staging/xback, branch v17.01.2

LEDE v17.01.2: adjust config defaults

2017-06-10T11:08:02Z

Signed-off-by: Alexander Couzens

build: ensure that flock is available for make download

2017-06-08T21:02:37Z

It ensures that make download can parallelize downloads, even when some packages download the same files (e.g. gcc/initial, gcc/final) Signed-off-by: Felix Fietkau

include/toplevel: set env GIT_ASKPASS=/bin/true

2017-06-08T21:02:37Z

When git-https request a service (e.g. github) which ask for credentials git will pass this request to the user resulting download.pl to wait for user input. Set GIT_ASKPASS to stop asking. Signed-off-by: Alexander Couzens

base-files: network.sh: fix a number of IPv6 logic flaws

2017-06-08T21:02:16Z

* Change network_get_subnet6() to sensibly guess a suitable prefix Attempt to return the first non-linklocal, non-ula range, then attempt to return the first non-linklocal range and finally fall back to the previous behaviour of simply returning the first found item. * Fix network_get_ipaddrs_all() Instead of replicating the flawed logic appending a fixed ":1" suffix to IPv6 addresses, rely on network_get_ipaddrs() and network_get_ipaddrs6() to build a single list of all interface addresses. * Fix network_get_subnets6() Instead of replicating the flawed logic appending a fixed ":1" suffix to IPv6 addresses, rely on the ipv6-prefix-assignment.local-address field to figure out the proper network address. Signed-off-by: Jo-Philipp Wich

mwlwifi: update to version 10.3.4.0 / 2017-06-06

2017-06-08T17:57:31Z

Signed-off-by: Jo-Philipp Wich

automake: import upstream fix for perl 5.26

2017-06-08T10:18:56Z

Build broke as distributions now include Perl 5.26 and automake triggered an "Unescaped left brace in regex" error. Import upstream commit 13f00eb449 to fix that. Signed-off-by: Daniel Golle

base-files: network.sh: properly report local IPv6 addresses

2017-06-08T10:06:50Z

Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to fetch the effective local IPv6 address of delegated prefix from the "local-address" field instead of naively hardcoding ":1" as static suffix. Fixes FS#829. Signed-off-by: Jo-Philipp Wich

kernel: update kernel 4.4 to 4.4.71

2017-06-07T19:24:41Z

Fixes the following security vulnerabilities: CVE-2017-8890 The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. CVE-2017-9074 The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. CVE-2017-9075 The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9076 The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9077 The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9242 The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242 Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71 Signed-off-by: Jo-Philipp Wich

Add missing APU1 reference to x86 board.d

2017-06-06T21:02:20Z

x86 board.d only contains a case for the APU2, not the APU1. This causes, for example, network configuration not to be created correctly. Even though the APU1 seems to reaching EOL, there a still a lot of them out there. The APU1 and APU2 is configured in the same way and this patch should also be considered for stable, as the error also exists there. Signed-off-by: Kristian Evensen

base-files: always set proto passed to _ucidef_set_interface()

2017-06-03T18:41:26Z

Overwrite an already set proto if a new one is passed to _ucidef_set_interface() similar to what is done for the interface. It is required when using ""ucidef_set_interface_wan 'ptm0' 'pppoe'" after some initial wan interface configuration is already done by ucidef_add_switch. The "json_is_a protocol string" guard is meant to not reset an earlier set interface proto in case something like "ucidef_set_interface_lan 'eth0'" is used afterwards. Signed-off-by: Mathias Kresin