diff --git a/include/feeds.mk b/include/feeds.mk index 97b1449..695b03b 100644 --- a/include/feeds.mk +++ b/include/feeds.mk @@ -10,10 +10,12 @@ FEEDS_AVAILABLE:=$(shell $(SCRIPT_DIR)/feeds list -n) FEEDS_INSTALLED:=$(notdir $(wildcard $(TOPDIR)/package/feeds/*)) FEEDS_ENABLED:=$(foreach feed,$(FEEDS_INSTALLED),$(if $(CONFIG_FEED_$(feed)),$(feed))) -FEEDS_DISABLED:=$(filter-out $(FEEDS_ENABLED),$(FEEDS_INSTALLED)) +FEEDS_DISABLED:=$(filter-out $(FEEDS_ENABLED),$(FEEDS_AVAILABLE)) PKG_CONFIG_DEPENDS += \ CONFIG_PER_FEED_REPO \ + CONFIG_PER_FEED_REPO_ADD_DISABLED \ + CONFIG_PER_FEED_REPO_ADD_COMMENTED \ $(foreach feed,$(FEEDS_INSTALLED),CONFIG_FEED_$(feed)) # 1: package name diff --git a/package/base-files/files/etc/sysctl.conf b/package/base-files/files/etc/sysctl.conf index 1225e46..8f3de1a 100644 --- a/package/base-files/files/etc/sysctl.conf +++ b/package/base-files/files/etc/sysctl.conf @@ -22,7 +22,6 @@ net.netfilter.nf_conntrack_max=16384 net.netfilter.nf_conntrack_tcp_timeout_established=7440 net.netfilter.nf_conntrack_udp_timeout=60 net.netfilter.nf_conntrack_udp_timeout_stream=180 -net.netfilter.nf_conntrack_skip_filter=1 # disable bridge firewalling by default net.bridge.bridge-nf-call-arptables=0 diff --git a/package/base-files/image-config.in b/package/base-files/image-config.in index 67604cd..c679a5b 100644 --- a/package/base-files/image-config.in +++ b/package/base-files/image-config.in @@ -217,11 +217,18 @@ menuconfig PER_FEED_REPO for the core packages and each enabled feed. config PER_FEED_REPO_ADD_DISABLED - bool "Add installed but disabled feeds to opkg.conf" + bool "Add available but not enabled feeds to opkg.conf" default y depends on PER_FEED_REPO help - Add installed but disabled feeds as commented out source lines to opkg.conf. + Add not installed or disabled feeds from feeds.conf to opkg.conf. + + config PER_FEED_REPO_ADD_COMMENTED + bool "Comment out not enabled feeds" + default y + depends on PER_FEED_REPO && PER_FEED_REPO_ADD_DISABLED + help + Add not enabled feeds as commented out source lines to opkg.conf. source "tmp/.config-feeds.in" diff --git a/package/kernel/linux/modules/block.mk b/package/kernel/linux/modules/block.mk index 8a84aa4..8c29e01 100644 --- a/package/kernel/linux/modules/block.mk +++ b/package/kernel/linux/modules/block.mk @@ -565,9 +565,9 @@ define KernelPackage/scsi-core CONFIG_SCSI \ CONFIG_BLK_DEV_SD FILES:= \ - $(if $(findstring y,$(CONFIG_SCSI)),,$(LINUX_DIR)/drivers/scsi/scsi_mod.ko) \ + $(LINUX_DIR)/drivers/scsi/scsi_mod.ko \ $(LINUX_DIR)/drivers/scsi/sd_mod.ko - AUTOLOAD:=$(call AutoLoad,40,sd_mod,1) + AUTOLOAD:=$(call AutoLoad,40,scsi_mod sd_mod,1) endef $(eval $(call KernelPackage,scsi-core)) diff --git a/package/kernel/mac80211/patches/300-pending_work.patch b/package/kernel/mac80211/patches/300-pending_work.patch index 10c5cad..b391d58 100644 --- a/package/kernel/mac80211/patches/300-pending_work.patch +++ b/package/kernel/mac80211/patches/300-pending_work.patch @@ -1,3 +1,20 @@ +commit 182a72b61971fc7120d6163b2077c06618c422a4 +Author: Felix Fietkau +Date: Thu Mar 12 17:10:50 2015 +0100 + + ath9k: fix tracking of enabled AP beacons + + sc->nbcnvifs tracks assigned beacon slots, not enabled beacons. + Therefore, it cannot be used to decide if cur_conf->enable_beacon (bool) + should be updated, or if beacons have been enabled already. + With the current code (depending on the order of calls), beacons often + do not get enabled in an AP+STA setup. + To fix tracking of enabled beacons, convert cur_conf->enable_beacon to a + bitmask of enabled beacon slots. + + Cc: stable@vger.kernel.org + Signed-off-by: Felix Fietkau + commit 228ee4473b89118993c17ead26381c490c44f9fb Author: Felix Fietkau Date: Sun Nov 30 20:34:16 2014 +0100 @@ -3552,3 +3569,71 @@ Date: Mon May 19 21:20:49 2014 +0200 break; default: ath_err(common, "Invalid TX queue type: %u\n", type); +--- a/drivers/net/wireless/ath/ath9k/beacon.c ++++ b/drivers/net/wireless/ath/ath9k/beacon.c +@@ -223,12 +223,15 @@ void ath9k_beacon_remove_slot(struct ath + struct ath_common *common = ath9k_hw_common(sc->sc_ah); + struct ath_vif *avp = (void *)vif->drv_priv; + struct ath_buf *bf = avp->av_bcbuf; ++ struct ath_beacon_config *cur_conf = &sc->cur_beacon_conf; + + ath_dbg(common, CONFIG, "Removing interface at beacon slot: %d\n", + avp->av_bslot); + + tasklet_disable(&sc->bcon_tasklet); + ++ cur_conf->enable_beacon &= ~BIT(avp->av_bslot); ++ + if (bf && bf->bf_mpdu) { + struct sk_buff *skb = bf->bf_mpdu; + dma_unmap_single(sc->dev, bf->bf_buf_addr, +@@ -503,8 +506,7 @@ static bool ath9k_allow_beacon_config(st + struct ath_vif *avp = (void *)vif->drv_priv; + + if (sc->sc_ah->opmode == NL80211_IFTYPE_AP) { +- if ((vif->type != NL80211_IFTYPE_AP) || +- (sc->nbcnvifs > 1)) { ++ if (vif->type != NL80211_IFTYPE_AP) { + ath_dbg(common, CONFIG, + "An AP interface is already present !\n"); + return false; +@@ -567,6 +569,7 @@ void ath9k_beacon_config(struct ath_soft + struct ath_beacon_config *cur_conf = &sc->cur_beacon_conf; + struct ath_hw *ah = sc->sc_ah; + struct ath_common *common = ath9k_hw_common(ah); ++ struct ath_vif *avp = (void *)vif->drv_priv; + unsigned long flags; + bool skip_beacon = false; + +@@ -588,12 +591,14 @@ void ath9k_beacon_config(struct ath_soft + * enabling/disabling SWBA. + */ + if (changed & BSS_CHANGED_BEACON_ENABLED) { +- if (!bss_conf->enable_beacon && +- (sc->nbcnvifs <= 1)) { +- cur_conf->enable_beacon = false; +- } else if (bss_conf->enable_beacon) { +- cur_conf->enable_beacon = true; +- ath9k_cache_beacon_config(sc, bss_conf); ++ bool enabled = cur_conf->enable_beacon; ++ ++ if (!bss_conf->enable_beacon) { ++ cur_conf->enable_beacon &= ~BIT(avp->av_bslot); ++ } else { ++ cur_conf->enable_beacon |= BIT(avp->av_bslot); ++ if (!enabled) ++ ath9k_cache_beacon_config(sc, bss_conf); + } + } + +--- a/drivers/net/wireless/ath/ath9k/common.h ++++ b/drivers/net/wireless/ath/ath9k/common.h +@@ -53,7 +53,7 @@ struct ath_beacon_config { + u16 dtim_period; + u16 bmiss_timeout; + u8 dtim_count; +- bool enable_beacon; ++ u8 enable_beacon; + bool ibss_creator; + u32 nexttbtt; + u32 intval; diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index b5f5ad7..2ef0b96 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl -PKG_VERSION:=1.0.2 -PKG_RELEASE:=2 +PKG_VERSION:=1.0.2d +PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_BUILD_PARALLEL:=1 @@ -18,7 +18,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.openssl.org/source/ \ ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_MD5SUM:=38373013fc85c790aabf8837969c5eba +PKG_MD5SUM:=38dd619b2e77cbac69b99f52a053d25a PKG_LICENSE:=SSLEAY OPENSSL PKG_LICENSE_FILES:=LICENSE diff --git a/package/libs/openssl/patches/110-optimize-for-size.patch b/package/libs/openssl/patches/110-optimize-for-size.patch index cf173fc..0a0e59a 100644 --- a/package/libs/openssl/patches/110-optimize-for-size.patch +++ b/package/libs/openssl/patches/110-optimize-for-size.patch @@ -1,13 +1,15 @@ --- a/Configure +++ b/Configure -@@ -443,6 +443,10 @@ my %table=( - "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +@@ -460,6 +460,12 @@ my %table=( + "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +# OpenWrt targets ++"linux-armv4-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-x86_64-openwrt", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-generic-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + - # Android: linux-* but without -DTERMIO and pointers to headers and libs. + # Android: linux-* but without pointers to headers and libs. "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch index 89af381..e0c80e4 100644 --- a/package/libs/openssl/patches/150-no_engines.patch +++ b/package/libs/openssl/patches/150-no_engines.patch @@ -1,6 +1,6 @@ --- a/Configure +++ b/Configure -@@ -2074,6 +2074,11 @@ EOF +@@ -2103,6 +2103,11 @@ EOF close(OUT); } @@ -14,7 +14,7 @@ Configured for $target. --- a/util/libeay.num +++ b/util/libeay.num -@@ -2072,7 +2072,6 @@ PKCS7_ATTR_SIGN_it +@@ -2073,7 +2073,6 @@ PKCS7_ATTR_SIGN_it UI_add_error_string 2633 EXIST::FUNCTION: KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: @@ -22,7 +22,7 @@ ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -@@ -2546,7 +2545,6 @@ OCSP_RESPONSE_new +@@ -2547,7 +2546,6 @@ OCSP_RESPONSE_new AES_set_encrypt_key 3024 EXIST::FUNCTION:AES OCSP_resp_count 3025 EXIST::FUNCTION: KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: @@ -30,7 +30,7 @@ OCSP_onereq_get0_id 3028 EXIST::FUNCTION: ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -@@ -2577,7 +2575,6 @@ ASN1_primitive_free +@@ -2578,7 +2576,6 @@ ASN1_primitive_free i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: asn1_enc_save 3054 EXIST::FUNCTION: @@ -38,7 +38,7 @@ _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -@@ -2601,7 +2598,6 @@ asn1_get_choice_selector +@@ -2602,7 +2599,6 @@ asn1_get_choice_selector i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE AES_options 3074 EXIST::FUNCTION:AES @@ -46,7 +46,7 @@ OCSP_id_cmp 3076 EXIST::FUNCTION: OCSP_BASICRESP_new 3077 EXIST::FUNCTION: OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: -@@ -2668,7 +2664,6 @@ OCSP_CRLID_it +@@ -2669,7 +2665,6 @@ OCSP_CRLID_it OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: @@ -54,7 +54,7 @@ X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -@@ -2763,8 +2758,6 @@ DES_read_2passwords +@@ -2764,8 +2759,6 @@ DES_read_2passwords DES_read_password 3207 EXIST::FUNCTION:DES UI_UTIL_read_pw 3208 EXIST::FUNCTION: UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: @@ -63,7 +63,7 @@ OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: -@@ -2773,7 +2766,6 @@ OPENSSL_load_builtin_modules +@@ -2774,7 +2767,6 @@ OPENSSL_load_builtin_modules AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES @@ -71,7 +71,7 @@ _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES -@@ -3108,7 +3100,6 @@ EC_GFp_nist_method +@@ -3109,7 +3101,6 @@ EC_GFp_nist_method STORE_meth_set_modify_fn 3530 NOEXIST::FUNCTION: STORE_method_set_modify_function 3530 NOEXIST::FUNCTION: STORE_parse_attrs_next 3531 NOEXIST::FUNCTION: diff --git a/package/libs/openssl/patches/160-disable_doc_tests.patch b/package/libs/openssl/patches/160-disable_doc_tests.patch index e31ffa5..f7c09b6 100644 --- a/package/libs/openssl/patches/160-disable_doc_tests.patch +++ b/package/libs/openssl/patches/160-disable_doc_tests.patch @@ -27,16 +27,16 @@ WDIRS= windows LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) -@@ -271,7 +271,7 @@ reflect: - @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) +@@ -272,7 +272,7 @@ reflect: sub_all: build_all + -build_all: build_libs build_apps build_tests build_tools +build_all: build_libs build_apps build_tools - build_libs: build_crypto build_ssl build_engines + build_libs: build_libcrypto build_libssl openssl.pc -@@ -538,7 +538,7 @@ dist: +@@ -529,7 +529,7 @@ dist: dist_pem_h: (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) @@ -47,7 +47,7 @@ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ --- a/Makefile.org +++ b/Makefile.org -@@ -536,7 +536,7 @@ dist: +@@ -527,7 +527,7 @@ dist: dist_pem_h: (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) diff --git a/package/libs/openssl/patches/190-remove_timestamp_check.patch b/package/libs/openssl/patches/190-remove_timestamp_check.patch index 86b17d0..acf97bc 100644 --- a/package/libs/openssl/patches/190-remove_timestamp_check.patch +++ b/package/libs/openssl/patches/190-remove_timestamp_check.patch @@ -4,12 +4,12 @@ EXHEADER= e_os2.h HEADER= e_os.h --all: Makefile build_all openssl.pc libssl.pc libcrypto.pc -+all: build_all openssl.pc libssl.pc libcrypto.pc +-all: Makefile build_all ++all: build_all # as we stick to -e, CLEARENV ensures that local variables in lower # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn -@@ -395,11 +395,6 @@ openssl.pc: Makefile +@@ -399,11 +399,6 @@ openssl.pc: Makefile echo 'Version: '$(VERSION); \ echo 'Requires: libssl libcrypto' ) > openssl.pc diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/200-parallel_build.patch index 0416eab..c3fc3f3 100644 --- a/package/libs/openssl/patches/200-parallel_build.patch +++ b/package/libs/openssl/patches/200-parallel_build.patch @@ -1,36 +1,31 @@ --- a/Makefile.org +++ b/Makefile.org -@@ -274,17 +274,17 @@ build_all: build_libs build_apps build_t - build_libs: build_crypto build_ssl build_engines +@@ -278,17 +278,17 @@ build_libcrypto: build_crypto build_engi + build_libssl: build_ssl libssl.pc build_crypto: - @dir=crypto; target=all; $(BUILD_ONE_CMD) --build_ssl: -- @dir=ssl; target=all; $(BUILD_ONE_CMD) --build_engines: -- @dir=engines; target=all; $(BUILD_ONE_CMD) --build_apps: -- @dir=apps; target=all; $(BUILD_ONE_CMD) --build_tests: -- @dir=test; target=all; $(BUILD_ONE_CMD) --build_tools: -- @dir=tools; target=all; $(BUILD_ONE_CMD) + +@dir=crypto; target=all; $(BUILD_ONE_CMD) -+build_ssl: build_crypto + build_ssl: build_crypto +- @dir=ssl; target=all; $(BUILD_ONE_CMD) + +@dir=ssl; target=all; $(BUILD_ONE_CMD) -+build_engines: build_crypto + build_engines: build_crypto +- @dir=engines; target=all; $(BUILD_ONE_CMD) + +@dir=engines; target=all; $(BUILD_ONE_CMD) -+build_apps: build_libs + build_apps: build_libs +- @dir=apps; target=all; $(BUILD_ONE_CMD) + +@dir=apps; target=all; $(BUILD_ONE_CMD) -+build_tests: build_libs + build_tests: build_libs +- @dir=test; target=all; $(BUILD_ONE_CMD) + +@dir=test; target=all; $(BUILD_ONE_CMD) -+build_tools: build_libs + build_tools: build_libs +- @dir=tools; target=all; $(BUILD_ONE_CMD) + +@dir=tools; target=all; $(BUILD_ONE_CMD) all_testapps: build_libs build_testapps build_testapps: -@@ -453,7 +453,7 @@ report: - @$(PERL) util/selftest.pl +@@ -460,7 +460,7 @@ update: errors stacks util/libeay.num ut + @set -e; target=update; $(RECURSIVE_BUILD_CMD) depend: - @set -e; target=depend; $(RECURSIVE_BUILD_CMD) @@ -38,7 +33,7 @@ lint: @set -e; target=lint; $(RECURSIVE_BUILD_CMD) -@@ -531,9 +531,9 @@ dist: +@@ -522,9 +522,9 @@ dist: dist_pem_h: (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) @@ -50,7 +45,7 @@ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -542,12 +542,19 @@ install_sw: +@@ -533,12 +533,19 @@ install_sw: $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ $(INSTALL_PREFIX)$(OPENSSLDIR)/private @@ -71,7 +66,7 @@ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ do \ if [ -f "$$i" ]; then \ -@@ -631,12 +638,7 @@ install_html_docs: +@@ -622,12 +629,7 @@ install_html_docs: done; \ done @@ -169,7 +164,7 @@ ctags $(SRC) --- a/test/Makefile +++ b/test/Makefile -@@ -132,7 +132,7 @@ install: +@@ -134,7 +134,7 @@ install: tags: ctags $(SRC) @@ -178,152 +173,7 @@ apps: @(cd ..; $(MAKE) DIRS=apps all) -@@ -398,109 +398,109 @@ BUILD_CMD_STATIC=shlib_target=; \ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(FIPS_BUILD_CMD) -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) -- @target=$(SRPTEST); $(BUILD_CMD) -+ +@target=$(SRPTEST); $(BUILD_CMD) - - $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO) - @target=$(V3NAMETEST); $(BUILD_CMD) -@@ -522,7 +522,7 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMET +@@ -538,7 +538,7 @@ $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEX # fi dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) diff --git a/package/libs/openssl/patches/210-termios_fix.patch b/package/libs/openssl/patches/210-termios_fix.patch deleted file mode 100644 index 957c5cf..0000000 --- a/package/libs/openssl/patches/210-termios_fix.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/crypto/ui/ui_openssl.c -+++ b/crypto/ui/ui_openssl.c -@@ -194,7 +194,7 @@ - # undef SGTTY - #endif - --#if defined(linux) && !defined(TERMIO) -+#if defined(linux) && !defined(TERMIO) && !defined(TERMIOS) - # undef TERMIOS - # define TERMIO - # undef SGTTY diff --git a/package/libs/openssl/patches/220-fix-no-ec-build.patch b/package/libs/openssl/patches/220-fix-no-ec-build.patch deleted file mode 100644 index 44ec50e..0000000 --- a/package/libs/openssl/patches/220-fix-no-ec-build.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -113,9 +113,11 @@ - #include - #include - #include -+#ifndef OPENSSL_NO_EC - #ifdef OPENSSL_NO_EC2M - # include - #endif -+#endif - #include - #include - #include "ssl_locl.h" diff --git a/package/libs/uclibc++/Makefile b/package/libs/uclibc++/Makefile index 38e8a99..f855cd2 100644 --- a/package/libs/uclibc++/Makefile +++ b/package/libs/uclibc++/Makefile @@ -74,8 +74,9 @@ define Build/InstallDev $(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/g++-uc $(TOOLCHAIN_DIR)/bin/ $(CP) $(PKG_INSTALL_DIR)/include/* $(1)/usr/include/uClibc++/ $(CP) $(PKG_INSTALL_DIR)/lib/libuClibc++*.{a,so}* $(1)/usr/lib/ - $(SED) 's|-I/include/|-I$(STAGING_DIR)/usr/include/uClibc++/|g' $(TOOLCHAIN_DIR)/bin/g++-uc - $(SED) 's|-L/lib/|-L$(STAGING_DIR)/usr/lib/|g' $(TOOLCHAIN_DIR)/bin/g++-uc + $(SED) 's!\(^\|[[:space:]]\)-[IL]$(TOOLCHAIN_DIR)/[^[:space:]]*!!g' $(TOOLCHAIN_DIR)/bin/g++-uc + $(SED) 's|-I/include/|-I$$$${STAGING_DIR:-$(STAGING_DIR)}/usr/include/uClibc++/|g' $(TOOLCHAIN_DIR)/bin/g++-uc + $(SED) 's|-L/lib/|-L$$$${STAGING_DIR:-$(STAGING_DIR)}/lib/|g' $(TOOLCHAIN_DIR)/bin/g++-uc # add another wrapper which links against both uClibc++ and libstdc++ $(INSTALL_BIN) $(TOOLCHAIN_DIR)/bin/g++-uc $(TOOLCHAIN_DIR)/bin/g++-uc+std $(SED) 's|^WRAPPER_INCLUDEDIR=.*||g' $(TOOLCHAIN_DIR)/bin/g++-uc+std diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 7237c65..788fd11 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd PKG_VERSION:=2014-06-03.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_REV:=84df167554569af8c87f0a8ac1fb508192417d8e PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 diff --git a/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch b/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch new file mode 100644 index 0000000..bc4d60f --- /dev/null +++ b/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch @@ -0,0 +1,36 @@ +From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Wed, 29 Apr 2015 02:21:53 +0300 +Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser + +The length of the WMM Action frame was not properly validated and the +length of the information elements (int left) could end up being +negative. This would result in reading significantly past the stack +buffer while parsing the IEs in ieee802_11_parse_elems() and while doing +so, resulting in segmentation fault. + +This can result in an invalid frame being used for a denial of service +attack (hostapd process killed) against an AP with a driver that uses +hostapd for management frame processing (e.g., all mac80211-based +drivers). + +Thanks to Kostya Kortchinsky of Google security team for discovering and +reporting this issue. + +Signed-off-by: Jouni Malinen +--- + src/ap/wmm.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/src/ap/wmm.c ++++ b/src/ap/wmm.c +@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_d + return; + } + ++ if (left < 0) ++ return; /* not a valid WMM Action frame */ ++ + /* extract the tspec info element */ + if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) { + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, diff --git a/package/network/services/samba36/Makefile b/package/network/services/samba36/Makefile index 7f171ff..344909f 100644 --- a/package/network/services/samba36/Makefile +++ b/package/network/services/samba36/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=samba -PKG_VERSION:=3.6.24 +PKG_VERSION:=3.6.25 PKG_RELEASE:=1 PKG_SOURCE_URL:=http://ftp.samba.org/pub/samba \ http://ftp.samba.org/pub/samba/stable PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_MD5SUM:=d98425c0c2b73e08f048d31ffc727fb0 +PKG_MD5SUM:=76da2fa64edd94a0188531e7ecb27c4e PKG_LICENSE:=GPLv3 PKG_LICENSE_FILES:=COPYING diff --git a/package/system/fstools/Makefile b/package/system/fstools/Makefile index 9b4ec51..99bcb1b 100644 --- a/package/system/fstools/Makefile +++ b/package/system/fstools/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2014 OpenWrt.org +# Copyright (C) 2014-2015 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fstools -PKG_VERSION:=2014-06-22 +PKG_VERSION:=2015-02-25.1 PKG_RELEASE=$(PKG_SOURCE_VERSION) PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=git://nbd.name/fstools.git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) -PKG_SOURCE_VERSION:=e0430f5c62f367e5a8e02755412977b02c3fc45e +PKG_SOURCE_VERSION:=914b023e71559e033ec5a1f9840511eb1ccaf386 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz CMAKE_INSTALL:=1 PKG_CHECK_FORMAT_SECURITY:=0 @@ -31,12 +31,24 @@ include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk TARGET_LDFLAGS += $(if $(CONFIG_USE_EGLIBC),-lrt) +CMAKE_OPTIONS += $(if $(CONFIG_FSTOOLS_UBIFS_EXTROOT),-DCMAKE_UBIFS_EXTROOT=y) define Package/fstools SECTION:=base CATEGORY:=Base system DEPENDS:=+ubox +USE_EGLIBC:librt +NAND_SUPPORT:ubi-utils TITLE:=OpenWrt filesystem tools + MENU:=1 +endef + +define Package/fstools/config + config FSTOOLS_UBIFS_EXTROOT + depends on PACKAGE_fstools + depends on NAND_SUPPORT + bool "Support extroot functionality with UBIFS" + default y + help + This option makes it possible to use extroot functionality if the root filesystem resides on an UBIFS partition endef define Package/block-mount diff --git a/package/system/fstools/files/fstab.default b/package/system/fstools/files/fstab.default index dd4ba1c..2331e0c 100644 --- a/package/system/fstools/files/fstab.default +++ b/package/system/fstools/files/fstab.default @@ -1 +1,2 @@ [ ! -f /etc/config/fstab ] && ( block detect > /etc/config/fstab ) +exit 0 diff --git a/package/system/opkg/Makefile b/package/system/opkg/Makefile index 8a63fb4..6dd3f31 100644 --- a/package/system/opkg/Makefile +++ b/package/system/opkg/Makefile @@ -113,7 +113,7 @@ define Package/opkg/Default/install done ifneq ($(CONFIG_PER_FEED_REPO_ADD_DISABLED),) for d in $(FEEDS_DISABLED); do \ - echo "# src/gz %n_$$$$d %U/$$$$d" >> $(1)/etc/opkg.conf; \ + echo "$(if $(CONFIG_PER_FEED_REPO_ADD_COMMENTED),# )src/gz %n_$$$$d %U/$$$$d" >> $(1)/etc/opkg.conf; \ done endif endif diff --git a/package/system/ubox/Makefile b/package/system/ubox/Makefile index 3214197..2d7ed29 100644 --- a/package/system/ubox/Makefile +++ b/package/system/ubox/Makefile @@ -1,13 +1,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ubox -PKG_VERSION:=2014-09-16 +PKG_VERSION:=2015-02-25.1 PKG_RELEASE=$(PKG_SOURCE_VERSION) PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=git://nbd.name/luci2/ubox.git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) -PKG_SOURCE_VERSION:=5c45b560bc8c9e13682269ed963a8a4a65959518 +PKG_SOURCE_VERSION:=31f0ff358b360ee461d845c1b3b5e5d38fa27925 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz CMAKE_INSTALL:=1 PKG_CHECK_FORMAT_SECURITY:=0 diff --git a/package/system/ubox/patches/100-insmod-segfault.patch b/package/system/ubox/patches/100-insmod-segfault.patch new file mode 100644 index 0000000..df010d1 --- /dev/null +++ b/package/system/ubox/patches/100-insmod-segfault.patch @@ -0,0 +1,12 @@ +--- a/kmodloader.c ++++ b/kmodloader.c +@@ -605,6 +605,9 @@ static int main_insmod(int argc, char ** + cur += sprintf(cur, "%s", argv[i]); + } + ++ if (init_module_folders()) ++ return -1; ++ + if (get_module_path(argv[1])) { + name = argv[1]; + } else if (!get_module_path(name)) { diff --git a/target/linux/ar71xx/base-files/lib/ar71xx.sh b/target/linux/ar71xx/base-files/lib/ar71xx.sh index 9b53d93..62fd8c8 100755 --- a/target/linux/ar71xx/base-files/lib/ar71xx.sh +++ b/target/linux/ar71xx/base-files/lib/ar71xx.sh @@ -646,7 +646,7 @@ ar71xx_board_detect() { *"TL-MR11U") name="tl-mr11u" ;; - *"TL-MR13U") + *"TL-MR13U v1") name="tl-mr13u" ;; *"Tube2H") diff --git a/target/linux/ar71xx/files/arch/mips/ath79/mach-tl-mr13u.c b/target/linux/ar71xx/files/arch/mips/ath79/mach-tl-mr13u.c index 8b03645..84b6937 100644 --- a/target/linux/ar71xx/files/arch/mips/ath79/mach-tl-mr13u.c +++ b/target/linux/ar71xx/files/arch/mips/ath79/mach-tl-mr13u.c @@ -45,7 +45,7 @@ static struct gpio_led tl_mr13u_leds_gpio[] __initdata = { { .name = "tp-link:blue:system", .gpio = TL_MR13U_GPIO_LED_SYSTEM, - .active_low = 1, + .active_low = 0, }, }; diff --git a/target/linux/generic/patches-3.10/617-netfilter_skip_filter_sysctl.patch b/target/linux/generic/patches-3.10/617-netfilter_skip_filter_sysctl.patch deleted file mode 100644 index a570834..0000000 --- a/target/linux/generic/patches-3.10/617-netfilter_skip_filter_sysctl.patch +++ /dev/null @@ -1,87 +0,0 @@ ---- a/include/net/netns/conntrack.h -+++ b/include/net/netns/conntrack.h -@@ -80,6 +80,7 @@ struct netns_ct { - int sysctl_acct; - int sysctl_tstamp; - int sysctl_checksum; -+ int skip_filter; - unsigned int sysctl_log_invalid; /* Log invalid packets */ - int sysctl_auto_assign_helper; - bool auto_assign_helper_warned; ---- a/net/ipv4/netfilter/iptable_filter.c -+++ b/net/ipv4/netfilter/iptable_filter.c -@@ -15,6 +15,7 @@ - #include - #include - #include -+#include - - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Netfilter Core Team "); -@@ -37,6 +38,7 @@ iptable_filter_hook(unsigned int hook, s - const struct net_device *in, const struct net_device *out, - int (*okfn)(struct sk_buff *)) - { -+ enum ip_conntrack_info ctinfo; - const struct net *net; - - if (hook == NF_INET_LOCAL_OUT && -@@ -46,6 +48,11 @@ iptable_filter_hook(unsigned int hook, s - return NF_ACCEPT; - - net = dev_net((in != NULL) ? in : out); -+ nf_ct_get(skb, &ctinfo); -+ if ((ctinfo == IP_CT_ESTABLISHED_REPLY || ctinfo == IP_CT_ESTABLISHED) && -+ net->ct.skip_filter) -+ return NF_ACCEPT; -+ - return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_filter); - } - ---- a/net/ipv6/netfilter/ip6table_filter.c -+++ b/net/ipv6/netfilter/ip6table_filter.c -@@ -13,6 +13,7 @@ - #include - #include - #include -+#include - - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Netfilter Core Team "); -@@ -37,6 +38,12 @@ ip6table_filter_hook(unsigned int hook, - int (*okfn)(struct sk_buff *)) - { - const struct net *net = dev_net((in != NULL) ? in : out); -+ enum ip_conntrack_info ctinfo; -+ -+ nf_ct_get(skb, &ctinfo); -+ if ((ctinfo == IP_CT_ESTABLISHED_REPLY || ctinfo == IP_CT_ESTABLISHED) && -+ net->ct.skip_filter) -+ return NF_ACCEPT; - - return ip6t_do_table(skb, hook, in, out, net->ipv6.ip6table_filter); - } ---- a/net/netfilter/nf_conntrack_standalone.c -+++ b/net/netfilter/nf_conntrack_standalone.c -@@ -477,6 +477,13 @@ static ctl_table nf_ct_sysctl_table[] = - .extra2 = &log_invalid_proto_max, - }, - { -+ .procname = "nf_conntrack_skip_filter", -+ .data = &init_net.ct.skip_filter, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec, -+ }, -+ { - .procname = "nf_conntrack_expect_max", - .data = &nf_ct_expect_max, - .maxlen = sizeof(int), -@@ -512,6 +519,7 @@ static int nf_conntrack_standalone_init_ - table[2].data = &net->ct.htable_size; - table[3].data = &net->ct.sysctl_checksum; - table[4].data = &net->ct.sysctl_log_invalid; -+ table[5].data = &net->ct.skip_filter; - - /* Don't export sysctls to unprivileged users */ - if (net->user_ns != &init_user_ns) diff --git a/target/linux/ramips/base-files/etc/diag.sh b/target/linux/ramips/base-files/etc/diag.sh index bd3779a..74b8867 100755 --- a/target/linux/ramips/base-files/etc/diag.sh +++ b/target/linux/ramips/base-files/etc/diag.sh @@ -73,9 +73,7 @@ get_status_led() { m4) status_led="m4:blue:status" ;; - mlw221) - status_led="kingston:blue:status" - ;; + mlw221|\ mlwg2) status_led="kingston:blue:system" ;; diff --git a/target/linux/ramips/base-files/etc/uci-defaults/01_leds b/target/linux/ramips/base-files/etc/uci-defaults/01_leds index f5b5b01..5d6ed2b 100755 --- a/target/linux/ramips/base-files/etc/uci-defaults/01_leds +++ b/target/linux/ramips/base-files/etc/uci-defaults/01_leds @@ -113,10 +113,7 @@ case $board in hw550-3g) set_usb_led "hw550-3g:green:usb" ;; - mlw221) - set_wifi_led "kingston:blue:wifi" - ucidef_set_led_default "system" "system" "kingston:blue:system" "1" - ;; + mlw221|\ mlwg2) set_wifi_led "kingston:blue:wifi" ucidef_set_led_default "system" "system" "kingston:blue:system" "1" diff --git a/target/linux/ramips/base-files/etc/uci-defaults/02_network b/target/linux/ramips/base-files/etc/uci-defaults/02_network index 91bedcc..c3ea489 100755 --- a/target/linux/ramips/base-files/etc/uci-defaults/02_network +++ b/target/linux/ramips/base-files/etc/uci-defaults/02_network @@ -55,10 +55,7 @@ ramips_setup_interfaces() ucidef_set_interface_lan "eth0.2" ;; - mlwg2) - ucidef_set_interface_lan "eth0.1" - ;; - + mlwg2 | \ wl-330n | \ wmr300) ucidef_set_interface_lan "eth0.1" diff --git a/target/linux/ramips/dts/MLW221.dts b/target/linux/ramips/dts/MLW221.dts index f220e97..83467dc 100644 --- a/target/linux/ramips/dts/MLW221.dts +++ b/target/linux/ramips/dts/MLW221.dts @@ -3,117 +3,117 @@ /include/ "mt7620n.dtsi" / { - compatible = "mlw221", "ralink,mt7620n-soc"; - model = "Kingston MLW221"; + compatible = "mlw221", "ralink,mt7620n-soc"; + model = "Kingston MLW221"; - palmbus@10000000 { - gpio0: gpio@600 { - status = "okay"; - }; + palmbus@10000000 { + gpio0: gpio@600 { + status = "okay"; + }; - gpio2: gpio@660 { - status = "okay"; - }; + gpio2: gpio@660 { + status = "okay"; + }; - gpio3: gpio@688 { - status = "okay"; - }; + gpio3: gpio@688 { + status = "okay"; + }; - spi@b00 { - status = "okay"; + spi@b00 { + status = "okay"; - m25p80@0 { - #address-cells = <1>; - #size-cells = <1>; - compatible = "s25fl129p1"; - reg = <0 0>; - linux,modalias = "m25p80", "s25fl129p1"; - spi-max-frequency = <10000000>; + m25p80@0 { + #address-cells = <1>; + #size-cells = <1>; + compatible = "s25fl129p1"; + reg = <0 0>; + linux,modalias = "m25p80", "s25fl129p1"; + spi-max-frequency = <10000000>; - partition@0 { - label = "u-boot"; - reg = <0x0 0x30000>; - read-only; - }; + partition@0 { + label = "u-boot"; + reg = <0x0 0x30000>; + read-only; + }; - partition@30000 { - label = "u-boot-env"; - reg = <0x30000 0x10000>; - read-only; - }; + partition@30000 { + label = "u-boot-env"; + reg = <0x30000 0x10000>; + read-only; + }; - factory: partition@40000 { - label = "factory"; - reg = <0x40000 0x10000>; - read-only; - }; + factory: partition@40000 { + label = "factory"; + reg = <0x40000 0x10000>; + read-only; + }; - partition@50000 { - label = "firmware"; - reg = <0x50000 0xf60000>; - }; + partition@50000 { + label = "firmware"; + reg = <0x50000 0xf60000>; + }; - partition@fb0000 { - label = "user-config"; - reg = <0xfb0000 0x50000>; + partition@fb0000 { + label = "user-config"; + reg = <0xfb0000 0x50000>; - }; - }; - }; - }; + }; + }; + }; + }; - ehci@101c0000 { - status = "okay"; - }; + ehci@101c0000 { + status = "okay"; + }; - ohci@101c1000 { - status = "okay"; - }; + ohci@101c1000 { + status = "okay"; + }; - ethernet@10100000 { - mtd-mac-address = <&factory 0x4>; - ralink,port-map = "wllll"; - }; + ethernet@10100000 { + mtd-mac-address = <&factory 0x4>; + ralink,port-map = "wllll"; + }; - wmac@10180000 { - ralink,mtd-eeprom = <&factory 0>; - }; + wmac@10180000 { + ralink,mtd-eeprom = <&factory 0>; + }; - pinctrl { - state_default: pinctrl0 { - default { - ralink,group = "i2c", "ephy", "wled"; - ralink,function = "gpio"; - }; - }; - }; + pinctrl { + state_default: pinctrl0 { + default { + ralink,group = "i2c", "ephy", "wled"; + ralink,function = "gpio"; + }; + }; + }; - gpio-leds { - compatible = "gpio-leds"; - system { - label = "kingston:blue:system"; - gpios = <&gpio2 3 1>; - }; - wifi { - label = "kingston:blue:wifi"; - gpios = <&gpio3 0 1>; - }; - }; + gpio-leds { + compatible = "gpio-leds"; + system { + label = "kingston:blue:system"; + gpios = <&gpio2 3 1>; + }; + wifi { + label = "kingston:blue:wifi"; + gpios = <&gpio3 0 1>; + }; + }; - gpio-keys-polled { - compatible = "gpio-keys-polled"; - #address-cells = <1>; - #size-cells = <0>; - poll-interval = <20>; - reset { - label = "reset"; - gpios = <&gpio0 1 1>; - linux,code = <0x198>; - }; - system { - label = "system"; - gpios = <&gpio0 2 1>; - linux,code = <0x211>; - }; - }; + gpio-keys-polled { + compatible = "gpio-keys-polled"; + #address-cells = <1>; + #size-cells = <0>; + poll-interval = <20>; + reset { + label = "reset"; + gpios = <&gpio0 1 1>; + linux,code = <0x198>; + }; + system { + label = "system"; + gpios = <&gpio0 2 1>; + linux,code = <0x211>; + }; + }; };