Piotr Dymacz [Wed, 31 May 2017 20:12:51 +0000 (22:12 +0200)]
ar71xx: image: update GL.iNet boards DEVICE_TITLE
Use "GL.iNet" as vendor name (based on information from the vendor, this
is registered name of the company) and align model names with official
website.
Piotr Dymacz [Wed, 31 May 2017 14:31:44 +0000 (16:31 +0200)]
ar71xx: image: keep custom Build/* functions in separate files
Most of the custom Build/* functions in ar71xx target are rarely used by
image building code for devices from more than one subtarget. As they
don't need to be always included, move them to corresponding *.mk files.
Jan Niehusmann [Fri, 19 May 2017 07:42:24 +0000 (09:42 +0200)]
firmware-utils: tplink-safeloader: support strings as soft_version
Some TP-Link routers (C25, C59, C60) contain a version string instead
of a binary structure in the soft_version partition.
Flashing LEDE from the original firmware's GUI, this version string
taken from the soft_ver partition of the firmware image is written to
the router's config partition.
When using tftp recovery to go back to the original Archer C25 firmware,
a version check compares that version to the version of the firmware to
be flashed.
Without proper contents in the config partition, reverting to the
original firmware fails.
Therefore, write the string "soft_ver:1.0.0\n" to that soft_ver
partition.
dnsmasq: make bind-dynamic 'non-wildcard' interfaces default
'non-wildcard' interfaces enables dnsmasq's '--bind-dynamic' mode. This
binds to interfaces rather than wildcard addresses *and* keeps track of
interface comings/goings via a unique Linux api.
Quoting dnsmasq's author "bind-dynamic (bind individual addresses, keep
up with changes in interface config) ... On linux, there's actually no
sane reason not to use --bind-dynamic, and it's only not the default for
historical reasons."
Let's change history, well on LEDE at least, and change the default!
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Daniel Golle [Tue, 21 Mar 2017 21:58:13 +0000 (15:58 -0600)]
kexec-tools: bump version and add support for crashdump kernel
split kexec-tools into two packages, kexec and kdump.
* kexec to simply execute a new kernel
* kdump is for loading and collecting debris of a crashed kernel with
support for kdump forensics.
In order to properly support booting into a crashkernel, an init script
as well as UCI configuration has been added.
As modifying the kernel cmdline is required for this to work in x86
platforms use an uci-defaults script to modify /boot/grub/grub.cfg.
To test collecting crash information, use the 'c' sysrq-trigger, ie.
echo c > /proc/sysrq-trigger
This should result in the crash kernel being executed and (depending
on the configution) dmesg and/or vmcore getting saved.
To check if the crash kernel was loaded properly, use the 'status'
command of the kdump init script.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hans Dedecker [Fri, 9 Jun 2017 14:24:12 +0000 (16:24 +0200)]
dnsmasq: add dhcp-script hook conditionally
Commit b32689afd6a661339861086c669e15c936293cf8 added support for dhcp-script hook.
Adding dhcp-script config option results into two instances of dnsmasq being run
which triggered oom issues on platforms having low memory.
The dnsmasq dhcp-script config option will now only be added if at least one of the
dhcp, tftp, neigh hotplug dirs has a regular hotplug file or if the dhcpscript uci
config option is specified.
Jo-Philipp Wich [Thu, 8 Jun 2017 17:27:46 +0000 (19:27 +0200)]
base-files: network.sh: fix a number of IPv6 logic flaws
* Change network_get_subnet6() to sensibly guess a suitable prefix
Attempt to return the first non-linklocal, non-ula range, then attempt
to return the first non-linklocal range and finally fall back to the
previous behaviour of simply returning the first found item.
* Fix network_get_ipaddrs_all()
Instead of replicating the flawed logic appending a fixed ":1" suffix
to IPv6 addresses, rely on network_get_ipaddrs() and network_get_ipaddrs6()
to build a single list of all interface addresses.
* Fix network_get_subnets6()
Instead of replicating the flawed logic appending a fixed ":1" suffix
to IPv6 addresses, rely on the ipv6-prefix-assignment.local-address
field to figure out the proper network address.
When git-https request a service (e.g. github) which ask for credentials
git will pass this request to the user resulting download.pl to wait for
user input. Set GIT_ASKPASS to stop asking.
Jo-Philipp Wich [Thu, 8 Jun 2017 10:02:36 +0000 (12:02 +0200)]
base-files: network.sh: properly report local IPv6 addresses
Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to
fetch the effective local IPv6 address of delegated prefix from the
"local-address" field instead of naively hardcoding ":1" as static suffix.
Jo-Philipp Wich [Wed, 7 Jun 2017 22:24:27 +0000 (00:24 +0200)]
kernel: update kernel 4.9 to 4.9.31
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Jo-Philipp Wich [Wed, 7 Jun 2017 16:15:24 +0000 (18:15 +0200)]
kernel: update kernel 4.4 to 4.4.71
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Daniel Golle [Wed, 7 Jun 2017 17:39:33 +0000 (19:39 +0200)]
automake: import upstream fix for perl 5.26
Build broke as distributions now include Perl 5.26 and automake
triggered an "Unescaped left brace in regex" error.
Import upstream commit 13f00eb449 to fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Error is:
```
ompile-loc2c.o compile-c-support.o inflow.o init.o \
../sim/ppc/libsim.a -lreadline ../opcodes/libopcodes.a ../bfd/libbfd.a -L./../zlib -lz ../libiberty/libiberty.a ../libdecnumber/libdecnumber.a -lncurses -lm ../libiberty/libiberty.a build-gnulib/import/libgnu.a -ldl -Wl,--dynamic-list=./proc-service.list
../sim/ppc/libsim.a(idecode.o): In function `update_time_from_event':
idecode.c:(.text+0x170): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o): In function `event_queue_tick':
idecode.c:(.text+0x1cc): undefined reference to `error'
idecode.c:(.text+0x28c): undefined reference to `error'
idecode.c:(.text+0x318): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o): In function `cpu_halt.constprop.6':
idecode.c:(.text+0x398): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o):idecode.c:(.text+0x4e4): more undefined references to `error' follow
collect2: error: ld returned 1 exit status
Makefile:1420: recipe for target 'gdb' failed
make[5]: *** [gdb] Error 1
```
Seems others are running into this as well.
The problem seems to be that some code may be built
as C++ and not C, which may explain the linker error.
On this thread reply:
https://sourceware.org/ml/gdb/2016-11/msg00045.html
it mentions that the simulator should not call GDB's
"error" function directly, but rather use the "host_callback"
struct.
I have no idea about the use of the GDB simulator within
the OpenWrt/LEDE community.
So, I took the easier route, which is to disable the simulator.
(Also suggested here: https://sourceware.org/ml/gdb/2016-11/msg00047.html )
If needed, I can make an effort to fix the simulator for PPC.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Sergey Ryazanov [Tue, 30 May 2017 21:46:40 +0000 (00:46 +0300)]
kernel: disable CONFIG_SG_POOL by default
CONFIG_SG_POOL symbol is selected only by CONFIG_SCSI, since the last
one is disabled by default then disable CONFIG_SG_POOL by default too.
And explicitly enable it only for platforms that use CONFIG_SCSI.
Felix Fietkau [Wed, 7 Jun 2017 16:14:27 +0000 (18:14 +0200)]
kernel: fix segmentation fault in mconf on linux
Commit 86c966a8ae9c4e74b912a16a760aaed17c68eb32 caused HOST_LOADLIBES to
include -lncurses. This was added for fixing build issues on macOS.
This introduces issues on Linux when wide-character ncurses is being
used for compiling, but the non-wide-character version is linked in.
Fix this by adding the extra override for HOST_LOADLIBES only on macOS.
Felix Fietkau [Thu, 16 Mar 2017 08:53:30 +0000 (09:53 +0100)]
build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mk
This allows packages to use kernel make options without the forced
-C $(LINUX_DIR). It also makes it more clear that it to be called from
kernel module packages directly.
Sergey Ryazanov [Tue, 6 Jun 2017 22:25:32 +0000 (01:25 +0300)]
ip17xx: correct aneg_done return value
PHY core treats any positive return value as the auto-negotiation done
indication. Since we do not actually check any device register in this
callback then update it to return positive value with a neutral meaning
instead of the register flag to avoid confusing for future readers.
Sergey Ryazanov [Tue, 6 Jun 2017 22:25:31 +0000 (01:25 +0300)]
mvswitch: fix autonegotiation issue
The Marvel 88E6060 switch has an MDIO interface, but does not emulate
regular PHY behavior for the host. The network core can not detect using
the generic code, whether the connection via the attached PHY can be
used or not. The PHY's state machine is stuck in a state of
auto-negotiation and does not go any further so the Ethernet interface
of the router stay forever in the not-runing state.
Fix this issue by implementing the aneg_done callback to be able to
inform the network core that the Ethernet interface link to which the
switch is connected can be marked as RUNNING.
Sergey Ryazanov [Tue, 6 Jun 2017 22:49:38 +0000 (01:49 +0300)]
ath25: 4.9: fix Ethernet link autonegotiation
Drop the own PHY polling function and switch to using the kernel PHY
state machine. This change allows driver to work correctly with devices
that do not support PHY behaviour but whose driver could emulate
autonegotiation completion (e.g. MV88E6060 and IP17xx switches).
NB: earlier this driver rely on flaws in PHY core code and could use PHY
device without really starting it. But now (at least in kernel 4.9)
this trick no more work and network interface could stuck in not-running
state.
Sergey Ryazanov [Tue, 6 Jun 2017 22:49:37 +0000 (01:49 +0300)]
ath25: 4.9: fix Ethernet tiny issues
Few tiny fixes for issues caused by changes in the upstream:
- do not touch PHY IRQ array (core code initializes it itself now)
- add missed SET_NETDEV_DEV() invocation (causes segfault during phy
connection)
- use phy API inside the MDIO probe function instead of direct field
access (consider phy structure changes in upstream and prevent
similar issues in the future)
Sven Roederer [Mon, 29 May 2017 09:24:49 +0000 (11:24 +0200)]
ramips: add support for Ubiquiti EdgeRouter X-SFP
This patch adds support for the Ubiquiti EdgeRouter X-SFP and
improves support for the EdgeRouter X (PoE-passthrough).
Specification:
- SoC: MediaTek MT7621AT
- Flash: 256 MiB
- RAM: 265 MiB
- Ethernet: 5 x LAN (1000 Mbps)
- UART: 1 x UART on PCB (3.3V, RX, TX, GND) - 57600 8N1
- EdgeRouter X:
- 1 x PoE-Passtrough (Eth4)
- powered by Wallwart or passive PoE
- EdgeRouter X-SFP:
- 5 x PoE-Out (24V, passive)
- 1 x SFP (unknown status)
- powered by Wallwart (24V)
Doesn't work:
* SoC has crypto engine but no open driver.
* SoC has nat acceleration, but no open driver.
* This router has 2MB spi flash soldered in but MT
nand/spi drivers do not support pin sharing,
so it is not accessable and disabled. Stock
firmware could read it and it was empty.
Installation
via vendor firmware:
- build an Initrd-image (> 3MiB) and upload the factory-image
- initrd can have luci-mod-failsafe
- flash final firmware via LuCI / sysupgrade on rebooted system
via TFTP:
- stop uboot into tftp-load into option "1"
- upload factory.bin image
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
ipq806x: Enable ubi image for ipq40xx AP-DK04.1-C1 board
This change add IPQ40xx AP-DK04.1-C1 board image support,
enables ubi image for IPQ40xx AP-DK04.1-C1 board and also
add sysupgrage support for AP-DK04.1-C1 and generates a
sysupgrade.tar image.
Testing:
*Tested on IPQ40xx AP-DK04.1-C1:
a. NAND boot
b. ubi sysupgrade
x86 board.d only contains a case for the APU2, not the APU1. This
causes, for example, network configuration not to be created correctly.
Even though the APU1 seems to reaching EOL, there a still a lot of them
out there.
The APU1 and APU2 is configured in the same way and this patch should
also be considered for stable, as the error also exists there.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Florian Fainelli [Mon, 22 May 2017 23:50:47 +0000 (16:50 -0700)]
perf: Depend on KERNEL_PERF_EVENTS
The kernel needs to have PERF_EVENTS built otherwise we will run into
the following:
root@(none):/# perf top
perf_event_open(..., PERF_FLAG_FD_CLOEXEC) failed with unexpected error
89 (Function not implemented)
perf_event_open(..., 0) failed unexpectedly with error 89 (Function not
implemented)
Error:
The sys_perf_event_open() syscall returned with 89 (Function not
implemented) for event (cycles).
/bin/dmesg may provide additional information.
No CONFIG_PERF_EVENTS=y kernel support configured?
Jonas Gorski [Tue, 7 Feb 2017 13:20:25 +0000 (14:20 +0100)]
brcm63xx: do not require fixed partitions when probing from DT
Allow the parser to be invoked from DT without fixed cfe/linux/nvram
partitions. This allows flash to be probed from DT also for multi
flash-size images.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Tino Reichardt [Sun, 7 May 2017 17:30:36 +0000 (19:30 +0200)]
lantiq: fix 0008-MIPS-lantiq-backport-old-timer-code.patch for Amazon-SE
The patch 0008 removes the vanilla kernel gptu.c of lantiq.
But the replacement file timer.c does not work Amazon-SE and
is also protected therefore with an CONFIG_SOC_AMAZON_SE :-)
This commit will re-activate the default vanilla kernel code
in gptu.c for Amazon-SE.
Signed-off-by: Tino Reichardt <milky-lede@mcmilk.de>
[refresh patches and add same change for kernel 4.9] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tino Reichardt [Tue, 28 Feb 2017 22:08:44 +0000 (23:08 +0100)]
lantiq: fix lantiq_mei.c and amazonse.dsti for adsl modem firmware
The ltq-adsl-mei package is used for 3 lantiq device types:
danube, amazon-se and ar9.
These different SoC's need also different definitions.
Signed-off-by: Tino Reichardt <milky-lede@mcmilk.de>
[fix LTQ_USB_OC_INT for AR9 to match documentation] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Installation:
- can be done via telnet+tftp or serial console
- default passwords:
- via telnet (root:admin)
- via webinterface http://172.16.1.254:8235/ (admin:coolwhite)
Installation via telnet / tftp:
host: # your own host must have an tftpd daemon, then do this:
host: ifconfig eth0:172 172.16.1.1 up
host: # telnet to allnet modem, root:admin
host: telnet 172.16.1.254
modem: # kill this daemon, it spams your console
modem: killall dsl_cpe_control
modem: # change to some place in ram:
modem: cd /ramdisk/tftp_upload
modem: # load lede-lantiq-ase-ALL0333CJ-squashfs-sysupgrade.bin alias uImage
modem: tftp -g -r uImage 172.16.1.1
modem: # load these extra tools from your tftpd via:
modem: # source: https://github.com/mcmilk/uboot-utils/releases/download/0.1/mips32.tar.gz
modem: tftp -g -r flashwrite 172.16.1.1
modem: tftp -g -r fw_setenv 172.16.1.1
modem: tftp -g -r fw.conf 172.16.1.1
modem: ln -s fw_setenv fw_printenv
modem: chmod +x *
modem: ./fw_setenv disable_recovery y
modem: ./fw_setenv kernel_addr 0xb0010000
modem: ./flashwrite /dev/mtd/1 uImage 0
Installation via serial line at uboot:
uboot: # erase everything exept bootloader
uboot: protect on b0000000 +10000; protect on b03f0000 +10000
uboot: erase all
uboot: # get new firmware via tftp:
uboot: tftpboot 0x80100000 uImage; setenv kernel_addr 0xb0010000
uboot: # copy to flash:
uboot: cp.b 0x80100000 $(kernel_addr) $(filesize)
uboot: # disable proprietary image checking:
uboot: setenv disable_recovery=y; saveenv
uboot: # reboot with LEDE ;)
uboot: reset
Ethernet works as expected, DSL syncronization does not work properly
currently, I am working on this issue.
Tino Reichardt [Sun, 26 Feb 2017 20:28:28 +0000 (21:28 +0100)]
lantiq: enable Netgear DGN1000B image build
Enable the building of Netgear DGN1000B images. I have an
example device here, but it was not tested currently.
Also WLAN and USB is not ready in the moment.
This is just the proper way, so that developing on this
device is known to be done in the near future.
Andrea Merello [Sat, 13 May 2017 15:16:13 +0000 (17:16 +0200)]
Lantiq: make possible to tweak DSL SRN from UCI
This patch makes possible to tweak the downstream SNR margin on
Lantiq DSL devices.
The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR
margin offset. It accepts values in range -50 to +50 in 0.1 dB units.
The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB
steps.
Currently this should only affect ADSL (not VDSL). It should be very
easy to make this work also on VDSL lines, but since I couldn't test
on VDSL lines this patch does not do that yet.
I have also a patch for LUCI about this, that I could submit.
Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line.
Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Jo-Philipp Wich [Thu, 1 Jun 2017 23:26:20 +0000 (01:26 +0200)]
umdns: remove superfluous include in init script
The umdns init script includes function/network.sh globally, outside of any
service procedure. This causes init script activation to fail in buildroot
and IB context if umdns is set to builtin.
Additionally, the network.sh helper is not actually used.
Drop the entire include in order to repair init script activation in build
host context. Fixes FS#658.
projects / thirdparty / openwrt.git / log
