Commit Graph

16951 Commits

Author SHA1 Message Date
Felix Fietkau
bf3f06f1ba mt76: enable hostapd 802.11ax support if kmod-mt7915e is selected
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 12:56:35 +02:00
Felix Fietkau
41d7a14ead hostapd: add config symbol for allowing drivers to enable 802.11ax support
Also expose a build feature for it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 12:56:35 +02:00
Christian Lamparter
f611b014a7 ca-certificates: update to version 20200601
This patch updates the ca-certificates and ca-bundle package.
This version changed the files directory again, to work/, so
PKG_BUILD_DIR was brought back.

A list of changes from Debian's change-log entry for 20200601 [0]:

  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.40.
    Closes: #956411, #955038
  * mozilla/blacklist.txt
    Add distrusted Symantec CA list to blacklist for explicit removal.
    Closes: #911289
    Blacklist expired root certificate, "AddTrust External Root"
    Closes: #961907
    The following certificate authorities were added (+):
    + "Certigna Root CA"
    + "emSign ECC Root CA - C3"
    + "emSign ECC Root CA - G3"
    + "emSign Root CA - C1"
    + "emSign Root CA - G1"
    + "Entrust Root Certification Authority - G4"
    + "GTS Root R1"
    + "GTS Root R2"
    + "GTS Root R3"
    + "GTS Root R4"
    + "Hongkong Post Root CA 3"
    + "UCA Extended Validation Root"
    + "UCA Global G2 Root"
    The following certificate authorities were removed (-):
    - "AddTrust External Root"
    - "Certinomis - Root CA"
    - "Certplus Class 2 Primary CA"
    - "Deutsche Telekom Root CA 2"
    - "GeoTrust Global CA"
    - "GeoTrust Primary Certification Authority"
    - "GeoTrust Primary Certification Authority - G2"
    - "GeoTrust Primary Certification Authority - G3"
    - "GeoTrust Universal CA"
    - "thawte Primary Root CA"
    - "thawte Primary Root CA - G2"
    - "thawte Primary Root CA - G3"
    - "VeriSign Class 3 Public Primary Certification Authority - G4"
    - "VeriSign Class 3 Public Primary Certification Authority - G5"
    - "VeriSign Universal Root Certification Authority"

[0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-09 18:07:38 +02:00
Petr Štetiar
df6a33a8d4 hostapd: update to latest Git hostap_2_9-1331-g5a8b366233f5
Bump to latest Git and refresh all patches in order to get fix for "UPnP
SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695).

 General security vulnerability in the way the callback URLs in the UPnP
 SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
 Some of the described issues may be applicable to the use of UPnP in WPS
 AP mode functionality for supporting external registrars.

Ref: https://w1.fi/security/2020-1/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-09 16:59:33 +02:00
Kevin Darbyshire-Bryant
68b94f0fb4 umdnsd: update to latest git HEAD
d13290b Fix advertised IPv6 addresses

Don't just serve link-local addresses via mdns, offer all.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-06-08 20:16:17 +01:00
Stijn Tintel
8a858363b0 hostapd: silence rm
When bringing up wifi the first time after boot, these warnings appear:

netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.psk': No such file or directory
netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.vlan': No such file or directory

Silence them by adding the "-f" option to rm.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
2020-06-08 08:59:02 +03:00
Stijn Tintel
25787e002b bcm27xx-gpu-fw: bump to most recent good version
This updates to the last firmware version before the switch to building
from the common firmware branch, which introduces various issues.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 10:26:54 +03:00
Stijn Tintel
afdc413d9d Revert "bcm27xx-gpu-fw: update to latest version"
This reverts commit 9e467a764b.

The Raspberry Pi firmware recently switched to building from the common
firmware branch. This introduces changes in the core clock handling,
causing various issues.

E.g. enable_uart=1 no longer fixes the core clock frequency to 250MHz.
When the disable-bt DT overlay is not loaded, the core clock frequency
is increased to 400MHz. As a result, the UART baud rate is no longer
correct, and this causes garbled serial console, or communication
problems with HATs that use the UART.

As a workaround, the core clock could be fixed to 250MHz by adding
'core_freq=250' in /boot/config.txt, but as there appear to be other
issues than just the UART being broken, the safer bet is to revert the
firmware for now.

Upstream bug: https://github.com/raspberrypi/firmware/issues/1376

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 10:25:50 +03:00
Hans Dedecker
9e7fe7faf5 netifd: update to latest git HEAD
51e9fb8 system-linux: improve handling of device rename

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-06 20:55:53 +02:00
Toke Høiland-Jørgensen
56db8e4615 kernel: Add kmod-sch-cake-virtual intermediate package
As reported in https://github.com/openwrt/packages/issues/12072, the
imagebuilder fails due to a dependency resolution error when the userspace
packages are built using a target that has a different kernel version than
that which is being run. To resolve this, add a virtual kernel package with
the conditional dependency currently used in sqm-scripts. The idea is to
move the sqm-scripts dependency to this virtual package, which hopefully
should be consistent with the actual kernel module being built.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2020-06-06 19:15:43 +01:00
Hans Dedecker
4e65838871 nghttp2: bump to 1.41.0
8f7b008b Update bash_completion
83086ba9 Update manual pages
c3b46625 Merge pull request from GHSA-q5wr-xfw9-q7xr
3eecc2ca Bump version number to v1.41.0, LT revision to 34:0:20
881c060d Update AUTHORS
f8da73bd Earlier check for settings flood
336a98fe Implement max settings option
ef415836 Revert "Add missing connection error handling"
979e6c53 Merge pull request #1459 from nghttp2/proxyprotov2
b7d16101 Add missing connection error handling
cd53bd81 Merge pull request #1460 from gportay/patch-1
e5625b8c Fix doc
c663349f integration: Add PROXY protocol v2 tests
854e9fe3 nghttpx: Always call init_forwarded_for
c60ea227 Update doc
49cd8e6e nghttpx: Add PROXY-protocol v2 support
3b17a659 Merge pull request #1453 from Leo-Neat/master
600fcdf5 Merge pull request #1455 from xjtian/long_serials
4922bb41 static_cast size parameter in StringRef constructor to size_t
aad86975 Fix get_x509_serial for long serial numbers
dc7a7df6 Adding CIFuzz
b3f85e2d Merge pull request #1444 from nghttp2/fix-recv-window-flow-control-issue
ffb49c6c Merge pull request #1435 from geoffhill/master
2ec58551 Fix receiving stream data stall
459df42b Merge pull request #1442 from nghttp2/upgrade-llhttp
a4c1fed5 Bump llhttp to 2.0.4
866eadb5 Enable session_create_idle_stream test, fix errors
5e13274b Fix typo
e0d7f7de h2load: Allow port in --connect-to
df575f96 h2load: add --connect-to option
1fff7379 clang-format-9
b40c6c86 Merge pull request #1418 from vszakats/patch-1
9bc2c75e lib/CMakeLists.txt: Make hard-coded static lib suffix optional
2d5f7659 Bump up version number to 1.41.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-06 14:11:41 +02:00
Paul Spooren
df6f3090c4 mvebu: rename Linksys devices based on their common names
The Linksys devices in mvebu target feature a mixed naming,
where parts are based on the official product name (device
node, image; e.g. WRT3200ACM) and parts are based on the
internal code name (DTS file name, compatible, LED labels;
e.g. rango). This inconsistent naming has been perceived
as quite confusing.

A recent attempt by Paul Spooren to harmonize this naming
in kernel has been declined there. However, for us it still
makes sense to apply at least a part of these changes
locally.

Primarily, this patch changes the compatible in DTS and thus
the board name used in various scripts to have them in line
with the device, model and image names. Due to the recent
switch from swconfig to DSA, this allows us to drop
SUPPORTED_DEVICES and thus prevent seamless upgrade between
these incompatible setups.

However, this does not include the LED label rename from
Paul's initial patch: I don't think it's worth keeping the
enormous diff locally for this case, as we can implement
this much easier in 01_leds if we have to live with the
inconsistency anyway.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, extend to all devices, drop DT LED changes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-05 21:54:43 +02:00
Felix Fietkau
2dd26fda16 kernel: fix portability issue with perf on linux 5.4
Remove dependencies on core kernel headers in host tools used to build perf,
which break on any non-linux system

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-04 21:52:57 +02:00
John Crispin
5aa2ddd0d6 hostapd: add support for wifi-station and wifi-vlan sections
This patch adds support for 2 new uci sections.

config wifi-vlan
	# iface is optional. if it is not defined the vlan will apply
	# to all interfaces
        option iface	default_radio0
        option name	guest
        option vid	100
        option network	guest

config wifi-station
	# iface is optional. if it is not defined the station will apply
	# to all interfaces
        option iface	default_radio0
        # mac is optional. if it is not defined it will be a catch all
	# for any sta using this key
	option mac	'00:11:22:33:44:55'
        # vid is optional. if it is not defined, the sta will be part of
	# the primary iface.
	option vid	100
        option key	testtest

With this patch applied it is possible to use multiple PSKs on a single BSS.

Signed-off-by: John Crispin <john@phrozen.org>
2020-06-04 13:36:37 +02:00
John Crispin
303b463394 netifd: update to latest HEAD
db275e1 interface-ip: fix build on non-linux systems
3392046 system-dummy: fix missing return
a56b457 netifd: wireless: add support for tracking wifi-station sections
4ce33ce netifd: wireless: add support for tracking wifi-vlan sections

Signed-off-by: John Crispin <john@phrozen.org>
2020-06-04 13:36:37 +02:00
Petr Štetiar
7f0fb3e5d4 iwinfo: update to version 2020-06-03
2faa20e5e9d1 iwinfo: add device id for Mikrotik R11e-5HacD miniPCIe card
d577a9d38a3b iwinfo: add device id for Marvell 88W8997 SDIO wifi card
f6b7d16d2ffa iwinfo: add device id for Atheros AR9287 PCIe wifi card

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Tim Harvey
25641709d8 kernel: iio: add drivers for st_lsm6dsx IMU MEMS sensors
Add kmod for the ST LSM6DSX IMU driver.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
[fixed missing regmap module dependencies]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Tim Harvey
41cab5029b kernel: iio: fix st_accel_{i2c, spi} driver
Add missing kernel module and rename driver

Fixes: 2d8f4c4fbd ("kernel: iio: add st-accel driver modules")
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2020-06-03 16:49:28 +02:00
Eneas U de Queiroz
750d52f6c9 wolfssl: use -fomit-frame-pointer to fix asm error
32-bit x86 fail to compile fast-math feature when compiled with frame
pointer, which uses a register used in a couple of inline asm functions.

Previous versions of wolfssl had this by default.  Keeping an extra
register available may increase performance, so it's being restored for
all architectures.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-06-03 16:49:28 +02:00
Rosen Penev
a9f712a79b exfat-utils: move into packages feed
This will be moved to packages:

https://github.com/openwrt/packages/pull/12378

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[commit subject facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Rosen Penev
e86b67e700 xfsprogs: move into packages feed
Does not seem to be needed here. This will be imported into packages.

Ref: https://github.com/openwrt/packages/pull/12256
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[subject facelift, PR ref]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Rosen Penev
173d2843c7 libconfig: move into packages feed
No package in base uses libconfig. Everything is in the packages feed.

Ref: https://github.com/openwrt/packages/pull/12255
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[subject facelift, PR ref]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Florian Eckert
0b3e1205df kernel: add gpio-it87
Since commit 910df3f06c we have build in
on all X86/64 platforms the gpio-it87 driver.

Since this change I am getting the following error message on boot.
 > kern.err kernel: [    1.009416] gpio_it87: no device

I do not have this device on my system. To prevent the nonsensical
message and the loading of the module I have added this as a package, so
that it can be installed later or during image building.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-06-03 16:49:28 +02:00
Sergey Ryazanov
880c1f0336 base-files: prevent issues w/ overlay on powerloss after sysupgrade
Due to filesystem write caching the old configuration data could stay
out of flash for a long time during a first boot after the sysupgrade.
Power loss during this period could damage the overlay data and even
make device inaccessable via the network.

Fix this by syncing data to a flash as soon as the previous
configuration will be unpacked after the sysupgrade. Also sync the FS
state after the sysupgrade.tgz archive removing to prevent duplicative
extraction of a previous configuration.

Tested with AMD Geode based board.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2020-06-03 16:49:28 +02:00
Sven Roederer
2171493f7f dnsmasq: add /etc/dnsmasq.d/ to conffiles
This directory can hold configuration-snippets which should also included in the backup.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-06-03 16:49:28 +02:00
Michael Heimpold
d71fa37aa3 uboot-mxs: bump to v2020.04
Also update the U-Boot BSP patch for I2SE Duckbill devices.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2020-06-03 16:49:28 +02:00
Thomas Albers
e914de7c96 base-files: fix LED IDE trigger
This changes the ide-disk LED trigger to the generic disk-activity as
ide-disk trigger was removed in upstream commit eb25cb9956cc ("leds:
convert IDE trigger to common disk trigger").

Signed-off-by: Thomas Albers <thomas.gameiro@googlemail.com>
[split into separate commit, commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Daniel Golle
b1f26b7160 uhttpd: fix script timeout
939c281 proc: do not cancel script killing after writing headers

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-06-03 10:50:01 +01:00
Hans Dedecker
8d2c031f21 ppp: update to version 2.4.8.git-2020-05-25
ddd57c2 pppd: Add lcp-echo-adaptive option
c319558 pppd: Handle SIGINT and SIGTERM during interrupted syscalls (#148)
0bc11fb Added missing options to manual pages. (#149)
b1fcf16 Merge branch 'monotonic-time' of https://github.com/themiron/ppp
c78e312 pppd: linux: use monotonic time if possible

Remove patch 121-debian_adaptive_lcp_echo as patch is upstream accepted
Remove patch 206-compensate_time_change.patch as timewrap issues are
solved by a patch making use of monotonic time

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-31 21:13:50 +02:00
Felix Fietkau
479f1f2c92 mt76: update to the latest version (adds 7663e, 7663u, 7915 drivers)
7aabfd0c9282 mt7615: add CONFIG_MT76_LEDS to cflags
10a5b7630a37 mt76: mt7615: fix getting maximum tx power from eeprom
8688ed70c987 mt76: mt7615: use module parameter option for offload firmware preference
04798aab1257 net: mt7603: remove duplicate error message
9636177117d8 mt76: mt7615: fix ssid configuration in mt7615_mcu_hw_scan
d4ba139d8b8b mt76: mt7615: introduce mt7615_check_offload_capability routine
2cc0d54b65a1 mt76: mt7615: do not mark sched_scan disabled in mt7615_scan_work
5b73be962388 mt76: mt7615: add passive mode for hw scan
96e429e18174 mt76: mt7615: free pci_vector if mt7615_pci_probe fails
8fddbf6390ac mt76: mt7615: introduce support for hardware beacon filter
f2c760177bdd mt76: mt7615: introduce mt7615_mcu_set_hif_suspend mcu command
db454605106f mt76: mt7615: add WoW support
20b87321c39f mt76: mt7663u: introduce suspend/resume to mt7663u
20db7e73c586 mt76: mt7615: introduce PM support
523716bba561 mt76: mt7615: add gtk rekey offload support
50d377a825cc mt76: mt7615: introduce beacon_loss mcu event
4ef1957cea35 mt76: mt7663: read tx streams from eeprom
f25a43cc53e7 mt76: mt7615: check return value of mt7615_eeprom_get_power_index
0a9f71652927 mt76: mt7615: fix ibss mode for mt7663
83f2ba3101b4 mt76: mt7663: fix target power parsing
3e6968593b61 mt76: mt7615: fix delta tx power for mt7663
c1d3ad194ae4 mt76: mt7663: introduce WoW with net detect support
891136ab99da mt76: mt7663: add support to sched scan with randomise addr
82e4d3ebe967 mt76: mt7615: scan all channels if not specified
690b84821cd3 mt76: avoid rx reorder buffer overflow
f0117d3107b4 mt76: add support for HE RX rate reporting
cc68782bab1a mt76: add Rx stats support for radiotap
3ec47f2fba61 mt76: adjust wcid size to support new 802.11ax generation
0a9f4173dd07 mt76: add HE phy modes and hardware queue
c6b002bcdfa6 mt76: add mac80211 driver for MT7915 PCIe-based chipsets
b96af5039581 mt76: mt7915: enable Rx HE rate reporting
230054096155 mt76: mt7915: implement HE per-rate tx power support
c8f4b6cf1add mt76: mt7915: register per-phy HE capabilities for each interface
de1e8af96e19 mt76: mt7915: add HE bss_conf support for interfaces
135a5085932b mt76: mt7915: add HE capabilities support for peers
3b5d908dae2f mt76: mt7915: add Rx radiotap header support
158253e2c11e mt76: mt7915: add .sta_add_debugfs support
7f40e8c2b98d mt76: mt7915: add .sta_statistics support
a5368e5cad11 mt76: mt7915: set peer Tx fixed rate through debugfs
4f79c516be5c mt76: mt7915: add tsf related callbacks
509fceb43235 mt76: mt7915: enable firmware module debug support
56405976fc7b mt76: set runtime stream caps by mt76_phy
6bbf1a35c0da linux-firmware: add rebb firmware for mt7663
d7a10094c4e5 mt7663: add client offload firmware
9200732e8534 mt76: mt7663u: copy key pointer in mt7663u_mac_write_txwi
3aa810bde810 mt76: mt7663u: add missing register definitions
e236ea5be344 mt76: mt7615: usb: cancel ps work stopping the vif
1d0903de2131 mt76: mt7915: introduce mt7915_get_he_phy_cap
095c72c81c74 mt76: mt7915: add Tx beamformer support
5f9e7664cd26 mt76: mt7915: add Tx beamformee support
ac505404c385 mt76: mt7915: add TxBF capabilities
6656bebd39cd mt76: mt7915: add debugfs to track TxBF status
9590db025475 mt76: mt7915: allocate proper size for tlv tags
26eb1ed65987 mt76: mt7915: fix possible deadlock in mt7915_stop
f85c1f3fc189 firmware: add mt7915 firmware
9b07251b00b0 mt76: mt7615: fix typo defining ps work
060e375a9244 mt76: fix per-driver wcid range checks after wcid array size bump
7270b56389a9 mt76: mt7615: do not report scan_complete twice to mac80211
8c9e4847d01e mt76: mt7615: reduce hw scan timeout
8bd88a1b1880 mt76: enable p2p support
1ea444d0e8e5 mt76: mt7615: configure bss info adding the interface
fa81da5bb4e9 mt76: mt7615: introduce remain_on_channel support
44f2262c0289 mt76: mt76x02: remove check in mt76x02_mcu_msg_send
7005aa891440 mt76: mt7915: add spatial reuse support
1e3dc5b76649 mt76: mt7915: fix some sparse warnings
01b784174cd5 mt76: mt7915: fix sparse warnings: incorrect type initializer
40b7b5354a16 mt76: mt7615: fix NULL pointer deref in mt7615_register_ext_phy
6d731d188d31 mt76: mt7915: fix decoded radiotap HE flags
b74d5b1c14cf mt76: mt7915: fix some sparse warnings
6679d35be5cc mt76: mt7615: switch to per-vif power_save support
01e870b44769 mt76: mt7915: fix a handful of spelling mistakes
7b2d16655904 mt76: mt7663: fix the usage WoW with net detect support
ed3a244fb647 mt76: mt7915: Fix build error
5396a61cec99 mt76: mt7615: fix hw_scan with ssid_type for specified SSID only
466a5b4d041d mt76: mt7915: fix possible NULL pointer dereference in mt7915_register_ext_phy
984a172609c0 mt76: fix wcid allocation issues
6e02acddcb1a mt76: mt7615: add support for MT7611N
4e6f4e432d0d mt76: only iterate over initialized rx queues
9ad940fee593 mt76: mt7615: Use kmemdup in mt7615_queue_key_update()
85c516081338 mt76: mt7915: remove set but not used variable 'msta'

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-05-31 14:23:07 +02:00
Vladislav Grishenko
f166cf9ca0 dropbear: add ed25519 and chacha20-poly1305
- add Ed25519 support (backport):
  * DROPBEAR_ED25519 option for ssh-ed25519,
  * disabled by default
- add Chacha20-Poly1305 support (backport):
  * DROPBEAR_CHACHA20POLY1305 for chacha20-poly1305@openssh.com,
  * enabled by default
- update feature costs in binary size

Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
2020-05-30 21:27:10 +02:00
John Crispin
02f08056bc mac80211: fix wifi teardown
reverts part of the recent wifi reconf patch.

Signed-off-by: John Crispin <john@phrozen.org>
2020-05-30 12:01:08 +02:00
Daniel Golle
a002a24536 mac80211: rt2x00: backport patch enabling MFP
From: Rui Salvaterra <rsalvaterra@gmail.com>
Date: Mon, 25 May 2020 14:49:07 +0100
Subject: [PATCH] rt2800: enable MFP support unconditionally

This gives us WPA3 support out of the box without having to manually disable
hardware crypto. The driver will fall back to software crypto if the connection
requires management frame protection.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-30 09:37:36 +01:00
Daniel Golle
f8b4aa5062 ugps: nmea: make sure date is valid
GPS time without date was previously used to set system date:
Tue Oct 10 11:48:21 2000 user.info kernel: [  108.786639] ugps: system time differs from GPS time by more than 5 seconds. Using 2000-10-10T10:48:21 UTC as the new time
Tue Oct 10 11:49:27 2000 user.info kernel: [  174.794699] ugps: system time differs from GPS time by more than 5 seconds. Using 2020-05-26T10:49:27 UTC as the new time

Fix this by ignoring incomplete dates and wait for complete time
information before adjusting system date/time.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-29 23:59:35 +01:00
Jo-Philipp Wich
559b338466 qos-scripts: fix interface resolving
Also ensure that the error message is actually printed to stderr and that
the rule generation is aborted if an interface cannot be resolved.

Ref: https://github.com/openwrt/luci/issues/3975
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-29 10:34:58 +02:00
Álvaro Fernández Rojas
5d3a0c6b26 bcm27xx-userland: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 19:12:42 +02:00
Daniel Golle
f47aeac9b9 procd: update to git HEAD
b84a329 jail: use sane termios settings for console pts
 b9b39e2 jail: handle containers seperately

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-28 14:29:08 +01:00
Enrique Rodríguez Valencia
6e8bb68996 hostapd: Add disable_vht when using NOHT/HT* modes
disable_vht parameter needs to be set when using wpa_supplicant NOHT/HT* modes.

Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
2020-05-28 14:06:55 +01:00
Enrique Rodríguez Valencia
84c96de606 mac80211: Fix setting radio htmode when using mesh mode
When configuring the radio in legacy mode from luci, the htmode is not set
correctly to NOHT, causing the radio in mesh mode to be set to HT40.

Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
2020-05-28 14:06:54 +01:00
Jo-Philipp Wich
a03d6d2fab broadcom-wl: don't inherit lock descriptor in nas process
Add a local hack to prevent the Broadcom WPA authenticator process from
inheriting the lock descriptor 1000 used to prevent concurrent executions
of the init script.

Without this fix, repeated invocations of /etc/init.d/network, e.g. for
obtaining the enabled state, would hang forever.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-28 13:08:14 +02:00
Álvaro Fernández Rojas
8b8fb79cbf bcm27xx-userland: update to latest version with 64 bit support
Support for 64 bits has been remove on latest master of raspberry/firmware.
Update to latest commit with 64 bit support since we don't support
installing 32 bit packages on 64 bit targets.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 11:57:03 +02:00
Thibaut VARÈNE
e430376b48 packages/utils: fbtest fix Makefile
The clean target tries to remove what looks like a bogus 'rbcfg',
probably carried over copy-pasta. Remove the name of the generated
executable ('fbtest') instead.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Fixes: 8099f4e0d3 ("fbtest utility ")
2020-05-28 11:22:22 +02:00
Thibaut VARÈNE
7557e7f267 package/base-files: caldata: work around dd's limitation
tl;dr: dd will silently truncate the output if reading from special
files (e.g. sysfs attributes) with a too large bs parameter.

This problem was exposed on some RouterBOARD ipq40xx devices which use a
caldata payload which is larger than PAGE_SIZE, contrary to all other
currently supported RouterBOARD devices: the caldata would fail to
properly load with the current scripts.

Background: dd doesn't seem to correctly handle read() results that
return less than requested data. sysfs attributes have a kernel exchange
buffer which is at most PAGE_SIZE big, so only 1 page can be read() at a
time. In this case, if bs is larger than PAGE_SIZE, dd will silently
truncate blocks to PAGE_SIZE. With the current scripts using bs=<size>
count=1, the data is truncated to PAGE_SIZE as soon as the requested
<size> exceeds this value.

This commit works around this problem by using `cat` in the caldata
routines that can read from a file (routines that read from mtd devices
are untouched). cat correctly handles partial read requests. The output
is then piped to dd with the same parameters as before, to ensure that
the resulting file remains exactly the same.

This is a simple workaround, the downside is that it uses a pipe and one
more executable, and therefore has a larger memory footprint and is
slower. This is deemed acceptable considering these routines are only
used at boot time.

Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-28 11:22:22 +02:00
Thibaut VARÈNE
f10da7cb4d packages/boot: remove rbcfg
The new sysfs soft_config driver makes buggy rbcfg obsolete and
entirely replaces it.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-28 11:09:10 +02:00
Álvaro Fernández Rojas
aabfd4b1db cypress-firmware: add PROVIDES sections
Some firmwares are already provided by linux-firmware.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 10:36:27 +02:00
Álvaro Fernández Rojas
9e467a764b bcm27xx-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 10:36:27 +02:00
Jo-Philipp Wich
e8a2c21069 rpcd: update to latest Git HEAD
078bb57 uci: reset uci_ptr flags when merging options during section add
3df62bc session: deny access if password login is disabled

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-26 16:08:54 +02:00
Stijn Segers
63bef34db9 uboot-envtools: ath79: add Netgear WNDR4300SW
Add Netgear WNDR4300SW to the list of supported boards.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2020-05-26 15:29:51 +02:00
Felix Fietkau
b371182d24 libubox: update to the latest version
86818eaa976b blob: make blob_parse_untrusted more permissive
cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len
c2fc622b771f blobmsg: fix length in blobmsg_check_array
639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name
66195aee5042 blobmsg: fix missing length checks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-05-26 10:45:44 +02:00
Rafał Miłecki
a765b063ee libubox: update to the latest master
5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len()
eeddf22 tests: runqueue: try to fix race on GitLab CI
89fb613 libubox: runqueue: fix use-after-free bug
1db3e7d libubox: runqueue fix comment in header
7c4ef0d tests: list: add test case for list_empty iterator

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-05-24 17:06:09 +02:00
Matthias Schiffer
42de3c89c7
ucert: update to latest git HEAD
00b921d80ac0 Do not print line number in debug messages
96c42c5ed320 Fix length checks in cert_load()
fe06b4b836b3 usign-exec: improve usign -F output handling
19f9e1917e1b usign-exec: return code fixes
077feb5b5824 usign-exec: close writing end of pipe early in parent process
7ec4bb764e1e usign-exec: remove redundant return statements
5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17]
112488bbbccc usign-exec: do not close stdin and stderr before exec
38dcb1a6f121 usign-exec: fix exec error handling
a9be4fb17df2 usign-exec: simplify usign execv calls
854d93e2326a Introduce read_file() helper, improve error reporting
afc86f352bf7 Fix return code of write_file()
fdff10852326 stdout/stderr improvements
dddb2aa8124d ci: fix unit test failures by enabling full ucert build
5f206bcfe5c2 ci: enable unit testing

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-24 17:01:36 +02:00
Matthias Schiffer
e35e40ad82
usign: update to latest git HEAD
f1f65026a941 Always pad fingerprints to 16 characters

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-23 13:38:12 +02:00
David Bauer
a9f7510150 hostapd: add WEP as queryable build feature
Commit 472fd98c5b ("hostapd: disable support for Wired Equivalent
Privacy by default") made support for WEP optional.

Expose the WEP support to LuCi or other userspace tools using the
existing interface. This way they are able to remove WEP from the
available ciphers if hostapd is built without WEP support.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-05-22 21:54:30 +02:00
Hauke Mehrtens
04b1a11f5c mac80211: Fix build on mpc85xx target
This fixes the following compile error seen on the mpc85xx target:
  CC [M]  /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o
In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89:
/builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t'
 typedef _Addr ptrdiff_t;
               ^~~~~~~~~
In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4,
                 from ./include/linux/list.h:5,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3,
                 from ./include/linux/module.h:9,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79:
./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here
 typedef __kernel_ptrdiff_t ptrdiff_t;
                            ^~~~~~~~~
scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed

Fixes: 289c632425 ("mac80211: Update to version 5.7-rc3-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 21:53:14 +02:00
Philip Prindeville
de8b88ce17 firewall: add rule for traceroute support
Running your firewall's "wan" zone in REJECT zone (1) exposes the
presence of the router, (2) depending on the sophistication of
fingerprinting tools might identify the OS and release running on
the firewall which then identifies known vulnerabilities with it
and (3) perhaps most importantly of all, your firewall can be
used in a DDoS reflection attack with spoofed traffic generating
ICMP Unreachables or TCP RST's to overwhelm a victim or saturate
his link.

This rule, when enabled, allows traceroute to work even when the
default input policy of the firewall for the wan zone has been
set to DROP.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-05-21 20:23:10 +02:00
Hans Dedecker
bc55258464 netifd: ingress/egress vlan qos mapping support
74e0222 vlandev: support setting ingress/egress QoS mappings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-21 20:21:02 +02:00
Hauke Mehrtens
289c632425 mac80211: Update to version 5.7-rc3-1
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

The 131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch patch
was manually adapted to the changes in kernel 5.7.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
64f343a881 mac80211: Update to version 5.6.8-1
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
9ca21dc7d5 mac80211: Update to version 5.5.19
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
a4b50c4bce mac80211: Update to version 5.4.36-1
This updates the mac80211 backport to the latest minor version.

The removed patch was a backport from the upstream kernel which is now
integrated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Daniel Golle
017320ead3 hostapd: bring back mesh patches
Bring back 802.11s mesh features to the level previously available
before the recent hostapd version bump. This is mostly to support use
of 802.11s on DFS channels, but also making mesh forwarding
configurable which is crucial for use of 802.11s MAC with other routing
protocols, such as batman-adv, on top.
While at it, fix new compiler warning by adapting 700-wifi-reload.patch
to upstream changes, now building without any warnings again.

Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-21 10:21:59 +01:00
Jason A. Donenfeld
a860fe2304 wireguard: bump to 1.0.20200520
This version has the various slew of bug fixes and compat fixes and
such, but the most interesting thing from an OpenWRT perspective is that
WireGuard now plays nicely with cake and fq_codel. I'll be very
interested to hear from OpenWRT users whether this makes a measurable
difference. Usual set of full changes follows.

This release aligns with the changes I sent to DaveM for 5.7-rc7 and were
pushed to net.git about 45 minutes ago.

* qemu: use newer iproute2 for gcc-10
* qemu: add -fcommon for compiling ping with gcc-10

These enable the test suite to compile with gcc-10.

* noise: read preshared key while taking lock

Matt noticed a benign data race when porting the Linux code to OpenBSD.

* queueing: preserve flow hash across packet scrubbing
* noise: separate receive counter from send counter

WireGuard now works with fq_codel, cake, and other qdiscs that make use of
skb->hash. This should significantly improve latency spikes related to
buffer bloat. Here's a before and after graph from some data Toke measured:
https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png

* compat: support RHEL 8 as 8.2, drop 8.1 support
* compat: support CentOS 8 explicitly
* compat: RHEL7 backported the skb hash renamings

The usual RHEL churn.

* compat: backport renamed/missing skb hash members

The new support for fq_codel and friends meant more backporting work.

* compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4

The main motivation for releasing this now: three stable kernels were released
at the same time, with a patch that necessitated updating in our compat layer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-21 08:18:01 +02:00
Petr Štetiar
472fd98c5b hostapd: disable support for Wired Equivalent Privacy by default
Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional
build parameter") has made WEP functionality an optional build parameter
disabled as default, because WEP should not be used for anything
anymore. As a step towards removing it completely, they moved all WEP
related functionality behind CONFIG_WEP blocks and disabled it by
default.

This functionality is subject to be completely removed in a future
release.

So follow this good security advice, deprecation notice and disable WEP
by default, but still allow custom builds with WEP support via
CONFIG_WPA_ENABLE_WEP config option till upstream removes support for
WEP completely.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-21 08:18:01 +02:00
Petr Štetiar
0a3ec87a66 hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed
Bump package to latest upstream Git HEAD which is commit dd2daf0848ed
("HE: Process HE 6 GHz band capab from associating HE STA"). Since last
update there was 1238 commits done in the upstream tree with 618 files
changed, 53399 insertions, 24928 deletions.

I didn't bothered to rebase mesh patches as the changes seems not
trivial and I don't have enough knowledge of those parts to do/test that
properly, so someone else has to forward port them, ideally upstream
them so we don't need to bother anymore. I've just deleted them for now:

 004-mesh-use-setup-completion-callback-to-complete-mesh-.patch
 005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch
 006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch
 007-mesh-apply-channel-attributes-before-running-Mesh.patch
 011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
 013-mesh-do-not-allow-pri-sec-channel-switch.patch
 015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch
 016-mesh-fix-channel-switch-error-during-CAC.patch
 018-mesh-make-forwarding-configurable.patch

Refreshed all other patches, removed upstreamed patches:

 051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch
 067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
 070-driver_nl80211-fix-WMM-queue-mapping-for-regulatory-.patch
 071-driver_nl80211-fix-regulatory-limits-for-wmm-cwmin-c.patch
 090-wolfssl-fix-crypto_bignum_sum.patch
 091-0001-wolfssl-Fix-compiler-warnings-on-size_t-printf-forma.patch
 091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch
 091-0003-wolfssl-Do-not-hardcode-include-directory-in-wpa_sup.patch
 800-usleep.patch

Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq8065/NBG6817; ipq40xx/MAP-AC2200]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-21 08:18:01 +02:00
Rosen Penev
5ff4b0d024 fuse: move package to packages feed
This package was last updated in 2016. All of the dependent packages
are in the packages feeds, where this will be moved.

Ref: https://github.com/openwrt/packages/pull/12190
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[commit subject/description tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-20 18:59:46 +02:00
Eneas U de Queiroz
3481f6ffc7 wolfssl: update to 4.4.0-stable
This version adds many bugfixes, including a couple of security
vulnerabilities:
 - For fast math (enabled by wpa_supplicant option), use a constant time
   modular inverse when mapping to affine when operation involves a
   private key - keygen, calc shared secret, sign.
 - Change constant time and cache resistant ECC mulmod. Ensure points
   being operated on change to make constant time.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-05-20 17:03:45 +02:00
Jeffery To
982d787773 kernel: kmod-ptp-qoriq: Package kernel object file
This updates the package to contain the kernel object (.ko) file instead
of the plain object (.o) file.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-05-20 15:26:22 +02:00
Richard Huynh
f3792690c4 ramips: Add support for Xiaomi Redmi Router AC2100 (RM2100)
Specification:
- CPU: MediaTek MT7621A
- RAM: 128 MB DDR3
- FLASH: 128 MB ESMT NAND
- WIFI: 2x2 802.11bgn (MT7603)
- WIFI: 4x4 802.11ac (MT7615)
- ETH: 3xLAN+1xWAN 1000base-T
- LED: Power, WAN, in Amber and White
- UART: On board near ethernet, opposite side from power
- Modified u-boot

Installation:

1. Run linked exploit to get shell, startup telnet and wget the files over
2. mtd write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-kernel1.bin kernel1
3. nvram set uart_en=1
4. nvram set bootdelay=5
5. nvram set flag_try_sys1_failed=1
6. nvram commit
7. mtd -r write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-rootfs0.bin rootfs0

Restore to stock:

1. Setup PXE and TFTP server serving stock firmware image
(See dhcp-boot option of dnsmasq)
2. Hold reset button down before powering on and wait for flashing amber led
3. Release reset button
4. Wait until status led changes from flashing amber to white

Notes:
This device has dual kernel and rootfs slots like other Xiaomi devices currently
supported (mir3g, etc.) thus, we use the second slot and overwrite the first
rootfs onwards in order to get more space.

Exploit and detailed instructions:

https://openwrt.org/toh/xiaomi/xiaomi_redmi_router_ac2100

An implementation of CVE-2020-8597 against stock firmware version 1.0.14

This requires a computer with ethernet plugged into the wan port and an active
PPPoE session, and if successful will open a reverse shell to 192.168.31.177
on port 31337.

As this shell is somewhat unreliable and likely to be killed in a random amount
of time, it is recommended to wget a static compiled busybox binary onto the
device and start telnetd with it.

The stock telnetd and dropbear unfortunately appear inoperable.
(Disabled on release versions of stock firmware likely)
Ie. wget https://yourip/busybox-mipsel -O /tmp/busybox
chmod a+x /tmp/busybox
/tmp/busybox telnetd -l /bin/sh

Tested-by: David Martinez <bonkilla@gmail.com>
Signed-off-by: Richard Huynh <voxlympha@gmail.com>
2020-05-20 15:26:22 +02:00
Álvaro Fernández Rojas
e55af8a4b0 bcm63xx-cfe: fix build with CONFIG_AUTOREMOVE
When CONFIG_AUTOREMOVE is enabled, CFE binaries are removed before the
image creation.
Install CFE binaries to kernel directory and let autoremove clean the
files in PKG_BUILD_DIR.
Also drop unneeded tar cmd/options.

Fixes: dcee4eaa42 ("bcm63xx-cfe: add package with CFE RAM binaries")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-20 08:46:13 +02:00
Jason A. Donenfeld
0727c83a76 wireguard-tools: bump to 1.0.20200513
* ipc: add support for openbsd kernel implementation
* ipc: cleanup openbsd support
* wg-quick: add support for openbsd kernel implementation
* wg-quick: cleanup openbsd support

Very exciting! wg(8) and wg-quick(8) now support the kernel implementation for
OpenBSD. OpenBSD is the second kernel, after Linux, to receive full fledged
and supported WireGuard kernel support. We'll probably send our patch set up
to the list during this next week. `ifconfig wg0 create` to make an interface,
and `wg ...` like usual to configure WireGuard aspects of it, like usual.

* wg-quick: support dns search domains

If DNS= has a non-IP in it, it is now treated as a search domain in
resolv.conf.  This new feature will be rolling out across our various GUI
clients in the next week or so.

* Makefile: simplify silent cleaning
* ipc: remove extra space
* git: add gitattributes so tarball doesn't have gitignore files
* terminal: specialize color_mode to stdout only

Small cleanups.

* highlighter: insist on 256-bit keys, not 257-bit or 258-bit

The highlighter's key checker is now stricter with base64 validation.

* wg-quick: android: support application whitelist

Android users can now have an application whitelist instead of application
blacklist.

* systemd: add wg-quick.target

This enables all wg-quick at .services to be restarted or managed as a unit via
wg-quick.target.

* Makefile: remember to install all systemd units

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-20 08:14:00 +02:00
Álvaro Fernández Rojas
86583384ff bcm63xx: smp: add NAND support
NAND controller is present on BCM6328, BCM6362, BCM6368 and BCM63268.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-18 18:24:06 +02:00
Álvaro Fernández Rojas
dcee4eaa42 bcm63xx-cfe: add package with CFE RAM binaries
CFE RAM is a second stage bootloader which is usually loaded by CFE ROM
(first stage bootloader) from a JFFS2 partition stored on the NAND.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-18 18:24:06 +02:00
Álvaro Fernández Rojas
8339f8d95e base-files: switch_to_ramfs: add nand-utils
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-18 18:24:06 +02:00
Davide Fioravanti
31b49f02ca ramips: add support for Linksys EA7500 v2
The Linksys EA7500 v2 is advertised as AC1900, but its internal
hardware is AC2600 capable.

Hardware
--------
SoC:   Mediatek MT7621AT (880 MHz, 2 cores 4 threads)
RAM:   256M (Nanya NT5CC128M16IP-DI)
FLASH: 128MB NAND (Macronix MX30LF1G18AC-TI)
ETH:   5x 10/100/1000 Mbps Ethernet (MT7530)
WIFI:
  - 2.4GHz: 1x MT7615N (4x4:4)
  - 5GHz:   1x MT7615N (4x4:4)
  - 4 antennas: 3 external detachable antennas and 1 internal
USB:
  - 1x USB 3.0
  - 1x USB 2.0
BTN:
  - 1x Reset button
  - 1x WPS button
LEDS:
  - 1x White led (Power)
  - 6x Green leds (link lan1-lan4, link wan, wps)
  - 5x Orange leds (act lan1-lan4, act wan) (working but unmodifiable)

Everything works correctly.

Installation
------------
The “factory” openwrt image can be flashed directly from OEM stock
firmware. After the flash the router will reboot automatically.

However, due to the dual boot system, the first installation could fail
(if you want to know why, read the footnotes).
If the flash succeed and you can reach OpenWrt through the web
interface or ssh, you are done.
Otherwise the router will try to boot 3 times and then will
automatically boot the OEM firmware (don’t turn off the router.
Simply wait and try to reach the router through the web interface
every now and then, it will take few minutes).

After this, you should be back in the OEM firmware.

Now you have to flash the OEM Firmware over itself using the OEM web
interface (I tested it using the FW_EA7500v2_2.0.8.194281_prod.img
downloaded from the Linksys website).

When the router reboots flash the “factory” OpenWrt image and this
time it should work.

After the OpenWrt installation you have to use the sysupgrade image
for future updates.

Restore OEM Firmware
--------------------
After the OpenWrt flash, the OEM firmware is still stored in the
second partition thanks to the dual boot system.
You can switch from OpenWrt to OEM firmware and vice-versa failing
the boot 3 times in a row:
 1) power on the router
 2) wait 15 seconds
 3) power off the router
 4) repeat steps 1-2-3 twice more.
 5) power on the router and you should be in the “other” firmware

If you want to completely remove OpenWrt from your router, switch to
the OEM firmware and then flash OEM firmware from the web interface
as a normal update.
This procedure will overwrite the OpenWrt partition.

Footnotes
---------
The Linksys EA7500-v2 has a dual boot system to avoid bricks.
This system works using 2 pair of partitions:
 1) "kernel" and "rootfs"
 2) "alt_kernel" and "alt_rootfs".
After 3 failed boot attempts, the bootloader tries to boot the other
pair of partitions and so on.

This system is managed by the bootloader, which writes a bootcount in
the s_env partition, and if successfully booted, the system add a
"zero-bootcount" after the previous value.

A system update performed from OEM firmware, writes the firmware on the
other pair of partitions and sets the bootloader to boot the new pair
of partitions editing the “boot_part” variable in the bootloader vars.
Effectively it's a quick and safe system to switch the selected boot
partition.

Another way to switch the boot partition is:
 1) power on the router
 2) wait 15 seconds
 3) power off the router
 4) repeat steps 1-2-3 twice more.
 5) power on the router and you should be in the “other” firmware

In this OpenWrt port, this dual boot system is partially working
because the bootloader sets the right rootfs partition in the cmdline
but unfortunately OpenWrt for ramips platform overwrites the cmdline
so is not possible to detect the right rootfs partition.

Because all of this, I preferred to simply use the first pair of
partitions and set read-only the other pair.

However this solution is not optimal because is not possible to know
without opening the case which is the current booted partition.
Let’s take for example a router booting the OEM firmware from the first
pair of partitions. If we flash the OpenWrt image, it will be written
on the second pair. In this situation the router will bootloop 3 times
and then will automatically come back to the first pair of partitions
containg the OEM firmware.
In this situation, to flash OpenWrt correctly is necessary to switch
the booting partition, flashing again the OEM firmware over itself.
At this point the OEM firmware is on both pair of partitions but the
current booted pair is the second one.
Now, flashing the OpenWrt factory image will write the firmware on
the first pair and then will boot correctly.

If this limitation in the ramips platform about the cmdline will be
fixed, the dual boot system can also be implemented in OpenWrt with
almost no effort.

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
Co-Developed-by: Jackson Lim <jackcolentern@gmail.com>
Signed-off-by: Jackson Lim <jackcolentern@gmail.com>
2020-05-17 18:44:28 +02:00
Davide Fioravanti
c33ad81373 mtd: add linksys_bootcount for ramips
Reset bc is needed for Linksys EA7500 v2's dual boot.

Size impact (tested with Linksys EA7500 v2 @ mt7621):

mtd_25_mipsel_24kc.ipk: 13174 -> 13628 (454 bytes)
initramfs: 3660350 -> 3660688 (338 bytes)

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
[add size impact information]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-17 18:43:19 +02:00
Adrian Schmutzler
b510ab513e kernel: drop outdated kernel version switches for local code
This drops kernel version switches for versions not supported by
OpenWrt master at the moment. This only adjusts local code, but
doesn't touch patches to existing external packages.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-17 18:35:51 +02:00
Daniel Golle
631c437a91 hostapd: backport wolfssl bignum fixes
crypto_bignum_rand() use needless time-consuming filtering
which resulted in SAE no longer connecting within time limits.
Import fixes from hostap upstream to fix that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-16 22:28:08 +01:00
Daniel Golle
8097fd4d5f procd: jail: fix segfault and add console feature
2e73848 jail: SIGSEGV must not be forwarded to the child process
 7e150f6 jail: unnamed jails can not have netns (fix segfault)
 1ab539b jail: add option to provide /dev/console to containers

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-15 19:19:32 +01:00
Adrian Schmutzler
f079db3844 procd: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
4cfa63edc0 wwan: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
04a8d3f453 comgt: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
ffa3a8e9b0 netifd: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
05afbcd14e mac80211: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
4202459541 ltq-vdsl-fw: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
d2d63cc6e0 ltq-vdsl-app: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Robert Marko
bc0288b768 libjson-c: backport security fixes
This backports upstream fixes for the out of bounds write vulnerability in json-c.
It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592

Addresses CVE-2020-12762

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-13 11:16:43 +02:00
Daniel Golle
b181294b02 fstools: blockd: fix segfault triggered by non-autofs mounts
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
    at fstools-2020-05-06-eec16e2f/block.c:1193
1193:    if (!m->autofs && (mp = find_mount_point(pr->dev))) {

Fixes: c3a43753b9 ("fstools: update to the latest version")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-12 10:51:24 +01:00
Kevin Darbyshire-Bryant
5e0a56b8ae umdns: re-enable address-of-packed-member warning
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-05-10 20:44:59 +01:00
Kevin Darbyshire-Bryant
ed91d72eac dnsmasq: hotplug script tidyup
Hotplug scripts are sourced so the #!/bin/sh is superfluous/deceptive.
Re-arrange script to only source 'procd' if we get to the stage of
needing to signal the process, reduce hotplug processing load a little.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-05-10 20:40:30 +01:00
Ali MJ Al-Nasrawy
a8a1ef8568 mac80211: distance config: allow "auto" as a value
The user can now enable the ACK timeout estimation algorithm (dynack)
for drivers that support it.
It is also expected that the distance config accepts the same values as:
$ iw phyX set distance XXX

Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
2020-05-09 15:08:39 +02:00
Jakov Petrina
b1cfbff0a7 mvebu: uDPU: switch default kernel and U-Boot PHY mode
Certain SFP modules (most notably Nokia GPON ones) first check
connectivity on 1000base-x, and switch to 2500base-x afterwards. This
is considered a quirk so the phylink switches the interface to
2500base-x as well.

However, after power-cycling the uDPU device, network interface/SFP module
will not work correctly until the module is re-seated. This patch
resolves this issue by forcing the interface to be brought up in
2500base-x mode by default.

Signed-off-by: Jakov Petrina <jakov.petrina@sartura.hr>
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Luka Perkov <luka.perkov@sartura.hr>
2020-05-09 14:34:23 +02:00
Javier Marcet
02656caa7b base-files: upgrade: fix indent
Use same indent as for the rest of the file.

Signed-off-by: Javier Marcet <javier@marcet.info>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-08 20:15:43 +02:00
Thibaut VARÈNE
02a9d3d6a9 package/base-files: add caldata_sysfsload_from_file()
This routine enables loading caldata binary via the kernel sysfs loader

See https://www.kernel.org/doc/html/v4.19/driver-api/firmware/fallback-mechanisms.html

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-08 15:17:17 +02:00
Thibaut VARÈNE
8f4735297b package/base-files: caldata: allow setting target file
This will enable platforms to extract caldata to an arbitrary file,
or patch mac in an abitrary file.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-08 15:17:17 +02:00
Thibaut VARÈNE
ab68939254 package/utils: remove rbextract
Rationale:
1/ This tool is no longer necessary following the implementation of a
   sysfs driver
2/ The upstream author, Robert Marko, stated[1] that this tool had been
   taken from his tree in an unfinished state not suitable for merging

[1] https://github.com/openwrt/openwrt/pull/2850#issuecomment-610277863

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-08 15:17:17 +02:00
Daniel A. Maierhofer
128250e8fc lldpd: add management IP setting
add option to set management IP pattern

also add missing 'unconfigure system hostname'

for example pattern '!192.168.1.1' makes it possible that
WAN IP is selected instead of LAN IP

Signed-off-by: Daniel A. Maierhofer <git@damadmai.at>
[grammar and spelling fixes in commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-05-08 05:54:39 +03:00
Rosen Penev
73fa1aba94 samba36: Remove
Samba 3.6 is completely unsupported, in addition to having tons of patches

It also causes kernel panics on some platforms when sendfile is enabled.
Example:

https://github.com/gnubee-git/GnuBee_Docs/issues/45

I have reproduced on ramips as well as mvebu in the past.

Samba 4 is an alternative available in the packages repo.

cifsd is a lightweight alternative available in the packages repo. It is
also a faster alternative to both Samba versions (lower CPU usage). It
was renamed to ksmbd.

To summarize, here are the alternatives:
- ksmbd + luci-app-cifsd
- samba4 + luci-app-samba4

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[drop samba36-server from GEMINI_NAS_PACKAGES, ksmbd rename + summary]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-05-08 03:32:52 +03:00
Jo-Philipp Wich
79da9d78b9 opkg: update to latest Git HEAD
f2166a8 libopkg: implement lightweight package listing logic
cf4554d libopkg: support passing callbacks to feed parsing functions
2a0210f opkg-cl: don't read feeds on opkg update
b6f1967 libopkg: use xsystem() to spawn opkg-key
60b9af2 file_util.c: refactor and fix checksum_hex2bin()
206ebae file_util.c: fix possible bad memory access in file_read_line_alloc()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-07 22:49:58 +02:00
Yangbo Lu
2b31f143f9 layerscape: update restool to LSDK-20.04
Update restool to latest LSDK-20.04.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
1b370e7f62 layerscape: update ls-dpl to LSDK-20.04
Update ls-dpl to latest LSDK-20.04.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00