Commit Graph

38019 Commits

Author SHA1 Message Date
Kevin Darbyshire-Bryant
1d15a03050 dnsmasq: backport arcount edns0 fix
Don't return arcount=1 if EDNS0 RR won't fit in the packet.

Omitting the EDNS0 RR but setting arcount gives a malformed packet.
Also, don't accept UDP packet size less than 512 in received EDNS0.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-08 10:09:48 +02:00
Kevin Darbyshire-Bryant
a7506c0e2b dnsmasq: backport official fix for CVE-2017-13704
Remove LEDE partial fix for CVE-2017-13704.

Backport official fix from upstream.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
2017-09-07 08:11:49 +02:00
Matthias Schiffer
bb6a8b2cbf
uclient: update to 2017-09-06
24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses
83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-09-06 15:48:05 +02:00
Kevin Darbyshire-Bryant
ca53effdd6 kernel: update 4.4 to 4.4.86
Refresh patches

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-04 14:41:56 +02:00
Rafał Miłecki
1100bbf833 brcm47xx: refresh Linux 4.4 config
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-09-04 08:07:42 +02:00
Stijn Tintel
f62a31d0e9 f2fs-tools: fix mkfs.f2fs on big-endian systems
Fixes: FS#749

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit cdb494fdc2)
2017-09-03 10:14:09 +03:00
Stijn Tintel
c3bddb49ff f2fs-tools: drop musl compat patch
It is no longer needed since version 1.4.1.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 252c8ddf14)
2017-09-03 10:14:09 +03:00
Stijn Tintel
707a4b459d f2fs-tools: drop patch in favour of CONFIGURE_VARS
Override the failing check in configure with CONFIGURE_VARS instead of
carrying a patch that's unlikely to be accepted by upstream.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
(cherry picked from commit d87f27af54)
2017-09-03 10:14:09 +03:00
Daniel Engberg
bd29aa1ba1 f2fs-tools: Switch to gz tarball
At some point kernel.org decided to drop xz generated tarballs, switch to gz which they still provide.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-09-03 10:14:09 +03:00
Kevin Darbyshire-Bryant
a006b48c04 dnsmasq: forward.c: fix CVE-2017-13704
Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset()
is called with header & limit pointing at the same address and thus
tries to clear memory from before the buffer begins.

answer_request() is called with an invalid edns packet size provided by
the client.  Ensure the udp_size provided by the client is bounded by
512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512
MUST be treated as equal to 512"

The client that exposed the problem provided a payload udp size of 0.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-30 21:12:49 +02:00
Rafał Miłecki
dc8392f6a1 kernel: backport usbport LED trigger driver support for DT
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-08-21 16:46:18 +02:00
Rafał Miłecki
86722ab0bb kernel: fix of_node handling in LEDs core code
This backports fixes for setting of_node and making it possible to read
extra info from DT. This was partially fixed by:
[PATCH] leds: leds-gpio: Set of_node for created LED devices
but it didn't work during initialization.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-08-21 16:45:30 +02:00
Kevin Darbyshire-Bryant
4a1b87aba4 kernel: update 4.4 to 4.4.83
Refresh patches.
Minor update 704-phy-no-genphy-soft-reset.patch which was partially
accepted upstream.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.

Fixes the following vulnerabilities:
- CVE-2017-7533 (4.4.80)
- CVE-2017-1000111 (4.4.82)
- CVE-2017-1000112 (4.4.82)

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-08-17 19:47:27 +02:00
Rafał Miłecki
cae20f64b5 bcm53xx: backport DTS commits that setup USB LEDs
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-08-17 10:33:37 +02:00
Daniel Engberg
ae3c55666d tcpdump: Update to 4.9.1
Fixes:
 * CVE-2017-11108: Fix bounds checking for STP.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-08-15 18:31:10 +02:00
Baptiste Jonglez
3e35eb13ad mbedtls: Re-allow SHA1-signed certificates
Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates.
This breaks openvpn clients that try to connect to servers that
present a TLS certificate signed with SHA1, which is fairly common.

Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx.

Fixes: FS#942

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2017-08-11 20:45:28 +02:00
Mathias Kresin
ff414fb575 ramips: fix WHR-1166D WAN port
By adding the ICPlus IP1001 phy driver an already set RGMII delay mode
is reset during driver load.

Set the rgmii rx delay to fix corrupt/no packages in case the WAN port
negotiates to 1000MBit.

Fixes: FS#670

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-08-11 18:13:38 +02:00
Rafał Miłecki
889638c8bf base-files: don't setup network in preinit if failsafe is disabled
With failsafe disabled there is no point in early network setup. We
don't send announcement over UDP and there is no way to ssh to the
device.

A side effect of this is avoiding a possibly incorrect network config
(only with failsafe disabled). This problem is related to possible
changes made by user in /etc/config/network.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-08-09 23:20:23 +02:00
Hans Dedecker
b67b316dd1 dnsmasq: backport remove ping check of configured dhcp address
Remove ping check in DHCPDISCOVER case as too many buggy clients leave
an interface in configured state causing the ping check to fail.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-08 14:44:36 +02:00
Hans Dedecker
4503d8b297 procd: update to the latest git HEAD
66be6a2 watchdog: fix inline watchdog_get_magicclose function prototype

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-08 14:41:02 +02:00
Thibaut VARENE
982612dba2 ramips: ArcherC50v1: fix wlan2g MAC address
By default the wlan eprom contains the generic ralink MAC which is not
the vendor (TP-Link) one. Based on OFW bootlog, it appears that addresses
are decremented from the ethernet MAC.

This patch fixes the MAC address for wlan2g in line with OFW.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-08-06 09:31:05 +02:00
Mathias Kresin
48798af6d2 ramips: fix Omnima MiniEMBWiFi image
Reference the Omnima MiniEMBWiFi device tree source file in the image
build code. Otherwise the dts of the image processed before is used.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-08-02 21:16:20 +02:00
Mathias Kresin
1a050c83ac ramips: build HuaWei HG255D image
The code to build an image was disabled some time ago for unknown
reasons albeit the image looks fine.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-08-02 21:16:20 +02:00
Mathias Kresin
57a8f36ac4 ramips: add missing partitions
The partitions were lost during migration to device tree.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-08-02 21:16:20 +02:00
John Crispin
66b071fa09 procd: update to latest git HEAD
3e68cdf procd: Do not leak pipe file descriptors to children

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-01 07:02:53 +02:00
John Crispin
6f4a903533 ralink: fix rcu_sched stalls on mt7621
there were 2 bugs
*) core1 came up with a bad bogo mips, looks like the clock needed time to stabilize
*) HPT frequency was not set making r4k timers not come up properly

Backport of 9551d91b1d "ralink: fix rcu_sched stalls on mt7621".

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-01 06:54:07 +02:00
Thibaut VARENE
c407e6c2f2 ramips: Archer C50v1: fix power led
01_leds had a workaround for the power led to compensate for the
inverted GPIO state. This patch was missing from my previous commit.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
[add the power led default-state which was omitted in the last commit
by me]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-29 12:07:16 +02:00
Thibaut VARENE
8e67c358e7 ramips: Archer C50v1: fix switch port numbering
Luci shows switch ports in wrong order on that device.
This patch fixes switch port numbering and matches them to the device
silkscreen.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-07-29 09:25:00 +02:00
Thibaut VARENE
a9439344e7 ramips: Archer C50v1: fix LEDs active levels
All LEDs GPIOs are active low on this device.

WAN and POWER states were inverted. Add default state for power.

Tested on Archer C50v1.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-07-29 09:24:59 +02:00
Mathias Kresin
5e409f0e69 ramips: fix Mercury MAC1200R v2.0 board name
With d2b6bf1416 ("ramips: fix image validation errors") the board
name was changed to fix an image validation error. But this change
wasn't applied to all other files using the board name, which broke
sysupgrade.

Revert this change and use the former board name in the metadata
instead.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-29 09:24:59 +02:00
Mathias Kresin
5e87b01275 brcm63xx: add NULL clock fix send upstream
Make the behaviour of clk_get_rate consistent with common clk's
clk_get_rate by accepting NULL clocks as parameter. Some device
drivers rely on this, and will cause an OOPS otherwise.

Fixes: FS#735

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-29 09:24:55 +02:00
Mathias Kresin
2247af82df ramips: add NULL clock fix send upstream
Make the behaviour of clk_get_rate consistent with common clk's
clk_get_rate by accepting NULL clocks as parameter. Some device
drivers rely on this, and will cause an OOPS otherwise.

Fixes: FS#735

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-29 09:24:52 +02:00
Mathias Kresin
1807a0ef83 ar7: add NULL clock fix send upstream
Make the behaviour of clk_get_rate consistent with common clk's
clk_get_rate by accepting NULL clocks as parameter. Some device
drivers rely on this, and will cause an OOPS otherwise.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-29 09:24:47 +02:00
Hauke Mehrtens
7ab8bf126e curl: fix CVE-2017-7407 and CVE-2017-7468
This fixes the following security problems:
* CVE-2017-7407: https://curl.haxx.se/docs/adv_20170403.html
* CVE-2017-7468: https://curl.haxx.se/docs/adv_20170419.html

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-07-28 23:49:39 +02:00
Hauke Mehrtens
69acb2533a kernel: update kernel 4.4 to version 4.4.79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-07-28 23:49:35 +02:00
Thibaut VARENE
a5822dbd0f ramips: DIR-860L-B1 fix switch port numbering
Luci shows switch ports in inverted order on that device.
This patch fixes switch port numbering and matches them to the device
silkscreen.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-07-25 21:02:27 +02:00
Uwe Arnold
823d35f2fd kernel: netfilter: fix nf-nathelper(-extra) description
The tftp and irc netfilter modules are provided by nf-nathelper-extra
and not by nf-nathelper.

Signed-off-by: Uwe Arnold <donvipre@gmail.com>
[move the irc module as well]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-25 21:02:27 +02:00
Giuseppe Lippolis
e08b8255ec ramips: fix wps button gpio for DWR-512
The WPS button is at GPIO#7.

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2017-07-25 21:02:27 +02:00
Paul Wassi
ece85e2e49 ramips: DTS: VoCore2 improvements/fixes
The VoCore2 features 128MB of RAM, therefore set
memory in DTS to 128*1024*1024 = 0x8000000
The board's LED is connected to GND, set it to
ACTIVE_HIGH here.
Make serial console working again on kernel 4.9 by
change of pinmux configuration.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2017-07-25 21:02:27 +02:00
Piotr Dymacz
870ca0da7a ar71xx: fix switch port mapping for TP-Link TL-WR74xN/D series
Backport of ad8c315: "ar71xx: fix switch port mapping for TP-Link
TL-WR74xN/D series".

Fixes FS#843

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-07-23 00:26:51 +02:00
Piotr Dymacz
671fc88c91 uboot-envtools: add support for ALFA Network AP121F
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-07-23 00:26:51 +02:00
Piotr Dymacz
3959110c5b ar71xx: add support for ALFA Network AP121F
ALFA Network AP121F is a pocket-size router dedicated for VPN/TOR users.
Device is based on Atheros AR9331 WiSoC and is running a custom version
(updated from OpenWrt CC to LEDE 17.01 release) of NetAidKit firmware.

Specification:

- 400/400/200 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR1)
- 16 MB of FLASH (SPI NOR)
- 1x 10/100 Mbps Ethernet
- 1T1R 2.4 GHz
- 1x microSD (optional, on separate PCB)
- 3x LED, 1x button, 1x switch
- UART header on PCB

Flash instruction (under U-Boot web recovery mode):

1. Configure PC with static IP 192.168.1.2/24.
2. Connect PC with RJ45 port, press the reset button, power up device,
   wait for first blink of all LEDs (indicates network setup), then keep
   button for 3 following blinks and release it.
3. Open 192.168.1.1 address in your browser and upload sysupgrade image.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-07-23 00:26:51 +02:00
Mathias Kresin
f6907dcc79 image: fix ar71xx legacy images
If TARGET_PER_DEVICE_ROOTFS and DEVICE_PACKAGES are used for ar71xx
legacy images:

- an already jffs2 padded squashfs rootfs is overwritten
  with an unpadded/raw one.

- the squashfs-raw and squashfs-64k rootfs are not replaced by the
  ones including the DEVICE_PACKAGES

Call Image/Build/squashfs after the DEVICE_PACKAGES are added to the
base squashfs rootfs to fix the issues.

Fixes: FS#904

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-14 23:36:50 +02:00
Mathias Kresin
8fbef4b11b imx6: fix DualLite/Solo GW551X board detection
The model name is a different one in the device tree source file.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-14 08:04:58 +02:00
Hans Dedecker
82b20d74cb procd: backport kernel watchdog start/stop support
4dbf57a watchdog: add support for starting/stopping kernel watchdog

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-07-13 21:54:59 +02:00
Jo-Philipp Wich
c047c344c6 x86: add missing kernel config symbols to Geode target
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-13 01:25:26 +02:00
Jo-Philipp Wich
05643bd64d x86: enable ACPI support for the Geode subtarget
Backport of 9b940fe "x86: enable ACPI support for the Geode subtarget".

Fixes FS#577.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-12 22:40:22 +02:00
Hans Dedecker
699e3127c5 dnsmasq: backport patch fixing DNS failover (FS#841)
Backport upstream dnsmasq patch fixing DNS failover when first servers
returns REFUSED in strict mode; fixes issue FS#841.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-07-12 22:06:48 +02:00
Matthias Schiffer
d0ec502510
ar71xx: set US region code for TP-Link TL-WR710N v1 image
Non-US versions of the TP-Link TL-WR710N v1 don't have a region code so
far, so we can just set US unconditionally.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-07-12 21:34:33 +02:00
Daniel Golle
7896d7b814
fstools: backport fixes from master branch
The following changes are backported from the master branch

bdcb075 libfstools: fix matching device name
(f038a61 on master)

ef2d438 fstools: use -Wno-format-truncation instead of -Wno-error=format-truncation
(c43ae11 on master)

d361923 build: disable the format-truncation warning error to fix gcc 7 build errors
(a19f2b3 on master)

cddc830 libfstools: silence mkfs.{ext4,f2fs}
(88d48d5 on master)

be5004c libfstools: add basic documentation of mount functions
(92b4c2c on master)

34d36c2 add missing includes
(7d78836 on master)

A previously added hotfix was replaced by a git commit, hence the patch
file is removed and we got instead

45c2a6f libfstools: fix multiple volume_identify usages with the same volume
(633a8d0 on master)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-07-11 23:30:10 +02:00