Hauke Mehrtens [Wed, 15 Aug 2018 20:17:11 +0000 (22:17 +0200)]
openssl: update to version 1.0.2p
This fixes the following security problems:
* CVE-2018-0732: Client DoS due to large DH parameter
* CVE-2018-0737: Cache timing vulnerability in RSA Key Generation
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Wed, 15 Aug 2018 19:50:09 +0000 (21:50 +0200)]
kernel: bump kernel 4.9 to version 4.9.120
The following patch was integrated upstream:
* target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
This fixes tries to work around the following security problems:
* CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
* CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Wed, 15 Aug 2018 17:47:56 +0000 (19:47 +0200)]
kernel: bump kernel 4.14 to version 4.14.63
The following patches were integrated upstream:
* target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
* target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch
This fixes tries to work around the following security problems:
* CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
* CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Dmitry Tunin [Tue, 14 Aug 2018 12:55:15 +0000 (15:55 +0300)]
ath79: use both WNDR3x00 power leds for boot status indication
Use the orange led by default to match the bootloader/stock firmware
behaviour. Turn on the green power led after boot to indicate a
finished boot and the orange one off.
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
[reword commit message, keep orange power led enabled during early
kernel boot]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Dmitry Tunin [Tue, 14 Aug 2018 12:52:01 +0000 (15:52 +0300)]
ath79: use both DIR-825 B1 power leds for boot status indication
Use the orange led by default to match the bootloader/stock firmware
behaviour. Turn on the blue power led after boot to indicate a finished
boot and the orange one off.
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
[reword commit message, keep orange power led enabled during early
kernel boot]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Dmitry Tunin [Tue, 14 Aug 2018 05:54:38 +0000 (08:54 +0300)]
ath79: add support for indicating the boot state using multiple leds
Use diag.sh version used for apm821xx, ipq40xx and ipq806x, which
supports different leds for the different boot states.
The existing led sequences should be the same as before.
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
[reword commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Cezary Jackiewicz [Thu, 19 Apr 2018 17:34:22 +0000 (19:34 +0200)]
ramips: add support for D-Link DWR-118-A2
The DWR-118-A2 Wireless Router is based on the MT7620A SoC.
Specification:
- MediaTek MT7620A (580 Mhz)
- 128 MB of RAM
- 16 MB of FLASH
- 1x 802.11bgn radio
- 1x 802.11ac radio (MT7612EN)
- 4x 10/100 Mbps Ethernet (1 WAN and 3 LAN)
- 1x 10/100/1000 Mbps Marvell Ethernet PHY (1 LAN)
- 2x external, non-detachable antennas
- 1x USB 2.0
- UART (J1) header on PCB (57600 8n1)
- 7x LED (5x GPIO-controlled), 2x button
- JBOOT bootloader
Known issues:
- GELAN not working
- flash is very slow
The status led has been assigned to the dwr-118-a2:green:internet led.
At the end of the boot it is switched off and is available for other
operation. Work correctly also during sysupgrade operation.
Installation:
Apply factory image via http web-gui or JBOOT recovery page
How to revert to OEM firmware:
- push the reset button and turn on the power. Wait until LED start
blinking (~10sec.)
- upload original factory image via JBOOT http (IP: 192.168.123.254)
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Pawel Dembicki [Wed, 18 Jul 2018 04:31:36 +0000 (04:31 +0000)]
ramips: mt7620: enable all ports unconditionally
This patch make all mt7620 ephy ports turned on.
It is necessary for some JBOOT devices.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Jo-Philipp Wich [Tue, 14 Aug 2018 21:54:59 +0000 (23:54 +0200)]
libubox: set RPATH for host build
This is required for programs that indirectly link libjson-c through the
libubox blobmsg_json library.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hans Dedecker [Tue, 14 Aug 2018 20:08:26 +0000 (22:08 +0200)]
netifd: update to latest git HEAD
522456b device: gracefully handle device names exceeding IFNAMESIZ
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Deng Qingfang [Thu, 9 Aug 2018 17:22:46 +0000 (01:22 +0800)]
ramips: add support for HiWiFi HC5861B
HiWiFi "Gee Enjoy1200" HC5861B is a dual-band router based on MediaTek MT7628AN
https://www.hiwifi.com/enjoy-view
Specifications:
- MediaTek MT7628AN 580MHz
- 128 MB DDR2 RAM
- 16 MB SPI Flash
- 2.4G MT7628AN 802.11bgn 2T2R 300Mbps
- 5G MT7612EN 802.11ac 2T2R 867Mbps
- 5x 10/100 Mbps Ethernet
Flash instruction:
1. Get SSH access to the router
2. SSH to router with `ssh -p 1022 root@192.168.199.1`, The SSH password is the same as the webconfig one
3. Upload OpenWrt sysupgrade firmware into the router's `/tmp` folder with SCP
4. Run `mtd write /tmp/<filename> firmware`
5. reboot
Everything is working
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Chuanhong Guo [Mon, 13 Aug 2018 12:32:02 +0000 (20:32 +0800)]
ath79: add support for TP-Link TL-WR941N/ND v2/v3
Specification:
- SoC: Atheros AR9132
- Flash: 4 MB
- RAM: 32 MB
- Ethernet: Marvell
88E6060 with 5 FE ports.
Flash instruction:
Upload the generated factory firmware on web interface.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Johann Neuhauser [Mon, 13 Aug 2018 13:28:51 +0000 (15:28 +0200)]
ath79: add support for TP-Link WR841N/ND v11
Specification:
- SoC: Atheros AR9533
- Flash: 4 MB
- RAM: 32 MB
- Ethernet: 4x LAN (100M) / 1x WAN (100M)
- WiFi: 2.4G 300M
Flash instruction:
Flash factory image from stock WebUI.
Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
Johann Neuhauser [Mon, 13 Aug 2018 13:11:15 +0000 (15:11 +0200)]
ath79: move TP-Link WR841v9 aliases node from dtsi to dts
Move the alias node of the TP-Link WR841v9 and rename the phandle of
the qss led to qss_led in preparation for adding the very similar
TP-Link WR841v11.
Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
Johann Neuhauser [Mon, 13 Aug 2018 13:07:55 +0000 (15:07 +0200)]
ath79: fix sysupgrade TP-Link WR841v9
Remove SUPPORTED_DEVICES from wr841-v9 because it´s not needed and
for consistency rename everything to tl-wr841-v9.
Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
Ryan Mounce [Tue, 14 Aug 2018 04:49:29 +0000 (14:19 +0930)]
firmware-utils/mksercommfw: fix build with clang/macOS
fixes error: non-void function 'main' should return a value
Fixes: FS#1770
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
Hannu Nyman [Mon, 13 Aug 2018 20:10:47 +0000 (23:10 +0300)]
ath79: Add wifi to WNDR3700, WNDR3700v2 and WNDR3800
Add ath9k wifi capabilities to WNDR3700 family.
* use kmod-owl-loader to load firmware from "art"
* add wifi to DTS
* add wifi LEDs
Avoid using the same MAC for eth0 LAN and wlan0 by
toggling the eth0 MAC into a locally administered MAC.
That is currently done by in user-space by adding a
uci config item into /etc/config/network
(More elegant solution might be setting it already in
preinit phase.)
Known issues:
* wifi firmware file may not get created on the first boot
after flashing on time to bring wifi normally up. Likely
the overlay jffs2 is not yet ready for creating the
firmware file. "wifi up" may still bring wifi up.
Wifi will work normally at subsequent boots.
* phy0 and phy1 may get assigned mixed, so that phy0 may
be the 5GHz radio instead of the normal 2.4GHz, and vice
versa for phy1. Does not happen always, but may happen.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
[fix the wifi unit address in the dts]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Icenowy Zheng [Sun, 12 Aug 2018 14:32:01 +0000 (22:32 +0800)]
ath79: add support for Pisen WMM003N (Cloud Easy Power)
Pisen WMM003N (sold under the name of Cloud Easy Power) is an
AR9331-based router and power bank combo device. The device uses a
stock firmware modified from OpenWRT for TP-Link TL-WR703N; however
some GPIO definition is different on this device with TL-WR703N. An
AXP202 PMIC (connected to a 5000mAh battery) and a SD slot are also
added, and the stock Flash/RAM configuration is 8MiB/64MiB.
The stock firmware is an old and heavily modified OpenWRT-based
firmware, which has telnetd defaultly open, and the root password is
"ifconfig" (quotation marks not included). The factory image format is
not known yet, however the stock firmware ships the OpenWRT's sysupgrade
command, and it can be used to install a newer firmware.
Due to the lack of the access to the STM8 embedded controller, the SD
slot is currently not usable (because it's muxed with the on-board USB
port) and the AXP PMIC cannot be monitored.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Stijn Tintel [Mon, 13 Aug 2018 19:05:46 +0000 (22:05 +0300)]
firewall: bump to git HEAD
12a7cf9 Add support for DSCP matches and target
06fa692 defaults: use a generic check_kmod() function
1c4d5bc defaults: fix check_kmod() function
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Koen Vandeputte [Mon, 13 Aug 2018 12:58:20 +0000 (14:58 +0200)]
ar7: remove linux 3.18 support
This target is on 4.9 currently.
It seems the support for this old kernel never got dropped.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Andy Walsh [Mon, 13 Aug 2018 12:33:39 +0000 (14:33 +0200)]
firmware-utils/mksercommfw: fix musl build
* add missing <sys/types.h> for musl
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Zoltan HERPAI [Mon, 13 Aug 2018 08:26:03 +0000 (10:26 +0200)]
ramips: add missing USB packages into ASL26555-16M
Mirror the package list from the 8M device profile to the
16M device profile.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Daniel Engberg [Sun, 12 Aug 2018 11:53:59 +0000 (13:53 +0200)]
tools/cmake: Update to 3.12.1
Update cmake to 3.12.1
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Peter Lundkvist [Fri, 10 Aug 2018 06:48:43 +0000 (08:48 +0200)]
ath79: drop tl prefix for TP-Link RE450 v2
This router is called RE450 and the tl prefix was used to identify it
as a TP-Link device. Drop the tl prefix since we now have tplink in
dts and device name.
Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com>
Christian Lamparter [Fri, 10 Aug 2018 21:24:47 +0000 (23:24 +0200)]
ath79: gmac: add parsers for rxd(v)- and tx(d|en)-delay for AR9344
Some AR9344 boards do very poorly with the default settings and
need custom rxdv-delay, rxd-delay, txd-delay, txen-delay flags
to perform reasonably.
In this case the WD My Net Wi-Fi Range Extender can not even
manage 10Mbps on a 1Gbit link:
root@AR9344:~# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from client [...]
[ 5] local [...] connected to client
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 1.09 MBytes 9.16 Mbits/sec
[ 5] 1.00-2.00 sec 895 KBytes 7.33 Mbits/sec
[ 5] 2.00-3.00 sec 762 KBytes 6.25 Mbits/sec
[...]
[ 5] 10.00-10.03 sec 17.0 KBytes 4.74 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.03 sec 9.00 MBytes 7.52 Mbits/sec
with but with the correct settings in place, it does much better:
root@AR9344:~# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from client [...]
[ 5] local [...] connected to client
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 23.1 MBytes 193 Mbits/sec
[ 5] 1.00-2.00 sec 23.1 MBytes 194 Mbits/sec
[ 5] 2.00-3.00 sec 23.2 MBytes 195 Mbits/sec
[...]
[ 5] 10.00-10.04 sec 710 KBytes 180 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.04 sec 237 MBytes 198 Mbits/sec
The tx data and enable delay bits definitions are taken from Atheros'
AR9344 Data Sheet Section "8.6.1 Ethernet Configuration (ETH_CFG)" on
page 153.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian Lamparter [Fri, 10 Aug 2018 21:24:45 +0000 (23:24 +0200)]
packages: nvram: make it possible to include it for ath79 targets
The WD My Net Range Extender stores the MAC addresses inside the
nvram partition. This utility can extract it, but it's currently
not avilable on the ath79 target. Hence, this patch adds the
necessary target declaration, so it can be built.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Luis Araneda [Sat, 11 Aug 2018 20:01:56 +0000 (16:01 -0400)]
uboot-zynq: update to 2018.07
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
David Bauer [Sun, 12 Aug 2018 23:48:39 +0000 (01:48 +0200)]
ath79: add QCA956x GMAC config
This commit adds the ability to configure the GMAC of the QCA956x.
Signed-off-by: David Bauer <mail@david-bauer.net>
Paul Wassi [Sun, 12 Aug 2018 08:02:22 +0000 (10:02 +0200)]
brcm47xx: cosmetic fix in model detection
In "brcm47xx: rework model detection" the file 01_detect was moved
to 01_network, therefore also update the warning message in case
everything fails.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Chuanhong Guo [Sun, 12 Aug 2018 13:13:31 +0000 (21:13 +0800)]
ath79: ar913x: fix eth pll register
PLL for eth0 internal clock on ar913x is at 0x18050014
and AR913X_ETH0_PLL_SHIFT is 20 instead of 17
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Chuanhong Guo [Sun, 12 Aug 2018 04:57:52 +0000 (12:57 +0800)]
ath79: ag71xx: fix speed applied to MII0/1_CTRL on ar71xx/ar913x
Currently speed value is applied to interface mode field.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Hannu Nyman [Sat, 11 Aug 2018 22:18:53 +0000 (01:18 +0300)]
ath79: add WNDR3700 and WNDR3700v2
Add support for WNDR3700 and WNDR3700v2.
They share most things with WNDR3800.
Only device IDs and partition structure needs to be set.
Note: WNDR3700 (v1) has no NETGEAR_HW_ID, but has
also the NA version of the factory image.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Hannu Nyman [Sat, 11 Aug 2018 11:47:21 +0000 (14:47 +0300)]
ath79: create WNDR3700 series .dtsi and adjust WNDR3800
Prepare for addition of WNDR3700 and WNDR3700v2 by
separating the common parts into wndr3700.dtsi and
leaving just the device-specific things into wndr3800.dts
The three routers are identical except
* device IDs
* WNDR3700 (v1) has only 8 MB flash, while others have 16 MB.
Partition structure needs to be defined for each device.
* (WNDR3800 has 128 MB RAM, but RAM size is not in DTS)
Also separate the common parts of the image recipe.
(Drop also the initramfs recipe.)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Daniel Gimpelevich [Mon, 6 Aug 2018 17:52:28 +0000 (10:52 -0700)]
ramips: fix BR-6478ACv2 support
The wholesale changes introduced in commit
f9b8328 missed this DTS file
because it hadn't been merged yet. This patch brings it in line to match
the other mt7620a devices' DTS files.
Additionally, the Internet LED is now labeled correctly and set to unused
by default, since the WAN interface is not known in every configuration.
Using sysupgrade between images before and after this commit will require
the -F flag.
Tested-by: Rohan Murch <rohan.murch@gmail.com>
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
[drop internet led default setting]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Ludwig Thomeczek [Tue, 12 Jun 2018 19:17:23 +0000 (21:17 +0200)]
ramips: add support for Netgear R6120
This patch adds support for the Netgear R6120, aka Netgear AC1200.
Specification:
- SoC: MediaTek MT7628 (580 MHz)
- Flash: 16 MiB
- RAM: 64 MiB
- Wireless: 2.4Ghz(builtin) and 5Ghz (MT7612E)
- LAN speed: 10/100
- LAN ports: 4
- WAN speed: 10/100
- WAN ports: 1
- Serial baud rate of Bootloader and factory firmware: 57600
To flash use nmrpflash with the provided factory.img.
Flashing via webinterface will not work, for now.
Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
Ludwig Thomeczek [Tue, 12 Jun 2018 19:16:40 +0000 (21:16 +0200)]
firmware-utils: add sercomm/netgear tool
This adds a tool to generate a firmware file accepted
by Netgear or sercomm devices.
They use a zip-packed rootfs with header and a custom
checksum. The generated Image can be flashed via the
nmrpflash tool or the webinterface of the router.
Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
Jason A. Donenfeld [Sun, 12 Aug 2018 08:29:52 +0000 (01:29 -0700)]
wireguard: bump to 0.0.
20180809
* send: switch handshake stamp to an atomic
Rather than abusing the handshake lock, we're much better off just using
a boring atomic64 for this. It's simpler and performs better. Also, while
we're at it, we set the handshake stamp both before and after the
calculations, in case the calculations block for a really long time waiting
for the RNG to initialize.
* compat: better atomic acquire/release backport
This should fix compilation and correctness on several platforms.
* crypto: move simd context to specific type
This was a suggestion from Andy Lutomirski on LKML.
* chacha20poly1305: selftest: use arrays for test vectors
We no longer have lines so long that they're rejected by SMTP servers.
* qemu: add easy git harness
This makes it a bit easier to use our qemu harness for testing our mainline
integration tree.
* curve25519-x86_64: avoid use of r12
This causes problems with RAP and KERNEXEC for PaX, as r12 is a
reserved register.
* chacha20: use memmove in case buffers overlap
A small correctness fix that we never actually hit in WireGuard but is
important especially for moving this into a general purpose library.
* curve25519-hacl64: simplify u64_eq_mask
* curve25519-hacl64: correct u64_gte_mask
Two bitmath fixes from Samuel, which come complete with a z3 script proving
their correctness.
* timers: include header in right file
This fixes compilation in some environments.
* netlink: don't start over iteration on multipart non-first allowedips
Matt Layher found a bug where a netlink dump of peers would never terminate in
some circumstances, causing wg(8) to keep trying forever. We now have a fix as
well as a unit test to mitigate this, and we'll be looking to create a fuzzer
out of Matt's nice library.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Hauke Mehrtens [Sun, 12 Aug 2018 09:31:28 +0000 (11:31 +0200)]
at91: do not build image for at91-q5xr5
The kernel image of the at91-q5xr5 is getting too bing now and this is
breaking the build. Remove the image for the at91-q5xr5 from the build
to at least build images for the other devices.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Chuanhong Guo [Sat, 11 Aug 2018 13:42:10 +0000 (21:42 +0800)]
ath79: fix eth pll for ar913x
PLL node is missing syscon in compatible string.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
INAGAKI Hiroshi [Fri, 10 Aug 2018 00:07:53 +0000 (09:07 +0900)]
ath79: add support for I-O DATA WN-AC1600DGR2
I-O DATA WN-AC1600DGR2 is a 2.4/5 GHz band 11ac router, based on
Qualcomm Atheros QCA9557.
Specification:
- Qualcomm Atheros QCA9557
- 128 MB of RAM
- 16 MB of Flash
- 2.4/5 GHz wifi
- 2.4 GHz: 2T2R (SoC internal)
- 5 GHz: 3T3R (QCA9880)
- 5x 10/100/1000 Mbps Ethernet
- 6x LEDs, 6x keys (4x buttons, 1x slide switch)
- UART header on PCB
- Vcc, GND, TX, RX from ethernet port side
- 115200n8
Flash instruction using factory image:
1. Connect the computer to the LAN port of WN-AC1600DGR2
2. Connect power cable to WN-AC1600DGR2 and turn on it
3. Access to "http://192.168.0.1/" and open firmware update page
("ăƒ•ă‚¡ăƒ¼ăƒ ă‚¦ă‚§ă‚¢")
4. Select the OpenWrt factory image and click update ("æ›´æ–°") button
5. Wait ~150 seconds to complete flashing
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Dmitry Tunin [Thu, 9 Aug 2018 17:49:29 +0000 (20:49 +0300)]
ath79: add support of D-Link DIR-825 B1
Add support for the ar71xx supported D-Link DIR-825 B1 to ath79.
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Christian Lamparter [Fri, 10 Aug 2018 21:24:48 +0000 (23:24 +0200)]
ath79: add ath9k calibration data MAC addresses patching
This patch copies over the MAC patching helper functions from lantiq's
target/linux/lantiq/base-files/etc/hotplug.d/firmware/12-ath9k-eeprom
file.
Not all vendors bothered to write the correct MAC addresses for the
ath9k wifi into the calibration data. And while ath9k does have some
special dt-properties to extract the addresses from a fixed position,
there are still devices that require userspace to edit or modify
the caldata.
In my case, the MAC address for the Wi-Fi device is stored in an
unsorted key-value based "nvram" database and there's an existing
userspace tool to extract the data.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Mathias Kresin [Sat, 11 Aug 2018 08:10:21 +0000 (10:10 +0200)]
base-files: add function to get mac as text from flash
Add a function to get a mac stored as text from flash. The octets of
the mac address need to be separated by any separator supported by
macaddr_canonicalize().
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Sat, 11 Aug 2018 08:48:08 +0000 (10:48 +0200)]
base-files: use consistent coding style
Add the opening bracket right after the function name, to do it the
same way for all functions in this file.
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Chuanhong Guo [Thu, 9 Aug 2018 04:29:28 +0000 (12:29 +0800)]
ath79: add support for TP-Link TL-WDR4900 v2
Specification:
- SoC: Qualcomm Atheros QCA9558
- Flash: 8 MB
- RAM: 128 MB
- Ethernet: AR8327N with 5 GE ports.
- Wireless radio: QCA9558 for 2.4G and AR9580 for 5G.
Flash instruction:
Upload the generated factory firmware on web interface.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Yousong Zhou [Sat, 11 Aug 2018 12:03:14 +0000 (12:03 +0000)]
uci: bump to source date 2018-08-11
Fixes segfault when parsing malformed delta lines
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Koen Vandeputte [Thu, 9 Aug 2018 15:16:11 +0000 (17:16 +0200)]
kernel: bump 4.14 to 4.14.62
Refreshed all patches.
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Thu, 9 Aug 2018 15:15:40 +0000 (17:15 +0200)]
kernel: bump 4.9 to 4.9.119
Refreshed all patches.
Delete upstreamed patch:
- 100-tcp-add-tcp_ooo_try_coalesce-helper.patch
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
John Crispin [Fri, 10 Aug 2018 13:48:21 +0000 (15:48 +0200)]
wpa_supplicant: fix CVE-2018-14526
Unauthenticated EAPOL-Key decryption in wpa_supplicant
Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/
Vulnerability
A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.
When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.
Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.
Vulnerable versions/configurations
All wpa_supplicant versions.
Acknowledgments
Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.
Possible mitigation steps
- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.
- Merge the following commits to wpa_supplicant and rebuild:
WPA: Ignore unauthenticated encrypted EAPOL-Key data
This patch is available from https://w1.fi/security/2018-1/
- Update to wpa_supplicant v2.7 or newer, once available
Signed-off-by: John Crispin <john@phrozen.org>
Luis Araneda [Thu, 9 Aug 2018 02:32:46 +0000 (22:32 -0400)]
tools: findutils: fix compilation with glibc 2.28
Add a temporary workaround to compile with glibc 2.28
as some constants were removed and others made private
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
Luis Araneda [Thu, 9 Aug 2018 02:32:45 +0000 (22:32 -0400)]
tools: m4: fix compilation with glibc 2.28
Add a temporary workaround to compile with glibc 2.28
as some constants were removed and others made private
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
Thibaut VARĂˆNE [Thu, 9 Aug 2018 18:33:45 +0000 (20:33 +0200)]
base-files: make wifi report unknown command
Avoid having /sbin/wifi silently ignore unknown keywords and execute
"up"; instead display the help message and exit with an error.
Spell out the "up" keyword (which has users), add it to usage output,
and preserve the implicit assumption that runing /sbin/wifi without
argument performs "up".
Signed-off-by: Thibaut VARĂˆNE <hacks@slashdirt.org>
David Bauer [Wed, 8 Aug 2018 20:13:44 +0000 (22:13 +0200)]
ath79: add support for OCEDO Koala
This commit adds support for the OCEDO Koala
SOC: Qualcomm QCA9558 (Scorpion)
RAM: 128MB
FLASH: 16MiB
WLAN1: QCA9558 2.4 GHz 802.11bgn 3x3
WLAN2: QCA9880 5 GHz 802.11nac 3x3
INPUT: RESET button
LED: Power, LAN, WiFi 2.4, WiFi 5, SYS
Serial: Header Next to Black metal shield
Pinout is 3.3V - GND - TX - RX (Arrow Pad is 3.3V)
The Serial setting is 115200-8-N-1.
Tested and working:
- Ethernet
- 2.4 GHz WiFi
- 5 GHz WiFi
- TFTP boot from ramdisk image
- Installation via ramdisk image
- OpenWRT sysupgrade
- Buttons
- LEDs
Installation seems to be possible only through booting an OpenWRT
ramdisk image.
Hold down the reset button while powering on the device. It will load a
ramdisk image named 'koala-uImage-initramfs-lzma.bin' from 192.168.100.8.
Note: depending on the present software, the device might also try to
pull a file called 'koala-uimage-factory'. Only the name differs, it
is still used as a ramdisk image.
Wait for the ramdisk image to boot. OpenWRT can be written to the flash
via sysupgrade or mtd.
Due to the flip-flop bootloader which we not (yet) support, you need to
set the partition the bootloader is selecting. It is possible from the
initramfs image with
> fw_setenv bootcmd run bootcmd_1
Afterwards you can reboot the device.
Signed-off-by: David Bauer <mail@david-bauer.net>
Chuanhong Guo [Tue, 7 Aug 2018 04:02:07 +0000 (12:02 +0800)]
ath79: ag71xx: remove PHY reset
Bit 8/12 of reset controller which is marked as PHY_RESET/SWITCH_RESET
in datasheets will trigger either a reset for builtin switch or assert
an external ETH0_RESET_L/ETH1_RESET_L pin, which are usually connected
to external PHY/switch. None of them should be triggered every time an
interface is brought up in ethernet driver.
Remove PHY reset support from ag71xx and definition for them in dtsi.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
INAGAKI Hiroshi [Mon, 6 Aug 2018 16:59:23 +0000 (01:59 +0900)]
ath79: add support for Buffalo BHR-4GRV2
Buffalo BHR-4GRV2 is a wired router, based on Qualcomm Atheros
QCA9558.
Ported from ar71xx target.
Specification:
- Qualcomm Atheros QCA9558
- 64 MB of RAM
- 16 MB of Flash
- 5x 10/100/1000 Ethernet
- QCA8337N
- 4x LEDs, 2x keys
- UART header on PCB
- Vcc, TX, RX, GND from LED side
- 115200n8
Flash instruction using factory image:
1. Connect the computer to the LAN port of BHR-4GRV2
2. Connect power cable to BHR-4GRV2 and turn on it
3. Access to "http://192.168.12.1/" and open firmware update
page ("ăƒ•ă‚¡ăƒ¼ăƒ ă‚¦ă‚§ă‚¢æ›´æ–°")
4. Select the OpenWrt factory image and click update ("更新実行")
button
5. Wait ~120 seconds to complete flashing
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Hans Dedecker [Thu, 9 Aug 2018 15:56:19 +0000 (17:56 +0200)]
odhcp6c: apply IPv6/ND configuration earlier
Apply IPv6/ND configuration before proto_send_update so that all config info
is available when netifd is handling the notify_proto ubus call.
In particular this fixes an issue when netifd is updating the downstream IPv6 mtu
as netifd was still using the not yet updated upstream IPv6 mtu to set the
downstream IPv6 mtu
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
David Bauer [Thu, 9 Aug 2018 14:10:13 +0000 (16:10 +0200)]
ath79: fix PLL settings for QCA955x
This adds PLL settings for the ethernet ports of the TP-Link TL-WR1043
v2/v3 and the Openmesh OM5P-AC-v2.
We also change the PLL-settings in the qca9557.dtsi to match the ones
used as default on the ar71xx target.
As of
4b9680f138 those devices have broken ethernet ports as the default
PLL settings defined in the QCA9557.dtsi are applied which are off for
those devices.
Signed-off-by: David Bauer <mail@david-bauer.net>
Kevin Darbyshire-Bryant [Thu, 9 Aug 2018 15:41:52 +0000 (16:41 +0100)]
ath79: add pll for archer c7
commit
4b9680f fixed pll settings and the correct pll set
by bootloader is overrided by value in qca9557.dtsi which
is incorrect for Archer C7 and breaks ethernet. Add pll
values for archer c7 to fix ethernet connection.
This individual pll tweak has been cherry picked from github pr 1260
which changes a couple of things in a single commit and should be
ideally split. This commit get archer v7 back and working.
Tested: archer c7 v2
Original combined commit authored by:
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
c7 fix only split out by:
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Hans Dedecker [Thu, 9 Aug 2018 15:42:35 +0000 (17:42 +0200)]
iproute2: remove libutil from InstallDev section
Commit
4d961538f6 added libutil to the iproute2 InstallDev section
but lead to compile issues with packages picking up the wrong libutil
since libutil is quite a generic name ...
Further libutil is rather meant for internal usage in iproute2 than a
public API; therefore let's remove it from the InstallDev section together
with ll_map.h
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 8 Aug 2018 19:46:53 +0000 (21:46 +0200)]
netifd: update to latest git HEAD
115a694 interface-ip: always override downstream IPv6 mtu
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Antonio Silverio [Mon, 30 Jul 2018 10:26:07 +0000 (12:26 +0200)]
sunxi: change Orange Pi PC2 MUSB/power button
Changed default role of Orange Pi PC2 MSUB port to host (in dts)
Changed default function of Orange Pi PC2 power button to PWR_BTN
Signed-off-by: Antonio Silverio <menion@gmail.com>
Antonio Silverio [Mon, 30 Jul 2018 09:33:03 +0000 (11:33 +0200)]
sunxi: Added support for Xunlong Orange Pi PC2
CPU: H5 High Performance Quad-core 64-bit Cortex-A53
GPU: Mali450 OpenGL ES 2.0/1.1/1.0, OpenVG 1.1, EGL
Memory: 1GB DDR3 (shared with GPU)
Onboard Storage: TF card (Max. 32GB) / NOR flash(2MB)
Onboard Network: 1000M/100M Ethernet RJ45
USB 2.0 Ports: Three USB 2.0 HOST, one USB 2.0 OTG, HOST mode
role by default in DTS
Buttons: Power Button(SW4) Debug TTL
UART: ..DC-IN..
>[GND][RX][TX] ..HDMI..
Signed-off-by: Antonio Silverio <menion@gmail.com>
Stijn Tintel [Thu, 9 Aug 2018 09:46:29 +0000 (11:46 +0200)]
kernel: move e1000e patches to backports
They're already in linux.git, so they shouldn't be in pending.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Zoltan HERPAI [Mon, 30 Jul 2018 13:16:59 +0000 (15:16 +0200)]
firmware: intel-microcode: bump to
20180703
* New upstream microcode data file
20180703
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
+ First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
+ SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
server dies.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Rob Mosher [Wed, 8 Aug 2018 07:13:14 +0000 (03:13 -0400)]
busybox: prevent compile hang with bzip2 enabled
The BZIP2_SMALL option was not being exposed via Config.in which
caused the build to fail as 'yes' is piped to the config during
build. As it's expecting a number, it gets stuck in a loop.
Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
Jo-Philipp Wich [Wed, 8 Aug 2018 17:52:13 +0000 (19:52 +0200)]
ucert: update to lastest git HEAD
Update to latest HEAD in order to fix a stack memory corruption issue:
1056e73 Change the sigb buffer to be the same size as the fread
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Koen Vandeputte [Wed, 8 Aug 2018 10:40:29 +0000 (12:40 +0200)]
cns3xxx: correct size specifier in watchdog init print
fix compiler warnings
Fixes: 84acff286566 ("cns3xxx: fix mpcore watchdog")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 8 Aug 2018 10:37:27 +0000 (12:37 +0200)]
cns3xxx: delete invalid snip in patch
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
David Bauer [Mon, 6 Aug 2018 14:15:05 +0000 (16:15 +0200)]
ar71xx: allow to override at803x sgmii aneg status
When checking the outcome of the PHY autonegotiation status, at803x
currently returns false in case the SGMII side is not established.
Due to a hardware-bug, ag71xx needs to fixup the SoCs SGMII side, which
it can't as it is not aware of the link-establishment.
This commit allows to ignore the SGMII side autonegotiation status to
allow ag71xx to do the fixup work.
Signed-off-by: David Bauer <mail@david-bauer.net>
David Bauer [Mon, 6 Aug 2018 14:15:04 +0000 (16:15 +0200)]
ar71xx: fix QCA955X SGMII link loss
The QCA955X is affected by a hardware bug which causes link-loss of the
SGMII link between SoC and PHY. This happens on change of link-state or
speed.
It is not really known what causes this bug. It definitely occurs when
using a AR8033 Gigabit Ethernet PHY.
Qualcomm solves this Bug in a similar fashion. We need to apply the fix
on a per-device base via platform-data as performing the fixup work will
break connectivity in case the SGMII interface is connected to a Switch.
This bug was first proposed to be fixed by Sven Eckelmann in 2016.
https://patchwork.ozlabs.org/patch/604782/
Based-on-patch-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
David Bauer [Mon, 6 Aug 2018 14:21:03 +0000 (16:21 +0200)]
kernel: allow device-tree configuration of at803x
This commit adds the ability to configure specific functions of the
at803x series ethernet-PHYs, which were previously configured
exclusively with the help of platform-data, via device-tree.
This is needed to fully support existing boards of the ar71xx platform.
Signed-off-by: David Bauer <mail@david-bauer.net>
Jo-Philipp Wich [Wed, 8 Aug 2018 09:12:18 +0000 (11:12 +0200)]
kernel: backport upstream fix for CVE-2018-5390
Backport an upstream fix for a remotely exploitable TCP denial of service
flaw in Linux 4.9+.
The fixes are included in Linux 4.14.59 and later but did not yet end up in
version 4.9.118.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hans Dedecker [Wed, 8 Aug 2018 12:22:11 +0000 (14:22 +0200)]
iproute2: add libutil to InstallDev section
In iproute2 v4.17 ll_map has been moved from the libnetlink to the libutil
library; add libutil as well to the staging dir in order to keep support
for ll_map
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Koen Vandeputte [Wed, 8 Aug 2018 07:51:23 +0000 (09:51 +0200)]
kernel: remove linux 4.4 support
No targets are using this one anymore
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
David Bauer [Mon, 6 Aug 2018 14:21:02 +0000 (16:21 +0200)]
ath79: fix QCA9557 eth PLL settings
The QCA9557 dtsi is currently missing pll-handle and pll-regs for both
eth0 and eth1, therefore PLL settings won't be applied. This commit
fixes this behavior.
Signed-off-by: David Bauer <mail@david-bauer.net>
David Bauer [Mon, 6 Aug 2018 14:21:01 +0000 (16:21 +0200)]
uboot-envtools: add ath79 target
This adds uci entries for all ath79 devices for which this already was
the case on ar71xx. Additionally we add the OCEDO Koala as there was no
support in OpenWRT yet.
Signed-off-by: David Bauer <mail@david-bauer.net>
Kristian Evensen [Wed, 8 Aug 2018 04:38:32 +0000 (06:38 +0200)]
mediatek: Fix amount of memory on U7623
While finalizing support for the U7623 with 512MB, I made an embarresing
error and configured 1GB RAM for the board. I also forgot to move memory
from the dtsi and to the dts. This commit takes care of my mistakes.
While I am confessing my mistakes, I also note that I made a mistake in
the commit message of the initial U7623 commit. It is the .bin-file, and
not the .gz file that shall be sent to the device via tftp.
v1->v2:
* Remove redundant memory node (thanks Jonas Gorski)
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Mathias Kresin [Wed, 8 Aug 2018 05:19:30 +0000 (07:19 +0200)]
ath79: don't include tl-wdr3600 image build code for tl-wdr4300
Including the tl-wdr3600 image build code just to overwrite most of it
doesn't make much sense and only makes it hard to read.
Furthermore, the tl-wdr4300 image will be marked as compatible with the
tl-wdr3600 this way.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Wed, 8 Aug 2018 05:16:40 +0000 (07:16 +0200)]
ath79: cleanup netgear wnr612-v2 supported devices
The netgear,wnr612-v2 is included by default based on the device
define.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Mon, 6 Aug 2018 15:47:41 +0000 (17:47 +0200)]
ath79: mark netgear variables as device specific
The variables are used in image build recipes and need to be marked as
per devices vars to be stored individual per image define. Otherwise
the last defined variable will be used for all boards.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Chuanhong Guo [Thu, 2 Aug 2018 05:17:44 +0000 (13:17 +0800)]
ath79: Fix led nodes for TL-WR740N v2 and add its clones
This patch did the following things:
1. Separate ath9k-leds out of gpio leds so that all other leds will work
before ath9k loded (e.g. during preinit/init stage).
2. Rename wps led to qss since that's how TP-Link mark it.
3. Rename LED prefix to tp-link because that dts is shared by many devices.
4. Rename to wr740n-v1 because v1 is the first and v2 just use the fw of v1.
(This will require a forced sysupgrade if you comes from
the previous wr740n v2 image.)
5. Remove SUPPORTED_DEVICES.
(tl-wr740n-v2 doesn't exist anywhere so it's useless.)
6. Add all WR741ND v1 clones found in ar71xx.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Mathias Kresin [Mon, 6 Aug 2018 05:11:13 +0000 (07:11 +0200)]
ath79: fix dts warnings
Fix all issues found by the devicetree compiler like wrong address/size
cells as well as wrong/missing/superfluous unit addresses.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Mon, 6 Aug 2018 06:17:24 +0000 (08:17 +0200)]
ath79: fix node names
Use the standardized node names from the devicetree specification.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Mon, 6 Aug 2018 06:03:30 +0000 (08:03 +0200)]
ath79: fix compatible strings
Use only the jedec,spi-nor compatible string. Everything else either
never worked or is only support to keep compatibility.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Mon, 6 Aug 2018 05:55:13 +0000 (07:55 +0200)]
ath79: fix whitespace issue in dts files
Fixes spaces vs. tabs issues and remove indentation on blank lines.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Mon, 6 Aug 2018 18:02:00 +0000 (20:02 +0200)]
ramips: use #include syntax for dtsi files
Use the same syntax for including dtsi for all dts files.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Daniel Golle [Mon, 15 Jan 2018 02:37:17 +0000 (03:37 +0100)]
base-files: introduce sysupgrade signature chain verification
Verify ucert signature chains in sysupgrade images in case ucert is
installed and $CHECK_IMAGE_SIGNARURE = 1.
Also make sure ucert host binary is present and generate a self-signed
ucert in case $TOPDIR/key-build.ucert is missing.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 7 Aug 2018 22:47:12 +0000 (00:47 +0200)]
image: fix build without ucert
Make sure the Shell-expression returns true also in case of
key-build.ucert being absent.
Fixes commit
848b455d2e ("image: use ucert to append signature")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 6 Aug 2018 19:20:57 +0000 (21:20 +0200)]
image: use ucert to append signature
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 6 Aug 2018 16:00:45 +0000 (18:00 +0200)]
ucert: update source
ad816fc set rpath to make bundle-libraries.sh happy
63ad591 blob_buf needs to be zero'd
Now that libubox, libjson-c and libblobms_json are installed into
STAGING_DIR_HOST we can properly bundle ucert in the ImageBuilder.
Follow-up commits will make use of it to include a signature-chain in
sysupgrade images using fwtool.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 6 Aug 2018 16:00:15 +0000 (18:00 +0200)]
libubox: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 6 Aug 2018 15:58:32 +0000 (17:58 +0200)]
libjson-c: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Jo-Philipp Wich [Tue, 7 Aug 2018 15:24:30 +0000 (17:24 +0200)]
libubox: fix source version date
The referenced Git commit was made on the 25th of July, not June.
Fixes
432eaa940f ("libubox: fix mirror hash")
Fixes
5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 7 Aug 2018 14:30:20 +0000 (16:30 +0200)]
libubox: fix mirror hash
Correct the mirror hash to reflect whats on the download server.
A locally produced libubox SCM tarball was also verified to yield an identical
checksum compared to the one currently on the download server.
Fixes FS#1707.
Fixes
5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hans Dedecker [Tue, 7 Aug 2018 11:29:29 +0000 (13:29 +0200)]
toolchain/glibc: update to latest 2.26 commit
c9570bd2f5 x86: Populate COMMON_CPUID_INDEX_80000001 for Intel CPUs [BZ #23459]
86e0996b1a x86: Correct index_cpu_LZCNT [BZ #23456]
cf6deb084b conform/conformtest.pl: Escape literal braces in regular expressions
b12bed3e06 stdio-common/tst-printf.c: Remove part under a non-free license [BZ #23363]
20dc7a909a libio: Add tst-vtables, tst-vtables-interposed
4b10e69b1f Synchronize support/ infrastructure with master
762e9d63d5 NEWS: Reorder out-of-order bugs
2781bd5a86 libio: Disable vtable validation in case of interposition [BZ #23313]
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Eneas U de Queiroz [Mon, 6 Aug 2018 18:19:20 +0000 (18:19 +0000)]
ustream-ssl: update to latest git HEAD
23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Koen Vandeputte [Tue, 7 Aug 2018 09:44:36 +0000 (11:44 +0200)]
cns3xxx: ethernet: use circular queue checks consistently
Use the same method for setting queue index pointers consistenly
throughout the source file.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 7 Aug 2018 09:18:08 +0000 (11:18 +0200)]
cns3xxx: ethernet: cleanup code
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 7 Aug 2018 08:52:53 +0000 (10:52 +0200)]
cns3xxx: ethernet: fix signed/unsigned comparison
Fixes a compiler warning
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 7 Aug 2018 10:43:53 +0000 (12:43 +0200)]
cns3xxx: add myself as maintainer
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>