Kevin Darbyshire-Bryant [Mon, 8 Jan 2018 13:00:07 +0000 (13:00 +0000)]
kmod-sched-cake: bump to latest cake bake for 17.01
More important bug fix:
402f05c Use full-rate mtu_time in all tins. Fixes an issue where some
cake tins experienced excessive latency since
49776da (dynamically
adjust target)
Minor bug fixes:
31277c2 Avoid unsigned comparison against zero. Fix compiler warning,
no known impact.
8cf5278 ack_filter: fix TCP flag check. A very contrived case may have
lead to dropping a SYN packet that should not be dropped.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Stijn Segers [Sat, 13 Jan 2018 16:18:21 +0000 (17:18 +0100)]
ar71xx: Netgear WNR2000v4: do not include USB packages [17.01]
The Netgear WNR2000v4 does not have a USB port. Hence, including USB packages into the default images is useless.
It looks like the WNR2000v4 definition in master is OK.
v2 fixes the silly typo in the patch title (WNR2000v4 instead of WNR200v4)
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Jo-Philipp Wich [Wed, 10 Jan 2018 19:17:48 +0000 (20:17 +0100)]
build: fix restoring /etc/opkg with PER_DEVICE_ROOTFS
When generating per-device rootfs directories, the ./etc/opkg/ directory
is moved away prior to calling opkg install, opkg remove and rootfs_prepare.
After the opkg invocations and the rootfs_prepare macro call, the saved opkg
config directory is supposed to be moved back to its previous ./etc/opkg
location.
The mv command however can fail to properly restore the directory under
certain circumstances, e.g. when the prior opkg or files/ overlay copy
operations caused a new ./etc/opkg/ directory to be created.
In this case, the backed up directory (named target-dir-$hash.opkg) will be
moved into the preexisting ./etc/opkg/ directory instead, causing the opkg
configuration to be located in a wrong path on the final rootfs, e.g. in
/etc/opkg/target-dir-$hash.opkg/distfeeds.conf instead of
/etc/opkg/distfeeds.conf.
Solve this problem by replacing the naive "mv" command with a recursive
"cp -T" invocation which causes the backed up directory tree to get merged
with the destination directory in case it already exists.
Also perform the rootfs_prepare macro call after restoring the opkg
configuration, to allow users to override it again by using the files/
overlay mechanism.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
ab1785b1b2559c9f2d09d4d3ce43e11f4b828616)
Chuanhong Guo [Fri, 29 Dec 2017 04:35:32 +0000 (12:35 +0800)]
ramips: fix lenovo newifi-y1 switch and LED config
There are 3 ethernet ports on Y1. LAN1 on port1, LAN2 on port0 and WAN on
port4.
Use a standalone switch configuration to match this and use the switch
trigger so that LAN LED could indicate the connetction status for both
lan ports correctly.
This patch also drop the internet led configuration, because there is a
WAN led for port4 and eth0.2 isn't always used as WAN.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Mathias Kresin [Sat, 30 Dec 2017 09:19:18 +0000 (10:19 +0100)]
ramips: firewrt: indicate boot status via LED
Add the Firefly FireWRT gree power LED to diag.sh to indicate the boot
status via the power LED.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Vittorio Gambaletta [Sat, 25 Mar 2017 17:08:02 +0000 (18:08 +0100)]
ag71xx: Fix rx ring buffer stall on small packets flood on qca956x and qca953x.
Backported from Code Aurora QSDK
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
Henryk Heisig [Fri, 6 Jan 2017 20:21:11 +0000 (21:21 +0100)]
ar71xx: QCA956X: add missing register
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
Jo-Philipp Wich [Mon, 8 Jan 2018 13:35:21 +0000 (14:35 +0100)]
mvebu: fix mvneta build with Linux 4.4.110
Kernel 4.4.109 added pp->link, pp->duplex and pp->speed setters to
mvneta_port_disable() which the mvneta patchset failed to patch out after
rebasing, leading to the following build error:
CC drivers/net/ethernet/marvell/mvneta.o
drivers/net/ethernet/marvell/mvneta.c: In function 'mvneta_port_disable':
drivers/net/ethernet/marvell/mvneta.c:1199:4: error: 'struct mvneta_port' has no member named 'link'
pp->link = 0;
^
drivers/net/ethernet/marvell/mvneta.c:1200:4: error: 'struct mvneta_port' has no member named 'duplex'
pp->duplex = -1;
^
drivers/net/ethernet/marvell/mvneta.c:1201:4: error: 'struct mvneta_port' has no member named 'speed'
pp->speed = 0;
^
Fix the issue by rebasing 134-net-mvneta-convert-to-phylink.patch to remove
these struct member accesses as well.
Fixes:
7f5a040359 ("kernel: update kernel 4.4 to version 4.4.110")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hauke Mehrtens [Sat, 6 Jan 2018 01:36:39 +0000 (02:36 +0100)]
lantiq: activate noise margin delta for VDSL too
Previously this was only activated for ADSL, this patch activates the
same setting also for VDSL, this feature is also support for VDSL in the
same way it works for ADSL.
I tested it with DSL FW 5.7.9.5.1.7 against a Broadcom 177.140 DSLCO
(Deutsche Telekom) and saw different data rates and Max. Attainable Data
Rates depending on the ds_snr_offset settings I choose.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Andrea Merello [Sat, 13 May 2017 15:16:13 +0000 (17:16 +0200)]
Lantiq: make possible to tweak DSL SRN from UCI
This patch makes possible to tweak the downstream SNR margin on
Lantiq DSL devices.
The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR
margin offset. It accepts values in range -50 to +50 in 0.1 dB units.
The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB
steps.
Currently this should only affect ADSL (not VDSL). It should be very
easy to make this work also on VDSL lines, but since I couldn't test
on VDSL lines this patch does not do that yet.
I have also a patch for LUCI about this, that I could submit.
Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line.
Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Jo-Philipp Wich [Sun, 7 Jan 2018 15:22:21 +0000 (16:22 +0100)]
libubox: update to latest lede-17.01 git HEAD
1dafcd7 jshn: properly support JSON "null" type
6abafba jshn: read and write 64-bit integers
cfc75c5 runqueue: fix use-after-free bug
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hauke Mehrtens [Sat, 6 Jan 2018 01:08:42 +0000 (02:08 +0100)]
kernel: update kernel 4.4 to version 4.4.110
This fixes: CVE-2017-5754
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 8 Oct 2017 16:31:03 +0000 (18:31 +0200)]
brcm47xx: relocate the stack in loader
By default we are reusing the stack provided by CFE, like it is intended
by CFE. On my WRT54GS it is located at 0x8043BF30, so a big kernel image
could overwrite it. Relocate it to a different memory region which is
still under the 8MB RAM, but in the higher area. We only need this
memory region for the stack of the loader, Linux will set up this
for its own.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 8 Oct 2017 14:52:28 +0000 (16:52 +0200)]
brcm47xx: relocate loader to higher address
The boot process on a WRT54GL works the following way:
1. CFE gets loaded by the boot rom from flash
2. CFE loads the loader from the flash and gzip uncompresses it
3. CFE starts the loader
4. The loader stores the FW arguments and relocates itself to
BZ_TEXT_START (now 0x80600000)
5. The loader reads the Linux image from flash
6. The loader lzma decompresses the Linux image to LOADADDR (0x80001000)
7. The loader executes the uncompress Linux image at LOADADDR
The BZ_TEXT_START was set to 0x80400000 before. When the kernel gets
uncompressed and is bigger than BZ_TEXT_START - LOADADDR it overwrote
the loader which was currently uncompressing it and made the board
crash. Increase the BZ_TEXT_START my 2 MB to have more space for the
kernel. Even on 16MB RAM devices the memory goes till 0x80FFFFFF so this
should not be a problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rafał Miłecki [Fri, 5 Jan 2018 13:57:05 +0000 (14:57 +0100)]
fstools: backport fix from master branch
37762ff libfstools: support file paths longer than 255 chars
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hans Dedecker [Thu, 4 Jan 2018 10:29:17 +0000 (11:29 +0100)]
procd: update to latest git HEAD
1883530 procd: Fix minor null pointer dereference.
9085551 procd: initd: fix path allocation in early_insmod
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Rafał Miłecki [Wed, 27 Dec 2017 07:55:28 +0000 (08:55 +0100)]
brcm47xx: image: build firmware for Asus WL-500g Deluxe
It's a device based on BCM5365P (0x5365 package 0x00). This SoC has
USB 1.1 controller but device has two USB 2.0 parts. They are handled by
PCI-based controllers: 1106:3038 UHCI and 1106:3104 EHCI.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hans Dedecker [Tue, 2 Jan 2018 09:04:59 +0000 (10:04 +0100)]
Revert "iptables: fix nftables compile issue (FS#711)"
This reverts commit
da126d557c6d1cfe19d3f93481af6e00631d7931 as the iptables patch does not apply cleanly.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
rektide de la faye [Thu, 14 Dec 2017 06:29:11 +0000 (01:29 -0500)]
iptables: fix nftables compile issue (FS#711)
Enabling IPTABLES_NFTABLES resulted in an error during build:#
*** No rule to make target '../extensions/libext.a',
needed by 'xtables-compat-multi'."
Comments from Alexander Lochmann and Fedor Konstantinov in FS#711
provided fixes for this build error, allowing iptables to compile.
https://bugs.lede-project.org/index.php?do=details&task_id=711.
This commit updates the Makefile.am xtables_compat_multi_LDFLAGS
and _LDADD, moving linking of extensions to LDFLAGS.
Signed-off-by: rektide de la faye <rektide@voodoowarez.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Daniel Golle [Mon, 1 Jan 2018 21:27:51 +0000 (22:27 +0100)]
rpcd: backport version 2017-12-07 from master
cfe1e75c91 sys: packagelist: allow listing all packages
74a784f037 sys: fix passwd path
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(commit
173edcdc9da55fbd7225c4baa7b03405dfc074cc on master)
Jo-Philipp Wich [Mon, 1 Jan 2018 16:01:49 +0000 (17:01 +0100)]
uci: update to HEAD of lede-17.01 branch
Switch uci to the lede-17.01 branch which contains the following two commits
cherry-picked from uci master:
141b64e lua: additionally return name when looking up sections
1e17f24 lua: support extended section notation
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Kevin Darbyshire-Bryant [Sat, 30 Dec 2017 09:20:39 +0000 (09:20 +0000)]
iproute2: cake: fix patch format error
Fix patch format error introduced in
c4e9487cf5
Refresh patches to tidy fuzz
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Tue, 26 Dec 2017 19:30:02 +0000 (19:30 +0000)]
kernel: bump 4.4 to 4.4.108 for 17.01
Refresh patches.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Fri, 22 Dec 2017 13:45:11 +0000 (13:45 +0000)]
iproute2: cake: support new operating modes for 17.01
There has been recent significant activity with the cake qdisc of late
Some of that effort is related to upstreaming to kernel & iproute2
mainline but we're not quite there yet. This commit teaches tc how to
activate and interprete the latest cake operating modes, namely:
ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.
ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Fri, 22 Dec 2017 13:45:10 +0000 (13:45 +0000)]
kmod-sched-cake: bump to latest bake of cake for 17.01
There has been recent significant activity with the cake qdisc of late
but in the cobalt branch. Some of that effort is related to upstreaming
to kernel & iproute2 mainline but we're not quite there yet. Relevant
feature changes:
ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.
ptm mode: Minor optimisation in packet overhead calculation.
dual-src/dsthost/triple-isolate: Optimise only calculating src or dst
host hashes only if required.
ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.
A separate iproute2 patch to teach it about Cake's new features will
follow.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Mathias Kresin [Wed, 27 Dec 2017 21:09:52 +0000 (22:09 +0100)]
ramips: fix widora neo diag led
The diag LED is named widora:orange:wifi and can't be derived from the
boardname.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Matthias Schiffer [Fri, 29 Dec 2017 14:56:01 +0000 (15:56 +0100)]
base-files: fix logic when to show failsafe banner
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes:
1c9299877be9 ("base-files: set FAILSAFE in /etc/profile when
/tmp/.failsafe exists")
Matthias Schiffer [Fri, 29 Dec 2017 13:34:03 +0000 (14:34 +0100)]
base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists
Since dropbear clears the environment, FAILSAFE was not set as intended in
failsafe mode.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Kevin Darbyshire-Bryant [Sat, 23 Dec 2017 19:26:52 +0000 (19:26 +0000)]
wireguard: bump to
20171221
7e945a8 version: bump snapshot
f2168aa compat: kernels < 3.13 modified genl_ops
52004fd crypto: compile on UML
6b69b65 wg-quick: dumber matching for default routes
aa35d9d wg-quick: add the "Table" config option
037c389 keygen-html: remove prebuilt file
No patch refresh required.
Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Etienne Haarsma [Thu, 21 Dec 2017 09:28:16 +0000 (10:28 +0100)]
kernel: bump 4.4 to 4.4.107
Bump 4.4 to 4.4.107 and refreshed all patches.
Made the following patch for Mediatek and Oxnas compatible with kernel 4.4.107:
0072-mtd-backport-v4.7-0day-patches-from-Boris.patch
Compile-tested: ar71xx
Run-tested: ar71xx
Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
Reviewed-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Rosen Penev <rosenp@gmail.com>
Kevin Darbyshire-Bryant [Tue, 12 Dec 2017 19:34:17 +0000 (19:34 +0000)]
wireguard: bump to
20171211
Bump to latest WireGuard snapshot release:
44f8e4d version: bump snapshot
bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x
679e53a chacha20: avx512vl implementation
10b1232 poly1305: fix avx512f alignment bug
5fce163 chacha20poly1305: cleaner generic code
63a0031 blake2s-x86_64: fix spacing
d2e13a8 global: add SPDX tags to all files
d94f3dc chacha20-arm: fix with clang -fno-integrated-as.
3004f6b poly1305: update x86-64 kernel to AVX512F only
d452d86 tools: no need to put this on the stack
0ff098f tools: remove undocumented unused syntax
b1aa43c contrib: keygen-html for generating keys in the browser
e35e45a kernel-tree: jury rig is the more common spelling
210845c netlink: rename symbol to avoid clashes
fcf568e device: clear last handshake timer on ifdown
d698467 compat: fix 3.10 backport
5342867 device: do not clear keys during sleep on Android
88624d4 curve25519: explictly depend on AS_AVX
c45ed55 compat: support RAP in assembly
7f29cf9 curve25519: modularize dispatch
Refresh patches.
Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Jo-Philipp Wich [Wed, 17 May 2017 12:36:23 +0000 (14:36 +0200)]
brcm47xx: remove target specific network preinit config
The generic preinit code is now able to setup network and switch vlan settings
from the /etc/board.json file, therefor drop the target specific code.
Fixes FS#790.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
833c500cb2985e9b76a1aae3b6a577977eee5457)
Jo-Philipp Wich [Tue, 12 Dec 2017 15:28:04 +0000 (16:28 +0100)]
rules.mk: export TMPDIR
Set TMPDIR to the same value as the existing TMP_DIR variable in order to
let gcc and various other utilities use the local temporary directory
instead of the system-wide one.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
52a3477ff91a2009e451d5dce307e9cc945e9ffa)
Rosen Penev [Wed, 22 Nov 2017 05:57:52 +0000 (21:57 -0800)]
usbutils: Update usb.ids file to latest
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
fc4e7bdca75f4d283374d3dfe0d0ac1cd4885612)
Leon M. George [Mon, 20 Nov 2017 16:38:09 +0000 (17:38 +0100)]
hostapd: remove unused local var declaration
Signed-off-by: Leon M. George <leon@georgemail.eu>
(cherry picked from commit
63462910ddb01d9a7391d793228767628aa65db2)
Leon M. George [Mon, 20 Nov 2017 16:36:55 +0000 (17:36 +0100)]
hostapd: don't set htmode for wpa_supplicant
no longer supported
Signed-off-by: Leon M. George <leon@georgemail.eu>
(cherry picked from commit
cc0847eda337f948f5ff6e75014aa88e48779677)
Felix Fietkau [Thu, 9 Nov 2017 13:39:48 +0000 (14:39 +0100)]
libnl-tiny: use fixed message size instead of using the page size
Simplifies the code and reduces size
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
d5bcd0240a8f42a05ef31005a9a9dea848d3f7a8)
Zhai Zhaoxuan [Tue, 11 Jul 2017 10:12:00 +0000 (18:12 +0800)]
packages: nvram: fix memory leak in _nvram_free
The value of nvram_tuple_t is allocated in _nvram_realloc,
but it is not freed in _nvram_free.
Signed-off-by: Zhai Zhaoxuan <zhaizhaoxuan@xiaomi.com>
(cherry picked from commit
c382237ac33a787043b22abc42f0c5a80278baae)
Antonio Quartulli [Fri, 9 Nov 2012 14:23:34 +0000 (15:23 +0100)]
mac80211: don't pass the hostapd ctrl iface in adhoc
Passing the ctrl iface to wpa_supplicant will automatically cause wpa_supplicant
to send "STOP_AP" messages to the hostapd. This breaks the AP interfaces.
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
(cherry picked from commit
0da54fa6428ea98d31b49f5d9a4a272214f5d188)
Sven Eckelmann [Tue, 7 Nov 2017 10:48:40 +0000 (11:48 +0100)]
hostapd: explicitly set beacon interval for wpa_supplicant
The beacon_int is currently set explicitly for hostapd and when LEDE uses
iw to join and IBSS/mesh. But it was not done when wpa_supplicant was used
to join an encrypted IBSS or mesh.
This configuration is required when an AP interface is configured together
with an mesh interface. The beacon_int= line must therefore be re-added to
the wpa_supplicant config. The value is retrieved from the the global
variable.
Fixes:
1a16cb9c67f0 ("mac80211, hostapd: always explicitly set beacon interval")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [rebase]
(cherry picked from commit
772afef61dc68e2470f4da130fac862ccf2fb105)
Sven Eckelmann [Thu, 11 May 2017 06:56:50 +0000 (08:56 +0200)]
hostapd: set mcast_rate in mesh mode
The wpa_supplicant code for IBSS allows to set the mcast rate. It is
recommended to increase this value from 1 or 6 Mbit/s to something higher
when using a mesh protocol on top which uses the multicast packet loss as
indicator for the link quality.
This setting was unfortunately not applied for mesh mode. But it would be
beneficial when wpa_supplicant would behave similar to IBSS mode and set
this argument during mesh join like authsae already does. At least it is
helpful for companies/projects which are currently switching to 802.11s
(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
because newer drivers seem to support 802.11s but not IBSS anymore.
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh]
(cherry picked from commit
43f66943d0dbf0ed0ec2a9cb071d0fbded2fbe35)
Hans Dedecker [Mon, 13 Nov 2017 21:33:48 +0000 (22:33 +0100)]
igmpproxy: remove firewall rules when service is stopped
Remove multicast routing firewall rules when the igmpproxy is stopped by
triggering a firewall config change.
Keeping the firewall open from the wan for igmp and udp multicast is not
desired when the igmpproxy service is inactive.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit
31ebbe34ccc066c212ef20de0856ab3a428fb801)
Martin Schiller [Mon, 9 Oct 2017 08:12:04 +0000 (10:12 +0200)]
openvpn: add support to start/stop single instances
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
(cherry picked from commit
e2f25e607d2092cffa45196e7997854feb464232)
Alexander Couzens [Fri, 4 Aug 2017 11:09:12 +0000 (13:09 +0200)]
package/elfutils: add CFLAG -Wno-format-nonliteral
When a library is using fortify-packages GCC will complain about
"error: format not a string literal, argument types not checked".
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit
6ab45214644166846398e5e520d151c05cc4dd55)
Felix Fietkau [Thu, 9 Nov 2017 11:21:15 +0000 (12:21 +0100)]
tools/coreutils: install readlink
Parts of the build system use non-portable invocation of readlink
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
6bcc1c5331c797004e1b43168eb116d2d14b0102)
Jo-Philipp Wich [Mon, 6 Nov 2017 11:04:25 +0000 (12:04 +0100)]
uhttpd: fix query string handling
Update to latest Git in order to fix potential memory corruption and invalid
memory access when handling query strings in conjunction with active basic
authentication.
a235636 2017-11-04 file: fix query string handling
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
05a4200d56efe439e298c8af3d82ac221b0e86e9)
Ralph Sennhauser [Sun, 22 Oct 2017 20:21:22 +0000 (22:21 +0200)]
openssl: fix cryptodev config dependency
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
(cherry picked from commit
f5468d248613fee51d19715e0fa6e37012c0eda7)
Koen Vandeputte [Tue, 24 Oct 2017 14:20:22 +0000 (16:20 +0200)]
uqmi: replace legacy command invoke with newer type
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit
06d5d01e8acb4c7012bfa1ce8d432816b98088b0)
Michal Sojka [Fri, 3 Nov 2017 21:31:42 +0000 (22:31 +0100)]
procd: Always tell cmake whether to include seccomp support or not
Without this change, when a user disables seccomp support in .config,
procd does not get recompiled unless the package is cleaned manually.
It is because when -D option is missing from cmake command line, cmake
uses cached value from the previous run where seccomp was enabled.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
(cherry picked from commit
0e300a3a71264d8938b17f9fb0d5f1ab33a0434a)
Yousong Zhou [Mon, 6 Nov 2017 02:43:25 +0000 (10:43 +0800)]
libunwind: disable building with ssp
If we enable -fstack-protector while building libunwind, function
__stack_chk_fail_local will be referred to for i386 and powerpc32
arches. This will cause link failure because the default gcc build
specs says no link_ssp if -nostdlib is given.
The error message:
OpenWrt-libtool: link: ccache_cc -shared -fPIC -DPIC .libs/os-linux.o mi/.libs/init.o mi/.libs/flush_cache.o mi/.libs/mempool.o mi/.libs/strerror.o x86/.libs/is_fpreg.o x86/.libs/regname.o x86/.libs/Los-linux.o mi/.libs/backtrace.o mi/.libs/dyn-cancel.o mi/.libs/dyn-info-list.o mi/.libs/dyn-register.o mi/.libs/Ldyn-extract.o mi/.libs/Lfind_dynamic_proc_info.o mi/.libs/Lget_accessors.o mi/.libs/Lget_proc_info_by_ip.o mi/.libs/Lget_proc_name.o mi/.libs/Lput_dynamic_unwind_info.o mi/.libs/Ldestroy_addr_space.o mi/.libs/Lget_reg.o mi/.libs/Lset_reg.o mi/.libs/Lget_fpreg.o mi/.libs/Lset_fpreg.o mi/.libs/Lset_caching_policy.o x86/.libs/Lcreate_addr_space.o x86/.libs/Lget_save_loc.o x86/.libs/Lglobal.o x86/.libs/Linit.o x86/.libs/Linit_local.o x86/.libs/Linit_remote.o x86/.libs/Lget_proc_info.o x86/.libs/Lregs.o x86/.libs/Lresume.o x86/.libs/Lstep.o x86/.libs/getcontext-linux.o -Wl,--whole-archive ./.libs/libunwind-dwarf-local.a ./.libs/libunwind-elf32.a -Wl,--no-whole-archive -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/lib -lc -lgcc -Os -march=i486 -fstack-protector -Wl,-z -Wl,now -Wl,-z -Wl,relro -nostartfiles -nostdlib -Wl,-soname -Wl,libunwind.so.8 -o .libs/libunwind.so.8.0.1
.libs/os-linux.o: In function `_Ux86_get_elf_image':
os-linux.c:(.text+0x588): undefined reference to `__stack_chk_fail_local'
x86/.libs/Lregs.o: In function `_ULx86_access_fpreg':
Lregs.c:(.text+0x25b): undefined reference to `__stack_chk_fail_local'
x86/.libs/Lresume.o: In function `_ULx86_resume':
Lresume.c:(.text+0xdc): undefined reference to `__stack_chk_fail_local'
collect2: error: ld returned 1 exit status
Makefile:2249: recipe for target 'libunwind.la' failed
The snippet from gcc -dumpspecs
%{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}}
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit
f0c37f6ceb10a1db0193d4270c6807c0b2f7a3a0)
Felix Fietkau [Tue, 24 Oct 2017 11:22:09 +0000 (13:22 +0200)]
tools/squashfs: use host cflags
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
20d363aed395e07ff42fe648f898b17f2077cc82)
Hauke Mehrtens [Mon, 16 Oct 2017 18:08:56 +0000 (20:08 +0200)]
ppp: make the patches apply correctly again
This fixes a compile problem recently introduced by me.
Fixes:
f40fd43ab2f ("ppp: fix compile warning")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
a29848c67180396656e4e8a7ef47ae5b441a7325)
Hauke Mehrtens [Sun, 15 Oct 2017 12:19:20 +0000 (14:19 +0200)]
ppp: fix compile warning
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
f40fd43ab2fe0f5c707a07eb036e84af086f3066)
Hans Dedecker [Fri, 6 Oct 2017 07:21:35 +0000 (09:21 +0200)]
dropbear: fix PKG_CONFIG_DEPENDS
Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit
834c93e00bee4f7253a5c64d1a9c8202b1082b1a)
Marcin Jurkowski [Fri, 30 Jun 2017 11:13:50 +0000 (13:13 +0200)]
dropbear: make ssh compression support configurable
Adds config option to enable compression support which is usefull
when using a terminal sessions over a slow link. Impact on binary
size is negligible but additional 60 kB (uncompressed) is needed for
a shared zlib library.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
(cherry picked from commit
a816e1eac761bfdac720d00d15feb18b7b9fd1e3)
Michal Sojka [Tue, 12 Sep 2017 11:12:50 +0000 (13:12 +0200)]
procd: Install seccomp-trace symlink
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
(cherry picked from commit
1a5bf778fb4f8b648716d9f8275c6a0af503cfe5)
Magnus Kroken [Wed, 27 Sep 2017 17:45:32 +0000 (19:45 +0200)]
openvpn: update to 2.4.4
Fixes CVE-2017-12166: out of bounds write in key-method 1.
Remove the mirror that was temporarily added during the
2.4.3 release.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit
a9a37526a9df3b565f5242857d17887cb492afab)
Philip Prindeville [Tue, 19 Sep 2017 21:17:09 +0000 (15:17 -0600)]
build: remove @ as it's causing an error
Since $(DownloadMethod/unknown) is being invoked in the expansion of
$(call locked ...) anyway, you can't have an @ because the shell
doesn't know what to do with it.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit
76ba01a39216b8460846808b2fc10d5ee230a324)
Philip Prindeville [Tue, 19 Sep 2017 20:47:54 +0000 (14:47 -0600)]
usbutils: avoid duplicating the git revision
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit
3008fc9a7bbdcbb2563c99178ce8085396dd41e6)
Florian Fainelli [Sat, 16 Sep 2017 23:27:37 +0000 (16:27 -0700)]
dnsmasq: Pass TARGET_CPPFLAGS to Makefile
With the introduction of the ubus notifications, we would now fail building
dnsmasq with external toolchains that don't automatically search for headers.
Pass TARGET_CPPFLAGS to the Makefile to resolve that.
Fixes:
34a206bc1194 ("dnsmasq: add ubus notifications for new leases")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit
ef485bb23d207e0b1031d264a6fafce01d2bdf8f)
Alexandru Ardelean [Mon, 4 Sep 2017 13:16:00 +0000 (16:16 +0300)]
wwan: json format in some modem definitions
Method used:
```
cd package/network/utils/wwan/files/data
sed -e 's/}}/}/g' -i *
sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i *
sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i *
```
Manually adjusted commas.
Validated with
```
for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done
```
Thanks to @lynxis for pointing out the commas.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
ad510c4d62fd6dd879a02cb2253eb37c2179d9c0)
Stijn Tintel [Mon, 28 Aug 2017 11:45:23 +0000 (14:45 +0300)]
base-files: add /etc/profile.d to conffiles
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
ef255fc57ece1415b2a81346dde7d8ee3a32dee7)
Stijn Tintel [Mon, 28 Aug 2017 11:42:22 +0000 (14:42 +0300)]
base-files: order conffiles alphabetically
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
8446d3de05d0e0a6246dba9621b15095e9073dfb)
Karl Palsson [Wed, 30 Aug 2017 17:44:00 +0000 (17:44 +0000)]
procd: mdns: Support txt values with spaces
Properly quote the arguments so that you can register a service with TXT
entries that contains spaces.
Example:
procd_add_mdns myservice tcp 9999 "key=descriptive text field 1" \
"another=something equally verbose"
Output before:
$ avahi-browse -r -v _myservice._tcp
_myservice._tcp local
hostname = [blah.local]
address = [192.168.255.74]
port = [9999]
txt = ["verbose" "equally" "another=something" "1" "field" "text" "key=descriptive"]
Output now:
$ avahi-browse -r -v _myservice._tcp
_myservice._tcp local
hostname = [blah.local]
address = [192.168.255.74]
port = [9999]
txt = ["another=something equally verbose" "key=descriptive text field 1"]
Signed-off-by: Karl Palsson <karlp@etactica.com>
(cherry picked from commit
7a423c389a162d2945901f0b5e7c604d36c64526)
João Chaínho [Thu, 31 Aug 2017 15:45:39 +0000 (16:45 +0100)]
ar71xx: fix switch port numbering on RB750r2 and RB750UPr2
This patch fixes the switch port numbering on Mikrotik RB750r2 (hEX lite) and RB750UPr2 (hEX PoE lite).
Tested on a RB750UPr2. Maybe this patch is applicable to other devices (e.g. RB951Ui-2nD, RB952Ui-5ac2nD) but I have no way to test them.
Signed-off-by: João Chaínho <joaochainho@gmail.com>
(cherry picked from commit
61027e343025b5f47e7e79db71576e6bd5e97c1d)
Zoltan Gyarmati [Sat, 26 Aug 2017 13:14:20 +0000 (15:14 +0200)]
scripts/dowload.pl: use glob to expand target dir
If CONFIG_DOWNLOAD_FOLDER is set to for example "~/dl", the download
script fails to create the .hash and .dl files with the following
errors:
Cannot create file ~/dl/dropbear-2017.75.tar.bz2.dl: No such file or directory
sh: 1: cannot create ~/dl/dropbear-2017.75.tar.bz2.hash: Directory nonexistent
If the tarball already exists in the ~/dl dir, it's properly found and
used, so this issue only affects the download.pl script.
This patch calls glob() on the target dir parameter, which will expand `~`.
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
(cherry picked from commit
0a761fe8ef346c6f0a78097938b083e2d078b0e2)
Rosen Penev [Sat, 26 Aug 2017 03:12:13 +0000 (20:12 -0700)]
samba36: Remove syslog and load printers lines.
printer support is removed using 200-remove_printer_support.patch. the syslog parameter requires samba to be compiled with --with-syslog. Currently samba does not log to syslog and probably has not for a long time.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
343e3d2ba8efe20554522419697e0e4c3038c92f)
Rosen Penev [Thu, 24 Aug 2017 23:51:24 +0000 (16:51 -0700)]
samba36: Don't resolve interfaces.
It's redundant and also buggy. IPv6 link local addresses and ::1 are not resolved for example. Doesn't matter since lo and br-lan for example, resolve to them.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit
b2f60e6a7245c192703528a46dfb630c664dbc0c)
Rosen Penev [Thu, 24 Aug 2017 23:51:23 +0000 (16:51 -0700)]
samba36: Remove guest ok since LuCI configures it.
guest ok is set per share and as such, don't override it. also, fix an error introduced in the last commit.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
ccb79a310c5273bf32d590323a99e72b587a0fb0)
Hauke Mehrtens [Sat, 15 Jul 2017 20:54:33 +0000 (22:54 +0200)]
config: make CONFIG_ALL_* select other CONIFG_ALL_* options
Select the other CONFIG_ALL_* options in the hierarchy when the master
option is selected. Currently CONFIG_ALL_KMODS is not selected when the
build bot selects CONFIG_ALL_NONSHARED for example.
Now the rtc kmods should get build when CONFIG_ALL_KMODS,
CONFIG_ALL_NONSHARED or CONFIG_ALL and CONFIG_RTC_SUPPORT are selected
like it is done by the build bots for targets with rtc support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
589621b1c03c25e6436d30aaa508aef2484244a6)
BangLang Huang [Fri, 24 Feb 2017 02:58:09 +0000 (10:58 +0800)]
nvram: add help message for nvram magic not found
The program would failed if nvram magic not found
in specific partition.
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit
69da83d9f12e4e48b546fc3fc3ff555034959211)
BangLang Huang [Fri, 24 Feb 2017 02:52:52 +0000 (10:52 +0800)]
nvram: improve argument check when program start
print help message when argument count is less
than 2.
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit
c7e2a6fe923dc86bab14d94ead322a045efca4c9)
BangLang Huang [Fri, 24 Feb 2017 02:45:16 +0000 (10:45 +0800)]
nvram: add usage() function
Merge the help message into a single function,
so that we can use it somewhere else.
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit
2a253e7cdbacd1bd19da80ea6f35a93b42655c3b)
BangLang Huang [Fri, 24 Feb 2017 02:16:17 +0000 (10:16 +0800)]
nvram: fix memory leak
Fix memory leak on nvram_open() and nvram_open_rdonly().
For nvram_open(), the 'fd' should be closed on error, and
mmap_area should be unmap when nvram magic can not be found.
For nvram_open_rdonly(), the 'file' variable should free before
return. Once nvram_find_mtd() return successfully, it will allocate
memory to save mtd device string.
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit
1948d8e08c72106a01b359a30217cf92657cc79d)
Christian Schoenebeck [Tue, 15 Aug 2017 18:44:17 +0000 (20:44 +0200)]
ca-certificates: Update to
20170717
Update to
20170717
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
(cherry picked from commit
a2a226e6e83359ca0c7547ce9fed6ce4ecabc24b)
Rafał Miłecki [Mon, 7 Aug 2017 06:41:26 +0000 (08:41 +0200)]
base-files: drop unused preinit_echo function
It isn't used for years since the old 99_10_run_init has been dropped.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
1e13c6f77fc02df2bd8ed237ab9208ecdefb2dab)
Daniel Engberg [Tue, 8 Aug 2017 06:14:28 +0000 (08:14 +0200)]
tools/pkg-config: Update to 0.29.2
* Update pkg-config to 0.29.2
* Remove patch as it's upstreamed
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit
965df21fd16e5966c64f207fe053ab8b6863081f)
Florian Eckert [Tue, 1 Aug 2017 12:35:18 +0000 (14:35 +0200)]
base-files: suppress uci not found output in login.sh
Fix "uci: Entry not found" output if "ttylogin" is not set in
"etc/config/system"
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
c31f0421ceb47f347ade7317f263fcd09cfe325f)
Jo-Philipp Wich [Wed, 26 Jul 2017 22:18:12 +0000 (00:18 +0200)]
scripts/package-metadata.pl: inhibit compile deps on missing build types
When a package declares a PKG_BUILD_DEPENDENCY or HOST_BUILD_DEPENDENCY on
a not existing build type, the metadata script will emit a reference to an
unresolvable build target in tmp/.packagedeps, causing the make process to
fail hard in a way not catchable by the IGNORE_ERRORS mechanism.
In a situation where a package "test-a" declares a build dependency
"PKG_BUILD_DEPENDS:=test-b/host" while the Makefile of "test-b" does not
implement a HostBuild, make fails with an unrecoverable error in the form:
make[1]: Entering directory '...'
make[1]: *** No rule to make target 'package/test-b/host/compile',
needed by 'package/test-a/compile'. Stop.
make[1]: Leaving directory '...'
.../toplevel.mk:200: recipe for target 'package/test-a/compile' failed
make: *** [package/test-a/compile] Error 2
Extend the metadata generation script to catch such unresolved references
and emit a visable warning upon detection.
After this change, the script will emit a warning similar to:
WARNING: Makefile "package/test-a/Makefile" has a build dependency on
"test-b/host" but "package/test-b/Makefile" does not implement a
"host" build type
Fixes a global build cluster outage which occured after the "python-cffi"
feed package removed its HostBuild which the "python-cryptography" package
build-depended on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
bf5d32af2a675f7577b388b5eef2a11e6ce042eb)
Jo-Philipp Wich [Mon, 24 Jul 2017 11:33:33 +0000 (13:33 +0200)]
build: bundle-libraries.sh: do not override argv[0] in inner exec calls
Only mangle argv[0] of the first executed process and leave the argument
vector of subsequent invocations as-is to allow child programs to properly
discover resources relative to their binary locations.
Fixes "cc1" discovery when executing the host gcc through the bundled
"ccache" executable.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
9e64874fb2508e49e52898c238d817bd152bf2c2)
Rosen Penev [Fri, 21 Jul 2017 20:04:34 +0000 (13:04 -0700)]
samba36: Remove legacy options
Browseable is now set through LuCI per share, so remove it. Same with
writeable (inverted synonym for read only). domain master and preferred
master seem to be legacy settings for Windows 9x. encrypt passwords
defaults to yes. Probably should not be disabled either.
Also reordered alphabetically.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message, fix SoB, fix author, bump pkg revsion]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
9dcb3fe7eb06b42c4f026e6cc5e89b2a18932782)
Daniel Engberg [Sun, 25 Jun 2017 16:14:33 +0000 (18:14 +0200)]
scripts/download.pl: Adjust URLs
Internet2 isn't considered a trusted issuer meaning that https links to
rit.edu will fail.
The host mirror.csclub.uwaterloo.ca has a trusted SSL cert and peering
is good so it can replace rit.edu without performance issues.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[Jo-Philipp Wich: rewrapped commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
99c429512622566ee2bbde69fa8efb0f2bcda33e)
Jo-Philipp Wich [Sun, 16 Jul 2017 21:43:19 +0000 (23:43 +0200)]
build: fix invocation of bundled ld.so in SDK and Imagebuilder
Commit
72d751cba9 "build: rework library bundling" introduced a new helper
binary "runas" whose sole purpose was mangling the argv vector passed to
the actual called ELF image so that the renamed executable could obtain the
proper name from argv[0].
This approach, however totally defeated the purpose of calling bundled ELF
executables through the shipped ld.so loader since the execv() invocation
performed by "runas" would cause the kernel the interprete the final program
image through the system ELF loader again.
To solve the problem, use an alternative approach of shipping a shared object
"runas.so" which uses an ELF ".init_array" function pointer to obtain the
argv[] vector of the to-be-executed main() function and mangle it in-place.
The actual argv[0] value to use is communicated out-of-band using an
environment variable "RUNAS_ARG0" by the shell wrapper script. The wrapper
script also takes care of setting LD_PRELOAD to instruct the shipped ELF
loader to preload the actual ELF program image with the "runas.so" helper
library.
Fixes FS#909.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
ef1cafa736679eb035d405bcdf903fd1fb329865)
Kevin Darbyshire-Bryant [Fri, 16 Jun 2017 19:06:50 +0000 (20:06 +0100)]
kmod-sched-cake: drop maintainer
Drop myself from maintainership of 'cake'.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit
c7f8bcede6be73d0c07e058d57b55e4efc746440)
Stijn Tintel [Sat, 11 Mar 2017 08:32:19 +0000 (09:32 +0100)]
zlib: use default Build/Configure rule
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
462ca4e059dbead678163da26fb4e14748f3021e)
Stijn Tintel [Sat, 11 Mar 2017 08:18:22 +0000 (09:18 +0100)]
lzo: use default Build/Configure rule
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
b3cba687a447478253f95febf17fa9376c98105d)
Alin Nastac [Fri, 16 Jun 2017 12:16:07 +0000 (14:16 +0200)]
netfilter: add iptables-mod-rpfilter package
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
(cherry picked from commit
d8748e537f11ab5f2b5e2ed25d94baa5ce353984)
Daniel Golle [Wed, 5 Jul 2017 14:25:23 +0000 (16:25 +0200)]
bzip2: add symlink to binary
Other distributions incl. the OpenWrt ImageBuilder and SDK
expect to find the bzip2 executable in /bin.
Create a symlink at that location for compatibility.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
eb7c14d512482e18d05f61afa44205167ea094c0)
Stijn Tintel [Tue, 27 Jun 2017 20:30:01 +0000 (22:30 +0200)]
dropbear: add option to set max auth tries
Add a uci option to set the new max auth tries paramater in dropbear.
Set the default to 3, as 10 seems excessive.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
6371159b4ae8b4dd94d6319ac805b0c26962bb14)
Kevin Darbyshire-Bryant [Sun, 25 Jun 2017 20:40:43 +0000 (21:40 +0100)]
dropbear: server support option '-T' max auth tries
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.
A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit
9aaf3d3501642640c9ec74268e671171c8de6103)
Yury Shvedov [Tue, 27 Jun 2017 08:43:54 +0000 (11:43 +0300)]
hostapd: configure NAS ID regardless of encryption
RADIUS protocol could be used not only for authentication but for
accounting too. Accounting could be configured for any type of networks.
However there is no way to configure NAS Identifier for non-WPA
networks without this patch.
Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
37c1513b1f98c93bf84bbcedd9782568e7d4abba)
Yury Shvedov [Tue, 27 Jun 2017 07:34:49 +0000 (10:34 +0300)]
hostapd: add acct_interval option
Make an ability to configure Accounting-Interim-Interval via UCI
Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[add hostapd prefix, cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
0e7bbcd43b6f4b54ecc5c40130b5f86cbc9f1c07)
Luiz Angelo Daros de Luca [Sat, 17 Jun 2017 03:54:45 +0000 (00:54 -0300)]
valgrind: bump to 3.13.0
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit
991899cc5449d8595593a66c0130fdcaa088b36a)
Stefan Tomanek [Mon, 19 Jun 2017 10:41:11 +0000 (12:41 +0200)]
busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'
This is a backport from the busybox repository
(
192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the
suppress_{prefixlength,ifgroup} flags for policy routing rules.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
(cherry picked from commit
de6ff1512955953e56735896c044c7aac97e14d9)
Yousong Zhou [Mon, 19 Jun 2017 06:41:47 +0000 (14:41 +0800)]
libunwind: update to version 1.2.1
Changes since 1.2
a77b0cd Bump version to v1.2.1
5f354cb mips/tilegx: Add missing unwind_i.h header file
620d1c3 Add aarch64 getcontext functionality.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit
77dc6a2ae7c94ac3d496ebab589d4574ac7169d0)
Daniel Golle [Fri, 16 Jun 2017 23:24:43 +0000 (01:24 +0200)]
imagebuilder: don't rewrite package list output
No longer rewrite opkg list output in package_list function, remove
the awk call in the pipe (which was intended for a single specific
use-case).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
d80d1b6c42aa663e6104f817daa5ea29d2e7073d)
Daniel Golle [Fri, 16 Jun 2017 22:54:46 +0000 (00:54 +0200)]
imagebuilder: clean package_list
commit
19ac879954 (imagebuilder: add package_list function) introduced
a new function 'package_list' to the imagebuilder Makefile.
Unfortunately the package list was poluted by stdout noise of the
Makefile itself as well as opkg. Redirect those outputs to stderr to
make sure that the package_list returned doesn't contain progress
info output but really only packages.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
1b555e1d2b1cb2ae3dd1832225e6c9d2c5df0a37)
Felix Fietkau [Fri, 16 Jun 2017 13:15:37 +0000 (15:15 +0200)]
build: remove old kernel-headers build directories
Saves space after updating kernel versions
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
76b62e602233d1a2e1f8ef1c0833bd22ebaaf832)
Paul Spooren [Tue, 13 Jun 2017 19:59:14 +0000 (21:59 +0200)]
imagebuilder: add package_list function
The imagebuilder can now list all available packages by using make
package_list. This is usefull for scripts to retrieve a list of all
packages with versions (and size)
Signed-off-by: Paul Spooren <paul@spooren.de>
[daniel@makrotopia.org: fixed commit message]
(cherry picked from commit
19ac879954210df3c6a010990bef42ad5c7fd967)
Jonas Gorski [Sun, 11 Jun 2017 10:50:14 +0000 (12:50 +0200)]
base-files: board.json's switch reset means existence, not argument
Don't pass the value unconditionally to swconfig as a parameter but
instead only call reset if it is 1.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit
fd952c7a83e5357f5dcab28c0bcaca756e27eaa0)