aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ar71xx: add support for Cisco Meraki Z1 Cloud Managed Teleworker GatewayChris Blake2016-09-2716-19/+293
| | | | | | | | | This patch adds support for Cisco's Z1. Detailed instructions for the flashing the device can be found in the OpenWrt wiki: <https://wiki.openwrt.org/toh/meraki/z1> Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
* openssl: update to 1.0.2jMagnus Kroken2016-09-273-49/+2
| | | | | | | | | | | | | | A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. Patches applied upstream: * 301-fix_no_nextprotoneg_build.patch * 302-Fix_typo_introduced_by_a03f81f4.patch Security advisory: https://www.openssl.org/news/secadv/20160926.txt Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* ramips : add support for Newifi D1BangLang Huang2016-09-277-0/+178
| | | | Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
* ramips : add support for PandoraBox D1BangLang Huang2016-09-277-1/+177
| | | | Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
* fortify-headers: update to 0.8Kevin Darbyshire-Bryant2016-09-271-2/+2
| | | | Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* linux-firmware: Add mirrorsdiizzyy2016-09-271-1/+3
| | | | | | | Adds Google's mirrors as primary source and kernel.org as fallback. Discussed in #lede-dev on Freenode Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* openssl: Make DTLS configurable.Rosen Penev2016-09-272-0/+10
| | | | Signed-off by: Rosen Penev <rosenp@gmail.com>
* openssl: Remove J-PAKE. Nothing uses it.Rosen Penev2016-09-271-1/+2
| | | | Signed-off by: Rosen Penev <rosenp@gmail.com>
* busybox: v1.25.0 upstream patchesKevin Darbyshire-Bryant2016-09-273-0/+75
| | | | | | Include upstream patches for gzip, ip & ntpd. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* libjson-c: Update to 0.12.1Daniel Engberg2016-09-272-26/+5
| | | | | | Updates libjson-c and removes backport patch. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* libunwind: use url aliasdiizzyy2016-09-271-1/+1
| | | | | | Use alias instead of hardcoded URL Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* uml: set inittab for working consoleAdrian Panella2016-09-271-0/+4
| | | | Signed-off-by: Adrian Panella <ianchi74@outlook.com>
* ramips: Add support for ZBT-CPE102Cezary Jackiewicz2016-09-277-0/+136
| | | | | | | | | | - CPU: MT7620N 580MHz - Flash: 8MB - RAM: 64MB - build-in minipcie slot for modem 3G/4G - one ethernet port 10/100Mbps Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
* iwinfo: fix WPA cipher reportingJo-Philipp Wich2016-09-271-2/+2
| | | | | | | | | | | Within the Lua binding, use the same logic as the command line interface for reporting the used WPA ciphers. Instead of printing the intersection of pairwise and group ciphers, report both group and pairwise ciphers. This fixes a case where a connection which uses CCMP for pairwise and TKIP as groupwise cipher is getting reported as using the NONE cipher. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iproute: properly support high routing table IDsJo-Philipp Wich2016-09-273-24/+487
| | | | | | | | | | | | | | | | | | | | | The Linux kernel uses two distinct fields to denote the routing table ID in use by network routes; the 8 bit `rtm_table` member of `struct rtmsg` and the 32 bit `RTA_TABLE` netlink attribute. If a routing table ID is larger than 255, the `RT_TABLE` attribute must be used and the `rtm_table` field has to be set to the special `RT_TABLE_UNSPEC` value. This commit adds a patch which... - switches the *_n2a() and *_a2n() functions of rt_names.c to use dynamically sized, name-sorted arrays instead of fixed arrays limited to 1024 slots in order to support IDs up to 65535 - adds proper handling of high table IDs to iprule.c and iproute.c when adding, removing and dumping ip rules and network routes After this change, the Busybox ip applet fully supports IP rules with high ID numbers, using the same logic as the full iproute2. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* 6in4: fix invalid local variable declaration (FS#188)Jo-Philipp Wich2016-09-272-3/+3
| | | | | | | | Remove an invalid local variable declaration in the tunnel update subshell invocation. Local declarations outside of function scopes are illegal since the Busybox update to version 1.25.0 . Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mac80211: backport brcmfmac changes from 2016-09-26Rafał Miłecki2016-09-2726-2/+1316
| | | | | | | All these patches are in wireless-drirvers-next. There is support for hidden SSID, few new devices and many fixes. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* rootfs: fail on errors in postinst scriptsMatthias Schiffer2016-09-261-0/+5
| | | | | | | | | | | | | | The Gluon firmware framework [1] uses postinst scripts for sanity checks. Make the build fail when a postinst script exits with an error to make these sanity checks effective. All postinst scripts in packages from the LEDE core and the packages feed seem to work correctly with this change and will always return 0 unless something is very broken. [1] https://github.com/freifunk-gluon/gluon Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* rootfs: remove unnecessary and potentially harmful force flags from opkg callMatthias Schiffer2016-09-262-4/+1
| | | | | | | | | | | | Especially --force-overwrite and --force-depends will often lead to broken images; it's better to fail the build in such cases than to silently ignore the errors. Instead, ignore errors in the per-device rootfs opkg remove command, so the build doesn't break when packages can't be removed because of dependencies. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* image: per-device rootfs: first remove, then install packagesMatthias Schiffer2016-09-261-3/+3
| | | | | | | | Some DEVICE_PACKAGES definitions replace one package variant with another (e.g. wpad-mini is replaced with wpad). To avoid file conflicts, first remove, then install packages. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* base-files: make default_prerm work offlineMatthias Schiffer2016-09-261-4/+12
| | | | | | | IPKG_INSTROOT must be respected for offline removal (used for per-device rootfs). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* ramips: fix DEVICE_PACKAGES of Ubiquiti EdgeRouter XMatthias Schiffer2016-09-261-1/+1
| | | | | | | kmod-rt2x00-lib and kmod-mac80211 need to be removed, as they depend on kmod-cfg80211. kmod-rt2800-pci should not be installed anyways. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* ar71xx: clean up DEVICE_PACKAGES of legacy devicesMatthias Schiffer2016-09-261-43/+22
| | | | | | Remove arbitrary or redundant packages from DEVICE_PACKAGES. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* image: don't modify file permissions before rootfs generationMatthias Schiffer2016-09-262-22/+3
| | | | | | | | | | | | | | | | Modifying the file permissions can be harmful, as it would make files world-readable even if they weren't in the ipk packages. The Image/mkfs/prepare step is removed completely, as it is redundant now (/tmp and /overlay are already provided by base-files with the correct permissions). It has been verified that this change does not affect any permissions of files in the default package set except /etc/ppp/chap-secrets, which was world-readable before. All packages not in the default set are more likely to be installed via opkg than being part of a base image and thus were usually not affected by the permission modification anyways. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* base-files: fix check for empty password warningMatthias Schiffer2016-09-261-2/+1
| | | | | | | | | | | | | Now that we know that the password is in /etc/shadow and not in /etc/passwd, we can properly fix the logic for the empty password check. Only 'root::' is an empty password, 'root:x:' and 'root:!:' allow no password login at all. This fixes the empty password warning still showing after the root password has been locked using 'passwd -l root' (e.g. to allow public-key auth only). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* config: enable shadow passwords unconditionallyMatthias Schiffer2016-09-263-5/+0
| | | | | | | | | | | | | Configurations without shadow passwords have been broken since the removal of telnet: as the default entry in /etc/passwd is not empty (but rather unset), there will be no way to log onto such a system by default. As disabling shadow passwords is not useful anyways, remove this configuration option. The config symbol is kept (for a while), as packages from feeds depend on it. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* mac80211: fix crash in mac80211_hwsimFelix Fietkau2016-09-261-0/+11
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mvebu: add switch config for clearfog proJonas Gorski2016-09-261-0/+3
| | | | | | Check for switch0 existance and add default switch config if found. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* mvebu: add sysupgrade support for clearfogJonas Gorski2016-09-265-8/+79
| | | | | | | | Add and enable sysupgrade support for clearfog boards, based on how the brcm2708 target does it. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Felix Fietkau <nbd@nbd.name>
* mvebu: add switch node to clearfogJonas Gorski2016-09-262-1/+22
| | | | | | | | Add a switch node to clearfog to probe and initialize it on Clearfog Pro. This make the switch work and allows using all six switch ports. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Felix Fietkau <nbd@nbd.name>
* mvsw61xx: enable SerDes on 6176 if requiredJonas Gorski2016-09-262-0/+59
| | | | | | | | If the cpu port is connected through SGMII we need to enable SerDes for it to work. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Felix Fietkau <nbd@nbd.name>
* mvsw61xx: reset phys on probe to enable switch ports on clearfog proJonas Gorski2016-09-262-1/+54
| | | | | | | | The clearfog u-boot does not initialize the switch at all, so we need to power up the phys ourselves. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Felix Fietkau <nbd@nbd.name>
* mvebu: replace ClearFog dts files with patches from upstreamJonas Gorski2016-09-267-582/+909
| | | | | | | | Make the dts file match with what is upstream, to ensure it has the latest changes and switching to newer kernels is easier. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Felix Fietkau <nbd@nbd.name>
* mvebu: enable PCA955x driver for clearfog to enable pcie and usbJonas Gorski2016-09-261-0/+2
| | | | | | | | | Some of the PCIe and USB signals use a GPIO expander on I2C on ClearFog, so enable the driver so that they can be configured to their required values. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Felix Fietkau <nbd@nbd.name>
* uboot-mvebu: reset the 88E1512 PHY to make the wan port workJonas Gorski2016-09-261-0/+32
| | | | | Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Felix Fietkau <nbd@nbd.name>
* uboot-mvebu: make hidden and be m for clearfog to fix IB failing to add itJonas Gorski2016-09-262-4/+6
| | | | | | | | | | | | | Uboot-mvebu isn't a real package, which will break the image builder when it tries to install it during the packing step. Instead of cleafog selecting it through its default packages, make it default to m if the clearfog profile is selected. This will ensure it is always build, but never added to the rootfs. This fixes creating images for clearfog with IB. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Felix Fietkau <nbd@nbd.name>
* uboot-mvebu: also install into KDIR to ensure it packaged in IBJonas Gorski2016-09-262-1/+4
| | | | | | | | The clearfog image requires u-boot, so package it into KDIR to make sure it is available in imageBuilder. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Felix Fietkau <nbd@nbd.name>
* ptgen: work around gcc miscompilationJonas Gorski2016-09-261-1/+3
| | | | | | | Some gcc versions seem to miscompile code using ternary operators, work around this by just returning the result if exp is 0. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* ramips: move /lib/ramips.sh include in /etc/init.d/bootcount into start()Matthias Schiffer2016-09-251-1/+2
| | | | | | Enabling the init script offline will print an error otherwise. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* fstools: mark as nonshared and add missing PKG_CONFIG_DEPENDSMatthias Schiffer2016-09-251-0/+3
| | | | | | | The fstools build depends on the CONFIG_NAND_SUPPORT flag, which is target-specific. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* image: fix CONFIG_CLEAN_IPKG with CONFIG_TARGET_PER_DEVICE_ROOTFSMatthias Schiffer2016-09-253-2/+7
| | | | | | | | | | | Running prepare_rootfs on TARGET_DIR deletes the opkg state when CONFIG_CLEAN_IPKG is enabled, making the per-device rootfs package install fail. To avoid this, create a copy of the TARGET_DIR before prepare_rootfs is run and use this as basis for per-device rootfs generation. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* kernel: remove duplicate br-netfilter file and Kconfig symbol from kmod-ebtablesMatthias Schiffer2016-09-241-5/+2
| | | | | | | br_netfilter.ko and the corresponding Kconfig symbol are already provided by kmod-br-netfilter, which is a dependency of kmod-ebtables. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* openssl: backport build fix when hardware support is usedHauke Mehrtens2016-09-242-0/+35
| | | | | | | This fix added to the openssl 1.0.2 branch. In addition add the header for the existing backport. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ar71xx: add model detection for many Ubiquiti AirMax XM devicesNeal Oakey2016-09-241-0/+36
| | | | | | Signed-off-by: Neal Oakey <neal.oakey@bingo-ev.de> [Matthias Schiffer: minor adjustments] Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* image: per-device rootfs: don't fail without opkgMatthias Schiffer2016-09-241-2/+2
| | | | | | | Ignore errors caused by /etc/opkg not existing (i.e. when opkg is not selected). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* image: allow specifying additional packages for device-specific rootfsMatthias Schiffer2016-09-242-3/+24
| | | | | | | | Add a new option to each device in multi-profile mode, allowing to provide a list of packages to add or remove. In case of added packages, the user must take care that these are selected to be built. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* treewide: remove bad local shell variable declarationsJo-Philipp Wich2016-09-247-21/+16
| | | | | | | Local variable declarations outside of functions are illegal since the Busybox update to v1.25.0, therfore remove them from the appropriate places. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* curl: update to version 7.50.3Hauke Mehrtens2016-09-242-3/+3
| | | | | | | | | | | | | | This fixes the following security problems: 7.50.1: CVE-2016-5419 TLS session resumption client cert bypass CVE-2016-5420 Re-using connections with wrong client cert CVE-2016-5421 use of connection struct after free 7.50.2: CVE-2016-7141 Incorrect reuse of client certificates 7.50.3: CVE-2016-7167 curl escape and unescape integer overflows Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: update to 1.0.2iMagnus Kroken2016-09-247-43/+19
| | | | | | | | | | | | | | | Drop 302-fix_no_cmac_build.patch, it has been applied upstream. Security fixes: * (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305) * 10 Low severity issues Security advisory: https://www.openssl.org/news/secadv/20160922.txt Changelog: https://www.openssl.org/news/cl102.txt Signed-off-by: Magnus Kroken <mkroken@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* image: don't override opkg list directory in per-device rootfs modeMatthias Schiffer2016-09-242-5/+3
| | | | | | | | | | | | opkg's -l option is always interpreted relative to the installation root. This leads to very weird paths inside the rootfs (containing the whole path to the LEDE tree on the build machine) and causes the subsequent deletion of the list directory to fail (cluttering the resulting images). Instead, use the default list directory and remove its contents in prepare_rootfs. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>