With the introduction of the ubus notifications, we would now fail building
dnsmasq with external toolchains that don't automatically search for headers.
Pass TARGET_CPPFLAGS to the Makefile to resolve that.
Fixes: 34a206bc1194 ("dnsmasq: add ubus notifications for new leases") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Daniel Engberg [Thu, 7 Sep 2017 22:44:26 +0000 (00:44 +0200)]
utils/e2fsprogs: Update to 1.43.6
Update e2fsprogs to 1.43.6
Disable compilation of fuse2fs (we don't package it)
Disable thread support (only affects fuse2fs)
Enable linking with libblkid instead of using private (included) version.
The libblkid is ~210KBytes in size, but with using the shared library
the binaries are ~25KBytes smaller. This also brings it in sync with
most other Linux distributions.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Alexandru Ardelean [Fri, 25 Aug 2017 11:15:15 +0000 (14:15 +0300)]
libs/wolfssl: disable hardening check in `settings.h`
This seems to cause a false-positive warning/error
while building `libwebsockets-cyassl`.
```
make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
[ 2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o
In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0,
from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33,
from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30,
from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256,
from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43:
/home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp]
#warning "For timing resistance / side-channel attack prevention consider using harden options"
```
Hardening is enabled by default in libwolfssl at build-time.
However, the `settings.h` header is exported (along with other headers)
for build (via Build/InstallDev).
This looks like a small bug/issue with wolfssl.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Thu, 24 Aug 2017 05:56:40 +0000 (08:56 +0300)]
cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`
This is to eliminate any ambiguity about the cyassl/wolfssl lib.
The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.
It's a good idea to keep up with the times (moving forward).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Fri, 25 Aug 2017 11:25:28 +0000 (14:25 +0300)]
libs/wolfssl: add libcysassl to PROVIDES field (for backwards compat)
Until other packages from feeds decide to rename the
dependency of `+libcyassl` to `+libwolfssl`, this allows
for a bit of backwards compatibility with those packages.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Daniel Engberg [Fri, 8 Sep 2017 07:42:23 +0000 (09:42 +0200)]
tools/e2fsprogs: Update to 1.43.6
Update e2fsprogs to 1.43.6
* Remove FreeBSD patch as it's not needed, FreeBSD 9.1 is EoL and this
is compiling on FreeBSD 11.1.
* Remove libmagic patch, RHEL 5 is EoL (End of Production Phase) since
March 31, 2017.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Kevin Darbyshire-Bryant [Tue, 22 Aug 2017 10:01:07 +0000 (11:01 +0100)]
toolchain: gcc: update 7.x to 7.2.0
Bump gcc from 7.1 to 7.2
Compile & run tested: ar71xx
Trace history of current patches and update with commit ref & comment
to give more clue as to why they're still around/needed. Some have
changed form since the original commit but some clue is better than no
clue at all.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Jiawei Wang [Wed, 13 Sep 2017 06:04:22 +0000 (14:04 +0800)]
ramips: fix used MAC addresses for Phicomm K2P
The factory partition of the Phicomm K2P contains two MAC addresses.
The lower MAC address is at offset 0xe006 and the higher one is at
offset 0xe000.
Use the lower MAC address as base mac-address which the switch driver
increments by one for the second (wan) vlan.
The MAC addresses are still inverted in contrast to the stock firmware
where the lower MAC address is used for wan. But at least the use of a
MAC address not intended/reserved for this particular board is fixed.
Kristian Evensen [Tue, 12 Sep 2017 16:27:10 +0000 (18:27 +0200)]
ramips: fix D240 mini-PCIe power control GPIOs
In commit b11c51916cb9 ("ramips: Improve Sanlinking D240 config") I made
a mistake with regards GPIO numbering. And in addition to specifying the
wrong GPIO for controling the power of one of the mini-PCIe, I recently
discovered that the power of both slots can be controlled.
This patch specifies the correct GPIO for the left-most mini-PCIe slot
of the D240 (labeled power_mpcie2 since the slot is attached to SIM2),
and adds a GPIO that can be used to control the power of the other
mini-PCIe slot (labeled power_mpcie1).
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[do not use the gpio active macros for the gpio-export value] Signed-off-by: Mathias Kresin <dev@kresin.me>
TP-Link Archer C20 v1 is a router with 5-port FE switch and
non-detachable antennas. It's very similiar to TP-Link Archer C50.
Also it's based on MediaTek MT7620A+MT7610EN.
Specification:
- MediaTek MT7620A (580 Mhz)
- 64 MB of RAM
- 8 MB of FLASH
- 2T2R 2.4 GHz and 1T1R 5 GHz
- 5x 10/100 Mbps Ethernet
- 2x external, non-detachable antennas
- UART (J1) header on PCB (115200 8n1)
- 8x LED (GPIO-controlled*), 2x button, power input switch
- 1 x USB 2.0 port
* WAN LED in this devices is a dual-color, dual-leads type which isn't
(fully) supported by gpio-leds driver. This type of LED requires both
GPIOs state change at the same time to select color or turn it off.
For now, we support/use only the blue part of the LED.
* MT7610EN ac chip isn't not supported by LEDE. Therefore 5Ghz won't
work.
Factory image notes:
These devices use version 3 of TP-Link header, fortunately without RSA
signature (at least in case of devices sold in Europe). The difference
lays in the requirement for a non-zero value in "Additional Hardware
Version" field. Ideally, it should match the value stored in vendor
firmware header on device.
We are able to prepare factory firwmare file which is accepted and
(almost) correctly flashed from the vendor GUI. As it turned out, it
accepts files without U-Boot image with second header at the beginning
but due to some kind of bug in upgrade routine, flashed image gets
corrupted before it's written to flash. So, to flash this device we must
to prepare image using original firmware from tp-link site with uboot.
Flash instruction:
Until (if at all) TP-Link fixes described problem, the only way to flash
LEDE image in these devices is to use tftp recovery mode in U-Boot.
There are two ways to flash the device to LEDE:
1) Using tftp mode with UART connection and original LEDE image
- Place lede-ramips-mt7620-ArcherC20-squashfs-factory.bin in tftp
server directory
- Configure PC with static IP 192.168.0.66/24 and tftp server.
- Connect PC with one of LAN ports, power up the router and press
key "4" to access U-Boot CLI.
- Use the following commands to update the device to LEDE:
- Place ArcherC20V1_tp_recovery.bin in tftp server directory.
- Configure PC with static IP 192.168.0.66/24 and tftp server.
- Connect PC with one of LAN ports, press the reset button, power up
the router and keep button pressed for around 6-7 seconds, until
device starts downloading the file.
- Router will download file from server, write it to flash and reboot.
generic: drop support for get_port_stats() on ar8xxx
The implementation is not efficient on ar8xxx switches. It triggers high
CPU load and degrades device performance.
The high CPU load has been traced down to the ar8xxx_reg_wait() call in
ar8xxx_mib_op(), which has to usleep_range() till the MIB busy flag set
by the request to update the MIB counter is cleared.
This commit removes the get_port_stats() code introduced in 4d8a66d and
leaves a note for future hacker's beware.
Lorenzo Santina [Mon, 11 Sep 2017 13:27:53 +0000 (15:27 +0200)]
treewide: fix shellscript syntax errors/typos
Fix multiple syntax errors in shelscripts (of packages only)
These errors were causing many conditions to not working properly
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[increase PKG_RELEASE, drop command substitution from directip.sh] Signed-off-by: Mathias Kresin <dev@kresin.em>
Kevin Darbyshire-Bryant [Mon, 4 Sep 2017 12:13:24 +0000 (13:13 +0100)]
basefiles: allow suid coredumps
Set sysctl fs.suid_dumpable = 2
This allows suid processes to dump core according to kernel.core_pattern
setting. LEDE typically uses suid to drop root priviledge rather than
gain it but without this setting any suid process would be unable to
produce coredumps (e.g. dnsmasq)
Processes still need to set a non zero core file process limit ('ulimit
-c unlimited' or if procd used 'procd_set_param limits
core="unlimited"') in order to produce a core. This setting removes an
obscure stumbling block along the way.
This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are
0 - (default) - traditional behaviour. Any process which has changed
privilege levels or is execute only will not be dumped.
1 - (debug) - all processes dump core when possible. The core dump is
owned by the current user and no security is applied. This is
intended for system debugging situations only. Ptrace is unchecked.
This is insecure as it allows regular users to examine the memory
contents of privileged processes.
2 - (suidsafe) - any binary which normally would not be dumped is dumped
anyway, but only if the "core_pattern" kernel sysctl is set to
either a pipe handler or a fully qualified path. (For more details
on this limitation, see CVE-2006-2451.) This mode is appropriate
when administrators are attempting to debug problems in a normal
environment, and either have a core dump pipe handler that knows
to treat privileged core dumps with care, or specific directory
defined for catching core dumps. If a core dump happens without
a pipe handler or fully qualifid path, a message will be emitted
to syslog warning about the lack of a correct setting.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
ar71xx: fix MAC addresses on TP-Link TL-WR1043ND v4
The addresses were read from the 'config' partition, which would not always
contain the addresses at the same offsets, depending on the stock firmware
version used before flashing LEDE. Change this to get the addresses from
the 'product-info' partition, which is read-only.
Reported-and-tested-by: Andreas Ziegler <ml@andreas-ziegler.de> Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Kristian Evensen [Sun, 10 Sep 2017 12:44:47 +0000 (14:44 +0200)]
ramips: Add support for ZBT WE1026-5G
The ZBT WE1026-5G
(http://www.zbtlink.com/products/router/WE1026-5G.html) is the follow-up
to the ZBT WE1026 and is based on MT7620. For the previous WE1026, the
ZBT WE826 image could be used. However, as the name implies, the -5G
comes equipped with a 5GHz wifi radio. As the WE826 only has a 2.4GHz
radio, the addition of 5GHz means that a separate image is needed for
the WE1026-5G. I suspect that this image will also work on the previous
WE1026, but I don't have a device to test with.
Works:
* Wifi.
* Switch.
* mini-PCIe slot. Only tested with a USB device (a modem).
* SIM slot.
* Sysupgrade.
* Button (reset).
Not working:
* The 5GHz WIFI LED is completely dead. I suspect the issue is the same
as on other devices with Mediatek 5Ghz wifi-cards/chips. The LED is
controlled by the driver, and mt76 (currently) does not support this.
Not tested:
* SD card reader.
Notes:
* The modem (labeled 3G/4G) and power LEDs are controlled by the
hardware.
* There is a 32MB version of this device available, but I do not have
access to it. I have therefor only added support for the 16MB version,
but added all the required infrastructure to make adding support for the
32MB version easy.
Installation:
The router comes pre-installed with OpenWRT, including a variant of
Luci. The initial firmware install can be done through this UI,
following normal procedure. I.e., access the UI and update the firmware
using the sysupgrade-image. Remember to select that you do not want to
keep existing settings.
Recovery:
If you brick the device, the WE1026-5G supports recovery using HTTP. Keep the
reset button pressed for ~5sec when booting to start the web server. Set the
address of the network interface on your machine to 192.168.1.2/24, and
point your browser to 192.168.1.1 to access the recovery UI. From the
recovery UI you can upload a firmware image.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
ath10k: Re-enable intermediate softqueues for all devices
The upstream ath10k driver disables the intermediate softqueues for some
devices. This patch reverts that behaviour and always enables the
softqueues (and associated bufferbloat fixes). We have had reports of people
running this with good results:
https://lists.bufferbloat.net/pipermail/make-wifi-fast/2017-September/001497.html
scripts/download.pl: fail loudly if provided hash is unsupported
Currently, if the provided hash is unsupported (length different from 32
or 64 bytes), we happily download the requested file without any kind of
checksum verification.
This is quite dangerous and may provide a false sense of security, because
a single typo in the hash (e.g. one character deleted by mistake) may skip
checksum verification entirely.
Instead, fail immediately if we don't support the provided hash.
In particular, if an external package repository decides to change the
hash algorithm one day, we will now fail loudly instead of skipping
checksum verification without complaints.
Note: if some users of scripts/download.pl knowingly provide an empty hash
because they don't need checksum verification, this change will break
them. This does not seem to be the case currently, but if this feature is
ever needed, an option should be added to download.pl instead of relying
on the hash being empty.
On a TL-WN710N, this patch increases iperf performance from ~92.5 to ~93.5 mbps. Keep in mind the WN710N is a 100mbps device. I expect greater numbers from gigabit devices.
Tim Harvey [Fri, 8 Sep 2017 18:56:59 +0000 (11:56 -0700)]
cns3xxx: fix GPIO controller interrupt enable
The cns3xxx interrupt controller uses a single register and as such
the 'mask' reg/functions must be used as opposed to the 'enable'/'disable'
reg/functions.
This fixes an issue that occurs if more than one GPIO on a specific controller
(there is GPIOA and GPIOB each having 32 GPIO's) uses interrupts. When one
would get enabled all others would be disabled prior to this patch.
Signed-off-by: Tim Harvey <tharvey@gateworks.com> Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Kevin Darbyshire-Bryant [Fri, 1 Sep 2017 18:04:29 +0000 (19:04 +0100)]
mbedtls: update to 2.6.0 CVE-2017-14032
Fixed an authentication bypass issue in SSL/TLS. When the TLS
authentication mode was set to 'optional',
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
peer's X.509 certificate chain had more than
MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
it was not trusted. This could be triggered remotely on both the client
and server side. (Note, with the authentication mode set by
mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
was correctly aborted).
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>
Enrique Giraldo [Wed, 2 Aug 2017 15:08:32 +0000 (17:08 +0200)]
ar71xx: add metadata to wpj344 and wpj558 images
This adds metadata to wpj344 and wpj558 images to prevent loading
firmware of wpj344 into wpj558 and vice versa. This until now was
possible and break the units and had to be recovered from the uboot.
Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.
Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
[whitespace fixes, ac radio caldata offset fix] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
For the Archer C50v1, the EU and US versions are differentiated by their
respective HW additional version (0x0 for US, 0x2 for EU).
The stock web interface checks this field before flashing, making it
impossible to flash the current (US) factory image on EU hardware.
However the bootloader does not check this field, making it possible to use
a single sysupgrade image for both hardware.
This patch adds the necessary build bits to generate both EU and US factory
images, and renames the target as "Archer C50v1" since there are as of now
3 different versions of Archer C50 (all with different CPUs).
Kristian Evensen [Wed, 6 Sep 2017 09:14:16 +0000 (11:14 +0200)]
ramips: add support for the HNET C108
The HNET C108
(http://www.szhwtech88.com/Product-product-cid-100-id-4374.html) is a
mifi based on MT7602A, which has the following specifications:
* CPU: MT7620A
* 1x 10/100Mbps Ethernet.
* 16 MB Flash.
* 64 MB RAM.
* 1x USB 2.0 port. Only power is connected, this port is meant for
charging other devices.
* 1x mini-PCIe slots.
* 1x SIM slots.
* 1x 2.4Ghz WIFI.
* 1x button.
* 6000 mAh battery.
* 5x controllable LEDs.
Works:
* Wifi.
* Switch.
* mini-PCIe slot. Only tested with a USB device (a modem).
* SIM slot.
* Sysupgrade.
* Button (reset).
Not working (also applies to the factory firmware):
* Wifi LED. It is always switched on, there is no relation to the
up/down state or activity of the wireless interface.
Not tested:
* SD card reader.
Notes:
* The C108 has no dedicated status LED. I therefore set the LAN LED as
status LED.
Installation:
The router comes pre-installed with OpenWRT, including a variant of
Luci. The initial firmware install can be done through this UI,
following normal procedure. I.e., access the UI and update the firmware
using the sysupgrade-image. Remember to select that you do not want to
keep existing settings.
Recovery:
If you brick the device, the C108 supports recovery using TFTP. Keep the
reset button pressed for ~5sec when booting to trigger TFTP. Set the
address of the network interface on your machine to 10.10.10.3/24, and
rename your image file to Kernal.bin.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Mathias Kresin [Thu, 31 Aug 2017 05:52:00 +0000 (07:52 +0200)]
kernel: rtl8306: fix port link status
In case the link changes from down to up, the register is only updated
on read. If the link failed/was down, this bit will be 0 until after
reading this bit again.
Fixes a reported link down by swconfig alebit the link is up (query for
the link again will show the correct link status)
Mathias Kresin [Wed, 9 Aug 2017 16:43:56 +0000 (18:43 +0200)]
lantiq: fix xrx200 switch carrier state
In conditions where none of the switch ports is connected during boot,
the priv->port[i].link != priv->port[i].phydev->link condition is false
since both link values are equal (false). The carrier of the switch
netdev is never set to off and the link state reported by ip is UNKNOWN.
Turn the carrier off if none of the switch ports has a link, regardless
whether something has been changed. Add a check for a carrier to
prevent unnecessary calls to netif_carrier_off() if the carrier is
already off.
Kristian Evensen [Wed, 6 Sep 2017 06:14:23 +0000 (08:14 +0200)]
ramips: fix default LED configuration
Commit 77645ffcd9ad ("ramips: add support for the GnuBee Personal Cloud
One") dropped the execution permission from 01_leds with the result
that the file isn't started during first boot and no default LED
configuration is added.
Revert the introduced file permission change.
Fixes: FS#979 Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[cherry picked the fix from a board support patch] Signed-off-by: Mathias Kresin <dev@kresin.me>
Hans Dedecker [Tue, 5 Sep 2017 12:33:01 +0000 (14:33 +0200)]
odhcp6c: add workaround for broken extendprefix scenario
Extendprefix is typically used to extend an IPv6 RA prefix from a mobile
wan link to the LAN; such scenario requires correct RA prefix settings
like the on link flag not being set.
However some mobile manufacter set the RA prefix on link flag which breaks
basic IPv6 routing.
Work around this issue by filtering out the route being equal to the
extended prefix.
ar71xx: WNDR4300: use the switch LED trigger on the WAN port
The WAN port on the Netgear WNDR4300 router has two LEDs,
amber and green. Use the switch LED trigger to behave as the
rest of the LAN HW controlled LEDs
- Green: 1 Gbps
- Amber: 100/10 Mbps
Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
Kuang Rufan [Fri, 25 Aug 2017 12:45:19 +0000 (20:45 +0800)]
ar71xx: add support for TL-WR1041N(v2) LAN/WAN LEDs.
1. Add support to LAN/WAN LEDs attached to ar8327.
2. Fix the problem that LAN/WAN LEDs does not blink in hardware (auto)
mode when connected to 10M/100M ethernet.
Hans Dedecker [Fri, 1 Sep 2017 14:02:33 +0000 (16:02 +0200)]
ubox: update to git HEAD version
b1bc8d5 kmodloader: log error message in case of out of memory f346111 kmodloader: lift restriction on module alias info f1ef2c3 kmodloader: fix possible segfaults 9cb63df kmodloader: fix endianess check 2cff779 kmodloader: Check module endian before loading d54f38a kmodloader/get_module_info: initialized aliases to make it more clean a0b6fef kmodloader: insmod: fix a memoryleak in error case 278c4c4 kmodloader/get_module_name: null-terminate the string 16f7e16 syslog: remove unnecessary sizeof struct between messages
Thibaut VARENE [Fri, 4 Aug 2017 10:32:04 +0000 (12:32 +0200)]
generic: make switch_port_stats tx/rx_bytes long long
This generic structure defines tx_bytes and rx_bytes as unsigned long (u32),
while several devices would typically report unsigned long long (u64).
The code can work as is, but there's a chance that with a sufficiently fast
interface the overflow might happen too fast to be correctly noticed by the
consumers of this data.
This patch makes both field unsigned long long and updates the only known
consumer of this data: swconfig_leds.c
João Chaínho [Thu, 31 Aug 2017 15:45:39 +0000 (16:45 +0100)]
ar71xx: fix switch port numbering on RB750r2 and RB750UPr2
This patch fixes the switch port numbering on Mikrotik RB750r2 (hEX lite) and RB750UPr2 (hEX PoE lite).
Tested on a RB750UPr2. Maybe this patch is applicable to other devices (e.g. RB951Ui-2nD, RB952Ui-5ac2nD) but I have no way to test them.
Signed-off-by: João Chaínho <joaochainho@gmail.com>
Rosen Penev [Wed, 30 Aug 2017 22:58:09 +0000 (15:58 -0700)]
dropbear: Link ssh and scp command to /bin instead of /usr/bin
ssh and scp commands interfere with OpenSSH when installed in /usr/bin .
One use case is when installing dropbear to get root access when only OpenSSH is available (OpenSSH disallows root password logins). Once dropbear installs, it replaces OpenSSH's executables, even when removed with opkg. OpenSSH must be reinstalled to get them back.
Koen Vandeputte [Thu, 31 Aug 2017 11:30:11 +0000 (13:30 +0200)]
musl: update to 1.1.16+ git HEAD 2017-08-30
Fixes critical issues for memset() & fflush()
Changes:
5f7efb8 move IPPORT_RESERVED from netdb.h to netinet/in.h 5f3b652 add powerpc64 and s390x to list of supported archs in INSTALL
file 9d4c902 fix undefined behavior in memset due to missing sequence points c7f56b4 __init_libc: add fallbacks for __progname setup cc08669 add SIOCGSTAMPNS socket ioctl macro to ioctl.h 02b50c9 fix mips ioctl macros to match linux asm/sockios.h 670d6d0 fix unsynchronized access to FILE structure in fflush(0)
uboot-envtools: Add support for IPQ806x AP148 and DB149
IPQ806x AP148 and DB149 boards didn't have the UCI ubootenv
section initialized, so the usage of fw_printenv required manual
configuration. With this change, the "fw_printenv" and "fw_setenv"
command will automatically work on NOR and NAND based platforms.
Daniel Golle [Wed, 19 Jul 2017 21:53:35 +0000 (23:53 +0200)]
busybox: move passwd applet to /bin
busybox currently installs passwd into /usr/bin which prevents its
'full' shadow-utils variant from being installed.
Move the passwd applet to /bin to avoid that collision.
shadow also provides /usr/bin/login which doesn't collide with busybox
as the busybox login applet is installed at /bin/login.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 19 Jul 2017 21:52:22 +0000 (23:52 +0200)]
busybox: move traceroute applets to /bin
busybox currently installs traceroute and traceroute6 into /usr/bin
which prevents their 'full' iputils variants from being installed.
Move those applets to /bin so they can coexist with their iputils
siblings using the same PATH convention already applied for coreutils
and other drop-in 'full' versions.
Refresh existing patch while at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rosen Penev [Sat, 26 Aug 2017 03:12:13 +0000 (20:12 -0700)]
samba36: Remove syslog and load printers lines.
printer support is removed using 200-remove_printer_support.patch. the syslog parameter requires samba to be compiled with --with-syslog. Currently samba does not log to syslog and probably has not for a long time.
Zoltan Gyarmati [Sat, 26 Aug 2017 13:14:20 +0000 (15:14 +0200)]
scripts/dowload.pl: use glob to expand target dir
If CONFIG_DOWNLOAD_FOLDER is set to for example "~/dl", the download
script fails to create the .hash and .dl files with the following
errors:
Cannot create file ~/dl/dropbear-2017.75.tar.bz2.dl: No such file or directory
sh: 1: cannot create ~/dl/dropbear-2017.75.tar.bz2.hash: Directory nonexistent
If the tarball already exists in the ~/dl dir, it's properly found and
used, so this issue only affects the download.pl script.
This patch calls glob() on the target dir parameter, which will expand `~`.
Koen Vandeputte [Tue, 22 Aug 2017 14:37:33 +0000 (16:37 +0200)]
musl: bump to latest 1.1.16+ git HEAD
Changes:
1698fe6 fix build failure for sh4a due to missing colon in asm statement 80bf595 trap UB from attempts to join a detached thread e31c8c2 ppc64: fix setjmp/longjmp handling of TOC pointer 52cf5c1 qsort: add a short comment about the algorithm dc2f368 disable global visibility override hack (vis.h) by default 947d330 add _NL_LOCALE_NAME extension to nl_langinfo a08910f fix missing volatile qualifier on lock in __get_locale 2e6e084 remove ineffective compiler assist from printf bc42dcb fix undefined behavior in ptrace d906fa3 unify the use of FUTEX_PRIVATE 60ab365 fix undefined behavior in free f688884 reapply va_arg hacks removal to wprintf bd00cc8 remove useless declarations in string.h f3055e0 allow specifying argv[0] when invoking a program via ldso
command 43c423a fix regression in dlopen promotion from RTLD_LOCAL to
RTLD_GLOBAL 66b53cf ldso: avoid spurious & possible erroneous work for libs with no
deps 94f7441 powerpc64: add single-instruction math functions 9d12a6a fix clang CFLAGS checks and silence unused argument warnings ce385fc s390x: add single-instruction math functions e6def54 fix arm run-time abi string functions 91d34c4 fix regression in getspnam[_r] error code for insufficient
buffer size 5948bc1 fix omission of microblaze user.h definitions b7bfb5c fix iconv conversions for iso88592-iso885916 64f8558 handle errors from localtime_r in ctime_r 2d7d05f set errno when getpw*_r, getgr*_r, and getspnam_r fail 5c10c33 handle localtime errors in ctime 1c86c7f handle mremap failure in realloc of mmap-serviced allocations 1080008 getdate: correctly specify error number af05173 catopen: set errno to EOPNOTSUPP 84eff79 fix glob failure to match plain "/" to root directory bc313e8 use hard-coded sh4a atomic opcodes to avoid linker errors on sh 179766a towupper/towlower: fast path for ascii chars 1c49700 remove long-obsolete clang workarounds from mips* syscall_arch.h
files 4073f03 fix fstatat syscall on mips64 81f4a12 fix fchown fallback on arches without chown(2) 97bd6b0 fix iconv conversions to legacy 8bit encodings f9f686b have posix_spawnattr_setflags check for supported flags 77e895d add no-op POSIX_SPAWN_USEVFORK to spawn.h 5555041 s390x: provide sigcontext struct definition bb439bb implement new posix_spawn flag POSIX_SPAWN_SETSID 58e2396 remove va_arg hacks in printf core with undefined behavior e1232f5 make ttyname[_r] return ENODEV rather than ENOENT 1a7fa5e fix regression in support for resolv.conf attempts option 8c44a06 fix scalbn when result is in the subnormal range 2577b1b allow full-range file offsets to mmap on archs with 64-bit
syscall args b3751c3 fix dl_iterate_phdr in static PIE binaries 1ca5975 fix read past end of buffer in getaddrinfo backend 54807d4 aarch64: add single instruction math functions b6e1fe0 fix strptime output for %C without %y 834ef7a fix processing of strptime %p format 85dfab7 fix off-by-one in strptime %j 9571c53 regex: fix newline matching with negated brackets e6917ec increase limit on locale name length from 15 to 23 bytes e4fc9ad search locale name variants for gettext translations 16319a5 make setlocale return a single name for LC_ALL if all categories
match 0c53178 fix dlopen/dlsym regression opening libs already loaded at
startup dbff2bb fix POSIX-format TZ dst transition times for southern hemisphere 74bca42 s390x: fix fpreg_t and remove unused per_struct a393d5c precalculate gnu hash rather than doing it lazily in find_sym
inner loop 8cba1dc fix threshold constants in j0f, y0f, j1f, y1f cb52539 remove unused refcnt field for shared libraries c49d3c8 avoid loading of multiple libc versions via explicit pathname 3ec8b3a fix one-byte overflow in legacy getpass function 733d1ea fix wide scanf's use of a compound literal past its lifetime 6a209f1 fix possible fd leak, unrestored cancellation state on dns
socket fail 500f5be in static dl_iterate_phdr, fix use of possibly-uninitialized aux
data 6582baa fix free of uninitialized buffer pointer on error in regexec 6476b81 emulate lazy relocation as deferrable relocation 4823b13 reorder addend handling before symbol lookup in relocation code 4ff234f rework ldso handling of global symbol table for consistency c9783e4 treat STB_WEAK and STB_GNU_UNIQUE like STB_GLOBAL in find_sym fc85fb3 fix ld-behavior-dependent crash in ppc64 ldso startup 827c4e6 fix lsearch and lfind to pass key as first arg to the compar
callback 0a4a16d allow page size to vary on arm b261a24 fix build regression in arm atomics asm with new binutils 9201c3a s390x: implement dlsym d6601f0 avoid unbounded strlen in gettext functions dbbb373 fix use of uninitialized pointer in gettext core 01e6bbe fix bindtextdomain logic error deactivating other domains 6894f84 fix spurious EINTR errors from multithreaded set*id, etc. 1f53e7d fix crashes in x32 __tls_get_addr 27b3fd6 fix crash from corrupted tls module list after failed dlopen 809ff8c treat base 1 as an error in strtol-family functions 786fda8 fix getopt[_long] clobbering of optopt on success 150747b reduce impact of REG_* namespace pollution in x86[_64] signal.h
Tested on cns3xxx & imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Rosen Penev [Thu, 24 Aug 2017 23:51:24 +0000 (16:51 -0700)]
samba36: Don't resolve interfaces.
It's redundant and also buggy. IPv6 link local addresses and ::1 are not resolved for example. Doesn't matter since lo and br-lan for example, resolve to them.
Signed-off-by: Rosen Penev <rosenp@gmail.com> Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Tue, 29 Aug 2017 13:29:18 +0000 (14:29 +0100)]
dnsmasq: forward.c: fix CVE-2017-13704
Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset()
is called with header & limit pointing at the same address and thus
tries to clear memory from before the buffer begins.
answer_request() is called with an invalid edns packet size provided by
the client. Ensure the udp_size provided by the client is bounded by
512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512
MUST be treated as equal to 512"
The client that exposed the problem provided a payload udp size of 0.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
projects / users / dwmw2 / openwrt.git / log