Florian Fainelli [Thu, 11 May 2017 21:33:42 +0000 (14:33 -0700)]
include: Do not alter KERNELRELEASE for external/git kernels
In case we use external and/or git cloned kernels, let the kernel
determine the appropriate KERNELRELEASE. We cannot used
LINUX_UNAME_VERSION because that one gets determined at a later time,
when the kernel is already built proper.
Florian Fainelli [Thu, 11 May 2017 21:33:41 +0000 (14:33 -0700)]
Revert "kernel: prevent addition of scm marker to localversion"
This reverts commit 0df2c6563a3537ed21b28a9fb6874bf2718afd05 since it
gets in the way of identifying properly which kernel we are running.
This is particularly important if LEDE is using external kernels/git
cloned kernels. We want to make sure we only load modules from that
specific kernel.
René Mayrhofer [Thu, 27 Apr 2017 08:08:39 +0000 (10:08 +0200)]
Make GBit switch work on RB2011
This change is required to make the GBit switch work on my Mikrotik Routerboard RB2011UiAS-RM, and I assume that the other RB2011 variants are exactly the same in terms of the switch. I have tested the board without and with the patch and confirm that the GBit ports are not supported at all (i.e. no communication works) with the current version in trunk and that everything works with the patch applied. The test box has been running for a few days with the patch applied, and does not show any performance problems in a test setting. I have not used it with LEDE in production so far, but with a previous turnk version of OpenWRT for many years - with the same patch applied. I therefore have good indication that it is stable.
For the record, the switch chip on my test box is identified as
switch0: Atheros AR8327 rev. 4 switch registered on ag71xx-mdio.0
The value 0x6f000000 has been taken from the table at https://wiki.openwrt.org/toh/mikrotik/rb2011uias with the previous discussion thread still online at https://lists.openwrt.org/pipermail/openwrt-devel/2014-December/029949.html.
One definite improvement from the older OpenWRT trunk version I have been running in production and current LEDE trunk is that the SFP interface can be kept in the default configuration without excessive kernel messages about it constantly going up and down. I have not yet tested an actual SFP module, though.
Performance seems to be reasonable. Routing between two GBit ports on that switch separated by different VLANs with the default firewall ruleset (and one additional rule two allow traffic between the VLANs), but without NAT, iperf3 results are:
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 508 MBytes 426 Mbits/sec 102 sender
[ 4] 0.00-10.00 sec 506 MBytes 425 Mbits/sec receiver
With a connection going through NAT (also 2 ports on the same GBit switch, same ruleset, but NAT active), routing performance drops to around 250 MBit/s.
(Note that RouterOS achieves beyond 900 MBit/s on the same hardware with the default rule set and the FastTrack rule active even for NAT, see https://wiki.mikrotik.com/index.php?title=Manual:IP/Fasttrack and http://www.mikrotik.com/download/share/FastTrack.pdf).
Summarizing, I strongly recommend to apply this patch in trunk, so that the GBit switch chip rev. 4 can be supported upstream in the next LEDE release (hopefully soon).
Signed-off-by: René Mayrhofer <rene@mayrhofer.eu.org>
Stijn Tintel [Sun, 14 May 2017 01:40:11 +0000 (03:40 +0200)]
brcm2708: enable cpufreq
With cpufreq disabled, the CPU stays locked at the frequency set by the
bootloader. This severely degrades performance as the bootloader sets
the CPU at the lowest frequency by default.
Enable cpufreq for all subtargets and use the ondemand governor.
Tested bcm2708 on RPi0W. Tested bcm2709 and bcm2710 on RPi3.
Hans Dedecker [Mon, 22 May 2017 19:35:21 +0000 (21:35 +0200)]
netifd: update to git HEAD version
7573880 system-linux: parse 6rd specific settings as nested json data object a063705 system-linux: remove redundant check for strtoul() return value e6ebe0b build: disable unknown warning option error in clang 08d8f47 interface: add new "ifup-failed" hotplug event 20a1bac bridge: reset primary only after marking the member not present 6b9c267 build: suppress format truncation warnings to avoid errors with gcc7
Rafał Miłecki [Mon, 22 May 2017 10:04:01 +0000 (12:04 +0200)]
umdns: update to the version 2017-05-22
This includes following changes: 0e8b948 Support specifying instance name in JSON file 49fdb9f Support PTR queries for a specific service 26ce7dc Allow filtering with instance name in service_reply 920c62a Store instance name in the struct service ff09d9a Rename service_name function to the service_instance_name 64f78f1 Rename mdns_hostname variable to the umdns_host_label
Previous package update pulled commit 70c66fbbcde86 ("Fix sending
replies to PTR questions") which introduced a regression which this
update fixes.
Felix Fietkau [Thu, 4 May 2017 14:04:21 +0000 (16:04 +0200)]
fstools: update to the latest version
88d48d5 libfstools: silence mkfs.{ext4,f2fs} a19f2b3 build: disable the format-truncation warning error to fix gcc 7 build errors 633a8d0 libfstools: fix multiple volume_identify usages with the same volume c43ae11 fstools: use -Wno-format-truncation instead of -Wno-error=format-truncation
Yousong Zhou [Mon, 22 May 2017 02:35:10 +0000 (10:35 +0800)]
libunwind: update to 1.2
Addresses CVE-2015-3239: Off-by-one error in the dwarf_to_unw_regnum
function in include/dwarf_i.h in libunwind 1.1 allows local users to
have unspecified impact via invalid dwarf opcodes.
Upstream stable-v1.2 fixed the missing unwind_i.h issue but no new
tarball is released yet
- Security: Fix double-free in server TCP listener cleanup A double-free
in the server could be triggered by an authenticated user if dropbear is
running with -a (Allow connections to forwarded ports from any host)
This could potentially allow arbitrary code execution as root by an
authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark
Shepard for reporting the crash.
CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
- Security: Fix information disclosure with ~/.ssh/authorized_keys
symlink. Dropbear parsed authorized_keys as root, even if it were a
symlink. The fix is to switch to user permissions when opening
authorized_keys
A user could symlink their ~/.ssh/authorized_keys to a root-owned file
they couldn't normally read. If they managed to get that file to contain
valid authorized_keys with command= options it might be possible to read
other contents of that file.
This information disclosure is to an already authenticated user.
Thanks to Jann Horn of Google Project Zero for reporting this.
CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
Refresh patches, rework 100-pubkey_path.patch to work with new
authorized_keys validation.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Hauke Mehrtens [Sun, 21 May 2017 19:20:44 +0000 (21:20 +0200)]
lantiq: spi: double time out tolerance
The generic SPI code calculates how long the issued transfer would take
and adds 100ms in addition to the timeout as tolerance. On my 500 MHz
Lantiq Mips SoC I am getting timeouts from the SPI like this when the
system boots up:
m25p80 spi32766.4: SPI transfer timed out
blk_update_request: I/O error, dev mtdblock3, sector 2
SQUASHFS error: squashfs_read_data failed to read block 0x6e
After increasing the tolerance for the timeout to 200ms I haven't seen
these SPI transfer time outs any more.
The Lantiq SPI driver in use here has an extra work queue in between,
which gets triggered when the controller send the last word and the
hardware FIFOs used for reading and writing are only 8 words long.
Refresh patches. A number of patches have landed upstream & hence are no
longer required locally:
062-[1-6]-MIPS-* series
042-0004-mtd-bcm47xxpart-fix-parsing-first-block
Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup
as it was incorrectly included upstream thus dropped from LEDE.
As it has now been reverted upstream it needs to be included again for
LEDE.
Run tested ar71xx Archer C7 v2 and lantiq.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[update from 4.4.68 to 4.4.69] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rafał Miłecki [Sun, 21 May 2017 15:41:41 +0000 (17:41 +0200)]
bcm53xx: add support for TP-LINK Archer C5 V2
This model also contains few partitions non-discoverable partitions we
need to "protect". Othen than that it uses non-deprecated serial entry
in DTS that doesn't work with LEDE so we need to workaround it as well.
I did not count on procd handling reload as mentioned
in this doc:
https://wiki.openwrt.org/inbox/procd-init-scripts
```
procd_set_param file /var/etc/your_service.conf # /etc/init.d/your_service reload will restart the daemon if these files have changed
procd_set_param netdev dev # likewise, except if dev's ifindex changes.
procd_set_param data name=value ... # likewise, except if this data changes.
```
The service would be restarted regardless of any of those params.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Teltonika RUT900 is a Router with LTE dual SIM, WiFi, 4x Ethernet
ports, I/O, RS232, RS485, GPS.
The device ist based on a Atheros AR9344 rev 3,
Specifications:
- 560/450/225 MHz (CPU/DDR/AHB)
- 128 MB of RAM
- 16 MB of FLASH
- Serial Console header on a Card Board edge connector
- 4x 10/100 Mbps Ethernet (3x LAN, 1x WAN)
- 2.4 GHz Wifi
- 2x external, detachable Wifi antennas
- LTE Modem Huawei ME909u-521 (Also other Modem seen)
- 2x LTE antennas
- 1x GPS antenna
- 7x LED, 1x button
- 1x USB Connector
- 1x Serial RS232
- 1x Serial RS485
- 1x MicroSD Card
The GPL sources of the device are available at www.teltonika.lt/gpl/
and are based on OpenWRT Barrier Breaker (14.07)
Running from tftp:
The Router starts into the uboot Webupdater if the Button ist pressed
more than 3 seconds, if no Network cable is attached it starts the
uboot serial console, from there the router loads the firmware image
via tftpboot from 192.168.1.2:firmware.bin (the router has the
192.168.1.1). With bootm the loaded image will be booted.
Ben Greear [Tue, 16 May 2017 22:44:20 +0000 (15:44 -0700)]
ath10k-ct-firmware: Add support for QCA9886/QCA9888 firmware.
This firmware shoul have the same general feature set as the
rest of the 10.4 CT firmware (9984, 9980, etc). Build-tested
only in LEDE, but firmware has been tested with ath10k-ct driver
on other OSs, so likely works just fine.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Ben Greear [Tue, 16 May 2017 22:26:11 +0000 (15:26 -0700)]
ath10k-ct-firmware: Update to latest.
The 988x and 9887 firmwares include a bugfix for a case where blockack
did not work sometimes, and many fixes for compiler warnings detected
by newer gcc compilers.
The 9980 and 9984 firmware includes a large backport of upstream QCA
firmware changes to bring it up to date.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Flashing:
1. Hook into UART (9600 baud) and enter U-Boot. You may need to enter
a password of administrator or AhNf?d@ta06 if prompted.
2. Once in U-Boot, download and flash LEDE factory image over tftp:
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
[minor text changes in commit subject and description, fixed
alphabetical order in etc/diag.sh, use only model name in lib/ar71xx.sh,
fixed code style issues in mach-hiveap-121.c, ubinized factory image] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Mantas Pucka [Mon, 8 May 2017 10:28:38 +0000 (13:28 +0300)]
ar71xx: add support for 8devices Rambutan development board
Rambutan is a Wifi module based on QCA9550/9557
http://www.8devices.com/products/rambutan
This commit adds basic support for Rambutan development kit
Specification:
- 720/600/200 MHz (CPU/DDR/AHB)
- 128 MB of DDR2 RAM
- 128 MB of NAND Flash
- 1x 100Mbps Ethernet
- 1x 1000Mbps Ethernet (PHY on dev-kit)
- 1x Wifi radio 2x2 MIMO, dualband 2.4 and 5 GHz
- 2x U.FL connectors on module, chip antennas on dev-kit
- 1x miniPCIe slot
- 1x USB2.0 host socket + 1x USB2.0 pins on 2.54mm header
Flash instructions:
Stock firmware is OpenWrt, so use:
sysupgrade -n /tmp/lede-ar71xx-nand-rambutan-squashfs-sysupgrade.tar
or upgarde from GUI (don't save config)
Use factory image to flash from U-Boot:
tftpboot 80060000 lede-ar71xx-nand-rambutan-squashfs-factory.ubi
nand erase.part ubi
nand write 80060000 ubi ${filesize}
Signed-off-by: Mantas Pucka <mantas@8devices.com>
[split support in uboot-envtools package into a separate commit,
fixed alphabetical order in lib/preinit/05_set_iface_mac_ar71xx] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Hans Dedecker [Mon, 15 May 2017 20:25:47 +0000 (22:25 +0200)]
odhcpd: update to git HEAD version
93abe6f config: fix invalid hoplimit in RA message 2ae08d1 config: fix invalid retranstime in RA message 0005cb4 config: fix invalid reachabletime in RA message 5683dd2 config: limit ra_mtu to 65535 f8d40a5 router: fix interface mtu read error f8f4b87 config: limit ra_retranstime to 60000 a2d8bf6 dhcpv4: display two hex digits per octet in syslog a9e9bc4 config: make RA retransTime configurable via uci 2cb6b48 config: make RA reachableTime configurable via uci e4504db config: make RA curHopLimit configurable via uci 9dd5316 config: make RA mtu configurable via UCI 29cb2ff config: fix dhcpv4 server being started 0ef74ec ndp.c: add switch/case fallthrough comments
Alberto Bursi [Thu, 30 Mar 2017 10:34:42 +0000 (12:34 +0200)]
kirkwood: set sata/usb led trigger for NSA3xx
these two devices have a Sata led for each sata port.
These leds must be controlled separately by a special
sata led trigger already used in oxnas target.
Both these devices have a single USB led, and to keep
consistent behaviour with the Sata leds that show
sata activity, this led uses usb-host trigger
to show usb activity.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Alberto Bursi [Thu, 30 Mar 2017 10:27:19 +0000 (12:27 +0200)]
base-files: add led functions to uci-defaults.sh
uci_set_leds_ataport() allows to set a led to show activity
on a specific (s)ata port, which is needed for devices that have
a Sata led for each sata port.
The led trigger is from the 834-ledtrig-libata.patch LEDE kernel patch.
uci_set_leds_usbhost() allows to set a led to show total usb activity.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
[Jo-Philipp Wich: use a single underscore to denote private functions] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Alberto Bursi [Thu, 30 Mar 2017 09:47:32 +0000 (11:47 +0200)]
base-files: cleanup led functions in uci-defaults.sh
create a function with code common to all led functions,
create another function with code common to functions setting
a simple led trigger, restore alphabetical order in function names.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
[Jo-Philipp Wich: use a single underscore to denote private functions] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Sun, 14 May 2017 17:47:07 +0000 (19:47 +0200)]
mac80211: gracefully handle preexisting VIF
Gracefully handle cases where the to-be-created wireless interface already
exists on the system which might commonly happen with non-multi-SSID capable
wireless drivers.
This fixes commit 8301e613655c2d95fa5430a1a57d92d966fdc70b which caused
previously ignored "Too many open files in system (-23)" errors to fail the
wireless setup procedure.
With the updated approach we'll still try recreating the vif after one
second if the first attempt to do so failed with ENFILE but we will now
consider the operation successfull if a second attempt still yields ENFILE
with the requested ifname already existing on the system.
mac80211, hostapd: always explicitly set beacon interval
One of the latest mac80211 updates added sanity checks, requiring the
beacon intervals of all VIFs of the same radio to match. This often broke
AP+11s setups, as these modes use different default intervals, at least in
some configurations (observed on ath9k).
Instead of relying on driver or hostapd defaults, change the scripts to
always explicitly set the beacon interval, defaulting to 100. This also
applies the beacon interval to 11s interfaces, which had been forgotten
before. VIF-specific beacon_int setting is removed from hostapd.sh.
Add the necessary changes to CMakeLists.txt to search zlib.h. Fixes
build issues with external toolchains that don't have STAGING_DIR in the
default search path.
Alexey Brodkin [Wed, 3 May 2017 08:46:19 +0000 (11:46 +0300)]
perf: Disable perf for ARC770 only, enable for ARC HS38
Toolchain built for ARCv1 (read for ARC700 cores) by default has
disabled atomic ops (-mno-atomic). When we build Linux kernel for ARC770
which has LL/SC instructions and thus may handle normally atomic ops we
explicitly add "-matomic" in CFLAGS. But since user-space perf utility has
no way to extract CPU config options from Kconfig/defconfig it uses
compiler default settings.
In case of ARCv2 (read ARC HS38) atomics are enabled by default and so
perf builds perfectly fine thus reenabling perf for ARC HS38 (actually
for non-ARC700 targets).
Sergey Ryazanov [Sun, 7 May 2017 17:19:13 +0000 (20:19 +0300)]
build: new fixes for symlinked .config handling
When running "make {config|defconfig|oldconfig}" with symlinked .config
(e.g. to env/.config) it renames symlink to .config.old, creates new
.config file, and writes the updated configuration into it.
This breaks the desired workflow when changes in the configuration can
be checked using "scripts/env diff" and commited using "scripts/env
save". Since the env/.config file is not updated.
The things become even worse when working with feeds, since feeds script
quite often silently invokes "make {oldconfig|defconfig}" and breaks the
symlink.
Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.
Ørjan Malde [Fri, 5 May 2017 15:54:26 +0000 (17:54 +0200)]
ramips: add support for Asus RT-AC51U
Specification:
- SoC: MediaTek MT7620A (580 MHz)
- RAM: 64 MiB (Winbond W9751G6JB-25)
- Flash: 16 MiB (Spansion S25FL128SAIF00)
- LAN: x4 100M
- WAN: x1 100M
- Others: USB 2.0, reset button, wps button and 9 LEDs
Issues:
- 5 GHz band is not functional (missing driver support)
Installation:
Asus windows recovery tool:
- install the Asus firmware restoration utility
- unplug the router, hold the reset button while powering it on
- release when the power LED flashes slowly
- specify a static IP on your computer:
IP address: 192.168.1.75;
Subnet mask 255.255.255.0
- Start the Asus firmware restoration utility, specify the sysupgrade
image, and press upload
TFTP Recovery method:
- set computer to a static ip, 192.168.1.75
- connect computer to the LAN 1 port of the router
- hold the reset button while powering on the router for a few seconds
- send firmware image using a tftp client; i.e from linux:
$ tftp
tftp> binary
tftp> connect 192.168.1.1
tftp> put lede-ramips-mt7620-rt-ac51u-squashfs-sysupgrade.bin
tftp> quit
Installation via serial console (57600 8N1) from TFTP server
- rename the firmware to something shorter, for example
"sysupgrade.bin" (max. 32 chars)
- copy firmware TFTP server's directory
- when you power on device, and see U-Boot log, immediatly push "2"
once.
- You will see this message:
2: System Load Linux Kernel then write to Flash via TFTP.
Warning!! Erase Linux in Flash then burn new one. Are you sure?
- Push "y", and enter: device IP, then TFTP server's IP, and then
image firmware file name.
The firmware will be downloaded within ~30 seconds and flashed to the
device (It will take about 2 minutes).
This patch adds the interface-name option for each dhcp config
in /etc/config/dhcp.
With the interface_name option users can define a DNS name for each dhcp section
that will be resolved by dnsmasq with the underlaying interface address.
For example:
config dhcp 'lan'
option interface 'lan'
...
list interface_name 'home.lan'
...
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Mathias Kresin [Sun, 26 Mar 2017 08:53:35 +0000 (10:53 +0200)]
lantiq: fix avm fritz box mac addresses
It has been shown that the Fritz boxes have the correct mac address set
in the wireless calibration data/eeeprom. Use this mac address as base
for the ethernet and xdsl interface increment/decrement the address to
match the values stored in the tffs.
Daniel Golle [Fri, 5 May 2017 12:16:44 +0000 (14:16 +0200)]
x86: fix lifting kernel CPU requirements and always enable PAE
commit 89878f60f4 x86: lift kernel minimum CPU requirement to Pentium MMX
caused kconfig havoc. Fix this and make sure PAE is enabled even on legacy
CPUs as the minimum required CPU has been Pentium MMX for a while now and
hence PAE is supported even on the x86_legacy target.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Fri, 5 May 2017 07:51:17 +0000 (09:51 +0200)]
x86: generic: use HIGHMEM64G instead of HIGHMEM4G
commit 4b4f73937371 switched on HIGHMEM4G which implicitely disabled
PAE and hence also NX and other useful and security-relevant features.
Re-enable PAE by switching to HIGHMEM64G.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Alberto Bursi [Tue, 2 May 2017 17:31:17 +0000 (19:31 +0200)]
dnsmasq: make tftp root if not existing
If there's a TFTP root directory configured, create it with mkdir -p
(which does not throw an error if the folder exists already)
before starting dnsmasq. This is useful for TFTP roots in /tmp, for example.
Originally submitted by nfw user aka Nathaniel Wesley Filardo
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
projects / thirdparty / openwrt.git / log
