glibc 2.31 does not provide stime() any more, backport a fix from
current busybox master to avoid using this function.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Seems stable after 6 days of testing on some of my devices.
Let's switch to 5.4 in order to get more feedback.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.
Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
mt7621 overrides KERNEL_DTB to limit dictionary size, which isn't needed
for our lzma loader.
This saves 15KB on mt7621 devices using uimage-lzma-loader.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This commit increases the hardware SPI frequency from 24.2MHz to 48.3MHz.
[ 5.314163] m25p80 spi0.0: speed: 24166666/40000000, rate: 8, prescal: 2, loops: 226
[ 5.076323] m25p80 spi0.0: speed: 48333333/50000000, rate: 4, prescal: 1, loops: 162
`time cat /dev/mtd2 >/dev/null` is reduced from 5.64s to 4.36s on A104ns,
and from 11.39s to 8.81s on A1004ns.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
With v5.4 kernel a new gpio driver is used.
GPIO numbering has changed so update 03_gpio_switches too.
Signed-off-by: René van Dorst <opensource@vdorst.com>
With v5.4 kernel a new gpio driver is used.
GPIO numbering has changed so update 03_gpio_switches too.
Signed-off-by: René van Dorst <opensource@vdorst.com>
These stock partitons: "backup", "hw_panic", "overly", firmware_backup", "opt"
do not contain any device-specific data and can be used for /overlay, resulting in
121M space
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Increase kernel partition because 2M is insufficient for 5.4
Because the partition changes, previous version of OpenWrt cannot upgrade
to this version, and requires a new installation
Recovery to stock instruction:
1. Download stock firmware at
http://ur.ikcd.net/HC5962-sysupgrade-20171221-b00a04d1.bin
2. Power off the router
3. Press and hold the reset button for 4~6 sec while power it back on
4. Connect a PC to router's LAN
5. Visit http://192.168.2.1 and upload the firmware
Then repeat the instruction in edae3479e6 to install OpenWrt
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
There are 2 different chips (w25q256fv and w25q256jv) that share
the same JEDEC ID. Only w25q256jv fully supports 4-byte opcodes.
Use SFDP header version to differentiate between them.
Fixes broken reboot on 8devices Habanero since f0f35fdac
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters
Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Some FullMAC cfg80211 wireless devices do not support virtual
interfaces, hence there is script logic to keep the existing network
device. Improve this to support renaming the interface if needed and
make sure the existing interface actually belongs to the right phy.
Change calls to 'iw' to avoid outputing warnings and errors to not
confuse users of such devices.
Also bump PKG_RELEASE which has been forgotten in the previous two
mac80211 changes.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Refreshed all patches, run tested on apalis.
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.
This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.
Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.
Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
This commit adds support for the AVM Fritz!WLAN Repeater 1750E
SOC: Qualcomm QCA9556 (Scorpion) 720MHz MIPS74Kc
RAM: 64MB Zentel A3R12E40CBF DDR2
FLASH: 16MiB Winbond W25Q128 SPI NOR
WLAN1: QCA9556 2.4 GHz 802.11b/g/n 3x3
WLAN2: QCA9880 5 GHz 802.11 n/ac 3x3
INPUT: WPS button
LED: Power, WiFi, LAN, RSSI indicator
Serial: Header Next to Black metal shield
Pinout is 3.3V - RX - TX - GND (Square Pad is 3.3V)
The Serial setting is 115200-8-N-1.
Tested and working:
- Ethernet
- 2.4 GHz WiFi (correct MAC)
- 5 GHz WiFi (correct MAC)
- Installation via EVA bootloader
- OpenWRT sysupgrade
- Buttons
- LEDs
Installation via EVA:
In the first seconds after Power is connected, the bootloader will
listen for FTP connections on 192.168.178.1. Firmware can be uploaded
like following:
ftp> quote USER adam2
ftp> quote PASS adam2
ftp> binary
ftp> debug
ftp> passive
ftp> quote MEDIA FLSH
ftp> put openwrt-sysupgrade.bin mtd1
Note that this procedure might take up to two minutes.
You need to powercycle the Device afterwards to boot OpenWRT.
Signed-off-by: David Bauer <mail@david-bauer.net>
The QCA9550 family of SoCs have a slightly different reset
sequence compared to older chips.
Normally the bootloader performs this sequence, however
some bootloader implementation expect the operating system
to clear the reset. Also get the PCIe resets from OF to
support the second RC of the QCA9558.
This is required for the AVM FRITZ!WLAN Repeater 1750E to work,
as EVA leaves the PCIe bus in reset.
Tested: AVM FRITZ!WLAN Repeater 1750E - OCEDO Koala
Signed-off-by: David Bauer <mail@david-bauer.net>
Instead of using the actual interface name, a hard-coded 'wlan0' has
slipped into the script. Replace it.
Fixes: ccf2aa9d4b ("mac80211: detect existing interface before adding")
Reported-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The previous spi-max-frequency value did not work with all the CPU speed
settings (configurable with rbcfg or from the stock firmware); the new
one does for the three of them.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Improve the status LED functionality in GL-AR750
by adding the definitions for different statuses
(boot, failsafe, running, flashing).
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This adds the board name from ar71xx to support upgrade without
-F for the TP-Link TL-WA901ND v2.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
ubnt er-x/xiaomi/netgear sercomm devices are known to have troble
extracting a big kernel from flash and has support for uncompressed
uimage
This commit uses uncompressed uimage with lzma-loader for these devices
to fix boot issue.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Now that the x86 target uses the new image generation code we can also
attach metadata to the created images.
As currently the `SUPPORTED_DEVICES` list is empty, no JSON metadata is
attached, however the signing happens in the same step.
This results in signature verification for x86 images.
Signed-off-by: Paul Spooren <mail@aparcar.org>
OpenWrt now has a CDN for sources at sources.cdn.openwrt.org which
mirrors sources.openwrt.org.
Downloading sources outside Europe or US (mainland) could
result in low throughput, extremely slowing down the first compilation of
the build system.
This patch adds sources.cdn.openwrt.org as the first mirror to offer
worldwide fast download speeds by default. If the CDN goes down for
whatever reason, the script jumps to the next available mirror and
downloads requested files as before (in regional varying speed).
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The JSON `WORK_DIR` ($(KDIR)/json_info_files) is only created if the new
image generation methods from `image.mk` are used. However some targets
like `armvirt` do not use it yet, so the folder is never created.
The `json_overview_image_info.py` script used to raise an error if the
given `WORK_DIR` isn't a folder, however it should just notify about
missing JSON files.
This patch removes the Python assert and exists with code 0 even if no
JSON files were found, as this is not necessarily an error but simply
not yet implemented. Using `glob` on an not existing `Path` results in
an empty list, therefore the for loop won't run.
Signed-off-by: Paul Spooren <mail@aparcar.org>
CC: Petr Štetiar <ynezz@true.cz>
From kernel 4.20 msm-gpio driver is broken and cause the
malfunction of the buttons on every ipq806x target.
Add a patch to fix this.
Tested-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
32c717e jail: only mess with rootfs if CLONE_NEWNS was set
b275a62 instance: harmonize instance API
511fd97 jail: make /proc more secure
4953b7c jail: mount /sys read-only
a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
a4cc165 jail: always mount /dev as additional tmpfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This applies further fixes to the DTS of ZyXEL NBG6716 based on
what is found in ar71xx (mach-nbg6716.c):
- use WiFi label names as in ar71xx
- fix WPS gpio number
- fix GPIO_ACTIVE_HIGH and mode for WiFi switch
- add codes for USB eject buttons
- fix node name for "internet" LED
This device has separate LEDs for WAN and "Internet". As the WAN-LED
(and the four LAN-LEDs) are driven independent of the setup in
DT/01_leds, the "internet" LED is left unassigned (in contrast to
ar71xx, where it was set up effectively as a second WAN LED)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This reverts commit 1b973b54ea.
It turns out act_police is included in the kmod-sched package so this
package turns out to be superfluous and causes file provision conflicts.
Ooooops! Best revert it then.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Some devices have bootloaders with broken lzma code resulting in failed
decompression or corrupted kernel code.
This image recipe allows to sacrifice 5KB for OpenWrt LZMA loader and
take over the task of decompress kernel.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Loader platform is a per-soc variable instead of a per-device one.
Determine corresponding loader platform at the beginning of image
Makefile.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Enables spi-mem interface usage. It speeds up flash read
in about 3x while it also workaround a possible hardware
bug when normal spi read is used.
Fixes: FS#2742
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Reimplements read optimization on top of spi-mem. Similar to
what 461-spi-ath79-add-fast-flash-read.patch used to do with
the dropped flash read interface.
It accelerate only fast-read op reading flash directly from
memory mapped region. 'm25p,fast-read' must be set in order
to use the new spi-mem.
It improved read speed up to 3x on old devices (tplink,tl-wr2543-v1)
while no speed improvement was noticed on newer devices like
(tplink,archer-c7-v2).
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
The previous commit introduced a regression for netns jails without
jail_ifname set. Fix that.
Fixes: 4e4f7c6d2d ("netifd: network namespace jail improvements")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
aaaca2e interface: allocate and free memory for jail name
d93126d interface: allow renaming interface when moving to jail netns
Signed-off-by: Daniel Golle <daniel@makrotopia.org>