Permalink
Commits on Jun 8, 2017
  1. build: ensure that flock is available for make download

    nbd168 authored and jow- committed Jun 8, 2017
    It ensures that make download can parallelize downloads, even when some
    packages download the same files (e.g. gcc/initial, gcc/final)
    
    Signed-off-by: Felix Fietkau <nbd@nbd.name>
  2. include/toplevel: set env GIT_ASKPASS=/bin/true

    lynxis authored and jow- committed Jun 7, 2017
    When git-https request a service (e.g. github) which ask for credentials
    git will pass this request to the user resulting download.pl to wait for
    user input. Set GIT_ASKPASS to stop asking.
    
    Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
  3. base-files: network.sh: fix a number of IPv6 logic flaws

    jow- committed Jun 8, 2017
    * Change network_get_subnet6() to sensibly guess a suitable prefix
    
      Attempt to return the first non-linklocal, non-ula range, then attempt
      to return the first non-linklocal range and finally fall back to the
      previous behaviour of simply returning the first found item.
    
    * Fix network_get_ipaddrs_all()
    
      Instead of replicating the flawed logic appending a fixed ":1" suffix
      to IPv6 addresses, rely on network_get_ipaddrs() and network_get_ipaddrs6()
      to build a single list of all interface addresses.
    
    * Fix network_get_subnets6()
    
      Instead of replicating the flawed logic appending a fixed ":1" suffix
      to IPv6 addresses, rely on the ipv6-prefix-assignment.local-address
      field to figure out the proper network address.
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
  4. mwlwifi: update to version 10.3.4.0 / 2017-06-06

    jow- committed Jun 8, 2017
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
  5. automake: import upstream fix for perl 5.26

    dangowrt authored and NeoRaider committed Jun 7, 2017
    Build broke as distributions now include Perl 5.26 and automake
    triggered an "Unescaped left brace in regex" error.
    Import upstream commit 13f00eb449 to fix that.
    
    Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  6. base-files: network.sh: properly report local IPv6 addresses

    jow- committed Jun 8, 2017
    Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to
    fetch the effective local IPv6 address of delegated prefix from the
    "local-address" field instead of naively hardcoding ":1" as static suffix.
    
    Fixes FS#829.
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commits on Jun 7, 2017
  1. kernel: update kernel 4.4 to 4.4.71

    jow- committed Jun 7, 2017
    Fixes the following security vulnerabilities:
    
    CVE-2017-8890
    The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
    Linux kernel through 4.10.15 allows attackers to cause a denial of service
    (double free) or possibly have unspecified other impact by leveraging use
    of the accept system call.
    
    CVE-2017-9074
    The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
    does not consider that the nexthdr field may be associated with an invalid
    option, which allows local users to cause a denial of service (out-of-bounds
    read and BUG) or possibly have unspecified other impact via crafted socket
    and send system calls.
    
    CVE-2017-9075
    The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
    through 4.11.1 mishandles inheritance, which allows local users to cause a
    denial of service or possibly have unspecified other impact via crafted
    system calls, a related issue to CVE-2017-8890.
    
    CVE-2017-9076
    The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
    kernel through 4.11.1 mishandles inheritance, which allows local users to
    cause a denial of service or possibly have unspecified other impact via
    crafted system calls, a related issue to CVE-2017-8890.
    
    CVE-2017-9077
    The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
    through 4.11.1 mishandles inheritance, which allows local users to cause a
    denial of service or possibly have unspecified other impact via crafted
    system calls, a related issue to CVE-2017-8890.
    
    CVE-2017-9242
    The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
    through 4.11.3 is too late in checking whether an overwrite of an skb data
    structure may occur, which allows local users to cause a denial of service
    (system crash) via crafted system calls.
    
    Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
    Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
    Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
    Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
    Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
    Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
    Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commits on Jun 6, 2017
  1. Add missing APU1 reference to x86 board.d

    kristrev authored and jow- committed Jun 5, 2017
    x86 board.d only contains a case for the APU2, not the APU1. This
    causes, for example, network configuration not to be created correctly.
    Even though the APU1 seems to reaching EOL, there a still a lot of them
    out there.
    
    The APU1 and APU2 is configured in the same way and this patch should
    also be considered for stable, as the error also exists there.
    
    Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Commits on Jun 3, 2017
  1. base-files: always set proto passed to _ucidef_set_interface()

    mkresin authored and hauke committed Feb 15, 2017
    Overwrite an already set proto if a new one is passed to
    _ucidef_set_interface() similar to what is done for the interface.
    
    It is required when using ""ucidef_set_interface_wan 'ptm0' 'pppoe'"
    after some initial wan interface configuration is already done by
    ucidef_add_switch.
    
    The "json_is_a protocol string" guard is meant to not reset an earlier
    set interface proto in case something like
    "ucidef_set_interface_lan 'eth0'" is used afterwards.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  2. lantiq: fix broadcasts and vlans in two iface mode

    mkresin authored and hauke committed Feb 24, 2017
    The two phy operation mode where one phy is assigned to an interface
    without lantiq,* device tree property and the other phy is assigned to
    an interface with the lantiq,wan device property was broken with the
    multicast package leaks between vlans fixes.
    
    Move the multicast packages relevant portmap settings to the condition
    which handles multicast packages for better readability.
    
    Replace the priv->port_map based port_map only for the interface which
    has the lantiq,switch device tree property set, to allow tagged
    multicast packages in two phy mode where the lantiq,switch device tree
    property isn't used.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  3. lantiq: select kmod-mt7603 instead of kmod-mt76 for WBMR-300HPD

    nbd168 authored and hauke committed Feb 26, 2017
    Signed-off-by: Felix Fietkau <nbd@nbd.name>
  4. lantiq: use the P2812HNUF* wan port as wan

    mkresin authored and hauke committed Mar 11, 2017
    The port is labeled as wan and was only used as lan port because of the
    "tx ring full" issues fixed with 8f02f7c.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  5. lantiq: xrx200: use vlan for ethernet wan port

    mkresin authored and hauke committed Sep 10, 2016
    Using the lantiq,wan device tree property for one interface node and
    the lantiq,switch device tree property for another interface node at
    the same time was never intended/isn't supported at the moment.
    
    The property is meant to be used in two phy operation mode where one
    phy is assigned to an interface without lantiq,* device tree property
    and the other phy is assigned to an interface with the lantiq,wan
    device property to have two netdevs.
    
    If both properties are used at the same time, the lantiq,wan interface
    is shown as independent netdev but not able to operate independent. The
    port needs to be managed via swconfig. These dependency is not obvious
    and fooled already a lot of users.
    
    Add a default WAN vlan for xrx200 devices having an ethernet WAN port
    and remove the lantiq,wan device tree property. Leave it up to the user
    to set the ethernet WAN port as default WAN interface or to use this
    port as additional LAN port.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
Commits on Jun 1, 2017
  1. x86: disable X2APIC support for legacy subtargets

    jow- committed Jun 1, 2017
    Explicitely disable X2APIC support on legacy targets since the targeted
    processor types do not support it anyway there.
    
    Fixes FS#285.
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
  2. umdns: remove superfluous include in init script

    jow- committed Jun 1, 2017
    The umdns init script includes function/network.sh globally, outside of any
    service procedure. This causes init script activation to fail in buildroot
    and IB context if umdns is set to builtin.
    
    Additionally, the network.sh helper is not actually used.
    
    Drop the entire include in order to repair init script activation in build
    host context. Fixes FS#658.
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
  3. dnsmasq: bump to 2.77

    jow- committed Jun 1, 2017
    This is a cumulative backport of multiple dnsmasq update commits in master.
    
    Drops three LEDE specific patches which are included upstream and another
    patch which became obsolete. Remaining LEDE specific patches are rebased.
    
    Fixes FS#766 - Intermittent SIGSEGV crash of dnsmasq-full.
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
  4. dnsmasq: make tftp root if not existing

    bobafetthotmail authored and jow- committed May 2, 2017
    If there's a TFTP root directory configured, create it with mkdir -p
    (which does not throw an error if the folder exists already)
    before starting dnsmasq. This is useful for TFTP roots in /tmp, for example.
    
    Originally submitted by nfw user aka Nathaniel Wesley Filardo
    
    Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
  5. dnsmasq: use logical interface name for dhcp relay config

    KarlVogel authored and jow- committed Mar 29, 2017
    The relay section should use the logical interface name and
    not the linux network device name directly. This to be
    consistent with other sections of the dnsmasq config where
    'interface' means the logical interface.
    
    Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
  6. dnsmasq: don't point --resolv-file to default location unconditionally

    pprindeville authored and jow- committed Mar 14, 2017
    If noresolv is set, we should not generate a --resolv-file parameter.
    
    Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [minor cleanup]
Commits on May 30, 2017
  1. ar71xx: fix Wallys DR344 GPIO-connected LEDs and button

    pepe2k committed May 29, 2017
    This fixes wrong GPIO numbers for LEDs and button in Wallys DR344 board
    and sets color of all LEDs to green as the mass production boards have
    only green one.
    
    Actually, DR344 has 6 GPIO-connected LEDs and one button:
    
    - GPIO11: status
    - GPIO12: sig1
    - GPIO13: sig2
    - GPIO14: sig3
    - GPIO15: sig4
    - GPIO16: reset button
    - GPIO17: lan
    
    WAN LED is connected directly with AR8035 PHY.
    
    Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
  2. ar71xx: set GE interface as wan by default in Wallys DR344

    pepe2k committed May 29, 2017
    This aligns default network interfaces configuration with vendor
    firmware: GE (eth0) -> wan, FE (eth1) -> lan.
    
    Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
  3. ar71xx: fix GE interface support in Wallys DR344

    pepe2k committed May 29, 2017
    GMAC0 interface of AR9344 SOC in Wallys DR344 board is connected with
    AR8035, not with AR8327. Without this fix, GE interface doesn't work at
    all or shows high packet loss ratio.
    
    Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Commits on May 29, 2017
  1. toolchain/gdb: update to version 7.12.1

    bladeoner authored and NeoRaider committed Feb 5, 2017
    Update gdb to version 7.12.1.
    
    GDB 7.12.1 brings the following fixes and enhancements over GDB 7.12:
    
       * PR tdep/20682 (aarch64 regression: gdb.cp/nextoverthrow.exp)
       * PR server/20733 (Failed to build aarch64_be-linux-gnu GDBserver)
       * PR tdep/20953 (GDB crashes after "set architecture rl78")
       * PR tdep/20954 (GDB crashes if "set architecture rx")
       * PR tdep/20955 (GDB internal error in cris-tdep.c)
       * PR build/20712 (gdb 7.12+ doesn't build as C++ on Solaris)
       * PR breakpoint/20653 (string_to_explicit_location has some weird code)
       * PR build/20753 (MinGW compilation errors due to strcasecmp)
       * PR gdb/20977 (GDB exception handling is broken on i686-w64-mingw32)
       * PR python/21048 (backtrace is broken on i686)
       * PR sim/20808 (mips sim build fails due to undefined SD/CPU variables)
       * PR sim/20809 (mips sim build fails for r3900 cpus)
       * PR gdb/20939 (GDB aborts
    
    Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
  2. usbmode: update usb-modeswitch-data to 20170205

    belzebub40k authored and jow- committed May 24, 2017
    add support for new hardware
    
    Signed-off-by: Julian Labus <julian@labus-online.de>
  3. usbmode: update to latest version

    belzebub40k authored and jow- committed May 24, 2017
    453da8e convert-modeswitch.pl: fix message indices
    
    Signed-off-by: Julian Labus <julian@labus-online.de>
  4. usbmode: Update to latest HEAD

    ffainelli authored and jow- committed Feb 12, 2017
    Brings the following changes:
    
    22f041e18df0 Extend StandardEject sequence to include LUN 1
    61fdf7e9b1cc cmake: Search for libjson-c
    2769852e76b5 cmake: Find libubox/blobmsg_json.h
    8a47c4b6649f add TargetClass support
    
    Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Commits on May 27, 2017
  1. samba: bump PKG_RELEASE

    jow- committed May 27, 2017
    The previous CVE bugfix commit did not adjust PKG_RELEASE, therefor the
    fixed samba package does not appear as opkg update.
    
    Bump the PKG_RELEASE to signify upgrades to downstream users.
    
    Ref: https://forum.lede-project.org/t/sambacry-are-lede-devices-affected/3972/4
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
  2. firewall: resync with master

    jow- committed Feb 19, 2017
    Update to latest Git HEAD in order to import a number of fixes and other
    improvements:
    
    a4d98ae options: remove stray continue statement
    3d2c18a options: improve handling of negations when parsing space separated values
    0e5dd73 iptables: support -i, -o, -s and -d in option extra
    4cb06c7 ubus: increase ubus network interface dump timeout
    e5dfc82 iptables: add exception handling
    f625954 firewall3: add check_snat() function
    7d3d9dc firewall3: display the section type for UBUS rules
    53ef9f1 firewall3: add UBUS support for include scripts
    5cd4af4 firewall3: add UBUS support for ipset sections
    02d6832 firewall3: add UBUS support for forwarding sections
    0a7d36d firewall3: add UBUS support for redirect sections
    d44f418 firewall3: add fw3_attr_parse_name_type() function
    e264c8e firewall3: replace warn_rule() by warn_section()
    6039c7f firewall3: check the return value of fw3_parse_options()
    c328d1f build: use -Wno-format-truncation instead of -Wno-error=format-truncation
    e06e537 utils: replace sprintf use with snprintf to avoid overflows
    533f834 build: disable the format-truncation warning error to fix gcc 7 build errors
    e751cde zones: drop outgoing invalid traffic in masqueraded zones
    d596f72 rules: fix UCI context in error reporting
    1d0564c ubus: fix interface name and proto lookup
    82ccd9e firewall3: fix handling of UTC times
    1949e0c iptables: support xtables API > 11
    
    Fixes FS#548, FS#640, FS#806, FS#811.
    
    Ref: https://forum.lede-project.org/t/nat-leakage-on-tl-wr1043nd-v4/1712
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
  3. mac80211, hostapd: always explicitly set beacon interval

    NeoRaider authored and jow- committed May 13, 2017
    One of the latest mac80211 updates added sanity checks, requiring the
    beacon intervals of all VIFs of the same radio to match. This often broke
    AP+11s setups, as these modes use different default intervals, at least in
    some configurations (observed on ath9k).
    
    Instead of relying on driver or hostapd defaults, change the scripts to
    always explicitly set the beacon interval, defaulting to 100. This also
    applies the beacon interval to 11s interfaces, which had been forgotten
    before. VIF-specific beacon_int setting is removed from hostapd.sh.
    
    Fixes FS#619.
    
    Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
  4. hostapd: add legacy_rates option to disable 802.11b data rates.

    nicklowe authored and jow- committed Mar 27, 2017
    Setting legacy_rates to 0 disables 802.11b data rates.
    Setting legacy_rates to 1 enables 802.11b data rates. (Default)
    
    The basic_rate option and supported_rates option are filtered based on this.
    
    The rationale for the change, stronger now than in 2014, can be found in:
    
    https://mentor.ieee.org/802.11/dcn/14/11-14-0099-00-000m-renewing-2-4ghz-band.pptx
    
    The balance of equities between compatibility with b clients and the
    detriment to the 2.4 GHz ecosystem as a whole strongly favors disabling b
    rates by default.
    
    Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
    Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, defaults change]
  5. ipq806x: fix Netgear X4 R7500 ath10k firmware selection

    reiffert2 authored and jow- committed Mar 17, 2017
    Netgear X4 R7500 comes with a QCA988X. Select a firmware that matches
    the ath10k chipset
    
    Signed-off-by: Thomas Reifferscheid <thomas@reifferscheid.org>
  6. treewide: select ath10k firmware explicit

    mkresin authored and jow- committed Mar 17, 2017
    Do not rely on the default firmware selected by ath10k.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  7. ath10k-firmware: do not select the qca988x by default

    mkresin authored and jow- committed Mar 17, 2017
    Do not select the qca988x by default as soon as kmod-ath10k is
    selected. We do support more ath10k chips than the qca988x in the
    meantime, so this dependency doesn't make sense any longer.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  8. build: fix possible issue with kmod package having multiple AutoLoad's

    yousong committed May 27, 2017
    This commit contains the following changes
    
     - Use local shell var where appliable
     - The $(sort $$$$$$$$mods) call will have no expected effect
     - Avoid EEXIST when creating symlinks in /etc/modules-boot.d/
     - Avoid duplicate arguments for insert_modules() in postinst-pkg
    
    Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Commits on May 26, 2017
  1. kernel: update kernel 4.4 to 4.4.70

    hauke committed May 26, 2017
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>