Commit graph

35989 commits

Author SHA1 Message Date
Conn O'Griofa
63f6fc5c16 samba: add file/interface reload triggers & filter interfaces
* Only parse interfaces that are up during init_config (as the
  script depends on this to determine the proper IP/subnet range)
* Add reload interface triggers for samba-designated interfaces
* Force full service restart upon config change to ensure Samba
  binds to new interfaces (sending HUP signal doesn't work)
* Rename "interface" variable to "samba_iface" and move into
  global scope

Needed to fix Samba connectivity for clients connecting from a
different LAN subnet (e.g. pseudobridge configurations) due to the
'bind interfaces only' setting.

Signed-off-by: Conn O'Griofa <connogriofa@gmail.com>
2016-08-15 15:18:35 +02:00
Chuanhong Guo
d1b20a3659 ar71xx: fix profile name of Mercury MW4530R
The mw4530r-v1 profile in tp-link.mk is for Mercury MW4530R.
There is no such a device called TL-WDR4530.
Also change MERCURY to Mercury in /lib/ar71xx.sh

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2016-08-15 15:18:35 +02:00
John Crispin
40b8cbc2af procd: update to latest git HEAD
adds O_PATH define

Signed-off-by: John Crispin <john@phrozen.org>
2016-08-15 15:16:42 +02:00
Jo-Philipp Wich
d36c5152ef ncurses: change handling of PKG_CONFIG_LIBDIR
When PKG_CONFIG_LIBDIR was unset in the environment, the configure
script was deducing the PKG_CONFIG_LIBDIR from the location of the
pkg-config binary, which doesn't make a lot of sense, and isn't done
by other autotools based packages.

Patch imported from the Buildroot project:
https://github.com/buildroot/buildroot/blob/master/package/ncurses/0001-fixup-pkg-config-handling.patch

Also refresh patches while we're at.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-15 13:34:17 +02:00
Jo-Philipp Wich
3a3424981c scripts: ipkg-build: do not require git or svn
Move the "which svn" and "which git" calls next to the timestamp commands
using those tools to not prematurely fail on systems where svn or git are
not present.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-15 13:33:32 +02:00
Jo-Philipp Wich
d9345bc5bf kernel: fix crashlog on x86/64
The bootmem area reserved for crashlog might be smaller than CRASHLOG_OFFSET
bytes, leading to an integer underflow when calculating the memory address
in crashlog_set_addr() which subsequently causes the kernel to crash when
attempting to vmap() the crashlog pages.

Change the logic to only consider the offset when the size of the used memory
area is sufficient.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-15 13:21:01 +02:00
Rafał Miłecki
27b078e83a bcm53xx: add quick fixes for BCM53573
It adds and uses ILP clock that requires some other work (in progress)
for upstreaming it. Other than that it adds a quick fix for bcma to add
serial flash before trying to read SPROM.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-15 12:49:16 +02:00
Rafał Miłecki
38750ce739 bcm53xx: add temporary BCM53573 ILP clock driver
It wasn't accepted upstream as there was a discusson on Northstar vs.
BCM53573. Once we get a new ARM arch Kconfig entry it should be
possible to upstream it.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-15 10:20:43 +02:00
Rafał Miłecki
dd7eddcb08 bcm53xx: prepare for building Tenda AC9 TRX image
It'll be enabled when we complete basic support.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-15 09:33:04 +02:00
Stijn Tintel
c14485d41a toolchain/uClibc: add missing config symbol
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-08-15 01:49:18 +02:00
Rafał Miłecki
857f00a9f7 bcm53xx: drop target's preinit network support script
We don't need it anymore since the rework of generic preinit script.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-14 23:14:15 +02:00
Jonas Gorski
30352e72ff base-files: set pi_ifname in board.d case to fix deconfig
Due to an empty pi_ifname in the generic failsafe setup, the deconfig
never removed the failsafe networking interface, causing broken
networking later on.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-14 23:10:17 +02:00
Jo-Philipp Wich
95bad62f2a tools: make_ext4fs: switch to LEDE git mirror
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-14 22:34:47 +02:00
Jo-Philipp Wich
98b960c218 tools: make_ext4fs: support creating empty filesystem images
Update make_ext4fs to latest git head in order to support creating empty
filesystem images by making the source directory argument optional.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-14 22:21:09 +02:00
Jo-Philipp Wich
7347c14cd7 mvebu: rework ClearFog bundle.tar.gz generation
Instead of introducing a fake filesystem type, move the tar generation step
directly into the image build step.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-14 19:47:51 +02:00
Rafał Miłecki
5b1c00e4fa bcm53xx: support USB 2.0 controller on BCM53573
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-14 13:05:23 +02:00
Rafał Miłecki
62c5f68095 bcm53xx: backport USB 3.0 controller init patch
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-14 12:41:32 +02:00
Rafał Miłecki
e674c1aab3 bcm53xx: backport USB 3.0 Northstar PHY driver
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-14 11:31:17 +02:00
Rafał Miłecki
b9d8c81018 bcm53xx: rename PHY patches to use 07* prefix
This is not a strict rule but it matches better this one:
7xx - network / phy driver patches

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-14 11:22:58 +02:00
Jo-Philipp Wich
b9b665ae49 mvebu: add ClearFog .tar.gz bundle
The previous image building code rework removed the rootfs.tar.gz with embedded
kernel and dtb build artifact which is required to build suitable SD images.

Reintroduce a .tar.gz artifact locally which embeds kernel and dtb, similar to
how the old code handled it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-13 16:24:04 +02:00
Jo-Philipp Wich
3c2c31bb66 kernel: backport upstream challenge ACK fix (CVE-2016-5696)
Yue Cao claims that current host rate limiting of challenge ACKS
(RFC 5961) could leak enough information to allow a patient attacker
to hijack TCP sessions. He will soon provide details in an academic
paper.

Backports upstream commit 75ff39ccc1bd5d3c455b6822ab09e533c551f758
to the used LEDE kernel versions.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-13 16:23:23 +02:00
Jonas Gorski
cf8da98e94 brcm63xx: switch to board based failsafe networking
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:50:23 +02:00
Jonas Gorski
6c9588ddf5 base-files: configure switch in failsafe
Also configure the switch based on the failsafe config, and create the
failsafe interface as tagged if necessary.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:50:15 +02:00
Jonas Gorski
072cf26729 base-files: allow failsafe to configure vlans
In preparation of properly setting up vlans and switches, add
support for configuring failsafe on a vlan tagged interface.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:50:06 +02:00
Jonas Gorski
c18edcec45 base-files: add preinit ifname detection based on board.json
Make use of the existing board.d to autodetect lan ifname in a generic way.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:50:00 +02:00
Jonas Gorski
0f1ae840c9 base-files: split out preinit interface config
Move preinit interface and ip config to its own function to allow
calling it from more than one place.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:49:56 +02:00
Jonas Gorski
780ccbf9f1 base-files: board_detect: allow specifying the generated file
Allow passing a filename to change the location of the generated
board.json.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:49:51 +02:00
Jonas Gorski
e934a129f0 base-files: let config_generate call board_detect
Instead of board_detect generating the config as a side effect, let
config_generate call board_detect as needed.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:49:46 +02:00
Jonas Gorski
0ddae04c22 brcm63xx: backport mtd of node changes from upstream
Should fix parser data containing uninitialized values for of probed
physmap flashes, which could break e.g. the redboot parser.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:49:35 +02:00
Jonas Gorski
86ec410418 kernel: check SOURCE_DATE_EPOCH before setting KBUILD_BUILD_TIMESTAMP
Make sure SOURCE_DATE_EPOCH actually contains something.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:49:26 +02:00
Jonas Gorski
5fe923b15d kernel: allow reproducable builds
Similar how we fix the file times in the filesystems, fix the build time
of the kernel, and make the build number static. This should allow the
kernel build to be reproducable when combined with setting the
KERNEL_BUILD_USER and _DOMAIN in case of different machines.

The reproducability only applies to non-initramfs kernels, those still
require additional changes.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 11:35:00 +02:00
Jo-Philipp Wich
4e8c6f3407 dropbear: security update to 2016.74
- Security: Message printout was vulnerable to format string injection.

  If specific usernames including "%" symbols can be created on a system
  (validated by getpwnam()) then an attacker could run arbitrary code as root
  when connecting to Dropbear server.

  A dbclient user who can control username or host arguments could potentially
  run arbitrary code as the dbclient user. This could be a problem if scripts
  or webpages pass untrusted input to the dbclient program.

- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
  the local dropbearconvert user when parsing malicious key files

- Security: dbclient could run arbitrary code as the local dbclient user if
  particular -m or -c arguments are provided. This could be an issue where
  dbclient is used in scripts.

- Security: dbclient or dropbear server could expose process memory to the
  running user if compiled with DEBUG_TRACE and running with -v

  The security issues were reported by an anonymous researcher working with
  Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-12 11:45:47 +02:00
Imre Kaloz
f76f83de71 mwlwifi: upgrade to 10.3.0.18-20160804
adds support for the Linksys WRT1900ACSv2 and WRT1200ACv2

Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
2016-08-11 21:04:42 +02:00
Felix Fietkau
08a27b99a2 kernel: add missing config symbol
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-11 18:33:02 +02:00
Daniel Golle
a9b1a429ab oxnas: set preinit network interface
set network interface for failsafe mode to eth0 for all boards

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-08-11 17:16:03 +02:00
Felix Fietkau
592c0a1cd2 ramips: fix legacy image build
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-11 17:07:37 +02:00
Felix Fietkau
9d56ec6244 kernel: fix crashlog issues on highmem systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-11 17:02:48 +02:00
Rafał Miłecki
fa350d5aba bcm53xx: add profiles for Buffalo devices
This generates proper images when using CONFIG_TARGET_MULTI_PROFILE and
CONFIG_TARGET_PER_DEVICE_ROOTFS.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-11 12:17:06 +02:00
Rafał Miłecki
b835d7e811 bcm53xx: include USB modules in images for devices with USB ports
This allows using USB out of the box.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-11 11:59:28 +02:00
Rafał Miłecki
0b9de8daa7 bcm53xx: add profiles for all other (SoftMAC) devices
Thanks to this images for SoftMAC devices don't get brcmfmac anymore and
b43 is added for devices with (quite poor) support only.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-11 11:31:46 +02:00
Ben Greear
4d39726b21 ath10k-firmware: Update to latest 99X0 CT firmware.
Among other things, this compiles out support for peer caching.
The feature did not seem to work well in my testing of AP mode,
and totally breaks my own special use of station mode.

Briefly tested on ea8500.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2016-08-11 10:55:22 +02:00
Ben Greear
f85c12e07d ath10k-ct: Fix loading 9980 firmware.
ath10k-ct driver was using bad defaults for 9980 if user
had not specified a fwcfg file to over-ride them.

Also, support configurable station-kickout-threshold,
which might work around issues with flakey connections.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix PKG_VERSION]
2016-08-11 10:54:50 +02:00
Mathias Kresin
5d0b180f79 tools: flock: add NFSv4 compatibility
This patch fixes the LEDE build on mounted NFSv4 shares.

The lock file cannot be opened in read-write mode by default, because
then we cannot use flock(1) to lock executable files.

The read-write mode for lock files is necessary on NFSv4 where
flock(2) is emulated by by fcntl() -- this situation is possible to
detect by flock(2) EBADF error.

The patch consist of the following util-linux/flock commits

http://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=eb742a1f66d5e3a7c5b43efce741c113f51bef3b

http://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=caf1ba11a367ad702fb774653daf9ebdcca49d7b

without including the pre kernel 3.4 support.

Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [minor cleanup]
2016-08-11 10:50:10 +02:00
Matteo Croce
360fd10ac9 gcc: optionally build gccgo compiler
Tested with eglibc on x86 and armv7 so far

Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
2016-08-11 10:45:33 +02:00
Matteo Croce
1645abffea kernel: add plan 9 fs package
9pfs is used by kvm to share files between host and guest,
add proper config option to enable it.

Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
2016-08-11 10:45:33 +02:00
Petko Bordjukov
dff6df9625 hostapd: Allow RADIUS accounting without 802.1x
RADIUS accounting can be used even when RADIUS authentication is not
used. Move the accounting configuration outside of the EAP-exclusive
sections.

Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
2016-08-11 10:45:33 +02:00
Felix Fietkau
eae422eb94 lantiq: fix some ethernet driver SMP issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-11 10:45:33 +02:00
Rafał Miłecki
d378a7c4f7 bcm53xx: convert (disabled) Netgear R8500 image to own profile
It should be the last device with FullMAC chipset to convert.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-11 08:28:41 +02:00
Rafał Miłecki
931d309203 bcm53xx: add profile with brcmfmac for Netgear R7900
It's one more device with FullMAC that got forgotten in the previous
commit.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-08-11 07:46:17 +02:00
Rafał Miłecki
c769c1b584 bcm53xx: add profiles for devices with FullMAC chipsets
This allows building images for selected devices with brcmfmac only
(without b43 which is for SoftMAC devices).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2016-08-10 20:41:53 +02:00