Permalink
Commits on Oct 3, 2017
  1. LEDE v17.01.3: adjust config defaults

    stintel committed Oct 3, 2017
    Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
  2. uhttp: update to latest version

    ianchi authored and jow- committed Sep 12, 2017
    3fd58e9 2017-08-19 uhttpd: add manifest support
    88c0b4b 2017-07-09 file: fix basic auth regression
    99957f6 2017-07-02 file: remove unused "auth" member from struct
    path_info
    c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS
    ad93be7 2017-07-02 auth: store parsed username and password
    fa51d7f 2017-07-02 proc: do not declare empty process variables
    a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support
    e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash
    
    Signed-off-by: Adrian Panella <ianchi74@outlook.com>
Commits on Oct 2, 2017
  1. odhcpd: don't enable server mode on non-static lan port

    karlp authored and dedeckeh committed Sep 1, 2017
    Instead of blindly enabling the odhcpd v6 server and RA server on the
    lan port, only do that if the lan port protocol is "static"
    
    This prevents the unhelpful case of a device being a dhcpv4 client and
    v6 server on the same ethernet port.
    
    Signed-off-by: Karl Palsson <karlp@etactica.com>
    [PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup]
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
  2. odhcpd: backport fixes from master branch (FS#402, FS#524)

    dedeckeh committed Oct 2, 2017
    336212c config: fix dhcpv4 server being started
    336212c dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524)
    
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
  3. dnsmasq: bump to v2.78

    Kevin Darbyshire-Bryant authored and dedeckeh committed Oct 2, 2017
    Fixes CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495, 2017-CVE-14496
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Commits on Oct 1, 2017
  1. base-files: create /etc/config/ directory

    hauke committed Sep 30, 2017
    The /bin/config_generate script and some other scripts are assuming the
    /etc/config directory exists in the image. This is true in case for
    example the package firewall, dropbear or dnsmasq are included, which
    are adding the files under /etc/config/. Without any of these package
    the system will not boot up fully because the /etc/config/ directory is
    missing and some init scripts just fail.
    
    Make sure all images with the base-files contain a /etc/config/
    directory.
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
    Acked-by: John Crispin <john@phrozen.org>
  2. sunxi: clean up modules definitions

    NeoRaider authored and hauke committed May 4, 2017
    Module definitions for kmod-wdt-sunxi and kmod-eeprom-sunxi are removed
    (wdt-sunxi was builtin anyways; nvmem-sunxi, which is the new name of
    eeprom-sunxi is changed to builtin). As kmod-eeprom-sunxi was specified
    in DEFAULT_PACKAGES, but not available on kernel 4.4, it was breaking the
    image builder.
    
    Support for kmod-sunxi-ir is added for kernel 4.4 (it is unclear why it
    was disable before, it builds fine with with kernel 4.4).
    
    Condtionals only relevant for pre-4.4 kernels are removed from modules.mk,
    as sunxi does't support older kernels anymore.
    
    Fixes FS#755.
    
    Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Commits on Sep 30, 2017
  1. ltq-vdsl-mei: revert disable optimized firmware download

    mkresin committed Sep 29, 2017
    This reverts commit b428f45.
    
    If the optimized firmware download is disabled, the xdsl subsystem
    hangs in the "idle request" state after physically disconnecting and
    reconnecting the xdsl modem from the line.
    
    It might fix the failing line init on boot as well.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  2. curl: fix security problems

    hauke committed Sep 30, 2017
    This fixes the following security problems:
     * CVE-2017-1000100 TFTP sends more than buffer size
     * CVE-2017-1000101 URL globbing out of bounds read
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  3. mbedtls: update to 2.6.0 CVE-2017-14032

    ldir-EDB0 authored and hauke committed Sep 1, 2017
    Fixed an authentication bypass issue in SSL/TLS. When the TLS
    authentication mode was set to 'optional',
    mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
    peer's X.509 certificate chain had more than
    MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
    it was not trusted. This could be triggered remotely on both the client
    and server side. (Note, with the authentication mode set by
    mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
    was correctly aborted).
    
    Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
    Tested-by: Magnus Kroken <mkroken@gmail.com>
  4. generic: drop 704-phy-no-genphy-soft-reset.patch

    ffainelli authored and hauke committed Sep 16, 2017
    4.4.80+ contains 71a165f6397df07a06ce643de5c2dbae29bd3cfb, 4.9.41+ contains
    6c78197e4a69c19e61dfe904fdc661b2aee8ec20 which are all backports of upstream
    commit 0878fff1f42c18e448ab5b8b4f6a3eb32365b5b6 ("net: phy: Do not perform
    software reset for Generic PHY").
    
    Our local patch is no longer needed, all this patch was doing was utilizing
    gen10g_soft_reset which does nothing either, so just keep the code unchanged.
    
    Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
  5. kernel: update 4.4 to 4.4.89

    hauke committed Sep 30, 2017
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commits on Sep 28, 2017
  1. ltq-vdsl-mei: disable optimized firmware download

    mkresin committed Sep 27, 2017
    With ltq-vdsl-mei 1.5.17.6 an optimized firmware download was added and
    enabled by default. As soon as the optimized firmware download is
    enabled, a watchdog based reboot is trigger between 24h to 48h of
    uptime if the board isn't connected to a xdsl line.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  2. ltq-vdsl: fix PM thread suspend and resume handling

    sch-m authored and mkresin committed Sep 26, 2017
    This is a backport form drv_dsl_cpe_api-4.18.10 and fixes some PM
    thread handling issues which lead to high system load and watchdog
    trigger within 1h of uptime for boards not connected to a xdsl line.
    
    Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Commits on Sep 25, 2017
  1. openvpn: add "extra-certs" option

    SvenRoederer authored and dedeckeh committed Sep 5, 2017
    This option is used to specify a file containing PEM certs, to complete the
    local certificate chain. Which is quite usefull for "split-CA" setups.
    
    Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
    Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Commits on Sep 20, 2017
  1. lantiq: fix missing otg_cap on danube platform

    danitool authored and hauke committed Jul 29, 2017
    USB doesn't work in some danube boards because otg_cap
    is missing since previous changes made on the USB-dwc2
    lantiq driver. Fix it.
    
    Tested on the ARV7518PW router.
    
    Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
Commits on Sep 18, 2017
  1. tcpdump: noop commit to refer CVEs fixed in 4.9.2

    stintel committed Sep 17, 2017
    When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed
    CVEs in the commit message. As the list of fixed CVEs is quite long,
    we should probably mention them in the changelogs of the releases to
    come. This commit will make sure this happens.
    
    The following CVEs were fixed in 21014d9:
    
    CVE-2017-11541
    CVE-2017-11541
    CVE-2017-11542
    CVE-2017-11542
    CVE-2017-11543
    CVE-2017-11543
    CVE-2017-12893
    CVE-2017-12894
    CVE-2017-12895
    CVE-2017-12896
    CVE-2017-12897
    CVE-2017-12898
    CVE-2017-12899
    CVE-2017-12900
    CVE-2017-12901
    CVE-2017-12902
    CVE-2017-12985
    CVE-2017-12986
    CVE-2017-12987
    CVE-2017-12988
    CVE-2017-12989
    CVE-2017-12990
    CVE-2017-12991
    CVE-2017-12992
    CVE-2017-12993
    CVE-2017-12994
    CVE-2017-12995
    CVE-2017-12996
    CVE-2017-12997
    CVE-2017-12998
    CVE-2017-12999
    CVE-2017-13000
    CVE-2017-13001
    CVE-2017-13002
    CVE-2017-13003
    CVE-2017-13004
    CVE-2017-13005
    CVE-2017-13006
    CVE-2017-13007
    CVE-2017-13008
    CVE-2017-13009
    CVE-2017-13010
    CVE-2017-13011
    CVE-2017-13012
    CVE-2017-13013
    CVE-2017-13014
    CVE-2017-13015
    CVE-2017-13016
    CVE-2017-13017
    CVE-2017-13018
    CVE-2017-13019
    CVE-2017-13020
    CVE-2017-13021
    CVE-2017-13022
    CVE-2017-13023
    CVE-2017-13024
    CVE-2017-13025
    CVE-2017-13026
    CVE-2017-13027
    CVE-2017-13028
    CVE-2017-13029
    CVE-2017-13030
    CVE-2017-13031
    CVE-2017-13032
    CVE-2017-13033
    CVE-2017-13034
    CVE-2017-13035
    CVE-2017-13036
    CVE-2017-13037
    CVE-2017-13038
    CVE-2017-13039
    CVE-2017-13040
    CVE-2017-13041
    CVE-2017-13042
    CVE-2017-13043
    CVE-2017-13044
    CVE-2017-13045
    CVE-2017-13046
    CVE-2017-13047
    CVE-2017-13048
    CVE-2017-13049
    CVE-2017-13050
    CVE-2017-13051
    CVE-2017-13052
    CVE-2017-13053
    CVE-2017-13054
    CVE-2017-13055
    CVE-2017-13687
    CVE-2017-13688
    CVE-2017-13689
    CVE-2017-13690
    CVE-2017-13725
    
    Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
    (cherry picked from commit 2375e27)
  2. tcpdump: bump to 4.9.2

    stintel committed Sep 10, 2017
    Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
    (cherry picked from commit 21014d9)
  3. utils/tcpdump: Rework URLs

    diizzyy authored and stintel committed Mar 22, 2017
    Add actual mirror and use main site as last resport
    Source: http://www.tcpdump.org/mirrors.html
    
    Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
    (cherry picked from commit fd95397)
    Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
    
    Conflicts:
    	package/network/utils/tcpdump/Makefile
  4. base-files: fix wan6 interface config generation for pppoe

    dedeckeh committed Sep 18, 2017
    Setting ipv6 to auto in case of a pppoe interface will trigger the
    creation of a dynamic wan_6 interface meaning two IPv6 interfaces
    (wan6 and wan_6) will be active on top of the pppoe interface.
    This leads to unpredictable behavior in the network; therefore set
    ipv6 to 1 which will prevent the dynamic creation of the wan_6
    interface.
    Further alias the wan6 interface on top of the wan interface for pppoe
    as the wan6 interface can only be started when the link local address is
    ready. In case of pppoe the link local address is negotiated during the
    Internet Protocol Control Protocol when the PPP link is setup meaning
    all the IP address info is only available when the wan interface is up.
    
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commits on Sep 14, 2017
  1. ipq806x: Archer C2600: fix switch ports numbering

    Baptiste Jonglez authored and mkresin committed Aug 23, 2017
    The order of LAN ports shown in Luci is reversed compared to what is
    written on the case of the device.  Fix the order so that they match.
    
    Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Commits on Sep 13, 2017
  1. treewide: fix shellscript syntax errors/typos

    BigNerd95 authored and mkresin committed Sep 11, 2017
    Fix multiple syntax errors in shelscripts (of packages only)
    These errors were causing many conditions to not working properly
    
    Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
    [increase PKG_RELEASE, drop command substitution from directip.sh]
    Signed-off-by: Mathias Kresin <dev@kresin.em>
  2. ramips: fix hg255d LED status support

    yangfl authored and mkresin committed Sep 9, 2017
    Use the green power LED for boot status indication.
    
    Source: https://my.oschina.net/osbin/blog/278782 Para 3
    
    Signed-off-by: David Yang <mmyangfl@gmail.com>
Commits on Sep 11, 2017
  1. ar71xx: fix MAC addresses on TP-Link TL-WR1043ND v4

    NeoRaider committed Sep 11, 2017
    The addresses were read from the 'config' partition, which would not always
    contain the addresses at the same offsets, depending on the stock firmware
    version used before flashing LEDE. Change this to get the addresses from
    the 'product-info' partition, which is read-only.
    
    Reported-and-tested-by: Andreas Ziegler <ml@andreas-ziegler.de>
    Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Commits on Sep 10, 2017
  1. hostapd: fix iapp_interface option

    BigNerd95 authored and mkresin committed Sep 9, 2017
    ifname variable were not assigned due to syntax error
    causing the hostapd config file to have an empty iapp_interface= option
    
    Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
Commits on Sep 8, 2017
  1. kernel: update 4.4 to 4.4.87

    Kevin Darbyshire-Bryant authored and mkresin committed Sep 7, 2017
    Fixes CVE-2017-11600
    
    No patch refresh required
    
    Compile & run tested: ar71xx - Archer C7 v2
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  2. dnsmasq: backport arcount edns0 fix

    Kevin Darbyshire-Bryant authored and dedeckeh committed Sep 8, 2017
    Don't return arcount=1 if EDNS0 RR won't fit in the packet.
    
    Omitting the EDNS0 RR but setting arcount gives a malformed packet.
    Also, don't accept UDP packet size less than 512 in received EDNS0.
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Commits on Sep 7, 2017
  1. dnsmasq: backport official fix for CVE-2017-13704

    Kevin Darbyshire-Bryant authored and dedeckeh committed Sep 7, 2017
    Remove LEDE partial fix for CVE-2017-13704.
    
    Backport official fix from upstream.
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
Commits on Sep 6, 2017
  1. uclient: update to 2017-09-06

    NeoRaider committed Sep 6, 2017
    24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses
    83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow
    
    Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Commits on Sep 4, 2017
  1. kernel: update 4.4 to 4.4.86

    Kevin Darbyshire-Bryant authored and mkresin committed Sep 4, 2017
    Refresh patches
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  2. brcm47xx: refresh Linux 4.4 config

    Rafał Miłecki
    Rafał Miłecki committed Sep 4, 2017
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Commits on Sep 3, 2017
  1. f2fs-tools: fix mkfs.f2fs on big-endian systems

    stintel committed Aug 24, 2017
    Fixes: FS#749
    
    Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
    (cherry picked from commit cdb494f)
  2. f2fs-tools: drop musl compat patch

    stintel committed Aug 24, 2017
    It is no longer needed since version 1.4.1.
    
    Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
    (cherry picked from commit 252c8dd)
  3. f2fs-tools: drop patch in favour of CONFIGURE_VARS

    stintel committed Aug 24, 2017
    Override the failing check in configure with CONFIGURE_VARS instead of
    carrying a patch that's unlikely to be accepted by upstream.
    
    Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
    Acked-by: John Crispin <john@phrozen.org>
    (cherry picked from commit d87f27a)
  4. f2fs-tools: Switch to gz tarball

    diizzyy authored and stintel committed May 10, 2017
    At some point kernel.org decided to drop xz generated tarballs, switch to gz which they still provide.
    
    Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>