mtk-20170518/include, branch v17.01.2 MTK 20170518 : Mediatek SDK based on OpenWRT Barrier Breaker LEDE v17.01.2: adjust config defaults 2017-06-10T11:08:02+00:00 Alexander Couzens lynxis@fe80.eu 2017-06-10T11:08:02+00:00 2da512ecf4631cd7812283f0931cf6bbf842a313 Signed-off-by: Alexander Couzens <lynxis@fe80.eu> 
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
build: ensure that flock is available for make download 2017-06-08T21:02:37+00:00 Felix Fietkau nbd@nbd.name 2017-06-08T09:05:05+00:00 65eec8bd5f6337956b972d07fde49eb5db9cb4a0 It ensures that make download can parallelize downloads, even when some packages download the same files (e.g. gcc/initial, gcc/final) Signed-off-by: Felix Fietkau <nbd@nbd.name> 
It ensures that make download can parallelize downloads, even when some
packages download the same files (e.g. gcc/initial, gcc/final)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
include/toplevel: set env GIT_ASKPASS=/bin/true 2017-06-08T21:02:37+00:00 Alexander Couzens lynxis@fe80.eu 2017-06-07T21:56:19+00:00 4053c4f0fefe6bc4bee0b65cb8a187a75267293c When git-https request a service (e.g. github) which ask for credentials git will pass this request to the user resulting download.pl to wait for user input. Set GIT_ASKPASS to stop asking. Signed-off-by: Alexander Couzens <lynxis@fe80.eu> 
When git-https request a service (e.g. github) which ask for credentials
git will pass this request to the user resulting download.pl to wait for
user input. Set GIT_ASKPASS to stop asking.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
kernel: update kernel 4.4 to 4.4.71 2017-06-07T19:24:41+00:00 Jo-Philipp Wich jo@mein.io 2017-06-07T19:24:41+00:00 4fbd0726240915d9d5e533563d500cf716902688 Fixes the following security vulnerabilities: CVE-2017-8890 The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. CVE-2017-9074 The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. CVE-2017-9075 The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9076 The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9077 The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9242 The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242 Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71 Signed-off-by: Jo-Philipp Wich <jo@mein.io> 
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
build: fix possible issue with kmod package having multiple AutoLoad's 2017-05-27T07:04:32+00:00 Yousong Zhou yszhou4tech@gmail.com 2017-05-27T02:22:02+00:00 a44d7bfb6352c7521bd8313ef8d2df3a16deabd7 This commit contains the following changes - Use local shell var where appliable - The $(sort $$$$$$$$mods) call will have no expected effect - Avoid EEXIST when creating symlinks in /etc/modules-boot.d/ - Avoid duplicate arguments for insert_modules() in postinst-pkg Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> 
This commit contains the following changes

 - Use local shell var where appliable
 - The $(sort $$$$$$$$mods) call will have no expected effect
 - Avoid EEXIST when creating symlinks in /etc/modules-boot.d/
 - Avoid duplicate arguments for insert_modules() in postinst-pkg

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
kernel: update kernel 4.4 to 4.4.70 2017-05-26T22:43:02+00:00 Hauke Mehrtens hauke@hauke-m.de 2017-05-26T22:18:01+00:00 e02b12c4cf24232ed84ca7f3f31bfcd748973df1 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
kernel: update kernel 4.4 to 4.4.69 2017-05-24T20:47:01+00:00 Stijn Segers francesco.borromini@inventati.org 2017-05-24T20:39:28+00:00 215c1d05b8bb7b99cc8c40a877f649c5b1c15198 Bump the 17.01 tree kernel to 4.4.69. Trunk 4.4 and 17.01 4.4 have diverged, talked this through with jow, he was okay with a clean diff against 17.01 and not a backported trunk patch. The following patches were applied upstream: * 062-[1-6]-MIPS-* series * 042-0004-mtd-bcm47xxpart-fix-parsing-first-block Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup, as it was incorrectly included upstream thus dropped from LEDE, but subsequently reverted upstream. Thanks to Kevin Darbyshire-Bryant for pointing me to it. Compile-tested on: ar71xx, ramips/mt7621, x86/64. Run-tested on: ar71xx, ramips/mt7621, x86/64. Signed-off-by: Stijn Segers <francesco.borromini@inventati.org> 
Bump the 17.01 tree kernel to 4.4.69. Trunk 4.4 and 17.01 4.4 have diverged, talked this
through with jow, he was okay with a clean diff against 17.01 and not a backported trunk
patch.

The following patches were applied upstream:

* 062-[1-6]-MIPS-* series
* 042-0004-mtd-bcm47xxpart-fix-parsing-first-block

Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup, as
it was incorrectly included upstream thus dropped from LEDE, but subsequently
reverted upstream. Thanks to Kevin Darbyshire-Bryant for pointing me to it.

  Compile-tested on: ar71xx, ramips/mt7621, x86/64.

  Run-tested on: ar71xx, ramips/mt7621, x86/64.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
image.mk: Generate cpiogz with root-owned files 2017-05-16T15:38:08+00:00 Michal Sojka sojkam1@fel.cvut.cz 2017-05-02T14:57:18+00:00 dbaaeae428d1d1d7cc326d5ac9bb9b5b967f960f Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio option to ensure that. Other image types (at least targz and squashfs) already have this. Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz> 
Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio
option to ensure that.

Other image types (at least targz and squashfs) already have this.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
build: fix symlinked .config handling 2017-05-02T14:11:09+00:00 Sergey Ryazanov ryazanov.s.a@gmail.com 2017-04-20T02:10:45+00:00 37cf92135272e3892b61335725c291a8828ea2c0 When running "make menuconfig" with symlinked .config (e.g. to env/.config) it renames symlink to .config.old, creates new .config file and writes updated configuration here. This breaks the desired workflow when changes in the configuration could be checked using "scripts/env diff" and commited with "scripts/env save". Since the env/.config file is not updated. Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces mconf to overwrite the .config content, instead of renaming it and creating a new file. This variable is set only if .config is a symlink, otherwise the variable is not exported and the old behaviour is preserved. Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com> 
When running "make menuconfig" with symlinked .config (e.g. to
env/.config) it renames symlink to .config.old, creates new .config file
and writes updated configuration here.

This breaks the desired workflow when changes in the configuration could
be checked using "scripts/env diff" and commited with
"scripts/env save". Since the env/.config file is not updated.

Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
kernel: update kernel 4.4 to 4.4.61 2017-04-15T15:20:51+00:00 Jo-Philipp Wich jo@mein.io 2017-04-15T15:00:49+00:00 6ca5ccc62019cf9376b552c0635f4242dd4fae0f Signed-off-by: Jo-Philipp Wich <jo@mein.io> 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>