Commit graph

39219 commits

Author SHA1 Message Date
Magnus Kroken
45f4f6649a openvpn: update to 2.4.3
Fixes for security and other issues. See security announcement for more details:
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

* Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508)
* Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520)
* Potential double-free in --x509-alt-username (CVE-2017-7521)
* Remote-triggerable memory leaks (CVE-2017-7512)
* Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522)
* Null-pointer dereference in establish_http_proxy_passthru()
* Restrict --x509-alt-username extension types
* Fix potential 1-byte overread in TCP option parsing
* Fix mbedtls fingerprint calculation
* openssl: fix overflow check for long --tls-cipher option
* Ensure option array p[] is always NULL-terminated
* Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6)

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-06-26 09:56:07 +02:00
Magnus Kroken
329f6a96b7 mbedtls: update to 2.5.1
Fixes some security issues (no remote exploits), and introduces
some changes. See release notes for details:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released

* Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
* Adds exponent blinding to RSA private operations
* Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
* Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
* Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-06-26 09:56:07 +02:00
Alexander Couzens
d98cafc7b6
ar71xx/images/senao: fix reproducible issue using tar
Use deterministic sorting
Use numeric owner/group
Set uid/gid to 0

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-25 12:14:26 +02:00
Alexander Couzens
d6331d5583 ar71xx/image: make tar calls reproducible
Use --mtime when SOURCE_DATE_EPOCH is set.
Use gzip -n9z instead of tar z to remove
timestamp in gzip header.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-25 12:11:41 +02:00
Christian Lamparter
6adc757097 apm821xx: MR24: fix ethernet phy detection on the MR24
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This patch fixes a problem where the AR8035 PHY can't be
detected on the Cisco Meraki MR24, when the ethernet cable
is not connected during boot.

Russell Senior reported:
|This appears to be a problem during probing of the AR8035
|phy chip. When ethernet has no link, the phy detection fails,
|and eth0 is not created. Plugging ethernet later has no effect,
|because there is no interface as far as the kernel is
|concerned. The relevant part of the boot log looks like this:
|
|[    0.876611] /plb/opb/emac-rgmii@ef601500: input 0 in RGMII mode
|[    0.882532] /plb/opb/ethernet@ef600c00: reset timeout
|[    0.888546] /plb/opb/ethernet@ef600c00: can't find PHY!
(<https://bugs.lede-project.org/index.php?do=details&task_id=687>)

Fixes FS#687
Cc: Chris Blake <chrisrblake93@gmail.com>
Reported-by: Russell Senior <russell@personaltelco.net>
Fixes: 23fbb5a87c56e98 ("emac: Fix EMAC soft reset on 460EX/GT")
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2017-06-24 22:36:38 +02:00
Florian Eckert
4482063c34 treewide: add license tags
Add licence tags where missing.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-06-24 22:36:38 +02:00
Mathias Kresin
1faff3b7e3 ramips: add MT7603E driver to AFoundry EW1200
Add the MT7603E driver for the 2.4GHz wireless.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
e7cd6f5d66 ar71xx: add AVM FRITZ!WLAN Repeater 300E support
Specifications:
* SoC: AR7242 (Virian 400MHz)
* RAM: 64 MB DDR (W9751G6JB-25)
* Flash: 16MB SPI flash (S25FL129PIF)
* WiFi: AR9382 (2.4/5GHz) + 2x SE2595L
* LAN: 1x1000M (PEF7071V)

To install LEDE via EVA bootloader, a FTP connection need to be
established to 192.168.178.1 within the first seconds after power on:

  ftp> quote USER adam2
  ftp> quote PASS adam2
  ftp> binary
  ftp> debug
  ftp> passive
  ftp> quote MEDIA FLSH
  ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
0605b15be4 ar71xx: add AR724x PCIe init fixes
Add upstream send AR724x PCIe patches to get the PCIe controller out of
reset during driver init.

The AVM Fritz 300E bootloader doesn't take care of releasing the
different PCIe controller related resets which causes an endless hang
as soon as either the PCIE Reset register (0x180f0018) or the PCI
Application Control register (0x180f0000) is read from.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
8e0d7d6574 build: move lzma2eva build step to image-commands.mk
Move it to image-commands.mk so that it can used by other targets with
eva based boards as well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
d165f1f3bc kernel: move Lantiq PEF7061/7071/7072 phy driver to generic
The driver is used for boards outside the lantiq target as well. Move
it to generic to make it available for more targets.

The phy driver is included in kernel 4.8 as INTEL_XWAY_PHY.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
7e12863252 fritz_tffs_read: get tffs size from input file
Use the size of the input file as maximum tffs size instead of a fixed
value. The tffs on a AVM Fritz 300E can be up to 512KByte for example.

Fixes a read error for the AVM Fritz 3370 where the tffs partition size
is 64Kbyte and smaller than the former default value of 256KByte.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Daniel Golle
04063820e8 libreadline: add host-build
Also make sure that the PKG_NAME and folder name are equal.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-24 14:38:14 +02:00
Luiz Angelo Daros de Luca
991899cc54 valgrind: bump to 3.13.0
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2017-06-24 14:11:06 +02:00
Christian Schoenebeck
7d7356df64 ca-certificates: Update to version 20161130+nmu1
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2017-06-24 14:11:06 +02:00
Bastian Bittorf
dde9da46c1 busybox: ash/hush fix for read-builtin command
this is a cherrypick from busybox-git HEAD:
f5470419404d643070db99d058405b714695b817

and can be removed when upgrading to
next busybox release. discussion here:
http://lists.busybox.net/pipermail/busybox/2017-May/085439.html

Signed-off-by: Bastian Bittorf <bb@npl.de>
2017-06-24 13:11:19 +02:00
Kevin Darbyshire-Bryant
22e2b402ae gcc: gcc 6.3.0 fix comparison between pointer and integer
Fix FS#832

/source/build_dir/toolchain-mips_74kc_gcc-6.3.0_musl/gcc-6.3.0/gcc/ubsan.c:
In function 'bool ubsan_use_new_style_p(location_t)':
/source/build_dir/toolchain-mips_74kc_gcc-6.3.0_musl/gcc-6.3.0/gcc/ubsan.c:1474:23:
error: ISO C++ forbids comparison between pointer and integer
[-fpermissive]
       || xloc.file == '\0' || xloc.file[0] == '\xff'
                       ^~~~
make[5]: *** [Makefile:1085: ubsan.o] Error 1

https://www.viva64.com/en/b/0425/#ID0EMGCI

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-24 13:11:19 +02:00
Kevin Darbyshire-Bryant
4ed40be3e3 hostapd: add support for acs_chan_bias option
During auto channel selection we may wish to prefer certain channels
over others.

e.g. we can just squeeze 4 channels into europe so '1:0.8 5:0.8 9:0.8
13:0.8' does that.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-24 13:11:19 +02:00
Stefan Tomanek
de6ff15129 busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'
This is a backport from the busybox repository
(192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the
suppress_{prefixlength,ifgroup} flags for policy routing rules.

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
2017-06-24 13:11:19 +02:00
Hans Dedecker
a1c1f6ea7b procd: update to latest version
e5e99c4 watchdog: add support for starting/stopping kernel watchdog

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-23 22:48:04 +02:00
Rafał Miłecki
f5f1d40b5e kernel: backport MTD patch extracing TRX code to separated parser
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-23 11:54:20 +02:00
Rafał Miłecki
4d5f296af8 kernel: backport upstream mtd support for partition parsers
In a log term it should replace our implementation. For now both can
coexist.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-23 11:40:05 +02:00
Rafał Miłecki
8c1e760ab6 kernel: backport upstream mtdpart.c cleanups
Except for renames and line changes the only conflict was in
allocate_partition in handling MTD_WRITEABLE. Hopefully it was handled
correctly.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-23 11:40:05 +02:00
Rafał Miłecki
4052443a23 kernel: don't switch allocate_partition to use mtd_roundup_to_eb
This mtd_roundup_to_eb helper was introduced years ago in the commit
daec7ad768 ("kernel/3.10: add separate rootfs partition parser") and
it was probably supposed to simplify code a bit.

With the recent upstream commit 1eeef2d7483a7 ("mtd: handle partitioning
on devices with 0 erasesize") the logic in allocate_partition got
slightly more complex and we can't use this simple helper anymore as it
doesn't support MTD_NO_ERASE properly.

There also isn't any real gain from this helper, so it's probably easier
to just don't use it *or* work on upstreaming it to avoid maintenance
cost.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-23 10:09:57 +02:00
Rafał Miłecki
b91a38d647 base-files: fix PKG_CONFIG_DEPENDS to include version.mk entries
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-22 10:05:23 +02:00
Grégoire Delattre
680a5c5d3e dnsmasq: add dhcp-range tags configuration
dnsmasq can match tags in its dhcp-range configuration, this commit adds
the option to configure it in the dhcp section

uci configuration:
config dhcp 'lan'
        option interface 'lan'
        list tag 'blue'
        list tag '!red'
        option start '10'
        option limit '150'
        option leasetime '12h'

generated dnsmasq configuration:
dhcp-range=tag:blue,tag:!red,set:lan,192.168.1.10,192.168.1.159,255.255.255.0,12h

Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
2017-06-20 22:33:41 +02:00
Daniel Golle
e3d09e7898 procd: update to latest git HEAD
453116e system: introduce new attribute board_name
e5b963a preinit: define _GNU_SOURCE
e5ff8ca upgraded: cmake: Find and include uloop.h
f367ec6 hotplug: fix a memory leak in handle_button_complete()
796ba3b service/service_stopped(): fix a use-after-free
79bbe6d system: return legacy board name

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-19 22:12:51 +02:00
Hauke Mehrtens
3ce60ba0a1 build: Fix not altering KERNELRELEASE for external kernel
When an external kernel tree is used the version should not get
modified by the LEDE build scripts. This was added by Florian some time
ago.
The commit 0aed054bec ("build: add KERNEL_MAKE and
KERNEL_MAKE_FLAGS variables and move to kernel.mk") breaks this feature
introduced in b6746a6ffb ("include: Do not alter KERNELRELEASE for
external/git kernels").

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-06-19 20:39:33 +02:00
Alexander Couzens
b5aaafe9a3
mtd-utils/mkfs.jffs2: honor env SOURCE_DATE_EPOCH
Use the timestamp from the enviroment SOURCE_DATE_EPOCH
if set instead of the build time.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-19 14:35:07 +02:00
Alexander Couzens
c47a1a3527 firmware-utils: honor env SOURCE_DATE_EPOCH
Use the timestamp from the enviroment SOURCE_DATE_EPOCH
if set instead of the build time.
Fixes reproducible builds for certain firmware images.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-19 14:34:52 +02:00
Yousong Zhou
77dc6a2ae7 libunwind: update to version 1.2.1
Changes since 1.2

    a77b0cd Bump version to v1.2.1
    5f354cb mips/tilegx: Add missing unwind_i.h header file
    620d1c3 Add aarch64 getcontext functionality.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-06-19 14:43:09 +08:00
Hans Dedecker
c885482080 netifd: update to the latest version
ef5f7a0 ubus: remove superfluous error check in netifd_add_dynamic
5a68693 iprule: coding style line up
90e2e2c iprule: Add option to suppress unspecific routing lookups

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-18 22:22:03 +02:00
Yousong Zhou
80d9ec5d3d scripts/package-metadata.pl: parse and validate field Require-User
The script will now detect uid/gid collision and can generate a table of
current allocation

    ./scripts/package-metadata.pl usergroup tmp/.packageinfo \
	| sort -k 1,1r -k 3,3n \
	| column -t

This should ensure that no collision will happen for each single build

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-06-18 10:39:35 +08:00
Yousong Zhou
f334a0cdb8 base-files: allocate uid/gid starting from 65536
There already exist static assignment of uid/gid 65533 in packages feed
and we have nobody/nogroup taking 65534 as their ids.  Let's change the
pid of dynamic assignment to start from 65536 so that the two assignment
scheme will not collide with each other

While at it, fix the scan command checking existence of uid/gid

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-06-18 10:39:35 +08:00
Mathias Kresin
3ccca56eb0 ramips: remove optional ucidef_set_led_rssi parameters
The same values are set if the parameters are not specified.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-17 15:38:20 +02:00
Mathias Kresin
4cdbf4014b base-files: make ucidef_set_led_rssi offset and factor optional
The offset and factor are only related for LEDs which can have
different brightness values. But binary LEDs are more common and don't
require any further configuation than setting the factor to 1.

Use offset = 0 and factor = 1 in case nothing else is specified.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-17 15:38:19 +02:00
Pavlo Samko
82f9486142 ramips: add support for TRENDnet TEW-638APB V2
This patch add support for the TRENDnet TEW-638APB V2.

Specification:
- SoC: Ralink SoC RT3052F
- Flash: 4MB
- RAM: 32MB
- Ethernet: 1x LAN (100 Mbps)
- Wireless: 2.4GHz b/g/n, 2x external antenna
- Buttons: 1x Reset, 1x WPS
- LEDs: Power (green), Ethernet (green), WPS (green and orange),
  Wireless (green)
- UART: 1x UART on PCB (3.3V, GND, RX, TX) - 57600 8N1

Installation

via vendor firmware:
- upload sysupgrade.bin image

via TFTP:
- stop uboot into tftp-load into option "2"
- upload sysupgrade.bin image

Signed-off-by: Pavlo Samko <bulldozerbsg@gmail.com>
2017-06-17 15:38:19 +02:00
Mathias Kresin
259fc1e778 lantiq: show xdsl line init status on shared dsl/internet led
On boards which don't have a distinct internet and dsl led, use the
shared LED to indicate the xdsl line state and any traffic that is
send/received via the netdev. This traffic doesn't necessarily need to
be internet traffic.

Rename the shared LED of existing configs to "dsl", to match the new
defaults. The configuration of the to be renamed LED is identical with
the new defaults.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-17 15:38:18 +02:00
Martin Schiller
03776d813c lantiq: restore netdev trigger of dsl led on line up
Allows to use a single LED for line init status indication and to show
any rx/tx activity on a synchronized dsl line.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-17 15:34:16 +02:00
Alexander Couzens
e5fc15bf9a build: move definition of KBUILD_BUILD_TIMESTAMP to include/kernel.mk
Fixes: 0aed054bec (build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS
variables and move to kernel.mk)

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-17 15:09:57 +02:00
Felix Fietkau
77a64e8bff mt76: update to the latest version, fixes rate control issues
Should improve performance considerably in many cases

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-17 12:17:33 +02:00
Felix Fietkau
98634205fd libubox: update to the latest version, fixes a runqueue use-after-free bug
7237302 md5: add "const" qualifier to the "file" argument
fa9937c json_script: enable custom expr handler callback
368fd26 uloop: allow specifying a timeout for uloop_run()
6a7fb7d runqueue: fix use-after-free bug
4bc3dec uloop: fix a regression in timeout handling
fd57eea uloop: allow passing 0 as timeout to uloop_run

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-17 11:51:41 +02:00
Felix Fietkau
45572fe831 mac80211: refresh patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-17 11:51:41 +02:00
Pavel Kubelun
189239ade3 ipq806x: qca99xx: fix wifi calibration
As of now OTP is being correctly parsed and the driver requires to parse pre-caldata to follow corresponding routine.

Rename cal file into pre-calfile so the board initialized correctly with API 2 board data (board-2.bin).

Also remove the now unneeded for qca9984 board.bin symlink to 5GHz calfile.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
2017-06-17 11:51:41 +02:00
Pavel Kubelun
025cb640cd ath10k: increase bmi timeout to fix OTP on qca99xx boards and add bmi identification through pre-cal file
Backporting upstream patches.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh, rename patches]
2017-06-17 11:51:41 +02:00
Daniel Golle
d80d1b6c42 imagebuilder: don't rewrite package list output
No longer rewrite opkg list output in package_list function, remove
the awk call in the pipe (which was intended for a single specific
use-case).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-17 01:24:43 +02:00
Daniel Golle
1b555e1d2b imagebuilder: clean package_list
commit 19ac879954 (imagebuilder: add package_list function) introduced
a new function 'package_list' to the imagebuilder Makefile.
Unfortunately the package list was poluted by stdout noise of the
Makefile itself as well as opkg. Redirect those outputs to stderr to
make sure that the package_list returned doesn't contain progress
info output but really only packages.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-17 00:54:46 +02:00
Felix Fietkau
76b62e6022 build: remove old kernel-headers build directories
Saves space after updating kernel versions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-16 15:16:52 +02:00
Kevin Darbyshire-Bryant
8f4085e2fd dropbear: fix service trigger syntax error
The classic single '&' when double '&&' conditional was meant.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-16 12:05:25 +02:00
Paul Spooren
19ac879954 imagebuilder: add package_list function
The imagebuilder can now list all available packages by using make
package_list. This is usefull for scripts to retrieve a list of all
packages with versions (and size)

Signed-off-by: Paul Spooren <paul@spooren.de>
[daniel@makrotopia.org: fixed commit message]
2017-06-15 00:36:08 +02:00