Commit Graph

35256 Commits

Author SHA1 Message Date
Jo-Philipp Wich
9e45f9d63c polarssl: enable AES-GCM and CAMELLIA-GCM ciphersuites
Recent versions of Chrome require this ciphers to successfully handshake with
a TLS enabled uhttpd server using the ustream-polarssl backend.

If `CONFIG_GCM` is disabled, `ssl_ciphersuite_from_id()` will return `NULL`
when cipher `0x9d` is looked up, causing the calling `ssl_ciphersuite_match()`
to fail with `POLARSSL_ERR_SSL_INTERNAL_ERROR`.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-11 03:24:57 +02:00
Rafał Miłecki
1f86257c2f bcm53xx: pass datasize to mtd in hexadecimal format
This avoids extra calculation in bash script.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-06-11 01:38:00 +02:00
Rafał Miłecki
4b03e4ac3b mtd: fix typo in error message for 'c' option
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-06-11 01:37:49 +02:00
Rafał Miłecki
c40e96d133 bcm53xx: fix partition typos in 09_fix_crc
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-06-11 01:37:41 +02:00
Jo-Philipp Wich
442db0d6d8 kernel: deny swconfig set requests for unprivileged users
The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).

Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.

Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-11 00:53:19 +02:00
Jo-Philipp Wich
dd182011e1 swconfig: improve failure reporting
Report the translated error to the user if a get/set netlink operation failed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-11 00:51:22 +02:00
Kevin Darbyshire-Bryant
e815036460 dnsmasq: support hostid ipv6 address suffix option
Add support for hostid dhcp config entry to dnsmasq. This allows
specification of dhcpv6 hostid suffix and works in the same way as
odhcpd.

Entries in auto generated dnsmasq.conf should conform to:

dhcp-host=mm:mm:mm:mm:mm:mm,IPv4addr,[::V6su:ffix],hostname

example based on sample config/dhcp entry:

config host
        option name 'Kermit'
        option mac 'E0:3F:49:A1:D4:AA'
        option ip '192.168.235.4'
        option hostid '4'

dhcp-host=E0:3F:49:A1:D4:AA,192.168.235.4,[::0:4],Kermit

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-10 18:16:47 +02:00
Scott Shambarger
4b8f0a2d26 mac80211: fix calculation of VHT capability values
- Fix calculation of `$vht_cap` bit field
 - Replace wrong reference to `$tx_stbc` variable with proper `$tx_stbc_2by1` one
 - Emit proper `RX-STBC-{1,12,123,1234}` tokens for the VHT capability list

See https://dev.openwrt.org/ticket/22535 for reference.

Signed-off-by: Scott Shambarger <devel@shambarger.net>
2016-06-10 18:08:30 +02:00
Hans Dedecker
96db69bd45 busybox: Call ntpd hotplug script for every action
Daemons that are waiting for a timesync are only triggered when the action is stratum.
As step is the first sync action pass all actions to the ntpd hotplug scripts; it's up
to the ntpd hotplugscript to filter out the actions it is interested in.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-06-10 18:05:08 +02:00
Hans Dedecker
7eaacd4d23 dnsmasq: Add option --max-port
By default dnsmasq uses random ports for outbound dns queries;
when the maxport UCI option is specified the ports used will
always be smaller than the specified value.
This is usefull for systems behind firewalls.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-06-10 18:05:07 +02:00
Rafał Miłecki
95d8568cb8 bcm53xx: calculate TRX CRC32 using whole kernel partition
This provides better protection of flash data.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-06-10 12:58:19 +02:00
Felix Fietkau
13ea815b6c mvebu: add a patch to deal with excessive latencies/delays during flash PIO command processing
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-10 10:47:40 +02:00
Felix Fietkau
a88fc0db9d xtables-addons: add missing dependency
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-09 15:53:43 +02:00
Hannu Nyman
efa740b08b ubox: increase default size of system log buffer to 64 kB
Increase the default system log buffer size
from 16 kB (default both in logd source and in the startup script)
to 64 kB by adjusting the default value in startup script.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-06-07 23:13:29 +02:00
Hannu Nyman
df7581e4c0 base-files: increase default system log size to 64 kB
Increase the default system log buffer size
from 16 kB (built-in default in ubox logd)
to 64 kB by setting the option in /etc/config/system.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-06-07 23:13:29 +02:00
Álvaro Fernández Rojas
0691a172d0 brcm2708: fix another missing kmod dependency
kmod-sound-soc-digidac1-soundcard is also missing snd-soc-wm8804 dependency
for snd-soc-wm8804-i2c

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-06-09 00:14:26 +02:00
Álvaro Fernández Rojas
09f0850ba8 brcm2708: fix missing dependency found by buildbot
Add missing dependency to kmod-sound-soc-adau1977-adc.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-06-09 00:08:20 +02:00
Álvaro Fernández Rojas
3fc661a98c brcm2708: update linux 4.4 patches to latest version
As usual these patches were extracted from the raspberry pi repo:
https://github.com/raspberrypi/linux/tree/rpi-4.4.y
Also alphabetically order sound-soc kernel packages.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-06-08 21:23:21 +02:00
Álvaro Fernández Rojas
c17f02d2f2 brcm2708-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-06-08 19:09:58 +02:00
Álvaro Fernández Rojas
ece009dbf1 brcm2708: take over maintainership
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-06-08 19:08:02 +02:00
Jo-Philipp Wich
67f0c93e28 kernel: add missing config symbols for 4.4
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 14:50:26 +02:00
Jo-Philipp Wich
35b33f0413 base-files: maintain LED config state
Record the state of any hardware LED configured through UCI and use that
information to revert the state when applying updated settings while
maintaining default behaviour of system LEDs.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 10:34:50 +02:00
Álvaro Fernández Rojas
98d418e05f brcm63xx: improve image/Makefile
- Use KERNEL_INITRAMFS_SUFFIX for customizing initramfs name.
- Modifying $(PROFILES) is no longer needed.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-06-08 09:16:37 +02:00
Felix Fietkau
d6ad9d3e9c base-files: fix /bin/config_generate breakage
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-08 07:32:30 +02:00
Felix Fietkau
57343b210a uboot-lantiq: get rid of bogus profile dependencies
Turn them into subtarget dependencies instead

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-08 06:42:42 +02:00
Jo-Philipp Wich
924302ba36 base-files: drop /etc/config/system
The board_detect framework is now able to create the entire system config from
scratch so we can finally drop the copy shipped by base-files.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 00:34:02 +02:00
Jo-Philipp Wich
b98f78b1c1 base-files: rework config generation logic
Now that config_generate is able to generate the entire /etc/config/system
from scratch we can apply the same logic as used for /etc/config/network;
when the configuration file exists already then do not do anything, else
generate it from the values provided by /etc/board.json .

In order to facilitate that move the file existance checking inside
/bin/config_generate and call it unconditionally from /bin/board_detect.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 00:34:02 +02:00
Jo-Philipp Wich
82768561c4 adm5120: remove target specific /etc/config/system
Now that deviations to the default /etc/config/system are registered via
board.d we can drop the target specific copy.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 00:31:09 +02:00
Jo-Philipp Wich
4f65b6f567 adm5120: convert LED setup to board.d
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 00:31:09 +02:00
Jo-Philipp Wich
07f03d0833 base-files: support port_state LED types in board.d
Add support for handling port_state LEDs as used by ADM5120.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 00:31:09 +02:00
Jo-Philipp Wich
197c32e7bd xburst: remove target specific /etc/config/system
Now that deviations to the default /etc/config/system are registered via
board.d we can drop the target specific copy.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 00:31:09 +02:00
Jo-Philipp Wich
168ba1a28e xburst: add /etc/config/system overrides via board.d
Use /etc/board.d/ to register hostname and ntp server overrides.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 00:31:09 +02:00
Jo-Philipp Wich
528b8f6f93 base-files: support hostname and ntp servers through board.d
Add support for specifying hostname and NTP servers via /etc/board.d/ scripts.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 00:31:09 +02:00
Jo-Philipp Wich
a2e309a430 ath25: remove target specific /etc/config/system
The system config file shipped by ath25 is now equivalent to the generic one
in base files, so drop the target specific copy.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 00:31:09 +02:00
Jo-Philipp Wich
0a3d721465 ath25: drop target specific button hotplug
The ath25 target has its own unique button action config support, which is not
used anywhere except for two example logger statements in UCI.

Since there is a generic /etc/rc.button facility since some time already there
is no reason at all to keep this target specific mechanism anymore, so simply
drop it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 00:31:09 +02:00
Ben Whitten
7509658220 generic: remove brcmfmac-sdio.h
This file is present in the kernel so no point overlaying it.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2016-06-08 00:28:41 +02:00
Dirk Neukirchen
652ac2c6fd xtables-addons: update to 2.11
- fix compilation w. Kernel 4.6 due to
hash->shash crypto API
- remove a patch integrated upstream

- remove unrecognized configure option
removed upstream in 2010
commit 40d0345f1ed02de183b13a6ce38847bc1f4ac48e

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-06-07 23:03:11 +02:00
Matteo Panella
20c608db0a openvpn: add support for tls-version-min
Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).

This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.

Signed-off-by: Matteo Panella <morpheus@level28.org>
[Jo-Philipp Wich: shorten commit title, bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-07 23:02:58 +02:00
Jo-Philipp Wich
33a4d22f4c base-files: reset LED state
Attempt to reset all LED states before applying the UCI configuration to
avoid leaving disabled LEDs behind in lingering glowing state, e.g. when
changing the sysfs entry in the config from one hardware LED to another.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-07 23:01:58 +02:00
Felix Fietkau
21ad25f547 image.mk: fix dependencies for legacy make prepare step
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 16:22:28 +02:00
Jo-Philipp Wich
24a7ccb056 treewide: replace jow@openwrt.org with jo@mein.io
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-07 11:42:52 +02:00
Allan Nick Pedrana
e61fe4e4d7 ar71xx: add support for OpenEmbed SOM9331
This patch adds the target profile SOM9331 and configures hardware
functionality for the 3x Eth Ports & corresponding LED's, the USB Host,
the USART to USB bridge and the System LED.

Signed-off-by: Allan Nick Pedrana <nik9993@gmail.com>
2016-06-07 11:21:55 +02:00
Jo-Philipp Wich
69b45d2223 ixp4xx: fix Avila SoC audio driver compilation
Upstream dropped the `dapm` member of `struct snd_soc_component`, requiring
users to access it using `snd_soc_codec_get_dapm()` instead so change the
driver code to do just that.

Fixes the following build error spotted by the buildbots:

      CC [M]  sound/soc/gw-avila/gw-avila.o
    sound/soc/gw-avila/gw-avila.c: In function 'avila_aic3x_init':
    sound/soc/gw-avila/gw-avila.c:104:44: error: 'struct snd_soc_codec' has no member named 'dapm'

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-07 11:15:55 +02:00
Felix Fietkau
160913f9de image.mk: fix filesystem dependency issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 10:26:23 +02:00
Felix Fietkau
97e3d10df9 lantiq: fix image DEVICE_DTS handling, add proper default value
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 09:42:11 +02:00
Felix Fietkau
821ccd2b36 lantiq: only call Image/Prepare/Profile for defined profiles
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 09:35:18 +02:00
Karl Palsson
9b118cde89 wolfssl: enable openssl 1.0.1 compatibility
>From wolfssl/openssl/opensslv.h, and from skimming the contents of what
"--enable-stunnel" actually does, it seems that --enable-opensslextra
doesn't give you the "full" openssl compatibility that you may wish for
these days.  Unfortuantely, while wolfssl writes the build time options
into wolfssl/options.h, it doesn't include that file itself.  User
applications must include that directly.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2016-06-07 09:22:16 +02:00
Felix Fietkau
d84bf324ba ustream-ssl: update to the latest version, adds cyassl/wolfssl fixes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 09:22:11 +02:00
Felix Fietkau
7eeb254cc4 treewide: replace nbd@openwrt.org with nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 08:58:42 +02:00
Waldemar Brodkorb
f7fb6e49f2 build: allow to build LEDE on latest MacOS X
Latest Xcode doesn't include openssl anymore. To compile
mkimage from u-boot source you need SSL headers on your host.
This patch provides libressl host package for any Darwin
compilation. Unfortunately openssl from MacPorts can not be
used, as the installed headers in /opt/local are breaking
GDB compilation. Tested with a RB532 image build and resulting
kernel booted on a device via TFTP.

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fixes, dependencies]
2016-06-07 08:58:41 +02:00