Commit Graph

36111 Commits

Author SHA1 Message Date
Hauke Mehrtens
df9efc9497 curl: update to version 7.50.3
This fixes the following security problems:
7.50.1:
 CVE-2016-5419 TLS session resumption client cert bypass
 CVE-2016-5420 Re-using connections with wrong client cert
 CVE-2016-5421 use of connection struct after free
7.50.2:
 CVE-2016-7141 Incorrect reuse of client certificates
7.50.3:
 CVE-2016-7167 curl escape and unescape integer overflows

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-24 13:48:05 +02:00
Magnus Kroken
6926325829 openssl: update to 1.0.2i
Drop 302-fix_no_cmac_build.patch, it has been applied upstream.

Security fixes:
* (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305)
* 10 Low severity issues

Security advisory: https://www.openssl.org/news/secadv/20160922.txt
Changelog: https://www.openssl.org/news/cl102.txt

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-24 13:28:59 +02:00
Matthias Schiffer
c15d70c6d6
image: don't override opkg list directory in per-device rootfs mode
opkg's -l option is always interpreted relative to the installation root.
This leads to very weird paths inside the rootfs (containing the whole path
to the LEDE tree on the build machine) and causes the subsequent deletion
of the list directory to fail (cluttering the resulting images).

Instead, use the default list directory and remove its contents in
prepare_rootfs.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-24 03:37:08 +02:00
Martin Blumenstingl
d72e838429 ramips: do not "local" variables outside of a function
Older busybox versions allowed using the local keyword outside of
functions, whereas 1.25.0 (which was introduced in 06fa1c46fc) do not
allow this anymore (leading to the following error when executing the
script: "file: local: line nn: not in a function").

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2016-09-24 01:17:18 +02:00
Martin Blumenstingl
e9de6e5203 lantiq: do not "local" variables outside of a function
Older busybox versions allowed using the local keyword outside of
functions, whereas 1.25.0 (which was introduced in 06fa1c46fc) do not
allow this anymore (leading to the following error when executing the
script: "file: local: line nn: not in a function").

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2016-09-24 01:17:17 +02:00
Matthias Schiffer
6177b649ca
scripts/package-metadata.pl: fix generation of dependencies on virtual packages
Dependencies on purely virtual packages (satisfied by PROVIDES) that were
not using "selects" ("+" flag) would be prepended with the prefix
"PACKAGE_" twice, breaking the first alternative.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-23 23:17:09 +02:00
Jo-Philipp Wich
4f272dd032 linux-firmware: update to current Git head
Update the linux-firmware package in order to force the buildbots to fetch the
proper mirrored version.

Currently each builder has its own copy of the linux-firmware checkout staged
in its own dl/, since the package was updated before the mirrored copy has
been uploaded. The builders then subsequently uploaded their own copy instead,
leading to md5sum mismatches since each clone produces different tarballs.

By bumping the package to a new version and uploading the mirrored archive
with the proper md5sum beforehand, the builders will fetch that instead and
not upload their own copies.

To properly solve that problem in the future we need to ensure that packed
checkouts become reproducable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-23 12:11:06 +02:00
Felix Fietkau
175237e7df kernel: fix broken dependency of kmod-owl-loader on kmod-ath9k
It messes up the build order of package/kernel/linux vs
package/kernel/mac80211

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-22 20:09:20 +02:00
Felix Fietkau
64568cac91 tools/firmware-utils: fix portability issue in mkmerakifw-old
Fixes build failure on Mac OS X

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-22 13:37:23 +02:00
Jo-Philipp Wich
a84d51c85d linux-firmware: update md5sum
Since the md5sum of the mirrored Git clone archive has been set in the Makefile
before that particular archive was uploaded to the source mirror, the buildbots
uploaded their own, different copy instead invalidating the mirror md5sum for
anyone else.

In order to fix the mismatch, update the md5sum to reflect the archive being
present on the download server.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-22 10:47:57 +02:00
Rafał Miłecki
1ac5cf7713 bcm53xx: move BCM53573 USB 2.0 patch to use backports prefix
It was pushed into the usb-next branch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-21 14:20:20 +02:00
Hauke Mehrtens
7b472f7c21 busybox: fix md5sum
The md5sum was not updated in commit 06fa1c46fc "busybox: update
to version 1.25.0"

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-20 22:56:47 +02:00
Hauke Mehrtens
e59bbb6fe2 ltq-vdsl-app: update to version 4.17.18.6
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-09-20 22:43:43 +02:00
Hauke Mehrtens
7ecbc27951 ltq-vdsl: update to version 4.17.18.6
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-09-20 22:43:43 +02:00
Hauke Mehrtens
3a4db8548f ltq-vdsl-mei: update mei driver to version 1.5.17.6
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-09-20 22:43:43 +02:00
Hauke Mehrtens
909ed82b10 dsl-vrx200-firmware-xdsl: update to more recent versions
The Annex A firmware will be updated to:
05.08.01.08.01.06_05.08.00.0B.01.01_osc

The Annex B firmware will be updated to:
05.07.09.09.00.06_05.07.04.04.00.02_osc

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-09-20 22:43:43 +02:00
Hauke Mehrtens
06fa1c46fc busybox: update to version 1.25.0
The following patches were removed:
010-networking-fix-uninitialized-memory-when-displaying-.patch
  https://git.busybox.net/busybox/commit/?id=f2c043acfcf9dad9fd3d65821b81f89986bbe54e

030-ip-fix-problem-on-mips64-n64-big-endian-musl-systems.patch
  https://git.busybox.net/busybox/commit/?id=4ab372d49a6e82b0bf097dedb96d26330c5f2d5f

204-udhcpc_src_ip_rebind.patch
  https://git.busybox.net/busybox/commit/?id=abe8f7515aded80889d78c2c1c8947997918cf90

230-ntpd_delayed_resolve.patch
  https://git.busybox.net/busybox/commit/?id=c8641962e4cbde48108ddfc1c105e3320778190d
  https://git.busybox.net/busybox/commit/?id=e4caf1dd9ce8569371a0eeb77ccf02a572dc0f11

260-arping_missing_includes.patch
  Not needed any more, still builds with musl for me.
  Add in 92fd6e6f1a "busybox: fix arping applet building on musl"

The Kconfig files were updated with these commands:
cd config
../convert_menuconfig.pl .../build_dir/target-*/busybox-1.25.0
cd ..
./convert_defaults.pl < .../build_dir/target-*/busybox-1.25.0/.config > Config-defaults.in

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-20 22:37:02 +02:00
Florian Fainelli
ef64c8694b base-files: Allow subtargets to define base-files.mk
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-09-19 19:42:10 +02:00
Christian Lamparter
e9401a2335 kernel: owl-loader for delayed Atheros ath9k fixup
Some devices (like the Cisco Meraki Z1 Cloud Managed Teleworker Gateway)
need to be able to initialize the PCIe wifi device. Normally, this is done
during the early stages of booting linux, because the necessary init code
is read from the memory mapped SPI and passed to pci_enable_ath9k_fixup.
However,this isn't possible for devices which have the init code for the
Atheros chip stored on NAND in an UBI volume. Hence, this module can be
used to initialze the chip when the user-space is ready to extract the
init code.

Martin Blumenstingl made a few fixes and added support for lantiq:
kernel: owl-loader: add support for OWL emulation PCI devices
kernel: owl-loader: don't re-scan the bus when ath9k_pci_fixup failed
kernel: owl-loader: use dev_* instead of pr_* logging functions
kernel: owl-loader: auto-generate the eeprom filename as fallback
kernel: owl-loader: add a debug message when swapping the eeprom data
kernel: owl-loader: add missing newlines in log messages
kernel: owl-loader: add support for the lantiq platform

These patches have been integrated. Thanks!

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2016-09-19 19:32:35 +02:00
Christian Lamparter
7219c30da4 firmware-utils mkmerakifw-old: firmware generator for Z1
This patch adds firmware generation tool for Cisco's Z1

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2016-09-19 19:32:28 +02:00
John Crispin
edf5b2955e cyassl: remove duplicate submenu level
Signed-off-by: John Crispin <john@phrozen.org>
2016-09-19 16:07:58 +02:00
Andreas Schultz
b9e3e38e79 cyassl: make CyaSSL/WolfSSL more configurable
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.

Signed-off-by: Andreas Schultz <aschultz@tpip.net>
2016-09-19 15:30:32 +02:00
Hans Dedecker
32f4777530 dnsmasq: Add match section support
Match sections allow to set a tag specified by the option networkid if the client
sends an option and optionally the option value specified by the match option.
The force option will convert the dhcp-option to force-dhcp-option if set to 1 in
the dnsmasq config if options are specified in the dhcp_option option.

config match
    option networkid tag
    option match 12,myhost
    option force 1
    list dhcp_option '3,192.168.1.1'

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-09-19 15:30:32 +02:00
Florian Fainelli
559f55dffc iwinfo: Bump to 2016-07-29
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-09-19 15:30:32 +02:00
Piotr Dymacz
dc9172b65b ar71xx: update kernel config symbols
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2016-09-19 15:30:32 +02:00
Piotr Dymacz
2ad0ecc101 ar71xx: mark U-Boot and radio calibration data partitions as read-only
General convention is to keep U-Boot and radio calibration
data (ART) mtd partitions marked as read-only.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2016-09-19 15:30:32 +02:00
bobafetthotmail
b9a55277d5 kirkwood: fix uimage creation for some kirkwood devices
because with the current system I'm getting fake uImages that are actually a
renamed zImage, and that's plain wrong.
This fixes bug https://bugs.lede-project.org/index.php?do=details&task_id=131
and https://bugs.lede-project.org/index.php?do=details&task_id=139

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2016-09-19 15:30:32 +02:00
John Crispin
63bd73a5cf base-files: remind users to set root password
print a warning when a shell spawns, telling users to set a root password.

Signed-off-by: John Crispin <john@phrozen.org>
2016-09-19 15:30:32 +02:00
Felix Fietkau
0b3a64f862 cns3xxx: eliminate hardcoded kernel/rootfs partition split
This changes the sysupgrade format. To support upgrades from the old
firmware to the new one, legacy images are provided. Because of the old
partition split, these have to be specific to the NOR or SPI device.

The new sysupgrade images are suitable for begin put on flash directly,
and they are independent of NOR vs SPI flash variant.

Flashing back to old firmware is supported via using the old full-flash
images instead of the old sysupgrade images.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-19 14:27:26 +02:00
Felix Fietkau
58fbe07560 cns3xxx: move laguna.c changes out of patches, update it in files/
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-19 14:27:26 +02:00
Felix Fietkau
413eb04e1e ubifs: add full overlayfs support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-19 14:27:26 +02:00
Rafał Miłecki
41a582a986 bcm53xx: use upstream accepted ILP clk driver for BCM53573
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-17 21:43:29 +02:00
Hauke Mehrtens
0109ed87d9 kernel: add nlmon kernel module
This driver allows to monitor netlink communication on the system.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-16 23:00:01 +02:00
Hauke Mehrtens
8b5e128250 busybox: libnetlink: fix alignment of netlink messages
A padding to align a message should not only be added between
different attributes of a netlink message, but also at the end of the
message to pad it to the correct size.

Without this patch the following command does not work and returns an
error code:
ip link add type nlmon

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-16 23:00:01 +02:00
Felix Fietkau
25dab5d217 base-files: reduce vm.min_free_kbytes for devices with 32M RAM
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-16 16:44:45 +02:00
Rafał Miłecki
4fec58be09 linux-firmware: update to the commit from 2016-09-15
This adds e.g. BCM43430 firmware (not packaged yet).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-16 12:30:04 +02:00
Álvaro Fernández Rojas
8c52fbbe3a arm64: fix build for linux 4.4.21
linux 4.4.21 adds 2 new symbols for arm64.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-16 12:11:10 +02:00
Álvaro Fernández Rojas
41eab9048b kernel: update kernel 4.4 to version 4.4.21
Refresh patches for all targets that support kernel 4.4.
Compile-tested on brcm2708 only.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-16 10:17:27 +02:00
Álvaro Fernández Rojas
a530196f8d sunxi: add rtl8xxxu into pcduino v3 profile
Now that RTL8188EU is supported in rtl8xxu select it for pcDuino v3

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-15 20:23:46 +02:00
Álvaro Fernández Rojas
092e77d948 rtl8xxxu: add support for rtl8188eu
Patches by Jes Sorensen:
https://git.kernel.org/cgit/linux/kernel/git/jes/linux.git/

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-15 20:23:46 +02:00
Álvaro Fernández Rojas
c1678f1fa0 linux-firmware: rename r8188eu-firmware to rtl8188eu-firmware
This is consistent with the names used for other realtek firmwares.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-15 20:23:46 +02:00
Álvaro Fernández Rojas
f7670a2d07 mac80211: stop brcmfmac from selecting all SDIO firmwares
Now that we have firmwares separated and brcm2708 being the only target that
actually selects SDIO support, avoid selecting all firmwares by default.
sunxi should select the proper firmwares once SDIO support is enabled and
tested.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-15 20:23:46 +02:00
Álvaro Fernández Rojas
ba5a9aba5c brcmfmac43430-firmware: rename to brcmfmac-firmware-43430-sdio
This is consistent with the rest of brcmfmac firmwares.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-15 20:23:46 +02:00
Álvaro Fernández Rojas
daa5691a4d linux-firmware: separate packages for Broadcom FullMAC SDIO firmwares
Using few packages will allow saving some space by decreasing rootfs
size.

Moreover there are more firmware files that may require packaging and
even more to come later.

This can especially useful now, with per device rootfs.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-15 20:23:46 +02:00
Matthias Schiffer
01e2024754
ar71xx: set region code of TP-Link TL-WDR3600/4300 to US
There are currently two stock firmwares for the TL-WDR3600/4300, a US and
a universal version. Both allow installing images with US region code, so
we don't need to provide multiple images.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-15 19:34:28 +02:00
Matthias Schiffer
b063faa2c8
ar71xx: separate TP-Link TL-WDR3600/4300/4310 profiles
Simplify modifying some of the images without affecting the others.

While we're at it, also unify the profiles to use := syntax and add "v1" to
the TL-WDR4300 name to make things more consistent.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-15 19:33:30 +02:00
Felix Fietkau
fa05f1d41b kernel: fix missing rename on usb gadget kmod cleanup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-15 17:01:40 +02:00
Koen Vandeputte
88ee275562 cns3xxx: Enable driver support for onboard m25p80 SPI flash
This device is present on the Gateworks Laguna cns3xxx family.

As the SPI bus master is enabled, also enable driver support for
this typical slave.

[    3.920000] m25p80 spi1.0: found m25p32, expected m25p80
[    3.930000] m25p80 spi1.0: m25p32 (4096 Kbytes)
[    3.930000] Creating 4 MTD partitions on "spi1.0":
[    3.940000] 0x000000000000-0x000000040000 : "uboot"
[    3.940000] 0x000000040000-0x000000080000 : "params"
[    3.950000] 0x000000080000-0x000000200000 : "kernel"
[    3.950000] 0x000000200000-0x000000400000 : "rootfs"

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2016-09-15 13:11:21 +02:00
Tim Harvey
dc17fde994 kernel: clean up usb gadget support
clean up usb gadget support:
- rename gadget modules so that they appear together and are easier to
  identify as gadget modules
- make usb-lib-composite and usb-gadget hidden as there is no point in
  selecting those without gadget drivers that require them as deps

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2016-09-15 13:11:21 +02:00
Mathias Kresin
eb88a9cacb ramips: fix wrong blocksizes
The D-Link DIR-860L B1 has a flash chip which doesn't support
4K sectors. Since the DIR-860L B1 was the only mt7621 board which had
the 4k blocksize set, the 4K sector support is removed from the kernel
config.

I've checked the flash chips of all boards having set a 4K blocksize
again. This time I searched harder to finding bootlogs instead of
relying on wikis articles and/or the device tree source file.

The Planex MZK-DP150N has an en25q32b instead of the mentioned one in
the dts. Albeit the en25q32b supports 4K sectors, 4K support is not
enabled in the driver. Change the blocksize for this board back to 64K.

Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-09-15 09:53:37 +02:00