Commit Graph

37915 Commits (52617669c2467ba9964a153827aad1acad99f890)

Author SHA1 Message Date
Mathias Kresin 784ceba269 treewide: select ath10k firmware explicit
Do not rely on the default firmware selected by ath10k.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-05-27 14:23:07 +02:00
Mathias Kresin 0e31ce730f ath10k-firmware: do not select the qca988x by default
Do not select the qca988x by default as soon as kmod-ath10k is
selected. We do support more ath10k chips than the qca988x in the
meantime, so this dependency doesn't make sense any longer.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-05-27 14:22:16 +02:00
Yousong Zhou a44d7bfb63 build: fix possible issue with kmod package having multiple AutoLoad's
This commit contains the following changes

 - Use local shell var where appliable
 - The $(sort $$$$$$$$mods) call will have no expected effect
 - Avoid EEXIST when creating symlinks in /etc/modules-boot.d/
 - Avoid duplicate arguments for insert_modules() in postinst-pkg

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-27 15:04:32 +08:00
Hauke Mehrtens e02b12c4cf kernel: update kernel 4.4 to 4.4.70
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-27 00:43:02 +02:00
Yousong Zhou 2f92622ce8 kernel: fix autoloading arch-specific modules
Fixes FS#745

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-25 23:21:36 +08:00
Yousong Zhou 9c2bd3d631 backlight-pwm: fix module description
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-25 23:21:35 +08:00
Stijn Segers 215c1d05b8 kernel: update kernel 4.4 to 4.4.69
Bump the 17.01 tree kernel to 4.4.69. Trunk 4.4 and 17.01 4.4 have diverged, talked this
through with jow, he was okay with a clean diff against 17.01 and not a backported trunk
patch.

The following patches were applied upstream:

* 062-[1-6]-MIPS-* series
* 042-0004-mtd-bcm47xxpart-fix-parsing-first-block

Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup, as
it was incorrectly included upstream thus dropped from LEDE, but subsequently
reverted upstream. Thanks to Kevin Darbyshire-Bryant for pointing me to it.

  Compile-tested on: ar71xx, ramips/mt7621, x86/64.

  Run-tested on: ar71xx, ramips/mt7621, x86/64.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
2017-05-24 22:47:01 +02:00
Hauke Mehrtens d1a0fc3ec8 binutils: fix build with host gcc < 4.9
binutils 2.27 checks if the target compiler supports -Wstack-
usage=262144, and also uses this setting for the host compiler. If the
host compiler is gcc < 4.9 binutils build will fail. This backports 2
commits which are fixing this problem for binutils 2.28.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-24 18:05:18 +02:00
Hauke Mehrtens d179aa8769 util-linux: fix build with uclibc
Fix build of scriptreplay with uClibc.
Some parts of the libm detection were backported to 2.29.2, but some
parts were missing, which are added here. This patch is needed when
libm is a separate library, this is not needed for LEDE master, because
libm is there integrated in the libc for uClibc and musl.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2017-05-24 18:04:51 +02:00
Kevin Darbyshire-Bryant dd19a41520 dropbear: bump to 2017.75
- Security: Fix double-free in server TCP listener cleanup A double-free
in the server could be triggered by an authenticated user if dropbear is
running with -a (Allow connections to forwarded ports from any host)
This could potentially allow arbitrary code execution as root by an
authenticated user.  Affects versions 2013.56 to 2016.74. Thanks to Mark
Shepard for reporting the crash.
CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c

- Security: Fix information disclosure with ~/.ssh/authorized_keys
symlink.  Dropbear parsed authorized_keys as root, even if it were a
symlink.  The fix is to switch to user permissions when opening
authorized_keys

A user could symlink their ~/.ssh/authorized_keys to a root-owned file
they couldn't normally read. If they managed to get that file to contain
valid authorized_keys with command= options it might be possible to read
other contents of that file.
This information disclosure is to an already authenticated user.
Thanks to Jann Horn of Google Project Zero for reporting this.
CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123

Refresh patches, rework 100-pubkey_path.patch to work with new
authorized_keys validation.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-05-24 18:04:51 +02:00
Stijn Tintel 51db1f5a9a samba: fix CVE-2017-7494
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 3f0d3d12da)
2017-05-24 15:41:30 +02:00
Rafał Miłecki 1165c0ae0d umdns: update to the version 2017-05-22
This includes following changes:
0e8b948 Support specifying instance name in JSON file
49fdb9f Support PTR queries for a specific service
26ce7dc Allow filtering with instance name in service_reply
920c62a Store instance name in the struct service
ff09d9a Rename service_name function to the service_instance_name
64f78f1 Rename mdns_hostname variable to the umdns_host_label

Previous package update pulled commit 70c66fbbcde86 ("Fix sending
replies to PTR questions") which introduced a regression which this
update fixes.

Fixes: 474c31a20d ("umdns: update to the version 2017-03-21")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-05-22 12:11:29 +02:00
Rafał Miłecki 74100f3788 bcm53xx: add support for TP-LINK Archer C5 V2
This model also contains few partitions non-discoverable partitions we
need to "protect". Othen than that it uses non-deprecated serial entry
in DTS that doesn't work with LEDE so we need to workaround it as well.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-05-22 11:38:03 +02:00
Rafał Miłecki dfe2cea9cd firmware-utils: tplink-safeloader: add support for Archer C5 V2
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-05-22 11:38:03 +02:00
Rafał Miłecki 0bef8f8011 fstools: backport regression fix for volume_identify
This fixes regression when volume_identify didn't identify volume on
subsequent calls.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-05-22 11:15:53 +02:00
Jo-Philipp Wich 379155dc0f imagebuilder: fix bundling of DTS sources
Refer to LINUX_KARCH instead of ARCH when bundling DTS files in the image
builder tarball.

While we're at it, also dereference symbolic links when copying as some
kernel architectures contain symbolic links in their DTS directories.

This fixes aarch64 imagebuilders such as brcm2708/bcm2710 ones in particular
as the kernel refers to "aarch64" as "arm64" internally.

Ref: https://forum.lede-project.org/t/lede-image-builder-problem/3680

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-16 17:38:33 +02:00
Michal Sojka dbaaeae428 image.mk: Generate cpiogz with root-owned files
Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio
option to ensure that.

Other image types (at least targz and squashfs) already have this.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
2017-05-16 17:38:08 +02:00
Steffen Weinreich 4bd98e9224 ramips: add om-watchdog to rut5xx DEVICE_PACKAGES
Add om-watchdog as default package for rut5xx.

Signed-off-by: Steffen Weinreich <steve@weinreich.org>
2017-05-15 22:56:01 +02:00
Steffen Weinreich 9423cf3e98 om-watchdog: add support for Teltonika RUT5xx (ramips)
Add rut5xx GPIO PIN selection to om-package startup script.

Testet on a RUT500 device, the timeout value of the hardware watchdog
is about 280 sec.

Signed-off-by: Steffen Weinreich <steve@weinreich.org>
[split into two commits, bump PKG_RELEASE]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-05-15 22:55:54 +02:00
Piotr Dymacz 38367c5699 om-watchdog: cosmetic code style fixes
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-05-15 22:55:47 +02:00
Piotr Dymacz da4992f822 om-watchdog: cleanup Makefile
Drop redundant Build/Prepare, empty lines and duplicated Build/Compile.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-05-15 22:55:41 +02:00
Felix Fietkau 8011215ad2 ar71xx: enable nand-utils in the mikrotik subtarget to ensure it makes it to initramfs
Without it, sysupgrade from initramfs to nand fails

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-12 13:33:22 +02:00
Jo-Philipp Wich aba1b3cbd1 openvpn: update to v2.4.2
Update to version 2.4.2 in order to address two potential Denial-of-Service
vectors in OpenVPN.

CVE-2017-7478 - Don't assert out on receiving too-large control packets
CVE-2017-7479 - Drop packets instead of assert out if packet id rolls over

Ref: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.2
Ref: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-12 11:57:01 +02:00
Felix Fietkau 53e751e303 openvpn: add myself as maintainer
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-12 11:57:01 +02:00
Daniel Engberg d40e2efa94 OpenVPN: Update to 2.4.1
Update OpenVPN to 2.4.1
Remove 200-small_build_enable_occ.patch as it's included upstream.
Refresh patches
Add mirror and switch to HTTPS

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-12 11:57:00 +02:00
Martin Schiller 98491a9ae9 openvpn: add extra respawn parameters
This change protects the openvpn instances to be marked as "in a crash
loop" and thereby the connection retries will run infinitely.

When the remote site of an openvpn connection goes down for some time
(network failure etc.) the openvpn instance in an openwrt/lede device
should not stop retrying to establish the connection.

With the current limit of 5 retries, there is a user interaction
required, which isn't really what you want when the device should
simply do everything to keep the vpn connection up.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-05-12 11:57:00 +02:00
Yousong Zhou bc58099802 openvpn: move list of params and bools to a separate file
So that future patches for addition/removal of them can be more
readable

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-12 11:57:00 +02:00
Jo-Philipp Wich 7f3ec01069 ramips: fixup-mac-address: add missing include
Add missing include of ramips.sh in order to import the missing
ramips_board_name() procedure.

Fixes FS#774.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-11 00:54:06 +02:00
Hans Dedecker d8cfebaa50 dnsmasq: support dhcp_option config as a list
Configuring dhcp_option as an option does not allow the usage of white
spaces in the option value; fix this by supporting dhcp_option as a list
config while still supporting the option config to maintain backwards
compatibility

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-09 22:39:41 +02:00
Rafał Miłecki d1e0cc8cd5 bcm53xx: backport DT patches for serial, thermal and MDIO
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-05-09 11:18:39 +02:00
Henryk Heisig 8619683037 ramips: add factory firmware for Tp-Link C20i/C50
TP-Link firmware doesn't accept sysupgrade.bin with metadata.

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2017-05-05 20:00:57 +02:00
Marcin Jurkowski d90ff22c8c brcm63xx: fix invalid Asmax AR 1004g DTS reference
Build profile for Asmax AR 1004g refers to an invalid DTS "rg100a". The
correct DTS for this device is "ar1004g".

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
2017-05-05 19:59:18 +02:00
Mathias Kresin d49920e450 lantiq: fix avm fritz box mac addresses
It has been shown that the Fritz boxes have the correct mac address set
in the wireless calibration data/eeeprom. Use this mac address as base
for the ethernet and xdsl interface increment/decrement the address to
match the values stored in the tffs.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-05-05 19:59:18 +02:00
Paul Spooren 79cd14152c ramips: enable ramdisk for mt7621
Fixes #758

Signed-off-by: Paul Spooren <paul@spooren.de>
2017-05-04 01:03:25 +02:00
Jo-Philipp Wich bc0de2751c ipq806x: fix EA8500 switch configuration
Do not assign the CPU port twice, this confuses LuCI and possible other
programs relying on topology information in board.json.

Ref: https://github.com/openwrt/luci/issues/1086

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-03 14:16:04 +02:00
Jo-Philipp Wich 0c8f72639f base-files: implement ucidef_set_hostname(), ucidef_set_ntpserver()
Commit 2036ae4 (base-files: support hostname and ntp servers through board.d)
was supposed to implement these procedures but lacked the required changes
to uci-defaults.sh.

Add the missing procedures now to fix config generation on targets relying
on hostname or NTP server presetting.

Fixes FS#754.

Reported-by: Cristian Morales Vega <cristian@samknows.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-03 13:48:44 +02:00
Tomislav Požega eb11207397 mac80211: rt2800: fix mt7620 E2 channel registers
update RF register 47 and 54 values according to vendor driver

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: moved changes into a separate patch]
2017-05-02 23:17:22 +02:00
Tomislav Požega 64fa4ead32 mac80211: rt2800: fix mt7620 vco calibration registers
Use register values from init LNA function instead of the ones from
restore LNA function. Apply register values based on rx path
configuration.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: moved changes into a separate patch]
2017-05-02 23:17:22 +02:00
Daniel Golle 820a39687d mac80211: rt2x00: fix MT7620 LNA gain and VCO-after-ALC
This should fix issues with bad RX as well as AP not coming up and/or
scanning failing.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-05-02 23:17:22 +02:00
Daniel Golle 5b91d2b52e mac80211: rt2x00: import upstream changes and rebase our patches
Some of our local patches have been accepted upstream. And there are
some more relevant changes (mostly for rt2800usb). Import them and
rebase our remaining local patches on top.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-05-02 23:17:22 +02:00
Daniel Golle ab7087e24f rt2x00: mt7620: make fixes requested upstream
Introduce RT6352 instead of matching against RF7620.
Clean up channel setting rfvals.
Port bandwidth filter calibration.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-05-02 23:17:22 +02:00
Daniel Golle 4314646ac6 rt2x00: mt7620: yet another beauty session
So here is another round of improvements for MT7620 WiFi.

This commit fixes a few significant issues related to TX_PWR_CFG_x and
TX_ALC and also makes the code more readable by adding register
descriptions for things added for MT7620 and use the usual bit-field
access macros and the now defined macros instead of plain bit-ops and
magic numbers.

Properly describe EEPROM_TARGET_POWER at word 0x68 (== byte 0xD0) and
thereby fix internal TXALC which would otherwise just read
out-of-bounds of the EEPROM map.

Split-out tx-power/ALC related stuff into an additional function.
Fix VCO calibration, it was carried out properly in the channel
switching but incomplete in the actual VCO calibration function.
Also there is no need to trigger VCO calibration in channel switching,
the VCO calibration function is already being called at this point.
Remove it from channel switching function to avoid redundant code.

The TX power calibration differs significantly from all other
Mediatek/Ralink chips: They finally allow 0.5dB steps stored as 8-bit
values for (almost) each bitrate -- and promptly ran out of space and
for some reason didn't want to change the EEPROM layout. The hence
opted for a scheme of sharing values for some adjecent bitrates and
a highly over-complicated (or obfuscated?) way to populate the
TX_PWR_CFG_x registers with the values stored in the EEPROM.
The code here now looks much less complicated than what you see in the
vendor's driver, however, it does the exact same thing:
bGpwrdeltaMinus is a constant and always TRUE, hence half of the
code was dead. Gpwrdelta is always 0 (rather than using the value read
from the EEPROM). What remains is some very grotesque effort to avoid
0x20, probably some hardware bug related to some misunderstanding of
what a singed 8-bit value is (imagine: if it was a signed 6-bit value
then someone could believe that 0x20 == 0x0). And then they didn't
clean it up once they later on anandonned that whole story of having a
constant offset for 40 MHz channels and just set the offset to be
constant 0 -- there is no effort for avoiding 0x20 for the 20 MHz
values stored in the EEPROM, hence that's probably just a forbidden
value in the EEPROM specs and won't appear anyway...
Anyway, the whole thing felt like solving some college math test
where in the end everything cancels out and the result equals 0 ;)
To make sure that channel bandwidth power compensation really doesn't
need to be taken care of, output a warning when the corresponding
value stored in the EEPROM is non-zero.

Also there is no apparent reason to refrain from initializing RFCSR
register 13, it doesn't fail what-so-ever.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-05-02 23:17:22 +02:00
Jonas Gorski ceefe616c8 mac80211: add rt2x00 debug symbols to PKG_CONFIG_DEPENDS
Chaning these symbols require a recompilation of the modules, so make the
system aware of it.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-05-02 23:17:22 +02:00
Felix Fietkau 5ac51ada60 ath9k: fix power limits on init
The tx power applied by set_txpower is limited by the CTL (conformance
test limit) entries in the EEPROM. These can change based on the user
configured regulatory domain.
Depending on the EEPROM data this can cause the tx power to become too
limited, if the original regdomain CTLs impose lowr limits than the CTLs
of the user configured regdomain.

To fix this issue, set the initial channel limits without any CTL
restrictions and only apply the CTL at run time when setting the channel
and the real tx power.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-02 23:17:22 +02:00
Felix Fietkau a9728799bc ath: do not apply broken power limits with ATH_USER_REGD
If a device uses the default EEPROM code, typically only the main CTLs
are valid, and they do not apply properly when switching to a different
regulatory domain. If the regdomain deviates from the EEPROM one, force
the world roaming regdomain to ensure that power limits are sane

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-02 23:17:22 +02:00
Hans Dedecker 503e496366 odhcpd: update to version 2017-04-28 (FS#595)
9268ca6 ndp: don't trigger IPv6 ping when neighbor entry is invalid
2b3355f ndp: fix adding proxy neighbor entries
7dff5b4 ndp: fix wrong interface name in syslog message
a54afb5 dhcpv6-ia: Fix segfault when writing DHCPv4 leases in state file
c0e9dbf ubus: don't segfault when there're no leases

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-02 22:08:32 +02:00
Hans Dedecker c266641acf odhcpd: update to version 2017-04-21
570069d ubus: rework dumping IPv6 and IPv4 leases
4e579c4 dhcpv6-ia: simplify logic to write statefile and dhcpv6 logging

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-02 22:08:21 +02:00
Sergey Ryazanov 37cf921352 build: fix symlinked .config handling
When running "make menuconfig" with symlinked .config (e.g. to
env/.config) it renames symlink to .config.old, creates new .config file
and writes updated configuration here.

This breaks the desired workflow when changes in the configuration could
be checked using "scripts/env diff" and commited with
"scripts/env save". Since the env/.config file is not updated.

Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2017-05-02 16:11:09 +02:00
Thibaut VARENE 8b9f7bd7bd ramips: WN3000RPv3: do not setup switch
The WN3000RPv3 is a repeater with a single ethernet port. Setting up the
switch, even to disable it, is unnecessary and possibly confusing.

Configure LAN as eth0 instead.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-04-28 17:10:01 +02:00
Daniel Gonzalez Cabanelas bf534e45ea brcm63xx: Add Observa VH4032N support
Add support for the Observa Telecom VH4032N router.

This is another BCM6368 router, 128 MB RAM, 32MB flash and 3 USB
host ports.

The wifi chip is an onboard Broadcom BCM43222.

Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
[jonas.gorski: use gpio-hog instead of abusing ephy-reset]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-04-28 17:09:55 +02:00