Commits · 2faa1edd917d3ec716574aa8da11a8ff10fd67ea · Johannes Rudolph / lede-mikrotik

Feb 09, 2017

Daniel Engberg authored 8 years ago


Update to 3.1.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>

2faa1edd

Feb 06, 2017

tcpdump: update to version 4.9.0 · 985c90d1

Hauke Mehrtens authored 8 years ago


This fixes the following 41 security problems:
 + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
 + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
 + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
 + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
 + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
 + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
 + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
 + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
 + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
 + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
 + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
 + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
 + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
 + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
 + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
 + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
 + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
 + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
 + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
 + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
 + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
 + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
 + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
 + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
 + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
 + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
 + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
 + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
 + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
 + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
 + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
 + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
 + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
 + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
 + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
 + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().

The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk

old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

985c90d1

Feb 01, 2017
- xtables-addons: update to version 2.12 · a112786a
  Felix Fietkau authored 8 years ago
  
  Signed-off-by: Felix Fietkau <nbd@nbd.name>
  a112786a
Jan 30, 2017

iproute2: cake: update cake support · bdd1fad9

Kevin Darbyshire-Bryant authored 8 years ago


Updated cake's tc patch to match the official cake repository
formatting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

bdd1fad9

Jan 26, 2017

iproute2: cake: add 'mpu' minimum packet length support · a40f3f90

Kevin Darbyshire-Bryant authored 8 years ago


Add 'mpu' minimum length packet size parameter for scheduling/bandwidth
accounting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

a40f3f90

Jan 16, 2017

curl: fix HTTPS network timeouts with OpenSSL · b65572fe

Stijn Segers authored 8 years ago


Backport an upstream change to fix HTTPS timeouts with OpenSSL.
Upstream curl bug #1174.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
[Jo-Philipp Wich: reword commit message, rename patch to 001-*]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

b65572fe

Jan 13, 2017
- uqmi: mark as nonshared because of the usb dependencies · f44663c6
  Felix Fietkau authored 8 years ago
  
  Signed-off-by: Felix Fietkau <nbd@nbd.name>
  f44663c6
- umbim: mark as nonshared because of the usb dependencies · 185b06f0
  Felix Fietkau authored 8 years ago
  
  Signed-off-by: Felix Fietkau <nbd@nbd.name>
  185b06f0
- comgt: mark as nonshared because of the usb dependencies · 1ca31b09
  Felix Fietkau authored 8 years ago
  
  Signed-off-by: Felix Fietkau <nbd@nbd.name>
  1ca31b09
Jan 11, 2017

Revert the recent dependency and metadata scanning rework · 1ad30be9

Felix Fietkau authored 8 years ago


This reverts the following commits:
fbe522d1
278ad007
863888e4
96daf635
cfd83555

This seems to trigger some mconf bugs when built with all feeds
packages, so I will try to find a less intrusive solution before the
release.

Signed-off-by: Felix Fietkau <nbd@nbd.name>

1ad30be9

comgt: allow build without USB_SUPPORT · fbe522d1
Felix Fietkau authored 8 years ago
```
Signed-off-by: Felix Fietkau <nbd@nbd.name>
```
fbe522d1
umbim: allow build without USB_SUPPORT · 278ad007
Felix Fietkau authored 8 years ago
```
Signed-off-by: Felix Fietkau <nbd@nbd.name>
```
278ad007
uqmi: allow build without USB_SUPPORT · 863888e4
Felix Fietkau authored 8 years ago
```
Signed-off-by: Felix Fietkau <nbd@nbd.name>
```
863888e4

Jan 10, 2017

iwinfo: drop references to madwifi · c687a70f

Stijn Tintel authored 8 years ago


Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>

c687a70f

Jan 05, 2017
- build: use mkhash to replace various quirky md5sum/openssl calls · 84bd7405
  Felix Fietkau authored 8 years ago
  
  Signed-off-by: Felix Fietkau <nbd@nbd.name>
  84bd7405
Jan 03, 2017

curl: Remove PolarSSL and adjust default to mbedTLS · 55868001

Rosen Penev authored 8 years ago


luci-ssl has already made the switch since mainline support for PolarSSL is
almost over (2016).

Signed-off-by: Rosen Penev <rosenp@gmail.com>

55868001

Jan 02, 2017

curl: update to version 7.52.1 · 1436e154

Hauke Mehrtens authored 8 years ago


This fixes the folowing security problems:

CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
CVE-2016-9594: unititialized random

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

1436e154

Dec 22, 2016

treewide: clean up and unify PKG_VERSION for git based downloads · c7c1cf56
Felix Fietkau authored 8 years ago
```
Also use default defintions for PKG_SOURCE_SUBDIR, PKG_SOURCE

Signed-off-by: Felix Fietkau <nbd@nbd.name>
```
c7c1cf56

uqmi: add plmn set functionality for netifd proto handler · 6c82f8a4

Florian Eckert authored 8 years ago


uqmi has the possibility to allow the modem to start a regsitration
process only to this specified plmn

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>

6c82f8a4

comgt-ncm: fix typo Fix typo in ncm.sh. Resolves: · 83eca5d8

Cezary Jackiewicz authored 8 years ago


Wed Dec 21 09:55:54 2016 daemon.notice netifd: wan (4455): ./ncm.sh: eval: line 1: =IP: not found

Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>

83eca5d8

Dec 20, 2016

iproute2: tc - update cake support · 197b11f3

Kevin Darbyshire-Bryant authored 8 years ago


Update tc to track upstream cake changes:

diffserv3 - a simple 3 tin classifier

Also make diffserv3 and triple-isolate default

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

197b11f3

uqmi: Prevent 'POLICY MISMATH' error. · 600d648a

Nickolay Ledovskikh authored 8 years ago

Add uqmi 'sync' command call to release stalled cid when preparing to
setup new connection. As a result it prevents 'POLICY MISMATCH' errors.

Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>

600d648a

uqmi: bump to latest git HEAD · 4146047e

John Crispin authored 8 years ago


8ceeab6 uqmi: Change returned value to QMI_CMD_REQUEST for 'sync' command.
1dc7be1 uqmi: Add sync command to release all cids.

Signed-off-by: John Crispin <john@phrozen.org>

4146047e

uqmi: add support of using device symlinks. · 6439e396

Nickolay Ledovskikh authored 8 years ago

It's useful when using multiple usb devices that should be bound to
certain usb ports. Symlinks are created by hotplug handlers.

Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>

6439e396

comgt: add support of using device symlinks. · 13ab314b

Nickolay Ledovskikh authored 8 years ago

It's useful when using multiple usb devices that should be bound to
certain usb ports. Symlinks are created by hotplug handlers.

Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>

13ab314b

Dec 16, 2016

treewide: clean up download hashes · 720b9921

Felix Fietkau authored 8 years ago


Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>

720b9921

Dec 14, 2016

comgt-ncm: Add support for specifying profile index · 5bd3b9df

Matti Laakso authored 8 years ago


Add support for specifying a call profile index instead of APN. A
specific index different from 1 must be used for some service
provider and modem combinations.

In addition, change the manufacturer detection to use the standard
AT+CGMI command, which produces more predictable output than ATI,
remove the redundant ipv6 option, since it is less ambiguous to
directly specify the PDP context type with mobile connections, and
fix missing device during teardown when using ncm through the wwan
proto.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

5bd3b9df

uqmi: Add support for specifying profile index · 2e2748b0

Matti Laakso authored 8 years ago


Update uqmi to latest version, which brings about support for
specifying a call profile index instead of APN. A specific index
different from 1 must be used for some service provider and modem
combinations.

Also change option dhcp to dhcpv6, since IPv4 now always uses DHCP,
replace option ipv6 with pdptype, which is less ambiguous, and
make autoconnect optional and default it to off for IPv6 due to it
not working with statically configured IPv6.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

2e2748b0

netfilter: drop proprietary xt_id match · e2f8d200

Jo-Philipp Wich authored 8 years ago


The xt_id match was used by the firewall3 package to track its own rules but
the approach has been changed to use xt_comment instead now, so we can drop
this nonstandard extension.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

e2f8d200

Dec 12, 2016

iproute2: support latest cake & restore DSCP washing · 88f8c8d7

Kevin Darbyshire-Bryant authored 8 years ago


Support new packet overhead passing paradigm in cake qdisc, also restore
DSCP wash/nowash keywords.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

88f8c8d7

tcpdump: reduce size of -mini by removing more infrequently used protocols · b9ddf309

Felix Fietkau authored 8 years ago


This removes:
- BGP
- CDP
- SCTP

MIPS binary .ipk size is reduced from ~150k to ~130k

Signed-off-by: Felix Fietkau <nbd@nbd.name>

b9ddf309

net/utils/tcpdump: update to 4.8.1 · a4a00d79

p-wassi authored 8 years ago


Update tcpdump to upstream release 4.8.1

Signed-off-by: Paul Wassi <p.wassi@gmx.at>

a4a00d79

Dec 03, 2016

curl: update to version 7.51.0 · 4e07167e

Hauke Mehrtens authored 8 years ago


This fixes the following security problems:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

4e07167e

Dec 01, 2016

xtables-addons: add CONFIG_NF_CONNTRACK_MARK=y to all kmod-* packages · 4d448cf7

Felix Fietkau authored 8 years ago


Not all kmod packages depends on kmod-ipt-compat-xtables, but this
kernel config option is required for building the whole package

Signed-off-by: Felix Fietkau <nbd@nbd.name>

4d448cf7

Nov 29, 2016

iw: drop TX power patch that is part of upstream version now · e8fe83e1

Rafał Miłecki authored 8 years ago


Applying it again was resulting in duplicated TX info like:
Interface wlan0
        ifindex 6
        wdev 0x1
        addr 00:23:6a:a3:7d:00
        ssid LEDE2
        type AP
        wiphy 0
        channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
        txpower 31.00 dBm
        txpower 31.00 dBm

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

e8fe83e1

Nov 26, 2016
- ipset: Add InstallDev to provide libipset as library · 04a76da1
  Julian Kornberger authored 8 years ago
  
  04a76da1
Nov 14, 2016

arptables: bump to 2015-05-20 · 32cfd3bd

Ralph Sennhauser authored 8 years ago

This fixes building with musl and drops the dependency on the OpenWrt
kernel-header patches:

  270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch
  271-uapi-libc-compat.h-do-not-rely-on-__GLIBC__.patch
  272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch

Use the new upstream location at netfilter.org and use a define instead
of a patch to "optimize".

See also: https://git.netfilter.org/arptables/log/



Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
[Jo-Philipp Wich: add mirror SHA256 sum]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

32cfd3bd

conntrack-tools: update to v1.4.4 · dc7c9f59
Jo-Philipp Wich authored 8 years ago
```
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
```
dc7c9f59

Nov 12, 2016

iw: fix build error caused by redeclaration of NL80211_ATTR_PAD · fc934940
Rafał Miłecki authored 8 years ago
```
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Fixes: 7aff00ab ("iw: update to version 4.9")
```
fc934940

iw: update to version 4.9 · 7aff00ab

Rafał Miłecki authored 8 years ago


This adds support for "channels" command which displays more details
about channels. It includes e.g. info about available widths.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

7aff00ab