aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* kernel: bump 4.9 to 4.9.57Kevin Darbyshire-Bryant2017-10-1822-236/+252
| | | | | | | | | | | | | | | | Refresh patches. Compile-tested for ar71xx - Archer C7 v2 Runtime-tested on ar71xx - Archer C7 v2 Fixes the following CVEs: - CVE-2017-7518 - CVE-2017-0786 - CVE-2017-1000255 - CVE-2017-12188 - CVE-2017-15265 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-181-1/+1
| | | | | | | | | | The previous commit did not adjust PKG_RELEASE, therefore the hostapd/wpad/wpa_supplicant packages containing the AP-side workaround for KRACK do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* wireguard: version bump to 0.0.20171017Jason A. Donenfeld2017-10-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a simple version bump. Changes: * noise: handshake constants can be read-only after init * noise: no need to take the RCU lock if we're not dereferencing * send: improve dead packet control flow * receive: improve control flow * socket: eliminate dead code * device: our use of queues means this check is worthless * device: no need to take lock for integer comparison * blake2s: modernize API and have faster _final * compat: support READ_ONCE * compat: just make ro_after_init read_mostly Assorted cleanups to the module, including nice things like marking our precomputations as const. * Makefile: even prettier output * Makefile: do not clean before cloc * selftest: better test index for rate limiter * netns: disable accept_dad for all interfaces Fixes in our testing and build infrastructure. Now works on the 4.14 rc series. * qemu: add build-only target * qemu: work on ubuntu toolchain * qemu: add more debugging options to main makefile * qemu: simplify shutdown * qemu: open /dev/console if we're started early * qemu: phase out bitbanging * qemu: always create directory before untarring * qemu: newer packages * qemu: put hvc directive into configuration This is the beginning of working out a cross building test suite, so we do several tricks to be less platform independent. * tools: encoding: be more paranoid * tools: retry resolution except when fatal * tools: don't insist on having a private key * tools: add pass example to wg-quick man page * tools: style * tools: newline after warning * tools: account for padding being in zero attribute Several important tools fixes, one of which suppresses a needless warning. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: add wpa_disable_eapol_key_retries optionStijn Tintel2017-10-171-0/+5
| | | | | | | | | | | | | | Commit 2127425434046ae2b9f02fdbbdd37cac447af19c introduced an AP-side workaround for key reinstallation attacks. This option can be used to mitigate KRACK on the station side, in case those stations cannot be updated. Since many devices are out there will not receive an update anytime soon (if at all), it makes sense to include this workaround. Unfortunately this can cause interoperability issues and reduced robustness of key negotiation, so disable the workaround by default, and add an option to allow the user to enable it if he deems necessary. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: backport extra changes related to KRACKStijn Tintel2017-10-179-9/+442
| | | | | | | | While these changes are not included in the advisory, upstream encourages users to merge them. See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* Revert "ar71xx: Add GRO support to ag71xx"Felix Fietkau2017-10-171-3/+3
| | | | | | | | | | This reverts commit 13e5e473699b92f171205e0f5c57c9ebe7922492. This commit causes a severe regression in LAN->WAN routing performance for several devices. This appears to be caused by the extra requirement to validate the SKB checksum early in the rx path, which the ethernet hardware does not do Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-171-1/+1
| | | | | | | | | The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* mac80211: backport kernel fix for CVE-2017-13080Stijn Tintel2017-10-171-0/+81
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* at91: fix legacy buildHauke Mehrtens2017-10-161-2/+1
| | | | | | | | | | | The build system took the DTB_SIZE definition from Default and not from production-dtb under some conditions. Move the size definitions to Default now as it is only used in production-dtb anyway. Thanks Mathias Kresin for helping me with this. Fixes: c2f052acaeb ("at91: convert boards to generic build target") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ppp: make the patches apply correctly againHauke Mehrtens2017-10-161-1/+1
| | | | | | | This fixes a compile problem recently introduced by me. Fixes: f40fd43ab2f ("ppp: fix compile warning") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wireguard: add wireguard to base packagesJason A. Donenfeld2017-10-162-0/+308
| | | | | | | | | | | | | | | | | | | | | | | Move wireguard from openwrt/packages to base a package. This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving experimental kernel module that many find essential and useful. The other is a VPN client. Both are inside of core. When you combine the two characteristics, you get WireGuard. Generally speaking, because of the extremely lightweight nature and "stateless" configuration of WireGuard, many view it as a core and essential utility, initiated at boot time and immediately configured by netifd, much like the use of things like GRE tunnels. WireGuard has a backwards and forwards compatible Netlink API, which means the userspace tools should work with both newer and older kernels as things change. There should be no versioning requirements, therefore, between kernel bumps and userspace package bumps. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Acked-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Felix Fietkau <nbd@nbd.name>
* ramips: fix typo in MT7621 NAND driverFelix Fietkau2017-10-161-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: merge fixes for WPA packet number reuse with replayed messages and ↵Felix Fietkau2017-10-1614-29/+965
| | | | | | | | | | | | | | | | | | | | | key reinstallation Fixes: - CERT case ID: VU#228519 - CVE-2017-13077 - CVE-2017-13078 - CVE-2017-13079 - CVE-2017-13080 - CVE-2017-13081 - CVE-2017-13082 - CVE-2017-13086 - CVE-2017-13087 - CVE-2017-13088 For more information see: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Signed-off-by: Felix Fietkau <nbd@nbd.name>
* malta: activate some more standard kernel featuresHauke Mehrtens2017-10-151-5/+0
| | | | | | | | These options where deactivated in the malta kernel, take the default options form the generic kernel configuration now to better match the other targets. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* malta: upgrade to kernel 4.9Hauke Mehrtens2017-10-156-44/+32
| | | | | | This brings the MIPS malta target to kernel 4.9. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* malta: add 64 bit qemu commands to READMEHauke Mehrtens2017-10-151-2/+8
| | | | | | This shows how to boot up the 64 bit images. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ppp: fix compile warningHauke Mehrtens2017-10-151-0/+1
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: xrx200: rename nas0/ptm0 to dsl0Martin Schiller2017-10-155-4/+69
| | | | | | | | | | | | | This change makes it possible to configure the wan/dsl ppp interface settings independantly from the used TC-Layer (ATM/PTM). Now you can move a device from an ADSL/ATM port to an VDSL/PTM port without any configuration changes for example. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [use the dsl0 interface name for the default netdev trigger in 01_led, add ip dependency] Signed-off-by: Mathias Kresin <dev@kresin.me>
* mac80211: ath6kl: add missing usb-core dependency to kmod-ath6kl-usbHauke Mehrtens2017-10-151-1/+1
| | | | | | | This fixes a build problem with many targets. Fixes 618ed77a17422a ("mac80211: add ath6kl kernel modules") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* binutils: add version 2.29.1Hauke Mehrtens2017-10-157-0/+110
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: kmod-macsec module for 4.9Christian Lamparter2017-10-151-0/+15
| | | | | | | | | | | | | | | | | | | MACsec/IEEE 802.1AE is useful to secure communication to and from endpoints at Layer 2. Starting with 4.6, the linux kernel provides a universal macsec driver for authentication and encryption of traffic in a LAN, typically with GCM-AES-128, and optional replay protection. http://standards.ieee.org/getieee802/download/802.1AE-2006.pdf Note: LEDE can utilize MACsec with a static connectivity association key (static PSK) with the ip-full package installed. <http://man7.org/linux/man-pages/man8/ip-macsec.8.html> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* libs/libnl: Update to 3.3.0Daniel Engberg2017-10-156-115/+298
| | | | | | | | | | Update libnl to 3.3.0 Import patches to fix compilation Source: https://git.busybox.net/buildroot/tree/package/libnl Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287 Use more automatic toolchain logic Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* package/kernel/leds-apu2: add apu3 board detectionFlorian Eckert2017-10-151-1/+4
| | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* package/kernel/leds-apu2: fix whitespacesFlorian Eckert2017-10-151-15/+15
| | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* toolchain/glibc: Update to 2.26Daniel Engberg2017-10-151-2/+2
| | | | | | Update glibc to 2.26 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mvebu: clean up ClearFog Base package selectionRyan Mounce2017-10-151-6/+2
| | | | | | | | | | It is unclear why so many packages are selected for ClearFog Base compared to its big brother, and there is no reason to not append metadata for Base. Tidy this up as the only hardware difference between Base/Pro is the presence of a switch and a different board name / device tree. Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
* mvebu: Fix ClearFog sysupgrade board definitionsRyan Mounce2017-10-151-5/+2
| | | | | | | Remove redundancy for platform_do_upgrade_clearfog Fix platform_copy_config_clearfog to reflect -base/-pro split Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
* mvebu: Sort 02_network alphabeticallyRyan Mounce2017-10-151-6/+6
| | | | Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
* wpan-tools: add the wpan-ping to test the 6LoWPAN networkYunhui Fu2017-10-151-0/+1
| | | | | | | This patch adds the help tool wpan-ping to test the 6LoWPAN network to help the user debug network problem. Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
* toolchain/gcc: update 5.x to 5.5.0Ryan Mounce2017-10-1543-44/+25
| | | | | | | | | | This is the final bugfix release in the gcc-5 series. Compile and run tested on macOS 10.13 (Xcode 9), mvebu/ar71xx. Removed redundant patch for macOS (backported upstream by yours truly) Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
* at91: add support for the WB50N module from LairdBen Whitten2017-10-154-0/+348
| | | | | | | | | | | | | | This module from Laird includes the following: - CPU Atmel SoC SAMA5D31 - Wifi QCA6004 - Bluetooth CSR8811 - RAM 64MB LPDDR - FLASH 128MB The flash is a dual image layout, kernel a/b, rootfs a/b, and a user partition. Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
* at91: add support for the WB45N module from LairdBen Whitten2017-10-154-0/+253
| | | | | | | | | | | | | | This module from Laird includes the following: - CPU Atmel SoC ARM926EJS - Wifi AR6003 - Bluetooth CSR8510 - RAM 64MB LPDDR - FLASH 128MB The flash is a dual image layout, kernel a/b, rootfs a/b, and a user partition. Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
* mac80211: add ath6kl kernel modulesBen Whitten2017-10-151-2/+47
| | | | | | Allow board to include the ath6kl kernel modules. Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
* linux-firmware: add ath6k firmware to packageBen Whitten2017-10-151-0/+10
| | | | | | | Systems which include the ath6k chipset need to have the firmware included in the image. Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
* at91: separate MKUBIFS opts to defaults in the sub targetBen Whitten2017-10-153-13/+18
| | | | | | | Instead of applying global defaults based on selected board, transition to using a per board setting for UBIFS and UBINIZE. Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
* at91: refresh kernel config, enable UBI block and DMABen Whitten2017-10-151-1/+6
| | | | | | | | | The platform generates squashfs images in a UBI block but misses the kernel module to be able to mount the block. DMA is also enabled to allow systems which include them in the DTS to use it. Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
* sunxi: backport support for Allwinner Security System PRNGLucian Cristian2017-10-153-0/+208
| | | | Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* busybox: provide "ip"Hans Dedecker2017-10-141-0/+1
| | | | | | | Let busybox provide "ip" as it supports the ip applets link, address, route, rule and neighbor Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ar71xx: add support for Mikrotik RB750P-PBr2Robert Marko2017-10-149-2/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifications: - SoC: Qualcomm QCA9531 (650MHz) - RAM: 64MB - Storage: 16MB NOR SPI flash - Ethernet: 5x100M (1 PoE in, 4 PoE out) - Outdoor use ready This ethernet router is based on the same platform as the hEX PoE lite. Installation 1. login to the Mikrotik WebUI to backup your licence keys 2. setup a DHCP/BOOTP Server with: * DHCP-Option 66 (TFTP server name) pointing to a local TFTP Server within the same subnet of the DHCP range * DHCP-Option 67 (Bootfile-Name) matching the initramfs filename of the to be booted image 3. connect the port labled internet to your local network 4. keep the reset button pushed down and power on the board The board should load and start the initramfs image from the TFTP Server. Login as root/without password to the started LEDE via ssh listing on IPv4 address 192.168.1.1. Use sysupgrade to install LEDE. Revert to RouterOS Use the "rbcfg" package on in LEDE: * rbcfg set boot_protocol bootp * rbcfg set boot_device ethnand * rbcfg apply Open Netinstall and reboot routerboard. Now netinstall sees routerboard and you can install RouterOS. If NetInstall gets stuck on Sending offer just wait for it to timeout and then close and open Netinstall again. Click on install again. In order for RouterOS to function properly, you need to restore license for the device. You can do that by including license in NetInstall Signed-off-by: Robert Marko <robimarko@gmail.com>
* ramips: add support for Kimax U25AWF-H1Daniel Kucera2017-10-147-0/+125
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Kimax U-25AWF-H1 is is a 2,5" HDD Enclosure with Wi-Fi/Eth conection and battery, based on MediaTek MT7620A. Patch rewritten from: https://forum.openwrt.org/viewtopic.php?pid=305643 Specification: - MT7620A CPU - 64 MB of RAM - 16 MB of FLASH - 802.11bgn WiFi - 1x 10/100 Mbps Ethernet - USB 2.0 Host - UART for serial console Flash instruction: 1. Download lede-ramips-mt7620-u25awf-h1-squashfs-sysupgrade.bin 2. Open webinterface a upgrade 3. After boot connect via ethernet to ip 192.168.1.1 Signed-off-by: Daniel Kucera <daniel.kucera@gmail.com> [fix reset button gpio, don't add a lan/wan vlan config for single port board, add -H1 suffix do make sure that this revision of the board is supported/tested] Signed-off-by: Mathias Kresin <dev@kresin.me>
* mpc85xx: Add Aerohive HiveAP-330 Access PointChris Blake2017-10-1411-10/+458
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following adds the Aerohive HiveAP-330 Access Point to LEDE under the mpc85xx/p1020 subtarget. Hardware: - SoC: Freescale P1020NSE2DFB - NAND: Intel JS28F512M29EWH 64MB - Memory: 2x ProMOS V59C1G01168QBJ3 128MB (Total of 256MB) - 2.4GHz WiFi: Atheros AR9390-AL1A - 5.0GHz WiFi: Atheros AR9390-AL1A - Eth1: Atheros AR8035-A PoE - Eth2: Atheros AR8035-A - TPM: Atmel AT97SC3204 - LED Driver: TI LP5521 Flashing: 1. Hook into UART (9600 baud) and enter U-Boot. You may need to enter a password of administrator or AhNf?d@ta06 if prompted. 2. Once in U-Boot, tftp boot the initramfs image: dhcp; tftpboot 0x1000000 192.168.1.101:lede- mpc85xx-p1020-hiveap-330-initramfs.zImage; tftpboot 0x6000000 192.168.1.101:lede-mpc85xx-p1020-hiveap-330.fdt; bootm 0x1000000 - 0x6000000; 3. Once booted, scp over the sysupgrade file and sysupgrade the device to flash LEDE to the NAND. sysupgrade /tmp/lede-mpc85xx-p1020-hiveap-330-sysupgrade.img Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
* mpc85xx: Add cmdline override patchChris Blake2017-10-142-0/+38
| | | | | | | | | | This patch adds a new kernel option called CONFIG_CMDLINE_OVERRIDE. This setting is for devices with locked down u-boot environments, where users are unable to change the default bootargs. When set, the fdt driver will propagate the cmdline for the kernel from chosen/bootargs-override instead of chosen/bootargs as long as it exists within the DTB. Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
* mpc85xx: Enable initramfs for p1020 subtargetChris Blake2017-10-142-1/+2
| | | | | | | The following patch enables building of initramfs images by default for the P1020 subtarget in mpc85xx. Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
* at91: Add ext4 filesystemSandeep Sheriker Mallikarjun2017-10-141-1/+1
| | | | | | | Add ext4 filesystem for creating sdcard image with ext4 rootfs and removing ext2 as it superset of ext4. Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
* at91: Enable SDHCI for sama5 in default configSandeep Sheriker Mallikarjun2017-10-141-0/+4
| | | | | | | Enabled SDHCI for sama5 in kernel default config and this is needed to mount sdcard rootfs partition during boot. Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
* at91bootstrap: remove manual copy of binaries to BIN_DIRSandeep Sheriker Mallikarjun2017-10-141-2/+10
| | | | | | | removed copying of binaries to BIN_DIR during install and using default/install to install binaries to BIN_DIR folder. Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
* at91bootstrap: Add BUILD_SUBTARGET variableSandeep Sheriker Mallikarjun2017-10-141-2/+3
| | | | | | | | | Added sama5 to BUILD_SUBTARGET variable.This will populate at91bootstrap menu options in bootloader menu only when SAMA5 devices are selected as SUBTARGET and to avoid showing up this menu when legacy device is selected as SUBTARGET and fixed typo mistake: sama5d3 -> sama5d2. Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
* at91: refresh kernel configurationHauke Mehrtens2017-10-143-48/+35
| | | | | | | This was done by running "make kernel_oldconfig" and "make kernel_oldconfig CONFIG_TARGET=subtarget" Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-at91: multiple build fixesHauke Mehrtens2017-10-141-21/+23
| | | | | | | | | | | This fixes the following problems: * Add BUILD_DEVICES for legacy subtarget * Use features from u-boot.mk for sama5 subtarget This is mainly done by changing the prefix from uboot to U-Boot. This makes them depend on the sama5 subtarget and not selectable for the legacy subtarget any more Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.4 to 4.4.92Kevin Darbyshire-Bryant2017-10-141-2/+2
| | | | | | | | | No patch refresh changes required. Compile tested for: ar71xx Archer C7 v2 Run tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>