Commit graph

39756 commits

Author SHA1 Message Date
Jason A. Donenfeld
699c6fcc31 wireguard: add wireguard to base packages
Move wireguard from openwrt/packages to base a package.

This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving
experimental kernel module that many find essential and useful. The
other is a VPN client. Both are inside of core. When you combine the two
characteristics, you get WireGuard. Generally speaking, because of the
extremely lightweight nature and "stateless" configuration of WireGuard,
many view it as a core and essential utility, initiated at boot time
and immediately configured by netifd, much like the use of things like
GRE tunnels.

WireGuard has a backwards and forwards compatible Netlink API, which
means the userspace tools should work with both newer and older kernels
as things change. There should be no versioning requirements, therefore,
between kernel bumps and userspace package bumps.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
2017-10-16 14:01:21 +03:00
Felix Fietkau
fe3c3aed44 ramips: fix typo in MT7621 NAND driver
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-16 12:15:17 +02:00
Felix Fietkau
bbda81ce30 hostapd: merge fixes for WPA packet number reuse with replayed messages and key reinstallation
Fixes:
- CERT case ID: VU#228519
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088

For more information see:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-16 12:01:57 +02:00
Hauke Mehrtens
0d5c1d7f23 malta: activate some more standard kernel features
These options where deactivated in the malta kernel, take the default
options form the generic kernel configuration now to better match the
other targets.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-15 14:54:29 +02:00
Hauke Mehrtens
19f0c7d11c malta: upgrade to kernel 4.9
This brings the MIPS malta target to kernel 4.9.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-15 14:22:01 +02:00
Hauke Mehrtens
8fa9b2ce89 malta: add 64 bit qemu commands to README
This shows how to boot up the 64 bit images.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-15 14:19:49 +02:00
Hauke Mehrtens
f40fd43ab2 ppp: fix compile warning
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-15 14:19:49 +02:00
Martin Schiller
2dc9c8206b lantiq: xrx200: rename nas0/ptm0 to dsl0
This change makes it possible to configure the wan/dsl ppp interface
settings independantly from the used TC-Layer (ATM/PTM).

Now you can move a device from an ADSL/ATM port to an VDSL/PTM port
without any configuration changes for example.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[use the dsl0 interface name for the default netdev trigger in 01_led,
add ip dependency]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-15 11:11:29 +02:00
Hauke Mehrtens
08bbb804c8 mac80211: ath6kl: add missing usb-core dependency to kmod-ath6kl-usb
This fixes a build problem with many targets.

Fixes 618ed77a17 ("mac80211: add ath6kl kernel modules")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-15 10:53:46 +02:00
Hauke Mehrtens
aba071d818 binutils: add version 2.29.1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-15 00:24:22 +02:00
Christian Lamparter
81e28be824 kernel: kmod-macsec module for 4.9
MACsec/IEEE 802.1AE is useful to secure communication to and
from endpoints at Layer 2.

Starting with 4.6, the linux kernel provides a universal
macsec driver for authentication and encryption of traffic
in a LAN, typically with GCM-AES-128, and optional replay
protection.

http://standards.ieee.org/getieee802/download/802.1AE-2006.pdf

Note:
LEDE can utilize MACsec with a static connectivity association
key (static PSK) with the ip-full package installed.
<http://man7.org/linux/man-pages/man8/ip-macsec.8.html>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-10-15 00:24:22 +02:00
Daniel Engberg
e4b6900fd6 libs/libnl: Update to 3.3.0
Update libnl to 3.3.0
Import patches to fix compilation
Source: https://git.busybox.net/buildroot/tree/package/libnl
Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287
Use more automatic toolchain logic

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-10-15 00:24:22 +02:00
Florian Eckert
2e6d4c362b package/kernel/leds-apu2: add apu3 board detection
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-10-15 00:24:22 +02:00
Florian Eckert
2af41487e0 package/kernel/leds-apu2: fix whitespaces
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-10-15 00:24:22 +02:00
Daniel Engberg
a7e4aec3d9 toolchain/glibc: Update to 2.26
Update glibc to 2.26

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-10-15 00:24:22 +02:00
Ryan Mounce
1cd3e9c07c mvebu: clean up ClearFog Base package selection
It is unclear why so many packages are selected for ClearFog Base compared
to its big brother, and there is no reason to not append metadata for Base.

Tidy this up as the only hardware difference between Base/Pro is the
presence of a switch and a different board name / device tree.

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2017-10-15 00:24:22 +02:00
Ryan Mounce
99cf825b06 mvebu: Fix ClearFog sysupgrade board definitions
Remove redundancy for platform_do_upgrade_clearfog
Fix platform_copy_config_clearfog to reflect -base/-pro split

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2017-10-15 00:24:22 +02:00
Ryan Mounce
233633873b mvebu: Sort 02_network alphabetically
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2017-10-15 00:24:22 +02:00
Yunhui Fu
0f061af98e wpan-tools: add the wpan-ping to test the 6LoWPAN network
This patch adds the help tool wpan-ping to test the 6LoWPAN
network to help the user debug network problem.

Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
2017-10-15 00:24:22 +02:00
Ryan Mounce
d67979b9d6 toolchain/gcc: update 5.x to 5.5.0
This is the final bugfix release in the gcc-5 series.

Compile and run tested on macOS 10.13 (Xcode 9), mvebu/ar71xx.

Removed redundant patch for macOS (backported upstream by yours truly)

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2017-10-15 00:24:22 +02:00
Ben Whitten
f81b353c9f at91: add support for the WB50N module from Laird
This module from Laird includes the following:
  - CPU Atmel SoC SAMA5D31
  - Wifi QCA6004
  - Bluetooth CSR8811
  - RAM 64MB LPDDR
  - FLASH 128MB

The flash is a dual image layout, kernel a/b, rootfs a/b, and a user
partition.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-15 00:24:21 +02:00
Ben Whitten
86d037e4a2 at91: add support for the WB45N module from Laird
This module from Laird includes the following:
  - CPU Atmel SoC ARM926EJS
  - Wifi AR6003
  - Bluetooth CSR8510
  - RAM 64MB LPDDR
  - FLASH 128MB

The flash is a dual image layout, kernel a/b, rootfs a/b, and a user
partition.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-15 00:24:21 +02:00
Ben Whitten
618ed77a17 mac80211: add ath6kl kernel modules
Allow board to include the ath6kl kernel modules.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-15 00:24:21 +02:00
Ben Whitten
76662637fa linux-firmware: add ath6k firmware to package
Systems which include the ath6k chipset need to have the firmware included
in the image.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-15 00:24:21 +02:00
Ben Whitten
a7c8112a0f at91: separate MKUBIFS opts to defaults in the sub target
Instead of applying global defaults based on selected board, transition
to using a per board setting for UBIFS and UBINIZE.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-15 00:24:21 +02:00
Ben Whitten
3b6f9978d3 at91: refresh kernel config, enable UBI block and DMA
The platform generates squashfs images in a UBI block but misses the
kernel module to be able to mount the block.
DMA is also enabled to allow systems which include them in the DTS to
use it.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-15 00:24:21 +02:00
Lucian Cristian
b4fefe7b6e sunxi: backport support for Allwinner Security System PRNG
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-10-15 00:24:21 +02:00
Hans Dedecker
1cec4d4ef0 busybox: provide "ip"
Let busybox provide "ip" as it supports the ip applets link, address,
route, rule and neighbor

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-14 20:23:55 +02:00
Robert Marko
443abb8ccd ar71xx: add support for Mikrotik RB750P-PBr2
Specifications:
- SoC: Qualcomm QCA9531 (650MHz)
- RAM: 64MB
- Storage: 16MB NOR SPI flash
- Ethernet: 5x100M (1 PoE in, 4 PoE out)
- Outdoor use ready

This ethernet router is based on the same platform as the hEX PoE lite.

Installation

1. login to the Mikrotik WebUI to backup your licence keys
2. setup a DHCP/BOOTP Server with:
     * DHCP-Option 66 (TFTP server name) pointing to a local TFTP
       Server within the same subnet of the DHCP range
     * DHCP-Option 67 (Bootfile-Name) matching the initramfs filename
       of the to be booted image
3. connect the port labled internet to your local network
4. keep the reset button pushed down and power on the board

The board should load and start the initramfs image from the TFTP
Server. Login as root/without password to the started LEDE via ssh
listing on IPv4 address 192.168.1.1. Use sysupgrade to install LEDE.

Revert to RouterOS

Use the "rbcfg" package on in LEDE:
  * rbcfg set boot_protocol bootp
  * rbcfg set boot_device ethnand
  * rbcfg apply

Open Netinstall and reboot routerboard. Now netinstall sees routerboard
and you can install RouterOS. If NetInstall gets stuck on Sending offer
just wait for it to timeout and then close and open Netinstall again.

Click on install again.

In order for RouterOS to function properly, you need to restore license
for the device. You can do that by including license in NetInstall

Signed-off-by: Robert Marko <robimarko@gmail.com>
2017-10-14 10:48:29 +02:00
Daniel Kucera
6f008af3f0 ramips: add support for Kimax U25AWF-H1
Kimax U-25AWF-H1 is is a 2,5" HDD Enclosure with Wi-Fi/Eth conection
and battery, based on MediaTek MT7620A.

Patch rewritten from: https://forum.openwrt.org/viewtopic.php?pid=305643

Specification:

- MT7620A CPU
- 64 MB of RAM
- 16 MB of FLASH
- 802.11bgn WiFi
- 1x 10/100 Mbps Ethernet
- USB 2.0 Host
- UART for serial console

Flash instruction:
1. Download lede-ramips-mt7620-u25awf-h1-squashfs-sysupgrade.bin
2. Open webinterface a upgrade
3. After boot connect via ethernet to ip 192.168.1.1

Signed-off-by: Daniel Kucera <daniel.kucera@gmail.com>
[fix reset button gpio, don't add a lan/wan vlan config for single
port board, add -H1 suffix do make sure that this revision of the
board is supported/tested]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-14 10:48:29 +02:00
Chris Blake
f2b7d9dc1c mpc85xx: Add Aerohive HiveAP-330 Access Point
The following adds the Aerohive HiveAP-330 Access Point to LEDE under
the mpc85xx/p1020 subtarget.

Hardware:
- SoC: Freescale P1020NSE2DFB
- NAND: Intel JS28F512M29EWH 64MB
- Memory: 2x ProMOS V59C1G01168QBJ3 128MB (Total of 256MB)
- 2.4GHz WiFi: Atheros AR9390-AL1A
- 5.0GHz WiFi: Atheros AR9390-AL1A
- Eth1: Atheros AR8035-A PoE
- Eth2: Atheros AR8035-A
- TPM: Atmel AT97SC3204
- LED Driver: TI LP5521

Flashing:
1. Hook into UART (9600 baud) and enter U-Boot. You may need to enter a
password of administrator or AhNf?d@ta06 if prompted.
2. Once in U-Boot, tftp boot the initramfs image:
    dhcp;
    tftpboot 0x1000000 192.168.1.101:lede-
mpc85xx-p1020-hiveap-330-initramfs.zImage;
    tftpboot 0x6000000 192.168.1.101:lede-mpc85xx-p1020-hiveap-330.fdt;
    bootm 0x1000000 - 0x6000000;
3. Once booted, scp over the sysupgrade file and sysupgrade the device
to flash LEDE to the NAND.
    sysupgrade /tmp/lede-mpc85xx-p1020-hiveap-330-sysupgrade.img

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2017-10-14 01:23:47 +02:00
Chris Blake
8cd6686ef8 mpc85xx: Add cmdline override patch
This patch adds a new kernel option called CONFIG_CMDLINE_OVERRIDE. This
setting is for devices with locked down u-boot environments, where users
are unable to change the default bootargs. When set, the fdt driver will
propagate the cmdline for the kernel from chosen/bootargs-override
instead of chosen/bootargs as long as it exists within the DTB.

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2017-10-14 01:21:52 +02:00
Chris Blake
a92f73e922 mpc85xx: Enable initramfs for p1020 subtarget
The following patch enables building of initramfs images by default for
the P1020 subtarget in mpc85xx.

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2017-10-14 01:19:35 +02:00
Sandeep Sheriker Mallikarjun
1b368f1641 at91: Add ext4 filesystem
Add ext4 filesystem for creating sdcard image with ext4 rootfs and
removing ext2 as it superset of ext4.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-10-14 00:33:34 +02:00
Sandeep Sheriker Mallikarjun
43a0b72c3c at91: Enable SDHCI for sama5 in default config
Enabled SDHCI for sama5 in kernel default config and this is needed
to mount sdcard rootfs partition during boot.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-10-14 00:33:34 +02:00
Sandeep Sheriker Mallikarjun
0a919afae4 at91bootstrap: remove manual copy of binaries to BIN_DIR
removed copying of binaries to BIN_DIR during install and using
default/install to install binaries to BIN_DIR folder.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-10-14 00:33:34 +02:00
Sandeep Sheriker Mallikarjun
cc443e894a at91bootstrap: Add BUILD_SUBTARGET variable
Added sama5 to BUILD_SUBTARGET variable.This will populate at91bootstrap
menu options in bootloader menu only when SAMA5 devices are selected as
SUBTARGET and to avoid showing up this menu when legacy device is
selected as SUBTARGET and fixed typo mistake: sama5d3 -> sama5d2.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-10-14 00:33:34 +02:00
Hauke Mehrtens
c4f720b19a at91: refresh kernel configuration
This was done by running "make kernel_oldconfig" and
"make kernel_oldconfig CONFIG_TARGET=subtarget"

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-14 00:32:39 +02:00
Hauke Mehrtens
b4c3570666 uboot-at91: multiple build fixes
This fixes the following problems:
 * Add BUILD_DEVICES for legacy subtarget
 * Use features from u-boot.mk for sama5 subtarget This is mainly done
   by changing the prefix from uboot to U-Boot. This makes them depend
   on the sama5 subtarget and not selectable for the legacy subtarget
   any more

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-14 00:13:35 +02:00
Kevin Darbyshire-Bryant
f251a795f2 kernel: bump 4.4 to 4.4.92
No patch refresh changes required.

Compile tested for: ar71xx Archer C7 v2
Run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-14 00:13:35 +02:00
Hans Dedecker
db18cee2d7 iproute2: bump to 4.13
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-13 21:48:44 +02:00
Felix Fietkau
5bd006aa26 mac80211: fix tx power regression
Revert an accidental change that was introduced by having an old version
of the patch in my git tree, which was merged in 609208597b

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-13 20:28:47 +02:00
Christian Lamparter
7ffb707576 dnsmasq: add listen_address parameter
This patch adds a parser for the uci representation of
dnsmasq's "-a | --listen-address" option.

In summary, this option forces dnsmasq to listen on the
given IP address(es). Both interface and listen-address
options may be given, in which case the set of both
interfaces and addresses is used.

Note that if no interface option is given, but listen_address is,
dnsmasq will not automatically listen on the loopback interface.
To achieve this, the loopback IP addresses, 127.0.0.1 and/or ::1
must be explicitly added.

This option is useful for ujailed dnsmasq instances, that would
otherwise fail to work properly, because listening to the
"This host on this network" address (aka 0.0.0.0 see rfc1700 page 4)
may not be allowed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
2017-10-13 16:54:58 +02:00
Rafał Miłecki
2cd32a3304 kernel: add fix for bgmac with B50212E B1 PHY
This PHY requires some extra programming to work reliably with all
devices. Backport upstream fix for it.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-10-13 13:54:22 +02:00
Felix Fietkau
878456caf6 mt76: update to the latest version
e781569 update to latest mac80211/cfg80211 API changes
37654d7 mt76x2: fix tx status ampdu length corner case

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-13 11:45:57 +02:00
Felix Fietkau
609208597b mac80211: update to wireless-testing 2017-10-06
Rework the code to get rid of some extra kernel module dependencies
introduced in the last update.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-13 11:45:57 +02:00
Hauke Mehrtens
efbd4e721d ath10k-ct: activate user space firmware loading again
This backports a patch from kernel 4.14 to the ath10k-ct version based
on kernel 4.13.
Some devices are using a user space script to load the calibration data
from the flash and this was not trigged any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-12 23:40:27 +02:00
Ben Greear
3888e77c1c ath10k-ct driver: use dma_alloc_coherent, 4.13 based driver
This should help ath10k work on systems with little or no IOMMU
memory.  apu2 can boot two 9888 NICs now, for instance.  From
upstream patch by Adrian Chadd.

And, start building the 4.13 based CT ath10k driver.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-10-12 23:40:27 +02:00
Ben Greear
d8c559d614 ath10k-ct firmware: Tx-hang and EAPOL handling fixes for wave-2 firmware.
Changes since last LEDE release include:

  *  Fix key-setting bug that broke sending the EAPOL 2/4 in some cases.  This was a
     bug I introduced some time back while trying to fix .11r and simplify the key
     handling logic.  (Patch to wpa_supplicant fixed the race with sending the 4/4
     and setting the key...un-patched supplicant will still have this race and the 4-way
     auth will not work as reliably.)

  *  Increase amount of active-tids that can be scheduled.  This fixes a tx-stall
     seen with many station vdevs.

  *  Fix bug in upstream code that would cause the maximum peer to never be scheduled
     for tx.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-10-12 23:40:27 +02:00
Yangbo Lu
67c0c5978d layerscape: only support 64-bit for ls1088ardb/ls2088ardb
This is no requirement and plan to support 32-bit for ls1088ardb
and ls2088ardb. Current 32-bit firmware for them couldn't work,
so only keep 64-bit support for these two boards in menuconfig.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-10-12 23:40:27 +02:00