Chris Blake [Fri, 20 Oct 2017 15:32:37 +0000 (10:32 -0500)]
mpc85xx: update HiveAP-330 dts
initramfs is not the proper name for this, as it stores a boot ramdisk
and not a filesystem. Update the name to reflect it's usage correctly.
If CMDLINE_OVERRIDE is enabled, the chosen bootargs aren't used at all.
Drop them from the device tree source file to not cause confusion.
Remove the noinitrd bootarg. Due to the empty ramdisk this parameter
isn't required any longer:
[ 0.000000] Initrd not found or empty - disabling initrd
Use the LEDE mtd-mac-address* device tree properties to set the interfaces
MAC-Addresses.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Sat, 21 Oct 2017 13:44:30 +0000 (15:44 +0200)]
mpc85xx: cleanup kernel config
Move the kernel config changes added with the HiveAP 330 to the
subtarget the board belongs to instead of changing the target kernel
config.
While at it, move the TL_WDR4900_V1 config symbol to the containing
subtarget and disable boards we don't support.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Chris Blake [Fri, 20 Oct 2017 17:36:25 +0000 (12:36 -0500)]
mpc85xx: use new build code style
The following moves the mpc85xx target (generic & P1020) to the new
build code style.
Compile & Flash tested on an Aerohive HiveAP-330.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Mon, 23 Oct 2017 06:17:44 +0000 (08:17 +0200)]
ramips: don't enable usb for the WT3020-4M
That device does not have a USB port. It as the same board as the
WT3020-8M, but without soldered USB port port. Also the case lacks the
opening for the port.
Reported-by: Alberto Bursi <alberto.bursi@outlook.it>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Alberto Bursi [Sat, 21 Oct 2017 21:53:49 +0000 (23:53 +0200)]
ramips: fix default usb support for nexx wt3020-8M
the nexx wt3020-8M has a usb 2.0 port,
add usb 2.0 support packages to its default package list.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Mathias Kresin [Mon, 16 Oct 2017 19:08:26 +0000 (21:08 +0200)]
ltq-adsl-app: add more script notifications
Backport HANDSHAKE and TRAINING notification from ltq-vdsl-app. It
unifies the dsl led blinking pattern accross all subtargets and allows
to get the current line status from the dsl led.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Sun, 15 Oct 2017 10:34:33 +0000 (12:34 +0200)]
ltq-atm: remove xrx200 special handling
The lantiq ATM driver is load for all subtargets on demand now. There
is not need to handle the xrx200 ATM driver in a special way any
longer.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Sat, 14 Oct 2017 18:52:22 +0000 (20:52 +0200)]
lantiq: xway: rename nas0/ptm0 to dsl0
This change makes it possible to configure the wan/dsl ppp interface
settings independantly from the used TC-Layer (ATM/PTM).
By using dsl0 as interface name as for the xrx200 we can get rid of a
few conditionals which were introduced because of the different default
TC-Layer in xway and xrx200.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Sun, 15 Oct 2017 10:29:22 +0000 (12:29 +0200)]
ltq-adsl-app: use notification based ATM/PTM driver load
This patch removes the fixed atm/ptm driver loading and
switches to notification based driver loading.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Sun, 15 Oct 2017 08:33:29 +0000 (10:33 +0200)]
ltq-adsl-app: convert init script to procd
Use the procd features for the init script.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Mon, 16 Oct 2017 21:25:04 +0000 (23:25 +0200)]
lantiq: match default adsl annex and firmware
Set a default Annex matching the the annex of the selected adsl
firmware.
Set Annex B for xrx200 board which are known to have an ADSL hybrid for
Annex B.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Wed, 25 Oct 2017 06:32:00 +0000 (08:32 +0200)]
lantiq: add missing default lan interface
With removing the boards from the the default case to fix the xDSL WAN
MAC-Address, the setting for the default LAN interface wasn't added.
Fixes: 92a12c434ca3 ("lantiq: fix avm fritz box mac addresses")
Signed-off-by: Mathias Kresin <dev@kresin.me>
Florian Fainelli [Wed, 25 Oct 2017 01:08:25 +0000 (18:08 -0700)]
bcm53xx: Fix Generic profile description
Fix the sentence describing the bcm53xx generic profile.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Wed, 25 Oct 2017 00:46:15 +0000 (17:46 -0700)]
orion: Switch to 4.9 kernel
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Wed, 25 Oct 2017 00:46:02 +0000 (17:46 -0700)]
orion: Add support for 4.9 kernel
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Tue, 24 Oct 2017 23:59:15 +0000 (16:59 -0700)]
include: Silence external kernel version checks
During the initial configuration phases, we have not set-up the kernel
source directory, which would lead to such messages:
cat:
/local/users/fainelli/openwrt/trunk/build_dir/target-x86_64_musl/linux-uml/linux-4.9.58/include/config/kernel.release:
No such file or directory
Just silence it, since it does not create a functional problem.
Fixes: 8e0e0e7d8bfb ("include: Determine MODULES_DIR correctly for external/git kernels")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Tue, 24 Oct 2017 22:10:05 +0000 (15:10 -0700)]
uml: Switch to 4.9 kernel
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Sun, 22 Oct 2017 21:56:12 +0000 (14:56 -0700)]
uml: Add 4.9 kernel patches
102-pseudo-random-mac.patch required an update to the new style asynchronous
crypto
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Hans Dedecker [Tue, 24 Oct 2017 20:08:54 +0000 (22:08 +0200)]
pending-4.9: 610-netfilter_match_bypass_default_check: fix 32bit compat layer
Patch 610-netfilter_match_bypass_default_check added an extra flag IPT_F_NO_DEF_MATCH
which is copied to user space in function copy_entries_to_user. The 32bit compat
layer function was missing the same logic to copy the flag IPT_F_NO_DEF_MATCH to
user space for a 64bit kernel and 32 bit user space.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Thierry Dutre <thierry.dutre@dtsystems.be>
Hans Dedecker [Mon, 16 Oct 2017 09:29:55 +0000 (11:29 +0200)]
pending-4.4: 610-netfilter_match_bypass_default_check: fix 32bit compat layer
Patch 610-netfilter_match_bypass_default_check added an extra flag IPT_F_NO_DEF_MATCH
which is copied to user space in function copy_entries_to_user. The 32bit compat
layer function was missing the same logic to copy the flag IPT_F_NO_DEF_MATCH to
user space for a 64bit kernel and 32 bit user space.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Thierry Dutre <thierry.dutre@dtsystems.be>
Hans Dedecker [Tue, 24 Oct 2017 14:46:53 +0000 (16:46 +0200)]
pending-3.18: 610-netfilter_match_bypass_default_check: fix 32bit compat layer
Patch 610-netfilter_match_bypass_default_check added an extra flag IPT_F_NO_DEF_MATCH
which is copied to user space in function copy_entries_to_user. The 32bit compat
layer function was missing the same logic to copy the flag IPT_F_NO_DEF_MATCH to
user space for a 64bit kernel and 32 bit user space.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Thierry Dutre <thierry.dutre@dtsystems.be>
Felix Fietkau [Tue, 24 Oct 2017 11:22:09 +0000 (13:22 +0200)]
tools/squashfs: use host cflags
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 24 Oct 2017 10:33:46 +0000 (12:33 +0200)]
ar71xx: re-enable 4k sectors for the mikrotik subtargets
On RB91x (and possibly others), there is a small SPI flash to store boot
loader and configuration. It needs 4K sectors to be able to write the
configuration using rbcfg
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 24 Oct 2017 10:30:48 +0000 (12:30 +0200)]
ar71xx: fix mikrotik routerboard nand driver issues with linux 4.9
The mtd device is now embedded inside the nand chip data structure
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 24 Oct 2017 08:32:21 +0000 (10:32 +0200)]
ar71xx: fix secondary gpio controller base values
In 4.9, gpio count is rounded up to 32 due to the use of bgpio in the
ath79 gpio controller driver.
Fix base values in mach files to account for that
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Julien Dusser [Wed, 19 Jul 2017 13:45:08 +0000 (15:45 +0200)]
ar71xx: lzma loader use LTO
Change the Makefile to use LTO for better code optimisations. Gains are
very low, only 270 bytes saved, but it's only Makefile changes.
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Julien Dusser [Wed, 19 Jul 2017 12:52:35 +0000 (14:52 +0200)]
ar71xx: fix lzma loader performance issues
Some bootloaders set a cache cohenrency to a very slow mode. Use code from
Linux kernel to set it to "Cacheable, noncoherent, write-back, write
allocate".
Perfomance impact is significant on TP-Link EAP245 board, kernel
decompression time fall from 33 seconds to less than 1.
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Stefan Oberhumer [Wed, 31 May 2017 05:37:03 +0000 (07:37 +0200)]
libs/lzo: Reenable unaligned access on ARM, PPC, ...
Due a compiler bug on ARM targets
( https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64516 )
unaligned access was disabled on all targets other than i386 and
x86_64 with commit
061319ec3dfe9b6d14af1286a1d9979db56048d7 .
A fix has been added to lzo-2.09 so it is not necessary to disable
unaligned access within the Makefile anymore.
Signed-off-by: Stefan Oberhumer <stefan@obssys.com>
Florian Larysch [Thu, 3 Nov 2016 12:58:24 +0000 (13:58 +0100)]
kernel: fixup KARCH for powerpc64 builds
The kernel calls both ppc64 and ppc32 "powerpc", so we need to fixup
LINUX_KARCH when building with ARCH=powerpc64.
Signed-off-by: Florian Larysch <fl@n621.de>
Florian Larysch [Thu, 3 Nov 2016 12:46:23 +0000 (13:46 +0100)]
config: set ARCH if powerpc64 is selected in the configuration
Signed-off-by: Florian Larysch <fl@n621.de>
Florian Larysch [Thu, 3 Nov 2016 14:54:19 +0000 (15:54 +0100)]
target: add cpu flags for powerpc64
Signed-off-by: Florian Larysch <fl@n621.de>
Florian Larysch [Thu, 3 Nov 2016 13:30:40 +0000 (14:30 +0100)]
toolchain: use glibc for powerpc64 builds
Neither uClibc nor musl currently have working support for powerpc64 in
big endian mode. Thus, default to using glibc for this architecture.
Signed-off-by: Florian Larysch <fl@n621.de>
Florian Larysch [Thu, 3 Nov 2016 13:30:53 +0000 (14:30 +0100)]
toolchain: remove powerpc64 feature
The powerpc64 feature flag was introduced with the PS3 support, which
has been removed for quite a while and is now unused. Remove it and the
special biarch handling it triggered during the toolchain build.
Signed-off-by: Florian Larysch <fl@n621.de>
Florian Larysch [Thu, 3 Nov 2016 12:45:58 +0000 (13:45 +0100)]
include/site: add powerpc64 config
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Florian Fainelli [Sat, 14 Oct 2017 20:24:07 +0000 (13:24 -0700)]
uboot-sunxi: Backport fix for stale CONFIG_SUNXIG_GMAC references
This backports the upstream commit fixing stale references to
CONFIG_SUNXI_GMAC which have been later replaced by CONFIG_SUN7I_GMAC.
This fixes the designware MAC pinmuxing on e.g: Lamobo R1.
Refresh patches while we are at it.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Tue, 10 Oct 2017 03:50:27 +0000 (20:50 -0700)]
bcm53xx: Fix SmartRG SR400AC initramfs image
The SmartRG SR400AC CFE does not accept a TRX image, just a normal
binary image.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Tue, 10 Oct 2017 03:33:34 +0000 (20:33 -0700)]
include: Include new location for DT bindings
Starting with commit
d5d332d3f7e8 ("devicetree: Move include prefixes
from arch to separate directory") included in 4.12 and newer relocated
the dt-bindings directory, so account for that while passing CPPFLAGS
before DTC runs.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Stijn Tintel [Sun, 22 Oct 2017 11:00:42 +0000 (14:00 +0300)]
kernel: bump 4.9 to 4.9.58
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: octeon, x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Wed, 18 Oct 2017 17:17:56 +0000 (20:17 +0300)]
kernel: add kmod-iio-bmp280
This driver supports the Bosch Sensortec BMP180/BMP280 pressure and
temperature sensors. It also supports the BME280 sensors with an
additional humidity channel.
Tested I2C and SPI modes with a BME280 sensor on a Raspberry Pi Zero W.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Wed, 18 Oct 2017 17:13:27 +0000 (20:13 +0300)]
kernel: move IIO modules to iio.mk
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Sat, 21 Oct 2017 11:51:14 +0000 (14:51 +0300)]
brcm2708: restore /boot/config.txt before reboot
The Raspberry Pi bootloader reads configuration values from config.txt
in the boot partition. This file allows to specify the amount of memory
to assign to the GPU, the license keys for hardware MPEG-2 and VC-1
decoding, Device Tree parameters and overlays, and lots of other things.
Since sysupgrade only restores the configuration after booting the newly
flashed image, these values will not be active, even if sysupgrade would
save /boot/config.txt. To solve this, add the file to the files to be
backed up, and restore it in platform_copy_config, before reboot.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Hauke Mehrtens [Sun, 22 Oct 2017 21:10:08 +0000 (23:10 +0200)]
ar71xx: deactivate some boards with too small kernel partitions
This affects the following boards:
* dr344
* archer-c58-v1
* archer-c60-v1
* tl-wr902ac-v1
* tl-wr942n-v1
* ubnt-uap-pro
* ubnt-unifi-outdoor-plus
The build fails for any of these boards because the resulting kernel
image will not fit into the kernel partition.
When CONFIG_KERNEL_KALLSYMS is not set it could be that the kernel will
fit onto the board again, this is the case for release images.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 22 Oct 2017 13:20:39 +0000 (15:20 +0200)]
ar71xx: use kernel 4.9 by default
Kernel 4.9 support was added about 2 weeks ago and we haven't seen any
major regression so far. This patch was not ported to kernel 4.9, this
needs some additional work:
821-serial-core-add-support-for-boot-console-with-arbitr.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 15 Oct 2017 17:06:31 +0000 (19:06 +0200)]
at91: remove unused at91part driver
There is no patch in the kernel 4.4 and 4.9 patches which adds this
driver to the build system.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 15 Oct 2017 17:06:08 +0000 (19:06 +0200)]
at91: update to kernel 4.9
This brings the at91 target to kernel 4.9.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Ben Whitten <ben.whitten@gmail.com>
Hauke Mehrtens [Sun, 15 Oct 2017 17:21:38 +0000 (19:21 +0200)]
kernel: add config option
When the kmod-at91-adc package is activated for the at91 target the new
option CONFIG_AT91_SAMA5D2_ADC is selectable and not handled. Add this
option to the kernel 4.9 configuration.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hans Dedecker [Thu, 19 Oct 2017 19:36:25 +0000 (21:36 +0200)]
netifd: bump to git HEAD version (FS#1037)
0f96606 proto: add point-to-point IPv4 address config support (FS#1037)
1ee788d ubus: display the point-to-point IPv4 address
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Felix Fietkau [Tue, 25 Jul 2017 11:32:47 +0000 (13:32 +0200)]
ar71xx: add support for TP-LINK Archer C7 v4
TP-Link Archer C7 v4 is a dual-band AC1750 router, based on Qualcomm/Atheros
QCA9561+QCA9888.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 3T3R 5 GHz
- 5x 10/100/1000 Mbps Ethernet
- 7x LED, 2x button
- UART header on PCB
Flash instruction:
1. Upload lede-ar71xx-generic-archer-c7-v4-squashfs-factory.bin via Web interface
Flash instruction using TFTP recovery:
1. Set PC to fixed ip address 192.168.0.66
2. Download lede-ar71xx-generic-archer-c7-v4-squashfs-factory.bin
and rename it to ArcherC7v4_tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
Flash instruction under U-Boot, using UART:
1. tftp 0x81000000 lede-ar71xx-...-sysupgrade.bin
2. erase 0x9f040000 +$filesize
3. cp.b $fileaddr 0x9f040000 $filesize
4. reset
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 27 Jun 2017 21:56:15 +0000 (23:56 +0200)]
uboot-envtools: add support for Nokia WI2A-AC200i
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 27 Jun 2017 21:26:03 +0000 (23:26 +0200)]
ar71xx: add support for Nokia WI2A-AC200i
Specifications:
- SoC: Qualcomm QCA9558 (720 MHz)
- RAM: 256MB
- Storage: 1MB NOR, 128 MB NAND flash
- Ethernet: 1x1000M
Installation:
1. Connect to serial console on the board
2. Boot initramfs image over u-boot
3. Copy image to the device and run sysupgrade
Installation without serial console is not supported at this time
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Hauke Mehrtens [Wed, 18 Oct 2017 19:53:31 +0000 (21:53 +0200)]
brcm47xx: use kernel 4.9 by default
Kernel 4.9 is now working on the brcm47xx boards, we just recently fixed
the problem that some boards did not boot at all, by changing the memory
regions used to relocate the kernel to in the loader.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Wed, 18 Oct 2017 20:55:59 +0000 (22:55 +0200)]
broadcom-wl: fix compile with kernel 4.9
ENOENT could not be found by the compiler when compiling again kernel
4.9.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Felix Fietkau [Wed, 18 Oct 2017 20:46:29 +0000 (22:46 +0200)]
kernel: fix ftrace support on 4.9
When porting the kernel patches from 4.4 to 4.9, they were missing a
small chunk that ensures that ftrace sections are kept in the vmlinux
image, even when linked with --gc-sections
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Mathias Kresin [Wed, 18 Oct 2017 04:59:38 +0000 (06:59 +0200)]
lantiq: ARV752DPW22: fix wireless mac address
The ARV752DPW22 has the same generic mac address in the EEPROM as it
was already noticed for other lantiq boards using a ralink wireless.
Use the base mac address from the boardconfig partition as it is done
by the stock firmware.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Mon, 16 Oct 2017 20:36:35 +0000 (22:36 +0200)]
lantiq: ARV752DPW22: set correct wireless led trigger
The ARV752DPW22 has a ralink based wireless and can not use the ath9k
only phy0tpt trigger.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Hauke Mehrtens [Sun, 15 Oct 2017 19:58:22 +0000 (21:58 +0200)]
omap: clean up configuration
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Alexander Couzens <lynxis@fe80.eu>
Hauke Mehrtens [Sun, 15 Oct 2017 19:43:59 +0000 (21:43 +0200)]
omap: Add support for kernel 4.9
This adds support for kernel 4.9 and replaces the kernel 4.4 support.
These are lynxis test results:
panda-board a3 - works, but no network, but master/4.4 doesn't have network either.
panda-board-a4 - u-boot SPL refuse to boot.
beaglebone-black - works
beagle-board - usb attached network doesn't come up and I doesn't have a serial around.
beagle-board-xm - ToDo: image code is missing.
Kernel 4.4 does not look better, so we merge this anyway.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Alexander Couzens <lynxis@fe80.eu>
Kevin Darbyshire-Bryant [Wed, 18 Oct 2017 12:27:48 +0000 (13:27 +0100)]
kernel: bump 4.4 to 4.4.93
No patch refresh required.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on ar71xx - Archer C7 v2
Fixes the following CVEs:
- CVE-2017-15265
- CVE-2017-0786
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Wed, 18 Oct 2017 12:19:10 +0000 (13:19 +0100)]
kernel: bump 4.9 to 4.9.57
Refresh patches.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on ar71xx - Archer C7 v2
Fixes the following CVEs:
- CVE-2017-7518
- CVE-2017-0786
- CVE-2017-
1000255
- CVE-2017-12188
- CVE-2017-15265
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Stijn Tintel [Wed, 18 Oct 2017 10:01:23 +0000 (13:01 +0300)]
hostapd: bump PKG_RELEASE
The previous commit did not adjust PKG_RELEASE, therefore the
hostapd/wpad/wpa_supplicant packages containing the AP-side workaround
for KRACK do not appear as opkg update.
Bump the PKG_RELEASE to signify upgrades to downstream users.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Jason A. Donenfeld [Tue, 17 Oct 2017 17:34:20 +0000 (19:34 +0200)]
wireguard: version bump to 0.0.
20171017
This is a simple version bump. Changes:
* noise: handshake constants can be read-only after init
* noise: no need to take the RCU lock if we're not dereferencing
* send: improve dead packet control flow
* receive: improve control flow
* socket: eliminate dead code
* device: our use of queues means this check is worthless
* device: no need to take lock for integer comparison
* blake2s: modernize API and have faster _final
* compat: support READ_ONCE
* compat: just make ro_after_init read_mostly
Assorted cleanups to the module, including nice things like marking our
precomputations as const.
* Makefile: even prettier output
* Makefile: do not clean before cloc
* selftest: better test index for rate limiter
* netns: disable accept_dad for all interfaces
Fixes in our testing and build infrastructure. Now works on the 4.14 rc
series.
* qemu: add build-only target
* qemu: work on ubuntu toolchain
* qemu: add more debugging options to main makefile
* qemu: simplify shutdown
* qemu: open /dev/console if we're started early
* qemu: phase out bitbanging
* qemu: always create directory before untarring
* qemu: newer packages
* qemu: put hvc directive into configuration
This is the beginning of working out a cross building test suite, so we do
several tricks to be less platform independent.
* tools: encoding: be more paranoid
* tools: retry resolution except when fatal
* tools: don't insist on having a private key
* tools: add pass example to wg-quick man page
* tools: style
* tools: newline after warning
* tools: account for padding being in zero attribute
Several important tools fixes, one of which suppresses a needless warning.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Stijn Tintel [Tue, 17 Oct 2017 13:35:03 +0000 (16:35 +0300)]
hostapd: add wpa_disable_eapol_key_retries option
Commit
2127425434046ae2b9f02fdbbdd37cac447af19c introduced an AP-side
workaround for key reinstallation attacks. This option can be used to
mitigate KRACK on the station side, in case those stations cannot be
updated. Since many devices are out there will not receive an update
anytime soon (if at all), it makes sense to include this workaround.
Unfortunately this can cause interoperability issues and reduced
robustness of key negotiation, so disable the workaround by default, and
add an option to allow the user to enable it if he deems necessary.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Tue, 17 Oct 2017 13:24:14 +0000 (16:24 +0300)]
hostapd: backport extra changes related to KRACK
While these changes are not included in the advisory, upstream
encourages users to merge them.
See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Felix Fietkau [Tue, 17 Oct 2017 13:52:08 +0000 (15:52 +0200)]
Revert "ar71xx: Add GRO support to ag71xx"
This reverts commit
13e5e473699b92f171205e0f5c57c9ebe7922492.
This commit causes a severe regression in LAN->WAN routing performance
for several devices. This appears to be caused by the extra requirement
to validate the SKB checksum early in the rx path, which the ethernet
hardware does not do
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Stijn Tintel [Mon, 16 Oct 2017 23:13:34 +0000 (02:13 +0300)]
hostapd: bump PKG_RELEASE
The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the
fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update.
Bump the PKG_RELEASE to signify upgrades to downstream users.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Mon, 16 Oct 2017 22:49:58 +0000 (01:49 +0300)]
mac80211: backport kernel fix for CVE-2017-13080
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Hauke Mehrtens [Mon, 16 Oct 2017 19:36:17 +0000 (21:36 +0200)]
at91: fix legacy build
The build system took the DTB_SIZE definition from Default and not from
production-dtb under some conditions. Move the size definitions to
Default now as it is only used in production-dtb anyway.
Thanks Mathias Kresin for helping me with this.
Fixes: c2f052acaeb ("at91: convert boards to generic build target")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Mon, 16 Oct 2017 18:08:56 +0000 (20:08 +0200)]
ppp: make the patches apply correctly again
This fixes a compile problem recently introduced by me.
Fixes: f40fd43ab2f ("ppp: fix compile warning")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Jason A. Donenfeld [Fri, 13 Oct 2017 15:05:18 +0000 (17:05 +0200)]
wireguard: add wireguard to base packages
Move wireguard from openwrt/packages to base a package.
This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving
experimental kernel module that many find essential and useful. The
other is a VPN client. Both are inside of core. When you combine the two
characteristics, you get WireGuard. Generally speaking, because of the
extremely lightweight nature and "stateless" configuration of WireGuard,
many view it as a core and essential utility, initiated at boot time
and immediately configured by netifd, much like the use of things like
GRE tunnels.
WireGuard has a backwards and forwards compatible Netlink API, which
means the userspace tools should work with both newer and older kernels
as things change. There should be no versioning requirements, therefore,
between kernel bumps and userspace package bumps.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 16 Oct 2017 10:15:08 +0000 (12:15 +0200)]
ramips: fix typo in MT7621 NAND driver
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 16 Oct 2017 09:39:23 +0000 (11:39 +0200)]
hostapd: merge fixes for WPA packet number reuse with replayed messages and key reinstallation
Fixes:
- CERT case ID: VU#228519
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088
For more information see:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Hauke Mehrtens [Sun, 15 Oct 2017 12:33:56 +0000 (14:33 +0200)]
malta: activate some more standard kernel features
These options where deactivated in the malta kernel, take the default
options form the generic kernel configuration now to better match the
other targets.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 15 Oct 2017 10:42:33 +0000 (12:42 +0200)]
malta: upgrade to kernel 4.9
This brings the MIPS malta target to kernel 4.9.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 15 Oct 2017 12:18:40 +0000 (14:18 +0200)]
malta: add 64 bit qemu commands to README
This shows how to boot up the 64 bit images.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 15 Oct 2017 12:19:20 +0000 (14:19 +0200)]
ppp: fix compile warning
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Martin Schiller [Mon, 9 Oct 2017 06:26:01 +0000 (08:26 +0200)]
lantiq: xrx200: rename nas0/ptm0 to dsl0
This change makes it possible to configure the wan/dsl ppp interface
settings independantly from the used TC-Layer (ATM/PTM).
Now you can move a device from an ADSL/ATM port to an VDSL/PTM port
without any configuration changes for example.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[use the dsl0 interface name for the default netdev trigger in 01_led,
add ip dependency]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Hauke Mehrtens [Sun, 15 Oct 2017 08:53:46 +0000 (10:53 +0200)]
mac80211: ath6kl: add missing usb-core dependency to kmod-ath6kl-usb
This fixes a build problem with many targets.
Fixes
618ed77a17422a ("mac80211: add ath6kl kernel modules")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 14 Oct 2017 19:28:11 +0000 (21:28 +0200)]
binutils: add version 2.29.1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Christian Lamparter [Sat, 14 Oct 2017 15:57:19 +0000 (17:57 +0200)]
kernel: kmod-macsec module for 4.9
MACsec/IEEE 802.1AE is useful to secure communication to and
from endpoints at Layer 2.
Starting with 4.6, the linux kernel provides a universal
macsec driver for authentication and encryption of traffic
in a LAN, typically with GCM-AES-128, and optional replay
protection.
http://standards.ieee.org/getieee802/download/802.1AE-2006.pdf
Note:
LEDE can utilize MACsec with a static connectivity association
key (static PSK) with the ip-full package installed.
<http://man7.org/linux/man-pages/man8/ip-macsec.8.html>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Daniel Engberg [Sat, 13 May 2017 14:38:56 +0000 (16:38 +0200)]
libs/libnl: Update to 3.3.0
Update libnl to 3.3.0
Import patches to fix compilation
Source: https://git.busybox.net/buildroot/tree/package/libnl
Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=
48d2a287
Use more automatic toolchain logic
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Florian Eckert [Thu, 6 Jul 2017 09:20:20 +0000 (11:20 +0200)]
package/kernel/leds-apu2: add apu3 board detection
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Thu, 6 Jul 2017 09:32:44 +0000 (11:32 +0200)]
package/kernel/leds-apu2: fix whitespaces
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Daniel Engberg [Sat, 12 Aug 2017 18:02:20 +0000 (20:02 +0200)]
toolchain/glibc: Update to 2.26
Update glibc to 2.26
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Ryan Mounce [Sun, 1 Oct 2017 09:44:02 +0000 (20:14 +1030)]
mvebu: clean up ClearFog Base package selection
It is unclear why so many packages are selected for ClearFog Base compared
to its big brother, and there is no reason to not append metadata for Base.
Tidy this up as the only hardware difference between Base/Pro is the
presence of a switch and a different board name / device tree.
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
Ryan Mounce [Thu, 13 Jul 2017 09:11:59 +0000 (18:41 +0930)]
mvebu: Fix ClearFog sysupgrade board definitions
Remove redundancy for platform_do_upgrade_clearfog
Fix platform_copy_config_clearfog to reflect -base/-pro split
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
Ryan Mounce [Wed, 12 Jul 2017 02:21:09 +0000 (11:51 +0930)]
mvebu: Sort 02_network alphabetically
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
Yunhui Fu [Fri, 13 Oct 2017 18:32:40 +0000 (14:32 -0400)]
wpan-tools: add the wpan-ping to test the 6LoWPAN network
This patch adds the help tool wpan-ping to test the 6LoWPAN
network to help the user debug network problem.
Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
Ryan Mounce [Thu, 12 Oct 2017 01:21:36 +0000 (11:51 +1030)]
toolchain/gcc: update 5.x to 5.5.0
This is the final bugfix release in the gcc-5 series.
Compile and run tested on macOS 10.13 (Xcode 9), mvebu/ar71xx.
Removed redundant patch for macOS (backported upstream by yours truly)
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
Ben Whitten [Wed, 28 Jun 2017 10:28:12 +0000 (11:28 +0100)]
at91: add support for the WB50N module from Laird
This module from Laird includes the following:
- CPU Atmel SoC SAMA5D31
- Wifi QCA6004
- Bluetooth CSR8811
- RAM 64MB LPDDR
- FLASH 128MB
The flash is a dual image layout, kernel a/b, rootfs a/b, and a user
partition.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Ben Whitten [Fri, 10 Jun 2016 19:07:32 +0000 (20:07 +0100)]
at91: add support for the WB45N module from Laird
This module from Laird includes the following:
- CPU Atmel SoC ARM926EJS
- Wifi AR6003
- Bluetooth CSR8510
- RAM 64MB LPDDR
- FLASH 128MB
The flash is a dual image layout, kernel a/b, rootfs a/b, and a user
partition.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Ben Whitten [Tue, 1 Dec 2015 17:42:39 +0000 (17:42 +0000)]
mac80211: add ath6kl kernel modules
Allow board to include the ath6kl kernel modules.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Ben Whitten [Sun, 19 Jun 2016 22:49:16 +0000 (23:49 +0100)]
linux-firmware: add ath6k firmware to package
Systems which include the ath6k chipset need to have the firmware included
in the image.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Ben Whitten [Thu, 1 Jun 2017 22:04:52 +0000 (23:04 +0100)]
at91: separate MKUBIFS opts to defaults in the sub target
Instead of applying global defaults based on selected board, transition
to using a per board setting for UBIFS and UBINIZE.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Ben Whitten [Mon, 18 Sep 2017 12:09:21 +0000 (13:09 +0100)]
at91: refresh kernel config, enable UBI block and DMA
The platform generates squashfs images in a UBI block but misses the
kernel module to be able to mount the block.
DMA is also enabled to allow systems which include them in the DTS to
use it.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Lucian Cristian [Sun, 1 Oct 2017 15:29:22 +0000 (18:29 +0300)]
sunxi: backport support for Allwinner Security System PRNG
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Hans Dedecker [Sat, 14 Oct 2017 18:13:29 +0000 (20:13 +0200)]
busybox: provide "ip"
Let busybox provide "ip" as it supports the ip applets link, address,
route, rule and neighbor
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Robert Marko [Thu, 5 Oct 2017 12:26:23 +0000 (14:26 +0200)]
ar71xx: add support for Mikrotik RB750P-PBr2
Specifications:
- SoC: Qualcomm QCA9531 (650MHz)
- RAM: 64MB
- Storage: 16MB NOR SPI flash
- Ethernet: 5x100M (1 PoE in, 4 PoE out)
- Outdoor use ready
This ethernet router is based on the same platform as the hEX PoE lite.
Installation
1. login to the Mikrotik WebUI to backup your licence keys
2. setup a DHCP/BOOTP Server with:
* DHCP-Option 66 (TFTP server name) pointing to a local TFTP
Server within the same subnet of the DHCP range
* DHCP-Option 67 (Bootfile-Name) matching the initramfs filename
of the to be booted image
3. connect the port labled internet to your local network
4. keep the reset button pushed down and power on the board
The board should load and start the initramfs image from the TFTP
Server. Login as root/without password to the started LEDE via ssh
listing on IPv4 address 192.168.1.1. Use sysupgrade to install LEDE.
Revert to RouterOS
Use the "rbcfg" package on in LEDE:
* rbcfg set boot_protocol bootp
* rbcfg set boot_device ethnand
* rbcfg apply
Open Netinstall and reboot routerboard. Now netinstall sees routerboard
and you can install RouterOS. If NetInstall gets stuck on Sending offer
just wait for it to timeout and then close and open Netinstall again.
Click on install again.
In order for RouterOS to function properly, you need to restore license
for the device. You can do that by including license in NetInstall
Signed-off-by: Robert Marko <robimarko@gmail.com>
Daniel Kucera [Sun, 19 Feb 2017 08:46:44 +0000 (09:46 +0100)]
ramips: add support for Kimax U25AWF-H1
Kimax U-25AWF-H1 is is a 2,5" HDD Enclosure with Wi-Fi/Eth conection
and battery, based on MediaTek MT7620A.
Patch rewritten from: https://forum.openwrt.org/viewtopic.php?pid=305643
Specification:
- MT7620A CPU
- 64 MB of RAM
- 16 MB of FLASH
- 802.11bgn WiFi
- 1x 10/100 Mbps Ethernet
- USB 2.0 Host
- UART for serial console
Flash instruction:
1. Download lede-ramips-mt7620-u25awf-h1-squashfs-sysupgrade.bin
2. Open webinterface a upgrade
3. After boot connect via ethernet to ip 192.168.1.1
Signed-off-by: Daniel Kucera <daniel.kucera@gmail.com>
[fix reset button gpio, don't add a lan/wan vlan config for single
port board, add -H1 suffix do make sure that this revision of the
board is supported/tested]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Chris Blake [Sat, 30 Sep 2017 16:14:58 +0000 (11:14 -0500)]
mpc85xx: Add Aerohive HiveAP-330 Access Point
The following adds the Aerohive HiveAP-330 Access Point to LEDE under
the mpc85xx/p1020 subtarget.
Hardware:
- SoC: Freescale P1020NSE2DFB
- NAND: Intel JS28F512M29EWH 64MB
- Memory: 2x ProMOS V59C1G01168QBJ3 128MB (Total of 256MB)
- 2.4GHz WiFi: Atheros AR9390-AL1A
- 5.0GHz WiFi: Atheros AR9390-AL1A
- Eth1: Atheros AR8035-A PoE
- Eth2: Atheros AR8035-A
- TPM: Atmel AT97SC3204
- LED Driver: TI LP5521
Flashing:
1. Hook into UART (9600 baud) and enter U-Boot. You may need to enter a
password of administrator or AhNf?d@ta06 if prompted.
2. Once in U-Boot, tftp boot the initramfs image:
dhcp;
tftpboot 0x1000000 192.168.1.101:lede-
mpc85xx-p1020-hiveap-330-initramfs.zImage;
tftpboot 0x6000000 192.168.1.101:lede-mpc85xx-p1020-hiveap-330.fdt;
bootm 0x1000000 - 0x6000000;
3. Once booted, scp over the sysupgrade file and sysupgrade the device
to flash LEDE to the NAND.
sysupgrade /tmp/lede-mpc85xx-p1020-hiveap-330-sysupgrade.img
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Chris Blake [Sat, 30 Sep 2017 16:14:20 +0000 (11:14 -0500)]
mpc85xx: Add cmdline override patch
This patch adds a new kernel option called CONFIG_CMDLINE_OVERRIDE. This
setting is for devices with locked down u-boot environments, where users
are unable to change the default bootargs. When set, the fdt driver will
propagate the cmdline for the kernel from chosen/bootargs-override
instead of chosen/bootargs as long as it exists within the DTB.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>