Magnus Kroken [Wed, 27 Sep 2017 17:45:32 +0000 (19:45 +0200)]
openvpn: update to 2.4.4
Fixes CVE-2017-12166: out of bounds write in key-method 1.
Remove the mirror that was temporarily added during the
2.4.3 release.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Stijn Tintel [Wed, 27 Sep 2017 21:19:49 +0000 (00:19 +0300)]
kernel: update 4.9 to 4.9.52
Refresh patches.
Compile-tested on x86/64.
Runtime-tested on x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Lorenzo Santina [Wed, 27 Sep 2017 09:21:53 +0000 (11:21 +0200)]
hostapd: update wpa_supplicant p2p config
Update the config file to the latest version.
Added CONFIG_EAP_FAST=y because it was the only
missing flag about EAP compared to full config.
Removed NEED_80211_COMMON flag because it is not part
of config file, it is set by the hostapd upstream Makefile.
Other flags are the same as before.
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Lorenzo Santina [Wed, 27 Sep 2017 09:15:42 +0000 (11:15 +0200)]
hostapd: update wpa_supplicant mini config
Update the config file to the latest version.
Enabled flags are the same as before.
Removed NEED_80211_COMMON flag because it is not part
of config file, it is set by the hostapd upstream Makefile.
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Lorenzo Santina [Wed, 27 Sep 2017 09:09:06 +0000 (11:09 +0200)]
hostapd: update wpa_supplicant full config
Update the config file to the latest version.
Enabled flags are the same as before.
Commented CONFIG_IEEE80211W=y flag because it is
set in the Makefile, only if the driver supports it.
Removed NEED_80211_COMMON flag because it is not part
of config file, it is set by the hostapd upstream Makefile.
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Lorenzo Santina [Mon, 25 Sep 2017 18:10:57 +0000 (20:10 +0200)]
hostapd: update hostapd mini config
Update the config file to the latest version.
Enabled flags are the same as before.
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Lorenzo Santina [Mon, 25 Sep 2017 17:02:09 +0000 (19:02 +0200)]
hostapd: update hostapd full config
Update the config file to the latest version.
Enabled flags are the same as before.
Removed flag CONFIG_WPS2 because it is no more
needed due to this changelog (2014-06-04 - v2.2):
"remove WPS 1.0 only support, i.e., WSC 2.0
support is now enabled whenever CONFIG_WPS=y is set".
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Hans Dedecker [Wed, 27 Sep 2017 15:22:44 +0000 (17:22 +0200)]
curl: fix disable threaded resolver
Bump to 7.55.1 broke the disable threaded resolver feature as reported
in https://github.com/curl/curl/issues/1784.
As a result curl is always compiled with the threaded resolver feature
enabled which causes a dependency issue on pthread for uclibc.
Fix this issue by backporting the upstream curl commit which fixes
disable threaded resolver.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Stijn Tintel [Tue, 26 Sep 2017 15:13:18 +0000 (18:13 +0300)]
ipset: replace patch that was reverted upstream
Use the correct prefix for backports while at it.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Hauke Mehrtens [Mon, 25 Sep 2017 21:04:09 +0000 (23:04 +0200)]
Revert "brcm47xx: Fix sysupgrade with E1200v1"
This reverts commit
31e9445b7e614f54daa0caf3148e223d088311ab.
"Linksys E1200 V1" is not a valid board name, as the brcm47xx arch code
can not detect this device. Stefan Lippers-Hollmann also found a typo in
this patch "cybetran" instead of "cybertan".
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Marko Ratkaj [Mon, 25 Sep 2017 11:22:20 +0000 (13:22 +0200)]
uboot-mvebu: add OpenSSL compat patches
Fixes the following build issue: "undefined reference to `EVP_MD_CTX_create'"
From: Jelle van der Waa <jelle@vdwaa.nl>
The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.
EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
called to reinitialise an already created structure.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Marko Ratkaj [Mon, 25 Sep 2017 10:32:22 +0000 (12:32 +0200)]
uboot-mvebu: fix SETEXPR redefinition warning
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Marko Ratkaj [Mon, 25 Sep 2017 10:28:52 +0000 (12:28 +0200)]
uboot-mvebu: add missing UBOOT_MAKE_FLAGS variable
This patch removes "/bin/sh: HOSTCPPFLAGS: command not found" errors douring build.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Stijn Tintel [Mon, 25 Sep 2017 20:16:37 +0000 (23:16 +0300)]
Revert "toolchain/gdb: update to version 8.0.1"
Since version 8.0, gdb requires at least gcc 4.8. Unfortunately some of
the buildbot slaves don't meet this requirement, and fail to build LEDE
after the gdb upgrade. Revert to the previous gdb version for now.
This reverts commit
592abe9ef53f921554d48085d6482d4507b3e142.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Sun, 12 Mar 2017 02:09:36 +0000 (03:09 +0100)]
samba36: add Package/samba/Default
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Mon, 25 Sep 2017 02:55:27 +0000 (05:55 +0300)]
ipset: bump to 6.34
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Ryan Mounce [Sun, 6 Aug 2017 04:52:18 +0000 (14:22 +0930)]
toolchain/gdb: update to version 8.0.1
Fixes CVE-2017-9778.
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
[reference fixed CVE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Mon, 25 Sep 2017 03:00:51 +0000 (06:00 +0300)]
curl: bump to 7.55.1
Update 200-no_docs_tests.patch.
Refresh patches.
Fixes the following CVEs:
- CVE-2017-
1000099
- CVE-2017-
1000100
- CVE-2017-
1000101
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Mon, 25 Sep 2017 02:59:23 +0000 (05:59 +0300)]
iperf: bump to 2.0.10
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Rosen Penev [Fri, 15 Sep 2017 23:09:19 +0000 (16:09 -0700)]
brcm47xx: Fix sysupgrade with E1200v1
Entry was missing for some reason.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Lucian Cristian [Mon, 18 Sep 2017 22:13:44 +0000 (01:13 +0300)]
sunxi: add Olimex A20-OLinuXino-LIME2-eMMC
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[replaced u-boot patch with original version from u-boot git]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Marko Ratkaj [Tue, 19 Sep 2017 07:35:39 +0000 (09:35 +0200)]
tools: flex: fix segfault with glibc 2.26+
Fix segmentation fault caused by implicit declaration of function 'reallocarray'. Added patch will enable
reallocarray() prototype in glibc 2.26+ on Linux systems. This fix will be included in flex 2.6.5.
Fixes LEDE issue: FS#1003 (Flex does not build with GCC 7.2)
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Philip Prindeville [Tue, 19 Sep 2017 23:49:13 +0000 (17:49 -0600)]
kernel: don't scrimp on memory on big iron
x86_64 platforms typically don't lack memory, so don't needlessly
economize memory if fq_codel on capable platforms.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
[Add a comment to the patch]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
James Christopher Adduono [Wed, 20 Sep 2017 05:30:45 +0000 (01:30 -0400)]
kernel: kmod-usb-storage-uas
This will allow you to build and package the uas.ko module.
With more routers supporting USB 3.0 host this could help
speed up activities like DLNA and Samba, as well as reduce
CPU utilization over BOT mass storage drivers.
Signed-off-by: James Christopher Adduono <jc@adduono.com>
Kevin Darbyshire-Bryant [Wed, 20 Sep 2017 14:10:42 +0000 (15:10 +0100)]
ramips: fix missing mediatek wdt
mediatek MT7621 soc watchdog DTS id was renamed from "mtk,mt7621-wdt" to
"mediatek,mt7621-wdt" when driver upstreamed to kernel 4.5
Update mt7621.dtsi & mt7628an.dtsi definitions to match upstreamed
kernel.
Restores hardward watchdog functionality on mt7621 devices under linux
4.9
Tested on: MIR3G
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Adrian Panella [Tue, 12 Sep 2017 18:29:09 +0000 (13:29 -0500)]
uhttp: update to latest version
3fd58e9 2017-08-19 uhttpd: add manifest support
88c0b4b 2017-07-09 file: fix basic auth regression
99957f6 2017-07-02 file: remove unused "auth" member from struct
path_info
c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS
ad93be7 2017-07-02 auth: store parsed username and password
fa51d7f 2017-07-02 proc: do not declare empty process variables
a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support
e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash
Signed-off-by: Adrian Panella <ianchi74@outlook.com>
Hans Dedecker [Thu, 21 Sep 2017 20:42:28 +0000 (22:42 +0200)]
libubox: fix uloop race condition
7a10576 uloop: Fix race condition in SIGCHLD handling
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Stijn Tintel [Wed, 20 Sep 2017 20:18:24 +0000 (23:18 +0300)]
kernel: update 4.9 to 4.9.51
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Stijn Tintel [Tue, 19 Sep 2017 18:34:47 +0000 (21:34 +0300)]
arm-trusted-firmware-sunxi: depend on sunxi target
The arm-trusted-firmware-sunxi package is only used by the Allwinner
A64, so only make it selectable for its subtarget sunxi/cortexa53.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Jonas Gorski <jonas.gorski@gmail.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:23 +0000 (11:51 -0700)]
at91bootstrap: New package at91bootstrap
at91bootstrap is a second-level bootloader for Microchip(Atmel AT91) SoCs.
It provides a set of algorithms to manage the hardware initialization and
to download the main application or a third-level bootloader(i.e. uboot)
from specified boot media to main memory and execute it.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:22 +0000 (11:51 -0700)]
uboot-at91: Add support for SAMA5D4 Xplained board
Add support for SAMA5D4 Xplained board and options to select & build
u-boot configs for different media storage.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:21 +0000 (11:51 -0700)]
uboot-at91: Add support for SAMA5D2 Xplained board
Add support for SAMA5D2 Xplained board and options to select & build
u-boot configs for different media storage.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:20 +0000 (11:51 -0700)]
uboot-at91: Add support for SAMA5D3 Xplained board
Add support for SAMA5D3 Xplained board and options to select & build
u-boot configs for different media storage.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:19 +0000 (11:51 -0700)]
uboot-at91: move BUILD_SUBTARGET from U-Boot/Default to devices
currenlty U-Boot/Default supports only at91 legacy devices.To add
sama5 support, moving BUILD_SUBTARGET from U-Boot/Default to target
devices.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:18 +0000 (11:51 -0700)]
at91: Add UBI parameters for sama5d4.
Add UBIFS_OPTS & UBINIZE_OPTS parameters for sama5d4 Xplained board.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:17 +0000 (11:51 -0700)]
at91: Add SAMA5D4 device
Add support for SAMA5D4 with target device as at91-sama5d4_xplained
in SAMA5 subtarget and build images for SAMA5D4 Xplained board.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:16 +0000 (11:51 -0700)]
at91: Add SAMA5D2 device
Add support for SAMA5D2 with target device as at91-sama5d2_xplained
in SAMA5 subtarget and build images for SAMA5D2 Xplained board.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:15 +0000 (11:51 -0700)]
at91: Install zImage.
Installing zImage to bin folder of device target.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:14 +0000 (11:51 -0700)]
build: add image command for installing zImage file.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:13 +0000 (11:51 -0700)]
at91: Renaming subtarget sama5d3 to sama5
Renaming at91 subtarget sama5d3 to sama5 and using at91-sama5d3_xplained
as a target device in sama5 subtarget.This will enable to add other
sama5d2 & sama5d4 target devices in sama5 subtraget.This will avoid
code duplication when sama5d2 & sama5d4 added as different subtarget.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Philip Prindeville [Tue, 19 Sep 2017 21:17:09 +0000 (15:17 -0600)]
build: remove @ as it's causing an error
Since $(DownloadMethod/unknown) is being invoked in the expansion of
$(call locked ...) anyway, you can't have an @ because the shell
doesn't know what to do with it.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Chen Minqiang [Wed, 20 Sep 2017 02:20:09 +0000 (10:20 +0800)]
ipq-wifi: fix missing define of PKG_NAME
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Philip Prindeville [Tue, 19 Sep 2017 20:47:54 +0000 (14:47 -0600)]
usbutils: avoid duplicating the git revision
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Sven Roederer [Tue, 5 Sep 2017 16:27:02 +0000 (18:27 +0200)]
openvpn: add "extra-certs" option
This option is used to specify a file containing PEM certs, to complete the
local certificate chain. Which is quite usefull for "split-CA" setups.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Lucian Cristian [Fri, 19 May 2017 01:14:08 +0000 (04:14 +0300)]
sunxi: add Olimex A20-OlinuXino-LIME2
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Lorenzo Santina [Sat, 16 Sep 2017 09:14:27 +0000 (11:14 +0200)]
hostapd: ft_over_ds support
Add support for ft_over_ds flag in ieee80211r
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Lorenzo Santina [Sat, 16 Sep 2017 09:07:24 +0000 (11:07 +0200)]
hostapd: ft_psk_generate_local support
Add support for ft_psk_generate_local flag in ieee80211r
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[original author]
Signed-off-by: Sergio <mailbox@sergio.spb.ru>
Hauke Mehrtens [Sun, 17 Sep 2017 19:33:20 +0000 (21:33 +0200)]
ath10k-firmware: use firmware from git instead of extra download
Instead of manually downloading the files again we can also take the
same files directly from the ath10k-firmware git which was cloned
before.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 20:53:20 +0000 (22:53 +0200)]
sunxi: Add A64 support with cortex53 subtarget
This adds initial support for the A64 Allwinner SoC to LEDE.
It will be build in the new cortexa53 subtarget.
Currently it only supports the pine64 and the image is able to boot on
this SoC.
Camera, Ethernet, HDMI and other parts are currently not working.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Mon, 17 Jul 2017 20:48:31 +0000 (22:48 +0200)]
sunxi: Backport patches from kernel 4.11 for A64
This backports some more patches from kernel 4.11 adding more devices
to the device tree of the A64 SoC.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 20:50:41 +0000 (22:50 +0200)]
sunxi: Backport patches needed for A64
This backports multiple patches from kernel 4.10 which are adding
missing support for the A64 and the pine64 board. These are the device
tree files, the pinctlk and the clock driver.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 20:53:35 +0000 (22:53 +0200)]
uboot-sunxi: build A64 SoC and pine64 U-Boot
This creates a U-Boot for the aarch64 SoC A64 on the pine64 board.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 22:01:21 +0000 (00:01 +0200)]
arm-trusted-firmware-sunxi: add new package
This is needed for the Boot loader of the A64 SoC.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 18:35:57 +0000 (20:35 +0200)]
sunxi: split into cortex A8 and A7 subtarget
Now we can activate some compiler optimizations for the cortex A7.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 20:51:25 +0000 (22:51 +0200)]
sunxi: fix build of rtc package when module not available
If the Kconfig option CONFIG_RTC_DRV_SUNXI is not selected this package
should be be build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Thu, 20 Jul 2017 21:27:31 +0000 (23:27 +0200)]
uboot-sunxi: revert the usage of binman
This will avoid the usage of swig.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Wed, 19 Jul 2017 20:46:34 +0000 (22:46 +0200)]
uboot-sunxi: do not depend on dtc being install on host
make mkimage check the DTC environment variable first.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 16:41:57 +0000 (18:41 +0200)]
uboot-sunxi: update to version 2017.07
The deleted patches are already integrated in the upstream U-Boot
version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 12:57:08 +0000 (14:57 +0200)]
sunxi: add support for kernel 4.9
Most of the patches were backpoprts from the mainline kernel and are
integrated upstream now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 15 Jul 2017 13:57:29 +0000 (15:57 +0200)]
kernel: add some config options
These are needed for the sunxi target.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Stijn Tintel [Mon, 18 Sep 2017 09:13:18 +0000 (12:13 +0300)]
rb532: drop 4.4 support
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Roman Yeryomin [Sun, 17 Sep 2017 18:35:19 +0000 (21:35 +0300)]
rb532: add myself as maintainer
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Roman Yeryomin [Sun, 17 Sep 2017 18:34:36 +0000 (21:34 +0300)]
rb532: switch to 4.9
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Roman Yeryomin [Sun, 17 Sep 2017 18:34:00 +0000 (21:34 +0300)]
rb532: add support for 4.9
Includes latest korina fixes.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
[rewrite commit message (subject <= 50 characters)]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Roman Yeryomin [Sun, 17 Sep 2017 18:33:20 +0000 (21:33 +0300)]
rb532: set lan interface type to brigde
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Roman Yeryomin [Sun, 17 Sep 2017 18:32:42 +0000 (21:32 +0300)]
rb532: increase kernel size limit
This is required to support kernel 4.9.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
[rewrite commit message (subject <= 50 characters)]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Marcin Jurkowski [Thu, 14 Sep 2017 12:49:10 +0000 (14:49 +0200)]
dnsmasq: fix dhcp "ignore" option on wwan interfaces
Init script won't append --no-dhcp-interface option if interface
protocol is one of: ncm, directip, qmi, mbim.
This is caused by IP address assigned to dynamically created netifd
interfaces. As a result there's no netmask assigned to the main
interface and dhcp_add() function returns prematurely.
By moving network subnet check we can ensure that --no-dhcp-interface is
properly generated for wwan interfaces.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase; move network checks]
Hans Dedecker [Mon, 18 Sep 2017 07:18:36 +0000 (09:18 +0200)]
base-files: fix wan6 interface config generation for pppoe
Setting ipv6 to auto in case of a pppoe interface will trigger the
creation of a dynamic wan_6 interface meaning two IPv6 interfaces
(wan6 and wan_6) will be active on top of the pppoe interface.
This leads to unpredictable behavior in the network; therefore set
ipv6 to 1 which will prevent the dynamic creation of the wan_6
interface.
Further alias the wan6 interface on top of the wan interface for pppoe
as the wan6 interface can only be started when the link local address is
ready. In case of pppoe the link local address is negotiated during the
Internet Protocol Control Protocol when the PPP link is setup meaning
all the IP address info is only available when the wan interface is up.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Stijn Tintel [Mon, 18 Sep 2017 00:58:25 +0000 (03:58 +0300)]
kernel: update 4.9 to 4.9.50
Refresh patches.
Compile-tested on ipq8065/nbg6817 and x86/64.
Runtime-tested on ipq8065/nbg6817 and x86/64.
Fixes CVE-2017-
1000251.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[adapt qcom_nandc.c patches to match upstream changes, test ipq8065/nbg6817]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Florian Fainelli [Sat, 16 Sep 2017 23:41:48 +0000 (16:41 -0700)]
kernel: update to 3.18.71
Delete a bunch of fixes that are already included.
Refresh patches.
Compile-tested on malta/mipsel
Runtime-tested on malta/mipsel
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Stijn Tintel [Sun, 17 Sep 2017 22:26:44 +0000 (01:26 +0300)]
tcpdump: noop commit to refer CVEs fixed in 4.9.2
When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed
CVEs in the commit message. As the list of fixed CVEs is quite long,
we should probably mention them in the changelogs of the releases to
come. This commit will make sure this happens.
The following CVEs were fixed in
21014d9708d586becbd62da571effadb488da9fc:
CVE-2017-11541
CVE-2017-11541
CVE-2017-11542
CVE-2017-11542
CVE-2017-11543
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Hauke Mehrtens [Sat, 16 Sep 2017 23:35:00 +0000 (01:35 +0200)]
mac80211: make iwlwifi select AC support
Some NICs supported by this driver support ieee80211 AC.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 16 Sep 2017 23:33:35 +0000 (01:33 +0200)]
linux-firmware: pack Intel iwl FW separately
Do not create one big package with all the Intel firmware files
supported by the iwlwifi driver, but use a separate package for each
chip.
This also updates some 7000 and 8000 series firmware files to more
recent version. The older versions shipped are not supported by the
current driver any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 17 Sep 2017 12:50:01 +0000 (14:50 +0200)]
mac80211: add dev_coredumpm() function
dev_coredumpm() was added with kernel 4.7, but it is used by iwlwifi.
When the dev coredump framework form compat-wireless is used this is not
a problem because it already contains this, but this is deactivated if
the build system finds out that it is already included in the kernel we
compile against. This option was now activated by the bluetooth driver
btmrvl. Having dev coredump in the kernel adds about 400 bytes to the
lzma compressed kernel for brcm47xx.
This is copied from a more recent backports version to add the
dev_coredumpm() function when the internal core devdump is not used.
Fixes:
a5922f6 ("kernel: bluetooth: add marvell sdio bluetooth module")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Daniel Engberg [Sun, 17 Sep 2017 06:17:54 +0000 (08:17 +0200)]
kernel: kmod-btmrvl: Add kmod-mmc as dependency
This fixes the build of this module and should fix the build bots.
Fixes:
a5922f6 ("kernel: bluetooth: add marvell sdio bluetooth module")
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[removed mveub dependency and update commit comment]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Florian Fainelli [Sat, 16 Sep 2017 22:16:09 +0000 (15:16 -0700)]
generic: drop 704-phy-no-genphy-soft-reset.patch
4.4.80+ contains
71a165f6397df07a06ce643de5c2dbae29bd3cfb, 4.9.41+ contains
6c78197e4a69c19e61dfe904fdc661b2aee8ec20 which are all backports of upstream
commit
0878fff1f42c18e448ab5b8b4f6a3eb32365b5b6 ("net: phy: Do not perform
software reset for Generic PHY").
Our local patch is no longer needed, all this patch was doing was utilizing
gen10g_soft_reset which does nothing either, so just keep the code unchanged.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Sat, 16 Sep 2017 23:27:37 +0000 (16:27 -0700)]
dnsmasq: Pass TARGET_CPPFLAGS to Makefile
With the introduction of the ubus notifications, we would now fail building
dnsmasq with external toolchains that don't automatically search for headers.
Pass TARGET_CPPFLAGS to the Makefile to resolve that.
Fixes:
34a206bc1194 ("dnsmasq: add ubus notifications for new leases")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Sat, 16 Sep 2017 21:49:37 +0000 (14:49 -0700)]
armvirt: Enable CONFIG_ARM_PMU
We will be prompted with this config symbol when performance monitoring is
enabled in the kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Henryk Heisig [Fri, 7 Jul 2017 07:53:12 +0000 (09:53 +0200)]
mvebu: WRT3200ACM: add bluetooth module
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
Henryk Heisig [Fri, 7 Jul 2017 07:43:10 +0000 (09:43 +0200)]
kernel: bluetooth: add marvell sdio bluetooth module
This commit add support for Marvell bluetooth with SDIO interface.
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
[Fix KCONFIG and FILES option]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Henryk Heisig [Fri, 7 Jul 2017 07:35:20 +0000 (09:35 +0200)]
linux-firmware: update to the commit from 2017-09-06
update firmware mrvl/sd8887_uapsta.bin
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
[update to version 2017-09-06]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Daniel Engberg [Thu, 7 Sep 2017 22:44:26 +0000 (00:44 +0200)]
utils/e2fsprogs: Update to 1.43.6
Update e2fsprogs to 1.43.6
Disable compilation of fuse2fs (we don't package it)
Disable thread support (only affects fuse2fs)
Enable linking with libblkid instead of using private (included) version.
The libblkid is ~210KBytes in size, but with using the shared library
the binaries are ~25KBytes smaller. This also brings it in sync with
most other Linux distributions.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Philip Prindeville [Fri, 15 Sep 2017 17:03:52 +0000 (11:03 -0600)]
kernel: add packaging for Xeon iTCO watchdog timer
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Kabuli Chana [Thu, 10 Aug 2017 16:48:28 +0000 (10:48 -0600)]
mwlwifi: update to version 10.3.4.0 / 2017-08-10
Update mwlwifi
Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
Alexandru Ardelean [Fri, 25 Aug 2017 13:22:36 +0000 (16:22 +0300)]
libs/wolfssl: bump to version 3.12.0 ; add myself as maintainer
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Fri, 25 Aug 2017 11:23:42 +0000 (14:23 +0300)]
libs/wolfssl: adjust symbol defaults against libwolfssl defaults
Some symbols have been renamed.
Some are default enabled/disabled, so we need
to adjust semantics against that.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Fri, 25 Aug 2017 11:15:15 +0000 (14:15 +0300)]
libs/wolfssl: disable hardening check in `settings.h`
This seems to cause a false-positive warning/error
while building `libwebsockets-cyassl`.
```
make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
[ 2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o
In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0,
from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33,
from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30,
from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256,
from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43:
/home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp]
#warning "For timing resistance / side-channel attack prevention consider using harden options"
```
Hardening is enabled by default in libwolfssl at build-time.
However, the `settings.h` header is exported (along with other headers)
for build (via Build/InstallDev).
This looks like a small bug/issue with wolfssl.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Thu, 24 Aug 2017 05:56:40 +0000 (08:56 +0300)]
cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`
This is to eliminate any ambiguity about the cyassl/wolfssl lib.
The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.
It's a good idea to keep up with the times (moving forward).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Fri, 25 Aug 2017 11:25:28 +0000 (14:25 +0300)]
libs/wolfssl: add libcysassl to PROVIDES field (for backwards compat)
Until other packages from feeds decide to rename the
dependency of `+libcyassl` to `+libwolfssl`, this allows
for a bit of backwards compatibility with those packages.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Mon, 4 Sep 2017 13:16:00 +0000 (16:16 +0300)]
wwan: json format in some modem definitions
Method used:
```
cd package/network/utils/wwan/files/data
sed -e 's/}}/}/g' -i *
sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i *
sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i *
```
Manually adjusted commas.
Validated with
```
for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done
```
Thanks to @lynxis for pointing out the commas.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Daniel Engberg [Fri, 8 Sep 2017 07:42:23 +0000 (09:42 +0200)]
tools/e2fsprogs: Update to 1.43.6
Update e2fsprogs to 1.43.6
* Remove FreeBSD patch as it's not needed, FreeBSD 9.1 is EoL and this
is compiling on FreeBSD 11.1.
* Remove libmagic patch, RHEL 5 is EoL (End of Production Phase) since
March 31, 2017.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Daniel Engberg [Wed, 6 Sep 2017 09:56:15 +0000 (11:56 +0200)]
tools/expat: Update to 2.2.4
Update (lib)expat to 2.2.4
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Kevin Darbyshire-Bryant [Tue, 22 Aug 2017 10:01:07 +0000 (11:01 +0100)]
toolchain: gcc: update 7.x to 7.2.0
Bump gcc from 7.1 to 7.2
Compile & run tested: ar71xx
Trace history of current patches and update with commit ref & comment
to give more clue as to why they're still around/needed. Some have
changed form since the original commit but some clue is better than no
clue at all.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Kevin Darbyshire-Bryant [Fri, 15 Sep 2017 10:41:09 +0000 (11:41 +0100)]
kernel: update 4.4 to 4.4.88
Refresh patches.
Compile & run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Karl Palsson [Fri, 1 Sep 2017 11:22:11 +0000 (11:22 +0000)]
odhcpd: don't enable server mode on non-static lan port
Instead of blindly enabling the odhcpd v6 server and RA server on the
lan port, only do that if the lan port protocol is "static"
This prevents the unhelpful case of a device being a dhcpv4 client and
v6 server on the same ethernet port.
Signed-off-by: Karl Palsson <karlp@etactica.com>
[PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup]
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Jiawei Wang [Wed, 13 Sep 2017 06:04:22 +0000 (14:04 +0800)]
ramips: fix used MAC addresses for Phicomm K2P
The factory partition of the Phicomm K2P contains two MAC addresses.
The lower MAC address is at offset 0xe006 and the higher one is at
offset 0xe000.
Use the lower MAC address as base mac-address which the switch driver
increments by one for the second (wan) vlan.
The MAC addresses are still inverted in contrast to the stock firmware
where the lower MAC address is used for wan. But at least the use of a
MAC address not intended/reserved for this particular board is fixed.
Signed-off-by: Jiawei Wang <me@jwang.link>
Hans Dedecker [Wed, 13 Sep 2017 20:18:08 +0000 (22:18 +0200)]
odhcpd: update to git HEAD version
f0bce9c dhcpv4: fix memset compile issue
0ba3278 dhcpv4: rework assignment lookup
e3b49f3 dhcpv4: cleanup dhcpv4_test usage
47fe122 dhcpv4: rework lease expire handling logic
028ab85 dhcpv4: force renew nonce authentication support
a827fca dhcpv4: avoid segfault when there's no IPv4 prefix
bea088b ndp: detect ifindex changes via interface netlink events
f66103e ubus: display accept reconf status for DHCPv6 assignments
f0e354b treewide: replace RELAYD prefix naming in macros
1a313f9 dhcpv4: fix possible segfault when lease is not created
e2d6eb4 dhcpv4: dhcpv4: move interface lease list insertion out of dhcpv4_assign
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Kristian Evensen [Tue, 12 Sep 2017 16:27:10 +0000 (18:27 +0200)]
ramips: fix D240 mini-PCIe power control GPIOs
In commit
b11c51916cb9 ("ramips: Improve Sanlinking D240 config") I made
a mistake with regards GPIO numbering. And in addition to specifying the
wrong GPIO for controling the power of one of the mini-PCIe, I recently
discovered that the power of both slots can be controlled.
This patch specifies the correct GPIO for the left-most mini-PCIe slot
of the D240 (labeled power_mpcie2 since the slot is attached to SIM2),
and adds a GPIO that can be used to control the power of the other
mini-PCIe slot (labeled power_mpcie1).
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[do not use the gpio active macros for the gpio-export value]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Maxim Anisimov [Fri, 8 Sep 2017 09:39:17 +0000 (12:39 +0300)]
ramips: add support for TP-Link Archer C20 v1
TP-Link Archer C20 v1 is a router with 5-port FE switch and
non-detachable antennas. It's very similiar to TP-Link Archer C50.
Also it's based on MediaTek MT7620A+MT7610EN.
Specification:
- MediaTek MT7620A (580 Mhz)
- 64 MB of RAM
- 8 MB of FLASH
- 2T2R 2.4 GHz and 1T1R 5 GHz
- 5x 10/100 Mbps Ethernet
- 2x external, non-detachable antennas
- UART (J1) header on PCB (115200 8n1)
- 8x LED (GPIO-controlled*), 2x button, power input switch
- 1 x USB 2.0 port
* WAN LED in this devices is a dual-color, dual-leads type which isn't
(fully) supported by gpio-leds driver. This type of LED requires both
GPIOs state change at the same time to select color or turn it off.
For now, we support/use only the blue part of the LED.
* MT7610EN ac chip isn't not supported by LEDE. Therefore 5Ghz won't
work.
Factory image notes:
These devices use version 3 of TP-Link header, fortunately without RSA
signature (at least in case of devices sold in Europe). The difference
lays in the requirement for a non-zero value in "Additional Hardware
Version" field. Ideally, it should match the value stored in vendor
firmware header on device.
We are able to prepare factory firwmare file which is accepted and
(almost) correctly flashed from the vendor GUI. As it turned out, it
accepts files without U-Boot image with second header at the beginning
but due to some kind of bug in upgrade routine, flashed image gets
corrupted before it's written to flash. So, to flash this device we must
to prepare image using original firmware from tp-link site with uboot.
Flash instruction:
Until (if at all) TP-Link fixes described problem, the only way to flash
LEDE image in these devices is to use tftp recovery mode in U-Boot.
There are two ways to flash the device to LEDE:
1) Using tftp mode with UART connection and original LEDE image
- Place lede-ramips-mt7620-ArcherC20-squashfs-factory.bin in tftp
server directory
- Configure PC with static IP 192.168.0.66/24 and tftp server.
- Connect PC with one of LAN ports, power up the router and press
key "4" to access U-Boot CLI.
- Use the following commands to update the device to LEDE:
setenv serverip 192.168.0.66
tftp 0x80060000 lede-ramips-mt7620-ArcherC20-squashfs-factory.bin
erase tplink 0x20000 0x7a0000
cp.b 0x80060000 0x20000 0x7a0000
reset
- After that the device will reboot and boot to LEDE
2) Using tftp mode without UART connection but require some
manipulations with target image
- Download and unpack TP-Link Archer C20 v1 firmware from original web
site
- Split uboot.bin from original firmware by this command (example):
dd if=Archer_C20v1_0.9.1_4.0_up_boot(160427)_2016-04-27_13.53.59.bin of=uboot.bin bs=512 count=256 skip=1
- Create ArcherC20V1_tp_recovery.bin using this command:
cat uboot.bin lede-ramips-mt7620-ArcherC20-squashfs-factory.bin > ArcherC20V1_tp_recovery.bin
- Place ArcherC20V1_tp_recovery.bin in tftp server directory.
- Configure PC with static IP 192.168.0.66/24 and tftp server.
- Connect PC with one of LAN ports, press the reset button, power up
the router and keep button pressed for around 6-7 seconds, until
device starts downloading the file.
- Router will download file from server, write it to flash and reboot.
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
Thibaut VARENE [Tue, 12 Sep 2017 21:22:37 +0000 (23:22 +0200)]
generic: drop support for get_port_stats() on ar8xxx
The implementation is not efficient on ar8xxx switches. It triggers high
CPU load and degrades device performance.
The high CPU load has been traced down to the ar8xxx_reg_wait() call in
ar8xxx_mib_op(), which has to usleep_range() till the MIB busy flag set
by the request to update the MIB counter is cleared.
This commit removes the get_port_stats() code introduced in
4d8a66d and
leaves a note for future hacker's beware.
Fixes: FS#1004
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>