Couple of important upstream patches (slated for 2.0.15) that
are necessary for kexec to run on MUSL and on x86 hardware.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit dfacdc6a99)
If you're using Chrony or NTPD you don't want the busybox NTP server
as well. Make it's installation truly conditional.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [simplify]
(cherry picked from commit 0b24850e97)
This will be used to replace all those nasty board specific scripts
that do basically the same thing
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit ec99142474)
In the drv_mac80211_setup function, mac80211_interface_cleanup
is called to ask the kernel to delete all existing interfaces
for the phy that is being configured via netlink.
Later in the first function, mac80211_prepare_vif is called to
set up the new interfaces as required.
But sometimes, when mac80211_prepare_vif (and so the relevant
`iw phy x interface add y` command) runs, the kernel might still
be cleaning up the old interface with the same ifname. It usually
takes very few time to do that; possibly a few milliseconds of
sleep in the script after detecting this error condition could be
enough, but the busybox sh does not support sub-second sleep
intervals.
When this happens, iw obviously fails to create the new interface;
and the following message is printed in the system log, followed by
subsequent failure messages from hostapd in case this would have been
an AP interface.
Tue Mar 14 04:21:57 2017 daemon.notice netifd: radio1 (2767): command failed: Too many open files in system (-23)
This was a long-standing issue existing since at least OpenWrt Backfire,
and today I finally managed to debug and (hopefully) solve it.
It was happening very few times on most devices; but it was happening
a lot more frequently on fast platforms with multiple radios, such as
the powerpc-based dual-ath9k-radio tl-wdr4900-v1.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
(cherry picked from commit 8301e61365)
uClibc doesn't implement strerror_l() and thus libnl starting from
3.2.29 couldn't be compiled with it any longer, see
6c2d111177
To work-around that problem we'll just do a check on strerror_l()
availability during configuration and if it's not there just fall back
to locale-less strerror().
Patch for libnl is alreadfy merged upstream, see
e15966ac7f
and once the next libnl release happens this one must be removed from
Lede/OpenWrt.
Signed-off-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Cc: Felix Fietkau <nbd@nbd.name>
Cc: John Crispin <john@phrozen.org>
Cc: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit 51d9ac61c7)
musl provides a /lib/libc.so file which should be integrated into the libc
package when the external toolchain with musl is used.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b6a8b43dd2)
continue work started here: http://patchwork.ozlabs.org/patch/520859
Extend /etc/config/system with parameters to set the default respawn treshold and respawn timeout
for procd launched services that have respawn enabled.
This results in cleaner init scripts, while making sure services have respawn parameters set.
Signed-off-by: Claudiu Brasovean <cbrasho@gmail.com>
(cherry picked from commit c70c6ac070)
We need to let external toolchains be able to specify the path and
specification file to the libthread-db POSIX thread debugging shared
libraries.
This fixes GDB not being able to be installed because it is depending on
libthread-db:
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies
* for gdb:
* libthread-db *
* opkg_install_cmd: Cannot install package gdb.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 7f0c95a7df)
Pass down TARGET_CPPFLAGS for path to header files, and append the
libraries we depend on in TARGET_LDFLAGS. Put TARGET_LDFLAGS at the end
of the command line as is required by modern GCC/binutils.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 30159b3886)
Fixes build issues with external toolchains that do not have STAGING_DIR
in their default search path.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 4aa1560de3)
Fixes linking failures observed with external toolchains:
/home/florian/dev/toolchains/stbgcc-4.8-1.5/bin/../lib/gcc/mipsel-linux-gnu/4.8.5/../../../../mipsel-linux-gnu/bin/ld:
warning: libubox.so, needed by
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so,
not found (try using -rpath or -rpath-link)
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so:
undefined reference to `blobmsg_open_nested'
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so:
undefined reference to `blobmsg_parse'
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so:
undefined reference to `blob_nest_end'
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so:
undefined reference to `blobmsg_add_field'
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit fe8618a8fe)
Make sure we pass down TARGET_CPPFLAGS to let toolchains with no default
search paths to find the mbdetls headers, and override TARGET_LDFLAGS to
include libraries we are linking against.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 306ee64361)
Fixes build with external toolchains not having STAGING_DIR in their
default search path(s).
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 562ebe7982)
thc-ipv6 did not allow an external environment to override CFLAGS, which
would lead to our CFLAGS not being passed properly (relro,
optimizations, etc...)
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 9b2321f42d)
Some toolchains will produce executables with an interpreter that is e.g:
ld.so.1 (typically a symbolic link). Due to our current LIBC_SPEC_FILE value,
we would not be able to copy this symbolic link/file over to the rootfs and
executables would fail to load. Extend the search pattern to include all
ld*.so* files that could be needed.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 200d932322)
add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)
Fixes CVEs: CVE-2017-3737, CVE-2017-3738
Signed-off-by: Peter Wagner <tripolar@gmx.at>
(backported from commit 55e70c8b72)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This patch fixes two issues with the current get_partitions()
function.
First: "Invalid partition table on $disk" will pop up on
legitimate images on big endian system.
This is because the little-endian representation of "55 AA" is
assumed in the context of little-endian architectures. On these
comparing it to the 16-bit word 0xAA55 does work as intented.
Whereas on big-endian systems, this would have to be 0x55AA.
This patch fixes the issue by replacing the integer conversion
and value match check with just a string comparision.
Second: The extraction of the type, start LBA and LBA num from
the partition table has the same endianness issue. This has been
fixed by using the new hex_le32_to_cpu() function. This function
will translate the stored little-endian data to the correct
byte-order if necessary.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 4e3f6dae04)
Ensure that path defines are passed quoted to the compiler in order
to avoid cpp syntax errors.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d4e7af5278)
The init script generated something like "DEVICE=/dev/sda" when it should
have been generating "DEVICE /dev/sda". mdadm errors on this. Patch by jow.
Also changed the default sendmail path to /usr/sbin/sendmail. No package
in LEDE provides /sbin/sendmail. msmtp provides /usr/sbin/sendmail so use
that.
Also add a patch to fix file paths for mdadm runtime files. mdadm currently
errors on them since /run is missing. Once /run is added to stock LEDE, this
patch can be removed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 8eadec40bd)
Direct-IO support has to be enabled for the release build anyway, so
this hack is not worth keeping
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from commit 0b7ed65cec)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update mdadm to 4.0
Remove 000-compile.patch as it's fixed upstream
Refresh patches
Add mdadm.h-Undefine-dprintf-before-redefining.patch
Source: http://git.openembedded.org/openembedded-core/tree/meta/recipes-extended/mdadm/files
Add RAID 0,1 and 10 as depends to make mdadm usable.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit 980c41f8e0)
Extend the mdadm package to allow to explicitely configure arrays as
well as device list entries.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 813efe57e4)
Newer devices tend to only support the newer version of the pin
verification command, so also try that one.
Fixes PIN issues with modems like the Sierra Wireless MC7455
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This updates package to the latest commit from the lede-17.01 branch. It
contains few fixes backported from the master:
1) SHA256 fix
2) URL encoding which allows hosting packages on some more picky servers
Changes:
9f61f7a opkg_download: decode file:/ URLs
3c46c88 file_util: implement urldecode_path()
79908c2 file_util: consolidate hex/unhex routines
793fbac opkg: encode archive filenames while constructing download URLs
a6bb5cb file_util: implement urlencode_path() helper
098e774 libopkg: fix SHA256 calculation for big endian system
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit bd45e15d0a
fixed PKG_RELEASE and renumbered patch)
Conflicts:
package/network/services/hostapd/Makefile
wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.
Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.
Make this option configurable via UCI, but disabled by default.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(cherry picked from commit 6515887ed9)
If all configured dns servers return refused in response to a query in
strict mode; dnsmasq will end up in an infinite loop retransmitting the
dns query resulting into high CPU load.
Problem is fixed by checking for the end of a dns server list iteration
in strict mode.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This commit adds the upstream patches for CVE 2017-8816 and 2017-8817 to the 17.01
Curl package.
Compile-tested on ar71xx, ramips and x86.
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Significant performance/stability improvements for MT76x2 and MT7603.
Adds LED support.
Changes:
2895775 mt76x2: mcu: remove unused parameter in mt76x2_mcu_msg_alloc signature
1dae8f0 mt7603: mcu: remove unused parameter in mt7603_mcu_msg_alloc() signature
5e49aa9 Fix errors found by cppcheck
1b8c8a0 mt7603: add LED definition registers
4d83561 mt76x2: add LED register definitions
2f40e4a mt76x2: Support using PCI ID as chip ID
27c64bc mt76: add led support using mac80211 led framework
dfd64fc mt76x2: init: add ma80211 led callbacks
215edf1 mt7603: init: add ma80211 led callbacks
9d36ff2 mt76x2: Add PCI identifier for MT7602
0b7984e mt7603: remove unnecessary mcu register read function
f5498d2 debugfs: add support for changing the LED pin
8e453b3 mac80211: move DT led configuration to the "led" child node
8f1673a mt76x2: limit client WCID entries to 0-127
f9d9c22 mt76x2: clear drop flag for all WCIDs on init
0dd8b68 mt76x2: clear per-WCID tx rate lookup register
3e5afe7 mt76x2: add helper function for setting drop mask
941555b mt76x2: clear drop mask when sending a PS response
7dfb354 mt76: increase rx ring size for mt76x2
73902dc mt76x2: add rx statistics registers
fe79816 mt76x2: fix LNA gain register annotation
cc588c5 mt76x2: sync channel gain value with latest reference driver
60a4d67 mt76x2: implement dynamic AGC tuning based on false packet detection count
4bc9aa9 mt76x2: add more gain tuning based on the latest reference driver
0a0d16f mt76x2: sync tx power related values with reference driver
8c821aa mac80211: add missing include
82acc85 mt7603: add missing include required on newer kernels
2c1a77c mt76x2: fix transmission of encrypted management frames
0532315 mt76x2: increase OFDM SIFS time
1acde21 mt76x2: add channel argument to eeprom tx power functions
58364a2 mt76x2: initialize channel power limits
c2bd89e mt76x2: convert between per-chain tx power and combined output
e7eaa7c mt7603: rename mt7603_mac_reset to mt7603_pse_reset
ea4c2a1 mt7603: rename MT_PSE_RESET register
c86c3a0 mt7603: remove watchdog reset on interface stop
4490f93 mt7603: remove WARN_ON_ONCE for workaround checks
3075059 mt7603: simplify PSE reset
4ed7e07 mt7603: warn if PSE reset fails
7dc8db1 mt7603: clean up dma debug reads
41e6a04 mt7603: make mt7603_mac_watchdog_reset() static
dc7a351 mt7603: clear wtbl PS bit for powersave responses
123acf2 mt7603: set tx-skip flag for powersave clients
7dd2a9e mt7603: initialize wtbl ps flag on station add
86ddef3 mt76x2: remove some harmless WARN_ONs in tx status and rx path
e326bc2 mt7603: remove some harmless WARN_ONs in rx path
Signed-off-by: Felix Fietkau <nbd@nbd.name>
== Changes ==
* compat: support timespec64 on old kernels
* compat: support AVX512BW+VL by lying
* compat: fix typo and ranges
* compat: support 4.15's netlink and barrier changes
* poly1305-avx512: requires AVX512F+VL+BW
Numerous compat fixes which should keep us supporting 3.10-4.15-rc1.
* blake2s: AVX512F+VL implementation
* blake2s: tweak avx512 code
* blake2s: hmac space optimization
Another terrific submission from Samuel Neves: we now have an implementation
of Blake2s using AVX512, which is extremely fast.
* allowedips: optimize
* allowedips: simplify
* chacha20: directly assign constant and initial state
Small performance tweaks.
* tools: fix removing preshared keys
* qemu: use netfilter.org https site
* qemu: take shared lock for untarring
Small bug fixes.
Remove myself from the maintainers list: we have enough and I'm happy to
carry on doing package bumps on ad-hoc basis without the 'official'
title.
Run-tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Bump to latest WireGuard snapshot release:
ed479fa (tag: 0.0.20171122) version: bump snapshot
efd9db0 chacha20poly1305: poly cleans up its own state
5700b61 poly1305-x86_64: unclobber %rbp
314c172 global: switch from timeval to timespec
9e4aa7a poly1305: import MIPS64 primitive from OpenSSL
7a5ce4e chacha20poly1305: import ARM primitives from OpenSSL
abad6ee chacha20poly1305: import x86_64 primitives from OpenSSL
6507a03 chacha20poly1305: add more test vectors, some of which are weird
6f136a3 compat: new kernels have netlink fixes
e4b3875 compat: stable finally backported fix
cc07250 qemu: use unprefixed strip when not cross-compiling
64f1a6d tools: tighten up strtoul parsing
c3a04fe device: uninitialize socket first in destruction
82e6e3b socket: only free socket after successful creation of new
df318d1 compat: fix compilation with PaX
d911cd9 curve25519-neon: compile in thumb mode
d355e57 compat: 3.16.50 got proper rt6_get_cookie
666ee61 qemu: update kernel
2420e18 allowedips: do not write out of bounds
185c324 selftest: allowedips: randomized test mutex update
3f6ed7e wg-quick: document localhost exception and v6 rule
Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Without this change, the instance-specific conf-file is being added to procd_add_jail_mount,
but not used by dnsmasq.
Signed-off-by: Emerson Pinter <dev@pinter.com.br>
Check if the compiler defines __linux__, instead of assuming that the
host OS is the same as the target OS.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
don't set no-ssl3-method when CONFIG_OPENSSL_WITH_SSL3 di disabled otherwise the compile breaks with this error:
../libssl.so: undefined reference to `SSLv3_client_method'
Fixes CVE: CVE-2017-3735, CVE-2017-3736
Signed-off-by: Peter Wagner <tripolar@gmx.at>
7826ca5 mount: add mount with ignore=1 for unsupported filesystems
75e7412 mount: drop duplicated filesystem check from mount_add_list
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>