openwrt/openwrt.git
7 years agoRevert "build: fix HOST_CONFIGURE_VARS placement"
Jo-Philipp Wich [Thu, 5 Jan 2017 13:29:28 +0000 (14:29 +0100)]
Revert "build: fix HOST_CONFIGURE_VARS placement"

This reverts commit 8395b63aac616f72fd835c59240fc2a4a6b28106.

Various host builds currently rely on the broken behaviour of
HOST_CONFIGURE_VARS so roll back to the previous state.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agotools: cmake: use pkg-config to discover libcrypto linker flags
Jo-Philipp Wich [Thu, 5 Jan 2017 13:16:57 +0000 (14:16 +0100)]
tools: cmake: use pkg-config to discover libcrypto linker flags

LibreSSL's libcrypto.so has an indirect dependency to librt for clock_gettime()
on Linux.

Use pkg-config to portably discover the required linker flags.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agotools: mkimage: use pkg-config to discover libcrypto linker flags
Jo-Philipp Wich [Thu, 5 Jan 2017 13:15:32 +0000 (14:15 +0100)]
tools: mkimage: use pkg-config to discover libcrypto linker flags

LibreSSL's libcrypto.so has an indirect dependency to librt for clock_gettime()
on Linux.

Use pkg-config to portably discover the required linker flags.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agotools: make libressl build depend on pkg-config
Jo-Philipp Wich [Thu, 5 Jan 2017 13:12:31 +0000 (14:12 +0100)]
tools: make libressl build depend on pkg-config

Ensure that pkg-config is available before building libressl as we're going
to need it for setting proper link flags in utilities requiring libcrypto.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agobuild: fix HOST_CONFIGURE_VARS placement
Jo-Philipp Wich [Thu, 5 Jan 2017 13:10:31 +0000 (14:10 +0100)]
build: fix HOST_CONFIGURE_VARS placement

Ensure that HOST_CONFIGURE_VARS are set before the actual configure command
instead of passing them as configure command arguments.

This change brings host-build.mk in line with package-defaults.mk and makes
host configure environment variables work as expected.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agocmake: update to version 3.7.1
Felix Fietkau [Thu, 5 Jan 2017 12:22:42 +0000 (13:22 +0100)]
cmake: update to version 3.7.1

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agobuild: ensure that prereq-build is run before metadata scan from feeds (FS#367)
Felix Fietkau [Thu, 5 Jan 2017 10:49:58 +0000 (11:49 +0100)]
build: ensure that prereq-build is run before metadata scan from feeds (FS#367)

Fixes ./scripts/feeds update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agouboot-sunxi: enable parallel build
Felix Fietkau [Thu, 5 Jan 2017 09:58:00 +0000 (10:58 +0100)]
uboot-sunxi: enable parallel build

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agosunxi: use fwtool for checking sdcard images
Yousong Zhou [Wed, 4 Jan 2017 14:19:30 +0000 (22:19 +0800)]
sunxi: use fwtool for checking sdcard images

To achieve this, device tree compatible string was used as boardname and
the value of it will be checked against supported_devices list.

It should be noted that we do not distinguish between
sun5i-a13-olimex-som and sun5i-a13-olinuxino as they share the same dts
file.

The other thing is that we need to gunzip the generated firmware to do
fwtool check.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agosunxi: add sysupgrade support
Yousong Zhou [Wed, 4 Jan 2017 14:19:29 +0000 (22:19 +0800)]
sunxi: add sysupgrade support

Enalbe builtin support for FAT filesystem as we need to mount boot
partition to store sysupgrade.tgz there

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agosunxi: make sdcard image with squashfs as rootfs
Yousong Zhou [Wed, 4 Jan 2017 14:19:28 +0000 (22:19 +0800)]
sunxi: make sdcard image with squashfs as rootfs

Two things that need to be noted

 - There is no partition type id allocated for squashfs yet.  In the
   case of sunxi, any non-zero value should work and we keep it 83 (the
   value for ext4)
 - Remaining spare space within the rootfs partition, not the entire
   sdcard space will be formated as either f2fs or ext4 and mounted as
   overlay to serve the role of rootfs_data.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agosunxi: convert to new image generation method
Yousong Zhou [Wed, 4 Jan 2017 14:19:27 +0000 (22:19 +0800)]
sunxi: convert to new image generation method

The new Device/xxx were transformed automatically from old profiles.

Most device names are now taken from basename of the corresponding
kernel device tree file.  Device/sun5i-a13-olimex-som is an exception
because it is not explicitly supported in the kernel yet and shares the
same dts file with Device/sun5i-a13-olinuxino

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agouboot-sunxi: add uboot-sunxi-all for selecting all other variants
Yousong Zhou [Wed, 4 Jan 2017 14:19:31 +0000 (22:19 +0800)]
uboot-sunxi: add uboot-sunxi-all for selecting all other variants

While at it, the following changes are introduced

 - Rewrite the Makefile for better readability
 - Make parallel builds possible

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agobase-files: export x86 platform upgrade functions to common.sh
Yousong Zhou [Sat, 31 Dec 2016 17:06:37 +0000 (01:06 +0800)]
base-files: export x86 platform upgrade functions to common.sh

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agosunxi: enable loopback device and f2fs support
Yousong Zhou [Sat, 31 Dec 2016 17:06:35 +0000 (01:06 +0800)]
sunxi: enable loopback device and f2fs support

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agosunxi: fix dts name for Mele M9
Yousong Zhou [Sat, 31 Dec 2016 17:06:33 +0000 (01:06 +0800)]
sunxi: fix dts name for Mele M9

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agobuild: unzip: perform operations quietly
Yousong Zhou [Sat, 31 Dec 2016 17:06:30 +0000 (01:06 +0800)]
build: unzip: perform operations quietly

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agox86: move sysupgrade.tgz only if it exists
Yousong Zhou [Sat, 31 Dec 2016 17:06:29 +0000 (01:06 +0800)]
x86: move sysupgrade.tgz only if it exists

To squash error messages at boot time

    mv: can't rename '/mnt/sysupgrade.tgz': No such file or directory

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agokernel: spi: allow setting chipselect gpio to sleep
Felix Fietkau [Fri, 30 Dec 2016 13:57:22 +0000 (14:57 +0100)]
kernel: spi: allow setting chipselect gpio to sleep

Fixes issues on some ar71xx MikroTik RouterBoard devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoar71xx: remove a non-upstream spi core patch
Felix Fietkau [Thu, 29 Dec 2016 00:07:34 +0000 (01:07 +0100)]
ar71xx: remove a non-upstream spi core patch

- use standard flags instead
- remove dead code from the rb4xx spi drivers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoath9k: don't run periodic and nf calibration at the same time
Felix Fietkau [Tue, 27 Dec 2016 22:57:15 +0000 (23:57 +0100)]
ath9k: don't run periodic and nf calibration at the same time

Might fix some stability issues on older chips

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agobuild: use mkhash to replace various quirky md5sum/openssl calls
Felix Fietkau [Sun, 25 Dec 2016 15:40:05 +0000 (16:40 +0100)]
build: use mkhash to replace various quirky md5sum/openssl calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agobuild: add a small standalone utility for calculating md5/sha256 hash
Felix Fietkau [Sun, 25 Dec 2016 15:23:34 +0000 (16:23 +0100)]
build: add a small standalone utility for calculating md5/sha256 hash

This will be used to simplify the build system code for checking hashes.
Instead of using various variants of md5sum / openssl, use one simple
utility for all of them

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agotools: make cmake depend on libressl, one of its utilities uses it
Felix Fietkau [Sun, 25 Dec 2016 12:26:46 +0000 (13:26 +0100)]
tools: make cmake depend on libressl, one of its utilities uses it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agohost-build: remove openssl include path from host cflags
Felix Fietkau [Sun, 25 Dec 2016 12:23:21 +0000 (13:23 +0100)]
host-build: remove openssl include path from host cflags

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agotools: build libressl on all systems
Felix Fietkau [Sun, 25 Dec 2016 12:20:38 +0000 (13:20 +0100)]
tools: build libressl on all systems

Useful for having a more consistent build environment and finding API
issues faster

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agooxnas: remove support for pre-4.4 kernels from drivers
Daniel Golle [Wed, 4 Jan 2017 18:40:32 +0000 (19:40 +0100)]
oxnas: remove support for pre-4.4 kernels from drivers

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
7 years agokernel/modules: add SSSE3 SHA512 module
Stijn Tintel [Tue, 3 Jan 2017 23:52:18 +0000 (00:52 +0100)]
kernel/modules: add SSSE3 SHA512 module

This module is optimized for SSSE3/AVX/AVX2.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agokernel/modules: add SSSE3 SHA256 module
Stijn Tintel [Tue, 3 Jan 2017 23:50:32 +0000 (00:50 +0100)]
kernel/modules: add SSSE3 SHA256 module

This module is optimized for SSSE3/AVX/AVX2/SHA-NI.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agokernel/modules: add SSSE3 SHA1 module
Stijn Tintel [Tue, 3 Jan 2017 23:44:14 +0000 (00:44 +0100)]
kernel/modules: add SSSE3 SHA1 module

This module is optimized for SSSE3/AVX/AVX2/SHA-NI.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agokernel: allow subtarget specific KernelPackage
Stijn Tintel [Wed, 4 Jan 2017 01:45:36 +0000 (02:45 +0100)]
kernel: allow subtarget specific KernelPackage

Add a call to KernelPackage/$(1)/$(BOARD)/$(SUBTARGET) to the
KernelPackage macro. This allows to add kernel packages for x86/64,
without breaking x86. It's not possible to do this with BOARD, as
BOARD=x86 for x86_64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agox86/64: enable AES-NI support in kernel
Stijn Tintel [Tue, 3 Jan 2017 23:15:23 +0000 (00:15 +0100)]
x86/64: enable AES-NI support in kernel

The kernel will detect if the host supports this, so we can just enable
it in the kernel config.

Tested on an APU2 with AES-NI support and a KVM VM on a Xeon E5520 host
without AES-NI support.

Throughput over an IPsec tunnel between these 2 hosts increased from
~63Mbps to ~140Mbps. Ciphers: AES_GCM_16_256/PRF_HMAC_SHA2_512/ECP_521.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agobrcm47xx: generic: include Ethernet drivers in standard image
Rafał Miłecki [Wed, 4 Jan 2017 11:38:48 +0000 (12:38 +0100)]
brcm47xx: generic: include Ethernet drivers in standard image

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agobrcm47xx: drop some personal profiles
Rafał Miłecki [Wed, 4 Jan 2017 11:17:42 +0000 (12:17 +0100)]
brcm47xx: drop some personal profiles

WL500GPv1 profile included ath5k which made it usable only for people
who decided to replace default BCM4318 card with Atheros one. We can't
have profile for every possible configuration. If someone adjusts hw in
such a way he can always install a proper package.

WRTSL54GS profile got extra packages for a specific USB usage. Our
standard profile provides basic USB and we should stick to this. We
can't make everyone happy by including packages for all common USB use
cases and all common filesystems.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agobrcm47xx: generic: drop standalone profiles duplicating device ones
Rafał Miłecki [Wed, 4 Jan 2017 11:14:57 +0000 (12:14 +0100)]
brcm47xx: generic: drop standalone profiles duplicating device ones

We have identical profiles for these devices thanks to DEVICE_PACKAGES.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agobrcm47xx: generic: specify DEVICE_PACKAGES for all devices
Rafał Miłecki [Wed, 4 Jan 2017 10:54:44 +0000 (11:54 +0100)]
brcm47xx: generic: specify DEVICE_PACKAGES for all devices

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agobrcm47xx: fix bgmac package
Rafał Miłecki [Wed, 4 Jan 2017 10:43:59 +0000 (11:43 +0100)]
brcm47xx: fix bgmac package

With all recent patches & changes it needs more modules.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agobuild: add diffconfig target
Jo-Philipp Wich [Wed, 4 Jan 2017 08:03:50 +0000 (09:03 +0100)]
build: add diffconfig target

Add a "diffconfig" build target which stores the output of
"scripts/diffconfig.sh" as "config.seed" in the image output directory and
invoke that target by default.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agopowerpc: boot: fix build with parallel make
Jo-Philipp Wich [Wed, 4 Jan 2017 09:42:28 +0000 (10:42 +0100)]
powerpc: boot: fix build with parallel make

The powerpc boot wrapper Makefile is not parallel build safe, causing fixdep
to fail reading dependency files of the addnote, hack-coff and mktree
utilities when concurrently building different image targets.

A typical failure looks like:

      Building modules, stage 2.
      HOSTCC  arch/powerpc/boot/addnote
      HOSTCC  arch/powerpc/boot/hack-coff
      DTC     arch/powerpc/boot/taishan.dtb
      HOSTCC  arch/powerpc/boot/addnote
      HOSTCC  arch/powerpc/boot/hack-coff
      MODPOST 800 modules
    fixdep: error opening depfile: arch/powerpc/boot/.hack-coff.d: No such file or directory
    scripts/Makefile.host:91: recipe for target 'arch/powerpc/boot/hack-coff' failed
    make[5]: *** [arch/powerpc/boot/hack-coff] Error 2
    make[5]: *** Waiting for unfinished jobs....
    fixdep: error opening depfile: arch/powerpc/boot/.addnote.d: No such file or directory
    scripts/Makefile.host:91: recipe for target 'arch/powerpc/boot/addnote' failed
    make[5]: *** [arch/powerpc/boot/addnote] Error 2
    rm arch/powerpc/boot/taishan.dtb
    arch/powerpc/Makefile:263: recipe for target 'cuImage.taishan' failed
    make[4]: *** [cuImage.taishan] Error 2
    make[4]: *** Waiting for unfinished jobs....

Add a GNU make specific .NOTPARALLEL pseudo rule to enforce sequential building
of the addnote, hack-coff and mktree executables.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agobrcm47xx: mips74k: specify DEVICE_PACKAGES for all devices
Rafał Miłecki [Thu, 29 Dec 2016 09:11:46 +0000 (10:11 +0100)]
brcm47xx: mips74k: specify DEVICE_PACKAGES for all devices

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agobrcm47xx: legacy: specify DEVICE_PACKAGES for all devices
Rafał Miłecki [Thu, 29 Dec 2016 07:06:16 +0000 (08:06 +0100)]
brcm47xx: legacy: specify DEVICE_PACKAGES for all devices

This allows more feature complete images. Of course it affect the size,
e.g. enabling b43 bumped rootfs from 1569618 to 2029122 for me.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agoRevert "ath9k: Add airtime fairness scheduler"
Felix Fietkau [Wed, 4 Jan 2017 00:12:34 +0000 (01:12 +0100)]
Revert "ath9k: Add airtime fairness scheduler"

This reverts commit 528f46d0826afa01877ccc7670f2120a7a3b3ea8.
After this commit, several users reported stability issues. Revert it
now so it doesn't cause issues for the upcoming release

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agodnsmasq: add DHCP Unique Identifier for DHCPv6
Arjen de Korte [Tue, 20 Dec 2016 21:29:59 +0000 (22:29 +0100)]
dnsmasq: add DHCP Unique Identifier for DHCPv6

Add DHCPv6 matching by DHCP Unique Identifier (RFC-3315) in addition to
existing MAC-address (RFC-6939). The latter is not widely supported yet.

Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
7 years agoodhcpd: bump to git HEAD version
Hans Dedecker [Mon, 2 Jan 2017 17:00:58 +0000 (18:00 +0100)]
odhcpd: bump to git HEAD version

091d8a9 dhcpv6-ia: fix static assignment check
11ce6b5 dhcpv6-ia: coding style fixes
561890e dhcpv6-ia: update valid_until only for non static DHCPv6 leases
0b45fce dhcpv4: coding style fixes
95b76c2 README: Add host leasetime uci parameter
541219e dhcpv6-ia: fix invalid IPv6/hostname entries in statefile
13937ab dhcpv6-ia: fix delete logic of an assignment in reconf_timer
60c3969 dhcpv6-ia : code style fixes
bf4ebc0 config: use free_lease to delete a lease
c24782a config: coding style fixes
0572d1a config: Create statefile dir
ec833f4 dhcpv6-ia: use free_dhcpv6_assignment where needed
1d55edb dhcpv6-ia: make free_dhcpv6_assignment static
f01e538 dhcpv4: make dhcpv4_msg_to_string static
700f5ab dhcpv4: fix DHCPv4 hostname handling
4c89614 Limit lifetime of non-static leases in case of release and
decline

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoodhcp6c: bump to git HEAD version
Hans Dedecker [Mon, 2 Jan 2017 16:46:20 +0000 (17:46 +0100)]
odhcp6c: bump to git HEAD version

5d6fec3 Merge pull request #50 from sartura/libubox_md5_reuse
33a2ba1 odhcp6c: reuse md5 from libubox

Switch PKG_SOURCE_URL to git.lede-project.org/project/odhcp6c.git

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agohostapd: enable SHA256-based algorithms
Stijn Tintel [Wed, 28 Dec 2016 05:18:54 +0000 (06:18 +0100)]
hostapd: enable SHA256-based algorithms

Enable support for stronger SHA256-based algorithms in hostapd and
wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled.

We cannot unconditionally enable it, as it requires hostapd to be
compiled with 802.11w support, which is disabled in the -mini variants.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
7 years agohostapd: add function to handle wpa_key_mgmt
Stijn Tintel [Wed, 28 Dec 2016 04:22:00 +0000 (05:22 +0100)]
hostapd: add function to handle wpa_key_mgmt

Now that wpa_key_mgmt handling for hostapd and wpa_supplicant are
consistent, we can move parts of it to a dedicated function.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
7 years agowpa_supplicant: rework wpa_key_mgmt handling
Stijn Tintel [Sun, 11 Dec 2016 14:54:06 +0000 (15:54 +0100)]
wpa_supplicant: rework wpa_key_mgmt handling

Rework wpa_key_mgmt handling for wpa_supplicant to be consistent with
how it is done for hostapd.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
7 years agoath5k: select 802.11w support
Stijn Tintel [Sun, 11 Dec 2016 13:36:29 +0000 (14:36 +0100)]
ath5k: select 802.11w support

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agogeneric: mtd: add lock/unlock support for f25l32pa
Victor Shyba [Tue, 20 Dec 2016 23:35:32 +0000 (20:35 -0300)]
generic: mtd: add lock/unlock support for f25l32pa

This chip has write protection enabled on power-up, so this flag is
necessary to support write operations.

Signed-off-by: Victor Shyba <victor1984@riseup.net>
7 years agogeneric: mtd: backport SPI_NOR_HAS_LOCK
Victor Shyba [Tue, 20 Dec 2016 08:19:08 +0000 (05:19 -0300)]
generic: mtd: backport SPI_NOR_HAS_LOCK

This flag was added to 4.9 with upstream commit
76a4707de5e18dc32d9cb4e990686140c5664a15.

Signed-off-by: Victor Shyba <victor1984@riseup.net>
[refresh and adjust platform patches, fix commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agolayerscape: add ls2088ardb device support
Yutang Jiang [Tue, 27 Dec 2016 17:28:02 +0000 (01:28 +0800)]
layerscape: add ls2088ardb device support

The QorIQ LS2088A processor is built on the Layerscape
architecture combining eight ARM A72 processor cores
with advanced, high-performance datapath acceleration
and network, peripheral interfaces required for
networking, telecom, wireless infrastructure, aerospace
applications and general-purpose embedded applications.

Features summary:
- Eight 64-bit ARM v8 Cortex-A72 CPUs
- Two 64-bit DDR4 SDRAM memory controller with ECC
- One 32-bit DDR3 SDRAM memory controller with ECC
- Data path acceleration architecture 2.0 (DPAA2)
- Ethernet interfaces
- IFC, 4 PCIe, 2 SATA, 2 USB, 1 SDXC, 2 DUARTs etc

Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
7 years agolayerscape: add ls1088ardb device support
Yutang Jiang [Fri, 23 Dec 2016 17:11:32 +0000 (01:11 +0800)]
layerscape: add ls1088ardb device support

LS1088A is an ARMv8 implementation combining eight ARM A53 processor
cores. The LS1088ARDB is an evaluatoin platform that supports the
LS1088A family SoCs.

Features summary:
- Eight 64-bit ARM v8 Cortex-A53 CPUs
- Data path acceleration architecture 2.0 (DPAA2)
- Ethernet interfaces
- QUADSPI flash, 3 PCIe, 2 USB, 1 SD, 2 DUARTs etc

Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
7 years agogre: add different per-protocol prefixes to GRE-TAP IPv4/6 tunnel interfaces.
Roger Pueyo Centelles [Wed, 2 Nov 2016 12:18:01 +0000 (13:18 +0100)]
gre: add different per-protocol prefixes to GRE-TAP IPv4/6 tunnel interfaces.

This commit modifies the /lib/netifd/proto/gre.sh script so that, when
GRE-TAP tunnels are created, either IPv4 or IPv6, the prefix before the chosen
interface name contains the "tap" substring, to differentiate them from non-TAP
GRE tunnels.

Right now, both GRE and GRE-TAP tunnel (either IPv4 or IPv6) interfaces defined
in /etc/config/network are named equally ("gre-"+$ifname or "grev6"+$ifname)
upon creation. For instance, the following tunnels:

        config interface 'tuna'
                option peeraddr '172.30.22.1'
                option proto 'gre'

        config interface 'tunb'
                option peeraddr '192.168.233.4'
                option proto 'gretap'

        config interface 'tunc'
                option peer6addr 'fdc5:7c9e:e93d:45af::1'
                option proto 'grev6'

        config interface 'tund'
                option peer6addr 'fdc0:6071:1348:31ff::2'
                option proto 'grev6tap'

are named, respectively, "gre-tuna", "gre-tunb", "grev6-tunc" and "grev6-tund".

The current change makes that each GRE tunnel interface of the four different
types available (gre, gretap, grev6 and grev6tap) gets a different prefix.
Therefore, the abovementioned tunnels will be named, respectively:
"gre4-tuna", "gre4t-tunb", "gre6-tunc" and "gre6t-tund".

This is coherent with other types of virtual interfaces (i.e. PPP, PPPoE, PPPoA)
where the whole protocol name is used. For instance, a PPPoA interface named
"p1" and a PPPoE interface named "p2" will respectively appear as "pppoa-p1"
and "pppoe-p2", not as "ppp-p1" and "ppp-p2").

Since Linux interfaces names are limited to 15 characters, these prefixes leave,
for the worst case (TAP tunnels), 9 characters for the actual name.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
7 years agobuild: drop `trapret` function from non-Linux HOST_TAR variant
Alexandru Ardelean [Mon, 31 Oct 2016 08:14:10 +0000 (10:14 +0200)]
build: drop `trapret` function from non-Linux HOST_TAR variant

Looks like this was meant to workaround some limitations with
non-GNU tar variants (like BSD-tar which are present on Mac os BSD hosts).

Though, I cannot find any use of that `+s` option that's mentioned
in the comment.

Last hash of this I found was 24faf55360271cd0bfc4751753384f9210d52f7f

In my case, it now this fails for `python-setuptools` on Mac OS X (the host-build with):
```
trapret 2 tar -C <home-dir>/work/sources-work/lede/build_dir/target-i386_pentium4_musl-1.1.15/python-setuptools-27.2.0 --strip-components=1 -xzf <home-dir>/work/sources-work/lede/dl/setuptools-27.2.0.tar.gz
bash: trapret: command not found
```

So, I was thinking maybe it's time to remove this workaround (9 years later).
I could also fix the `python-setuptools` host build. If that's more preferred.

[ Btw, I just recently transitioned to a Mac machine for dev-ing,
  so a lot of (this Mac) stuff I'm finding out is new to me too. ]

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
7 years agoelfutils: bump to 0.168
Luiz Angelo Daros de Luca [Thu, 29 Dec 2016 03:53:45 +0000 (01:53 -0200)]
elfutils: bump to 0.168

Other changes:
- Project moved to sourceware.org
- musl patch where cleaned up and submitted upstream
- TEMP_FAILURE_RETRY macro fixed and submitted upstream

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[Jo-Philipp Wich: add missing .patch extension to 007-fix_TEMP_FAILURE_RETRY]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agodownload.pl: use curl in preference to wget
Brian J. Murrell [Sun, 20 Nov 2016 21:01:33 +0000 (16:01 -0500)]
download.pl: use curl in preference to wget

Because wget doesn't know how to do Negotiate authentication with a proxy
and curl does, use curl if it's present. The user is expected to have a
~/.curlrc that sets the options necessary for any proxy authentication.

A ~/.curlrc is completely optional however and curl will work in exactly
the same manner as wget without one.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
[Jo-Philipp Wich: Rework code to detect curl usability by checking --version,
                  Use vararg style open() to bypass the shell when downloading,
                  Use Text::ParseWords to decompose env vars into arguments]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agocurl: Remove PolarSSL and adjust default to mbedTLS
Rosen Penev [Fri, 30 Dec 2016 02:53:03 +0000 (18:53 -0800)]
curl: Remove PolarSSL and adjust default to mbedTLS

luci-ssl has already made the switch since mainline support for PolarSSL is
almost over (2016).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 years agotools: gmp: Update to 6.1.2
Daniel Engberg [Mon, 2 Jan 2017 20:17:02 +0000 (21:17 +0100)]
tools: gmp: Update to 6.1.2

Updates GMP to 6.1.2

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years agogmp: Update to 6.1.2
Daniel Engberg [Mon, 2 Jan 2017 20:14:49 +0000 (21:14 +0100)]
gmp: Update to 6.1.2

Update GMP to 6.1.2

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years agozlib: Update to 1.2.9
Daniel Engberg [Mon, 2 Jan 2017 20:22:13 +0000 (21:22 +0100)]
zlib: Update to 1.2.9

Update zlib to 1.2.9 and switch to XZ tarballs for download.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years agolibusb: Update to 1.0.21
Daniel Engberg [Mon, 2 Jan 2017 20:29:52 +0000 (21:29 +0100)]
libusb: Update to 1.0.21

Update libusb to 1.0.21

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years agoxz: Update to 5.2.3
Daniel Engberg [Mon, 2 Jan 2017 20:33:37 +0000 (21:33 +0100)]
xz: Update to 5.2.3

Update xz to 5.2.3

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years agorpcd: Update to 2016-12-03
Florian Fainelli [Sun, 1 Jan 2017 00:13:33 +0000 (16:13 -0800)]
rpcd: Update to 2016-12-03

Brings in the following changes:

0577cfc1acdb cmake: Find libubox/blobmsg_json.h
26c98ec94d7a sys: Check return values of chdir and write
f4089654a399 cmake: Find libubus.h

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
7 years agofstools: Update to 2016-12-04
Florian Fainelli [Sun, 1 Jan 2017 00:13:32 +0000 (16:13 -0800)]
fstools: Update to 2016-12-04

Brings in the following changes:
84b530a732b1 libfstools: Check return values for fread and system

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
7 years agouclient: Update to 2016-12-09
Florian Fainelli [Sun, 1 Jan 2017 00:13:31 +0000 (16:13 -0800)]
uclient: Update to 2016-12-09

Brings in the following changes:

52d955fd802a remove obsolete mac os x /opt/local include/library search path
a4e49b4163b2 Fix unused results warnings
48cfff3fbec9 uclient-http: send correct "Host:" header if port is set

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
7 years agoixp4xx: drop 3.18 config/patches
John Crispin [Mon, 2 Jan 2017 14:45:46 +0000 (15:45 +0100)]
ixp4xx: drop 3.18 config/patches

the default has been 4.4 for a while now

Signed-off-by: John Crispin <john@phrozen.org>
7 years agouboot-lantiq: fix boot of images larger than 8MB
Mathias Kresin [Fri, 30 Dec 2016 20:42:05 +0000 (21:42 +0100)]
uboot-lantiq: fix boot of images larger than 8MB

Increasing CONFIG_SYS_BOOTM_LEN from 8 MB to 16 MB is necessary to
support uncompressing images larger than 8 MB when using the bootm
command.

Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agouboot-lantiq: fix build with gcc6
Mathias Kresin [Fri, 30 Dec 2016 20:00:34 +0000 (21:00 +0100)]
uboot-lantiq: fix build with gcc6

Backport u-boot commit 9b2c282b348dfe966bbba967dc7a45ce817cce50 to fix
compile with gcc5 and gcc6.

Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agogeneric: backport dwc2 kernel panic fix
Mathias Kresin [Thu, 29 Dec 2016 20:47:54 +0000 (21:47 +0100)]
generic: backport dwc2 kernel panic fix

In case the soft reset in dwc2_core_reset() timeouts, the
hsotg->core_params are freed albeit it is owned by the core. This
results into a kernel panic as shown in FS#351.

Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agoramips: MiWiFi Nano fixes
L. D. Pinney [Thu, 29 Dec 2016 07:43:08 +0000 (01:43 -0600)]
ramips: MiWiFi Nano fixes

Use the the dt-bindings macros and add the reset button.

Set the correct polarity for the LEDs and drop the default state.
Remove all trigger for the LEDs. According to the manual the LEDs are
only used to show the operation state, where blue means normal
operation.

Use the MAC-Addresses stored in EEPROM for the ethernet and the
wireless interface.

Signed-off-by: L. D. Pinney <ldpinney@gmail.com>
[use leds only for boot status indication, add proper commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agomac80211: Allow HT/VHT rates when running unencrypted mesh.
Alexis Green [Wed, 21 Dec 2016 23:17:01 +0000 (15:17 -0800)]
mac80211: Allow HT/VHT rates when running unencrypted mesh.

Signed-off-by: Alexis Green <agreen@cococorp.com>
7 years agobase-files: fix message of initscript wrapper
Alberto Bursi [Sun, 1 Jan 2017 16:24:18 +0000 (17:24 +0100)]
base-files: fix message of initscript wrapper

currently (after blogic's edit to my commit) it prints like this:

root@lede:/# service aa
aa does not exist. the following services are available :adblock       dnsmasq       gpio_switch   rpcd          system
boot          done          led           sqm           uhttpd
crelay        dropbear      log           sysctl        umount
cron          firewall      network       sysfixtime    urandom_seed
ddns          fstab         odhcpd        sysntpd

which looks pretty bad, and is even worse if someone writes only "service" without arguments, as it will print " does not exist. " which is confusing.

with this commit it looks like this:

root@lede:/# service
service "" not found, the following services are available:
adblock       dnsmasq       gpio_switch   rpcd          system
boot          done          led           sqm           uhttpd
crelay        dropbear      log           sysctl        umount
cron          firewall      network       sysfixtime    urandom_seed
ddns          fstab         odhcpd        sysntpd

Yes there is some play with " and ', it is to display "name" or just "" if no service name is entered (like in the example).

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
7 years agogeneric: package Broadcom BNX2 driver
George Amanakis [Mon, 2 Jan 2017 03:38:46 +0000 (22:38 -0500)]
generic: package Broadcom BNX2 driver

bnx2 driver support for the x86 architecture. Includes module and
firmware for Broadcom BCM5706/5708/5709/5716 ethernet adapters.

Signed-off-by: George Amanakis <g_amanakis@yahoo.com>
7 years agooxnas: fix syntax in ox820-akitio.dts
Hauke Mehrtens [Mon, 2 Jan 2017 12:34:57 +0000 (13:34 +0100)]
oxnas: fix syntax in ox820-akitio.dts

This commit introduced a syntax error in ox820-akitio.dts which is
fixed now:
commit 5cde94d9ab577c5ab68fc71e15a05d1bda5041f2
Author: Daniel Golle <daniel@makrotopia.org>
Date:   Sat Sep 24 01:14:53 2016 +0200
    oxnas: backport upstream NAND driver

This caused the folowing error message in the build bot:
Error: arch/arm/boot/dts/ox820-akitio.dts:146.3-147.1 syntax error
FATAL ERROR: Unable to parse input tree
scripts/Makefile.lib:293: recipe for target 'arch/arm/boot/dts/ox820-akitio.dtb' failed
make[5]: *** [arch/arm/boot/dts/ox820-akitio.dtb] Error 1

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agocurl: update to version 7.52.1
Hauke Mehrtens [Mon, 2 Jan 2017 12:07:10 +0000 (13:07 +0100)]
curl: update to version 7.52.1

This fixes the folowing security problems:

CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
CVE-2016-9594: unititialized random

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agooxnas: append metadata to sysupgrade image
Daniel Golle [Sun, 1 Jan 2017 09:06:05 +0000 (10:06 +0100)]
oxnas: append metadata to sysupgrade image

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
7 years agooxnas: backport upstream NAND driver
Daniel Golle [Fri, 23 Sep 2016 23:14:53 +0000 (01:14 +0200)]
oxnas: backport upstream NAND driver

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
7 years agooxnas: drop support for kernel 4.1
Daniel Golle [Sun, 1 Jan 2017 09:05:24 +0000 (10:05 +0100)]
oxnas: drop support for kernel 4.1

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
7 years agooxnas: switch to kernel 4.4
Daniel Golle [Sun, 1 Jan 2017 09:04:33 +0000 (10:04 +0100)]
oxnas: switch to kernel 4.4

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
7 years agoustream-ssl: remove extra DEFAULT_VARIANT from libustream-polarssl
Hannu Nyman [Fri, 30 Dec 2016 14:49:44 +0000 (16:49 +0200)]
ustream-ssl: remove extra DEFAULT_VARIANT from libustream-polarssl

Currently both libustream-polarssl and libustream-mbedtls
variants define themselves as the DEFAULT_VARIANT

Remove extra DEFAULT_VARIANT from libustream-polarssl.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agoopenvpn: update to 2.4.0
Magnus Kroken [Fri, 30 Dec 2016 00:33:16 +0000 (01:33 +0100)]
openvpn: update to 2.4.0

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
7 years agombedtls: enable DHE-RSA key exchange
Magnus Kroken [Fri, 30 Dec 2016 00:31:29 +0000 (01:31 +0100)]
mbedtls: enable DHE-RSA key exchange

Later OpenVPN 2.3-openssl versions only enable
TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE
cipher suites. ECDHE key exchange is not supported by
OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE
OpenVPN 2.4-mbedtls clients to connect to such servers.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Reported-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reported-by: Lucian Cristian <luci@createc.ro>
7 years agombedtls: enable secp384r1 elliptic curve support
Magnus Kroken [Fri, 30 Dec 2016 00:31:28 +0000 (01:31 +0100)]
mbedtls: enable secp384r1 elliptic curve support

Secp384r1 is the default curve for OpenVPN 2.4+. Enable this to
make OpenVPN-mbedtls clients able to perform ECDHE key exchange
with remote OpenVPN 2.4-openssl servers that use the default
OpenVPN curve.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
7 years agokirkwood: fix ubi partition name
Felix Fietkau [Fri, 30 Dec 2016 11:38:06 +0000 (12:38 +0100)]
kirkwood: fix ubi partition name

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agokirkwood: fix sysupgrade for non-dockstar NAND devices
Felix Fietkau [Fri, 30 Dec 2016 10:55:16 +0000 (11:55 +0100)]
kirkwood: fix sysupgrade for non-dockstar NAND devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agobrcm47xx: drop standalone Netgear WGT634U profile
Rafał Miłecki [Wed, 28 Dec 2016 22:15:52 +0000 (23:15 +0100)]
brcm47xx: drop standalone Netgear WGT634U profile

We have profile for this device thanks to DEVICE_PACKAGES now.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Cc: Russell Senior <russell@personaltelco.net>
7 years agobrcm47xx: specify DEVICE_PACKAGES for Netgear WGT634U
Rafał Miłecki [Wed, 28 Dec 2016 22:10:14 +0000 (23:10 +0100)]
brcm47xx: specify DEVICE_PACKAGES for Netgear WGT634U

This allows using it nicely with PER_DEVICE_ROOTFS.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Cc: Russell Senior <russell@personaltelco.net>
7 years agobcm53xx: drop unused source file of bcm53xxspiflash
Rafał Miłecki [Thu, 29 Dec 2016 17:03:30 +0000 (18:03 +0100)]
bcm53xx: drop unused source file of bcm53xxspiflash

We don't use this driver since commit 741715331aee ("bcm53xx: switch to
m25p80 and drop bcm53xxspiflash").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agobrcm47xx: mips74k: fix typo in Netgear WN3000RP model name
Rafał Miłecki [Thu, 29 Dec 2016 08:40:32 +0000 (09:40 +0100)]
brcm47xx: mips74k: fix typo in Netgear WN3000RP model name

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agoramips: fix NixcoreX1 profiles
Rafał Miłecki [Wed, 28 Dec 2016 22:01:11 +0000 (23:01 +0100)]
ramips: fix NixcoreX1 profiles

There was a typo in Makefile that prevented using these profiles.

Fixes: a75ce960ac1 ("ramips: use different board names for variants")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agombedtls: enable support for external private RSA keys to fix openvpn build issue
Felix Fietkau [Wed, 28 Dec 2016 21:56:27 +0000 (22:56 +0100)]
mbedtls: enable support for external private RSA keys to fix openvpn build issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agolinux: correct deps for x86-xen-domu target
Sven Roederer [Tue, 27 Dec 2016 00:47:48 +0000 (01:47 +0100)]
linux: correct deps for x86-xen-domu target

depending packages have been moved to kernel-config
- kmod-xen-kbddev in 9fde361
- kmod-xen-fs, kmod-xen-evtchn, kmod-xen-netdev in 018807d

this will also fix imagebuilder

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
7 years agolibressl: disable shared libraries, fixes build issues
Felix Fietkau [Wed, 28 Dec 2016 00:10:37 +0000 (01:10 +0100)]
libressl: disable shared libraries, fixes build issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoath9k: fix issues with external reset on AR913x
Felix Fietkau [Tue, 27 Dec 2016 19:54:15 +0000 (20:54 +0100)]
ath9k: fix issues with external reset on AR913x

An external reset patch for AR955x accidentally led to external reset
being issued twice on AR913x, once before the RTC reset and once after.
This may be causing some stability issues.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agorelayd: fix expiry time handling
Felix Fietkau [Tue, 27 Dec 2016 12:21:42 +0000 (13:21 +0100)]
relayd: fix expiry time handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agorelayd: fix reload / interface restart issues
Felix Fietkau [Tue, 27 Dec 2016 12:19:46 +0000 (13:19 +0100)]
relayd: fix reload / interface restart issues

- replace the hotplug script with an interface trigger
- add netdev params to procd to trigger restart

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agokirkwood: enable initramfs images by default
Felix Fietkau [Tue, 27 Dec 2016 11:52:18 +0000 (12:52 +0100)]
kirkwood: enable initramfs images by default

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoath5k: drop bogus warning on drv_set_key with unsupported cipher (FS#334)
Felix Fietkau [Tue, 27 Dec 2016 11:18:12 +0000 (12:18 +0100)]
ath5k: drop bogus warning on drv_set_key with unsupported cipher (FS#334)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoath9k: remove old rx dma stop check optimization
Felix Fietkau [Tue, 27 Dec 2016 11:10:53 +0000 (12:10 +0100)]
ath9k: remove old rx dma stop check optimization

This commit was added to improve reset time on old SoC devices that run
into chip hangs more frequently. However with the more recent addition
of full WMAC reset on these chips, it could be problematic.
Drop this patch to ensure that DMA activity is really stopped before the
chip reset is issued

Signed-off-by: Felix Fietkau <nbd@nbd.name>