Commit Graph

37941 Commits

Author SHA1 Message Date
Hauke Mehrtens
2ad4383b74 tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
 + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
 + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
 + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
 + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
 + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
 + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
 + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
 + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
 + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
 + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
 + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
 + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
 + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
 + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
 + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
 + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
 + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
 + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
 + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
 + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
 + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
 + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
 + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
 + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
 + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
 + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
 + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
 + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
 + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
 + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
 + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
 + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
 + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
 + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
 + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
 + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().

The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk

old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-06 22:34:28 +01:00
Rafał Miłecki
f2b885d82e bcm53xx: set Netgear R8000 USB LEDs
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 20:26:01 +01:00
Stijn Tintel
054ce1624c kernel: update kernel 4.4 to version 4.4.47
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked
broken, except arc770 and arch38 due to broken toolchain.

Runtime-tested on ar71xx, octeon, ramips and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit d2c4041f0266cc93447998ddd67c7d6b6a4c2ee3)

Conflicts:
	include/kernel-version.mk
	target/linux/ramips/patches-4.4/997-ralink-Introduce-fw_passed_dtb-to-arch-mips-ralink.patch
2017-02-06 20:13:06 +01:00
Koen Vandeputte
b786a5ffc3 kernel: bump to 4.4.46
Refreshed patches for all supported targets.

Compile-tested on ar71xx, cns3xxx, imx6, mt7621, oxnas and x86/64.
Run-tested on ar71xx, cns3xxx, imx6 and mt7621.

Tested-by: Stijn Segers <francesco.borromini@inventati.org>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 3becadd56cddfb8abff50cdb0ef1cb3f90b0809a)
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-02-06 20:13:06 +01:00
Koen Vandeputte
c656cbc56b kernel: bump to 4.4.45
Refreshed patches for all supported targets.

Compiled & tested on cns3xxx & imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 4d1515070baeca64fedaca957b6b4156976f3b3a)
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

Conflicts:
	target/linux/ar71xx/patches-4.4/920-usb-chipidea-AR933x-platform-support.patch
2017-02-06 20:13:06 +01:00
Stijn Segers
ee3067c588 Kernel: bump to 4.4.44
Bump kernel to 4.4.44. Compile-tested on ar71xx, ramips/mt7621 and x86/64.

.44 has been run-tested on the 17.01 branch here on ar71xx and mt7621.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
(cherry picked from commit 20996edd68b8a0b139bdb36b3aafa29c037d4bda)
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

Conflicts:
	target/linux/ar71xx/patches-4.4/920-usb-chipidea-AR933x-platform-support.patch
	target/linux/ar71xx/patches-4.4/930-chipidea-pullup.patch
2017-02-06 20:13:06 +01:00
Rafał Miłecki
518bb7ae5a bcm53xx: refresh Linux 4.4 config
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 17:21:40 +01:00
Rafał Miłecki
8ff8e51cda bcm53xx: image: use one style of adding TARGET_DEVICES entries
It just makes code consistent. This trivial change may be a 17.01
candidate to provide simpler backporting experience.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 17:08:13 +01:00
Rafał Miłecki
81f9cd56a2 bcm53xx: backport upstream DTS files for Linksys devices
We dont't build officialy images for them yet due to partitioning
issues.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 09:08:06 +01:00
Rafał Miłecki
29c0b575ee bcm53xx: use accepted BCM5301X patches for R8000 and Luxul devices
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 09:05:26 +01:00
Rafał Miłecki
5c4b2eb3dd mac80211: brcmfmac: backport wowlan netdetect fixes
I needed a moment to figure out relation between this patchset and the
nl80211: fix validation of scheduled scan info for wowlan netdetect

It appears nl80211 commit will go on top of brcmfmac changes so it's
safe to backport these patches.

One patch that was excluded is commit 2a2a5d1835b6 ("brcmfmac: add
.update_connect_params() callback") as it depends on missing commit
088e8df82f91 ("cfg80211: Add support to update connection parameters").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
52add1988c mac80211: brcmfmac: backport PSM watchdog improvements
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
c578da6198 mac80211: brcmfmac: backport minor code cleanups
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
4b9bdb48d9 mac80211: brcmfmac: backport 4.10 fixes & typo fix
This includes memory leak fix in initialization path.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
85d128f145 mac80211: brcmfmac: backport scheduled scan cleanup and chip support
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
e48b1c2c07 mac80211: brcmfmac: backport some old patches from 2016
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:48 +01:00
Rafał Miłecki
e8f42223be mac80211: rename brcmfmac patches to use higher prefix
There are more patches to backport that should go before these.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:48 +01:00
Rafał Miłecki
41dc50fc27 kernel: backport bgmac support for external PHYs
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:38:26 +01:00
Rafał Miłecki
aec04e1deb kernel: use upstream accepted bgmac fix for BCM47186B0
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:38:26 +01:00
Rafał Miłecki
f61044a9b0 kernel: rename bgmac patches to squeeze them
This is a pure rename without any changes. It makes maintaining bgmac
simpler and will hopefully make adding new kernel a bit easier.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:38:26 +01:00
Rafał Miłecki
36288db2fd mac80211: start hostapd with logging wpa_printf messages to syslog
Some debugging/error messages are printed using wpa_printf and this
change allows finally reading them out of the syslog.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:33:05 +01:00
Rafał Miłecki
bc49d7902c hostapd: enable support for logging wpa_printf messages to syslog
This will allow starting hostapd with the new -s parameter and finally
read all (error) messages from the syslog.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:31:02 +01:00
Rafał Miłecki
a0bc62fe08 hostapd: backport support for sending debug messages to the syslog
It wasn't possible to read hostapd wpa_printf messages unless running
hostapd manually. It was because hostapd was printing them using vprintf
and not directly to the syslog.

We were trying to workaround this problem by redirecting STDIN_FILENO
and STDOUT_FILENO but it was working only for the initialization phase.
As soon as hostapd did os_daemonize our solution stopped working.

Please note despite the subject this change doesn't affect debug level
messages only but just everything printed by hostapd with wpa_printf
including MSG_ERROR-s. This makes it even more important as reading
error messages can be quite useful for debugging.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:29:56 +01:00
Mathias Kresin
3f9a194e04 ramips: fix Airlink AR725W factory image build
The factory image can't be bigger than 3328 KByte. If the image is
bigger than that, the gemtek-header tool throws an error and breaks
the build.

Make sure the output file to which the gemtek header should be added
exists and wasn't removed during the check-size step because of it
size. This will prevent hard errors in case the factory image is to big
similar to what is done for sysupgrade images.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-04 12:54:40 +01:00
Hannu Nyman
c53bb974b2 ipq806x: fix wireless macs
Commit 71a39b8 ("ipq806x: Fix wireless support for Netgear Nighthawk X4S
D7800") added a trailing TAB char after the backslash which prevents
the assignment of the correct MACs for wifi devices.

Fixes: FS#451

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
[reworded commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-03 19:32:07 +01:00
Rafał Miłecki
5ed23223fd bcm53xx: set WAN MAC address to don't share one with LAN interface
After analyzing numerous NVRAMs and vendor firmwares it seems the base
MAC address is used for LAN interface. WAN interface has different one
which sometimes is set directly in NVRAM and sometines needs to be
calculated.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-03 08:05:32 +01:00
André Valentin
41de9a2e12 ipq806x: fixup nbg6817 internal mmc and switch configuration in DTS
The setting mmc-ddr-1_8v in the platform dts leads to read errors. The
device is unusable and system reboots in a loop. Because NBG6817 is the
only mmc device, I removed it in base dts.

The second change removes settings now present in base dts.

The third change references was a wrong conversion of constants in the switch settings.
Switch now initializes again.

Signed-off-by: André Valentin <avalentin@marcant.net>
2017-02-02 22:49:33 +01:00
Hannu Nyman
1b51a49a9d ccache, samba36: fix samba.org addresses to use https
samba.org has started to enforce https and
currently plain http downloads with curl/wget fail,
so convert samba.org download links to use https.

Modernise links at the same time.

Also convert samba.org URL fields to have https.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-02 00:26:05 +01:00
Rafał Miłecki
0224e32cd0 kernel: fix BCM54612E PHY support
This backports upstream commit 62e13097c46c ("net: phy: broadcom: rehook
BCM54612E specific init")

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-01 21:12:33 +01:00
Christian Lamparter
bce140ebb9 musl: update musl to 1.1.16+ and switch to download from git
This patch updates musl to 1.1.16+ [0] and removes all the
backported patches. This is a major release and tagged as such.
For more information visit musl-libc.org or read the WHATSNEW.

Furthermore, this patch also changes musl to download directly
from git. This makes it easier to update musl in the future.

The patch custom Add-format-attribute-to-some-function-declarations.patch
was assigned a new 400- number. This should avoid confusion
since 0xx numbers are usually assigned to backports.

[0] <http://git.musl-libc.org/cgit/musl/commit/?id=769f53598e781ffc89191520f3f8a93cb58db91f>

Cc: Hannu Nyman <hannu.nyman@iki.fi>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2017-02-01 18:39:16 +01:00
Qian Zheng
b313f0d189 ar71xx: fix netgear wndr3700 v1/v2, wndr3800/wndr3800ch switch port mapping
Signed-off-by: Qian Zheng <sotux82@gmail.com>
2017-02-01 17:58:39 +01:00
Qian Zheng
581285c6dc ar71xx: fix netgear wnr2000 v3 switch port mapping
Signed-off-by: Qian Zheng <sotux82@gmail.com>
[Jo-Philipp Wich: fix alphabetical order after merging with gl-ar300 case]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-01 17:58:39 +01:00
Qian Zheng
0880105144 ar71xx: fix tl-wr841n-v7 switch port mapping
Signed-off-by: Qian Zheng <sotux82@gmail.com>
[Jo-Philipp Wich: fix alphabetical order]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-01 17:58:39 +01:00
Mathias Kresin
2a14335d95 mvebu: fix usb port leds
All mvebu boards have three USB LEDs. The first one is used for the
USB1 port.

There are two LEDs related to the second USB port. The top (bar) LED
gets bright in case any USB device is connected to the second USB port.

If the connected device is an USB 3 (SuperSpeed) device, the small dot
LED bellow the "bar" LED gets also bright.

While at it, use a name for the USB LEDs that matches the names printed
on the case.

Fixes: FS#423, FS#425

Signed-off-by: Kabuli Chana <newtownbuild@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-01 17:56:58 +01:00
Hans Geiblinger
faea9bea44 mvebu: set fan_ctrl.sh only on mamba
Signed-off-by: Hans Geiblinger <cybrnook2002yahoo.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
2017-02-01 17:56:58 +01:00
Chris Blake
e9b60b587b x86: add kernel module for sp5100_tco watchdog
This change adds the sp5100_tco driver as a kernel module for the x86
target. Specifically, this can be used by the PCEngines APU2/APU3. The
reason for having this as a kernel module is to allow users to
load/unload it on demand, as the I2C interface on the APU2/APU3 will not
work while this module is loaded. More info can be found on GitHub at
https://github.com/riptidewave93/LEDE-APU2/pull/5#issuecomment-255667736

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2017-02-01 17:45:25 +01:00
Chris Blake
af3ae4b37c x86: Add sp5100_tco AMD patches
This adds the following patches to the x86 target:

sp5100_tco: Add AMD Mullins platform support
sp5100_tco: Add AMD Carrizo platform support
sp5100_tco: fix the device check for SB800 and later chipsets
watchdog: sp5100_tco: properly check for new register layouts

With these added, the sp5100_tco driver can then be used on newer AMD
platforms, such as the PCEngines APU2/APU3 boards.

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2017-02-01 17:45:25 +01:00
Jiri Kastner
d6a830ac7e octeon: fix mtd partitions for erlite on cmdline
erlite mtdparts exposes boot0, boot1 and eeprom regions
as read/write.
this patch adds readonly flags, so these regions can't be
modified. same as it is already for ER profile.

Signed-off-by: Jiri Kastner <cz172638@gmail.com>
2017-02-01 17:39:09 +01:00
Zhang Jingye
9c915d1e7b ipq806x: Fix wireless support for Netgear Nighthawk X4S D7800
D7800 has a simular hardware to R7800 and uses dual QCA9980 for both 2.4GHz and 5GHz band.
However there is no proper initialization for them, which causes a kernel panic due to failed firmware loading.

This patch adds d7800 to ath10k caldata extraction list.
I can get two functional wireless bands after making change to it.

Signed-off-by: Zhang Jingye <934526987@qq.com>
2017-02-01 17:37:58 +01:00
Florian Fainelli
4d561b3a30 package-ipkg: Do not fail build without base-files
If the base-files package is not selected, we will fail executing the
very first postinst script:

make[3]: Leaving directory `/local/users/fainelli/openwrt/trunk'
cp -fpR
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root-orion
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root.orig-orion
./usr/lib/opkg/info/busybox.postinst: line 3:
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root-orion/lib/functions.sh:
No such file or directory
./usr/lib/opkg/info/busybox.postinst: line 4: default_postinst: command
not found
postinst script ./usr/lib/opkg/info/busybox.postinst has failed with
exit code 127
make[2]: *** [package/install] Error 1

Check for the existence of lib/functions.sh, and if it does not exist,
just bail out gracefully.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-02-01 16:07:30 +01:00
Wilco Baan Hofman
f8d8b60f1b Fix dependency for hostapd
Signed-off-by: Wilco Baan Hofman <wilco@baanhofman.nl>
2017-02-01 16:06:58 +01:00
Kevin Darbyshire-Bryant
4cd9625dd4 iproute2: cake: update cake support
Updated cake's tc patch to match the official cake repository
formatting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 16:06:24 +01:00
Kevin Darbyshire-Bryant
4f5ff0041a kmod-sched-cake: Bump to latest version
wash, mpu & some memory optimisation have now made it to the official
cake repository.

Point LEDE to the official repository.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 16:06:24 +01:00
Jo-Philipp Wich
d1d970e235 libtool: don't clobber host libtool infrastructure
The libtool target package stages its files into the host staging directory
and moves the libltdl library parts from there into the target staging
directory afterwards.

By doing so, the package essentially renders the host libtool infrastructure
unusable, leading to the below error in subsequent package builds:

    libtoolize: $pkgltdldir is not a directory: `.../hostpkg/share/libtool`

Prevent this problem by using a dedicated libltdl install prefix in order to
avoid overwriting and moving away preexisting files belonging to tools/libtool.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-01 16:05:52 +01:00
Jo-Philipp Wich
e5bc7bff85 build: properly pass CPP and CXX flags in HOST_MAKE_VARS
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-01 16:03:57 +01:00
Alexandru Ardelean
83c9bfad1e build: introduce default HOST_MAKE_VARS for host-builds
Inspired/adapted from `package-defaults.mk` MAKE_VARS.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-02-01 16:03:56 +01:00
Alexandru Ardelean
82009d4e30 tools/cmake: remove HOST_CONFIGURE_CMD and re-distribute the args & vars
The final semantic is the same, but this is a bit more correct.

Build tested on Windows 10 (yes, there is some
Ubuntu mode for Windows 10, and I've been also building LEDE
on it for a few weeks).

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-02-01 16:03:56 +01:00
Hans Dedecker
786160cd76 odhcp6c: use LEDE_GIT in package source url
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 16:00:01 +01:00
Hans Dedecker
4d9106afa6 odhcp6c: update to git HEAD version
c13b6a0 dhcpv6: fix white space error
e9d80cc dhcpv6: trigger restart of DHCPv6 state machine when not
		receiving statefull options
c7122ec update README
419fb63 dhcpv6: server unicast option support

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:21 +01:00
Hans Dedecker
02d511818f odhcpd: use LEDE_GIT in package source url
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:21 +01:00