By default, forwarding between all ports is allowed on init. This is
problematic in cases where some ports are supposed to be isolated from
each other, most commonly LAN/WAN separation.
REG_ESW_PORT_PCR(port) has a destination mask for a particular port,
controlling what other ports it is allowed to send packets to.
Instead of initializing all to 0xff (all ports), allow each physical
port to send to the CPU port, and the CPU port to send to all other
ports.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes the partition name for the firmware splitter, the cfi
address and adds the mtd-eeprom address for wmac. It adds additional
LEDs and make use of them in diag.sh and 01_leds.
Please note that the ":blue:wired" LED is used because the
":blue:router" behaviour is unpredictable for failsafe indication. The
issue with the router LED is that you have two states only.
"off" is steady on and "on" blinks. Therefore the wired LED is more
suitable.
Furthermore it reuses the correct switch configuration definition to
reflect the device ports and numbering. Additionally fixes the issue
that the default configuration is not applied as no port 6 exists on
this device.
Signed-off-by: Tobias Wolf <github-NTEO@vplace.de>
sysupgrade command fails due to missing U-Boot environment-processing
binaries on sysupgrade ramdisk. The missing binaries result in the
following output:
Switching to ramdisk...
Performing system upgrade...
ash: /usr/sbin/fw_printenv: not found
ash: fw_setenv: not found
ash: touch: not found
cannot find target partition
Signed-off-by: Vignesh Balasubramaniam <vigneshb.hp@gmail.com>
The name from the Device define will be used in the metadata. Due to
typo/different spelling, this name might not match the one exported in
/lib/mvebu.sh.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This fixes the following security problems:
CVE-2016-7440: Software AES table lookups do not properly consider cache-bank access times
CVE-2016-7439: Software RSA does not properly consider cache-bank monitoring
CVE-2016-7438: Software ECC does not properly consider cache-bank monitoring
SWEET32 Attack
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Support for MIPS toolchains without FPU support was added upstream,
so remove our patch.
patches/310-mips-link-tool.patch was a backport form this version of valgrind
src/abort.c is not referenced anywhere
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the following security problems:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Change getver.sh to append a short Git commit hash to the end of the artifical
revision number. This way we still have order- and comparable commit numbers
but also a direct relation to the Git commit.
The new output format will look like "r2400+2-882472e" for dirty trees or like
"r2402-882472e" for clean ones.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Move the revision info to the VERSION_CODE variable and default VERSION_NUMBER
to CURRENT for master branch builds.
Also introduce a new menuconfig option CONFIG_VERSION_CODE which allows users
to override the revision value put into VERSION_CODE and adjust the template
files used by the base-files package to accomodate for the changed semantics.
While we're at it, also adjust the various URLs to match the current web site.
After this commit, the relevent files will look like the examples given below:
# cat /etc/openwrt_version
r2398+1
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='CURRENT'
DISTRIB_REVISION='r2398+1'
DISTRIB_CODENAME='reboot'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Reboot CURRENT r2398+1'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="CURRENT, Reboot"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Reboot CURRENT"
VERSION_ID="current"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2398+1"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Reboot CURRENT r2398+1"
On a release branch, those files would look like:
# cat /etc/openwrt_version
r2399
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='16.12-CURRENT'
DISTRIB_REVISION='r2399'
DISTRIB_CODENAME='test_release'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Test Release 16.12-CURRENT r2399'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="16.12-CURRENT, Test Release"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Test Release 16.12-CURRENT"
VERSION_ID="16.12-current"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2399"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Test Release 16.12-CURRENT r2399"
On a release tag, those files would look like:
# cat /etc/openwrt_version
r2500
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='17.02.1'
DISTRIB_REVISION='r2500'
DISTRIB_CODENAME='mighty_unicorn'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Mighty Unicorn 17.02.1 r2500'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="17.02.1, Mighty Unicorn"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Mighty Unicorn 17.02.1"
VERSION_ID="17.02.1"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2500"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Mighty Unicorn 17.02.1 r2500"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
Sadly, LibreSSL claims to be OpenSSL v2.0.0 while not providing the new
interfaces introduced with OpenSSL v1.1.x, so extend the pre-OpenSSL 1.1.x
compat checks to consider LibreSSL as well.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
use pwr LED in diag.sh
Expose unused pinmux pins as GPIOs
export power LED and buzzer pins
Use rb750gr3:blue:pwr LED in diag.sh for boot status instead of rb750gr3:green:usr
Signed-off-by: Andrew Yong <me@ndoo.sg>
Imported from https://source.codeaurora.org/quic/qsdk/system/openwrt/commit/?h=korg/linux-3.4.y/release/arugula_bb_cs&id=2be4f8a8b205ae1a37db44839864451ebe893e6e
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
Enable flow control of LAN and WAN ports to
get better performance.
Setup pvid as 0 for all ports during initialisation
to avoid confusion during system or switch INIT.
Disable PORT MAC before config MAC to avoid it work abnormal.
This change is for IR-054144, IR-057315.
Change-Id: I345f3dffa59ad3f97150e09692723da12a7b1067
Signed-off-by: Zou Shunxiang <shunxian@codeaurora.org>
Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
Imported from e1aaf7ec00%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
CHROMIUM: net: ar8216: address security vulnerabilities in swconfig & ar8216
This patch does the following changes:
*address the security vulnerabilities in both swconfig framework and in
ar8216 driver (many bound check additions, and turned swconfig structure
signed element into unsigned when applicable)
*address a couple of whitespaces and indendation issues
BUG=chrome-os-partner:33096
TEST=none
Change-Id: I94ea78fcce8c1932cc584d1508c6e3b5dfb93ce9
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/236490
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Commit-Queue: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
Import from fd7b89dd46%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
CHROMIUM: drivers: ar8216: prevent device duplication in ar8xxx_dev_list
If probe is called twice, once for PHY0 and a second time for PHY4,
the same switch device will be added twice to ar8xxx_dev_list, while
supposedly this list should have one element per hardware switch present
in the system.
While no negative impact have been observed, it does happen if a
platform instanciates these two PHYs from device-tree, as an example.
Change-Id: Iddcbdf7d4adacb0af01975b73f8e56b4582e894e
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/234790
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
Import from c3fd96a7b8%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
CHROMIUM: drivers: ar8216: hold ar8xxx_dev_list_lock during use_count--
It is possible for the remove() callback to run twice in parallel, which
could result into --use_count returning only 1 in both cases and the
rest of the unregistration path to never be reached.
This case has never been observed in practice, but we will fix
preventively to make the code more robust.
BUG=chrome-os-partner:33096
TEST=none
Change-Id: If09abe27fdb2037f514f8674418bafaab3cbdef6
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/232870
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
Import from c05af20272
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
CHROMIUM: drivers: ar8216: sync mib_work cancellation
ar8xxx_mib_stop() is called from ar8xxx_phy_remove(), so we want to make
sure the work doesn't run after priv is freed / the device ceases to
exist.
BUG=chrome-os-partner:33096
TEST=none
Change-Id: Iafb44ce93a87433adc4576e5fea5fda58d1f43a9
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/232827
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Reviewed-by: Grant Grundler <grundler@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
RPM clock controller driver had made its way upstream and previous
approach of directly redoing a driver to support ipq806x is a no go anymore.
Thus reverting mentioned patches to upstream state and renaming
in correct patch numbering accordance.
To make the driver work on ipq806x boards we introduce a custom patch.
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
Not all kmod packages depends on kmod-ipt-compat-xtables, but this
kernel config option is required for building the whole package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Commit 2728512 ("e2fsprogs: List all libraries explicitly") forced the
e2fsprogs build system to link libcom_err.so in various places.
Unfortunately, the krb5 package also ships a libcom_err.so with a totally
different ABI and puts it into the global staging directory which causes
e2fsprogs to pick up this wrong library, leading to the following failure:
LD blkid
../lib/libext2fs.so: undefined reference to `_et_list'
collect2: error: ld returned 1 exit status
Makefile:504: recipe for target 'blkid' failed
Change the SYSLIBS specification to explicitely link libcom_err.so.0.0
which in order to work around the problem.
In the long run, the libcom_err clash between e2fsprogs and krb5 needs to
be solved properly.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The OpenSSL 1.1.x version series undergone some major API changes which made
the RSA structure opaque and deprecated a number of methods, so add some
conditional compat code to make the u-boot source build again.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The SDK Makefile still trys to copy the docs folder which was removed
with 882f4d2d63. This causes an SDK build
error.
All other removals are just cleanup.
Signed-off-by: Mathias Kresin <dev@kresin.me>
"service" is a simple wrapper that will allow to call init.d scripts
current method: # /etc/init.d/network reload
with the wrapper: # service network reload
If the wrapper is called without arguments or with a wrong init script name, it will print an error and list the content of /etc/init.d/ folder
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Refresh patches on all 4.4 supported platforms.
077-0005-bgmac-stop-clearing-DMA-receive-control-register-rig.patch
removed as now upstream.
Compile & run tested: ar71xx - Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
the docs in /docs folder are pretty much obsolete and in a not very friendly format (latex, that requires to be
compiled), leaving them there only causes confusion.
LEDE documentation's place is the wiki, or the site.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
ifxhcd never had roothub support but since kernel 3.x it was expected
that a roothub always exists.
The patched fixed a null pointer deref in the usb subsystem because of
the missing roothub.
Since ifxhcd is gone, this whole patch isn't required any longer.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Based on the submission to the uboot-lantiq repo by Martin Blumenstingl.
Use the ddr_settings.h from the GPL tarball. The NAND boot optimized
one (with memory tuning enabled) doesn't work for the UART boot image.
Use the same mtd layout as the stock u-boot. Add add UBI support.
Use the leds to indicate boot status like it is done with the stock
u-boot. Switch on the red power led if kernel image can't be loaded.
Otherwise switch the green led on.
Make only the ramboot u-boot available. Only this image is required for
the first installation of LEDE.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This way the on nand bad block table is preserved and used. Add support
for nand OOB ECC checksums as well. It should fix all reported ubi
errors, which were all related to bad nand blocks and a purged on nand
bad block table.
The existing ubi partition will be reused, which eliminates the need
to touch the caldata during initial install. The BT u-boot has support
for loading a kernel from an ubi volume. It isn't necessary any longer
to replace the BT u-boot with a custom compiled one to use LEDE.
It is required to restore the BT Firmware and install LEDE from scratch
to switch to the new partition layout.
An image for restoring the BT firmware and installing LEDE is provided
at https://github.com/mkresin/lede/releases.
Signed-off-by: Mathias Kresin <dev@kresin.me>