Felix Fietkau [Wed, 5 Jul 2017 18:29:39 +0000 (20:29 +0200)]
mt76: update to the latest version
Fixes mt7603 stablity and performance issues
af32615 mt7603: change auto rate control register initialization 01fb9ba mt7603: fix control/status retries count estimation cf4ba12 mt7603: avoid tx rate sampling using no retransmissions 32eab50 mt7603: set wtbl entry vif index c4e3dea mt7603: use the real vif index in txwi header for normal tx. e90a81a mt7603: fix channel width fall back in TXWI
After the update of GNU automake, the flex configure fails with
configure.ac:31: error: version mismatch. This is Automake 1.15.1,
configure.ac:31: but the definition used by this AM_INIT_AUTOMAKE
configure.ac:31: comes from Automake 1.15.
Apply the autoreconf host fixup to properly regenerate configure before
to avoid triggering the version mismatch. Also refresh the patch while
we're at it.
Daniel Golle [Wed, 5 Jul 2017 14:25:23 +0000 (16:25 +0200)]
bzip2: add symlink to binary
Other distributions incl. the OpenWrt ImageBuilder and SDK
expect to find the bzip2 executable in /bin.
Create a symlink at that location for compatibility.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Paul Wassi [Fri, 10 Mar 2017 18:10:29 +0000 (19:10 +0100)]
kirkwood: switch to kernel 4.9
Add patches-4.9, some of them (heavily) rewritten:
- ea4500 is upstream available, keep only LEDE changes in dts
- ea3500 is changed to match the structure of the upstream ea4500 dts
- nsa310s rewritten to include the common dtsi
- nsa325 is dropped, since already upstream
Signed-off-by: Paul Wassi <p.wassi@gmx.at> Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
[refresh kernel config, add on100, use the switchdev based mv88e6171
driver for the linksys boards, keep lede specific rootfs/kernel
partition names for linksys boards, reorder patches] Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Wed, 28 Jun 2017 21:36:37 +0000 (23:36 +0200)]
lantiq: use img file extension for DGN3500 factory images
The Netgear UI in basic mode refuses the upgrade file if the the
fileextension is not img. The expert/advanced mode accepts any
fileextension. Use img to make it work in any case.
Piotr Dymacz [Tue, 4 Jul 2017 13:40:43 +0000 (15:40 +0200)]
firmware-utils: mktplinkfw: add option for endianness swap
This adds command line option in "mktplinkfw" tool for endianness swap
in kernel load address and entry point fields. As in "mktplinkfw2" tool,
we will need this for little-endian targets, like "ramips".
Piotr Dymacz [Sun, 2 Jul 2017 16:32:38 +0000 (18:32 +0200)]
ar71xx: add support for TP-Link TL-WR902AC v1
TP-Link TL-WR902AC v1 is a pocket-size, dual-band (AC750), successor of
TL-MR3020 (both devices use very similar enclosure, in same size). New
device is based on Qualcomm QCA9531 v2 + QCA9887. FCC ID: TE7WR902AC.
Specification:
- 650/391/216 MHz (CPU/DDR/AHB)
- 1x 10/100 Mbps Ethernet
- 1x USB 2.0 (GPIO-controlled power)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH
- 2T2R 2.4 GHz (QCA9531)
- 1T1R 5 GHz (QCA9887)
- 5x LED (GPIO-controlled), 2x button, 1x 3-pos switch
- UART pads on PCB (TP1 -> TX, TP2 -> RX, TP3 -> GND, TP4 -> 3V3, jumper
resitors are missing on TX/RX lines)
- 1x micro USB (for power only)
Flash instructions:
Use "factory" image under vendor GUI.
Recovery instructions:
This device contains tftp recovery mode inside U-Boot. You can use it to
flash LEDE (use "factory" image) or vendor firmware.
1. Configure PC with static IP 192.168.0.66/24 and tftp server.
2. Rename "lede-ar71xx-generic-tl-wr902ac-v1-squashfs-factory.bin"
to "wr902acv1_un_tp_recovery.bin" and place it in tftp server dir.
3. Connect PC with LAN port, press the reset button, power up the router
and keep button pressed until WPS LED lights up.
4. Router will download file from server, write it to flash and reboot.
Root access over serial line in vendor firmware: root/sohoadmin.
We can use "tplink-fw" mtd splitter for TP-Link devices which use kernel
with TP-Link header embedded inside "safeloader" image type and thus get
rid of statically defined "kernel" and "rootfs" partitions in cmdline.
LEDE supports few devices using TP-Link firmware format (V2 or V3):
ArcherC20i, ArcherC50, ArcherMR200, TDW8970, TDW8980, TL-WR840N v4,
TL-WR841N v13 and VR200v
Testing mktplinkfw2 tool with official (vendor generated) firmware files
for above devices has shown an error when comparing calculated and
included MD5 sum, e.g.:
> mktplinkfw2 -i Archer_C20iv1_0.9.1_3.2_up_boot\(170221\)_2017-02-21_17.14.03.bin | grep -A 1 MD5Sum1
Header MD5Sum1 : 22 5a cb 92 10 d2 95 7b df 62 9a f8 62 17 37 10 (*ERROR*)
--> expected : ad 19 11 d1 78 98 a7 42 5f 2e 64 da 8a 34 ec cb
This problem has been verified to occur with:
Archer_C20iv1_0.9.1_3.2_up_boot(170221)_2017-02-21_17.14.03.bin
Archer MR200v1_0.9.1_1.1_up_boot_v004a.0 Build 160905 Rel.60037n.bin
TD-W8970v3_0.9.1_2.0_up_boot(160816)_2016-08-16_10.40.57.bin
TD-W8980v1_0.6.0_1.8_up_boot(150514)_2015-05-14_11.16.43.bin
Archer_VR200vv2_0.2.0_0.8.0_up_boot(161202)_2016-12-05_14.39.06.bin
For some images, e.g.:
Archer_C50v3_EU_0.9.1_0.3_up_boot[170417-rel52298].bin
TL-WR840Nv4_EU_0.9.1_4.16_up_boot[170421-rel70692].bin
TL-WR841Nv13_0.9.1_3.16_up_boot(161012).bin
mktplinkfw2 calculates zero MD5 so these has to be fixed separately:
> mktplinkfw2 -i TL-WR841Nv13_0.9.1_3.16_up_boot\(161012\).bin | grep -A 1 MD5Sum1
Header MD5Sum1 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 (*ERROR*)
--> expected : 6f 1d 9b 57 5d 42 14 6d bf a2 03 9d 46 7d 55 55
It's most likely that MD5 salt used in mktplinkfw2 has been always wrong
(and it's not a matter of e.g. a vendor change). Update it to fix MD5
calculation.
This has been also verified to calculate MD5 correctly for other (not
yet supported) devices, e.g.:
Archer_C3150v2_0.1.0_0.9.1_up_boot(160812)_2016-08-12_10.52.54.bin
Archer_C3200v1_0.9.1_0.1_up_boot(160704)_2016-07-04_15.48.28.bin
Mirko Parthey [Mon, 26 Jun 2017 16:25:45 +0000 (18:25 +0200)]
brcm47xx: use DMZ LED as status indicator
On the Linksys WRT54GSv1, the Power LED flickers in the "off" state.
Indicate status using the DMZ LED if available, since it has solid "on" and
"off" states.
This change was tested on the WRT54GSv1, but may also affect other brcm47xx
devices.
Mirko Parthey [Mon, 26 Jun 2017 16:25:46 +0000 (18:25 +0200)]
brcm47xx: resolve GPIO conflict for WRT54GSv1
On the Linksys WRT54GSv1, the adm6996 switch driver and the
gpio_button_hotplug module both claim GPIO 6, which is connected to the
Reset button. When the switch driver's request wins, the Reset button
cannot work. This makes it impossible to enter failsafe mode without a
serial console.
Stop requesting the "adm_rc" GPIO in the switch driver, since it is not
used anywhere.
Piotr Dymacz [Tue, 27 Jun 2017 20:49:21 +0000 (22:49 +0200)]
ar71xx: image: specify TPLINK_HWID for TP-Link RE450
TPLINK_HWID hasn't been specified for TP-Link RE450 since the begin.
As we don't want to break sysupgrade (all existing LEDE release images
for this board have TPLINK_HWID set to 0x0), set it explicitly to 0x0.
Piotr Dymacz [Wed, 21 Jun 2017 12:16:15 +0000 (14:16 +0200)]
ramips: add support for TP-Link TL-WR840N v4 and TL-WR841N v13
TP-Link TL-WR840N v4 and TL-WR841N v13 are simple N300 routers with
5-port FE switch and non-detachable antennas. Both are very similar
and are based on MediaTek MT7628NN (aka MT7628N) WiSoC.
The difference between these two models is in number of available
LEDs, buttons and power input switch.
This work is partially based on GitHub PR#974.
Specification:
- MT7628N/N (580 MHz)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH
- 2T2R 2.4 GHz
- 5x 10/100 Mbps Ethernet
- 2x external, non-detachable antennas
- UART (J1) header on PCB (115200 8n1)
- TL-WR840N v4: 5x LED (GPIO-controlled), 1x button
- TL-WR841N v13: 8x LED (GPIO-controlled*), 2x button, power input
switch
* WAN LED in TL-WR841N v13 is a dual-color, dual-leads type which isn't
(fully) supported by gpio-leds driver. This type of LED requires both
GPIOs state change at the same time to select color or turn it off.
For now, we support/use only the green part of the LED.
Factory image notes:
These devices use version 3 of TP-Link header, fortunately without RSA
signature (at least in case of devices sold in Europe). The difference
lays in the requirement for a non-zero value in "Additional Hardware
Version" field. Ideally, it should match the value stored in vendor
firmware header on device ("0x4"/"0x13" for these devices) but it seems
that anything other than "0" is correct.
We are able to prepare factory firwmare file which is accepted and
(almost) correctly flashed from the vendor GUI. As it turned out, it
accepts files without U-Boot image with second header at the beginning
but due to some kind of bug in upgrade routine, flashed image gets
corrupted before it's written to flash.
Tests showed that the GUI upgrade routine copies value of "Additional
Hardware Version" from existing firmware into offset "0x2023c" in
provided file, _before_ storing it in flash. In case of vendor firmware
upgrade files (which all include U-Boot image and two headers), this
offset points to the matching field in kernel+rootfs firmware part
header. Unfortunately, in case of LEDE factory image file which contains
only one header, it points to the offset "0x2023c" in kernel image. This
leads to a corrupted kernel and ends up with a "soft-bricked" device.
The good news is that U-Boot in these devices contains well known tftp
recovery mode, which can be triggered with "reset" button. What's more,
in comparison to some of older MediaTek based TP-Link devices, this
recovery mode doesn't write whole file at offset "0x0" in flash, without
verifying provided file in advance. In case of recovery mode in these
devices, first "0x20000" bytes are always skipped and "0x7a0000" bytes
from rest of the file are stored in flash at offset "0x20000".
Flash instruction:
Until (if at all) TP-Link fixes described problem, the only way to flash
LEDE image in these devices is to use tftp recovery mode in U-Boot:
1. Configure PC with static IP 192.168.0.66/24 and tftp server.
2. Rename "lede-ramips-mt7628-tl-wr84...-squashfs-tftp-recovery.bin"
to "tp_recovery.bin" and place it in tftp server directory.
3. Connect PC with one of LAN ports, press the reset button, power up
the router and keep button pressed for around 6-7 seconds, until
device starts downloading the file.
4. Router will download file from server, write it to flash and reboot.
To access U-Boot CLI, keep pressed "4" key during boot.
Piotr Dymacz [Fri, 23 Jun 2017 21:07:10 +0000 (23:07 +0200)]
build: move mktplinkfw2 related commands to image-commands.mk
There are already two targets (lantiq, ramips) which use mktplinkfw2
tool for creating images. This de-duplicates code, introduces two new
build commands: tplink-v2-header, tplink-v2-image and makes use of
them in place of old, (sub)target specific ones.
Piotr Dymacz [Wed, 21 Jun 2017 12:15:55 +0000 (14:15 +0200)]
firmware-utils: mktplinkfw2: support additional hardware version
As it turned out, some of new MediaTek based TP-Link devices use value
from field at 0x3c offset in version 3 of TP-Link header to specify
"Additional Hardware Version".
Value from this field is validated during regular (GUI) firmware upgrade
on devices like TL-WR840N v4 or TL-WR841N v13. If it's zero (based on
some tests, it seems that firmware will accept anything != 0), errors
like below are printed on console and upgrade fails:
QCA9886 wlan needs pre_cal_data file and enable ieee80211 phy hotplug to
patch macaddress.
Flash instruction:
Use "factory" image directly in vendor GUI.
Recovery method:
1. Set PC to fixed ip address 192.168.0.66/24.
2. Download "lede-ar71xx-generic-archer-c58-v1-squashfs-factory.bin" and
rename it to "tp_recovery.bin".
3. Start a tftp server with the file "tp_recovery.bin" in its root
directory.
4. Turn off the router.
5. Press and hold Reset button.
6. Turn on router with the reset button pressed and wait ~15 seconds.
7. Release the reset button and after a short time the firmware should
be transferred from the tftp server.
8. Wait ~30 second to complete recovery.
Federico Cappon [Fri, 9 Jun 2017 15:11:39 +0000 (15:11 +0000)]
ar71xx: add support for TP-Link TL-WA855RE v1
TP-Link TL-WA855RE v1 is a wall-plug N300 Wi-Fi range extender,
based on Qualcomm/Atheros QCA9533 v2.
Short specification:
- 550/397/198 MHz (CPU/DDR/AHB)
- 1x 10/100 Mbps Ethernet
- 32 MB of RAM (DDR1)
- 4 MB of FLASH
- 2T2R 2.4 GHz
- 2x external antennas
- 2x LED (green and orange in the same package), 2x button
- UART: TP5(TX) and TP4(RX) test points on PCB
Flash instruction: use "factory" image directly in vendor GUI.
Warning: this device does not include any kind of recovery mechanism
in the bootloader and disassembling process is not trivial.
You can access vendor firmware over serial line using:
- login: root
- password: sohoadmin
Image was tested only in EU version of the device, but should work
also with the same device version sold in other countries.
Piotr Dymacz [Wed, 14 Jun 2017 13:23:35 +0000 (15:23 +0200)]
ar71xx: fix EnGenius ENS202EXT mtd definition
Use statically defined sizes for kernel and rootfs mtd partitions.
Vendor upgrade script writes both firmware parts independently which
ends up in a gap between kernel and rootfs images. This results in
incorrectly calculated rootfs_data start offset.
Also, fix IMAGE_SIZE, DEVICE_PACKAGES and drop redundant KERNEL
definition.
Camille Bilodeau [Tue, 13 Jun 2017 08:05:13 +0000 (10:05 +0200)]
ar71xx: move Arduino Yun to generic building code
Migrate Arduino Yun from legacy to generic building code.
Note: the mtd partitioning is changed to adopt the LEDE default
partitioning. It allows to have a kernel bigger than 1280k. It is
necessary as kernel > 4.4 with default LEDE configuration grows
bigger.
To use the new partitioning, you need to update your U-Boot env in
advance:
setenv mtdparts "spi0.0:256k(u-boot)ro,64k(u-boot-env),15936k(firmware),64k(nvram),64k(art)ro"
setenv bootcmd "run addboard; run addtty; run addparts; run addrootfs; bootm 0x9f050000 || bootm 0x9fea0000"
saveenv
Stijn Tintel [Thu, 29 Jun 2017 01:36:19 +0000 (03:36 +0200)]
armvirt: rename config-default to config-4.9
The kernel configs for all targets should have the version in the
filename, for clearness and consistency across all targets.
It is also expected by the update_kernel.sh script.
dropbear: server support option '-T' max auth tries
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.
A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Yury Shvedov [Tue, 27 Jun 2017 08:43:54 +0000 (11:43 +0300)]
hostapd: configure NAS ID regardless of encryption
RADIUS protocol could be used not only for authentication but for
accounting too. Accounting could be configured for any type of networks.
However there is no way to configure NAS Identifier for non-WPA
networks without this patch.
Michael Heimpold [Thu, 11 May 2017 21:07:06 +0000 (23:07 +0200)]
mxs: add support for 4.9 and switch over
I did not port the regulator and power patches from Stefan Wahren
because I talked to him and he told me that work on this is currently
stalled. And since AFAIK nothing depends on these patches, leaving them
out seems reasonable.
I build minimum default configurations and run-tested them on both
I2SE Duckbill devices and Olimex Olinuxino Maxi boards successfully [1].
[1] Tested:
- debug uart is working
- boot without any obvious kernel problem
- network is coming up and data transfer is possible
- Olinuxino: USB detects a plugged-in pen drive
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
[refreshed config and patches] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hans Dedecker [Mon, 26 Jun 2017 08:23:08 +0000 (10:23 +0200)]
dnsmasq: backport tweak ICMP ping logic for DHCPv4
Don't start ping-check of address in DHCP discover if there already
exists a lease for the address. It has been reported under some
circumstances android and netbooted windows devices can reply to
ICMP pings if they have a lease and thus block the allocation of
the IP address the device already has during boot.
Jo-Philipp Wich [Sat, 10 Jun 2017 18:51:33 +0000 (20:51 +0200)]
procd: assign /dev/tty* nodes to "tty" group
Adjust default permissions and ownership of /dev/tty* nodes from
0600/root:root to 0660/root:tty in order to support granting
unprivileged user access when needed.
Jo-Philipp Wich [Sat, 10 Jun 2017 18:49:10 +0000 (20:49 +0200)]
base-files: add "tty" user group
This is needed for an upcoming change to the hotplug default rules which
will cause /dev/tty* nodes to get assigned to the "tty" group in order
to support unprivileged user access when needed.
Magnus Kroken [Thu, 22 Jun 2017 21:01:01 +0000 (23:01 +0200)]
openvpn: update to 2.4.3
Fixes for security and other issues. See security announcement for more details:
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
* Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508)
* Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520)
* Potential double-free in --x509-alt-username (CVE-2017-7521)
* Remote-triggerable memory leaks (CVE-2017-7512)
* Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522)
* Null-pointer dereference in establish_http_proxy_passthru()
* Restrict --x509-alt-username extension types
* Fix potential 1-byte overread in TCP option parsing
* Fix mbedtls fingerprint calculation
* openssl: fix overflow check for long --tls-cipher option
* Ensure option array p[] is always NULL-terminated
* Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6)
Magnus Kroken [Wed, 21 Jun 2017 19:05:09 +0000 (21:05 +0200)]
mbedtls: update to 2.5.1
Fixes some security issues (no remote exploits), and introduces
some changes. See release notes for details:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released
* Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
* Adds exponent blinding to RSA private operations
* Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
* Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
* Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.
apm821xx: MR24: fix ethernet phy detection on the MR24
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This patch fixes a problem where the AR8035 PHY can't be
detected on the Cisco Meraki MR24, when the ethernet cable
is not connected during boot.
Russell Senior reported:
|This appears to be a problem during probing of the AR8035
|phy chip. When ethernet has no link, the phy detection fails,
|and eth0 is not created. Plugging ethernet later has no effect,
|because there is no interface as far as the kernel is
|concerned. The relevant part of the boot log looks like this:
|
|[ 0.876611] /plb/opb/emac-rgmii@ef601500: input 0 in RGMII mode
|[ 0.882532] /plb/opb/ethernet@ef600c00: reset timeout
|[ 0.888546] /plb/opb/ethernet@ef600c00: can't find PHY!
(<https://bugs.lede-project.org/index.php?do=details&task_id=687>)
Fixes FS#687 Cc: Chris Blake <chrisrblake93@gmail.com> Reported-by: Russell Senior <russell@personaltelco.net> Fixes: 23fbb5a87c56e98 ("emac: Fix EMAC soft reset on 460EX/GT") Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Mathias Kresin [Thu, 30 Mar 2017 20:01:09 +0000 (22:01 +0200)]
ar71xx: add AR724x PCIe init fixes
Add upstream send AR724x PCIe patches to get the PCIe controller out of
reset during driver init.
The AVM Fritz 300E bootloader doesn't take care of releasing the
different PCIe controller related resets which causes an endless hang
as soon as either the PCIE Reset register (0x180f0018) or the PCI
Application Control register (0x180f0000) is read from.
This is a backport from the busybox repository
(192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the
suppress_{prefixlength,ifgroup} flags for policy routing rules.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
Rafał Miłecki [Fri, 23 Jun 2017 06:59:46 +0000 (08:59 +0200)]
kernel: don't switch allocate_partition to use mtd_roundup_to_eb
This mtd_roundup_to_eb helper was introduced years ago in the commit daec7ad768841 ("kernel/3.10: add separate rootfs partition parser") and
it was probably supposed to simplify code a bit.
With the recent upstream commit 1eeef2d7483a7 ("mtd: handle partitioning
on devices with 0 erasesize") the logic in allocate_partition got
slightly more complex and we can't use this simple helper anymore as it
doesn't support MTD_NO_ERASE properly.
There also isn't any real gain from this helper, so it's probably easier
to just don't use it *or* work on upstreaming it to avoid maintenance
cost.
Rafał Miłecki [Fri, 16 Jun 2017 11:23:22 +0000 (13:23 +0200)]
base-files: fix PKG_CONFIG_DEPENDS to include version.mk entries
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.
projects / thirdparty / openwrt.git / log
