Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
CONFIG_SG_POOL symbol is selected only by CONFIG_SCSI, since the last
one is disabled by default then disable CONFIG_SG_POOL by default too.
And explicitly enable it only for platforms that use CONFIG_SCSI.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
This patch adds support for the Ubiquiti EdgeRouter X-SFP and
improves support for the EdgeRouter X (PoE-passthrough).
Specification:
- SoC: MediaTek MT7621AT
- Flash: 256 MiB
- RAM: 265 MiB
- Ethernet: 5 x LAN (1000 Mbps)
- UART: 1 x UART on PCB (3.3V, RX, TX, GND) - 57600 8N1
- EdgeRouter X:
- 1 x PoE-Passtrough (Eth4)
- powered by Wallwart or passive PoE
- EdgeRouter X-SFP:
- 5 x PoE-Out (24V, passive)
- 1 x SFP (unknown status)
- powered by Wallwart (24V)
Doesn't work:
* SoC has crypto engine but no open driver.
* SoC has nat acceleration, but no open driver.
* This router has 2MB spi flash soldered in but MT
nand/spi drivers do not support pin sharing,
so it is not accessable and disabled. Stock
firmware could read it and it was empty.
Installation
via vendor firmware:
- build an Initrd-image (> 3MiB) and upload the factory-image
- initrd can have luci-mod-failsafe
- flash final firmware via LuCI / sysupgrade on rebooted system
via TFTP:
- stop uboot into tftp-load into option "1"
- upload factory.bin image
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
The "reserved" partition should probably be read-only, just in case. Even
not knowing it's content, other devices have marked it as such, so it
seems a good idea to do so also for this device.
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
CC: Mathias Kresin <dev@kresin.me>
CC: Hanqing Wong <hquu@outlook.com>
All targets with NAND support should gradually move their nand_do_upgrade
calls from platform_pre_upgrade to platform_do_upgrade.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Neither the AsiaRF AWM002 or AWM003 actually has an LED on the module
board. The ld1 and ld2 do not represent actual LEDs. These pins might
connect to LEDS on an eval board or other carrier board, but that is
outside the scope of this device tree file.
Signed-off-by: Russell Senior <russell@personaltelco.net>
This patch adds supports for the GL-inet GL-MT300N-V2.
Specification:
- SoC: MediaTek MT7628AN
- Flash: 16 MiB (W25Q128FVSG)
- RAM: 128 MiB DDR
- Ethernet: 1 x WAN (100 Mbps) and 1 x LAN (100 Mbps)
- USB: 1 x USB 2.0 port
- Button: 1 x switch button, 1 x reset button
- LED: 3 x LEDS (system power led is not GPIO controller)
- UART: 1 x UART on PCB (JP1: 3.3V, RX, TX, GND)
Installation through Luci:
- The original firmware is LEDE, so both LuCI or sysupgrade can be used.
- Do not keep settings, for sysupgrade please use the -n option.
Installation through bootloader webserver:
- Plug power and hold reset button until red LED blink to bright.
- Install sysupgrade image using web interface on 192.168.1.1.
Signed-off-by: Kyson Lok <kysonlok@gmail.com>
[match maximum image size with firmware partition]
Signed-off-by: Mathias Kresin <dev@kresin.me>
This PR allow the 3G modem embedded in the DWR-512 to be managed
by the wwan-ncm scripts. The modem will use the usb-option and
usb-cdc-ether drivers.
The DWR-512 DT is updated accordingly.
Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
Refresh patches. A number of patches have landed upstream & hence are no
longer required locally:
062-[1-6]-MIPS-* series
042-0004-mtd-bcm47xxpart-fix-parsing-first-block
Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup
as it was incorrectly included upstream thus dropped from LEDE.
As it has now been reverted upstream it needs to be included again for
LEDE.
Run tested ar71xx Archer C7 v2 and lantiq.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[update from 4.4.68 to 4.4.69]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add missing include of ramips.sh in order to import the missing
ramips_board_name() procedure.
Fixes FS#774.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Specification:
- SoC: MediaTek MT7620A (580 MHz)
- RAM: 64 MiB (Winbond W9751G6JB-25)
- Flash: 16 MiB (Spansion S25FL128SAIF00)
- LAN: x4 100M
- WAN: x1 100M
- Others: USB 2.0, reset button, wps button and 9 LEDs
Issues:
- 5 GHz band is not functional (missing driver support)
Installation:
Asus windows recovery tool:
- install the Asus firmware restoration utility
- unplug the router, hold the reset button while powering it on
- release when the power LED flashes slowly
- specify a static IP on your computer:
IP address: 192.168.1.75;
Subnet mask 255.255.255.0
- Start the Asus firmware restoration utility, specify the sysupgrade
image, and press upload
TFTP Recovery method:
- set computer to a static ip, 192.168.1.75
- connect computer to the LAN 1 port of the router
- hold the reset button while powering on the router for a few seconds
- send firmware image using a tftp client; i.e from linux:
$ tftp
tftp> binary
tftp> connect 192.168.1.1
tftp> put lede-ramips-mt7620-rt-ac51u-squashfs-sysupgrade.bin
tftp> quit
Signed-off-by: Ørjan Malde <foxyred333@gmail.com>
This device exactly same as NBG-419N but with USB port and USB Led.
Specification:
- SoC: Ralink RT3052 (MIPS24Kc) @384MHz
- RAM: 32 MiB
- Flash: 8 MiB
- WLAN: WiSoC 2T2R/300Mbps (2.4GHz)
- LAN: 4x100M
- WAN: 1x100M
- USB: 1x2.0
Installation via serial console (57600 8N1) from TFTP server
- rename the firmware to something shorter, for example
"sysupgrade.bin" (max. 32 chars)
- copy firmware TFTP server's directory
- when you power on device, and see U-Boot log, immediatly push "2"
once.
- You will see this message:
2: System Load Linux Kernel then write to Flash via TFTP.
Warning!! Erase Linux in Flash then burn new one. Are you sure?
- Push "y", and enter: device IP, then TFTP server's IP, and then
image firmware file name.
The firmware will be downloaded within ~30 seconds and flashed to the
device (It will take about 2 minutes).
Signed-off-by: Alexey Belyaev <spider@spider.vc>
[squash commits, compact commit message, fix compatible string, remove
superfluous pinmuxes]
Signed-off-by: Mathias Kresin <dev@kresin.me>
In order to have a smaller initramfs image remove all packages not
needed on all devices and add them explicitely for those actually
needing them. Also remove wpad-mini from ramips default package set
and add it to all sub-targets except for MT7621.
While at it reorder packages alphabetically and replace kmod-mt76 with
kmod-mt7603 and/or kmod-mt76x2 depending on the chip actually used on
a specific board.
Hopefully fixes FS#758
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add the changes suggested by FS#716 to fix the switch driver initialization
on the ZTE Q7.
Also remove the `pinctrl-names` field obsoleted by the changes.
Reported-by: Harry Lau <harrylwc@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fix a copy/paste error and include the ZBT-WE826 dtsi instead of the
ZBT-WG3526 one.
Fix the syntax error in the ZBT-WE826 dtsi to prevent an compile error.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The ZBT-WG826 is available with 16 or 32 MByte of flash. Split the
device tree source file, rename the currently supported 16 MByte
version and add the 32 MByte variant.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The Digineo AC1200 Pro is the 32MB flash variant of the ZBT-WG3526 with
unpopulated/exposed sdhci slot. Rename to board to the OEM/ODM name and
add the sdhci kernel module to use it for multiple clones.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The ZBT-WG3526 is available with 16 or 32 MByte of flash. Rename the
current supported 16MByte version to indicate which flash size variant
is supported.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Specification:
- SoC: MT7621AT, MT7603EN and MT7612EN
- Flash: 16 MiB (W25Q128FVSG)
- RAM: 512 MiB (EM6GE16EWXD-12H)
- Ethernet: 1 x WAN (10/100/1000Mbps) and 4 x LAN (10/100/1000 Mbps)
- Others: USB 2.0, micro SD slot, reset button and 8 x LEDs
Issues:
- Two LEDs for 2.4 GHz and 5 GHz Wi-Fi do not work, can't find GPIOs.
- The pwr LED is not GPIO controllable
How to install:
- The original firmware is OpenWrt, so both LuCI or sysupgrade can be used.
- Do not keep settings, for sysupgrade please use the -n option.
Signed-off-by: Jiawei Wang <buaawjw@gmail.com>
The wan port is connected to switch port 0. Fix the mediatek,portmap as
well as the default switch config.
Signed-off-by: Alexey Belyaev <spider@spider.vc>
Use fixed led names and add each board variant instead of manipulating
the board name.
It makes the ramips board name function less different to the one used
in other targets and allows to merge them with a common function.
Signed-off-by: Mathias Kresin <dev@kresin.me>
We need to keep the former used (unmodified) boardname in the metadata.
Otherwise an upgrade from an board using the old boardname will be
refused.
Fixes: a75ce960ac ("ramips: use different board names for variants")
Signed-off-by: Mathias Kresin <dev@kresin.me>
PSG1218 got only 4 Ethernet ports and WAN on port 3 while
PSG1218K2C got 5 Ethernet ports and WAN on port 4
Switch to use kmod-kt76x2 instead of kmod-mt76 for both devices while
at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The Netgear R6220 requires the kmod-usb3 package and misses
kmod-usb-ledtrig-usbport package to setup the configured usb led
trigger.
Drop the already target selected kmod-mt76.
Fixes: FS#686
Fixes: 38bee61dab ("ramips: add support for Netgear R6220")
Signed-off-by: Mathias Kresin <dev@kresin.me>
Fix the PCIe 5GHz wireless by using the on flash eeprom/caldata.
Disable the 2.4GHz band as this band has no antennas attached but is
enabled in the eeprom/caldata.
Fixes: FS#691
Signed-off-by: Mathias Kresin <dev@kresin.me>
Fix the PCIe 5GHz wireless by using the ralink mtd-eeprom property as
this board have a RT5592 and uses the rt2x00 driver. The mediathek
device tree bindings do not work here.
Fixes: FS#691
Fixes: d8dd207ea6 ("ramips: use the ralink,mtd-eeprom device tree property")
Signed-off-by: Mathias Kresin <dev@kresin.me>
The factory image has an uImage header covering the entire image and
not only the kernel. The original uImage header which covers only the
kernel is appended to the end of the image.
During LEDE boot the uImage rootfs splitter skips the whole filesystem,
can't find a valid filesystem magic and panics.
The last known working version was OpenWrt 14.07, which simply kept on
searching for an uImage header if the first found didn't resulted into
a working rootfs. This behaviour is kind of error prone since it could
produce false positives.
Since the sysupgrade image works fine in combination with the tftp
recovery for doing the initial installation of LEDE, simply drop the
factory image.
Related: FS#462
Signed-off-by: Mathias Kresin <dev@kresin.me>
