Commit Graph

49002 Commits

Author SHA1 Message Date
David Bauer
7f676b5ed6 firewall: bump to latest HEAD
8c2f9fa fw3: zones: limit zone names to 11 bytes
78d52a2 options: fix parsing of boolean attributes

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-05 15:43:16 +02:00
Felix Fietkau
7716a43092 build: fix extreme build system slowdown caused by SOURCE_DATE_EPOCH changes
Adding inline shell invocations in per-target variables causes them to be
executed over and over again, which causes a significant slowdown.
Fix this by evaluating it only once per package directory

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-05 11:26:57 +02:00
Felix Fietkau
920d975cab mediatek: enable coherent DMA for ethernet and PCI
Improves performance by eliminating the need for extra cache flushes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-04 19:42:35 +02:00
Felix Fietkau
44fe9e6f84 mediatek: fix an irq handling issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-04 19:42:35 +02:00
Felix Fietkau
7081b1704e mediatek/ramips: add patch to avoid unnecessary rearming of interrupts
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-04 19:42:35 +02:00
Felix Fietkau
1fe914d9b4 mediatek: disable packet steering by default
mt76 now spreads the load over multiple CPUs more smoothly, processing
ethernet packets should be faster running on one core

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-04 19:42:35 +02:00
Felix Fietkau
acf1733496 mac80211: add preliminary support for enabling 802.11ax in config
No advanced features are configurable yet, just basic enabling of HE modes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-04 15:49:35 +02:00
Felix Fietkau
a38b6efbc1 mediatek: enable kernel PCIe ASPM support, refresh kernel config
Improves performance on PCIe devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-04 12:42:46 +02:00
Daniel Golle
c2c701e058 libselinux: package executables into -utils
Add new package libselinux-utils containing the executable
utilities included with libselinux.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-04 02:50:20 +01:00
Yangbo Lu
ad0f0df909 layerscape: fix linux headers install issue
The linux upstream commit had treated config leak as error.
5967577 scripts: headers_install: Exit with error on config leak

It is causing below build issue. Provide a kernel patch to fix
it by replacing CONFIG_COMPAT kernel option with FM_COMPAT instead.

  HDRINST usr/include/linux/fmd/integrations/integration_ioctls.h
  HDRINST usr/include/linux/fmd/Peripherals/fm_port_ioctls.h
error: include/uapi/linux/fmd/Peripherals/fm_port_ioctls.h: leak
CONFIG_COMPAT to user-space
scripts/Makefile.headersinst:63: recipe for target
'usr/include/linux/fmd/Peripherals/fm_port_ioctls.h' failed
make[5]: *** [usr/include/linux/fmd/Peripherals/fm_port_ioctls.h] Error 1
Makefile:1198: recipe for target 'headers' failed
make[4]: *** [headers] Error 2

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-09-03 14:34:33 +01:00
Paul Spooren
f922a3e00e config: add KERNEL_LSM symbol
The LSM (Linux security mechanism) list is the successor of the now
legacy *major LSM*. Instead of defining a single security mechanism the
LSM symbol is a comma separated list of mechanisms to load.

Until recently OpenWrt would only support DAC (Unix discretionary access
controls) which don't require an additional entry in the LSM list. With
the newly introduced SELinux support the LSM needs to be extended else
only a manual modified Kernel cmdline (`security=selinux`) would
activate SELinux.

As the default OpenWrt Kernel config sets DAC as default security
mechanism, SELinux is stripped from the LSM list, even if
`KERNEL_DEFAULT_SECURITY_SELINUX` is activated. To allow SELinux without
a modified cmdline this commit sets a specific LSM list if
`KERNEL_SECURITY_SELINUX` is enabled.

The upstream Kconfig adds even more mechanisms
(smack,selinux,tomoyo,apparmor), but until they're ported to OpenWrt,
these can be ignored.

To compile SELinux Kernel support but disable it from loading, the
already present options `KERNEL_SECURITY_SELINUX_DISABLE` or
`KERNEL_SECURITY_SELINUX_BOOTPARAM` (with custom cmdline `selinux=0`)
can be used. Further it's possible to edit `/etc/selinux/config`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-03 14:14:33 +01:00
Russell Morris
45a81f7056 ramips: add support for HooToo HT-TM05
The HooToo HT-TM05 is a battery powered router, with an Ethernet and USB port.
Vendor U-Boot limited to 1.5 MB kernel size, so use lzma loader (loader-okli).

Specifications:

  SOC:     MediaTek MT7620N
  BATTERY: 10400mAh
  WLAN:    802.11bgn
  LAN:     1x 10/100 Mbps Ethernet
  USB:     1x USB 2.0 (Type-A)
  RAM:     64 MB
  FLASH:   GigaDevice GD25Q64, Serial 8 MB Flash, clocked at 50 MHz
           Flash itself specified to 80 MHz, but speed limited by mt7620 SPI
           fast-read enabled (m25p)
  LED:     Status LED (blue after boot, green with WiFi traffic
           4 leds to indicate power level of the battery (unable to control)
  INPUT:   Power, reset button

MAC assignment based on vendor firmware:

  2.4 GHz    *:b4   (factory 0x04)
  LAN/label  *:b4   (factory 0x28)
  WAN        *:b5   (factory 0x2e)

Tested and working:

 - Ethernet
 - 2.4 GHz WiFi (Correct MAC-address)
 - Installation from TFTP (recovery)
 - OpenWRT sysupgrade (Preserving and non-preserving), through the usual
   ways: command line and LuCI
 - LEDs (except as noted above)
 - Button (reset)
 - I2C, which is needed for reading battery charge status and level
 - U-Boot environment / variables (from U-Boot, and OpenWrt)

Installation:

 - Download the needed OpenWrt install files, place them in the root
   of a clean TFTP server running on your computer. Rename the files as,
   - ramips-mt7620-hootoo_tm05-squashfs-kernel.bin => kernel
   - ramips-mt7620-hootoo_tm05-squashfs-rootfs.bin => rootfs
 - Plug the router into your computer via Ethernet
 - Set your computer to use 10.10.10.254 as its IP address
 - With your router shut down, hold down the power button until the first
   white LED lights up.
 - Push and hold the reset button and release the power button. Continue
   holding the reset button for 30 seconds or until it begins searching
   for files on your TFTP server, whichever comes first.
 - The router (10.10.10.128) will look for your computer at 10.10.10.254
   and install the two files. Once it has finished installation, it will
   automatically reboot and start up OpenWrt.
 - Set your computer to use DHCP for its IP address

Notes:

 - U-Boot environment can be modified, u-boot-env is preserved on initial
   install or sysupgrade
 - mtd-concat functionality is included, to leave a "hole" for u-boot-env,
   combining the OEM kernel and rootfs partitions

I would like to thank @mpratt14 and @xabolcs for their help getting the
lzma loader to work!

Signed-off-by: Russell Morris <rmorris@rkmorris.us>
[drop changes in image/Makefile, fix indent and PKG_RELEASE in
uboot-envtools, fix LOADER_FLASH_OFFS, minor commit message facelift,
add COMPILE to Device/Default]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-03 14:15:30 +02:00
Chuanhong Guo
b7013e9c4a ramips: image: add recipe for OKLI loader
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-09-03 14:15:30 +02:00
Chuanhong Guo
cac9e3e2cb ramips: lzma-loader: make FLASH_START configurable
FLASH_START is supposed to point at the memory area where NOR flash are
mapped. We currently have an incorrect FLASH_START copied from ar71xx
back then and the loader doesn't work under OKLI mode.
On ramips, mt7621 has it's flash mapped to 0x1fc00000 and other SoCs
uses 0x1c000000. This commit makes FLASH_START a configurable value to
handle both cases.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-09-03 14:15:30 +02:00
Rosen Penev
7a5e4f5f00 policycoreutils: add nls.mk
Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-09-03 00:33:20 +01:00
Adrian Schmutzler
6362a04725 kernel: remove obsolete kernel version switches for 4.14
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.

This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:23 +02:00
Adrian Schmutzler
95acc4fe0e kernel: remove support for kernel 4.14
No target uses kernel 4.14 anymore.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:23 +02:00
Adrian Schmutzler
66ab1fb395 ramips: drop support for kernel 4.14
The target seems to be working on 5.4, so drop 4.14 support in
preparation for removing it from master entirely.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:23 +02:00
Adrian Schmutzler
e68c017e93 pistachio: drop support for kernel 4.14
The target seems to be working on 5.4, so drop 4.14 support in
preparation for removing it from master entirely.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Adrian Schmutzler
64824db6d8 arc770: drop support for kernel 4.14
The target seems to be working on 5.4, so drop 4.14 support in
preparation for removing it from master entirely.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Adrian Schmutzler
bc88ee0aff samsung: drop target
This target is still on kernel 4.14, and no attempt has been made to
update it to a newer kernel. Since we already are two LTS versions ahead
of that the target is dropped, as the chance of somebody bumping it will
only decrease with time.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Adrian Schmutzler
94198e2a1c rb532: drop target
This target is still on kernel 4.14, and recent attempts to move it to
kernel 5.4 have not led to success. The device tester reported that it
wouldn't boot with the following messages:

From sysupgrade:

  Press any key within 4 seconds to enter setup....
  loading kernel from nand... OK
  setting up elf image... OK
  jumping to kernel code

At this point the system hangs.

From CompactFlash:

  Press any key within 4 seconds to enter setup....
  Booting CF
  Loading kernel... done
  setting up elf image... kernel out of range kernel loading failed

The tester reported that the same was observed with current master
(kernel 4.14) as well. This looks like some kernel size restriction.

Since this target is quite old and only supports one device, and since
nobody else seemed interested in working on this for quite some time,
I decided to not put further work into analyzing the problem and drop
this together with the other 4.14-only targets.

Patchwork series:
https://patchwork.ozlabs.org/project/openwrt/list/?series=197066&state=*

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Adrian Schmutzler
7d29a55714 ath25: drop target
This target still only works with kernel 4.14, and not so recent
attempts of getting newer kernel versions supported did not lead
to success. Therefore, drop the target, as we are already two
LTS kernel versions ahead and it does not seem like anybody will
pick up the work.

Patchwork series:
https://patchwork.ozlabs.org/project/openwrt/list/?series=169991&state=*

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Adrian Schmutzler
edb5d2a320 tools: sort alphabetically
This sorts the added tools and builddir dependencies alphabetically
to make it easier to find something in the Makefile.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Adrian Schmutzler
48905af01d tools: drop unused upslug2 and wrt350nv2-builder
These tools have been used by the orion target which has been
removed in Jan 2020 [1].

Both were specifically meant for the WRT350Nv2, which is not
supported anymore.

So, let's remove them as well.

[1] 89f2deb372 ("orion: remove unmaintained target")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Magnus Kroken
66893063ab mbedtls: update to 2.16.8
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.

* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-09-02 15:12:12 +02:00
Walter Sonius
46abcb3ade base-files: fix comment typo in lib/functions/network.sh
Fix typo in comment.

Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 01:11:17 +02:00
Daniel Golle
80a194b100 hostapd: add hs20 variant
Add hostapd variant compiled with support for Hotspot 2.0 AP features.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 21:37:35 +01:00
Felix Fietkau
7f0cb91d71 tools/squashfskit4: fix build on non-linux systems
The xattr related function calls are linux specific

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Felix Fietkau
91fb3ce56b mac80211: remove an obsolete patch that is no longer doing anything useful
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Felix Fietkau
2c14710c54 mac80211: add more AQL fixes/improvements
Fix aggregation length estimation, add HE and VHT160 support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Felix Fietkau
b5d425af23 mediatek/ramips: unify ethernet driver fixes and add performance optimizations
Increase DMA burst size and tx ring size and optimize tx processing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Felix Fietkau
6541028598 build: fix path to libfakeroot on macOS
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Daniel Golle
76368a5c0a refpolicy: skip building docs
Building docs requires xmllint and other bulky things being present on
the host. Skip that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 14:35:00 +01:00
Daniel Golle
d136848b8b libaudit: add host-build required by policycoreutils/host
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 14:24:07 +01:00
Daniel Golle
3ce21b8797 libsemanage: host-build depends on renamed libaudit package
Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 12:32:52 +01:00
Hauke Mehrtens
413fdc6676 ugps: update to the latest version
511a5b3 ugps: fix 64-bit time_t

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-01 13:04:44 +02:00
Hauke Mehrtens
db8e09f1c2 fstools: update to the latest version
5345343 fstoools: add define for GLOB_ONLYDIR

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-01 13:01:15 +02:00
John Crispin
4841ac042e mediatek: pull in some fixes fromt he latest SDK
Signed-off-by: John Crispin <john@phrozen.org>
2020-09-01 09:09:13 +02:00
John Crispin
2ddd8387a7 uboot-mediatek: update to latest version
Signed-off-by: John Crispin <john@phrozen.org>
2020-09-01 09:08:52 +02:00
Daniel Golle
729a75c3b2 build: unbreak fakeroot in SDK
Using fakeroot without passing the paths to libfakeroot.sh and faked
causes havoc. Use the $(FAKEROOT) Make variable which includes them.

Fixes: 353ce2e521 ("build: ipkg-build use fakeroot with PKG_FILE_MODES")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 04:10:41 +01:00
Daniel Golle
5587f19c36 tools: fakeroot: pass paths of libfakeroot.so and faked
Fixes: 9e7ef46065 ("tools: add fakeroot")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 04:10:41 +01:00
Daniel Golle
93ed51e5b6 libaudit: drop unused file
Drop init script from libaudit package. It will be added to the
'audit' package in the packages feed.

Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 00:32:54 +01:00
Paul Spooren
395ac4d018 build: opkg-key variable key folder
The key folder is used by `opkg` and `usign` to store and retrieve
trusted public keys. Using `opkg-key` outside a running device is
unfeasible as the key folder is hard coded to `/etc/opkg/keys`.

This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys`
if unset, however allows set arbitrary key folder locations.

Arbitrary key folder locations are useful to add signature verification
to the ImageBuilders.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 22:44:26 +01:00
Paul Spooren
18b1cc2838 px5g-wolfssl: cleanup Makefile and SPDX license
Minor cosmetic cleanups of the Makefile and add a SPDX compatible
license headers.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 22:29:37 +01:00
Daniel Golle
2e2425ce7f libsemanage: add missing package metadata
License and CPE-ID were missing, add them.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 22:02:12 +01:00
Daniel Golle
efdf619f21 audit: build only libaudit
Turns out auditd depends on libev. Lets have that in packages.git.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 21:51:45 +01:00
Hauke Mehrtens
2b141ad392 strace: Update to version 5.8
Deactivate multiple personalities support, because this causes compile
problems at least on the x86/64 target. As OpenWrt compiles all
binaries itself all binaries will use the native personality which is
also used by strace. This change will make it impossible to debug i386
binaries on x86_64 OpenWrt targets for example.

Just deactivate it for ARM64 too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-31 22:15:26 +02:00
Rosen Penev
36d9ed360a util-linux: update to 2.36
hwclock was fixed to work with musl.

Unfortunately, the fix breaks under musl 1.2.x. Backported patch to fix
that.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Rosen Penev
879e68eafd libcxx: update to 10.0.0
Switched to upstream tarballs.

Switched to libcxxabi as using libsupc++ is quite wonky.

Fixed description.

Removed patches. The fixes are cosmetic.

Added ssp patch. This one is needed for i386 and powerpc under musl.

Compile tested every C++ package in the tree with the exception of
several boost packages. There's something broken with boost.

Ran tested with gerbera.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00