aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* kernel: backport upstream challenge ACK fix (CVE-2016-5696)Jo-Philipp Wich2016-08-133-0/+218
| | | | | | | | | | | | Yue Cao claims that current host rate limiting of challenge ACKS (RFC 5961) could leak enough information to allow a patient attacker to hijack TCP sessions. He will soon provide details in an academic paper. Backports upstream commit 75ff39ccc1bd5d3c455b6822ab09e533c551f758 to the used LEDE kernel versions. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* brcm63xx: switch to board based failsafe networkingJonas Gorski2016-08-131-37/+0
| | | | Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* base-files: configure switch in failsafeJonas Gorski2016-08-131-2/+46
| | | | | | | Also configure the switch based on the failsafe config, and create the failsafe interface as tagged if necessary. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* base-files: allow failsafe to configure vlansJonas Gorski2016-08-131-3/+29
| | | | | | | In preparation of properly setting up vlans and switches, add support for configuring failsafe on a vlan tagged interface. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* base-files: add preinit ifname detection based on board.jsonJonas Gorski2016-08-131-0/+29
| | | | | | Make use of the existing board.d to autodetect lan ifname in a generic way. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* base-files: split out preinit interface configJonas Gorski2016-08-131-4/+10
| | | | | | | Move preinit interface and ip config to its own function to allow calling it from more than one place. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* base-files: board_detect: allow specifying the generated fileJonas Gorski2016-08-132-4/+6
| | | | | | | Allow passing a filename to change the location of the generated board.json. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* base-files: let config_generate call board_detectJonas Gorski2016-08-133-4/+2
| | | | | | | Instead of board_detect generating the config as a side effect, let config_generate call board_detect as needed. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* brcm63xx: backport mtd of node changes from upstreamJonas Gorski2016-08-1312-23/+608
| | | | | | | Should fix parser data containing uninitialized values for of probed physmap flashes, which could break e.g. the redboot parser. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* kernel: check SOURCE_DATE_EPOCH before setting KBUILD_BUILD_TIMESTAMPJonas Gorski2016-08-131-1/+1
| | | | | | Make sure SOURCE_DATE_EPOCH actually contains something. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* kernel: allow reproducable buildsJonas Gorski2016-08-131-0/+2
| | | | | | | | | | | | Similar how we fix the file times in the filesystems, fix the build time of the kernel, and make the build number static. This should allow the kernel build to be reproducable when combined with setting the KERNEL_BUILD_USER and _DOMAIN in case of different machines. The reproducability only applies to non-initramfs kernels, those still require additional changes. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* dropbear: security update to 2016.74Jo-Philipp Wich2016-08-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | - Security: Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system (validated by getpwnam()) then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program. - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files - Security: dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts. - Security: dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v The security issues were reported by an anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mwlwifi: upgrade to 10.3.0.18-20160804Imre Kaloz2016-08-111-2/+2
| | | | | | adds support for the Linksys WRT1900ACSv2 and WRT1200ACv2 Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
* kernel: add missing config symbolFelix Fietkau2016-08-111-1/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* oxnas: set preinit network interfaceDaniel Golle2016-08-111-0/+7
| | | | | | set network interface for failsafe mode to eth0 for all boards Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ramips: fix legacy image buildFelix Fietkau2016-08-111-4/+7
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: fix crashlog issues on highmem systemsFelix Fietkau2016-08-111-19/+32
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* bcm53xx: add profiles for Buffalo devicesRafał Miłecki2016-08-111-2/+24
| | | | | | | This generates proper images when using CONFIG_TARGET_MULTI_PROFILE and CONFIG_TARGET_PER_DEVICE_ROOTFS. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: include USB modules in images for devices with USB portsRafał Miłecki2016-08-111-9/+16
| | | | | | This allows using USB out of the box. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: add profiles for all other (SoftMAC) devicesRafał Miłecki2016-08-111-31/+34
| | | | | | | Thanks to this images for SoftMAC devices don't get brcmfmac anymore and b43 is added for devices with (quite poor) support only. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ath10k-firmware: Update to latest 99X0 CT firmware.Ben Greear2016-08-111-2/+2
| | | | | | | | | | Among other things, this compiles out support for peer caching. The feature did not seem to work well in my testing of AP mode, and totally breaks my own special use of station mode. Briefly tested on ea8500. Signed-off-by: Ben Greear <greearb@candelatech.com>
* ath10k-ct: Fix loading 9980 firmware.Ben Greear2016-08-111-2/+2
| | | | | | | | | | | ath10k-ct driver was using bad defaults for 9980 if user had not specified a fwcfg file to over-ride them. Also, support configurable station-kickout-threshold, which might work around issues with flakey connections. Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix PKG_VERSION]
* tools: flock: add NFSv4 compatibilityMathias Kresin2016-08-111-0/+16
| | | | | | | | | | | | | | | | | | | | | | This patch fixes the LEDE build on mounted NFSv4 shares. The lock file cannot be opened in read-write mode by default, because then we cannot use flock(1) to lock executable files. The read-write mode for lock files is necessary on NFSv4 where flock(2) is emulated by by fcntl() -- this situation is possible to detect by flock(2) EBADF error. The patch consist of the following util-linux/flock commits http://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=eb742a1f66d5e3a7c5b43efce741c113f51bef3b http://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=caf1ba11a367ad702fb774653daf9ebdcca49d7b without including the pre kernel 3.4 support. Signed-off-by: Mathias Kresin <dev@kresin.me> Signed-off-by: Felix Fietkau <nbd@nbd.name> [minor cleanup]
* gcc: optionally build gccgo compilerMatteo Croce2016-08-115-2/+49
| | | | | | Tested with eglibc on x86 and armv7 so far Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
* kernel: add plan 9 fs packageMatteo Croce2016-08-115-0/+46
| | | | | | | 9pfs is used by kvm to share files between host and guest, add proper config option to enable it. Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
* hostapd: Allow RADIUS accounting without 802.1xPetko Bordjukov2016-08-111-10/+9
| | | | | | | | RADIUS accounting can be used even when RADIUS authentication is not used. Move the accounting configuration outside of the EAP-exclusive sections. Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
* lantiq: fix some ethernet driver SMP issuesFelix Fietkau2016-08-111-10/+16
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* bcm53xx: convert (disabled) Netgear R8500 image to own profileRafał Miłecki2016-08-111-1/+8
| | | | | | It should be the last device with FullMAC chipset to convert. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: add profile with brcmfmac for Netgear R7900Rafał Miłecki2016-08-111-1/+8
| | | | | | | It's one more device with FullMAC that got forgotten in the previous commit. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* bcm53xx: add profiles for devices with FullMAC chipsetsRafał Miłecki2016-08-101-1/+12
| | | | | | | | This allows building images for selected devices with brcmfmac only (without b43 which is for SoftMAC devices). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* ramips: Add support for Thunder TimecloudChuanhong Guo2016-08-106-1/+124
| | | | | | | Thunder Timecloud is a small NAS with MT7621A. It has 1 USB port and an SD Card slot. There is no wireless cards. Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* preinit: use only the image config optionsMathias Kresin2016-08-102-19/+0
| | | | | | | | | | The pi_* variables and the fs_failsafe_wait_timeout variable are set by the CONFIG_TARGET_PREINIT_* config options. No need to maintain the same values twice. All other fs_ variables were never used. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ltq-hcd: fix xway dependencyMathias Kresin2016-08-101-1/+1
| | | | | | Due to missing parameter the package wasn't build for the xway target. Signed-off-by: Mathias Kresin <dev@kresin.me>
* kernel: adm6996: set carrier statusMathias Kresin2016-08-101-0/+5
| | | | | | | Due to the missing carrier status set, the interface wasn't usable on a BTHOMEHUB2B after ip link down and up as it is done in preinit. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: Add support for TEW-714TRUJimmy Zhong2016-08-106-0/+137
| | | | Signed-off-by: Jimmy Zhong <mb300sd@mb300sd.net>
* lantiq: enable cpu temp driver for selected boardsMathias Kresin2016-08-103-0/+12
| | | | | | | | According to the author of the cpu temp driver, not all xrx200 boards have a cpu temperature sensor. For that reason enable the sensor only for tested boards. Signed-off-by: Mathias Kresin <dev@kresin.me>
* lantiq: board.d: set lan mac address only where necessaryMathias Kresin2016-08-101-16/+8
| | | | | | | Do not set the lan mac address for boards which having the lan mac address already set in device tree source file. Signed-off-by: Mathias Kresin <dev@kresin.me>
* lantiq: drop duplicate and now unused "lantiq, eth-mac" bindingMathias Kresin2016-08-101-52/+1
| | | | | | | | | | | | The device tree binding and the associated code duplicates functionality already patched into the etop driver. The compatible string isn't used any more. Therefore the whole code can be dropped. The "mac-increment" property allowed to increment a mac address received via kernel cmdline. This functionality isn't used by any device and should be added as etop driver device tree property if required again. Signed-off-by: Mathias Kresin <dev@kresin.me>
* lantiq: use the etop driver DT bindings onlyMathias Kresin2016-08-1014-81/+25
| | | | | | | Use the generic mtd-mac-address dts property to get a mac address from flash instead of the lantiq specific one. Signed-off-by: Mathias Kresin <dev@kresin.me>
* lantiq: fix mac address incrementsMathias Kresin2016-08-1012-12/+1
| | | | | | | | | | | | Use the same mac address increment in device tree source file and userspace. Don't add a mac address increment to either the only mtd mac-address or to all mac-addresses. Fix a typo in the TDW89X0.dtsi file to add an increment. Signed-off-by: Mathias Kresin <dev@kresin.me>
* lantiq: drop orphaned eeprom-handling code branchesMathias Kresin2016-08-101-97/+71
| | | | | | | | | | All device tree nodes are using the named properties now and the code path handling the reg property isn't required any more. The code related to the ath,eep-flash property has been reformatted to be better readable. Signed-off-by: Mathias Kresin <dev@kresin.me>
* lantiq: use ath, eep-flash/mac-offset for ath eep nodesMathias Kresin2016-08-105-15/+15
| | | | | | | No functional change, just easier to get what's the purpose of the hex values. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ath25: fix duplicate LZMA compressionJo-Philipp Wich2016-08-091-4/+15
| | | | | | | | | | | The conversion to the new image building code accidentally caused the kernel image to get compressed twice, leading to boot failures when kernel and rootfs are flashed separately. The sysupgrade images have been unaffected by this. Also restore the elf kernel build artifact while we're at it. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openssl: re-enable CMAC supportFelix Fietkau2016-08-091-1/+1
| | | | | | Needed by a few packages Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uclient: change SSL support error messageJo-Philipp Wich2016-08-081-2/+2
| | | | | | | Change the error message about missing SSL support to be more explicit by mentioning required package names. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ramips: switch from 24kec to 24kcJonas Gorski2016-08-085-5/+4
| | | | | | | | Since the only difference between 24Kec and 24Kc is the addition of DSP ASE support, and we don't use it anymore, there is no need to keep 24Kec as a separate cpu type. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* mac80211: Update the regdb to master-2016-06-10Petko Bordjukov2016-08-071-21/+66
| | | | | | | | | | | | | | | Changes include: * Higher maximum transmit power in the 5170-5250 band of the BG regdomain * Introduction of the CU regdomain * Introduction of the 5725-5875 band (short-range devices) in the DE regdomain * Introduction of 60 GHz channels 1-4 in the KR regdomain * Introduction of the 5725-5875 band (short-range devices) in the NL regdomain Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
* kernel: make the kernel build auto-clean the build dir like package buildsFelix Fietkau2016-08-054-7/+18
| | | | | | Previous behavior can be restored by using QUILT=1 on target/prepare Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: remove unused hostapd-common-old packageFelix Fietkau2016-08-053-606/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ath9k: improve powersave filter handlingFelix Fietkau2016-08-041-0/+70
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>