Commit Graph

45781 Commits

Author SHA1 Message Date
Hans Dedecker
7db6559914 firewal: update to latest git HEAD
4d0c703 firewall3: Fix some format string problems
8c404ef iptables.c: lock the xtables.lock
c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-07 21:23:43 +02:00
Adrian Schmutzler
869a0183b9 ramips: fix MAC address setup for Newifi Y1 and Y1S
So far, MAC address setup for those devices has been using local
addresses although additional MAC addresses are available on flash.

On device, we found the following situation:
position   Y1     Y1S
0x4        *:d4   *:e4
0x8004     *:d6   *:e8
0x28       *:d4   *:e4
0x2e       *:d7   *:eb

Since 0x4 and 0x28 yield the same address, the former was set for
&ethernet in DTS. However, the typical location on this
architecture is 0x28, so this patch changes that.

For further setup in 02_network, the local bit for lan_mac is
removed, so the address from &ethernet is used at all. For wan_mac,
instead of calculating an address with local bit set, this patch
exploits the previously unused address in 0x2e.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-07 21:41:44 +08:00
Adrian Schmutzler
aaf90d8808 ramips: initialize MAC addresses from flash where possible
This patch changes wan MAC address setup from retrieving it by
calculation to reading it from flash.

Changes are limited to cases where on-device check was possible.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[fix mac for newifi-d1; drop adslr,g7 because it's unlikely for
vendor to specifically use 2.4g mac as wan_mac]
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-09-07 21:41:44 +08:00
Adrian Schmutzler
e35e4a996e ramips: fix duplicate network setup for dlink,dir-615-h1
In 555ca422d1 ("ramips: fix D-Link DIR-615 H1 switch port
mapping"), port setup for dir-615-h1 was changed without removing
the old one. This was working as the new one was triggered earlier
than the old one.

(In the meantine, changed sorting during ramips rename patches
actually inversed that order.)

Anyway, just remove the wrong case now.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-07 21:41:44 +08:00
Adrian Schmutzler
ad4eb2241b ramips: remove duplicate case for MAC setup of freestation5
ARC FreeStation5 is present twice in MAC address setup.

From older commits/changes, it is not possible to reconstruct
the correct choice only by reading the annotations.

Thus, remove the second case and keep the first one, so behavior
stays the same (as nobody seems to have complained about it).

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-07 21:41:44 +08:00
Adrian Schmutzler
6640e1c368 ramips: clean and improve MAC address setup in 02_network
This patch removes unnecessary MAC address setup statements in
ramips' 02_network by doing several optimizations:

1. For the following devices, lan_mac was set up with
   mtd_get_mac_binary although the same address was set in DTS.
   The lan_mac statement is removed in 02_network, but
   wan_mac is kept:
   - mercury,mac1200r-v2
   - phicomm,k2g
   - skylab,skw92a
   - wiznet,wizfi630a

2. For the following devices, wan_mac was set up with
   mtd_get_mac_binary although the same address was set in DTS.
   The wan_mac statement is removed in 02_network, no
   lan_mac is present:
   - buffalo,whr-g300n
   - glinet,gl-mt300n-v2
   - zyxel,keenetic-start

3. For the following device, lan_mac and wan_mac were set up
   with mtd_get_mac_binary to the same address as set in DTS.
   Both statements are removed in 02_network:
   - buffalo,whr-600d

4. For some devices, it was possible to move setup from 02_network
   to DTS by introducing previously missing mtd_mac_address:
   - buffalo,whr-1166d
   - buffalo,whr-300hp2
   - buffalo,wsr-600dhp
   - ohyeah,oy-0001
   - planex,vr500

5. For one device, mtd_mac_address was just wrong and overwritten
   by 02_network. Put the correct value in DTS and remove redundant
   statement in 02_network:
   - asus,rt-ac57u

6. For one device, MAC address defined in DTS is exchanged together
   with lan_mac/wan_mac setup in 02_network, so that cases in
   02_network can be merged:
   - phicomm,k2p

For some devices, an empty case has to be used to prevent them
from falling into the default case and have
WAN address = eth0 address + 1 set to them.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-07 21:41:44 +08:00
Jonas Gorski
f11d90a76b Revert "build: remove harmful -nopad option from mksquashfs"
This reverts commit 1c0290c5cc.

Dropping the nopad can make the padding overflow into the next erase
block on devices using a non-aligned rootfs start. This breaks the jffs2
overlay partition with the following messages:

[   30.343877] jffs2_scan_eraseblock(): End of filesystem marker found at 0x10000
[   30.376512] jffs2: Cowardly refusing to erase blocks on filesystem with no valid JFFS2 nodes
[   30.385253] jffs2: empty_blocks 196, bad_blocks 0, c->nr_blocks 197

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2019-09-07 14:45:32 +02:00
Hans Dedecker
1855c23794 odhcp6c: update to latest git HEAD
e199804 dhcpv6: sanitize oro options

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-07 13:11:53 +02:00
Rafał Miłecki
c19b9f9a26 bcm53xx: extend firmware validation
This provides TRX validation result to the validation JSON. It also
prevents users from installing broken firmware files.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-06 12:52:59 +02:00
Yousong Zhou
40e3f660c1 uboot-fritz4040: build with ipq40xx "generic" subtarget
Fixes: 853e4dd3 ("ipqx0xx: add Generic subtarget")
Ref: https://forum.openwrt.org/t/ipq40xx-snapshot-not-updated-since-22nd-august/44126
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-09-06 08:33:30 +00:00
Rafał Miłecki
641f6b6c26 treewide: use new procd sysupgrade $UPGRADE_BACKUP variable
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.

This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 23:33:19 +02:00
Rafał Miłecki
e8dcbbc865 procd: update to the latest git HEAD
0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code

This update includes a fix for uninitialized variable usage.

Fixes: 7290963d09 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 23:16:54 +02:00
Adrian Schmutzler
45600124fc base-files: use get_mac_binary() in mtd_get_mac_binary_ubi()
The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.

This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-05 20:42:08 +02:00
David Bauer
4c060228cb base-files: fix mtd_get_mac_text not accepting hex offsets
The mtd_get_mac_text helper method did not support hexadecimal offset
values, resulting them to break after 75bfc393ba ("treewide:
convert MAC address location offsets to hexadecimal")

This commit fixes this by evaluating the hexadecimal input,
converting them to decimal.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-09-05 20:31:56 +02:00
Rafał Miłecki
62dbe361a1 treewide: when copying a backup file always specify dest name
$CONF_TAR shouldn't be assumed to always point to the sysupgrade.tgz.
This change makes code more generic and allows refactoring $CONF_TAR.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 14:33:20 +02:00
Rafał Miłecki
bf39047872 treewide: don't hardcode "sysupgrade.tgz" file name
1) Add BACKUP_FILE and use it when copying an archive to be restored
   after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 14:33:19 +02:00
Rafał Miłecki
1078de96e3 treewide: fix invalid UPGRADE_OPT_SAVE_CONFIG spellings
That was a result of accidentally running "sed" twice on some files.

Fixes: 5797fe84a3 ("treewide: replace remaining (not working now) $SAVE_CONFIG uses")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 08:55:15 +02:00
Rafał Miłecki
5797fe84a3 treewide: replace remaining (not working now) $SAVE_CONFIG uses
This var has been replaced by the $UPGRADE_OPT_UPGRADE_OPT_SAVE_CONFIG

Fixes: b534ba9611 ("base-files: pass "save_config" option to the "sysupgrade" method")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 08:43:24 +02:00
Hauke Mehrtens
1184e1f2b6 uboot-envtools: Update to U-Boot version 2019.07
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-04 22:35:22 +02:00
Hauke Mehrtens
169152c8d1 tools/mkimage: Update U-Boot to version 2019.07
This updates the U-Boot which provides the host tools like mkimage to
version 2019.07.
The patches were cleaned up and it was checked if this still compiles
on Linux and FreeBSD.

CONFIG_FIT_SIGNATURE_MAX_SIZE is set to the default value.

The patch for libressl was merged upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-04 22:35:22 +02:00
Álvaro Fernández Rojas
662394fb30 brcm2708: update to latest patches from RPi foundation
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-09-04 19:02:48 +02:00
Álvaro Fernández Rojas
99a5e28588 brcm2708: bcm2711: remove custom config file
Forcing arm_64bit is no longer required with latest firmware.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-09-04 18:11:25 +02:00
Álvaro Fernández Rojas
da3f5b2196 brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-09-04 18:09:34 +02:00
Chuanhong Guo
7a21c85f70 ramips: improve support for Xiaomi Miwifi Nano
This patch does the following things:
1. mark u-boot-env writable
2. add bootcount support
   Currently, u-boot has a flag_boot_success env variable to reset.
   Also reset it in our firmware to follow the behavior in vendor's
   firmware.
3. disable usb support
   This router doesn't have usb port at all.
4. increase spi clock to 40MHz
5. fix pinmux groups

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-09-04 19:26:01 +08:00
Rafał Miłecki
7290963d09 procd: update to the latest git HEAD
34ac88c system: reject sysupgrade of invalid firmware images by default
f55c235 system: reject sysupgrade of broken firmware images
e990e21 system: add "validate_firmware_image" ubus method

This update changes "sysupgrade" ubus method API. It's now required to
pass "force" attribute whenever invalid firmware is meant to be
installed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-04 11:17:06 +02:00
Rafał Miłecki
b71962da16 base-files: pass "force" parameter to the "sysupgrade" call
This makes sysupgrade work with the most recent procd that validates
firmware before proceeding.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-04 11:07:41 +02:00
Rafał Miłecki
e68c1cebd1 brcm47xx: extend firmware validation
This provides TRX validation result, so final JSON may look like:
{
	"tests": {
		"fwtool_signature": true,
		"fwtool_device_match": true,
		"trx_valid": true
	},
	"valid": true,
	"forceable": true
}

It also prevents users from installing broken firmware files, e.g.:

root@OpenWrt:/# sysupgrade -F -n /tmp/TZ
Image metadata not found
Invalid image type. Please use firmware specific for this device.
Image check failed but --force given - will update anyway!
Commencing upgrade. Closing all shell sessions.
Firmware image is broken and cannot be installed

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-04 06:37:17 +02:00
Álvaro Fernández Rojas
5287ac2dfb brcm2708: restore UART on RPi 0W, 3B, 3B+ and 4B
Disable Bluetooth and restore UART to GPIOs 14 & 15.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-09-03 19:37:29 +02:00
Adrian Schmutzler
fbbb4eb8b4 ath79: add support for TP-Link WDR3500 v1
Hardware:
SoC:      AR9344
CPU:      560 MHz
Flash:    8 MiB
RAM:      128 MiB
WiFi:     Atheros AR9340 2.4GHz 802.11bgn
          Atheros AR9300 5GHz 802.11an
Ethernet: AR934X built-in switch, WAN on separate physical interface
USB:      1x 2.0

Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.

Flash instruction (TFTP):
1. Set PC to fixed ip address 192.168.0.66
2. Download *-factory.bin image and rename it to
   wdr3500v1_tp_recovery.bin
3. Start a tftp server with the image file in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[removed stray newline]
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-09-03 18:43:27 +02:00
Rosen Penev
ac31ec0f62 upslug2: Update to git repository
This has two improvements over the current version. An autotools fix and
application of the wrt350v2 patch.

Cleaned up Makefile as a result of makefiles being fixed.

Note that this package is not really used as it depends on orion, which is
classified as broken.

This is the last package that uses svn in the tree.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-09-03 11:56:47 +02:00
Jo-Philipp Wich
efaaadb49e sdk: use bundle-libraries.sh to ship kernel objtool tools
Ensure that the kernel objtool utilities are processed by the library
bundler in order to ensure that they're usable on foreign systems with
different libc versions.

Fixes: a9f6fceb42 ("sdk: fix building external modules when CONFIG_STACK_VALIDATION=y")
Acked-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-03 10:45:25 +02:00
Jo-Philipp Wich
fe43969336 include: kernel-build: pass pkg-config overrides to kernel build
Pass suitable pkg-config overrides to the kernel build process in
order to let our pkg-config wrapper discover libraries provided
by tools/.

This mainly affects the use of libelf which is required for the
CONFIG_STACK_VALIDATION features. So far, the build system either
silently used host system libraries or kbuild simply disabled the
feature due to the lack of a suitable libelf.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-03 10:44:21 +02:00
Jo-Philipp Wich
f3ab336d7c tools: libelf: fix headers to trigger -Wundef warnings
When libelf from tools/ is used for building the kernel, compilation
aborts due to access to undefined defines since Kbuild adds -Wundef
to the compiler flags.

Patch the header files to use `#if defined(...)` instead of `#if ...`
to prevent such issues.

Ref: https://github.com/NixOS/nixpkgs/issues/59929
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-03 10:44:21 +02:00
Jo-Philipp Wich
d3f86c9cc3 tools: libelf: install pkg-config file
Install the pkg-config definition for libelf in order to allow the
kernel build process discover it later on.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-03 10:44:21 +02:00
Paul Spooren
ac418ddecc bcm53xx: add generic subtarget
Same game as for 853e4dd306. Add generic
to the filenames.

CC: Hauke Mehrtens <hauke@hauke-m.de>

Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-02 22:38:47 +02:00
Bjørn Mork
a21b70be31 scripts/feeds: fix 'src-include' directive
Commit 775b70f8d5 renamed parse_file() parameters without
updating the recursive call. This broke parsing of any feeds.conf
using 'src-include'.

 $ scripts/feeds update -a
 Can't use string ("defaults") as a HASH ref while "strict refs" in use at scripts/feeds line 63, <$fh> line 1.

Fixes: 775b70f8d5 ("scripts/feeds: allow adding parameters to feeds")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
2019-09-02 16:48:40 +02:00
Hauke Mehrtens
6aa962a622 uci: update to latest Git HEAD
415f9e4 uci/file: replace mktemp() with mkstemp()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-01 19:53:30 +02:00
Hauke Mehrtens
6658447534 iwinfo: update to latest Git HEAD
f599a8d iwinfo: Fix rate buffer size
71ec9be iwinfo: Fix buffer size
f8ef450 iwinfo: Add support for WPA3

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-01 19:48:43 +02:00
Tomasz Maciej Nowak
3fa0f32a68 grub2: bump to 2.04
* GCC 8 and 9 support.
* Gnulib integration overhaul.
* RISC-V support.
* Xen PVH support.
* Native UEFI secure boot support.
* UEFI TPM driver.
* New IEEE 1275 obdisk driver.
* Btrfs RAID 5 and RIAD 6 support.
* bootin from F2FS support.
* PARTUUID support.
* VLAN support.
* Native DHCP support.
* Many ARM and ARM64 fixes.
* Many SPARC fixes.
* Many IEEE 1275 fixes.
* ...and tons of other fixes and cleanups...

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-09-01 18:38:05 +02:00
Luis Araneda
5ca243153b uboot-zynq: update to 2019.07
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-09-01 18:38:05 +02:00
Thomas Langer
035906fd05 Fix handling of BUILD_SUFFIX in remote-gdb script
When CONFIG_BUILD_SUFFIX is enabled, the target-* folders in build_dir
and staging_dir have this suffix in the name, but not the
toolchain directories. When detecting the names for "arch" and "libc",
also accept the suffix and do not use it for the toolchain path.

Signed-off-by: Thomas Langer <thomas.langer@intel.com>
2019-09-01 18:38:05 +02:00
Daniel Engberg
413c68d120 tools/cmake: Update to 3.15.1
Update CMake to 3.15.1
Refresh patches
Remove inofficial fossies.org and replace with GitHub (link on official site)
Remove 150-C-feature-checks-Match-warnings-more-strictly.patch as it's
a no longer needed backport from upstream.
Disable ccache if GCC is 4.8, 4.9 or 5.X to avoid build failures.
Reference: https://github.com/openwrt/openwrt/pull/1929

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-09-01 18:38:05 +02:00
Konstantin Demin
b74f1f335a nftables: bump to version 0.9.2
- exclude Python-related stuff from build
- drop patches:
  * 010-uclibc-ng.patch, applied upstream

ipkg size decrease by 2.8%:
old:
194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk
new:
189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-09-01 18:38:04 +02:00
Konstantin Demin
699955a684 libnftnl: bump to version 1.1.4
ABI version is same.

The ipkg size increase by about 2.2%:
old:
47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk
new:
48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-09-01 18:38:04 +02:00
DENG Qingfang
26851f9db2 mvebu: fix Linksys WRT LAN/WAN MAC addresses
According to 02_network, eth0.1 is LAN and eth1.2 is WAN,
but $mac_wan was assigned incorrectly to eth0 in preinit.

Swap eth0 and eth1 to fix this.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-09-01 18:38:04 +02:00
Cong Wang
7735cce0c5 kernel: net_sched: fix a NULL pointer deref in ipt action
The net pointer in struct xt_tgdtor_param is not explicitly
initialized therefore is still NULL when dereferencing it.
So we have to find a way to pass the correct net pointer to
ipt_destroy_target().

The best way I find is just saving the net pointer inside the per
netns struct tcf_idrinfo, which could make this patch smaller.

Fixes: 0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed by ruleset")
Reported-and-tested-by: Tony Ambardar <itugrok@xxxxxxxxx>
Cc: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
Cc: Jiri Pirko <jiri@xxxxxxxxxxx>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>

[Backport for kernel v4.19 and v4.14]
[Bug Link: https://bugzilla.kernel.org/show_bug.cgi?id=204681]
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-09-01 18:38:04 +02:00
Jo-Philipp Wich
02169bd3f8 rpcd: update to latest Git HEAD
821045f file: add path based read/write/exec ACL checks
fb337e5 file: add stat() information to directory listings

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-01 18:33:21 +02:00
Eneas U de Queiroz
7f2b230b3b uhttpd: add support to generate EC keys
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:35:11 +02:00
Eneas U de Queiroz
a552ababd4 px5g: support EC keys
This adds an 'eckey' command to generate an EC key, with an optional
curve name argument, with P-256 as default.

For the 'selfsigned' command, it adds an 'ec' algorithm argument to the
'-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option,
mirroring the way openssl specifies the curve name.

Notice that curve names are not necessarily the same in mbedtls and
openssl.  In particular, secp256r1 works for mbedtls, but openssl uses
prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256
and P-384 are specifically supported.

Package size increased by about 900 bytes (arm).

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:34:30 +02:00
Eneas U de Queiroz
f40262697f openssl: always build with EC support
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:16:08 +02:00