| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TP-Link Archer C7 v4 is a dual-band AC1750 router, based on Qualcomm/Atheros
QCA9561+QCA9888.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 3T3R 5 GHz
- 5x 10/100/1000 Mbps Ethernet
- 7x LED, 2x button
- UART header on PCB
Flash instruction:
1. Upload lede-ar71xx-generic-archer-c7-v4-squashfs-factory.bin via Web interface
Flash instruction using TFTP recovery:
1. Set PC to fixed ip address 192.168.0.66
2. Download lede-ar71xx-generic-archer-c7-v4-squashfs-factory.bin
and rename it to ArcherC7v4_tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
Flash instruction under U-Boot, using UART:
1. tftp 0x81000000 lede-ar71xx-...-sysupgrade.bin
2. erase 0x9f040000 +$filesize
3. cp.b $fileaddr 0x9f040000 $filesize
4. reset
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Specifications:
- SoC: Qualcomm QCA9558 (720 MHz)
- RAM: 256MB
- Storage: 1MB NOR, 128 MB NAND flash
- Ethernet: 1x1000M
Installation:
1. Connect to serial console on the board
2. Boot initramfs image over u-boot
3. Copy image to the device and run sysupgrade
Installation without serial console is not supported at this time
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
Kernel 4.9 is now working on the brcm47xx boards, we just recently fixed
the problem that some boards did not boot at all, by changing the memory
regions used to relocate the kernel to in the loader.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
| |
ENOENT could not be found by the compiler when compiling again kernel
4.9.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
| |
When porting the kernel patches from 4.4 to 4.9, they were missing a
small chunk that ensures that ftrace sections are kept in the vmlinux
image, even when linked with --gc-sections
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
| |
The ARV752DPW22 has the same generic mac address in the EEPROM as it
was already noticed for other lantiq boards using a ralink wireless.
Use the base mac address from the boardconfig partition as it is done
by the stock firmware.
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
|
|
|
| |
The ARV752DPW22 has a ralink based wireless and can not use the ath9k
only phy0tpt trigger.
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Alexander Couzens <lynxis@fe80.eu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for kernel 4.9 and replaces the kernel 4.4 support.
These are lynxis test results:
panda-board a3 - works, but no network, but master/4.4 doesn't have network either.
panda-board-a4 - u-boot SPL refuse to boot.
beaglebone-black - works
beagle-board - usb attached network doesn't come up and I doesn't have a serial around.
beagle-board-xm - ToDo: image code is missing.
Kernel 4.4 does not look better, so we merge this anyway.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Alexander Couzens <lynxis@fe80.eu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No patch refresh required.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on ar71xx - Archer C7 v2
Fixes the following CVEs:
- CVE-2017-15265
- CVE-2017-0786
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on ar71xx - Archer C7 v2
Fixes the following CVEs:
- CVE-2017-7518
- CVE-2017-0786
- CVE-2017-1000255
- CVE-2017-12188
- CVE-2017-15265
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
| |
The previous commit did not adjust PKG_RELEASE, therefore the
hostapd/wpad/wpa_supplicant packages containing the AP-side workaround
for KRACK do not appear as opkg update.
Bump the PKG_RELEASE to signify upgrades to downstream users.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a simple version bump. Changes:
* noise: handshake constants can be read-only after init
* noise: no need to take the RCU lock if we're not dereferencing
* send: improve dead packet control flow
* receive: improve control flow
* socket: eliminate dead code
* device: our use of queues means this check is worthless
* device: no need to take lock for integer comparison
* blake2s: modernize API and have faster _final
* compat: support READ_ONCE
* compat: just make ro_after_init read_mostly
Assorted cleanups to the module, including nice things like marking our
precomputations as const.
* Makefile: even prettier output
* Makefile: do not clean before cloc
* selftest: better test index for rate limiter
* netns: disable accept_dad for all interfaces
Fixes in our testing and build infrastructure. Now works on the 4.14 rc
series.
* qemu: add build-only target
* qemu: work on ubuntu toolchain
* qemu: add more debugging options to main makefile
* qemu: simplify shutdown
* qemu: open /dev/console if we're started early
* qemu: phase out bitbanging
* qemu: always create directory before untarring
* qemu: newer packages
* qemu: put hvc directive into configuration
This is the beginning of working out a cross building test suite, so we do
several tricks to be less platform independent.
* tools: encoding: be more paranoid
* tools: retry resolution except when fatal
* tools: don't insist on having a private key
* tools: add pass example to wg-quick man page
* tools: style
* tools: newline after warning
* tools: account for padding being in zero attribute
Several important tools fixes, one of which suppresses a needless warning.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 2127425434046ae2b9f02fdbbdd37cac447af19c introduced an AP-side
workaround for key reinstallation attacks. This option can be used to
mitigate KRACK on the station side, in case those stations cannot be
updated. Since many devices are out there will not receive an update
anytime soon (if at all), it makes sense to include this workaround.
Unfortunately this can cause interoperability issues and reduced
robustness of key negotiation, so disable the workaround by default, and
add an option to allow the user to enable it if he deems necessary.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
| |
While these changes are not included in the advisory, upstream
encourages users to merge them.
See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 13e5e473699b92f171205e0f5c57c9ebe7922492.
This commit causes a severe regression in LAN->WAN routing performance
for several devices. This appears to be caused by the extra requirement
to validate the SKB checksum early in the rx path, which the ethernet
hardware does not do
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the
fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update.
Bump the PKG_RELEASE to signify upgrades to downstream users.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
| |
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
|
|
|
| |
The build system took the DTB_SIZE definition from Default and not from
production-dtb under some conditions. Move the size definitions to
Default now as it is only used in production-dtb anyway.
Thanks Mathias Kresin for helping me with this.
Fixes: c2f052acaeb ("at91: convert boards to generic build target")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
| |
This fixes a compile problem recently introduced by me.
Fixes: f40fd43ab2f ("ppp: fix compile warning")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move wireguard from openwrt/packages to base a package.
This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving
experimental kernel module that many find essential and useful. The
other is a VPN client. Both are inside of core. When you combine the two
characteristics, you get WireGuard. Generally speaking, because of the
extremely lightweight nature and "stateless" configuration of WireGuard,
many view it as a core and essential utility, initiated at boot time
and immediately configured by netifd, much like the use of things like
GRE tunnels.
WireGuard has a backwards and forwards compatible Netlink API, which
means the userspace tools should work with both newer and older kernels
as things change. There should be no versioning requirements, therefore,
between kernel bumps and userspace package bumps.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
key reinstallation
Fixes:
- CERT case ID: VU#228519
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088
For more information see:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
These options where deactivated in the malta kernel, take the default
options form the generic kernel configuration now to better match the
other targets.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
| |
This brings the MIPS malta target to kernel 4.9.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
| |
This shows how to boot up the 64 bit images.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes it possible to configure the wan/dsl ppp interface
settings independantly from the used TC-Layer (ATM/PTM).
Now you can move a device from an ADSL/ATM port to an VDSL/PTM port
without any configuration changes for example.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[use the dsl0 interface name for the default netdev trigger in 01_led,
add ip dependency]
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
|
|
|
| |
This fixes a build problem with many targets.
Fixes 618ed77a17422a ("mac80211: add ath6kl kernel modules")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MACsec/IEEE 802.1AE is useful to secure communication to and
from endpoints at Layer 2.
Starting with 4.6, the linux kernel provides a universal
macsec driver for authentication and encryption of traffic
in a LAN, typically with GCM-AES-128, and optional replay
protection.
http://standards.ieee.org/getieee802/download/802.1AE-2006.pdf
Note:
LEDE can utilize MACsec with a static connectivity association
key (static PSK) with the ip-full package installed.
<http://man7.org/linux/man-pages/man8/ip-macsec.8.html>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Update libnl to 3.3.0
Import patches to fix compilation
Source: https://git.busybox.net/buildroot/tree/package/libnl
Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287
Use more automatic toolchain logic
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
|
|
|
|
| |
Update glibc to 2.26
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
|
|
|
|
| |
It is unclear why so many packages are selected for ClearFog Base compared
to its big brother, and there is no reason to not append metadata for Base.
Tidy this up as the only hardware difference between Base/Pro is the
presence of a switch and a different board name / device tree.
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
|
|
|
|
|
|
|
| |
Remove redundancy for platform_do_upgrade_clearfog
Fix platform_copy_config_clearfog to reflect -base/-pro split
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
|
|
|
|
| |
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
|
|
|
|
|
|
|
| |
This patch adds the help tool wpan-ping to test the 6LoWPAN
network to help the user debug network problem.
Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
This is the final bugfix release in the gcc-5 series.
Compile and run tested on macOS 10.13 (Xcode 9), mvebu/ar71xx.
Removed redundant patch for macOS (backported upstream by yours truly)
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This module from Laird includes the following:
- CPU Atmel SoC SAMA5D31
- Wifi QCA6004
- Bluetooth CSR8811
- RAM 64MB LPDDR
- FLASH 128MB
The flash is a dual image layout, kernel a/b, rootfs a/b, and a user
partition.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This module from Laird includes the following:
- CPU Atmel SoC ARM926EJS
- Wifi AR6003
- Bluetooth CSR8510
- RAM 64MB LPDDR
- FLASH 128MB
The flash is a dual image layout, kernel a/b, rootfs a/b, and a user
partition.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
|
|
|
|
|
|
| |
Allow board to include the ath6kl kernel modules.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
|
|
|
|
|
|
|
| |
Systems which include the ath6k chipset need to have the firmware included
in the image.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
|
|
|
|
|
|
|
| |
Instead of applying global defaults based on selected board, transition
to using a per board setting for UBIFS and UBINIZE.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
|
|
|
|
|
|
|
|
|
| |
The platform generates squashfs images in a UBI block but misses the
kernel module to be able to mount the block.
DMA is also enabled to allow systems which include them in the DTS to
use it.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
|
|
|
|
| |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
|
|
|
|
|
|
| |
Let busybox provide "ip" as it supports the ip applets link, address,
route, rule and neighbor
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Specifications:
- SoC: Qualcomm QCA9531 (650MHz)
- RAM: 64MB
- Storage: 16MB NOR SPI flash
- Ethernet: 5x100M (1 PoE in, 4 PoE out)
- Outdoor use ready
This ethernet router is based on the same platform as the hEX PoE lite.
Installation
1. login to the Mikrotik WebUI to backup your licence keys
2. setup a DHCP/BOOTP Server with:
* DHCP-Option 66 (TFTP server name) pointing to a local TFTP
Server within the same subnet of the DHCP range
* DHCP-Option 67 (Bootfile-Name) matching the initramfs filename
of the to be booted image
3. connect the port labled internet to your local network
4. keep the reset button pushed down and power on the board
The board should load and start the initramfs image from the TFTP
Server. Login as root/without password to the started LEDE via ssh
listing on IPv4 address 192.168.1.1. Use sysupgrade to install LEDE.
Revert to RouterOS
Use the "rbcfg" package on in LEDE:
* rbcfg set boot_protocol bootp
* rbcfg set boot_device ethnand
* rbcfg apply
Open Netinstall and reboot routerboard. Now netinstall sees routerboard
and you can install RouterOS. If NetInstall gets stuck on Sending offer
just wait for it to timeout and then close and open Netinstall again.
Click on install again.
In order for RouterOS to function properly, you need to restore license
for the device. You can do that by including license in NetInstall
Signed-off-by: Robert Marko <robimarko@gmail.com>
|