Upstream OpenSSL hardening work introduced a change in shared code that
causes polarssl / mbedtls builds to break when no --tls-cipher is specified.
Import the upstream fix commit as patch until the next OpenVPN release gets
released and packaged.
Reported-by: Sebastian Koch <seb@metafly.info>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
With the addition of /etc/os-release patching lldpd to use
/etc/openwrt_release and to have the initscript use
/etc/openwrt_release and/or /etc/openwrt_version becomes
unnecessary.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
- Add missing macro to trigger the generation of 64k padded squashfs images
- Revert Zcomax image generation to use the prepared 64k squashfs image
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- Remove old style device profiles and convert them to device definitions
within the image building code
- Fix the legacy build macros for the changed eval depth in the legacy
image build wrapper
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This patch is already included in the Linux mainline kernel since
v3.15, remove it from LEDE, see the lines directly before this patch.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch was introduced in commit r16412 for the brcm47xx target only
and then moved to generic in commit r32395. It was initially added
because of ticket #5186 and should fix some problems with fuse file
systems and MIPS caches. The commit comment in r32395 says that this a
generic problem in MIPS CPUs, but does not name any specifics about
that. There was a fix added to kernel 2.6.21 in commit commit
7575a49f20 "[MIPS] Implement flush_anon_page()." that should fix this
problem, but that was already available before both commits were done
to OpenWrt.
I just tested fuse with ntfs.3g without this patch on a BCM4704
(BMIPS3300 V0.6) SoC and haven't seen any problems. Someone reported
that removing this patch improves some fuse operations by 5 times on
some modern MIPS cores.
My test was only a simple "dd if=/dev/zero of=/mnt/zero bs=5000" to an
USB stick.
This patch removes the patch to OpenWrt, because I assume that it is
not needed any more and Felix, the orginal author, also thinks so.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
There are 2 issues fixed by this patch:
- UDP checksum is computed incorrectly, the used pseudo IP header
contains transport protocol 6 iso 17
- on big endian arches the UDP/TCP checksum is incorrectly
computed when payload length is odd
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh patch]
If KERNEL_INITRAMFS := in the target/linux/*/image/Makefile->Device/%NAME% section is set to ''
then personal initramfs file for this target device will not be created.
This var is similar to the Device/Build/kernel KERNEL_INSTALL :=
Signed-off-by: Sergey Sergeev <adron@yapic.net>
Should fix LAN speed issues on some devices. This is an updated version
of the previously reverted commit with the same name.
It improves the check for MACs connected to a built-in switch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The copy on the mirror has a different md5sum as specified in this
package Makefile. The content of the file on the mirror is the same as
in the checkout so just update our md5sum.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Instead of downloading the firmware from some website take it from
linux-firmware package and do not download it separately any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit 59e98b27c9.
and
Revert "ar71xx: merge profiles into image building code"
This reverts commit 636089ead6.
these are still causing issues
Signed-off-by: John Crispin <john@phrozen.org>
The ebtables code relies on the `-nostartfiles` linker argument to execute the
extension modules' `_init()` functions automatically which is not working
reliably across all supported targets and gcc versions.
Running an ebtables executable linked this way just crashes with a segmentation
fault at runtime on program startup, e.g. on ARM architectures.
In order to fix the issue ...
- remove the use of the -nostartfiles linker flag
- rename the init procedures to a generic name without implicit semantics
- explicitely annotate those init procedures as constructors
The patch has been taken from the Alpine Linux distribution at
http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
dnsmasq's dnssec time checking method now uses a ntp hotplug mechanism,
therefore dnsmasq.time is redudant and no longer needs to be explicitly
excluded from sysfixtime.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Change dnsmasq's dnssec time check handling to use time validity
indicated by ntpd rather than maintaining a cross boot/upgrade
/etc/dnsmasq.time timestamp file. This saves flash device wear.
If ntpd client is configured in uci and you're using dnssec, then
dnsmasq will not check dnssec timestamp validity until ntpd hotplug
indicates sync via a stratum change. The ntpd hotplug leaves a status
flag file to indicate to dnsmasq.init that time is valid and that it
should now start in 'check dnssec timestamp valid' mode.
If ntpd client is not configured and you're using dnssec, then it is
presumed you're using an alternate time sync mechanism and that time is
correct, thus dnsmasq checks dnssec timestamps are valid from 1st start.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
V2 - stratum & step ntp changes indicate time is valid
V3 - on initial flag file step signal dnsmasq with SIGHUP if running
V4 - only accept step ntp changes. Accepting both stratum & step could
result in unpleasant script race conditions
V5 - Actually only accepting stratum is the correct thing to do after
further testing
V6 - improve handling of non busybox ntpd
if sysntpd not executable
dnsmasq checks dnssec timestamps
else
sysntp script disabled - look for timestamp file - allows external mechanism to use hotplug flag file
sysntp script enabled & uci ntp enabled - look for timestamp file
sysntp script enabled & uci ntp disabled - dnsmasq checks dnssec
timestamps
fi
/etc/os-release is the standard distribution release information
file, therefore add it (and image configuration options for
fields not previously present in LEDE). Once it is deemed
reasonable the non-standard openwrt_release, openwrt_version,
and device_info files could be removed (that is with this patch
we consider them deprecated in favour of the standard file).
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
After the conversion from legacy device profiles to the newer profile
information embedded in the image building code, the legacy recipes got
triggered twice with different eval depths, leading to shell syntax errors
when processing certain images.
The double processing was caused by the remaining Image/Build macro in
legacy.mk which serves as main entry point for the new style image build code
in conjunction with the newly introduced LegacyDevice/* macros which caused
the legacy image build fallback code to kick in.
In order to fix the issue, rework all legacy macros to work under the legacy
image build wrapper and remove the Image/Build macro of legacy.mk to prevent
legacy profiles getting executed in the context of the new build code.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The ZBT APE522II is a dual-radio outdoor CPE based on the MT7620a SoC. It has
64 MB RAM, 8 MB flash, 2 Fast Ethernet ports via internal switch (one with
802.3af 48V PoE support), a 802.11b/g/n SoC 2.4 GHz radio and an 802.11a/n/ac
MT7612E-based 5 GHz radio.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Calibration data for QCA99x0 in this device has bogus macaddress.
The data cannot be modified directly, as it breaks checksum control.
Instead change the macaddress from phy add hotplug event.
Signed-off-by: Adrian Panella <ianchi74@outlook.com>
In the upstream kernel and the upstream squashfs4 tools the xz
compression header looks the following:
struct disk_comp_opts {
__le32 dictionary_size;
__le32 flags;
};
We added some other members and also moved some existing members. Place
the members which are already in upstream header at the same position
as in that kernel and add our own at the end. The kernel should not
have a problem when there are some additional members and just ignore
them.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
So far the network in failsafe is setup only for one board. Use the
eth0 interface as lan interface for all boards for now.
If a board has its lan interface(s) on another eth, a special
handling based on the board name can be added.
Signed-off-by: Mathias Kresin <dev@kresin.me>
With update of binutils for ARC (this is now based on upstream 2.26)
we noticed issues with loadable kernel modules.
Something like that was happening:
--------------------->8-------------------
mbcache: unknown relocation: 49
insmod: can't insert './mbcache.ko': invalid module format
--------------------->8-------------------
More details could be found in that discussion in binutils mailing list:
http://thread.gmane.org/gmane.comp.gnu.binutils/74662
As of now the simplest work-around is to disable in-kernel unwinder
for now. That will at least allow us to use modules again.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Vineet Gupta <vgupta@synopsys.com>
Cc: John Crispin <john@phrozen.org>
In company networks everything except the http and https protocol is
often causes problems, because the network administrators try to block
everything else. To make it easier to use LEDE in company networks use
the https/http protocol for git access when possible.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Ethernet, ADSL2+ and LEDs are fully functional.
Supporting the two TAE ports and SIP gateway was not attempted.
The WiFi is unreliable, due to experimental support for rt35xx family
devices by the rt2800pci driver.
Signed-off-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
[rebase to LEDE HEAD]
[switch to normal image instead of brnboot image]
[remove not required pinmux child nodes keys, leds, ebu, exin, pci_in and pci_out]
[remove switch_rst pinmux child node (no support for hw reset in driver/setting a default GPIO value in DT]
[enable usage of the wireless LED]
[fixup mac address configuration]
Sgned-off-by: Mathias Kresin <dev@kresin.me>
The patch has been run-tested and the relevant dmsg logs are as the
following
[ 0.762447] Creating 5 MTD partitions on "spi0.0":
[ 0.767217] 0x000000000000-0x000000010000 : "u-boot"
[ 0.775139] 0x000000010000-0x000000020000 : "bdinfo"
[ 0.781014] 0x000000020000-0x000000fe0000 : "firmware"
[ 0.810558] 2 uimage-fw partitions found on MTD device firmware
[ 0.815043] 0x000000020000-0x000000170000 : "kernel"
[ 0.821925] 0x000000170000-0x000000fe0000 : "rootfs"
[ 0.827587] mtd: device 4 (rootfs) set to be root filesystem
[ 0.831937] 1 squashfs-split partitions found on MTD device rootfs
[ 0.837983] 0x0000005c0000-0x000000fe0000 : "rootfs_data"
[ 0.845621] 0x000000fe0000-0x000000ff0000 : "backup"
[ 0.851445] 0x000000ff0000-0x000001000000 : "art"
While at it, convert to new build method
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
puts br2684ctl init after ADSL init instead of before, so that the ESI
is set at the right time, and for consistency with the PTM driver.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
The bootloader uses 30 MHz as the SPI frequency for flash on the Germany and
North America models, and 50 MHz for it on the worldwide model, but the Lantiq
SPI driver in OpenWrt and LEDE may access the flash differently such that
writes are capped at 20 MHz, leading to read errors reported on the worldwide
model at 30 MHz.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
The EASY80920 is available with the A1X and the A2X chip version
depending on the board version. Add both firmware versions to device
tree and make the driver load the correct version depending on the chip
version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This image format is used by Lantiq's / Intel's UGW version 6.1 to 7.1.
These images can be flashed onto a board with the SoC vendor boot
loader as a replacement for the vendor firmware.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The lantiq kernel arch code selects CONFIG_RESET_CONTROLLER always, so
it is always selected when the lantiq target is build. we do not need
support for unselected CONFIG_RESET_CONTROLLER option.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>