Felix Fietkau [Fri, 16 Jun 2017 13:15:37 +0000 (15:15 +0200)]
build: remove old kernel-headers build directories
Saves space after updating kernel versions
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Kevin Darbyshire-Bryant [Thu, 15 Jun 2017 11:58:25 +0000 (12:58 +0100)]
dropbear: fix service trigger syntax error
The classic single '&' when double '&&' conditional was meant.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Paul Spooren [Tue, 13 Jun 2017 19:59:14 +0000 (21:59 +0200)]
imagebuilder: add package_list function
The imagebuilder can now list all available packages by using make
package_list. This is usefull for scripts to retrieve a list of all
packages with versions (and size)
Signed-off-by: Paul Spooren <paul@spooren.de>
[daniel@makrotopia.org: fixed commit message]
Hans Dedecker [Wed, 14 Jun 2017 20:50:48 +0000 (22:50 +0200)]
Revert "dnsmasq: manage resolv.conf if when listening on 127.0.0.1#53"
This reverts commit
a53f8ba6771de64c9c82a2e6867791226f3003cb.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
小桥 [Sun, 5 Mar 2017 07:53:40 +0000 (15:53 +0800)]
ramips: fix Phicomm K1S(PSG1208) pinmux
Use gpio function for pins with LEDs.
Signed-off-by: 小桥 <29551030@qq.com>
Makoto Takeuchi [Wed, 24 May 2017 15:37:24 +0000 (16:37 +0100)]
kirkwood: add support for Cisco ON100
The Cisco ON100 device is a Kirkwood based router:
SoC: Marvell
88F6282 1600Mhz
SDRAM memory: 512MB DDR3 1333Mhz
Gigabit ethernet: 2x Marvell
88E1310 (over RGMII)
Flash memory: 512MB
2 bi-colour status LEDs (green/red)
1 Reset button
1 USB 2.0 port (on back)
1 SDIO slot (on back)
This commit adds a target profile of "Cisco Systems ON100" under the target
system "Marvell Kirkwood".
Flashing can be performed over tftp, once "dhcp" has been issued:
tftpboot ${loadaddr} lede-kirkwood-on100-squashfs-factory.bin
nand erase 0x0c0000 ${filesize}
nand write ${loadaddr} 0x0c0000 ${filesize}
Once flashed, set environment variables to boot:
setenv bootcmd nand read \${loadaddr} 0x0c0000 0x540000\; setenv bootargs
\; bootm
saveenv
Signed-off-by: Makoto Takeuchi <mak0@lxsys.co.uk>
Ben Whitten [Wed, 3 May 2017 21:15:20 +0000 (22:15 +0100)]
at91: convert boards to generic build target
Evaluation boards are left in component form to ease flashing
using vendor tooling and instructions. These boards also do
not include the EOF marker in the UBIFS as the bootloaders
are recent and easily upgradeable.
The end product boards use factory.bin images based on the
dts layout and include EOF markers as bootloader UBI support
is not determined.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Paul Oranje [Fri, 9 Jun 2017 09:30:23 +0000 (11:30 +0200)]
dnsmasq: manage resolv.conf if when listening on 127.0.0.1#53
With this patch the dnsmasq init script manages resolv.conf if and only if
when dnsmasq will listen on 127.0.0.1#53 (is main resolver instance).
Also, resolvfile is now set irrespective of the value of noresolv.
Fixes (partially) FS#785
Signed-off-by: Paul Oranje <por@xs4all.nl>
Piotr Dymacz [Sat, 10 Jun 2017 17:31:54 +0000 (19:31 +0200)]
ar71xx: image: simplify TP-Link devices definitions
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Sun, 11 Jun 2017 17:41:23 +0000 (19:41 +0200)]
ar71xx: image: fix TP-Link TL-WR710N v2/v2.1 BOARDNAME
All TP-Link TL-WR710N versions share the same machine code.
This has been working since the beginning as we don't use double-quotes
to protect spaces inside command line values. Thus, kernel interprets
'board=TL-WR710N v2' as 'board=TL-WR710N' and separate parameter 'v2'.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Sun, 11 Jun 2017 13:30:27 +0000 (15:30 +0200)]
ar71xx: image: tp-link.mk: keep devices in alphabetical order
Keep TP-Link devices definitions in alphabetical order whenever it's
possible. Also group together similar devices or devices from the same
series.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Wed, 7 Jun 2017 20:23:54 +0000 (22:23 +0200)]
ar71xx: base-files: cleanups in 10-ar922x-led-fix
Fix code style, indentation and leading/trailing whitespaces in:
/etc/hotplug.d/net/10-ar922x-led-fix
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Wed, 7 Jun 2017 19:19:48 +0000 (21:19 +0200)]
ar71xx: base-files: cleanups in 11-ath10k-caldata
Fix code style and boards alphabetical order in:
/etc/hotplug.d/firmware/11-ath10k-caldata
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Ludwig Thomeczek [Sat, 13 May 2017 09:40:48 +0000 (11:40 +0200)]
firmware-utils: tplink-safeloader: add TP-Link Archer C25 v1
This adds the necessary firmware layout definitions for the Archer C25.
It has an addtional partition containing some static data ("extra-para")
without which no factory flash is possible, therefore put_data() has been
added.
Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
Ludwig Thomeczek [Sat, 22 Apr 2017 16:21:47 +0000 (18:21 +0200)]
ar71xx: add support for TP-Link Archer C25 v1
The TP-Link Archer C25 is a low-cost dual-band router.
Specification:
- CPU: Atheros QCA9561 775 MHz
- RAM: 64 MB
- Flash: 8 MB
- Wifi: 3x3 2.4 GHz (integrated), 1x1 5 GHz QCA9887
- NET: 5x 10/100 Mbps Ethernet
Some LEDs are controlled by an additional 74HC595 chip.
Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
[minor code style fixes, boards alphabetical order fixes,
reworked commit message]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Serg Studzinskii [Wed, 8 Mar 2017 20:10:05 +0000 (22:10 +0200)]
ar71xx: add support for TP-Link TL-WR942N v1
TP-Link TL-WR942N v1 is a 2.4 GHz single-band N450 router, based on
Qualcomm/Atheros QCA9561.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 5x 10/100 Mbps Ethernet
- 2x USB 2.0
- 11x LED (most are controlled by 74HC595)
- 2x button
- UART header on PCB*
* Serial console is disabled in OEM non-beta firmwares and corresponding
GPIO pins 14 and 15 are assigned to control USB1 and USB2 LEDs by
production (non-beta) U-Boot and firmware.
Currently not working:
1. USB1 and USB2 LEDs if UART RX and TX pins are assigned to their GPIOs
by some U-Boot versions.
Flash instruction under vendor GUI:
1. Download "lede-ar71xx-generic-tl-wr942n-v1-squashfs-factory.bin".
2. Go to WEB interface and perform usual firmware upgrade.
FLash instruction under U-Boot recovery mode (doesn't work in beta
firmware):
1. Setup PC with static IP "192.168.0.66/24" and tftp server.
2. Change "*-factory" image filename to "WR942v1_recovery.bin" and make
it available to download from your tftp server.
3. Press "reset" button and power up the router, wait till "WPS" LED
turns on.
Flash instruction under U-Boot, using UART (can be done only with
preinstalled UART-enabled U-Boot version!):
1. Use "tpl" to stop autobooting and obtain U-Boot CLI access.
2. Setup ip addresses for U-Boot and your tftp server.
3. Issue below commands:
tftp 0x81000000 lede-ar71xx-generic-tl-wr942n-v1-sysupgrade.bin
erase 0x9f020000 +$filesize
cp.b 0x81000000 0x9f020000 $filesize
reset
Signed-off-by: Serg Studzinskii <serguzhg@gmail.com>
[minor code style fixes, extended commit message]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Fri, 9 Jun 2017 17:56:09 +0000 (19:56 +0200)]
ar71xx: move WRTnode2Q to generic build target
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Sat, 10 Jun 2017 16:57:56 +0000 (18:57 +0200)]
ar71xx: image: simplify Ubiquiti devices definitions
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Sat, 10 Jun 2017 11:48:34 +0000 (13:48 +0200)]
ar71xx: image: mikrotik: shorten DEVICE_TITLE
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Thu, 8 Jun 2017 13:18:34 +0000 (15:18 +0200)]
ar71xx: image: use simply expanded variables
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Wed, 31 May 2017 20:12:51 +0000 (22:12 +0200)]
ar71xx: image: update GL.iNet boards DEVICE_TITLE
Use "GL.iNet" as vendor name (based on information from the vendor, this
is registered name of the company) and align model names with official
website.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Wed, 31 May 2017 19:56:10 +0000 (21:56 +0200)]
ar71xx: image: fix 8devices boards DEVICE_TITLE
Be consistent with DEVICE_TITLE syntax and use vendor + board names.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Wed, 7 Jun 2017 20:37:30 +0000 (22:37 +0200)]
ar71xx: image: drop unused mtdlayouts from legacy.mk
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Wed, 31 May 2017 19:23:53 +0000 (21:23 +0200)]
ar71xx: image: cosmetic: drop redundant empty lines
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Wed, 31 May 2017 18:02:36 +0000 (20:02 +0200)]
ar71xx: image: add ROOTFS_SIZE to DEVICE_VARS
Also use ROOTFS_SIZE variable in place of static values.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Wed, 31 May 2017 14:31:44 +0000 (16:31 +0200)]
ar71xx: image: keep custom Build/* functions in separate files
Most of the custom Build/* functions in ar71xx target are rarely used by
image building code for devices from more than one subtarget. As they
don't need to be always included, move them to corresponding *.mk files.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Wed, 31 May 2017 09:16:22 +0000 (11:16 +0200)]
ar71xx: image: keep DEVICE_VARS and Build/* at the beginning
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Tue, 30 May 2017 21:20:16 +0000 (23:20 +0200)]
ar71xx: image: simplify Compex devices definitions
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Tue, 30 May 2017 20:55:29 +0000 (22:55 +0200)]
ar71xx: image: drop redundant kmod-usb-ohci from DEVICE_PACKAGES
kmod-usb-ohci is needed only on devices with AR71xx and AR7240 SoCs.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Tue, 30 May 2017 20:25:02 +0000 (22:25 +0200)]
ar71xx: image: drop redundant uboot-envtools from DEVICE_PACKAGES
uboot-envtools is already included in DEFAULT_PACKAGES for ar71xx.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Jan Niehusmann [Fri, 19 May 2017 07:42:24 +0000 (09:42 +0200)]
firmware-utils: tplink-safeloader: support strings as soft_version
Some TP-Link routers (C25, C59, C60) contain a version string instead
of a binary structure in the soft_version partition.
Flashing LEDE from the original firmware's GUI, this version string
taken from the soft_ver partition of the firmware image is written to
the router's config partition.
When using tftp recovery to go back to the original Archer C25 firmware,
a version check compares that version to the version of the firmware to
be flashed.
Without proper contents in the config partition, reverting to the
original firmware fails.
Therefore, write the string "soft_ver:1.0.0\n" to that soft_ver
partition.
Signed-off-by: Jan Niehusmann <jan@gondor.com>
Kevin Darbyshire-Bryant [Sun, 11 Jun 2017 13:36:17 +0000 (14:36 +0100)]
ar71xx: fixup ar71xx/ar933x_wmac_reset: remove indefinite wait for wmac reset
Fix malformed patch introduced by
296312fca13a4cab1d157e0474e1f0bcca6adf5c
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Fri, 24 Feb 2017 10:08:30 +0000 (10:08 +0000)]
dnsmasq: make bind-dynamic 'non-wildcard' interfaces default
'non-wildcard' interfaces enables dnsmasq's '--bind-dynamic' mode. This
binds to interfaces rather than wildcard addresses *and* keeps track of
interface comings/goings via a unique Linux api.
Quoting dnsmasq's author "bind-dynamic (bind individual addresses, keep
up with changes in interface config) ... On linux, there's actually no
sane reason not to use --bind-dynamic, and it's only not the default for
historical reasons."
Let's change history, well on LEDE at least, and change the default!
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Alexander Couzens [Sun, 11 Jun 2017 11:43:55 +0000 (13:43 +0200)]
ar71xx/ar93xx_wmac_otp_read_word: fix wrongly used sizeof(*u)
Found-by: Coverity Scan #1330474
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Alexander Couzens [Sun, 11 Jun 2017 11:33:18 +0000 (13:33 +0200)]
linux/swconfig_get_attr: fix leak of msg in case of error
Found-by: Coverity Scan #1330102
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Alexander Couzens [Sun, 11 Jun 2017 11:30:21 +0000 (13:30 +0200)]
linux/ledtrig-netdev: remove `unsigned < 0` check
Found-by: Coverity Scan
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Alexander Couzens [Sun, 11 Jun 2017 11:27:20 +0000 (13:27 +0200)]
ar71xx/ar933x_wmac_reset: remove indefinite wait for wmac reset
Found-by: Coverity Scan #1329327
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Alexander Couzens [Sun, 11 Jun 2017 10:51:58 +0000 (12:51 +0200)]
ar71xx/ag71xx_ethtool: don't return uninitialized return value on success
ag71xx_ethtool_set_ringparam() will return an uninitialized value on
success.
Found-by: Coverity Scan #1330877
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Alexander Couzens [Sun, 11 Jun 2017 10:49:19 +0000 (12:49 +0200)]
ar71xx/ag71xx_mdio_probe: fix a memory leak when probe fails
Found-by: Coverity Scan #1330233
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Alexander Couzens [Sun, 11 Jun 2017 10:43:24 +0000 (12:43 +0200)]
ar71xx/ag71xx_ar7240_get_port_link: fix off-by-one check on argument `port`
Found-by: Coverity Scan #1329901
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Jonas Gorski [Sun, 11 Jun 2017 10:50:14 +0000 (12:50 +0200)]
base-files: board.json's switch reset means existence, not argument
Don't pass the value unconditionally to swconfig as a parameter but
instead only call reset if it is 1.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Thu, 9 Feb 2017 20:58:36 +0000 (21:58 +0100)]
brcm63xx: probe SPI connected switches through DT
Now that we can configure the switches through DT, do so.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Thu, 9 Feb 2017 20:20:41 +0000 (21:20 +0100)]
b53: allow configuration through device tree
Add support for the same binding as upstream b53 to allow an
easy switch.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Thu, 11 May 2017 11:50:18 +0000 (13:50 +0200)]
brcm63xx: switch to hardware led controllers
Instead of bit banging SPI to talk to the GPIO chip, use the hardware
led controllers intended for controlling the LEDs.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Sun, 14 May 2017 21:45:31 +0000 (23:45 +0200)]
brcm63xx: leds-bcm6328: fix signal assignments for leds 4~7
Properly use modulus for bit calculation for LEDs 4 to 7.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Sun, 14 May 2017 20:21:08 +0000 (22:21 +0200)]
brcm63xx: dsl-275xb-d: configure switch leds
Add pinctrl configuration to configure the switch leds on DSL-275XB.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Fri, 1 Jul 2016 09:23:06 +0000 (11:23 +0200)]
brcm63xx: add pinctrl support
Add and enable pincontrol drivers, and update dts(i) files with
appropriate hogs.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Thu, 8 Jun 2017 08:40:50 +0000 (10:40 +0200)]
kernel: make regmap LZO cache optional
There are no users, so hide it and let future users select it. Saves
about ~17 kB on MIPS.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Fri, 1 Jul 2016 09:22:08 +0000 (11:22 +0200)]
brcm63xx: backport upstream generic gpio changes
Backport patches that add a data pointer to gpio_chip.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Daniel Golle [Tue, 21 Mar 2017 21:58:13 +0000 (15:58 -0600)]
kexec-tools: bump version and add support for crashdump kernel
split kexec-tools into two packages, kexec and kdump.
* kexec to simply execute a new kernel
* kdump is for loading and collecting debris of a crashed kernel with
support for kdump forensics.
In order to properly support booting into a crashkernel, an init script
as well as UCI configuration has been added.
As modifying the kernel cmdline is required for this to work in x86
platforms use an uci-defaults script to modify /boot/grub/grub.cfg.
To test collecting crash information, use the 'c' sysrq-trigger, ie.
echo c > /proc/sysrq-trigger
This should result in the crash kernel being executed and (depending
on the configution) dmesg and/or vmcore getting saved.
To check if the crash kernel was loaded properly, use the 'status'
command of the kdump init script.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hans Dedecker [Fri, 9 Jun 2017 14:24:12 +0000 (16:24 +0200)]
dnsmasq: add dhcp-script hook conditionally
Commit
b32689afd6a661339861086c669e15c936293cf8 added support for dhcp-script hook.
Adding dhcp-script config option results into two instances of dnsmasq being run
which triggered oom issues on platforms having low memory.
The dnsmasq dhcp-script config option will now only be added if at least one of the
dhcp, tftp, neigh hotplug dirs has a regular hotplug file or if the dhcpscript uci
config option is specified.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Rafał Miłecki [Mon, 22 May 2017 10:50:53 +0000 (12:50 +0200)]
bcm53xx: include wpad-mini only on devices with (supported) wireless
Don't include wpad-mini when it's useless just like we don't include
useless wireless drivers.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Jo-Philipp Wich [Thu, 8 Jun 2017 17:27:46 +0000 (19:27 +0200)]
base-files: network.sh: fix a number of IPv6 logic flaws
* Change network_get_subnet6() to sensibly guess a suitable prefix
Attempt to return the first non-linklocal, non-ula range, then attempt
to return the first non-linklocal range and finally fall back to the
previous behaviour of simply returning the first found item.
* Fix network_get_ipaddrs_all()
Instead of replicating the flawed logic appending a fixed ":1" suffix
to IPv6 addresses, rely on network_get_ipaddrs() and network_get_ipaddrs6()
to build a single list of all interface addresses.
* Fix network_get_subnets6()
Instead of replicating the flawed logic appending a fixed ":1" suffix
to IPv6 addresses, rely on the ipv6-prefix-assignment.local-address
field to figure out the proper network address.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 8 Jun 2017 17:54:53 +0000 (19:54 +0200)]
mwlwifi: update to version 10.3.4.0 / 2017-06-06
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Alexander Couzens [Wed, 7 Jun 2017 21:56:19 +0000 (23:56 +0200)]
include/toplevel: set env GIT_ASKPASS=/bin/true
When git-https request a service (e.g. github) which ask for credentials
git will pass this request to the user resulting download.pl to wait for
user input. Set GIT_ASKPASS to stop asking.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Jo-Philipp Wich [Thu, 8 Jun 2017 10:02:36 +0000 (12:02 +0200)]
base-files: network.sh: properly report local IPv6 addresses
Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to
fetch the effective local IPv6 address of delegated prefix from the
"local-address" field instead of naively hardcoding ":1" as static suffix.
Fixes FS#829.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Felix Fietkau [Thu, 8 Jun 2017 09:05:05 +0000 (11:05 +0200)]
build: ensure that flock is available for make download
It ensures that make download can parallelize downloads, even when some
packages download the same files (e.g. gcc/initial, gcc/final)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Jo-Philipp Wich [Wed, 7 Jun 2017 22:24:27 +0000 (00:24 +0200)]
kernel: update kernel 4.9 to 4.9.31
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hauke Mehrtens [Wed, 7 Jun 2017 20:57:41 +0000 (22:57 +0200)]
kernel: really select kernel 4.4.71
The previous commit
f4a4f324cb76ad ("kernel: update kernel 4.4 to
4.4.71") missed the line which changes the kernel version, add it now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Jo-Philipp Wich [Wed, 7 Jun 2017 16:15:24 +0000 (18:15 +0200)]
kernel: update kernel 4.4 to 4.4.71
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Daniel Golle [Wed, 7 Jun 2017 17:39:33 +0000 (19:39 +0200)]
automake: import upstream fix for perl 5.26
Build broke as distributions now include Perl 5.26 and automake
triggered an "Unescaped left brace in regex" error.
Import upstream commit
13f00eb449 to fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Alexandru Ardelean [Fri, 12 May 2017 08:50:55 +0000 (11:50 +0300)]
gdb: disable simulator ; it's broken on ppc
Error is:
```
ompile-loc2c.o compile-c-support.o inflow.o init.o \
../sim/ppc/libsim.a -lreadline ../opcodes/libopcodes.a ../bfd/libbfd.a -L./../zlib -lz ../libiberty/libiberty.a ../libdecnumber/libdecnumber.a -lncurses -lm ../libiberty/libiberty.a build-gnulib/import/libgnu.a -ldl -Wl,--dynamic-list=./proc-service.list
../sim/ppc/libsim.a(idecode.o): In function `update_time_from_event':
idecode.c:(.text+0x170): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o): In function `event_queue_tick':
idecode.c:(.text+0x1cc): undefined reference to `error'
idecode.c:(.text+0x28c): undefined reference to `error'
idecode.c:(.text+0x318): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o): In function `cpu_halt.constprop.6':
idecode.c:(.text+0x398): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o):idecode.c:(.text+0x4e4): more undefined references to `error' follow
collect2: error: ld returned 1 exit status
Makefile:1420: recipe for target 'gdb' failed
make[5]: *** [gdb] Error 1
```
Seems others are running into this as well.
The problem seems to be that some code may be built
as C++ and not C, which may explain the linker error.
On this thread reply:
https://sourceware.org/ml/gdb/2016-11/msg00045.html
it mentions that the simulator should not call GDB's
"error" function directly, but rather use the "host_callback"
struct.
I have no idea about the use of the GDB simulator within
the OpenWrt/LEDE community.
So, I took the easier route, which is to disable the simulator.
(Also suggested here: https://sourceware.org/ml/gdb/2016-11/msg00047.html )
If needed, I can make an effort to fix the simulator for PPC.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Fri, 12 May 2017 08:50:05 +0000 (11:50 +0300)]
gdb: remove Build/Compile rule ; default one works
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Sergey Ryazanov [Tue, 30 May 2017 21:46:41 +0000 (00:46 +0300)]
kernel: remove CONFIG_ZONE_DMA_FLAG from 4.9
There are no CONFIG_ZONE_DMA_FLAG config symbol since 4.7.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Sergey Ryazanov [Tue, 30 May 2017 21:46:40 +0000 (00:46 +0300)]
kernel: disable CONFIG_SG_POOL by default
CONFIG_SG_POOL symbol is selected only by CONFIG_SCSI, since the last
one is disabled by default then disable CONFIG_SG_POOL by default too.
And explicitly enable it only for platforms that use CONFIG_SCSI.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Sergey Ryazanov [Tue, 30 May 2017 21:46:39 +0000 (00:46 +0300)]
ath25: add missed HAVE_IRQ_EXIT_ON_IRQ_STACK
Add HAVE_IRQ_EXIT_ON_IRQ_STACK kernel configuration symbol that was
missed during backporting separate IRQ stack for MIPS from upstream.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Felix Fietkau [Thu, 1 Jun 2017 09:17:13 +0000 (11:17 +0200)]
rb532: enable high-res timers, refresh kernel config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 1 Jun 2017 09:15:39 +0000 (11:15 +0200)]
xburst: enable high-res timers, refresh kernel config
Helps with system performance
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 1 Jun 2017 09:11:11 +0000 (11:11 +0200)]
octeon: enable high-res timers
Helps with network stack performance
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 1 Jun 2017 09:10:21 +0000 (11:10 +0200)]
kernel: add CONFIG_SCHED_HRTICK=y to the generic config
It is used by pretty much every target
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Alif M. Ahmad [Sat, 20 May 2017 07:11:16 +0000 (14:11 +0700)]
package/grub2: update to 2.02
Update to version 2.02
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
Lucian Cristian [Thu, 25 May 2017 16:15:44 +0000 (19:15 +0300)]
x86: include USB HID by default
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Felix Fietkau [Wed, 7 Jun 2017 16:14:27 +0000 (18:14 +0200)]
kernel: fix segmentation fault in mconf on linux
Commit
86c966a8ae9c4e74b912a16a760aaed17c68eb32 caused HOST_LOADLIBES to
include -lncurses. This was added for fixing build issues on macOS.
This introduces issues on Linux when wide-character ncurses is being
used for compiling, but the non-wide-character version is linked in.
Fix this by adding the extra override for HOST_LOADLIBES only on macOS.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 16 Mar 2017 09:13:14 +0000 (10:13 +0100)]
mac80211: use KERNEL_MAKEOPTS
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 16 Mar 2017 08:53:30 +0000 (09:53 +0100)]
build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mk
This allows packages to use kernel make options without the forced
-C $(LINUX_DIR). It also makes it more clear that it to be called from
kernel module packages directly.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Sergey Ryazanov [Tue, 30 May 2017 21:46:42 +0000 (00:46 +0300)]
kernel: update myloader for linux 4.9
add backport patches for older kernels.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Sergey Ryazanov [Tue, 6 Jun 2017 22:25:32 +0000 (01:25 +0300)]
ip17xx: correct aneg_done return value
PHY core treats any positive return value as the auto-negotiation done
indication. Since we do not actually check any device register in this
callback then update it to return positive value with a neutral meaning
instead of the register flag to avoid confusing for future readers.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Sergey Ryazanov [Tue, 6 Jun 2017 22:25:31 +0000 (01:25 +0300)]
mvswitch: fix autonegotiation issue
The Marvel
88E6060 switch has an MDIO interface, but does not emulate
regular PHY behavior for the host. The network core can not detect using
the generic code, whether the connection via the attached PHY can be
used or not. The PHY's state machine is stuck in a state of
auto-negotiation and does not go any further so the Ethernet interface
of the router stay forever in the not-runing state.
Fix this issue by implementing the aneg_done callback to be able to
inform the network core that the Ethernet interface link to which the
switch is connected can be marked as RUNNING.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Sven Roederer [Tue, 6 Jun 2017 13:52:06 +0000 (15:52 +0200)]
linux/ath25: fixing some tabs and whitespace
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Sergey Ryazanov [Wed, 7 Jun 2017 04:49:46 +0000 (06:49 +0200)]
ath25: drop 4.4 kernel support
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Sergey Ryazanov [Tue, 6 Jun 2017 22:49:39 +0000 (01:49 +0300)]
ath25: switch to 4.9 kernel
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Sergey Ryazanov [Tue, 6 Jun 2017 22:49:38 +0000 (01:49 +0300)]
ath25: 4.9: fix Ethernet link autonegotiation
Drop the own PHY polling function and switch to using the kernel PHY
state machine. This change allows driver to work correctly with devices
that do not support PHY behaviour but whose driver could emulate
autonegotiation completion (e.g. MV88E6060 and IP17xx switches).
NB: earlier this driver rely on flaws in PHY core code and could use PHY
device without really starting it. But now (at least in kernel 4.9)
this trick no more work and network interface could stuck in not-running
state.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Sergey Ryazanov [Tue, 6 Jun 2017 22:49:37 +0000 (01:49 +0300)]
ath25: 4.9: fix Ethernet tiny issues
Few tiny fixes for issues caused by changes in the upstream:
- do not touch PHY IRQ array (core code initializes it itself now)
- add missed SET_NETDEV_DEV() invocation (causes segfault during phy
connection)
- use phy API inside the MDIO probe function instead of direct field
access (consider phy structure changes in upstream and prevent
similar issues in the future)
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Sergey Ryazanov [Tue, 6 Jun 2017 22:49:36 +0000 (01:49 +0300)]
ath25: 4.9: fix GPIO compile issues
Consider renaming the dev field to parent in the upstream.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Sergey Ryazanov [Tue, 6 Jun 2017 22:49:35 +0000 (01:49 +0300)]
ath25: add preliminary kernel 4.9 support
Copy and refresh patches and config from 4.4
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Sven Roederer [Mon, 29 May 2017 09:24:49 +0000 (11:24 +0200)]
ramips: add support for Ubiquiti EdgeRouter X-SFP
This patch adds support for the Ubiquiti EdgeRouter X-SFP and
improves support for the EdgeRouter X (PoE-passthrough).
Specification:
- SoC: MediaTek MT7621AT
- Flash: 256 MiB
- RAM: 265 MiB
- Ethernet: 5 x LAN (1000 Mbps)
- UART: 1 x UART on PCB (3.3V, RX, TX, GND) - 57600 8N1
- EdgeRouter X:
- 1 x PoE-Passtrough (Eth4)
- powered by Wallwart or passive PoE
- EdgeRouter X-SFP:
- 5 x PoE-Out (24V, passive)
- 1 x SFP (unknown status)
- powered by Wallwart (24V)
Doesn't work:
* SoC has crypto engine but no open driver.
* SoC has nat acceleration, but no open driver.
* This router has 2MB spi flash soldered in but MT
nand/spi drivers do not support pin sharing,
so it is not accessable and disabled. Stock
firmware could read it and it was empty.
Installation
via vendor firmware:
- build an Initrd-image (> 3MiB) and upload the factory-image
- initrd can have luci-mod-failsafe
- flash final firmware via LuCI / sysupgrade on rebooted system
via TFTP:
- stop uboot into tftp-load into option "1"
- upload factory.bin image
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Ram Chandra Jangir [Wed, 31 May 2017 15:20:29 +0000 (20:50 +0530)]
ipq806x: Enable ubi image for ipq40xx AP-DK04.1-C1 board
This change add IPQ40xx AP-DK04.1-C1 board image support,
enables ubi image for IPQ40xx AP-DK04.1-C1 board and also
add sysupgrage support for AP-DK04.1-C1 and generates a
sysupgrade.tar image.
Testing:
*Tested on IPQ40xx AP-DK04.1-C1:
a. NAND boot
b. ubi sysupgrade
Signed-off-by: Ram Chandra Jangir <rjangir@codeaurora.org>
Ram Chandra Jangir [Wed, 31 May 2017 15:20:28 +0000 (20:50 +0530)]
ipq806x: Updated various ipq40xx pin definitions
This change populates default values for various GPIO functions
in ipq40xx pinctrl driver.
Signed-off-by: Ram Chandra Jangir <rjangir@codeaurora.org>
Kristian Evensen [Mon, 5 Jun 2017 08:24:02 +0000 (10:24 +0200)]
Add missing APU1 reference to x86 board.d
x86 board.d only contains a case for the APU2, not the APU1. This
causes, for example, network configuration not to be created correctly.
Even though the APU1 seems to reaching EOL, there a still a lot of them
out there.
The APU1 and APU2 is configured in the same way and this patch should
also be considered for stable, as the error also exists there.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Florian Fainelli [Mon, 22 May 2017 23:50:47 +0000 (16:50 -0700)]
perf: Depend on KERNEL_PERF_EVENTS
The kernel needs to have PERF_EVENTS built otherwise we will run into
the following:
root@(none):/# perf top
perf_event_open(..., PERF_FLAG_FD_CLOEXEC) failed with unexpected error
89 (Function not implemented)
perf_event_open(..., 0) failed unexpectedly with error 89 (Function not
implemented)
Error:
The sys_perf_event_open() syscall returned with 89 (Function not
implemented) for event (cycles).
/bin/dmesg may provide additional information.
No CONFIG_PERF_EVENTS=y kernel support configured?
Make sure this functional dependency is captured.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Wed, 31 May 2017 21:39:12 +0000 (14:39 -0700)]
mdadm: Do not check RUN_DIR
Fixes build failure on hosts that do not have mdadm
installed/configured:
make[3]: Entering directory
`/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0'
***** Parent of /run/mdadm does not exist. Maybe set different RUN_DIR=
***** e.g. make RUN_DIR=/dev/.mdadm
***** or set CHECK_RUN_DIR=0
make[3]: *** [check_rundir] Error 1
make[3]: Leaving directory
`/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0'
make[2]: ***
[/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0/.built]
Error 2
make[2]: Leaving directory
`/local/users/fainelli/openwrt/trunk/package/utils/mdadm'
make[1]: *** [package/utils/mdadm/compile] Error 2
make[1]: Leaving directory `/local/users/fainelli/openwrt/trunk'
make: *** [package/mdadm/compile] Error 2
Fixes: 980c41f8e04f ("utils/mdadm: Update to 4.0")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Jonas Gorski [Tue, 7 Feb 2017 13:28:07 +0000 (14:28 +0100)]
brcm63xx: drop support for specifying SPI flash part parsers
No need to keep this since we set them from device-tree.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Tue, 7 Feb 2017 13:26:15 +0000 (14:26 +0100)]
brcm63xx: drop support for caldata in brcm63xxpart
Now that we always provide these partitions through DT, we don't need to
pass their data through parser data from board files anymore.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Tue, 7 Feb 2017 13:24:31 +0000 (14:24 +0100)]
brcm63xx: probe SPI flash through DT
Now that we support problem the SPI controllers through DT, we can also
probe flash through DT.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Tue, 7 Feb 2017 13:24:02 +0000 (14:24 +0100)]
brcm63xx: add pflash for remaining pflash equipped boards
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Tue, 7 Feb 2017 13:20:25 +0000 (14:20 +0100)]
brcm63xx: do not require fixed partitions when probing from DT
Allow the parser to be invoked from DT without fixed cfe/linux/nvram
partitions. This allows flash to be probed from DT also for multi
flash-size images.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Tue, 7 Feb 2017 11:31:02 +0000 (12:31 +0100)]
brcm63xx: register SPI controllers through DT
Register SPI controllers through device tree. We will wire up the clocks
at a later stage.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Tue, 7 Feb 2017 11:01:46 +0000 (12:01 +0100)]
brcm63xx: backport upstream solution for SPI message size limits
Backport upstream solution for working around SPI controller maximum
message sizes.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Tue, 7 Feb 2017 10:59:07 +0000 (11:59 +0100)]
brcm63xx: update flash of_node patches to full patch set
Fixes missing of_node for SPI flash probed through devicetree.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Thu, 11 May 2017 11:58:13 +0000 (13:58 +0200)]
brcm63xx: refresh kernel config
Ensure the config is ordered and has all recent symbols.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>