_PFLOG_H) + { pflog_if_print, DLT_PFLOG }, + #endif + { token_if_print, DLT_IEEE802 }, + { fddi_if_print, DLT_FDDI }, ++#endif + #ifdef DLT_LINUX_SLL + { sll_if_print, DLT_LINUX_SLL }, + #endif ++#ifndef TCPDUMP_MINI + #ifdef DLT_FR + { fr_if_print, DLT_FR }, + #endif +@@ -198,6 +209,7 @@ static const struct printer printers[] = + #ifdef DLT_PKTAP + { pktap_if_print, DLT_PKTAP }, + #endif ++#endif + #ifdef DLT_IEEE802_11_RADIO + { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, + #endif +@@ -214,12 +226,14 @@ static const struct printer printers[] = + #ifdef DLT_PPP_WITHDIRECTION + { ppp_if_print, DLT_PPP_WITHDIRECTION }, + #endif ++#ifndef TCPDUMP_MINI + #ifdef DLT_PPP_BSDOS + { ppp_bsdos_if_print, DLT_PPP_BSDOS }, + #endif + #ifdef DLT_PPP_SERIAL + { ppp_hdlc_if_print, DLT_PPP_SERIAL }, + #endif ++#endif + { NULL, 0 }, + }; + --- a/print-ether.c +++ b/print-ether.c @@ -342,6 +342,7 @@ ethertype_print(netdissect_options *ndo, - arp_print(ndo, p, length, caplen); + arp_print(ndo, p, length, caplen); return (1); +#ifndef TCPDUMP_MINI case ETHERTYPE_DN: - decnet_print(/*ndo,*/p, length, caplen); - return (1); -@@ -360,10 +361,13 @@ ethertype_print(netdissect_options *ndo, - ND_PRINT((ndo, "(NOV-ETHII) ")); - ipx_print(/*ndo,*/p, length); + decnet_print(ndo, p, length, caplen); return (1); -+#endif - -+#ifndef TCPDUMP_MINI - case ETHERTYPE_ISO: - isoclns_print(/*ndo,*/p+1, length-1, length-1); - return(1); +@@ -368,6 +369,7 @@ ethertype_print(netdissect_options *ndo, + } + isoclns_print(ndo, p + 1, length - 1); + return(1); +#endif case ETHERTYPE_PPPOED: case ETHERTYPE_PPPOES: -@@ -376,9 +380,11 @@ ethertype_print(netdissect_options *ndo, +@@ -380,9 +382,11 @@ ethertype_print(netdissect_options *ndo, eap_print(ndo, p, length); return (1); +#ifndef TCPDUMP_MINI case ETHERTYPE_RRCP: - rrcp_print(ndo, p - 14 , length + 14); + rrcp_print(ndo, p, length, src, dst); return (1); +#endif case ETHERTYPE_PPP: if (length) { -@@ -387,6 +393,7 @@ ethertype_print(netdissect_options *ndo, +@@ -391,6 +395,7 @@ ethertype_print(netdissect_options *ndo, } return (1); +#ifndef TCPDUMP_MINI case ETHERTYPE_MPCP: - mpcp_print(/*ndo,*/p, length); + mpcp_print(ndo, p, length); return (1); -@@ -399,7 +406,7 @@ ethertype_print(netdissect_options *ndo, +@@ -403,6 +408,7 @@ ethertype_print(netdissect_options *ndo, case ETHERTYPE_CFM_OLD: - cfm_print(/*ndo,*/p, length); + cfm_print(ndo, p, length); return (1); -- +#endif + case ETHERTYPE_LLDP: - lldp_print(/*ndo,*/p, length); - return (1); -@@ -407,6 +414,7 @@ ethertype_print(netdissect_options *ndo, - case ETHERTYPE_LOOPBACK: + lldp_print(ndo, p, length); +@@ -412,6 +418,7 @@ ethertype_print(netdissect_options *ndo, + loopback_print(ndo, p, length); return (1); +#ifndef TCPDUMP_MINI case ETHERTYPE_MPLS: case ETHERTYPE_MPLS_MULTI: - mpls_print(/*ndo,*/p, length); -@@ -428,6 +436,7 @@ ethertype_print(netdissect_options *ndo, - case ETHERTYPE_CALM_FAST: - calm_fast_print(ndo, p-14, p, length); - return (1); + mpls_print(ndo, p, length); +@@ -441,6 +448,7 @@ ethertype_print(netdissect_options *ndo, + case ETHERTYPE_MEDSA: + medsa_print(ndo, p, length, caplen, src, dst); + return (1); +#endif case ETHERTYPE_LAT: case ETHERTYPE_SCA: --- a/print-gre.c +++ b/print-gre.c -@@ -213,6 +213,7 @@ gre_print_0(const u_char *bp, u_int leng - ip6_print(gndo, bp, len); +@@ -216,6 +216,7 @@ gre_print_0(netdissect_options *ndo, con + case ETHERTYPE_IPV6: + ip6_print(ndo, bp, len); break; - #endif +#ifndef TCPDUMP_MINI case ETHERTYPE_MPLS: - mpls_print(bp, len); + mpls_print(ndo, bp, len); break; -@@ -228,6 +229,7 @@ gre_print_0(const u_char *bp, u_int leng +@@ -231,6 +232,7 @@ gre_print_0(netdissect_options *ndo, con case ETHERTYPE_TEB: - ether_print(gndo, bp, len, len, NULL, NULL); + ether_print(ndo, bp, len, ndo->ndo_snapend - bp, NULL, NULL); break; +#endif default: - printf("gre-proto-0x%x", prot); + ND_PRINT((ndo, "gre-proto-0x%x", prot)); } --- a/print-igmp.c +++ b/print-igmp.c -@@ -309,6 +309,7 @@ igmp_print(register const u_char *bp, re - TCHECK2(bp[4], 4); - (void)printf("igmp leave %s", ipaddr_string(&bp[4])); +@@ -306,6 +306,7 @@ igmp_print(netdissect_options *ndo, + ND_TCHECK2(bp[4], 4); + ND_PRINT((ndo, "igmp leave %s", ipaddr_string(ndo, &bp[4]))); break; +#ifndef TCPDUMP_MINI case 0x13: - (void)printf("igmp dvmrp"); + ND_PRINT((ndo, "igmp dvmrp")); if (len < 8) -@@ -320,6 +321,7 @@ igmp_print(register const u_char *bp, re - (void)printf("igmp pimv1"); - pimv1_print(bp, len); +@@ -317,6 +318,7 @@ igmp_print(netdissect_options *ndo, + ND_PRINT((ndo, "igmp pimv1")); + pimv1_print(ndo, bp, len); break; +#endif case 0x1e: - print_mresp(bp, len); + print_mresp(ndo, bp, len); break; +--- a/print-ip6.c ++++ b/print-ip6.c +@@ -305,6 +305,7 @@ ip6_print(netdissect_options *ndo, const + return; + nh = *cp; + break; ++#ifndef TCPDUMP_MINI + case IPPROTO_FRAGMENT: + advance = frag6_print(ndo, cp, (const u_char *)ip6); + if (advance < 0 || ndo->ndo_snapend <= cp + advance) +@@ -328,6 +329,7 @@ ip6_print(netdissect_options *ndo, const + return; + nh = *cp; + return; ++#endif + case IPPROTO_ROUTING: + ND_TCHECK(*cp); + advance = rt6_print(ndo, cp, (const u_char *)ip6); +@@ -335,12 +337,14 @@ ip6_print(netdissect_options *ndo, const + return; + nh = *cp; + break; ++#ifndef TCPDUMP_MINI + case IPPROTO_SCTP: + sctp_print(ndo, cp, (const u_char *)ip6, len); + return; + case IPPROTO_DCCP: + dccp_print(ndo, cp, (const u_char *)ip6, len); + return; ++#endif + case IPPROTO_TCP: + tcp_print(ndo, cp, len, (const u_char *)ip6, fragmented); + return; +@@ -350,6 +354,7 @@ ip6_print(netdissect_options *ndo, const + case IPPROTO_ICMPV6: + icmp6_print(ndo, cp, len, (const u_char *)ip6, fragmented); + return; ++#ifndef TCPDUMP_MINI + case IPPROTO_AH: + advance = ah_print(ndo, cp); + if (advance < 0) +@@ -382,6 +387,7 @@ ip6_print(netdissect_options *ndo, const + case IPPROTO_PIM: + pim_print(ndo, cp, len, (const u_char *)ip6); + return; ++#endif + + case IPPROTO_OSPF: + ospf6_print(ndo, cp, len); +@@ -395,9 +401,11 @@ ip6_print(netdissect_options *ndo, const + ip_print(ndo, cp, len); + return; + ++#ifndef TCPDUMP_MINI + case IPPROTO_PGM: + pgm_print(ndo, cp, len, (const u_char *)ip6); + return; ++#endif + + case IPPROTO_GRE: + gre_print(ndo, cp, len); --- a/print-ip.c +++ b/print-ip.c -@@ -328,6 +328,7 @@ ip_print_demux(netdissect_options *ndo, +@@ -344,6 +344,7 @@ ip_print_demux(netdissect_options *ndo, again: switch (ipds->nh) { +#ifndef TCPDUMP_MINI case IPPROTO_AH: - ipds->nh = *ipds->cp; - ipds->advance = ah_print(ipds->cp); -@@ -362,15 +363,15 @@ again: - ipds->nh = enh & 0xff; - goto again; + if (!ND_TTEST(*ipds->cp)) { + ND_PRINT((ndo, "[|AH]")); +@@ -382,7 +383,9 @@ again: + */ + break; } -- +#endif + ++#ifndef TCPDUMP_MINI case IPPROTO_SCTP: - sctp_print(ipds->cp, (const u_char *)ipds->ip, ipds->len); + sctp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len); break; -- -+#ifndef TCPDUMP_MINI +@@ -390,6 +393,7 @@ again: case IPPROTO_DCCP: - dccp_print(ipds->cp, (const u_char *)ipds->ip, ipds->len); + dccp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len); break; -- +#endif + case IPPROTO_TCP: /* pass on the MF bit plus the offset to detect fragments */ - tcp_print(ipds->cp, ipds->len, (const u_char *)ipds->ip, -@@ -388,7 +389,7 @@ again: - icmp_print(ipds->cp, ipds->len, (const u_char *)ipds->ip, +@@ -409,6 +413,7 @@ again: ipds->off & (IP_MF|IP_OFFMASK)); break; -- + +#ifndef TCPDUMP_MINI case IPPROTO_PIGP: /* * XXX - the current IANA protocol number assignments -@@ -409,15 +410,15 @@ again: +@@ -429,14 +434,17 @@ again: case IPPROTO_EIGRP: - eigrp_print(ipds->cp, ipds->len); + eigrp_print(ndo, ipds->cp, ipds->len); break; -- +#endif + case IPPROTO_ND: ND_PRINT((ndo, " nd %d", ipds->len)); break; -- + +#ifndef TCPDUMP_MINI case IPPROTO_EGP: - egp_print(ipds->cp, ipds->len); + egp_print(ndo, ipds->cp, ipds->len); break; -- +#endif + case IPPROTO_OSPF: - ospf_print(ipds->cp, ipds->len, (const u_char *)ipds->ip); - break; -@@ -451,10 +452,10 @@ again: - gre_print(ipds->cp, ipds->len); + ospf_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip); +@@ -469,6 +477,7 @@ again: + gre_print(ndo, ipds->cp, ipds->len); break; +#ifndef TCPDUMP_MINI case IPPROTO_MOBILE: - mobile_print(ipds->cp, ipds->len); + mobile_print(ndo, ipds->cp, ipds->len); break; -- - case IPPROTO_PIM: - vec[0].ptr = ipds->cp; - vec[0].len = ipds->len; -@@ -480,7 +481,7 @@ again: +@@ -497,6 +506,7 @@ again: case IPPROTO_PGM: - pgm_print(ipds->cp, ipds->len, (const u_char *)ipds->ip); + pgm_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip); break; -- +#endif + default: - if (ndo->ndo_nflag==0 && (proto = getprotobynumber(ipds->nh)) != NULL) - ND_PRINT((ndo, " %s", proto->p_name)); ---- a/print-ip6.c -+++ b/print-ip6.c -@@ -192,9 +192,11 @@ ip6_print(netdissect_options *ndo, const - case IPPROTO_SCTP: - sctp_print(cp, (const u_char *)ip6, len); - return; -+#ifndef TCPDUMP_MINI - case IPPROTO_DCCP: - dccp_print(cp, (const u_char *)ip6, len); - return; -+#endif - case IPPROTO_TCP: - tcp_print(cp, len, (const u_char *)ip6, fragmented); - return; -@@ -204,6 +206,7 @@ ip6_print(netdissect_options *ndo, const - case IPPROTO_ICMPV6: - icmp6_print(ndo, cp, len, (const u_char *)ip6, fragmented); - return; -+#ifndef TCPDUMP_MINI - case IPPROTO_AH: - advance = ah_print(cp); - nh = *cp; -@@ -228,7 +231,7 @@ ip6_print(netdissect_options *ndo, const - pim_print(cp, len, nextproto6_cksum(ip6, cp, len, - IPPROTO_PIM)); - return; -- -+#endif - case IPPROTO_OSPF: - ospf6_print(cp, len); - return; -@@ -240,11 +243,11 @@ ip6_print(netdissect_options *ndo, const - case IPPROTO_IPV4: - ip_print(ndo, cp, len); - return; -- -+#ifndef TCPDUMP_MINI - case IPPROTO_PGM: - pgm_print(cp, len, (const u_char *)ip6); - return; -- -+#endif - case IPPROTO_GRE: - gre_print(cp, len); - return; + if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL) --- a/print-llc.c +++ b/print-llc.c -@@ -196,7 +196,7 @@ llc_print(const u_char *p, u_int length, - control = EXTRACT_LE_16BITS(p + 2); - is_u = 0; +@@ -206,6 +206,7 @@ llc_print(netdissect_options *ndo, const + hdrlen = 4; /* DSAP, SSAP, 2-byte control field */ } -- + +#ifndef TCPDUMP_MINI if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) { /* * This is an Ethernet_802.3 IPX frame; it has an -@@ -219,6 +219,7 @@ llc_print(const u_char *p, u_int length, - ipx_print(p, length); - return (1); +@@ -228,6 +229,7 @@ llc_print(netdissect_options *ndo, const + ipx_print(ndo, p, length); + return (0); /* no LLC header */ } +#endif dsap = dsap_field & ~LLC_IG; ssap = ssap_field & ~LLC_GSAP; -@@ -251,6 +252,7 @@ llc_print(const u_char *p, u_int length, - return (1); +@@ -291,6 +293,7 @@ llc_print(netdissect_options *ndo, const + return (hdrlen); } +#ifndef TCPDUMP_MINI if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX && control == LLC_UI) { /* -@@ -266,6 +268,7 @@ llc_print(const u_char *p, u_int length, - ipx_print(p+3, length-3); - return (1); +@@ -304,6 +307,7 @@ llc_print(netdissect_options *ndo, const + ipx_print(ndo, p, length); + return (hdrlen); } +#endif - #ifdef TCPDUMP_DO_SMB + #ifdef ENABLE_SMB if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI -@@ -297,11 +300,13 @@ llc_print(const u_char *p, u_int length, - return (1); +@@ -322,12 +326,13 @@ llc_print(netdissect_options *ndo, const + return (hdrlen); } #endif +#ifndef TCPDUMP_MINI if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS && control == LLC_UI) { - isoclns_print(p + 3, length - 3, caplen - 3); - return (1); + isoclns_print(ndo, p, length); + return (hdrlen); } +- +#endif + if (!ndo->ndo_eflag) { + if (ssap == dsap) { + if (src == NULL || dst == NULL) +@@ -480,6 +485,7 @@ snap_print(netdissect_options *ndo, cons - if (ssap == LLCSAP_SNAP && dsap == LLCSAP_SNAP - && control == LLC_UI) { -@@ -444,6 +449,7 @@ snap_print(const u_char *p, u_int length - case PID_CISCO_CDP: - cdp_print(p, length, caplen); - return (1); + case OUI_CISCO: + switch (et) { +#ifndef TCPDUMP_MINI - case PID_CISCO_DTP: - dtp_print(p, length); + case PID_CISCO_CDP: + cdp_print(ndo, p, length, caplen); return (1); -@@ -453,6 +459,7 @@ snap_print(const u_char *p, u_int length +@@ -492,6 +498,7 @@ snap_print(netdissect_options *ndo, cons case PID_CISCO_VTP: - vtp_print(p, length); + vtp_print(ndo, p, length); return (1); +#endif case PID_CISCO_PVST: case PID_CISCO_VLANBRIDGE: - stp_print(p, length); -@@ -484,6 +491,7 @@ snap_print(const u_char *p, u_int length - ether_print(gndo, p, length, caplen, NULL, NULL); - return (1); + stp_print(ndo, p, length); +@@ -504,6 +511,7 @@ snap_print(netdissect_options *ndo, cons + case OUI_RFC2684: + switch (et) { +#ifndef TCPDUMP_MINI - case PID_RFC2684_802_5_FCS: - case PID_RFC2684_802_5_NOFCS: + case PID_RFC2684_ETH_FCS: + case PID_RFC2684_ETH_NOFCS: /* -@@ -525,6 +533,7 @@ snap_print(const u_char *p, u_int length +@@ -565,6 +573,7 @@ snap_print(netdissect_options *ndo, cons */ - fddi_print(p, length, caplen); + fddi_print(ndo, p, length, caplen); return (1); +#endif case PID_RFC2684_BPDU: - stp_print(p, length); + stp_print(ndo, p, length); --- a/print-null.c +++ b/print-null.c -@@ -128,7 +128,7 @@ null_if_print(const struct pcap_pkthdr * - ip6_print(gndo, p, length); +@@ -116,6 +116,7 @@ null_if_print(netdissect_options *ndo, c + ip6_print(ndo, p, length); break; - #endif -- + +#ifndef TCPDUMP_MINI case BSD_AFNUM_ISO: - isoclns_print(p, length, caplen); + isoclns_print(ndo, p, length); break; -@@ -140,7 +140,7 @@ null_if_print(const struct pcap_pkthdr * +@@ -127,6 +128,7 @@ null_if_print(netdissect_options *ndo, c case BSD_AFNUM_IPX: - ipx_print(p, length); + ipx_print(ndo, p, length); break; -- +#endif + default: /* unknown AF_ value */ - if (!eflag) --- a/print-ppp.c +++ b/print-ppp.c -@@ -1262,7 +1262,7 @@ trunc: +@@ -1367,6 +1367,7 @@ trunc: return 0; } -- +#ifndef TCPDUMP_MINI static void - ppp_hdlc(const u_char *p, int length) - { -@@ -1327,17 +1327,19 @@ cleanup: + ppp_hdlc(netdissect_options *ndo, + const u_char *p, int length) +@@ -1445,6 +1446,7 @@ trunc: free(b); - return; + ND_PRINT((ndo, "[|ppp]")); } +#endif /* PPP */ - static void - handle_ppp(u_int proto, const u_char *p, int length) +@@ -1452,10 +1454,12 @@ static void + handle_ppp(netdissect_options *ndo, + u_int proto, const u_char *p, int length) { +#ifndef TCPDUMP_MINI - if ((proto & 0xff00) == 0x7e00) {/* is this an escape code ? */ - ppp_hdlc(p-1, length); - return; - } -- + if ((proto & 0xff00) == 0x7e00) { /* is this an escape code ? */ + ppp_hdlc(ndo, p - 1, length); + return; + } +#endif + switch (proto) { case PPP_LCP: /* fall through */ - case PPP_IPCP: -@@ -1371,6 +1373,7 @@ handle_ppp(u_int proto, const u_char *p, - ip6_print(gndo, p, length); +@@ -1488,6 +1492,7 @@ handle_ppp(netdissect_options *ndo, + case PPP_IPV6: + ip6_print(ndo, p, length); break; - #endif +#ifndef TCPDUMP_MINI case ETHERTYPE_IPX: /*XXX*/ case PPP_IPX: - ipx_print(p, length); -@@ -1382,6 +1385,7 @@ handle_ppp(u_int proto, const u_char *p, + ipx_print(ndo, p, length); +@@ -1499,6 +1504,7 @@ handle_ppp(netdissect_options *ndo, case PPP_MPLS_MCAST: - mpls_print(p, length); + mpls_print(ndo, p, length); break; +#endif case PPP_COMP: - printf("compressed PPP data"); + ND_PRINT((ndo, "compressed PPP data")); break; -@@ -1520,6 +1524,7 @@ ppp_if_print(const struct pcap_pkthdr *h +@@ -1639,6 +1645,7 @@ ppp_if_print(netdissect_options *ndo, return (0); } @@ -461,384 +595,263 @@ /* * PPP I/F printer to use if we know that RFC 1662-style PPP in HDLC-like * framing, or Cisco PPP with HDLC framing as per section 4.3.1 of RFC 1547, -@@ -1747,7 +1752,7 @@ printx: +@@ -1866,6 +1873,7 @@ printx: #endif /* __bsdi__ */ return (hdrlength); } -- +#endif + /* - * Local Variables: +--- a/print-sll.c ++++ b/print-sll.c +@@ -238,12 +238,14 @@ recurse: + */ + switch (ether_type) { + ++#ifndef TCPDUMP_MINI + case LINUX_SLL_P_802_3: + /* + * Ethernet_802.3 IPX frame. + */ + ipx_print(ndo, p, length); + break; ++#endif + + case LINUX_SLL_P_802_2: + /* --- a/print-tcp.c +++ b/print-tcp.c -@@ -573,14 +573,14 @@ tcp_print(register const u_char *bp, reg - utoval >>= 1; - (void)printf(" %u", utoval); +@@ -589,12 +589,14 @@ tcp_print(netdissect_options *ndo, + ND_PRINT((ndo, " %u", utoval)); break; -- + +#ifndef TCPDUMP_MINI case TCPOPT_MPTCP: datalen = len - 2; LENCHECK(datalen); - if (!mptcp_print(cp-2, len, flags)) + if (!mptcp_print(ndo, cp-2, len, flags)) goto bad; break; -- +#endif - case TCPOPT_EXPERIMENT2: + + case TCPOPT_FASTOPEN: datalen = len - 2; - LENCHECK(datalen); -@@ -659,8 +659,8 @@ tcp_print(register const u_char *bp, reg - if ((flags & TH_RST) && vflag) { - print_tcp_rst_data(bp, length); +@@ -670,6 +672,7 @@ tcp_print(netdissect_options *ndo, return; -- } -- -+ } + } + +#ifndef TCPDUMP_MINI - if (packettype) { - switch (packettype) { + if (ndo->ndo_packettype) { + switch (ndo->ndo_packettype) { case PT_ZMTP1: -@@ -669,7 +669,7 @@ tcp_print(register const u_char *bp, reg +@@ -681,28 +684,36 @@ tcp_print(netdissect_options *ndo, } return; } -- +#endif - if (sport == TELNET_PORT || dport == TELNET_PORT) { - if (!qflag && vflag) - telnet_print(bp, length); -@@ -683,10 +683,12 @@ tcp_print(register const u_char *bp, reg - else if (sport == SMB_PORT || dport == SMB_PORT) - smb_tcp_print(bp, length); + + if (IS_SRC_OR_DST_PORT(TELNET_PORT)) { + telnet_print(ndo, bp, length); + } else if (IS_SRC_OR_DST_PORT(SMTP_PORT)) { + ND_PRINT((ndo, ": ")); + smtp_print(ndo, bp, length); +- } else if (IS_SRC_OR_DST_PORT(BGP_PORT)) ++ } ++#ifndef TCPDUMP_MINI ++ else if (IS_SRC_OR_DST_PORT(BGP_PORT)) + bgp_print(ndo, bp, length); ++#endif + else if (IS_SRC_OR_DST_PORT(PPTP_PORT)) + pptp_print(ndo, bp); ++#ifndef TCPDUMP_MINI + else if (IS_SRC_OR_DST_PORT(REDIS_PORT)) + resp_print(ndo, bp, length); ++#endif + #ifdef ENABLE_SMB + else if (IS_SRC_OR_DST_PORT(NETBIOS_SSN_PORT)) + nbt_tcp_print(ndo, bp, length); + else if (IS_SRC_OR_DST_PORT(SMB_PORT)) + smb_tcp_print(ndo, bp, length); #endif +#ifndef TCPDUMP_MINI - else if (sport == BEEP_PORT || dport == BEEP_PORT) - beep_print(bp, length); - else if (sport == OPENFLOW_PORT || dport == OPENFLOW_PORT) - openflow_print(bp, length); + else if (IS_SRC_OR_DST_PORT(BEEP_PORT)) + beep_print(ndo, bp, length); + else if (IS_SRC_OR_DST_PORT(OPENFLOW_PORT_OLD) || IS_SRC_OR_DST_PORT(OPENFLOW_PORT_IANA)) + openflow_print(ndo, bp, length); +#endif - else if (length > 2 && - (sport == NAMESERVER_PORT || dport == NAMESERVER_PORT || - sport == MULTICASTDNS_PORT || dport == MULTICASTDNS_PORT)) { -@@ -695,6 +697,7 @@ tcp_print(register const u_char *bp, reg + else if (IS_SRC_OR_DST_PORT(FTP_PORT)) { + ND_PRINT((ndo, ": ")); + ftp_print(ndo, bp, length); +@@ -719,6 +730,7 @@ tcp_print(netdissect_options *ndo, * XXX packet could be unaligned, it can go strange */ - ns_print(bp + 2, length - 2, 0); + ns_print(ndo, bp + 2, length - 2, 0); +#ifndef TCPDUMP_MINI - } else if (sport == MSDP_PORT || dport == MSDP_PORT) { - msdp_print(bp, length); - } else if (sport == RPKI_RTR_PORT || dport == RPKI_RTR_PORT) { -@@ -702,6 +705,7 @@ tcp_print(register const u_char *bp, reg + } else if (IS_SRC_OR_DST_PORT(MSDP_PORT)) { + msdp_print(ndo, bp, length); + } else if (IS_SRC_OR_DST_PORT(RPKI_RTR_PORT)) { +@@ -726,6 +738,7 @@ tcp_print(netdissect_options *ndo, } - else if (length > 0 && (sport == LDP_PORT || dport == LDP_PORT)) { - ldp_print(bp, length); + else if (length > 0 && (IS_SRC_OR_DST_PORT(LDP_PORT))) { + ldp_print(ndo, bp, length); +#endif } - else if ((sport == NFS_PORT || dport == NFS_PORT) && - length >= 4 && TTEST2(*bp, 4)) { + else if ((IS_SRC_OR_DST_PORT(NFS_PORT)) && + length >= 4 && ND_TTEST2(*bp, 4)) { --- a/print-udp.c +++ b/print-udp.c -@@ -418,11 +418,12 @@ udp_print(register const u_char *bp, u_i - vat_print((void *)(up + 1), up); +@@ -430,10 +430,12 @@ udp_print(netdissect_options *ndo, regis + vat_print(ndo, (const void *)(up + 1), up); break; +#ifndef TCPDUMP_MINI case PT_WB: - udpipaddr_print(ip, sport, dport); - wb_print((void *)(up + 1), length); + udpipaddr_print(ndo, ip, sport, dport); + wb_print(ndo, (const void *)(up + 1), length); break; -- +#endif + case PT_RPC: - rp = (struct sunrpc_msg *)(up + 1); - direction = (enum sunrpc_msg_type)EXTRACT_32BITS(&rp->rm_direction); -@@ -450,11 +451,12 @@ udp_print(register const u_char *bp, u_i - snmp_print((const u_char *)(up + 1), length); + rp = (const struct sunrpc_msg *)(up + 1); +@@ -462,10 +464,12 @@ udp_print(netdissect_options *ndo, regis + snmp_print(ndo, (const u_char *)(up + 1), length); break; +#ifndef TCPDUMP_MINI case PT_CNFP: - udpipaddr_print(ip, sport, dport); - cnfp_print(cp, (const u_char *)ip); + udpipaddr_print(ndo, ip, sport, dport); + cnfp_print(ndo, cp); break; -- +#endif + case PT_TFTP: - udpipaddr_print(ip, sport, dport); - tftp_print(cp, length); -@@ -475,6 +477,7 @@ udp_print(register const u_char *bp, u_i - radius_print(cp, length); + udpipaddr_print(ndo, ip, sport, dport); +@@ -483,6 +487,7 @@ udp_print(netdissect_options *ndo, regis + radius_print(ndo, cp, length); break; +#ifndef TCPDUMP_MINI case PT_VXLAN: - udpipaddr_print(ip, sport, dport); - vxlan_print((const u_char *)(up + 1), length); -@@ -489,6 +492,7 @@ udp_print(register const u_char *bp, u_i - udpipaddr_print(ip, sport, dport); - lmp_print(cp, length); + udpipaddr_print(ndo, ip, sport, dport); + vxlan_print(ndo, (const u_char *)(up + 1), length); +@@ -497,6 +502,7 @@ udp_print(netdissect_options *ndo, regis + udpipaddr_print(ndo, ip, sport, dport); + lmp_print(ndo, cp, length); break; +#endif } return; } -@@ -517,6 +521,7 @@ udp_print(register const u_char *bp, u_i - } - #endif - } +@@ -574,31 +580,40 @@ udp_print(netdissect_options *ndo, regis + ns_print(ndo, (const u_char *)(up + 1), length, 0); + else if (IS_SRC_OR_DST_PORT(MULTICASTDNS_PORT)) + ns_print(ndo, (const u_char *)(up + 1), length, 1); +#ifndef TCPDUMP_MINI - if (TTEST(((struct LAP *)cp)->type) && - ((struct LAP *)cp)->type == lapDDP && - (atalk_port(sport) || atalk_port(dport))) { -@@ -525,6 +530,7 @@ udp_print(register const u_char *bp, u_i - llap_print(cp, length); - return; - } + else if (IS_SRC_OR_DST_PORT(TIMED_PORT)) + timed_print(ndo, (const u_char *)(up + 1)); +#endif - } - udpipaddr_print(ip, sport, dport); - -@@ -575,14 +581,18 @@ udp_print(register const u_char *bp, u_i - ns_print((const u_char *)(up + 1), length, 0); - else if (ISPORT(MULTICASTDNS_PORT)) - ns_print((const u_char *)(up + 1), length, 1); -+#ifndef TCPDUMP_MINI - else if (ISPORT(TIMED_PORT)) - timed_print((const u_char *)(up + 1)); -+#endif - else if (ISPORT(TFTP_PORT)) - tftp_print((const u_char *)(up + 1), length); - else if (ISPORT(IPPORT_BOOTPC) || ISPORT(IPPORT_BOOTPS)) - bootp_print((const u_char *)(up + 1), length); -+#ifndef TCPDUMP_MINI - else if (ISPORT(RIP_PORT)) - rip_print((const u_char *)(up + 1), length); -+#endif - else if (ISPORT(AODV_PORT)) - aodv_print((const u_char *)(up + 1), length, - #ifdef INET6 -@@ -590,6 +600,7 @@ udp_print(register const u_char *bp, u_i - #else - 0); - #endif + else if (IS_SRC_OR_DST_PORT(TFTP_PORT)) + tftp_print(ndo, (const u_char *)(up + 1), length); + else if (IS_SRC_OR_DST_PORT(BOOTPC_PORT) || IS_SRC_OR_DST_PORT(BOOTPS_PORT)) + bootp_print(ndo, (const u_char *)(up + 1), length); ++#ifndef TCPDUMP_MINI + else if (IS_SRC_OR_DST_PORT(RIP_PORT)) + rip_print(ndo, (const u_char *)(up + 1), length); ++#endif + else if (IS_SRC_OR_DST_PORT(AODV_PORT)) + aodv_print(ndo, (const u_char *)(up + 1), length, + ip6 != NULL); +#ifndef TCPDUMP_MINI - else if (ISPORT(ISAKMP_PORT)) - isakmp_print(gndo, (const u_char *)(up + 1), length, bp2); - else if (ISPORT(ISAKMP_PORT_NATT)) -@@ -598,12 +609,15 @@ udp_print(register const u_char *bp, u_i - else if (ISPORT(ISAKMP_PORT_USER1) || ISPORT(ISAKMP_PORT_USER2)) - isakmp_print(gndo, (const u_char *)(up + 1), length, bp2); + else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT)) + isakmp_print(ndo, (const u_char *)(up + 1), length, bp2); ++ + else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_NATT)) + isakmp_rfc3948_print(ndo, (const u_char *)(up + 1), length, bp2); + #if 1 /*???*/ + else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER1) || IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER2)) + isakmp_print(ndo, (const u_char *)(up + 1), length, bp2); #endif +#endif - else if (ISPORT(SNMP_PORT) || ISPORT(SNMPTRAP_PORT)) - snmp_print((const u_char *)(up + 1), length); - else if (ISPORT(NTP_PORT)) - ntp_print((const u_char *)(up + 1), length); + else if (IS_SRC_OR_DST_PORT(SNMP_PORT) || IS_SRC_OR_DST_PORT(SNMPTRAP_PORT)) + snmp_print(ndo, (const u_char *)(up + 1), length); + else if (IS_SRC_OR_DST_PORT(NTP_PORT)) + ntp_print(ndo, (const u_char *)(up + 1), length); +#ifndef TCPDUMP_MINI - else if (ISPORT(KERBEROS_PORT) || ISPORT(KERBEROS_SEC_PORT)) - krb_print((const void *)(up + 1)); + else if (IS_SRC_OR_DST_PORT(KERBEROS_PORT) || IS_SRC_OR_DST_PORT(KERBEROS_SEC_PORT)) + krb_print(ndo, (const void *)(up + 1)); +#endif - else if (ISPORT(L2TP_PORT)) - l2tp_print((const u_char *)(up + 1), length); - #ifdef TCPDUMP_DO_SMB -@@ -614,6 +628,7 @@ udp_print(register const u_char *bp, u_i + else if (IS_SRC_OR_DST_PORT(L2TP_PORT)) + l2tp_print(ndo, (const u_char *)(up + 1), length); + #ifdef ENABLE_SMB +@@ -609,6 +624,7 @@ udp_print(netdissect_options *ndo, regis #endif else if (dport == VAT_PORT) - vat_print((const void *)(up + 1), up); + vat_print(ndo, (const void *)(up + 1), up); +#ifndef TCPDUMP_MINI - else if (ISPORT(ZEPHYR_SRV_PORT) || ISPORT(ZEPHYR_CLT_PORT)) - zephyr_print((const void *)(up + 1), length); - /* -@@ -624,6 +639,7 @@ udp_print(register const u_char *bp, u_i - (dport >= RX_PORT_LOW && dport <= RX_PORT_HIGH)) - rx_print((const void *)(up + 1), length, sport, dport, - (u_char *) ip); -+#endif - #ifdef INET6 - else if (ISPORT(RIPNG_PORT)) - ripng_print((const u_char *)(up + 1), length); -@@ -635,21 +651,25 @@ udp_print(register const u_char *bp, u_i + else if (IS_SRC_OR_DST_PORT(ZEPHYR_SRV_PORT) || IS_SRC_OR_DST_PORT(ZEPHYR_CLT_PORT)) + zephyr_print(ndo, (const void *)(up + 1), length); /* - * Kludge in test for whiteboard packets. - */ -+#ifndef TCPDUMP_MINI - else if (dport == WB_PORT) - wb_print((const void *)(up + 1), length); - else if (ISPORT(CISCO_AUTORP_PORT)) - cisco_autorp_print((const void *)(up + 1), length); +@@ -621,8 +637,11 @@ udp_print(netdissect_options *ndo, regis + (const u_char *) ip); + else if (IS_SRC_OR_DST_PORT(RIPNG_PORT)) + ripng_print(ndo, (const u_char *)(up + 1), length); +#endif - else if (ISPORT(RADIUS_PORT) || - ISPORT(RADIUS_NEW_PORT) || - ISPORT(RADIUS_ACCOUNTING_PORT) || - ISPORT(RADIUS_NEW_ACCOUNTING_PORT) ) - radius_print((const u_char *)(up+1), length); ++ + else if (IS_SRC_OR_DST_PORT(DHCP6_SERV_PORT) || IS_SRC_OR_DST_PORT(DHCP6_CLI_PORT)) + dhcp6_print(ndo, (const u_char *)(up + 1), length); ++#ifndef TCPDUMP_MINI + else if (IS_SRC_OR_DST_PORT(AHCP_PORT)) + ahcp_print(ndo, (const u_char *)(up + 1), length); + else if (IS_SRC_OR_DST_PORT(BABEL_PORT) || IS_SRC_OR_DST_PORT(BABEL_PORT_OLD)) +@@ -636,6 +655,7 @@ udp_print(netdissect_options *ndo, regis + wb_print(ndo, (const void *)(up + 1), length); + else if (IS_SRC_OR_DST_PORT(CISCO_AUTORP_PORT)) + cisco_autorp_print(ndo, (const void *)(up + 1), length); ++#endif + else if (IS_SRC_OR_DST_PORT(RADIUS_PORT) || + IS_SRC_OR_DST_PORT(RADIUS_NEW_PORT) || + IS_SRC_OR_DST_PORT(RADIUS_ACCOUNTING_PORT) || +@@ -643,15 +663,18 @@ udp_print(netdissect_options *ndo, regis + IS_SRC_OR_DST_PORT(RADIUS_CISCO_COA_PORT) || + IS_SRC_OR_DST_PORT(RADIUS_COA_PORT) ) + radius_print(ndo, (const u_char *)(up+1), length); +#ifndef TCPDUMP_MINI else if (dport == HSRP_PORT) - hsrp_print((const u_char *)(up + 1), length); - else if (ISPORT(LWRES_PORT)) - lwres_print((const u_char *)(up + 1), length); - else if (ISPORT(LDP_PORT)) - ldp_print((const u_char *)(up + 1), length); -+#endif - else if (ISPORT(OLSR_PORT)) - olsr_print((const u_char *)(up + 1), length, - #if INET6 -@@ -657,6 +677,7 @@ udp_print(register const u_char *bp, u_i - #else - 0); - #endif -+#ifndef TCPDUMP_MINI - else if (ISPORT(MPLS_LSP_PING_PORT)) - lspping_print((const u_char *)(up + 1), length); + hsrp_print(ndo, (const u_char *)(up + 1), length); + else if (IS_SRC_OR_DST_PORT(LWRES_PORT)) + lwres_print(ndo, (const u_char *)(up + 1), length); + else if (IS_SRC_OR_DST_PORT(LDP_PORT)) + ldp_print(ndo, (const u_char *)(up + 1), length); ++#endif + else if (IS_SRC_OR_DST_PORT(OLSR_PORT)) + olsr_print(ndo, (const u_char *)(up + 1), length, + (IP_V(ip) == 6) ? 1 : 0); ++#ifndef TCPDUMP_MINI + else if (IS_SRC_OR_DST_PORT(MPLS_LSP_PING_PORT)) + lspping_print(ndo, (const u_char *)(up + 1), length); else if (dport == BFD_CONTROL_PORT || -@@ -674,14 +695,17 @@ udp_print(register const u_char *bp, u_i - lwapp_control_print((const u_char *)(up + 1), length, 0); - else if (ISPORT(LWAPP_DATA_PORT)) - lwapp_data_print((const u_char *)(up + 1), length); -+#endif - else if (ISPORT(SIP_PORT)) - sip_print((const u_char *)(up + 1), length); - else if (ISPORT(SYSLOG_PORT)) - syslog_print((const u_char *)(up + 1), length); -+#ifndef TCPDUMP_MINI - else if (ISPORT(OTV_PORT)) - otv_print((const u_char *)(up + 1), length); - else if (ISPORT(VXLAN_PORT)) - vxlan_print((const u_char *)(up + 1), length); -+#endif - else - (void)printf("UDP, length %u", - (u_int32_t)(ulen - sizeof(*up))); ---- a/tcpdump.c -+++ b/tcpdump.c -@@ -161,6 +161,7 @@ struct ndo_printer { - - - static struct printer printers[] = { -+#ifndef TCPDUMP_MINI - { arcnet_if_print, DLT_ARCNET }, - #ifdef DLT_ARCNET_LINUX - { arcnet_linux_if_print, DLT_ARCNET_LINUX }, -@@ -179,19 +180,23 @@ static struct printer printers[] = { - #ifdef DLT_SLIP_BSDOS - { sl_bsdos_if_print, DLT_SLIP_BSDOS }, - #endif -+#endif - { ppp_if_print, DLT_PPP }, - #ifdef DLT_PPP_WITHDIRECTION - { ppp_if_print, DLT_PPP_WITHDIRECTION }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_PPP_BSDOS - { ppp_bsdos_if_print, DLT_PPP_BSDOS }, - #endif - { fddi_if_print, DLT_FDDI }, -+#endif - { null_if_print, DLT_NULL }, - #ifdef DLT_LOOP - { null_if_print, DLT_LOOP }, - #endif - { raw_if_print, DLT_RAW }, -+#ifndef TCPDUMP_MINI - { atm_if_print, DLT_ATM_RFC1483 }, - #ifdef DLT_C_HDLC - { chdlc_if_print, DLT_C_HDLC }, -@@ -202,6 +207,7 @@ static struct printer printers[] = { - #ifdef DLT_PPP_SERIAL - { ppp_hdlc_if_print, DLT_PPP_SERIAL }, - #endif -+#endif - #ifdef DLT_PPP_ETHER - { pppoe_if_print, DLT_PPP_ETHER }, - #endif -@@ -211,6 +217,7 @@ static struct printer printers[] = { - #ifdef DLT_IEEE802_11 - { ieee802_11_if_print, DLT_IEEE802_11}, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_LTALK - { ltalk_if_print, DLT_LTALK }, - #endif -@@ -229,12 +236,14 @@ static struct printer printers[] = { - #ifdef DLT_IP_OVER_FC - { ipfc_if_print, DLT_IP_OVER_FC }, - #endif -+#endif - #ifdef DLT_PRISM_HEADER - { prism_if_print, DLT_PRISM_HEADER }, - #endif - #ifdef DLT_IEEE802_11_RADIO - { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_ENC - { enc_if_print, DLT_ENC }, - #endif -@@ -244,9 +253,11 @@ static struct printer printers[] = { - #ifdef DLT_APPLE_IP_OVER_IEEE1394 - { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, - #endif -+#endif - #ifdef DLT_IEEE802_11_RADIO_AVS - { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_JUNIPER_ATM1 - { juniper_atm1_print, DLT_JUNIPER_ATM1 }, - #endif -@@ -312,6 +323,7 @@ static struct printer printers[] = { - #ifdef DLT_IPV6 - { raw_if_print, DLT_IPV6 }, - #endif -+#endif - { NULL, 0 }, - }; - -@@ -320,6 +332,7 @@ static struct ndo_printer ndo_printers[] - #ifdef DLT_IPNET - { ipnet_if_print, DLT_IPNET }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_IEEE802_15_4 - { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, - #endif -@@ -329,15 +342,18 @@ static struct ndo_printer ndo_printers[] - #ifdef DLT_PPI - { ppi_if_print, DLT_PPI }, - #endif -+#endif - #ifdef DLT_NETANALYZER - { netanalyzer_if_print, DLT_NETANALYZER }, - #endif - #ifdef DLT_NETANALYZER_TRANSPARENT - { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_NFLOG - { nflog_if_print, DLT_NFLOG}, - #endif -+#endif - { NULL, 0 }, - }; - ---- a/print-sll.c -+++ b/print-sll.c -@@ -154,14 +154,14 @@ recurse: - * Yes - what type is it? - */ - switch (ether_type) { -- -+#ifndef TCPDUMP_MINI - case LINUX_SLL_P_802_3: - /* - * Ethernet_802.3 IPX frame. - */ - ipx_print(p, length); - break; -- -+#endif - case LINUX_SLL_P_802_2: - /* - * 802.2. +@@ -669,10 +692,12 @@ udp_print(netdissect_options *ndo, regis + lwapp_control_print(ndo, (const u_char *)(up + 1), length, 0); + else if (IS_SRC_OR_DST_PORT(LWAPP_DATA_PORT)) + lwapp_data_print(ndo, (const u_char *)(up + 1), length); ++#endif + else if (IS_SRC_OR_DST_PORT(SIP_PORT)) + sip_print(ndo, (const u_char *)(up + 1), length); + else if (IS_SRC_OR_DST_PORT(SYSLOG_PORT)) + syslog_print(ndo, (const u_char *)(up + 1), length); ++#ifndef TCPDUMP_MINI + else if (IS_SRC_OR_DST_PORT(OTV_PORT)) + otv_print(ndo, (const u_char *)(up + 1), length); + else if (IS_SRC_OR_DST_PORT(VXLAN_PORT)) +@@ -689,7 +714,9 @@ udp_print(netdissect_options *ndo, regis + if (ndo->ndo_vflag) + ND_PRINT((ndo, "kip ")); + llap_print(ndo, cp, length); +- } else { ++ } ++#endif ++ else { + if (ulen > length) + ND_PRINT((ndo, "UDP, bad length %u > %u", + ulen, length)); diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile index 9c50fef320..a110e03051 100644 --- a/package/system/ca-certificates/Makefile +++ b/package/system/ca-certificates/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2015 OpenWrt.org +# Copyright (C) 2006-2016 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -7,11 +7,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ca-certificates -PKG_VERSION:=20150426 +PKG_VERSION:=20161130+nmu1 +PKG_MAINTAINER:=Christian Schoenebeck PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/c/ca-certificates -PKG_MD5SUM:=717455f13fb31fd014a11a468ea3895d +PKG_MD5SUM:=a09e8b63126188fd0ed77f6fbaf5d35f +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-20161130 PKG_INSTALL:=1 @@ -21,6 +23,14 @@ define Package/ca-certificates SECTION:=base CATEGORY:=Base system TITLE:=System CA certificates + PKGARCH:=all +endef + +define Package/ca-bundle + SECTION:=base + CATEGORY:=Base system + TITLE:=System CA certificates as a bundle + PKGARCH:=all endef define Build/Install @@ -44,4 +54,9 @@ define Package/ca-certificates/install done endef +define Package/ca-bundle/install + $(INSTALL_DIR) $(1)/etc/ssl/certs + cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt >$(1)/etc/ssl/certs/ca-certificates.crt +endef $(eval $(call BuildPackage,ca-certificates)) +$(eval $(call BuildPackage,ca-bundle)) diff --git a/package/system/procd/patches/0001-system-add-reboot-method-to-system-ubus-object.patch b/package/system/procd/patches/0001-system-add-reboot-method-to-system-ubus-object.patch new file mode 100644 index 0000000000..c3b96efca7 --- /dev/null +++ b/package/system/procd/patches/0001-system-add-reboot-method-to-system-ubus-object.patch @@ -0,0 +1,66 @@ +From 02d56c03115276aa4e2203ddbd411c3e587cf08f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Wed, 6 Jul 2016 13:55:48 +0200 +Subject: [PATCH] system: add reboot method to system ubus object +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Sometimes, for various reasons, user may want to reboot a device. This +is a common task and it makes sense to support it with something common +like a procd. + +Right now both: LuCI and LuCI2 implement this feature on their own with +luci-rpc-luci2-system reboot and luci-rpc-sys reboot. This leads to code +duplication and situation may become even worse with more software +controlling system with ubus. + +Othen than that procd already has support for rebooting so one may +consider this ubus method even cleaner. + +Once we get this patch in place we may consider switching LuCI and LuCI2 +to this new method. + +Signed-off-by: Rafał Miłecki +--- + system.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/system.c b/system.c +index 569a75d..1e31ce6 100644 +--- a/system.c ++++ b/system.c +@@ -18,6 +18,7 @@ + #endif + #include + #include ++#include + #include + #include + #include +@@ -242,6 +243,14 @@ static int system_upgrade(struct ubus_context *ctx, struct ubus_object *obj, + return 0; + } + ++static int system_reboot(struct ubus_context *ctx, struct ubus_object *obj, ++ struct ubus_request_data *req, const char *method, ++ struct blob_attr *msg) ++{ ++ procd_shutdown(RB_AUTOBOOT); ++ return 0; ++} ++ + enum { + WDT_FREQUENCY, + WDT_TIMEOUT, +@@ -388,6 +397,7 @@ static const struct ubus_method system_methods[] = { + UBUS_METHOD_NOARG("board", system_board), + UBUS_METHOD_NOARG("info", system_info), + UBUS_METHOD_NOARG("upgrade", system_upgrade), ++ UBUS_METHOD_NOARG("reboot", system_reboot), + UBUS_METHOD("watchdog", watchdog_set, watchdog_policy), + UBUS_METHOD("signal", proc_signal, signal_policy), + +-- +2.7.4 + diff --git a/package/utils/busybox/Config-defaults.in b/package/utils/busybox/Config-defaults.in index 7b4cd99a5d..d961bfaaee 100644 --- a/package/utils/busybox/Config-defaults.in +++ b/package/utils/busybox/Config-defaults.in @@ -2187,19 +2187,19 @@ config BUSYBOX_DEFAULT_TCPSVD default n config BUSYBOX_DEFAULT_TELNET bool - default y + default n config BUSYBOX_DEFAULT_FEATURE_TELNET_TTYPE bool - default y + default n config BUSYBOX_DEFAULT_FEATURE_TELNET_AUTOLOGIN bool default n config BUSYBOX_DEFAULT_TELNETD bool - default y + default n config BUSYBOX_DEFAULT_FEATURE_TELNETD_STANDALONE bool - default y + default n config BUSYBOX_DEFAULT_FEATURE_TELNETD_INETD_WAIT bool default n diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile index 9571d48bec..a65f44f8fe 100644 --- a/package/utils/busybox/Makefile +++ b/package/utils/busybox/Makefile @@ -110,7 +110,6 @@ define Package/busybox/install $(INSTALL_DIR) $(1)/etc/init.d $(CP) $(PKG_INSTALL_DIR)/* $(1)/ $(INSTALL_BIN) ./files/cron $(1)/etc/init.d/cron - $(INSTALL_BIN) ./files/telnet $(1)/etc/init.d/telnet $(INSTALL_BIN) ./files/sysntpd $(1)/etc/init.d/sysntpd $(INSTALL_BIN) ./files/ntpd-hotplug $(1)/usr/sbin/ntpd-hotplug -rm -rf $(1)/lib64 diff --git a/package/utils/busybox/files/telnet b/package/utils/busybox/files/telnet deleted file mode 100755 index a1d1cdf9b1..0000000000 --- a/package/utils/busybox/files/telnet +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh /etc/rc.common -# Copyright (C) 2006-2011 OpenWrt.org - -START=50 - -USE_PROCD=1 -PROG=/usr/sbin/telnetd - -has_root_pwd() { - local pwd=$([ -f "$1" ] && cat "$1") - pwd="${pwd#*root:}" - pwd="${pwd%%:*}" - - test -n "${pwd#[\!x]}" -} - -get_root_home() { - local homedir=$([ -f "$1" ] && cat "$1") - homedir="${homedir#*:*:0:0:*:}" - - echo "${homedir%%:*}" -} - -has_ssh_pubkey() { - ( /etc/init.d/dropbear enabled 2> /dev/null && grep -qs "^ssh-" /etc/dropbear/authorized_keys ) || \ - ( /etc/init.d/sshd enabled 2> /dev/null && grep -qs "^ssh-" "$(get_root_home /etc/passwd)"/.ssh/authorized_keys ) -} - -start_service() { - if ( ! has_ssh_pubkey && \ - ! has_root_pwd /etc/passwd && ! has_root_pwd /etc/shadow ) || \ - ( ! /etc/init.d/dropbear enabled 2> /dev/null && ! /etc/init.d/sshd enabled 2> /dev/null ); - then - procd_open_instance - procd_set_param command "$PROG" -F -l /bin/login.sh - procd_close_instance - fi -} diff --git a/package/utils/ugps/Makefile b/package/utils/ugps/Makefile index 1c8ac6fa06..1597d7a69b 100644 --- a/package/utils/ugps/Makefile +++ b/package/utils/ugps/Makefile @@ -11,7 +11,7 @@ PKG_NAME:=ugps PKG_VERSION:=2015-08-17 PKG_RELEASE=$(PKG_SOURCE_VERSION) -PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.bz2 +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.bz2 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE_URL:=git://git.openwrt.org/project/ugps.git PKG_SOURCE_PROTO:=git diff --git a/rules.mk b/rules.mk index 9d0134d2b2..b40f6f9a83 100644 --- a/rules.mk +++ b/rules.mk @@ -117,6 +117,8 @@ BUILD_LOG_DIR:=$(TOPDIR)/logs PKG_INFO_DIR := $(STAGING_DIR)/pkginfo TARGET_PATH:=$(subst $(space),:,$(filter-out .,$(filter-out ./,$(subst :,$(space),$(PATH))))) +TARGET_INIT_PATH:=$(call qstrip,$(CONFIG_TARGET_INIT_PATH)) +TARGET_INIT_PATH:=$(if $(TARGET_INIT_PATH),$(TARGET_INIT_PATH),/usr/sbin:/sbin:/usr/bin:/bin) TARGET_CFLAGS:=$(TARGET_OPTIMIZATION)$(if $(CONFIG_DEBUG), -g3) $(EXTRA_OPTIMIZATION) TARGET_CXXFLAGS = $(TARGET_CFLAGS) TARGET_ASFLAGS_DEFAULT = $(TARGET_CFLAGS) diff --git a/scripts/download.pl b/scripts/download.pl index 111d03c633..7289d9bca8 100755 --- a/scripts/download.pl +++ b/scripts/download.pl @@ -158,6 +158,17 @@ foreach my $mirror (@ARGV) { for (1 .. 5) { push @mirrors, "http://downloads.sourceforge.net/$1"; } + } elsif ($mirror =~ /^\@APACHE\/(.+)$/) { + push @mirrors, "http://ftp.tudelft.nl/apache/$1"; + push @mirrors, "http://apache.openmirror.de/$1"; + push @mirrors, "http://mirrors.ocf.berkeley.edu/apache/$1"; + push @mirrors, "http://mirror.cc.columbia.edu/pub/software/apache/$1"; + push @mirrors, "http://ftp.jaist.ac.jp/pub/apache/$1"; + } elsif ($mirror =~ /^\@GITHUB\/(.+)$/) { + # give github a few more tries (different mirrors) + for (1 .. 5) { + push @mirrors, "https://raw.githubusercontent.com/$1"; + } } elsif ($mirror =~ /^\@GNU\/(.+)$/) { push @mirrors, "http://ftpmirror.gnu.org/$1"; push @mirrors, "http://ftp.gnu.org/pub/gnu/$1"; @@ -177,8 +188,8 @@ foreach my $mirror (@ARGV) { push @extra, "$extra[0]/longterm/v$1"; } foreach my $dir (@extra) { - push @mirrors, "ftp://ftp.all.kernel.org/pub/$dir"; - push @mirrors, "http://ftp.all.kernel.org/pub/$dir"; + push @mirrors, "https://cdn.kernel.org/pub/$dir"; + push @mirrors, "https://www.kernel.org/pub/$dir"; } } elsif ($mirror =~ /^\@GNOME\/(.+)$/) { push @mirrors, "http://ftp.gnome.org/pub/GNOME/sources/$1"; diff --git a/scripts/getver.sh b/scripts/getver.sh index 4643ca63ff..0aebd29091 100755 --- a/scripts/getver.sh +++ b/scripts/getver.sh @@ -17,9 +17,9 @@ try_svn() { } try_git() { - [ -e .git ] || return 1 - REV="$(git log | grep -m 1 git-svn-id | awk '{ gsub(/.*@/, "", $0); print $1 }')" - REV="${REV:+r$REV}" + git rev-parse --git-dir >/dev/null 2>&1 || return 1 + REV="$(git describe --tags | sed "s/v15.05.1-\([0-9]*\)-.*/\1/g")" + REV="${REV:+r$((REV+49254))}" [ -n "$REV" ] } @@ -30,5 +30,5 @@ try_hg() { [ -n "$REV" ] } -try_version || try_svn || try_git || try_hg || REV="unknown" +try_version || try_git || try_hg || REV="unknown" echo "$REV" diff --git a/target/linux/adm5120/patches-3.18/007-adm5120_pci.patch b/target/linux/adm5120/patches-3.18/007-adm5120_pci.patch index a5a0abf43b..7a84217bee 100644 --- a/target/linux/adm5120/patches-3.18/007-adm5120_pci.patch +++ b/target/linux/adm5120/patches-3.18/007-adm5120_pci.patch @@ -10,7 +10,7 @@ obj-$(CONFIG_PCI_AR724X) += pci-ar724x.o --- a/include/linux/pci_ids.h +++ b/include/linux/pci_ids.h -@@ -1820,6 +1820,9 @@ +@@ -1821,6 +1821,9 @@ #define PCI_VENDOR_ID_CB 0x1307 /* Measurement Computing */ diff --git a/target/linux/adm5120/patches-3.18/101-cfi_fixup_macronix_bootloc.patch b/target/linux/adm5120/patches-3.18/101-cfi_fixup_macronix_bootloc.patch index a0caa680bc..92937fce14 100644 --- a/target/linux/adm5120/patches-3.18/101-cfi_fixup_macronix_bootloc.patch +++ b/target/linux/adm5120/patches-3.18/101-cfi_fixup_macronix_bootloc.patch @@ -67,7 +67,7 @@ --- a/drivers/mtd/chips/Kconfig +++ b/drivers/mtd/chips/Kconfig -@@ -188,6 +188,14 @@ config MTD_CFI_AMDSTD +@@ -189,6 +189,14 @@ config MTD_CFI_AMDSTD provides support for command set 0002, used on chips including the AMD Am29LV320. diff --git a/target/linux/adm5120/patches-3.18/120-rb153_cf_driver.patch b/target/linux/adm5120/patches-3.18/120-rb153_cf_driver.patch index c5d4d3a57e..5390bd95b7 100644 --- a/target/linux/adm5120/patches-3.18/120-rb153_cf_driver.patch +++ b/target/linux/adm5120/patches-3.18/120-rb153_cf_driver.patch @@ -10,7 +10,7 @@ obj-$(CONFIG_PATA_SAMSUNG_CF) += pata_samsung_cf.o --- a/drivers/ata/Kconfig +++ b/drivers/ata/Kconfig -@@ -955,6 +955,15 @@ config PATA_QDI +@@ -958,6 +958,15 @@ config PATA_QDI help Support for QDI 6500 and 6580 PATA controllers on VESA local bus. diff --git a/target/linux/adm8668/patches-3.18/002-adm8668_pci.patch b/target/linux/adm8668/patches-3.18/002-adm8668_pci.patch index 70ee00db5a..d013d08b5d 100644 --- a/target/linux/adm8668/patches-3.18/002-adm8668_pci.patch +++ b/target/linux/adm8668/patches-3.18/002-adm8668_pci.patch @@ -10,7 +10,7 @@ obj-$(CONFIG_CAVIUM_OCTEON_SOC) += msi-octeon.o --- a/include/linux/pci_ids.h +++ b/include/linux/pci_ids.h -@@ -1820,6 +1820,9 @@ +@@ -1821,6 +1821,9 @@ #define PCI_VENDOR_ID_CB 0x1307 /* Measurement Computing */ diff --git a/target/linux/adm8668/patches-3.18/004-tulip_pci_split.patch b/target/linux/adm8668/patches-3.18/004-tulip_pci_split.patch index e57bdb73cc..e39a1686ce 100644 --- a/target/linux/adm8668/patches-3.18/004-tulip_pci_split.patch +++ b/target/linux/adm8668/patches-3.18/004-tulip_pci_split.patch @@ -1,6 +1,6 @@ --- a/drivers/net/ethernet/dec/tulip/tulip_core.c +++ b/drivers/net/ethernet/dec/tulip/tulip_core.c -@@ -207,6 +207,7 @@ struct tulip_chip_table tulip_tbl[] = { +@@ -206,6 +206,7 @@ struct tulip_chip_table tulip_tbl[] = { }; @@ -8,7 +8,7 @@ static const struct pci_device_id tulip_pci_tbl[] = { { 0x1011, 0x0009, PCI_ANY_ID, PCI_ANY_ID, 0, 0, DC21140 }, { 0x1011, 0x0019, PCI_ANY_ID, PCI_ANY_ID, 0, 0, DC21143 }, -@@ -250,7 +251,7 @@ static const struct pci_device_id tulip_ +@@ -249,7 +250,7 @@ static const struct pci_device_id tulip_ { } /* terminate list */ }; MODULE_DEVICE_TABLE(pci, tulip_pci_tbl); @@ -17,7 +17,7 @@ /* A full-duplex map for media types. */ const char tulip_media_cap[32] = -@@ -268,11 +269,14 @@ static void tulip_down(struct net_device +@@ -267,11 +268,14 @@ static void tulip_down(struct net_device static struct net_device_stats *tulip_get_stats(struct net_device *dev); static int private_ioctl(struct net_device *dev, struct ifreq *rq, int cmd); static void set_rx_mode(struct net_device *dev); @@ -32,7 +32,7 @@ static void tulip_set_power_state (struct tulip_private *tp, int sleep, int snooze) { -@@ -289,7 +293,7 @@ static void tulip_set_power_state (struc +@@ -288,7 +292,7 @@ static void tulip_set_power_state (struc } } @@ -41,7 +41,7 @@ static void tulip_up(struct net_device *dev) { -@@ -303,6 +307,7 @@ static void tulip_up(struct net_device * +@@ -302,6 +306,7 @@ static void tulip_up(struct net_device * napi_enable(&tp->napi); #endif @@ -49,7 +49,7 @@ /* Wake the chip from sleep/snooze mode. */ tulip_set_power_state (tp, 0, 0); -@@ -310,6 +315,7 @@ static void tulip_up(struct net_device * +@@ -309,6 +314,7 @@ static void tulip_up(struct net_device * pci_enable_wake(tp->pdev, PCI_D3hot, 0); pci_enable_wake(tp->pdev, PCI_D3cold, 0); tulip_set_wolopts(tp->pdev, 0); @@ -57,7 +57,7 @@ /* On some chip revs we must set the MII/SYM port before the reset!? */ if (tp->mii_cnt || (tp->mtable && tp->mtable->has_mii)) -@@ -317,18 +323,22 @@ static void tulip_up(struct net_device * +@@ -316,18 +322,22 @@ static void tulip_up(struct net_device * /* Reset the chip, holding bit 0 set at least 50 PCI cycles. */ iowrite32(0x00000001, ioaddr + CSR0); @@ -81,7 +81,7 @@ iowrite32(tp->rx_ring_dma, ioaddr + CSR3); iowrite32(tp->tx_ring_dma, ioaddr + CSR4); -@@ -362,9 +372,11 @@ static void tulip_up(struct net_device * +@@ -361,9 +371,11 @@ static void tulip_up(struct net_device * *setup_frm++ = eaddrs[1]; *setup_frm++ = eaddrs[1]; *setup_frm++ = eaddrs[2]; *setup_frm++ = eaddrs[2]; @@ -93,7 +93,7 @@ tp->tx_buffers[tp->cur_tx].skb = NULL; tp->tx_buffers[tp->cur_tx].mapping = mapping; -@@ -520,7 +532,7 @@ tulip_open(struct net_device *dev) +@@ -519,7 +531,7 @@ tulip_open(struct net_device *dev) tulip_init_ring (dev); @@ -102,7 +102,7 @@ dev->name, dev); if (retval) goto free_ring; -@@ -644,8 +656,10 @@ static void tulip_init_ring(struct net_d +@@ -643,8 +655,10 @@ static void tulip_init_ring(struct net_d tp->rx_buffers[i].skb = skb; if (skb == NULL) break; @@ -113,7 +113,7 @@ tp->rx_buffers[i].mapping = mapping; tp->rx_ring[i].status = cpu_to_le32(DescOwned); /* Owned by Tulip chip */ tp->rx_ring[i].buffer1 = cpu_to_le32(mapping); -@@ -678,8 +692,10 @@ tulip_start_xmit(struct sk_buff *skb, st +@@ -677,8 +691,10 @@ tulip_start_xmit(struct sk_buff *skb, st entry = tp->cur_tx % TX_RING_SIZE; tp->tx_buffers[entry].skb = skb; @@ -124,7 +124,7 @@ tp->tx_buffers[entry].mapping = mapping; tp->tx_ring[entry].buffer1 = cpu_to_le32(mapping); -@@ -730,16 +746,19 @@ static void tulip_clean_tx_ring(struct t +@@ -729,16 +745,19 @@ static void tulip_clean_tx_ring(struct t if (tp->tx_buffers[entry].skb == NULL) { /* test because dummy frames not mapped */ if (tp->tx_buffers[entry].mapping) @@ -145,7 +145,7 @@ /* Free the original skb. */ dev_kfree_skb_irq(tp->tx_buffers[entry].skb); -@@ -790,7 +809,9 @@ static void tulip_down (struct net_devic +@@ -789,7 +808,9 @@ static void tulip_down (struct net_devic dev->if_port = tp->saved_if_port; /* Leave the driver in snooze, not sleep, mode. */ @@ -155,7 +155,7 @@ } static void tulip_free_ring (struct net_device *dev) -@@ -811,8 +832,10 @@ static void tulip_free_ring (struct net_ +@@ -810,8 +831,10 @@ static void tulip_free_ring (struct net_ /* An invalid address. */ tp->rx_ring[i].buffer1 = cpu_to_le32(0xBADF00D0); if (skb) { @@ -166,7 +166,7 @@ dev_kfree_skb (skb); } } -@@ -821,8 +844,10 @@ static void tulip_free_ring (struct net_ +@@ -820,8 +843,10 @@ static void tulip_free_ring (struct net_ struct sk_buff *skb = tp->tx_buffers[i].skb; if (skb != NULL) { @@ -177,7 +177,7 @@ dev_kfree_skb (skb); } tp->tx_buffers[i].skb = NULL; -@@ -843,7 +868,7 @@ static int tulip_close (struct net_devic +@@ -842,7 +867,7 @@ static int tulip_close (struct net_devic netdev_dbg(dev, "Shutting down ethercard, status was %02x\n", ioread32 (ioaddr + CSR5)); @@ -186,7 +186,7 @@ tulip_free_ring (dev); -@@ -874,7 +899,9 @@ static void tulip_get_drvinfo(struct net +@@ -873,7 +898,9 @@ static void tulip_get_drvinfo(struct net struct tulip_private *np = netdev_priv(dev); strlcpy(info->driver, DRV_NAME, sizeof(info->driver)); strlcpy(info->version, DRV_VERSION, sizeof(info->version)); @@ -196,7 +196,7 @@ } -@@ -887,7 +914,9 @@ static int tulip_ethtool_set_wol(struct +@@ -886,7 +913,9 @@ static int tulip_ethtool_set_wol(struct return -EOPNOTSUPP; tp->wolinfo.wolopts = wolinfo->wolopts; @@ -207,7 +207,7 @@ return 0; } -@@ -1165,9 +1194,11 @@ static void set_rx_mode(struct net_devic +@@ -1164,9 +1193,11 @@ static void set_rx_mode(struct net_devic tp->tx_buffers[entry].skb = NULL; tp->tx_buffers[entry].mapping = @@ -219,7 +219,7 @@ /* Put the setup frame on the Tx list. */ if (entry == TX_RING_SIZE-1) tx_flags |= DESC_RING_WRAP; /* Wrap ring. */ -@@ -1264,19 +1295,22 @@ out: +@@ -1263,19 +1294,22 @@ out: netdev_dbg(dev, "MWI config cacheline=%d, csr0=%08x\n", cache, csr0); } @@ -243,7 +243,7 @@ static const struct net_device_ops tulip_netdev_ops = { .ndo_open = tulip_open, -@@ -1294,6 +1328,7 @@ static const struct net_device_ops tulip +@@ -1293,6 +1327,7 @@ static const struct net_device_ops tulip #endif }; @@ -251,7 +251,7 @@ const struct pci_device_id early_486_chipsets[] = { { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82424) }, { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_496) }, -@@ -1471,6 +1506,8 @@ static int tulip_init_one(struct pci_dev +@@ -1470,6 +1505,8 @@ static int tulip_init_one(struct pci_dev } } tp->pdev = pdev; @@ -260,7 +260,7 @@ tp->base_addr = ioaddr; tp->revision = pdev->revision; tp->csr0 = csr0; -@@ -1801,6 +1838,7 @@ err_out_free_netdev: +@@ -1800,6 +1837,7 @@ err_out_free_netdev: } @@ -268,7 +268,7 @@ /* set the registers according to the given wolopts */ static void tulip_set_wolopts (struct pci_dev *pdev, u32 wolopts) { -@@ -1829,6 +1867,7 @@ static void tulip_set_wolopts (struct pc +@@ -1828,6 +1866,7 @@ static void tulip_set_wolopts (struct pc iowrite32(tmp, ioaddr + CSR13); } } @@ -276,7 +276,7 @@ #ifdef CONFIG_PM -@@ -1943,6 +1982,7 @@ static void tulip_remove_one(struct pci_ +@@ -1942,6 +1981,7 @@ static void tulip_remove_one(struct pci_ /* pci_power_off (pdev, -1); */ } @@ -284,7 +284,7 @@ #ifdef CONFIG_NET_POLL_CONTROLLER /* -@@ -1964,7 +2004,8 @@ static void poll_tulip (struct net_devic +@@ -1963,7 +2003,8 @@ static void poll_tulip (struct net_devic } #endif @@ -294,7 +294,7 @@ .name = DRV_NAME, .id_table = tulip_pci_tbl, .probe = tulip_init_one, -@@ -1974,10 +2015,12 @@ static struct pci_driver tulip_driver = +@@ -1973,10 +2014,12 @@ static struct pci_driver tulip_driver = .resume = tulip_resume, #endif /* CONFIG_PM */ }; @@ -307,7 +307,7 @@ #ifdef MODULE pr_info("%s", version); #endif -@@ -1987,13 +2030,18 @@ static int __init tulip_init (void) +@@ -1992,13 +2035,18 @@ static int __init tulip_init (void) tulip_max_interrupt_work = max_interrupt_work; /* probe for and init boards */ diff --git a/target/linux/adm8668/patches-3.18/005-tulip_platform.patch b/target/linux/adm8668/patches-3.18/005-tulip_platform.patch index bddc572c66..184a5d0a70 100644 --- a/target/linux/adm8668/patches-3.18/005-tulip_platform.patch +++ b/target/linux/adm8668/patches-3.18/005-tulip_platform.patch @@ -26,7 +26,7 @@ #include #include #include -@@ -204,6 +206,9 @@ struct tulip_chip_table tulip_tbl[] = { +@@ -203,6 +205,9 @@ struct tulip_chip_table tulip_tbl[] = { { "Conexant LANfinity", 256, 0x0001ebef, HAS_MII | HAS_ACPI, tulip_timer, tulip_media_task }, @@ -36,7 +36,7 @@ }; -@@ -377,6 +382,11 @@ static void tulip_up(struct net_device * +@@ -376,6 +381,11 @@ static void tulip_up(struct net_device * sizeof(tp->setup_frame), PCI_DMA_TODEVICE); #endif @@ -48,7 +48,7 @@ tp->tx_buffers[tp->cur_tx].skb = NULL; tp->tx_buffers[tp->cur_tx].mapping = mapping; -@@ -396,6 +406,7 @@ static void tulip_up(struct net_device * +@@ -395,6 +405,7 @@ static void tulip_up(struct net_device * i = 0; if (tp->mtable == NULL) goto media_picked; @@ -56,7 +56,7 @@ if (dev->if_port) { int looking_for = tulip_media_cap[dev->if_port] & MediaIsMII ? 11 : (dev->if_port == 12 ? 0 : dev->if_port); -@@ -489,6 +500,10 @@ media_picked: +@@ -488,6 +499,10 @@ media_picked: iowrite32(ioread32(ioaddr + 0x88) | 1, ioaddr + 0x88); dev->if_port = tp->mii_cnt ? 11 : 0; tp->csr6 = 0x00040000; @@ -67,7 +67,7 @@ } else if (tp->chip_id == AX88140) { tp->csr6 = tp->mii_cnt ? 0x00040100 : 0x00000100; } else -@@ -660,6 +675,10 @@ static void tulip_init_ring(struct net_d +@@ -659,6 +674,10 @@ static void tulip_init_ring(struct net_d mapping = pci_map_single(tp->pdev, skb->data, PKT_BUF_SZ, PCI_DMA_FROMDEVICE); #endif @@ -78,7 +78,7 @@ tp->rx_buffers[i].mapping = mapping; tp->rx_ring[i].status = cpu_to_le32(DescOwned); /* Owned by Tulip chip */ tp->rx_ring[i].buffer1 = cpu_to_le32(mapping); -@@ -696,6 +715,11 @@ tulip_start_xmit(struct sk_buff *skb, st +@@ -695,6 +714,11 @@ tulip_start_xmit(struct sk_buff *skb, st mapping = pci_map_single(tp->pdev, skb->data, skb->len, PCI_DMA_TODEVICE); #endif @@ -90,7 +90,7 @@ tp->tx_buffers[entry].mapping = mapping; tp->tx_ring[entry].buffer1 = cpu_to_le32(mapping); -@@ -752,6 +776,13 @@ static void tulip_clean_tx_ring(struct t +@@ -751,6 +775,13 @@ static void tulip_clean_tx_ring(struct t sizeof(tp->setup_frame), PCI_DMA_TODEVICE); #endif @@ -104,7 +104,7 @@ continue; } #ifdef CONFIG_TULIP_PCI -@@ -759,6 +790,11 @@ static void tulip_clean_tx_ring(struct t +@@ -758,6 +789,11 @@ static void tulip_clean_tx_ring(struct t tp->tx_buffers[entry].skb->len, PCI_DMA_TODEVICE); #endif @@ -116,7 +116,7 @@ /* Free the original skb. */ dev_kfree_skb_irq(tp->tx_buffers[entry].skb); -@@ -836,6 +872,10 @@ static void tulip_free_ring (struct net_ +@@ -835,6 +871,10 @@ static void tulip_free_ring (struct net_ pci_unmap_single(tp->pdev, mapping, PKT_BUF_SZ, PCI_DMA_FROMDEVICE); #endif @@ -127,7 +127,7 @@ dev_kfree_skb (skb); } } -@@ -848,6 +888,10 @@ static void tulip_free_ring (struct net_ +@@ -847,6 +887,10 @@ static void tulip_free_ring (struct net_ pci_unmap_single(tp->pdev, tp->tx_buffers[i].mapping, skb->len, PCI_DMA_TODEVICE); #endif @@ -138,7 +138,7 @@ dev_kfree_skb (skb); } tp->tx_buffers[i].skb = NULL; -@@ -902,6 +946,9 @@ static void tulip_get_drvinfo(struct net +@@ -901,6 +945,9 @@ static void tulip_get_drvinfo(struct net #ifdef CONFIG_TULIP_PCI strlcpy(info->bus_info, pci_name(np->pdev), sizeof(info->bus_info)); #endif @@ -148,7 +148,7 @@ } -@@ -917,6 +964,9 @@ static int tulip_ethtool_set_wol(struct +@@ -916,6 +963,9 @@ static int tulip_ethtool_set_wol(struct #ifdef CONFIG_TULIP_PCI device_set_wakeup_enable(tp->kdev, tp->wolinfo.wolopts); #endif @@ -158,7 +158,7 @@ return 0; } -@@ -1192,13 +1242,20 @@ static void set_rx_mode(struct net_devic +@@ -1191,13 +1241,20 @@ static void set_rx_mode(struct net_devic } @@ -180,7 +180,7 @@ /* Put the setup frame on the Tx list. */ if (entry == TX_RING_SIZE-1) tx_flags |= DESC_RING_WRAP; /* Wrap ring. */ -@@ -1218,6 +1275,9 @@ static void set_rx_mode(struct net_devic +@@ -1217,6 +1274,9 @@ static void set_rx_mode(struct net_devic spin_unlock_irqrestore(&tp->lock, flags); } @@ -190,7 +190,7 @@ iowrite32(csr6, ioaddr + CSR6); } -@@ -1984,6 +2044,126 @@ static void tulip_remove_one(struct pci_ +@@ -1983,6 +2043,126 @@ static void tulip_remove_one(struct pci_ } #endif /* CONFIG_TULIP_PCI */ @@ -317,7 +317,7 @@ #ifdef CONFIG_NET_POLL_CONTROLLER /* * Polling 'interrupt' - used by things like netconsole to send skbs -@@ -2017,6 +2197,17 @@ static struct pci_driver tulip_pci_drive +@@ -2016,6 +2196,17 @@ static struct pci_driver tulip_pci_drive }; #endif @@ -335,7 +335,7 @@ static int __init tulip_init (void) { -@@ -2033,6 +2224,9 @@ static int __init tulip_init (void) +@@ -2038,6 +2229,9 @@ static int __init tulip_init (void) #ifdef CONFIG_TULIP_PCI ret = pci_register_driver(&tulip_pci_driver); #endif @@ -345,7 +345,7 @@ return ret; } -@@ -2042,6 +2236,9 @@ static void __exit tulip_cleanup (void) +@@ -2047,6 +2241,9 @@ static void __exit tulip_cleanup (void) #ifdef CONFIG_TULIP_PCI pci_unregister_driver (&tulip_pci_driver); #endif diff --git a/target/linux/ar7/patches-3.18/500-serial_kludge.patch b/target/linux/ar7/patches-3.18/500-serial_kludge.patch index 08bd6a6f2d..fc725309a8 100644 --- a/target/linux/ar7/patches-3.18/500-serial_kludge.patch +++ b/target/linux/ar7/patches-3.18/500-serial_kludge.patch @@ -14,7 +14,7 @@ }; /* Uart divisor latch read */ -@@ -3174,7 +3181,11 @@ static void serial8250_console_putchar(s +@@ -3168,7 +3175,11 @@ static void serial8250_console_putchar(s { struct uart_8250_port *up = up_to_u8250p(port); diff --git a/target/linux/ar7/patches-3.18/950-cpmac_titan.patch b/target/linux/ar7/patches-3.18/950-cpmac_titan.patch index f1d432cc4c..3cabae067a 100644 --- a/target/linux/ar7/patches-3.18/950-cpmac_titan.patch +++ b/target/linux/ar7/patches-3.18/950-cpmac_titan.patch @@ -1,6 +1,6 @@ --- a/drivers/net/ethernet/ti/cpmac.c +++ b/drivers/net/ethernet/ti/cpmac.c -@@ -1146,6 +1146,8 @@ static int cpmac_probe(struct platform_d +@@ -1147,6 +1147,8 @@ static int cpmac_probe(struct platform_d goto out; } @@ -9,7 +9,7 @@ dev->irq = platform_get_irq_byname(pdev, "irq"); dev->netdev_ops = &cpmac_netdev_ops; -@@ -1227,7 +1229,7 @@ int cpmac_init(void) +@@ -1228,7 +1230,7 @@ int cpmac_init(void) cpmac_mii->reset = cpmac_mdio_reset; cpmac_mii->irq = mii_irqs; @@ -18,8 +18,8 @@ if (!cpmac_mii->priv) { pr_err("Can't ioremap mdio registers\n"); -@@ -1238,10 +1240,16 @@ int cpmac_init(void) - #warning FIXME: unhardcode gpio&reset bits +@@ -1239,10 +1241,16 @@ int cpmac_init(void) + /* FIXME: unhardcode gpio&reset bits */ ar7_gpio_disable(26); ar7_gpio_disable(27); - ar7_device_reset(AR7_RESET_BIT_CPMAC_LO); @@ -37,7 +37,7 @@ cpmac_mii->reset(cpmac_mii); for (i = 0; i < 300; i++) { -@@ -1258,7 +1266,11 @@ int cpmac_init(void) +@@ -1259,7 +1267,11 @@ int cpmac_init(void) mask = 0; } diff --git a/target/linux/ar71xx/patches-3.18/902-unaligned_access_hacks.patch b/target/linux/ar71xx/patches-3.18/902-unaligned_access_hacks.patch index bf03545e43..34767758d2 100644 --- a/target/linux/ar71xx/patches-3.18/902-unaligned_access_hacks.patch +++ b/target/linux/ar71xx/patches-3.18/902-unaligned_access_hacks.patch @@ -210,7 +210,7 @@ #include #include #include -@@ -837,10 +838,10 @@ static void tcp_v6_send_response(struct +@@ -844,10 +845,10 @@ static void tcp_v6_send_response(struct topt = (__be32 *)(t1 + 1); if (tsecr) { @@ -237,7 +237,7 @@ */ --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c -@@ -386,7 +386,7 @@ int ipv6_recv_error(struct sock *sk, str +@@ -390,7 +390,7 @@ int ipv6_recv_error(struct sock *sk, str ipv6_iface_scope_id(&sin->sin6_addr, IP6CB(skb)->iif); } else { @@ -246,7 +246,7 @@ &sin->sin6_addr); sin->sin6_scope_id = 0; } -@@ -720,12 +720,12 @@ int ip6_datagram_send_ctl(struct net *ne +@@ -724,12 +724,12 @@ int ip6_datagram_send_ctl(struct net *ne } if (fl6->flowlabel&IPV6_FLOWINFO_MASK) { @@ -263,16 +263,7 @@ case IPV6_2292HOPOPTS: --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c -@@ -394,7 +394,7 @@ static void ip6gre_err(struct sk_buff *s - - t = ip6gre_tunnel_lookup(skb->dev, &ipv6h->daddr, &ipv6h->saddr, - flags & GRE_KEY ? -- *(((__be32 *)p) + (grehlen / 4) - 1) : 0, -+ net_hdr_word(((__be32 *)p) + (grehlen / 4) - 1) : 0, - p[1]); - if (t == NULL) - return; -@@ -476,11 +476,11 @@ static int ip6gre_rcv(struct sk_buff *sk +@@ -482,11 +482,11 @@ static int ip6gre_rcv(struct sk_buff *sk offset += 4; } if (flags&GRE_KEY) { @@ -286,7 +277,7 @@ offset += 4; } } -@@ -745,7 +745,7 @@ static netdev_tx_t ip6gre_xmit2(struct s +@@ -751,7 +751,7 @@ static netdev_tx_t ip6gre_xmit2(struct s if (tunnel->parms.o_flags&GRE_SEQ) { ++tunnel->o_seqno; @@ -295,7 +286,7 @@ ptr--; } if (tunnel->parms.o_flags&GRE_KEY) { -@@ -841,7 +841,7 @@ static inline int ip6gre_xmit_ipv6(struc +@@ -847,7 +847,7 @@ static inline int ip6gre_xmit_ipv6(struc dsfield = ipv6_get_dsfield(ipv6h); if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) @@ -306,7 +297,7 @@ if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c -@@ -1291,7 +1291,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str +@@ -1301,7 +1301,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str dsfield = ipv6_get_dsfield(ipv6h); if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) @@ -615,7 +606,7 @@ goto next_ht; --- a/net/ipv6/ip6_offload.c +++ b/net/ipv6/ip6_offload.c -@@ -221,7 +221,7 @@ static struct sk_buff **ipv6_gro_receive +@@ -224,7 +224,7 @@ static struct sk_buff **ipv6_gro_receive continue; iph2 = (struct ipv6hdr *)(p->data + off); @@ -626,7 +617,7 @@ * XXX skbs on the gro_list have all been parsed and pulled --- a/include/net/addrconf.h +++ b/include/net/addrconf.h -@@ -43,7 +43,7 @@ struct prefix_info { +@@ -45,7 +45,7 @@ struct prefix_info { __be32 reserved2; struct in6_addr prefix; @@ -840,7 +831,7 @@ --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -3683,14 +3683,16 @@ static bool tcp_parse_aligned_timestamp( +@@ -3682,14 +3682,16 @@ static bool tcp_parse_aligned_timestamp( { const __be32 *ptr = (const __be32 *)(th + 1); diff --git a/target/linux/bcm53xx/patches-3.18/003-mtd-spi-nor-from-3.19.patch b/target/linux/bcm53xx/patches-3.18/003-mtd-spi-nor-from-3.19.patch index e7e84433ca..6bd1811399 100644 --- a/target/linux/bcm53xx/patches-3.18/003-mtd-spi-nor-from-3.19.patch +++ b/target/linux/bcm53xx/patches-3.18/003-mtd-spi-nor-from-3.19.patch @@ -496,7 +496,7 @@ return 1; ret = read_sr(nor); -@@ -880,11 +896,11 @@ static int spansion_quad_enable(struct s +@@ -887,11 +903,11 @@ static int spansion_quad_enable(struct s return 0; } @@ -510,7 +510,7 @@ case CFI_MFR_MACRONIX: status = macronix_quad_enable(nor); if (status) { -@@ -910,11 +926,6 @@ static int spi_nor_check(struct spi_nor +@@ -917,11 +933,6 @@ static int spi_nor_check(struct spi_nor return -EINVAL; } @@ -522,7 +522,7 @@ return 0; } -@@ -932,16 +943,24 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -939,16 +950,24 @@ int spi_nor_scan(struct spi_nor *nor, co if (ret) return ret; @@ -551,7 +551,7 @@ if (IS_ERR(jid)) { return PTR_ERR(jid); } else if (jid != id) { -@@ -966,10 +985,10 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -973,10 +992,10 @@ int spi_nor_scan(struct spi_nor *nor, co * up with the software protection bits set */ @@ -566,7 +566,7 @@ write_enable(nor); write_sr(nor, 0); } -@@ -984,7 +1003,7 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -991,7 +1010,7 @@ int spi_nor_scan(struct spi_nor *nor, co mtd->_read = spi_nor_read; /* nor protection support for STmicro chips */ @@ -575,7 +575,7 @@ mtd->_lock = spi_nor_lock; mtd->_unlock = spi_nor_unlock; } -@@ -995,9 +1014,8 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -1002,9 +1021,8 @@ int spi_nor_scan(struct spi_nor *nor, co else mtd->_write = spi_nor_write; @@ -587,7 +587,7 @@ #ifdef CONFIG_MTD_SPI_NOR_USE_4K_SECTORS /* prefer "small sector" erase if possible */ -@@ -1038,7 +1056,7 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -1045,7 +1063,7 @@ int spi_nor_scan(struct spi_nor *nor, co /* Quad/Dual-read mode takes precedence over fast/normal */ if (mode == SPI_NOR_QUAD && info->flags & SPI_NOR_QUAD_READ) { @@ -596,7 +596,7 @@ if (ret) { dev_err(dev, "quad mode not supported\n"); return ret; -@@ -1074,7 +1092,7 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -1081,7 +1099,7 @@ int spi_nor_scan(struct spi_nor *nor, co else if (mtd->size > 0x1000000) { /* enable 4-byte addressing if the device exceeds 16MiB */ nor->addr_width = 4; @@ -605,7 +605,7 @@ /* Dedicated 4-byte command set */ switch (nor->flash_read) { case SPI_NOR_QUAD: -@@ -1095,7 +1113,7 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -1102,7 +1120,7 @@ int spi_nor_scan(struct spi_nor *nor, co nor->erase_opcode = SPINOR_OP_SE_4B; mtd->erasesize = info->sector_size; } else diff --git a/target/linux/bcm53xx/patches-3.18/004-mtd-spi-nor-from-3.20.patch b/target/linux/bcm53xx/patches-3.18/004-mtd-spi-nor-from-3.20.patch index 1238785e47..3172e990ca 100644 --- a/target/linux/bcm53xx/patches-3.18/004-mtd-spi-nor-from-3.20.patch +++ b/target/linux/bcm53xx/patches-3.18/004-mtd-spi-nor-from-3.20.patch @@ -23,7 +23,7 @@ /* PMC */ { "pm25lv512", INFO(0, 0, 32 * 1024, 2, SECT_4K_PMC) }, -@@ -896,6 +896,45 @@ static int spansion_quad_enable(struct s +@@ -903,6 +903,45 @@ static int spansion_quad_enable(struct s return 0; } @@ -69,7 +69,7 @@ static int set_quad_mode(struct spi_nor *nor, struct flash_info *info) { int status; -@@ -908,6 +947,13 @@ static int set_quad_mode(struct spi_nor +@@ -915,6 +954,13 @@ static int set_quad_mode(struct spi_nor return -EINVAL; } return status; diff --git a/target/linux/brcm2708/patches-3.18/0012-cma-Add-vc_cma-driver-to-enable-use-of-CMA.patch b/target/linux/brcm2708/patches-3.18/0012-cma-Add-vc_cma-driver-to-enable-use-of-CMA.patch index 2edcd35cd4..90d6c6e004 100644 --- a/target/linux/brcm2708/patches-3.18/0012-cma-Add-vc_cma-driver-to-enable-use-of-CMA.patch +++ b/target/linux/brcm2708/patches-3.18/0012-cma-Add-vc_cma-driver-to-enable-use-of-CMA.patch @@ -22,7 +22,7 @@ Signed-off-by: popcornmix --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig -@@ -581,6 +581,8 @@ config DEVPORT +@@ -583,6 +583,8 @@ config DEVPORT source "drivers/s390/char/Kconfig" diff --git a/target/linux/brcm2708/patches-3.18/0054-hid-Reduce-default-mouse-polling-interval-to-60Hz.patch b/target/linux/brcm2708/patches-3.18/0054-hid-Reduce-default-mouse-polling-interval-to-60Hz.patch index 50326c7e98..9d258d896c 100644 --- a/target/linux/brcm2708/patches-3.18/0054-hid-Reduce-default-mouse-polling-interval-to-60Hz.patch +++ b/target/linux/brcm2708/patches-3.18/0054-hid-Reduce-default-mouse-polling-interval-to-60Hz.patch @@ -19,7 +19,7 @@ Reduces overhead when using X module_param_named(mousepoll, hid_mousepoll_interval, uint, 0644); MODULE_PARM_DESC(mousepoll, "Polling interval of mice"); -@@ -1071,8 +1071,12 @@ static int usbhid_start(struct hid_devic +@@ -1081,8 +1081,12 @@ static int usbhid_start(struct hid_devic } /* Change the polling interval of mice. */ diff --git a/target/linux/brcm2708/patches-3.18/0055-usb-core-make-overcurrent-messages-more-prominent.patch b/target/linux/brcm2708/patches-3.18/0055-usb-core-make-overcurrent-messages-more-prominent.patch index 316f80eb87..0718456a00 100644 --- a/target/linux/brcm2708/patches-3.18/0055-usb-core-make-overcurrent-messages-more-prominent.patch +++ b/target/linux/brcm2708/patches-3.18/0055-usb-core-make-overcurrent-messages-more-prominent.patch @@ -10,7 +10,7 @@ Hub overcurrent messages are more serious than "debug". Increase loglevel. --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c -@@ -4932,7 +4932,7 @@ static void port_event(struct usb_hub *h +@@ -4936,7 +4936,7 @@ static void port_event(struct usb_hub *h if (portchange & USB_PORT_STAT_C_OVERCURRENT) { u16 status = 0, unused; diff --git a/target/linux/brcm2708/patches-3.18/0063-bcm2708-Allow-option-card-devices-to-be-configured-v.patch b/target/linux/brcm2708/patches-3.18/0063-bcm2708-Allow-option-card-devices-to-be-configured-v.patch index c986c840fb..4e0a191fa8 100644 --- a/target/linux/brcm2708/patches-3.18/0063-bcm2708-Allow-option-card-devices-to-be-configured-v.patch +++ b/target/linux/brcm2708/patches-3.18/0063-bcm2708-Allow-option-card-devices-to-be-configured-v.patch @@ -369,7 +369,7 @@ support code with each new device. mmc_of_parse(mmc); --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c -@@ -1086,8 +1086,12 @@ static struct debugfs_blob_wrapper flat_ +@@ -1092,8 +1092,12 @@ static struct debugfs_blob_wrapper flat_ static int __init of_flat_dt_debugfs_export_fdt(void) { diff --git a/target/linux/brcm2708/patches-3.18/0065-fdt-Add-support-for-the-CONFIG_CMDLINE_EXTEND-option.patch b/target/linux/brcm2708/patches-3.18/0065-fdt-Add-support-for-the-CONFIG_CMDLINE_EXTEND-option.patch index 7f61b338db..17d6b927db 100644 --- a/target/linux/brcm2708/patches-3.18/0065-fdt-Add-support-for-the-CONFIG_CMDLINE_EXTEND-option.patch +++ b/target/linux/brcm2708/patches-3.18/0065-fdt-Add-support-for-the-CONFIG_CMDLINE_EXTEND-option.patch @@ -9,7 +9,7 @@ Subject: [PATCH 65/99] fdt: Add support for the CONFIG_CMDLINE_EXTEND option --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c -@@ -901,22 +901,38 @@ int __init early_init_dt_scan_chosen(uns +@@ -907,22 +907,38 @@ int __init early_init_dt_scan_chosen(uns /* Retrieve command line */ p = of_get_flat_dt_prop(node, "bootargs", &l); diff --git a/target/linux/brcm47xx/patches-3.18/400-mtd-bcm47xxpart-get-nvram.patch b/target/linux/brcm47xx/patches-3.18/400-mtd-bcm47xxpart-get-nvram.patch index 4fb8a87d4c..9ffc4ca31c 100644 --- a/target/linux/brcm47xx/patches-3.18/400-mtd-bcm47xxpart-get-nvram.patch +++ b/target/linux/brcm47xx/patches-3.18/400-mtd-bcm47xxpart-get-nvram.patch @@ -8,7 +8,7 @@ /* * Some really old flashes (like AT45DB*) had smaller erasesize-s, but -@@ -334,12 +335,23 @@ static int bcm47xxpart_parse(struct mtd_ +@@ -332,12 +333,23 @@ static int bcm47xxpart_parse(struct mtd_ if (buf[0] == NVRAM_HEADER) { bcm47xxpart_add_part(&parts[curr_part++], "nvram", master->size - blocksize, 0); diff --git a/target/linux/cns3xxx/patches-3.18/025-smp_support.patch b/target/linux/cns3xxx/patches-3.18/025-smp_support.patch index 418c065a97..0f1f5aa630 100644 --- a/target/linux/cns3xxx/patches-3.18/025-smp_support.patch +++ b/target/linux/cns3xxx/patches-3.18/025-smp_support.patch @@ -1,8 +1,8 @@ --- a/arch/arm/mach-cns3xxx/Makefile +++ b/arch/arm/mach-cns3xxx/Makefile -@@ -5,3 +5,5 @@ cns3xxx-y += core.o pm.o - cns3xxx-$(CONFIG_ATAGS) += devices.o +@@ -6,3 +6,5 @@ cns3xxx-$(CONFIG_ATAGS) += devices.o cns3xxx-$(CONFIG_PCI) += pcie.o + CFLAGS_pcie.o += -Wframe-larger-than=1536 # override default 1024, this is safe here cns3xxx-$(CONFIG_MACH_CNS3420VB) += cns3420vb.o +cns3xxx-$(CONFIG_SMP) += platsmp.o headsmp.o +cns3xxx-$(CONFIG_HOTPLUG_CPU) += hotplug.o diff --git a/target/linux/cns3xxx/patches-3.18/040-fiq_support.patch b/target/linux/cns3xxx/patches-3.18/040-fiq_support.patch index 4f09a36f14..acfe338312 100644 --- a/target/linux/cns3xxx/patches-3.18/040-fiq_support.patch +++ b/target/linux/cns3xxx/patches-3.18/040-fiq_support.patch @@ -10,9 +10,9 @@ --- a/arch/arm/mach-cns3xxx/Makefile +++ b/arch/arm/mach-cns3xxx/Makefile -@@ -5,5 +5,5 @@ cns3xxx-y += core.o pm.o - cns3xxx-$(CONFIG_ATAGS) += devices.o +@@ -6,5 +6,5 @@ cns3xxx-$(CONFIG_ATAGS) += devices.o cns3xxx-$(CONFIG_PCI) += pcie.o + CFLAGS_pcie.o += -Wframe-larger-than=1536 # override default 1024, this is safe here cns3xxx-$(CONFIG_MACH_CNS3420VB) += cns3420vb.o -cns3xxx-$(CONFIG_SMP) += platsmp.o headsmp.o +cns3xxx-$(CONFIG_SMP) += platsmp.o headsmp.o cns3xxx_fiq.o diff --git a/target/linux/cns3xxx/patches-3.18/095-gpio_support.patch b/target/linux/cns3xxx/patches-3.18/095-gpio_support.patch index a6ce177493..b95a0897fa 100644 --- a/target/linux/cns3xxx/patches-3.18/095-gpio_support.patch +++ b/target/linux/cns3xxx/patches-3.18/095-gpio_support.patch @@ -32,7 +32,7 @@ +cns3xxx-y += core.o pm.o gpio.o cns3xxx-$(CONFIG_ATAGS) += devices.o cns3xxx-$(CONFIG_PCI) += pcie.o - cns3xxx-$(CONFIG_MACH_CNS3420VB) += cns3420vb.o + CFLAGS_pcie.o += -Wframe-larger-than=1536 # override default 1024, this is safe here --- a/arch/arm/mach-cns3xxx/cns3xxx.h +++ b/arch/arm/mach-cns3xxx/cns3xxx.h @@ -68,8 +68,10 @@ diff --git a/target/linux/cns3xxx/patches-3.18/100-laguna_support.patch b/target/linux/cns3xxx/patches-3.18/100-laguna_support.patch index 3c0bba4316..622ba5453b 100644 --- a/target/linux/cns3xxx/patches-3.18/100-laguna_support.patch +++ b/target/linux/cns3xxx/patches-3.18/100-laguna_support.patch @@ -15,7 +15,7 @@ endif --- a/arch/arm/mach-cns3xxx/Makefile +++ b/arch/arm/mach-cns3xxx/Makefile -@@ -7,3 +7,5 @@ cns3xxx-$(CONFIG_PCI) += pcie.o +@@ -8,3 +8,5 @@ CFLAGS_pcie.o += -Wframe-larger-than= cns3xxx-$(CONFIG_MACH_CNS3420VB) += cns3420vb.o cns3xxx-$(CONFIG_SMP) += platsmp.o headsmp.o cns3xxx_fiq.o cns3xxx-$(CONFIG_HOTPLUG_CPU) += hotplug.o diff --git a/target/linux/gemini/patches-3.18/150-gemini-pata.patch b/target/linux/gemini/patches-3.18/150-gemini-pata.patch index 62a71def76..2fb2be0c98 100644 --- a/target/linux/gemini/patches-3.18/150-gemini-pata.patch +++ b/target/linux/gemini/patches-3.18/150-gemini-pata.patch @@ -123,7 +123,7 @@ .length = SZ_512K, --- a/drivers/ata/Kconfig +++ b/drivers/ata/Kconfig -@@ -536,6 +536,16 @@ config PATA_EP93XX +@@ -539,6 +539,16 @@ config PATA_EP93XX If unsure, say N. diff --git a/target/linux/generic/patches-3.18/041-mtd-bcm47xxpart-backports-from-3.20.patch b/target/linux/generic/patches-3.18/041-mtd-bcm47xxpart-backports-from-3.20.patch index 59180c2084..f3dfa901f1 100644 --- a/target/linux/generic/patches-3.18/041-mtd-bcm47xxpart-backports-from-3.20.patch +++ b/target/linux/generic/patches-3.18/041-mtd-bcm47xxpart-backports-from-3.20.patch @@ -83,7 +83,7 @@ offset + trx->offset[i], 0); i++; -@@ -205,7 +235,8 @@ static int bcm47xxpart_parse(struct mtd_ +@@ -203,7 +233,8 @@ static int bcm47xxpart_parse(struct mtd_ } /* Squashfs on devices not using TRX */ diff --git a/target/linux/generic/patches-3.18/070-bgmac-register-napi-before-the-device.patch b/target/linux/generic/patches-3.18/070-bgmac-register-napi-before-the-device.patch index aa45860e93..0e7e4f8b12 100644 --- a/target/linux/generic/patches-3.18/070-bgmac-register-napi-before-the-device.patch +++ b/target/linux/generic/patches-3.18/070-bgmac-register-napi-before-the-device.patch @@ -13,7 +13,7 @@ Signed-off-by: David S. Miller --- a/drivers/net/ethernet/broadcom/bgmac.c +++ b/drivers/net/ethernet/broadcom/bgmac.c -@@ -1515,6 +1515,8 @@ static int bgmac_probe(struct bcma_devic +@@ -1521,6 +1521,8 @@ static int bgmac_probe(struct bcma_devic if (core->bus->sprom.boardflags_lo & BGMAC_BFL_ENETADM) bgmac_warn(bgmac, "Support for ADMtek ethernet switch not implemented\n"); @@ -22,7 +22,7 @@ Signed-off-by: David S. Miller err = bgmac_mii_register(bgmac); if (err) { bgmac_err(bgmac, "Cannot register MDIO\n"); -@@ -1529,8 +1531,6 @@ static int bgmac_probe(struct bcma_devic +@@ -1535,8 +1537,6 @@ static int bgmac_probe(struct bcma_devic netif_carrier_off(net_dev); @@ -31,7 +31,7 @@ Signed-off-by: David S. Miller return 0; err_mii_unregister: -@@ -1549,9 +1549,9 @@ static void bgmac_remove(struct bcma_dev +@@ -1555,9 +1555,9 @@ static void bgmac_remove(struct bcma_dev { struct bgmac *bgmac = bcma_get_drvdata(core); diff --git a/target/linux/generic/patches-3.18/072-bgmac-fix-device-initialization-on-Northstar-SoCs-co.patch b/target/linux/generic/patches-3.18/072-bgmac-fix-device-initialization-on-Northstar-SoCs-co.patch deleted file mode 100644 index 121d2f4122..0000000000 --- a/target/linux/generic/patches-3.18/072-bgmac-fix-device-initialization-on-Northstar-SoCs-co.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 21697336d46b71dd031f29e426dda0b1e7f06cc0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Wed, 11 Feb 2015 18:06:34 +0100 -Subject: [PATCH] bgmac: fix device initialization on Northstar SoCs (condition - typo) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -On Northstar (Broadcom's ARM architecture) we need to manually enable -all cores. Code for that is already in place, but the condition for it -was wrong. - -Signed-off-by: Rafał Miłecki -Signed-off-by: David S. Miller ---- - drivers/net/ethernet/broadcom/bgmac.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - ---- a/drivers/net/ethernet/broadcom/bgmac.c -+++ b/drivers/net/ethernet/broadcom/bgmac.c -@@ -1412,6 +1412,7 @@ static void bgmac_mii_unregister(struct - /* http://bcm-v4.sipsolutions.net/mac-gbit/gmac/chipattach */ - static int bgmac_probe(struct bcma_device *core) - { -+ struct bcma_chipinfo *ci = &core->bus->chipinfo; - struct net_device *net_dev; - struct bgmac *bgmac; - struct ssb_sprom *sprom = &core->bus->sprom; -@@ -1474,8 +1475,8 @@ static int bgmac_probe(struct bcma_devic - bgmac_chip_reset(bgmac); - - /* For Northstar, we have to take all GMAC core out of reset */ -- if (core->id.id == BCMA_CHIP_ID_BCM4707 || -- core->id.id == BCMA_CHIP_ID_BCM53018) { -+ if (ci->id == BCMA_CHIP_ID_BCM4707 || -+ ci->id == BCMA_CHIP_ID_BCM53018) { - struct bcma_device *ns_core; - int ns_gmac; - diff --git a/target/linux/generic/patches-3.18/077-03-bgmac-implement-scatter-gather-support.patch b/target/linux/generic/patches-3.18/077-03-bgmac-implement-scatter-gather-support.patch index 5cb21a565a..27fa7321e9 100644 --- a/target/linux/generic/patches-3.18/077-03-bgmac-implement-scatter-gather-support.patch +++ b/target/linux/generic/patches-3.18/077-03-bgmac-implement-scatter-gather-support.patch @@ -254,7 +254,7 @@ Signed-off-by: Felix Fietkau } } -@@ -1583,6 +1657,10 @@ static int bgmac_probe(struct bcma_devic +@@ -1588,6 +1662,10 @@ static int bgmac_probe(struct bcma_devic goto err_dma_free; } diff --git a/target/linux/generic/patches-3.18/078-01-bgmac-support-up-to-3-cores-devices-on-a-bus.patch b/target/linux/generic/patches-3.18/078-01-bgmac-support-up-to-3-cores-devices-on-a-bus.patch index d093e89dea..2582538966 100644 --- a/target/linux/generic/patches-3.18/078-01-bgmac-support-up-to-3-cores-devices-on-a-bus.patch +++ b/target/linux/generic/patches-3.18/078-01-bgmac-support-up-to-3-cores-devices-on-a-bus.patch @@ -44,7 +44,7 @@ Signed-off-by: David S. Miller pr_err("Unsupported core_unit %d\n", core->core_unit); return -ENOTSUPP; } -@@ -1588,8 +1597,17 @@ static int bgmac_probe(struct bcma_devic +@@ -1593,8 +1602,17 @@ static int bgmac_probe(struct bcma_devic } bgmac->cmn = core->bus->drv_gmac_cmn.core; diff --git a/target/linux/generic/patches-3.18/078-02-bgmac-add-helper-checking-for-BCM4707-BCM53018-chip-.patch b/target/linux/generic/patches-3.18/078-02-bgmac-add-helper-checking-for-BCM4707-BCM53018-chip-.patch index 63010c1450..3ab953f1c4 100644 --- a/target/linux/generic/patches-3.18/078-02-bgmac-add-helper-checking-for-BCM4707-BCM53018-chip-.patch +++ b/target/linux/generic/patches-3.18/078-02-bgmac-add-helper-checking-for-BCM4707-BCM53018-chip-.patch @@ -94,7 +94,7 @@ Signed-off-by: David S. Miller struct net_device *net_dev; struct bgmac *bgmac; struct ssb_sprom *sprom = &core->bus->sprom; -@@ -1626,8 +1629,7 @@ static int bgmac_probe(struct bcma_devic +@@ -1631,8 +1634,7 @@ static int bgmac_probe(struct bcma_devic bgmac_chip_reset(bgmac); /* For Northstar, we have to take all GMAC core out of reset */ diff --git a/target/linux/generic/patches-3.18/078-04-bgmac-reset-enable-Ethernet-core-before-using-it.patch b/target/linux/generic/patches-3.18/078-04-bgmac-reset-enable-Ethernet-core-before-using-it.patch index 8dac985a72..b3194f04e0 100644 --- a/target/linux/generic/patches-3.18/078-04-bgmac-reset-enable-Ethernet-core-before-using-it.patch +++ b/target/linux/generic/patches-3.18/078-04-bgmac-reset-enable-Ethernet-core-before-using-it.patch @@ -19,9 +19,9 @@ Signed-off-by: David S. Miller --- a/drivers/net/ethernet/broadcom/bgmac.c +++ b/drivers/net/ethernet/broadcom/bgmac.c -@@ -1578,6 +1578,11 @@ static int bgmac_probe(struct bcma_devic - dev_warn(&core->dev, "Using random MAC: %pM\n", mac); - } +@@ -1583,6 +1583,11 @@ static int bgmac_probe(struct bcma_devic + */ + bcma_core_enable(core, 0); + /* This (reset &) enable is not preset in specs or reference driver but + * Broadcom does it in arch PCI code when enabling fake PCI device. diff --git a/target/linux/generic/patches-3.18/080-11-fib_trie-Push-rcu_read_lock-unlock-to-callers.patch b/target/linux/generic/patches-3.18/080-11-fib_trie-Push-rcu_read_lock-unlock-to-callers.patch index fe55323a50..29bec8387d 100644 --- a/target/linux/generic/patches-3.18/080-11-fib_trie-Push-rcu_read_lock-unlock-to-callers.patch +++ b/target/linux/generic/patches-3.18/080-11-fib_trie-Push-rcu_read_lock-unlock-to-callers.patch @@ -172,7 +172,7 @@ Signed-off-by: David S. Miller u32 portid; net = sock_net(skb->sk); -@@ -971,9 +976,7 @@ static void nl_fib_input(struct sk_buff +@@ -972,9 +977,7 @@ static void nl_fib_input(struct sk_buff nlh = nlmsg_hdr(skb); frn = (struct fib_result_nl *) nlmsg_data(nlh); diff --git a/target/linux/generic/patches-3.18/082-ipv6-ip6_fragment-fix-headroom-tests-and-skb-leak.patch b/target/linux/generic/patches-3.18/082-ipv6-ip6_fragment-fix-headroom-tests-and-skb-leak.patch index d3da41e918..9f39e5ba5e 100644 --- a/target/linux/generic/patches-3.18/082-ipv6-ip6_fragment-fix-headroom-tests-and-skb-leak.patch +++ b/target/linux/generic/patches-3.18/082-ipv6-ip6_fragment-fix-headroom-tests-and-skb-leak.patch @@ -44,7 +44,7 @@ Closes 20532 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c -@@ -597,20 +597,22 @@ int ip6_fragment(struct sk_buff *skb, in +@@ -600,20 +600,22 @@ int ip6_fragment(struct sk_buff *skb, in } mtu -= hlen + sizeof(struct frag_hdr); @@ -69,7 +69,7 @@ Closes 20532 goto slow_path_clean; /* Partially cloned skb? */ -@@ -627,8 +629,6 @@ int ip6_fragment(struct sk_buff *skb, in +@@ -630,8 +632,6 @@ int ip6_fragment(struct sk_buff *skb, in err = 0; offset = 0; @@ -78,7 +78,7 @@ Closes 20532 /* BUILD HEADER */ *prevhdr = NEXTHDR_FRAGMENT; -@@ -636,8 +636,11 @@ int ip6_fragment(struct sk_buff *skb, in +@@ -639,8 +639,11 @@ int ip6_fragment(struct sk_buff *skb, in if (!tmp_hdr) { IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS); @@ -91,7 +91,7 @@ Closes 20532 __skb_pull(skb, hlen); fh = (struct frag_hdr *)__skb_push(skb, sizeof(struct frag_hdr)); -@@ -735,7 +738,6 @@ slow_path: +@@ -738,7 +741,6 @@ slow_path: */ *prevhdr = NEXTHDR_FRAGMENT; diff --git a/target/linux/generic/patches-3.18/141-mtd-bcm47xxpart-limit-scanned-flash-area-on-BCM47XX-.patch b/target/linux/generic/patches-3.18/141-mtd-bcm47xxpart-limit-scanned-flash-area-on-BCM47XX-.patch deleted file mode 100644 index 761cff316d..0000000000 --- a/target/linux/generic/patches-3.18/141-mtd-bcm47xxpart-limit-scanned-flash-area-on-BCM47XX-.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Sat, 5 Dec 2015 02:03:32 +0100 -Subject: [PATCH] mtd: bcm47xxpart: limit scanned flash area on BCM47XX (MIPS) - only -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We allowed using bcm47xxpart on BCM5301X arch with commit: -9e3afa5f5c7 ("mtd: bcm47xxpart: allow enabling on ARCH_BCM_5301X") - -BCM5301X devices may contain some partitions in higher memory, e.g. -Netgear R8000 has board_data at 0x2600000. To detect them we should -use size limit on MIPS only. - -Signed-off-by: Rafał Miłecki ---- - drivers/mtd/bcm47xxpart.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/drivers/mtd/bcm47xxpart.c -+++ b/drivers/mtd/bcm47xxpart.c -@@ -118,8 +118,8 @@ static int bcm47xxpart_parse(struct mtd_ - /* Parse block by block looking for magics */ - for (offset = 0; offset <= master->size - blocksize; - offset += blocksize) { -- /* Nothing more in higher memory */ -- if (offset >= 0x2000000) -+ /* Nothing more in higher memory on BCM47XX (MIPS) */ -+ if (config_enabled(CONFIG_BCM47XX) && offset >= 0x2000000) - break; - - if (curr_part >= BCM47XXPART_MAX_PARTS) { diff --git a/target/linux/generic/patches-3.18/142-mtd-bcm47xxpart-don-t-fail-because-of-bit-flips.patch b/target/linux/generic/patches-3.18/142-mtd-bcm47xxpart-don-t-fail-because-of-bit-flips.patch index 9073f795e2..926de5fef7 100644 --- a/target/linux/generic/patches-3.18/142-mtd-bcm47xxpart-don-t-fail-because-of-bit-flips.patch +++ b/target/linux/generic/patches-3.18/142-mtd-bcm47xxpart-don-t-fail-because-of-bit-flips.patch @@ -58,7 +58,7 @@ Signed-off-by: Rafał Miłecki continue; } -@@ -254,10 +258,11 @@ static int bcm47xxpart_parse(struct mtd_ +@@ -252,10 +256,11 @@ static int bcm47xxpart_parse(struct mtd_ } /* Read middle of the block */ @@ -74,7 +74,7 @@ Signed-off-by: Rafał Miłecki continue; } -@@ -277,10 +282,11 @@ static int bcm47xxpart_parse(struct mtd_ +@@ -275,10 +280,11 @@ static int bcm47xxpart_parse(struct mtd_ } offset = master->size - possible_nvram_sizes[i]; diff --git a/target/linux/generic/patches-3.18/191-usb-ehci-orion-fix-probe-for-GENERIC_PHY.patch b/target/linux/generic/patches-3.18/191-usb-ehci-orion-fix-probe-for-GENERIC_PHY.patch deleted file mode 100644 index 5a3dc06c14..0000000000 --- a/target/linux/generic/patches-3.18/191-usb-ehci-orion-fix-probe-for-GENERIC_PHY.patch +++ /dev/null @@ -1,35 +0,0 @@ -From a95f03e51471dbdbafd3391991d867ac2358ed02 Mon Sep 17 00:00:00 2001 -From: Jonas Gorski -Date: Sun, 23 Aug 2015 14:23:29 +0200 -Subject: [PATCH] usb: ehci-orion: fix probe for !GENERIC_PHY - -Commit d445913ce0ab7f ("usb: ehci-orion: add optional PHY support") -added support for optional phys, but devm_phy_optional_get returns --ENOSYS if GENERIC_PHY is not enabled. - -This causes probe failures, even when there are no phys specified: - -[ 1.443365] orion-ehci f1058000.usb: init f1058000.usb fail, -38 -[ 1.449403] orion-ehci: probe of f1058000.usb failed with error -38 - -Similar to dwc3, treat -ENOSYS as no phy. - -Fixes: d445913ce0ab7f ("usb: ehci-orion: add optional PHY support") - -Signed-off-by: Jonas Gorski ---- - drivers/usb/host/ehci-orion.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/drivers/usb/host/ehci-orion.c -+++ b/drivers/usb/host/ehci-orion.c -@@ -226,7 +226,8 @@ static int ehci_orion_drv_probe(struct p - priv->phy = devm_phy_optional_get(&pdev->dev, "usb"); - if (IS_ERR(priv->phy)) { - err = PTR_ERR(priv->phy); -- goto err_phy_get; -+ if (err != -ENOSYS) -+ goto err_phy_get; - } else { - err = phy_init(priv->phy); - if (err) diff --git a/target/linux/generic/patches-3.18/201-extra_optimization.patch b/target/linux/generic/patches-3.18/201-extra_optimization.patch index 2e2ed66161..5a2396cfa3 100644 --- a/target/linux/generic/patches-3.18/201-extra_optimization.patch +++ b/target/linux/generic/patches-3.18/201-extra_optimization.patch @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -614,9 +614,9 @@ KBUILD_CFLAGS += $(call cc-option,-fno-P +@@ -618,9 +618,9 @@ KBUILD_CFLAGS += $(call cc-option,-fno-P KBUILD_AFLAGS += $(call cc-option,-fno-PIE) ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE diff --git a/target/linux/generic/patches-3.18/204-module_strip.patch b/target/linux/generic/patches-3.18/204-module_strip.patch index 7c4006913f..1b361d178e 100644 --- a/target/linux/generic/patches-3.18/204-module_strip.patch +++ b/target/linux/generic/patches-3.18/204-module_strip.patch @@ -32,8 +32,8 @@ Signed-off-by: Felix Fietkau +#if defined(MODULE) && !defined(CONFIG_MODULE_STRIPPED) /* Creates an alias so file2alias.c can find device table. */ #define MODULE_DEVICE_TABLE(type, name) \ - extern const struct type##_device_id __mod_##type##__##name##_device_table \ -@@ -159,7 +160,9 @@ void trim_init_extable(struct module *m) + extern const typeof(name) __mod_##type##__##name##_device_table \ +@@ -159,7 +160,9 @@ extern const typeof(name) __mod_##type## */ #if defined(MODULE) || !defined(CONFIG_SYSFS) @@ -44,7 +44,7 @@ Signed-off-by: Felix Fietkau #else #define MODULE_VERSION(_version) \ static struct module_version_attribute ___modver_attr = { \ -@@ -181,7 +184,7 @@ void trim_init_extable(struct module *m) +@@ -181,7 +184,7 @@ extern const typeof(name) __mod_##type## /* Optional firmware file (or files) needed by the module * format is simply firmware file name. Multiple firmware * files require multiple MODULE_FIRMWARE() specifiers */ @@ -127,7 +127,7 @@ Signed-off-by: Felix Fietkau set_license(mod, get_modinfo(info, "license")); --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c -@@ -1726,7 +1726,9 @@ static void read_symbols(char *modname) +@@ -1758,7 +1758,9 @@ static void read_symbols(char *modname) symname = remove_dot(info.strtab + sym->st_name); handle_modversions(mod, &info, sym, symname); @@ -137,7 +137,7 @@ Signed-off-by: Felix Fietkau } if (!is_vmlinux(modname) || (is_vmlinux(modname) && vmlinux_section_warnings)) -@@ -1870,7 +1872,9 @@ static void add_header(struct buffer *b, +@@ -1902,7 +1904,9 @@ static void add_header(struct buffer *b, buf_printf(b, "#include \n"); buf_printf(b, "#include \n"); buf_printf(b, "\n"); @@ -147,7 +147,7 @@ Signed-off-by: Felix Fietkau buf_printf(b, "\n"); buf_printf(b, "__visible struct module __this_module\n"); buf_printf(b, "__attribute__((section(\".gnu.linkonce.this_module\"))) = {\n"); -@@ -1887,16 +1891,20 @@ static void add_header(struct buffer *b, +@@ -1919,16 +1923,20 @@ static void add_header(struct buffer *b, static void add_intree_flag(struct buffer *b, int is_intree) { @@ -168,7 +168,7 @@ Signed-off-by: Felix Fietkau } /** -@@ -1989,11 +1997,13 @@ static void add_depends(struct buffer *b +@@ -2021,11 +2029,13 @@ static void add_depends(struct buffer *b static void add_srcversion(struct buffer *b, struct module *mod) { @@ -182,7 +182,7 @@ Signed-off-by: Felix Fietkau } static void write_if_changed(struct buffer *b, const char *fname) -@@ -2224,7 +2234,9 @@ int main(int argc, char **argv) +@@ -2256,7 +2266,9 @@ int main(int argc, char **argv) add_staging_flag(&buf, mod->name); err |= add_versions(&buf, mod); add_depends(&buf, mod, modules); diff --git a/target/linux/generic/patches-3.18/214-spidev_h_portability.patch b/target/linux/generic/patches-3.18/214-spidev_h_portability.patch index dbee090547..39fa32ffa2 100644 --- a/target/linux/generic/patches-3.18/214-spidev_h_portability.patch +++ b/target/linux/generic/patches-3.18/214-spidev_h_portability.patch @@ -1,6 +1,6 @@ --- a/include/uapi/linux/spi/spidev.h +++ b/include/uapi/linux/spi/spidev.h -@@ -111,7 +111,7 @@ struct spi_ioc_transfer { +@@ -112,7 +112,7 @@ struct spi_ioc_transfer { /* not all platforms use or _IOC_TYPECHECK() ... */ #define SPI_MSGSIZE(N) \ diff --git a/target/linux/generic/patches-3.18/462-m25p80-mx-disable-software-protection.patch b/target/linux/generic/patches-3.18/462-m25p80-mx-disable-software-protection.patch index fef483a67d..f27220a281 100644 --- a/target/linux/generic/patches-3.18/462-m25p80-mx-disable-software-protection.patch +++ b/target/linux/generic/patches-3.18/462-m25p80-mx-disable-software-protection.patch @@ -1,6 +1,6 @@ --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c -@@ -963,6 +963,7 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -970,6 +970,7 @@ int spi_nor_scan(struct spi_nor *nor, co if (JEDEC_MFR(info->jedec_id) == CFI_MFR_ATMEL || JEDEC_MFR(info->jedec_id) == CFI_MFR_INTEL || diff --git a/target/linux/generic/patches-3.18/540-crypto-xz-decompression-support.patch b/target/linux/generic/patches-3.18/540-crypto-xz-decompression-support.patch index 00b0b7cadd..78d677d94f 100644 --- a/target/linux/generic/patches-3.18/540-crypto-xz-decompression-support.patch +++ b/target/linux/generic/patches-3.18/540-crypto-xz-decompression-support.patch @@ -16,7 +16,7 @@ config CRYPTO_ANSI_CPRNG --- a/crypto/Makefile +++ b/crypto/Makefile -@@ -89,6 +89,7 @@ obj-$(CONFIG_CRYPTO_AUTHENC) += authenc. +@@ -91,6 +91,7 @@ obj-$(CONFIG_CRYPTO_AUTHENC) += authenc. obj-$(CONFIG_CRYPTO_LZO) += lzo.o obj-$(CONFIG_CRYPTO_LZ4) += lz4.o obj-$(CONFIG_CRYPTO_LZ4HC) += lz4hc.o diff --git a/target/linux/generic/patches-3.18/630-packet_socket_type.patch b/target/linux/generic/patches-3.18/630-packet_socket_type.patch index 68a42362dd..e7798c4ecb 100644 --- a/target/linux/generic/patches-3.18/630-packet_socket_type.patch +++ b/target/linux/generic/patches-3.18/630-packet_socket_type.patch @@ -26,7 +26,7 @@ Signed-off-by: Felix Fietkau #define PACKET_FANOUT_LB 1 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -1530,6 +1530,7 @@ static int packet_rcv_spkt(struct sk_buf +@@ -1544,6 +1544,7 @@ static int packet_rcv_spkt(struct sk_buf { struct sock *sk; struct sockaddr_pkt *spkt; @@ -34,7 +34,7 @@ Signed-off-by: Felix Fietkau /* * When we registered the protocol we saved the socket in the data -@@ -1537,6 +1538,7 @@ static int packet_rcv_spkt(struct sk_buf +@@ -1551,6 +1552,7 @@ static int packet_rcv_spkt(struct sk_buf */ sk = pt->af_packet_priv; @@ -42,7 +42,7 @@ Signed-off-by: Felix Fietkau /* * Yank back the headers [hope the device set this -@@ -1549,7 +1551,7 @@ static int packet_rcv_spkt(struct sk_buf +@@ -1563,7 +1565,7 @@ static int packet_rcv_spkt(struct sk_buf * so that this procedure is noop. */ @@ -51,7 +51,7 @@ Signed-off-by: Felix Fietkau goto out; if (!net_eq(dev_net(dev), sock_net(sk))) -@@ -1748,12 +1750,12 @@ static int packet_rcv(struct sk_buff *sk +@@ -1762,12 +1764,12 @@ static int packet_rcv(struct sk_buff *sk int skb_len = skb->len; unsigned int snaplen, res; @@ -67,7 +67,7 @@ Signed-off-by: Felix Fietkau if (!net_eq(dev_net(dev), sock_net(sk))) goto drop; -@@ -1873,12 +1875,12 @@ static int tpacket_rcv(struct sk_buff *s +@@ -1887,12 +1889,12 @@ static int tpacket_rcv(struct sk_buff *s BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h2)) != 32); BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h3)) != 48); @@ -83,7 +83,7 @@ Signed-off-by: Felix Fietkau if (!net_eq(dev_net(dev), sock_net(sk))) goto drop; -@@ -2828,6 +2830,7 @@ static int packet_create(struct net *net +@@ -2848,6 +2850,7 @@ static int packet_create(struct net *net spin_lock_init(&po->bind_lock); mutex_init(&po->pg_vec_lock); po->prot_hook.func = packet_rcv; @@ -91,7 +91,7 @@ Signed-off-by: Felix Fietkau if (sock->type == SOCK_PACKET) po->prot_hook.func = packet_rcv_spkt; -@@ -3409,6 +3412,16 @@ packet_setsockopt(struct socket *sock, i +@@ -3442,6 +3445,16 @@ packet_setsockopt(struct socket *sock, i po->xmit = val ? packet_direct_xmit : dev_queue_xmit; return 0; } @@ -108,7 +108,7 @@ Signed-off-by: Felix Fietkau default: return -ENOPROTOOPT; } -@@ -3460,6 +3473,13 @@ static int packet_getsockopt(struct sock +@@ -3493,6 +3506,13 @@ static int packet_getsockopt(struct sock case PACKET_VNET_HDR: val = po->has_vnet_hdr; break; diff --git a/target/linux/generic/patches-3.18/643-bridge_remove_ipv6_dependency.patch b/target/linux/generic/patches-3.18/643-bridge_remove_ipv6_dependency.patch index 5181806497..49f0285c5f 100644 --- a/target/linux/generic/patches-3.18/643-bridge_remove_ipv6_dependency.patch +++ b/target/linux/generic/patches-3.18/643-bridge_remove_ipv6_dependency.patch @@ -1,6 +1,6 @@ --- a/include/net/addrconf.h +++ b/include/net/addrconf.h -@@ -88,6 +88,12 @@ int ipv6_rcv_saddr_equal(const struct so +@@ -90,6 +90,12 @@ int ipv6_rcv_saddr_equal(const struct so void addrconf_join_solict(struct net_device *dev, const struct in6_addr *addr); void addrconf_leave_solict(struct inet6_dev *idev, const struct in6_addr *addr); @@ -52,7 +52,7 @@ int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr, u32 banned_flags) -@@ -5469,6 +5468,9 @@ int __init addrconf_init(void) +@@ -5473,6 +5472,9 @@ int __init addrconf_init(void) ipv6_addr_label_rtnl_register(); @@ -62,7 +62,7 @@ return 0; errout: rtnl_af_unregister(&inet6_ops); -@@ -5488,6 +5490,9 @@ void addrconf_cleanup(void) +@@ -5492,6 +5494,9 @@ void addrconf_cleanup(void) struct net_device *dev; int i; diff --git a/target/linux/generic/patches-3.18/653-disable_netlink_trim.patch b/target/linux/generic/patches-3.18/653-disable_netlink_trim.patch index b38b87b48f..94fd139c22 100644 --- a/target/linux/generic/patches-3.18/653-disable_netlink_trim.patch +++ b/target/linux/generic/patches-3.18/653-disable_netlink_trim.patch @@ -1,15 +1,12 @@ --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c -@@ -1721,27 +1721,7 @@ void netlink_detachskb(struct sock *sk, +@@ -1107,24 +1107,7 @@ void netlink_detachskb(struct sock *sk, static struct sk_buff *netlink_trim(struct sk_buff *skb, gfp_t allocation) { - int delta; - WARN_ON(skb->sk != NULL); -- if (netlink_skb_is_mmaped(skb)) -- return skb; -- - delta = skb->end - skb->tail; - if (is_vmalloc_addr(skb->head) || delta * 2 < skb->truesize) - return skb; diff --git a/target/linux/generic/patches-3.18/655-increase_skb_pad.patch b/target/linux/generic/patches-3.18/655-increase_skb_pad.patch index 19344cca3f..96f81e9aa7 100644 --- a/target/linux/generic/patches-3.18/655-increase_skb_pad.patch +++ b/target/linux/generic/patches-3.18/655-increase_skb_pad.patch @@ -1,6 +1,6 @@ --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -2023,7 +2023,7 @@ static inline int pskb_network_may_pull( +@@ -2024,7 +2024,7 @@ static inline int pskb_network_may_pull( * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD diff --git a/target/linux/generic/patches-3.18/656-skb_reduce_truesize-helper.patch b/target/linux/generic/patches-3.18/656-skb_reduce_truesize-helper.patch index b326a8b727..0fde9f6e62 100644 --- a/target/linux/generic/patches-3.18/656-skb_reduce_truesize-helper.patch +++ b/target/linux/generic/patches-3.18/656-skb_reduce_truesize-helper.patch @@ -14,7 +14,7 @@ when needed. --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -2068,6 +2068,24 @@ static inline void pskb_trim_unique(stru +@@ -2069,6 +2069,24 @@ static inline void pskb_trim_unique(stru BUG_ON(err); } diff --git a/target/linux/generic/patches-3.18/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch b/target/linux/generic/patches-3.18/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch index 000665f047..43bdbe456d 100644 --- a/target/linux/generic/patches-3.18/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch +++ b/target/linux/generic/patches-3.18/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch @@ -145,7 +145,7 @@ Signed-off-by: Steven Barth if (dev == ip6n->fb_tnl_dev) RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL); else -@@ -771,6 +786,108 @@ int ip6_tnl_rcv_ctl(struct ip6_tnl *t, +@@ -781,6 +796,108 @@ int ip6_tnl_rcv_ctl(struct ip6_tnl *t, } EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl); @@ -254,7 +254,7 @@ Signed-off-by: Steven Barth /** * ip6_tnl_rcv - decapsulate IPv6 packet and retransmit it locally * @skb: received socket buffer -@@ -815,6 +932,26 @@ static int ip6_tnl_rcv(struct sk_buff *s +@@ -825,6 +942,26 @@ static int ip6_tnl_rcv(struct sk_buff *s skb_reset_network_header(skb); skb->protocol = htons(protocol); memset(skb->cb, 0, sizeof(struct inet6_skb_parm)); @@ -281,7 +281,7 @@ Signed-off-by: Steven Barth __skb_tunnel_rx(skb, t->dev, t->net); -@@ -1076,6 +1213,7 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str +@@ -1086,6 +1223,7 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str __u8 dsfield; __u32 mtu; int err; @@ -289,7 +289,7 @@ Signed-off-by: Steven Barth if ((t->parms.proto != IPPROTO_IPIP && t->parms.proto != 0) || !ip6_tnl_xmit_ctl(t)) -@@ -1095,6 +1233,18 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str +@@ -1105,6 +1243,18 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) fl6.flowi6_mark = skb->mark; @@ -308,7 +308,7 @@ Signed-off-by: Steven Barth err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu); if (err != 0) { /* XXX: send ICMP error even if DF is not set. */ -@@ -1263,6 +1413,14 @@ ip6_tnl_change(struct ip6_tnl *t, const +@@ -1273,6 +1423,14 @@ ip6_tnl_change(struct ip6_tnl *t, const t->parms.flowinfo = p->flowinfo; t->parms.link = p->link; t->parms.proto = p->proto; @@ -323,7 +323,7 @@ Signed-off-by: Steven Barth ip6_tnl_dst_reset(t); ip6_tnl_link_config(t); return 0; -@@ -1293,6 +1451,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_ +@@ -1303,6 +1461,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_ p->flowinfo = u->flowinfo; p->link = u->link; p->proto = u->proto; @@ -331,7 +331,7 @@ Signed-off-by: Steven Barth memcpy(p->name, u->name, sizeof(u->name)); } -@@ -1568,6 +1727,15 @@ static int ip6_tnl_validate(struct nlatt +@@ -1578,6 +1737,15 @@ static int ip6_tnl_validate(struct nlatt return 0; } @@ -347,7 +347,7 @@ Signed-off-by: Steven Barth static void ip6_tnl_netlink_parms(struct nlattr *data[], struct __ip6_tnl_parm *parms) { -@@ -1601,6 +1769,46 @@ static void ip6_tnl_netlink_parms(struct +@@ -1611,6 +1779,46 @@ static void ip6_tnl_netlink_parms(struct if (data[IFLA_IPTUN_PROTO]) parms->proto = nla_get_u8(data[IFLA_IPTUN_PROTO]); @@ -394,7 +394,7 @@ Signed-off-by: Steven Barth } static int ip6_tnl_newlink(struct net *src_net, struct net_device *dev, -@@ -1653,6 +1861,12 @@ static void ip6_tnl_dellink(struct net_d +@@ -1663,6 +1871,12 @@ static void ip6_tnl_dellink(struct net_d static size_t ip6_tnl_get_size(const struct net_device *dev) { @@ -407,7 +407,7 @@ Signed-off-by: Steven Barth return /* IFLA_IPTUN_LINK */ nla_total_size(4) + -@@ -1670,6 +1884,24 @@ static size_t ip6_tnl_get_size(const str +@@ -1680,6 +1894,24 @@ static size_t ip6_tnl_get_size(const str nla_total_size(4) + /* IFLA_IPTUN_PROTO */ nla_total_size(1) + @@ -432,7 +432,7 @@ Signed-off-by: Steven Barth 0; } -@@ -1677,6 +1909,9 @@ static int ip6_tnl_fill_info(struct sk_b +@@ -1687,6 +1919,9 @@ static int ip6_tnl_fill_info(struct sk_b { struct ip6_tnl *tunnel = netdev_priv(dev); struct __ip6_tnl_parm *parm = &tunnel->parms; @@ -442,7 +442,7 @@ Signed-off-by: Steven Barth if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) || nla_put(skb, IFLA_IPTUN_LOCAL, sizeof(struct in6_addr), -@@ -1687,8 +1922,27 @@ static int ip6_tnl_fill_info(struct sk_b +@@ -1697,8 +1932,27 @@ static int ip6_tnl_fill_info(struct sk_b nla_put_u8(skb, IFLA_IPTUN_ENCAP_LIMIT, parm->encap_limit) || nla_put_be32(skb, IFLA_IPTUN_FLOWINFO, parm->flowinfo) || nla_put_u32(skb, IFLA_IPTUN_FLAGS, parm->flags) || @@ -471,7 +471,7 @@ Signed-off-by: Steven Barth return 0; nla_put_failure: -@@ -1704,6 +1958,7 @@ static const struct nla_policy ip6_tnl_p +@@ -1714,6 +1968,7 @@ static const struct nla_policy ip6_tnl_p [IFLA_IPTUN_FLOWINFO] = { .type = NLA_U32 }, [IFLA_IPTUN_FLAGS] = { .type = NLA_U32 }, [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, diff --git a/target/linux/generic/patches-3.18/667-ipv6-Fixed-source-specific-default-route-handling.patch b/target/linux/generic/patches-3.18/667-ipv6-Fixed-source-specific-default-route-handling.patch index 0c951069c2..de8745cdc3 100644 --- a/target/linux/generic/patches-3.18/667-ipv6-Fixed-source-specific-default-route-handling.patch +++ b/target/linux/generic/patches-3.18/667-ipv6-Fixed-source-specific-default-route-handling.patch @@ -26,7 +26,7 @@ Signed-off-by: David S. Miller --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c -@@ -903,21 +903,45 @@ static int ip6_dst_lookup_tail(struct so +@@ -906,21 +906,45 @@ static int ip6_dst_lookup_tail(struct so #endif int err; @@ -81,7 +81,7 @@ Signed-off-by: David S. Miller * Here if the dst entry we've looked up --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -2182,9 +2182,10 @@ int ip6_route_get_saddr(struct net *net, +@@ -2184,9 +2184,10 @@ int ip6_route_get_saddr(struct net *net, unsigned int prefs, struct in6_addr *saddr) { diff --git a/target/linux/generic/patches-3.18/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch b/target/linux/generic/patches-3.18/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch index 1bf9dc99dc..f999d44df0 100644 --- a/target/linux/generic/patches-3.18/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch +++ b/target/linux/generic/patches-3.18/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch @@ -155,7 +155,7 @@ Signed-off-by: Jonas Gorski case RTN_THROW: default: rt->dst.error = (cfg->fc_type == RTN_THROW) ? -EAGAIN -@@ -2139,6 +2161,17 @@ static int ip6_pkt_prohibit_out(struct s +@@ -2141,6 +2163,17 @@ static int ip6_pkt_prohibit_out(struct s return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES); } @@ -173,7 +173,7 @@ Signed-off-by: Jonas Gorski /* * Allocate a dst for local (unicast / anycast) address. */ -@@ -2363,7 +2396,8 @@ static int rtm_to_fib6_config(struct sk_ +@@ -2365,7 +2398,8 @@ static int rtm_to_fib6_config(struct sk_ if (rtm->rtm_type == RTN_UNREACHABLE || rtm->rtm_type == RTN_BLACKHOLE || rtm->rtm_type == RTN_PROHIBIT || @@ -183,7 +183,7 @@ Signed-off-by: Jonas Gorski cfg->fc_flags |= RTF_REJECT; if (rtm->rtm_type == RTN_LOCAL) -@@ -2565,6 +2599,9 @@ static int rt6_fill_node(struct net *net +@@ -2567,6 +2601,9 @@ static int rt6_fill_node(struct net *net case -EACCES: rtm->rtm_type = RTN_PROHIBIT; break; @@ -193,7 +193,7 @@ Signed-off-by: Jonas Gorski case -EAGAIN: rtm->rtm_type = RTN_THROW; break; -@@ -2818,6 +2855,8 @@ static int ip6_route_dev_notify(struct n +@@ -2825,6 +2862,8 @@ static int ip6_route_dev_notify(struct n #ifdef CONFIG_IPV6_MULTIPLE_TABLES net->ipv6.ip6_prohibit_entry->dst.dev = dev; net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev); @@ -202,7 +202,7 @@ Signed-off-by: Jonas Gorski net->ipv6.ip6_blk_hole_entry->dst.dev = dev; net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev); #endif -@@ -3034,6 +3073,17 @@ static int __net_init ip6_route_net_init +@@ -3047,6 +3086,17 @@ static int __net_init ip6_route_net_init net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops; dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst, ip6_template_metrics, true); @@ -220,7 +220,7 @@ Signed-off-by: Jonas Gorski #endif net->ipv6.sysctl.flush_delay = 0; -@@ -3052,6 +3102,8 @@ out: +@@ -3065,6 +3115,8 @@ out: return ret; #ifdef CONFIG_IPV6_MULTIPLE_TABLES @@ -229,7 +229,7 @@ Signed-off-by: Jonas Gorski out_ip6_prohibit_entry: kfree(net->ipv6.ip6_prohibit_entry); out_ip6_null_entry: -@@ -3069,6 +3121,7 @@ static void __net_exit ip6_route_net_exi +@@ -3082,6 +3134,7 @@ static void __net_exit ip6_route_net_exi #ifdef CONFIG_IPV6_MULTIPLE_TABLES kfree(net->ipv6.ip6_prohibit_entry); kfree(net->ipv6.ip6_blk_hole_entry); @@ -237,7 +237,7 @@ Signed-off-by: Jonas Gorski #endif dst_entries_destroy(&net->ipv6.ip6_dst_ops); } -@@ -3165,6 +3218,9 @@ int __init ip6_route_init(void) +@@ -3155,6 +3208,9 @@ void __init ip6_route_init_special_entri init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev; init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); @@ -245,5 +245,5 @@ Signed-off-by: Jonas Gorski + init_net.ipv6.ip6_policy_failed_entry->rt6i_idev = + in6_dev_get(init_net.loopback_dev); #endif - ret = fib6_init(); - if (ret) + } + diff --git a/target/linux/generic/patches-3.18/680-NET-skip-GRO-for-foreign-MAC-addresses.patch b/target/linux/generic/patches-3.18/680-NET-skip-GRO-for-foreign-MAC-addresses.patch index 21199fe6c7..6e90149abd 100644 --- a/target/linux/generic/patches-3.18/680-NET-skip-GRO-for-foreign-MAC-addresses.patch +++ b/target/linux/generic/patches-3.18/680-NET-skip-GRO-for-foreign-MAC-addresses.patch @@ -17,7 +17,7 @@ Signed-off-by: Felix Fietkau --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -4002,6 +4002,9 @@ static enum gro_result dev_gro_receive(s +@@ -4009,6 +4009,9 @@ static enum gro_result dev_gro_receive(s enum gro_result ret; int grow; @@ -27,7 +27,7 @@ Signed-off-by: Felix Fietkau if (!(skb->dev->features & NETIF_F_GRO)) goto normal; -@@ -5067,6 +5070,48 @@ static void __netdev_adjacent_dev_unlink +@@ -5080,6 +5083,48 @@ static void __netdev_adjacent_dev_unlink &upper_dev->adj_list.lower); } @@ -76,7 +76,7 @@ Signed-off-by: Felix Fietkau static int __netdev_upper_dev_link(struct net_device *dev, struct net_device *upper_dev, bool master, void *private) -@@ -5127,6 +5172,7 @@ static int __netdev_upper_dev_link(struc +@@ -5140,6 +5185,7 @@ static int __netdev_upper_dev_link(struc goto rollback_lower_mesh; } @@ -84,15 +84,15 @@ Signed-off-by: Felix Fietkau call_netdevice_notifiers(NETDEV_CHANGEUPPER, dev); return 0; -@@ -5244,6 +5290,7 @@ void netdev_upper_dev_unlink(struct net_ +@@ -5257,6 +5303,7 @@ void netdev_upper_dev_unlink(struct net_ list_for_each_entry(i, &upper_dev->all_adj_list.upper, list) - __netdev_adjacent_dev_unlink(dev, i->dev); + __netdev_adjacent_dev_unlink(dev, i->dev, i->ref_nr); + netdev_update_addr_mask(dev); call_netdevice_notifiers(NETDEV_CHANGEUPPER, dev); } EXPORT_SYMBOL(netdev_upper_dev_unlink); -@@ -5763,6 +5810,7 @@ int dev_set_mac_address(struct net_devic +@@ -5776,6 +5823,7 @@ int dev_set_mac_address(struct net_devic if (err) return err; dev->addr_assign_type = NET_ADDR_SET; @@ -113,7 +113,7 @@ Signed-off-by: Felix Fietkau #endif --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -597,7 +597,8 @@ struct sk_buff { +@@ -598,7 +598,8 @@ struct sk_buff { #endif __u8 ipvs_property:1; __u8 inner_protocol_type:1; diff --git a/target/linux/generic/patches-3.18/702-phy_add_aneg_done_function.patch b/target/linux/generic/patches-3.18/702-phy_add_aneg_done_function.patch index d20fc04cb0..63040c0b40 100644 --- a/target/linux/generic/patches-3.18/702-phy_add_aneg_done_function.patch +++ b/target/linux/generic/patches-3.18/702-phy_add_aneg_done_function.patch @@ -1,6 +1,6 @@ --- a/include/linux/phy.h +++ b/include/linux/phy.h -@@ -484,6 +484,12 @@ struct phy_driver { +@@ -480,6 +480,12 @@ struct phy_driver { /* Determines the negotiated speed and duplex */ int (*read_status)(struct phy_device *phydev); diff --git a/target/linux/generic/patches-3.18/703-phy-add-detach-callback-to-struct-phy_driver.patch b/target/linux/generic/patches-3.18/703-phy-add-detach-callback-to-struct-phy_driver.patch index 061e40fb49..ca8e455833 100644 --- a/target/linux/generic/patches-3.18/703-phy-add-detach-callback-to-struct-phy_driver.patch +++ b/target/linux/generic/patches-3.18/703-phy-add-detach-callback-to-struct-phy_driver.patch @@ -12,7 +12,7 @@ --- a/include/linux/phy.h +++ b/include/linux/phy.h -@@ -502,6 +502,12 @@ struct phy_driver { +@@ -498,6 +498,12 @@ struct phy_driver { */ int (*did_interrupt)(struct phy_device *phydev); diff --git a/target/linux/generic/patches-3.18/704-phy-no-genphy-soft-reset.patch b/target/linux/generic/patches-3.18/704-phy-no-genphy-soft-reset.patch index 0350f9efe4..0c78ee1be5 100644 --- a/target/linux/generic/patches-3.18/704-phy-no-genphy-soft-reset.patch +++ b/target/linux/generic/patches-3.18/704-phy-no-genphy-soft-reset.patch @@ -9,16 +9,7 @@ { /* Do nothing for now */ return 0; -@@ -1347,7 +1347,7 @@ static struct phy_driver genphy_driver[] - .phy_id = 0xffffffff, - .phy_id_mask = 0xffffffff, - .name = "Generic PHY", -- .soft_reset = genphy_soft_reset, -+ .soft_reset = no_soft_reset, - .config_init = genphy_config_init, - .features = PHY_GBIT_FEATURES | SUPPORTED_MII | - SUPPORTED_AUI | SUPPORTED_FIBRE | -@@ -1362,7 +1362,7 @@ static struct phy_driver genphy_driver[] +@@ -1364,7 +1364,7 @@ static struct phy_driver genphy_driver[] .phy_id = 0xffffffff, .phy_id_mask = 0xffffffff, .name = "Generic 10G PHY", diff --git a/target/linux/generic/patches-3.18/721-phy_packets.patch b/target/linux/generic/patches-3.18/721-phy_packets.patch index 99811c6242..5d6a8782c0 100644 --- a/target/linux/generic/patches-3.18/721-phy_packets.patch +++ b/target/linux/generic/patches-3.18/721-phy_packets.patch @@ -41,7 +41,7 @@ */ --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -2054,6 +2054,10 @@ static inline int pskb_trim(struct sk_bu +@@ -2055,6 +2055,10 @@ static inline int pskb_trim(struct sk_bu return (len < skb->len) ? __pskb_trim(skb, len) : 0; } @@ -52,7 +52,7 @@ /** * pskb_trim_unique - remove end from a paged unique (not cloned) buffer * @skb: buffer to alter -@@ -2180,16 +2184,6 @@ static inline struct sk_buff *dev_alloc_ +@@ -2181,16 +2185,6 @@ static inline struct sk_buff *dev_alloc_ } @@ -86,7 +86,7 @@ help --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -2623,10 +2623,20 @@ static int xmit_one(struct sk_buff *skb, +@@ -2629,10 +2629,20 @@ static int xmit_one(struct sk_buff *skb, if (!list_empty(&ptype_all)) dev_queue_xmit_nit(skb, dev); @@ -121,7 +121,7 @@ #include #include -@@ -469,6 +470,22 @@ struct sk_buff *__netdev_alloc_skb(struc +@@ -471,6 +472,22 @@ struct sk_buff *__netdev_alloc_skb(struc } EXPORT_SYMBOL(__netdev_alloc_skb); diff --git a/target/linux/generic/patches-3.18/750-hostap_txpower.patch b/target/linux/generic/patches-3.18/750-hostap_txpower.patch index 768c80f73b..9a8cb7fb5c 100644 --- a/target/linux/generic/patches-3.18/750-hostap_txpower.patch +++ b/target/linux/generic/patches-3.18/750-hostap_txpower.patch @@ -64,7 +64,7 @@ #endif /* HOSTAP_H */ --- a/drivers/net/wireless/hostap/hostap_hw.c +++ b/drivers/net/wireless/hostap/hostap_hw.c -@@ -928,6 +928,7 @@ static int hfa384x_set_rid(struct net_de +@@ -933,6 +933,7 @@ static int hfa384x_set_rid(struct net_de prism2_hw_reset(dev); } diff --git a/target/linux/generic/patches-3.18/773-bgmac-add-srab-switch.patch b/target/linux/generic/patches-3.18/773-bgmac-add-srab-switch.patch index 9f39c8000e..758bc3a852 100644 --- a/target/linux/generic/patches-3.18/773-bgmac-add-srab-switch.patch +++ b/target/linux/generic/patches-3.18/773-bgmac-add-srab-switch.patch @@ -30,7 +30,7 @@ Signed-off-by: Hauke Mehrtens /************************************************** * BCMA bus ops **************************************************/ -@@ -1688,6 +1700,14 @@ static int bgmac_probe(struct bcma_devic +@@ -1693,6 +1705,14 @@ static int bgmac_probe(struct bcma_devic net_dev->hw_features = net_dev->features; net_dev->vlan_features = net_dev->features; @@ -45,7 +45,7 @@ Signed-off-by: Hauke Mehrtens err = register_netdev(bgmac->net_dev); if (err) { bgmac_err(bgmac, "Cannot register net device\n"); -@@ -1714,6 +1734,10 @@ static void bgmac_remove(struct bcma_dev +@@ -1719,6 +1739,10 @@ static void bgmac_remove(struct bcma_dev { struct bgmac *bgmac = bcma_get_drvdata(core); diff --git a/target/linux/generic/patches-3.18/811-pci_disable_usb_common_quirks.patch b/target/linux/generic/patches-3.18/811-pci_disable_usb_common_quirks.patch index a7bf0bb9fa..ddc8549634 100644 --- a/target/linux/generic/patches-3.18/811-pci_disable_usb_common_quirks.patch +++ b/target/linux/generic/patches-3.18/811-pci_disable_usb_common_quirks.patch @@ -1,7 +1,7 @@ --- a/drivers/usb/host/pci-quirks.c +++ b/drivers/usb/host/pci-quirks.c -@@ -97,6 +97,8 @@ struct amd_chipset_type { +@@ -98,6 +98,8 @@ struct amd_chipset_type { u8 rev; }; @@ -10,7 +10,7 @@ static struct amd_chipset_info { struct pci_dev *nb_dev; struct pci_dev *smbus_dev; -@@ -454,6 +456,10 @@ void usb_amd_dev_put(void) +@@ -462,6 +464,10 @@ void usb_amd_dev_put(void) } EXPORT_SYMBOL_GPL(usb_amd_dev_put); @@ -21,7 +21,7 @@ /* * Make sure the controller is completely inactive, unable to * generate interrupts or do DMA. -@@ -533,8 +539,17 @@ reset_needed: +@@ -541,8 +547,17 @@ reset_needed: uhci_reset_hc(pdev, base); return 1; } @@ -39,7 +39,7 @@ static inline int io_type_enabled(struct pci_dev *pdev, unsigned int mask) { u16 cmd; -@@ -1095,3 +1110,4 @@ static void quirk_usb_early_handoff(stru +@@ -1103,3 +1118,4 @@ static void quirk_usb_early_handoff(stru } DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_SERIAL_USB, 8, quirk_usb_early_handoff); diff --git a/target/linux/generic/patches-3.18/902-debloat_proc.patch b/target/linux/generic/patches-3.18/902-debloat_proc.patch index 79cecf90d4..fba60ae220 100644 --- a/target/linux/generic/patches-3.18/902-debloat_proc.patch +++ b/target/linux/generic/patches-3.18/902-debloat_proc.patch @@ -173,7 +173,7 @@ goto err; --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -2933,6 +2933,8 @@ static __net_initdata struct pernet_oper +@@ -2941,6 +2941,8 @@ static __net_initdata struct pernet_oper static int __init proto_init(void) { diff --git a/target/linux/generic/patches-3.18/940-ocf_kbuild_integration.patch b/target/linux/generic/patches-3.18/940-ocf_kbuild_integration.patch index 240f15eb61..7cf94153e8 100644 --- a/target/linux/generic/patches-3.18/940-ocf_kbuild_integration.patch +++ b/target/linux/generic/patches-3.18/940-ocf_kbuild_integration.patch @@ -9,7 +9,7 @@ + --- a/crypto/Makefile +++ b/crypto/Makefile -@@ -101,6 +101,8 @@ obj-$(CONFIG_CRYPTO_USER_API) += af_alg. +@@ -103,6 +103,8 @@ obj-$(CONFIG_CRYPTO_USER_API) += af_alg. obj-$(CONFIG_CRYPTO_USER_API_HASH) += algif_hash.o obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o diff --git a/target/linux/generic/patches-3.18/997-device_tree_cmdline.patch b/target/linux/generic/patches-3.18/997-device_tree_cmdline.patch index dd725b01b1..61fe71b784 100644 --- a/target/linux/generic/patches-3.18/997-device_tree_cmdline.patch +++ b/target/linux/generic/patches-3.18/997-device_tree_cmdline.patch @@ -1,6 +1,6 @@ --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c -@@ -903,6 +903,9 @@ int __init early_init_dt_scan_chosen(uns +@@ -909,6 +909,9 @@ int __init early_init_dt_scan_chosen(uns p = of_get_flat_dt_prop(node, "bootargs", &l); if (p != NULL && l > 0) strlcpy(data, p, min((int)l, COMMAND_LINE_SIZE)); diff --git a/target/linux/imx6/patches-3.18/201-pci_imx6_ventana_fixup-for-IRQ-mismapping.patch b/target/linux/imx6/patches-3.18/201-pci_imx6_ventana_fixup-for-IRQ-mismapping.patch index 4e75086c9e..e81cb31138 100644 --- a/target/linux/imx6/patches-3.18/201-pci_imx6_ventana_fixup-for-IRQ-mismapping.patch +++ b/target/linux/imx6/patches-3.18/201-pci_imx6_ventana_fixup-for-IRQ-mismapping.patch @@ -71,7 +71,7 @@ Date: Thu Feb 27 00:59:53 2014 -0800 return ret; --- a/include/linux/pci_ids.h +++ b/include/linux/pci_ids.h -@@ -827,6 +827,7 @@ +@@ -828,6 +828,7 @@ #define PCI_DEVICE_ID_TI_XX12 0x8039 #define PCI_DEVICE_ID_TI_XX12_FM 0x803b #define PCI_DEVICE_ID_TI_XIO2000A 0x8231 diff --git a/target/linux/imx6/patches-3.18/202-net-igb-add-i210-i211-support-for-phy-read-write.patch b/target/linux/imx6/patches-3.18/202-net-igb-add-i210-i211-support-for-phy-read-write.patch index fb4b722569..9de5dfe44a 100644 --- a/target/linux/imx6/patches-3.18/202-net-igb-add-i210-i211-support-for-phy-read-write.patch +++ b/target/linux/imx6/patches-3.18/202-net-igb-add-i210-i211-support-for-phy-read-write.patch @@ -10,7 +10,7 @@ Date: Thu May 15 00:12:26 2014 -0700 --- a/drivers/net/ethernet/intel/igb/e1000_phy.c +++ b/drivers/net/ethernet/intel/igb/e1000_phy.c -@@ -135,7 +135,7 @@ out: +@@ -139,7 +139,7 @@ out: s32 igb_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) { struct e1000_phy_info *phy = &hw->phy; @@ -19,7 +19,7 @@ Date: Thu May 15 00:12:26 2014 -0700 s32 ret_val = 0; if (offset > MAX_PHY_REG_ADDRESS) { -@@ -148,11 +148,25 @@ s32 igb_read_phy_reg_mdic(struct e1000_h +@@ -152,11 +152,25 @@ s32 igb_read_phy_reg_mdic(struct e1000_h * Control register. The MAC will take care of interfacing with the * PHY to retrieve the desired data. */ @@ -48,7 +48,7 @@ Date: Thu May 15 00:12:26 2014 -0700 /* Poll the ready bit to see if the MDI read completed * Increasing the time out as testing showed failures with -@@ -177,6 +191,18 @@ s32 igb_read_phy_reg_mdic(struct e1000_h +@@ -181,6 +195,18 @@ s32 igb_read_phy_reg_mdic(struct e1000_h *data = (u16) mdic; out: @@ -67,7 +67,7 @@ Date: Thu May 15 00:12:26 2014 -0700 return ret_val; } -@@ -191,7 +217,7 @@ out: +@@ -195,7 +221,7 @@ out: s32 igb_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data) { struct e1000_phy_info *phy = &hw->phy; @@ -76,7 +76,7 @@ Date: Thu May 15 00:12:26 2014 -0700 s32 ret_val = 0; if (offset > MAX_PHY_REG_ADDRESS) { -@@ -204,12 +230,27 @@ s32 igb_write_phy_reg_mdic(struct e1000_ +@@ -208,12 +234,27 @@ s32 igb_write_phy_reg_mdic(struct e1000_ * Control register. The MAC will take care of interfacing with the * PHY to retrieve the desired data. */ @@ -108,7 +108,7 @@ Date: Thu May 15 00:12:26 2014 -0700 /* Poll the ready bit to see if the MDI read completed * Increasing the time out as testing showed failures with -@@ -233,6 +274,18 @@ s32 igb_write_phy_reg_mdic(struct e1000_ +@@ -237,6 +278,18 @@ s32 igb_write_phy_reg_mdic(struct e1000_ } out: diff --git a/target/linux/imx6/patches-3.18/203-net-igb-add-phy-read-write-functions-that-accept-phy.patch b/target/linux/imx6/patches-3.18/203-net-igb-add-phy-read-write-functions-that-accept-phy.patch index 7869b1cf53..0feb878835 100644 --- a/target/linux/imx6/patches-3.18/203-net-igb-add-phy-read-write-functions-that-accept-phy.patch +++ b/target/linux/imx6/patches-3.18/203-net-igb-add-phy-read-write-functions-that-accept-phy.patch @@ -16,7 +16,7 @@ Signed-off-by: Tim Harvey --- a/drivers/net/ethernet/intel/igb/e1000_82575.c +++ b/drivers/net/ethernet/intel/igb/e1000_82575.c -@@ -2129,7 +2129,7 @@ static s32 igb_read_phy_reg_82580(struct +@@ -2140,7 +2140,7 @@ static s32 igb_read_phy_reg_82580(struct if (ret_val) goto out; @@ -25,7 +25,7 @@ Signed-off-by: Tim Harvey hw->phy.ops.release(hw); -@@ -2154,7 +2154,7 @@ static s32 igb_write_phy_reg_82580(struc +@@ -2165,7 +2165,7 @@ static s32 igb_write_phy_reg_82580(struc if (ret_val) goto out; @@ -36,7 +36,7 @@ Signed-off-by: Tim Harvey --- a/drivers/net/ethernet/intel/igb/e1000_phy.c +++ b/drivers/net/ethernet/intel/igb/e1000_phy.c -@@ -132,9 +132,8 @@ out: +@@ -136,9 +136,8 @@ out: * Reads the MDI control regsiter in the PHY at offset and stores the * information read to data. **/ @@ -47,7 +47,7 @@ Signed-off-by: Tim Harvey u32 i, mdicnfg, mdic = 0; s32 ret_val = 0; -@@ -153,14 +152,14 @@ s32 igb_read_phy_reg_mdic(struct e1000_h +@@ -157,14 +156,14 @@ s32 igb_read_phy_reg_mdic(struct e1000_h case e1000_i211: mdicnfg = rd32(E1000_MDICNFG); mdicnfg &= ~(E1000_MDICNFG_PHY_MASK); @@ -64,7 +64,7 @@ Signed-off-by: Tim Harvey (E1000_MDIC_OP_READ)); break; } -@@ -214,9 +213,8 @@ out: +@@ -218,9 +217,8 @@ out: * * Writes data to MDI control register in the PHY at offset. **/ @@ -75,7 +75,7 @@ Signed-off-by: Tim Harvey u32 i, mdicnfg, mdic = 0; s32 ret_val = 0; -@@ -235,7 +233,7 @@ s32 igb_write_phy_reg_mdic(struct e1000_ +@@ -239,7 +237,7 @@ s32 igb_write_phy_reg_mdic(struct e1000_ case e1000_i211: mdicnfg = rd32(E1000_MDICNFG); mdicnfg &= ~(E1000_MDICNFG_PHY_MASK); @@ -84,7 +84,7 @@ Signed-off-by: Tim Harvey wr32(E1000_MDICNFG, mdicnfg); mdic = (((u32)data) | (offset << E1000_MDIC_REG_SHIFT) | -@@ -244,7 +242,7 @@ s32 igb_write_phy_reg_mdic(struct e1000_ +@@ -248,7 +246,7 @@ s32 igb_write_phy_reg_mdic(struct e1000_ default: mdic = (((u32)data) | (offset << E1000_MDIC_REG_SHIFT) | @@ -93,7 +93,7 @@ Signed-off-by: Tim Harvey (E1000_MDIC_OP_WRITE)); break; } -@@ -464,7 +462,7 @@ s32 igb_read_phy_reg_igp(struct e1000_hw +@@ -468,7 +466,7 @@ s32 igb_read_phy_reg_igp(struct e1000_hw goto out; if (offset > MAX_PHY_MULTI_PAGE_REG) { @@ -102,7 +102,7 @@ Signed-off-by: Tim Harvey IGP01E1000_PHY_PAGE_SELECT, (u16)offset); if (ret_val) { -@@ -473,8 +471,8 @@ s32 igb_read_phy_reg_igp(struct e1000_hw +@@ -477,8 +475,8 @@ s32 igb_read_phy_reg_igp(struct e1000_hw } } @@ -113,7 +113,7 @@ Signed-off-by: Tim Harvey hw->phy.ops.release(hw); -@@ -503,7 +501,7 @@ s32 igb_write_phy_reg_igp(struct e1000_h +@@ -507,7 +505,7 @@ s32 igb_write_phy_reg_igp(struct e1000_h goto out; if (offset > MAX_PHY_MULTI_PAGE_REG) { @@ -122,7 +122,7 @@ Signed-off-by: Tim Harvey IGP01E1000_PHY_PAGE_SELECT, (u16)offset); if (ret_val) { -@@ -512,8 +510,8 @@ s32 igb_write_phy_reg_igp(struct e1000_h +@@ -516,8 +514,8 @@ s32 igb_write_phy_reg_igp(struct e1000_h } } @@ -133,7 +133,7 @@ Signed-off-by: Tim Harvey hw->phy.ops.release(hw); -@@ -2464,8 +2462,9 @@ out: +@@ -2468,8 +2466,9 @@ out: } /** @@ -144,7 +144,7 @@ Signed-off-by: Tim Harvey * @offset: lower half is register offset to write to * upper half is page to use. * @data: data to write at register offset -@@ -2473,7 +2472,7 @@ out: +@@ -2477,7 +2476,7 @@ out: * Acquires semaphore, if necessary, then writes the data to PHY register * at the offset. Release any acquired semaphores before exiting. **/ @@ -153,7 +153,7 @@ Signed-off-by: Tim Harvey { s32 ret_val; u16 page = offset >> GS40G_PAGE_SHIFT; -@@ -2483,10 +2482,10 @@ s32 igb_write_phy_reg_gs40g(struct e1000 +@@ -2487,10 +2486,10 @@ s32 igb_write_phy_reg_gs40g(struct e1000 if (ret_val) return ret_val; @@ -166,7 +166,7 @@ Signed-off-by: Tim Harvey release: hw->phy.ops.release(hw); -@@ -2494,8 +2493,24 @@ release: +@@ -2498,8 +2497,24 @@ release: } /** @@ -192,7 +192,7 @@ Signed-off-by: Tim Harvey * @offset: lower half is register offset to read to * upper half is page to use. * @data: data to read at register offset -@@ -2503,7 +2518,7 @@ release: +@@ -2507,7 +2522,7 @@ release: * Acquires semaphore, if necessary, then reads the data in the PHY register * at the offset. Release any acquired semaphores before exiting. **/ @@ -201,7 +201,7 @@ Signed-off-by: Tim Harvey { s32 ret_val; u16 page = offset >> GS40G_PAGE_SHIFT; -@@ -2513,10 +2528,10 @@ s32 igb_read_phy_reg_gs40g(struct e1000_ +@@ -2517,10 +2532,10 @@ s32 igb_read_phy_reg_gs40g(struct e1000_ if (ret_val) return ret_val; @@ -214,7 +214,7 @@ Signed-off-by: Tim Harvey release: hw->phy.ops.release(hw); -@@ -2524,6 +2539,21 @@ release: +@@ -2528,6 +2543,21 @@ release: } /** diff --git a/target/linux/imx6/patches-3.18/204-net-igb-register-mii_bus-for-SerDes-w-external-phy.patch b/target/linux/imx6/patches-3.18/204-net-igb-register-mii_bus-for-SerDes-w-external-phy.patch index 129a0bcbae..6ee3435260 100644 --- a/target/linux/imx6/patches-3.18/204-net-igb-register-mii_bus-for-SerDes-w-external-phy.patch +++ b/target/linux/imx6/patches-3.18/204-net-igb-register-mii_bus-for-SerDes-w-external-phy.patch @@ -23,7 +23,7 @@ Signed-off-by: Tim Harvey --- a/drivers/net/ethernet/intel/igb/e1000_82575.c +++ b/drivers/net/ethernet/intel/igb/e1000_82575.c -@@ -598,13 +598,25 @@ static s32 igb_get_invariants_82575(stru +@@ -609,13 +609,25 @@ static s32 igb_get_invariants_82575(stru switch (link_mode) { case E1000_CTRL_EXT_LINK_MODE_1000BASE_KX: hw->phy.media_type = e1000_media_type_internal_serdes; @@ -49,7 +49,7 @@ Signed-off-by: Tim Harvey } /* fall through for I2C based SGMII */ case E1000_CTRL_EXT_LINK_MODE_PCIE_SERDES: -@@ -621,8 +633,11 @@ static s32 igb_get_invariants_82575(stru +@@ -632,8 +644,11 @@ static s32 igb_get_invariants_82575(stru hw->phy.media_type = e1000_media_type_copper; dev_spec->sgmii_active = true; } @@ -259,7 +259,7 @@ Signed-off-by: Tim Harvey /* start the watchdog. */ hw->mac.get_link_status = 1; schedule_work(&adapter->watchdog_task); -@@ -7111,21 +7249,41 @@ void igb_alloc_rx_buffers(struct igb_rin +@@ -7113,21 +7251,41 @@ void igb_alloc_rx_buffers(struct igb_rin static int igb_mii_ioctl(struct net_device *netdev, struct ifreq *ifr, int cmd) { struct igb_adapter *adapter = netdev_priv(netdev); diff --git a/target/linux/ixp4xx/patches-3.18/600-skb_avoid_dmabounce.patch b/target/linux/ixp4xx/patches-3.18/600-skb_avoid_dmabounce.patch index 65b1c1f51e..f495fbf2bf 100644 --- a/target/linux/ixp4xx/patches-3.18/600-skb_avoid_dmabounce.patch +++ b/target/linux/ixp4xx/patches-3.18/600-skb_avoid_dmabounce.patch @@ -1,6 +1,6 @@ --- a/net/core/skbuff.c +++ b/net/core/skbuff.c -@@ -210,6 +210,9 @@ struct sk_buff *__alloc_skb(unsigned int +@@ -212,6 +212,9 @@ struct sk_buff *__alloc_skb(unsigned int if (sk_memalloc_socks() && (flags & SKB_ALLOC_RX)) gfp_mask |= __GFP_MEMALLOC; @@ -10,7 +10,7 @@ /* Get the HEAD */ skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node); -@@ -1096,6 +1099,10 @@ int pskb_expand_head(struct sk_buff *skb +@@ -1098,6 +1101,10 @@ int pskb_expand_head(struct sk_buff *skb if (skb_shared(skb)) BUG(); diff --git a/target/linux/lantiq/patches-3.18/0001-MIPS-lantiq-add-pcie-driver.patch b/target/linux/lantiq/patches-3.18/0001-MIPS-lantiq-add-pcie-driver.patch index 4e0a51298e..f68ed54dc5 100644 --- a/target/linux/lantiq/patches-3.18/0001-MIPS-lantiq-add-pcie-driver.patch +++ b/target/linux/lantiq/patches-3.18/0001-MIPS-lantiq-add-pcie-driver.patch @@ -5525,7 +5525,7 @@ Signed-off-by: John Crispin unsigned long type); --- a/include/linux/pci_ids.h +++ b/include/linux/pci_ids.h -@@ -1050,6 +1050,12 @@ +@@ -1051,6 +1051,12 @@ #define PCI_DEVICE_ID_SGI_LITHIUM 0x1002 #define PCI_DEVICE_ID_SGI_IOC4 0x100a diff --git a/target/linux/lantiq/patches-3.18/0026-NET-multi-phy-support.patch b/target/linux/lantiq/patches-3.18/0026-NET-multi-phy-support.patch index 5943602adb..3089710ed2 100644 --- a/target/linux/lantiq/patches-3.18/0026-NET-multi-phy-support.patch +++ b/target/linux/lantiq/patches-3.18/0026-NET-multi-phy-support.patch @@ -43,7 +43,7 @@ Signed-off-by: John Crispin } --- a/include/linux/phy.h +++ b/include/linux/phy.h -@@ -364,6 +364,7 @@ struct phy_device { +@@ -360,6 +360,7 @@ struct phy_device { bool is_c45; bool is_internal; bool has_fixups; diff --git a/target/linux/lantiq/patches-3.18/0032-USB-fix-roothub-for-IFXHCD.patch b/target/linux/lantiq/patches-3.18/0032-USB-fix-roothub-for-IFXHCD.patch index 4278669dda..dcd8461a0e 100644 --- a/target/linux/lantiq/patches-3.18/0032-USB-fix-roothub-for-IFXHCD.patch +++ b/target/linux/lantiq/patches-3.18/0032-USB-fix-roothub-for-IFXHCD.patch @@ -20,7 +20,7 @@ Subject: [PATCH 32/36] USB: fix roothub for IFXHCD choice --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c -@@ -4321,7 +4321,7 @@ hub_port_init (struct usb_hub *hub, stru +@@ -4323,7 +4323,7 @@ hub_port_init (struct usb_hub *hub, stru udev->ttport = hdev->ttport; } else if (udev->speed != USB_SPEED_HIGH && hdev->speed == USB_SPEED_HIGH) { diff --git a/target/linux/mcs814x/patches-3.18/008-mcs814x_gpio.patch b/target/linux/mcs814x/patches-3.18/008-mcs814x_gpio.patch index 92c85a700f..f0944bffd3 100644 --- a/target/linux/mcs814x/patches-3.18/008-mcs814x_gpio.patch +++ b/target/linux/mcs814x/patches-3.18/008-mcs814x_gpio.patch @@ -1,6 +1,6 @@ --- a/drivers/gpio/Kconfig +++ b/drivers/gpio/Kconfig -@@ -819,6 +819,12 @@ config GPIO_MC33880 +@@ -820,6 +820,12 @@ config GPIO_MC33880 SPI driver for Freescale MC33880 high-side/low-side switch. This provides GPIO interface supporting inputs and outputs. diff --git a/target/linux/mvebu/files/arch/arm/boot/dts/armada-385-linksys.dtsi b/target/linux/mvebu/files/arch/arm/boot/dts/armada-385-linksys.dtsi index c6caa86565..969634248f 100644 --- a/target/linux/mvebu/files/arch/arm/boot/dts/armada-385-linksys.dtsi +++ b/target/linux/mvebu/files/arch/arm/boot/dts/armada-385-linksys.dtsi @@ -116,7 +116,7 @@ }; /* USB part of the eSATA/USB 2.0 port */ - usb@50000 { + usb@58000 { status = "okay"; }; diff --git a/target/linux/mvebu/patches-3.18/700-usb_xhci_plat_phy_support.patch b/target/linux/mvebu/patches-3.18/700-usb_xhci_plat_phy_support.patch index 7631b6c5cd..93666dbc78 100644 --- a/target/linux/mvebu/patches-3.18/700-usb_xhci_plat_phy_support.patch +++ b/target/linux/mvebu/patches-3.18/700-usb_xhci_plat_phy_support.patch @@ -37,8 +37,8 @@ put_usb3_hcd: usb_put_hcd(xhci->shared_hcd); -@@ -190,6 +206,7 @@ static int xhci_plat_remove(struct platf - struct clk *clk = xhci->clk; +@@ -192,6 +208,7 @@ static int xhci_plat_remove(struct platf + xhci->xhc_state |= XHCI_STATE_REMOVING; usb_remove_hcd(xhci->shared_hcd); + usb_phy_shutdown(hcd->usb_phy); diff --git a/target/linux/omap/patches-3.18/0334-video-da8xx-fb-adding-dt-support.patch b/target/linux/omap/patches-3.18/0334-video-da8xx-fb-adding-dt-support.patch index 265602cdca..8c1c3d4784 100644 --- a/target/linux/omap/patches-3.18/0334-video-da8xx-fb-adding-dt-support.patch +++ b/target/linux/omap/patches-3.18/0334-video-da8xx-fb-adding-dt-support.patch @@ -88,7 +88,7 @@ Signed-off-by: Darren Etheridge #include