Commit graph

37419 commits

Author SHA1 Message Date
Stijn Tintel
301301da2b x86/64: enable AES-NI support in kernel
The kernel will detect if the host supports this, so we can just enable
it in the kernel config.

Tested on an APU2 with AES-NI support and a KVM VM on a Xeon E5520 host
without AES-NI support.

Throughput over an IPsec tunnel between these 2 hosts increased from
~63Mbps to ~140Mbps. Ciphers: AES_GCM_16_256/PRF_HMAC_SHA2_512/ECP_521.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-04 13:19:58 +01:00
Rafał Miłecki
2406b3488f brcm47xx: generic: include Ethernet drivers in standard image
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-04 12:49:03 +01:00
Rafał Miłecki
5f8e3386e0 brcm47xx: drop some personal profiles
WL500GPv1 profile included ath5k which made it usable only for people
who decided to replace default BCM4318 card with Atheros one. We can't
have profile for every possible configuration. If someone adjusts hw in
such a way he can always install a proper package.

WRTSL54GS profile got extra packages for a specific USB usage. Our
standard profile provides basic USB and we should stick to this. We
can't make everyone happy by including packages for all common USB use
cases and all common filesystems.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-04 12:24:01 +01:00
Rafał Miłecki
d091b2c381 brcm47xx: generic: drop standalone profiles duplicating device ones
We have identical profiles for these devices thanks to DEVICE_PACKAGES.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-04 12:16:09 +01:00
Rafał Miłecki
b138e690e5 brcm47xx: generic: specify DEVICE_PACKAGES for all devices
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-04 11:55:45 +01:00
Rafał Miłecki
11c41a0ea9 brcm47xx: fix bgmac package
With all recent patches & changes it needs more modules.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-04 11:55:39 +01:00
Jo-Philipp Wich
2a72a916ab build: add diffconfig target
Add a "diffconfig" build target which stores the output of
"scripts/diffconfig.sh" as "config.seed" in the image output directory and
invoke that target by default.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-04 11:03:53 +01:00
Jo-Philipp Wich
38a8cea063 powerpc: boot: fix build with parallel make
The powerpc boot wrapper Makefile is not parallel build safe, causing fixdep
to fail reading dependency files of the addnote, hack-coff and mktree
utilities when concurrently building different image targets.

A typical failure looks like:

      Building modules, stage 2.
      HOSTCC  arch/powerpc/boot/addnote
      HOSTCC  arch/powerpc/boot/hack-coff
      DTC     arch/powerpc/boot/taishan.dtb
      HOSTCC  arch/powerpc/boot/addnote
      HOSTCC  arch/powerpc/boot/hack-coff
      MODPOST 800 modules
    fixdep: error opening depfile: arch/powerpc/boot/.hack-coff.d: No such file or directory
    scripts/Makefile.host:91: recipe for target 'arch/powerpc/boot/hack-coff' failed
    make[5]: *** [arch/powerpc/boot/hack-coff] Error 2
    make[5]: *** Waiting for unfinished jobs....
    fixdep: error opening depfile: arch/powerpc/boot/.addnote.d: No such file or directory
    scripts/Makefile.host:91: recipe for target 'arch/powerpc/boot/addnote' failed
    make[5]: *** [arch/powerpc/boot/addnote] Error 2
    rm arch/powerpc/boot/taishan.dtb
    arch/powerpc/Makefile:263: recipe for target 'cuImage.taishan' failed
    make[4]: *** [cuImage.taishan] Error 2
    make[4]: *** Waiting for unfinished jobs....

Add a GNU make specific .NOTPARALLEL pseudo rule to enforce sequential building
of the addnote, hack-coff and mktree executables.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-04 10:49:40 +01:00
Rafał Miłecki
18152e71d8 brcm47xx: mips74k: specify DEVICE_PACKAGES for all devices
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-04 09:36:34 +01:00
Rafał Miłecki
1d74f78877 brcm47xx: legacy: specify DEVICE_PACKAGES for all devices
This allows more feature complete images. Of course it affect the size,
e.g. enabling b43 bumped rootfs from 1569618 to 2029122 for me.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-04 09:35:46 +01:00
Felix Fietkau
c296ba834d Revert "ath9k: Add airtime fairness scheduler"
This reverts commit 528f46d082.
After this commit, several users reported stability issues. Revert it
now so it doesn't cause issues for the upcoming release

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-04 01:13:58 +01:00
Arjen de Korte
10f91525bc dnsmasq: add DHCP Unique Identifier for DHCPv6
Add DHCPv6 matching by DHCP Unique Identifier (RFC-3315) in addition to
existing MAC-address (RFC-6939). The latter is not widely supported yet.

Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
2017-01-03 22:27:23 +01:00
Hans Dedecker
1175a5b153 odhcpd: bump to git HEAD version
091d8a9 dhcpv6-ia: fix static assignment check
11ce6b5 dhcpv6-ia: coding style fixes
561890e dhcpv6-ia: update valid_until only for non static DHCPv6 leases
0b45fce dhcpv4: coding style fixes
95b76c2 README: Add host leasetime uci parameter
541219e dhcpv6-ia: fix invalid IPv6/hostname entries in statefile
13937ab dhcpv6-ia: fix delete logic of an assignment in reconf_timer
60c3969 dhcpv6-ia : code style fixes
bf4ebc0 config: use free_lease to delete a lease
c24782a config: coding style fixes
0572d1a config: Create statefile dir
ec833f4 dhcpv6-ia: use free_dhcpv6_assignment where needed
1d55edb dhcpv6-ia: make free_dhcpv6_assignment static
f01e538 dhcpv4: make dhcpv4_msg_to_string static
700f5ab dhcpv4: fix DHCPv4 hostname handling
4c89614 Limit lifetime of non-static leases in case of release and
decline

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-03 22:25:13 +01:00
Hans Dedecker
34fa03ea16 odhcp6c: bump to git HEAD version
5d6fec3 Merge pull request #50 from sartura/libubox_md5_reuse
33a2ba1 odhcp6c: reuse md5 from libubox

Switch PKG_SOURCE_URL to git.lede-project.org/project/odhcp6c.git

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-03 22:25:13 +01:00
Stijn Tintel
388681fe53 hostapd: enable SHA256-based algorithms
Enable support for stronger SHA256-based algorithms in hostapd and
wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled.

We cannot unconditionally enable it, as it requires hostapd to be
compiled with 802.11w support, which is disabled in the -mini variants.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-01-03 20:53:49 +01:00
Stijn Tintel
30f14f6198 hostapd: add function to handle wpa_key_mgmt
Now that wpa_key_mgmt handling for hostapd and wpa_supplicant are
consistent, we can move parts of it to a dedicated function.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-01-03 20:53:48 +01:00
Stijn Tintel
bdcffb9bb6 wpa_supplicant: rework wpa_key_mgmt handling
Rework wpa_key_mgmt handling for wpa_supplicant to be consistent with
how it is done for hostapd.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-01-03 20:53:48 +01:00
Stijn Tintel
b13e103d71 ath5k: select 802.11w support
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-03 20:53:48 +01:00
Victor Shyba
e2f866d63a generic: mtd: add lock/unlock support for f25l32pa
This chip has write protection enabled on power-up, so this flag is
necessary to support write operations.

Signed-off-by: Victor Shyba <victor1984@riseup.net>
2017-01-03 20:09:41 +01:00
Victor Shyba
d6c831e0e5 generic: mtd: backport SPI_NOR_HAS_LOCK
This flag was added to 4.9 with upstream commit
76a4707de5e18dc32d9cb4e990686140c5664a15.

Signed-off-by: Victor Shyba <victor1984@riseup.net>
[refresh and adjust platform patches, fix commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-03 19:58:00 +01:00
Yutang Jiang
799d0dddf6 layerscape: add ls2088ardb device support
The QorIQ LS2088A processor is built on the Layerscape
architecture combining eight ARM A72 processor cores
with advanced, high-performance datapath acceleration
and network, peripheral interfaces required for
networking, telecom, wireless infrastructure, aerospace
applications and general-purpose embedded applications.

Features summary:
- Eight 64-bit ARM v8 Cortex-A72 CPUs
- Two 64-bit DDR4 SDRAM memory controller with ECC
- One 32-bit DDR3 SDRAM memory controller with ECC
- Data path acceleration architecture 2.0 (DPAA2)
- Ethernet interfaces
- IFC, 4 PCIe, 2 SATA, 2 USB, 1 SDXC, 2 DUARTs etc

Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
2017-01-03 15:19:15 +01:00
Yutang Jiang
1866368a8a layerscape: add ls1088ardb device support
LS1088A is an ARMv8 implementation combining eight ARM A53 processor
cores. The LS1088ARDB is an evaluatoin platform that supports the
LS1088A family SoCs.

Features summary:
- Eight 64-bit ARM v8 Cortex-A53 CPUs
- Data path acceleration architecture 2.0 (DPAA2)
- Ethernet interfaces
- QUADSPI flash, 3 PCIe, 2 USB, 1 SD, 2 DUARTs etc

Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
2017-01-03 15:19:15 +01:00
Roger Pueyo Centelles
c6d3a62919 gre: add different per-protocol prefixes to GRE-TAP IPv4/6 tunnel interfaces.
This commit modifies the /lib/netifd/proto/gre.sh script so that, when
GRE-TAP tunnels are created, either IPv4 or IPv6, the prefix before the chosen
interface name contains the "tap" substring, to differentiate them from non-TAP
GRE tunnels.

Right now, both GRE and GRE-TAP tunnel (either IPv4 or IPv6) interfaces defined
in /etc/config/network are named equally ("gre-"+$ifname or "grev6"+$ifname)
upon creation. For instance, the following tunnels:

        config interface 'tuna'
                option peeraddr '172.30.22.1'
                option proto 'gre'

        config interface 'tunb'
                option peeraddr '192.168.233.4'
                option proto 'gretap'

        config interface 'tunc'
                option peer6addr 'fdc5:7c9e:e93d:45af::1'
                option proto 'grev6'

        config interface 'tund'
                option peer6addr 'fdc0:6071:1348:31ff::2'
                option proto 'grev6tap'

are named, respectively, "gre-tuna", "gre-tunb", "grev6-tunc" and "grev6-tund".

The current change makes that each GRE tunnel interface of the four different
types available (gre, gretap, grev6 and grev6tap) gets a different prefix.
Therefore, the abovementioned tunnels will be named, respectively:
"gre4-tuna", "gre4t-tunb", "gre6-tunc" and "gre6t-tund".

This is coherent with other types of virtual interfaces (i.e. PPP, PPPoE, PPPoA)
where the whole protocol name is used. For instance, a PPPoA interface named
"p1" and a PPPoE interface named "p2" will respectively appear as "pppoa-p1"
and "pppoe-p2", not as "ppp-p1" and "ppp-p2").

Since Linux interfaces names are limited to 15 characters, these prefixes leave,
for the worst case (TAP tunnels), 9 characters for the actual name.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2017-01-03 14:36:37 +01:00
Alexandru Ardelean
15d8d9c271 build: drop trapret function from non-Linux HOST_TAR variant
Looks like this was meant to workaround some limitations with
non-GNU tar variants (like BSD-tar which are present on Mac os BSD hosts).

Though, I cannot find any use of that `+s` option that's mentioned
in the comment.

Last hash of this I found was 24faf55360

In my case, it now this fails for `python-setuptools` on Mac OS X (the host-build with):
```
trapret 2 tar -C <home-dir>/work/sources-work/lede/build_dir/target-i386_pentium4_musl-1.1.15/python-setuptools-27.2.0 --strip-components=1 -xzf <home-dir>/work/sources-work/lede/dl/setuptools-27.2.0.tar.gz
bash: trapret: command not found
```

So, I was thinking maybe it's time to remove this workaround (9 years later).
I could also fix the `python-setuptools` host build. If that's more preferred.

[ Btw, I just recently transitioned to a Mac machine for dev-ing,
  so a lot of (this Mac) stuff I'm finding out is new to me too. ]

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-01-03 14:32:35 +01:00
Luiz Angelo Daros de Luca
0bb474652e elfutils: bump to 0.168
Other changes:
- Project moved to sourceware.org
- musl patch where cleaned up and submitted upstream
- TEMP_FAILURE_RETRY macro fixed and submitted upstream

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[Jo-Philipp Wich: add missing .patch extension to 007-fix_TEMP_FAILURE_RETRY]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-03 14:32:35 +01:00
Brian J. Murrell
fc6b6f4583 download.pl: use curl in preference to wget
Because wget doesn't know how to do Negotiate authentication with a proxy
and curl does, use curl if it's present. The user is expected to have a
~/.curlrc that sets the options necessary for any proxy authentication.

A ~/.curlrc is completely optional however and curl will work in exactly
the same manner as wget without one.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
[Jo-Philipp Wich: Rework code to detect curl usability by checking --version,
                  Use vararg style open() to bypass the shell when downloading,
                  Use Text::ParseWords to decompose env vars into arguments]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-03 14:26:41 +01:00
Rosen Penev
558680012d curl: Remove PolarSSL and adjust default to mbedTLS
luci-ssl has already made the switch since mainline support for PolarSSL is
almost over (2016).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-01-03 14:26:41 +01:00
Daniel Engberg
cd18ff9ed6 tools: gmp: Update to 6.1.2
Updates GMP to 6.1.2

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-03 14:24:33 +01:00
Daniel Engberg
0050b39fd4 gmp: Update to 6.1.2
Update GMP to 6.1.2

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-03 14:24:33 +01:00
Daniel Engberg
6099f22097 zlib: Update to 1.2.9
Update zlib to 1.2.9 and switch to XZ tarballs for download.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-03 14:24:33 +01:00
Daniel Engberg
bb4afdc8bc libusb: Update to 1.0.21
Update libusb to 1.0.21

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-03 14:24:33 +01:00
Daniel Engberg
54ff3b1def xz: Update to 5.2.3
Update xz to 5.2.3

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-03 14:24:32 +01:00
Florian Fainelli
1618c4abdb rpcd: Update to 2016-12-03
Brings in the following changes:

0577cfc1acdb cmake: Find libubox/blobmsg_json.h
26c98ec94d7a sys: Check return values of chdir and write
f4089654a399 cmake: Find libubus.h

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-01-02 21:06:14 +01:00
Florian Fainelli
9bf2bc7587 fstools: Update to 2016-12-04
Brings in the following changes:
84b530a732b1 libfstools: Check return values for fread and system

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-01-02 21:06:14 +01:00
Florian Fainelli
55209a9df9 uclient: Update to 2016-12-09
Brings in the following changes:

52d955fd802a remove obsolete mac os x /opt/local include/library search path
a4e49b4163b2 Fix unused results warnings
48cfff3fbec9 uclient-http: send correct "Host:" header if port is set

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-01-02 21:06:13 +01:00
John Crispin
91dab05918 ixp4xx: drop 3.18 config/patches
the default has been 4.4 for a while now

Signed-off-by: John Crispin <john@phrozen.org>
2017-01-02 21:06:13 +01:00
Mathias Kresin
8c822ec4ca uboot-lantiq: fix boot of images larger than 8MB
Increasing CONFIG_SYS_BOOTM_LEN from 8 MB to 16 MB is necessary to
support uncompressing images larger than 8 MB when using the bootm
command.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-02 19:16:54 +01:00
Mathias Kresin
cfe1c6debe uboot-lantiq: fix build with gcc6
Backport u-boot commit 9b2c282b348dfe966bbba967dc7a45ce817cce50 to fix
compile with gcc5 and gcc6.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-02 19:16:54 +01:00
Mathias Kresin
b35a41c139 generic: backport dwc2 kernel panic fix
In case the soft reset in dwc2_core_reset() timeouts, the
hsotg->core_params are freed albeit it is owned by the core. This
results into a kernel panic as shown in FS#351.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-02 19:16:54 +01:00
L. D. Pinney
b28e94d4bf ramips: MiWiFi Nano fixes
Use the the dt-bindings macros and add the reset button.

Set the correct polarity for the LEDs and drop the default state.
Remove all trigger for the LEDs. According to the manual the LEDs are
only used to show the operation state, where blue means normal
operation.

Use the MAC-Addresses stored in EEPROM for the ethernet and the
wireless interface.

Signed-off-by: L. D. Pinney <ldpinney@gmail.com>
[use leds only for boot status indication, add proper commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-02 19:16:54 +01:00
Alexis Green
fd718c5025 mac80211: Allow HT/VHT rates when running unencrypted mesh.
Signed-off-by: Alexis Green <agreen@cococorp.com>
2017-01-02 16:47:59 +01:00
Alberto Bursi
8496659eb4 base-files: fix message of initscript wrapper
currently (after blogic's edit to my commit) it prints like this:

root@lede:/# service aa
aa does not exist. the following services are available :adblock       dnsmasq       gpio_switch   rpcd          system
boot          done          led           sqm           uhttpd
crelay        dropbear      log           sysctl        umount
cron          firewall      network       sysfixtime    urandom_seed
ddns          fstab         odhcpd        sysntpd

which looks pretty bad, and is even worse if someone writes only "service" without arguments, as it will print " does not exist. " which is confusing.

with this commit it looks like this:

root@lede:/# service
service "" not found, the following services are available:
adblock       dnsmasq       gpio_switch   rpcd          system
boot          done          led           sqm           uhttpd
crelay        dropbear      log           sysctl        umount
cron          firewall      network       sysfixtime    urandom_seed
ddns          fstab         odhcpd        sysntpd

Yes there is some play with " and ', it is to display "name" or just "" if no service name is entered (like in the example).

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-01-02 16:47:59 +01:00
George Amanakis
5639e45614 generic: package Broadcom BNX2 driver
bnx2 driver support for the x86 architecture. Includes module and
firmware for Broadcom BCM5706/5708/5709/5716 ethernet adapters.

Signed-off-by: George Amanakis <g_amanakis@yahoo.com>
2017-01-02 16:47:59 +01:00
Hauke Mehrtens
321aca6661 oxnas: fix syntax in ox820-akitio.dts
This commit introduced a syntax error in ox820-akitio.dts which is
fixed now:
commit 5cde94d9ab
Author: Daniel Golle <daniel@makrotopia.org>
Date:   Sat Sep 24 01:14:53 2016 +0200
    oxnas: backport upstream NAND driver

This caused the folowing error message in the build bot:
Error: arch/arm/boot/dts/ox820-akitio.dts:146.3-147.1 syntax error
FATAL ERROR: Unable to parse input tree
scripts/Makefile.lib:293: recipe for target 'arch/arm/boot/dts/ox820-akitio.dtb' failed
make[5]: *** [arch/arm/boot/dts/ox820-akitio.dtb] Error 1

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-02 13:34:57 +01:00
Hauke Mehrtens
1436e15488 curl: update to version 7.52.1
This fixes the folowing security problems:

CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
CVE-2016-9594: unititialized random

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-02 13:07:10 +01:00
Daniel Golle
3e2c60e476 oxnas: append metadata to sysupgrade image
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-01-01 10:08:04 +01:00
Daniel Golle
5cde94d9ab oxnas: backport upstream NAND driver
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-01-01 10:07:58 +01:00
Daniel Golle
ae21033e76 oxnas: drop support for kernel 4.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-01-01 10:07:40 +01:00
Daniel Golle
1f7a3584e5 oxnas: switch to kernel 4.4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-01-01 10:07:05 +01:00
Hannu Nyman
b7677f05d6 ustream-ssl: remove extra DEFAULT_VARIANT from libustream-polarssl
Currently both libustream-polarssl and libustream-mbedtls
variants define themselves as the DEFAULT_VARIANT

Remove extra DEFAULT_VARIANT from libustream-polarssl.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-12-30 17:38:39 +01:00