Commit graph

39885 commits

Author SHA1 Message Date
Stijn Tintel
6371159b4a dropbear: add option to set max auth tries
Add a uci option to set the new max auth tries paramater in dropbear.
Set the default to 3, as 10 seems excessive.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-28 02:18:20 +02:00
Kevin Darbyshire-Bryant
9aaf3d3501 dropbear: server support option '-T' max auth tries
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.

A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-28 02:18:20 +02:00
Yury Shvedov
37c1513b1f hostapd: configure NAS ID regardless of encryption
RADIUS protocol could be used not only for authentication but for
accounting too. Accounting could be configured for any type of networks.
However there is no way to configure NAS Identifier for non-WPA
networks without this patch.

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-28 02:18:20 +02:00
Yury Shvedov
0e7bbcd43b hostapd: add acct_interval option
Make an ability to configure Accounting-Interim-Interval via UCI

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[add hostapd prefix, cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-28 02:18:20 +02:00
Michael Heimpold
f788fd0fd3 mxs: drop 4.4 support
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2017-06-27 23:22:25 +02:00
Michael Heimpold
9eb68f020b mxs: add support for 4.9 and switch over
I did not port the regulator and power patches from Stefan Wahren
because I talked to him and he told me that work on this is currently
stalled. And since AFAIK nothing depends on these patches, leaving them
out seems reasonable.

I build minimum default configurations and run-tested them on both
I2SE Duckbill devices and Olimex Olinuxino Maxi boards successfully [1].

[1] Tested:
- debug uart is working
- boot without any obvious kernel problem
- network is coming up and data transfer is possible
- Olinuxino: USB detects a plugged-in pen drive

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
[refreshed config and patches]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-06-27 23:22:25 +02:00
Michael Heimpold
8794954d10 kernel: disable various symbols for v4.9
In preparation for bumping mxs target to 4.9, disable a bunch of configuration
symbols that provoked config prompts.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2017-06-27 23:22:25 +02:00
John Crispin
6da4f03f02 ath10k-firmware: add qca9888 firmware
ath10k-firmware: add qca9888 firmware

the firmware files for qca9888 were previously not packaged. add the meta
information for doing so.

Signed-off-by: John Crispin <john@phrozen.org>
2017-06-27 11:47:07 +02:00
Stijn Tintel
f80963d4d1 kernel: update kernel 4.4 to 4.4.74
Refresh patches.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:42:50 +02:00
Koen Vandeputte
69649a1b45 kernel: update kernel 4.9 to 4.9.34
- Refreshed all patches
- Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch)

Compile tested on: brcm2708, cns3xxx, imx6
Run tested on: brcm2708, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Compile and run tested on brcm2708]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:21:03 +02:00
Stijn Tintel
d18f76f762 kernel: use .patch extension for all patches
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 06:37:46 +02:00
Mathias Kresin
06741411e0 firmware-utils: fix dgn3500sum compiler warnings
The sum variable need to be initialised, otherwise it will points to
random stack memory and a bogus image checksum might be calculated.

While at it, fix the segfault in case the product region code isn't
specified and enable compiler warnings which had revealed all the code
issues.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-26 20:08:36 +02:00
Hans Dedecker
f33de80232 dnsmasq: backport tweak ICMP ping logic for DHCPv4
Don't start ping-check of address in DHCP discover if there already
exists a lease for the address. It has been reported under some
circumstances android and netbooted windows devices can reply to
ICMP pings if they have a lease and thus block the allocation of
the IP address the device already has during boot.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-26 10:49:13 +02:00
Jo-Philipp Wich
2c5f16ecac procd: support term_timeout parameter
Expose "term_timeout" parameter in procd.sh to allow init scripts to
request a longer termination timeout.

This is required to fix FS#859 in a later commit.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-26 10:02:20 +02:00
Jo-Philipp Wich
124ab1dc0a procd: assign /dev/tty* nodes to "tty" group
Adjust default permissions and ownership of /dev/tty* nodes from
0600/root:root to 0660/root:tty in order to support granting
unprivileged user access when needed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-26 10:02:20 +02:00
Jo-Philipp Wich
5523ee3459 base-files: add "tty" user group
This is needed for an upcoming change to the hotplug default rules which
will cause /dev/tty* nodes to get assigned to the "tty" group in order
to support unprivileged user access when needed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-26 10:02:20 +02:00
Magnus Kroken
45f4f6649a openvpn: update to 2.4.3
Fixes for security and other issues. See security announcement for more details:
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

* Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508)
* Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520)
* Potential double-free in --x509-alt-username (CVE-2017-7521)
* Remote-triggerable memory leaks (CVE-2017-7512)
* Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522)
* Null-pointer dereference in establish_http_proxy_passthru()
* Restrict --x509-alt-username extension types
* Fix potential 1-byte overread in TCP option parsing
* Fix mbedtls fingerprint calculation
* openssl: fix overflow check for long --tls-cipher option
* Ensure option array p[] is always NULL-terminated
* Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6)

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-06-26 09:56:07 +02:00
Magnus Kroken
329f6a96b7 mbedtls: update to 2.5.1
Fixes some security issues (no remote exploits), and introduces
some changes. See release notes for details:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released

* Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
* Adds exponent blinding to RSA private operations
* Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
* Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
* Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-06-26 09:56:07 +02:00
Alexander Couzens
d98cafc7b6
ar71xx/images/senao: fix reproducible issue using tar
Use deterministic sorting
Use numeric owner/group
Set uid/gid to 0

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-25 12:14:26 +02:00
Alexander Couzens
d6331d5583 ar71xx/image: make tar calls reproducible
Use --mtime when SOURCE_DATE_EPOCH is set.
Use gzip -n9z instead of tar z to remove
timestamp in gzip header.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-25 12:11:41 +02:00
Christian Lamparter
6adc757097 apm821xx: MR24: fix ethernet phy detection on the MR24
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This patch fixes a problem where the AR8035 PHY can't be
detected on the Cisco Meraki MR24, when the ethernet cable
is not connected during boot.

Russell Senior reported:
|This appears to be a problem during probing of the AR8035
|phy chip. When ethernet has no link, the phy detection fails,
|and eth0 is not created. Plugging ethernet later has no effect,
|because there is no interface as far as the kernel is
|concerned. The relevant part of the boot log looks like this:
|
|[    0.876611] /plb/opb/emac-rgmii@ef601500: input 0 in RGMII mode
|[    0.882532] /plb/opb/ethernet@ef600c00: reset timeout
|[    0.888546] /plb/opb/ethernet@ef600c00: can't find PHY!
(<https://bugs.lede-project.org/index.php?do=details&task_id=687>)

Fixes FS#687
Cc: Chris Blake <chrisrblake93@gmail.com>
Reported-by: Russell Senior <russell@personaltelco.net>
Fixes: 23fbb5a87c56e98 ("emac: Fix EMAC soft reset on 460EX/GT")
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2017-06-24 22:36:38 +02:00
Florian Eckert
4482063c34 treewide: add license tags
Add licence tags where missing.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-06-24 22:36:38 +02:00
Mathias Kresin
1faff3b7e3 ramips: add MT7603E driver to AFoundry EW1200
Add the MT7603E driver for the 2.4GHz wireless.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
e7cd6f5d66 ar71xx: add AVM FRITZ!WLAN Repeater 300E support
Specifications:
* SoC: AR7242 (Virian 400MHz)
* RAM: 64 MB DDR (W9751G6JB-25)
* Flash: 16MB SPI flash (S25FL129PIF)
* WiFi: AR9382 (2.4/5GHz) + 2x SE2595L
* LAN: 1x1000M (PEF7071V)

To install LEDE via EVA bootloader, a FTP connection need to be
established to 192.168.178.1 within the first seconds after power on:

  ftp> quote USER adam2
  ftp> quote PASS adam2
  ftp> binary
  ftp> debug
  ftp> passive
  ftp> quote MEDIA FLSH
  ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
0605b15be4 ar71xx: add AR724x PCIe init fixes
Add upstream send AR724x PCIe patches to get the PCIe controller out of
reset during driver init.

The AVM Fritz 300E bootloader doesn't take care of releasing the
different PCIe controller related resets which causes an endless hang
as soon as either the PCIE Reset register (0x180f0018) or the PCI
Application Control register (0x180f0000) is read from.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
8e0d7d6574 build: move lzma2eva build step to image-commands.mk
Move it to image-commands.mk so that it can used by other targets with
eva based boards as well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
d165f1f3bc kernel: move Lantiq PEF7061/7071/7072 phy driver to generic
The driver is used for boards outside the lantiq target as well. Move
it to generic to make it available for more targets.

The phy driver is included in kernel 4.8 as INTEL_XWAY_PHY.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
7e12863252 fritz_tffs_read: get tffs size from input file
Use the size of the input file as maximum tffs size instead of a fixed
value. The tffs on a AVM Fritz 300E can be up to 512KByte for example.

Fixes a read error for the AVM Fritz 3370 where the tffs partition size
is 64Kbyte and smaller than the former default value of 256KByte.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Daniel Golle
04063820e8 libreadline: add host-build
Also make sure that the PKG_NAME and folder name are equal.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-24 14:38:14 +02:00
Luiz Angelo Daros de Luca
991899cc54 valgrind: bump to 3.13.0
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2017-06-24 14:11:06 +02:00
Christian Schoenebeck
7d7356df64 ca-certificates: Update to version 20161130+nmu1
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2017-06-24 14:11:06 +02:00
Bastian Bittorf
dde9da46c1 busybox: ash/hush fix for read-builtin command
this is a cherrypick from busybox-git HEAD:
f5470419404d643070db99d058405b714695b817

and can be removed when upgrading to
next busybox release. discussion here:
http://lists.busybox.net/pipermail/busybox/2017-May/085439.html

Signed-off-by: Bastian Bittorf <bb@npl.de>
2017-06-24 13:11:19 +02:00
Kevin Darbyshire-Bryant
22e2b402ae gcc: gcc 6.3.0 fix comparison between pointer and integer
Fix FS#832

/source/build_dir/toolchain-mips_74kc_gcc-6.3.0_musl/gcc-6.3.0/gcc/ubsan.c:
In function 'bool ubsan_use_new_style_p(location_t)':
/source/build_dir/toolchain-mips_74kc_gcc-6.3.0_musl/gcc-6.3.0/gcc/ubsan.c:1474:23:
error: ISO C++ forbids comparison between pointer and integer
[-fpermissive]
       || xloc.file == '\0' || xloc.file[0] == '\xff'
                       ^~~~
make[5]: *** [Makefile:1085: ubsan.o] Error 1

https://www.viva64.com/en/b/0425/#ID0EMGCI

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-24 13:11:19 +02:00
Kevin Darbyshire-Bryant
4ed40be3e3 hostapd: add support for acs_chan_bias option
During auto channel selection we may wish to prefer certain channels
over others.

e.g. we can just squeeze 4 channels into europe so '1:0.8 5:0.8 9:0.8
13:0.8' does that.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-24 13:11:19 +02:00
Stefan Tomanek
de6ff15129 busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'
This is a backport from the busybox repository
(192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the
suppress_{prefixlength,ifgroup} flags for policy routing rules.

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
2017-06-24 13:11:19 +02:00
Hans Dedecker
a1c1f6ea7b procd: update to latest version
e5e99c4 watchdog: add support for starting/stopping kernel watchdog

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-23 22:48:04 +02:00
Rafał Miłecki
f5f1d40b5e kernel: backport MTD patch extracing TRX code to separated parser
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-23 11:54:20 +02:00
Rafał Miłecki
4d5f296af8 kernel: backport upstream mtd support for partition parsers
In a log term it should replace our implementation. For now both can
coexist.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-23 11:40:05 +02:00
Rafał Miłecki
8c1e760ab6 kernel: backport upstream mtdpart.c cleanups
Except for renames and line changes the only conflict was in
allocate_partition in handling MTD_WRITEABLE. Hopefully it was handled
correctly.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-23 11:40:05 +02:00
Rafał Miłecki
4052443a23 kernel: don't switch allocate_partition to use mtd_roundup_to_eb
This mtd_roundup_to_eb helper was introduced years ago in the commit
daec7ad768 ("kernel/3.10: add separate rootfs partition parser") and
it was probably supposed to simplify code a bit.

With the recent upstream commit 1eeef2d7483a7 ("mtd: handle partitioning
on devices with 0 erasesize") the logic in allocate_partition got
slightly more complex and we can't use this simple helper anymore as it
doesn't support MTD_NO_ERASE properly.

There also isn't any real gain from this helper, so it's probably easier
to just don't use it *or* work on upstreaming it to avoid maintenance
cost.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-23 10:09:57 +02:00
Rafał Miłecki
b91a38d647 base-files: fix PKG_CONFIG_DEPENDS to include version.mk entries
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-22 10:05:23 +02:00
Grégoire Delattre
680a5c5d3e dnsmasq: add dhcp-range tags configuration
dnsmasq can match tags in its dhcp-range configuration, this commit adds
the option to configure it in the dhcp section

uci configuration:
config dhcp 'lan'
        option interface 'lan'
        list tag 'blue'
        list tag '!red'
        option start '10'
        option limit '150'
        option leasetime '12h'

generated dnsmasq configuration:
dhcp-range=tag:blue,tag:!red,set:lan,192.168.1.10,192.168.1.159,255.255.255.0,12h

Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
2017-06-20 22:33:41 +02:00
Daniel Golle
e3d09e7898 procd: update to latest git HEAD
453116e system: introduce new attribute board_name
e5b963a preinit: define _GNU_SOURCE
e5ff8ca upgraded: cmake: Find and include uloop.h
f367ec6 hotplug: fix a memory leak in handle_button_complete()
796ba3b service/service_stopped(): fix a use-after-free
79bbe6d system: return legacy board name

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-19 22:12:51 +02:00
Hauke Mehrtens
3ce60ba0a1 build: Fix not altering KERNELRELEASE for external kernel
When an external kernel tree is used the version should not get
modified by the LEDE build scripts. This was added by Florian some time
ago.
The commit 0aed054bec ("build: add KERNEL_MAKE and
KERNEL_MAKE_FLAGS variables and move to kernel.mk") breaks this feature
introduced in b6746a6ffb ("include: Do not alter KERNELRELEASE for
external/git kernels").

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-06-19 20:39:33 +02:00
Alexander Couzens
b5aaafe9a3
mtd-utils/mkfs.jffs2: honor env SOURCE_DATE_EPOCH
Use the timestamp from the enviroment SOURCE_DATE_EPOCH
if set instead of the build time.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-19 14:35:07 +02:00
Alexander Couzens
c47a1a3527 firmware-utils: honor env SOURCE_DATE_EPOCH
Use the timestamp from the enviroment SOURCE_DATE_EPOCH
if set instead of the build time.
Fixes reproducible builds for certain firmware images.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-19 14:34:52 +02:00
Yousong Zhou
77dc6a2ae7 libunwind: update to version 1.2.1
Changes since 1.2

    a77b0cd Bump version to v1.2.1
    5f354cb mips/tilegx: Add missing unwind_i.h header file
    620d1c3 Add aarch64 getcontext functionality.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-06-19 14:43:09 +08:00
Hans Dedecker
c885482080 netifd: update to the latest version
ef5f7a0 ubus: remove superfluous error check in netifd_add_dynamic
5a68693 iprule: coding style line up
90e2e2c iprule: Add option to suppress unspecific routing lookups

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-18 22:22:03 +02:00
Yousong Zhou
80d9ec5d3d scripts/package-metadata.pl: parse and validate field Require-User
The script will now detect uid/gid collision and can generate a table of
current allocation

    ./scripts/package-metadata.pl usergroup tmp/.packageinfo \
	| sort -k 1,1r -k 3,3n \
	| column -t

This should ensure that no collision will happen for each single build

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-06-18 10:39:35 +08:00
Yousong Zhou
f334a0cdb8 base-files: allocate uid/gid starting from 65536
There already exist static assignment of uid/gid 65533 in packages feed
and we have nobody/nogroup taking 65534 as their ids.  Let's change the
pid of dynamic assignment to start from 65536 so that the two assignment
scheme will not collide with each other

While at it, fix the scan command checking existence of uid/gid

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-06-18 10:39:35 +08:00