Commit graph

39275 commits

Author SHA1 Message Date
Kevin Darbyshire-Bryant
69ac637fbb mbedtls: update to 2.6.0 CVE-2017-14032
Fixed an authentication bypass issue in SSL/TLS. When the TLS
authentication mode was set to 'optional',
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
peer's X.509 certificate chain had more than
MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
it was not trusted. This could be triggered remotely on both the client
and server side. (Note, with the authentication mode set by
mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
was correctly aborted).

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Magnus Kroken <mkroken@gmail.com>
2017-09-11 01:56:14 +02:00
Stijn Tintel
21014d9708 tcpdump: bump to 4.9.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Stijn Tintel
910e3bed12 lldpd: bump to 0.9.8
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Enrique Giraldo
b8b410fba3 ar71xx: add metadata to wpj344 and wpj558 images
This adds metadata to wpj344 and wpj558 images to prevent loading
firmware of wpj344 into wpj558 and vice versa. This until now was
possible and break the units and had to be recovered from the uboot.

Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
2017-09-10 22:15:04 +02:00
Enrique Giraldo
71067e3b79 ar71xx: wpj558: remove unused eth1 device and fix MAC address
Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
2017-09-10 22:15:04 +02:00
Enrique Giraldo
fefdb1e0b9 ar71xx: add support for COMFAST CF-E355AC
COMFAST CF-E355AC is a ceiling mount AP with PoE support, based on
Qualcomm/Atheros QCA9531 + QCA9882.

Short specification:

- 2x 10/100 Mbps Ethernet, with PoE support
- 64MB of RAM (DDR2)
- 16 MB of FLASH
- 2T2R 2.4 GHz, 802.11b/g/n
- 2T2R 5 GHz, 802.11ac/n/a
- built-in 4x 3 dBi antennas
- output power (max): 500 mW (27 dBm)
- 1x RGB LED, 1x button
- built-in watchdog chipset

Flash instruction:

Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.

Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
[whitespace fixes, ac radio caldata offset fix]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-09-10 22:15:03 +02:00
Piotr Dymacz
90d8c0f0a2 ar71xx: add support for GL.iNet GL-USB150
GL.iNet GL-USB150 is an USB dongle WiFi router, based on Atheros AR9331.

Specification:

- 400/400/200 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- Realtek RTL8152B USB to Ethernet bridge (connected with AR9331 PHY4)
- 1T1R 2.4 GHz
- 2x LED, 1x button
- UART header on PCB

Flash instruction:

Vendor firmware is based on OpenWrt CC. GUI or sysupgrade can be used
to flash LEDE firmware.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-09-10 22:14:43 +02:00
Lorenzo Santina
bd24d53ea2 hostapd: fix iapp_interface option
ifname variable were not assigned due to syntax error
causing the hostapd config file to have an empty iapp_interface= option

Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
2017-09-10 08:30:32 +02:00
Jorge Amorós
e2218ea148 lantiq: ARV7519RW22: enable PCIe
Enable PCIe to make the (still unsupported) WAVE300 wireless visible to
the system.

Signed-off-by: Jorge Amorós <joramar76@yahoo.es>
2017-09-10 08:30:23 +02:00
Vittorio Alfieri
31b5069a50 lantiq: VR200v: enable PCI
Enable PCI to make the (still unsupported) WAVE300 wireless visible to
the system.

Signed-off-by: Vittorio Alfieri <vittorio88@gmail.com>
2017-09-09 10:05:05 +02:00
Thibaut VARENE
991681cf49 ramips: Archer C50v1: support US and EU versions
For the Archer C50v1, the EU and US versions are differentiated by their
respective HW additional version (0x0 for US, 0x2 for EU).

The stock web interface checks this field before flashing, making it
impossible to flash the current (US) factory image on EU hardware.

However the bootloader does not check this field, making it possible to use
a single sysupgrade image for both hardware.

This patch adds the necessary build bits to generate both EU and US factory
images, and renames the target as "Archer C50v1" since there are as of now
3 different versions of Archer C50 (all with different CPUs).

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-09 09:55:26 +02:00
Thibaut VARENE
66a8c8f04c tools/firmware-utils: mktplinkfw2: allow parameter override
This patch enables commandline override of board hw_ver and hw_ver_add

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-09 09:55:26 +02:00
Kevin Darbyshire-Bryant
09735db18b kernel: update 4.4 to 4.4.87
Fixes CVE-2017-11600

No patch refresh required

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-09 09:55:25 +02:00
Kristian Evensen
80829022b0 ramips: add support for the HNET C108
The HNET C108
(http://www.szhwtech88.com/Product-product-cid-100-id-4374.html) is a
mifi based on MT7602A, which has the following specifications:

* CPU: MT7620A
* 1x 10/100Mbps Ethernet.
* 16 MB Flash.
* 64 MB RAM.
* 1x USB 2.0 port. Only power is connected, this port is meant for
charging other devices.
* 1x mini-PCIe slots.
* 1x SIM slots.
* 1x 2.4Ghz WIFI.
* 1x button.
* 6000 mAh battery.
* 5x controllable LEDs.

Works:
* Wifi.
* Switch.
* mini-PCIe slot. Only tested with a USB device (a modem).
* SIM slot.
* Sysupgrade.
* Button (reset).

Not working (also applies to the factory firmware):
* Wifi LED. It is always switched on, there is no relation to the
up/down state or activity of the wireless interface.

Not tested:
* SD card reader.

Notes:
* The C108 has no dedicated status LED. I therefore set the LAN LED as
status LED.

Installation:
The router comes pre-installed with OpenWRT, including a variant of
Luci. The initial firmware install can be done through this UI,
following normal procedure. I.e., access the UI and update the firmware
using the sysupgrade-image. Remember to select that you do not want to
keep existing settings.

Recovery:
If you brick the device, the C108 supports recovery using TFTP. Keep the
reset button pressed for ~5sec when booting to trigger TFTP. Set the
address of the network interface on your machine to 10.10.10.3/24, and
rename your image file to Kernal.bin.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
2017-09-09 09:55:13 +02:00
Mathias Kresin
096dff8fcd kernel: rtl8306: fix port link status
In case the link changes from down to up, the register is only updated
on read. If the link failed/was down, this bit will be 0 until after
reading this bit again.

Fixes a reported link down by swconfig alebit the link is up (query for
the link again will show the correct link status)

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-08 21:52:38 +02:00
Mathias Kresin
47be42c347 lantiq: fix xrx200 switch carrier state
In conditions where none of the switch ports is connected during boot,
the priv->port[i].link != priv->port[i].phydev->link condition is false
since both link values are equal (false). The carrier of the switch
netdev is never set to off and the link state reported by ip is UNKNOWN.

Turn the carrier off if none of the switch ports has a link, regardless
whether something has been changed. Add a check for a carrier to
prevent unnecessary calls to netif_carrier_off() if the carrier is
already off.

Based on a patch send by Martin Schiller.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-08 21:48:48 +02:00
Kevin Darbyshire-Bryant
5629904ea8 dnsmasq: backport arcount edns0 fix
Don't return arcount=1 if EDNS0 RR won't fit in the packet.

Omitting the EDNS0 RR but setting arcount gives a malformed packet.
Also, don't accept UDP packet size less than 512 in received EDNS0.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-08 10:07:04 +02:00
John Crispin
23317f18bd mediatek: fix mdio schedule while atomic error
Signed-off-by: John Crispin <john@phrozen.org>
2017-09-07 10:11:45 +02:00
Kevin Darbyshire-Bryant
9a753c49ea dnsmasq: backport official fix for CVE-2017-13704
Remove LEDE partial fix for CVE-2017-13704.

Backport official fix from upstream.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
2017-09-07 08:09:54 +02:00
Matthias Schiffer
f12a5b8f6d
uclient: update to 2017-09-06
24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses
83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-09-06 15:46:03 +02:00
Kristian Evensen
f3b4e50cee ramips: fix default LED configuration
Commit 77645ffcd9 ("ramips: add support for the GnuBee Personal Cloud
One") dropped the execution permission from 01_leds with the result
that the file isn't started during first boot and no default LED
configuration is added.

Revert the introduced file permission change.

Fixes: FS#979

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[cherry picked the fix from a board support patch]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-06 08:14:23 +02:00
Hans Dedecker
995193ccdb odhcp6c: add workaround for broken extendprefix scenario
Extendprefix is typically used to extend an IPv6 RA prefix from a mobile
wan link to the LAN; such scenario requires correct RA prefix settings
like the on link flag not being set.
However some mobile manufacter set the RA prefix on link flag which breaks
basic IPv6 routing.
Work around this issue by filtering out the route being equal to the
extended prefix.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-05 14:46:18 +02:00
Mathias Kresin
6b06c2fb8e lantiq: drop kernel 4.4 support
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-05 08:43:39 +02:00
Edward O'Callaghan
e0d6f541f7 lantiq: switch to kernel 4.9
Signed-off-by: Edward O'Callaghan <funfunctor@folklore1984.net>
2017-09-05 08:43:39 +02:00
Kevin Darbyshire-Bryant
9c82861cb8 kernel: update 4.4 to 4.4.86
Refresh patches

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-05 08:43:39 +02:00
Daniel Gonzalez Cabanelas
3c97bad0c2 ar71xx: WNDR4300: use the switch LED trigger on the WAN port
The WAN port on the Netgear WNDR4300 router has two LEDs,
amber and green. Use the switch LED trigger to behave as the
rest of the LAN HW controlled LEDs
- Green: 1 Gbps
- Amber: 100/10 Mbps

Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
2017-09-05 08:43:39 +02:00
John Crispin
5117911d91 ramips: fix mt76x8 dependencies
The commit merging mt7628 and mt7688 failed to update some
dependencies.

Signed-off-by: John Crispin <john@phrozen.org>
2017-09-05 08:08:36 +02:00
Kuang Rufan
69323a0c07 ar71xx: add support for TL-WR1041N(v2) LAN/WAN LEDs.
1. Add support to LAN/WAN LEDs attached to ar8327.
2. Fix the problem that LAN/WAN LEDs does not blink in hardware (auto)
   mode when connected to 10M/100M ethernet.

Signed-off-by: Kuang Rufan <master@a1983.com.cn>
2017-09-04 12:48:23 +02:00
Hans Dedecker
05c3647d35 odhcp6c: add ra_holdoff config option and update to git HEAD version (FS#964)
51733a6 ra: align RA update interval with RFC4861 (FS#964)

Add ra_holdoff config option which allows to configure the RA minimum
update interval which is by default 3 seconds as stated in RFC4861.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-03 21:34:48 +02:00
Stijn Tintel
046618f5da kernel: update 4.9 to 4.9.47
Refresh patches.
Compile-tested on ramips/mt7621 and x86/64.
Runtime-tested on ramips/mt7621 and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 22:06:28 +03:00
Stijn Tintel
ef255fc57e base-files: add /etc/profile.d to conffiles
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 01:27:46 +03:00
Stijn Tintel
8446d3de05 base-files: order conffiles alphabetically
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 01:27:46 +03:00
Hans Dedecker
80e2ee3e64 ubox: update to git HEAD version
b1bc8d5 kmodloader: log error message in case of out of memory
f346111 kmodloader: lift restriction on module alias info
f1ef2c3 kmodloader: fix possible segfaults
9cb63df kmodloader: fix endianess check
2cff779 kmodloader: Check module endian before loading
d54f38a kmodloader/get_module_info: initialized aliases to make it more clean
a0b6fef kmodloader: insmod: fix a memoryleak in error case
278c4c4 kmodloader/get_module_name: null-terminate the string
16f7e16 syslog: remove unnecessary sizeof struct between messages

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-01 16:05:59 +02:00
John Crispin
b957e455eb rukes.mk: this patch broken grub2 builds
Revert "rules.mk: add missing CPP definition"

This reverts commit 569f74ef49.

Signed-off-by: John Crispin <john@phrozen.org>
2017-09-01 10:17:22 +02:00
Thibaut VARENE
c30a70fc9f generic: make switch_port_stats tx/rx_bytes long long
This generic structure defines tx_bytes and rx_bytes as unsigned long (u32),
while several devices would typically report unsigned long long (u64).

The code can work as is, but there's a chance that with a sufficiently fast
interface the overflow might happen too fast to be correctly noticed by the
consumers of this data.

This patch makes both field unsigned long long and updates the only known
consumer of this data: swconfig_leds.c

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-01 09:30:35 +02:00
Thibaut VARENE
0369e35891 generic: provide get_port_stats() on rtl836x switches
This patch provides a generic switch_dev_ops 'get_port_stats()' callback by
taping into the relevant port MIB counters.

This callback is used by swconfig_leds led trigger to blink LEDs with port
network traffic.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-01 09:30:35 +02:00
Thibaut VARENE
3056d09b40 generic: provide get_port_stats() on b53 switches
This patch provides a generic switch_dev_ops 'get_port_stats()' callback by
taping into the relevant port MIB counters.

This callback is used by swconfig_leds led trigger to blink LEDs with port
network traffic.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-01 09:30:35 +02:00
Thibaut VARENE
4ddbc43cc1 generic: provide get_port_stats() on adm6996 switches
This patch provides a generic switch_dev_ops 'get_port_stats()' callback by
taping into the relevant port MIB counters.

This callback is used by swconfig_leds led trigger to blink LEDs with port
network traffic.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-01 09:30:35 +02:00
Thibaut VARENE
4d8a66d934 generic: provide get_port_stats() on ar8xxx switches
This patch provides a generic switch_dev_ops 'get_port_stats()' callback by
taping into the relevant port MIB counters.

The implementation uses a generic callback that select the correct MIB counter
index based on chip version.

This callback is used by swconfig_leds led trigger to blink LEDs with port
network traffic.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-01 09:30:35 +02:00
Thibaut VARENE
2b3ab0208e ramips: provide get_port_stats() on mt7530/762x switches
This patch provides a generic switch_dev_ops 'get_port_stats()' callback by
taping into the relevant port MIB counters.

This callback is used by swconfig_leds led trigger to blink LEDs with port
network traffic.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-01 09:30:35 +02:00
Karl Palsson
7a423c389a procd: mdns: Support txt values with spaces
Properly quote the arguments so that you can register a service with TXT
entries that contains spaces.

Example:
   procd_add_mdns myservice tcp 9999 "key=descriptive text field 1" \
         "another=something equally verbose"

Output before:
$ avahi-browse -r -v _myservice._tcp
_myservice._tcp      local
   hostname = [blah.local]
   address = [192.168.255.74]
   port = [9999]
   txt = ["verbose" "equally" "another=something" "1" "field" "text" "key=descriptive"]

Output now:
$ avahi-browse -r -v _myservice._tcp
_myservice._tcp      local
   hostname = [blah.local]
   address = [192.168.255.74]
   port = [9999]
   txt = ["another=something equally verbose" "key=descriptive text field 1"]

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-09-01 08:58:09 +02:00
John Crispin
12930fc045 Revert "dropbear: Link ssh and scp command to /bin instead of /usr/bin"
This reverts commit f7528ed0a8.

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-31 21:09:13 +02:00
Kevin Darbyshire-Bryant
3435de8c16 kernel: update 4.4 to 4.4.85
Refresh patches

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-08-31 19:14:52 +02:00
João Chaínho
61027e3430 ar71xx: fix switch port numbering on RB750r2 and RB750UPr2
This patch fixes the switch port numbering on Mikrotik RB750r2 (hEX lite) and RB750UPr2 (hEX PoE lite).
Tested on a RB750UPr2. Maybe this patch is applicable to other devices (e.g. RB951Ui-2nD, RB952Ui-5ac2nD) but I have no way to test them.

Signed-off-by: João Chaínho <joaochainho@gmail.com>
2017-08-31 19:14:52 +02:00
Rosen Penev
f7528ed0a8 dropbear: Link ssh and scp command to /bin instead of /usr/bin
ssh and scp commands interfere with OpenSSH when installed in /usr/bin .

One use case is when installing dropbear to get root access when only OpenSSH is available (OpenSSH disallows root password logins). Once dropbear installs, it replaces OpenSSH's executables, even when removed with opkg. OpenSSH must be reinstalled to get them back.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-08-31 19:14:43 +02:00
Koen Vandeputte
c56448e2cf musl: update to 1.1.16+ git HEAD 2017-08-30
Fixes critical issues for memset() & fflush()

Changes:

5f7efb8 move IPPORT_RESERVED from netdb.h to netinet/in.h
5f3b652 add powerpc64 and s390x to list of supported archs in INSTALL
file
9d4c902 fix undefined behavior in memset due to missing sequence points
c7f56b4 __init_libc: add fallbacks for __progname setup
cc08669 add SIOCGSTAMPNS socket ioctl macro to ioctl.h
02b50c9 fix mips ioctl macros to match linux asm/sockios.h
670d6d0 fix unsynchronized access to FILE structure in fflush(0)

Tested on cns3xxx & imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-08-31 19:09:47 +02:00
Magnus Kroken
89f8a01dab busybox: update to 1.27.2
Refresh patches, delete patches backported from upstream.

This fixes ntpd sync issues (ntpd would not sync if the first provided
peer address was unreachable).

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-08-30 22:34:41 +02:00
Ram Chandra Jangir
9adfeccd84 uboot-envtools: Add support for IPQ806x AP148 and DB149
IPQ806x AP148 and DB149 boards didn't have the UCI ubootenv
section initialized, so the usage of fw_printenv required manual
configuration. With this change, the "fw_printenv" and "fw_setenv"
command will automatically work on NOR and NAND based platforms.

Signed-off-by: Ram Chandra Jangir <rjangir@codeaurora.org>
2017-08-30 18:12:48 +02:00
Daniel Golle
a3c0d5f70a busybox: move passwd applet to /bin
busybox currently installs passwd into /usr/bin which prevents its
'full' shadow-utils variant from being installed.
Move the passwd applet to /bin to avoid that collision.
shadow also provides /usr/bin/login which doesn't collide with busybox
as the busybox login applet is installed at /bin/login.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-08-30 18:12:48 +02:00
Daniel Golle
a63eb74bce busybox: move traceroute applets to /bin
busybox currently installs traceroute and traceroute6 into /usr/bin
which prevents their 'full' iputils variants from being installed.
Move those applets to /bin so they can coexist with their iputils
siblings using the same PATH convention already applied for coreutils
and other drop-in 'full' versions.
Refresh existing patch while at it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-08-30 18:12:48 +02:00