Commit graph

39702 commits

Author SHA1 Message Date
Alexandru Ardelean
41706d05b9 libs/wolfssl: adjust symbol defaults against libwolfssl defaults
Some symbols have been renamed.
Some are default enabled/disabled, so we need
to adjust semantics against that.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
8334a23679 libs/wolfssl: disable hardening check in settings.h
This seems to cause a false-positive warning/error
while building `libwebsockets-cyassl`.

```
make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
[  2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o
In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0,
                 from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33,
                 from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30,
                 from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256,
                 from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43:
/home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp]
             #warning "For timing resistance / side-channel attack prevention consider using harden options"

```

Hardening is enabled by default in libwolfssl at build-time.

However, the `settings.h` header is exported (along with other headers)
for build (via Build/InstallDev).

This looks like a small bug/issue with wolfssl.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
d03c23c8d4 cyassl,curl,libustream-ssl: rename every cyassl to wolfssl
This is to eliminate any ambiguity about the cyassl/wolfssl lib.

The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.

It's a good idea to keep up with the times (moving forward).

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
560b7334ec libs/wolfssl: add libcysassl to PROVIDES field (for backwards compat)
Until other packages from feeds decide to rename the
dependency of `+libcyassl` to `+libwolfssl`, this allows
for a bit of backwards compatibility with those packages.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
ad510c4d62 wwan: json format in some modem definitions
Method used:
```
cd package/network/utils/wwan/files/data
sed -e 's/}}/}/g' -i *
sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i *
sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i *
```

Manually adjusted commas.
Validated with
```
for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done
```

Thanks to @lynxis for pointing out the commas.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-16 23:04:46 +02:00
Daniel Engberg
ed617fd8f2 tools/e2fsprogs: Update to 1.43.6
Update e2fsprogs to 1.43.6
* Remove FreeBSD patch as it's not needed, FreeBSD 9.1 is EoL and this
  is compiling on FreeBSD 11.1.
* Remove libmagic patch, RHEL 5 is EoL (End of Production Phase) since
  March 31, 2017.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-09-16 22:22:44 +02:00
Daniel Engberg
b0f26243fe tools/expat: Update to 2.2.4
Update (lib)expat to 2.2.4

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-09-16 22:22:44 +02:00
Kevin Darbyshire-Bryant
3f4f580954 toolchain: gcc: update 7.x to 7.2.0
Bump gcc from 7.1 to 7.2

Compile & run tested: ar71xx

Trace history of current patches and update with commit ref & comment
to give more clue as to why they're still around/needed.  Some have
changed form since the original commit but some clue is better than no
clue at all.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-09-16 19:33:37 +02:00
Kevin Darbyshire-Bryant
820101873d kernel: update 4.4 to 4.4.88
Refresh patches.
Compile & run tested: ar71xx  Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-16 19:27:08 +02:00
Karl Palsson
ae57675bba odhcpd: don't enable server mode on non-static lan port
Instead of blindly enabling the odhcpd v6 server and RA server on the
lan port, only do that if the lan port protocol is "static"

This prevents the unhelpful case of a device being a dhcpv4 client and
v6 server on the same ethernet port.

Signed-off-by: Karl Palsson <karlp@etactica.com>
[PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup]
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-16 09:37:50 +02:00
Jiawei Wang
9c500db896 ramips: fix used MAC addresses for Phicomm K2P
The factory partition of the Phicomm K2P contains two MAC addresses.
The lower MAC address is at offset 0xe006 and the higher one is at
offset 0xe000.

Use the lower MAC address as base mac-address which the switch driver
increments by one for the second (wan) vlan.

The MAC addresses are still inverted in contrast to the stock firmware
where the lower MAC address is used for wan. But at least the use of a
MAC address not intended/reserved for this particular board is fixed.

Signed-off-by: Jiawei Wang <me@jwang.link>
2017-09-15 07:14:29 +02:00
Hans Dedecker
c88770c766 odhcpd: update to git HEAD version
f0bce9c dhcpv4: fix memset compile issue
0ba3278 dhcpv4: rework assignment lookup
e3b49f3 dhcpv4: cleanup dhcpv4_test usage
47fe122 dhcpv4: rework lease expire handling logic
028ab85 dhcpv4: force renew nonce authentication support
a827fca dhcpv4: avoid segfault when there's no IPv4 prefix
bea088b ndp: detect ifindex changes via interface netlink events
f66103e ubus: display accept reconf status for DHCPv6 assignments
f0e354b treewide: replace RELAYD prefix naming in macros
1a313f9 dhcpv4: fix possible segfault when lease is not created
e2d6eb4 dhcpv4: dhcpv4: move interface lease list insertion out of dhcpv4_assign

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-13 22:32:52 +02:00
Kristian Evensen
133815ad8f ramips: fix D240 mini-PCIe power control GPIOs
In commit b11c51916c ("ramips: Improve Sanlinking D240 config") I made
a mistake with regards GPIO numbering. And in addition to specifying the
wrong GPIO for controling the power of one of the mini-PCIe, I recently
discovered that the power of both slots can be controlled.

This patch specifies the correct GPIO for the left-most mini-PCIe slot
of the D240 (labeled power_mpcie2 since the slot is attached to SIM2),
and adds a GPIO that can be used to control the power of the other
mini-PCIe slot (labeled power_mpcie1).

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[do not use the gpio active macros for the gpio-export value]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-13 08:07:54 +02:00
Maxim Anisimov
161a3be5ad ramips: add support for TP-Link Archer C20 v1
TP-Link Archer C20 v1 is a router with 5-port FE switch and
non-detachable antennas. It's very similiar to TP-Link Archer C50.
Also it's based on MediaTek MT7620A+MT7610EN.

Specification:
- MediaTek MT7620A (580 Mhz)
- 64 MB of RAM
- 8 MB of FLASH
- 2T2R 2.4 GHz and 1T1R 5 GHz
- 5x 10/100 Mbps Ethernet
- 2x external, non-detachable antennas
- UART (J1) header on PCB (115200 8n1)
- 8x LED (GPIO-controlled*), 2x button, power input switch
- 1 x USB 2.0 port

* WAN LED in this devices is a dual-color, dual-leads type which isn't
  (fully) supported by gpio-leds driver. This type of LED requires both
  GPIOs state change at the same time to select color or turn it off.
  For now, we support/use only the blue part of the LED.
* MT7610EN ac chip isn't not supported by LEDE. Therefore 5Ghz won't
  work.

Factory image notes:

These devices use version 3 of TP-Link header, fortunately without RSA
signature (at least in case of devices sold in Europe). The difference
lays in the requirement for a non-zero value in "Additional Hardware
Version" field. Ideally, it should match the value stored in vendor
firmware header on device.

We are able to prepare factory firwmare file which is accepted and
(almost) correctly flashed from the vendor GUI. As it turned out, it
accepts files without U-Boot image with second header at the beginning
but due to some kind of bug in upgrade routine, flashed image gets
corrupted before it's written to flash. So, to flash this device we must
to prepare image using original firmware from tp-link site with uboot.

Flash instruction:

Until (if at all) TP-Link fixes described problem, the only way to flash
LEDE image in these devices is to use tftp recovery mode in U-Boot.
There are two ways to flash the device to LEDE:

1) Using tftp mode with UART connection and original LEDE image

 - Place lede-ramips-mt7620-ArcherC20-squashfs-factory.bin in tftp
   server directory
 - Configure PC with static IP 192.168.0.66/24 and tftp server.
 - Connect PC with one of LAN ports, power up the router and press
   key "4" to access U-Boot CLI.
 - Use the following commands to update the device to LEDE:

    setenv serverip 192.168.0.66
    tftp 0x80060000 lede-ramips-mt7620-ArcherC20-squashfs-factory.bin
    erase tplink 0x20000 0x7a0000
    cp.b 0x80060000 0x20000 0x7a0000
    reset

 - After that the device will reboot and boot to LEDE

2) Using tftp mode without UART connection but require some
   manipulations with target image

 - Download and unpack TP-Link Archer C20 v1 firmware from original web
   site
 - Split uboot.bin from original firmware by this command (example):

    dd if=Archer_C20v1_0.9.1_4.0_up_boot(160427)_2016-04-27_13.53.59.bin of=uboot.bin bs=512 count=256 skip=1

 - Create ArcherC20V1_tp_recovery.bin using this command:

    cat uboot.bin lede-ramips-mt7620-ArcherC20-squashfs-factory.bin > ArcherC20V1_tp_recovery.bin

 - Place ArcherC20V1_tp_recovery.bin in tftp server directory.
 - Configure PC with static IP 192.168.0.66/24 and tftp server.
 - Connect PC with one of LAN ports, press the reset button, power up
   the router and keep button pressed for around 6-7 seconds, until
   device starts downloading the file.
 - Router will download file from server, write it to flash and reboot.

Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
2017-09-13 08:07:54 +02:00
Thibaut VARENE
eff3549c58 generic: drop support for get_port_stats() on ar8xxx
The implementation is not efficient on ar8xxx switches. It triggers high
CPU load and degrades device performance.

The high CPU load has been traced down to the ar8xxx_reg_wait() call in
ar8xxx_mib_op(), which has to usleep_range() till the MIB busy flag set
by the request to update the MIB counter is cleared.

This commit removes the get_port_stats() code introduced in 4d8a66d and
leaves a note for future hacker's beware.

Fixes: FS#1004

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-13 08:07:54 +02:00
Lorenzo Santina
fd84ecda7d treewide: fix shellscript syntax errors/typos
Fix multiple syntax errors in shelscripts (of packages only)
These errors were causing many conditions to not working properly

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[increase PKG_RELEASE, drop command substitution from directip.sh]
Signed-off-by: Mathias Kresin <dev@kresin.em>
2017-09-13 08:07:54 +02:00
David Yang
fb128057da ramips: fix hg255d LED status support
Use the green power LED for boot status indication.

Source: https://my.oschina.net/osbin/blog/278782 Para 3

Signed-off-by: David Yang <mmyangfl@gmail.com>
2017-09-13 08:07:54 +02:00
Kevin Darbyshire-Bryant
7765e442d0 basefiles: allow suid coredumps
Set sysctl fs.suid_dumpable = 2

This allows suid processes to dump core according to kernel.core_pattern
setting.  LEDE typically uses suid to drop root priviledge rather than
gain it but without this setting any suid process would be unable to
produce coredumps (e.g. dnsmasq)

Processes still need to set a non zero core file process limit ('ulimit
-c unlimited' or if procd used 'procd_set_param limits
core="unlimited"') in order to produce a core.  This setting removes an
obscure stumbling block along the way.

>From https://www.kernel.org/doc/Documentation/sysctl/fs.txt

suid_dumpable:

This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are

0 - (default) - traditional behaviour. Any process which has changed
	privilege levels or is execute only will not be dumped.
1 - (debug) - all processes dump core when possible. The core dump is
	owned by the current user and no security is applied. This is
	intended for system debugging situations only. Ptrace is unchecked.
	This is insecure as it allows regular users to examine the memory
	contents of privileged processes.
2 - (suidsafe) - any binary which normally would not be dumped is dumped
	anyway, but only if the "core_pattern" kernel sysctl is set to
	either a pipe handler or a fully qualified path. (For more details
	on this limitation, see CVE-2006-2451.) This mode is appropriate
	when administrators are attempting to debug problems in a normal
	environment, and either have a core dump pipe handler that knows
	to treat privileged core dumps with care, or specific directory
	defined for catching core dumps. If a core dump happens without
	a pipe handler or fully qualifid path, a message will be emitted
	to syslog warning about the lack of a correct setting.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2017-09-12 22:18:45 +02:00
Matthias Schiffer
53839da46e
ar71xx: fix MAC addresses on TP-Link TL-WR1043ND v4
The addresses were read from the 'config' partition, which would not always
contain the addresses at the same offsets, depending on the stock firmware
version used before flashing LEDE. Change this to get the addresses from
the 'product-info' partition, which is read-only.

Reported-and-tested-by: Andreas Ziegler <ml@andreas-ziegler.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-09-11 19:47:19 +02:00
Kristian Evensen
79440ea756 ramips: Add support for ZBT WE1026-5G
The ZBT WE1026-5G
(http://www.zbtlink.com/products/router/WE1026-5G.html) is the follow-up
to the ZBT WE1026 and is based on MT7620. For the previous WE1026, the
ZBT WE826 image could be used. However, as the name implies, the -5G
comes equipped with a 5GHz wifi radio. As the WE826 only has a 2.4GHz
radio, the addition of 5GHz means that a separate image is needed for
the WE1026-5G. I suspect that this image will also work on the previous
WE1026, but I don't have a device to test with.

The WE1026-5G has following specifications:
* CPU: MT7620A
* 1x 10/100Mbps Ethernet.
* 16 MB Flash.
* 64 MB RAM.
* 1x USB 2.0 port.
* 1x mini-PCIe slots.
* 1x SIM slots.
* 1x 2.4Ghz WIFI.
* 1x 5GHz wifi (MT7612)
* 1x button.
* 3x controllable LEDs.

Works:
* Wifi.
* Switch.
* mini-PCIe slot. Only tested with a USB device (a modem).
* SIM slot.
* Sysupgrade.
* Button (reset).

Not working:
* The 5GHz WIFI LED is completely dead. I suspect the issue is the same
as on other devices with Mediatek 5Ghz wifi-cards/chips. The LED is
controlled by the driver, and mt76 (currently) does not support this.

Not tested:
* SD card reader.

Notes:
* The modem (labeled 3G/4G) and power LEDs are controlled by the
hardware.
* There is a 32MB version of this device available, but I do not have
access to it. I have therefor only added support for the 16MB version,
but added all the required infrastructure to make adding support for the
32MB version easy.

Installation:
The router comes pre-installed with OpenWRT, including a variant of
Luci. The initial firmware install can be done through this UI,
following normal procedure. I.e., access the UI and update the firmware
using the sysupgrade-image. Remember to select that you do not want to
keep existing settings.

Recovery:
If you brick the device, the WE1026-5G supports recovery using HTTP. Keep the
reset button pressed for ~5sec when booting to start the web server. Set the
address of the network interface on your machine to 192.168.1.2/24, and
point your browser to 192.168.1.1 to access the recovery UI. From the
recovery UI you can upload a firmware image.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
2017-09-11 17:17:05 +02:00
Toke Høiland-Jørgensen
76c3a033f6 ath10k: Re-enable intermediate softqueues for all devices
The upstream ath10k driver disables the intermediate softqueues for some
devices. This patch reverts that behaviour and always enables the
softqueues (and associated bufferbloat fixes). We have had reports of people
running this with good results:
https://lists.bufferbloat.net/pipermail/make-wifi-fast/2017-September/001497.html

This also refreshes mac80211 patches.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2017-09-11 17:16:17 +02:00
Baptiste Jonglez
b30ba14e2a scripts/download.pl: fail loudly if provided hash is unsupported
Currently, if the provided hash is unsupported (length different from 32
or 64 bytes), we happily download the requested file without any kind of
checksum verification.

This is quite dangerous and may provide a false sense of security, because
a single typo in the hash (e.g. one character deleted by mistake) may skip
checksum verification entirely.

Instead, fail immediately if we don't support the provided hash.
In particular, if an external package repository decides to change the
hash algorithm one day, we will now fail loudly instead of skipping
checksum verification without complaints.

Note: if some users of scripts/download.pl knowingly provide an empty hash
because they don't need checksum verification, this change will break
them.  This does not seem to be the case currently, but if this feature is
ever needed, an option should be added to download.pl instead of relying
on the hash being empty.

Fixes: eaa4eba10a ("scripts/download.pl: add SHA-256 support")

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2017-09-11 17:13:02 +02:00
Rosen Penev
13e5e47369 ar71xx: Add GRO support to ag71xx
On a TL-WN710N, this patch increases iperf performance from ~92.5 to ~93.5 mbps. Keep in mind the WN710N is a 100mbps device. I expect greater numbers from gigabit devices.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-09-11 17:12:42 +02:00
Rosen Penev
6aa46bf05e ramips: Change ethernet driver to use napi_complete_done.
Backport of mailine linux commit. Speeds up ethernet slightly and reduces latency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-09-11 17:03:54 +02:00
Tim Harvey
79366b8194 cns3xxx: fix GPIO controller interrupt enable
The cns3xxx interrupt controller uses a single register and as such
the 'mask' reg/functions must be used as opposed to the 'enable'/'disable'
reg/functions.

This fixes an issue that occurs if more than one GPIO on a specific controller
(there is GPIOA and GPIOB each having 32 GPIO's) uses interrupts. When one
would get enabled all others would be disabled prior to this patch.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-09-11 17:03:21 +02:00
Stijn Tintel
d5b7215e31 kernel: update 4.9 to 4.9.49
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.

Fixes CVE-2017-11600.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Stijn Tintel
c11762e435 strace: bump to 4.19
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Kevin Darbyshire-Bryant
69ac637fbb mbedtls: update to 2.6.0 CVE-2017-14032
Fixed an authentication bypass issue in SSL/TLS. When the TLS
authentication mode was set to 'optional',
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
peer's X.509 certificate chain had more than
MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
it was not trusted. This could be triggered remotely on both the client
and server side. (Note, with the authentication mode set by
mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
was correctly aborted).

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Magnus Kroken <mkroken@gmail.com>
2017-09-11 01:56:14 +02:00
Stijn Tintel
21014d9708 tcpdump: bump to 4.9.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Stijn Tintel
910e3bed12 lldpd: bump to 0.9.8
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Enrique Giraldo
b8b410fba3 ar71xx: add metadata to wpj344 and wpj558 images
This adds metadata to wpj344 and wpj558 images to prevent loading
firmware of wpj344 into wpj558 and vice versa. This until now was
possible and break the units and had to be recovered from the uboot.

Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
2017-09-10 22:15:04 +02:00
Enrique Giraldo
71067e3b79 ar71xx: wpj558: remove unused eth1 device and fix MAC address
Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
2017-09-10 22:15:04 +02:00
Enrique Giraldo
fefdb1e0b9 ar71xx: add support for COMFAST CF-E355AC
COMFAST CF-E355AC is a ceiling mount AP with PoE support, based on
Qualcomm/Atheros QCA9531 + QCA9882.

Short specification:

- 2x 10/100 Mbps Ethernet, with PoE support
- 64MB of RAM (DDR2)
- 16 MB of FLASH
- 2T2R 2.4 GHz, 802.11b/g/n
- 2T2R 5 GHz, 802.11ac/n/a
- built-in 4x 3 dBi antennas
- output power (max): 500 mW (27 dBm)
- 1x RGB LED, 1x button
- built-in watchdog chipset

Flash instruction:

Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.

Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
[whitespace fixes, ac radio caldata offset fix]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-09-10 22:15:03 +02:00
Piotr Dymacz
90d8c0f0a2 ar71xx: add support for GL.iNet GL-USB150
GL.iNet GL-USB150 is an USB dongle WiFi router, based on Atheros AR9331.

Specification:

- 400/400/200 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- Realtek RTL8152B USB to Ethernet bridge (connected with AR9331 PHY4)
- 1T1R 2.4 GHz
- 2x LED, 1x button
- UART header on PCB

Flash instruction:

Vendor firmware is based on OpenWrt CC. GUI or sysupgrade can be used
to flash LEDE firmware.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-09-10 22:14:43 +02:00
Lorenzo Santina
bd24d53ea2 hostapd: fix iapp_interface option
ifname variable were not assigned due to syntax error
causing the hostapd config file to have an empty iapp_interface= option

Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
2017-09-10 08:30:32 +02:00
Jorge Amorós
e2218ea148 lantiq: ARV7519RW22: enable PCIe
Enable PCIe to make the (still unsupported) WAVE300 wireless visible to
the system.

Signed-off-by: Jorge Amorós <joramar76@yahoo.es>
2017-09-10 08:30:23 +02:00
Vittorio Alfieri
31b5069a50 lantiq: VR200v: enable PCI
Enable PCI to make the (still unsupported) WAVE300 wireless visible to
the system.

Signed-off-by: Vittorio Alfieri <vittorio88@gmail.com>
2017-09-09 10:05:05 +02:00
Thibaut VARENE
991681cf49 ramips: Archer C50v1: support US and EU versions
For the Archer C50v1, the EU and US versions are differentiated by their
respective HW additional version (0x0 for US, 0x2 for EU).

The stock web interface checks this field before flashing, making it
impossible to flash the current (US) factory image on EU hardware.

However the bootloader does not check this field, making it possible to use
a single sysupgrade image for both hardware.

This patch adds the necessary build bits to generate both EU and US factory
images, and renames the target as "Archer C50v1" since there are as of now
3 different versions of Archer C50 (all with different CPUs).

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-09 09:55:26 +02:00
Thibaut VARENE
66a8c8f04c tools/firmware-utils: mktplinkfw2: allow parameter override
This patch enables commandline override of board hw_ver and hw_ver_add

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-09 09:55:26 +02:00
Kevin Darbyshire-Bryant
09735db18b kernel: update 4.4 to 4.4.87
Fixes CVE-2017-11600

No patch refresh required

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-09 09:55:25 +02:00
Kristian Evensen
80829022b0 ramips: add support for the HNET C108
The HNET C108
(http://www.szhwtech88.com/Product-product-cid-100-id-4374.html) is a
mifi based on MT7602A, which has the following specifications:

* CPU: MT7620A
* 1x 10/100Mbps Ethernet.
* 16 MB Flash.
* 64 MB RAM.
* 1x USB 2.0 port. Only power is connected, this port is meant for
charging other devices.
* 1x mini-PCIe slots.
* 1x SIM slots.
* 1x 2.4Ghz WIFI.
* 1x button.
* 6000 mAh battery.
* 5x controllable LEDs.

Works:
* Wifi.
* Switch.
* mini-PCIe slot. Only tested with a USB device (a modem).
* SIM slot.
* Sysupgrade.
* Button (reset).

Not working (also applies to the factory firmware):
* Wifi LED. It is always switched on, there is no relation to the
up/down state or activity of the wireless interface.

Not tested:
* SD card reader.

Notes:
* The C108 has no dedicated status LED. I therefore set the LAN LED as
status LED.

Installation:
The router comes pre-installed with OpenWRT, including a variant of
Luci. The initial firmware install can be done through this UI,
following normal procedure. I.e., access the UI and update the firmware
using the sysupgrade-image. Remember to select that you do not want to
keep existing settings.

Recovery:
If you brick the device, the C108 supports recovery using TFTP. Keep the
reset button pressed for ~5sec when booting to trigger TFTP. Set the
address of the network interface on your machine to 10.10.10.3/24, and
rename your image file to Kernal.bin.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
2017-09-09 09:55:13 +02:00
Mathias Kresin
096dff8fcd kernel: rtl8306: fix port link status
In case the link changes from down to up, the register is only updated
on read. If the link failed/was down, this bit will be 0 until after
reading this bit again.

Fixes a reported link down by swconfig alebit the link is up (query for
the link again will show the correct link status)

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-08 21:52:38 +02:00
Mathias Kresin
47be42c347 lantiq: fix xrx200 switch carrier state
In conditions where none of the switch ports is connected during boot,
the priv->port[i].link != priv->port[i].phydev->link condition is false
since both link values are equal (false). The carrier of the switch
netdev is never set to off and the link state reported by ip is UNKNOWN.

Turn the carrier off if none of the switch ports has a link, regardless
whether something has been changed. Add a check for a carrier to
prevent unnecessary calls to netif_carrier_off() if the carrier is
already off.

Based on a patch send by Martin Schiller.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-08 21:48:48 +02:00
Kevin Darbyshire-Bryant
5629904ea8 dnsmasq: backport arcount edns0 fix
Don't return arcount=1 if EDNS0 RR won't fit in the packet.

Omitting the EDNS0 RR but setting arcount gives a malformed packet.
Also, don't accept UDP packet size less than 512 in received EDNS0.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-08 10:07:04 +02:00
John Crispin
23317f18bd mediatek: fix mdio schedule while atomic error
Signed-off-by: John Crispin <john@phrozen.org>
2017-09-07 10:11:45 +02:00
Kevin Darbyshire-Bryant
9a753c49ea dnsmasq: backport official fix for CVE-2017-13704
Remove LEDE partial fix for CVE-2017-13704.

Backport official fix from upstream.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
2017-09-07 08:09:54 +02:00
Matthias Schiffer
f12a5b8f6d
uclient: update to 2017-09-06
24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses
83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-09-06 15:46:03 +02:00
Kristian Evensen
f3b4e50cee ramips: fix default LED configuration
Commit 77645ffcd9 ("ramips: add support for the GnuBee Personal Cloud
One") dropped the execution permission from 01_leds with the result
that the file isn't started during first boot and no default LED
configuration is added.

Revert the introduced file permission change.

Fixes: FS#979

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[cherry picked the fix from a board support patch]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-06 08:14:23 +02:00
Hans Dedecker
995193ccdb odhcp6c: add workaround for broken extendprefix scenario
Extendprefix is typically used to extend an IPv6 RA prefix from a mobile
wan link to the LAN; such scenario requires correct RA prefix settings
like the on link flag not being set.
However some mobile manufacter set the RA prefix on link flag which breaks
basic IPv6 routing.
Work around this issue by filtering out the route being equal to the
extended prefix.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-05 14:46:18 +02:00
Mathias Kresin
6b06c2fb8e lantiq: drop kernel 4.4 support
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-05 08:43:39 +02:00