Jonas Gorski [Sat, 13 Aug 2016 09:29:46 +0000 (11:29 +0200)]
kernel: allow reproducable builds
Similar how we fix the file times in the filesystems, fix the build time
of the kernel, and make the build number static. This should allow the
kernel build to be reproducable when combined with setting the
KERNEL_BUILD_USER and _DOMAIN in case of different machines.
The reproducability only applies to non-initramfs kernels, those still
require additional changes.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jo-Philipp Wich [Fri, 12 Aug 2016 09:44:07 +0000 (11:44 +0200)]
dropbear: security update to 2016.74
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
Ben Greear [Wed, 10 Aug 2016 22:46:16 +0000 (15:46 -0700)]
ath10k-firmware: Update to latest 99X0 CT firmware.
Among other things, this compiles out support for peer caching.
The feature did not seem to work well in my testing of AP mode,
and totally breaks my own special use of station mode.
Briefly tested on ea8500.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Mathias Kresin [Tue, 9 Aug 2016 06:22:24 +0000 (08:22 +0200)]
tools: flock: add NFSv4 compatibility
This patch fixes the LEDE build on mounted NFSv4 shares.
The lock file cannot be opened in read-write mode by default, because
then we cannot use flock(1) to lock executable files.
The read-write mode for lock files is necessary on NFSv4 where
flock(2) is emulated by by fcntl() -- this situation is possible to
detect by flock(2) EBADF error.
The patch consist of the following util-linux/flock commits
Mathias Kresin [Sun, 7 Aug 2016 20:21:34 +0000 (22:21 +0200)]
preinit: use only the image config options
The pi_* variables and the fs_failsafe_wait_timeout variable are set by
the CONFIG_TARGET_PREINIT_* config options. No need to maintain the same
values twice.
Mathias Kresin [Sat, 6 Aug 2016 08:34:53 +0000 (10:34 +0200)]
lantiq: enable cpu temp driver for selected boards
According to the author of the cpu temp driver, not all xrx200 boards
have a cpu temperature sensor. For that reason enable the sensor only
for tested boards.
Mathias Kresin [Tue, 2 Aug 2016 20:26:02 +0000 (22:26 +0200)]
lantiq: drop duplicate and now unused "lantiq, eth-mac" binding
The device tree binding and the associated code duplicates functionality
already patched into the etop driver. The compatible string isn't used
any more. Therefore the whole code can be dropped.
The "mac-increment" property allowed to increment a mac address received
via kernel cmdline. This functionality isn't used by any device and
should be added as etop driver device tree property if required again.
Jo-Philipp Wich [Tue, 9 Aug 2016 15:23:56 +0000 (17:23 +0200)]
ath25: fix duplicate LZMA compression
The conversion to the new image building code accidentally caused the kernel
image to get compressed twice, leading to boot failures when kernel and rootfs
are flashed separately.
The sysupgrade images have been unaffected by this. Also restore the elf
kernel build artifact while we're at it.
Jonas Gorski [Mon, 8 Aug 2016 09:27:04 +0000 (11:27 +0200)]
ramips: switch from 24kec to 24kc
Since the only difference between 24Kec and 24Kc is the addition of DSP
ASE support, and we don't use it anymore, there is no need to keep 24Kec
as a separate cpu type.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Petko Bordjukov [Sun, 7 Aug 2016 20:45:33 +0000 (23:45 +0300)]
mac80211: Update the regdb to master-2016-06-10
Changes include:
* Higher maximum transmit power in the 5170-5250 band of the BG
regdomain
* Introduction of the CU regdomain
* Introduction of the 5725-5875 band (short-range devices) in the DE
regdomain
* Introduction of 60 GHz channels 1-4 in the KR regdomain
* Introduction of the 5725-5875 band (short-range devices) in the NL
regdomain
Mathias Kresin [Tue, 2 Aug 2016 20:29:31 +0000 (22:29 +0200)]
sysupgrade: unmount filesystems before reboot
sysupgrade immediately reboots after flashing an image and doesn't
allow to unmount filesystems. At least in case the image used for
sysupgrade is stored on a FAT formatted usb flash drive, the following
warning is printed during the next mount of the flash drive:
FAT-fs (sda1): Volume was not properly unmounted. Some data may be
corrupt. Please run fsck.
Although a data corruption during read operations is unlikely, there is
no need to scare the users.
Daniel Golle [Tue, 2 Aug 2016 13:38:46 +0000 (15:38 +0200)]
base-files: remove dead code
/etc/init.d/boot tried to create /dev/root based on the kernel's
cmdline which won't work on any recent targets. Remove that code now
that fstools can detect the mounted rootfs based on
/proc/self/mountinfo and /dev/root was long gone anyway.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Felix Fietkau [Wed, 3 Aug 2016 14:38:04 +0000 (16:38 +0200)]
kernel: remove switch driver kmod packages
Targets that need switch drivers should select them in their kernel
config. This prevents some bloat from creeping into targets that don't
need switchdev/dsa
CPU frequency scaling enables the operating system to scale the CPU
frequency up or down in order to save power. CPU frequencies can be
scaled automatically depending on the system load, in response to ACPI
events, or manually by userspace programs.
Add a new "checksum" make target which generates an sha256sums file over the
image files produced in bin/targets/ and automatically call it during make
world after the package index generation.
The advantage of this new target is that it is guaranteed to run after the
images, the SDK and the ImageBuilder archives have been generated to ensure
that they all end up in the checksum file. Fixes FS#51.
Uses sed to postprocess the OpenSSL digest output into an sha256sum command
compatible format.
Change the image build code to generate the DTB files as part of the kernel
build phase in order to fix the image build in the ImageBuilder environment.
Felix Fietkau [Mon, 1 Aug 2016 12:52:13 +0000 (14:52 +0200)]
base-files: increase vm.min_free_kbytes
Network drivers typically allocate memory in atomic context. For that to
be reliable, there needs to be enough free memory. Set the value
heuristically based on the total amount of system RAM.
projects / thirdparty / openwrt.git / log
