Commit Graph

48932 Commits

Author SHA1 Message Date
Jo-Philipp Wich
7a29e24dbb build: dump effective user/group id mapping to file
This file can be subsequently used to resolve symbolic user or group names
to their numeric IDs when packing ipk archives.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-09-14 17:01:44 +02:00
Paul Spooren
51ec51871f build: add user/group ID resolve function
With the introduction of `./tmp/userids` the `ipkg-build` script can now
resolve values of "PKG_FILE_MODES", allowing users to set names rather
than numeric values.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-14 10:54:52 +01:00
Paul Spooren
34cc2c9a99 build: create tmp/userids file
Multiple packages contain a USERID variable defining required user and
group for the package to run. With the recent addition of
"PKG_FILE_MODES" it is possible to define user and group of specific
files, replacing (possibly insecure) post-inst scripts. These modes are
set during build time and put directly into the packages.

To allow user and group names rather than the numeric values, a mapping
like `/etc/passwd` is required by the `ipkg-build` script, mapping names
defined in "PKG_FILE_MODES" to a numeric value, as the build system does
not create any users during build.

This commit adds a single line to the `prepare-tmpinfo` target, so that
everytime the feeds are updated the *passwd like* content of
`./tmp/userids` is updated.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-14 10:54:52 +01:00
Birger Koblitz
df8e6be59a rtl838x: add new architecture
This adds support for the RTL838x Architecture.
SoCs of this type are used in managed and un-managed Switches and Routers
with 8-28 ports. Drivers are provided for SoC initialization, GPIOs, Flash,
Ethernet including a DSA switch driver and internal and external PHYs used
with these switches.

Supported SoCs:

	RTL8380M
	RTL8381M
	RTL8382M

The kernel will also boot on the following RTL839x SoCs, however driver
support apart from spi-nor is missing:

	RTL8390
	RTL8391
	RTL8393

The following PHYs are supported:

	RTL8214FC (Quad QSGMII multiplexing GMAC and SFP port)
	RTL8218B internal: internal PHY of the RTL838x chips
	RTL8318b external (QSGMII 8-port GMAC phy)
	RTL8382M SerDes for 2 SFP ports
	Initialization sequences for the PHYs are provided in the form of
	firmware files.

Flash driver supports 3 / 4 byte access

DSA switch driver supports VLANs, port isolation, STP and port mirroring.

The ALLNET ALL-SG8208M is supported as Proof of Concept:

	RTL8382M SoC
	1 MIPS 4KEc core @ 500MHz
	8 Internal PHYs (RTL8218B)
	128MB DRAM (Nanya NT5TU128MB)
	16MB NOR Flash (MXIC 25L128)
	8 GBEthernet ports with one green status LED each (SoC controlled)
	1 Power LED (not configurable)
	1 SYS LED (configurable)
	1 On-Off switch (not configurable)
	1 Reset button at the right behind right air-vent (not configurable)
	1 Reset button on front panel (configurable)
	12V 1A barrel connector
	1 serial header with populated standard pin connector and with markings
	  GND TX RX Vcc(3.3V), connection properties: 115200 8N1

To install, upload the sysupgrade image to the OEM webpage.

Signed-off-by: Birger Koblitz <git@birger-koblitz.de>
2020-09-14 07:54:30 +02:00
Birger Koblitz
7bb1bd469e kernel: add support for ALLNET devices in mtdsplit
Add support for uimage headers from ALLNET and provide support for the
SG8208M and SG8310PM devices' magic bytes.

Signed-off-by: Birger Koblitz <git@birger-koblitz.de>
2020-09-14 07:54:30 +02:00
Adrian Schmutzler
a9790dff53 cns3xxx: drop target
This target has not been updated to 5.4 yet, and the only person
trying it (Koen) decided to retreat based on the following reasons:

- The target is not DT-aware at all

- The huge amount of effort required

- The SoC itself reached EoL at Cavium for some time now

- Upstream removed some important parts as it's also slowly getting EoL
  over there

- The commercial product that used this will fade out shortly

- The amount of download for this binary suggest that the target is not
  that popular

Since nobody has picked up the work since then, and this is the last
remaining 4.19-only target, finally drop it now.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-14 00:19:27 +02:00
Klaus Kudielka
04d3b517dc uboot-envtools: mvebu: update uci defaults for Turris Omnia
On the Turris Omnia 2019, u-boot environment is located at 0xF0000, instead
of 0xC0000. The switch happened with u-boot-omnia package version 2019-04-2
(May 10, 2019).

Check the installed u-boot release, and set the default accordingly.

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
[bump PKG_RELEASE, use lower case for hex offset]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-13 13:56:47 +02:00
Chuanhong Guo
2188ef954e ramips: mt7621: pbr-m1: fix firmware size
This board is equipped with Winbond W25Q256FV 32M SPI-NOR.
Fix partition size for that.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-09-13 19:15:06 +08:00
Chuanhong Guo
8126521e11 ramips: mt7621: pbr-m1: increase SPI clock to 50MHz
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-09-13 18:53:25 +08:00
Chuanhong Guo
6f2c95f0cf ramips: mt7621: pbr-m1: add pcie reset for asm1061
this board has a pcie to sata bridge connected to pcie2 with a
separated pcie reset on gpio7.
add reset-gpios and corresponding pinctrl nodes into dts.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-09-13 18:49:26 +08:00
Felix Fietkau
f0cc5f6c0a ramips/mediatek: improve GRO performance, fix PPE packet parsing
Backport upstream changes to initialize GDM settings and reset PPE
Allow GMAC to recognize the special tag to fix PPE packet parsing
Improve GRO performance by passing PPE L4 hash as skb hash

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-13 11:14:32 +02:00
John Audia
17e64b9447 kernel: bump 5.4 to 5.4.65
All modifications made by update_kernel.sh/no manual intervention needed

Build-tested: x86_64
Run-tested: ipq806x (R7800)

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>
2020-09-12 23:39:25 +02:00
Hans Dedecker
96586ad8ca netifd: update to latest git HEAD
55a7b6b netifd: vxlan: add aging and maxaddress options
11223f5 netifd: vxlan: add most missing boolean options
226566b netifd: vxlan: refactor mapping of boolean attrs
a3c033e netifd: vxlan: handle srcport range

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-12 21:29:20 +02:00
Sander Vanheule
c9f51a9ad6 ath79: support for TP-Link EAP225-Wall v2
TP-Link EAP225-Wall v2 is an AC1200 (802.11ac Wave-2) wall plate access
point. UART access and debricking require fine soldering.

The device was kindly provided for porting by Stijn Segers.

Device specifications:
* SoC: QCA9561 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR (GD25Q127CSIG)
* Wireless 2.4GHz (SoC): b/g/n, 2x2
* Wireless 5Ghz (QCA9886): a/n/ac, 2x2 MU-MIMO
* Ethernet (SoC): 4× 100Mbps
  * Eth0 (back): 802.3af/at PoE in
  * Eth1, Eth2 (bottom)
  * Eth3 (bottom): PoE out (can be toggled by GPIO)
* One status LED
* Two buttons (both work as failsafe)
  * LED button, implemented as KEY_BRIGHTNESS_TOGGLE
  * Reset button

Flashing instructions, requires recent firmware (tested on 1.20.0):
* ssh into target device and run `cliclientd stopcs`
* Upgrade with factory image via web interface

Debricking:
* Serial port can be soldered on PCB J4 (1: TXD, 2: RXD, 3: GND, 4: VCC)
    * Bridge unpopulated resistors R162 (TXD) and R165 (RXD)
      Do NOT bridge R164
    * Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via sysupgrade or LuCI web interface

MAC addresses:
MAC address (as on device label) is stored in device info partition at
an offset of 8 bytes. ath9k device has same address as ethernet, ath10k
uses address incremented by 1.
From OEM ifconfig:
    br0       Link encap:Ethernet  HWaddr 50:...:04
    eth0      Link encap:Ethernet  HWaddr 50:...:04
    wifi0     Link encap:UNSPEC  HWaddr 50-...-04-...
    wifi1     Link encap:UNSPEC  HWaddr 50-...-05-...

Signed-off-by: Sander Vanheule <sander@svanheule.net>
[fix IMAGE_SIZE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-12 19:37:24 +02:00
Zhong Jianxin
53df30f02b ath79: add support for Mercury MW4530R v1
Mercury MW4530R is a TP-Link TL-WDR4310 clone.

Specification:

* SOC: Atheros AR9344 (560 MHz)
* RAM: 128 MiB
* Flash: 8192 KiB
* Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8327)
* Wireless:
  - 2.4 GHz b/g/n (internal)
  - 5 GHz a/n (AR9580)
* USB: yes, 1 x USB 2.0

Installation:

Flash factory image via OEM web interface.

Signed-off-by: Zhong Jianxin <azuwis@gmail.com>
2020-09-12 18:47:26 +02:00
John Audia
bee76f1bfa kernel: bump 5.4 to 5.4.64
Remove upstreamed patches:
 generic-backport
  701-v5.5-net-core-use-listified-Rx-for-GRO_NORMAL-in-napi_gro.patch

Manually merged:
 mediatek/patches-5.4
  0603-net-dsa-mt7530-Extend-device-data-ready-for-adding-a.patch

All other modifications made by update_kernel.sh

Build-tested: ipq806x, lantiq/xrx200, mvebu, x86/64
Run-tested: ipq806x (R7800), mvebu (mamba, rango),
  lantiq/xrx200 (Easybox 904 xDSL), x86/64

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>
[add community build/run tests to commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-12 01:28:50 +02:00
Adrian Schmutzler
c4110a524e ramips: create common DTSI for Sunvalley Filehub devices
HooToo HT-TM05 and RAVPower RP-WD03 have almost identical hardware
(except for RAM size) and are from the same vendor (SunValley).

Create a common DTSI file for them.

Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-12 01:25:10 +02:00
Adrian Schmutzler
b56b499948 ramips: fix baud rate for RAVPower RP-WD03
The baud rate for the RAVPower RP-WD03 is 57600, not 115200.

Since this is the default from mt7620n.dtsi, the chosen node can
simply be removed from the device DTS.

Fixes: 5ef79af4f8 ("ramips: add support for Ravpower WD03")

Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-12 01:24:43 +02:00
Adrian Schmutzler
3fc7860961 ramips: assign LEDs for RAVPower RP-WD03
According to the User Manual, there is a "Wi-Fi LED" with blue and
green colors, doing the following by default:

  Flashing Blue: System loading
  Solid Blue: System loaded
  Flashing Green: Connecting to the Internet
  Solid Green: Connected to the Internet

According to this vendor behavior, we keep refer to the LED as "wifi"
but implement the according default behavior as in OEM firmware.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-12 01:24:30 +02:00
Adrian Schmutzler
77825f3cfe ramips: fix MAC address assignment for RAVPower RP-WD03
MAC assignment based on vendor firmware:

  2.4 GHz    *:b4   (factory 0x04)
  LAN/label  *:b4   (factory 0x28)
  WAN        *:b5   (factory 0x2e)

The previously used location 0x4000 for ethernet is actually empty.

Therefore, fix the ethernet MAC address and set it as label-mac-address.

Fixes: 5ef79af4f8 ("ramips: add support for Ravpower WD03")

Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-12 01:24:02 +02:00
Adrian Schmutzler
07aa858a73 ramips: fix partitions and boot for RAVPower RP-WD03
The RAVPower RP-WD03 is a battery powered router, with an Ethernet and
USB port. Due due a limitation in the vendor supplied U-Boot bootloader,
we cannot exceed a 1.5 MB kernel size, as is the case with recent builds
(i.e. post v19.07). This breaks both factory and sysupgrade images.

To address this, use the lzma loader (loader-okli) to work around this
limitation.

The improvements here also address the "misplaced" U-Boot environment
partition, which is located between the kernel and rootfs in the stock
image / implementation. This is addressed by making use of mtd-concat,
maximizing space available in the booted image.
This will make sysupgrade from earlier versions impossible.

Changes are based on the recently supported HooToo HT-TM05, as the
hardware is almost identical (except for RAM size) and is from the same
vendor (SunValley). While at it, also change the SPI frequency
accordingly.

Installation:

 - Download the needed OpenWrt install files, place them in the root
   of a clean TFTP server running on your computer. Rename the files as,
   - openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-kernel.bin => kernel
   - openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-rootfs.bin => rootfs
 - Plug the router into your computer via Ethernet
 - Set your computer to use 10.10.10.254 as its IP address
 - With your router shut down, hold down the power button until the first
   white LED lights up.
 - Push and hold the reset button and release the power button. Continue
   holding the reset button for 30 seconds or until it begins searching
   for files on your TFTP server, whichever comes first.
 - The router (10.10.10.128) will look for your computer at 10.10.10.254
   and install the two files. Once it has finished installation, it will
   automatically reboot and start up OpenWrt.
 - Set your computer to use DHCP for its IP address

Notes:

 - U-Boot environment can be modified, u-boot-env is preserved on initial
   install or sysupgrade
 - mtd-concat functionality is included, to leave a "hole" for u-boot-env,
   combining the OEM kernel and rootfs partitions

Most of the changes in this commit are the work of Russell Morris (as
credited below), I only wrapped them up and added compat-version.
Thanks to @mpratt14 and @xabolcs for their help getting the lzma loader
to work!

Fixes: 5ef79af4f8 ("ramips: add support for Ravpower WD03")

Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-11 19:31:03 +02:00
Adrian Schmutzler
a4e5b8897a ramips: use proper name for RAVPower RP-WD03
The proper model name is RP-WD03 (i.e. with the RP- prefix).

Adjust all names to that.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-11 19:18:54 +02:00
Adrian Schmutzler
14024f6e0f kernel: use proper upstream inclusion version for patch
The patch is only included in kernel 5.5.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-11 18:40:44 +02:00
Adrian Schmutzler
4527f59428 ramips: move ravpower-wd009-factory recipe to mt76x8.mk
The recipe is only used for a single device, so put it in the
subtarget file.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-11 18:40:44 +02:00
David Bauer
2e6c236abd ipq40xx: essedma: enable VLAN tag offload for single-port
Enable the VLAN tag offloading mechanism for RGMII single-port devices.
This allows those devices to use 802.1Q VLANs on the ethernet port.

Previously, RX frames were double tagged, as the RX TAG removal flag was
not enabled and an additional 802.1Q header was inserted elsewhere in
the code.

On the TX side, tagging was completely not present for single-port
devices. Enable tagging if an 802.1Q frame should be transmitted and
disable the default tagging mechanism for single-port devices.

Tested on Aruba AP-303

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-11 17:37:11 +02:00
David Bauer
e289f18347 hostapd: add support for per-BSS airtime configuration
Add support for per-BSS airtime weight configuration. This allows to set
a airtime weight per BSS as well as a ratio limit based on the weight.

Support for this feature is only enabled in the full flavors of hostapd.

Consult the hostapd.conf documentation (Airtime policy configuration)
for more information on the inner workings of the exposed settings.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-11 17:35:48 +02:00
David Bauer
fe82ea049e scripts: download.pl: fix indentation
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-11 17:35:19 +02:00
David Bauer
e087bb5bd7 base-files: disable LEDs if default state is undefined
Set the default state for LEDs to off. When a trigger is set, the
trigger will turn the LED automatically on.

Currently LEDs might stay on, e.g. when the LED trigger is set to a
netdev trigger and the interface is never activated or the 'none'
trigger is selected without setting the 'default' option to 0 and it's
set for the LED indicating the system running state.

Using off as a default value is also consistent with the documentation
in the OpenWrt wiki.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-11 17:34:54 +02:00
Bob Cai
f1bc66c765 kernel: improve the description of fs-nfs-v4
TITLE is "NFS4 filesystem client support" (Line 428)
but the description is "Kernel module for NFS v4 support" (Line 438).

Use "Kernel module for NFS v4 client support" on line 438.

Signed-off-by: Bob Cai <1119283622@qq.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-10 18:52:15 +02:00
Sergey Ryazanov
788aa61e1b ath25: fix preinit Ethernet port configuration
vconfig is no more installed by default to a firmware image. So, replace
vconfig calls for VLAN subinterface configuration by coresponding
ip-link commands.

Also drop few useless comments from the preinit hook script, while we
are at it.

I have no chance to test this fix since I have no board with a subject
switch IC, but this is still better then call an utility that is
unavailable in the firmware for years.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
[use documented syntax for ip link add]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-10 18:52:15 +02:00
Jo-Philipp Wich
10dbdeccfa scripts: bundle-libraries.sh: retain preloaded libraries
Since the introduction of fakeroot support, wrapped SDK executables might
be invoked from a shell that has libfakeroot.so preloaded.

Since we're using preloading as well in order to mangle argv[0] when
invoking the shipped ELF interpreter directly, we must take care of
preloading the already preloaded libraries as well, to avoid invoked
programs losing their fakeroot capabilities.

Extend the bundle-libraries.sh script to take any existing $LD_PRELOAD
into account when invoking the target ELF executable with a preloaded
runas.so library.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-09-10 14:24:50 +02:00
Rafał Miłecki
8b8015031b rpcd: update to the latest master
rc: new ubus object for handling /etc/init.d/ scripts

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-10 13:35:05 +02:00
Daniel Golle
fb22f4ae3a rssileds: update maintainer email address
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-10 02:58:30 +01:00
Adrian Schmutzler
4d747f5495 kernel: add recently introduced CONFIG_MTD_SPLIT_ELF_FW
The config symbol was introduced in drivers, but not added to
generic kernel config files. This will halt build asking for the
value.

Fix it by adding the value (setting it to disabled).

Fixes: 3f7047db7a ("kernel: mtdsplit: support ELF loader splitting")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-09 22:09:19 +02:00
Jason A. Donenfeld
bf0881dc72 wireguard-tools: bump to 1.0.20200827
* ipc: split into separate files per-platform

This is in preparation for FreeBSD support, which I had hoped to have this
release, but we're still waiting on some tooling fixes, so hopefully next
wg(8) will support that. Either way, the code base is now a lot more amenable
to adding more kernel platform support.

* man: wg-quick: use syncconf instead of addconf for strip example

Simple documentation fix.

* pubkey: isblank is a subset of isspace
* ctype: use non-locale-specific ctype.h

In addition to ensuring that isalpha() and such isn't locale-specific, we also
make these constant time, even though we're never distinguishing between bits
of a secret using them. From that perspective, though, this is markedly better
than the locale-specific table lookups in glibc, even though base64 characters
span two cache lines and valid private keys must hit both. This may be useful
for other projects too: https://git.zx2c4.com/wireguard-tools/tree/src/ctype.h

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-09 20:47:19 +02:00
Sander Vanheule
9dd4ba3d7e ath79: add support for TP-Link EAP245-v3
TP-Link EAP245 v3 is an AC1750 (802.11ac Wave-2) ceiling mount access
point. UART access (for debricking) requires non-trivial soldering.

Specifications:
* SoC: QCA9563 (CPU/DDR/AHB @ 775/650/258 MHz)
* RAM: 128MiB
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n 3x3
* Wireless 5GHz (QCA9982): a/n/ac 3x3 with MU-MIMO
* Ethernet (QCA8337N switch): 2× 1GbE, ETH1 (802.3at PoE) and ETH2
* Green and amber status LEDs
* Reset switch (GPIO, available for failsafe)

Flashing instructions:
All recent firmware versions (latest is 2.20.0), can disable firmware
signature verification and use a padded firmware file to flash OpenWrt:
* ssh into target device and run `cliclientd stopcs`
* upload factory image via web interface

The stopcs-method is supported from firmware version 2.3.0. Earlier
versions need to be upgraded to a newer stock version before flashing
OpenWrt.

Factory images for these devices are RSA signed by TP-Link. While the
signature verification can be disabled, the factory image still needs to
have a (fake) 1024 bit signature added to pass file checks.

Debricking instructions:
You can recover using u-boot via the serial port:
* Serial port is available from J3 (1:TX, 2:RX, 3:GND, 4:3.3V)
* Bridge R237 to connect RX, located next to J3
* Bridge R225 to connect TX, located inside can on back-side of board
* Serial port is 115200 baud, 8n1, interrupt u-boot by holding ctrl+B
* Upload initramfs with tftp and upgrade via OpenWrt

Device mac addresses:
Stock firmware has the same mac address for 2.4GHz wireless and
ethernet, 5GHz is incremented by one. The base mac address is stored in
the 'default-mac' partition (offset 0x90000) at an offset of 8 bytes.
ART blobs contain no mac addresses.
From OEM ifconfig:
    ath0      Link encap:Ethernet  HWaddr 74:..:E2
    ath10     Link encap:Ethernet  HWaddr 74:..:E3
    br0       Link encap:Ethernet  HWaddr 74:..:E2
    eth0      Link encap:Ethernet  HWaddr 74:..:E2

Signed-off-by: Sander Vanheule <sander@svanheule.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-09-09 20:42:10 +03:00
Sander Vanheule
14464e1128 firmware-utils/tplink-safeloader: add compat level
TP-Link has introduced a compatibility level to prevent certain
downgrades. This information is stored in the soft-version partition,
changing the data length from 0xc to 0x10.

The compatibility level doesn't change frequently. For example, it has
the following values for the EAP245v3 (released 2018-Q4):
* FW v2.2.0  (2019-05-30): compat_level=0
* FW v2.3.0  (2019-07-31): compat_level=0
* FW v2.3.1  (2019-10-29): compat_level=1
* FW v2.20.0 (2020-04-23): compat_level=1

Empty flash values (0xffffffff) are interpreted as compat_level=0.
If a firmware upgrade file has a soft-version block without
compatibility level (data length < 0x10), this is also interpreted as
compat_level=0.

By including a high enough compatibility level in factory images, stock
firmware can be convinced to accept the image. A compatibility level
aware firmware will keep the original value.

Example upgrade log of TP-Link EAP245v3 FWv2.3.0 to FWv2.20.0:
    [NM_Debug](nm_fwup_verifyFwupFile) 02073: curSoftVer:2.3.0 Build
        20190731 Rel. 51932,newSoftVer:2.20.0 Build 20200423 Rel. 36779
    ...
    AddiHardwareVer check: NEW(0x1) >= CUR(0x0), Success.
    ...
    [NM_NOTICE](updateDataToNvram) 00575: Restore old additionalHardVer:
    0x0.(new 0x1)
    [NM_NOTICE](updateDataToNvram) 00607: PTN 07: name = soft-version,
        base = 0x00092000, size = 0x00000100 Bytes, upDataType = 1,
        upDataStart = 7690604b, upDataLen = 00000018
    [NM_Debug](updateDataToNvram) 00738: PTN 07: write bytes = 000002eb

Other firmware upgrades have been observed to modify the compabitility
stored level (e.g. TP-Link EAP225-Outdoor FWv1.4.1 to FWv1.7.0).
Therefore, it seems to be the safest option to set the OpenWrt
compatibility level to the highest known value instead of the highest
possible value (0xfffffffe), to ensure users do not get unexpectedly
refused firmware upgrades when using a device reverted back to stock.

To remain compatible with existing devices and not produce different
images, the image builder doesn't store a compatibility level if it is
zero.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-09-09 20:41:50 +03:00
Sander Vanheule
6985a26e59 firmware-utils/tplink-safeloader: soft-version magic is data length
The soft-version partition actually contains a header and trailing data:
* header: {data length, [zero]}
* data: {version, bcd encoded date, revision}

The data length is currently treated as a magic number, but should
contain the length of the partition data.

This header is also present the following partitions (non-exhaustive):
* string-based soft-version
* support-list

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-09-09 20:41:50 +03:00
Sander Vanheule
b71668f96a ath79: enable elf mtd splitter
Enabled the ELF firmware partition splitter 4.19 and 5.4 in preparation
for the TP-Link EAP245v3 device support.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-09-09 20:41:50 +03:00
Sander Vanheule
3f7047db7a kernel: mtdsplit: support ELF loader splitting
To parse the ELF kernel loader, a small ELF parser is used that can
handle both ELF32 or ELF64 class loaders. The splitter assumes that the
kernel is always located before the rootfs, whether it is embedded in
the loader or not. If the kernel is located after the rootfs on the
firmware partition, then the rootfs splitter will include it in the
dynamically created rootfs_data partition and the kernel will be
corrupted.

The kernel image is preferably embedded inside the ELF loader, so the
end of the loader equals the end of the kernel partition. This is due to
the way mtd_find_rootfs_from searches for the the rootfs:
- if the kernel image is embedded in the loader, the appended rootfs may
  follow the loader immediately, within the same erase block.
- if the kernel image is not embedded in the loader, but placed at some
  offset behind the loader (OKLI-style loader), the rootfs must be
  aligned to an erase-block after the loader and kernel image.

In case section header table is empty, determine the elf loader size by
finding the end of the last segment, as defined by the program header
table.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-09-09 20:41:50 +03:00
Sebastian Kemper
f58d323534 build: allow file modes per binary package
Currently the global variable PKG_FILE_MODES is used for all ipkg
creations. This works for Makefiles which output a single package, or
variants of a single package.

But if a Makefile outputs multiple packages that each contain different
files, setting PKG_FILE_MODES causes build failure when any of the files
in the variable do not exist in the folder that is currently being
packaged.

Example:

/openwrt/staging_dir/host/bin/fakeroot -l /openwrt/staging_dir/host/lib/libfakeroot.so -f /openwrt/staging_dir/host/bin/faked /openwrt/scripts/ipkg-build -m "/usr/lib/mariadb/plugin/auth_pam_tool_dir:root:376:0750" /openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks /openwrt/bin/packages/mips_24kc/packages
+chown: cannot access '/openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks//usr/lib/mariadb/plugin/auth_pam_tool_dir': No such file or directory

This commit changes the file mode handling a bit. The file mode can now
be set either globally via PKG_FILE_MODES (no behavior change) or on a
per-package basis via FILE_MODES. This way specific file modes can be
used for any particular package.

This behavior is already used for other OpenWrt variables, hence it is
familiar:

PKG_MAINTAINER vs MAINTAINER
PKG_SOURCE_SUBDIR vs SUBDIR
PKG_LICENSE vs LICENSE
...

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2020-09-09 14:13:59 +01:00
Adrian Schmutzler
2dda301d40 ramips: disable default build for Ravpower RP-WD03
This device has a 1.5M kernel size limit during boot and is
unbootable since February 2019 [1].

[1] https://forum.openwrt.org/t/ravpower-wd03-does-not-start-with-openwrt-master/49792

Reported-by: Szabolcs Hubai <szab.hu@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-09 14:12:14 +02:00
Martin Schiller
d6235f48f8 openvpn: fix shell compare operator in openvpn.init
Don't use bash syntax, because /bin/sh is used here.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-09 14:02:21 +02:00
Jo-Philipp Wich
6485f521c9 tools: fakeroot: use TCP as IPC transport
Some environments, e.g. first gen WSL, do not support SysV IPC.
Enforce the use of TCP transport instead which should be universally
available.

Fixes: FS#3317
Ref: https://github.com/microsoft/WSL/issues/4067
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-09-09 13:33:50 +02:00
Felix Fietkau
668c988fc5 mediatek/ramips: remove an ethernet optimization patch that was reported to cause a regression
In some tests, crashes were observed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-09 11:51:47 +02:00
Felix Fietkau
d717343c85 mac80211: update encap offload patches to the latest version
Minor cleanup and code reorganization, along with a change to not disable
offload anymore when a tkip or sw crypto key is added

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-09 11:51:47 +02:00
Felix Fietkau
c18a872825 mediatek: backport the latest version of the mt7531 support patches
Fixes unknown unicast flooding issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-09 11:51:47 +02:00
Jason A. Donenfeld
d8104c8353 wireguard: bump to 1.0.20200908
* compat: backport kfree_sensitive and switch to it
* netlink: consistently use NLA_POLICY_EXACT_LEN()
* netlink: consistently use NLA_POLICY_MIN_LEN()
* compat: backport NLA policy macros

Backports from upstream changes.

* peerlookup: take lock before checking hash in replace operation

A fix for a race condition caught by syzkaller.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-09 07:54:20 +02:00
Daniel Golle
be9694aaa2 hostapd: add UCI support for Hotspot 2.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-08 20:04:14 +01:00
Daniel Golle
7ed34f65d0 netifd: update to git HEAD
3d9bd73 utils: fix check_pid_path to work with deleted file as well
 330f403 vlan: initialize device ifname earlier at creation time
 c057e71 device: do not check state from within device_init
 cb0c07b system-dummy: fix resolving ifindex
 ccd9ddc bridge: add support for turning on vlan_filtering
 82bcb64 bridge: add support for adding vlans to a bridge
 0e8cea0 bridge: add support for VLAN filtering
 6086b63 config: enable bridge vlan filtering by default for bridges that define VLANs
 ac0710b device: look up full device name before traversing vlan chain
 e32e21e bridge: flush vlan list on bridge free
 645ceed interface-ip: clear host bits of the device prefix
 d7b614a netifd-wireless: parse 'osen' encryption

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-08 20:04:14 +01:00