This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 5a53d5947d29a65240a9a60e10101bc567638f0f (commit) via bde891d1b133a8a28d487cf163ff639d989f6d9a (commit) via c5c12c9c81bd8ef085a5453fe39e53df100915c3 (commit) from 0eccc8a97c59a3ad86c9370f4cfd844e63da8d2e (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 5a53d5947d29a65240a9a60e10101bc567638f0f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jul 28 18:12:13 2016 +0200
core104: add kernel to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bde891d1b133a8a28d487cf163ff639d989f6d9a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jul 28 18:01:32 2016 +0200
kernel: update to 3.14.74
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c5c12c9c81bd8ef085a5453fe39e53df100915c3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jul 28 18:00:50 2016 +0200
backports: add upstream driver fixes.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: .../104}/filelists/armv5tel/linux-kirkwood | 0 .../95 => core/104}/filelists/armv5tel/linux-multi | 0 .../95 => core/104}/filelists/armv5tel/linux-rpi | 0 .../{oldcore/95 => core/104}/filelists/i586/linux | 0 .../95 => core/104}/filelists/x86_64/linux | 0 config/rootfiles/core/104/update.sh | 185 ++++++++++++++++++++- lfs/backports | 5 + lfs/linux | 16 +- .../backports/backports-linux-upstream-1.patch | 60 +++++++ .../backports/backports-linux-upstream-2.patch | 43 +++++ .../backports/backports-linux-upstream-3.patch | 53 ++++++ 11 files changed, 349 insertions(+), 13 deletions(-) copy config/rootfiles/{oldcore/95 => core/104}/filelists/armv5tel/linux-kirkwood (100%) copy config/rootfiles/{oldcore/95 => core/104}/filelists/armv5tel/linux-multi (100%) copy config/rootfiles/{oldcore/95 => core/104}/filelists/armv5tel/linux-rpi (100%) copy config/rootfiles/{oldcore/95 => core/104}/filelists/i586/linux (100%) copy config/rootfiles/{oldcore/95 => core/104}/filelists/x86_64/linux (100%) create mode 100644 src/patches/backports/backports-linux-upstream-1.patch create mode 100644 src/patches/backports/backports-linux-upstream-2.patch create mode 100644 src/patches/backports/backports-linux-upstream-3.patch
Difference in files: diff --git a/config/rootfiles/core/104/filelists/armv5tel/linux-kirkwood b/config/rootfiles/core/104/filelists/armv5tel/linux-kirkwood new file mode 120000 index 0000000..7217107 --- /dev/null +++ b/config/rootfiles/core/104/filelists/armv5tel/linux-kirkwood @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-kirkwood \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/armv5tel/linux-multi b/config/rootfiles/core/104/filelists/armv5tel/linux-multi new file mode 120000 index 0000000..204eb4c --- /dev/null +++ b/config/rootfiles/core/104/filelists/armv5tel/linux-multi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-multi \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/armv5tel/linux-rpi b/config/rootfiles/core/104/filelists/armv5tel/linux-rpi new file mode 120000 index 0000000..a651a49 --- /dev/null +++ b/config/rootfiles/core/104/filelists/armv5tel/linux-rpi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-rpi \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/i586/linux b/config/rootfiles/core/104/filelists/i586/linux new file mode 120000 index 0000000..693ec4b --- /dev/null +++ b/config/rootfiles/core/104/filelists/i586/linux @@ -0,0 +1 @@ +../../../../common/i586/linux \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/x86_64/linux b/config/rootfiles/core/104/filelists/x86_64/linux new file mode 120000 index 0000000..0615b5b --- /dev/null +++ b/config/rootfiles/core/104/filelists/x86_64/linux @@ -0,0 +1 @@ +../../../../common/x86_64/linux \ No newline at end of file diff --git a/config/rootfiles/core/104/update.sh b/config/rootfiles/core/104/update.sh index d00b487..874b411 100644 --- a/config/rootfiles/core/104/update.sh +++ b/config/rootfiles/core/104/update.sh @@ -24,6 +24,36 @@ . /opt/pakfire/lib/functions.sh /usr/local/bin/backupctrl exclude >/dev/null 2>&1
+function find_device() { + local mountpoint="${1}" + + local root + local dev mp fs flags rest + while read -r dev mp fs flags rest; do + # Skip unwanted entries + [ "${dev}" = "rootfs" ] && continue + + if [ "${mp}" = "${mountpoint}" ] && [ -b "${dev}" ]; then + root="$(basename "${dev}")" + break + fi + done < /proc/mounts + + # Get the actual device from the partition that holds / + while [ -n "${root}" ]; do + if [ -e "/sys/block/${root}" ]; then + echo "${root}" + return 0 + fi + + # Remove last character + root="${root::-1}" + done + + return 1 +} + + core=104
function exit_with_error() { @@ -40,11 +70,73 @@ do rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire done
+# +# Do some sanity checks. +case $(uname -r) in + *-ipfire* ) + # Ok. + ;; + * ) + exit_with_error "ERROR cannot update. No IPFire Kernel." 1 + ;; +esac + + +# +# +KVER="xxxKVERxxx" + +# Check diskspace on root +ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + +if [ $ROOTSPACE -lt 100000 ]; then + exit_with_error "ERROR cannot update because not enough free space on root." 2 + exit 2 +fi + +echo +echo Update Kernel to $KVER ... +# +# Remove old kernel, configs, initrd, modules, dtb's ... +# +rm -rf /boot/System.map-* +rm -rf /boot/config-* +rm -rf /boot/ipfirerd-* +rm -rf /boot/initramfs-* +rm -rf /boot/vmlinuz-* +rm -rf /boot/uImage-ipfire-* +rm -rf /boot/zImage-ipfire-* +rm -rf /boot/uInit-ipfire-* +rm -rf /boot/dtb-*-ipfire-* +rm -rf /lib/modules + +case "$(uname -m)" in + armv*) + # Backup uEnv.txt if exist + if [ -e /boot/uEnv.txt ]; then + cp -vf /boot/uEnv.txt /boot/uEnv.txt.org + fi + + # work around the u-boot folder detection bug + mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood + mkdir -pv /boot/dtb-$KVER-ipfire-multi + touch /boot/uImage-ipfire-kirkwood + touch /boot/zImage-ipfire-multi + touch /boot/uIinit-ipfire-kirkwood + touch /boot/uIinit-ipfire-multi + ;; +esac + # Stop services /etc/init.d/collectd stop +/etc/init.d/snort stop +/etc/init.d/squid stop +/etc/init.d/dnsmasq stop +/etc/init.d/ipsec stop +/etc/init.d/apache stop
# Extract files -extract_files +tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
# Remove some old files rm -f /bin/groups /lib/libshadow.so.0* @@ -52,22 +144,105 @@ rm -f /bin/groups /lib/libshadow.so.0* # update linker config ldconfig
+# Check diskspace on boot +BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + +if [ $BOOTSPACE -lt 1000 ]; then + case $(uname -r) in + *-ipfire-kirkwood ) + # Special handling for old kirkwood images. + # (install only kirkwood kernel) + rm -rf /boot/* + # work around the u-boot folder detection bug + mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood + tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \ + --numeric-owner -C / --wildcards 'boot/*-kirkwood*' + ;; + * ) + /etc/init.d/apache start + exit_with_error "FATAL-ERROR space run out on boot. System is not bootable..." 4 + ;; + esac +fi + # Update Language cache /usr/local/bin/update-lang-cache
+# # Start services -/etc/init.d/dnsmasq restart +# /etc/init.d/collectd start -/etc/init.d/snort restart +/etc/init.d/apache start +/etc/init.d/dnsmasq start +/etc/init.d/sshd restart +/etc/init.d/squid start +/etc/init.d/snort start +if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then + /etc/init.d/ipsec start +fi + +# Delete old QoS enabled indicator +rm -f /var/ipfire/qos/enable + +# Upadate Kernel version uEnv.txt +if [ -e /boot/uEnv.txt ]; then + sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt +fi + +# call user update script (needed for some arm boards) +if [ -e /boot/pakfire-kernel-update ]; then + /boot/pakfire-kernel-update ${KVER} +fi + +case "$(uname -m)" in + i?86) + # Force (re)install pae kernel if pae is supported + rm -rf /opt/pakfire/db/installed/meta-linux-pae + if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then + ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: WARNING not enough space for pae kernel." + else + echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae + echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae + echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae + fi + fi + ;; +esac +# +# After pakfire has ended run it again and update the lists and do upgrade +# +echo '#!/bin/bash' > /tmp/pak_update +echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update +echo ' sleep 1' >> /tmp/pak_update +echo 'done' >> /tmp/pak_update +echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update +echo ' sleep 1' >> /tmp/pak_update +echo 'done' >> /tmp/pak_update +echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update +echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub/uboot config"' >> /tmp/pak_update +echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update +echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update +echo 'touch /var/run/need_reboot ' >> /tmp/pak_update +# +killall -KILL pak_update +chmod +x /tmp/pak_update +/tmp/pak_update & + +sync
# This update need a reboot... touch /var/run/need_reboot -sync
# Finish /etc/init.d/fireinfo start sendprofile - # Update grub config to display new core version if [ -e /boot/grub/grub.cfg ]; then grub-mkconfig -o /boot/grub/grub.cfg diff --git a/lfs/backports b/lfs/backports index 3c8e6cd..5706b75 100644 --- a/lfs/backports +++ b/lfs/backports @@ -112,6 +112,11 @@ ifeq "$(KCFG)" "-rpi" cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-smsc95xx-add_mac_addr_param.patch endif
+ # Patches form stable linux updates + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports/backports-linux-upstream-1.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports/backports-linux-upstream-2.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports/backports-linux-upstream-3.patch + # generate config cd $(DIR_APP) && make KLIB=/lib/modules/$(KVER)-$(VERSUFIX)/ allmodconfig
diff --git a/lfs/linux b/lfs/linux index ed94c63..c643da4 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,10 +24,10 @@
include Config
-VER = 3.14.73 -RPI_PATCHES = 3.14.73-grsec-ipfire1 -A7M_PATCHES = 3.14.73-grsec-ipfire1 -GRS_PATCHES = grsecurity-3.1ipfire-3.14.73-v1.patch.xz +VER = 3.14.74 +RPI_PATCHES = 3.14.74-grsec-ipfire1 +A7M_PATCHES = 3.14.74-grsec-ipfire1 +GRS_PATCHES = grsecurity-3.1ipfire-3.14.74-v1.patch.xz
THISAPP = linux-$(VER) @@ -83,10 +83,10 @@ rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES). arm7-multi-patches-$(A7M_PATCHES).patch.xz = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz $(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5 = a106b304ff78301a6b0a02febb80d5db -rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 91a164fe6f0b1d0a44beb95ea50a2541 -arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = bf2ab77300c0013613a7676d965f8074 -$(GRS_PATCHES)_MD5 = 018bf34ca2c57f73603312872049a6ff +$(DL_FILE)_MD5 = f83028755dc380862a91fe75e64b01aa +rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 32b1101dc51f89c1fb3bfb1907f4bce5 +arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = b9a638c68cefd4c08dfcb9c4434458b1 +$(GRS_PATCHES)_MD5 = 5f4595575e159dd730b222d204cc9b39
install : $(TARGET)
diff --git a/src/patches/backports/backports-linux-upstream-1.patch b/src/patches/backports/backports-linux-upstream-1.patch new file mode 100644 index 0000000..c956aeb --- /dev/null +++ b/src/patches/backports/backports-linux-upstream-1.patch @@ -0,0 +1,60 @@ +From 5bb6f6e1d44aa91323857715dfddb63337f8307b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= bjorn@mork.no +Date: Sun, 3 Jul 2016 22:24:50 +0200 +Subject: cdc_ncm: workaround for EM7455 "silent" data interface +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +[ Upstream commit c086e7096170390594c425114d98172bc9aceb8a ] + +Several Lenovo users have reported problems with their Sierra +Wireless EM7455 modem. The driver has loaded successfully and +the MBIM management channel has appeared to work, including +establishing a connection to the mobile network. But no frames +have been received over the data interface. + +The problem affects all EM7455 and MC7455, and is assumed to +affect other modems based on the same Qualcomm chipset and +baseband firmware. + +Testing narrowed the problem down to what seems to be a +firmware timing bug during initialization. Adding a short sleep +while probing is sufficient to make the problem disappear. +Experiments have shown that 1-2 ms is too little to have any +effect, while 10-20 ms is enough to reliably succeed. + +Reported-by: Stefan Armbruster ml001@armbruster-it.de +Reported-by: Ralph Plawetzki ralph@purejava.org +Reported-by: Andreas Fett andreas.fett@secunet.com +Reported-by: Rasmus Lerdorf rasmus@lerdorf.com +Reported-by: Samo Ratnik samo.ratnik@gmail.com +Reported-and-tested-by: Aleksander Morgado aleksander@aleksander.es +Signed-off-by: Bjørn Mork bjorn@mork.no +Signed-off-by: David S. Miller davem@davemloft.net +Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org +--- + drivers/net/usb/cdc_ncm.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c +index c663722..584504e 100644 +--- a/drivers/net/usb/cdc_ncm.c ++++ b/drivers/net/usb/cdc_ncm.c +@@ -438,6 +438,13 @@ advance: + if (cdc_ncm_setup(dev)) + goto error2; + ++ /* Some firmwares need a pause here or they will silently fail ++ * to set up the interface properly. This value was decided ++ * empirically on a Sierra Wireless MC7455 running 02.08.02.00 ++ * firmware. ++ */ ++ usleep_range(10000, 20000); ++ + /* configure data interface */ + temp = usb_set_interface(dev->udev, iface_no, data_altsetting); + if (temp) { +-- +cgit v0.12 + diff --git a/src/patches/backports/backports-linux-upstream-2.patch b/src/patches/backports/backports-linux-upstream-2.patch new file mode 100644 index 0000000..4cefcc7 --- /dev/null +++ b/src/patches/backports/backports-linux-upstream-2.patch @@ -0,0 +1,43 @@ +From d6b8a68ac7b6d2e241f8d34b769c98a1793d9124 Mon Sep 17 00:00:00 2001 +From: Ben Hutchings ben@decadent.org.uk +Date: Wed, 20 Apr 2016 23:23:08 +0100 +Subject: atl2: Disable unimplemented scatter/gather feature + +[ Upstream commit f43bfaeddc79effbf3d0fcb53ca477cca66f3db8 ] + +atl2 includes NETIF_F_SG in hw_features even though it has no support +for non-linear skbs. This bug was originally harmless since the +driver does not claim to implement checksum offload and that used to +be a requirement for SG. + +Now that SG and checksum offload are independent features, if you +explicitly enable SG *and* use one of the rare protocols that can use +SG without checkusm offload, this potentially leaks sensitive +information (before you notice that it just isn't working). Therefore +this obscure bug has been designated CVE-2016-2117. + +Reported-by: Justin Yackoski jyackoski@crypto-nite.com +Signed-off-by: Ben Hutchings ben@decadent.org.uk +Fixes: ec5f06156423 ("net: Kill link between CSUM and SG features.") +Signed-off-by: David S. Miller davem@davemloft.net +Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org +--- + drivers/net/ethernet/atheros/atlx/atl2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c +index 265ce1b..96fe542 100644 +--- a/drivers/net/ethernet/atheros/atlx/atl2.c ++++ b/drivers/net/ethernet/atheros/atlx/atl2.c +@@ -1413,7 +1413,7 @@ static int atl2_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + + err = -EIO; + +- netdev->hw_features = NETIF_F_SG | NETIF_F_HW_VLAN_CTAG_RX; ++ netdev->hw_features = NETIF_F_HW_VLAN_CTAG_RX; + netdev->features |= (NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_CTAG_RX); + + /* Init PHY as early as possible due to power saving issue */ +-- +cgit v0.12 + diff --git a/src/patches/backports/backports-linux-upstream-3.patch b/src/patches/backports/backports-linux-upstream-3.patch new file mode 100644 index 0000000..deb4a4c --- /dev/null +++ b/src/patches/backports/backports-linux-upstream-3.patch @@ -0,0 +1,53 @@ +From fc70a4a5cb616bf390cee03390265045de5cf06a Mon Sep 17 00:00:00 2001 +From: Feng Tang feng.tang@intel.com +Date: Fri, 24 Jun 2016 15:26:05 +0800 +Subject: net: alx: Work around the DMA RX overflow issue + +[ Upstream commit 881d0327db37ad917a367c77aff1afa1ee41e0a9 ] + +Note: This is a verified backported patch for stable 4.4 kernel, and it +could also be applied to 4.3/4.2/4.1/3.18/3.16 + +There is a problem with alx devices, that the network link will be +lost in 1-5 minutes after the device is up. + +>From debugging without datasheet, we found the error always +happen when the DMA RX address is set to 0x....fc0, which is very +likely to be a HW/silicon problem. + +This patch will apply rx skb with 64 bytes longer space, and if the +allocated skb has a 0x...fc0 address, it will use skb_resever(skb, 64) +to advance the address, so that the RX overflow can be avoided. + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=70761 +Signed-off-by: Feng Tang feng.tang@intel.com +Suggested-by: Eric Dumazet edumazet@google.com +Tested-by: Ole Lukoie olelukoie@mail.ru +Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org +--- + drivers/net/ethernet/atheros/alx/main.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c +index 3e1d7d2..7585960 100644 +--- a/drivers/net/ethernet/atheros/alx/main.c ++++ b/drivers/net/ethernet/atheros/alx/main.c +@@ -86,9 +86,14 @@ static int alx_refill_rx_ring(struct alx_priv *alx, gfp_t gfp) + while (!cur_buf->skb && next != rxq->read_idx) { + struct alx_rfd *rfd = &rxq->rfd[cur]; + +- skb = __netdev_alloc_skb(alx->dev, alx->rxbuf_size, gfp); ++ skb = __netdev_alloc_skb(alx->dev, alx->rxbuf_size + 64, gfp); + if (!skb) + break; ++ ++ /* Workround for the HW RX DMA overflow issue */ ++ if (((unsigned long)skb->data & 0xfff) == 0xfc0) ++ skb_reserve(skb, 64); ++ + dma = dma_map_single(&alx->hw.pdev->dev, + skb->data, alx->rxbuf_size, + DMA_FROM_DEVICE); +-- +cgit v0.12 +
hooks/post-receive -- IPFire 2.x development tree