| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
7c0d711 version: bump snapshot
b6a5cc0 contrib: add extract-handshakes kprobe example
37dc953 wg-quick: if resolvconf/run/iface exists, use it
1f9be19 wg-quick: if resolvconf/interface-order exists, use it
4d2d395 noise: align static_identity keys
14395d2 compat: use correct -include path
38c6d8f noise: fix function prototype
302d0c0 global: in gnu code, use un-underscored asm
ff4e06b messages: MESSAGE_TOTAL is unused
ea81962 crypto: read only after init
e35f409 Kconfig: require DST_CACHE explicitly
9d5baf7 Revert "contrib: keygen-html: rewrite in pure javascript"
6e09a46 contrib: keygen-html: rewrite in pure javascript
e0af0f4 compat: workaround netlink refcount bug
ec65415 contrib: embedded-wg-library: add key generation functions
06099b8 allowedips: fix comment style
ce04251 contrib: embedded-wg-library: add ability to add and del interfaces
7403191 queueing: skb_reset: mark as xnet
Changes:
* queueing: skb_reset: mark as xnet
This allows cgroups to classify packets.
* contrib: embedded-wg-library: add ability to add and del interfaces
* contrib: embedded-wg-library: add key generation functions
The embeddable library gains a few extra tricks, for people implementing
plugins for various network managers.
* crypto: read only after init
* allowedips: fix comment style
* messages: MESSAGE_TOTAL is unused
* global: in gnu code, use un-underscored asm
* noise: fix function prototype
Small cleanups.
* compat: workaround netlink refcount bug
An upstream refcounting bug meant that in certain situations it became
impossible to unload the module. So, we work around it in the compat code. The
problem has been fixed in 4.16.
* contrib: keygen-html: rewrite in pure javascript
* Revert "contrib: keygen-html: rewrite in pure javascript"
We nearly moved away from emscripten'ing the fiat32 code, but the resultant
floating point javascript was just too terrifying.
* Kconfig: require DST_CACHE explicitly
Required for certain frankenkernels.
* compat: use correct -include path
Fixes certain out-of-tree build systems.
* noise: align static_identity keys
Gives us better alignment of private keys.
* wg-quick: if resolvconf/interface-order exists, use it
* wg-quick: if resolvconf/run/iface exists, use it
Better compatibility with Debian's resolvconf.
* contrib: add extract-handshakes kprobe example
Small utility for extracting ephemeral key data from the kernel's memory.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (git log --oneline description)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump to latest wireguard release snapshot:
2675814 version: bump snapshot
381d703 qemu: update base versions
c3fbd9d curve25519: break more things with more test cases
93fa0d9 curve25519: replace fiat64 with faster hacl64
6177bdd curve25519: replace hacl64 with fiat64
b9bf37d curve25519: verify that specialized basepoint implementations are correct
bd3f0d8 tools: dedup secret normalization
1f87434 chacha20poly1305: better buffer alignment
78959ed chacha20poly1305: use existing rol32 function
494cdea tools: fread doesn't change errno
ab89bdc device: let udev know what kind of device we are
62e8720 qemu: disable AVX-512 in userland
6342bf7 qemu: disable PIE for compilation
e23e451 contrib: keygen-html: share curve25519 implementation with kernel
6b28fa6 tools: share curve25519 implementations with kernel
c80cbfa poly1305: add poly-specific self-tests
10a2edf curve25519-fiat32: uninline certain functions
No patch refresh required.
Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump to latest wireguard release snapshot:
9a93a3d version: bump snapshot
7bc0579 contrib: keygen-html: update curve25519 implementation
ffc13a3 tools: import new curve25519 implementations
0ae7356 curve25519: wire up new impls and remove donna
f90e36b curve25519: resolve symbol clash between fe types
505bc05 curve25519: import 64-bit hacl-star implementation
8c02050 curve25519: import 32-bit fiat-crypto implementation
96157fd curve25519: modularize implementation
4830fc7 poly1305: remove indirect calls
bfd1a5e tools: plug memleak in config error path
09bf49b external-tests: add python implementation
b4d5801 wg-quick: ifnames have max len of 15
6fcd86c socket: check for null socket before fishing out sport
ddb8270 global: year bump
399d766 receive: treat packet checking as irrelevant for timers
No patch refresh required.
Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
| |
* Refreshed patches
Compile-tested: ar71xx
Run-tested: ar71xx
Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All these changes are important enough to have them in the 17.01.
8206219 uci: fix memory leak in rpc_uci_replace_savedir()
10f7878 exec: close stdout and stderr streams on child signal
92d0d75 uci: use correct sort index when reordering sections
66a9bad uci: fix memory leak in rpc_uci_apply_timeout()
2423162 uci: switch to proper save directory on apply/rollback
edd37f8 uci: add rpc_uci_replace_savedir() helper
eb09f3a session: ignore non-string username attribute upon restore
3d400c7 session: support reclaiming pending apply session
f0f6f81 session: remove redundant key attribute to rpc_session_set()
6994c87 uci: fix session delta isolation
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
| |
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 404508001e9f2bbf09fc4c4027cf16b8720124db)
|
|
|
|
| |
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
| |
Fix ART offset (make it universal for 8/16 MB versions of the board) and
while at it, include also GPIO setup for h/w watchdog (EM6324QYSP5B).
Fixes: FS#1532
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
|
|
|
|
|
|
|
|
|
| |
* Refreshed patches
Compile-tested: ar71xx
Run-tested: ar71xx
Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes "unregister_netdevice: waiting for lo to become free. Usage count = 1"
messages which started appearing since the update to 4.4.103. That
problem was exposed by upstream commit 76da0704507bb ("ipv6: only call
ip6_route_dev_notify() once for NETDEV_UNREGISTER") backported to 4.4.x
branch in 2417da3f4d6bc.
Fixes: 2b664499cd622 ("kernel: bump 4.4 to 4.4.103 for 17.01")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 58f7b5b96c301176d639540df4723c798af2a999)
|
|
|
|
|
|
|
|
|
| |
* Refreshed patches
Compile-tested: ar71xx
Run-tested: ar71xx
Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix FS#832
/source/build_dir/toolchain-mips_74kc_gcc-6.3.0_musl/gcc-6.3.0/gcc/ubsan.c:
In function 'bool ubsan_use_new_style_p(location_t)':
/source/build_dir/toolchain-mips_74kc_gcc-6.3.0_musl/gcc-6.3.0/gcc/ubsan.c:1474:23:
error: ISO C++ forbids comparison between pointer and integer
[-fpermissive]
|| xloc.file == '\0' || xloc.file[0] == '\xff'
^~~~
make[5]: *** [Makefile:1085: ubsan.o] Error 1
https://www.viva64.com/en/b/0425/#ID0EMGCI
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit 22e2b402aee17684781ae705a91fb3645299de9c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some Ubiquiti U-boot versions, in particular the "U-Boot 1.1.4.2-s956
(Jun 10 2015 - 10:54:50)" found with AirOS 5.6, do not correctly flush the
caches for the whole kernel address range after decompressing the kernel
image, leading to hard to debug boot failures, depending on kernel version
and configuration.
As a workaround, prepend the relocate-kernels loader, which will invalidate
the caches after moving the kernel to the correct load address.
Reported-by: Andreas Ziegler <dev@andreas-ziegler.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
|
| |
This includes fix for reading NVRAM content.
(cherry picked from commit b1f5dd34ed84b295a67934a64d2ab309db65b65e)
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
| |
Package postinst will pass even names of builtin modules to insert_modules,
leading to postinst failing with error 255. This has been fixed in master
in r5279, but for lede-17.01 this minimal change is preferable.
Fixes FS#645, FS#893.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
| |
6609e98 libfstools: add "const" to char pointer arguments in mount_move()
95c07d5 libfstools: fix foreachdir() to pass dir with a trailing slash
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
| |
* Refreshed patches
Compile-tested: ar71xx, ramips/mt7621, x86/64
Run-tested: ar71xx
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the
libmbedcrypto.so library, use the old version again to be able to use
the new library with binaries compiled against the old mbedtls library.
Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.
Go back to libmbedcrypto.so.0 and make the system rebuild the binaries
which were rebuild for 2.7.0 again.
This should make the libmbedcrypto.so library be compatible with the old
version shipped with 17.01.
Fixes: 3ca1438ae0 ("mbedtls: update to version 2.7.2")
Fixes: f609913b5c ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is important fix for flash parsing in some corner cases. In case
of TRX subpartition with rootfs being aligned to the flash block size it
was incorrectly registered twice. Detecting & registering it as a
standalone partition was resulting in an incorrect "firmware" partition
size and possibly broken sysupgrade.
It wasn't noticed before because "rootfs" alignment depends on a kernel
size. It can happen though - depending on the configuration and the
kernel size.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f5195e72c0fcf2949f7d6296a5db081eb58f8e32)
|
|
|
|
|
|
|
|
|
| |
Previously, tplink_pharos_check_image() would accept any image with ELF
magic and only non-printable data in the support-list, as in this case the
while-read loop would not run at all. Add the new support-list offset and
ensure an image is only accepted when the model string is actually found.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switching from kernel 4.4.120 to 4.4.124 introduced a regression in
the genirq code. It was caused by a commit 9d0273bb1c4b6 ("genirq: Use
irqd_get_trigger_type to compare the trigger type for shared IRQs").
On bcm53xx it breaks serial console and results in a flood of:
[ 22.078829] genirq: Flags mismatch irq 18. 00000080 (serial) vs. 00000080 (gpio)
[ 22.086432] genirq: Flags mismatch irq 18. 00000080 (serial) vs. 00000080 (gpio)
[ 22.601150] genirq: Flags mismatch irq 18. 00000080 (serial) vs. 00000080 (gpio)
[ 22.608845] genirq: Flags mismatch irq 18. 00000080 (serial) vs. 00000080 (gpio)
Later in the upstream "linux-4.4.y" branch that commit was reverted and
it was followed by a 4.4.126 release. Until we switch from 4.4.124 to
4.4.126 (or newer), let's backport that reverting commit.
Fixes: bed0ee7cbfaa5 ("Kernel: bump 4.4 to 4.4.124 for 17.01")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update microcode for 24 CPU types
- Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for:
Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake,
Coffee Lake
- Missing production updates:
- Broadwell-E/EX Xeons (sig 0x406f1)
- Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell,
Gemini Lake, Denverton
- New Microcodes:
- sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140
- sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit 3db9d6e57def2912314c7ce0bc0c282f313ed654)
|
|
|
|
|
|
| |
(cherry picked from commit 16efb0c1c6c7702e694aef8f297b57b7c10b98c1)
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
| |
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
| |
This fixes some minor security problems.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
| |
Fixes CVE-2018-0739
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
|
|
|
|
|
|
|
|
|
|
| |
* Refreshed patches
* Removed 087-Revert-led-core-Fix-brightness-setting-when-setting-.patch (applied upstream)
Compile-tested on ar71xx, ramips/mt7621, x86/64
Run-tested on ar71xx
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
|
|
|
|
| |
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures
This release is also ABI incompatible with the previous one, but it is
API compatible.
Some functions used by a lot of other software was renamed and the old
function names are provided as a static inline now, but they are only
active when deprecated functions are allowed, deactivate the removal of
deprecated functions for now.
Also increase the PKG_RELEASE version to force a rebuild and update of
packages depending on mbedtls to handle the changed ABI.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The e2fsprogs host build fails on a glibc 2.27 host with
make[6]: Entering directory 'build_dir/host/e2fsprogs-1.43.7/debugfs'
CC create_inode.o
./../misc/create_inode.c:399:18: error: conflicting types for 'copy_file_range'
static errcode_t copy_file_range(ext2_filsys fs, int fd, ext2_file_t e2_file,
^~~~~~~~~~~~~~~
In file included from ./../misc/create_inode.c:19:0:
/usr/include/unistd.h:1110:9: note: previous declaration of 'copy_file_range' was here
ssize_t copy_file_range (int __infd, __off64_t *__pinoff,
^~~~~~~~~~~~~~~
Backport upstream commit "misc: rename copy_file_range to
copy_file_chunk" 01551bdba16ab16512a01affe02ade32c41ede8a in order to
fix this.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
|
|
|
|
|
|
|
|
|
| |
At least on some devices, LEDs don't work anymore since kernel 4.4.120.
Revert the broken change.
See also: https://www.spinics.net/lists/stable/msg223656.html
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
|
|
| |
The default fragment low/high thresholds are 3 and 4 MB. On devices with
only 32MB RAM, these settings may lead to OOM when many fragments that
cannot be reassembled are received. Decrease fragment low/high thresholds
to 384 and 512 kB on devices with less than 64 MB RAM.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
| |
Copying ./src/* would fail when src exists, but is empty or only contains
hidden files.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
|
| |
/usr/lib/opkg/status must not be removed completely, otherwise the
packages' conffile lists will be missing. Replace it with a reduced version
only containing the conffile entries.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
| |
When a user removes a preinstalled opkg package, the package's prerm script
(and in particular our default_prerm) should run.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
| |
Many packages use the opkg conffiles field to list configuration files that
are to be retained on upgrades. Make this work on systems without opkg.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
|
|
| |
Bump the 4.4 kernel for the 17.01 release to 4.4.120. Refresh patches.
Compile-tested: ar71xx, ramips/mt7621, x86/64
Run-tested: ar71xx, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
|
|
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Compiling the Intel microcode package results in a
microcode.bin and a microcode-64.bin. As we can
decide based on the subtarget which should be used,
we'll only split the required .bin file with
iucode-tool.
x64 will get the intel-microcode-64.bin
All other variants will get intel-microcode.bin
The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
|
|
|
|
|
|
|
|
|
|
| |
Use the Debian repository for sourcing the ucode files.
Current (20171205) includes support for fam17h CPUs already.
The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add tool to "compile" Intel microcode files. The tool will be
compiled for host (to split the microcode.dat) and for target
(to forcibly reload the microcode if required).
Instead of using the large microcode.bin/microcode-64.bin, the
splitted ucode files (separate for CPU families) will be
installed.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
|
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
|
|
|
|
|
| |
aedc154 dhcpv6-ia: don't always send reconf accept option (FS#1377)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
| |
There was a mismatch between indicating factory reset and code actually
starting it. After 5 seconds status LED started blinking rapidly letting
user know it's ready to release reset button. In practice button had to
stay pressed for another second in order to relly start the process.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
| |
Fixes issue FS#1355.
LPAE extensions are enabled, but the A13 does not support them.
The result is the boot process stopping at "Starting kernel ..."
Fixes: 468735c3a2f7 ("target: sunxi: enable kvm support")
Signed-off-by: Matteo Scordino <matteo.scordino@gmail.com>
|
|
|
|
|
|
|
|
| |
Looking for a wrong LED file name was stopping this code from find any
LED. This affects devices with only a red/amber power LED.
Fixes: 3aaee1ba023ac ("bcm53xx: failsafe support")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This significantly improves mountd stability & reliability by:
1) Sending hotplug.d event when appropriate
2) Properly unmounting
3) Handling corner cases when unmounting fails
4) Improving log messages
5f2c419 mount: drop duplicated includes
aaf2743 mount: call hotplug-call with ACTION=remove before trying to unmount
97da4ed mount: try lazy unmount if normal one fails
1b62489 mount: create not working symlink when unmounting fails
e77dc6d mount: reorder deleting code in the mount_enum_drives()
76766ae mount: rename tmp variables in the mount_add_list()
04b897f mount: drop duplicated rmdir() call from the mount_enum_drives()
a27ea3f mount: drop duplicated unlink() call from the mount_dev_del()
bf7cc33 mount: fix/improve unmounting log messages
36f9197 mount: fix removing mount point if it's expired
ed4270f mount: struct mount: replace "mounted" and "ignore" fileds with a "status"
1af9ca2 mount: change mount_dev_del() argument to struct mount *
7c8fea8 mount: rename /proc/mount parser to mount_update_mount_list()
7aadd1c mount: improve handling mounts table size
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
| |
Allow building perf on uncommon targets again.
Depending on the kernel version, not all of these archs will actually use
libunwind in perf. Still, it seems simpler and less error-prone to use the
same list that is defined in the libunwind package.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
|
|
|
|
| |
Works around two incompatiblities between glibc and (POSIX-compliant) musl:
- missing register definitions from asm/ptrace.h
- non-POSIX-compliant ucontext_t on PPC32 with glibc
Compile tested on mpc85xx.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|