aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* util-linux: fix build with uclibcHauke Mehrtens2017-05-241-0/+24
| | | | | | | | | | Fix build of scriptreplay with uClibc. Some parts of the libm detection were backported to 2.29.2, but some parts were missing, which are added here. This patch is needed when libm is a separate library, this is not needed for LEDE master, because libm is there integrated in the libc for uClibc and musl. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* dropbear: bump to 2017.75Kevin Darbyshire-Bryant2017-05-242-17/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Security: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys A user could symlink their ~/.ssh/authorized_keys to a root-owned file they couldn't normally read. If they managed to get that file to contain valid authorized_keys with command= options it might be possible to read other contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 Refresh patches, rework 100-pubkey_path.patch to work with new authorized_keys validation. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* samba: fix CVE-2017-7494Stijn Tintel2017-05-242-4/+33
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 3f0d3d12da77d8833a725f99f6fa08640678a1ae)
* umdns: update to the version 2017-05-22Rafał Miłecki2017-05-221-3/+3
| | | | | | | | | | | | | | | | | This includes following changes: 0e8b948 Support specifying instance name in JSON file 49fdb9f Support PTR queries for a specific service 26ce7dc Allow filtering with instance name in service_reply 920c62a Store instance name in the struct service ff09d9a Rename service_name function to the service_instance_name 64f78f1 Rename mdns_hostname variable to the umdns_host_label Previous package update pulled commit 70c66fbbcde86 ("Fix sending replies to PTR questions") which introduced a regression which this update fixes. Fixes: 474c31a20d834 ("umdns: update to the version 2017-03-21") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: add support for TP-LINK Archer C5 V2Rafał Miłecki2017-05-223-2/+36
| | | | | | | | This model also contains few partitions non-discoverable partitions we need to "protect". Othen than that it uses non-deprecated serial entry in DTS that doesn't work with LEDE so we need to workaround it as well. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* firmware-utils: tplink-safeloader: add support for Archer C5 V2Rafał Miłecki2017-05-221-0/+34
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* fstools: backport regression fix for volume_identifyRafał Miłecki2017-05-222-0/+57
| | | | | | | This fixes regression when volume_identify didn't identify volume on subsequent calls. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* imagebuilder: fix bundling of DTS sourcesJo-Philipp Wich2017-05-161-2/+3
| | | | | | | | | | | | | | | Refer to LINUX_KARCH instead of ARCH when bundling DTS files in the image builder tarball. While we're at it, also dereference symbolic links when copying as some kernel architectures contain symbolic links in their DTS directories. This fixes aarch64 imagebuilders such as brcm2708/bcm2710 ones in particular as the kernel refers to "aarch64" as "arm64" internally. Ref: https://forum.lede-project.org/t/lede-image-builder-problem/3680 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* image.mk: Generate cpiogz with root-owned filesMichal Sojka2017-05-161-1/+1
| | | | | | | | | Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio option to ensure that. Other image types (at least targz and squashfs) already have this. Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
* ramips: add om-watchdog to rut5xx DEVICE_PACKAGESSteffen Weinreich2017-05-151-0/+1
| | | | | | Add om-watchdog as default package for rut5xx. Signed-off-by: Steffen Weinreich <steve@weinreich.org>
* om-watchdog: add support for Teltonika RUT5xx (ramips)Steffen Weinreich2017-05-152-1/+10
| | | | | | | | | | | Add rut5xx GPIO PIN selection to om-package startup script. Testet on a RUT500 device, the timeout value of the hardware watchdog is about 280 sec. Signed-off-by: Steffen Weinreich <steve@weinreich.org> [split into two commits, bump PKG_RELEASE] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* om-watchdog: cosmetic code style fixesPiotr Dymacz2017-05-151-31/+31
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* om-watchdog: cleanup MakefilePiotr Dymacz2017-05-151-8/+0
| | | | | | Drop redundant Build/Prepare, empty lines and duplicated Build/Compile. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: enable nand-utils in the mikrotik subtarget to ensure it makes it to ↵Felix Fietkau2017-05-122-2/+4
| | | | | | | | initramfs Without it, sysupgrade from initramfs to nand fails Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: update to v2.4.2Jo-Philipp Wich2017-05-121-2/+2
| | | | | | | | | | | | | Update to version 2.4.2 in order to address two potential Denial-of-Service vectors in OpenVPN. CVE-2017-7478 - Don't assert out on receiving too-large control packets CVE-2017-7479 - Drop packets instead of assert out if packet id rolls over Ref: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.2 Ref: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: add myself as maintainerFelix Fietkau2017-05-121-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* OpenVPN: Update to 2.4.1Daniel Engberg2017-05-124-20/+12
| | | | | | | | | Update OpenVPN to 2.4.1 Remove 200-small_build_enable_occ.patch as it's included upstream. Refresh patches Add mirror and switch to HTTPS Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* openvpn: add extra respawn parametersMartin Schiller2017-05-121-0/+3
| | | | | | | | | | | | | | | This change protects the openvpn instances to be marked as "in a crash loop" and thereby the connection retries will run infinitely. When the remote site of an openvpn connection goes down for some time (network failure etc.) the openvpn instance in an openwrt/lede device should not stop retrying to establish the connection. With the current limit of 5 retries, there is a user interaction required, which isn't really what you want when the device should simply do everything to keep the vpn connection up. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* openvpn: move list of params and bools to a separate fileYousong Zhou2017-05-123-30/+205
| | | | | | | So that future patches for addition/removal of them can be more readable Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* ramips: fixup-mac-address: add missing includeJo-Philipp Wich2017-05-111-0/+1
| | | | | | | | | Add missing include of ramips.sh in order to import the missing ramips_board_name() procedure. Fixes FS#774. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: support dhcp_option config as a listHans Dedecker2017-05-091-4/+22
| | | | | | | | | | Configuring dhcp_option as an option does not allow the usage of white spaces in the option value; fix this by supporting dhcp_option as a list config while still supporting the option config to maintain backwards compatibility Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* bcm53xx: backport DT patches for serial, thermal and MDIORafał Miłecki2017-05-095-1/+288
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ramips: add factory firmware for Tp-Link C20i/C50Henryk Heisig2017-05-051-0/+4
| | | | | | TP-Link firmware doesn't accept sysupgrade.bin with metadata. Signed-off-by: Henryk Heisig <hyniu@o2.pl>
* brcm63xx: fix invalid Asmax AR 1004g DTS referenceMarcin Jurkowski2017-05-051-1/+1
| | | | | | | Build profile for Asmax AR 1004g refers to an invalid DTS "rg100a". The correct DTS for this device is "ar1004g". Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* lantiq: fix avm fritz box mac addressesMathias Kresin2017-05-055-9/+17
| | | | | | | | | It has been shown that the Fritz boxes have the correct mac address set in the wireless calibration data/eeeprom. Use this mac address as base for the ethernet and xdsl interface increment/decrement the address to match the values stored in the tffs. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: enable ramdisk for mt7621Paul Spooren2017-05-041-1/+1
| | | | | | Fixes #758 Signed-off-by: Paul Spooren <paul@spooren.de>
* ipq806x: fix EA8500 switch configurationJo-Philipp Wich2017-05-031-1/+1
| | | | | | | | | Do not assign the CPU port twice, this confuses LuCI and possible other programs relying on topology information in board.json. Ref: https://github.com/openwrt/luci/issues/1086 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: implement ucidef_set_hostname(), ucidef_set_ntpserver()Jo-Philipp Wich2017-05-031-0/+20
| | | | | | | | | | | | | | Commit 2036ae4 (base-files: support hostname and ntp servers through board.d) was supposed to implement these procedures but lacked the required changes to uci-defaults.sh. Add the missing procedures now to fix config generation on targets relying on hostname or NTP server presetting. Fixes FS#754. Reported-by: Cristian Morales Vega <cristian@samknows.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mac80211: rt2800: fix mt7620 E2 channel registersTomislav Požega2017-05-021-0/+41
| | | | | | | | update RF register 47 and 54 values according to vendor driver Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org> [daniel@makrotopia.org: moved changes into a separate patch]
* mac80211: rt2800: fix mt7620 vco calibration registersTomislav Požega2017-05-021-0/+50
| | | | | | | | | | Use register values from init LNA function instead of the ones from restore LNA function. Apply register values based on rx path configuration. Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org> [daniel@makrotopia.org: moved changes into a separate patch]
* mac80211: rt2x00: fix MT7620 LNA gain and VCO-after-ALCDaniel Golle2017-05-022-0/+88
| | | | | | | This should fix issues with bad RX as well as AP not coming up and/or scanning failing. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mac80211: rt2x00: import upstream changes and rebase our patchesDaniel Golle2017-05-0249-189/+1676
| | | | | | | | Some of our local patches have been accepted upstream. And there are some more relevant changes (mostly for rt2800usb). Import them and rebase our remaining local patches on top. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rt2x00: mt7620: make fixes requested upstreamDaniel Golle2017-05-021-170/+674
| | | | | | | | Introduce RT6352 instead of matching against RF7620. Clean up channel setting rfvals. Port bandwidth filter calibration. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rt2x00: mt7620: yet another beauty sessionDaniel Golle2017-05-021-171/+524
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So here is another round of improvements for MT7620 WiFi. This commit fixes a few significant issues related to TX_PWR_CFG_x and TX_ALC and also makes the code more readable by adding register descriptions for things added for MT7620 and use the usual bit-field access macros and the now defined macros instead of plain bit-ops and magic numbers. Properly describe EEPROM_TARGET_POWER at word 0x68 (== byte 0xD0) and thereby fix internal TXALC which would otherwise just read out-of-bounds of the EEPROM map. Split-out tx-power/ALC related stuff into an additional function. Fix VCO calibration, it was carried out properly in the channel switching but incomplete in the actual VCO calibration function. Also there is no need to trigger VCO calibration in channel switching, the VCO calibration function is already being called at this point. Remove it from channel switching function to avoid redundant code. The TX power calibration differs significantly from all other Mediatek/Ralink chips: They finally allow 0.5dB steps stored as 8-bit values for (almost) each bitrate -- and promptly ran out of space and for some reason didn't want to change the EEPROM layout. The hence opted for a scheme of sharing values for some adjecent bitrates and a highly over-complicated (or obfuscated?) way to populate the TX_PWR_CFG_x registers with the values stored in the EEPROM. The code here now looks much less complicated than what you see in the vendor's driver, however, it does the exact same thing: bGpwrdeltaMinus is a constant and always TRUE, hence half of the code was dead. Gpwrdelta is always 0 (rather than using the value read from the EEPROM). What remains is some very grotesque effort to avoid 0x20, probably some hardware bug related to some misunderstanding of what a singed 8-bit value is (imagine: if it was a signed 6-bit value then someone could believe that 0x20 == 0x0). And then they didn't clean it up once they later on anandonned that whole story of having a constant offset for 40 MHz channels and just set the offset to be constant 0 -- there is no effort for avoiding 0x20 for the 20 MHz values stored in the EEPROM, hence that's probably just a forbidden value in the EEPROM specs and won't appear anyway... Anyway, the whole thing felt like solving some college math test where in the end everything cancels out and the result equals 0 ;) To make sure that channel bandwidth power compensation really doesn't need to be taken care of, output a warning when the corresponding value stored in the EEPROM is non-zero. Also there is no apparent reason to refrain from initializing RFCSR register 13, it doesn't fail what-so-ever. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mac80211: add rt2x00 debug symbols to PKG_CONFIG_DEPENDSJonas Gorski2017-05-021-0/+2
| | | | | | | Chaning these symbols require a recompilation of the modules, so make the system aware of it. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* ath9k: fix power limits on initFelix Fietkau2017-05-021-0/+47
| | | | | | | | | | | | | | | The tx power applied by set_txpower is limited by the CTL (conformance test limit) entries in the EEPROM. These can change based on the user configured regulatory domain. Depending on the EEPROM data this can cause the tx power to become too limited, if the original regdomain CTLs impose lowr limits than the CTLs of the user configured regdomain. To fix this issue, set the initial channel limits without any CTL restrictions and only apply the CTL at run time when setting the channel and the real tx power. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ath: do not apply broken power limits with ATH_USER_REGDFelix Fietkau2017-05-023-12/+44
| | | | | | | | | If a device uses the default EEPROM code, typically only the main CTLs are valid, and they do not apply properly when switching to a different regulatory domain. If the regdomain deviates from the EEPROM one, force the world roaming regdomain to ensure that power limits are sane Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcpd: update to version 2017-04-28 (FS#595)Hans Dedecker2017-05-021-3/+3
| | | | | | | | | | 9268ca6 ndp: don't trigger IPv6 ping when neighbor entry is invalid 2b3355f ndp: fix adding proxy neighbor entries 7dff5b4 ndp: fix wrong interface name in syslog message a54afb5 dhcpv6-ia: Fix segfault when writing DHCPv4 leases in state file c0e9dbf ubus: don't segfault when there're no leases Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to version 2017-04-21Hans Dedecker2017-05-021-3/+3
| | | | | | | 570069d ubus: rework dumping IPv6 and IPv4 leases 4e579c4 dhcpv6-ia: simplify logic to write statefile and dhcpv6 logging Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* build: fix symlinked .config handlingSergey Ryazanov2017-05-021-1/+1
| | | | | | | | | | | | | | | | | | When running "make menuconfig" with symlinked .config (e.g. to env/.config) it renames symlink to .config.old, creates new .config file and writes updated configuration here. This breaks the desired workflow when changes in the configuration could be checked using "scripts/env diff" and commited with "scripts/env save". Since the env/.config file is not updated. Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces mconf to overwrite the .config content, instead of renaming it and creating a new file. This variable is set only if .config is a symlink, otherwise the variable is not exported and the old behaviour is preserved. Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
* ramips: WN3000RPv3: do not setup switchThibaut VARENE2017-04-281-1/+0
| | | | | | | | | The WN3000RPv3 is a repeater with a single ethernet port. Setting up the switch, even to disable it, is unnecessary and possibly confusing. Configure LAN as eth0 instead. Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
* brcm63xx: Add Observa VH4032N supportDaniel Gonzalez Cabanelas2017-04-287-0/+193
| | | | | | | | | | | | | Add support for the Observa Telecom VH4032N router. This is another BCM6368 router, 128 MB RAM, 32MB flash and 3 USB host ports. The wifi chip is an onboard Broadcom BCM43222. Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com> [jonas.gorski: use gpio-hog instead of abusing ephy-reset] Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* cns3xxx: use proper macro's for ID handlingKoen Vandeputte2017-04-281-3/+3
| | | | | | Compiled & tested on cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ramips: add support for Sanlinking D240Kristian Evensen2017-04-287-0/+175
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Sanlinking Technologies D240 (http://www.sanlinking.com/en/29-dual-4g-wifi-router.html) is basically the same device as the ZBT WE826, so adding support for it in LEDE is straight forward. The differences is that the D240 has two mini-PCIe slots (instead of one), blue LEDs and supports PoE. Specification: * CPU: MT7620A * 1x 10/100Mbps POE (802.3af/802.3at) Ethernet, 4x 10/100Mbps. * 16 MB Flash. * 128 MB RAM. * 1x USB 2.0 port. * 2x mini-PCIe slots. * 2x SIM slots. * 1x 2.4Ghz WIFI. * 1x button. Wifi, USB, switch and both mini-PCIe slots are working. I have not been able to test the SD card reader. The device comes pre-installed with an older version of OpenWRT, including Luci. In order to install LEDE, you need to follow the existing procedure for updating OpenWRT/LEDE using Luci. I.e., you need to access the UI and update the firmware using the sysupgrade-image. Remember to select that you do not want to keep existing settings. The default router address is 192.168.10.1 and username/password admin/root (at least on my devices). If you brick the device, the procedure for recovery is the same as for the WE826. Please see the wiki page for that device for instructions. Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
* ar71xx: select ATH79_NVRAM only by boards actually use itPiotr Dymacz2017-04-281-4/+5
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ramips: fix Sercomm NA930 compatible stringMathias Kresin2017-04-281-1/+1
| | | | | | | The Sercomm NA930 is not a mt7620a evaluation board and shouldn't use the eval board compatible string. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: remove Planex CS-QR10 sound device tree nodeMathias Kresin2017-04-281-11/+0
| | | | | | | | The comptible string is neither added by any LEDE patch nor exists in in the kernel. Drop the sound node which was obviously added accidentally with 9195d8da ("ramips: DTS rework"). Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: cleanup SPI flash device tree properties usageMathias Kresin2017-04-28110-116/+6
| | | | | | | | | Use only the jedec,spi-nor compatible string. Everything else either never worked or is only support to keep compatibility. Remove the linux,modalias property. It is obsolete since kernel 4.4. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: remove DT pcie nodes for GL-MT300A/NFelix Fietkau2017-04-282-26/+0
| | | | | | These devices don't have a secondary wifi chip Signed-off-by: Felix Fietkau <nbd@nbd.name>
* rpcd: Explicitly link with lcryptFlorian Fainelli2017-04-281-0/+2
| | | | | | | | | | | Fixes build issues with some toolchains that don't add lcrypt in the default search paths: CMakeFiles/rpcd.dir/session.c.o: In function `rpc_login_test_password': build_dir/target-mipsel-linux-gnu/rpcd-2016-12-03-0577cfc1/session.c:823: undefined reference to `crypt' collect2: error: ld returned 1 exit status Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>