Commit graph

39203 commits

Author SHA1 Message Date
Piotr Dymacz
4b35e174ca firmware-utils: mktplinkfw2: support additional hardware version
As it turned out, some of new MediaTek based TP-Link devices use value
from field at 0x3c offset in version 3 of TP-Link header to specify
"Additional Hardware Version".

Value from this field is validated during regular (GUI) firmware upgrade
on devices like TL-WR840N v4 or TL-WR841N v13. If it's zero (based on
some tests, it seems that firmware will accept anything != 0), errors
like below are printed on console and upgrade fails:

[ rsl_sys_updateFirmware ] 2137:  Firmware Additional HardwareVersion
check failed

[ rdp_updateFirmware ] 345:  perror:4506

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-06-29 10:37:36 +02:00
Piotr Dymacz
ad8c315812 ar71xx: fix switch port mapping for TP-Link TL-WR74xN/D series
Fixes FS#843

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-06-29 10:37:36 +02:00
Henryk Heisig
b05c7193fd ar71xx: add support for TP-Link Archer C58 v1
TP-Link Archer C58 v1 is a dual-band AC1350 router, based on Qualcomm
QCA9561 + QCA9886. It looks like Archer C59 v1 without USB port.

Specification:

- 775/650/258 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 6x LED, 3x button
- UART header on PCB, RX, TX at TP4+5 (backside)

QCA9886 wlan needs pre_cal_data file and enable ieee80211 phy hotplug to
patch macaddress.

Flash instruction:

Use "factory" image directly in vendor GUI.

Recovery method:

1. Set PC to fixed ip address 192.168.0.66/24.
2. Download "lede-ar71xx-generic-archer-c58-v1-squashfs-factory.bin" and
   rename it to "tp_recovery.bin".
3. Start a tftp server with the file "tp_recovery.bin" in its root
   directory.
4. Turn off the router.
5. Press and hold Reset button.
6. Turn on router with the reset button pressed and wait ~15 seconds.
7. Release the reset button and after a short time the firmware should
   be transferred from the tftp server.
8. Wait ~30 second to complete recovery.

Flash instruction under U-Boot, using UART:

tftp 0x81000000 lede-ar71xx-...-sysupgrade.bin
erase 0x9f020000 +$filesize
cp.b $fileaddr 0x9f020000 $filesize
reset

This commit is based on GitHub PR#1112

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2017-06-29 10:37:36 +02:00
Jean-Pierre St-Yves
01280bc8dc firmware-utils: tplink-safeloader: add support for Archer C5 v2 JP/US
Add support for Japan and US versions of TP-Link Archer C5 v2

Signed-off-by: Jean-Pierre St-Yves <jpstyves@gmail.com>
2017-06-29 10:37:36 +02:00
Henryk Heisig
7d21b4eed0 firmware-utils: tplink-safeloader: add support for Archer C59/C60 RU
Add support for Russian version of TP-Link Archer C59/C60 v1

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2017-06-29 10:37:36 +02:00
Federico Cappon
9fec39a033 ar71xx: add support for TP-Link TL-WA855RE v1
TP-Link TL-WA855RE v1 is a wall-plug N300 Wi-Fi range extender,
based on Qualcomm/Atheros QCA9533 v2.

Short specification:

- 550/397/198 MHz (CPU/DDR/AHB)
- 1x 10/100 Mbps Ethernet
- 32 MB of RAM (DDR1)
- 4 MB of FLASH
- 2T2R 2.4 GHz
- 2x external antennas
- 2x LED (green and orange in the same package), 2x button
- UART: TP5(TX) and TP4(RX) test points on PCB

Flash instruction: use "factory" image directly in vendor GUI.

Warning: this device does not include any kind of recovery mechanism
in the bootloader and disassembling process is not trivial.

You can access vendor firmware over serial line using:
- login: root
- password: sohoadmin

Image was tested only in EU version of the device, but should work
also with the same device version sold in other countries.

Signed-off-by: Federico Cappon <dududede371@gmail.com>
2017-06-29 10:37:36 +02:00
Piotr Dymacz
656ed7544f ar71xx: fix EnGenius ENS202EXT mtd definition
Use statically defined sizes for kernel and rootfs mtd partitions.
Vendor upgrade script writes both firmware parts independently which
ends up in a gap between kernel and rootfs images. This results in
incorrectly calculated rootfs_data start offset.

Also, fix IMAGE_SIZE, DEVICE_PACKAGES and drop redundant KERNEL
definition.

Fixes FS#835

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-06-29 10:37:36 +02:00
Camille Bilodeau
bdd3c94872 uboot-envtools: add Arduino Yun support
Signed-off-by: Camille Bilodeau <camille.bilodeau@protonmail.com>
2017-06-29 10:37:36 +02:00
Camille Bilodeau
bb46b635df ar71xx: move Arduino Yun to generic building code
Migrate Arduino Yun from legacy to generic building code.

Note: the mtd partitioning is changed to adopt the LEDE default
partitioning. It allows to have a kernel bigger than 1280k. It is
necessary as kernel > 4.4 with default LEDE configuration grows
bigger.

To use the new partitioning, you need to update your U-Boot env in
advance:

setenv mtdparts "spi0.0:256k(u-boot)ro,64k(u-boot-env),15936k(firmware),64k(nvram),64k(art)ro"
setenv bootcmd "run addboard; run addtty; run addparts; run addrootfs; bootm 0x9f050000 || bootm 0x9fea0000"
saveenv

Signed-off-by: Camille Bilodeau <camille.bilodeau@protonmail.com>
2017-06-29 10:37:36 +02:00
Camille Bilodeau
2fa58a8d7c ar71xx: remove Arduino Yun 8 MiB prototype
The Arduino Yun has 16 MiB flash. Early prototype boards with 8 MiB were
not available for sell:

https://blog.arduino.cc/2013/08/21/updating-about-arduino-yun-and-arduino-robot/

Signed-off-by: Camille Bilodeau <camille.bilodeau@protonmail.com>
2017-06-29 10:37:36 +02:00
Leon M. George
3e12ca2355 ar71xx: wpj344: set MAC on wan
Signed-off-by: Leon M. George <leon@georgemail.eu>
2017-06-29 10:37:36 +02:00
Leon M. George
98c5a71dfd ar71xx: wpj344: remove unused eth1 device
Signed-off-by: Leon M. George <leon@georgemail.eu>
2017-06-29 10:37:36 +02:00
Leon M. George
c777fd8a7e ar71xx: wpj344: read MAC addresses from u-boot mtd
This way, the assigned addresses match those on the barcode labels.
Otherwise, the addresses appear to vary on boot.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2017-06-29 10:37:36 +02:00
Hans Dedecker
1d45ec2784 dhcpv6: add missing dollar sign in dhcpv6 script (FS#874)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-29 09:56:19 +02:00
Stijn Tintel
880f73c327 kernel: cleanup CONFIG_SCHED_HRTICK
Remove CONFIG_SCHED_HRTICK from target configs, as it was added to the
generic config in b47fd76563.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-29 04:46:59 +02:00
Stijn Tintel
1e91855af2 armvirt: rename config-default to config-4.9
The kernel configs for all targets should have the version in the
filename, for clearness and consistency across all targets.
It is also expected by the update_kernel.sh script.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-29 03:36:19 +02:00
Hans Dedecker
7d31fe6068 dnsmasq: backport patch fixing DNS failover (FS#841)
Backport upstream dnsmasq patch fixing DNS failover when first servers
returns REFUSED in strict mode; fixes issue FS#841.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-28 11:33:42 +02:00
Rafał Miłecki
76c460b584 kernel: backport usbport LED trigger driver support for DT
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-28 11:31:38 +02:00
Stijn Tintel
6371159b4a dropbear: add option to set max auth tries
Add a uci option to set the new max auth tries paramater in dropbear.
Set the default to 3, as 10 seems excessive.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-28 02:18:20 +02:00
Kevin Darbyshire-Bryant
9aaf3d3501 dropbear: server support option '-T' max auth tries
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.

A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-28 02:18:20 +02:00
Yury Shvedov
37c1513b1f hostapd: configure NAS ID regardless of encryption
RADIUS protocol could be used not only for authentication but for
accounting too. Accounting could be configured for any type of networks.
However there is no way to configure NAS Identifier for non-WPA
networks without this patch.

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-28 02:18:20 +02:00
Yury Shvedov
0e7bbcd43b hostapd: add acct_interval option
Make an ability to configure Accounting-Interim-Interval via UCI

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[add hostapd prefix, cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-28 02:18:20 +02:00
Michael Heimpold
f788fd0fd3 mxs: drop 4.4 support
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2017-06-27 23:22:25 +02:00
Michael Heimpold
9eb68f020b mxs: add support for 4.9 and switch over
I did not port the regulator and power patches from Stefan Wahren
because I talked to him and he told me that work on this is currently
stalled. And since AFAIK nothing depends on these patches, leaving them
out seems reasonable.

I build minimum default configurations and run-tested them on both
I2SE Duckbill devices and Olimex Olinuxino Maxi boards successfully [1].

[1] Tested:
- debug uart is working
- boot without any obvious kernel problem
- network is coming up and data transfer is possible
- Olinuxino: USB detects a plugged-in pen drive

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
[refreshed config and patches]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-06-27 23:22:25 +02:00
Michael Heimpold
8794954d10 kernel: disable various symbols for v4.9
In preparation for bumping mxs target to 4.9, disable a bunch of configuration
symbols that provoked config prompts.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2017-06-27 23:22:25 +02:00
John Crispin
6da4f03f02 ath10k-firmware: add qca9888 firmware
ath10k-firmware: add qca9888 firmware

the firmware files for qca9888 were previously not packaged. add the meta
information for doing so.

Signed-off-by: John Crispin <john@phrozen.org>
2017-06-27 11:47:07 +02:00
Stijn Tintel
f80963d4d1 kernel: update kernel 4.4 to 4.4.74
Refresh patches.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:42:50 +02:00
Koen Vandeputte
69649a1b45 kernel: update kernel 4.9 to 4.9.34
- Refreshed all patches
- Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch)

Compile tested on: brcm2708, cns3xxx, imx6
Run tested on: brcm2708, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Compile and run tested on brcm2708]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:21:03 +02:00
Stijn Tintel
d18f76f762 kernel: use .patch extension for all patches
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 06:37:46 +02:00
Mathias Kresin
06741411e0 firmware-utils: fix dgn3500sum compiler warnings
The sum variable need to be initialised, otherwise it will points to
random stack memory and a bogus image checksum might be calculated.

While at it, fix the segfault in case the product region code isn't
specified and enable compiler warnings which had revealed all the code
issues.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-26 20:08:36 +02:00
Hans Dedecker
f33de80232 dnsmasq: backport tweak ICMP ping logic for DHCPv4
Don't start ping-check of address in DHCP discover if there already
exists a lease for the address. It has been reported under some
circumstances android and netbooted windows devices can reply to
ICMP pings if they have a lease and thus block the allocation of
the IP address the device already has during boot.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-26 10:49:13 +02:00
Jo-Philipp Wich
2c5f16ecac procd: support term_timeout parameter
Expose "term_timeout" parameter in procd.sh to allow init scripts to
request a longer termination timeout.

This is required to fix FS#859 in a later commit.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-26 10:02:20 +02:00
Jo-Philipp Wich
124ab1dc0a procd: assign /dev/tty* nodes to "tty" group
Adjust default permissions and ownership of /dev/tty* nodes from
0600/root:root to 0660/root:tty in order to support granting
unprivileged user access when needed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-26 10:02:20 +02:00
Jo-Philipp Wich
5523ee3459 base-files: add "tty" user group
This is needed for an upcoming change to the hotplug default rules which
will cause /dev/tty* nodes to get assigned to the "tty" group in order
to support unprivileged user access when needed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-26 10:02:20 +02:00
Magnus Kroken
45f4f6649a openvpn: update to 2.4.3
Fixes for security and other issues. See security announcement for more details:
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

* Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508)
* Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520)
* Potential double-free in --x509-alt-username (CVE-2017-7521)
* Remote-triggerable memory leaks (CVE-2017-7512)
* Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522)
* Null-pointer dereference in establish_http_proxy_passthru()
* Restrict --x509-alt-username extension types
* Fix potential 1-byte overread in TCP option parsing
* Fix mbedtls fingerprint calculation
* openssl: fix overflow check for long --tls-cipher option
* Ensure option array p[] is always NULL-terminated
* Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6)

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-06-26 09:56:07 +02:00
Magnus Kroken
329f6a96b7 mbedtls: update to 2.5.1
Fixes some security issues (no remote exploits), and introduces
some changes. See release notes for details:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released

* Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
* Adds exponent blinding to RSA private operations
* Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
* Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
* Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-06-26 09:56:07 +02:00
Alexander Couzens
d98cafc7b6
ar71xx/images/senao: fix reproducible issue using tar
Use deterministic sorting
Use numeric owner/group
Set uid/gid to 0

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-25 12:14:26 +02:00
Alexander Couzens
d6331d5583 ar71xx/image: make tar calls reproducible
Use --mtime when SOURCE_DATE_EPOCH is set.
Use gzip -n9z instead of tar z to remove
timestamp in gzip header.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-25 12:11:41 +02:00
Christian Lamparter
6adc757097 apm821xx: MR24: fix ethernet phy detection on the MR24
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This patch fixes a problem where the AR8035 PHY can't be
detected on the Cisco Meraki MR24, when the ethernet cable
is not connected during boot.

Russell Senior reported:
|This appears to be a problem during probing of the AR8035
|phy chip. When ethernet has no link, the phy detection fails,
|and eth0 is not created. Plugging ethernet later has no effect,
|because there is no interface as far as the kernel is
|concerned. The relevant part of the boot log looks like this:
|
|[    0.876611] /plb/opb/emac-rgmii@ef601500: input 0 in RGMII mode
|[    0.882532] /plb/opb/ethernet@ef600c00: reset timeout
|[    0.888546] /plb/opb/ethernet@ef600c00: can't find PHY!
(<https://bugs.lede-project.org/index.php?do=details&task_id=687>)

Fixes FS#687
Cc: Chris Blake <chrisrblake93@gmail.com>
Reported-by: Russell Senior <russell@personaltelco.net>
Fixes: 23fbb5a87c56e98 ("emac: Fix EMAC soft reset on 460EX/GT")
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2017-06-24 22:36:38 +02:00
Florian Eckert
4482063c34 treewide: add license tags
Add licence tags where missing.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-06-24 22:36:38 +02:00
Mathias Kresin
1faff3b7e3 ramips: add MT7603E driver to AFoundry EW1200
Add the MT7603E driver for the 2.4GHz wireless.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
e7cd6f5d66 ar71xx: add AVM FRITZ!WLAN Repeater 300E support
Specifications:
* SoC: AR7242 (Virian 400MHz)
* RAM: 64 MB DDR (W9751G6JB-25)
* Flash: 16MB SPI flash (S25FL129PIF)
* WiFi: AR9382 (2.4/5GHz) + 2x SE2595L
* LAN: 1x1000M (PEF7071V)

To install LEDE via EVA bootloader, a FTP connection need to be
established to 192.168.178.1 within the first seconds after power on:

  ftp> quote USER adam2
  ftp> quote PASS adam2
  ftp> binary
  ftp> debug
  ftp> passive
  ftp> quote MEDIA FLSH
  ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
0605b15be4 ar71xx: add AR724x PCIe init fixes
Add upstream send AR724x PCIe patches to get the PCIe controller out of
reset during driver init.

The AVM Fritz 300E bootloader doesn't take care of releasing the
different PCIe controller related resets which causes an endless hang
as soon as either the PCIE Reset register (0x180f0018) or the PCI
Application Control register (0x180f0000) is read from.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
8e0d7d6574 build: move lzma2eva build step to image-commands.mk
Move it to image-commands.mk so that it can used by other targets with
eva based boards as well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
d165f1f3bc kernel: move Lantiq PEF7061/7071/7072 phy driver to generic
The driver is used for boards outside the lantiq target as well. Move
it to generic to make it available for more targets.

The phy driver is included in kernel 4.8 as INTEL_XWAY_PHY.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
7e12863252 fritz_tffs_read: get tffs size from input file
Use the size of the input file as maximum tffs size instead of a fixed
value. The tffs on a AVM Fritz 300E can be up to 512KByte for example.

Fixes a read error for the AVM Fritz 3370 where the tffs partition size
is 64Kbyte and smaller than the former default value of 256KByte.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Daniel Golle
04063820e8 libreadline: add host-build
Also make sure that the PKG_NAME and folder name are equal.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-24 14:38:14 +02:00
Luiz Angelo Daros de Luca
991899cc54 valgrind: bump to 3.13.0
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2017-06-24 14:11:06 +02:00
Christian Schoenebeck
7d7356df64 ca-certificates: Update to version 20161130+nmu1
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2017-06-24 14:11:06 +02:00
Bastian Bittorf
dde9da46c1 busybox: ash/hush fix for read-builtin command
this is a cherrypick from busybox-git HEAD:
f5470419404d643070db99d058405b714695b817

and can be removed when upgrading to
next busybox release. discussion here:
http://lists.busybox.net/pipermail/busybox/2017-May/085439.html

Signed-off-by: Bastian Bittorf <bb@npl.de>
2017-06-24 13:11:19 +02:00