summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* build: cleanup SSP_SUPPORT configure optionJulien Dusser2018-01-276-7/+11
| | | | | | | | | | | | | | | | | | Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh, avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain and depends it means 'build gcc with libssp'. Musl no longer uses libssp (1877bc9d8f), it has internal support, so SSP_SUPPORT was disabled leading some package to not use SSP. No information why Glibc and uClibc use libssp, but they may also provide their own SSP support. uClibc used it own with commit 933b588e25 but it was reverted in f3cacb9e84 without details. Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT if either USE_MUSL or GCC_LIBSSP. Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* toolchain: add gcc configure default PIE and SSPJulien Dusser2018-01-272-0/+25
| | | | | | | | | | GCC supports starting version 5 --enable-default-ssp and starting version 6 --enable-default-pie. It produces hardened binaries by default without dealing with package compilation flags. Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* build: add hardened builds with PIE (ASLR) supportJulien Dusser2018-01-274-0/+28
| | | | | | | | | | | | | | | | | | Introduce a configuration option to build a "hardened" OpenWrt with ASLR PIE support. Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR) by building Position Independent Executables (PIE). This new option protects against "return-to-text" attacks. Busybox need a special care, link is done with ld, not gcc, leading to unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE. If other failing packages were found, PKG_ASLR_PIE:=0 should be added to their Makefiles. Original Work by: Yongkui Han <yonhan@cisco.com> Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* kernel-headers: adjust PKG_ variables when using git clone methodAlexandru Ardelean2018-01-271-1/+7
| | | | | | | | | | | | | | | | | | | | | | When using an external git clone for the kernel repo, the build would fail because the build won't download [via git] the kernel tarball. This is because the `toolchain/kernel-headers` assumes that the kernel would get downloaded via normal HTTP. The reason for this is the `HostBuild` rule, which calls the `Download/default` rule. To use the `Download/default` we just need to conditionally adjust some PKG_ vars. We can safely use `LINUX_VERSION` as it was already adjusted in the `kernel-version.mk` to avoid collisions with other tarballs. Fixes: https://bugs.openwrt.org/index.php?do=details&task_id=503 Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* kernel.mk: update LINUX_VERSION filename for cloned repoAlexandru Ardelean2018-01-271-0/+11
| | | | | | | | | | | | | | | | | In case there is an external git repo specified, it could overwrite the kernel tarball that was downloaded from kernel.org. The only identifier for such a file is the KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols, so if we have to download it we'll use that information [after some sanitization] to create a different filename for the kernel tarball. If KERNEL_GIT_REF symbol is empty, HEAD will be used as mentioned in the description of KERNEL_GIT_REF. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* Config-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REFAlexandru Ardelean2018-01-272-9/+6
| | | | | | | | | The Download/git rule will do a `git checkout <git-ref>`. So, we can use any ref we want. No need to limit just to branches. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* hostapd: add support for hostapd's radius_client_addrStephan Brunner2018-01-271-1/+3
| | | | | | | | Add support for hostapd's radius_client_addr in order to force hostapd to send RADIUS packets from the correct source interface rather than letting linux select the most appropriate. Signed-off-by: Stephan Brunner <s.brunner@stephan-brunner.net>
* perf: use libunwindMaxim Gorbachyov2018-01-271-1/+1
| | | | | | | Without libunwind perf does not show userspace stack frames. Tested on mvebu. Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
* libunwind: enable build for armMaxim Gorbachyov2018-01-271-1/+1
| | | | | | Tested with perf on mvebu. Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
* netdevices.mk: add hwmon to IGB and IXGBE driversPhilip Prindeville2018-01-271-4/+4
| | | | | | | | | | Off-chip NICs can run hotter than the CPU, so they're definitely worth instrumenting. Adding hardware monitoring increases by ~3744 and ~2672 bytes, respectively, the sizes of the igb.ko and ixgbe.ko drivers. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* kernel/modules/other: disable Nokia BT UARTTim Harvey2018-01-271-0/+1
| | | | | | disable the Nokia BT UART present on Nikia N9, N900 & N950 added in 4.12. Signed-off-by: Tim Harvey <tharvey@gateworks.com>
* toolchain/arc: update to the most recent release arc-2017.09Evgeniy Didin2018-01-2737-292/+345
| | | | | | | | | | | | | | | This commit finally bumps ARC tools to the most recent arc-2017.09 release version. ARC GNU tools of version arc-2017.09 bring some quite significant changes like: * Binutils v2.29 with additional ARC patches * GCC 7.1.1 with additional ARC patches More information on this release could be found here: https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2017.09-release Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com> CC: Alexey Brodkin <abrodkin@synopsys.com> CC: John Crispin <john@phrozen.org>
* uClibc-ng: update to 1.0.28Evgeniy Didin2018-01-271-2/+2
| | | | | | | | | | | | Lets update uClibc-ng to 1.0.28 version for compatibility with gcc 7.x. Since 1.0.22 there were significant patches for compatibility with gcc 7.x: https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=5b0f49037e8ea8500b05c8f31ee88529ccac4cee https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=cee0b058fa0b4501b289a2da365182d60314d746 Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com> CC: Alexey Brodkin <abrodkin@synopsys.com> CC: John Crispin <john@phrozen.org>
* mac80211: revert "wireless: set correct mandatory rate flags"Matthias Schiffer2018-01-262-1/+61
| | | | | | | | | Revert upstream commit 1bd773c077de "wireless: set correct mandatory rate flags", as it breaks 11s interoperability: nodes can only associate when neither or both have this patch. As this is a regression from released versions, revert to the old code for now. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* rules.mk: drop `include_mk` build ruleAlexandru Ardelean2018-01-261-4/+0
| | | | | | | | | | | | | | | | | The only users of this were the python packages from the `packages` feed. The 2 python interpreters would export some mk files (e.g. python-package.mk) and then other python packages would include it via this rule. But there's a few things wrong with this approach, most of them drawing from the fact that python host needs to be built first, to export these mk files. By now all uses of include_mk have been corrected in the feeds and this can be removed. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* openssl: tell the build system that we are doing CROSS_COMPILEYousong Zhou2018-01-261-0/+5
| | | | | | | | | | So that it will not try to run c_rehash with the just built binaries on certs/demo. Fixes openwrt/packages#5432 Reported-by: Val Kulkov <val.kulkov@gmail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* iptables: make kmod-ipt-debug part of default ALL buildYousong Zhou2018-01-262-4/+3
| | | | | | | | | The iptables TRACE target is only available in raw table that's why the dependency was moved from iptables-mod-trace into kmod-ipt-debug Fixes FS#1219 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* build: disable BUILD_PATENTED by defaultYousong Zhou2018-01-261-1/+1
| | | | | | | | This is mainly for legal considerations and not promoting the usage of and no redistribution of binaries of patented technologies seems to be also the established practice in other linux distros. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* wireguard: bump to 20180118Kevin Darbyshire-Bryant2018-01-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Bump to latest wireguard release snapshot: 9a93a3d version: bump snapshot 7bc0579 contrib: keygen-html: update curve25519 implementation ffc13a3 tools: import new curve25519 implementations 0ae7356 curve25519: wire up new impls and remove donna f90e36b curve25519: resolve symbol clash between fe types 505bc05 curve25519: import 64-bit hacl-star implementation 8c02050 curve25519: import 32-bit fiat-crypto implementation 96157fd curve25519: modularize implementation 4830fc7 poly1305: remove indirect calls bfd1a5e tools: plug memleak in config error path 09bf49b external-tests: add python implementation b4d5801 wg-quick: ifnames have max len of 15 6fcd86c socket: check for null socket before fishing out sport ddb8270 global: year bump 399d766 receive: treat packet checking as irrelevant for timers No patch refresh required. Compile-tested-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* Revert "mt76: update to the latest version"Felix Fietkau2018-01-251-3/+3
| | | | | | | This reverts commit 99eb128acaf76a69119fd2de8e194f2b2bbb0427. Connectivity issues reported by users, needs rework Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mt76: update to the latest versionFelix Fietkau2018-01-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | 2b7fae4 mt76: fix returnvar.cocci warnings 939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params() cf59170 mt76x2: dfs: add set_domain handler 5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params() f76e25f mt76x2: fix WMM parameter configuration 34d612d mt76: retry rx polling as long as there is budget left 0f8327a mt76x2: fix TSF value in probe responses ad3f8e9 mt76: add an intermediate struct for rx status information 58a41f1 mt76: get station pointer by wcid and pass it to mac80211 b0508d3 mt76: implement A-MPDU rx reordering in the driver code cf3cfc4 mt76: split mt76_rx_complete 461cdf9 mt76: pass the per-vif wcid to the core for multicast rx 9b2c778 mt76: validate rx CCMP PN 302af90 mt76x2: init: disable all pending tasklets during device removal 9f685fe mt7603: init: disable tbtt tasklet during device removal c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames 3968dae mt7603: fix 40 mhz channel bandwidth reporting 9c2e03d mt7603: fix rx LDPC reporting Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ar71xx: add ew-balin platform from Embedded WirelessCatrinel Catrinescu2018-01-2512-0/+148
| | | | | | | | | | | | | | | | | | | Add the Embedded Wireless "Balin" platform SoC: QCA AR9344 or AR9350 RAM: DDR2-RAM 64MBytes Flash: SPI-NOR 16MBytes WLAN: 2 x 2 MIMO 2.4 & 5 GHz IEEE802.11 a/b/g/n Ethernet: 3 x 10/100 Mb/s USB: 1 x USB2.0 Host/Device bootstrap-pin at power-up PCI-Express: 1 x lane PCIe 1.2 UART: 1 x Normal, 1 x High-Speed JTAG: 1 x EJTAG GPIO: 10 x Input/Output multiplexed The module comes already with the current vanilla OpenWrt firmware. To update, use "sysupgrade" image directly in vendor firmware. Signed-off-by: Catrinel Catrinescu <cc@80211.de>
* ar71xx: add unaligned access hacks for VXLANMatthias Schiffer2018-01-251-0/+92
| | | | | | Gives a ~5% performance gain. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* musl: move BUILD_DIR_TOOLCHAIN/musl symlink to configure stepFelix Fietkau2018-01-251-11/+1
| | | | | | Avoids Build/Prepare quilt related hacks Signed-off-by: Felix Fietkau <nbd@nbd.name>
* musl: allow autorebuildFelix Fietkau2018-01-251-1/+3
| | | | | | | | | Autorebuild is disabled for the toolchain to avoid build-order issues. However, rebuilding musl is safe, so exclude it from that restriction. Avoids the need for manual cleaning on kernel header <-> libc API changes like the ones introduced recently Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: mesh: drop frames appearing to be from usFelix Fietkau2018-01-251-0/+25
| | | | | | | Upstream backport to fix issues arising from devices with duplicate MAC addresses Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ramips: add support for Widora Neo 32MB flash revisionJackson Ming Hu2018-01-235-1/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Widora has updated their Widora Neo board recently. The new model uses 32MB WSON-8 factor SPI flash instead of the original 16MB SOP-8 factor SPI flash. All the other hardware components are the same as the first revision. Detailed hardware specs listed below: CPU: MTK MT7688AN RAM: 128MB DDR2 ROM: 32MB WSON-8 factor SPI Flash (Winbond) WiFi: Built-in 802.11n 150Mbps? Ethernet: 10/100Mbps x1 Audio codec: WM8960 Other IO: USB OTG; USB Power+Serial (CP2104); 3x LEDs (Power, LAN, WiFi); 2x Keys (WPS, CPU Reset) 1x Audio In/Out 1x IPEX antenna port 1x Micro SD slot Signed-off-by: Jackson Ming Hu <huming2207@gmail.com> Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: add flash size postfix to Widora neoMathias Kresin2018-01-237-60/+62
| | | | | | | | | | Rename the Widora neo by adding a flash size prefix. Move the common parts into a dtsi to be prepare everything for upcomming support of the 32MB version. Migrate the Widora neo to the generic board detection as well. Signed-off-by: Mathias Kresin <dev@kresin.me>
* kernel: generic: add 4.9 config optionHans Dedecker2018-01-241-0/+1
| | | | | | | | When CGROUPS is enabled the new option CONFIG_CGROUP_NET_CLASSID is selectable and not handled. Add this option to the 4.9 kernel configuration. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* vxlan: add options to enable and disable UDP checksumsMatthias Schiffer2018-01-242-3/+5
| | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* netifd: update to latest git HEADMatthias Schiffer2018-01-241-3/+3
| | | | | | af3cadb system-linux: VXLAN: add options to enable and disable UDP checksums Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* ramips: Fix GB-PC1 cpuclock againRosen Penev2018-01-241-1/+1
| | | | | | | The intended frequency is 900 MHz, not 90. Fixes: 7059ab48a6d5 ("ramips: fix cpuclock for the GB-PC1") Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ar71xx: fix MikroTik rb-nor-flash-16M-ac imageDaniel Golle2018-01-241-1/+1
| | | | | | | | | | | | | commit e15c63a375 ar71xx: add support for MikroTik RouterBOARD wAP G-5HacT2HnD (wAP AC) changed the existing rb-nor-flash-16M-ac image in a way that it would now only support the rb-wapg-5hact2hnd. The board show however rather be added to the existing boards in the rb-nor-flash-16M image template. Reported-by: Mathias Kresin <dev@kresin.me> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to latest git HEADHans Dedecker2018-01-231-3/+3
| | | | | | | 653629f trace: check asprintf() return value 67eb7e6 trace: add missing limits.h include Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: add support for ZBT-WE1226Daniel Golle2018-01-237-0/+132
| | | | | | | | MT7628NN (580MHz), 8MB SPI NOR, 64MB DDR2 RAM Everything except for the switch LEDs works great. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* sunxi: Orange Pi R1: configure USB Ethernet controller.Hauke Mehrtens2018-01-221-0/+3
| | | | | | Now the USB port is the WAN port. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* sunxi: Orange Pi R1: Fix USB Ethernet and activate SPIHauke Mehrtens2018-01-222-0/+77
| | | | | | | | | The USB Ethernet is not working with the patches proposed for upstream, fix this and activate the SPI node as this board always has a SPI flash. Both patches are also targeted for upstream kernel 4.16 and 4.17. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* sunxi: use upstream patch for Orange Pi R1Hauke Mehrtens2018-01-222-196/+105
| | | | | | | Instead of using our own device tree definitions use the one provided in the upstream kernel for 4.16. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* sunxi: backport stmmac network patchesHauke Mehrtens2018-01-2211-0/+1391
| | | | | | | | Ethernet support was initial added in kernel 4.13, but deactivated before the final release. This is backports the changes which are activating it again from kernel 4.15. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* sunxi: Add support for kernel 4.14Hauke Mehrtens2018-01-226-12/+940
| | | | | | | This is based on the code for kernel 4.9, but a lot of 4.9 patches are backports from more recent kernel version and can be removed now. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* sunxi: refresh kernel configurationHauke Mehrtens2018-01-224-4/+2
| | | | | | | | Just refresh the sunxi kernel configuration. This also moves the CONFIG_CRYPTO_DEV_SUN4I_SS_PRNG option to the config-4.9 file. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "kernel: add IEEE-1284 parallel port support"Jo-Philipp Wich2018-01-221-38/+5
| | | | | | | | | This reverts commit 666e9cf2220b11ccd024cad13ad54ca71d40c5b3. The change has not been build-tested on non-x86 targets and leads to stalled kernel builds due to unset configuration symbols there. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to latest git HEADJohn Crispin2018-01-221-4/+4
| | | | | | 846e20c procd: add timing to start/stop logging Signed-off-by: John Crispin <john@phrozen.org>
* ar71xx: add support for the MikroTik RB911-2Hn/5Hn boardsGabor Juhos2018-01-2211-3/+123
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The patch adds support for the MikroTik RB911-2Hn (911 Lite2) and the RB911-5Hn (911 Lite5) boards: https://mikrotik.com/product/RB911-2Hn https://mikrotik.com/product/RB911-5Hn The two boards are using the same hardware design, the only difference between the two is the supported wireless band. Specifications: * SoC: Atheros AR9344 (600MHz) * RAM: 64MiB * Storage: 16 MiB SPI NOR flash * Ethernet: 1x100M (Passive PoE in) * Wireless: AR9344 built-in wireless MAC, single chain 802.11b/g/n (911-2Hn) or 802.11a/g/n (911-5Hn) Notes: * Older versions of these boards might be equipped with a NAND flash chip instead of the SPI NOR device. Those boards are not supported (yet). * The MikroTik RB911-5HnD (911 Lite5 Dual) board also uses the same hardware. Support for that can be added later with little effort probably. Installation: 1. Setup a DHCP/BOOTP Server with the following parameters: * DHCP-Option 66 (TFTP server name): pointing to a local TFTP server within the same subnet of the DHCP range * DHCP-Option 67 (Bootfile-Name): matching the initramfs filename of the to be booted image. The usable intramfs files are: - openwrt-ar71xx-mikrotik-vmlinux-initramfs.elf - openwrt-ar71xx-mikrotik-vmlinux-initramfs-lzma.elf - openwrt-ar71xx-mikrotik-rb-nor-flash-16M-initramfs-kernel.bin 2. Press the reset button on the board and keep that pressed. 3. Connect the board to your local network via its ethernet port. 4. Release the button after the LEDs on the board are turned off. Now the board should load and start the initramfs image from the TFTP server. 5. Upload the sysupgrade image to the board with scp: $ scp openwrt-ar71xx-mikrotik-rb-nor-flash-16M-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/fw.bin 5. Log in to the running system listening on 192.168.1.1 via ssh as root (without password): $ ssh root@192.168.1.1 7. Flash the uploaded firmware file from the ssh session via the sysupgrade command: root@OpenWrt:~# sysupgrade /tmp/fw.bin Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
* ar71xx: make leds-gpio usable with single-ended GPIOsGabor Juhos2018-01-222-0/+90
| | | | | | | | | Add patches for the leds-gpio driver to make it usable with open-drain and open-source kind of GPIO lines. This type of functionality is required by various MikroTik boards. Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
* ar71xx: mach-rbspi: return rb_info from rbspi_platform_setupGabor Juhos2018-01-221-13/+13
| | | | | | | | | | | | Modify the rbspi_platform_setup() function to return the pointer of the rb_info structure. This allows board specific setup routines to access the various fields of the information. It is useful for investigating the hardware option bits for example. Also update the board setup codes, to ensure that those handle the new return value correctly. Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
* ar71xx: add definitions for RouterBOARD hardware option bitsGabor Juhos2018-01-221-0/+26
| | | | | | | | | | | | Add bit definitions for the 'hardware options' tag which is used in the MikroTik devices' hardware configurations. These values can be used in board setup codes, to do different initialization sequences. The values were obtained from the RouterOS 6.41-rc38 patches. Additionally, introduce two helper functions what make the processing of the hardware options easy. Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
* uqmi: silence error on pin verificationKoen Vandeputte2018-01-221-1/+1
| | | | | | | | | | | | If a device only supports the 2nd verification method (uim), the first method will fail as expected reporting an error: "Command not supported" Silence both separate methods and only report an error regarding pin verification if both fail. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: add IEEE-1284 parallel port supportDaniel Gimpelevich2018-01-221-5/+38
| | | | | | | | | | The kmod-lp package included both lp.ko and ppdev.ko, but ECP device drivers may or may not require lp NOT to be loaded, needing only ppdev. Additionally, There were no packages for any parport interface modules, such as uss720 or parport_pc, provided here. It has not been otherwise possible to use PC-style parport hardware for kmod-lp. Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* pistachio: make patches apply againHauke Mehrtens2018-01-201-2/+2
| | | | | | | | Support for Winbond NAND flash detection was added into the generic patches and this conflicted with this patch adding Gigadevice support. Fixes: 02050f7e7d5b ("kernel/4.{4, 9}: add manufacturer ID for Winbond NANDs") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>