This was done by simply running `make kernel_menuconfig CONFIG_TARGET=subtarget`
and then saving without changing any option.
Having consistent kernel config is important to avoid surprises, such
as the issue fixed with 6f0367c9 (where Xen support was silently
disabled when building the kernel, although it was present in the
initial config)
As far as I understand the build system, this shouldn't have any
user-visible impact, because the build system already merges the
various kernel configs during build.
x86: Fix xen serial console by removing conflicting PATA driver
The Xen serial console has been broken since the xen_domu subtarget
was merged in the generic x86 subtarget (commits 296772f9 and b36e24f3).
The reason for the broken serial console seems to be an IRQ conflict
between the serial console driver and the PATA_LEGACY driver:
[ 1.330125] genirq: Flags mismatch irq 8. 00000000 (hvc_console) vs. 00000000 (platform[pata_legacy.4])
[ 1.330134] hvc_open: request_irq failed with rc -16.
[ 1.330148] Warning: unable to open an initial console.
Just drop the PATA_LEGACY driver from the x86/generic and x86_64
subtargets, since this driver is marked experimental and only supports
very old ISA devices anyway. It is still included in the x86/legacy
subtarget where it rightfully belongs.
Thibaut VARENE [Wed, 2 Aug 2017 14:28:16 +0000 (16:28 +0200)]
ramips: mt7620: do not pad sysupgrade Archer images
The current makefile unnecessarily pads sysupgrade image for Archer devices.
This has three implications:
1. higher risk of OOM when uploading the binary image to the device
2. much slower upgrade due to time wasted erasing and writing padding
3. grows image beyond available flash size if metadata are appended
This is already fixed in master, albeit in a completely different way (the
whole target have been reworked)
Adrian Panella [Tue, 12 Sep 2017 18:29:09 +0000 (13:29 -0500)]
uhttp: update to latest version
3fd58e9 2017-08-19 uhttpd: add manifest support 88c0b4b 2017-07-09 file: fix basic auth regression 99957f6 2017-07-02 file: remove unused "auth" member from struct
path_info c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS ad93be7 2017-07-02 auth: store parsed username and password fa51d7f 2017-07-02 proc: do not declare empty process variables a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash
Signed-off-by: Adrian Panella <ianchi74@outlook.com>
The /bin/config_generate script and some other scripts are assuming the
/etc/config directory exists in the image. This is true in case for
example the package firewall, dropbear or dnsmasq are included, which
are adding the files under /etc/config/. Without any of these package
the system will not boot up fully because the /etc/config/ directory is
missing and some init scripts just fail.
Make sure all images with the base-files contain a /etc/config/
directory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: John Crispin <john@phrozen.org>
Module definitions for kmod-wdt-sunxi and kmod-eeprom-sunxi are removed
(wdt-sunxi was builtin anyways; nvmem-sunxi, which is the new name of
eeprom-sunxi is changed to builtin). As kmod-eeprom-sunxi was specified
in DEFAULT_PACKAGES, but not available on kernel 4.4, it was breaking the
image builder.
Support for kmod-sunxi-ir is added for kernel 4.4 (it is unclear why it
was disable before, it builds fine with with kernel 4.4).
Condtionals only relevant for pre-4.4 kernels are removed from modules.mk,
as sunxi does't support older kernels anymore.
If the optimized firmware download is disabled, the xdsl subsystem
hangs in the "idle request" state after physically disconnecting and
reconnecting the xdsl modem from the line.
It might fix the failing line init on boot as well.
Fixed an authentication bypass issue in SSL/TLS. When the TLS
authentication mode was set to 'optional',
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
peer's X.509 certificate chain had more than
MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
it was not trusted. This could be triggered remotely on both the client
and server side. (Note, with the authentication mode set by
mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
was correctly aborted).
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>
Our local patch is no longer needed, all this patch was doing was utilizing
gen10g_soft_reset which does nothing either, so just keep the code unchanged.
With ltq-vdsl-mei 1.5.17.6 an optimized firmware download was added and
enabled by default. As soon as the optimized firmware download is
enabled, a watchdog based reboot is trigger between 24h to 48h of
uptime if the board isn't connected to a xdsl line.
Martin Schiller [Tue, 26 Sep 2017 05:56:55 +0000 (07:56 +0200)]
ltq-vdsl: fix PM thread suspend and resume handling
This is a backport form drv_dsl_cpe_api-4.18.10 and fixes some PM
thread handling issues which lead to high system load and watchdog
trigger within 1h of uptime for boards not connected to a xdsl line.
When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed
CVEs in the commit message. As the list of fixed CVEs is quite long,
we should probably mention them in the changelogs of the releases to
come. This commit will make sure this happens.
Hans Dedecker [Mon, 18 Sep 2017 07:18:36 +0000 (09:18 +0200)]
base-files: fix wan6 interface config generation for pppoe
Setting ipv6 to auto in case of a pppoe interface will trigger the
creation of a dynamic wan_6 interface meaning two IPv6 interfaces
(wan6 and wan_6) will be active on top of the pppoe interface.
This leads to unpredictable behavior in the network; therefore set
ipv6 to 1 which will prevent the dynamic creation of the wan_6
interface.
Further alias the wan6 interface on top of the wan interface for pppoe
as the wan6 interface can only be started when the link local address is
ready. In case of pppoe the link local address is negotiated during the
Internet Protocol Control Protocol when the PPP link is setup meaning
all the IP address info is only available when the wan interface is up.
Lorenzo Santina [Mon, 11 Sep 2017 13:27:53 +0000 (15:27 +0200)]
treewide: fix shellscript syntax errors/typos
Fix multiple syntax errors in shelscripts (of packages only)
These errors were causing many conditions to not working properly
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[increase PKG_RELEASE, drop command substitution from directip.sh] Signed-off-by: Mathias Kresin <dev@kresin.em>
ar71xx: fix MAC addresses on TP-Link TL-WR1043ND v4
The addresses were read from the 'config' partition, which would not always
contain the addresses at the same offsets, depending on the stock firmware
version used before flashing LEDE. Change this to get the addresses from
the 'product-info' partition, which is read-only.
Reported-and-tested-by: Andreas Ziegler <ml@andreas-ziegler.de> Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset()
is called with header & limit pointing at the same address and thus
tries to clear memory from before the buffer begins.
answer_request() is called with an invalid edns packet size provided by
the client. Ensure the udp_size provided by the client is bounded by
512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512
MUST be treated as equal to 512"
The client that exposed the problem provided a payload udp size of 0.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Rafał Miłecki [Wed, 8 Mar 2017 11:38:43 +0000 (12:38 +0100)]
kernel: fix of_node handling in LEDs core code
This backports fixes for setting of_node and making it possible to read
extra info from DT. This was partially fixed by:
[PATCH] leds: leds-gpio: Set of_node for created LED devices
but it didn't work during initialization.
Refresh patches.
Minor update 704-phy-no-genphy-soft-reset.patch which was partially
accepted upstream.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.
Fixes the following vulnerabilities:
- CVE-2017-7533 (4.4.80)
- CVE-2017-1000111 (4.4.82)
- CVE-2017-1000112 (4.4.82)
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates.
This breaks openvpn clients that try to connect to servers that
present a TLS certificate signed with SHA1, which is fairly common.
Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx.
Rafał Miłecki [Mon, 7 Aug 2017 09:09:33 +0000 (11:09 +0200)]
base-files: don't setup network in preinit if failsafe is disabled
With failsafe disabled there is no point in early network setup. We
don't send announcement over UDP and there is no way to ssh to the
device.
A side effect of this is avoiding a possibly incorrect network config
(only with failsafe disabled). This problem is related to possible
changes made by user in /etc/config/network.
Thibaut VARENE [Fri, 4 Aug 2017 15:22:03 +0000 (17:22 +0200)]
ramips: ArcherC50v1: fix wlan2g MAC address
By default the wlan eprom contains the generic ralink MAC which is not
the vendor (TP-Link) one. Based on OFW bootlog, it appears that addresses
are decremented from the ethernet MAC.
This patch fixes the MAC address for wlan2g in line with OFW.
John Crispin [Tue, 1 Aug 2017 04:53:38 +0000 (06:53 +0200)]
ralink: fix rcu_sched stalls on mt7621
there were 2 bugs
*) core1 came up with a bad bogo mips, looks like the clock needed time to stabilize
*) HPT frequency was not set making r4k timers not come up properly
Backport of 9551d91b1d6 "ralink: fix rcu_sched stalls on mt7621".
01_leds had a workaround for the power led to compensate for the
inverted GPIO state. This patch was missing from my previous commit.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
[add the power led default-state which was omitted in the last commit
by me] Signed-off-by: Mathias Kresin <dev@kresin.me>
With d2b6bf141662 ("ramips: fix image validation errors") the board
name was changed to fix an image validation error. But this change
wasn't applied to all other files using the board name, which broke
sysupgrade.
Revert this change and use the former board name in the metadata
instead.
Make the behaviour of clk_get_rate consistent with common clk's
clk_get_rate by accepting NULL clocks as parameter. Some device
drivers rely on this, and will cause an OOPS otherwise.
Make the behaviour of clk_get_rate consistent with common clk's
clk_get_rate by accepting NULL clocks as parameter. Some device
drivers rely on this, and will cause an OOPS otherwise.
Make the behaviour of clk_get_rate consistent with common clk's
clk_get_rate by accepting NULL clocks as parameter. Some device
drivers rely on this, and will cause an OOPS otherwise.
This fixes the following security problems:
* CVE-2017-7407: https://curl.haxx.se/docs/adv_20170403.html
* CVE-2017-7468: https://curl.haxx.se/docs/adv_20170419.html
Paul Wassi [Sat, 22 Jul 2017 09:15:55 +0000 (11:15 +0200)]
ramips: DTS: VoCore2 improvements/fixes
The VoCore2 features 128MB of RAM, therefore set
memory in DTS to 128*1024*1024 = 0x8000000
The board's LED is connected to GND, set it to
ACTIVE_HIGH here.
Make serial console working again on kernel 4.9 by
change of pinmux configuration.
Piotr Dymacz [Fri, 31 Mar 2017 11:37:31 +0000 (13:37 +0200)]
ar71xx: add support for ALFA Network AP121F
ALFA Network AP121F is a pocket-size router dedicated for VPN/TOR users.
Device is based on Atheros AR9331 WiSoC and is running a custom version
(updated from OpenWrt CC to LEDE 17.01 release) of NetAidKit firmware.
Specification:
- 400/400/200 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR1)
- 16 MB of FLASH (SPI NOR)
- 1x 10/100 Mbps Ethernet
- 1T1R 2.4 GHz
- 1x microSD (optional, on separate PCB)
- 3x LED, 1x button, 1x switch
- UART header on PCB
Flash instruction (under U-Boot web recovery mode):
1. Configure PC with static IP 192.168.1.2/24.
2. Connect PC with RJ45 port, press the reset button, power up device,
wait for first blink of all LEDs (indicates network setup), then keep
button for 3 following blinks and release it.
3. Open 192.168.1.1 address in your browser and upload sysupgrade image.
Even the commit message of the patch adding support for the MiWiFi Nano
says that a 16 MB flash chip is used. Extend the firmware partition to
make use of all available flash space.
Sergey Sergeev [Wed, 31 May 2017 08:00:01 +0000 (11:00 +0300)]
ar71xx: Fix UBIFS work on Mikrotik RB95x devices
If nand chip has no NAND_NO_SUBPAGE_WRITE flag on its options
ubifs can't use it mtd devices and the kernel crashes with error:
__nand_correct_data: uncorrectable ECC error
Mathias Kresin [Wed, 28 Jun 2017 21:36:37 +0000 (23:36 +0200)]
lantiq: use img file extension for DGN3500 factory images
The Netgear UI in basic mode refuses the upgrade file if the the
fileextension is not img. The expert/advanced mode accepts any
fileextension. Use img to make it work in any case.
projects / thirdparty / openwrt.git / log
