Commit Graph

40503 Commits

Author SHA1 Message Date
Felix Fietkau
13a5cb9d2b musl: allow autorebuild
Autorebuild is disabled for the toolchain to avoid build-order issues.
However, rebuilding musl is safe, so exclude it from that restriction.
Avoids the need for manual cleaning on kernel header <-> libc API
changes like the ones introduced recently

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-25 10:54:14 +01:00
Felix Fietkau
166741240a mac80211: mesh: drop frames appearing to be from us
Upstream backport to fix issues arising from devices with duplicate MAC
addresses

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-25 10:54:14 +01:00
Jackson Ming Hu
21d3643828 ramips: add support for Widora Neo 32MB flash revision
Widora has updated their Widora Neo board recently.

The new model uses 32MB WSON-8 factor SPI flash
instead of the original 16MB SOP-8 factor SPI flash.

All the other hardware components are the same as
the first revision.

Detailed hardware specs listed below:

CPU: MTK MT7688AN
RAM: 128MB DDR2
ROM: 32MB WSON-8 factor SPI Flash (Winbond)
WiFi: Built-in 802.11n 150Mbps?
Ethernet: 10/100Mbps x1
Audio codec: WM8960
Other IO: USB OTG;
	  USB Power+Serial (CP2104);
	  3x LEDs (Power, LAN, WiFi);
	  2x Keys (WPS, CPU Reset)
	  1x Audio In/Out
	  1x IPEX antenna port
	  1x Micro SD slot

Signed-off-by: Jackson Ming Hu <huming2207@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-23 23:31:09 +01:00
Mathias Kresin
a411881a40 ramips: add flash size postfix to Widora neo
Rename the Widora neo by adding a flash size prefix. Move the common parts
into a dtsi to be prepare everything for upcomming support of the 32MB
version.

Migrate the Widora neo to the generic board detection as well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-23 23:31:09 +01:00
Hans Dedecker
6f425a28a4 kernel: generic: add 4.9 config option
When CGROUPS is enabled the new option CONFIG_CGROUP_NET_CLASSID is
selectable and not handled.
Add this option to the 4.9 kernel configuration.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-24 17:05:15 +01:00
Matthias Schiffer
95ab18e012
vxlan: add options to enable and disable UDP checksums
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-24 13:53:34 +01:00
Matthias Schiffer
4d001af7c5
netifd: update to latest git HEAD
af3cadb system-linux: VXLAN: add options to enable and disable UDP checksums

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-24 13:50:50 +01:00
Rosen Penev
c25d9cbde8 ramips: Fix GB-PC1 cpuclock again
The intended frequency is 900 MHz, not 90.

Fixes: 7059ab48a6 ("ramips: fix cpuclock for the GB-PC1")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-01-24 07:33:42 +01:00
Daniel Golle
059b2f5481 ar71xx: fix MikroTik rb-nor-flash-16M-ac image
commit e15c63a375
ar71xx: add support for MikroTik RouterBOARD wAP G-5HacT2HnD (wAP AC)

changed the existing rb-nor-flash-16M-ac image in a way that it would
now only support the rb-wapg-5hact2hnd.
The board show however rather be added to the existing boards in the
rb-nor-flash-16M image template.

Reported-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-01-24 01:24:39 +01:00
Hans Dedecker
a9ffe9fd75 procd: update to latest git HEAD
653629f trace: check asprintf() return value
67eb7e6 trace: add missing limits.h include

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-23 11:46:45 +01:00
Daniel Golle
9c4fe103cb ramips: add support for ZBT-WE1226
MT7628NN (580MHz), 8MB SPI NOR, 64MB DDR2 RAM

Everything except for the switch LEDs works great.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-01-23 02:56:57 +01:00
Hauke Mehrtens
b33c3e1b7c sunxi: Orange Pi R1: configure USB Ethernet controller.
Now the USB port is the WAN port.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-22 22:59:38 +01:00
Hauke Mehrtens
40db7a9dec sunxi: Orange Pi R1: Fix USB Ethernet and activate SPI
The USB Ethernet is not working with the patches proposed for upstream,
fix this and activate the SPI node as this board always has a SPI flash.

Both patches are also targeted for upstream kernel 4.16 and 4.17.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-22 22:59:38 +01:00
Hauke Mehrtens
75f7c1c9ac sunxi: use upstream patch for Orange Pi R1
Instead of using our own device tree definitions use the one provided in
the upstream kernel for 4.16.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-22 22:54:17 +01:00
Hauke Mehrtens
b1c82cbd51 sunxi: backport stmmac network patches
Ethernet support was initial added in kernel 4.13, but deactivated
before the final release. This is backports the changes which are
activating it again from kernel 4.15.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-22 22:54:17 +01:00
Hauke Mehrtens
ad2b3bf310 sunxi: Add support for kernel 4.14
This is based on the code for kernel 4.9, but a lot of 4.9 patches are
backports from more recent kernel version and can be removed now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-22 22:51:02 +01:00
Hauke Mehrtens
dda475ca30 sunxi: refresh kernel configuration
Just refresh the sunxi kernel configuration.
This also moves the CONFIG_CRYPTO_DEV_SUN4I_SS_PRNG option to the
config-4.9 file.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-22 22:49:59 +01:00
Jo-Philipp Wich
eaf79d06b7 Revert "kernel: add IEEE-1284 parallel port support"
This reverts commit 666e9cf222.

The change has not been build-tested on non-x86 targets and leads to
stalled kernel builds due to unset configuration symbols there.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-22 13:41:20 +01:00
John Crispin
24b0424ecb procd: update to latest git HEAD
846e20c procd: add timing to start/stop logging

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-22 12:53:34 +01:00
Gabor Juhos
eb9e3651dd ar71xx: add support for the MikroTik RB911-2Hn/5Hn boards
The patch adds support for the MikroTik RB911-2Hn (911 Lite2)
and the RB911-5Hn (911 Lite5) boards:

  https://mikrotik.com/product/RB911-2Hn
  https://mikrotik.com/product/RB911-5Hn

The two boards are using the same hardware design, the only difference
between the two is the supported wireless band.

Specifications:
  * SoC: Atheros AR9344 (600MHz)
  * RAM: 64MiB
  * Storage: 16 MiB SPI NOR flash
  * Ethernet: 1x100M (Passive PoE in)
  * Wireless: AR9344 built-in wireless MAC, single chain
              802.11b/g/n (911-2Hn) or 802.11a/g/n (911-5Hn)

Notes:
  * Older versions of these boards might be equipped with a NAND
    flash chip instead of the SPI NOR device. Those boards are not
    supported (yet).
  * The MikroTik RB911-5HnD (911 Lite5 Dual) board also uses the
    same hardware. Support for that can be added later with little
    effort probably.

Installation:

1. Setup a DHCP/BOOTP Server with the following parameters:
   * DHCP-Option 66 (TFTP server name): pointing to a local TFTP
     server within the same subnet of the DHCP range
   * DHCP-Option 67 (Bootfile-Name): matching the initramfs filename
     of the to be booted image. The usable intramfs files are:
       - openwrt-ar71xx-mikrotik-vmlinux-initramfs.elf
       - openwrt-ar71xx-mikrotik-vmlinux-initramfs-lzma.elf
       - openwrt-ar71xx-mikrotik-rb-nor-flash-16M-initramfs-kernel.bin

2. Press the reset button on the board and keep that pressed.

3. Connect the board to your local network via its ethernet port.

4. Release the button after the LEDs on the board are turned off.
   Now the board should load and start the initramfs image from
   the TFTP server.

5. Upload the sysupgrade image to the board with scp:
     $ scp openwrt-ar71xx-mikrotik-rb-nor-flash-16M-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/fw.bin

5. Log in to the running system listening on 192.168.1.1 via ssh
   as root (without password):
     $ ssh root@192.168.1.1

7. Flash the uploaded firmware file from the ssh session via the
   sysupgrade command:
     root@OpenWrt:~# sysupgrade /tmp/fw.bin

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
2018-01-22 10:53:45 +01:00
Gabor Juhos
a4320b3332 ar71xx: make leds-gpio usable with single-ended GPIOs
Add patches for the leds-gpio driver to make it usable with
open-drain and open-source kind of GPIO lines.

This type of functionality is required by various MikroTik boards.

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
2018-01-22 10:53:32 +01:00
Gabor Juhos
e379e60b17 ar71xx: mach-rbspi: return rb_info from rbspi_platform_setup
Modify the rbspi_platform_setup() function to return the pointer of the
rb_info structure. This allows board specific setup routines to access
the various fields of the information. It is useful for investigating
the hardware option bits for example.

Also update the board setup codes, to ensure that those handle the new
return value correctly.

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
2018-01-22 10:53:16 +01:00
Gabor Juhos
c7371cd1ee ar71xx: add definitions for RouterBOARD hardware option bits
Add bit definitions for the 'hardware options' tag which is used in
the MikroTik devices' hardware configurations. These values can be
used in board setup codes, to do different initialization sequences.
The values were obtained from the RouterOS 6.41-rc38 patches.

Additionally, introduce two helper functions what make the processing
of the hardware options easy.

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
2018-01-22 10:53:00 +01:00
Koen Vandeputte
5bdbc10b1b uqmi: silence error on pin verification
If a device only supports the 2nd verification method (uim),
the first method will fail as expected reporting an error:

"Command not supported"

Silence both separate methods and only report an error regarding
pin verification if both fail.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-22 08:46:46 +01:00
Daniel Gimpelevich
666e9cf222 kernel: add IEEE-1284 parallel port support
The kmod-lp package included both lp.ko and ppdev.ko, but ECP device
drivers may or may not require lp NOT to be loaded, needing only ppdev.
Additionally, There were no packages for any parport interface modules,
such as uss720 or parport_pc, provided here. It has not been otherwise
possible to use PC-style parport hardware for kmod-lp.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2018-01-22 07:17:11 +01:00
Hauke Mehrtens
36f1978a70 pistachio: make patches apply again
Support for Winbond NAND flash detection was added into the generic
patches and this conflicted with this patch adding Gigadevice support.

Fixes: 02050f7e7d ("kernel/4.{4, 9}: add manufacturer ID for Winbond NANDs")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 23:36:05 +01:00
Hauke Mehrtens
4d649ba949 ipq806x: make patches apply again
Some part of this patch was added to the generic patches as it was
needed also for some other target. Do not add it here any more.

Fixes: 02050f7e7d ("kernel/4.{4, 9}: add manufacturer ID for Winbond NANDs")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 23:24:02 +01:00
Hauke Mehrtens
e390756eff x86: Add CONFIG_RETPOLINE to fix build
This adds support for the new configuration option CONFIG_RETPOLINE and
refreshes the configuration.

Fixes: d8565a06dc ("kernel: bump 4.9 to 4.9.77")
Fixes: 9ddfac8015 ("kernel: bump 4.14 to 4.14.14")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 22:46:34 +01:00
Hauke Mehrtens
4336efe14b kernel: use upstream patches for musl
This replaces the current patches used to make the kernel headers
compatible with musl with the version which was accepted upstream. This
is included in upstream kernel 4.15.
This was compile tested with iproute2 build on all supported kernel
versions with musl and one one with glibc.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 22:11:33 +01:00
Hauke Mehrtens
e3c43ade0b ubus: fix PKG_MIRROR_HASH
Fixes: dd975d15a7 ("ubus: fix wrong PKG_SOURCE_DATE")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 20:22:01 +01:00
Philip Prindeville
a30791242b nftables: update to 0.8.1
Note this requires libnftnl-1.0.8 or higher, so that update needs
to be merged first.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-01-20 20:22:01 +01:00
Philip Prindeville
3d8040e04f libnftnl: update to 1.0.9
Also, drop unsupported configure options.

Don't use git retrieve but released tarball instead.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-01-20 20:22:01 +01:00
Hauke Mehrtens
f9aca01a53 kernel: backport fix for nftables on big Endian
nftables 0.8.1 generates some new commands which will not work without
this on big endian systems. This patch is included in Linux 4.11 and
later.

My rule matching a TCP port was not working:
nft add rule ip foo bar ct state new tcp dport 22 accept

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 20:22:01 +01:00
Hannu Nyman
e787ad5c96 tools/tar: update to 1.30
update GNU tar to 1.30

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant
a30370bbf1 kernel: bump 4.4 to 4.4.112
Refresh patches.
Remove upstreamed patches:

target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant
d8565a06dc kernel: bump 4.9 to 4.9.77
Refresh patches.
Remove upstreamed patches:

target/linux/generic/backport-4.9/023-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/backport-4.9/023-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant
9ddfac8015 kernel: bump 4.14 to 4.14.14
Refresh patches.

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-20 20:22:00 +01:00
Gabor Juhos
02050f7e7d kernel/4.{4, 9}: add manufacturer ID for Winbond NANDs
Some MikroTik devices are using a Winbond NAND flash. Linux treats
it as an unknown NAND before version 4.11:

  nand: device found, Manufacturer ID: 0xef, Chip ID: 0xf1
  nand: Unknown NAND 128MiB 3,3V 8-bit
  nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64

Backport a patch from 4.11 to show the manufacturer correctly:

  nand: device found, Manufacturer ID: 0xef, Chip ID: 0xf1
  nand: Winbond NAND 128MiB 3,3V 8-bit
  nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64

Tested on a MikroTik R951Ui-2HnD board.

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
2018-01-20 20:22:00 +01:00
Kevin Darbyshire-Bryant
adaf1cbcc8 dnsmasq: backport validation fix in dnssec security fix
A DNSSEC validation error was introduced in the fix for CVE-2017-15107

Backport the upstream fix to the fix (a simple typo)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-20 14:22:39 +01:00
Kevin Darbyshire-Bryant
a3198061f8 dnsmasq: backport dnssec security fix
CVE-2017-15107

An interesting problem has turned up in DNSSEC validation. It turns out
that NSEC records expanded from wildcards are allowed, so a domain can
include an NSEC record for *.example.org and an actual query reply could
expand that to anything in example.org  and still have it signed by the
signature for the wildcard. So, for example

!.example.org NSEC zz.example.org

is fine.

The problem is that most implementers (your author included, but also
the Google public DNS people, powerdns and Unbound) then took that
record to prove the nothing exists between !.example.org and
zz.example.org, whereas in fact it only provides that proof between
*.example.org and zz.example.org.

This gives an attacker a way to prove that anything between
!.example.org and *.example.org doesn't exists, when it may well do so.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-19 22:11:16 +01:00
Christian Lamparter
9c2ac19b03 ipq806x: remove merged ipq4019 patch
The patch 0022-dts-ipq4019-support-ARMv7-PMU.patch
was merged into 4.8-rc1.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[refresh patches]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-18 21:21:11 +01:00
Christian Lamparter
5988364cf3 ipq806x: remove dependency on non-existent kmod
During the integration of the ipq40xx target,
the phy drivers were included into the ipq806x's
target kernel config.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
51dd8f3875 ipq-wifi: align AVM FRITZ!Box 4040's board-2.bin package
This patch renames the AVM FRITZ!Box 4040's board-2.bin
file and package to match the 'vendor_product' format.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
42b47f1b40 ipq806x: overhaul AVM FRITZ!box 4040 device-tree file
This patch aligns the device-tree file with the latest
guidelines.
 - No longer include qcom-ipq4019-ap.dk01.1.dtsi. This
   file is only partially upstream and therefore subjected
   to changes that might not be compatible with the board.

   As a result, the definitions from the file have been
   copied into this dts.

 - exclusively use decimal GPIO addresses.

 - reorganize the reserved-memory layout to waste less
   memory. There's no point in keeping the u-boot loader
   around. This should also make it possible    to create
   an image that will boot with the original EVA/ADAM2 loader
   without needing to install the modified u-boot loader.
   And finally mark the "tz-apps" as reusable.
   There isn't a way to  upload apps to the trust-zone in OpenWrt
   yet. But it might see some use in the future as a "secure"
   key-store/TPM.

 - sort the first-level nodes alphabetically.
 - sort nodes with an address by the address.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
8d755ef052 firmware: ath10k-firmware: update QCA988x firmware to 10.2.4-1.0-00033
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA988x.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
f6a8505de0 firmware: ath10k-firmware: update QCA9887 firmware to 10.2.4-1.0-00033
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA9887.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
2d3a73afc4 firmware: ath10k-firmware: update QCA9888 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9888.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
da5312d06e firmware: ath10k-firmware: update QCA9984 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9984.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
e0184fd0d5 firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA4019.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
280a7d3948 firmware: ath10k-firmware: update to 2017-12-20
This update automatically includes a new firmware for the QCA6174:
firmware-6.bin_WLAN.RM.4.4.1-00079-QCARMSWPZ-1

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00