Commit Graph

45298 Commits

Author SHA1 Message Date
Adrian Schmutzler
da0de5e007 ramips: fix LED labels not updated during device name changes
In commit d93969a13a ("ramips: Improve compatible for TP-Link
Archer devices") and subsequent ones, names of several devices
in ramips have been changed.
Since LED names are frequently invoked by $boardname, this has
broken LED setup in 01_leds, as $boardname and prefix in DTS
do not match anymore.

This patch updates device name prefixes for LEDs in DTS files,
and provides a migration script.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-10 00:32:28 +02:00
Ozgur Can Leonard
d7c082ba4f ramips: add kmod-mt7615e to Xiaomi Mi Router 3 Pro images
Now that the mt76/mt7615e driver is in Openwrt, might as well use it.

Signed-off-by: Ozgur Can Leonard <ozgurcan@gmail.com>
2019-08-10 00:32:28 +02:00
Hans Dedecker
63ced14048 dnsmasq: use nettle ecc_curve access functions
Fixes compile issues with nettle 3.5.1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-09 21:40:13 +02:00
Daniel Engberg
9e489b41b5 nettle: Update to 3.5.1
Update (lib)nettle to 3.5.1
Bump ABI_VERSION

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-08-09 21:40:13 +02:00
Adrian Schmutzler
296affa359 ath79: add missing IMAGE_SIZE for Comfast WR650AC v1/v2
When adding support in 9ed272fe95 ("ath79: add support for
Comfast WR650AC v1/v2"), IMAGE_SIZE has not been added to device
definition.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-09 21:37:20 +02:00
Koen Vandeputte
2a08bf3656 ar71xx: ag71xx: init rings with GFP_KERNEL
ar71xx got lost during final rebase ..

Fixes: b417a0c48d ("ar71xx/ath79: ag71xx: init rings with GFP_KERNEL")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-09 18:51:07 +02:00
Koen Vandeputte
b417a0c48d ar71xx/ath79: ag71xx: init rings with GFP_KERNEL
Upstream commit	246902bdf562d45ea3475fac64c93048a7a39f01

Which contains following explanation:

--
There is no need to use GFP_ATOMIC here, GFP_KERNEL should be enough.
The 'kcalloc()' just a few lines above, already uses GFP_KERNEL.
--

Looking at the code, all other descriptors also use plain GFP_KERNEL

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-09 18:30:46 +02:00
Koen Vandeputte
6ced31c320 ar71xx/ath79: ag71xx: fix sleep in atomic
When enabling atomic-sleep-debugging options in the kernel,
following splat is seen when disabling the interface (which happens on boot):

[   10.892878] eth0: link down
[   10.896788] BUG: sleeping function called from invalid context at net/core/dev.c:5563
[   10.904730] in_atomic(): 1, irqs_disabled(): 1, pid: 425, name: ip
[   10.911004] 2 locks held by ip/425:
[   10.914539]  #0:  (rtnl_mutex){....}, at: [<80377474>] rtnetlink_rcv_msg+0x2d8/0x380
[   10.922441]  #1:  (&(&ag->lock)->rlock){....}, at: [<80330158>] ag71xx_hw_disable+0x24/0x94
[   10.930976] CPU: 0 PID: 425 Comm: ip Not tainted 4.14.136 #0
[   10.936716] Stack : 805e0000 80589228 80557404 876998ec 80610000 80610000 87cdcafc 805b5327
[   10.945233]         80551534 000001a9 8061386c 87699ccc 87cfb180 00000001 876998a0 84f70903
[   10.953751]         00000000 00000000 80b00000 8769979c 6a7407fa 00000000 00000007 00000000
[   10.962270]         000000b7 16d0954a 000000b6 00000000 80000000 87cb658c 87cb65b0 00000001
[   10.970787]         8046f97c 87699ccc 87cfb180 87ff2810 00000003 802ce724 0806e098 80610000
[   10.979306]         ...
[   10.981797] Call Trace:
[   10.984287] [<8006cb0c>] show_stack+0x58/0x100
[   10.988814] [<800aab34>] ___might_sleep+0x100/0x120
[   10.993774] [<8035c434>] napi_disable+0x30/0xd8
[   10.998377] [<80330198>] ag71xx_hw_disable+0x64/0x94
[   11.003418] [<8033069c>] ag71xx_stop+0x24/0x38
[   11.007959] [<80359e30>] __dev_close_many+0xcc/0x104
[   11.013009] [<80362eac>] __dev_change_flags+0xc8/0x1ac
[   11.018227] [<80362fb8>] dev_change_flags+0x28/0x70
[   11.023182] [<80376890>] do_setlink+0x31c/0x91c
[   11.027786] [<80379360>] rtnl_newlink+0x3ec/0x7f8
[   11.032563] [<80377498>] rtnetlink_rcv_msg+0x2fc/0x380
[   11.037799] [<8039a734>] netlink_rcv_skb+0xd4/0x178
[   11.042754] [<80399d10>] netlink_unicast+0x168/0x250
[   11.047796] [<8039a2d4>] netlink_sendmsg+0x3d8/0x434
[   11.052841] [<8033f0e4>] ___sys_sendmsg+0x1dc/0x290
[   11.057794] [<80340140>] __sys_sendmsg+0x54/0x84
[   11.062495] [<8007212c>] syscall_common+0x34/0x58

This is caused by calling napi_disable() while holding the spinlock.

Fix it by omitting the spinlock, which is not required here
Extensively tested on GL-MiFi, RB-912 and RB-922 hardware

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-09 18:30:41 +02:00
Koen Vandeputte
697658e220 kernel: bump 4.19 to 4.19.65
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-09 18:30:33 +02:00
Koen Vandeputte
f5acf56483 kernel: bump 4.14 to 4.14.137
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-09 18:30:29 +02:00
Koen Vandeputte
6e4d590990 kernel: bump 4.9 to 4.9.188
Refreshed all patches.

Compile-tested on: none
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-09 18:30:26 +02:00
David Bauer
cad1b474d9 ath79: fix identation errors in 01_leds
Fix the identation of 01_leds to keep the style of the file consistent.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-08-09 17:30:35 +02:00
Adrian Schmutzler
c2716758c5 ath79: add missing IMAGE_SIZE for Comfast E314N-v2
When adding support in abbbecaa73 ("ath79: add support for
Comfast E314N-v2"), IMAGE_SIZE has not been added to device
definition.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-09 17:10:46 +02:00
Adrian Schmutzler
2758dd332c ath79: fix whitespace errors from adding D-Link DIR-842 C3
We completely overlooked whitespace errors when reviewing
796ad2f7ef ("ath79: add support for D-Link DIR-842 C3").

Fix them and and also fix Makefile indent for C1/C2.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-09 17:08:46 +02:00
Joan Moreau
9ed272fe95 ath79: add support for Comfast WR650AC v1/v2
This is a dual band 11a/11n router with 1x wan and 4x gig lan ports.

There are two versions of this router which can be identified through
the factory web interface, v1 has 128mb ram and a uboot size of 128k,
v2 has 256mb ram and a uboot size of 256k, the remaining hardware and
PCB markings are the same.

Short specification:

    SoC: Qualcomm Atheros QCA9558 - 720 MHz
    Switch: Atheros AR8327
    Second radio : Qualcomm Atheros QCA9880 802.11ac
    4 LAN/1 WAN 1000Mps Ethernet
    256 MB of RAM (DDR2)
    16 MB of FLASH
    3x2.4 GHz, 3x5GHz antennas

Steps to install :

Option A : Use vendor UI

Option B (if A is not working) :
(a) Download 'backup' from vendor UI and rename it backup.tar.gz
(b) Open the archive, and update the root password in /etc/shadow by
    '$1$9wX3HGfB$X5Sb3kqzzBLdKRUR2kfFd0'
(c) 'Restore' from the archive using the vendor UI. Root password is now
    'aaa'
(d) Scp the firwmware to the device:
    $ scp <openwrt-sysupgrade>.bin root@192.168.1.1:/
(d) ssh to the device and flash the firmware:
    $ cd /
    $ mtd -e firmware -r write <openwrt-sysupgrade>.bin firmware

Signed-off-by: Gareth Parker <gareth41@orcon.net.nz>
Signed-off-by: Ding Tengfei <dtf@comfast.cn>
Signed-off-by: Joan Moreau <jom@grosjo.net>
[reformatted commit message]
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-08-09 17:07:07 +02:00
Álvaro Fernández Rojas
d8c62c4029 brcm2708: bcm2711: remove unneeded boot file
bootcode.bin isn't needed for RPi 4B since it's stored on a SPI-attached EEPROM.
More info: https://www.raspberrypi.org/documentation/hardware/raspberrypi/booteeprom.md

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-08-09 10:21:17 +02:00
Joan Moreau
abbbecaa73 ath79: add support for Comfast E314N-v2
Taken code from https://patchwork.ozlabs.org/patch/884850/ that was never
pushed by the author, and adapted to ath79.

The Comfast E314N-V2 is a 2.4 GHz 2x2 radio with a built-in directional
antenna and a second Ethernet port - very similar to the Ubiquiti
NanoStation M2. The Ethernet port features a pass-through PoE capability,
enabled or disabled with a slide switch.

Specifications :
- System-On-Chip: Qualcomm/Atheros QCA9531
- CPU/Speed: 650 MHz
- Flash size: 8 MiB
- RAM: 64 MiB
- 2 Ethernet 1Gbp
- 1 reset button
- 1 switch to choose PoE from LAN or Wan. 48Vdc
- Wifi 2.4 Ghz (b/g/n)
- UART inside the box (3.3V, pins marked on the PCB)

Firmware can be flashed on these units by the following method:
1.) Apply power to the unit
2.) Immediately AFTER applying power, hold down the reset button
3.) The WAN, LAN, and wireless lights will flash - wait three seconds
    (three flashes) and then release the button.
4.) After a second, the lights will flutter quickly and the unit will be
    visible at 192.168.1.1. A web page will be available to enable quick
    and simple uploading and flashing of firmware.

During the boot process, these units also look for a tftp server at
192.168.1.10. If one is present, the firmware can be uploaded as a file
called firmware-auto.bin

Signed-off-by: Joan Moreau <jom@grosjo.net>
[wrapped commit message - fix commit title capitalization]
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-08-09 07:49:21 +02:00
Vincent Wiemann
ccb4b96b8a comgt-ncm: add driver dependencies again
In the commit 623716dd43 ("comgt-ncm: Fix NCM protocol")
the dependencies to vendor NCM drivers were removed, because:

> comgt-ncm should not depend on the USB-serial-related kernel modules,
> as the cdc-wdm control device works without them. There is also no need
> to depend on kmod-huawei-cdc-ncm, since other manufacturers (like
> Ericsson and Samsung) which use other kernel modules should also be
> supported.

From a user-perspective this does not make sense, as installing comgt-ncm
(or luci-proto-ncm) should install all needed dependencies for using such
a device.

Furthermore depending on kmod-huawei-cdc-ncm does not mean that Ericsson
and Samsung devices can't be supported. By the way it seems that Ericsson
and Samsung devices never used NCM, but act as serial modems.

Thus this commit adds the dependencies again.

Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com>
[fixed title capitalization, formatted commit message,
renamed Sony-Ericsson to Ericsson]
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-08-08 21:33:34 +02:00
DENG Qingfang
d3e832d6fd ramips: add support for HiWiFi HC5761A
HiWiFi HC5761A is an "MT7628AN variant" of HC5761

Specifications:
- MediaTek MT7628AN 580MHz
- 128 MB DDR2 RAM
- 16 MB SPI Flash
- 2.4G MT7628AN 802.11bgn 2T2R 300Mbps
- 5G MT7610EN 802.11ac 433Mbps
- 3x 10/100 Mbps Ethernet

Flash instruction:
1. Get SSH access to the router
2. SSH to router with `ssh -p 1022 root@192.168.199.1`, The SSH password is the same as the webconfig one
3. Upload OpenWrt sysupgrade firmware into the router's `/tmp` folder with SCP
4. Run `mtd write /tmp/<filename> firmware`
5. reboot

Known bug:
- SD slot does not work (See PR 1500)

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-08-08 21:02:03 +08:00
DENG Qingfang
9852859e77 ramips: improve support for HiWiFi HC5661A and HC5861B
HC5661A:
- Fix pinctrl
- Fix image size (15808k)
- Use switch trigger for WAN LED

Both:
- Use tpt LED trigger for wireless
- Explicitly disable USB nodes

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-08-08 21:02:03 +08:00
DENG Qingfang
521fcd0e8b ramips: add HC5X61A.dtsi for HiWiFi MT7628AN boards
HiWiFi has several MT7628AN routers which have similar specs
Add HC5X61A.dtsi to include them, like HC5X61.dtsi (for MT7620A)

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-08-08 21:02:03 +08:00
Chuanhong Guo
4d5dae2741 ath79: add support for PISEN WMB001N
Specifications:
- SoC: AR9341
- RAM: 64M
- Flash: 16M
- Ethernet: 1 * FE port
- WiFi: ar934x-wmac
- Sound: WM8918 DAC
         1 * 3.5mm headphone jack
         2 * RCA connectors for speakers
         1 * SPDIF out
- USB: 1 * USB2.0 port

Flash instruction:
 Upload generated factory image via vendor's web interface.

Notes:
A. Audio stuff:
 1. Since AR934x, all pins for peripheral blocks can be mapped to
    any available GPIOs. We currently don't have a PCM/I2S driver
    for AR934x so pinmux for i2s and SPDIF are bound to i2c gpio
    node. This should be moved into I2S node when a PCM/I2S driver
    is available.
 2. The i2c-gpio node is for WM8918. DT binding for it can't be added
    currently due to a missing clock from I2S PLL.

B. Factory image:
 Image contains a image header and a tar.gz archive.
 1. Header: A 288 byte header that has nothing to do with appended
    tarball. Format:
     0x0-0x7 and 0x18-0x1F: magic values
     0x20: Model number string
     0xFC: Action string. It's either "update" or "backup"
     0x11C: A 1 byte checksum. It's XOR result of 0x8-0x11B
    Firmware doesn't care about the rest of the header as long as
    checksum result is correct.
    The same header is used for backup and update routines so the
    magic values and model number can be obtained by generating a
    backup bin and grab values from it.
 2. Tarball: It contains two files named uImage and rootfs, which
    will be flashed into corresponding mtd partition.
 Writing a special utility that can only output a fixed binary
 blob is overkill so factory image header is placed under
 image/bin instead.

C. LED
 The wifi led has "Wi-Fi" marked on the case but vendor's firmware
 used it as system status indicator. I did the same in this device
 support patch.

D. Firmware
 Factory u-boot is built without 'savenv' support so it's impossible
 to change kernel offset. A 2MB kernel partition won't be enough in
 the future. OKLI loader is used here to migrate this problem:
  1. add OKLI image magic support into uImage parser.
  2. build an OKLI loader, compress it with lzma and add a normal
     uImage header.
  3. flash the loader to where the original kernel supposed to be.
  4. create a uImage firmware using OKLI loader.
  5. flash the created firmware to where rootfs supposed to be.
 By doing so, u-boot will start OKLI loader, which will then load
 the actual kernel at 0x20000.

 The kernel partition is 2MB, which is too much for our loader.
 To save this space, "mtd-concat" is used here:
  1. create a 64K (1 erase block) partition for OKLI loader and
     create another partition with the left space.
  2. concatenate rootfs and this partition into a virtual flash.
  3. use the virtual flash for firmware partition.

 Currently OKLI loader is flashed with factory image only.
 sysupgrade won't replace it. Since it only has one function
 and it works for several years, its unlikely to have some bugs
 that requires a replacement.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-08-08 21:00:59 +08:00
Chuanhong Guo
1d6368ee73 kernel: mtdsplit_uimage: add support for okli image
This adds support for uImage used by OpenWrt kernel loader.
The parser searches for uImage header at flash eraseblock boundary
and it might attempt to split any firmware with loader, therefore
this entry doesn't have MTD_PARSER_TYPE_FIRMWARE so that this parser
is only used when explicitly defined in dts.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-08-08 21:00:59 +08:00
Chuanhong Guo
11182349e1 gpio-button-hotplug: add volume button handling
This is used by PISEN WMB001N.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-08-08 21:00:59 +08:00
Perry Melange
796ad2f7ef ath79: add support for D-Link DIR-842 C3
Hardware spec of DIR-842 C3:
SoC: QCA9563
DRAM: 128MB DDR2
Flash: 16MB SPI-NOR
Switch: QCA8337N
WiFi 5.8GHz: QCA9888
WiFi 2.4Ghz: QCA9563
USB: circuit onboard, but components are not soldered

Flash instructions:

1. Upgrade the factory.bin through the factory web interface or
   the u-boot failsafe interface.
   The firmware will boot up correctly for the first time.
   Do not power off the device after OpenWrt has booted.
   Otherwise the u-boot will enter failsafe mode as the checksum
   of the firmware has been changed.
2. Upgrade the sysupgrade.bin in OpenWrt.
   After upgrading completes the u-boot won't complain about the
   firmware checksum and it's OK to use now.
3. If you powered off the device before upgrading the sysupgrade.bin,
   just upgrade the factory.bin through the u-boot failsafe interface
   and then goto step 2.

Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
2019-08-07 21:17:40 +02:00
Adrian Schmutzler
d7b4b5ec24 ath79: fix vendor capitalization of TP-Link
According to detective grep, with this patch all devices should
be labelled "TP-Link" consistently.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-07 18:04:03 +02:00
Adrian Schmutzler
854ab1b045 ath79: add support for TP-Link CPE220 v2
This seems to be identical to CPE210 v1 despite having removable
antennas.

Specifications:

    * SoC: Qualcomm Atheros AR9344 (560 MHz)
    * RAM: 64MB
    * Storage: 8 MB
    * Wireless: 2.4GHz N based built into SoC 2x2
    * Ethernet: 2x 100/10 Mbps, integrated into SoC, 24V POE IN

Installation:

Flash factory image through stock firmware WEB UI
or through TFTP:
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP address:192.168.0.254

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-07 18:04:03 +02:00
Adrian Schmutzler
0104eed1e5 ath79: add support for TP-Link CPE510 v1
TP-Link CPE510-v1 is an outdoor wireless CPE for 5 GHz with
two Ethernet ports based on Atheros AR9334

Specifications:
 - 560/450/225 MHz (CPU/DDR/AHB)
 - 2x 10/100 Mbps Ethernet, 1x PoE-in, 1x PoE-out
 - 64 MB of DDR2 RAM
 - 8 MB of SPI-NOR Flash
 - 2T2R 5 GHz
 - 13 dBi built-in antenna
 - Power, LAN0, LAN1 green LEDs
 - 4x green RSSI LEDs

Flash factory image through stock firmware WEB UI
or through TFTP:
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP address:192.168.0.254

Based on the work of Paul Wassi <p.wassi@gmx.at>

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-07 18:04:03 +02:00
Adrian Schmutzler
08857e69be ath79: add support for TP-Link CPE210 v1
Specifications:

    * SoC: Qualcomm Atheros AR9344 (560 MHz)
    * RAM: 64MB
    * Storage: 8 MB
    * Wireless: 2.4GHz N based built into SoC 2x2
    * Ethernet: 2x 100/10 Mbps, integrated into SoC, 24V POE IN

Installation:

Flash factory image through stock firmware WEB UI
or through TFTP:
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP address:192.168.0.254

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-07 18:04:03 +02:00
Adrian Schmutzler
198eae2862 ath79: create common definition tplink-loader-okli
The loader-okli is shared by several TP-Link CPExxx devices, so
give it its own definition to prevent too much code duplication.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-07 18:04:03 +02:00
Adrian Schmutzler
9ba83c450c ath79: provide common DTSI for CPE510 v2/v3 and CPE610
This puts some common code into a new shared DTSI. Common nodes
are chosen so that the new DTSI can be used for CPE210 v1, too.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-07 18:04:03 +02:00
Adrian Schmutzler
8d83a4f545 tplink-safeloader: increase kernel partition for CPE/WBSx10v1
This is a preparation for ath79 support of the CPE210/CPE510 v1.
Kernel size is chosen equal to the latest update for CPE610 v1.

This also updates the partition size in ar71xx target, so code
remains consistent if someone looks up the device. Since CPE210,
CPE510, WBS210 and WBS510 (all v1) share the same partition
layout definition, and are on deprecated target anyway, this
changes them all at once.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-07 18:04:03 +02:00
Hans Dedecker
d9364c1cbc procd: update to latest git HEAD (FS#2425)
8323690 state: fix shutdown when running in a container (FS#2425)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-07 13:56:53 +02:00
Hans Dedecker
d70a35c365 netifd: update to latest git HEAD
5e02f94 system-linux: fix resource leak

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-07 13:55:52 +02:00
Jo-Philipp Wich
e1f588e446 packages: apply usign padding workarounds to package indexes if needed
Since usign miscalculates SHA-512 digests for input sizes of exactly
64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some
white space padding to avoid triggering the hashing edge case.

While usign itself has been fixed already, there is still many firmwares
in the wild which use broken usign versions to verify current package
indexes so we'll need to carry this workaround in the forseeable future.

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Ref: https://git.openwrt.org/5a52b379902471cef495687547c7b568142f66d2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-07 07:15:07 +02:00
Jo-Philipp Wich
f565f276e2 config: introduce separate CONFIG_SIGNATURE_CHECK option
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.

This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.

Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.

As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-06 21:22:27 +02:00
Jo-Philipp Wich
991dd5a893 usign: update to latest Git HEAD
This update fixes usign signature verification on files with certain
file sizes triggering a bug in the shipped SHA-512 implementation.

5a52b37 sha512: fix bad hardcoded constant in sha512_final()
3e6648b README: replace unicode character
716c3f2 README: add reference to OpenBSD signify
86d3668 README: provide reference for ed25519 algorithm
939ec35 usign: main.c: describe necessary arguments for -G

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-06 20:57:37 +02:00
Rafał Miłecki
c4492dd70e kernel: drop Fon(Foxconn) parser matching for the "firmware" partition
This parser's matching function appears to be too generic as it matches
e.g. Buffalo WZR-HP-G300NH. That results in incorrect parts parsing.

Luckily this parser is needed by Fon FON2601 only which uses DT-based
ramips target. It means we can depend on mtd subsystem matching of
"fonfxc,uimage" string.

That said triggering this parser based on the "firmware" (or whatever
MTD_SPLIT_FIRMWARE_NAME is) partiiton name is not needed. It can be
dropped which will automatically fix the Buffalo WZR-HP-G300NH case.

Fixes: a1c6a316d2 ("ramips: add support for Fon FON2601")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-06 14:27:10 +02:00
Daniel Engberg
7270fdb62f expat: Update to 2.2.7
Update (lib)expat to 2.2.7

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-08-06 14:03:09 +02:00
Koen Vandeputte
42d9bccadb kernel: bump 4.19 to 4.19.64
Refreshed all patches.

Remove upstreamed:
- 100-powerpc-4xx-uic-clear-pending-interrupt-after-irq-ty.patch
- 950-0309-usb-dwc2-Disable-all-EP-s-on-disconnect.patch
- 950-0310-usb-dwc2-Fix-disable-all-EP-s-on-disconnect.patch

Fixes:
- CVE-2019-13648
- CVE-2019-3900
- CVE-2019-10207

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-06 11:52:47 +02:00
Koen Vandeputte
96f1d4b02b kernel: bump 4.14 to 4.14.136
Refreshed all patches.

Altered patches:
- 306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch

Remove upstreamed:
- 100-powerpc-4xx-uic-clear-pending-interrupt-after-irq-ty.patch
- 088-0002-i2c-qup-fixed-releasing-dma-without-flush-operation.patch
- 500-arm64-dts-marvell-Fix-A37xx-UART0-register-size.patch

Fixes:
- CVE-2019-13648
- CVE-2019-10207

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-06 11:52:47 +02:00
Koen Vandeputte
a4d366005d kernel: bump 4.9 to 4.9.187
Refreshed all patches.

Altered patches:
- 021-bridge-multicast-to-unicast.patch

Compile-tested on: none
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-06 11:52:47 +02:00
John Crispin
274895a8d7 mediatek: add new dts files for mt7622 to v4.14
Signed-off-by: John Crispin <john@phrozen.org>
2019-08-06 07:05:56 +02:00
Rafał Miłecki
4b755ce06a Revert "kernel: generic: fix fonfxc uimage parser"
This reverts commit e92a14709d.

mtdsplit_uimage_parse_fonfxc() gets called in two situations:
1) It was /requested/ from DT using "fonfxc,uimage" compatible string
2) It was called by parsing code after finding "firmware"
   (MTD_SPLIT_FIRMWARE_NAME) due to the parser's type

Code added in the /fix/ commit basically just disabled the second case.
If that's the real goal it could be achieved by simply dropping type
MTD_PARSER_TYPE_FIRMWARE. It may however require another solution as
it's possible that some non-DT target actually needs fonfxc uImage
parsing.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-06 06:41:52 +02:00
John Crispin
19cfbb1b34 mediatek: update the mt7531 switch driver
Signed-off-by: John Crispin <john@phrozen.org>
2019-08-06 06:20:14 +02:00
Petr Štetiar
79596f782e adb: fix build breakage on recent musl
Fix build breakage as upstream has removed implicit include of
sys/sysmacros.h from sys/types.h:

 remove implicit include of sys/sysmacros.h from sys/types.h

 this reverts commit f552c792c7ce5a560f214e1104d93ee5b0833967, which
 exposed the sysmacros.h macros (device major/minor calculations) for
 BSD and GNU profiles to mimic an unintentional glibc behavior some
 code depended on. glibc has deprecated and since removed them as the
 resolution to bug #19239, so it makes no sense for us to keep this
 behavior. affected code should all have been fixed by now, and if it's
 not yet fixed it needs to be for use with modern glibc anyway.

Ref: https://git.musl-libc.org/cgit/musl/commit/include/sys/types.h?id=a31a30a0076c284133c0f4dfa32b8b37883ac930
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-08-06 00:09:48 +02:00
Rosen Penev
1b1c47577b linux-atm: Add missing headers
This fixes compilation with -Werror=implicit-function-declaration.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-05 23:22:26 +02:00
Rosen Penev
aa4f68ac91 toolchain: Remove powerpc64 libc restriction
Starting with version 1.1.15, musl supports powerpc64.

There are no known users of powerpc64 yet.

This is effectively a revert of 0de93311e1

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-05 23:22:26 +02:00
Tomasz Maciej Nowak
427ff0cd26 mvebu: remove support for deprecated DSA bindings
These legacy bindings were removed long time ago from dts, so there's no
need to keep support for them.

Spotted-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-08-05 23:22:26 +02:00
Hauke Mehrtens
b20156ba70 toolchain: fix gcc depends on kernel headers
GCC needs the kernel headers to compile.
Some GCC file includes asm/unistd.h which is provided by the kernel headers.
Normally the kernel headers build is very fast and ready before the gcc uses
it, but if it clones the kernel from a slow git repository it takes longer
and then it could be that the gcc already wants to use the kernel headers
before they are available. This patch fixes this problem by adding the
missing dependency.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-08-05 23:22:26 +02:00