Matthias Schiffer [Fri, 29 Dec 2017 14:56:01 +0000 (15:56 +0100)]
base-files: fix logic when to show failsafe banner
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Fixes: 1c9299877be9 ("base-files: set FAILSAFE in /etc/profile when
/tmp/.failsafe exists")
Etienne Haarsma [Thu, 21 Dec 2017 09:28:16 +0000 (10:28 +0100)]
kernel: bump 4.4 to 4.4.107
Bump 4.4 to 4.4.107 and refreshed all patches.
Made the following patch for Mediatek and Oxnas compatible with kernel 4.4.107:
0072-mtd-backport-v4.7-0day-patches-from-Boris.patch
44f8e4d version: bump snapshot bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x 679e53a chacha20: avx512vl implementation 10b1232 poly1305: fix avx512f alignment bug 5fce163 chacha20poly1305: cleaner generic code 63a0031 blake2s-x86_64: fix spacing d2e13a8 global: add SPDX tags to all files d94f3dc chacha20-arm: fix with clang -fno-integrated-as. 3004f6b poly1305: update x86-64 kernel to AVX512F only d452d86 tools: no need to put this on the stack 0ff098f tools: remove undocumented unused syntax b1aa43c contrib: keygen-html for generating keys in the browser e35e45a kernel-tree: jury rig is the more common spelling 210845c netlink: rename symbol to avoid clashes fcf568e device: clear last handshake timer on ifdown d698467 compat: fix 3.10 backport 5342867 device: do not clear keys during sleep on Android 88624d4 curve25519: explictly depend on AS_AVX c45ed55 compat: support RAP in assembly 7f29cf9 curve25519: modularize dispatch
Jo-Philipp Wich [Tue, 12 Dec 2017 15:28:04 +0000 (16:28 +0100)]
rules.mk: export TMPDIR
Set TMPDIR to the same value as the existing TMP_DIR variable in order to
let gcc and various other utilities use the local temporary directory
instead of the system-wide one.
Antonio Quartulli [Fri, 9 Nov 2012 14:23:34 +0000 (15:23 +0100)]
mac80211: don't pass the hostapd ctrl iface in adhoc
Passing the ctrl iface to wpa_supplicant will automatically cause wpa_supplicant
to send "STOP_AP" messages to the hostapd. This breaks the AP interfaces.
Sven Eckelmann [Tue, 7 Nov 2017 10:48:40 +0000 (11:48 +0100)]
hostapd: explicitly set beacon interval for wpa_supplicant
The beacon_int is currently set explicitly for hostapd and when LEDE uses
iw to join and IBSS/mesh. But it was not done when wpa_supplicant was used
to join an encrypted IBSS or mesh.
This configuration is required when an AP interface is configured together
with an mesh interface. The beacon_int= line must therefore be re-added to
the wpa_supplicant config. The value is retrieved from the the global
variable.
Fixes: 1a16cb9c67f0 ("mac80211, hostapd: always explicitly set beacon interval") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Felix Fietkau <nbd@nbd.name> [rebase]
(cherry picked from commit 772afef61dc68e2470f4da130fac862ccf2fb105)
Sven Eckelmann [Thu, 11 May 2017 06:56:50 +0000 (08:56 +0200)]
hostapd: set mcast_rate in mesh mode
The wpa_supplicant code for IBSS allows to set the mcast rate. It is
recommended to increase this value from 1 or 6 Mbit/s to something higher
when using a mesh protocol on top which uses the multicast packet loss as
indicator for the link quality.
This setting was unfortunately not applied for mesh mode. But it would be
beneficial when wpa_supplicant would behave similar to IBSS mode and set
this argument during mesh join like authsae already does. At least it is
helpful for companies/projects which are currently switching to 802.11s
(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
because newer drivers seem to support 802.11s but not IBSS anymore.
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com> Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh]
(cherry picked from commit 43f66943d0dbf0ed0ec2a9cb071d0fbded2fbe35)
Hans Dedecker [Mon, 13 Nov 2017 21:33:48 +0000 (22:33 +0100)]
igmpproxy: remove firewall rules when service is stopped
Remove multicast routing firewall rules when the igmpproxy is stopped by
triggering a firewall config change.
Keeping the firewall open from the wan for igmp and udp multicast is not
desired when the igmpproxy service is inactive.
Martin Schiller [Mon, 9 Oct 2017 08:12:04 +0000 (10:12 +0200)]
openvpn: add support to start/stop single instances
Signed-off-by: Martin Schiller <ms@dev.tdt.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
(cherry picked from commit e2f25e607d2092cffa45196e7997854feb464232)
Jo-Philipp Wich [Mon, 6 Nov 2017 11:04:25 +0000 (12:04 +0100)]
uhttpd: fix query string handling
Update to latest Git in order to fix potential memory corruption and invalid
memory access when handling query strings in conjunction with active basic
authentication.
Michal Sojka [Fri, 3 Nov 2017 21:31:42 +0000 (22:31 +0100)]
procd: Always tell cmake whether to include seccomp support or not
Without this change, when a user disables seccomp support in .config,
procd does not get recompiled unless the package is cleaned manually.
It is because when -D option is missing from cmake command line, cmake
uses cached value from the previous run where seccomp was enabled.
Yousong Zhou [Mon, 6 Nov 2017 02:43:25 +0000 (10:43 +0800)]
libunwind: disable building with ssp
If we enable -fstack-protector while building libunwind, function
__stack_chk_fail_local will be referred to for i386 and powerpc32
arches. This will cause link failure because the default gcc build
specs says no link_ssp if -nostdlib is given.
The error message:
OpenWrt-libtool: link: ccache_cc -shared -fPIC -DPIC .libs/os-linux.o mi/.libs/init.o mi/.libs/flush_cache.o mi/.libs/mempool.o mi/.libs/strerror.o x86/.libs/is_fpreg.o x86/.libs/regname.o x86/.libs/Los-linux.o mi/.libs/backtrace.o mi/.libs/dyn-cancel.o mi/.libs/dyn-info-list.o mi/.libs/dyn-register.o mi/.libs/Ldyn-extract.o mi/.libs/Lfind_dynamic_proc_info.o mi/.libs/Lget_accessors.o mi/.libs/Lget_proc_info_by_ip.o mi/.libs/Lget_proc_name.o mi/.libs/Lput_dynamic_unwind_info.o mi/.libs/Ldestroy_addr_space.o mi/.libs/Lget_reg.o mi/.libs/Lset_reg.o mi/.libs/Lget_fpreg.o mi/.libs/Lset_fpreg.o mi/.libs/Lset_caching_policy.o x86/.libs/Lcreate_addr_space.o x86/.libs/Lget_save_loc.o x86/.libs/Lglobal.o x86/.libs/Linit.o x86/.libs/Linit_local.o x86/.libs/Linit_remote.o x86/.libs/Lget_proc_info.o x86/.libs/Lregs.o x86/.libs/Lresume.o x86/.libs/Lstep.o x86/.libs/getcontext-linux.o -Wl,--whole-archive ./.libs/libunwind-dwarf-local.a ./.libs/libunwind-elf32.a -Wl,--no-whole-archive -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/lib -lc -lgcc -Os -march=i486 -fstack-protector -Wl,-z -Wl,now -Wl,-z -Wl,relro -nostartfiles -nostdlib -Wl,-soname -Wl,libunwind.so.8 -o .libs/libunwind.so.8.0.1
.libs/os-linux.o: In function `_Ux86_get_elf_image':
os-linux.c:(.text+0x588): undefined reference to `__stack_chk_fail_local'
x86/.libs/Lregs.o: In function `_ULx86_access_fpreg':
Lregs.c:(.text+0x25b): undefined reference to `__stack_chk_fail_local'
x86/.libs/Lresume.o: In function `_ULx86_resume':
Lresume.c:(.text+0xdc): undefined reference to `__stack_chk_fail_local'
collect2: error: ld returned 1 exit status
Makefile:2249: recipe for target 'libunwind.la' failed
Marcin Jurkowski [Fri, 30 Jun 2017 11:13:50 +0000 (13:13 +0200)]
dropbear: make ssh compression support configurable
Adds config option to enable compression support which is usefull
when using a terminal sessions over a slow link. Impact on binary
size is negligible but additional 60 kB (uncompressed) is needed for
a shared zlib library.
Philip Prindeville [Tue, 19 Sep 2017 21:17:09 +0000 (15:17 -0600)]
build: remove @ as it's causing an error
Since $(DownloadMethod/unknown) is being invoked in the expansion of
$(call locked ...) anyway, you can't have an @ because the shell
doesn't know what to do with it.
With the introduction of the ubus notifications, we would now fail building
dnsmasq with external toolchains that don't automatically search for headers.
Pass TARGET_CPPFLAGS to the Makefile to resolve that.
Fixes: 34a206bc1194 ("dnsmasq: add ubus notifications for new leases") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit ef485bb23d207e0b1031d264a6fafce01d2bdf8f)
João ChaÃnho [Thu, 31 Aug 2017 15:45:39 +0000 (16:45 +0100)]
ar71xx: fix switch port numbering on RB750r2 and RB750UPr2
This patch fixes the switch port numbering on Mikrotik RB750r2 (hEX lite) and RB750UPr2 (hEX PoE lite).
Tested on a RB750UPr2. Maybe this patch is applicable to other devices (e.g. RB951Ui-2nD, RB952Ui-5ac2nD) but I have no way to test them.
Zoltan Gyarmati [Sat, 26 Aug 2017 13:14:20 +0000 (15:14 +0200)]
scripts/dowload.pl: use glob to expand target dir
If CONFIG_DOWNLOAD_FOLDER is set to for example "~/dl", the download
script fails to create the .hash and .dl files with the following
errors:
Cannot create file ~/dl/dropbear-2017.75.tar.bz2.dl: No such file or directory
sh: 1: cannot create ~/dl/dropbear-2017.75.tar.bz2.hash: Directory nonexistent
If the tarball already exists in the ~/dl dir, it's properly found and
used, so this issue only affects the download.pl script.
This patch calls glob() on the target dir parameter, which will expand `~`.
Rosen Penev [Sat, 26 Aug 2017 03:12:13 +0000 (20:12 -0700)]
samba36: Remove syslog and load printers lines.
printer support is removed using 200-remove_printer_support.patch. the syslog parameter requires samba to be compiled with --with-syslog. Currently samba does not log to syslog and probably has not for a long time.
Rosen Penev [Thu, 24 Aug 2017 23:51:24 +0000 (16:51 -0700)]
samba36: Don't resolve interfaces.
It's redundant and also buggy. IPv6 link local addresses and ::1 are not resolved for example. Doesn't matter since lo and br-lan for example, resolve to them.
Signed-off-by: Rosen Penev <rosenp@gmail.com> Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit b2f60e6a7245c192703528a46dfb630c664dbc0c)
config: make CONFIG_ALL_* select other CONIFG_ALL_* options
Select the other CONFIG_ALL_* options in the hierarchy when the master
option is selected. Currently CONFIG_ALL_KMODS is not selected when the
build bot selects CONFIG_ALL_NONSHARED for example.
Now the rtc kmods should get build when CONFIG_ALL_KMODS,
CONFIG_ALL_NONSHARED or CONFIG_ALL and CONFIG_RTC_SUPPORT are selected
like it is done by the build bots for targets with rtc support.
BangLang Huang [Fri, 24 Feb 2017 02:16:17 +0000 (10:16 +0800)]
nvram: fix memory leak
Fix memory leak on nvram_open() and nvram_open_rdonly().
For nvram_open(), the 'fd' should be closed on error, and
mmap_area should be unmap when nvram magic can not be found.
For nvram_open_rdonly(), the 'file' variable should free before
return. Once nvram_find_mtd() return successfully, it will allocate
memory to save mtd device string.
scripts/package-metadata.pl: inhibit compile deps on missing build types
When a package declares a PKG_BUILD_DEPENDENCY or HOST_BUILD_DEPENDENCY on
a not existing build type, the metadata script will emit a reference to an
unresolvable build target in tmp/.packagedeps, causing the make process to
fail hard in a way not catchable by the IGNORE_ERRORS mechanism.
In a situation where a package "test-a" declares a build dependency
"PKG_BUILD_DEPENDS:=test-b/host" while the Makefile of "test-b" does not
implement a HostBuild, make fails with an unrecoverable error in the form:
make[1]: Entering directory '...'
make[1]: *** No rule to make target 'package/test-b/host/compile',
needed by 'package/test-a/compile'. Stop.
make[1]: Leaving directory '...'
.../toplevel.mk:200: recipe for target 'package/test-a/compile' failed
make: *** [package/test-a/compile] Error 2
Extend the metadata generation script to catch such unresolved references
and emit a visable warning upon detection.
After this change, the script will emit a warning similar to:
WARNING: Makefile "package/test-a/Makefile" has a build dependency on
"test-b/host" but "package/test-b/Makefile" does not implement a
"host" build type
Fixes a global build cluster outage which occured after the "python-cffi"
feed package removed its HostBuild which the "python-cryptography" package
build-depended on.
build: bundle-libraries.sh: do not override argv[0] in inner exec calls
Only mangle argv[0] of the first executed process and leave the argument
vector of subsequent invocations as-is to allow child programs to properly
discover resources relative to their binary locations.
Fixes "cc1" discovery when executing the host gcc through the bundled
"ccache" executable.
Browseable is now set through LuCI per share, so remove it. Same with
writeable (inverted synonym for read only). domain master and preferred
master seem to be legacy settings for Windows 9x. encrypt passwords
defaults to yes. Probably should not be disabled either.
build: fix invocation of bundled ld.so in SDK and Imagebuilder
Commit 72d751cba9 "build: rework library bundling" introduced a new helper
binary "runas" whose sole purpose was mangling the argv vector passed to
the actual called ELF image so that the renamed executable could obtain the
proper name from argv[0].
This approach, however totally defeated the purpose of calling bundled ELF
executables through the shipped ld.so loader since the execv() invocation
performed by "runas" would cause the kernel the interprete the final program
image through the system ELF loader again.
To solve the problem, use an alternative approach of shipping a shared object
"runas.so" which uses an ELF ".init_array" function pointer to obtain the
argv[] vector of the to-be-executed main() function and mangle it in-place.
The actual argv[0] value to use is communicated out-of-band using an
environment variable "RUNAS_ARG0" by the shell wrapper script. The wrapper
script also takes care of setting LD_PRELOAD to instruct the shipped ELF
loader to preload the actual ELF program image with the "runas.so" helper
library.
Alin Nastac [Fri, 16 Jun 2017 12:16:07 +0000 (14:16 +0200)]
netfilter: add iptables-mod-rpfilter package
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.
Daniel Golle [Wed, 5 Jul 2017 14:25:23 +0000 (16:25 +0200)]
bzip2: add symlink to binary
Other distributions incl. the OpenWrt ImageBuilder and SDK
expect to find the bzip2 executable in /bin.
Create a symlink at that location for compatibility.
Kevin Darbyshire-Bryant [Sun, 25 Jun 2017 20:40:43 +0000 (21:40 +0100)]
dropbear: server support option '-T' max auth tries
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.
A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.
Yury Shvedov [Tue, 27 Jun 2017 08:43:54 +0000 (11:43 +0300)]
hostapd: configure NAS ID regardless of encryption
RADIUS protocol could be used not only for authentication but for
accounting too. Accounting could be configured for any type of networks.
However there is no way to configure NAS Identifier for non-WPA
networks without this patch.
This is a backport from the busybox repository
(192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the
suppress_{prefixlength,ifgroup} flags for policy routing rules.
Daniel Golle [Fri, 16 Jun 2017 22:54:46 +0000 (00:54 +0200)]
imagebuilder: clean package_list
commit 19ac879954 (imagebuilder: add package_list function) introduced
a new function 'package_list' to the imagebuilder Makefile.
Unfortunately the package list was poluted by stdout noise of the
Makefile itself as well as opkg. Redirect those outputs to stderr to
make sure that the package_list returned doesn't contain progress
info output but really only packages.
Paul Spooren [Tue, 13 Jun 2017 19:59:14 +0000 (21:59 +0200)]
imagebuilder: add package_list function
The imagebuilder can now list all available packages by using make
package_list. This is usefull for scripts to retrieve a list of all
packages with versions (and size)
Signed-off-by: Paul Spooren <paul@spooren.de>
[daniel@makrotopia.org: fixed commit message]
(cherry picked from commit 19ac879954210df3c6a010990bef42ad5c7fd967)
Sergey Ryazanov [Tue, 6 Jun 2017 22:25:32 +0000 (01:25 +0300)]
ip17xx: correct aneg_done return value
PHY core treats any positive return value as the auto-negotiation done
indication. Since we do not actually check any device register in this
callback then update it to return positive value with a neutral meaning
instead of the register flag to avoid confusing for future readers.
Sergey Ryazanov [Tue, 6 Jun 2017 22:25:31 +0000 (01:25 +0300)]
mvswitch: fix autonegotiation issue
The Marvel 88E6060 switch has an MDIO interface, but does not emulate
regular PHY behavior for the host. The network core can not detect using
the generic code, whether the connection via the attached PHY can be
used or not. The PHY's state machine is stuck in a state of
auto-negotiation and does not go any further so the Ethernet interface
of the router stay forever in the not-runing state.
Fix this issue by implementing the aneg_done callback to be able to
inform the network core that the Ethernet interface link to which the
switch is connected can be marked as RUNNING.
Hans Dedecker [Wed, 31 May 2017 14:24:11 +0000 (16:24 +0200)]
ppp: propagate master firewall zone to dynamic slave interface
Assign the virtual DHCPv6 interface the firewall zone of the parent interface
so fw3 knows the zone to which the virtual DHCPv6 interface belongs.
This guarantees the firewall settings are applied correctly for the virtual
DHCPv6 interface and allows to query the zone to which the virtual DHCPv6
interface belongs via the fw3 network option.
Felix Fietkau [Tue, 30 May 2017 13:37:10 +0000 (15:37 +0200)]
tar: override symlink permissions
On Linux, symlink permissions cannot be altered and are always 0777.
On Mac OS X they can be 0755. Force 0777 here to keep tarballs
reproducible across systems
Florian Fainelli [Mon, 22 May 2017 23:08:57 +0000 (16:08 -0700)]
elfutils: Pass -Wno-unused-result to silence warnings as errors
elfutils turns on -Werror by default, and patch 100-musl-compat.patch
changes how strerror_r is used and we no longer use the function's
return value. This causes the following build error/warning to occur
with glibc-based toolchains:
dwfl_error.c: In function 'dwfl_errmsg':
dwfl_error.c:158:18: error: ignoring return value of 'strerror_r',
declared with attribute warn_unused_result [-Werror=unused-result]
strerror_r (error & 0xffff, s, sizeof(s));
^
cc1: all warnings being treated as errors
Fixing this would be tricky as there are two possible signatures for
strerror_r (XSI and GNU), just turn off unused-result warnings instead.
Yousong Zhou [Mon, 22 May 2017 02:35:10 +0000 (10:35 +0800)]
libunwind: update to 1.2
Addresses CVE-2015-3239: Off-by-one error in the dwarf_to_unw_regnum
function in include/dwarf_i.h in libunwind 1.1 allows local users to
have unspecified impact via invalid dwarf opcodes.
Upstream stable-v1.2 fixed the missing unwind_i.h issue but no new
tarball is released yet
Hauke Mehrtens [Sun, 21 May 2017 19:20:44 +0000 (21:20 +0200)]
lantiq: spi: double time out tolerance
The generic SPI code calculates how long the issued transfer would take
and adds 100ms in addition to the timeout as tolerance. On my 500 MHz
Lantiq Mips SoC I am getting timeouts from the SPI like this when the
system boots up:
m25p80 spi32766.4: SPI transfer timed out
blk_update_request: I/O error, dev mtdblock3, sector 2
SQUASHFS error: squashfs_read_data failed to read block 0x6e
After increasing the tolerance for the timeout to 200ms I haven't seen
these SPI transfer time outs any more.
The Lantiq SPI driver in use here has an extra work queue in between,
which gets triggered when the controller send the last word and the
hardware FIFOs used for reading and writing are only 8 words long.
I did not count on procd handling reload as mentioned
in this doc:
https://wiki.openwrt.org/inbox/procd-init-scripts
```
procd_set_param file /var/etc/your_service.conf # /etc/init.d/your_service reload will restart the daemon if these files have changed
procd_set_param netdev dev # likewise, except if dev's ifindex changes.
procd_set_param data name=value ... # likewise, except if this data changes.
```
The service would be restarted regardless of any of those params.
projects / users / dwmw2 / openwrt.git / log