Camille Bilodeau [Tue, 13 Jun 2017 08:05:13 +0000 (10:05 +0200)]
ar71xx: move Arduino Yun to generic building code
Migrate Arduino Yun from legacy to generic building code.
Note: the mtd partitioning is changed to adopt the LEDE default
partitioning. It allows to have a kernel bigger than 1280k. It is
necessary as kernel > 4.4 with default LEDE configuration grows
bigger.
To use the new partitioning, you need to update your U-Boot env in
advance:
setenv mtdparts "spi0.0:256k(u-boot)ro,64k(u-boot-env),15936k(firmware),64k(nvram),64k(art)ro"
setenv bootcmd "run addboard; run addtty; run addparts; run addrootfs; bootm 0x9f050000 || bootm 0x9fea0000"
saveenv
Stijn Tintel [Thu, 29 Jun 2017 01:36:19 +0000 (03:36 +0200)]
armvirt: rename config-default to config-4.9
The kernel configs for all targets should have the version in the
filename, for clearness and consistency across all targets.
It is also expected by the update_kernel.sh script.
Kevin Darbyshire-Bryant [Sun, 25 Jun 2017 20:40:43 +0000 (21:40 +0100)]
dropbear: server support option '-T' max auth tries
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.
A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Yury Shvedov [Tue, 27 Jun 2017 08:43:54 +0000 (11:43 +0300)]
hostapd: configure NAS ID regardless of encryption
RADIUS protocol could be used not only for authentication but for
accounting too. Accounting could be configured for any type of networks.
However there is no way to configure NAS Identifier for non-WPA
networks without this patch.
Michael Heimpold [Thu, 11 May 2017 21:07:06 +0000 (23:07 +0200)]
mxs: add support for 4.9 and switch over
I did not port the regulator and power patches from Stefan Wahren
because I talked to him and he told me that work on this is currently
stalled. And since AFAIK nothing depends on these patches, leaving them
out seems reasonable.
I build minimum default configurations and run-tested them on both
I2SE Duckbill devices and Olimex Olinuxino Maxi boards successfully [1].
[1] Tested:
- debug uart is working
- boot without any obvious kernel problem
- network is coming up and data transfer is possible
- Olinuxino: USB detects a plugged-in pen drive
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
[refreshed config and patches] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hans Dedecker [Mon, 26 Jun 2017 08:23:08 +0000 (10:23 +0200)]
dnsmasq: backport tweak ICMP ping logic for DHCPv4
Don't start ping-check of address in DHCP discover if there already
exists a lease for the address. It has been reported under some
circumstances android and netbooted windows devices can reply to
ICMP pings if they have a lease and thus block the allocation of
the IP address the device already has during boot.
Jo-Philipp Wich [Sat, 10 Jun 2017 18:51:33 +0000 (20:51 +0200)]
procd: assign /dev/tty* nodes to "tty" group
Adjust default permissions and ownership of /dev/tty* nodes from
0600/root:root to 0660/root:tty in order to support granting
unprivileged user access when needed.
Jo-Philipp Wich [Sat, 10 Jun 2017 18:49:10 +0000 (20:49 +0200)]
base-files: add "tty" user group
This is needed for an upcoming change to the hotplug default rules which
will cause /dev/tty* nodes to get assigned to the "tty" group in order
to support unprivileged user access when needed.
Magnus Kroken [Thu, 22 Jun 2017 21:01:01 +0000 (23:01 +0200)]
openvpn: update to 2.4.3
Fixes for security and other issues. See security announcement for more details:
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
* Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508)
* Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520)
* Potential double-free in --x509-alt-username (CVE-2017-7521)
* Remote-triggerable memory leaks (CVE-2017-7512)
* Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522)
* Null-pointer dereference in establish_http_proxy_passthru()
* Restrict --x509-alt-username extension types
* Fix potential 1-byte overread in TCP option parsing
* Fix mbedtls fingerprint calculation
* openssl: fix overflow check for long --tls-cipher option
* Ensure option array p[] is always NULL-terminated
* Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6)
Magnus Kroken [Wed, 21 Jun 2017 19:05:09 +0000 (21:05 +0200)]
mbedtls: update to 2.5.1
Fixes some security issues (no remote exploits), and introduces
some changes. See release notes for details:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released
* Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
* Adds exponent blinding to RSA private operations
* Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
* Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
* Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.
Christian Lamparter [Wed, 7 Jun 2017 23:32:26 +0000 (23:32 +0000)]
apm821xx: MR24: fix ethernet phy detection on the MR24
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This patch fixes a problem where the AR8035 PHY can't be
detected on the Cisco Meraki MR24, when the ethernet cable
is not connected during boot.
Russell Senior reported:
|This appears to be a problem during probing of the AR8035
|phy chip. When ethernet has no link, the phy detection fails,
|and eth0 is not created. Plugging ethernet later has no effect,
|because there is no interface as far as the kernel is
|concerned. The relevant part of the boot log looks like this:
|
|[ 0.876611] /plb/opb/emac-rgmii@ef601500: input 0 in RGMII mode
|[ 0.882532] /plb/opb/ethernet@ef600c00: reset timeout
|[ 0.888546] /plb/opb/ethernet@ef600c00: can't find PHY!
(<https://bugs.lede-project.org/index.php?do=details&task_id=687>)
Fixes FS#687 Cc: Chris Blake <chrisrblake93@gmail.com> Reported-by: Russell Senior <russell@personaltelco.net> Fixes: 23fbb5a87c56e98 ("emac: Fix EMAC soft reset on 460EX/GT") Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Mathias Kresin [Thu, 30 Mar 2017 20:01:09 +0000 (22:01 +0200)]
ar71xx: add AR724x PCIe init fixes
Add upstream send AR724x PCIe patches to get the PCIe controller out of
reset during driver init.
The AVM Fritz 300E bootloader doesn't take care of releasing the
different PCIe controller related resets which causes an endless hang
as soon as either the PCIE Reset register (0x180f0018) or the PCI
Application Control register (0x180f0000) is read from.
This is a backport from the busybox repository
(192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the
suppress_{prefixlength,ifgroup} flags for policy routing rules.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
Rafał Miłecki [Fri, 23 Jun 2017 06:59:46 +0000 (08:59 +0200)]
kernel: don't switch allocate_partition to use mtd_roundup_to_eb
This mtd_roundup_to_eb helper was introduced years ago in the commit daec7ad768841 ("kernel/3.10: add separate rootfs partition parser") and
it was probably supposed to simplify code a bit.
With the recent upstream commit 1eeef2d7483a7 ("mtd: handle partitioning
on devices with 0 erasesize") the logic in allocate_partition got
slightly more complex and we can't use this simple helper anymore as it
doesn't support MTD_NO_ERASE properly.
There also isn't any real gain from this helper, so it's probably easier
to just don't use it *or* work on upstreaming it to avoid maintenance
cost.
Rafał Miłecki [Fri, 16 Jun 2017 11:23:22 +0000 (13:23 +0200)]
base-files: fix PKG_CONFIG_DEPENDS to include version.mk entries
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.
Hauke Mehrtens [Sun, 18 Jun 2017 21:27:51 +0000 (23:27 +0200)]
build: Fix not altering KERNELRELEASE for external kernel
When an external kernel tree is used the version should not get
modified by the LEDE build scripts. This was added by Florian some time
ago.
The commit 0aed054becb21439 ("build: add KERNEL_MAKE and
KERNEL_MAKE_FLAGS variables and move to kernel.mk") breaks this feature
introduced in b6746a6ffb73 ("include: Do not alter KERNELRELEASE for
external/git kernels").
Yousong Zhou [Thu, 15 Jun 2017 10:07:32 +0000 (18:07 +0800)]
base-files: allocate uid/gid starting from 65536
There already exist static assignment of uid/gid 65533 in packages feed
and we have nobody/nogroup taking 65534 as their ids. Let's change the
pid of dynamic assignment to start from 65536 so that the two assignment
scheme will not collide with each other
While at it, fix the scan command checking existence of uid/gid
Mathias Kresin [Fri, 16 Jun 2017 22:17:18 +0000 (00:17 +0200)]
base-files: make ucidef_set_led_rssi offset and factor optional
The offset and factor are only related for LEDs which can have
different brightness values. But binary LEDs are more common and don't
require any further configuation than setting the factor to 1.
Use offset = 0 and factor = 1 in case nothing else is specified.
Mathias Kresin [Wed, 14 Jun 2017 18:17:16 +0000 (20:17 +0200)]
lantiq: show xdsl line init status on shared dsl/internet led
On boards which don't have a distinct internet and dsl led, use the
shared LED to indicate the xdsl line state and any traffic that is
send/received via the netdev. This traffic doesn't necessarily need to
be internet traffic.
Rename the shared LED of existing configs to "dsl", to match the new
defaults. The configuration of the to be renamed LED is identical with
the new defaults.
Daniel Golle [Fri, 16 Jun 2017 22:54:46 +0000 (00:54 +0200)]
imagebuilder: clean package_list
commit 19ac879954 (imagebuilder: add package_list function) introduced
a new function 'package_list' to the imagebuilder Makefile.
Unfortunately the package list was poluted by stdout noise of the
Makefile itself as well as opkg. Redirect those outputs to stderr to
make sure that the package_list returned doesn't contain progress
info output but really only packages.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Paul Spooren [Tue, 13 Jun 2017 19:59:14 +0000 (21:59 +0200)]
imagebuilder: add package_list function
The imagebuilder can now list all available packages by using make
package_list. This is usefull for scripts to retrieve a list of all
packages with versions (and size)
Signed-off-by: Paul Spooren <paul@spooren.de>
[daniel@makrotopia.org: fixed commit message]
Makoto Takeuchi [Wed, 24 May 2017 15:37:24 +0000 (16:37 +0100)]
kirkwood: add support for Cisco ON100
The Cisco ON100 device is a Kirkwood based router:
SoC: Marvell 88F6282 1600Mhz
SDRAM memory: 512MB DDR3 1333Mhz
Gigabit ethernet: 2x Marvell 88E1310 (over RGMII)
Flash memory: 512MB
2 bi-colour status LEDs (green/red)
1 Reset button
1 USB 2.0 port (on back)
1 SDIO slot (on back)
This commit adds a target profile of "Cisco Systems ON100" under the target
system "Marvell Kirkwood".
Flashing can be performed over tftp, once "dhcp" has been issued:
tftpboot ${loadaddr} lede-kirkwood-on100-squashfs-factory.bin
nand erase 0x0c0000 ${filesize}
nand write ${loadaddr} 0x0c0000 ${filesize}
Once flashed, set environment variables to boot:
setenv bootcmd nand read \${loadaddr} 0x0c0000 0x540000\; setenv bootargs
\; bootm
saveenv
Ben Whitten [Wed, 3 May 2017 21:15:20 +0000 (22:15 +0100)]
at91: convert boards to generic build target
Evaluation boards are left in component form to ease flashing
using vendor tooling and instructions. These boards also do
not include the EOF marker in the UBIFS as the bootloaders
are recent and easily upgradeable.
The end product boards use factory.bin images based on the
dts layout and include EOF markers as bootloader UBI support
is not determined.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com> Signed-off-by: Mathias Kresin <dev@kresin.me>
Paul Oranje [Fri, 9 Jun 2017 09:30:23 +0000 (11:30 +0200)]
dnsmasq: manage resolv.conf if when listening on 127.0.0.1#53
With this patch the dnsmasq init script manages resolv.conf if and only if
when dnsmasq will listen on 127.0.0.1#53 (is main resolver instance).
Also, resolvfile is now set irrespective of the value of noresolv.
All TP-Link TL-WR710N versions share the same machine code.
This has been working since the beginning as we don't use double-quotes
to protect spaces inside command line values. Thus, kernel interprets
'board=TL-WR710N v2' as 'board=TL-WR710N' and separate parameter 'v2'.
This adds the necessary firmware layout definitions for the Archer C25.
It has an addtional partition containing some static data ("extra-para")
without which no factory flash is possible, therefore put_data() has been
added.
Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
Serg Studzinskii [Wed, 8 Mar 2017 20:10:05 +0000 (22:10 +0200)]
ar71xx: add support for TP-Link TL-WR942N v1
TP-Link TL-WR942N v1 is a 2.4 GHz single-band N450 router, based on
Qualcomm/Atheros QCA9561.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 5x 10/100 Mbps Ethernet
- 2x USB 2.0
- 11x LED (most are controlled by 74HC595)
- 2x button
- UART header on PCB*
* Serial console is disabled in OEM non-beta firmwares and corresponding
GPIO pins 14 and 15 are assigned to control USB1 and USB2 LEDs by
production (non-beta) U-Boot and firmware.
Currently not working:
1. USB1 and USB2 LEDs if UART RX and TX pins are assigned to their GPIOs
by some U-Boot versions.
Flash instruction under vendor GUI:
1. Download "lede-ar71xx-generic-tl-wr942n-v1-squashfs-factory.bin".
2. Go to WEB interface and perform usual firmware upgrade.
FLash instruction under U-Boot recovery mode (doesn't work in beta
firmware):
1. Setup PC with static IP "192.168.0.66/24" and tftp server.
2. Change "*-factory" image filename to "WR942v1_recovery.bin" and make
it available to download from your tftp server.
3. Press "reset" button and power up the router, wait till "WPS" LED
turns on.
Flash instruction under U-Boot, using UART (can be done only with
preinstalled UART-enabled U-Boot version!):
1. Use "tpl" to stop autobooting and obtain U-Boot CLI access.
2. Setup ip addresses for U-Boot and your tftp server.
3. Issue below commands:
tftp 0x81000000 lede-ar71xx-generic-tl-wr942n-v1-sysupgrade.bin
erase 0x9f020000 +$filesize
cp.b 0x81000000 0x9f020000 $filesize
reset
Piotr Dymacz [Wed, 31 May 2017 20:12:51 +0000 (22:12 +0200)]
ar71xx: image: update GL.iNet boards DEVICE_TITLE
Use "GL.iNet" as vendor name (based on information from the vendor, this
is registered name of the company) and align model names with official
website.
Piotr Dymacz [Wed, 31 May 2017 14:31:44 +0000 (16:31 +0200)]
ar71xx: image: keep custom Build/* functions in separate files
Most of the custom Build/* functions in ar71xx target are rarely used by
image building code for devices from more than one subtarget. As they
don't need to be always included, move them to corresponding *.mk files.
projects / users / dwmw2 / openwrt.git / log