currently (after blogic's edit to my commit) it prints like this:

root@lede:/# service aa
aa does not exist. the following services are available :adblock       dnsmasq       gpio_switch   rpcd          system
boot          done          led           sqm           uhttpd
crelay        dropbear      log           sysctl        umount
cron          firewall      network       sysfixtime    urandom_seed
ddns          fstab         odhcpd        sysntpd

which looks pretty bad, and is even worse if someone writes only "service" without arguments, as it will print " does not exist. " which is confusing.

with this commit it looks like this:

root@lede:/# service
service "" not found, the following services are available:
adblock       dnsmasq       gpio_switch   rpcd          system
boot          done          led           sqm           uhttpd
crelay        dropbear      log           sysctl        umount
cron          firewall      network       sysfixtime    urandom_seed
ddns          fstab         odhcpd        sysntpd

Yes there is some play with " and ', it is to display "name" or just "" if no service name is entered (like in the example).

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>

bnx2 driver support for the x86 architecture. Includes module and
firmware for Broadcom BCM5706/5708/5709/5716 ethernet adapters.

Signed-off-by: George Amanakis <g_amanakis@yahoo.com>

This commit introduced a syntax error in ox820-akitio.dts which is
fixed now:
commit 5cde94d9
Author: Daniel Golle <daniel@makrotopia.org>
Date:   Sat Sep 24 01:14:53 2016 +0200
    oxnas: backport upstream NAND driver

This caused the folowing error message in the build bot:
Error: arch/arm/boot/dts/ox820-akitio.dts:146.3-147.1 syntax error
FATAL ERROR: Unable to parse input tree
scripts/Makefile.lib:293: recipe for target 'arch/arm/boot/dts/ox820-akitio.dtb' failed
make[5]: *** [arch/arm/boot/dts/ox820-akitio.dtb] Error 1

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

This fixes the folowing security problems:

CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
CVE-2016-9594: unititialized random

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

Currently both libustream-polarssl and libustream-mbedtls
variants define themselves as the DEFAULT_VARIANT

Remove extra DEFAULT_VARIANT from libustream-polarssl.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

Signed-off-by: Magnus Kroken <mkroken@gmail.com>

Later OpenVPN 2.3-openssl versions only enable
TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE
cipher suites. ECDHE key exchange is not supported by
OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE
OpenVPN 2.4-mbedtls clients to connect to such servers.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Reported-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reported-by: Lucian Cristian <luci@createc.ro>

Secp384r1 is the default curve for OpenVPN 2.4+. Enable this to
make OpenVPN-mbedtls clients able to perform ECDHE key exchange
with remote OpenVPN 2.4-openssl servers that use the default
OpenVPN curve.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

We have profile for this device thanks to DEVICE_PACKAGES now.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Cc: Russell Senior <russell@personaltelco.net>

This allows using it nicely with PER_DEVICE_ROOTFS.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Cc: Russell Senior <russell@personaltelco.net>

We don't use this driver since commit 74171533 ("bcm53xx: switch to
m25p80 and drop bcm53xxspiflash").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

There was a typo in Makefile that prevented using these profiles.

Fixes: a75ce960 ("ramips: use different board names for variants")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

depending packages have been moved to kernel-config
- kmod-xen-kbddev in 9fde3614
- kmod-xen-fs, kmod-xen-evtchn, kmod-xen-netdev in 018807de

this will also fix imagebuilder

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

An external reset patch for AR955x accidentally led to external reset
being issued twice on AR913x, once before the RTC reset and once after.
This may be causing some stability issues.

Signed-off-by: Felix Fietkau <nbd@nbd.name>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

- replace the hotplug script with an interface trigger
- add netdev params to procd to trigger restart

Signed-off-by: Felix Fietkau <nbd@nbd.name>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

This commit was added to improve reset time on old SoC devices that run
into chip hangs more frequently. However with the more recent addition
of full WMAC reset on these chips, it could be problematic.
Drop this patch to ensure that DMA activity is really stopped before the
chip reset is issued

Signed-off-by: Felix Fietkau <nbd@nbd.name>

8dc2a59 Revert "Respect interface "ignore" settings as documented."
93ab25b router: skip parse_routes when ra_default > 1

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

Opkg's builtin decompression code is unsuitable to process nested archives as
it uses a single shared state and relies on undefined seek behaviour for pipes.

Rework the extraction logic to use the external gzip command as I/O filter for
decompressing data and remove the builtin inflate code entirely.

This shrinks the final opkg binary by about 4KB and results in less runtime
memory consumption due to efficient use of vfork() and less copy-on-write
operations in the forked child.

Rework by Felix: create a thread that relays data to the gzip process
instead of using a fragile poll loop

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Felix Fietkau <nbd@nbd.name>

This reverts commit 0090adcd.
It breaks reading package list in /tmp/opkg-lists, making it impossible
to install packages from feeds in snapshots.

Replace killall HUP by procd_send_signal in reload_service to trigger
an odhcpd config reload

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

-MAC register revisions for 8864 firmware

Tested on WRT1900ACv1 (mvebu). No regressions

Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>

The external script used to generate the package lists for the
LEDE wiki's table of packages [1] and package indexes [2] requires
a "Source:" field in the package lists to find package makefiles.
The package makefiles are used to read the package's Category and Submenu.

The "Source:" field was removed in commit
b4aa3c89
to reduce package list sizes and lessen opkg issues in low ram devices.

Add a separate package list file with full data to be used by the wiki's script.
It's called Packages.manifest and isn't compressed as it's not necessary.

1. https://lede-project.org/packages/start
2. https://lede-project.org/packages/index/start



Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Backport most important fixes up to latest HEAD

- Taken post-commit reverts/fixes into account

Compile tested
Run-tested on cns3xxx & imx6 targets

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Ensure there is room in the numbering for next patches

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Opkg's builtin decompression code is unsuitable to process nested archives as
it uses a single shared state and relies on undefined seek behaviour for pipes.

Rework the extraction logic to use the external gzip command as I/O filter for
decompressing data and remove the builtin inflate code entirely.

This shrinks the final opkg binary by about 4KB and results in less runtime
memory consumption due to efficient use of vfork() and less copy-on-write
operations in the forked child.

Rework by Felix: create a thread that relays data to the gzip process
instead of using a fragile poll loop

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Fixes build error on default config + selecting kmod-fs-isofs

Signed-off-by: Felix Fietkau <nbd@nbd.name>