Commit Graph

52874 Commits

Author SHA1 Message Date
Hauke Mehrtens
0ca81ff047 procd: update to git HEAD
jail: Fix build with glibc

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-22 23:51:50 +02:00
Hauke Mehrtens
9501ce909f layerscape: Fix build in dtb
This fixes a kernel build problem.
The removed parts of the patch are already applied upstream.

Fixes: 9ad3ef27b9 ("kernel: bump 5.4 to 5.4.153")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-22 22:12:24 +02:00
Christian Lamparter
9fcb5c367e apm821xx: WNDAP6X0: add missed uci-default for compat
This should have been included in the previous patch that
resized the kernel partition to fit bigger kernels.

Fixes: 7a6a349445 ("apm821xx: WNDAP620 + WNDAP660: reorganize partitions for 5.10")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-22 21:25:18 +02:00
Christian Lamparter
8b0c053671 apm821xx: implement new LED label naming scheme
This patch updates all current APM82181 devices over to that
"new LED naming scheme". This includes many updates to the
device-tree:
	- dropped the deprecated, but beloved "label" property.
	- rename all DT leds node names to led-#.
	- add function and color properties.
	- utilized panic-indicator property.
	- dropped led- aliases (see below).

migration scripts for all devices are included.

For more information. See:
<https://www.kernel.org/doc/html/latest/leds/leds-class.html>

For the future: It looks like the color+function properties
won over the dt-alias / label. This will need to be wired up
into openwrt eventually. For APM821xx the situation is that
all devices have a dedicated power and fault indicator.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-22 21:25:18 +02:00
Christian Lamparter
e9335c2920 ath79: lzma-loader: fix & re-enable per-board CONFIG_BOARD_DEV
Back in the AR71XX days, the lzma-loader code could be customized
based on the $BOARD variable. These would be passed as a
compile-time -DCONFIG_BOARD_$DEVICE_MODEL flag to the compiler.
Hence, the lzma-loader would be able to include device-specific
fixups.

Note: There's still a fixup for the TpLink TL-WR1043ND V1 found
in the lzma-loader's board.c code. But since the days of AR71XX
I couldn't find a forum post or bug reported. So, I left it
as is to not break anything by enabling it.

=> If you have a TL-WR1043ND V1 and you have problem with
the ethernet: let me know. Because otherwise, the fixup
might simply no longer needed with ath79 and it can be removed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-22 21:25:18 +02:00
Christian Lamparter
8a042450d8 apm821xx: MX60(W): re-enable + allow bigger future kernels
The MX60's kernel is limited to 0x3EFC00 by the values in
mkmerakifw.c. Since the initramfs method of loading the
kernel seems to be working, this patch does away with the
use of the mkmerakifw tool for the MX60(W).

But this will go along with a change in u-boot as well.
So before you upgrade, please attach the serial cable and
perform:

| setenv owrt510_boot run meraki_ubi owrt_bootargs\; run owrt_load1 owrt_bootkernel\; run owrt_load2 owrt_bootkernel
| setenv bootcmd run owrt510_boot
| saveenv

Note: You won't be able to use older OpenWrt releases without
switching the bootcmd back to owrt_boot!

Note2: We are no longer compatible with older OpenWrt MX60 installs.
the legacy BOARD_NAME and SUPPORTED_DEVICES can be dropped. This is
because upgrades from older images are not possible without uboot env
changes anymore. Also the bogus BLOCKSIZE value
(which was set to 63k back then, in order to get the kernel properly
aligned after the fdt + meraki header) can be set to the NANDs real
value. The FDT size (which was needed for alignment) can now be
slimmed down as well.

Co-developed-by: Martin Kennedy <hurricos@gmail.com>
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-22 21:25:18 +02:00
Christian Lamparter
bbb3852401 apm821xx: MBL: HDD regulators overhaul for MBL DUO
Takimata reported on the OpenWrt forum in thread [0], that his
MyBook Live Duo wasn't booting OpenWrt 21.02 after upgrading
from the previous OpenWrt 19.07.

The last logged entries on his console

|[    0.531599] sata1-regulator GPIO handle specifies active low - ignored
|[    0.538391] sata0-regulator GPIO handle specifies active low - ignored
|[    0.759791] ata2: SATA link down (SStatus 0 SControl 300)
|[    0.765251] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
|[    5.909555] ata1.00: qc timeout (cmd 0xec)
|[    5.913656] ata1.00: failed to IDENTIFY (I/O error, err_mask=0x4)
|[    6.231757] ata1: SATA link down (SStatus 0 SControl 300)

This extract clearly showed that the HDD on which OpenWrt is installed,
simply disappeared after the SATA power regulators had been initialized.

The reason why this worked with OpenWrt 19.07 was because the kernel
config symbol CONFIG_REGULATOR=y was not set in the target's config-4.14.

(This shows that the MBL Single does differ from the DUO in that
it does not have programmable power regulators for the HDDs.)

[0] <https://forum.openwrt.org/t/21-02-0-and-snapshot-fail-to-boot-on-my-book-live-duo/106585>

Reported-by: Takimata (forum)
Tested-by: Takimata (forum)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-22 21:25:18 +02:00
Roger Pueyo Centelles
68d91f08ed ath79: mikrotik: use 64 KiB SPI NOR erase sectors
This patch removes CONFIG_MTD_SPI_NOR_USE_4K_SECTORS from the default
symbols for the ath79/mikrotik target.

MikroTik devices hold some of their user-configurable settings in the
soft_config partition, which is typically sized 4 KiB, of the SPI NOR
flash memory. Previously, in the ar71xx target, it was possible to use
64 KiB erase sectors but also smaller 4 KiB ones when needed. This is
no longer the case in ath79 with newer kernels so, to be able to write
to these 4 KiB small partitions without erasing 60 KiB around, the
CONFIG_MTD_SPI_NOR_USE_4K_SECTORS symbol was added to the defaults.
However, this ended up making sysupgrade images which were built with
64 KiB size blocks not to keep settings (e.g., the files under
/etc/config/) over the flashing process.

Using 4 KiB erase sector size on the sysupgrade images (by setting
BLOCKSIZE = 4k) allows keeping settings over a flashing process, but
renders the process terribly slow, possibly causing a user to
mistakenly force a manual device reboot while the process is still on-
going. Instead, ditching the 4 KiB erase sectors for the default
64 KiB erase size provides normal SPI write speed and sysupgrade times,
at the expense of not being able to modify the soft_config partition
(which is rarely a required thing).

An OpenWrt patch for MTD_SPI_NOR_USE_4K_SECTORS_LIMIT may once have
allowed to use different per-partition erase sector sizes. Due to
changes on recent kernels it now only works on a per-device basis.
Also, partial eraseblock write can be performed in ath79 with kernels
5.4 and lower, by copying the blocks from the 64 KiB, erasing the whole
sector and restoring those blocks not meant to be modified. A kernel
bump had that patch broken for a long time, but got fixed in bf2870c.

Note: the settings in the soft_config partition can be reset to their
defaults by holding the reset button for 5 seconds (and less than 10
seconds) at device boot.

Fixes: FS#3492 (sysupgrade […] loses settings...)
Fixes: a66eee6336 (ath79: add mikrotik subtarget)

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2021-10-22 08:15:40 -10:00
Rafał Miłecki
b8e682ac74 bcm53xx: bridge all LAN ports on Linksys EA9500
External switch ports need to be bridged too.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-10-22 13:46:22 +02:00
Rui Salvaterra
dd0ad9b661 tools/isl: update the download URL
isl.gforge.inria.fr has been dead since early this month [1]. Switch to
libisl.sourceforge.io for the time being.

[1] https://groups.google.com/g/isl-development/c/JGaMo2VUu_8

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-10-21 20:37:20 +01:00
Paul Spooren
f46a70a688 toolchain: switch packaged toolchain to tar.xz
Currently the tar.bz2 while ImageBuilder and SDK switched to tar.xz.
Unify it for faster compression since it will make use of
multi-threading.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-10-21 08:25:38 -10:00
Rafał Miłecki
e9672b1a8f bcm53xx: switch to the upstream DSA-based b53 driver
1. Drop swconfig
2. Simplify network setup
3. Verify network config
4. Disable Buffalo WZR-900DHP for now - it misses ports definition

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Reviewed-By: Christian Lamparter <chunkeey@gmail.com>
2021-10-21 17:38:17 +02:00
Rafał Miłecki
d88f3b8a42 bcm47xx: add kernel 5.10 support
It's for *development* only as it doesn't work with lzma-loader due to
bigger size.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-10-21 17:38:17 +02:00
David Bauer
9b880f09f3 hostapd: ubus: fix uninitialized pointer
This fixes passing a bogus non-null pointer to the ubus handler in case
the transition request is rejected.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-10-21 17:09:35 +02:00
David Bauer
f85c970c9c ath79: use correct USB package for DIR-505
AR9331 requires kmod-usb2-chipidea to use the USB ports. Include the
correct package so they can be used with the base image.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-10-21 15:52:49 +02:00
Felix Fietkau
63c01ad025 hostapd: fix up patches after the last commit
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-21 12:37:23 +02:00
Felix Fietkau
da4be02fcd hostapd: fix a race condition on adding AP mode wds sta interfaces
Both hostapd and netifd attempt to add a VLAN device to a bridge.
Depending on which one wins the race, bridge vlan settings might be incomplete,
or hostapd might run into an error and refuse to service the client.
Fix this by preventing hostapd from adding interfaces to the bridge and
instead rely entirely on netifd handling this properly

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-21 11:31:53 +02:00
Felix Fietkau
f448c26923 netifd: update to the latest version
c61a1d432b34 wireless: fix creating AP mode WDS station interfaces
f78bdec2ed5f wireless: fix handling vif attributes on reload with mode change

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-21 11:31:53 +02:00
Robert Marko
b519997ab9 kernel: 5.10: backport Marvell 88E1510/2 PHY SFP support
Backport upstream SFP support for the Marvell 88E1510/2 PHY-s.

Globalscale MOCHAbin uses this PHY for the hybrid
WAN port that has 1G SFP and 1G RJ45 with PoE PD
connected to it.

This allows the SFP port to be used on it as well as
parsing the SFP module details with ethtool.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2021-10-21 00:17:36 +02:00
Robert Marko
b0f6162d68 kernel: 5.10: backport 100 BaseX SFP support
Backport upstream support for 100Base-FX, 100Base-LX, 100Base-PX and
100Base-BX10 SFP modules.

This is a prerequisite for the Globalscale MOCHAbin hybrid 1G
SFP/Copper support backporting.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2021-10-21 00:17:36 +02:00
Andre Heider
70729d3454 ltq-vdsl-app: add error vector counters to the ubus metrics
These are useful stats to debug vector related line deteriorations,
see [0].

Example output:
    "erb": {
	    "sent": 169925,
	    "discarded": 0
    }

[0] https://forum.openwrt.org/t/vectoring-on-lantiq-vrx200-vr9-missing-callback-for-sending-error-samples/104046

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-10-21 00:17:36 +02:00
Andre Heider
276c80bdc0 ltq-vdsl-app: prepare for multiple mei ioctls
Refactor so that the outer function opens and closes the mei fd and
passes it around, just as with the main fd.

That also allows us to use the IOCTL macro in get_vector_status() and
clean up accordingly.

Switch to AUTORELEASE while at it.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-10-21 00:17:36 +02:00
Andrew Robbins
1d2bc94f78 ath10k-ct: update to version from 2021-09-22
Add in a fix for 160Mhz dfs on 5.10 and higher.
Add support for 5.13 and 5.15 kernels.
Add of_get_mac_address support for 5.15 driver.

Signed-off-by: Andrew Robbins <andrew@robbinsa.me>
2021-10-21 00:17:36 +02:00
Rui Salvaterra
d4f0e45f90 kernel: bump 5.10 to 5.10.75
Deleted (upstreamed):
bcm27xx/patches-5.10/950-0735-xhci-guard-accesses-to-ep_state-in-xhci_endpoint_res.patch [1]

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=dc3e0a20dbb9dbaa22f4a33dea34230f8c663c40

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-10-21 00:17:36 +02:00
Rui Salvaterra
72e53eb133 kernel: bump 5.10 to 5.10.74
Patches automatically refreshed.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-10-21 00:17:36 +02:00
Rui Salvaterra
3bd701d47c kernel: bump 5.10 to 5.10.73
Patches automatically refreshed.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-10-21 00:17:36 +02:00
John Audia
0ea33e5363 kernel: bump 5.4 to 5.4.155
All patches automatically rebased.

Signed-off-by: John Audia <graysky@archlinux.us>
2021-10-21 00:17:36 +02:00
John Audia
3d0499bcdb kernel: bump 5.4 to 5.4.154
All patches automatically rebased.

Signed-off-by: John Audia <graysky@archlinux.us>
2021-10-21 00:17:36 +02:00
John Audia
9ad3ef27b9 kernel: bump 5.4 to 5.4.153
Removed upstreamed:
  backport-5.4/070-v5.5-MIPS-BPF-Restore-MIPS32-cBPF-JIT.patch

All other patches automatically rebased.

Signed-off-by: John Audia <graysky@archlinux.us>
2021-10-21 00:17:36 +02:00
Ivan Pavlov
be3e260f92 wolfssl: fix compile when enable-devcrypto is set
fixing linking error when --enable-devcrypto=yes
fixes: 7d92bb0509 wolfssl: update to 4.8.1-stable

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
2021-10-21 00:17:36 +02:00
Hauke Mehrtens
36019ed589 iw: sync nl80211 with kernel backports
The nl80211 was out of sync with the version used in our backports. This
broke the configuration of the antenna gain.

Fixes: 2bfac61483 ("mac80211: backport support for BSS color changes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-21 00:17:36 +02:00
Adrian Schmutzler
352427ecec realtek: switch to kernel 5.10
The usual testers did their tests. Now we need testers who use the
master builds.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-10-20 23:27:52 +02:00
Felix Fietkau
a889dcd3f2 mac80211: add missing patch chunk for mac80211_hwsim
Fixes build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-20 14:04:40 +02:00
Felix Fietkau
192c41001a mt76: update to the latest version
ebf5b2336591 mt7615/mt7915: fix hwmon device name
8d12f9ed275d mt76: mt7615: mt7622: fix ibss and meshpoint
e7883cdc0b4e mt76: mt7915: improve code readability in mt7915_mcu_sta_bfer_ht
831d5967abb9 wireless: fix spelling of A-MSDU in HE capabilities
f09cb04be261 wireless: align some HE capabilities with the spec
0eeba8f2952d wireless: align HE capabilities A-MPDU Length Exponent Extension
655a6c65b8a7 mt76: mt7915: introduce mt7915_mcu_beacon_check_caps()
4440025d0ba9 mt76: mt7915: fix txbf starec TLV issues
87d2fb6fbff5 mt76: mt7915: improve starec readability of txbf
53c6a3cb7f6b mt76: mt7915: fix sta_rec_wtbl tag len
f517845e4f28 mt76: mt7915: rework starec TLV tags
1df017bc39a3 mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req()
6724b0a9a748 mt76: mt7915: set VTA bit in tx descriptor
f1f505cbbb30 mt76: mt7915: set muru platform type
8c9d4b38d258 mt76: mt7915: remove dead code in mt7915_get_et_stats
d0ccc4297935 mt76: rely on phy pointer in mt76_register_debugfs_fops routine signature
0af0af82bb97 mt76: mt7915: introduce mt76 debugfs sub-dir for ext-phy
10e85d62f213 mt76: mt7915: improve code readability for xmit-queue handler
b6051f7713d2 mt76: sdio: export mt76s_alloc_rx_queue and mt76s_alloc_tx routines
9a97c38a309d mt76: mt7921: get rid of unused variable in mt7921_tx_complete_skb
c02847c05884 mt76: mt7921: get rid of unused variable in mt7921_mac_tx_free
60dd47a0a62e mt76: mt7915: remove dead code in debugfs code
ce74fc020d81 mt76: mt7921: add MU EDCA cmd support
c062f6920356 mt76: mt7921: refactor mac.c to be bus independent
bfa909c833e8 mt76: mt7921: refactor dma.c to be pcie specific
6556bddf26d2 mt76: mt7921: refactor mcu.c to be bus independent
1c8418207c86 mt76: mt7921: refactor init.c to be bus independent
6cf8248c1a44 mt76: mt7921: add MT7921_COMMON module
77600b0c10ac mt76: connac: move mcu reg access utility routines in mt76_connac_lib module
65362a00d07d mt76: mt7663s: rely on mcu reg access utility
956206bb55c3 mt76: mt7921: make all event parser reusable between mt7921s and mt7921e
f0dedcf6aaf0 mt76: mt7921: use physical addr to unify register access
5079d5b0b13c mt76: sdio: move common code in mt76_sdio module
26257594398b mt76: sdio: introduce parse_irq callback
e353424f1b07 mt76: sdio: extend sdio module to support CONNAC2
ddab3dd25f94 mt76: connac: extend mcu_get_nic_capability
b2d9a1748a41 mt76: mt7921: rely on mcu_get_nic_capability
e6ce5d9cbda0 mt76: mt7921: refactor mt7921_mcu_send_message
ce3706a65ccd mt76: mt7921: introduce mt7921s support
3143118baf53 mt76: mt7921s: add reset support
645eac64bece mt76: mt76x0: correct VHT MCS 8/9 tx power eeprom offset
d54796787cb7 mt76: move mt76_sta_stats in mt76.h
094e085abf5a mt76: move mt76_ethtool_worker_info in mt76 module
f80ab6dde63d mt76: mt7915: run mt7915_get_et_stats holding mt76 mutex
4a11cb67dc27 mt76: mt7915: move tx amsdu stats in mib_stats
486da6fa2512 mt76: do not reset MIB counters in get_stats callback
d8837b7c8dcd mt76: mt7921: add some more MIB counters
5ffe086fcd1b mt76: mt7921: introduce stats reporting through ethtool
69154ae23f6b mt76: mt7921: add sta stats accounting in mt7921_mac_add_txs_skb
4b65fbc4e203 mt76: mt7921: move tx amsdu stats in mib_stats
35b8025f466b mt76: mt7921: add per-vif counters in ethtool
cfbbd861eb12 mt76: mt7915: enable HE UL MU-MIMO
a0b94987df80 mt76: mt7915: rework mt7915_mcu_sta_muru_tlv()
5fbb686e9c0c mt76: mt7915: fix missing HE phy cap
b649678c18ca mt76: mt7915: change max rx len limit of hw modules

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-20 11:35:34 +02:00
Felix Fietkau
e62c550470 mac80211: backport a few trivial patches
No functional changes, just some renames to make it easier to keep mt76 in
sync with upstream

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-20 11:35:34 +02:00
Felix Fietkau
faa6a9a04b tools/llvm-bpf: add llvm+clang build suitable for compiling code to eBPF
Preparation for building packages that ship eBPF code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-20 11:35:34 +02:00
Felix Fietkau
1c07eab9f8 include/cmake.mk: fix host builds with CMAKE_BINARY_SUBDIR
Use it in the same way as for target builds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-20 11:35:34 +02:00
Paul Spooren
a424dfd66b README: mention video feed
The video feed just got support for Wayland which allows OpenWrt devices
to run as a Kiosk (displaying browser content via a display).

The availability of these packages should be mentioned to users.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-10-19 15:47:44 -10:00
Jitao Lu
917126ff4c ncurses: add tmux terminfo
They're preferred terminal descriptions for tmux, with additional support to
some special characters and italic fonts. More info can be found at:
https://github.com/tmux/tmux/wiki/FAQ

Fixes: FS#3404

Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
2021-10-19 08:11:38 -10:00
David Bauer
43c64ffa74 hostapd: fix goto loop for ubus assoc handler
When a ubus event handler denies a association with a non-zero return
value, the code jumps to preceeding code, creating an endless loop until
the event handler accepts the assc request.

Move the ubus handler further up the code to avoid creating such a loop.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-10-19 17:27:05 +02:00
Stepan Henek
c4e994011f wireguard-tools: add uci option to disable wireguard peers
Right now when I want to temporarily disable wg peer I need to delete
the entire peer section. This is not such a good solution because I
loose the previous configuration of the peer.

This patch adds `disabled` option to peer config which causes that
the config section is ignored.

Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
[use $(AUTORELEASE)]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-10-18 12:14:36 -10:00
Stijn Tintel
dbb0019cbe nftables: bump to 1.0.0
This introduces support for hardware flow offloading, which was added in
in nftables 0.9.9.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2021-10-19 00:12:13 +02:00
Adrian Schmutzler
7b8eca902e tegra: switch to kernel 5.10
This target has testing support for kernel 5.10 for four months now.
Time to switch the default.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2021-10-18 21:32:36 +02:00
Rafał Miłecki
287257d676 bcm53xx: enable Linksys EA6300 & EA9200 builds
Both should be supported since:
1. Adding NVMEM driver for NVRAM
2. Using NVRAM info for determining active firmware partition

Linksys EA9500 uses very similar design and works fine.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-10-18 16:09:36 +02:00
Daniel Golle
333f93333e
procd: update to git HEAD
9b1e035 jail: netifd: code cosmetics
 d2a2ecc jail: netifd: fix error handling issue reported by coverity
 e1d7cee jail: netifd: check target netns fd before using it
 59f7699 uxc: add missing 'break' statement

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-17 21:58:47 +01:00
Andre Heider
7cb5af30f4 wolfssl: remove --enable-sha512 configure switch
It's the default anyway and this just looks confusing, as if it wasn't.

Switch to AUTORELEASE while at it.

The binary size is unchanged.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-10-17 16:30:12 +02:00
Andre Heider
c76300707e wolfssl: always build with --enable-reproducible-build
This gates out anything that might introduce semantically frivolous jitter,
maximizing chance of identical object files.

The binary size shrinks by 8kb:
1244352 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-10-17 16:29:00 +02:00
Andre Heider
28d8e6a871 wolfssl: build with WOLFSSL_ALT_CERT_CHAINS
"Alternate certification chains, as oppossed to requiring full chain
validataion. Certificate validation behavior is relaxed, similar to
openssl and browsers. Only the peer certificate must validate to a trusted
certificate. Without this, all certificates sent by a peer must be
used in the trust chain or the connection will be rejected."

This fixes e.g. uclient-fetch and curl connecting to servers using a Let's
Encrypt certificate which are cross-signed by the now expired
DST Root CA X3, see [0].

This is the recommended solution from upstream [1].

The binary size increases by ~12.3kb:
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f

[0] https://github.com/openwrt/packages/issues/16674
[1] https://github.com/wolfSSL/wolfssl/issues/4443#issuecomment-934926793

Signed-off-by: Andre Heider <a.heider@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-10-17 16:25:10 +02:00
Felix Fietkau
a1ac8728f8 ramips: remove kmod-mt7663-firmware-sta from device packages
This firmware should only be used for mobile devices (e.g. laptops), where
AP mode functionality is typically not used. This firmware supports a lot
of power saving offload functionality at the expense of AP mode support.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-17 16:07:03 +02:00
Rosen Penev
5b3d62247c ramips: fix dtc warnings for telco-electronics_x1
In all other dts files, the entire block is not edited like this.
They're edited separately.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-10-17 15:21:37 +02:00