aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* build: move mktplinkfw2 related commands to image-commands.mkPiotr Dymacz2017-06-293-29/+34
| | | | | | | | | There are already two targets (lantiq, ramips) which use mktplinkfw2 tool for creating images. This de-duplicates code, introduces two new build commands: tplink-v2-header, tplink-v2-image and makes use of them in place of old, (sub)target specific ones. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* build: rename TPLINK_BOARD_NAME to TPLINK_BOARD_IDPiotr Dymacz2017-06-293-17/+17
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* firmware-utils: mktplinkfw2: support additional hardware versionPiotr Dymacz2017-06-291-6/+20
| | | | | | | | | | | | | | | | | | As it turned out, some of new MediaTek based TP-Link devices use value from field at 0x3c offset in version 3 of TP-Link header to specify "Additional Hardware Version". Value from this field is validated during regular (GUI) firmware upgrade on devices like TL-WR840N v4 or TL-WR841N v13. If it's zero (based on some tests, it seems that firmware will accept anything != 0), errors like below are printed on console and upgrade fails: [ rsl_sys_updateFirmware ] 2137: Firmware Additional HardwareVersion check failed [ rdp_updateFirmware ] 345: perror:4506 Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: fix switch port mapping for TP-Link TL-WR74xN/D seriesPiotr Dymacz2017-06-291-1/+1
| | | | | | Fixes FS#843 Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: add support for TP-Link Archer C58 v1Henryk Heisig2017-06-2916-7/+155
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TP-Link Archer C58 v1 is a dual-band AC1350 router, based on Qualcomm QCA9561 + QCA9886. It looks like Archer C59 v1 without USB port. Specification: - 775/650/258 MHz (CPU/DDR/AHB) - 64 MB of RAM (DDR2) - 8 MB of FLASH (SPI NOR) - 3T3R 2.4 GHz - 2T2R 5 GHz - 5x 10/100 Mbps Ethernet - 6x LED, 3x button - UART header on PCB, RX, TX at TP4+5 (backside) QCA9886 wlan needs pre_cal_data file and enable ieee80211 phy hotplug to patch macaddress. Flash instruction: Use "factory" image directly in vendor GUI. Recovery method: 1. Set PC to fixed ip address 192.168.0.66/24. 2. Download "lede-ar71xx-generic-archer-c58-v1-squashfs-factory.bin" and rename it to "tp_recovery.bin". 3. Start a tftp server with the file "tp_recovery.bin" in its root directory. 4. Turn off the router. 5. Press and hold Reset button. 6. Turn on router with the reset button pressed and wait ~15 seconds. 7. Release the reset button and after a short time the firmware should be transferred from the tftp server. 8. Wait ~30 second to complete recovery. Flash instruction under U-Boot, using UART: tftp 0x81000000 lede-ar71xx-...-sysupgrade.bin erase 0x9f020000 +$filesize cp.b $fileaddr 0x9f020000 $filesize reset This commit is based on GitHub PR#1112 Signed-off-by: Henryk Heisig <hyniu@o2.pl>
* firmware-utils: tplink-safeloader: add support for Archer C5 v2 JP/USJean-Pierre St-Yves2017-06-291-3/+3
| | | | | | Add support for Japan and US versions of TP-Link Archer C5 v2 Signed-off-by: Jean-Pierre St-Yves <jpstyves@gmail.com>
* firmware-utils: tplink-safeloader: add support for Archer C59/C60 RUHenryk Heisig2017-06-291-0/+3
| | | | | | Add support for Russian version of TP-Link Archer C59/C60 v1 Signed-off-by: Henryk Heisig <hyniu@o2.pl>
* ar71xx: add support for TP-Link TL-WA855RE v1Federico Cappon2017-06-2913-6/+114
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TP-Link TL-WA855RE v1 is a wall-plug N300 Wi-Fi range extender, based on Qualcomm/Atheros QCA9533 v2. Short specification: - 550/397/198 MHz (CPU/DDR/AHB) - 1x 10/100 Mbps Ethernet - 32 MB of RAM (DDR1) - 4 MB of FLASH - 2T2R 2.4 GHz - 2x external antennas - 2x LED (green and orange in the same package), 2x button - UART: TP5(TX) and TP4(RX) test points on PCB Flash instruction: use "factory" image directly in vendor GUI. Warning: this device does not include any kind of recovery mechanism in the bootloader and disassembling process is not trivial. You can access vendor firmware over serial line using: - login: root - password: sohoadmin Image was tested only in EU version of the device, but should work also with the same device version sold in other countries. Signed-off-by: Federico Cappon <dududede371@gmail.com>
* ar71xx: fix EnGenius ENS202EXT mtd definitionPiotr Dymacz2017-06-291-4/+4
| | | | | | | | | | | | | | Use statically defined sizes for kernel and rootfs mtd partitions. Vendor upgrade script writes both firmware parts independently which ends up in a gap between kernel and rootfs images. This results in incorrectly calculated rootfs_data start offset. Also, fix IMAGE_SIZE, DEVICE_PACKAGES and drop redundant KERNEL definition. Fixes FS#835 Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* uboot-envtools: add Arduino Yun supportCamille Bilodeau2017-06-291-0/+1
| | | | Signed-off-by: Camille Bilodeau <camille.bilodeau@protonmail.com>
* ar71xx: move Arduino Yun to generic building codeCamille Bilodeau2017-06-293-8/+10
| | | | | | | | | | | | | | | | | | Migrate Arduino Yun from legacy to generic building code. Note: the mtd partitioning is changed to adopt the LEDE default partitioning. It allows to have a kernel bigger than 1280k. It is necessary as kernel > 4.4 with default LEDE configuration grows bigger. To use the new partitioning, you need to update your U-Boot env in advance: setenv mtdparts "spi0.0:256k(u-boot)ro,64k(u-boot-env),15936k(firmware),64k(nvram),64k(art)ro" setenv bootcmd "run addboard; run addtty; run addparts; run addrootfs; bootm 0x9f050000 || bootm 0x9fea0000" saveenv Signed-off-by: Camille Bilodeau <camille.bilodeau@protonmail.com>
* ar71xx: remove Arduino Yun 8 MiB prototypeCamille Bilodeau2017-06-292-8/+0
| | | | | | | | | The Arduino Yun has 16 MiB flash. Early prototype boards with 8 MiB were not available for sell: https://blog.arduino.cc/2013/08/21/updating-about-arduino-yun-and-arduino-robot/ Signed-off-by: Camille Bilodeau <camille.bilodeau@protonmail.com>
* ar71xx: wpj344: set MAC on wanLeon M. George2017-06-291-0/+3
| | | | Signed-off-by: Leon M. George <leon@georgemail.eu>
* ar71xx: wpj344: remove unused eth1 deviceLeon M. George2017-06-291-8/+0
| | | | Signed-off-by: Leon M. George <leon@georgemail.eu>
* ar71xx: wpj344: read MAC addresses from u-boot mtdLeon M. George2017-06-291-4/+5
| | | | | | | This way, the assigned addresses match those on the barcode labels. Otherwise, the addresses appear to vary on boot. Signed-off-by: Leon M. George <leon@georgemail.eu>
* dhcpv6: add missing dollar sign in dhcpv6 script (FS#874)Hans Dedecker2017-06-292-2/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kernel: cleanup CONFIG_SCHED_HRTICKStijn Tintel2017-06-2946-46/+0
| | | | | | | Remove CONFIG_SCHED_HRTICK from target configs, as it was added to the generic config in b47fd7656336162360ebf66147326763ddae3f8d. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* armvirt: rename config-default to config-4.9Stijn Tintel2017-06-291-0/+0
| | | | | | | | The kernel configs for all targets should have the version in the filename, for clearness and consistency across all targets. It is also expected by the update_kernel.sh script. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dnsmasq: backport patch fixing DNS failover (FS#841)Hans Dedecker2017-06-281-0/+31
| | | | | | | Backport upstream dnsmasq patch fixing DNS failover when first servers returns REFUSED in strict mode; fixes issue FS#841. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kernel: backport usbport LED trigger driver support for DTRafał Miłecki2017-06-282-0/+212
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* dropbear: add option to set max auth triesStijn Tintel2017-06-282-2/+4
| | | | | | | Add a uci option to set the new max auth tries paramater in dropbear. Set the default to 3, as 10 seems excessive. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dropbear: server support option '-T' max auth triesKevin Darbyshire-Bryant2017-06-282-2/+132
| | | | | | | | | | | | Add support for '-T n' for a run-time specification for maximum number of authentication attempts where 'n' is between 1 and compile time option MAX_AUTH_TRIES. A default number of tries can be specified at compile time using 'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for backwards compatibility. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* hostapd: configure NAS ID regardless of encryptionYury Shvedov2017-06-281-3/+3
| | | | | | | | | | | RADIUS protocol could be used not only for authentication but for accounting too. Accounting could be configured for any type of networks. However there is no way to configure NAS Identifier for non-WPA networks without this patch. Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com> [cleanup commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: add acct_interval optionYury Shvedov2017-06-281-2/+5
| | | | | | | | Make an ability to configure Accounting-Interim-Interval via UCI Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com> [add hostapd prefix, cleanup commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* mxs: drop 4.4 supportMichael Heimpold2017-06-276-1231/+0
| | | | Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* mxs: add support for 4.9 and switch overMichael Heimpold2017-06-273-1/+348
| | | | | | | | | | | | | | | | | | | | I did not port the regulator and power patches from Stefan Wahren because I talked to him and he told me that work on this is currently stalled. And since AFAIK nothing depends on these patches, leaving them out seems reasonable. I build minimum default configurations and run-tested them on both I2SE Duckbill devices and Olimex Olinuxino Maxi boards successfully [1]. [1] Tested: - debug uart is working - boot without any obvious kernel problem - network is coming up and data transfer is possible - Olinuxino: USB detects a plugged-in pen drive Signed-off-by: Michael Heimpold <mhei@heimpold.de> [refreshed config and patches] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: disable various symbols for v4.9Michael Heimpold2017-06-271-0/+4
| | | | | | | In preparation for bumping mxs target to 4.9, disable a bunch of configuration symbols that provoked config prompts. Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* ath10k-firmware: add qca9888 firmwareJohn Crispin2017-06-271-0/+19
| | | | | | | | | ath10k-firmware: add qca9888 firmware the firmware files for qca9888 were previously not packaged. add the meta information for doing so. Signed-off-by: John Crispin <john@phrozen.org>
* kernel: update kernel 4.4 to 4.4.74Stijn Tintel2017-06-2722-54/+54
| | | | | | | | Refresh patches. Compile-tested on ar71xx. Runtime-tested on ar71xx. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: update kernel 4.9 to 4.9.34Koen Vandeputte2017-06-2722-42/+42
| | | | | | | | | | | | - Refreshed all patches - Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch) Compile tested on: brcm2708, cns3xxx, imx6 Run tested on: brcm2708, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [Compile and run tested on brcm2708] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: use .patch extension for all patchesStijn Tintel2017-06-272-0/+0
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* firmware-utils: fix dgn3500sum compiler warningsMathias Kresin2017-06-262-4/+3
| | | | | | | | | | | The sum variable need to be initialised, otherwise it will points to random stack memory and a bogus image checksum might be calculated. While at it, fix the segfault in case the product region code isn't specified and enable compiler warnings which had revealed all the code issues. Signed-off-by: Mathias Kresin <dev@kresin.me>
* dnsmasq: backport tweak ICMP ping logic for DHCPv4Hans Dedecker2017-06-262-1/+26
| | | | | | | | | | Don't start ping-check of address in DHCP discover if there already exists a lease for the address. It has been reported under some circumstances android and netbooted windows devices can reply to ICMP pings if they have a lease and thus block the allocation of the IP address the device already has during boot. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: support term_timeout parameterJo-Philipp Wich2017-06-262-2/+2
| | | | | | | | | Expose "term_timeout" parameter in procd.sh to allow init scripts to request a longer termination timeout. This is required to fix FS#859 in a later commit. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: assign /dev/tty* nodes to "tty" groupJo-Philipp Wich2017-06-262-1/+5
| | | | | | | | Adjust default permissions and ownership of /dev/tty* nodes from 0600/root:root to 0660/root:tty in order to support granting unprivileged user access when needed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: add "tty" user groupJo-Philipp Wich2017-06-261-0/+1
| | | | | | | | This is needed for an upcoming change to the hotplug default rules which will cause /dev/tty* nodes to get assigned to the "tty" group in order to support unprivileged user access when needed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: update to 2.4.3Magnus Kroken2017-06-265-13/+14
| | | | | | | | | | | | | | | | | | | | Fixes for security and other issues. See security announcement for more details: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 * Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508) * Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520) * Potential double-free in --x509-alt-username (CVE-2017-7521) * Remote-triggerable memory leaks (CVE-2017-7512) * Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522) * Null-pointer dereference in establish_http_proxy_passthru() * Restrict --x509-alt-username extension types * Fix potential 1-byte overread in TCP option parsing * Fix mbedtls fingerprint calculation * openssl: fix overflow check for long --tls-cipher option * Ensure option array p[] is always NULL-terminated * Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to 2.5.1Magnus Kroken2017-06-262-27/+27
| | | | | | | | | | | | | | | Fixes some security issues (no remote exploits), and introduces some changes. See release notes for details: https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read() * Adds exponent blinding to RSA private operations * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()) * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification. * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes. * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* ar71xx/images/senao: fix reproducible issue using tarAlexander Couzens2017-06-251-0/+1
| | | | | | | | Use deterministic sorting Use numeric owner/group Set uid/gid to 0 Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* ar71xx/image: make tar calls reproducibleAlexander Couzens2017-06-252-3/+11
| | | | | | | | Use --mtime when SOURCE_DATE_EPOCH is set. Use gzip -n9z instead of tar z to remove timestamp in gzip header. Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* apm821xx: MR24: fix ethernet phy detection on the MR24Christian Lamparter2017-06-243-5/+116
| | | | | | | | | | | | | | | | | | | | | | | | | | To mitigate this problem, the original message has been wrapped automatically by the mailing list software. This patch fixes a problem where the AR8035 PHY can't be detected on the Cisco Meraki MR24, when the ethernet cable is not connected during boot. Russell Senior reported: |This appears to be a problem during probing of the AR8035 |phy chip. When ethernet has no link, the phy detection fails, |and eth0 is not created. Plugging ethernet later has no effect, |because there is no interface as far as the kernel is |concerned. The relevant part of the boot log looks like this: | |[ 0.876611] /plb/opb/emac-rgmii@ef601500: input 0 in RGMII mode |[ 0.882532] /plb/opb/ethernet@ef600c00: reset timeout |[ 0.888546] /plb/opb/ethernet@ef600c00: can't find PHY! (<https://bugs.lede-project.org/index.php?do=details&task_id=687>) Fixes FS#687 Cc: Chris Blake <chrisrblake93@gmail.com> Reported-by: Russell Senior <russell@personaltelco.net> Fixes: 23fbb5a87c56e98 ("emac: Fix EMAC soft reset on 460EX/GT") Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
* treewide: add license tagsFlorian Eckert2017-06-2410-0/+16
| | | | | | Add licence tags where missing. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* ramips: add MT7603E driver to AFoundry EW1200Mathias Kresin2017-06-241-1/+1
| | | | | | Add the MT7603E driver for the 2.4GHz wireless. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ar71xx: add AVM FRITZ!WLAN Repeater 300E supportMathias Kresin2017-06-2415-0/+215
| | | | | | | | | | | | | | | | | | | | | | Specifications: * SoC: AR7242 (Virian 400MHz) * RAM: 64 MB DDR (W9751G6JB-25) * Flash: 16MB SPI flash (S25FL129PIF) * WiFi: AR9382 (2.4/5GHz) + 2x SE2595L * LAN: 1x1000M (PEF7071V) To install LEDE via EVA bootloader, a FTP connection need to be established to 192.168.178.1 within the first seconds after power on: ftp> quote USER adam2 ftp> quote PASS adam2 ftp> binary ftp> debug ftp> passive ftp> quote MEDIA FLSH ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1 Signed-off-by: Mathias Kresin <dev@kresin.me>
* ar71xx: add AR724x PCIe init fixesMathias Kresin2017-06-248-33/+175
| | | | | | | | | | | | Add upstream send AR724x PCIe patches to get the PCIe controller out of reset during driver init. The AVM Fritz 300E bootloader doesn't take care of releasing the different PCIe controller related resets which causes an endless hang as soon as either the PCIE Reset register (0x180f0018) or the PCI Application Control register (0x180f0000) is read from. Signed-off-by: Mathias Kresin <dev@kresin.me>
* build: move lzma2eva build step to image-commands.mkMathias Kresin2017-06-242-3/+9
| | | | | | | Move it to image-commands.mk so that it can used by other targets with eva based boards as well. Signed-off-by: Mathias Kresin <dev@kresin.me>
* kernel: move Lantiq PEF7061/7071/7072 phy driver to genericMathias Kresin2017-06-2415-19/+19
| | | | | | | | | The driver is used for boards outside the lantiq target as well. Move it to generic to make it available for more targets. The phy driver is included in kernel 4.8 as INTEL_XWAY_PHY. Signed-off-by: Mathias Kresin <dev@kresin.me>
* fritz_tffs_read: get tffs size from input fileMathias Kresin2017-06-241-3/+7
| | | | | | | | | | Use the size of the input file as maximum tffs size instead of a fixed value. The tffs on a AVM Fritz 300E can be up to 512KByte for example. Fixes a read error for the AVM Fritz 3370 where the tffs partition size is 64Kbyte and smaller than the former default value of 256KByte. Signed-off-by: Mathias Kresin <dev@kresin.me>
* libreadline: add host-buildDaniel Golle2017-06-242-0/+2
| | | | | | Also make sure that the PKG_NAME and folder name are equal. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* valgrind: bump to 3.13.0Luiz Angelo Daros de Luca2017-06-243-49/+4
| | | | Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>