From 0a565414dd9e4ed8a050430e18490ad0ef61b4d3 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 29 Mar 2015 22:43:56 +0200 Subject: [PATCH 1/4] kernel: backports: rt2800usb: suppress more queue warnings --- lfs/backports | 1 + ...-1_rt2800usb_suppress_queue_warnings.patch | 30 +++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 src/patches/backports-3.18.1-1_rt2800usb_suppress_queue_warnings.patch diff --git a/lfs/backports b/lfs/backports index 0eebe818d..96de955d6 100644 --- a/lfs/backports +++ b/lfs/backports @@ -90,6 +90,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/compat-drivers-3.8.3-ath_ignore_eeprom_regdomain.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.22-iwlwifi-noibss_only_on_radar_chan.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.37-rt2800usb_add_dlink_dwa137_usbid.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports-3.18.1-1_rt2800usb_suppress_queue_warnings.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports-3.18.1-1_add_libertas_uap.patch # smsc mac address patch for pandaboard and raspberry pi diff --git a/src/patches/backports-3.18.1-1_rt2800usb_suppress_queue_warnings.patch b/src/patches/backports-3.18.1-1_rt2800usb_suppress_queue_warnings.patch new file mode 100644 index 000000000..8270d311d --- /dev/null +++ b/src/patches/backports-3.18.1-1_rt2800usb_suppress_queue_warnings.patch @@ -0,0 +1,30 @@ +diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2800usb.c backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2800usb.c +--- backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2800usb.c 2014-12-21 22:37:14.000000000 +0100 ++++ backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2800usb.c 2015-03-29 21:42:13.865183543 +0200 +@@ -444,7 +444,7 @@ + + rt2x00usb_register_read(rt2x00dev, TXRXQ_PCNT, ®); + if (rt2x00_get_field32(reg, TXRXQ_PCNT_TX0Q)) { +- rt2x00_warn(rt2x00dev, "TX HW queue 0 timed out, invoke forced kick\n"); ++ rt2x00_dbg(rt2x00dev, "TX HW queue 0 timed out, invoke forced kick\n"); + + rt2x00usb_register_write(rt2x00dev, PBF_CFG, 0xf40012); + +@@ -459,7 +459,7 @@ + + rt2x00usb_register_read(rt2x00dev, TXRXQ_PCNT, ®); + if (rt2x00_get_field32(reg, TXRXQ_PCNT_TX1Q)) { +- rt2x00_warn(rt2x00dev, "TX HW queue 1 timed out, invoke forced kick\n"); ++ rt2x00_dbg(rt2x00dev, "TX HW queue 1 timed out, invoke forced kick\n"); + + rt2x00usb_register_write(rt2x00dev, PBF_CFG, 0xf4000a); + +@@ -609,7 +609,7 @@ + + if (unlikely(test_bit(ENTRY_OWNER_DEVICE_DATA, &entry->flags) || + !test_bit(ENTRY_DATA_STATUS_PENDING, &entry->flags))) { +- rt2x00_warn(rt2x00dev, "Data pending for entry %u in queue %u\n", ++ rt2x00_dbg(rt2x00dev, "Data pending for entry %u in queue %u\n", + entry->entry_idx, qid); + break; + } From e0d006cd8e186d28ce11d20a9ab6f8462de882fe Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 30 Mar 2015 13:11:40 +0200 Subject: [PATCH 2/4] installer: add option to disable grafic mode for grub. add novga to kernel commandline for the installer to add GFXMODE="none" to /etc/default/grub. --- config/syslinux/syslinux.cfg | 1 + src/installer/main.c | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/config/syslinux/syslinux.cfg b/config/syslinux/syslinux.cfg index cfb8113cf..39521675d 100644 --- a/config/syslinux/syslinux.cfg +++ b/config/syslinux/syslinux.cfg @@ -50,6 +50,7 @@ Run the installer in text mode. ENDTEXT KERNEL vmlinuz INITRD instroot + APPEND novga LABEL unattended MENU LABEL Unattended installation diff --git a/src/installer/main.c b/src/installer/main.c index 75c8c5ae0..c420de3a1 100644 --- a/src/installer/main.c +++ b/src/installer/main.c @@ -271,6 +271,7 @@ static struct lang { static struct config { int unattended; int serial_console; + int novga; int require_networking; int perform_download; int disable_swap; @@ -280,6 +281,7 @@ static struct config { } config = { .unattended = 0, .serial_console = 0, + .novga = 0, .require_networking = 0, .perform_download = 0, .disable_swap = 0, @@ -309,6 +311,10 @@ static void parse_command_line(struct config* c) { if ((strcmp(key, "console") == 0) && (strncmp(val, "ttyS", 4) == 0)) c->serial_console = 1; + // novga + else if (strcmp(key, "novga") == 0) + c->novga = 1; + // enable networking? else if (strcmp(token, "installer.net") == 0) c->require_networking = 1; @@ -825,6 +831,19 @@ int main(int argc, char *argv[]) { replace("/harddisk/etc/inittab", "#7:2345:respawn:", "7:2345:respawn:"); } + /* novga */ + if (config.novga) { + /* grub */ + FILE* f = fopen(DESTINATION_MOUNT_PATH "/etc/default/grub", "a"); + if (!f) { + errorbox(_("Unable to open /etc/default/grub for writing.")); + goto EXIT; + } + + fprintf(f, "GRUB_GFXMODE=\"none\"\n"); + fclose(f); + } + rc = hw_install_bootloader(destination, logfile); if (rc) { errorbox(_("Unable to install the bootloader.")); From bac04b5e3c86e269a7674da16798bc22edda85bb Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 30 Mar 2015 20:30:03 +0200 Subject: [PATCH 3/4] rootfile update: apache2 cyrus-sasl logrotate --- config/rootfiles/common/apache2 | 2 +- config/rootfiles/common/cyrus-sasl | 42 ++++++++++++++++++------------ config/rootfiles/common/logrotate | 2 +- 3 files changed, 27 insertions(+), 19 deletions(-) diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2 index 3eabe9f76..55dd04ee5 100644 --- a/config/rootfiles/common/apache2 +++ b/config/rootfiles/common/apache2 @@ -1336,7 +1336,7 @@ usr/lib/apr-util-1/apr_dbd_sqlite3.so #usr/lib/libapr-1.la usr/lib/libapr-1.so usr/lib/libapr-1.so.0 -usr/lib/libapr-1.so.0.5.0 +usr/lib/libapr-1.so.0.5.1 #usr/lib/libaprutil-1.a #usr/lib/libaprutil-1.la usr/lib/libaprutil-1.so diff --git a/config/rootfiles/common/cyrus-sasl b/config/rootfiles/common/cyrus-sasl index 08a732182..7934c1cf9 100644 --- a/config/rootfiles/common/cyrus-sasl +++ b/config/rootfiles/common/cyrus-sasl @@ -1,4 +1,3 @@ -etc/rc.d/init.d/cyrus-sasl #usr/include/sasl #usr/include/sasl/hmac-md5.h #usr/include/sasl/md5.h @@ -9,39 +8,44 @@ etc/rc.d/init.d/cyrus-sasl #usr/include/sasl/saslutil.h #usr/lib/libsasl2.la usr/lib/libsasl2.so -usr/lib/libsasl2.so.2 -usr/lib/libsasl2.so.2.0.21 +usr/lib/libsasl2.so.3 +usr/lib/libsasl2.so.3.0.0 +#usr/lib/pkgconfig/libsasl2.pc #usr/lib/sasl2 #usr/lib/sasl2/libanonymous.la usr/lib/sasl2/libanonymous.so -usr/lib/sasl2/libanonymous.so.2 -usr/lib/sasl2/libanonymous.so.2.0.21 +usr/lib/sasl2/libanonymous.so.3 +usr/lib/sasl2/libanonymous.so.3.0.0 #usr/lib/sasl2/libcrammd5.la usr/lib/sasl2/libcrammd5.so -usr/lib/sasl2/libcrammd5.so.2 -usr/lib/sasl2/libcrammd5.so.2.0.21 +usr/lib/sasl2/libcrammd5.so.3 +usr/lib/sasl2/libcrammd5.so.3.0.0 #usr/lib/sasl2/libdigestmd5.la usr/lib/sasl2/libdigestmd5.so -usr/lib/sasl2/libdigestmd5.so.2 -usr/lib/sasl2/libdigestmd5.so.2.0.21 +usr/lib/sasl2/libdigestmd5.so.3 +usr/lib/sasl2/libdigestmd5.so.3.0.0 #usr/lib/sasl2/libotp.la usr/lib/sasl2/libotp.so -usr/lib/sasl2/libotp.so.2 -usr/lib/sasl2/libotp.so.2.0.21 +usr/lib/sasl2/libotp.so.3 +usr/lib/sasl2/libotp.so.3.0.0 #usr/lib/sasl2/libplain.la usr/lib/sasl2/libplain.so -usr/lib/sasl2/libplain.so.2 -usr/lib/sasl2/libplain.so.2.0.21 +usr/lib/sasl2/libplain.so.3 +usr/lib/sasl2/libplain.so.3.0.0 #usr/lib/sasl2/libsasldb.la usr/lib/sasl2/libsasldb.so -usr/lib/sasl2/libsasldb.so.2 -usr/lib/sasl2/libsasldb.so.2.0.21 +usr/lib/sasl2/libsasldb.so.3 +usr/lib/sasl2/libsasldb.so.3.0.0 +#usr/lib/sasl2/libscram.la +usr/lib/sasl2/libscram.so +usr/lib/sasl2/libscram.so.3 +usr/lib/sasl2/libscram.so.3.0.0 usr/lib/sasl2/smtpd.conf -#usr/man/cat8 -#usr/man/cat8/saslauthd.8 +usr/sbin/pluginviewer usr/sbin/saslauthd usr/sbin/sasldblistusers2 usr/sbin/saslpasswd2 +usr/sbin/testsaslauthd #usr/share/man/man3/sasl.3 #usr/share/man/man3/sasl_authorize_t.3 #usr/share/man/man3/sasl_auxprop.3 @@ -64,6 +68,7 @@ usr/sbin/saslpasswd2 #usr/share/man/man3/sasl_errdetail.3 #usr/share/man/man3/sasl_errors.3 #usr/share/man/man3/sasl_errstring.3 +#usr/share/man/man3/sasl_getconfpath_t.3 #usr/share/man/man3/sasl_getopt_t.3 #usr/share/man/man3/sasl_getpath_t.3 #usr/share/man/man3/sasl_getprop.3 @@ -84,6 +89,9 @@ usr/sbin/saslpasswd2 #usr/share/man/man3/sasl_setprop.3 #usr/share/man/man3/sasl_user_exists.3 #usr/share/man/man3/sasl_verifyfile_t.3 +#usr/share/man/man8/pluginviewer.8 +#usr/share/man/man8/saslauthd.8 #usr/share/man/man8/sasldblistusers2.8 #usr/share/man/man8/saslpasswd2.8 var/lib/sasl +etc/rc.d/init.d/cyrus-sasl diff --git a/config/rootfiles/common/logrotate b/config/rootfiles/common/logrotate index 5800a0486..8ef728c94 100644 --- a/config/rootfiles/common/logrotate +++ b/config/rootfiles/common/logrotate @@ -1,6 +1,6 @@ #etc/logrotate.d etc/logrotate.d/.empty -#usr/man/man5/logrotate.5 +#usr/man/man5/logrotate.conf.5 #usr/man/man8/logrotate.8 usr/sbin/logrotate var/lib/logrotate.status From 23e591db40e7dc6b02e2d826cf80cfac2dc32f9a Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 31 Mar 2015 00:55:21 +0200 Subject: [PATCH 4/4] strongswan: Update to 5.3.0 Enable support for CCM and CTR --- .../strongswan-5.2.2-issue-816-650a3ad.patch | 35 ------------- .../strongswan-5.2.2-issue-816-dd0ebb.patch | 42 ---------------- .../strongswan-5.2.2-issue-816-eb25190.patch | 31 ------------ .../strongswan-5.2.2-issue-819-cd2c30a.patch | 50 ------------------- ...2_ipfire.patch => strongswan-ipfire.patch} | 0 5 files changed, 158 deletions(-) delete mode 100644 src/patches/strongswan-5.2.2-issue-816-650a3ad.patch delete mode 100644 src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch delete mode 100644 src/patches/strongswan-5.2.2-issue-816-eb25190.patch delete mode 100644 src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch rename src/patches/{strongswan-5.0.2_ipfire.patch => strongswan-ipfire.patch} (100%) diff --git a/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch b/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch deleted file mode 100644 index 44b247e6d..000000000 --- a/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch +++ /dev/null @@ -1,35 +0,0 @@ -commit 650a3ad5151958b99a95836fb8b84b8aa18da1be -Author: Tobias Brunner -Date: Wed Feb 25 08:09:11 2015 +0100 - - ike-sa-manager: Make sure the message ID of initial messages is 0 - - It is mandated by the RFCs and it is expected by the task managers. - - Initial messages with invalid MID will be treated like regular messages, - so no IKE_SA will be created for them. Instead, if the responder SPI is 0 - no SA will be found and the message is rejected with ALERT_INVALID_IKE_SPI. - If an SPI is set and we do find an SA, then we either ignore the message - because the MID is unexpected, or because we don't allow initial messages - on established connections. - - There is one exception, though, if an attacker can slip in an IKE_SA_INIT - with both SPIs set before the client's IKE_AUTH is handled by the server, - it does get processed (see next commit). - - References #816. - -diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c -index d0cbd47..5e2b925 100644 ---- a/src/libcharon/sa/ike_sa_manager.c -+++ b/src/libcharon/sa/ike_sa_manager.c -@@ -1184,7 +1184,8 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, - - DBG2(DBG_MGR, "checkout IKE_SA by message"); - -- if (id->get_responder_spi(id) == 0) -+ if (id->get_responder_spi(id) == 0 && -+ message->get_message_id(message) == 0) - { - if (message->get_major_version(message) == IKEV2_MAJOR_VERSION) - { diff --git a/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch b/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch deleted file mode 100644 index 4d76e7c24..000000000 --- a/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch +++ /dev/null @@ -1,42 +0,0 @@ -commit dd0ebb54837298c869389d36a0b42eefdb893dd6 -Author: Tobias Brunner -Date: Wed Feb 25 08:30:33 2015 +0100 - - ikev2: Only accept initial messages in specific states - - The previous code allowed an attacker to slip in an IKE_SA_INIT with - both SPIs and MID 1 set when an IKE_AUTH would be expected instead. - - References #816. - -diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c -index be84e71..540d4dc 100644 ---- a/src/libcharon/sa/ikev2/task_manager_v2.c -+++ b/src/libcharon/sa/ikev2/task_manager_v2.c -@@ -1304,17 +1304,16 @@ METHOD(task_manager_t, process_message, status_t, - { - if (mid == this->responding.mid) - { -- /* reject initial messages once established */ -- if (msg->get_exchange_type(msg) == IKE_SA_INIT || -- msg->get_exchange_type(msg) == IKE_AUTH) -+ /* reject initial messages if not received in specific states */ -+ if ((msg->get_exchange_type(msg) == IKE_SA_INIT && -+ this->ike_sa->get_state(this->ike_sa) != IKE_CREATED) || -+ (msg->get_exchange_type(msg) == IKE_AUTH && -+ this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)) - { -- if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED && -- this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING) -- { -- DBG1(DBG_IKE, "ignoring %N in established IKE_SA state", -- exchange_type_names, msg->get_exchange_type(msg)); -- return FAILED; -- } -+ DBG1(DBG_IKE, "ignoring %N in IKE_SA state %N", -+ exchange_type_names, msg->get_exchange_type(msg), -+ ike_sa_state_names, this->ike_sa->get_state(this->ike_sa)); -+ return FAILED; - } - if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) - { /* with MOBIKE, we do no implicit updates */ diff --git a/src/patches/strongswan-5.2.2-issue-816-eb25190.patch b/src/patches/strongswan-5.2.2-issue-816-eb25190.patch deleted file mode 100644 index 8dcb32b0b..000000000 --- a/src/patches/strongswan-5.2.2-issue-816-eb25190.patch +++ /dev/null @@ -1,31 +0,0 @@ -commit eb251906298b529fa53b8a99746a9a7a9f318dd5 -Author: Tobias Brunner -Date: Wed Feb 25 08:18:58 2015 +0100 - - ikev2: Don't destroy the SA if an IKE_SA_INIT with unexpected MID is received - - This reverts 8f727d800751 ("Clean up IKE_SA state if IKE_SA_INIT request - does not have message ID 0") because it allowed to close any IKE_SA by - sending an IKE_SA_INIT with an unexpected MID and both SPIs set to those - of that SA. - - The next commit will prevent SAs from getting created for IKE_SA_INIT messages - with invalid MID. - - Fixes #816. - -diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c -index 48266aa..be84e71 100644 ---- a/src/libcharon/sa/ikev2/task_manager_v2.c -+++ b/src/libcharon/sa/ikev2/task_manager_v2.c -@@ -1355,10 +1355,6 @@ METHOD(task_manager_t, process_message, status_t, - { - DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored", - mid, this->responding.mid); -- if (msg->get_exchange_type(msg) == IKE_SA_INIT) -- { /* clean up IKE_SA state if IKE_SA_INIT has invalid msg ID */ -- return DESTROY_ME; -- } - } - } - else diff --git a/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch b/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch deleted file mode 100644 index 0c54812fe..000000000 --- a/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch +++ /dev/null @@ -1,50 +0,0 @@ -From cd2c30a56ec9bdab8b3923851509f27a4fd6f537 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner -Date: Tue, 10 Feb 2015 19:03:44 +0100 -Subject: [PATCH] ikev1: Set protocol ID and SPIs in INITIAL-CONTACT - notification payloads - -The payload we sent before is not compliant with RFC 2407 and thus some -peers might abort negotiation (e.g. with an INVALID-PROTOCOL-ID error). - - #819 ---- - src/libcharon/sa/ikev1/tasks/main_mode.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c -index 5065e70..3ea4a2a 100644 ---- a/src/libcharon/sa/ikev1/tasks/main_mode.c -+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c -@@ -213,6 +213,10 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message, - { - identification_t *idr; - host_t *host; -+ notify_payload_t *notify; -+ ike_sa_id_t *ike_sa_id; -+ u_int64_t spi_i, spi_r; -+ chunk_t spi; - - idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE); - if (idr && !idr->contains_wildcards(idr)) -@@ -224,8 +228,15 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message, - if (!charon->ike_sa_manager->has_contact(charon->ike_sa_manager, - idi, idr, host->get_family(host))) - { -- message->add_notify(message, FALSE, INITIAL_CONTACT_IKEV1, -- chunk_empty); -+ notify = notify_payload_create_from_protocol_and_type( -+ PLV1_NOTIFY, PROTO_IKE, INITIAL_CONTACT_IKEV1); -+ ike_sa_id = this->ike_sa->get_id(this->ike_sa); -+ spi_i = ike_sa_id->get_initiator_spi(ike_sa_id); -+ spi_r = ike_sa_id->get_responder_spi(ike_sa_id); -+ spi = chunk_cata("cc", chunk_from_thing(spi_i), -+ chunk_from_thing(spi_r)); -+ notify->set_spi_data(notify, spi); -+ message->add_payload(message, (payload_t*)notify); - } - } - } --- -1.7.9.5 - diff --git a/src/patches/strongswan-5.0.2_ipfire.patch b/src/patches/strongswan-ipfire.patch similarity index 100% rename from src/patches/strongswan-5.0.2_ipfire.patch rename to src/patches/strongswan-ipfire.patch