This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- removed upstreamed patches
- 0901-spansion_nand_id_fix.patch is disabled, not clear if it's needed
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: John Crispin <john@phrozen.org>
On MT7621, the REG_ESW_VLAN_VTIM reads are undefined, causing swconfig
to always report `vid: 0` in swconfig show output.
Since a 4K VLAN table is used on this platform, the VLAN ID always
correponds to the actual VLAN table index so provide a specific MT7621
implementation of the get_vid callback which returns the table index
as VLAN ID.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently, untagged port primary vlan IDs are set to the VLAN table index,
and not the actual VLAN ID, breaking configurations with IDs deviating from
the VLAN index.
Fix the issue by resolving the per-port pvid property to the target VLAN ID
value before committing to the hardware.
Fixes FS#991, FS#1147, FS#1341
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Avoid overwriting vlan entries with remapped vid in later iterations of
the vlan enumeration loop of mt7530_apply_config().
Fix the problem by refactoring the code to first reset the entire table,
then reprogram only vlans with members to prevent overwriting configured
vlans with unconfigured ones.
Fixes FS#1147, FS#1341
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The current image build code has a number of race conditions and interface
contract violations in the custom image build steps:
- Build/install-zImage, solely used by at91, relies on $(PROFILE_SANITIZED)
which is not available when building with CONFIG_TARGET_MULTI_PROFILE
- Build/at91-sdcard, which may run concurrently, creates scratch files at
fixed locations and manipulates target files directly which can lead
to file corruption and other unexpected failures
Rename the install-zImage macro to at91-install-zImage and move it to the
at91 image Makefile since this target is the sole user. Also utilize "$@"
as output file name and switch the usage of $(PROFILE_SANITIZED) to
$(DEVICE_NAME) in order to fix naming under multi profile builds.
Fix the at91-sdcard macro to construct scratch file paths relative to "$@",
which is guaranteed to be unique and store the final artifact output in "$@"
as well, instead of inside $(BIN_DIR). The generic image build code takes
care of moving a build steps "$@" output to the final destination in a
concurrency-safe manner.
Finally remove the broken install-zImage from the generic image-commands
Makefile.
Fixes: d7a679a036 ("at91: Install zImage.")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This drops support for all the !emmc EVB and adds banannaPi-R2
Also drop mtkhnat until the nftables offoad driver is ready
Signed-off-by: John Crispin <john@phrozen.org>
This patch adds support for GL.iNet GL-B1300
Specification:
- SOC: IPQ4028 / QCA Dakota
- RAM: 256 MiB
- FLASH: 32 MiB
- ETH: Qualcomm Atheros QCA8075 Gigabit Switch (2 x LAN, 1 x WAN)
- USB: 1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
- WLAN1: Qualcomm Atheros QCA4028 2.4GHz 802.11bgn 2:2x2
- WLAN2: Qualcomm Atheros QCA4028 5GHz 802.11a/n/ac 2:2x2
- INPUT: one reset and one WPS button
- LEDS: 3 leds: Power, WIFI(only for 2.4G currently), and one reserved
- UART: 1 x UART on PCB (3.3V, TX, RX, GND) - 115200 8N1
Installation:
Method 1:
- use serial port to stop uboot
- uboot command: run lf
Method 2:
- push down reset button and power on
- wait until three leds constantly on then release
- upgrade by uboot web at http://192.168.1.1
Note:
- the sysupgrade image need to be renamed to lede-gl-b1300.bin in both method.
- the sysupgrade image can be automatically downloaded if tftp server at
192.168.1.2 have that file.
- the wifi led will be flashing when writing image.
Signed-off-by: Dongming Han <handongming@gl-inet.com>
128bc35 logread: fix reconnect logd logic
66347ec logread: move the code setting up the request blob out of the main loop
975a258 logread: move output connection setup code out of main loop
b81bea7 logread: cleanup pid file handling
d73e7d2 ubox: Replace strerror(errno) with %m format.
Signed-off-by: John Crispin <john@phrozen.org>
Synopsys DesignWare HSDK (which stands for ARC HS
Development Kit) is the latest and greatest development
platform that sports quad-core ARC HS38 in real silicon.
Most noticeable features of the board are:
* Quad-core ARC HS38 CPU running at 1GHz
* 4Gb of DDR
* Built-in Vivante GPU (well supported via open source
Etnaviv drivers)
* Built-in Wi-Fi/Bluetooth module (RedPine RS-9113)
And as usual we have:
* [micro] SD-card slot
* 2 USB 2.0 ports
* 1Gbit Ethernet port
* Built-in Digilent JTAG probe
* Serial port accessible via micro-USB port
For more information about HSDK board visit:
https://www.synopsys.com/dw/ipdir.php?ds=arc-hs-development-kit
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: Hauke Mehrtens <hauke@hauke-m.de>
CC: John Crispin <john@phrozen.org>
We have managed to get USB 2.0 working good enough
on all archs38 platforms so we're ready to switch
to much faster USB 2.0.
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: Hauke Mehrtens <hauke@hauke-m.de>
CC: John Crispin <john@phrozen.org>
sysfs attributes 'port_mask' & 'speed_mask' held locks whilst doing
mundane tasks such as sprintf. Refactor code to reduce length of time
locks are held unnecessarily.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Add sysfs 'mode' attribute to swconfig controlled LEDs.
swconfig 'link state' LEDs blink in the presence of port traffic. This
behaviour becomes more obvious as switches start to support
get_port_stats() e.g. commits 0369e35891,
3056d09b40,
4ddbc43cc1,
4d8a66d934.
This blinking can be confusing/distracting if the switch has other LEDs
used to indicate traffic. Provide a 'mode' sysfs attribute that
controls the blink on traffic behaviour.
mode - either "none" (LED is off) or a space separated list of one or more:
link: LED's normal state reflects whether the link is up (has carrier) or not
tx: LED blinks on transmitted data
rx: LED blinks on receive data
Note that 'link' considers any port speed mask that may be applicable.
e.g. if an LED is configured to indicate 1Gbit link speed and mode is
set to 'link rx tx' but the port is connected at 100Mbit then the LED
will not light or blink. A mode of 'tx rx' will blink in the presence of
traffic only if the port matches the rate (if configured)
This maintains compatibility with existing behaviour.
Attribute is 'link tx rx' by default for backwards compatible behaviour.
Many thanks to Thibaut Varene for providing a more sensible led_event
routine after I had mangled the original, and other coding style hints.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Thibaut VARENE <hacks@slashdirt.org>
Some people reported problems with the current development version, so
go back to the latests more or less release.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Using PKG_SOURCE_DATE instead of PKG_VERSION will make the build system
generate the version based on the date and the git hash. This way the
tar file name changes when the git hash changes and this avoids problems
when someone forgets to change the version, but changes the git hash.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes since last merge into OpenWrt since 2017-12-14:
- Added debugfs file tx_hist.
- Added debugfs file fixed_rate.
- Added debugfs file ba_hist.
- Modified the way to establish BA stream.
- Added code to control BF type.
- Added functions to check/dump dhcp packet.
- Upgrade 88W8964 firmware to 9.3.2.4.
- Added debugfs file coredump.
- Corrected the way to transmit multicast packets.
- Change driver version to 10.3.4.0-20180118.
- Corrected the way to get qos control.
- Assigned broadcast dhcpoffer to another queue.
- Separated broadcast and multicast packets. Bump to latest commit 20180206
Signed-off-by: Chris Breuer <github@chrisbreuer.de>
The name of the PCIe controller node in device tree changed between
kernel 4.9 and kernel 4.14. Migrate the configuration when an update
from kernel 4.9 to 4.14 or back is done to the new name to make
the existing wifi configuration compatible with the new names.
This replaces the "pcie-controller" part with "pcie" on all nodes if the
file exists in sys fs.
This is not done in the uci-defualts, because they are getting executed
to late in the boot process. The kernel module gets loaded before the
uci-defaults scripts are executed. When the mwlwifi driver gets loaded
it will trigger an event via hotplug to detect new devices and as the
paths are not in the uci configuration they will be added again.
When the migration is done before the script will detect that they are
already there.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for kernel 4.14 to the mvebu target.
This also replaces the old sfp and phylink patches with new versions
from Russell's clearfog-4.13 branch
http://git.arm.linux.org.uk/cgit/linux-arm.git/log/?h=clearfog-4.13
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is needed to prevent copying it into kernel 4.14.
These device tree files are already integrated into kernel 4.14 and we
would like to use the upstream versions only.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Make it easily possible to add a custom script in front of this hotplug
script which adds new devices. This is needed for the mvebu target in
which we want to migrate the old configuration before new devices are
getting detected.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Instead of creating an ubifs file system with format version 5 by
default on empty UBI volumes use the older format 4 by default. This
will make it possible to mount these file systems also on older kernel
versions.
When a user wants to do a sysupgrade from kernel 4.14 to kernel 4.9 the
old kernel has to read the file system created by the more recent kernel
which currently does not work for ubifs.
This fixes the problem by creating file systems which are compatible
with older kernel versions by default.
Kernel 4.14 will still be able to read and write UBI FS file system
version 5, it will just not be used when a ubifs partition is created
implicitly on an empty UBI volume.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The root= parameter overrides the automatic rootfs detection by partition
name, so drop it. Fixes boot from flash after renumeration changes of
partitions due to parser changes.
Fixes FS#1350.
Fixes: a27d59bb42 ("brcm63xx: switch to new partition layout specification")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
In a profile, specifying -pkg in the list of PACKAGES will suppress
it even if it appears in the target's DEFAULT_PACKAGES list.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Instead of writing to the currently booted partition set, this
implements full dual-boot support for sysupgrade by always writing to
the other, currently inactive, partition set and toggling the dualflag
after a successful flash.
The currently active/ booted partition set is determined by parsing
/proc/cmdline for its rootfs parameter (supplied by the DTS), instead
of reading from the 0:DUAL_FLAG mtd, in order to prevent (potentially)
bricking both partition sets.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Instead of hardcoding /dev/loop0, it's safer to query for the first
free loop device and assign that dynamically. While /dev/loop0 is a
reasonable assumption immediately following "losetup --detach-all",
detaching the mounted overlay is no longer strictly necessary once
dual-boot support has been added for the nbg6817.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Harmonize the variable usage for $kernel and $rootfs to always contain
the full device path, instead of just its basename.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
PHY drivers were grouped into vendor specific directories
by upstream commit 0b56e9a7e8358e59b21d8a425e463072bfae523c
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
``make xconfig`` toplevel target will invoke ``make qconf`` inside
./scripts/config directory, which results a ``qconf`` executable.
This commit removes leftover ``qconf`` executable during ``make
config-clean``.
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
Add more registers and flags to ar71x_regs.h for QCA955x and QCA956x
SoCs. Values come from Qualcomm Atheros u-boot code.
Patches can be merged into
622-MIPS-ath79-add-more-register-defines-for-QCA956x-SoC.patch
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
D-Link DAP-1522 is a wireless bridge/access point with 4 LAN
ports and a dual-band wireless chipset.
Specifications:
- Ralink RT2880
- 32 MB of RAM
- 4 MB of Flash
- 4x 10/100/1000 Mbps Ethernet (RTL8366SR)
- 802.11abgn (RT2850)
Flash Instructions:
1. Download lede-ramips-rt288x-dap-1522-a1-squashfs-factory.bin
2. Open the web interface and upload the image
Signed-off-by: George Hopkins <george-hopkins@null.net>
EG-200 is a DIN rail mountable device with one ethernet port, wifi,
an RS-485 port, and an internal USB attached uSD card reader.
Two leds, "modbus" and "etactica" are managed by userspace applications
in factory firmware.
Flash instruction:
Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.
Signed-off-by: Karl Palsson <karlp@etactica.com>
uqmi contains a command for directly querying the modem if there
is a valid data connection, so let's use it.
This avoids the cases were all previous tests are succesful, but the
actual data link is not up for some reasons, leading to states were we
thought the link was up when it actually wasn't ..
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Originally, the implementation only checked if uqmi command
execution succeeded properly without actually checking it's returned data.
This lead to a pass, even when the returned data was indicating an error.
Rework the verification to actually check the returned data,
which can only be correct if the uqmi command itself also executed correctly.
On command execution success, value "pdh_" is a pure numeric value.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Debugging shows that using the general method properly cleans on each
run, while the method specifying the client-ID shows "No effect"
even while in connected state.
Fixes several connectivity issues seen on specific modems.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>