Commit Graph

17399 Commits

Author SHA1 Message Date
Piotr Dymacz
b4e9e81002 uboot-envtools: ath79: add support for ALFA Network N5Q
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
6ae0684297 uboot-envtools: ath79: add support for ALFA Network N2Q
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
9181b039f3 uboot-envtools: ath79: add support for ALFA Network R36A
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
c40b693bd8 uboot-envtools: ath79: add support for Samsung WAM250
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
9b699301f5 uboot-envtools: ath79: add support for Wallys DR531
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
77598f19cc uboot-envtools: ath79: add support for ALFA Network AP121FE
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Daniel Golle
d96d324280 libsepol: break out chkcon utility
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-27 17:22:01 +01:00
Daniel Golle
e8b34880f9 policycoreutils: fix host utils rpath and bin directory
'setfiles' and others should be installed to $(STAGING_DIR_HOSTPKG)/bin
rather than $(...)/sbin which isn't in PATH.
Also using -Wl,-rpath to set library search location instead of setting
LD_LIBRARY_PATH when calling setfiles in image.mk.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-27 17:22:01 +01:00
Christian Lamparter
f6fbc39706 build: define PWM_SUPPORT arch feature flag
As the PWM has its own sub-system in the Linux kernel,
I think it should be handled in the same way as GPIO, RTC, PCI...

This patch introduces a specific feature flag "pwm" and the
"leds-pwm" kernel module as the first customer.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-25 19:32:33 +02:00
Hans Geiblinger
a9071d02b5 ipq40xx: Add support for Linksys MR8300 (Dallas)
The Linksys MR8300 is based on QCA4019 and QCA9888
and provides three, independent radios.
NAND provides two, alternate kernel/firmware images
with fail-over provided by the OEM U-Boot.

Hardware Highlights:

SoC: IPQ4019 at 717 MHz (4 CPUs)
RAM: 512MB RAM

SoC:	Qualcomm IPQ4019 at 717 MHz (4 CPUs)
RAM:	512M DDR3
FLASH:	256 MB NAND (Winbond W29N02GV, 8-bit parallel)
ETH:	Qualcomm QCA8075 (4x GigE LAN, 1x GigE Internet Ethernet Jacks)
BTN:	Reset and WPS
USB:	USB3.0, single port on rear with LED
SERIAL:	Serial pads internal (unpopulated)
LED:	Four status lights on top + USB LED
WIFI1:	2x2:2 QCA4019 2.4 GHz radio on ch. 1-14
WIFI2:  2x2:2 QCA4019 5 GHz radio on ch. 36-64
WIFI3:  2x2:2 QCA9888 5 GHz radio on ch. 100-165

Support is based on the already supported EA8300.
Key differences:
	EA8300 has 256MB RAM where MR8300 has 512MB RAM.
	MR8300 has a revised top panel LED setup.

Installation:
"Factory" images may be installed directly through the OEM GUI using
URL: https://ip-of-router/fwupdate.html (Typically 192.168.1.1)

Signed-off-by: Hans Geiblinger <cybrnook2002@yahoo.com>
[copied Hardware-highlights from EA8300. Fixed alphabetical order.
fixed commit subject, removed bogus unit-address of keys,
fixed author (used Signed-off-By to From:) ]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-25 19:31:51 +02:00
Tomasz Maciej Nowak
e24635710c ipq40xx: add support for Luma Home WRTQ-329ACN
Luma Home WRTQ-329ACN, also known as Luma WiFi System, is a dual-band
wireless access point.

Specification
SoC: Qualcomm Atheros IPQ4018
RAM: 256 MB DDR3
Flash: 2 MB SPI NOR
       128 MB SPI NAND
WIFI: 2.4 GHz 2T2R integrated
      5 GHz 2T2R integrated
Ethernet: 2x 10/100/1000 Mbps QCA8075
USB: 1x 2.0
Bluetooth: 1x 4.0 CSR8510 A10, connected to USB bus
LEDS: 16x multicolor LEDs ring, controlled by MSP430G2403 MCU
Buttons: 1x GPIO controlled
EEPROM: 16 Kbit, compatible with AT24C16
UART: row of 4 holes marked on PCB as J19, starting count from the side
      of J19 marking on PCB
      1. GND, 2. RX, 3. TX, 4. 3.3V
      baud: 115200, parity: none, flow control: none

The device supports OTA or USB flash drive updates, unfotunately they
are signed. Until the signing key is known, the UART access is mandatory
for installation. The difficult part is disassembling the casing, there
are a lot of latches holding it together.

Teardown
Prepare three thin, but sturdy, prying tools. Place the device with back
of it facing upwards. Start with the wall having a small notch. Insert
first tool, until You'll feel resistance and keep it there. Repeat the
procedure for neighbouring walls. With applying a pressure, one edge of
the back cover should pop up. Now carefully slide one of the tools to
free the rest of the latches.
There's no need to solder pins to the UART holes, You can use hook clips,
but wiring them outside the casing, will ease debuging and recovery if
problems occur.

Installation
1. Prepare TFTP server with OpenWrt initramfs image.
2. Connect to UART port (don't connect the voltage pin).
3. Connect to LAN port.
4. Power on the device, carefully observe the console output and when
   asked quickly enter the failsafe mode.
5. Invoke 'mount_root'.
6. After the overlayfs is mounted run:
     fw_setenv bootdelay 3
   This will allow to access U-Boot shell.
7. Reboot the device and when prompted to stop autoboot, hit any key.
8. Adjust "ipaddr" and "serverip" addresses in U-Boot environment, use
   'setenv' to do that, then run following commands:
     tftpboot 0x84000000 <openwrt_initramfs_image_name>
     bootm 0x84000000
   and wait till OpenWrt boots.
9. In OpenWrt command line run following commands:
     fw_setenv openwrt "setenv mtdids nand1=spi_nand; setenv mtdparts mtdparts=spi_nand:-(ubi); ubi part ubi; ubi read 0x84000000 kernel; bootm 0x84000000"
     fw_setenv bootcmd "run openwrt"
10. Transfer OpenWrt sysupgrade image to /tmp directory and flash it
    with:
     ubirmvol /dev/ubi0 -N ubi_rootfs
     sysupgrade -v -n /tmp/<openwrt_sysupgrade_image_name>
11. After flashing, the access point will reboot to OpenWrt, then it's
    ready for configuration.

Reverting to OEM firmware
1. Execute installation guide steps: 1, 2, 3, 7, 8.
2. In OpenWrt command line run following commands:
     ubirmvol /dev/ubi0 -N rootfs_data
     ubirmvol /dev/ubi0 -N rootfs
     ubirmvol /dev/ubi0 -N kernel
     ubirename /dev/ubi0 kernel1 kernel ubi_rootfs1 ubi_rootfs
     ubimkvol /dev/ubi0 -S 34 -N kernel1
     ubimkvol /dev/ubi0 -S 320 -N ubi_rootfs1
     ubimkvol /dev/ubi0 -S 264 -N rootfs_data
     fw_setenv bootcmd bootipq
3. Reboot.

Known issues
The LEDs ring doesn't have any dedicated driver or application to control
it, the only available option atm is to manipulate it with 'i2cset'
command. The default action after applying power to device is spinning
blue light. This light will stay active at all time. To disable it
install 'i2c-tools' with opkg and run:
 i2cset -y 2 0x48 3 1 0 0 i
The light will stay off until next cold boot.

Additional information
After completing 5. step from installation guide, one can disable asking
for root password on OEM firmware by running:
 sed -e 's/root/root::/' -i /etc/passwd
This is useful for investigating the OEM firmware. One can look
at the communication between the stock firmware and the vendor's
cloud servers or as a way of making a backup of both flash chips.
The root password seems to be constant across all sold devices.
This is output of 'led_ctl' from OEM firmware to illustrate
possibilities of LEDs ring:

Usage: led_ctl [status | upgrade | force_upgrade | version]
       led_ctl solid    COLOR <brightness>
       led_ctl single   COLOR INDEX <brightness 0 - 15>
       led_ctl spinning COLOR <period 1 - 16 (lower = faster)>
       led_ctl fill     COLOR <period 1 - 16 (lower = faster)>
                                             ( default is 5 )
       led_ctl flashing COLOR <on dur 1 - 128>  <off dur 1 - 128>
                              (default is  34)  ( default is 34 )
       led_ctl pulsing  COLOR
COLOR: red, green, blue, yellow, purple, cyan, white

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[squash "ipq-wifi: add BDFs for Luma Home WRTQ-329ACN" into commit,
changed ubi volumes for easier integration, slightly reworded
commit message, changed ubi volume layout to use standard names all
around]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-25 19:30:19 +02:00
Yousong Zhou
7dc78d1d28 dnsmasq: fix handling ignore condition for dnssec
It should return false to indicate that the option should not be ignored

Fixes 064dc1e8 ("dnsmasq: abort when dnssec requested but not
available")

Reported-by: Sami Olmari <sami@olmari.fi>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-09-25 10:31:36 +08:00
W. Michael Petullo
d20007ce91 dnsmasq: support tftp_unique_root in /etc/config/dhcp
The TFTP server provided by dnsmasq supports serving a select boot image
based on the client's MAC or IP address. This allows an administrator
to activate this feature in /etc/config/dhcp. Here is an example
/etc/config/dhcp that configures dnsmasq with --tftp-unique-root=mac:

...

config dnsmasq
	option enable_tftp 1
	option tftp_root /usr/libexec/tftpboot
	option tftp_unique_root mac

config boot router
	option serveraddress 192.168.1.1
	option servername tftp.example.com
	option filename openwrt-initramfs-kernel.bin

...

With this configuration, dnsmasq will serve
/usr/libexec/tftpboot/00-11-22-33-44-55/openwrt-initramfs-kernel.bin to
the client with MAC address 00:11:22:33:44:55.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-09-24 22:38:37 +02:00
Hans Dedecker
ad3044c424 vxlan: fix rsc config option
Fix route short circuit config option; fixes commit 036221ce5a

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-24 22:14:36 +02:00
Hans Dedecker
036221ce5a vxlan: add extra config options
Add config options:
  srcportmin/srcportmax : range of port numbers to use as  UDP source ports
                          to communicate to the remote VXLAN tunnel endpoint
  ageing                : lifetime in seconds of FDB entries learnt by the kernel
  maxaddress            : maximum number of FDB entries
  learning              : enable/disable entering unknown source link layer addresses
                          and IP addresses into the VXLAN device FDB.
  rsc                   : enable/disable route short circuit
  proxy                 : enable/disable ARP proxy
  l2miss                : enable/disable netlink LLADDR miss notifications
  l3miss                : enable/disable netlink IP ADDR miss notifications
  gbp                   : enable/disable the Group Policy extension

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-23 21:45:15 +02:00
J. Scott Heppler
620f9c7734 ramips: add support for Linksys EA7300 v2
This submission relied heavily on the work of
Santiago Rodriguez-Papa <contact at rodsan.dev>

Specifications:

*  SoC:            MediaTek  MT7621A            (880  MHz  2c/4t)
*  RAM:            Winbond W632GG6MB-12         (256M  DDR3-1600)
*  Flash:          Winbond W29N01HVSINA         (128M  NAND)
*  Eth:            MediaTek  MT7621A            (10/100/1000  Mbps  x5)
*  Radio:          MT7603E/MT7615N              (2.4  GHz  &  5  GHz)
                     4  antennae:  1  internal  and  3  non-deatachable
*  USB:            3.0  (x1)
*  LEDs:
          White    (x1  logo)
          Green    (x6  eth  +  wps)
          Orange   (x5,  hardware-bound)
*  Buttons:
          Reset    (x1)
          WPS      (x1)

Installation:

Flash factory image through GUI.

This might fail due to the A/B nature of this device. When flashing, OEM
firmware writes over the non-booted partition. If booted from 'A',
flashing over 'B' won't work. To get around this, you should flash the
OEM image over itself. This will then boot the router from 'B' and
allow you to flash OpenWRT without problems.

Reverting to factory firmware:

Hard-reset the router three times to force it to boot from 'B.' This is
where the stock firmware resides. To remove any traces of OpenWRT from
your router simply flash the OEM image at this point.

Signed-off-by: J. Scott Heppler <shep971@centurylink.net>
2020-09-23 12:17:32 +02:00
Felix Fietkau
127ca3c631 mt76: update to the latest version
73301065ac32 mt76: mt7615: reduce maximum VHT MPDU length to 7991
8c47ed12c2be mt76: mt7915: add offchannel condition in switch channel command
1449e602fa10 mt76: Convert to DEFINE_SHOW_ATTRIBUTE
b22977c2727d mt76: mt7663s: remove max_tx_fragments limitation

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-23 08:39:26 +02:00
Felix Fietkau
4bd7689d85 mac80211: update sta connection monitor regression fix
Reset the connection monitor on all acked frames

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-23 08:39:26 +02:00
David Bauer
c5eea362f3 hostapd: ubus: make (B)SSID optional for neighbor report
Make the BSSID and SSID fields optional when configuring a neighbor
report into hostapd.

Both options can now be an empty string. For the BSSID, the first 6 byte
are copied from the neighbor report. For the SSID, the SSID for the
affected hostapd BSS is used.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-22 17:41:10 +02:00
David Bauer
560e54c69e hostapd: ubus: send notification instead of event
Rafal Milecki pointed out that ubus events are meant for low-level ubus
events only (e.g. addition or removal of an object). Higher level
events should happen as notifications on the ubus object itself.

Dispatch BSS events on the main hostapd ubus object instead of
publishing them as ubus events.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-22 17:40:08 +02:00
David Bauer
d643b10a76 hostapd: ubus: fix infinite loop when configuring RRM NR
The return-code was set, however it was never returned, nor was
the loop interrupted.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-21 21:27:56 +02:00
David Bauer
8e7aa739fb hostapd: send procd event on BSS update
Dispatch ubus events also to procd in order to trigger service reloads
on hostapd updates.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-21 21:26:27 +02:00
David Bauer
6254af0c37 hostapd: send ubus event on BSS update
hostapd will emit a ubus event with the eventname hostapd.<ifname>.<event>
when adding, removing or reloading a BSS.

This way, services which install state (for example the RMM neighbor
list) can on-demand reinstall this information for the BSS without
polling this state.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-21 21:26:12 +02:00
Stijn Segers
ec80139629 odhcpd: number UCI defaults script
UCI defaults scripts are supposed to be numbered, but odhcpd's lacked numbering, which
turned out to mess up my custom scripts numbered 9[0-9]_*. The idea is to have high number
(custom) scripts executed last. Jow confirmed numbering is the default case, not the
exception (thanks).

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2020-09-21 20:59:40 +02:00
Daniel Golle
236e79abb7 policycoreutils: fix ALTERNATIVES install location
Fixes: 7817c831ef ("policycoreutils: break into smaller packages")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-21 18:58:14 +01:00
Daniel Golle
7817c831ef policycoreutils: break into smaller packages
Instead of vaguely describing dependencies in the package description
actually split-up into individual packages, each with their
dependencies expressed accurately.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-21 18:40:38 +01:00
Daniel Golle
81d895d1f1 libselinux: split utility packages and add PKG_LICENSE
Split utility packages similar to coreutils in packages feed, adding
ALTERNATIVES for those which are also provided by busybox-selinux.
Also add missing license information.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-21 18:40:38 +01:00
Felix Fietkau
1c6d45644a mac80211: fix regression in station connection monitor optimization
When the nulldata frame was acked, the probe send count needs to be reset,
otherwise it will keep increasing until the connection is considered dead,
even though it fine.

Reported-by: Georgi Valkov <gvalkov@abv.bg>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-21 17:56:31 +02:00
Rui Salvaterra
90853439a1 zram-swap: explicitly use mkswap/swapon/swapoff from /sbin
The required BusyBox applets are enabled by default, so we can rely on them
being present in the system. This way, we make sure there are no conflicts
with less featured variants of these same applets which might also be
present in the system.

Fixes: 0bd7dfa3ed ("zram-swap: enable swap discard")

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[wrap commit description]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-20 17:52:25 +02:00
Davide Fioravanti
cd36c0d2f0 mac80211: select the first available channel for 5GHz interfaces
Some 5GHz wifi interfaces, especially in Tri-band routers, can't use
channel 36. In these cases, the default configuration for 5GHz
interfaces, once enabled, doesn't work.

This patch selects the first non-disabled channel for 5GHz interfaces.

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
2020-09-20 17:52:25 +02:00
David Woodhouse
9e7369d37e mediatek: mt7623n-preloader: add preloader for Banana Pi R64
We want to be able to make full system images for this system too, just
as we now can for the MT7623 platforms.

The package directory (mt7623n) is now a bit misnamed as it's overly
specific, but the precise set of platforms which we support this way
is evolving and we'll fix it up when the dust settles and we know what
nomenclature makes most sense.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-09-19 13:39:29 +01:00
Andre Heider
8cfb839907 arm-trusted-firmware-mvebu: add support for espressobin
Use build variants to cover all 11 hardware options [0]:
espressobin-512mb
espressobin-v3-v5-1gb-1cs
espressobin-v3-v5-1gb-1cs-emmc
espressobin-v3-v5-1gb-2cs
espressobin-v3-v5-1gb-2cs-emmc
espressobin-v3-v5-2gb
espressobin-v3-v5-2gb-emmc
espressobin-v7-1gb
espressobin-v7-1gb-emmc
espressobin-v7-2gb
espressobin-v7-2gb-emmc

CLOCKSPRESET is set to CPU_800_DDR_800 for all builds, which is the only
stable configuration. That actually matches what Globalscale shipped as
CPU_1000_DDR_800 combined with kernel versions < v4.19.42. [1][2].

[0] https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/plat/marvell/armada/build.rst
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8db82563451f976597ab7b282ec655e4390a4088
[2] https://forum.armbian.com/topic/10335-espressobin-update-to-585-results-in-kernel-panic/?tab=comments#comment-79916

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
f6378b9e53 arm-trusted-firmware-mvebu: update a3700-utils
Update to current head of the branch A3700_utils-armada-18.12-fixed:
0967979 ddr: Add DDR3 2CS layout for EspressoBin v5 2GB board
486523e ddr: fix typo for ESPRESSObin 2GB layout
490b2b3 TBB: Fix building for Crypto++ 6.0 and later
0141dd1 TBB: Split INCDIR from LIBDIR

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
65c1c91942 arm-trusted-firmware-mvebu: update to v2.3
Switch to release tarballs and add missing license information while
here.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
75e9d8e6e7 arm-trusted-firmware-mvebu: install to own subdir
Lift the dependency on the build order, where flash-image.bin may be missing
from the u-boot dir.

While at it, also install the uart images for rescue purposes.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
53065b2dee arm-trusted-firmware-mvebu: fix compiler spam
Gets rid of these warnings:
cc1: note: someone does not honour COPTS correctly, passed 0 times

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
847b5927c6 arm-trusted-firmware-mvebu: reuse default prepare target
Don't wipe internal state files, fixes e.g. refreshing patches.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:05 +02:00
Andre Heider
72bb66caad uboot-mvebu: add support for espressobin
This builds two u-boot binaries: one for boards without eMMC and one
with.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:05 +02:00
Andre Heider
ae2e521b34 uboot-mvebu: update to v2020.10-rc4
TODO: switch to release v2020.10 once released.

Remove one merged patch, refresh the rest.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:05 +02:00
Tony Ambardar
5582fbd613 bpftools: support NLS, fix ppc build and update to 5.8.9
With global NLS support enabled (CONFIG_BUILD_NLS), the linked libelf.so
and libbfd.so libraries will depend on libintl.so. Import the nls.mk helper
to set library prefixes and flags accordingly, and also conditionally add
"-lintl" as link-time library.

Fix a build error on ppc due to a EDEADLOCK redefinition in errno.h.

Use upstream stable kernel 5.8.9, and fix overriding of feature detection
to only allow/hide detected features. Also refresh existing patches.

Fixes: 2f0d672088 ("bpftools: add utility and library packages supporting
eBPF usage")

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-09-18 21:42:05 +02:00
Tan Zien
e826e00765 firmware: intel-microcode: update to 20200616
intel-microcode (3.20200616.1)

  * New upstream microcode datafile 20200616
    + Downgraded microcodes (to a previously shipped revision):
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
  * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
  * This update *removes* the SRBDS mitigations from the above processors
  * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2

intel-microcode (3.20200609.2)

  * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
    * Microcode rollbacks (closes: LP#1883002)
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
    * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
    * Avoid hangs on boot on (some?) Skylake-U/Y processors,
  * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
    just in case.  Note that Debian does not do late loading by itself.
    Refer to LP#1883002 for the report, 0x806ec hangs upon late load.

intel-microcode (3.20200609.1)

  * SECURITY UPDATE
    * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
      on the processor model
    * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
      L1DCES mitigations, plus mitigations described in the changelog entry
      for package release 3.20191112.1.
    * Expect some performance impact, the mitigations are enabled by
      default.  A Linux kernel update will be issued that allows one to
      selectively disable the mitigations.
  * New upstream microcode datafile 20200609
    * Implements mitigation for CVE-2020-0543 Special Register Buffer Data
      Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
    * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
      (VRDS), INTEL-SA-00329
    * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
      (L1DCES), INTEL-SA-00329
    * Known to fix the regression introduced in release 2019-11-12 (sig
      0x50564, rev. 0x2000065), which would cause several systems with
      Skylake Xeon, Skylake HEDT processors to hang while rebooting
    * Updated Microcodes:
      sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
      sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
      sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
      sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
      sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
      sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
      sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
      sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
      sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
      sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
      sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
      sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
      sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
  * Restores the microcode-level fixes that were reverted by release
    3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)

intel-microcode (3.20200520.1)

  * New upstream microcode datafile 20200520
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456

intel-microcode (3.20200508.1)

  * New upstream microcode datafile 20200508
    + Updated Microcodes:
      sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
    * Likely fixes several critical errata on IceLake-U/Y causing system
      hangs

intel-microcode (3.20191115.2)

  * Microcode rollbacks (closes: #946515, LP#1854764):
    sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
  * Avoids hangs on warm reboots (cold boots work fine) on HEDT and
    Xeon processors with signature 0x50654.

intel-microcode (3.20191115.1)

  * New upstream microcode datafile 20191115
    + Updated Microcodes:
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
      sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
      sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
      sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
      sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136

intel-microcode (3.20191113.1)

  * New upstream microcode datafile 20191113
    + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
      Adds microcode update for CFL-S (Coffe Lake Desktop)
      INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
    + Updated Microcodes (previously removed):
      sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328

intel-microcode (3.20191112.1)

  * New upstream microcode datafile 20191112
    + SECURITY UPDATE
      - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
      - Implements TA Indirect Sharing mitigation, and improves the
        MDS mitigation (VERW)
      - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
        CVE-2019-11139
      - Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
    + CRITICAL ERRATA FIXES
      - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
        Ice Lake), causes a 0-3% typical perforance hit (can be as bad
        as 10%).  But ensures the processor will actually jump where it
        should, so don't even *dream* of not applying this fix.
      - Fixes AVX SHUF* instruction implementation flaw erratum
    + Removed Microcodes:
      sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
    + New Microcodes:
      sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
      sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
      sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
      sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
      sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
      sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
    + Updated Microcodes:
      sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
      sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
      sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
      sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
      sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
      sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
    + Updated Microcodes (previously removed):
      sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-09-18 20:08:51 +02:00
Tan Zien
182c7d955f firmware: amd64-microcode: update to 20191218
amd64-microcode (3.20191218.1)

  * New microcode update packages from AMD upstream:
    + Removed Microcode updates (known to cause issues):
      sig 0x00830f10, patch id 0x08301025, 2019-07-11
  * README: update for new release

amd64-microcode (3.20191021.1)

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00830f10, patch id 0x08301025, 2019-07-11
    + Updated Microcodes:
      sig 0x00800f12, patch id 0x08001250, 2019-04-16
      sig 0x00800f82, patch id 0x0800820d, 2019-04-16

amd64-microcode (3.20181128.1)

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00800f82, patch id 0x0800820b, 2018-06-20

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-09-18 20:08:51 +02:00
Aleksander Jan Bajkowski
b0aff40ae3 kernel: drop kmod-bmp085, kmod-bmp085-i2c and kmod-bmp085-spi
CONFIG_BMP085* is replaced by CONFIG_BMP280 since 4.9[1] and this package is empty.
OpenWRT also has kmod-iio-bmp280* package and we can drop old packages.

1. [ misc: retire the old BMP085 driver ]
(832c8232dd (diff-5000d544d790c669405eb2a6775e5981))

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
2020-09-18 20:08:51 +02:00
Tan Zien
4742ba41d0 kernel: add module support Intel Ethernet Controller I225 Series
add kernel module igc support Intel Ethernet Controller I225 Series.

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-09-18 20:08:51 +02:00
Felix Fietkau
e18534f905 mt76: update to the latest version
3b946a6dc588 mt76: dma: cache dma map address/len in struct mt76_queue_entry
c4c8b6a20d3b mt76: mt7915: fix HE BSS info
15391c1c947f mt76: fix tx hang on non-AQL frame limit
72c8a81e64e8 mt76: mt7915: fix encap offload multicast traffic with 4-address mode
69b3f868d14b mt76: mt7915: use napi_consume_skb to bulk-free tx skbs
5f080033ec7d mt76: move txwi handling code to dma.c, since it is mmio specific
b1f425686125 mt76: mt7915: fix VHT LDPC capability
8f48855f5d14 mt76: mt7915: simplify mt7915_lmac_mapping
cfaf40858718 mt76: mt7915: fix queue/tid mapping for airtime reporting
115b62efac21 mt76: remove retry_q from struct mt76_txq and related code
e22c65cdc585 mt76: mt7915: simplify checks for the 802.3 offload path
bab866a01e4f mt76: mt7915: fix unexpected firmware mode
0fc3c5eb61d0 mt76: dma: queue more rx frames internally before passing them to the stack
130e5de09364 Revert "mt76: dma: queue more rx frames internally before passing them to the stack"
e3af31409d41 update mt7915 firmware to the latest version
e2b8a4ec9891 mt76: testmode: add a limit for queued tx_frames packets
146488631f7b mt76: mt7615: Remove set but unused variable 'index'
0b7d2b76288e mt76: mt7615: fix VHT LDPC capability
848f4a6334a8 mt76: mt7622: fix fw hang on mt7622
0a955d944bd0 mt76: mt7663s: do not use altx for ctl/mgmt traffic
13b96411513b mt76: mt7663s: split mt7663s_tx_update_sched in mt7663s_tx_{pick,update}_quota
d62ba15b1bbf mt76: mt7663s: introduce __mt7663s_xmit_queue routine
fdf14d1b6aec mt76: move pad estimation out of mt76_skb_adjust_pad
d048f8e87ba0 mt76: mt7663s: fix possible quota leak in mt7663s_refill_sched_quota
979c0fdc5d27 mt76: mt7663s: introduce sdio tx aggregation
56e77a3a3ade mt76: mt7663: check isr read return value in mt7663s_rx_work
f96cffa03e57 mt76: mt7615: unlock dfs bands
1ccd31bbe1f4 mt76: Use fallthrough pseudo-keyword
448cd2d36ee2 mt76: mt76x0: Move tables used only by init.c to their own header file
17ba3432f5af Revert "mt76: mt7615: unlock dfs bands"
fee1f4a8e87f mt76: mt7915: fix possible memory leak in mt7915_mcu_add_beacon
5b78e5292777 mt76: Fix unsigned expressions compared with zero
ec84891a4d23 mt76: mt7915: convert to use le16_add_cpu()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-18 17:29:04 +02:00
Rafał Miłecki
14247c82c0 rpcd: update to the latest master
3fea655 rc: support init.d scripts with START=0

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-18 08:19:04 +02:00
Rafał Miłecki
c57b907f86 uhttpd: update to the latest master
47c34bd ubus: add ACL support for "subscribe" request

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-18 08:16:06 +02:00
Martin Schiller
a594a5a330 lantiq: use uniform "u-boot-env" mtd label
This is the most popular choice in the linux kernel tree.

Within OpenWrt, this change will establish consistency with ath79
and ramips targets.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[extend commit message, include netgear_dm200, update base-files]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-17 21:09:51 +02:00
David Bauer
520074e57e usbutils: update USB IDs to the latest version
Update from 0.321 to 0.339

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-17 18:10:41 +02:00
David Bauer
c2e75017a2 libjson-c: update to 0.15
Drop patches as they've been upstreamed:
 * 001-Fix-CVE-2020-12762.patch

Refresh patches:
 * 000-libm.patch

Add patch to avoid build failure due to missing docs in tarball.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-17 18:08:54 +02:00
Felix Fietkau
caf727767a mac80211: do not allow bigger VHT MPDUs than the hardware supports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-17 14:48:33 +02:00
Rui Salvaterra
419f149e48 zram-swap: default to lzo instead of lzo-rle compression
On devices with small amounts of RAM, zram-swap fails to initialise due to the
default compression algorithm (lzo-rle). Startup example on an AirGrid M2, with
32 MiB of RAM:

root@airgrid:/etc/config# /etc/init.d/zram start
zram_start: activating '/dev/zram0' for swapping (13 MegaBytes)
zram_reset: enforcing defaults via /sys/block/zram0/reset
sh: write error: Out of memory
mkswap: image is too small
swapon: /dev/zram0: Invalid argument
root@airgrid:/etc/config#

Fix this by defaulting to traditional lzo, which works fine and is always
available.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-09-17 10:29:40 +02:00
John Crispin
0fbdb51f76 ipq40xx: add Edgecore OAP-100 support
flashing the unit
* first update to latest edcore FW as per the PDF instructions
* boot the initramfs
  - tftpboot 0x88000000 openwrt-ipq40xx-generic-edgecore_oap100-initramfs-fit-uImage.itb; bootm
* inside the initramfs call the following commiands
  - ubiattach -p /dev/mtd0
  - ubirmvol /dev/ubi0 -n0
  - ubirmvol /dev/ubi0 -n1
  - ubirmvol /dev/ubi0 -n2
* scp the sysupgrade image to the board and call
  - sysupgrade -n openwrt-ipq40xx-generic-edgecore_oap100-squashfs-nand-sysupgrade.bin

Signed-off-by: John Crispin <john@phrozen.org>
2020-09-17 08:43:07 +02:00
Robert Marko
4488b260a0 ipq40xx: add Edgecore ECW5211 support
This patch adds support for the Edgecore ECW5211 indoor AP.

Specification:
- SoC: Qualcomm Atheros IPQ4018 ARMv7-A 4x Cortex A-7
- RAM: 256MB DDR3
- NOR Flash: 16MB SPI NOR
- NAND Flash: 128MB MX35LFxGE4AB SPI-NAND
- Ethernet: 2 x 1G via Q8075 PHY connected to ethernet adapter via PSGMII (802.3af POE IN on eth0)
- USB: 1 x USB 3.0 SuperSpeed
- WLAN: Built-in IPQ4018 (2x2 802.11bng, 2x2 802.11 acn)
- CC2540 BLE connected to USB 2.0 port
- Atmel AT97SC3205T I2C TPM

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2020-09-17 08:43:03 +02:00
Robert Marko
59f0a0fd83 ipq806x: add Edgecore ECW5410 support
This patch adds support for the Edgecore ECW5410 indoor AP.

Specification:
- SoC: Qualcomm Atheros IPQ8068 ARMv7 2x Cortex A-15
- RAM: 256MB(225 usable) DDR3
- NOR Flash: 16MB SPI NOR
- NAND Flash: 128MB S34MS01G2 Parallel NAND
- Ethernet: 2 x 1G via 2x AR8033 PHY-s connected directly to GMAC2 and GMAC3 via SGMII (802.3af POE IN on eth0)
- USB: 1 x USB 3.0 SuperSpeed
- WLAN: 2x QCA9994 AC Wawe 2 (1x 2GHz bgn, 1x 5GHz acn)
- CC2540 BLE
- UART console on RJ45 next to ethernet ports exposed.
Its Cisco pin compatible, 115200 8n1 baud.

Installation instructions:
Through stock firmware or initramfs.

1.Connect to console
2. Login with root account, if password is unknown then interrupt the boot with f and reset it in failsafe.
3. Transfer factory image
4. Flash the image with ubiformat /dev/mtd1 -y -f <your factory image path>

This will replace the rootfs2 with OpenWrt, if you are currently running from rootfs2 then simply change /dev/mtd1 to /dev/mtd0

Note

Initramfs:
1.  Connect to console
2.  Transfer the image from TFTP server with tftpboot,
or by using DHCP advertised image with dhcp command.
3. bootm
4. Run ubiformat /dev/mtd1

You need to interrupt the bootloader after rebooting and run:
run altbootcmd

This will switch your active rootfs partition to one you wrote to and boot from it.

So if rootfs1 is active, then it will change it to rootfs2.

This will format the rootfs2 partition, if your active partition is 2 then simply change /dev/mtd1 with /dev/mtd0
If you dont format the partition you will be writing too, then sysupgrade will find existing UBI rootfs and kernel volumes and update those.
This will result in wrong ordering and OpenWrt will panic on boot.

5. Transfer sysupgrade image
6. Flash with sysupgrade -n.

Note that sysupgrade will write the image to rootfs partition that is not currently in use.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2020-09-17 08:42:17 +02:00
Robert Marko
179073b0cc firmware: ipq-wifi: enable use on IPQ806x
This enables the ipq-wifi package to be used on IPQ806x target.
Its needed for boards using a different BDF than one shipped in the upstream board-2.bin.

Currently needed for Edgecore ECW5410.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2020-09-17 08:42:17 +02:00
Felix Fietkau
673062fc56 mac80211: allow bigger A-MSDU sizes in VHT, even if HT is limited
Improves tx throughput when connecting to some APs (e.g. Asus RT-AC88U)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-16 18:49:11 +02:00
Adrian Schmutzler
cb9bb908de base-files: drop default setup for vconfig
vconfig has been disabled by default since 2015 [1] and there are
no remaining uses in entire OpenWrt trunk. However, we still set up
a specific name_type for it during boot.

While this setup is properly implemented to be only triggered when
vconfig is present, it still seems anachronistic and unnecessary
to set up a standard for a tool that is not used anymore.

Therefore, this removes the set_name_type initialization and leaves
it for those people actually using the tool to configure it as needed.

[1] 899a23227e ("busybox: improve applets & deprecate ifconfig, route")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-16 17:28:20 +02:00
Rafał Miłecki
4a3230683b uhttpd: update to the latest master
1172357 ubus: add new RESTful API
fe1888f ubus: fix blob_buf initialization

Fixes: 3d167ed805 ("uhttpd: update to the latest master")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-15 13:45:33 +02:00
Adrian Schmutzler
a9790dff53 cns3xxx: drop target
This target has not been updated to 5.4 yet, and the only person
trying it (Koen) decided to retreat based on the following reasons:

- The target is not DT-aware at all

- The huge amount of effort required

- The SoC itself reached EoL at Cavium for some time now

- Upstream removed some important parts as it's also slowly getting EoL
  over there

- The commercial product that used this will fade out shortly

- The amount of download for this binary suggest that the target is not
  that popular

Since nobody has picked up the work since then, and this is the last
remaining 4.19-only target, finally drop it now.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-14 00:19:27 +02:00
Klaus Kudielka
04d3b517dc uboot-envtools: mvebu: update uci defaults for Turris Omnia
On the Turris Omnia 2019, u-boot environment is located at 0xF0000, instead
of 0xC0000. The switch happened with u-boot-omnia package version 2019-04-2
(May 10, 2019).

Check the installed u-boot release, and set the default accordingly.

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
[bump PKG_RELEASE, use lower case for hex offset]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-13 13:56:47 +02:00
Hans Dedecker
96586ad8ca netifd: update to latest git HEAD
55a7b6b netifd: vxlan: add aging and maxaddress options
11223f5 netifd: vxlan: add most missing boolean options
226566b netifd: vxlan: refactor mapping of boolean attrs
a3c033e netifd: vxlan: handle srcport range

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-12 21:29:20 +02:00
Adrian Schmutzler
07aa858a73 ramips: fix partitions and boot for RAVPower RP-WD03
The RAVPower RP-WD03 is a battery powered router, with an Ethernet and
USB port. Due due a limitation in the vendor supplied U-Boot bootloader,
we cannot exceed a 1.5 MB kernel size, as is the case with recent builds
(i.e. post v19.07). This breaks both factory and sysupgrade images.

To address this, use the lzma loader (loader-okli) to work around this
limitation.

The improvements here also address the "misplaced" U-Boot environment
partition, which is located between the kernel and rootfs in the stock
image / implementation. This is addressed by making use of mtd-concat,
maximizing space available in the booted image.
This will make sysupgrade from earlier versions impossible.

Changes are based on the recently supported HooToo HT-TM05, as the
hardware is almost identical (except for RAM size) and is from the same
vendor (SunValley). While at it, also change the SPI frequency
accordingly.

Installation:

 - Download the needed OpenWrt install files, place them in the root
   of a clean TFTP server running on your computer. Rename the files as,
   - openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-kernel.bin => kernel
   - openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-rootfs.bin => rootfs
 - Plug the router into your computer via Ethernet
 - Set your computer to use 10.10.10.254 as its IP address
 - With your router shut down, hold down the power button until the first
   white LED lights up.
 - Push and hold the reset button and release the power button. Continue
   holding the reset button for 30 seconds or until it begins searching
   for files on your TFTP server, whichever comes first.
 - The router (10.10.10.128) will look for your computer at 10.10.10.254
   and install the two files. Once it has finished installation, it will
   automatically reboot and start up OpenWrt.
 - Set your computer to use DHCP for its IP address

Notes:

 - U-Boot environment can be modified, u-boot-env is preserved on initial
   install or sysupgrade
 - mtd-concat functionality is included, to leave a "hole" for u-boot-env,
   combining the OEM kernel and rootfs partitions

Most of the changes in this commit are the work of Russell Morris (as
credited below), I only wrapped them up and added compat-version.
Thanks to @mpratt14 and @xabolcs for their help getting the lzma loader
to work!

Fixes: 5ef79af4f8 ("ramips: add support for Ravpower WD03")

Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-11 19:31:03 +02:00
David Bauer
e289f18347 hostapd: add support for per-BSS airtime configuration
Add support for per-BSS airtime weight configuration. This allows to set
a airtime weight per BSS as well as a ratio limit based on the weight.

Support for this feature is only enabled in the full flavors of hostapd.

Consult the hostapd.conf documentation (Airtime policy configuration)
for more information on the inner workings of the exposed settings.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-11 17:35:48 +02:00
David Bauer
e087bb5bd7 base-files: disable LEDs if default state is undefined
Set the default state for LEDs to off. When a trigger is set, the
trigger will turn the LED automatically on.

Currently LEDs might stay on, e.g. when the LED trigger is set to a
netdev trigger and the interface is never activated or the 'none'
trigger is selected without setting the 'default' option to 0 and it's
set for the LED indicating the system running state.

Using off as a default value is also consistent with the documentation
in the OpenWrt wiki.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-11 17:34:54 +02:00
Bob Cai
f1bc66c765 kernel: improve the description of fs-nfs-v4
TITLE is "NFS4 filesystem client support" (Line 428)
but the description is "Kernel module for NFS v4 support" (Line 438).

Use "Kernel module for NFS v4 client support" on line 438.

Signed-off-by: Bob Cai <1119283622@qq.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-10 18:52:15 +02:00
Rafał Miłecki
8b8015031b rpcd: update to the latest master
rc: new ubus object for handling /etc/init.d/ scripts

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-10 13:35:05 +02:00
Daniel Golle
fb22f4ae3a rssileds: update maintainer email address
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-10 02:58:30 +01:00
Jason A. Donenfeld
bf0881dc72 wireguard-tools: bump to 1.0.20200827
* ipc: split into separate files per-platform

This is in preparation for FreeBSD support, which I had hoped to have this
release, but we're still waiting on some tooling fixes, so hopefully next
wg(8) will support that. Either way, the code base is now a lot more amenable
to adding more kernel platform support.

* man: wg-quick: use syncconf instead of addconf for strip example

Simple documentation fix.

* pubkey: isblank is a subset of isspace
* ctype: use non-locale-specific ctype.h

In addition to ensuring that isalpha() and such isn't locale-specific, we also
make these constant time, even though we're never distinguishing between bits
of a secret using them. From that perspective, though, this is markedly better
than the locale-specific table lookups in glibc, even though base64 characters
span two cache lines and valid private keys must hit both. This may be useful
for other projects too: https://git.zx2c4.com/wireguard-tools/tree/src/ctype.h

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-09 20:47:19 +02:00
Martin Schiller
d6235f48f8 openvpn: fix shell compare operator in openvpn.init
Don't use bash syntax, because /bin/sh is used here.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-09 14:02:21 +02:00
Felix Fietkau
d717343c85 mac80211: update encap offload patches to the latest version
Minor cleanup and code reorganization, along with a change to not disable
offload anymore when a tkip or sw crypto key is added

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-09 11:51:47 +02:00
Jason A. Donenfeld
d8104c8353 wireguard: bump to 1.0.20200908
* compat: backport kfree_sensitive and switch to it
* netlink: consistently use NLA_POLICY_EXACT_LEN()
* netlink: consistently use NLA_POLICY_MIN_LEN()
* compat: backport NLA policy macros

Backports from upstream changes.

* peerlookup: take lock before checking hash in replace operation

A fix for a race condition caught by syzkaller.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-09 07:54:20 +02:00
Daniel Golle
be9694aaa2 hostapd: add UCI support for Hotspot 2.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-08 20:04:14 +01:00
Daniel Golle
7ed34f65d0 netifd: update to git HEAD
3d9bd73 utils: fix check_pid_path to work with deleted file as well
 330f403 vlan: initialize device ifname earlier at creation time
 c057e71 device: do not check state from within device_init
 cb0c07b system-dummy: fix resolving ifindex
 ccd9ddc bridge: add support for turning on vlan_filtering
 82bcb64 bridge: add support for adding vlans to a bridge
 0e8cea0 bridge: add support for VLAN filtering
 6086b63 config: enable bridge vlan filtering by default for bridges that define VLANs
 ac0710b device: look up full device name before traversing vlan chain
 e32e21e bridge: flush vlan list on bridge free
 645ceed interface-ip: clear host bits of the device prefix
 d7b614a netifd-wireless: parse 'osen' encryption

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-08 20:04:14 +01:00
Paul Spooren
d0f295837a dropbear: Enable Ed25519 for normal devices
The Ed25519 key pairs are much shorter than RSA pairs and are supported
by default in OpenSSH. Looking at websites explaining how to create new
SSH keys, many suggest using Ed25519 rather than RSA, however consider
the former as not yet widely established. OpenWrt likely has a positive
influence on that development.

As enabling Ed25519 is a compile time option, it is currently not
possible to install the feature via `opkg` nor select that option in an
ImageBuilder.

Due to the size impact of **12kB** the option should only be enabled for
devices with `!SMALL_FLASH`.

This approach seems cleaner than splitting `dropbear` into two packages
like `dropbear` and `dropbear-ed25519`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-06 23:19:20 +02:00
Rosen Penev
83e946d718 util-linux: Fix build when libmagic is present
When the libmagic from the file package in the packages feed was also
compiled and provided its libmagic.so file, util-linux tried to link
against it. Avoid this by explicitly disable libmagic support.

This fixes the following build error:
Package more is missing dependencies for the following libraries:
libmagic.so.1

Fixes: 36d9ed360a ("util-linux: update to 2.36")
Acked-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[Add commit description]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 23:19:12 +02:00
Hauke Mehrtens
787de4331f wolfssl: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk	391.545

new:
libwolfssl24_4.5.0-stable-2_mips_24kc.ipk	387.439

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:51 +02:00
Hauke Mehrtens
b71433f42d iw: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
iw_5.4-1_mips_24kc.ipk		35.767
iw-full_5.4-1_mips_24kc.ipk	68.423

new:
iw_5.8-1_mips_24kc.ipk		36.883
iw-full_5.8-1_mips_24kc.ipk	71.992

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:51 +02:00
Hauke Mehrtens
103225b412 nftables: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
nftables-json_0.9.6-1_mips_24kc.ipk	231.968
nftables-nojson_0.9.6-1_mips_24kc.ipk	204.731

new:
nftables-json_0.9.6-2_mips_24kc.ipk	221.894
nftables-nojson_0.9.6-2_mips_24kc.ipk	193.932

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
56c2e9fe37 libnftnl: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
libnftnl12_1.1.7-1_mips_24kc.ipk	47.459

new:
libnftnl12_1.1.7-2_mips_24kc.ipk	45.742

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
a617861d4c jansson: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
jansson4_2.13.1-1_mips_24kc.ipk	19.171

new:
jansson4_2.13.1-2_mips_24kc.ipk	18.936

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
13b4ed4cf4 nftables: Update to version 0.9.6
The ipk sizes for mips_24Kc change like this:
old:
nftables-json_0.9.3-1_mips_24kc.ipk	220.262
nftables-nojson_0.9.3-1_mips_24kc.ipk	192.937

new:
nftables-json_0.9.6-1_mips_24kc.ipk	231.968
nftables-nojson_0.9.6-1_mips_24kc.ipk	204.731

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
082354e4bb libnftnl: Update to version 1.1.7
The ipk sizes for mips_24Kc change like this:
old:
libnftnl12_1.1.5-1_mips_24kc.ipk	46.252

new:
libnftnl12_1.1.7-1_mips_24kc.ipk	47.459

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
cd2aad3812 jansson: Update to version 2.13.1
This also sets the ABI_VERSION as this is a versioned shared library.

The ipk sizes for mips_24Kc change like this:
old:
jansson_2.12-1_mips_24kc.ipk	18.692

new:
jansson4_2.13.1-1_mips_24kc.ipk	19.171

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Adrian Schmutzler
081e944be6 ath25: add back target support
Discussion on the mailing list reveals that this target has active
users. As we are finally able to upgrade this target to kernel 5.4,
add it back to master.

This reverts commit 7d29a55714 ("ath25: drop target") and
immediately moves the relevant files to 5.4, without touching
the content.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-06 19:49:05 +02:00
Christian Lamparter
a487e67cbc base-files: support label-property-less in get_dt_leds
The LED's "label" property has been deprecated in upstream by:

|commit c5d18dd6b64e09dd6984bda9bdd55160af537a8c
|Author: Jacek Anaszewski <jacek.anaszewski@gmail.com>
|Date:   Sun Jun 9 20:19:04 2019 +0200
|
|    dt-bindings: leds: Add properties for LED name construction
|
|    Introduce dedicated properties for conveying information about
|    LED function and color. Mark old "label" property as deprecated.
|
|    Additionally function-enumerator property is being provided
|    for the cases when neither function nor color can be used
|    for LED differentiation.

in order to be somewhat prepared, this patch adds a fallback
as a last resort to make the current led code work by falling
back to the node-name as the "label".

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-05 23:24:46 +02:00
Hans Dedecker
04e0e4167e ppp: update to latest git HEAD
af30be0 Fix setting prefix for IPv6 link-local addresss
0314df4 Disable asking password again when prompt program returns 128

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-05 20:13:40 +02:00
David Bauer
7f676b5ed6 firewall: bump to latest HEAD
8c2f9fa fw3: zones: limit zone names to 11 bytes
78d52a2 options: fix parsing of boolean attributes

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-05 15:43:16 +02:00
Felix Fietkau
acf1733496 mac80211: add preliminary support for enabling 802.11ax in config
No advanced features are configurable yet, just basic enabling of HE modes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-04 15:49:35 +02:00
Daniel Golle
c2c701e058 libselinux: package executables into -utils
Add new package libselinux-utils containing the executable
utilities included with libselinux.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-04 02:50:20 +01:00
Russell Morris
45a81f7056 ramips: add support for HooToo HT-TM05
The HooToo HT-TM05 is a battery powered router, with an Ethernet and USB port.
Vendor U-Boot limited to 1.5 MB kernel size, so use lzma loader (loader-okli).

Specifications:

  SOC:     MediaTek MT7620N
  BATTERY: 10400mAh
  WLAN:    802.11bgn
  LAN:     1x 10/100 Mbps Ethernet
  USB:     1x USB 2.0 (Type-A)
  RAM:     64 MB
  FLASH:   GigaDevice GD25Q64, Serial 8 MB Flash, clocked at 50 MHz
           Flash itself specified to 80 MHz, but speed limited by mt7620 SPI
           fast-read enabled (m25p)
  LED:     Status LED (blue after boot, green with WiFi traffic
           4 leds to indicate power level of the battery (unable to control)
  INPUT:   Power, reset button

MAC assignment based on vendor firmware:

  2.4 GHz    *:b4   (factory 0x04)
  LAN/label  *:b4   (factory 0x28)
  WAN        *:b5   (factory 0x2e)

Tested and working:

 - Ethernet
 - 2.4 GHz WiFi (Correct MAC-address)
 - Installation from TFTP (recovery)
 - OpenWRT sysupgrade (Preserving and non-preserving), through the usual
   ways: command line and LuCI
 - LEDs (except as noted above)
 - Button (reset)
 - I2C, which is needed for reading battery charge status and level
 - U-Boot environment / variables (from U-Boot, and OpenWrt)

Installation:

 - Download the needed OpenWrt install files, place them in the root
   of a clean TFTP server running on your computer. Rename the files as,
   - ramips-mt7620-hootoo_tm05-squashfs-kernel.bin => kernel
   - ramips-mt7620-hootoo_tm05-squashfs-rootfs.bin => rootfs
 - Plug the router into your computer via Ethernet
 - Set your computer to use 10.10.10.254 as its IP address
 - With your router shut down, hold down the power button until the first
   white LED lights up.
 - Push and hold the reset button and release the power button. Continue
   holding the reset button for 30 seconds or until it begins searching
   for files on your TFTP server, whichever comes first.
 - The router (10.10.10.128) will look for your computer at 10.10.10.254
   and install the two files. Once it has finished installation, it will
   automatically reboot and start up OpenWrt.
 - Set your computer to use DHCP for its IP address

Notes:

 - U-Boot environment can be modified, u-boot-env is preserved on initial
   install or sysupgrade
 - mtd-concat functionality is included, to leave a "hole" for u-boot-env,
   combining the OEM kernel and rootfs partitions

I would like to thank @mpratt14 and @xabolcs for their help getting the
lzma loader to work!

Signed-off-by: Russell Morris <rmorris@rkmorris.us>
[drop changes in image/Makefile, fix indent and PKG_RELEASE in
uboot-envtools, fix LOADER_FLASH_OFFS, minor commit message facelift,
add COMPILE to Device/Default]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-03 14:15:30 +02:00
Rosen Penev
7a5e4f5f00 policycoreutils: add nls.mk
Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-09-03 00:33:20 +01:00
Adrian Schmutzler
6362a04725 kernel: remove obsolete kernel version switches for 4.14
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.

This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:23 +02:00
Adrian Schmutzler
bc88ee0aff samsung: drop target
This target is still on kernel 4.14, and no attempt has been made to
update it to a newer kernel. Since we already are two LTS versions ahead
of that the target is dropped, as the chance of somebody bumping it will
only decrease with time.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Adrian Schmutzler
7d29a55714 ath25: drop target
This target still only works with kernel 4.14, and not so recent
attempts of getting newer kernel versions supported did not lead
to success. Therefore, drop the target, as we are already two
LTS kernel versions ahead and it does not seem like anybody will
pick up the work.

Patchwork series:
https://patchwork.ozlabs.org/project/openwrt/list/?series=169991&state=*

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Magnus Kroken
66893063ab mbedtls: update to 2.16.8
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.

* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-09-02 15:12:12 +02:00
Walter Sonius
46abcb3ade base-files: fix comment typo in lib/functions/network.sh
Fix typo in comment.

Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 01:11:17 +02:00
Daniel Golle
80a194b100 hostapd: add hs20 variant
Add hostapd variant compiled with support for Hotspot 2.0 AP features.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 21:37:35 +01:00
Felix Fietkau
91fb3ce56b mac80211: remove an obsolete patch that is no longer doing anything useful
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Felix Fietkau
2c14710c54 mac80211: add more AQL fixes/improvements
Fix aggregation length estimation, add HE and VHT160 support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Daniel Golle
76368a5c0a refpolicy: skip building docs
Building docs requires xmllint and other bulky things being present on
the host. Skip that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 14:35:00 +01:00
Daniel Golle
d136848b8b libaudit: add host-build required by policycoreutils/host
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 14:24:07 +01:00
Daniel Golle
3ce21b8797 libsemanage: host-build depends on renamed libaudit package
Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 12:32:52 +01:00
Hauke Mehrtens
413fdc6676 ugps: update to the latest version
511a5b3 ugps: fix 64-bit time_t

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-01 13:04:44 +02:00
Hauke Mehrtens
db8e09f1c2 fstools: update to the latest version
5345343 fstoools: add define for GLOB_ONLYDIR

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-01 13:01:15 +02:00
John Crispin
2ddd8387a7 uboot-mediatek: update to latest version
Signed-off-by: John Crispin <john@phrozen.org>
2020-09-01 09:08:52 +02:00
Daniel Golle
93ed51e5b6 libaudit: drop unused file
Drop init script from libaudit package. It will be added to the
'audit' package in the packages feed.

Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 00:32:54 +01:00
Paul Spooren
395ac4d018 build: opkg-key variable key folder
The key folder is used by `opkg` and `usign` to store and retrieve
trusted public keys. Using `opkg-key` outside a running device is
unfeasible as the key folder is hard coded to `/etc/opkg/keys`.

This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys`
if unset, however allows set arbitrary key folder locations.

Arbitrary key folder locations are useful to add signature verification
to the ImageBuilders.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 22:44:26 +01:00
Paul Spooren
18b1cc2838 px5g-wolfssl: cleanup Makefile and SPDX license
Minor cosmetic cleanups of the Makefile and add a SPDX compatible
license headers.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 22:29:37 +01:00
Daniel Golle
2e2425ce7f libsemanage: add missing package metadata
License and CPE-ID were missing, add them.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 22:02:12 +01:00
Daniel Golle
efdf619f21 audit: build only libaudit
Turns out auditd depends on libev. Lets have that in packages.git.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 21:51:45 +01:00
Hauke Mehrtens
2b141ad392 strace: Update to version 5.8
Deactivate multiple personalities support, because this causes compile
problems at least on the x86/64 target. As OpenWrt compiles all
binaries itself all binaries will use the native personality which is
also used by strace. This change will make it impossible to debug i386
binaries on x86_64 OpenWrt targets for example.

Just deactivate it for ARM64 too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-31 22:15:26 +02:00
Rosen Penev
36d9ed360a util-linux: update to 2.36
hwclock was fixed to work with musl.

Unfortunately, the fix breaks under musl 1.2.x. Backported patch to fix
that.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Rosen Penev
879e68eafd libcxx: update to 10.0.0
Switched to upstream tarballs.

Switched to libcxxabi as using libsupc++ is quite wonky.

Fixed description.

Removed patches. The fixes are cosmetic.

Added ssp patch. This one is needed for i386 and powerpc under musl.

Compile tested every C++ package in the tree with the exception of
several boost packages. There's something broken with boost.

Ran tested with gerbera.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Rosen Penev
3f9bd9e8ee libcxxabi: add
This will be used for libcxx.

libcxxabi is needed as libsupc++ is not good enough for libcxx. It uses
GCC specific stuff which causes failed compilation for some packages.
There are also runtime issues, most notably with cxxopts where the
program just crashes.

Reference: https://github.com/gerbera/gerbera/issues/795

Added patch to fix ARM compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Daniel Golle
86307bc908 checkpolicy: build-depend on libselinux
Static libraries and headers of libselinux and libsepol are required
for checkpolicy to build.
Fixes error:
policy_parse.y:45:10: fatal error: sepol/policydb/expand.h: No such file or directory
 #include <sepol/policydb/expand.h>
          ^~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 20:45:14 +01:00
Daniel Golle
c2996ee267 policycoreutils: fix i18n depends
Fixes build error:
load_policy.c:11:10: fatal error: libintl.h: No such file or directory
 #include <libintl.h>  /* for gettext() */
          ^~~~~~~~~~~
 compilation terminated.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 20:45:14 +01:00
Michael Pratt
22caf30a65 ath79: add support for Senao Engenius ENH202 v1
FCC ID: U2M-ENH200

Engenius ENH202 is an outdoor wireless access point with 2 10/100 ports,
built-in ethernet switch, internal antenna plates and proprietery PoE.

Specification:

  - Qualcomm/Atheros AR7240 rev 2
  - 40 MHz reference clock
  - 8 MB FLASH                  ST25P64V6P (aka ST M25P64)
  - 32 MB RAM
  - UART at J3                  (populated)
  - 2x 10/100 Mbps Ethernet     (built-in switch at gmac1)
  - 2.4 GHz, 2x2, 29dBm         (Atheros AR9280 rev 2)
  - internal antenna plates     (10 dbi, semi-directional)
  - 5 LEDs, 1 button            (LAN, WAN, RSSI) (Reset)

Known Issues:

  - Sysupgrade from ar71xx no longer possible
  - Power LED not controllable, or unknown gpio

MAC addresses:

  eth0/eth1  *:11   art 0x0/0x6
  wlan       *:10   art 0x120c

  The device label lists both addresses, WLAN MAC and ETH MAC,
  in that order.

  Since 0x0 and 0x6 have the same content, it cannot be
  determined which is eth0 and eth1, so we chose 0x0 for both.

Installation:

  2 ways to flash factory.bin from OEM:

  - Connect ethernet directly to board (the non POE port)
      this is LAN for all images
  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    In upper right select Reset
    "Restore to factory default settings"
    Wait for reboot and login again
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt boot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9f670000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, can cause kernel loop or halt

  The easiest way to return to the OEM software is the Failsafe image
  If you dont have a serial cable, you can ssh into openwrt and run

  `mtd -r erase fakeroot`

  Wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

Format of OEM firmware image:

  The OEM software of ENH202 is a heavily modified version
  of Openwrt Kamikaze bleeding-edge. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-enh202-uImage-lzma.bin
    openwrt-senao-enh202-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring, and by swapping headers to see
  what the OEM upgrade utility accepts and rejects.

  OKLI kernel loader is required because the OEM firmware
  expects the kernel to be no greater than 1024k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on built-in switch:

  ENH202 is originally configured to be an access point,
  but with two ethernet ports, both WAN and LAN is possible.

  the POE port is gmac0 which is preferred to be
  the port for WAN because it gives link status
  where swconfig does not.

Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[assign label_mac in 02_network, use ucidef_set_interface_wan,
use common device definition, some reordering]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-31 17:41:21 +02:00
Michael Pratt
6decbf3186 ath79: add support for Senao Engenius ENS202EXT v1
Engenius ENS202EXT v1 is an outdoor wireless access point with 2 10/100 ports,
with built-in ethernet switch, detachable antennas and proprietery PoE.

FCC ID:	A8J-ENS202

Specification:

  - Qualcomm/Atheros AR9341 v1
  - 535/400/200/40 MHz          (CPU/DDR/AHB/REF)
  - 64 MB of RAM
  - 16 MB of FLASH              MX25L12835F(MI-10G)
  - UART (J1) header on PCB     (unpopulated)
  - 2x 10/100 Mbps Ethernet     (built-in switch Atheros AR8229)
  - 2.4 GHz, up to 27dBm        (Atheros AR9340)
  - 2x external, detachable antennas
  - 7x LED (5 programmable in ath79), 1x GPIO button (Reset)

Known Issues:

  - Sysupgrade from ar71xx no longer possible
  - Ethernet LEDs stay on solid when connected, not programmable

MAC addresses:

  eth0/eth1  *:7b   art 0x0/0x6
  wlan       *:7a   art 0x1002

  The device label lists both addresses, WLAN MAC and ETH MAC,
  in that order.

  Since 0x0 and 0x6 have the same content, it cannot be
  determined which is eth0 and eth1, so we chose 0x0 for both.

Installation:

  2 ways to flash factory.bin from OEM:

  - Connect ethernet directly to board (the non POE port)
      this is LAN for all images
  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    In upper right select Reset
    "Restore to factory default settings"
    Wait for reboot and login again
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt boot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fdf0000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

  *If you are unable to get network/LuCI after flashing*
  You must perform another factory reset:

    After waiting 3 minutes or when Power LED stop blinking:

    Hold Reset button for 15 seconds while powered on
    or until Power LED blinks very fast

    release and wait 2 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions

  *DISCLAIMER*
  The Failsafe image is unique to this model.
  The following directions are unique to this model.
  DO NOT downgrade to ar71xx this way, can cause kernel loop

  The easiest way to return to the OEM software is the Failsafe image
  If you dont have a serial cable, you can ssh into openwrt and run

  `mtd -r erase fakeroot`

  Wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

TFTP Recovery:

  For some reason, TFTP is not reliable on this board.
  Takes many attempts, many timeouts before it fully transfers.

  Starting with an initramfs.bin:

  Connect to ethernet
  set IP address and TFTP server to 192.168.1.101
  set up infinite ping to 192.168.1.1
  rename the initramfs.bin to "vmlinux-art-ramdisk" and host on TFTP server
  disconnect power to the board
  hold reset button while powering on board for 8 seconds

  Wait a minute, power LED should blink eventually if successful
  and a minute after that the pings should get replies
  You have now loaded a temporary Openwrt with default settings temporarily.
  You can use that image to sysupgrade another image to overwrite flash.

Format of OEM firmware image:

  The OEM software of ENS202EXT is a heavily modified version
  of Openwrt Kamikaze bleeding-edge. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-ens202ext-uImage-lzma.bin
    openwrt-senao-ens202ext-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring, and by swapping headers to see
  what the OEM upgrade utility accepts and rejects.

Note on the factory.bin:

  The newest kernel is too large to be in the kernel partition

  the new ath79 kernel is beyond   1592k
  Even ath79-tiny is               1580k

  Checksum fails at boot because the bootloader (modified uboot)
  expects kernel to be 1536k. If the kernel is larger, it gets
  overwritten when rootfs is flashed, causing a broken image.
  The mtdparts variable is part of the build and saving a new
  uboot environment will not persist after flashing.
  OEM version might interact with uboot or with the custom
  OEM partition at 0x9f050000.

  Failed checksums at boot cause failsafe image to launch,
  allowing any image to be flashed again.

  HOWEVER: one should not install older Openwrt from failsafe
  because it can cause rootfs to be unmountable,
  causing kernel loop after successful checksum.
  The only way to rescue after that is with a serial cable.

  For these reasons, a fake kernel (OKLI kernel loader)
  and fake squashfs rootfs is implemented to take care of
  the OEM firmware image verification and checksums at boot.
  The OEM only verifies the checksum of the first image
  of each partition respectively, which is the loader
  and the fake squashfs. This completely frees
  the "firmware" partition from all checks.

  virtual_flash is implemented to make use of the wasted space.
  this leaves only 2 erase blocks actually wasted.

  The loader and fakeroot partitions must remain intact, otherwise
  the next boot will fail, redirecting to the Failsafe image.

  Because the partition table required is so different
  than the OEM partition table and ar71xx partition table,
  sysupgrades are not possible until one switches to ath79 kernel.

Note on sysupgrade.tgz:

  To make things even more complicated, another change is needed to
  fix an issue where network does not work after flashing from either
  OEM software or Failsafe image, which implants the OEM (Openwrt Kamikaze)
  configuration into the jffs2 /overlay when writing rootfs from factory.bin.

  The upgrade script has this:

    mtd -j "/tmp/_sys/sysupgrade.tgz" write "${rootfs}" "rootfs"

  However, it also accepts scripts before and after:

    before_local="/etc/before-upgradelocal.sh"
    after_local="/etc/after-upgradelocal.sh"
    before="before-upgrade.sh"
    after="after-upgrade.sh"

  Thus, we can solve the issue by making the .tgz an empty file
  by making a before-upgrade.sh in the factory.bin

Note on built-in switch:

  There is two ports on the board, POE through the power supply brick,
  the other is on the board. For whatever reason, in the ar71xx target,
  both ports were on the built-in switch on eth1. In order to make use
  of a port for WAN or a different LAN, one has to set up VLANs.

  In ath79, eth0 and eth1 is defined in the DTS so that the
  built-in switch is seen as eth0, but only for 1 port
  the other port is on eth1 without a built-in switch.

  eth0: switch0
    CPU is port 0
    board port is port 1

  eth1: POE port on the power brick

  Since there is two physical ports,
  it can be configured as a full router,
  with LAN for both wired and wireless.

  According to the Datasheet, the port that is not on the switch
  is connected to gmac0. It is preferred that gmac0 is chosen as WAN
  over a port on an internal switch, so that link status can pass
  to the kernel immediately which is more important for WAN connections.

Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[apply sorting in 01_leds, make factory recipe more generic, create common
device node, move label-mac to 02_network, add MAC addresses to commit
message, remove kmod-leds-gpio, use gzip directly]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-31 17:41:21 +02:00
Daniel Golle
e868809861 libsemanage: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[removed python part for inclusion in core]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 13:52:05 +01:00
Thomas Petazzoni
73912b850b audit: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[fix build with GCC 10 and disable MIPS16 as build emits sync instruction]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 13:38:12 +01:00
Tony Ambardar
2f0d672088 bpftools: add utility and library packages supporting eBPF usage
Add support for building bpftool and libbpf from the latest 5.8.3 kernel
sources, ensuring up-to-date functionality and fixes. Both are written to
be backwards compatible, which simplfies build and usage across different
OpenWRT image kernels.

'bpftool' is the primary userspace tool widely used for introspection and
manipulation of eBPF programs and maps. Two variants are built: a 'full'
version which supports object disassembly and depends on libbfd/libopcodes
(total ~500KB); and a 'minimal' version without disassembly functions and
dependencies. The default 'minimal' variant is otherwise fully functional,
and both are compiled using LTO for further (~30KB) size reductions.

'libbpf' provides shared/static libraries and dev files needed for building
userspace programs that perform eBPF interaction.

Several cross-compilation and build-failure problems are addressed by new
patches and ones backported from farther upstream:

  * 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
  * 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
  * 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
  * 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-08-31 12:23:59 +01:00
Paul Spooren
c1875d1ebb build: switch VERSION_REPO to HTTPS
The variable VERSION_REPO is used by opkg to download package(list)s.
Now that the default installation support encrypted HTTP opkg should
make use of it.

Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
2020-08-31 11:26:10 +01:00
Paul Spooren
35f2116519 treewide: https for downloads.openwrt.org sources
Instead of using http and https for source downloads from
downloads.openwrt.org, always use https for it's better security.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:26:10 +01:00
Paul Spooren
62d5ec7306 build: store SourceDateEpoch in manifest
The usage of granular `SOURCE_DATE_EPOCH` for packages is an
incrementing integer which could be useful for downstream tooling,
therefore add it to the packages manifest.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:18:06 +01:00
Paul Spooren
7d26f294cd busybox: Use PKG_FILE_MODES for SUID
Instead of using INSTALL_SUID use the more flexible PKG_FILE_MODES
variable withn the Makefile to set the SUID bit.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:15:17 +01:00
Daniel Golle
2bd55d0a2b opkg: update to git HEAD
4318ab1 opkg: allow to configure the path to the signature verification script
 cf44c2f libopkg: fix compiler warning

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 11:03:24 +01:00
Paul Spooren
976d3e2234 px5g: rename to px5g-mbedtls
Two versions of `px5g` exists without sharing code. For clarification
rename the previously existing MbedTLS based version to `px5g-mbedtls`
to exists next to `px5g-wolfssl`.

Rename code file of MbedTLS from `px5g.c` to `px5g-mbedtls.c`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00
Paul Spooren
7078294b59 px5g-wolfssl: add package
This package creates certificates and private keys, just like `px5g`
does. Hower it uses WolfSSL rather than MbedTLS.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00
Paul Spooren
367c23740f wolfssl: add certgen config option
The option allows to generate certificates.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00
Hans Dedecker
9ee27c232e nghttp2: move to packages.git
As the package curl has been moved to packages.git and only libcurl
depends on libnghttps move it as well to packages.git.
This is based on the Hamburg  2019 decision that non essential packages
should move outside base.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-31 08:01:27 +02:00
Thomas Petazzoni
e5e54e52f7 refpolicy: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 2.20200229, adjust Makefile, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Thomas Petazzoni
21992303fa checkpolicy: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Thomas Petazzoni
d28adeb37d policycoreutils: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, use ALTERNATIVES, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Sven Wegener
6a9c76a6c4 leds: add activity led trigger kernel module package
The activity trigger flashes like the heartbeat trigger, but adjusts
based on system load.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens
4e2a994d2d ethtool: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
ethtool_5.4-1_mips_24kc.ipk	101.909

new:
ethtool_5.8-1_mips_24kc.ipk	109.699

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens
0b2f97beed iproute2: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
ip-full_5.7.0-2_mips_24kc.ipk	165.786
ip-tiny_5.7.0-2_mips_24kc.ipk	117.730
tc_5.7.0-2_mips_24kc.ipk	144.405

new:
ip-full_5.8.0-1_mips_24kc.ipk	169.775
ip-tiny_5.8.0-1_mips_24kc.ipk	119.808
tc_5.8.0-1_mips_24kc.ipk	149.053

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens
ca5ee6eba3 mac80211: Fix potential endless loop
Backport a fix from kernel 5.8.3.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-30 22:21:34 +02:00
Adrian Schmutzler
4e4ee46495 ar71xx: drop target
This target has been mostly replaced by ath79 and won't be included
in the upcoming release anymore. Finally put it to rest.

This also removes all references in packages, tools, etc. as well as
the uboot-ar71xx and vsc73x5-ucode packages.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-30 22:18:35 +02:00
Aaron Goodman
47b2ee2d9a wireguard-tools: add tunlink option for hostroute
In a multi-wan setup, netifd may need guidance on which wan device to
use to create the route to the remote peer.

This commit adds a 'tunlink' option similar to other tunneling interfaces
such as 6in4, 6rd, gre, etc.

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
2020-08-30 21:47:13 +02:00
Paul Spooren
a5d030a54f curl: move package to packages.git
curl is replaced by uclient-fetch within the OpenWrt build system and we
can therefore move curl to packages.git. This is based on the Hamburg
2019 decision that non essential packages should move outside base.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-27 21:18:21 +02:00
Hauke Mehrtens
bc19481826 hostapd: Fix compile errors after wolfssl update
This fixes the following compile errors after the wolfssl 4.5.0 update:
  LD  wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
    type = GEN_EMAIL;
           ^~~~~~~~~
           ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
    type = GEN_DNS;
           ^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
    type = GEN_URI;
           ^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
   if (gen->type != GEN_EMAIL &&
                    ^~~~~~~~~
                    ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
       gen->type != GEN_DNS &&
                    ^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
       gen->type != GEN_URI)
                    ^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed

Fixes: 00722a720c ("wolfssl: Update to version 4.5.0")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-27 12:11:47 +02:00
Hauke Mehrtens
c1aa2d4411 mtd-utils: Update to version 2.1.2
The release notes says this:
As already said, the changes since 2.1.1 are primarily bug fixes, addressing
compiler warnings and issues reported by diagnostic tools, but also build
failures for some configurations.
https://lists.infradead.org/pipermail/linux-mtd/2020-July/081299.html

The size of the ubi-utils ipk increases on mips BE by 0.2%
old:
ubi-utils_2.1.1-1_mips_24kc.ipk:	70992
new:
ubi-utils_2.1.2-1_mips_24kc.ipk:	71109

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 23:29:35 +02:00
Hauke Mehrtens
00722a720c wolfssl: Update to version 4.5.0
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk:	386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk:	391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 23:29:30 +02:00
Hauke Mehrtens
2745f6afe6 curl: Use wolfssl by default
Instead of using mbedtls by default use wolfssl. We now integrate
wolfssl in the default build so use it also as default ssl library for
curl.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 21:00:43 +02:00
Hauke Mehrtens
b5191f3366 curl: Fix build with wolfssl
Backport a commit from upstream curl to fix a problem in configure with
wolfssl.

checking size of time_t... configure: error: cannot determine a size for time_t

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 21:00:42 +02:00
Adrian Schmutzler
e7c235612b uboot-at91: harmonize indent in Makefile
The indent in Makefile is mixed, harmonize it where reasonable.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-25 19:28:42 +02:00
Adrian Schmutzler
2f92e1d418 at91bootstrap: harmonize indent in Makefiles
The indent in Makefiles is mixed, harmonize it where reasonable.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-25 19:28:42 +02:00
Adrian Schmutzler
7f1540cc46 at91: introduce vendor_model scheme and drop board names
This introduces the vendor_model scheme to this target in order to
harmonize device names within the target and with the rest of
OpenWrt. In addition, custom board names are dropped in favor
of the generic script which takes the compatible.

Use the SUPPORTED_DEVICES variable to store the compatible where it
deviates from the device name, so we can use it in build recipes.

While at it, harmonize a few indents as well.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-25 19:28:42 +02:00
Sandeep Sheriker M
abf6c288c1 uboot-at91: bump version to linux4sam-2020.04
Bump version to linux4sam-2020.04 and add patch to fix Wformat-security
warnings.

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2020-08-25 19:28:42 +02:00