Further complete OCI container support in ujail:
f5f305e jail: move /tmp/resolv.conf.d to /dev/resolv.conf.d
6f078ae jail: add support for defining devices
686cf7a jail: actually apply filesystem-specific mount options
f91009a jail: refactor default mounts into new structure
66ae2d9 jail: re-implement /proc/sys/net read-write in netns hack
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
9eddf0f jail: fix hooks
1b1286b jail: parse and apply OCI sysctl values
c049047 jail: implement OCI user additionalGIDs
0e1920c jail: read and apply umask from OCI if defined
1c46cc3 jail: parse and apply POSIX rlimits
76adac5 jail: /proc/$pid/oom_score_adj to OCI defined oomScoreAdj
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
8d5208f jail: fix false return in case of nofail mount
b41f76b procd: fix compile if procd-ujail is not selected
86a5105 jail: fs: fix build on uClibc-ng
bfce7d1 jail: fix some more mount options
268126a jail: add support for maskedPaths and readonlyPaths
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This file is always present because it is part of the ltq-dsl-base
package on which these packages depend.
This check would not have been necessary in the past, because the script
was part of the TARGET_LANTIQ on which these packages also depend.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
It does not make sense to install this components on lantiq systems
where the dsl subsystem is not needed/used.
This also makes it possible to use the files also on other targets.
(hopefully ipq401x / FritzBox 7530 in the near future)
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
The last commit to this package that added the pkgconfig file did not
fix the paths to point to the prefix.
This allows packages to find lzo properly.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Specifications:
* SoC: MediaTek MT7621A (880 MHz 2c/4t)
* RAM: Nanya NT5CC128M16IP-DIT (256M DDR3-1600)
* Flash: Macronix MX30LF1G18AC-TI (128M NAND)
* Eth: MediaTek MT7621A (10/100/1000 Mbps x5)
* Radio: MT7615N (2.4 GHz & 5 GHz)
4 antennae: 1 internal and 3 non-deatachable
* USB: 3.0 (x1)
* LEDs:
White (x1 logo)
Green (x6 eth + wps)
Orange (x5, hardware-bound)
* Buttons:
Reset (x1)
WPS (x1)
Everything works! Been running it for a couple weeks now and haven't had
any problems. Please let me know if you run into any.
Installation:
Flash factory image through GUI.
This might fail due to the A/B nature of this device. When flashing, OEM
firmware writes over the non-booted partition. If booted from 'A',
flashing over 'B' won't work. To get around this, you should flash the
OEM image over itself. This will then boot the router from 'B' and
allow you to flash OpenWRT without problems.
Reverting to factory firmware:
Hard-reset the router three times to force it to boot from 'B.' This is
where the stock firmware resides. To remove any traces of OpenWRT from
your router simply flash the OEM image at this point.
Signed-off-by: Santiago Rodriguez-Papa <contact@rodsan.dev>
[use v1 only, minor DTS adjustments, use LINKSYS_HWNAME and add it to
DEVICE_VARS, wrap DEVICE_PACKAGES, adjust commit message/title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
In the package guidelines, PKG_VERSION is supposed to be used as
"The upstream version number that we're downloading", while
PKG_RELEASE is referred to as "The version of this package Makefile".
Thus, the variables in a strict interpretation provide a clear
distinction between "their" (upstream) version in PKG_VERSION and
"our" (local OpenWrt trunk) version in PKG_RELEASE.
For local (OpenWrt-only) packages, this implies that those will only
need PKG_RELEASE defined, while PKG_VERSION does not apply following
a strict interpretation. While the majority of "our" packages actually
follow that scheme, there are also some that mix both variables or
have one of them defined but keep them at "1".
This is misleading and confusing, which can be observed by the fact
that there typically either one of the variables is never bumped or
the choice of the variable to increase depends on the person doing the
change.
Consequently, this patch aims at clarifying the situation by
consistently using only PKG_RELEASE for "our" packages. To achieve
that, PKG_VERSION is removed there, bumping PKG_RELEASE where
necessary to ensure the resulting package version string is bigger
than before.
During adjustment, one has to make sure that the new resulting composite
package version will not be considered "older" than the previous one.
A useful tool for evaluating that is 'opkg compare-versions'. In
principle, there are the following cases:
1. Sole PKG_VERSION replaced by sole PKG_RELEASE:
In this case, the resulting version string does not change, it's
just the value of the variable put in the file. Consequently, we
do not bump the number in these cases so nobody is tempted to
install the same package again.
2. PKG_VERSION and PKG_RELEASE replaced by sole PKG_RELEASE:
In this case, the resulting version string has been "version-release",
e.g. 1-3 or 1.0-3. For this case, the new PKG_RELEASE will just
need to be higher than the previous PKG_VERSION.
For the cases where PKG_VERSION has always sticked to "1", and
PKG_RELEASE has been incremented, we take the most recent value of
PKG_RELEASE.
Apart from that, a few packages appear to have developed their own
complex versioning scheme, e.g. using x.y.z number for PKG_VERSION
_and_ a PKG_RELEASE (qos-scripts) or using dates for PKG_VERSION
(adb-enablemodem, wwan). I didn't touch these few in this patch.
Cc: Hans Dedecker <dedeckeh@gmail.com>
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Andre Valentin <avalentin@marcant.net>
Cc: Matthias Schiffer <mschiffer@universe-factory.net>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Steven Barth <steven@midlink.org>
Cc: Daniel Golle <dgolle@allnet.de>
Cc: John Crispin <john@phrozen.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Bumping package version has been overlooked in a previous commit.
While at it, use PKG_RELEASE instead of PKG_VERSION, as the latter
is meant for upstream version number only.
(The effective version string for the package would be "3" in both
cases, so there is no harm done for version comparison.)
Fixes: 0453c3866f ("vxlan: fix udp checksum control")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
So far, passing "rxcsum" and "txcsum" had no effect.
Fixes: 95ab18e012 ("vxlan: add options to enable and disable UDP
checksums")
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
[add Fixes:]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Feature detection doesn't recognize ipset v7 use on kernel v5.x systems
and thus disables the tc ematch function em_ipset.
- backport patch:
* 002-configure-support-ipset-v7.patch:
650591a7a70c configure: support ipset version 7 with kernel version 5
Fixes: 4e0c54bc5b ("kernel: add support for kernel 5.4")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Recent iproute2 5.x versions modified the symbols resolved for plugins,
causing "tc .. action xt .." to fail. Update the list of symbols to fix.
Fixes: b61495409b ("iproute2: tc: reduce size of dynamic symbol table")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Optional instance watchdog timeout and watchdog mode can be set by
adding: procd_set_param $mode $timeout
$mode is an integer [0-1] representing instance watchdog mode of
operation:
0 = disabled
1 = passive mode, client must periodically poke watchdog via ubus
$timeout is an integer representing how often, in seconds, the watchdog must be poked.
Signed-off-by: Daniel Bailey <danielb@meshplusplus.com>
aed7fb3 procd: fix compilation with uClibc-ng
9d0f831 jail: fix segfault with len(uidmap/gidmap) > 1
42a6217 jail: consider PATH for argv in OCI container
83f4b72 jail: actually chdir into OCI defined CWD
fc9f614 jail: parse and run OCI hooks
02eec92 jail: memory allocation fixes
71e75f4 jail: refactor mount support to cover OCI spec
b586e7d jail: don't make mount source read-only
dacab12 uxc: fix 'stop' command
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This release brings parity with the commits Linus released a few hours
ago into 5.8-rc5.
* receive: account for napi_gro_receive never returning GRO_DROP
The napi_gro_receive function no longer returns GRO_DROP ever, making
handling GRO_DROP dead code. This commit removes that dead code.
Further, it's not even clear that device drivers have any business in
taking action after passing off received packets; that's arguably out of
their hands.
* device: implement header_ops->parse_protocol for AF_PACKET
WireGuard uses skb->protocol to determine packet type, and bails out if
it's not set or set to something it's not expecting. For AF_PACKET
injection, we need to support its call chain of:
packet_sendmsg -> packet_snd -> packet_parse_headers ->
dev_parse_header_protocol -> parse_protocol
Without a valid parse_protocol, this returns zero, and wireguard then
rejects the skb. So, this wires up the ip_tunnel handler for layer 3
packets for that case.
* queueing: make use of ip_tunnel_parse_protocol
Now that wg_examine_packet_protocol has been added for general
consumption as ip_tunnel_parse_protocol, it's possible to remove
wg_examine_packet_protocol and simply use the new
ip_tunnel_parse_protocol function directly.
* compat: backport ip_tunnel_parse_protocol and ip_tunnel_header_ops
These are required for moving wg_examine_packet_protocol out of
wireguard and into upstream.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Add support for Marvell MACCHIATObin Single Shot, cortex-a72 based
Marvell ARMADA 8040 Community board. Single Shot was broken as the
device tree is different on the Double Shot Board.
Specifications:
- Quad core Cortex-A72 (up to 2GHz)
- DDR4 DIMM slot with optional ECC and single/dual chip select support
- Dual 10GbE (1/2.5/10GbE) SFP+
2.5GbE (1/2.5GbE) via SFP
1GbE via copper
- SPI Flash
- 3 X SATA 3.0 connectors
- MicroSD connector
- eMMC
- PCI x4 3.0 slot
- USB 2.0 Headers (Internal)
- USB 3.0 connector
- Console port (UART) over microUSB connector
- 20-pin Connector for CPU JTAG debugger
- 2 X UART Headers
- 12V input via DC Jack
- ATX type power connector
- Form Factor: Mini-ITX (170 mm x 170 mm)
More details at http://macchiatobin.net
Installation:
Write the Image to your Micro SD Card and insert it in the
MACCHIATObin Single Shot SD Card Slot.
In the U-Boot Environment:
1. reset U-Boot environment:
env default -a
saveenv
2. prepare U-Boot with boot script:
setenv bootcmd "load mmc 1:1 0x4d00000 boot.scr; source 0x4d00000"
saveenv
or manually (hanging lines indicate wrapped one-line command):
setenv fdt_name armada-8040-mcbin-singleshot.dtb
setenv image_name Image
setenv bootcmd 'mmc dev 1; ext4load mmc 1:1 $kernel_addr
$image_name;ext4load mmc 1:1 $fdt_addr $fdt_name;setenv
bootargs $console root=/dev/mmcblk1p2 rw rootwait; booti
$kernel_addr - $fdt_addr'
saveenv
On newer Bootloaders (18.12) the Variables have been changed, use:
setenv fdt_name armada-8040-mcbin-singleshot.dtb
setenv image_name Image
setenv bootcmd 'mmc dev 1; ext4load mmc 1:1 $kernel_addr_r
$image_name;ext4load mmc 1:1 $fdt_addr_r $fdt_name;setenv
bootargs $console root=/dev/mmcblk1p2 rw rootwait; booti
$kernel_addr_r - $fdt_addr_r'
Reported-by: Alexandra Alth <alexandra@alth.de>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: Alexandra Alth <alexandra@alth.de>
[add specs and installation as provided by Alexandra Alth]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Between kernels 4.20 and 5.0, a new variant of this board has been
introduced ("Single Shot"), and the existing one has been renamed
with the appendix "Double Shot". [1]
This also adjusted the first compatible in the list:
marvell,armada8040-mcbin -> marvell,armada8040-mcbin-doubleshot
This patch updates the OpenWrt implementation of this device by
adjusting the relevant references to that compatible (i.e., our
board name).
To still provide support for 4.19 with our setup, this adds a
small patch to change the compatible there as well.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b1f0bbe2700051886b954192b6c1751233fe0f52
Cc: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
The firmware is currently just copied. It can end up with o= on the
device (this is the case for voice_ar9_firmware.bin for instance).
Instead of copying it the Makefile is changed to use the macro
"$(INSTALL_DATA)" in order for the file to be world-readable.
While at it refactor the device node creation in the init script with
loop.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
[removed 2nd part with custom group handling for device nodes]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
There had been an issue in Layerscape QSPI driver for very long
time, which made squashfs,jffs2 rootfs not work on QSPI NOR.
And the ubifs had been used as a workaround.
Now the issue has been fixed. So convert to use squashfs,jffs2
rootfs on QSPI NOR for Layerscape boards (LS1012ARDB/LS1046ARDB/
LS1088ARDB), and update u-boot bootargs for booting.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
The rootfs squashfs is already highly (XZ) compressed. Storing the applet
messages in compressed form will increase the entropy and reduce the overall
image compression ratio.
Size diffs (compressed vs uncompressed):
busybox (the executable): 364596 vs 384804 bytes.
OpenWrt target images (the kernel image is unchanged, obviously):
omnia-medkit-openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs.tar.gz:
9163597 vs 9162531 bytes (1066 bytes difference).
openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs-kernel.bin:
9161688 vs 9160600 bytes (1088 bytes difference).
openwrt-mvebu-cortexa9-cznic_turris-omnia-sysupgrade.img.gz:
9729550 vs 9729230 bytes (320 bytes difference).
All in all, we save just a little bit over 1 kiB. As an added bonus, we
also don't have to decompress the messages twice, (first from squashfs,
then from the bzip2 message storage).
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[added additional size comparision diff detaisl]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Zram is only strictly dependent on lzo, not lz4. Break this dependency and
make the lz4 module visible in the configuration, in order for the user to
have the choice of enabling/disabling it, if (s)he sees fit.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
The block-mount swapon implementation doesn't support discard, so make zram-swap
depend only on the default BusyBox implementation or, when unavailable, on the
one present in the swap-utils package.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
The clock_gettime(CLOCK_MONOTONIC) syscall exists for so long that the first
kernel version to support it is not even specified in the man page [1]. Let's
enable it on BusyBox by default. Otherwise, gettimeofday will be used instead,
which will give wrong results if the date/time is reset (time moving backwards).
[1] https://linux.die.net/man/2/clock_gettime
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
CMake is less error prone that autotools and also compiles faster.
Fixed license information.
Added pkgconfig file to InstallDev so that packages that use it can
find lzo.
Before:
time make package/lzo/compile -j 12
________________________________________________________
Executed in 20.87 secs fish external
usr time 26.95 secs 0.00 micros 26.95 secs
sys time 5.49 secs 305.00 micros 5.49 secs
After:
time make package/lzo/compile -j 12
________________________________________________________
Executed in 13.22 secs fish external
usr time 19.59 secs 328.00 micros 19.59 secs
sys time 4.03 secs 10.00 micros 4.03 secs
Time output is with fish shell. make clean was ran before both attempts.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
f4e9bf73ac5c examples/lua: attempt to highlight some traps
53b9a2123fc6 lua/uloop: fd_add: use absolute indices for arguments
c0941d3289fc lua/uloop: make get_sock_fd capable of absolute addresses
161c25960ba2 lua/uloop: fd_add() better args checking
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Quoting part of original message from eefb5f741015 commit in
linux-firmware repository:
This adds the "minifw" version of the EIP197 firmware, which the inside-
secure driver will use as a fallback if the original full-featured
firmware cannot be found. This allows for using the inside-secure driver
and hardware without access to "official" firmware only available under
NDA.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
The block index of u-boot-env changed from mtd1 to mtd3 after upgrading kernel to 5.4.
This patch search the mtd block by label name, work as expect when perform a clean flash.
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
This replaces deprecated backticks by more versatile $(...) syntax.
This does not touch lib/upgrade/nand.sh, as there replacement is
not trivial.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
3034eaf jail: use linux/capability.h instead of sys/capability.h
Fixes: b6e440a0f5 ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make sure RF5592 is set for RT5592 chip which apparently sometimes
doesn't have RF defined (but always comes with RF5592).
This patch was originally submitted on linux-wireless by
Tom Psyborg <pozega.tomislav@gmail.com> but got rejected.
Turns out the patch is actually needed.
Reported-by: Sebastian Gottschall <s.gottschall@dd-wrt.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Enable SCSI low-level drivers on targets that don't have it already in
order to fix following build failures on few platforms:
.config:4739:warning: symbol value 'm' invalid for SCSI_LOWLEVEL
* Restart config...
* SCSI low-level drivers
SCSI low-level drivers (SCSI_LOWLEVEL) [Y/n] (NEW) aborted!
Fixes: b88f8202c4 ("kernel: add iscsi-initator support")
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[commit subject and description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Arduino Yun is a microcontroller development board, based on Atmel
ATmega32u4 and Atheros AR9331.
Specifications:
- MCU: ATmega32U4
- SoC: AR9331
- RAM: DDR2 64MB
- Flash: SPI NOR 16MB
- WiFi:
- 2.4GHz: SoC internal
- Ethernet: 1x 10/100Mbps
- USB: 1x 2.0
- MicroSD: 1x SDHC
Notes:
- Stock firmware is based on OpenWrt AA.
- The SoC UART can be accessed only through the MCU.
YunSerialTerminal is recommended for access to serial console.
- Stock firmware uses non-standard 250000 baudrate by default.
- The MCU can be reprogrammed from the SoC with avrdude linuxgpio.
Installation:
1. Update U-Boot environment variables to adapt to new partition scheme.
> setenv bootcmd "run addboard; run addtty; run addparts; run addrootfs; bootm 0x9f050000 || bootm 0x9fea0000"
> setenv mtdparts "spi0.0:256k(u-boot)ro,64k(u-boot-env),15936k(firmware),64k(nvram),64k(art)ro"
> saveenv
2. Boot into stock firmware normally and perform sysupgrade with
sysupgrade image.
# sysupgrade -n -F /tmp/sysupgrade.bin
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Some devices (e.g. Arduino Yun) need bitwise operations during MAC address
setup. This commit adds generalized versions of macaddr_setbit_la(), which
are helpful when manipulating a single bit in a MAC address.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Instead of building in a default environment which loads our environment
from the FAT partition.... just ask U-Boot to do it.
Submitted upstream at
https://patchwork.ozlabs.org/project/uboot/list/?series=184688
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
For building full SD/eMMC images for Banana Pi R2 we'll want a u-boot
image built for that platform.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Download the boot preloader code from the Banana Pi github repo and make
it available for bootable SD card image creation.
Supports only Banana Pi R2 for now.
Based on work by Alexey Loukianov <lx2@lexa2.ru> and others.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Fixes following issue:
Package kmod-iscsi-initiator is missing dependencies for the following libraries:
crypto_hash.ko
Fixes: b88f8202c4 ("kernel: add iscsi-initator support")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This patch adds support for the Linksys EA7500 V1 router.
Specification:
- CPU: Qualcomm IPQ8064
- RAM: 256MB
- Flash: NAND 128MB
- WiFi: QCA9982 an+ac + QCA9983 bgn
- Ethernet: 5 GBE Ports (WAN+ 4xLAN) (QCA8337)
- USB: 1x USB 3.0 1x USB2.0
- Serial console: RJ-45 115200 8n1 (1V8 Voltage level)
- 2 Buttons
- 1 LED
Known issues:
- Some devices won't flash via web gui
Installation:
- Newer stock images doesn't allow to install custom firmware.
- Please downgrade software to 1.1.2 version. Official firmware:
https://downloads.linksys.com/downloads/firmware/FW_EA7500_1.1.2.172843_prod.gpg.img
- Do it two times to downgrade all stored images.
- Apply factory image via web-gui.
Serial + TFTP method:
- downgrade to 1.1.2 two times
- connect ehternet and serial cable
- set ip address of tftp server to 192.168.1.254
- put openwrt factory image to tftp folder and rename it to macan.bin
- stop device while booting in u-boot
- run command: "run flashimg"
- run command: "setenv boot_part 1"
- run command "saveenv"
- reset
Back to stock:
- Please use old non-gpg image like this 1.1.2:
https://downloads.linksys.com/downloads/firmware/FW_EA7500_1.1.2.172843_prod.img
- ssh to router and copy image to tmp
- use sysupgrade -n -F
Tested by github users: @jack338c and @grzesiczek1
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[removed i2c4_pins, mdio0_pins, nand_pins, rgmii2_pins from DTSI]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Buffalo WTR-M2133HP is a Tri-Band router based on IPQ4019.
Specification
-------------
- SoC: Qualcomm IPQ4019
- RAM: 512MiB
- Flash Memory: NAND 128MiB (MXIC MX30LF1G18AC)
- Wi-Fi: Qualcomm IPQ4019 (2.4GHz, 1ch - 13ch)
- Wi-Fi: Qualcomm IPQ4019 (5GHz, 36ch - 64ch)
- Wi-Fi: Qualcomm QCA9984 (2T2R, 5GHz, 100ch - 140ch)
- Ethernet: 4x 10/100/1000 Mbps (1x WAN, 3x LAN)
- LED: 4x white LED, 4x orange LED, 1x blue LED
- USB: 1x USB 3.0 port
- Input: 2x tactile switch, 2x slide switch (2x SP3T)
- Serial console: 115200bps, pinheader JP5 on PCB
- Power: DC 12V 2A
Flash instruction
-----------------
1. Set up a TFTP server (IP address: 192.168.11.10)
2. Rename "initramfs-fit-uImage.itb" to "WTR-M2133HP-initramfs.uImage"
and put it into the TFTP server directory.
3. Connect the TFTP server and WTR-M2133HP.
4. Hold down the AOSS button, then power on the router.
5. After booting OpenWrt initramfs image, connect to the router by SSH.
6. Transfer "squashfs-nand-factory.ubi" to the router.
7. Execute the following commands.
# ubidetach -p /dev/mtd15
# ubiformat /dev/mtd15 -f /tmp/openwrt-ipq40xx-generic-buffalo_wtr-m2133hp-squashfs-nand-factory.ubi
# fw_setenv bootcmd bootipq
8. Perform reboot.
Recover to stock firmware
-------------------------
1. Execute the following command.
# fw_setenv bootcmd bootbf
2. Reboot and wait several minutes.
Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
Zyxel NSA310S is a NAS based on Marvell kirkwood SoC.
Specification:
- Processor Marvell 88F6702 1 GHz
- 256MB RAM
- 128MB NAND
- 1x GBE LAN port (PHY: Marvell 88E1318)
- 2x USB 2.0
- 1x SATA
- 3x button
- 7x leds
- serial on J1 connector (115200 8N1) (GND-NOPIN-RX-TX-VCC)
Known issues:
- no kernel module for RTC. [*]
- buzzer (connected to MPP43) need to be drived by 1kHz signal
- no kernel module for internal MCU connected via I2C[**]
[*]
Karoly Pocsi made simple, unofficial driver for HT1382.
It can be found here:
https://www.madadmin.com/zyxel-nsa320s-es-debian-linux-4-resz/
[**]
Karoly Pocsi found how CPU talk with MCU:
It is possible to query the MCU-controlled fan speed and temperature:
i2cget -y 0x0 0x0a 0x07
i2cget -y 0x0 0x0a 0x08
The first value (0x07) is the temperature in ° C, the second (0x08) is
the time in milliseconds to complete one fan revolution (rpm = 60,000 / value).
Info translated from:
https://www.madadmin.com/zyxel-nsa320s-es-debian-linux-4-resz/
Installation:
TFTP:
1. Run serial console and go to u-boot.
2. Copy u-boot via tftp and write to NAND:
=> mw 0x0800000 0xffff 0x100000
=> nand erase 0x0 100000
=> setenv ipaddr 192.168.1.2
=> setenv serverip 192.168.1.4
=> tftp 0x0800000 nsa310s-u-boot.kwb
=> nand write 0x0800000 0x0 0x100000
=> reset
3. Run new u-Boot, repair bootcmd and restore MAC address from sticker
=> setenv ethaddr AA:BB:CC:DD:EE:FF
=> saveenv
4. Copy and run initramfs image
=> setenv ipaddr 192.168.1.2
=> setenv serverip 192.168.1.4
=> tftpboot zyxel_nsa310s-initramfs-uImage
=> bootm 0x800000
5. Download sysupgrade image and perform sysupgrade
USB:
1. Prepare usb fat32 drive with u-boot.kwb and initramfs image.
Stick it to USB 2.0 port.
2. Run serial console and go to u-boot.
3. Copy u-boot from usb and write to NAND:
=> mw 0x0800000 0xffff 0x100000
=> nand erase 0x0 100000
=> usb start
=> fatload usb 0 0x0800000 u-boot.kwb
=> nand write 0x0800000 0x0 0x100000
=> reset
4. Run new u-Boot, repair bootcmd and restore MAC address from sticker
=> setenv ethaddr AA:BB:CC:DD:EE:FF
=> saveenv
5. Copy and run initramfs image:
=> usb start
=> fatload usb 0 0x0800000 initramfs-uImage
=> bootm 0x800000
6. Download sysupgrade image and perform sysupgrade.
Based on work ThBexx <thomas.beckler@hotmail.com>
DTS based on dropped support in 0ebdf0c.
Tested-by: Lech Perczak <lech.perczak@gmail.com>
Reviewed-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[NSA310s -> NSA310S in DEVICE_MODEL]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
New script for comgt. Should help to fetch balance or any additional information with USSD.
This script uses the standard AT command which should be supported by all modems.
Run-tested on: Mikrotik wAP LTE KIT
Signed-off-by: Kirill Lukonin <klukonin@gmail.com>
[fixed from/sob]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Specifications:
SOC: Qualcomm IPQ4029 (DAKOTA) ARM Quad-Core
RAM: 512 MiB
FLASH1: 16 MiB NOR - SPI0
FLASH2: 8 GiB eMMC
ETH: Qualcomm QCA8075
WLAN1: Qualcomm Atheros QCA4029 2.4GHz 802.11b/g/n 2x2
WLAN2: Qualcomm Atheros QCA4029 5GHz 802.11n/ac W2 2x2
INPUT: Reset, WPS
LED: Power, Mesh, WLAN
UART1: On board pin header near to LED (3.3V, TX, RX, GND), 3.3V without pin - 115200 8N1
UART2: On board with BLE module
SPI1: On board socket for Zigbee module
Install via tftp
- NB: need to flash transition image firstly
Firstly install transition image:
(IPQ40xx) # tftpboot 0x84000000 s1300-factory-to-openwrt.img
(IPQ40xx) # sf probe && imgaddr=0x84000000 && source :script
Secondly install openwrt sysupgrade bin:
(IPQ40xx) # run lf
Revert to factory image:
(IPQ40xx) # tftpboot 0x84000000 s1300-openwrt-to-factory.img
(IPQ40xx) # sf probe && imgaddr=0x84000000 && source :script
The kernel and rootfs of factory firmware are on eMMC, and openwrt
firmware is on NOR flash. The transition image includes U-boot
and partition table, which decides where to load kernel and rootfs.
After you firstly install openwrt image, you can switch between
factory and openwrt firmware by flashing transition image.
Signed-off-by: Dongming Han <handongming@gl-inet.com>
Module is needed for using iscsi-initiator userspace applications
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[added missing newline between kernel modules]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Before this change, setting the verbosity to anything with V=blah would
cause uclibc++ build to print errors to the screen. Now, it the
clibc++ build verbosity will be altered in the following manners:
* V=s will set V=1 in the uclibc++ build
* V=sc will set V=2 in the uclibc++ build
Signed-off-by: Wren Turkal <wt@penguintechs.org>
The Xiaomi Mi Router AC2100 is a *black* cylindrical router that shares many
characteristics (apart from its looks and the GPIO ports) with the 6-antenna
*white* "Xiaomi Redmi Router AC2100"
See the visual comparison of the two routers here:
https://github.com/emirefek/openwrt-R2100/raw/imgcdn/rm2100-r2100.jpg
Specification of R2100:
- CPU: MediaTek MT7621A
- RAM: 128 MB DDR3
- FLASH: 128 MB ESMT NAND
- WIFI: 2x2 802.11bgn (MT7603)
- WIFI: 4x4 802.11ac (MT7615)
- ETH: 3xLAN+1xWAN 1000base-T
- LED: Power, WAN in Yellow and Blue
- UART: On board (Don't know where is should be confirmed by anybody else)
- Modified u-boot
Hacking of official firmware process is same at both RM2100 and R2100.
Thanks to @namidairo
Here is the detailed guide Hack: https://github.com/impulse/ac2100-openwrt-guide
Guide is written for MacOS but it will work at linux.
needed packages: python3(with scapy), netcat, http server, telnet client
1. Run PPPoE&exploit to get nc and wget busybox, get telnet and wget firmware
2. mtd write openwrt-ramips-mt7621-xiaomi_mi-router-ac2100-kernel1.bin kernel1
3. nvram set uart_en=1
4. nvram set bootdelay=5
5. nvram set flag_try_sys1_failed=1
6. nvram commit
7. mtd -r write openwrt-ramips-mt7621-xiaomi_mi-router-ac2100-rootfs0.bin rootfs0
other than these I specified in here. Everything is same with:
f3792690c4
Thanks for all community and especially for this device:
@Ilyas @scp07 @namidairo @Percy @thorsten97 @impulse (names@forum.openwrt.com)
MAC Locations:
WAN *:b5 = factory 0xe006
LAN *:b6 = factory 0xe000
WIFI 5ghz *:b8 = factory 0x8004
WIFI 2.4ghz *:b7 = factory 0x0004
Signed-off-by: Emir Efe Kucuk <emirefek@gmail.com>
[refactored common image bits into Device/xiaomi-ac2100, fixed From:]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Upstream in commit 972d723484d8 ("split signkey_type and signature_type
for RSA sha1 vs sha256") has added strict checking of pubkey algorithms
which made keys with SHA-256 hashing algorithm unusable as they still
reuse the `ssh-rsa` public key format. So fix this by disabling the
check for `rsa-sha2-256` pubkeys.
Ref: https://tools.ietf.org/html/rfc8332#section-3
Fixes: d4c80f5b17 ("dropbear: bump to 2020.80")
Tested-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This can be useful when a DFS channel is configured, as the ACS channel
list is taken into account when switching channels after a radar event.
For example, this allows to prevent the SRD channels from being used in
that case.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[reorder structure]
Signed-off-by: David Bauer <mail@david-bauer.net>
This replaces deprecated backticks by more versatile $(...) syntax.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This replaces deprecated backticks by more versatile $(...) syntax.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This package allows to read battery status information and control the
power state of the RAVPower RP-WD009 power management IC.
Signed-off-by: David Bauer <mail@david-bauer.net>
The RAVPower RP-WD009 is a batter-powered pocket sized router with SD
card lot and USB port.
Hardware
--------
CPU: MediaTek MT7628AN
RAM: 64M DDR2
FLASH: 16M GigaDevices SPI-NOR
WLAN: MediaTek MT7628AN 2T2R b/g/n
MediaTek MT7610E 1T1R n/ac
ETH: 1x FastEthernet
SD: SD Card slot
USB: USB 2.0
Custom PMIC on the I2C bus (address 0x0a).
Installation
------------
1. Press and hold down the reset button.
2. Power up the Device. Keep pressing the reset button for 10
more seconds until the Globe LED lights up.
3. Attach your Computer to the Ethernet port. Assign yourself the
address 10.10.10.1/24.
4. Access the recovery page at 10.10.10.128 and upload the OpenWrt
factory image.
5. The flashing will take around 1 minute. The device will reboot
automatically into OpenWrt.
Signed-off-by: David Bauer <mail@david-bauer.net>
This reverts commit 930f3c0148.
The build fails with the following build error:
arm-openwrt-linux-muslgnueabi-ld.bfd: drivers/built-in.o: in function `ide_init':
build_dir/target-arm_xscale_musl_eabi/u-boot-nsa310/u-boot-2020.04/drivers/block/ide.c:750: undefined reference to `ide_preinit'
make[4]: *** [Makefile:1700: u-boot] Error 1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Removing i2c pxa slave
The i2c-pxa is typically not use in slave mode. It does not make sense
to have slave mode enabled by default.
Having slave mode enabled prevents the i2c controller from being reset
if a real slave device such as an SFP is attached to the i2c-pxa bus and
locks it up.
Disable slave mode so that the i2c controller can be reset if the bus is
locked up.
If someone actually has a need for pxa slave mode this can be enabled in
kernel config.
Signed-off-by: Scott Roberts <ttocsr@gmail.com>
/lib/netifd/dhcp.script:
Keep support for 'timesvr' while also supporting 'timesrv'
Add log message indicating deprecation of 'timesvr'
Signed-off-by: Sukru Senli <sukru.senli@iopsys.eu>
the uboot of nsa310 cannot use the network chip
as it is a realtek on the PCIe lanes and not a
Marvell ethernet from the SoC.
Therefore tftp is not possible on this device
and the only way to install is by loading files
from a USB drive.
If the USB subsystem is dead there is no way to
install OpenWrt.
Enable sata support and commands so it can be
used as a fallback in case of USB issues.
Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
With package "coreutil-sha256sum" installed "sysupgrade" fails to perform 'sha256sum -s' and instead returns 'invalid option -- 's''.
This is caused due to:
different syntax for a sha256sum status check ('sha256sum --status' with "coreutil-sha256sum")
'/usr/bin/sha256sum' being symlinked to '/usr/bin/gnu-sha256sum' (after installation of "coreutil-sha256sum")
"coreutil-sha256sum" package from the packages feed replaces the Busybox sha256sum
This patch restores for 'sysupgrade' the busybox call to its sha256sum applet.
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
Remove leds-apu2 out of tree driver. There is a new upstream device gpio
and leds driver stack available for the APUv2 and APUv3 boards from pc
egnines. This new driver stack was add in kernel version 4.15.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
ath9k will already fallback on software-crypto for chipsets not
supporting IEEE802.11w (MFP). So advertising MFP is not dependent
on disabling HW crypto for all traffic entirely.
Tested on Sonicwall SonicPoint Ni (AR9132)
Signed-off-by: David Bauer <mail@david-bauer.net>
Backport patches which fix compile issue for uClibc-ng :
dbrandom.c:174:8: warning: implicit declaration of function 'getrandom'; did you mean 'genrandom'? [-Wimplicit-function-declaration]
ret = getrandom(buf, sizeof(buf), GRND_NONBLOCK);
^~~~~~~~~
genrandom
dbrandom.c:174:36: error: 'GRND_NONBLOCK' undeclared (first use in this function); did you mean 'SOCK_NONBLOCK'?
ret = getrandom(buf, sizeof(buf), GRND_NONBLOCK);
^~~~~~~~~~~~~
SOCK_NONBLOCK
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
- update SPDX license identifier
- use https in URL
- use default PKG_BUILD_DIR
Suggested-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* compat: drop centos 8.1 support as 8.2 is now out
Of note, as well, is that we now have both RHEL7 and RHEL8 in our CI at
<https://www.wireguard.com/build-status/>.
* Kbuild: remove -fvisibility=hidden from cflags
This fixes an issue when compiling wireguard as a module for ARM kernels in
THUMB2 mode without the JUMP11 workaround.
* noise: do not assign initiation time in if condition
Style fix.
* device: avoid circular netns references
Fixes a circular reference issue with network namespaces.
* netns: workaround bad 5.2.y backport
This works around a back backport in the 5.2.y series.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
mac80211_get_addr is called from mac80211_generate_mac, where the local variable
initialisation id="${macidx:-0}" suggests that macidx is not always defined.
Probably, idx was supposed to be used instead of $(($macidx + 1)).
Fixes: 4d99db168c ("mac80211: try to get interface addresses from wiphy sysfs 'addresses' if no mask is set")
Signed-off-by: Leon M. George <leon@georgemail.eu>
urandom-seed has a separate Makefile, we can safely remove the definition here.
Fixes: 27bfde9c9f ("base-files: move urandom seed bits into separate package")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.
This follows up 3519bf4976
As a result, we also need to move the and/or out of the test brackets.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
[squash from two patches, adjust commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The original text was copy/pasted from some other package.
Adjust the package title and description to match the description
on the publishers page.
Signed-off-by: Catalin Patulea <catalinp@google.com>
[slightly adjust content and commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
- drop patches (applied upstream):
* 010-backport-change-address-logging.patch
* 020-backport-ed25519-support.patch
* 021-backport-chacha20-poly1305-support.patch
- backport patches:
* 010-backport-disable-toom-and-karatsuba.patch:
reduce dropbear binary size (about ~8Kb).
- refresh patches.
- don't bother anymore with following config options
because they are disabled in upstream too:
* DROPBEAR_3DES
* DROPBEAR_ENABLE_CBC_MODE
* DROPBEAR_SHA1_96_HMAC
- explicitly disable DO_MOTD as it was before commit a1099ed:
upstream has (accidentally) switched it to 0 in release 2019.77,
but reverted back in release 2020.79.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This replace the shell script header of ldd
when it install to `/usr/bin/ldd` where
`#! /..../staging_dir/host/bin/bash`
should be
`#!/bin/sh`
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Previously, gpio_switch only accepts GPIO pin number as input. Once a
GPIO pin is exported and named by device tree, its pin state cannot be
configured and saved across reboots by UCI.
This patch adds support for named GPIO pins. Thus GPIO pin can be
exported by device tree with active high/low correctly configured,
having human-readable name in /sys/class/gpio/ is also now possible.
More importantly, GPIO pins which are referenced by name will be immune
from pin mapping breakage while unintentional pin number changes are
introduced by kernel or driver updates.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
This option allows adding the ath9k ADC register output as a source
of randomness into the Linux entropy pool at sufficient quality
random data (at least 10 bits and up to 22 bits of min-entropy for
a 32-bit value).
Fixes FS#1444
Signed-off-by: Alan Swanson <reiver@improbability.net>
Ubus patch as it seems have been broken by some rebase in the past as
the location of line that adds ubus object file was in condition for
CONFIG_MACSEC. That condition was adding object files that are not
touched by ubus patch. This means ubus.o does not have to be included in
that case. When it has to be and when build fails is when CONFIG_AP is
set. All files included in wpa_supplicant that are touched by this patch
are in this condition. This means that this is for sure the original
place for it.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.
Stack smashing protection configuration options are now uniform
across all supported libc variants.
This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
After a hardware reconnect, the control device might be unavailable and
attempting to interact with it will lead to hanging gcom calls, leaving
the protocol setup in an unrecoverable state.
Change the protocol handler to bail out early and notify netifd if the
control device is not defined or if the underlying device node does not
exist.
Also ensure that the "disconnect", "connect" and "setmode" commands are
actually defined before trying to invoke them.
Finally attempt to re-query the device manufacturer if it is unset in
the interface state in order to prevent UNUPPORTED_MODEM errors after
a modem hardware reconnect.
Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com>
[reword subject and commit message]
Ref: https://github.com/openwrt/openwrt/pull/2352
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Pass a default --up and --down executable to each started OpenVPN instance
which triggers /etc/hotplug.d/openvpn/ scripts whenever an instance
goes up or down.
User-configured up and down scripts are invoked by the default shipped
01-user hotplug handler to ensure that existing setups continue to work
as before.
As a consequence of this change, the up, down and script_security OpenVPN
options are removed from the option file, since we're always passing them
via the command line, they do not need to get included into the generated
configuration.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[reword commit message, move hotplug executable to /usr/libexec]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
All devices are using nand images. Built-in MMC/SD modules are not needed
anymore.
Run tested: pogo v4
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Bringing up of station vlan fails if the optional mac entry isn't set.
The default mac "00:00:00:00:00:00", which should match all stations,
is mistakenly set to the non used variable "isolate". This results in
a wrong formatted .psk file which has to be "vlan_id mac key".
fixes: 5aa2ddd0: hostapd: add support for wifi-station and wifi-vlan sections
Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
SOC: IPQ4018 / QCA Dakota
CPU: Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM: 256 MiB
NOR: 32 MiB
ETH: Qualcomm Atheros QCA8072 (2 ports)
USB: 1 x 2.0 (Host controller in the SoC)
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT: RESET Button
LEDS: White, Blue, Red, Orange
Flash instruction:
From EnGenius firmware to OpenWrt firmware:
In Firmware Upgrade page, upgrade your openwrt-ipq40xx-generic-engenius_emr3500-squashfs-factory.bin directly.
From OpenWrt firmware to EnGenius firmware:
1. Setup a TFTP server on your computer and configure static IP to 192.168.99.8
Put the EnGenius firmware in the TFTP server directory on your computer.
2. Power up EMR3500. Press 4 and then press any key to enter u-boot.
3. Download EnGenius firmware
(IPQ40xx) # tftpboot 0x84000000 openwrt-ipq40xx-emr3500-nor-fw-s.img
4. Flash the firmware
(IPQ40xx) # imgaddr=0x84000000 && source 0x84000000:script
5. Reboot
(IPQ40xx) # reset
Signed-off-by: Yen-Ting-Shen <frank.shen@senao.com>
[squashed update patch, updated to 5.4, dropped BOARD_NAME,
migrated to SOC]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
IPKG_INSTROOT is only set under image builder and we won't be running
this script at build time either, so remove the reference before it gets
cargo-culted into other scripts.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
The folder for the uci-defaults file of this package is wrong, so
the file most probably has not been executed at all for several
years at least.
Fix the folder and remove the useless shebang for the file.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The Netgear WNDRMAC v1 is a hardware variant of the Netgear WNDR3700 v2
Specifications
==============
* SoC: Atheros AR7161
* RAM: 64mb
* Flash on board: 16mb
* WiFi: Atheros AR9220 (a/n), Atheros AR9223 (b/g/n)
* Ethernet: RealTek RTL8366SR (1xWAN, 4xLAN, Gigabit)
* Power: 12 VDC, 2.5 A
* Full specs on [openwrt.org](https://openwrt.org/toh/hwdata/netgear/netgear_wndrmac_v1)
Flash Instructions
==================
It is possible to use the OEM Upgrade page to install the `factory`
variant of the firmware.
After the initial upgrade, you will need to telnet into the router
(default IP 192.168.1.1) to install anything. You may install LuCI
this way. At this point, you will have a web interface to configure
OpenWRT on the WNDRMAC v1.
Please use the `sysupgrade` variant for subsequent flashes.
Recovery Instructions
=====================
A TFTP-based recovery flash is possible if the need arises. Please refer
to the WNDR3700 page on openwrt.org for details.
https://openwrt.org/toh/netgear/wndr3700#troubleshooting_and_recovery
Signed-off-by: Renaud Lepage <root@cybikbase.com>
[update DTSI include name]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Bump to latest Git and refresh all patches in order to get fix for "UPnP
SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695).
General security vulnerability in the way the callback URLs in the UPnP
SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
Some of the described issues may be applicable to the use of UPnP in WPS
AP mode functionality for supporting external registrars.
Ref: https://w1.fi/security/2020-1/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
d13290b Fix advertised IPv6 addresses
Don't just serve link-local addresses via mdns, offer all.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
When bringing up wifi the first time after boot, these warnings appear:
netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.psk': No such file or directory
netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.vlan': No such file or directory
Silence them by adding the "-f" option to rm.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
This updates to the last firmware version before the switch to building
from the common firmware branch, which introduces various issues.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
This reverts commit 9e467a764b.
The Raspberry Pi firmware recently switched to building from the common
firmware branch. This introduces changes in the core clock handling,
causing various issues.
E.g. enable_uart=1 no longer fixes the core clock frequency to 250MHz.
When the disable-bt DT overlay is not loaded, the core clock frequency
is increased to 400MHz. As a result, the UART baud rate is no longer
correct, and this causes garbled serial console, or communication
problems with HATs that use the UART.
As a workaround, the core clock could be fixed to 250MHz by adding
'core_freq=250' in /boot/config.txt, but as there appear to be other
issues than just the UART being broken, the safer bet is to revert the
firmware for now.
Upstream bug: https://github.com/raspberrypi/firmware/issues/1376
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
As reported in https://github.com/openwrt/packages/issues/12072, the
imagebuilder fails due to a dependency resolution error when the userspace
packages are built using a target that has a different kernel version than
that which is being run. To resolve this, add a virtual kernel package with
the conditional dependency currently used in sqm-scripts. The idea is to
move the sqm-scripts dependency to this virtual package, which hopefully
should be consistent with the actual kernel module being built.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
The Linksys devices in mvebu target feature a mixed naming,
where parts are based on the official product name (device
node, image; e.g. WRT3200ACM) and parts are based on the
internal code name (DTS file name, compatible, LED labels;
e.g. rango). This inconsistent naming has been perceived
as quite confusing.
A recent attempt by Paul Spooren to harmonize this naming
in kernel has been declined there. However, for us it still
makes sense to apply at least a part of these changes
locally.
Primarily, this patch changes the compatible in DTS and thus
the board name used in various scripts to have them in line
with the device, model and image names. Due to the recent
switch from swconfig to DSA, this allows us to drop
SUPPORTED_DEVICES and thus prevent seamless upgrade between
these incompatible setups.
However, this does not include the LED label rename from
Paul's initial patch: I don't think it's worth keeping the
enormous diff locally for this case, as we can implement
this much easier in 01_leds if we have to live with the
inconsistency anyway.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, extend to all devices, drop DT LED changes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Remove dependencies on core kernel headers in host tools used to build perf,
which break on any non-linux system
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This patch adds support for 2 new uci sections.
config wifi-vlan
# iface is optional. if it is not defined the vlan will apply
# to all interfaces
option iface default_radio0
option name guest
option vid 100
option network guest
config wifi-station
# iface is optional. if it is not defined the station will apply
# to all interfaces
option iface default_radio0
# mac is optional. if it is not defined it will be a catch all
# for any sta using this key
option mac '00:11:22:33:44:55'
# vid is optional. if it is not defined, the sta will be part of
# the primary iface.
option vid 100
option key testtest
With this patch applied it is possible to use multiple PSKs on a single BSS.
Signed-off-by: John Crispin <john@phrozen.org>
db275e1 interface-ip: fix build on non-linux systems
3392046 system-dummy: fix missing return
a56b457 netifd: wireless: add support for tracking wifi-station sections
4ce33ce netifd: wireless: add support for tracking wifi-vlan sections
Signed-off-by: John Crispin <john@phrozen.org>
Add kmod for the ST LSM6DSX IMU driver.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
[fixed missing regmap module dependencies]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
32-bit x86 fail to compile fast-math feature when compiled with frame
pointer, which uses a register used in a couple of inline asm functions.
Previous versions of wolfssl had this by default. Keeping an extra
register available may increase performance, so it's being restored for
all architectures.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This will be moved to packages:
https://github.com/openwrt/packages/pull/12378
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[commit subject facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Does not seem to be needed here. This will be imported into packages.
Ref: https://github.com/openwrt/packages/pull/12256
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[subject facelift, PR ref]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
No package in base uses libconfig. Everything is in the packages feed.
Ref: https://github.com/openwrt/packages/pull/12255
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[subject facelift, PR ref]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Since commit 910df3f06c we have build in
on all X86/64 platforms the gpio-it87 driver.
Since this change I am getting the following error message on boot.
> kern.err kernel: [ 1.009416] gpio_it87: no device
I do not have this device on my system. To prevent the nonsensical
message and the loading of the module I have added this as a package, so
that it can be installed later or during image building.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
Due to filesystem write caching the old configuration data could stay
out of flash for a long time during a first boot after the sysupgrade.
Power loss during this period could damage the overlay data and even
make device inaccessable via the network.
Fix this by syncing data to a flash as soon as the previous
configuration will be unpacked after the sysupgrade. Also sync the FS
state after the sysupgrade.tgz archive removing to prevent duplicative
extraction of a previous configuration.
Tested with AMD Geode based board.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
This changes the ide-disk LED trigger to the generic disk-activity as
ide-disk trigger was removed in upstream commit eb25cb9956cc ("leds:
convert IDE trigger to common disk trigger").
Signed-off-by: Thomas Albers <thomas.gameiro@googlemail.com>
[split into separate commit, commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
ddd57c2 pppd: Add lcp-echo-adaptive option
c319558 pppd: Handle SIGINT and SIGTERM during interrupted syscalls (#148)
0bc11fb Added missing options to manual pages. (#149)
b1fcf16 Merge branch 'monotonic-time' of https://github.com/themiron/ppp
c78e312 pppd: linux: use monotonic time if possible
Remove patch 121-debian_adaptive_lcp_echo as patch is upstream accepted
Remove patch 206-compensate_time_change.patch as timewrap issues are
solved by a patch making use of monotonic time
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
From: Rui Salvaterra <rsalvaterra@gmail.com>
Date: Mon, 25 May 2020 14:49:07 +0100
Subject: [PATCH] rt2800: enable MFP support unconditionally
This gives us WPA3 support out of the box without having to manually disable
hardware crypto. The driver will fall back to software crypto if the connection
requires management frame protection.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
GPS time without date was previously used to set system date:
Tue Oct 10 11:48:21 2000 user.info kernel: [ 108.786639] ugps: system time differs from GPS time by more than 5 seconds. Using 2000-10-10T10:48:21 UTC as the new time
Tue Oct 10 11:49:27 2000 user.info kernel: [ 174.794699] ugps: system time differs from GPS time by more than 5 seconds. Using 2020-05-26T10:49:27 UTC as the new time
Fix this by ignoring incomplete dates and wait for complete time
information before adjusting system date/time.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Also ensure that the error message is actually printed to stderr and that
the rule generation is aborted if an interface cannot be resolved.
Ref: https://github.com/openwrt/luci/issues/3975
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
disable_vht parameter needs to be set when using wpa_supplicant NOHT/HT* modes.
Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
When configuring the radio in legacy mode from luci, the htmode is not set
correctly to NOHT, causing the radio in mesh mode to be set to HT40.
Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
Add a local hack to prevent the Broadcom WPA authenticator process from
inheriting the lock descriptor 1000 used to prevent concurrent executions
of the init script.
Without this fix, repeated invocations of /etc/init.d/network, e.g. for
obtaining the enabled state, would hang forever.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Support for 64 bits has been remove on latest master of raspberry/firmware.
Update to latest commit with 64 bit support since we don't support
installing 32 bit packages on 64 bit targets.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The clean target tries to remove what looks like a bogus 'rbcfg',
probably carried over copy-pasta. Remove the name of the generated
executable ('fbtest') instead.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Fixes: 8099f4e0d3 ("fbtest utility ")
tl;dr: dd will silently truncate the output if reading from special
files (e.g. sysfs attributes) with a too large bs parameter.
This problem was exposed on some RouterBOARD ipq40xx devices which use a
caldata payload which is larger than PAGE_SIZE, contrary to all other
currently supported RouterBOARD devices: the caldata would fail to
properly load with the current scripts.
Background: dd doesn't seem to correctly handle read() results that
return less than requested data. sysfs attributes have a kernel exchange
buffer which is at most PAGE_SIZE big, so only 1 page can be read() at a
time. In this case, if bs is larger than PAGE_SIZE, dd will silently
truncate blocks to PAGE_SIZE. With the current scripts using bs=<size>
count=1, the data is truncated to PAGE_SIZE as soon as the requested
<size> exceeds this value.
This commit works around this problem by using `cat` in the caldata
routines that can read from a file (routines that read from mtd devices
are untouched). cat correctly handles partial read requests. The output
is then piped to dd with the same parameters as before, to ensure that
the resulting file remains exactly the same.
This is a simple workaround, the downside is that it uses a pipe and one
more executable, and therefore has a larger memory footprint and is
slower. This is deemed acceptable considering these routines are only
used at boot time.
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
86818eaa976b blob: make blob_parse_untrusted more permissive
cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len
c2fc622b771f blobmsg: fix length in blobmsg_check_array
639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name
66195aee5042 blobmsg: fix missing length checks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len()
eeddf22 tests: runqueue: try to fix race on GitLab CI
89fb613 libubox: runqueue: fix use-after-free bug
1db3e7d libubox: runqueue fix comment in header
7c4ef0d tests: list: add test case for list_empty iterator
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
00b921d80ac0 Do not print line number in debug messages
96c42c5ed320 Fix length checks in cert_load()
fe06b4b836b3 usign-exec: improve usign -F output handling
19f9e1917e1b usign-exec: return code fixes
077feb5b5824 usign-exec: close writing end of pipe early in parent process
7ec4bb764e1e usign-exec: remove redundant return statements
5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17]
112488bbbccc usign-exec: do not close stdin and stderr before exec
38dcb1a6f121 usign-exec: fix exec error handling
a9be4fb17df2 usign-exec: simplify usign execv calls
854d93e2326a Introduce read_file() helper, improve error reporting
afc86f352bf7 Fix return code of write_file()
fdff10852326 stdout/stderr improvements
dddb2aa8124d ci: fix unit test failures by enabling full ucert build
5f206bcfe5c2 ci: enable unit testing
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Commit 472fd98c5b ("hostapd: disable support for Wired Equivalent
Privacy by default") made support for WEP optional.
Expose the WEP support to LuCi or other userspace tools using the
existing interface. This way they are able to remove WEP from the
available ciphers if hostapd is built without WEP support.
Signed-off-by: David Bauer <mail@david-bauer.net>
This fixes the following compile error seen on the mpc85xx target:
CC [M] /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o
In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89:
/builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t'
typedef _Addr ptrdiff_t;
^~~~~~~~~
In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4,
from ./include/linux/list.h:5,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3,
from ./include/linux/module.h:9,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79:
./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here
typedef __kernel_ptrdiff_t ptrdiff_t;
^~~~~~~~~
scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed
Fixes: 289c632425 ("mac80211: Update to version 5.7-rc3-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Running your firewall's "wan" zone in REJECT zone (1) exposes the
presence of the router, (2) depending on the sophistication of
fingerprinting tools might identify the OS and release running on
the firewall which then identifies known vulnerabilities with it
and (3) perhaps most importantly of all, your firewall can be
used in a DDoS reflection attack with spoofed traffic generating
ICMP Unreachables or TCP RST's to overwhelm a victim or saturate
his link.
This rule, when enabled, allows traceroute to work even when the
default input policy of the firewall for the wan zone has been
set to DROP.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This updates the mac80211 backport.
The removed patches are already integrated in the upstream version.
The 131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch patch
was manually adapted to the changes in kernel 5.7.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This updates the mac80211 backport.
The removed patches are already integrated in the upstream version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This updates the mac80211 backport.
The removed patches are already integrated in the upstream version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This updates the mac80211 backport to the latest minor version.
The removed patch was a backport from the upstream kernel which is now
integrated.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Bring back 802.11s mesh features to the level previously available
before the recent hostapd version bump. This is mostly to support use
of 802.11s on DFS channels, but also making mesh forwarding
configurable which is crucial for use of 802.11s MAC with other routing
protocols, such as batman-adv, on top.
While at it, fix new compiler warning by adapting 700-wifi-reload.patch
to upstream changes, now building without any warnings again.
Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This version has the various slew of bug fixes and compat fixes and
such, but the most interesting thing from an OpenWRT perspective is that
WireGuard now plays nicely with cake and fq_codel. I'll be very
interested to hear from OpenWRT users whether this makes a measurable
difference. Usual set of full changes follows.
This release aligns with the changes I sent to DaveM for 5.7-rc7 and were
pushed to net.git about 45 minutes ago.
* qemu: use newer iproute2 for gcc-10
* qemu: add -fcommon for compiling ping with gcc-10
These enable the test suite to compile with gcc-10.
* noise: read preshared key while taking lock
Matt noticed a benign data race when porting the Linux code to OpenBSD.
* queueing: preserve flow hash across packet scrubbing
* noise: separate receive counter from send counter
WireGuard now works with fq_codel, cake, and other qdiscs that make use of
skb->hash. This should significantly improve latency spikes related to
buffer bloat. Here's a before and after graph from some data Toke measured:
https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png
* compat: support RHEL 8 as 8.2, drop 8.1 support
* compat: support CentOS 8 explicitly
* compat: RHEL7 backported the skb hash renamings
The usual RHEL churn.
* compat: backport renamed/missing skb hash members
The new support for fq_codel and friends meant more backporting work.
* compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4
The main motivation for releasing this now: three stable kernels were released
at the same time, with a patch that necessitated updating in our compat layer.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional
build parameter") has made WEP functionality an optional build parameter
disabled as default, because WEP should not be used for anything
anymore. As a step towards removing it completely, they moved all WEP
related functionality behind CONFIG_WEP blocks and disabled it by
default.
This functionality is subject to be completely removed in a future
release.
So follow this good security advice, deprecation notice and disable WEP
by default, but still allow custom builds with WEP support via
CONFIG_WPA_ENABLE_WEP config option till upstream removes support for
WEP completely.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Bump package to latest upstream Git HEAD which is commit dd2daf0848ed
("HE: Process HE 6 GHz band capab from associating HE STA"). Since last
update there was 1238 commits done in the upstream tree with 618 files
changed, 53399 insertions, 24928 deletions.
I didn't bothered to rebase mesh patches as the changes seems not
trivial and I don't have enough knowledge of those parts to do/test that
properly, so someone else has to forward port them, ideally upstream
them so we don't need to bother anymore. I've just deleted them for now:
004-mesh-use-setup-completion-callback-to-complete-mesh-.patch
005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch
006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch
007-mesh-apply-channel-attributes-before-running-Mesh.patch
011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
013-mesh-do-not-allow-pri-sec-channel-switch.patch
015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch
016-mesh-fix-channel-switch-error-during-CAC.patch
018-mesh-make-forwarding-configurable.patch
Refreshed all other patches, removed upstreamed patches:
051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch
067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
070-driver_nl80211-fix-WMM-queue-mapping-for-regulatory-.patch
071-driver_nl80211-fix-regulatory-limits-for-wmm-cwmin-c.patch
090-wolfssl-fix-crypto_bignum_sum.patch
091-0001-wolfssl-Fix-compiler-warnings-on-size_t-printf-forma.patch
091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch
091-0003-wolfssl-Do-not-hardcode-include-directory-in-wpa_sup.patch
800-usleep.patch
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq8065/NBG6817; ipq40xx/MAP-AC2200]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This package was last updated in 2016. All of the dependent packages
are in the packages feeds, where this will be moved.
Ref: https://github.com/openwrt/packages/pull/12190
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[commit subject/description tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This version adds many bugfixes, including a couple of security
vulnerabilities:
- For fast math (enabled by wpa_supplicant option), use a constant time
modular inverse when mapping to affine when operation involves a
private key - keygen, calc shared secret, sign.
- Change constant time and cache resistant ECC mulmod. Ensure points
being operated on change to make constant time.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This updates the package to contain the kernel object (.ko) file instead
of the plain object (.o) file.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Specification:
- CPU: MediaTek MT7621A
- RAM: 128 MB DDR3
- FLASH: 128 MB ESMT NAND
- WIFI: 2x2 802.11bgn (MT7603)
- WIFI: 4x4 802.11ac (MT7615)
- ETH: 3xLAN+1xWAN 1000base-T
- LED: Power, WAN, in Amber and White
- UART: On board near ethernet, opposite side from power
- Modified u-boot
Installation:
1. Run linked exploit to get shell, startup telnet and wget the files over
2. mtd write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-kernel1.bin kernel1
3. nvram set uart_en=1
4. nvram set bootdelay=5
5. nvram set flag_try_sys1_failed=1
6. nvram commit
7. mtd -r write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-rootfs0.bin rootfs0
Restore to stock:
1. Setup PXE and TFTP server serving stock firmware image
(See dhcp-boot option of dnsmasq)
2. Hold reset button down before powering on and wait for flashing amber led
3. Release reset button
4. Wait until status led changes from flashing amber to white
Notes:
This device has dual kernel and rootfs slots like other Xiaomi devices currently
supported (mir3g, etc.) thus, we use the second slot and overwrite the first
rootfs onwards in order to get more space.
Exploit and detailed instructions:
https://openwrt.org/toh/xiaomi/xiaomi_redmi_router_ac2100
An implementation of CVE-2020-8597 against stock firmware version 1.0.14
This requires a computer with ethernet plugged into the wan port and an active
PPPoE session, and if successful will open a reverse shell to 192.168.31.177
on port 31337.
As this shell is somewhat unreliable and likely to be killed in a random amount
of time, it is recommended to wget a static compiled busybox binary onto the
device and start telnetd with it.
The stock telnetd and dropbear unfortunately appear inoperable.
(Disabled on release versions of stock firmware likely)
Ie. wget https://yourip/busybox-mipsel -O /tmp/busybox
chmod a+x /tmp/busybox
/tmp/busybox telnetd -l /bin/sh
Tested-by: David Martinez <bonkilla@gmail.com>
Signed-off-by: Richard Huynh <voxlympha@gmail.com>
When CONFIG_AUTOREMOVE is enabled, CFE binaries are removed before the
image creation.
Install CFE binaries to kernel directory and let autoremove clean the
files in PKG_BUILD_DIR.
Also drop unneeded tar cmd/options.
Fixes: dcee4eaa42 ("bcm63xx-cfe: add package with CFE RAM binaries")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* ipc: add support for openbsd kernel implementation
* ipc: cleanup openbsd support
* wg-quick: add support for openbsd kernel implementation
* wg-quick: cleanup openbsd support
Very exciting! wg(8) and wg-quick(8) now support the kernel implementation for
OpenBSD. OpenBSD is the second kernel, after Linux, to receive full fledged
and supported WireGuard kernel support. We'll probably send our patch set up
to the list during this next week. `ifconfig wg0 create` to make an interface,
and `wg ...` like usual to configure WireGuard aspects of it, like usual.
* wg-quick: support dns search domains
If DNS= has a non-IP in it, it is now treated as a search domain in
resolv.conf. This new feature will be rolling out across our various GUI
clients in the next week or so.
* Makefile: simplify silent cleaning
* ipc: remove extra space
* git: add gitattributes so tarball doesn't have gitignore files
* terminal: specialize color_mode to stdout only
Small cleanups.
* highlighter: insist on 256-bit keys, not 257-bit or 258-bit
The highlighter's key checker is now stricter with base64 validation.
* wg-quick: android: support application whitelist
Android users can now have an application whitelist instead of application
blacklist.
* systemd: add wg-quick.target
This enables all wg-quick at .services to be restarted or managed as a unit via
wg-quick.target.
* Makefile: remember to install all systemd units
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
CFE RAM is a second stage bootloader which is usually loaded by CFE ROM
(first stage bootloader) from a JFFS2 partition stored on the NAND.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The Linksys EA7500 v2 is advertised as AC1900, but its internal
hardware is AC2600 capable.
Hardware
--------
SoC: Mediatek MT7621AT (880 MHz, 2 cores 4 threads)
RAM: 256M (Nanya NT5CC128M16IP-DI)
FLASH: 128MB NAND (Macronix MX30LF1G18AC-TI)
ETH: 5x 10/100/1000 Mbps Ethernet (MT7530)
WIFI:
- 2.4GHz: 1x MT7615N (4x4:4)
- 5GHz: 1x MT7615N (4x4:4)
- 4 antennas: 3 external detachable antennas and 1 internal
USB:
- 1x USB 3.0
- 1x USB 2.0
BTN:
- 1x Reset button
- 1x WPS button
LEDS:
- 1x White led (Power)
- 6x Green leds (link lan1-lan4, link wan, wps)
- 5x Orange leds (act lan1-lan4, act wan) (working but unmodifiable)
Everything works correctly.
Installation
------------
The “factory” openwrt image can be flashed directly from OEM stock
firmware. After the flash the router will reboot automatically.
However, due to the dual boot system, the first installation could fail
(if you want to know why, read the footnotes).
If the flash succeed and you can reach OpenWrt through the web
interface or ssh, you are done.
Otherwise the router will try to boot 3 times and then will
automatically boot the OEM firmware (don’t turn off the router.
Simply wait and try to reach the router through the web interface
every now and then, it will take few minutes).
After this, you should be back in the OEM firmware.
Now you have to flash the OEM Firmware over itself using the OEM web
interface (I tested it using the FW_EA7500v2_2.0.8.194281_prod.img
downloaded from the Linksys website).
When the router reboots flash the “factory” OpenWrt image and this
time it should work.
After the OpenWrt installation you have to use the sysupgrade image
for future updates.
Restore OEM Firmware
--------------------
After the OpenWrt flash, the OEM firmware is still stored in the
second partition thanks to the dual boot system.
You can switch from OpenWrt to OEM firmware and vice-versa failing
the boot 3 times in a row:
1) power on the router
2) wait 15 seconds
3) power off the router
4) repeat steps 1-2-3 twice more.
5) power on the router and you should be in the “other” firmware
If you want to completely remove OpenWrt from your router, switch to
the OEM firmware and then flash OEM firmware from the web interface
as a normal update.
This procedure will overwrite the OpenWrt partition.
Footnotes
---------
The Linksys EA7500-v2 has a dual boot system to avoid bricks.
This system works using 2 pair of partitions:
1) "kernel" and "rootfs"
2) "alt_kernel" and "alt_rootfs".
After 3 failed boot attempts, the bootloader tries to boot the other
pair of partitions and so on.
This system is managed by the bootloader, which writes a bootcount in
the s_env partition, and if successfully booted, the system add a
"zero-bootcount" after the previous value.
A system update performed from OEM firmware, writes the firmware on the
other pair of partitions and sets the bootloader to boot the new pair
of partitions editing the “boot_part” variable in the bootloader vars.
Effectively it's a quick and safe system to switch the selected boot
partition.
Another way to switch the boot partition is:
1) power on the router
2) wait 15 seconds
3) power off the router
4) repeat steps 1-2-3 twice more.
5) power on the router and you should be in the “other” firmware
In this OpenWrt port, this dual boot system is partially working
because the bootloader sets the right rootfs partition in the cmdline
but unfortunately OpenWrt for ramips platform overwrites the cmdline
so is not possible to detect the right rootfs partition.
Because all of this, I preferred to simply use the first pair of
partitions and set read-only the other pair.
However this solution is not optimal because is not possible to know
without opening the case which is the current booted partition.
Let’s take for example a router booting the OEM firmware from the first
pair of partitions. If we flash the OpenWrt image, it will be written
on the second pair. In this situation the router will bootloop 3 times
and then will automatically come back to the first pair of partitions
containg the OEM firmware.
In this situation, to flash OpenWrt correctly is necessary to switch
the booting partition, flashing again the OEM firmware over itself.
At this point the OEM firmware is on both pair of partitions but the
current booted pair is the second one.
Now, flashing the OpenWrt factory image will write the firmware on
the first pair and then will boot correctly.
If this limitation in the ramips platform about the cmdline will be
fixed, the dual boot system can also be implemented in OpenWrt with
almost no effort.
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
Co-Developed-by: Jackson Lim <jackcolentern@gmail.com>
Signed-off-by: Jackson Lim <jackcolentern@gmail.com>
This drops kernel version switches for versions not supported by
OpenWrt master at the moment. This only adjusts local code, but
doesn't touch patches to existing external packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
crypto_bignum_rand() use needless time-consuming filtering
which resulted in SAE no longer connecting within time limits.
Import fixes from hostap upstream to fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2e73848 jail: SIGSEGV must not be forwarded to the child process
7e150f6 jail: unnamed jails can not have netns (fix segfault)
1ab539b jail: add option to provide /dev/console to containers
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This backports upstream fixes for the out of bounds write vulnerability in json-c.
It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592
Addresses CVE-2020-12762
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
at fstools-2020-05-06-eec16e2f/block.c:1193
1193: if (!m->autofs && (mp = find_mount_point(pr->dev))) {
Fixes: c3a43753b9 ("fstools: update to the latest version")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hotplug scripts are sourced so the #!/bin/sh is superfluous/deceptive.
Re-arrange script to only source 'procd' if we get to the stage of
needing to signal the process, reduce hotplug processing load a little.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The user can now enable the ACK timeout estimation algorithm (dynack)
for drivers that support it.
It is also expected that the distance config accepts the same values as:
$ iw phyX set distance XXX
Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
Certain SFP modules (most notably Nokia GPON ones) first check
connectivity on 1000base-x, and switch to 2500base-x afterwards. This
is considered a quirk so the phylink switches the interface to
2500base-x as well.
However, after power-cycling the uDPU device, network interface/SFP module
will not work correctly until the module is re-seated. This patch
resolves this issue by forcing the interface to be brought up in
2500base-x mode by default.
Signed-off-by: Jakov Petrina <jakov.petrina@sartura.hr>
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Use same indent as for the rest of the file.
Signed-off-by: Javier Marcet <javier@marcet.info>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This will enable platforms to extract caldata to an arbitrary file,
or patch mac in an abitrary file.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Rationale:
1/ This tool is no longer necessary following the implementation of a
sysfs driver
2/ The upstream author, Robert Marko, stated[1] that this tool had been
taken from his tree in an unfinished state not suitable for merging
[1] https://github.com/openwrt/openwrt/pull/2850#issuecomment-610277863
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
add option to set management IP pattern
also add missing 'unconfigure system hostname'
for example pattern '!192.168.1.1' makes it possible that
WAN IP is selected instead of LAN IP
Signed-off-by: Daniel A. Maierhofer <git@damadmai.at>
[grammar and spelling fixes in commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Samba 3.6 is completely unsupported, in addition to having tons of patches
It also causes kernel panics on some platforms when sendfile is enabled.
Example:
https://github.com/gnubee-git/GnuBee_Docs/issues/45
I have reproduced on ramips as well as mvebu in the past.
Samba 4 is an alternative available in the packages repo.
cifsd is a lightweight alternative available in the packages repo. It is
also a faster alternative to both Samba versions (lower CPU usage). It
was renamed to ksmbd.
To summarize, here are the alternatives:
- ksmbd + luci-app-cifsd
- samba4 + luci-app-samba4
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[drop samba36-server from GEMINI_NAS_PACKAGES, ksmbd rename + summary]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain ls-dpl with only one package
installing all 4 files as intermediate files.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain ls-mc with only one package
installing all two images as intermediate files.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain fman-ucode with only one package
installing all two binaries as intermediate files.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Update tfa package to latest LSDK-20.04 dropping one patch
which had already been integrated.
Add fixes,
- Fix DEPENDS/PKG_BUILD_DEPENDS.
- Remove HIDDEN:=1.
- Move intermediate files installing into Build/InstallDev.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Update u-boot package to latest LSDK-20.04 dropping patches
which are no longer needed.
Adapt u-boot bootargs to kernel 5.4 for booting.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Update ls-rcw to latest LSDK-20.04.
Update patch 0001 with a new one.
Drop patch 0002 since it had been integrated.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
We do not have to define package for each board, and
consider variant's building/installing.
It is easier to maintain ls-rcw with only one package
installing all boards RCW binaries as intermediate
files, each of which is just about hundreds of bytes.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* compat: timeconst.h is a generated artifact
Before we were trying to check for timeconst.h by looking in the kernel
source directory. This isn't quite correct on configurations in which
the object directory is separate from the kernel source directory, for
example when using O="elsewhere" as a make option when building the
kernel. The correct fix is to use $(CURDIR), which should point to
where we want.
* compat: use bash instead of bc for HZ-->USEC calculation
This should make packaging somewhat easier, as bash is generally already
available (at least for dkms), whereas bc isn't provided by distros by
default in their build meta packages.
* socket: remove errant restriction on looping to self
It's already possible to create two different interfaces and loop
packets between them. This has always been possible with tunnels in the
kernel, and isn't specific to wireguard. Therefore, the networking stack
already needs to deal with that. At the very least, the packet winds up
exceeding the MTU and is discarded at that point. So, since this is
already something that happens, there's no need to forbid the not very
exceptional case of routing a packet back to the same interface; this
loop is no different than others, and we shouldn't special case it, but
rather rely on generic handling of loops in general. This also makes it
easier to do interesting things with wireguard such as onion routing.
At the same time, we add a selftest for this, ensuring that both onion
routing works and infinite routing loops do not crash the kernel. We
also add a test case for wireguard interfaces nesting packets and
sending traffic between each other, as well as the loop in this case
too. We make sure to send some throughput-heavy traffic for this use
case, to stress out any possible recursion issues with the locks around
workqueues.
* send: cond_resched() when processing tx ringbuffers
Users with pathological hardware reported CPU stalls on CONFIG_
PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning
these workers would never terminate. That turned out not to be okay on
systems without forced preemption. This commit adds a cond_resched() to
the bottom of each loop iteration, so that these workers don't hog the
core. We don't do this on encryption/decryption because the compat
module here uses simd_relax, which already includes a call to schedule
in preempt_enable.
* selftests: initalize ipv6 members to NULL to squelch clang warning
This fixes a worthless warning from clang.
* send/receive: use explicit unlikely branch instead of implicit coalescing
Some code readibility cleanups.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* uci state was not getting reset properly during teardown
* AP+STA co-exist state was not flushed properly upon channel switch
* remove a debug logger call
* properly teardown supplicant instances when they get disabled
* add md5 config support for supplicant
* don't call wpa_supplicant_prepare_interface twice
Signed-off-by: John Crispin <john@phrozen.org>
As touch creates files with permission 0644 use umask to create
config files with permission 0600 to be inline with INSTALL_CONF
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* compat: support latest suse 15.1 and 15.2
* compat: support RHEL 7.8's faulty siphash backport
* compat: error out if bc is missing
* compat: backport hsiphash_1u32 for tests
We now have improved support for RHEL 7.8, SUSE 15.[12], and Ubuntu 16.04.
* compat: include sch_generic.h header for skb_reset_tc
A fix for a compiler error on kernels with weird configs.
* compat: import latest fixes for ptr_ring
* compat: don't assume READ_ONCE barriers on old kernels
* compat: kvmalloc_array is not required anyway
ptr_ring.h from upstream was imported, with compat modifications, to our
compat layer, to receive the latest fixes.
* compat: prefix icmp[v6]_ndo_send with __compat
Some distros that backported icmp[v6]_ndo_send still try to build the compat
module in some corner case circumstances, resulting in errors. Work around
this with the usual __compat games.
* compat: ip6_dst_lookup_flow was backported to 3.16.83
* compat: ip6_dst_lookup_flow was backported to 4.19.119
Greg and Ben backported the ip6_dst_lookup_flow patches to stable kernels,
causing breaking in our compat module, which these changes fix.
* git: add gitattributes so tarball doesn't have gitignore files
Distros won't need to clean this up manually now.
* crypto: do not export symbols
These don't do anything and only increased file size.
* queueing: cleanup ptr_ring in error path of packet_queue_init
Sultan Alsawaf reported a memory leak on an error path.
* main: mark as in-tree
Now that we're upstream, there's no need to set the taint flag.
* receive: use tunnel helpers for decapsulating ECN markings
ECN markings are now decapsulated using RFC6040 instead of the old RFC3168.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Pulls in workaround for TX rate code firmware bug which might as well
help track it down via different printk()s and thus possibly provide
more clue for proper fix.
Firmware currently sends wrong (0xff) TX rate code which causes
WARN_ONCE, so the workaround just changes this bogus value (0xff) into 0.
For 5.4 it also pulls in tx-queue-wake throttling patch "ath10k: Restart
xmit queues below low-water mark", which should improve performance with
high number of concurrent TCP streams.
Ref: https://github.com/greearb/ath10k-ct/pull/129
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Init script checks for an already active DHCP server on the interface
and if such DHCP server is found, then it logs "refusing to start DHCP"
message, starts dnsmasq without DHCP service unless `option force 1` is
set and caches the DHCP server check result.
Each consecutive service start then uses this cached DHCP server check
result, but doesn't provide log feedback about disabled DHCP service
anymore.
So this patch ensures, that the log message about disabled DHCP service
on particular interface is always provided.
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Backport patch from hostapd.git master that fixes copy/paste error in
crypto_bignum_sub() in crypto_wolfssl.c.
This missing fix was discovered while testing SAE over a mesh interface.
With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with
wpad-mesh-wolfssl.
Cc: Sean Parkinson <sean@wolfssl.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
For wave-2, there is now a new variant: htt-mgt-community (vs the old
full-htt-mgt-community).
The non-full one (hence forth 'diet') compiles out a lot of firmware features
that ath10k does not use. This saves a lot of resources and lets one
configure more stations/vdevs/etc using fwcfg.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Fixes following build error on mpc85xx/generic:
ppc_initreg.c: In function 'ppc_set_initial_registers_tid':
ppc_initreg.c:79:22: error: field 'r' has incomplete type
struct pt_regs r;
Ref: FS#2924
Fixes: d27623b542 ("elfutils: update to 0.179")
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Another release is overdue for quite some time, so I'm backporting three
fixes from upstream which I plan to backport into 19.07 as well.
Ref: FS#2880
Signed-off-by: Petr Štetiar <ynezz@true.cz>
bef8f8a5966d mt76: mt7615: remove a stray if statement
89bd7199487f mt76: remove variable 'val' set but not used
ee8ac234b84e mt76: mt7615: introduce mt7615_mcu_fill_msg
4999db4668f0 mt76: mt7615: introduce mt7615_mcu_wait_response
8ce6e40eba03 mt76: mt7615: cleanup fw queue just for mmio devices
9d1d2ee9add3 mt76: mt7615: introduce mt7615_init_device routine
7fbd2a57cea4 mt76: always init to 0 mcu messages
3b277cf18d95 mt76: mt7615: introduce mt7615_mcu_send_message routine
2a4132a55a4f mt76: mt7615: add mt7615_mcu_ops data structure
9ba71749a122 mt76: mt7615: move mt7615_mcu_set_bmc to mt7615_mcu_ops
2e991f3e8cdd mt76: mt7615: move mt7615_mcu_set_sta in mt7615_mcu_ops
56852057cb90 mt76: mt7615: rely on skb API for mt7615_mcu_set_eeprom
642ecd978887 mt76: mt7615: rework mt7615_mcu_set_bss_info using skb APIs
2b0810af4a52 mt76: mt7615: move more mcu commands in mt7615_mcu_ops data structure
7a6285e63d88 mt76: mt7615: introduce MCU_FW_PREFIX for fw mcu commands
e536b42ebc7d mt76: mt7615: introduce mt7615_register_map
fccbdb628ffd mt76: mt7615: add mt7663e support to mt7615_reg_map
d42244e9255c mt76: mt7615: add mt7663e support to mt7615_{driver,firmware}_own
aebbe088127f mt76: mt7615: add mt7663e support to mt7615_mcu_set_eeprom
28e22d07f892 mt76: mt7615: introduce mt7615_eeprom_parse_hw_band_cap routine
167428592647 mt76: mt7615: introduce mt7615_init_mac_chain routine
23ca7acfc856 mt76: mt7615: introduce uni cmd command types
c4171728cf70 mt76: mt7615: introduce set_bmc and st_sta for uni commands
9e5c76d2310a mt76: mt7615: add more uni mcu commands
779b2cebc147 mt76: mt7615: introduce set_ba uni command
21ee7da00f0a mt76: mt7615: get rid of sta_rec_wtbl data structure
2097f74f664c mt76: mt7615: introduce mt7663e support
8e9cd01228d0 mt7615: sync Kconfig with upstream
3b4f93840950 mt76: add memory barrier to DMA queue kick
8d301ace8ed7 mt76: mt7615: fix mt7663e firmware struct endianness
9bc1850ce711 mt76: mt7615: fix endianness in unified command
a1b9b7d94aa0 mt76: mt7615: add missing declaration in mt7615.h
6e4b2a709fe7 mt76: sync Makefile with upstream
258dfb6afb30 mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter
9c3d84b62cc0 mt76: mt76x2u: introduce Mercury UD13 support
ea8ea71933ca mt76: mt76x0: pci: add mt7610 PCI ID
9d555f82d329 mt76: mt7615: modify mt7615_ampdu_stat_read for each phy
8bd26d6c3172 mt76: mt7615: enable aggr_stats for both phy
1315afa511e0 mt76: mt7615: cleanup mib related defines and structs
072b50c61e0e mt76: mt7615: add more useful Tx mib counters
b23ff3e9343a mt76: mt7663: fix mt7615_mac_cca_stats_reset routine
294abe47c9b2 mt76: mt7663: enable nf estimation
d2d7bf2243f6 mt76: mt7615: make scs configurable per phy
908a2cfab88f mt76: mt7663: disable RDD commands
eaef0a268b95 mt76: mt7615: add ethool support to mt7663 driver
96e07ef1113d mt76: mt7615: introduce mt7615_mcu_set_channel_domain mcu command
67182f36e3be mt76: mt7663: keep Rx filters as the default
e6a3f3ffe53a mt76: mt7615: introduce hw scan support
12ecd5ba2146 mt76: mt7615: introduce scheduled scan support
f6ab0bee3172 mt76: mt7615: introduce BSS absence event
f208a9430044 mt76: mt7615: introduce rlm tlv in bss_info mcu command
ea4f4d216dbe mt76: mt7615: remove unnecessary register operations
72c9380e70f9 mt76: add headroom and tailroom to mt76_mcu_ops data structure
63e14669e09d mt76: mt7615: introduce mt7663u support to mt7615_write_txwi
29d359ac7626 mt76: mt7615: introduce mt7615_mac_update_rate_desc routine
1f1dd2cb5b49 mt76: mt7615: introduce __mt7663_load_firmware routine
cb6dcfd3cf13 mt76: mt7615: move mt7615_mac_wtbl_addr in mac.h
d28e8e7ef912 mt76: mt76u: rely on mt7622 queue scheme for mt7663u
f78cf8957aba mt76: mt7615: rework wtbl key configuration
2829497aaaf5 mt76: mt7615: introduce mt7615_wtbl_desc data structure
02c9ec4a15e7 mt76: mt7615: add address parameter to mt7615_eeprom_init
e9c640c0a79e mt76: mt7663: correct the name of the rom patch
1e8b2fe5ab03 mt76: mt7615: do not always reset the dfs state setting the channel
ec0ea46dacf9 mt76: mt7615: Delete an error message in mt7622_wmac_probe()
d16a4698f1ac mt76: mt7615: disable merge of OTP ROM data by default
2b58998bb594 mt76: mt7615: add support for applying DC offset calibration from EEPROM
55198aafb756 mt76: mt7615: add support for applying tx DPD calibration from EEPROM
5a1eaa38d380 mt76: mt7603: disable merge of OTP ROM data by default
bf60f43b12fb mt76: mt76x2: disable merge of OTP ROM data by default
9406eb1d110f mt76: mt7615: fix endian issues in applying flash calibration data
66d00b8c9dac mt76: mt7615: fix possible division by 0 in mt7615_mac_update_mib_stats
25d812dddcf8 mt76: mt7663: fix aggr range entry in debugfs
08b8bd2bc915 mt76: mt7615: disable hw/sched scan ops for non-offload firmware
8fb1cd20a776 mt76: mt7615: set hw scan limits only for firmware with offload support
05b23d7478fe mt76: mt7615: rework IRQ handling to prepare for MSI support
b92c0d576769 mt76: mt7622: fix DMA unmap length
03daa60ca69c mt76: mt7663: fix DMA unmap length
5f2f676b1f01 mt76: mt7615: enable MSI by default
5822911f8026 mt76: remove unnecessary annotations
a7035bce8517 mt76: mt7615: fix possible deadlock in mt7615_stop
d4e6e225bc06 mt76: mt7615: move core shared code in mt7615-common module
94827d2033c7 mt76: mt7615: introduce mt7663u support
36591dd35f91 mt76: mt7615: enable scs for mt7663 driver
bd80144cb5be mt76: mt7615: disable aspm by default
9dcb60b78ede mt76: mt7615: provide aid info to the mcu
6e443e89cce2 mt76: remove PS_NULLFUNC_STACK capability
ea133325faa6 mt76: mt7663: introduce 802.11 PS support in sta mode
ff3869b38cf2 mt76: mt7615: make Kconfig entry obvious for MT7663E
01fd34f3a6c5 mt76: mt7615: fix sta ampdu factor for VHT
e5adbb2077e2 mt76: fix A-MPDU density handling
d73e3a23a54e mt76: mt7615: use larger rx buffers if VHT is supported
257319e9b07d mt76: mt7615: never use an 802.11b CF-End rate on 5GHz
29a92c5606d6 mt76: mt7603: never use an 802.11b CF-End rate on 5GHz
c0b19ac97c07 mt76: mt7615: adjust timing in mt7615_mac_set_timing to match fw/hw values
1656882f2723 mt76: mt7615: do not adjust MAC timings if the device is not running
4e7ce907faf3 mt76: mt7615: fix tx status rate index calculation
8304b3866100 mt76: mt7603: fix tx status rate index calculation
722d1f47d8ba mt76: add rx queues info to mt76 debugfs
da329ef776b0 mt76: mt7615: parse mcu return code for unified commands
facf74fd506f mt76: mt7615: fix mt7615_firmware_own for mt7663e
e910787a9888 mt76: mt7615: fix max wtbl size for 7663
c9821f7d6a8c mt76: mt7615: fix mt7615_driver_own routine
e35cc532c3d2 mt76: mt7615: fix aid configuration in mt7615_mcu_wtbl_generic_tlv
b6cb91a71fe1 mt76: mt7615: rework mt7615_mac_sta_poll for usb code
b193dd8100f8 mt76: mt7663u: enable AirTimeFairness
31cffa98920f mt76: mt7615: move mcu bss upload before creating the sta
cde3716aa47e mt76: enable TDLS support
1846da5dd417 mt76: mt7615: set spatial extension index
6aaf0299730f mt76: mt7615: fix endian issues in dcoc/txdpd calibration
5de75b745cf9 mt76: mt7663: fix up BMC entry indicated to unicmd firmware
a5f394c5ca48 mt76: mt7615: add sta pointer to mt7615_mcu_add_bss_info signature
1f2f3dda76b9 mt76: mt7615: fix event report in mt7615_mcu_bss_event
c2a3cced36de mt76: mt76x0: enable MCS 8 and MCS9
1afabe78cfc5 mt76: mt7663: add the possibility to load firmware v2
5f3ccc722627 mt76: mt7663: remove check in mt7663_load_n9
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes a bunch of cosmetic issues with GL.iNet GL-MV1000:
- apply alphabetic sorting in multiple files
- use armada-3720 prefix for DTS like for other devices
- fix vendor capitalization for model in DTSes
- remove trivial comment in DTS files
- use DEVICE_VENDOR/DEVICE_MODEL
- remove redundant SUPPORTED_DEVICES
- use SOC instead of DEVICE_DTS
- remove empty line at EOF
Fixes: 050c24f05c ("mvebu: add support for GL.iNet GL-MV1000")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Before, only frames with a maximum size of 1528 bytes could be
transmitted between two 802.11s nodes.
For batman-adv for instance, which adds its own header to each frame,
we typically need an MTU of at least 1532 bytes to be able to transmit
without fragmentation.
This patch now increases the maxmimum frame size from 1528 to 1656
bytes.
Tested with two ath10k devices in 802.11s mode, as well as with
batman-adv on top of 802.11s with forwarding disabled.
Fix originally found and developed by Ben Greear.
Link: https://github.com/greearb/ath10k-ct/issues/89
Link: 9e5ab25027
Cc: Ben Greear <greearb@candelatech.com>
Signed-off-by: Linus Lüssing <ll@simonwunderlich.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Build with NO_LIBCAP=1. This is to resolve build issue.
Package perf is missing dependencies for the following libraries:
libcap.so.2
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Although gdb is supported, gdbserver is still not.
checking whether gdbserver is supported on this host... no
Build breaks as gdbserver executable is not found during packaging.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
f4d759b dhcp.c: further improve validation
Further improve input validation for CVE-2020-11752
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
cdac046 dns.c: fix input validation fix
Due to a slight foobar typo, failing to de-reference a pointer, previous
fix not quite as complete as it should have been.
Improve CVE-2020-11750 fix
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
e2ed964 jail: don't fail unless requirejail is set
17e7ae7 jail: don't load libpreload-seccomp.so if it doesn't exist
Fixesopenwrt/packages#11913
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes a few minor issues (partially cosmetic) in ltq-adsl and
ltq-adsl-fw Makefiles:
- fix PKG_SOURCE_URL and switch to https
- remove non-existant FW_NAME variable
- fix package name for config inclusion
- fix config symbol for debugging
Fixes: 1d0a9d0c04 ("move ltq-adsl")
Cc: John Crispin <john@phrozen.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The combination +@IPV6:kmod-ipsec6 is not valid, the +a:b
syntax implies the @. Fix it.
Fixes: 2e6b6f9fca ("kernel: add @IPv6 dependency to ipv6 modules")
Reported-by: Oldřich Jedlička (@oldium)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with
high severity, assigned CVE-2020-1967.
Ref: https://www.openssl.org/news/secadv/20200421.txt
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Commit 7975060116 ("uboot-rockchip: add new package") has added
`OpenWRT` ident string, fix it to proper `OpenWrt`.
Fixes: 7975060116 ("uboot-rockchip: add new package")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This is needed to build the uboot-rockchip, needed for the rockchip target
Signed-off-by: Tobias Mädel <t.maedel@alfeld.de>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
[replaced `mkdir -p` with INSTALL_DIR variable]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Update U-Boot to current 2020.04 release for kirkwood platform.
Catch up with upstream and move some configuration options from
the header files to the corresponding defconfig files.
Compile tested: all devices
Run tested: nsa310, pogoplugv4
Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.
This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1
Fixes: aaf46a8fe2 ("dante: disable sched_getscheduler() - not implemented in musl")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
When open() is called with O_CREAT a 3. parameter has to be given with
the file system permissions of the new file.
Not giving this is an error, which results in a compile error with glibc.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
In file included from /include/fcntl.h:329,
from main.c:18:
In function 'open',
inlined from 'rbcfg_update' at main.c:501:7:
/include/bits/fcntl2.h:50:4: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
__open_missing_mode ();
^~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
#define _DEFAULT_SOURCE
<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
glibc 2.31 does not provide stime() any more, backport a fix from
current busybox master to avoid using this function.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.
Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters
Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Some FullMAC cfg80211 wireless devices do not support virtual
interfaces, hence there is script logic to keep the existing network
device. Improve this to support renaming the interface if needed and
make sure the existing interface actually belongs to the right phy.
Change calls to 'iw' to avoid outputing warnings and errors to not
confuse users of such devices.
Also bump PKG_RELEASE which has been forgotten in the previous two
mac80211 changes.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Refreshed all patches, run tested on apalis.
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.
This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.
Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.
Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Instead of using the actual interface name, a hard-coded 'wlan0' has
slipped into the script. Replace it.
Fixes: ccf2aa9d4b ("mac80211: detect existing interface before adding")
Reported-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
32c717e jail: only mess with rootfs if CLONE_NEWNS was set
b275a62 instance: harmonize instance API
511fd97 jail: make /proc more secure
4953b7c jail: mount /sys read-only
a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
a4cc165 jail: always mount /dev as additional tmpfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This reverts commit 1b973b54ea.
It turns out act_police is included in the kmod-sched package so this
package turns out to be superfluous and causes file provision conflicts.
Ooooops! Best revert it then.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The previous commit introduced a regression for netns jails without
jail_ifname set. Fix that.
Fixes: 4e4f7c6d2d ("netifd: network namespace jail improvements")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
aaaca2e interface: allocate and free memory for jail name
d93126d interface: allow renaming interface when moving to jail netns
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Removed sys/cdefs usage. The header is deprecated.
Removed canonicalize_file_name define. It's already fixed upstream.
Added --disable-debuginfod. Seems to be needed.
Modified patch 005 to build more stuff. It was failing before. It still
only builds libraries.
Modified patch 100 to use strerror under non-glibc. It is used under
glibc as strerror is not thread safe. It is under musl and uClibc-ng.
strerror_l is not available under uClibc-ng.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
CONFIG_WRITE functionality is not used and could be removed.
Looks helpful for devices with small flash because wpad is also affected.
Little testing shows that about 6 KB could be saved.
Signed-off-by: Kirill Lukonin <klukonin@gmail.com>
Updates the 88W8964 firmware used in the Linksys WRT3200ACM and WRT32X
[v9.3.2.6 -> v9.3.2.12]
Removes 0c43219 ("mwlwifi: Fix loading with backports v5.3")
as it has been merged upstream.
Unfortunately, there is a bug wherein Kaloz's repo, the version
detection mechanism for fixing vendor commands doesn't work.
It pulls in the Linux kernel version, which as of this time is
"4.14.y" or "4.19.y"
However, the proper behaviour is that it should pull in the mac80211
backports version which as of now is "5.4.27"
The included patch works around this using a backports define found
only on versions >5.3, "VENDOR_CMD_RAW_DATA".
Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
Including the local build key in /etc/opkg/keys isn't feasible when
building on the buildbot: The included key collides with its copy
already in openwrt-keyring which breaks the ImageBuilder.
Not including a locally generated key also makes the base-files package
more reproducible.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
current preinit code in base-files doesn't config switch when there are
no port roles defined. But this kind of configuration exists on single
port devices where switch vlan is simply disabled.
configure reset and enable_vlan property when a switch node exist.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
The file /lib/functions/system.sh depends on find_mtd_index() and
find_mtd_part() located in /lib/function.sh, so let's source that
file.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The default_postinst() function in /lib/functions.sh sources
/lib/functions/system.sh before cycling through uci-defaults files.
This creates a pseudo-cyclic dependency as system.sh also uses
functions that are located in functions.sh. Despite that, there
is actually only one uci-defaults file in the entire repo that needs
system.sh, and this one contains an explicit source for system.sh
anyway.
Consequently, this patch removes the sourcing of system.sh in
functions.sh. There are no relevant uses in packages, routing and
luci repositories.
This may require adjustments for downstream, though.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This adds two fixes for compilation with kernel 5.4:
1. dev_open from include/linux/netdevice.h needs a second parameter
since kernel 5.0:
00f54e68924e ("net: core: dev: Add extack argument to dev_open()")
2. get_ds() macro definition has been dropped since kernel 5.1:
736706bee329 ("get rid of legacy 'get_ds()' function")
Since get_ds() has been just a macro before, replace it in
the driver instead of creating a version switch.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Since kernel 4.15, init_timer is not available anymore, and has been
replaced by timer_setup. The fixes compilation of wl_linuc.c, which
returned the following errors beforehand (line-wrapped manually):
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c: In function 'wl_init_timer':
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2576:2: error: implicit
declaration of function 'init_timer'; did you mean 'init_timers'?
[-Werror=implicit-function-declaration]
init_timer(&t->timer);
^~~~~~~~~~
init_timers
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2577:10: error:
'struct timer_list' has no member named 'data'
t->timer.data = (ulong) t;
^
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2578:20: error: assignment
to 'void (*)(struct timer_list *)' from incompatible pointer type
'void (*)(ulong)' {aka 'void (*)(long unsigned int)'}
[-Werror=incompatible-pointer-types]
t->timer.function = wl_timer;
This should fix build of several devices on bcm63xx with testing
kernel (4.19).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Cell C RTL30VW is a LTE router with tho gigabit ethernets and integrated
QMI mPCIE modem.
This is stripped version of ASKEY RTL0030VW.
Hardware:
Specification:
-CPU: IPQ4019
-RAM: 256MB
-Flash: NAND 128MB + NOR 16MB
-WiFi: Integrated bgn/ac
-LTE: mPCIe card (Modem chipset MDM9230)
-LAN: 2 Gigabit Ports
-USB: 2x USB2.0
-Serial console: RJ-45 115200 8n1
-Unsupported VoIP
Known issues:
None so far.
Instruction install:
There are two methods: Factory web-gui and serial + tftp.
Web-gui:
1. Apply factory image via stock web-gui.
Serial + initramfs:
1. Rename OpenWrt initramfs image to "image"
2. Connect serial console (115200,8n1)
3. Set IP to different than 192.168.1.11, but 24 bit mask, eg. 192.168.1.4.
4. U-Boot commands:
sf probe && sf read 0x80000000 0x180000 0x10000
setenv serverip 192.168.1.4
set fdt_high 0x85000000
tftpboot 0x84000000 image
bootm 0x84000000
5. Install sysupgrade image via "sysupgrade -n"
Back to stock:
All is needed is swap 0x4c byte in mtd8 from 0 to 1 or 1 to 0,
do firstboot and factory reset with OFW:
1. read mtd8:
dd if=/dev/mtd8 of=/tmp/mtd8
2. go to tmp:
cd /tmp/
3. write first part of partition:
dd if=mtd8 of=mtd8.new bs=1 count=76
4. check which layout uses bootloader:
cat /proc/mtd
5a. If first are kernel_1 and rootfs_1 write 0:
echo -n -e '\x00' >> mtd8.new
5b. If first are kernel and rootfs write 1:
echo -n -e '\x01' >> mtd8.new
6. fill with rest of data:
dd if=mtd8 bs=1 skip=77 >> mtd8.new
7. CHECK IF mtd8.new HAVE CHANGED ONLY ONE BYTE! e.g with:
hexdump mtd8.new
8. write new mtd8 to flash:
mtd write mtd8.new /dev/mtd8
9. do firstboot
10.reboot
11. Do back to factory defaults in OFW GUI.
Based on work: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
MobiPromo CM520-79F is an AC1300 dual band router based on IPQ4019
Specification:
SoC/Wireless: QCA IPQ4019
RAM: 512MiB
Flash: 128MiB SLC NAND
Ethernet PHY: QCA8075
Ethernet ports: 1x WAN, 2x LAN
LEDs: 7 LEDs
2 (USB, CAN) are GPIO
other 5 (2.4G, 5G, LAN1, LAN2, WAN) are connected to a shift register
Button: Reset
Flash instruction:
Disassemble the router, connect UART pins like this:
GND TX RX
[x x . . x .]
[. . . . . .]
(QCA8075 and IPQ4019 below)
Baud-rate: 115200
Set up TFTP server: IP 192.168.1.188/24
Power on the router and interrupt the booting with UART console
env backup (in case you want to go back to stock and need it there):
printenv
(Copy the output to somewhere save)
Set bootenv:
setenv set_ubi 'set mtdids nand0=nand0; set mtdparts mtdparts=nand0:0x7480000@0xb80000(fs); ubi part fs'
setenv bootkernel 'ubi read 0x84000000 kernel; bootm 0x84000000#config@1'
setenv cm520_boot 'run set_ubi; run bootkernel'
setenv bootcmd 'run cm520_boot'
setenv bootargs
saveenv
Boot initramfs from TFTP:
tftpboot openwrt-ipq40xx-generic-mobipromo_cm520-79f-initramfs-fit-zImage.itb
bootm
After initramfs image is booted, backup rootfs partition in case of reverting to stock image
cat /dev/mtd12 > /tmp/mtd12.bin
Then fetch it via SCP
Upload nand-factory.ubi to /tmp via SCP, then run
mtd erase rootfs
mtd write /tmp/*nand-factory.ubi rootfs
reboot
To revert to stock image, restore default bootenv in uboot UART console
setenv bootcmd 'bootipq'
printenv
use the saved dump you did back when you installed OpenWrt to verify that
there are no other differences from back in the day.
saveenv
upload the backed up mtd12.bin and run
tftpboot mtd12.bin
nand erase 0xb80000 0x7480000
nand write 0x84000000 0xb80000 0x7480000
The BOOTCONFIG may have been configured to boot from alternate partition (rootfs_1) instead
In case of this, set it back to rootfs:
cd /tmp
cat /dev/mtd7 > mtd7.bin
echo -ne '\x0b' | dd of=mtd7.bin conv=notrunc bs=1 count=1 seek=4
for i in 28 48 68 108; do
dd if=/dev/zero of=mtd7.bin conv=notrunc bs=1 count=1 seek=$i
done
mtd write mtd7.bin BOOTCONFIG
mtd write mtd7.bin BOOTCONFIG1
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[renamed volume to ubi to support autoboot,
as per David Lam's test in PR#2432]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
"Whoop whoop, sound of da police"
Add an ingress capable traffic policer module configurable with tc.
From the man page:
The police action allows to limit bandwidth of traffic matched by the
filter it is attached to. Basically there are two different algorithms
available to measure the packet rate: The first one uses an internal
dual token bucket and is configured using the rate, burst, mtu,
peakrate, overhead and linklayer parameters. The second one uses an
in-kernel sampling mechanism. It can be fine-tuned using the estimator
filter parameter.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2188d81 jail: add support for launching extroot containers
6f3dbd2 jail: add support for userns and cgroupsns
28a06e5 jail: add support for (ram-)overlayfs
Add handling for extroot, overlaydir and tmpoverlaysize as well as
jail flags for userns and cgroupsns to OpenWrt's shell script to
allow their use in init scripts.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Newer versions of the kconfig program requires quoting the arguments of
the 'source' directive. These are the last ones not using them.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
IPv6 modules should all depend on @IPV6, to avoid circular dependencies
problems, especially if they select a module that depends on IPV6 as
well. In theory, if a package A depends on IPV6, any package doing
'select A' (DEPENDS+= A) should also depend on IPV6; otherwise selecting
A will fail. Sometimes the build system is forgiving this, but
eventually, and unexpectedly, it may blow up on some other commit.
Alternatively one can conditionally add IPv6 dependencies only if
CONFIG_IPV6 is selected: (DEPENDS+= +IPV6:package6).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Since linux kernel commit 0768e17073dc527ccd18ed5f96ce85f9985e9115
(2019-04-19) the asm-generic/sockios.h header no longer defines
SIOCGSTAMP. Instead it provides only SIOCGSTAMP_OLD.
The linux/sockios.h header now defines SIOCGSTAMP using either
SIOCGSTAMP_OLD or SIOCGSTAMP_NEW as appropriate. This linux only
header file is not included so we get a build failure.
Signed-off-by: Norbert van Bolhuis <nvbolhuis@aimvalley.nl>
This commit add patch with 14c3:7610 pci id addition.
It was sent upstream.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[bumped PKG_RELEASE]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Allows proper usage of the ss tool. Otherwise, several errors and bad
data gets thrown:
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Originally reported here: https://github.com/openwrt/packages/issues/8232
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Use upstream latest git HEAD as it allows to remove the patches
700-radius-Prevent-buffer-overflow-in-rc_mksid,
701-pppd-Fix-bounds-check-in-EAP-code and
702-pppd-Ignore-received-EAP-messages-when-not-doing-EAP and
take in other fixes.
41a7323 pppd: Fixed spelling 'unkown' => 'unknown' (#141)
6b014be pppd: Print version information to stdout instead of stderr (#133)
cba2736 pppd: Add RFC1990 (Multilink) to the See Also section of the man page
f2f9554 pppd: Add mppe.h to the list of headers to install if MPPE is defined
ae54fcf pppd: Obfuscate password argument string
8d45443 pppd: Ignore received EAP messages when not doing EAP
8d7970b pppd: Fix bounds check in EAP code
858976b radius: Prevent buffer overflow in rc_mksid()
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The mlk5 kmod lacks all necessary build symbols
for kernel 4.14 (again).
Add missing symbols to avoid build failure on these targets.
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
[rewrite commit message - reorder symbols]
Signed-off-by: David Bauer <mail@david-bauer.net>
Bump to 2.81rc5 and re-work ipset-remove-old-kernel-support.
More runtime kernel version checking is done in 2.81rc5 in various parts
of the code, so expand the ipset patch' scope to inlude those new areas
and rename to something a bit more generic.:wq
Upstream changes from rc4
532246f Tweak to DNSSEC logging.
8caf3d7 Fix rare problem allocating frec for DNSSEC.
d162bee Allow overriding of ubus service name.
b43585c Fix nameserver list in auth mode.
3f60ecd Fixed resource leak on ubus_init failure.
0506a5e Handle old kernels that don't do NETLINK_NO_ENOBUFS.
e7ee1aa Extend stop-dns-rebind to reject IPv6 LL and ULA addresses. We also reject the loopback address if rebind-localhost-ok is NOT set.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
201e359 Handle early exit when addrstring isn't set
fa4c464 Improve address logging on early exit messages (#83)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
It seemed very confusing when trying to select the different variants of
hostapd which are somewhat scattered about under the menu 'Network'.
Moving all hostapd variants under a common submenu helps avoid
confusion.
Inspired-by: Kevin Mahoney <kevin.mahoney@zenotec.net>
[Fixup badly formatted patch, change menu name]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
ab7a39a umdns: fix unused error
45c4953 dns: explicitly endian-convert all fields in header and question
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Missing config symbols could lead to build failures on kernel
4.14/4.19.
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
[rephrase commit message - reorder symbols]
Signed-off-by: David Bauer <mail@david-bauer.net>
gcc 8 & 9 appear to be more picky with regards access alignment to
packed structures, leading to this warning in dns.c:
dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer
(alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer
(alignment 2) may result in an unaligned pointer value
[-Werror=address-of-packed-member]
261 | uint16_t *swap = (uint16_t *) q;
Work around what I think is a false positive by turning the warning off.
Not ideal, but not quite as not ideal as build failure.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
add module to support Mellanox Connect-X card
mlx4 supports ConnectX-3 series and previous cards
mlx5 supports Connect-IB/ConnectX-4 series and later cards
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
Disable ASLR and filter '-fno-plt' from CFLAGS: solves building when
ASLR enabled by basically disabling ASLR.
Solves errors similar to:
relocation R_X86_64_32S against `.rodata' can not be used when making a PIE object; recompile with -fPIE
or
module missing GLOBAL_OFFSET_TABLE
Suggested-by: 李国 <uxgood.org@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Use in tree version of cake for kernels 4.19+ and backport features from
later kernel versions to 4.19.
Unfortunately PROVIDES dependency handling produces bogus circular
dependency warnings so whilst this package and kmod-sched-cake-oot
should be able to PROVIDE kmod-sched-cake this doesn't work.
Instead, remove the PROVIDES option and modify package sqm-scripts to
depend on the correct module independently.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
In preparation for dropping the out of tree cake module and using
in tree cake from upstream, rename the package to kmod-sched-cake-oot
(out of tree)
Initially add a PROVIDES kmod-sched-cake so that package dependencies
can be satisfied.
Ultimately this package will be removed when linux 4.14 is removed.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Recent backports to 5.5 and 5.4 broke our compat layer. This release is
to keep things running with the latest upstream stable kernels.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The calibration patches for MT7620 unnecessarily export symbols and
populate never accessed function pointers. Remove all that and make
functions static as the only place where each of those functions is
called is within rt2800lib.c.
Also make code more readable by fixing indentation, removing
unnecessary parantheses and simplifying some instructions using
shorthands here and there.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There were two changes between 1.1.1e and 1.1.1f:
- a change in BN prime generation to avoid possible fingerprinting of
newly generated RSA modules
- the patch reversing EOF detection we had already applied.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Add EFI platform bootable images for x86 platforms. These images can
also boot from legacy BIOS platform.
EFI System Partition need to be fat12/fat16/fat32 (not need to load
filesystem drivers), so the first partition of EFI images are not ext4
filesystem any more.
GPT partition table has an alternate partition table, we did not
generate it. This may cause problems when use these images as qemu disk
(kernel can not find rootfs), we pad enough sectors will be ok.
Signed-off-by: 李国 <uxgood.org@gmail.com>
[part_magic_* refactoring, removed genisoimage checks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
* queueing: backport skb_reset_redirect change from 5.6
* version: bump
This release has only one slight change, to put it closer to the 5.6
codebase, but its main purpose is to bump us to a 1.0.y version number.
Now that WireGuard 1.0.0 has been released for Linux 5.6 [1], we can put
the same number on the backport compat codebase.
When OpenWRT bumps to Linux 5.6, we'll be able to drop this package
entirely, which I look forward to seeing.
[1] https://lists.zx2c4.com/pipermail/wireguard/2020-March/005206.html
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Commit ea50780 backported Airtime Queue Limits (AQL) from Linux 5.5
to OpenWrt's backports 5.4. However, this only enabled AQL for the
vanilla ath10k driver. This patch also enables it for ath10k-ct.
Tested on:
* 2xTP-Link Archer A7v5 (QCA9563/QCA988X)
* Backports version 5.4-rc8 & 5.4.27
* ath10k-ct and ath10k-ct-htt firmware version 014 to 017
* ath10k-ct driver versions dc025dc to 3d173a4 (CT_KVER-5.4)
* WPA2, 802.11krv
Tested since January 25, 2020.
Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
If the abridged flag is set to 1 the APs that are listed in the BSS
Transition Candidate List are prioritized. If the bit is not set, the
APs have the same prioritization as the APs that are not in the list.
If you want to steer a client, you should set the flag!
The flag can be set by adding {...,'abridged': true,...} to the normal
ubus call.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Subscribe to beacon reports through ubus.
Can be used for hearing map and client steering purposes.
First enable rrm:
ubus call hostapd.wlan0 bss_mgmt_enable '{"beacon_report":True}'
Subscribe to the hostapd notifications via ubus.
Request beacon report:
ubus call hostapd.wlan0 rrm_beacon_req
'{"addr":"00:xx:xx:xx:xx:xx", "op_class":0, "channel":1,
"duration":1,"mode":2,"bssid":"ff:ff:ff:ff:ff:ff", "ssid":""}'
Signed-off-by: Nick Hainke <vincent@systemli.org>
[rework identation]
Signed-off-by: David Bauer <mail@david-bauer.net>
Replace the build time choice of json support with a package based
choice. Users requiring a json aware version of 'nft' may now install
nftables-json.
The default choice to fulfill the 'nftables' package dependency is
'nftables-nojson'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Do not export static functions, they are anyway not referenced by any
code in a different module.
This fixes the following compile warning:
WARNING: "rt2800_rf_aux_tx0_loopback" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_write_dc" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_rf_configstore" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_do_sqrt_accumulation" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_rf_configrecover" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_loft_search" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_iq_search" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_setbbptonegenerator" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_rf_aux_tx1_loopback" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
Acked-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
When some libopenssl options change curl will have to be rebuild to
adapt to those changes, avoiding undefined reference errors or features
disabled in curl.
Add CONFIG_OPENSSL_ENGINE, CONFIG_OPENSSL_WITH_COMPRESSION and
CONFIG_OPENSSL_WITH_NPN to PKG_CONFIG_DEPENDS so it will trigger
rebuild every time the options are changed.
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Building of ath79-tiny has uncovered following:
Package kmod-rtl8723bs is missing dependencies for the following libraries:
mmc_core.ko
So add this missing dependency.
Fixes: 8c26d67a67 ("mac80211: realtek: add staging driver for RTL8723BS SDIO module")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This adds patches to avoid possible application breakage caused by a
change in behavior introduced in 1.1.1e. It affects at least nginx,
which logs error messages such as:
nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error:
4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while
keepalive, client: xxxx, server: [::]:443
Openssl commits db943f4 (Detect EOF while reading in libssl), and
22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the
behavior when encountering an EOF in SSL_read(). Previous behavior was
to return SSL_ERROR_SYSCALL, but errno would still be 0. The commits
being reverted changed it to SSL_ERRO_SSL, and add an error to the
stack, which is correct. Unfortunately this affects a number of
applications that counted on the old behavior, including nginx.
The reversion was discussed in openssl/openssl#11378, and implemented as
PR openssl/openssl#11400.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Current boot script uses hardcoded bootdevice, which allows booting from
SD card only, so this patch allows booting directly from eMMC as well.
While at it, replace fixed root device with more flexible UUID based
probing, so from now on probing order of MMC device doesn't matter.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Adding U-Boot image for Olimex A64-Olinuxino eMMC, including patch which
adds eMMC boot partition configuration commands.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Rename the board as done in upstream commit 268ae6548779 ("sunxi: Rename
Sinovoip BPI M2 Plus to Bananapi M2 Plus H3") which backs the rename
with the following reasoning:
The brand Sinovoip is used for Sinovoip's original VOIP products, while
the Bananapi brand is for the single board computers they produce. This
has been verified by Bananapi. Rename the board from "Sinovoip BPI M2
Plus" to "Bananapi M2 Plus". For the defconfig file, all lowercase is
used.
To support the H5 variant of this board, the "H3" suffix is added to
the defconfig name.
This has to be done in order to allow building U-Boot past v2019.04
release where this change was introduced.
Ref: https://github.com/openwrt/openwrt/pull/2849#discussion_r396401489
Suggested-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
U-boot also have defconfig for this board. In 2019.01 branch they are identical.
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
the code would unconditionally tear down all interfaces upon a reconf.
This should only be done when the reconf call fails.
Signed-off-by: John Crispin <john@phrozen.org>
Release notes for 017:
Wave-1:
* March 19, 2020: Fix problem where power-save was not enabled when going off-channel to scan.
The problem was a boolean logic inversion in the chmgr code, a regression I introduced
a long time ago.
* March 19, 2020: When scanning only on current working channel, do not bother with disable/enable
powersave. This should make an on-channel scan less obtrusive than it was previously.
* March 23, 2020: Fix channel-mgr use-after-free problem that caused crashes in some cases. The crash
was exacerbated by recent power-save changes.
* March 23, 2020: Fix station-mode power-save related crash: backported the fix from 10.2 QCA firmware.
* March 23, 2020: Attempt to better clean up power-save objects and state, especially in station mode.
Release notes for 016:
Wave-1 changes, some debugging code for a crash someone reported, plus:
* February 28, 2020: Fix custom-tx path when sending in 0x0 for rate-code. Have tries == 0 mean
one try but NO-ACK (similar to how wave-2 does it).
wave-2:
* Fixed some long-ago regressions related to powersave and/or multicast. Maybe fix some
additional multicast and/or tx-scheduling bugs.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
Fix the test for an enabled sysntp initscript in dnsmasq.init, and get
rid of "test -o" while at it.
Issue reproduced on openwrt-19.07 with the help of pool.ntp.br and an
RTC-less ath79 router. dnssec-no-timecheck would be clearly missing
from /var/etc/dnsmasq.conf.* while the router was still a few days in
the past due to non-working DNSSEC + DNS-based NTP server config.
The fix was tested with the router in the "DNSSEC broken state": it
properly started dnsmasq in dnssec-no-timecheck mode, and eventually ntp
was able to resolve the server name to an IP address, and set the system
time. DNSSEC was then enabled by SIGINT through the ntp hotplug hook,
as expected.
A missing system.ntp.enabled UCI node is required for the bug to show
up. The reasons for why it would be missing in the first place were not
investigated.
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Refer to shellcheck SC2166. There are just too many caveats that are
shell-dependent on test -a and test -o to use them.
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
5e1bc34 ustream-openssl: clear error stack before SSL_read/SSL_write
f7f93ad add support for specifying usable ciphers
Also bump the ABI version since the layout of `struct ustream_ssl_ops`
changed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add option 'scriptarp' to uci dnsmasq config to enable --script-arp functions.
The default setting is false, meaning any scripts in `/etc/hotplug.d/neigh` intended
to be triggered by `/usr/lib/dnsmasq/dhcp-script.sh` will fail to execute.
Also enable --script-arp if has_handlers returns true.
Signed-off-by: Jordan Sokolic <oofnik@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
9f5a7c4 iwinfo: add missing HT modename for HT-None
06a03c9 Revert "iwinfo: add BSS load element to scan result"
9a4bae8 iwinfo: add device id for Qualcomm Atheros QCA9990
eba5a20 iwinfo: add device id for BCM43602
a6914dc iwinfo: add BSS load element to scan result
bb21698 iwinfo: add device id for Atheros AR9287
7483398 iwinfo: add device id for MediaTek MT7615E
Signed-off-by: David Bauer <mail@david-bauer.net>
This patch backports the hwmon drivetemp sensor module from vanilla
linux 5.5 to be available on OpenWrt's 5.4 kernel.
Extract from The upstream commit by Guenter Roeck <linux@roeck-us.net>:
hwmon: Driver for disk and solid state drives with temperature sensors
"Reading the temperature of ATA drives has been supported for years
by userspace tools such as smarttools or hddtemp. The downside of
such tools is that they need to run with super-user privilege, that
the temperatures are not reported by standard tools such as 'sensors'
or 'libsensors', and that drive temperatures are not available for use
in the kernel's thermal subsystem.
This driver solves this problem by adding support for reading the
temperature of ATA drives from the kernel using the hwmon API and
by adding a temperature zone for each drive.
With this driver, the hard disk temperature can be read [...]
using sysfs:
$ grep . /sys/class/hwmon/hwmon9/{name,temp1_input}
/sys/class/hwmon/hwmon9/name:drivetemp
/sys/class/hwmon/hwmon9/temp1_input:23000
If the drive supports SCT transport and reports temperature limits,
those are reported as well.
drivetemp-scsi-0-0
Adapter: SCSI adapter
temp1: +27.0<C2><B0>C (low = +0.0<C2><B0>C, high = +60.0<C2><B0>C)
(crit low = -41.0<C2><B0>C, crit = +85.0<C2><B0>C)
(lowest = +23.0<C2><B0>C, highest = +34.0<C2><B0>C)
The driver attempts to use SCT Command Transport to read the drive
temperature. If the SCT Command Transport feature set is not available,
or if it does not report the drive temperature, drive temperatures may
be readable through SMART attributes. Since SMART attributes are not well
defined, this method is only used as fallback mechanism."
This patch incorperates a patch made by Linus Walleij:
820-libata-Assign-OF-node-to-the-SCSI-device.patch
This patch is necessary in order to wire-up the drivetemp
sensor into the device tree's thermal-zones.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This version includes bug and security fixes, including medium-severity
CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This adds commented configuration help for the alternate, afalg-sync
engine to /etc/ssl/openssl.cnf.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Let the grub2 package take care of creating installable grub2 images,
this will allow creating grub2 images without first calling x86 image
generation recipe. Also as side effect, since those images are now
shared, it'll reduce the number of calling grub-mkimage.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebase, adjusted commit title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
WireGuard had a brief professional security audit. The auditors didn't find
any vulnerabilities, but they did suggest one defense-in-depth suggestion to
protect against potential API misuse down the road, mentioned below. This
compat snapshot corresponds with the patches I just pushed to Dave for
5.6-rc7.
* curve25519-x86_64: avoid use of r12
This buys us 100 extra cycles, which isn't much, but it winds up being even
faster on PaX kernels, which use r12 as a RAP register.
* wireguard: queueing: account for skb->protocol==0
This is the defense-in-depth change. We deal with skb->protocol==0 just fine,
but the advice to deal explicitly with it seems like a good idea.
* receive: remove dead code from default packet type case
A default case of a particular switch statement should never be hit, so
instead of printing a pretty debug message there, we full-on WARN(), so that
we get bug reports.
* noise: error out precomputed DH during handshake rather than config
All peer keys will now be addable, even if they're low order. However, no
handshake messages will be produced successfully. This is a more consistent
behavior with other low order keys, where the handshake just won't complete if
they're being used anywhere.
* send: use normaler alignment formula from upstream
We're trying to keep a minimal delta with upstream for the compat backport.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>