Commit graph

41263 commits

Author SHA1 Message Date
Daniel Golle
c67a9bed20 wolfssl: fix options and add support for wpa_supplicant features
Some options' default values have been changed upstream, others were
accidentally inverted (CONFIG_WOLFSSL_HAS_DES3). Also add options
needed to build hostapd/wpa_supplicant against wolfssl.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-02 09:18:26 +02:00
Rosen Penev
20e5fefb0c sysctl: Protect hard/symlinks by default.
There is no usecase for not protecting symlinks that I know of in OpenWrt.
Not even on desktop systems where you have multiple users with a shell.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-01 11:19:03 +02:00
John Crispin
52ba5760b7 ustream-ssl: update to latest git HEAD
527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode.
39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL.
45ac930 remove polarssl support

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-01 11:12:15 +02:00
John Crispin
90e65763a4 iptables: fix per object LDFLAGS for aggragate object builds
Without this patch the extra LDFLAGS of objects were selected based on the
name of the extension being built, which breaks for aggregate so builds.

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-01 11:12:15 +02:00
Rosen Penev
1ce846580a download.pl: Change OpenWrt mirrors to HTTPS.
These have supported HTTPS for quite a while. I have not seen any obvious breakage.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-01 11:12:15 +02:00
Rosen Penev
9ea90209f9 download.pl: Change SourceForge address to HTTPS.
SourceForge has supported HTTPS for its downloads for a long time now.

I have not been able to see any failures resulting from this change.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-01 11:12:15 +02:00
Felix Fietkau
56ae9f9b0b mtd-utils: add back macOS compatibility code that was dropped during the update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-30 10:12:55 +02:00
Rosen Penev
45219c1c0f kernel: Restrict dmesg output to root.
In typical OpenWrt setups, there are no other users that have a shell spawned for them by default.

This can be overriden by the kernel.dmesg_output syssctl.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-04-30 09:01:33 +02:00
Hauke Mehrtens
3088c2a63d libnl: Disable debug support
This dereses the size of the libnl pakcage a little bit
old:
   857 bin/packages/mips_24kc/base/libnl_3.4.0-1_mips_24kc.ipk
 41195 bin/packages/mips_24kc/base/libnl-core_3.4.0-1_mips_24kc.ipk
  7818 bin/packages/mips_24kc/base/libnl-genl_3.4.0-1_mips_24kc.ipk
 24322 bin/packages/mips_24kc/base/libnl-nf_3.4.0-1_mips_24kc.ipk
136075 bin/packages/mips_24kc/base/libnl-route_3.4.0-1_mips_24kc.ipk

new:
   852 bin/packages/mips_24kc/base/libnl_3.4.0-1_mips_24kc.ipk
 35020 bin/packages/mips_24kc/base/libnl-core_3.4.0-1_mips_24kc.ipk
  7615 bin/packages/mips_24kc/base/libnl-genl_3.4.0-1_mips_24kc.ipk
 24114 bin/packages/mips_24kc/base/libnl-nf_3.4.0-1_mips_24kc.ipk
131134 bin/packages/mips_24kc/base/libnl-route_3.4.0-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-30 09:01:28 +02:00
Sandeep Sheriker Mallikarjun
2391d6a29e at91: sama5: remove neon and VFPv4 support
sama5d2 & samad4 have neon feature and sama5d3 does not have neon
feature due to which sama5d3 boot fails with error message Kernel
panic - not syncing: Attempted to kill init! exitcode=0x00000004.
removing neon & VFPv4 support to fix this

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-04-30 09:01:12 +02:00
Sandeep Sheriker Mallikarjun
80fe9bd71c at91: fix build error for wb50n.
when external kernel is selected from menuconfig, device wb50n is not
avaliable and build fails. As a fix adding checks for external kernel.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-04-30 09:01:12 +02:00
Rosen Penev
c0574d08da libusb: Update to 1.0.22
Switched download from SourceForge to GitHub. It seems the author migrated to that.

Also fixed the website URL as the SourceForge link is dead.

Compile tested on ar71xx and mvebu. Small size decrease on ar71xx: 30444 vs. 30099 bytes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-04-30 09:01:12 +02:00
Simon Paterson
264feab1e7 ar71xx: Add userspace support for Mikrotik rb-2011iLS
Kernel support already present.
Patch adds userspace for the 'iLS' suffix model of the RB2011 family.
Enables correct initial switch settings, sysupgrade, etc.

https://mikrotik.com/product/RB2011iLS-IN

Signed-off-by: Simon Paterson <simon.paterson.nz@gmail.com>
2018-04-30 09:01:12 +02:00
Koen Vandeputte
3435dbdc1c kernel: bump 4.14 to 4.14.37
Refreshed all patches

Compile-tested on: cns3xxx, imx6, octeon, ramips/mt7621, x86/64
Runtime-tested on: cns3xxx, imx6, octeon, ramips/mt7621, x86/64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Segers <foss@volatilesystems.org>
[add extra tested targets to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-04-30 09:07:53 +03:00
Hans Dedecker
7ff31bed98 odhcp6c: update to latest git HEAD
5316d7f ra: always trigger update in case of RA parameter change
327f73d dhcpv6: fix strncpy bounds

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-29 23:12:31 +02:00
Daniel Engberg
097f3aadec toolchain/binutils: Use xz tarballs where possible
Switch to xz for 2.29.1 and 2.30
These tarballs are about 10Mbyte smaller than bz2.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-04-29 18:58:20 +02:00
Johann Neuhauser
0370293cf3 glibc: switch from git to https
This is needed for working behind a http proxy.

Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.de>
2018-04-29 10:30:59 +02:00
Hauke Mehrtens
9bfca30826 uboot-mvebu: Fix build with libressl 2.7.2
When libressl was linked the libpthread was missing, add it in addition.

Fixes: 2c192b6916 ("tools/libressl: update to version 2.7.2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-29 10:13:14 +02:00
Hauke Mehrtens
c21a4c7246 uboot-mxs: Fix build with libressl 2.7.2
When libressl was linked the libpthread was missing, add it in addition.
Also make the mxsimage tool to use the OpenSSL 1.1 API for the recent
libressl version.

Fixes: 2c192b6916 ("tools/libressl: update to version 2.7.2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-29 00:57:36 +02:00
Hauke Mehrtens
5ca159ab3b uboot-zynq: Fix build with libressl 2.7.2
When libressl was linked the libpthread was missing, add it in addition.

Fixes: 2c192b6916 ("tools/libressl: update to version 2.7.2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-29 00:57:35 +02:00
Hauke Mehrtens
60427a940f tools/make-ext4fs: Fix build on MacOSX
MacOSX does not support "-Wl,-Bstatic" so do not force the static
linking.
We only copy the static libz library into the staging libraries
directories, the linker will anyway only find the static version and
link against that on all systems.

Fixes: 8dcd941d8b ("tools/zlib: move zlib build to tools")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-29 00:57:07 +02:00
Hauke Mehrtens
2c192b6916 tools/libressl: update to version 2.7.2
Libressl version 2.7.0 and later implement more of the OpenSSL 1.1 API
and this needs some modifications of the code using it.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-28 15:29:28 +02:00
Hauke Mehrtens
3e93df0707 mtd-utils: activate --gc-sections
This reduces the size of the binary a bit:

old:
 37556 bin/targets/lantiq/xrx200/packages/nand-utils_2.0.1-1_mips_24kc.ipk
 81697 bin/targets/lantiq/xrx200/packages/ubi-utils_2.0.1-1_mips_24kc.ipk

new:
 27450 bin/targets/lantiq/xrx200/packages/nand-utils_2.0.1-1_mips_24kc.ipk
 71796 bin/targets/lantiq/xrx200/packages/ubi-utils_2.0.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:29:22 +02:00
Syrone Wong
f37f63f38c mtd-utils: update to 2.0.2
010-fix-rpmatch.patch is upstream, removed from our patchset
The file structure is changed, modify patch accordingly
use CONFIGURE_ARGS to disable tests, xattr and lzo

Compile and run tested on mvebu and x86_64

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:29:17 +02:00
Hauke Mehrtens
c7cd166479 tools/mtd-utils: update to version 2.0.2
This version now uses autotools to configure the build system. They are
also using the newly added zlib package.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:29:13 +02:00
Hauke Mehrtens
bf167f8a9a tools/mtd-utils: Mark some lzma functions as static
These functions are not declared in any header file and only used in
same compile unit, mark them as static to remove one gcc warning and
make it easier for the compiler to optimize them out.

This also fixes some style problems to make this patch match the version
in the packages folder.

This is copied from this commit to the mtd-utils we pack into the image:
56d0dd56e9 ("mtd-utils: Mark some lzma functions as static")

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:29:08 +02:00
Hauke Mehrtens
8dcd941d8b tools/zlib: move zlib build to tools
This allows us to link the other tools against our libz and we do not
need the system zlib any more.

Only the static linked library is copied to the staging directory so we
have a statically linked library on all systems and not only on Linux.
This also adds the new dependencies of the packages which are depending
on zlib.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:28:59 +02:00
Hans Dedecker
afdca53ace netifd: update to latest git HEAD (Coverity fixes)
56ceced interface-ip: remove superfluous iface check in interface_ip_set_enabled()
4f4a8c0 system-linux: fix strncpy bounds

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-27 21:39:57 +02:00
Mathias Kresin
3877550114 arm64: enable harden branch predictor
Enable the harden branch predictor for arm64 as it is recommend.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-27 21:34:18 +02:00
Mathias Kresin
25f47c7bf9 kernel: add missing config symbols
The harden branch predictor was backported for arm64 with 4.9.92-96.

Fixes: 9aa196e0f2 ("kernel: bump 4.9 to bump 4.9.96")

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-27 21:34:00 +02:00
Felix Fietkau
6fa88be486 build: add support for git submodules with CONFIG_SRC_TREE_OVERRIDE
Also work around an issue where git would store the modified workdir in
the submodule git config files

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-27 15:19:19 +02:00
Felix Fietkau
41ab276fe4 scripts/feeds: add support for git feeds with submodules
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-27 15:19:19 +02:00
Felix Fietkau
67aec988c4 brcm47xx: remove linux 4.4 support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-27 15:19:19 +02:00
Felix Fietkau
771f1ca3ff brcm63xx: remove linux 4.4 support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-27 15:19:19 +02:00
Felix Fietkau
1de74df8b9 bcm53xx: drop linux 4.4 and 4.9 support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-27 15:19:19 +02:00
Christo Nedev
50b0919628 brcm2708: Add support for raspberry pi 3 b+.
Signed-off-by: Christo Nedev <christo.nedev@me.com>
2018-04-27 09:59:33 +02:00
Rosen Penev
7912677086 kernel: Fix data corruption on some mips devices.
This is mainly a bug fix for multi-core MIPS systems where L1 caches besides the primary do not get flushed.

The most obvious problem is data corruption on SATA and USB devices where read requests are typically larger than the cacheline size.

This may also fix ar71xx systems that suffer from similar data corruption but I have not tested if it does.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-04-27 09:59:33 +02:00
Kevin Darbyshire-Bryant
78f4305933 iftop: bump to latest
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Choose first running interface, rather than first "up" interface (Redhat #1403025)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-27 09:59:28 +02:00
Matthias Schiffer
d168c2cf81
ar71xx: Ubiquiti Airmax M: add relocate-kernel to invalidate cache
Some Ubiquiti U-boot versions, in particular the "U-Boot 1.1.4.2-s956
(Jun 10 2015 - 10:54:50)" found with AirOS 5.6, do not correctly flush the
caches for the whole kernel address range after decompressing the kernel
image, leading to hard to debug boot failures, depending on kernel version
and configuration.

As a workaround, prepend the relocate-kernels loader, which will invalidate
the caches after moving the kernel to the correct load address.

Reported-by: Andreas Ziegler <dev@andreas-ziegler.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-26 20:40:07 +02:00
Jo-Philipp Wich
746c590882 scripts: bundle-libraries: fix build on OS X (FS#1493)
This allegedly fixes compilation of the library bundler preload library on
Apple OS X. The resulting executables have not been runtime tested due to a
lack of suitable test hardware.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-26 16:06:55 +02:00
Daniel Engberg
044e84fa8a toolchain/binutils: Remove old patches
Remove patches for arc-2016.09
Commit 8647f4f018
made these patches obsolete

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-04-26 13:20:31 +02:00
Hans Dedecker
ddb70e7298 toolchain/binutils: completely remove 2.28 support
Commit 15e9639159 removed support for
binutils version 2.28 but did not remove it as selectable item
from Binutils Version; let's remove this leftover as well.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-26 10:42:09 +02:00
Koen Vandeputte
6cd41b419c kernel: bump 4.14 to 4.14.36
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Fixes for CVEs:
CVE-2018-1108
CVE-2018-1092
CVE-2018-1094
CVE-2018-1095

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Segers <foss@volatilesystems.org>
2018-04-26 08:54:01 +02:00
Kevin Darbyshire-Bryant
9aa196e0f2 kernel: bump 4.9 to 4.9.96
Refresh patches, following required reworking:

ar71xx/patches-4.9/930-chipidea-pullup.patch
layerscape/patches-4.9/302-dts-support-layercape.patch
sunxi/patches-4.9/0052-stmmac-form-4-12.patch

Fixes for CVEs:
CVE-2018-1108
CVE-2018-1092

Tested on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Arjen de Korte <build+openwrt@de-korte.org>
2018-04-26 08:53:54 +02:00
Damir Samardzic
bdb0de1bbc uboot-envtools: add support for ESPRESSObin and MACCHIATObin
Added for convenience. These boards can be used as dev boards running
various operating systems from different media, and this simplifies work
with U-Boot environment.

Signed-off-by: Damir Samardzic <damir.samardzic@sartura.hr>
2018-04-25 20:37:28 +02:00
Damir Samardzic
6f4faf833d mvebu: cortexa72: enable Marvell 10G PHY by default
This one enables 10 GbE ports on MACCHIATObin.

Signed-off-by: Damir Samardzic <damir.samardzic@sartura.hr>
2018-04-25 20:37:22 +02:00
Mathias Kresin
91e11bec74 ramips: fix mt7628 eval board pinmux
There is no pinmux group "jtag" for mt7628 and the pinmux driver fails
to load due to the use of the not existing group.

Fixes: FS#1515

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-25 20:33:27 +02:00
Mathias Kresin
d089a5d773 ramips: create image for mt7628 evb board
The image for the EVB board got lost with the merge of the mt7628 and
mt7688 subtargets.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-23 22:07:22 +02:00
Alex Maclean
a31107a97a firmware-utils: tplink-safeloader: increase RE350 kernel size
4.14 increased kernel size, so grow the kernel partition by 128K to compensate.

Fixes FS#1479.

Signed-off-by: Alex Maclean <monkeh@monkeh.net>
2018-04-23 22:07:22 +02:00
Tobias Wolf
3d800f14a9 ramips: use patch-dtb for F5D8235 V1
The old DTB method (OWRTDTB) is not recognized by the boot process
anymore with 4.9/4.14.

This patch reuses KERNEL_DTB to get a valid DTB applied to the kernel
image.

Signed-off-by: Tobias Wolf <github-NTEO@vplace.de>
2018-04-23 22:07:22 +02:00