Hannu Nyman [Thu, 6 Oct 2016 17:37:59 +0000 (20:37 +0300)]
uhttpd: create self-signed certificates with unique subjects
Add a partially random O= item to the certificate subject in order
to make the automatically generated certificates' subjects unique.
Firefox has problems when several self-signed certificates
with CA:true attribute and identical subjects have been
seen (and stored) by the browser. Reference to upstream bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1147544
https://bugzilla.mozilla.org/show_bug.cgi?id=1056341
https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34
Certificates created by the OpenSSL one-liner fall into that category.
Avoid identical certificate subjects by including a new 'O=' item
with CommonName + a random part (8 chars). Example:
/CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ
That ensures that the browser properly sees the accumulating
certificates as separate items and does not spend time
trying to form a trust chain from them.
netifd: Request DHCP option 121 (classless route) by default
This option, defined by RFC3442, allows a DHCP server to send static
routes to a client. But the client has to request this option
explicitely.
Static routes are useful when the gateway configured by DHCP cannot be
in the same subnet as the client. This happens, for instance, when
using DHCP to hand out addresses in /32 subnets.
A new configuration option "classlessroute" is available, allowing
users to disable this feature (the option defaults to true).
Other DHCP clients already request this option by default (dhcpcd, for
instance, and possibly Windows). If a DHCP server does not support
this option, it will simply ignore it.
Alberto Bursi [Mon, 24 Oct 2016 08:35:24 +0000 (10:35 +0200)]
px5g-standalone: move to Encryption submenu and fix Title
moved px5g-standalone to Encryption submenu of Utilities.
Fixed title by removing the first "standalone" word from title.
The name is now consistent with other px5g packages, it is also shorter and will be shown in make menuconfig.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
André Valentin [Tue, 25 Oct 2016 06:40:34 +0000 (08:40 +0200)]
ipq806x/nbg6817: add support for ZyXEL NBG6817
CPU: 2x1.8GHz ARM, RAM: 512MiB
Storage: 4MiB serial Flash, 3.9GiB MMC
NIC: 2x1GBit/s, Switch with 5 external and 2 internal ports
WiFi: Dualband, ath10k 2.4GHz, 5GHz MU-MIMO
For installation copy xx-mmcblk0p4-kernel.bin and xx-mmcblk0p5-rootfs-full.bin
to device. Then run:
cat xx-mmcblk0p4-kernel.bin > /dev/mmc0blk0p4
cat xx-mmcblk0p5-rootfs-full.bin > /dev/mmc0blk0p5
reboot -f
For debugging serial console is easily visible on board, no soldering needed.
Signed-off-by: André Valentin <avalentin@marcant.net>
Marcin Jurkowski [Mon, 17 Oct 2016 00:42:47 +0000 (02:42 +0200)]
qmi: add metric, defaultroute and peerdns options for qmi protocol
Adds generic network options for qmi protocol dynamic interfaces
as suggested by Felix in
https://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html.
IPv6-related code taken from Bruno's patch https://patchwork.ozlabs.org/patch/584816.
This depends on netifd patch https://patchwork.ozlabs.org/patch/686820/.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com> Signed-off-by: Bruno Randolf <br1@einfach.org>
Marcin Jurkowski [Mon, 17 Oct 2016 00:46:29 +0000 (02:46 +0200)]
mbim: add metric, defaultroute and peerdns options for mbim protocol
Adds generic network options for mbim protocol dynamic interfaces
as suggested by Felix in
https://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html.
This depends on netifd patch https://patchwork.ozlabs.org/patch/686820/.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Marcin Jurkowski [Mon, 17 Oct 2016 00:39:08 +0000 (02:39 +0200)]
comgt: add metric, defaultroute and peerdns options for directip protocol
Adds generic network options for directip protocol dynamic interfaces
as suggested by Felix in
https://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html.
This depends on netifd patch https://patchwork.ozlabs.org/patch/686820/.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Marcin Jurkowski [Mon, 17 Oct 2016 00:38:42 +0000 (02:38 +0200)]
comgt: add metric, defaultroute and peerdns options for ncm protocol
Adds generic network options for ncm protocol dynamic interfaces
as suggested by Felix in
http://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html.
This depends on netifd patch https://patchwork.ozlabs.org/patch/686820/.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Yutang Jiang [Wed, 19 Oct 2016 11:20:21 +0000 (19:20 +0800)]
uboot-zynq: fix compile error for be short of dtc
While enable zynq uboot:
CONFIG_PACKAGE_uboot-zynq-zc702
CONFIG_PACKAGE_uboot-zynq-zed
CONFIG_PACKAGE_uboot-zynq-zybo
make will arise dtc error:
./scripts/dtc-version.sh: line 17: dtc: command not found
./scripts/dtc-version.sh: line 18: dtc: command not found
*** Your dtc is too old, please upgrade to dtc 1.4 or newer
make[4]: *** [checkdtc] Error 1
Chris Blake [Mon, 24 Oct 2016 19:05:54 +0000 (14:05 -0500)]
ar71xx: add mac partition to the MR12/MR16
On the stock Meraki Firmare for the MR12/MR16, a chunk of SPI space
after u-boot-env is used to store the boards Mac address. Sadly as this
was removed on any device already on OpenWRT/LEDE, moving forward a new,
64k partition named "mac" will be used to store the mac address for the
device (which is the minimum size). This allows users to properly set
the correct MAC, without editing the ART partition (which holds the same
MAC for all devices).
The reason the space is taken from kernel instead of rootfs is currently
kernels are only 1.3MB, so that way we can leave the current rootfs
space alone for users who fully utilize the available storage space.
Once this partition is added to a device, you can set your MAC doing the
following:
Chris Blake [Mon, 24 Oct 2016 19:05:53 +0000 (14:05 -0500)]
ar71xx: Move MR12 & MR16 from legacy to generic
This moves the Meraki MR12 and Meraki MR16 to the new generic target.
Tested and verified working on both devices.
Note that kernel/rootfs images are still generated. This is because they
are used for the inital flashing process due to the fun pace at which
UBoot erases/writes to SPI.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Paul Wassi [Sun, 23 Oct 2016 12:21:22 +0000 (14:21 +0200)]
kirkwood: Add RTC driver to kernel for working hctosys
Build the RTC driver into the kernel, (and remove the optional module), in order
to make hctosys working. (Currently the module is loaded after hctosys has failed previously)
Jo-Philipp Wich [Tue, 25 Oct 2016 14:36:47 +0000 (16:36 +0200)]
uhttpd: fix handling of special "/" prefix when matching handlers
The special prefix of "/" should match any url by definition but the final
assertion which ensures that the matched prefix ends in '\0' or '/' is causing
matches against the "/" prefix to fail.
Update to current HEAD in order to fix this particular case.
Stijn Tintel [Mon, 24 Oct 2016 02:08:07 +0000 (05:08 +0300)]
kernel: add fix for CVE-2016-5195
Add fix for CVE-2016-5195 to kernel 3.18 and 4.1.
Kernel 4.4 is already fixed since version 4.4.26 which was committed in 32c28a78f798dffb983a7f00342b471e5e4ac177.
Patches taken from Sasha Levin's linux-stable git tree:
http://git.kernel.org/cgit/linux/kernel/git/sashal/linux-stable.git/
Rafał Miłecki [Mon, 24 Oct 2016 15:03:48 +0000 (17:03 +0200)]
brcm47xx: bump kernel to 4.4
Kernel 4.4 was ready for brcm47xx for almost a year now but I kept
postponing the bump due to problems with Linksys WRT300N v1.0. OpenWrt
and LEDE with 4.4 were hanging at the booting with the:
> Starting program at 0x80001000
(the last CFE message).
This was a permanent state, "make distclean" wasn't helping, I spent
hours debugging this and I was reliably reproducing the issue every
time. I also reported it on linux-mips ML in the thread:
> BCM4704 stopped booting with 4.4 (due to vmlinux size?)
After ~month I started working on WRT300N again. I got hangs as expected
every time I switched from 4.1 to 4.4. I started experimenting with:
1) TRX content (I tried dropping rootfs partition)
2) BZ_TEXT_START of lzma-loader
3) Flashing other variants of image: lzma compressed kernel (without a
loader), gzip compressed one, uncompressed one.
At some point I got rootfs-less image booting and after that I couldn't
reproduce problem anymore, even with a complete firmware. It seems like
hardware was in some locked/unstable state that got magically fixed.
I have LEDE working now, tested it even with "make distclean", it seems
we can bump kernel now. I'll keep testing it on WRT300N for some time.
Rafał Miłecki [Wed, 19 Oct 2016 11:05:53 +0000 (13:05 +0200)]
base-files: add ucidef_set_led_usbport for full usbport support
This helper allows using usbport trigger directly. It requires usbport
compatible syntax and supports specifying multiple USB ports, e.g.:
ucidef_set_led_usbport "usb" "USB" "devicename:colour:function" "usb1-port1" "usb2-port1"
This adds a proper object to the board.json, e.g.
"usb": {
"name": "USB",
"type": "usbport",
"sysfs": "devicename:colour:function",
"ports": [
"usb1-port1",
"usb2-port1"
]
}
and supports translating it into uci section.
Hannu Nyman [Fri, 14 Oct 2016 08:09:47 +0000 (11:09 +0300)]
busybox: adjust download mirror
* Adjust download locations:
- use https as busybox.net permanently redirects http to https
- gentoo mirror has neither 1.25.0 nor 1.25.1 available, so drop it
in favor of buildroot.net that has 1.25.1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Jo-Philipp Wich [Fri, 21 Oct 2016 10:21:40 +0000 (12:21 +0200)]
sdk: predefine SOURCE_DATE_EPOCH
When building packages within the SDK, there is no Git revision history
available so prepopulate SOURCE_DATE_EPOCH in version.mk, similar to
how we handle REVISION already.
Acked-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Mathias Kresin [Mon, 17 Oct 2016 18:25:53 +0000 (20:25 +0200)]
lantiq: fix thermal sensors driver
Read the temperature including the decimale place from the CGU_GPHY1_CR
register.
Decrement the temperature read from the register by 38.0 degree celsius.
The temperature range of the sensor is -38.0 to +154 °C and the register
value 0 is equal to -38.0 °C. This fixes the report of unrealistic
temperatures as seen on all tested boards.
Give the SoC a few milliseconds to get the first temperature value. On
some rare occasions there is no temperature value in the register when
read the first time after activation. This leads to a reported
temperature of -38.0 °C on boot.
Only version 1.2 of the vr9 SoC has a temperature sensor. Add a check
to make sure the driver doesn't load on v1.1 vr9 SoCs.
Mathias Kresin [Sun, 2 Oct 2016 09:10:02 +0000 (11:10 +0200)]
lantiq: rework VG3503J image
Use the new image build code and remove the lzma loader. The lzma
loader was used to cheat the signature validation of the bootloader and
I found another way to do this.
To migrate boards already using LEDE/OpenWrt to the new image the
following steps need to be done once:
The image uses the uImage firmware splitter now instead of hardcoded
kernel and rootfs partitions. The firmware partition size was extended
to use flash space that was reserved for partitions required only by
the ECI firmware.
Due to the changes an upgrade to a later LEDE revision from a running
LEDE is supported now.
A default switch config was added and the device uses the same MAC
addresses as the ECI firmware now instead of the same for all VG3503J.
Ben Greear [Mon, 17 Oct 2016 21:23:01 +0000 (14:23 -0700)]
Latest ath10k CT 988X firmware (beta-18).
* Backport much of the 10.2 firmware features from upstream QCA driver.
This includes ANI support, adaptive CCA, tx-hang workarounds,
and lots of other things.
Not all of this may be enabled at this point, and more code waits to
be backported as time and motivation allows.
* Fix some rate-control issues where ath10k in station mode (at least), would
sometimes get stuck at low rates. This appeared to be a probe related
state machine issue in the firmware, so I added some timeout logic to kick
the state machine if it gets stuck. This signicantly improves throughput
tests with many stations.
* Support configuring WMI WD timeout using SET_SPECIAL API.
* Properly configure the rx-mask on bootup to work around problem found
by Mr. Kazior. This should remove the need to add the driver hack he
posted.
* Allow configuring pdev failed-retry threshold. This is how many consecutive
tx failures the firmware will allow before resetting the wifi chip (not a full
firmware crash).
Signed-off-by: Ben Greear <greearb@candelatech.com>
Ben Greear [Mon, 17 Oct 2016 20:59:05 +0000 (13:59 -0700)]
ath10k-ct: Update to latest 4.7 CT ath10k driver.
Adds Sebastian's 160Mhz support (un-tested), remove DMA32 change that
broke some x86 systems, allow setting 10.1 CT firmware keepalive watchdog
timeout, support QCA 9887 hardware, and some other tweaks.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Rafał Miłecki [Tue, 4 Oct 2016 10:32:13 +0000 (12:32 +0200)]
kernel: add package for usbport LED trigger
This is upstream alternative for LEDE's ledtrig-usbdev. It's main
advantages are:
1) Support for assigning more than 1 USB port to the LED
2) Setting proper state when activating with device already connected
3) FWIW it's an upstream driver
Felix Fietkau [Mon, 17 Oct 2016 09:16:30 +0000 (11:16 +0200)]
iperf: used an updated renamed tarball instead of main upstream URL
iperf upstream added some bugfixes to the already released 2.0.9 version
without changing the filename. This conflicts with old mirrored files
and the hash that we previously used.
To avoid conflict, use a renamed tarball from mirror2.openwrt.org
containing the new upstream changes
ar71xx: set EU region code for TP-Link TL-WA901ND v4
There is no US firmware for the TL-WA901ND v4 yet, so we'll just
unconditionally set the EU region for now.
This makes LEDE flashable on these devices again. The format of the region
string is slightly different from the one used on the Archer C7 that is
generated by mktplinkfw (the second half of the region string is missing),
but it's similar enough to make it work.
Hauke Mehrtens [Sat, 15 Oct 2016 15:56:23 +0000 (17:56 +0200)]
procd: update sha256sum
Commit f5c741b5e02 updated procd to a more recent version, but did not
change the hash of the tar. Update it to the one matching the file on
the download servers.
projects / thirdparty / openwrt.git / log
