Rosen Penev [Fri, 15 Sep 2017 23:09:19 +0000 (16:09 -0700)]
brcm47xx: Fix sysupgrade with E1200v1
Entry was missing for some reason.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Lucian Cristian [Mon, 18 Sep 2017 22:13:44 +0000 (01:13 +0300)]
sunxi: add Olimex A20-OLinuXino-LIME2-eMMC
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[replaced u-boot patch with original version from u-boot git]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Marko Ratkaj [Tue, 19 Sep 2017 07:35:39 +0000 (09:35 +0200)]
tools: flex: fix segfault with glibc 2.26+
Fix segmentation fault caused by implicit declaration of function 'reallocarray'. Added patch will enable
reallocarray() prototype in glibc 2.26+ on Linux systems. This fix will be included in flex 2.6.5.
Fixes LEDE issue: FS#1003 (Flex does not build with GCC 7.2)
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Philip Prindeville [Tue, 19 Sep 2017 23:49:13 +0000 (17:49 -0600)]
kernel: don't scrimp on memory on big iron
x86_64 platforms typically don't lack memory, so don't needlessly
economize memory if fq_codel on capable platforms.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
[Add a comment to the patch]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
James Christopher Adduono [Wed, 20 Sep 2017 05:30:45 +0000 (01:30 -0400)]
kernel: kmod-usb-storage-uas
This will allow you to build and package the uas.ko module.
With more routers supporting USB 3.0 host this could help
speed up activities like DLNA and Samba, as well as reduce
CPU utilization over BOT mass storage drivers.
Signed-off-by: James Christopher Adduono <jc@adduono.com>
Kevin Darbyshire-Bryant [Wed, 20 Sep 2017 14:10:42 +0000 (15:10 +0100)]
ramips: fix missing mediatek wdt
mediatek MT7621 soc watchdog DTS id was renamed from "mtk,mt7621-wdt" to
"mediatek,mt7621-wdt" when driver upstreamed to kernel 4.5
Update mt7621.dtsi & mt7628an.dtsi definitions to match upstreamed
kernel.
Restores hardward watchdog functionality on mt7621 devices under linux
4.9
Tested on: MIR3G
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Adrian Panella [Tue, 12 Sep 2017 18:29:09 +0000 (13:29 -0500)]
uhttp: update to latest version
3fd58e9 2017-08-19 uhttpd: add manifest support
88c0b4b 2017-07-09 file: fix basic auth regression
99957f6 2017-07-02 file: remove unused "auth" member from struct
path_info
c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS
ad93be7 2017-07-02 auth: store parsed username and password
fa51d7f 2017-07-02 proc: do not declare empty process variables
a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support
e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash
Signed-off-by: Adrian Panella <ianchi74@outlook.com>
Hans Dedecker [Thu, 21 Sep 2017 20:42:28 +0000 (22:42 +0200)]
libubox: fix uloop race condition
7a10576 uloop: Fix race condition in SIGCHLD handling
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Stijn Tintel [Wed, 20 Sep 2017 20:18:24 +0000 (23:18 +0300)]
kernel: update 4.9 to 4.9.51
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Tue, 19 Sep 2017 18:34:47 +0000 (21:34 +0300)]
arm-trusted-firmware-sunxi: depend on sunxi target
The arm-trusted-firmware-sunxi package is only used by the Allwinner
A64, so only make it selectable for its subtarget sunxi/cortexa53.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Jonas Gorski <jonas.gorski@gmail.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:23 +0000 (11:51 -0700)]
at91bootstrap: New package at91bootstrap
at91bootstrap is a second-level bootloader for Microchip(Atmel AT91) SoCs.
It provides a set of algorithms to manage the hardware initialization and
to download the main application or a third-level bootloader(i.e. uboot)
from specified boot media to main memory and execute it.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:22 +0000 (11:51 -0700)]
uboot-at91: Add support for SAMA5D4 Xplained board
Add support for SAMA5D4 Xplained board and options to select & build
u-boot configs for different media storage.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:21 +0000 (11:51 -0700)]
uboot-at91: Add support for SAMA5D2 Xplained board
Add support for SAMA5D2 Xplained board and options to select & build
u-boot configs for different media storage.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:20 +0000 (11:51 -0700)]
uboot-at91: Add support for SAMA5D3 Xplained board
Add support for SAMA5D3 Xplained board and options to select & build
u-boot configs for different media storage.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:19 +0000 (11:51 -0700)]
uboot-at91: move BUILD_SUBTARGET from U-Boot/Default to devices
currenlty U-Boot/Default supports only at91 legacy devices.To add
sama5 support, moving BUILD_SUBTARGET from U-Boot/Default to target
devices.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:18 +0000 (11:51 -0700)]
at91: Add UBI parameters for sama5d4.
Add UBIFS_OPTS & UBINIZE_OPTS parameters for sama5d4 Xplained board.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:17 +0000 (11:51 -0700)]
at91: Add SAMA5D4 device
Add support for SAMA5D4 with target device as at91-sama5d4_xplained
in SAMA5 subtarget and build images for SAMA5D4 Xplained board.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:16 +0000 (11:51 -0700)]
at91: Add SAMA5D2 device
Add support for SAMA5D2 with target device as at91-sama5d2_xplained
in SAMA5 subtarget and build images for SAMA5D2 Xplained board.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:15 +0000 (11:51 -0700)]
at91: Install zImage.
Installing zImage to bin folder of device target.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:14 +0000 (11:51 -0700)]
build: add image command for installing zImage file.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:13 +0000 (11:51 -0700)]
at91: Renaming subtarget sama5d3 to sama5
Renaming at91 subtarget sama5d3 to sama5 and using at91-sama5d3_xplained
as a target device in sama5 subtarget.This will enable to add other
sama5d2 & sama5d4 target devices in sama5 subtraget.This will avoid
code duplication when sama5d2 & sama5d4 added as different subtarget.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Philip Prindeville [Tue, 19 Sep 2017 21:17:09 +0000 (15:17 -0600)]
build: remove @ as it's causing an error
Since $(DownloadMethod/unknown) is being invoked in the expansion of
$(call locked ...) anyway, you can't have an @ because the shell
doesn't know what to do with it.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Chen Minqiang [Wed, 20 Sep 2017 02:20:09 +0000 (10:20 +0800)]
ipq-wifi: fix missing define of PKG_NAME
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Philip Prindeville [Tue, 19 Sep 2017 20:47:54 +0000 (14:47 -0600)]
usbutils: avoid duplicating the git revision
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Sven Roederer [Tue, 5 Sep 2017 16:27:02 +0000 (18:27 +0200)]
openvpn: add "extra-certs" option
This option is used to specify a file containing PEM certs, to complete the
local certificate chain. Which is quite usefull for "split-CA" setups.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Lucian Cristian [Fri, 19 May 2017 01:14:08 +0000 (04:14 +0300)]
sunxi: add Olimex A20-OlinuXino-LIME2
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Lorenzo Santina [Sat, 16 Sep 2017 09:14:27 +0000 (11:14 +0200)]
hostapd: ft_over_ds support
Add support for ft_over_ds flag in ieee80211r
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Lorenzo Santina [Sat, 16 Sep 2017 09:07:24 +0000 (11:07 +0200)]
hostapd: ft_psk_generate_local support
Add support for ft_psk_generate_local flag in ieee80211r
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[original author]
Signed-off-by: Sergio <mailbox@sergio.spb.ru>
Hauke Mehrtens [Sun, 17 Sep 2017 19:33:20 +0000 (21:33 +0200)]
ath10k-firmware: use firmware from git instead of extra download
Instead of manually downloading the files again we can also take the
same files directly from the ath10k-firmware git which was cloned
before.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 20:53:20 +0000 (22:53 +0200)]
sunxi: Add A64 support with cortex53 subtarget
This adds initial support for the A64 Allwinner SoC to LEDE.
It will be build in the new cortexa53 subtarget.
Currently it only supports the pine64 and the image is able to boot on
this SoC.
Camera, Ethernet, HDMI and other parts are currently not working.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Mon, 17 Jul 2017 20:48:31 +0000 (22:48 +0200)]
sunxi: Backport patches from kernel 4.11 for A64
This backports some more patches from kernel 4.11 adding more devices
to the device tree of the A64 SoC.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 20:50:41 +0000 (22:50 +0200)]
sunxi: Backport patches needed for A64
This backports multiple patches from kernel 4.10 which are adding
missing support for the A64 and the pine64 board. These are the device
tree files, the pinctlk and the clock driver.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 20:53:35 +0000 (22:53 +0200)]
uboot-sunxi: build A64 SoC and pine64 U-Boot
This creates a U-Boot for the aarch64 SoC A64 on the pine64 board.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 22:01:21 +0000 (00:01 +0200)]
arm-trusted-firmware-sunxi: add new package
This is needed for the Boot loader of the A64 SoC.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 18:35:57 +0000 (20:35 +0200)]
sunxi: split into cortex A8 and A7 subtarget
Now we can activate some compiler optimizations for the cortex A7.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 20:51:25 +0000 (22:51 +0200)]
sunxi: fix build of rtc package when module not available
If the Kconfig option CONFIG_RTC_DRV_SUNXI is not selected this package
should be be build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Thu, 20 Jul 2017 21:27:31 +0000 (23:27 +0200)]
uboot-sunxi: revert the usage of binman
This will avoid the usage of swig.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Wed, 19 Jul 2017 20:46:34 +0000 (22:46 +0200)]
uboot-sunxi: do not depend on dtc being install on host
make mkimage check the DTC environment variable first.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 16:41:57 +0000 (18:41 +0200)]
uboot-sunxi: update to version 2017.07
The deleted patches are already integrated in the upstream U-Boot
version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 12:57:08 +0000 (14:57 +0200)]
sunxi: add support for kernel 4.9
Most of the patches were backpoprts from the mainline kernel and are
integrated upstream now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 13:57:29 +0000 (15:57 +0200)]
kernel: add some config options
These are needed for the sunxi target.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Stijn Tintel [Mon, 18 Sep 2017 09:13:18 +0000 (12:13 +0300)]
rb532: drop 4.4 support
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Roman Yeryomin [Sun, 17 Sep 2017 18:35:19 +0000 (21:35 +0300)]
rb532: add myself as maintainer
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Roman Yeryomin [Sun, 17 Sep 2017 18:34:36 +0000 (21:34 +0300)]
rb532: switch to 4.9
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Roman Yeryomin [Sun, 17 Sep 2017 18:34:00 +0000 (21:34 +0300)]
rb532: add support for 4.9
Includes latest korina fixes.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
[rewrite commit message (subject <= 50 characters)]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Roman Yeryomin [Sun, 17 Sep 2017 18:33:20 +0000 (21:33 +0300)]
rb532: set lan interface type to brigde
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Roman Yeryomin [Sun, 17 Sep 2017 18:32:42 +0000 (21:32 +0300)]
rb532: increase kernel size limit
This is required to support kernel 4.9.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
[rewrite commit message (subject <= 50 characters)]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Marcin Jurkowski [Thu, 14 Sep 2017 12:49:10 +0000 (14:49 +0200)]
dnsmasq: fix dhcp "ignore" option on wwan interfaces
Init script won't append --no-dhcp-interface option if interface
protocol is one of: ncm, directip, qmi, mbim.
This is caused by IP address assigned to dynamically created netifd
interfaces. As a result there's no netmask assigned to the main
interface and dhcp_add() function returns prematurely.
By moving network subnet check we can ensure that --no-dhcp-interface is
properly generated for wwan interfaces.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase; move network checks]
Hans Dedecker [Mon, 18 Sep 2017 07:18:36 +0000 (09:18 +0200)]
base-files: fix wan6 interface config generation for pppoe
Setting ipv6 to auto in case of a pppoe interface will trigger the
creation of a dynamic wan_6 interface meaning two IPv6 interfaces
(wan6 and wan_6) will be active on top of the pppoe interface.
This leads to unpredictable behavior in the network; therefore set
ipv6 to 1 which will prevent the dynamic creation of the wan_6
interface.
Further alias the wan6 interface on top of the wan interface for pppoe
as the wan6 interface can only be started when the link local address is
ready. In case of pppoe the link local address is negotiated during the
Internet Protocol Control Protocol when the PPP link is setup meaning
all the IP address info is only available when the wan interface is up.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Stijn Tintel [Mon, 18 Sep 2017 00:58:25 +0000 (03:58 +0300)]
kernel: update 4.9 to 4.9.50
Refresh patches.
Compile-tested on ipq8065/nbg6817 and x86/64.
Runtime-tested on ipq8065/nbg6817 and x86/64.
Fixes CVE-2017-
1000251.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[adapt qcom_nandc.c patches to match upstream changes, test ipq8065/nbg6817]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Florian Fainelli [Sat, 16 Sep 2017 23:41:48 +0000 (16:41 -0700)]
kernel: update to 3.18.71
Delete a bunch of fixes that are already included.
Refresh patches.
Compile-tested on malta/mipsel
Runtime-tested on malta/mipsel
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Stijn Tintel [Sun, 17 Sep 2017 22:26:44 +0000 (01:26 +0300)]
tcpdump: noop commit to refer CVEs fixed in 4.9.2
When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed
CVEs in the commit message. As the list of fixed CVEs is quite long,
we should probably mention them in the changelogs of the releases to
come. This commit will make sure this happens.
The following CVEs were fixed in
21014d9708d586becbd62da571effadb488da9fc:
CVE-2017-11541
CVE-2017-11541
CVE-2017-11542
CVE-2017-11542
CVE-2017-11543
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Hauke Mehrtens [Sat, 16 Sep 2017 23:35:00 +0000 (01:35 +0200)]
mac80211: make iwlwifi select AC support
Some NICs supported by this driver support ieee80211 AC.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 16 Sep 2017 23:33:35 +0000 (01:33 +0200)]
linux-firmware: pack Intel iwl FW separately
Do not create one big package with all the Intel firmware files
supported by the iwlwifi driver, but use a separate package for each
chip.
This also updates some 7000 and 8000 series firmware files to more
recent version. The older versions shipped are not supported by the
current driver any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 17 Sep 2017 12:50:01 +0000 (14:50 +0200)]
mac80211: add dev_coredumpm() function
dev_coredumpm() was added with kernel 4.7, but it is used by iwlwifi.
When the dev coredump framework form compat-wireless is used this is not
a problem because it already contains this, but this is deactivated if
the build system finds out that it is already included in the kernel we
compile against. This option was now activated by the bluetooth driver
btmrvl. Having dev coredump in the kernel adds about 400 bytes to the
lzma compressed kernel for brcm47xx.
This is copied from a more recent backports version to add the
dev_coredumpm() function when the internal core devdump is not used.
Fixes:
a5922f6 ("kernel: bluetooth: add marvell sdio bluetooth module")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Daniel Engberg [Sun, 17 Sep 2017 06:17:54 +0000 (08:17 +0200)]
kernel: kmod-btmrvl: Add kmod-mmc as dependency
This fixes the build of this module and should fix the build bots.
Fixes:
a5922f6 ("kernel: bluetooth: add marvell sdio bluetooth module")
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[removed mveub dependency and update commit comment]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Florian Fainelli [Sat, 16 Sep 2017 22:16:09 +0000 (15:16 -0700)]
generic: drop 704-phy-no-genphy-soft-reset.patch
4.4.80+ contains
71a165f6397df07a06ce643de5c2dbae29bd3cfb, 4.9.41+ contains
6c78197e4a69c19e61dfe904fdc661b2aee8ec20 which are all backports of upstream
commit
0878fff1f42c18e448ab5b8b4f6a3eb32365b5b6 ("net: phy: Do not perform
software reset for Generic PHY").
Our local patch is no longer needed, all this patch was doing was utilizing
gen10g_soft_reset which does nothing either, so just keep the code unchanged.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Sat, 16 Sep 2017 23:27:37 +0000 (16:27 -0700)]
dnsmasq: Pass TARGET_CPPFLAGS to Makefile
With the introduction of the ubus notifications, we would now fail building
dnsmasq with external toolchains that don't automatically search for headers.
Pass TARGET_CPPFLAGS to the Makefile to resolve that.
Fixes:
34a206bc1194 ("dnsmasq: add ubus notifications for new leases")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Sat, 16 Sep 2017 21:49:37 +0000 (14:49 -0700)]
armvirt: Enable CONFIG_ARM_PMU
We will be prompted with this config symbol when performance monitoring is
enabled in the kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Henryk Heisig [Fri, 7 Jul 2017 07:53:12 +0000 (09:53 +0200)]
mvebu: WRT3200ACM: add bluetooth module
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
Henryk Heisig [Fri, 7 Jul 2017 07:43:10 +0000 (09:43 +0200)]
kernel: bluetooth: add marvell sdio bluetooth module
This commit add support for Marvell bluetooth with SDIO interface.
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
[Fix KCONFIG and FILES option]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Henryk Heisig [Fri, 7 Jul 2017 07:35:20 +0000 (09:35 +0200)]
linux-firmware: update to the commit from 2017-09-06
update firmware mrvl/sd8887_uapsta.bin
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
[update to version 2017-09-06]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Daniel Engberg [Thu, 7 Sep 2017 22:44:26 +0000 (00:44 +0200)]
utils/e2fsprogs: Update to 1.43.6
Update e2fsprogs to 1.43.6
Disable compilation of fuse2fs (we don't package it)
Disable thread support (only affects fuse2fs)
Enable linking with libblkid instead of using private (included) version.
The libblkid is ~210KBytes in size, but with using the shared library
the binaries are ~25KBytes smaller. This also brings it in sync with
most other Linux distributions.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Philip Prindeville [Fri, 15 Sep 2017 17:03:52 +0000 (11:03 -0600)]
kernel: add packaging for Xeon iTCO watchdog timer
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Kabuli Chana [Thu, 10 Aug 2017 16:48:28 +0000 (10:48 -0600)]
mwlwifi: update to version 10.3.4.0 / 2017-08-10
Update mwlwifi
Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
Alexandru Ardelean [Fri, 25 Aug 2017 13:22:36 +0000 (16:22 +0300)]
libs/wolfssl: bump to version 3.12.0 ; add myself as maintainer
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Fri, 25 Aug 2017 11:23:42 +0000 (14:23 +0300)]
libs/wolfssl: adjust symbol defaults against libwolfssl defaults
Some symbols have been renamed.
Some are default enabled/disabled, so we need
to adjust semantics against that.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Fri, 25 Aug 2017 11:15:15 +0000 (14:15 +0300)]
libs/wolfssl: disable hardening check in `settings.h`
This seems to cause a false-positive warning/error
while building `libwebsockets-cyassl`.
```
make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
[ 2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o
In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0,
from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33,
from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30,
from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256,
from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43:
/home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp]
#warning "For timing resistance / side-channel attack prevention consider using harden options"
```
Hardening is enabled by default in libwolfssl at build-time.
However, the `settings.h` header is exported (along with other headers)
for build (via Build/InstallDev).
This looks like a small bug/issue with wolfssl.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Thu, 24 Aug 2017 05:56:40 +0000 (08:56 +0300)]
cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`
This is to eliminate any ambiguity about the cyassl/wolfssl lib.
The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.
It's a good idea to keep up with the times (moving forward).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Fri, 25 Aug 2017 11:25:28 +0000 (14:25 +0300)]
libs/wolfssl: add libcysassl to PROVIDES field (for backwards compat)
Until other packages from feeds decide to rename the
dependency of `+libcyassl` to `+libwolfssl`, this allows
for a bit of backwards compatibility with those packages.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Mon, 4 Sep 2017 13:16:00 +0000 (16:16 +0300)]
wwan: json format in some modem definitions
Method used:
```
cd package/network/utils/wwan/files/data
sed -e 's/}}/}/g' -i *
sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i *
sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i *
```
Manually adjusted commas.
Validated with
```
for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done
```
Thanks to @lynxis for pointing out the commas.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Daniel Engberg [Fri, 8 Sep 2017 07:42:23 +0000 (09:42 +0200)]
tools/e2fsprogs: Update to 1.43.6
Update e2fsprogs to 1.43.6
* Remove FreeBSD patch as it's not needed, FreeBSD 9.1 is EoL and this
is compiling on FreeBSD 11.1.
* Remove libmagic patch, RHEL 5 is EoL (End of Production Phase) since
March 31, 2017.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Daniel Engberg [Wed, 6 Sep 2017 09:56:15 +0000 (11:56 +0200)]
tools/expat: Update to 2.2.4
Update (lib)expat to 2.2.4
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Kevin Darbyshire-Bryant [Tue, 22 Aug 2017 10:01:07 +0000 (11:01 +0100)]
toolchain: gcc: update 7.x to 7.2.0
Bump gcc from 7.1 to 7.2
Compile & run tested: ar71xx
Trace history of current patches and update with commit ref & comment
to give more clue as to why they're still around/needed. Some have
changed form since the original commit but some clue is better than no
clue at all.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Kevin Darbyshire-Bryant [Fri, 15 Sep 2017 10:41:09 +0000 (11:41 +0100)]
kernel: update 4.4 to 4.4.88
Refresh patches.
Compile & run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Karl Palsson [Fri, 1 Sep 2017 11:22:11 +0000 (11:22 +0000)]
odhcpd: don't enable server mode on non-static lan port
Instead of blindly enabling the odhcpd v6 server and RA server on the
lan port, only do that if the lan port protocol is "static"
This prevents the unhelpful case of a device being a dhcpv4 client and
v6 server on the same ethernet port.
Signed-off-by: Karl Palsson <karlp@etactica.com>
[PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup]
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Jiawei Wang [Wed, 13 Sep 2017 06:04:22 +0000 (14:04 +0800)]
ramips: fix used MAC addresses for Phicomm K2P
The factory partition of the Phicomm K2P contains two MAC addresses.
The lower MAC address is at offset 0xe006 and the higher one is at
offset 0xe000.
Use the lower MAC address as base mac-address which the switch driver
increments by one for the second (wan) vlan.
The MAC addresses are still inverted in contrast to the stock firmware
where the lower MAC address is used for wan. But at least the use of a
MAC address not intended/reserved for this particular board is fixed.
Signed-off-by: Jiawei Wang <me@jwang.link>
Hans Dedecker [Wed, 13 Sep 2017 20:18:08 +0000 (22:18 +0200)]
odhcpd: update to git HEAD version
f0bce9c dhcpv4: fix memset compile issue
0ba3278 dhcpv4: rework assignment lookup
e3b49f3 dhcpv4: cleanup dhcpv4_test usage
47fe122 dhcpv4: rework lease expire handling logic
028ab85 dhcpv4: force renew nonce authentication support
a827fca dhcpv4: avoid segfault when there's no IPv4 prefix
bea088b ndp: detect ifindex changes via interface netlink events
f66103e ubus: display accept reconf status for DHCPv6 assignments
f0e354b treewide: replace RELAYD prefix naming in macros
1a313f9 dhcpv4: fix possible segfault when lease is not created
e2d6eb4 dhcpv4: dhcpv4: move interface lease list insertion out of dhcpv4_assign
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Kristian Evensen [Tue, 12 Sep 2017 16:27:10 +0000 (18:27 +0200)]
ramips: fix D240 mini-PCIe power control GPIOs
In commit
b11c51916cb9 ("ramips: Improve Sanlinking D240 config") I made
a mistake with regards GPIO numbering. And in addition to specifying the
wrong GPIO for controling the power of one of the mini-PCIe, I recently
discovered that the power of both slots can be controlled.
This patch specifies the correct GPIO for the left-most mini-PCIe slot
of the D240 (labeled power_mpcie2 since the slot is attached to SIM2),
and adds a GPIO that can be used to control the power of the other
mini-PCIe slot (labeled power_mpcie1).
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[do not use the gpio active macros for the gpio-export value]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Maxim Anisimov [Fri, 8 Sep 2017 09:39:17 +0000 (12:39 +0300)]
ramips: add support for TP-Link Archer C20 v1
TP-Link Archer C20 v1 is a router with 5-port FE switch and
non-detachable antennas. It's very similiar to TP-Link Archer C50.
Also it's based on MediaTek MT7620A+MT7610EN.
Specification:
- MediaTek MT7620A (580 Mhz)
- 64 MB of RAM
- 8 MB of FLASH
- 2T2R 2.4 GHz and 1T1R 5 GHz
- 5x 10/100 Mbps Ethernet
- 2x external, non-detachable antennas
- UART (J1) header on PCB (115200 8n1)
- 8x LED (GPIO-controlled*), 2x button, power input switch
- 1 x USB 2.0 port
* WAN LED in this devices is a dual-color, dual-leads type which isn't
(fully) supported by gpio-leds driver. This type of LED requires both
GPIOs state change at the same time to select color or turn it off.
For now, we support/use only the blue part of the LED.
* MT7610EN ac chip isn't not supported by LEDE. Therefore 5Ghz won't
work.
Factory image notes:
These devices use version 3 of TP-Link header, fortunately without RSA
signature (at least in case of devices sold in Europe). The difference
lays in the requirement for a non-zero value in "Additional Hardware
Version" field. Ideally, it should match the value stored in vendor
firmware header on device.
We are able to prepare factory firwmare file which is accepted and
(almost) correctly flashed from the vendor GUI. As it turned out, it
accepts files without U-Boot image with second header at the beginning
but due to some kind of bug in upgrade routine, flashed image gets
corrupted before it's written to flash. So, to flash this device we must
to prepare image using original firmware from tp-link site with uboot.
Flash instruction:
Until (if at all) TP-Link fixes described problem, the only way to flash
LEDE image in these devices is to use tftp recovery mode in U-Boot.
There are two ways to flash the device to LEDE:
1) Using tftp mode with UART connection and original LEDE image
- Place lede-ramips-mt7620-ArcherC20-squashfs-factory.bin in tftp
server directory
- Configure PC with static IP 192.168.0.66/24 and tftp server.
- Connect PC with one of LAN ports, power up the router and press
key "4" to access U-Boot CLI.
- Use the following commands to update the device to LEDE:
setenv serverip 192.168.0.66
tftp 0x80060000 lede-ramips-mt7620-ArcherC20-squashfs-factory.bin
erase tplink 0x20000 0x7a0000
cp.b 0x80060000 0x20000 0x7a0000
reset
- After that the device will reboot and boot to LEDE
2) Using tftp mode without UART connection but require some
manipulations with target image
- Download and unpack TP-Link Archer C20 v1 firmware from original web
site
- Split uboot.bin from original firmware by this command (example):
dd if=Archer_C20v1_0.9.1_4.0_up_boot(160427)_2016-04-27_13.53.59.bin of=uboot.bin bs=512 count=256 skip=1
- Create ArcherC20V1_tp_recovery.bin using this command:
cat uboot.bin lede-ramips-mt7620-ArcherC20-squashfs-factory.bin > ArcherC20V1_tp_recovery.bin
- Place ArcherC20V1_tp_recovery.bin in tftp server directory.
- Configure PC with static IP 192.168.0.66/24 and tftp server.
- Connect PC with one of LAN ports, press the reset button, power up
the router and keep button pressed for around 6-7 seconds, until
device starts downloading the file.
- Router will download file from server, write it to flash and reboot.
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
Thibaut VARENE [Tue, 12 Sep 2017 21:22:37 +0000 (23:22 +0200)]
generic: drop support for get_port_stats() on ar8xxx
The implementation is not efficient on ar8xxx switches. It triggers high
CPU load and degrades device performance.
The high CPU load has been traced down to the ar8xxx_reg_wait() call in
ar8xxx_mib_op(), which has to usleep_range() till the MIB busy flag set
by the request to update the MIB counter is cleared.
This commit removes the get_port_stats() code introduced in
4d8a66d and
leaves a note for future hacker's beware.
Fixes: FS#1004
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
Lorenzo Santina [Mon, 11 Sep 2017 13:27:53 +0000 (15:27 +0200)]
treewide: fix shellscript syntax errors/typos
Fix multiple syntax errors in shelscripts (of packages only)
These errors were causing many conditions to not working properly
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[increase PKG_RELEASE, drop command substitution from directip.sh]
Signed-off-by: Mathias Kresin <dev@kresin.em>
David Yang [Sat, 9 Sep 2017 13:16:11 +0000 (21:16 +0800)]
ramips: fix hg255d LED status support
Use the green power LED for boot status indication.
Source: https://my.oschina.net/osbin/blog/278782 Para 3
Signed-off-by: David Yang <mmyangfl@gmail.com>
Kevin Darbyshire-Bryant [Mon, 4 Sep 2017 12:13:24 +0000 (13:13 +0100)]
basefiles: allow suid coredumps
Set sysctl fs.suid_dumpable = 2
This allows suid processes to dump core according to kernel.core_pattern
setting. LEDE typically uses suid to drop root priviledge rather than
gain it but without this setting any suid process would be unable to
produce coredumps (e.g. dnsmasq)
Processes still need to set a non zero core file process limit ('ulimit
-c unlimited' or if procd used 'procd_set_param limits
core="unlimited"') in order to produce a core. This setting removes an
obscure stumbling block along the way.
>From https://www.kernel.org/doc/Documentation/sysctl/fs.txt
suid_dumpable:
This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are
0 - (default) - traditional behaviour. Any process which has changed
privilege levels or is execute only will not be dumped.
1 - (debug) - all processes dump core when possible. The core dump is
owned by the current user and no security is applied. This is
intended for system debugging situations only. Ptrace is unchecked.
This is insecure as it allows regular users to examine the memory
contents of privileged processes.
2 - (suidsafe) - any binary which normally would not be dumped is dumped
anyway, but only if the "core_pattern" kernel sysctl is set to
either a pipe handler or a fully qualified path. (For more details
on this limitation, see CVE-2006-2451.) This mode is appropriate
when administrators are attempting to debug problems in a normal
environment, and either have a core dump pipe handler that knows
to treat privileged core dumps with care, or specific directory
defined for catching core dumps. If a core dump happens without
a pipe handler or fully qualifid path, a message will be emitted
to syslog warning about the lack of a correct setting.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Matthias Schiffer [Mon, 11 Sep 2017 17:41:41 +0000 (19:41 +0200)]
ar71xx: fix MAC addresses on TP-Link TL-WR1043ND v4
The addresses were read from the 'config' partition, which would not always
contain the addresses at the same offsets, depending on the stock firmware
version used before flashing LEDE. Change this to get the addresses from
the 'product-info' partition, which is read-only.
Reported-and-tested-by: Andreas Ziegler <ml@andreas-ziegler.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Kristian Evensen [Sun, 10 Sep 2017 12:44:47 +0000 (14:44 +0200)]
ramips: Add support for ZBT WE1026-5G
The ZBT WE1026-5G
(http://www.zbtlink.com/products/router/WE1026-5G.html) is the follow-up
to the ZBT WE1026 and is based on MT7620. For the previous WE1026, the
ZBT WE826 image could be used. However, as the name implies, the -5G
comes equipped with a 5GHz wifi radio. As the WE826 only has a 2.4GHz
radio, the addition of 5GHz means that a separate image is needed for
the WE1026-5G. I suspect that this image will also work on the previous
WE1026, but I don't have a device to test with.
The WE1026-5G has following specifications:
* CPU: MT7620A
* 1x 10/100Mbps Ethernet.
* 16 MB Flash.
* 64 MB RAM.
* 1x USB 2.0 port.
* 1x mini-PCIe slots.
* 1x SIM slots.
* 1x 2.4Ghz WIFI.
* 1x 5GHz wifi (MT7612)
* 1x button.
* 3x controllable LEDs.
Works:
* Wifi.
* Switch.
* mini-PCIe slot. Only tested with a USB device (a modem).
* SIM slot.
* Sysupgrade.
* Button (reset).
Not working:
* The 5GHz WIFI LED is completely dead. I suspect the issue is the same
as on other devices with Mediatek 5Ghz wifi-cards/chips. The LED is
controlled by the driver, and mt76 (currently) does not support this.
Not tested:
* SD card reader.
Notes:
* The modem (labeled 3G/4G) and power LEDs are controlled by the
hardware.
* There is a 32MB version of this device available, but I do not have
access to it. I have therefor only added support for the 16MB version,
but added all the required infrastructure to make adding support for the
32MB version easy.
Installation:
The router comes pre-installed with OpenWRT, including a variant of
Luci. The initial firmware install can be done through this UI,
following normal procedure. I.e., access the UI and update the firmware
using the sysupgrade-image. Remember to select that you do not want to
keep existing settings.
Recovery:
If you brick the device, the WE1026-5G supports recovery using HTTP. Keep the
reset button pressed for ~5sec when booting to start the web server. Set the
address of the network interface on your machine to 192.168.1.2/24, and
point your browser to 192.168.1.1 to access the recovery UI. From the
recovery UI you can upload a firmware image.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Toke Høiland-Jørgensen [Wed, 6 Sep 2017 12:53:19 +0000 (14:53 +0200)]
ath10k: Re-enable intermediate softqueues for all devices
The upstream ath10k driver disables the intermediate softqueues for some
devices. This patch reverts that behaviour and always enables the
softqueues (and associated bufferbloat fixes). We have had reports of people
running this with good results:
https://lists.bufferbloat.net/pipermail/make-wifi-fast/2017-September/001497.html
This also refreshes mac80211 patches.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Baptiste Jonglez [Sun, 3 Sep 2017 12:01:28 +0000 (14:01 +0200)]
scripts/download.pl: fail loudly if provided hash is unsupported
Currently, if the provided hash is unsupported (length different from 32
or 64 bytes), we happily download the requested file without any kind of
checksum verification.
This is quite dangerous and may provide a false sense of security, because
a single typo in the hash (e.g. one character deleted by mistake) may skip
checksum verification entirely.
Instead, fail immediately if we don't support the provided hash.
In particular, if an external package repository decides to change the
hash algorithm one day, we will now fail loudly instead of skipping
checksum verification without complaints.
Note: if some users of scripts/download.pl knowingly provide an empty hash
because they don't need checksum verification, this change will break
them. This does not seem to be the case currently, but if this feature is
ever needed, an option should be added to download.pl instead of relying
on the hash being empty.
Fixes:
eaa4eba10a89 ("scripts/download.pl: add SHA-256 support")
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Rosen Penev [Sun, 3 Sep 2017 18:35:46 +0000 (11:35 -0700)]
ar71xx: Add GRO support to ag71xx
On a TL-WN710N, this patch increases iperf performance from ~92.5 to ~93.5 mbps. Keep in mind the WN710N is a 100mbps device. I expect greater numbers from gigabit devices.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Thu, 7 Sep 2017 02:57:41 +0000 (19:57 -0700)]
ramips: Change ethernet driver to use napi_complete_done.
Backport of mailine linux commit. Speeds up ethernet slightly and reduces latency.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tim Harvey [Fri, 8 Sep 2017 18:56:59 +0000 (11:56 -0700)]
cns3xxx: fix GPIO controller interrupt enable
The cns3xxx interrupt controller uses a single register and as such
the 'mask' reg/functions must be used as opposed to the 'enable'/'disable'
reg/functions.
This fixes an issue that occurs if more than one GPIO on a specific controller
(there is GPIOA and GPIOB each having 32 GPIO's) uses interrupts. When one
would get enabled all others would be disabled prior to this patch.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Stijn Tintel [Sun, 10 Sep 2017 21:37:48 +0000 (23:37 +0200)]
kernel: update 4.9 to 4.9.49
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes CVE-2017-11600.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Sun, 10 Sep 2017 20:38:07 +0000 (22:38 +0200)]
strace: bump to 4.19
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Kevin Darbyshire-Bryant [Fri, 1 Sep 2017 18:04:29 +0000 (19:04 +0100)]
mbedtls: update to 2.6.0 CVE-2017-14032
Fixed an authentication bypass issue in SSL/TLS. When the TLS
authentication mode was set to 'optional',
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
peer's X.509 certificate chain had more than
MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
it was not trusted. This could be triggered remotely on both the client
and server side. (Note, with the authentication mode set by
mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
was correctly aborted).
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Magnus Kroken <mkroken@gmail.com>
Stijn Tintel [Sun, 10 Sep 2017 19:27:26 +0000 (21:27 +0200)]
tcpdump: bump to 4.9.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Sun, 10 Sep 2017 19:27:15 +0000 (21:27 +0200)]
lldpd: bump to 0.9.8
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Enrique Giraldo [Wed, 2 Aug 2017 15:08:32 +0000 (17:08 +0200)]
ar71xx: add metadata to wpj344 and wpj558 images
This adds metadata to wpj344 and wpj558 images to prevent loading
firmware of wpj344 into wpj558 and vice versa. This until now was
possible and break the units and had to be recovered from the uboot.
Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
Enrique Giraldo [Thu, 6 Jul 2017 12:04:31 +0000 (14:04 +0200)]
ar71xx: wpj558: remove unused eth1 device and fix MAC address
Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
Enrique Giraldo [Thu, 29 Jun 2017 10:03:03 +0000 (12:03 +0200)]
ar71xx: add support for COMFAST CF-E355AC
COMFAST CF-E355AC is a ceiling mount AP with PoE support, based on
Qualcomm/Atheros QCA9531 + QCA9882.
Short specification:
- 2x 10/100 Mbps Ethernet, with PoE support
- 64MB of RAM (DDR2)
- 16 MB of FLASH
- 2T2R 2.4 GHz, 802.11b/g/n
- 2T2R 5 GHz, 802.11ac/n/a
- built-in 4x 3 dBi antennas
- output power (max): 500 mW (27 dBm)
- 1x RGB LED, 1x button
- built-in watchdog chipset
Flash instruction:
Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.
Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
[whitespace fixes, ac radio caldata offset fix]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Sat, 19 Aug 2017 16:26:46 +0000 (18:26 +0200)]
ar71xx: add support for GL.iNet GL-USB150
GL.iNet GL-USB150 is an USB dongle WiFi router, based on Atheros AR9331.
Specification:
- 400/400/200 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- Realtek RTL8152B USB to Ethernet bridge (connected with AR9331 PHY4)
- 1T1R 2.4 GHz
- 2x LED, 1x button
- UART header on PCB
Flash instruction:
Vendor firmware is based on OpenWrt CC. GUI or sysupgrade can be used
to flash LEDE firmware.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>