Hans Dedecker [Fri, 2 Feb 2018 11:00:45 +0000 (12:00 +0100)]
leds: correct ledtrig-heartbeat Kconfig description
Fix ledtrig-heartbeat Kconfig description
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 1 Feb 2018 14:12:58 +0000 (15:12 +0100)]
netifd: add defaultreqopts config option
By default udhcpc asks for a default list of options; the config option
defaultreqopts allows to tweak this behavior.
When set to 0 udhcpc will not ask for any options except for the options
specified in the reqopts config option.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 31 Jan 2018 11:58:53 +0000 (12:58 +0100)]
odhcp6c: add defaultreqopts config option
By default odhcp6c asks for a default list of options; the config option
defaultreqopts allows to tweak this behavior.
When set to 0 odhcp6c will not ask for any options except for the options
specified in the reqopts config option.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Matthias Schiffer [Wed, 31 Jan 2018 20:18:16 +0000 (21:18 +0100)]
ar71xx-generic: enable ATH79_MACH_TL_WR841N_V8 machine
This machfile also contains the code for the TL-WR842N/ND v2, which is in
ar71xx-generic and not in ar71xx-tiny.
Fixes:
0cd5e85e7a "ar71xx: create new ar71xx/tiny subtarget for 4MB flash
devices"
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Wed, 31 Jan 2018 13:43:12 +0000 (14:43 +0100)]
netfilter: add missing dependency to kmod-ipt-tproxy
Fixes:
e7e025426a "netfilter: clean up dependencies of kernel modules"
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Wed, 31 Jan 2018 12:42:23 +0000 (13:42 +0100)]
mac80211: replace revert for 11s compatiblity with upstream fix
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Thu, 25 Jan 2018 18:31:40 +0000 (19:31 +0100)]
netfilter: add packages for arp and bridge tables of nftables
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Thu, 25 Jan 2018 17:11:37 +0000 (18:11 +0100)]
nftables: remove dependency on kmod-nf-nat
For minimal firewall setups, NAT support may be unnecessary.
It would be possible to further reduce the minimum number of installed
modules, e.g. by separating IPv4 and IPv6 support or moving conntrack
support into a separate kmod package. We go with a more complete
kmod-nft-core for now, until a concrete usecase for smaller packages
arises.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Thu, 25 Jan 2018 17:05:12 +0000 (18:05 +0100)]
netfilter: clean up dependencies of kernel modules
The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate
packages, as they are a common dependency of ip(6)tables and nftables. This
avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables
modules depend on nf-conntrack(6) now.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Yousong Zhou [Thu, 11 May 2017 06:29:52 +0000 (14:29 +0800)]
scripts/qemustart: more portable array operation
The following commands output 1,2,1,1
cmd0='a=("${a[@]}" 'a'); echo "${#a}"'
cmd1='a+=('a'); echo "${#a}"'
bash -c "$cmd0"; zsh -c "$cmd0"
bash -c "$cmd1"; zsh -c "$cmd1"
The following outputs 0,1,0,0
cmd2='f() { echo "$#"; }; f "${a[@]}"'
cmd3="a=(); $cmd2"
bash -c "$cmd2"; zsh -c "$cmd2"
bash -c "$cmd3"; zsh -c "$cmd3"
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Tue, 30 Jan 2018 06:34:59 +0000 (14:34 +0800)]
openssl: remove call to now absent clean-staging make target
It's not needed now since commit
a621b8c ("include: clean package
staging dir files before configure")
Fixes FS#1309
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Hans Dedecker [Thu, 25 Jan 2018 10:46:44 +0000 (11:46 +0100)]
kernel: add test MTD driver package
Allows to test MTD driver using RAM
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hauke Mehrtens [Sat, 27 Jan 2018 23:24:24 +0000 (00:24 +0100)]
netdevices.mk: add missing dependency to kmod-hwmon-core
The IGB and IXGBE drivers depend on kmod-hwmon core now.
Fixes:
af707a178fa5 ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Philip Prindeville [Wed, 24 Jan 2018 02:00:11 +0000 (19:00 -0700)]
netdevices.mk: add hwmon to IGB and IXGBE drivers
Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.
Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Yousong Zhou [Mon, 29 Jan 2018 07:07:51 +0000 (15:07 +0800)]
lantiq: ase: turn off fpu emulator in default build
It was only enabled when the target was added back in commit
9b321bc
("lantiq: add Amazon-SE subtarget")
Leave pistachio alone as devices of this target are not likely have
small_flash or low_mem constraint
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Mon, 29 Jan 2018 01:40:52 +0000 (09:40 +0800)]
build: add config option KERNEL_MIPS_FPU_EMULATOR
To make it more accessible for nodejs users to configure and run a build
on mips target lacking hardware fpu
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Hans Dedecker [Fri, 26 Jan 2018 20:17:46 +0000 (21:17 +0100)]
curl: bump to 7.58.0
a0b5e8944 progress-bar: get screen width on windows
65ceb20df test1454: --connect-to with IPv6 address w/o IPv6 support!
eb6e3c4f6 CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
96186de1f docs: fix man page syntax to make test 1140 OK again
af32cd385 http: prevent custom Authorization headers in redirects
993dd5651 curl: progress bar refresh, get width using ioctl()
9d82cde7b RELEASE-NOTES: synced with
bb0ffcc36
bb0ffcc36 libcurl-env.3: first take
ec122c4c8 TODO: two possible name resolver improvements
a5e6d6ebc http2: don't close connection when single transfer is stopped
87ddeee59 test558: fix for multissl builds
da07dbb86 examples/url2file.c: add missing curl_global_cleanup() call
ddafd45af SSH: Fix state machine for ssh-agent authentication
9e4ad1e2a openssl: fix potential memory leak in SSLKEYLOGFILE logic
ca9c93e3e openssl: fix the libressl build again
2c0c4dff0 unit1307: test many wildcards too
2a1b2b4ef curl_fnmatch: only allow 5 '*' sections in a single pattern
cb5accab9 ftp-wildcard: fix matching an empty string with "*[^a]"
25c40c9af SMB: fix numeric constant suffix and variable types
945df7410 CURLOPT_TCP_NODELAY.3: fix typo
8dd4edeb9 smtp/pop3/imap_get_message: decrease the data length too...
84fcaa2e7 openssl: enable SSLKEYLOGFILE support by default
e44ddfd47 mime: clone mime tree upon easy handle duplication.
2c821bba8 docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
a06311be2 test395: HTTP with overflow Content-Length value
67595e7d2 test394: verify abort of rubbish in Content-Length: value
ac17d7947 test393: verify --max-filesize with excessive Content-Length
f68e67271 HTTP: bail out on negative Content-Length: values
0616dfa1e configure.ac: append extra linker flags instead of prepending them.
650b9c1d6 RELEASE-NOTES: synced with
6fa10c8fa
6fa10c8fa setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
3b548ffde setopt: reintroduce non-static Curl_vsetopt() for OS400 support
fa3dbb9a1 http2: fix incorrect trailer buffer size
2a6dbb815 easy: fix connection ownership in curl_easy_pause
89f680473 system.h: Additionally check __LONG_MAX__ for defining curl_off_t
14d07be37 COPYING: it's 2018!
a8ce5efba progress: calculate transfer speed on milliseconds if possible
d4e40f069 scripts: allow all perl scripts to be run directly
e4f86025d mail-rcpt.d: fix short-text description
908a9a674 build: remove HAVE_LIMITS_H check
129390a51 openssl: fix memory leak of SSLKEYLOGFILE filename
272613df0 Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
481539e90 test1554: improve the error handling
593dcc553 test1554: add global initialization and cleanup
dc831260b curl_version_info.3: call the argument 'age'
58d7cd28a brotli: data at the end of content can be lost
a0f3eaf25 examples/cacertinmem: ignore cert-already-exists error
859ac3602 tool_getparam: Support size modifiers for --max-filesize
b399b0490 build: Fixed incorrect script termination from commit
ad1dc10e61
a9b774a77 Makefile.vc: Added our standard copyright header
22fddb85a winbuild: Added support for VC15
ad1dc10e6 build: Added Visual Studio 2017 project files
d409640d6 build-wolfssl.bat: Added support for VC15
a4e88317d build-openssl.bat: Added support for VC15
c97648b55 curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
b43755789 examples/rtsp: fix error handling macros
f009bbe1f curl_easy_reset: release mime-related data.
4acc9d3d1 content_encoding: rework zlib_inflate
e639d4ca4 brotli: allow compiling with version 0.6.0.
9c6a6be88 CURLOPT_READFUNCTION.3: refer to argument with correct name
02f207a76 rand: add a clang-analyzer work-around
13ce373a5 krb5: fix a potential access of uninitialized memory
41982b6ac conncache: fix a return code [regression]
5d0ba70e1 curl: support >256 bytes warning messsages
188a43a8f libssh: fix a syntax error in configure.ac
7ef0c2d86 examples/smtp-mail.c: use separate defines for options and mail
621b24505 THANKS: added missing names
cc0cca1ba mailmap: added/clarified several names
9d7a59c8f setopt: less *or equal* than INT_MAX/1000 should be fine
2437dbbf1 vtls: replaced getenv() with curl_getenv()
ef5633d4b RELEASE-NOTES: synced with
3b9ea70ee
3b9ea70ee TODO: Expose tried IP addresses that failed
48c184a60 curl.1: mention http:// and https:// as valid proxy prefixes
76db03dd9 curl.1: documented two missing valid exit codes
63e58b8b4 CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference
671f0b506 Revert "curl: don't set CURLOPT_INTERLEAVEDATA"
4b6f3cff7 tests: mark data files as non-executable in git
98c572ed3 tests: update .gitignore for libtests
e959f16c5 multi_done: prune DNS cache
06a0a26fb mailmap: fixup two old git Author "aliases"
7ab4e7adb openssl: Disable file buffering for Win32 SSLKEYLOGFILE
b1b94305d RESOLVE: output verbose text when trying to set a duplicate name
bbea75ad6 CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
a4a56ec93 sftp: allow quoted commands to use relative paths
9fb5a943f CURLOPT_PRIVATE.3: fix grammar
179ee78e8 curl: remove __EMX__ #ifdefs
9dfb19483 openssl: improve data-pending check for https proxy
9ffad8eb1 curl: don't set CURLOPT_INTERLEAVEDATA
912324024 curl.h: remove incorrect comment about ERRORBUFFER
ebaab4d17 configure: add AX_CODE_COVERAGE only if using gcc
b5881d1fb curl: limit -# update frequency for unknown total size
546e7db78 BINDINGS: another PostgreSQL client
55e609890 CONNECT: keep close connection flag in http_connect_state struct
c103cac3c include: get netinet/in.h before linux/tcp.h
00cda0f9b openldap: fix checksrc nits
ff07f07cc openldap: add commented out debug possibilities
bb0ca2d44 examples: move threaded-shared-conn.c to the "complicated" ones
4fb85b87b RELEASE-NOTES: synced with
b261c44e8
b261c44e8 URL: tolerate backslash after drive letter for FILE:
24dcd7466 tests: added netinet/in6.h includes in test servers
76ebd5417 configure: check for netinet/in6.h
0c65678e7 curl-config: add --ssl-backends
ea3a5d07d conncache: only allow multiplexing within same multi handle
415b8dff8 threaded-shared-conn.c: fixed typo in commenta
5254d8bf2 threaded-shared-conn.c: new example
07cb27c98 conncache: fix several lock issues
85f0133ea libssh: remove dead code in sftp_qoute
615edc1f7 sasl_getmesssage: make sure we have a long enough string to pass
440140946 libssh2: remove dead code from SSH_SFTP_QUOTE
6401ddad4 ssh-libssh.c: please checksrc
918530752 libssh: fixed dereference in statvfs access
8dad32bcf RESOURCES: update spec names
a08f5a77c libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS
8843c0939 libssh: no need to call sftp_get_error as ssh_get_error is sufficient
3cef6f22e libssh: fix minor static code analyzer nits
10bb0b471 openssl: pkcs12 is supported by boringssl
8eff32f0b travis: use pip2 instead of pip
b7f534597 lib582: do not verify host for SFTP
a2f396680 libssh: added SFTP support
c75c9d4fb symbols-in-versions: added new symbols with 7.56.3 version
05675ab5a .travis.yml: added build --with-libssh
38aef6dc4 libssh2: return CURLE_UPLOAD_FAILED on failure to upload
75427291e libssh2: send the correct CURLE error code on scp file not found
c92d2e14c Added support for libssh SSH SCP back-end
3973ee6a6 RELEASE-NOTES: synced with
af8cc7a69
af8cc7a69 curlver: towards 7.57.1
4b4142491 lib: don't export all symbols, just everything curl_*
9194a9959 SSL: Avoid magic allocation of SSL backend specific data
744ee5838 examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
270494e1a travis: add boringssl build
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
John Crispin [Sun, 28 Jan 2018 07:53:50 +0000 (08:53 +0100)]
Revert "netdevices.mk: add hwmon to IGB and IXGBE drivers"
This reverts commit
af707a178fa5f23dcf149da3e545958c0085500a.
Signed-off-by: John Crispin <john@phrozen.org>
John Crispin [Sun, 28 Jan 2018 07:51:11 +0000 (08:51 +0100)]
Revert "netdevices.mk: add missing dependency to kmod-hwmon-core"
This reverts commit
53f62bc5e5c36c1a08e162d8b26de7d831fc36e5.
commit made the builders fail with
"Package kmod-igb is missing dependencies for the following libraries: hwmon.ko"
Signed-off-by: John Crispin <john@phrozen.org>
Yousong Zhou [Sun, 28 Jan 2018 01:43:30 +0000 (09:43 +0800)]
procd: fix procd_lock() when prepare_roofs
This fixes the following errors when doing "make package/install"
/home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l
ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory
flock: 1000: Bad file descriptor
Fixes FS#1260
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Hauke Mehrtens [Sat, 27 Jan 2018 23:24:24 +0000 (00:24 +0100)]
netdevices.mk: add missing dependency to kmod-hwmon-core
The IGB and IXGBE drivers depend on kmod-hwmon core now.
Fixes:
af707a178fa5 ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 27 Jan 2018 21:51:59 +0000 (22:51 +0100)]
binutils: assertion failure bfd/elfxx-mips.c:3860
With forced PIE and SSP support I ran into this assertion failure.
backport two patches to fix this problem from the binutils 2.28 branch.
This fix is already included in binutils 2.28.1 and 2.29.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 27 Jan 2018 13:28:46 +0000 (14:28 +0100)]
toolchain: gcc: update 7.x to 7.3.0
This version still generates broken code in our setup for MIPS.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Julien Dusser [Sun, 7 Jan 2018 17:47:21 +0000 (18:47 +0100)]
build: cleanup SSP_SUPPORT configure option
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.
Musl no longer uses libssp (
1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.
No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit
933b588e25 but it was
reverted in
f3cacb9e84 without details.
Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Julien Dusser [Sun, 7 Jan 2018 16:41:35 +0000 (17:41 +0100)]
toolchain: add gcc configure default PIE and SSP
GCC supports starting version 5 --enable-default-ssp and starting version 6
--enable-default-pie.
It produces hardened binaries by default without dealing with package
compilation flags.
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Julien Dusser [Mon, 8 Jan 2018 22:47:06 +0000 (23:47 +0100)]
build: add hardened builds with PIE (ASLR) support
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Alexandru Ardelean [Wed, 17 Jan 2018 10:55:15 +0000 (12:55 +0200)]
kernel-headers: adjust PKG_ variables when using git clone method
When using an external git clone for the kernel repo,
the build would fail because the build won't download
[via git] the kernel tarball.
This is because the `toolchain/kernel-headers` assumes
that the kernel would get downloaded via normal HTTP.
The reason for this is the `HostBuild` rule, which
calls the `Download/default` rule.
To use the `Download/default` we just need to conditionally
adjust some PKG_ vars.
We can safely use `LINUX_VERSION` as it was already adjusted
in the `kernel-version.mk` to avoid collisions with other tarballs.
Fixes:
https://bugs.openwrt.org/index.php?do=details&task_id=503
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Mon, 15 Jan 2018 14:50:38 +0000 (16:50 +0200)]
kernel.mk: update LINUX_VERSION filename for cloned repo
In case there is an external git repo specified,
it could overwrite the kernel tarball that was
downloaded from kernel.org.
The only identifier for such a file is the
KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols,
so if we have to download it we'll use that
information [after some sanitization]
to create a different filename for the kernel tarball.
If KERNEL_GIT_REF symbol is empty, HEAD will be used
as mentioned in the description of KERNEL_GIT_REF.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean [Wed, 17 Jan 2018 12:05:57 +0000 (14:05 +0200)]
Config-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REF
The Download/git rule will do a `git checkout <git-ref>`.
So, we can use any ref we want.
No need to limit just to branches.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Stephan Brunner [Fri, 19 Jan 2018 13:03:46 +0000 (14:03 +0100)]
hostapd: add support for hostapd's radius_client_addr
Add support for hostapd's radius_client_addr in order to
force hostapd to send RADIUS packets from the correct source
interface rather than letting linux select the most appropriate.
Signed-off-by: Stephan Brunner <s.brunner@stephan-brunner.net>
Maxim Gorbachyov [Fri, 12 Jan 2018 17:54:41 +0000 (20:54 +0300)]
perf: use libunwind
Without libunwind perf does not show userspace stack frames.
Tested on mvebu.
Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
Maxim Gorbachyov [Fri, 12 Jan 2018 17:42:20 +0000 (20:42 +0300)]
libunwind: enable build for arm
Tested with perf on mvebu.
Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
Philip Prindeville [Wed, 24 Jan 2018 02:00:11 +0000 (19:00 -0700)]
netdevices.mk: add hwmon to IGB and IXGBE drivers
Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.
Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Tim Harvey [Tue, 23 Jan 2018 22:31:09 +0000 (14:31 -0800)]
kernel/modules/other: disable Nokia BT UART
disable the Nokia BT UART present on Nikia N9, N900 & N950 added in 4.12.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Evgeniy Didin [Wed, 24 Jan 2018 17:26:03 +0000 (20:26 +0300)]
toolchain/arc: update to the most recent release arc-2017.09
This commit finally bumps ARC tools to the most recent arc-2017.09 release version.
ARC GNU tools of version arc-2017.09 bring some quite significant changes like:
* Binutils v2.29 with additional ARC patches
* GCC 7.1.1 with additional ARC patches
More information on this release could be found here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2017.09-release
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: John Crispin <john@phrozen.org>
Evgeniy Didin [Wed, 24 Jan 2018 17:26:02 +0000 (20:26 +0300)]
uClibc-ng: update to 1.0.28
Lets update uClibc-ng to 1.0.28 version for compatibility with gcc 7.x.
Since 1.0.22 there were significant patches for compatibility with gcc 7.x:
https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=
5b0f49037e8ea8500b05c8f31ee88529ccac4cee
https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=
cee0b058fa0b4501b289a2da365182d60314d746
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: John Crispin <john@phrozen.org>
Matthias Schiffer [Fri, 26 Jan 2018 22:24:59 +0000 (23:24 +0100)]
mac80211: revert "wireless: set correct mandatory rate flags"
Revert upstream commit
1bd773c077de "wireless: set correct mandatory rate
flags", as it breaks 11s interoperability: nodes can only associate when
neither or both have this patch. As this is a regression from released
versions, revert to the old code for now.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Alexandru Ardelean [Wed, 24 Jan 2018 10:56:39 +0000 (12:56 +0200)]
rules.mk: drop `include_mk` build rule
The only users of this were the python packages
from the `packages` feed.
The 2 python interpreters would export some mk
files (e.g. python-package.mk) and then other
python packages would include it via this rule.
But there's a few things wrong with this approach,
most of them drawing from the fact that python host
needs to be built first, to export these mk files.
By now all uses of include_mk have been corrected
in the feeds and this can be removed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Yousong Zhou [Fri, 26 Jan 2018 10:13:21 +0000 (18:13 +0800)]
openssl: tell the build system that we are doing CROSS_COMPILE
So that it will not try to run c_rehash with the just built binaries on
certs/demo.
Fixes openwrt/packages#5432
Reported-by: Val Kulkov <val.kulkov@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Fri, 26 Jan 2018 06:40:25 +0000 (14:40 +0800)]
iptables: make kmod-ipt-debug part of default ALL build
The iptables TRACE target is only available in raw table that's why the
dependency was moved from iptables-mod-trace into kmod-ipt-debug
Fixes FS#1219
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Thu, 25 Jan 2018 01:40:33 +0000 (09:40 +0800)]
build: disable BUILD_PATENTED by default
This is mainly for legal considerations and not promoting the usage of
and no redistribution of binaries of patented technologies seems to be
also the established practice in other linux distros.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Kevin Darbyshire-Bryant [Thu, 25 Jan 2018 17:20:51 +0000 (17:20 +0000)]
wireguard: bump to
20180118
Bump to latest wireguard release snapshot:
9a93a3d version: bump snapshot
7bc0579 contrib: keygen-html: update curve25519 implementation
ffc13a3 tools: import new curve25519 implementations
0ae7356 curve25519: wire up new impls and remove donna
f90e36b curve25519: resolve symbol clash between fe types
505bc05 curve25519: import 64-bit hacl-star implementation
8c02050 curve25519: import 32-bit fiat-crypto implementation
96157fd curve25519: modularize implementation
4830fc7 poly1305: remove indirect calls
bfd1a5e tools: plug memleak in config error path
09bf49b external-tests: add python implementation
b4d5801 wg-quick: ifnames have max len of 15
6fcd86c socket: check for null socket before fishing out sport
ddb8270 global: year bump
399d766 receive: treat packet checking as irrelevant for timers
No patch refresh required.
Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Felix Fietkau [Thu, 25 Jan 2018 20:18:57 +0000 (21:18 +0100)]
Revert "mt76: update to the latest version"
This reverts commit
99eb128acaf76a69119fd2de8e194f2b2bbb0427.
Connectivity issues reported by users, needs rework
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 25 Jan 2018 15:49:14 +0000 (16:49 +0100)]
mt76: update to the latest version
2b7fae4 mt76: fix returnvar.cocci warnings
939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params()
cf59170 mt76x2: dfs: add set_domain handler
5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params()
f76e25f mt76x2: fix WMM parameter configuration
34d612d mt76: retry rx polling as long as there is budget left
0f8327a mt76x2: fix TSF value in probe responses
ad3f8e9 mt76: add an intermediate struct for rx status information
58a41f1 mt76: get station pointer by wcid and pass it to mac80211
b0508d3 mt76: implement A-MPDU rx reordering in the driver code
cf3cfc4 mt76: split mt76_rx_complete
461cdf9 mt76: pass the per-vif wcid to the core for multicast rx
9b2c778 mt76: validate rx CCMP PN
302af90 mt76x2: init: disable all pending tasklets during device removal
9f685fe mt7603: init: disable tbtt tasklet during device removal
c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames
3968dae mt7603: fix 40 mhz channel bandwidth reporting
9c2e03d mt7603: fix rx LDPC reporting
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Catrinel Catrinescu [Mon, 15 Jan 2018 15:45:16 +0000 (16:45 +0100)]
ar71xx: add ew-balin platform from Embedded Wireless
Add the Embedded Wireless "Balin" platform
SoC: QCA AR9344 or AR9350
RAM: DDR2-RAM 64MBytes
Flash: SPI-NOR 16MBytes
WLAN: 2 x 2 MIMO 2.4 & 5 GHz IEEE802.11 a/b/g/n
Ethernet: 3 x 10/100 Mb/s
USB: 1 x USB2.0 Host/Device bootstrap-pin at power-up
PCI-Express: 1 x lane PCIe 1.2
UART: 1 x Normal, 1 x High-Speed
JTAG: 1 x EJTAG
GPIO: 10 x Input/Output multiplexed
The module comes already with the current vanilla OpenWrt firmware.
To update, use "sysupgrade" image directly in vendor firmware.
Signed-off-by: Catrinel Catrinescu <cc@80211.de>
Matthias Schiffer [Tue, 23 Jan 2018 19:52:45 +0000 (20:52 +0100)]
ar71xx: add unaligned access hacks for VXLAN
Gives a ~5% performance gain.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Felix Fietkau [Wed, 24 Jan 2018 15:46:22 +0000 (16:46 +0100)]
musl: move BUILD_DIR_TOOLCHAIN/musl symlink to configure step
Avoids Build/Prepare quilt related hacks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 24 Jan 2018 15:43:28 +0000 (16:43 +0100)]
musl: allow autorebuild
Autorebuild is disabled for the toolchain to avoid build-order issues.
However, rebuilding musl is safe, so exclude it from that restriction.
Avoids the need for manual cleaning on kernel header <-> libc API
changes like the ones introduced recently
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 19 Jan 2018 17:34:10 +0000 (18:34 +0100)]
mac80211: mesh: drop frames appearing to be from us
Upstream backport to fix issues arising from devices with duplicate MAC
addresses
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Jackson Ming Hu [Mon, 8 Jan 2018 05:27:28 +0000 (13:27 +0800)]
ramips: add support for Widora Neo 32MB flash revision
Widora has updated their Widora Neo board recently.
The new model uses 32MB WSON-8 factor SPI flash
instead of the original 16MB SOP-8 factor SPI flash.
All the other hardware components are the same as
the first revision.
Detailed hardware specs listed below:
CPU: MTK MT7688AN
RAM: 128MB DDR2
ROM: 32MB WSON-8 factor SPI Flash (Winbond)
WiFi: Built-in 802.11n 150Mbps?
Ethernet: 10/100Mbps x1
Audio codec: WM8960
Other IO: USB OTG;
USB Power+Serial (CP2104);
3x LEDs (Power, LAN, WiFi);
2x Keys (WPS, CPU Reset)
1x Audio In/Out
1x IPEX antenna port
1x Micro SD slot
Signed-off-by: Jackson Ming Hu <huming2207@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Wed, 17 Jan 2018 07:14:41 +0000 (08:14 +0100)]
ramips: add flash size postfix to Widora neo
Rename the Widora neo by adding a flash size prefix. Move the common parts
into a dtsi to be prepare everything for upcomming support of the 32MB
version.
Migrate the Widora neo to the generic board detection as well.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Hans Dedecker [Tue, 23 Jan 2018 20:58:10 +0000 (21:58 +0100)]
kernel: generic: add 4.9 config option
When CGROUPS is enabled the new option CONFIG_CGROUP_NET_CLASSID is
selectable and not handled.
Add this option to the 4.9 kernel configuration.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Matthias Schiffer [Wed, 24 Jan 2018 12:51:45 +0000 (13:51 +0100)]
vxlan: add options to enable and disable UDP checksums
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Wed, 24 Jan 2018 12:50:50 +0000 (13:50 +0100)]
netifd: update to latest git HEAD
af3cadb system-linux: VXLAN: add options to enable and disable UDP checksums
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Rosen Penev [Sun, 21 Jan 2018 03:56:33 +0000 (19:56 -0800)]
ramips: Fix GB-PC1 cpuclock again
The intended frequency is 900 MHz, not 90.
Fixes:
7059ab48a6d5 ("ramips: fix cpuclock for the GB-PC1")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Daniel Golle [Wed, 24 Jan 2018 00:20:41 +0000 (01:20 +0100)]
ar71xx: fix MikroTik rb-nor-flash-16M-ac image
commit
e15c63a375
ar71xx: add support for MikroTik RouterBOARD wAP G-5HacT2HnD (wAP AC)
changed the existing rb-nor-flash-16M-ac image in a way that it would
now only support the rb-wapg-5hact2hnd.
The board show however rather be added to the existing boards in the
rb-nor-flash-16M image template.
Reported-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hans Dedecker [Tue, 23 Jan 2018 10:37:37 +0000 (11:37 +0100)]
procd: update to latest git HEAD
653629f trace: check asprintf() return value
67eb7e6 trace: add missing limits.h include
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Daniel Golle [Tue, 23 Jan 2018 01:46:36 +0000 (02:46 +0100)]
ramips: add support for ZBT-WE1226
MT7628NN (580MHz), 8MB SPI NOR, 64MB DDR2 RAM
Everything except for the switch LEDs works great.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hauke Mehrtens [Thu, 28 Dec 2017 18:36:08 +0000 (19:36 +0100)]
sunxi: Orange Pi R1: configure USB Ethernet controller.
Now the USB port is the WAN port.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Thu, 28 Dec 2017 18:34:47 +0000 (19:34 +0100)]
sunxi: Orange Pi R1: Fix USB Ethernet and activate SPI
The USB Ethernet is not working with the patches proposed for upstream,
fix this and activate the SPI node as this board always has a SPI flash.
Both patches are also targeted for upstream kernel 4.16 and 4.17.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 10 Dec 2017 19:56:56 +0000 (20:56 +0100)]
sunxi: use upstream patch for Orange Pi R1
Instead of using our own device tree definitions use the one provided in
the upstream kernel for 4.16.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 10 Dec 2017 19:56:31 +0000 (20:56 +0100)]
sunxi: backport stmmac network patches
Ethernet support was initial added in kernel 4.13, but deactivated
before the final release. This is backports the changes which are
activating it again from kernel 4.15.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 10 Dec 2017 17:42:44 +0000 (18:42 +0100)]
sunxi: Add support for kernel 4.14
This is based on the code for kernel 4.9, but a lot of 4.9 patches are
backports from more recent kernel version and can be removed now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 16 Dec 2017 22:47:28 +0000 (23:47 +0100)]
sunxi: refresh kernel configuration
Just refresh the sunxi kernel configuration.
This also moves the CONFIG_CRYPTO_DEV_SUN4I_SS_PRNG option to the
config-4.9 file.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Jo-Philipp Wich [Mon, 22 Jan 2018 12:41:16 +0000 (13:41 +0100)]
Revert "kernel: add IEEE-1284 parallel port support"
This reverts commit
666e9cf2220b11ccd024cad13ad54ca71d40c5b3.
The change has not been build-tested on non-x86 targets and leads to
stalled kernel builds due to unset configuration symbols there.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
John Crispin [Mon, 22 Jan 2018 11:53:34 +0000 (12:53 +0100)]
procd: update to latest git HEAD
846e20c procd: add timing to start/stop logging
Signed-off-by: John Crispin <john@phrozen.org>
Gabor Juhos [Thu, 18 Jan 2018 12:50:32 +0000 (13:50 +0100)]
ar71xx: add support for the MikroTik RB911-2Hn/5Hn boards
The patch adds support for the MikroTik RB911-2Hn (911 Lite2)
and the RB911-5Hn (911 Lite5) boards:
https://mikrotik.com/product/RB911-2Hn
https://mikrotik.com/product/RB911-5Hn
The two boards are using the same hardware design, the only difference
between the two is the supported wireless band.
Specifications:
* SoC: Atheros AR9344 (600MHz)
* RAM: 64MiB
* Storage: 16 MiB SPI NOR flash
* Ethernet: 1x100M (Passive PoE in)
* Wireless: AR9344 built-in wireless MAC, single chain
802.11b/g/n (911-2Hn) or 802.11a/g/n (911-5Hn)
Notes:
* Older versions of these boards might be equipped with a NAND
flash chip instead of the SPI NOR device. Those boards are not
supported (yet).
* The MikroTik RB911-5HnD (911 Lite5 Dual) board also uses the
same hardware. Support for that can be added later with little
effort probably.
Installation:
1. Setup a DHCP/BOOTP Server with the following parameters:
* DHCP-Option 66 (TFTP server name): pointing to a local TFTP
server within the same subnet of the DHCP range
* DHCP-Option 67 (Bootfile-Name): matching the initramfs filename
of the to be booted image. The usable intramfs files are:
- openwrt-ar71xx-mikrotik-vmlinux-initramfs.elf
- openwrt-ar71xx-mikrotik-vmlinux-initramfs-lzma.elf
- openwrt-ar71xx-mikrotik-rb-nor-flash-16M-initramfs-kernel.bin
2. Press the reset button on the board and keep that pressed.
3. Connect the board to your local network via its ethernet port.
4. Release the button after the LEDs on the board are turned off.
Now the board should load and start the initramfs image from
the TFTP server.
5. Upload the sysupgrade image to the board with scp:
$ scp openwrt-ar71xx-mikrotik-rb-nor-flash-16M-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/fw.bin
5. Log in to the running system listening on 192.168.1.1 via ssh
as root (without password):
$ ssh root@192.168.1.1
7. Flash the uploaded firmware file from the ssh session via the
sysupgrade command:
root@OpenWrt:~# sysupgrade /tmp/fw.bin
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
Gabor Juhos [Thu, 18 Jan 2018 12:50:31 +0000 (13:50 +0100)]
ar71xx: make leds-gpio usable with single-ended GPIOs
Add patches for the leds-gpio driver to make it usable with
open-drain and open-source kind of GPIO lines.
This type of functionality is required by various MikroTik boards.
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
Gabor Juhos [Thu, 18 Jan 2018 12:50:30 +0000 (13:50 +0100)]
ar71xx: mach-rbspi: return rb_info from rbspi_platform_setup
Modify the rbspi_platform_setup() function to return the pointer of the
rb_info structure. This allows board specific setup routines to access
the various fields of the information. It is useful for investigating
the hardware option bits for example.
Also update the board setup codes, to ensure that those handle the new
return value correctly.
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
Gabor Juhos [Thu, 18 Jan 2018 12:50:29 +0000 (13:50 +0100)]
ar71xx: add definitions for RouterBOARD hardware option bits
Add bit definitions for the 'hardware options' tag which is used in
the MikroTik devices' hardware configurations. These values can be
used in board setup codes, to do different initialization sequences.
The values were obtained from the RouterOS 6.41-rc38 patches.
Additionally, introduce two helper functions what make the processing
of the hardware options easy.
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
Koen Vandeputte [Fri, 19 Jan 2018 10:31:52 +0000 (11:31 +0100)]
uqmi: silence error on pin verification
If a device only supports the 2nd verification method (uim),
the first method will fail as expected reporting an error:
"Command not supported"
Silence both separate methods and only report an error regarding
pin verification if both fail.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Daniel Gimpelevich [Thu, 18 Jan 2018 11:52:12 +0000 (03:52 -0800)]
kernel: add IEEE-1284 parallel port support
The kmod-lp package included both lp.ko and ppdev.ko, but ECP device
drivers may or may not require lp NOT to be loaded, needing only ppdev.
Additionally, There were no packages for any parport interface modules,
such as uss720 or parport_pc, provided here. It has not been otherwise
possible to use PC-style parport hardware for kmod-lp.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Hauke Mehrtens [Sat, 20 Jan 2018 22:36:05 +0000 (23:36 +0100)]
pistachio: make patches apply again
Support for Winbond NAND flash detection was added into the generic
patches and this conflicted with this patch adding Gigadevice support.
Fixes:
02050f7e7d5b ("kernel/4.{4, 9}: add manufacturer ID for Winbond NANDs")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 20 Jan 2018 22:21:52 +0000 (23:21 +0100)]
ipq806x: make patches apply again
Some part of this patch was added to the generic patches as it was
needed also for some other target. Do not add it here any more.
Fixes:
02050f7e7d5b ("kernel/4.{4, 9}: add manufacturer ID for Winbond NANDs")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 20 Jan 2018 21:44:40 +0000 (22:44 +0100)]
x86: Add CONFIG_RETPOLINE to fix build
This adds support for the new configuration option CONFIG_RETPOLINE and
refreshes the configuration.
Fixes:
d8565a06dc ("kernel: bump 4.9 to 4.9.77")
Fixes:
9ddfac8015 ("kernel: bump 4.14 to 4.14.14")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 3 Jun 2017 10:59:55 +0000 (12:59 +0200)]
kernel: use upstream patches for musl
This replaces the current patches used to make the kernel headers
compatible with musl with the version which was accepted upstream. This
is included in upstream kernel 4.15.
This was compile tested with iproute2 build on all supported kernel
versions with musl and one one with glibc.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Fri, 19 Jan 2018 22:59:30 +0000 (23:59 +0100)]
ubus: fix PKG_MIRROR_HASH
Fixes:
dd975d15a71f ("ubus: fix wrong PKG_SOURCE_DATE")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Philip Prindeville [Wed, 20 Dec 2017 17:22:52 +0000 (10:22 -0700)]
nftables: update to 0.8.1
Note this requires libnftnl-1.0.8 or higher, so that update needs
to be merged first.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Wed, 20 Dec 2017 22:06:02 +0000 (15:06 -0700)]
libnftnl: update to 1.0.9
Also, drop unsupported configure options.
Don't use git retrieve but released tarball instead.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Hauke Mehrtens [Sat, 20 Jan 2018 19:14:47 +0000 (20:14 +0100)]
kernel: backport fix for nftables on big Endian
nftables 0.8.1 generates some new commands which will not work without
this on big endian systems. This patch is included in Linux 4.11 and
later.
My rule matching a TCP port was not working:
nft add rule ip foo bar ct state new tcp dport 22 accept
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hannu Nyman [Fri, 19 Jan 2018 16:55:28 +0000 (18:55 +0200)]
tools/tar: update to 1.30
update GNU tar to 1.30
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Kevin Darbyshire-Bryant [Thu, 18 Jan 2018 15:01:19 +0000 (15:01 +0000)]
kernel: bump 4.4 to 4.4.112
Refresh patches.
Remove upstreamed patches:
target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
CVEs completely or partially addressed:
CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-
1000410
Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Thu, 18 Jan 2018 13:51:13 +0000 (13:51 +0000)]
kernel: bump 4.9 to 4.9.77
Refresh patches.
Remove upstreamed patches:
target/linux/generic/backport-4.9/023-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/backport-4.9/023-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
CVEs completely or partially addressed:
CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-
1000410
Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Kevin Darbyshire-Bryant [Thu, 18 Jan 2018 14:13:53 +0000 (14:13 +0000)]
kernel: bump 4.14 to 4.14.14
Refresh patches.
CVEs completely or partially addressed:
CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-
1000410
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Gabor Juhos [Thu, 18 Jan 2018 21:13:09 +0000 (22:13 +0100)]
kernel/4.{4, 9}: add manufacturer ID for Winbond NANDs
Some MikroTik devices are using a Winbond NAND flash. Linux treats
it as an unknown NAND before version 4.11:
nand: device found, Manufacturer ID: 0xef, Chip ID: 0xf1
nand: Unknown NAND 128MiB 3,3V 8-bit
nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
Backport a patch from 4.11 to show the manufacturer correctly:
nand: device found, Manufacturer ID: 0xef, Chip ID: 0xf1
nand: Winbond NAND 128MiB 3,3V 8-bit
nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
Tested on a MikroTik R951Ui-2HnD board.
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
Kevin Darbyshire-Bryant [Sat, 20 Jan 2018 08:46:28 +0000 (08:46 +0000)]
dnsmasq: backport validation fix in dnssec security fix
A DNSSEC validation error was introduced in the fix for CVE-2017-15107
Backport the upstream fix to the fix (a simple typo)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Fri, 19 Jan 2018 17:16:08 +0000 (17:16 +0000)]
dnsmasq: backport dnssec security fix
CVE-2017-15107
An interesting problem has turned up in DNSSEC validation. It turns out
that NSEC records expanded from wildcards are allowed, so a domain can
include an NSEC record for *.example.org and an actual query reply could
expand that to anything in example.org and still have it signed by the
signature for the wildcard. So, for example
!.example.org NSEC zz.example.org
is fine.
The problem is that most implementers (your author included, but also
the Google public DNS people, powerdns and Unbound) then took that
record to prove the nothing exists between !.example.org and
zz.example.org, whereas in fact it only provides that proof between
*.example.org and zz.example.org.
This gives an attacker a way to prove that anything between
!.example.org and *.example.org doesn't exists, when it may well do so.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Christian Lamparter [Thu, 18 Jan 2018 12:26:08 +0000 (13:26 +0100)]
ipq806x: remove merged ipq4019 patch
The patch 0022-dts-ipq4019-support-ARMv7-PMU.patch
was merged into 4.8-rc1.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[refresh patches]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Christian Lamparter [Wed, 17 Jan 2018 22:38:50 +0000 (23:38 +0100)]
ipq806x: remove dependency on non-existent kmod
During the integration of the ipq40xx target,
the phy drivers were included into the ipq806x's
target kernel config.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian Lamparter [Wed, 17 Jan 2018 22:38:49 +0000 (23:38 +0100)]
ipq-wifi: align AVM FRITZ!Box 4040's board-2.bin package
This patch renames the AVM FRITZ!Box 4040's board-2.bin
file and package to match the 'vendor_product' format.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian Lamparter [Wed, 17 Jan 2018 22:38:48 +0000 (23:38 +0100)]
ipq806x: overhaul AVM FRITZ!box 4040 device-tree file
This patch aligns the device-tree file with the latest
guidelines.
- No longer include qcom-ipq4019-ap.dk01.1.dtsi. This
file is only partially upstream and therefore subjected
to changes that might not be compatible with the board.
As a result, the definitions from the file have been
copied into this dts.
- exclusively use decimal GPIO addresses.
- reorganize the reserved-memory layout to waste less
memory. There's no point in keeping the u-boot loader
around. This should also make it possible to create
an image that will boot with the original EVA/ADAM2 loader
without needing to install the modified u-boot loader.
And finally mark the "tz-apps" as reusable.
There isn't a way to upload apps to the trust-zone in OpenWrt
yet. But it might see some use in the future as a "secure"
key-store/TPM.
- sort the first-level nodes alphabetically.
- sort nodes with an address by the address.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian Lamparter [Thu, 21 Dec 2017 18:13:04 +0000 (19:13 +0100)]
firmware: ath10k-firmware: update QCA988x firmware to 10.2.4-1.0-00033
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA988x.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian Lamparter [Thu, 21 Dec 2017 18:13:03 +0000 (19:13 +0100)]
firmware: ath10k-firmware: update QCA9887 firmware to 10.2.4-1.0-00033
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA9887.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian Lamparter [Thu, 21 Dec 2017 18:13:02 +0000 (19:13 +0100)]
firmware: ath10k-firmware: update QCA9888 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9888.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian Lamparter [Thu, 21 Dec 2017 18:13:01 +0000 (19:13 +0100)]
firmware: ath10k-firmware: update QCA9984 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9984.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian Lamparter [Thu, 21 Dec 2017 18:13:00 +0000 (19:13 +0100)]
firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA4019.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian Lamparter [Thu, 21 Dec 2017 18:12:59 +0000 (19:12 +0100)]
firmware: ath10k-firmware: update to 2017-12-20
This update automatically includes a new firmware for the QCA6174:
firmware-6.bin_WLAN.RM.4.4.1-00079-QCARMSWPZ-1
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Hans Dedecker [Tue, 16 Jan 2018 14:59:03 +0000 (15:59 +0100)]
odhcp6c: add sendopts config support and update to latest git HEAD
Add sendopts config support allowing to add options in sent DHCPv6 packets.
Options can be configured as follows :
uci set network.wan6.sendopts="sntpservers:3001:3001::1,3001:3001::2 11:
00000000000000000000006674692F 0x3e8:ABCDEF"
Based on a patch by Frank Andrieu <fandrieu@gmail.com>
See https://git.openwrt.org/?p=project/odhcp6c.git;a=commit;h=
510aaf6d528210c5e8a6159f9b80b32615e88c5f
for a more detailed description.
Latest git changes :
1f93bd4 dhcpv6: rework option passthrough logic
a477e95 odhcp6c: rework userclass and vendorclass command handling
510aaf6 odhcp6c: add -x opt:val support
ab75be1 treewide: update copyrights to 2018
f3a4609 odhcp6c: let odhcp6c_add_state return a success/failure indication
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Serg Studzinskii [Sun, 24 Dec 2017 16:00:13 +0000 (18:00 +0200)]
ramips: tl-wr840n-v5: increase firmware partition for 4Mmtk layot
According to console log during TP-Link TL-WR840N v5 OEM firmware update
procedure 0x3e0000-0x3f0000 64kB "config" partition, which is used to store
router's configuration settings, is erased and recreated again during every
OEM firmware update procedure, thus does not contain any valuable factory data.
So it is conviniant to use this extra 64kB erase block for jffs overlay due
limited flash size on this device like it used on TP-Link's ar71xx boards.
Signed-off-by: Serg Studzinskii <serguzhg@gmail.com>
Hannu Nyman [Wed, 17 Jan 2018 19:06:19 +0000 (21:06 +0200)]
tools/mpfr: update to 4.0.0
Update mpfr to 4.0.0
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>