aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* x86: disable X2APIC support for legacy subtargetsJo-Philipp Wich2017-06-022-0/+2
| | | | | | | | | Explicitely disable X2APIC support on legacy targets since the targeted processor types do not support it anyway there. Fixes FS#285. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* umdns: remove superfluous include in init scriptJo-Philipp Wich2017-06-021-2/+0
| | | | | | | | | | | | | The umdns init script includes function/network.sh globally, outside of any service procedure. This causes init script activation to fail in buildroot and IB context if umdns is set to builtin. Additionally, the network.sh helper is not actually used. Drop the entire include in order to repair init script activation in build host context. Fixes FS#658. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: bump to 2.77Jo-Philipp Wich2017-06-026-393/+22
| | | | | | | | | | | This is a cumulative backport of multiple dnsmasq update commits in master. Drops three LEDE specific patches which are included upstream and another patch which became obsolete. Remaining LEDE specific patches are rebased. Fixes FS#766 - Intermittent SIGSEGV crash of dnsmasq-full. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: make tftp root if not existingAlberto Bursi2017-06-021-1/+1
| | | | | | | | | | If there's a TFTP root directory configured, create it with mkdir -p (which does not throw an error if the folder exists already) before starting dnsmasq. This is useful for TFTP roots in /tmp, for example. Originally submitted by nfw user aka Nathaniel Wesley Filardo Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
* dnsmasq: use logical interface name for dhcp relay configKarl Vogel2017-06-021-1/+2
| | | | | | | | | The relay section should use the logical interface name and not the linux network device name directly. This to be consistent with other sections of the dnsmasq config where 'interface' means the logical interface. Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
* dnsmasq: don't point --resolv-file to default location unconditionallyPhilip Prindeville2017-06-021-3/+3
| | | | | | | If noresolv is set, we should not generate a --resolv-file parameter. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [minor cleanup]
* ar71xx: fix Wallys DR344 GPIO-connected LEDs and buttonPiotr Dymacz2017-05-303-10/+33
| | | | | | | | | | | | | | | | | | | | This fixes wrong GPIO numbers for LEDs and button in Wallys DR344 board and sets color of all LEDs to green as the mass production boards have only green one. Actually, DR344 has 6 GPIO-connected LEDs and one button: - GPIO11: status - GPIO12: sig1 - GPIO13: sig2 - GPIO14: sig3 - GPIO15: sig4 - GPIO16: reset button - GPIO17: lan WAN LED is connected directly with AR8035 PHY. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: set GE interface as wan by default in Wallys DR344Piotr Dymacz2017-05-301-1/+1
| | | | | | | This aligns default network interfaces configuration with vendor firmware: GE (eth0) -> wan, FE (eth1) -> lan. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: fix GE interface support in Wallys DR344Piotr Dymacz2017-05-301-30/+8
| | | | | | | | GMAC0 interface of AR9344 SOC in Wallys DR344 board is connected with AR8035, not with AR8327. Without this fix, GE interface doesn't work at all or shows high packet loss ratio. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* toolchain/gdb: update to version 7.12.1Etienne Haarsma2017-05-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | Update gdb to version 7.12.1. GDB 7.12.1 brings the following fixes and enhancements over GDB 7.12: * PR tdep/20682 (aarch64 regression: gdb.cp/nextoverthrow.exp) * PR server/20733 (Failed to build aarch64_be-linux-gnu GDBserver) * PR tdep/20953 (GDB crashes after "set architecture rl78") * PR tdep/20954 (GDB crashes if "set architecture rx") * PR tdep/20955 (GDB internal error in cris-tdep.c) * PR build/20712 (gdb 7.12+ doesn't build as C++ on Solaris) * PR breakpoint/20653 (string_to_explicit_location has some weird code) * PR build/20753 (MinGW compilation errors due to strcasecmp) * PR gdb/20977 (GDB exception handling is broken on i686-w64-mingw32) * PR python/21048 (backtrace is broken on i686) * PR sim/20808 (mips sim build fails due to undefined SD/CPU variables) * PR sim/20809 (mips sim build fails for r3900 cpus) * PR gdb/20939 (GDB aborts Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
* usbmode: update usb-modeswitch-data to 20170205Julian Labus2017-05-291-2/+2
| | | | | | add support for new hardware Signed-off-by: Julian Labus <julian@labus-online.de>
* usbmode: update to latest versionJulian Labus2017-05-291-3/+3
| | | | | | 453da8e convert-modeswitch.pl: fix message indices Signed-off-by: Julian Labus <julian@labus-online.de>
* usbmode: Update to latest HEADFlorian Fainelli2017-05-291-3/+3
| | | | | | | | | | | Brings the following changes: 22f041e18df0 Extend StandardEject sequence to include LUN 1 61fdf7e9b1cc cmake: Search for libjson-c 2769852e76b5 cmake: Find libubox/blobmsg_json.h 8a47c4b6649f add TargetClass support Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* samba: bump PKG_RELEASEJo-Philipp Wich2017-05-271-1/+1
| | | | | | | | | | | The previous CVE bugfix commit did not adjust PKG_RELEASE, therefor the fixed samba package does not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Ref: https://forum.lede-project.org/t/sambacry-are-lede-devices-affected/3972/4 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall: resync with masterJo-Philipp Wich2017-05-271-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update to latest Git HEAD in order to import a number of fixes and other improvements: a4d98ae options: remove stray continue statement 3d2c18a options: improve handling of negations when parsing space separated values 0e5dd73 iptables: support -i, -o, -s and -d in option extra 4cb06c7 ubus: increase ubus network interface dump timeout e5dfc82 iptables: add exception handling f625954 firewall3: add check_snat() function 7d3d9dc firewall3: display the section type for UBUS rules 53ef9f1 firewall3: add UBUS support for include scripts 5cd4af4 firewall3: add UBUS support for ipset sections 02d6832 firewall3: add UBUS support for forwarding sections 0a7d36d firewall3: add UBUS support for redirect sections d44f418 firewall3: add fw3_attr_parse_name_type() function e264c8e firewall3: replace warn_rule() by warn_section() 6039c7f firewall3: check the return value of fw3_parse_options() c328d1f build: use -Wno-format-truncation instead of -Wno-error=format-truncation e06e537 utils: replace sprintf use with snprintf to avoid overflows 533f834 build: disable the format-truncation warning error to fix gcc 7 build errors e751cde zones: drop outgoing invalid traffic in masqueraded zones d596f72 rules: fix UCI context in error reporting 1d0564c ubus: fix interface name and proto lookup 82ccd9e firewall3: fix handling of UTC times 1949e0c iptables: support xtables API > 11 Fixes FS#548, FS#640, FS#806, FS#811. Ref: https://forum.lede-project.org/t/nat-leakage-on-tl-wr1043nd-v4/1712 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mac80211, hostapd: always explicitly set beacon intervalMatthias Schiffer2017-05-274-9/+10
| | | | | | | | | | | | | | | | One of the latest mac80211 updates added sanity checks, requiring the beacon intervals of all VIFs of the same radio to match. This often broke AP+11s setups, as these modes use different default intervals, at least in some configurations (observed on ath9k). Instead of relying on driver or hostapd defaults, change the scripts to always explicitly set the beacon interval, defaulting to 100. This also applies the beacon interval to 11s interfaces, which had been forgotten before. VIF-specific beacon_int setting is removed from hostapd.sh. Fixes FS#619. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* hostapd: add legacy_rates option to disable 802.11b data rates.Nick Lowe2017-05-271-8/+20
| | | | | | | | | | | | | | | | | | Setting legacy_rates to 0 disables 802.11b data rates. Setting legacy_rates to 1 enables 802.11b data rates. (Default) The basic_rate option and supported_rates option are filtered based on this. The rationale for the change, stronger now than in 2014, can be found in: https://mentor.ieee.org/802.11/dcn/14/11-14-0099-00-000m-renewing-2-4ghz-band.pptx The balance of equities between compatibility with b clients and the detriment to the 2.4 GHz ecosystem as a whole strongly favors disabling b rates by default. Signed-off-by: Nick Lowe <nick.lowe@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, defaults change]
* ipq806x: fix Netgear X4 R7500 ath10k firmware selectionThomas Reifferscheid2017-05-271-1/+1
| | | | | | | Netgear X4 R7500 comes with a QCA988X. Select a firmware that matches the ath10k chipset Signed-off-by: Thomas Reifferscheid <thomas@reifferscheid.org>
* treewide: select ath10k firmware explicitMathias Kresin2017-05-271-1/+1
| | | | | | Do not rely on the default firmware selected by ath10k. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ath10k-firmware: do not select the qca988x by defaultMathias Kresin2017-05-271-1/+0
| | | | | | | | Do not select the qca988x by default as soon as kmod-ath10k is selected. We do support more ath10k chips than the qca988x in the meantime, so this dependency doesn't make sense any longer. Signed-off-by: Mathias Kresin <dev@kresin.me>
* build: fix possible issue with kmod package having multiple AutoLoad'sYousong Zhou2017-05-271-9/+12
| | | | | | | | | | | This commit contains the following changes - Use local shell var where appliable - The $(sort $$$$$$$$mods) call will have no expected effect - Avoid EEXIST when creating symlinks in /etc/modules-boot.d/ - Avoid duplicate arguments for insert_modules() in postinst-pkg Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* kernel: update kernel 4.4 to 4.4.70Hauke Mehrtens2017-05-274-7/+7
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: fix autoloading arch-specific modulesYousong Zhou2017-05-253-9/+9
| | | | | | Fixes FS#745 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* backlight-pwm: fix module descriptionYousong Zhou2017-05-251-1/+1
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* kernel: update kernel 4.4 to 4.4.69Stijn Segers2017-05-2428-474/+143
| | | | | | | | | | | | | | | | | | | | | Bump the 17.01 tree kernel to 4.4.69. Trunk 4.4 and 17.01 4.4 have diverged, talked this through with jow, he was okay with a clean diff against 17.01 and not a backported trunk patch. The following patches were applied upstream: * 062-[1-6]-MIPS-* series * 042-0004-mtd-bcm47xxpart-fix-parsing-first-block Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup, as it was incorrectly included upstream thus dropped from LEDE, but subsequently reverted upstream. Thanks to Kevin Darbyshire-Bryant for pointing me to it. Compile-tested on: ar71xx, ramips/mt7621, x86/64. Run-tested on: ar71xx, ramips/mt7621, x86/64. Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
* binutils: fix build with host gcc < 4.9Hauke Mehrtens2017-05-242-0/+1323
| | | | | | | | | binutils 2.27 checks if the target compiler supports -Wstack- usage=262144, and also uses this setting for the host compiler. If the host compiler is gcc < 4.9 binutils build will fail. This backports 2 commits which are fixing this problem for binutils 2.28. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* util-linux: fix build with uclibcHauke Mehrtens2017-05-241-0/+24
| | | | | | | | | | Fix build of scriptreplay with uClibc. Some parts of the libm detection were backported to 2.29.2, but some parts were missing, which are added here. This patch is needed when libm is a separate library, this is not needed for LEDE master, because libm is there integrated in the libc for uClibc and musl. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* dropbear: bump to 2017.75Kevin Darbyshire-Bryant2017-05-242-17/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Security: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys A user could symlink their ~/.ssh/authorized_keys to a root-owned file they couldn't normally read. If they managed to get that file to contain valid authorized_keys with command= options it might be possible to read other contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 Refresh patches, rework 100-pubkey_path.patch to work with new authorized_keys validation. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* samba: fix CVE-2017-7494Stijn Tintel2017-05-242-4/+33
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 3f0d3d12da77d8833a725f99f6fa08640678a1ae)
* umdns: update to the version 2017-05-22Rafał Miłecki2017-05-221-3/+3
| | | | | | | | | | | | | | | | | This includes following changes: 0e8b948 Support specifying instance name in JSON file 49fdb9f Support PTR queries for a specific service 26ce7dc Allow filtering with instance name in service_reply 920c62a Store instance name in the struct service ff09d9a Rename service_name function to the service_instance_name 64f78f1 Rename mdns_hostname variable to the umdns_host_label Previous package update pulled commit 70c66fbbcde86 ("Fix sending replies to PTR questions") which introduced a regression which this update fixes. Fixes: 474c31a20d834 ("umdns: update to the version 2017-03-21") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: add support for TP-LINK Archer C5 V2Rafał Miłecki2017-05-223-2/+36
| | | | | | | | This model also contains few partitions non-discoverable partitions we need to "protect". Othen than that it uses non-deprecated serial entry in DTS that doesn't work with LEDE so we need to workaround it as well. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* firmware-utils: tplink-safeloader: add support for Archer C5 V2Rafał Miłecki2017-05-221-0/+34
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* fstools: backport regression fix for volume_identifyRafał Miłecki2017-05-222-0/+57
| | | | | | | This fixes regression when volume_identify didn't identify volume on subsequent calls. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* imagebuilder: fix bundling of DTS sourcesJo-Philipp Wich2017-05-161-2/+3
| | | | | | | | | | | | | | | Refer to LINUX_KARCH instead of ARCH when bundling DTS files in the image builder tarball. While we're at it, also dereference symbolic links when copying as some kernel architectures contain symbolic links in their DTS directories. This fixes aarch64 imagebuilders such as brcm2708/bcm2710 ones in particular as the kernel refers to "aarch64" as "arm64" internally. Ref: https://forum.lede-project.org/t/lede-image-builder-problem/3680 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* image.mk: Generate cpiogz with root-owned filesMichal Sojka2017-05-161-1/+1
| | | | | | | | | Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio option to ensure that. Other image types (at least targz and squashfs) already have this. Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
* ramips: add om-watchdog to rut5xx DEVICE_PACKAGESSteffen Weinreich2017-05-151-0/+1
| | | | | | Add om-watchdog as default package for rut5xx. Signed-off-by: Steffen Weinreich <steve@weinreich.org>
* om-watchdog: add support for Teltonika RUT5xx (ramips)Steffen Weinreich2017-05-152-1/+10
| | | | | | | | | | | Add rut5xx GPIO PIN selection to om-package startup script. Testet on a RUT500 device, the timeout value of the hardware watchdog is about 280 sec. Signed-off-by: Steffen Weinreich <steve@weinreich.org> [split into two commits, bump PKG_RELEASE] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* om-watchdog: cosmetic code style fixesPiotr Dymacz2017-05-151-31/+31
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* om-watchdog: cleanup MakefilePiotr Dymacz2017-05-151-8/+0
| | | | | | Drop redundant Build/Prepare, empty lines and duplicated Build/Compile. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: enable nand-utils in the mikrotik subtarget to ensure it makes it to ↵Felix Fietkau2017-05-122-2/+4
| | | | | | | | initramfs Without it, sysupgrade from initramfs to nand fails Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: update to v2.4.2Jo-Philipp Wich2017-05-121-2/+2
| | | | | | | | | | | | | Update to version 2.4.2 in order to address two potential Denial-of-Service vectors in OpenVPN. CVE-2017-7478 - Don't assert out on receiving too-large control packets CVE-2017-7479 - Drop packets instead of assert out if packet id rolls over Ref: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.2 Ref: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: add myself as maintainerFelix Fietkau2017-05-121-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* OpenVPN: Update to 2.4.1Daniel Engberg2017-05-124-20/+12
| | | | | | | | | Update OpenVPN to 2.4.1 Remove 200-small_build_enable_occ.patch as it's included upstream. Refresh patches Add mirror and switch to HTTPS Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* openvpn: add extra respawn parametersMartin Schiller2017-05-121-0/+3
| | | | | | | | | | | | | | | This change protects the openvpn instances to be marked as "in a crash loop" and thereby the connection retries will run infinitely. When the remote site of an openvpn connection goes down for some time (network failure etc.) the openvpn instance in an openwrt/lede device should not stop retrying to establish the connection. With the current limit of 5 retries, there is a user interaction required, which isn't really what you want when the device should simply do everything to keep the vpn connection up. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* openvpn: move list of params and bools to a separate fileYousong Zhou2017-05-123-30/+205
| | | | | | | So that future patches for addition/removal of them can be more readable Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* ramips: fixup-mac-address: add missing includeJo-Philipp Wich2017-05-111-0/+1
| | | | | | | | | Add missing include of ramips.sh in order to import the missing ramips_board_name() procedure. Fixes FS#774. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: support dhcp_option config as a listHans Dedecker2017-05-091-4/+22
| | | | | | | | | | Configuring dhcp_option as an option does not allow the usage of white spaces in the option value; fix this by supporting dhcp_option as a list config while still supporting the option config to maintain backwards compatibility Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* bcm53xx: backport DT patches for serial, thermal and MDIORafał Miłecki2017-05-095-1/+288
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ramips: add factory firmware for Tp-Link C20i/C50Henryk Heisig2017-05-051-0/+4
| | | | | | TP-Link firmware doesn't accept sysupgrade.bin with metadata. Signed-off-by: Henryk Heisig <hyniu@o2.pl>
* brcm63xx: fix invalid Asmax AR 1004g DTS referenceMarcin Jurkowski2017-05-051-1/+1
| | | | | | | Build profile for Asmax AR 1004g refers to an invalid DTS "rg100a". The correct DTS for this device is "ar1004g". Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>