Commit Graph

18645 Commits

Author SHA1 Message Date
Felix Fietkau
2cd1a10829 mac80211: fix typo
Remove stray parenthesis

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-03 05:38:59 +02:00
Felix Fietkau
b474142fa8 mt76: update to the latest version
bddc1db76d0f mt76: mt7915: drop the use of repeater entries for station interfaces
3c90f35dddac mt76: mt7915: add thermal sensor device support
afab0e8202ff mt76: mt7915: add thermal cooling device support
41cf02184699 mt76: mt7615: add thermal sensor device support
2ac6b8762565 mt76: connac: update BA win size in Rx direction
ddb301127291 mt76: mt7921: fix reset under the deep sleep is enabled
e4cbefd1d69a mt76: mt7921: avoid unnecessary consecutive WiFi resets
393eea2034d7 mt76: mt7921: fix invalid register access in wake_work
a15d46407ffa mt76: mt7921: fix OMAC idx usage
e4d267d8e900 mt76: mt7921: enable runtime pm by default
50fd8ce2412a mt76: connac: add bss color support for sta mode
e29058c3c860 mt76: mt7921: return proper error value in mt7921_mac_init
c89c8c347b1e mt76: mt7921: do not schedule hw reset if the device is not running
9f7bb428e587 mt76: mt7921: reset wfsys during hw probe
22ea365913b5 mt76: mt7915: add .offset_tsf callback
ad91f8e8e494 mt76: mt7615: add .offset_tsf callback
6f871f35e3c1 mt76: mt7915: use mt7915_mcu_get_txpower_sku() to get per-rate txpower
597b68b7daa3 mt76: mt7615: remove useless if condition in mt7615_add_interface()
3945264468eb mt76: testmode: fix memory leak in mt76_testmode_alloc_skb
bdcc57a11606 mt76: testmode: remove unnecessary function calls in mt76_testmode_free_skb
a9763452601d mt76: testmode: remove undefined behaviour in mt76_testmode_alloc_skb
4aef2a2be464 mt76: mt7615: fix potential overflow on large shift
d9dd7635b055 mt76: mt7915: use mt7915_mcu_get_mib_info() to get survey data
d740e921758a mt76: mt7921: introduce mac tx done handling
259ddfc7cb73 mt76: mt7921: update statistic in active mode only
757b93f4b179 mt76: mt7921: remove leftover 80+80 HE capability
1fcff599b2e1 mt76: allow hw driver code to overwrite wiphy interface_modes
c55c22e39b7d mt7915: update firmware to 2020110522
10548aef1f45 mt76: mt7915: improve error recovery reliability
ed6b0c79820c mt76: mt7921: set MT76_RESET during mac reset
321443258bea mt76: move mt76_rates in mt76 module
d1652e8af9e1 Revert "mt76: connac: do not schedule wake_work if the runtime-pm is disabled"
4f4cab39ed9f mt76: mt7915: read all eeprom fields from fw in efuse mode
71450535f164 mt76: mt7921: enable hw offloading for wep keys
833d577e430c mt76: mt7921: remove mt7921_get_wtbl_info routine
67b7a22d2b99 mt76: mt7921: enable random mac address during sched_scan
cf1ff7bf4f1b mt76: mt7915: setup drr group for peers
ef2f7aa8745f mt76: mt7615: update radar parameters
b9f09f530223 mt76: mt7915: fix MT_EE_CAL_GROUP_SIZE

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-02 09:33:12 +02:00
John Crispin
98621c9782 hostapd: add eap_server support
This makes it possible to avoid using a RADIUS server for WPA enterprise authentication

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-02 09:33:12 +02:00
Felix Fietkau
704ab6a002 hostapd: add default values for r0kh/r1kh
This allows WPA enterprise roaming in the same mobility domain without any
manual key configuration (aside from radius credentials)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-02 09:33:12 +02:00
Felix Fietkau
ec223cf724 hostapd: add support for specifying the maxassoc parameter as a device option
It allows enforcing a limit on associated stations to be enforced for the
full device, e.g. in order to deal with hardware/driver limitations

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-02 09:33:12 +02:00
Felix Fietkau
e309b57619 hostapd: add support for configuring proxy ARP
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-02 09:33:12 +02:00
Felix Fietkau
190d4b6184 hostapd: add configurable rssi thresholds for rejecting assoc/probe requests
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-02 09:33:12 +02:00
Felix Fietkau
46509a51dd hostapd: add support for configuring the beacon rate
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-02 09:33:12 +02:00
Felix Fietkau
42a99b18ff mac80211: do not enable VHT in the default config on 2.4 GHz
Some drivers advertise it, but it's not supported at the moment

Reported-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-02 07:46:21 +02:00
Felix Fietkau
3518b793a2 mac80211: fix detecting VHT capabilities when generating the default config
The colon does not directly follow the "VHT Capabilities" string

Reported-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-02 07:46:21 +02:00
Adrian Schmutzler
54cc1756e2 hostapd: update to version 2021-05-22
This update only adds one commit:
b102f19bcc53 tests: Opportunistic Wireless Encryption - SA Query

The main reason for the bump is to have a newer PKG_SOURCE_DATE,
so we can reset PKG_RELEASE to 1 (this has not been done for the
most recent bump), and replace it with AUTORELEASE.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-05-29 00:31:25 +02:00
Rafał Miłecki
e002179a6d base-files: simplify setting device MAC
1. Move code above interface generation
   It results in more logical order. Device gets its config section
   above interface section.
2. Drop the loop
   We have separated code handling bridges now so $device should be
   guaranteed to contain a single device name.
3. Drop section name
   It's not required by netifd or LuCI & it's not needed by this script
   as $device contains a single device name now.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-05-28 15:35:32 +02:00
Jo-Philipp Wich
ec83fb9ced ubox: fix init script validation of log_ip option
The underlying logread process uses usock() to handle remote connections
which is able to handle both hostnames and IP addresses.

Ref: https://github.com/openwrt/luci/issues/5077
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-05-28 15:23:14 +02:00
Felix Fietkau
962d530dea hostapd: support verbose build using V=sc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-27 12:17:02 +02:00
Rafał Miłecki
4b9a67362d base-files: generate network config with "device" options
Replace "ifname" with "device" as netifd has been recently patches to
used the later one. It's more clear and accurate.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-05-27 10:58:49 +02:00
David Bauer
553cc47ec7 hostapd: ACS: fix channel 100 frequency
Channel 100 is a valid channel to choose for 80MHz operation. However,
it's assigned to 5500 MHz, not 5550MHz. In fact, there is no channel
assigned to this frequency.

Fix this obbvious typo to allow ACS to select channel 100 for 80 MHz
operation again.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-05-26 23:12:09 +02:00
Evgeny Kolesnikov
3e9318f3c0 kernel: fix AutoLoad parameter for uleds module
The name of the module is 'uleds', not 'leds-uleds'.

Signed-off-by: Evgeny Kolesnikov <evgenyz@gmail.com>
[improve commit title]
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-05-26 23:10:54 +02:00
Chukun Pan
57cb387cfe ramips: add support for JCG Q20
JCG Q20 is an AX 1800M router.

Hardware specs:
  SoC: MediaTek MT7621AT
  Flash: Winbond W29N01HV 128 MiB
  RAM: Winbond W632GU6NB-11 256 MiB
  WiFi: MT7915 2.4/5 GHz 2T2R
  Ethernet: 10/100/1000 Mbps x3
  LED: Status (red / blue)
  Button: Reset, WPS
  Power: DC 12V,1A

Flash instructions:
  Upload factory.bin in stock firmware's upgrade page,
  do not preserve settings.

MAC addresses map:
  0x00004 *:3e wlan2g/wlan5g
  0x3fff4 *:3c lan/label
  0x3fffa *:3c wan

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2021-05-26 23:10:45 +02:00
Felix Fietkau
91abeebd3b mac80211: sync nl80211.h with upstream and backport a WPA3 related commit
Fixes compatibility issues with the latest hostapd update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 20:08:25 +02:00
Felix Fietkau
fbd6f099f5 mac80211: add more HE capabilities
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:15 +02:00
Felix Fietkau
8d79915327 mac80211: fix center freq selection for 6 GHz
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
d87b58bb09 hostapd: fix adding back stations after a missed deauth/disassoc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
eefed841b0 hostapd: update to version 2021-05-21
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
c8bcdd5619 mac80211: set hostapd op_class for 6 GHz
This is needed to disambiguate it from 5 GHz channels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
8504212f65 mac80211: rework default config script
Emit the new band option instead of hwmode
Support 6 GHz band and HE options

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
8b8c1cb09b mac80211: make use of the new 'band' option
Use it to look up frequencies only in the configured band to better deal
with channel number overlap

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
db072fdc9e mac80211: add 6 GHz support to mac80211_hwsim
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
d76535c45e wireless-regdb: update to version 2021.04.21
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Andre Heider
b5420dd710 iw: update to 8fab0c9e
This fixes `iw dev wlan0-mesh station dump`.

8fab0c9 iw: fix ftm_request missing arguments segfault
e816fbc iw: fix mgmt dump missing arguments segfault
5d9d1b8 iw: Fix timestamp output on 32-bit architectures
4b25ae3 iw: fix pointer arithmetic in __print_he_capa
c3df363 iw: add option to print human readable event time
cd64525 iw: print ctrl port tx status event
0ba98b9 iw: use correct type in policy check for mesh
9e38dee iw: scan: fixup HE caps whitespace
17e8564 iw: scan: parse HE capabilities
5735e58 iw: util: factor out HE capability parser
6d8d507 iw: scan: add extension tag parsing
b4e1ec4 man: update wikipage URL, reformat SEE ALSO section
c56036a iw: enable 80MHz support for 6GHz band 11s mesh
fa72728 iw: handle positive error codes gracefully
7ba9093 iw: scan: add flag for scanning colocated ap
5ec60ed iw: Add 'coloc' and 'flush' options to sched_scan
f8ade75 iw: update wikipage URL
b6f2dac iw: Add support for specifying the 160MHz bandwidth when setting the channel/frequency

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-05-26 11:48:14 +02:00
Felix Fietkau
26da5c2359 hostapd: add support for configuring rts threshold
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
2319cf4ec0 hostapd: fix max_oper_chwidth setting for HE
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
John Crispin
3bd6c8c728 hostapd: add additional radius options
- add functionality to configure RADIUS NAS-Id and Operator-Name
- add functionality to configure RADIUS accounting interval
- enable RADIUS "Chargeable User Identity"

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
c76f1d8330 hostapd: add extra options for hotspot 2.0 / interworking
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
753a91d1d1 hostapd: report radar detected events via ubus
Events are reported on all BSS interfaces

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
8e2ca15726 hostapd: improve channel switch support
Instead of requiring the user to call it on each BSS individually,
run it on all BSSs internally.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
33c69aee41 hostapd: add missing inline stubs for ubus vlan event support
Only used when building without ubus support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
John Crispin
937dd79e2a hostapd: fix civic location option
Signed-off-by: John Crispin <john@phrozen.org>
2021-05-26 11:48:14 +02:00
Rafał Miłecki
5fe549836f netifd: update to the latest master
899c2a4 interface: support "device" attribute and deprecate "ifname"
62e3cb5 scripts/netifd-wireless.sh: add support for specifying the operating band

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-05-26 07:56:27 +02:00
Nick Hainke
6687a2483a opkg: use $(PROJECT_GIT), $(AUTORELEASE) and SPDX
1) Use SPDX license headers to be machine readable.
2) Update copyright to 2021.
3) Use $(PROJECT_GIT) instead of manually specifying the git url.
4) Use $(AUTORELEASE) to automatically set the correct PKG_RELEASE.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-05-25 23:48:00 +02:00
Paul Spooren
efee640716 busybox: mention SRV support in help message
The SRV was added some time ago and should be mentioned in the short
help message to avoid confusion about missing features.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-05-24 20:30:04 +02:00
Hans Dedecker
7131f5a2fb nat46: fix memory leak
0d5860d fix memory leak in nat46_netdev_destroy().The netdev is forgotten to free in nat46_netdev_destroy function (#26)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-05-24 13:02:41 +02:00
INAGAKI Hiroshi
8cc4e87a2f base-files: fix configuration generation of network if "bridge" exists
After the commit 43fc720657
("base-files: generate "device UCI type section for bridge"), the wrong
network configuration is generated for the devices that already have the
bridge device section for VLAN, such as the devices in realtek target.

As a result, the bridge device by additional "device" section is
specified to the "ports" option in the "bridge-vlan" section and netifd
shuts down the switch and the ethernet when the network service started.

Fixes: 43fc720657 ("base-files: generate "device" UCI type section for bridge")
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
[rmilecki: use $ports for generate_bridge_vlan argument]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-05-24 09:09:00 +02:00
Rafał Miłecki
7a90ad3c43 base-files: support setting bridge MAC address
Fixes: 43fc720657 ("base-files: generate "device" UCI type section for bridge")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-05-24 07:48:17 +02:00
Hauke Mehrtens
1903233f2b treewide: Mark packages nonshared if they depend on @TARGET_
This marks all packages which depend on a target with @TARGET nonshared.
If they are not marked nonshared they would be build by the SDK build
and if this happens with a different SDK, then the SDK from the target
the package depends on, the package would not be added to the index.

This should fix the image builder for some of these packages.

This should fix the image builder at least for bcm27xx/bcm2710 and
bcm4908/generic.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-24 00:28:22 +02:00
Robert Marko
b054009854 mac80211: fix ATH_REG_DYNAMIC_USER_REG_HINTS
ATH_REG_DYNAMIC_USER_REG_HINTS is currently not being set as mac80211
tries to set it as m which is not possible as its boolean only.

Since its used alongside user regulatory, move it to USER_REGD.

This is required for ath11k to accept regulatory changes, otherwise
it wont accept any changes and will simply force US.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-05-23 15:11:38 +02:00
Alexander Egorenkov
42cd06f7fe kexec-tools: add patch to fix issue with appended DTB and zImage on ARM
This patch fixes a recently found problem when a zImage passed to
kexec-tools contains an appended DTB. In that case kexec boot fails because
the decompressor wrongly tries to use the non-existing appended DTB instaed
of the one passed in the register r2.

- http://lists.infradead.org/pipermail/kexec/2021-April/022353.html

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
2021-05-23 15:11:38 +02:00
Konstantin Demin
0097899da7 binutils: update to 2.35.2
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2021-05-23 15:11:38 +02:00
Aleksander Jan Bajkowski
08664f9bf3 kernel: limit crypto-hw-talitos to the mpc85xx and layerscape
CONFIG_CRYPTO_DEV_TALITOS depends on FSL_SOC. This driver only makes sense
on Freescale(NXP) SoCs.

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
2021-05-23 15:11:38 +02:00
Aleksander Jan Bajkowski
8f80b9b8f6 kernel: limit crypto-hw-geode to the x86/geode
CONFIG_CRYPTO_DEV_GEODE depends on X86_32. This driver only makes sense
on X86\geode.

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
2021-05-23 15:11:38 +02:00
Aleksander Jan Bajkowski
577ba5a3a9 kernel: crypto: drop kmod-crypto-pcompress
CONFIG_CRYPTO_PCOMP and CONFIG_CRYPTO_PCOMP2 have been removed in upstream commit[1].
This symbol doesn't exist since kernel 4.6 and this package is empty.

1. [ crypto: compress - remove unused pcomp interface ]
(110492183c)

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
2021-05-23 15:11:38 +02:00
Aleksander Jan Bajkowski
f298d5b810 kernel: crypto: drop kmod-crypto-wq
CONFIG_CRYPTO_WORKQUEUE was removed in upstream commit[1]. This symbol doesn't
exist since kernel 5.3 and this package is empty.

1. [ crypto: cryptd - move kcrypto_wq into cryptd ]
(3e56e16863)

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
2021-05-23 15:11:38 +02:00
Ivan Pavlov
b1baa01f14 wolfssl: add support for OpenVPN
Support for wolfSSL has been upstreamed to the master OpenVPN branch
in f6dca235ae560597a0763f0c98fcc9130b80ccf4, so we can use wolfSSL
directly in OpenVPN. So no more needed differnt SSL engine for OpenVPN
in systems based on wolfSSL library
Compiled && tested on ramips/mt7620, ramips/mt7621

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
2021-05-23 15:11:38 +02:00
Anderson McKinley
0eca9699b1 kernel: add kmod-input-leds
Adds support for LEDs on input devices. Useful for example on x86 laptops-
allows re-purposing num/caps/scroll lock LEDs.

Signed-off-by: Anderson McKinley <coyoso@tuta.io>
2021-05-23 15:10:30 +02:00
David Bauer
ddcb970274 hostapd: wolfssl: add RNG to EC key
Since upstream commit 6467de5a8840 ("Randomize z ordinates in
scalar mult when timing resistant") WolfSSL requires a RNG for
the EC key when built hardened which is the default.

Set the RNG for the EC key to fix connections for OWE clients.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-05-21 15:44:05 +02:00
David Bauer
ef9b103107 wolfssl: always export wc_ecc_set_rng
Since commit 6467de5a8840 ("Randomize z ordinates in scalar
mult when timing resistant") wolfssl requires a RNG for an EC
key when the hardened built option is selected.

wc_ecc_set_rng is only available when built hardened, so there
is no safe way to install the RNG to the key regardless whether
or not wolfssl is compiled hardened.

Always export wc_ecc_set_rng so tools such as hostapd can install
RNG regardless of the built settings for wolfssl.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-05-21 15:43:57 +02:00
Chen Minqiang
a9ebd3a0ea busybox: nslookup applet link with resolv if use glibc
This fixed b36b8b6929
("busybox: remove nslookup_lede/openwrt.patch")

It is likely dropped by mistake, This add back the changes

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2021-05-21 11:31:46 +02:00
Dirk Neukirchen
622f8ef577 grub2: disable liblzma dependency
Florian Ekert reported:

"I have build a fresh master branch recently, Since your last change [1]
on grub2, I have now a new dependency on liblzma for the install package
grub2-editenv.

root@st-dev-07 /usr/lib # ldd /root/grub-editenv
       /lib/ld-musl-x86_64.so.1 (0x7f684b088000)
       liblzma.so.5 => /usr/lib/liblzma.so.5 (0x7f684b06d000)
       libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7f684b059000)
       libc.so => /lib/ld-musl-x86_64.so.1 (0x7f684b088000)

This was not the case before your update.

root@st-dev-07 /usr/sbin # ldd /usr/sbin/grub-editenv
       /lib/ld-musl-x86_64.so.1 (0x7fd970176000)
       libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7fd970162000)
       libc.so => /lib/ld-musl-x86_64.so.1 (0x7fd970176000)

My build complains that it cannot satisfy the runtime package dependency
for grub2-editenv.

install -d -m0755 /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/ipkg-x86_64/grub2-editenv/usr/sbin
install -m0755 /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/grub-editenv /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/ipkg-x86_64/grub2-editenv/usr/sbin/
find /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/ipkg-x86_64/grub2-editenv -name 'CVS' -o -name '.svn' -o -name '.#*' -o -name '*~'| xargs -r rm -rf
Package grub2-editenv is missing dependencies for the following libraries:
liblzma.so.5
make[2]: *** [Makefile:166: /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/bin/APOS/feckert/master/master-Maggie-455-ga5edc0e8e/x86_64/targets/x86/64/packages/grub2-editenv_2.06~rc1-1_x86_64.ipk] Error 1
make[2]: Leaving directory '/home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/package/boot/grub2'
time: package/boot/grub2/pc/compile#78.64#9.79#83.88
   ERROR: package/boot/grub2 failed to build (build variant: pc).
make[1]: *** [package/Makefile:116: package/boot/grub2/compile] Error 1
make[1]: Leaving directory '/home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt'
make: *** [/home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/include/toplevel.mk:230: package/boot/grub2/compile] Error 2

If I add the following changes to the package all works as expected.

<snip>
-  DEPENDS:=@TARGET_x86
+  DEPENDS:=@TARGET_x86 +liblzma
  VARIANT:=pc
endef

This is a hotfix but I dont´t think this is the final solution, because lzma is provided by the package xz.
And This is maintained in the package feed [not the core]"

Dirk stated & offered his patch to disable liblzma and thus resolve the
'out of core dependency' problem:

"LZMA is used in mkimage.c
disabling it prints
Without liblzma (no support for XZ-compressed mips images) (explicitly disabled)
(see configure.ac)

liblzma is autodetected so this issue was present but hidden somehow

[unsure: grep/image generation does not use grub with that option]
OpenWrt does not use that feature currently

[!] some scripts and examples use --compression=xz or -C xz and those will break

grub has an internal xzlib for different "lzma" functionality
(ext. LIBLZMA from XZ (GRUB_COMPRESSION_XZ) vs. GRUB_COMPRESSION_LZMA)"

Hopefully fixes e74d81ece2 and doesn't
break anything else.

Signed-off-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
[include Florian's description of how problem 1st encountered]
[bump package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-05-21 09:17:59 +01:00
Piotr Dymacz
6f3a05ebb0 uboot-envtools: support uci-default config also per subtargets
The current version of 'uboot-envtools' package generates dedicated
uci-default file only per target. This change makes it possible to
use subtarget-specific files, with name pattern: 'target_subtarget'
(example: 'ath79_nand'). The subtarget-specific files will take
precedence over target-specific one.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-05-20 13:57:43 +02:00
Piotr Dymacz
fab114f6f3 uboot-imx6: update BUILD_DEVICES values
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-05-20 13:45:12 +02:00
Piotr Dymacz
959eabf172 uboot-imx6: drop 'HIDDEN' flag from 'mx6cuboxi' define
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-05-20 13:45:12 +02:00
Rafał Miłecki
80be798d4a Revert "base-files: migrate old UCI network bridge ports syntax"
This reverts commit f716c30241.

Migrating everyone to the new syntax could break downgrades. We may
reintroduce it way later if needed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-05-20 12:25:25 +02:00
Rafał Miłecki
cea6631cdf netifd: update to the latest master
config: fix ifname->ports compat rename

Fixes: 829b5c2ba3 ("netifd: update to the latest version")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-05-20 12:25:25 +02:00
Rafał Miłecki
0e459668c5 base-files: generate bridge device sections with br- name prefix
Missing br- prefix could result in name conflict between DSA port
interface and bridge interface. Some devices with just one LAN port use
"lan" interface name for DSA port. Trying to create bridge with the same
"lan" name was failing.

Reported-by: David Bauer <mail@david-bauer.net>
Fixes: 43fc720657 ("base-files: generate "device" UCI type section for bridge")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-05-20 10:40:59 +02:00
Philip Prindeville
b810d649fb busybox: preserve crontabs
/etc/syslog.conf is used by sysklogd, and /etc/crontabs is used
by crond, both features of busybox.  Given this, ownership for
these files should be bound to busybox, especially if one day
there's a way to do an in-place opkg update of busybox.

There's also the busybox provided syslogd which uses this file
if CONFIG_BUSYBOX_FEATURE_SYSLOGD_CFG is set.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2021-05-19 15:50:50 +02:00
Nick Hainke
b36b8b6929 busybox: remove nslookup_lede/openwrt.patch
The nslookup_lede/openwrt applet was introduced in de5b8e5. It was
introduced because:

  Add a new LEDE nslookup applet which is compatible with musl libc
  and providing more features like ability to specify query type.

  In contrast to busybox' builtin nslookup applet, this variant does
  not rely on libc resolver internals but uses explicit send logic
  and the libresolv primitives to parse received DNS responses.

In busybox this applet is added in 0dd3be8. In particular, this commit
introduces the variable NSLOOKUP_BIG. We set the default to true and
so nothing changes.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-05-19 01:08:23 +02:00
Paul Spooren
a725382978 busybox: show reproducible timestamp
On login busybox shows a timestamp per default contianing the build
date. Since the build date isn't reproducible per default this behaviour
was disabled by default via 34df4d40 "busybox: disable timestamp in
version".

This commit modifies busybox so that the printed timestamp reproducible
using SOURCE_DATE_EPOCH and therefore shouldn't be disabled anymore.

Before:

    BusyBox v1.33.1 () built-in shell (ash)

After:

    BusyBox v1.33.1 (2021-05-13 09:34:34 UTC) built-in shell (ash)

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-05-19 00:32:46 +02:00
Rafał Miłecki
f716c30241 base-files: migrate old UCI network bridge ports syntax
netifd has been recently patched to use more accurate "ports" option
instead of "ifname". This is a simple translation between two UCI
options.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-05-18 20:07:56 +02:00
Rafał Miłecki
43fc720657 base-files: generate "device" UCI type section for bridge
This switches from the old way of defining bridges in an "interface" UCI
section type (that should be used for layer 3 only). From now a defualt
board switch will have its own "device" UCI section type. It's a new &
preferred way of defining L2 devices.

Before:

config interface 'lan'
        option type 'bridge'
        option ifname 'lan1 lan2 lan3 lan4'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

After:

config device
        option name 'lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option ifname 'lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-05-18 20:07:51 +02:00
David Bauer
e884389976 rpcd: fix PKG_MIRROR_HASH
Fixes commit 97e820c6d6 ("rpcd: update to latest HEAD")

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-05-18 19:31:44 +02:00
Paul Spooren
25fdb42249 busybox: use $(AUTORELEASE) and SPDX
use AUTORELEASE since BusyBox is often updaten and PKG_RELEASE is not
consistently bumped. Also use SPDX license headers to be machine
readable and bump the copyright year to 2021.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-05-18 19:20:23 +02:00
Felix Fietkau
829b5c2ba3 netifd: update to the latest version
02dd2f2df7cb fix unannotated fall-through warnings
3052f2f67686 extdev: remove unused function
2a97fd006c3b device: add support for configuring devices with external auth handler
87e469be0c08 wireless: fix memory corruption bug when using vlans/station entries in the config
7277764bf817 bridge: rename "ifname" attribute to "ports"

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-18 12:56:32 +02:00
Felix Fietkau
cf45caeff1 hostapd: add patch for disabling automatic bridging of vlan interfaces
netifd is responsible for handling that, except if the vlan bridge
was provided by the config

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-18 12:52:52 +02:00
Felix Fietkau
2d89d7c748 hostapd: add ubus notifications for adding/removing vlan interfaces
This can be used to handle network configuration of dynamically created vlan
interfaces in a more flexible way

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-18 12:52:52 +02:00
Felix Fietkau
04d21604fd libubox: update to the latest version
870acee325fe tests: cram: test_base64: fix failing tests
4d8995e91d56 tests: cram: test_base64: really fix failing tests
551d75b5662c libubox: tests: add more blobmsg/json test cases
a0dbcf8b8f96 tests: add blob-buffer overflow test
b36a3a90098d blob: fix exceeding maximum buffer length
b8abed749423 utils.h: add fallthrough macro
b14c4688612c json_script: fix unannotated fall-through warning

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-18 12:52:52 +02:00
Rafał Miłecki
d42640e389 base-files: use "ports" array in board.json network for bridges
Bridge aggregates multiple ports so use a more accurate name ("ports")
and format (array) for storing them in board.json.

Example:

"network": {
	"lan": {
		"ports": [
			"lan1",
			"lan2",
			"lan3",
			"lan4"
		],
		"protocol": "static"
	},
	"wan": {
		"ifname": "wan",
		"protocol": "dhcp"
	}
}

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-05-18 12:30:16 +02:00
Hauke Mehrtens
097dc943f1 openwrt-keyring: Only copy sign key for snapshots
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the master feeds.

If one of the other keys would be compromised this would not affect
users of master snapshot builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-17 19:02:02 +02:00
Giulio Lorenzo
b108ed0ab0 ath79: add support for ZiKing CPE46B
ZiKing CPE46B is a POE outdoor 2.4ghz device with an integrated directional
antenna. It is low cost and mostly available via Aliexpress, references can
be found at:
- https://forum.openwrt.org/t/anddear-ziking-cpe46b-ar9331-ap121/60383
- https://git.lsd.cat/g/openwrt-cpe46b

Specifications:

- Atheros AR9330
- 32MB of RAM
- 8MB of flash (SPI NOR)
- 1 * 2.4ghz integrated antenna
- 2 * 10/100/1000 ethernet ports (1 POE)
- 3 * Green LEDs controlled by the SoC
- 3 * Green LEDs controlled via GPIO
- 1 * Reset Button controlled via GPIO
- 1 * 4 pin serial header on the PCB
- Outdoor packaging

Flashing instruction:

You can use sysupgrade image directly in vendor firmware which is based
on OpenWrt/LEDE. In case of issues with the vendor GUI, the vendor
Telnet console is vulnerable to command injection and can be used to gain
a shell directly on the OEM OpenWrt distribution.

Signed-off-by: Giulio Lorenzo <salveenee@mortemale.org>
[fix whitespaces, drop redundant uart status and serial0, drop
num-chipselects, drop 0x1002 MAC address for wmac]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-05-17 01:01:32 +02:00
Florian Eckert
e0c6506158 base-files: change logging for upgrade on fwtool
Remove vn call in favour of v call. This commit serves as preparation
for removing the v function call.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[alter slightly to prevent double space after colon]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-05-17 01:00:14 +02:00
Daniel Golle
23f98b3eb7
fstools: add missing #define _GNU_SOURCE
asprintf requires _GNU_SOURCE to be defined. Set it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-16 09:55:55 +01:00
Stijn Tintel
e74d81ece2 grub2: bump to 2.06-rc1
When building GRUB with binutils 2.35.2 or later, an error occurs due to
a section .note.gnu.property that is placed at an offset such that
objcopy needs to pad the img file with zeros. This in turn causes the
following error: "error: Decompressor is too big.".

The fix accepted by upstream patches a python script that isn't executed
at all when building GRUB with OpenWrt buildroot. There's another patch
that patches the files generated by that python script directly, but by
including it we would deviate further from upstream. Instead of doing
that, simply bump to the latest release candidate.

As one of the fixes for the CVEs causes grub to crash on some x86
hardware using legacy BIOS when compiled with -O2, filter -O2 and
-O3 out of TARGET_CFLAGS.

Fixes the following CVEs:
- CVE-2020-14372
- CVE-2020-25632
- CVE-2020-25647
- CVE-2020-27749
- CVE-2020-27779
- CVE-2021-3418
- CVE-2021-20225
- CVE-2021-20233

Runtime-tested on x86/64.

Fixes: FS#3790

Suggested-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-05-16 04:00:29 +03:00
Stijn Tintel
844598dcbb umdns: bump to git HEAD
777a0b service: fix compilation with GCC 10

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-05-16 03:59:54 +03:00
Daniel Golle
f8c98ee6c2
fstools: update to git HEAD
c44b40b overlay: fix syncronizing typo
 b5397a1 fstools: block: fix segfault on mount with no target
 bd7cc8d block: use dynamically allocated target string
 6d8450e blockd: use allocated strings instead of fixed buffers
 d47909e libblkid-tiny: fix buffer overflow
 67d2297 block: match device path instead of assuming /dev/%s
 2aeba88 block: allow autofs and umount commands also on MTD/UBI

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-16 00:37:01 +01:00
Felix Fietkau
f62aa9e781 mt76: update to the latest version
28b162366d09 mt76: fix calling mt76_get_of_eeprom with an offset for pre-cal data
9d736545bb5a mt76: mt7915: disable pre-calibration support for now

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-15 09:18:28 +02:00
Baptiste Jonglez
1ec6fc4dcb uclient: update to Git version 2021-05-14
6a6011d uclient-http: set eof mark when content-length is 0
19571e4 tests: fix help usage test for uclient built with sanitizer
c5fc04b tests: fix help usage test

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2021-05-14 23:40:42 +02:00
Baptiste Jonglez
7fea9d9f5d busybox: disable PREFER_IPV4_ADDRESS
PREFER_IPV4_ADDRESS is broken on IPv6-only hosts, as it causes busybox
utilities (ping, traceroute, ntpd) to forcibly use the A record instead of
the AAAA record when resolving a DNS name.  This obviously fails when
there is no IPv4 connectivity.  Since IPv6-only hosts or routers will only
become more common over time, disable PREFER_IPV4_ADDRESS to support this
use-case.

As a side-effect, disabling PREFER_IPV4_ADDRESS changes the default
resolution behaviour of busybox utilities on dual-stack hosts.  Busybox
utilities now simply use the order given by getaddrinfo(), so they will
now prefer IPv6 addresses when resolving a name with both A and AAAA
records if there is IPv6 connectivity.  This is in line with RFC 6724.

PREFER_IPV4_ADDRESS was likely intended to work around naive
implementations of getaddrinfo() that could return AAAA records first,
even on an IPv4-only host.  But both musl (since 1.1.3) and glibc
correctly implement RFC 6724 for getaddrinfo() and check connectivity to
determine the correct order in which to return records.  On IPv4-only
hosts, getaddrinfo() will return A records first, so there is no need for
the PREFER_IPV4_ADDRESS hack.

See also: https://bugs.busybox.net/show_bug.cgi?id=12381

Fixes: FS#84
Fixes: FS#2608
References: https://github.com/openwrt/openwrt/pull/4167
Signed-off-by: Alexander Traud <pabstraud@compuserve.com>
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2021-05-14 15:56:20 +02:00
Leonardo Mörlein
b993b68b6c build: introduce $(MKHASH)
Before this commit, it was assumed that mkhash is in the PATH. While
this was fine for the normal build workflow, this led to some issues if

    make TOPDIR="$(pwd)" -C "$pkgdir" compile

was called manually. In most of the cases, I just saw warnings like this:

    make: Entering directory '/home/.../package/gluon-status-page'
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    [...]

While these were only warnings and the package still compiled sucessfully,
I also observed that some package even fail to build because of this.

After applying this commit, the variable $(MKHASH) is introduced. This
variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the
correct path.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
2021-05-13 15:13:15 +02:00
Felix Fietkau
b5fb6761a2 mt76: update to the latest version
Includes fix for CVE-2020-24588

c7dd54a22e30 mt76: connac: skip wtbl reset on sta disconnect
3511fd430356 mt76: validate rx A-MSDU subframes
aedc3145de6e mt76: fix possible NULL pointer dereference in mt76_tx
5c2baab92cd0 mt76: mt7615: fix NULL pointer dereference in tx_prepare_skb()
af21659ee834 mt76: mt76x0: use dev_debug instead of dev_err for hw_rf_ctrl
e423c16f16f7 mt76: mt7615: free irq if mt7615_mmio_probe fails
f2d0da8da9b7 mt76: mt7663: enable hw rx header translation
d2713a5d9de9 mt76: mt7921: fix mt7921_wfsys_reset sequence
ce5f32d84f33 mt76: mt7921: Don't alter Rx path classifier
8ab8c7747197 mt76: connac: fw_own rely on all packet memory all being free
a747b0bb4956 mt76: mt7921: enable deep sleep at runtime
2e6e999509b1 mt76: mt7921: add deep sleep control to runtime-pm knob
30bcb2338ce2 mt76: connac: fix WoW with disconnetion and bitmap pattern
56518f4a126e mt76: mt7921: consider the invalid value for to_rssi
e969ab10a034 mt76: mt7921: add back connection monitor support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-13 10:25:18 +02:00
Nick Hainke
6713fe030f busybox: update to 1.33.1
Remove backports:
- 001-backport1330fix-ash-make-strdup-copy.patch
- 002-backport1330fix-traceroute.patch
- 005-backport-CVE-2021-28831.patch

Remove upstreamed:
- 010-fix-wrong-variable.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
[don't use $(AUTORELEASE) for now]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-05-12 18:32:03 +02:00
Felix Fietkau
025bd93f36 mac80211: backport upstream fixes for FragAttacks
From the patch series description:

Several security issues in the 802.11 implementations were found by
Mathy Vanhoef (New York University Abu Dhabi), who has published all
the details at

	https://papers.mathyvanhoef.com/usenix2021.pdf

Specifically, the following CVEs were assigned:

 * CVE-2020-24586 - Fragmentation cache not cleared on reconnection
 * CVE-2020-24587 - Reassembling fragments encrypted under different
                    keys
 * CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to
                    payload being parsed as an L2 frame under an
                    A-MSDU bit toggling attack
 * CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
 * CVE-2020-26140 - Accepting plaintext data frames in protected
                    networks
 * CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
 * CVE-2020-26142 - Processing fragmented frames as full frames
 * CVE-2020-26143 - Accepting fragmented plaintext frames in
                    protected networks
 * CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that
                    start with RFC1042 header with EAPOL ethertype
 * CVE-2020-26145 - Accepting plaintext broadcast fragments as full
                    frames
 * CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive
                    packet numbers
 * CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments

In general, the scope of these attacks is that they may allow an
attacker to
 * inject L2 frames that they can more or less control (depending on the
   vulnerability and attack method) into an otherwise protected network;
 * exfiltrate (some) network data under certain conditions, this is
   specific to the fragmentation issues.

A subset of these issues is known to apply to the Linux IEEE 802.11
implementation (mac80211). Where it is affected, the attached patches
fix the issues, even if not all of them reference the exact CVE IDs.

In addition, driver and/or firmware updates may be necessary, as well
as potentially more fixes to mac80211, depending on how drivers are
using it.

Specifically, for Intel devices, firmware needs to be updated to the
most recently released versions (which was done without any reference
to the security issues) to address some of the vulnerabilities.

To have a single set of patches, I'm also including patches for the
ath10k and ath11k drivers here.

We currently don't have information about how other drivers are, if
at all, affected.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-12 17:51:59 +02:00
Perry Melange
3a359398f0 busybox: add SRV support to nslookup_lede.c patch
Add support for querying and parsing SRV DNS records to nslookup_lede.c

This patch is based on http://lists.busybox.net/pipermail/busybox/2019-June/087359.html

Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
[reword subject, bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-05-12 13:19:47 +02:00
Jo-Philipp Wich
75ea878d1b base-files: shinit: properly handle dashes in service names
Fixes: FS#3801
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-05-12 12:44:32 +02:00
Alexander Egorenkov
1854aeec4d build: fix opkg install step for large package selection
When the list of packages to be installed in a built image exceeds a certain
number, then 'opkg install' executed for target '$(curdir)/install' in
package/Makefile fails with: /usr/bin/env: Argument list too long.

On Linux, the length of a command-line parameter is limited by
MAX_ARG_STRLEN to max 128 kB.

* https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/binfmts.h#L15
* https://www.in-ulm.de/~mascheck/various/argmax/

To solve the problem, store the package list being passed to 'opkg install'
in a temporary file and use the shell command substitution to pass the
content of the file to 'opkg install'. This guarantees that the length of
the command-line parameters passed to the bash shell is short.

The following bash script demonstrates the problem:
----------------------------------------------------------------------------
count=${1:-1000}

FILES=""
a_file="/home/egorenar/Repositories/openwrt-rel/bin/targets/alpine/generic/packages/base-files_1414-r16464+19-e887049fbb_arm_cortex-a15_neon-vfpv4.ipk"

for i in $(seq 1 $count); do
	FILES="$FILES $a_file"
done

env bash -c "echo $FILES >/dev/null"
echo "$FILES" | wc -c
----------------------------------------------------------------------------

Test run:
----------------------------------------------------------------------------
$ ./test.sh 916
130989
$ ./test.sh 917
./test.sh: line 14: /bin/env: Argument list too long
131132
----------------------------------------------------------------------------

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
[reword commit subject]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-05-12 11:13:53 +02:00
Keith T. Garner
6a37286c2a kernel: add kmod-leds-uleds
The allows userspace LEDs to be created and controlled. This can be useful
for testing triggers and can also be used to implement virtual LEDs.

Signed-off-by: Keith T. Garner <kgarner@kgarner.com>
[squash fixup commit and improve option wording]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-05-12 10:47:23 +02:00
Felix Fietkau
06f5e8009d mt76: update to the latest version
186af01047b2 mt76: mt7921: introduce MCU_EVENT_LP_INFO event parsing
93b5c28c97d5 mt76: mt7921: add rcu section in mt7921_mcu_tx_rate_report
a8e89c5a1d1f mt76: testmode: add support to send larger packet
a0cc9a9e3877 mt76: mt7915: rework mt7915_tm_set_tx_len()
c8b96630324e mt76: mt7915: fix rate setting of tx descriptor in testmode
22fd2958c42a mt76: mt7615: fix memleak when mt7615_unregister_device()
7401e0db3143 mt76: mt7915: fix memleak when mt7915_unregister_device()
c3656268b3f6 mt76: mt7915: only free skbs after mt7915_dma_reset() when reset happens
0ce955b04ba8 mt76: mt7615: only free skbs after mt7615_dma_reset() when reset happens
b03d1e62acf7 mt76: mt7615: use ieee80211_free_txskb() in mt7615_tx_token_put()
5ac02e22fb03 mt76: flush tx status queue on DMA reset
c71f609b398a mt76: sync with upstream changes
23ecadd4af77 mt76: mt7615: fix hardware error recovery for mt7663
57a899ee3c3c mt76: mt7615: fix entering driver-own state on mt7663
42a2dddb706b mt76: mt7615: load ROM patch before checking patch semaphore status
cf0e406af84a mt76: mt7915: add support for applying pre-calibration data
459940ccbc58 mt76: mt7921: move hw configuration in mt7921_register_device
0a094b11f3c0 mt76: improve mcu error logging
bf536832e37d mt76: mt7921: run mt7921_mcu_fw_log_2_host holding mt76 mutex
7616f4f78163 mt76: mt7921: add wifisys reset support in debugfs
e620bd881ef5 mt76: mt7921: abort uncompleted scan by wifi reset
e8dacf59ab1c mt76: mt7915: rework the flow of txpower setting
c8c78e577236 mt76: mt7915: directly read per-rate tx power from registers
1622bf4f8705 mt76: mt7921: add mt7921_dma_cleanup in mt7921_unregister_device
ef96fafad8a9 mt76: Convert to DEFINE_SHOW_ATTRIBUTE
90e4bfea2948 mt76: mt7921: do not use 0 as NULL pointer
0a139d7f5966 mt76: connac: move mcu_update_arp_filter in mt76_connac module
de26c73ce3c2 mt76: mt7921: remove leftover function declaration
1c0b6cb4f942 mt76: mt7921: fix a race between mt7921_mcu_drv_pmctrl and mt7921_mcu_fw_pmctrl
2923e3e2b8e4 mt76: mt7663: fix a race between mt7615_mcu_drv_pmctrl and mt7615_mcu_fw_pmctrl
74d0fdaa7a99 mt76: connac: introduce wake counter for fw_pmctrl synchronization
28c87e09a5ea mt76: mt7921: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx path
36f664edc7db mt76: mt7663: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx path
51b3d1a9a2b7 mt76: dma: add the capability to define a custom rx napi poll routine
4f1339c9fb72 mt76: mt7921: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx/rx napi
1bc5e67a60be mt76: mt7663: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx/rx napi
325f7b451c03 mt76: connac: unschedule ps_work in mt76_connac_pm_wake
12115052a02f mt76: connac: check wake refcount in mcu_fw_pmctrl
e5d28e3cef66 mt76: connac: remove MT76_STATE_PM in mac_tx_free
475112a3cdcc mt76: mt7921: get rid of useless MT76_STATE_PM in mt7921_mac_work
112998f32d85 mt76: connac: alaways wake the device before scanning
4334f3e2fc43 mt76: mt7615: rely on pm refcounting in mt7615_led_set_config
0562380659ad mt76: connac: do not run mt76_txq_schedule_all directly
acfa78df5708 mt76: connac: use waitqueue for runtime-pm
ca74a4cd0722 mt76: remove MT76_STATE_PM in tx path
0c2d3e74852e mt76: mt7921: add awake and doze time accounting
45e0eefffe9f mt76: mt7921: enable sw interrupts
fd2ff641166f mt76: mt7615: Fix a dereference of pointer sta before it is null checked
7e2521468767 mt76: mt7921: move mt7921_dma_reset in dma.c
c9dd6b1fa171 mt76: mt7921: introduce mt7921_wpdma_reset utility routine
2ac7c7e9c568 mt76: mt7921: introduce mt7921_dma_{enable,disable} utilities
662a89f2b9d1 mt76: mt7921: introduce mt7921_wpdma_reinit_cond utility routine
614efe9e9180 mt76: connac: introduce mt76_connac_mcu_set_deep_sleep utility
0dbb16ef39d8 mt76: mt7921: enable deep sleep when the device suspends
3c19f569cc70 mt76: mt7921: fix possible invalid register access
ade1f5aad4c6 mt76: move token_lock, token and token_count in mt76_dev
8d5c456be1ff mt76: move token utilities in mt76 common module
fb04d9df5e52 mt76: mt7915: do not read rf value from efuse in flash mode
2126b2176336 mt76: mt7921: get rid of mcu_reset function pointer
d325b7eff1b1 mt76: mt7921: improve doze opportunity
2ae25c7e547e mt76: mt7663: add awake and doze time accounting
349bbb9d6f13 mt76: connac: unschedule mac_work before going to sleep
98a235004dea mt76: mt7921: mt7921_stop should put device in fw_own state
63d80b9ab251 mt76: mt7921: introduce mt7921_mcu_sta_add routine
3c5bf837fdbd mt76: mt7615: fix a precision vs width bug in printk
ded14da5eacc mt76: mt7915: fix a precision vs width bug in printk
aaf0d254f9ea mt76: mt7921: fix a precision vs width bug in printk
757af5c67d32 mt76: move mt76_token_init in mt76_alloc_device
ed41ed73a495 mt76: mt7921: reinit wpdma during drv_own if necessary
92fb81e085c6 mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
53d915a23bc9 mt76: connac: do not schedule wake_work if the runtime-pm is disabled
23fe1bdcf15a mt76: connac: do not schedule mac_work if the device is not running
e5b19336c58e mt76: mt7615: do not set MT76_STATE_PM at bootstrap
0fc2136a61dd mt76_connac_mcu: move mt76_connac_mcu_update_arp_filter outside of CONFIG_PM
e693f3e23e06 mt76: mt7915: add MSI support
5231e7300fa4 mt7915: disable ASPM
554b50dabf54 mt76: connac: fix uninitialized HT A-MPDU setting field in STA_REC_PHY
43b9c0a838bb mt76: mt7921: fix max aggregation subframes setting
5a387a0a3004 mt76: mt7921: enable rx hw de-amsdu
c8cbcb87be07 mt76: connac: add missing configuration in mt76_connac_mcu_wtbl_hdr_trans_tlv
55921e57b380 mt76: mt7921: enable rx header traslation offload
01441f67d8b2 mt76: mt7921: enable rx csum offload
c9ab76dd93a0 mt76: mt7915: move mt7915_queue_rx_skb to mac.c
caedb4c4ee41 mt76: mt7615: fix fixed-rate tx status reporting
c6ae95d43e6d mt76: improve tx status codepath
27d468d094e6 mt76: mt7915: rework tx rate reporting
3b4ca5b09e2c mt76: mt7615: avoid use of ieee80211_tx_info_clear_status
e1f07d7f1cb9 mt76: mt7603: avoid use of ieee80211_tx_info_clear_status
18513ba5fbc2 mt76: mt7915: add support for tx status reporting
35f189cf81b2 mt76: mt7915: fix uninitialized variable in MSI error handling
9e928ac1ea9b mt76: dma: use ieee80211_tx_status_ext to free packets when tx fails
628eee9c386c mt76: fill queue entry wcid for all skbs with a station
a9bc4d94b7a1 mt76: intialize tx queue entry wcid to 0xffff by default
998ca8af7d17 mt76: mt7915: fix tssi indication field of DBDC NICs
7dd24b3cfacf mt76: mt7915: fix a signedness bug in mt7915_mcu_apply_tx_dpd()
535025d65d8d mt76: mt7915: cleanup mt7915_mcu_sta_rate_ctrl_tlv()
ff8bbe22dd87 mt76: mt7915: add .set_bitrate_mask() callback

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-10 12:37:36 +02:00
Daniel Golle
21b8550598
rpcd: set correct PKG_SOURCE_DATE
The previous commit bumped the source commit level without reflecting
that in PKG_SOURCE_DATA. Bump PKG_SOURCE_DATA as well.

Fixes: 97e820c6d6 ("rpcd: update to latest HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-10 10:57:09 +01:00
David Bauer
97e820c6d6 rpcd: update to latest HEAD
7a560a1 iwinfo: add 802.11ax HE support

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-05-10 01:20:00 +02:00
Bjørn Mork
2449a63208 ramips: mt7621: Add support for ZyXEL NR7101
The ZyXEL NR7101 is an 802.3at PoE powered 5G outdoor (IP68) CPE
with integrated directional 5G/LTE antennas.

Specifications:

 - SoC: MediaTek MT7621AT
 - RAM: 256 MB
 - Flash: 128 MB MB NAND (MX30LF1G18AC)
 - WiFi: MediaTek MT7603E
 - Switch: 1 LAN port (Gigabiti)
 - 5G/LTE: Quectel RG502Q-EA connected by USB3 to SoC
 - SIM: 2 micro-SIM slots under transparent cover
 - Buttons: Reset, WLAN under same cover
 - LEDs: Multicolour green/red/yellow under same cover (visible)
 - Power: 802.3at PoE via LAN port

The device is built as an outdoor ethernet to 5G/LTE bridge or
router. The Wifi interface is intended for installation and/or
temporary management purposes only.

UART Serial:

57600N1
Located on populated 5 pin header J5:

 [o] GND
 [ ] key - no pin
 [o] RX
 [o] TX
 [o] 3.3V Vcc

Remove the SIM/button/LED cover, the WLAN button and 12 screws
holding the back plate and antenna cover together. The GPS antenna
is fixed to the cover, so be careful with the cable.  Remove 4
screws fixing the antenna board to the main board, again being
careful with the cables.

A bluetooth TTL adapter is recommended for permanent console
access, to keep the router water and dustproof. The 3.3V pin is
able to power such an adapter.

MAC addresses:

OpenWrt OEM   Address          Found as
lan     eth2  08:26:97:*:*:BC  Factory 0xe000 (hex), label
wlan0   ra0   08:26:97:*:*:BD  Factory 0x4 (hex)
wwan0   usb0  random

WARNING!!

ISP managed firmware might at any time update itself to a version
where all known workarounds have been disabled.  Never boot an ISP
managed firmware with a SIM in any of the slots if you intend to use
the router with OpenWrt. The bootloader lock can only be disabled with
root access to running firmware. The flash chip is physically
inaccessible without soldering.

Installation from OEM web GUI:

- Log in as "supervisor" on https://172.17.1.1/
- Upload OpenWrt initramfs-recovery.bin image on the
  Maintenance -> Firmware page
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- (optional) Copy OpenWrt to the recovery partition. See below
- Sysupgrade to the OpenWrt sysupgrade image and reboot

Installation from OEM ssh:

- Log in as "root" on 172.17.1.1 port 22022
- scp OpenWrt initramfs-recovery.bin image to 172.17.1.1:/tmp
- Prepare bootloader config by running:
    nvram setro uboot DebugFlag 0x1
    nvram setro uboot CheckBypass 0
    nvram commit
- Run "mtd_write -w write initramfs-recovery.bin Kernel" and reboot
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- (optional) Copy OpenWrt to the recovery partition. See below
- Sysupgrade to the OpenWrt sysupgrade image and reboot

Copying OpenWrt to the recovery partition:

- Verify that you are running a working OpenWrt recovery image
  from flash
- ssh to root@192.168.1.1 and run:
    fw_setenv CheckBypass 0
    mtd -r erase Kernel2
- Wait while the bootloader mirrors Image1 to Image2

NOTE: This should only be done after successfully booting the OpenWrt
  recovery image from the primary partition during installation.  Do
  not do this after having sysupgraded OpenWrt!  Reinstalling the
  recovery image on normal upgrades is not required or recommended.

Installation from Z-Loader:

- Halt boot by pressing Escape on console
- Set up a tftp server to serve the OpenWrt initramfs-recovery.bin
  image at 10.10.10.3
- Type "ATNR 1,initramfs-recovery.bin" at the "ZLB>" prompt
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- Sysupgrade to the OpenWrt sysupgrade image

NOTE: ATNR will write the recovery image to both primary and recovery
  partitions in one go.

Booting from RAM:

- Halt boot by pressing Escape on console
- Type "ATGU" at the "ZLB>" prompt to enter the U-Boot menu
- Press "4" to select "4: Entr boot command line interface."
- Set up a tftp server to serve the OpenWrt initramfs-recovery.bin
  image at 10.10.10.3
- Load it using "tftpboot 0x88000000 initramfs-recovery.bin"
- Boot with "bootm  0x8800017C" to skip the 380 (0x17C) bytes ZyXEL
  header

This method can also be used to RAM boot OEM firmware. The warning
regarding OEM applies!  Never boot an unknown OEM firmware, or any OEM
firmware with a SIM in any slot.

NOTE: U-Boot configuration is incomplete (on some devices?). You may
  have to configure a working mac address before running tftp using
   "setenv eth0addr <mac>"

Unlocking the bootloader:

If you are unebale to halt boot, then the bootloader is locked.

The OEM firmware locks the bootloader on every boot by setting
DebugFlag to 0.  Setting it to 1 is therefore only temporary
when OEM firmware is installed.

- Run "nvram setro uboot DebugFlag 0x1; nvram commit" in OEM firmware
- Run "fw_setenv DebugFlag 0x1" in OpenWrt

  NOTE:
    OpenWrt does this automatically on first boot if necessary

  NOTE2:
    Setting the flag to 0x1 avoids the reset to 0 in known OEM
    versions, but this might change.

  WARNING:
    Writing anything to flash while the bootloader is locked is
    considered extremely risky. Errors might cause a permanent
    brick!

Enabling management access from LAN:

Temporary workaround to allow installing OpenWrt if OEM firmware
has disabled LAN management:

- Connect to console
- Log in as "root"
- Run "iptables -I INPUT -i br0 -j ACCEPT"

Notes on the OEM/bootloader dual partition scheme

The dual partition scheme on this device uses Image2 as a recovery
image only. The device will always boot from Image1, but the
bootloader might copy Image2 to Image1 under specific conditions. This
scheme prevents repurposing of the space occupied by Image2 in any
useful way.

Validation of primary and recovery images is controlled by the
variables CheckBypass, Image1Stable, and Image1Try.

The bootloader sets CheckBypass to 0 and reboots if Image1 fails
validation.

If CheckBypass is 0 and Image1 is invalid then Image2 is copied to
Image1.

If CheckBypass is 0 and Image2 is invalid, then Image1 is copied to
Image2.

If CheckBypass is 1 then all tests are skipped and Image1 is booted
unconditionally.  CheckBypass is set to 1 after each successful
validation of Image1.

Image1Try is incremented if Image1Stable is 0, and Image2 is copied to
Image1 if Image1Try is 3 or larger.  But the bootloader only tests
Image1Try if CheckBypass is 0, which is impossible unless the booted
image sets it to 0 before failing.

The system is therefore not resilient against runtime errors like
failure to mount the rootfs, unless the kernel image sets CheckBypass
to 0 before failing. This is not yet implemented in OpenWrt.

Setting Image1Stable to 1 prevents the bootloader from updating
Image1Try on every boot, saving unnecessary writes to the environment
partition.

Keeping an OpenWrt initramfs recovery as Image2 is recommended
primarily to avoid unwanted OEM firmware boots on failure. Ref the
warning above. It enables console-less recovery in case of some
failures to boot from Image1.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
2021-05-09 09:15:44 +02:00
Daniel Golle
cc201759b6
uboot-mediaktek: add support for PSTORE and check it on boot
Add support for pstore/ramoops now that DRAM content is preserved
over reboot on MT7622. On each boot, check pstore and boot to recovery
image in case there are records stored in it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-08 23:35:38 +01:00
Daniel Golle
c91c0c1f85
arm-trusted-firmware-mediatek: update to git HEAD
Most notably this enabled use of pstore/ramoops on MT7622 as DRAM
content is now preserved over reboot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-08 23:27:38 +01:00
Thomas Richard
2eda042d55 uqmi: fix network registration loop
With some debug in qmi.sh using following patch, some errors are visible
in the registration step
@@ -29,6 +29,7 @@ proto_qmi_init_config() {
 }

 proto_qmi_setup() {
+       set -x
        local interface="$1"
        local dataformat connstat plmn_mode mcc mnc
        local device apn auth username password pincode delay modes pdptype
@@ -224,6 +225,8 @@ proto_qmi_setup() {
                fi
        done

+       registration=$(uqmi -s -d "$device" --get-serving-system)
+
        [ -n "$modes" ] && uqmi -s -d "$device" --set-network-modes "$modes" > /dev/null 2>&1

        echo "Starting network $interface"

During the boot of the system, modem could not start automatically its
network registration.
netifd: wan (9235): + echo 'Waiting for network registration'
netifd: wan (9235): Waiting for network registration
netifd: wan (9235): + local 'registration_timeout=0'
netifd: wan (9235): + uqmi -s -d /dev/cdc-wdm1 --get-serving-system
netifd: wan (9235): + grep '"searching"'
netifd: wan (9235): + uqmi -s -d /dev/cdc-wdm1 --get-serving-system
netifd: wan (9235): + registration='{"registration":"not_registered","plmn_mcc":208,"plmn_mnc":20,"plmn_description":"","roaming":true}'
netifd: wan (9235): + '[' -n  ]
netifd: wan (9235): + echo 'Starting network wan'

As the while loop checks only "searching" pattern, uqmi.sh script quits
searching loop and continues whereas the modem is not registered

Other issue, after X seconds modem stops searching.
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + grep '"searching"'
netifd: wan (9213): + '[' -e /dev/cdc-wdm0 ]
netifd: wan (9213): + '[' 3 -lt 0 -o 0 '=' 0 ]
netifd: wan (9213): + let registration_timeout++
netifd: wan (9213): + sleep 1
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + grep '"searching"'
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + registration='{"registration":"not_registered"}'
netifd: wan (9213): + '[' -n  ]
netifd: wan (9213): + echo 'Starting network wan'
netifd: wan (9213): Starting network wan

If registration_timeout is not expired, registration can be restarted

Signed-off-by: Thomas Richard <thomas.richard@kontron.com>
Tested-by: Florian Eckert <fe@dev.tdt.de>
2021-05-08 12:29:24 +02:00
Daniel Golle
f990bddf6f
uboot-envtools: change size for unifi-6-lr
The previous commit increased the U-Boot environment size of the
UniFi 6 LR to 0x4000. Also change it uboot-envtools accordingly.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-07 22:50:22 +01:00
Daniel Golle
af3a1adee0
uboot-mediatek: unifi-6-lr: fix erase of production parition
mtd erase needs to be aligned with erase blocks. Use padded image size
for erasing the production volume.
As the environment grew above the current size of 0x1000 bytes by
introducing the new padding function, increase the env size to 0x4000.
While at it, clean up reset button function to work to more reliable on
that board.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-07 22:50:15 +01:00
Daniel Golle
b607e7df34
procd: update to git HEAD
021ece8 procd: Use /dev/console for serial console if exists

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-05 13:18:50 +01:00
Daniel Golle
a2b9ec0231
base-files: upgrade: take down loop and LVM before upgrade
Users of devices with large block storage may choose to have an LVM
partition on the same device which is used for booting OpenWrt.
The presents a problem during sysupgrade as the root device is then
still busy and changing partitions will not work as desired,
leading to data corruption in case the newly flashed image is larger
than the currently installed one.
Having loop devices setup causes similar havoc.
Make sure all volume groups are offline and all loop devices have been
released before sysupgrade.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-05 13:18:43 +01:00
Alan Swanson
3980daffa4 dnsmasq: Update to version 2.85
Fixes issue with merged DNS requests in 2.83/2.84 not being
retried on the firsts failed request causing lookup failures.

Also fixes the following security problem in dnsmasq:
* CVE-2021-3448:
  If specifiying the source address or interface to be used
  when contacting upstream name servers such as:
  server=8.8.8.8@1.2.3.4, server=8.8.8.8@1.2.3.4#66 and
  server=8.8.8.8@eth0 then all would use the same socket
  bound to the explicitly configured port. Now only
  server=8.8.8.8@1.2.3.4#66 will use the explicitly
  configured port and the others random source ports.

Remove upstreamed patches and update remaining patch.

Signed-off-by: Alan Swanson <reiver@improbability.net>
[refreshed old runtime support patch]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-05-05 09:19:46 +01:00
Hauke Mehrtens
454d514f46 ltq-dsl-base: Make package nonshared to fix image builder
This package depends on the lantiq target and is only build for that
target. A normal package would be build by the SDK builder probably
under a different target and then this package will not be selected.
Mark it as nonshared to build it when the lantiq target gets build.

Fixes: FS#3773, FS#3774
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-04 22:25:47 +02:00
Hauke Mehrtens
17ac9849d3 mac80211: Update to version 5.10.34-1
The removed patches were applied upstream and are not needed anymore.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-04 22:25:43 +02:00
Hauke Mehrtens
13397b2b95 busybox: backport fix for CVE-2021-28831
This backports a fix for the low priority CVE-2021-28831:
  decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit
  on the huft_build result pointer, with a resultant invalid free or
  segmentation fault, via malformed gzip data.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-02 19:06:02 +02:00
David Bauer
5515c29029 iwinfo: update to latest Git HEAD
c45f0b5 iwinfo: add 802.11ax HE rate information

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-05-02 02:40:20 +02:00
Daniel Golle
fbcfa895a8
uboot-mediatek: bpi-r64: add TFTP update options to eMMC bootmenu
Just like on SPI-NAND, also allow updating the bootloader comfortably
on eMMC installations.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-01 22:55:22 +01:00
Chukun Pan
5e926c26d4 kernel: qlcnic: fix typo in module description
Fixes: f88c64d28c ("kernel: netdev: add qlcnic")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2021-05-01 21:48:57 +02:00
Hauke Mehrtens
95b210e513 kernel: qlcnic: add dependency to kmod-hwmon-core
QLCNIC_HWMON was activated when hwmon was set, but the dependency was
missing. This broke the build bot builds. Fix this by explicitly
activating HWMON support and adding a dependency.

Fixes: f88c64d28c ("kernel: netdev: add qlcnic")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-01 12:00:41 +02:00
Rui Salvaterra
eeda8652f1 mac80211/rtl: backport a rtl8192cu AP mode fix
Running USB devices in AP mode is never a good idea. That said, fix the TIM
issue in rtl8192cu [1], allowing these devices to "work" in AP mode.

[1] https://patchwork.kernel.org/project/linux-wireless/patch/20210419065956.6085-1-pkshih@realtek.com/

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-05-01 00:37:15 +02:00
Vieno Hakkerinen
f88c64d28c kernel: netdev: add qlcnic
Add driver for QLogic QLE8240 and QLE8242 Converged Ethernet devices.

Signed-off-by: Vieno Hakkerinen <vieno@hakkerinen.eu>
2021-05-01 00:37:09 +02:00
Chen Minqiang
e219b7f38b kernel: add kmod-ipvlan support
This kmod is similar to macvlan with the difference being that the
endpoints have the same mac address.

It is useful on cloud where only one mac address allowed on port,
where macvlan not works but ipvlan would.

One use case is where multiple IPs and gateways assign on one net port

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2021-04-30 23:51:23 +02:00
Mauri Sandberg
addf47a9a8 uboot-envtools: add support for Buffalo WZR-HP-G300NH
This adds an entries for wzr-hp-g300nh-rb and wzr-hp-g300nh-s.

Signed-off-by: Mauri Sandberg <sandberg@mailfence.com>
2021-04-30 23:51:23 +02:00
Roger Pueyo Centelles
d1f1e5269e ipq40xx: add support for MikroTik SXTsq 5 ac
This commit adds support for the MikroTik SXTsq 5 ac (RBSXTsqG-5acD),
an outdoor 802.11ac wireless CPE with one 10/100/1000 Mbps Ethernet
port.

Specifications:
 - SoC: Qualcomm Atheros IPQ4018
 - RAM: 256 MB
 - Storage: 16 MB NOR
 - Wireless: IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 16 dBi antennae
 - Ethernet: IPQ4018 (SoC) 1x 10/100/1000 port, 10-28 Vdc PoE in
 - 1x Ethernet LED (green)
 - 7x user-controllable LEDs
  · 1x power (blue)
  · 1x user (green)
  · 5x rssi (green)

Note:
 Serial UART is probably available on the board, but it has not been
 tested.

Flashing:
 Boot via TFTP the initramfs image. Then, upload a sysupgrade image
 via SSH and flash it normally. More info at the "Common procedures
 for MikroTik products" page https://openwrt.org/toh/mikrotik/common.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2021-04-29 10:55:07 +02:00
Chen Minqiang
43dad22025
uboot-mediatek: unifi6lr: mtd erase before write to flash
Erase firmware ereas before writing to recovery or production partition
when updating them via the bootloader menu.

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-04-28 20:54:43 +01:00
Daniel Golle
ebed523ee8
arm-trusted-firmware-mediatek: fix boot hang on unifi-6-lr
The Ubiquiti Networks UniFi 6 LR access point comes with a total of
512 MB RAM provided by 2x 8-bit DDR3 SDRAM. This combination lead to
problems with the DDR calibration on boot resulting in occasional hang
on boot. Use updated calibration binary provided by MediaTek to make
boot on that device more reliable.
The binary has also been tested on the BananaPi BPi-R64 board and that
also works just fine with the new binary.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-04-28 20:51:53 +01:00
Felix Fietkau
12cb52bd06 mac80211: minstrel_ht: fix issue in calculating success probability
Missing braces in a macro were leading to badly working rates sometimes
getting a success probabilty of 1.0

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-04-28 21:08:29 +02:00
David Bauer
6f77ce7724 iwinfo: update to latest Git HEAD
50b64a6 iwinfo: add basic IEEE 802.11ax support
70d2136 iwinfo: nl80211: perform split wiphy dump
cd23727 iwinfo: cli: fix hwmode formatting

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-04-28 03:08:10 +02:00
João Henriques
e8a5670122 dnsmasq: add ignore hosts dir to dnsmasq init script
When running multiple instances of dnsmasq, for example one being for the lan
and another for a guest network, it might not be desirable to have the same dns names
configured in both networks

Signed-off-by: João Henriques <joaoh88@gmail.com>
2021-04-24 21:35:27 +02:00
Hans Dedecker
c61ab68387 nat46: update to git HEAD
9df230a Zero checksum handling  (#25)
7688102 skip generating a UDP4 csum if the UDP6 csum is 0 and zero_csum_pass is set
4a9e4b1 zero csum: avoid calling the checksum adjustment function if udp csum is zero
2de14c5 add a module argument to skip checksum adjust for UDP if checksum is zero

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-04-24 21:11:33 +02:00
Tony Ambardar
aabc632023 bpftools: update to v5.11.16, simplify make
Update to the latest stable upstream version.

Drop unneeded make variables to remove redundant assignments seen during
invocation of package Makefile.

Also remove the following patch now included upstream:

  * 200-fix-install-param-order-on-macos.patch

Compile and run-tested on malta/mips32be, using bpftool directly and also
libbpf (linked with tc) to inspect and load simple eBPF programs.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-04-24 12:21:40 +01:00
Tony Ambardar
cf20f1bb5f bpftools: fix feature override for masking clang
Rename feature variable clang-bpf-global-var following upstream changes.
This restores the HAVE_CLANG feature override and should avoid rare build
errors where a recent host clang and BTF-enabled host kernel are present.

Fixes: 23be333401 ("bpftools: update to 5.10.10")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-04-24 12:21:40 +01:00
Tony Ambardar
3e3af1908c iproute2: avoid unneeded compiles to speed building
Skip building Makefile targets that aren't packaged: tipc, dcb, ifstat,
rtacct, lnstat, and man. Also, only compile targets needed for the current
build variant i.e. don't compile 'tc' when building an 'ip' variant and
vice versa.

These changes reduce typical build times by over 30%:
  $ make package/iproute2/clean && time make -j8 package/iproute2/compile
  (old)
  ...
  real    2m24.985s
  user    3m12.537s
  sys     0m26.677s

  (new)
  ...
  real    1m36.945s
  user    2m8.734s
  sys     0m20.046s

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-04-22 15:11:36 +01:00
David Bauer
b832ebb886 uboot-rockchip: update to v2021.04
Update the uboot-rockchip to the latest upstream release.
Remove upstreamed patches.

Tested-on: FriendlyElec NanoPi R2S

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-04-20 13:15:45 +02:00
David Bauer
4978e073cd kernel: select kmod-backlight as dependency for kmod-drm
Select kmod-backlight as dependency for kmod-drm in case kmod-backlight
is compiled.

This fixes kernel 5.10 build issues on x86-geode with all kmods
enabled:

Package kmod-drm is missing dependencies for the following libraries:
backlight.ko

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-04-18 14:41:02 +02:00
David Bauer
7cea19c2ce kernel: netdev: make kmod-of-mdio conflict with x86
CONFIG_MDIO_OF depends on CONFIG_OF which is not enabled for x86.

Fixes builds of x86 with Kernel 5.10 due to unresolved dependencies.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-04-18 14:40:55 +02:00
Daniel González Cabanelas
4f8da19572 uboot-envtools: mvebu: add Buffalo LS421DE
The Buffalo Linkstation LS421DE NAS lacks an uboot env config file.

Create it via scripts.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
2021-04-17 22:44:09 +01:00
DENG Qingfang
10aacb9a6c kernel/modules: move act_gact into kmod-sched-core
As the name suggests, act_gact has the generic actions such as dropping
and accepting packets, so move it into kmod-sched-core.

Signed-off-by: DENG Qingfang <dqfext@gmail.com>
2021-04-17 21:56:05 +02:00
Josef Schlehofer
b265649085 linux-firmware: ath10k: add support for Qualcomm Atheros QCA9377
Add firmware and board file for Qualcomm Atheros QCA9377 802.11ac Wireless
Network Adapter (rev 31) recognized as [168c:0042].

This card supports standard 1x1 802.11ac Wave2, BT5, and MU-MIMO.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2021-04-17 21:56:05 +02:00
Florian Eckert
4407d45d96 ltq-vdsl-app: extent dsl metrics with state_num and power_state_num
With the old ubus dsl API, the numbers for the individual line_states and
power_states were also returned. These were not ported to the new DSL
C-API. This commit adds the missing information.

For this the internal values are mapped to numbers.

* additional JSON output for state_num:
"state_num": <map_state_number>

Since not all values are meaningful only the following values are
implemented, this can be extended if the future.

* LSTATE_MAP_NOT_INITIALIZED
* LSTATE_MAP_EXCEPTION
* LSTATE_MAP_IDLE
* LSTATE_MAP_SILENT
* LSTATE_MAP_HANDSHAKE
* LSTATE_MAP_FULL_INIT
* LSTATE_MAP_SHOWTIME_NO_SYNC
* LSTATE_MAP_SHOWTIME_TC_SYNC
* LSTATE_MAP_RESYNC

* additinal JSON output for power_level:
"power_state_num": <map_power_satte_number>,

Since there are not so many here, all are mapped.

* PSTATE_MAP_NA,
* PSTATE_MAP_L0,
* PSTATE_MAP_L1,
* PSTATE_MAP_L2,
* PSTATE_MAP_L3,

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
v6:
Add state LSTATE_MAP_NOT_INITILIZED at the beginning of the list
Start the list LSTATE_MAP with -1
Reviewed-by: Andre Heider <a.heider@gmail.com>
2021-04-17 21:56:05 +02:00
Leon M. George
f6cc00650c odhcp6c: read user scripts from directory
Placeholder DHCP user scripts were added recently.

These files make package-based installations of such scripts more difficult.
Pull user callbacks from directories instead to allow packages and users to
install co-existing scripts more easily.

References:
b4f3d93b5 odhcp6c: add a odhcp6c.user placeholder script

Signed-off-by: Leon M. George <leon@georgemail.eu>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2021-04-17 21:15:33 +02:00
Leon M. George
467c32600c netifd: read udhcpc user scripts from directory
Placeholder DHCP user scripts were added recently.

These files make package-based installations of such scripts more difficult.
Pull user callbacks from directories instead to allow packages and users to
install co-existing scripts more easily.

References:
130118f7a netifd: add a udhcpc.user placeholder script

Signed-off-by: Leon M. George <leon@georgemail.eu>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2021-04-17 21:13:37 +02:00
Rosen Penev
0ec8c793f5 libsemanage: fix pkgconfig paths
The pkgconfig file currently points to host paths.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-04-15 11:54:14 +01:00
Zoltan HERPAI
d6cf997bd7 uboot-sunxi: update ATF dependencies for 3 boards
Fix 3 board definitions that were missed in the process of moving
to the a64/h6 ATF blobs.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2021-04-15 00:24:50 +02:00
Rafał Miłecki
05a4273058 uci: update to the latest master
4b3db11 cli: add option for changing save path

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-04-14 08:33:12 +02:00
Rafał Miłecki
cb3fb45ed1 kernel: limit crypto-hw-ccp to the x86
CRYPTO_DEV_CCP depends on X86 or ARM64
CRYPTO_DEV_CCP_DD depends on CPU_SUP_AMD or ARM64

Compiling this driver makes sense for x86 mainly. If one day support for
ARM64 board with AMD Secure Processor gets added this package may be
updated.

Trying to build this package on bcm4908 was causing:
ERROR: module 'build_dir/target-aarch64_cortex-a53_musl/linux-bcm4908_generic/linux-5.4.110/drivers/crypto/ccp/ccp-crypto.ko' is missing.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-04-13 17:20:55 +02:00
Rafał Miłecki
107111adbb kernel: crypto: format "crypto-hw-ccp" dependencies
Use multiples lines for better readability and sort lines.

Suggested-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-04-13 17:19:09 +02:00
Mathias Kresin
e85180d90e lantiq: kernel 5.10: disable ltq-deu
For linux 5.10, kmod-ltq-deu need to be migrated to the new crypto
API/framework.

Leave it in tree for now and enable it only for Kernel 5.4. Maybe
someone picks up the work to migrate the package.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-04-12 23:23:09 +02:00
Mathias Kresin
edbbec1bdd lantiq: ltq-adsl: add kernel 5.10 compatiblity
The pgprot argument to __vmalloc is always PAGE_KERNEL now and was
removed.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-04-12 23:23:09 +02:00
Mathias Kresin
e32d10e176 lantiq: ltq-vdsl: add kernel 5.10 compatiblity
The pgprot argument to __vmalloc is always PAGE_KERNEL now and was
removed.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-04-12 23:23:09 +02:00
Mathias Kresin
804c541446 ltq-atm/ltq-ptm: add kernel 5.10 compatiblity
The callback handling of the tasklet API was redesigned and the macros
using the old syntax renamed to _OLD.

The stuck queue is now passed to ndo_tx_timeout callback but not used so
far.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-04-12 23:23:09 +02:00
Mathias Kresin
31f3f79700 lantiq: ltq-tapi: add kernel 5.10 compatiblity
Due to SCHED_FIFO being a broken scheduler model, all users of
sched_setscheduler() are converted to sched_set_fifo_low() upstream and
sched_setscheduler() is no longer exported.

The callback handling of the tasklet API was redesigned and the macros
using the old syntax renamed to _OLD.

Signed-off-by: Mathias Kresin <dev@kresin.me>

ltq tapi
2021-04-12 23:23:09 +02:00
Mathias Kresin
f4acdf8c42 lantiq: ltq-vdsl-mei: add kernel 5.10 compatiblity
proc_create_data() expects a struct of type proc_ops.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-04-12 23:23:09 +02:00
Mathias Kresin
3bad9b0e87 lantiq: ltq-ifxos: add kernel 5.10 compatiblity
ioremap has provided non-cached semantics by default since the Linux 2.6
days and was removed with kernel version 5.6.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-04-12 23:23:09 +02:00
Zoltan HERPAI
9aa66b8ce7 sunxi: add support for Banana Pi M2 Berry
CPU: Allwinner V40 quad-core Cortex A7 @ 1.2GHz
Memory: 1GB DDR3
Storage: SDcard, native SATA
Network: 10/100/1000M ethernet, Ampak AP6212 wifi + BT
USB: 4x USB 2.0

Installation:
Use the standard sunxi installation to an SD-card.

While the board is very similar to the M2 Ultra board
(the V40 is the automotive version of the R40), as both
the u-boot and kernel supports them separately, and some
pins are different, let's add a separate device spec.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2021-04-12 14:02:02 +02:00
Daniel Golle
d0adc4865c
uboot-mediatek: minor fixes for bpi-r64 spi-nand default env
* check image checksums before writing to flash
 * only bootmenu_0...9 are working, remove bootmenu_a entry

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-04-11 22:48:36 +01:00
Zoltan HERPAI
3225241c2b sunxi: add support for H6 boards and OrangePiOnePlus
Specifications:

SoC	Allwinner H6 @ 1.8 Ghz
DRAM	1Gb LPDDR3
Power	DC 5V @ 3A
Video	HDMI (Type 2.0A - full)
Audio	HDMI, on-board microphone
Network	10/100/1000Mbps Ethernet (Realtek RTL8211)
Storage	microSD
USB	1 USB2.0 Host, 1 USB2.0 OTG
Debug	Serial UART

Flashing instructions:
 Standard sunxi SD card installation procedure - copy image to SD card,
 insert into SD card slot on the device and boot.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2021-04-11 23:14:55 +02:00
Zoltan HERPAI
c2163530db arm-trusted-firmware-sunxi: move to use the common tf-a build code and bump to latest version
Create a -a64 package for now. Moving to the latest ATF was tested on a
SoPine A64 board.

U-Boot SPL 2020.04 (Feb 19 2021 - 11:28:19 +0000)
DRAM: 2048 MiB
Trying to boot from MMC1
NOTICE:  BL31: v2.4(release):reboot-15854-g42b39a13d2
NOTICE:  BL31: Built : 22:45:53, Feb 22 2021
NOTICE:  BL31: Detected Allwinner A64/H64/R18 SoC (1689)
NOTICE:  BL31: Found U-Boot DTB at 0x4090a28, model: SoPine with baseboard
NOTICE:  PSCI: System suspend is unavailable

U-Boot 2020.04 (Feb 19 2021 - 11:28:19 +0000) Allwinner Technology

CPU:   Allwinner A64 (SUN50I)
Model: SoPine with baseboard
DRAM:  2 GiB

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2021-04-11 23:14:54 +02:00
Zoltan HERPAI
c75d441f20 uboot-sunxi: add ATF variable for specifying which flavour to use
In preparation for H6 support (which requires a separate ATF blob), add
an envvar to the A64 boards specifying which ATF blob to use.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2021-04-11 23:14:52 +02:00
Hauke Mehrtens
ca3289b290 valgrind: Fix compile problem with MIPS soft float
valgrind does not compile any more when using a GCC 10 for MIPS with
soft float. Just remove the parts which are generating assembler which
would not work.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-11 23:01:28 +02:00
Daniel Golle
dcdafbfc1a
uboot-envtools: support environment in spi-nand on bpi-r64
Default to U-Boot env in UBI if root device is not mmc block device.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
2021-04-11 20:19:49 +01:00
Daniel Golle
987562bad2
uboot-mediatek: add spi-nand build for bananapi bpi-r64
Some of bpi-r64 boards have serial NAND attached to SPI bus.
Build U-Boot for booting from SPI-NAND.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
2021-04-11 20:19:34 +01:00
Felix Fietkau
8cc013981d mt76: add missing file
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-04-11 19:56:32 +02:00
Felix Fietkau
25148f4ae5 mt76: update to the latest version
028b7152b1a9 mt76: mt7921: remove 80+80 MHz support capabilities
7714dc914df6 mt76: report Rx timestamp
ffd4cf15fa0e mt76: mt7915: add mmio.c
fe8717dd573a mt76: mt7615: add missing SPDX tag in mmio.c
6b293c411d22 mt76: mt7615: always add rx header translation tlv when adding stations

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-04-11 19:44:07 +02:00
Felix Fietkau
dfdb28c24a mac80211: add client mode connection monitor fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-04-11 19:44:07 +02:00
Felix Fietkau
7d8e14e44f mac80211: support rx timestamps for HE rates
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-04-11 19:44:07 +02:00
Oskari Lemmela
cd7a9909d5 mediatek: fix writing bananapi bpi-r64 env
Use generic functions to get env partition.

Fixes: 7043e4334f ("mediatek: mt7622: improve sysupgrade on MMC")
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
2021-04-11 14:55:35 +01:00
Oskari Lemmela
d05051774e mediatek: bpi-r64: use separate partition for emmc bootloader
eMMC booloader is stored to separate partition.
FIP size is increased to 2MB.

Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
2021-04-11 14:55:35 +01:00
Hauke Mehrtens
dc61c32fdc kernel: Adapt renamed can-dev.ko
The can-dev.ko kernel module was moved in kernel 5.4.110 and 5.10.28.

Fixes: a1311df95587 ("kernel: bump 5.10 to 5.10.28")
Fixes: b0a34e886d ("kernel: bump 5.4 to 5.4.110")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-11 00:02:05 +02:00
Daniel Golle
00a85a1634
umdns: add missing syscalls to seccomp filter
Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due
to changes on libraries used by umdns now using slightly different
calls.

Found using
/etc/init.d/umdns trace
now use umdns, ie. cover all ubus call etc., then
/etc/init.d/umdns stop
find list of syscalls traced in /tmp/umdns.*.json

Fixes: FS#3355 ("UMDNS: does not start on master with seccomp")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-04-10 17:36:03 +01:00
Piotr Dymacz
012a9aa00b uboot-envtools: oxnas: drop redundant space after case keywords
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-04-10 15:18:48 +02:00
Piotr Dymacz
7cde7d2131 uboot-envtools: layerscape: drop redundant space after case keywords
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-04-10 15:18:41 +02:00
Piotr Dymacz
6ab80b04fa uboot-envtools: ipq806x: drop redundant space after case keywords
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-04-10 15:18:32 +02:00
Piotr Dymacz
156a27eddf uboot-envtools: ipq40xx: drop redundant space after case keywords
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-04-10 15:18:27 +02:00
Piotr Dymacz
8c11597783 uboot-envtools: imx6: drop redundant space after case keywords
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-04-10 15:18:21 +02:00
Piotr Dymacz
914563e286 uboot-envtools: drop shebang from uci-defaults and lib files
These files are sourced and non-executable, a shebang is redundant.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-04-10 15:18:14 +02:00
Piotr Dymacz
8c3383799a uboot-imx6: define 'BUILD_DEVICES' for Toradex Apalis
Without 'BUILD_DEVICES' defined, the U-Boot related package won't be
automatically selected when building for Toradex Apalis device.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-04-10 15:18:09 +02:00
Piotr Dymacz
15e801041a uboot-imx6: align indent size in Makefile
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-04-10 15:18:04 +02:00
Piotr Dymacz
e94d1db91e uboot-imx6: drop support for Nitrogen6x/SABRE devices
These devices never got officially supported in the tree thus it doesn't
make much sense to waste our infrastructure resources and keep building
dedicated U-Boot images for them.

CC: Petr Štetiar <ynezz@true.cz>
CC: Luka Perkov <luka.perkov@sartura.hr>
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
2021-04-10 15:17:59 +02:00
Daniel Golle
be41fd9489
uboot-envtools: add env settings for ubnt,unifi-6-lr-ubootmod
Add settings for fw_printenv/fw_setenv for the Ubiquiti UniFi 6 LR
when running OpenWrt's version of U-Boot. The settings should work
equally with the unmodified version, but that has not yet been
tested.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-04-09 16:04:51 +01:00
Daniel Golle
e9ad412049
uboot-mediatek: add build for Ubiquiti Networks UniFi 6 LR
Add U-Boot build for the Ubiquiti Networks UniFi 6 LR access point.
This allows updating the bootchain to modern ARM Trusted Firmware 2.4
and U-Boot 2021.04 while keeping as much of the existing flash layout
as possible (u-boot-env, factory and eeprom partitions are retained),
gaining robust recovery vs. production dual-boot mechanism.
Add info for the Winbond W25Q512JV SPI NOR flash used in the device
and wait for GPIOs to settle after reset before checking for reset
button.
I2C connected LED controller is not supported yet.
Writing large amounts of data to SPI flash currently doesn't work due
to watchdog timeout causing reset before data write completes.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-04-09 16:04:46 +01:00
Daniel Golle
d37aaf3ee2
arm-trusted-firmware-mediatek: increase NOR bl3 size
Use bl3 size of 0xa0000 instead of 0x80000 in NOR flash.
This results in bl3 ending at 0xc0000 which is where the legacy
bootchain typically puts U-Boot environment.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-04-09 16:04:40 +01:00
Daniel Golle
0268f76bbb
uboot-mediatek: bpi-r64: erase eMMC environment on installation
Erase U-Boot environment partition on eMMC on installation to make sure
chages are applied.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-04-09 16:04:20 +01:00
Rafał Miłecki
9b4fc4cae9 firmware-utils: bcm4908img: convert into a package
bcm4908img is a tool managing BCM4908 platform images. It's used for
creating them as well as checking, modifying and extracting data from.

It's required by both: host (for building firmware images) and target
(for sysupgrade purposes). Make it a host/target package.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-04-08 10:50:59 +02:00
Bjørn Mork
b7154fabf0 uboot-envtools: add wrapper scripts for alternate config
Now that we can create an alternate configuration file, add two
wrapper scripts for simple access to it using the alternate
alternate application names `fw_printsys' and `fw_setsys'.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
2021-04-08 09:20:59 +02:00
Bjørn Mork
a3e9fd7e5b uboot-envtools: add support for multiple config partitions
Most (all?) of the realtek devices have two u-boot config partitions
with a different set of variables in each. The U-Boot shell provides
two sets of apps to manipulate these:

 printenv- print environment variables
 printsys- printsys - print system information variables
 saveenv - save environment variables to persistent storage
 savesys - savesys - save system information variables to persistent storage
 setenv  - set environment variables
 setsys  - setsys  - set system information variables

Add support for multiple ubootenv configuration types, allowing
more than one configuration file.

Section names are not suitable for naming the different
configurations since each file can be the result of multiple sections
in case of backup partitions.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
2021-04-08 09:20:59 +02:00
Felix Fietkau
e48c6400e4 mt76: update to the latest version
7d35b7a15d1d mt76: mt7915: add wifi subsystem reset
04122c89749d mt76: fix rx amsdu subframe processing
5e764ec9bece mt76: mt7921: introduce MT_WFDMA_DUMMY_CR definition
cf0badbc0497 mt76: mt7921: fix inappropriate WoW setup with the missing ARP informaiton
f32a4e15f5b2 mt76: mt7921: fix the dwell time control
54f52771a04a mt76: mt7921: fix kernel crash when the firmware fails to download
97189d2a045b mt76: mt7921: fix the insmod hangs
dcdbd7c89cf5 mt76: mt7921: fix MT_PCIE_MAC_INT_ENABLE access
813db729c02f mt76: mt7921: reduce the data latency during hw scan

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-04-07 10:59:11 +02:00
Daniel Golle
5e7d6d5ba4
uboot-mediatek: update to v2021.04
Remove patches merged upstream and refresh the remaining ones.
Runtime tested on
 * Bananapi BPi-R64 (eMMC and SD Card)
 * Linksys E8450 (SPI-NAND)
 * Ubiquiti UniFi 6 LR (SPI-NOR)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-04-05 18:57:51 +01:00
Stijn Tintel
bcdf600fc5 lldpd: further size reductions
Size difference on mips_4kec:
Before: 120196
After:  120006

Closes https://github.com/openwrt/openwrt/pull/3823

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Suggested-by: Lucian Cristian <lucian.cristian@gmail.com>
2021-04-05 18:50:17 +03:00
Stijn Tintel
e4d7e7b3e4 lldpd: enable LTO
Size difference on mips_4kec:
W/o LTO: 139674
W/ LTO:  120196

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Suggested-by: Lucian Cristian <lucian.cristian@gmail.com>
2021-04-05 18:50:11 +03:00
Stijn Tintel
8946be0ab5 lldpd: bump to 1.0.9
Contains fixes related to CVE-2020-27827.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-04-05 18:27:42 +03:00
Stijn Tintel
c935c6ffb6 lldpd: add libcap dependency
Now that libcap is in OpenWrt base, we can drop our custom patch to
disable libcap support and have lldpd depend on it instead. This will
allow the monitor process to drop its privileges instead of running as
root, improving security.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-04-05 18:20:48 +03:00
Stijn Tintel
0f7f4de6ba libcap: bump to 2.48
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-05 18:20:45 +03:00
Stijn Tintel
dd91ba0d62 libcap: drop invalid copyright header
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-05 18:20:40 +03:00
Stijn Tintel
427acb71fc libcap: import from packages feed
Having libcap in OpenWrt base allows us to enable libcap support in
other packages in base.

In lldpd, this would allow the monitor process to drop its privileges
instead of running as root, improving security. It will also allow us to
drop our patch to disable libcap.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-05 18:20:29 +03:00
Robert Marko
faea7becaf
ipq40xx: add MikroTik hAP ac2 support
This adds support for the MikroTik RouterBOARD RBD52G-5HacD2HnD-TC
(hAP ac²), a  indoor dual band, dual-radio 802.11ac
wireless AP with integrated omnidirectional antennae, USB port and  five
10/100/1000 Mbps Ethernet ports.

See https://mikrotik.com/product/hap_ac2 for more info.

Specifications:
 - SoC: Qualcomm Atheros IPQ4018
 - RAM: 128 MB
 - Storage: 16 MB NOR
 - Wireless:
   · Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, 2.5 dBi antennae
   · Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 2.5 dBi antennae
 - Ethernet: Built-in IPQ4018 (SoC, QCA8075) , 5x 1000/100/10 port,
             passive PoE in
- 1x USB Type A port

Installation:
Boot the initramfs image via TFTP and then flash the sysupgrade
image using "sysupgrade -n"

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-04-05 04:13:28 +02:00
Daniel Golle
1db4681617 uboot-mediatek: bpi-r64: no longer force recovery on first-boot
Now that sdcard.gz image contains everything needed to boot straight
into production image, no longer force booting into recovery image on
first boot by removing the logic which implemented that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-04-04 10:51:25 +01:00
Felix Fietkau
0b0c94d152 mt76: update to the latest version
465dda65ee84 mt7615,mt7915: replace fw log 0-terminating code with wiphy info length limit
62b13f5352b8 mt76: mt7921: fix key set/delete issue
0ff3a336a8d8 mt7615,mt7915: fix a compiler warning
113ba8a81d54 mt76: mt7615: remove redundant dev_err call in mt7622_wmac_probe()
be1ab3b9ae7c mt76: mt7921: fix typo in mt7921_pci_resume
4e22f0dc934b mt76: mt7915: fix txpower init for TSSI off chips
e66a0b9b8d66 mt76: mt7615: always wake the device in mt7615_remove_interface
38f656768a90 mt76: mt7921: always wake the device in mt7921_remove_interface
6ee4770de083 mt76: mt7921: rework mt7921_mcu_debug_msg_event routine
e578b4b8d56a mt76: mt7615: fix .add_beacon_offload()
f8c6c7cbf10f mt76: mt7915: fix mt7915_mcu_add_beacon

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-04-04 11:29:36 +02:00
Hauke Mehrtens
b974293efa netifd: update to Git version 2021-04-03
f8899b9 netifd: bridge: set default value for igmp_snoop
327da98 netifd: add possibility to switch off route config

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-03 19:11:38 +02:00
Hauke Mehrtens
1371910b76 uclient: update to Git version 2021-04-03
83efca2 tests: fix possibly longer start of HTTP server
64e00d6 uclient-fetch: document missing options

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-03 19:06:09 +02:00
Rui Salvaterra
d38f456582 hostapd: enable airtime policy for the -basic variants
Airtime policy configuration is extremely useful in multiple BSS scenarios.
Since nowadays most people configure both private and guest networks (at
least), it makes sense to enable it by default, except for the most limited
of the variants.

Size of the hostapd-basic-openssl binary (mipsel 24Kc -O2):
543944 bytes (airtime policy disabled)
548040 bytes (airtime policy enabled)

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Acked-by: Daniel Golle <daniel@makrotopia.org>
2021-04-03 18:57:13 +02:00
Rui Salvaterra
565dfeb128 zram-swap: bail out early if the kernel doesn't support swap
Since KERNEL_SWAP is only enabled by default for !SMALL_FLASH targets, we need
to check if the current kernel supports swap before trying to configure
zram-swap, as opkg can't check for kernel dependencies.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-04-03 18:57:13 +02:00
Rui Salvaterra
829fa33899 zram-swap: clean up the makefile
Break dependencies into separate lines, to improve the readability. Trim
trailing whitespace.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-04-03 18:57:13 +02:00
Jeroen Peelaerts
4f27ea7c33 lantiq: use ActualNetDataRate for speed reporting
Switch to Actual Net Data Rate (ACTNDR) for speed reporting on lantiq VDSL modems

Refer to ITU-T G.997.1 chapter 7.5.2.8

Independent whether retransmission is used or not in a given transmit direction:
-   In L0 state, this parameter reports the Net Data Rate (as specified in G.992.3, G.992.5 or G.993.2) at which the bearer channel is operating.
-   In  L2 state, the parameter contains the Net Data Rate (as specified in G.992.3, G.992.5 or G.993.2) in the previous L0 state.

Signed-off-by: Jeroen Peelaerts <jeroen.peelaerts@gmail.com>
Reviewed-by: Andre Heider <a.heider@gmail.com>
2021-04-03 18:56:02 +02:00
Jeroen Peelaerts
48162e4c0c lantiq: enable G.INP retransmission counters
This commit adds monitoring for a couple of DSL line features that are
present in the lantiq firmware blobs.

* G.INP ON/OFF
* Trellis encoding ON/OFF
* Virtaul Noise ON/OFF
* Bitswap ON/OFF

Difference in size for ltq-vdsl-app = 1k
Difference in size for kmod-ltq-vdsl-vr9 < 1k

Reviewed-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Jeroen Peelaerts <jeroen.peelaerts@gmail.com>
2021-04-03 18:56:02 +02:00
Alexander Egorenkov
9318f61556 base-files: fix status display command
If service() is called w/o parameter then the status display for services
with multiple instances is incorrect. E.g. samba4 or wpad have 2 instances.

root@OpenWrt:~# /etc/init.d/samba4 status
running
root@OpenWrt:~# /etc/init.d/wpad status
running

Before change:
/etc/init.d/samba4                 enabled         stopped
/etc/init.d/wpad                   enabled         stopped

After change:
/etc/init.d/samba4                 enabled         running
/etc/init.d/wpad                   enabled         running

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
2021-04-03 18:56:02 +02:00
Tony Ambardar
aab3a04ce8 iproute2: fix libbpf detection with NLS enabled
Upstream iproute2 detects libbpf using a one-line $CC test-compile, which
normally ignores LDFLAGS. With NLS enabled however, LDFLAGS includes an
"rpath-link" linker option needed to resolve libintl.so. Its absence
causes both the compile and libbpf detection to fail:

  ld: warning: libintl.so.8, needed by libbpf.so, not found (try using
      -rpath or -rpath-link)
  ld: libelf.so.1: undefined reference to `libintl_dgettext'
  collect2: error: ld returned 1 exit status

Fix this by directly including $LDFLAGS in the test-compile command.

Reported-by: Ian Cooper <iancooper@hotmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-04-03 18:56:02 +02:00
Tony Ambardar
9a59f62f61 binutils: fix libbfd missing DSO dependency if NLS enabled
The libbfd package definition uses $(ICONV_DEPENDS) and $(INTL_DEPENDS)
but links against neither, leading to libbfd detection failures in other
packages (e.g. bpftools) and on-target relocation problems with libintl.so:

  root@OpenWrt:/# ldd /usr/lib/libbfd.so
        ldd (0x77db6000)
        libc.so => ldd (0x77db6000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77c6d000)
  Error relocating /usr/lib/libbfd.so: libintl_dgettext: symbol not found

Add NLS-conditional linking of "libintl" to fix this. Also remove libbfd
package dependency $(ICONV_DEPENDS) which is not used during building or
linking.

Tested with QEMU on malta/be32, after building all packages from binutils,
bpftools and iproute2, using different libc options musl and glibc.

Fixes: 08e8175696 ("binutils: use nls.mk to fix libbfd link errors in
other packages")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-04-03 18:56:02 +02:00
Tony Ambardar
c8c638a19b bpftools: drop unneeded libintl linking for NLS
There is no direct linking of libintl from bpftools, only secondary linking
through libelf, so remove "-lintl" from TARGET_LDFLAGS.

Fixes: 5582fbd613 ("bpftools: support NLS, fix ppc build and update to 5.8.9")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-04-03 18:55:57 +02:00
Jo-Philipp Wich
3a6b187e03 firewall4: update to latest Git HEAD
29fba84 tests: expand testing
6bf82a8 fw4.uc: fix family test functions
25b2c7d fw4.uc: fix parsing boolean "0" values
694d428 rule.uc: fix redundant whitespace in rules without target
7f69fbb ruleset.uc: reduce empty lines in output
8f8e42c fw4.uc: gracefully handle missing defaults section
25287af treewide: remove ucode module preloading
802b685 fw4.uc: remove upvalue caching

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-04-01 00:21:55 +02:00
Jo-Philipp Wich
fd3d2d3190 ucode: update to latest Git HEAD
973cc6c compiler: actually expand block scope fix to for/while alt syntax
97bf297 compiler: ensure that alternative if/for/while syntax has own block scope
f0e2a64 tests: add missing test case for fixed switch codegen

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-04-01 00:12:38 +02:00
Daniel Golle
5ea7fabdb3
uboot-mediatek: adapt root= cmdline arg for bpi-r64
Adapt to FIT partition parser changes.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-31 22:54:17 +01:00
Daniel Golle
bb107ad9c1
base-files: functions: introduce new helper functions
Introduce cmdline_get_var() to /lib/function.sh and make use of it in
export_rootdev() in /lib/upgrade/common.sh, making the code more
simple and removing one level of indentation.
Introduce get_partition_by_name() to /lib/upgrade/common.sh which is
useful on non-EFI GPT platforms like mt7622.
Remove some dead-code while at it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-31 16:53:39 +01:00
Daniel Golle
e62ace0ecf netifd: update to git HEAD
09632d4 device: remove left-over comment
 b22f83d handler: add mechanism to generate external device handler stubs
 80bf9d7 extdev: add support for external device handlers
 44c0f40 system-linux: reorder sysctl functions
 c84f3b0 system-linux: add device options used by wpad

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-31 01:32:51 +01:00
Hans Dedecker
9bc6662dea firewall: update to latest git HEAD
a4355a6 firewall3: clean up the flow table detection logic
edd0dc5 firewall3: create a common helper to find strings in files

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-03-30 20:49:22 +02:00
Paul Spooren
6a6b5a677e ncurses: add screen-256color terminfo
The terminfo is required by the popular terminal multiplexer screen and
tmux, offer it by default as the size impact is minimal with 885 Bytes.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-03-29 13:47:55 -10:00
Paul Spooren
75ea474b90 ncurses: split long line of supported terminfo
The terminfo files were all in one row which is terrible to read.
Split them over multiple lines to improve readability.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-03-29 13:47:19 -10:00
Jo-Philipp Wich
0096a8df6f ucode: update to latest Git HEAD
aa9621d compiler: rework switch statement code generation
b5f0de1 vm: add trace mode instruction dump output fixes
0341d64 vm: fix another for-loop memory leak
00d9419 vm: fix further memory leaks in trace mode
20a3763 vm: fix loop variable memory leak in NEXTK/NEXTKV instruction
9a6ef2b lib: prevent use-after-free after uc_shift()
03f1324 object: free prototype object when registering existing ressource type
b3d758b compiler: fix for/break miscompilation
86e3970 lib: fix value refcount of uc_unshift() return value
fe464ea run_tests.sh: allow passing tests to run as arguments
091ae1b compiler: fix another try/catch miscompilation
fcedb19 lib: fix passing uninitialized memory to sigprocmask()
0d0357d vm: fix leaking source context strings in trace mode
7a41fb3 lib: use execvp() in system()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-29 12:51:40 +02:00
Felix Fietkau
571aedbc6c mac80211: merge a few pending tx related fixes
Improve performance and fix potential mgmt tx hangs/warnings

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-03-28 12:16:24 +02:00
Tony Ambardar
0d75aa27d4 firewall3: update to latest git HEAD
This includes several improvements and fixes:

  61db17e rules: fix device and chain usage for DSCP/MARK targets
  7b844f4 zone: avoid duplicates in devices list
  c2c72c6 firewall3: remove last remaining sprintf()
  12f6f14 iptables: fix serializing multiple weekdays
  00f27ab firewall3: fix duplicate defaults section detection
  e8f2d8f ipsets: allow blank/commented lines with loadfile
  8c2f9fa fw3: zones: limit zone names to 11 bytes
  78d52a2 options: fix parsing of boolean attributes

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-27 22:24:32 +01:00
Felix Fietkau
d71424a085 mt76: update to the latest version
6886b57a1534 mt76: connac: introcuce mt76_sta_cmd_info data structure
e529e8afe22a mt76: mt7921: properly configure rcpi adding a sta to the fw
e4d522776804 mt76: mt7921: fix airtime reporting
be2f67e8d3cb mt76: mt7915: fix key set/delete issue
09a1befde4b7 mt76: fix potential DMA mapping leak
f66f8f41d47b mt76: mt7915: refresh repeater entry MAC address when setting BSSID
035e2f6f1ddf mt76: mt7921: get rid of mt7921_mac_wtbl_lmac_addr
ee29cd5f3a6a mt76: mt7615: only enable DFS test knobs for mt7615
9a98b1a6f9c2 mt76: mt7615: cleanup mcu tx queue in mt7615_dma_reset()
3bd285424e7b mt76: mt7622: trigger hif interrupt for system reset
bf6d9ee4acd1 mt76: mt7615: keep mcu_add_bss_info enabled till interface removal
115b74282314 mt76: mt7915: keep mcu_add_bss_info enabled till interface removal
57432e701d1a mt76: mt7915: cleanup mcu tx queue in mt7915_dma_reset()
a519c49a6a42 mt76: mt7615: 0-terminate firmware log messages
4a22f2ffae2e mt76: mt7915: 0-terminate firmware log messages
b8609066893a mt76: mt7615: fix chip reset on MT7622 and MT7663e

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-03-26 21:56:59 +01:00
Eneas U de Queiroz
0bd0de7d43 openssl: bump to 1.1.1k
This version fixes 2 security vulnerabilities, among other changes:

 - CVE-2021-3450: problem with verifying a certificate chain when using
   the X509_V_FLAG_X509_STRICT flag.

 - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously
   crafted renegotiation ClientHello message from a client.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-03-26 19:57:20 +01:00
Kevin Darbyshire-Bryant
bbb9c1c2be Revert "openssl: refresh patches"
This reverts commit e27ef2da0d.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-03-26 09:12:12 +00:00
Kevin Darbyshire-Bryant
e27ef2da0d openssl: refresh patches
Tidy up some patch fuzz.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-03-26 09:03:32 +00:00
Tony Ambardar
9390e20dba elfutils: enable building with MIPS16
Building with MIPS16 was disabled in 2013 due to an issue with GCC TLS:
https://dev.archive.openwrt.org/ticket/13572. But after the problematic
GCC version was retired, this change wasn't revisited.

Re-enable MIPS16 builds to reduce average elfutils library sizes ~10%.
This was compile-tested on malta/mips32be and malta/mips32le, and linked
with iproute2 for run-testing. Package sizes follow:

Library  MIPS16:=0  MIPS16:=1
-------  ---------  ---------
libelf1    43217      37492
libasm1    12481      11658
libdw1    229723     205793

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-25 22:48:10 -10:00
Daniel Golle
9b3aaf1cdb
mwlwifi: add PKG_FLAGS:=nonshared
This should fix the problem of mwlwifi-firmware-* not being found
when using the ImageBuilder.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-24 15:26:31 +00:00
Daniel Golle
13a23445f4
ucode: fix PKG_MIRROR_HASH
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-24 15:26:16 +00:00
Mauri Sandberg
6a6f9e73dd packages: kernel: add gpio-nxp-74hc153
NXP 74HC153 is a GPIO expander. Its original source cide sits in ar71xx
architecture tree. It has been slightly modified to get GPIO pin
configuration from the device tree rather than a MACH file.

 Changes to the source file:
  - Remove struct nxp_74hc153_config
  - in nxp_74hc153_probe(), fetch GPIO configuration from device tree
  - allow GPIO framework decide the base number by passing -1 to it
  - remove support for kernel versions below 4.5.0
  - add OF device compatibility string

 Create a package for inclusion in image.

References: https://lore.kernel.org/linux-gpio/545111184.50061.1615922388276@ichabod.co-bxl/
Signed-off-by: Mauri Sandberg <sandberg@mailfence.com>
[added link to driver usptreaming work in progress]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-03-22 09:23:10 +01:00
Jan Pavlinec
abbaf696f6 igmpproxy: remove package
Moved to packages repo because it was considered
non-essential for most router configurations.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[shorten commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-03-21 22:45:20 +01:00
Florian Eckert
fdbdbe8eaa base-files: add logging for configuration import
Make sysupgrade backup import more verbose.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-03-21 22:45:20 +01:00
Hauke Mehrtens
1170655f8b uhttpd: update to git HEAD
15346de client: Always close connection with request body in case of error

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-21 22:34:13 +01:00
Hauke Mehrtens
501221af54 uhttpd: Execute uci commit and reload_config once
Instead of doing uci commit and reload_config for each setting do it
only once when one of these options was changed. This should make it a
little faster when both conditions are taken.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-21 22:16:32 +01:00
Hauke Mehrtens
d25d281fd6 uhttpd: Reload config after uhttpd-mod-ubus was added
Without this change the config is only committed, but the uhttpd daemon
is not reloaded. This reload is needed to apply the config. Without the
reload of uhttpd, the ubus server is not available over http and returns
a Error 404.

This caused problems when installing luci on the snapshots and
accessing it without reloading uhttpd.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-21 22:16:31 +01:00
Daniel Golle
241ce95d63
procd: update to git HEAD
7ee4563 procd: Adding support to detect Pantavisor Container Platform

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-21 13:36:58 +00:00
Tony Ambardar
2ba0ab1930 kernel: robustify dependencies in kmod-sound-hda-core
Dependency tracking for kmod-sound-hda-core is fragile. Enabling some sound
codecs (Realtek, Conexant, Sigmatel) implicitly adds a kmod-ledtrig-audio
dependency, while an enabled kmod-ledtrig-audio can be picked up through
enabling others (e.g. kmod-sound-hda-intel), and the behaviour can change
across kernel versions.

As kmod-ledtrig-audio is under 2KB, make it an unconditional dependency.

Fixes: a374b8f190 ("kernel: 5.10: update sound modules")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-20 23:57:58 -10:00
Philip Prindeville
7fae64cc06 libnfnetlink: quote $(FPIC) on command line
When $(FPIC) gets expanded on the command line (for instance
when setting environment variables for libtool, configure, or
make) we can't count on it not needing quoting (i.e. it could
contain multiple flags separated with spaces).

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2021-03-19 13:37:51 -10:00
Daniel Golle
d28880cdd8
umdns: add syscalls needed on Aarch64
Now that ujail supports seccomp also on Aarch64, add missing syscall
'fstat' to the list of allowed syscalls.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-19 22:33:33 +00:00
Daniel Golle
6801ecd91b
procd: update to git HEAD
Enable seccomp features on Aarch64.

 3e88c6f jail/seccomp: add support for aarch64
 c23d8bf trace: fix build on aarch64

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-19 22:33:27 +00:00
Jo-Philipp Wich
f807db006f firewall4: introduce package
This commit introduces firewall4, an nftables based reimplementation of the
UCI iptables firewall.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-19 20:16:11 +01:00
Jo-Philipp Wich
56f4e54127 ucode: introduce package
This commit introduces ucode, a tiny template processor utilizing a syntax
closely resembling ECMA Script for embedded script blocks.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-19 20:16:11 +01:00
Rosen Penev
a50441b6e9 kernel: add exfat again
With kernel 5.10, exfat is out of staging and in tree.

Added small hack to make it work with kernel 5.4 as well.

Added removed config options for 5.4 to generic config.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[Set CONFIG_EXFAT_ config options to default values]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-19 16:08:12 +01:00
Rosen Penev
5c469e089e package/exfat: remove
Now that kernel 5.10 is in tree, this can be removed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-03-19 16:00:01 +01:00
Tony Ambardar
72885e9608 iproute2: separate tc into tiny and full variants
This change was investigated previously [1] but not deemed necessary. With
the recent addition [2] of modern BPF loader support, however, tc gained
dependencies on libelf and libbpf, with a larger installation footprint.

Similar to ip-tiny/ip-full, split tc into tc-full and tc-tiny variants,
where the latter excludes the eBPF loader, uses a smaller executable, and
avoids libelf and libbpf package dependencies. Both variants provide the
'tc' virtual package, with tc-tiny as the default.

The previous tc package included a loadable module for iptables actions.
Separate this out into a common package, tc-mod-iptables, which both
variants depend on. Some package sizes on mips_24kc:

Before:
  148343  tc_5.11.0-1_mips_24kc.ipk

After:
  144833  tc-full_5.11.0-2_mips_24kc.ipk
  138430  tc-tiny_5.11.0-2_mips_24kc.ipk  (and no libelf or libbpf)
    4115  tc-mod-iptables_5.11.0-2_mips_24kc.ipk

Also fix up some Makefile indentation.

[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447619962
[2] b048a305a3 ("iproute2: update to 5.11.0")

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-19 15:30:01 +01:00
Tony Ambardar
863ce4f15f kernel/modules: relocate teql hotplug from iproute2 to kmod-sched
The link equalizer sch_teql.ko of package kmod-sched relies on a hotplug
script historically included in iproute2's tc package. In previous
discussion [1], consensus was the hotplug script is best located together
with the module in kmod-sched, but this change was deferred at the time.

Relocate the hotplug script now. This change also simplifies adding a tc
variant for minimal size with reduced functionality.

[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447923636

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-19 15:30:01 +01:00
Tony Ambardar
10ffefe602 iproute2: add missing limits.h includes
This patch has been submitted upstream to fix an error reported by a few
users. One instance seen using gcc 10.2.0, binutils 2.35.1 and musl 1.1.24:

bpf_glue.c: In function 'get_libbpf_version':
bpf_glue.c:46:11: error: 'PATH_MAX' undeclared (first use in this function);
did you mean 'AF_MAX'?
   46 |  char buf[PATH_MAX], *s;
      |           ^~~~~~~~
      |           AF_MAX

Reported-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-19 15:30:01 +01:00
Tony Ambardar
a374b8f190 kernel: 5.10: update sound modules
Update file paths for kmod-sound-hda-intel and reflect new dependency of
kmod-sound-hda-core on kmod-ledtrig-audio.

Reported-by: Javier Marcet <javier@marcet.info>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-19 14:02:47 +00:00
Tony Ambardar
ad11fc8c23 kernel: add kmod-ledtrig-audio
This allows LEDs to be controlled by audio drivers.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-19 14:02:47 +00:00
Tony Ambardar
66fd9acf50 kernel: 5.10: add missing dependency in kmod-mdio-devres
Add conditional dependency on kmod-of-mdio due to mdio_devres.c code:
  #if IS_ENABLED(CONFIG_OF_MDIO)
  ...
  EXPORT_SYMBOL(devm_of_mdiobus_register);
  #endif /* CONFIG_OF_MDIO */

Fixes: 95a3741d17 ("kernel: support new mdio_devres.ko module in 5.10")
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-19 14:02:47 +00:00
Tony Ambardar
2a8ae3bf0a kernel: 5.10: update kmod-usb-net-smsc95xx
Add kmod-libphy dependency.

Signed-off-by: Javier Marcet <javier@marcet.info>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-19 14:02:47 +00:00
Daniel Golle
2b1aebc0b6
fstools: update to git HEAD
964d1e3 partname: allow skipping existing 'rootfs_data' partition

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-19 13:35:55 +00:00
Rosen Penev
85fa8ad8af kexec-tools: update to 2.0.21
kdump was removed in 7acd257ae67b4ca94f8c23cb8bda0ee0709b9216

gdb can be used as an alternative.

Remove autoreconf. It's not needed as the configure files are already
generated.

Remove upstreamed patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-03-19 01:25:26 +01:00
Rui Salvaterra
b1d0f66388 mac80211: rtl: update RTL8821AE PHY/RF parameters
Create a new directory for Realtek patches and backport the updated PHY and RF
parameters patch. Improves the connectivity in the 5 GHz band [1].

[1] https://patchwork.kernel.org/project/linux-wireless/patch/20210219052607.7323-1-pkshih@realtek.com/#23988567

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-03-19 01:25:26 +01:00
Russell Senior
1c04365071 busybox: udhcpc, allow zero length dhcp options
This patch skips zero length DHCP options instead of failing.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2021-03-19 01:25:26 +01:00
Eike Ritter
46cd0765d0 ppp: compile fix: unset FILTER variable in Makefile
If the environment variable FILTER is set before compilation,
compilation of the ppp-package will fail with the error message

Package ppp is missing dependencies for the following libraries:
libpcap.so.1

The reason is that the OpenWrt-patch for the Makefile only comments
out the line FILTER=y. Hence the pcap-library will be dynamically
linked if the environment variable FILTER is set elsewhere, which
causes compilation to fail. The fix consists on explicitly unsetting
the variable FILTER instead.

Signed-off-by: Eike Ritter <git@rittere.co.uk>
2021-03-19 00:25:58 +01:00
Felix Fietkau
9ac47ee469 build: use -nostdinc and -isystem in NOSTDINC_FLAGS for out-of-tree kernel modules
This resolves issues uncovered by musl updates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-03-18 10:53:26 +01:00
Felix Fietkau
acb8c17ecc mt76: update to the latest version
0b6c9a043f78 mt76: move de-amsdu buffer per-phy
48a905e23791 mt76: mt7615: fix CSA event format
fbef8bba038f mt76: mt7921: remove duplicated macros in mcu.h

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-03-18 10:53:26 +01:00
Daniel Golle
81edc842f6
uboot-mediatek: don't rely in 'lzma' cmdline
Use 'xz --format=lzma' instead.
Fixes build for mt7629.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-18 04:19:48 +00:00
Hauke Mehrtens
0e3f6fbe10 mediatek: Fix writing U-Boot env on Buffalo WSR-2533DHP2
This fixes writing to the U-Boot environment by making the partition
writable and setting the correct flash sector size of 128K.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-17 22:39:59 +00:00
Daniel Golle
a29f71c380 uboot-mediatek: fix default environment of bpi-r64 emmc
The emmc variant used the default environment of the sdmmc variant.
Fix that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-17 22:36:58 +00:00
Daniel Golle
41af8735d4 uboot-mediatek: bpi-r64: make use of FIT configuration selection
Allow selecting either SATA or PCIE functionality using uImage.FIT
configurations and device-tree overlays.
By default, PCIE1 is selected (as it has been before this change).
To select SATA instead, you can do this now:

fw_setenv bootconf config-mt7622-bananapi-bpi-r64-sata

and reboot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-17 19:55:38 +00:00
Álvaro Fernández Rojas
b3f4197139 mtd: fix imagetag compilation
Commit b5b0796a13 added an uint32_t to mtd.h without including stdint, which
results in a compilation error for those files not including stdint.h.

In file included from imagetag.c:36:
mtd.h:15:8: error: unknown type name 'uint32_t'
 extern uint32_t opt_trxmagic;
        ^~~~~~~~
imagetag.c: In function 'trx_fixup':
imagetag.c:180:10: warning: unused variable 'res' [-Wunused-variable]
  ssize_t res;
          ^~~
imagetag.c:177:14: warning: unused variable 'scan' [-Wunused-variable]
  void *ptr, *scan;
              ^~~~
imagetag.c: In function 'trx_check':
imagetag.c:246:27: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
     struct bcm_tag *tag = (const struct bcm_tag *) buf;
                           ^
make[3]: *** [<builtin>: imagetag.o] Error 1

Fixes: b5b0796a13 ("mtd: add option for TRX magic to fixtrx")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-03-17 08:42:05 +01:00
Magnus Kroken
dbde2bcf60 mbedtls: update to 2.16.10
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.

Security fixes:
* Fix a buffer overflow in mbedtls_mpi_sub_abs()
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem()
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout()
* Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2021-03-16 21:17:02 +01:00
INAGAKI Hiroshi
74f15628dd mediatek: add support for Buffalo WSR-2533DHP2
This adds support for the Buffalo WSR-2533DHP2.

The device uses the Broadcom TRX image format with a special magic. To
be able to boot the images or load them they have to be wrapped with
different headers depending how it is loaded.

There are multiple ways to install OpenWrt on this device.
Boot ramdisk from U-Boot
----------------------------
This will load the image and not write it into the flash.

1. Stop boot menu with "space" key
2. Select "System Load Linux to SDRAM via TFTP."
3. Load this image:
   openwrt-mediatek-mt7622-buffalo_wsr-2533dhp2-initramfs-kernel.bin
4. The system boots the image

Write to flash from U-Boot
-----------------------------
This will load the image over tftp and directly write it into the flash.

1. Stop boot menu with "space" key
2. Select "System Load Linux Kernel then write to Flash via TFTP."
3. Load this image:
   openwrt-mediatek-mt7622-buffalo_wsr-2533dhp2-squashfs-factory-uboot.bin
4. The system writes this image into the flash and boots into it.

Write to flash from Web UI
-----------------------------
This will load the image over over the Web UI and write it into the flash

1. Open the Web UI
2. Go to "管理" -> "ファームウェア更新"
3. Select "ローカルファイル指定" and click "更新実行"
4. Load this image:
   openwrt-mediatek-mt7622-buffalo_wsr-2533dhp2-squashfs-factory.bin
5. The system writes this image into the flash and boots into it.

Specifications
-------------------
* SoC:       MT7622 (4x4 2.4 GHz Wifi)
* Wifi:      MT7615 (4x4 5 GHz Wifi)
* Flash:     Winbond W29N01HZ 128MB SLC NAND
* RAM        256MB
* Ethernet:  Realtek RTL8367S (5 x 1GBit/s, SoC via 2.5GBit/s)

Co-Developed-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-15 17:02:17 +01:00
INAGAKI Hiroshi
b5b0796a13 mtd: add option for TRX magic to fixtrx
Buffalo uses the TRX header with a different magic and even changes this
magic with different devices. This change allows to specify the header
to use as a command line argument.

This is needed for the Buffalo WSR-2533DHP2 based on mt7622.

Co-Developed-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-15 16:57:34 +01:00
Felix Fietkau
12b5f898f9 mt76: update to the latest version
6a3cf95733e2 mt76: fix tx skb error handling in mt76_dma_tx_queue_skb
ab9045153343 mt76: mt7915: only modify tx buffer list after allocating tx token id
7e1eff676257 mt76: mt7915: fix unused 'mode' variable
8a2e22fcbf69 mt76: mt7921: fix suspend/resume sequence
27a54e8b687f mt76: mt7921: fix memory leak in mt7921_coredump_work
c267322f0bdb mt76: mt7921: switch to new api for hardware beacon filter [v2 update]
fd2c59d9ba46 mt76: mt7921: fixup rx bitrate statistics [v2 update]
bfa8d5a6a9a1 mt76: adjust to upstream API for enabling threaded NAPI
1706fb6c48e8 mt76: mt7663s: fix rx buffer refcounting
c5aca6692c41 mt76: mt7615: enable hw rx-amsdu de-aggregation
9002b0b30aed mt76: mt7615: add rx checksum offload support
8e3f5bfe74f6 mt76: mt7615: add support for rx decapsulation offload
8e3bba8bd3ef mt76: mt7615: fix memory leak in mt7615_coredump_work
760adce29100 mt76: mt7921: fix aggr length histogram
84229a51845a mt76: mt7915: fix aggr len debugfs node
10a95da23cb7 mt76: mt7921: remove unneeded semicolon
2856dc8fb57e mt76: mt7921: fix stats register definitions
1b245e57549d mt76: mt7615: fix TSF configuration
1a2e2965b62b mt76: mt7615: remove hdr->fw_ver check
f60ec1b9473d mt76: mt7615: fix mib stats counter reporting to mac80211
8a5b036af48f mt76: mt7915: fix mib stats counter reporting to mac80211
ee6dbcc64f6d mt76: connac: fix kernel warning adding monitor interface
e46dd240ce72 mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list
ddf95ead3bb3 mt76: mt7921: get rid of mt7921_sta_rc_update routine
fd2a51ea9dc8 mt76: mt7921: fix the base of PCIe interrupt
28f53d074bb0 mt76: mt7921: fix the base of the dynamic remap
8d737632b57f mt76: mt7921: check mcu returned values in mt7921_start
5ff25c915e62 mt76: mt7915: add missing capabilities for DBDC
58dd3f26c099 mt76: mt7615: fix CSA notification for DBDC
76f4959107ac mt76: mt7615: stop ext_phy queue when mac reset happens
7de0a0654054 mt76: mt7915: fix CSA notification for DBDC
e9e418fc7eb0 mt76: mt7915: stop ext_phy queue when mac reset happens
477b78301879 mt76: mt7915: fix PHY mode for DBDC
37b4dc0f7595 mt76: mt76x0u: Add support for TP-Link T2UHP(UN) v1
29a04583aecb mt76: mt7915: fix rxrate reporting
a4307e6ba054 mt76: mt7915: fix txrate reporting
256f324f8fcd mt76: mt7915: check mcu returned values in mt7915_ops
638b112188a5 mt76: mt7615: check mcu returned values in mt7615_ops
975cccfa96da mt76: mt7663: fix when beacon filter is being applied
aafe972e95b2 mt76: mt7663s: make all of packets 4-bytes aligned in sdio tx aggregation
0d5b1a702715 mt76: mt7663s: fix the possible device hang in high traffic
00628061b546 mt76: mt7615: add missing capabilities for DBDC
2303e1844afd mt76: mt7915: fix possible deadlock while mt7915_register_ext_phy()
6e2b9d258306 mt76: mt7921: reduce mcu timeouts for suspend, offload and hif_ctrl msg
3cf5afc02955 mt76: introduce mcu_reset function pointer in mt76_mcu_ops structure
9af9622df549 mt76: mt7921: introduce mt7921_run_firmware utility routine.
e12c44a7e165 mt76: mt7921: introduce __mt7921_start utility routine
7b56d5bf6ea0 mt76: dma: introduce mt76_dma_queue_reset routine
a80e50098b51 mt76: dma: export mt76_dma_rx_cleanup routine
e0708e296e27 mt76: mt7921: add wifi reset support
87e09e8482cf mt76: mt7921: remove leftovers from dbdc configuration
cc933b3669f7 mt76: mt7921: remove redundant check on type
ca22cc221ae7 linux-firmware: add firmware for MT7921

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-03-15 14:05:43 +01:00
Felix Fietkau
5dc5015072 mac80211: backport upstream patches for driver disconnect
Needed for an mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-03-15 14:05:43 +01:00
Rosen Penev
6cd13be014 gettext-full: disable nameless locale define
It seems some packages like transmission and json-glib fail with it
enabled.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-03-14 19:25:32 -10:00
Daniel Golle
988ed00802
opkg: update to git HEAD
5936c4f libopkg: pkg_hash: prefer original packages to satisfy dependencies

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 00:48:42 +00:00
Daniel Golle
6a7a1f1c64
opkg: update to git HEAD
d3a63b3 libopkg: add option to strip ABI versions from listed names

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-14 22:55:17 +00:00
Daniel Golle
8dae189c7e
uboot-mediatek: also install production image to eMMC
Make installation to eMMC more convenient on the BPi-R64 by also
copying the production image (if valid) from SD Card to eMMC.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-14 22:15:47 +00:00
Daniel Golle
578c73fea3
uboot-mediatek: select matching U-Boot for board
Instead of building all U-Boot variants by default, build only those
needed by the selected board(s).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-14 22:00:05 +00:00
Tony Ambardar
95a3741d17 kernel: support new mdio_devres.ko module in 5.10
Add kmod-mdio-devres package and kernel config symbol, and update related
kmod-r8169 and kmod-ixgbe package dependencies.

Build tested module dependencies on x86/64 with CONFIG_ALL_KMODS=y.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-14 17:52:49 +00:00
Hauke Mehrtens
e6ba970b6e realtek: Add ZyXEL GS1900-8
The ZyXEL GS1900-8 is a 8 port switch without any PoE functionality or
SFP ports, but otherwise similar to the other GS1900 switches.

Specifications
--------------
* Device:    ZyXEL GS1900-8 v1.2
* SoC:       Realtek RTL8380M 500 MHz MIPS 4KEc
* Flash:     Macronix MX25L12835F 16 MiB
* RAM:       Nanya NT5TU128M8GE-AC 128 MiB DDR2 SDRAM
* Ethernet:  8x 10/100/1000 Mbit
* LEDs:      1 PWR LED (green, not configurable)
             1 SYS LED (green, configurable)
             8 ethernet port status LEDs (green, SoC controlled)
* Buttons:   1 on-off glide switch at the back (not configurable)
             1 reset button at the right side, behind the air-vent
               (not configurable)
             1 reset button on front panel (configurable)
* Power      12V 1A barrel connector
* UART:      1 serial header (JP2) with populated standard pin connector on
             the left side of the PCB, towards the back. Pins are labelled:
             + VCC (3.3V)
             + TX (really RX)
             + RX (really TX)
             + GND
             the labelling is done from the usb2serial connector's point of
             view, so RX/ TX are mixed up.

Serial connection parameters for both devices: 115200 8N1.

Installation
------------
Instructions are identical to those for the GS1900-10HP and GS1900-8HP.

* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs
  image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
  space bar, and enable the network:
  > rtk network on
* Since the GS1900-10HP is a dual-partition device, you want to keep the
  OEM firmware on the backup partition for the time being. OpenWrt can
  only boot off the first partition anyway (hardcoded in the DTS). To
  make sure we are manipulating the first partition, issue the following
  commands:
  > setsys bootpartition 0
  > savesys
* Download the image onto the device and boot from it:
  > tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-8-initramfs-kernel.bin
  > bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
  > sysupgrade /tmp/openwrt-realtek-generic-zyxel_gs1900-8-squashfs-sysupgrade.bin

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-14 15:07:30 +01:00
Dominick Grift
41a8f093fb selinux-policy: update to version v0.8
3d7da7a igmpproxy tidy some loose ends
c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf
5a18967 adds igmpproxy skeleton
7e6a218 logread: support resolving dns names
e39ca8b netifd: add support for /etc/udhcpc.user
7952bd0 odhcp6c: support /etc/odhcp6c.user
ba0eb4e swconfig, fwenv, agent
4556b8a pppd cosmetic
9324d9d pppd: sends AT commands to model using /dev/ttyUSBN
417b14a ttydev: add some more ttyUSB
ed739dc example: dont depend on policycoreutils
97613f9 dropbear: using dropbear as scp: dns name resolving
12c193b dropbear tcp connect ssh ports for scp
c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional
8c5de35 this is a bug
8d5c463 uhttpd rcboot rcdnsmasq
094266e hostapd and wpa_supplicant
aef0bd7 mountroot: maintains /tmp/sysupgrade.tar
24f0406 dropbear: allow it to read tmp.fs files
2901433 firstboot mkfsf2fs rcboot
2c4afb7 blockmount mmc
465ca98 adds industrial i/o (iio) nodedev
82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon
7df78bd ubus: "support" older ubusd versions that run as root
4458bce swconfig: allow using terminal (to print output)
e8d606d sslcert: openssl linked: this shaves off 200 bytes
93afffb jshn ntpdhotplug
0b847f0 wpad: reads /etc/ssl/openssl.cnf
f14ee34 indent fix
a0c7cad mtd, uhttpd, ubus and ntpdhotplug
d74f98f adds a not about checkreqprot requirement in some scenarios
affacce example: add policycoreutils-setfiles for make check
4f944dc kmodloader and fwenv:
efe36a3 netifd: adds a comment/reminder
581b087 more fw_printenv loose ends
30177a4 fw_setenv: needs mtd write access to set and delete env
da28f4c fw_printenv: some minor clean ups
a062053 fw_printenv missing rules
244ba5f blockmount: extroot and /rwm
0745a6a squid: allow squid to run sslcrtd with domain transition
b851df6 squid fix
8c55acd squid: adds certfile and allow connect http but...
b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid)
5ff39bd squid: forgot about luci
5366c97 squid/rcsquid some basic fill in
8743da6 squid skeleton
687a43b adds squid 3128 port to httpproxy port

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-14 12:56:46 +00:00
Tony Ambardar
29e2be69c4 elfutils: remove host build from target package
Commit f4da28c301 ("elfutils: Add host build") supplied a libelf host
library to fix a glib2 host build error, but this need was later removed
by b6212c8769 ("glib2: don't use libelf during host build").

More importantly, there are already two sources for libelf host libraries:
OpenWRT build prerequisites [1] and tools/libelf. A third is not needed.

Ref [1]: https://openwrt.org/docs/guide-developer/build-system/install-buildsystem#prerequisites

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-13 21:33:22 +00:00
Hannu Nyman
c1f3c52564 busybox: backport fixes for 1.33.0
Backport two fixes for 1.33.0
* history file storing
* traceroute command option parsing

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2021-03-13 21:18:02 +01:00
Daniel Golle
79b6a4bd3c
uboot-mediatek: import fix for AHCI and enable SATA
Import patch form Frank Wunderlich <frank-w@public-files.de> to fix
build of MediaTek AHCI SATA driver.
Enable that driver on Bananapi BPi-R64.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-13 20:16:03 +00:00
Alin Nastac
8704d138df xfrm: simplify the check for necessary kernel support
[ -d /sys/module/xfrm_interface ] is enough to check if
CONFIG_XFRM_INTERFACE support was enabled in kernel.

Signed-off-by: Alin Nastac <alin.nastac@technicolor.com>
2021-03-13 20:59:22 +01:00
Alin Nastac
65ca980b48 vti: use alternative way to check if kernel support is enabled
When necessary support is built in kernel, vti protocol support is
not enabled in netifd.

Signed-off-by: Alin Nastac <alin.nastac@technicolor.com>
2021-03-13 20:59:11 +01:00
Alin Nastac
8a35ebe375 gre: use alternative way to check if kernel support is enabled
When necessary support is built in kernel, gre protocol support is
not enabled in netifd.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2021-03-13 20:58:55 +01:00
Daniel Golle
997ff740dc
uboot-mediatek: fix build on Mac OS X
Copy patch added to uboot-sunxi by commit 3cc57ba462
("uboot-sunxi: add missing type __u64") also to uboot-mediatek.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-13 13:41:04 +00:00
Daniel Golle
0183ee2eb9
uboot-mediatek: update configs for MT7622 devies
* make sure USB 2.0 works (useful for UEFI-booting eg. memtest86)
 * include more useful U-Boot config options on BPi-R64.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-12 00:18:58 +00:00
Daniel Golle
9dfc2b3ca4
uboot-mediatek: update to 2021.04-rc3 with MediaTek's patches
MediaTek published their current U-Boot patchset on github:
https://github.com/mtk-openwrt/u-boot/commits/mtksoc

Import the platform patches from there (`00-mtk-*.patch`), arrange,
them nicely, drop no longer needed local patches and rebase on top of
U-Boot 2021.04-rc3.

Tested and works well on Linksys E8450 (snand-1ddr) as well as
Bananapi BPi-R64 (sdmmc-2ddr, emmc-2ddr).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-11 16:24:53 +00:00
Daniel Golle
e2cffbb805
arm-trusted-firmware-mediatek: update to 2021-03-10
Most prominently this adds changes which allow replacing the binary-
only 'bromimage' tool by U-Boot's 'mkimage' (see previous commit).
This fixes build on non-Linux and/or non-x86 platforms.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-11 16:24:48 +00:00
Daniel Golle
ce19e8fa43
tools: mkimage: add patches for 64-bit MediaTek BootROM
Add patches for mkimage to allow using it instead of the binary-only
'bromimage' tool to generate bl2 for MT7622.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-11 16:24:20 +00:00
Daniel Golle
da339a6d3f
rpcd: update to git HEAD
d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations
 ccb7517 sys: packagelist: drop ABI version from package name

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-11 00:39:16 +00:00
Daniel Golle
b5f6d20560
opkg: update to git HEAD
d71856a pkg: pass-through ABIVersion to status file

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-11 00:39:09 +00:00
Rui Salvaterra
130118f7aa netifd: add a udhcpc.user placeholder script
Document the existence of this feature. This allows the user to execute a script
at each DHCPv4 event. This is useful, for example, as an ad-hoc way to update a
DDNS entry when (and only when) required.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-03-10 20:16:22 +01:00
Rui Salvaterra
b4f3d93b5f odhcp6c: add a odhcp6c.user placeholder script
Document the existence of this feature. This allows the user to execute a script
at each DHCPv6 event. This is useful, for example, as an ad-hoc way to update a
DDNS entry when (and only when) required.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-03-10 20:16:06 +01:00
Daniel Golle
bff84f3e8e arm-trusted-firmware-mediatek: fix typo SPI-SNAND -> SPI-NAND
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-08 21:27:35 +00:00
Dominick Grift
49edc4d17f checkpolicy: update to version 3.2
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
42ae834a libsepol,checkpolicy: optimize storage of filename transitions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-08 21:27:35 +00:00
Dominick Grift
0b58ebcfe2 secilc: update to version 3.2
49ff851c secilc: fixes cil_role_statements.md example
03881703 secilc/docs: add custom color theme
4c8d6094 secilc/docs: add syntax highlighting for secil
057d72af secilc/docs: use fenced code blocks for cil examples
e8bcdb84 cil_network_labeling_statements: fixes nodecon examples
eefa5511 cil_access_vector_rules: allowx, auditallowx and dontauditx fixes
9e9b8103 secilc/docs: document expandtypeattribute
fbe1e526 Update the cil docs to match the current behaviour.

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-08 21:27:35 +00:00
Dominick Grift
68934a5704 policycoreutils: update to version 3.2
d464187c policycoreutils: sestatus belongs to bin not sbin
d59932a7 policycoreutils: Resolve path in restorecon_xattr
5682c0d5 policycoreutils/fixfiles.8: add missing file systems and merge check and verify
57dd1f65 policycoreutils/setfiles: Drop unused nerr variable
be7f54cb setfiles: drop ABORT_ON_ERRORS and related code
9207823c setfiles: Do not abort on labeling error
c064d214 selinux_config(5): add a note that runtime disable is deprecated
8bc865e1 newrole: support cross-compilation with PAM and audit
ba2d6c10 fixfiles: correctly restore context of mountpoints

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-08 21:27:35 +00:00
Dominick Grift
4670492ad7 libsemanage: update to version 3.2
c35919a7 libsemanage: sync filesystem with sandbox
5b05e829 Revert "libsemanage/genhomedircon: check usepasswd"
edae9275 libsemanage: Free contents of modkey in semanage_direct_remove
ce46daab libsemanage/genhomedircon: check usepasswd
6ebb35d2 libsemanage: Bump libsemanage.so version
c08b73d7 libsemanage: Drop deprecated functions
b46406de libsemanage: Remove legacy and duplicate symbols

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-08 21:27:35 +00:00
Dominick Grift
b1fc2b5b0b libselinux: update to version 3.2
142826a3 libselinux: fix segfault in add_xattr_entry()
398d2cee libselinux: rename gettid() to something which never conflicts with the libc
8f0f0a28 selinux(8,5): Describe fcontext regular expressions
9cc6b5cf libselinux/getconlist: report failures
156dd0de libselinux: update getseuser
e2dca5df libselinux: accept const fromcon in get_context API
da4829d0 libselinux: Always close status page fd
45b15c22 selinux(8): explain that runtime disable is deprecated
3c16aaef selinux(8): mark up SELINUX values
c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable
db0f2f38 libselinux: Add build option to disable X11 backend
4a142ac4 libsepol: Bump libsepol.so version
d23342a9 libselinux: convert matchpathcon to selabel_lookup()
7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format.
f5d644c7 libselinux: Add additional log callback details in man page for auditing.
075f9cfe libselinux: Fix selabel_lookup() for the root dir.
a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices.
a63f93d8 libselinux: initialize last_policyload in selinux_status_open()
ef902db9 libselinux: safely access shared memory in selinux_status_updated()
9e4480b9 libselinux: Remove trailing slash on selabel_file lookups.
21fb5f20 libselinux: use full argument specifiers for security_check_context in man page
e7abd802 libselinux: fix build order
05bdc031 libselinux: use kernel status page by default

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-08 21:27:35 +00:00
Dominick Grift
2a1bdde0d0 libsepol: update to version 3.2
a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails
6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf
0861c659 libsepol: Validate policydb values when reading binary policy
8f5409cf libsepol: Create function ebitmap_highest_set_bit()
0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete
32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast
4662bdc1 libsepol/cil: be more robust when encountering <src_info>
6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument
0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks
1b36ace2 libsepol: include header files in source files when matching declarations
1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check
72a88d75 libsepol: remove unused files
eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit
1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block
b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep
f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values()
5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums
34bd9a9d libsepol: destroy filename_trans list properly
bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer
b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails
228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit
a25d9104 libsepol/cil: constify some strings
e2d01842 libsepol/cil: propagate failure of cil_fill_list()
6c8fca10 libsepol/cil: do not add a stack variable to a list
38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias
3c357285 libsepol/cil: remove useless print statement
90809674 libsepol/cil: always destroy the lexer state
d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible
2aac859a libsepol/cil: Use the macro NODE() whenever possible
d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases()
9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve
e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node()
ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
89dab467 libsepol: free memory when realloc() fails
2d353bd5 libsepol/cil: Give error for more than one true or false block
4a142ac4 libsepol: Bump libsepol.so version
506c7b95 libsepol: Drop deprecated functions
ae58e84b libsepol: Get rid of the old and duplicated symbols
c97d63c6 libsepol: silence potential NULL pointer dereference warning
64387cb3 libsepol: drop confusing BUG_ON macro
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
a152653b libsepol/cil: Fix neverallow checking involving classmaps
734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy
685f577a libsepol/cil: Validate constraint expressions before adding to binary policy
8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS
42ae834a libsepol,checkpolicy: optimize storage of filename transitions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-08 21:27:35 +00:00
Daniel Golle
ffeb37047e
procd: update to git HEAD
945d0d7 utils: fix C style in header file
 2cfc26f inittab: detect active console from kernel if no console= specified

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-08 00:11:55 +00:00
Georgi Valkov
24737d85e8 bpftools: fix param order for install on macOS
Fix: bpftools 5.11.2 does not compile on macOS, because the -m option
was placed between src and dst. Corrected by moving -m 644 before src.

Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
2021-03-07 21:09:01 +00:00
Tony Ambardar
9e64e4ce26 bpftools: fix libbpf pkgconfig file
The pkgconfig file hardcodes a host library directory which cannot be
overridden by OpenWrt during builds. Use SED to fix this and potential
include directory problems, as is done with several other packages.

This fixes a strange issue intermittently seen building iproute2 on the
oxnas target:

iptables modules directory: /usr/lib/iptables
libc has setns: yes
SELinux support: no
libbpf support: no
	libbpf version 0.3.0 is too low, please update it to at least 0.1.0
	LIBBPF_FORCE=on set, but couldn't find a usable libbpf

Fixes: 2f0d672088 ("bpftools: add utility and library packages
supporting eBPF usage")
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-07 20:07:22 +00:00
Adrian Schmutzler
9397b22df1 treewide: make AddDepends/usb-serial selective
Make packages depending on usb-serial selective, so we do not have
to add kmod-usb-serial manually for every device.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-03-06 12:38:38 +01:00
Adrian Schmutzler
85b1f4d8ca treewide: remove execute bit and shebang from board.d files
So far, board.d files were having execute bit set and contained a
shebang. However, they are just sourced in board_detect, with an
apparantly unnecessary check for execute permission beforehand.

Replace this check by one for existance and make the board.d files
"normal" files, as would be expected in /etc anyway.

Note:

This removes an apparantly unused '#!/bin/sh /etc/rc.common' in
target/linux/bcm47xx/base-files/etc/board.d/01_network

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-03-06 11:30:06 +01:00
Daniel Golle
20b6e014a6 kernel: fix kmod-usb3 on platforms without PCI
Partially restore the wild-card matching for kmod-usb3 modules to fix
build on platforms without PCI which otherwise file, as seen on
buildbot:

ERROR: module '[...]/linux-5.4.102/drivers/usb/host/xhci-pci.ko' is missing.
modules/usb.mk:1675: recipe for target '[...]/kmod-usb3_5.4.102-1_mips_mips32.ipk' failed

Fixes: 7bda2e9aba ("kernel: fix kmod-usb3 dependencies")
Fixes: be23f9818a ("apm821xx: add support for kernel 5.10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-06 04:42:00 +00:00
Daniel Golle
eb030a9a82 arm-trusted-firmware-mediatek: prune now uneeded declarations
Remove unneeded delcarations form package Makefile now that everything
comes from github.com/mtk-openwrt upstream.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-06 03:28:52 +00:00
Ilya Lipnitskiy
7bda2e9aba kernel: fix kmod-usb3 dependencies
Adding CONFIG_USB_XHCI_PCI_RENESAS to KCONFIG made it so it was set
for all targets that included kmod-usb3, not just the intended
apm821xx/nand. xhci-pci has a dependency on xhci-pci-renesas if
CONFIG_USB_XHCI_PCI_RENESAS is set, breaking kmod-usb3 builds on
Linux 5.10 on all other targets.

Rework the dependencies by breaking out xhci-hcd, xhci-mtk, and
xhci-pci-renesas into new hidden kernel modules and setting kmod-usb3
dependencies properly.

Tested by building mt7621 and apm821xx/nand with kmod-usb3 on Linux 5.10

Fixes: be23f981 ("apm821xx: add support for kernel 5.10")
Cc: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-03-06 02:47:11 +00:00
Daniel Golle
9663562188
arm-trusted-firmware-mediatek: don't select DDR3_FLYBY for 1ddr
DDR3_FLYBY has accidentally been set also for the 1-chip variant which
lead to broken, unbootable images. Fix that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-05 23:55:56 +00:00
Christian Lamparter
be23f9818a apm821xx: add support for kernel 5.10 for testing
This patch copies over refreshed patches from 5.4.

 - dropped crypto patches (they got upstreamed)

 - dropped renesas USB 3 firmware loader (they got upstreamed)

 - NAND now needs extra device-properties for ECC settings.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-03-05 22:47:14 +01:00
Daniel Golle
51ef823f95
uboot-mediatek: improve BPi-R64 support
* allow MAC address from U-Boot env to be inhertied
 * allow eMMC installation to succeed also without recovery present
   on the SD Card.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-05 20:13:54 +00:00
Daniel Golle
dc416983bb arm-trusted-firmware-mediatek: update to ATF 2.4 (2021-02-25)
All necessary blobs are now contained in the upstream repository, no
more wild replacing of blobs needed.
This new version also contains new storage drivers for (SPI-)NAND which
already comes with support for FM35Q1GA, so that patch can be dropped
as well.
Tested on:
 * Bananapi BPi-R64
   - sdmmc-2ddr
   - emmc-2ddr
 * Linksys E8450
   - snand-1ddr

All works fine (booting Bananapi BPi-R64 from SD Card does NOT require
a signed image, so patch arm-trusted-firmware-mediatek to allow doing
that).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-05 17:42:10 +00:00
Rafał Miłecki
4d961436c4 bcm63xx-cfe: update to the latest master
d035016 tp-link: rename to tplink to match DT vendor prefix

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-03-05 14:56:50 +01:00
Rui Salvaterra
9a20c844f4 kernel/modules: fix CDC NCM dependencies
CDC NCM support only depends on CDC Ethernet with Linux 5.10. Fix thusly.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-03-05 14:41:14 +01:00
Florian Eckert
c24c23e185 rssileds: use new application led trigger backend
This will use the new application led trigger backend. For now this is
the only package that uses leds trigger in user space to configure the
kernel led triggers.

The callback script only emmits a message for now, so that this LED is now
managed by the rssileds service. Until now a generic warning was emitted that
this LED trigger is not supported. But that is not true.

-> Skipping trigger 'rssileds' for led '<name>' due to missing kernel module

I think this callback should be changed in the future to restart the
service.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-03-05 00:10:06 -10:00
Florian Eckert
dec14ac436 base-files: add new application led trigger backend
For now we have only kernel LED trigger support. With this change it is now
possible to use application triggers.

If we configure a LED with a non kernel trigger, then we check on every
restart and boot of the LED service if we have this trigger as an application
in "/usr/libexec/led-trigger". If this file with the name is found, then we
execute this to init the LED.

Possible use cases are:

- Start/Stop/Restart an application led trigger service for this led
- Init a LED that is configured by a hotplug script (VPN tunnel established)

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-03-05 00:10:06 -10:00
Rafał Miłecki
ac39c4bd60 bcm63xx-cfe: update to the latest master
3fb6f1c tp-link: c2300-v1: add cferam file
79f9578 sercomm: vox-2.5: add cferam file

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-03-05 10:16:00 +01:00
Daniel Golle
cec580cba8
fstools: fix build with glibc
stropts.h is unavailable under glibc (and unneeded when building
against glibc). Include it only if not building against glibc.

Reported-by: @DazzyWalkman
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-05 02:07:01 +00:00
Daniel Golle
f3f630145a
arm-trusted-firmware-mediatek: don't try to install absent files
Don't try to install files which no longer exist
Since {e,sd}mmc are now produced by ptgen they have been removed.

Fixes: 5a3562cd1d ("arm-trusted-firmware-mediatek: remove {e,sd}mmc headers")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-04 21:58:40 +00:00
Daniel Golle
5a3562cd1d arm-trusted-firmware-mediatek: remove {e,sd}mmc headers
Turned out those are simply MBR with active boot partition. And not
needed at all on emmc. Remove them as ptgen can now generate hybrid
MBR sufficient to boot MT7622 from SD Card.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-03 01:00:23 +00:00
Daniel Golle
ec76cbc521
fstools: update to git HEAD
19d7d93 libfstools: partname: several fixes

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-02 19:16:15 +00:00
Daniel Golle
1cd4a02c8e
procd: update to git HEAD
64e9f3a procd: fix compilation with newer musl

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-02 19:16:10 +00:00
Daniel Golle
c82cc4407a
libubox: update to git HEAD
2e52c7e libubox: fix BLOBMSG_CAST_INT64 (do not override BLOBMSG_TYPE_DOUBLE)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-02 19:16:04 +00:00
Daniel Golle
e3ab355dde uboot-mediatek: bpi-r64: make sure eMMC installation runs only once
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-02 01:42:34 +00:00
Daniel Golle
dba979e2dd uboot-mediatek: bpi-r64: fix eMMC installation menu label
Change boot menu label for eMMC installation to tell what it does now.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-01 20:09:31 +00:00
Daniel Golle
ded54ae196 mediatek: mt7622: bpi-r64: simplify eMMC install procedure
Write everything needed for eMMC install into the gaps between
partitions on SD card. In that way, installation to eMMC only needs
the SD card, no additional files need to be loaded via TFTP any more.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-01 19:33:46 +00:00
Daniel Golle
ebcb4f1d0a
treewide: fix spelling 'seperate' -> 'separate'
This popular spelling mistake was also introduced by myself lately.
Fix it everywhere.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 23:59:21 +00:00
Stefan Lippers-Hollmann
1ca5de13a1 hostapd: P2P: Fix a corner case in peer addition based on PD Request
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.

Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.

This fixes the following security vulnerabilities/bugs:

- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
  in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
  discovery requests. It could result in denial of service or other
  impact (potentially execution of arbitrary code), for an attacker
  within radio range.

Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2021-03-01 00:34:23 +01:00
Jan Pavlinec
0c0c9c734d igmpproxy: update to version 0.3
Changes:
- Remove custom Build/Compile because it's no longer needed
- Remove std=gnu99 which is added automaticaly by igmpproxy if needed
- Remove -Dlog from CFLAGS because igmpproxy doesn't have log function

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2021-03-01 00:34:23 +01:00
Donald Hoskins
ea6d4bdde2 libunwind: Add MIPS64 dep check
libunwind dependency check does not allow for MIPS64 arch.  Add MIPS64 awareness.

libunwind seems to support MIPS64 without issues, it was limited by the dep arch
check in the Makefile.

Used to compile Suricata6/Rust locally without issue.

Signed-off-by: Donald Hoskins <grommish@gmail.com>
2021-03-01 00:34:23 +01:00
Georgi Valkov
3cc57ba462 uboot-sunxi: add missing type __u64
Non Linux systems e.g. macOS lack the __u64 type and produce build errors:
In file included from tools/aisimage.c:9:
In file included from include/image.h:19:
In file included from ./arch/arm/include/asm/byteorder.h:29:
In file included from include/linux/byteorder/little_endian.h:13:
include/linux/types.h:146:9: error: unknown type name '__u64'; did you mean '__s64'?
typedef __u64 __bitwise __le64;

Resolved by declaring __u64 in include/linux/types.h
Build tested on macOS and Ubuntu.

Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
2021-03-01 00:34:23 +01:00
Tony Ambardar
92409dda83 bpftools: update to latest stable 5.11.2
Compile and run-tested on malta/mip32be, using bpftool directly and also
libbpf (linked with tc) to inspect and load simple eBPF programs.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-01 00:34:23 +01:00
Tony Ambardar
b048a305a3 iproute2: update to 5.11.0
The latest iproute2 version brings various improvements and fixes:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0

In particular, ip and tc now use libbpf as the standard way to load BPF
programs, rather than the old, limited custom loader. This allows more
consistent and featureful BPF program handling e.g. support for global
initialized variables.

Also fix a longstanding problem with iproute2 builds where unneeded DSO
dependencies are added to most utilities, bloating their installation
footprint. From research and testing, explicitly using a "--as-needed"
linker flag avoids the issue. Update accordingly and drop extra package
dependencies from Makefile.

Additional build and packaging updates include:

  - install missing development header to iproute2/bpf_elf.h
  - propagate OpenWrt verbose flag during build
  - update and refresh patches

Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10.

All iproute2 packages were built and installed to the test image. Some
regression testing using ip-full and tc was successfully performed to
exercise several kmods, tc modules, and simple BPF programs.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-01 00:34:23 +01:00
Rosen Penev
b77f21c98a libpcap: update to 1.10.0
Simplify cmake option handling by putting everything in blocks.

Add openssl patch as there's no easy way to disable.

Rebase the skip manpages patch.

Remove the monitor mode patch as it no longer applies.

Remove flex patch as normal Makefile is no longer used.

Remove USB path patch. While it is deprecated, the codepath is never
taken. /sys/bus/usb/devices is checked before hand. If it exists, the
function does stuff and returns. Additionally, this path is used
elsewhere in the code.

Refresh other patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-03-01 00:34:23 +01:00
Rui Salvaterra
d0d5fcada9 kernel/zram: remove obsolete symbol
Zsmalloc page table mappings are dead and gone [1]. Drop the respective kconfig
symbol.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=69dc72f058c9b98f9b66bed184cfab7c2e9f49b0

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-03-01 00:34:23 +01:00
Alexey Dobrovolsky
e12fcf0fe5 busybox: sysntpd: option to bind server to iface
NTPD in busybox has option -I to bind server to IFACE.
However, capabilities of the busybox are limited, the -I option cannot be
repeated and only one interface can be effectively specified in it.
This option is currently not configurable via UCI.
The patch adds an interface option to the system config, ntp section.
Also sort options for uci_load_validate alphabetically.

Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
2021-03-01 00:34:22 +01:00
Ronny Kotzschmar
547a932ee9 uboot-envtools: adjust compile patch to version v2021.01
with u-boot v2020.07 some variables have been renamed so this patch needs to be adjusted
otherwise at least with macOS as build system there are build errors

Signed-off-by: Ronny Kotzschmar <ro.ok@me.com>
2021-03-01 00:34:22 +01:00
Mathias Kresin
348e098054 lantiq: ltq-tapi: disable KPI and QOS
The QOS feature depends on KPI2UDP which was removed from the tree with
commit a95775e4b2 ("drop unmaintained packages") in 2012.

Since QOS was the last user of the KPI, the feature can be disabled by
default.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-03-01 00:19:58 +01:00
Mathias Kresin
e410fb159d ltq-vdsl-app: fix -Wundef warnings
The following warnings are shown during build:

/usr/include/vdsl/cmv_message_format.h:33:6: warning: "MEI_SUPPORT_DEBUG_STREAMS" is not defined, evaluates to 0 [-Wundef]
 #if (MEI_SUPPORT_DEBUG_STREAMS == 1)
      ^~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/vdsl/drv_mei_cpe_interface.h:2256:6: warning: "MEI_SUPPORT_OPTIMIZED_FW_DL" is not defined, evaluates to 0 [-Wundef]
 #if (MEI_SUPPORT_OPTIMIZED_FW_DL == 1)
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~

The headers are provided by the MEI driver, but the defines are never
set by the vdsl app. While the struct with the
MEI_SUPPORT_OPTIMIZED_FW_DL conditional isn't used by the vdsl app,
however CMV_USED_PAYLOAD_8BIT_SIZE which value depends on
MEI_SUPPORT_DEBUG_STREAMS is.

Since the MEI driver doesn't provide an autogenerated header with
compile flags, the flags are hardcoded for the vdsl app.

Set them for the MEI driver as well, to indicate a relation to the
values used for the vdsl app and to be not surprised by a changed
default in case the MEI driver gets updated. Use the current default
values defined in the MEI driver.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-03-01 00:19:58 +01:00
Daniel Golle
3ffc30f05a
selinux-policy: update to version 0.7
a857b45 resolv/locale: eventually this should be more efficient
 11ed281 some more optimization
 764a475 add redundant calls to file.search_conffile_dirs()
 7d4558e fs: treat devtmpfs that same as tmpfs
 81b677e adds irqbalance skeleton
 5506244 irqbalance rules
 cc96cd8 adds usbutil and gtpfdisk skels
 01e2a55 some fsck, gptfdisk, mkfs and usbutil rules
 d6d1e7d usbutil: output to terminal
 da576fa fsck, gptfdisk and usbutil rules
 09b39e9 unbound
 241a029 hotplugcall: allow dac_read_search (is a subset of dac_override)
 af0fe90 adds label for tcsh
 160f79e adds tcpdump
 6d02b96 adds coreutil execfile for busybox alternatives
 ac54884 coreutilexecfile: these are known to require privileges, so exclude
 8cb3b66 adds chrootexecfile
 6d329d3 this saves 9KiB and its a bit more robust
 88e2425 move addpart/delpart/partx to gptfdisk.cil
 261012d ntphotplug: reads ubox data files
 0473ace various
 740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10)
 bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31
 cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes
 07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all)
 8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap
 b8156cd adds a note about how i forgot to target blockd
 6e82ab8 adds blockd and related
 254ff43 Makefile: exclude blockd from mintesttgt
 4dc6bc2 pppd update related and unbound-odhcp rules

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 18:02:02 +00:00
Daniel Golle
b102e281a4 uboot-envtools: add defaults for Bananapi BPi-R64
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 04:12:23 +00:00
Daniel Golle
0246e48434 mt7623n-preloader: remove mt7622-preloader
mt7622-preloader has been superseeded by arm-trusted-firmware-mediatek.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 04:12:23 +00:00
Daniel Golle
03948995ab uboot-mediatek: rework support for Bananapi BPi-R64 board
Provide U-Boot variants for SD-card as well as eMMC boot, so we can
generate whole-disk images for the device.
While at it, rename 'mt7622' to 'mt7622-rfb1' to make it less confusing
now that more boards are being added.

Thanks to Frank Wunderlich (@frank-w) for making that nice SVG image
explaining the MMC boot process[1] and for providing the necessary
binary header blobs.

[1]: https://github.com/frank-w/BPI-R64-ATF
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 03:40:35 +00:00
Daniel Golle
42f3efec96 uboot-envtools: add defaults for linksys-e8450-ubi
Add U-Boot environment configuration for the Linksys E8450 (UBI) to
allow access to the bootloader environment from OpenWrt via
'fw_printenv' and 'fw_setenv'.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 01:23:48 +00:00
Daniel Golle
ed50004319 uboot-mediatek: add support for Linksys E8450
Build U-Boot for the Linksys E8450 in order to have support for UBI.
The loader has a default environment with scripts handling the reset
button as well as fall-back to recovery firmware. If the loader comes
up without a valid environment found in UBI, it will automatically
make sure UBI is formatted and create a new environment and proceed
to load recovery firmware (either from UBI or via TFTP if recovery is
corrupted or unavailable).

If the button is held down during power-on, the yellow status LED
turns on and the bootloader environment is reset to factory defaults.
If the button is released at this point, the recovery firmware (if
existing) is loaded from UBI and booted.
If the button is continously held down even beyond the point that
the yellow LED turned on, the loader will try to load the recovery
firmware via TFTP from server 192.168.1.254, write it to UBI and
boot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 01:23:48 +00:00
Daniel Golle
c16958e194 arm-trusted-firmware-mediatek: add patch for Fidelix SPI NAND
The Linksys E8450 aka. Belkin RT3200 comes with a rather fresh brand
of SPI NAND storage. Add support for it to the nandx driver in
arm-trusted-firmware-mediatek, so we can boot from that chip.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 01:23:48 +00:00
Daniel Golle
84a339f015 base-files: add support for restoring config from tmpfs
Instead of only relying in /sysupgrade.tgz being present in rootfs to
restore configuration, also grab /tmp/sysupgrade.tar which may have
magically gotten there during preinit...

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 00:09:09 +00:00
Daniel Golle
b7d125f455 fstools: update to git HEAD
bad1835 fstools: add partname volume driver

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 00:09:09 +00:00
Ilya Lipnitskiy
464451d9ab kernel: no chacha-mips.ko on mips32 r1 targets
CHACHA_MIPS depends on CPU_MIPS32_R2. Therefore,
kmod-crypto-lib-chacha20 should not contain chacha-mips.ko on MIPS32 R1
targets. Enforce that in the target-specific definition.

Fixes bcm47xx, bcm63xx, lantiq/ase, ath25 builds.

Fixes: 06351f1 ("kernel: migrate wireguard into the kernel tree")
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-27 10:14:23 +01:00
Ilya Lipnitskiy
cbcddc9f31 wireguard-tools: depend on kmod-wireguard
To the vast majority of the users, wireguard-tools are not useful
without the underlying kernel module. The cornercase of only generating
keys and not using the secure tunnel is something that won't be done on
an embedded OpenWrt system often. On the other hand, maintaining a
separate meta-package only for this use case introduces extra
complexity. WireGuard changes for Linux 5.10 remove the meta-package.
So let's make wireguard-tools depend on kmod-wireguard
to make WireGuard easier to use without having to install multiple
packages.

Fixes: ea980fb9 ("wireguard: bump to 20191226")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-02-26 20:41:01 +01:00
Ilya Lipnitskiy
0b53d6f7fa kernel: fix kmod-wireguard package fields
Use NETWORK_SUPPORT_MENU like all other modules in netsupport.mk. Drop
SECTION and CATEGORY fields as they are set by default and to match
other packages in netsupport.mk. Use better TITLE for kmod-wireguard
(taken from upstream drivers/net/Kconfig).

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-02-26 20:41:01 +01:00
Jason A. Donenfeld
e0f7f5bbce wireguard-tools: bump to 1.0.20210223
Simple version bump with accumulated fixes.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-26 20:41:01 +01:00
Ilya Lipnitskiy
06351f1bd0 kernel: migrate wireguard into the kernel tree
On Linux 5.4, build WireGuard from backports. Linux 5.10 contains
wireguard in-tree.

Add in-kernel crypto libraries required by WireGuard along with
arch-specific optimizations.

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-02-26 20:41:01 +01:00
David Bauer
9a9cf40dd9 download: add mirror alias for Debian
Add an alias for Debian packages and download them from the Debian
mirror redirector.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-26 20:41:00 +01:00
Lech Perczak
59d065c9f8 ramips: add support for ZTE MF283+
ZTE MF283+ is a dual-antenna LTE category 4 router, based on Ralink
RT3352 SoC, and built-in ZTE P685M PCIe MiniCard LTE modem.

Hardware highlighs:
- CPU: MIPS24KEc at 400MHz,
- RAM: 64MB DDR2,
- Flash: 16MB SPI,
- Ethernet: 4 10/100M port switch with VLAN support,
- Wireless: Dual-stream 802.11n (RT2860), with two internal antennas,
- WWAN: Built-in ZTE P685M modem, with two internal antennas and two
  switching SMA connectors for external antennas,
- FXS: Single ATA, with two connectors marked PHONE1 and PHONE2,
  internally wired in parallel by 0-Ohm resistors, handled entirely by
  internal WWAN modem.
- USB: internal miniPCIe slot for modem,
  unpopulated USB A connector on PCB.
- SIM slot for the WWAN modem.
- UART connector for the console (unpopulated) at 3.3V,
  pinout: 1: VCC, 2: TXD, 3: RXD, 4: GND,
  settings: 57600-8-N-1.
- LEDs: Power (fixed), WLAN, WWAN (RGB),
  phone (bicolor, controlled by modem), Signal,
  4 link/act LEDs for LAN1-4.
- Buttons: WPS, reset.

Installation:
As the modem is, for most of the time, provided by carriers, there is no
possibility to flash through web interface, only built-in FOTA update
and TFTP recovery are supported.

There are two installation methods:
(1) Using serial console and initramfs-kernel - recommended, as it
allows you to back up original firmware, or
(2) Using TFTP recovery - does not require disassembly.

(1) Using serial console:
To install OpenWrt, one needs to disassemble the
router and flash it via TFTP by using serial console:
- Locate unpopulated 4-pin header on the top of the board, near buttons.
- Connect UART adapter to the connector. Use 3.3V voltage level only,
  omit VCC connection. Pin 1 (VCC) is marked by square pad.
- Put your initramfs-kernel image in TFTP server directory.
- Power-up the device.
- Press "1" to load initramfs image to RAM.
- Enter IP address chosen for the device (defaults to 192.168.0.1).
- Enter TFTP server IP address (defaults to 192.168.0.22).
- Enter image filename as put inside TFTP server - something short,
  like firmware.bin is recommended.
- Hit enter to load the image. U-boot will store above values in
  persistent environment for next installation.
- If you ever might want to return to vendor firmware,
  BACK UP CONTENTS OF YOUR FLASH NOW.
  For this router, commonly used by mobile networks,
  plain vendor images are not officially available.
  To do so, copy contents of each /dev/mtd[0-3], "firmware" - mtd3 being the
  most important, and copy them over network to your PC. But in case
  anything goes wrong, PLEASE do back up ALL OF THEM.
- From under OpenWrt just booted, load the sysupgrade image to tmpfs,
  and execute sysupgrade.

(2) Using TFTP recovery
- Set your host IP to 192.168.0.22 - for example using:
sudo ip addr add 192.168.0.22/24 dev <interface>
- Set up a TFTP server on your machine
- Put the sysupgrade image in TFTP server root named as 'root_uImage'
  (no quotes), for example using tftpd:
  cp openwrt-ramips-rt305x-zte_mf283plus-squashfs-sysupgrade.bin /srv/tftp/root_uImage
- Power on the router holding BOTH Reset and WPS buttons held for around
  5 seconds, until after WWAN and Signal LEDs blink.
- Wait for OpenWrt to start booting up, this should take around a
  minute.

Return to original firmware:
Here, again there are two possibilities are possible, just like for
installation:
(1) Using initramfs-kernel image and serial console
(2) Using TFTP recovery

(1) Using initramfs-kernel image and serial console
- Boot OpenWrt initramfs-kernel image via TFTP the same as for
  installation.
- Copy over the backed up "firmware.bin" image of "mtd3" to /tmp/
- Use "mtd write /tmp/firmware.bin /dev/mtd3", where firmware.bin is
  your backup taken before OpenWrt installation, and /dev/mtd3 is the
  "firmware" partition.

(2) Using TFTP recovery
- Follow the same steps as for installation, but replacing 'root_uImage'
  with firmware backup you took during installation, or by vendor
  firmware obtained elsewhere.

A few quirks of the device, noted from my instance:
- Wired and wireless MAC addresses written in flash are the same,
  despite being in separate locations.
- Power LED is hardwired to 3.3V, so there is no status LED per se, and
  WLAN LED is controlled by WLAN driver, so I had to hijack 3G/4G LED
  for status - original firmware also does this in bootup.
- FXS subsystem and its LED is controlled by the
  modem, so it work independently of OpenWrt.
  Tested to work even before OpenWrt booted.
  I managed to open up modem's shell via ADB,
  and found from its kernel logs, that FXS and its LED is indeed controlled
  by modem.
- While finding LEDs, I had no GPL source drop from ZTE, so I had to probe for
  each and every one of them manually, so this might not be complete -
  it looks like bicolor LED is used for FXS, possibly to support
  dual-ported variant in other device sharing the PCB.
- Flash performance is very low, despite enabling 50MHz clock and fast
  read command, due to using 4k sectors throughout the target. I decided
  to keep it at the moment, to avoid breaking existing devices - I
  identified one potentially affected, should this be limited to under
  4MB of Flash. The difference between sysupgrade durations is whopping
  3min vs 8min, so this is worth pursuing.

In vendor firmware, WWAN LED behaviour is as follows, citing the manual:
- red - no registration,
- green - 3G,
- blue - 4G.
Blinking indicates activity, so netdev trigger mapped from wwan0 to blue:wwan
looks reasonable at the moment, for full replacement, a script similar to
"rssileds" would need to be developed.

Behaviour of "Signal LED" in vendor firmware is as follows:
- Off - no signal,
- Blinking - poor coverage
- Solid - good coverage.

A few more details on the built-in LTE modem:
Modem is not fully supported upstream in Linux - only two CDC ports
(DIAG and one for QMI) probe. I sent patches upstream to add required device
IDs for full support.
The mapping of USB functions is as follows:
- CDC (QCDM) - dedicated to comunicating with proprietary Qualcomm tools.
- CDC (PCUI) - not supported by upstream 'option' driver yet. Patch
  submitted upstream.
- CDC (Modem) - Exactly the same as above
- QMI - A patch is sent upstream to add device ID, with that in place,
  uqmi did connect successfully, once I selected correct PDP context
  type for my SIM (IPv4-only, not default IPv4v6).
- ADB - self-explanatory, one can access the ADB shell with a device ID
  added to 51-android.rules like so:

SUBSYSTEM!="usb", GOTO="android_usb_rules_end"
LABEL="android_usb_rules_begin"
SUBSYSTEM=="usb", ATTR{idVendor}=="19d2", ATTR{idProduct}=="1275", ENV{adb_user}="yes"
ENV{adb_user}=="yes", MODE="0660", GROUP="plugdev", TAG+="uaccess"
LABEL="android_usb_rules_end"

While not really needed in OpenWrt, it might come useful if one decides to
move the modem to their PC to hack it further, insides seem to be pretty
interesting. ADB also works well from within OpenWrt without that. O
course it isn't needed for normal operation, so I left it out of
DEVICE_PACKAGES.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[remove kmod-usb-ledtrig-usbport, take merged upstream patches]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-26 13:57:54 +01:00
David Bauer
a7ff66e2d2 rtl8812au-ct: fix PKG_MIRROR_HASH
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-24 22:28:27 +01:00
Daniel Golle
f38c54c635
arm-trusted-firmware-mediatek: correct location of PKG_LICENSE
As PKG_LICENSE is originally set by include/trusted-firmware-a.mk it
can only be appended after that. Hence move that line below the
include to actually make sense.
(cosmetical change, already slipped into openwrt-21.02 branch)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-24 19:01:14 +00:00
Adrian Schmutzler
702147b797 imx-bootlets: refresh patches
Tidy this up a little.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-24 16:15:02 +01:00
Adrian Schmutzler
221eefaf6b zlib: properly split patches
This package had two patches (with two headers etc.) in one file,
which would have quilt merging them during a refresh.

Separate these patches into two files, as the original intent seems
to be having them separate.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-24 14:08:29 +01:00
Daniel Golle
287bd78e6f
base-files: remove unneeded '$' signs in nand.sh
When using Shell arithmetric evaluation via $((..)) the variables in
the expression do not need to be prefixed by the '$' sign.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-24 11:42:02 +00:00
Daniel Golle
5c10f26c28 sysupgrade-nand: allow limiting rootfs_data by setting env variable
Check if firmware environment variable 'rootfs_data_max' exists and is
set to a numerical value greater than 0. If so, limit rootfs_data
volume to that size instead of using the maximum available size.

This is useful on devices with lots of flash where users may want to
have eg. a volume for persistent logs and statistics or for external
applications/containers. Persistence on rootfs overlay is limited by
the size of memory available during the sysugprade process as that
data needs to be copied to RAM while the volume is being recreated
during sysupgrade. Hence it is unsuitable for keeping larger amounts
of data accross upgrade which makes additional volume(s) for
application data desirable.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-24 01:35:20 +00:00
Daniel Golle
e6aac8d98f image: add support for building FIT image with filesystem
Allow for single (external-data) FIT image to hold kernel, dtb and
squashfs. In that way, the bootloader verifies the system integrity
including the rootfs, because what's the point of checking that the
hash of the kernel is correct if it won't boot in case of squashfs
being corrupted? Better allow bootloader to check everything needed
to make it at least up to failsafe mode. As a positive side effect
this change also makes the sysupgrade process on nand potentially
much easier as it is now.
In short: mkimage has a parameter '-E' which allows generating FIT
images with 'external' data rather than embedding the data into the
device-tree blob itself. In this way, the FIT structure itself remains
small and can be parsed easily (rather than having to page around
megabytes of image content). This patch makes use of that and adds
support for adding sub-images of type 'filesystem' which are used to
store the squashfs. Now U-Boot can verify the whole OS and the new
partition parsers added in the Linux kernel can detect the filesystem
sub-images, create partitions for them, and select the active rootfs
volume based on the configuration in FIT (passing configuration via
device tree could be implemented easily at a later stage).

This new FIT partition parser works for NOR flash (on top of mtdblock),
NAND flash (on top of ubiblock) as well as classic block devices
(ie. eMMC, SDcard, SATA, NVME, ...).
It could even be used to mount such FIT images via `losetup -P` on a
user PC if this patch gets included in Linux upstream one day ;)

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-24 01:35:20 +00:00
Rosen Penev
fb83efb626 pcre: disable C++ bindings
Nothing uses them. Allows to simplify the Makefile.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-24 00:30:40 +01:00
Hauke Mehrtens
030bc39c35 ppp: Update to version 2.4.9
Upstream integrated multiple patches from Distributions and did other
changes:
* rp-pppoe.so was renamed to pppoe.so
* Converted to ANSI C

The following patches were applied upstream:
* 100-debian_ip-ip_option.patch
* 101-debian_close_dev_ppp.patch
* 103-debian_fix_link_pidfile.patch
* 106-debian_stripMSdomain.patch
* 107-debian_pppoatm_wildcard.patch
* 110-debian_defaultroute.patch
* 202-no_strip.patch

Compilation with musl libc was fixed upstream so
140-pppoe_compile_fix.patch is not needed any more

Parts of the 203-opt_flags.patch patch were applied in a different way
upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-24 00:30:20 +01:00
Eneas U de Queiroz
12a80e44b9 openssl: always build with GOST engine support
The packages feed has a proposed package for a GOST engine, which needs
support from the main openssl library.  It is a default option in
OpenSSL.  All that needs to be done here is to not disable it.

Package increases by a net 1-byte, so it is not really really worth
keeping this optional.

This commit also includes a commented-out example engine configuration
in openssl.cnf, as it is done for other available engines.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-02-23 21:10:56 +01:00
Stijn Segers
b5bc53813d uboot-envtools: add support for ZyXEL GS-1900-8HP v1 and v2
This adds the necessary nuts and bolts for the uboot settings for both the ZyXEL GS1900-8HP v1 and v2.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2021-02-23 21:10:56 +01:00
Eneas U de Queiroz
d1dfb577f1 wolfssl: bump to v4.7.0-stable
Biggest fix for this version is CVE-2021-3336, which has already been
applied here.  There are a couple of low severity security bug fixes as
well.

Three patches are no longer needed, and were removed; the one remaining
was refreshed.

This tool shows no ABI changes:
https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-02-23 21:10:56 +01:00
Ilya Lipnitskiy
17f7b217d3 wireguard: don't build on Linux 5.10
There are efforts underway to bring wireguard in-tree for Linux 5.4 and
to have a common build infrastructure for both 5.4 and 5.10 for
kmod-wireguard[0]. Until then, restrict kmod-wireguard to build only on
Linux 5.4, because the wireguard-compat package will not build on Linux
5.10.

[0]: https://github.com/openwrt/openwrt/pull/3885

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-02-23 20:13:30 +01:00
Ilya Lipnitskiy
30b482551d kernel: 5.10: fix kmod build failures
Modify existing modules to reflect their new location in Linux 5.10. Add
missing dependenices.

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
[enable CRYPTO_USER_API_ENABLE_OBSOLETE; add kmod-crypto-hash dependency
to usb-net-rtl8152]
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-23 20:13:22 +01:00
Ilya Lipnitskiy
57fdcf66f0 kernel: 5.10: fix rtl8812au-ct build
Pull in upstream:
c8d243936f
1e9689c89f

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-02-23 20:13:15 +01:00
Daniel Golle
9cd089dbbf arm-trusted-firmware-mediatek: use @OPENWRT mirror for blobs
Now that mirrors have picked it up, switch to using the @OPENWRT
mirror instead of hosting those files on Github.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-23 18:03:27 +00:00
Daniel Golle
5f1bd95278
procd: update to git HEAD
2be57ed cosmetics: provide compatible system info on Aarch64
 37eed13 system: expose if system was booted from initramfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-23 13:16:23 +00:00
Daniel Golle
068c82039f arm-trusted-firmware-mediatek: bring back package
* use binary provided by MediaTek to work-around 'bromimage' issue
 * refactor Makefile
 * add mt7622 1c variants (using binaries provided by MTK)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-23 12:28:49 +00:00
Álvaro Fernández Rojas
00f6944f16 bcm63xx-cferam: select for bmips target
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-22 18:09:03 +01:00
Álvaro Fernández Rojas
f107e1668c mtd: fixtrx: support CFE imagetag on bmips target
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-22 18:09:03 +01:00
Georgi Valkov
4b37e3bc2b libusb: Fix parsing of descriptors for multi-configuration devices
Prerequisite patch:
Correct a typo in the Changelog and clean up a stray file

Fix changes in libusb which introduced a regression:
Commit e2be556bd2 ("linux_usbfs: Parse config descriptors during device
initialization") introduced a regression for devices with multiple
configurations. The logic that verifies the reported length of the
configuration descriptors failed to count the length of the
configuration descriptor itself and would truncate the actual length by
9 bytes, leading to a parsing error for subsequent descriptors.

Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
2021-02-21 10:12:10 -10:00
Adrian Schmutzler
910b5d669f tfa-layerscape: build fiptool again
The ls-ddr-phy package needs fiptool options that are not
available via the version from arm-trusted-firmware-tools.
This breaks build for layerscape with the recently added LX2160a:

  create: unrecognized option '--ddr-immem-udimm-1d'

Use the tfa-layerscape variant again for now, but rename it to
fiptool-layerscape to indicate that it's a specific variant.

This reverts 84bc7d31e0 ("tfa-layerscape: don't build fiptool").

Fixes: f59d7aab2a ("layerscape: add ddr-phy package")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-21 00:01:36 +01:00
Petr Štetiar
1bf6d70e60 openwrt-keyring: add OpenWrt 21.02 GPG/usign keys
49283916005d usign: add 21.02 release build pubkey
bc4d80f064f2 gpg: add OpenWrt 21.02 signing key

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-02-20 15:59:47 +01:00
Andreas Eberlein
a3e6521c1a x86: add led driver for PC Engines APU1
This driver adds the LED support for the PC Engines APU1.
This integrates the Linux kernel driver and includes a patch to support
 newer firmware versions. Also the default LED configuration is updated
 to use the correct devices.

Signed-off-by: Andreas Eberlein <foodeas@aeberlein.de>
2021-02-20 00:29:18 -10:00
Christian Lamparter
09e66112f1 wolfssl: fix Ed25519 typo in config prompt
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-02-20 11:11:13 +01:00
Raphaël Mélotte
fb860b4e41 hostapd: backport ignoring 4addr mode enabling error
This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled") which fixes same
issue as in the current fix contained in '130-wpa_supplicant-multi_ap_roam.patch',
but in a different way:

 nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
 an interface that is in a bridge and has 4addr mode already enabled.
 This operation would not have been necessary in the first place and this
 failure results in disconnecting, e.g., when roaming from one backhaul
 BSS to another BSS with Multi AP.

 Avoid this issue by ignoring the nl80211 command failure in the case
 where 4addr mode is being enabled while it has already been enabled.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-02-20 10:38:48 +01:00
David Bauer
10e84bde36 openssl: update package sources
OpenSSL downloads itself are distributed using Akamai CDN, so use these
sources as the highest priority.

Remove a stale mirror which seems to be offline for a longer time
already.

Add fallbacks to the old release path also for the mirrors.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-20 01:26:40 +01:00
Yangbo Lu
80dcd14abe layerscape: add LX2160ARDB (Rev2.0 silicon) board support
The QorIQ LX2160A reference design board provides a comprehensive platform
that enables design and evaluation of the LX2160A processor.

- Enables network intelligence with the next generation Datapath (DPPA2)
  which provides differentiated offload and a rich set of IO, including
  10GE, 25GE, 40GE, and PCIe Gen4

- Delivers unprecedented efficiency and new virtualized networks

- Supports designs in 5G packet processing, network function
  virtualization, storage controller, white box switching, network
  interface cards, and mobile edge computing

- Supports all three LX2 family members (16-core LX2160A; 12-core LX2120A;
  and 8-core LX2080A)

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-19 15:29:46 +01:00
Yangbo Lu
f59d7aab2a layerscape: add ddr-phy package
Add ddr-phy package for layerscape. Currently only LX2160ARDB
requires the package.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-19 15:27:45 +01:00
Yangbo Lu
2c2d77bd3b layerscape: add FRWY-LS1046A board support
The LS1046A Freeway board (FRWY) is a high-performance computing,
evaluation, and development platform that supports the QorIQ
LS1046A architecture processor capable of support more than 32,000
CoreMark performance. The FRWY-LS1046A board supports the QorIQ
LS1046A processor, onboard DDR4 memory, multiple Gigabit Ethernet,
USB3.0 and M2_Type_E interfaces for Wi-Fi.

The FRWY-LS1046A-TP includes the Coral Tensor Flow Processing Unit
that offloads AI/ML inferencing from the CPU to provide significant
boost for AI/ML applications. The FRWY-LS1046A-TP includes one M.2
TPU module and more modules can easily be added including USB
versions of the module to scale the AI/ML performance.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[rebase, use AUTORELEASE, fix sorting, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-19 15:27:15 +01:00
Álvaro Fernández Rojas
7febba3e50 cypress-firmware: fix PKG_SOURCE_URL
Download link has been moved.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-19 11:06:23 +01:00
Álvaro Fernández Rojas
1d3a9b1c00 bcm27xx-userland: update to latest version
Adds some fixes and removes upstreamed patch.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-18 23:42:46 +01:00
Álvaro Fernández Rojas
f41e653da9 bcm27xx-gpu-fw: update to latest version
This is needed to add support for CM4 and RPI 400.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-18 23:42:46 +01:00
Mathias Kresin
d2d32dcd5f kernel: lantiq: fix Module.symvers handling
If an external module uses exported symbols from another external
module, Kbuild needs to have full knowledge of all symbols to
avoid spitting out warnings about undefined symbols.

Use PKG_EXTMOD_SUBDIRS to point to the build directory which contains
the Module.symvers.

Pass KERNEL_MAKE_FLAGS to the external module build, to inject
KBUILD_EXTRA_SYMBOLS. KBUILD_EXTRA_SYMBOLS holds a space separated list
of Module.symvers, which list all exported symbols.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-02-18 08:43:08 +01:00
Eneas U de Queiroz
482c9ff289 openssl: bump to 1.1.1j
This fixes 4 security vulnerabilities/bugs:

- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
  SSLv2, but the affected functions still exist. Considered just a bug.

- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
  EVP_DecryptUpdate may overflow the output length argument in some
  cases where the input length is close to the maximum permissable
  length for an integer on the platform. In such cases the return value
  from the function call will be 1 (indicating success), but the output
  length value will be negative.

- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
  create a unique hash value based on the issuer and serial number data
  contained within an X509 certificate. However it was failing to
  correctly handle any errors that may occur while parsing the issuer
  field (which might occur if the issuer field is maliciously
  constructed). This may subsequently result in a NULL pointer deref and
  a crash leading to a potential denial of service attack.

- Fixed SRP_Calc_client_key so that it runs in constant time. This could
  be exploited in a side channel attack to recover the password.

The 3 CVEs above are currently awaiting analysis.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-02-17 09:24:47 +01:00
Rosen Penev
b59905f045 gettext-full: update to 0.21
Add m4 patch to avoid conflict with tools/autoconf-archive.

Add build parallel as it seems to work now.

Remove a bunch of uClibc-ng hacks as it is not in the tree anymore.

Format security patch was fixed upstream.

Refreshed other patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-16 19:27:55 -10:00
Felix Fietkau
b10d604459 kernel: add linux 5.10 support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-16 20:06:51 +01:00
Felix Fietkau
d02088762a build: reorder more BuildPackages lines to deal with ABI_VERSION
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-16 11:29:38 +01:00
Álvaro Fernández Rojas
a5c4c40476 ath10k-ct: switch to 5.10
Let's switch to 5.10 now that mac80211 has been updated.
Runtime-tested on ipq806x (Netgear R7800).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-16 07:31:28 +01:00
Felix Fietkau
46b6ee7ffc util-linux: move libuuid BuildPackage line further up to fix ABI versioning
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-16 00:00:14 +01:00
Hauke Mehrtens
1132340a22 mac80211: Update to version 5.10.16-1
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 22:29:42 +01:00
Hauke Mehrtens
0cde9a0a65 mac80211: Refresh patches again
A wrong quilt configuration was used last time.

Fixes: ed1e234d87 ("mac80211: refresh patches")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 22:29:42 +01:00
Felix Fietkau
8edb1797d5 libubox: update to the latest version, set ABI_VERSION dynamically
2537be018587 cmake: add a possibility to set library version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 19:41:13 +01:00
Felix Fietkau
26a899e3e8 wolfssl: use libtool patch for PKG_ABI_VERSION
Makes it unnecessary to patch .so files after build

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 18:47:19 +01:00
Felix Fietkau
0a497c4640 libubox: use build system variable to specify ABI version
This removes the need to patch it afterwards

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 18:47:19 +01:00
Felix Fietkau
f378d81da6 wolfssl: use dynamic ABI_VERSION depending on the configuration and package version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 07:40:47 +01:00
Felix Fietkau
a933c26852 libubox: use PKG_ABI_VERSION
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 07:40:45 +01:00
Daniel Golle
d79eeba688
odhcpd: setup dhcpv4 server automagically
Automatically setup dhcpv4 server just like it's done for dhcpv6.
To select whether odhcpd or dnsmasq are serving DHCPv4 requests there
still is the 'maindhcp' option. To make things less confusing, make
sure things really work out-of-the-box in case dnsmasq is not even
installed at the time the uci-defaults script is being run.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-15 00:34:43 +00:00
Hauke Mehrtens
304df2836a Revert "wolfssl: use dynamic ABI_VERSION depending on the configuration and package version"
This fixes the build on MIPS BE like ath25 and ath79 target.
We get this error message when linking libwolfssl:
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so when searching for -lwolfssl
mips-openwrt-linux-musl/bin/ld: cannot find -lwolfssl
collect2: error: ld returned 1 exit status

This reverts commit 2591c83b34.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 01:15:49 +01:00
Hauke Mehrtens
505a808302 Revert "libubox: use PKG_ABI_VERSION"
This fixes the build on MIPS BE like ath25 and ath79 target.
We get this error message when linking libubox:
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so when searching for -lubox

This reverts commit f421fefa8a.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 01:15:49 +01:00
Petr Štetiar
be0192edb8 Revert "uboot-imx6: bump to 2021.01 release"
This reverts commit 50a5a8993d as the bump
to 2021.01 unveiled issue with missing swig host tool needed for
mx6cuboxi's SPL.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-02-14 23:28:07 +01:00
Felix Fietkau
f118be0712 ath9k: fix transmitting to stations in dynamic SMPS mode
When transmitting to a receiver in dynamic SMPS mode, all transmissions that
use multiple spatial streams need to be sent using CTS-to-self or RTS/CTS to
give the receiver's extra chains some time to wake up.
This fixes the tx rate getting stuck at <= MCS7 for some clients, especially
Intel ones, which make aggressive use of SMPS.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:55:45 +01:00
Felix Fietkau
bc3963764d mt76: update to the latest version
261d184cebdc mt76: introduce mt76_vif data structure
50349a8664ef mt76: mt76_connac: create mcu library
c88859180c51 mt76: mt76_connac: move hw_scan and sched_scan routine in mt76_connac_mcu module
9856236ab4f9 mt76: mt76_connac: move WoW and suspend code in mt76_connac_mcu module
2da59aacdd50 mt76: mt76_connac: move pm data struct in mt76_connac.h
16be142e40fe mt76: mt76_connac: move pm utility routines in mt76_connac_lib module
c4ccfc66347d mt76: mt7921: add MAC support
8ecf3a50e7ad mt76: mt7921: add MCU support
92c1717f9a55 mt76: mt7921: add DMA support
1cecf9c3da8b mt76: mt7921: add EEPROM support
a9e68410b9ba mt76: mt7921: add ieee80211_ops
39d6f4851b06 mt76: mt7921: introduce mt7921e support
9f37baecf5d6 mt76: mt7921: add debugfs support
b16cf6e26998 mt76: mt7921: introduce schedule scan support
5aa798ee56c7 mt76: mt7921: introduce 802.11 PS support in sta mode
e67d5216f16d mt76: mt7921: introduce support for hardware beacon filter
cb99bf4655f9 mt76: mt7921: introduce beacon_loss mcu event
71f9f09ee987 mt76: mt7921: introduce PM support
2beb9c9530d4 mt76: mt7921: rely on mt76_connac_mcu common library
59e682497d12 mt76: mt7921: rely on mt76_connac_mcu module for sched_scan and hw_scan
1ccf6a9c60cd mt76: mt7921: rely on mt76_connac_mcu module for suspend and WoW support
f8d1ec5e6e11 mt76: mt7921: introduce Runtime PM support
633a1cbd8f4e mt76: mt7921: introduce regdomain notifier support
0d95c6ad1745 mt76: mt7921: enable MSI interrupts
5f4f6792fb37 mt76: mt7921: add coredump support
47eb00e13450 mt76: mt7663: introduce coredump support
26658849a465 mt76: mt7615: fix key set/delete issues
b0ba039bc2ef mt76: mt7615: fix tx skb dma unmap
892f74d37e88 mt76: mt7915: fix tx skb dma unmap
2659f6c6ea23 mt76: mt7615: support loading EEPROM for MT7613BE
b09cc8644529 mt76: dma: do not report truncated frames to mac80211
ae6473f1d2af mt76: mt7921: enable random mac addr during scanning
b59e3677476d mt76: mt7921: remove unnecessary variable
781911f167aa mt76: mt7921: removed unused definitions in mcu.h
994893d38d51 mt76: always use WTBL_MAX_SIZE for tlv allocation
e6c0948ada07 mt76: mt76x0: disable GTK offloading
a75302bcbfe1 mt76: connac: always check return value from mt76_connac_mcu_alloc_wtbl_req
8da10d6f9251 mt76: mt7915: always check return value from mt7915_mcu_alloc_wtbl_req
80a87412e9e9 mt76: mt7915: fix uninitialized variable in mt7915_tm_set_tx_cont()
c7d98fc35865 mt76: use PCI_VENDOR_ID_MEDIATEK to avoid open coded
b5228e75e422 mt76: mt7921: switch to new api for hardware beacon filter
73fce2cbfa41 mt76: connac: fix up the setting for ht40 mode in mt76_connac_mcu_uni_add_bss
2e2cb71901e8 mt76: mt7921: fixup rx bitrate statistics
2d7b1d72b43b mt76: mt7921: add flush operation
96b4c9874e16 mt76: mt7921: fix uninitialized pointer access in mt7921_get_wtbl_info
4492d801cbb5 mt76: connac: update sched_scan cmd usage
200c1b1c234b mac80211: rename csa counters to countdown counters
0d7564d0d899 mt76: add support for 802.3 rx frames
4c0811c647b9 mt76: mt7915: enable hw rx-amsdu de-aggregation
4b7a68634ff6 mt76: mt7915: add rx checksum offload support
289cd7804587 mt76: mt7915: add support for rx decapsulation offload

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:55:45 +01:00
Felix Fietkau
2591c83b34 wolfssl: use dynamic ABI_VERSION depending on the configuration and package version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:52 +01:00
Felix Fietkau
f421fefa8a libubox: use PKG_ABI_VERSION
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:52 +01:00
Felix Fietkau
9cb63f5360 mac80211: fix a regression in processing rx stats
A logic error caused rx rate update to be missed for any driver not using
fast-rx

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
ed1e234d87 mac80211: refresh patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
072bfe2113 mac80211: add minstrel performance improvements
Reduce fluctuations in rate selection / statistics

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
b6066846ad mac80211: add decapsulation offload support
On hardware that supports this, this will improve performance by passing
802.3 frames from the hardware to the stack

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
8fc2cfea87 mac80211: fix a corner case in encapsulation offload support
Fix encryption key selection with WEP

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
268210cec8 mac80211: add fq performace improvements
Improves performance under load

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Rosen Penev
6d103beb15 libnftnl: update to 1.1.8
Fix license information.

Fix wrong ABI version. The library is versioned as libnftnl.so.11.4.0

Add PKG_BUILD_PARALLEL for faster compilation.

Remove autoreconf as nothing is being patched.

Minor cleanups for consistency between packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 19:38:15 +01:00
Rosen Penev
1c264de177 libevent2: update to 2.1.12
Remove upstream backports.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 19:38:15 +01:00
Rosen Penev
8cb7d13aa7 readline: update to 8.1
Fix license.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 19:38:15 +01:00
Rosen Penev
26e152e1dd gmp: update to 6.2.1
Fix license information.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 19:38:15 +01:00
Rosen Penev
91aa8e5546 f2fs-tools: update to 1.14.0
Fix license information.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 19:38:15 +01:00
Rosen Penev
ce4cb8e51d busybox: remove useless busybox patches
The first two are useless as /bin/sh can execute those scripts just
fine. Shellcheck reports no problems.

Telnetd patch is useless as telnet is no longer used in OpenWrt.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 15:36:09 +01:00
Rosen Penev
0275ee5dde busybox: update to 1.33
Remove stime backport.

Remove static libgcc patch as upstream fixed it with
BUSYBOX_DEFAULT_STATIC_LIBGCC which defauls to off.

Remove date -k patch as it no longer applies. It's also pointless as
busybox' hwclock utility can do the same thing.

Remove ntpd patch as that seems to have been applied upstream.

Add smalll patch fixing compilation with SELinux. Upstream commit
2496616b0a8d1c80cd1416b73a4847b59b9f969a renamed the variable without
renaming it in the SELinux path.

Refresh config and patches.

Config refresh:

Refresh commands, run after busybox is first built once:

  cd package/utils/busybox/config/
  ../convert_menuconfig.pl ../../../../build_dir/target-mips_24kc_musl/busybox-default/busybox-1.33.0
  cd ..
  ./convert_defaults.pl < ../../../build_dir/target-mips_24kc_musl/busybox-default/busybox-1.33.0/.config > Config-defaults.in

Manual edits needed afterward:

* Config-defaults.in:  OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in:  OpenWrt configTARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)
* editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)
* shell/Config.in : change at "Options common to all shells"  the symbol
  SHELL_ASH  -->  BUSYBOX_CONFIG_SHELL_ASH
   (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
     Apparently our script does not see the hidden option while
     prepending config options with "BUSYBOX_CONFIG_" which leads to a
     missed dependency when the options are later evaluated.)
* Edit Config.in files by adding quotes to sourced items in
  config/Config.in, networking/Config.in and util-linux/Config.in (commit 1da014f)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[Added comments from Hannu Nyman to commit message]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 15:15:32 +01:00
Rosen Penev
157cd0bd97 base-files: use hwclock --systz
The date -k patch is non standard and will be removed in the next
commit.

Tested behavior to be identical with a simple C program:

 #define _GNU_SOURCE
 #include <unistd.h>
 #include <stdio.h>
 #include <sys/time.h>
 #include <sys/syscall.h>

int main()
{
        struct timezone tt;
	struct timezone tz;

        int a = syscall(SYS_gettimeofday, NULL, &tt);
        int b = gettimeofday(NULL, &tz);
        printf("%d - %d, %d\n", a, tt.tz_minuteswest, tt.tz_dsttime);
        printf("%d - %d, %d\n", b, tz.tz_minuteswest, tz.tz_dsttime);
}

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 15:15:32 +01:00
Hauke Mehrtens
da283a8f2c iw: Update to version 5.9
The nl80211.h file is mostly matching kernel 5.10, so remove most of our
changes from the patch.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-14 15:15:32 +01:00
Hauke Mehrtens
12424edff5 mac80211: Update to version 5.10-rc6-1
The removed patches were applied upstream.

This adapts ath10k-ct and mt76 to changed APIs.
nl80211.h in iw is updated to match the version from backports.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-14 15:15:29 +01:00
Hauke Mehrtens
bf6f7cf29b mac80211: Update to version 5.9.12-1
The removed patches were applied upstream.

Remove the 300-mac80211-optimize-skb-resizing.patch.
This patch was not applied upstream, but it conflicts with upstream
changes and needs bigger changes. It was applied with Felix to remove
this patch for now. It should be reworked and then send upstream later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-14 15:13:40 +01:00
Petr Štetiar
50a5a8993d uboot-imx6: bump to 2021.01 release
Refreshed all patches, removed 110-mx6cuboxi-mmc-fallback.patch as it
seems, that upstream has probably added similar funcionality in commit
6c3fbf3e456c ("mx6cuboxi: customize board_boot_order to access eMMC")
and it needs to be re-verified by device owner.

Run tested on apalis.

Cc: Felix Fietkau <nbd@nbd.name>
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-02-14 09:31:30 +01:00
Daniel Golle
11ccf108f2 iwinfo: update to version 2021-01-31
5a2dd18 iwinfo: add hardware description for MediaTek MT7622
 4a32b33 iwinfo: add PCI ID for MediaTek MT7613BE

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-13 19:20:49 +00:00
Raphaël Mélotte
68073e2d46 hostapd: add patch for setting 4addr mode in multi_ap
This patch is required to be able to roam from one backhaul AP to
another one in the same ESS.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(daniel@makrotopia.org: PKG_REVISION bump and refreshed patches)
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-13 13:44:22 +00:00
Raphaël Mélotte
14b9100f1c hostapd: reconfigure wps credentials on reload
This patch fixes a bug that prevents updating Multi-AP credentials
after hostapd has started.

It was sent to upstream hostapd here:
https://patchwork.ozlabs.org/bundle/rmelotte/hostapd:%20update%20WPS%20credentials%20on%20SIGHUP/

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-12 08:52:41 +01:00
Raphaël Mélotte
59fa9c28d6 hostapd: add notifications for management frames
This patch allows other applications to get events management
frames (for example: association requests).

This is useful in Multi-AP context to be able to save association
requests from stations.

It has been sent to upstream hostapd in this series:
https://patchwork.ozlabs.org/project/hostap/list/?series=217500

'700-wifi-reload.patch' is updated due to the introduction of
'110-notify-mgmt-frames.patch'.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-12 08:52:41 +01:00
Antti Seppälä
38646938a4 ltq-ptm: Update VR9 PTM firmware
After looking at various vendor GPL source code dumps I discovered that some
of them contain updated versions of ltq-ptm driver when compared to what
openwrt has.

The driver update is mostly cursory (simple changes to comments, whitespace,
formatting etc.) or adds debug features not used by openwrt.

However the updated driver also contains a later version of PTM firmware which
is extracted and included in this commit along with bits to correctly identify
its version when driver loads.

Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
2021-02-12 05:07:04 +00:00
Daniel Golle
dba76a85de arm-trusted-firmware-tools: add patch to pass LDFLAGS
This should hopefully fix builds on the buildbot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-10 19:19:18 +00:00
Daniel Golle
670bfc86c8 arm-trusted-firmware-mediatek: mark @BROKEN until bromimage gets fixed
The 'bromimage' tool which is used to wrap bl2 with a MediaTek-specific
header is distributed in binary form only and unfortunately tries to
dynamically link against libopenssl, which fails on the buildbots.
Wait for MTK to provide a at least static executable instead, in the
meantime, mark the package as broken.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-10 02:48:57 +00:00
Daniel Golle
ffa0ae17f7
arm-trusted-firmware-tools: fix passing of CFLAGS
HOST_CFLAGS were ignored as they were passed on incorrectly which lead
to build failure if OpenSSL wasn't present on the build host.
Fix that by properly passing HOST_CFLAGS when building each tool.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-10 01:20:58 +00:00
Hauke Mehrtens
1f559cafe5 wolfssl: Backport fix for CVE-2021-3336
This should fix CVE-2021-3336:
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not
cease processing for certain anomalous peer behavior (sending an
ED22519, ED448, ECC, or RSA signature without the corresponding
certificate).

The patch is backported from the upstream wolfssl development branch.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-09 23:12:49 +01:00
Daniel Golle
ff076f873f
arm-trusted-firmware-tools: remove tools which require libopenssl
They are anyway not used for now, so only build fiptool and sptool.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-09 20:24:58 +00:00
Hauke Mehrtens
98d61b516f uboot-envtools: Update to version 2021.01
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-08 22:46:27 +01:00
Andre Heider
3e7c7d4446 ltq-dsl-base: remove usused lantiq_dsl.sh
All users have been converted to ubus.

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Andre Heider
dea953744d ltq-adsl-app: use ubus to provide metrics
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-02-08 21:43:00 +01:00
Andre Heider
5e1a929bf2 ltq-vdsl-app: use ubus to provide metrics
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Andre Heider
42fc827b11 ltq-adsl-app: add ubus support to get metrics
As with ltq-vdsl-app, see previous commit.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-02-08 21:43:00 +01:00
Andre Heider
5372205ca9 ltq-vdsl-app: add ubus support to get metrics
Add a 'dsl' ubus object with a 'metrics' function to replace the
expensive shell parsing done by /etc/init.d/dsl_control [dsl|luci]stat.

All metrics are gathered by using syscalls. An additional thread is started
to handle ubus events.

$ time /etc/init.d/dsl_control dslstat
real	0m 2.66s
user	0m 0.90s
sys	0m 1.76s

$ time ubus call dsl metrics
real	0m 0.02s
user	0m 0.00s
sys	0m 0.01s

Example output:
{
	"api_version": "4.17.18.6",
	"firmware_version": "5.8.1.5.0.7",
	"chipset": "Lantiq-VRX200",
	"driver_version": "1.5.17.6",
	"state": "Showtime with TC-Layer sync",
	"up": true,
	"uptime": 3891,
	"atu_c": {
		"vendor_id": [
			181,
			0,
			66,
			68,
			67,
			77,
			178,
			26
		],
		"vendor": "Broadcom 178.26",
		"system_vendor_id": [
			181,
			0,
			66,
			68,
			67,
			77,
			0,
			0
		],
		"system_vendor": "Broadcom",
		"version": [
			49,
			57,
			46,
			48,
			46,
			51,
			53,
			46,
			50,
			32,
			86,
			69,
			95,
			49,
			49,
			95
		],
		"serial": [
			65,
			65,
			49,
			52,
			52,
			54,
			70,
			69,
			48,
			90,
			87,
			45,
			48,
			56,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0
		]
	},
	"power_state": "L0 - Synchronized",
	"xtse": [
		0,
		0,
		0,
		0,
		0,
		0,
		0,
		2
	],
	"annex": "B",
	"standard": "G.993.2",
	"profile": "17a",
	"mode": "G.993.2 (VDSL2, Profile 17a, with down- and upstream vectoring)",
	"upstream": {
		"vector": true,
		"trellis": true,
		"bitswap": true,
		"retx": true,
		"virtual_noise": false,
		"interleave_delay": 0,
		"data_rate": 31999000,
		"latn": 8.500000,
		"satn": 8.400000,
		"snr": 12.700000,
		"actps": -90.100000,
		"actatp": 13.400000,
		"attndr": 37180000
	},
	"downstream": {
		"vector": true,
		"trellis": true,
		"bitswap": true,
		"retx": true,
		"virtual_noise": false,
		"interleave_delay": 140,
		"data_rate": 89998000,
		"latn": 9.500000,
		"satn": 9.600000,
		"snr": 13.300000,
		"actps": -90.100000,
		"actatp": -1.600000,
		"attndr": 116315372
	},
	"errors": {
		"near": {
			"es": 1,
			"ses": 0,
			"loss": 3,
			"uas": 424,
			"lofs": 0,
			"fecs": 0,
			"hec": 0,
			"ibe": 0,
			"crc_p": 0,
			"crcp_p": 0,
			"cv_p": 0,
			"cvp_p": 0,
			"rx_corrupted": 27740,
			"rx_uncorrected_protected": 27010,
			"rx_retransmitted": 0,
			"rx_corrected": 730,
			"tx_retransmitted": 16222
		},
		"far": {
			"es": 242,
			"ses": 71,
			"loss": 0,
			"uas": 424,
			"lofs": 0,
			"fecs": 22687,
			"hec": 0,
			"ibe": 0,
			"crc_p": 0,
			"crcp_p": 0,
			"cv_p": 0,
			"cvp_p": 0,
			"rx_corrupted": 1383552,
			"rx_uncorrected_protected": 1220215,
			"rx_retransmitted": 0,
			"rx_corrected": 163337,
			"tx_retransmitted": 1574051
		}
	}
}

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Andre Heider
4ba6fad7f7 ltq-vdsl-app: shutdown upon sigterm
procd sends sigterm to stop daemons, hook it up.

This speeds up the shutdown sequence and gets rid of the following message:
daemon.info procd: Instance dsl_control::instance1 pid 15408 not stopped on SIGTERM, sending SIGKILL instead

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Kevin Darbyshire-Bryant
db00f312d3 dnsmasq: Bump to v2.84
dnsmasq v2.84rc2 has been promoted to release.

No functional difference between v2.83test3 and v2.84/v2.84rc2

Backport 2 patches to fix the version reporting

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-02-08 13:16:24 +00:00
Daniel Golle
aed95c4cb8 dnsmasq: switch to ubus-based hotplug call
Use new ubus-based hotplug call in dhcp-script.sh
As sysntpd now makes use of the new ubus-based hotplug calls, dnsmasq
no longer needs to ship ACL to cover ntpd-hotplug.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-08 00:57:14 +00:00
Daniel Golle
29a6a71d52 busybox: sysntpd: make use of new ubus hotplug.ntp object
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-08 00:57:14 +00:00
Daniel Golle
3010f16f44 procd: add hotplug-call dispatcher ubus objects
Add per-subsystem ubus objects exposing hotplug-call.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-08 00:57:14 +00:00
Ilya Lipnitskiy
3b65b0c13f acx-mac80211: replace dead URLs with OpenWrt CDN
erley.org no longer exists; attempting to connect to it during package
download results in lengthy timeouts. Use the new OpenWrt CDN alias to
download from reliable OpenWrt mirrors.

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-02-07 11:26:36 -10:00
Paul Spooren
8286f3a3d3 treewide: unify OpenWrt hosted source via @OPENWRT
Multiple sources are hosted on OpenWrts source server only. The source
URLs to point to the server vary based on different epochs in OpenWrts
history.

Replace all by @OPENWRT which is an "empty" mirror, therefore using the
fallback servers sources.cdn.openwrt.org and sources.openwrt.org.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-02-05 12:00:24 -10:00
Daniel Golle
381a458d58 selinux-policy: update to version 0.6
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-05 13:17:49 +00:00
Petr Štetiar
43ff6e641e hostapd: add forgotten patch for P2P vulnerability fix
Commit 7c8c4f1be6 ("hostapd: fix P2P group information processing
vulnerability") was missing the actual patch for the vulnerability.

Fixes: 7c8c4f1be6 ("hostapd: fix P2P group information processing vulnerability")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-02-04 09:11:50 +01:00
Daniel Golle
7c8c4f1be6 hostapd: fix P2P group information processing vulnerability
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners.
This issue was discovered by fuzz testing of wpa_supplicant by Google's
OSS-Fuzz.

https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-04 01:05:32 +00:00
Daniel Golle
c3959cd54f arm-trusted-firmware-mediatek: make use of trusted-firmware-a.mk
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-03 15:19:14 +00:00
Daniel Golle
84bc7d31e0 tfa-layerscape: don't build fiptool
tfa-fiptool is now provided by an extra package. Use that instead.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-03 15:19:14 +00:00
Daniel Golle
1f1d8d4f47 arm-trusted-firmware-tools: add package
Package ARM Trusted Firmware host tools separately.
(instead of building tfa-fiptool as part of tfa-layerscape)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-03 15:19:14 +00:00
Curtis Deptuck
abe348168b iptables: update to 1.8.7
ChangeLog:
https://netfilter.org/projects/iptables/files/changes-iptables-1.8.7.txt

Refresh patch:
None required

Signed-off-by: Curtis Deptuck <curtdept@me.com>
2021-02-02 21:06:45 +01:00
Daniel Golle
a3b55ae510 arm-trusted-firmware-mediatek: add ATF builds for MT7622
ATF bl2 comes in 4 variants for MT7622 depending on the boot media:
 * nor
 * snand
 * emmc
 * sdmmc

Additional binary headers needed for emmc and sdmmc are downloaded as
well and provided along with bl2*.bin and bl31.bin to allow building
images including ATF for MT7622.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-02 18:13:15 +00:00
Daniel Golle
740af59b9c procd: update to git HEAD
0aee1c3 hotplug.c: set nl_pid to zero
 d6dda31 procd: fix compiler warning
 92c8e8f jail: remove duplicate check for hook file permissions
 0a74c06 jail: only output BPF instr. table header if debugging
 fd18379 jail: cgroups: fix uninitialized variabl

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-02 13:29:36 +00:00
Felix Fietkau
84fa59b5a8 mac80211: fix station rate table updates on assoc
If the driver uses .sta_add, station entries are only uploaded after the sta
is in assoc state. Fix early station rate table updates by deferring them
until the sta has been uploaded

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-01 10:00:23 +01:00
David Bauer
8019c54d8a mac80211: fix incorrect parameter
he_mu_beamformer only accepts values of 0 and 1 according to the hostapd
documentation.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-01 00:48:37 +01:00
Marty Jones
1735026632 uboot-rockchip: fix RockPro64 boot from eMMC
With upstream commit f81f9f0ebac5 ("rockchip: rockpro64: initialize USB in
preboot") CONFIG_USE_PREBOOT was enabled on the RockPro64, which is causing
boot issues when a eMMC is used, as a workaround will temporarily disable
this option.

Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Improve patch description]
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-01 00:48:06 +01:00
David Bauer
0c499f6068 mac80211: convert UniFi Outdoor+ HSR support to OF
Enable support for the Ubiquiti UniFi Outdoor+ RF filter via
device-tree. The old way of using platform data is not required anymore,
as it was only used on the now removed ar71xx target.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-01 00:47:36 +01:00
Rosen Penev
cbedb5de75 util-linux: remove custom pkgconfig patch
Replace with sed as done elsewhere.

Fixes error with at least btrfs-progs:

Package '@LIBSELINUX@', required by 'mount', not found
Package '@LIBCRYPTSETUP@', required by 'mount', not foun

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-31 16:25:08 +01:00
Daniel Golle
f4d974d7f8 selinux-policy: update to git tag v0.5
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-31 14:02:19 +00:00
Hans Dedecker
1b484f1a12 odhcpd: update to latest git HEAD
8d8a8cd dhcpv6-ia: apply prefix_filter on dhcpv6

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-30 21:25:09 +01:00
Andre Heider
a04bffebba arm-trusted-firmware-mvebu: pass commit ids to a3700-utils/mv-ddr-marvell
The two required tools fail to identify their version when not compiling
from a git clone, patch that in and pass on the used commit hashes.

Upon boot it now prints "WTMI-devel-18.12.1-5598e150".

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-01-30 14:46:32 +01:00
Andre Heider
5fae94d987 arm-trusted-firmware-mvebu: bump espressobin boards to CPU_1000_DDR_800
The cpufreq issue has been identified and a fix is in the process of beeing
upstreamed [0].

Bump the boards to the default 1000MHz so they can run at that frequency
once the fix is merged. Until then the boards are stuck at 800MHz (just
claiming to run 1000Hz, which is a lie).

[0] https://lore.kernel.org/linux-arm-kernel/20210114124032.12765-1-pali@kernel.org/

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-01-30 14:46:32 +01:00
Andre Heider
8f3bd881c9 arm-trusted-firmware-mvebu: update to v2.4
Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-01-30 14:46:32 +01:00
Andre Heider
a9c20d56f1 uboot-mvebu: update to v2021.01
u-boot now detects emmc variants at runtime, we don't need to build
seperate binaries anymore.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-01-30 14:46:32 +01:00
Andre Heider
00bf2c0cbe arm-trusted-firmware-mvebu: don't build emmc variants
Starting with u-boot v2021.01 a single binary will be used for non-emmc
and emmc variants.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-01-30 14:46:32 +01:00
Geordan Neukum
e9d551fac1 strace: update package to v5.10
v5.10 has been released for strace. As such, let's go ahead bring in the
latest version of this package.

See here for the changelog:
    https://github.com/strace/strace/releases/tag/v5.10

Signed-off-by: Geordan Neukum <gneukum1@gmail.com>
2021-01-30 01:03:00 +01:00
Brian Norris
95b30f84d2 base-files: mount pstore if present
Pstore (persistent store) can be used to stash debug information (kernel
console, panics, ftrace) across reboots or crashes. If the filesystem is
present, mount it.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2021-01-29 22:26:36 +01:00
Michael Yartys
5b66c447f3 ath10k-ct: update to latest version
Changelog:
- ath10k-ct: Pull in some upstream patches.

Runtime-tested on ipq806x (Netgear R7800).

Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
2021-01-29 21:22:28 +01:00
Paul Menzel
ea1cdd1901 ca-certicficates: Update to version 20210119
Update the ca-certificates and ca-bundle package from version 20200601 to
version 2021019.

This version uses Python 3 for the build, fixing a build issue on systems,
where `/usr/bin/python3` is a wrapper script [1].

Debian change-log entry [2]:

>   [ Julien Cristau ]
>   * New maintainer (closes: #976406)
>   * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate
> authority
>     bundle to version 2.46.
>     The following certificate authorities were added (+):
>     + "certSIGN ROOT CA G2"
>     + "e-Szigno Root CA 2017"
>     + "Microsoft ECC Root Certificate Authority 2017"
>     + "Microsoft RSA Root Certificate Authority 2017"
>     + "NAVER Global Root Certification Authority"
>     + "Trustwave Global Certification Authority"
>     + "Trustwave Global ECC P256 Certification Authority"
>     + "Trustwave Global ECC P384 Certification Authority"
>     The following certificate authorities were removed (-):
>     - "EE Certification Centre Root CA"
>     - "GeoTrust Universal CA 2"
>     - "LuxTrust Global Root 2"
>     - "OISTE WISeKey Global Root GA CA"
>     - "Staat der Nederlanden Root CA - G2" (closes: #962079)
>     - "Taiwan GRCA"
>     - "Verisign Class 3 Public Primary Certification Authority - G3"
>
>   [ Michael Shuler ]
>   * mozilla/blacklist:
>     Revert Symantec CA blacklist (#911289). Closes: #962596
>     The following root certificates were added back (+):
>     + "GeoTrust Primary Certification Authority - G2"
>     + "VeriSign Universal Root Certification Authority"
>
>   [ Gianfranco Costamagna ]
>   * debian/{rules,control}:
>     Merge Ubuntu patch from Matthias Klose to use Python3 during build.
>     Closes: #942915

[1]: https://github.molgen.mpg.de/mariux64/mxtools/issues/148
[2]: https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20210119_changelog

Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
2021-01-29 21:20:40 +01:00
Adrian Schmutzler
396a35dd51 base-files: remove execute bit and shebang from functions.sh
/lib/functions.sh was executable for no obvious reason and its
execute property was even checked in package-ipkg.mk just to
source it afterwards.

Remove the execute bit and shebang as this is clearly a library.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
2021-01-29 14:30:32 +01:00
Adrian Schmutzler
331892f85f treewide: drop shebang from non-executable lib files
This drops the shebang from another bunch of files in various /lib
folders, as these are sourced and the shebang is useless.

Fix execute bit in one case, too.

This should cover almost all trivial cases now, i.e. where /lib is
actually used for library files.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-29 14:29:41 +01:00
Jiang Yongquan
799fca7602 sunxi: add support for linksprite pcDuino3 nano board
Specifications:

 - SoC: Allwinner A20 @ 1Ghz
 - DRAM: 1GiB DDR3 @ 408MHz (K4B4G1646Q-HYK0)
 - NAND: 4GB MLC NAND (H27UBG8T2BTR-BC)
 - Ethernet: 10/100/1000Mbps Ethernet (Realtek RTL8211E)

Flash instructions:

dd if=openwrt-sunxi-cortexa7-linksprite_pcduino3-nano-ext4-sdcard.img
of=/dev/sdX

Signed-off-by: Jiang Yongquan <woxwchc@foxmail.com>
[Remove CONFIG_REALTEK_PHY from sunxi/cortexa53 config]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-27 23:14:30 +01:00
Felix Fietkau
ddc75ff704 mt76: update to the latest version
65abbcd9f6fb mt76: usb: process URBs with status EPROTO properly
3199ef5fa35e mt76: mt7615: set mcu country code in mt7615_mcu_set_channel_domain()
5c86d5bb079b mt76: mt7915: Remove unneeded semicolon
3f546330b59d mt76: mt7915: support TxBF for DBDC
032ad7e02545 mt76: mt7615: unify init work
cc3f23d1e654 mt76: mt7915: bring up the WA event rx queue for band1
fa3d334a0e22 mt76: fix crash on tearing down ext phy
c4c9c402d14a mt76: mt7915: fix vif sta index for DBDC
eca2f0ec0d4c mt76: mt7915: fix command id for txbf action
c828124ef9a5 mt76: mt7915: add support for using a secondary PCIe link for gen1
dbaf0f4679f3 mt76: mt7915: make vif index per adapter instead of per band
fb3e5ce1eb00 mt76: move vif_mask back from mt76_phy to mt76_dev
be2bea66d6e3 mt76: mt7915: detect wrong nss eeprom parameter on dbdc cards
8dc5d4a0da7c Revert "mt76: mt7915: fix vif sta index for DBDC"
8c796a33781c mt76: mt7915: only set int1 when using the second hif
4eb5caaf6cc1 mt76: reduce q->lock hold time
0714890bf0fd mt76: mt7615: reduce VHT maximum MPDU length
2f85aa5cbc62 mt76: mt7915: avoid writes to MT_PCIE_RECOG_ID when not using gen1 devices
8696919d9aae mt76: dma: fix a possible memory leak in mt76_add_fragment()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-27 21:02:24 +01:00
Paul Spooren
2d72be766d base-files: bump Copyright to 2021
This commit is only added to keep the PKG_RELEASE correct after fixing
the $(COMMITCOUNT) logic in the previous commit.

This way the PKG_RELEASE stays the same while the compiled packages
content isn't changed.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-26 17:30:09 -10:00
Jeffrey Elms
ff2087d9a9 px5g-wolfssl: Fix certificate signature
Certificate signature algorithm was being set after call to
`wc_MakeCert`, resulting in a mismatch between specified signature in
certificate and the actual signature type.

Signed-off-by: Jeffrey Elms <jeff@wolfssl.com>
[fix commit subject, use COMMITCOUNT]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-26 16:59:53 -10:00
Paul Spooren
7b63d89b52 umdns: bump to 2021-01-26
* i78aa36b umdns: fix 64-bit time format string
* start using $(AUTORELEASE)
* Update Copyright

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-26 13:08:56 -10:00
Felix Fietkau
7ca75a2d01 mac80211: fix an uninitialized variable warning
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-26 20:00:03 +01:00
Felix Fietkau
56c20f0a5a mac80211: minstrel_ht: fix regression in the max_prob_rate fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-26 16:46:45 +01:00
Felix Fietkau
1fdbb8779a mac80211: remove accidentally duplicated line in minstrel_ht patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-26 16:46:45 +01:00
Tony Ambardar
23be333401 bpftools: update to 5.10.10
Use the latest stable kernel since the previous 5.8.x series is EOL.

Also drop the following patches recently accepted upstream:

  * 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
  * 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
  * 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
  * 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-01-25 14:37:41 +01:00
Felix Fietkau
37752336bd mac80211: add significant minstrel_ht performance improvements
Completely redesign the rate sampling approach

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-25 12:19:22 +01:00
Kevin Darbyshire-Bryant
297f82fc58 dnsmasq: Update to 2.84test3
dnsmasq v2.83 has a bug in handling duplicate queries which means it may
try to reply using the incorrect network socket.  This is especially
noticeable in dual stack environments where replies may be mis-directed to
IPv4 addresses on an IPv6 socket or IPv6 addresses on an IPv4 socket.

This results in system log spam such as:
dnsmasq[16020]: failed to send packet: Network unreachable
dnsmasq[16020]: failed to send packet: Address family not supported by protocol

dnsmasq v2.84test3 resolves these issues.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-01-24 15:56:39 +00:00
Michael Pratt
96017a6013 ath79: add support for Senao Engenius EAP1200H
FCC ID: A8J-EAP1200H

Engenius EAP1200H is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+

**Specification:**

  - QCA9557 SOC
  - QCA9882 WLAN	PCI card, 5 GHz, 2x2, 26dBm
  - AR8035-A PHY	RGMII GbE with PoE+ IN
  - 40 MHz clock
  - 16 MB FLASH		MX25L12845EMI-10G
  - 2x 64 MB RAM	NT5TU32M16FG
  - UART at J10		populated
  - 4 internal antenna plates (5 dbi, omni-directional)
  - 5 LEDs, 1 button (power, eth0, 2G, 5G, WPS) (reset)

**MAC addresses:**

  MAC addresses are labeled as ETH, 2.4G, and 5GHz
  Only one Vendor MAC address in flash

  eth0 ETH  *:a2 art 0x0
  phy1 2.4G *:a3 ---
  phy0 5GHz *:a4 ---

**Serial Access:**

  the RX line on the board for UART is shorted to ground by resistor R176
  therefore it must be removed to use the console
  but it is not necessary to remove to view boot log

  optionally, R175 can be replaced with a solder bridge short

  the resistors R175 and R176 are next to the UART RX pin at J10

**Installation:**

  2 ways to flash factory.bin from OEM:

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fd70000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

**Return to OEM:**

  If you have a serial cable, see Serial Failsafe instructions
  otherwise, uboot-env can be used to make uboot load the failsafe image

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will brick the device
  DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt

  ssh into openwrt and run
  `fw_setenv rootfs_checksum 0`
  reboot, wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

**TFTP recovery:**

  Requires serial console, reset button does nothing

  rename initramfs to 'vmlinux-art-ramdisk'
  make available on TFTP server at 192.168.1.101
  power board, interrupt boot
  execute tftpboot and bootm 0x81000000

  NOTE: TFTP is not reliable due to bugged bootloader
  set MTU to 600 and try many times

**Format of OEM firmware image:**

  The OEM software of EAP1200H is a heavily modified version
  of Openwrt Kamikaze. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-ar71xx-generic-eap1200h-uImage-lzma.bin
    openwrt-ar71xx-generic-eap1200h-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  Newer EnGenius software requires more checks but their script
  includes a way to skip them, otherwise the tar must include
  a text file with the version and md5sums in a deprecated format.

  The OEM upgrade script is at /etc/fwupgrade.sh.

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  The clock delay required for RGMII can be applied
  at the PHY side, using the at803x driver `phy-mode`.
  Therefore the PLL registers for GMAC0
  do not need the bits for delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2021-01-23 12:53:22 +01:00
Adrian Schmutzler
b2bab95116 maccalc: remove package
This is a helpful utility, but it does not have any dependencies
in this repository. Move it to packages feed.

The package does not seem to have a maintainer.

Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Nick Hainke <vincent@systemli.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-23 12:43:45 +01:00
Adrian Schmutzler
511d71e689 owipcalc: remove package
This is a helpful utility, but it does not have any dependencies
in this repository. Move it to packages feed.

Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Nick Hainke <vincent@systemli.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-23 12:43:29 +01:00
Paul Spooren
465eaa0e07 uboot-envtools: use $(AUTORELEASE) for PKG_RELEASE
Use `$(AUTORELEASE)` variable rather than setting a PKG_RELEASE
on every commit manually.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-22 19:03:53 -10:00
Paul Spooren
aa589c77b4 base-files: use $(COMMITCOUNT) in PKG_RELEASE
The newly added `$(COMMITCOUNT)` varialbe allows automatic versioning
based on the number of Git commits of a package. Replace *tedious to
bump* and *merge conflict causing* `PKG_RELEASE` and replace it with
`$(COMMITCOUNT)`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-22 19:03:53 -10:00
Florian Eckert
e779d30f32 iperf3: remove
This package is not needed in base. It will be imported in the packages
feed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-01-22 14:53:50 -10:00
Florian Eckert
ad54af2ae0 iperf: remove
This package is not needed in base. It will be imported in the packages
feed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-01-22 14:53:50 -10:00
Dmytro Oz
c2a7bb520a ramips: mt7621: add support for Xiaomi Mi Router 4
Xiaomi Mi Router 4 is the same as Xiaomi Mi Router 3G, except for
the RAM (256Mib→128Mib), LEDs and gpio (MiNet button).

Specifications:

Power: 12 VDC, 1 A
Connector type: barrel
CPU1: MediaTek MT7621A (880 MHz, 4 cores)
FLA1: 128 MiB (ESMT F59L1G81MA)
RAM1: 128 MiB (ESMT M15T1G1664A)
WI1 chip1: MediaTek MT7603EN
WI1 802dot11 protocols: bgn
WI1 MIMO config: 2x2:2
WI1 antenna connector: U.FL
WI2 chip1: MediaTek MT7612EN
WI2 802dot11 protocols: an+ac
WI2 MIMO config: 2x2:2
WI2 antenna connector: U.FL
ETH chip1: MediaTek MT7621A
Switch: MediaTek MT7621A

UART Serial
[o] TX
[o] GND
[o] RX
[ ] VCC - Do not connect it

MAC addresses as verified by OEM firmware:

use   address   source
LAN   *:c2      factory 0xe000 (label)
WAN   *:c3      factory 0xe006
2g    *:c4      factory 0x0000
5g    *:c5      factory 0x8000

Flashing instructions:

1.Create a simple http server (nginx etc)
2.set uart enable
To enable writing to the console, you must reset to factory settings
Then you see uboot boot, press the keyboard 4 button (enter uboot command line)
If it is not successful, repeat the above operation of restoring the factory settings.
After entering the uboot command line, type:

setenv uart_en 1
saveenv
boot

3.use shell in uart
cd /tmp
wget http://"your_computer_ip:80"/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin
wget http://"your_computer_ip:80"/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-rootfs0.bin
mtd write openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin kernel1
mtd write openwrt-ramips-mt7621-xiaomi_mir4-squashfs-rootfs0.bin rootfs0
nvram set flag_try_sys1_failed=1
nvram commit
reboot
4.login to the router http://192.168.1.1/

Installation via Software exploit
Find the instructions in the https://github.com/acecilia/OpenWRTInvasion

Signed-off-by: Dmytro Oz <sequentiality@gmail.com>
[commit message facelift, rebase onto shared DTSI/common device
definition, bump uboot-envtools]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-21 22:53:19 +01:00
Sven Eckelmann
0988e03f0e ath79: Add support for OpenMesh MR1750 v2
Device specifications:
======================

* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi (11n)
* 3T3R 5 GHz Wi-Fi (11ac)
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
  - AR8035 ethernet PHY (RGMII)
  - 10/100/1000 Mbps Ethernet
  - 802.3af POE
  - used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-19 21:41:26 +01:00
Sven Eckelmann
ae7680dc4b ath79: Add support for OpenMesh MR1750 v1
Device specifications:
======================

* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi (11n)
* 3T3R 5 GHz Wi-Fi (11ac)
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
  - AR8035 ethernet PHY (RGMII)
  - 10/100/1000 Mbps Ethernet
  - 802.3af POE
  - used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, apply shared DTSI/device node, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-19 21:41:26 +01:00
Sven Eckelmann
31172e53f9 ath79: Add support for OpenMesh MR900 v2
Device specifications:
======================

* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi
* 3T3R 5 GHz Wi-Fi
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
  - AR8035 ethernet PHY (RGMII)
  - 10/100/1000 Mbps Ethernet
  - 802.3af POE
  - used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-19 15:39:36 +01:00
Sven Eckelmann
e06c9eec5d ath79: Add support for OpenMesh MR900 v1
Device specifications:
======================

* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi
* 3T3R 5 GHz Wi-Fi
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
  - AR8035 ethernet PHY (RGMII)
  - 10/100/1000 Mbps Ethernet
  - 802.3af POE
  - used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-19 15:39:36 +01:00
Sven Eckelmann
d9a3af46d8 ath79: Add support for OpenMesh MR600 v2
Device specifications:
======================

* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi
* 2T2R 5 GHz Wi-Fi
* 8x GPIO-LEDs (6x wifi, 1x wps, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
  - AR8035 ethernet PHY (RGMII)
  - 10/100/1000 Mbps Ethernet
  - 802.3af POE
  - used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-19 15:39:36 +01:00
Sven Eckelmann
4b35999588 ath79: Add support for OpenMesh MR600 v1
Device specifications:
======================

* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi
* 2T2R 5 GHz Wi-Fi
* 4x GPIO-LEDs (2x wifi, 1x wps, 1x power)
* 1x GPIO-button (reset)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
  - AR8035 ethernet PHY (RGMII)
  - 10/100/1000 Mbps Ethernet
  - 802.3af POE
  - used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, make WLAN LEDs consistent, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-19 15:39:36 +01:00
Nick Hainke
0fda8049a7 owipcalc: remove clone in cidr_contains6
The "cidr_contains6" functions clones the given cidr. The contains4
does not clone the cidr. Both functions do not behave the same.

I see no reason to push the cidr. I think that we get only a negligible
performance gain, but it makes ipv4 and ipv6 equal again.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-01-19 15:39:36 +01:00
Hauke Mehrtens
e87c0d934c dnsmasq: Update to version 2.83
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
  Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
  overflow in sort_rrset() when DNSSEC is used. This can allow a remote
  attacker to write arbitrary data into target device's memory that can
  lead to memory corruption and other unexpected behaviors on the target
  device.
* CVE-2020-25682:
  Dnsmasq versions before 2.83 is susceptible to buffer overflow in
  extract_name() function due to missing length check, when DNSSEC is
  enabled. This can allow a remote attacker to cause memory corruption
  on the target device.
* CVE-2020-25683:
  Dnsmasq version before 2.83 is susceptible to a heap-based buffer
  overflow when DNSSEC is enabled. A remote attacker, who can create
  valid DNS replies, could use this flaw to cause an overflow in a heap-
  allocated memory. This flaw is caused by the lack of length checks in
  rtc1035.c:extract_name(), which could be abused to make the code
  execute memcpy() with a negative size in get_rdata() and cause a crash
  in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
  A lack of proper address/port check implemented in Dnsmasq version <
  2.83 reply_query function makes forging replies easier to an off-path
  attacker.
* CVE-2020-25685:
  A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
  versions before 2.83 reply_query function allows remote attackers to
  spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
  Multiple DNS query requests for the same resource name (RRNAME) by
  Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
  traffic, using a birthday attack (RFC 5452), that can lead to DNS
  cache poisoning.
* CVE-2020-25687:
  Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
  overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
  remote attacker, who can create valid DNS replies, could use this flaw
  to cause an overflow in a heap-allocated memory. This flaw is caused
  by the lack of length checks in rtc1035.c:extract_name(), which could
  be abused to make the code execute memcpy() with a negative size in
  sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
  Service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-19 13:01:03 +01:00
Hauke Mehrtens
20a7c9d5c9 uboot-at91: Add PKG_MIRROR_HASH to fix download
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-18 22:10:14 +01:00
Hauke Mehrtens
a141e7a00e at91bootstrap: Add PKG_MIRROR_HASH to fix download
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-18 22:10:03 +01:00
Rafał Miłecki
f559b89bd0 bcm63xx-cfe: enable package for bcm4908
bcm4908 target needs to include cferam images in firmware files too

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-01-18 07:39:09 +01:00
Rosen Penev
f13b623f5e mbedtls: update to 2.16.9
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-18 00:49:14 +01:00
Hans Dedecker
e857b09767 netifd: fix IPv6 routing loop on point-to-point links
c00c833 interface-ip: add unreachable route if address is offlink
e71909c interface-ip: coding style fixes

Tested-by: Karl Vogel <karl.vogel@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-17 21:22:39 +01:00
Hans Dedecker
4301541351 odhcp6c: fix routing loop on point-to-point links
53f07e9 ra: fix routing loop on point to point links
2b6959d ra: align ifindex resolving

Tested-by: Karl Vogel <karl.vogel@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-17 21:22:39 +01:00