Commit Graph

17429 Commits

Author SHA1 Message Date
David Bauer
d643b10a76 hostapd: ubus: fix infinite loop when configuring RRM NR
The return-code was set, however it was never returned, nor was
the loop interrupted.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-21 21:27:56 +02:00
David Bauer
8e7aa739fb hostapd: send procd event on BSS update
Dispatch ubus events also to procd in order to trigger service reloads
on hostapd updates.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-21 21:26:27 +02:00
David Bauer
6254af0c37 hostapd: send ubus event on BSS update
hostapd will emit a ubus event with the eventname hostapd.<ifname>.<event>
when adding, removing or reloading a BSS.

This way, services which install state (for example the RMM neighbor
list) can on-demand reinstall this information for the BSS without
polling this state.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-21 21:26:12 +02:00
Stijn Segers
ec80139629 odhcpd: number UCI defaults script
UCI defaults scripts are supposed to be numbered, but odhcpd's lacked numbering, which
turned out to mess up my custom scripts numbered 9[0-9]_*. The idea is to have high number
(custom) scripts executed last. Jow confirmed numbering is the default case, not the
exception (thanks).

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2020-09-21 20:59:40 +02:00
Daniel Golle
236e79abb7 policycoreutils: fix ALTERNATIVES install location
Fixes: 7817c831ef ("policycoreutils: break into smaller packages")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-21 18:58:14 +01:00
Daniel Golle
7817c831ef policycoreutils: break into smaller packages
Instead of vaguely describing dependencies in the package description
actually split-up into individual packages, each with their
dependencies expressed accurately.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-21 18:40:38 +01:00
Daniel Golle
81d895d1f1 libselinux: split utility packages and add PKG_LICENSE
Split utility packages similar to coreutils in packages feed, adding
ALTERNATIVES for those which are also provided by busybox-selinux.
Also add missing license information.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-21 18:40:38 +01:00
Felix Fietkau
1c6d45644a mac80211: fix regression in station connection monitor optimization
When the nulldata frame was acked, the probe send count needs to be reset,
otherwise it will keep increasing until the connection is considered dead,
even though it fine.

Reported-by: Georgi Valkov <gvalkov@abv.bg>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-21 17:56:31 +02:00
Rui Salvaterra
90853439a1 zram-swap: explicitly use mkswap/swapon/swapoff from /sbin
The required BusyBox applets are enabled by default, so we can rely on them
being present in the system. This way, we make sure there are no conflicts
with less featured variants of these same applets which might also be
present in the system.

Fixes: 0bd7dfa3ed ("zram-swap: enable swap discard")

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[wrap commit description]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-20 17:52:25 +02:00
Davide Fioravanti
cd36c0d2f0 mac80211: select the first available channel for 5GHz interfaces
Some 5GHz wifi interfaces, especially in Tri-band routers, can't use
channel 36. In these cases, the default configuration for 5GHz
interfaces, once enabled, doesn't work.

This patch selects the first non-disabled channel for 5GHz interfaces.

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
2020-09-20 17:52:25 +02:00
David Woodhouse
9e7369d37e mediatek: mt7623n-preloader: add preloader for Banana Pi R64
We want to be able to make full system images for this system too, just
as we now can for the MT7623 platforms.

The package directory (mt7623n) is now a bit misnamed as it's overly
specific, but the precise set of platforms which we support this way
is evolving and we'll fix it up when the dust settles and we know what
nomenclature makes most sense.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-09-19 13:39:29 +01:00
Andre Heider
8cfb839907 arm-trusted-firmware-mvebu: add support for espressobin
Use build variants to cover all 11 hardware options [0]:
espressobin-512mb
espressobin-v3-v5-1gb-1cs
espressobin-v3-v5-1gb-1cs-emmc
espressobin-v3-v5-1gb-2cs
espressobin-v3-v5-1gb-2cs-emmc
espressobin-v3-v5-2gb
espressobin-v3-v5-2gb-emmc
espressobin-v7-1gb
espressobin-v7-1gb-emmc
espressobin-v7-2gb
espressobin-v7-2gb-emmc

CLOCKSPRESET is set to CPU_800_DDR_800 for all builds, which is the only
stable configuration. That actually matches what Globalscale shipped as
CPU_1000_DDR_800 combined with kernel versions < v4.19.42. [1][2].

[0] https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/plat/marvell/armada/build.rst
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8db82563451f976597ab7b282ec655e4390a4088
[2] https://forum.armbian.com/topic/10335-espressobin-update-to-585-results-in-kernel-panic/?tab=comments#comment-79916

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
f6378b9e53 arm-trusted-firmware-mvebu: update a3700-utils
Update to current head of the branch A3700_utils-armada-18.12-fixed:
0967979 ddr: Add DDR3 2CS layout for EspressoBin v5 2GB board
486523e ddr: fix typo for ESPRESSObin 2GB layout
490b2b3 TBB: Fix building for Crypto++ 6.0 and later
0141dd1 TBB: Split INCDIR from LIBDIR

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
65c1c91942 arm-trusted-firmware-mvebu: update to v2.3
Switch to release tarballs and add missing license information while
here.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
75e9d8e6e7 arm-trusted-firmware-mvebu: install to own subdir
Lift the dependency on the build order, where flash-image.bin may be missing
from the u-boot dir.

While at it, also install the uart images for rescue purposes.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
53065b2dee arm-trusted-firmware-mvebu: fix compiler spam
Gets rid of these warnings:
cc1: note: someone does not honour COPTS correctly, passed 0 times

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
847b5927c6 arm-trusted-firmware-mvebu: reuse default prepare target
Don't wipe internal state files, fixes e.g. refreshing patches.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:05 +02:00
Andre Heider
72bb66caad uboot-mvebu: add support for espressobin
This builds two u-boot binaries: one for boards without eMMC and one
with.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:05 +02:00
Andre Heider
ae2e521b34 uboot-mvebu: update to v2020.10-rc4
TODO: switch to release v2020.10 once released.

Remove one merged patch, refresh the rest.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:05 +02:00
Tony Ambardar
5582fbd613 bpftools: support NLS, fix ppc build and update to 5.8.9
With global NLS support enabled (CONFIG_BUILD_NLS), the linked libelf.so
and libbfd.so libraries will depend on libintl.so. Import the nls.mk helper
to set library prefixes and flags accordingly, and also conditionally add
"-lintl" as link-time library.

Fix a build error on ppc due to a EDEADLOCK redefinition in errno.h.

Use upstream stable kernel 5.8.9, and fix overriding of feature detection
to only allow/hide detected features. Also refresh existing patches.

Fixes: 2f0d672088 ("bpftools: add utility and library packages supporting
eBPF usage")

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-09-18 21:42:05 +02:00
Tan Zien
e826e00765 firmware: intel-microcode: update to 20200616
intel-microcode (3.20200616.1)

  * New upstream microcode datafile 20200616
    + Downgraded microcodes (to a previously shipped revision):
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
  * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
  * This update *removes* the SRBDS mitigations from the above processors
  * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2

intel-microcode (3.20200609.2)

  * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
    * Microcode rollbacks (closes: LP#1883002)
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
    * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
    * Avoid hangs on boot on (some?) Skylake-U/Y processors,
  * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
    just in case.  Note that Debian does not do late loading by itself.
    Refer to LP#1883002 for the report, 0x806ec hangs upon late load.

intel-microcode (3.20200609.1)

  * SECURITY UPDATE
    * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
      on the processor model
    * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
      L1DCES mitigations, plus mitigations described in the changelog entry
      for package release 3.20191112.1.
    * Expect some performance impact, the mitigations are enabled by
      default.  A Linux kernel update will be issued that allows one to
      selectively disable the mitigations.
  * New upstream microcode datafile 20200609
    * Implements mitigation for CVE-2020-0543 Special Register Buffer Data
      Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
    * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
      (VRDS), INTEL-SA-00329
    * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
      (L1DCES), INTEL-SA-00329
    * Known to fix the regression introduced in release 2019-11-12 (sig
      0x50564, rev. 0x2000065), which would cause several systems with
      Skylake Xeon, Skylake HEDT processors to hang while rebooting
    * Updated Microcodes:
      sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
      sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
      sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
      sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
      sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
      sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
      sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
      sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
      sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
      sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
      sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
      sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
      sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
  * Restores the microcode-level fixes that were reverted by release
    3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)

intel-microcode (3.20200520.1)

  * New upstream microcode datafile 20200520
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456

intel-microcode (3.20200508.1)

  * New upstream microcode datafile 20200508
    + Updated Microcodes:
      sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
    * Likely fixes several critical errata on IceLake-U/Y causing system
      hangs

intel-microcode (3.20191115.2)

  * Microcode rollbacks (closes: #946515, LP#1854764):
    sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
  * Avoids hangs on warm reboots (cold boots work fine) on HEDT and
    Xeon processors with signature 0x50654.

intel-microcode (3.20191115.1)

  * New upstream microcode datafile 20191115
    + Updated Microcodes:
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
      sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
      sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
      sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
      sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136

intel-microcode (3.20191113.1)

  * New upstream microcode datafile 20191113
    + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
      Adds microcode update for CFL-S (Coffe Lake Desktop)
      INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
    + Updated Microcodes (previously removed):
      sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328

intel-microcode (3.20191112.1)

  * New upstream microcode datafile 20191112
    + SECURITY UPDATE
      - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
      - Implements TA Indirect Sharing mitigation, and improves the
        MDS mitigation (VERW)
      - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
        CVE-2019-11139
      - Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
    + CRITICAL ERRATA FIXES
      - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
        Ice Lake), causes a 0-3% typical perforance hit (can be as bad
        as 10%).  But ensures the processor will actually jump where it
        should, so don't even *dream* of not applying this fix.
      - Fixes AVX SHUF* instruction implementation flaw erratum
    + Removed Microcodes:
      sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
    + New Microcodes:
      sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
      sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
      sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
      sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
      sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
      sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
    + Updated Microcodes:
      sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
      sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
      sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
      sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
      sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
      sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
    + Updated Microcodes (previously removed):
      sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-09-18 20:08:51 +02:00
Tan Zien
182c7d955f firmware: amd64-microcode: update to 20191218
amd64-microcode (3.20191218.1)

  * New microcode update packages from AMD upstream:
    + Removed Microcode updates (known to cause issues):
      sig 0x00830f10, patch id 0x08301025, 2019-07-11
  * README: update for new release

amd64-microcode (3.20191021.1)

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00830f10, patch id 0x08301025, 2019-07-11
    + Updated Microcodes:
      sig 0x00800f12, patch id 0x08001250, 2019-04-16
      sig 0x00800f82, patch id 0x0800820d, 2019-04-16

amd64-microcode (3.20181128.1)

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00800f82, patch id 0x0800820b, 2018-06-20

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-09-18 20:08:51 +02:00
Aleksander Jan Bajkowski
b0aff40ae3 kernel: drop kmod-bmp085, kmod-bmp085-i2c and kmod-bmp085-spi
CONFIG_BMP085* is replaced by CONFIG_BMP280 since 4.9[1] and this package is empty.
OpenWRT also has kmod-iio-bmp280* package and we can drop old packages.

1. [ misc: retire the old BMP085 driver ]
(832c8232dd (diff-5000d544d790c669405eb2a6775e5981))

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
2020-09-18 20:08:51 +02:00
Tan Zien
4742ba41d0 kernel: add module support Intel Ethernet Controller I225 Series
add kernel module igc support Intel Ethernet Controller I225 Series.

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-09-18 20:08:51 +02:00
Felix Fietkau
e18534f905 mt76: update to the latest version
3b946a6dc588 mt76: dma: cache dma map address/len in struct mt76_queue_entry
c4c8b6a20d3b mt76: mt7915: fix HE BSS info
15391c1c947f mt76: fix tx hang on non-AQL frame limit
72c8a81e64e8 mt76: mt7915: fix encap offload multicast traffic with 4-address mode
69b3f868d14b mt76: mt7915: use napi_consume_skb to bulk-free tx skbs
5f080033ec7d mt76: move txwi handling code to dma.c, since it is mmio specific
b1f425686125 mt76: mt7915: fix VHT LDPC capability
8f48855f5d14 mt76: mt7915: simplify mt7915_lmac_mapping
cfaf40858718 mt76: mt7915: fix queue/tid mapping for airtime reporting
115b62efac21 mt76: remove retry_q from struct mt76_txq and related code
e22c65cdc585 mt76: mt7915: simplify checks for the 802.3 offload path
bab866a01e4f mt76: mt7915: fix unexpected firmware mode
0fc3c5eb61d0 mt76: dma: queue more rx frames internally before passing them to the stack
130e5de09364 Revert "mt76: dma: queue more rx frames internally before passing them to the stack"
e3af31409d41 update mt7915 firmware to the latest version
e2b8a4ec9891 mt76: testmode: add a limit for queued tx_frames packets
146488631f7b mt76: mt7615: Remove set but unused variable 'index'
0b7d2b76288e mt76: mt7615: fix VHT LDPC capability
848f4a6334a8 mt76: mt7622: fix fw hang on mt7622
0a955d944bd0 mt76: mt7663s: do not use altx for ctl/mgmt traffic
13b96411513b mt76: mt7663s: split mt7663s_tx_update_sched in mt7663s_tx_{pick,update}_quota
d62ba15b1bbf mt76: mt7663s: introduce __mt7663s_xmit_queue routine
fdf14d1b6aec mt76: move pad estimation out of mt76_skb_adjust_pad
d048f8e87ba0 mt76: mt7663s: fix possible quota leak in mt7663s_refill_sched_quota
979c0fdc5d27 mt76: mt7663s: introduce sdio tx aggregation
56e77a3a3ade mt76: mt7663: check isr read return value in mt7663s_rx_work
f96cffa03e57 mt76: mt7615: unlock dfs bands
1ccd31bbe1f4 mt76: Use fallthrough pseudo-keyword
448cd2d36ee2 mt76: mt76x0: Move tables used only by init.c to their own header file
17ba3432f5af Revert "mt76: mt7615: unlock dfs bands"
fee1f4a8e87f mt76: mt7915: fix possible memory leak in mt7915_mcu_add_beacon
5b78e5292777 mt76: Fix unsigned expressions compared with zero
ec84891a4d23 mt76: mt7915: convert to use le16_add_cpu()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-18 17:29:04 +02:00
Rafał Miłecki
14247c82c0 rpcd: update to the latest master
3fea655 rc: support init.d scripts with START=0

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-18 08:19:04 +02:00
Rafał Miłecki
c57b907f86 uhttpd: update to the latest master
47c34bd ubus: add ACL support for "subscribe" request

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-18 08:16:06 +02:00
Martin Schiller
a594a5a330 lantiq: use uniform "u-boot-env" mtd label
This is the most popular choice in the linux kernel tree.

Within OpenWrt, this change will establish consistency with ath79
and ramips targets.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[extend commit message, include netgear_dm200, update base-files]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-17 21:09:51 +02:00
David Bauer
520074e57e usbutils: update USB IDs to the latest version
Update from 0.321 to 0.339

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-17 18:10:41 +02:00
David Bauer
c2e75017a2 libjson-c: update to 0.15
Drop patches as they've been upstreamed:
 * 001-Fix-CVE-2020-12762.patch

Refresh patches:
 * 000-libm.patch

Add patch to avoid build failure due to missing docs in tarball.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-17 18:08:54 +02:00
Felix Fietkau
caf727767a mac80211: do not allow bigger VHT MPDUs than the hardware supports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-17 14:48:33 +02:00
Rui Salvaterra
419f149e48 zram-swap: default to lzo instead of lzo-rle compression
On devices with small amounts of RAM, zram-swap fails to initialise due to the
default compression algorithm (lzo-rle). Startup example on an AirGrid M2, with
32 MiB of RAM:

root@airgrid:/etc/config# /etc/init.d/zram start
zram_start: activating '/dev/zram0' for swapping (13 MegaBytes)
zram_reset: enforcing defaults via /sys/block/zram0/reset
sh: write error: Out of memory
mkswap: image is too small
swapon: /dev/zram0: Invalid argument
root@airgrid:/etc/config#

Fix this by defaulting to traditional lzo, which works fine and is always
available.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-09-17 10:29:40 +02:00
John Crispin
0fbdb51f76 ipq40xx: add Edgecore OAP-100 support
flashing the unit
* first update to latest edcore FW as per the PDF instructions
* boot the initramfs
  - tftpboot 0x88000000 openwrt-ipq40xx-generic-edgecore_oap100-initramfs-fit-uImage.itb; bootm
* inside the initramfs call the following commiands
  - ubiattach -p /dev/mtd0
  - ubirmvol /dev/ubi0 -n0
  - ubirmvol /dev/ubi0 -n1
  - ubirmvol /dev/ubi0 -n2
* scp the sysupgrade image to the board and call
  - sysupgrade -n openwrt-ipq40xx-generic-edgecore_oap100-squashfs-nand-sysupgrade.bin

Signed-off-by: John Crispin <john@phrozen.org>
2020-09-17 08:43:07 +02:00
Robert Marko
4488b260a0 ipq40xx: add Edgecore ECW5211 support
This patch adds support for the Edgecore ECW5211 indoor AP.

Specification:
- SoC: Qualcomm Atheros IPQ4018 ARMv7-A 4x Cortex A-7
- RAM: 256MB DDR3
- NOR Flash: 16MB SPI NOR
- NAND Flash: 128MB MX35LFxGE4AB SPI-NAND
- Ethernet: 2 x 1G via Q8075 PHY connected to ethernet adapter via PSGMII (802.3af POE IN on eth0)
- USB: 1 x USB 3.0 SuperSpeed
- WLAN: Built-in IPQ4018 (2x2 802.11bng, 2x2 802.11 acn)
- CC2540 BLE connected to USB 2.0 port
- Atmel AT97SC3205T I2C TPM

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2020-09-17 08:43:03 +02:00
Robert Marko
59f0a0fd83 ipq806x: add Edgecore ECW5410 support
This patch adds support for the Edgecore ECW5410 indoor AP.

Specification:
- SoC: Qualcomm Atheros IPQ8068 ARMv7 2x Cortex A-15
- RAM: 256MB(225 usable) DDR3
- NOR Flash: 16MB SPI NOR
- NAND Flash: 128MB S34MS01G2 Parallel NAND
- Ethernet: 2 x 1G via 2x AR8033 PHY-s connected directly to GMAC2 and GMAC3 via SGMII (802.3af POE IN on eth0)
- USB: 1 x USB 3.0 SuperSpeed
- WLAN: 2x QCA9994 AC Wawe 2 (1x 2GHz bgn, 1x 5GHz acn)
- CC2540 BLE
- UART console on RJ45 next to ethernet ports exposed.
Its Cisco pin compatible, 115200 8n1 baud.

Installation instructions:
Through stock firmware or initramfs.

1.Connect to console
2. Login with root account, if password is unknown then interrupt the boot with f and reset it in failsafe.
3. Transfer factory image
4. Flash the image with ubiformat /dev/mtd1 -y -f <your factory image path>

This will replace the rootfs2 with OpenWrt, if you are currently running from rootfs2 then simply change /dev/mtd1 to /dev/mtd0

Note

Initramfs:
1.  Connect to console
2.  Transfer the image from TFTP server with tftpboot,
or by using DHCP advertised image with dhcp command.
3. bootm
4. Run ubiformat /dev/mtd1

You need to interrupt the bootloader after rebooting and run:
run altbootcmd

This will switch your active rootfs partition to one you wrote to and boot from it.

So if rootfs1 is active, then it will change it to rootfs2.

This will format the rootfs2 partition, if your active partition is 2 then simply change /dev/mtd1 with /dev/mtd0
If you dont format the partition you will be writing too, then sysupgrade will find existing UBI rootfs and kernel volumes and update those.
This will result in wrong ordering and OpenWrt will panic on boot.

5. Transfer sysupgrade image
6. Flash with sysupgrade -n.

Note that sysupgrade will write the image to rootfs partition that is not currently in use.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2020-09-17 08:42:17 +02:00
Robert Marko
179073b0cc firmware: ipq-wifi: enable use on IPQ806x
This enables the ipq-wifi package to be used on IPQ806x target.
Its needed for boards using a different BDF than one shipped in the upstream board-2.bin.

Currently needed for Edgecore ECW5410.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2020-09-17 08:42:17 +02:00
Felix Fietkau
673062fc56 mac80211: allow bigger A-MSDU sizes in VHT, even if HT is limited
Improves tx throughput when connecting to some APs (e.g. Asus RT-AC88U)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-16 18:49:11 +02:00
Adrian Schmutzler
cb9bb908de base-files: drop default setup for vconfig
vconfig has been disabled by default since 2015 [1] and there are
no remaining uses in entire OpenWrt trunk. However, we still set up
a specific name_type for it during boot.

While this setup is properly implemented to be only triggered when
vconfig is present, it still seems anachronistic and unnecessary
to set up a standard for a tool that is not used anymore.

Therefore, this removes the set_name_type initialization and leaves
it for those people actually using the tool to configure it as needed.

[1] 899a23227e ("busybox: improve applets & deprecate ifconfig, route")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-16 17:28:20 +02:00
Rafał Miłecki
4a3230683b uhttpd: update to the latest master
1172357 ubus: add new RESTful API
fe1888f ubus: fix blob_buf initialization

Fixes: 3d167ed805 ("uhttpd: update to the latest master")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-15 13:45:33 +02:00
Adrian Schmutzler
a9790dff53 cns3xxx: drop target
This target has not been updated to 5.4 yet, and the only person
trying it (Koen) decided to retreat based on the following reasons:

- The target is not DT-aware at all

- The huge amount of effort required

- The SoC itself reached EoL at Cavium for some time now

- Upstream removed some important parts as it's also slowly getting EoL
  over there

- The commercial product that used this will fade out shortly

- The amount of download for this binary suggest that the target is not
  that popular

Since nobody has picked up the work since then, and this is the last
remaining 4.19-only target, finally drop it now.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-14 00:19:27 +02:00
Klaus Kudielka
04d3b517dc uboot-envtools: mvebu: update uci defaults for Turris Omnia
On the Turris Omnia 2019, u-boot environment is located at 0xF0000, instead
of 0xC0000. The switch happened with u-boot-omnia package version 2019-04-2
(May 10, 2019).

Check the installed u-boot release, and set the default accordingly.

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
[bump PKG_RELEASE, use lower case for hex offset]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-13 13:56:47 +02:00
Hans Dedecker
96586ad8ca netifd: update to latest git HEAD
55a7b6b netifd: vxlan: add aging and maxaddress options
11223f5 netifd: vxlan: add most missing boolean options
226566b netifd: vxlan: refactor mapping of boolean attrs
a3c033e netifd: vxlan: handle srcport range

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-12 21:29:20 +02:00
Adrian Schmutzler
07aa858a73 ramips: fix partitions and boot for RAVPower RP-WD03
The RAVPower RP-WD03 is a battery powered router, with an Ethernet and
USB port. Due due a limitation in the vendor supplied U-Boot bootloader,
we cannot exceed a 1.5 MB kernel size, as is the case with recent builds
(i.e. post v19.07). This breaks both factory and sysupgrade images.

To address this, use the lzma loader (loader-okli) to work around this
limitation.

The improvements here also address the "misplaced" U-Boot environment
partition, which is located between the kernel and rootfs in the stock
image / implementation. This is addressed by making use of mtd-concat,
maximizing space available in the booted image.
This will make sysupgrade from earlier versions impossible.

Changes are based on the recently supported HooToo HT-TM05, as the
hardware is almost identical (except for RAM size) and is from the same
vendor (SunValley). While at it, also change the SPI frequency
accordingly.

Installation:

 - Download the needed OpenWrt install files, place them in the root
   of a clean TFTP server running on your computer. Rename the files as,
   - openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-kernel.bin => kernel
   - openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-rootfs.bin => rootfs
 - Plug the router into your computer via Ethernet
 - Set your computer to use 10.10.10.254 as its IP address
 - With your router shut down, hold down the power button until the first
   white LED lights up.
 - Push and hold the reset button and release the power button. Continue
   holding the reset button for 30 seconds or until it begins searching
   for files on your TFTP server, whichever comes first.
 - The router (10.10.10.128) will look for your computer at 10.10.10.254
   and install the two files. Once it has finished installation, it will
   automatically reboot and start up OpenWrt.
 - Set your computer to use DHCP for its IP address

Notes:

 - U-Boot environment can be modified, u-boot-env is preserved on initial
   install or sysupgrade
 - mtd-concat functionality is included, to leave a "hole" for u-boot-env,
   combining the OEM kernel and rootfs partitions

Most of the changes in this commit are the work of Russell Morris (as
credited below), I only wrapped them up and added compat-version.
Thanks to @mpratt14 and @xabolcs for their help getting the lzma loader
to work!

Fixes: 5ef79af4f8 ("ramips: add support for Ravpower WD03")

Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-11 19:31:03 +02:00
David Bauer
e289f18347 hostapd: add support for per-BSS airtime configuration
Add support for per-BSS airtime weight configuration. This allows to set
a airtime weight per BSS as well as a ratio limit based on the weight.

Support for this feature is only enabled in the full flavors of hostapd.

Consult the hostapd.conf documentation (Airtime policy configuration)
for more information on the inner workings of the exposed settings.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-11 17:35:48 +02:00
David Bauer
e087bb5bd7 base-files: disable LEDs if default state is undefined
Set the default state for LEDs to off. When a trigger is set, the
trigger will turn the LED automatically on.

Currently LEDs might stay on, e.g. when the LED trigger is set to a
netdev trigger and the interface is never activated or the 'none'
trigger is selected without setting the 'default' option to 0 and it's
set for the LED indicating the system running state.

Using off as a default value is also consistent with the documentation
in the OpenWrt wiki.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-11 17:34:54 +02:00
Bob Cai
f1bc66c765 kernel: improve the description of fs-nfs-v4
TITLE is "NFS4 filesystem client support" (Line 428)
but the description is "Kernel module for NFS v4 support" (Line 438).

Use "Kernel module for NFS v4 client support" on line 438.

Signed-off-by: Bob Cai <1119283622@qq.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-10 18:52:15 +02:00
Rafał Miłecki
8b8015031b rpcd: update to the latest master
rc: new ubus object for handling /etc/init.d/ scripts

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-10 13:35:05 +02:00
Daniel Golle
fb22f4ae3a rssileds: update maintainer email address
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-10 02:58:30 +01:00
Jason A. Donenfeld
bf0881dc72 wireguard-tools: bump to 1.0.20200827
* ipc: split into separate files per-platform

This is in preparation for FreeBSD support, which I had hoped to have this
release, but we're still waiting on some tooling fixes, so hopefully next
wg(8) will support that. Either way, the code base is now a lot more amenable
to adding more kernel platform support.

* man: wg-quick: use syncconf instead of addconf for strip example

Simple documentation fix.

* pubkey: isblank is a subset of isspace
* ctype: use non-locale-specific ctype.h

In addition to ensuring that isalpha() and such isn't locale-specific, we also
make these constant time, even though we're never distinguishing between bits
of a secret using them. From that perspective, though, this is markedly better
than the locale-specific table lookups in glibc, even though base64 characters
span two cache lines and valid private keys must hit both. This may be useful
for other projects too: https://git.zx2c4.com/wireguard-tools/tree/src/ctype.h

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-09 20:47:19 +02:00
Martin Schiller
d6235f48f8 openvpn: fix shell compare operator in openvpn.init
Don't use bash syntax, because /bin/sh is used here.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-09 14:02:21 +02:00
Felix Fietkau
d717343c85 mac80211: update encap offload patches to the latest version
Minor cleanup and code reorganization, along with a change to not disable
offload anymore when a tkip or sw crypto key is added

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-09 11:51:47 +02:00
Jason A. Donenfeld
d8104c8353 wireguard: bump to 1.0.20200908
* compat: backport kfree_sensitive and switch to it
* netlink: consistently use NLA_POLICY_EXACT_LEN()
* netlink: consistently use NLA_POLICY_MIN_LEN()
* compat: backport NLA policy macros

Backports from upstream changes.

* peerlookup: take lock before checking hash in replace operation

A fix for a race condition caught by syzkaller.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-09 07:54:20 +02:00
Daniel Golle
be9694aaa2 hostapd: add UCI support for Hotspot 2.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-08 20:04:14 +01:00
Daniel Golle
7ed34f65d0 netifd: update to git HEAD
3d9bd73 utils: fix check_pid_path to work with deleted file as well
 330f403 vlan: initialize device ifname earlier at creation time
 c057e71 device: do not check state from within device_init
 cb0c07b system-dummy: fix resolving ifindex
 ccd9ddc bridge: add support for turning on vlan_filtering
 82bcb64 bridge: add support for adding vlans to a bridge
 0e8cea0 bridge: add support for VLAN filtering
 6086b63 config: enable bridge vlan filtering by default for bridges that define VLANs
 ac0710b device: look up full device name before traversing vlan chain
 e32e21e bridge: flush vlan list on bridge free
 645ceed interface-ip: clear host bits of the device prefix
 d7b614a netifd-wireless: parse 'osen' encryption

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-08 20:04:14 +01:00
Paul Spooren
d0f295837a dropbear: Enable Ed25519 for normal devices
The Ed25519 key pairs are much shorter than RSA pairs and are supported
by default in OpenSSH. Looking at websites explaining how to create new
SSH keys, many suggest using Ed25519 rather than RSA, however consider
the former as not yet widely established. OpenWrt likely has a positive
influence on that development.

As enabling Ed25519 is a compile time option, it is currently not
possible to install the feature via `opkg` nor select that option in an
ImageBuilder.

Due to the size impact of **12kB** the option should only be enabled for
devices with `!SMALL_FLASH`.

This approach seems cleaner than splitting `dropbear` into two packages
like `dropbear` and `dropbear-ed25519`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-06 23:19:20 +02:00
Rosen Penev
83e946d718 util-linux: Fix build when libmagic is present
When the libmagic from the file package in the packages feed was also
compiled and provided its libmagic.so file, util-linux tried to link
against it. Avoid this by explicitly disable libmagic support.

This fixes the following build error:
Package more is missing dependencies for the following libraries:
libmagic.so.1

Fixes: 36d9ed360a ("util-linux: update to 2.36")
Acked-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[Add commit description]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 23:19:12 +02:00
Hauke Mehrtens
787de4331f wolfssl: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk	391.545

new:
libwolfssl24_4.5.0-stable-2_mips_24kc.ipk	387.439

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:51 +02:00
Hauke Mehrtens
b71433f42d iw: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
iw_5.4-1_mips_24kc.ipk		35.767
iw-full_5.4-1_mips_24kc.ipk	68.423

new:
iw_5.8-1_mips_24kc.ipk		36.883
iw-full_5.8-1_mips_24kc.ipk	71.992

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:51 +02:00
Hauke Mehrtens
103225b412 nftables: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
nftables-json_0.9.6-1_mips_24kc.ipk	231.968
nftables-nojson_0.9.6-1_mips_24kc.ipk	204.731

new:
nftables-json_0.9.6-2_mips_24kc.ipk	221.894
nftables-nojson_0.9.6-2_mips_24kc.ipk	193.932

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
56c2e9fe37 libnftnl: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
libnftnl12_1.1.7-1_mips_24kc.ipk	47.459

new:
libnftnl12_1.1.7-2_mips_24kc.ipk	45.742

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
a617861d4c jansson: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
jansson4_2.13.1-1_mips_24kc.ipk	19.171

new:
jansson4_2.13.1-2_mips_24kc.ipk	18.936

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
13b4ed4cf4 nftables: Update to version 0.9.6
The ipk sizes for mips_24Kc change like this:
old:
nftables-json_0.9.3-1_mips_24kc.ipk	220.262
nftables-nojson_0.9.3-1_mips_24kc.ipk	192.937

new:
nftables-json_0.9.6-1_mips_24kc.ipk	231.968
nftables-nojson_0.9.6-1_mips_24kc.ipk	204.731

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
082354e4bb libnftnl: Update to version 1.1.7
The ipk sizes for mips_24Kc change like this:
old:
libnftnl12_1.1.5-1_mips_24kc.ipk	46.252

new:
libnftnl12_1.1.7-1_mips_24kc.ipk	47.459

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
cd2aad3812 jansson: Update to version 2.13.1
This also sets the ABI_VERSION as this is a versioned shared library.

The ipk sizes for mips_24Kc change like this:
old:
jansson_2.12-1_mips_24kc.ipk	18.692

new:
jansson4_2.13.1-1_mips_24kc.ipk	19.171

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Adrian Schmutzler
081e944be6 ath25: add back target support
Discussion on the mailing list reveals that this target has active
users. As we are finally able to upgrade this target to kernel 5.4,
add it back to master.

This reverts commit 7d29a55714 ("ath25: drop target") and
immediately moves the relevant files to 5.4, without touching
the content.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-06 19:49:05 +02:00
Christian Lamparter
a487e67cbc base-files: support label-property-less in get_dt_leds
The LED's "label" property has been deprecated in upstream by:

|commit c5d18dd6b64e09dd6984bda9bdd55160af537a8c
|Author: Jacek Anaszewski <jacek.anaszewski@gmail.com>
|Date:   Sun Jun 9 20:19:04 2019 +0200
|
|    dt-bindings: leds: Add properties for LED name construction
|
|    Introduce dedicated properties for conveying information about
|    LED function and color. Mark old "label" property as deprecated.
|
|    Additionally function-enumerator property is being provided
|    for the cases when neither function nor color can be used
|    for LED differentiation.

in order to be somewhat prepared, this patch adds a fallback
as a last resort to make the current led code work by falling
back to the node-name as the "label".

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-05 23:24:46 +02:00
Hans Dedecker
04e0e4167e ppp: update to latest git HEAD
af30be0 Fix setting prefix for IPv6 link-local addresss
0314df4 Disable asking password again when prompt program returns 128

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-05 20:13:40 +02:00
David Bauer
7f676b5ed6 firewall: bump to latest HEAD
8c2f9fa fw3: zones: limit zone names to 11 bytes
78d52a2 options: fix parsing of boolean attributes

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-05 15:43:16 +02:00
Felix Fietkau
acf1733496 mac80211: add preliminary support for enabling 802.11ax in config
No advanced features are configurable yet, just basic enabling of HE modes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-04 15:49:35 +02:00
Daniel Golle
c2c701e058 libselinux: package executables into -utils
Add new package libselinux-utils containing the executable
utilities included with libselinux.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-04 02:50:20 +01:00
Russell Morris
45a81f7056 ramips: add support for HooToo HT-TM05
The HooToo HT-TM05 is a battery powered router, with an Ethernet and USB port.
Vendor U-Boot limited to 1.5 MB kernel size, so use lzma loader (loader-okli).

Specifications:

  SOC:     MediaTek MT7620N
  BATTERY: 10400mAh
  WLAN:    802.11bgn
  LAN:     1x 10/100 Mbps Ethernet
  USB:     1x USB 2.0 (Type-A)
  RAM:     64 MB
  FLASH:   GigaDevice GD25Q64, Serial 8 MB Flash, clocked at 50 MHz
           Flash itself specified to 80 MHz, but speed limited by mt7620 SPI
           fast-read enabled (m25p)
  LED:     Status LED (blue after boot, green with WiFi traffic
           4 leds to indicate power level of the battery (unable to control)
  INPUT:   Power, reset button

MAC assignment based on vendor firmware:

  2.4 GHz    *:b4   (factory 0x04)
  LAN/label  *:b4   (factory 0x28)
  WAN        *:b5   (factory 0x2e)

Tested and working:

 - Ethernet
 - 2.4 GHz WiFi (Correct MAC-address)
 - Installation from TFTP (recovery)
 - OpenWRT sysupgrade (Preserving and non-preserving), through the usual
   ways: command line and LuCI
 - LEDs (except as noted above)
 - Button (reset)
 - I2C, which is needed for reading battery charge status and level
 - U-Boot environment / variables (from U-Boot, and OpenWrt)

Installation:

 - Download the needed OpenWrt install files, place them in the root
   of a clean TFTP server running on your computer. Rename the files as,
   - ramips-mt7620-hootoo_tm05-squashfs-kernel.bin => kernel
   - ramips-mt7620-hootoo_tm05-squashfs-rootfs.bin => rootfs
 - Plug the router into your computer via Ethernet
 - Set your computer to use 10.10.10.254 as its IP address
 - With your router shut down, hold down the power button until the first
   white LED lights up.
 - Push and hold the reset button and release the power button. Continue
   holding the reset button for 30 seconds or until it begins searching
   for files on your TFTP server, whichever comes first.
 - The router (10.10.10.128) will look for your computer at 10.10.10.254
   and install the two files. Once it has finished installation, it will
   automatically reboot and start up OpenWrt.
 - Set your computer to use DHCP for its IP address

Notes:

 - U-Boot environment can be modified, u-boot-env is preserved on initial
   install or sysupgrade
 - mtd-concat functionality is included, to leave a "hole" for u-boot-env,
   combining the OEM kernel and rootfs partitions

I would like to thank @mpratt14 and @xabolcs for their help getting the
lzma loader to work!

Signed-off-by: Russell Morris <rmorris@rkmorris.us>
[drop changes in image/Makefile, fix indent and PKG_RELEASE in
uboot-envtools, fix LOADER_FLASH_OFFS, minor commit message facelift,
add COMPILE to Device/Default]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-03 14:15:30 +02:00
Rosen Penev
7a5e4f5f00 policycoreutils: add nls.mk
Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-09-03 00:33:20 +01:00
Adrian Schmutzler
6362a04725 kernel: remove obsolete kernel version switches for 4.14
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.

This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:23 +02:00
Adrian Schmutzler
bc88ee0aff samsung: drop target
This target is still on kernel 4.14, and no attempt has been made to
update it to a newer kernel. Since we already are two LTS versions ahead
of that the target is dropped, as the chance of somebody bumping it will
only decrease with time.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Adrian Schmutzler
7d29a55714 ath25: drop target
This target still only works with kernel 4.14, and not so recent
attempts of getting newer kernel versions supported did not lead
to success. Therefore, drop the target, as we are already two
LTS kernel versions ahead and it does not seem like anybody will
pick up the work.

Patchwork series:
https://patchwork.ozlabs.org/project/openwrt/list/?series=169991&state=*

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Magnus Kroken
66893063ab mbedtls: update to 2.16.8
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.

* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-09-02 15:12:12 +02:00
Walter Sonius
46abcb3ade base-files: fix comment typo in lib/functions/network.sh
Fix typo in comment.

Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 01:11:17 +02:00
Daniel Golle
80a194b100 hostapd: add hs20 variant
Add hostapd variant compiled with support for Hotspot 2.0 AP features.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 21:37:35 +01:00
Felix Fietkau
91fb3ce56b mac80211: remove an obsolete patch that is no longer doing anything useful
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Felix Fietkau
2c14710c54 mac80211: add more AQL fixes/improvements
Fix aggregation length estimation, add HE and VHT160 support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Daniel Golle
76368a5c0a refpolicy: skip building docs
Building docs requires xmllint and other bulky things being present on
the host. Skip that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 14:35:00 +01:00
Daniel Golle
d136848b8b libaudit: add host-build required by policycoreutils/host
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 14:24:07 +01:00
Daniel Golle
3ce21b8797 libsemanage: host-build depends on renamed libaudit package
Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 12:32:52 +01:00
Hauke Mehrtens
413fdc6676 ugps: update to the latest version
511a5b3 ugps: fix 64-bit time_t

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-01 13:04:44 +02:00
Hauke Mehrtens
db8e09f1c2 fstools: update to the latest version
5345343 fstoools: add define for GLOB_ONLYDIR

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-01 13:01:15 +02:00
John Crispin
2ddd8387a7 uboot-mediatek: update to latest version
Signed-off-by: John Crispin <john@phrozen.org>
2020-09-01 09:08:52 +02:00
Daniel Golle
93ed51e5b6 libaudit: drop unused file
Drop init script from libaudit package. It will be added to the
'audit' package in the packages feed.

Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 00:32:54 +01:00
Paul Spooren
395ac4d018 build: opkg-key variable key folder
The key folder is used by `opkg` and `usign` to store and retrieve
trusted public keys. Using `opkg-key` outside a running device is
unfeasible as the key folder is hard coded to `/etc/opkg/keys`.

This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys`
if unset, however allows set arbitrary key folder locations.

Arbitrary key folder locations are useful to add signature verification
to the ImageBuilders.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 22:44:26 +01:00
Paul Spooren
18b1cc2838 px5g-wolfssl: cleanup Makefile and SPDX license
Minor cosmetic cleanups of the Makefile and add a SPDX compatible
license headers.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 22:29:37 +01:00
Daniel Golle
2e2425ce7f libsemanage: add missing package metadata
License and CPE-ID were missing, add them.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 22:02:12 +01:00
Daniel Golle
efdf619f21 audit: build only libaudit
Turns out auditd depends on libev. Lets have that in packages.git.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 21:51:45 +01:00
Hauke Mehrtens
2b141ad392 strace: Update to version 5.8
Deactivate multiple personalities support, because this causes compile
problems at least on the x86/64 target. As OpenWrt compiles all
binaries itself all binaries will use the native personality which is
also used by strace. This change will make it impossible to debug i386
binaries on x86_64 OpenWrt targets for example.

Just deactivate it for ARM64 too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-31 22:15:26 +02:00
Rosen Penev
36d9ed360a util-linux: update to 2.36
hwclock was fixed to work with musl.

Unfortunately, the fix breaks under musl 1.2.x. Backported patch to fix
that.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Rosen Penev
879e68eafd libcxx: update to 10.0.0
Switched to upstream tarballs.

Switched to libcxxabi as using libsupc++ is quite wonky.

Fixed description.

Removed patches. The fixes are cosmetic.

Added ssp patch. This one is needed for i386 and powerpc under musl.

Compile tested every C++ package in the tree with the exception of
several boost packages. There's something broken with boost.

Ran tested with gerbera.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Rosen Penev
3f9bd9e8ee libcxxabi: add
This will be used for libcxx.

libcxxabi is needed as libsupc++ is not good enough for libcxx. It uses
GCC specific stuff which causes failed compilation for some packages.
There are also runtime issues, most notably with cxxopts where the
program just crashes.

Reference: https://github.com/gerbera/gerbera/issues/795

Added patch to fix ARM compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Daniel Golle
86307bc908 checkpolicy: build-depend on libselinux
Static libraries and headers of libselinux and libsepol are required
for checkpolicy to build.
Fixes error:
policy_parse.y:45:10: fatal error: sepol/policydb/expand.h: No such file or directory
 #include <sepol/policydb/expand.h>
          ^~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 20:45:14 +01:00
Daniel Golle
c2996ee267 policycoreutils: fix i18n depends
Fixes build error:
load_policy.c:11:10: fatal error: libintl.h: No such file or directory
 #include <libintl.h>  /* for gettext() */
          ^~~~~~~~~~~
 compilation terminated.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 20:45:14 +01:00
Michael Pratt
22caf30a65 ath79: add support for Senao Engenius ENH202 v1
FCC ID: U2M-ENH200

Engenius ENH202 is an outdoor wireless access point with 2 10/100 ports,
built-in ethernet switch, internal antenna plates and proprietery PoE.

Specification:

  - Qualcomm/Atheros AR7240 rev 2
  - 40 MHz reference clock
  - 8 MB FLASH                  ST25P64V6P (aka ST M25P64)
  - 32 MB RAM
  - UART at J3                  (populated)
  - 2x 10/100 Mbps Ethernet     (built-in switch at gmac1)
  - 2.4 GHz, 2x2, 29dBm         (Atheros AR9280 rev 2)
  - internal antenna plates     (10 dbi, semi-directional)
  - 5 LEDs, 1 button            (LAN, WAN, RSSI) (Reset)

Known Issues:

  - Sysupgrade from ar71xx no longer possible
  - Power LED not controllable, or unknown gpio

MAC addresses:

  eth0/eth1  *:11   art 0x0/0x6
  wlan       *:10   art 0x120c

  The device label lists both addresses, WLAN MAC and ETH MAC,
  in that order.

  Since 0x0 and 0x6 have the same content, it cannot be
  determined which is eth0 and eth1, so we chose 0x0 for both.

Installation:

  2 ways to flash factory.bin from OEM:

  - Connect ethernet directly to board (the non POE port)
      this is LAN for all images
  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    In upper right select Reset
    "Restore to factory default settings"
    Wait for reboot and login again
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt boot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9f670000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, can cause kernel loop or halt

  The easiest way to return to the OEM software is the Failsafe image
  If you dont have a serial cable, you can ssh into openwrt and run

  `mtd -r erase fakeroot`

  Wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

Format of OEM firmware image:

  The OEM software of ENH202 is a heavily modified version
  of Openwrt Kamikaze bleeding-edge. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-enh202-uImage-lzma.bin
    openwrt-senao-enh202-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring, and by swapping headers to see
  what the OEM upgrade utility accepts and rejects.

  OKLI kernel loader is required because the OEM firmware
  expects the kernel to be no greater than 1024k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on built-in switch:

  ENH202 is originally configured to be an access point,
  but with two ethernet ports, both WAN and LAN is possible.

  the POE port is gmac0 which is preferred to be
  the port for WAN because it gives link status
  where swconfig does not.

Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[assign label_mac in 02_network, use ucidef_set_interface_wan,
use common device definition, some reordering]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-31 17:41:21 +02:00
Michael Pratt
6decbf3186 ath79: add support for Senao Engenius ENS202EXT v1
Engenius ENS202EXT v1 is an outdoor wireless access point with 2 10/100 ports,
with built-in ethernet switch, detachable antennas and proprietery PoE.

FCC ID:	A8J-ENS202

Specification:

  - Qualcomm/Atheros AR9341 v1
  - 535/400/200/40 MHz          (CPU/DDR/AHB/REF)
  - 64 MB of RAM
  - 16 MB of FLASH              MX25L12835F(MI-10G)
  - UART (J1) header on PCB     (unpopulated)
  - 2x 10/100 Mbps Ethernet     (built-in switch Atheros AR8229)
  - 2.4 GHz, up to 27dBm        (Atheros AR9340)
  - 2x external, detachable antennas
  - 7x LED (5 programmable in ath79), 1x GPIO button (Reset)

Known Issues:

  - Sysupgrade from ar71xx no longer possible
  - Ethernet LEDs stay on solid when connected, not programmable

MAC addresses:

  eth0/eth1  *:7b   art 0x0/0x6
  wlan       *:7a   art 0x1002

  The device label lists both addresses, WLAN MAC and ETH MAC,
  in that order.

  Since 0x0 and 0x6 have the same content, it cannot be
  determined which is eth0 and eth1, so we chose 0x0 for both.

Installation:

  2 ways to flash factory.bin from OEM:

  - Connect ethernet directly to board (the non POE port)
      this is LAN for all images
  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    In upper right select Reset
    "Restore to factory default settings"
    Wait for reboot and login again
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt boot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fdf0000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

  *If you are unable to get network/LuCI after flashing*
  You must perform another factory reset:

    After waiting 3 minutes or when Power LED stop blinking:

    Hold Reset button for 15 seconds while powered on
    or until Power LED blinks very fast

    release and wait 2 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions

  *DISCLAIMER*
  The Failsafe image is unique to this model.
  The following directions are unique to this model.
  DO NOT downgrade to ar71xx this way, can cause kernel loop

  The easiest way to return to the OEM software is the Failsafe image
  If you dont have a serial cable, you can ssh into openwrt and run

  `mtd -r erase fakeroot`

  Wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

TFTP Recovery:

  For some reason, TFTP is not reliable on this board.
  Takes many attempts, many timeouts before it fully transfers.

  Starting with an initramfs.bin:

  Connect to ethernet
  set IP address and TFTP server to 192.168.1.101
  set up infinite ping to 192.168.1.1
  rename the initramfs.bin to "vmlinux-art-ramdisk" and host on TFTP server
  disconnect power to the board
  hold reset button while powering on board for 8 seconds

  Wait a minute, power LED should blink eventually if successful
  and a minute after that the pings should get replies
  You have now loaded a temporary Openwrt with default settings temporarily.
  You can use that image to sysupgrade another image to overwrite flash.

Format of OEM firmware image:

  The OEM software of ENS202EXT is a heavily modified version
  of Openwrt Kamikaze bleeding-edge. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-ens202ext-uImage-lzma.bin
    openwrt-senao-ens202ext-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring, and by swapping headers to see
  what the OEM upgrade utility accepts and rejects.

Note on the factory.bin:

  The newest kernel is too large to be in the kernel partition

  the new ath79 kernel is beyond   1592k
  Even ath79-tiny is               1580k

  Checksum fails at boot because the bootloader (modified uboot)
  expects kernel to be 1536k. If the kernel is larger, it gets
  overwritten when rootfs is flashed, causing a broken image.
  The mtdparts variable is part of the build and saving a new
  uboot environment will not persist after flashing.
  OEM version might interact with uboot or with the custom
  OEM partition at 0x9f050000.

  Failed checksums at boot cause failsafe image to launch,
  allowing any image to be flashed again.

  HOWEVER: one should not install older Openwrt from failsafe
  because it can cause rootfs to be unmountable,
  causing kernel loop after successful checksum.
  The only way to rescue after that is with a serial cable.

  For these reasons, a fake kernel (OKLI kernel loader)
  and fake squashfs rootfs is implemented to take care of
  the OEM firmware image verification and checksums at boot.
  The OEM only verifies the checksum of the first image
  of each partition respectively, which is the loader
  and the fake squashfs. This completely frees
  the "firmware" partition from all checks.

  virtual_flash is implemented to make use of the wasted space.
  this leaves only 2 erase blocks actually wasted.

  The loader and fakeroot partitions must remain intact, otherwise
  the next boot will fail, redirecting to the Failsafe image.

  Because the partition table required is so different
  than the OEM partition table and ar71xx partition table,
  sysupgrades are not possible until one switches to ath79 kernel.

Note on sysupgrade.tgz:

  To make things even more complicated, another change is needed to
  fix an issue where network does not work after flashing from either
  OEM software or Failsafe image, which implants the OEM (Openwrt Kamikaze)
  configuration into the jffs2 /overlay when writing rootfs from factory.bin.

  The upgrade script has this:

    mtd -j "/tmp/_sys/sysupgrade.tgz" write "${rootfs}" "rootfs"

  However, it also accepts scripts before and after:

    before_local="/etc/before-upgradelocal.sh"
    after_local="/etc/after-upgradelocal.sh"
    before="before-upgrade.sh"
    after="after-upgrade.sh"

  Thus, we can solve the issue by making the .tgz an empty file
  by making a before-upgrade.sh in the factory.bin

Note on built-in switch:

  There is two ports on the board, POE through the power supply brick,
  the other is on the board. For whatever reason, in the ar71xx target,
  both ports were on the built-in switch on eth1. In order to make use
  of a port for WAN or a different LAN, one has to set up VLANs.

  In ath79, eth0 and eth1 is defined in the DTS so that the
  built-in switch is seen as eth0, but only for 1 port
  the other port is on eth1 without a built-in switch.

  eth0: switch0
    CPU is port 0
    board port is port 1

  eth1: POE port on the power brick

  Since there is two physical ports,
  it can be configured as a full router,
  with LAN for both wired and wireless.

  According to the Datasheet, the port that is not on the switch
  is connected to gmac0. It is preferred that gmac0 is chosen as WAN
  over a port on an internal switch, so that link status can pass
  to the kernel immediately which is more important for WAN connections.

Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[apply sorting in 01_leds, make factory recipe more generic, create common
device node, move label-mac to 02_network, add MAC addresses to commit
message, remove kmod-leds-gpio, use gzip directly]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-31 17:41:21 +02:00
Daniel Golle
e868809861 libsemanage: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[removed python part for inclusion in core]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 13:52:05 +01:00
Thomas Petazzoni
73912b850b audit: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[fix build with GCC 10 and disable MIPS16 as build emits sync instruction]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 13:38:12 +01:00
Tony Ambardar
2f0d672088 bpftools: add utility and library packages supporting eBPF usage
Add support for building bpftool and libbpf from the latest 5.8.3 kernel
sources, ensuring up-to-date functionality and fixes. Both are written to
be backwards compatible, which simplfies build and usage across different
OpenWRT image kernels.

'bpftool' is the primary userspace tool widely used for introspection and
manipulation of eBPF programs and maps. Two variants are built: a 'full'
version which supports object disassembly and depends on libbfd/libopcodes
(total ~500KB); and a 'minimal' version without disassembly functions and
dependencies. The default 'minimal' variant is otherwise fully functional,
and both are compiled using LTO for further (~30KB) size reductions.

'libbpf' provides shared/static libraries and dev files needed for building
userspace programs that perform eBPF interaction.

Several cross-compilation and build-failure problems are addressed by new
patches and ones backported from farther upstream:

  * 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
  * 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
  * 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
  * 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-08-31 12:23:59 +01:00
Paul Spooren
c1875d1ebb build: switch VERSION_REPO to HTTPS
The variable VERSION_REPO is used by opkg to download package(list)s.
Now that the default installation support encrypted HTTP opkg should
make use of it.

Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
2020-08-31 11:26:10 +01:00
Paul Spooren
35f2116519 treewide: https for downloads.openwrt.org sources
Instead of using http and https for source downloads from
downloads.openwrt.org, always use https for it's better security.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:26:10 +01:00
Paul Spooren
62d5ec7306 build: store SourceDateEpoch in manifest
The usage of granular `SOURCE_DATE_EPOCH` for packages is an
incrementing integer which could be useful for downstream tooling,
therefore add it to the packages manifest.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:18:06 +01:00
Paul Spooren
7d26f294cd busybox: Use PKG_FILE_MODES for SUID
Instead of using INSTALL_SUID use the more flexible PKG_FILE_MODES
variable withn the Makefile to set the SUID bit.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:15:17 +01:00
Daniel Golle
2bd55d0a2b opkg: update to git HEAD
4318ab1 opkg: allow to configure the path to the signature verification script
 cf44c2f libopkg: fix compiler warning

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 11:03:24 +01:00
Paul Spooren
976d3e2234 px5g: rename to px5g-mbedtls
Two versions of `px5g` exists without sharing code. For clarification
rename the previously existing MbedTLS based version to `px5g-mbedtls`
to exists next to `px5g-wolfssl`.

Rename code file of MbedTLS from `px5g.c` to `px5g-mbedtls.c`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00
Paul Spooren
7078294b59 px5g-wolfssl: add package
This package creates certificates and private keys, just like `px5g`
does. Hower it uses WolfSSL rather than MbedTLS.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00
Paul Spooren
367c23740f wolfssl: add certgen config option
The option allows to generate certificates.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00
Hans Dedecker
9ee27c232e nghttp2: move to packages.git
As the package curl has been moved to packages.git and only libcurl
depends on libnghttps move it as well to packages.git.
This is based on the Hamburg  2019 decision that non essential packages
should move outside base.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-31 08:01:27 +02:00
Thomas Petazzoni
e5e54e52f7 refpolicy: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 2.20200229, adjust Makefile, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Thomas Petazzoni
21992303fa checkpolicy: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Thomas Petazzoni
d28adeb37d policycoreutils: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, use ALTERNATIVES, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Sven Wegener
6a9c76a6c4 leds: add activity led trigger kernel module package
The activity trigger flashes like the heartbeat trigger, but adjusts
based on system load.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens
4e2a994d2d ethtool: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
ethtool_5.4-1_mips_24kc.ipk	101.909

new:
ethtool_5.8-1_mips_24kc.ipk	109.699

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens
0b2f97beed iproute2: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
ip-full_5.7.0-2_mips_24kc.ipk	165.786
ip-tiny_5.7.0-2_mips_24kc.ipk	117.730
tc_5.7.0-2_mips_24kc.ipk	144.405

new:
ip-full_5.8.0-1_mips_24kc.ipk	169.775
ip-tiny_5.8.0-1_mips_24kc.ipk	119.808
tc_5.8.0-1_mips_24kc.ipk	149.053

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens
ca5ee6eba3 mac80211: Fix potential endless loop
Backport a fix from kernel 5.8.3.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-30 22:21:34 +02:00
Adrian Schmutzler
4e4ee46495 ar71xx: drop target
This target has been mostly replaced by ath79 and won't be included
in the upcoming release anymore. Finally put it to rest.

This also removes all references in packages, tools, etc. as well as
the uboot-ar71xx and vsc73x5-ucode packages.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-30 22:18:35 +02:00
Aaron Goodman
47b2ee2d9a wireguard-tools: add tunlink option for hostroute
In a multi-wan setup, netifd may need guidance on which wan device to
use to create the route to the remote peer.

This commit adds a 'tunlink' option similar to other tunneling interfaces
such as 6in4, 6rd, gre, etc.

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
2020-08-30 21:47:13 +02:00
Paul Spooren
a5d030a54f curl: move package to packages.git
curl is replaced by uclient-fetch within the OpenWrt build system and we
can therefore move curl to packages.git. This is based on the Hamburg
2019 decision that non essential packages should move outside base.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-27 21:18:21 +02:00
Hauke Mehrtens
bc19481826 hostapd: Fix compile errors after wolfssl update
This fixes the following compile errors after the wolfssl 4.5.0 update:
  LD  wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
    type = GEN_EMAIL;
           ^~~~~~~~~
           ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
    type = GEN_DNS;
           ^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
    type = GEN_URI;
           ^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
   if (gen->type != GEN_EMAIL &&
                    ^~~~~~~~~
                    ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
       gen->type != GEN_DNS &&
                    ^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
       gen->type != GEN_URI)
                    ^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed

Fixes: 00722a720c ("wolfssl: Update to version 4.5.0")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-27 12:11:47 +02:00
Hauke Mehrtens
c1aa2d4411 mtd-utils: Update to version 2.1.2
The release notes says this:
As already said, the changes since 2.1.1 are primarily bug fixes, addressing
compiler warnings and issues reported by diagnostic tools, but also build
failures for some configurations.
https://lists.infradead.org/pipermail/linux-mtd/2020-July/081299.html

The size of the ubi-utils ipk increases on mips BE by 0.2%
old:
ubi-utils_2.1.1-1_mips_24kc.ipk:	70992
new:
ubi-utils_2.1.2-1_mips_24kc.ipk:	71109

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 23:29:35 +02:00
Hauke Mehrtens
00722a720c wolfssl: Update to version 4.5.0
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk:	386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk:	391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 23:29:30 +02:00
Hauke Mehrtens
2745f6afe6 curl: Use wolfssl by default
Instead of using mbedtls by default use wolfssl. We now integrate
wolfssl in the default build so use it also as default ssl library for
curl.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 21:00:43 +02:00
Hauke Mehrtens
b5191f3366 curl: Fix build with wolfssl
Backport a commit from upstream curl to fix a problem in configure with
wolfssl.

checking size of time_t... configure: error: cannot determine a size for time_t

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 21:00:42 +02:00
Adrian Schmutzler
e7c235612b uboot-at91: harmonize indent in Makefile
The indent in Makefile is mixed, harmonize it where reasonable.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-25 19:28:42 +02:00
Adrian Schmutzler
2f92e1d418 at91bootstrap: harmonize indent in Makefiles
The indent in Makefiles is mixed, harmonize it where reasonable.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-25 19:28:42 +02:00
Adrian Schmutzler
7f1540cc46 at91: introduce vendor_model scheme and drop board names
This introduces the vendor_model scheme to this target in order to
harmonize device names within the target and with the rest of
OpenWrt. In addition, custom board names are dropped in favor
of the generic script which takes the compatible.

Use the SUPPORTED_DEVICES variable to store the compatible where it
deviates from the device name, so we can use it in build recipes.

While at it, harmonize a few indents as well.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-25 19:28:42 +02:00
Sandeep Sheriker M
abf6c288c1 uboot-at91: bump version to linux4sam-2020.04
Bump version to linux4sam-2020.04 and add patch to fix Wformat-security
warnings.

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2020-08-25 19:28:42 +02:00
Sandeep Sheriker M
9b36ca8032 at91bootstrap: bump version to v3.9.3
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2020-08-25 19:28:42 +02:00
Felix Fietkau
e12ac40552 mt76: update to the latest version
f0beb7cbc443 mt76: mt7663u: fix memory leaks in mt7663u_probe
90c8422d3f56 mt76: mt7915: fix typo in function name
9cbbe4a30eaf mac80211: simplify TX aggregation start
974486ec2642 util: in worker setup, only overwrite function pointer if not NULL
519510277a8b mt76: initialize tx worker function earlier
3c361b1e3f4e mt76: mt7663u: fix dma header initialization
e8d489647c7f mt76: usb: fix use of q->head and q->tail
8124daf53130 mt76: sdio: fix use of q->head and q->tail
3c2cd8580377 mt76: unify queue tx cleanup code
780cdabb8659 mt76: remove qid argument to drv->tx_complete_skb
05aa857861fc mt76: remove swq from struct mt76_sw_queue
e861cb051833 mt76: rely on AQL for burst size limits on tx queueing
3218b914a2fb mt76: remove struct mt76_sw_queue
23529b5e93c1 mt76: mt7603: tune tx ring size
f6ca436ebea4 mt76: mt76x02: tune tx ring size
97e65131440c mt76: mt7603: check for single-stream EEPROM configuration
957b6c5ac273 mt76: mt7615: fix MT_ANT_SWITCH_CON register definition
96a541eedda9 mt76: mt7615: fix antenna selection for testmode tx_frames
b36d7ae096a3 mt76: mt7603: move number of streams detection to eeprom init

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-25 14:12:51 +02:00
Hauke Mehrtens
a69949a13f firewall: Fix PKG_MIRROR_HASH
Fixes: 6c57fb7aa9 ("firewall: bump to version 2020-07-05")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-24 18:54:00 +02:00
Magnus Kroken
201d6776a0 mbedtls: update to 2.16.7
Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch,
and provides bug fixes and minor enhancements. This release includes
fixes for security issues and the most severe one is described in more
detail in a security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07

* Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
* Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private
key that didn't include the uncompressed public key), as well as
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
f_rng argument. An attacker with access to precise enough timing and
memory access information (typically an untrusted operating system
attacking a secure enclave) could fully recover the ECC private key.
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
macros).

Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some
changes to the download URLs are required. For the time being, the
ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[Use https://codeload.github.com and new tar.gz file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-24 18:54:00 +02:00
Rosen Penev
161fe0b662 exfat: update to 5.8.7
93e2334 exfat: fix build error on linux-5.4,5.5 kernel
01a7b8c exfat: fix name_hash computation on big endian systems
8f92bc0 exfat: fix wrong size update of stream entry by typo

Removed commented material that was for testing compilation.

Removed patch as the error was fixed upstream. First entry above.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-24 18:53:59 +02:00
mohammad rasim
785c7d9b16 kernel: add ar5523 driver
The driver currently only support managed and monitor mode

Changes since v1:
- drop the @DRIVER_11N_SUPPORT dependency

Signed-off-by: mohammad rasim <mohammad.rasim96@gmail.com>
2020-08-24 18:53:59 +02:00
Josef Schlehofer
e742a31f07 ipset: update to version 7.6
Changelog:
https://ipset.netfilter.org/changelog.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-08-24 18:53:59 +02:00
Josef Schlehofer
ed381e2fb2 linux-firmware: add support for Marvell SDIO 8997
For example, Turris MOX SDIO card is using Marvell (NXP) 88W8997 chip.

Technical specs of 88W8997:
- 28nm
- 802.11 ac wave-2
It should support simultaneous dual-band 2.4 GHz and 5 GHz,
but it requires to support multiSSID for one Wi-Fi card [1], which is
not supported in OpenWrt, yet and if we tried to run two instances of
hostapd, it didn't work well, so it's 2.4 GHz or 5 GHz.
- 2x2 MU-MIMO
- Bluetooth 5.1 with LE support
- Unfortunately, there can be connected only 8 clients at the same time
(limited by FW, however, there exists "enterprise" chip, its equal chip,
it is just different that it uses different FW)

Symlink is necessary as mwifiex_sdio tries to load sd8997_uapsta.bin
[   13.651182] mwifiex_sdio mmc0:0001:1: Direct firmware load for mrvl/sd8997_uapsta.bin failed with error -2
[   13.661065] mwifiex_sdio mmc0:0001:1: Falling back to user helper
[   13.684880] firmware mrvl!sd8997_uapsta.bin: firmware_loading_store: map pages failed
[   13.695910] mwifiex_sdio mmc0:0001:1: Failed to get firmware mrvl/sd8997_uapsta.bin
[   13.703774] mwifiex_sdio mmc0:0001:1: info: _mwifiex_fw_dpc: unregister device

Pali Rohár sent two patches [2] [3] into kernel to fix default firmware name for SD8997, so
the symlink will not be required in the future versions of kernel, which
was accepted and right now, according to my details it was backported to 5.8, 5.7 and 5.4

[1] https://bugs.openwrt.org/index.php?do=details&task_id=3243
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=00eb0cb36fad5
[3] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2e1fcac52a9ea

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-08-24 18:53:59 +02:00
Josef Schlehofer
18aca6b17d linux-firmware: update to version 20200817
git log --pretty=oneline --abbrev-commit 20200619..20200817
7a30af1 (HEAD -> master, tag: 20200817, origin/master, origin/main, origin/HEAD) Merge branch 'i915-firmware-updates-08-2020' of git://anongit.freedesktop.org/drm/drm-firmware into main
923bfa6 brcm: Add brcmfmac43455-sdio.raspberrypi,3-model-a-plus.txt symlink
33e11ab rtl_bt: Update RTL8822C BT UART firmware to 0x0599_8A4F
1b81373 i915: Add DMC firmware 2.02 for RKL
bdf8d7a i915: Add DMC firmware 2.08 for TGL
1bcdc9a i915: Add HuC firwmare v7.5.0 for TGL
c331aa9 amdgpu: update vega20 firmware for 20.30
a434387 amdgpu: update vega12 firmware for 20.30
49e9ea8 amdgpu: update vega10 firmware for 20.30
d89e9b1 amdgpu: update renoir firmware for 20.30
373c08a amdgpu: update raven2 firmware for 20.30
69ca06e amdgpu: update raven firmware for 20.30
12042c2 amdgpu: update picasso firmware for 20.30
2c9d97a amdgpu: update navi14 firmware for 20.30
eaa3e55 amdgpu: update navi10 firmware for 20.30
9bc3789 linux-firmware: update NXP SDSD-8997 firmware image
6c79b68 Mellanox: Add new mlxsw_spectrum firmware xx.2008.1036
2b823fc (tag: 20200721) linux-firmware: Update AMD SEV firmware
e33306f Merge branch 'qca_0714' of https://github.com/bgodavar/qca_bt_fw into main
1d1c80b Update to 20200629111339 version to aligh SDK. Mainly fix DFS false alarm.
69c7f0b rtl_nic: update firmware for RTL8125B
f39b687 Update binary firmware for MT7663 based devices to include firmware offload feature and low power feature.
3882702 QCA: Add correct bin file for WCN3991
3d3a06f linux-firmware: Update firmware file for Intel Bluetooth AX201
b7849f7 linux-firmware: Update firmware file for Intel Bluetooth AX200
07b0375 linux-firmware: Update firmware file for Intel Bluetooth 9560
44bf1b1 linux-firmware: Update firmware file for Intel Bluetooth 9260
7169ab3 linux-firmware: wilc1000: add wilc1000 v15.4 FW
b1497fc Merge https://github.com/rjliao-qca/qca-btfw into main
c4e04b4 QCA: Update Bluetooth firmware for QCA6390
74ac3b5 Merge https://github.com/bgodavar/qca_wcn3991 into main
1a0c0c2 amdgpu: add UVD firmware for SI asics
24cc617 QCA: Update WCN3991 FW files

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-08-24 18:53:59 +02:00
Adrian Schmutzler
cc501ab021 kernel: set WATCHDOG_CORE dependency in kmod-hwmon-sch5627
For many target we have added CONFIG_WATCHDOG_CORE=y to the target
config due to the following error:

 Package kmod-hwmon-sch5627 is missing dependencies for the following
 libraries:
 watchdog.ko

However, actually the proper way appears to be setting the
dependency for the kmod-hwmon-sch5627 package, as the error message
demands.

Do this in this patch and remove the target config entries added
due to this issue.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-24 14:09:11 +02:00
Daniel Golle
2eaf03b4d8 busybox: fix typo in Makefile
'conffiiles' -> 'conffiles'

Fixes: 2e06f8ae24 ("busybox: add selinux variant")
Reported-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-23 23:59:37 +01:00
Paul Spooren
aeea91d5ee f2fs-tools: add selinux variant
This variant is build with `libselinux` and required to set labels
during runtime.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-23 23:37:08 +01:00
Paul Spooren
2e06f8ae24 busybox: add selinux variant
This commit adds a `selinux` variant which comes with with a number of
SELinux applets and also SELinux label support.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-23 23:37:08 +01:00
Hans Dedecker
f75c70aeca nat46: update to latest git HEAD
362640b nat46-module: fix compilation with kernel 5.6

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-23 20:08:44 +02:00
Hans Dedecker
4358373e69 curl: disable zstd support
Fixes package libcurl build issue :

Package libcurl is missing dependencies for the following libraries:
libzstd.so.1

Suggested-by: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-23 11:03:40 +02:00
Felix Fietkau
b52b4afa15 mt76: update to the latest version
8027c7d95274 mt76: mt7615: fix reading airtime statistics
3743e7c904de mt76: mt7915: optimize mt7915_mac_sta_poll
d2fe5e8330c6 mt76: mt7915: fix variable initialization in sta poll
692065b4c9db mt76: mt7915: only enable hw amsdu for AP and station
b54157df7c27 mt7615: update firmware to version 20200814
888990e159d2 mt76: use threaded NAPI
3a3306e408f2 mt76: mt7915: add 802.11 encap offload support
795b772cd392 mt76: mt7915: add encap offload for 4-address mode stations
55d79ab7fa23 mt76: dma: update q->queued immediately on cleanup
23dbd64d6324 mt76: mt7915: schedule tx tasklet in mt7915_mac_tx_free
5cf34cda70af mt76: mt7915: significantly reduce interrupt load
87a69429069f mt76: add utility functions for deferring work to a kernel thread
2f1318a06d0a mt76: convert from tx tasklet to tx worker thread
72f0979566be mt76: mt7915: add support for accessing mapped registers via bus ops
f9ce5c776c9a mt76: use ieee80211_rx_list to pass frames to the network stack as a batch
25dd8bdae3bf mt76: mt7615: significantly reduce interrupt load
7c5445dec812 mt76: mt7615: release mutex in mt7615_reset_test_set
e68c3e254822 mt76: mt7663s: use NULL instead of 0 in sdio code
4368380e20e7 mt76: mt7663s: fix resume failure
bea386f27914 mt76: mt7663s: fix unable to handle kernel paging request
b8780c44c716 mt76: mt7615: fix possible memory leak in mt7615_tm_set_tx_power
37a1c7ed6796 mt76: mt7615: fix a possible NULL pointer dereference in mt7615_pm_wake_work
8c7c1a207d25 mt76: fix a possible NULL pointer dereference in mt76_testmode_dump

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-22 21:24:10 +02:00
Felix Fietkau
e7f7101182 mac80211: rework encapsulation offload support
Fix a number of deficiencies in the existing API

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-22 07:02:01 +02:00
Josef Schlehofer
17d16e093f curl: update to version 7.72.0
Changes in this version can be found here:
https://curl.haxx.se/changes.html#7_72_0

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-08-21 21:25:56 +02:00
Felix Fietkau
010682067b mac80211: add missing return code checks in AQL improvements
Fixes throughput issues with some drivers (e.g. ath10k)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-21 18:29:52 +02:00
Hauke Mehrtens
5efe459012 kernel: wpan: Add kmod-ca8210
This device is found on the pistachio marduk board.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-21 11:46:13 +02:00
Hauke Mehrtens
b0751d4c0f kernel: wpan: Add missing AUTOLOAD to load kernel module
These kernel modules were not loaded automatically, fix this by adding
the AUTOLOAD definition.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-21 11:46:13 +02:00
David Bauer
aa403a440a dnsmasq: abort dhcp_check on interface state
Abort the dhcp-check based on the interface instead of the carrier
state. In cases where the interface is up but the carrier is down,
netifd won't cause a dnsmasq reload, thus dhcp won't become active
on this interface.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-08-20 23:45:26 +02:00
Remi NGUYEN VAN
bcf0704bd2 map: rename type to maptype (FS#3287)
"type" is already used as a common option for all protocols types, so
using the same option name for the map type makes the configuration
ambiguous. Luci in particular adds controls for both options and sees
errors when reading the resulting configuration.

Use "maptype" instead, but still fallback to "type" if "maptype" is not
set. This allows configurations to migrate without breaking old
configurations.

This addresses FS#3287.

Signed-off-by: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-08-19 21:14:00 +02:00
Adrian Schmutzler
18ab496c32 ltq-dsl-base: remove useless echos in lantiq_dsl.sh
The is no reason to catch the output by $() and then echo it again.

Remove the useless echos.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-17 23:25:41 +02:00
Remi NGUYEN VAN
1e696c6ced map: add a legacymap option
The legacy map version based on the IPv6 Interface Identifier in
draft-ietf-softwire-map-03 was typically used by uncommenting the LEGACY
variable in the map.sh file, which is not ideal. A proper configuration
option is needed instead.

The IPv6 Interface Identifier format described in the draft was
eventually changed in RFC7597, but is still used by some major ISPs,
including in Japan.

Signed-off-by: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-08-15 20:37:02 +02:00
Rui Salvaterra
763ce13b0b dropbear: allow disabling support for scp
If not needed, disabling scp allows for a nice size reduction.

Dropbear executable size comparison:

153621 bytes (baseline)
133077 bytes (without scp)

In other words, we trim a total of 20544 bytes.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-08-15 20:25:08 +02:00
Tomasz Maciej Nowak
ebf71533f9 ath79: add support for ALLNET ALL-WAP02860AC
ALLNET ALL-WAP02860AC is a dual-band wireless access point.

Specification
SoC: Qualcomm Atheros QCA9558
RAM: 128 MB DDR2
Flash: 16 MB SPI NOR
WIFI: 2.4 GHz 3T3R integrated
      5 GHz 3T3R QCA9880 Mini PCIe card
Ethernet: 1x 10/100/1000 Mbps AR8035-A, PoE capable (802.3at)
LEDS: 5x, which four are GPIO controlled
Buttons: 1x GPIO controlled
UART: 4 pin header near Mini PCIe card, starting count from white
      triangle on PCB
      1. VCC 3.3V, 2. GND, 3. TX, 4. RX
      baud: 115200, parity: none, flow control: none

MAC addresses
Calibration data does not contain valid MAC addresses.
The calculated MAC addresses are chosen in accordance with OEM firmware.

Because of:
a) constrained environment (SNMP) when connecting through Telnet
   or SSH,
b) hard-coded kernel and rootfs sizes,
c) checksum verification of kerenel and rootfs images in bootloder,

creating factory image accepted by OEM web interface is difficult,
therefore, to install OpenWrt on this device UART connection is needed.
The teardown is simple, unscrew four screws to disassemble the casing,
plus two screws to separate mainboard from the casing.
Before flashing, be sure to have a copy of factory firmware, in case You
wish to revert to original firmware.

Installation
1. Prepare TFTP server with OpenWrt initramfs-kernel image.
2. Connect to LAN port.
3. Connect to UART port.
4. Power on the device and when prompted to stop autoboot, hit any key.
5. Alter U-Boot environment with following commands:
    setenv failsafe_boot bootm 0x9f0a0000
    saveenv
6. Adjust "ipaddr" and "serverip" addresses in U-Boot environment, use
   'setenv' to do that, then run following commands:
    tftpboot 0x81000000 <openwrt_initramfs-kernel_image_name>
    bootm 0x81000000
7. Wait about 1 minute for OpenWrt to boot.
8. Transfer OpenWrt sysupgrade image to /tmp directory and flash it
   with:
    sysupgrade -n /tmp/<openwrt_sysupgrade_image_name>
9. After flashing, the access point will reboot to OpenWrt. Wait few
   minutes, until the Power LED stops blinking, then it's ready for
   configuration.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[add MAC address comment to commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-15 15:58:39 +02:00
Felix Fietkau
6bdd4c967b mac80211: add missing backports for building with 4.14 kernels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-14 17:27:31 +02:00
Daniel Golle
bda1c127cc libselinux: fix Makefile style
Also fix line order in libselinux Makefile.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-14 02:43:31 +01:00
Daniel Golle
0133160177 libsepol: fix Makefile style
Fix line ordering (cosmetic).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-14 02:42:25 +01:00
Daniel Golle
4469e45f60 pcre: clean up Makefile line order
The most recent patch added add lines in one block instead of in the
appropriate places to keep Makefiles in consistent style. Fix that.

Fixes: ff02e1561f ("pcre: add host variant of libpcre")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-14 02:42:25 +01:00
Thomas Petazzoni
ff02e1561f pcre: add host variant of libpcre
This is needed to build the host variant of libselinux.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-14 02:29:03 +01:00
Felix Fietkau
072c5876c5 libselinux: fix build on non-Linux systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-13 20:08:29 +02:00
Felix Fietkau
2a9fb827aa libsepol: fix build on non-Linux systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-13 20:08:29 +02:00
Felix Fietkau
431fb8cae9 mac80211: add AQL improvements
Add AQL support for HE drivers.
Improve assumed aggregation length based on tx rate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-13 17:57:19 +02:00
Felix Fietkau
6bee8f2865 mt76: update to the latest version
34aed01ca865 mt76: mt7915: use ieee80211_free_txskb to free tx skbs
efc8669db5f9 mt76: mt7915: fix max_mpdu_size field for A-MSDU

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-13 17:57:19 +02:00
Daniel Golle
ff6b815691 libselinux: don't depend on kernel config symbols
Dependencies are meant to express actual run-time dependencies and
strictly speaking, libselinux can be build and used on kernels without
SELinux (not in a very meaningful way, but never mind).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 14:07:18 +01:00
Daniel Golle
74dfe25d41 procd: remove duplicate confguration menu
Fixes: 962e73c1a4 ("procd: add selinux variant")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 14:07:18 +01:00
Daniel Golle
0709f6e798 iproute2: disable SELinux for now
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 14:03:07 +01:00
Daniel Golle
ab4c6f1632 musl-fts: import from packages feed
libselinux requires musl-fts to build with musl. Import it from
packages feed as well.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 11:44:05 +01:00
Daniel Golle
e16b84df15 pcre: import from packages feeds
libselinux require pcre, import to to core so it can build without
packages feeds.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 11:28:28 +01:00
Paul Spooren
962e73c1a4 procd: add selinux variant
This commit adds a `selinux` variant to `procd` allowing to load an
SELinux policy at boot.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 09:53:50 +01:00
Thomas Petazzoni
a0df664531 libselinux: add new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-13 09:31:34 +01:00
Thomas Petazzoni
6531eee347 libsepol: add new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-13 09:31:34 +01:00
Ansuel Smith
87e92d50e5 kernel: usb: move phy-qcom-ipq806x-usb to ipq806x modules.mk
This driver is only used by ipq806x SoCs. Move it there and drop
dependency from ipq40xx since it's not used anywere.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[rebase on changes to previous patches]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Paul Blazejowski <paulb@blazebox.homeip.net> [R7800]
2020-08-13 02:12:12 +02:00
Ansuel Smith
0c45ad41e1 ipq806x: replace phy dwc3 patch with upstream version
- Replace dwc3 phy patch with upstream version
- Rework the dts to use the upstream bindings
- Update changed config flags
- Rename module to reflect config name

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[fix qcom,tx-deamp_3_5db typo, refresh patches, rename kmod]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Paul Blazejowski <paulb@blazebox.homeip.net> [R7800]
2020-08-13 02:12:12 +02:00
Rui Salvaterra
e5eeb34a8c dropbear: fix ssh alternative when dbclient isn't built
The ssh symlink was still being created even when dbclient was disabled in the
build configuration. Fix this annoyance.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-08-12 21:57:37 +02:00
Felix Fietkau
37615174f5 mt76: update to the latest version
8d9a62e4def7 mt76: mt7915: fix crash on tx rate report for invalid stations
825343467df4 mt76: fix double DMA unmap of the first buffer on 7615/7915
99804560372b mt76: mt7615: register ext_phy if DBDC is detected
93407be934b2 mt76: mt7615: move drv_own/fw_own in mt7615_mcu_ops
e7774de844e8 mt76: mt7663s: move drv_own/fw_own in mt7615_mcu_ops
a5602514ab03 mt76: mt7615: hold mt76 lock queueing wd in mt7615_queue_key_update
5c42061ce181 mt76: do not inject packets if MT76_STATE_PM is set
ae4757a0ae90 mt76: mt7615: reschedule runtime-pm receiving a tx interrupt
c4544d1e8a1a mt76: mt76s: fix oom in mt76s_tx_queue_skb_raw
dc73103874cc mt76: mt76s: move tx processing in a dedicated wq
c828c84cb134 mt76: mt7663s: move rx processing in txrx wq
2b34f2f6b0ef mt76: mt76s: move status processing in txrx wq
f957b050d848 mt76: mt76s: move tx/rx processing in 2 separate works
6fe964295bd9 mt76: mt76s: get rid of unused variable
43d6127d8851 mt76: mt7915: enable U-APSD on AP side
58774b605f1c mt76: set interrupt mask register to 0 before requesting irq
06f722d8046c mt76: mt7915: clean up and fix interrupt masking in the irq handler
2fbd6baac103 mt76: mt7615: only clear unmasked interrupts in irq tasklet
5ea8b6187da2 mt76: mt76x02: clean up and fix interrupt masking in the irq handler
f2e71f0c1b7e mt76: mt7615: do not do any work in napi poll after calling napi_complete_done()
1eb94624bb12 mt76: mt7915: do not do any work in napi poll after calling napi_complete_done()
5e0c587b9ac1 mt76: mt7915: clean up station stats polling and rate control update
9ab20dfbf7b1 mt76: mt7915: increase tx retry count
fa69dd96f9c0 mt76: mt7915: enable offloading of sequence number assignment
9816f9812adb mt76: move mt76_check_agg_ssn to driver tx_prepare calls
ad90170b0af9 mt76: mt7615: remove mtxq->agg_ssn assignment
335cd51be4c6 mt76: mt7915: simplify aggregation session check
21f7734cbb49 mt76: mt7915: add missing flags in WMM parameter settings
21182f90d947 mt76: mt7915: add Tx A-MSDU offloading support
27670514328f mt76: mt7615: use v1 MCU API on MT7615 to fix issues with adding/removing stations

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-12 12:31:00 +02:00
Michael Yartys
91aab77bf1 ath10k-ct-firmware: update firmware images
Not a large change from last time, but should fix at least one rare wave-2
crash. The htt-mgt-community builds are trimmed for supporting lots of
stations (typically 150+ stations per radio).

Tested on Netgear R7800.

Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-08-12 11:50:48 +02:00
Adrian Schmutzler
7de3daa997 treewide: bump PKG_RELEASE after replacing which
Bump PKG_RELEASE for the affected packages as replacing "which" by
"command -v" represents a content change.

Fixes: 1fdf6b745c ("treewide: replace `which` with `command -v`")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:17:22 +02:00
Paul Spooren
1fdf6b745c treewide: replace which with command -v
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.

Using `command -v` is POSIX compliant while `which` is not.  Also to
mention, `command -v` is a shell builtin whereas `which` is a separate
busybox applet.

Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.

Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Paul Spooren <mail@aparcar.org>
[also replace cases in zram-swap]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:08:05 +02:00
Magnus Kroken
4165232c45 busybox: delete redundant patch
This problem has been fixed in upstream commit
6b6a3d9339f1c08efaa18a7fb7357e20b48bdc95. This patch now (harmlessly)
adds the same definition a second time.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:08:05 +02:00
David Woodhouse
0002d177e4 uboot-mediatek: resync patches with upstream
Now that my patches have been merged into upstream U-Boot, resync the
cosmetic changes and the commit IDs from the final commits.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-08-12 11:08:05 +02:00
Rosen Penev
b59a98b009 libjson-c: fix pkgconfig file
The pkgconfig file references the host directories, not the openwrt
ones. Used SED to fix as is done elsewhere. Removed CMAKE_INSTALL as a
result.

Removed now pointless CFLAGS.

Added PKG_BUILD_PARALLEL for faster compilation.

Various rearrangements for consistency between packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-11 21:29:44 +02:00
Hans Dedecker
5e512cc9c1 ppp: update to latest git HEAD
677aa53 Fix -W option for pppoe-discovery utility (#157)
115c419 Accept Malformed Windows Success Message (#156)
5bdb148 pppd: Add documentation of stop-bits option to pppd man page (#154)
2a7981f Add ipv6cp-accept-remote option
0678d3b pppd: Fix the default value for ipv6cp-accept-local to false

Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-11 21:27:07 +02:00
Hauke Mehrtens
0a864f20fb bintuils: Pack libctf-nobfd.so in addition
readelf is linked against this library on MIPS64BE
This fixes a build problem on MIPS64BE.

In addition also explicitly activate it in the configure command.

Fixes: 60f595daab ("binutils: update to version 2.34")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-10 23:02:37 +02:00
Hauke Mehrtens
fce0f1501b mac80211: Update to version 5.8
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-10 19:34:37 +02:00
Christoph Krapp
d32010d5ff uboot-envtools: ath79: add ZyXEL NBG6616 uboot env support
This adds support for ZyXEL NBG6616 uboot-env access

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
2020-08-10 18:37:47 +02:00
Adrian Schmutzler
d4ac0ad543 treewide: make dependency on kmod-usb-net selective
A bunch of kernel modules depends on kmod-usb-net, but does not
select it. Make AddDepends/usb-net selective, so we can drop
some redundant +kmod-usb-net definitions for DEVICE_PACKAGES.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-10 12:54:30 +02:00
Thomas Petazzoni
12178be465 procd: add SELinux support
This commit adds a patch to procd to support loading the SELinux
policy early at boot time, and adjusts the procd package to use this
SELinux support when libselinux is enabled.

The procd patch has been submitted separately [1]: obviously the
intent is to have it merged in the procd Git repository rather than
have it in OpenWrt itself.

[1] http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025791.html

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[split commit into openwrt.git and procd.git]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-10 09:54:50 +01:00
Daniel Golle
cfe235c436 kernel: modules: add package kmod-iosched-bfq
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-10 09:52:31 +01:00
Christoph Krapp
eb95ca3b5c uboot-envtools: ar71xx: add ZyXEL NBG6616 uboot env support
This adds support for ZyXEL NBG6616 uboot-env access

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
[add "ar71xx" to commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-09 23:57:17 +02:00
Felix Fietkau
eff8c76aa0 mac80211: fix spurious disconnect issues with disassoc_low_ack=1 (default)
mac80211 reports a packet loss event to user space when 50 consecutive packets
were not acked. On a high throughput link with long aggregates and sudden
link changes, this can trigger way too easily.
Mitigate false positives by only triggering the event on a packet loss if
no ACK was received for at least a second

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-09 14:01:49 +02:00
David Bauer
1bfba18a36 mac80211: exchange mesh 6GHz IE patch for upstream accepted
Exchange the patch fixing the kernel ringbuffer WARNING flood for the
one accepted upstream.

Fixes commit a956c14d6a ("mac80211: util: don't warn on missing sband
iftype data")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-08-08 10:31:57 +02:00
Jo-Philipp Wich
bc1c9fdc20 hostapd: recognize option "key" as alias for "auth_secret"
The hostapd configuration logic is supposed to accept "option key" as
legacy alias for "option auth_secret". This particular fallback option
failed to work though because "key" was not a registered configuration
variable.

Fix this issue by registering the "key" option as well, similar to the
existing "server" nad "port" options.

Ref: https://github.com/openwrt/openwrt/pull/3282
Suggested-by: Michael Jones <mike@meshplusplus.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-07 21:19:29 +02:00
Jo-Philipp Wich
321503dbf3 hostapd: make "key" option optional if "wpa_psk_file" is provided
If an existing "wpa_psk_file" is passed to hostapd, the "key" option may
be omitted.

While we're at it, also improve the passphrase length checking to ensure
that it is either exactly 64 bytes or 8 to 63 bytes.

Fixes: FS#2689
Ref: https://github.com/openwrt/openwrt/pull/3283
Suggested-by: Michael Jones <mike@meshplusplus.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-07 21:04:02 +02:00
David Bauer
a4e72013e7 exfat: add dependency on nls-base
Add a dependency on kmod-nls-base for the new exfat driver. Otherwise
the build fails on ramips and ath79 on kernel 5.4:

Package kmod-fs-exfat is missing dependencies for the following libraries:
nls_base.ko

Fixes commit cd41234d2f ("exfat: add out of tree module")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-08-07 16:51:58 +02:00
Adrian Schmutzler
1d5b08ca51 om-watchdog: fix board name for teltonika,rut5xx
The board name is equivalent to the compatible, not the device
definition. Fix it.

Fixes: b4588c8538 ("kernel/om-watchdog: Apply device renames from ramips")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-07 16:30:55 +02:00
Hans Dedecker
f74edb3e95 nat46: update to latest git HEAD
71e9f09 nat46-core: fix compilation with kernel 5.4

Remove 100-kernel-5.4-compat patch as upstream accepted

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-07 13:40:26 +02:00
Petr Štetiar
c487cf8e94 hostapd: add wpad-basic-wolfssl variant
Add package which provides size optimized wpad with support for just
WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
[adapt to recent changes, add dependency for WPA_WOLFSSL config]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-07 12:02:19 +02:00