From 12a8f2a3d95003329a86bf898f9b999ff7225d29 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Thu, 31 Aug 2017 08:42:03 +0200 Subject: [PATCH 01/38] CC: dropbear: bump to 2015.68 Signed-off-by: Steven Barth --- package/network/services/dropbear/Makefile | 4 ++-- .../network/services/dropbear/patches/100-pubkey_path.patch | 4 ++-- .../network/services/dropbear/patches/110-change_user.patch | 2 +- .../services/dropbear/patches/120-openwrt_options.patch | 6 +++--- .../services/dropbear/patches/140-disable_assert.patch | 2 +- .../dropbear/patches/150-dbconvert_standalone.patch | 4 ++-- .../services/dropbear/patches/500-set-default-path.patch | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 35958d332c..8988e0db12 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2015.67 +PKG_VERSION:=2015.68 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ http://matt.ucc.asn.au/dropbear/releases/ \ https://dropbear.nl/mirror/releases/ -PKG_MD5SUM:=e967e320344cd4bfebe321e3ab8514d6 +PKG_MD5SUM:=7664ac10f7cc2301c530eb80c756fc5d PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch b/package/network/services/dropbear/patches/100-pubkey_path.patch index 456874b730..41fdc1adab 100644 --- a/package/network/services/dropbear/patches/100-pubkey_path.patch +++ b/package/network/services/dropbear/patches/100-pubkey_path.patch @@ -1,6 +1,6 @@ --- a/svr-authpubkey.c +++ b/svr-authpubkey.c -@@ -208,17 +208,21 @@ static int checkpubkey(unsigned char* al +@@ -218,17 +218,21 @@ static int checkpubkey(char* algo, unsig goto out; } @@ -33,7 +33,7 @@ if (authfile == NULL) { goto out; } -@@ -371,26 +375,35 @@ static int checkpubkeyperms() { +@@ -381,26 +385,35 @@ static int checkpubkeyperms() { goto out; } diff --git a/package/network/services/dropbear/patches/110-change_user.patch b/package/network/services/dropbear/patches/110-change_user.patch index 7982af6315..4b5c1cb51b 100644 --- a/package/network/services/dropbear/patches/110-change_user.patch +++ b/package/network/services/dropbear/patches/110-change_user.patch @@ -1,6 +1,6 @@ --- a/svr-chansession.c +++ b/svr-chansession.c -@@ -920,12 +920,12 @@ static void execchild(void *user_data) { +@@ -922,12 +922,12 @@ static void execchild(void *user_data) { /* We can only change uid/gid as root ... */ if (getuid() == 0) { diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index 48dae73b1f..f3931b0ccc 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -18,7 +18,7 @@ /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */ #define ENABLE_USER_ALGO_LIST -@@ -126,9 +126,9 @@ much traffic. */ +@@ -131,9 +131,9 @@ If you test it please contact the Dropbe * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, * which are not the standard form. */ #define DROPBEAR_SHA1_HMAC @@ -31,7 +31,7 @@ #define DROPBEAR_MD5_HMAC /* You can also disable integrity. Don't bother disabling this if you're -@@ -184,7 +184,7 @@ much traffic. */ +@@ -189,7 +189,7 @@ If you test it please contact the Dropbe /* Whether to print the message of the day (MOTD). This doesn't add much code * size */ @@ -40,7 +40,7 @@ /* The MOTD file path */ #ifndef MOTD_FILENAME -@@ -226,7 +226,7 @@ much traffic. */ +@@ -231,7 +231,7 @@ Homedir is prepended unless path begins * note that it will be provided for all "hidden" client-interactive * style prompts - if you want something more sophisticated, use * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ diff --git a/package/network/services/dropbear/patches/140-disable_assert.patch b/package/network/services/dropbear/patches/140-disable_assert.patch index 0717228ef3..667d69cb38 100644 --- a/package/network/services/dropbear/patches/140-disable_assert.patch +++ b/package/network/services/dropbear/patches/140-disable_assert.patch @@ -1,6 +1,6 @@ --- a/dbutil.h +++ b/dbutil.h -@@ -101,7 +101,11 @@ int m_str_to_uint(const char* str, unsig +@@ -88,7 +88,11 @@ int m_str_to_uint(const char* str, unsig #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} /* Dropbear assertion */ diff --git a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch index 367dc2c681..ccc2cb7925 100644 --- a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch +++ b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch @@ -1,8 +1,8 @@ --- a/options.h +++ b/options.h @@ -5,6 +5,11 @@ - #ifndef _OPTIONS_H_ - #define _OPTIONS_H_ + #ifndef DROPBEAR_OPTIONS_H_ + #define DROPBEAR_OPTIONS_H_ +#if !defined(DROPBEAR_CLIENT) && !defined(DROPBEAR_SERVER) +#define DROPBEAR_SERVER diff --git a/package/network/services/dropbear/patches/500-set-default-path.patch b/package/network/services/dropbear/patches/500-set-default-path.patch index e2add9415f..f6880ef77d 100644 --- a/package/network/services/dropbear/patches/500-set-default-path.patch +++ b/package/network/services/dropbear/patches/500-set-default-path.patch @@ -1,6 +1,6 @@ --- a/options.h +++ b/options.h -@@ -336,7 +336,7 @@ be overridden at runtime with -I. 0 disa +@@ -341,7 +341,7 @@ be overridden at runtime with -I. 0 disa #define DEFAULT_IDLE_TIMEOUT 0 /* The default path. This will often get replaced by the shell */ From bff2da1713ba42f29a700f496b533b2d766c77b5 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Thu, 31 Aug 2017 08:43:09 +0200 Subject: [PATCH 02/38] CC: dropbear: Disable telnet in favor of passwordless SSH This enables passworldless login for root via SSH whenever no root password is set (e.g. after reset, flashing without keeping config or in failsafe) and removes telnet support alltogether. Signed-off-by: Steven Barth --- package/base-files/files/bin/login.sh | 3 +- .../files/lib/preinit/99_10_failsafe_login | 5 ++- package/network/services/dropbear/Makefile | 2 +- .../patches/120-openwrt_options.patch | 11 ++++++ .../600-allow-blank-root-password.patch | 11 ++++++ ...610-skip-default-keys-in-custom-runs.patch | 18 +++++++++ package/utils/busybox/Config-defaults.in | 8 ++-- package/utils/busybox/Makefile | 1 - package/utils/busybox/files/telnet | 38 ------------------- 9 files changed, 49 insertions(+), 48 deletions(-) create mode 100644 package/network/services/dropbear/patches/600-allow-blank-root-password.patch create mode 100644 package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch delete mode 100755 package/utils/busybox/files/telnet diff --git a/package/base-files/files/bin/login.sh b/package/base-files/files/bin/login.sh index 25627b66b2..754d290857 100755 --- a/package/base-files/files/bin/login.sh +++ b/package/base-files/files/bin/login.sh @@ -10,8 +10,7 @@ then else cat << EOF === IMPORTANT ============================ - Use 'passwd' to set your login password - this will disable telnet and enable SSH + Use 'passwd' to set your login password! ------------------------------------------ EOF fi diff --git a/package/base-files/files/lib/preinit/99_10_failsafe_login b/package/base-files/files/lib/preinit/99_10_failsafe_login index 15dcbd884f..b12e31702a 100644 --- a/package/base-files/files/lib/preinit/99_10_failsafe_login +++ b/package/base-files/files/lib/preinit/99_10_failsafe_login @@ -1,9 +1,10 @@ #!/bin/sh -# Copyright (C) 2006 OpenWrt.org +# Copyright (C) 2006-2015 OpenWrt.org # Copyright (C) 2010 Vertical Communications failsafe_netlogin () { - telnetd -l /bin/login.sh <> /dev/null 2>&1 + dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key + dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1 } failsafe_shell() { diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 8988e0db12..f140f36dcc 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear PKG_VERSION:=2015.68 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index f3931b0ccc..805a0964ab 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -18,6 +18,17 @@ /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */ #define ENABLE_USER_ALGO_LIST +@@ -95,8 +95,8 @@ much traffic. */ + #define DROPBEAR_AES256 + /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ + /*#define DROPBEAR_BLOWFISH*/ +-#define DROPBEAR_TWOFISH256 +-#define DROPBEAR_TWOFISH128 ++/*#define DROPBEAR_TWOFISH256*/ ++/*#define DROPBEAR_TWOFISH128*/ + + /* Enable CBC mode for ciphers. This has security issues though + * is the most compatible with older SSH implementations */ @@ -131,9 +131,9 @@ If you test it please contact the Dropbe * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, * which are not the standard form. */ diff --git a/package/network/services/dropbear/patches/600-allow-blank-root-password.patch b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch new file mode 100644 index 0000000000..7c67b086bb --- /dev/null +++ b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch @@ -0,0 +1,11 @@ +--- a/svr-auth.c ++++ b/svr-auth.c +@@ -149,7 +149,7 @@ void recv_msg_userauth_request() { + AUTH_METHOD_NONE_LEN) == 0) { + TRACE(("recv_msg_userauth_request: 'none' request")) + if (valid_user +- && svr_opts.allowblankpass ++ && (svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root")) + && !svr_opts.noauthpass + && !(svr_opts.norootpass && ses.authstate.pw_uid == 0) + && ses.authstate.pw_passwd[0] == '\0') diff --git a/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch new file mode 100644 index 0000000000..ee6d273344 --- /dev/null +++ b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch @@ -0,0 +1,18 @@ +--- a/svr-runopts.c ++++ b/svr-runopts.c +@@ -475,6 +475,7 @@ void load_all_hostkeys() { + m_free(hostkey_file); + } + ++ if (svr_opts.num_hostkey_files <= 0) { + #ifdef DROPBEAR_RSA + loadhostkey(RSA_PRIV_FILENAME, 0); + #endif +@@ -486,6 +487,7 @@ void load_all_hostkeys() { + #ifdef DROPBEAR_ECDSA + loadhostkey(ECDSA_PRIV_FILENAME, 0); + #endif ++ } + + #ifdef DROPBEAR_DELAY_HOSTKEY + if (svr_opts.delay_hostkey) { diff --git a/package/utils/busybox/Config-defaults.in b/package/utils/busybox/Config-defaults.in index 7b4cd99a5d..d961bfaaee 100644 --- a/package/utils/busybox/Config-defaults.in +++ b/package/utils/busybox/Config-defaults.in @@ -2187,19 +2187,19 @@ config BUSYBOX_DEFAULT_TCPSVD default n config BUSYBOX_DEFAULT_TELNET bool - default y + default n config BUSYBOX_DEFAULT_FEATURE_TELNET_TTYPE bool - default y + default n config BUSYBOX_DEFAULT_FEATURE_TELNET_AUTOLOGIN bool default n config BUSYBOX_DEFAULT_TELNETD bool - default y + default n config BUSYBOX_DEFAULT_FEATURE_TELNETD_STANDALONE bool - default y + default n config BUSYBOX_DEFAULT_FEATURE_TELNETD_INETD_WAIT bool default n diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile index 9571d48bec..a65f44f8fe 100644 --- a/package/utils/busybox/Makefile +++ b/package/utils/busybox/Makefile @@ -110,7 +110,6 @@ define Package/busybox/install $(INSTALL_DIR) $(1)/etc/init.d $(CP) $(PKG_INSTALL_DIR)/* $(1)/ $(INSTALL_BIN) ./files/cron $(1)/etc/init.d/cron - $(INSTALL_BIN) ./files/telnet $(1)/etc/init.d/telnet $(INSTALL_BIN) ./files/sysntpd $(1)/etc/init.d/sysntpd $(INSTALL_BIN) ./files/ntpd-hotplug $(1)/usr/sbin/ntpd-hotplug -rm -rf $(1)/lib64 diff --git a/package/utils/busybox/files/telnet b/package/utils/busybox/files/telnet deleted file mode 100755 index a1d1cdf9b1..0000000000 --- a/package/utils/busybox/files/telnet +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh /etc/rc.common -# Copyright (C) 2006-2011 OpenWrt.org - -START=50 - -USE_PROCD=1 -PROG=/usr/sbin/telnetd - -has_root_pwd() { - local pwd=$([ -f "$1" ] && cat "$1") - pwd="${pwd#*root:}" - pwd="${pwd%%:*}" - - test -n "${pwd#[\!x]}" -} - -get_root_home() { - local homedir=$([ -f "$1" ] && cat "$1") - homedir="${homedir#*:*:0:0:*:}" - - echo "${homedir%%:*}" -} - -has_ssh_pubkey() { - ( /etc/init.d/dropbear enabled 2> /dev/null && grep -qs "^ssh-" /etc/dropbear/authorized_keys ) || \ - ( /etc/init.d/sshd enabled 2> /dev/null && grep -qs "^ssh-" "$(get_root_home /etc/passwd)"/.ssh/authorized_keys ) -} - -start_service() { - if ( ! has_ssh_pubkey && \ - ! has_root_pwd /etc/passwd && ! has_root_pwd /etc/shadow ) || \ - ( ! /etc/init.d/dropbear enabled 2> /dev/null && ! /etc/init.d/sshd enabled 2> /dev/null ); - then - procd_open_instance - procd_set_param command "$PROG" -F -l /bin/login.sh - procd_close_instance - fi -} From 9f83a0114e471862b7e1f1a5cd8fecfeaa299bc8 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Thu, 31 Aug 2017 08:43:58 +0200 Subject: [PATCH 03/38] dropbear: disable 3des, cbc mode, dss support, saves about 5k gzipped While technically required by the RFC, they are usually completely unused (DSA), or have security issues (3DES, CBC) Signed-off-by: Felix Fietkau --- .../patches/120-openwrt_options.patch | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index 805a0964ab..87118ef4ba 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -18,7 +18,12 @@ /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */ #define ENABLE_USER_ALGO_LIST -@@ -95,8 +95,8 @@ much traffic. */ +@@ -91,16 +91,16 @@ much traffic. */ + * Including multiple keysize variants the same cipher + * (eg AES256 as well as AES128) will result in a minimal size increase.*/ + #define DROPBEAR_AES128 +-#define DROPBEAR_3DES ++/*#define DROPBEAR_3DES*/ #define DROPBEAR_AES256 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ /*#define DROPBEAR_BLOWFISH*/ @@ -29,6 +34,11 @@ /* Enable CBC mode for ciphers. This has security issues though * is the most compatible with older SSH implementations */ +-#define DROPBEAR_ENABLE_CBC_MODE ++/*#define DROPBEAR_ENABLE_CBC_MODE*/ + + /* Enable "Counter Mode" for ciphers. This is more secure than normal + * CBC mode against certain attacks. It is recommended for security @@ -131,9 +131,9 @@ If you test it please contact the Dropbe * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, * which are not the standard form. */ @@ -42,6 +52,15 @@ #define DROPBEAR_MD5_HMAC /* You can also disable integrity. Don't bother disabling this if you're +@@ -146,7 +146,7 @@ If you test it please contact the Dropbe + * Removing either of these won't save very much space. + * SSH2 RFC Draft requires dss, recommends rsa */ + #define DROPBEAR_RSA +-#define DROPBEAR_DSS ++/*#define DROPBEAR_DSS*/ + /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC + * code (either ECDSA or ECDH) increases binary size - around 30kB + * on x86-64 */ @@ -189,7 +189,7 @@ If you test it please contact the Dropbe /* Whether to print the message of the day (MOTD). This doesn't add much code From 180384c0a6b20e21a47626ddd295db8182fa8a3c Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Thu, 31 Aug 2017 08:44:40 +0200 Subject: [PATCH 04/38] CC: dropbear: remove generation and configuration of DSS keys Signed-off-by: Steven Barth --- package/network/services/dropbear/Makefile | 4 +--- package/network/services/dropbear/files/dropbear.init | 9 +++------ 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index f140f36dcc..4515165ad4 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear PKG_VERSION:=2015.68 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ @@ -48,7 +48,6 @@ endef define Package/dropbear/conffiles /etc/dropbear/dropbear_rsa_host_key -/etc/dropbear/dropbear_dss_host_key /etc/config/dropbear endef @@ -118,7 +117,6 @@ define Package/dropbear/install $(INSTALL_DIR) $(1)/usr/lib/opkg/info $(INSTALL_DIR) $(1)/etc/dropbear touch $(1)/etc/dropbear/dropbear_rsa_host_key - touch $(1)/etc/dropbear/dropbear_dss_host_key endef define Package/dropbearconvert/install diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init index 6de0142728..01d88afd17 100755 --- a/package/network/services/dropbear/files/dropbear.init +++ b/package/network/services/dropbear/files/dropbear.init @@ -37,7 +37,6 @@ validate_section_dropbear() 'RootPasswordAuth:bool:1' \ 'RootLogin:bool:1' \ 'rsakeyfile:file' \ - 'dsskeyfile:file' \ 'BannerFile:file' \ 'Port:list(port):22' \ 'SSHKeepAlive:uinteger:300' \ @@ -49,7 +48,7 @@ dropbear_instance() { local PasswordAuth enable Interface GatewayPorts \ RootPasswordAuth RootLogin rsakeyfile \ - dsskeyfile BannerFile Port SSHKeepAlive IdleTimeout \ + BannerFile Port SSHKeepAlive IdleTimeout \ mdns ipaddrs validate_section_dropbear "${1}" || { @@ -75,7 +74,6 @@ dropbear_instance() [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g [ "${RootLogin}" -eq 0 ] && procd_append_param command -w [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}" - [ -n "${dsskeyfile}" ] && procd_append_param command -d "${dsskeyfile}" [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}" append_ports "${ipaddrs}" "${Port}" [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}" @@ -86,7 +84,7 @@ dropbear_instance() keygen() { - for keytype in rsa dss; do + for keytype in rsa; do # check for keys key=dropbear/dropbear_${keytype}_host_key [ -f /tmp/$key -o -s /etc/$key ] || { @@ -109,8 +107,7 @@ keygen() start_service() { - [ -s /etc/dropbear/dropbear_rsa_host_key -a \ - -s /etc/dropbear/dropbear_dss_host_key ] || keygen + [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen . /lib/functions.sh . /lib/functions/network.sh From cb8e4a76ba4350b15db8aff9af5e995b43858100 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Thu, 31 Aug 2017 08:45:39 +0200 Subject: [PATCH 05/38] CC: dropbear: add respawn param in case dropbear crashes Signed-off-by: Alexandru Ardelean --- package/network/services/dropbear/files/dropbear.init | 1 + 1 file changed, 1 insertion(+) diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init index 01d88afd17..03745c995b 100755 --- a/package/network/services/dropbear/files/dropbear.init +++ b/package/network/services/dropbear/files/dropbear.init @@ -79,6 +79,7 @@ dropbear_instance() [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}" [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}" [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear" + procd_set_param respawn procd_close_instance } From 3e107d670cb029cf24d41229ffb84c9ab59d7e80 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Thu, 31 Aug 2017 08:46:10 +0200 Subject: [PATCH 06/38] CC: dropbear: split out curve25519 support into a separate config option Signed-off-by: Felix Fietkau --- package/network/services/dropbear/Config.in | 12 ++++++++++-- package/network/services/dropbear/Makefile | 11 +++++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in index e2a761034f..19ef71c0b2 100644 --- a/package/network/services/dropbear/Config.in +++ b/package/network/services/dropbear/Config.in @@ -1,6 +1,15 @@ menu "Configuration" depends on PACKAGE_dropbear +config DROPBEAR_CURVE25519 + bool "Curve25519 support" + default n + help + This enables the following key exchange algorithm: + curve25519-sha256@libssh.org + + Increases binary size by about 13 kB uncompressed (MIPS). + config DROPBEAR_ECC bool "Elliptic curve cryptography (ECC)" default n @@ -12,7 +21,6 @@ config DROPBEAR_ECC ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 - curve25519-sha256@libssh.org Public key algorithms: ecdsa-sha2-nistp256 @@ -22,6 +30,6 @@ config DROPBEAR_ECC Does not generate ECC host keys by default (ECC key exchange will not be used, only ECC public key auth). - Increases binary size by about 36 kB (MIPS). + Increases binary size by about 23 kB (MIPS). endmenu diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 4515165ad4..ca67ed3c60 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -23,7 +23,7 @@ PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE PKG_BUILD_PARALLEL:=1 PKG_USE_MIPS16:=0 -PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC +PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_CURVE25519 include $(INCLUDE_DIR)/package.mk @@ -80,9 +80,16 @@ TARGET_LDFLAGS += -Wl,--gc-sections define Build/Configure $(Build/Configure/Default) + awk 'BEGIN { rc = 1 } \ + /'DROPBEAR_CURVE25519'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_CURVE25519),,// )#define 'DROPBEAR_CURVE25519'"; rc = 0 } \ + { print } \ + END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \ + >$(PKG_BUILD_DIR)/options.h.new && \ + mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h + # Enforce that all replacements are made, otherwise options.h has changed # format and this logic is broken. - for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \ + for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH; do \ awk 'BEGIN { rc = 1 } \ /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \ { print } \ From db41bcac696f841ea06726408526795e90dfa3c0 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Thu, 31 Aug 2017 08:46:43 +0200 Subject: [PATCH 07/38] dropbear: enable curve25519 support by default, increases compressed binary size by ~5 kb Signed-off-by: Felix Fietkau --- package/network/services/dropbear/Config.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in index 19ef71c0b2..3316c84e9e 100644 --- a/package/network/services/dropbear/Config.in +++ b/package/network/services/dropbear/Config.in @@ -3,7 +3,7 @@ menu "Configuration" config DROPBEAR_CURVE25519 bool "Curve25519 support" - default n + default y help This enables the following key exchange algorithm: curve25519-sha256@libssh.org From d6cc49c97f46270ac2ec884df95660d29f57fe5f Mon Sep 17 00:00:00 2001 From: Hannu Nyman Date: Thu, 31 Aug 2017 08:47:30 +0200 Subject: [PATCH 08/38] CC: dropbear: update version to 2015.71 Update dropbear to version 2015.71, released on 3 Dec 2015. Refresh patches. Signed-off-by: Hannu Nyman --- package/network/services/dropbear/Makefile | 8 ++++---- .../services/dropbear/patches/120-openwrt_options.patch | 2 +- .../dropbear/patches/130-ssh_ignore_o_and_x_args.patch | 4 ++-- .../services/dropbear/patches/500-set-default-path.patch | 2 +- .../patches/610-skip-default-keys-in-custom-runs.patch | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index ca67ed3c60..65a5e79608 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2014 OpenWrt.org +# Copyright (C) 2006-2016 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2015.68 -PKG_RELEASE:=3 +PKG_VERSION:=2015.71 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ http://matt.ucc.asn.au/dropbear/releases/ \ https://dropbear.nl/mirror/releases/ -PKG_MD5SUM:=7664ac10f7cc2301c530eb80c756fc5d +PKG_MD5SUM:=2ccc0a2f3e37ca221db12c5af6a88137 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index 87118ef4ba..f020208090 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -70,7 +70,7 @@ /* The MOTD file path */ #ifndef MOTD_FILENAME -@@ -231,7 +231,7 @@ Homedir is prepended unless path begins +@@ -237,7 +237,7 @@ Homedir is prepended unless path begins * note that it will be provided for all "hidden" client-interactive * style prompts - if you want something more sophisticated, use * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ diff --git a/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch b/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch index edb29093ae..bf1641b8bf 100644 --- a/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch +++ b/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch @@ -1,6 +1,6 @@ --- a/cli-runopts.c +++ b/cli-runopts.c -@@ -315,6 +315,10 @@ void cli_getopts(int argc, char ** argv) +@@ -284,6 +284,10 @@ void cli_getopts(int argc, char ** argv) debug_trace = 1; break; #endif @@ -11,7 +11,7 @@ case 'F': case 'e': #ifndef ENABLE_USER_ALGO_LIST -@@ -332,7 +336,6 @@ void cli_getopts(int argc, char ** argv) +@@ -301,7 +305,6 @@ void cli_getopts(int argc, char ** argv) print_version(); exit(EXIT_SUCCESS); break; diff --git a/package/network/services/dropbear/patches/500-set-default-path.patch b/package/network/services/dropbear/patches/500-set-default-path.patch index f6880ef77d..648c391ced 100644 --- a/package/network/services/dropbear/patches/500-set-default-path.patch +++ b/package/network/services/dropbear/patches/500-set-default-path.patch @@ -1,6 +1,6 @@ --- a/options.h +++ b/options.h -@@ -341,7 +341,7 @@ be overridden at runtime with -I. 0 disa +@@ -347,7 +347,7 @@ be overridden at runtime with -I. 0 disa #define DEFAULT_IDLE_TIMEOUT 0 /* The default path. This will often get replaced by the shell */ diff --git a/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch index ee6d273344..f6453a4626 100644 --- a/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch +++ b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch @@ -1,6 +1,6 @@ --- a/svr-runopts.c +++ b/svr-runopts.c -@@ -475,6 +475,7 @@ void load_all_hostkeys() { +@@ -488,6 +488,7 @@ void load_all_hostkeys() { m_free(hostkey_file); } @@ -8,7 +8,7 @@ #ifdef DROPBEAR_RSA loadhostkey(RSA_PRIV_FILENAME, 0); #endif -@@ -486,6 +487,7 @@ void load_all_hostkeys() { +@@ -499,6 +500,7 @@ void load_all_hostkeys() { #ifdef DROPBEAR_ECDSA loadhostkey(ECDSA_PRIV_FILENAME, 0); #endif From 7966cf2265aa7454f62bae21381a83fad0a9ca40 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 31 Aug 2017 08:48:55 +0200 Subject: [PATCH 09/38] dropbear: honor CONFIG_TARGET_INIT_PATH Signed-off-by: Jo-Philipp Wich --- package/network/services/dropbear/Makefile | 16 +++++++++++++--- .../dropbear/patches/500-set-default-path.patch | 7 ++++--- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 65a5e79608..39ab04bb54 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear PKG_VERSION:=2015.71 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ @@ -23,10 +23,14 @@ PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE PKG_BUILD_PARALLEL:=1 PKG_USE_MIPS16:=0 -PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_CURVE25519 +PKG_CONFIG_DEPENDS:=CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_CURVE25519 include $(INCLUDE_DIR)/package.mk +ifneq ($(DUMP),1) + STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell $(SH_FUNC) echo $(CONFIG_TARGET_INIT_PATH) | md5s) +endif + define Package/dropbear/Default URL:=http://matt.ucc.asn.au/dropbear/ endef @@ -74,12 +78,15 @@ CONFIGURE_ARGS += \ --disable-zlib \ --enable-bundled-libtom -TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections +TARGET_CFLAGS += -DDEFAULT_PATH=\\\"$(TARGET_INIT_PATH)\\\" -DARGTYPE=3 -ffunction-sections -fdata-sections TARGET_LDFLAGS += -Wl,--gc-sections define Build/Configure $(Build/Configure/Default) + $(SED) 's,^#define DEFAULT_PATH .*$$$$,#define DEFAULT_PATH "$(TARGET_INIT_PATH)",g' \ + $(PKG_BUILD_DIR)/options.h + awk 'BEGIN { rc = 1 } \ /'DROPBEAR_CURVE25519'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_CURVE25519),,// )#define 'DROPBEAR_CURVE25519'"; rc = 0 } \ { print } \ @@ -97,6 +104,9 @@ define Build/Configure >$(PKG_BUILD_DIR)/options.h.new && \ mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \ done + + # Enforce rebuild of svr-chansession.c + rm -f $(PKG_BUILD_DIR)/svr-chansession.o endef define Build/Compile diff --git a/package/network/services/dropbear/patches/500-set-default-path.patch b/package/network/services/dropbear/patches/500-set-default-path.patch index 648c391ced..3f65250a97 100644 --- a/package/network/services/dropbear/patches/500-set-default-path.patch +++ b/package/network/services/dropbear/patches/500-set-default-path.patch @@ -1,11 +1,12 @@ --- a/options.h +++ b/options.h -@@ -347,7 +347,7 @@ be overridden at runtime with -I. 0 disa +@@ -347,7 +347,9 @@ be overridden at runtime with -I. 0 disa #define DEFAULT_IDLE_TIMEOUT 0 /* The default path. This will often get replaced by the shell */ --#define DEFAULT_PATH "/usr/bin:/bin" -+#define DEFAULT_PATH "/bin:/sbin:/usr/bin:/usr/sbin" ++#ifndef DEFAULT_PATH + #define DEFAULT_PATH "/usr/bin:/bin" ++#endif /* Some other defines (that mostly should be left alone) are defined * in sysoptions.h */ From 1b3b93e5da803f1678379a3ebe2e3a0da952e847 Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Thu, 31 Aug 2017 08:49:25 +0200 Subject: [PATCH 10/38] CC: dropbear: Add procd interface triggers when interface config is specified A dropbear instance having an interface config won't start if the interface is down as no IP address is available. Adding interface triggers for each configured interface executing the dropbear reload script will start the dropbear instance when the interface is up. Signed-off-by: Hans Dedecker --- package/network/services/dropbear/Makefile | 2 +- .../services/dropbear/files/dropbear.init | 22 ++++++++++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 39ab04bb54..f48c2b5b2c 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear PKG_VERSION:=2015.71 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init index 03745c995b..5c3345d40c 100755 --- a/package/network/services/dropbear/files/dropbear.init +++ b/package/network/services/dropbear/files/dropbear.init @@ -106,6 +106,12 @@ keygen() chmod 0700 /etc/dropbear } +load_interfaces() +{ + config_get interface "$1" Interface + interfaces=" ${interface} ${interfaces}" +} + start_service() { [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen @@ -119,7 +125,21 @@ start_service() service_triggers() { - procd_add_reload_trigger "dropbear" + local interfaces + + procd_open_trigger + procd_add_config_trigger "config.change" "dropbear" /etc/init.d/dropbear reload + + config_load "${NAME}" + config_foreach load_interfaces dropbear + + [ -n "${interfaces}" ] & { + for n in $interfaces ; do + procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload + done + } + procd_close_trigger + procd_add_validation validate_section_dropbear } From c1413be4935565273fd71e61a30fb78c8a2bd597 Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Thu, 31 Aug 2017 08:50:09 +0200 Subject: [PATCH 11/38] CC: dropbear: Make utmp and putuline support configurable via seperate config options Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox) Putuline support will use the utmp structure to write to the utmp file Signed-off-by: Hans Dedecker --- package/network/services/dropbear/Config.in | 15 +++++++++++++++ package/network/services/dropbear/Makefile | 5 ++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in index 3316c84e9e..7c2edd79f2 100644 --- a/package/network/services/dropbear/Config.in +++ b/package/network/services/dropbear/Config.in @@ -32,4 +32,19 @@ config DROPBEAR_ECC Increases binary size by about 23 kB (MIPS). +config DROPBEAR_UTMP + bool "Utmp support" + default n + depends on BUSYBOX_CONFIG_FEATURE_UTMP + help + This enables dropbear utmp support, the file /var/run/utmp is used to + track who is currently logged in. + +config DROPBEAR_PUTUTLINE + bool "Pututline support" + default n + depends on DROPBEAR_UTMP + help + Dropbear will use pututline() to write the utmp structure into the utmp file. + endmenu diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index f48c2b5b2c..8d4e7bc7fa 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -68,12 +68,11 @@ CONFIGURE_ARGS += \ --enable-syslog \ $(if $(CONFIG_SHADOW_PASSWORDS),,--disable-shadow) \ --disable-lastlog \ - --disable-utmp \ - --disable-utmpx \ + $(if $(CONFIG_DROPBEAR_UTMP),,--disable-utmp) \ --disable-wtmp \ --disable-wtmpx \ --disable-loginfunc \ - --disable-pututline \ + $(if $(CONFIG_DROPBEAR_PUTUTLINE),,--disable-pututline) \ --disable-pututxline \ --disable-zlib \ --enable-bundled-libtom From ca00773e284b0b410c8c41f06e7a5ade57e52459 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 31 Aug 2017 08:51:05 +0200 Subject: [PATCH 12/38] CC: dropbear: update to 2016.73 Update the dropbear package to version 2016.73, refresh patches. The measured .ipk sizes on an x86_64 build are: 94588 dropbear_2015.71-3_x86_64.ipk 95316 dropbear_2016.73-1_x86_64.ipk This is an increase of roughly 700 bytes after compression. Tested-by: Kevin Darbyshire-Bryant Signed-off-by: Jo-Philipp Wich --- package/network/services/dropbear/Makefile | 6 +++--- .../patches/120-openwrt_options.patch | 4 ++-- .../patches/130-ssh_ignore_o_and_x_args.patch | 21 ------------------- .../patches/130-ssh_ignore_x_args.patch | 11 ++++++++++ .../dropbear/patches/140-disable_assert.patch | 2 +- .../patches/500-set-default-path.patch | 2 +- 6 files changed, 18 insertions(+), 28 deletions(-) delete mode 100644 package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch create mode 100644 package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 8d4e7bc7fa..c873611688 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2015.71 -PKG_RELEASE:=3 +PKG_VERSION:=2016.73 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ http://matt.ucc.asn.au/dropbear/releases/ \ https://dropbear.nl/mirror/releases/ -PKG_MD5SUM:=2ccc0a2f3e37ca221db12c5af6a88137 +PKG_MD5SUM:=8d6d78ce60ca52350ec04fcbd711ce9b PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index f020208090..f16aaf001e 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -61,7 +61,7 @@ /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC * code (either ECDSA or ECDH) increases binary size - around 30kB * on x86-64 */ -@@ -189,7 +189,7 @@ If you test it please contact the Dropbe +@@ -194,7 +194,7 @@ If you test it please contact the Dropbe /* Whether to print the message of the day (MOTD). This doesn't add much code * size */ @@ -70,7 +70,7 @@ /* The MOTD file path */ #ifndef MOTD_FILENAME -@@ -237,7 +237,7 @@ Homedir is prepended unless path begins +@@ -242,7 +242,7 @@ Homedir is prepended unless path begins * note that it will be provided for all "hidden" client-interactive * style prompts - if you want something more sophisticated, use * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ diff --git a/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch b/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch deleted file mode 100644 index bf1641b8bf..0000000000 --- a/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- a/cli-runopts.c -+++ b/cli-runopts.c -@@ -284,6 +284,10 @@ void cli_getopts(int argc, char ** argv) - debug_trace = 1; - break; - #endif -+ case 'o': -+ next = &dummy; -+ case 'x': -+ break; - case 'F': - case 'e': - #ifndef ENABLE_USER_ALGO_LIST -@@ -301,7 +305,6 @@ void cli_getopts(int argc, char ** argv) - print_version(); - exit(EXIT_SUCCESS); - break; -- case 'o': - case 'b': - next = &dummy; - default: diff --git a/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch b/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch new file mode 100644 index 0000000000..ab09c2f3dc --- /dev/null +++ b/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch @@ -0,0 +1,11 @@ +--- a/cli-runopts.c ++++ b/cli-runopts.c +@@ -296,6 +296,8 @@ void cli_getopts(int argc, char ** argv) + debug_trace = 1; + break; + #endif ++ case 'x': ++ break; + case 'F': + case 'e': + #ifndef ENABLE_USER_ALGO_LIST diff --git a/package/network/services/dropbear/patches/140-disable_assert.patch b/package/network/services/dropbear/patches/140-disable_assert.patch index 667d69cb38..78b54acfa0 100644 --- a/package/network/services/dropbear/patches/140-disable_assert.patch +++ b/package/network/services/dropbear/patches/140-disable_assert.patch @@ -1,6 +1,6 @@ --- a/dbutil.h +++ b/dbutil.h -@@ -88,7 +88,11 @@ int m_str_to_uint(const char* str, unsig +@@ -78,7 +78,11 @@ int m_str_to_uint(const char* str, unsig #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} /* Dropbear assertion */ diff --git a/package/network/services/dropbear/patches/500-set-default-path.patch b/package/network/services/dropbear/patches/500-set-default-path.patch index 3f65250a97..da6b9ae0ce 100644 --- a/package/network/services/dropbear/patches/500-set-default-path.patch +++ b/package/network/services/dropbear/patches/500-set-default-path.patch @@ -1,6 +1,6 @@ --- a/options.h +++ b/options.h -@@ -347,7 +347,9 @@ be overridden at runtime with -I. 0 disa +@@ -352,7 +352,9 @@ be overridden at runtime with -I. 0 disa #define DEFAULT_IDLE_TIMEOUT 0 /* The default path. This will often get replaced by the shell */ From 815e238ff3d428b15fe399f2a2dac06d26b17c1f Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 31 Aug 2017 08:51:44 +0200 Subject: [PATCH 13/38] CC: dropbear: security update to 2016.74 - Security: Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system (validated by getpwnam()) then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program. - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files - Security: dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts. - Security: dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v The security issues were reported by an anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html Signed-off-by: Jo-Philipp Wich --- package/network/services/dropbear/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index c873611688..8c9b45f486 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2016.73 +PKG_VERSION:=2016.74 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ http://matt.ucc.asn.au/dropbear/releases/ \ https://dropbear.nl/mirror/releases/ -PKG_MD5SUM:=8d6d78ce60ca52350ec04fcbd711ce9b +PKG_MD5SUM:=9ad0172731e0f16623937804643b5bd8 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE From 750dcc755841adb27296ad5e9e405db301c4acc0 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 31 Aug 2017 08:52:10 +0200 Subject: [PATCH 14/38] rules.mk: add TARGET_INIT_PATH toplevel variables Add a new variable TARGET_INIT_PATH which holds the default $PATH variable value configured in menuconfig. Signed-off-by: Jo-Philipp Wich --- rules.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rules.mk b/rules.mk index 9d0134d2b2..b40f6f9a83 100644 --- a/rules.mk +++ b/rules.mk @@ -117,6 +117,8 @@ BUILD_LOG_DIR:=$(TOPDIR)/logs PKG_INFO_DIR := $(STAGING_DIR)/pkginfo TARGET_PATH:=$(subst $(space),:,$(filter-out .,$(filter-out ./,$(subst :,$(space),$(PATH))))) +TARGET_INIT_PATH:=$(call qstrip,$(CONFIG_TARGET_INIT_PATH)) +TARGET_INIT_PATH:=$(if $(TARGET_INIT_PATH),$(TARGET_INIT_PATH),/usr/sbin:/sbin:/usr/bin:/bin) TARGET_CFLAGS:=$(TARGET_OPTIMIZATION)$(if $(CONFIG_DEBUG), -g3) $(EXTRA_OPTIMIZATION) TARGET_CXXFLAGS = $(TARGET_CFLAGS) TARGET_ASFLAGS_DEFAULT = $(TARGET_CFLAGS) From b3b8dacb3cfc558ba30a0aef780e7fba995e47ab Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Thu, 31 Aug 2017 11:09:05 +0200 Subject: [PATCH 15/38] dnsmasq: Bump to dnsmasq2.74 Bump to dnsmasq2.74 & refresh patches to fix fuzz Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 4 ++-- .../patches/100-fix-dhcp-no-address-warning.patch | 6 +++--- .../210-dnssec-improve-timestamp-heuristic.patch | 14 ++++++-------- 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 19a8df9009..9b0ecc518d 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.73 +PKG_VERSION:=2.74 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq -PKG_MD5SUM:=b8bfe96d22945c8cf4466826ba9b21bd +PKG_MD5SUM:=f48cd0fe26a55617a375ffc95b71e3c3 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch index a502a60aee..f5b5ca04ec 100644 --- a/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch +++ b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch @@ -9,7 +9,7 @@ struct iface_param parm; #ifdef HAVE_LINUX_NETWORK struct arpreq arp_req; -@@ -272,11 +272,9 @@ void dhcp_packet(time_t now, int pxe_fd) +@@ -275,11 +275,9 @@ void dhcp_packet(time_t now, int pxe_fd) { ifr.ifr_addr.sa_family = AF_INET; if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 ) @@ -23,7 +23,7 @@ } for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next) -@@ -295,7 +293,7 @@ void dhcp_packet(time_t now, int pxe_fd) +@@ -298,7 +296,7 @@ void dhcp_packet(time_t now, int pxe_fd) parm.relay_local.s_addr = 0; parm.ind = iface_index; @@ -32,7 +32,7 @@ { /* If we failed to match the primary address of the interface, see if we've got a --listen-address for a secondary */ -@@ -315,6 +313,12 @@ void dhcp_packet(time_t now, int pxe_fd) +@@ -318,6 +316,12 @@ void dhcp_packet(time_t now, int pxe_fd) complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm); } diff --git a/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch index 97dfe3bdbf..81fbf185b1 100644 --- a/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch +++ b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch @@ -10,35 +10,33 @@ Signed-off-by: Steven Barth --- a/src/dnssec.c +++ b/src/dnssec.c -@@ -432,17 +432,24 @@ static int back_to_the_future; +@@ -429,17 +429,24 @@ static time_t timestamp_time; int setup_timestamp(void) { struct stat statbuf; -- + time_t now; + time_t base = 1420070400; /* 1-1-2015 */ -+ - back_to_the_future = 0; + + daemon->back_to_the_future = 0; if (!daemon->timestamp_file) return 0; -- + + now = time(NULL); + + if (!stat("/proc/self/exe", &statbuf) && difftime(statbuf.st_mtime, base) > 0) + base = statbuf.st_mtime; -+ + if (stat(daemon->timestamp_file, &statbuf) != -1) { timestamp_time = statbuf.st_mtime; check_and_exit: - if (difftime(timestamp_time, time(0)) <= 0) -+ if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <= 0) ++ if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <= 0) { /* time already OK, update timestamp, and do key checking from the start. */ if (utime(daemon->timestamp_file, NULL) == -1) -@@ -463,7 +470,7 @@ int setup_timestamp(void) +@@ -460,7 +467,7 @@ int setup_timestamp(void) close(fd); From 84da27181fde06ddfd213229df5040f2a755bedf Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Thu, 31 Aug 2017 11:09:48 +0200 Subject: [PATCH 16/38] dnsmasq: Bump to dnsmasq2.75 Fixes a 100% cpu usage issue if using dhcp-script. Signed-off-by: Kevin Darbyshire-Bryant Signed-off-by: Hauke Mehrtens --- package/network/services/dnsmasq/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 9b0ecc518d..444459baaa 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.74 +PKG_VERSION:=2.75 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq -PKG_MD5SUM:=f48cd0fe26a55617a375ffc95b71e3c3 +PKG_MD5SUM:=887236f1ddde6eb57cdb9d01916c9f72 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING From a1b00385a2a18d3b03a47174c7667945a22f39b4 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Thu, 31 Aug 2017 12:32:32 +0200 Subject: [PATCH 17/38] dnsmasq: update to dnsmasq 2.77test1 Bump to dnsmasq 2.77test1 - this includes a number of fixes since 2.76 and allows dropping of 2 LEDE carried patches. Notable fix in rrfilter code when talking to Nominum's DNS servers especially with DNSSEC. A patch to switch dnsmasq back to 'soft fail' for SERVFAIL responses from dns servers is also included. This mean dnsmasq tries all configured servers before giving up. A 'localise queries' enhancement has also been backported (it will appear in test2/rc'n') this is especially important if using the recently imported to LEDE 'use dnsmasq standalone' feature 9525743c I have been following dnsmasq HEAD ever since 2.76 release. Compile & Run tested: ar71xx, Archer C7 v2 Tested-by: Kevin Darbyshire-Bryant Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 6 +- ...ise-queries-apply-to-interface-names.patch | 99 +++++++++++++++++++ .../100-fix-dhcp-no-address-warning.patch | 47 --------- .../110-ipset-remove-old-kernel-support.patch | 69 +++---------- ...0-dnssec-improve-timestamp-heuristic.patch | 4 +- .../patches/220-try-all-servers-on-fail.patch | 30 ++++++ ...0-fix-poll-h-include-warning-on-musl.patch | 18 ++++ 7 files changed, 164 insertions(+), 109 deletions(-) create mode 100644 package/network/services/dnsmasq/patches/010-localise-queries-apply-to-interface-names.patch delete mode 100644 package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch create mode 100644 package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch create mode 100644 package/network/services/dnsmasq/patches/230-fix-poll-h-include-warning-on-musl.patch diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 444459baaa..9acc6bb2ab 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.75 +PKG_VERSION:=2.77test1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq -PKG_MD5SUM:=887236f1ddde6eb57cdb9d01916c9f72 +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases +PKG_MD5SUM:=1e07d46ed3b9b81fa16ceed7f7e92c87 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/network/services/dnsmasq/patches/010-localise-queries-apply-to-interface-names.patch b/package/network/services/dnsmasq/patches/010-localise-queries-apply-to-interface-names.patch new file mode 100644 index 0000000000..229eaa4eb2 --- /dev/null +++ b/package/network/services/dnsmasq/patches/010-localise-queries-apply-to-interface-names.patch @@ -0,0 +1,99 @@ +From d42d4706bbcce3b5a40ad778a5a356a997db6b34 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Thu, 2 Feb 2017 16:52:06 +0000 +Subject: [PATCH] Make --localise-queries apply to names from + --interface-name. + +--- + CHANGELOG | 7 +++++++ + man/dnsmasq.8 | 9 +++++---- + src/rfc1035.c | 21 ++++++++++++++++++++- + 3 files changed, 32 insertions(+), 5 deletions(-) + +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -58,6 +58,13 @@ version 2.77 + this is Nominum's. Thanks to Dave Täht for spotting the + bug and assisting in the fix. + ++ Fix the manpage which lied that only the primary address ++ of an interface is used by --interface-name. ++ ++ Make --localise-queries apply to names from --interface-name. ++ Thanks to Kevin Darbyshire-Bryant and Eric Luehrsen ++ for pushing this. ++ + + version 2.76 + Include 0.0.0.0/8 in DNS rebind checks. This range +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -289,8 +289,8 @@ option requires non-standard networking + under Linux. On other platforms it falls-back to --bind-interfaces mode. + .TP + .B \-y, --localise-queries +-Return answers to DNS queries from /etc/hosts which depend on the interface over which the query was +-received. If a name in /etc/hosts has more than one address associated with ++Return answers to DNS queries from /etc/hosts and --interface-name which depend on the interface over which the query was ++received. If a name has more than one address associated with + it, and at least one of those addresses is on the same subnet as the + interface to which the query was sent, then return only the + address(es) on that subnet. This allows for a server to have multiple +@@ -604,7 +604,7 @@ given by the hex data, which may be of t + 012345 or any mixture of these. + .TP + .B --interface-name=,[/4|/6] +-Return a DNS record associating the name with the primary address on ++Return DNS records associating the name with the address(es) of + the given interface. This flag specifies an A or AAAA record for the given + name in the same way as an /etc/hosts line, except that the address is + not constant, but taken from the given interface. The interface may be +@@ -614,7 +614,8 @@ down, not configured or non-existent, an + matching PTR record is also created, mapping the interface address to + the name. More than one name may be associated with an interface + address by repeating the flag; in that case the first instance is used +-for the reverse address-to-name mapping. ++for the reverse address-to-name mapping. Note that a name used in ++--interface-name may not appear in /etc/hosts. + .TP + .B --synth-domain=,
[,] + Create artificial A/AAAA and PTR records for an address range. The +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -1516,9 +1516,24 @@ size_t answer_request(struct dns_header + if (intr) + { + struct addrlist *addrlist; +- int gotit = 0; ++ int gotit = 0, localise = 0; + + enumerate_interfaces(0); ++ ++ /* See if a putative address is on the network from which we recieved ++ the query, is so we'll filter other answers. */ ++ if (local_addr.s_addr != 0 && option_bool(OPT_LOCALISE) && type == T_A) ++ for (intr = daemon->int_names; intr; intr = intr->next) ++ if (hostname_isequal(name, intr->name)) ++ for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) ++#ifdef HAVE_IPV6 ++ if (!(addrlist->flags & ADDRLIST_IPV6)) ++#endif ++ if (is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) ++ { ++ localise = 1; ++ break; ++ } + + for (intr = daemon->int_names; intr; intr = intr->next) + if (hostname_isequal(name, intr->name)) +@@ -1528,6 +1543,10 @@ size_t answer_request(struct dns_header + if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type) + #endif + { ++ if (localise && ++ !is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) ++ continue; ++ + #ifdef HAVE_IPV6 + if (addrlist->flags & ADDRLIST_REVONLY) + continue; diff --git a/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch deleted file mode 100644 index f5b5ca04ec..0000000000 --- a/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch +++ /dev/null @@ -1,47 +0,0 @@ ---- a/src/dhcp.c -+++ b/src/dhcp.c -@@ -146,7 +146,7 @@ void dhcp_packet(time_t now, int pxe_fd) - struct iovec iov; - ssize_t sz; - int iface_index = 0, unicast_dest = 0, is_inform = 0; -- struct in_addr iface_addr; -+ struct in_addr iface_addr, *addrp = NULL; - struct iface_param parm; - #ifdef HAVE_LINUX_NETWORK - struct arpreq arp_req; -@@ -275,11 +275,9 @@ void dhcp_packet(time_t now, int pxe_fd) - { - ifr.ifr_addr.sa_family = AF_INET; - if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 ) -- iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; -- else - { -- my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); -- return; -+ addrp = &iface_addr; -+ iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; - } - - for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next) -@@ -298,7 +296,7 @@ void dhcp_packet(time_t now, int pxe_fd) - parm.relay_local.s_addr = 0; - parm.ind = iface_index; - -- if (!iface_check(AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name, NULL)) -+ if (!iface_check(AF_INET, (struct all_addr *)addrp, ifr.ifr_name, NULL)) - { - /* If we failed to match the primary address of the interface, see if we've got a --listen-address - for a secondary */ -@@ -318,6 +316,12 @@ void dhcp_packet(time_t now, int pxe_fd) - complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm); - } - -+ if (!addrp) -+ { -+ my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); -+ return; -+ } -+ - if (!iface_enumerate(AF_INET, &parm, complete_context)) - return; - diff --git a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch index 61b09d5b2c..88e334b0fc 100644 --- a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch +++ b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch @@ -44,67 +44,22 @@ (buffer = safe_malloc(BUFF_SZ)) && (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 && (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1)) -@@ -168,62 +149,16 @@ static int new_add_to_ipset(const char * - } - - --static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove) --{ -- socklen_t size; -- struct ip_set_req_adt_get { -- unsigned op; -- unsigned version; -- union { -- char name[IPSET_MAXNAMELEN]; -- uint16_t index; -- } set; -- char typename[IPSET_MAXNAMELEN]; -- } req_adt_get; -- struct ip_set_req_adt { -- unsigned op; -- uint16_t index; -- uint32_t ip; -- } req_adt; -- -- if (strlen(setname) >= sizeof(req_adt_get.set.name)) -- { -- errno = ENAMETOOLONG; -- return -1; -- } -- -- req_adt_get.op = 0x10; -- req_adt_get.version = 3; -- strcpy(req_adt_get.set.name, setname); -- size = sizeof(req_adt_get); -- if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0) -- return -1; -- req_adt.op = remove ? 0x102 : 0x101; -- req_adt.index = req_adt_get.set.index; -- req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr); -- if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0) -- return -1; -- -- return 0; --} -- -- -- - int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove) - { - int af = AF_INET; - - #ifdef HAVE_IPV6 +@@ -217,17 +198,10 @@ int add_to_ipset(const char *setname, co if (flags & F_IPV6) -- { + { af = AF_INET6; - /* old method only supports IPv4 */ - if (old_kernel) -- return -1; -- } +- { +- errno = EAFNOSUPPORT ; +- ret = -1; +- } + } #endif -- return old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); -+ return new_add_to_ipset(setname, ipaddr, af, remove); - } +- if (ret != -1) +- ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); ++ ret = new_add_to_ipset(setname, ipaddr, af, remove); - #endif + if (ret == -1) + my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno)); diff --git a/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch index 81fbf185b1..ca5a806696 100644 --- a/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch +++ b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch @@ -10,7 +10,7 @@ Signed-off-by: Steven Barth --- a/src/dnssec.c +++ b/src/dnssec.c -@@ -429,17 +429,24 @@ static time_t timestamp_time; +@@ -462,17 +462,24 @@ static time_t timestamp_time; int setup_timestamp(void) { struct stat statbuf; @@ -36,7 +36,7 @@ Signed-off-by: Steven Barth { /* time already OK, update timestamp, and do key checking from the start. */ if (utime(daemon->timestamp_file, NULL) == -1) -@@ -460,7 +467,7 @@ int setup_timestamp(void) +@@ -493,7 +500,7 @@ int setup_timestamp(void) close(fd); diff --git a/package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch b/package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch new file mode 100644 index 0000000000..501eefebb5 --- /dev/null +++ b/package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch @@ -0,0 +1,30 @@ +From 94a8815892f538b334d640012eebcafc2c7fa284 Mon Sep 17 00:00:00 2001 +From: Martin Wetterwald +Date: Thu, 27 Oct 2016 12:17:03 +0200 +Subject: [PATCH] Consider SERVFAIL as a non-successful response + +Treat Servfail as a recoverable error instead of a hard error. + +A misconfigured dns forwarder upstream can return a Servfail faster than +a correctly configured one. + +In the case of a dnssec misbehaving, it will misbehave on all correctly +configured upstreams. In the case of a normal DNS query, the original +behavior of dnsmasq here was more robust. + +--- + src/forward.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/src/forward.c ++++ b/src/forward.c +@@ -853,7 +853,8 @@ void reply_query(int fd, int family, tim + we get a good reply from another server. Kill it when we've + had replies from all to avoid filling the forwarding table when + everything is broken */ +- if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED) ++ if (forward->forwardall == 0 || --forward->forwardall == 1 ++ || (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL)) + { + int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0; + diff --git a/package/network/services/dnsmasq/patches/230-fix-poll-h-include-warning-on-musl.patch b/package/network/services/dnsmasq/patches/230-fix-poll-h-include-warning-on-musl.patch new file mode 100644 index 0000000000..19300f7d66 --- /dev/null +++ b/package/network/services/dnsmasq/patches/230-fix-poll-h-include-warning-on-musl.patch @@ -0,0 +1,18 @@ +dnsmasq: fix warning with poll.h include on musl + +Warning is: + #warning redirecting incorrect #include to + +Signed-off-by: Kevin Darbyshire-Bryant + +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -82,7 +82,7 @@ typedef unsigned long long u64; + #if defined(HAVE_SOLARIS_NETWORK) + # include + #endif +-#include ++#include + #include + #include + #include From 07c79e4b7cd584276146bd344ba2aa58dcb9f056 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Thu, 31 Aug 2017 12:35:12 +0200 Subject: [PATCH 18/38] dnsmasq: bump to dnsmasq v2.77test3 New test release (since test1) includes 2 LEDE patches that are upstream and may be dropped, along with many spelling fixes. Add forthcoming 2017 root zone trust anchor to trust-anchors.conf. Backport 2 patches that just missed test3: Reduce logspam of those domains handled locally 'local addresses only' Implement RFC-6842 (Client-ids in DHCP replies) Compile & run tested Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 4 +- ...ise-queries-apply-to-interface-names.patch | 99 ------------- .../dnsmasq/patches/010-reduce-logging.patch | 83 +++++++++++ .../patches/020-implement-RFC6842.patch | 132 ++++++++++++++++++ .../patches/220-try-all-servers-on-fail.patch | 30 ---- 5 files changed, 217 insertions(+), 131 deletions(-) delete mode 100644 package/network/services/dnsmasq/patches/010-localise-queries-apply-to-interface-names.patch create mode 100644 package/network/services/dnsmasq/patches/010-reduce-logging.patch create mode 100644 package/network/services/dnsmasq/patches/020-implement-RFC6842.patch delete mode 100644 package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 9acc6bb2ab..e4aea9b0ec 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.77test1 +PKG_VERSION:=2.77test3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases -PKG_MD5SUM:=1e07d46ed3b9b81fa16ceed7f7e92c87 +PKG_MD5SUM:=95753ef469841ae5a312cf8de77c0464 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/network/services/dnsmasq/patches/010-localise-queries-apply-to-interface-names.patch b/package/network/services/dnsmasq/patches/010-localise-queries-apply-to-interface-names.patch deleted file mode 100644 index 229eaa4eb2..0000000000 --- a/package/network/services/dnsmasq/patches/010-localise-queries-apply-to-interface-names.patch +++ /dev/null @@ -1,99 +0,0 @@ -From d42d4706bbcce3b5a40ad778a5a356a997db6b34 Mon Sep 17 00:00:00 2001 -From: Simon Kelley -Date: Thu, 2 Feb 2017 16:52:06 +0000 -Subject: [PATCH] Make --localise-queries apply to names from - --interface-name. - ---- - CHANGELOG | 7 +++++++ - man/dnsmasq.8 | 9 +++++---- - src/rfc1035.c | 21 ++++++++++++++++++++- - 3 files changed, 32 insertions(+), 5 deletions(-) - ---- a/CHANGELOG -+++ b/CHANGELOG -@@ -58,6 +58,13 @@ version 2.77 - this is Nominum's. Thanks to Dave Täht for spotting the - bug and assisting in the fix. - -+ Fix the manpage which lied that only the primary address -+ of an interface is used by --interface-name. -+ -+ Make --localise-queries apply to names from --interface-name. -+ Thanks to Kevin Darbyshire-Bryant and Eric Luehrsen -+ for pushing this. -+ - - version 2.76 - Include 0.0.0.0/8 in DNS rebind checks. This range ---- a/man/dnsmasq.8 -+++ b/man/dnsmasq.8 -@@ -289,8 +289,8 @@ option requires non-standard networking - under Linux. On other platforms it falls-back to --bind-interfaces mode. - .TP - .B \-y, --localise-queries --Return answers to DNS queries from /etc/hosts which depend on the interface over which the query was --received. If a name in /etc/hosts has more than one address associated with -+Return answers to DNS queries from /etc/hosts and --interface-name which depend on the interface over which the query was -+received. If a name has more than one address associated with - it, and at least one of those addresses is on the same subnet as the - interface to which the query was sent, then return only the - address(es) on that subnet. This allows for a server to have multiple -@@ -604,7 +604,7 @@ given by the hex data, which may be of t - 012345 or any mixture of these. - .TP - .B --interface-name=,[/4|/6] --Return a DNS record associating the name with the primary address on -+Return DNS records associating the name with the address(es) of - the given interface. This flag specifies an A or AAAA record for the given - name in the same way as an /etc/hosts line, except that the address is - not constant, but taken from the given interface. The interface may be -@@ -614,7 +614,8 @@ down, not configured or non-existent, an - matching PTR record is also created, mapping the interface address to - the name. More than one name may be associated with an interface - address by repeating the flag; in that case the first instance is used --for the reverse address-to-name mapping. -+for the reverse address-to-name mapping. Note that a name used in -+--interface-name may not appear in /etc/hosts. - .TP - .B --synth-domain=,
[,] - Create artificial A/AAAA and PTR records for an address range. The ---- a/src/rfc1035.c -+++ b/src/rfc1035.c -@@ -1516,9 +1516,24 @@ size_t answer_request(struct dns_header - if (intr) - { - struct addrlist *addrlist; -- int gotit = 0; -+ int gotit = 0, localise = 0; - - enumerate_interfaces(0); -+ -+ /* See if a putative address is on the network from which we recieved -+ the query, is so we'll filter other answers. */ -+ if (local_addr.s_addr != 0 && option_bool(OPT_LOCALISE) && type == T_A) -+ for (intr = daemon->int_names; intr; intr = intr->next) -+ if (hostname_isequal(name, intr->name)) -+ for (addrlist = intr->addr; addrlist; addrlist = addrlist->next) -+#ifdef HAVE_IPV6 -+ if (!(addrlist->flags & ADDRLIST_IPV6)) -+#endif -+ if (is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) -+ { -+ localise = 1; -+ break; -+ } - - for (intr = daemon->int_names; intr; intr = intr->next) - if (hostname_isequal(name, intr->name)) -@@ -1528,6 +1543,10 @@ size_t answer_request(struct dns_header - if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type) - #endif - { -+ if (localise && -+ !is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask)) -+ continue; -+ - #ifdef HAVE_IPV6 - if (addrlist->flags & ADDRLIST_REVONLY) - continue; diff --git a/package/network/services/dnsmasq/patches/010-reduce-logging.patch b/package/network/services/dnsmasq/patches/010-reduce-logging.patch new file mode 100644 index 0000000000..9141a135a4 --- /dev/null +++ b/package/network/services/dnsmasq/patches/010-reduce-logging.patch @@ -0,0 +1,83 @@ +From 3e2496fb16fb78cb95fffdac80f967310a34b1fa Mon Sep 17 00:00:00 2001 +From: Hannu Nyman +Date: Sat, 11 Feb 2017 13:44:08 +0000 +Subject: [PATCH] Decrease the number of individual sites listed in log. + +By default 30 first servers are listed individually to system log, and +then a count of the remaining items. With e.g. a NXDOMAIN based adblock +service, dnsmasq lists 30 unnecessary ad sites every time when dnsmasq +evaluates the list. But the actual nameservers in use are evaluated last +and are not displayed as they get included in the "remaining items" total. + +Handle the "local addresses only" separately and list only a few of them. +Remove the "local addresses only" from the general count. +--- + CHANGELOG | 4 ++++ + src/config.h | 1 + + src/network.c | 9 ++++++++- + 3 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 788aaf9..f7f5125 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -69,6 +69,10 @@ version 2.77 + servers. Specifically, be prepared to open a new TCP + connection when we want to make multiple queries + but the upstream server accepts fewer queries per connection. ++ ++ Improve logging of upstream servers when there are a lot ++ of "local addresses only" entries. Thanks to Hannu Nyman for ++ the patch. + + + version 2.76 +diff --git a/src/config.h b/src/config.h +index be9cf05..cf527b3 100644 +--- a/src/config.h ++++ b/src/config.h +@@ -27,6 +27,7 @@ + #define FORWARD_TEST 50 /* try all servers every 50 queries */ + #define FORWARD_TIME 20 /* or 20 seconds */ + #define SERVERS_LOGGED 30 /* Only log this many servers when logging state */ ++#define LOCALS_LOGGED 8 /* Only log this many local addresses when logging state */ + #define RANDOM_SOCKS 64 /* max simultaneous random ports */ + #define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */ + #define CACHESIZ 150 /* default cache size */ +diff --git a/src/network.c b/src/network.c +index 770558a..eb41624 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -1438,6 +1438,7 @@ void check_servers(void) + struct server *serv; + struct serverfd *sfd, *tmp, **up; + int port = 0, count; ++ int locals = 0; + + /* interface may be new since startup */ + if (!option_bool(OPT_NOWILD)) +@@ -1541,7 +1542,11 @@ void check_servers(void) + s1 = _("domain"), s2 = serv->domain; + + if (serv->flags & SERV_NO_ADDR) +- my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2); ++ { ++ count--; ++ if (++locals <= LOCALS_LOGGED) ++ my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2); ++ } + else if (serv->flags & SERV_USE_RESOLV) + my_syslog(LOG_INFO, _("using standard nameservers for %s %s"), s1, s2); + else +@@ -1558,6 +1563,8 @@ void check_servers(void) + } + } + ++ if (locals > LOCALS_LOGGED) ++ my_syslog(LOG_INFO, _("using %d more local addresses"), locals - LOCALS_LOGGED); + if (count - 1 > SERVERS_LOGGED) + my_syslog(LOG_INFO, _("using %d more nameservers"), count - SERVERS_LOGGED - 1); + +-- +1.7.10.4 + diff --git a/package/network/services/dnsmasq/patches/020-implement-RFC6842.patch b/package/network/services/dnsmasq/patches/020-implement-RFC6842.patch new file mode 100644 index 0000000000..905e40b8ca --- /dev/null +++ b/package/network/services/dnsmasq/patches/020-implement-RFC6842.patch @@ -0,0 +1,132 @@ +From 88a77a78ad27adc3ed87b7ee603643d26cb896ee Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Sat, 11 Feb 2017 17:02:02 +0000 +Subject: [PATCH] Implement RFC-6842 (Client-ids in DHCP replies.) + +--- + CHANGELOG | 5 ++++- + src/rfc2131.c | 33 ++++++++++++++++++++++----------- + 2 files changed, 26 insertions(+), 12 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index f7f5125..a4ee280 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -74,7 +74,10 @@ version 2.77 + of "local addresses only" entries. Thanks to Hannu Nyman for + the patch. + +- ++ Implement RFC 6842. Thanks to Reddeiah Raju Konduru for ++ pointing out that this was missing. ++ ++ + version 2.76 + Include 0.0.0.0/8 in DNS rebind checks. This range + translates to hosts on the local network, or, at +diff --git a/src/rfc2131.c b/src/rfc2131.c +index 978c8dc..3e97402 100644 +--- a/src/rfc2131.c ++++ b/src/rfc2131.c +@@ -38,7 +38,7 @@ static void log_packet(char *type, void *addr, unsigned char *ext_mac, + static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize); + static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize); + static size_t dhcp_packet_size(struct dhcp_packet *mess, unsigned char *agent_id, unsigned char *real_end); +-static void clear_packet(struct dhcp_packet *mess, unsigned char *end); ++static void clear_packet(struct dhcp_packet *mess, unsigned char *end, unsigned int sz); + static int in_list(unsigned char *list, int opt); + static void do_options(struct dhcp_context *context, + struct dhcp_packet *mess, +@@ -611,7 +611,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + now); + lease_set_interface(lease, int_index, now); + +- clear_packet(mess, end); ++ clear_packet(mess, end, 0); + do_options(context, mess, end, NULL, hostname, get_domain(mess->yiaddr), + netid, subnet_addr, 0, 0, -1, NULL, vendor_class_len, now, 0xffffffff, 0); + } +@@ -814,7 +814,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + if (!service || !service->basename || !context) + return 0; + +- clear_packet(mess, end); ++ clear_packet(mess, end, sz); + + mess->yiaddr = mess->ciaddr; + mess->ciaddr.s_addr = 0; +@@ -882,7 +882,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + mess->flags |= htons(0x8000); /* broadcast */ + } + +- clear_packet(mess, end); ++ clear_packet(mess, end, sz); + + /* Redirect EFI clients to port 4011 */ + if (pxearch >= 6) +@@ -1062,7 +1062,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + log_packet("DHCPOFFER" , &mess->yiaddr, emac, emac_len, iface_name, NULL, NULL, mess->xid); + + time = calc_time(context, config, option_find(mess, sz, OPTION_LEASE_TIME, 4)); +- clear_packet(mess, end); ++ clear_packet(mess, end, sz); + option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPOFFER); + option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr)); + option_put(mess, end, OPTION_LEASE_TIME, 4, time); +@@ -1245,7 +1245,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + log_packet("DHCPNAK", &mess->yiaddr, emac, emac_len, iface_name, NULL, message, mess->xid); + + mess->yiaddr.s_addr = 0; +- clear_packet(mess, end); ++ clear_packet(mess, end, sz); + option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPNAK); + option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr)); + option_put_string(mess, end, OPTION_MESSAGE, message, borken_opt); +@@ -1401,7 +1401,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + + log_packet("DHCPACK", &mess->yiaddr, emac, emac_len, iface_name, hostname, NULL, mess->xid); + +- clear_packet(mess, end); ++ clear_packet(mess, end, sz); + option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK); + option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr)); + option_put(mess, end, OPTION_LEASE_TIME, 4, time); +@@ -1452,7 +1452,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + override = lease->override; + } + +- clear_packet(mess, end); ++ clear_packet(mess, end, sz); + option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK); + option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr)); + +@@ -2180,12 +2180,23 @@ static struct dhcp_opt *pxe_opts(int pxe_arch, struct dhcp_netid *netid, struct + + return ret; + } +- +-static void clear_packet(struct dhcp_packet *mess, unsigned char *end) ++ ++static void clear_packet(struct dhcp_packet *mess, unsigned char *end, unsigned int sz) + { ++ unsigned char *opt; ++ unsigned int clid_tot = 0; ++ ++ /* If sz is non-zero, save any client-id option by copying it as the first ++ option in the new packet */ ++ if (sz != 0 && (opt = option_find(mess, sz, OPTION_CLIENT_ID, 1))) ++ { ++ clid_tot = option_len(opt) + 2u; ++ memmove(&mess->options[0] + sizeof(u32), opt, clid_tot); ++ } ++ + memset(mess->sname, 0, sizeof(mess->sname)); + memset(mess->file, 0, sizeof(mess->file)); +- memset(&mess->options[0] + sizeof(u32), 0, end - (&mess->options[0] + sizeof(u32))); ++ memset(&mess->options[0] + sizeof(u32) + clid_tot, 0, end - (&mess->options[0] + sizeof(u32) + clid_tot)); + mess->siaddr.s_addr = 0; + } + +-- +1.7.10.4 + diff --git a/package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch b/package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch deleted file mode 100644 index 501eefebb5..0000000000 --- a/package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 94a8815892f538b334d640012eebcafc2c7fa284 Mon Sep 17 00:00:00 2001 -From: Martin Wetterwald -Date: Thu, 27 Oct 2016 12:17:03 +0200 -Subject: [PATCH] Consider SERVFAIL as a non-successful response - -Treat Servfail as a recoverable error instead of a hard error. - -A misconfigured dns forwarder upstream can return a Servfail faster than -a correctly configured one. - -In the case of a dnssec misbehaving, it will misbehave on all correctly -configured upstreams. In the case of a normal DNS query, the original -behavior of dnsmasq here was more robust. - ---- - src/forward.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/src/forward.c -+++ b/src/forward.c -@@ -853,7 +853,8 @@ void reply_query(int fd, int family, tim - we get a good reply from another server. Kill it when we've - had replies from all to avoid filling the forwarding table when - everything is broken */ -- if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED) -+ if (forward->forwardall == 0 || --forward->forwardall == 1 -+ || (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL)) - { - int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0; - From fccbf91bf9a849031d1874eab3e93a5842b0bef5 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Thu, 31 Aug 2017 12:36:33 +0200 Subject: [PATCH 19/38] dnsmasq: bump to dnsmasq v2.77test4 --bogus-priv now applies to IPv6 prefixes as specified in RFC6303 - this is significantly friendlier to upstream servers. CNAME fix in auth mode - A domain can only have a CNAME if it has no other records Drop 2 patches now included upstream. Compile & run tested Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 4 +- .../dnsmasq/patches/010-reduce-logging.patch | 83 ----------- .../patches/020-implement-RFC6842.patch | 132 ------------------ 3 files changed, 2 insertions(+), 217 deletions(-) delete mode 100644 package/network/services/dnsmasq/patches/010-reduce-logging.patch delete mode 100644 package/network/services/dnsmasq/patches/020-implement-RFC6842.patch diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index e4aea9b0ec..855e74d05a 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.77test3 +PKG_VERSION:=2.77test4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases -PKG_MD5SUM:=95753ef469841ae5a312cf8de77c0464 +PKG_MD5SUM:=30a347065386e78c596269da341ed615 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/network/services/dnsmasq/patches/010-reduce-logging.patch b/package/network/services/dnsmasq/patches/010-reduce-logging.patch deleted file mode 100644 index 9141a135a4..0000000000 --- a/package/network/services/dnsmasq/patches/010-reduce-logging.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 3e2496fb16fb78cb95fffdac80f967310a34b1fa Mon Sep 17 00:00:00 2001 -From: Hannu Nyman -Date: Sat, 11 Feb 2017 13:44:08 +0000 -Subject: [PATCH] Decrease the number of individual sites listed in log. - -By default 30 first servers are listed individually to system log, and -then a count of the remaining items. With e.g. a NXDOMAIN based adblock -service, dnsmasq lists 30 unnecessary ad sites every time when dnsmasq -evaluates the list. But the actual nameservers in use are evaluated last -and are not displayed as they get included in the "remaining items" total. - -Handle the "local addresses only" separately and list only a few of them. -Remove the "local addresses only" from the general count. ---- - CHANGELOG | 4 ++++ - src/config.h | 1 + - src/network.c | 9 ++++++++- - 3 files changed, 13 insertions(+), 1 deletion(-) - -diff --git a/CHANGELOG b/CHANGELOG -index 788aaf9..f7f5125 100644 ---- a/CHANGELOG -+++ b/CHANGELOG -@@ -69,6 +69,10 @@ version 2.77 - servers. Specifically, be prepared to open a new TCP - connection when we want to make multiple queries - but the upstream server accepts fewer queries per connection. -+ -+ Improve logging of upstream servers when there are a lot -+ of "local addresses only" entries. Thanks to Hannu Nyman for -+ the patch. - - - version 2.76 -diff --git a/src/config.h b/src/config.h -index be9cf05..cf527b3 100644 ---- a/src/config.h -+++ b/src/config.h -@@ -27,6 +27,7 @@ - #define FORWARD_TEST 50 /* try all servers every 50 queries */ - #define FORWARD_TIME 20 /* or 20 seconds */ - #define SERVERS_LOGGED 30 /* Only log this many servers when logging state */ -+#define LOCALS_LOGGED 8 /* Only log this many local addresses when logging state */ - #define RANDOM_SOCKS 64 /* max simultaneous random ports */ - #define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */ - #define CACHESIZ 150 /* default cache size */ -diff --git a/src/network.c b/src/network.c -index 770558a..eb41624 100644 ---- a/src/network.c -+++ b/src/network.c -@@ -1438,6 +1438,7 @@ void check_servers(void) - struct server *serv; - struct serverfd *sfd, *tmp, **up; - int port = 0, count; -+ int locals = 0; - - /* interface may be new since startup */ - if (!option_bool(OPT_NOWILD)) -@@ -1541,7 +1542,11 @@ void check_servers(void) - s1 = _("domain"), s2 = serv->domain; - - if (serv->flags & SERV_NO_ADDR) -- my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2); -+ { -+ count--; -+ if (++locals <= LOCALS_LOGGED) -+ my_syslog(LOG_INFO, _("using local addresses only for %s %s"), s1, s2); -+ } - else if (serv->flags & SERV_USE_RESOLV) - my_syslog(LOG_INFO, _("using standard nameservers for %s %s"), s1, s2); - else -@@ -1558,6 +1563,8 @@ void check_servers(void) - } - } - -+ if (locals > LOCALS_LOGGED) -+ my_syslog(LOG_INFO, _("using %d more local addresses"), locals - LOCALS_LOGGED); - if (count - 1 > SERVERS_LOGGED) - my_syslog(LOG_INFO, _("using %d more nameservers"), count - SERVERS_LOGGED - 1); - --- -1.7.10.4 - diff --git a/package/network/services/dnsmasq/patches/020-implement-RFC6842.patch b/package/network/services/dnsmasq/patches/020-implement-RFC6842.patch deleted file mode 100644 index 905e40b8ca..0000000000 --- a/package/network/services/dnsmasq/patches/020-implement-RFC6842.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 88a77a78ad27adc3ed87b7ee603643d26cb896ee Mon Sep 17 00:00:00 2001 -From: Simon Kelley -Date: Sat, 11 Feb 2017 17:02:02 +0000 -Subject: [PATCH] Implement RFC-6842 (Client-ids in DHCP replies.) - ---- - CHANGELOG | 5 ++++- - src/rfc2131.c | 33 ++++++++++++++++++++++----------- - 2 files changed, 26 insertions(+), 12 deletions(-) - -diff --git a/CHANGELOG b/CHANGELOG -index f7f5125..a4ee280 100644 ---- a/CHANGELOG -+++ b/CHANGELOG -@@ -74,7 +74,10 @@ version 2.77 - of "local addresses only" entries. Thanks to Hannu Nyman for - the patch. - -- -+ Implement RFC 6842. Thanks to Reddeiah Raju Konduru for -+ pointing out that this was missing. -+ -+ - version 2.76 - Include 0.0.0.0/8 in DNS rebind checks. This range - translates to hosts on the local network, or, at -diff --git a/src/rfc2131.c b/src/rfc2131.c -index 978c8dc..3e97402 100644 ---- a/src/rfc2131.c -+++ b/src/rfc2131.c -@@ -38,7 +38,7 @@ static void log_packet(char *type, void *addr, unsigned char *ext_mac, - static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize); - static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize); - static size_t dhcp_packet_size(struct dhcp_packet *mess, unsigned char *agent_id, unsigned char *real_end); --static void clear_packet(struct dhcp_packet *mess, unsigned char *end); -+static void clear_packet(struct dhcp_packet *mess, unsigned char *end, unsigned int sz); - static int in_list(unsigned char *list, int opt); - static void do_options(struct dhcp_context *context, - struct dhcp_packet *mess, -@@ -611,7 +611,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, - now); - lease_set_interface(lease, int_index, now); - -- clear_packet(mess, end); -+ clear_packet(mess, end, 0); - do_options(context, mess, end, NULL, hostname, get_domain(mess->yiaddr), - netid, subnet_addr, 0, 0, -1, NULL, vendor_class_len, now, 0xffffffff, 0); - } -@@ -814,7 +814,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, - if (!service || !service->basename || !context) - return 0; - -- clear_packet(mess, end); -+ clear_packet(mess, end, sz); - - mess->yiaddr = mess->ciaddr; - mess->ciaddr.s_addr = 0; -@@ -882,7 +882,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, - mess->flags |= htons(0x8000); /* broadcast */ - } - -- clear_packet(mess, end); -+ clear_packet(mess, end, sz); - - /* Redirect EFI clients to port 4011 */ - if (pxearch >= 6) -@@ -1062,7 +1062,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, - log_packet("DHCPOFFER" , &mess->yiaddr, emac, emac_len, iface_name, NULL, NULL, mess->xid); - - time = calc_time(context, config, option_find(mess, sz, OPTION_LEASE_TIME, 4)); -- clear_packet(mess, end); -+ clear_packet(mess, end, sz); - option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPOFFER); - option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr)); - option_put(mess, end, OPTION_LEASE_TIME, 4, time); -@@ -1245,7 +1245,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, - log_packet("DHCPNAK", &mess->yiaddr, emac, emac_len, iface_name, NULL, message, mess->xid); - - mess->yiaddr.s_addr = 0; -- clear_packet(mess, end); -+ clear_packet(mess, end, sz); - option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPNAK); - option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr)); - option_put_string(mess, end, OPTION_MESSAGE, message, borken_opt); -@@ -1401,7 +1401,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, - - log_packet("DHCPACK", &mess->yiaddr, emac, emac_len, iface_name, hostname, NULL, mess->xid); - -- clear_packet(mess, end); -+ clear_packet(mess, end, sz); - option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK); - option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr)); - option_put(mess, end, OPTION_LEASE_TIME, 4, time); -@@ -1452,7 +1452,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, - override = lease->override; - } - -- clear_packet(mess, end); -+ clear_packet(mess, end, sz); - option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK); - option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr)); - -@@ -2180,12 +2180,23 @@ static struct dhcp_opt *pxe_opts(int pxe_arch, struct dhcp_netid *netid, struct - - return ret; - } -- --static void clear_packet(struct dhcp_packet *mess, unsigned char *end) -+ -+static void clear_packet(struct dhcp_packet *mess, unsigned char *end, unsigned int sz) - { -+ unsigned char *opt; -+ unsigned int clid_tot = 0; -+ -+ /* If sz is non-zero, save any client-id option by copying it as the first -+ option in the new packet */ -+ if (sz != 0 && (opt = option_find(mess, sz, OPTION_CLIENT_ID, 1))) -+ { -+ clid_tot = option_len(opt) + 2u; -+ memmove(&mess->options[0] + sizeof(u32), opt, clid_tot); -+ } -+ - memset(mess->sname, 0, sizeof(mess->sname)); - memset(mess->file, 0, sizeof(mess->file)); -- memset(&mess->options[0] + sizeof(u32), 0, end - (&mess->options[0] + sizeof(u32))); -+ memset(&mess->options[0] + sizeof(u32) + clid_tot, 0, end - (&mess->options[0] + sizeof(u32) + clid_tot)); - mess->siaddr.s_addr = 0; - } - --- -1.7.10.4 - From 0c9e97b844c41f6f520205f9a9e71c1356f9f108 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Thu, 31 Aug 2017 12:37:35 +0200 Subject: [PATCH 20/38] dnsmasq: bump to 2.77test5 A number of small tweaks & improvements on the way to a final release. Most notable: Improve DHCPv4 address-in-use check. Remove the recently introduced RFC-6842 (Client-ids in DHCP replies) support as it turns out some clients are getting upset. Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 855e74d05a..547e97fce7 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.77test4 +PKG_VERSION:=2.77test5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases -PKG_MD5SUM:=30a347065386e78c596269da341ed615 +PKG_MD5SUM:=60ccdb9f574321a2c6cb22a5fe5d4980 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING From f3d818571c8ba3441529e54907995dcad20400b7 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Thu, 31 Aug 2017 12:40:49 +0200 Subject: [PATCH 21/38] dnsmasq: bump to 2.77rc3 Fix [FS#766] Intermittent SIGSEGV crash of dnsmasq-full Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 6 +++--- .../210-dnssec-improve-timestamp-heuristic.patch | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 547e97fce7..309083dcd8 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.77test5 +PKG_VERSION:=2.77rc3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases -PKG_MD5SUM:=60ccdb9f574321a2c6cb22a5fe5d4980 +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates +PKG_MD5SUM:=08c56f52c9bb0d41e21e17645436f0ca PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch index ca5a806696..2f854d490b 100644 --- a/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch +++ b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch @@ -35,13 +35,13 @@ Signed-off-by: Steven Barth + if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <= 0) { /* time already OK, update timestamp, and do key checking from the start. */ - if (utime(daemon->timestamp_file, NULL) == -1) + if (utimes(daemon->timestamp_file, NULL) == -1) @@ -493,7 +500,7 @@ int setup_timestamp(void) close(fd); -- timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */ -+ timestamp_time = timbuf.actime = timbuf.modtime = base; - if (utime(daemon->timestamp_file, &timbuf) == 0) - goto check_and_exit; - } +- timestamp_time = 1420070400; /* 1-1-2015 */ ++ timestamp_time = base; /* 1-1-2015 */ + tv[0].tv_sec = tv[1].tv_sec = timestamp_time; + tv[0].tv_usec = tv[1].tv_usec = 0; + if (utimes(daemon->timestamp_file, tv) == 0) From 13fe03017f08023cdef31b21d3ea4ad1d795f940 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Thu, 31 Aug 2017 12:43:46 +0200 Subject: [PATCH 22/38] dnsmasq: Don't expose *.bind data incl version Don't expose dnsmasq version & other data to clients via the *.bind pseudo domain. This uses a new 'NO_ID' compile time option which has been discussed and submitted upstream. This is an alternate to replacing version with 'unknown' which affects the version reported to syslog and 'dnsmasq --version' Run time tested with & without NO_ID on Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 309083dcd8..942e00af0b 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -103,7 +103,7 @@ Package/dnsmasq-full/conffiles = $(Package/dnsmasq/conffiles) TARGET_CFLAGS += -ffunction-sections -fdata-sections TARGET_LDFLAGS += -Wl,--gc-sections -COPTS = $(if $(CONFIG_IPV6),,-DNO_IPV6) +COPTS = -DNO_ID $(if $(CONFIG_IPV6),,-DNO_IPV6) ifeq ($(BUILD_VARIANT),nodhcpv6) COPTS += -DNO_DHCP6 From d04efc7ee075965a8318b3a77b862b9a7bb71c40 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Thu, 31 Aug 2017 13:48:22 +0200 Subject: [PATCH 23/38] dnsmasq: make NO_ID optional in full variant Permit users of the full variant to disable the NO_ID *.bind pseudo domain masking. Defaulted 'on' in all variants. Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 942e00af0b..2ca03d7e7f 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -24,6 +24,7 @@ PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \ CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \ + CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid \ CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \ CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset @@ -50,7 +51,7 @@ endef define Package/dnsmasq-full $(call Package/dnsmasq/Default) - TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset enabled by default) + TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset, NO_ID enabled by default) DEPENDS:=+PACKAGE_dnsmasq_full_dnssec:libnettle \ +PACKAGE_dnsmasq_full_dhcpv6:kmod-ipv6 \ +PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset @@ -70,8 +71,8 @@ endef define Package/dnsmasq-full/description $(call Package/dnsmasq/description) -This is a fully configurable variant with DHCPv6, DNSSEC, Authroitative DNS and -IPset support enabled by default. +This is a fully configurable variant with DHCPv6, DNSSEC, Authoritative DNS and +IPset, NO_ID support enabled by default. endef define Package/dnsmasq/conffiles @@ -88,6 +89,9 @@ define Package/dnsmasq-full/config config PACKAGE_dnsmasq_full_dnssec bool "Build with DNSSEC support." default y + config PACKAGE_dnsmasq_full_noid + bool "Build with NO_ID. (hide *.bind pseudo domain)" + default y config PACKAGE_dnsmasq_full_auth bool "Build with the facility to act as an authoritative DNS server." default y @@ -103,7 +107,7 @@ Package/dnsmasq-full/conffiles = $(Package/dnsmasq/conffiles) TARGET_CFLAGS += -ffunction-sections -fdata-sections TARGET_LDFLAGS += -Wl,--gc-sections -COPTS = -DNO_ID $(if $(CONFIG_IPV6),,-DNO_IPV6) +COPTS = $(if $(CONFIG_IPV6),,-DNO_IPV6) ifeq ($(BUILD_VARIANT),nodhcpv6) COPTS += -DNO_DHCP6 @@ -113,10 +117,11 @@ ifeq ($(BUILD_VARIANT),full) COPTS += $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6),,-DNO_DHCP6) \ $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec),-DHAVE_DNSSEC) \ $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth),,-DNO_AUTH) \ + $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid),-DNO_ID,) \ $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET) COPTS += $(if $(CONFIG_LIBNETTLE_MINI),-DNO_GMP,) else - COPTS += -DNO_AUTH -DNO_IPSET + COPTS += -DNO_AUTH -DNO_IPSET -DNO_ID endif MAKE_FLAGS := \ From 7680fc92b4f7ba3bde0dc4693cebb4394dff267e Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Thu, 31 Aug 2017 13:49:18 +0200 Subject: [PATCH 24/38] dnsmasq: bump to 2.77rc5 Some small tweaks and improvements : 9828ab1 Fix compiler warning. f77700a Fix compiler warning. 0fbd980 Fix compiler warning. 43cdf1c Remove automatic IDN support when building i18n. ff19b1a Fix &/&& confusion. 2aaea18 Add .gitattributes to substitute VERSION on export. Signed-off-by: Hans Dedecker --- package/network/services/dnsmasq/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 2ca03d7e7f..5674a2e675 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.77rc3 +PKG_VERSION:=2.77rc5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates -PKG_MD5SUM:=08c56f52c9bb0d41e21e17645436f0ca +PKG_MD5SUM:=bae0aa4961be7d5abebed16a95c9c2f0 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING From 13e575c53c4df8a6da29ebe80d1829d05b59cf5c Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Thu, 31 Aug 2017 13:50:12 +0200 Subject: [PATCH 25/38] dnsmasq: bump to 2.77 Bump to the 2.77 release after quite a few test & release candidates. Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 5674a2e675..80ac42a5dc 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.77rc5 +PKG_VERSION:=2.77 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates -PKG_MD5SUM:=bae0aa4961be7d5abebed16a95c9c2f0 +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/ +PKG_MD5SUM:=5b973fea8e66e76a0e6bb44adefc6f9b PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING From 00bf56d61aa50a49144b014e3b285e476b4785dc Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Thu, 31 Aug 2017 13:57:02 +0200 Subject: [PATCH 26/38] dnsmasq: forward.c: fix CVE-2017-13704 Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset() is called with header & limit pointing at the same address and thus tries to clear memory from before the buffer begins. answer_request() is called with an invalid edns packet size provided by the client. Ensure the udp_size provided by the client is bounded by 512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512 MUST be treated as equal to 512" The client that exposed the problem provided a payload udp size of 0. Signed-off-by: Kevin Darbyshire-Bryant Acked-by: Hans Dedecker --- .../patches/025-fix-CVE-2017-13704.patch | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 package/network/services/dnsmasq/patches/025-fix-CVE-2017-13704.patch diff --git a/package/network/services/dnsmasq/patches/025-fix-CVE-2017-13704.patch b/package/network/services/dnsmasq/patches/025-fix-CVE-2017-13704.patch new file mode 100644 index 0000000000..8848131dac --- /dev/null +++ b/package/network/services/dnsmasq/patches/025-fix-CVE-2017-13704.patch @@ -0,0 +1,37 @@ +From 38af9b1ac3242a4128e88069c495024caa565f0e Mon Sep 17 00:00:00 2001 +From: Kevin Darbyshire-Bryant +Date: Tue, 29 Aug 2017 12:35:40 +0100 +Subject: [PATCH] forward.c: fix CVE-2017-13704 + +Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset() +is called with header & limit pointing at the same address and thus +tries to clear memory from before the buffer begins. + +answer_request() is called with an invalid edns packet size provided by +the client. Ensure the udp_size provided by the client is bounded by +512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512 +MUST be treated as equal to 512" + +The client that exposed the problem provided a payload udp size of 0. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/forward.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/forward.c b/src/forward.c +index f22556a..62c5a5a 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -1408,6 +1408,8 @@ void receive_query(struct listener *listen, time_t now) + defaults to 512 */ + if (udp_size > daemon->edns_pktsz) + udp_size = daemon->edns_pktsz; ++ if (udp_size < 512) ++ udp_size = 512; /* RFC 6891 6.2.3 */ + } + + #ifdef HAVE_AUTH +-- +2.7.4 + From ab78bc85cc098d7d33eec4f0c0cc6a1a518d053b Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Thu, 31 Aug 2017 14:32:39 +0200 Subject: [PATCH 27/38] dropbear: hide dropbear version As security precaution and to limit the attack surface based on the version reported by tools like nmap mask out the dropbear version so the version is not visible anymore by snooping on the wire. Version is still visible by 'dropbear -V' Based on a patch by Hans Dedecker Signed-off-by: Kevin Darbyshire-Bryant Signed-off-by: Felix Fietkau --- package/network/services/dropbear/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 8c9b45f486..7caf0c7083 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -104,6 +104,10 @@ define Build/Configure mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \ done + # remove protocol idented software version number + $(SED) 's,^#define LOCAL_IDENT .*$$$$,#define LOCAL_IDENT "SSH-2.0-dropbear",g' \ + $(PKG_BUILD_DIR)/sysoptions.h + # Enforce rebuild of svr-chansession.c rm -f $(PKG_BUILD_DIR)/svr-chansession.o endef From a6df50bf65395b99a8770d8bc0d1fec72ddecc7d Mon Sep 17 00:00:00 2001 From: "Joseph C. Sible" Date: Thu, 31 Aug 2017 14:33:16 +0200 Subject: [PATCH 28/38] dropbear: enable SHA256 HMACs The only HMACs currently available use MD5 and SHA1, both of which have known weaknesses. We already compile in the SHA256 code since we use Curve25519 by default, so there's no significant size penalty to enabling this. Signed-off-by: Joseph C. Sible --- .../services/dropbear/patches/120-openwrt_options.patch | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index f16aaf001e..b49a95ce93 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -44,10 +44,9 @@ * which are not the standard form. */ #define DROPBEAR_SHA1_HMAC -#define DROPBEAR_SHA1_96_HMAC --#define DROPBEAR_SHA2_256_HMAC --#define DROPBEAR_SHA2_512_HMAC +/*#define DROPBEAR_SHA1_96_HMAC*/ -+/*#define DROPBEAR_SHA2_256_HMAC*/ + #define DROPBEAR_SHA2_256_HMAC +-#define DROPBEAR_SHA2_512_HMAC +/*#define DROPBEAR_SHA2_512_HMAC*/ #define DROPBEAR_MD5_HMAC From 1ec44baa46731dad1cf386a367db42876ce60c18 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Thu, 31 Aug 2017 14:35:11 +0200 Subject: [PATCH 29/38] dropbear: bump to 2017.75 - Security: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys A user could symlink their ~/.ssh/authorized_keys to a root-owned file they couldn't normally read. If they managed to get that file to contain valid authorized_keys with command= options it might be possible to read other contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 Refresh patches, rework 100-pubkey_path.patch to work with new authorized_keys validation. Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dropbear/Makefile | 4 ++-- .../dropbear/patches/100-pubkey_path.patch | 24 ++++++++----------- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 7caf0c7083..55b39d1700 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2016.74 +PKG_VERSION:=2017.75 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ http://matt.ucc.asn.au/dropbear/releases/ \ https://dropbear.nl/mirror/releases/ -PKG_MD5SUM:=9ad0172731e0f16623937804643b5bd8 +PKG_MD5SUM:=e57e9b9d25705dcb073ba15c416424fd PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch b/package/network/services/dropbear/patches/100-pubkey_path.patch index 41fdc1adab..401c7e1ba5 100644 --- a/package/network/services/dropbear/patches/100-pubkey_path.patch +++ b/package/network/services/dropbear/patches/100-pubkey_path.patch @@ -1,6 +1,6 @@ --- a/svr-authpubkey.c +++ b/svr-authpubkey.c -@@ -218,17 +218,21 @@ static int checkpubkey(char* algo, unsig +@@ -220,14 +220,20 @@ static int checkpubkey(char* algo, unsig goto out; } @@ -12,9 +12,6 @@ - filename = m_malloc(len + 22); - snprintf(filename, len + 22, "%s/.ssh/authorized_keys", - ses.authstate.pw_dir); -- -- /* open the file */ -- authfile = fopen(filename, "r"); + if (ses.authstate.pw_uid != 0) { + /* we don't need to check pw and pw_dir for validity, since + * its been done in checkpubkeyperms. */ @@ -22,18 +19,17 @@ + /* allocate max required pathname storage, + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ + filename = m_malloc(len + 22); -+ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -+ ses.authstate.pw_dir); -+ -+ /* open the file */ -+ authfile = fopen(filename, "r"); ++ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", ++ ses.authstate.pw_dir); + } else { -+ authfile = fopen("/etc/dropbear/authorized_keys","r"); ++ filename = m_malloc(30); ++ strncpy(filename, "/etc/dropbear/authorized_keys", 30); + } - if (authfile == NULL) { - goto out; - } -@@ -381,26 +385,35 @@ static int checkpubkeyperms() { ++ + + /* open the file as the authenticating user. */ + origuid = getuid(); +@@ -396,26 +402,35 @@ static int checkpubkeyperms() { goto out; } From 998618bb3068d3318eacb28bedba28fe2e3444e1 Mon Sep 17 00:00:00 2001 From: Stijn Tintel Date: Fri, 1 Sep 2017 13:38:13 +0200 Subject: [PATCH 30/38] CC: samba: fix CVE-2017-7494 Signed-off-by: Stijn Tintel --- package/network/services/samba36/Makefile | 2 +- .../patches/028-CVE-2017-7494-v3-6.patch | 29 +++++++++++++++++++ .../patches/310-remove_error_strings.patch | 8 ++--- 3 files changed, 34 insertions(+), 5 deletions(-) create mode 100644 package/network/services/samba36/patches/028-CVE-2017-7494-v3-6.patch diff --git a/package/network/services/samba36/Makefile b/package/network/services/samba36/Makefile index 98ab31cab8..2e6518336e 100644 --- a/package/network/services/samba36/Makefile +++ b/package/network/services/samba36/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=samba PKG_VERSION:=3.6.25 -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_SOURCE_URL:=http://ftp.samba.org/pub/samba \ http://ftp.samba.org/pub/samba/stable diff --git a/package/network/services/samba36/patches/028-CVE-2017-7494-v3-6.patch b/package/network/services/samba36/patches/028-CVE-2017-7494-v3-6.patch new file mode 100644 index 0000000000..17b020d88a --- /dev/null +++ b/package/network/services/samba36/patches/028-CVE-2017-7494-v3-6.patch @@ -0,0 +1,29 @@ +From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001 +From: Volker Lendecke +Date: Mon, 8 May 2017 21:40:40 +0200 +Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with / + inside + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780 + +Signed-off-by: Volker Lendecke +Reviewed-by: Jeremy Allison +Reviewed-by: Stefan Metzmacher +--- + source3/rpc_server/srv_pipe.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_f + pipename += 1; + } + ++ if (strchr(pipename, '/')) { ++ DEBUG(1, ("Refusing open on pipe %s\n", pipename)); ++ return false; ++ } ++ + if (lp_disable_spoolss() && strequal(pipename, "spoolss")) { + DEBUG(10, ("refusing spoolss access\n")); + return false; diff --git a/package/network/services/samba36/patches/310-remove_error_strings.patch b/package/network/services/samba36/patches/310-remove_error_strings.patch index ee3460dfdb..596a327f6f 100644 --- a/package/network/services/samba36/patches/310-remove_error_strings.patch +++ b/package/network/services/samba36/patches/310-remove_error_strings.patch @@ -303,7 +303,7 @@ --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c -@@ -991,7 +991,6 @@ static bool api_pipe_bind_req(struct pip +@@ -996,7 +996,6 @@ static bool api_pipe_bind_req(struct pip if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("api_pipe_bind_req: invalid pdu: %s\n", nt_errstr(status))); @@ -311,7 +311,7 @@ goto err_exit; } -@@ -1325,7 +1324,6 @@ bool api_pipe_bind_auth3(struct pipes_st +@@ -1330,7 +1329,6 @@ bool api_pipe_bind_auth3(struct pipes_st if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("api_pipe_bind_auth3: invalid pdu: %s\n", nt_errstr(status))); @@ -319,7 +319,7 @@ goto err; } -@@ -1483,7 +1481,6 @@ static bool api_pipe_alter_context(struc +@@ -1488,7 +1486,6 @@ static bool api_pipe_alter_context(struc if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("api_pipe_alter_context: invalid pdu: %s\n", nt_errstr(status))); @@ -327,7 +327,7 @@ goto err_exit; } -@@ -2057,7 +2054,6 @@ static bool process_request_pdu(struct p +@@ -2062,7 +2059,6 @@ static bool process_request_pdu(struct p if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("process_request_pdu: invalid pdu: %s\n", nt_errstr(status))); From 03ffd583b9c2a5efae2176250ee2b7a00ae33933 Mon Sep 17 00:00:00 2001 From: Zoltan HERPAI Date: Sun, 17 Sep 2017 02:00:14 +0200 Subject: [PATCH 31/38] CC: upgrade kernel to 3.18.68 - compile tested on sunxi, imx6 - runtime tested on sunxi, imx6 - refresh patches - remove unnecessary patches Signed-off-by: Zoltan HERPAI --- include/kernel-version.mk | 4 +- .../mac80211/patches/090-remove-cred.patch | 15 +++++ .../101-cfi_fixup_macronix_bootloc.patch | 2 +- .../patches-3.18/004-tulip_pci_split.patch | 56 +++++++++---------- .../patches-3.18/005-tulip_platform.patch | 36 ++++++------ .../902-unaligned_access_hacks.patch | 9 --- .../003-mtd-spi-nor-from-3.19.patch | 18 +++--- .../004-mtd-spi-nor-from-3.20.patch | 4 +- ...d-vc_cma-driver-to-enable-use-of-CMA.patch | 2 +- ...-overcurrent-messages-more-prominent.patch | 2 +- ...tion-card-devices-to-be-configured-v.patch | 2 +- ...for-the-CONFIG_CMDLINE_EXTEND-option.patch | 2 +- .../400-mtd-bcm47xxpart-get-nvram.patch | 2 +- .../patches-3.18/025-smp_support.patch | 4 +- .../patches-3.18/040-fiq_support.patch | 4 +- .../patches-3.18/095-gpio_support.patch | 2 +- .../patches-3.18/100-laguna_support.patch | 2 +- ...-mtd-bcm47xxpart-backports-from-3.20.patch | 2 +- ...gmac-register-napi-before-the-device.patch | 6 +- ...-initialization-on-Northstar-SoCs-co.patch | 40 ------------- ...mac-implement-scatter-gather-support.patch | 2 +- ...pport-up-to-3-cores-devices-on-a-bus.patch | 2 +- ...-checking-for-BCM4707-BCM53018-chip-.patch | 2 +- ...enable-Ethernet-core-before-using-it.patch | 6 +- ...Push-rcu_read_lock-unlock-to-callers.patch | 2 +- ...ment-fix-headroom-tests-and-skb-leak.patch | 8 +-- ...limit-scanned-flash-area-on-BCM47XX-.patch | 33 ----------- ...part-don-t-fail-because-of-bit-flips.patch | 4 +- ...ehci-orion-fix-probe-for-GENERIC_PHY.patch | 35 ------------ .../patches-3.18/201-extra_optimization.patch | 2 +- .../patches-3.18/204-module_strip.patch | 16 +++--- ...25p80-mx-disable-software-protection.patch | 2 +- .../540-crypto-xz-decompression-support.patch | 2 +- .../patches-3.18/630-packet_socket_type.patch | 16 +++--- .../643-bridge_remove_ipv6_dependency.patch | 6 +- .../653-disable_netlink_trim.patch | 5 +- .../patches-3.18/655-increase_skb_pad.patch | 2 +- .../656-skb_reduce_truesize-helper.patch | 2 +- ...Add-support-for-MAP-E-FMRs-mesh-mode.patch | 26 ++++----- ...urce-specific-default-route-handling.patch | 4 +- ...ng-with-source-address-failed-policy.patch | 20 +++---- ...T-skip-GRO-for-foreign-MAC-addresses.patch | 14 ++--- .../patches-3.18/701-phy_extension.patch | 2 +- .../704-phy-no-genphy-soft-reset.patch | 11 +--- ...710-phy-add-mdio_register_board_info.patch | 2 +- .../patches-3.18/721-phy_packets.patch | 8 +-- .../patches-3.18/750-hostap_txpower.patch | 2 +- .../773-bgmac-add-srab-switch.patch | 4 +- .../811-pci_disable_usb_common_quirks.patch | 8 +-- .../patches-3.18/902-debloat_proc.patch | 2 +- .../940-ocf_kbuild_integration.patch | 2 +- .../997-device_tree_cmdline.patch | 2 +- ...i210-i211-support-for-phy-read-write.patch | 12 ++-- ...read-write-functions-that-accept-phy.patch | 32 +++++------ .../600-skb_avoid_dmabounce.patch | 4 +- .../0026-NET-multi-phy-support.patch | 6 +- .../0032-USB-fix-roothub-for-IFXHCD.patch | 2 +- .../patches-3.18/008-mcs814x_gpio.patch | 2 +- .../700-usb_xhci_plat_phy_support.patch | 4 +- .../0033-NET-multi-phy-support.patch | 6 +- ...0057-uvc-add-iPassion-iP2970-support.patch | 2 +- ...62-mt7621-add-ECHI-OCHI-XCHI-support.patch | 54 +++++++++--------- 62 files changed, 239 insertions(+), 353 deletions(-) create mode 100644 package/kernel/mac80211/patches/090-remove-cred.patch delete mode 100644 target/linux/generic/patches-3.18/072-bgmac-fix-device-initialization-on-Northstar-SoCs-co.patch delete mode 100644 target/linux/generic/patches-3.18/141-mtd-bcm47xxpart-limit-scanned-flash-area-on-BCM47XX-.patch delete mode 100644 target/linux/generic/patches-3.18/191-usb-ehci-orion-fix-probe-for-GENERIC_PHY.patch diff --git a/include/kernel-version.mk b/include/kernel-version.mk index 2f6d2790b1..87fd7a5fe6 100644 --- a/include/kernel-version.mk +++ b/include/kernel-version.mk @@ -2,9 +2,9 @@ LINUX_RELEASE?=1 -LINUX_VERSION-3.18 = .45 +LINUX_VERSION-3.18 = .68 -LINUX_KERNEL_MD5SUM-3.18.45 = c527bae0aa1a5d6f3ebe31ad348c5339 +LINUX_KERNEL_MD5SUM-3.18.68 = 5022a104125feab1042d86d72d66f447 ifdef KERNEL_PATCHVER LINUX_VERSION:=$(KERNEL_PATCHVER)$(strip $(LINUX_VERSION-$(KERNEL_PATCHVER))) diff --git a/package/kernel/mac80211/patches/090-remove-cred.patch b/package/kernel/mac80211/patches/090-remove-cred.patch new file mode 100644 index 0000000000..3adb2afb86 --- /dev/null +++ b/package/kernel/mac80211/patches/090-remove-cred.patch @@ -0,0 +1,15 @@ +This is only needed for kernel < 2.6.29 and conflicts with kernel 4.4.42 + +--- a/backport-include/linux/cred.h ++++ /dev/null +@@ -1,10 +0,0 @@ +-#ifndef __BACKPORT_LINUX_CRED_H +-#define __BACKPORT_LINUX_CRED_H +-#include_next +-#include +- +-#ifndef current_user_ns +-#define current_user_ns() (current->nsproxy->user_ns) +-#endif +- +-#endif /* __BACKPORT_LINUX_CRED_H */ diff --git a/target/linux/adm5120/patches-3.18/101-cfi_fixup_macronix_bootloc.patch b/target/linux/adm5120/patches-3.18/101-cfi_fixup_macronix_bootloc.patch index a0caa680bc..92937fce14 100644 --- a/target/linux/adm5120/patches-3.18/101-cfi_fixup_macronix_bootloc.patch +++ b/target/linux/adm5120/patches-3.18/101-cfi_fixup_macronix_bootloc.patch @@ -67,7 +67,7 @@ --- a/drivers/mtd/chips/Kconfig +++ b/drivers/mtd/chips/Kconfig -@@ -188,6 +188,14 @@ config MTD_CFI_AMDSTD +@@ -189,6 +189,14 @@ config MTD_CFI_AMDSTD provides support for command set 0002, used on chips including the AMD Am29LV320. diff --git a/target/linux/adm8668/patches-3.18/004-tulip_pci_split.patch b/target/linux/adm8668/patches-3.18/004-tulip_pci_split.patch index e57bdb73cc..e39a1686ce 100644 --- a/target/linux/adm8668/patches-3.18/004-tulip_pci_split.patch +++ b/target/linux/adm8668/patches-3.18/004-tulip_pci_split.patch @@ -1,6 +1,6 @@ --- a/drivers/net/ethernet/dec/tulip/tulip_core.c +++ b/drivers/net/ethernet/dec/tulip/tulip_core.c -@@ -207,6 +207,7 @@ struct tulip_chip_table tulip_tbl[] = { +@@ -206,6 +206,7 @@ struct tulip_chip_table tulip_tbl[] = { }; @@ -8,7 +8,7 @@ static const struct pci_device_id tulip_pci_tbl[] = { { 0x1011, 0x0009, PCI_ANY_ID, PCI_ANY_ID, 0, 0, DC21140 }, { 0x1011, 0x0019, PCI_ANY_ID, PCI_ANY_ID, 0, 0, DC21143 }, -@@ -250,7 +251,7 @@ static const struct pci_device_id tulip_ +@@ -249,7 +250,7 @@ static const struct pci_device_id tulip_ { } /* terminate list */ }; MODULE_DEVICE_TABLE(pci, tulip_pci_tbl); @@ -17,7 +17,7 @@ /* A full-duplex map for media types. */ const char tulip_media_cap[32] = -@@ -268,11 +269,14 @@ static void tulip_down(struct net_device +@@ -267,11 +268,14 @@ static void tulip_down(struct net_device static struct net_device_stats *tulip_get_stats(struct net_device *dev); static int private_ioctl(struct net_device *dev, struct ifreq *rq, int cmd); static void set_rx_mode(struct net_device *dev); @@ -32,7 +32,7 @@ static void tulip_set_power_state (struct tulip_private *tp, int sleep, int snooze) { -@@ -289,7 +293,7 @@ static void tulip_set_power_state (struc +@@ -288,7 +292,7 @@ static void tulip_set_power_state (struc } } @@ -41,7 +41,7 @@ static void tulip_up(struct net_device *dev) { -@@ -303,6 +307,7 @@ static void tulip_up(struct net_device * +@@ -302,6 +306,7 @@ static void tulip_up(struct net_device * napi_enable(&tp->napi); #endif @@ -49,7 +49,7 @@ /* Wake the chip from sleep/snooze mode. */ tulip_set_power_state (tp, 0, 0); -@@ -310,6 +315,7 @@ static void tulip_up(struct net_device * +@@ -309,6 +314,7 @@ static void tulip_up(struct net_device * pci_enable_wake(tp->pdev, PCI_D3hot, 0); pci_enable_wake(tp->pdev, PCI_D3cold, 0); tulip_set_wolopts(tp->pdev, 0); @@ -57,7 +57,7 @@ /* On some chip revs we must set the MII/SYM port before the reset!? */ if (tp->mii_cnt || (tp->mtable && tp->mtable->has_mii)) -@@ -317,18 +323,22 @@ static void tulip_up(struct net_device * +@@ -316,18 +322,22 @@ static void tulip_up(struct net_device * /* Reset the chip, holding bit 0 set at least 50 PCI cycles. */ iowrite32(0x00000001, ioaddr + CSR0); @@ -81,7 +81,7 @@ iowrite32(tp->rx_ring_dma, ioaddr + CSR3); iowrite32(tp->tx_ring_dma, ioaddr + CSR4); -@@ -362,9 +372,11 @@ static void tulip_up(struct net_device * +@@ -361,9 +371,11 @@ static void tulip_up(struct net_device * *setup_frm++ = eaddrs[1]; *setup_frm++ = eaddrs[1]; *setup_frm++ = eaddrs[2]; *setup_frm++ = eaddrs[2]; @@ -93,7 +93,7 @@ tp->tx_buffers[tp->cur_tx].skb = NULL; tp->tx_buffers[tp->cur_tx].mapping = mapping; -@@ -520,7 +532,7 @@ tulip_open(struct net_device *dev) +@@ -519,7 +531,7 @@ tulip_open(struct net_device *dev) tulip_init_ring (dev); @@ -102,7 +102,7 @@ dev->name, dev); if (retval) goto free_ring; -@@ -644,8 +656,10 @@ static void tulip_init_ring(struct net_d +@@ -643,8 +655,10 @@ static void tulip_init_ring(struct net_d tp->rx_buffers[i].skb = skb; if (skb == NULL) break; @@ -113,7 +113,7 @@ tp->rx_buffers[i].mapping = mapping; tp->rx_ring[i].status = cpu_to_le32(DescOwned); /* Owned by Tulip chip */ tp->rx_ring[i].buffer1 = cpu_to_le32(mapping); -@@ -678,8 +692,10 @@ tulip_start_xmit(struct sk_buff *skb, st +@@ -677,8 +691,10 @@ tulip_start_xmit(struct sk_buff *skb, st entry = tp->cur_tx % TX_RING_SIZE; tp->tx_buffers[entry].skb = skb; @@ -124,7 +124,7 @@ tp->tx_buffers[entry].mapping = mapping; tp->tx_ring[entry].buffer1 = cpu_to_le32(mapping); -@@ -730,16 +746,19 @@ static void tulip_clean_tx_ring(struct t +@@ -729,16 +745,19 @@ static void tulip_clean_tx_ring(struct t if (tp->tx_buffers[entry].skb == NULL) { /* test because dummy frames not mapped */ if (tp->tx_buffers[entry].mapping) @@ -145,7 +145,7 @@ /* Free the original skb. */ dev_kfree_skb_irq(tp->tx_buffers[entry].skb); -@@ -790,7 +809,9 @@ static void tulip_down (struct net_devic +@@ -789,7 +808,9 @@ static void tulip_down (struct net_devic dev->if_port = tp->saved_if_port; /* Leave the driver in snooze, not sleep, mode. */ @@ -155,7 +155,7 @@ } static void tulip_free_ring (struct net_device *dev) -@@ -811,8 +832,10 @@ static void tulip_free_ring (struct net_ +@@ -810,8 +831,10 @@ static void tulip_free_ring (struct net_ /* An invalid address. */ tp->rx_ring[i].buffer1 = cpu_to_le32(0xBADF00D0); if (skb) { @@ -166,7 +166,7 @@ dev_kfree_skb (skb); } } -@@ -821,8 +844,10 @@ static void tulip_free_ring (struct net_ +@@ -820,8 +843,10 @@ static void tulip_free_ring (struct net_ struct sk_buff *skb = tp->tx_buffers[i].skb; if (skb != NULL) { @@ -177,7 +177,7 @@ dev_kfree_skb (skb); } tp->tx_buffers[i].skb = NULL; -@@ -843,7 +868,7 @@ static int tulip_close (struct net_devic +@@ -842,7 +867,7 @@ static int tulip_close (struct net_devic netdev_dbg(dev, "Shutting down ethercard, status was %02x\n", ioread32 (ioaddr + CSR5)); @@ -186,7 +186,7 @@ tulip_free_ring (dev); -@@ -874,7 +899,9 @@ static void tulip_get_drvinfo(struct net +@@ -873,7 +898,9 @@ static void tulip_get_drvinfo(struct net struct tulip_private *np = netdev_priv(dev); strlcpy(info->driver, DRV_NAME, sizeof(info->driver)); strlcpy(info->version, DRV_VERSION, sizeof(info->version)); @@ -196,7 +196,7 @@ } -@@ -887,7 +914,9 @@ static int tulip_ethtool_set_wol(struct +@@ -886,7 +913,9 @@ static int tulip_ethtool_set_wol(struct return -EOPNOTSUPP; tp->wolinfo.wolopts = wolinfo->wolopts; @@ -207,7 +207,7 @@ return 0; } -@@ -1165,9 +1194,11 @@ static void set_rx_mode(struct net_devic +@@ -1164,9 +1193,11 @@ static void set_rx_mode(struct net_devic tp->tx_buffers[entry].skb = NULL; tp->tx_buffers[entry].mapping = @@ -219,7 +219,7 @@ /* Put the setup frame on the Tx list. */ if (entry == TX_RING_SIZE-1) tx_flags |= DESC_RING_WRAP; /* Wrap ring. */ -@@ -1264,19 +1295,22 @@ out: +@@ -1263,19 +1294,22 @@ out: netdev_dbg(dev, "MWI config cacheline=%d, csr0=%08x\n", cache, csr0); } @@ -243,7 +243,7 @@ static const struct net_device_ops tulip_netdev_ops = { .ndo_open = tulip_open, -@@ -1294,6 +1328,7 @@ static const struct net_device_ops tulip +@@ -1293,6 +1327,7 @@ static const struct net_device_ops tulip #endif }; @@ -251,7 +251,7 @@ const struct pci_device_id early_486_chipsets[] = { { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82424) }, { PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_496) }, -@@ -1471,6 +1506,8 @@ static int tulip_init_one(struct pci_dev +@@ -1470,6 +1505,8 @@ static int tulip_init_one(struct pci_dev } } tp->pdev = pdev; @@ -260,7 +260,7 @@ tp->base_addr = ioaddr; tp->revision = pdev->revision; tp->csr0 = csr0; -@@ -1801,6 +1838,7 @@ err_out_free_netdev: +@@ -1800,6 +1837,7 @@ err_out_free_netdev: } @@ -268,7 +268,7 @@ /* set the registers according to the given wolopts */ static void tulip_set_wolopts (struct pci_dev *pdev, u32 wolopts) { -@@ -1829,6 +1867,7 @@ static void tulip_set_wolopts (struct pc +@@ -1828,6 +1866,7 @@ static void tulip_set_wolopts (struct pc iowrite32(tmp, ioaddr + CSR13); } } @@ -276,7 +276,7 @@ #ifdef CONFIG_PM -@@ -1943,6 +1982,7 @@ static void tulip_remove_one(struct pci_ +@@ -1942,6 +1981,7 @@ static void tulip_remove_one(struct pci_ /* pci_power_off (pdev, -1); */ } @@ -284,7 +284,7 @@ #ifdef CONFIG_NET_POLL_CONTROLLER /* -@@ -1964,7 +2004,8 @@ static void poll_tulip (struct net_devic +@@ -1963,7 +2003,8 @@ static void poll_tulip (struct net_devic } #endif @@ -294,7 +294,7 @@ .name = DRV_NAME, .id_table = tulip_pci_tbl, .probe = tulip_init_one, -@@ -1974,10 +2015,12 @@ static struct pci_driver tulip_driver = +@@ -1973,10 +2014,12 @@ static struct pci_driver tulip_driver = .resume = tulip_resume, #endif /* CONFIG_PM */ }; @@ -307,7 +307,7 @@ #ifdef MODULE pr_info("%s", version); #endif -@@ -1987,13 +2030,18 @@ static int __init tulip_init (void) +@@ -1992,13 +2035,18 @@ static int __init tulip_init (void) tulip_max_interrupt_work = max_interrupt_work; /* probe for and init boards */ diff --git a/target/linux/adm8668/patches-3.18/005-tulip_platform.patch b/target/linux/adm8668/patches-3.18/005-tulip_platform.patch index bddc572c66..184a5d0a70 100644 --- a/target/linux/adm8668/patches-3.18/005-tulip_platform.patch +++ b/target/linux/adm8668/patches-3.18/005-tulip_platform.patch @@ -26,7 +26,7 @@ #include #include #include -@@ -204,6 +206,9 @@ struct tulip_chip_table tulip_tbl[] = { +@@ -203,6 +205,9 @@ struct tulip_chip_table tulip_tbl[] = { { "Conexant LANfinity", 256, 0x0001ebef, HAS_MII | HAS_ACPI, tulip_timer, tulip_media_task }, @@ -36,7 +36,7 @@ }; -@@ -377,6 +382,11 @@ static void tulip_up(struct net_device * +@@ -376,6 +381,11 @@ static void tulip_up(struct net_device * sizeof(tp->setup_frame), PCI_DMA_TODEVICE); #endif @@ -48,7 +48,7 @@ tp->tx_buffers[tp->cur_tx].skb = NULL; tp->tx_buffers[tp->cur_tx].mapping = mapping; -@@ -396,6 +406,7 @@ static void tulip_up(struct net_device * +@@ -395,6 +405,7 @@ static void tulip_up(struct net_device * i = 0; if (tp->mtable == NULL) goto media_picked; @@ -56,7 +56,7 @@ if (dev->if_port) { int looking_for = tulip_media_cap[dev->if_port] & MediaIsMII ? 11 : (dev->if_port == 12 ? 0 : dev->if_port); -@@ -489,6 +500,10 @@ media_picked: +@@ -488,6 +499,10 @@ media_picked: iowrite32(ioread32(ioaddr + 0x88) | 1, ioaddr + 0x88); dev->if_port = tp->mii_cnt ? 11 : 0; tp->csr6 = 0x00040000; @@ -67,7 +67,7 @@ } else if (tp->chip_id == AX88140) { tp->csr6 = tp->mii_cnt ? 0x00040100 : 0x00000100; } else -@@ -660,6 +675,10 @@ static void tulip_init_ring(struct net_d +@@ -659,6 +674,10 @@ static void tulip_init_ring(struct net_d mapping = pci_map_single(tp->pdev, skb->data, PKT_BUF_SZ, PCI_DMA_FROMDEVICE); #endif @@ -78,7 +78,7 @@ tp->rx_buffers[i].mapping = mapping; tp->rx_ring[i].status = cpu_to_le32(DescOwned); /* Owned by Tulip chip */ tp->rx_ring[i].buffer1 = cpu_to_le32(mapping); -@@ -696,6 +715,11 @@ tulip_start_xmit(struct sk_buff *skb, st +@@ -695,6 +714,11 @@ tulip_start_xmit(struct sk_buff *skb, st mapping = pci_map_single(tp->pdev, skb->data, skb->len, PCI_DMA_TODEVICE); #endif @@ -90,7 +90,7 @@ tp->tx_buffers[entry].mapping = mapping; tp->tx_ring[entry].buffer1 = cpu_to_le32(mapping); -@@ -752,6 +776,13 @@ static void tulip_clean_tx_ring(struct t +@@ -751,6 +775,13 @@ static void tulip_clean_tx_ring(struct t sizeof(tp->setup_frame), PCI_DMA_TODEVICE); #endif @@ -104,7 +104,7 @@ continue; } #ifdef CONFIG_TULIP_PCI -@@ -759,6 +790,11 @@ static void tulip_clean_tx_ring(struct t +@@ -758,6 +789,11 @@ static void tulip_clean_tx_ring(struct t tp->tx_buffers[entry].skb->len, PCI_DMA_TODEVICE); #endif @@ -116,7 +116,7 @@ /* Free the original skb. */ dev_kfree_skb_irq(tp->tx_buffers[entry].skb); -@@ -836,6 +872,10 @@ static void tulip_free_ring (struct net_ +@@ -835,6 +871,10 @@ static void tulip_free_ring (struct net_ pci_unmap_single(tp->pdev, mapping, PKT_BUF_SZ, PCI_DMA_FROMDEVICE); #endif @@ -127,7 +127,7 @@ dev_kfree_skb (skb); } } -@@ -848,6 +888,10 @@ static void tulip_free_ring (struct net_ +@@ -847,6 +887,10 @@ static void tulip_free_ring (struct net_ pci_unmap_single(tp->pdev, tp->tx_buffers[i].mapping, skb->len, PCI_DMA_TODEVICE); #endif @@ -138,7 +138,7 @@ dev_kfree_skb (skb); } tp->tx_buffers[i].skb = NULL; -@@ -902,6 +946,9 @@ static void tulip_get_drvinfo(struct net +@@ -901,6 +945,9 @@ static void tulip_get_drvinfo(struct net #ifdef CONFIG_TULIP_PCI strlcpy(info->bus_info, pci_name(np->pdev), sizeof(info->bus_info)); #endif @@ -148,7 +148,7 @@ } -@@ -917,6 +964,9 @@ static int tulip_ethtool_set_wol(struct +@@ -916,6 +963,9 @@ static int tulip_ethtool_set_wol(struct #ifdef CONFIG_TULIP_PCI device_set_wakeup_enable(tp->kdev, tp->wolinfo.wolopts); #endif @@ -158,7 +158,7 @@ return 0; } -@@ -1192,13 +1242,20 @@ static void set_rx_mode(struct net_devic +@@ -1191,13 +1241,20 @@ static void set_rx_mode(struct net_devic } @@ -180,7 +180,7 @@ /* Put the setup frame on the Tx list. */ if (entry == TX_RING_SIZE-1) tx_flags |= DESC_RING_WRAP; /* Wrap ring. */ -@@ -1218,6 +1275,9 @@ static void set_rx_mode(struct net_devic +@@ -1217,6 +1274,9 @@ static void set_rx_mode(struct net_devic spin_unlock_irqrestore(&tp->lock, flags); } @@ -190,7 +190,7 @@ iowrite32(csr6, ioaddr + CSR6); } -@@ -1984,6 +2044,126 @@ static void tulip_remove_one(struct pci_ +@@ -1983,6 +2043,126 @@ static void tulip_remove_one(struct pci_ } #endif /* CONFIG_TULIP_PCI */ @@ -317,7 +317,7 @@ #ifdef CONFIG_NET_POLL_CONTROLLER /* * Polling 'interrupt' - used by things like netconsole to send skbs -@@ -2017,6 +2197,17 @@ static struct pci_driver tulip_pci_drive +@@ -2016,6 +2196,17 @@ static struct pci_driver tulip_pci_drive }; #endif @@ -335,7 +335,7 @@ static int __init tulip_init (void) { -@@ -2033,6 +2224,9 @@ static int __init tulip_init (void) +@@ -2038,6 +2229,9 @@ static int __init tulip_init (void) #ifdef CONFIG_TULIP_PCI ret = pci_register_driver(&tulip_pci_driver); #endif @@ -345,7 +345,7 @@ return ret; } -@@ -2042,6 +2236,9 @@ static void __exit tulip_cleanup (void) +@@ -2047,6 +2241,9 @@ static void __exit tulip_cleanup (void) #ifdef CONFIG_TULIP_PCI pci_unregister_driver (&tulip_pci_driver); #endif diff --git a/target/linux/ar71xx/patches-3.18/902-unaligned_access_hacks.patch b/target/linux/ar71xx/patches-3.18/902-unaligned_access_hacks.patch index bf03545e43..9310b503c6 100644 --- a/target/linux/ar71xx/patches-3.18/902-unaligned_access_hacks.patch +++ b/target/linux/ar71xx/patches-3.18/902-unaligned_access_hacks.patch @@ -263,15 +263,6 @@ case IPV6_2292HOPOPTS: --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c -@@ -394,7 +394,7 @@ static void ip6gre_err(struct sk_buff *s - - t = ip6gre_tunnel_lookup(skb->dev, &ipv6h->daddr, &ipv6h->saddr, - flags & GRE_KEY ? -- *(((__be32 *)p) + (grehlen / 4) - 1) : 0, -+ net_hdr_word(((__be32 *)p) + (grehlen / 4) - 1) : 0, - p[1]); - if (t == NULL) - return; @@ -476,11 +476,11 @@ static int ip6gre_rcv(struct sk_buff *sk offset += 4; } diff --git a/target/linux/bcm53xx/patches-3.18/003-mtd-spi-nor-from-3.19.patch b/target/linux/bcm53xx/patches-3.18/003-mtd-spi-nor-from-3.19.patch index e7e84433ca..6bd1811399 100644 --- a/target/linux/bcm53xx/patches-3.18/003-mtd-spi-nor-from-3.19.patch +++ b/target/linux/bcm53xx/patches-3.18/003-mtd-spi-nor-from-3.19.patch @@ -496,7 +496,7 @@ return 1; ret = read_sr(nor); -@@ -880,11 +896,11 @@ static int spansion_quad_enable(struct s +@@ -887,11 +903,11 @@ static int spansion_quad_enable(struct s return 0; } @@ -510,7 +510,7 @@ case CFI_MFR_MACRONIX: status = macronix_quad_enable(nor); if (status) { -@@ -910,11 +926,6 @@ static int spi_nor_check(struct spi_nor +@@ -917,11 +933,6 @@ static int spi_nor_check(struct spi_nor return -EINVAL; } @@ -522,7 +522,7 @@ return 0; } -@@ -932,16 +943,24 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -939,16 +950,24 @@ int spi_nor_scan(struct spi_nor *nor, co if (ret) return ret; @@ -551,7 +551,7 @@ if (IS_ERR(jid)) { return PTR_ERR(jid); } else if (jid != id) { -@@ -966,10 +985,10 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -973,10 +992,10 @@ int spi_nor_scan(struct spi_nor *nor, co * up with the software protection bits set */ @@ -566,7 +566,7 @@ write_enable(nor); write_sr(nor, 0); } -@@ -984,7 +1003,7 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -991,7 +1010,7 @@ int spi_nor_scan(struct spi_nor *nor, co mtd->_read = spi_nor_read; /* nor protection support for STmicro chips */ @@ -575,7 +575,7 @@ mtd->_lock = spi_nor_lock; mtd->_unlock = spi_nor_unlock; } -@@ -995,9 +1014,8 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -1002,9 +1021,8 @@ int spi_nor_scan(struct spi_nor *nor, co else mtd->_write = spi_nor_write; @@ -587,7 +587,7 @@ #ifdef CONFIG_MTD_SPI_NOR_USE_4K_SECTORS /* prefer "small sector" erase if possible */ -@@ -1038,7 +1056,7 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -1045,7 +1063,7 @@ int spi_nor_scan(struct spi_nor *nor, co /* Quad/Dual-read mode takes precedence over fast/normal */ if (mode == SPI_NOR_QUAD && info->flags & SPI_NOR_QUAD_READ) { @@ -596,7 +596,7 @@ if (ret) { dev_err(dev, "quad mode not supported\n"); return ret; -@@ -1074,7 +1092,7 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -1081,7 +1099,7 @@ int spi_nor_scan(struct spi_nor *nor, co else if (mtd->size > 0x1000000) { /* enable 4-byte addressing if the device exceeds 16MiB */ nor->addr_width = 4; @@ -605,7 +605,7 @@ /* Dedicated 4-byte command set */ switch (nor->flash_read) { case SPI_NOR_QUAD: -@@ -1095,7 +1113,7 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -1102,7 +1120,7 @@ int spi_nor_scan(struct spi_nor *nor, co nor->erase_opcode = SPINOR_OP_SE_4B; mtd->erasesize = info->sector_size; } else diff --git a/target/linux/bcm53xx/patches-3.18/004-mtd-spi-nor-from-3.20.patch b/target/linux/bcm53xx/patches-3.18/004-mtd-spi-nor-from-3.20.patch index 1238785e47..3172e990ca 100644 --- a/target/linux/bcm53xx/patches-3.18/004-mtd-spi-nor-from-3.20.patch +++ b/target/linux/bcm53xx/patches-3.18/004-mtd-spi-nor-from-3.20.patch @@ -23,7 +23,7 @@ /* PMC */ { "pm25lv512", INFO(0, 0, 32 * 1024, 2, SECT_4K_PMC) }, -@@ -896,6 +896,45 @@ static int spansion_quad_enable(struct s +@@ -903,6 +903,45 @@ static int spansion_quad_enable(struct s return 0; } @@ -69,7 +69,7 @@ static int set_quad_mode(struct spi_nor *nor, struct flash_info *info) { int status; -@@ -908,6 +947,13 @@ static int set_quad_mode(struct spi_nor +@@ -915,6 +954,13 @@ static int set_quad_mode(struct spi_nor return -EINVAL; } return status; diff --git a/target/linux/brcm2708/patches-3.18/0012-cma-Add-vc_cma-driver-to-enable-use-of-CMA.patch b/target/linux/brcm2708/patches-3.18/0012-cma-Add-vc_cma-driver-to-enable-use-of-CMA.patch index 2edcd35cd4..90d6c6e004 100644 --- a/target/linux/brcm2708/patches-3.18/0012-cma-Add-vc_cma-driver-to-enable-use-of-CMA.patch +++ b/target/linux/brcm2708/patches-3.18/0012-cma-Add-vc_cma-driver-to-enable-use-of-CMA.patch @@ -22,7 +22,7 @@ Signed-off-by: popcornmix --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig -@@ -581,6 +581,8 @@ config DEVPORT +@@ -583,6 +583,8 @@ config DEVPORT source "drivers/s390/char/Kconfig" diff --git a/target/linux/brcm2708/patches-3.18/0055-usb-core-make-overcurrent-messages-more-prominent.patch b/target/linux/brcm2708/patches-3.18/0055-usb-core-make-overcurrent-messages-more-prominent.patch index 316f80eb87..8e5a74b8d0 100644 --- a/target/linux/brcm2708/patches-3.18/0055-usb-core-make-overcurrent-messages-more-prominent.patch +++ b/target/linux/brcm2708/patches-3.18/0055-usb-core-make-overcurrent-messages-more-prominent.patch @@ -10,7 +10,7 @@ Hub overcurrent messages are more serious than "debug". Increase loglevel. --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c -@@ -4932,7 +4932,7 @@ static void port_event(struct usb_hub *h +@@ -4933,7 +4933,7 @@ static void port_event(struct usb_hub *h if (portchange & USB_PORT_STAT_C_OVERCURRENT) { u16 status = 0, unused; diff --git a/target/linux/brcm2708/patches-3.18/0063-bcm2708-Allow-option-card-devices-to-be-configured-v.patch b/target/linux/brcm2708/patches-3.18/0063-bcm2708-Allow-option-card-devices-to-be-configured-v.patch index c986c840fb..4e0a191fa8 100644 --- a/target/linux/brcm2708/patches-3.18/0063-bcm2708-Allow-option-card-devices-to-be-configured-v.patch +++ b/target/linux/brcm2708/patches-3.18/0063-bcm2708-Allow-option-card-devices-to-be-configured-v.patch @@ -369,7 +369,7 @@ support code with each new device. mmc_of_parse(mmc); --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c -@@ -1086,8 +1086,12 @@ static struct debugfs_blob_wrapper flat_ +@@ -1092,8 +1092,12 @@ static struct debugfs_blob_wrapper flat_ static int __init of_flat_dt_debugfs_export_fdt(void) { diff --git a/target/linux/brcm2708/patches-3.18/0065-fdt-Add-support-for-the-CONFIG_CMDLINE_EXTEND-option.patch b/target/linux/brcm2708/patches-3.18/0065-fdt-Add-support-for-the-CONFIG_CMDLINE_EXTEND-option.patch index 7f61b338db..17d6b927db 100644 --- a/target/linux/brcm2708/patches-3.18/0065-fdt-Add-support-for-the-CONFIG_CMDLINE_EXTEND-option.patch +++ b/target/linux/brcm2708/patches-3.18/0065-fdt-Add-support-for-the-CONFIG_CMDLINE_EXTEND-option.patch @@ -9,7 +9,7 @@ Subject: [PATCH 65/99] fdt: Add support for the CONFIG_CMDLINE_EXTEND option --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c -@@ -901,22 +901,38 @@ int __init early_init_dt_scan_chosen(uns +@@ -907,22 +907,38 @@ int __init early_init_dt_scan_chosen(uns /* Retrieve command line */ p = of_get_flat_dt_prop(node, "bootargs", &l); diff --git a/target/linux/brcm47xx/patches-3.18/400-mtd-bcm47xxpart-get-nvram.patch b/target/linux/brcm47xx/patches-3.18/400-mtd-bcm47xxpart-get-nvram.patch index 4fb8a87d4c..9ffc4ca31c 100644 --- a/target/linux/brcm47xx/patches-3.18/400-mtd-bcm47xxpart-get-nvram.patch +++ b/target/linux/brcm47xx/patches-3.18/400-mtd-bcm47xxpart-get-nvram.patch @@ -8,7 +8,7 @@ /* * Some really old flashes (like AT45DB*) had smaller erasesize-s, but -@@ -334,12 +335,23 @@ static int bcm47xxpart_parse(struct mtd_ +@@ -332,12 +333,23 @@ static int bcm47xxpart_parse(struct mtd_ if (buf[0] == NVRAM_HEADER) { bcm47xxpart_add_part(&parts[curr_part++], "nvram", master->size - blocksize, 0); diff --git a/target/linux/cns3xxx/patches-3.18/025-smp_support.patch b/target/linux/cns3xxx/patches-3.18/025-smp_support.patch index 418c065a97..0f1f5aa630 100644 --- a/target/linux/cns3xxx/patches-3.18/025-smp_support.patch +++ b/target/linux/cns3xxx/patches-3.18/025-smp_support.patch @@ -1,8 +1,8 @@ --- a/arch/arm/mach-cns3xxx/Makefile +++ b/arch/arm/mach-cns3xxx/Makefile -@@ -5,3 +5,5 @@ cns3xxx-y += core.o pm.o - cns3xxx-$(CONFIG_ATAGS) += devices.o +@@ -6,3 +6,5 @@ cns3xxx-$(CONFIG_ATAGS) += devices.o cns3xxx-$(CONFIG_PCI) += pcie.o + CFLAGS_pcie.o += -Wframe-larger-than=1536 # override default 1024, this is safe here cns3xxx-$(CONFIG_MACH_CNS3420VB) += cns3420vb.o +cns3xxx-$(CONFIG_SMP) += platsmp.o headsmp.o +cns3xxx-$(CONFIG_HOTPLUG_CPU) += hotplug.o diff --git a/target/linux/cns3xxx/patches-3.18/040-fiq_support.patch b/target/linux/cns3xxx/patches-3.18/040-fiq_support.patch index 4f09a36f14..acfe338312 100644 --- a/target/linux/cns3xxx/patches-3.18/040-fiq_support.patch +++ b/target/linux/cns3xxx/patches-3.18/040-fiq_support.patch @@ -10,9 +10,9 @@ --- a/arch/arm/mach-cns3xxx/Makefile +++ b/arch/arm/mach-cns3xxx/Makefile -@@ -5,5 +5,5 @@ cns3xxx-y += core.o pm.o - cns3xxx-$(CONFIG_ATAGS) += devices.o +@@ -6,5 +6,5 @@ cns3xxx-$(CONFIG_ATAGS) += devices.o cns3xxx-$(CONFIG_PCI) += pcie.o + CFLAGS_pcie.o += -Wframe-larger-than=1536 # override default 1024, this is safe here cns3xxx-$(CONFIG_MACH_CNS3420VB) += cns3420vb.o -cns3xxx-$(CONFIG_SMP) += platsmp.o headsmp.o +cns3xxx-$(CONFIG_SMP) += platsmp.o headsmp.o cns3xxx_fiq.o diff --git a/target/linux/cns3xxx/patches-3.18/095-gpio_support.patch b/target/linux/cns3xxx/patches-3.18/095-gpio_support.patch index a6ce177493..b95a0897fa 100644 --- a/target/linux/cns3xxx/patches-3.18/095-gpio_support.patch +++ b/target/linux/cns3xxx/patches-3.18/095-gpio_support.patch @@ -32,7 +32,7 @@ +cns3xxx-y += core.o pm.o gpio.o cns3xxx-$(CONFIG_ATAGS) += devices.o cns3xxx-$(CONFIG_PCI) += pcie.o - cns3xxx-$(CONFIG_MACH_CNS3420VB) += cns3420vb.o + CFLAGS_pcie.o += -Wframe-larger-than=1536 # override default 1024, this is safe here --- a/arch/arm/mach-cns3xxx/cns3xxx.h +++ b/arch/arm/mach-cns3xxx/cns3xxx.h @@ -68,8 +68,10 @@ diff --git a/target/linux/cns3xxx/patches-3.18/100-laguna_support.patch b/target/linux/cns3xxx/patches-3.18/100-laguna_support.patch index 3c0bba4316..622ba5453b 100644 --- a/target/linux/cns3xxx/patches-3.18/100-laguna_support.patch +++ b/target/linux/cns3xxx/patches-3.18/100-laguna_support.patch @@ -15,7 +15,7 @@ endif --- a/arch/arm/mach-cns3xxx/Makefile +++ b/arch/arm/mach-cns3xxx/Makefile -@@ -7,3 +7,5 @@ cns3xxx-$(CONFIG_PCI) += pcie.o +@@ -8,3 +8,5 @@ CFLAGS_pcie.o += -Wframe-larger-than= cns3xxx-$(CONFIG_MACH_CNS3420VB) += cns3420vb.o cns3xxx-$(CONFIG_SMP) += platsmp.o headsmp.o cns3xxx_fiq.o cns3xxx-$(CONFIG_HOTPLUG_CPU) += hotplug.o diff --git a/target/linux/generic/patches-3.18/041-mtd-bcm47xxpart-backports-from-3.20.patch b/target/linux/generic/patches-3.18/041-mtd-bcm47xxpart-backports-from-3.20.patch index 59180c2084..f3dfa901f1 100644 --- a/target/linux/generic/patches-3.18/041-mtd-bcm47xxpart-backports-from-3.20.patch +++ b/target/linux/generic/patches-3.18/041-mtd-bcm47xxpart-backports-from-3.20.patch @@ -83,7 +83,7 @@ offset + trx->offset[i], 0); i++; -@@ -205,7 +235,8 @@ static int bcm47xxpart_parse(struct mtd_ +@@ -203,7 +233,8 @@ static int bcm47xxpart_parse(struct mtd_ } /* Squashfs on devices not using TRX */ diff --git a/target/linux/generic/patches-3.18/070-bgmac-register-napi-before-the-device.patch b/target/linux/generic/patches-3.18/070-bgmac-register-napi-before-the-device.patch index aa45860e93..0e7e4f8b12 100644 --- a/target/linux/generic/patches-3.18/070-bgmac-register-napi-before-the-device.patch +++ b/target/linux/generic/patches-3.18/070-bgmac-register-napi-before-the-device.patch @@ -13,7 +13,7 @@ Signed-off-by: David S. Miller --- a/drivers/net/ethernet/broadcom/bgmac.c +++ b/drivers/net/ethernet/broadcom/bgmac.c -@@ -1515,6 +1515,8 @@ static int bgmac_probe(struct bcma_devic +@@ -1521,6 +1521,8 @@ static int bgmac_probe(struct bcma_devic if (core->bus->sprom.boardflags_lo & BGMAC_BFL_ENETADM) bgmac_warn(bgmac, "Support for ADMtek ethernet switch not implemented\n"); @@ -22,7 +22,7 @@ Signed-off-by: David S. Miller err = bgmac_mii_register(bgmac); if (err) { bgmac_err(bgmac, "Cannot register MDIO\n"); -@@ -1529,8 +1531,6 @@ static int bgmac_probe(struct bcma_devic +@@ -1535,8 +1537,6 @@ static int bgmac_probe(struct bcma_devic netif_carrier_off(net_dev); @@ -31,7 +31,7 @@ Signed-off-by: David S. Miller return 0; err_mii_unregister: -@@ -1549,9 +1549,9 @@ static void bgmac_remove(struct bcma_dev +@@ -1555,9 +1555,9 @@ static void bgmac_remove(struct bcma_dev { struct bgmac *bgmac = bcma_get_drvdata(core); diff --git a/target/linux/generic/patches-3.18/072-bgmac-fix-device-initialization-on-Northstar-SoCs-co.patch b/target/linux/generic/patches-3.18/072-bgmac-fix-device-initialization-on-Northstar-SoCs-co.patch deleted file mode 100644 index 121d2f4122..0000000000 --- a/target/linux/generic/patches-3.18/072-bgmac-fix-device-initialization-on-Northstar-SoCs-co.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 21697336d46b71dd031f29e426dda0b1e7f06cc0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Wed, 11 Feb 2015 18:06:34 +0100 -Subject: [PATCH] bgmac: fix device initialization on Northstar SoCs (condition - typo) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -On Northstar (Broadcom's ARM architecture) we need to manually enable -all cores. Code for that is already in place, but the condition for it -was wrong. - -Signed-off-by: Rafał Miłecki -Signed-off-by: David S. Miller ---- - drivers/net/ethernet/broadcom/bgmac.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - ---- a/drivers/net/ethernet/broadcom/bgmac.c -+++ b/drivers/net/ethernet/broadcom/bgmac.c -@@ -1412,6 +1412,7 @@ static void bgmac_mii_unregister(struct - /* http://bcm-v4.sipsolutions.net/mac-gbit/gmac/chipattach */ - static int bgmac_probe(struct bcma_device *core) - { -+ struct bcma_chipinfo *ci = &core->bus->chipinfo; - struct net_device *net_dev; - struct bgmac *bgmac; - struct ssb_sprom *sprom = &core->bus->sprom; -@@ -1474,8 +1475,8 @@ static int bgmac_probe(struct bcma_devic - bgmac_chip_reset(bgmac); - - /* For Northstar, we have to take all GMAC core out of reset */ -- if (core->id.id == BCMA_CHIP_ID_BCM4707 || -- core->id.id == BCMA_CHIP_ID_BCM53018) { -+ if (ci->id == BCMA_CHIP_ID_BCM4707 || -+ ci->id == BCMA_CHIP_ID_BCM53018) { - struct bcma_device *ns_core; - int ns_gmac; - diff --git a/target/linux/generic/patches-3.18/077-03-bgmac-implement-scatter-gather-support.patch b/target/linux/generic/patches-3.18/077-03-bgmac-implement-scatter-gather-support.patch index 5cb21a565a..27fa7321e9 100644 --- a/target/linux/generic/patches-3.18/077-03-bgmac-implement-scatter-gather-support.patch +++ b/target/linux/generic/patches-3.18/077-03-bgmac-implement-scatter-gather-support.patch @@ -254,7 +254,7 @@ Signed-off-by: Felix Fietkau } } -@@ -1583,6 +1657,10 @@ static int bgmac_probe(struct bcma_devic +@@ -1588,6 +1662,10 @@ static int bgmac_probe(struct bcma_devic goto err_dma_free; } diff --git a/target/linux/generic/patches-3.18/078-01-bgmac-support-up-to-3-cores-devices-on-a-bus.patch b/target/linux/generic/patches-3.18/078-01-bgmac-support-up-to-3-cores-devices-on-a-bus.patch index d093e89dea..2582538966 100644 --- a/target/linux/generic/patches-3.18/078-01-bgmac-support-up-to-3-cores-devices-on-a-bus.patch +++ b/target/linux/generic/patches-3.18/078-01-bgmac-support-up-to-3-cores-devices-on-a-bus.patch @@ -44,7 +44,7 @@ Signed-off-by: David S. Miller pr_err("Unsupported core_unit %d\n", core->core_unit); return -ENOTSUPP; } -@@ -1588,8 +1597,17 @@ static int bgmac_probe(struct bcma_devic +@@ -1593,8 +1602,17 @@ static int bgmac_probe(struct bcma_devic } bgmac->cmn = core->bus->drv_gmac_cmn.core; diff --git a/target/linux/generic/patches-3.18/078-02-bgmac-add-helper-checking-for-BCM4707-BCM53018-chip-.patch b/target/linux/generic/patches-3.18/078-02-bgmac-add-helper-checking-for-BCM4707-BCM53018-chip-.patch index 63010c1450..3ab953f1c4 100644 --- a/target/linux/generic/patches-3.18/078-02-bgmac-add-helper-checking-for-BCM4707-BCM53018-chip-.patch +++ b/target/linux/generic/patches-3.18/078-02-bgmac-add-helper-checking-for-BCM4707-BCM53018-chip-.patch @@ -94,7 +94,7 @@ Signed-off-by: David S. Miller struct net_device *net_dev; struct bgmac *bgmac; struct ssb_sprom *sprom = &core->bus->sprom; -@@ -1626,8 +1629,7 @@ static int bgmac_probe(struct bcma_devic +@@ -1631,8 +1634,7 @@ static int bgmac_probe(struct bcma_devic bgmac_chip_reset(bgmac); /* For Northstar, we have to take all GMAC core out of reset */ diff --git a/target/linux/generic/patches-3.18/078-04-bgmac-reset-enable-Ethernet-core-before-using-it.patch b/target/linux/generic/patches-3.18/078-04-bgmac-reset-enable-Ethernet-core-before-using-it.patch index 8dac985a72..b3194f04e0 100644 --- a/target/linux/generic/patches-3.18/078-04-bgmac-reset-enable-Ethernet-core-before-using-it.patch +++ b/target/linux/generic/patches-3.18/078-04-bgmac-reset-enable-Ethernet-core-before-using-it.patch @@ -19,9 +19,9 @@ Signed-off-by: David S. Miller --- a/drivers/net/ethernet/broadcom/bgmac.c +++ b/drivers/net/ethernet/broadcom/bgmac.c -@@ -1578,6 +1578,11 @@ static int bgmac_probe(struct bcma_devic - dev_warn(&core->dev, "Using random MAC: %pM\n", mac); - } +@@ -1583,6 +1583,11 @@ static int bgmac_probe(struct bcma_devic + */ + bcma_core_enable(core, 0); + /* This (reset &) enable is not preset in specs or reference driver but + * Broadcom does it in arch PCI code when enabling fake PCI device. diff --git a/target/linux/generic/patches-3.18/080-11-fib_trie-Push-rcu_read_lock-unlock-to-callers.patch b/target/linux/generic/patches-3.18/080-11-fib_trie-Push-rcu_read_lock-unlock-to-callers.patch index fe55323a50..29bec8387d 100644 --- a/target/linux/generic/patches-3.18/080-11-fib_trie-Push-rcu_read_lock-unlock-to-callers.patch +++ b/target/linux/generic/patches-3.18/080-11-fib_trie-Push-rcu_read_lock-unlock-to-callers.patch @@ -172,7 +172,7 @@ Signed-off-by: David S. Miller u32 portid; net = sock_net(skb->sk); -@@ -971,9 +976,7 @@ static void nl_fib_input(struct sk_buff +@@ -972,9 +977,7 @@ static void nl_fib_input(struct sk_buff nlh = nlmsg_hdr(skb); frn = (struct fib_result_nl *) nlmsg_data(nlh); diff --git a/target/linux/generic/patches-3.18/082-ipv6-ip6_fragment-fix-headroom-tests-and-skb-leak.patch b/target/linux/generic/patches-3.18/082-ipv6-ip6_fragment-fix-headroom-tests-and-skb-leak.patch index d3da41e918..9f39e5ba5e 100644 --- a/target/linux/generic/patches-3.18/082-ipv6-ip6_fragment-fix-headroom-tests-and-skb-leak.patch +++ b/target/linux/generic/patches-3.18/082-ipv6-ip6_fragment-fix-headroom-tests-and-skb-leak.patch @@ -44,7 +44,7 @@ Closes 20532 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c -@@ -597,20 +597,22 @@ int ip6_fragment(struct sk_buff *skb, in +@@ -600,20 +600,22 @@ int ip6_fragment(struct sk_buff *skb, in } mtu -= hlen + sizeof(struct frag_hdr); @@ -69,7 +69,7 @@ Closes 20532 goto slow_path_clean; /* Partially cloned skb? */ -@@ -627,8 +629,6 @@ int ip6_fragment(struct sk_buff *skb, in +@@ -630,8 +632,6 @@ int ip6_fragment(struct sk_buff *skb, in err = 0; offset = 0; @@ -78,7 +78,7 @@ Closes 20532 /* BUILD HEADER */ *prevhdr = NEXTHDR_FRAGMENT; -@@ -636,8 +636,11 @@ int ip6_fragment(struct sk_buff *skb, in +@@ -639,8 +639,11 @@ int ip6_fragment(struct sk_buff *skb, in if (!tmp_hdr) { IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS); @@ -91,7 +91,7 @@ Closes 20532 __skb_pull(skb, hlen); fh = (struct frag_hdr *)__skb_push(skb, sizeof(struct frag_hdr)); -@@ -735,7 +738,6 @@ slow_path: +@@ -738,7 +741,6 @@ slow_path: */ *prevhdr = NEXTHDR_FRAGMENT; diff --git a/target/linux/generic/patches-3.18/141-mtd-bcm47xxpart-limit-scanned-flash-area-on-BCM47XX-.patch b/target/linux/generic/patches-3.18/141-mtd-bcm47xxpart-limit-scanned-flash-area-on-BCM47XX-.patch deleted file mode 100644 index 761cff316d..0000000000 --- a/target/linux/generic/patches-3.18/141-mtd-bcm47xxpart-limit-scanned-flash-area-on-BCM47XX-.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Sat, 5 Dec 2015 02:03:32 +0100 -Subject: [PATCH] mtd: bcm47xxpart: limit scanned flash area on BCM47XX (MIPS) - only -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We allowed using bcm47xxpart on BCM5301X arch with commit: -9e3afa5f5c7 ("mtd: bcm47xxpart: allow enabling on ARCH_BCM_5301X") - -BCM5301X devices may contain some partitions in higher memory, e.g. -Netgear R8000 has board_data at 0x2600000. To detect them we should -use size limit on MIPS only. - -Signed-off-by: Rafał Miłecki ---- - drivers/mtd/bcm47xxpart.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/drivers/mtd/bcm47xxpart.c -+++ b/drivers/mtd/bcm47xxpart.c -@@ -118,8 +118,8 @@ static int bcm47xxpart_parse(struct mtd_ - /* Parse block by block looking for magics */ - for (offset = 0; offset <= master->size - blocksize; - offset += blocksize) { -- /* Nothing more in higher memory */ -- if (offset >= 0x2000000) -+ /* Nothing more in higher memory on BCM47XX (MIPS) */ -+ if (config_enabled(CONFIG_BCM47XX) && offset >= 0x2000000) - break; - - if (curr_part >= BCM47XXPART_MAX_PARTS) { diff --git a/target/linux/generic/patches-3.18/142-mtd-bcm47xxpart-don-t-fail-because-of-bit-flips.patch b/target/linux/generic/patches-3.18/142-mtd-bcm47xxpart-don-t-fail-because-of-bit-flips.patch index 9073f795e2..926de5fef7 100644 --- a/target/linux/generic/patches-3.18/142-mtd-bcm47xxpart-don-t-fail-because-of-bit-flips.patch +++ b/target/linux/generic/patches-3.18/142-mtd-bcm47xxpart-don-t-fail-because-of-bit-flips.patch @@ -58,7 +58,7 @@ Signed-off-by: Rafał Miłecki continue; } -@@ -254,10 +258,11 @@ static int bcm47xxpart_parse(struct mtd_ +@@ -252,10 +256,11 @@ static int bcm47xxpart_parse(struct mtd_ } /* Read middle of the block */ @@ -74,7 +74,7 @@ Signed-off-by: Rafał Miłecki continue; } -@@ -277,10 +282,11 @@ static int bcm47xxpart_parse(struct mtd_ +@@ -275,10 +280,11 @@ static int bcm47xxpart_parse(struct mtd_ } offset = master->size - possible_nvram_sizes[i]; diff --git a/target/linux/generic/patches-3.18/191-usb-ehci-orion-fix-probe-for-GENERIC_PHY.patch b/target/linux/generic/patches-3.18/191-usb-ehci-orion-fix-probe-for-GENERIC_PHY.patch deleted file mode 100644 index 5a3dc06c14..0000000000 --- a/target/linux/generic/patches-3.18/191-usb-ehci-orion-fix-probe-for-GENERIC_PHY.patch +++ /dev/null @@ -1,35 +0,0 @@ -From a95f03e51471dbdbafd3391991d867ac2358ed02 Mon Sep 17 00:00:00 2001 -From: Jonas Gorski -Date: Sun, 23 Aug 2015 14:23:29 +0200 -Subject: [PATCH] usb: ehci-orion: fix probe for !GENERIC_PHY - -Commit d445913ce0ab7f ("usb: ehci-orion: add optional PHY support") -added support for optional phys, but devm_phy_optional_get returns --ENOSYS if GENERIC_PHY is not enabled. - -This causes probe failures, even when there are no phys specified: - -[ 1.443365] orion-ehci f1058000.usb: init f1058000.usb fail, -38 -[ 1.449403] orion-ehci: probe of f1058000.usb failed with error -38 - -Similar to dwc3, treat -ENOSYS as no phy. - -Fixes: d445913ce0ab7f ("usb: ehci-orion: add optional PHY support") - -Signed-off-by: Jonas Gorski ---- - drivers/usb/host/ehci-orion.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/drivers/usb/host/ehci-orion.c -+++ b/drivers/usb/host/ehci-orion.c -@@ -226,7 +226,8 @@ static int ehci_orion_drv_probe(struct p - priv->phy = devm_phy_optional_get(&pdev->dev, "usb"); - if (IS_ERR(priv->phy)) { - err = PTR_ERR(priv->phy); -- goto err_phy_get; -+ if (err != -ENOSYS) -+ goto err_phy_get; - } else { - err = phy_init(priv->phy); - if (err) diff --git a/target/linux/generic/patches-3.18/201-extra_optimization.patch b/target/linux/generic/patches-3.18/201-extra_optimization.patch index 2e2ed66161..5a2396cfa3 100644 --- a/target/linux/generic/patches-3.18/201-extra_optimization.patch +++ b/target/linux/generic/patches-3.18/201-extra_optimization.patch @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -614,9 +614,9 @@ KBUILD_CFLAGS += $(call cc-option,-fno-P +@@ -618,9 +618,9 @@ KBUILD_CFLAGS += $(call cc-option,-fno-P KBUILD_AFLAGS += $(call cc-option,-fno-PIE) ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE diff --git a/target/linux/generic/patches-3.18/204-module_strip.patch b/target/linux/generic/patches-3.18/204-module_strip.patch index 7c4006913f..1b361d178e 100644 --- a/target/linux/generic/patches-3.18/204-module_strip.patch +++ b/target/linux/generic/patches-3.18/204-module_strip.patch @@ -32,8 +32,8 @@ Signed-off-by: Felix Fietkau +#if defined(MODULE) && !defined(CONFIG_MODULE_STRIPPED) /* Creates an alias so file2alias.c can find device table. */ #define MODULE_DEVICE_TABLE(type, name) \ - extern const struct type##_device_id __mod_##type##__##name##_device_table \ -@@ -159,7 +160,9 @@ void trim_init_extable(struct module *m) + extern const typeof(name) __mod_##type##__##name##_device_table \ +@@ -159,7 +160,9 @@ extern const typeof(name) __mod_##type## */ #if defined(MODULE) || !defined(CONFIG_SYSFS) @@ -44,7 +44,7 @@ Signed-off-by: Felix Fietkau #else #define MODULE_VERSION(_version) \ static struct module_version_attribute ___modver_attr = { \ -@@ -181,7 +184,7 @@ void trim_init_extable(struct module *m) +@@ -181,7 +184,7 @@ extern const typeof(name) __mod_##type## /* Optional firmware file (or files) needed by the module * format is simply firmware file name. Multiple firmware * files require multiple MODULE_FIRMWARE() specifiers */ @@ -127,7 +127,7 @@ Signed-off-by: Felix Fietkau set_license(mod, get_modinfo(info, "license")); --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c -@@ -1726,7 +1726,9 @@ static void read_symbols(char *modname) +@@ -1758,7 +1758,9 @@ static void read_symbols(char *modname) symname = remove_dot(info.strtab + sym->st_name); handle_modversions(mod, &info, sym, symname); @@ -137,7 +137,7 @@ Signed-off-by: Felix Fietkau } if (!is_vmlinux(modname) || (is_vmlinux(modname) && vmlinux_section_warnings)) -@@ -1870,7 +1872,9 @@ static void add_header(struct buffer *b, +@@ -1902,7 +1904,9 @@ static void add_header(struct buffer *b, buf_printf(b, "#include \n"); buf_printf(b, "#include \n"); buf_printf(b, "\n"); @@ -147,7 +147,7 @@ Signed-off-by: Felix Fietkau buf_printf(b, "\n"); buf_printf(b, "__visible struct module __this_module\n"); buf_printf(b, "__attribute__((section(\".gnu.linkonce.this_module\"))) = {\n"); -@@ -1887,16 +1891,20 @@ static void add_header(struct buffer *b, +@@ -1919,16 +1923,20 @@ static void add_header(struct buffer *b, static void add_intree_flag(struct buffer *b, int is_intree) { @@ -168,7 +168,7 @@ Signed-off-by: Felix Fietkau } /** -@@ -1989,11 +1997,13 @@ static void add_depends(struct buffer *b +@@ -2021,11 +2029,13 @@ static void add_depends(struct buffer *b static void add_srcversion(struct buffer *b, struct module *mod) { @@ -182,7 +182,7 @@ Signed-off-by: Felix Fietkau } static void write_if_changed(struct buffer *b, const char *fname) -@@ -2224,7 +2234,9 @@ int main(int argc, char **argv) +@@ -2256,7 +2266,9 @@ int main(int argc, char **argv) add_staging_flag(&buf, mod->name); err |= add_versions(&buf, mod); add_depends(&buf, mod, modules); diff --git a/target/linux/generic/patches-3.18/462-m25p80-mx-disable-software-protection.patch b/target/linux/generic/patches-3.18/462-m25p80-mx-disable-software-protection.patch index fef483a67d..f27220a281 100644 --- a/target/linux/generic/patches-3.18/462-m25p80-mx-disable-software-protection.patch +++ b/target/linux/generic/patches-3.18/462-m25p80-mx-disable-software-protection.patch @@ -1,6 +1,6 @@ --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c -@@ -963,6 +963,7 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -970,6 +970,7 @@ int spi_nor_scan(struct spi_nor *nor, co if (JEDEC_MFR(info->jedec_id) == CFI_MFR_ATMEL || JEDEC_MFR(info->jedec_id) == CFI_MFR_INTEL || diff --git a/target/linux/generic/patches-3.18/540-crypto-xz-decompression-support.patch b/target/linux/generic/patches-3.18/540-crypto-xz-decompression-support.patch index 00b0b7cadd..78d677d94f 100644 --- a/target/linux/generic/patches-3.18/540-crypto-xz-decompression-support.patch +++ b/target/linux/generic/patches-3.18/540-crypto-xz-decompression-support.patch @@ -16,7 +16,7 @@ config CRYPTO_ANSI_CPRNG --- a/crypto/Makefile +++ b/crypto/Makefile -@@ -89,6 +89,7 @@ obj-$(CONFIG_CRYPTO_AUTHENC) += authenc. +@@ -91,6 +91,7 @@ obj-$(CONFIG_CRYPTO_AUTHENC) += authenc. obj-$(CONFIG_CRYPTO_LZO) += lzo.o obj-$(CONFIG_CRYPTO_LZ4) += lz4.o obj-$(CONFIG_CRYPTO_LZ4HC) += lz4hc.o diff --git a/target/linux/generic/patches-3.18/630-packet_socket_type.patch b/target/linux/generic/patches-3.18/630-packet_socket_type.patch index 68a42362dd..32fb5869b8 100644 --- a/target/linux/generic/patches-3.18/630-packet_socket_type.patch +++ b/target/linux/generic/patches-3.18/630-packet_socket_type.patch @@ -26,7 +26,7 @@ Signed-off-by: Felix Fietkau #define PACKET_FANOUT_LB 1 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -1530,6 +1530,7 @@ static int packet_rcv_spkt(struct sk_buf +@@ -1529,6 +1529,7 @@ static int packet_rcv_spkt(struct sk_buf { struct sock *sk; struct sockaddr_pkt *spkt; @@ -34,7 +34,7 @@ Signed-off-by: Felix Fietkau /* * When we registered the protocol we saved the socket in the data -@@ -1537,6 +1538,7 @@ static int packet_rcv_spkt(struct sk_buf +@@ -1536,6 +1537,7 @@ static int packet_rcv_spkt(struct sk_buf */ sk = pt->af_packet_priv; @@ -42,7 +42,7 @@ Signed-off-by: Felix Fietkau /* * Yank back the headers [hope the device set this -@@ -1549,7 +1551,7 @@ static int packet_rcv_spkt(struct sk_buf +@@ -1548,7 +1550,7 @@ static int packet_rcv_spkt(struct sk_buf * so that this procedure is noop. */ @@ -51,7 +51,7 @@ Signed-off-by: Felix Fietkau goto out; if (!net_eq(dev_net(dev), sock_net(sk))) -@@ -1748,12 +1750,12 @@ static int packet_rcv(struct sk_buff *sk +@@ -1747,12 +1749,12 @@ static int packet_rcv(struct sk_buff *sk int skb_len = skb->len; unsigned int snaplen, res; @@ -67,7 +67,7 @@ Signed-off-by: Felix Fietkau if (!net_eq(dev_net(dev), sock_net(sk))) goto drop; -@@ -1873,12 +1875,12 @@ static int tpacket_rcv(struct sk_buff *s +@@ -1872,12 +1874,12 @@ static int tpacket_rcv(struct sk_buff *s BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h2)) != 32); BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h3)) != 48); @@ -83,7 +83,7 @@ Signed-off-by: Felix Fietkau if (!net_eq(dev_net(dev), sock_net(sk))) goto drop; -@@ -2828,6 +2830,7 @@ static int packet_create(struct net *net +@@ -2831,6 +2833,7 @@ static int packet_create(struct net *net spin_lock_init(&po->bind_lock); mutex_init(&po->pg_vec_lock); po->prot_hook.func = packet_rcv; @@ -91,7 +91,7 @@ Signed-off-by: Felix Fietkau if (sock->type == SOCK_PACKET) po->prot_hook.func = packet_rcv_spkt; -@@ -3409,6 +3412,16 @@ packet_setsockopt(struct socket *sock, i +@@ -3425,6 +3428,16 @@ packet_setsockopt(struct socket *sock, i po->xmit = val ? packet_direct_xmit : dev_queue_xmit; return 0; } @@ -108,7 +108,7 @@ Signed-off-by: Felix Fietkau default: return -ENOPROTOOPT; } -@@ -3460,6 +3473,13 @@ static int packet_getsockopt(struct sock +@@ -3476,6 +3489,13 @@ static int packet_getsockopt(struct sock case PACKET_VNET_HDR: val = po->has_vnet_hdr; break; diff --git a/target/linux/generic/patches-3.18/643-bridge_remove_ipv6_dependency.patch b/target/linux/generic/patches-3.18/643-bridge_remove_ipv6_dependency.patch index 5181806497..49f0285c5f 100644 --- a/target/linux/generic/patches-3.18/643-bridge_remove_ipv6_dependency.patch +++ b/target/linux/generic/patches-3.18/643-bridge_remove_ipv6_dependency.patch @@ -1,6 +1,6 @@ --- a/include/net/addrconf.h +++ b/include/net/addrconf.h -@@ -88,6 +88,12 @@ int ipv6_rcv_saddr_equal(const struct so +@@ -90,6 +90,12 @@ int ipv6_rcv_saddr_equal(const struct so void addrconf_join_solict(struct net_device *dev, const struct in6_addr *addr); void addrconf_leave_solict(struct inet6_dev *idev, const struct in6_addr *addr); @@ -52,7 +52,7 @@ int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr, u32 banned_flags) -@@ -5469,6 +5468,9 @@ int __init addrconf_init(void) +@@ -5473,6 +5472,9 @@ int __init addrconf_init(void) ipv6_addr_label_rtnl_register(); @@ -62,7 +62,7 @@ return 0; errout: rtnl_af_unregister(&inet6_ops); -@@ -5488,6 +5490,9 @@ void addrconf_cleanup(void) +@@ -5492,6 +5494,9 @@ void addrconf_cleanup(void) struct net_device *dev; int i; diff --git a/target/linux/generic/patches-3.18/653-disable_netlink_trim.patch b/target/linux/generic/patches-3.18/653-disable_netlink_trim.patch index b38b87b48f..94fd139c22 100644 --- a/target/linux/generic/patches-3.18/653-disable_netlink_trim.patch +++ b/target/linux/generic/patches-3.18/653-disable_netlink_trim.patch @@ -1,15 +1,12 @@ --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c -@@ -1721,27 +1721,7 @@ void netlink_detachskb(struct sock *sk, +@@ -1107,24 +1107,7 @@ void netlink_detachskb(struct sock *sk, static struct sk_buff *netlink_trim(struct sk_buff *skb, gfp_t allocation) { - int delta; - WARN_ON(skb->sk != NULL); -- if (netlink_skb_is_mmaped(skb)) -- return skb; -- - delta = skb->end - skb->tail; - if (is_vmalloc_addr(skb->head) || delta * 2 < skb->truesize) - return skb; diff --git a/target/linux/generic/patches-3.18/655-increase_skb_pad.patch b/target/linux/generic/patches-3.18/655-increase_skb_pad.patch index 19344cca3f..96f81e9aa7 100644 --- a/target/linux/generic/patches-3.18/655-increase_skb_pad.patch +++ b/target/linux/generic/patches-3.18/655-increase_skb_pad.patch @@ -1,6 +1,6 @@ --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -2023,7 +2023,7 @@ static inline int pskb_network_may_pull( +@@ -2024,7 +2024,7 @@ static inline int pskb_network_may_pull( * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD diff --git a/target/linux/generic/patches-3.18/656-skb_reduce_truesize-helper.patch b/target/linux/generic/patches-3.18/656-skb_reduce_truesize-helper.patch index b326a8b727..0fde9f6e62 100644 --- a/target/linux/generic/patches-3.18/656-skb_reduce_truesize-helper.patch +++ b/target/linux/generic/patches-3.18/656-skb_reduce_truesize-helper.patch @@ -14,7 +14,7 @@ when needed. --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -2068,6 +2068,24 @@ static inline void pskb_trim_unique(stru +@@ -2069,6 +2069,24 @@ static inline void pskb_trim_unique(stru BUG_ON(err); } diff --git a/target/linux/generic/patches-3.18/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch b/target/linux/generic/patches-3.18/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch index 000665f047..43bdbe456d 100644 --- a/target/linux/generic/patches-3.18/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch +++ b/target/linux/generic/patches-3.18/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch @@ -145,7 +145,7 @@ Signed-off-by: Steven Barth if (dev == ip6n->fb_tnl_dev) RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL); else -@@ -771,6 +786,108 @@ int ip6_tnl_rcv_ctl(struct ip6_tnl *t, +@@ -781,6 +796,108 @@ int ip6_tnl_rcv_ctl(struct ip6_tnl *t, } EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl); @@ -254,7 +254,7 @@ Signed-off-by: Steven Barth /** * ip6_tnl_rcv - decapsulate IPv6 packet and retransmit it locally * @skb: received socket buffer -@@ -815,6 +932,26 @@ static int ip6_tnl_rcv(struct sk_buff *s +@@ -825,6 +942,26 @@ static int ip6_tnl_rcv(struct sk_buff *s skb_reset_network_header(skb); skb->protocol = htons(protocol); memset(skb->cb, 0, sizeof(struct inet6_skb_parm)); @@ -281,7 +281,7 @@ Signed-off-by: Steven Barth __skb_tunnel_rx(skb, t->dev, t->net); -@@ -1076,6 +1213,7 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str +@@ -1086,6 +1223,7 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str __u8 dsfield; __u32 mtu; int err; @@ -289,7 +289,7 @@ Signed-off-by: Steven Barth if ((t->parms.proto != IPPROTO_IPIP && t->parms.proto != 0) || !ip6_tnl_xmit_ctl(t)) -@@ -1095,6 +1233,18 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str +@@ -1105,6 +1243,18 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) fl6.flowi6_mark = skb->mark; @@ -308,7 +308,7 @@ Signed-off-by: Steven Barth err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu); if (err != 0) { /* XXX: send ICMP error even if DF is not set. */ -@@ -1263,6 +1413,14 @@ ip6_tnl_change(struct ip6_tnl *t, const +@@ -1273,6 +1423,14 @@ ip6_tnl_change(struct ip6_tnl *t, const t->parms.flowinfo = p->flowinfo; t->parms.link = p->link; t->parms.proto = p->proto; @@ -323,7 +323,7 @@ Signed-off-by: Steven Barth ip6_tnl_dst_reset(t); ip6_tnl_link_config(t); return 0; -@@ -1293,6 +1451,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_ +@@ -1303,6 +1461,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_ p->flowinfo = u->flowinfo; p->link = u->link; p->proto = u->proto; @@ -331,7 +331,7 @@ Signed-off-by: Steven Barth memcpy(p->name, u->name, sizeof(u->name)); } -@@ -1568,6 +1727,15 @@ static int ip6_tnl_validate(struct nlatt +@@ -1578,6 +1737,15 @@ static int ip6_tnl_validate(struct nlatt return 0; } @@ -347,7 +347,7 @@ Signed-off-by: Steven Barth static void ip6_tnl_netlink_parms(struct nlattr *data[], struct __ip6_tnl_parm *parms) { -@@ -1601,6 +1769,46 @@ static void ip6_tnl_netlink_parms(struct +@@ -1611,6 +1779,46 @@ static void ip6_tnl_netlink_parms(struct if (data[IFLA_IPTUN_PROTO]) parms->proto = nla_get_u8(data[IFLA_IPTUN_PROTO]); @@ -394,7 +394,7 @@ Signed-off-by: Steven Barth } static int ip6_tnl_newlink(struct net *src_net, struct net_device *dev, -@@ -1653,6 +1861,12 @@ static void ip6_tnl_dellink(struct net_d +@@ -1663,6 +1871,12 @@ static void ip6_tnl_dellink(struct net_d static size_t ip6_tnl_get_size(const struct net_device *dev) { @@ -407,7 +407,7 @@ Signed-off-by: Steven Barth return /* IFLA_IPTUN_LINK */ nla_total_size(4) + -@@ -1670,6 +1884,24 @@ static size_t ip6_tnl_get_size(const str +@@ -1680,6 +1894,24 @@ static size_t ip6_tnl_get_size(const str nla_total_size(4) + /* IFLA_IPTUN_PROTO */ nla_total_size(1) + @@ -432,7 +432,7 @@ Signed-off-by: Steven Barth 0; } -@@ -1677,6 +1909,9 @@ static int ip6_tnl_fill_info(struct sk_b +@@ -1687,6 +1919,9 @@ static int ip6_tnl_fill_info(struct sk_b { struct ip6_tnl *tunnel = netdev_priv(dev); struct __ip6_tnl_parm *parm = &tunnel->parms; @@ -442,7 +442,7 @@ Signed-off-by: Steven Barth if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) || nla_put(skb, IFLA_IPTUN_LOCAL, sizeof(struct in6_addr), -@@ -1687,8 +1922,27 @@ static int ip6_tnl_fill_info(struct sk_b +@@ -1697,8 +1932,27 @@ static int ip6_tnl_fill_info(struct sk_b nla_put_u8(skb, IFLA_IPTUN_ENCAP_LIMIT, parm->encap_limit) || nla_put_be32(skb, IFLA_IPTUN_FLOWINFO, parm->flowinfo) || nla_put_u32(skb, IFLA_IPTUN_FLAGS, parm->flags) || @@ -471,7 +471,7 @@ Signed-off-by: Steven Barth return 0; nla_put_failure: -@@ -1704,6 +1958,7 @@ static const struct nla_policy ip6_tnl_p +@@ -1714,6 +1968,7 @@ static const struct nla_policy ip6_tnl_p [IFLA_IPTUN_FLOWINFO] = { .type = NLA_U32 }, [IFLA_IPTUN_FLAGS] = { .type = NLA_U32 }, [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, diff --git a/target/linux/generic/patches-3.18/667-ipv6-Fixed-source-specific-default-route-handling.patch b/target/linux/generic/patches-3.18/667-ipv6-Fixed-source-specific-default-route-handling.patch index 0c951069c2..de8745cdc3 100644 --- a/target/linux/generic/patches-3.18/667-ipv6-Fixed-source-specific-default-route-handling.patch +++ b/target/linux/generic/patches-3.18/667-ipv6-Fixed-source-specific-default-route-handling.patch @@ -26,7 +26,7 @@ Signed-off-by: David S. Miller --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c -@@ -903,21 +903,45 @@ static int ip6_dst_lookup_tail(struct so +@@ -906,21 +906,45 @@ static int ip6_dst_lookup_tail(struct so #endif int err; @@ -81,7 +81,7 @@ Signed-off-by: David S. Miller * Here if the dst entry we've looked up --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -2182,9 +2182,10 @@ int ip6_route_get_saddr(struct net *net, +@@ -2184,9 +2184,10 @@ int ip6_route_get_saddr(struct net *net, unsigned int prefs, struct in6_addr *saddr) { diff --git a/target/linux/generic/patches-3.18/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch b/target/linux/generic/patches-3.18/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch index 1bf9dc99dc..f999d44df0 100644 --- a/target/linux/generic/patches-3.18/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch +++ b/target/linux/generic/patches-3.18/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch @@ -155,7 +155,7 @@ Signed-off-by: Jonas Gorski case RTN_THROW: default: rt->dst.error = (cfg->fc_type == RTN_THROW) ? -EAGAIN -@@ -2139,6 +2161,17 @@ static int ip6_pkt_prohibit_out(struct s +@@ -2141,6 +2163,17 @@ static int ip6_pkt_prohibit_out(struct s return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES); } @@ -173,7 +173,7 @@ Signed-off-by: Jonas Gorski /* * Allocate a dst for local (unicast / anycast) address. */ -@@ -2363,7 +2396,8 @@ static int rtm_to_fib6_config(struct sk_ +@@ -2365,7 +2398,8 @@ static int rtm_to_fib6_config(struct sk_ if (rtm->rtm_type == RTN_UNREACHABLE || rtm->rtm_type == RTN_BLACKHOLE || rtm->rtm_type == RTN_PROHIBIT || @@ -183,7 +183,7 @@ Signed-off-by: Jonas Gorski cfg->fc_flags |= RTF_REJECT; if (rtm->rtm_type == RTN_LOCAL) -@@ -2565,6 +2599,9 @@ static int rt6_fill_node(struct net *net +@@ -2567,6 +2601,9 @@ static int rt6_fill_node(struct net *net case -EACCES: rtm->rtm_type = RTN_PROHIBIT; break; @@ -193,7 +193,7 @@ Signed-off-by: Jonas Gorski case -EAGAIN: rtm->rtm_type = RTN_THROW; break; -@@ -2818,6 +2855,8 @@ static int ip6_route_dev_notify(struct n +@@ -2825,6 +2862,8 @@ static int ip6_route_dev_notify(struct n #ifdef CONFIG_IPV6_MULTIPLE_TABLES net->ipv6.ip6_prohibit_entry->dst.dev = dev; net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev); @@ -202,7 +202,7 @@ Signed-off-by: Jonas Gorski net->ipv6.ip6_blk_hole_entry->dst.dev = dev; net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev); #endif -@@ -3034,6 +3073,17 @@ static int __net_init ip6_route_net_init +@@ -3047,6 +3086,17 @@ static int __net_init ip6_route_net_init net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops; dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst, ip6_template_metrics, true); @@ -220,7 +220,7 @@ Signed-off-by: Jonas Gorski #endif net->ipv6.sysctl.flush_delay = 0; -@@ -3052,6 +3102,8 @@ out: +@@ -3065,6 +3115,8 @@ out: return ret; #ifdef CONFIG_IPV6_MULTIPLE_TABLES @@ -229,7 +229,7 @@ Signed-off-by: Jonas Gorski out_ip6_prohibit_entry: kfree(net->ipv6.ip6_prohibit_entry); out_ip6_null_entry: -@@ -3069,6 +3121,7 @@ static void __net_exit ip6_route_net_exi +@@ -3082,6 +3134,7 @@ static void __net_exit ip6_route_net_exi #ifdef CONFIG_IPV6_MULTIPLE_TABLES kfree(net->ipv6.ip6_prohibit_entry); kfree(net->ipv6.ip6_blk_hole_entry); @@ -237,7 +237,7 @@ Signed-off-by: Jonas Gorski #endif dst_entries_destroy(&net->ipv6.ip6_dst_ops); } -@@ -3165,6 +3218,9 @@ int __init ip6_route_init(void) +@@ -3155,6 +3208,9 @@ void __init ip6_route_init_special_entri init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev; init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); @@ -245,5 +245,5 @@ Signed-off-by: Jonas Gorski + init_net.ipv6.ip6_policy_failed_entry->rt6i_idev = + in6_dev_get(init_net.loopback_dev); #endif - ret = fib6_init(); - if (ret) + } + diff --git a/target/linux/generic/patches-3.18/680-NET-skip-GRO-for-foreign-MAC-addresses.patch b/target/linux/generic/patches-3.18/680-NET-skip-GRO-for-foreign-MAC-addresses.patch index 21199fe6c7..6b02b3ca9c 100644 --- a/target/linux/generic/patches-3.18/680-NET-skip-GRO-for-foreign-MAC-addresses.patch +++ b/target/linux/generic/patches-3.18/680-NET-skip-GRO-for-foreign-MAC-addresses.patch @@ -17,7 +17,7 @@ Signed-off-by: Felix Fietkau --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -4002,6 +4002,9 @@ static enum gro_result dev_gro_receive(s +@@ -4006,6 +4006,9 @@ static enum gro_result dev_gro_receive(s enum gro_result ret; int grow; @@ -27,7 +27,7 @@ Signed-off-by: Felix Fietkau if (!(skb->dev->features & NETIF_F_GRO)) goto normal; -@@ -5067,6 +5070,48 @@ static void __netdev_adjacent_dev_unlink +@@ -5077,6 +5080,48 @@ static void __netdev_adjacent_dev_unlink &upper_dev->adj_list.lower); } @@ -76,7 +76,7 @@ Signed-off-by: Felix Fietkau static int __netdev_upper_dev_link(struct net_device *dev, struct net_device *upper_dev, bool master, void *private) -@@ -5127,6 +5172,7 @@ static int __netdev_upper_dev_link(struc +@@ -5137,6 +5182,7 @@ static int __netdev_upper_dev_link(struc goto rollback_lower_mesh; } @@ -84,15 +84,15 @@ Signed-off-by: Felix Fietkau call_netdevice_notifiers(NETDEV_CHANGEUPPER, dev); return 0; -@@ -5244,6 +5290,7 @@ void netdev_upper_dev_unlink(struct net_ +@@ -5254,6 +5300,7 @@ void netdev_upper_dev_unlink(struct net_ list_for_each_entry(i, &upper_dev->all_adj_list.upper, list) - __netdev_adjacent_dev_unlink(dev, i->dev); + __netdev_adjacent_dev_unlink(dev, i->dev, i->ref_nr); + netdev_update_addr_mask(dev); call_netdevice_notifiers(NETDEV_CHANGEUPPER, dev); } EXPORT_SYMBOL(netdev_upper_dev_unlink); -@@ -5763,6 +5810,7 @@ int dev_set_mac_address(struct net_devic +@@ -5773,6 +5820,7 @@ int dev_set_mac_address(struct net_devic if (err) return err; dev->addr_assign_type = NET_ADDR_SET; @@ -113,7 +113,7 @@ Signed-off-by: Felix Fietkau #endif --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -597,7 +597,8 @@ struct sk_buff { +@@ -598,7 +598,8 @@ struct sk_buff { #endif __u8 ipvs_property:1; __u8 inner_protocol_type:1; diff --git a/target/linux/generic/patches-3.18/701-phy_extension.patch b/target/linux/generic/patches-3.18/701-phy_extension.patch index 5c63dbec62..fa4542b88b 100644 --- a/target/linux/generic/patches-3.18/701-phy_extension.patch +++ b/target/linux/generic/patches-3.18/701-phy_extension.patch @@ -53,7 +53,7 @@ * @phydev: the phy_device struct --- a/include/linux/phy.h +++ b/include/linux/phy.h -@@ -748,6 +748,7 @@ void phy_start_machine(struct phy_device +@@ -752,6 +752,7 @@ void phy_start_machine(struct phy_device void phy_stop_machine(struct phy_device *phydev); int phy_ethtool_sset(struct phy_device *phydev, struct ethtool_cmd *cmd); int phy_ethtool_gset(struct phy_device *phydev, struct ethtool_cmd *cmd); diff --git a/target/linux/generic/patches-3.18/704-phy-no-genphy-soft-reset.patch b/target/linux/generic/patches-3.18/704-phy-no-genphy-soft-reset.patch index 0350f9efe4..0c78ee1be5 100644 --- a/target/linux/generic/patches-3.18/704-phy-no-genphy-soft-reset.patch +++ b/target/linux/generic/patches-3.18/704-phy-no-genphy-soft-reset.patch @@ -9,16 +9,7 @@ { /* Do nothing for now */ return 0; -@@ -1347,7 +1347,7 @@ static struct phy_driver genphy_driver[] - .phy_id = 0xffffffff, - .phy_id_mask = 0xffffffff, - .name = "Generic PHY", -- .soft_reset = genphy_soft_reset, -+ .soft_reset = no_soft_reset, - .config_init = genphy_config_init, - .features = PHY_GBIT_FEATURES | SUPPORTED_MII | - SUPPORTED_AUI | SUPPORTED_FIBRE | -@@ -1362,7 +1362,7 @@ static struct phy_driver genphy_driver[] +@@ -1364,7 +1364,7 @@ static struct phy_driver genphy_driver[] .phy_id = 0xffffffff, .phy_id_mask = 0xffffffff, .name = "Generic 10G PHY", diff --git a/target/linux/generic/patches-3.18/710-phy-add-mdio_register_board_info.patch b/target/linux/generic/patches-3.18/710-phy-add-mdio_register_board_info.patch index cc3cb2445d..424c63e311 100644 --- a/target/linux/generic/patches-3.18/710-phy-add-mdio_register_board_info.patch +++ b/target/linux/generic/patches-3.18/710-phy-add-mdio_register_board_info.patch @@ -46,7 +46,7 @@ phy_device_free(phydev); --- a/include/linux/phy.h +++ b/include/linux/phy.h -@@ -785,4 +785,22 @@ int __init mdio_bus_init(void); +@@ -789,4 +789,22 @@ int __init mdio_bus_init(void); void mdio_bus_exit(void); extern struct bus_type mdio_bus_type; diff --git a/target/linux/generic/patches-3.18/721-phy_packets.patch b/target/linux/generic/patches-3.18/721-phy_packets.patch index 99811c6242..7235ab355f 100644 --- a/target/linux/generic/patches-3.18/721-phy_packets.patch +++ b/target/linux/generic/patches-3.18/721-phy_packets.patch @@ -41,7 +41,7 @@ */ --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -2054,6 +2054,10 @@ static inline int pskb_trim(struct sk_bu +@@ -2055,6 +2055,10 @@ static inline int pskb_trim(struct sk_bu return (len < skb->len) ? __pskb_trim(skb, len) : 0; } @@ -52,7 +52,7 @@ /** * pskb_trim_unique - remove end from a paged unique (not cloned) buffer * @skb: buffer to alter -@@ -2180,16 +2184,6 @@ static inline struct sk_buff *dev_alloc_ +@@ -2181,16 +2185,6 @@ static inline struct sk_buff *dev_alloc_ } @@ -86,7 +86,7 @@ help --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -2623,10 +2623,20 @@ static int xmit_one(struct sk_buff *skb, +@@ -2626,10 +2626,20 @@ static int xmit_one(struct sk_buff *skb, if (!list_empty(&ptype_all)) dev_queue_xmit_nit(skb, dev); @@ -121,7 +121,7 @@ #include #include -@@ -469,6 +470,22 @@ struct sk_buff *__netdev_alloc_skb(struc +@@ -471,6 +472,22 @@ struct sk_buff *__netdev_alloc_skb(struc } EXPORT_SYMBOL(__netdev_alloc_skb); diff --git a/target/linux/generic/patches-3.18/750-hostap_txpower.patch b/target/linux/generic/patches-3.18/750-hostap_txpower.patch index 768c80f73b..9a8cb7fb5c 100644 --- a/target/linux/generic/patches-3.18/750-hostap_txpower.patch +++ b/target/linux/generic/patches-3.18/750-hostap_txpower.patch @@ -64,7 +64,7 @@ #endif /* HOSTAP_H */ --- a/drivers/net/wireless/hostap/hostap_hw.c +++ b/drivers/net/wireless/hostap/hostap_hw.c -@@ -928,6 +928,7 @@ static int hfa384x_set_rid(struct net_de +@@ -933,6 +933,7 @@ static int hfa384x_set_rid(struct net_de prism2_hw_reset(dev); } diff --git a/target/linux/generic/patches-3.18/773-bgmac-add-srab-switch.patch b/target/linux/generic/patches-3.18/773-bgmac-add-srab-switch.patch index 9f39c8000e..758bc3a852 100644 --- a/target/linux/generic/patches-3.18/773-bgmac-add-srab-switch.patch +++ b/target/linux/generic/patches-3.18/773-bgmac-add-srab-switch.patch @@ -30,7 +30,7 @@ Signed-off-by: Hauke Mehrtens /************************************************** * BCMA bus ops **************************************************/ -@@ -1688,6 +1700,14 @@ static int bgmac_probe(struct bcma_devic +@@ -1693,6 +1705,14 @@ static int bgmac_probe(struct bcma_devic net_dev->hw_features = net_dev->features; net_dev->vlan_features = net_dev->features; @@ -45,7 +45,7 @@ Signed-off-by: Hauke Mehrtens err = register_netdev(bgmac->net_dev); if (err) { bgmac_err(bgmac, "Cannot register net device\n"); -@@ -1714,6 +1734,10 @@ static void bgmac_remove(struct bcma_dev +@@ -1719,6 +1739,10 @@ static void bgmac_remove(struct bcma_dev { struct bgmac *bgmac = bcma_get_drvdata(core); diff --git a/target/linux/generic/patches-3.18/811-pci_disable_usb_common_quirks.patch b/target/linux/generic/patches-3.18/811-pci_disable_usb_common_quirks.patch index a7bf0bb9fa..d1da5062bc 100644 --- a/target/linux/generic/patches-3.18/811-pci_disable_usb_common_quirks.patch +++ b/target/linux/generic/patches-3.18/811-pci_disable_usb_common_quirks.patch @@ -1,7 +1,7 @@ --- a/drivers/usb/host/pci-quirks.c +++ b/drivers/usb/host/pci-quirks.c -@@ -97,6 +97,8 @@ struct amd_chipset_type { +@@ -98,6 +98,8 @@ struct amd_chipset_type { u8 rev; }; @@ -10,7 +10,7 @@ static struct amd_chipset_info { struct pci_dev *nb_dev; struct pci_dev *smbus_dev; -@@ -454,6 +456,10 @@ void usb_amd_dev_put(void) +@@ -461,6 +463,10 @@ void usb_amd_dev_put(void) } EXPORT_SYMBOL_GPL(usb_amd_dev_put); @@ -21,7 +21,7 @@ /* * Make sure the controller is completely inactive, unable to * generate interrupts or do DMA. -@@ -533,8 +539,17 @@ reset_needed: +@@ -540,8 +546,17 @@ reset_needed: uhci_reset_hc(pdev, base); return 1; } @@ -39,7 +39,7 @@ static inline int io_type_enabled(struct pci_dev *pdev, unsigned int mask) { u16 cmd; -@@ -1095,3 +1110,4 @@ static void quirk_usb_early_handoff(stru +@@ -1102,3 +1117,4 @@ static void quirk_usb_early_handoff(stru } DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_SERIAL_USB, 8, quirk_usb_early_handoff); diff --git a/target/linux/generic/patches-3.18/902-debloat_proc.patch b/target/linux/generic/patches-3.18/902-debloat_proc.patch index 79cecf90d4..596a84f8dd 100644 --- a/target/linux/generic/patches-3.18/902-debloat_proc.patch +++ b/target/linux/generic/patches-3.18/902-debloat_proc.patch @@ -173,7 +173,7 @@ goto err; --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -2933,6 +2933,8 @@ static __net_initdata struct pernet_oper +@@ -2939,6 +2939,8 @@ static __net_initdata struct pernet_oper static int __init proto_init(void) { diff --git a/target/linux/generic/patches-3.18/940-ocf_kbuild_integration.patch b/target/linux/generic/patches-3.18/940-ocf_kbuild_integration.patch index 240f15eb61..7cf94153e8 100644 --- a/target/linux/generic/patches-3.18/940-ocf_kbuild_integration.patch +++ b/target/linux/generic/patches-3.18/940-ocf_kbuild_integration.patch @@ -9,7 +9,7 @@ + --- a/crypto/Makefile +++ b/crypto/Makefile -@@ -101,6 +101,8 @@ obj-$(CONFIG_CRYPTO_USER_API) += af_alg. +@@ -103,6 +103,8 @@ obj-$(CONFIG_CRYPTO_USER_API) += af_alg. obj-$(CONFIG_CRYPTO_USER_API_HASH) += algif_hash.o obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o diff --git a/target/linux/generic/patches-3.18/997-device_tree_cmdline.patch b/target/linux/generic/patches-3.18/997-device_tree_cmdline.patch index dd725b01b1..61fe71b784 100644 --- a/target/linux/generic/patches-3.18/997-device_tree_cmdline.patch +++ b/target/linux/generic/patches-3.18/997-device_tree_cmdline.patch @@ -1,6 +1,6 @@ --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c -@@ -903,6 +903,9 @@ int __init early_init_dt_scan_chosen(uns +@@ -909,6 +909,9 @@ int __init early_init_dt_scan_chosen(uns p = of_get_flat_dt_prop(node, "bootargs", &l); if (p != NULL && l > 0) strlcpy(data, p, min((int)l, COMMAND_LINE_SIZE)); diff --git a/target/linux/imx6/patches-3.18/202-net-igb-add-i210-i211-support-for-phy-read-write.patch b/target/linux/imx6/patches-3.18/202-net-igb-add-i210-i211-support-for-phy-read-write.patch index fb4b722569..9de5dfe44a 100644 --- a/target/linux/imx6/patches-3.18/202-net-igb-add-i210-i211-support-for-phy-read-write.patch +++ b/target/linux/imx6/patches-3.18/202-net-igb-add-i210-i211-support-for-phy-read-write.patch @@ -10,7 +10,7 @@ Date: Thu May 15 00:12:26 2014 -0700 --- a/drivers/net/ethernet/intel/igb/e1000_phy.c +++ b/drivers/net/ethernet/intel/igb/e1000_phy.c -@@ -135,7 +135,7 @@ out: +@@ -139,7 +139,7 @@ out: s32 igb_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) { struct e1000_phy_info *phy = &hw->phy; @@ -19,7 +19,7 @@ Date: Thu May 15 00:12:26 2014 -0700 s32 ret_val = 0; if (offset > MAX_PHY_REG_ADDRESS) { -@@ -148,11 +148,25 @@ s32 igb_read_phy_reg_mdic(struct e1000_h +@@ -152,11 +152,25 @@ s32 igb_read_phy_reg_mdic(struct e1000_h * Control register. The MAC will take care of interfacing with the * PHY to retrieve the desired data. */ @@ -48,7 +48,7 @@ Date: Thu May 15 00:12:26 2014 -0700 /* Poll the ready bit to see if the MDI read completed * Increasing the time out as testing showed failures with -@@ -177,6 +191,18 @@ s32 igb_read_phy_reg_mdic(struct e1000_h +@@ -181,6 +195,18 @@ s32 igb_read_phy_reg_mdic(struct e1000_h *data = (u16) mdic; out: @@ -67,7 +67,7 @@ Date: Thu May 15 00:12:26 2014 -0700 return ret_val; } -@@ -191,7 +217,7 @@ out: +@@ -195,7 +221,7 @@ out: s32 igb_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data) { struct e1000_phy_info *phy = &hw->phy; @@ -76,7 +76,7 @@ Date: Thu May 15 00:12:26 2014 -0700 s32 ret_val = 0; if (offset > MAX_PHY_REG_ADDRESS) { -@@ -204,12 +230,27 @@ s32 igb_write_phy_reg_mdic(struct e1000_ +@@ -208,12 +234,27 @@ s32 igb_write_phy_reg_mdic(struct e1000_ * Control register. The MAC will take care of interfacing with the * PHY to retrieve the desired data. */ @@ -108,7 +108,7 @@ Date: Thu May 15 00:12:26 2014 -0700 /* Poll the ready bit to see if the MDI read completed * Increasing the time out as testing showed failures with -@@ -233,6 +274,18 @@ s32 igb_write_phy_reg_mdic(struct e1000_ +@@ -237,6 +278,18 @@ s32 igb_write_phy_reg_mdic(struct e1000_ } out: diff --git a/target/linux/imx6/patches-3.18/203-net-igb-add-phy-read-write-functions-that-accept-phy.patch b/target/linux/imx6/patches-3.18/203-net-igb-add-phy-read-write-functions-that-accept-phy.patch index 7869b1cf53..405d4ec37f 100644 --- a/target/linux/imx6/patches-3.18/203-net-igb-add-phy-read-write-functions-that-accept-phy.patch +++ b/target/linux/imx6/patches-3.18/203-net-igb-add-phy-read-write-functions-that-accept-phy.patch @@ -36,7 +36,7 @@ Signed-off-by: Tim Harvey --- a/drivers/net/ethernet/intel/igb/e1000_phy.c +++ b/drivers/net/ethernet/intel/igb/e1000_phy.c -@@ -132,9 +132,8 @@ out: +@@ -136,9 +136,8 @@ out: * Reads the MDI control regsiter in the PHY at offset and stores the * information read to data. **/ @@ -47,7 +47,7 @@ Signed-off-by: Tim Harvey u32 i, mdicnfg, mdic = 0; s32 ret_val = 0; -@@ -153,14 +152,14 @@ s32 igb_read_phy_reg_mdic(struct e1000_h +@@ -157,14 +156,14 @@ s32 igb_read_phy_reg_mdic(struct e1000_h case e1000_i211: mdicnfg = rd32(E1000_MDICNFG); mdicnfg &= ~(E1000_MDICNFG_PHY_MASK); @@ -64,7 +64,7 @@ Signed-off-by: Tim Harvey (E1000_MDIC_OP_READ)); break; } -@@ -214,9 +213,8 @@ out: +@@ -218,9 +217,8 @@ out: * * Writes data to MDI control register in the PHY at offset. **/ @@ -75,7 +75,7 @@ Signed-off-by: Tim Harvey u32 i, mdicnfg, mdic = 0; s32 ret_val = 0; -@@ -235,7 +233,7 @@ s32 igb_write_phy_reg_mdic(struct e1000_ +@@ -239,7 +237,7 @@ s32 igb_write_phy_reg_mdic(struct e1000_ case e1000_i211: mdicnfg = rd32(E1000_MDICNFG); mdicnfg &= ~(E1000_MDICNFG_PHY_MASK); @@ -84,7 +84,7 @@ Signed-off-by: Tim Harvey wr32(E1000_MDICNFG, mdicnfg); mdic = (((u32)data) | (offset << E1000_MDIC_REG_SHIFT) | -@@ -244,7 +242,7 @@ s32 igb_write_phy_reg_mdic(struct e1000_ +@@ -248,7 +246,7 @@ s32 igb_write_phy_reg_mdic(struct e1000_ default: mdic = (((u32)data) | (offset << E1000_MDIC_REG_SHIFT) | @@ -93,7 +93,7 @@ Signed-off-by: Tim Harvey (E1000_MDIC_OP_WRITE)); break; } -@@ -464,7 +462,7 @@ s32 igb_read_phy_reg_igp(struct e1000_hw +@@ -468,7 +466,7 @@ s32 igb_read_phy_reg_igp(struct e1000_hw goto out; if (offset > MAX_PHY_MULTI_PAGE_REG) { @@ -102,7 +102,7 @@ Signed-off-by: Tim Harvey IGP01E1000_PHY_PAGE_SELECT, (u16)offset); if (ret_val) { -@@ -473,8 +471,8 @@ s32 igb_read_phy_reg_igp(struct e1000_hw +@@ -477,8 +475,8 @@ s32 igb_read_phy_reg_igp(struct e1000_hw } } @@ -113,7 +113,7 @@ Signed-off-by: Tim Harvey hw->phy.ops.release(hw); -@@ -503,7 +501,7 @@ s32 igb_write_phy_reg_igp(struct e1000_h +@@ -507,7 +505,7 @@ s32 igb_write_phy_reg_igp(struct e1000_h goto out; if (offset > MAX_PHY_MULTI_PAGE_REG) { @@ -122,7 +122,7 @@ Signed-off-by: Tim Harvey IGP01E1000_PHY_PAGE_SELECT, (u16)offset); if (ret_val) { -@@ -512,8 +510,8 @@ s32 igb_write_phy_reg_igp(struct e1000_h +@@ -516,8 +514,8 @@ s32 igb_write_phy_reg_igp(struct e1000_h } } @@ -133,7 +133,7 @@ Signed-off-by: Tim Harvey hw->phy.ops.release(hw); -@@ -2464,8 +2462,9 @@ out: +@@ -2468,8 +2466,9 @@ out: } /** @@ -144,7 +144,7 @@ Signed-off-by: Tim Harvey * @offset: lower half is register offset to write to * upper half is page to use. * @data: data to write at register offset -@@ -2473,7 +2472,7 @@ out: +@@ -2477,7 +2476,7 @@ out: * Acquires semaphore, if necessary, then writes the data to PHY register * at the offset. Release any acquired semaphores before exiting. **/ @@ -153,7 +153,7 @@ Signed-off-by: Tim Harvey { s32 ret_val; u16 page = offset >> GS40G_PAGE_SHIFT; -@@ -2483,10 +2482,10 @@ s32 igb_write_phy_reg_gs40g(struct e1000 +@@ -2487,10 +2486,10 @@ s32 igb_write_phy_reg_gs40g(struct e1000 if (ret_val) return ret_val; @@ -166,7 +166,7 @@ Signed-off-by: Tim Harvey release: hw->phy.ops.release(hw); -@@ -2494,8 +2493,24 @@ release: +@@ -2498,8 +2497,24 @@ release: } /** @@ -192,7 +192,7 @@ Signed-off-by: Tim Harvey * @offset: lower half is register offset to read to * upper half is page to use. * @data: data to read at register offset -@@ -2503,7 +2518,7 @@ release: +@@ -2507,7 +2522,7 @@ release: * Acquires semaphore, if necessary, then reads the data in the PHY register * at the offset. Release any acquired semaphores before exiting. **/ @@ -201,7 +201,7 @@ Signed-off-by: Tim Harvey { s32 ret_val; u16 page = offset >> GS40G_PAGE_SHIFT; -@@ -2513,10 +2528,10 @@ s32 igb_read_phy_reg_gs40g(struct e1000_ +@@ -2517,10 +2532,10 @@ s32 igb_read_phy_reg_gs40g(struct e1000_ if (ret_val) return ret_val; @@ -214,7 +214,7 @@ Signed-off-by: Tim Harvey release: hw->phy.ops.release(hw); -@@ -2524,6 +2539,21 @@ release: +@@ -2528,6 +2543,21 @@ release: } /** diff --git a/target/linux/ixp4xx/patches-3.18/600-skb_avoid_dmabounce.patch b/target/linux/ixp4xx/patches-3.18/600-skb_avoid_dmabounce.patch index 65b1c1f51e..f495fbf2bf 100644 --- a/target/linux/ixp4xx/patches-3.18/600-skb_avoid_dmabounce.patch +++ b/target/linux/ixp4xx/patches-3.18/600-skb_avoid_dmabounce.patch @@ -1,6 +1,6 @@ --- a/net/core/skbuff.c +++ b/net/core/skbuff.c -@@ -210,6 +210,9 @@ struct sk_buff *__alloc_skb(unsigned int +@@ -212,6 +212,9 @@ struct sk_buff *__alloc_skb(unsigned int if (sk_memalloc_socks() && (flags & SKB_ALLOC_RX)) gfp_mask |= __GFP_MEMALLOC; @@ -10,7 +10,7 @@ /* Get the HEAD */ skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node); -@@ -1096,6 +1099,10 @@ int pskb_expand_head(struct sk_buff *skb +@@ -1098,6 +1101,10 @@ int pskb_expand_head(struct sk_buff *skb if (skb_shared(skb)) BUG(); diff --git a/target/linux/lantiq/patches-3.18/0026-NET-multi-phy-support.patch b/target/linux/lantiq/patches-3.18/0026-NET-multi-phy-support.patch index 5943602adb..27d3bcea6c 100644 --- a/target/linux/lantiq/patches-3.18/0026-NET-multi-phy-support.patch +++ b/target/linux/lantiq/patches-3.18/0026-NET-multi-phy-support.patch @@ -11,7 +11,7 @@ Signed-off-by: John Crispin --- a/drivers/net/phy/phy.c +++ b/drivers/net/phy/phy.c -@@ -838,7 +838,8 @@ void phy_state_machine(struct work_struc +@@ -841,7 +841,8 @@ void phy_state_machine(struct work_struc /* If the link is down, give up on negotiation for now */ if (!phydev->link) { phydev->state = PHY_NOLINK; @@ -21,7 +21,7 @@ Signed-off-by: John Crispin phydev->adjust_link(phydev->attached_dev); break; } -@@ -911,7 +912,8 @@ void phy_state_machine(struct work_struc +@@ -914,7 +915,8 @@ void phy_state_machine(struct work_struc netif_carrier_on(phydev->attached_dev); } else { phydev->state = PHY_NOLINK; @@ -31,7 +31,7 @@ Signed-off-by: John Crispin } phydev->adjust_link(phydev->attached_dev); -@@ -923,7 +925,8 @@ void phy_state_machine(struct work_struc +@@ -926,7 +928,8 @@ void phy_state_machine(struct work_struc case PHY_HALTED: if (phydev->link) { phydev->link = 0; diff --git a/target/linux/lantiq/patches-3.18/0032-USB-fix-roothub-for-IFXHCD.patch b/target/linux/lantiq/patches-3.18/0032-USB-fix-roothub-for-IFXHCD.patch index 4278669dda..303cb2704d 100644 --- a/target/linux/lantiq/patches-3.18/0032-USB-fix-roothub-for-IFXHCD.patch +++ b/target/linux/lantiq/patches-3.18/0032-USB-fix-roothub-for-IFXHCD.patch @@ -20,7 +20,7 @@ Subject: [PATCH 32/36] USB: fix roothub for IFXHCD choice --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c -@@ -4321,7 +4321,7 @@ hub_port_init (struct usb_hub *hub, stru +@@ -4320,7 +4320,7 @@ hub_port_init (struct usb_hub *hub, stru udev->ttport = hdev->ttport; } else if (udev->speed != USB_SPEED_HIGH && hdev->speed == USB_SPEED_HIGH) { diff --git a/target/linux/mcs814x/patches-3.18/008-mcs814x_gpio.patch b/target/linux/mcs814x/patches-3.18/008-mcs814x_gpio.patch index 92c85a700f..f0944bffd3 100644 --- a/target/linux/mcs814x/patches-3.18/008-mcs814x_gpio.patch +++ b/target/linux/mcs814x/patches-3.18/008-mcs814x_gpio.patch @@ -1,6 +1,6 @@ --- a/drivers/gpio/Kconfig +++ b/drivers/gpio/Kconfig -@@ -819,6 +819,12 @@ config GPIO_MC33880 +@@ -820,6 +820,12 @@ config GPIO_MC33880 SPI driver for Freescale MC33880 high-side/low-side switch. This provides GPIO interface supporting inputs and outputs. diff --git a/target/linux/mvebu/patches-3.18/700-usb_xhci_plat_phy_support.patch b/target/linux/mvebu/patches-3.18/700-usb_xhci_plat_phy_support.patch index 7631b6c5cd..93666dbc78 100644 --- a/target/linux/mvebu/patches-3.18/700-usb_xhci_plat_phy_support.patch +++ b/target/linux/mvebu/patches-3.18/700-usb_xhci_plat_phy_support.patch @@ -37,8 +37,8 @@ put_usb3_hcd: usb_put_hcd(xhci->shared_hcd); -@@ -190,6 +206,7 @@ static int xhci_plat_remove(struct platf - struct clk *clk = xhci->clk; +@@ -192,6 +208,7 @@ static int xhci_plat_remove(struct platf + xhci->xhc_state |= XHCI_STATE_REMOVING; usb_remove_hcd(xhci->shared_hcd); + usb_phy_shutdown(hcd->usb_phy); diff --git a/target/linux/ramips/patches-3.18/0033-NET-multi-phy-support.patch b/target/linux/ramips/patches-3.18/0033-NET-multi-phy-support.patch index f6d2456bad..1baf40dadb 100644 --- a/target/linux/ramips/patches-3.18/0033-NET-multi-phy-support.patch +++ b/target/linux/ramips/patches-3.18/0033-NET-multi-phy-support.patch @@ -11,7 +11,7 @@ Signed-off-by: John Crispin --- a/drivers/net/phy/phy.c +++ b/drivers/net/phy/phy.c -@@ -838,7 +838,8 @@ void phy_state_machine(struct work_struc +@@ -841,7 +841,8 @@ void phy_state_machine(struct work_struc /* If the link is down, give up on negotiation for now */ if (!phydev->link) { phydev->state = PHY_NOLINK; @@ -21,7 +21,7 @@ Signed-off-by: John Crispin phydev->adjust_link(phydev->attached_dev); break; } -@@ -911,7 +912,8 @@ void phy_state_machine(struct work_struc +@@ -914,7 +915,8 @@ void phy_state_machine(struct work_struc netif_carrier_on(phydev->attached_dev); } else { phydev->state = PHY_NOLINK; @@ -31,7 +31,7 @@ Signed-off-by: John Crispin } phydev->adjust_link(phydev->attached_dev); -@@ -923,7 +925,8 @@ void phy_state_machine(struct work_struc +@@ -926,7 +928,8 @@ void phy_state_machine(struct work_struc case PHY_HALTED: if (phydev->link) { phydev->link = 0; diff --git a/target/linux/ramips/patches-3.18/0057-uvc-add-iPassion-iP2970-support.patch b/target/linux/ramips/patches-3.18/0057-uvc-add-iPassion-iP2970-support.patch index 0828cc51b1..28f00c1f27 100644 --- a/target/linux/ramips/patches-3.18/0057-uvc-add-iPassion-iP2970-support.patch +++ b/target/linux/ramips/patches-3.18/0057-uvc-add-iPassion-iP2970-support.patch @@ -13,7 +13,7 @@ Signed-off-by: John Crispin --- a/drivers/media/usb/uvc/uvc_driver.c +++ b/drivers/media/usb/uvc/uvc_driver.c -@@ -2504,6 +2504,20 @@ static struct usb_device_id uvc_ids[] = +@@ -2610,6 +2610,20 @@ static struct usb_device_id uvc_ids[] = .bInterfaceProtocol = 0, .driver_info = UVC_QUIRK_PROBE_MINMAX | UVC_QUIRK_IGNORE_SELECTOR_UNIT }, diff --git a/target/linux/ramips/patches-3.18/0062-mt7621-add-ECHI-OCHI-XCHI-support.patch b/target/linux/ramips/patches-3.18/0062-mt7621-add-ECHI-OCHI-XCHI-support.patch index a5e46659f9..37b79036de 100644 --- a/target/linux/ramips/patches-3.18/0062-mt7621-add-ECHI-OCHI-XCHI-support.patch +++ b/target/linux/ramips/patches-3.18/0062-mt7621-add-ECHI-OCHI-XCHI-support.patch @@ -16,7 +16,7 @@ /* EHCI, OHCI */ --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c -@@ -1304,7 +1304,7 @@ static void hub_quiesce(struct usb_hub * +@@ -1261,7 +1261,7 @@ static void hub_quiesce(struct usb_hub * if (type != HUB_SUSPEND) { /* Disconnect all the children */ for (i = 0; i < hdev->maxchild; ++i) { @@ -5062,7 +5062,7 @@ irq = platform_get_irq(pdev, 0); +#endif if (irq < 0) - return -ENODEV; + return irq; --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -5087,7 +5087,7 @@ return 1; } -@@ -2843,6 +2847,7 @@ static int prepare_ring(struct xhci_hcd +@@ -2835,6 +2839,7 @@ static int prepare_ring(struct xhci_hcd next = ring->enqueue; while (last_trb(xhci, ring, ring->enq_seg, next)) { @@ -5095,7 +5095,7 @@ /* If we're not dealing with 0.95 hardware or isoc rings * on AMD 0.96 host, clear the chain bit. */ -@@ -2852,6 +2857,9 @@ static int prepare_ring(struct xhci_hcd +@@ -2844,6 +2849,9 @@ static int prepare_ring(struct xhci_hcd next->link.control &= cpu_to_le32(~TRB_CHAIN); else next->link.control |= cpu_to_le32(TRB_CHAIN); @@ -5105,7 +5105,7 @@ wmb(); next->link.control ^= cpu_to_le32(TRB_CYCLE); -@@ -2982,6 +2990,9 @@ static void giveback_first_trb(struct xh +@@ -2974,6 +2982,9 @@ static void giveback_first_trb(struct xh start_trb->field[3] |= cpu_to_le32(start_cycle); else start_trb->field[3] &= cpu_to_le32(~TRB_CYCLE); @@ -5115,7 +5115,7 @@ xhci_ring_ep_doorbell(xhci, slot_id, ep_index, stream_id); } -@@ -3037,6 +3048,29 @@ static u32 xhci_td_remainder(unsigned in +@@ -3029,6 +3040,29 @@ static u32 xhci_td_remainder(unsigned in return (remainder >> 10) << 17; } @@ -5145,7 +5145,7 @@ /* * For xHCI 1.0 host controllers, TD size is the number of max packet sized * packets remaining in the TD (*not* including this TRB). -@@ -3194,6 +3228,7 @@ static int queue_bulk_sg_tx(struct xhci_ +@@ -3186,6 +3220,7 @@ static int queue_bulk_sg_tx(struct xhci_ } /* Set the TRB length, TD size, and interrupter fields. */ @@ -5153,7 +5153,7 @@ if (xhci->hci_version < 0x100) { remainder = xhci_td_remainder( urb->transfer_buffer_length - -@@ -3203,6 +3238,12 @@ static int queue_bulk_sg_tx(struct xhci_ +@@ -3195,6 +3230,12 @@ static int queue_bulk_sg_tx(struct xhci_ trb_buff_len, total_packet_count, urb, num_trbs - 1); } @@ -5166,7 +5166,7 @@ length_field = TRB_LEN(trb_buff_len) | remainder | TRB_INTR_TARGET(0); -@@ -3267,6 +3308,9 @@ int xhci_queue_bulk_tx(struct xhci_hcd * +@@ -3259,6 +3300,9 @@ int xhci_queue_bulk_tx(struct xhci_hcd * int running_total, trb_buff_len, ret; unsigned int total_packet_count; u64 addr; @@ -5176,7 +5176,7 @@ if (urb->num_sgs) return queue_bulk_sg_tx(xhci, mem_flags, urb, slot_id, ep_index); -@@ -3291,6 +3335,25 @@ int xhci_queue_bulk_tx(struct xhci_hcd * +@@ -3283,6 +3327,25 @@ int xhci_queue_bulk_tx(struct xhci_hcd * num_trbs++; running_total += TRB_MAX_BUFF_SIZE; } @@ -5202,7 +5202,7 @@ ret = prepare_transfer(xhci, xhci->devs[slot_id], ep_index, urb->stream_id, -@@ -3367,6 +3430,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd * +@@ -3359,6 +3422,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd * field |= TRB_ISP; /* Set the TRB length, TD size, and interrupter fields. */ @@ -5210,7 +5210,7 @@ if (xhci->hci_version < 0x100) { remainder = xhci_td_remainder( urb->transfer_buffer_length - -@@ -3376,6 +3440,10 @@ int xhci_queue_bulk_tx(struct xhci_hcd * +@@ -3368,6 +3432,10 @@ int xhci_queue_bulk_tx(struct xhci_hcd * trb_buff_len, total_packet_count, urb, num_trbs - 1); } @@ -5221,7 +5221,7 @@ length_field = TRB_LEN(trb_buff_len) | remainder | TRB_INTR_TARGET(0); -@@ -3465,7 +3533,11 @@ int xhci_queue_ctrl_tx(struct xhci_hcd * +@@ -3457,7 +3525,11 @@ int xhci_queue_ctrl_tx(struct xhci_hcd * field |= 0x1; /* xHCI 1.0/1.1 6.4.1.2.1: Transfer Type field */ @@ -5233,7 +5233,7 @@ if (urb->transfer_buffer_length > 0) { if (setup->bRequestType & USB_DIR_IN) field |= TRB_TX_TYPE(TRB_DATA_IN); -@@ -3489,7 +3561,12 @@ int xhci_queue_ctrl_tx(struct xhci_hcd * +@@ -3481,7 +3553,12 @@ int xhci_queue_ctrl_tx(struct xhci_hcd * field = TRB_TYPE(TRB_DATA); length_field = TRB_LEN(urb->transfer_buffer_length) | @@ -5246,7 +5246,7 @@ TRB_INTR_TARGET(0); if (urb->transfer_buffer_length > 0) { if (setup->bRequestType & USB_DIR_IN) -@@ -3612,6 +3689,9 @@ static int xhci_queue_isoc_tx(struct xhc +@@ -3604,6 +3681,9 @@ static int xhci_queue_isoc_tx(struct xhc u64 start_addr, addr; int i, j; bool more_trbs_coming; @@ -5256,7 +5256,7 @@ ep_ring = xhci->devs[slot_id]->eps[ep_index].ring; -@@ -3625,6 +3705,21 @@ static int xhci_queue_isoc_tx(struct xhc +@@ -3617,6 +3697,21 @@ static int xhci_queue_isoc_tx(struct xhc start_trb = &ep_ring->enqueue->generic; start_cycle = ep_ring->cycle_state; @@ -5278,7 +5278,7 @@ urb_priv = urb->hcpriv; /* Queue the first TRB, even if it's zero-length */ for (i = 0; i < num_tds; i++) { -@@ -3696,9 +3791,13 @@ static int xhci_queue_isoc_tx(struct xhc +@@ -3688,9 +3783,13 @@ static int xhci_queue_isoc_tx(struct xhc } else { td->last_trb = ep_ring->enqueue; field |= TRB_IOC; @@ -5292,7 +5292,7 @@ /* Set BEI bit except for the last td */ if (i < num_tds - 1) field |= TRB_BEI; -@@ -3713,6 +3812,7 @@ static int xhci_queue_isoc_tx(struct xhc +@@ -3705,6 +3804,7 @@ static int xhci_queue_isoc_tx(struct xhc trb_buff_len = td_remain_len; /* Set the TRB length, TD size, & interrupter fields. */ @@ -5300,7 +5300,7 @@ if (xhci->hci_version < 0x100) { remainder = xhci_td_remainder( td_len - running_total); -@@ -3722,6 +3822,10 @@ static int xhci_queue_isoc_tx(struct xhc +@@ -3714,6 +3814,10 @@ static int xhci_queue_isoc_tx(struct xhc total_packet_count, urb, (trbs_per_td - j - 1)); } @@ -5413,7 +5413,7 @@ xhci_dbg_trace(xhci, trace_xhci_dbg_init, "Finished xhci_run for USB2 roothub"); return 0; -@@ -1651,6 +1692,14 @@ int xhci_drop_endpoint(struct usb_hcd *h +@@ -1638,6 +1679,14 @@ int xhci_drop_endpoint(struct usb_hcd *h u32 drop_flag; u32 new_add_flags, new_drop_flags; int ret; @@ -5428,7 +5428,7 @@ ret = xhci_check_args(hcd, udev, ep, 1, true, __func__); if (ret <= 0) -@@ -1698,6 +1747,40 @@ int xhci_drop_endpoint(struct usb_hcd *h +@@ -1685,6 +1734,40 @@ int xhci_drop_endpoint(struct usb_hcd *h xhci_endpoint_zero(xhci, xhci->devs[udev->slot_id], ep); @@ -5469,7 +5469,7 @@ xhci_dbg(xhci, "drop ep 0x%x, slot id %d, new drop flags = %#x, new add flags = %#x\n", (unsigned int) ep->desc.bEndpointAddress, udev->slot_id, -@@ -1730,6 +1813,19 @@ int xhci_add_endpoint(struct usb_hcd *hc +@@ -1717,6 +1800,19 @@ int xhci_add_endpoint(struct usb_hcd *hc u32 new_add_flags, new_drop_flags; struct xhci_virt_device *virt_dev; int ret = 0; @@ -5489,7 +5489,7 @@ ret = xhci_check_args(hcd, udev, ep, 1, true, __func__); if (ret <= 0) { -@@ -1796,6 +1892,56 @@ int xhci_add_endpoint(struct usb_hcd *hc +@@ -1783,6 +1879,56 @@ int xhci_add_endpoint(struct usb_hcd *hc return -ENOMEM; } @@ -5546,7 +5546,7 @@ ctrl_ctx->add_flags |= cpu_to_le32(added_ctxs); new_add_flags = le32_to_cpu(ctrl_ctx->add_flags); -@@ -4467,8 +4613,14 @@ static u16 xhci_call_host_update_timeout +@@ -4454,8 +4600,14 @@ static u16 xhci_call_host_update_timeout u16 *timeout) { if (state == USB3_LPM_U1) @@ -5561,7 +5561,7 @@ return xhci_calculate_u2_timeout(xhci, udev, desc); return USB3_LPM_DISABLED; -@@ -4853,7 +5005,9 @@ int xhci_gen_setup(struct usb_hcd *hcd, +@@ -4840,7 +4992,9 @@ int xhci_gen_setup(struct usb_hcd *hcd, hcd->self.no_sg_constraint = 1; /* XHCI controllers don't stop the ep queue on short packets :| */ @@ -5571,7 +5571,7 @@ if (usb_hcd_is_primary_hcd(hcd)) { xhci = kzalloc(sizeof(struct xhci_hcd), GFP_KERNEL); -@@ -4926,6 +5080,10 @@ int xhci_gen_setup(struct usb_hcd *hcd, +@@ -4913,6 +5067,10 @@ int xhci_gen_setup(struct usb_hcd *hcd, if (xhci->quirks & XHCI_NO_64BIT_SUPPORT) xhci->hcc_params &= ~BIT(0); @@ -5582,7 +5582,7 @@ /* Set dma_mask and coherent_dma_mask to 64-bits, * if xHC supports 64-bit addressing */ if (HCC_64BIT_ADDR(xhci->hcc_params) && -@@ -5020,8 +5178,57 @@ MODULE_DESCRIPTION(DRIVER_DESC); +@@ -5007,8 +5165,57 @@ MODULE_DESCRIPTION(DRIVER_DESC); MODULE_AUTHOR(DRIVER_AUTHOR); MODULE_LICENSE("GPL"); From 16fbd1e117bce5b215ccb82e1f879184538c6152 Mon Sep 17 00:00:00 2001 From: Zoltan HERPAI Date: Mon, 18 Sep 2017 13:28:31 +0200 Subject: [PATCH 32/38] CC: kernel: upgrade to 3.18.71 - refresh patches - fix patches for UML - runtime-tested on ar71xx, imx6, sunxi Signed-off-by: Zoltan HERPAI --- include/kernel-version.mk | 4 ++-- .../patches-3.18/007-adm5120_pci.patch | 2 +- .../patches-3.18/002-adm8668_pci.patch | 2 +- .../ar7/patches-3.18/500-serial_kludge.patch | 2 +- .../ar7/patches-3.18/950-cpmac_titan.patch | 10 +++++----- .../902-unaligned_access_hacks.patch | 20 +++++++++---------- .../811-pci_disable_usb_common_quirks.patch | 6 +++--- ...mx6_ventana_fixup-for-IRQ-mismapping.patch | 2 +- .../0001-MIPS-lantiq-add-pcie-driver.patch | 2 +- ...334-video-da8xx-fb-adding-dt-support.patch | 10 +++++----- ...dd-API-to-register-wait-for-vsync-ca.patch | 6 +++--- ...ix-defect-with-vsync-callback-invoca.patch | 4 ++-- .../001-fix_make_headers_install.patch | 3 ++- ...e-3-wire-spi-mode-for-the-display-fo.patch | 2 +- 14 files changed, 38 insertions(+), 37 deletions(-) diff --git a/include/kernel-version.mk b/include/kernel-version.mk index 87fd7a5fe6..107246aefd 100644 --- a/include/kernel-version.mk +++ b/include/kernel-version.mk @@ -2,9 +2,9 @@ LINUX_RELEASE?=1 -LINUX_VERSION-3.18 = .68 +LINUX_VERSION-3.18 = .71 -LINUX_KERNEL_MD5SUM-3.18.68 = 5022a104125feab1042d86d72d66f447 +LINUX_KERNEL_MD5SUM-3.18.71 = 98875fe779041e89c37e51b0208011ea ifdef KERNEL_PATCHVER LINUX_VERSION:=$(KERNEL_PATCHVER)$(strip $(LINUX_VERSION-$(KERNEL_PATCHVER))) diff --git a/target/linux/adm5120/patches-3.18/007-adm5120_pci.patch b/target/linux/adm5120/patches-3.18/007-adm5120_pci.patch index a5a0abf43b..7a84217bee 100644 --- a/target/linux/adm5120/patches-3.18/007-adm5120_pci.patch +++ b/target/linux/adm5120/patches-3.18/007-adm5120_pci.patch @@ -10,7 +10,7 @@ obj-$(CONFIG_PCI_AR724X) += pci-ar724x.o --- a/include/linux/pci_ids.h +++ b/include/linux/pci_ids.h -@@ -1820,6 +1820,9 @@ +@@ -1821,6 +1821,9 @@ #define PCI_VENDOR_ID_CB 0x1307 /* Measurement Computing */ diff --git a/target/linux/adm8668/patches-3.18/002-adm8668_pci.patch b/target/linux/adm8668/patches-3.18/002-adm8668_pci.patch index 70ee00db5a..d013d08b5d 100644 --- a/target/linux/adm8668/patches-3.18/002-adm8668_pci.patch +++ b/target/linux/adm8668/patches-3.18/002-adm8668_pci.patch @@ -10,7 +10,7 @@ obj-$(CONFIG_CAVIUM_OCTEON_SOC) += msi-octeon.o --- a/include/linux/pci_ids.h +++ b/include/linux/pci_ids.h -@@ -1820,6 +1820,9 @@ +@@ -1821,6 +1821,9 @@ #define PCI_VENDOR_ID_CB 0x1307 /* Measurement Computing */ diff --git a/target/linux/ar7/patches-3.18/500-serial_kludge.patch b/target/linux/ar7/patches-3.18/500-serial_kludge.patch index 08bd6a6f2d..fc725309a8 100644 --- a/target/linux/ar7/patches-3.18/500-serial_kludge.patch +++ b/target/linux/ar7/patches-3.18/500-serial_kludge.patch @@ -14,7 +14,7 @@ }; /* Uart divisor latch read */ -@@ -3174,7 +3181,11 @@ static void serial8250_console_putchar(s +@@ -3168,7 +3175,11 @@ static void serial8250_console_putchar(s { struct uart_8250_port *up = up_to_u8250p(port); diff --git a/target/linux/ar7/patches-3.18/950-cpmac_titan.patch b/target/linux/ar7/patches-3.18/950-cpmac_titan.patch index f1d432cc4c..3cabae067a 100644 --- a/target/linux/ar7/patches-3.18/950-cpmac_titan.patch +++ b/target/linux/ar7/patches-3.18/950-cpmac_titan.patch @@ -1,6 +1,6 @@ --- a/drivers/net/ethernet/ti/cpmac.c +++ b/drivers/net/ethernet/ti/cpmac.c -@@ -1146,6 +1146,8 @@ static int cpmac_probe(struct platform_d +@@ -1147,6 +1147,8 @@ static int cpmac_probe(struct platform_d goto out; } @@ -9,7 +9,7 @@ dev->irq = platform_get_irq_byname(pdev, "irq"); dev->netdev_ops = &cpmac_netdev_ops; -@@ -1227,7 +1229,7 @@ int cpmac_init(void) +@@ -1228,7 +1230,7 @@ int cpmac_init(void) cpmac_mii->reset = cpmac_mdio_reset; cpmac_mii->irq = mii_irqs; @@ -18,8 +18,8 @@ if (!cpmac_mii->priv) { pr_err("Can't ioremap mdio registers\n"); -@@ -1238,10 +1240,16 @@ int cpmac_init(void) - #warning FIXME: unhardcode gpio&reset bits +@@ -1239,10 +1241,16 @@ int cpmac_init(void) + /* FIXME: unhardcode gpio&reset bits */ ar7_gpio_disable(26); ar7_gpio_disable(27); - ar7_device_reset(AR7_RESET_BIT_CPMAC_LO); @@ -37,7 +37,7 @@ cpmac_mii->reset(cpmac_mii); for (i = 0; i < 300; i++) { -@@ -1258,7 +1266,11 @@ int cpmac_init(void) +@@ -1259,7 +1267,11 @@ int cpmac_init(void) mask = 0; } diff --git a/target/linux/ar71xx/patches-3.18/902-unaligned_access_hacks.patch b/target/linux/ar71xx/patches-3.18/902-unaligned_access_hacks.patch index 9310b503c6..8da26fd2ea 100644 --- a/target/linux/ar71xx/patches-3.18/902-unaligned_access_hacks.patch +++ b/target/linux/ar71xx/patches-3.18/902-unaligned_access_hacks.patch @@ -210,7 +210,7 @@ #include #include #include -@@ -837,10 +838,10 @@ static void tcp_v6_send_response(struct +@@ -844,10 +845,10 @@ static void tcp_v6_send_response(struct topt = (__be32 *)(t1 + 1); if (tsecr) { @@ -237,7 +237,7 @@ */ --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c -@@ -386,7 +386,7 @@ int ipv6_recv_error(struct sock *sk, str +@@ -390,7 +390,7 @@ int ipv6_recv_error(struct sock *sk, str ipv6_iface_scope_id(&sin->sin6_addr, IP6CB(skb)->iif); } else { @@ -246,7 +246,7 @@ &sin->sin6_addr); sin->sin6_scope_id = 0; } -@@ -720,12 +720,12 @@ int ip6_datagram_send_ctl(struct net *ne +@@ -724,12 +724,12 @@ int ip6_datagram_send_ctl(struct net *ne } if (fl6->flowlabel&IPV6_FLOWINFO_MASK) { @@ -263,7 +263,7 @@ case IPV6_2292HOPOPTS: --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c -@@ -476,11 +476,11 @@ static int ip6gre_rcv(struct sk_buff *sk +@@ -479,11 +479,11 @@ static int ip6gre_rcv(struct sk_buff *sk offset += 4; } if (flags&GRE_KEY) { @@ -277,7 +277,7 @@ offset += 4; } } -@@ -745,7 +745,7 @@ static netdev_tx_t ip6gre_xmit2(struct s +@@ -748,7 +748,7 @@ static netdev_tx_t ip6gre_xmit2(struct s if (tunnel->parms.o_flags&GRE_SEQ) { ++tunnel->o_seqno; @@ -286,7 +286,7 @@ ptr--; } if (tunnel->parms.o_flags&GRE_KEY) { -@@ -841,7 +841,7 @@ static inline int ip6gre_xmit_ipv6(struc +@@ -844,7 +844,7 @@ static inline int ip6gre_xmit_ipv6(struc dsfield = ipv6_get_dsfield(ipv6h); if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) @@ -297,7 +297,7 @@ if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c -@@ -1291,7 +1291,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str +@@ -1301,7 +1301,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str dsfield = ipv6_get_dsfield(ipv6h); if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) @@ -606,7 +606,7 @@ goto next_ht; --- a/net/ipv6/ip6_offload.c +++ b/net/ipv6/ip6_offload.c -@@ -221,7 +221,7 @@ static struct sk_buff **ipv6_gro_receive +@@ -224,7 +224,7 @@ static struct sk_buff **ipv6_gro_receive continue; iph2 = (struct ipv6hdr *)(p->data + off); @@ -617,7 +617,7 @@ * XXX skbs on the gro_list have all been parsed and pulled --- a/include/net/addrconf.h +++ b/include/net/addrconf.h -@@ -43,7 +43,7 @@ struct prefix_info { +@@ -45,7 +45,7 @@ struct prefix_info { __be32 reserved2; struct in6_addr prefix; @@ -831,7 +831,7 @@ --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -3683,14 +3683,16 @@ static bool tcp_parse_aligned_timestamp( +@@ -3682,14 +3682,16 @@ static bool tcp_parse_aligned_timestamp( { const __be32 *ptr = (const __be32 *)(th + 1); diff --git a/target/linux/generic/patches-3.18/811-pci_disable_usb_common_quirks.patch b/target/linux/generic/patches-3.18/811-pci_disable_usb_common_quirks.patch index d1da5062bc..ddc8549634 100644 --- a/target/linux/generic/patches-3.18/811-pci_disable_usb_common_quirks.patch +++ b/target/linux/generic/patches-3.18/811-pci_disable_usb_common_quirks.patch @@ -10,7 +10,7 @@ static struct amd_chipset_info { struct pci_dev *nb_dev; struct pci_dev *smbus_dev; -@@ -461,6 +463,10 @@ void usb_amd_dev_put(void) +@@ -462,6 +464,10 @@ void usb_amd_dev_put(void) } EXPORT_SYMBOL_GPL(usb_amd_dev_put); @@ -21,7 +21,7 @@ /* * Make sure the controller is completely inactive, unable to * generate interrupts or do DMA. -@@ -540,8 +546,17 @@ reset_needed: +@@ -541,8 +547,17 @@ reset_needed: uhci_reset_hc(pdev, base); return 1; } @@ -39,7 +39,7 @@ static inline int io_type_enabled(struct pci_dev *pdev, unsigned int mask) { u16 cmd; -@@ -1102,3 +1117,4 @@ static void quirk_usb_early_handoff(stru +@@ -1103,3 +1118,4 @@ static void quirk_usb_early_handoff(stru } DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_SERIAL_USB, 8, quirk_usb_early_handoff); diff --git a/target/linux/imx6/patches-3.18/201-pci_imx6_ventana_fixup-for-IRQ-mismapping.patch b/target/linux/imx6/patches-3.18/201-pci_imx6_ventana_fixup-for-IRQ-mismapping.patch index 4e75086c9e..e81cb31138 100644 --- a/target/linux/imx6/patches-3.18/201-pci_imx6_ventana_fixup-for-IRQ-mismapping.patch +++ b/target/linux/imx6/patches-3.18/201-pci_imx6_ventana_fixup-for-IRQ-mismapping.patch @@ -71,7 +71,7 @@ Date: Thu Feb 27 00:59:53 2014 -0800 return ret; --- a/include/linux/pci_ids.h +++ b/include/linux/pci_ids.h -@@ -827,6 +827,7 @@ +@@ -828,6 +828,7 @@ #define PCI_DEVICE_ID_TI_XX12 0x8039 #define PCI_DEVICE_ID_TI_XX12_FM 0x803b #define PCI_DEVICE_ID_TI_XIO2000A 0x8231 diff --git a/target/linux/lantiq/patches-3.18/0001-MIPS-lantiq-add-pcie-driver.patch b/target/linux/lantiq/patches-3.18/0001-MIPS-lantiq-add-pcie-driver.patch index 4e0a51298e..f68ed54dc5 100644 --- a/target/linux/lantiq/patches-3.18/0001-MIPS-lantiq-add-pcie-driver.patch +++ b/target/linux/lantiq/patches-3.18/0001-MIPS-lantiq-add-pcie-driver.patch @@ -5525,7 +5525,7 @@ Signed-off-by: John Crispin unsigned long type); --- a/include/linux/pci_ids.h +++ b/include/linux/pci_ids.h -@@ -1050,6 +1050,12 @@ +@@ -1051,6 +1051,12 @@ #define PCI_DEVICE_ID_SGI_LITHIUM 0x1002 #define PCI_DEVICE_ID_SGI_IOC4 0x100a diff --git a/target/linux/omap/patches-3.18/0334-video-da8xx-fb-adding-dt-support.patch b/target/linux/omap/patches-3.18/0334-video-da8xx-fb-adding-dt-support.patch index 265602cdca..8c1c3d4784 100644 --- a/target/linux/omap/patches-3.18/0334-video-da8xx-fb-adding-dt-support.patch +++ b/target/linux/omap/patches-3.18/0334-video-da8xx-fb-adding-dt-support.patch @@ -88,7 +88,7 @@ Signed-off-by: Darren Etheridge #include