aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* base-files: don't setup network in preinit if failsafe is disabledRafał Miłecki2017-08-091-1/+4
| | | | | | | | | | | | With failsafe disabled there is no point in early network setup. We don't send announcement over UDP and there is no way to ssh to the device. A side effect of this is avoiding a possibly incorrect network config (only with failsafe disabled). This problem is related to possible changes made by user in /etc/config/network. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* dnsmasq: backport remove ping check of configured dhcp addressHans Dedecker2017-08-082-1/+29
| | | | | | | Remove ping check in DHCPDISCOVER case as too many buggy clients leave an interface in configured state causing the ping check to fail. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: update to the latest git HEADHans Dedecker2017-08-081-3/+3
| | | | | | 66be6a2 watchdog: fix inline watchdog_get_magicclose function prototype Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: ArcherC50v1: fix wlan2g MAC addressThibaut VARENE2017-08-061-0/+2
| | | | | | | | | | By default the wlan eprom contains the generic ralink MAC which is not the vendor (TP-Link) one. Based on OFW bootlog, it appears that addresses are decremented from the ethernet MAC. This patch fixes the MAC address for wlan2g in line with OFW. Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
* ramips: fix Omnima MiniEMBWiFi imageMathias Kresin2017-08-021-0/+1
| | | | | | | Reference the Omnima MiniEMBWiFi device tree source file in the image build code. Otherwise the dts of the image processed before is used. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: build HuaWei HG255D imageMathias Kresin2017-08-021-0/+7
| | | | | | | The code to build an image was disabled some time ago for unknown reasons albeit the image looks fine. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: add missing partitionsMathias Kresin2017-08-022-9/+57
| | | | | | The partitions were lost during migration to device tree. Signed-off-by: Mathias Kresin <dev@kresin.me>
* procd: update to latest git HEADJohn Crispin2017-08-011-3/+3
| | | | | | 3e68cdf procd: Do not leak pipe file descriptors to children Signed-off-by: John Crispin <john@phrozen.org>
* ralink: fix rcu_sched stalls on mt7621John Crispin2017-08-011-0/+98
| | | | | | | | | | there were 2 bugs *) core1 came up with a bad bogo mips, looks like the clock needed time to stabilize *) HPT frequency was not set making r4k timers not come up properly Backport of 9551d91b1d6 "ralink: fix rcu_sched stalls on mt7621". Signed-off-by: John Crispin <john@phrozen.org>
* ramips: Archer C50v1: fix power ledThibaut VARENE2017-07-292-1/+1
| | | | | | | | | | 01_leds had a workaround for the power led to compensate for the inverted GPIO state. This patch was missing from my previous commit. Signed-off-by: Thibaut VARENE <hacks@slashdirt.org> [add the power led default-state which was omitted in the last commit by me] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: Archer C50v1: fix switch port numberingThibaut VARENE2017-07-291-1/+4
| | | | | | | | Luci shows switch ports in wrong order on that device. This patch fixes switch port numbering and matches them to the device silkscreen. Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
* ramips: Archer C50v1: fix LEDs active levelsThibaut VARENE2017-07-291-2/+2
| | | | | | | | | | All LEDs GPIOs are active low on this device. WAN and POWER states were inverted. Add default state for power. Tested on Archer C50v1. Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
* ramips: fix Mercury MAC1200R v2.0 board nameMathias Kresin2017-07-292-1/+2
| | | | | | | | | | | | With d2b6bf141662 ("ramips: fix image validation errors") the board name was changed to fix an image validation error. But this change wasn't applied to all other files using the board name, which broke sysupgrade. Revert this change and use the former board name in the metadata instead. Signed-off-by: Mathias Kresin <dev@kresin.me>
* brcm63xx: add NULL clock fix send upstreamMathias Kresin2017-07-295-5/+53
| | | | | | | | | | Make the behaviour of clk_get_rate consistent with common clk's clk_get_rate by accepting NULL clocks as parameter. Some device drivers rely on this, and will cause an OOPS otherwise. Fixes: FS#735 Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: add NULL clock fix send upstreamMathias Kresin2017-07-291-0/+43
| | | | | | | | | | Make the behaviour of clk_get_rate consistent with common clk's clk_get_rate by accepting NULL clocks as parameter. Some device drivers rely on this, and will cause an OOPS otherwise. Fixes: FS#735 Signed-off-by: Mathias Kresin <dev@kresin.me>
* ar7: add NULL clock fix send upstreamMathias Kresin2017-07-292-0/+90
| | | | | | | | Make the behaviour of clk_get_rate consistent with common clk's clk_get_rate by accepting NULL clocks as parameter. Some device drivers rely on this, and will cause an OOPS otherwise. Signed-off-by: Mathias Kresin <dev@kresin.me>
* curl: fix CVE-2017-7407 and CVE-2017-7468Hauke Mehrtens2017-07-283-1/+430
| | | | | | | | This fixes the following security problems: * CVE-2017-7407: https://curl.haxx.se/docs/adv_20170403.html * CVE-2017-7468: https://curl.haxx.se/docs/adv_20170419.html Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update kernel 4.4 to version 4.4.79Hauke Mehrtens2017-07-2863-935/+112
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ramips: DIR-860L-B1 fix switch port numberingThibaut VARENE2017-07-251-1/+4
| | | | | | | | Luci shows switch ports in inverted order on that device. This patch fixes switch port numbering and matches them to the device silkscreen. Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
* kernel: netfilter: fix nf-nathelper(-extra) descriptionUwe Arnold2017-07-251-2/+2
| | | | | | | | | The tftp and irc netfilter modules are provided by nf-nathelper-extra and not by nf-nathelper. Signed-off-by: Uwe Arnold <donvipre@gmail.com> [move the irc module as well] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: fix wps button gpio for DWR-512Giuseppe Lippolis2017-07-251-1/+1
| | | | | | The WPS button is at GPIO#7. Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
* ramips: DTS: VoCore2 improvements/fixesPaul Wassi2017-07-251-22/+3
| | | | | | | | | | | The VoCore2 features 128MB of RAM, therefore set memory in DTS to 128*1024*1024 = 0x8000000 The board's LED is connected to GND, set it to ACTIVE_HIGH here. Make serial console working again on kernel 4.9 by change of pinmux configuration. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* ar71xx: fix switch port mapping for TP-Link TL-WR74xN/D seriesPiotr Dymacz2017-07-231-1/+1
| | | | | | | | | Backport of ad8c315: "ar71xx: fix switch port mapping for TP-Link TL-WR74xN/D series". Fixes FS#843 Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* uboot-envtools: add support for ALFA Network AP121FPiotr Dymacz2017-07-231-0/+1
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: add support for ALFA Network AP121FPiotr Dymacz2017-07-2313-0/+143
| | | | | | | | | | | | | | | | | | | | | | | | | | | ALFA Network AP121F is a pocket-size router dedicated for VPN/TOR users. Device is based on Atheros AR9331 WiSoC and is running a custom version (updated from OpenWrt CC to LEDE 17.01 release) of NetAidKit firmware. Specification: - 400/400/200 MHz (CPU/DDR/AHB) - 64 MB of RAM (DDR1) - 16 MB of FLASH (SPI NOR) - 1x 10/100 Mbps Ethernet - 1T1R 2.4 GHz - 1x microSD (optional, on separate PCB) - 3x LED, 1x button, 1x switch - UART header on PCB Flash instruction (under U-Boot web recovery mode): 1. Configure PC with static IP 192.168.1.2/24. 2. Connect PC with RJ45 port, press the reset button, power up device, wait for first blink of all LEDs (indicates network setup), then keep button for 3 following blinks and release it. 3. Open 192.168.1.1 address in your browser and upload sysupgrade image. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* image: fix ar71xx legacy imagesMathias Kresin2017-07-141-0/+1
| | | | | | | | | | | | | | | | | | If TARGET_PER_DEVICE_ROOTFS and DEVICE_PACKAGES are used for ar71xx legacy images: - an already jffs2 padded squashfs rootfs is overwritten with an unpadded/raw one. - the squashfs-raw and squashfs-64k rootfs are not replaced by the ones including the DEVICE_PACKAGES Call Image/Build/squashfs after the DEVICE_PACKAGES are added to the base squashfs rootfs to fix the issues. Fixes: FS#904 Signed-off-by: Mathias Kresin <dev@kresin.me>
* imx6: fix DualLite/Solo GW551X board detectionMathias Kresin2017-07-141-1/+1
| | | | | | The model name is a different one in the device tree source file. Signed-off-by: Mathias Kresin <dev@kresin.me>
* procd: backport kernel watchdog start/stop supportHans Dedecker2017-07-131-3/+3
| | | | | | 4dbf57a watchdog: add support for starting/stopping kernel watchdog Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* x86: add missing kernel config symbols to Geode targetJo-Philipp Wich2017-07-131-0/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* x86: enable ACPI support for the Geode subtargetJo-Philipp Wich2017-07-121-3/+60
| | | | | | | | Backport of 9b940fe "x86: enable ACPI support for the Geode subtarget". Fixes FS#577. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: backport patch fixing DNS failover (FS#841)Hans Dedecker2017-07-121-0/+31
| | | | | | | Backport upstream dnsmasq patch fixing DNS failover when first servers returns REFUSED in strict mode; fixes issue FS#841. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ar71xx: set US region code for TP-Link TL-WR710N v1 imageMatthias Schiffer2017-07-121-0/+1
| | | | | | | Non-US versions of the TP-Link TL-WR710N v1 don't have a region code so far, so we can just set US unconditionally. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* fstools: backport fixes from master branchDaniel Golle2017-07-112-60/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following changes are backported from the master branch bdcb075 libfstools: fix matching device name (f038a61 on master) ef2d438 fstools: use -Wno-format-truncation instead of -Wno-error=format-truncation (c43ae11 on master) d361923 build: disable the format-truncation warning error to fix gcc 7 build errors (a19f2b3 on master) cddc830 libfstools: silence mkfs.{ext4,f2fs} (88d48d5 on master) be5004c libfstools: add basic documentation of mount functions (92b4c2c on master) 34d36c2 add missing includes (7d78836 on master) A previously added hotfix was replaced by a git commit, hence the patch file is removed and we got instead 45c2a6f libfstools: fix multiple volume_identify usages with the same volume (633a8d0 on master) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mtd-utils: use source package name for lzo in PKG_BUILD_DEPENDSMatthias Schiffer2017-07-081-1/+1
| | | | | | PKG_BUILD_DEPENDS should always refer to source package names. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* ramips: fix Xiaomi MiWiFi Nano firmware partition sizeMathias Kresin2017-07-081-1/+1
| | | | | | | | | | Even the commit message of the patch adding support for the MiWiFi Nano says that a 16 MB flash chip is used. Extend the firmware partition to make use of all available flash space. Fixes: FS#622 Signed-off-by: Mathias Kresin <dev@kresin.me>
* build: fix kmod package build on non-GNU systemsFelix Fietkau2017-07-051-1/+1
| | | | | | | BSD paste requires a filename argument, and it accepts - to use stdin as intended. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ar71xx: Fix UBIFS work on Mikrotik RB95x devicesSergey Sergeev2017-07-051-0/+2
| | | | | | | | If nand chip has no NAND_NO_SUBPAGE_WRITE flag on its options ubifs can't use it mtd devices and the kernel crashes with error: __nand_correct_data: uncorrectable ECC error Signed-off-by: Sergey Sergeev <adron@yapic.net>
* lantiq: use img file extension for DGN3500 factory imagesMathias Kresin2017-07-041-5/+5
| | | | | | | | The Netgear UI in basic mode refuses the upgrade file if the the fileextension is not img. The expert/advanced mode accepts any fileextension. Use img to make it work in any case. Signed-off-by: Mathias Kresin <dev@kresin.me>
* dnsmasq: backport tweak ICMP ping logic for DHCPv4Hans Dedecker2017-07-012-1/+26
| | | | | | | | | | Don't start ping-check of address in DHCP discover if there already exists a lease for the address. It has been reported under some circumstances android and netbooted windows devices can reply to ICMP pings if they have a lease and thus block the allocation of the IP address the device already has during boot. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dhcpv6: add missing dollar sign in dhcpv6 script (FS#874)Hans Dedecker2017-06-292-2/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: backport fixes from master branchDaniel Golle2017-06-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following commits have been cherry-picked into the lede-17.01 branch of procd, listed here in git-log-order ie. with head first: 89918c8 system: introduce new attribute board_name (79bbe6d and 453116e on master branch) 8297c38 preinit: define _GNU_SOURCE (e5b963a on master branch) 8fd57dd upgraded: cmake: Find and include uloop.h (e5ff8ca on master branch) 6b0da20 hotplug: fix a memory leak in handle_button_complete() (f367ec6 on master branch) 558ffb5 service/service_stopped(): fix a use-after-free (796ba3b on master branch) 22f89e1 upgraded: define __GNU_SOURCE (e7bb2c8 on master branch) 6e8ea8b rcS: add missing fcntl.h include (992b796 on master branch) cd5225d procd/rcS: Use /dev/null as stdin (d42b21e on master branch) 5131bec procd: Log initscript output prefixed with script name (1247db1 on master branch) 225b18d procd: Don't use syslog before its initialization (8d720b2 on master branch) 889442c procd: Add missing \n in debug message (2555474 on master branch) 2716228 procd: service gets deleted when its last instance is freed (8f218f5 on master branch) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* kernel: update kernel 4.4 to 4.4.74Stijn Tintel2017-06-2711-31/+31
| | | | | | | | Refresh patches. Compile-tested on ar71xx, octeon. Runtime-tested on ar71xx, octeon. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ipq806x: fixup thermal patchesStijn Tintel2017-06-273-249/+5
| | | | | | | Fix conflict with thermal patches added in c03d4317a6bc891cb4a5e89cbdd77f37c23aff86. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* base-files: fix PKG_CONFIG_DEPENDS to include version.mk entriesRafał Miłecki2017-06-261-1/+2
| | | | | | | | Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for VERSION_SED command. We should keep these configs to make sure package gets refreshed when needed. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: include wpad-mini only on devices with (supported) wirelessRafał Miłecki2017-06-262-13/+15
| | | | | | | Don't include wpad-mini when it's useless just like we don't include useless wireless drivers. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* firmware-utils: fix dgn3500sum compiler warningsMathias Kresin2017-06-262-4/+3
| | | | | | | | | | | The sum variable need to be initialised, otherwise it will points to random stack memory and a bogus image checksum might be calculated. While at it, fix the segfault in case the product region code isn't specified and enable compiler warnings which had revealed all the code issues. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ca-certificates: Update to version 20161130+nmu1Christian Schoenebeck2017-06-261-3/+3
| | | | Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* openvpn: update to 2.4.3Magnus Kroken2017-06-265-13/+14
| | | | | | | | | | | | | | | | | | | | Fixes for security and other issues. See security announcement for more details: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 * Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508) * Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520) * Potential double-free in --x509-alt-username (CVE-2017-7521) * Remote-triggerable memory leaks (CVE-2017-7512) * Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522) * Null-pointer dereference in establish_http_proxy_passthru() * Restrict --x509-alt-username extension types * Fix potential 1-byte overread in TCP option parsing * Fix mbedtls fingerprint calculation * openssl: fix overflow check for long --tls-cipher option * Ensure option array p[] is always NULL-terminated * Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to 2.5.1Magnus Kroken2017-06-262-27/+27
| | | | | | | | | | | | | | | Fixes some security issues (no remote exploits), and introduces some changes. See release notes for details: https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read() * Adds exponent blinding to RSA private operations * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()) * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification. * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes. * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* bcm53xx: enable Northstar thermal driverRafał Miłecki2017-06-221-0/+5
| | | | | | | It allows monitoring CPU temp and will shutdown system on critical value. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>