From 4ae7fc39a54d873d99217fbefba5b83a35c4e52c Mon Sep 17 00:00:00 2001
From: blogic <blogic@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Wed, 11 Feb 2015 05:55:18 +0000
Subject: [PATCH 01/17] BB:ramips:Kingston MLW221 cleanup

MLW221 dts use tabs NOT spaces.
Cleanup uci-defaults and diag.sh

Signed-off-by: L. D. Pinney <ldpinney@gmail.com>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44382 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 target/linux/ramips/base-files/etc/diag.sh    |   4 +-
 .../base-files/etc/uci-defaults/01_leds       |   5 +-
 .../base-files/etc/uci-defaults/02_network    |   5 +-
 target/linux/ramips/dts/MLW221.dts            | 190 +++++++++---------
 4 files changed, 98 insertions(+), 106 deletions(-)

diff --git a/target/linux/ramips/base-files/etc/diag.sh b/target/linux/ramips/base-files/etc/diag.sh
index bd3779a..74b8867 100755
--- a/target/linux/ramips/base-files/etc/diag.sh
+++ b/target/linux/ramips/base-files/etc/diag.sh
@@ -73,9 +73,7 @@ get_status_led() {
 	m4)
 		status_led="m4:blue:status"
 		;;
-	mlw221)
-		status_led="kingston:blue:status"
-		;;
+	mlw221|\
 	mlwg2)
 		status_led="kingston:blue:system"
 		;;
diff --git a/target/linux/ramips/base-files/etc/uci-defaults/01_leds b/target/linux/ramips/base-files/etc/uci-defaults/01_leds
index f5b5b01..5d6ed2b 100755
--- a/target/linux/ramips/base-files/etc/uci-defaults/01_leds
+++ b/target/linux/ramips/base-files/etc/uci-defaults/01_leds
@@ -113,10 +113,7 @@ case $board in
 	hw550-3g)
 		set_usb_led "hw550-3g:green:usb"
 		;;
-	mlw221)
-		set_wifi_led "kingston:blue:wifi"
-		ucidef_set_led_default "system" "system" "kingston:blue:system" "1"
-		;;
+	mlw221|\
 	mlwg2)
 		set_wifi_led "kingston:blue:wifi"
 		ucidef_set_led_default "system" "system" "kingston:blue:system" "1"
diff --git a/target/linux/ramips/base-files/etc/uci-defaults/02_network b/target/linux/ramips/base-files/etc/uci-defaults/02_network
index 91bedcc..c3ea489 100755
--- a/target/linux/ramips/base-files/etc/uci-defaults/02_network
+++ b/target/linux/ramips/base-files/etc/uci-defaults/02_network
@@ -55,10 +55,7 @@ ramips_setup_interfaces()
                 ucidef_set_interface_lan "eth0.2"
                 ;;
 
-	mlwg2)
-                ucidef_set_interface_lan "eth0.1"
-                ;;
-
+	mlwg2 | \
 	wl-330n | \
 	wmr300)
 		ucidef_set_interface_lan "eth0.1"
diff --git a/target/linux/ramips/dts/MLW221.dts b/target/linux/ramips/dts/MLW221.dts
index f220e97..83467dc 100644
--- a/target/linux/ramips/dts/MLW221.dts
+++ b/target/linux/ramips/dts/MLW221.dts
@@ -3,117 +3,117 @@
 /include/ "mt7620n.dtsi"
 
 / {
-       compatible = "mlw221", "ralink,mt7620n-soc";
-       model = "Kingston MLW221";
+	compatible = "mlw221", "ralink,mt7620n-soc";
+	model = "Kingston MLW221";
 
-       palmbus@10000000 {
-               gpio0: gpio@600 {
-               status = "okay";
-               };
+	palmbus@10000000 {
+		gpio0: gpio@600 {
+			status = "okay";
+		};
 
-               gpio2: gpio@660 {
-                       status = "okay";
-               };
+		gpio2: gpio@660 {
+			status = "okay";
+		};
 
-               gpio3: gpio@688 {
-                       status = "okay";
-               };
+		gpio3: gpio@688 {
+			status = "okay";
+		};
 
-               spi@b00 {
-                       status = "okay";
+		spi@b00 {
+			status = "okay";
 
-                       m25p80@0 {
-                               #address-cells = <1>;
-                               #size-cells = <1>;
-                               compatible = "s25fl129p1";
-                               reg = <0 0>;
-                               linux,modalias = "m25p80", "s25fl129p1";
-                               spi-max-frequency = <10000000>;
+			m25p80@0 {
+				#address-cells = <1>;
+				#size-cells = <1>;
+				compatible = "s25fl129p1";
+				reg = <0 0>;
+				linux,modalias = "m25p80", "s25fl129p1";
+				spi-max-frequency = <10000000>;
 
-                               partition@0 {
-                                       label = "u-boot";
-                                       reg = <0x0 0x30000>;
-                                       read-only;
-                               };
+				partition@0 {
+					label = "u-boot";
+					reg = <0x0 0x30000>;
+					read-only;
+				};
 
-                               partition@30000 {
-                                       label = "u-boot-env";
-                                       reg = <0x30000 0x10000>;
-                                       read-only;
-                               };
+				partition@30000 {
+					label = "u-boot-env";
+					reg = <0x30000 0x10000>;
+					read-only;
+				};
 
-                               factory: partition@40000 {
-                                       label = "factory";
-                                       reg = <0x40000 0x10000>;
-                                       read-only;
-                               };
+				factory: partition@40000 {
+					label = "factory";
+					reg = <0x40000 0x10000>;
+					read-only;
+				};
 
-                               partition@50000 {
-                                       label = "firmware";
-                                       reg = <0x50000 0xf60000>;
-                               };
+				partition@50000 {
+					label = "firmware";
+					reg = <0x50000 0xf60000>;
+				};
 
-                               partition@fb0000 {
-                                       label = "user-config";
-                                       reg = <0xfb0000 0x50000>;
+				partition@fb0000 {
+					label = "user-config";
+					reg = <0xfb0000 0x50000>;
 
-                               };
-                       };
-               };
-       };
+				};
+			};
+		};
+	};
 
-       ehci@101c0000 {
-               status = "okay";
-       };
+	ehci@101c0000 {
+		status = "okay";
+	};
 
-       ohci@101c1000 {
-               status = "okay";
-       };
+	ohci@101c1000 {
+		status = "okay";
+	};
 
-       ethernet@10100000 {
-               mtd-mac-address = <&factory 0x4>;
-               ralink,port-map = "wllll";
-       };
+	ethernet@10100000 {
+		mtd-mac-address = <&factory 0x4>;
+		ralink,port-map = "wllll";
+	};
 
-       wmac@10180000 {
-               ralink,mtd-eeprom = <&factory 0>;
-       };
+	wmac@10180000 {
+		ralink,mtd-eeprom = <&factory 0>;
+	};
 
-       pinctrl {
-               state_default: pinctrl0 {
-                       default {
-                               ralink,group = "i2c", "ephy", "wled";
-                               ralink,function = "gpio";
-                       };
-               };
-       };
+	pinctrl {
+		state_default: pinctrl0 {
+			default {
+				ralink,group = "i2c", "ephy", "wled";
+				ralink,function = "gpio";
+			};
+		};
+	};
 
-       gpio-leds {
-               compatible = "gpio-leds";
-               system {
-                       label = "kingston:blue:system";
-                       gpios = <&gpio2 3 1>;
-               };
-               wifi {
-                       label = "kingston:blue:wifi";
-                       gpios = <&gpio3 0 1>;
-               };
-       };
+	gpio-leds {
+		compatible = "gpio-leds";
+		system {
+			label = "kingston:blue:system";
+			gpios = <&gpio2 3 1>;
+		};
+		wifi {
+			label = "kingston:blue:wifi";
+			gpios = <&gpio3 0 1>;
+		};
+	};
 
-       gpio-keys-polled {
-               compatible = "gpio-keys-polled";
-               #address-cells = <1>;
-               #size-cells = <0>;
-               poll-interval = <20>;
-               reset {
-                       label = "reset";
-                       gpios = <&gpio0 1 1>;
-                       linux,code = <0x198>;
-               };
-               system {
-                       label = "system";
-                       gpios = <&gpio0 2 1>;
-                       linux,code = <0x211>;
-               };
-       };
+	gpio-keys-polled {
+		compatible = "gpio-keys-polled";
+		#address-cells = <1>;
+		#size-cells = <0>;
+		poll-interval = <20>;
+		reset {
+			label = "reset";
+			gpios = <&gpio0 1 1>;
+			linux,code = <0x198>;
+		};
+		system {
+			label = "system";
+			gpios = <&gpio0 2 1>;
+			linux,code = <0x211>;
+		};
+	};
 };

From edefd1ad4245e9aadf6d3b10434039c904dc574c Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Fri, 13 Feb 2015 11:59:16 +0000
Subject: [PATCH 02/17] BB: build: improve feed handling for opkg.conf

 - Consider not installed feeds as well
 - Add option to decide whether to comment disabled feeds

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42931

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44441 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 include/feeds.mk                   |  4 +++-
 package/base-files/image-config.in | 11 +++++++++--
 package/system/opkg/Makefile       |  2 +-
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/include/feeds.mk b/include/feeds.mk
index 97b1449..695b03b 100644
--- a/include/feeds.mk
+++ b/include/feeds.mk
@@ -10,10 +10,12 @@
 FEEDS_AVAILABLE:=$(shell $(SCRIPT_DIR)/feeds list -n)
 FEEDS_INSTALLED:=$(notdir $(wildcard $(TOPDIR)/package/feeds/*))
 FEEDS_ENABLED:=$(foreach feed,$(FEEDS_INSTALLED),$(if $(CONFIG_FEED_$(feed)),$(feed)))
-FEEDS_DISABLED:=$(filter-out $(FEEDS_ENABLED),$(FEEDS_INSTALLED))
+FEEDS_DISABLED:=$(filter-out $(FEEDS_ENABLED),$(FEEDS_AVAILABLE))
 
 PKG_CONFIG_DEPENDS += \
 	CONFIG_PER_FEED_REPO \
+	CONFIG_PER_FEED_REPO_ADD_DISABLED \
+	CONFIG_PER_FEED_REPO_ADD_COMMENTED \
 	$(foreach feed,$(FEEDS_INSTALLED),CONFIG_FEED_$(feed))
 
 # 1: package name
diff --git a/package/base-files/image-config.in b/package/base-files/image-config.in
index 67604cd..c679a5b 100644
--- a/package/base-files/image-config.in
+++ b/package/base-files/image-config.in
@@ -217,11 +217,18 @@ menuconfig PER_FEED_REPO
 		for the core packages and each enabled feed.
 
 	config PER_FEED_REPO_ADD_DISABLED
-		bool "Add installed but disabled feeds to opkg.conf"
+		bool "Add available but not enabled feeds to opkg.conf"
 		default y
 		depends on PER_FEED_REPO
 		help
-		  Add installed but disabled feeds as commented out source lines to opkg.conf.
+		  Add not installed or disabled feeds from feeds.conf to opkg.conf.
+
+	config PER_FEED_REPO_ADD_COMMENTED
+		bool "Comment out not enabled feeds"
+		default y
+		depends on PER_FEED_REPO && PER_FEED_REPO_ADD_DISABLED
+		help
+		  Add not enabled feeds as commented out source lines to opkg.conf.
 
 source "tmp/.config-feeds.in"
 
diff --git a/package/system/opkg/Makefile b/package/system/opkg/Makefile
index 8a63fb4..6dd3f31 100644
--- a/package/system/opkg/Makefile
+++ b/package/system/opkg/Makefile
@@ -113,7 +113,7 @@ define Package/opkg/Default/install
 	done
     ifneq ($(CONFIG_PER_FEED_REPO_ADD_DISABLED),)
 	for d in $(FEEDS_DISABLED); do \
-		echo "# src/gz %n_$$$$d %U/$$$$d" >> $(1)/etc/opkg.conf; \
+		echo "$(if $(CONFIG_PER_FEED_REPO_ADD_COMMENTED),# )src/gz %n_$$$$d %U/$$$$d" >> $(1)/etc/opkg.conf; \
 	done
     endif
   endif

From e0b8c83ec8f5220fd724ed346fd533c994739aa3 Mon Sep 17 00:00:00 2001
From: nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Tue, 24 Feb 2015 07:24:29 +0000
Subject: [PATCH 03/17] samba36: update to 3.6.25, fixes remote code execution
 bug (CVE-2015-0240)

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r44515

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44516 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/network/services/samba36/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/network/services/samba36/Makefile b/package/network/services/samba36/Makefile
index 7f171ff..344909f 100644
--- a/package/network/services/samba36/Makefile
+++ b/package/network/services/samba36/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=samba
-PKG_VERSION:=3.6.24
+PKG_VERSION:=3.6.25
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=http://ftp.samba.org/pub/samba \
 	http://ftp.samba.org/pub/samba/stable
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_MD5SUM:=d98425c0c2b73e08f048d31ffc727fb0
+PKG_MD5SUM:=76da2fa64edd94a0188531e7ecb27c4e
 
 PKG_LICENSE:=GPLv3
 PKG_LICENSE_FILES:=COPYING

From dfcbb3563e84652f387f66acaee8cd91780c9ab4 Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Wed, 25 Feb 2015 17:42:49 +0000
Subject: [PATCH 04/17] BB: ubox: kmodloader: support loading kmods from
 multiple directories

This is required during early boot in the extroot setup phase to support
loading kmods from the overlay that depend on kmods on the rom partition.

The subsequent mount_root updates will use the LD_LIBRARY_PATH env
variable to pass kmod directories to kmodloader.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42813, r44533

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44536 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/system/ubox/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/system/ubox/Makefile b/package/system/ubox/Makefile
index 3214197..471afd6 100644
--- a/package/system/ubox/Makefile
+++ b/package/system/ubox/Makefile
@@ -1,13 +1,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ubox
-PKG_VERSION:=2014-09-16
+PKG_VERSION:=2015-02-25
 PKG_RELEASE=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=git://nbd.name/luci2/ubox.git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=5c45b560bc8c9e13682269ed963a8a4a65959518
+PKG_SOURCE_VERSION:=31f0ff358b360ee461d845c1b3b5e5d38fa27925
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 CMAKE_INSTALL:=1
 PKG_CHECK_FORMAT_SECURITY:=0

From 8d49c6d438b6f6fa4701c43d8f57ead27717301a Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Wed, 25 Feb 2015 17:43:00 +0000
Subject: [PATCH 05/17] BB: fstools: cumulative backport

- Adds support for /dev/vd* virtual io
- Adds support for overlayfs v23
- Fixes overlayfs mount on 3.18
- Make the block tool ignore case when comparing uuid strings
- Fixes sysupgrade on linux 3.18
- Support extroot/ubi
- Allows using UBIFS volume as overlay and adds support for Btrfs
- Fix exit code of uci-defaults script
- Support external overlays on non-MTD systems again
- Account for new directory structure of overlayfs partitions (additional upper/ component)
- Support executing block from either overlay or rom
- Support loading fstab from either overlay or rom
- Log extroot failures to dmesg

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42812, r42890, r43090, r43368, r43480, r43485, r43717, r43868, r44180, r44535

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44537 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/system/fstools/Makefile            | 18 +++++++++++++++---
 package/system/fstools/files/fstab.default |  1 +
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/package/system/fstools/Makefile b/package/system/fstools/Makefile
index 9b4ec51..ffc7df7 100644
--- a/package/system/fstools/Makefile
+++ b/package/system/fstools/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2014 OpenWrt.org
+# Copyright (C) 2014-2015 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fstools
-PKG_VERSION:=2014-06-22
+PKG_VERSION:=2015-02-25
 
 PKG_RELEASE=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=git://nbd.name/fstools.git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=e0430f5c62f367e5a8e02755412977b02c3fc45e
+PKG_SOURCE_VERSION:=4b68e9f9ea894bf58d31e26ca5ed92c81b1a115e
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 CMAKE_INSTALL:=1
 PKG_CHECK_FORMAT_SECURITY:=0
@@ -31,12 +31,24 @@ include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
 
 TARGET_LDFLAGS += $(if $(CONFIG_USE_EGLIBC),-lrt)
+CMAKE_OPTIONS += $(if $(CONFIG_FSTOOLS_UBIFS_EXTROOT),-DCMAKE_UBIFS_EXTROOT=y)
 
 define Package/fstools
   SECTION:=base
   CATEGORY:=Base system
   DEPENDS:=+ubox +USE_EGLIBC:librt +NAND_SUPPORT:ubi-utils
   TITLE:=OpenWrt filesystem tools
+  MENU:=1
+endef
+
+define Package/fstools/config
+	config FSTOOLS_UBIFS_EXTROOT
+		depends on PACKAGE_fstools
+		depends on NAND_SUPPORT
+		bool "Support extroot functionality with UBIFS"
+		default y
+		help
+			This option makes it possible to use extroot functionality if the root filesystem resides on an UBIFS partition
 endef
 
 define Package/block-mount
diff --git a/package/system/fstools/files/fstab.default b/package/system/fstools/files/fstab.default
index dd4ba1c..2331e0c 100644
--- a/package/system/fstools/files/fstab.default
+++ b/package/system/fstools/files/fstab.default
@@ -1 +1,2 @@
 [ ! -f /etc/config/fstab ] && ( block detect > /etc/config/fstab )
+exit 0

From 11fa76da82d2289e2a15047f17d1a878b1e13a4c Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Wed, 25 Feb 2015 18:55:39 +0000
Subject: [PATCH 06/17] BB: fstools: fix build with enabled ubifs extroot
 support

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r44538

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44539 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/system/fstools/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/system/fstools/Makefile b/package/system/fstools/Makefile
index ffc7df7..99bcb1b 100644
--- a/package/system/fstools/Makefile
+++ b/package/system/fstools/Makefile
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fstools
-PKG_VERSION:=2015-02-25
+PKG_VERSION:=2015-02-25.1
 
 PKG_RELEASE=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=git://nbd.name/fstools.git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=4b68e9f9ea894bf58d31e26ca5ed92c81b1a115e
+PKG_SOURCE_VERSION:=914b023e71559e033ec5a1f9840511eb1ccaf386
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 CMAKE_INSTALL:=1
 PKG_CHECK_FORMAT_SECURITY:=0

From 878af3117f68c2f8d6b3d6582e50c6cef521f6f7 Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Thu, 26 Feb 2015 21:29:57 +0000
Subject: [PATCH 07/17] BB: ubox: fix segmentation fault in insmod

Fix segfault in kmodloader insmod mode due to uninitialized module
directory list.

Apply the required fix as patch for now since we don't have the
ulog infrastructure in BB (yet) required for the git head of ubox.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44550 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/system/ubox/Makefile                         |  2 +-
 .../system/ubox/patches/100-insmod-segfault.patch    | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 package/system/ubox/patches/100-insmod-segfault.patch

diff --git a/package/system/ubox/Makefile b/package/system/ubox/Makefile
index 471afd6..2d7ed29 100644
--- a/package/system/ubox/Makefile
+++ b/package/system/ubox/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ubox
-PKG_VERSION:=2015-02-25
+PKG_VERSION:=2015-02-25.1
 PKG_RELEASE=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE_PROTO:=git
diff --git a/package/system/ubox/patches/100-insmod-segfault.patch b/package/system/ubox/patches/100-insmod-segfault.patch
new file mode 100644
index 0000000..df010d1
--- /dev/null
+++ b/package/system/ubox/patches/100-insmod-segfault.patch
@@ -0,0 +1,12 @@
+--- a/kmodloader.c
++++ b/kmodloader.c
+@@ -605,6 +605,9 @@ static int main_insmod(int argc, char **
+ 		cur += sprintf(cur, "%s", argv[i]);
+ 	}
+ 
++	if (init_module_folders())
++		return -1;
++
+ 	if (get_module_path(argv[1])) {
+ 		name = argv[1];
+ 	} else if (!get_module_path(name)) {

From 26093e7239eab275d93547b6e1113214f2175901 Mon Sep 17 00:00:00 2001
From: blogic <blogic@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Tue, 10 Mar 2015 13:26:15 +0000
Subject: [PATCH 08/17] Backport: ar71xx: Fix board detection for the TP-LINK
 TL-MR13U.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44644 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 target/linux/ar71xx/base-files/lib/ar71xx.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/linux/ar71xx/base-files/lib/ar71xx.sh b/target/linux/ar71xx/base-files/lib/ar71xx.sh
index df35775..18da356 100755
--- a/target/linux/ar71xx/base-files/lib/ar71xx.sh
+++ b/target/linux/ar71xx/base-files/lib/ar71xx.sh
@@ -646,7 +646,7 @@ ar71xx_board_detect() {
 	*"TL-MR11U")
 		name="tl-mr11u"
 		;;
-	*"TL-MR13U")
+	*"TL-MR13U v1")
 		name="tl-mr13u"
 		;;
 	*"Tube2H")

From 12c281e5eb18f7a2f465100b731c21d9986bb7c6 Mon Sep 17 00:00:00 2001
From: blogic <blogic@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Tue, 10 Mar 2015 13:26:19 +0000
Subject: [PATCH 09/17] ar71xx: Fix LED polarity for the TP-LINK TL-MR13U.

Please also backport to Barrier Breaker (this same patch applies there too).

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44645 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 target/linux/ar71xx/files/arch/mips/ath79/mach-tl-mr13u.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/linux/ar71xx/files/arch/mips/ath79/mach-tl-mr13u.c b/target/linux/ar71xx/files/arch/mips/ath79/mach-tl-mr13u.c
index 8b03645..84b6937 100644
--- a/target/linux/ar71xx/files/arch/mips/ath79/mach-tl-mr13u.c
+++ b/target/linux/ar71xx/files/arch/mips/ath79/mach-tl-mr13u.c
@@ -45,7 +45,7 @@ static struct gpio_led tl_mr13u_leds_gpio[] __initdata = {
 	{
 		.name		= "tp-link:blue:system",
 		.gpio		= TL_MR13U_GPIO_LED_SYSTEM,
-		.active_low	= 1,
+		.active_low	= 0,
 	},
 };
 

From 873779207228d20b70f9ad9aaeb844b3df17f84e Mon Sep 17 00:00:00 2001
From: nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Thu, 12 Mar 2015 16:32:07 +0000
Subject: [PATCH 10/17] ath9k: fix a beacon enable handling bug

Backport of r44696

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44697 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 .../mac80211/patches/300-pending_work.patch   | 85 +++++++++++++++++++
 1 file changed, 85 insertions(+)

diff --git a/package/kernel/mac80211/patches/300-pending_work.patch b/package/kernel/mac80211/patches/300-pending_work.patch
index 10c5cad..b391d58 100644
--- a/package/kernel/mac80211/patches/300-pending_work.patch
+++ b/package/kernel/mac80211/patches/300-pending_work.patch
@@ -1,3 +1,20 @@
+commit 182a72b61971fc7120d6163b2077c06618c422a4
+Author: Felix Fietkau <nbd@openwrt.org>
+Date:   Thu Mar 12 17:10:50 2015 +0100
+
+    ath9k: fix tracking of enabled AP beacons
+    
+    sc->nbcnvifs tracks assigned beacon slots, not enabled beacons.
+    Therefore, it cannot be used to decide if cur_conf->enable_beacon (bool)
+    should be updated, or if beacons have been enabled already.
+    With the current code (depending on the order of calls), beacons often
+    do not get enabled in an AP+STA setup.
+    To fix tracking of enabled beacons, convert cur_conf->enable_beacon to a
+    bitmask of enabled beacon slots.
+    
+    Cc: stable@vger.kernel.org
+    Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+
 commit 228ee4473b89118993c17ead26381c490c44f9fb
 Author: Felix Fietkau <nbd@openwrt.org>
 Date:   Sun Nov 30 20:34:16 2014 +0100
@@ -3552,3 +3569,71 @@ Date:   Mon May 19 21:20:49 2014 +0200
  		break;
  	default:
  		ath_err(common, "Invalid TX queue type: %u\n", type);
+--- a/drivers/net/wireless/ath/ath9k/beacon.c
++++ b/drivers/net/wireless/ath/ath9k/beacon.c
+@@ -223,12 +223,15 @@ void ath9k_beacon_remove_slot(struct ath
+ 	struct ath_common *common = ath9k_hw_common(sc->sc_ah);
+ 	struct ath_vif *avp = (void *)vif->drv_priv;
+ 	struct ath_buf *bf = avp->av_bcbuf;
++	struct ath_beacon_config *cur_conf = &sc->cur_beacon_conf;
+ 
+ 	ath_dbg(common, CONFIG, "Removing interface at beacon slot: %d\n",
+ 		avp->av_bslot);
+ 
+ 	tasklet_disable(&sc->bcon_tasklet);
+ 
++	cur_conf->enable_beacon &= ~BIT(avp->av_bslot);
++
+ 	if (bf && bf->bf_mpdu) {
+ 		struct sk_buff *skb = bf->bf_mpdu;
+ 		dma_unmap_single(sc->dev, bf->bf_buf_addr,
+@@ -503,8 +506,7 @@ static bool ath9k_allow_beacon_config(st
+ 	struct ath_vif *avp = (void *)vif->drv_priv;
+ 
+ 	if (sc->sc_ah->opmode == NL80211_IFTYPE_AP) {
+-		if ((vif->type != NL80211_IFTYPE_AP) ||
+-		    (sc->nbcnvifs > 1)) {
++		if (vif->type != NL80211_IFTYPE_AP) {
+ 			ath_dbg(common, CONFIG,
+ 				"An AP interface is already present !\n");
+ 			return false;
+@@ -567,6 +569,7 @@ void ath9k_beacon_config(struct ath_soft
+ 	struct ath_beacon_config *cur_conf = &sc->cur_beacon_conf;
+         struct ath_hw *ah = sc->sc_ah;
+         struct ath_common *common = ath9k_hw_common(ah);
++	struct ath_vif *avp = (void *)vif->drv_priv;
+ 	unsigned long flags;
+ 	bool skip_beacon = false;
+ 
+@@ -588,12 +591,14 @@ void ath9k_beacon_config(struct ath_soft
+ 	 * enabling/disabling SWBA.
+ 	 */
+ 	if (changed & BSS_CHANGED_BEACON_ENABLED) {
+-		if (!bss_conf->enable_beacon &&
+-		    (sc->nbcnvifs <= 1)) {
+-			cur_conf->enable_beacon = false;
+-		} else if (bss_conf->enable_beacon) {
+-			cur_conf->enable_beacon = true;
+-			ath9k_cache_beacon_config(sc, bss_conf);
++		bool enabled = cur_conf->enable_beacon;
++
++		if (!bss_conf->enable_beacon) {
++			cur_conf->enable_beacon &= ~BIT(avp->av_bslot);
++		} else {
++			cur_conf->enable_beacon |= BIT(avp->av_bslot);
++			if (!enabled)
++				ath9k_cache_beacon_config(sc, bss_conf);
+ 		}
+ 	}
+ 
+--- a/drivers/net/wireless/ath/ath9k/common.h
++++ b/drivers/net/wireless/ath/ath9k/common.h
+@@ -53,7 +53,7 @@ struct ath_beacon_config {
+ 	u16 dtim_period;
+ 	u16 bmiss_timeout;
+ 	u8 dtim_count;
+-	bool enable_beacon;
++	u8 enable_beacon;
+ 	bool ibss_creator;
+ 	u32 nexttbtt;
+ 	u32 intval;

From 64ae631f20eb349b47dae30c461ab33b5c4ac5c2 Mon Sep 17 00:00:00 2001
From: nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Tue, 17 Mar 2015 17:15:15 +0000
Subject: [PATCH 11/17] kernel: remove the netfilter optimization that skips
 the filter table, it has caused too many issues

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r44873

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44874 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/base-files/files/etc/sysctl.conf      |  1 -
 .../617-netfilter_skip_filter_sysctl.patch    | 87 -------------------
 2 files changed, 88 deletions(-)
 delete mode 100644 target/linux/generic/patches-3.10/617-netfilter_skip_filter_sysctl.patch

diff --git a/package/base-files/files/etc/sysctl.conf b/package/base-files/files/etc/sysctl.conf
index 1225e46..8f3de1a 100644
--- a/package/base-files/files/etc/sysctl.conf
+++ b/package/base-files/files/etc/sysctl.conf
@@ -22,7 +22,6 @@ net.netfilter.nf_conntrack_max=16384
 net.netfilter.nf_conntrack_tcp_timeout_established=7440
 net.netfilter.nf_conntrack_udp_timeout=60
 net.netfilter.nf_conntrack_udp_timeout_stream=180
-net.netfilter.nf_conntrack_skip_filter=1
 
 # disable bridge firewalling by default
 net.bridge.bridge-nf-call-arptables=0
diff --git a/target/linux/generic/patches-3.10/617-netfilter_skip_filter_sysctl.patch b/target/linux/generic/patches-3.10/617-netfilter_skip_filter_sysctl.patch
deleted file mode 100644
index a570834..0000000
--- a/target/linux/generic/patches-3.10/617-netfilter_skip_filter_sysctl.patch
+++ /dev/null
@@ -1,87 +0,0 @@
---- a/include/net/netns/conntrack.h
-+++ b/include/net/netns/conntrack.h
-@@ -80,6 +80,7 @@ struct netns_ct {
- 	int			sysctl_acct;
- 	int			sysctl_tstamp;
- 	int			sysctl_checksum;
-+	int			skip_filter;
- 	unsigned int		sysctl_log_invalid; /* Log invalid packets */
- 	int			sysctl_auto_assign_helper;
- 	bool			auto_assign_helper_warned;
---- a/net/ipv4/netfilter/iptable_filter.c
-+++ b/net/ipv4/netfilter/iptable_filter.c
-@@ -15,6 +15,7 @@
- #include <linux/netfilter_ipv4/ip_tables.h>
- #include <linux/slab.h>
- #include <net/ip.h>
-+#include <net/netfilter/nf_conntrack.h>
- 
- MODULE_LICENSE("GPL");
- MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
-@@ -37,6 +38,7 @@ iptable_filter_hook(unsigned int hook, s
- 		    const struct net_device *in, const struct net_device *out,
- 		    int (*okfn)(struct sk_buff *))
- {
-+	enum ip_conntrack_info ctinfo;
- 	const struct net *net;
- 
- 	if (hook == NF_INET_LOCAL_OUT &&
-@@ -46,6 +48,11 @@ iptable_filter_hook(unsigned int hook, s
- 		return NF_ACCEPT;
- 
- 	net = dev_net((in != NULL) ? in : out);
-+	nf_ct_get(skb, &ctinfo);
-+	if ((ctinfo == IP_CT_ESTABLISHED_REPLY || ctinfo == IP_CT_ESTABLISHED) &&
-+	    net->ct.skip_filter)
-+	    return NF_ACCEPT;
-+
- 	return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_filter);
- }
- 
---- a/net/ipv6/netfilter/ip6table_filter.c
-+++ b/net/ipv6/netfilter/ip6table_filter.c
-@@ -13,6 +13,7 @@
- #include <linux/moduleparam.h>
- #include <linux/netfilter_ipv6/ip6_tables.h>
- #include <linux/slab.h>
-+#include <net/netfilter/nf_conntrack.h>
- 
- MODULE_LICENSE("GPL");
- MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
-@@ -37,6 +38,12 @@ ip6table_filter_hook(unsigned int hook, 
- 		     int (*okfn)(struct sk_buff *))
- {
- 	const struct net *net = dev_net((in != NULL) ? in : out);
-+	enum ip_conntrack_info ctinfo;
-+
-+	nf_ct_get(skb, &ctinfo);
-+	if ((ctinfo == IP_CT_ESTABLISHED_REPLY || ctinfo == IP_CT_ESTABLISHED) &&
-+	    net->ct.skip_filter)
-+	    return NF_ACCEPT;
- 
- 	return ip6t_do_table(skb, hook, in, out, net->ipv6.ip6table_filter);
- }
---- a/net/netfilter/nf_conntrack_standalone.c
-+++ b/net/netfilter/nf_conntrack_standalone.c
-@@ -477,6 +477,13 @@ static ctl_table nf_ct_sysctl_table[] = 
- 		.extra2		= &log_invalid_proto_max,
- 	},
- 	{
-+		.procname	= "nf_conntrack_skip_filter",
-+		.data		= &init_net.ct.skip_filter,
-+		.maxlen		= sizeof(int),
-+		.mode		= 0644,
-+		.proc_handler	= proc_dointvec,
-+	},
-+	{
- 		.procname	= "nf_conntrack_expect_max",
- 		.data		= &nf_ct_expect_max,
- 		.maxlen		= sizeof(int),
-@@ -512,6 +519,7 @@ static int nf_conntrack_standalone_init_
- 	table[2].data = &net->ct.htable_size;
- 	table[3].data = &net->ct.sysctl_checksum;
- 	table[4].data = &net->ct.sysctl_log_invalid;
-+	table[5].data = &net->ct.skip_filter;
- 
- 	/* Don't export sysctls to unprivileged users */
- 	if (net->user_ns != &init_user_ns)

From 229d60fdb45c34902d402938e231c006f7c73931 Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Mon, 23 Mar 2015 14:08:16 +0000
Subject: [PATCH 12/17] BB: openssl: update to v1.0.2a (14 CVEs)

Fixes CVE-2015-0204, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209,
CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289,
CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44952 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/libs/openssl/Makefile                 |   6 +-
 .../patches/110-optimize-for-size.patch       |  10 +-
 .../libs/openssl/patches/150-no_engines.patch |  18 +--
 .../openssl/patches/200-parallel_build.patch  | 149 +-----------------
 .../openssl/patches/210-termios_fix.patch     |  11 --
 5 files changed, 20 insertions(+), 174 deletions(-)
 delete mode 100644 package/libs/openssl/patches/210-termios_fix.patch

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index b5f5ad7..b976786 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
-PKG_VERSION:=1.0.2
-PKG_RELEASE:=2
+PKG_VERSION:=1.0.2a
+PKG_RELEASE:=0
 PKG_USE_MIPS16:=0
 
 PKG_BUILD_PARALLEL:=1
@@ -18,7 +18,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openssl.org/source/ \
 	ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
 	ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=38373013fc85c790aabf8837969c5eba
+PKG_MD5SUM:=a06c547dac9044161a477211049f60ef
 
 PKG_LICENSE:=SSLEAY OPENSSL
 PKG_LICENSE_FILES:=LICENSE
diff --git a/package/libs/openssl/patches/110-optimize-for-size.patch b/package/libs/openssl/patches/110-optimize-for-size.patch
index cf173fc..c944322 100644
--- a/package/libs/openssl/patches/110-optimize-for-size.patch
+++ b/package/libs/openssl/patches/110-optimize-for-size.patch
@@ -1,13 +1,15 @@
 --- a/Configure
 +++ b/Configure
-@@ -443,6 +443,10 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+@@ -443,6 +443,12 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  
 +# OpenWrt targets
++"linux-armv4-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-x86_64-openwrt",	"gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 +"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-generic-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +
- # Android: linux-* but without -DTERMIO and pointers to headers and libs.
+ # Android: linux-* but without pointers to headers and libs.
  "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch
index 89af381..df3f866 100644
--- a/package/libs/openssl/patches/150-no_engines.patch
+++ b/package/libs/openssl/patches/150-no_engines.patch
@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -2074,6 +2074,11 @@ EOF
+@@ -2076,6 +2076,11 @@ EOF
  	close(OUT);
    }
    
@@ -14,7 +14,7 @@
  Configured for $target.
 --- a/util/libeay.num
 +++ b/util/libeay.num
-@@ -2072,7 +2072,6 @@ PKCS7_ATTR_SIGN_it
+@@ -2073,7 +2073,6 @@ PKCS7_ATTR_SIGN_it
  UI_add_error_string                     2633	EXIST::FUNCTION:
  KRB5_CHECKSUM_free                      2634	EXIST::FUNCTION:
  OCSP_REQUEST_get_ext                    2635	EXIST::FUNCTION:
@@ -22,7 +22,7 @@
  ENGINE_register_all_digests             2637	EXIST::FUNCTION:ENGINE
  PKEY_USAGE_PERIOD_it                    2638	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  PKEY_USAGE_PERIOD_it                    2638	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2546,7 +2545,6 @@ OCSP_RESPONSE_new
+@@ -2547,7 +2546,6 @@ OCSP_RESPONSE_new
  AES_set_encrypt_key                     3024	EXIST::FUNCTION:AES
  OCSP_resp_count                         3025	EXIST::FUNCTION:
  KRB5_CHECKSUM_new                       3026	EXIST::FUNCTION:
@@ -30,7 +30,7 @@
  OCSP_onereq_get0_id                     3028	EXIST::FUNCTION:
  ENGINE_set_default_ciphers              3029	EXIST::FUNCTION:ENGINE
  NOTICEREF_it                            3030	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2577,7 +2575,6 @@ ASN1_primitive_free
+@@ -2578,7 +2576,6 @@ ASN1_primitive_free
  i2d_EXTENDED_KEY_USAGE                  3052	EXIST::FUNCTION:
  i2d_OCSP_SIGNATURE                      3053	EXIST::FUNCTION:
  asn1_enc_save                           3054	EXIST::FUNCTION:
@@ -38,7 +38,7 @@
  _ossl_old_des_pcbc_encrypt              3056	EXIST::FUNCTION:DES
  PKCS12_MAC_DATA_it                      3057	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  PKCS12_MAC_DATA_it                      3057	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2601,7 +2598,6 @@ asn1_get_choice_selector
+@@ -2602,7 +2599,6 @@ asn1_get_choice_selector
  i2d_KRB5_CHECKSUM                       3072	EXIST::FUNCTION:
  ENGINE_set_table_flags                  3073	EXIST::FUNCTION:ENGINE
  AES_options                             3074	EXIST::FUNCTION:AES
@@ -46,7 +46,7 @@
  OCSP_id_cmp                             3076	EXIST::FUNCTION:
  OCSP_BASICRESP_new                      3077	EXIST::FUNCTION:
  OCSP_REQUEST_get_ext_by_NID             3078	EXIST::FUNCTION:
-@@ -2668,7 +2664,6 @@ OCSP_CRLID_it
+@@ -2669,7 +2665,6 @@ OCSP_CRLID_it
  OCSP_CRLID_it                           3127	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
  i2d_KRB5_AUTHENTBODY                    3128	EXIST::FUNCTION:
  OCSP_REQUEST_get_ext_count              3129	EXIST::FUNCTION:
@@ -54,7 +54,7 @@
  X509_NAME_it                            3131	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  X509_NAME_it                            3131	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
  USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2763,8 +2758,6 @@ DES_read_2passwords
+@@ -2764,8 +2759,6 @@ DES_read_2passwords
  DES_read_password                       3207	EXIST::FUNCTION:DES
  UI_UTIL_read_pw                         3208	EXIST::FUNCTION:
  UI_UTIL_read_pw_string                  3209	EXIST::FUNCTION:
@@ -63,7 +63,7 @@
  OPENSSL_add_all_algorithms_noconf       3212	EXIST:!VMS:FUNCTION:
  OPENSSL_add_all_algo_noconf             3212	EXIST:VMS:FUNCTION:
  OPENSSL_add_all_algorithms_conf         3213	EXIST:!VMS:FUNCTION:
-@@ -2773,7 +2766,6 @@ OPENSSL_load_builtin_modules
+@@ -2774,7 +2767,6 @@ OPENSSL_load_builtin_modules
  AES_ofb128_encrypt                      3215	EXIST::FUNCTION:AES
  AES_ctr128_encrypt                      3216	EXIST::FUNCTION:AES
  AES_cfb128_encrypt                      3217	EXIST::FUNCTION:AES
@@ -71,7 +71,7 @@
  _ossl_096_des_random_seed               3219	EXIST::FUNCTION:DES
  EVP_aes_256_ofb                         3220	EXIST::FUNCTION:AES
  EVP_aes_192_ofb                         3221	EXIST::FUNCTION:AES
-@@ -3108,7 +3100,6 @@ EC_GFp_nist_method
+@@ -3109,7 +3101,6 @@ EC_GFp_nist_method
  STORE_meth_set_modify_fn                3530	NOEXIST::FUNCTION:
  STORE_method_set_modify_function        3530	NOEXIST::FUNCTION:
  STORE_parse_attrs_next                  3531	NOEXIST::FUNCTION:
diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/200-parallel_build.patch
index 0416eab..c2eeb38 100644
--- a/package/libs/openssl/patches/200-parallel_build.patch
+++ b/package/libs/openssl/patches/200-parallel_build.patch
@@ -169,7 +169,7 @@
  	ctags $(SRC)
 --- a/test/Makefile
 +++ b/test/Makefile
-@@ -132,7 +132,7 @@ install:
+@@ -133,7 +133,7 @@ install:
  tags:
  	ctags $(SRC)
  
@@ -178,152 +178,7 @@
  
  apps:
  	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -398,109 +398,109 @@ BUILD_CMD_STATIC=shlib_target=; \
- 		link_app.$${shlib_target}
- 
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--	@target=$(RSATEST); $(BUILD_CMD)
-+	+@target=$(RSATEST); $(BUILD_CMD)
- 
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--	@target=$(BNTEST); $(BUILD_CMD)
-+	+@target=$(BNTEST); $(BUILD_CMD)
- 
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--	@target=$(ECTEST); $(BUILD_CMD)
-+	+@target=$(ECTEST); $(BUILD_CMD)
- 
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--	@target=$(EXPTEST); $(BUILD_CMD)
-+	+@target=$(EXPTEST); $(BUILD_CMD)
- 
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--	@target=$(IDEATEST); $(BUILD_CMD)
-+	+@target=$(IDEATEST); $(BUILD_CMD)
- 
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--	@target=$(MD2TEST); $(BUILD_CMD)
-+	+@target=$(MD2TEST); $(BUILD_CMD)
- 
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--	@target=$(SHATEST); $(BUILD_CMD)
-+	+@target=$(SHATEST); $(BUILD_CMD)
- 
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--	@target=$(SHA1TEST); $(BUILD_CMD)
-+	+@target=$(SHA1TEST); $(BUILD_CMD)
- 
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--	@target=$(SHA256TEST); $(BUILD_CMD)
-+	+@target=$(SHA256TEST); $(BUILD_CMD)
- 
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--	@target=$(SHA512TEST); $(BUILD_CMD)
-+	+@target=$(SHA512TEST); $(BUILD_CMD)
- 
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--	@target=$(RMDTEST); $(BUILD_CMD)
-+	+@target=$(RMDTEST); $(BUILD_CMD)
- 
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--	@target=$(MDC2TEST); $(BUILD_CMD)
-+	+@target=$(MDC2TEST); $(BUILD_CMD)
- 
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--	@target=$(MD4TEST); $(BUILD_CMD)
-+	+@target=$(MD4TEST); $(BUILD_CMD)
- 
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--	@target=$(MD5TEST); $(BUILD_CMD)
-+	+@target=$(MD5TEST); $(BUILD_CMD)
- 
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--	@target=$(HMACTEST); $(BUILD_CMD)
-+	+@target=$(HMACTEST); $(BUILD_CMD)
- 
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--	@target=$(WPTEST); $(BUILD_CMD)
-+	+@target=$(WPTEST); $(BUILD_CMD)
- 
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--	@target=$(RC2TEST); $(BUILD_CMD)
-+	+@target=$(RC2TEST); $(BUILD_CMD)
- 
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--	@target=$(BFTEST); $(BUILD_CMD)
-+	+@target=$(BFTEST); $(BUILD_CMD)
- 
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--	@target=$(CASTTEST); $(BUILD_CMD)
-+	+@target=$(CASTTEST); $(BUILD_CMD)
- 
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--	@target=$(RC4TEST); $(BUILD_CMD)
-+	+@target=$(RC4TEST); $(BUILD_CMD)
- 
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--	@target=$(RC5TEST); $(BUILD_CMD)
-+	+@target=$(RC5TEST); $(BUILD_CMD)
- 
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--	@target=$(DESTEST); $(BUILD_CMD)
-+	+@target=$(DESTEST); $(BUILD_CMD)
- 
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--	@target=$(RANDTEST); $(BUILD_CMD)
-+	+@target=$(RANDTEST); $(BUILD_CMD)
- 
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--	@target=$(DHTEST); $(BUILD_CMD)
-+	+@target=$(DHTEST); $(BUILD_CMD)
- 
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--	@target=$(DSATEST); $(BUILD_CMD)
-+	+@target=$(DSATEST); $(BUILD_CMD)
- 
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--	@target=$(METHTEST); $(BUILD_CMD)
-+	+@target=$(METHTEST); $(BUILD_CMD)
- 
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- 
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--	@target=$(ENGINETEST); $(BUILD_CMD)
-+	+@target=$(ENGINETEST); $(BUILD_CMD)
- 
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--	@target=$(EVPTEST); $(BUILD_CMD)
-+	+@target=$(EVPTEST); $(BUILD_CMD)
- 
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--	@target=$(ECDSATEST); $(BUILD_CMD)
-+	+@target=$(ECDSATEST); $(BUILD_CMD)
- 
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--	@target=$(ECDHTEST); $(BUILD_CMD)
-+	+@target=$(ECDHTEST); $(BUILD_CMD)
- 
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--	@target=$(IGETEST); $(BUILD_CMD)
-+	+@target=$(IGETEST); $(BUILD_CMD)
- 
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--	@target=$(JPAKETEST); $(BUILD_CMD)
-+	+@target=$(JPAKETEST); $(BUILD_CMD)
- 
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--	@target=$(ASN1TEST); $(BUILD_CMD)
-+	+@target=$(ASN1TEST); $(BUILD_CMD)
- 
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--	@target=$(SRPTEST); $(BUILD_CMD)
-+	+@target=$(SRPTEST); $(BUILD_CMD)
- 
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
- 	@target=$(V3NAMETEST); $(BUILD_CMD)
-@@ -522,7 +522,7 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMET
+@@ -529,7 +529,7 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMET
  #	fi
  
  dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
diff --git a/package/libs/openssl/patches/210-termios_fix.patch b/package/libs/openssl/patches/210-termios_fix.patch
deleted file mode 100644
index 957c5cf..0000000
--- a/package/libs/openssl/patches/210-termios_fix.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/crypto/ui/ui_openssl.c
-+++ b/crypto/ui/ui_openssl.c
-@@ -194,7 +194,7 @@
- # undef  SGTTY
- #endif
- 
--#if defined(linux) && !defined(TERMIO)
-+#if defined(linux) && !defined(TERMIO) && !defined(TERMIOS)
- # undef  TERMIOS
- # define TERMIO
- # undef  SGTTY

From 179bab8b1700d74b28cc6cd25322f9a1ad670107 Mon Sep 17 00:00:00 2001
From: nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Wed, 6 May 2015 09:47:05 +0000
Subject: [PATCH 13/17] hostapd: fix remote denial of service vulnerability in
 WMM action frame parsing

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r45619

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@45620 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/network/services/hostapd/Makefile     |  2 +-
 ...er-underflow-in-WMM-Action-frame-par.patch | 36 +++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch

diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 7237c65..788fd11 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
 PKG_VERSION:=2014-06-03.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_REV:=84df167554569af8c87f0a8ac1fb508192417d8e
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
diff --git a/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch b/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
new file mode 100644
index 0000000..bc4d60f
--- /dev/null
+++ b/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
@@ -0,0 +1,36 @@
+From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Wed, 29 Apr 2015 02:21:53 +0300
+Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
+
+The length of the WMM Action frame was not properly validated and the
+length of the information elements (int left) could end up being
+negative. This would result in reading significantly past the stack
+buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
+so, resulting in segmentation fault.
+
+This can result in an invalid frame being used for a denial of service
+attack (hostapd process killed) against an AP with a driver that uses
+hostapd for management frame processing (e.g., all mac80211-based
+drivers).
+
+Thanks to Kostya Kortchinsky of Google security team for discovering and
+reporting this issue.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/wmm.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/src/ap/wmm.c
++++ b/src/ap/wmm.c
+@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_d
+ 		return;
+ 	}
+ 
++	if (left < 0)
++		return; /* not a valid WMM Action frame */
++
+ 	/* extract the tspec info element */
+ 	if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
+ 		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,

From d70e69464ec00006b26ac684e808a6118dd4177a Mon Sep 17 00:00:00 2001
From: cyrus <cyrus@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Fri, 12 Jun 2015 20:59:57 +0000
Subject: [PATCH 14/17] openssl: bump to 1.0.2c

fixes CVE-2015-4000 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@45951 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/libs/openssl/Makefile                    |  4 ++--
 .../openssl/patches/110-optimize-for-size.patch  |  2 +-
 .../libs/openssl/patches/150-no_engines.patch    |  2 +-
 .../openssl/patches/160-disable_doc_tests.patch  |  6 +++---
 .../patches/190-remove_timestamp_check.patch     |  6 +++---
 .../openssl/patches/200-parallel_build.patch     | 16 ++++++++--------
 .../openssl/patches/220-fix-no-ec-build.patch    | 14 --------------
 7 files changed, 18 insertions(+), 32 deletions(-)

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index b976786..5770713 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
-PKG_VERSION:=1.0.2a
+PKG_VERSION:=1.0.2c
 PKG_RELEASE:=0
 PKG_USE_MIPS16:=0
 
@@ -18,7 +18,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openssl.org/source/ \
 	ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
 	ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=a06c547dac9044161a477211049f60ef
+PKG_MD5SUM:=8c8d81a9ae7005276e486702edbcd4b6
 
 PKG_LICENSE:=SSLEAY OPENSSL
 PKG_LICENSE_FILES:=LICENSE
diff --git a/package/libs/openssl/patches/110-optimize-for-size.patch b/package/libs/openssl/patches/110-optimize-for-size.patch
index c944322..0a0e59a 100644
--- a/package/libs/openssl/patches/110-optimize-for-size.patch
+++ b/package/libs/openssl/patches/110-optimize-for-size.patch
@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -443,6 +443,12 @@ my %table=(
+@@ -460,6 +460,12 @@ my %table=(
  "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  
diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch
index df3f866..e0c80e4 100644
--- a/package/libs/openssl/patches/150-no_engines.patch
+++ b/package/libs/openssl/patches/150-no_engines.patch
@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -2076,6 +2076,11 @@ EOF
+@@ -2103,6 +2103,11 @@ EOF
  	close(OUT);
    }
    
diff --git a/package/libs/openssl/patches/160-disable_doc_tests.patch b/package/libs/openssl/patches/160-disable_doc_tests.patch
index e31ffa5..afd5065 100644
--- a/package/libs/openssl/patches/160-disable_doc_tests.patch
+++ b/package/libs/openssl/patches/160-disable_doc_tests.patch
@@ -34,9 +34,9 @@
 -build_all: build_libs build_apps build_tests build_tools
 +build_all: build_libs build_apps build_tools
  
- build_libs: build_crypto build_ssl build_engines
+ build_libs: build_libcrypto build_libssl openssl.pc
  
-@@ -538,7 +538,7 @@ dist:
+@@ -528,7 +528,7 @@ dist:
  dist_pem_h:
  	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
@@ -47,7 +47,7 @@
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -536,7 +536,7 @@ dist:
+@@ -526,7 +526,7 @@ dist:
  dist_pem_h:
  	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
diff --git a/package/libs/openssl/patches/190-remove_timestamp_check.patch b/package/libs/openssl/patches/190-remove_timestamp_check.patch
index 86b17d0..8a832a4 100644
--- a/package/libs/openssl/patches/190-remove_timestamp_check.patch
+++ b/package/libs/openssl/patches/190-remove_timestamp_check.patch
@@ -4,12 +4,12 @@
  EXHEADER=       e_os2.h
  HEADER=         e_os.h
  
--all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
-+all: build_all openssl.pc libssl.pc libcrypto.pc
+-all: Makefile build_all
++all: build_all
  
  # as we stick to -e, CLEARENV ensures that local variables in lower
  # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-@@ -395,11 +395,6 @@ openssl.pc: Makefile
+@@ -398,11 +398,6 @@ openssl.pc: Makefile
  	    echo 'Version: '$(VERSION); \
  	    echo 'Requires: libssl libcrypto' ) > openssl.pc
  
diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/200-parallel_build.patch
index c2eeb38..ff63e02 100644
--- a/package/libs/openssl/patches/200-parallel_build.patch
+++ b/package/libs/openssl/patches/200-parallel_build.patch
@@ -1,7 +1,7 @@
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -274,17 +274,17 @@ build_all: build_libs build_apps build_t
- build_libs: build_crypto build_ssl build_engines
+@@ -277,17 +277,17 @@ build_libcrypto: build_crypto build_engi
+ build_libssl: build_ssl libssl.pc
  
  build_crypto:
 -	@dir=crypto; target=all; $(BUILD_ONE_CMD)
@@ -29,8 +29,8 @@
  
  all_testapps: build_libs build_testapps
  build_testapps:
-@@ -453,7 +453,7 @@ report:
- 	@$(PERL) util/selftest.pl
+@@ -459,7 +459,7 @@ update: errors stacks util/libeay.num ut
+ 	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
  
  depend:
 -	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
@@ -38,7 +38,7 @@
  
  lint:
  	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-@@ -531,9 +531,9 @@ dist:
+@@ -521,9 +521,9 @@ dist:
  dist_pem_h:
  	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
@@ -50,7 +50,7 @@
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -542,12 +542,19 @@ install_sw:
+@@ -532,12 +532,19 @@ install_sw:
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@@ -71,7 +71,7 @@
  	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
  	do \
  		if [ -f "$$i" ]; then \
-@@ -631,12 +638,7 @@ install_html_docs:
+@@ -621,12 +628,7 @@ install_html_docs:
  		done; \
  	done
  
@@ -178,7 +178,7 @@
  
  apps:
  	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -529,7 +529,7 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMET
+@@ -530,7 +530,7 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMET
  #	fi
  
  dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
diff --git a/package/libs/openssl/patches/220-fix-no-ec-build.patch b/package/libs/openssl/patches/220-fix-no-ec-build.patch
index 44ec50e..e69de29 100644
--- a/package/libs/openssl/patches/220-fix-no-ec-build.patch
+++ b/package/libs/openssl/patches/220-fix-no-ec-build.patch
@@ -1,14 +0,0 @@
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -113,9 +113,11 @@
- #include <openssl/objects.h>
- #include <openssl/evp.h>
- #include <openssl/hmac.h>
-+#ifndef OPENSSL_NO_EC
- #ifdef OPENSSL_NO_EC2M
- # include <openssl/ec.h>
- #endif
-+#endif
- #include <openssl/ocsp.h>
- #include <openssl/rand.h>
- #include "ssl_locl.h"

From 28e3d3f33045771d08e1e5c1e7aff859cd1ab86d Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Fri, 3 Jul 2015 13:49:24 +0000
Subject: [PATCH 15/17] BB: uclibc++: make g++-uc* wrappers relocatable

The g++-uc wrapper hardcodes $(STAGING_DIR) and $(TOOLCHAIN_DIR) paths which
will not work outside of the original build environment.

Replace the hardcoded staging_dir occurences with paths relative to the
$STAGING_DIR environment variable to make the g++-uc* wrappers usable in an
SDK environment.

Fixes the libdb47 build failure reported at
  https://lists.openwrt.org/pipermail/openwrt-devel/2015-April/032455.html

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r46162

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@46164 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/libs/uclibc++/Makefile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/package/libs/uclibc++/Makefile b/package/libs/uclibc++/Makefile
index 38e8a99..f855cd2 100644
--- a/package/libs/uclibc++/Makefile
+++ b/package/libs/uclibc++/Makefile
@@ -74,8 +74,9 @@ define Build/InstallDev
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/g++-uc $(TOOLCHAIN_DIR)/bin/
 	$(CP) $(PKG_INSTALL_DIR)/include/* $(1)/usr/include/uClibc++/
 	$(CP) $(PKG_INSTALL_DIR)/lib/libuClibc++*.{a,so}* $(1)/usr/lib/
-	$(SED) 's|-I/include/|-I$(STAGING_DIR)/usr/include/uClibc++/|g' $(TOOLCHAIN_DIR)/bin/g++-uc
-	$(SED) 's|-L/lib/|-L$(STAGING_DIR)/usr/lib/|g' $(TOOLCHAIN_DIR)/bin/g++-uc
+	$(SED) 's!\(^\|[[:space:]]\)-[IL]$(TOOLCHAIN_DIR)/[^[:space:]]*!!g' $(TOOLCHAIN_DIR)/bin/g++-uc
+	$(SED) 's|-I/include/|-I$$$${STAGING_DIR:-$(STAGING_DIR)}/usr/include/uClibc++/|g' $(TOOLCHAIN_DIR)/bin/g++-uc
+	$(SED) 's|-L/lib/|-L$$$${STAGING_DIR:-$(STAGING_DIR)}/lib/|g' $(TOOLCHAIN_DIR)/bin/g++-uc
 # add another wrapper which links against both uClibc++ and libstdc++ 
 	$(INSTALL_BIN) $(TOOLCHAIN_DIR)/bin/g++-uc $(TOOLCHAIN_DIR)/bin/g++-uc+std
 	$(SED) 's|^WRAPPER_INCLUDEDIR=.*||g' $(TOOLCHAIN_DIR)/bin/g++-uc+std

From 861527622c343b2eebb483b5e723c103a6b6432f Mon Sep 17 00:00:00 2001
From: jogo <jogo@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Sat, 4 Jul 2015 12:56:21 +0000
Subject: [PATCH 16/17] BB: kernel: kmod-scsi-core: fix load on install

sd_mod depends on scsi_mod, but due to it being an AutoLoad and not
AutoProbe module, it was not loading when installing the package,
causing unknown symbol errors for sd_mod and anything depending on it.

Closes #14927, #18293, #19351.

Backport of r46176.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@46178 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/kernel/linux/modules/block.mk | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/kernel/linux/modules/block.mk b/package/kernel/linux/modules/block.mk
index 8a84aa4..8c29e01 100644
--- a/package/kernel/linux/modules/block.mk
+++ b/package/kernel/linux/modules/block.mk
@@ -565,9 +565,9 @@ define KernelPackage/scsi-core
 	CONFIG_SCSI \
 	CONFIG_BLK_DEV_SD
   FILES:= \
-	$(if $(findstring y,$(CONFIG_SCSI)),,$(LINUX_DIR)/drivers/scsi/scsi_mod.ko) \
+	$(LINUX_DIR)/drivers/scsi/scsi_mod.ko \
 	$(LINUX_DIR)/drivers/scsi/sd_mod.ko
-  AUTOLOAD:=$(call AutoLoad,40,sd_mod,1)
+  AUTOLOAD:=$(call AutoLoad,40,scsi_mod sd_mod,1)
 endef
 
 $(eval $(call KernelPackage,scsi-core))

From 10b1d597b97bf9038d18eb8c7c5a8d127c72e5da Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Thu, 9 Jul 2015 13:15:32 +0000
Subject: [PATCH 17/17] BB: openssl: update to v1.0.2d (CVE-2015-1793)

During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r46285

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@46287 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/libs/openssl/Makefile                 |  6 +--
 .../patches/160-disable_doc_tests.patch       |  8 ++--
 .../patches/190-remove_timestamp_check.patch  |  2 +-
 .../openssl/patches/200-parallel_build.patch  | 39 ++++++++-----------
 .../openssl/patches/220-fix-no-ec-build.patch |  0
 5 files changed, 25 insertions(+), 30 deletions(-)
 delete mode 100644 package/libs/openssl/patches/220-fix-no-ec-build.patch

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 5770713..2ef0b96 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
-PKG_VERSION:=1.0.2c
-PKG_RELEASE:=0
+PKG_VERSION:=1.0.2d
+PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
 PKG_BUILD_PARALLEL:=1
@@ -18,7 +18,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openssl.org/source/ \
 	ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
 	ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=8c8d81a9ae7005276e486702edbcd4b6
+PKG_MD5SUM:=38dd619b2e77cbac69b99f52a053d25a
 
 PKG_LICENSE:=SSLEAY OPENSSL
 PKG_LICENSE_FILES:=LICENSE
diff --git a/package/libs/openssl/patches/160-disable_doc_tests.patch b/package/libs/openssl/patches/160-disable_doc_tests.patch
index afd5065..f7c09b6 100644
--- a/package/libs/openssl/patches/160-disable_doc_tests.patch
+++ b/package/libs/openssl/patches/160-disable_doc_tests.patch
@@ -27,16 +27,16 @@
  WDIRS=  windows
  LIBS=   libcrypto.a libssl.a
  SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-@@ -271,7 +271,7 @@ reflect:
- 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+@@ -272,7 +272,7 @@ reflect:
  
  sub_all: build_all
+ 
 -build_all: build_libs build_apps build_tests build_tools
 +build_all: build_libs build_apps build_tools
  
  build_libs: build_libcrypto build_libssl openssl.pc
  
-@@ -528,7 +528,7 @@ dist:
+@@ -529,7 +529,7 @@ dist:
  dist_pem_h:
  	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
@@ -47,7 +47,7 @@
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -526,7 +526,7 @@ dist:
+@@ -527,7 +527,7 @@ dist:
  dist_pem_h:
  	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
diff --git a/package/libs/openssl/patches/190-remove_timestamp_check.patch b/package/libs/openssl/patches/190-remove_timestamp_check.patch
index 8a832a4..acf97bc 100644
--- a/package/libs/openssl/patches/190-remove_timestamp_check.patch
+++ b/package/libs/openssl/patches/190-remove_timestamp_check.patch
@@ -9,7 +9,7 @@
  
  # as we stick to -e, CLEARENV ensures that local variables in lower
  # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-@@ -398,11 +398,6 @@ openssl.pc: Makefile
+@@ -399,11 +399,6 @@ openssl.pc: Makefile
  	    echo 'Version: '$(VERSION); \
  	    echo 'Requires: libssl libcrypto' ) > openssl.pc
  
diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/200-parallel_build.patch
index ff63e02..c3fc3f3 100644
--- a/package/libs/openssl/patches/200-parallel_build.patch
+++ b/package/libs/openssl/patches/200-parallel_build.patch
@@ -1,35 +1,30 @@
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -277,17 +277,17 @@ build_libcrypto: build_crypto build_engi
+@@ -278,17 +278,17 @@ build_libcrypto: build_crypto build_engi
  build_libssl: build_ssl libssl.pc
  
  build_crypto:
 -	@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
--	@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
 +	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+build_ssl: build_crypto
+ build_ssl: build_crypto
+-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
 +	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+build_engines: build_crypto
+ build_engines: build_crypto
+-	@dir=engines; target=all; $(BUILD_ONE_CMD)
 +	+@dir=engines; target=all; $(BUILD_ONE_CMD)
-+build_apps: build_libs
+ build_apps: build_libs
+-	@dir=apps; target=all; $(BUILD_ONE_CMD)
 +	+@dir=apps; target=all; $(BUILD_ONE_CMD)
-+build_tests: build_libs
+ build_tests: build_libs
+-	@dir=test; target=all; $(BUILD_ONE_CMD)
 +	+@dir=test; target=all; $(BUILD_ONE_CMD)
-+build_tools: build_libs
+ build_tools: build_libs
+-	@dir=tools; target=all; $(BUILD_ONE_CMD)
 +	+@dir=tools; target=all; $(BUILD_ONE_CMD)
  
  all_testapps: build_libs build_testapps
  build_testapps:
-@@ -459,7 +459,7 @@ update: errors stacks util/libeay.num ut
+@@ -460,7 +460,7 @@ update: errors stacks util/libeay.num ut
  	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
  
  depend:
@@ -38,7 +33,7 @@
  
  lint:
  	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-@@ -521,9 +521,9 @@ dist:
+@@ -522,9 +522,9 @@ dist:
  dist_pem_h:
  	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
@@ -50,7 +45,7 @@
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -532,12 +532,19 @@ install_sw:
+@@ -533,12 +533,19 @@ install_sw:
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@@ -71,7 +66,7 @@
  	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
  	do \
  		if [ -f "$$i" ]; then \
-@@ -621,12 +628,7 @@ install_html_docs:
+@@ -622,12 +629,7 @@ install_html_docs:
  		done; \
  	done
  
@@ -169,7 +164,7 @@
  	ctags $(SRC)
 --- a/test/Makefile
 +++ b/test/Makefile
-@@ -133,7 +133,7 @@ install:
+@@ -134,7 +134,7 @@ install:
  tags:
  	ctags $(SRC)
  
@@ -178,7 +173,7 @@
  
  apps:
  	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -530,7 +530,7 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMET
+@@ -538,7 +538,7 @@ $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEX
  #	fi
  
  dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
diff --git a/package/libs/openssl/patches/220-fix-no-ec-build.patch b/package/libs/openssl/patches/220-fix-no-ec-build.patch
deleted file mode 100644
index e69de29..0000000