Commits on Oct 18, 2017
  1. lantiq: ARV752DPW22: fix wireless mac address

    mkresin committed Oct 18, 2017
    The ARV752DPW22 has the same generic mac address in the EEPROM as it
    was already noticed for other lantiq boards using a ralink wireless.
    Use the base mac address from the boardconfig partition as it is done
    by the stock firmware.
    Signed-off-by: Mathias Kresin <>
  2. lantiq: ARV752DPW22: set correct wireless led trigger

    mkresin committed Oct 16, 2017
    The ARV752DPW22 has a ralink based wireless and can not use the ath9k
    only phy0tpt trigger.
    Signed-off-by: Mathias Kresin <>
  3. kernel: bump 4.4 to 4.4.93 for 17.01

    Kevin Darbyshire-Bryant authored and stintel committed Oct 18, 2017
    Refresh patches.
    Compile-tested for ar71xx - Archer C7 v2
    Runtime-tested on  ar71xx - Archer C7 v2
    Fixes CVE-2017-15265.
    Signed-off-by: Kevin Darbyshire-Bryant <>
    [remove 2nd CVE as it was fixed in mac80211 in commit bff1630]
    Signed-off-by: Stijn Tintel <>
  4. mountd: bump to git HEAD version (fixes SIGSEV crashes)

    dedeckeh committed Oct 18, 2017
    6efeb19 autofs: register SIGTERM for gracefull exit
    01bb2b0 mount: fix SIGSEV crashes
    Signed-off-by: Hans Dedecker <>
  5. LEDE v17.01.4: revert to branch defaults

    stintel committed Oct 18, 2017
    Signed-off-by: Stijn Tintel <>
  6. LEDE v17.01.4: adjust config defaults

    stintel committed Oct 18, 2017
    Signed-off-by: Stijn Tintel <>
Commits on Oct 17, 2017
  1. wireguard: version bump to 0.0.20171017

    zx2c4 authored and stintel committed Oct 17, 2017
    This is a simple version bump. Changes:
      * noise: handshake constants can be read-only after init
      * noise: no need to take the RCU lock if we're not dereferencing
      * send: improve dead packet control flow
      * receive: improve control flow
      * socket: eliminate dead code
      * device: our use of queues means this check is worthless
      * device: no need to take lock for integer comparison
      * blake2s: modernize API and have faster _final
      * compat: support READ_ONCE
      * compat: just make ro_after_init read_mostly
      Assorted cleanups to the module, including nice things like marking our
      precomputations as const.
      * Makefile: even prettier output
      * Makefile: do not clean before cloc
      * selftest: better test index for rate limiter
      * netns: disable accept_dad for all interfaces
      Fixes in our testing and build infrastructure. Now works on the 4.14 rc
      * qemu: add build-only target
      * qemu: work on ubuntu toolchain
      * qemu: add more debugging options to main makefile
      * qemu: simplify shutdown
      * qemu: open /dev/console if we're started early
      * qemu: phase out bitbanging
      * qemu: always create directory before untarring
      * qemu: newer packages
      * qemu: put hvc directive into configuration
      This is the beginning of working out a cross building test suite, so we do
      several tricks to be less platform independent.
      * tools: encoding: be more paranoid
      * tools: retry resolution except when fatal
      * tools: don't insist on having a private key
      * tools: add pass example to wg-quick man page
      * tools: style
      * tools: newline after warning
      * tools: account for padding being in zero attribute
      Several important tools fixes, one of which suppresses a needless warning.
    Signed-off-by: Jason A. Donenfeld <>
    (cherry picked from commit f6c4a9c)
  2. hostapd: add wpa_disable_eapol_key_retries option

    stintel committed Oct 17, 2017
    Commit b6c3931 introduced an AP-side
    workaround for key reinstallation attacks. This option can be used to
    mitigate KRACK on the station side, in case those stations cannot be
    updated. Since many devices are out there will not receive an update
    anytime soon (if at all), it makes sense to include this workaround.
    Unfortunately this can cause interoperability issues and reduced
    robustness of key negotiation, so disable the workaround by default, and
    add an option to allow the user to enable it if he deems necessary.
    Signed-off-by: Stijn Tintel <>
    (cherry picked from commit c5f97c9)
  3. hostapd: backport extra changes related to KRACK

    stintel committed Oct 17, 2017
    While these changes are not included in the advisory, upstream
    encourages users to merge them.
    Added 013-Add-hostapd-options-wpa_group_update_count-and-wpa_p.patch so
    that 016-Optional-AP-side-workaround-for-key-reinstallation-a.patch
    applies without having to rework it.
    Signed-off-by: Stijn Tintel <>
Commits on Oct 16, 2017
  1. mac80211: backport kernel fix for CVE-2017-13080

    stintel committed Oct 16, 2017
    Signed-off-by: Stijn Tintel <>
    (cherry picked from commit 2f70119)
  2. x86: partly revert cabf775

    jow- committed Oct 16, 2017
    The subtarget cleanups made in cabf775 "x86: Refresh subtargets kernel config"
    removed some important symbol disable statements, so revert the changes to the
    subtarget configs for now.
    Signed-off-by: Jo-Philipp Wich <>
  3. mac80211: Update wireless-regdb to master-2017-03-07

    rmounce authored and stintel committed Mar 7, 2017
    The short log of changes since the 2016-06-10 release is below.
    Jouni Malinen (1):
          wireless-regdb: Remove DFS requirement for India (IN)
    Ryan Mounce (1):
          wireless-regdb: Update rules for Australia (AU) and add 60GHz rules
    Seth Forshee (2):
          wireless-regdb: Update 5 GHz rules for Canada
          wireless-regdb: update regulatory.bin based on preceding changes
    Signed-off-by: Ryan Mounce <>
    (cherry picked from commit 8b12e62)
  4. wireguard: add wireguard to base packages

    zx2c4 authored and stintel committed Oct 13, 2017
    Move wireguard from openwrt/packages to base a package.
    This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving
    experimental kernel module that many find essential and useful. The
    other is a VPN client. Both are inside of core. When you combine the two
    characteristics, you get WireGuard. Generally speaking, because of the
    extremely lightweight nature and "stateless" configuration of WireGuard,
    many view it as a core and essential utility, initiated at boot time
    and immediately configured by netifd, much like the use of things like
    GRE tunnels.
    WireGuard has a backwards and forwards compatible Netlink API, which
    means the userspace tools should work with both newer and older kernels
    as things change. There should be no versioning requirements, therefore,
    between kernel bumps and userspace package bumps.
    Signed-off-by: Kevin Darbyshire-Bryant <>
    Signed-off-by: Jason A. Donenfeld <>
    Acked-by: Jo-Philipp Wich <>
    Acked-by: Felix Fietkau <>
    (cherry picked from commit 699c6fc)
  5. brcmfmac: backport length check in brcmf_cfg80211_escan_handler()

    nbd168 committed Oct 16, 2017
    Fixes CVE-2017-0786
    Signed-off-by: Felix Fietkau <>
  6. kernel: bump 4.4 to 4.4.92

    stintel committed Oct 16, 2017
    Refresh patches.
    Fixes the following CVEs:
    - CVE-2017-1000252
    - CVE-2017-12153
    - CVE-2017-12154
    Signed-off-by: Stijn Tintel <>
  7. ramips: fix compile warning in MT7621 NAND driver

    nbd168 committed Oct 16, 2017
    Signed-off-by: Felix Fietkau <>
  8. ramips: fix typo in MT7621 NAND driver

    nbd168 committed Oct 16, 2017
    Signed-off-by: Felix Fietkau <>
  9. hostapd: merge fixes for WPA packet number reuse with replayed messag…

    nbd168 committed Oct 16, 2017
    …es and key reinstallation
    - CERT case ID: VU#228519
    - CVE-2017-13077
    - CVE-2017-13078
    - CVE-2017-13079
    - CVE-2017-13080
    - CVE-2017-13081
    - CVE-2017-13082
    - CVE-2017-13086
    - CVE-2017-13087
    - CVE-2017-13088
    For more information see:
    Backport of bbda81c
    Signed-off-by: Felix Fietkau <>
  10. x86/64: add xen DomU support

    Baptiste Jonglez authored and nbd168 committed Jul 15, 2017
    Xen support for x86/generic was added in 296772f.  This commit also
    enables it for x86/64.
    This was successfully tested with Xen 4.5.
    Signed-off-by: Baptiste Jonglez <>
  11. x86: Refresh subtargets kernel config

    Baptiste Jonglez authored and nbd168 committed Jul 15, 2017
    This was done by simply running `make kernel_menuconfig CONFIG_TARGET=subtarget`
    and then saving without changing any option.
    Having consistent kernel config is important to avoid surprises, such
    as the issue fixed with 6f0367c9 (where Xen support was silently
    disabled when building the kernel, although it was present in the
    initial config)
    As far as I understand the build system, this shouldn't have any
    user-visible impact, because the build system already merges the
    various kernel configs during build.
    Signed-off-by: Baptiste Jonglez <>
  12. x86: Fix xen serial console by removing conflicting PATA driver

    Baptiste Jonglez authored and nbd168 committed Jul 15, 2017
    The Xen serial console has been broken since the xen_domu subtarget
    was merged in the generic x86 subtarget (commits 296772f and b36e24f).
    The reason for the broken serial console seems to be an IRQ conflict
    between the serial console driver and the PATA_LEGACY driver:
    [    1.330125] genirq: Flags mismatch irq 8. 00000000 (hvc_console) vs. 00000000 (platform[pata_legacy.4])
    [    1.330134] hvc_open: request_irq failed with rc -16.
    [    1.330148] Warning: unable to open an initial console.
    Just drop the PATA_LEGACY driver from the x86/generic and x86_64
    subtargets, since this driver is marked experimental and only supports
    very old ISA devices anyway.  It is still included in the x86/legacy
    subtarget where it rightfully belongs.
    Fixes: FS#787
    Signed-off-by: Baptiste Jonglez <>
  13. x86/generic: use HIGHMEM64G instead of HIGHMEM4G to fix PAE and Xen

    Baptiste Jonglez authored and nbd168 committed Jul 15, 2017
    This is a backport of 641a65f in master.
    This change re-enables PAE for the 32-bit x86 subtarget, which is
    interesting in its own right but also necessary for Xen support.
    Commit af1d1eb ("x86: enable 4G high memory support for generic (32bit)
    subtarget") inadvertently disabled both PAE and Xen support.
    Fixes: FS#908
    Cc: Daniel Golle <>
    Cc: Jo-Philipp Wich <>
    Signed-off-by: Baptiste Jonglez <>
Commits on Oct 13, 2017
  1. kernel: add fix for bgmac with B50212E B1 PHY

    Rafał Miłecki
    Rafał Miłecki committed Oct 13, 2017
    This PHY requires some extra programming to work reliably with all
    devices. Backport upstream fix for it.
    Signed-off-by: Rafał Miłecki <>
  2. mt76: sync with version 878456c from master

    nbd168 committed Oct 12, 2017
    Backport required DT changes from commit dabdd12.
    Significantly improves stability and performance for MT76x2 and MT7603
    Signed-off-by: Felix Fietkau <>
Commits on Oct 10, 2017
  1. bcm53xx: backport DTS changes up to the first 4.15 queued commits

    Rafał Miłecki
    Rafał Miłecki committed Oct 10, 2017
    Signed-off-by: Rafał Miłecki <>
Commits on Oct 7, 2017
  1. ar71xx: add rssileds to WA850RE v1 image

    mkresin committed Oct 7, 2017
    A default rssileds config exists for the TP-Link WA850RE v1 but the
    rssiled package is not included by default.
    The compressed 17.01.3 image size increases by 3302 bytes which should
    be tolerable even for a 4MB flash board.
    Fixes: FS#1043
    Signed-off-by: Mathias Kresin <>
Commits on Oct 5, 2017
  1. toolchain/gdb: update to version 8.0.1

    rmounce authored and nbd168 committed Aug 6, 2017
    Fixes CVE-2017-9778.
    Signed-off-by: Ryan Mounce <>
    [reference fixed CVE]
    Signed-off-by: Stijn Tintel <>
  2. cmake: fix build error with Xcode 9 on macOS 12

    nbd168 committed Oct 5, 2017
    Signed-off-by: Felix Fietkau <>
  3. gcc: fix build error with macOS + Xcode 9

    nbd168 committed Oct 5, 2017
    Signed-off-by: Felix Fietkau <>
  4. build: add a darwin sitefile to deal with macOS 10.12 + Xcode 9 build…

    nbd168 committed Oct 5, 2017
    … errors
    Certain functions are available in system headers, but only work on
    macOS 10.13
    Signed-off-by: Felix Fietkau <>
Commits on Oct 4, 2017
  1. ramips: mt7620: do not pad sysupgrade Archer images

    f00b4r0 authored and mkresin committed Aug 2, 2017
    The current makefile unnecessarily pads sysupgrade image for Archer devices.
    This has three implications:
    1. higher risk of OOM when uploading the binary image to the device
    2. much slower upgrade due to time wasted erasing and writing padding
    3. grows image beyond available flash size if metadata are appended
    This is already fixed in master, albeit in a completely different way (the
    whole target have been reworked)
    Fixes: FS#1025, FS#1039
    Signed-off-by: Thibaut VARENE <>
Commits on Oct 3, 2017
  1. LEDE v17.01.3: revert to branch defaults

    stintel committed Oct 3, 2017
    Signed-off-by: Stijn Tintel <>
  2. LEDE v17.01.3: adjust config defaults

    stintel committed Oct 3, 2017
    Signed-off-by: Stijn Tintel <>
  3. uhttp: update to latest version

    ianchi authored and jow- committed Sep 12, 2017
    3fd58e9 2017-08-19 uhttpd: add manifest support
    88c0b4b 2017-07-09 file: fix basic auth regression
    99957f6 2017-07-02 file: remove unused "auth" member from struct
    c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS
    ad93be7 2017-07-02 auth: store parsed username and password
    fa51d7f 2017-07-02 proc: do not declare empty process variables
    a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support
    e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash
    Signed-off-by: Adrian Panella <>
Commits on Oct 2, 2017
  1. odhcpd: don't enable server mode on non-static lan port

    karlp authored and dedeckeh committed Sep 1, 2017
    Instead of blindly enabling the odhcpd v6 server and RA server on the
    lan port, only do that if the lan port protocol is "static"
    This prevents the unhelpful case of a device being a dhcpv4 client and
    v6 server on the same ethernet port.
    Signed-off-by: Karl Palsson <>
    [PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup]
    Signed-off-by: Hans Dedecker <>