Commit Graph

37495 Commits

Author SHA1 Message Date
Hauke Mehrtens
f5ab082243 openssl: update to version 1.0.2k
This fixes the following security problems:
CVE-2017-3731: Truncated packet could crash via OOB read
CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055: Montgomery multiplication may produce incorrect results

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-28 13:33:22 +01:00
Mathias Kresin
66211d0781 lantiq: fix brnImage signature for the VGV7510KW22BRN images
The VGV7510KW22BRN and VGV7519BRN do not have the same brnImage
signature. It was accidentally changed with ba42c1d ("lantiq: un-macro
the image building code").

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-28 12:44:35 +01:00
Felix Fietkau
36db143690 ath9k: fix up a refcount imbalance error in the IRQ related fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-27 15:46:07 +01:00
Matthias Schiffer
ecc362ed04
procd: update to latest git HEAD
0f58977 init: fix /tmp permissions on zram

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-27 10:10:12 +01:00
Matthias Schiffer
a1f918cd92
base-files: fix user creation on sysupgrade with few opkg control files
If only a single opkg control file exists (which can happen with
CONFIG_CLEAN_IPKG), grep would not print the file name by default. Instead
of forcing it using -H, we just switch to -l (print only file names) and
get rid of the cut.

Add -s to suppress an error message when no control files exist.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-27 10:10:02 +01:00
Matthias Schiffer
04a5085127
include/rootfs.mk: keep Require-User lines with CONFIG_CLEAN_IPKG
Require-User is handled by /etc/uci-defaults/13_fix_group_user on first
boot, so we need to keep these when removing all opkg data with
CONFIG_CLEAN_IPKG.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-27 10:09:50 +01:00
Jo-Philipp Wich
dfe77be01f imagebuilder: properly escape single quotes in device titles
The name "Plat'Home OpenBlocks AX3" causes the imagebuilders "make info"
command to fail with:

    bash: -c: line 0: syntax error near unexpected token `('
    bash: -c: line 0: `echo;  [...]'
    Makefile:99: recipe for target '_call_info' failed

Properly escape single quotes to avoid breaking the echo commands.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-26 10:16:53 +01:00
Felix Fietkau
f9022964cf ath9k: add stability fixes for long standing hang issues (FS#13, #34, #373, #383)
The radio would stop communicating completely. This issue was easiest to
trigger on AR913x devices, e.g. the TP-Link TL-WR1043ND, but other
hardware was occasionally affected as well.

The most critical issue was a race condition in disabling/enabling IRQs
between the IRQ handler and the IRQ processing tasklet

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 17:28:17 +01:00
Felix Fietkau
acd1795a60 mac80211: refresh patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 17:28:13 +01:00
Felix Fietkau
a6f3ea5e84 Add back the commit "ath9k: Add airtime fairness scheduler"
This reverts commit c296ba834d.
According to several reports, the issues with the airtime fairness
changes are gone in current versions.
It's time to re-apply the patch now.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 17:28:10 +01:00
Rafał Miłecki
6b68635047 bcm53xx: disable building Linksys EA6300 V1 image
This device has 2 TRX partitions (main one and failsafe one) and Linux
may not detect them properly failing to run userspace.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-25 10:51:58 +01:00
Felix Fietkau
e9ecb228c9 x86: fix sysupgrades on disks with 4k block size
Even when the disk uses 4k blocks, the partition table still uses units
of 512 byte sectors. Always use ibs=512 for the offsets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 08:14:59 +01:00
Rafał Miłecki
e9d2173921 mac80211: brcmfmac: don't use uninitialize mem for country codes
There was a bug in brcmfmac patch that could result in treating random
memory as source of country codes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-24 23:01:46 +01:00
Rafał Miłecki
81f2196bb1 mac80211: move (& update) upstream accepted brcmfmac patches
These 3 patches are now in wireless-drivers-next tree.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-24 23:01:34 +01:00
Rafał Miłecki
86b4b027cf brcm47xx: backport arch patch with Luxul devices support
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-24 23:01:05 +01:00
Mathias Kresin
806d3cc2c3 packages: mark packages depending on a target as nonshared
The packages can't be build as shared packages due to the unmet
dependencies.

Fixes FS#418.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-24 19:59:55 +01:00
Jo-Philipp Wich
f6de4a5025 sdk: explicitely remove ccache directories when packing SDK
Upon first invocation, the ccache program will create the required directory
hierarchy so there is no point in shipping these empty directories.

Removing those paths also avoids shipping dangling symlinks in case the
directories got linked elsewhere, e.g. into a shared global cache.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-24 15:31:44 +01:00
Felix Fietkau
fc366fde07 lantiq: remove CPU_TYPE:=mips32r2, it gets overwritten anyway
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:35:47 +01:00
Felix Fietkau
b630d525c8 x86: unify CPU_TYPE for legacy and geode
According to some reports, -march=pentium-mmx is a better choice for
older Geode CPUs than -march=geode anyway.

Bump the minimum architecture of the legacy target from i486 to
pentium-mmx. Anything older is not worth supporting anyway.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:35:47 +01:00
Felix Fietkau
c2ecf9c37a uml: mark as source-only
Get rid of a special case in the buildbot script

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:35:47 +01:00
Felix Fietkau
4d73b6b8d0 malta: mark as source-only to avoid wasting build resources
The le64 and be64 subtargets do not share a package architecture with
any other targets, so they are pretty wasteful for a development-only
target.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:35:47 +01:00
Felix Fietkau
0a4d20fa9c malta: move FEATURES to the target makefile
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:35:47 +01:00
Felix Fietkau
392cccb7f4 build: remove mips16 feature flag from target makefiles
It can be implicitly derived from the MIPS32 revision support in the
kernel configuration

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:35:45 +01:00
Felix Fietkau
e775adead8 build: remove obsolete mips32r2 CPU_TYPE
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:35:09 +01:00
Felix Fietkau
6193e3cdee ramips/rt288x: switch CPU_TYPE to 24kc
While rt288x only has a MIPS 4KEc processor, it implements the MIPS32r2
architecture just like the 24Kc, so the instruction set should be 100%
compatible.
Switching it to 24kc allows it to share the package architecture with a
lot of other targets instead of creating a special case, saving
buildbot resources.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:35:09 +01:00
Felix Fietkau
b36e24f39e x86: remove the xen_domu subtarget
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:30:45 +01:00
Felix Fietkau
296772f939 x86/generic: add xen DomU support
Copy the relevant config options from the xen_domu subtarget

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:30:39 +01:00
Jo-Philipp Wich
b850218584 hostapd: fix stray "out of range" shell errors in hostapd.sh
The hostapd_append_wpa_key_mgmt() procedure uses the possibly uninitialized
$ieee80211r and $ieee80211w variables in a numerical comparisation, leading
to stray "netifd: radio0 (0000): sh: out of range" errors in logread when
WPA-PSK security is enabled.

Ensure that those variables are substituted with a default value in order to
avoid emitting this (harmless) shell error.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-23 14:56:20 +01:00
Jo-Philipp Wich
ef08595c3f openvpn: let all openvpn variants provide a virtual openvpn package
Add PROVIDES:=openvpn to the default recipe in order to let all build variants
provide a virtual openvpn package.

The advantage of this approach is that downstream packages can depend on just
"openvpn" without having to require a specific flavor.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-21 23:05:54 +01:00
Kevin Darbyshire-Bryant
3a9926e40f kmod-sched-cake: fix parameter passing kernel/user space
The last two parameters passed between user space tc and kernel space
sched-cake were transposed due to a merge mistake in a parameter header
file.

As such, using a packet overhead figure was likely to set cake to wash
packet DSCP values.  Similarly, the DSCP wash flag was used as an offset
to the displayed packet overhead value.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-01-21 14:27:37 +01:00
Daniel Engberg
12392e5600 zlib: Update to 1.2.11
Update to 1.2.11 as suggested by upstream
Also add SF as primary source and main site as fallback

Note: SF doesn't carry the 1.2.11 update yet.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-21 14:27:23 +01:00
Jo-Philipp Wich
cfb3ef3a97 lede-keyring: bundle latest usign certificates
Includes the public usign certificates used by the 17.01.* release builds.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-20 10:11:15 +01:00
Jo-Philipp Wich
2c4d158d80 sdk: fix Git URL detection
Instead of relying on complex sed patterns that trip up make syntax rules, use
GNU Makes builtin filter function to match desired URLs.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-20 10:11:15 +01:00
Jo-Philipp Wich
cf5f7aa0b6 sdk: avoid using private repository clone urls as base repo entry
Only consider the repository origin url as valid base feed entry if it is a
git://, http:// or https:// location.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-19 20:47:52 +01:00
Felix Fietkau
4039b3eba1 lantiq: fix an ethernet stability issue triggered by receving packets during boot
Disabling ethernet during reboot (only to enable it again when the
ethernet driver attaches) can put the chip into a faulty state where it
corrupts the header of all incoming packets.

This happens if packets arrive during the time window where the core is
disabled, and it can be easily reproduced by rebooting while sending a
flood ping to the broadcast address.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-19 14:30:47 +01:00
Felix Fietkau
6538961d6a lantiq: fix spurious irq storm
Since the MIPS IRQ stack patches, lantiq devices were emitting a storm
of messages like this:

[  567.872172] Spurious IRQ: CAUSE=0x1100c300

Fix this by reworking the IRQ dispatch code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-19 12:34:08 +01:00
Mirko Vogt
c76da77573 git-kernel: $(SUBDIR) should always be $(LINUX_VERSION)
Before SUBDIR was set to $(PATCHVER) which may
or may not include the minor version number of
the linux kernel version. Usually it doesn't.

So the git-clone'd linux kernel was packed without
the minor version number taken into account, which
broke further processing, as it expected the
extracted dir being named linux-$(LINUX_VERSION)
(=with minor version) rather than linux-$(PATCHVER)
(=without minor version).

Changing SUBDIR to $(LINUX_VERSION) creates
consistent behaviour here.

Signed-off-by: Mirko Vogt <mirko-openwrt@nanl.de>
2017-01-19 12:34:04 +01:00
Jo-Philipp Wich
29a4a17f55 sdk: do not strip static libraries
Do not strip static libraries shipped with the SDK in order to preserve the
archive index. If we strip the index of the shipped libraries, host programs
will fail to link these libraries with errors like:

    libssl.a: error adding symbols: Archive has no index; run ranlib to add one

The error was found while investigating a Python host build failure within
the SDK environment.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-18 16:13:10 +01:00
Hans Dedecker
c71e13a81a netifd: update to git HEAD version
a057f6e device: fix DEV_OPT_SENDREDIRECTS definition

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-17 14:07:47 +01:00
Stijn Segers
2ac776ac76 curl: fix HTTPS network timeouts with OpenSSL
Backport an upstream change to fix HTTPS timeouts with OpenSSL.
Upstream curl bug #1174.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
[Jo-Philipp Wich: reword commit message, rename patch to 001-*]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 19:41:08 +01:00
Jo-Philipp Wich
1e1e3ef2fb LEDE v17.01: set branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 18:56:07 +01:00
Matthias Schiffer
b9a408c2b4
base-files: add ARCH_PACKAGES to openwrt_release and os-release
Knowing the package architecture at runtime can be useful, e.g. to
configure opkg repository URLs. The value of ARCH_PACKAGES ("%A" in
VERSION_SED) as added to openwrt_release (as DISTRIB_ARCH) and os-release
(as LEDE_ARCH).

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-16 13:29:47 +01:00
Andrej Vlasic
5c20a4fec9 ubox: turn logd into a separate package
Currently system log is always included as a part of ubox. Add logd as a
seperate package and add it to default packages list.

Signed-off-by: Andrej Vlasic <andrej.vlasic@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
2017-01-16 11:41:54 +01:00
Domagoj Pintaric
b5b83706be mbedtls: add static files in staging_dir
Signed-off-by: Domagoj Pintaric <domagoj.pintaric@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
2017-01-16 11:41:54 +01:00
Felix Fietkau
0b2991a8ed kernel: make ledtrig-netdev use a work queue for updates
This fixes hangs in igb that happen if the update call interrupts an
already existing dev_get_stats call. In that case the calling CPU
deadlocks because it's trying to acquire the same spinlock recursively.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-16 09:52:59 +01:00
Matthias Schiffer
9c55dede26
include/feeds.mk: base list of enabled feeds on available instead of installed feeds
This fixes handling of CONFIG_FEED_* options for uninstalled feeds.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-16 09:11:56 +01:00
Matthias Schiffer
621fd9fd62
opkg: use default PKG_BUILD_DIR
opkg doesn't have BUILD_VARIANTs anymore, so the previously defined
PKG_BUILD_DIR would lead to a weird 'opkg-' path component.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-16 09:02:42 +01:00
Rafał Miłecki
25200ae7a5 mac80211: brcmfmac: add early (& hacky) patch for storing country codes
This allows some basic region switching on Netgear R8000. More devices &
codes may be added. Ideally it should be converted into DT info & patch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-16 00:32:27 +01:00
Rafał Miłecki
5fba00a686 mac80211: use wiphy_read_of_freq_limits in brcmfmac
This makes use of cfg80211 feature backported & described in
188626f17c ("mac80211: backport cfg80211 support for
ieee80211-freq-limit DT property").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-15 23:10:55 +01:00
Rafał Miłecki
ea6d10d572 bcm53xx: add pending BCM5301X patches: Netgear R8000 WiFi & Luxul DTS
This specifies wireless limitations for Netgear R8000 making sure people
won't use channels incorrectly (limited performance). There are also 2
new DTS files not used by us yet.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-15 23:10:55 +01:00