Commit Graph

40112 Commits

Author SHA1 Message Date
John Crispin
7c0a2bc930 busybox: backport cve-2017-16544 fix
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.

Fixes: FS#1181 - CVE-2017-16544:

Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
https://nvd.nist.gov/vuln/detail/CVE-2017-16544

Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 07:14:08 +01:00
Roman Yeryomin
0b1fa809d0 base-files: rc.common: fix enable() return code and logic
In current state, if there is START but no STOP, enbale()
will return 1 (failure), which is wrong.
Moreover there is no need to check for START/STOP twice.
Instead, add err variable to save success state and
and return it's value.
Also eliminate the need to disable() by using 'ln -sf',
which will first delete the old symlink if one exists.

Changes from v1:
- fixed description

Signed-off-by: Roman Yeryomin <roman@advem.lv>
2018-01-02 07:14:08 +01:00
John Crispin
b153745bfb procd: update to latest git HEAD
7aad940 procd: initd: fix path allocation in early_insmod
006c19c procd: Remove unnecessary memset calls.

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 07:14:08 +01:00
Jo-Philipp Wich
ab703bf174 uci: bump to git HEAD version
5beb95d lua: additionally return name when looking up sections
ff33bb2 lua: support extended section notation

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-01 16:42:29 +01:00
Hauke Mehrtens
9f626501cb nftables: fix sha256sum
The mirror was delivering a file with a different hash.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-31 18:46:13 +01:00
Kabuli Chana
d0a14c1cd9 mwlwifi: update to version 10.3.4.0 / 2017-12-14
Lastest stamped version

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2017-12-31 18:46:13 +01:00
Kevin Darbyshire-Bryant
7aa15953e1 kmod-sched-cake: bump to latest bake
Fix overhead accounting error introduced by f33c4d6 refactor
cake_advance_shaper and ack_filter

Symptoms were links running under rate.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-30 14:17:34 +01:00
Rafał Miłecki
3267ce750e bcm53xx: use iflag=skip_bytes for dd command during sysupgrade
Since BusyBox 1.25.0 dd command supports iflag=skip_bytes which allows
skipping requested amount of bytes without reducing blocksize. Thanks to
this we can leave default blocksize and let dd work more efficiently.

On Netgear R6250 "dd skip=58 iflag=skip_bytes" can be 5 times faster
than "dd bs=58 skip=1" when extracting TRX out of CHK.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-12-29 23:18:45 +01:00
Rafał Miłecki
612a93564c brcm47xx: image: build firmware for Asus WL-500g Deluxe
It's a device based on BCM5365P (0x5365 package 0x00). This SoC has
USB 1.1 controller but device has two USB 2.0 parts. They are handled by
PCI-based controllers: 1106:3038 UHCI and 1106:3104 EHCI.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-12-29 23:18:19 +01:00
Rafał Miłecki
fea884ff51 bcm53xx: add early support for kernel 4.14
Don't switch to it by default yet as it requires more testing.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-12-29 23:15:32 +01:00
Mathias Kresin
4dd51788dd ramips: fix Omega2 compatible string
Change the compatibel from Omega to Omega2 and add the compatible string
where missing.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-29 22:32:34 +01:00
Mathias Kresin
76d735d189 ramips: fix widora neo diag led
The diag LED is named widora🍊wifi and can't be derived from the
boardname.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-29 22:32:34 +01:00
Thomas Nixon
9fc9fbeb97 lantiq: fix dts compatible string
This was broken in 7bab49fd ("lantiq: add compatible strings to dts
files"), causing for the dm200 garbled serial output during boot, and
likely other issues.

Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
[fix the compat string of the P2601HNFX as well]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-29 22:32:26 +01:00
rektide de la faye
0f72690a2d iptables: fix nftables compile issue (FS#711)
Enabling IPTABLES_NFTABLES resulted in an error during build:#
*** No rule to make target '../extensions/libext.a',
needed by 'xtables-compat-multi'."

Comments from Alexander Lochmann and Fedor Konstantinov in FS#711
provided fixes for this build error, allowing iptables to compile.
https://bugs.lede-project.org/index.php?do=details&task_id=711.

This commit updates the Makefile.am xtables_compat_multi_LDFLAGS
and _LDADD, moving linking of extensions to LDFLAGS.

Signed-off-by: rektide de la faye <rektide@voodoowarez.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-29 18:06:25 +01:00
Rafał Miłecki
6e922a0756 bcm53xx: make USB packages compatible with kernels 4.13+
In kernels 4.13+ modules are located in an extra "broadcom" subdir.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-12-29 17:25:51 +01:00
Matthias Schiffer
302aa793c0
base-files: fix logic when to show failsafe banner
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 8170f280c4 ("base-files: set FAILSAFE in /etc/profile when
/tmp/.failsafe exists")
2017-12-29 15:58:16 +01:00
Rafał Miłecki
9c312ef628 bcm53xx: add upstream patch fixing SPI controller driver
That patch fixes handling SPI messages with two writing transfers. It's
important when using e.g. by m25p80 driver which uses one transfer for
opcode and another one for data.

Thanks to that fix we can now drop m25p80 workaround patch. It means one
less hack and also a better flash writing performance as there is no
more data buf copying.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-12-29 15:31:22 +01:00
Vittorio Gambaletta
d40a358136
ag71xx: Fix rx ring buffer stall on small packets flood on qca956x and qca953x.
Backported from Code Aurora QSDK

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
2017-12-29 15:17:07 +01:00
Matthias Schiffer
8170f280c4
base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists
Since dropbear clears the environment, FAILSAFE was not set as intended in
failsafe mode. This also broke sysupgrade from failsafe mode over SSH.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-29 14:34:03 +01:00
Matthias Schiffer
20c349f68c
busybox: add missing TARGET_CPPFLAGS and TARGET_LDFLAGS
Unconditionally pass TARGET_CPPFLAGS (not passed at all before) and
TARGET_LDFLAGS (passed only in certain non-default configuration before the
Makefile streamlining). Without these flags, hardening options
(PKG_FORTIFY_SOURCE and PKG_RELRO) were not actually applied to busybox.

The addition of these flags increases the size of the stripped busybox
binary by about 6KB (~4KB with fortify headers, ~2KB with "-znow -zrelro")
with the default hardening options PKG_FORTIFY_SOURCE_1 and PKG_RELRO_FULL.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-28 12:26:23 +01:00
Matthias Schiffer
a10fae1133
busybox: streamline Makefile
Use default Build/Install steps where possible. No binary change in default
configuration, so PKG_RELEASE is not incremented.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-28 12:24:25 +01:00
Matthias Schiffer
307b29032f
include/package.mk: remove old configured stamps before attempting configuration
Some packages, e.g. busybox, explicitly remove old .configured stamps
before attempting configuration, rather than after the actual configuration
step. This seems like a good idea, as there will be no stamp left if
configuration fails. Change generic rules to work like this, so package-
specific rules can be dropped.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-28 12:24:25 +01:00
Florian Eckert
23bba9cb33 dnsmasq: send procd signal on service reload
Send a SIGHUP signal via procd to the dnsmasq service so the instance(s)
re-read(s) the /tmp/hosts/dhcp config.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-12-26 23:35:45 +01:00
Florian Eckert
4f02285d8b dnsmasq: rewrite config on host name modification
If the hostname in /etc/config/system is modified the dnsmasq should also
get triggered to rewrite/reload the config.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-12-26 23:35:34 +01:00
Philip Prindeville
2e23733838 x86: add NVMe support for motherboards w/ M.2 slot
A lot of 1U x86_64 servers have NVMe support, which is lower-power
and higher speed than SSD or CFast drives, etc.  The drivers
required to make this work are trivial.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-12-26 23:31:00 +01:00
Kevin Darbyshire-Bryant
e547f1692a kernel: bump 4.4 to 4.4.108
Refresh patches.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-26 23:31:00 +01:00
Kevin Darbyshire-Bryant
7b6e01d389 kernel: bump 4.9 to 4.9.72
Refresh patches.

Runtime tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-26 23:31:00 +01:00
Yangbo Lu
ab8da4d285 layerscape: add byte_swap.py script for ls-rcw package
This patch is to add a byte_swap.py script for rcw bin
byte swapping instead of using tclsh.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-12-26 23:30:59 +01:00
Yangbo Lu
5741835ed4 layerscape: fix PKG_BUILD_DIR for packages
PKG_BUILD_DIR was defined with quoting PKG_VERSION in
layerscape package makefiles. Now PKG_VERSION has been
removed from these makefiles. When PKG_BUILD_DIR quotes
PKG_VERSION, '=' should be used instead ':=' to make
sure PKG_VERSION has been defined in common makefile.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-12-26 23:30:59 +01:00
Philip Prindeville
60c4f9ce56 kernel: add i2c-smbus module package
Intel motherboards (as well as the Cavium ThunderX SoC) use a
superset of the I2C protocol called SMBus.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-12-26 20:13:43 +01:00
Jonas Gorski
1064e76e4e linux: unbreak host tools build for 4.14
Remove a stray -Wp left in host_c_flags causing build failures for newer
4.14 versions.

Reported-by: Michael Marley <michael@michaelmarley.com>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-12-25 19:06:53 +01:00
Christian Lamparter
246916ddf4 brcm2708: use x86's upgrade scripts for all rpi targets
Advantages:
 - preserves existing partition layout on the sd-card.
   Only the boot and rootfs partition will be overwritten.

Please note that sysupgrade will refuse to upgrade, if the existing
installation  has an incompatible partition layout. Future changes
to the bootfs and/or rootfs partition size will likely cause breakage
to the sysupgrade procedure. In these cases, the ext4-sdcard.img.gz
will have to be written to the sdcard manually.
Please don't forget to backup your configuration in this case.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-25 12:19:43 +01:00
Christian Lamparter
6f04128892 brcm2708: convert to dt-based board-detection
Use the values populated by the generic board detect function. The
first compatible from the device tree source file will be the board
name in userspace. The model property from the device tree source file
will be the model name.

Change the board name where used in the userspace and drop the target
specific board detect, to use the generic one.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-25 12:19:41 +01:00
Christian Lamparter
778543dab4 brcm2708: add compatible strings
This patch adds the compatible string for the various RPIs from
4.14 upstream.

Note: The 4.14 upstream does not include the compute modules.
If the CM* would just house the SoC, it could in theory use the
"raw" chip compatible string. However, these CM boards also come
with RAM and eMMC. So they have to have a proper comaptible.

For now, "raspberrypi,compute-module-{1|3}" will be good enough.

Note2: The original CM was renamed to CM1 when CM3 was released.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-25 12:19:37 +01:00
Christian Lamparter
e79b096ee1 brcm2708: convert to metadata
This patch converts all the raspberrypi images to utilize
the common metadata-based image verification.

Note: the CM1 and CM3 currently use the same "rpi-cm"
boardname.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-25 12:19:36 +01:00
Hans Dedecker
67c1c145f0 nghttp2: bump to 1.29.0
439b9b6c (tag: v1.29.0) Update manual pages
48498452 Bump up version number to v1.29.0, LT revision to 29:1:15
d30f3816 Update manual pages
4d1139f6 Remove SPDY
48f57407 nghttpx: Update doc
c1f14d73 Update manual pages
216f4dad nghttpx: Remove redundant check
a4e27d76 Revert "nghttpx: Use an existing h2 backend connection as much as possible"
2365f12e Fix CMAKE_MODULE_PATH
03f7ec0f nghttpx: Write API request body in temporary file
2056e812 nghttpx: Increase api-max-request-body
1ebb6810 nghttpx: Faster configuration loading with lots of backends
a3ebeeaf nghttpx: Fix crash with --backend-http-proxy-uri option
422ad1be Use NGHTTP2_REFUSED_STREAM for streams which are closed by GOAWAY
97f1735c Bump up version number to 1.29.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-24 17:06:16 +01:00
John Crispin
5bbd493e66 usbmode: update to latest git HEAD
f40f84c support PantechMode
d8dc335 support Quanta and Blackberry modes
333e486 fix support for Option modems

Signed-off-by: John Crispin <john@phrozen.org>
2017-12-24 09:03:01 +01:00
Gabor Juhos
6456999731 ar71xx: spi-rb4xx: balance clk_prepare_enable() call
Commit c312cef223 ("ar71xx: spi-rb4xx fix.") replaced the clk_enable() call
with clk_prepare_enable() to meet the common clock framework requirements.
However it did not change the clk_disable() call in the error patch which
thus leads to imbalance.

Fix the code by using the correct counterpart of clk_prepare_enable() in both
places.

Fixes: c312cef223 ("ar71xx: spi-rb4xx fix.")
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
2017-12-24 09:03:01 +01:00
Gabor Juhos
df68e63a4f kernel/4.14: add missing newline character to UBI messages
A few UBI messages lacks the trailing newline character which
leads to ugly lines in the bootlog like this:

  [    6.649159] UBI error: no valid UBI magic found inside mtd6[    6.667751] Freeing unused kernel memory: 2196K

Add a newline character to the end of the messages to fix it.
After the fix the line from above looks better in the log:

  [    6.609182] UBI error: no valid UBI magic found inside mtd6
  [    6.627599] Freeing unused kernel memory: 2132K

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
2017-12-24 09:03:01 +01:00
Gabor Juhos
975e9cd866 kernel/4.9: add missing newline character to UBI messages
A few UBI messages lacks the trailing newline character which
leads to ugly lines in the bootlog like this:

  [    6.649159] UBI error: no valid UBI magic found inside mtd6[    6.667751] Freeing unused kernel memory: 2196K

Add a newline character to the end of the messages to fix it.
After the fix the line from above looks better in the log:

  [    6.609182] UBI error: no valid UBI magic found inside mtd6
  [    6.627599] Freeing unused kernel memory: 2132K

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
2017-12-24 09:03:01 +01:00
Gabor Juhos
bb51193acd kernel/4.4: add missing newline character to UBI messages
A few UBI messages lacks the trailing newline character which
leads to ugly lines in the bootlog like this:

  [    6.649159] UBI error: no valid UBI magic found inside mtd6[    6.667751] Freeing unused kernel memory: 2196K

Add a newline character to the end of the messages to fix it.
After the fix the line from above looks better in the log:

  [    6.609182] UBI error: no valid UBI magic found inside mtd6
  [    6.627599] Freeing unused kernel memory: 2132K

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
2017-12-24 09:03:00 +01:00
Kevin Darbyshire-Bryant
edf5ae2026 wireguard: bump to 20171221
7e945a8 version: bump snapshot
f2168aa compat: kernels < 3.13 modified genl_ops
52004fd crypto: compile on UML
6b69b65 wg-quick: dumber matching for default routes
aa35d9d wg-quick: add the "Table" config option
037c389 keygen-html: remove prebuilt file

No patch refresh required.

Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-23 22:08:12 +01:00
Kevin Darbyshire-Bryant
b0d99b77e5 kernel: bump 4.4 to 4.4.107
Refresh patches.

Update patch that no longer applied:
oxnas/0072-mtd-backport-v4.7-0day-patches-from-Boris.patch

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Rosen Penev <rosenp@gmail.com>
2017-12-23 15:36:01 +01:00
Martin Schiller
94952636e7 lantiq: remove DSL_ChipSetHWVersion from status information
The value DSL_ChipSetHWVersion is fetched from the dsl frontend
via the dsl_control service, but not really provided by the dsl
frontend firmware and for now always "UNKNOWN".

The lantiq support told us that this information wouldn't be
provided in the foreseeable future, so let's remove this
useless "UNKNOWN" information.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-12-23 15:35:52 +01:00
Mathias Kresin
c7776d4c55 ramips: fix Linkit smart 7688 support
Use a more appropriate compatible string. Fix the wireless led GPIO and
add the default wireless trigger. Use the wireless LED for boot state
indication as well.

Remove the GPIO pinmux for pins not exposed on the board.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-23 15:35:52 +01:00
Henryk Heisig
39e9bfb181 ramips: add support for TP-Link TL-MR3420 v5
TP-Link TL-MR3420 v5 are simple N300 router with
5-port FE switch and non-detachable antennas.
Its very similar to TP-Link TL-WR841N V13.

Specification:

- MT7628N/N (580 MHz)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH
- 2T2R 2.4 GHz
- 5x 10/100 Mbps Ethernet
- 2x external, non-detachable antennas
- USB 2.0 Port
- UART (J1) header on PCB (115200 8n1)
- 8x LED, 2x button, power input switch

Flash instruction:

The only way to flash LEDE image in mr3420v5 is to use
tftp recovery mode in U-Boot:

1. Configure PC with static IP 192.168.0.225/24 and tftp server.
2. Rename "lede-ramips-mt7628-tplink_tl-mr3420-v5-squashfs-tftp-recovery.bin"
   to "tp_recovery.bin" and place it in tftp server directory.
3. Connect PC with one of LAN ports, press the reset button, power up
   the router and keep button pressed for around 6-7 seconds, until
   device starts downloading the file.
4. Router will download file from server, write it to flash and reboot.

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2017-12-23 15:35:52 +01:00
Mathias Kresin
8ca650b8ce ramips: move common tplink image build code into own recipe
Move common tplink image build code into own recipe. Include the common
parts instead of including a full build recipe and overwriting former set
varaibles.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-23 15:35:52 +01:00
Tomasz Maciej Nowak
cb2c0649ee kernel: move console loglevel to generic
Move CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 to generic, to make it consistent
across all targets.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2017-12-23 14:24:40 +01:00
Hans Dedecker
0fca474e70 uci: update to latest git HEAD (FS#1182)
25fd142 list: remove unncessary increment of n_section (FS#1182)
021fd65 file: remove unnecessary uci_fixup_section calls

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-22 18:30:59 +01:00
Hans Dedecker
d3ba3963c1 odhcpd: update to latest git HEAD
7aa2594 odhcpd: Replace strerror(errno) with %m format
750e457 Support muliple RAs on single interface

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-22 18:30:33 +01:00