Commits on Jul 14, 2017
  1. image: fix ar71xx legacy images

    mkresin committed Jul 14, 2017
    legacy images:
    - an already jffs2 padded squashfs rootfs is overwritten
      with an unpadded/raw one.
    - the squashfs-raw and squashfs-64k rootfs are not replaced by the
      ones including the DEVICE_PACKAGES
    Call Image/Build/squashfs after the DEVICE_PACKAGES are added to the
    base squashfs rootfs to fix the issues.
    Fixes: FS#904
    Signed-off-by: Mathias Kresin <>
  2. imx6: fix DualLite/Solo GW551X board detection

    mkresin committed May 15, 2017
    The model name is a different one in the device tree source file.
    Signed-off-by: Mathias Kresin <>
Commits on Jul 13, 2017
  1. procd: backport kernel watchdog start/stop support

    dedeckeh committed Jul 13, 2017
    4dbf57a watchdog: add support for starting/stopping kernel watchdog
    Signed-off-by: Hans Dedecker <>
Commits on Jul 12, 2017
  1. x86: add missing kernel config symbols to Geode target

    jow- committed Jul 12, 2017
    Signed-off-by: Jo-Philipp Wich <>
  2. x86: enable ACPI support for the Geode subtarget

    jow- committed Jul 12, 2017
    Backport of 9b940fe "x86: enable ACPI support for the Geode subtarget".
    Fixes FS#577.
    Signed-off-by: Jo-Philipp Wich <>
  3. dnsmasq: backport patch fixing DNS failover (FS#841)

    dedeckeh authored and jow- committed Jun 28, 2017
    Backport upstream dnsmasq patch fixing DNS failover when first servers
    returns REFUSED in strict mode; fixes issue FS#841.
    Signed-off-by: Hans Dedecker <>
  4. ar71xx: set US region code for TP-Link TL-WR710N v1 image

    NeoRaider committed Jul 12, 2017
    Non-US versions of the TP-Link TL-WR710N v1 don't have a region code so
    far, so we can just set US unconditionally.
    Signed-off-by: Matthias Schiffer <>
Commits on Jul 11, 2017
  1. fstools: backport fixes from master branch

    dangowrt committed Jul 11, 2017
    The following changes are backported from the master branch
    bdcb075 libfstools: fix matching device name
    (f038a61 on master)
    ef2d438 fstools: use -Wno-format-truncation instead of -Wno-error=format-truncation
    (c43ae11 on master)
    d361923 build: disable the format-truncation warning error to fix gcc 7 build errors
    (a19f2b3 on master)
    cddc830 libfstools: silence mkfs.{ext4,f2fs}
    (88d48d5 on master)
    be5004c libfstools: add basic documentation of mount functions
    (92b4c2c on master)
    34d36c2 add missing includes
    (7d78836 on master)
    A previously added hotfix was replaced by a git commit, hence the patch
    file is removed and we got instead
    45c2a6f libfstools: fix multiple volume_identify usages with the same volume
    (633a8d0 on master)
    Signed-off-by: Daniel Golle <>
Commits on Jul 8, 2017
  1. mtd-utils: use source package name for lzo in PKG_BUILD_DEPENDS

    NeoRaider committed Jul 8, 2017
    PKG_BUILD_DEPENDS should always refer to source package names.
    Signed-off-by: Matthias Schiffer <>
  2. ramips: fix Xiaomi MiWiFi Nano firmware partition size

    mkresin committed Mar 23, 2017
    Even the commit message of the patch adding support for the MiWiFi Nano
    says that a 16 MB flash chip is used. Extend the firmware partition to
    make use of all available flash space.
    Fixes: FS#622
    Signed-off-by: Mathias Kresin <>
Commits on Jul 5, 2017
  1. build: fix kmod package build on non-GNU systems

    nbd168 committed May 29, 2017
    BSD paste requires a filename argument, and it accepts - to use stdin as
    Signed-off-by: Felix Fietkau <>
  2. ar71xx: Fix UBIFS work on Mikrotik RB95x devices

    adron-s authored and nbd168 committed May 31, 2017
    If nand chip has no NAND_NO_SUBPAGE_WRITE flag on its options
    ubifs can't use it mtd devices and the kernel crashes with error:
    __nand_correct_data: uncorrectable ECC error
    Signed-off-by: Sergey Sergeev <>
Commits on Jul 4, 2017
  1. lantiq: use img file extension for DGN3500 factory images

    mkresin committed Jun 28, 2017
    The Netgear UI in basic mode refuses the upgrade file if the the
    fileextension is not img. The expert/advanced mode accepts any
    fileextension. Use img to make it work in any case.
    Signed-off-by: Mathias Kresin <>
Commits on Jul 1, 2017
  1. dnsmasq: backport tweak ICMP ping logic for DHCPv4

    dedeckeh committed Jun 26, 2017
    Don't start ping-check of address in DHCP discover if there already
    exists a lease for the address. It has been reported under some
    circumstances android and netbooted windows devices can reply to
    ICMP pings if they have a lease and thus block the allocation of
    the IP address the device already has during boot.
    Signed-off-by: Hans Dedecker <>
Commits on Jun 29, 2017
  1. dhcpv6: add missing dollar sign in dhcpv6 script (FS#874)

    dedeckeh committed Jun 29, 2017
    Signed-off-by: Hans Dedecker <>
Commits on Jun 28, 2017
  1. procd: backport fixes from master branch

    dangowrt committed Jun 28, 2017
    The following commits have been cherry-picked into the lede-17.01
    branch of procd, listed here in git-log-order ie. with head first:
    89918c8 system: introduce new attribute board_name
    (79bbe6d and 453116e on master branch)
    8297c38 preinit: define _GNU_SOURCE
    (e5b963a on master branch)
    8fd57dd upgraded: cmake: Find and include uloop.h
    (e5ff8ca on master branch)
    6b0da20 hotplug: fix a memory leak in handle_button_complete()
    (f367ec6 on master branch)
    558ffb5 service/service_stopped(): fix a use-after-free
    (796ba3b on master branch)
    22f89e1 upgraded: define __GNU_SOURCE
    (e7bb2c8 on master branch)
    6e8ea8b rcS: add missing fcntl.h include
    (992b796 on master branch)
    cd5225d procd/rcS: Use /dev/null as stdin
    (d42b21e on master branch)
    5131bec procd: Log initscript output prefixed with script name
    (1247db1 on master branch)
    225b18d procd: Don't use syslog before its initialization
    (8d720b2 on master branch)
    889442c procd: Add missing \n in debug message
    (2555474 on master branch)
    2716228 procd: service gets deleted when its last instance is freed
    (8f218f5 on master branch)
    Signed-off-by: Daniel Golle <>
Commits on Jun 27, 2017
  1. kernel: update kernel 4.4 to 4.4.74

    stintel committed Jun 27, 2017
    Refresh patches.
    Compile-tested on ar71xx, octeon.
    Runtime-tested on ar71xx, octeon.
    Signed-off-by: Stijn Tintel <>
  2. ipq806x: fixup thermal patches

    stintel committed Jun 27, 2017
    Fix conflict with thermal patches added in
    Signed-off-by: Stijn Tintel <>
Commits on Jun 26, 2017
  1. base-files: fix PKG_CONFIG_DEPENDS to include entries

    Rafał Miłecki
    Rafał Miłecki committed Jun 16, 2017
    Including sets PKG_CONFIG_DEPENDS to config entries used for
    VERSION_SED command. We should keep these configs to make sure package
    gets refreshed when needed.
    Signed-off-by: Rafał Miłecki <>
  2. bcm53xx: include wpad-mini only on devices with (supported) wireless

    Rafał Miłecki
    Rafał Miłecki committed May 22, 2017
    Don't include wpad-mini when it's useless just like we don't include
    useless wireless drivers.
    Signed-off-by: Rafał Miłecki <>
  3. firmware-utils: fix dgn3500sum compiler warnings

    mkresin committed Jun 26, 2017
    The sum variable need to be initialised, otherwise it will points to
    random stack memory and a bogus image checksum might be calculated.
    While at it, fix the segfault in case the product region code isn't
    specified and enable compiler warnings which had revealed all the code
    Signed-off-by: Mathias Kresin <>
  4. ca-certificates: Update to version 20161130+nmu1

    chris5560 authored and jow- committed Jun 19, 2017
    Signed-off-by: Christian Schoenebeck <>
  5. openvpn: update to 2.4.3

    mkrkn authored and jow- committed Jun 22, 2017
    Fixes for security and other issues. See security announcement for more details:
    * Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508)
    * Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520)
    * Potential double-free in --x509-alt-username (CVE-2017-7521)
    * Remote-triggerable memory leaks (CVE-2017-7512)
    * Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522)
    * Null-pointer dereference in establish_http_proxy_passthru()
    * Restrict --x509-alt-username extension types
    * Fix potential 1-byte overread in TCP option parsing
    * Fix mbedtls fingerprint calculation
    * openssl: fix overflow check for long --tls-cipher option
    * Ensure option array p[] is always NULL-terminated
    * Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6)
    Signed-off-by: Magnus Kroken <>
  6. mbedtls: update to 2.5.1

    mkrkn authored and jow- committed Jun 21, 2017
    Fixes some security issues (no remote exploits), and introduces
    some changes. See release notes for details:
    * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
    * Adds exponent blinding to RSA private operations
    * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
    * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
    * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
    * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.
    Signed-off-by: Magnus Kroken <>
Commits on Jun 22, 2017
  1. bcm53xx: enable Northstar thermal driver

    Rafał Miłecki
    Rafał Miłecki committed Apr 20, 2017
    It allows monitoring CPU temp and will shutdown system on critical
    Signed-off-by: Rafał Miłecki <>
  2. kernel: backport Broadcom thermal drivers

    Rafał Miłecki
    Rafał Miłecki committed Apr 14, 2017
    This includes driver for Northstar and for Raspberry Pi.
    Signed-off-by: Rafał Miłecki <>
Commits on Jun 19, 2017
  1. Revert "dnsmasq: don't point --resolv-file to default location uncond…

    dedeckeh committed Jun 19, 2017
    This reverts commit 78edfff.
    This breaks local dns resolving in case noresolv=1 as resolv.conf is not
    populated anymore with as resolvfile does not equal
    /tmp/ anymore.
    Signed-off-by: Hans Dedecker <>
Commits on Jun 17, 2017
  1. dropbear: fix service trigger syntax error

    ldir-EDB0 authored and dedeckeh committed Jun 15, 2017
    The classic single '&' when double '&&' conditional was meant.
    Signed-off-by: Kevin Darbyshire-Bryant <>
Commits on Jun 12, 2017
  1. ramips: fix Phicomm K1S(PSG1208) pinmux

    guoxiaoqiao authored and mkresin committed Mar 5, 2017
    Use gpio function for pins with LEDs.
    Signed-off-by: 小桥 <>
Commits on Jun 10, 2017
  1. LEDE v17.01.2: revert to branch defaults

    lynxis committed Jun 10, 2017
    Signed-off-by: Alexander Couzens <>
  2. LEDE v17.01.2: adjust config defaults

    lynxis committed Jun 10, 2017
    Signed-off-by: Alexander Couzens <>
Commits on Jun 8, 2017
  1. build: ensure that flock is available for make download

    nbd168 authored and jow- committed Jun 8, 2017
    It ensures that make download can parallelize downloads, even when some
    packages download the same files (e.g. gcc/initial, gcc/final)
    Signed-off-by: Felix Fietkau <>
  2. include/toplevel: set env GIT_ASKPASS=/bin/true

    lynxis authored and jow- committed Jun 7, 2017
    When git-https request a service (e.g. github) which ask for credentials
    git will pass this request to the user resulting to wait for
    user input. Set GIT_ASKPASS to stop asking.
    Signed-off-by: Alexander Couzens <>
  3. base-files: fix a number of IPv6 logic flaws

    jow- committed Jun 8, 2017
    * Change network_get_subnet6() to sensibly guess a suitable prefix
      Attempt to return the first non-linklocal, non-ula range, then attempt
      to return the first non-linklocal range and finally fall back to the
      previous behaviour of simply returning the first found item.
    * Fix network_get_ipaddrs_all()
      Instead of replicating the flawed logic appending a fixed ":1" suffix
      to IPv6 addresses, rely on network_get_ipaddrs() and network_get_ipaddrs6()
      to build a single list of all interface addresses.
    * Fix network_get_subnets6()
      Instead of replicating the flawed logic appending a fixed ":1" suffix
      to IPv6 addresses, rely on the ipv6-prefix-assignment.local-address
      field to figure out the proper network address.
    Signed-off-by: Jo-Philipp Wich <>
  4. mwlwifi: update to version / 2017-06-06

    jow- committed Jun 8, 2017
    Signed-off-by: Jo-Philipp Wich <>