Permalink
Commits on Aug 30, 2017
  1. dnsmasq: forward.c: fix CVE-2017-13704

    ldir-EDB0 authored and dedeckeh committed Aug 29, 2017
    Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset()
    is called with header & limit pointing at the same address and thus
    tries to clear memory from before the buffer begins.
    
    answer_request() is called with an invalid edns packet size provided by
    the client.  Ensure the udp_size provided by the client is bounded by
    512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512
    MUST be treated as equal to 512"
    
    The client that exposed the problem provided a payload udp size of 0.
    
    Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
    Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Commits on Aug 21, 2017
  1. kernel: backport usbport LED trigger driver support for DT

    Rafał Miłecki
    Rafał Miłecki committed Jun 28, 2017
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  2. kernel: fix of_node handling in LEDs core code

    Rafał Miłecki
    Rafał Miłecki committed Mar 8, 2017
    This backports fixes for setting of_node and making it possible to read
    extra info from DT. This was partially fixed by:
    [PATCH] leds: leds-gpio: Set of_node for created LED devices
    but it didn't work during initialization.
    
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Commits on Aug 17, 2017
  1. kernel: update 4.4 to 4.4.83

    ldir-EDB0 authored and stintel committed Aug 17, 2017
    Refresh patches.
    Minor update 704-phy-no-genphy-soft-reset.patch which was partially
    accepted upstream.
    Compile-tested on ar71xx.
    Runtime-tested on ar71xx.
    
    Fixes the following vulnerabilities:
    - CVE-2017-7533 (4.4.80)
    - CVE-2017-1000111 (4.4.82)
    - CVE-2017-1000112 (4.4.82)
    
    Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
  2. bcm53xx: backport DTS commits that setup USB LEDs

    Rafał Miłecki
    Rafał Miłecki committed Aug 17, 2017
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Commits on Aug 15, 2017
  1. tcpdump: Update to 4.9.1

    diizzyy authored and hauke committed Jul 24, 2017
    Fixes:
     * CVE-2017-11108: Fix bounds checking for STP.
    
    Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Commits on Aug 11, 2017
  1. mbedtls: Re-allow SHA1-signed certificates

    Baptiste Jonglez authored and hauke committed Jul 30, 2017
    Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates.
    This breaks openvpn clients that try to connect to servers that
    present a TLS certificate signed with SHA1, which is fairly common.
    
    Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx.
    
    Fixes: FS#942
    
    Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
  2. ramips: fix WHR-1166D WAN port

    mkresin committed Aug 9, 2017
    By adding the ICPlus IP1001 phy driver an already set RGMII delay mode
    is reset during driver load.
    
    Set the rgmii rx delay to fix corrupt/no packages in case the WAN port
    negotiates to 1000MBit.
    
    Fixes: FS#670
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
Commits on Aug 9, 2017
  1. base-files: don't setup network in preinit if failsafe is disabled

    Rafał Miłecki
    Rafał Miłecki committed Aug 7, 2017
    With failsafe disabled there is no point in early network setup. We
    don't send announcement over UDP and there is no way to ssh to the
    device.
    
    A side effect of this is avoiding a possibly incorrect network config
    (only with failsafe disabled). This problem is related to possible
    changes made by user in /etc/config/network.
    
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Commits on Aug 8, 2017
  1. dnsmasq: backport remove ping check of configured dhcp address

    dedeckeh committed Jul 18, 2017
    Remove ping check in DHCPDISCOVER case as too many buggy clients leave
    an interface in configured state causing the ping check to fail.
    
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
  2. procd: update to the latest git HEAD

    dedeckeh committed Aug 8, 2017
    66be6a2 watchdog: fix inline watchdog_get_magicclose function prototype
    
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commits on Aug 6, 2017
  1. ramips: ArcherC50v1: fix wlan2g MAC address

    f00b4r0 authored and mkresin committed Aug 4, 2017
    By default the wlan eprom contains the generic ralink MAC which is not
    the vendor (TP-Link) one. Based on OFW bootlog, it appears that addresses
    are decremented from the ethernet MAC.
    
    This patch fixes the MAC address for wlan2g in line with OFW.
    
    Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
Commits on Aug 2, 2017
  1. ramips: fix Omnima MiniEMBWiFi image

    mkresin committed Jul 31, 2017
    Reference the Omnima MiniEMBWiFi device tree source file in the image
    build code. Otherwise the dts of the image processed before is used.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  2. ramips: build HuaWei HG255D image

    mkresin committed Jul 31, 2017
    The code to build an image was disabled some time ago for unknown
    reasons albeit the image looks fine.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  3. ramips: add missing partitions

    mkresin committed Jul 31, 2017
    The partitions were lost during migration to device tree.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
Commits on Aug 1, 2017
  1. procd: update to latest git HEAD

    blogic committed Aug 1, 2017
    3e68cdf procd: Do not leak pipe file descriptors to children
    
    Signed-off-by: John Crispin <john@phrozen.org>
  2. ralink: fix rcu_sched stalls on mt7621

    blogic committed Aug 1, 2017
    there were 2 bugs
    *) core1 came up with a bad bogo mips, looks like the clock needed time to stabilize
    *) HPT frequency was not set making r4k timers not come up properly
    
    Backport of 9551d91 "ralink: fix rcu_sched stalls on mt7621".
    
    Signed-off-by: John Crispin <john@phrozen.org>
Commits on Jul 29, 2017
  1. ramips: Archer C50v1: fix power led

    f00b4r0 authored and mkresin committed Jul 29, 2017
    01_leds had a workaround for the power led to compensate for the
    inverted GPIO state. This patch was missing from my previous commit.
    
    Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
    [add the power led default-state which was omitted in the last commit
    by me]
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  2. ramips: Archer C50v1: fix switch port numbering

    f00b4r0 authored and mkresin committed Jul 28, 2017
    Luci shows switch ports in wrong order on that device.
    This patch fixes switch port numbering and matches them to the device
    silkscreen.
    
    Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
  3. ramips: Archer C50v1: fix LEDs active levels

    f00b4r0 authored and mkresin committed Jul 28, 2017
    All LEDs GPIOs are active low on this device.
    
    WAN and POWER states were inverted. Add default state for power.
    
    Tested on Archer C50v1.
    
    Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
  4. ramips: fix Mercury MAC1200R v2.0 board name

    mkresin committed Jul 28, 2017
    With d2b6bf1 ("ramips: fix image validation errors") the board
    name was changed to fix an image validation error. But this change
    wasn't applied to all other files using the board name, which broke
    sysupgrade.
    
    Revert this change and use the former board name in the metadata
    instead.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  5. brcm63xx: add NULL clock fix send upstream

    mkresin committed Jul 28, 2017
    Make the behaviour of clk_get_rate consistent with common clk's
    clk_get_rate by accepting NULL clocks as parameter. Some device
    drivers rely on this, and will cause an OOPS otherwise.
    
    Fixes: FS#735
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  6. ramips: add NULL clock fix send upstream

    mkresin committed Jul 28, 2017
    Make the behaviour of clk_get_rate consistent with common clk's
    clk_get_rate by accepting NULL clocks as parameter. Some device
    drivers rely on this, and will cause an OOPS otherwise.
    
    Fixes: FS#735
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  7. ar7: add NULL clock fix send upstream

    mkresin committed Jul 28, 2017
    Make the behaviour of clk_get_rate consistent with common clk's
    clk_get_rate by accepting NULL clocks as parameter. Some device
    drivers rely on this, and will cause an OOPS otherwise.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
Commits on Jul 28, 2017
  1. curl: fix CVE-2017-7407 and CVE-2017-7468

    hauke committed Jul 23, 2017
    This fixes the following security problems:
    * CVE-2017-7407: https://curl.haxx.se/docs/adv_20170403.html
    * CVE-2017-7468: https://curl.haxx.se/docs/adv_20170419.html
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  2. kernel: update kernel 4.4 to version 4.4.79

    hauke committed Jul 23, 2017
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commits on Jul 25, 2017
  1. ramips: DIR-860L-B1 fix switch port numbering

    f00b4r0 authored and mkresin committed Jul 25, 2017
    Luci shows switch ports in inverted order on that device.
    This patch fixes switch port numbering and matches them to the device
    silkscreen.
    
    Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
  2. kernel: netfilter: fix nf-nathelper(-extra) description

    donvipre authored and mkresin committed Jul 20, 2017
    The tftp and irc netfilter modules are provided by nf-nathelper-extra
    and not by nf-nathelper.
    
    Signed-off-by: Uwe Arnold <donvipre@gmail.com>
    [move the irc module as well]
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  3. ramips: fix wps button gpio for DWR-512

    fid0did0 authored and mkresin committed Jul 18, 2017
    The WPS button is at GPIO#7.
    
    Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
  4. ramips: DTS: VoCore2 improvements/fixes

    p-wassi authored and mkresin committed Jul 22, 2017
    The VoCore2 features 128MB of RAM, therefore set
    memory in DTS to 128*1024*1024 = 0x8000000
    The board's LED is connected to GND, set it to
    ACTIVE_HIGH here.
    Make serial console working again on kernel 4.9 by
    change of pinmux configuration.
    
    Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Commits on Jul 22, 2017
  1. ar71xx: fix switch port mapping for TP-Link TL-WR74xN/D series

    pepe2k committed Jul 14, 2017
    Backport of ad8c315: "ar71xx: fix switch port mapping for TP-Link
    TL-WR74xN/D series".
    
    Fixes FS#843
    
    Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
  2. uboot-envtools: add support for ALFA Network AP121F

    pepe2k committed Mar 31, 2017
    Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
  3. ar71xx: add support for ALFA Network AP121F

    pepe2k committed Mar 31, 2017
    ALFA Network AP121F is a pocket-size router dedicated for VPN/TOR users.
    Device is based on Atheros AR9331 WiSoC and is running a custom version
    (updated from OpenWrt CC to LEDE 17.01 release) of NetAidKit firmware.
    
    Specification:
    
    - 400/400/200 MHz (CPU/DDR/AHB)
    - 64 MB of RAM (DDR1)
    - 16 MB of FLASH (SPI NOR)
    - 1x 10/100 Mbps Ethernet
    - 1T1R 2.4 GHz
    - 1x microSD (optional, on separate PCB)
    - 3x LED, 1x button, 1x switch
    - UART header on PCB
    
    Flash instruction (under U-Boot web recovery mode):
    
    1. Configure PC with static IP 192.168.1.2/24.
    2. Connect PC with RJ45 port, press the reset button, power up device,
       wait for first blink of all LEDs (indicates network setup), then keep
       button for 3 following blinks and release it.
    3. Open 192.168.1.1 address in your browser and upload sysupgrade image.
    
    Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Commits on Jul 14, 2017
  1. image: fix ar71xx legacy images

    mkresin committed Jul 14, 2017
    If TARGET_PER_DEVICE_ROOTFS and DEVICE_PACKAGES are used for ar71xx
    legacy images:
    
    - an already jffs2 padded squashfs rootfs is overwritten
      with an unpadded/raw one.
    
    - the squashfs-raw and squashfs-64k rootfs are not replaced by the
      ones including the DEVICE_PACKAGES
    
    Call Image/Build/squashfs after the DEVICE_PACKAGES are added to the
    base squashfs rootfs to fix the issues.
    
    Fixes: FS#904
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>
  2. imx6: fix DualLite/Solo GW551X board detection

    mkresin committed May 15, 2017
    The model name is a different one in the device tree source file.
    
    Signed-off-by: Mathias Kresin <dev@kresin.me>