Commit Graph

45761 Commits

Author SHA1 Message Date
Hauke Mehrtens
403039c562 wolfssl: Update to version 4.5.0
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk:	386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk:	391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 00722a720c)
2020-09-02 15:46:42 +02:00
Eneas U de Queiroz
dc61110adc wolfssl: use -fomit-frame-pointer to fix asm error
32-bit x86 fail to compile fast-math feature when compiled with frame
pointer, which uses a register used in a couple of inline asm functions.

Previous versions of wolfssl had this by default.  Keeping an extra
register available may increase performance, so it's being restored for
all architectures.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 750d52f6c9)
2020-09-02 15:46:36 +02:00
Eneas U de Queiroz
ad38a2ae61 wolfssl: update to 4.4.0-stable
This version adds many bugfixes, including a couple of security
vulnerabilities:
 - For fast math (enabled by wpa_supplicant option), use a constant time
   modular inverse when mapping to affine when operation involves a
   private key - keygen, calc shared secret, sign.
 - Change constant time and cache resistant ECC mulmod. Ensure points
   being operated on change to make constant time.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 3481f6ffc7)
2020-09-02 15:46:30 +02:00
Magnus Kroken
0d35fcbff0 mbedtls: update to 2.16.8
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.

* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 66893063ab)
2020-09-02 15:46:22 +02:00
Hauke Mehrtens
2d7ea69dd3 mac80211: Fix potential endless loop
Backport a fix from kernel 5.8.3.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ca5ee6eba3)
2020-08-30 23:36:52 +02:00
Daniel Golle
5a1e4a7fdb oxnas: reduce size of ATA DMA descriptor space
After years of trying to find the reason for random kernel crashes
while both CPU and SATA are under load it has been found.
Some odd commented-out #defines in kref's single-port driver [1] which
were copied from the vendor driver made me develop a theory:
The IO-mapped memory area for DMA descriptors apparetly got some holes
just before the alignment boundaries.
This feels like an off-by-one bug in the hardware or maybe those fields
are used internally by the SATA controller's firmware.
Whatever the cause is: they cannot be used and trying to use them
results in reading back unexpected stuff and ends up with oopsing
Unable to handle kernel paging request at virtual address d085c004

Work around the issue by reducing the area used for bmdma descriptors.
This reduces SATA performance (iops) quite a bit, but finally makes
things work reliably. Possibly one could optimize this much more by
really just skipping the holes in that memory area -- however, that
seems to be non-trivial with the driver and libata in it's current form
(suggestions are welcome).
The 'proper' way to have good SATA performance would be to make use of
the hardware RAID features (one can use the JBOD mode to access even
just a single disc transparently through the RAID controller integrated
in the SATA host instead of accessing the SATA ports 'raw' as we do
now).

[1]: https://github.com/kref/linux-oxnas/blob/master/drivers/ata/sata_oxnas.c#L25

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 5793112f75,
including fixup commit d75e753063)
2020-08-29 01:17:26 +01:00
Magnus Kroken
19b8696dd7 mbedtls: update to 2.16.7
Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch,
and provides bug fixes and minor enhancements. This release includes
fixes for security issues and the most severe one is described in more
detail in a security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07

* Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
* Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private
key that didn't include the uncompressed public key), as well as
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
f_rng argument. An attacker with access to precise enough timing and
memory access information (typically an untrusted operating system
attacking a secure enclave) could fully recover the ECC private key.
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
macros).

Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some
changes to the download URLs are required. For the time being, the
ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[Use https://codeload.github.com and new tar.gz file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 201d6776a0)
2020-08-27 00:28:00 +02:00
Hauke Mehrtens
a2a75c21bd kernel: Update kernel 4.14 to version 4.14.195
Compile and runtime tested on lantiq/xrx200 and x86/64.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-27 00:27:56 +02:00
Adrian Schmutzler
8b0278a17e ath79: add support for TP-Link TL-WR710N v2.1
This adds support for the TP-Link TL-WR710N v2.1. It is basically a
re-issue of the v1.2.

Specifications:

SoC:       Atheros AR9331
CPU:       400 MHz
Flash:     8 MiB
RAM:       32 MiB
WiFi:      2.4 GHz b/g/n
Ethernet:  2x 100M ports
USB:       1x 2.0

The only difference from the v1 is the TP-Link hardware ID/revision.

Attention:
The TL-WR710N v2.0 (!) has only 4 MB flash and cannot be flashed with
this image. It has a different TPLINK_HWREV, so accidental flashing
of the factory image should be impossible without additional measures.

Unfortunately, the v2.0 in ar71xx has the same board name, so sysupgrade
from ar71xx v2.0 into ath79 v1/v2.1 will not be prevented, but will brick
the device.

Flashing instruction:

Upload the factory image via the OEM firmware GUI upgrade mechanism.

Further notes:

To make implementation easier if somebody desires to port the 4M v2.0,
this already creates two DTSI files.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Fabian Eppig <fabian@eppig.de>
(backported from eb531337a7)
2020-08-24 19:56:10 +02:00
Alexander Couzens
33973a90dc tools/tplink-safeloader: use soft_ver 1.9.1 for archer c6 v2
TP-LINK published a firmware update for the archer c6 v2.
This updates also reached the factory devices. Newer software version
rejects downgrading to 1.2.x. Use 1.9.x to allow installing the factory images
and have a little bit time to change it again.

Tested on archer c6 v2 with firmware 1.3.1

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit 6d5d815e3f)
2020-08-24 19:37:08 +02:00
Georgi Vlaev
fce5101469 tplink-safeloader: update soft_ver for TP-Link Archer C6 v2 (EU)
The last couple of TP-Link firmware releases for Archer C6 v2 (EU)
have switched to version 1.2.x. Bump the soft_ver to "1.2.1" to
allow firmware updates from the vendor web interface.

TP-Link vendor firmware releases supported by this change:
* Archer C6(EU)_V2_200110: soft_ver:1.2.1 Build 20200110 rel.60119
* Archer C6(EU)_V2_191014: soft_ver:1.2.0 Build 20191014 rel.33289

Signed-off-by: Georgi Vlaev <georgi.vlaev@gmail.com>
(cherry picked from commit ff75bbc423)
2020-08-24 19:37:08 +02:00
Jo-Philipp Wich
350883bb90 Revert "scripts/download: add sources CDN as first mirror"
This reverts commit c737a9ee6a.

The source CDN has been discontinued in its current form and will take a
while to be reestablished. Even then it makes little sense to put a CDN
before other CDNs such as kernel.org, apache.org, sourceforge etc.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit bf96eb55c8)
2020-08-24 15:56:27 +02:00
Thibaut VARÈNE
d8ecaef409 generic: platform/mikrotik: fix incorrect test
The test is meant to check the result of the preceding kmalloc()

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit d0498872ff)
2020-08-18 18:22:33 +02:00
Adrian Schmutzler
008db6b970 ath79: enable gpio on ar933x by default
All other SoC DTSI files have gpio enabled by default, only
ar9330/ar9331 disable it by default, only to have it enabled again
afterwards for each individual device.

So, do not disable it in the first place, and drop all device-specific
status statements afterwards.

Though this is a cosmetic commit, it might be a pitfall for
device-support backporters if missing. Since backporting it is trivial,
let's just do it.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit dc1280ef65)
2020-08-18 17:45:20 +02:00
Adrian Schmutzler
3df63fba70 ath79: fix syntax error in ar7240_tplink_tl-wa.dtsi
The node needs to be terminated by a semicolon.

Fixes: 8484a764df ("ath79: ar724x: make sure builtin-switch is
enabled in DT")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit e329e71c69)
2020-08-17 18:29:03 +02:00
Adrian Schmutzler
be09fdbf36 ath79: ar724x: make sure builtin-switch is enabled in DT
On ar7240/ar7241 the mdioX node with the builtin-switch is enabled
in the DTSI files, but the parent ethX node is left disabled. It
only gets enabled per device or device family, and has not been
enabled at all yet for the TP-Link WA devices with ar7240, making
the switch unavailable there.

This patch makes sure &eth0/&eth1 nodes are enabled together with
the &mdio0/&mdio1 nodes containing the builtin-switch.
For ar7240_tplink_tl-wa.dtsi, &eth0 is properly hidden again via
  compatible = "syscon", "simple-mfd";

This partially fixes FS#2887, however it seems dmesg still does
not show cable (dis)connect in dmesg for ar7240 TP-Link WA
devices.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 8484a764df)
2020-08-17 15:52:01 +02:00
Michal Cieslakiewicz
5d3e5d6ccc ath79: WNR612v2: improve device support
This patch improves ath79 support for Netgear WNR612v2.
Router functionality becomes identical to ar71xx version.

Changes include:
* software control over LAN LEDs via sysfs
* correct MAC addresses for network interfaces
* correct image size in device definition
* dts: 'keys' renamed to 'ath9k-keys'
* dts: 'label-mac-device' set to eth1 (LAN)
* dts: formatting adjustments

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit d74324e407)
[remove label-mac-device]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-17 15:49:57 +02:00
Michal Cieslakiewicz
fba9a88821 ath79: add LAN LEDs control bits for AR724x GPIO function pinmux
Currently AR724x pinmux for register 0x18040028 controls only JTAG disable bit.
This patch adds new DTS settings to control LAN LEDs and CLKs that allow
full software control over these diodes - exactly the same is done by ar71xx
target in device setup phase for many routers (WNR2000v3 for example).

'switch_led_disable_pins' clears AR724X_GPIO_FUNC_ETH_SWITCH_LED[0-4]_EN bits.
'clks_disable_pins' clears AR724X_GPIO_FUNC_CLK_OBS[1-5]_EN and
AR724X_GPIO_FUNC_GE0_MII_CLK_EN bits. These all should be used together, along
with 'jtag_disable_pins', to allow OS to control all GPIO-connected LEDs and
buttons on device.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit 69df7eb73d)
2020-08-17 15:49:01 +02:00
Chih-Wei Chen
5af8da3787 ramips: fix Xiaomi MiWiFi Mini switch definition
Based on OpenWRT Table of Hardware > Xiaomi > Xiaomi Mi WiFi Mini

Switch Ports Defaults:
0, 1: LAN
4: WAN
6: CPU

Port in Web GUI (word printed on bottom of case)
WAN(Internet) map to switch port 4
LAN1(.) map to switch port 1
LAN2(..) map to switch port 0
CPU map to switch port 6

current setting is 1 WAN/ 4 LAN port, fix it.

Signed-off-by: Chih-Wei Chen <changeway@gmail.com>
[rebased after base-files split, fixed commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(backported from commit 3e88ab79b0)
2020-08-13 13:56:27 +02:00
Magnus Kroken
e754e0a143 busybox: delete redundant patch
This problem has been fixed in upstream commit
6b6a3d9339f1c08efaa18a7fb7357e20b48bdc95. This patch now (harmlessly)
adds the same definition a second time.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 4165232c45)
2020-08-12 11:10:16 +02:00
Hauke Mehrtens
72878e3244 mac80211: Fix build on mpc85xx target
This fixes the following compile error seen on the mpc85xx target:
  CC [M]  /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o
In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89:
/builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t'
 typedef _Addr ptrdiff_t;
               ^~~~~~~~~
In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4,
                 from ./include/linux/list.h:5,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3,
                 from ./include/linux/module.h:9,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79:
./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here
 typedef __kernel_ptrdiff_t ptrdiff_t;
                            ^~~~~~~~~
scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed

Fixes: d6b158b869 ("mac80211: Update to 4.19.137-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 04b1a11f5c)
2020-08-11 20:59:39 +02:00
Hauke Mehrtens
cdd9f19819 x86: Add CONFIG_EFI_CUSTOM_SSDT_OVERLAYS
The CONFIG_EFI_CUSTOM_SSDT_OVERLAYS option was added in kernel 4.14.188,
set it for the x86/generic target.

This fixes a build problem in the x86/generic target.

Fixes: 148d59c67e ("kernel: update kernel 4.14 to version 4.14.193")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-11 20:44:31 +02:00
Christoph Krapp
b3b7665e62 ar71xx: fix ZyXEL NBG6616 wifi switch
The device uses a rf-kill switch instead of a button. Furthermore the
GPIO is active high.

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
(cherry picked from commit 0af656e978)
2020-08-11 01:14:25 +02:00
Piotr Stefaniak
4af7873412 tools/cmake: fix typo in parallel make patch
The variable in the case argument was mistyped, so the case always
checked against an empty string and never matched.

Fix the variable name. Add a PKG_RELEASE to Makefile so we can bump it.

Fixes: d6de31310c ("cmake: restore parallel build support for bootstrap")

Signed-off-by: Piotr Stefaniak <pstef@freebsd.org>
[add commit message, add PKG_RELEASE, fix commit title, add Fixes:]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit e27fbae63c)
2020-08-11 01:14:25 +02:00
Hauke Mehrtens
d6b158b869 mac80211: Update to 4.19.137-1
b43 and b43legacy now support ieee80211w, hardware crypto will be
deactivated in such cases.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-11 00:13:47 +02:00
Hauke Mehrtens
148d59c67e kernel: update kernel 4.14 to version 4.14.193
Compile and runtime tested on lantiq/xrx200 and ipq40xx.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-11 00:12:50 +02:00
Paul Spooren
7db09853a8 scripts: Add Buildbot dump-target-info.pl script
The script comes from buildbot.git[0] and is used to print available
targets and architectures, which are then build.

As the buildbot clones openwrt.git anyway, the script might as well live
here to be used for other cases as well, e.g. determining what
architectures are available when building Docker containers or show
developers an overview which architectures are used by which target.

It's called with either the parameter `architectures` or `targets`,
showing architectures followed by supported targets or targets, followed
by the supported architectures:

$ ./scripts/dump-target-info.pl architectures
aarch64_cortex-a53 bcm27xx/bcm2710 mediatek/mt7622 mvebu/cortexa53 sunxi/cortexa53
aarch64_cortex-a72 bcm27xx/bcm2711 mvebu/cortexa72
...

$ ./scripts/dump-target-info.pl targets
apm821xx/nand powerpc_464fp
apm821xx/sata powerpc_464fp
...

In the future the the script could be removed from the buildbot
repository and maintained only here.

Rename `dumpinfo.pl` to `dump-target-info.pl` to improve verbosity of
filename.

[0]: https://git.openwrt.org/?p=buildbot.git;a=blob;f=scripts/dumpinfo.pl;h=aa97f8d60379076a41b968402e9337cea824ece5;hb=HEAD

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 656b562aff)
2020-08-10 02:43:15 +03:00
Christoph Krapp
e52f7cfc1d uboot-envtools: ar71xx: add ZyXEL NBG6616 uboot env support
This adds support for ZyXEL NBG6616 uboot-env access

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
[add "ar71xx" to commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit eb95ca3b5c)
2020-08-10 00:08:04 +02:00
Christoph Krapp
8ad674e90b ar71xx: change u-boot-env to read-write for ZyXEL NBG6616
As the ath79 port of this device uses a combined kernel + root
partition the uboot bootcmd variable needs to be changed. As using
cli/luci is more convenient than opening up the case and using a uart
connection, lets unlock the uboot-env partition for write access.

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
(cherry picked from commit 982c1f6e42)
2020-08-10 00:07:36 +02:00
Petr Štetiar
dedf089bb7 hostapd: add wpad-basic-wolfssl variant
Add package which provides size optimized wpad with support for just
WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
[adapt to recent changes, add dependency for WPA_WOLFSSL config]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit c487cf8e94)
2020-08-10 00:05:27 +02:00
Adrian Schmutzler
2788db3d38 hostapd: reorganize config selection hierarchy for WPA3
The current selection of DRIVER_MAKEOPTS and TARGET_LDFLAGS is
exceptionally hard to read. This tries to make things a little
easier by inverting the hierarchy of the conditions, so SSL_VARIANT
is checked first and LOCAL_VARIANT is checked second.

This exploits the fact that some of the previous conditions were
unnecessary, e.g. there is no hostapd-mesh*, so we don't need
to exclude this combination.

It also should make it a little easier to see which options are
actually switched by SSL_VARIANT and which by LOCAL_VARIANT.

The patch is supposed to be cosmetic. However, the improvement
for readers and the maintained consistency with master qualify
this for backporting.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit c4dd7fc23b)
2020-08-10 00:05:20 +02:00
Tobias Welz
d40ce8b32d ramips: correct WizFi630S pin mappings
WizFi630S had some pins changed in the release version of the board.
The run led, wps button and a slide switch where affected.
This patch is correcting this.
i2c is removed as it is sharing a pin with the run (system) led.
uart2 is enabled as it is also enabled in the OEM firmware.

Signed-off-by: Tobias Welz <tw@wiznet.eu>
(backported from commit d0b229f553)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-08 16:36:32 +02:00
Tobias Welz
d1985a1be6 ramips: enable flashing WizFi630S via OEM firmware
WIZnet WizFi630s board name is written slightly different it its OEM
OpenWrt firmware. This causes an incompatibility warning during flashing
with sysupgrade. This patch is adding the vendor board name to the
supported devices list to avoid this warning. For initial flashing you
can use sysupgrade via command line or luci beside of TFTP.
Do not keep the OEM configuration during sysupgrade.

Signed-off-by: Tobias Welz <tw@wiznet.eu>
(cherry picked from commit 816973f42a)
2020-08-08 16:36:24 +02:00
Tobias Welz
4212b6a01e ramips: remove doublet entry in WizFi630S dts file
&wmac entry in WIZnet WizFi630S dts file was existing two times.
This is removing one of them.

Signed-off-by: Tobias Welz <tw@wiznet.eu>
(cherry picked from commit b735bbcb18)
2020-08-08 16:36:15 +02:00
Tobias Welz
a81c459d99 ramips: disable unused phy ports of WizFi630S
WIZnet WizFi630S is using only 3 of the phy ports. The unused phy ports
draw unnecessarily power. This is disabling the unused phy ports.

Signed-off-by: Tobias Welz <tw@wiznet.eu>
(cherry picked from commit 36d4c2272e)
2020-08-08 16:36:08 +02:00
Josua Mayer
9d2dea8302 mvebu: fix LAN/WAN port assignment on ClearFog Base/Pro
The comments in code already describe the intended lan / wan assignment:
lan: switch
wan: standalone ethernet and sfp

Update the interface handles to match the comments, as observed with
OpenWRT-19.07-rc2 on a Clearfog Pro Rev 2.0.

This also matches the effective assignment on master, while the actual
interface names (ethX) are different due to the reassignment in
06_set_iface_mac, which is included in 19.07 but was dropped for master.

Signed-off-by: Josua Mayer <josua.mayer@jm0.eu>
[extend commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-07 17:13:40 +02:00
Sungbo Eo
de1693e56f ar71xx: restore support for boot console with arbitrary baud rates
Commit 1bfbf2de6d ("ar71xx: serial: core: add support for boot console
with arbitrary baud rates") added support for arbitrary baud rates which
enabled 250000 baud rate for Yun. But the patch was not ported to kernel
4.9, and since then the kernel set its baud rate to 9600. This commit ports
the patch to kernel 4.14, thereby restoring the serial console of Yun.

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit c90db26e05)
2020-08-02 18:16:00 +02:00
Adrian Schmutzler
1b3aca9142 ath79: restore support for boot console with arbitrary baud rates
The Arduino Yun uses a baud rate of 250000 by default. The serial is
going over the Atmel ATmega and is used to connect to this chip.
Without this patch Linux wants to switch the console to 9600 Baud.

With this patch Linux will use the configured baud rate and not a
default one specified in uart_register_driver().

This has been added for ath79 4.19 and 5.4 in master as part of
fc59b2f79b ("ath79: add support for Arduino Yun"), this backports
it separately to 4.14.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-02 18:15:45 +02:00
Sungbo Eo
f6acabcbdc ar71xx: enable ethernet LED of Arduino Yun
Commit 05d73a2a73 enabled GPIO on ethernet LED, but proper LED setup was
not added then. This commit fixes it by reverting the change on the LED.

Fixes: 05d73a2a73 ("ar71xx: Arduino Yun board 'WLAN RST' button support")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit a5e404d192)
2020-08-02 16:36:22 +02:00
Sungbo Eo
f17174e843 ar71xx: fix sysupgrade for Arduino Yun
Commit bb46b635df changed its partition scheme, but sysupgrade image
validation still uses the old format. This commit fixes it so that
force flag is not needed for sysupgrade.

Fixes: bb46b635df ("ar71xx: move Arduino Yun to generic building code")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 58dc1d0637)
2020-08-02 16:36:07 +02:00
Sungbo Eo
f3c0eab9c7 Revert "ar71xx: fix Arduino Yun enabling of level shifters outputs"
This reverts commit 077253dd66.

The output enable pins should be disabled by default, and only enabled when
used. Otherwise unwanted conflicts might occur between MCU and SoC pins.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 43896dc0b0)
2020-08-02 16:35:54 +02:00
Alexey Dobrovolsky
2f756b39ed ramips: add kmod-usb-dwc2 to ZyXEL Keenetic image
ZyXEL Keenetic has a USB port. Thus, DWC2 USB controller driver should
be in the default image for this device.

Fixes: a7cbf59e0e ("ramips: add new device ZyXEL Keenetic as kn")
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
[fixed whitespace issue]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(backported from commit 0a182fcba6)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-02 13:42:49 +02:00
Alexey Dobrovolsky
06c6a3dd70 ramips: remove patches for USB-dwc2
In FS#2738 we can see that patch first introduced in
e8ebcff ("ramips: add a explicit reset to dwc2")
breaks USB functionality since 18.06. Thus, this patch should be removed.

Removed:
- 0032-USB-dwc2-add-device_reset.patch

Fixes: FS#2738
Fixes: FS#2964

Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
(cherry picked from commit ab841b4393)
2020-08-02 13:40:07 +02:00
Adrian Schmutzler
86727bd158 hostapd: improve TITLE for packages
For a few packages, the current TITLE is too long, so it is not
displayed at all when running make menuconfig. Despite, there is
no indication of OpenSSL vs. wolfSSL in the titles.

Thus, this patch adjusts titles to be generally shorter, and adds
the SSL variant to it.

While at it, make things easier by creating a shared definition for
eapol-test like it's done already for all the other flavors.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 917980fd8a)
2020-07-30 21:43:27 +02:00
David Woodhouse
bf58bfb90e mediatek: mt7623: fix sysupgrade from vendor OpenWrt on UniElec U7623
This board ships with an ancient 14.07-based OpenWrt using block2mtd, and
the MBR partition table contains nonsense.

It is possible to sysupgrade to an upstream OpenWrt image, but the
legacy layout of the OpenWrt images start at 0xA00 in the eMMC, with
a raw uImage. The legacy OpenWrt image doesn't "own" the beginning
of the device, including the MBR and U-Boot.

This means that when a user upgrades to upstream OpenWrt, it doesn't
boot because it can't find the right partitions. So hard-code them on
the kernel's command line using CONFIG_CMDLINE_PARTITION (for block).

Additionally, the vendor firmware doesn't cope with images larger than
about 36MiB, because it only overwrites the contents of its "firmware"
MTD partition. The current layout of the legacy image wastes a lot of
space, allowing over 32MiB for the kernel and another 10MiB for the FAT
recovery file system which is only created as 3MiB. So pull those in
to allow 4¾ MiB for the kernel, 3MiB for recovery, and then we have over
20MiB for the root file system.

This doesn't affect the new images which ship with a full eMMC image
including a different MBR layout and a partition for U-Boot, because
our modern U-Boot can actually pass the command line to the kernel, and
the built-in one doesn't get used anyway.

Tested by upgrading from vendor OpenWrt to the current legacy image,
from legacy to itself, to the previous legacy layout, and then to
finally the full-system image.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
(cherry picked from commit 6eb63019af)
2020-07-30 11:50:07 +08:00
David Woodhouse
2147c33e40 mediatek: mt7623: add explicit console= to U7623 kernel
The bootloader for legacy builds can't set it, so we end up unable to
log in on the serial port.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
(cherry picked from commit ea9ef8c945)
2020-07-30 11:50:07 +08:00
Jan Pavlinec
8fbe450e40 curl: patch CVE-2020-8169
Affected versions: curl 7.62.0 to and including 7.70.0
https://curl.haxx.se/docs/CVE-2020-8169.html

Run tested on Omnia with OpenWrt 19.07

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-29 14:32:03 +02:00
Hauke Mehrtens
7d6e504dbe make_ext4fs: Update to version 2020-01-05
5c201be Add LDFLAGS when building libsparse.a
ec17045 make_ext4fs: fix build on musl systems

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 271d0c825b)
2020-07-29 12:11:04 +02:00
Christian Lamparter
a225164bb5 make-ext4fs: update to HEAD of 2017-05-29 - eebda1
Update make-ext4fs to commit eebda1d55d9701ace2700d7ae461697fadf52d1f

git log --pretty=oneline --abbrev-commit 484903e4..eebda1d5

eebda1d make_ext4: Add strict prototypes.
bb9cf91 make_ext4fs: Remove off64_t in favor of standard off_t

Created with the help of the make-package-update-commit.sh script.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit ac2f341036)
2020-07-29 12:10:59 +02:00
Yousong Zhou
afaa978b74 firewall: backport patch for mss clamping in both directions
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-07-26 18:23:26 +08:00