Commit graph

35105 commits

Author SHA1 Message Date
Dirk Neukirchen
6aebc6b16b curl: update to 7.49
fixes:
 CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL

- remove crypto auth compile fix
curl changelog of 7.46 states its fixed

- fix mbedtls and cyassl usability #19621 :
add path to certificate file (from Mozilla via curl) and
provide this in a new package

tested on ar71xx w. curl/mbedtls/wolfssl

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-05-19 16:56:34 +02:00
Felix Fietkau
9d37095fd0 ar71xx: fix a remaining unaligned access issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-19 16:56:34 +02:00
Felix Fietkau
934daa7b50 kirkwood: move ubi/ubifs options to the image makefile
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-19 15:18:12 +02:00
Felix Fietkau
311faaa1bd lantiq: move ubi/ubifs options to the image makefile
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-19 15:13:29 +02:00
Dirk Neukirchen
f2220bc1fe perf: disable libcrypto dependency
upstream change: 8ee4646038e47d065d35703e3e343136c4cd42aa
fixes dependency w. Kernel 4.6

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-05-19 14:12:11 +02:00
Kevin Darbyshire-Bryant
7938e8d60a dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time
conditionally save dnsmasq.time across sysupgrade
dnsmasq uses /etc/dnsmasq.time as record of the last known good
system time to aid its validation of dnssec timestamps.  dnsmasq
updates the timestamp on process start/stop once it considers the system
time as valid. The timestamp file should be preserved across system
upgrade but should not be included as part of normal configuration
backups to prevent restores corrupting the current timestamp.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-05-19 10:28:18 +02:00
Kevin Darbyshire-Bryant
2b1556d3e0 base-files: sysfixtime exclude dnsmasq.time
dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps.  By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the
last time that dnsmasq considered current even though that time is in
the past.  Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.

In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of LEDE shutdown/reboot.

Either way, including /etc/dnsmasq.time as a time source for
sysfixtime is not helpful.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-05-19 10:28:18 +02:00
Jo-Philipp Wich
85a59127a7 Revert "dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time"
This reverts commit d830cb0882.

Reverting this commit due to a missing Signed-off-by.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-19 10:28:17 +02:00
Jo-Philipp Wich
21f460e0c1 Revert "base-files: sysfixtime exclude dnsmasq.time"
This reverts commit 382779e009.

Reverting this commit due to a missing Signed-off-by.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-19 10:28:11 +02:00
Daniel Dickinson
9fd8e55132 imagebuilder: Fix sorting package list breaks opkg dependency handling for provides
When imagebuild sorts package lists it breaks opkg's ability to realize
that a providers for a Provides has already been installed, when the sort
results in the provider being later in the list of packages that a package
which depends on a Provides (and hence the provider is not yet installed
for opkg to realize the provider was available doesn't not handle the case
of a package that is to be installed satisfying a dependency, only one that
is already installed (or which it schedules to be installed, which in the
absence of an installed provider is whichever provider happens to be the
default)

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-05-18 23:53:01 +02:00
Kevin Darbyshire-Bryant
d830cb0882 dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time
conditionally save dnsmasq.time across sysupgrade
dnsmasq uses /etc/dnsmasq.time as record of the last known good
system time to aid its validation of dnssec timestamps.  dnsmasq
updates the timestamp on process start/stop once it considers the system
time as valid. The timestamp file should be preserved across system
upgrade but should not be included as part of normal configuration
backups to prevent restores corrupting the current timestamp.
2016-05-18 22:17:33 +02:00
Kevin Darbyshire-Bryant
382779e009 base-files: sysfixtime exclude dnsmasq.time
dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps.  By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the
last time that dnsmasq considered current even though that time is in
the past.  Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.

In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of LEDE shutdown/reboot.

Either way, including /etc/dnsmasq.time as a time source for
sysfixtime is not helpful.
2016-05-18 22:17:33 +02:00
Daniel Dickinson
c19b7aaac5 script/symlink-tree.sh: Fix missing config dir
Apparently symlink-tree has not been used in quite some time as it
fails to symlink the always required config dir

Also, if we pulled from git but .git is missing we get
many error messages on the symlinked tree without this
patch (which symlinks .git, if present)

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-05-18 22:17:28 +02:00
Daniel Dickinson
3e08637e87 mdadm: Fix missing conffile and add initscript
Start arrays on boot, stop them on shutdown, and enable
monitoring to syslog.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-05-18 22:17:28 +02:00
Daniel Dickinson
3015af9647 ca-certificates: Add certificate bundle package
Some SSL applications requires a certificates bundle rather
than a directory containing certificates.  For thos applications
we build the ca-bundle package

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-05-18 22:17:28 +02:00
Daniel Dickinson
83049ed944 kernel: Build it87 hardware monitor module
Add packaging of it87 hardware monitor kernel module.  It is
a common thermal and voltage monitor that is in many x86
(at least) devices, and is just another i2c hwmon module.

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-05-18 22:17:28 +02:00
Álvaro Fernández Rojas
638d509817 ramips: fix pinctrl regression
This regression was introduced in commit 9195d8da.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-05-18 22:08:39 +02:00
Álvaro Fernández Rojas
29db5cae43 ramips: fix spidev generic nodes
Use linux,spidev compatible string.
Move MZK-DP150N spidev to spi1 node.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-05-18 22:08:39 +02:00
Felix Fietkau
98204836a4 ar71xx: fix register address calculation for DDR flushing
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-18 18:06:50 +02:00
Álvaro Fernández Rojas
021c893658 ramips: fix size-cells on spi nodes
size-cells should be 0 in order to avoid dummy values in reg properties.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-05-18 16:57:39 +02:00
Felix Fietkau
b8a129638e kernel: add back the macronix software protection disable patch
It was accidentally left out when 4.4 support was added

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-18 15:22:26 +02:00
Helmut Schaa
21b04c623e ath9k: Fix TX99 support
The patch 300-ath9k-force-rx_clear-when-disabling-rx.patch broke TX99 support
in ath9k. Fix the patch by only applying rx_clear if TX99 mode is not used.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2016-05-18 15:00:02 +02:00
Helmut Schaa
262cec2fb8 mac80211: Allow selection of TX99 support in ath9k
Add a new config option to enable TX99 support in ath9k.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2016-05-18 14:59:41 +02:00
Rafał Miłecki
01714243b9 bcm53xx: drop Copyright header from two of my bash scripts
Both scripts modified by this patch were added by me. First of all I
incorrectly added OpenWrt as Copyright holder. It was wrong because:
1) I simply can't transfer my moral rights according to the Polish law
2) Transfering copyrights (economic rights) requires an agreement which
   I didn't sign with OpenWrt(.org).
Other than that I don't find these trivial scripts important enough to
put info about *my* copyrights in a header so this patch just drops them
completely.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-05-18 08:35:00 +02:00
John Crispin
2a6b899589 ramips: fix 8M WT3020 image creation
fix image size for 8M version : 4M -> 8M

Signed-off-by: Gerhard Bertelsmann <info@gerhard-bertelsmann.de>
2016-05-16 20:59:06 +02:00
Daniel Golle
055d8d9c61 oxnas: move target-specific modules into target's modules.mk
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-05-17 17:26:05 +02:00
Felix Fietkau
17de501daa kernel: backport patches for fq_codel queue memory limit support
Use it to replace the reduction in max packets/flows

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-16 19:54:50 +02:00
Felix Fietkau
7bd10f9a2a image.mk: remove obsolete squashfs-lzma code
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-16 19:53:07 +02:00
Felix Fietkau
40f08abecf ar71xx: fix typo in pci memory window initialization fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-16 19:52:42 +02:00
Daniel Golle
70eb03469f oxnas: reorganize image build code and nuke profiles
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-05-16 18:00:34 +02:00
Daniel Golle
449aba4fe8 modules: hwmon: package driver for INA209 power monitor
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-05-16 18:00:34 +02:00
Daniel Golle
910d9ba454 modules: hwmon: package driver for LTC4151 current sensor
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-05-16 18:00:34 +02:00
Daniel Golle
2aa818a0bb kernel: add missing symbol
Add missing symbol When building kernel with profiling enabled and ARM
or ARM64 targets.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-05-16 18:00:34 +02:00
Jo-Philipp Wich
23a1fa07db libusb: disable parallel building
The libusb package is not parallel build save, a make -j16 reliably breaks it.
Forcibly disable parallel building.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-16 17:17:12 +02:00
Jo-Philipp Wich
d4e552ba16 kernel: fix yaffs2 build with kernel 4.4
Fix YAFFS2 build after upstream nd_set_link() removal by importing
http://permalink.gmane.org/gmane.linux.embedded.yocto.linux-yocto/4373

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-16 15:49:25 +02:00
Cezary Jackiewicz
5521651863 ar71xx: typo in jjplus profile
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
2016-05-16 11:25:28 +02:00
Felix Fietkau
470442ea0f build: fix make download in the SDK
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-16 11:20:26 +02:00
Felix Fietkau
34b05087f7 mac80211: fix a module build/dependency issue that was breaking lib80211
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-16 10:52:24 +02:00
John Crispin
474d62e31d fstools: update to latest git HEAD
the recent fixes to make mount_root work during failsafe caused lots of
unwanted side effects. use the new preinit sentinel file to detect if
we are in preinit. this will also work if logged in via ssh.

Signed-off-by: John Crispin <john@phrozen.org>
2016-05-15 16:32:02 +02:00
John Crispin
94cc41632e procd: update to latest git HEAD
make procd create a sentinel file during preinit

Signed-off-by: John Crispin <john@phrozen.org>
2016-05-15 16:31:18 +02:00
John Crispin
1d9c0b2409 ramips: fix ArcherC20i image creation - 3rd try
Signed-off-by: John Crispin <john@phrozen.org>
2016-05-15 11:59:43 +02:00
Felix Fietkau
acd7a34494 kernel: enable CONFIG_PANIC_ON_OOPS by default
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 21:28:41 +02:00
Felix Fietkau
2ecf3af576 kernel: set CONFIG_PANIC_TIMEOUT by default
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 21:28:41 +02:00
Felix Fietkau
f4c4d501e4 build: remove profile kernel/build system config override support
It has been unused for years

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 20:55:40 +02:00
Felix Fietkau
7a67b0e362 ar71xx: update to linux 4.4
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 20:55:39 +02:00
Felix Fietkau
9c556fe73e ar71xx: register the gpio driver earlier
This allows gpio requests from mach files to succeed.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 20:55:39 +02:00
Felix Fietkau
313474e693 ar71xx: fix a PCI initialization issue in Linux 4.4
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 20:55:39 +02:00
Felix Fietkau
5b34dffcbd ar71xx: fix DDR write buffer flushing issues with 4.4
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 20:55:39 +02:00
Felix Fietkau
e30608b736 iw: refresh patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 20:55:39 +02:00
Felix Fietkau
df93d53a4b mac80211: update to wireless-testing 2016-05-12
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 20:55:39 +02:00