All these changes are important enough to have them in the 17.01.
8206219 uci: fix memory leak in rpc_uci_replace_savedir()
10f7878 exec: close stdout and stderr streams on child signal
92d0d75 uci: use correct sort index when reordering sections
66a9bad uci: fix memory leak in rpc_uci_apply_timeout()
2423162 uci: switch to proper save directory on apply/rollback
edd37f8 uci: add rpc_uci_replace_savedir() helper
eb09f3a session: ignore non-string username attribute upon restore
3d400c7 session: support reclaiming pending apply session
f0f6f81 session: remove redundant key attribute to rpc_session_set()
6994c87 uci: fix session delta isolation
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Package postinst will pass even names of builtin modules to insert_modules,
leading to postinst failing with error 255. This has been fixed in master
in r5279, but for lede-17.01 this minimal change is preferable.
Fixes FS#645, FS#893.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6609e98 libfstools: add "const" to char pointer arguments in mount_move()
95c07d5 libfstools: fix foreachdir() to pass dir with a trailing slash
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the
libmbedcrypto.so library, use the old version again to be able to use
the new library with binaries compiled against the old mbedtls library.
Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.
Go back to libmbedcrypto.so.0 and make the system rebuild the binaries
which were rebuild for 2.7.0 again.
This should make the libmbedcrypto.so library be compatible with the old
version shipped with 17.01.
Fixes: 3ca1438ae0 ("mbedtls: update to version 2.7.2")
Fixes: f609913b5c ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures
This release is also ABI incompatible with the previous one, but it is
API compatible.
Some functions used by a lot of other software was renamed and the old
function names are provided as a static inline now, but they are only
active when deprecated functions are allowed, deactivate the removal of
deprecated functions for now.
Also increase the PKG_RELEASE version to force a rebuild and update of
packages depending on mbedtls to handle the changed ABI.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The default fragment low/high thresholds are 3 and 4 MB. On devices with
only 32MB RAM, these settings may lead to OOM when many fragments that
cannot be reassembled are received. Decrease fragment low/high thresholds
to 384 and 512 kB on devices with less than 64 MB RAM.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Many packages use the opkg conffiles field to list configuration files that
are to be retained on upgrades. Make this work on systems without opkg.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Compiling the Intel microcode package results in a
microcode.bin and a microcode-64.bin. As we can
decide based on the subtarget which should be used,
we'll only split the required .bin file with
iucode-tool.
x64 will get the intel-microcode-64.bin
All other variants will get intel-microcode.bin
The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Use the Debian repository for sourcing the ucode files.
Current (20171205) includes support for fam17h CPUs already.
The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Add tool to "compile" Intel microcode files. The tool will be
compiled for host (to split the microcode.dat) and for target
(to forcibly reload the microcode if required).
Instead of using the large microcode.bin/microcode-64.bin, the
splitted ucode files (separate for CPU families) will be
installed.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
There was a mismatch between indicating factory reset and code actually
starting it. After 5 seconds status LED started blinking rapidly letting
user know it's ready to release reset button. In practice button had to
stay pressed for another second in order to relly start the process.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This significantly improves mountd stability & reliability by:
1) Sending hotplug.d event when appropriate
2) Properly unmounting
3) Handling corner cases when unmounting fails
4) Improving log messages
5f2c419 mount: drop duplicated includes
aaf2743 mount: call hotplug-call with ACTION=remove before trying to unmount
97da4ed mount: try lazy unmount if normal one fails
1b62489 mount: create not working symlink when unmounting fails
e77dc6d mount: reorder deleting code in the mount_enum_drives()
76766ae mount: rename tmp variables in the mount_add_list()
04b897f mount: drop duplicated rmdir() call from the mount_enum_drives()
a27ea3f mount: drop duplicated unlink() call from the mount_dev_del()
bf7cc33 mount: fix/improve unmounting log messages
36f9197 mount: fix removing mount point if it's expired
ed4270f mount: struct mount: replace "mounted" and "ignore" fileds with a "status"
1af9ca2 mount: change mount_dev_del() argument to struct mount *
7c8fea8 mount: rename /proc/mount parser to mount_update_mount_list()
7aadd1c mount: improve handling mounts table size
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Allow building perf on uncommon targets again.
Depending on the kernel version, not all of these archs will actually use
libunwind in perf. Still, it seems simpler and less error-prone to use the
same list that is defined in the libunwind package.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Works around two incompatiblities between glibc and (POSIX-compliant) musl:
- missing register definitions from asm/ptrace.h
- non-POSIX-compliant ucontext_t on PPC32 with glibc
Compile tested on mpc85xx.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The current implementation only checked if uqmi itself executed
correctly which is also the case when the returned value is actually
an error.
Rework this, checking that CID is a numeric value, which can only
be true if uqmi itself also executed correctly.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
uqmi contains a command for directly querying the modem if there
is a valid data connection, so let's use it.
This avoids the cases were all previous tests are succesful, but the
actual data link is not up for some reasons, leading to states were we
thought the link was up when it actually wasn't ..
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Originally, the implementation only checked if uqmi command
execution succeeded properly without actually checking it's returned data.
This lead to a pass, even when the returned data was indicating an error.
Rework the verification to actually check the returned data,
which can only be correct if the uqmi command itself also executed correctly.
On command execution success, value "pdh_" is a pure numeric value.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Debugging shows that using the general method properly cleans on each
run, while the method specifying the client-ID shows "No effect"
even while in connected state.
Fixes several connectivity issues seen on specific modems.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
If a device only supports the 2nd verification method (uim),
the first method will fail as expected reporting an error:
"Command not supported"
Silence both separate methods and only report an error regarding
pin verification if both fail.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Some newer LTE modems, like the MC7455 or EC25-E do not support
"802.3" mode, and will stay in "raw-ip" regardless of the mode being
set.
In this case, the driver must be informed that it should handle all
packets in raw mode. [1]
This commit fixes connectivity issues for these devices.
Before:
[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover
After:
[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending select for 100.66.245.226
udhcpc: lease of 100.66.245.226 obtained, lease time 7200
udhcpc: ifconfig wwan0 100.66.245.226 netmask 255.255.255.252 broadcast
+
udhcpc: setting default routers: 100.66.245.225
[1] https://lists.freedesktop.org/archives/libqmi-
devel/2017-January/002064.html
Tested on cns3xxx using a Sierra Wireless MC7455 LTE-A
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[bumped PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
If you unplug a QMI device, the /dev/cdc-wdmX device
disappears but uqmi will continue to poll it endlessly.
Then, when you plug it back, you have 2 uqmi processes,
and that's bad, because 2 processes talking QMI to the
same device [and the same time] doesn't seem to work well.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Backport commits fixing the detection of GPT partition names during
preinit and sysupgrade, closing a shell-injection vulnerability.
da52dd0c83 ("base-files: quote values when evaluating uevent")
267873ac9b ("base-files: don't evaluate block-device uevent")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The iptables TRACE target is only available in raw table that's why the
dependency was moved from iptables-mod-trace into kmod-ipt-debug
Fixes FS#1219
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.
The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.
But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.
I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!
https://dev.openwrt.org/ticket/16694https://dev.openwrt.org/ticket/19661
Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
When using mbedtls, curl's nonblocking interface will report a request
as done immediately after the socket is written to and never read from
the connection. This will result in a HTTP status code of 0 and zero
length replies. Cherry-pick the patch from curl 7.53.0 to fix this
(https://github.com/curl/curl/commit/b993d2cc).
Fixes https://bugs.openwrt.org/index.php?do=details&task_id=1285.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
A DNSSEC validation error was introduced in the fix for CVE-2017-15107
Backport the upstream fix to the fix (a simple typo)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from commit adaf1cbcc8)
CVE-2017-15107
An interesting problem has turned up in DNSSEC validation. It turns out
that NSEC records expanded from wildcards are allowed, so a domain can
include an NSEC record for *.example.org and an actual query reply could
expand that to anything in example.org and still have it signed by the
signature for the wildcard. So, for example
!.example.org NSEC zz.example.org
is fine.
The problem is that most implementers (your author included, but also
the Google public DNS people, powerdns and Unbound) then took that
record to prove the nothing exists between !.example.org and
zz.example.org, whereas in fact it only provides that proof between
*.example.org and zz.example.org.
This gives an attacker a way to prove that anything between
!.example.org and *.example.org doesn't exists, when it may well do so.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
c54e5c6 mount: check if block was mounted before cleaning it up
e31565a mount: remove directory if mounting fails
0f4f20b mount: call hotplug mount scripts only on success
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
More important bug fix:
402f05c Use full-rate mtu_time in all tins. Fixes an issue where some
cake tins experienced excessive latency since 49776da (dynamically
adjust target)
Minor bug fixes:
31277c2 Avoid unsigned comparison against zero. Fix compiler warning,
no known impact.
8cf5278 ack_filter: fix TCP flag check. A very contrived case may have
lead to dropping a SYN packet that should not be dropped.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Previously this was only activated for ADSL, this patch activates the
same setting also for VDSL, this feature is also support for VDSL in the
same way it works for ADSL.
I tested it with DSL FW 5.7.9.5.1.7 against a Broadcom 177.140 DSLCO
(Deutsche Telekom) and saw different data rates and Max. Attainable Data
Rates depending on the ds_snr_offset settings I choose.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch makes possible to tweak the downstream SNR margin on
Lantiq DSL devices.
The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR
margin offset. It accepts values in range -50 to +50 in 0.1 dB units.
The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB
steps.
Currently this should only affect ADSL (not VDSL). It should be very
easy to make this work also on VDSL lines, but since I couldn't test
on VDSL lines this patch does not do that yet.
I have also a patch for LUCI about this, that I could submit.
Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line.
Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Enabling IPTABLES_NFTABLES resulted in an error during build:#
*** No rule to make target '../extensions/libext.a',
needed by 'xtables-compat-multi'."
Comments from Alexander Lochmann and Fedor Konstantinov in FS#711
provided fixes for this build error, allowing iptables to compile.
https://bugs.lede-project.org/index.php?do=details&task_id=711.
This commit updates the Makefile.am xtables_compat_multi_LDFLAGS
and _LDADD, moving linking of extensions to LDFLAGS.
Signed-off-by: rektide de la faye <rektide@voodoowarez.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Switch uci to the lede-17.01 branch which contains the following two commits
cherry-picked from uci master:
141b64e lua: additionally return name when looking up sections
1e17f24 lua: support extended section notation
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
There has been recent significant activity with the cake qdisc of late
Some of that effort is related to upstreaming to kernel & iproute2
mainline but we're not quite there yet. This commit teaches tc how to
activate and interprete the latest cake operating modes, namely:
ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.
ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
There has been recent significant activity with the cake qdisc of late
but in the cobalt branch. Some of that effort is related to upstreaming
to kernel & iproute2 mainline but we're not quite there yet. Relevant
feature changes:
ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.
ptm mode: Minor optimisation in packet overhead calculation.
dual-src/dsthost/triple-isolate: Optimise only calculating src or dst
host hashes only if required.
ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.
A separate iproute2 patch to teach it about Cake's new features will
follow.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 1c9299877b ("base-files: set FAILSAFE in /etc/profile when
/tmp/.failsafe exists")
Since dropbear clears the environment, FAILSAFE was not set as intended in
failsafe mode.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Bump to latest WireGuard snapshot release:
44f8e4d version: bump snapshot
bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x
679e53a chacha20: avx512vl implementation
10b1232 poly1305: fix avx512f alignment bug
5fce163 chacha20poly1305: cleaner generic code
63a0031 blake2s-x86_64: fix spacing
d2e13a8 global: add SPDX tags to all files
d94f3dc chacha20-arm: fix with clang -fno-integrated-as.
3004f6b poly1305: update x86-64 kernel to AVX512F only
d452d86 tools: no need to put this on the stack
0ff098f tools: remove undocumented unused syntax
b1aa43c contrib: keygen-html for generating keys in the browser
e35e45a kernel-tree: jury rig is the more common spelling
210845c netlink: rename symbol to avoid clashes
fcf568e device: clear last handshake timer on ifdown
d698467 compat: fix 3.10 backport
5342867 device: do not clear keys during sleep on Android
88624d4 curve25519: explictly depend on AS_AVX
c45ed55 compat: support RAP in assembly
7f29cf9 curve25519: modularize dispatch
Refresh patches.
Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The value of nvram_tuple_t is allocated in _nvram_realloc,
but it is not freed in _nvram_free.
Signed-off-by: Zhai Zhaoxuan <zhaizhaoxuan@xiaomi.com>
(cherry picked from commit c382237ac3)
Passing the ctrl iface to wpa_supplicant will automatically cause wpa_supplicant
to send "STOP_AP" messages to the hostapd. This breaks the AP interfaces.
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
(cherry picked from commit 0da54fa642)
The beacon_int is currently set explicitly for hostapd and when LEDE uses
iw to join and IBSS/mesh. But it was not done when wpa_supplicant was used
to join an encrypted IBSS or mesh.
This configuration is required when an AP interface is configured together
with an mesh interface. The beacon_int= line must therefore be re-added to
the wpa_supplicant config. The value is retrieved from the the global
variable.
Fixes: 1a16cb9c67 ("mac80211, hostapd: always explicitly set beacon interval")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [rebase]
(cherry picked from commit 772afef61d)
The wpa_supplicant code for IBSS allows to set the mcast rate. It is
recommended to increase this value from 1 or 6 Mbit/s to something higher
when using a mesh protocol on top which uses the multicast packet loss as
indicator for the link quality.
This setting was unfortunately not applied for mesh mode. But it would be
beneficial when wpa_supplicant would behave similar to IBSS mode and set
this argument during mesh join like authsae already does. At least it is
helpful for companies/projects which are currently switching to 802.11s
(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
because newer drivers seem to support 802.11s but not IBSS anymore.
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh]
(cherry picked from commit 43f66943d0)
Remove multicast routing firewall rules when the igmpproxy is stopped by
triggering a firewall config change.
Keeping the firewall open from the wan for igmp and udp multicast is not
desired when the igmpproxy service is inactive.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 31ebbe34cc)
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
(cherry picked from commit e2f25e607d)
When a library is using fortify-packages GCC will complain about
"error: format not a string literal, argument types not checked".
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit 6ab4521464)
Update to latest Git in order to fix potential memory corruption and invalid
memory access when handling query strings in conjunction with active basic
authentication.
a235636 2017-11-04 file: fix query string handling
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 05a4200d56)
Without this change, when a user disables seccomp support in .config,
procd does not get recompiled unless the package is cleaned manually.
It is because when -D option is missing from cmake command line, cmake
uses cached value from the previous run where seccomp was enabled.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
(cherry picked from commit 0e300a3a71)
If we enable -fstack-protector while building libunwind, function
__stack_chk_fail_local will be referred to for i386 and powerpc32
arches. This will cause link failure because the default gcc build
specs says no link_ssp if -nostdlib is given.
The error message:
OpenWrt-libtool: link: ccache_cc -shared -fPIC -DPIC .libs/os-linux.o mi/.libs/init.o mi/.libs/flush_cache.o mi/.libs/mempool.o mi/.libs/strerror.o x86/.libs/is_fpreg.o x86/.libs/regname.o x86/.libs/Los-linux.o mi/.libs/backtrace.o mi/.libs/dyn-cancel.o mi/.libs/dyn-info-list.o mi/.libs/dyn-register.o mi/.libs/Ldyn-extract.o mi/.libs/Lfind_dynamic_proc_info.o mi/.libs/Lget_accessors.o mi/.libs/Lget_proc_info_by_ip.o mi/.libs/Lget_proc_name.o mi/.libs/Lput_dynamic_unwind_info.o mi/.libs/Ldestroy_addr_space.o mi/.libs/Lget_reg.o mi/.libs/Lset_reg.o mi/.libs/Lget_fpreg.o mi/.libs/Lset_fpreg.o mi/.libs/Lset_caching_policy.o x86/.libs/Lcreate_addr_space.o x86/.libs/Lget_save_loc.o x86/.libs/Lglobal.o x86/.libs/Linit.o x86/.libs/Linit_local.o x86/.libs/Linit_remote.o x86/.libs/Lget_proc_info.o x86/.libs/Lregs.o x86/.libs/Lresume.o x86/.libs/Lstep.o x86/.libs/getcontext-linux.o -Wl,--whole-archive ./.libs/libunwind-dwarf-local.a ./.libs/libunwind-elf32.a -Wl,--no-whole-archive -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/lib -lc -lgcc -Os -march=i486 -fstack-protector -Wl,-z -Wl,now -Wl,-z -Wl,relro -nostartfiles -nostdlib -Wl,-soname -Wl,libunwind.so.8 -o .libs/libunwind.so.8.0.1
.libs/os-linux.o: In function `_Ux86_get_elf_image':
os-linux.c:(.text+0x588): undefined reference to `__stack_chk_fail_local'
x86/.libs/Lregs.o: In function `_ULx86_access_fpreg':
Lregs.c:(.text+0x25b): undefined reference to `__stack_chk_fail_local'
x86/.libs/Lresume.o: In function `_ULx86_resume':
Lresume.c:(.text+0xdc): undefined reference to `__stack_chk_fail_local'
collect2: error: ld returned 1 exit status
Makefile:2249: recipe for target 'libunwind.la' failed
The snippet from gcc -dumpspecs
%{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}}
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit f0c37f6ceb)
This fixes a compile problem recently introduced by me.
Fixes: f40fd43ab2 ("ppp: fix compile warning")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a29848c671)
Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 834c93e00b)
Adds config option to enable compression support which is usefull
when using a terminal sessions over a slow link. Impact on binary
size is negligible but additional 60 kB (uncompressed) is needed for
a shared zlib library.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
(cherry picked from commit a816e1eac7)
Fixes CVE-2017-12166: out of bounds write in key-method 1.
Remove the mirror that was temporarily added during the
2.4.3 release.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit a9a37526a9)
With the introduction of the ubus notifications, we would now fail building
dnsmasq with external toolchains that don't automatically search for headers.
Pass TARGET_CPPFLAGS to the Makefile to resolve that.
Fixes: 34a206bc11 ("dnsmasq: add ubus notifications for new leases")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit ef485bb23d)
Method used:
```
cd package/network/utils/wwan/files/data
sed -e 's/}}/}/g' -i *
sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i *
sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i *
```
Manually adjusted commas.
Validated with
```
for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done
```
Thanks to @lynxis for pointing out the commas.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit ad510c4d62)
Properly quote the arguments so that you can register a service with TXT
entries that contains spaces.
Example:
procd_add_mdns myservice tcp 9999 "key=descriptive text field 1" \
"another=something equally verbose"
Output before:
$ avahi-browse -r -v _myservice._tcp
_myservice._tcp local
hostname = [blah.local]
address = [192.168.255.74]
port = [9999]
txt = ["verbose" "equally" "another=something" "1" "field" "text" "key=descriptive"]
Output now:
$ avahi-browse -r -v _myservice._tcp
_myservice._tcp local
hostname = [blah.local]
address = [192.168.255.74]
port = [9999]
txt = ["another=something equally verbose" "key=descriptive text field 1"]
Signed-off-by: Karl Palsson <karlp@etactica.com>
(cherry picked from commit 7a423c389a)
printer support is removed using 200-remove_printer_support.patch. the syslog parameter requires samba to be compiled with --with-syslog. Currently samba does not log to syslog and probably has not for a long time.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 343e3d2ba8)
It's redundant and also buggy. IPv6 link local addresses and ::1 are not resolved for example. Doesn't matter since lo and br-lan for example, resolve to them.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit b2f60e6a72)
guest ok is set per share and as such, don't override it. also, fix an error introduced in the last commit.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ccb79a310c)
The program would failed if nvram magic not found
in specific partition.
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit 69da83d9f1)
print help message when argument count is less
than 2.
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit c7e2a6fe92)
Merge the help message into a single function,
so that we can use it somewhere else.
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit 2a253e7cdb)
Fix memory leak on nvram_open() and nvram_open_rdonly().
For nvram_open(), the 'fd' should be closed on error, and
mmap_area should be unmap when nvram magic can not be found.
For nvram_open_rdonly(), the 'file' variable should free before
return. Once nvram_find_mtd() return successfully, it will allocate
memory to save mtd device string.
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit 1948d8e08c)
It isn't used for years since the old 99_10_run_init has been dropped.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1e13c6f77f)
Fix "uci: Entry not found" output if "ttylogin" is not set in
"etc/config/system"
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit c31f0421ce)
Browseable is now set through LuCI per share, so remove it. Same with
writeable (inverted synonym for read only). domain master and preferred
master seem to be legacy settings for Windows 9x. encrypt passwords
defaults to yes. Probably should not be disabled either.
Also reordered alphabetically.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message, fix SoB, fix author, bump pkg revsion]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 9dcb3fe7eb)
Drop myself from maintainership of 'cake'.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit c7f8bcede6)
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
(cherry picked from commit d8748e537f)
Other distributions incl. the OpenWrt ImageBuilder and SDK
expect to find the bzip2 executable in /bin.
Create a symlink at that location for compatibility.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit eb7c14d512)
