Don't return arcount=1 if EDNS0 RR won't fit in the packet.
Omitting the EDNS0 RR but setting arcount gives a malformed packet.
Also, don't accept UDP packet size less than 512 in received EDNS0.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Remove LEDE partial fix for CVE-2017-13704.
Backport official fix from upstream.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
Override the failing check in configure with CONFIGURE_VARS instead of
carrying a patch that's unlikely to be accepted by upstream.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
(cherry picked from commit d87f27af54)
At some point kernel.org decided to drop xz generated tarballs, switch to gz which they still provide.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset()
is called with header & limit pointing at the same address and thus
tries to clear memory from before the buffer begins.
answer_request() is called with an invalid edns packet size provided by
the client. Ensure the udp_size provided by the client is bounded by
512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512
MUST be treated as equal to 512"
The client that exposed the problem provided a payload udp size of 0.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
This backports fixes for setting of_node and making it possible to read
extra info from DT. This was partially fixed by:
[PATCH] leds: leds-gpio: Set of_node for created LED devices
but it didn't work during initialization.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Refresh patches.
Minor update 704-phy-no-genphy-soft-reset.patch which was partially
accepted upstream.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.
Fixes the following vulnerabilities:
- CVE-2017-7533 (4.4.80)
- CVE-2017-1000111 (4.4.82)
- CVE-2017-1000112 (4.4.82)
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates.
This breaks openvpn clients that try to connect to servers that
present a TLS certificate signed with SHA1, which is fairly common.
Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx.
Fixes: FS#942
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
By adding the ICPlus IP1001 phy driver an already set RGMII delay mode
is reset during driver load.
Set the rgmii rx delay to fix corrupt/no packages in case the WAN port
negotiates to 1000MBit.
Fixes: FS#670
Signed-off-by: Mathias Kresin <dev@kresin.me>
With failsafe disabled there is no point in early network setup. We
don't send announcement over UDP and there is no way to ssh to the
device.
A side effect of this is avoiding a possibly incorrect network config
(only with failsafe disabled). This problem is related to possible
changes made by user in /etc/config/network.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Remove ping check in DHCPDISCOVER case as too many buggy clients leave
an interface in configured state causing the ping check to fail.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
By default the wlan eprom contains the generic ralink MAC which is not
the vendor (TP-Link) one. Based on OFW bootlog, it appears that addresses
are decremented from the ethernet MAC.
This patch fixes the MAC address for wlan2g in line with OFW.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
Reference the Omnima MiniEMBWiFi device tree source file in the image
build code. Otherwise the dts of the image processed before is used.
Signed-off-by: Mathias Kresin <dev@kresin.me>
there were 2 bugs
*) core1 came up with a bad bogo mips, looks like the clock needed time to stabilize
*) HPT frequency was not set making r4k timers not come up properly
Backport of 9551d91b1d "ralink: fix rcu_sched stalls on mt7621".
Signed-off-by: John Crispin <john@phrozen.org>
01_leds had a workaround for the power led to compensate for the
inverted GPIO state. This patch was missing from my previous commit.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
[add the power led default-state which was omitted in the last commit
by me]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Luci shows switch ports in wrong order on that device.
This patch fixes switch port numbering and matches them to the device
silkscreen.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
All LEDs GPIOs are active low on this device.
WAN and POWER states were inverted. Add default state for power.
Tested on Archer C50v1.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
With d2b6bf1416 ("ramips: fix image validation errors") the board
name was changed to fix an image validation error. But this change
wasn't applied to all other files using the board name, which broke
sysupgrade.
Revert this change and use the former board name in the metadata
instead.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Make the behaviour of clk_get_rate consistent with common clk's
clk_get_rate by accepting NULL clocks as parameter. Some device
drivers rely on this, and will cause an OOPS otherwise.
Fixes: FS#735
Signed-off-by: Mathias Kresin <dev@kresin.me>
Make the behaviour of clk_get_rate consistent with common clk's
clk_get_rate by accepting NULL clocks as parameter. Some device
drivers rely on this, and will cause an OOPS otherwise.
Fixes: FS#735
Signed-off-by: Mathias Kresin <dev@kresin.me>
Make the behaviour of clk_get_rate consistent with common clk's
clk_get_rate by accepting NULL clocks as parameter. Some device
drivers rely on this, and will cause an OOPS otherwise.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Luci shows switch ports in inverted order on that device.
This patch fixes switch port numbering and matches them to the device
silkscreen.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
The tftp and irc netfilter modules are provided by nf-nathelper-extra
and not by nf-nathelper.
Signed-off-by: Uwe Arnold <donvipre@gmail.com>
[move the irc module as well]
Signed-off-by: Mathias Kresin <dev@kresin.me>
The VoCore2 features 128MB of RAM, therefore set
memory in DTS to 128*1024*1024 = 0x8000000
The board's LED is connected to GND, set it to
ACTIVE_HIGH here.
Make serial console working again on kernel 4.9 by
change of pinmux configuration.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
ALFA Network AP121F is a pocket-size router dedicated for VPN/TOR users.
Device is based on Atheros AR9331 WiSoC and is running a custom version
(updated from OpenWrt CC to LEDE 17.01 release) of NetAidKit firmware.
Specification:
- 400/400/200 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR1)
- 16 MB of FLASH (SPI NOR)
- 1x 10/100 Mbps Ethernet
- 1T1R 2.4 GHz
- 1x microSD (optional, on separate PCB)
- 3x LED, 1x button, 1x switch
- UART header on PCB
Flash instruction (under U-Boot web recovery mode):
1. Configure PC with static IP 192.168.1.2/24.
2. Connect PC with RJ45 port, press the reset button, power up device,
wait for first blink of all LEDs (indicates network setup), then keep
button for 3 following blinks and release it.
3. Open 192.168.1.1 address in your browser and upload sysupgrade image.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
If TARGET_PER_DEVICE_ROOTFS and DEVICE_PACKAGES are used for ar71xx
legacy images:
- an already jffs2 padded squashfs rootfs is overwritten
with an unpadded/raw one.
- the squashfs-raw and squashfs-64k rootfs are not replaced by the
ones including the DEVICE_PACKAGES
Call Image/Build/squashfs after the DEVICE_PACKAGES are added to the
base squashfs rootfs to fix the issues.
Fixes: FS#904
Signed-off-by: Mathias Kresin <dev@kresin.me>
Backport upstream dnsmasq patch fixing DNS failover when first servers
returns REFUSED in strict mode; fixes issue FS#841.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Non-US versions of the TP-Link TL-WR710N v1 don't have a region code so
far, so we can just set US unconditionally.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The following changes are backported from the master branch
bdcb075 libfstools: fix matching device name
(f038a61 on master)
ef2d438 fstools: use -Wno-format-truncation instead of -Wno-error=format-truncation
(c43ae11 on master)
d361923 build: disable the format-truncation warning error to fix gcc 7 build errors
(a19f2b3 on master)
cddc830 libfstools: silence mkfs.{ext4,f2fs}
(88d48d5 on master)
be5004c libfstools: add basic documentation of mount functions
(92b4c2c on master)
34d36c2 add missing includes
(7d78836 on master)
A previously added hotfix was replaced by a git commit, hence the patch
file is removed and we got instead
45c2a6f libfstools: fix multiple volume_identify usages with the same volume
(633a8d0 on master)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>