Commit Graph

18162 Commits

Author SHA1 Message Date
Hauke Mehrtens
6f8143fa4a OpenWrt v21.02.0: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-09-01 21:53:58 +02:00
Hauke Mehrtens
b2ae423314 OpenWrt v21.02.0: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-09-01 21:53:53 +02:00
Eneas U de Queiroz
ff31cfb856 openssl: bump to 1.1.1l
This version fixes two vulnerabilities:
  - SM2 Decryption Buffer Overflow (CVE-2021-3711)
    Severity: High

  - Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
    Severity: Medium

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7119fd32d3)
2021-08-28 15:51:41 +02:00
Hauke Mehrtens
f78017006b uboot-layerscape: fix dtc compilation on host gcc 10
Backport a patch from upstream U-Boot to fix the compile with host GCC 10.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8d143784cb)
2021-08-28 15:48:08 +02:00
Hauke Mehrtens
8f039acee4 uboot-at91: fix dtc compilation on host gcc 10
Backport a patch from upstream U-Boot to fix the compile with host GCC 10.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a1034afba8)
2021-08-28 15:48:08 +02:00
Álvaro Fernández Rojas
25d9fe8468 bcm27xx-userland: update to latest version
Properly recognise all BCM2711 variants

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-08-21 19:39:55 +02:00
Michael Heimpold
35eb06066e bcm27xx-userland: factor out a -dev package
Installing headers and static libraries to the target system seems
to be not required for most use cases, so let's factor them
out into a dedicated -dev package.

This cuts down to disk usage to around 50% of the original
package to ~ 2MB - not that disk space is an issue normally,
but when using inside an initramfs only project, it counts.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2021-08-18 20:29:47 +02:00
Daniel Kestrel
94efa1c612 fritz-tools: fix returning wrong values due to strncmp usage
When having two keys that start with the same characters and the second
key just has one character more nand_tffs_read and tffs_read return the
wrong value for the longer key. This is due to the usage of strncmp in
combination with the length of the shorter key which is usually first in
the list before the longer key and when strncmp matches, the search is
stopped. The problem only occurs when the length of the two keys is
different, not if just the last character is different. The fix is to
use strcmp and as such it will only return the value if the key (name)
and the key to look for (namefilter) have the same value and length. A
sample case returning wrong values is when keys macwlan and macwlan2 are
defined and querying macwlan2 returns the value for macwlan.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
(cherry picked from commit 12564c5b86)
2021-08-08 20:51:52 +02:00
Rosen Penev
d9be07169e mbedtls: update to 2.16.11
Switched to AUTORELEASE to avoid manual increments.

Release notes:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fcfd741eb8)
2021-08-08 20:51:41 +02:00
Daniel Golle
4003eeab35
dnsmasq: reset EXTRA_MOUNT in the right place
EXTRA_MOUNT variable should be reset in dnsmasq_start() rather than
just once at the beginning of the script.

Fixes: ac4e8aa2f8 ("dnsmasq: fix more dnsmasq jail issues")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ddc8d085f3)
2021-08-02 21:42:46 +01:00
Daniel Golle
6ca34c5c0c
dnsmasq: fix more dnsmasq jail issues
* remove superflus mounts of /dev/null and /dev/urandom
 * reset EXTRA_MOUNTS at the beginning of the script
 * add mount according to ignore_hosts_dir
 * don't add mount for file which is inside a directory already in the
   EXTRA_MOUNTS list

Fixes: 59c63224e1 ("dnsmasq: rework jail mounts")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ac4e8aa2f8)
2021-08-02 21:42:31 +01:00
Daniel Golle
b88ab44036
dnsmasq: rework jail mounts
* split into multiple lines to improve readability
 * use EXTRA_MOUNT for addnhosts instead of blindly adding /tmp/hosts
 * remove no longer needed mount for /sbin/hotplug-call
 * add dhcp-script.sh dependencies (jshn, ubus)

Fixes: 3a94c2ca5c ("dnsmasq: add /tmp/hosts/ to jail_mount")
Fixes: aed95c4cb8 ("dnsmasq: switch to ubus-based hotplug call")
Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 59c63224e1)
2021-08-02 21:42:16 +01:00
Kevin Darbyshire-Bryant
8ef5894197
dnsmasq: use local option for local domain parameter
'--local' is a synonym for '--server' so let's use '--local' in the
resultant config file for uci's 'local' instead of uci's local
parameter being turned into '--server'.  Slightly less confusion all
round.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit e4cfefa9fc)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-02 21:41:52 +01:00
João Henriques
da5fd91073
dnsmasq: add ignore hosts dir to dnsmasq init script
When running multiple instances of dnsmasq, for example one being for the lan
and another for a guest network, it might not be desirable to have the same dns names
configured in both networks

Signed-off-by: João Henriques <joaoh88@gmail.com>
(cherry picked from commit e8a5670122)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-02 21:41:32 +01:00
Hauke Mehrtens
9531e70708 OpenWrt v21.02.0-rc4: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-01 19:39:03 +02:00
Hauke Mehrtens
134ac824c5 OpenWrt v21.02.0-rc4: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-01 19:38:53 +02:00
Felix Fietkau
55d9c020a1 netifd: update to the latest version
440eb0647708 bridge: fix regression in bringing up bridge ports

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 39f81b0bf6)
2021-07-26 20:44:17 +02:00
Felix Fietkau
089efd61e9 netifd: update to the latest version
85f01c44a950 bridge: check bridge port vlan membership on link-up events
17e453bd68b4 wireless: add back regular virtual interfaces on hotplug-add events as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2801fe6132)
2021-07-25 06:27:23 +02:00
Etan Kissling
249aeaa9d8 dnsmasq: distinct Ubus names for multiple instances
Currently, when using multiple dnsmasq instances they are all assigned
to the same Ubus instance name. This does not work, as only a single
instance can register with Ubus at a time. In the log, this leads to
`Cannot add object to UBus: Invalid argument` error messages.
Furthermore, upstream 3c93e8eb41952a9c91699386132d6fe83050e9be changes
behaviour so that instead of the log, dnsmasq exits at start instead.

With this patch, all dnsmasq instances are assigned unique names so that
they can register with Ubus concurrently. One of the enabled instances
is always assigned the previous default name "dnsmasq" to avoid breaking
backwards compatibility with other software relying on that default.
Previously, a random instance got assigned that name (while the others
produced error logs). Now, the first unnamed dnsmasq config section is
assigned the default name. If there are no unnamed dnsmasq sections the
first encountered named dnsmasq config section is assigned instead.

A similar issue exists for Dbus and was similarly addressed.

Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
[tweaked commit message] dnsmasq was not crashing it is exiting
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit ba5bd8e556)
2021-07-19 22:47:23 +02:00
Nick Hainke
88c8d0a219 dnsmasq: add /tmp/hosts/ to jail_mount
Programs like the olsr-name-plugin write hostname files to "/tmp/hosts/".
If you don't add this to the jail_mount, dnsmasq can't read it anymore.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 3a94c2ca5c)
2021-07-19 14:16:19 +01:00
Hans Dedecker
4633471d74 odhcpd: fix invalid DHCPv6 ADVERTSIE with small configured leasetime (FS#3935)
bc9d317 dhcpv6-ia: fix invalid preferred lifetime

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 033d5ff25e)
2021-07-19 13:26:46 +02:00
Felix Fietkau
f3f70fb956 netifd: update to the latest version
7f24a063475e vlan: fix device vlan alias handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit d1a812c49b)
2021-07-14 15:33:57 +02:00
Felix Fietkau
fe498dd3f1 netifd: update to the latest version
61a71e5e49c3 bridge: dynamically create vlans for hotplug members
cb6ee9608e10 bridge: fix dynamic delete of hotplug vlans
7f199050f395 wireless: pass the real network ifname to the setup script
50381d0a2998 bridge: allow adding/removing VLANs to configured member ports via hotplug
f12b073c0cc3 wireless: add some comments to functions
b0d090688302 bridge: fix setting pvid for updated vlans
ff3764ce28e0 device: move hotplug handling logic from system-linux.c to device.c
16bff892f415 ubus: add a dummy mode ubus call to simulate hotplug events
7f30b02013f2 examples: make dummy wireless vif names shorter
013a1171e9b0 device: do not treat devices with non-digit characters after . as vlan devices
f037b082923a wireless: handle WDS per-sta devices
db0fa24e1c17 bridge: fix enabling hotplug-added VLANs on the bridge port
4e92ea74273f bridge: bring up pre-existing vlans on hotplug as well
1f283c654aeb bridge: fix hotplug vlan overwrite on big-endian systems

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 1236cbe30c)
2021-07-13 08:00:50 +02:00
Jo-Philipp Wich
8921e36ed8 iwinfo: move device info into -data package
Backport upstream patch a0a0e02 ("iwinfo: rename hardware.txt to devices.txt")
and split devices.txt (former hardware.txt) into a common libiwinfo-data
package to allow different libiwinfo versions to coexist without file
clashes.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit c13d7c82aa)
2021-07-11 18:16:49 +02:00
Timo Sigurdsson
3eb34bc251 hostapd: make wnm_sleep_mode_no_keys configurable
In the aftermath of the KRACK attacks, hostapd gained an AP-side workaround
against WNM-Sleep Mode GTK/IGTK reinstallation attacks. WNM Sleep Mode is not
enabled by default on OpenWrt, but it is configurable through the option
wnm_sleep_mode. Thus, make the AP-side workaround configurable as well by
exposing the option wnm_sleep_mode_no_keys. If you use the option
wpa_disable_eapol_key_retries and have wnm_sleep_mode enabled, you might
consider using this workaround.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit bf98faaac8)
2021-07-05 14:04:09 -10:00
Timo Sigurdsson
89d21b7f62 hostapd: make country3 option configurable
The country3 option in hostapd.conf allows the third octet of the country
string to be set. It can be used e.g. to indicate indoor or outdoor use (see
hostapd.conf for further details). Make this option configurable but optional
in OpenWrt.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[bump PKG_RELEASE, rebase]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 9f09c1936a)
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-07-05 14:03:27 -10:00
Jo-Philipp Wich
b0424190ef iwinfo: build with nl80211 backend only and make shared
Drop support for building the obsolete broadcom-wl backend and always
forcibly enable the nl82011 support. This allows us to make the package
shared again since no target specific compilation is happening anymore.

This will solve various repository coherency issues related to unavailable
libiwinfo versions in the long run.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5a1065758b)
2021-07-02 18:51:26 +02:00
Petr Štetiar
d723002d84 treewide: unmark selected packages nonshared
This partially reverts changes done in commit 72cc44958e ("treewide:
mark selected packages nonshared") as it removes the nonshared flag, but
keeps the PKG_RELEASE as the PKG_RELEASE bump while adding nonshared
flag was incorrect.

Unmark uci, ubus, libubox, lua, libnl-tiny and libjson-c as nonshared
packages as this fix attempt didn't worked out. Currently the
imagebuilder is broken again:

 openwrt-imagebuilder-21.02.0-rc3-ipq40xx-generic.Linux-x86_64$ make image PROFILE=avm_fritzbox-7530 PACKAGES=luci-ssl-openssl
 ...
 Collected errors:
  * pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for luci-mod-status
  * pkg_hash_fetch_best_installation_candidate: Packages for luci-mod-status found, but incompatible with the architectures configured
  * pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for rpcd-mod-iwinfo
  * pkg_hash_fetch_best_installation_candidate: Packages for rpcd-mod-iwinfo found, but incompatible with the architectures configured
  * satisfy_dependencies_for: Cannot satisfy the following dependencies for luci-ssl-openssl:
  * 	libiwinfo20210430
  * opkg_install_cmd: Cannot install package luci-ssl-openssl.

Everything because iwinfo's ABI was changed two times since rc3 release:

 +IWINFO_ABI_VERSION:=20210430
 +IWINFO_ABI_VERSION:=20210420

Since iwinfo is marked as nonshared, it wasn't built by phase2 builders, but
luci-mod-status was already updated 2 times since rc3 and was thus rebuilt by
phase2 builders:

 d1d452ed2fb3 luci-mod-status: don't set '-' hostname when creating static lease
 95b3633055c1 luci-mod-status: switch to html table for wlan channel analysis

So now luci-mod-status depends on libiwinfo20210430 but only
libiwinfo20210106 can be downloaded. This is first part of the fix, in
the upcoming commit Jo is going to remove nonshared flag from iwinfo
package as well.

References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035736.html
References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035741.html
Acked-by: Jo-Philipp Wich <jo@mein.io>
Reported-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8307da3dbd)
2021-07-02 18:15:02 +02:00
Michael Yartys
86f6171788 ath10k-ct: fix typo in Makefile
Add forgotten colon to Makefile.

Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
(cherry picked from commit f0f1d68d52)
2021-07-02 16:19:33 +02:00
Michael Yartys
24cfa5005e ath10k-ct: update to latest version
Changelog:
- ath10k-ct: Add security fixes.
- ath10k-ct: Add 5.12 kernel version.
- ath10k-ct: Fix the beacon/mcast/bcast override issue
- ath10k-ct 5.7: Fix setting mcast/bcast/beacon rate from debugfs.
- ath10k-ct: Add 5.11 driver.

Delete upstreamed patch and refresh the rest. Also, use the opportunity to
set PKG_RELEASE to $(AUTORELEASE).

Runtime-tested on ipq806x (Netgear R7800).

Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
(cherry picked from commit 2e10ed925e)
2021-07-02 16:19:33 +02:00
DENG Qingfang
69c10497c7 kernel/modules: move act_gact into kmod-sched-core
As the name suggests, act_gact has the generic actions such as dropping
and accepting packets, so move it into kmod-sched-core.

Signed-off-by: DENG Qingfang <dqfext@gmail.com>
(cherry-picked from commit 10aacb9a6c)
2021-07-02 13:31:11 +02:00
Arjun AK
fc4b5411b3 package/comgt: Handle bind/unbind events
This script was expecting only add/remove events which has not been the
case since Kernel 4.12 (which added bind/unbind). Bind events were getting
treated as remove events which would cause hotplugged 3g modems to not
work.

More info:
https://lkml.org/lkml/2018/12/23/128
https://github.com/systemd/systemd/issues/8221

Signed-off-by: Arjun AK <arjunak234@gmail.com>
(cherry picked from commit 89ef883b92)
2021-07-02 11:33:44 +02:00
Felix Fietkau
d666ebcaa3 ubus: update to the latest version
4fc532c8a55b ubusd: fix tx_queue linked list usage

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-30 22:01:25 +02:00
Bob Cantor
a9100f2196 base-files: wifi: tidy up the reconf code
commit 5edbd390d321532d9a697d6895a1a7c71c40bd5d rearranged the
"wifi up" code.

This commit tidies up the "wifi reconf" code so as to
keep it aligned with the "wifi up" code.

branches affected: trunk, 21.02

Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit e8b5429609)
2021-06-30 19:24:55 +02:00
Bob Cantor
b27b63b082 base-files: wifi: swap the order of some ubus calls
"/sbin/wifi up" makes three ubus calls:
1. ubus call network reload
2. ubus call network.wireless down
3. ubus call network.wireless up

The first and third ubus calls call drv_mac80211_setup,
while the second ubus call triggers wireless_device_setup_cancel,
so the call sequence becomes,

1. drv_mac80211_setup
2. wireless_device_setup_cancel
3. drv_mac80211_setup

This commit swaps the order of the first two ubus calls,
1. ubus call network.wireless down
2. ubus call network reload
3. ubus call network.wireless up

Consequently drv_mac80211_setup is only called once,
and two related bugs (#FS3784 and #FS3902) are no longer triggered
by /sbin/wifi.

branches affected: trunk, 21.02

Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit b82cc80713)
2021-06-30 19:24:55 +02:00
Bob Cantor
6f13a39035 mac80211: print an error if wifi teardown fails
drv_mac80211_teardown fails silently if the device to be torn down is
not defined.  This commit prints an error message.

branches affected: trunk, 21.02

Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit 3933e29d1b)
2021-06-30 19:24:55 +02:00
Bob Cantor
9302e63d1a mac80211: always call wireless_set_data (FS#3784)
When wifi is turned off, drv_mac80211_teardown sometimes fails (silently)
because the device to be torn down is not defined.

This situation arises if drv_mac80211_setup was called twice when
wifi was turned on.

This commit ensures that the device to be torn down is always defined
in drv_mac80211_teardown.

Steps to reproduce:

1) Use /sbin/wifi to turn on wifi.
   uci set wireless.@wifi-iface[0].disabled=0
   uci set wireless.@wifi-device[0].disabled=0
   uci commit
   wifi

2) Use /sbin/wifi to turn off wifi.
   uci set wireless.@wifi-device[0].disabled=1
   uci commit
   wifi

3) Observe that wifi is still up.

branches affected: trunk, 21.02

Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit d515f6b6cd)
2021-06-30 19:24:55 +02:00
Bob Cantor
bea9380149 mac80211: fix no_reload logic (FS#3902)
If drv_mac80211_setup is called twice with the same wifi configuration,
then the second call returns early with error HOSTAPD_START_FAILED.
(wifi works nevertheless, despite the fact that setup is incomplete.  But
"ubus call network.wireless status" erroneously reports that radio0 is down.)

The relevant part of drv_mac80211_setup is,

if [ "$no_reload" != "0" ]; then
        add_ap=1
        ubus wait_for hostapd
        local hostapd_res="$(ubus call hostapd config_add "{\"iface\":\"$primary_ap\", \"config\":\"${hostapd_conf_file}\"}")"
        ret="$?"
        [ "$ret" != 0 -o -z "$hostapd_res" ] && {
                wireless_setup_failed HOSTAPD_START_FAILED
                return
        }
        wireless_add_process "$(jsonfilter -s "$hostapd_res" -l 1 -e @.pid)" "/usr/sbin/hostapd" 1 1
fi

This commit sets no_reload = 0 during the second call of drv_mac80211_setup.

It is perhaps worth providing a way to reproduce the situation
where drv_mac80211_setup is called twice.

When /sbin/wifi is used to turn on wifi,
   uci set wireless.@wifi-iface[0].disabled=0
   uci set wireless.@wifi-device[0].disabled=0
   uci commit
   wifi

/sbin/wifi makes the following ubus calls,
   ubus call network reload
   ubus call network.wireless down
   ubus call network.wireless up

The first and third ubus calls both call drv_mac80211_setup,
while the second ubus call triggers wireless_device_setup_cancel.
So the call sequence becomes,

   drv_mac80211_setup
   wireless_device_setup_cancel
   drv_mac80211_setup

In contrast, when LuCI is used to turn on wifi only a single call
is made to drv_mac80211_setup.

branches affected: trunk, 21.02

Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit a29ab3b79a)
2021-06-30 19:24:55 +02:00
Felix Fietkau
ccbe535604 mac80211: backport fix for nl80211 control port tx (fixes FS#3857)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit de49957300)
2021-06-30 19:24:55 +02:00
Felix Fietkau
4c29ff7cb8 mac80211: add support for 802.3 encap offload with software rate control
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit f2c6d892ca)
2021-06-30 19:24:55 +02:00
Felix Fietkau
a078037ace mac80211: improve rate control performance
Call rate control handler after intermediate queueuing
Includes follow-up fixes

Signed-off-by: Felix Fietkau <nbd@nbd.name>

cherry-picked from commits:
- 7dd8829ef9
- a603e82dd3
- 8bb4437c01
2021-06-30 19:12:20 +02:00
Alexey Dobrovolsky
9fa925362f busybox: sysntpd: add trigger to reload server
sysntpd server becomes unavailable if the index of the bound
interface changes. So let's add an interface trigger to reload sysntpd.

This patch also adds the ability for the sysntpd script to handle
uci interface name from configuration.

Fixes: 4da60500ebd2 ("busybox: sysntpd: option to bind server to iface")
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 88114f617a)
2021-06-30 09:24:15 +02:00
Alexey Dobrovolsky
a75928d125 busybox: sysntpd: option to bind server to iface
NTPD in busybox has option -I to bind server to IFACE.
However, capabilities of the busybox are limited, the -I option cannot be
repeated and only one interface can be effectively specified in it.
This option is currently not configurable via UCI.
The patch adds an interface option to the system config, ntp section.
Also sort options for uci_load_validate alphabetically.

Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
(cherry picked from commit e12fcf0fe5)
2021-06-27 23:46:45 +02:00
David Bauer
e16a45f258 iwinfo: update to latest Git HEAD
c45f0b5 iwinfo: add 802.11ax HE rate information

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 5515c29029)
2021-06-27 14:00:18 +02:00
David Bauer
0c51b265bf iwinfo: update to latest Git HEAD
50b64a6 iwinfo: add basic IEEE 802.11ax support
70d2136 iwinfo: nl80211: perform split wiphy dump
cd23727 iwinfo: cli: fix hwmode formatting

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 6f77ce7724)
2021-06-27 14:00:13 +02:00
Georgi Valkov
e171d11f55 libusb: Fix parsing of descriptors for multi-configuration devices
Prerequisite patch:
Correct a typo in the Changelog and clean up a stray file

Fix changes in libusb which introduced a regression:
Commit e2be556bd2 ("linux_usbfs: Parse config descriptors during device
initialization") introduced a regression for devices with multiple
configurations. The logic that verifies the reported length of the
configuration descriptors failed to count the length of the
configuration descriptor itself and would truncate the actual length by
9 bytes, leading to a parsing error for subsequent descriptors.

Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
(cherry picked from commit 4b37e3bc2b)
2021-06-26 17:11:21 +02:00
Paul Spooren
3d62b5d5c6 base-files: fix /tmp/TZ when zoneinfo not installed
The zoneinfo packages are not installed per default so neither
/tmp/localtime nor /tmp/TZ is generated.

This patch mostly reverts the previous fix and instead incooperates a
solution suggested by Jo.

Fixes "base-files: fix zoneinfo support " 8af62ed

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 56bdb6bb97)
2021-06-25 14:53:52 -10:00
Rosen Penev
3047df2317 base-files: fix zoneinfo support
The system init script currently sets /tmp/localinfo when zoneinfo is
populated. However, zoneinfo has spaces in it whereas the actual files
have _ instead of spaces. This made the if condition never return true.

Example failure when removing the if condition:

/tmp/localtime -> /usr/share/zoneinfo/America/Los Angeles

This file does not exist. America/Los_Angeles does.

Ran through shfmt -w -ci -bn -sr -s

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8af62ede18)
2021-06-23 15:44:04 -10:00
Rosen Penev
ab5010d170 exfat: update to 5.12.3
Major changes are:
    Avoid page allocation failure from upcase table allocation.
    Add support for FITRIM.
    Improve write perofmrance on dirsync mount.
    Improve lookup perofmrance.
    Fix a bug on discard mount.

Switch to AUTORELEASE to avoid having to bump it.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-06-22 23:52:09 +02:00
Hauke Mehrtens
7a5a247c1f base-files: failsafe: Remove the VLAN modifier from interface name
Some interfaces have a VLAN modifier like :t in lan1:t, this modifier
should be removed from the interface before calling preinit_ip_config().

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 790561d510)
2021-06-22 23:52:09 +02:00
Hauke Mehrtens
c0fdfd15fc base-files: failsafe: Fix IP configuration
Adapt the preinit_config_board() to the board.json network changes. It
now looks for the device and the ports variables to configure the LAN
network.

This works with swconfig configurations.

Fixes: FS#3866
Fixes: d42640e389 ("base-files: use "ports" array in board.json network for bridges")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 467cd378db)
2021-06-22 23:52:09 +02:00
Timo Sigurdsson
82c700de67 hostapd: fix handling of the channel utilization options
Commit 0a7657c ("hostapd: add channel utilization as config option") added the
two new uci options bss_load_update_period and chan_util_avg_period. However,
the corresponding "config_add_int" calls for these options weren't added, so
attempting to actually use these options and change their values is bound to
fail - they always stay at their defaults. Add the missing code to actually
make these options work.

Fixes: 0a7657c ("hostapd: add channel utilization as config option")
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(cherry picked from commit 85ce590705)
2021-06-22 09:54:58 -10:00
Rafał Miłecki
74dbf3412b base-files: fix typo in config_generate MAC check
Fixes: 125deb4d78 ("base-files: set MAC for bridge ports (devices) instead of bridge itself")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 946019637e)
2021-06-22 08:10:49 +02:00
Rafał Miłecki
125deb4d78 base-files: set MAC for bridge ports (devices) instead of bridge itself
This restores the original config_generate behaviour. With MAC set for
bridged devices the bridge automatically gets its MAC adjusted (it picks
the lowest MAC of bridged devices).

This fixes confusing interfaces setup (bridge ports not having custom
MAC assigned).

Reported-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Fixes: c2139eef27 ("base-files: simplify setting device MAC")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c8d8eb9d13)
2021-06-22 08:10:05 +02:00
David Bauer
e410ef8389 hostapd: wolfssl: add RNG to EC key
Since upstream commit 6467de5a8840 ("Randomize z ordinates in
scalar mult when timing resistant") WolfSSL requires a RNG for
the EC key when built hardened which is the default.

Set the RNG for the EC key to fix connections for OWE clients.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit ddcb970274)
2021-06-21 22:43:15 +02:00
David Bauer
f6d8c0cf2b wolfssl: always export wc_ecc_set_rng
Since commit 6467de5a8840 ("Randomize z ordinates in scalar
mult when timing resistant") wolfssl requires a RNG for an EC
key when the hardened built option is selected.

wc_ecc_set_rng is only available when built hardened, so there
is no safe way to install the RNG to the key regardless whether
or not wolfssl is compiled hardened.

Always export wc_ecc_set_rng so tools such as hostapd can install
RNG regardless of the built settings for wolfssl.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit ef9b103107)
2021-06-21 22:43:15 +02:00
Perry Melange
b2a3df91fa qos-scripts: add ifbN device before setting the link up
commit 50413e1ec8 replaced ifconfig
with ip.  In order to set a link state to up, the interface needs
to be added first.

Fixes: FS#3754

Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
[Add Fixes tag]
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 23c3bab920)
2021-06-21 09:28:23 +02:00
Felix Fietkau
3d0ed7d763 mac80211: fix an issue with wds links on 802.11ax devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 89c9ccc3b2)
2021-06-19 12:17:54 +02:00
Felix Fietkau
3839a4c7e9 mac80211: fix minstrel sample time check
We need to skip sampling if the next sample time is after jiffies, not before.
This patch fixes an issue where in some cases only very little sampling (or none
at all) is performed, leading to really bad data rates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-17 12:45:08 +02:00
Andre Heider
3921f213e5 iw: update to 8fab0c9e
This fixes `iw dev wlan0-mesh station dump`.

8fab0c9 iw: fix ftm_request missing arguments segfault
e816fbc iw: fix mgmt dump missing arguments segfault
5d9d1b8 iw: Fix timestamp output on 32-bit architectures
4b25ae3 iw: fix pointer arithmetic in __print_he_capa
c3df363 iw: add option to print human readable event time
cd64525 iw: print ctrl port tx status event
0ba98b9 iw: use correct type in policy check for mesh
9e38dee iw: scan: fixup HE caps whitespace
17e8564 iw: scan: parse HE capabilities
5735e58 iw: util: factor out HE capability parser
6d8d507 iw: scan: add extension tag parsing
b4e1ec4 man: update wikipage URL, reformat SEE ALSO section
c56036a iw: enable 80MHz support for 6GHz band 11s mesh
fa72728 iw: handle positive error codes gracefully
7ba9093 iw: scan: add flag for scanning colocated ap
5ec60ed iw: Add 'coloc' and 'flush' options to sched_scan
f8ade75 iw: update wikipage URL
b6f2dac iw: Add support for specifying the 160MHz bandwidth when setting the channel/frequency

Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry-picked from commit b5420dd710)
2021-06-17 12:44:58 +02:00
Felix Fietkau
20f66649dd mt76: update to the latest version
bddc1db76d0f mt76: mt7915: drop the use of repeater entries for station interfaces
3c90f35dddac mt76: mt7915: add thermal sensor device support
afab0e8202ff mt76: mt7915: add thermal cooling device support
41cf02184699 mt76: mt7615: add thermal sensor device support
2ac6b8762565 mt76: connac: update BA win size in Rx direction
ddb301127291 mt76: mt7921: fix reset under the deep sleep is enabled
e4cbefd1d69a mt76: mt7921: avoid unnecessary consecutive WiFi resets
393eea2034d7 mt76: mt7921: fix invalid register access in wake_work
a15d46407ffa mt76: mt7921: fix OMAC idx usage
e4d267d8e900 mt76: mt7921: enable runtime pm by default
50fd8ce2412a mt76: connac: add bss color support for sta mode
e29058c3c860 mt76: mt7921: return proper error value in mt7921_mac_init
c89c8c347b1e mt76: mt7921: do not schedule hw reset if the device is not running
9f7bb428e587 mt76: mt7921: reset wfsys during hw probe
22ea365913b5 mt76: mt7915: add .offset_tsf callback
ad91f8e8e494 mt76: mt7615: add .offset_tsf callback
6f871f35e3c1 mt76: mt7915: use mt7915_mcu_get_txpower_sku() to get per-rate txpower
597b68b7daa3 mt76: mt7615: remove useless if condition in mt7615_add_interface()
3945264468eb mt76: testmode: fix memory leak in mt76_testmode_alloc_skb
bdcc57a11606 mt76: testmode: remove unnecessary function calls in mt76_testmode_free_skb
a9763452601d mt76: testmode: remove undefined behaviour in mt76_testmode_alloc_skb
4aef2a2be464 mt76: mt7615: fix potential overflow on large shift
d9dd7635b055 mt76: mt7915: use mt7915_mcu_get_mib_info() to get survey data
d740e921758a mt76: mt7921: introduce mac tx done handling
259ddfc7cb73 mt76: mt7921: update statistic in active mode only
757b93f4b179 mt76: mt7921: remove leftover 80+80 HE capability
1fcff599b2e1 mt76: allow hw driver code to overwrite wiphy interface_modes
c55c22e39b7d mt7915: update firmware to 2020110522
10548aef1f45 mt76: mt7915: improve error recovery reliability
ed6b0c79820c mt76: mt7921: set MT76_RESET during mac reset
321443258bea mt76: move mt76_rates in mt76 module
d1652e8af9e1 Revert "mt76: connac: do not schedule wake_work if the runtime-pm is disabled"
4f4cab39ed9f mt76: mt7915: read all eeprom fields from fw in efuse mode
71450535f164 mt76: mt7921: enable hw offloading for wep keys
833d577e430c mt76: mt7921: remove mt7921_get_wtbl_info routine
67b7a22d2b99 mt76: mt7921: enable random mac address during sched_scan
cf1ff7bf4f1b mt76: mt7915: setup drr group for peers
ef2f7aa8745f mt76: mt7615: update radar parameters
b9f09f530223 mt76: mt7915: fix MT_EE_CAL_GROUP_SIZE
22b690334c0f mt76: mt7915: do not fail if the cooling device could not be registered

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 3c46ba053d)
2021-06-17 12:44:58 +02:00
Felix Fietkau
05a8bf04ec mac80211: sync nl80211.h with upstream and backport a WPA3 related commit
Fixes compatibility issues with the latest hostapd update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 91abeebd3b)
2021-06-17 12:44:57 +02:00
Daniel Golle
072d0afb8f ugps: start also in case device is absent
Don't bail out from init script in case the GPS device is missing.
Some modems take time to come up, and some people may use things like
'kplex' to feed ugpsd. Hence it is better to always start ugpsd
unconditionally and let procd's respawn take care of retrying.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3d026d2425)
2021-06-15 12:16:10 +01:00
Daniel Golle
25c75424e7 ugps: update to git HEAD
86ee86e nmea: parse $GPZDA sentences for date/time
 8e12414 nmea: parse $GPGLL sentences for position
 5e88403 ubus: display only available information

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3a8b75b569)
2021-06-15 12:16:10 +01:00
Hauke Mehrtens
aeb7b57798 OpenWrt v21.02.0-rc3: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-06-14 20:33:17 +02:00
Hauke Mehrtens
2bc192c3f4 OpenWrt v21.02.0-rc3: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-06-14 20:33:04 +02:00
Hauke Mehrtens
2aba3e9784 opkg: update to git HEAD
1bf042d libopkg: pkg_hash: print unresolved dependencies

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit da86064611)
2021-06-14 00:02:19 +02:00
Hannu Nyman
ea308e2f38 treewide: mark selected packages nonshared
Mark uci, ubus, libubox, lua, libnl-tiny and libjson-c
as nonshared packages. This helps to keep coherent dependencies
if these ABI versioned packages are later updated.

Before this commit it is possible to get missing dependencies
in target-specific nonshared packages (like iwinfo) that depend
on these shared ABI versioned packages. If these are later updated
and rebuilt, only the new ABI version will be available for download,
while the target-specific packages in releases continue to depend on
the old ABI version.

After this commit the packages are built along the other nonshared
packages by the phase1 images buildbot and will be available at the
target/ download directories instead of packages/base dir. That will
help to keep a coherent set available.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 72cc44958e)
2021-06-14 00:02:13 +02:00
Tee Hao Wei
97df795b78 ramips: add support for Linksys EA8100 v1
Specifications:
- SoC: MT7621AT
- RAM: 256MB
- Flash: 128MB NAND
- Ethernet: 5 Gigabit ports
- WiFi: 2.4G/5G MT7615N
- USB: 1 USB 3.0, 1 USB 2.0

This device is very similar to the EA7300 v1/v2 and EA7500 v2.

Installation:

Upload the generated factory image through the factory web interface.

(following part taken from EA7300 v2 commit message:)

This might fail due to the A/B nature of this device. When flashing, OEM
firmware writes over the non-booted partition. If booted from 'A',
flashing over 'B' won't work. To get around this, you should flash the
OEM image over itself. This will then boot the router from 'B' and
allow you to flash OpenWRT without problems.

Reverting to factory firmware:

Hard-reset the router three times to force it to boot from 'B.' This is
where the stock firmware resides. To remove any traces of OpenWRT from
your router simply flash the OEM image at this point.

With thanks to Leon Poon (@LeonPoon) for the initial bringup.

Signed-off-by: Tee Hao Wei <angelsl@in04.sg>
[add missing entry in 10_fix_wifi_mac]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit b232680f84)
2021-06-10 17:09:35 +02:00
Jonathan Sturges
5e6837cf8f ramips: add support for Amped Wireless ALLY router and extender
Amped Wireless ALLY is a whole-home WiFi kit, with a router (model
ALLY-R1900K) and an Extender (model ALLY-00X19K).  Both are devices are
11ac and based on MediaTek MT7621AT and MT7615N chips.  The units are
nearly identical, except the Extender lacks a USB port and has a single
Ethernet port.

Specification:
- SoC: MediaTek MT7621AT (2C/4T) @ 880MHz
- RAM: 128MB DDR3 (Nanya NT5CC64M16GP-DI)
- FLASH: 128MB NAND (Winbond W29N01GVSIAA)
- WiFi: 2.4/5 GHz 4T4R
  - 2.4GHz MediaTek MT7615N bgn
  - 5GHz MediaTek MT7615N nac
- Switch: SoC integrated Gigabit Switch
- USB: 1x USB3 (Router only)
- BTN: Reset, WPS
- LED: single RGB
- UART:  through-hole on PCB.
   J1: pin1 (square pad, towards rear)=3.3V, pin2=RX,
   pin3=GND, pin4=TX.  Settings: 57600/8N1.

Note regarding dual system partitions
-------------------------------------

The vendor firmware and boot loader use a dual partition scheme.  The boot
partition is decided by the bootImage U-boot environment variable: 0 for
the 1st partition, 1 for the 2nd.

OpenWrt does not support this scheme and will always use the first OS
partition.  It will set bootImage to 0 during installation, making sure
the first partition is selected by the boot loader.

Also, because we can't be sure which partition is active to begin with, a
2-step flash process is used.  We first flash an initramfs image, then
follow with a regular sysupgrade.

Installation:

Router (ALLY-R1900K)
1) Install the flashable initramfs image via the OEM web-interface.
  (Alternatively, you can use the TFTP recovery method below.)
  You can use WiFi or Ethernet.
  The direct URL is:  http://192.168.3.1/07_06_00_firmware.html
  a. No login is needed, and you'll be in their setup wizard.
  b. You might get a warning about not being connected to the Internet.
  c. Towards the bottom of the page will be a section entitled "Or
  Manually Upgrade Firmware from a File:" where you can manually choose
  and upload a firmware file.
  d: Click "Choose File", select the OpenWRT "initramfs" image and click
  "Upload."
2) The Router will flash the OpenWrt initramfs image and reboot.  After
  booting, LuCI will be available on 192.168.1.1.
3) Log into LuCI as root; there is no password.
4) Optional (but recommended) is to backup the OEM firmware before
  continuing; see process below.
5) Complete the Installation by flashing a full OpenWRT image.  Note:
  you may use the sysupgrade command line tool in lieu of the UI if
  you prefer.
  a.  Choose System -> Backup/Flash Firmware.
  b.  Click "Flash Image..." under "Flash new firmware image"
  c.  Click "Browse..." and then select the sysupgrade file.
  d.  Click Upload to upload the sysupgrade file.
  e.  Important:  uncheck "Keep settings and retain the current
      configuration" for this initial installation.
  f.  Click "Continue" to flash the firmware.
  g.  The device will reboot and OpenWRT is installed.

Extender (ALLY-00X19K)
1) This device requires a TFTP recovery procedure to do an initial load
  of OpenWRT.  Start by configuring a computer as a TFTP client:
  a. Install a TFTP client (server not necessary)
  b. Configure an Ethernet interface to 192.168.1.x/24; don't use .1 or .6
  c. Connect the Ethernet to the sole Ethernet port on the X19K.
2) Put the ALLY Extender in TFTP recovery mode.
  a. Do this by pressing and holding the reset button on the bottom while
  connecting the power.
  b. As soon as the LED lights up green (roughly 2-3 seconds), release
  the button.
3) Start the TFTP transfer of the Initramfs image from your setup machine.
For example, from Linux:
tftp -v -m binary 192.168.1.6 69 -c put initramfs.bin
4) The Extender will flash the OpenWrt initramfs image and reboot.  After
booting, LuCI will be available on 192.168.1.1.
5) Log into LuCI as root; there is no password.
6) Optional (but recommended) is to backup the OEM firmware before
  continuing; see process below.
7) Complete the Installation by flashing a full OpenWRT image.  Note: you
may use the sysupgrade command line tool in lieu of the UI if you prefer.
  a.  Choose System -> Backup/Flash Firmware.
  b.  Click "Flash Image..." under "Flash new firmware image"
  c.  Click "Browse..." and then select the sysupgrade file.
  d.  Click Upload to upload the sysupgrade file.
  e.  Important:  uncheck "Keep settings and retain the current
      configuration" for this initial installation.
  f.  Click "Continue" to flash the firmware.
  g.  The device will reboot and OpenWRT is installed.

Backup the OEM Firmware:
-----------------------

There isn't any downloadable firmware for the ALLY devices on the Amped
Wireless web site. Reverting back to the OEM firmware is not possible
unless we have a backup of the original OEM firmware.

The OEM firmware may be stored on either /dev/mtd3 ("firmware") or
/dev/mtd6 ("oem").  We can't be sure which was overwritten with the
initramfs image, so backup both partitions to be safe.

  1) Once logged into LuCI, navigate to System -> Backup/Flash Firmware.
  2) Under "Save mtdblock contents," first select "firmware" and click
  "Save mtdblock" to download the image.
  3) Repeat the process, but select "oem" from the pull-down menu.

Revert to the OEM Firmware:
--------------------------
* U-boot TFTP:
  Follow the TFTP recovery steps for the Extender, and use the
  backup image.

* OpenWrt "Flash Firmware" interface:
  Upload the backup image and select "Force update"
  before continuing.

Signed-off-by: Jonathan Sturges <jsturges@redhat.com>

(cherry picked from commit 6d23e474ad)
2021-06-10 17:09:35 +02:00
Chukun Pan
9fa5b3afc9 ramips: add support for JCG Q20
JCG Q20 is an AX 1800M router.

Hardware specs:
  SoC: MediaTek MT7621AT
  Flash: Winbond W29N01HV 128 MiB
  RAM: Winbond W632GU6NB-11 256 MiB
  WiFi: MT7915 2.4/5 GHz 2T2R
  Ethernet: 10/100/1000 Mbps x3
  LED: Status (red / blue)
  Button: Reset, WPS
  Power: DC 12V,1A

Flash instructions:
  Upload factory.bin in stock firmware's upgrade page,
  do not preserve settings.

MAC addresses map:
  0x00004 *:3e wlan2g/wlan5g
  0x3fff4 *:3c lan/label
  0x3fffa *:3c wan

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 57cb387cfe)
2021-06-10 17:09:35 +02:00
Bjørn Mork
8c986d2ab9 ramips: mt7621: Add support for ZyXEL NR7101
The ZyXEL NR7101 is an 802.3at PoE powered 5G outdoor (IP68) CPE
with integrated directional 5G/LTE antennas.

Specifications:

 - SoC: MediaTek MT7621AT
 - RAM: 256 MB
 - Flash: 128 MB MB NAND (MX30LF1G18AC)
 - WiFi: MediaTek MT7603E
 - Switch: 1 LAN port (Gigabiti)
 - 5G/LTE: Quectel RG502Q-EA connected by USB3 to SoC
 - SIM: 2 micro-SIM slots under transparent cover
 - Buttons: Reset, WLAN under same cover
 - LEDs: Multicolour green/red/yellow under same cover (visible)
 - Power: 802.3at PoE via LAN port

The device is built as an outdoor ethernet to 5G/LTE bridge or
router. The Wifi interface is intended for installation and/or
temporary management purposes only.

UART Serial:

57600N1
Located on populated 5 pin header J5:

 [o] GND
 [ ] key - no pin
 [o] RX
 [o] TX
 [o] 3.3V Vcc

Remove the SIM/button/LED cover, the WLAN button and 12 screws
holding the back plate and antenna cover together. The GPS antenna
is fixed to the cover, so be careful with the cable.  Remove 4
screws fixing the antenna board to the main board, again being
careful with the cables.

A bluetooth TTL adapter is recommended for permanent console
access, to keep the router water and dustproof. The 3.3V pin is
able to power such an adapter.

MAC addresses:

OpenWrt OEM   Address          Found as
lan     eth2  08:26:97:*:*:BC  Factory 0xe000 (hex), label
wlan0   ra0   08:26:97:*:*:BD  Factory 0x4 (hex)
wwan0   usb0  random

WARNING!!

ISP managed firmware might at any time update itself to a version
where all known workarounds have been disabled.  Never boot an ISP
managed firmware with a SIM in any of the slots if you intend to use
the router with OpenWrt. The bootloader lock can only be disabled with
root access to running firmware. The flash chip is physically
inaccessible without soldering.

Installation from OEM web GUI:

- Log in as "supervisor" on https://172.17.1.1/
- Upload OpenWrt initramfs-recovery.bin image on the
  Maintenance -> Firmware page
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- (optional) Copy OpenWrt to the recovery partition. See below
- Sysupgrade to the OpenWrt sysupgrade image and reboot

Installation from OEM ssh:

- Log in as "root" on 172.17.1.1 port 22022
- scp OpenWrt initramfs-recovery.bin image to 172.17.1.1:/tmp
- Prepare bootloader config by running:
    nvram setro uboot DebugFlag 0x1
    nvram setro uboot CheckBypass 0
    nvram commit
- Run "mtd_write -w write initramfs-recovery.bin Kernel" and reboot
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- (optional) Copy OpenWrt to the recovery partition. See below
- Sysupgrade to the OpenWrt sysupgrade image and reboot

Copying OpenWrt to the recovery partition:

- Verify that you are running a working OpenWrt recovery image
  from flash
- ssh to root@192.168.1.1 and run:
    fw_setenv CheckBypass 0
    mtd -r erase Kernel2
- Wait while the bootloader mirrors Image1 to Image2

NOTE: This should only be done after successfully booting the OpenWrt
  recovery image from the primary partition during installation.  Do
  not do this after having sysupgraded OpenWrt!  Reinstalling the
  recovery image on normal upgrades is not required or recommended.

Installation from Z-Loader:

- Halt boot by pressing Escape on console
- Set up a tftp server to serve the OpenWrt initramfs-recovery.bin
  image at 10.10.10.3
- Type "ATNR 1,initramfs-recovery.bin" at the "ZLB>" prompt
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- Sysupgrade to the OpenWrt sysupgrade image

NOTE: ATNR will write the recovery image to both primary and recovery
  partitions in one go.

Booting from RAM:

- Halt boot by pressing Escape on console
- Type "ATGU" at the "ZLB>" prompt to enter the U-Boot menu
- Press "4" to select "4: Entr boot command line interface."
- Set up a tftp server to serve the OpenWrt initramfs-recovery.bin
  image at 10.10.10.3
- Load it using "tftpboot 0x88000000 initramfs-recovery.bin"
- Boot with "bootm  0x8800017C" to skip the 380 (0x17C) bytes ZyXEL
  header

This method can also be used to RAM boot OEM firmware. The warning
regarding OEM applies!  Never boot an unknown OEM firmware, or any OEM
firmware with a SIM in any slot.

NOTE: U-Boot configuration is incomplete (on some devices?). You may
  have to configure a working mac address before running tftp using
   "setenv eth0addr <mac>"

Unlocking the bootloader:

If you are unebale to halt boot, then the bootloader is locked.

The OEM firmware locks the bootloader on every boot by setting
DebugFlag to 0.  Setting it to 1 is therefore only temporary
when OEM firmware is installed.

- Run "nvram setro uboot DebugFlag 0x1; nvram commit" in OEM firmware
- Run "fw_setenv DebugFlag 0x1" in OpenWrt

  NOTE:
    OpenWrt does this automatically on first boot if necessary

  NOTE2:
    Setting the flag to 0x1 avoids the reset to 0 in known OEM
    versions, but this might change.

  WARNING:
    Writing anything to flash while the bootloader is locked is
    considered extremely risky. Errors might cause a permanent
    brick!

Enabling management access from LAN:

Temporary workaround to allow installing OpenWrt if OEM firmware
has disabled LAN management:

- Connect to console
- Log in as "root"
- Run "iptables -I INPUT -i br0 -j ACCEPT"

Notes on the OEM/bootloader dual partition scheme

The dual partition scheme on this device uses Image2 as a recovery
image only. The device will always boot from Image1, but the
bootloader might copy Image2 to Image1 under specific conditions. This
scheme prevents repurposing of the space occupied by Image2 in any
useful way.

Validation of primary and recovery images is controlled by the
variables CheckBypass, Image1Stable, and Image1Try.

The bootloader sets CheckBypass to 0 and reboots if Image1 fails
validation.

If CheckBypass is 0 and Image1 is invalid then Image2 is copied to
Image1.

If CheckBypass is 0 and Image2 is invalid, then Image1 is copied to
Image2.

If CheckBypass is 1 then all tests are skipped and Image1 is booted
unconditionally.  CheckBypass is set to 1 after each successful
validation of Image1.

Image1Try is incremented if Image1Stable is 0, and Image2 is copied to
Image1 if Image1Try is 3 or larger.  But the bootloader only tests
Image1Try if CheckBypass is 0, which is impossible unless the booted
image sets it to 0 before failing.

The system is therefore not resilient against runtime errors like
failure to mount the rootfs, unless the kernel image sets CheckBypass
to 0 before failing. This is not yet implemented in OpenWrt.

Setting Image1Stable to 1 prevents the bootloader from updating
Image1Try on every boot, saving unnecessary writes to the environment
partition.

Keeping an OpenWrt initramfs recovery as Image2 is recommended
primarily to avoid unwanted OEM firmware boots on failure. Ref the
warning above. It enables console-less recovery in case of some
failures to boot from Image1.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Tested-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit 2449a63208)
2021-06-10 17:09:35 +02:00
Adrian Schmutzler
ec8fe0a189 treewide: make AddDepends/usb-serial selective
Make packages depending on usb-serial selective, so we do not have
to add kmod-usb-serial manually for every device.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 9397b22df1)
2021-06-08 22:50:32 +02:00
Felix Fietkau
4aae7eb3c0 wireless-regdb: update to version 2021.04.21
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d76535c45e)
2021-06-08 20:44:12 +02:00
Adrian Schmutzler
0eaff67b2a umbim: fix return value of proto_mbim_setup()
The variable name appears to be mistyped.

Suggested-by: Howard Chu <hyc@symas.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6bc4c0ae3e)
2021-06-08 20:44:04 +02:00
Hauke Mehrtens
00d7a459f3 mac80211: Update to backports-5.10.42
The removed patches were integrated upstream.

The brcmf_driver_work workqueue was removed in brcmfmac with kernel
5.10.42, the asynchronous call was covered to a synchronous call. There
is no need to wait any more.
This part was removed manually from this patch:
brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 04a260911c)
2021-06-06 17:54:58 +02:00
Petr Štetiar
1b27d89d40 ubus: update to version 2021-06-03
This update contains following changes:

 * ubusd: protect against too-short messages
 * ubusd: add per-client tx queue limit
 * ubusd: convert tx_queue to linked list

Fixes: FS#1525
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 4f2243d40a)
2021-06-03 10:36:10 +02:00
Lech Perczak
27bcde303b ramips: add support for ZTE MF283+
ZTE MF283+ is a dual-antenna LTE category 4 router, based on Ralink
RT3352 SoC, and built-in ZTE P685M PCIe MiniCard LTE modem.

Hardware highlighs:
- CPU: MIPS24KEc at 400MHz,
- RAM: 64MB DDR2,
- Flash: 16MB SPI,
- Ethernet: 4 10/100M port switch with VLAN support,
- Wireless: Dual-stream 802.11n (RT2860), with two internal antennas,
- WWAN: Built-in ZTE P685M modem, with two internal antennas and two
  switching SMA connectors for external antennas,
- FXS: Single ATA, with two connectors marked PHONE1 and PHONE2,
  internally wired in parallel by 0-Ohm resistors, handled entirely by
  internal WWAN modem.
- USB: internal miniPCIe slot for modem,
  unpopulated USB A connector on PCB.
- SIM slot for the WWAN modem.
- UART connector for the console (unpopulated) at 3.3V,
  pinout: 1: VCC, 2: TXD, 3: RXD, 4: GND,
  settings: 57600-8-N-1.
- LEDs: Power (fixed), WLAN, WWAN (RGB),
  phone (bicolor, controlled by modem), Signal,
  4 link/act LEDs for LAN1-4.
- Buttons: WPS, reset.

Installation:
As the modem is, for most of the time, provided by carriers, there is no
possibility to flash through web interface, only built-in FOTA update
and TFTP recovery are supported.

There are two installation methods:
(1) Using serial console and initramfs-kernel - recommended, as it
allows you to back up original firmware, or
(2) Using TFTP recovery - does not require disassembly.

(1) Using serial console:
To install OpenWrt, one needs to disassemble the
router and flash it via TFTP by using serial console:
- Locate unpopulated 4-pin header on the top of the board, near buttons.
- Connect UART adapter to the connector. Use 3.3V voltage level only,
  omit VCC connection. Pin 1 (VCC) is marked by square pad.
- Put your initramfs-kernel image in TFTP server directory.
- Power-up the device.
- Press "1" to load initramfs image to RAM.
- Enter IP address chosen for the device (defaults to 192.168.0.1).
- Enter TFTP server IP address (defaults to 192.168.0.22).
- Enter image filename as put inside TFTP server - something short,
  like firmware.bin is recommended.
- Hit enter to load the image. U-boot will store above values in
  persistent environment for next installation.
- If you ever might want to return to vendor firmware,
  BACK UP CONTENTS OF YOUR FLASH NOW.
  For this router, commonly used by mobile networks,
  plain vendor images are not officially available.
  To do so, copy contents of each /dev/mtd[0-3], "firmware" - mtd3 being the
  most important, and copy them over network to your PC. But in case
  anything goes wrong, PLEASE do back up ALL OF THEM.
- From under OpenWrt just booted, load the sysupgrade image to tmpfs,
  and execute sysupgrade.

(2) Using TFTP recovery
- Set your host IP to 192.168.0.22 - for example using:
sudo ip addr add 192.168.0.22/24 dev <interface>
- Set up a TFTP server on your machine
- Put the sysupgrade image in TFTP server root named as 'root_uImage'
  (no quotes), for example using tftpd:
  cp openwrt-ramips-rt305x-zte_mf283plus-squashfs-sysupgrade.bin /srv/tftp/root_uImage
- Power on the router holding BOTH Reset and WPS buttons held for around
  5 seconds, until after WWAN and Signal LEDs blink.
- Wait for OpenWrt to start booting up, this should take around a
  minute.

Return to original firmware:
Here, again there are two possibilities are possible, just like for
installation:
(1) Using initramfs-kernel image and serial console
(2) Using TFTP recovery

(1) Using initramfs-kernel image and serial console
- Boot OpenWrt initramfs-kernel image via TFTP the same as for
  installation.
- Copy over the backed up "firmware.bin" image of "mtd3" to /tmp/
- Use "mtd write /tmp/firmware.bin /dev/mtd3", where firmware.bin is
  your backup taken before OpenWrt installation, and /dev/mtd3 is the
  "firmware" partition.

(2) Using TFTP recovery
- Follow the same steps as for installation, but replacing 'root_uImage'
  with firmware backup you took during installation, or by vendor
  firmware obtained elsewhere.

A few quirks of the device, noted from my instance:
- Wired and wireless MAC addresses written in flash are the same,
  despite being in separate locations.
- Power LED is hardwired to 3.3V, so there is no status LED per se, and
  WLAN LED is controlled by WLAN driver, so I had to hijack 3G/4G LED
  for status - original firmware also does this in bootup.
- FXS subsystem and its LED is controlled by the
  modem, so it work independently of OpenWrt.
  Tested to work even before OpenWrt booted.
  I managed to open up modem's shell via ADB,
  and found from its kernel logs, that FXS and its LED is indeed controlled
  by modem.
- While finding LEDs, I had no GPL source drop from ZTE, so I had to probe for
  each and every one of them manually, so this might not be complete -
  it looks like bicolor LED is used for FXS, possibly to support
  dual-ported variant in other device sharing the PCB.
- Flash performance is very low, despite enabling 50MHz clock and fast
  read command, due to using 4k sectors throughout the target. I decided
  to keep it at the moment, to avoid breaking existing devices - I
  identified one potentially affected, should this be limited to under
  4MB of Flash. The difference between sysupgrade durations is whopping
  3min vs 8min, so this is worth pursuing.

In vendor firmware, WWAN LED behaviour is as follows, citing the manual:
- red - no registration,
- green - 3G,
- blue - 4G.
Blinking indicates activity, so netdev trigger mapped from wwan0 to blue:wwan
looks reasonable at the moment, for full replacement, a script similar to
"rssileds" would need to be developed.

Behaviour of "Signal LED" in vendor firmware is as follows:
- Off - no signal,
- Blinking - poor coverage
- Solid - good coverage.

A few more details on the built-in LTE modem:
Modem is not fully supported upstream in Linux - only two CDC ports
(DIAG and one for QMI) probe. I sent patches upstream to add required device
IDs for full support.
The mapping of USB functions is as follows:
- CDC (QCDM) - dedicated to comunicating with proprietary Qualcomm tools.
- CDC (PCUI) - not supported by upstream 'option' driver yet. Patch
  submitted upstream.
- CDC (Modem) - Exactly the same as above
- QMI - A patch is sent upstream to add device ID, with that in place,
  uqmi did connect successfully, once I selected correct PDP context
  type for my SIM (IPv4-only, not default IPv4v6).
- ADB - self-explanatory, one can access the ADB shell with a device ID
  added to 51-android.rules like so:

SUBSYSTEM!="usb", GOTO="android_usb_rules_end"
LABEL="android_usb_rules_begin"
SUBSYSTEM=="usb", ATTR{idVendor}=="19d2", ATTR{idProduct}=="1275", ENV{adb_user}="yes"
ENV{adb_user}=="yes", MODE="0660", GROUP="plugdev", TAG+="uaccess"
LABEL="android_usb_rules_end"

While not really needed in OpenWrt, it might come useful if one decides to
move the modem to their PC to hack it further, insides seem to be pretty
interesting. ADB also works well from within OpenWrt without that. O
course it isn't needed for normal operation, so I left it out of
DEVICE_PACKAGES.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[remove kmod-usb-ledtrig-usbport, take merged upstream patches]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>

(cherry picked from commit 59d065c9f8)
[Manually remove no longer needed patches for modem]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2021-06-02 21:29:16 +02:00
Hauke Mehrtens
d484366a9e OpenWrt v21.02.0-rc2: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-29 20:02:03 +02:00
Hauke Mehrtens
3e09cc4969 OpenWrt v21.02.0-rc2: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-29 20:01:58 +02:00
Rafał Miłecki
c2139eef27 base-files: simplify setting device MAC
1. Move code above interface generation
   It results in more logical order. Device gets its config section
   above interface section.
2. Drop the loop
   We have separated code handling bridges now so $device should be
   guaranteed to contain a single device name.
3. Drop section name
   It's not required by netifd or LuCI & it's not needed by this script
   as $device contains a single device name now.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e002179a6d)
2021-05-28 16:04:04 +02:00
Jo-Philipp Wich
0bc3f51aa6 ubox: fix init script validation of log_ip option
The underlying logread process uses usock() to handle remote connections
which is able to handle both hostnames and IP addresses.

Ref: https://github.com/openwrt/luci/issues/5077
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ec83fb9ced)
2021-05-28 15:25:31 +02:00
Rafał Miłecki
16ccf888ee base-files: generate network config with "device" options
Replace "ifname" with "device" as netifd has been recently patches to
used the later one. It's more clear and accurate.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4b9a67362d)
2021-05-27 11:39:15 +02:00
INAGAKI Hiroshi
77d96e925f base-files: fix configuration generation of network if "bridge" exists
After the commit 43fc720657
("base-files: generate "device UCI type section for bridge"), the wrong
network configuration is generated for the devices that already have the
bridge device section for VLAN, such as the devices in realtek target.

As a result, the bridge device by additional "device" section is
specified to the "ports" option in the "bridge-vlan" section and netifd
shuts down the switch and the ethernet when the network service started.

Fixes: 43fc720657 ("base-files: generate "device" UCI type section for bridge")
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
[rmilecki: use $ports for generate_bridge_vlan argument]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8cc4e87a2f)
2021-05-27 11:39:15 +02:00
Rafał Miłecki
fc605c01f6 base-files: support setting bridge MAC address
Fixes: 43fc720657 ("base-files: generate "device" UCI type section for bridge")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7a90ad3c43)
2021-05-27 11:39:15 +02:00
Rafał Miłecki
0d90023633 base-files: generate bridge device sections with br- name prefix
Missing br- prefix could result in name conflict between DSA port
interface and bridge interface. Some devices with just one LAN port use
"lan" interface name for DSA port. Trying to create bridge with the same
"lan" name was failing.

Reported-by: David Bauer <mail@david-bauer.net>
Fixes: 43fc720657 ("base-files: generate "device" UCI type section for bridge")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0e459668c5)
2021-05-27 11:39:15 +02:00
Rafał Miłecki
892fc7caa9 base-files: generate "device" UCI type section for bridge
This switches from the old way of defining bridges in an "interface" UCI
section type (that should be used for layer 3 only). From now a defualt
board switch will have its own "device" UCI section type. It's a new &
preferred way of defining L2 devices.

Before:

config interface 'lan'
        option type 'bridge'
        option ifname 'lan1 lan2 lan3 lan4'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

After:

config device
        option name 'lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option ifname 'lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 43fc720657)
2021-05-27 11:39:15 +02:00
Paul Spooren
4b691077e0 busybox: show reproducible timestamp
On login busybox shows a timestamp per default contianing the build
date. Since the build date isn't reproducible per default this behaviour
was disabled by default via 34df4d40 "busybox: disable timestamp in
version".

This commit modifies busybox so that the printed timestamp reproducible
using SOURCE_DATE_EPOCH and therefore shouldn't be disabled anymore.

Before:

    BusyBox v1.33.1 () built-in shell (ash)

After:

    BusyBox v1.33.1 (2021-05-13 09:34:34 UTC) built-in shell (ash)

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit a725382978)
2021-05-27 00:03:12 +02:00
Paul Spooren
6b6bcca1a0 busybox: use $(AUTORELEASE) and SPDX
use AUTORELEASE since BusyBox is often updaten and PKG_RELEASE is not
consistently bumped. Also use SPDX license headers to be machine
readable and bump the copyright year to 2021.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 25fdb42249)
2021-05-27 00:03:05 +02:00
Rafał Miłecki
bab7a1120c netifd: update to the latest master
899c2a4 interface: support "device" attribute and deprecate "ifname"
62e3cb5 scripts/netifd-wireless.sh: add support for specifying the operating band

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5fe549836f)
2021-05-26 08:32:54 +02:00
Rafał Miłecki
83d07db2f2 netifd: update to the latest master
config: fix ifname->ports compat rename

Fixes: 829b5c2ba3 ("netifd: update to the latest version")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cea6631cdf)
2021-05-26 08:32:54 +02:00
Felix Fietkau
e78ef58431 netifd: update to the latest version
02dd2f2df7cb fix unannotated fall-through warnings
3052f2f67686 extdev: remove unused function
2a97fd006c3b device: add support for configuring devices with external auth handler
87e469be0c08 wireless: fix memory corruption bug when using vlans/station entries in the config
7277764bf817 bridge: rename "ifname" attribute to "ports"

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 829b5c2ba3)
2021-05-26 08:32:54 +02:00
Felix Fietkau
834167b42e libubox: update to the latest version
870acee325fe tests: cram: test_base64: fix failing tests
4d8995e91d56 tests: cram: test_base64: really fix failing tests
551d75b5662c libubox: tests: add more blobmsg/json test cases
a0dbcf8b8f96 tests: add blob-buffer overflow test
b36a3a90098d blob: fix exceeding maximum buffer length
b8abed749423 utils.h: add fallthrough macro
b14c4688612c json_script: fix unannotated fall-through warning

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 04d21604fd)
2021-05-26 08:32:54 +02:00
Leon M. George
ef14916947 netifd: read udhcpc user scripts from directory
Placeholder DHCP user scripts were added recently.

These files make package-based installations of such scripts more difficult.
Pull user callbacks from directories instead to allow packages and users to
install co-existing scripts more easily.

References:
130118f7a netifd: add a udhcpc.user placeholder script

Signed-off-by: Leon M. George <leon@georgemail.eu>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit 467c32600c)
2021-05-26 08:32:54 +02:00
Hauke Mehrtens
f3a0f906b5 netifd: update to Git version 2021-04-03
f8899b9 netifd: bridge: set default value for igmp_snoop
327da98 netifd: add possibility to switch off route config

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b974293efa)
2021-05-26 08:32:54 +02:00
Daniel Golle
252660bf3b netifd: update to git HEAD
09632d4 device: remove left-over comment
 b22f83d handler: add mechanism to generate external device handler stubs
 80bf9d7 extdev: add support for external device handlers
 44c0f40 system-linux: reorder sysctl functions
 c84f3b0 system-linux: add device options used by wpad

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e62ace0ecf)
2021-05-26 08:32:54 +02:00
Rui Salvaterra
5b16484b0d netifd: add a udhcpc.user placeholder script
Document the existence of this feature. This allows the user to execute a script
at each DHCPv4 event. This is useful, for example, as an ad-hoc way to update a
DDNS entry when (and only when) required.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 130118f7aa)
2021-05-26 08:32:53 +02:00
Daniel Golle
21a3599a9a libubox: update to git HEAD
2e52c7e libubox: fix BLOBMSG_CAST_INT64 (do not override BLOBMSG_TYPE_DOUBLE)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c82cc4407a)
2021-05-26 08:32:53 +02:00
Rafał Miłecki
d9603bbd3e base-files: use "ports" array in board.json network for bridges
Bridge aggregates multiple ports so use a more accurate name ("ports")
and format (array) for storing them in board.json.

Example:

"network": {
	"lan": {
		"ports": [
			"lan1",
			"lan2",
			"lan3",
			"lan4"
		],
		"protocol": "static"
	},
	"wan": {
		"ifname": "wan",
		"protocol": "dhcp"
	}
}

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d42640e389)
2021-05-24 10:36:28 +02:00
Hauke Mehrtens
abc2fff80f treewide: Mark packages nonshared if they depend on @TARGET_
This marks all packages which depend on a target with @TARGET nonshared.
If they are not marked nonshared they would be build by the SDK build
and if this happens with a different SDK, then the SDK from the target
the package depends on, the package would not be added to the index.

This should fix the image builder for some of these packages.

This should fix the image builder at least for bcm27xx/bcm2710 and
bcm4908/generic.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1903233f2b)
2021-05-24 00:39:26 +02:00
Baptiste Jonglez
bbbc01ede5 uclient: update to Git version 2021-05-14
6a6011d uclient-http: set eof mark when content-length is 0
19571e4 tests: fix help usage test for uclient built with sanitizer
c5fc04b tests: fix help usage test

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 1ec6fc4dcb)
2021-05-17 23:03:13 +02:00
Hauke Mehrtens
bc2225fe73 uclient: update to Git version 2021-04-03
83efca2 tests: fix possibly longer start of HTTP server
64e00d6 uclient-fetch: document missing options

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1371910b76)
2021-05-17 23:03:13 +02:00
Baptiste Jonglez
b62fa7453a busybox: disable PREFER_IPV4_ADDRESS
PREFER_IPV4_ADDRESS is broken on IPv6-only hosts, as it causes busybox
utilities (ping, traceroute, ntpd) to forcibly use the A record instead of
the AAAA record when resolving a DNS name.  This obviously fails when
there is no IPv4 connectivity.  Since IPv6-only hosts or routers will only
become more common over time, disable PREFER_IPV4_ADDRESS to support this
use-case.

As a side-effect, disabling PREFER_IPV4_ADDRESS changes the default
resolution behaviour of busybox utilities on dual-stack hosts.  Busybox
utilities now simply use the order given by getaddrinfo(), so they will
now prefer IPv6 addresses when resolving a name with both A and AAAA
records if there is IPv6 connectivity.  This is in line with RFC 6724.

PREFER_IPV4_ADDRESS was likely intended to work around naive
implementations of getaddrinfo() that could return AAAA records first,
even on an IPv4-only host.  But both musl (since 1.1.3) and glibc
correctly implement RFC 6724 for getaddrinfo() and check connectivity to
determine the correct order in which to return records.  On IPv4-only
hosts, getaddrinfo() will return A records first, so there is no need for
the PREFER_IPV4_ADDRESS hack.

See also: https://bugs.busybox.net/show_bug.cgi?id=12381

Fixes: FS#84
Fixes: FS#2608
References: https://github.com/openwrt/openwrt/pull/4167
Signed-off-by: Alexander Traud <pabstraud@compuserve.com>
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 7fea9d9f5d)
2021-05-17 23:03:13 +02:00
Hauke Mehrtens
003fbfbf94 openwrt-keyring: Only copy sign key for 21.02
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the OpenWrt 21.02 feeds.

If one of the other keys would be compromised this would not affect
users of 21.02 release builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-17 19:13:43 +02:00
Daniel Golle
dee89d42ed procd: update to git HEAD
2be57ed cosmetics: provide compatible system info on Aarch64
 37eed13 system: expose if system was booted from initramfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit 5f1bd95278)
2021-05-16 19:05:43 +02:00
Felix Fietkau
43e4ba5863 mt76: update to the latest version
Includes fix for CVE-2020-24588

186af01047b2 mt76: mt7921: introduce MCU_EVENT_LP_INFO event parsing
93b5c28c97d5 mt76: mt7921: add rcu section in mt7921_mcu_tx_rate_report
a8e89c5a1d1f mt76: testmode: add support to send larger packet
a0cc9a9e3877 mt76: mt7915: rework mt7915_tm_set_tx_len()
c8b96630324e mt76: mt7915: fix rate setting of tx descriptor in testmode
22fd2958c42a mt76: mt7615: fix memleak when mt7615_unregister_device()
7401e0db3143 mt76: mt7915: fix memleak when mt7915_unregister_device()
c3656268b3f6 mt76: mt7915: only free skbs after mt7915_dma_reset() when reset happens
0ce955b04ba8 mt76: mt7615: only free skbs after mt7615_dma_reset() when reset happens
b03d1e62acf7 mt76: mt7615: use ieee80211_free_txskb() in mt7615_tx_token_put()
5ac02e22fb03 mt76: flush tx status queue on DMA reset
c71f609b398a mt76: sync with upstream changes
23ecadd4af77 mt76: mt7615: fix hardware error recovery for mt7663
57a899ee3c3c mt76: mt7615: fix entering driver-own state on mt7663
42a2dddb706b mt76: mt7615: load ROM patch before checking patch semaphore status
cf0e406af84a mt76: mt7915: add support for applying pre-calibration data
459940ccbc58 mt76: mt7921: move hw configuration in mt7921_register_device
0a094b11f3c0 mt76: improve mcu error logging
bf536832e37d mt76: mt7921: run mt7921_mcu_fw_log_2_host holding mt76 mutex
7616f4f78163 mt76: mt7921: add wifisys reset support in debugfs
e620bd881ef5 mt76: mt7921: abort uncompleted scan by wifi reset
e8dacf59ab1c mt76: mt7915: rework the flow of txpower setting
c8c78e577236 mt76: mt7915: directly read per-rate tx power from registers
1622bf4f8705 mt76: mt7921: add mt7921_dma_cleanup in mt7921_unregister_device
ef96fafad8a9 mt76: Convert to DEFINE_SHOW_ATTRIBUTE
90e4bfea2948 mt76: mt7921: do not use 0 as NULL pointer
0a139d7f5966 mt76: connac: move mcu_update_arp_filter in mt76_connac module
de26c73ce3c2 mt76: mt7921: remove leftover function declaration
1c0b6cb4f942 mt76: mt7921: fix a race between mt7921_mcu_drv_pmctrl and mt7921_mcu_fw_pmctrl
2923e3e2b8e4 mt76: mt7663: fix a race between mt7615_mcu_drv_pmctrl and mt7615_mcu_fw_pmctrl
74d0fdaa7a99 mt76: connac: introduce wake counter for fw_pmctrl synchronization
28c87e09a5ea mt76: mt7921: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx path
36f664edc7db mt76: mt7663: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx path
51b3d1a9a2b7 mt76: dma: add the capability to define a custom rx napi poll routine
4f1339c9fb72 mt76: mt7921: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx/rx napi
1bc5e67a60be mt76: mt7663: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx/rx napi
325f7b451c03 mt76: connac: unschedule ps_work in mt76_connac_pm_wake
12115052a02f mt76: connac: check wake refcount in mcu_fw_pmctrl
e5d28e3cef66 mt76: connac: remove MT76_STATE_PM in mac_tx_free
475112a3cdcc mt76: mt7921: get rid of useless MT76_STATE_PM in mt7921_mac_work
112998f32d85 mt76: connac: alaways wake the device before scanning
4334f3e2fc43 mt76: mt7615: rely on pm refcounting in mt7615_led_set_config
0562380659ad mt76: connac: do not run mt76_txq_schedule_all directly
acfa78df5708 mt76: connac: use waitqueue for runtime-pm
ca74a4cd0722 mt76: remove MT76_STATE_PM in tx path
0c2d3e74852e mt76: mt7921: add awake and doze time accounting
45e0eefffe9f mt76: mt7921: enable sw interrupts
fd2ff641166f mt76: mt7615: Fix a dereference of pointer sta before it is null checked
7e2521468767 mt76: mt7921: move mt7921_dma_reset in dma.c
c9dd6b1fa171 mt76: mt7921: introduce mt7921_wpdma_reset utility routine
2ac7c7e9c568 mt76: mt7921: introduce mt7921_dma_{enable,disable} utilities
662a89f2b9d1 mt76: mt7921: introduce mt7921_wpdma_reinit_cond utility routine
614efe9e9180 mt76: connac: introduce mt76_connac_mcu_set_deep_sleep utility
0dbb16ef39d8 mt76: mt7921: enable deep sleep when the device suspends
3c19f569cc70 mt76: mt7921: fix possible invalid register access
ade1f5aad4c6 mt76: move token_lock, token and token_count in mt76_dev
8d5c456be1ff mt76: move token utilities in mt76 common module
fb04d9df5e52 mt76: mt7915: do not read rf value from efuse in flash mode
2126b2176336 mt76: mt7921: get rid of mcu_reset function pointer
d325b7eff1b1 mt76: mt7921: improve doze opportunity
2ae25c7e547e mt76: mt7663: add awake and doze time accounting
349bbb9d6f13 mt76: connac: unschedule mac_work before going to sleep
98a235004dea mt76: mt7921: mt7921_stop should put device in fw_own state
63d80b9ab251 mt76: mt7921: introduce mt7921_mcu_sta_add routine
3c5bf837fdbd mt76: mt7615: fix a precision vs width bug in printk
ded14da5eacc mt76: mt7915: fix a precision vs width bug in printk
aaf0d254f9ea mt76: mt7921: fix a precision vs width bug in printk
757af5c67d32 mt76: move mt76_token_init in mt76_alloc_device
ed41ed73a495 mt76: mt7921: reinit wpdma during drv_own if necessary
92fb81e085c6 mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
53d915a23bc9 mt76: connac: do not schedule wake_work if the runtime-pm is disabled
23fe1bdcf15a mt76: connac: do not schedule mac_work if the device is not running
e5b19336c58e mt76: mt7615: do not set MT76_STATE_PM at bootstrap
0fc2136a61dd mt76_connac_mcu: move mt76_connac_mcu_update_arp_filter outside of CONFIG_PM
e693f3e23e06 mt76: mt7915: add MSI support
5231e7300fa4 mt7915: disable ASPM
554b50dabf54 mt76: connac: fix uninitialized HT A-MPDU setting field in STA_REC_PHY
43b9c0a838bb mt76: mt7921: fix max aggregation subframes setting
5a387a0a3004 mt76: mt7921: enable rx hw de-amsdu
c8cbcb87be07 mt76: connac: add missing configuration in mt76_connac_mcu_wtbl_hdr_trans_tlv
55921e57b380 mt76: mt7921: enable rx header traslation offload
01441f67d8b2 mt76: mt7921: enable rx csum offload
c9ab76dd93a0 mt76: mt7915: move mt7915_queue_rx_skb to mac.c
caedb4c4ee41 mt76: mt7615: fix fixed-rate tx status reporting
c6ae95d43e6d mt76: improve tx status codepath
27d468d094e6 mt76: mt7915: rework tx rate reporting
3b4ca5b09e2c mt76: mt7615: avoid use of ieee80211_tx_info_clear_status
e1f07d7f1cb9 mt76: mt7603: avoid use of ieee80211_tx_info_clear_status
18513ba5fbc2 mt76: mt7915: add support for tx status reporting
35f189cf81b2 mt76: mt7915: fix uninitialized variable in MSI error handling
9e928ac1ea9b mt76: dma: use ieee80211_tx_status_ext to free packets when tx fails
628eee9c386c mt76: fill queue entry wcid for all skbs with a station
a9bc4d94b7a1 mt76: intialize tx queue entry wcid to 0xffff by default
998ca8af7d17 mt76: mt7915: fix tssi indication field of DBDC NICs
7dd24b3cfacf mt76: mt7915: fix a signedness bug in mt7915_mcu_apply_tx_dpd()
535025d65d8d mt76: mt7915: cleanup mt7915_mcu_sta_rate_ctrl_tlv()
ff8bbe22dd87 mt76: mt7915: add .set_bitrate_mask() callback
c7dd54a22e30 mt76: connac: skip wtbl reset on sta disconnect
3511fd430356 mt76: validate rx A-MSDU subframes
aedc3145de6e mt76: fix possible NULL pointer dereference in mt76_tx
5c2baab92cd0 mt76: mt7615: fix NULL pointer dereference in tx_prepare_skb()
af21659ee834 mt76: mt76x0: use dev_debug instead of dev_err for hw_rf_ctrl
e423c16f16f7 mt76: mt7615: free irq if mt7615_mmio_probe fails
f2d0da8da9b7 mt76: mt7663: enable hw rx header translation
d2713a5d9de9 mt76: mt7921: fix mt7921_wfsys_reset sequence
ce5f32d84f33 mt76: mt7921: Don't alter Rx path classifier
8ab8c7747197 mt76: connac: fw_own rely on all packet memory all being free
a747b0bb4956 mt76: mt7921: enable deep sleep at runtime
2e6e999509b1 mt76: mt7921: add deep sleep control to runtime-pm knob
30bcb2338ce2 mt76: connac: fix WoW with disconnetion and bitmap pattern
56518f4a126e mt76: mt7921: consider the invalid value for to_rssi
e969ab10a034 mt76: mt7921: add back connection monitor support
28b162366d09 mt76: fix calling mt76_get_of_eeprom with an offset for pre-cal data
9d736545bb5a mt76: mt7915: disable pre-calibration support for now

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit f62aa9e781)
2021-05-16 08:48:22 +02:00
Felix Fietkau
5869423d21 mac80211: backport upstream fixes for FragAttacks
From the patch series description:

Several security issues in the 802.11 implementations were found by
Mathy Vanhoef (New York University Abu Dhabi), who has published all
the details at

	https://papers.mathyvanhoef.com/usenix2021.pdf

Specifically, the following CVEs were assigned:

 * CVE-2020-24586 - Fragmentation cache not cleared on reconnection
 * CVE-2020-24587 - Reassembling fragments encrypted under different
                    keys
 * CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to
                    payload being parsed as an L2 frame under an
                    A-MSDU bit toggling attack
 * CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
 * CVE-2020-26140 - Accepting plaintext data frames in protected
                    networks
 * CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
 * CVE-2020-26142 - Processing fragmented frames as full frames
 * CVE-2020-26143 - Accepting fragmented plaintext frames in
                    protected networks
 * CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that
                    start with RFC1042 header with EAPOL ethertype
 * CVE-2020-26145 - Accepting plaintext broadcast fragments as full
                    frames
 * CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive
                    packet numbers
 * CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments

In general, the scope of these attacks is that they may allow an
attacker to
 * inject L2 frames that they can more or less control (depending on the
   vulnerability and attack method) into an otherwise protected network;
 * exfiltrate (some) network data under certain conditions, this is
   specific to the fragmentation issues.

A subset of these issues is known to apply to the Linux IEEE 802.11
implementation (mac80211). Where it is affected, the attached patches
fix the issues, even if not all of them reference the exact CVE IDs.

In addition, driver and/or firmware updates may be necessary, as well
as potentially more fixes to mac80211, depending on how drivers are
using it.

Specifically, for Intel devices, firmware needs to be updated to the
most recently released versions (which was done without any reference
to the security issues) to address some of the vulnerabilities.

To have a single set of patches, I'm also including patches for the
ath10k and ath11k drivers here.

We currently don't have information about how other drivers are, if
at all, affected.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-16 08:48:22 +02:00
Nick Hainke
0e49178f93 busybox: update to 1.33.1
Remove backports:
- 001-backport1330fix-ash-make-strdup-copy.patch
- 002-backport1330fix-traceroute.patch
- 005-backport-CVE-2021-28831.patch

Remove upstreamed:
- 010-fix-wrong-variable.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
[don't use $(AUTORELEASE) for now]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 6713fe030f)
2021-05-14 23:36:47 +02:00
Rui Salvaterra
c99f037493 mac80211/rtl: backport a rtl8192cu AP mode fix
Running USB devices in AP mode is never a good idea. That said, fix the TIM
issue in rtl8192cu [1], allowing these devices to "work" in AP mode.

[1] https://patchwork.kernel.org/project/linux-wireless/patch/20210419065956.6085-1-pkshih@realtek.com/

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit eeda8652f1)
2021-05-14 23:32:22 +02:00
Perry Melange
c6ce0411e1 busybox: add SRV support to nslookup_lede.c patch
Add support for querying and parsing SRV DNS records to nslookup_lede.c

This patch is based on http://lists.busybox.net/pipermail/busybox/2019-June/087359.html

Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
[reword subject, bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 3a359398f0)
2021-05-14 00:13:45 +02:00
Jo-Philipp Wich
faf9528a23 base-files: shinit: properly handle dashes in service names
Fixes: FS#3801
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 75ea878d1b)
2021-05-12 12:45:38 +02:00
Thomas Richard
4d9f3ae2bb uqmi: fix network registration loop
With some debug in qmi.sh using following patch, some errors are visible
in the registration step
@@ -29,6 +29,7 @@ proto_qmi_init_config() {
 }

 proto_qmi_setup() {
+       set -x
        local interface="$1"
        local dataformat connstat plmn_mode mcc mnc
        local device apn auth username password pincode delay modes pdptype
@@ -224,6 +225,8 @@ proto_qmi_setup() {
                fi
        done

+       registration=$(uqmi -s -d "$device" --get-serving-system)
+
        [ -n "$modes" ] && uqmi -s -d "$device" --set-network-modes "$modes" > /dev/null 2>&1

        echo "Starting network $interface"

During the boot of the system, modem could not start automatically its
network registration.
netifd: wan (9235): + echo 'Waiting for network registration'
netifd: wan (9235): Waiting for network registration
netifd: wan (9235): + local 'registration_timeout=0'
netifd: wan (9235): + uqmi -s -d /dev/cdc-wdm1 --get-serving-system
netifd: wan (9235): + grep '"searching"'
netifd: wan (9235): + uqmi -s -d /dev/cdc-wdm1 --get-serving-system
netifd: wan (9235): + registration='{"registration":"not_registered","plmn_mcc":208,"plmn_mnc":20,"plmn_description":"","roaming":true}'
netifd: wan (9235): + '[' -n  ]
netifd: wan (9235): + echo 'Starting network wan'

As the while loop checks only "searching" pattern, uqmi.sh script quits
searching loop and continues whereas the modem is not registered

Other issue, after X seconds modem stops searching.
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + grep '"searching"'
netifd: wan (9213): + '[' -e /dev/cdc-wdm0 ]
netifd: wan (9213): + '[' 3 -lt 0 -o 0 '=' 0 ]
netifd: wan (9213): + let registration_timeout++
netifd: wan (9213): + sleep 1
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + grep '"searching"'
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + registration='{"registration":"not_registered"}'
netifd: wan (9213): + '[' -n  ]
netifd: wan (9213): + echo 'Starting network wan'
netifd: wan (9213): Starting network wan

If registration_timeout is not expired, registration can be restarted

Signed-off-by: Thomas Richard <thomas.richard@kontron.com>
Tested-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 2eda042d55)
2021-05-11 19:56:20 +02:00
Alan Swanson
d1a056f620 dnsmasq: Update to version 2.85
Fixes issue with merged DNS requests in 2.83/2.84 not being
retried on the firsts failed request causing lookup failures.

Also fixes the following security problem in dnsmasq:
* CVE-2021-3448:
  If specifiying the source address or interface to be used
  when contacting upstream name servers such as:
  server=8.8.8.8@1.2.3.4, server=8.8.8.8@1.2.3.4#66 and
  server=8.8.8.8@eth0 then all would use the same socket
  bound to the explicitly configured port. Now only
  server=8.8.8.8@1.2.3.4#66 will use the explicitly
  configured port and the others random source ports.

Remove upstreamed patches and update remaining patch.

Signed-off-by: Alan Swanson <reiver@improbability.net>
[refreshed old runtime support patch]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 3980daffa4)
2021-05-05 09:22:36 +01:00
Hauke Mehrtens
08cfc7a0d3 ltq-dsl-base: Make package nonshared to fix image builder
This package depends on the lantiq target and is only build for that
target. A normal package would be build by the SDK builder probably
under a different target and then this package will not be selected.
Mark it as nonshared to build it when the lantiq target gets build.

Fixes: FS#3773, FS#3774
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 454d514f46)
2021-05-04 22:29:38 +02:00
Hauke Mehrtens
ce41fc38ba mac80211: Update to version 5.10.34-1
The removed patches were applied upstream and are not needed anymore.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 17ac9849d3)
2021-05-04 22:29:34 +02:00
Hauke Mehrtens
a641502849 busybox: backport fix for CVE-2021-28831
This backports a fix for the low priority CVE-2021-28831:
  decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit
  on the huft_build result pointer, with a resultant invalid free or
  segmentation fault, via malformed gzip data.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 13397b2b95)
2021-05-04 22:29:29 +02:00
Roger Pueyo Centelles
701d25b551 ipq40xx: add support for MikroTik SXTsq 5 ac
This commit adds support for the MikroTik SXTsq 5 ac (RBSXTsqG-5acD),
an outdoor 802.11ac wireless CPE with one 10/100/1000 Mbps Ethernet
port.

Specifications:
 - SoC: Qualcomm Atheros IPQ4018
 - RAM: 256 MB
 - Storage: 16 MB NOR
 - Wireless: IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 16 dBi antennae
 - Ethernet: IPQ4018 (SoC) 1x 10/100/1000 port, 10-28 Vdc PoE in
 - 1x Ethernet LED (green)
 - 7x user-controllable LEDs
  · 1x power (blue)
  · 1x user (green)
  · 5x rssi (green)

Note:
 Serial UART is probably available on the board, but it has not been
 tested.

Flashing:
 Boot via TFTP the initramfs image. Then, upload a sysupgrade image
 via SSH and flash it normally. More info at the "Common procedures
 for MikroTik products" page https://openwrt.org/toh/mikrotik/common.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(cherry picked from commit d1f1e5269e)
[Compile and Run Tested]
Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-05-03 14:57:29 +02:00
Robert Marko
3ce7f1e477 ipq40xx: add MikroTik hAP ac2 support
This adds support for the MikroTik RouterBOARD RBD52G-5HacD2HnD-TC
(hAP ac²), a  indoor dual band, dual-radio 802.11ac
wireless AP with integrated omnidirectional antennae, USB port and  five
10/100/1000 Mbps Ethernet ports.

See https://mikrotik.com/product/hap_ac2 for more info.

Specifications:
 - SoC: Qualcomm Atheros IPQ4018
 - RAM: 128 MB
 - Storage: 16 MB NOR
 - Wireless:
   · Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, 2.5 dBi antennae
   · Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 2.5 dBi antennae
 - Ethernet: Built-in IPQ4018 (SoC, QCA8075) , 5x 1000/100/10 port,
             passive PoE in
- 1x USB Type A port

Installation:
Boot the initramfs image via TFTP and then flash the sysupgrade
image using "sysupgrade -n"

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit faea7becaf)
[Compile Tested]
Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-05-03 14:57:29 +02:00
Felix Fietkau
f066ee2ad5 mac80211: minstrel_ht: fix issue in calculating success probability
Missing braces in a macro were leading to badly working rates sometimes
getting a success probabilty of 1.0

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 12cb52bd06)
2021-04-28 21:11:15 +02:00
Florian Eckert
15cd9a5d5c ltq-vdsl-app: extent dsl metrics with state_num and power_state_num
With the old ubus dsl API, the numbers for the individual line_states and
power_states were also returned. These were not ported to the new DSL
C-API. This commit adds the missing information.

For this the internal values are mapped to numbers.

* additional JSON output for state_num:
"state_num": <map_state_number>

Since not all values are meaningful only the following values are
implemented, this can be extended if the future.

* LSTATE_MAP_NOT_INITIALIZED
* LSTATE_MAP_EXCEPTION
* LSTATE_MAP_IDLE
* LSTATE_MAP_SILENT
* LSTATE_MAP_HANDSHAKE
* LSTATE_MAP_FULL_INIT
* LSTATE_MAP_SHOWTIME_NO_SYNC
* LSTATE_MAP_SHOWTIME_TC_SYNC
* LSTATE_MAP_RESYNC

* additinal JSON output for power_level:
"power_state_num": <map_power_satte_number>,

Since there are not so many here, all are mapped.

* PSTATE_MAP_NA,
* PSTATE_MAP_L0,
* PSTATE_MAP_L1,
* PSTATE_MAP_L2,
* PSTATE_MAP_L3,

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
v6:
Add state LSTATE_MAP_NOT_INITILIZED at the beginning of the list
Start the list LSTATE_MAP with -1
Reviewed-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 4407d45d96)
2021-04-19 23:25:02 +02:00
Jeroen Peelaerts
dd43fae67b lantiq: use ActualNetDataRate for speed reporting
Switch to Actual Net Data Rate (ACTNDR) for speed reporting on lantiq VDSL modems

Refer to ITU-T G.997.1 chapter 7.5.2.8

Independent whether retransmission is used or not in a given transmit direction:
-   In L0 state, this parameter reports the Net Data Rate (as specified in G.992.3, G.992.5 or G.993.2) at which the bearer channel is operating.
-   In  L2 state, the parameter contains the Net Data Rate (as specified in G.992.3, G.992.5 or G.993.2) in the previous L0 state.

Signed-off-by: Jeroen Peelaerts <jeroen.peelaerts@gmail.com>
Reviewed-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 4f27ea7c33)
2021-04-19 23:24:57 +02:00
Jeroen Peelaerts
51a5053300 lantiq: enable G.INP retransmission counters
This commit adds monitoring for a couple of DSL line features that are
present in the lantiq firmware blobs.

* G.INP ON/OFF
* Trellis encoding ON/OFF
* Virtaul Noise ON/OFF
* Bitswap ON/OFF

Difference in size for ltq-vdsl-app = 1k
Difference in size for kmod-ltq-vdsl-vr9 < 1k

Reviewed-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Jeroen Peelaerts <jeroen.peelaerts@gmail.com>
(cherry picked from commit 48162e4c0c)
2021-04-19 23:24:36 +02:00
Hauke Mehrtens
1d5aa4bde7 OpenWrt v21.02.0-rc1: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-19 21:10:17 +02:00
Hauke Mehrtens
2ce89a3578 OpenWrt v21.02.0-rc1: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-19 21:10:14 +02:00
Hauke Mehrtens
0fc789b724 realtek: Add ZyXEL GS1900-8
The ZyXEL GS1900-8 is a 8 port switch without any PoE functionality or
SFP ports, but otherwise similar to the other GS1900 switches.

Specifications
--------------
* Device:    ZyXEL GS1900-8 v1.2
* SoC:       Realtek RTL8380M 500 MHz MIPS 4KEc
* Flash:     Macronix MX25L12835F 16 MiB
* RAM:       Nanya NT5TU128M8GE-AC 128 MiB DDR2 SDRAM
* Ethernet:  8x 10/100/1000 Mbit
* LEDs:      1 PWR LED (green, not configurable)
             1 SYS LED (green, configurable)
             8 ethernet port status LEDs (green, SoC controlled)
* Buttons:   1 on-off glide switch at the back (not configurable)
             1 reset button at the right side, behind the air-vent
               (not configurable)
             1 reset button on front panel (configurable)
* Power      12V 1A barrel connector
* UART:      1 serial header (JP2) with populated standard pin connector on
             the left side of the PCB, towards the back. Pins are labelled:
             + VCC (3.3V)
             + TX (really RX)
             + RX (really TX)
             + GND
             the labelling is done from the usb2serial connector's point of
             view, so RX/ TX are mixed up.

Serial connection parameters for both devices: 115200 8N1.

Installation
------------
Instructions are identical to those for the GS1900-10HP and GS1900-8HP.

* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs
  image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
  space bar, and enable the network:
  > rtk network on
* Since the GS1900-10HP is a dual-partition device, you want to keep the
  OEM firmware on the backup partition for the time being. OpenWrt can
  only boot off the first partition anyway (hardcoded in the DTS). To
  make sure we are manipulating the first partition, issue the following
  commands:
  > setsys bootpartition 0
  > savesys
* Download the image onto the device and boot from it:
  > tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-8-initramfs-kernel.bin
  > bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
  > sysupgrade /tmp/openwrt-realtek-generic-zyxel_gs1900-8-squashfs-sysupgrade.bin

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e6ba970b6e)
2021-04-18 12:06:18 +02:00
Stijn Segers
f1ba3a8d91 uboot-envtools: add support for ZyXEL GS-1900-8HP v1 and v2
This adds the necessary nuts and bolts for the uboot settings for both the ZyXEL GS1900-8HP v1 and v2.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
(cherry picked from commit b5bc53813d)
2021-04-18 12:06:05 +02:00
Alexander Egorenkov
eaf19220b6 base-files: fix status display command
If service() is called w/o parameter then the status display for services
with multiple instances is incorrect. E.g. samba4 or wpad have 2 instances.

root@OpenWrt:~# /etc/init.d/samba4 status
running
root@OpenWrt:~# /etc/init.d/wpad status
running

Before change:
/etc/init.d/samba4                 enabled         stopped
/etc/init.d/wpad                   enabled         stopped

After change:
/etc/init.d/samba4                 enabled         running
/etc/init.d/wpad                   enabled         running

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry picked from commit 9318f61556)
2021-04-18 12:05:54 +02:00
Rui Salvaterra
ab610f5af3 zram-swap: bail out early if the kernel doesn't support swap
Since KERNEL_SWAP is only enabled by default for !SMALL_FLASH targets, we need
to check if the current kernel supports swap before trying to configure
zram-swap, as opkg can't check for kernel dependencies.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 565dfeb128)
2021-04-18 12:05:53 +02:00
Piotr Dymacz
8bbf5bc4b0 uboot-imx6: define 'BUILD_DEVICES' for Toradex Apalis
Without 'BUILD_DEVICES' defined, the U-Boot related package won't be
automatically selected when building for Toradex Apalis device.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 8c3383799a)
2021-04-18 12:05:51 +02:00
Daniel Golle
1a0afbd6f2 umdns: add missing syscalls to seccomp filter
Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due
to changes on libraries used by umdns now using slightly different
calls.

Found using
/etc/init.d/umdns trace
now use umdns, ie. cover all ubus call etc., then
/etc/init.d/umdns stop
find list of syscalls traced in /tmp/umdns.*.json

Fixes: FS#3355 ("UMDNS: does not start on master with seccomp")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 00a85a1634)
2021-04-18 12:05:12 +02:00
Daniel Golle
36ee555c5f umdns: add syscalls needed on Aarch64
Now that ujail supports seccomp also on Aarch64, add missing syscall
'fstat' to the list of allowed syscalls.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d28880cdd8)
2021-04-18 12:05:08 +02:00
Daniel González Cabanelas
f2b7e66759 uboot-envtools: mvebu: add Buffalo LS421DE
The Buffalo Linkstation LS421DE NAS lacks an uboot env config file.

Create it via scripts.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
(cherry picked from commit 4f8da19572)
2021-04-18 12:04:24 +02:00
Rafał Miłecki
50f2f25d58 kernel: limit crypto-hw-ccp to the x86
CRYPTO_DEV_CCP depends on X86 or ARM64
CRYPTO_DEV_CCP_DD depends on CPU_SUP_AMD or ARM64

Compiling this driver makes sense for x86 mainly. If one day support for
ARM64 board with AMD Secure Processor gets added this package may be
updated.

Trying to build this package on bcm4908 was causing:
ERROR: module 'build_dir/target-aarch64_cortex-a53_musl/linux-bcm4908_generic/linux-5.4.110/drivers/crypto/ccp/ccp-crypto.ko' is missing.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cb3fb45ed1)
2021-04-14 08:42:38 +02:00
Rafał Miłecki
48262735d9 kernel: crypto: format "crypto-hw-ccp" dependencies
Use multiples lines for better readability and sort lines.

Suggested-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 107111adbb)
2021-04-14 08:42:38 +02:00
Philip Prindeville
46362c48c8 libnfnetlink: quote $(FPIC) on command line
When $(FPIC) gets expanded on the command line (for instance
when setting environment variables for libtool, configure, or
make) we can't count on it not needing quoting (i.e. it could
contain multiple flags separated with spaces).

Fixes: dc31191ec3 ("build: make sure asm gets built with -DPIC")
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 7fae64cc06)
2021-04-12 20:45:29 +02:00
Felix Fietkau
04b22754d7 mt76: update to the latest version
6a3cf95733e2 mt76: fix tx skb error handling in mt76_dma_tx_queue_skb
ab9045153343 mt76: mt7915: only modify tx buffer list after allocating tx token id
7e1eff676257 mt76: mt7915: fix unused 'mode' variable
8a2e22fcbf69 mt76: mt7921: fix suspend/resume sequence
27a54e8b687f mt76: mt7921: fix memory leak in mt7921_coredump_work
c267322f0bdb mt76: mt7921: switch to new api for hardware beacon filter [v2 update]
fd2c59d9ba46 mt76: mt7921: fixup rx bitrate statistics [v2 update]
bfa8d5a6a9a1 mt76: adjust to upstream API for enabling threaded NAPI
1706fb6c48e8 mt76: mt7663s: fix rx buffer refcounting
c5aca6692c41 mt76: mt7615: enable hw rx-amsdu de-aggregation
9002b0b30aed mt76: mt7615: add rx checksum offload support
8e3f5bfe74f6 mt76: mt7615: add support for rx decapsulation offload
8e3bba8bd3ef mt76: mt7615: fix memory leak in mt7615_coredump_work
760adce29100 mt76: mt7921: fix aggr length histogram
84229a51845a mt76: mt7915: fix aggr len debugfs node
10a95da23cb7 mt76: mt7921: remove unneeded semicolon
2856dc8fb57e mt76: mt7921: fix stats register definitions
1b245e57549d mt76: mt7615: fix TSF configuration
1a2e2965b62b mt76: mt7615: remove hdr->fw_ver check
f60ec1b9473d mt76: mt7615: fix mib stats counter reporting to mac80211
8a5b036af48f mt76: mt7915: fix mib stats counter reporting to mac80211
ee6dbcc64f6d mt76: connac: fix kernel warning adding monitor interface
e46dd240ce72 mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list
ddf95ead3bb3 mt76: mt7921: get rid of mt7921_sta_rc_update routine
fd2a51ea9dc8 mt76: mt7921: fix the base of PCIe interrupt
28f53d074bb0 mt76: mt7921: fix the base of the dynamic remap
8d737632b57f mt76: mt7921: check mcu returned values in mt7921_start
5ff25c915e62 mt76: mt7915: add missing capabilities for DBDC
58dd3f26c099 mt76: mt7615: fix CSA notification for DBDC
76f4959107ac mt76: mt7615: stop ext_phy queue when mac reset happens
7de0a0654054 mt76: mt7915: fix CSA notification for DBDC
e9e418fc7eb0 mt76: mt7915: stop ext_phy queue when mac reset happens
477b78301879 mt76: mt7915: fix PHY mode for DBDC
37b4dc0f7595 mt76: mt76x0u: Add support for TP-Link T2UHP(UN) v1
29a04583aecb mt76: mt7915: fix rxrate reporting
a4307e6ba054 mt76: mt7915: fix txrate reporting
256f324f8fcd mt76: mt7915: check mcu returned values in mt7915_ops
638b112188a5 mt76: mt7615: check mcu returned values in mt7615_ops
975cccfa96da mt76: mt7663: fix when beacon filter is being applied
aafe972e95b2 mt76: mt7663s: make all of packets 4-bytes aligned in sdio tx aggregation
0d5b1a702715 mt76: mt7663s: fix the possible device hang in high traffic
00628061b546 mt76: mt7615: add missing capabilities for DBDC
2303e1844afd mt76: mt7915: fix possible deadlock while mt7915_register_ext_phy()
6e2b9d258306 mt76: mt7921: reduce mcu timeouts for suspend, offload and hif_ctrl msg
3cf5afc02955 mt76: introduce mcu_reset function pointer in mt76_mcu_ops structure
9af9622df549 mt76: mt7921: introduce mt7921_run_firmware utility routine.
e12c44a7e165 mt76: mt7921: introduce __mt7921_start utility routine
7b56d5bf6ea0 mt76: dma: introduce mt76_dma_queue_reset routine
a80e50098b51 mt76: dma: export mt76_dma_rx_cleanup routine
e0708e296e27 mt76: mt7921: add wifi reset support
87e09e8482cf mt76: mt7921: remove leftovers from dbdc configuration
cc933b3669f7 mt76: mt7921: remove redundant check on type
ca22cc221ae7 linux-firmware: add firmware for MT7921
0b6c9a043f78 mt76: move de-amsdu buffer per-phy
48a905e23791 mt76: mt7615: fix CSA event format
fbef8bba038f mt76: mt7921: remove duplicated macros in mcu.h
6886b57a1534 mt76: connac: introcuce mt76_sta_cmd_info data structure
e529e8afe22a mt76: mt7921: properly configure rcpi adding a sta to the fw
e4d522776804 mt76: mt7921: fix airtime reporting
be2f67e8d3cb mt76: mt7915: fix key set/delete issue
09a1befde4b7 mt76: fix potential DMA mapping leak
f66f8f41d47b mt76: mt7915: refresh repeater entry MAC address when setting BSSID
035e2f6f1ddf mt76: mt7921: get rid of mt7921_mac_wtbl_lmac_addr
ee29cd5f3a6a mt76: mt7615: only enable DFS test knobs for mt7615
9a98b1a6f9c2 mt76: mt7615: cleanup mcu tx queue in mt7615_dma_reset()
3bd285424e7b mt76: mt7622: trigger hif interrupt for system reset
bf6d9ee4acd1 mt76: mt7615: keep mcu_add_bss_info enabled till interface removal
115b74282314 mt76: mt7915: keep mcu_add_bss_info enabled till interface removal
57432e701d1a mt76: mt7915: cleanup mcu tx queue in mt7915_dma_reset()
a519c49a6a42 mt76: mt7615: 0-terminate firmware log messages
4a22f2ffae2e mt76: mt7915: 0-terminate firmware log messages
b8609066893a mt76: mt7615: fix chip reset on MT7622 and MT7663e
465dda65ee84 mt7615,mt7915: replace fw log 0-terminating code with wiphy info length limit
62b13f5352b8 mt76: mt7921: fix key set/delete issue
0ff3a336a8d8 mt7615,mt7915: fix a compiler warning
113ba8a81d54 mt76: mt7615: remove redundant dev_err call in mt7622_wmac_probe()
be1ab3b9ae7c mt76: mt7921: fix typo in mt7921_pci_resume
4e22f0dc934b mt76: mt7915: fix txpower init for TSSI off chips
e66a0b9b8d66 mt76: mt7615: always wake the device in mt7615_remove_interface
38f656768a90 mt76: mt7921: always wake the device in mt7921_remove_interface
6ee4770de083 mt76: mt7921: rework mt7921_mcu_debug_msg_event routine
e578b4b8d56a mt76: mt7615: fix .add_beacon_offload()
f8c6c7cbf10f mt76: mt7915: fix mt7915_mcu_add_beacon
7d35b7a15d1d mt76: mt7915: add wifi subsystem reset
04122c89749d mt76: fix rx amsdu subframe processing
5e764ec9bece mt76: mt7921: introduce MT_WFDMA_DUMMY_CR definition
cf0badbc0497 mt76: mt7921: fix inappropriate WoW setup with the missing ARP informaiton
f32a4e15f5b2 mt76: mt7921: fix the dwell time control
54f52771a04a mt76: mt7921: fix kernel crash when the firmware fails to download
97189d2a045b mt76: mt7921: fix the insmod hangs
dcdbd7c89cf5 mt76: mt7921: fix MT_PCIE_MAC_INT_ENABLE access
813db729c02f mt76: mt7921: reduce the data latency during hw scan
028b7152b1a9 mt76: mt7921: remove 80+80 MHz support capabilities
7714dc914df6 mt76: report Rx timestamp
ffd4cf15fa0e mt76: mt7915: add mmio.c
fe8717dd573a mt76: mt7615: add missing SPDX tag in mmio.c
6b293c411d22 mt76: mt7615: always add rx header translation tlv when adding stations
bf45b30d8919 add missing file

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8cc013981d)
2021-04-11 21:06:58 +02:00
Felix Fietkau
4ad1957eee mac80211: add client mode connection monitor fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit dfdb28c24a)
2021-04-11 19:45:26 +02:00
Felix Fietkau
de00033bbb mac80211: support rx timestamps for HE rates
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 7d8e14e44f)
2021-04-11 19:45:26 +02:00
Hauke Mehrtens
3da861ccca kernel: bump 5.4 to 5.4.111
Refreshed all patches.

The following patches were manually changed:
* 610-netfilter_match_bypass_default_checks.patch
* 611-netfilter_match_bypass_default_table.patch
* 802-can-0002-can-rx-offload-fix-long-lines.patch
* 802-can-0003-can-rx-offload-can_rx_offload_compare-fix-typo.patch
* 802-can-0004-can-rx-offload-can_rx_offload_irq_offload_timestamp-.patch
* 802-can-0005-can-rx-offload-can_rx_offload_reset-remove-no-op-fun.patch
* 802-can-0006-can-rx-offload-Prepare-for-CAN-FD-support.patch
* 802-can-0018-can-flexcan-use-struct-canfd_frame-for-CAN-classic-f.patch

The can-dev.ko model was moved in the upstream kernel.

Compile-tested on: x86/64, armvirt/64, ath79/generic
Runtime-tested on: x86/64, armvirt/64, ath79/generic

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-11 17:35:12 +02:00
Tony Ambardar
40143873d6 iproute2: fix libbpf detection with NLS enabled
Upstream iproute2 detects libbpf using a one-line $CC test-compile, which
normally ignores LDFLAGS. With NLS enabled however, LDFLAGS includes an
"rpath-link" linker option needed to resolve libintl.so. Its absence
causes both the compile and libbpf detection to fail:

  ld: warning: libintl.so.8, needed by libbpf.so, not found (try using
      -rpath or -rpath-link)
  ld: libelf.so.1: undefined reference to `libintl_dgettext'
  collect2: error: ld returned 1 exit status

Fix this by directly including $LDFLAGS in the test-compile command.

Reported-by: Ian Cooper <iancooper@hotmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit aab3a04ce8)
2021-04-10 14:22:28 +02:00
Tony Ambardar
879cbd9e97 binutils: fix libbfd missing DSO dependency if NLS enabled
The libbfd package definition uses $(ICONV_DEPENDS) and $(INTL_DEPENDS)
but links against neither, leading to libbfd detection failures in other
packages (e.g. bpftools) and on-target relocation problems with libintl.so:

  root@OpenWrt:/# ldd /usr/lib/libbfd.so
        ldd (0x77db6000)
        libc.so => ldd (0x77db6000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77c6d000)
  Error relocating /usr/lib/libbfd.so: libintl_dgettext: symbol not found

Add NLS-conditional linking of "libintl" to fix this. Also remove libbfd
package dependency $(ICONV_DEPENDS) which is not used during building or
linking.

Tested with QEMU on malta/be32, after building all packages from binutils,
bpftools and iproute2, using different libc options musl and glibc.

Fixes: 08e8175696 ("binutils: use nls.mk to fix libbfd link errors in
other packages")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 9a59f62f61)
2021-04-10 14:22:28 +02:00
Tony Ambardar
f88459de25 bpftools: drop unneeded libintl linking for NLS
There is no direct linking of libintl from bpftools, only secondary linking
through libelf, so remove "-lintl" from TARGET_LDFLAGS.

Fixes: 5582fbd613 ("bpftools: support NLS, fix ppc build and update to 5.8.9")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit c8c638a19b)
2021-04-10 14:22:28 +02:00
Tony Ambardar
3e9d639e8f iproute2: separate tc into tiny and full variants
This change was investigated previously [1] but not deemed necessary. With
the recent addition [2] of modern BPF loader support, however, tc gained
dependencies on libelf and libbpf, with a larger installation footprint.

Similar to ip-tiny/ip-full, split tc into tc-full and tc-tiny variants,
where the latter excludes the eBPF loader, uses a smaller executable, and
avoids libelf and libbpf package dependencies. Both variants provide the
'tc' virtual package, with tc-tiny as the default.

The previous tc package included a loadable module for iptables actions.
Separate this out into a common package, tc-mod-iptables, which both
variants depend on. Some package sizes on mips_24kc:

Before:
  148343  tc_5.11.0-1_mips_24kc.ipk

After:
  144833  tc-full_5.11.0-2_mips_24kc.ipk
  138430  tc-tiny_5.11.0-2_mips_24kc.ipk  (and no libelf or libbpf)
    4115  tc-mod-iptables_5.11.0-2_mips_24kc.ipk

Also fix up some Makefile indentation.

[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447619962
[2] b048a305a3 ("iproute2: update to 5.11.0")

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 72885e9608)
2021-04-10 14:22:28 +02:00
Tony Ambardar
0d5e308664 kernel/modules: relocate teql hotplug from iproute2 to kmod-sched
The link equalizer sch_teql.ko of package kmod-sched relies on a hotplug
script historically included in iproute2's tc package. In previous
discussion [1], consensus was the hotplug script is best located together
with the module in kmod-sched, but this change was deferred at the time.

Relocate the hotplug script now. This change also simplifies adding a tc
variant for minimal size with reduced functionality.

[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447923636

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 863ce4f15f)
2021-04-10 14:22:28 +02:00
Tony Ambardar
e07105303f iproute2: add missing limits.h includes
This patch has been submitted upstream to fix an error reported by a few
users. One instance seen using gcc 10.2.0, binutils 2.35.1 and musl 1.1.24:

bpf_glue.c: In function 'get_libbpf_version':
bpf_glue.c:46:11: error: 'PATH_MAX' undeclared (first use in this function);
did you mean 'AF_MAX'?
   46 |  char buf[PATH_MAX], *s;
      |           ^~~~~~~~
      |           AF_MAX

Reported-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 10ffefe602)
2021-04-10 14:22:28 +02:00
Tony Ambardar
0ffc498ddd iproute2: update to 5.11.0
The latest iproute2 version brings various improvements and fixes:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0

In particular, ip and tc now use libbpf as the standard way to load BPF
programs, rather than the old, limited custom loader. This allows more
consistent and featureful BPF program handling e.g. support for global
initialized variables.

Also fix a longstanding problem with iproute2 builds where unneeded DSO
dependencies are added to most utilities, bloating their installation
footprint. From research and testing, explicitly using a "--as-needed"
linker flag avoids the issue. Update accordingly and drop extra package
dependencies from Makefile.

Additional build and packaging updates include:

  - install missing development header to iproute2/bpf_elf.h
  - propagate OpenWrt verbose flag during build
  - update and refresh patches

Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10.

All iproute2 packages were built and installed to the test image. Some
regression testing using ip-full and tc was successfully performed to
exercise several kmods, tc modules, and simple BPF programs.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit b048a305a3)
2021-04-10 14:22:28 +02:00
Ilya Lipnitskiy
272a9e1975 wireguard-tools: depend on kmod-wireguard
To the vast majority of the users, wireguard-tools are not useful
without the underlying kernel module. The cornercase of only generating
keys and not using the secure tunnel is something that won't be done on
an embedded OpenWrt system often. On the other hand, maintaining a
separate meta-package only for this use case introduces extra
complexity. WireGuard changes for Linux 5.10 remove the meta-package.
So let's make wireguard-tools depend on kmod-wireguard
to make WireGuard easier to use without having to install multiple
packages.

Fixes: ea980fb9 ("wireguard: bump to 20191226")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit cbcddc9f31)
2021-04-10 14:21:32 +02:00
Ilya Lipnitskiy
7114416fbe kernel: fix kmod-wireguard package fields
Use NETWORK_SUPPORT_MENU like all other modules in netsupport.mk. Drop
SECTION and CATEGORY fields as they are set by default and to match
other packages in netsupport.mk. Use better TITLE for kmod-wireguard
(taken from upstream drivers/net/Kconfig).

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 0b53d6f7fa)
2021-04-10 14:21:32 +02:00
Jason A. Donenfeld
ff6d629d32 wireguard-tools: bump to 1.0.20210223
Simple version bump with accumulated fixes.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit e0f7f5bbce)
2021-04-10 14:21:32 +02:00
Ilya Lipnitskiy
a701d4b841 kernel: migrate wireguard into the kernel tree
On Linux 5.4, build WireGuard from backports. Linux 5.10 contains
wireguard in-tree.

Add in-kernel crypto libraries required by WireGuard along with
arch-specific optimizations.

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 06351f1bd0)
(cherry picked from commit 464451d9ab)
2021-04-10 14:21:32 +02:00
Rafał Miłecki
91e0865ff5 firmware-utils: bcm4908img: convert into a package
bcm4908img is a tool managing BCM4908 platform images. It's used for
creating them as well as checking, modifying and extracting data from.

It's required by both: host (for building firmware images) and target
(for sysupgrade purposes). Make it a host/target package.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9b4fc4cae9)
2021-04-08 13:16:13 +02:00
Felix Fietkau
64ddac2c1c mac80211: merge a few pending tx related fixes
Improve performance and fix potential mgmt tx hangs/warnings

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 571aedbc6c)
2021-04-04 11:39:51 +02:00
Felix Fietkau
69794908b6 mac80211: backport upstream patches for driver disconnect
Needed for an mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 5dc5015072)
2021-04-04 11:39:51 +02:00
Felix Fietkau
95b838f75b build: use -nostdinc and -isystem in NOSTDINC_FLAGS for out-of-tree kernel modules
This resolves issues uncovered by musl updates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 9ac47ee469)
2021-04-04 11:39:51 +02:00
Donald Hoskins
b2c9a8741f libunwind: Add MIPS64 dep check
libunwind dependency check does not allow for MIPS64 arch.  Add MIPS64 awareness.

libunwind seems to support MIPS64 without issues, it was limited by the dep arch
check in the Makefile.

Used to compile Suricata6/Rust locally without issue.

Signed-off-by: Donald Hoskins <grommish@gmail.com>
(cherry picked from commit ea6d4bdde2)
2021-03-29 22:26:27 +02:00
Tony Ambardar
6b2bcd2597 bpftools: fix libbpf pkgconfig file
The pkgconfig file hardcodes a host library directory which cannot be
overridden by OpenWrt during builds. Use SED to fix this and potential
include directory problems, as is done with several other packages.

This fixes a strange issue intermittently seen building iproute2 on the
oxnas target:

iptables modules directory: /usr/lib/iptables
libc has setns: yes
SELinux support: no
libbpf support: no
	libbpf version 0.3.0 is too low, please update it to at least 0.1.0
	LIBBPF_FORCE=on set, but couldn't find a usable libbpf

Fixes: 2f0d672088 ("bpftools: add utility and library packages
supporting eBPF usage")
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 9e64e4ce26)
2021-03-29 22:26:27 +02:00
Eike Ritter
b89accdfbc ppp: compile fix: unset FILTER variable in Makefile
If the environment variable FILTER is set before compilation,
compilation of the ppp-package will fail with the error message

Package ppp is missing dependencies for the following libraries:
libpcap.so.1

The reason is that the OpenWrt-patch for the Makefile only comments
out the line FILTER=y. Hence the pcap-library will be dynamically
linked if the environment variable FILTER is set elsewhere, which
causes compilation to fail. The fix consists on explicitly unsetting
the variable FILTER instead.

Signed-off-by: Eike Ritter <git@rittere.co.uk>
(cherry picked from commit 46cd0765d0)
2021-03-29 22:26:27 +02:00
Russell Senior
290b28664d busybox: udhcpc, allow zero length dhcp options
This patch skips zero length DHCP options instead of failing.

Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit 1c04365071)
2021-03-29 22:16:54 +02:00
Tony Ambardar
7939d4a1b1 firewall3: update to latest git HEAD
This includes several improvements and fixes:

  61db17e rules: fix device and chain usage for DSCP/MARK targets
  7b844f4 zone: avoid duplicates in devices list
  c2c72c6 firewall3: remove last remaining sprintf()
  12f6f14 iptables: fix serializing multiple weekdays
  00f27ab firewall3: fix duplicate defaults section detection
  e8f2d8f ipsets: allow blank/commented lines with loadfile
  8c2f9fa fw3: zones: limit zone names to 11 bytes
  78d52a2 options: fix parsing of boolean attributes

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 0d75aa27d4)
2021-03-29 20:26:33 +02:00
Mauri Sandberg
b526fbb1ce packages: kernel: add gpio-nxp-74hc153
NXP 74HC153 is a GPIO expander. Its original source cide sits in ar71xx
architecture tree. It has been slightly modified to get GPIO pin
configuration from the device tree rather than a MACH file.

 Changes to the source file:
  - Remove struct nxp_74hc153_config
  - in nxp_74hc153_probe(), fetch GPIO configuration from device tree
  - allow GPIO framework decide the base number by passing -1 to it
  - remove support for kernel versions below 4.5.0
  - add OF device compatibility string

 Create a package for inclusion in image.

References: https://lore.kernel.org/linux-gpio/545111184.50061.1615922388276@ichabod.co-bxl/
Signed-off-by: Mauri Sandberg <sandberg@mailfence.com>
[added link to driver usptreaming work in progress]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 6a6f9e73dd)
2021-03-27 07:46:14 +01:00
Eneas U de Queiroz
e7a9ee0580 openssl: bump to 1.1.1k
This version fixes 2 security vulnerabilities, among other changes:

 - CVE-2021-3450: problem with verifying a certificate chain when using
   the X509_V_FLAG_X509_STRICT flag.

 - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously
   crafted renegotiation ClientHello message from a client.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0bd0de7d43)
2021-03-27 07:34:35 +01:00
Daniel Golle
aacf378608
mwlwifi: add PKG_FLAGS:=nonshared
This should fix the problem of mwlwifi-firmware-* not being found
when using the ImageBuilder.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9b3aaf1cdb)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-24 20:52:59 +00:00
Florian Eckert
5a11ca3cf3 base-files: add logging for configuration import
Make sysupgrade backup import more verbose.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit fdbdbe8eaa)
2021-03-22 21:08:00 +01:00
Hauke Mehrtens
bdfd7f68d0 uhttpd: update to git HEAD
15346de client: Always close connection with request body in case of error

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1170655f8b)
2021-03-21 22:39:38 +01:00
Hauke Mehrtens
741260d281 uhttpd: Execute uci commit and reload_config once
Instead of doing uci commit and reload_config for each setting do it
only once when one of these options was changed. This should make it a
little faster when both conditions are taken.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 501221af54)
2021-03-21 22:39:32 +01:00
Hauke Mehrtens
97a4d27fb5 uhttpd: Reload config after uhttpd-mod-ubus was added
Without this change the config is only committed, but the uhttpd daemon
is not reloaded. This reload is needed to apply the config. Without the
reload of uhttpd, the ubus server is not available over http and returns
a Error 404.

This caused problems when installing luci on the snapshots and
accessing it without reloading uhttpd.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d25d281fd6)
2021-03-21 22:39:27 +01:00
Magnus Kroken
69b4a11aed mbedtls: update to 2.16.10
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.

Security fixes:
* Fix a buffer overflow in mbedtls_mpi_sub_abs()
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem()
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout()
* Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit dbde2bcf60)
2021-03-21 14:02:46 +01:00
Rafał Miłecki
058e4c57aa bcm63xx-cfe: update to the latest master
d035016 tp-link: rename to tplink to match DT vendor prefix

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4d961436c4)
2021-03-17 21:23:45 +01:00
Rafał Miłecki
217687c7ec bcm63xx-cfe: update to the latest master
3fb6f1c tp-link: c2300-v1: add cferam file
79f9578 sercomm: vox-2.5: add cferam file

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ac39c4bd60)
2021-03-17 21:23:45 +01:00
Daniel Golle
60275454fb rpcd: update to git HEAD
d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations
 ccb7517 sys: packagelist: drop ABI version from package name

(cherry picked from commit da339a6d3f)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Daniel Golle
55a43e1ab0 opkg: update to git HEAD
d71856a pkg: pass-through ABIVersion to status file
 d3a63b3 libopkg: add option to strip ABI versions from listed names
 5936c4f libopkg: pkg_hash: prefer original packages to satisfy dependencies

(cherry squashed from commit 6a7a1f1c64,
commit 988ed00802 and
commit b5f6d20560)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Daniel Golle
9a5f385732 selinux-policy: update to version v0.8
a857b45 resolv/locale: eventually this should be more efficient
 11ed281 some more optimization
 764a475 add redundant calls to file.search_conffile_dirs()
 7d4558e fs: treat devtmpfs that same as tmpfs
 81b677e adds irqbalance skeleton
 5506244 irqbalance rules
 cc96cd8 adds usbutil and gtpfdisk skels
 01e2a55 some fsck, gptfdisk, mkfs and usbutil rules
 d6d1e7d usbutil: output to terminal
 da576fa fsck, gptfdisk and usbutil rules
 09b39e9 unbound
 241a029 hotplugcall: allow dac_read_search (is a subset of dac_override)
 af0fe90 adds label for tcsh
 160f79e adds tcpdump
 6d02b96 adds coreutil execfile for busybox alternatives
 ac54884 coreutilexecfile: these are known to require privileges, so exclude
 8cb3b66 adds chrootexecfile
 6d329d3 this saves 9KiB and its a bit more robust
 88e2425 move addpart/delpart/partx to gptfdisk.cil
 261012d ntphotplug: reads ubox data files
 0473ace various
 740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10)
 bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31
 cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes
 07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all)
 8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap
 b8156cd adds a note about how i forgot to target blockd
 6e82ab8 adds blockd and related
 254ff43 Makefile: exclude blockd from mintesttgt
 4dc6bc2 pppd update related and unbound-odhcp rules
 3d7da7a igmpproxy tidy some loose ends
 c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf
 5a18967 adds igmpproxy skeleton
 7e6a218 logread: support resolving dns names
 e39ca8b netifd: add support for /etc/udhcpc.user
 7952bd0 odhcp6c: support /etc/odhcp6c.user
 ba0eb4e swconfig, fwenv, agent
 4556b8a pppd cosmetic
 9324d9d pppd: sends AT commands to model using /dev/ttyUSBN
 417b14a ttydev: add some more ttyUSB
 ed739dc example: dont depend on policycoreutils
 97613f9 dropbear: using dropbear as scp: dns name resolving
 12c193b dropbear tcp connect ssh ports for scp
 c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional
 8c5de35 this is a bug
 8d5c463 uhttpd rcboot rcdnsmasq
 094266e hostapd and wpa_supplicant
 aef0bd7 mountroot: maintains /tmp/sysupgrade.tar
 24f0406 dropbear: allow it to read tmp.fs files
 2901433 firstboot mkfsf2fs rcboot
 2c4afb7 blockmount mmc
 465ca98 adds industrial i/o (iio) nodedev
 82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon
 7df78bd ubus: "support" older ubusd versions that run as root
 4458bce swconfig: allow using terminal (to print output)
 e8d606d sslcert: openssl linked: this shaves off 200 bytes
 93afffb jshn ntpdhotplug
 0b847f0 wpad: reads /etc/ssl/openssl.cnf
 f14ee34 indent fix
 a0c7cad mtd, uhttpd, ubus and ntpdhotplug
 d74f98f adds a not about checkreqprot requirement in some scenarios
 affacce example: add policycoreutils-setfiles for make check
 4f944dc kmodloader and fwenv:
 efe36a3 netifd: adds a comment/reminder
 581b087 more fw_printenv loose ends
 30177a4 fw_setenv: needs mtd write access to set and delete env
 da28f4c fw_printenv: some minor clean ups
 a062053 fw_printenv missing rules
 244ba5f blockmount: extroot and /rwm
 0745a6a squid: allow squid to run sslcrtd with domain transition
 b851df6 squid fix
 8c55acd squid: adds certfile and allow connect http but...
 b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid)
 5ff39bd squid: forgot about luci
 5366c97 squid/rcsquid some basic fill in
 8743da6 squid skeleton
 687a43b adds squid 3128 port to httpproxy port

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry squashed from commit 3ffc30f05a
and commit 41a8f093fb)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
8a317fbb9a checkpolicy: update to version 3.2
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
42ae834a libsepol,checkpolicy: optimize storage of filename transitions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 49edc4d17f)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
22cc999731 secilc: update to version 3.2
49ff851c secilc: fixes cil_role_statements.md example
03881703 secilc/docs: add custom color theme
4c8d6094 secilc/docs: add syntax highlighting for secil
057d72af secilc/docs: use fenced code blocks for cil examples
e8bcdb84 cil_network_labeling_statements: fixes nodecon examples
eefa5511 cil_access_vector_rules: allowx, auditallowx and dontauditx fixes
9e9b8103 secilc/docs: document expandtypeattribute
fbe1e526 Update the cil docs to match the current behaviour.

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 0b58ebcfe2)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
0526d5bb17 policycoreutils: update to version 3.2
d464187c policycoreutils: sestatus belongs to bin not sbin
d59932a7 policycoreutils: Resolve path in restorecon_xattr
5682c0d5 policycoreutils/fixfiles.8: add missing file systems and merge check and verify
57dd1f65 policycoreutils/setfiles: Drop unused nerr variable
be7f54cb setfiles: drop ABORT_ON_ERRORS and related code
9207823c setfiles: Do not abort on labeling error
c064d214 selinux_config(5): add a note that runtime disable is deprecated
8bc865e1 newrole: support cross-compilation with PAM and audit
ba2d6c10 fixfiles: correctly restore context of mountpoints

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 68934a5704)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
c47b8c0568 libsemanage: update to version 3.2
c35919a7 libsemanage: sync filesystem with sandbox
5b05e829 Revert "libsemanage/genhomedircon: check usepasswd"
edae9275 libsemanage: Free contents of modkey in semanage_direct_remove
ce46daab libsemanage/genhomedircon: check usepasswd
6ebb35d2 libsemanage: Bump libsemanage.so version
c08b73d7 libsemanage: Drop deprecated functions
b46406de libsemanage: Remove legacy and duplicate symbols

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 4670492ad7)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
5cc1af92b2 libselinux: update to version 3.2
142826a3 libselinux: fix segfault in add_xattr_entry()
398d2cee libselinux: rename gettid() to something which never conflicts with the libc
8f0f0a28 selinux(8,5): Describe fcontext regular expressions
9cc6b5cf libselinux/getconlist: report failures
156dd0de libselinux: update getseuser
e2dca5df libselinux: accept const fromcon in get_context API
da4829d0 libselinux: Always close status page fd
45b15c22 selinux(8): explain that runtime disable is deprecated
3c16aaef selinux(8): mark up SELINUX values
c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable
db0f2f38 libselinux: Add build option to disable X11 backend
4a142ac4 libsepol: Bump libsepol.so version
d23342a9 libselinux: convert matchpathcon to selabel_lookup()
7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format.
f5d644c7 libselinux: Add additional log callback details in man page for auditing.
075f9cfe libselinux: Fix selabel_lookup() for the root dir.
a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices.
a63f93d8 libselinux: initialize last_policyload in selinux_status_open()
ef902db9 libselinux: safely access shared memory in selinux_status_updated()
9e4480b9 libselinux: Remove trailing slash on selabel_file lookups.
21fb5f20 libselinux: use full argument specifiers for security_check_context in man page
e7abd802 libselinux: fix build order
05bdc031 libselinux: use kernel status page by default

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit b1fc2b5b0b)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
51159bcfd1 libsepol: update to version 3.2
a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails
6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf
0861c659 libsepol: Validate policydb values when reading binary policy
8f5409cf libsepol: Create function ebitmap_highest_set_bit()
0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete
32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast
4662bdc1 libsepol/cil: be more robust when encountering <src_info>
6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument
0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks
1b36ace2 libsepol: include header files in source files when matching declarations
1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check
72a88d75 libsepol: remove unused files
eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit
1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block
b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep
f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values()
5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums
34bd9a9d libsepol: destroy filename_trans list properly
bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer
b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails
228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit
a25d9104 libsepol/cil: constify some strings
e2d01842 libsepol/cil: propagate failure of cil_fill_list()
6c8fca10 libsepol/cil: do not add a stack variable to a list
38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias
3c357285 libsepol/cil: remove useless print statement
90809674 libsepol/cil: always destroy the lexer state
d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible
2aac859a libsepol/cil: Use the macro NODE() whenever possible
d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases()
9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve
e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node()
ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
89dab467 libsepol: free memory when realloc() fails
2d353bd5 libsepol/cil: Give error for more than one true or false block
4a142ac4 libsepol: Bump libsepol.so version
506c7b95 libsepol: Drop deprecated functions
ae58e84b libsepol: Get rid of the old and duplicated symbols
c97d63c6 libsepol: silence potential NULL pointer dereference warning
64387cb3 libsepol: drop confusing BUG_ON macro
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
a152653b libsepol/cil: Fix neverallow checking involving classmaps
734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy
685f577a libsepol/cil: Validate constraint expressions before adding to binary policy
8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS
42ae834a libsepol,checkpolicy: optimize storage of filename transitions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 2a1bdde0d0)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:15 +00:00
Hannu Nyman
e17e212b51 busybox: backport fixes for 1.33.0
Backport two fixes for 1.33.0
* history file storing
* traceroute command option parsing

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit c1f3c52564)
2021-03-13 21:20:17 +01:00
Ronny Kotzschmar
e4d061cd1a uboot-envtools: adjust compile patch to version v2021.01
with u-boot v2020.07 some variables have been renamed so this patch needs to be adjusted
otherwise at least with macOS as build system there are build errors

Signed-off-by: Ronny Kotzschmar <ro.ok@me.com>
(cherry picked from commit 547a932ee9)
2021-03-01 21:50:08 +01:00
Georgi Valkov
e9e2310c6a uboot-sunxi: add missing type __u64
Non Linux systems e.g. macOS lack the __u64 type and produce build errors:
In file included from tools/aisimage.c:9:
In file included from include/image.h:19:
In file included from ./arch/arm/include/asm/byteorder.h:29:
In file included from include/linux/byteorder/little_endian.h:13:
include/linux/types.h:146:9: error: unknown type name '__u64'; did you mean '__s64'?
typedef __u64 __bitwise __le64;

Resolved by declaring __u64 in include/linux/types.h
Build tested on macOS and Ubuntu.

Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
(cherry picked from commit 3cc57ba462)
2021-03-01 21:49:55 +01:00
Stefan Lippers-Hollmann
7b6ee74ee9 hostapd: P2P: Fix a corner case in peer addition based on PD Request
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.

Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.

This fixes the following security vulnerabilities/bugs:

- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
  in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
  discovery requests. It could result in denial of service or other
  impact (potentially execution of arbitrary code), for an attacker
  within radio range.

Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 1ca5de13a1)
2021-03-01 21:49:55 +01:00
Adrian Schmutzler
f6b175a9bf zlib: properly split patches
This package had two patches (with two headers etc.) in one file,
which would have quilt merging them during a refresh.

Separate these patches into two files, as the original intent seems
to be having them separate.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 221eefaf6b)
2021-02-25 14:41:40 +01:00
David Bauer
a75520c678 openssl: update package sources
OpenSSL downloads itself are distributed using Akamai CDN, so use these
sources as the highest priority.

Remove a stale mirror which seems to be offline for a longer time
already.

Add fallbacks to the old release path also for the mirrors.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 10e84bde36)
2021-02-24 20:24:18 +01:00
Christian Lamparter
86801bd3d8 wolfssl: fix Ed25519 typo in config prompt
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 09e66112f1)
2021-02-24 20:24:13 +01:00
Eneas U de Queiroz
0e8d67023b wolfssl: bump to v4.7.0-stable
Biggest fix for this version is CVE-2021-3336, which has already been
applied here.  There are a couple of low severity security bug fixes as
well.

Three patches are no longer needed, and were removed; the one remaining
was refreshed.

This tool shows no ABI changes:
https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d1dfb577f1)
2021-02-24 20:24:04 +01:00
Daniel Golle
75abdc4b46 arm-trusted-firmware-mediatek: bring back package
* use binary provided by MediaTek to work-around 'bromimage' issue
 * use @OPENWRT mirror for blobs
 * refactor Makefile
 * add mt7622 1c variants (using binaries provided by MTK)

(cherry picked from commit 068c82039f and
commit 9cd089dbbf)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-24 11:02:04 +00:00
Adrian Schmutzler
1b46554895 tfa-layerscape: build fiptool again
The ls-ddr-phy package needs fiptool options that are not
available via the version from arm-trusted-firmware-tools.
This breaks build for layerscape with the recently added LX2160a:

  create: unrecognized option '--ddr-immem-udimm-1d'

Use the tfa-layerscape variant again for now, but rename it to
fiptool-layerscape to indicate that it's a specific variant.

This reverts 84bc7d31e0 ("tfa-layerscape: don't build fiptool").

Fixes: f59d7aab2a ("layerscape: add ddr-phy package")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 910b5d669f)
2021-02-21 13:55:30 +01:00
Petr Štetiar
5808c8c6ba openwrt-keyring: add OpenWrt 21.02 GPG/usign keys
49283916005d usign: add 21.02 release build pubkey
bc4d80f064f2 gpg: add OpenWrt 21.02 signing key

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 1bf6d70e60)
2021-02-20 16:01:17 +01:00
Raphaël Mélotte
60823c67cb hostapd: backport ignoring 4addr mode enabling error
This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled") which fixes same
issue as in the current fix contained in '130-wpa_supplicant-multi_ap_roam.patch',
but in a different way:

 nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
 an interface that is in a bridge and has 4addr mode already enabled.
 This operation would not have been necessary in the first place and this
 failure results in disconnecting, e.g., when roaming from one backhaul
 BSS to another BSS with Multi AP.

 Avoid this issue by ignoring the nl80211 command failure in the case
 where 4addr mode is being enabled while it has already been enabled.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit fb860b4e41)
2021-02-20 10:39:42 +01:00
Yangbo Lu
2e1ad2473e layerscape: add LX2160ARDB (Rev2.0 silicon) board support
The QorIQ LX2160A reference design board provides a comprehensive platform
that enables design and evaluation of the LX2160A processor.

- Enables network intelligence with the next generation Datapath (DPPA2)
  which provides differentiated offload and a rich set of IO, including
  10GE, 25GE, 40GE, and PCIe Gen4

- Delivers unprecedented efficiency and new virtualized networks

- Supports designs in 5G packet processing, network function
  virtualization, storage controller, white box switching, network
  interface cards, and mobile edge computing

- Supports all three LX2 family members (16-core LX2160A; 12-core LX2120A;
  and 8-core LX2080A)

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 80dcd14abe)
2021-02-19 20:09:29 +01:00
Yangbo Lu
7272793330 layerscape: add ddr-phy package
Add ddr-phy package for layerscape. Currently only LX2160ARDB
requires the package.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit f59d7aab2a)
2021-02-19 20:09:29 +01:00
Yangbo Lu
7f933db108 layerscape: add FRWY-LS1046A board support
The LS1046A Freeway board (FRWY) is a high-performance computing,
evaluation, and development platform that supports the QorIQ
LS1046A architecture processor capable of support more than 32,000
CoreMark performance. The FRWY-LS1046A board supports the QorIQ
LS1046A processor, onboard DDR4 memory, multiple Gigabit Ethernet,
USB3.0 and M2_Type_E interfaces for Wi-Fi.

The FRWY-LS1046A-TP includes the Coral Tensor Flow Processing Unit
that offloads AI/ML inferencing from the CPU to provide significant
boost for AI/ML applications. The FRWY-LS1046A-TP includes one M.2
TPU module and more modules can easily be added including USB
versions of the module to scale the AI/ML performance.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[rebase, use AUTORELEASE, fix sorting, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 2c2d77bd3b)
2021-02-19 20:09:28 +01:00
Álvaro Fernández Rojas
6a4dcb4719 cypress-firmware: fix PKG_SOURCE_URL
Download link has been moved.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry-picked from commit 7febba3e50)
2021-02-19 11:09:28 +01:00
Álvaro Fernández Rojas
2e3983e387 bcm27xx-userland: update to latest version
Adds some fixes and removes upstreamed patch.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry-picked from commit 1d3a9b1c00)
2021-02-19 07:18:56 +01:00
Álvaro Fernández Rojas
be423be931 bcm27xx-gpu-fw: update to latest version
This is needed to add support for CM4 and RPI 400.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry-picked from commit f41e653da9)
2021-02-19 07:18:23 +01:00
Eneas U de Queiroz
c6319239d8 openssl: bump to 1.1.1j
This fixes 4 security vulnerabilities/bugs:

- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
  SSLv2, but the affected functions still exist. Considered just a bug.

- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
  EVP_DecryptUpdate may overflow the output length argument in some
  cases where the input length is close to the maximum permissable
  length for an integer on the platform. In such cases the return value
  from the function call will be 1 (indicating success), but the output
  length value will be negative.

- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
  create a unique hash value based on the issuer and serial number data
  contained within an X509 certificate. However it was failing to
  correctly handle any errors that may occur while parsing the issuer
  field (which might occur if the issuer field is maliciously
  constructed). This may subsequently result in a NULL pointer deref and
  a crash leading to a potential denial of service attack.

- Fixed SRP_Calc_client_key so that it runs in constant time. This could
  be exploited in a side channel attack to recover the password.

The 3 CVEs above are currently awaiting analysis.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 482c9ff289)
2021-02-17 09:26:10 +01:00
Felix Fietkau
268381cc5a build: reorder more BuildPackages lines to deal with ABI_VERSION
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 75455b75a7ee)
2021-02-16 12:27:56 +01:00
Álvaro Fernández Rojas
3e807f0305 ath10k-ct: switch to 5.10
Let's switch to 5.10 now that mac80211 has been updated.
Runtime-tested on ipq806x (Netgear R7800).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry-picked from commit a5c4c40476)
2021-02-16 08:52:25 +01:00
Alexander Couzens
1cd121dd11
OpenWrt v21.02: set branch defaults
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2021-02-16 02:21:33 +01:00