* Only parse interfaces that are up during init_config (as the
script depends on this to determine the proper IP/subnet range)
* Add reload interface triggers for samba-designated interfaces
* Force full service restart upon config change to ensure Samba
binds to new interfaces (sending HUP signal doesn't work)
* Rename "interface" variable to "samba_iface" and move into
global scope
Needed to fix Samba connectivity for clients connecting from a
different LAN subnet (e.g. pseudobridge configurations) due to the
'bind interfaces only' setting.
Chuanhong Guo [Thu, 11 Aug 2016 03:35:21 +0000 (11:35 +0800)]
ar71xx: fix profile name of Mercury MW4530R
The mw4530r-v1 profile in tp-link.mk is for Mercury MW4530R.
There is no such a device called TL-WDR4530.
Also change MERCURY to Mercury in /lib/ar71xx.sh
Jo-Philipp Wich [Mon, 8 Aug 2016 15:14:41 +0000 (17:14 +0200)]
ncurses: change handling of PKG_CONFIG_LIBDIR
When PKG_CONFIG_LIBDIR was unset in the environment, the configure
script was deducing the PKG_CONFIG_LIBDIR from the location of the
pkg-config binary, which doesn't make a lot of sense, and isn't done
by other autotools based packages.
Patch imported from the Buildroot project:
https://github.com/buildroot/buildroot/blob/master/package/ncurses/0001-fixup-pkg-config-handling.patch
Jo-Philipp Wich [Mon, 15 Aug 2016 11:27:11 +0000 (13:27 +0200)]
scripts: ipkg-build: do not require git or svn
Move the "which svn" and "which git" calls next to the timestamp commands
using those tools to not prematurely fail on systems where svn or git are
not present.
Jo-Philipp Wich [Mon, 15 Aug 2016 10:14:50 +0000 (12:14 +0200)]
kernel: fix crashlog on x86/64
The bootmem area reserved for crashlog might be smaller than CRASHLOG_OFFSET
bytes, leading to an integer underflow when calculating the memory address
in crashlog_set_addr() which subsequently causes the kernel to crash when
attempting to vmap() the crashlog pages.
Change the logic to only consider the offset when the size of the used memory
area is sufficient.
Rafał Miłecki [Mon, 15 Aug 2016 10:47:21 +0000 (12:47 +0200)]
bcm53xx: add quick fixes for BCM53573
It adds and uses ILP clock that requires some other work (in progress)
for upstreaming it. Other than that it adds a quick fix for bcma to add
serial flash before trying to read SPROM.
Rafał Miłecki [Mon, 15 Aug 2016 08:19:10 +0000 (10:19 +0200)]
bcm53xx: add temporary BCM53573 ILP clock driver
It wasn't accepted upstream as there was a discusson on Northstar vs.
BCM53573. Once we get a new ARM arch Kconfig entry it should be
possible to upstream it.
Jonas Gorski [Sun, 14 Aug 2016 20:59:28 +0000 (22:59 +0200)]
base-files: set pi_ifname in board.d case to fix deconfig
Due to an empty pi_ifname in the generic failsafe setup, the deconfig
never removed the failsafe networking interface, causing broken
networking later on.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jo-Philipp Wich [Thu, 11 Aug 2016 15:20:54 +0000 (17:20 +0200)]
mvebu: add ClearFog .tar.gz bundle
The previous image building code rework removed the rootfs.tar.gz with embedded
kernel and dtb build artifact which is required to build suitable SD images.
Reintroduce a .tar.gz artifact locally which embeds kernel and dtb, similar to
how the old code handled it.
Yue Cao claims that current host rate limiting of challenge ACKS
(RFC 5961) could leak enough information to allow a patient attacker
to hijack TCP sessions. He will soon provide details in an academic
paper.
Jonas Gorski [Sat, 13 Aug 2016 09:29:46 +0000 (11:29 +0200)]
kernel: allow reproducable builds
Similar how we fix the file times in the filesystems, fix the build time
of the kernel, and make the build number static. This should allow the
kernel build to be reproducable when combined with setting the
KERNEL_BUILD_USER and _DOMAIN in case of different machines.
The reproducability only applies to non-initramfs kernels, those still
require additional changes.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jo-Philipp Wich [Fri, 12 Aug 2016 09:44:07 +0000 (11:44 +0200)]
dropbear: security update to 2016.74
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
Ben Greear [Wed, 10 Aug 2016 22:46:16 +0000 (15:46 -0700)]
ath10k-firmware: Update to latest 99X0 CT firmware.
Among other things, this compiles out support for peer caching.
The feature did not seem to work well in my testing of AP mode,
and totally breaks my own special use of station mode.
Briefly tested on ea8500.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Mathias Kresin [Tue, 9 Aug 2016 06:22:24 +0000 (08:22 +0200)]
tools: flock: add NFSv4 compatibility
This patch fixes the LEDE build on mounted NFSv4 shares.
The lock file cannot be opened in read-write mode by default, because
then we cannot use flock(1) to lock executable files.
The read-write mode for lock files is necessary on NFSv4 where
flock(2) is emulated by by fcntl() -- this situation is possible to
detect by flock(2) EBADF error.
The patch consist of the following util-linux/flock commits
Mathias Kresin [Sun, 7 Aug 2016 20:21:34 +0000 (22:21 +0200)]
preinit: use only the image config options
The pi_* variables and the fs_failsafe_wait_timeout variable are set by
the CONFIG_TARGET_PREINIT_* config options. No need to maintain the same
values twice.
Mathias Kresin [Sat, 6 Aug 2016 08:34:53 +0000 (10:34 +0200)]
lantiq: enable cpu temp driver for selected boards
According to the author of the cpu temp driver, not all xrx200 boards
have a cpu temperature sensor. For that reason enable the sensor only
for tested boards.
Mathias Kresin [Tue, 2 Aug 2016 20:26:02 +0000 (22:26 +0200)]
lantiq: drop duplicate and now unused "lantiq, eth-mac" binding
The device tree binding and the associated code duplicates functionality
already patched into the etop driver. The compatible string isn't used
any more. Therefore the whole code can be dropped.
The "mac-increment" property allowed to increment a mac address received
via kernel cmdline. This functionality isn't used by any device and
should be added as etop driver device tree property if required again.
Jo-Philipp Wich [Tue, 9 Aug 2016 15:23:56 +0000 (17:23 +0200)]
ath25: fix duplicate LZMA compression
The conversion to the new image building code accidentally caused the kernel
image to get compressed twice, leading to boot failures when kernel and rootfs
are flashed separately.
The sysupgrade images have been unaffected by this. Also restore the elf
kernel build artifact while we're at it.
Jonas Gorski [Mon, 8 Aug 2016 09:27:04 +0000 (11:27 +0200)]
ramips: switch from 24kec to 24kc
Since the only difference between 24Kec and 24Kc is the addition of DSP
ASE support, and we don't use it anymore, there is no need to keep 24Kec
as a separate cpu type.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Petko Bordjukov [Sun, 7 Aug 2016 20:45:33 +0000 (23:45 +0300)]
mac80211: Update the regdb to master-2016-06-10
Changes include:
* Higher maximum transmit power in the 5170-5250 band of the BG
regdomain
* Introduction of the CU regdomain
* Introduction of the 5725-5875 band (short-range devices) in the DE
regdomain
* Introduction of 60 GHz channels 1-4 in the KR regdomain
* Introduction of the 5725-5875 band (short-range devices) in the NL
regdomain
Mathias Kresin [Tue, 2 Aug 2016 20:29:31 +0000 (22:29 +0200)]
sysupgrade: unmount filesystems before reboot
sysupgrade immediately reboots after flashing an image and doesn't
allow to unmount filesystems. At least in case the image used for
sysupgrade is stored on a FAT formatted usb flash drive, the following
warning is printed during the next mount of the flash drive:
FAT-fs (sda1): Volume was not properly unmounted. Some data may be
corrupt. Please run fsck.
Although a data corruption during read operations is unlikely, there is
no need to scare the users.
Daniel Golle [Tue, 2 Aug 2016 13:38:46 +0000 (15:38 +0200)]
base-files: remove dead code
/etc/init.d/boot tried to create /dev/root based on the kernel's
cmdline which won't work on any recent targets. Remove that code now
that fstools can detect the mounted rootfs based on
/proc/self/mountinfo and /dev/root was long gone anyway.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Felix Fietkau [Wed, 3 Aug 2016 14:38:04 +0000 (16:38 +0200)]
kernel: remove switch driver kmod packages
Targets that need switch drivers should select them in their kernel
config. This prevents some bloat from creeping into targets that don't
need switchdev/dsa
CPU frequency scaling enables the operating system to scale the CPU
frequency up or down in order to save power. CPU frequencies can be
scaled automatically depending on the system load, in response to ACPI
events, or manually by userspace programs.
projects / thirdparty / openwrt.git / log
