aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* gdb: bump to 8.0.1Stijn Tintel2017-09-293-14/+13
| | | | | | | | | | Add -static-libstdc++ to TARGET_LDFLAGS to avoid a hard dependency on libstdc++, and -Wl,--gc-sections to further reduce the size on platforms that support it. Fixes CVE-2017-9778. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* toolchain/gdb: update to version 8.0.1Ryan Mounce2017-09-293-5/+5
| | | | | | | | Fixes CVE-2017-9778. Signed-off-by: Ryan Mounce <ryan@mounce.com.au> [reference fixed CVE] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* mt76: update to the latest version, improves mt7603 stabilityFelix Fietkau2017-09-281-3/+3
| | | | | | | | cb83f33 mt7603: mac: fix logic in mt7603_tx_hang() 21f20b4 mt7603: mac: fix register configuration in mt7603_rx_dma_busy() d5e945e mt7603: mcu: fix indentation of mcu command definition Signed-off-by: Felix Fietkau <nbd@nbd.name>
* linux-firmware: fix intel wireless-n 100 firmware package nameFelix Fietkau2017-09-281-3/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for accessing 802.11k neighbor report elements via ubusFelix Fietkau2017-09-281-0/+169
| | | | | | | This API can be used to distribute neighbor report entries across multiple APs on the same LAN. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for specifying device config options directly in uciFelix Fietkau2017-09-281-0/+6
| | | | | | | This is useful for tuning some more exotic parameters where it doesn't make sense to attempt to cover everything in uci directly Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ar71xx: unify CONFIG_CMDLINEFelix Fietkau2017-09-284-4/+1
| | | | | | | Booting from jffs2 directly is no longer supported, use rootfstype=squashfs consistently for all subtargets Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: make ssh compression support configurableMarcin Jurkowski2017-09-282-3/+13
| | | | | | | | | Adds config option to enable compression support which is usefull when using a terminal sessions over a slow link. Impact on binary size is negligible but additional 60 kB (uncompressed) is needed for a shared zlib library. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* umdns: update to latest git HEADJohn Crispin2017-09-281-3/+3
| | | | | | | | b84fdac Add debug output for service_timeout 8f7e3bc Remove incorrect comma in http service json config 9f40133 Remove ttl==255 restriction for queries Signed-off-by: John Crispin <john@phrozen.org>
* ramips: reduce napi_weight in the ethernet driver.Rosen Penev2017-09-281-1/+1
| | | | | | Currently dmsg a weight of 128 which is above the kernel limit of 64. Silence the warning. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* procd: Install seccomp-trace symlinkMichal Sojka2017-09-281-0/+1
| | | | Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
* procd: update to latest git HEADJohn Crispin2017-09-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | ee582d1 instance: properly compare and reload respawn config 260a4cd utrace: Start the tracee only after uloop initialization 520ad3c utrace: Switch all logging to ulog 1c48104 utrace: Support non-contiguous syscall numbers 582cf97 utrace: Forward SIGTERM to the traced process 32534f7 utrace: Report ptrace errors ccde3fb seccomp: Improve error message 7f9b174 preload-seccomp: Use proper log level for error messages e3c4302 Start seccomp-enabled services via seccomp-trace 5e4ad02 seccomp: Log seccomp violations with utrace 2661b2f utrace: Use PTHREAD_SEIZE instead of PTHREAD_TRACEME b5d53c6 utrace: Deliver signals to traced processes b416ed9 utrace: Support tracing multi-threaded processes and vfork 8b7d47a utrace: Trace processes across forks c6b6ec6 utrace: Sort syscalls by number of invocations 592c532 Update trace attribute c8faedc Do not disable seccomp when configuration is not found 017f3a1 utrace: Fix off-by-one errors 5acaf15 utrace: Fix environment initialization Signed-off-by: John Crispin <john@phrozen.org>
* ramips: mt7621: add MT29F2G08ABAE NAND flash supportRoman Yeryomin2017-09-281-1/+2
| | | | Signed-off-by: Roman Yeryomin <roman@advem.lv>
* ramips: improve Xiaomi Mi Router 3G supportKevin Darbyshire-Bryant2017-09-285-26/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit improves support for the Xiaomi Mi Router 3G originally added in commit 6e283cdc0da25928f8148805ebef7f8f2b769ee8 Improvements: - Remove software watchdog as hardware watchdog now working as per commit 3fbf3ab44f5cebb22e30a4c8681b13341feed6a6 for all mt7621 devices. - Reset button polarity corrected - length of press determines reboot (short press) vs. reset to defaults (long press) behaviour. - Enable GPIO amber switch port LEDs on board rear - lit indicates 1Gbit link and blink on activity. Green LEDs driven directly by switch indicating any link speed and tx activity. - USB port power on/off GPIO exposed as 'usbpower' - Add access to uboot environment settings for checking/setting uboot boot order preference from user space. Changes: - Front LED indicator is physically made of independent Yellow/Amber, Red & Blue LEDs combined via a plastic 'lightpipe' to a front panel indicator, hence the colour behaviour is similar to an RGB LED. RGB LEDs are not supported at this time because they produce colour results that do not then match colour labels, e.g. enabling 'mir3g:red' and 'mir3g:blue' would result in a purple indicator and we have no such label for purple. The yellow, red & blue LEDs have been split out as individual yellow, red & blue status LEDs, with yellow being the default status LED as before and with red's WAN and blue's USB default associations removed. - Swapped order of vlan interfaces (eth0.1 & eth0.2) to match stock vlan layout. eth0.1 is LAN, eth0.2 is WAN - Add 'lwlll' vlan layout to mt7530 switch driver to prevent packet leakage between kernel switch init and uci swconfig uboot behaviour & system 'recovery' uboot expects to find bootable kernels at nand addresses 0x200000 & 0x600000 known by uboot as "system 1" and "system 2" respectively. uboot chooses which system to hand control to based on 3 environment variables: flag_last_success, flag_try_sys1_failed & flag_try_sys2_failed last_success represents a preference for a particular system and is set to 0 for system 1, set to 1 for system 2. last_success is considered *if* and only if both try_sys'n'_failed flags are 0 (ie. unset) If *either* failed flags are set then uboot will attempt to hand control to the non failed system. If both failed flags are set then uboot will check the uImage CRC of system 1 and hand control to it if ok. If the uImage CRC of system is not ok, uboot will hand control to system 2 irrespective of system 2's uImage CRC. NOTE: uboot only ever sets failed flags, it *never* clears them. uboot sets a system's failed flag if that system's was selected for boot but the uImage CRC is incorrect. Fortunately with serial console access, uboot provides the ability to boot an initramfs image transferred via tftp, similarly an image may be flashed to nand however it will flash to *both* kernels so a backup of stock kernel image is suggested. Note that the suggested install procedure below set's system 1's failed flag (stock) thus uboot ignores the last_success preference and boots LEDE located in system 2. Considerable thought has gone into whether LEDE should replace both kernels, only one (and which one) etc. LEDE kernels do not include a minimal rootfs and thus unlike the stock kernel cannot include a method of controlling uboot environment variables in the event of rootfs mount failure. Similarly uboot fails to provide an external mechanism for indicating boot system failure. Installation - from stock. Installation through telnet/ssh: - copy lede-ramips-mt7621-mir3g-squashfs-kernel1.bin and lede-ramips-mt7621-mir3g-squashfs-rootfs0.bin to usb disk or wget it from LEDE download site to /tmp - switch to /extdisks/sda1/ (if copied to USB drive) or to /tmp if wgetted from LEDE download site - run: mtd write lede-ramips-mt7621-mir3g-squashfs-kernel1.bin kernel1 - run: mtd write lede-ramips-mt7621-mir3g-squashfs-rootfs0.bin rootfs0 - run: nvram set flag_try_sys1_failed=1 - run: nvram commit - run: reboot Recovery - to stock. Assuming you used the above installation instructions you will have a stock kernel image in system 1. If it can be booted then it may be used to perform a stock firmware recovery, thus erasing LEDE completely. From a 'working' LEDE state (even failsafe) Failsafe only: - run: mount_root - run: sh /etc/uci-defaults/30_uboot-envtools Then do the steps for 'All' All: - run: fw_setenv flag_try_sys2_failed 1 - run: reboot The board will reboot into system 1 (stock basic kernel) and wait with system red light slowly blinking for a FAT formatted usb stick with a recovery image to be inserted. Press and hold the reset button for around 1 second. Status LED will turn yellow during recovery and blue when recovery complete. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ramips: RT5350F-OLINUXINO: enable ttyS1Zoltan Gyarmati2017-09-281-1/+16
| | | | | | | | | The RT5350F's second UART pins are available on the base module and on the EVB as well, so enable it in the device tree. In order to keep the origian serial port numbering (ttyS0 is the serial console), aliases added for the UART devices. Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
* ramips: RT5350F-OLINUXINO: enable i2cZoltan Gyarmati2017-09-281-0/+4
| | | | | | | The RT5350F i2c pins is available on the base module and on the EVB as well, so enable it in the dts. Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
* ramips: RT5350F-OLINUXINO: invert WiFi LED polarityZoltan Gyarmati2017-09-281-0/+1
| | | | | | | The polarity of WLAN_ACT LED on the base module needs to inverted in order to be 'on' when the WiFi interface is active Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
* ramips: introduce RT5350F-OLINUXINO.dtsiZoltan Gyarmati2017-09-283-140/+76
| | | | | | | | | | The RT5350F-OLINUXINO(-EVB).dts files' content are nearly the same, so to avoid code duplication this patch creates RT5350F-OLINUXINO.dtsi file which covers the base board's features. The corresponding RT5350F-OLINUXINO.dts just includes the new .dtsi and the RT5350F-OLINUXINO-EVB.dts adds the EVB specific GPIO config. Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
* ramips: add 'lwlll' portmap to mt7530 switchKevin Darbyshire-Bryant2017-09-281-1/+7
| | | | | | | | | | | The Xiaomi Mi Router 3G uses this deranged vlan portmap. Add support so that packets are not leaked across all switch ports when reset. Fix a whitespace nit while we're here. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> [fix wrong pvids order] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: mt7621: fix failsafe mode networkingKevin Darbyshire-Bryant2017-09-281-2/+7
| | | | | | | | | | Disable VLANs on mt7621 boards with mt7530 switches on failsafe entry. Allows failsafe networking to work correctly. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> [fixed default case syntax error] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ltq-vdsl-mei: disable optimized firmware downloadMathias Kresin2017-09-281-2/+2
| | | | | | | | | With ltq-vdsl-mei 1.5.17.6 an optimized firmware download was added and enabled by default. As soon as the optimized firmware download is enabled, a watchdog based reboot is trigger between 24h to 48h of uptime if the board isn't connected to a xdsl line. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ltq-vdsl: fix PM thread suspend and resume handlingMartin Schiller2017-09-282-1/+108
| | | | | | | | This is a backport form drv_dsl_cpe_api-4.18.10 and fixes some PM thread handling issues which lead to high system load and watchdog trigger within 1h of uptime for boards not connected to a xdsl line. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* openvpn: update to 2.4.4Magnus Kroken2017-09-282-34/+58
| | | | | | | | | Fixes CVE-2017-12166: out of bounds write in key-method 1. Remove the mirror that was temporarily added during the 2.4.3 release. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* kernel: update 4.9 to 4.9.52Stijn Tintel2017-09-282-3/+3
| | | | | | | | Refresh patches. Compile-tested on x86/64. Runtime-tested on x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update wpa_supplicant p2p configLorenzo Santina2017-09-281-91/+278
| | | | | | | | | | | | | | | | Update the config file to the latest version. Added CONFIG_EAP_FAST=y because it was the only missing flag about EAP compared to full config. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Other flags are the same as before. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update wpa_supplicant mini configLorenzo Santina2017-09-281-100/+292
| | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update wpa_supplicant full configLorenzo Santina2017-09-281-93/+280
| | | | | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Commented CONFIG_IEEE80211W=y flag because it is set in the Makefile, only if the driver supports it. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update hostapd mini configLorenzo Santina2017-09-281-19/+237
| | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update hostapd full configLorenzo Santina2017-09-281-27/+235
| | | | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Removed flag CONFIG_WPS2 because it is no more needed due to this changelog (2014-06-04 - v2.2): "remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled whenever CONFIG_WPS=y is set". Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* curl: fix disable threaded resolverHans Dedecker2017-09-271-0/+36
| | | | | | | | | | | Bump to 7.55.1 broke the disable threaded resolver feature as reported in https://github.com/curl/curl/issues/1784. As a result curl is always compiled with the threaded resolver feature enabled which causes a dependency issue on pthread for uclibc. Fix this issue by backporting the upstream curl commit which fixes disable threaded resolver. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipset: replace patch that was reverted upstreamStijn Tintel2017-09-262-31/+25
| | | | | | Use the correct prefix for backports while at it. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* Revert "brcm47xx: Fix sysupgrade with E1200v1"Hauke Mehrtens2017-09-251-1/+0
| | | | | | | | | | This reverts commit 31e9445b7e614f54daa0caf3148e223d088311ab. "Linksys E1200 V1" is not a valid board name, as the brcm47xx arch code can not detect this device. Stefan Lippers-Hollmann also found a typo in this patch "cybetran" instead of "cybertan". Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-mvebu: add OpenSSL compat patchesMarko Ratkaj2017-09-252-0/+249
| | | | | | | | | | | | | | Fixes the following build issue: "undefined reference to `EVP_MD_CTX_create'" From: Jelle van der Waa <jelle@vdwaa.nl> The rsa_st struct has been made opaque in 1.1.x, add forward compatible code to access the n, e, d members of rsa_struct. EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be called to reinitialise an already created structure. Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
* uboot-mvebu: fix SETEXPR redefinition warningMarko Ratkaj2017-09-251-12/+8
| | | | Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
* uboot-mvebu: add missing UBOOT_MAKE_FLAGS variableMarko Ratkaj2017-09-251-0/+2
| | | | | | This patch removes "/bin/sh: HOSTCPPFLAGS: command not found" errors douring build. Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
* Revert "toolchain/gdb: update to version 8.0.1"Stijn Tintel2017-09-253-5/+5
| | | | | | | | | | Since version 8.0, gdb requires at least gcc 4.8. Unfortunately some of the buildbot slaves don't meet this requirement, and fail to build LEDE after the gdb upgrade. Revert to the previous gdb version for now. This reverts commit 592abe9ef53f921554d48085d6482d4507b3e142. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* samba36: add Package/samba/DefaultStijn Tintel2017-09-251-12/+12
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ipset: bump to 6.34Stijn Tintel2017-09-252-3/+34
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* toolchain/gdb: update to version 8.0.1Ryan Mounce2017-09-253-5/+5
| | | | | | | | Fixes CVE-2017-9778. Signed-off-by: Ryan Mounce <ryan@mounce.com.au> [reference fixed CVE] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* curl: bump to 7.55.1Stijn Tintel2017-09-253-11/+11
| | | | | | | | | | | | Update 200-no_docs_tests.patch. Refresh patches. Fixes the following CVEs: - CVE-2017-1000099 - CVE-2017-1000100 - CVE-2017-1000101 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* iperf: bump to 2.0.10Stijn Tintel2017-09-251-9/+4
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* brcm47xx: Fix sysupgrade with E1200v1Rosen Penev2017-09-241-0/+1
| | | | | | Entry was missing for some reason. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* sunxi: add Olimex A20-OLinuXino-LIME2-eMMCLucian Cristian2017-09-244-0/+123
| | | | | | Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com> [replaced u-boot patch with original version from u-boot git] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools: flex: fix segfault with glibc 2.26+Marko Ratkaj2017-09-241-0/+27
| | | | | | | | | Fix segmentation fault caused by implicit declaration of function 'reallocarray'. Added patch will enable reallocarray() prototype in glibc 2.26+ on Linux systems. This fix will be included in flex 2.6.5. Fixes LEDE issue: FS#1003 (Flex does not build with GCC 7.2) Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
* kernel: don't scrimp on memory on big ironPhilip Prindeville2017-09-242-4/+10
| | | | | | | | | x86_64 platforms typically don't lack memory, so don't needlessly economize memory if fq_codel on capable platforms. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> [Add a comment to the patch] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: kmod-usb-storage-uasJames Christopher Adduono2017-09-221-0/+19
| | | | | | | | | This will allow you to build and package the uas.ko module. With more routers supporting USB 3.0 host this could help speed up activities like DLNA and Samba, as well as reduce CPU utilization over BOT mass storage drivers. Signed-off-by: James Christopher Adduono <jc@adduono.com>
* ramips: fix missing mediatek wdtKevin Darbyshire-Bryant2017-09-222-2/+2
| | | | | | | | | | | | | | | mediatek MT7621 soc watchdog DTS id was renamed from "mtk,mt7621-wdt" to "mediatek,mt7621-wdt" when driver upstreamed to kernel 4.5 Update mt7621.dtsi & mt7628an.dtsi definitions to match upstreamed kernel. Restores hardward watchdog functionality on mt7621 devices under linux 4.9 Tested on: MIR3G Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* uhttp: update to latest versionAdrian Panella2017-09-211-4/+4
| | | | | | | | | | | | | | 3fd58e9 2017-08-19 uhttpd: add manifest support 88c0b4b 2017-07-09 file: fix basic auth regression 99957f6 2017-07-02 file: remove unused "auth" member from struct path_info c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS ad93be7 2017-07-02 auth: store parsed username and password fa51d7f 2017-07-02 proc: do not declare empty process variables a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash Signed-off-by: Adrian Panella <ianchi74@outlook.com>
* libubox: fix uloop race conditionHans Dedecker2017-09-211-3/+3
| | | | | | 7a10576 uloop: Fix race condition in SIGCHLD handling Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kernel: update 4.9 to 4.9.51Stijn Tintel2017-09-2013-39/+39
| | | | | | | | | | | | Refresh patches. Compile-tested on octeon and x86/64. Runtime-tested on octeon and x86/64. Fixes the following CVEs: - CVE-2017-14106 - CVE-2017-14497 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>