Commit graph

37778 commits

Author SHA1 Message Date
Jo-Philipp Wich
ea269c37b8 ar71xx/ipq806x/mediatek/mvebu: fix network defaults
After "73d923e base-files: emit tagged switch configuration by default"
some default network configurations are broken because the lan and wan
ifnames are forcibly set to untagged netdevs.

Adjust the offending set_interfaces_lan_wan() calls to use the proper
tagged device names.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-07 09:32:28 +01:00
Jo-Philipp Wich
62bf0d4958 arc770: fix broken upstream change
Add a patch to revert upstream commit 9aed02feae57bf7a40cb04ea0e3017cb7a998db4
which introduces syntax errors.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-07 09:32:02 +01:00
Hauke Mehrtens
985c90d102 tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
 + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
 + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
 + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
 + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
 + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
 + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
 + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
 + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
 + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
 + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
 + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
 + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
 + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
 + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
 + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
 + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
 + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
 + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
 + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
 + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
 + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
 + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
 + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
 + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
 + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
 + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
 + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
 + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
 + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
 + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
 + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
 + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
 + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
 + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
 + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
 + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().

The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk

old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-06 22:33:58 +01:00
Álvaro Fernández Rojas
196509b489 brcm2708-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-06 22:24:57 +01:00
Álvaro Fernández Rojas
dab5a44067 brcm2708: update linux 4.4 patches to latest version
n
As usual these patches were extracted and rebased from the raspberry pi repo:
https://github.com/raspberrypi/linux/tree/rpi-4.4.y

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-06 22:24:42 +01:00
Rafał Miłecki
6b01f0f196 bcm53xx: set Netgear R8000 USB LEDs
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 20:24:19 +01:00
Rafał Miłecki
fb18c3c8ff bcm53xx: refresh Linux 4.4 config
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 17:21:09 +01:00
Rafał Miłecki
f24cb34239 bcm53xx: image: use one style of adding TARGET_DEVICES entries
It just makes code consistent. This trivial change may be a 17.01
candidate to provide simpler backporting experience.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 13:59:30 +01:00
Rafał Miłecki
e991b0d741 kernel: merge b53 API patch with the one handling all switch drivers
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 13:39:45 +01:00
Jo-Philipp Wich
46b02131d7 Revert "uClibc-ng: update to 1.0.21"
This reverts commit dde5c729ec.

The uClibc update was completely untested, does not build with Kernel 4.4 and
did not adjust the configuration to predeclare new config symbols.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-06 13:04:33 +01:00
Felix Fietkau
649e766a64 mac80211: update to wireless-testing 2017-01-31
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-06 12:27:12 +01:00
Felix Fietkau
91fce81df6 kernel: add missing config symbols for 4.9
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-06 11:56:57 +01:00
Felix Fietkau
478be1d371 kernel: fix crashlog build error on 4.9
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-06 11:56:57 +01:00
Felix Fietkau
9c18235b3a kernel: add compile fix for linux 4.9 on x86
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-06 11:56:57 +01:00
Rafał Miłecki
b008357960 kernel: port b53 to use kernel 4.5+ API
For backward 4.4 compatibility I added patch reverting my changes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 11:28:54 +01:00
Rafał Miłecki
26bc05eda9 bcm53xx: move bcm47xx_sprom driver to 4.4 specific directory
In kernel 4.9 it's already present so we don't want to overwite it (with
older & API incompatible version).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 10:18:20 +01:00
Rafał Miłecki
2252627b0e bcm53xx: add Linux 4.9 patches
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 10:08:39 +01:00
Rafał Miłecki
75d48d80c7 bcm53xx: backport upstream DTS files for Linksys devices
We dont't build officialy images for them yet due to partitioning
issues.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 08:49:23 +01:00
Stijn Tintel
d2c4041f02 kernel: update kernel 4.4 to version 4.4.47
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked
broken, except arc770 and arch38 due to broken toolchain.

Runtime-tested on ar71xx, octeon, ramips and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-02-06 03:23:06 +01:00
Kevin Darbyshire-Bryant
3bef96ef18 dnsmasq: update to dnsmasq 2.77test1
Bump to dnsmasq 2.77test1 - this includes a number of fixes since 2.76
and allows dropping of 2 LEDE carried patches.

Notable fix in rrfilter code when talking to Nominum's DNS servers
especially with DNSSEC.

A patch to switch dnsmasq back to 'soft fail' for SERVFAIL responses
from dns servers is also included.  This mean dnsmasq tries all
configured servers before giving up.

A 'localise queries' enhancement has also been backported (it will
appear in test2/rc'n') this is especially important if using the
recently imported to LEDE 'use dnsmasq standalone' feature 9525743c

I have been following dnsmasq HEAD ever since 2.76 release.
Compile & Run tested: ar71xx, Archer C7 v2

Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-05 22:26:23 +01:00
Eric Luehrsen
f9f6a21c81 dnsmasq: fix instances in dhcp_add()
ref commit 9525743c07
dnsmasq: make DHCPv6 viable for standalone dnsmasq install
Above commit broke instancing by missing filter_dnsmasq()
as part of the dhcp_add() execution.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-02-05 22:26:22 +01:00
Kristian Evensen
bb7068f26c ramips: add support for Sanlinking D240
The Sanlinking Technologies D240
(http://www.sanlinking.com/en/29-dual-4g-wifi-router.html) is basically the same
device as the ZBT WE826, so adding support for it in LEDE is straight forward.
The differences is that the D240 has two mini-PCIe slots (instead of one), blue
LEDs and supports PoE.

Specification:
* CPU: MT7620A
* 1x 10/100Mbps POE (802.3af/802.3at) Ethernet, 4x 10/100Mbps.
* 16 MB Flash.
* 128 MB RAM.
* 1x USB 2.0 port.
* 2x mini-PCIe slots.
* 2x SIM slots.
* 1x 2.4Ghz WIFI.
* 1x button.

Wifi, USB, switch and both mini-PCIe slots are working. I have not been able to
test the SD card reader.

The device comes pre-installed with an older version of OpenWRT, including Luci.
In order to install LEDE, you need to follow the existing procedure for updating
OpenWRT/LEDE using Luci. I.e., you need to access the UI and update the firmware
using the sysupgrade-image. Remember to select that you do not want to keep
existing settings. The default router address is 192.168.10.1 and
username/password admin/root (at least on my devices).

If you brick the device, the procedure for recovery is the same as for the
WE826. Please see the wiki page for that device for instructions.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
2017-02-05 22:23:28 +01:00
Felix Fietkau
40fb293f24 build: add missing wildcard for ignoring .pkgdir in dependency checks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-05 22:17:30 +01:00
Arjen de Korte
07d5fc7ada dnsmasq: honor quietdhcp option for DHCPv6
Do not spam the syslog with DHCPv6 lease info if quietdhcp option
is selected. This already works for DHCPv4, make it work in the same
way for DHCPv6.

Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
[Originally written by Arjen de Korte on GitHub but had issues providing
a SoB in correct format.]
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-05 20:57:39 +01:00
Felix Fietkau
f791fb4af4 kernel: add linux 4.9 support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Tim Harvey <tharvey@gateworks.com> [fixes]
2017-02-04 20:28:14 +01:00
Joseph C. Lehner
7d00cfe9bb build: centralize fakeroot code
This patch moves the fakeroot code required by some devices to
`image-commands.mk`.

Create the fakeroot on the fly by using the undocumented -s (skip copy)
parameter of mkimage.

Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
[remove unused NETGEAR_KERNEL_MAGIC, remove workarounds to have a dummy
rootfs for mkimage]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-04 13:46:48 +01:00
Mathias Kresin
c1eae7a7b8 ramips: fix Airlink AR725W device title
Gemtek is the ODM but the board was sold by Airlink101.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-04 13:46:48 +01:00
Mathias Kresin
1ba7fa652c ramips: fix Airlink AR725W factory image build
The factory image can't be bigger than 3328 KByte. If the image is
bigger than that, the gemtek-header tool throws an error and breaks
the build.

Make sure the output file to which the gemtek header should be added
exists and wasn't removed during the check-size step because of it
size. This will prevent hard errors in case the factory image is to big
similar to what is done for sysupgrade images.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-04 13:46:48 +01:00
Felix Fietkau
785f2a70da ubus: update to the latest version
Adds the following fixes:

91acde6 libubus: do not modify uloop_cancelled
763b9b2 libubus: reset ctx->sock.eof to fix reconnect issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-04 10:42:30 +01:00
Felix Fietkau
da93c15fd2 libubox: update to the latest version
Adds the following changes:

de3f14b uloop: add uloop_cancelling function
3b6181b utils: fix build on Mac OS X 10.12
7f671b1 blobmsg: add support for double
0fe1374 utils: add helper functions useful for allocating a ring buffer
8fc1c30 libubox: replace strtok with _r version.
4a9f74f libubox: allow reading out the pid of uloop process in lua
372e1e6 uloop: remove useless epoll data assignment
f9db1cb libubox: allow reading out the remaining time of a uloop timer in Lua

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-04 10:19:15 +01:00
Felix Fietkau
a5990b1a39 mt76: update to the latest version, fixes a MAC address handling regression
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-04 10:17:42 +01:00
Hannu Nyman
c980147527 ipq806x: fix wireless macs
Commit 71a39b8 ("ipq806x: Fix wireless support for Netgear Nighthawk X4S
D7800") added a trailing TAB char after the backslash which prevents
the assignment of the correct MACs for wifi devices.

Fixes: FS#451

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
[reworded commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-03 19:31:45 +01:00
Felix Fietkau
1a52d11d38 kernel: update phy drivers for 4.9
add backport patches for older kernels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-03 12:35:44 +01:00
Felix Fietkau
402193baa1 kernel: update mtdsplit for linux 4.9
add backport patches for older kernels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-03 12:35:44 +01:00
Felix Fietkau
eccb2e5e59 acx-mac80211: fix scan API error that could lead to a crash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-03 12:35:44 +01:00
Rafał Miłecki
50efd403e6 bcm53xx: set WAN MAC address to don't share one with LAN interface
After analyzing numerous NVRAMs and vendor firmwares it seems the base
MAC address is used for LAN interface. WAN interface has different one
which sometimes is set directly in NVRAM and sometines needs to be
calculated.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-03 07:50:59 +01:00
Piotr Dymacz
a4d12aed30 ar71xx: image: fix DEVICE_TITLE for several devices
Be consistent with form and format of the vendor names.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-02-03 05:10:14 +01:00
Piotr Dymacz
c3ef8daff4 ar71xx: fix indentation in Kconfig.openwrt
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-02-03 05:10:14 +01:00
Piotr Dymacz
cc1fb9662c ar71xx: drop help sections from Kconfig.openwrt
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-02-03 05:10:14 +01:00
Piotr Dymacz
bed9729587 ar71xx: fix up mikrotik subtarget kernel config
Disable all devices which do not belong to the mikrotik subtarget.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-02-03 05:10:14 +01:00
Piotr Dymacz
670e14ed70 ar71xx: fix up nand subtarget kernel config
Disable all devices which do not belong to the nand subtarget.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-02-03 05:10:14 +01:00
Piotr Dymacz
4fe92554ac ar71xx: select ATH79_NVRAM only by boards actually use it
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-02-03 05:10:14 +01:00
Giuseppe Lippolis
f9f636b94e rt5350: added pcm interface in .dtsi
Added the missing audio pcm interface in the .dtsi file for the rt5350
device. The update has been verified from the data get from the datasheet
and is very similar to the mt7620a.dtsi

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2017-02-03 05:10:13 +01:00
Brandon Koepke
9df777d181 openvpn: adding key_direction to append_params.
key_direction shows up as an openvpn option in the user-interface but does not end up in the /var/etc/openvpn*.conf file. Adding it to the list here fixed the issue for me.

Signed-off-by: Brandon Koepke <bdkoepke@fastmail.com>
2017-02-03 05:10:09 +01:00
Mathias Kresin
a0888ecbaf generic: rtl8366rb: fix compatible string
Use a vendor prefix as it has to be for all not core driver. Update the
compatible string in the device tree files accordingly.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-03 00:46:03 +01:00
Mathias Kresin
2c4d81310f ramips: fix Sercomm NA930 compatible string
The Sercomm NA930 is not a mt7620a evaluation board and shouldn't use
the eval board compatible string.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-03 00:46:03 +01:00
Mathias Kresin
2281f9929b ramips: remove Planex CS-QR10 sound device tree node
The comptible string is neither added by any LEDE patch nor exists in
in the kernel. Drop the sound node which was obviously added
accidentally with 9195d8da ("ramips: DTS rework").

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-03 00:45:55 +01:00
Mathias Kresin
05b1fcc70b ramips: cleanup SPI flash device tree properties usage
Use only the jedec,spi-nor compatible string. Everything else either
never worked or is only support to keep compatibility.

Remove the linux,modalias property. It is obsolete since kernel 4.4.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-02 22:48:54 +01:00
André Valentin
063d5a61e5 generic: mtd: update settings of mx25u3235f
This patch enabled 4K, dual and quad read. Settings have been verified with
a real device.

Signed-off-by: André Valentin <avalentin@marcant.net>
2017-02-02 22:48:54 +01:00
André Valentin
8725d1cffa ipq806x: fixup nbg6817 internal mmc and switch configuration in DTS
The setting mmc-ddr-1_8v in the platform dts leads to read errors. The
device is unusable and system reboots in a loop. Because NBG6817 is the
only mmc device, I removed it in base dts.

The second change removes settings now present in base dts.

The third change references was a wrong conversion of constants in the switch settings.
Switch now initializes again.

Signed-off-by: André Valentin <avalentin@marcant.net>
2017-02-02 22:48:33 +01:00