Felix Fietkau [Mon, 18 Sep 2017 13:24:13 +0000 (15:24 +0200)]
tcpdump: reduce size of -mini by removing more infrequently used protocols
This removes:
- BGP
- CDP
- SCTP
MIPS binary .ipk size is reduced from ~150k to ~130k
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Paul Wassi [Mon, 18 Sep 2017 12:51:15 +0000 (14:51 +0200)]
CC: net/utils/tcpdump: update to 4.8.1
Update tcpdump to upstream release 4.8.1
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Zoltan HERPAI [Mon, 18 Sep 2017 11:28:31 +0000 (13:28 +0200)]
CC: kernel: upgrade to 3.18.71
- refresh patches
- fix patches for UML
- runtime-tested on ar71xx, imx6, sunxi
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Zoltan HERPAI [Sun, 17 Sep 2017 00:00:14 +0000 (02:00 +0200)]
CC: upgrade kernel to 3.18.68
- compile tested on sunxi, imx6
- runtime tested on sunxi, imx6
- refresh patches
- remove unnecessary patches
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Stijn Tintel [Fri, 1 Sep 2017 11:38:13 +0000 (13:38 +0200)]
CC: samba: fix CVE-2017-7494
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Kevin Darbyshire-Bryant [Thu, 31 Aug 2017 12:35:11 +0000 (14:35 +0200)]
dropbear: bump to 2017.75
- Security: Fix double-free in server TCP listener cleanup A double-free
in the server could be triggered by an authenticated user if dropbear is
running with -a (Allow connections to forwarded ports from any host)
This could potentially allow arbitrary code execution as root by an
authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark
Shepard for reporting the crash.
CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/
c8114a48837c
- Security: Fix information disclosure with ~/.ssh/authorized_keys
symlink. Dropbear parsed authorized_keys as root, even if it were a
symlink. The fix is to switch to user permissions when opening
authorized_keys
A user could symlink their ~/.ssh/authorized_keys to a root-owned file
they couldn't normally read. If they managed to get that file to contain
valid authorized_keys with command= options it might be possible to read
other contents of that file.
This information disclosure is to an already authenticated user.
Thanks to Jann Horn of Google Project Zero for reporting this.
CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/
0d889b068123
Refresh patches, rework 100-pubkey_path.patch to work with new
authorized_keys validation.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Joseph C. Sible [Thu, 31 Aug 2017 12:33:16 +0000 (14:33 +0200)]
dropbear: enable SHA256 HMACs
The only HMACs currently available use MD5 and SHA1, both of which have known
weaknesses. We already compile in the SHA256 code since we use Curve25519
by default, so there's no significant size penalty to enabling this.
Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
Kevin Darbyshire-Bryant [Thu, 31 Aug 2017 12:32:39 +0000 (14:32 +0200)]
dropbear: hide dropbear version
As security precaution and to limit the attack surface based on
the version reported by tools like nmap mask out the dropbear
version so the version is not visible anymore by snooping on the
wire. Version is still visible by 'dropbear -V'
Based on a patch by Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Kevin Darbyshire-Bryant [Thu, 31 Aug 2017 11:57:02 +0000 (13:57 +0200)]
dnsmasq: forward.c: fix CVE-2017-13704
Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset()
is called with header & limit pointing at the same address and thus
tries to clear memory from before the buffer begins.
answer_request() is called with an invalid edns packet size provided by
the client. Ensure the udp_size provided by the client is bounded by
512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512
MUST be treated as equal to 512"
The client that exposed the problem provided a payload udp size of 0.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Kevin Darbyshire-Bryant [Thu, 31 Aug 2017 11:50:12 +0000 (13:50 +0200)]
dnsmasq: bump to 2.77
Bump to the 2.77 release after quite a few test & release candidates.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Hans Dedecker [Thu, 31 Aug 2017 11:49:18 +0000 (13:49 +0200)]
dnsmasq: bump to 2.77rc5
Some small tweaks and improvements :
9828ab1 Fix compiler warning.
f77700a Fix compiler warning.
0fbd980 Fix compiler warning.
43cdf1c Remove automatic IDN support when building i18n.
ff19b1a Fix &/&& confusion.
2aaea18 Add .gitattributes to substitute VERSION on export.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Kevin Darbyshire-Bryant [Thu, 31 Aug 2017 11:48:22 +0000 (13:48 +0200)]
dnsmasq: make NO_ID optional in full variant
Permit users of the full variant to disable the NO_ID *.bind pseudo
domain masking.
Defaulted 'on' in all variants.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Thu, 31 Aug 2017 10:43:46 +0000 (12:43 +0200)]
dnsmasq: Don't expose *.bind data incl version
Don't expose dnsmasq version & other data to clients via the *.bind
pseudo domain. This uses a new 'NO_ID' compile time option which has been
discussed and submitted upstream.
This is an alternate to replacing version with 'unknown' which affects
the version reported to syslog and 'dnsmasq --version'
Run time tested with & without NO_ID on Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Thu, 31 Aug 2017 10:40:49 +0000 (12:40 +0200)]
dnsmasq: bump to 2.77rc3
Fix [FS#766] Intermittent SIGSEGV crash of dnsmasq-full
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Thu, 31 Aug 2017 10:37:35 +0000 (12:37 +0200)]
dnsmasq: bump to 2.77test5
A number of small tweaks & improvements on the way to a final release.
Most notable:
Improve DHCPv4 address-in-use check.
Remove the recently introduced RFC-6842 (Client-ids in DHCP replies)
support as it turns out some clients are getting upset.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Thu, 31 Aug 2017 10:36:33 +0000 (12:36 +0200)]
dnsmasq: bump to dnsmasq v2.77test4
--bogus-priv now applies to IPv6 prefixes as specified in RFC6303 - this
is significantly friendlier to upstream servers.
CNAME fix in auth mode - A domain can only have a CNAME if it has no
other records
Drop 2 patches now included upstream.
Compile & run tested Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Thu, 31 Aug 2017 10:35:12 +0000 (12:35 +0200)]
dnsmasq: bump to dnsmasq v2.77test3
New test release (since test1) includes 2 LEDE patches that are
upstream and may be dropped, along with many spelling fixes.
Add forthcoming 2017 root zone trust anchor to trust-anchors.conf.
Backport 2 patches that just missed test3:
Reduce logspam of those domains handled locally 'local addresses only'
Implement RFC-6842 (Client-ids in DHCP replies)
Compile & run tested Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Thu, 31 Aug 2017 10:32:32 +0000 (12:32 +0200)]
dnsmasq: update to dnsmasq 2.77test1
Bump to dnsmasq 2.77test1 - this includes a number of fixes since 2.76
and allows dropping of 2 LEDE carried patches.
Notable fix in rrfilter code when talking to Nominum's DNS servers
especially with DNSSEC.
A patch to switch dnsmasq back to 'soft fail' for SERVFAIL responses
from dns servers is also included. This mean dnsmasq tries all
configured servers before giving up.
A 'localise queries' enhancement has also been backported (it will
appear in test2/rc'n') this is especially important if using the
recently imported to LEDE 'use dnsmasq standalone' feature
9525743c
I have been following dnsmasq HEAD ever since 2.76 release.
Compile & Run tested: ar71xx, Archer C7 v2
Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Hauke Mehrtens [Thu, 31 Aug 2017 09:09:48 +0000 (11:09 +0200)]
dnsmasq: Bump to dnsmasq2.75
Fixes a 100% cpu usage issue if using dhcp-script.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Steven Barth [Thu, 31 Aug 2017 09:09:05 +0000 (11:09 +0200)]
dnsmasq: Bump to dnsmasq2.74
Bump to dnsmasq2.74 & refresh patches to fix fuzz
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Jo-Philipp Wich [Thu, 31 Aug 2017 06:52:10 +0000 (08:52 +0200)]
rules.mk: add TARGET_INIT_PATH toplevel variables
Add a new variable TARGET_INIT_PATH which holds the default $PATH variable
value configured in menuconfig.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Jo-Philipp Wich [Thu, 31 Aug 2017 06:51:44 +0000 (08:51 +0200)]
CC: dropbear: security update to 2016.74
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 31 Aug 2017 06:51:05 +0000 (08:51 +0200)]
CC: dropbear: update to 2016.73
Update the dropbear package to version 2016.73, refresh patches.
The measured .ipk sizes on an x86_64 build are:
94588 dropbear_2015.71-3_x86_64.ipk
95316 dropbear_2016.73-1_x86_64.ipk
This is an increase of roughly 700 bytes after compression.
Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hans Dedecker [Thu, 31 Aug 2017 06:50:09 +0000 (08:50 +0200)]
CC: dropbear: Make utmp and putuline support configurable via seperate config options
Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox)
Putuline support will use the utmp structure to write to the utmp file
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 31 Aug 2017 06:49:25 +0000 (08:49 +0200)]
CC: dropbear: Add procd interface triggers when interface config is specified
A dropbear instance having an interface config won't start if the interface is down as no
IP address is available.
Adding interface triggers for each configured interface executing the dropbear reload script
will start the dropbear instance when the interface is up.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Jo-Philipp Wich [Thu, 31 Aug 2017 06:48:55 +0000 (08:48 +0200)]
dropbear: honor CONFIG_TARGET_INIT_PATH
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Hannu Nyman [Thu, 31 Aug 2017 06:47:30 +0000 (08:47 +0200)]
CC: dropbear: update version to 2015.71
Update dropbear to version 2015.71, released on 3 Dec 2015.
Refresh patches.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Felix Fietkau [Thu, 31 Aug 2017 06:46:43 +0000 (08:46 +0200)]
dropbear: enable curve25519 support by default, increases compressed binary size by ~5 kb
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Thu, 31 Aug 2017 06:46:10 +0000 (08:46 +0200)]
CC: dropbear: split out curve25519 support into a separate config option
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Alexandru Ardelean [Thu, 31 Aug 2017 06:45:39 +0000 (08:45 +0200)]
CC: dropbear: add respawn param in case dropbear crashes
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Steven Barth [Thu, 31 Aug 2017 06:44:40 +0000 (08:44 +0200)]
CC: dropbear: remove generation and configuration of DSS keys
Signed-off-by: Steven Barth <steven@midlink.org>
Felix Fietkau [Thu, 31 Aug 2017 06:43:58 +0000 (08:43 +0200)]
dropbear: disable 3des, cbc mode, dss support, saves about 5k gzipped
While technically required by the RFC, they are usually completely
unused (DSA), or have security issues (3DES, CBC)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Steven Barth [Thu, 31 Aug 2017 06:43:09 +0000 (08:43 +0200)]
CC: dropbear: Disable telnet in favor of passwordless SSH
This enables passworldless login for root via SSH whenever no root
password is set (e.g. after reset, flashing without keeping config
or in failsafe) and removes telnet support alltogether.
Signed-off-by: Steven Barth <steven@midlink.org>
Steven Barth [Thu, 31 Aug 2017 06:42:03 +0000 (08:42 +0200)]
CC: dropbear: bump to 2015.68
Signed-off-by: Steven Barth <steven@midlink.org>
Zoltan HERPAI [Mon, 19 Dec 2016 12:57:31 +0000 (13:57 +0100)]
CC: kernel: update to 3.18.45, refresh targets
Compile-tested on ar71xx, imx6, lantiq, mvebu
Runtime-tested on sunxi.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Zoltan Herpai [Sun, 18 Dec 2016 11:36:52 +0000 (12:36 +0100)]
Merge pull request #264 from wigyori/cc-dm9601
CC: brcm2708: Fix Kernel Panic: DM9601 Fast Ethernet Adapter
Marian Hello [Wed, 7 Dec 2016 16:06:47 +0000 (17:06 +0100)]
CC: brcm2708: Fix Kernel Panic: DM9601 Fast Ethernet Adapter
The dm9601 driver expects to receive a single encapsulated ethernet
frame from the device in one URB transfer, and it provides an URB
buffer of length 1,522 to receive it. This is not a round multiple
of USB transfer packets.
The device in question [1] provides a stream of such frames and it
does not conveniently slice them up as the dm9601 driver expects. We
can end up with 1,536 (0x600) bytes returned by the device in response
to the URB request. This may include several encapsulated ethernet
frames, and/or fragments thereof.
It seems to me that the kernel 'Oops' arises because the dwc_otg driver
does not notice that the destination buffer is too small to receive the
full 1,536 bytes. Comparing dwc_otg's update_urb_state_xfer_comp with
dwc2's dwc2_update_urb_state is suggestive.
More details: https://github.com/raspberrypi/linux/issues/1045
All Credits to: https://github.com/mw9
Signed-off-by: Marian Hello <marian.hello@gmail.com>
Reviewed-by: Zoltan HERPAI <wigyori@uid0.hu>
Zoltan Herpai [Wed, 30 Nov 2016 20:19:52 +0000 (21:19 +0100)]
Merge pull request #247 from gadkrumholz/chaos_calmer-e2100l
CC: ar71xx: Added missing support for Linksys E2100L
Gad Krumholz [Sun, 27 Nov 2016 06:52:53 +0000 (00:52 -0600)]
CC: ar71xx: Added missing support for Linksys E2100L
It's based on the WRT160NL according to https://wiki.openwrt.org/toh/linksys/e2100l
Based on research done here: https://forum.openwrt.org/viewtopic.php?id=24244 and here: https://forum.openwrt.org/viewtopic.php?pid=120791#p120791 this patch was conceived.
Signed-off-by: Gad Krumholz <gad.krumholz@gmail.com>
Zoltan Herpai [Tue, 8 Nov 2016 11:16:36 +0000 (12:16 +0100)]
Merge pull request #189 from NeoRaider/fix-leds
CC: ar71xx: fix syntax error in /etc/uci-defaults/01_leds
Matthias Schiffer [Sat, 5 Nov 2016 03:31:47 +0000 (04:31 +0100)]
CC: ar71xx: fix syntax error in /etc/uci-defaults/01_leds
Fixes
f98117a "CC: ar71xx: backport LED fix for TL-WR841N-v11".
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Zoltan Herpai [Fri, 28 Oct 2016 22:32:16 +0000 (00:32 +0200)]
Merge pull request #158 from Shalzz/chaos_calmer
CC: ar71xx: backport LED fix for TL-WR841N-v11
Shaleen Jain [Fri, 28 Oct 2016 05:30:16 +0000 (11:00 +0530)]
CC: ar71xx: backport LED fix for TL-WR841N-v11
Signed-off-by: Shaleen Jain <shaleen.jain95@gmail.com>
Zoltan Herpai [Fri, 28 Oct 2016 15:27:07 +0000 (17:27 +0200)]
Merge pull request #141 from mumuqz/chaos_calmer
CC: ar71xx: Add support to DomyWifi DW33D
Jing Lin [Thu, 20 Oct 2016 12:19:59 +0000 (20:19 +0800)]
CC: ar71xx: Add support to DomyWifi DW33D
Signed-off-by: Jing Lin <mumuqz@163.com>
Zoltan Herpai [Wed, 26 Oct 2016 13:33:07 +0000 (15:33 +0200)]
Merge pull request #151 from wigyori/cc-dirtycow
CC: generic: bump kernel to 3.18.44
Zoltan HERPAI [Tue, 25 Oct 2016 20:58:12 +0000 (22:58 +0200)]
CC: generic: bump kernel to 3.18.44
Patch 610- is updated as check_entry helper was killed in 3.18.37
Fixes CVE-2016-5195 (dirtycow)
Compile-tested on ar71xx, mxs, sunxi, imx6
Runtime-tested on ar71xx (PB42)
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Imre Kaloz [Tue, 18 Oct 2016 09:43:26 +0000 (11:43 +0200)]
mvebu: bugfixes for rango
backport of
ce116bc6f997d8d6e6b976cacce5d4c60d705fc6
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
Imre Kaloz [Sat, 15 Oct 2016 22:15:40 +0000 (00:15 +0200)]
mwlwifi: install the 88W8964 firmware, too
backport of
67d3ba0c7c91c0a2fb0cbd768d3a75db2246de80
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
Imre Kaloz [Thu, 13 Oct 2016 11:01:24 +0000 (13:01 +0200)]
mvebu: add support for the Linksys WRT3200ACM (Rango)
backport of
50e627ac06112eb633222cc72af5c4fe60f3dbb9
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
Imre Kaloz [Thu, 13 Oct 2016 11:00:19 +0000 (13:00 +0200)]
mwlwifi: upgrade to 10.3.2.0-
20161013
backport of
2055b43f78c8ff74fe513a1fdaf5a10481faac6f
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
Imre Kaloz [Thu, 13 Oct 2016 10:59:10 +0000 (12:59 +0200)]
hostapd: add interoperability workaround for 80+80 and 160 MHz channels
backport of
f9fc9c242fa62c214dc4a92bd89ca9a36bc8308c
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
Luka Perkov [Tue, 11 Oct 2016 08:28:15 +0000 (10:28 +0200)]
Merge pull request #124 from sartura/chaos_calmer-upstream-relocation
odhcp* upstream relocation
Hrvoje Varga [Mon, 10 Oct 2016 12:26:52 +0000 (12:26 +0000)]
odhcpd: update to git HEAD
This change also reflect relocation of upstream project which has been
moved to OpenWrt GitHub organization.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
Hrvoje Varga [Mon, 10 Oct 2016 12:26:04 +0000 (12:26 +0000)]
odhcp6c: update to git HEAD
This change also reflect relocation of upstream project which has been
moved to OpenWrt GitHub organization.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
Luka Perkov [Sun, 9 Oct 2016 19:13:55 +0000 (21:13 +0200)]
Merge pull request #116 from imShara/fix_feeds
scripts: feeds: fix version detection for Make >= 4.2.1
Jo-Philipp Wich [Thu, 7 Jul 2016 12:47:43 +0000 (14:47 +0200)]
scripts: feeds: fix version detection for Make >= 4.2.1
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Zoltan Herpai [Thu, 29 Sep 2016 13:49:20 +0000 (15:49 +0200)]
Merge pull request #105 from wigyori/chaos_calmer
CC: openssl security upgrade, sync updates from git.openwrt.org/chaos_calmer
Rafał Miłecki [Thu, 29 Sep 2016 12:59:38 +0000 (14:59 +0200)]
mac80211: brcmfmac: backport changes from 2016-09-27
This fixes memory leaks, some possible crashes and bug that could cause
WARNING on every add_key/del_key call. It also replaces WARNING with
a simple message. They may still occur e.g. on station going out of
range and A-MPDU stall in the firmware.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Thu, 29 Sep 2016 12:58:53 +0000 (14:58 +0200)]
mac80211: brcmfmac: backport patches that were skipped previously #2
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Thu, 29 Sep 2016 12:25:35 +0000 (14:25 +0200)]
mac80211: brcmfmac: backport patches that were skipped previously #1
They are necessary for further fixes and improvements otherwise recent
patches don't apply.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Imre Kaloz [Thu, 29 Sep 2016 12:24:56 +0000 (14:24 +0200)]
mwlwifi: upgrade to 10.3.0.18-
20160804
adds support for the Linksys WRT1900ACSv2 and WRT1200ACv2
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
Rafał Miłecki [Thu, 29 Sep 2016 12:24:14 +0000 (14:24 +0200)]
mac80211: brcmfmac: backport patch simplifying brcmf_alloc_vif
This is quite trivial and will be required for VIF fixes in the future.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Rafał Miłecki [Thu, 29 Sep 2016 12:23:54 +0000 (14:23 +0200)]
mac80211: brcmfmac: fix stopping netdev queue when bus clogs up
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Rafał Miłecki [Thu, 29 Sep 2016 12:23:32 +0000 (14:23 +0200)]
mac80211: brcmfmac: support hidden SSID
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
John Crispin [Thu, 29 Sep 2016 12:23:08 +0000 (14:23 +0200)]
ramips: fix usb phy initialisation
this broke usb20 device detection.
Signed-off-by: John Crispin <john@phrozen.org>
John Crispin [Thu, 29 Sep 2016 12:22:40 +0000 (14:22 +0200)]
ramips: fix timing issues when using MT7621 spi
Signed-off-by: John Crispin <john@phrozen.org>
Rafał Miłecki [Thu, 29 Sep 2016 12:21:52 +0000 (14:21 +0200)]
mac80211: brcmfmac: fix interfaces management
To work correctly hostapd requires wireless driver to allow interfaces
removal. It was working with brcmfmac only partially. Firmware for
BCM43602 got some special hack (feature?) that allowed removing all
interfaces by disabling mbss mode. It wasn't working with BCM4366
firmware and remaining interfaces were preventing hostapd from starting
again.
Those patches add support for "interface_remove" firmware method which
works with BCM4366 firmware and they make it finally possible to use
BCM4366 & brcmfmac & multiple interfaces.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Hauke Mehrtens [Thu, 29 Sep 2016 12:21:21 +0000 (14:21 +0200)]
CC: kernel: update kernel 3.18 to version 3.18.36
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rafał Miłecki [Thu, 29 Sep 2016 12:20:27 +0000 (14:20 +0200)]
rpcd: iwinfo plugin fixes
- Expose supported HT rate information in info call
- Zero out ccode buffer when listing countries
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Rafał Miłecki [Thu, 29 Sep 2016 12:19:44 +0000 (14:19 +0200)]
mac80211: brcmfmac: fix lockup related to P2P interface
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Zoltan HERPAI [Thu, 29 Sep 2016 05:29:15 +0000 (07:29 +0200)]
CC: openssl: update to 1.0.2j
Security fixes:
* (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305)
* (Severity: Moderate) Missing CRL sanity check (CVE-2016-7052)
* 10 Low severity issues
Security advisories:
https://www.openssl.org/news/secadv/
20160922.txt
https://www.openssl.org/news/secadv/
20160926.txt
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Zoltan Herpai [Wed, 21 Sep 2016 19:13:17 +0000 (21:13 +0200)]
Merge pull request #82 from ecsv/openmesh-cc
OpenMesh MR1750(v2) and OM2P-HSv3 support for Chaos Calmer
Sven Eckelmann [Fri, 17 Jun 2016 13:24:53 +0000 (15:24 +0200)]
ar71xx: add MR1750v2 to the MR1750 profile
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Fri, 17 Jun 2016 13:24:52 +0000 (15:24 +0200)]
ar71xx: extract ath10k wifi board.bin for the OpenMesh MR1750v2 board
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Fri, 17 Jun 2016 13:24:51 +0000 (15:24 +0200)]
package/uboot-envtools: add OpenMesh MR1750v2 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Fri, 17 Jun 2016 13:24:50 +0000 (15:24 +0200)]
package/om-watchdog: add OpenMesh MR1750v2 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Fri, 17 Jun 2016 13:24:49 +0000 (15:24 +0200)]
ar71xx: enable sysupgrade for the OpenMesh MR1750v2
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Fri, 17 Jun 2016 13:24:48 +0000 (15:24 +0200)]
ar71xx: add user-space support for the OpenMesh MR1750v2
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Fri, 17 Jun 2016 13:24:47 +0000 (15:24 +0200)]
ar71xx: add kernel support for the OpenMesh MR1750v2
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Fri, 17 Jun 2016 13:24:46 +0000 (15:24 +0200)]
ar71xx: add OM2P-HSv3 to the OM2P profile
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Fri, 17 Jun 2016 13:24:45 +0000 (15:24 +0200)]
package/uboot-envtools: add OpenMesh OM2P-HSv3 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Fri, 17 Jun 2016 13:24:44 +0000 (15:24 +0200)]
package/om-watchdog: add OpenMesh OM2P-HSv3 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Fri, 17 Jun 2016 13:24:43 +0000 (15:24 +0200)]
ar71xx: enable sysupgrade for the OpenMesh OM2P-HSv3
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Fri, 17 Jun 2016 13:24:42 +0000 (15:24 +0200)]
ar71xx: add user-space support for the OpenMesh OM2P-HSv3
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Fri, 17 Jun 2016 13:24:41 +0000 (15:24 +0200)]
ar71xx: add kernel support for the OpenMesh OM2P-HSv3
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Sven Eckelmann [Thu, 19 May 2016 18:21:17 +0000 (20:21 +0200)]
ar71xx: add OM5P-ACv2 to the OM5P-AC profile
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49155
Sven Eckelmann [Thu, 19 May 2016 18:21:16 +0000 (20:21 +0200)]
ar71xx: extract ath10k wifi board.bin for the OpenMesh OM5P-ACv2 board
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49154
Sven Eckelmann [Thu, 19 May 2016 18:21:15 +0000 (20:21 +0200)]
uboot-envtools: add OpenMesh OM5P-ACv2 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49153
Sven Eckelmann [Thu, 19 May 2016 18:21:14 +0000 (20:21 +0200)]
om-watchdog: add OpenMesh OM5P-ACv2 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49152
Sven Eckelmann [Thu, 19 May 2016 18:21:13 +0000 (20:21 +0200)]
ar71xx: enable sysupgrade for the OpenMesh OM5P-ACv2
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49151
Sven Eckelmann [Thu, 19 May 2016 18:21:12 +0000 (20:21 +0200)]
ar71xx: add user-space support for the OpenMesh OM5P-ACv2
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49150
Sven Eckelmann [Thu, 19 May 2016 18:21:11 +0000 (20:21 +0200)]
ar71xx: add kernel support for the OpenMesh OM5P-ACv2 board
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49149
Sven Eckelmann [Thu, 19 May 2016 18:21:10 +0000 (20:21 +0200)]
ar71xx: create profile and build image for the OpenMesh OM5P-AC board
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49148
Sven Eckelmann [Thu, 19 May 2016 18:21:09 +0000 (20:21 +0200)]
ar71xx: extract ath10k wifi board.bin for the OpenMesh OM5P-AC board
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49147
Sven Eckelmann [Thu, 19 May 2016 18:21:08 +0000 (20:21 +0200)]
uboot-envtools: add OpenMesh OM5P-AC support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49146
Sven Eckelmann [Thu, 19 May 2016 18:21:07 +0000 (20:21 +0200)]
om-watchdog: add OpenMesh OM5P-AC support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49145
Sven Eckelmann [Thu, 19 May 2016 18:21:06 +0000 (20:21 +0200)]
ar71xx: enable sysupgrade for the OpenMesh OM5P-AC
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49144
Sven Eckelmann [Thu, 19 May 2016 18:21:05 +0000 (20:21 +0200)]
scripts/om-fwupgradecfg-gen.sh: add support for the OM5P-AC
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49143
Sven Eckelmann [Thu, 19 May 2016 18:21:04 +0000 (20:21 +0200)]
ar71xx: add user-space support for the OpenMesh OM5P-AC
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport of r49142
projects / 15.05 / openwrt.git / log