Felix Fietkau [Thu, 9 Mar 2017 07:53:52 +0000 (08:53 +0100)]
iwcap: fix handling kill signal during dump
Do not run another loop iteration before checking the stop flag
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
2f09a1e3c950c9b2993ae52d1b0e78317c344470)
Rafał Miłecki [Sat, 11 Mar 2017 22:03:12 +0000 (23:03 +0100)]
x86: image: drop unneeded grub call
It appears there isn't any Image/Build/grub/* define so this step looks
redundant.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
f5d403488ed62bb7f0e0017b02890b4d72240a55)
Rafał Miłecki [Sat, 11 Mar 2017 22:03:11 +0000 (23:03 +0100)]
x86: image: drop unused ROOTDELAY variable
It's unused since commit
742700719303 ("x86: remove the olpc subtarget,
it has been unmaintained for a long time").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
9a267e6a4b08d1fa2a98523e5eb9f2325c9506e2)
Kevin Darbyshire-Bryant [Fri, 3 Mar 2017 11:49:06 +0000 (11:49 +0000)]
ccache: update to 3.3.4
Update from 3.3.2 to 3.3.4 & refresh patches.
Remove 110-disable-assembler-support as ccache now understands the
'.incbin' directive.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit
2cf00b640dce3ee9b09b41f2f1486a6a50bca45b)
Lucian Cristian [Sat, 4 Mar 2017 13:24:44 +0000 (15:24 +0200)]
base-files: add submission service port
prevent postfix start failure fatal: 0.0.0.0:submission: Unrecognized service
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
8e75efc0fb52d02a0cdc13a5ad819b380de6f3da)
Claudiu Brasovean [Tue, 28 Feb 2017 09:51:01 +0000 (11:51 +0200)]
procd.sh: use parameterized respawn values
continue work started here: http://patchwork.ozlabs.org/patch/520859
Extend /etc/config/system with parameters to set the default respawn treshold and respawn timeout
for procd launched services that have respawn enabled.
This results in cleaner init scripts, while making sure services have respawn parameters set.
Signed-off-by: Claudiu Brasovean <cbrasho@gmail.com>
(cherry picked from commit
c70c6ac070223114ee8c9f33e5e416edb005ca83)
Florian Fainelli [Thu, 2 Mar 2017 19:37:29 +0000 (11:37 -0800)]
toolchain: Allow external toolchains to specify libthread-db
We need to let external toolchains be able to specify the path and
specification file to the libthread-db POSIX thread debugging shared
libraries.
This fixes GDB not being able to be installed because it is depending on
libthread-db:
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies
* for gdb:
* libthread-db *
* opkg_install_cmd: Cannot install package gdb.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit
7f0c95a7dfff8aa0b6f5e3e78263cab108245e4c)
Florian Fainelli [Mon, 13 Feb 2017 02:34:53 +0000 (18:34 -0800)]
rssileds: Fix build with external toolchains
Pass down TARGET_CPPFLAGS for path to header files, and append the
libraries we depend on in TARGET_LDFLAGS. Put TARGET_LDFLAGS at the end
of the command line as is required by modern GCC/binutils.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit
30159b3886849f94cd065ecece7ac988bfb89548)
Florian Fainelli [Mon, 13 Feb 2017 02:29:53 +0000 (18:29 -0800)]
adb: Also pass TARGET_CPPFLAGS
Fixes build issues with external toolchains that do not have STAGING_DIR
in their default search path.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit
4aa1560de3ce7e1ce813f450025ee0c55ab868eb)
Florian Fainelli [Sun, 12 Feb 2017 22:10:12 +0000 (14:10 -0800)]
swconfig: Link with libubox
Fixes linking failures observed with external toolchains:
/home/florian/dev/toolchains/stbgcc-4.8-1.5/bin/../lib/gcc/mipsel-linux-gnu/4.8.5/../../../../mipsel-linux-gnu/bin/ld:
warning: libubox.so, needed by
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so,
not found (try using -rpath or -rpath-link)
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so:
undefined reference to `blobmsg_open_nested'
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so:
undefined reference to `blobmsg_parse'
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so:
undefined reference to `blob_nest_end'
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so:
undefined reference to `blobmsg_add_field'
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit
fe8618a8fe0db1bc8f343c0f75082ff96e9991ab)
Florian Fainelli [Sun, 12 Feb 2017 22:07:36 +0000 (14:07 -0800)]
px5g: Fix TARGET_LDFLAGS and add TARGET_CPPFLAGS
Make sure we pass down TARGET_CPPFLAGS to let toolchains with no default
search paths to find the mbdetls headers, and override TARGET_LDFLAGS to
include libraries we are linking against.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit
306ee6436170d4c3c0c677653e9a20a8ee116cf7)
Florian Fainelli [Sun, 12 Feb 2017 22:05:17 +0000 (14:05 -0800)]
omcproxy: Update to latest HEAD
Brings the following change:
1fe6f48f8a50 Cmake: Find libubox/list.h
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit
4c02435b9b985a10d33bc195acddd31c8545a277)
Florian Fainelli [Sun, 12 Feb 2017 21:21:01 +0000 (13:21 -0800)]
bsdiff: Also pass down TARGET_CPPFLAGS
Fixes build with external toolchains not having STAGING_DIR in their
default search path(s).
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit
562ebe798255a2bb71c6a621d6a70662dfbd63c4)
Florian Fainelli [Sun, 5 Feb 2017 04:57:34 +0000 (20:57 -0800)]
thc-ipv6: Allow overriding CFLAGS
thc-ipv6 did not allow an external environment to override CFLAGS, which
would lead to our CFLAGS not being passed properly (relro,
optimizations, etc...)
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit
9b2321f42d075a12e73a81b89bd49b8696d3700f)
Etienne Haarsma [Sun, 12 Feb 2017 15:50:07 +0000 (16:50 +0100)]
tools/m4: update 1.4.18
Patch 100-fix-gets-removal.patch is removed because it's included in the new version.
Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
(cherry picked from commit
d90abebd06bbb004fc7957c39fe89202fbdca9f2)
Felix Fietkau [Mon, 20 Feb 2017 12:03:49 +0000 (13:03 +0100)]
build: get rid of FIND_L from host.mk
This was added for Mac OS X many years ago, but recent versions also
support find -L
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
be206eba3a57128695a00f490767e5c136e43ab7)
Thomas Reifferscheid [Mon, 20 Feb 2017 16:48:50 +0000 (17:48 +0100)]
build: unsilence move command
The @ sign in front of the "mv" command was significantly suppressing
output to stdout. When reviewing the make/build logs it was tricking
me a whole lot and it mad me lose time. Removing the @ sign will get
stdout and logs right about what happened when.
Signed-off-by: Thomas Reifferscheid <thomas@reifferscheid.org>
(cherry picked from commit
1d49b534f5b74676f30f2ee1ba78d9e02d59f0bc)
Felix Fietkau [Wed, 15 Feb 2017 11:34:52 +0000 (12:34 +0100)]
build: skip headers install and config on make target/linux/prepare
This simplifies working with quilt on the kernel tree
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
dce6eeccc09339c7101a5b6b3fdba8b4d8f41247)
Felix Fietkau [Thu, 9 Feb 2017 12:34:21 +0000 (13:34 +0100)]
build: make Host/Install/Default use Host/Compile/Default with an extra argument
Allows parallelizing compile steps that might be necessary during install
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
fe1e3622a271386ea0413c97d9884e9935e17f11)
Michal Sojka [Thu, 2 Feb 2017 11:13:03 +0000 (12:13 +0100)]
build: Pass -iremap gcc option as a single argument
Passing -iremap argument separately causes problems with projects that
use scons and its ParseFlags function. Consider this SConscript
example:
env = Environment()
d = env.ParseFlags("-iremap one:two")
ParseFlags will interpret one:two as a file name and the returned dict
d will contain only "-iremap". When the -iremap is passed to the
compiler without an argument, compilation obviously fails.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
(cherry picked from commit
202ae4cc6a910dec2441c45dfdf5814ac4d82518)
Felix Fietkau [Thu, 9 Feb 2017 12:35:07 +0000 (13:35 +0100)]
toolchain/gcc: parallelize make install
If the staging dir was deleted, the build needs to recompile some files.
This change speeds up this corner case significantly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
0f5d17a7e6acceb18867fd951b231bfb6c4d8946)
Felix Fietkau [Thu, 9 Feb 2017 12:35:51 +0000 (13:35 +0100)]
toolchain/musl: parallelize make install
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
43332f513baf35e2bcd3285d7c93d592001943f6)
Jo-Philipp Wich [Mon, 1 Aug 2016 16:26:05 +0000 (18:26 +0200)]
imagebuilder: make submake invocations less verbose
Use silent make invocations for sub-makes like build_image or checksum to
avoid bloating the IB output with non-status info.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
0d1765b4ba2575ad7dbfbea5e5d04ba1224cdc0a)
Felix Fietkau [Wed, 1 Feb 2017 07:22:27 +0000 (08:22 +0100)]
gcc: remove obsolete uclibc patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
70973dd30d29c9d7e4402578da1d36e05e3d142d)
Felix Fietkau [Wed, 1 Feb 2017 07:29:06 +0000 (08:29 +0100)]
toolchain/gcc: reduce source directory size by about 420 MB
Remove gcc testsuite, ada and libjava (if not selected)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
f204e0fc4619c7c64d0d99b87b0ddd802338d78a)
Felix Fietkau [Mon, 30 Jan 2017 10:46:08 +0000 (11:46 +0100)]
bcm53xx: suppress osafeloader info error messages during flashing
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
727e244faec8ec8e0004a2b772d1a9424f0c9d5d)
Florian Fainelli [Sun, 1 Jan 2017 00:13:35 +0000 (16:13 -0800)]
toolchain: Broaden the executable loader pattern
Some toolchains will produce executables with an interpreter that is e.g:
ld.so.1 (typically a symbolic link). Due to our current LIBC_SPEC_FILE value,
we would not be able to copy this symbolic link/file over to the rootfs and
executables would fail to load. Extend the search pattern to include all
ld*.so* files that could be needed.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit
200d932322f3d8c436a67c53f4fbca87f0aab8af)
Florian Fainelli [Sun, 15 Jan 2017 04:04:38 +0000 (20:04 -0800)]
build: Suffix build directory with _$(LIBC) for external toolchains
For external toolchain, we also know the type of C library used, and the
toolchain triplet may not always be reflective of that, therefore make
$(TARGET_DIR_NAME) suffixed with _$(LIBC).
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit
57657a72376000b5843367e627098f09fe9c3647)
Rosen Penev [Thu, 23 Nov 2017 21:18:07 +0000 (13:18 -0800)]
tools/sstrip: Fix compile under standard linux.
bswap32 undefined is the issue. Added the proper header. Also fixed a few format/conversion warnings that clang complained about without -Wall or -Wextra.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
d6e34b735201805ae9112a7997f15b80f5926942)
Peter Wagner [Fri, 8 Dec 2017 05:23:26 +0000 (06:23 +0100)]
openssl: update to 1.0.2n
add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)
Fixes CVEs: CVE-2017-3737, CVE-2017-3738
Signed-off-by: Peter Wagner <tripolar@gmx.at>
(backported from commit
55e70c8b72dbb8e812ceb790bf08543d69fce86e)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Christian Lamparter [Sun, 19 Nov 2017 16:19:21 +0000 (17:19 +0100)]
base-files: upgrade: make get_partitions() endian agnostic
This patch fixes two issues with the current get_partitions()
function.
First: "Invalid partition table on $disk" will pop up on
legitimate images on big endian system.
This is because the little-endian representation of "55 AA" is
assumed in the context of little-endian architectures. On these
comparing it to the 16-bit word 0xAA55 does work as intented.
Whereas on big-endian systems, this would have to be 0x55AA.
This patch fixes the issue by replacing the integer conversion
and value match check with just a string comparision.
Second: The extraction of the type, start LBA and LBA num from
the partition table has the same endianness issue. This has been
fixed by using the new hex_le32_to_cpu() function. This function
will translate the stored little-endian data to the correct
byte-order if necessary.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
4e3f6dae04fb526a78e613db6c65aee584403d36)
Jo-Philipp Wich [Tue, 12 Dec 2017 16:30:34 +0000 (17:30 +0100)]
cyassl: update to wolfssl 3.12.2 (1 CVE)
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").
Ref: https://github.com/wolfSSL/wolfssl/pull/1229
Ref: https://robotattack.org/
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit
902961c148b1f6d06a6159090366250281d801d7)
Jo-Philipp Wich [Fri, 27 Oct 2017 01:25:29 +0000 (03:25 +0200)]
mdadm: fix parameter quoting
Ensure that path defines are passed quoted to the compiler in order
to avoid cpp syntax errors.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
d4e7af52788fe6a5495064606e674ed6897a69cb)
Rosen Penev [Tue, 17 Oct 2017 16:28:39 +0000 (09:28 -0700)]
mdadm: Fix config generation
The init script generated something like "DEVICE=/dev/sda" when it should
have been generating "DEVICE /dev/sda". mdadm errors on this. Patch by jow.
Also changed the default sendmail path to /usr/sbin/sendmail. No package
in LEDE provides /sbin/sendmail. msmtp provides /usr/sbin/sendmail so use
that.
Also add a patch to fix file paths for mdadm runtime files. mdadm currently
errors on them since /run is missing. Once /run is added to stock LEDE, this
patch can be removed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
8eadec40bdc205568e34e19b07b2a3035c9223fb)
Florian Fainelli [Wed, 31 May 2017 21:39:12 +0000 (14:39 -0700)]
mdadm: Do not check RUN_DIR
Fixes build failure on hosts that do not have mdadm
installed/configured:
make[3]: Entering directory
`/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0'
***** Parent of /run/mdadm does not exist. Maybe set different RUN_DIR=
***** e.g. make RUN_DIR=/dev/.mdadm
***** or set CHECK_RUN_DIR=0
make[3]: *** [check_rundir] Error 1
make[3]: Leaving directory
`/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0'
make[2]: ***
[/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0/.built]
Error 2
make[2]: Leaving directory
`/local/users/fainelli/openwrt/trunk/package/utils/mdadm'
make[1]: *** [package/utils/mdadm/compile] Error 2
make[1]: Leaving directory `/local/users/fainelli/openwrt/trunk'
make: *** [package/mdadm/compile] Error 2
Fixes: 980c41f8e04f ("utils/mdadm: Update to 4.0")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit
5229c453630c0b023c3d65ef6005adbe48062bbb)
Felix Fietkau [Wed, 12 Apr 2017 07:35:14 +0000 (09:35 +0200)]
kernel: remove out of tree direct-io disable hack
Direct-IO support has to be enabled for the release build anyway, so
this hack is not worth keeping
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from commit
0b7ed65cec8084bb98ae0e2758b7aca6c447cd4b)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Daniel Engberg [Fri, 24 Mar 2017 11:17:24 +0000 (12:17 +0100)]
utils/mdadm: Update to 4.0
Update mdadm to 4.0
Remove 000-compile.patch as it's fixed upstream
Refresh patches
Add mdadm.h-Undefine-dprintf-before-redefining.patch
Source: http://git.openembedded.org/openembedded-core/tree/meta/recipes-extended/mdadm/files
Add RAID 0,1 and 10 as depends to make mdadm usable.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit
980c41f8e04f5586731e84492001971eb8371590)
Jo-Philipp Wich [Thu, 9 Feb 2017 12:22:47 +0000 (13:22 +0100)]
mdadm: extend uci config support
Extend the mdadm package to allow to explicitely configure arrays as
well as device list entries.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
813efe57e434037fb58bd3e16ebd3a1cfd6ceb82)
Matthias Schiffer [Fri, 24 Feb 2017 11:16:33 +0000 (12:16 +0100)]
rules.mk: make PKG_CONFIG_DEPENDS properly track string values
The confvar macro is adjusted to not only consider if a variable has a
value or not, but also the value itself. Instead of creating a string of
'y' and 'n' characters, all variable names and values are concatenated
and hashed.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
5ef0854b1109ba2dbd1dd3d9f87ce5801002d0ba)
Etienne Haarsma [Fri, 1 Dec 2017 17:26:40 +0000 (18:26 +0100)]
kernel: bump 4.4 to 4.4.103 for 17.01
Refreshed all patches.
Removed upstream ramips patches:
0101-MIPS-ralink-Fix-MT7628-pinmux.patch
0102--MIPS-ralink-Fix-typo-in-mt7628-pinmux-function.patch
Compile-tested: ar71xx
Run-tested: ar71xx
Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
Koen Vandeputte [Tue, 24 Oct 2017 14:20:21 +0000 (16:20 +0200)]
uqmi: also try newer pin verification
Newer devices tend to only support the newer version of the pin
verification command, so also try that one.
Fixes PIN issues with modems like the Sierra Wireless MC7455
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Rafał Miłecki [Fri, 8 Dec 2017 12:57:46 +0000 (13:57 +0100)]
opkg: bump to version 2017-12-08
This updates package to the latest commit from the lede-17.01 branch. It
contains few fixes backported from the master:
1) SHA256 fix
2) URL encoding which allows hosting packages on some more picky servers
Changes:
9f61f7a opkg_download: decode file:/ URLs
3c46c88 file_util: implement urldecode_path()
79908c2 file_util: consolidate hex/unhex routines
793fbac opkg: encode archive filenames while constructing download URLs
a6bb5cb file_util: implement urlencode_path() helper
098e774 libopkg: fix SHA256 calculation for big endian system
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Timo Sigurdsson [Tue, 14 Nov 2017 20:41:30 +0000 (21:41 +0100)]
hostapd: backport fix for wnm_sleep_mode=0
wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch
114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
bd45e15d0afe64dfed5a02a50a634f7947b50144
fixed PKG_RELEASE and renumbered patch)
Conflicts:
package/network/services/hostapd/Makefile
Timo Sigurdsson [Tue, 14 Nov 2017 20:41:29 +0000 (21:41 +0100)]
hostapd: Expose the tdls_prohibit option to UCI
wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.
Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.
Make this option configurable via UCI, but disabled by default.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(cherry picked from commit
6515887ed9b3f312635409702113dca7c14043e5)
Hans Dedecker [Wed, 6 Dec 2017 13:22:59 +0000 (14:22 +0100)]
dnsmasq: backport infinite dns retries fix
If all configured dns servers return refused in response to a query in
strict mode; dnsmasq will end up in an infinite loop retransmitting the
dns query resulting into high CPU load.
Problem is fixed by checking for the end of a dns server list iteration
in strict mode.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Stijn Segers [Sun, 3 Dec 2017 11:09:20 +0000 (12:09 +0100)]
curl: apply CVE 2017-8816 and 2017-8817 security patches
This commit adds the upstream patches for CVE 2017-8816 and 2017-8817 to the 17.01
Curl package.
Compile-tested on ar71xx, ramips and x86.
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Felix Fietkau [Fri, 17 Nov 2017 07:57:13 +0000 (08:57 +0100)]
mt76: update to the latest version
Significant performance/stability improvements for MT76x2 and MT7603.
Adds LED support.
Changes:
2895775 mt76x2: mcu: remove unused parameter in mt76x2_mcu_msg_alloc signature
1dae8f0 mt7603: mcu: remove unused parameter in mt7603_mcu_msg_alloc() signature
5e49aa9 Fix errors found by cppcheck
1b8c8a0 mt7603: add LED definition registers
4d83561 mt76x2: add LED register definitions
2f40e4a mt76x2: Support using PCI ID as chip ID
27c64bc mt76: add led support using mac80211 led framework
dfd64fc mt76x2: init: add ma80211 led callbacks
215edf1 mt7603: init: add ma80211 led callbacks
9d36ff2 mt76x2: Add PCI identifier for MT7602
0b7984e mt7603: remove unnecessary mcu register read function
f5498d2 debugfs: add support for changing the LED pin
8e453b3 mac80211: move DT led configuration to the "led" child node
8f1673a mt76x2: limit client WCID entries to 0-127
f9d9c22 mt76x2: clear drop flag for all WCIDs on init
0dd8b68 mt76x2: clear per-WCID tx rate lookup register
3e5afe7 mt76x2: add helper function for setting drop mask
941555b mt76x2: clear drop mask when sending a PS response
7dfb354 mt76: increase rx ring size for mt76x2
73902dc mt76x2: add rx statistics registers
fe79816 mt76x2: fix LNA gain register annotation
cc588c5 mt76x2: sync channel gain value with latest reference driver
60a4d67 mt76x2: implement dynamic AGC tuning based on false packet detection count
4bc9aa9 mt76x2: add more gain tuning based on the latest reference driver
0a0d16f mt76x2: sync tx power related values with reference driver
8c821aa mac80211: add missing include
82acc85 mt7603: add missing include required on newer kernels
2c1a77c mt76x2: fix transmission of encrypted management frames
0532315 mt76x2: increase OFDM SIFS time
1acde21 mt76x2: add channel argument to eeprom tx power functions
58364a2 mt76x2: initialize channel power limits
c2bd89e mt76x2: convert between per-chain tx power and combined output
e7eaa7c mt7603: rename mt7603_mac_reset to mt7603_pse_reset
ea4c2a1 mt7603: rename MT_PSE_RESET register
c86c3a0 mt7603: remove watchdog reset on interface stop
4490f93 mt7603: remove WARN_ON_ONCE for workaround checks
3075059 mt7603: simplify PSE reset
4ed7e07 mt7603: warn if PSE reset fails
7dc8db1 mt7603: clean up dma debug reads
41e6a04 mt7603: make mt7603_mac_watchdog_reset() static
dc7a351 mt7603: clear wtbl PS bit for powersave responses
123acf2 mt7603: set tx-skip flag for powersave clients
7dd2a9e mt7603: initialize wtbl ps flag on station add
86ddef3 mt76x2: remove some harmless WARN_ONs in tx status and rx path
e326bc2 mt7603: remove some harmless WARN_ONs in rx path
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Ryan Mounce [Thu, 3 Aug 2017 11:07:58 +0000 (20:37 +0930)]
tools: patch various gnu tools for macOS 10.13
These host tools compile but may crash at runtime when building on
macOS 10.13 (High Sierra). Backport upstream gnulib patch until new
releases of affected tools.
https://lists.gnu.org/archive/html/bug-gnulib/2017-07/msg00056.html
https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=
c41f233c4c38e84023a16339782ee306f03e7f59
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
Felix Fietkau [Mon, 4 Dec 2017 08:56:32 +0000 (09:56 +0100)]
samba36: backport an upstream fix for an information leak (CVE-2017-15275)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Mathias Kresin [Sat, 18 Nov 2017 20:07:45 +0000 (21:07 +0100)]
ramips: backport MT7628 pinmux fixes
According to the datasheet the REFCLK pin is shared with GPIO#37 and
the PERST pin is shared with GPIO#36.
While at it fix a typo inside the pinmux setup code. The function is called
refclk and not reclk.
Update device tree source files accordingly.
Signed-off-by: Mathias Kresin <dev@kresin.me>
INAGAKI Hiroshi [Sat, 25 Nov 2017 16:42:50 +0000 (01:42 +0900)]
ramips: add missing reset button for Nexx WT1520
This commit adds missing the GPIO key used as reset button.
Nexx WT1520 has a GPIO key for factory reset, but it's not defined in
WT1520.dtsi and cannot use it.
Drop the UART (full) from the device tree source file, it was never
used for this board. Adjust the kernel bootargs accordingly.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
[add note about dropped UART (full) to the commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Kevin Darbyshire-Bryant [Mon, 27 Nov 2017 10:14:54 +0000 (10:14 +0000)]
wireguard: bump to snapshot
20171127
== Changes ==
* compat: support timespec64 on old kernels
* compat: support AVX512BW+VL by lying
* compat: fix typo and ranges
* compat: support 4.15's netlink and barrier changes
* poly1305-avx512: requires AVX512F+VL+BW
Numerous compat fixes which should keep us supporting 3.10-4.15-rc1.
* blake2s: AVX512F+VL implementation
* blake2s: tweak avx512 code
* blake2s: hmac space optimization
Another terrific submission from Samuel Neves: we now have an implementation
of Blake2s using AVX512, which is extremely fast.
* allowedips: optimize
* allowedips: simplify
* chacha20: directly assign constant and initial state
Small performance tweaks.
* tools: fix removing preshared keys
* qemu: use netfilter.org https site
* qemu: take shared lock for untarring
Small bug fixes.
Remove myself from the maintainers list: we have enough and I'm happy to
carry on doing package bumps on ad-hoc basis without the 'official'
title.
Run-tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Etienne Haarsma [Sun, 26 Nov 2017 11:34:38 +0000 (12:34 +0100)]
kernel: bump 4.4 to 4.4.102
Refreshed all patches.
Removed upstream ramips patch: 0063-set-CM_GCR_BASE_CMDEFTGT_MEM-according-to-datasheet.patch
Compile-tested: ar71xx
Run-tested: ar71xx
Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
Tested-by: Stijn Segers <francesco.borromini@inventati.org>
Kevin Darbyshire-Bryant [Fri, 24 Nov 2017 10:28:13 +0000 (10:28 +0000)]
wireguard: bump to
20171122
Bump to latest WireGuard snapshot release:
ed479fa (tag: 0.0.
20171122) version: bump snapshot
efd9db0 chacha20poly1305: poly cleans up its own state
5700b61 poly1305-x86_64: unclobber %rbp
314c172 global: switch from timeval to timespec
9e4aa7a poly1305: import MIPS64 primitive from OpenSSL
7a5ce4e chacha20poly1305: import ARM primitives from OpenSSL
abad6ee chacha20poly1305: import x86_64 primitives from OpenSSL
6507a03 chacha20poly1305: add more test vectors, some of which are weird
6f136a3 compat: new kernels have netlink fixes
e4b3875 compat: stable finally backported fix
cc07250 qemu: use unprefixed strip when not cross-compiling
64f1a6d tools: tighten up strtoul parsing
c3a04fe device: uninitialize socket first in destruction
82e6e3b socket: only free socket after successful creation of new
df318d1 compat: fix compilation with PaX
d911cd9 curve25519-neon: compile in thumb mode
d355e57 compat: 3.16.50 got proper rt6_get_cookie
666ee61 qemu: update kernel
2420e18 allowedips: do not write out of bounds
185c324 selftest: allowedips: randomized test mutex update
3f6ed7e wg-quick: document localhost exception and v6 rule
Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Mathias Kresin [Sat, 18 Nov 2017 11:19:00 +0000 (12:19 +0100)]
ramips: fix Planex CS-QR10 device packages
Add kmod-sound-core, it is a dependency of kmod-sound-mt7620 and will
not be autoselected.
Remove kmod-i2c-core, it will be autoselected by kmod-i2c-ralink.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Sat, 18 Nov 2017 10:59:22 +0000 (11:59 +0100)]
ramips: fix DCH-M225 support
Setting the pins of the uartf group to gpio+i2s at the time the i2c
driver loads is to late for the WPS gpio button.
The gpio-keys driver fails to load since the pin used by the WPS button
is not yet set to GPIO. The WPS button with the rfkill keycode is
essential for this wifi only board.
Add the missing sound and i2c kernel modules corresponding to the
device nodes.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Emerson Pinter [Wed, 15 Nov 2017 19:20:44 +0000 (17:20 -0200)]
dnsmasq: load instance-specific conf-file if exists
Without this change, the instance-specific conf-file is being added to procd_add_jail_mount,
but not used by dnsmasq.
Signed-off-by: Emerson Pinter <dev@pinter.com.br>
Daniel Golle [Fri, 17 Nov 2017 13:42:49 +0000 (14:42 +0100)]
rpcd: update to version 2017-11-12
a0231be8fbc61 fix memory leak in packagelist
4e483312b0216 sys: add packagelist method
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Antony Black [Thu, 2 Nov 2017 10:53:26 +0000 (13:53 +0300)]
brcm47xx: fix switch port mapping on D-Link DIR-330
D-Link DIR-330 is clone of ASUS WL500GP2, by default conf the WAN port is
eth1, it's not working cus eth1 not soldered and wan port function
performs 5th port of the switch.
Signed-off-by: Antony Black <gtrtfm@gmail.com>
Felix Fietkau [Sat, 11 Nov 2017 12:15:24 +0000 (13:15 +0100)]
wireguard: fix portability issue
Check if the compiler defines __linux__, instead of assuming that the
host OS is the same as the target OS.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 11 Nov 2017 12:01:50 +0000 (13:01 +0100)]
wireguard: move to kernel build directory
It builds a kernel module, so its build dir should be target specific
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Kevin Darbyshire-Bryant [Thu, 16 Nov 2017 19:09:33 +0000 (19:09 +0000)]
wireguard: bump to 0.0.
20171111
edaad55 (tag: 0.0.
20171111) version: bump snapshot
7a989b3 tools: allow for NULL keys everywhere
46f8cbc curve25519: reject deriving from NULL private keys
9b43542 tools: remove ioctl cruft
f6cea8e allowedips: rename from routingtable
23f553e wg-quick: allow for tabs in keys
ab9befb netlink: make sure we reserve space for NLMSG_DONE
73405c0 compat: 4.4.0 has strange ECN function
868be0c wg-quick: stat the correct enclosing folder of config file
ceb11ba qemu: bump kernel version
0a8e173 receive: hoist fpu outside of receive loop
bee188a qemu: more debugging
f1fdd8d device: wait for all peers to be freed before destroying
2188248 qemu: check for memory leaks
c77a34e netlink: plug memory leak
0ac8efd device: please lockdep
a51e196 global: revert checkpatch.pl changes
65c49d7 Kconfig: remove trailing whitespace
Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Hans Dedecker [Wed, 15 Nov 2017 21:07:06 +0000 (22:07 +0100)]
procd: update to latest git HEAD (fixes and improvements)
d9dc0e0 service: fix calls to blobmsg_parse()
5db8f70 procd: add missing new lines inside debug code
8d5d29c service: fix SERVICE_ATTR_NAME usage in service_handle_set
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Peter Wagner [Thu, 9 Nov 2017 23:35:35 +0000 (00:35 +0100)]
openssl: update to 1.0.2m
don't set no-ssl3-method when CONFIG_OPENSSL_WITH_SSL3 di disabled otherwise the compile breaks with this error:
../libssl.so: undefined reference to `SSLv3_client_method'
Fixes CVE: CVE-2017-3735, CVE-2017-3736
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Jo-Philipp Wich [Wed, 19 Jul 2017 08:39:10 +0000 (10:39 +0200)]
brcm47xx: fix switch port mapping on Asus RT-N12 and RT-N16 models
On Asus RT-N12 and RT-N16 models, the WAN and LAN4 ports are swapped in the
initial switch configuration since the presets present in nvram appear to be
wrong.
Add special casing for these models to detect_by_model() in order to ensure
a proper switch configuration.
Fixes FS#502.
(cherry picked from commit
96ed69101da254b0cb61a0dfc42bd48d27bfacb9
and squashed with commit
f2fdd68664cdf09075e6f18b20946e41a22284b2)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rafał Miłecki [Thu, 9 Nov 2017 16:27:41 +0000 (17:27 +0100)]
rpcd: update to the latest version from 2017-11-09
9a8640183c031 plugin: use RTLD_LOCAL instead of RTLD_GLOBAL when loading library
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hans Dedecker [Thu, 9 Nov 2017 17:04:58 +0000 (18:04 +0100)]
mountd: bump to git HEAD version (optimization fixes)
7826ca5 mount: add mount with ignore=1 for unsupported filesystems
75e7412 mount: drop duplicated filesystem check from mount_add_list
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Marko Ratkaj [Tue, 7 Nov 2017 05:48:09 +0000 (06:48 +0100)]
functions.sh: fix default_postinst function
When we run "opkg install" on a package that installs an uci-defaults
script, functions.sh will fail to evaluate that script in its
default_postinst function.
This happens because there is no "./" present and it searches for the
file in paths specified by the PATH variable. This would work on bash,
but it will not work on ash and some other shells like sh, zsh. This
applys to the ". filename" directive used in this case.
This patch will make the path relative to the /etc/uci-defaults
directory.
Fixes: FS#1021
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Kevin Darbyshire-Bryant [Fri, 3 Nov 2017 17:01:32 +0000 (17:01 +0000)]
wireguard: version bump to 0.0.
20171101
Update wireguard to latest snapshot:
9fc5daf version: bump snapshot
748ca6b compat: unbreak unloading on kernels 4.6 through 4.9
7be9894 timers: switch to kees' new timer_list functions
6be9a66 wg-quick: save all hooks on save
752e7af version: bump snapshot
2cd9642 wg-quick: fsync the temporary file before renaming
b139499 wg-quick: allow for saving existing interface
582c201 contrib: add reresolve-dns
8e04be1 tools: correct type for CTRL_ATTR_FAMILY_ID
c138276 wg-quick: allow for the hatchet, but not by default
d03f2a0 global: use fewer BUG_ONs
6d681ce timers: guard entire setting in block
4bf32ca curve25519: only enable int128 if compiler support is sound
86e06a3 device: expand scope of destruct lock
e3661ab global: get rid of useless forward declarations
bedc77a device: only take reference if netns is different
7c07e22 wg-quick: remember to rewind DNS settings on failure
2352ec0 wg-quick: allow specifiying multiple hooks
573cb19 qemu: test using four cores
e09ec4d global: style nits
4d3deae qemu: work around ccache bugs
7491cd4 global: infuriating kernel iterator style
78e079c peer: store total number of peers instead of iterating
d4e2752 peer: get rid of peer_for_each magic
6cf12d1 compat: be sure to include header before testing
3ea08d8 qemu: allow for cross compilation
d467551 crypto/avx: make sure we can actually use ymm registers
c786c46 blake2: include headers for macros
328e386 global: accept decent check_patch.pl suggestions
a473592 compat: fix up stat calculation for udp tunnel
9d930f5 stats: more robust accounting
311ca62 selftest: initialize mutex in routingtable selftest
8a9a6d3 netns: use time-based test instead of quantity-based
e480068 netns: use read built-in instead of ncat hack for dmesg
Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Florian Beier [Wed, 25 Oct 2017 18:12:24 +0000 (20:12 +0200)]
ar71xx: fix LED config for DIR-869 A1
This fixes the LED configuration for the D-Link DIR-869 A1. In order to
support the device I probed around using an initramfs image for the
UniFi AC. Pulling GPIO 15 to low enabled the LEDs while high disabled them.
GPIO 16 set to low meant that the color was white while pulling it to high
made the color change to orange. The past code was written based upon these
findings.
However, running a flashed image I now discovered that GPIO 15 controls the
orange LEDs while GPIO 16 controls the white ones and that both are active
when low. This means that the GPIOs were inverted and one active_low was set
wrong which this patch fixes.
Behavior of the LED front after this patch is applied:
cat /sys/devices/platform/leds-gpio/leds/d-link:white:status/brightness
0 -> white LEDs are OFF
255 -> white LEDs are ON
cat /sys/devices/platform/leds-gpio/leds/d-link:orange:status/brightness
0 -> orange LEDs are OFF
255 -> orange LEDs are ON
If the brightness of both is set to 255 the LED front will be white.
If the brightness of both is set to 0 the LED front will be off.
Signed-off-by: Florian Beier <beier.florian@gmail.com>
Stefan Lippers-Hollmann [Mon, 30 Oct 2017 03:28:34 +0000 (04:28 +0100)]
ipq806x: nbg6817: sync MAC addresses to the upstream values
The ZyXEL NBG6817 calculates all MAC addresses based on the ethaddr
value stored in the U-Boot environment (0:APPSBLENV). No MAC addresses
are stored in the ART partition and the generated MAC addresses for the
wlan interfaces alternate randomly between 12:34:56:78:90:12 and
00:03:7f:12:34:56.
interface new/ OEM MAC old MAC
wlan-2.4g (phy1): ethaddr undefined
wlan-5g (phy0): ethaddr + 1 undefined
lan : ethaddr + 2 ethaddr
wan : ethaddr + 3 ethaddr + 1
This patch defines stable MAC addresses for the wlan interfaces for
the first time instead of generating them at random. The previously
defined values for lan/ wan are changed to follow the settings of the
OEM firmware.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Stefan Lippers-Hollmann [Thu, 19 Oct 2017 19:40:26 +0000 (21:40 +0200)]
ipq806x: nbg6817: add kmod-fs-ext4 to device packages
The ZyXEL NBG6817 uses an eMMC flash for the rootfs, which is split
into the readonly squashfs and ext4 for the overlay. This adds the
required package to the device packages to allow mounting the overlay
by default.
/dev/root on /rom type squashfs (ro,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,noatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,noatime)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noatime)
/dev/loop0 on /overlay type ext4 (rw,noatime,data=ordered)
overlayfs:/overlay on / type overlay (rw,noatime,lowerdir=/,upperdir=/overlay/upper,workdir=/overlay/work)
tmpfs on /dev type tmpfs (rw,nosuid,relatime,size=512k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
debugfs on /sys/kernel/debug type debugfs (rw,noatime)
mountd(pid1040) on /tmp/run/blockd type autofs (rw,relatime,fd=7,pgrp=1,timeout=30,minproto=5,maxproto=5,indirect)
Before this commit, the ext4 based overlayfs could not be mounted,
which left only the tmpfs based/ volatile emergency overlay in place.
Fixes: https://forum.lede-project.org/t/zyxel-nbg6817-flashing-from-oem/768
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Felix Fietkau [Thu, 2 Nov 2017 21:53:12 +0000 (22:53 +0100)]
uclient: update to the latest version, fixes fetch of multiple files
4b87d83 uclient-fetch: fix overloading of output_file variable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Edmunt Pienkowsky [Sat, 21 Oct 2017 09:07:43 +0000 (11:07 +0200)]
ramips: fix Youku-YK1 support
Remove the ephy-pins from the ethernet device tree node. The ephy-pins
are useed to controll the ePHY LEDs and this board doesn't have these.
Instead one of the ePHY pins is used in GPIO mode to control the WAN
LED.
Use the switch LED trigger to control the WAN LED. Move the power LED
handling to diag.sh to show the boot status via this LED.
Add the missing kernel packages for USB and microSD card reader to the
default package selection.
Fix the maximum image size value. The board has a 32MByte flash chip.
Fixes: FS#1055
Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
[make the commit message more verbose, remove GPIO pinmux for pins not
used as GPIOs]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Alex Maclean [Mon, 23 Oct 2017 12:48:19 +0000 (13:48 +0100)]
tools/squashfs4: include sysmacros.h explicitly
glibc is moving to remove the include of sys/sysmacros.h from
sys/types.h, and some distros have done this early. Other libcs may
already lack this include. Include sysmacros.h explicitly.
Fixes: FS#1017
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
[refresh patches]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Alex Maclean [Mon, 23 Oct 2017 12:47:55 +0000 (13:47 +0100)]
tools/squashfs: include sysmacros.h explicitly
glibc is moving to remove the include of sys/sysmacros.h from
sys/types.h, and some distros have done this early. Other libcs may
already lack this include. Include sysmacros.h explicitly.
Fixes: FS#1018
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
Alex Maclean [Mon, 23 Oct 2017 12:47:33 +0000 (13:47 +0100)]
tools/mtd-utils: include sysmacros.h explicitly
glibc is moving to remove the include of sys/sysmacros.h from
sys/types.h, and some distros have done this early. Other libcs may
already lack this include. Include sysmacros.h explicitly.
Fixes: FS#1015
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
[refresh patches]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Alex Maclean [Mon, 23 Oct 2017 12:43:43 +0000 (13:43 +0100)]
tools/findutils: include sysmacros.h explicitly
glibc is moving to remove the include of sys/sysmacros.h from
sys/types.h, and some distros have done this early. Other libcs may
already lack this include. Include sysmacros.h explicitly.
Fixes: FS#1016
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
Jo-Philipp Wich [Mon, 10 Jul 2017 08:53:29 +0000 (10:53 +0200)]
dnsmasq: restore ability to include/exclude raw device names
Commit
5cd88f4 "dnsmasq: remove use of uci state for getting network ifname"
broke the ability to specify unmanaged network device names for inclusion
and exclusion in the uci configuration.
Restore support for raw device names by falling back to the input value
when "network_get_device" yields no result.
Fixes FS#876.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
a89c36b50875e61c790113d3adee10621575788a)
Mathias Kresin [Wed, 25 Oct 2017 06:32:00 +0000 (08:32 +0200)]
lantiq: add missing default lan interface
With removing the boards from the the default case to fix the xDSL WAN
MAC-Address, the setting for the default LAN interface wasn't added.
Fixes: 92a12c434ca3 ("lantiq: fix avm fritz box mac addresses")
Signed-off-by: Mathias Kresin <dev@kresin.me>
Tolga Cakir [Tue, 24 Oct 2017 20:03:33 +0000 (22:03 +0200)]
ipq806x: fix Zyxel NBG6817 WiFi button
Zyxel NBG6817 features a WiFi button, which becomes functional by setting
correct GPIO. It is a switch-type button, so it emits KEY_RFKILL on each ON
and OFF state. This is achieved by setting input-type to EV_SW.
Signed-off-by: Tolga Cakir <tolga@cevel.net>
Alberto Bursi [Sat, 21 Oct 2017 21:53:49 +0000 (23:53 +0200)]
ramips: fix default usb support for nexx wt3020-8M
the nexx wt3020-8M has a usb 2.0 port,
add usb 2.0 support packages to its default package list.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Matthias Schiffer [Mon, 23 Oct 2017 21:48:25 +0000 (23:48 +0200)]
opkg: bump to 2017-10-23 (lede-17.01)
A lede-17.01 branch for bugfix backports has been added to the opkg-lede
repo.
c6caf07 pkg_parse: fix segfault when parsing descriptions with leading newlines
5bb5fd5 opkg: add --no-check-certificate argument
7a96972 libbb: xreadlink: fix memory leak on failure case
3f13edd pkg_run_script: use pkg->dest in half installed case
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Mathias Kresin [Wed, 18 Oct 2017 04:59:38 +0000 (06:59 +0200)]
lantiq: ARV752DPW22: fix wireless mac address
The ARV752DPW22 has the same generic mac address in the EEPROM as it
was already noticed for other lantiq boards using a ralink wireless.
Use the base mac address from the boardconfig partition as it is done
by the stock firmware.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Mon, 16 Oct 2017 20:36:35 +0000 (22:36 +0200)]
lantiq: ARV752DPW22: set correct wireless led trigger
The ARV752DPW22 has a ralink based wireless and can not use the ath9k
only phy0tpt trigger.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Kevin Darbyshire-Bryant [Wed, 18 Oct 2017 15:17:28 +0000 (16:17 +0100)]
kernel: bump 4.4 to 4.4.93 for 17.01
Refresh patches.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on ar71xx - Archer C7 v2
Fixes CVE-2017-15265.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
[remove 2nd CVE as it was fixed in mac80211 in commit
bff16304b0bf]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Hans Dedecker [Wed, 18 Oct 2017 12:17:48 +0000 (14:17 +0200)]
mountd: bump to git HEAD version (fixes SIGSEV crashes)
6efeb19 autofs: register SIGTERM for gracefull exit
01bb2b0 mount: fix SIGSEV crashes
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Stijn Tintel [Wed, 18 Oct 2017 08:54:32 +0000 (11:54 +0300)]
LEDE v17.01.4: revert to branch defaults
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Wed, 18 Oct 2017 08:54:32 +0000 (11:54 +0300)]
LEDE v17.01.4: adjust config defaults
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Jason A. Donenfeld [Tue, 17 Oct 2017 17:34:20 +0000 (19:34 +0200)]
wireguard: version bump to 0.0.
20171017
This is a simple version bump. Changes:
* noise: handshake constants can be read-only after init
* noise: no need to take the RCU lock if we're not dereferencing
* send: improve dead packet control flow
* receive: improve control flow
* socket: eliminate dead code
* device: our use of queues means this check is worthless
* device: no need to take lock for integer comparison
* blake2s: modernize API and have faster _final
* compat: support READ_ONCE
* compat: just make ro_after_init read_mostly
Assorted cleanups to the module, including nice things like marking our
precomputations as const.
* Makefile: even prettier output
* Makefile: do not clean before cloc
* selftest: better test index for rate limiter
* netns: disable accept_dad for all interfaces
Fixes in our testing and build infrastructure. Now works on the 4.14 rc
series.
* qemu: add build-only target
* qemu: work on ubuntu toolchain
* qemu: add more debugging options to main makefile
* qemu: simplify shutdown
* qemu: open /dev/console if we're started early
* qemu: phase out bitbanging
* qemu: always create directory before untarring
* qemu: newer packages
* qemu: put hvc directive into configuration
This is the beginning of working out a cross building test suite, so we do
several tricks to be less platform independent.
* tools: encoding: be more paranoid
* tools: retry resolution except when fatal
* tools: don't insist on having a private key
* tools: add pass example to wg-quick man page
* tools: style
* tools: newline after warning
* tools: account for padding being in zero attribute
Several important tools fixes, one of which suppresses a needless warning.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit
f6c4a9c045797d9be12310eebc6341050fd260ce)
Stijn Tintel [Tue, 17 Oct 2017 13:35:03 +0000 (16:35 +0300)]
hostapd: add wpa_disable_eapol_key_retries option
Commit
b6c3931ad6554357a108127797c8d7097a93f18f introduced an AP-side
workaround for key reinstallation attacks. This option can be used to
mitigate KRACK on the station side, in case those stations cannot be
updated. Since many devices are out there will not receive an update
anytime soon (if at all), it makes sense to include this workaround.
Unfortunately this can cause interoperability issues and reduced
robustness of key negotiation, so disable the workaround by default, and
add an option to allow the user to enable it if he deems necessary.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
c5f97c9372da3229350184fb263c97d9ea8944c5)
Stijn Tintel [Tue, 17 Oct 2017 14:54:59 +0000 (17:54 +0300)]
hostapd: backport extra changes related to KRACK
While these changes are not included in the advisory, upstream
encourages users to merge them.
See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html
Added 013-Add-hostapd-options-wpa_group_update_count-and-wpa_p.patch so
that 016-Optional-AP-side-workaround-for-key-reinstallation-a.patch
applies without having to rework it.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Mon, 16 Oct 2017 22:49:58 +0000 (01:49 +0300)]
mac80211: backport kernel fix for CVE-2017-13080
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
2f701194c29da50bfda968a83c6609843f74a7f4)
Jo-Philipp Wich [Mon, 16 Oct 2017 15:21:43 +0000 (17:21 +0200)]
x86: partly revert
cabf775
The subtarget cleanups made in
cabf775 "x86: Refresh subtargets kernel config"
removed some important symbol disable statements, so revert the changes to the
subtarget configs for now.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Ryan Mounce [Tue, 7 Mar 2017 13:41:42 +0000 (00:11 +1030)]
mac80211: Update wireless-regdb to master-2017-03-07
The short log of changes since the 2016-06-10 release is below.
Jouni Malinen (1):
wireless-regdb: Remove DFS requirement for India (IN)
Ryan Mounce (1):
wireless-regdb: Update rules for Australia (AU) and add 60GHz rules
Seth Forshee (2):
wireless-regdb: Update 5 GHz rules for Canada
wireless-regdb: update regulatory.bin based on preceding changes
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
(cherry picked from commit
8b12e62e9cd6ba2e3bb2e7f2555180df0173c7c6)
Jason A. Donenfeld [Fri, 13 Oct 2017 15:05:18 +0000 (17:05 +0200)]
wireguard: add wireguard to base packages
Move wireguard from openwrt/packages to base a package.
This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving
experimental kernel module that many find essential and useful. The
other is a VPN client. Both are inside of core. When you combine the two
characteristics, you get WireGuard. Generally speaking, because of the
extremely lightweight nature and "stateless" configuration of WireGuard,
many view it as a core and essential utility, initiated at boot time
and immediately configured by netifd, much like the use of things like
GRE tunnels.
WireGuard has a backwards and forwards compatible Netlink API, which
means the userspace tools should work with both newer and older kernels
as things change. There should be no versioning requirements, therefore,
between kernel bumps and userspace package bumps.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
699c6fcc314225f79156a26db418e15bbc6bf10f)
Felix Fietkau [Mon, 16 Oct 2017 10:46:58 +0000 (12:46 +0200)]
brcmfmac: backport length check in brcmf_cfg80211_escan_handler()
Fixes CVE-2017-0786
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Stijn Tintel [Mon, 16 Oct 2017 10:32:51 +0000 (13:32 +0300)]
kernel: bump 4.4 to 4.4.92
Refresh patches.
Fixes the following CVEs:
- CVE-2017-
1000252
- CVE-2017-12153
- CVE-2017-12154
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Felix Fietkau [Mon, 16 Oct 2017 10:07:31 +0000 (12:07 +0200)]
ramips: fix compile warning in MT7621 NAND driver
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 16 Oct 2017 10:15:08 +0000 (12:15 +0200)]
ramips: fix typo in MT7621 NAND driver
Signed-off-by: Felix Fietkau <nbd@nbd.name>