aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* kernel: update kernel 4.14 to 4.14.32Hauke Mehrtens2018-04-0317-123/+33
| | | | | | | | | | | | | The following patches are now included upstream: * 0052-MIPS-lantiq-fix-usb-clocks.patch * 0053-MIPS-lantiq-enable-AHB-Bus-for-USB.patch * 0060-lantiq-ase-enable-MFD-SYSCON.patch Closes: FS#1466 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Tested-by: Stijn Segers <foss@volatilesystems.org> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* samba36: fix some security problemsHauke Mehrtens2018-04-038-3/+322
| | | | | | | | | | This Adds fixes for the following security problems based on debians patches: CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms CVE-2017-12163: Server memory information leak over SMB1 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should CVE-2018-1050: Denial of Service Attack on external print server. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build: Improve GCC version detectionHauke Mehrtens2018-04-031-4/+8
| | | | | | | | | | This now makes sure that the beginning of the version number gets checked and "4.4.5" will not match was a supported version. GCC 8 and GCC 9 are now marked as supported, but we probably have to fix some problems for them. Closes: FS#1433 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: Add support for XM25QH64A and XM25QH128A SPI NOR flashHauke Mehrtens2018-04-032-0/+60
| | | | | | | | | | | | These devices are produced by Wuhan Xinxin Semiconductor Manufacturing Corp. (XMC) and found on some routers from Chinese manufactures. The data sheets can be found here: http://www.xmcwh.com/Uploads/2018-03-01/5a9799e4cb355.pdf http://www.xmcwh.com/Uploads/2018-02-05/5a77e6dbe968b.pdf Closes: FS#1460 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mtd-utils: Mark some lzma functions as staticHauke Mehrtens2018-04-031-19/+19
| | | | | | | | These functions are not declared in any header file and only used in same compile unit, mark them as static to remove one gcc warning and make it easier for the compiler to optimize them out. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* brcm47xx: add kernel 4.14 supportPaul Wassi2018-04-0323-1/+2686
| | | | | | | | | | | | | | Add patches for 4.14, drop patch 030 since it's already included upstream. Tested on: 1) WRT54GL (with RAM upgraded to 32 MiB) 2) WL500gPv2 (with RAM upgraded to 64 MiB) 3) BCM47186B0 SoC board 4) BCM4706 SoC board Signed-off-by: Paul Wassi <p.wassi@gmx.at> Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* netifd: update to latest git HEADHans Dedecker2018-04-031-3/+3
| | | | | | 3dc8c91 interface-ip: fix memory leak in interface_ip_add_target_route() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* brcm47xx: add Luxul XAP-1500 and XWR-1750 WiFi LEDsRafał Miłecki2018-04-034-4/+176
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* odhcp6c: update to latest git HEADHans Dedecker2018-03-311-3/+3
| | | | | | | | | | 5cbd305 odhcp6c: improve code readibility eb83b7e treewide: improve error handling b7b11cb dhcpv6: initialize ifreq struct f0469e2 ra: handle socket fail creation d573461 odhcp6c: fix file pointer leakage Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kernel: update kernel 4.9 to version 4.9.91Hauke Mehrtens2018-03-3141-254/+144
| | | | | | | | | | * Refreshed patches. * Deleted 210-Revert-led-core-Fix-brightness-setting-when-setting-.patch (was accepted upstream) * Deleted 812-pci-dwc-fix-enumeration.patch (was accepted upstream) Compile and run tested on lantiq Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* package/libs/mbedtls: add package with some mbedtls binaries.Paul Wassi2018-03-311-2/+23
| | | | | | Add some basic binaries required for private key and CSR generation. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* mbedtls: update to version 2.8.0Hauke Mehrtens2018-03-312-20/+20
| | | | | | | | | | | | This fixes some minor security problems. Old size: 162262 bin/packages/mips_24kc/base/libmbedtls_2.7.0-1_mips_24kc.ipk New size: 163162 bin/packages/mips_24kc/base/libmbedtls_2.8.0-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* xfsprogs: add xfs-admin utilJan Pavlinec2018-03-311-1/+13
| | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* tools/e2fsprogs: update to 1.44.1Paul Wassi2018-03-311-2/+2
| | | | | | Update e2fsprogs to upstream 1.44.1 (feature and bugfix release) Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* package/utils/e2fsprogs: update to 1.44.1Paul Wassi2018-03-312-5/+5
| | | | | | Update e2fsprogs to upstream 1.44.1 (feature and bugfix release) Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* packages/util/util-linux: Update to 2.32Paul Wassi2018-03-312-16/+16
| | | | | | | | | | - Update to upstream 2.32 - License file 'getopt/COPYING' not present (any more) - Disable 'chown root:root'-commands during 'make install' - Add new dependency to wipefs - Refresh patch 003 Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* ncurses: Update to 6.1.Rosen Penev2018-03-316-47/+36
| | | | | | | | | | | | | | Compile tested on ar71xx. Old size: 6527 bin/packages/mips_24kc/base/terminfo_6.0-1_mips_24kc.ipk 141465 bin/packages/mips_24kc/base/libncurses_6.0-1_mips_24kc.ipk New size: 6873 bin/packages/mips_24kc/base/terminfo_6.1-1_mips_24kc.ipk 146950 bin/packages/mips_24kc/base/libncurses_6.1-1_mips_24kc.ipk Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libtool: Update to 2.4.6Rosen Penev2018-03-312-14/+3
| | | | | | | | | | | | Compile tested on mvebu. old size: 12947 bin/packages/mips_24kc/base/libltdl_2.4-2_mips_24kc.ipk new size: 13002 bin/packages/mips_24kc/base/libltdl_2.4.6-1_mips_24kc.ipk Signed-off-by: Rosen Penev <rosenp@gmail.com>
* pistachio: remove kernel 4.9 supportMatti Laakso2018-03-3121-3690/+0
| | | | Signed-off-by: Matti Laakso <matti.laakso@outlook.com>
* pistachio: Switch to kernel 4.14Matti Laakso2018-03-311-1/+1
| | | | Signed-off-by: Matti Laakso <matti.laakso@outlook.com>
* pistachio: add kernel 4.14 supportMatti Laakso2018-03-3117-0/+2442
| | | | | | Add patches and config for 4.14, refreshed from 4.9. Signed-off-by: Matti Laakso <matti.laakso@outlook.com>
* mvebu: add support for MACCHIATObin (cortex-a72)Damir Samardzic2018-03-3110-3/+172
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add initial support for Marvell MACCHIATObin, cortex-a72 based Marvell ARMADA 8040 Community board. Comes in two forms: Single Shot and Double Shot. Specifications: - Quad core Cortex-A72 (up to 2GHz) - DDR4 DIMM slot with optional ECC and single/dual chip select support - Dual 10GbE (1/2.5/10GbE) via copper or SFP 2.5GbE (1/2.5GbE) via SFP 1GbE via copper - SPI Flash - 3 X SATA 3.0 connectors - MicroSD connector - eMMC - PCI x4 3.0 slot - USB 2.0 Headers (Internal) - USB 3.0 connector - Console port (UART) over microUSB connector - 20-pin Connector for CPU JTAG debugger - 2 X UART Headers - 12V input via DC Jack - ATX type power connector - Form Factor: Mini-ITX (170 mm x 170 mm) More details at http://macchiatobin.net Booting from micro SD card: 1. reset U-Boot environment: env default -a saveenv 2. prepare U-Boot with boot script: setenv bootcmd "load mmc 1:1 0x4d00000 boot.scr; source 0x4d00000" saveenv or manually: setenv fdt_name armada-8040-mcbin.dtb setenv image_name Image setenv bootcmd 'mmc dev 1; ext4load mmc 1:1 $kernel_addr $image_name;ext4load mmc 1:1 $fdt_addr $fdt_name;setenv bootargs $console root=/dev/mmcblk1p2 rw rootwait; booti $kernel_addr - $fdt_addr' saveenv Signed-off-by: Damir Samardzic <damir.samardzic@sartura.hr>
* u-boot-mvebu: update to 2018.03Josua Mayer2018-03-313-136/+2
| | | | | | | | | This release brings various improvements to clearfog support, such as distro-boot. Obsoletes: 0002-clearfog-reset-usom-onboard-1512-phy.patch 0003-clearfog-enable-distro-boot-code.patch Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
* mvebu: clearfog-pro: set new DTB name in boot-scriptJosua Mayer2018-03-311-0/+4
| | | | | | | The DTB for Clearfog Pro has been renamed in mainline. However U-Boot hasn't picked up that change yet :(, so we need to hardcode it for now. Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
* u-boot-mvebu: set configuration options in MakefileJosua Mayer2018-03-313-52/+8
| | | | | | | | | | | CONFIG_* variables can easily be set by overriding Build/Configure. so set NET_RANDOM_ETHADDR=y and CMD_SETEXPR=y here. This replaces the following patches: 0001-clearfog-generate-random-MAC-address.patch 0004-clearfog-enable-setexpr-command-by-default.patch Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
* mvebu: Add support for WRT3200ACM with new NAND flashImre Kaloz2018-03-315-2/+23
| | | | | | | | Newer Linksys boards might come with a Winbond W29N02GV which can be configured in different ways. Make sure we configure it the same way as the older chips so everything keeps working. Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
* mvebu: Get rid of RTC hack for Turris Omnia.Rosen Penev2018-03-311-1/+1
| | | | | | As Solidrun's RTC patch got merged, this hack is no longer needed. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ath10k-ct: Update firmware to latest.Ben Greear2018-03-311-29/+29
| | | | | | | | | | | | | | Wave-1 firmware has a fix for 'addba' not finding the peer. Thanks to Hauke for finding and reporting this. Wave-2 firmware has a fix for leaking a peer multicast key when a monitor device is created. And I re-ordered the '4019' firmware images in the Makefile to match the order of the others. No functional change for that reorder. Signed-off-by: Ben Greear <greearb@candelatech.com> Tested-by: Rosen Penev <rosenp@gmail.com>
* openssl: update to 1.0.2oPaul Wassi2018-03-313-5/+5
| | | | | | Fixes CVE-2018-0739 Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* Revert "iproute2: fix hidden uint to uin64_t promotion in json_print"Kevin Darbyshire-Bryant2018-03-312-66/+1
| | | | | | | | | | This reverts commit 745d0e7f4b6e8659cc967291acd33889035127f0. It looks like upstream don't want the patch so let's revert it here too. I hope a fix from upstream is forthcoming. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* build: filter out kmod-ipt-offload from the default selection on targets ↵Felix Fietkau2018-03-301-0/+4
| | | | | | that do not support it Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add missing config optionHauke Mehrtens2018-03-301-0/+1
| | | | | | | | | CONFIG_NVMEM_BCM_OCOTP was added in kernel 4.10 and it is possible to activate it on the bcm53xx target. Deactivate it by default to fix the build of the bcm53xx target. This was found by build bot. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* apm821xx: increase WNDR4700's dtb+kernel partition to 3.5 MiBChristian Lamparter2018-03-302-23/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch cleans and reworks the WNDR4700 dts to increase the now combined dtb+kernel partition to 3.5 MiB. This has become necessary due to the switch to GCC 7.3 and the ever increasing kernel binary size. The dtb+kernel partition was combined in order to finally fix the problem with out-of-sync device-trees. From now on, the kernel and device-tree will always be updated together. Upgrade Note: Existing installations will have to use the TFTP firmware recovery option in order to install the update. Affected users are advised to make a backup of their existing configuration prior to running sysupgrade: <https://openwrt.org/docs/guide-user/installation/generic.backup#backup_openwrt_configuration> Due to the repartitioning of the NAND, the generated backup should be placed on either the internal HDD, an attached USB-Stick or on another PC (externally). To manually trigger the firmware recovery, the reset button has to be pressed (and hold) during boot. U-boot will enter the "Upgrade Mode" and starts a tftpserver listening on 192.168.1.1 for a tftp client from one of the four LAN/Ethernet ports to connect and upload the new system: (enable tftp binary mode!). openwrt-apm821xx-nand-netgear_wndr4700-squashfs-factory.img Cc: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: switch MR24's initramfs to multi-image methodChristian Lamparter2018-03-301-7/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The recent change to switch to gcc 7.3 broke the image generation code, as the kernel would no longer fit into KERNEL_SIZE. This patch fixes the issue by reworking the initramfs creation and packaging, which will get rid of the KERNEL_SIZE check in the process. This new initramfs can be loaded through the MR24 U-boot in the following way: => setenv ipaddr 192.168.1.1 => setenv bootargs console=ttyS0,$baudrate => tftpboot c00000 192.168.1.2:meraki_mr24-initramfs-kernel.bin [...] Load address: 0xc00000 Loading: ################################################ [...] done Bytes transferred = 5952544 (5ad420 hex) => bootm $fileaddr \## Booting kernel from Legacy Image at 00c00000 ... ... For more information and the latest flashing guide: please visit the OpenWrt Wiki Page for the MR24: <https://openwrt.org/toh/meraki/mr24#flashing> Cc: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
* map: fix psidlen becoming negative (FS#1430)Hans Dedecker2018-03-292-11/+17
| | | | | | | | | Fix psidlen becomes negative in case embedded address bit lenght is smaller than IPv4 suffix length. While at it improve parameter checking making the code more logical and easier to read. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* bcm53xx: switch to kernel 4.14Rafał Miłecki2018-03-291-1/+1
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: update kernel 4.14 configRafał Miłecki2018-03-291-7/+34
| | | | | | | | | | | There are few symbol changes but only 3 symbols were possible to set: THERMAL_EMERGENCY_POWEROFF_DELAY_MS CLK_BCM_SR PHY_NS2_USB_DRD Both new drivers don't seem to apply to Northstar so they are disabled. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: fix earlycon regression in kernel 4.14Rafał Miłecki2018-03-291-0/+33
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* Revert "ppp: make ppp-multilink provide ppp"Felix Fietkau2018-03-291-10/+9
| | | | | | | | | | opkg currently has some issues with Provides and this change makes the image builder fail because of that. Revert the change for now until opkg is fixed This reverts commit 092d75aa3e86db8331fffdbd0a99987df9dc438b. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ar71xx: fix ar934x usb controller resource conflictFelix Fietkau2018-03-281-1/+1
| | | | | | Use the right size for the EHCI block Signed-off-by: Felix Fietkau <nbd@nbd.name>
* procd: update to the latest versionYousong Zhou2018-03-281-4/+4
| | | | | | | | | | | | Changes since last version dfb68f8 service: initialize supplementary group ids 3db4e6d service: add func for string config change check c3faabe procd: get rid of putenv usage. The supplementary group id change fixes FS#988 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* hostapd: update to git snapshot of 2018-03-26Daniel Golle2018-03-2735-1530/+153
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following patches were merged upstream: 000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch replaced by commit 0e3bd7ac6 001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch replaced by commit cb5132bb3 002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch replaced by commit 87e2db16b 003-Prevent-installation-of-an-all-zero-TK.patch replaced by commit 53bb18cc8 004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch replaced by commit 0adc9b28b 005-TDLS-Reject-TPK-TK-reconfiguration.patch replaced by commit ff89af96e 006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch replaced by commit adae51f8b 007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch replaced by commit 2a9c5217b 008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch replaced by commit a00e946c1 009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch replaced by commit b488a1294 010-Optional-AP-side-workaround-for-key-reinstallation-a.patch replaced by commit 6f234c1e2 011-Additional-consistentcy-checks-for-PTK-component-len.patch replaced by commit a6ea66530 012-Clear-BSSID-information-in-supplicant-state-machine-.patch replaced by commit c0fe5f125 013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch replaced by commit 114f2830d Some patches had to be modified to work with changed upstream source: 380-disable_ctrl_iface_mib.patch (adding more ifdef'ery) plus some minor knits needed for other patches to apply which are not worth being explicitely listed here. For SAE key management in mesh mode, use the newly introduce sae_password parameter instead of the psk parameter to also support SAE keys which would fail the checks applied on the psk field (ie. length and such). This fixes compatibility issues for users migrating from authsae. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uci: update to latest git HEADHans Dedecker2018-03-271-3/+3
| | | | | | | | 5d2bf09 uci: fix a potential use-after-free in uci_set() 3b3d63e list: only record ordering deltas if element position changed 4c4d343 cmake: Fix cli shared linking against ubox Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to the latest version (fixes FS#1452)Felix Fietkau2018-03-271-4/+4
| | | | | | 9c8d781 netifd: return the interface for locally addressable host dependencies Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: include kmod-ipt-offload in default imagesFelix Fietkau2018-03-271-1/+1
| | | | | | | | | Netfilter flow offload has now started to become useful and suitable for a wider testing audience. Configuring it via UCI is also integrated in firewall3 by adding 'option flow_offloading 1' to the 'defaults' section in /etc/config/firewall Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add kmod-sound-ens1371Felix Fietkau2018-03-251-0/+16
| | | | | | This audio chip is provided as a virtual audio device by VMware Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: improve init script portability (FS#1446)Hans Dedecker2018-03-242-2/+2
| | | | | | | | | | | | | Improve portability of init script by declaring resolvfile as local in dnsmasq_stop function. Fixes resolvfile being set for older busybox versions in dnsmasq_start in a multi dnsmasq instance config when doing restart; this happens when the last instance has a resolvfile configured while the first instance being started has noresolv set to 1. Base on a patch by "Phil" Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* sunxi: add build for sopineFan Fan2018-03-232-0/+20
| | | | | | This will generate image for Pine64 Sopine board. Signed-off-by: Fan Fan <fkpwolf@gmail.com>
* ethtool: Update to 4.15.Rosen Penev2018-03-231-2/+2
| | | | | | Contains kernel 4.14 updates. Compile tested on mvebu. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* Kernel: bump 4.14 to 4.14.29Stijn Segers2018-03-2320-82/+82
| | | | | | | | | | | | Right patch version this time, sorry! * Patch 180-usb-xhci-add-support-for-performing-fake-doorbell.patch had to be adjusted slightly because of upstream adapted code. * Refreshed patches. Compile-tested: ramips/mt7621, x86/64 Run-tested: ramips/mt7621, x86/64 Signed-off-by: Stijn Segers <foss@volatilesystems.org> Tested-by: Rosen Penev <rosenp@gmail.com>