Permalink
Commits on Feb 9, 2018
  1. procd: update to latest git HEAD

    dedeckeh committed Feb 9, 2018
    9a4036f trace: add missing limits.h include
    
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commits on Feb 3, 2018
  1. ar71xx: /lib/ar71xx.sh: add model detection for TP-Link TL-WR810N

    NeoRaider committed Feb 3, 2018
    Properly report the revision in /tmp/sysinfo/model.
    
    Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Commits on Jan 26, 2018
  1. iptables: make kmod-ipt-debug part of default ALL build

    yousong committed Jan 26, 2018
    The iptables TRACE target is only available in raw table that's why the
    dependency was moved from iptables-mod-trace into kmod-ipt-debug
    
    Fixes FS#1219
    
    Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
  2. iptables: Fix target TRACE issue

    mwetterw authored and yousong committed Jan 12, 2017
    The package kmod-ipt-debug builds the module xt_TRACE, which allows
    users to use '-j TRACE' as target in the chain PREROUTING of the table
    raw in iptables.
    
    The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
    that this feature which is implemented deep inside the linux IP stack
    (for example in sk_buff) is compiled.
    
    But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
    that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
    fails as this dynamic library is not present on the system.
    
    I created the package iptables-mod-trace which takes care of that, and
    target TRACE now works!
    
    https://dev.openwrt.org/ticket/16694
    https://dev.openwrt.org/ticket/19661
    
    Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
    [Jo-Philipp Wich: also remove trace extension from builtin extension list
                      and depend on kmod-ipt-raw since its required for rules]
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
    Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
Commits on Jan 24, 2018
  1. curl: fix libcurl/mbedtls async interface

    daztucker authored and dedeckeh committed Jan 20, 2018
    When using mbedtls, curl's nonblocking interface will report a request
    as done immediately after the socket is written to and never read from
    the connection.  This will result in a HTTP status code of 0 and zero
    length replies.  Cherry-pick the patch from curl 7.53.0 to fix this
    (curl/curl@b993d2c).
    
    Fixes https://bugs.openwrt.org/index.php?do=details&task_id=1285.
    
    Signed-off-by: Darren Tucker <dtucker@dtucker.net>
Commits on Jan 22, 2018
  1. kernel: bump 4.4 to 4.4.112 for 17.01

    Kevin Darbyshire-Bryant authored and blogic committed Jan 18, 2018
    Refresh patches.
    Remove upstreamed patches:
    
    target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
    target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
    target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
    target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
    
    CVEs completely or partially addressed:
    
    CVE-2017-5715
    CVE-2017-5753
    CVE-2017-17741
    CVE-2017-1000410
    
    Compile-tested: ar71xx Archer C7 v2
    Run-tested: ar71xx Archer C7 v2
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Commits on Jan 20, 2018
  1. dnsmasq: backport validation fix in dnssec security fix

    Kevin Darbyshire-Bryant authored and jow- committed Jan 20, 2018
    A DNSSEC validation error was introduced in the fix for CVE-2017-15107
    
    Backport the upstream fix to the fix (a simple typo)
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
    (backported from commit adaf1cb)
Commits on Jan 19, 2018
  1. dnsmasq: backport dnssec security fix for 17.01

    Kevin Darbyshire-Bryant authored and dedeckeh committed Jan 19, 2018
    CVE-2017-15107
    
    An interesting problem has turned up in DNSSEC validation. It turns out
    that NSEC records expanded from wildcards are allowed, so a domain can
    include an NSEC record for *.example.org and an actual query reply could
    expand that to anything in example.org  and still have it signed by the
    signature for the wildcard. So, for example
    
    !.example.org NSEC zz.example.org
    
    is fine.
    
    The problem is that most implementers (your author included, but also
    the Google public DNS people, powerdns and Unbound) then took that
    record to prove the nothing exists between !.example.org and
    zz.example.org, whereas in fact it only provides that proof between
    *.example.org and zz.example.org.
    
    This gives an attacker a way to prove that anything between
    !.example.org and *.example.org doesn't exists, when it may well do so.
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Commits on Jan 17, 2018
  1. mountd: bump to git HEAD version

    dedeckeh committed Jan 17, 2018
    c54e5c6 mount: check if block was mounted before cleaning it up
    e31565a mount: remove directory if mounting fails
    0f4f20b mount: call hotplug mount scripts only on success
    
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
  2. kernel: bump 4.4 to 4.4.111 for 17.01

    Kevin Darbyshire-Bryant authored and blogic committed Jan 10, 2018
    Refresh patches
    
    Tested-on: ar71xx Archer C7 v2
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Commits on Jan 16, 2018
  1. kmod-sched-cake: bump to latest cake bake for 17.01

    Kevin Darbyshire-Bryant authored and dedeckeh committed Jan 8, 2018
    More important bug fix:
    
    402f05c Use full-rate mtu_time in all tins.  Fixes an issue where some
    cake tins experienced excessive latency since 49776da (dynamically
    adjust target)
    
    Minor bug fixes:
    
    31277c2 Avoid unsigned comparison against zero.  Fix compiler warning,
    no known impact.
    8cf5278 ack_filter: fix TCP flag check. A very contrived case may have
    lead to dropping a SYN packet that should not be dropped.
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Commits on Jan 13, 2018
  1. ar71xx: Netgear WNR2000v4: do not include USB packages [17.01]

    Stijn Segers authored and jow- committed Jan 13, 2018
    The Netgear WNR2000v4 does not have a USB port. Hence, including USB packages into the default images is useless.
    It looks like the WNR2000v4 definition in master is OK.
    
    v2 fixes the silly typo in the patch title (WNR2000v4 instead of WNR200v4)
    
    Signed-off-by: Stijn Segers <foss@volatilesystems.org>
  2. build: fix restoring /etc/opkg with PER_DEVICE_ROOTFS

    jow- committed Jan 10, 2018
    When generating per-device rootfs directories, the ./etc/opkg/ directory
    is moved away prior to calling opkg install, opkg remove and rootfs_prepare.
    After the opkg invocations and the rootfs_prepare macro call, the saved opkg
    config directory is supposed to be moved back to its previous ./etc/opkg
    location.
    
    The mv command however can fail to properly restore the directory under
    certain circumstances, e.g. when the prior opkg or files/ overlay copy
    operations caused a new ./etc/opkg/ directory to be created.
    
    In this case, the backed up directory (named target-dir-$hash.opkg) will be
    moved into the preexisting ./etc/opkg/ directory instead, causing the opkg
    configuration to be located in a wrong path on the final rootfs, e.g. in
    /etc/opkg/target-dir-$hash.opkg/distfeeds.conf instead of
    /etc/opkg/distfeeds.conf.
    
    Solve this problem by replacing the naive "mv" command with a recursive
    "cp -T" invocation which causes the backed up directory tree to get merged
    with the destination directory in case it already exists.
    
    Also perform the rootfs_prepare macro call after restoring the opkg
    configuration, to allow users to override it again by using the files/
    overlay mechanism.
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
    (cherry picked from commit ab1785b)
Commits on Jan 9, 2018
  1. ramips: fix lenovo newifi-y1 switch and LED config

    981213 authored and mkresin committed Dec 29, 2017
    There are 3 ethernet ports on Y1. LAN1 on port1, LAN2 on port0 and WAN on
    port4.
    
    Use a standalone switch configuration to match this and use the switch
    trigger so that LAN LED could indicate the connetction status for both
    lan ports correctly.
    
    This patch also drop the internet led configuration, because there is a
    WAN led for port4 and eth0.2 isn't always used as WAN.
    
    Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
  2. ramips: firewrt: indicate boot status via LED

    mkresin committed Dec 30, 2017
    Add the Firefly FireWRT gree power LED to diag.sh to indicate the boot
    status via the power LED.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  3. ag71xx: Fix rx ring buffer stall on small packets flood on qca956x an…

    VittGam authored and NeoRaider committed Mar 25, 2017
    …d qca953x.
    
    Backported from Code Aurora QSDK
    
    Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
  4. ar71xx: QCA956X: add missing register

    heinzek authored and NeoRaider committed Jan 6, 2017
    Signed-off-by: Henryk Heisig <hyniu@o2.pl>
Commits on Jan 8, 2018
  1. mvebu: fix mvneta build with Linux 4.4.110

    jow- committed Jan 8, 2018
    Kernel 4.4.109 added pp->link, pp->duplex and pp->speed setters to
    mvneta_port_disable() which the mvneta patchset failed to patch out after
    rebasing, leading to the following build error:
    
          CC      drivers/net/ethernet/marvell/mvneta.o
        drivers/net/ethernet/marvell/mvneta.c: In function 'mvneta_port_disable':
        drivers/net/ethernet/marvell/mvneta.c:1199:4: error: 'struct mvneta_port' has no member named 'link'
          pp->link = 0;
            ^
        drivers/net/ethernet/marvell/mvneta.c:1200:4: error: 'struct mvneta_port' has no member named 'duplex'
          pp->duplex = -1;
            ^
        drivers/net/ethernet/marvell/mvneta.c:1201:4: error: 'struct mvneta_port' has no member named 'speed'
          pp->speed = 0;
            ^
    
    Fix the issue by rebasing 134-net-mvneta-convert-to-phylink.patch to remove
    these struct member accesses as well.
    
    Fixes: 7f5a040 ("kernel: update kernel 4.4 to version 4.4.110")
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commits on Jan 7, 2018
  1. lantiq: activate noise margin delta for VDSL too

    hauke committed Jan 6, 2018
    Previously this was only activated for ADSL, this patch activates the
    same setting also for VDSL, this feature is also support for VDSL in the
    same way it works for ADSL.
    I tested it with DSL FW 5.7.9.5.1.7 against a Broadcom 177.140 DSLCO
    (Deutsche Telekom) and saw different data rates and Max. Attainable Data
    Rates depending on the ds_snr_offset settings I choose.
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  2. Lantiq: make possible to tweak DSL SRN from UCI

    andreamerello authored and hauke committed May 13, 2017
    This patch makes possible to tweak the downstream SNR margin on
    Lantiq DSL devices.
    
    The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR
    margin offset. It accepts values in range -50 to +50 in 0.1 dB units.
    
    The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB
    steps.
    
    Currently this should only affect ADSL (not VDSL). It should be very
    easy to make this work also on VDSL lines, but since I couldn't test
    on VDSL lines this patch does not do that yet.
    
    I have also a patch for LUCI about this, that I could submit.
    
    Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line.
    
    Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
  3. libubox: update to latest lede-17.01 git HEAD

    jow- committed Jan 7, 2018
    1dafcd7 jshn: properly support JSON "null" type
    6abafba jshn: read and write 64-bit integers
    cfc75c5 runqueue: fix use-after-free bug
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
  4. kernel: update kernel 4.4 to version 4.4.110

    hauke committed Jan 6, 2018
    This fixes:  CVE-2017-5754
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commits on Jan 5, 2018
  1. brcm47xx: relocate the stack in loader

    hauke committed Oct 8, 2017
    By default we are reusing the stack provided by CFE, like it is intended
    by CFE. On my WRT54GS it is located at 0x8043BF30, so a big kernel image
    could overwrite it. Relocate it to a different memory region which is
    still under the 8MB RAM, but in the higher area. We only need this
    memory region for the stack of the loader, Linux will set up this
    for its own.
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  2. brcm47xx: relocate loader to higher address

    hauke committed Oct 8, 2017
    The boot process on a WRT54GL works the following way:
    1. CFE gets loaded by the boot rom from flash
    2. CFE loads the loader from the flash and gzip uncompresses it
    3. CFE starts the loader
    4. The loader stores the FW arguments and relocates itself to
       BZ_TEXT_START (now 0x80600000)
    5. The loader reads the Linux image from flash
    6. The loader lzma decompresses the Linux image to LOADADDR (0x80001000)
    7. The loader executes the uncompress Linux image at LOADADDR
    
    The BZ_TEXT_START was set to 0x80400000 before. When the kernel gets
    uncompressed and is bigger than BZ_TEXT_START - LOADADDR it overwrote
    the loader which was currently uncompressing it and made the board
    crash. Increase the BZ_TEXT_START my 2 MB to have more space for the
    kernel. Even on 16MB RAM devices the memory goes till 0x80FFFFFF so this
    should not be a problem.
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  3. fstools: backport fix from master branch

    Rafał Miłecki
    Rafał Miłecki committed Jan 5, 2018
    37762ff libfstools: support file paths longer than 255 chars
    
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Commits on Jan 4, 2018
  1. procd: update to latest git HEAD

    dedeckeh committed Jan 4, 2018
    1883530 procd: Fix minor null pointer dereference.
    9085551 procd: initd: fix path allocation in early_insmod
    
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commits on Jan 2, 2018
  1. brcm47xx: image: build firmware for Asus WL-500g Deluxe

    Rafał Miłecki
    Rafał Miłecki committed Dec 27, 2017
    It's a device based on BCM5365P (0x5365 package 0x00). This SoC has
    USB 1.1 controller but device has two USB 2.0 parts. They are handled by
    PCI-based controllers: 1106:3038 UHCI and 1106:3104 EHCI.
    
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  2. Revert "iptables: fix nftables compile issue (FS#711)"

    dedeckeh committed Jan 2, 2018
    This reverts commit da126d5 as the iptables patch does not apply cleanly.
    
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
  3. iptables: fix nftables compile issue (FS#711)

    rektide authored and dedeckeh committed Dec 14, 2017
    Enabling IPTABLES_NFTABLES resulted in an error during build:#
    *** No rule to make target '../extensions/libext.a',
    needed by 'xtables-compat-multi'."
    
    Comments from Alexander Lochmann and Fedor Konstantinov in FS#711
    provided fixes for this build error, allowing iptables to compile.
    https://bugs.lede-project.org/index.php?do=details&task_id=711.
    
    This commit updates the Makefile.am xtables_compat_multi_LDFLAGS
    and _LDADD, moving linking of extensions to LDFLAGS.
    
    Signed-off-by: rektide de la faye <rektide@voodoowarez.com>
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commits on Jan 1, 2018
  1. rpcd: backport version 2017-12-07 from master

    dangowrt committed Jan 1, 2018
    cfe1e75c91 sys: packagelist: allow listing all packages
    74a784f037 sys: fix passwd path
    
    Signed-off-by: Daniel Golle <daniel@makrotopia.org>
    (commit 173edcd on master)
  2. uci: update to HEAD of lede-17.01 branch

    jow- committed Jan 1, 2018
    Switch uci to the lede-17.01 branch which contains the following two commits
    cherry-picked from uci master:
    
    141b64e lua: additionally return name when looking up sections
    1e17f24 lua: support extended section notation
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commits on Dec 30, 2017
  1. iproute2: cake: fix patch format error

    Kevin Darbyshire-Bryant authored and mkresin committed Dec 30, 2017
    Fix patch format error introduced in c4e9487
    Refresh patches to tidy fuzz
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Commits on Dec 29, 2017
  1. kernel: bump 4.4 to 4.4.108 for 17.01

    Kevin Darbyshire-Bryant authored and blogic committed Dec 26, 2017
    Refresh patches.
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  2. iproute2: cake: support new operating modes for 17.01

    Kevin Darbyshire-Bryant authored and blogic committed Dec 22, 2017
    There has been recent significant activity with the cake qdisc of late
    Some of that effort is related to upstreaming to kernel & iproute2
    mainline but we're not quite there yet.  This commit teaches tc how to
    activate and interprete the latest cake operating modes, namely:
    
    ingress mode: Instead of only counting packets that make it past the
    shaper, include packets we've decided to drop as well, since they did
    arrive with us on the link and took link capacity.
    This mode is more suitable for shaping the ingress of a link
    (e.g. from ISP) rather than the more normal egress.
    
    ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
    highly assymetric links (downstream v upstream capacity) where the
    majority of upstream link capacity is occupied with ACKS for downstream
    traffic.
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  3. kmod-sched-cake: bump to latest bake of cake for 17.01

    Kevin Darbyshire-Bryant authored and blogic committed Dec 22, 2017
    There has been recent significant activity with the cake qdisc of late
    but in the cobalt branch.  Some of that effort is related to upstreaming
    to kernel & iproute2 mainline but we're not quite there yet.  Relevant
    feature changes:
    
    ingress mode: Instead of only counting packets that make it past the
    shaper, include packets we've decided to drop as well, since they did
    arrive with us on the link and took link capacity.
    This mode is more suitable for shaping the ingress of a link
    (e.g. from ISP) rather than the more normal egress.
    
    ptm mode: Minor optimisation in packet overhead calculation.
    
    dual-src/dsthost/triple-isolate: Optimise only calculating src or dst
    host hashes only if required.
    
    ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
    highly assymetric links (downstream v upstream capacity) where the
    majority of upstream link capacity is occupied with ACKS for downstream
    traffic.
    
    A separate iproute2 patch to teach it about Cake's new features will
    follow.
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>