Jo-Philipp Wich [Sat, 27 May 2017 10:15:06 +0000 (12:15 +0200)]
samba: bump PKG_RELEASE
The previous CVE bugfix commit did not adjust PKG_RELEASE, therefor the
fixed samba package does not appear as opkg update.
Bump the PKG_RELEASE to signify upgrades to downstream users.
Ref: https://forum.lede-project.org/t/sambacry-are-lede-devices-affected/3972/4
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hauke Mehrtens [Sat, 27 May 2017 09:29:55 +0000 (11:29 +0200)]
x86: fix build of geode target
The build bot complained that the OLPC option was not set.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 27 May 2017 09:29:28 +0000 (11:29 +0200)]
kernel: add missing config options
This broke the build for the x86 generic target.
This was found by the build bot.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Filip Moc [Thu, 25 May 2017 19:55:32 +0000 (21:55 +0200)]
Move enablemodem from ramips to new package adb-enablemodem and make it used also by TL-MR6400
Signed-off-by: Filip Moc <lede@moc6.cz>
Filip Moc [Thu, 25 May 2017 19:51:37 +0000 (21:51 +0200)]
ar71xx: Add support for TP-Link MR6400
You can flash via tftp recovery (serve factory image as /mr6400_tp_recovery.bin
on 192.168.0.66/24, connect to any ethernet port and power on device while
holding the reset button). Flashing via OEM web interface does not work.
Hardware Specification (v1.0 EU):
- SoC: QCA9531
- Flash: Winbond W25Q64FV (8MiB)
- RAM: EtronTech EM6AB160TSE-5G (64MiB)
- Wireless: SoC platform only (2.4GHz b/g/n, 2x internal antenna)
- Ethernet: 2NIC (3x100M + 1x100M)
- WWAN: TP-LINK LTE MODULE (2x external detachable antenna)
- Power: DC 12V 1A
Signed-off-by: Filip Moc <lede@moc6.cz>
Russell Senior [Wed, 24 May 2017 17:22:05 +0000 (10:22 -0700)]
ramips: remove fictional LEDs from AsiaRF AWM00x device tree
Neither the AsiaRF AWM002 or AWM003 actually has an LED on the module
board. The ld1 and ld2 do not represent actual LEDs. These pins might
connect to LEDS on an eval board or other carrier board, but that is
outside the scope of this device tree file.
Signed-off-by: Russell Senior <russell@personaltelco.net>
Julian Labus [Wed, 24 May 2017 14:32:17 +0000 (16:32 +0200)]
usbmode: update usb-modeswitch-data to
20170205
add support for new hardware
Signed-off-by: Julian Labus <julian@labus-online.de>
Julian Labus [Wed, 24 May 2017 14:32:16 +0000 (16:32 +0200)]
usbmode: update to latest version
453da8e convert-modeswitch.pl: fix message indices
Signed-off-by: Julian Labus <julian@labus-online.de>
Yousong Zhou [Sat, 27 May 2017 02:22:02 +0000 (10:22 +0800)]
build: fix possible issue with kmod package having multiple AutoLoad's
This commit contains the following changes
- Use local shell var where appliable
- The $(sort $$$$$$$$mods) call will have no expected effect
- Avoid EEXIST when creating symlinks in /etc/modules-boot.d/
- Avoid duplicate arguments for insert_modules() in postinst-pkg
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Hauke Mehrtens [Fri, 26 May 2017 21:38:19 +0000 (23:38 +0200)]
kernel: update kernel 4.4 to 4.4.70
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Fri, 26 May 2017 20:56:32 +0000 (22:56 +0200)]
kernel: update kernel 4.9 to 4.9.30
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Florian Fainelli [Tue, 23 May 2017 03:21:55 +0000 (20:21 -0700)]
uml: Fix sample command line
Provide paths that match where LEDE is staging images.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Tue, 23 May 2017 02:35:00 +0000 (19:35 -0700)]
uml: Check for glibc static libraries
UML statically links against libutil, librt and libpthread. Some hosts do not
necessarily have these libraries installed and we should find out sooner than
later (during the final vmlinux linking stage) about that.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Mon, 22 May 2017 23:46:46 +0000 (16:46 -0700)]
kernel: Make KERNEL_PERF_EVENTS selectable
The kernel itself allows enabling/disabling CONFIG_PERF_EVENTS, so allow
doing the same thing.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Mon, 22 May 2017 23:45:52 +0000 (16:45 -0700)]
kernel: Hide kernel options behind a menu
We are starting to add more and more kernel configurable options, to the
point where the Global build options menu is not really usable anymore,
hide all kernel-related configuration options behind a menu.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Mon, 22 May 2017 23:08:57 +0000 (16:08 -0700)]
elfutils: Pass -Wno-unused-result to silence warnings as errors
elfutils turns on -Werror by default, and patch 100-musl-compat.patch
changes how strerror_r is used and we no longer use the function's
return value. This causes the following build error/warning to occur
with glibc-based toolchains:
dwfl_error.c: In function 'dwfl_errmsg':
dwfl_error.c:158:18: error: ignoring return value of 'strerror_r',
declared with attribute warn_unused_result [-Werror=unused-result]
strerror_r (error & 0xffff, s, sizeof(s));
^
cc1: all warnings being treated as errors
Fixing this would be tricky as there are two possible signatures for
strerror_r (XSI and GNU), just turn off unused-result warnings instead.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Nick Brassel [Sat, 6 May 2017 10:56:26 +0000 (20:56 +1000)]
dnsmasq: add dhcp-script hook for other packages
Adds a script which acts as a hook for when dnsmasq creates/destroys a
lease, or completes a TFTP file transfer. The hook loops through scripts
in appropriate directories inside '/etc/hotplug.d', executing each one with
the same arguments supplied by dnsmasq.
In case dnsmasq is jailed by ujail the dhcp-script hook will not work as
expected as ujail does not yet support executing a script within a jail.
Signed-off-by: Nick Brassel <nick@tzarc.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Mathias Kresin [Fri, 26 May 2017 13:13:42 +0000 (15:13 +0200)]
treewide: fix device tree path in scripts
The device tree is at /proc/device-tree/ without a base subdir.
Fixes: da472e5b30f6 ("treewide: access device tree from userspace via /proc/")
Signed-off-by: Mathias Kresin <dev@kresin.me>
Jo-Philipp Wich [Fri, 26 May 2017 12:48:05 +0000 (14:48 +0200)]
Revert "sysupgrade: run only one instance at a time."
This reverts commit
e96a9a9af82c00dcce606a84a7bb87a00411385d.
The change breaks sysupgrade through LuCI and two-stage sysupgrade on
NAND targets. There is also a mismatch of file paths in lock and unlock
operations.
This commit was apparently neither properly tested, nor reviewed, so
drop it for now.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Kyson Lok [Wed, 17 May 2017 10:18:45 +0000 (18:18 +0800)]
ramips: add support for GL-inet GL-MT300N-V2
This patch adds supports for the GL-inet GL-MT300N-V2.
Specification:
- SoC: MediaTek MT7628AN
- Flash: 16 MiB (W25Q128FVSG)
- RAM: 128 MiB DDR
- Ethernet: 1 x WAN (100 Mbps) and 1 x LAN (100 Mbps)
- USB: 1 x USB 2.0 port
- Button: 1 x switch button, 1 x reset button
- LED: 3 x LEDS (system power led is not GPIO controller)
- UART: 1 x UART on PCB (JP1: 3.3V, RX, TX, GND)
Installation through Luci:
- The original firmware is LEDE, so both LuCI or sysupgrade can be used.
- Do not keep settings, for sysupgrade please use the -n option.
Installation through bootloader webserver:
- Plug power and hold reset button until red LED blink to bright.
- Install sysupgrade image using web interface on 192.168.1.1.
Signed-off-by: Kyson Lok <kysonlok@gmail.com>
[match maximum image size with firmware partition]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Wed, 10 May 2017 08:44:18 +0000 (10:44 +0200)]
treewide: access device tree from userspace via /proc/
Access the device tree via /proc/device-tree/ is the documented way to
access the properties. Everything else might not work in future.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Eric Luehrsen [Fri, 26 May 2017 04:02:47 +0000 (00:02 -0400)]
flex: update to 2.6.4 (FS#809)
flex 2.6.3 has a bug which fails code generation and compile of some packages
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Daniel Golle [Thu, 25 May 2017 21:44:23 +0000 (23:44 +0200)]
x86/legacy: disable PAE again
commit
961c0eacea ('x86: fix lifting kernel CPU requirements and always
enable PAE') broke some older geode boards such as Soekris net4826.
Hence disable PAE on x86/legacy again in order to still support those
very old non-PAE capable CPUs.
Fixes FS#773 - PAE broke Soekris net4826
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Felix Fietkau [Thu, 25 May 2017 18:38:10 +0000 (20:38 +0200)]
build: fix QUILT related overrides
They need to be defined before including quilt.mk
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 25 May 2017 17:30:06 +0000 (19:30 +0200)]
iptables: fix typos in 600-shared-libext.patch (FS#711)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Giuseppe Lippolis [Thu, 22 Dec 2016 21:12:44 +0000 (22:12 +0100)]
DWR-512: adding wwan support for the dwr-512 3G modem
This PR allow the 3G modem embedded in the DWR-512 to be managed
by the wwan-ncm scripts. The modem will use the usb-option and
usb-cdc-ether drivers.
The DWR-512 DT is updated accordingly.
Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
Felix Fietkau [Wed, 10 May 2017 12:01:54 +0000 (14:01 +0200)]
gcc: fix documentation entries added by 910-mbsd_multi.patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 9 May 2017 13:20:42 +0000 (15:20 +0200)]
scripts/download.pl: print the command used to download files
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 9 May 2017 13:20:23 +0000 (15:20 +0200)]
xfsprogs: update to 4.11.0
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Hannu Nyman [Sun, 7 May 2017 17:52:32 +0000 (20:52 +0300)]
tools/libressl: update to 2.5.4
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Hannu Nyman [Fri, 28 Apr 2017 13:53:42 +0000 (16:53 +0300)]
tools/flex: update to 2.6.3
* update flex to 2.6.3
* download .tar.gz (as upstream has dropped .xz)
* refresh patches
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Hannu Nyman [Mon, 8 May 2017 19:18:25 +0000 (22:18 +0300)]
tools/cmake: update to 3.8.1
* update cmake to 3.8.1
* refresh patches
Release notes:
https://cmake.org/cmake/help/v3.8/release/3.8.html
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Philip Prindeville [Tue, 28 Mar 2017 00:25:24 +0000 (18:25 -0600)]
x86_64: add drivers for Xeon controller hub based GPIO
These drivers are in many reference-design Xeon, iCore, or
Atom64 based server boards.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Felix Fietkau [Thu, 4 May 2017 13:45:35 +0000 (15:45 +0200)]
json-c: disable implicit fallthrough warning (gcc 7)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 4 May 2017 14:11:27 +0000 (16:11 +0200)]
firewall: update to the latest version, fixes a gcc7 build error
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 4 May 2017 13:18:13 +0000 (15:18 +0200)]
toolchain: add gcc 7.1.0 support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Syrone Wong [Sun, 7 May 2017 11:39:12 +0000 (19:39 +0800)]
tools/isl: update to 0.18
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
Felix Fietkau [Thu, 4 May 2017 10:57:47 +0000 (12:57 +0200)]
octeon: remove linux 4.4 support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 3 May 2017 21:33:59 +0000 (23:33 +0200)]
build: fix quilt for mixed package/host builds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 3 May 2017 21:33:10 +0000 (23:33 +0200)]
build: set QUILT=1 automatically when calling package host build refresh
Makes behavor consistent with package builds and regular host builds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 3 May 2017 13:01:03 +0000 (15:01 +0200)]
build: stop overriding STAGING_DIR_HOST for toolchain build
This causes various issues in other places that assume that host
binaries are staged in STAGING_DIR_HOST.
Since all the right places use HOST_BUILD_PREFIX, override that instead.
This fixes some issues with quilt on toolchain dirs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Yousong Zhou [Thu, 25 May 2017 06:41:34 +0000 (14:41 +0800)]
kernel: fix autoloading arch-specific modules
Fixes FS#745
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Thu, 25 May 2017 06:40:36 +0000 (14:40 +0800)]
backlight-pwm: fix module description
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Kenneth Johansson [Wed, 24 May 2017 11:45:37 +0000 (13:45 +0200)]
sysupgrade: run only one instance at a time.
Things do not work well if running multiple instances of
upgrade at the same time.
Signed-off-by: Kenneth Johansson <kenneth.johansson@inteno.se>
Florian Fainelli [Thu, 11 May 2017 21:33:43 +0000 (14:33 -0700)]
include: Determine MODULES_DIR correctly for external/git kernels
When using external or git cloned kernels, any kind of modifications
will alter KERNELRELEASE. LEDE still tries to stage modules in
lib/modules/$(LINUX_UNAME_VERSION) and LINUX_UNAME_VERSION is based on
KERNEL_PATCHVER (indirectly) so this does not work, and we lose all
kinds of automatic modules loading.
To remedy that, just cat $(LINUX_DIR)/include/config/kernel.release
which is late enough the kernel has prepared this file, and is correctly
tracking changes done throughout the kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Thu, 11 May 2017 21:33:42 +0000 (14:33 -0700)]
include: Do not alter KERNELRELEASE for external/git kernels
In case we use external and/or git cloned kernels, let the kernel
determine the appropriate KERNELRELEASE. We cannot used
LINUX_UNAME_VERSION because that one gets determined at a later time,
when the kernel is already built proper.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Thu, 11 May 2017 21:33:41 +0000 (14:33 -0700)]
Revert "kernel: prevent addition of scm marker to localversion"
This reverts commit
0df2c6563a3537ed21b28a9fb6874bf2718afd05 since it
gets in the way of identifying properly which kernel we are running.
This is particularly important if LEDE is using external kernels/git
cloned kernels. We want to make sure we only load modules from that
specific kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Roman Spychała [Tue, 25 Apr 2017 11:07:37 +0000 (13:07 +0200)]
kernel: add kmod-usb-net-pl package
Kernel support for Prolific PL-2301/2302/25A1 based cables
Signed-off-by: Roman Spychała <roed@onet.eu>
René Mayrhofer [Thu, 27 Apr 2017 08:08:39 +0000 (10:08 +0200)]
Make GBit switch work on RB2011
This change is required to make the GBit switch work on my Mikrotik Routerboard RB2011UiAS-RM, and I assume that the other RB2011 variants are exactly the same in terms of the switch. I have tested the board without and with the patch and confirm that the GBit ports are not supported at all (i.e. no communication works) with the current version in trunk and that everything works with the patch applied. The test box has been running for a few days with the patch applied, and does not show any performance problems in a test setting. I have not used it with LEDE in production so far, but with a previous turnk version of OpenWRT for many years - with the same patch applied. I therefore have good indication that it is stable.
For the record, the switch chip on my test box is identified as
switch0: Atheros AR8327 rev. 4 switch registered on ag71xx-mdio.0
The value 0x6f000000 has been taken from the table at https://wiki.openwrt.org/toh/mikrotik/rb2011uias with the previous discussion thread still online at https://lists.openwrt.org/pipermail/openwrt-devel/2014-December/029949.html.
One definite improvement from the older OpenWRT trunk version I have been running in production and current LEDE trunk is that the SFP interface can be kept in the default configuration without excessive kernel messages about it constantly going up and down. I have not yet tested an actual SFP module, though.
Performance seems to be reasonable. Routing between two GBit ports on that switch separated by different VLANs with the default firewall ruleset (and one additional rule two allow traffic between the VLANs), but without NAT, iperf3 results are:
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 508 MBytes 426 Mbits/sec 102 sender
[ 4] 0.00-10.00 sec 506 MBytes 425 Mbits/sec receiver
With a connection going through NAT (also 2 ports on the same GBit switch, same ruleset, but NAT active), routing performance drops to around 250 MBit/s.
(Note that RouterOS achieves beyond 900 MBit/s on the same hardware with the default rule set and the FastTrack rule active even for NAT, see https://wiki.mikrotik.com/index.php?title=Manual:IP/Fasttrack and http://www.mikrotik.com/download/share/FastTrack.pdf).
Summarizing, I strongly recommend to apply this patch in trunk, so that the GBit switch chip rev. 4 can be supported upstream in the next LEDE release (hopefully soon).
Signed-off-by: René Mayrhofer <rene@mayrhofer.eu.org>
Matthias Fritzsche [Wed, 17 May 2017 03:44:49 +0000 (05:44 +0200)]
ar71xx: change image version for ubiquiti devices
changes the image version from hardcoded OpenWrt to
$VERSION_DIST. AirOS shows a notification with the image version
during a firmware upgrade.
fixes #582
Signed-off-by: Matthias Fritzsche <txt.file@txtfile.eu>
Stijn Tintel [Wed, 24 May 2017 12:56:22 +0000 (14:56 +0200)]
lldpd: bump to 0.9.7
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Wed, 24 May 2017 12:44:03 +0000 (14:44 +0200)]
samba: fix CVE-2017-7494
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Sun, 14 May 2017 01:40:11 +0000 (03:40 +0200)]
brcm2708: enable cpufreq
With cpufreq disabled, the CPU stays locked at the frequency set by the
bootloader. This severely degrades performance as the bootloader sets
the CPU at the lowest frequency by default.
Enable cpufreq for all subtargets and use the ondemand governor.
Tested bcm2708 on RPi0W. Tested bcm2709 and bcm2710 on RPi3.
Reported-by: Bryan Mayland <bmayland@capnbry.net>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Hans Dedecker [Mon, 22 May 2017 20:56:20 +0000 (22:56 +0200)]
dnsmasq: bump to 2.77rc5
Some small tweaks and improvements :
9828ab1 Fix compiler warning.
f77700a Fix compiler warning.
0fbd980 Fix compiler warning.
43cdf1c Remove automatic IDN support when building i18n.
ff19b1a Fix &/&& confusion.
2aaea18 Add .gitattributes to substitute VERSION on export.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 18 May 2017 09:34:44 +0000 (11:34 +0200)]
6rd: add 6rd specific settings as nested json object
Add 6rd specific settings prefix, relay-prefix as a nested data json object
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 22 May 2017 19:35:21 +0000 (21:35 +0200)]
netifd: update to git HEAD version
7573880 system-linux: parse 6rd specific settings as nested json data object
a063705 system-linux: remove redundant check for strtoul() return value
e6ebe0b build: disable unknown warning option error in clang
08d8f47 interface: add new "ifup-failed" hotplug event
20a1bac bridge: reset primary only after marking the member not present
6b9c267 build: suppress format truncation warnings to avoid errors with gcc7
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Rafał Miłecki [Mon, 22 May 2017 10:04:01 +0000 (12:04 +0200)]
umdns: update to the version 2017-05-22
This includes following changes:
0e8b948 Support specifying instance name in JSON file
49fdb9f Support PTR queries for a specific service
26ce7dc Allow filtering with instance name in service_reply
920c62a Store instance name in the struct service
ff09d9a Rename service_name function to the service_instance_name
64f78f1 Rename mdns_hostname variable to the umdns_host_label
Previous package update pulled commit
70c66fbbcde86 ("Fix sending
replies to PTR questions") which introduced a regression which this
update fixes.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Felix Fietkau [Thu, 4 May 2017 14:04:21 +0000 (16:04 +0200)]
fstools: update to the latest version
88d48d5 libfstools: silence mkfs.{ext4,f2fs}
a19f2b3 build: disable the format-truncation warning error to fix gcc 7 build errors
633a8d0 libfstools: fix multiple volume_identify usages with the same volume
c43ae11 fstools: use -Wno-format-truncation instead of -Wno-error=format-truncation
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Yousong Zhou [Mon, 22 May 2017 02:35:10 +0000 (10:35 +0800)]
libunwind: update to 1.2
Addresses CVE-2015-3239: Off-by-one error in the dwarf_to_unw_regnum
function in include/dwarf_i.h in libunwind 1.1 allows local users to
have unspecified impact via invalid dwarf opcodes.
Upstream stable-v1.2 fixed the missing unwind_i.h issue but no new
tarball is released yet
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Kevin Darbyshire-Bryant [Sat, 20 May 2017 11:54:11 +0000 (12:54 +0100)]
dropbear: bump to 2017.75
- Security: Fix double-free in server TCP listener cleanup A double-free
in the server could be triggered by an authenticated user if dropbear is
running with -a (Allow connections to forwarded ports from any host)
This could potentially allow arbitrary code execution as root by an
authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark
Shepard for reporting the crash.
CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/
c8114a48837c
- Security: Fix information disclosure with ~/.ssh/authorized_keys
symlink. Dropbear parsed authorized_keys as root, even if it were a
symlink. The fix is to switch to user permissions when opening
authorized_keys
A user could symlink their ~/.ssh/authorized_keys to a root-owned file
they couldn't normally read. If they managed to get that file to contain
valid authorized_keys with command= options it might be possible to read
other contents of that file.
This information disclosure is to an already authenticated user.
Thanks to Jann Horn of Google Project Zero for reporting this.
CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/
0d889b068123
Refresh patches, rework 100-pubkey_path.patch to work with new
authorized_keys validation.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Hans Ulli Kroll [Fri, 19 May 2017 18:17:08 +0000 (20:17 +0200)]
mac80211: add support for rtl8821ae pcie adapter
Add support for Realtek RTL8821AE/RTL8812AE PCIe adapter.
This device supports 802.11ac and bluetooth
testet on PC Engines APU with AP and STA mode
Signed-off-by: Hans Ulli Kroll <ulli.kroll@googlemail.com>
Hans Ulli Kroll [Fri, 19 May 2017 18:17:07 +0000 (20:17 +0200)]
linux-firmware: add firmware for rtl8821ae support
Add needed firmware to support rtl8821ae pcie adapter
Signed-off-by: Hans Ulli Kroll <ulli.kroll@googlemail.com>
Hauke Mehrtens [Sun, 21 May 2017 19:20:44 +0000 (21:20 +0200)]
lantiq: spi: double time out tolerance
The generic SPI code calculates how long the issued transfer would take
and adds 100ms in addition to the timeout as tolerance. On my 500 MHz
Lantiq Mips SoC I am getting timeouts from the SPI like this when the
system boots up:
m25p80 spi32766.4: SPI transfer timed out
blk_update_request: I/O error, dev mtdblock3, sector 2
SQUASHFS error: squashfs_read_data failed to read block 0x6e
After increasing the tolerance for the timeout to 200ms I haven't seen
these SPI transfer time outs any more.
The Lantiq SPI driver in use here has an extra work queue in between,
which gets triggered when the controller send the last word and the
hardware FIFOs used for reading and writing are only 8 words long.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Koen Vandeputte [Mon, 15 May 2017 11:11:05 +0000 (13:11 +0200)]
kernel: update kernel 4.9 to 4.9.29
- Refresh all patches
- Removed upstreamed
- Adapted 1
Compile tested on: bcm53xx, cns3xxx, imx6, lantiq
Run tested on: cns3xxx & imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[update from 4.9.28 to 4.9.29]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Kevin Darbyshire-Bryant [Mon, 15 May 2017 14:03:47 +0000 (15:03 +0100)]
kernel: update kernel 4.4 to version 4.4.69
Refresh patches. A number of patches have landed upstream & hence are no
longer required locally:
062-[1-6]-MIPS-* series
042-0004-mtd-bcm47xxpart-fix-parsing-first-block
Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup
as it was incorrectly included upstream thus dropped from LEDE.
As it has now been reverted upstream it needs to be included again for
LEDE.
Run tested ar71xx Archer C7 v2 and lantiq.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[update from 4.4.68 to 4.4.69]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rafał Miłecki [Sun, 21 May 2017 15:41:41 +0000 (17:41 +0200)]
bcm53xx: add support for TP-LINK Archer C5 V2
This model also contains few partitions non-discoverable partitions we
need to "protect". Othen than that it uses non-deprecated serial entry
in DTS that doesn't work with LEDE so we need to workaround it as well.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Alexandru Ardelean [Fri, 19 May 2017 13:19:20 +0000 (16:19 +0300)]
base-files: fix default procd reload
Bug introduced with
6713694.
I did not count on procd handling reload as mentioned
in this doc:
https://wiki.openwrt.org/inbox/procd-init-scripts
```
procd_set_param file /var/etc/your_service.conf # /etc/init.d/your_service reload will restart the daemon if these files have changed
procd_set_param netdev dev # likewise, except if dev's ifindex changes.
procd_set_param data name=value ... # likewise, except if this data changes.
```
The service would be restarted regardless of any of those params.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Daniel Golle [Fri, 19 May 2017 22:20:35 +0000 (00:20 +0200)]
kernel: enable CRASH_DUMP on supported platforms
While we have CRASHLOG on MIPS it makes sense to support 'classic'
kexec-based CRASH_DUMP on x86 and arm platforms.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
John Crispin [Thu, 18 May 2017 13:31:26 +0000 (15:31 +0200)]
Revert "ar71xx: Add support for Teltonika RUT900"
This reverts commit
224e5f5efa22b8a0132522367afd3b22f05d53e1.
pepe2k pointed out that this was not ready to merge
Signed-off-by: John Crispin <john@phrozen.org>
Michael Lee [Thu, 27 Apr 2017 01:04:31 +0000 (09:04 +0800)]
ramips: support jumbo frame on mt7621 up to 2k
Signed-off-by: Michael Lee <igvtee@gmail.com>
Steffen Weinreich [Thu, 27 Apr 2017 21:59:22 +0000 (23:59 +0200)]
ar71xx: Add support for Teltonika RUT900
Teltonika RUT900 is a Router with LTE dual SIM, WiFi, 4x Ethernet
ports, I/O, RS232, RS485, GPS.
The device ist based on a Atheros AR9344 rev 3,
Specifications:
- 560/450/225 MHz (CPU/DDR/AHB)
- 128 MB of RAM
- 16 MB of FLASH
- Serial Console header on a Card Board edge connector
- 4x 10/100 Mbps Ethernet (3x LAN, 1x WAN)
- 2.4 GHz Wifi
- 2x external, detachable Wifi antennas
- LTE Modem Huawei ME909u-521 (Also other Modem seen)
- 2x LTE antennas
- 1x GPS antenna
- 7x LED, 1x button
- 1x USB Connector
- 1x Serial RS232
- 1x Serial RS485
- 1x MicroSD Card
The GPL sources of the device are available at www.teltonika.lt/gpl/
and are based on OpenWRT Barrier Breaker (14.07)
Running from tftp:
The Router starts into the uboot Webupdater if the Button ist pressed
more than 3 seconds, if no Network cable is attached it starts the
uboot serial console, from there the router loads the firmware image
via tftpboot from 192.168.1.2:firmware.bin (the router has the
192.168.1.1). With bootm the loaded image will be booted.
Signed-off-by: Steffen Weinreich <steve@weinreich.org>
Daniel Engberg [Wed, 10 May 2017 09:04:26 +0000 (11:04 +0200)]
f2fs-tools: Switch to gz tarball
At some point kernel.org decided to drop xz generated tarballs, switch to gz which they still provide.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Daniel Golle [Thu, 18 May 2017 11:47:00 +0000 (13:47 +0200)]
mac80211: rt2x00: remove unneccessary code
Use chanreg and dccal helpers to reduce the size of ePA code.
Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: fixed white-space so patch applies]
Alexandru Ardelean [Thu, 4 May 2017 11:13:40 +0000 (14:13 +0300)]
lldpd: drop specific respawn params [use system-wide]
I think I added these respawn params [a while back],
when I did the conversion to procd init script format.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Luiz Angelo Daros de Luca [Fri, 5 May 2017 23:05:56 +0000 (20:05 -0300)]
elfutils: bump to 0.169
Removed patches (now upstream):
- 004-maybe-uninitialized.patch
- 007-fix_TEMP_FAILURE_RETRY.patch
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Ben Greear [Tue, 16 May 2017 22:44:20 +0000 (15:44 -0700)]
ath10k-ct-firmware: Add support for QCA9886/QCA9888 firmware.
This firmware shoul have the same general feature set as the
rest of the 10.4 CT firmware (9984, 9980, etc). Build-tested
only in LEDE, but firmware has been tested with ath10k-ct driver
on other OSs, so likely works just fine.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Ben Greear [Tue, 16 May 2017 22:26:11 +0000 (15:26 -0700)]
ath10k-ct-firmware: Update to latest.
The 988x and 9887 firmwares include a bugfix for a case where blockack
did not work sometimes, and many fixes for compiler warnings detected
by newer gcc compilers.
The 9980 and 9984 firmware includes a large backport of upstream QCA
firmware changes to bring it up to date.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Ben Greear [Tue, 16 May 2017 22:26:10 +0000 (15:26 -0700)]
ath10k-ct: Update to latest ath10k-ct driver.
Supports disabling firmware hex logging that many found too verbose.
Increase BMI timer so system works more often with 9888 Compex NIC
(and maybe others).
Allow configuring a specific board-file per NIC using fwcfg file.
Maybe fix a scan-busy problem when using CT firmware.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Daniel Engberg [Wed, 10 May 2017 09:19:46 +0000 (11:19 +0200)]
devel/trace-cmd: Update to 2.6.1
Update trace-cmd to version 2.6.1
Switch to tarball download
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Giuseppe Lippolis [Tue, 9 May 2017 18:23:35 +0000 (20:23 +0200)]
comgt-3g: enable modem before to setpin
some modems needs to be enabled with CFUN=1 before to set the pin
Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
Philip Prindeville [Wed, 10 May 2017 22:32:05 +0000 (16:32 -0600)]
kernel: add hwmon for W83627EHF and family
Remove support for NCT6775/6 from W83627EHF driver so the NCT6775
driver will still be used for those chips.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Arjen de Korte [Fri, 12 May 2017 09:26:49 +0000 (11:26 +0200)]
dnsmasq: add IPv6 nameserver configuration in server mode
When in ra server mode, configure nameservers passed in router
announcements from the dns value (which is already used by odhcpd).
This also fixes FS#677 by using the global IPv6 address of the router
instead of the link local address (if no nameservers are configured).
Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Daniel Engberg [Sat, 13 May 2017 11:54:31 +0000 (13:54 +0200)]
libs/libnftnl: Update to 1.0.7
Update libnftnl to 1.0.7
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Daniel Engberg [Sat, 13 May 2017 11:41:30 +0000 (13:41 +0200)]
network/utils/curl: Update to 7.54.0
Update curl to 7.54.0
Update and fresh patches
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Daniel Engberg [Sat, 13 May 2017 11:21:11 +0000 (13:21 +0200)]
devel/strace: Update to 4.16
Update strace to 4.16
Refresh patch
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Daniel Engberg [Sat, 13 May 2017 11:25:16 +0000 (13:25 +0200)]
network/utils/ipset: Update to 6.32
Update ipset to 6.32
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Ansuel Smith [Sun, 26 Mar 2017 13:17:06 +0000 (15:17 +0200)]
uhttpd: Enable integrated Lua by default
We enabled lua interpreter by default as it doesn't make any problem in the uhttpd config file and we modify the index page to use it.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Bjørn Mork [Thu, 20 Apr 2017 12:40:05 +0000 (14:40 +0200)]
kernel: add Digi Edgeport USB serial driver package
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Chris Blake [Thu, 27 Apr 2017 03:09:27 +0000 (22:09 -0500)]
ar71xx: add support for Aerohive AP-121
This adds support for Aerohive AP-121 access point.
Specification:
- SoC: Atheros AR9344-BC2A at 560MHz
- WiFi 1: 2.4GHz Atheros AR9340? - SoC
- WiFi 2: 5.0GHz Atheros AR9382-AL1A
- Memory: 128MB from 2x Nanya NT5TU32M16DG-AC
- SPI: 1MB Macronix MX25L8006E
- NAND: 128MB Hynix H27U1G8F2BTR-BC
- Ethernet: Atheros AR8035-A
- USB: 1x 2.0
- TPM: Atmel SC3204
Flashing:
1. Hook into UART (9600 baud) and enter U-Boot. You may need to enter
a password of administrator or AhNf?d@ta06 if prompted.
2. Once in U-Boot, download and flash LEDE factory image over tftp:
dhcp;
setenv serverip tftp-server-ip;
tftpboot 0x81000000 lede-ar71xx-nand-hiveap-121-squashfs-factory.bin;
nand erase 0x800000 0x800000;
nand write 0x81000000 0x800000 0x800000;
reset;
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
[minor text changes in commit subject and description, fixed
alphabetical order in etc/diag.sh, use only model name in lib/ar71xx.sh,
fixed code style issues in mach-hiveap-121.c, ubinized factory image]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Mantas Pucka [Fri, 12 May 2017 17:54:41 +0000 (19:54 +0200)]
uboot-envtools: add support for 8devices Rambutan
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Mantas Pucka [Mon, 8 May 2017 10:28:38 +0000 (13:28 +0300)]
ar71xx: add support for 8devices Rambutan development board
Rambutan is a Wifi module based on QCA9550/9557
http://www.8devices.com/products/rambutan
This commit adds basic support for Rambutan development kit
Specification:
- 720/600/200 MHz (CPU/DDR/AHB)
- 128 MB of DDR2 RAM
- 128 MB of NAND Flash
- 1x 100Mbps Ethernet
- 1x 1000Mbps Ethernet (PHY on dev-kit)
- 1x Wifi radio 2x2 MIMO, dualband 2.4 and 5 GHz
- 2x U.FL connectors on module, chip antennas on dev-kit
- 1x miniPCIe slot
- 1x USB2.0 host socket + 1x USB2.0 pins on 2.54mm header
Flash instructions:
Stock firmware is OpenWrt, so use:
sysupgrade -n /tmp/lede-ar71xx-nand-rambutan-squashfs-sysupgrade.tar
or upgarde from GUI (don't save config)
Use factory image to flash from U-Boot:
tftpboot
80060000 lede-ar71xx-nand-rambutan-squashfs-factory.ubi
nand erase.part ubi
nand write
80060000 ubi ${filesize}
Signed-off-by: Mantas Pucka <mantas@8devices.com>
[split support in uboot-envtools package into a separate commit,
fixed alphabetical order in lib/preinit/05_set_iface_mac_ar71xx]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Ludwig Thomeczek [Wed, 29 Mar 2017 11:38:25 +0000 (13:38 +0200)]
ar71xx: add support for UniFi-AC-Mesh
This adds the build option for the new UniFi AC Mesh.
It is a direct hardware copy from the AC Lite.
- SoC: QCA9563-AL3A (775Mhz)
- RAM: 128MiB
- Flash: 16MiB - dual firmware partitions!
- LAN: 1 1000M - POE
- Wireless:
2.4G: QCA9563
5G: UniFi Chip, QCA988X compatible
Thanks to Frank Dietz for testing.
Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
[wrapped too long lines in mach-ubnt-unifiac.c]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Thu, 30 Mar 2017 19:52:20 +0000 (21:52 +0200)]
ar71xx: move Zbtlink ZBT-WE1526 to generic build target
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Steffen Weinreich [Tue, 25 Apr 2017 14:44:39 +0000 (16:44 +0200)]
ramips: add om-watchdog to rut5xx DEVICE_PACKAGES
Add om-watchdog as default package for rut5xx.
Signed-off-by: Steffen Weinreich <steve@weinreich.org>
Steffen Weinreich [Tue, 25 Apr 2017 14:44:39 +0000 (16:44 +0200)]
om-watchdog: add support for Teltonika RUT5xx (ramips)
Add rut5xx GPIO PIN selection to om-package startup script.
Testet on a RUT500 device, the timeout value of the hardware watchdog
is about 280 sec.
Signed-off-by: Steffen Weinreich <steve@weinreich.org>
[split into two commits, bump PKG_RELEASE]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Thu, 11 May 2017 22:10:11 +0000 (00:10 +0200)]
om-watchdog: cosmetic code style fixes
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Thu, 11 May 2017 21:53:41 +0000 (23:53 +0200)]
om-watchdog: cleanup Makefile
Drop redundant Build/Prepare, empty lines and duplicated Build/Compile.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Oldřich Jedlička [Sun, 23 Apr 2017 07:29:15 +0000 (09:29 +0200)]
ar71xx: fix switch port mapping for ap123 based TP-Link devices
This fixes switch port mapping for: TL-WR841N/ND v8, TL-MR3420 v2 and
TL-WR941N/ND v5. All of them share the same Atheros ap123 reference
design.
The order of switch ports (shown in "swconfig dev eth1 show") is CPU,
LAN 4, LAN 1, LAN 2, LAN 3.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
[included 2 more devices]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Hans Dedecker [Mon, 15 May 2017 20:25:47 +0000 (22:25 +0200)]
odhcpd: update to git HEAD version
93abe6f config: fix invalid hoplimit in RA message
2ae08d1 config: fix invalid retranstime in RA message
0005cb4 config: fix invalid reachabletime in RA message
5683dd2 config: limit ra_mtu to 65535
f8d40a5 router: fix interface mtu read error
f8f4b87 config: limit ra_retranstime to 60000
a2d8bf6 dhcpv4: display two hex digits per octet in syslog
a9e9bc4 config: make RA retransTime configurable via uci
2cb6b48 config: make RA reachableTime configurable via uci
e4504db config: make RA curHopLimit configurable via uci
9dd5316 config: make RA mtu configurable via UCI
29cb2ff config: fix dhcpv4 server being started
0ef74ec ndp.c: add switch/case fallthrough comments
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Alberto Bursi [Thu, 30 Mar 2017 10:34:42 +0000 (12:34 +0200)]
kirkwood: set sata/usb led trigger for NSA3xx
these two devices have a Sata led for each sata port.
These leds must be controlled separately by a special
sata led trigger already used in oxnas target.
Both these devices have a single USB led, and to keep
consistent behaviour with the Sata leds that show
sata activity, this led uses usb-host trigger
to show usb activity.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>