Commit Graph

18507 Commits

Author SHA1 Message Date
Hans Dedecker
bc99b56d7e odhcpd: update to latest git HEAD
b75bcad dhcpv6-ia: remove assignment equal to 0 checks
d1ae052 dhcpv6-ia: fix logic to include IA_PD prefix with lifetimes set to 0
9d5e379 dhcpv6-ia: fix prefix delegation behavior

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-24 17:23:41 +01:00
Daniel Golle
8348896357 opkg: update to git HEAD
9bbc7ea pkg_hash: pkg_hash_check_unresolved: fix segfault

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-24 11:12:57 +00:00
Dobroslaw Kijowski
1a9b896d8b treewide: nuke DRIVER_11W_SUPPORT
As of hostapd upstream commit 7d2ed8ba "Remove CONFIG_IEEE80211W build parameter"
https://w1.fi/cgit/hostap/commit?id=7d2ed8bae86a31dd2df45c24b3f7281d55315482
802.11w feature is always enabled in the build time.

It doesn't make sense to opt-in 802.11w per driver as hostapd will always
be compiled with this feature enabled.

As suggested by Hauke Mehrtens, for now keep 11w enabled in build_features.h
for compatibility reasons. This option will be dropped when LuCI is adjusted.

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
2020-12-23 16:36:08 +01:00
Felix Fietkau
3d8d2c3a80 netifd: update to the latest version
88c6003e2b4f netifd: fix a typo in vlandev hotplug support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-23 11:22:23 +01:00
Piotr Dymacz
8c28da9724 base-files: drop banner.failsafe if failsafe is disabled
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-12-22 21:27:25 +01:00
Stefan Schake
d3c8881194 ipq40xx: add support for devolo Magic 2 WiFi next
SOC:     IPQ4018 / QCA Dakota
CPU:     Quad-Core ARMv7 Processor rev 5 (v71) Cortex-A7
DRAM:    256 MiB
NOR:     32 MiB
ETH:     Qualcomm Atheros QCA8075 (2 ports)
PLC:     MaxLinear G.hn 88LX5152
WLAN1:   Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:   Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:   RESET, WiFi, PLC Button
LEDS:    red/white home, white WiFi

To modify a retail device to run OpenWRT firmware:
1) Setup a TFTP server on IP address 192.168.0.100 and copy the OpenWRT
   initramfs (initramfs-fit-uImage.itb) to the TFTP root as 'uploadfile'.
2) Power on the device while pressing the recessed reset button next to
   the Ethernet ports. This causes the bootloader to retrieve and start
   the initramfs.
3) Once the initramfs is booted, the device will come up with IP
   192.168.1.1. You can then connect through SSH (allow some time for
   the first connection).
4) On the device shell, run 'fw_printenv' to show the U-boot environment.
   Backup this information since it contains device unique factory data.
5) Change the boot command to support booting OpenWRT:
   # fw_setenv bootcmd 'sf probe && sf read 0x84000000 0x180000 0x400000 && bootm'
6) Change directory to /tmp, download the sysupgrade (e.g. through wget)
   and install it with sysupgrade. The device will reboot into OpenWRT.

Notice that there is currently no support for booting the G.hn chip.
This requires userland software we lack the rights to share right now.

Signed-off-by: Stefan Schake <stefan.schake@devolo.de>
2020-12-22 20:55:40 +01:00
John Crispin
ceb612e463 hostapd: pass respawn settings when registering the service
When hostapd gets restarted to often/quickly will cause procd to not restart it
anymore. it will think that hapd is in a crash loop.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [adjust respawn time]
2020-12-22 19:30:26 +01:00
Kip Porterfield
6ffe8a473e kirkwood: add support for Seagate BlackArmor NAS220
The Seagate BlackArmor NAS220 is a consumer NAS
with two internal drive bays. The stock OS runs
RAID 1 over the disks via mdadm.

Device specification:
- SoC: Marvell 88F6192 800 MHz
- RAM: 128 MB
- Flash: 32 MB
- 2 x internal SATA II drives
- Ethernet: 10/100/1000 Mbps (single port, no switch)
- WLAN: None
- LED: Power, Status, Sata Activity
- Key: Power, Reset
- Serial: 10 pin header, (115200,8,N,1), 3.3V TTL
	9|x  -   x|10
	7|x  -   x|8
	5|x  - GND|6
	3|x  -  RX|4
	1|TX -   x|2
	front of case
- USB ports: 2 x USB 2.0

Flash instruction:

NOTE: this process uses a serial connection. It will upgrade the
bootloader and reset the bootloader environment variables

TFTP server setup
- Setup PC with TFTP server set the PC IP to 10.4.50.5 as TFTP server
- Copy these files to TFTP server location
    - u-boot.kwb
    - seagate_blackarmor-nas220-initramfs-uImage
    - seagate_blackarmor-nas220-squashfs-sysupgrade.bin
    - seagate_blackarmor-nas220-squashfs-factory.bin

Seagate NAS setup
- Connect LAN cable between PC and seagate device
- Connect to serial to seagate device

Install u-boot
- Boot seagate device and stop in bootloader by pressing any key
- run 'printenv' from u-boot and save the values
- tftpboot 0x2000000 u-boot.kwb
- nand erase.part uboot
- nand write 0x2000000 0x0 ${filesize}
- reset

Update MAC address in u-boot env
- Stop in u-boot by pressing any key
- Get your MAC address from your saved printenv. Is also on chassis
- setenv ethaddr <your MAC>
- saveenv

Option 1 (recommended) - Install OpenWrt via initramfs and sysupgrade
- tftpboot 0x2000000 seagate_blackarmor-nas220-initramfs-uImage
- bootm 0x2000000
- *OpenWrt should be running now, however it is not written to flash yet*
- From the running instance of OpenWrt use Luci's "flash image" feature
    from the web site or use sysupgrade from the console to write
    seagate_blackarmor-nas220-squashfs-sysupgrade.bin to flash

Option 2 - Install OpenWrt by flashing factory image from u-boot
- nand erase.part ubi
- tftpboot 0x2000000 seagate_blackarmor-nas220-squashfs-factory.bin
- nand write 0x2000000 ubi ${filesize}
- reset

Signed-off-by: Kip Porterfield <kip.porterfield@gmail.com>
2020-12-22 19:11:50 +01:00
Michael Pratt
fe2f53f21c ath79: add support for Senao Engenius EnStationAC v1
FCC ID: A8J-ENSTAC

Engenius EnStationAC v1 is an outdoor wireless access point/bridge with
2 gigabit ethernet ports on 2 external ethernet switches,
5 GHz only wireless, internal antenna plates, and proprietery PoE.

Specification:

  - QCA9557 SOC
  - QCA9882 WLAN		(PCI card, 5 GHz, 2x2, 26dBm)
  - AR8035-A switch		(RGMII GbE with PoE+ IN)
  - AR8031 switch		(SGMII GbE with PoE OUT)
  - 40 MHz reference clock
  - 16 MB FLASH			MX25L12845EMI-10G
  - 2x 64 MB RAM		NT5TU32M16FG
  - UART at J10			(unpopulated)
  - internal antenna plates	(19 dbi, directional)
  - 7 LEDs, 1 button		(power, eth, wlan, RSSI) (reset)

MAC addresses:

  MAC addresses are labeled as ETH and 5GHz
  Vendor MAC addresses in flash are duplicate

  eth0	ETH	*:d3	art 0x0/0x6
  eth1	----	*:d4	---
  phy0	5GHz	*:d5	---

Installation:

  2 ways to flash factory.bin from OEM:

  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    Navigate to "Firmware" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fd70000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions
  otherwise, uboot-env can be used to make uboot load the failsafe image

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt

  ssh into openwrt and run
  `fw_setenv rootfs_checksum 0`
  reboot, wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

TFTP recovery:

  rename initramfs to 'vmlinux-art-ramdisk'
  make available on TFTP server at 192.168.1.101
  power board
  hold or press reset button repeatedly

  NOTE: for some Engenius boards TFTP is not reliable
  try setting MTU to 600 and try many times

Format of OEM firmware image:

  The OEM software of EnStationAC is a heavily modified version
  of Openwrt Altitude Adjustment 12.09. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-ar71xx-enstationac-uImage-lzma.bin
    openwrt-ar71xx-enstationac-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  Newer EnGenius software requires more checks but their script
  includes a way to skip them, otherwise the tar must include
  a text file with the version and md5sums in a deprecated format.

  The OEM upgrade script is at /etc/fwupgrade.sh.

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8033 switch between
  the SOC and the ethernet PHY chips.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  For eth0 at 1000 speed, the value returned was
  ae000000 but that didn't work, so following
  the logical pattern from the rest of the values,
  the guessed value of a3000000 works better.

  later discovered that delay can be placed on the PHY end only
  with phy-mode as 'rgmii-id' and set register to 0x82...

Tested from master, all link speeds functional

Signed-off-by: Michael Pratt <mcpratt@pm.me>
[fixed SoB to match From:]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-22 19:11:50 +01:00
Marek Lindner
4871fd2616 ipq40xx: add support for Plasma Cloud PA2200
Device specifications:

* QCA IPQ4019
* 256 MB of RAM
* 32 MB of SPI NOR flash (w25q256)
  - 2x 15 MB available; but one of the 15 MB regions is the recovery image
* 2T2R 2.4 GHz
  - QCA4019 hw1.0 (SoC)
  - requires special BDF in QCA4019/hw1.0/board-2.bin with
    bus=ahb,bmi-chip-id=0,bmi-board-id=20,variant=PlasmaCloud-PA2200
* 2T2R 5 GHz (channel 36-64)
  - QCA9888 hw2.0 (PCI)
  - requires special BDF in QCA9888/hw2.0/board-2.bin
    bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=PlasmaCloud-PA2200
* 2T2R 5 GHz (channel 100-165)
  - QCA4019 hw1.0 (SoC)
  - requires special BDF in QCA4019/hw1.0/board-2.bin with
    bus=ahb,bmi-chip-id=0,bmi-board-id=21,variant=PlasmaCloud-PA2200
* GPIO-LEDs for 2.4GHz, 5GHz-SoC and 5GHz-PCIE
* GPIO-LEDs for power (orange) and status (blue)
* 1x GPIO-button (reset)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x gigabit ethernet
  - phy@mdio3:
    + Label: Ethernet 1
    + gmac0 (ethaddr) in original firmware
    + used as LAN interface
  - phy@mdio4:
    + Label: Ethernet 2
    + gmac1 (eth1addr) in original firmware
    + 802.3at POE+
    + used as WAN interface
* 12V 2A DC

Flashing instructions:

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.

Signed-off-by: Marek Lindner <marek.lindner@kaiwoo.ai>
[sven@narfation.org: prepare commit message, rebase, use all LEDs, switch
to dualboot_datachk upgrade script, use eth1 as designated WAN interface]
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-22 19:11:50 +01:00
Marek Lindner
ea5bb6bbfe ipq40xx: add support for Plasma Cloud PA1200
Device specifications:

* QCA IPQ4018
* 256 MB of RAM
* 32 MB of SPI NOR flash (w25q256)
  - 2x 15 MB available; but one of the 15 MB regions is the recovery image
* 2T2R 2.4 GHz
  - QCA4019 hw1.0 (SoC)
  - requires special BDF in QCA4019/hw1.0/board-2.bin with
    bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=PlasmaCloud-PA1200
* 2T2R 5 GHz
  - QCA4019 hw1.0 (SoC)
  - requires special BDF in QCA4019/hw1.0/board-2.bin with
    bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=PlasmaCloud-PA1200
* 3x GPIO-LEDs for status (cyan, purple, yellow)
* 1x GPIO-button (reset)
* 1x USB (xHCI)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x gigabit ethernet
  - phy@mdio4:
    + Label: Ethernet 1
    + gmac0 (ethaddr) in original firmware
    + used as LAN interface
  - phy@mdio3:
    + Label: Ethernet 2
    + gmac1 (eth1addr) in original firmware
    + 802.3af/at POE(+)
    + used as WAN interface
* 12V/24V 1A DC

Flashing instructions:

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.

Signed-off-by: Marek Lindner <marek.lindner@kaiwoo.ai>
[sven@narfation.org: prepare commit message, rebase, use all LEDs, switch
to dualboot_datachk upgrade script, use eth1 as designated WAN interface]
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-22 19:11:50 +01:00
Sven Eckelmann
17e5920490 ath79: Add support for Plasma Cloud PA300E
Device specifications:

* Qualcomm/Atheros QCA9533 v2
* 650/600/217 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash (mx25l12805d)
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + Label: Ethernet 1
    + 24V passive POE (mode B)
    + used as WAN interface
  - eth1
    + Label: Ethernet 2
    + 802.3af POE
    + builtin switch port 2
    + used as LAN interface
* 12-24V 1A DC
* external antennas

Flashing instructions:

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-22 19:11:50 +01:00
Sven Eckelmann
5fc28ef479 ath79: Add support for Plasma Cloud PA300
Device specifications:

* Qualcomm/Atheros QCA9533 v2
* 650/600/217 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash (mx25l12805d)
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + Label: Ethernet 1
    + 24V passive POE (mode B)
    + used as WAN interface
  - eth1
    + Label: Ethernet 2
    + 802.3af POE
    + builtin switch port 2
    + used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-22 19:11:50 +01:00
Michael Pratt
7073ebf0f9 ath79: add support for Senao Engenius ECB350 v1
FCC ID: A8J-ECB350

Engenius ECB350 v1 is an indoor wireless access point with a gigabit ethernet port,
2.4 GHz wireless, external antennas, and PoE.

**Specification:**

  - AR7242 SOC
  - AR9283 WLAN			2.4 GHz (2x2), PCIe on-board
  - AR8035-A switch		RGMII, GbE with 802.3af PoE
  - 40 MHz reference clock
  - 8 MB FLASH			25L6406EM2I-12G
  - 32 MB RAM
  - UART at J2			(populated)
  - 2 external antennas
  - 3 LEDs, 1 button		(power, lan, wlan) (reset)

**MAC addresses:**

  MACs are labeled as WLAN and WAN
  vendor MAC addresses in flash are duplicate

  phy0	WLAN	*:b8	---
  eth0	WAN	*:b9	art 0x0/0x6

**Installation:**

  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

  OEM webpage at 192.168.1.1
  username and password "admin"
  Navigate to "Firmware" page from left pane
  Click Browse and select the factory.bin image
  Upload and verify checksum
  Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

  After connecting to serial console and rebooting...
  Interrupt uboot with any key pressed rapidly
  execute `run failsafe_boot` OR `bootm 0x9f670000`
  wait a minute
  connect to ethernet and navigate to
  "192.168.1.1/index.htm"
  Select the factory.bin image and upload
  wait about 3 minutes

**Return to OEM:**

  If you have a serial cable, see Serial Failsafe instructions
  otherwise, uboot-env can be used to make uboot load the failsafe image

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt

  ssh into openwrt and run
  `fw_setenv rootfs_checksum 0`
  reboot, wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

**TFTP recovery** (unstable / not reliable):

  rename initramfs to 'vmlinux-art-ramdisk'
  make available on TFTP server at 192.168.1.101
  power board while holding or pressing reset button repeatedly

  NOTE: for some Engenius boards TFTP is not reliable
  try setting MTU to 600 and try many times

**Format of OEM firmware image:**

  The OEM software of ECB350 v1 is a heavily modified version
  of Openwrt Kamikaze. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names
  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  The OEM upgrade script is at /etc/fwupgrade.sh.

  OKLI kernel loader is required because the OEM software
  expects the kernel size to be no greater than 1536k
  and otherwise the factory.bin upgrade procedure would
  overwrite part of the kernel when writing rootfs.
  The factory upgrade script follows the original mtd partitions.

**Note on PLL-data cells:**

  The default PLL register values will not work
  because of the AR8035 switch between
  the SOC and the ethernet port.

  For AR724x series, the PLL register for GMAC0
  can be seen in the DTSI as 0x2c.
  Therefore the PLL register can be read from u-boot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x1805002c 1`

  However the registers that u-boot sets are not ideal and sometimes wrong...
  the at803x driver supports setting the RGMII clock/data delay on the PHY side.
  This way the pll-data register only needs to handle invert and phase.

  for this board no extra adjustements are needed on the MAC side
  all link speeds functional

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2020-12-22 19:11:50 +01:00
Michael Pratt
f244143609 ath79: add support for Senao Engenius ECB1200
FCC ID: A8J-ECB1200

Engenius ECB1200 is an indoor wireless access point with a GbE port,
2.4 GHz and 5 GHz wireless, external antennas, and 802.3af PoE.

**Specification:**

  - QCA9557 SOC			MIPS, 2.4 GHz (2x2)
  - QCA9882 WLAN		PCIe card, 5 GHz (2x2)
  - AR8035-A switch		RGMII, GbE with 802.3af PoE, 25 MHz clock
  - 40 MHz reference clock
  - 16 MB FLASH			25L12845EMI-10G
  - 2x 64 MB RAM		1538ZFZ V59C1512164QEJ25
  - UART at JP1			(unpopulated, RX shorted to ground)
  - 4 external antennas
  - 4 LEDs, 1 button		(power, eth, wifi2g, wifi5g) (reset)

**MAC addresses:**

  MAC Addresses are labeled as ETH and 5GHZ
  U-boot environment has the vendor MAC addresses
  MAC addresses in ART do not match vendor

  eth0	ETH	*:5c	u-boot-env ethaddr
  phy0	5GHZ	*:5d	u-boot-env athaddr
  ----	----	????	art 0x0/0x6

**Installation:**

  Method 1: Firmware upgrade page:

  OEM webpage at 192.168.1.1
  username and password "admin"
  Navigate to "Firmware" page from left pane
  Click Browse and select the factory.bin image
  Upload and verify checksum
  Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

  After connecting to serial console and rebooting...
  Interrupt uboot with any key pressed rapidly

  (see TFTP recovery)
  perform a sysupgrade

**Serial Access:**

  the RX line on the board for UART is shorted to ground by resistor R176
  therefore it must be removed to use the console
  but it is not necessary to remove to view boot log
  optionally, R175 can be replaced with a solder bridge short

  the resistors R175 and R176 are next to the UART pinout at JP1

**Return to OEM:**

  If you have a serial cable, see Serial Failsafe instructions

  Unlike most Engenius boards, this does not have a 'failsafe' image
  the only way to return to OEM is TFTP or serial access to u-boot

**TFTP recovery:**

  Unlike most Engenius boards, TFTP is reliable here

  rename initramfs-kernel.bin to 'ap.bin'
  make the file available on a TFTP server at 192.168.1.10
  power board while holding or pressing reset button repeatedly

  or with serial access:
  run `tftpboot` or `run factory_boot` with initramfs-kernel.bin
  then `bootm` with the load address

**Format of OEM firmware image:**

  The OEM software of ECB1200 is a heavily modified version
  of Openwrt Altitude Adjustment 12.09.

  This Engenius board, like ECB1750, uses a proprietary header
  with a unique Product ID. The header for factory.bin is
  generated by the mksenaofw program included in openwrt.

**Note on PLL-data cells:**

  The default PLL register values will not work
  because of the AR8035 switch between
  the SOC and the ethernet port.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  However the registers that u-boot sets are not ideal and sometimes wrong...
  the at803x driver supports setting the RGMII clock/data delay on the PHY side.
  This way the pll-data register only needs to handle invert and phase.

  for this board clock invert is needed on the MAC side
  all link speeds functional

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2020-12-22 19:11:50 +01:00
Michael Pratt
a459696eb1 ramips: add support for Senao Engenius ESR600H
FCC ID: A8J-ESR750H

Engenius ESR600H is an indoor wireless router with a gigabit switch,
2.4 GHz and 5 GHz wireless, internal and external antennas, and a USB port.

**Specification:**

  - RT3662F			MIPS SOC, 5 GHz WMAC (2x2)
  - RT5392L			PCI on-board, 2.4 GHz (2x2)
  - AR8327			RGMII, 7-port GbE, 25 MHz clock
  - 40 MHz reference clock
  - 8 MB FLASH			25L6406EM2I-12G
  - 64 MB RAM
  - UART at J12			(unpopulated)
  - 2 internal antennas		(5 GHz)
  - 2 external antennas		(2.4 GHz)
  - 9 LEDs, 1 button		(power, wps, wifi2g, wifi5g, 5 LAN/WAN)
  - USB 2 port			(GPIO controlled power)

**MAC addresses:**

  MAC Addresses are labeled as WAN and WLAN
  U-boot environment has the the vendor MAC address for ethernet
  MAC addresses in "factory" are part of wifi calibration data

  eth0.2	WAN	*:13:e7		u-boot-env wanaddr
  eth0.1	----	*:13:e8		u-boot-env wanaddr + 1
  phy0		WLAN	*:14:b8		factory 0x8004
  phy1		----	*:14:bc		factory 0x4

**Installation:**

  Method 1: Firmware upgrade page

  OEM webpage at 192.168.0.1
  username and password "admin"
  Navigate to Network Setting --> Tools --> Firmware
  Click Browse and select the factory.dlf image
  Click Continue to confirm and wait 6 minutes or more...

  Method 2: Serial console to load TFTP image:

  (see TFTP recovery)

**Return to OEM:**

  Unlike most Engenius boards, this does not have a 'failsafe' image
  the only way to return to OEM is serial access to uboot

  Unlike most Engenius boards, public images are not available...
  so the only way to return to OEM is to have a copy
  of the MTD partition "firmware" BEFORE flashing openwrt.

**TFTP recovery:**

  Unlike most Engenius boards, TFTP is reliable here
  however it requires serial console access
  (soldering pins to the UART pinouts)

  build your own image...
  with 'ramdisk' selected under 'Target Images'

  rename initramfs-kernel.bin to 'uImageESR-600H'
  make the file available on a TFTP server at 192.168.99.8
  interrupt boot by holding or pressing '4' in serial console
  as soon as board is powered on

  `tftpboot 0x81000000`
  `bootm 0x81000000`
  perform a sysupgrade

**Format of OEM firmware image:**

  This Engenius board uses the Senao proprietary header
  with a unique Product ID. The header for factory.bin is
  generated by the mksenaofw program included in openwrt.

  .dlf file extension is also required for OEM software to accept it

**Note on using OKLI:**

  the kernel is now too large for the bootloader to handle
  so OKLI is used via the `kernel-loader` image command
  recently in master several other ramips boards have the same problem

  'Kernel panic - not syncing: Failed to find ralink,rt3883-sysc node'

  see commit ad19751edc

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2020-12-22 19:11:50 +01:00
Rosen Penev
57fe7d5401 toolchain: remove uClibc install stuff
This is preparation for removing uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 19:11:50 +01:00
Nick Lowe
cb41bc5088 hostapd: Use EAPOLv1 (802.1X-2001) if WPA enabled
Currently, EAPOLv2 (802.1X-2004) is used by default for legacy clients that
are not WPA2 (RSN) capable. These legacy clients are often intolerant to this
EAPOL version and fail to connect.

hostapd.conf upstream documents for eapol_version the following and that this
is a known compatibility issue with version 2:

// IEEE 802.1X/EAPOL version
// hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
// version 2. However, there are many client implementations that do not handle
// the new version number correctly (they seem to drop the frames completely).
// In order to make hostapd interoperate with these clients, the version number
// can be set to the older version (1) with this configuration value.
// Note: When using MACsec, eapol_version shall be set to 3, which is
// defined in IEEE Std 802.1X-2010.
//eapol_version=2

For the wpa parameter, hostapd.conf upstream documents that this is a bitfield,
configured as follows:

// Enable WPA. Setting this variable configures the AP to require WPA (either
// WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
// wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
// Instead of wpa_psk / wpa_passphrase, wpa_psk_radius might suffice.
// For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
// RADIUS authentication server must be configured, and WPA-EAP must be included
// in wpa_key_mgmt.
// This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
// and/or WPA2 (full IEEE 802.11i/RSN):
// bit0 = WPA
// bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
// Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2.
// In other words, for WPA3, wpa=2 is used the configuration (and
// wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK).
//wpa=2

For client compatibility therefore:

EAPOLv1 (802.1X-2001) should be used by default where WPA is enabled.
EAPOLv2 (802.1X-2004) should be used by default where WPA is disabled.

To fix this, we can therefore change in the script:

set_default eapol_version 0

To the following:

set_default eapol_version $((wpa & 1))

This therefore:
1) Sets eapol_version to 1 where WPA has been enabled via wpa bit0 being set.
2) Sets eapol_version to 0 where WPA has been disabled via wpa bit0 being unset.

For usual configurations that only have WPA2 enabled, EAPOLv2 is then used.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2020-12-22 19:11:50 +01:00
Paul Fertser
39c8bc4422 mac80211: fix MAC address allocations when local bit set on base addr
Testing with hwsim reveals two problems:

1. phyX/addresses has two addresses and mac80211_get_addr keeps
returning the last one when asked for more;

2. The base address has the local bit set and the operation unsets it.

Fix both.

Fixes: 866790fd82
Reported-by: Zero_Chaos
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
2020-12-22 18:59:10 +01:00
Hannu Nyman
3d12b47985 base-files: flush kernel memory cache during sysupgrade
Flush kernel memory caches during sysupgrade in order
to mitigate the impact from memory consumption spikes
in low-RAM devices.

This may help to prevent sysupgrade causing a reboot
before the actual flashing starts.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2020-12-22 18:59:10 +01:00
Tomasz Maciej Nowak
fa77051037 uboot-tegra: bump to 2020.04
This fixes error when host GCC >= 10.

/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
6a1ad19cd3 tcpdump: fix pcap-config issues
The patch removes a libpcap check to avoid a problem with libpcap. Fix
libpcap instead.

Modernize Makefile:

Use a normal autoconf bool instead of checking for CONFIG_IPV6.

Remove old configure and MAKE_FLAGS hacks. Removing them results in
compilation continuing to work without a problem.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
2a92754ce9 libpcap: fix pcap-config
pcap-config as installed is using OS paths instead of OpenWrt ones.

Take fix from libpng and adjust as needed.

This problem seems to occur on Arch Linux and not on Debian/Fedora
based distros. No idea why.

Remove CMAKE_INSTALL as there is now an InstallDev section.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
57ad2a9421 fs/cifs: update module dependencies
0fdfef9aa7ee68ddd508aef7c98630cfc054f8d6 upstream removed CIFS_SMB311.
Kernels 4.19 and above do not have it. Currently only kernels 4.19 and
5.4 are in the tree.

The Kconfig file in the kernel has more selection that what is in here.
Add the rest and reorder based on upstream ordering.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
6e5759f6b4 pcre: fix paths in config file
The paths are pointing to OS paths, not OpenWrt ones. Use SED line from
libpng to fix and adjust accordingly.

This may allow certain packages that use the config file to pick up pcre.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
36540aa973 nettle: update to 3.6
Updated ABI_VERSION.

Switched PKG_BUILD_PARALLEL on as there seems to be no issue anymore.
I can't find any information about why it was turned off.

Fixed license information.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
5036383ccc binutils: update to 2.35.1
Fixes compilation with musl 1.2.x.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
0d502293e6 elfutils: update to 0.180
Refreshed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Nadim Atiya
1302bee12a hostapd: parse skip_inactivity_poll option
hostapd.sh does not parse skip_inactivity_poll boolean from
/etc/config/wireless despite being mentioned in the documentation [1].
This change fixes this, and by default sets its value to 0 [1].

[1] https://openwrt.org/docs/guide-user/network/wifi/basic

Signed-off-by: Nadim Atiya <nadim.atiya@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[fix and reformat commit message, make patch apply]
2020-12-22 15:23:35 +00:00
Robert Marko
20d847d133 base-files: upgrade: fix initramfs detection
Commit "initramfs: switch to tmpfs to fix ujail" switched initramfs to
now use tmpfs, it causes $(rootfs_type) to now return tmpfs when
running initramfs image instead of being empty.

This broke initramfs detection which prevents config files from
being saved as it does not work from initramfs.

So, lets test for $(rootfs_type) returning "tmpfs" instead.

Fixes: 7fd3c68 ("initramfs: switch to tmpfs to fix ujail)

Signed-off-by: Robert Marko <robimarko@gmail.com>
2020-12-20 17:14:56 +00:00
Petr Štetiar
0cf3c5dd72 uhttpd: don't redirect to HTTPS by default
So we can ship px5g-wolfssl by default in the release image, but still
make the HTTPS for LuCI optional. This small change with addition of
`CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the
next release should provide optional HTTPS in the next release.

Disabling the current default automatic uhttpd's redirect to HTTPS
should make the HTTPS optional. That's it, user would either need to
switch to HTTPS by manually switching to https:// protocol in the URL or
by issuing the following commands to make the HTTPS automatic redirect
permanent:

 $ uci set uhttpd.main.redirect_https=1
 $ uci commit uhttpd
 $ service uhttpd reload

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-20 10:36:51 +01:00
Hauke Mehrtens
736eee5cc6 mt76: Fix compile against glibc
The mt76 test tools did not compile against glibc.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-19 23:18:38 +01:00
Hauke Mehrtens
aa08f43cab toolchain: Deactivate sanitizer on MIPS and ARC
MIPS 32 bit support for sanitizer was added with GCC 9, MIPS 64 bit and
ARC are still not supported in GCC 10.

Deactivate them for now and change this when we change the default
compiler to GCC 9 or later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-19 23:18:38 +01:00
Felix Fietkau
3ab695368a mac80211: do not drop tx nulldata packets on encrypted links
Fixes sending out nulldata probing frames

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-18 23:05:50 +01:00
Felix Fietkau
b837534f02 mt76: update to the latest version
7f53d68b1af9 mt76: mt7615: add debugfs knob for setting extended local mac addresses
1a2547b27dfc mt76: do not set NEEDS_UNIQUE_STA_ADDR for 7615 and 7915
2741fd071bb7 mt76: mt7915: support 32 station interfaces
709f2cd77810 mt76: mt7915: fix processing txfree events
434940e08233 mt76: mt7915: measure channel noise and report it via survey
236326896589 mt76: mt7615: retry if mt7615_mcu_init returns -EAGAIN
b5c593b63f4c mt76: mt7663s: move tx/rx processing in the same txrx workqueue
75157b59ae4e mt76: mt7663s: convert txrx_work to mt76_worker
6dc67b058e2a mt76: mt7663s: disable interrupt during txrx_worker processing
b381729626bb mt76: sdio: convert {status/net}_work to mt76_worker
9cb12f7042cc mt76: mt7915: fix DRR sta bss group index
75977a85e844 mt76: mt7915: disable OFDMA/MU-MIMO UL
6cdebe805862 mt76: rename __mt76_mcu_send_msg to mt76_mcu_send_msg
eb9afae96b65 mt76: rename __mt76_mcu_skb_send_msg to mt76_mcu_skb_send_msg
8c73f3b15ada mt76: implement .mcu_parse_response in struct mt76_mcu_ops
fcfbb046c2f3 mt76: move mcu timeout handling to .mcu_parse_response
477caa196ffe mt76: move waiting and locking out of mcu_ops->mcu_skb_send_msg
a4d71501bad6 mt76: make mcu_ops->mcu_send_msg optional
80c310c59ad1 mt76: mt7603: switch to .mcu_skb_send_msg
082b26181013 mt76: implement functions to get the response skb for MCU calls
ee40800df2e4 mt76: mt7915: move eeprom parsing out of mt7915_mcu_parse_response
d33943baac47 mt76: mt7915: query station rx rate from firmware
b8874e8756d9 mt76: add back the SUPPORTS_REORDERING_BUFFER flag
633ae5961db6 mt76: mt7615: enable beacon filtering by default for offload fw
9a203fea3540 mt76: mt7615: introduce quota debugfs node for mt7663s
f9ae638af7e2 mt76: mt7663s: get rid of mt7663s_sta_add
1a5758d894d0 mt76: mt7663s: fix a possible ple quota underflow
dea10c03316f mt76: sdio: get rid of sched.lock
eb4c09957938 mt76: mt7915: set fops_sta_stats.owner to THIS_MODULE
594890b11155 mt76: mt7915: update ppe threshold
8884a5def518 mt76: mt7915: rename mt7915_mcu_get_rate_info to mt7915_mcu_get_tx_rate
33b89f4a1bf4 mt76: set fops_tx_stats.owner to THIS_MODULE
4d019c9672ec sync with upstream changes
35e3cd1db479 mt76: mt7603: fix ED/CCA monitoring with single-stream devices
4f9f79b085b1 wireless: mt76: convert tasklets to use new tasklet_setup() API
20e8cf935ed0 mt76: dma: fix possible deadlock running mt76_dma_cleanup
36089a655f58 mt76: mt7915: fix sparse warning cast from restricted __le16
68c4eedafd61 mt76: fix memory leak if device probing fails
9a1a0a4dec71 mt76: mt7603: add additional EEPROM chip ID
01b943295719 mt76: move mt76_mcu_send_firmware in common module
0aee4999902a mt76: mt7663s: introduce WoW support via GPIO
79ebad117325 mt76: switch to wep sw crypto for mt7615/mt7915
af139725193a mt76: fix tkip configuration for mt7615/7663 devices
664e66b35c0b mt76: mt7615: run key configuration in mt7615_set_key for usb/sdio devices
f675358267d6 mt76: mt76u: rely on woker APIs for rx work
b9f9c16cb1bd mt76: mt76u: use dedicated thread for status work
cdeb1b29cd15 mt76: testmode: switch ib and wb rssi to array type for per-antenna report
0a898c0549b6 mt76: testmode: add snr attribute in rx statistics
3ea9a0433bcc mt76: testmode: add tx_rate_stbc parameter
73427ebbbd27 mt76: testmode: add support for LTF and GI combinations for HE mode
88ebccfe8a39 mt76: mt7915: fix tx rate related fields in tx descriptor
9909c0551e4c mt76: testmode: add support for HE rate modes
03ed0909f922 mt76: mt7915: implement testmode tx support
0aa696834a9c mt76: mt7915: implement testmode rx support
5ed3a34b46ce mt76: mt7915: add support to set txpower in testmode
f86361654e94 mt76: mt7915: add support to set tx frequency offset in testmode
64a765be750a mt76: mt7915: make mt7915_eeprom_read static
9b48c13b52f7 mt76: mt7915: use BIT_ULL for omac_idx
27227fd57ea7 mt76: mt7915: remove unused mt7915_mcu_bss_sync_tlv()
cd795267612d mt76: mt7615: support 16 interfaces
82da525ad0c8 mt76: mt7615: refactor usb/sdio rate code
b9a50da503ad mt76: mt7915: rely on eeprom definitions
c79d18723df0 mt76: move mt76_init_tx_queue in common code
b0b221e91445 mt76: sdio: introduce mt76s_alloc_tx_queue
caba5a99e5ae mt76: sdio: rely on mt76_queue in mt76s_process_tx_queue signature
3ed4aad81ce9 mt76: mt7663s: rely on mt76_queue in mt7663s_tx_run_queue signature
216cf8b28579 mt76: dma: rely on mt76_queue in mt76_dma_tx_cleanup signature
0f9350bef1b5 mt76: rely on mt76_queue in tx_queue_skb signature
8932975be066 mt76: introduce mt76_init_mcu_queue utility routine
b0eb7edcc624 mt76: rely on mt76_queue in tx_queue_skb_raw signature
ccd62467d0f3 mt76: move mcu queues to mt76_dev q_mcu array
2e217fb9e962 mt76: move tx hw data queues in mt76_phy
576647f2ec6a mt76: mt7915: fix endian issues
e881fd67c718 mt76: move band capabilities in mt76_phy
c728cecd7b77 mt76: rely on mt76_phy in mt76_init_sband_2g and mt76_init_sband_5g
231ef27697f9 mt76: move band allocation in mt76_register_phy
8aa24c91b13b mt76: move hw mac_addr in mt76_phy
b436da4d9d92 mt76: mt7915: introduce dbdc support
1e34a02c2dcb mt76: mt7915: get rid of dbdc debugfs knob
d8e681bd3268 mt76: mt7615: fix rdd mcu cmd endianness
19c9e277eff6 mt76: mt7915: fix memory leak in mt7915_mcu_get_rx_rate()
e361b6a71e4b mt76: improve tx queue stop/wake
fb24e5f2305b mt76: mt7915: stop queues when running out of tx tokens
066cc441eb8f mt76: attempt to free up more room when filling the tx queue
93c806a34ec2 mt7915: fix minor issues in the token queue blocking change
c017e329a326 mt76: mt7915: ensure that init work completes before starting the device
9e9da427b8a6 mt76: mt7915: fix polling firmware-own status
5cd805ddfb25 mt76: add more conditions for stopping tx scheduling
aa893c73bf85 mt76: mt7915; increase txq memory limit for non-DBDC 7915 cards to 32 MiB
e44b7c91070e mt76: skip queue stop/wake, rely entirely on txq scheduling
6c6a5c59c101 mt76: mt7915: do not set DRR group for stations
510cb5be1bf7 mt76: usb: remove wake logic in mt76u_status_worker
34f318a25421 mt76: sdio: remove wake logic in mt76s_process_tx_queue
4a90fdf6105e mt76: mt76s: fix NULL pointer dereference in mt76s_process_tx_queue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-18 19:01:51 +01:00
Hauke Mehrtens
fca0eb2d92 nat46: Fix PKG_MIRROR_HASH
The PKG_MIRROR_HASH was not updated when updating the package.

Fixes: f75c70aeca ("nat46: update to latest git HEAD")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-17 12:13:27 +01:00
Hauke Mehrtens
94d1b2508c wireless-regdb: Update to version 2020.11.20
9efa1da wireless-regdb: update regulatory rules for Egypt (EG)
ede87f5 wireless-regdb: restore channel 12 & 13 limitation in the US
5bcafa3 wireless-regdb: Update regulatory rules for Croatia (HR)
4e052f1 wireless-regdb: Update regulatory rules for Pakistan (PK) on 5GHz
f9dfc58 wireless-regdb: update 5.8 GHz regulatory rule for GB
c19aad0 wireless-regdb: Update regulatory rules for Kazakhstan (KZ)
07057d3 wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-16 22:11:19 +01:00
Rosen Penev
47f30a566e util-linux: update to 2.36.1
Removed upstream patch.

Refreshed other ones.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-16 22:11:19 +01:00
Rosen Penev
e030a19a57 libunwind: update to 1.5.0
Cleanup Makefile for consistency with other ones.

Remove PKG_SSP. It can be fixed with -lssp_nonshared.

Add PKG_BUILD_PARALLEL for faster compilation.

Add zlib dependency. 1.5.0 requires it now.

Refresh patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-16 22:11:19 +01:00
Hauke Mehrtens
6cdc21b20e mac80211: Update to version 5.8.18-1
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-16 22:11:19 +01:00
Hauke Mehrtens
c9c7cdbbb7 e2fsprogs: Add TARGET_LDFLAGS to e4crypt
The TARGET_LDFLAGS were dropped in the linking of e4crypt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-16 22:11:19 +01:00
Rosen Penev
3040791608 libnetfilter-conntrack: update to 1.0.8
Previous git version was 1.0.7.

Switched to using tarballs for simplicity.

Fixed license information.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-15 00:18:12 +01:00
Nick Hainke
05a1b11c71 netifd: update to latest version
458b1a7e9473 netifd: add segment routing support

Signed-off-by: Nick Hainke <vincent@systemli.org>
2020-12-14 20:25:21 +01:00
Daniel Golle
c74ae89574 kernel: package kmod-keys-encrypted and kmod-keys-trusted
Add kernel module packages for handling encrypted and TPM trusted
keys on the kernel chain.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-14 17:25:14 +00:00
Petr Štetiar
ce1163dfa7 uclient: update to Git version 2020-12-10
2c843b2bc04c Add initial GitLab CI support
073f89f567c0 uclient-fetch: wolfSSL: fix certificate validation
086c292160ac uclient-fetch: init_ca_cert: fix memory leak
a3c1a88b031a cmake: enable extra compiler checks
32ff717ed316 uclient-http: fix extra compiler warnings on mips_24kc and cortex-a9+neon
86a2ac6ac46f uclient-fetch: fix potential memory leaks
158dd9dd289c uclient: fix initialized but never read variable
66b4420856a7 uclient-fetch: fix statement may fallt hrough
436f9b3af2ad uclient-http: fix freeing of stack allocated memory
e6b5b8a98ce2 Fix extra compiler warnings
12df67e45bb0 Add basic cram based unit tests
b6e34845124f cmake: fix building out of the tree

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-14 09:41:39 +01:00
Petr Štetiar
23bbaa02a9 ustream-ssl: update to Git version 2020-12-10
68d09243b6fd Add initial GitLab CI support
8280140db9d1 wolfssl: remove now deprecated compatibility code
cee6791b362a ustream-mbedtls: fix certificate verification
55c3fd89d508 ustream-mbedtls: implement set_require_validation
c6b4c48689a3 ustream-openssl: wolfSSL: fix certificate validation
3bc05402bfab cmake: enable extra compiler checks
cd2c3d12db43 ustream-mbedtls: fix comparison of integers of different signs
5896991e46a3 ustream-openssl: fix BIO_method memory leak
2c342ae57c5b ustream-openssl: fix wolfSSL includes
fa8ecd6ed140 cmake: fix linking when mbed TLS not in default paths
63656f81045f cmake: fix linking when wolfSSL not in default paths
c26f71e844df cmake: fix building out of the tree

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-14 09:41:39 +01:00
Rui Salvaterra
116191eddf zram-swap: remove the compression streams settings
Zram switched to per-cpu compression streams since Linux 4.7 [1]. Drop the
irrelevant configuration (no-op).

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/block/zram?h=v4.7&id=43209ea2d17aae1540d4e28274e36404f72702f2

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-12-13 13:55:03 -10:00
Luis Araneda
8b870418f1 uboot-zynq: fix dtc compilation on host gcc 10
gcc 10 defaults to -fno-common, which causes an error
when linking.

Back-port the following Linux kernel commit to fix it:
e33a814e772c (scripts/dtc: Remove redundant YYLOC global declaration)

Tested on an Arch Linux host with gcc 10.1.0

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2020-12-13 16:12:45 +01:00
Daniel Golle
b2d48c1dfe odhcpd: remove local mkdir_p implementation
Replace local mkdir_p implementation in favour of using mkdir_p now
added to libubox.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-13 00:13:18 +00:00
Daniel Golle
54239ccfe7 procd: update to git HEAD
111416d jail: remove unreachable code
 7f12c89 treewide: replace local mkdir_p implementations

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 23:34:10 +00:00
Daniel Golle
278b1e95a7 fstools: update to git HEAD
0c6fb90 jffs2-reset: allow doing a factory reset and passing a sysupgrade.tgz
 4862530 mount: restorecon: guard against execl() errors
 f415323 block: replace local mkdir_p implementation

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 23:34:10 +00:00
Daniel Golle
ee0ff7343e libubox: utils: introduce mkdir_p
Add new utility function mkdir_p(char *path, mode_t mode) to replace
the partially buggy implementations found accross fstools and procd.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 23:34:10 +00:00
Daniel Golle
be6aa93e4d selinux-policy: update to version 0.4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 14:45:32 +00:00
Philip Prindeville
5d2b577a53 xfrm: support 'multicast' attribute on interfaces
You shouldn't need the overhead of GRE just to add multicast
capability on a point-to-point interface (for instance, you might
want to run mDNS over IPsec transport connections, and Avahi
requires IFF_MULTICAST be set on interfaces, even point-to-point
ones).

Borrowed heavily from:

    b3c9321b9e gre: Support multicast configurable gre interfaces

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-12-11 20:53:36 +01:00
Eneas U de Queiroz
882ca13d92 openssl: update to 1.1.1i
Fixes: CVE-2020-1971, defined as high severity, summarized as:
NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS
attack.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-12-11 13:57:04 +01:00
Marty Jones
b63e57ba17 kernel: add Aquantia AQtion USB-to-5GbE adapters
This add support for USB-to-Ethernet Aquantia AQtion
5/2.5GbE adapters based on the AQC111U controllers.

Run-tested: x86
Adapter-tested: Sabrent NT-SS5G
Signed-off-by: Marty Jones <mj8263788@gmail.com>
2020-12-11 13:57:04 +01:00
Konstantin Demin
52aa2017d3 dropbear: bump package version
Bump package version after previous changes.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-11 13:48:24 +01:00
Konstantin Demin
228298290e dropbear: add ssh-askpass support in configuration
binary size cost is much less than 1k.

tested on ath79/generic:
  bin: 215128 -> 215132 (+4b)
  ipk: 111183 -> 111494 (+311b)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
e1bd9645b6 dropbear: roll up recipes into mapping lists
this commit removes manual recipes for options and introduces mapping lists:
- DB_OPT_COMMON holds option mappings which are common for all builds;
- DB_OPT_CONFIG holds option mappings which are depend on config settings.

DB_OPT_COMMON is space-separated list of 'words', each of them is in format:
  'header_option|value'

'header_option' is added with value 'value' to 'localoptions.h'.

if 'header_option' is preceded by two exclamation marks ('!!')
then option is not added to 'localoptions.h' but replaced in 'sysoptions.h'.

in short:
   option|value - add option to localoptions.h
 !!option|value - replace option in sysoptions.h

DB_OPT_CONFIG is space-separated list of 'words', each of them is in format:
  'header_option|config_variable|value_enabled|value_disabled'

'header_option' is handled likewise in DB_OPT_COMMON.

if 'config_variable' is enabled (technically: not disabled)
then 'header_option' is set to 'value_enabled' and 'value_disabled' otherwise.

in short:
   option|config|enabled|disabled = add option to localoptions.h
 !!option|config|enabled|disabled = replace option in sysoptions.h

   option := (config) ? enabled : disabled

If you're not sure that option's value doesn't have '|' within - add your recipe
manually right after '$(Build/Configure/dropbear_headers)' and write some words
about your decision.

PS about two exclamation marks:
early idea was to use one exclamation mark to denote such header options
but then i thought single exclamation mark may be overlooked by mistake.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
79d5c24724 dropbear: rework recipes that configure build
- add two helper functions to avoid mistakes with
  choice of correct header file to work with
- update rules accordingly

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
42eff7c7e6 dropbear: reorder options in Configure recipe
put static options at first place, then place configurable options.
also put DROPBEAR_ECC right before DROPBEAR_ECC_FULL to ease maintainance.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
7e122c353a dropbear: enable back DROPBEAR_USE_PASSWORD_ENV
this option was disabled in 2011 and these long nine years showed us that change was definitely wrong.

binary size cost is much less than 1k.

tested on ath79/generic:
  bin: 215128 -> 215128 (no change)
  ipk: 111108 -> 111183 (+75b)

Fixes: 3c801b3dc0 ("tune some more options by default to decrease size")
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
John Thomson
d82c191283 package/base-files: caldata: use dd iflag fullblock
This dd flag ensures that the requested size
is retrieved from pipes or special filesystems (if available).

Without this flag, on multi-core systems,
Piped or special filesystem data can be truncated
when a size greater than PIPE_BUF is requested.

Fixes: FS#3494
Fixes: 7557e7f ("package/base-files: caldata: work around dd's
limitation")
Cc: Thibaut VARÈNE <hacks@slashdirt.org>

Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
2020-12-11 13:48:24 +01:00
Petr Štetiar
064d65c2f7 wolfssl: fix broken wolfSSL_X509_check_host
Backport upstream post 4.5.0 fix for broken wolfSSL_X509_check_host().

References: https://github.com/wolfSSL/wolfssl/issues/3329
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-11 13:48:24 +01:00
Eneas U de Queiroz
f31c9cd383 wolfssl: compile with --enable-opensslall
This enables all OpenSSL API available.  It is required to avoid some
silent failures, such as when performing client certificate validation.

Package size increases from 356.6K to 374.7K for
arm_cortex-a9_vfpv3-d16.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-12-11 13:48:24 +01:00
Eneas U de Queiroz
4e8a0014aa wolfssl: add lighty support, skip crypttests
Tnis adds the --enable-lighty option to configure, enabling the minimum
API needed to run lighttpd, in the packages feed.  Size increase is
about 120 bytes for arm_cortex-a9_vfpv3-d16.

While at it, speed up build by disabling crypt bench/test.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-12-11 13:48:24 +01:00
Paul Spooren
6ea03ec94c opkg: remove legacy dist and extra_data
efb26a3 libopkg: remove "extra_data" option
1d67ab7 libopkg: remove support for "dist" config

Reduces opkg size by about 400 Bytes.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-12-09 23:24:38 -10:00
Paul Spooren
e7e16667ff iftop: remove package
The package has no reason to be in openwrt.git. Move it to packages.git.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2020-12-09 23:24:22 -10:00
Hans Dedecker
dd3464023f odhcp6c: update to latest git HEAD
0ffa3a3 dhcpv6: harden reconfigure logic
3999b6d dhcpv6: rework DHCPv6 message to string implementation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-09 22:33:34 +01:00
Jo-Philipp Wich
dd5b3b58d8 lldpd: fix autoreconf failure
The lldpd sources ship a modified local AX_LIB_READLINE M4 macro which
conflicts with the official macro shipped by autoconf-archive.

Due to the official macro having the same name and a higher serial
number, autoconf will prefer including that one instead of the local
copy, preventing the substitution of @READLINE_LIBS@ in Makefile.in
templates, ultimately leading to the following build failure when
linking lldpcli:

    ...-gcc: error: READLINE_LIBS@: No such file or directory

Avoid this problem by renaming the locally shipped macro to not clash
with the official implementation anymore.

Ref: https://github.com/lldpd/lldpd/pull/423
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-12-09 12:36:40 +01:00
Adrian Schmutzler
af07c6de9c uboot-envtools: ramips: use full names for Xiaomi Mi Routers
This updates uboot-envtools with the updated names from ramips
target.

Fixes: 6d4382711a ("ramips: use full names for Xiaomi Mi Router devices")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-12-08 23:45:10 +01:00
Rosen Penev
f7d7a3a18b libcxx[abi]: remove
This is a neat project, but offers no benefit to OpenWrt. The initial
reason for it was to be a replacement for libstdcpp as it is smaller
and lacks compatibility for C++98. Unfortunately, compiling several
packages with it results in larger ipk sizes.

While not a member of the packages feed, this will be moved to
packages-abandoned to keep it somewhere.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-07 10:46:43 -10:00
Rosen Penev
588933ae9a lzo: remove
This is not used by any package in base. It will be moved to packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-06 11:21:44 -10:00
Rosen Penev
0afc629c83 mtd-utils: remove lzo build dependency
The build option `--withouth-lzo` is added in the Makefile which makes
the existence of lzo obsolete. To remove the lzo package from
openwrt.git entirely, remove the legacy dependency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[improved commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-12-06 11:21:37 -10:00
Rui Salvaterra
e273c1715b kernel: kmod-lib-zstd: enable crypto API support
Zstd is supported by the crypto API since Linux 4.18. Enable this feature and
reveal the package in the configuration section, so the user can select it.
This allows zstd to be used as a compression algorithm in zram, for example.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-12-06 08:56:59 -10:00
Nick Lowe
ce5bcff304 hostapd: Disable 802.11b data rates by default
Set legacy_rates to 0 by default to disable 802.11b data rates by default.

The time has long come where 802.11b DSSS/CCK data rates should be disabled
by default in OpenWRT. Users in need of 802.11b client support can reasonably
enable these where they are needed.

The balance of equities has significantly, and for a long time, tipped
such that dropping backwards compatibility by default with 802.11b
devices is appropriate, proportionate and justified. By doing so,
management and control traffic is moved by default to a 20
MHz wide 6 Mb/s OFDM data rate instead of a 22 MHz wide 1 Mb/s DSSS data
rate. This is significantly more airtime efficient.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2020-12-06 08:51:32 -10:00
Eneas U de Queiroz
2f75348923 openssl: use --cross-compile-prefix in Configure
This sets the --cross-compile-prefix option when running Configure, so
that that it will not use the host gcc to figure out, among other
things, compiler defines.  It avoids errors, if the host 'gcc' is
handled by clang:

mips-openwrt-linux-musl-gcc: error: unrecognized command-line option
'-Qunused-arguments'

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2020-12-06 18:32:14 +01:00
Sven Roederer
13961da6ce procd: also depend on jshn
fixes "file no found" error on stripped down images, caused by prod.sh:43.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-12-05 22:18:07 -10:00
Rosen Penev
28a9ac74cc openvpn: remove
This will be moved to packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Paul Spooren <mail@aparcar.org>
2020-12-05 10:09:01 -10:00
Rosen Penev
57a8028949 openvpn-easy-rsa: remove
This will be moved to packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-05 10:08:49 -10:00
Hans Dedecker
13734075d2 odhcp6c: update to git HEAD
faed29a dhcpv6: only refresh timers when reconfigure is valid
9c50975 dhcpv6: fix printing identity association id
a7b2221 dhcpv6: avoid sending continuous renew/rebind messages
d7afa2b dhcpv6: add extra syslog info traces
f5728e4 odhcp6c_find_entry: exclude priority from the list of fields that must match

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-05 20:48:50 +01:00
Daniel Golle
4dc5b64760 procd: output warning if user 'ubus' doesn't exist
6acc48c early: fall-back to run ubus as root if user can't be found

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-04 14:41:26 +00:00
Daniel Golle
533895e05e ubus: make sure ubusd starts in case user 'ubus' doesn't exist
d1d9ddf ubusd: attempt to create socket folder

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-04 14:41:26 +00:00
Stan Grishin
b4f1f9c9e4 base-files: informative service command in /etc/shinit. service command shows services enabled/disabled and running status, when the service command is invoked with no/invalid arguments, like this:
Usage: service <service> [command]
The following services are available:
/etc/init.d/acme                   enabled         stopped
/etc/init.d/boot                   enabled         stopped
/etc/init.d/cron                   enabled         running
/etc/init.d/dnsmasq                enabled         running
...

Signed-off-by: Stan Grishin <stangri@melmac.net>
2020-12-03 23:28:43 -10:00
Hauke Mehrtens
d346beb08c build: Extract trusted-firmware-a.mk
The include/trusted-firmware-a.mk file is based on the
include/u-boot.mk file and should be used to build a Trusted Firmware-A
(TFA) which was previously named Arm trusted firmware.

This is useful for targets where the TFA is board specific like for
Marvell SoCs and probably also NXP Layerscape SoCs.

This also makes use of this abstraction in the
arm-trusted-firmware-mvebu package to build board specific ATF binaries.

The ATF binaries will be automatically activated and build when the
board is selected in the normal build or all boards are selected. This
should also activate the build when build bot creates images.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-02 23:46:01 +01:00
Felix Fietkau
36db12b883 netifd: update to the latest version
d6bd1047d004 vlandev: dump vlan id in device status
e0c838bd06a6 vlandev: support bridge-vlan aliases in the vid config parameter
574dc4a17105 system-dummy: print configured mac address
14f0e8ff928f system-linux: simplify mask check in system_if_apply_settings
524310276f20 system-linux: move device settings handling to device.c
42c48866f1c1 config: parse default mac address from board.json

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-02 12:08:52 +01:00
John Crispin
9290539ca9 base-files: allow setting device and bridge macs
Add code for setting mac addresses inside board.json and rendering
them out to uci. On switches we want to have a unique MAC on each port.
With 48 port switches that would require 48 device sections in
/etc/config/network. Doing so via board.json is easier.

Signed-off-by: John Crispin <john@phrozen.org>
2020-12-02 07:51:36 +01:00
John Crispin
f3926d233d uboot-envtools: add support for the realtek target
On most boards the MAC is located inside the u-boot-env.

Signed-off-by: John Crispin <john@phrozen.org>
2020-12-02 07:51:00 +01:00
Daniel Golle
c71500fd45 procd: update to git HEAD
f3c3563 jail: improve seccomp BPF generator
 f67a66f jail: always call cgroups_free()
 4625350 jail: seccomp: improve code readability

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-30 10:39:15 +00:00
Daniel Golle
aa6fe00a48 busybox: add check for capabilities file
Similar to the previous commit adding a check to the init script of
umdns, do a similar change for sysntpd, just to be on the safe side.

Inspired-by: 520403cd49 ("umdns: add check for seccomp list")

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-30 10:39:01 +00:00
Jan Pavlinec
520403cd49 umdns: add check for seccomp list
This should fix an issue when user have a router with enabled seccomp
and tries to run umdns package which was build with SDK with disabled
seccomp support.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-11-30 10:38:13 +00:00
Nick Lowe
81ff23fc91 hostapd: Add cell_density data rates option
Add a cell_density option to configure data rates for normal, high and
very high cell density wireless deployments.

The purpose of using a minimum basic/mandatory data rate that is higher
than 6 Mb/s, or 5.5 Mb/s (802.11b compatible), in high cell density
environments is to transmit broadcast/multicast data frames using less
airtime or to reduce management overheads where significant co-channel
interference (CCI) exists and cannot be avoided.

Caution: Without careful design and validation, configuration of a too
high minimum basic/mandatory data rate can sacrifice connection stability
or disrupt the ability to reliably connect and authenticate for little to
no capacity benefit. This is because this configuration affects the
ability of clients to hear and demodulate management, control and
broadcast/multicast data frames.

Deployments that have not been specifically designed and validated are
usually best suited to use 6, 12 and 24 Mb/s as basic/mandatory data
rates.

Only usually seek to configure a 12 Mb/s, or 11 Mb/s (802.11b
compatible), minimum basic/mandatory rate in high cell density
deployments that have been designed and validated for this.

For many deployments, the minimum basic/mandatory data rate should not be
configured above 12 Mb/s to 18 Mb/s, 24 Mb/s or higher. Such a
configuration is only appropriate for use in very high cell density
deployment scenarios.

A cell_density of Very High (3) should only be used where a deployment
has a valid use case and has been designed and validated specifically for
this use, nearly always with highly directional antennas - an example
would be stadium deployments. For example, with a 24 Mb/s OFDM minimum
basic/mandatory data rate, approximately a -73 dBm RSSI is required to
decode frames. Many clients will not have roamed elsewhere by the time
that they experience -73 dBm and, where they do, they frequently may not
hear and be able to demodulate beacon, control or broadcast/multicast
data frames causing connectivity issues.

There is a myth that disabling lower basic/mandatory data rates will
improve roaming and avoid sticky clients. For 802.11n, 802.11ac and
802.11ax clients this is not correct as clients will shift to and use
lower MCS rates and not to the 802.11b or 802.11g/802.11a rates that are
able to be used as basic/mandatory data rates.

There is a myth that disabling lower basic/mandatory data rates will
ensure that clients only use higher data rates and that better
performance is assured. For 802.11n, 802.11ac and 802.11ax clients this
is not correct as clients will shift around and use MCS rates and not the
802.11b or 802.11g/802.11a rates that able to be used as basic/mandatory
data rates.

Cell Density

0 - Disabled (Default)
Setting cell_density to 0 does not configure data rates. This is the
default.

1 - Normal Cell Density
Setting cell_density to 1 configures the basic/mandatory rates to 6, 12
and 24 Mb/s OFDM rates where legacy_rates is 0. Supported rates lower
than the minimum basic/mandatory rate are not offered.
Setting cell_density to 1 configures the basic/mandatory rates to the 5.5
and 11 Mb/s DSSS rates where legacy_rates is 1. Supported rates lower
than the minimum basic/mandatory rate are not offered.

2 - High Cell Density
Setting the cell_density to 2 configures the basic/mandatory rates to the
12 and 24 Mb/s OFDM rates where legacy_rates is 0. Supported rates lower
than the minimum basic/mandatory rate are not offered.
Setting the cell_density to 2 configures the basic/mandatory rates to the
11 Mb/s DSSS rate where legacy_rates is 1. Supported rates lower than the
minimum basic/mandatory rate are not offered.

3 - Very High Cell Density
Setting the cell_density to 3 configures the basic/mandatory rates to the
24 Mb/s OFDM rate where legacy_rates is 0. Supported rates lower than the
minimum basic/mandatory rate are not offered.
Setting the cell_density to 3 only has effect where legacy_rates is 0,
else this has the same effect as being configured with a cell_density of 2.

Where specified, the basic_rate and supported_rates options continue to
override both the cell_density and legacy_rates options.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2020-11-30 09:31:15 +01:00
Huangbin Zhan
451c1eb8c2 base-files: fix alias more to properly detect /usr/bin/more
Package more is installed to /usr/bin rather than /bin.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-11-28 15:12:36 -10:00
Álvaro Fernández Rojas
61e381d322 ath10k-firmware: remove unused package
All firmwares were added to linux-firmware, so there's no need to keep this
package definitions.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-28 18:19:37 +01:00
Álvaro Fernández Rojas
655091ec45 ath10k-ct-firmware: switch to linux-firmware board binaries
Instead of duplicating board firmware binaries, which are exactly the same
as the ones from linux-firmware, add dependencies and remove duplicated
downloads.

Runtime-tested on ath79 (TP-Link Archer C7 v2) and ipq806x (Netgear R7800).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-28 18:19:37 +01:00
Álvaro Fernández Rojas
c3b2efaf24 linux-firmware: ath10k: add board firmware packages
Split ath10k firmwares into board and firmware packages.
This way we can add dependencies to ath10k-ct firmware packages.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-28 18:19:37 +01:00
Rosen Penev
c7778acf10 libnetfilter-cthelper: remove
conntrack was moved to packages where this is used. This will be moved
there as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-28 14:24:25 +01:00
Rosen Penev
6d242414e4 libnetfilter-cttimeout: remove
conntrack was moved to packages where this is used. This will be moved
there as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-28 14:24:25 +01:00
Rosen Penev
f06aface3c libnetfilter-log: remove
ulogd in the packages feed is the only user of this. It will be moved
there.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-28 14:24:25 +01:00
Rosen Penev
530965dfb4 libnetfilter-queue: remove
Nothing in base uses this. This will be moved to packages where it is
used.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-28 14:24:25 +01:00
Petr Štetiar
e5ba6e9c28 kernel: sfc,sfc-falcon: fix kernel config symbols
I've just noticed on i.mx6 target, that there are missing kernel symbols
so I'm fixing it.

Fixes: 3c5d70ad26 ("kernel: add module support Solarflare network adapter")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-11-27 14:46:13 +01:00
Rosen Penev
9762cf107b libroxml: remove
This will be moved to the packages feed as nothing here uses it.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-27 00:58:48 -10:00
Imran Khan
9c2eceef90 base-files: merge /etc/passwd on rw-rootfs
Support installations without root-overlayfs (and hence without /rom)
when migrating user accounts.

Signed-off-by: Imran Khan <gururug@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[simplified patch, bumped PKG_RELEASE, cleaned message]
2020-11-27 09:59:14 +00:00
Daniel Golle
64cbfd1f54 umdns: update seccomp filter rules
Add 'writev' syscall to list of allowed syscalls.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-27 01:23:43 +00:00
Daniel Golle
8cf0ac3f1f procd: update to git HEAD
3019f50 jail: leak less memory
 7e01453 jail: fix segfault on missing name and refactor
 5abee8f jail: fix and simplify userns uid/gid maps from OCI
 4ba72ec jail: relax /etc/resolv.conf creation
 db5ef86 jail: don't use NULL arguments for mount syscall
 19ac9df jail: don't fail if can't mount-bind /etc/resolv.conf
 acf36f2 jail: seteuid before clone(CLONE_NEWUSER)
 e40828f jail: fix typo in usage output
 b87984b jail: don't attempt to mount /sys with noatime
 b275b11 jail: enter existing cgroups namespace if given
 31e0a46 jail: properly initialize timens_fd

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-27 01:23:43 +00:00
Rosen Penev
8a87ab43d1 libiconv-full: Makefile polishing
Added PKG_INSTALL to avoid using an explicit define Build/Compile

Added PKG_BUILD_PARALLEL for faster compilation.

Removed TARGET_CLAFGS. They are no longer necessary.
fPIC is default now. So is gnu99. -DUSE_DOS is a hack to include old
and mostly unused conversions.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-26 13:09:32 -10:00
Josef Schlehofer
75063b941b libiconv-full: update to version 1.16
- Removed following patches:
100-strip_charsets.patch - makes the full variant slim.
101-autotools.patch - this one fails to apply because it was backported
from newer versions for 1.11.1.
103-configure_ac_fix.patch - backported from newer versions
200-work-with-libtool2.patch - is not needed anymore, it is done
differently in upstream
300-fortify-source-compat.patch - these files are not there anymore

- TVHeadend requires working iconv library e.g. transliteration to ASCII
and this does not work with libiconv-full currently.

There is a simple test, which requires to install iconv package.

Before applying this update:
root@turris:/# echo ŽluťoučkýKůň | iconv -t ASCII//TRANSLIT//IGNORE
luoukK

After applying this update:
root@turris:~# echo ŽluťoučkýKůň | iconv -t ASCII//TRANSLIT//IGNORE
Zlutouck'yKun

- Makefile changes:
Use HTTPS for their website
Fixed deprecated SPDX License Identifier
Move PKG_MAINTAINER above PKG_LICENSE

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Tested-by: Rosen Penev <rosenp@gmail.com> [malta]
2020-11-26 13:09:24 -10:00
Kevin Darbyshire-Bryant
6429307a3d nettle: fix build on macos xcode 12
compiler warns that exit() isn't defined so checks for build system
compiler fail.

include <stdlib.h> to define exit()

Tested under macos Catalina & Big Sur

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-11-26 17:37:42 +00:00
Paul Spooren
66732c5cd9 opkg: cleanup man pages and md5 fixup
66f458d fix md5sum calculation
02eaf9c man: remove obsolete manual pages

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-25 14:46:46 -10:00
Stijn Tintel
26c26e11a2 hostapd: fix "sh: out of range" errors
Several variables in hostapd.sh can be used uninitialized in numerical
comparisons, causing errors in logread:

netifd: radio24 (1668): sh: out of range

Set defaults for those variables to silence those errors.

Fixes: b518f07d4b ("hostapd: remove ieee80211v option")
Fixes: cc80cf53c5 ("hostapd: add FTM responder support")
Fixes: e66bd0eb04 ("hostapd: make rrm report independent of ieee80211k setting")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-11-26 02:25:23 +02:00
Stijn Tintel
c5ea37af7e lldpd: bump to 1.0.7
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-11-26 00:25:25 +02:00
Stijn Tintel
864a76d237 ath10k-ct: switch to driver version 5.8
Since we are using mac80211 5.8, let's also switch the ath10k-ct driver
to the new 5.8 version.

Modify patches so they patch the new ath10k-ct driver version.
Adapt 164-ath10k-commit-rates-from-mac80211.patch.
Drop upstreamed 205-ath10k-Add-NL80211_EXT_FEATURE_AQL-flag.patch.

Drop the other options for CT_KVER from the comment, as it is incorrect
and there are too many versions to sum up and maintain there.

Runtime-tested on ath79 (D-Link DAP-2695-A1, TP-Link EAP245-v3).

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-11-26 00:17:47 +02:00
Ataberk Özen
4287f73989 ramips: add support for Xiaomi Mi Router 4C
This commit adds support for Xiaomi's Mi Router 4C device.

Specifications:

- CPU: MediaTek MT7628AN (580MHz)
- Flash: 16MB
- RAM: 64MB DDR2
- 2.4 GHz: IEEE 802.11b/g/n with Integrated LNA and PA
- Antennas: 4x external single band antennas
- WAN: 1x 10/100M
- LAN: 2x 10/100M
- LEDs: 2x yellow/blue. Programmable (labelled as power on case)
                      - Non-programmable (shows WAN activity)
- Button: Reset

How to install:

1- Use OpenWRTInvasion to gain telnet and ftp access.
2- Push openwrt firmware to /tmp/ using ftp.
3- Connect to router using telnet. (IP: 192.168.31.1 -
   Username: root - No password)
4- Use command "mtd -r write /tmp/firmware.bin OS1" to flash into
   the router..
5- It takes around 2 minutes. After that router will restart itself
   to OpenWrt.

Signed-off-by: Ataberk Özen <ataberkozen123@gmail.com>
[wrap commit message, bump PKG_RELEASE for uboot-envtools, remove
dts-v1 from DTS, fix LED labels]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-25 19:34:13 +01:00
Lukas Tribus
1b493aabb9 busybox: enable find -mmin support by default
Enable busybox's find -mmin time support, which is extremely small,
however also very useful in scripts:

72d1a2357d

Comparing package sizes...
Change 	Local	Remote 	Package
+7	229009	229002	busybox

Signed-off-by: Lukas Tribus <lukas@ltri.eu>
[fix commit message long line and missing size change]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-25 08:13:14 -10:00
Rosen Penev
b9246bbdc9 base-files: functions.sh: replace [^...] with [!...] in case
Strictly speaking, ash does not support it.

From https://wiki.ubuntu.com/DashAsBinSh#A.5B.5E.5D

Not to be confused by sed's and other program's regular expression
syntax. Uses of [^...] in case (parameter/word expansion in general) need
to be replaced with [!...].

Found with shellcheck: https://github.com/koalaman/shellcheck/wiki/SC2169

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[minor commit title/message adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-25 17:22:39 +01:00
Michael Pratt
b31aaa0580 ath79: add support for Senao Engenius EAP300 v2
FCC ID: A8J-EAP300A

Engenius EAP300 v2 is an indoor wireless access point with a
100/10-BaseT ethernet port, 2.4 GHz wireless, internal antennas,
and 802.3af PoE.

**Specification:**

  - AR9341
  - 40 MHz reference clock
  - 16 MB FLASH			MX25L12845EMI-10G
  - 64 MB RAM
  - UART at J1			(populated)
  - Ethernet port with POE
  - internal antennas
  - 3 LEDs, 1 button		(power, eth, wlan) (reset)

**MAC addresses:**

  phy0  *:d3   art 0x1002 (label)
  eth0  *:d4   art 0x0/0x6

**Installation:**

  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

  OEM webpage at 192.168.1.1
  username and password "admin"
  Navigate to "Firmware" page from left pane
  Click Browse and select the factory.bin image
  Upload and verify checksum
  Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

  After connecting to serial console and rebooting...
  Interrupt uboot with any key pressed rapidly
  execute `run failsafe_boot` OR `bootm 0x9fdf0000`
  wait a minute
  connect to ethernet and navigate to
  "192.168.1.1/index.htm"
  Select the factory.bin image and upload
  wait about 3 minutes

**Return to OEM:**

  If you have a serial cable, see Serial Failsafe instructions

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, can cause kernel loop or halt

  The easiest way to return to the OEM software is the Failsafe image
  If you dont have a serial cable, you can ssh into openwrt and run

  `mtd -r erase fakeroot`

  Wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

**TFTP recovery** (unstable / not reliable):

  rename initramfs to 'vmlinux-art-ramdisk'
  make available on TFTP server at 192.168.1.101
  power board while holding or pressing reset button repeatedly

  NOTE: for some Engenius boards TFTP is not reliable
  try setting MTU to 600 and try many times

**Format of OEM firmware image:**

  The OEM software of EAP300 v2 is a heavily modified version
  of Openwrt Kamikaze. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names
  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  The OEM upgrade script is at /etc/fwupgrade.sh.

  OKLI kernel loader is required because the OEM software
  expects the kernel size to be no greater than 1536k
  and otherwise the factory.bin upgrade procedure would
  overwrite part of the kernel when writing rootfs.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
[clarify MAC address section, bump PKG_RELEASE for uboot-envtools]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-25 13:23:06 +01:00
Rosen Penev
a058349ff9 libusb-compat: remove
No package in base relies on this library. This library will be moved
to packages where it is needed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-25 13:23:06 +01:00
Álvaro Fernández Rojas
2418657104 linux-firmware: brcm: use RPI 4B NVRAM file
Use the dedicated RPI 4B NVRAM file introduced in 20191215.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-25 10:46:15 +01:00
Álvaro Fernández Rojas
3c0059773c cypress-nvram: add proper package conflicts
There are linux firmware packages for all RPIs NVRAMs.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-25 10:30:44 +01:00
Álvaro Fernández Rojas
3678778445 cypress-firmware: add proper package conflicts
There are linux firmwares packages for 43362, 43430 and 43455 which shouldn't
be installed at the same time as Cypress firmwares.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-25 10:30:44 +01:00
Karel Kočí
bbe302d2b6 ath10k-ct-firmware: add conflicts and better provides
This expands packages to define not only provides but also conflicts.
These packages provides same files so they should specify conflicts.

Second expansion is that *-ct-htt and *-ct-full-htt firmwares can also
provide *-ct variant as that allows explicit dependency on CT variant
with various firmware modifications.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
[Bump PKG_RELEASE and format PROVIDES/CONFLICTS]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-25 10:30:44 +01:00
Rosen Penev
ee1150e362 exfat: update to 5.10.1
Remove tar hacks and use PKG_BUILD_DIR.

Added missing URL.

Changelog:

d5eb2e1 exfat: remove useless check in exfat_move_file()
8cb2bc3 exfat: use i_blocksize() to get blocksize
4cd0435 exfat: fix misspellings using codespell tool
485d677 exfat: fix use of uninitialized spinlock on error path
03b3db6 exfat: remove 'rwoffset' in exfat_inode_info
90797eb exfat: replace memcpy with structure assignment
d144149 exfat: remove useless directory scan in exfat_add_entry()
fc67230 exfat: eliminate dead code in exfat_find()
7c25c64 exfat: fix pointer error checking
bfea1fb exfat: retain 'VolumeFlags' properly

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-24 23:14:40 -10:00
Paul Spooren
7c114f33dd opkg: purge package from cache on hash mismatch
61b3c62 opkg_verify_integrity: better logging and error conditions
f73d42f download: purge cached packages that have incorrect checksum
1c1480e download: factor out the logic for building cache filenames
293b1ce libopkg: factor out checksum and size verification
a786e25 download: remove compatibility with old cache naming scheme

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-24 22:06:37 -10:00
Jan Pavlinec
5bb3cc749e tcpdump: patch CVE-2020-8037
This PR backports upstream fix for CVE-2020-8037.  This fix is only
relevant for tcpdump package, tcpdump-mini is not affeted by this issue.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-11-25 05:49:09 +01:00
Álvaro Fernández Rojas
89854d3834 ath10k-ct: update to latest version
1d28d17 ath10k-ct: Fix RSSI reporting for wave-1 firmware.
0c2949e ath10k-ct: fwcfg allows configuring dma-burst setting.
13319ff ath10k-ct: stable patches, debugfs crashdump, 5.8 driver

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-24 17:43:15 +01:00
Martin Schiller
b4b829fe64 uqmi: set plmn only if necessary
Setting the plmn to '0' (auto) will implicitly lead to a (delayed)
network re-registration, which could further lead to some timing
related issues in the qmi proto handler.

On the other hand, if you switch back from manual plmn selection
to auto mode you have to set it to '0', because this setting is
permanently "saved" in the wwan module.

Conclusion:
If plmn is configured, check if it's already set euqally in the module.
If so, do nothing. Otherwise set it.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-24 15:18:16 +00:00
Tomasz Maciej Nowak
bc64b9c32e treewide: update email address of Tomasz Maciej Nowak
Replace my o2.pl email address.

I'm still available at the old address.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rephrase commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-24 15:39:07 +01:00
Vladimir Vid
c0af4a0ca2 mvebu: add initial support for Globalscale ESPRESSObin-Ultra
This patch adds support for Globalscale ESPRESSObin-Ultra. Device uses
the same Armada-3720 SoC with extended hardware support.

- SoC: Armada-3720
- RAM: 1 GB DDR4
- Flash: 4MB SPI NOR (mx25u3235f) + 8 GB eMMC
- Ethernet: Topaz 6341 88e6341 (4x GB LAN + 1x WAN with 30W PoE)
- WiFI: 2x2 802.11ac Wi-Fi marvell (88w8997 PCIe+USB)
- 1x USB 2.0 port
- 1x USB 3.0 port
- 1x microSD slot
- 1x mini-PCIe slot (USB [with nano-sim slot])
- 1x mini-USB debug UART
- 1x RTC Clock and battery
- 1x reset button
- 1x power button
- 4x LED (RGBY)
- Optional 1x M.2 2280 slot

** Installation **

Copy dtb from build_dir to bin/ and run tftpserver there:
$ cp ./build_dir/target-aarch64_cortex-a53_musl/linux-mvebu_cortexa53/
linux-5.4.65/arch/arm64/boot/dts/marvell/armada-3720-espressobin-ultra.dtb
bin/targets/mvebu/cortexa53/
$ in.tftpd -L -s bin/targets/mvebu/cortexa53/

Connect to the device UART via microUSB port on the back side and power on the device.

Power on the device and hit any key to stop the autoboot.

Set serverip (host IP) and ipaddr (any free IP address on the same subnet), e.g:
$ setenv serverip 192.168.1.10 # Host
$ setenv ipaddr 192.168.1.15 # Device

Ping server to confirm network is working:
$ ping $serverip
Using neta@30000 device
host 192.168.1.15 is alive

Tftpboot the firmware:
$ tftpboot $kernel_addr_r openwrt-mvebu-cortexa53-globalscale_espressobin-ultra-initramfs-kernel.bin
$ tftpboot $fdt_addr_r armada-3720-espressobin-ultra.dtb

Set the console and boot the image:
$ setenv bootargs $console
$ booti $kernel_addr_r - $fdt_addr_r

Once the initramfs is booted, transfer openwrt-mvebu-cortexa53-globalscale_espressobin-ultra-squashfs-sdcard.img.gz
to /tmp dir on the device.

Gunzip and dd the image:
$ gunzip /tmp/openwrt-mvebu-cortexa53-globalscale_espressobin-ultra-squashfs-sdcard.img.gz
$ dd if=/tmp/openwrt-mvebu-cortexa53-globalscale_espressobin-ultra-squashfs-sdcard.img of=/dev/mmcblk0 && sync

Reboot the device.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2020-11-23 22:53:15 +01:00
Leon M. George
651f0c0999 hostapd: fix patch offset
Fixes the offset of the patch added in 93bbd998aa
  ("hostapd: enter DFS state if no available channel is found").

Signed-off-by: Leon M. George <leon@georgemail.eu>
2020-11-23 22:53:15 +01:00
Pawel Dembicki
cdff729b27 layerscape: enable spi-uart in LS1012A-FRDM
This patch add missing support of SC16IS740 serial controller, installed
on LS1012A-FRDM board.

It was required to change RCW bits, because SPI was disabled by default.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-11-23 22:53:15 +01:00
Pawel Dembicki
a1158b3170 kernel: iio: add fxas21002c driver support
This patch adds kernel modules for Freescale FXAS21002C 3-axis gyro driver.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-11-23 22:53:15 +01:00
Pawel Dembicki
65f8d7360c layerscape: make initramfs kernel fit packed
This will make developing process easier, because dtb will be included
into image.
Not need to enable initramfs image by default.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-11-23 22:53:15 +01:00
John Audia
991e6f8ccc linux-firmware: update to 20201118
git log --pretty=oneline --abbrev-commit 20201022..20201118
2ea8667 (tag: 20201118) rtlwifi: v88.2 firmware files for RTL8192CU
e850cf3 Merge https://github.com/rjliao-qca/qca-btfw into main
65370db rtw88: RTL8822C: Update firmware to v9.9.4
e371b7c Revert "rtw88: RTL8822C: Update firmware to v9.9.4"
51d2c81 vpdma: Move firmware to ti directory
d7a24c9 Merge branch 'master' of https://github.com/shahasit/video-linux-firmware into main
9ee1543 Merge branch 'master' of https://github.com/shahasit/bt-linux-firmware into main
3bcc4c1 amdgpu: update picasso VCN firmware
b6b4542 amdgpu: update raven2 VCN firmware
79aa335 amdgpu: update raven VCN firmware
c93834e rtw88: RTL8822C: Update firmware to v9.9.4
3ef6c93 rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099A_281A
b503c96 Merge branch 'ath10k-20201023' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/linux-firmware into main
463fdea QCA: Update Bluetooth firmware for QCA6390
8a46c32 qcom : updated venus firmware files for v5.4
d7793e5 QCA : Fixed BT SSR due to command timeout / IO fatal error
d842d8c ath11k: QCA6390 hw2.0: add to WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1
8fb1a6e ath11k: QCA6390 hw2.0: add board-2.bin
34cb5fc ath11k: IPQ8074 hw2.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2
c0a8efd ath11k: IPQ8074 hw2.0: add board-2.bin
ac7f5e9 ath11k: IPQ6018 hw1.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2
2594e51 ath11k: IPQ6018 hw1.0: add board-2.bin
d8f10d4 ath10k: QCA6174 hw3.0: add firmware-sdio-6.bin version WLAN.RMH.4.4.1-00077
6652297 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00131
36059aa ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00131
1e5629d ath10k: QCA6174 hw3.0: update board-2.bin
e315d1a ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00157-QCARMSWPZ-1

Signed-off-by: John Audia <graysky@archlinux.us>
2020-11-23 22:53:15 +01:00
Felix Fietkau
4799810745 netifd: update to the latest version
213748a9bcd9 system-linux: implement full device present state management for force-external devices
3abe1fc87151 system-linux: add retry for adding member devices to a bridge

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-23 12:52:11 +01:00
Rui Salvaterra
dd4e6a70f2 hostapd: enable the epoll-based event loop
Hostapd supports epoll() since 2014. Let's enable it for better performance.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-11-23 03:02:21 +00:00
Daniel Golle
97ac290090 uhttpd: update to git HEAD
f53a639 ubus: fix uhttpd crash

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-23 02:06:35 +00:00
Daniel Golle
2eb0d711a4 procd: update to git HEAD
d4d78db uxc: also delete procd runtime state on 'delete'
 e935c0c jail: add 'debug' extern variable to preload_seccomp

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-23 00:32:48 +00:00
Daniel Golle
e065c9184c uqmi: update to git HEAD
65796a6 nas: add --get-plmn
 0a19b5b uqmi: add timeout parameter

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 21:58:22 +00:00
Filip Moc
ce293cd3ac uqmi: set device-operating-mode to online
This is required for LTE module MR400 (in TL-MR6400 v4).
Otherwise LTE module won't register to GSM network.

Signed-off-by: Filip Moc <lede@moc6.cz>
2020-11-22 21:14:09 +00:00
Filip Moc
9ebbb55113 uqmi: add support for IPv4 autoconf from QMI
There already was an option for autoconfiguring IPv4 from QMI but this
was removed by commit 3b9b963e6e ("uqmi: always use DHCP for IPv4").

DHCP does not work on MR400 LTE module (in TL-MR6400 v4) so let's readd
support for IPv4 autoconf from QMI but this time allow to configure this
for IPv4 and IPv6 independently and keep DHCP default on IPv4.

Signed-off-by: Filip Moc <lede@moc6.cz>
2020-11-22 21:13:39 +00:00
Thomas Richard
2b3a0cabea uqmi: wait forever registration if timeout set to 0
Give possibility to wait forever the registration by setting timeout
option to 0.

No timeout can be useful if the interface starts whereas no network is
available, because at the end of timeout the interface will be stopped
and never restarted.

Signed-off-by: Thomas Richard <thomas.richard@kontron.com>
2020-11-22 21:13:18 +00:00
Daniel Golle
6e9b707ee2 Revert "refpolicy: add variant that builds modular policy"
This reverts commit 9eb9943f82.
Building the 'modular' variant requires 'semodule_package' from
'selinux-python' to be installed on the buildhost.
Apart from that, this change also broke the monolithic refpolicy
'targeted' build.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 15:20:35 +00:00
Daniel Golle
8262c99fc3 procd: update to git HEAD
04a2edd uxc: make force-delete kill container process
 be6da62 seccomp: silence 'unknown syscall' warnings
 b22e625 jail: cgroup hack: rewrite cgroup -> cgroup2
 df7fa7b uxc: fix incomplete commit

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 03:24:33 +00:00
Felix Fietkau
5242bf7cf7 netifd: update to the latest version
351d690f1a09 wireless: fix passing bridge name for vlan hotplug pass-through
c1c2728946b5 config: initialize bridge and bridge vlans before other devices
5e18d5b9ccb1 interface: do not force link-ext hotplug interfaces to present by default
4544f026bb09 bridge-vlan: add support for defining aliases for vlan ids

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-21 10:24:37 +01:00
John Crispin
8134c542e2 base-files: generated named bridge-vlan sections
Signed-off-by: John Crispin <john@phrozen.org>
2020-11-19 15:38:37 +01:00
Piotr Dymacz
1bce45fc0f uboot-envtools: ath79: add support for ALFA Network Pi-WiFi4
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-11-18 23:49:34 +01:00
Hauke Mehrtens
a8030ea40f valgrind: Update to version 3.16.1
No special changes, just get in sync with recent code.
See here for the changelog:
https://valgrind.org/docs/manual/dist.news.html

The ipkg sizes changes as follows for mips 24kc :
	3.15   : valgrind_3.15.0-2_mips_24kc.ipk 1450680
	3.16.1 : valgrind_3.16.1-1_mips_24kc.ipk 1491954

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-18 19:01:44 +01:00
Hauke Mehrtens
557fe9cd3b strace: Update to version 5.9
No special changes, just get in sync with recent code.
See here for the changelog:
https://github.com/strace/strace/releases/tag/v5.9

The ipkg sizes changes as follows for mips 24kc :
	5.8 : strace_5.8-1_mips_24kc.ipk 271195
	5.9 : strace_5.9-1_mips_24kc.ipk 278352

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-18 19:01:33 +01:00
Hauke Mehrtens
ad0711559d iperf3: Update to version 3.9
No special changes, just get in sync with recent code.
See here for the changelog:
http://software.es.net/iperf/news.html#iperf-3-9-released

The ipkg sizes changes as follows for mips 24kc :
	3.7 : iperf3_3.7-1_mips_24kc.ipk 39675
	3.9 : iperf3_3.9-1_mips_24kc.ipk 41586

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-18 18:59:36 +01:00
Hans Dedecker
7330348f2d ethtool: update to version 5.9
The ipkg sizes changes as follows for mips 24kc :
	5.8 : ethtool_5.8-1_mips_24kc.ipk 34930
	5.9 : ethtool_5.9-1_mips_24kc.ipk 35241

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-17 21:31:23 +01:00
Matthias Schiffer
3f1109bf2a
base-files: fix backwards compatiblity of rc.common EXTRA_COMMANDS
Avoid needlessly breaking old initscripts that set EXTRA_COMMANDS. This
will aid in debugging (as it simplifies reverting to an older version of
a package) and unbreaks third-party feeds (and packages that maintain
their OpenWrt initscripts as part of the software's repo instead of the
OpenWrt feed like fastd).

Without this, initscripts that set EXTRA_COMMANDS become completely
unusable, as all default commands like start/stop cease working.

Fixes: 1a69f50dc6 ("base-files: fix rc.common help alignment")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-11-17 17:57:42 +01:00
David Bauer
21dfdfd78b hostapd: set validity interval for BSS TMRA
This sets the validity interval for the BSS transition candidate
list to the same value as the disassociation timer.

Currently the value is always 0, which is the specification states is a
reserved value. Also, wpa_supplicant and from the looks of it some
Android implementations will outright ignore the candidate list in this
case.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:06:39 +01:00
Dobroslaw Kijowski
edb93eda16 hostapd: add support for static airtime policy configuration
* Add support for passing airtime_sta_weight into hostapd configuration.
* Since that commit it is possible to configure station weights. Set higher
  value for larger airtime share, lower for smaller share.

I have tested this functionality by modyfing /etc/config/wireless to:

config wifi-device 'radio0'
	...
        option airtime_mode '1'

config wifi-iface 'default_radio0'
	...
        list airtime_sta_weight '01:02:03:04:05:06 1024'

Now, when the station associates with the access point it has been assigned
a higher weight value.
root@OpenWrt:~# cat /sys/kernel/debug/ieee80211/phy0/netdev\:wlan0/stations/01\:02\:03\:04\:05\:06/airtime
RX: 12656 us
TX: 10617 us
Weight: 1024
Deficit: VO: -2075 us VI: 256 us BE: -206 us BK: 256 us

[MAC address has been changed into a dummy one.]

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
2020-11-17 17:06:16 +01:00
Dobroslaw Kijowski
03cdeb5f97 hostapd: fix per-BSS airtime configuration
airtime_mode is always parsed as an empty string since it hasn't been
added into hostapd_common_add_device_config function.

Fixes: e289f183 ("hostapd: add support for per-BSS airtime configuration")
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
2020-11-17 17:05:20 +01:00
David Bauer
0ce5f15f9c hostapd: ubus: add get_status method
This adds a new get_status method to a hostapd interface, which
provides information about the current interface status.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:05:06 +01:00
David Bauer
80b531614b hostapd: ubus: add VHT capabilities to client list
This adds parsed VHT capability information to the hostapd
get_clients method.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:04:40 +01:00
David Bauer
cd8052da49 hostapd: ubus: add driver information to client list
This adds information from mac80211 to hostapd get_client ubus function.
This way, TX as well as RX status information as well as the signal can
be determined.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:04:33 +01:00
David Bauer
7463a0b5ee hostapd: fix variable shadowing
Fixes commit 838b412cb5 ("hostapd: add interworking support")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:04:22 +01:00
Daniel Golle
01b83040d3 umdns: convert seccomp filter rules to OCI format
procd-seccomp switched to OCI-compliant seccomp parser instead of our
(legacy, OpenWrt-specific) format. Convert ruleset to new format.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-17 13:12:37 +00:00
Daniel Golle
62a3430f9b procd: drop legacy seccomp support, switch to OCI parsers
d8f36f5 seccomp: specifying architectures is optional
 d352e6e seccomp: switch to new OCI compliant parser
 c110405 trace: switch to OCI seccomp JSON output

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-17 13:12:37 +00:00
Alberto Bursi
a4d52522c7 wireguard-tools: fix category/description in menuconfig
wireguard-tools is trying to import the menuconfig section
from the wireguard package, but since it's not anymore in
the same makefile this seems to fail and wireguard-tools
ends up in "extra packages" category instead with other
odds and ends.

Same for the description, it's trying to import it from the
wireguard package but it fails so it only shows the line
written in this makefile.

remove the broken imports and add manually the entries
and description they were supposed to load

Fixes: ea980fb9c6 ("wireguard: bump to 20191226")

Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
[fix trailing whitespaces, add Fixes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-17 13:03:16 +01:00
DENG Qingfang
03d178727a kernel: remove mvsw61xx swconfig driver
All targets that used mvsw61xx have switched to upstream mv88e6xxx DSA
driver, so it can be removed.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-11-16 13:55:05 +01:00
Hans Dedecker
0f7a3288e1 odhcpd: update to latest git HEAD
fb55e80 dhcpv6-ia : write statefile atomically

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-15 18:48:33 +01:00
Hans Dedecker
aaf3443e1a dropbear: update to 2.81
Update dropbear to latest stable 2.81; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES

Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-15 18:23:47 +01:00
Rui Salvaterra
c63908afd2 wireguard-tools: drop the dependency on ip-{tiny,full}
BusyBox ip already provides the required functionality and is enabled by default
in OpenWrt. This patch drops the ip dependency and makes the BusyBox ip required
dependencies explicit, allowing for a significant image size reduction.

openwrt-ath79-generic-ubnt_nanostation-loco-m-squashfs-sysupgrade.bin size:
4588354 bytes (with ip-tiny)
4457282 bytes (with BusyBox ip)

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-11-14 17:46:35 +01:00
Felix Fietkau
5752ccb60f libjson-c: enable rpath for host builds to fix errors on recent macOS
Same approach as on libubox

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-14 14:48:30 +01:00
Hans Dedecker
ee8ef9b10b iproute2: update to 5.9
Update iproute2 to latest stable 5.9; for the changes see https://lwn.net/Articles/834755/

Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Hauke Mehrtens <hauke@huake-m.de>
2020-11-14 09:24:48 +01:00
Felix Fietkau
bc91ce3a70 kernel: remove kmod-capi
We don't package any driver that uses this module

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-13 13:16:25 +01:00
Felix Fietkau
c4600e6261 netifd: update to the latest version
4a41135750d9 system-linux: only overwrite dev->present state on check_state for simple devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-13 12:49:27 +01:00
Brett Mastbergen
e800ecfa3d libnetfilter-log: Backport kernel header syncs
Backport upstream commits that sync the local kernel header
copies in this library, with up to date copies.  These updated
headers ensure that libnetfilter-log users can use current
kernel functionality such as requesting that conntrack
information be appended to nflog events sent to userspace via
the NFULNL_CFG_F_CONNTRACK flag.  This functionality has been
available since kernel version 4.4

Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
2020-11-12 18:21:55 +01:00
Roman Kuzmitskii
02e8182d87 sunxi: add support for Libre Computer ALL-H3-CC H5
Specification:

- CPU: Allwinner H5, Quad-core Cortex-A53 Up to 1GHz
- DDR3 RAM: 2GB
- Network:
    10/100M Ethernet x 1
- IR: x1 (Receive)
- USB (Host) Type-A x3
- USB (OTG) Type-A x1
- MicroSD Slot x 1
- eMMC Slot x1
- MicroUSB power input
- GPIO 40pin header
- UART 3pin header
- Leds:
    - librecomputer:blue:status
    - librecomputer:green:pwr
- Buttons:
    - uboot button (used to enter fel mode)
    - power button (can trigger power on)
- Power Supply via MicroUSB or GPIO 5V/2A

Installation:

- Write the image to SD Card with dd
- Boot from the SD Card

Signed-off-by: Roman Kuzmitskii <damex.pp@icloud.com>
[Fixed Signed-off-by]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-11-12 18:21:17 +01:00
Tan Zien
3c5d70ad26 kernel: add module support Solarflare network adapter
According to Solarflare user guide
it is recommended to install lm-sensors and
use the following command to obtain adapter health info

$ sensors | grep sfc
sfc pci 0400
sfc pci 0401

$ sensors sfc pci 0400
sfc pci 0400
Adapter: PCI adapter
1.2V supply:                        N/A
3.3V supply:                    +3.22 V  (min =  +3.00 V, max =  +3.60 V)
12.0V supply:                  +12.14 V  (min = +11.04 V, max = +12.96 V)
0.9V supply (ext. ADC):         +1.03 V  (min =  +0.50 V, max =  +1.10 V)
                                         (crit max =  +1.15 V)
0.9V phase A supply:                N/A
PHY overcurrent:                    N/A
ERROR: Can't get value of subfeature temp1_alarm: Can't read
PHY temp.:                          N/A
AOE FPGA temp.:                 +68.0°C  (low  =  +0.0°C, high = +95.0°C)
                                         (crit = +105.0°C)
Ambient temp.:                  +56.0°C  (low  =  +0.0°C, high = +75.0°C)
                                         (crit = +85.0°C)
Controller die (TDIODE) temp.:  +77.0°C  (low  =  +0.0°C, high = +95.0°C)
                                         (crit = +105.0°C)
Board front temp.:              +59.0°C  (low  =  +0.0°C, high = +75.0°C)
                                         (crit = +85.0°C)
Board back temp.:               +62.0°C  (low  =  +0.0°C, high = +75.0°C)
                                         (crit = +85.0°C)
1.2V supply current:                N/A
0.9V phase A supply current:        N/A
3.3V supply current:                N/A
12V supply current:                 N/A

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-11-12 18:19:44 +01:00
Brett Mastbergen
df8e4906f7 netfilter: Add queue support for nftables
This change adds the configuration option to build and include
the nft_queue kernel module, which allows traffic to be queued up
to userspace from an nftables rule

Tested-by: Sébastien Delafond sdelafond@gmail.com
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
2020-11-12 18:19:44 +01:00
Huangbin Zhan
86917e4979 rpcd: remove file when applied
Make sure exit value of this script is zero. Or the file won't be deleted.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-11-12 18:19:44 +01:00
Jianhui Zhao
8d7a6d48eb ca-certificates: canonical the build dir
The previous build directory "build_dir/target-xx/work/"
contaminated the entire build directory.

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
2020-11-12 18:19:44 +01:00
Bruno Randolf
7185c5ec7d busybox: Let procd respawn cron
On some systems I see the issue that crond dies after a few days.
Simply letting procd respawn the process is a simple safety-net.

Signed-off-by: Bruno Randolf <br1@einfach.org>
2020-11-12 18:19:44 +01:00
Antonis Kanouras
cb8c94f516 uboot-envtools: support Xiaomi Mi Router 3G v2/4A Gigabit
Add support for the following devices:

- Xiaomi Mi Wi-Fi Router 3G v2
- Xiaomi Mi Router 4A Gigabit Edition

Signed-off-by: Antonis Kanouras <antonis@metadosis.eu>
[add explicit case for 4A, bump PKG_RELEASE,
improve commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-12 17:18:26 +01:00
Yangbo Lu
01aa24f985 layerscape: make restool depend on TARGET_layerscape_armv8_64b
The restool is for Layerscape DPAA2 platforms which are
ARMv8 platforms.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-11-12 17:18:26 +01:00
Jason A. Donenfeld
a0df35e89c wireguard: bump to 1.0.20201112
* noise: take lock when removing handshake entry from table

This is a defense in depth patch backported from upstream to account for any
future issues with list node lifecycles.

* netns: check that route_me_harder packets use the right sk

A test for an issue that goes back to before Linux's git history began. I've
fixed this upstream, but it doesn't look possible to put it into the compat
layer, as it's a core networking problem. But we still test for it in the
netns test and warn on broken kernels.

* qemu: drop build support for rhel 8.2

We now test 8.3+.

* compat: SYM_FUNC_{START,END} were backported to 5.4
* qemu: bump default testing version

The real motivation for this version bump: 5.4.76 made a change that broke our
compat layer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-12 13:28:38 +01:00
Felix Fietkau
128ef379ae libnl-tiny: update to the latest version
2584ebc642b2 libnl-tiny: install pkgconfig file
c291088f631d unl: add support for connecting to rtnl

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:26:03 +01:00
Felix Fietkau
0bb5d39b7a mac80211: add minstrel fixes that fix mt76 issues in legacy mode
Remove deferred sampling code which does not work well with rate tables +
probing.
Fix tx status handling if the first invalid rate idx is not set to -1

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:24:42 +01:00
Felix Fietkau
bf3158b620 mac80211: backport the new tasklet API
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:24:42 +01:00
Felix Fietkau
a0be58576c netifd: update to the latest version
3023b0cc7352 bridge: add support for defining port member vlans via hotplug ops
a3016c451248 vlan: add pass-through hotplug ops that pass the VLAN info to the bridge
d59f3ddcbaf0 vlandev: add pass-through hotplug ops that pass the VLAN info to the bridge
dd5e61153636 bridge: show vlans in device status
a56e14afa612 bridge: preserve hotplug ports on vlan update if config is unchanged
d1e8884f8911 bridge: fix use-after-free bug on bridge member free
3a2b21001c3c system-dummy: set present state only for simple devices
ed11f0c0ffe4 bridge: only overwrite implicit vlan assignment if vlans are configured

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:24:42 +01:00
Aleksandr Mezin
acb336235c dnsmasq: 'ipset' config sections
Allow configuring ipsets with dedicated config sections:

    config ipset
        list name 'ss_rules_dst_forward'
        list name 'ss_rules6_dst_forward'
        list domain 't.me'
        list domain 'telegram.org'

instead of current, rather inconvenient syntax:

    config dnsmasq
        ...
        list ipset '/t.me/telegram.org/ss_rules_dst_forward,ss_rules6_dst_forward'

Current syntax will still continue to work though.

With this change, a LuCI GUI for DNS ipsets should be easy to implement.

Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-11-11 20:47:34 +01:00
Yousong Zhou
600bcaf9c9 base-files: bump PKG_RELEASE
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
00fb51f97e base-files: upgrade: stage2: use v for log lines
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
128bb4e8d3 base-files: upgrade: fwtool.sh: rewording logs
The intent is to make it sound more like info level message, not some
error like "404 not found".  x86 target at the moment makes image with
only signature but no metadata (ref commit f8141216 "x86: append
metadata to combined images").

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Reviewed-By: Philip Prindeville <philipp@redfish-solutions.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
856b288d27 base-files: upgrade: fwtool.sh: use v for log lines
This will have at least the following effects

 - Log lines will have common prefix
 - They will be output to stderr instead of stdout

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
50b870ee3c base-files: upgrade: add get_image_dd()
This is mainly to handle stderr message "Broken pipe", "F+P records
in/out" by common pattern "xcat | dd .."

Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3140
Reported-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Reviewed-By: Philip Prindeville <philipp@redfish-solutions.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
bd21e4a936 base-files: upgrade: use stdin redirection to replace cat command
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
7863c33cea base-files: upgrade: add vn and variants
To be used with in the following pattern

  vn "Remaining: "
  for p in $xx; do
    _vn "$p"
  done
  _v

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
826bb13742 base-files: upgrade: log with date prefix
And log to stderr

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Jan Pavlinec
a86c0d97b5 dnsmasq: explictly set ednspacket_max value
This is related to DNS Flag Day 2020. It sets default
ends buffer size value to 1232.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-11-09 20:44:46 +01:00
W. Michael Petullo
9eb9943f82 refpolicy: add variant that builds modular policy
This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-11-09 13:06:19 +00:00
Paul Spooren
753309c7dd uhttpd: use P-256 for certs
The uhttpd package takes care of creating self-signed certificates if
px5g is installed. This improves the security of router management as it
encrypts the LuCI connection.

The EC P-256 curve is faster than RSA which which improves the user
experience on embedded devices. EC P-256 is support for as old devices
as Android 4.4.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-09 10:54:29 +00:00
Rui Salvaterra
682843adad hostapd: add a hostapd-basic-wolfssl variant
If only AP mode is needed, this is currently the most space-efficient way to
provide support for WPA{2,3}-PSK, 802.11w and 802.11r.

openwrt-ath79-generic-ubnt_nanostation-loco-m-squashfs-sysupgrade.bin sizes:

4719426 bytes (with wpad-basic-wolfssl)
4457282 bytes (with hostapd-basic-wolfssl)

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-11-08 20:25:59 +00:00
Daniel Golle
9867d08e07 procd: bump to git HEAD
b0de894 jail: fix capabilities

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-07 06:03:49 +00:00
Daniel Golle
c8a81ada58 procd: bump to git HEAD
2f381fe jail: guard boolean blobmsg attributes
 602b8fa jail: add option for pidfile
 bba6de7 jail: handle mount propagation flags
 6963d50 jail: relax seccomp unknown syscall handling
 e1fcfdc jail: add support for absolute root path in OCI spec
 257f29b jail: don't fail if maskedPath cannot be found
 75f2374 uxc: mimic runc cmdline by using getopt_long

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-05 02:17:25 +00:00
Daniel Golle
4a976beff4 gdb: fix building with NLS enabled
Building gdb failed with CONFIG_BUILD_NLS enabled. Use nls.mk and
add the necessary dependencies for libintl and libiconv.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-05 00:55:37 +00:00
Rafał Dzięgiel
ed2491ba67 mac80211: ath9k: enable OEM cards support on x86
A lot of devices running OpenWrt x86 arch (32 or 64 bit) are either
"home-made routers" or devices that use PC class OEM components.

This commit enables OEM cards support on those devices by default.

Signed-off-by: Rafał Dzięgiel <rafostar.github@gmail.com>
[reformat commit message]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-04 23:58:50 +01:00
John Crispin
229623e310 mediatek: update uboot to latest patchset provided by MTK
MTK sent us their latest version of the staging uboot. Lets merge the patches.

Signed-off-by: John Crispin <john@phrozen.org>
2020-11-04 20:32:52 +01:00
John Crispin
be09c5a3cd base-files: add board.d support for bridge device
Latest netifd allows us to setup network bridges with implicit vlan
tagging. For this to work, we need to setup several additional uci
sections. This feature is particularly usefull for DSA tupe devices.
Add board.d and uci-defaults support for generating the sections.

Signed-off-by: John Crispin <john@phrozen.org>
2020-11-04 07:36:49 +01:00
Daniel Golle
08d90a75f9 opkg: clean up and fix performance regression
da9746a libopkg: clean up handling of unresolved dependencies

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-03 04:43:19 +00:00
Daniel Golle
f5c5a8abd2 opkg: fix yet another dependency resolution bug
The previous fix of a fix caused yet another problem leading to
`opkg show-upgradable` ending up in an infinite loop.
Fix that.

Fixes: 4a2b1ff7fb ("opkg: fix dependency resolution")
Reported-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-02 23:31:50 +00:00
Daniel Golle
4a2b1ff7fb opkg: fix dependency resolution
The previous commit broke opkg in a way that it would no longer
include dependencies when installing a package, effectively leading
to broken images and unusable systems.
Fix that by making sure dependencies are still going to be checked.
Also reduce size of struct abstract_pkg as suggested by @jow- while at
it.

Fixes: 1445d333aa ("opkg: bump to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-02 20:51:30 +00:00
Florian Eckert
0232bf601d zram-swap: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
42675aa30c dropbear: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
ba9b8da466 ltq-vdsl-app: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
00e87255f2 ltq-adsl-app: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
1a69f50dc6 base-files: fix rc.common help alignment
This commit introduces a new function `extra_command` to better format
the help text without having to calculate the indentation in every startup
script that wants to add a new command. So far it looks weird and is not
formatted correctly on some startup scripts.

After using the new `extra_command` wrapper the alignement looks correctly.

And if the indentation is not sufficient in the future, this can be
changed in the function extra_command at a central location.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
John Audia
e48aac89a2 linux-firmware: update to 20201022
git log --pretty=oneline --abbrev-commit 20200918..20201022
dae4b4c (HEAD -> main, tag: 20201022, origin/master, origin/main, origin/HEAD) Merge branch 'v1.1.5' of https://github.com/irui-wang/linux_fw_vpu_v1.1.5 into main
04f71fe cypress: add Cypress firmware and clm_blob files
4d0755b Merge https://github.com/shahasit/bt-linux-firmware into main
2a262bb Merge https://github.com/shahasit/video-linux-firmware into main
c024640 Merge tag 'iwlwifi-fw-2020-10-14' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware into main
09e8cff rtl_bt: Update RTL8821C BT FW to 0xAA6C_A99E
d7904d5 ath10k: add SDIO firmware for QCA9377 WiFi
ecdc272 Merge branch 'dg1_dmc_v2_02' of git://anongit.freedesktop.org/drm/drm-firmware into main
c86361d ice: update package file to 1.3.16.0
76ceac8 mediatek: separate venc service thread
8877322 QCA : Updated firmware file for WCN3991
4f41e9d iwlwifi: update and add new FWs from core56-54 release
346057d iwlwifi: update 3168, 7265D, 8000C and 8265 firmwares
a140ef3 i915: Add DG1 DMC v2.02
a09b728 qcom : updated venus firmware files for v5.4
58d41d0 ice: Add comms package file for Intel E800 series driver
c1bef9e copy-firmware: Always write Link: entries
b95e230 Merge commit 'ad1da95d52f1a9206da3ef52f3484f3b89ec6615' of https://github.com/shahasit/linux-firmware-bt into main
0b884ec amdgpu: update vega20 firmware for 20.40
bca0233 amdgpu: update vega12 firmware for 20.40
8652e02 amdgpu: update vega10 firmware for 20.40
9f46d48 amdgpu: update renoir firmware for 20.40
e667605 amdgpu: update raven2 firmware for 20.40
a487f2f amdgpu: update raven firmware for 20.40
aa7b732 amdgpu: update picasso firmware for 20.40
a18981e amdgpu: update navi14 firmware for 20.40
1696e2e amdgpu: update navi12 firmware for 20.40
6b8a6ea amdgpu: update navi10 firmware for 20.40
5b30b38 linux-firmware: Add new VPDMA firmware 1b8.bin
ad1da95 QCA : Updated firmware files for WCN3991
b78a66c linux-firmware: Update firmware for Cadence MHDP8546 DP bridge
afbfb5f linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D1)
a38b8ed Mellanox: Add new mlxsw_spectrum firmware xx.2008.1312
1487a8a linux-firmware: nvidia: move firmware symlinks to WHENCE
bdd5617 linux-firmware: move i915 firmware symlinks to WHENCE
ab69b57 linux-firmware: move iwlwifi-7265D-10.ucode symlink to WHENCE
49c4ff5 Merge branch 'mrvl-prestera' of https://github.com/PLVision/linux-firmware into main
7a02212 linux-firmware: Update Marvell Switchdev firmware with ABI changes

Signed-off-by: John Audia <graysky@archlinux.us>
2020-11-01 20:54:37 +01:00
Hauke Mehrtens
ffee6bb471 gdb: Disable tests
We do not use the tests or ubsan in our gdb package.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-01 20:54:37 +01:00
Hauke Mehrtens
8698a727dd gdb: Always use system zlib
Instead of using the system zlib when the package is selected and using
the internal zlib if it is not selected in OpenWrt, just activate it
always. This should make the package more deterministic.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-01 20:54:37 +01:00
Hauke Mehrtens
f1f0ed869a gdb: Update to version 10.1
gdb 10.1 adds many new features for example gdbserver support for
  - ARC GNU/Linux
  - RISC-V GNU/Linux

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-01 20:54:37 +01:00
Hans Dedecker
cafa3dc7c7 odhcpd: fix compile problem on 64-bit systems
735c783 dhcpv6: fix size_t fields in syslog format

Fixes 5cdc65f6d1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-01 20:44:54 +01:00
Hans Dedecker
5cdc65f6d1 odhcpd: update to latest git HEAD
5700919 dhcpv6: add explicit dhcpv4o6 server address
e4f4e62 dhcpv6: add DHCPv4-over-DHCPv6 support
aff290b dhcpv6: check message type
2677fa1 router: fix advertisement interval option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-10-31 21:27:47 +01:00
Rui Salvaterra
f8c88a8775 hostapd: enable OWE for the basic-{openssl, wolfssl} variants
Opportunistic Wireless Encryption is needed to create/access encrypted networks
which don't require authentication.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-10-31 13:02:28 +00:00
Daniel Golle
237f708b3c libselinux: remove dependency on musl-fts for non-musl builds
Suggested-by: Curtis Deptuck <curtdept@users.noreply.github.com>
Tested-by: Curtis Deptuck <curtdept@users.noreply.github.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-31 00:49:43 +00:00
Adrian Schmutzler
ac5671f46c kernel: remove obsolete kernel version switches for 4.19
This removes switches dependent on kernel version 4.19 as well as
several packages/modules selected only for that version.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-30 19:44:41 +01:00
Daniel Golle
499924adf0 Revert "kmod-nft-reject: Fix for "nft_reject_ipv4.ko missing" warning"
This reverts commit 7f94e2afcf.

Package kmod-nft-core is missing dependencies for the following libraries:
nft_reject.ko

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-30 01:39:01 +00:00
Philip Prindeville
7f94e2afcf kmod-nft-reject: Fix for "nft_reject_ipv4.ko missing" warning
Seeing the following:

    ERROR: module '/home/philipp/lede/build_dir/target-x86_64_musl/linux-x86_64/linux-5.4.33/net/ipv4/netfilter/nft_reject_ipv4.ko' is missing.
    modules/netfilter.mk:1068: recipe for target '/home/philipp/lede/bin/targets/x86/64/packages/kmod-nft-core_5.4.33-1_x86_64.ipk' failed
    make[3]: *** [/home/philipp/lede/bin/targets/x86/64/packages/kmod-nft-core_5.4.33-1_x86_64.ipk] Error 1

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-10-30 00:39:09 +00:00
Daniel Golle
c3a4cddaaf hostapd: remove hostapd-hs20 variant
Hotspot 2.0 AP features have been made available in the -full variants
of hostapd and wpad. Hence we no longer need a seperate package for
that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-30 00:39:09 +00:00
Rui Salvaterra
10e73b1e9e hostapd: add {hostapd,wpad}-basic-openssl variants
Add OpenSSL-linked basic variants (which provides WPA-PSK only, 802.11r and
802.11w) of both hostapd and wpad. For people who don't need the full hostapd
but are stuck with libopenssl for other reasons, this saves space by avoiding
the need of an additional library (or a larger hostapd with built-in crypto).

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-10-30 00:39:09 +00:00
Daniel Golle
1445d333aa opkg: bump to git HEAD
8769c75 pkg_hash: don't suggest incompatible packages

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-30 00:39:09 +00:00
David Bauer
9f1927173a hostapd: wpas: add missing config symbols
This adds missing config symbols for interworking as well as Hotspot 2.0
to the wpa_supplicant-full configuration.

These symbols were added to the hostapd-full configuration prior to this
commit. Without adding them to the wpa_supplicant configuration,
building of wpad-full fails.

Thanks to Rene for reaching out on IRC.

Fixes: commit be9694aaa2 ("hostapd: add UCI support for Hotspot 2.0")
Fixes: commit 838b412cb5 ("hostapd: add interworking support")
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 03:25:25 +01:00
Daniel Golle
256fa157a9 dnsmasq: install /etc/hotplug.d/ntp/25-dnsmasqsec world-readable
/etc/hotplug.d/ntp/25-dnsmasqsec is being sourced by /sbin/hotplug-call
running as ntpd user. For that to work the file needs to be readable by
that user.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-28 02:01:04 +00:00
Sven Eckelmann
7ca9b82c38 mac80211: Fix wpa_supplicant config removal ubus call
If mac80211_setup_supplicant() is called with enabled=0 then it should just
destroy the interface and remove the configuration from wpa_supplicant. But
the ubus method call always returned

  Command failed: Method not found

because the actual name of the method is "config_remove".

Fixes: b5516603dd ("mac80211: more wifi reconf related fixes")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:11:12 +01:00
David Bauer
83d40aef13 hostapd: bump PKG_RELEASE
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:09:34 +01:00
David Bauer
838b412cb5 hostapd: add interworking support
This adds configuration options to enable interworking for hostapd.
All options require iw_enabled to be set to 1 for a given VAP.

All IEEE802.11u related settings are supported with exception of the
venue information which will be added as separate UCI sections at a
later point.

The options use the same name as the ones from the hostapd.conf file
with a "iw_" prefix added.

All UCI configuration options are passed without further modifications
to hostapd with exceptions of the following options, whose elements can
be provided using UCI lis elements:

 - iw_roaming_consortium
 - iw_anqp_elem
 - iw_nai_realm
 - iw_domain_name
 - iw_anqp_3gpp_cell_net

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:09:04 +01:00
David Bauer
cc80cf53c5 hostapd: add FTM responder support
This adds support for enabling the FTM responder flag for the APs
extended capabilities. On supported hardware, enabling the ftm_responder
config key for a given AP will enable the FTM responder bit.

FTM support itself is unconditionally implemented in the devices
firmware (ath10k 2nd generation with 3.2.1.1 firmware). There's
currently no softmac implementation.

Also allow to configure LCI and civic location information which can be
transmitted to a FTM initiator.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:56 +01:00
David Bauer
daeda8a87e mac80211: pass phy name to hostapd_set_bss_options
hostapd_set_bss_options expects the PHY as second and the VIF as third
argument. However, only the VIF was passed as second argument without a
third argument at all.

This was never a problem, as both PHY and VIF were never accessed.
However, with FTM support the PHY is needed to determine the HW support
when configuring the BSS.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:49 +01:00
David Bauer
b518f07d4b hostapd: remove ieee80211v option
Remove the ieee80211v option. It previously was required to be enabled
in order to use time_advertisement, time_zone, wnm_sleep_mode and
bss_transition, however it didn't enable any of these options by default.

Remove it, as configuring these options independently is enough.

This change does not influence the behavior of any already configured
setting.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:29 +01:00
David Bauer
e66bd0eb04 hostapd: make rrm report independent of ieee80211k setting
Allow to configure both RRM beacon as well as neighbor reports
independently and only enable them by default in case the ieee80211k
config option is set.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:22 +01:00
Petr Štetiar
43fe0bd18d uci: fix package mirror hash
I've forget to update PKG_MIRROR_HASH in my previous package version
bump.

Fixes: 095cc2b745 ("uci: update to version 2020-10-06")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-10-27 22:58:27 +01:00
Petr Štetiar
f9005d4f80 umdns: update to version 2020-10-26
59e4fc98162d cache: cache_answer: fix off by one
4cece9cc7db4 cache: cache_record_find: fix buffer overflow
be687257ee0b cmake: tests: provide umdns-san binary
bf01f2dd0089 tests: add dns_handle_packet_file tool
134afc728846 tests: add libFuzzer based fuzzing
de08a2c71ca8 cmake: create static library
cdc18fbb3ea8 interface: fix possible null pointer dereference
1fa034c65cb6 interface: fix value stored to 'fd' is never read
3a67ebe3fc66 Add initial GitLab CI support
50caea125517 cmake: fix include dirs and libs lookup

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-10-27 22:51:59 +01:00
Petr Štetiar
095cc2b745 uci: update to version 2020-10-06
52bbc99f69ea Replace malloc() + memset() with calloc()
3fbd6c923434 ucimap: Check return of malloc()
eae126f66663 file: Check buffer size after strtok()
7f574273180a file: use size_t for position and pointer
19770b6949b9 file: use dynamic memory allocation for tempfile name
aa46546794ac file: uci_file_commit: fix memory leak
671c7554bfde uci: silence UBSAN error by using offsetof macro from compiler
ea5bbd57d0e1 tests: cram: add uci import testing on fuzzer corpus
31f78bfbf75f cmake: add uci-san cli built with clang sanitizers
a3e650911f5e file: uci_parse_package: fix heap use after free
9bd361ca3236 tests: add libFuzzer based fuzzing

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-10-27 22:51:59 +01:00
Joel Johnson
d7db32440f dnsmasq: include IPv6 local nameserver entry
For IPv6 native connections when using IPv6 DNS lookups, there is no
valid default resolver if ignoring WAN DHCP provided nameservers.

This uses a runtime check to determine if IPv6 is supported on the host.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
2020-10-26 18:51:35 +01:00
Biwen Li
3a47dc1df2 layerscape: update tfa to LSDK-20.04-update-290520
Update tfa to LSDK-20.04-update-290520.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[fix PKG_RELEASE bump]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-26 00:40:12 +01:00
Biwen Li
bd15d49838 layerscape: update u-boot to LSDK-20.04-update-290520
Update u-boot to LSDK-20.04-update-290520.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[fix PKG_RELEASE bump]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-26 00:40:12 +01:00
Biwen Li
348602186a layerscape: update ls-rcw to LSDK-20.04-update-290520
Update ls-rcw to LSDK-20.04-update-290520.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[rebase, fix PKG_RELEASE change]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-26 00:40:12 +01:00
Pawel Dembicki
a254279a6c layerscape: Change to combined rootfs on sd images
At this moment layerscape images are ext4 only. It causes problem with
save changes durring sysupgrade and make "firstboot" and failsafe mode
useless.

This patch changes sd-card images to squashfs + f2fs combined images.
To make place, for saving config, kernel space ar now ext4 partition
with fit kernel.

This method of image generation is similar to rest of OpenWrt sd-card
targets.

Reviewed-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[reword README, reword DEVICE_COMPAT_MESSAGE, keep original indent]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-26 00:40:12 +01:00
Pawel Dembicki
3605eff881 layerscape: add dtb to sysupgrade
At this moment sysupgrade replaces only kernel and rootfs.

This patch add dtb part to sysupgrade images to avoid situation
when old dtb make system broken.

Is possible to sysupgrade older images for NOR devices:
1. Firmware partition in bootargs need to be updated to:
   "49m@0xf00000(firmware)". Env should be saved after changes.
2. After step one, "sysupgrade -F" will work.

Run tested: LS1046A-RDB

Reviewed-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[bump PKG_RELEASE for uboot-layerscape]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-26 00:40:12 +01:00
Daniel Golle
2a0d08d827 ubus: bump to git HEAD
ad0cd11 ubusd_acl: add support for wildcard in methods

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 18:23:45 +00:00
Daniel Golle
2e746b4d29 busybox: make username consistent
ntpd in packages feed had already a user 'ntp' with UID 123 declared.
Rename the username of busybox-ntpd to be 'ntp' instead of 'ntpd' so
it doesn't clash.

Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 17:26:30 +00:00
Daniel Golle
70c17268a8 dnsmasq: adapt to non-root ntpd
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 13:01:35 +00:00
Daniel Golle
2d34355e16 busybox: allow ntpd to run as non-root ntpd user
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 13:01:35 +00:00
Daniel Golle
ccb283c71c procd: ujail fixes
ec461ff jail: mount more stuff read-only
33b799b ujail: elf: work around GCC bug on MIPS64

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 12:41:44 +00:00
Daniel Golle
bd8c3314fb ubox: run logd non-root as user logd
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 12:36:22 +00:00
Yousong Zhou
d23443f4d9 netifd: bump to version 2020-10-22
Changelog follows

  ced0d535 build: find and use libnl header dirs
  5722218e proto: rework parse_addr to return struct device_addr
  3d7bf604 device_addr: record address index as in the blob
  24ce1eab interface: proto_ip: order by address index first

This bump mainly affects order of interface addresses in ubus output.  At the
moment dnsmasq uses first address of an interface for setting dhcp-range option
in its config

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-10-24 18:35:27 +08:00
Daniel Golle
0b31713c85 rpcd: adapt defaults for changed ubus.sock path
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-22 15:13:38 +01:00
Daniel Golle
061904d7e3 uhttpd: adapt defaults for changes ubus.sock path
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-22 15:13:38 +01:00
Daniel Golle
de7ca7dafa base-files: merge /etc/passwd et al at sysupgrade config restore
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-22 14:25:55 +01:00
Daniel Golle
a2def3663a procd: jail: clean up capability handling and non-root ubusd
Unify capability handling to only use OCI spec parsers even for ujail
slim containers which previously supposedly used their own format.

 80c9516 cgroups: restrict allowed keys in 'unified' section
 5ade567 cgroups: memory controller fixes
 3121467 early: run ubusd non-root as user ubus, group ubus
 12a5b97 jail: adapt to new ubus socket path
 788d144 instance: actually wire up capabilities filename
 ebc5a7f jail: nuke old capabilities code in favour of reusing OCI code
 6c5233a jail: capabilities: apply in two phases

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-21 15:22:30 +01:00
Daniel Golle
2dffadece9 ubus: prepare to run ubusd as non-root user
Move /var/run/ubus.sock to /var/run/ubus/ubus.sock in preparation for
having ubusd run as non-root user.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-21 15:20:10 +01:00
Daniel Golle
d355b578b7 target: include selinux-variants if CONFIG_SELINUX is set
Rather than unconditionally adding busybox and procd to the set of
default packages, add busybox-selinux and procd-selinux in case
CONFIG_SELINUX is set.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-21 11:56:26 +01:00
Markov Mikhail
610843f3bc mac80211: rt2x00: save survey for every channel visited
rt2800 olny gives you survey for current channel.

Survey-based ACS algorithms are failing to perform their job when working
with rt2800.

Make rt2800 save survey for every channel visited and be able to give away
that information.

There is a bug registred https://dev.archive.openwrt.org/ticket/19081 and
this patch solves the issue.

Signed-off-by: Markov Mikhail <markov.mikhail@itmh.ru>
2020-10-21 11:56:26 +01:00
Hauke Mehrtens
7f5f738466 sunxi: Adapt U-Boot config to board rename
The board was renamed without changing the BUILD_DEVICES in the U-Boot
Makefile, this broken the build.

Fixes: 0830ae3a2f ("sunxi: Correct manufacturer name to Sinovoip")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-10-18 15:46:42 +02:00
Jayantajit Gogoi
e6d9f6fdff sunxi: add support for FriendlyARM NanoPi R1
Specification:

- CPU: Allwinner H3, Quad-core Cortex-A7 Up to 1.2GHz
- DDR3 RAM: 512MB/1GB
- Network:
    10/100/1000M Ethernet x 1,
    10/100M Ethernet x 1
- WiFi: 802.11b/g/n, with SMA antenna interface
- USB Host: Type-A x2
- MicroSD Slot x 1
- MicroUSB: for OTG and power input
- Debug Serial Port: 3Pin 2.54mm pitch pin-header
- LED:
    nanopi:red:status
    nanopi:green:wan
    nanopi:green:lan
- KEY:
    reset
- Power Supply: DC 5V/2A

Installation:

- Write the image to SD Card with dd
- Boot NanoPi from the SD Card

Signed-off-by: Jayantajit Gogoi <jayanta.gogoi525@gmail.com>
2020-10-18 15:46:42 +02:00
Felix Fietkau
4a0688ed71 base-files: remove block2mtd checks from sysupgrade
This hasn't been used in a long time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-10-17 16:43:17 +02:00
Felix Fietkau
08a42ef057 mac80211: fix memory leak on filtered powersave frames
After the status rework, ieee80211_tx_status_ext is leaking un-acknowledged
packets for stations in powersave mode.
To fix this, move the code handling those packets from __ieee80211_tx_status
into ieee80211_tx_status_ext

Reported-by: Tobias Waldvogel <tobias.waldvogel@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-10-17 16:43:17 +02:00
Daniel Golle
00c28c51fb
selinux-policy: update to git tag v0.3
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-16 13:49:38 +01:00
Daniel Golle
21a7c4d97a fstools: update to git HEAD
8e0f29a mount: remove support for legacy overlayfs before v2.3
 0f8a443 mount: fix log format string and indentation
 46a56d3 overlay: use precompiler macros for reoccuring path names
 f25ab8a mount: apply SELinux labels before overlayfs mount

Total ipk size change (ipq40xx): +120b

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-16 01:53:00 +01:00
Daniel Golle
1923669413 policycoreutils: 'restorecon' is a 'setfiles' applet
Instead of duplicating the '/sbin/setfiles' binary, have
'/sbin/restorecon' as yet another alias for
'/sbin/policycoreutils-setfiles'.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-16 00:38:06 +01:00
Daniel Golle
63e2e086be hostapd: ubus: add handler for wps_status and guard WPS calls
Expose WPS ubus API only if compiled with WPS support and add new
handler for wps_status call.
Also add '-v wps' option to check whether WPS support is present in
hostapd.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-16 00:38:06 +01:00
Felix Fietkau
953435795d build: always build package/kernel/linux
build: always build package/kernel/linux

If no in-tree module packages are selected, the build system does not process
package/kernel/linux. This package is required for building the virtual
'kernel' package, which is specified as a dependency for all kernel packages.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-10-15 13:25:58 +02:00
Arturas Moskvinas
679db02b10 sunxi: add support for FriendlyArm Zeropi
Specification

    CPU: Allwinner H3, Quad-core Cortex-A7 Up to 1.2GHz
    DDR3 RAM: 256MB/512MB
    Connectivity: 10/100/1000Mbps Ethernet
    USB Host: Type-A x 1
    MicroSD Slot x 1
    MicroUSB: for power input only
    Debug Serial Port: 4Pin, 2.54 mm pitch pin header
    Power Supply: DC 5V/2A
    PCB Dimension: 40 x 40 x 1.2mm

Installation:

    Burn the image file to an SD Card with dd or any image burning tool
    Boot ZeroPi from the SD Card

The following features are working and tested:

    Ethernet port 10/100/1000M Ethernet

Remarks: SBC is mostly compatible and boots with FriendlyARM NanoPI M1 plus DTS also (zeropi has no working hdmi)

Signed-off-by: Arturas Moskvinas <arturas.moskvinas@gmail.com>
2020-10-11 18:29:26 +02:00
Andre Heider
111895aa19 kernel: add a kmod package for the SoC S/PDIF codec
Size of the modules for a Cortex A7 build:
43920 linux-5.4.66/sound/soc/codecs/snd-soc-spdif-rx.ko
44044 linux-5.4.66/sound/soc/codecs/snd-soc-spdif-tx.ko

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 17:45:02 +02:00
Andre Heider
447fe1454e kernel: fix name of CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM
CONFIG_SND_SOC_DMAENGINE_PCM was removed and replaced with
CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM seven years ago, see:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=28c4468b00a1e55e08cc20117de968f7c6275441
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b7ae6f31d8243ec684af16bc5c763eccdfabaec0

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 17:45:02 +02:00
Andre Heider
60c9a27cbc uboot-envtools: mvebu: fix config for mainline u-boot
Mainline u-boot dynamically passes the mtd partitions via devicetree:
$ cat /proc/mtd
dev:    size   erasesize  name
mtd0: 003f0000 00001000 "firmware"
mtd1: 00010000 00001000 "u-boot-env"

Add support for this setup.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 16:53:20 +02:00
Hauke Mehrtens
7c0496f29b kernel: Move CONFIG_*_FS_XATTR to generic kernel config
This option is now activated in the generic kernel configuration, no
need to do it for a specific package.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-10-11 16:38:16 +02:00
Hauke Mehrtens
722906d144 kernel: move CONFIG_F2FS_CHECK_FS to generic kernel config
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-10-11 16:38:16 +02:00
Hauke Mehrtens
6542615e41 kernel: Move CONFIG_F2FS_FS_SECURITY to generic kernel config
Move the CONFIG_F2FS_FS_SECURITY kernel configuration option to the
generic kernel configuration.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-10-11 16:38:16 +02:00
Hauke Mehrtens
18deed29be kernel: Remove 2FS_FS_XATTR and F2FS_STAT_FS symbols from target configs
This config option was moved to the generic kernel configuration.

Fixes: ab1bd57656 ("kernel: move F2FS_FS_XATTR and F2FS_STAT_FS symbols to generic")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-10-11 16:38:16 +02:00
Andre Heider
b79d2356db arm-trusted-firmware-mvebu: fix topology for ESPRESSObin V3-V5 (1GB 1CS)
Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 16:38:16 +02:00
Andre Heider
8870ad58b6 uboot-mvebu: don't install 64bit binaries
u-boot binaries are not useful for these boards, they need to be combined
with atf for a proper firmware.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 16:38:16 +02:00
Andre Heider
1d234cfdfd uboot-mvebu: don't default to enable a3700 builds
u-boot binaries for this SoC are only required for the atf package,
disable them per default so they don't get build unnecessarily.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 16:38:16 +02:00
Andre Heider
f06a60b734 uboot-mvebu: don't add CONFIG_NET_RANDOM_ETHADDR to defconfig
All targets already enable it in their defconfig with the used
u-boot version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 16:38:16 +02:00
Andre Heider
ed20d4cc41 uboot-mvebu: update to v2020.10
Remove merged patches and update the emmc set.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 16:38:16 +02:00
Josef Schlehofer
9f9243887e trace-cmd: disable AUDIT (libaudit library)
If you compile first libaudit library and then trace-cmd package,
compilations fails with:

Package trace-cmd is missing dependencies for the following libraries:
libaudit.so.1

If you enable libaudit for trace-cmd, it will show system name calls while using command profile.
Try to be slim as much as possible - libaudit .ipk has 42,4 kB.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-10-11 16:16:24 +02:00
Rosen Penev
49bb986b62 perf: disable libzstd support
libzstd from the packages feed gets picked up. Remove it.

Fixes:

Package perf is missing dependencies for the following libraries:
libzstd.so.1

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-10-11 16:16:24 +02:00
Marek Behún
3d0fa1a012 perf: pass CFLAGS correctly
For this package CFLAGS have to be passed via EXTRA_CFLAGS.
On arm this bug causes build to fail because no -fPIC is present in CFLAGS.

Signed-off-by: Marek Behún <kabel@blackhole.sk>
2020-10-11 16:16:24 +02:00
Marek Behún
d4161798dd perf: fix building with musl when NLS is enabled
This package fails with a strange error when building with musl when NLS
is enabled. The configuration thinks that libelf is not present, even
though DEPENDS contains +libelf, because when NLS is enabled, libelf.so
depends on libintl, and the correct LDFLAGS are missing for
libintl-full. This then causes the configuration script to check for
glibc, but this fails because we are using musl.

Signed-off-by: Marek Behún <kabel@blackhole.sk>
2020-10-11 16:16:24 +02:00
Hans Dedecker
156b72b9aa netifd: update to latest git HEAD
64ff909 system-linux: initialize ifreq struct before using it

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-10-10 21:15:38 +02:00
Daniel Golle
486faa0036 seclic: depends on libsepol
Add missing dependency for target build of seclic which requires
libsepol (just like the host build requires libsepol/host).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-09 19:00:35 +01:00
Dominick Grift
bf12f05bbf selinux-policy: adds new package
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2020-10-09 02:10:05 +01:00
Dominick Grift
9ee7c1ec60 secilc: adds new package
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2020-10-09 02:10:05 +01:00
Daniel Golle
e0d482fdcf rt2x00: mt7620: differentiate based on SoC's CHIP_VER
The vendor driver does things differently based on what it finds in the
SoC's CHIP_VER register, which should tell whether this is MT7620N or
MT7620A (PKG) and probably also the revision (VER) and most likely
also something about the silicon implementer (ECO).
Introduce codepaths just like the ones in the vendor driver to handle
the different chips properly.

Some of those paths are most likely dead code and left-overs from FPGA
versions or early prototypes of the chip. It'd thus be great if people
can post their kernel logs, at least the line telling the chip version
and eco, so we know what's actually out there in the wild -- all I
could find is
[ 0.000000] SoC Type: Ralink MT7620A ver:2 eco:6
and
[ 0.000000] SoC Type: Ralink MT7620N ver:2 eco:6
which would make things easier, as then we really just need to know
whether it's MT7620N or MT7620A and not care about FPGA or prototypes
with ver <= 1 and eco <= 2.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-09 01:50:30 +01:00
Sungbo Eo
8f29e36963 ipq40xx: improve support for Edgecore ECW5211
This adds several stylistic and functional improvements of the recently
added Edgecore ECW5211, especially:

* Drop the local BDFs as those are already in the upstream under different names
* Add SPDX tag to DTS
* Add label MAC address
* Move LED trigger to DTS
* Remove unnecessary status="okay"
* Disable unused SS USB phy as the USB port only supports USB 2.0
* Make uboot-env partition writable
* Remove qcom,poll_required_dynamic property as the driver does not use it
* Tidy up the device recipe

Fixes: 4488b260a0 ("ipq40xx: add Edgecore ECW5211 support")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Acked-by: Robert Marko <robert.marko@sartura.hr>
2020-10-07 18:07:54 +02:00
Hans Dedecker
e5f7a9889c ppp: update to version 2.4.8.git-2020-10-03
2937722 Enable IPv6 by default (#171)
6d39c65 pppd: Fix blank password usage

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-10-05 21:29:01 +02:00
Jo-Philipp Wich
2a90d308c7 uhttpd: update to latest Git HEAD
14a3cb4 ubus: fix legacy empty reply format
0f38b03 client: fix spurious keepalive connection timeouts
88ba2fa client: really close connection on timeout
c186212 ubus: support GET method with CORS requests

Fixes: FS#3369
Fixes: https://github.com/openwrt/luci/issues/4467
Fixes: https://github.com/openwrt/luci/issues/4470
Fixes: https://github.com/openwrt/luci/issues/4479
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-10-04 23:09:59 +02:00
Andre Heider
4950071d30
omap: update uboot to v2020.04
Fixes the build error:
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status

Successfully tested on boneblack.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-04 03:45:21 +02:00
Marty Jones
6cc99c656d uboot-rockchip: add Rock Pi 4 support
Add support for the  Raxda Rock Pi 4.

Signed-off-by: Marty Jones <mj8263788@gmail.com>
2020-10-03 22:51:50 +02:00
David Bauer
0abf2c081c linux-firmware: update to 20200918
00a84c5 linux-firmware: Update AMD SEV firmware
71338c2 Merge branch 'for-master' of https://github.com/CosmicPenguin/linux-firmware into main
07367b9 linux-firmware: Update firmware file for Intel Bluetooth AX200
1d1586a linux-firmware: Update firmware file for Intel Bluetooth AX201
28b333d linux-firmware: Update firmware file for Intel Bluetooth 9560
db30380 linux-firmware: Update firmware file for Intel Bluetooth 9260
eb3aa1f Mellanox: Add new mlxsw_spectrum firmware xx.2008.1310
ec88f05 mediatek: update MT7915 firmware to 20200819
a9993f8 brcm: Fix a stale symlink for RPi3 model b+
f48fec4 qcom: Add updated a5xx and a6xx microcode
d5f9eea wl18xx: update firmware file 8.9.0.0.83
7a237c6 linux-firmware: mt7615: update firmware to 20200814 version
74bd44f amdgpu: add navi12 firmware from 20.30
b9f69cd amdgpu: update navi10 firmware for 20.30

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-03 22:51:16 +02:00
David Bauer
ea9046d1ae Revert "uboot-rockchip: update NanoPi R2S patches"
This reverts commit bda6f6572b.

This commit breaks the onboard ethernet on some units. Revert it for
now.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-03 19:00:49 +02:00
Pawel Dembicki
2d72671b6e layerscape: add layerscape's SATA driver package
This patch intruduce SATA support for layerscape devices.
Target specific package with ahci_qoriq driver was added
to local modules.mk.
Kmod package was added to default packages for devices with
SATA interface.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Reviewed-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-10-02 17:08:28 +02:00
Pawel Dembicki
7c8f677207 uboot-layerscape: fix LS1012A-FRDM fdt_high value
LS1012A-FRDM have configured wrong fdt_high value.
That causes impossibility of booting.

This patch fix it.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Reviewed-by: Yangbo Lu <yangbo.lu@nxp.com>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-02 17:03:53 +02:00
Adrian Schmutzler
9b4eab023c base-files: allow exceptions when removing devicename from LEDs
Without the model-based devicename for LEDs, there are still cases
where a third component is required, typically when it refers to
internal "devices" like phys etc. An example are the following two
found on ramips:

  - rt2800soc-phy0::radio
  - rt2800pci-phy0::radio

So far, the rt2800*-phy: prefixes would be removed by the devicename
removal ("migration") script, and the configuration for these LEDs
would be broken.

To address this, this patch allows to add arguments to a call of
remove_devicename_leds, which will be compared against the first
part of the LED names/labels, and then be ignored by the routine,
and thus not removed:

  remove_devicename_leds "rt2800soc-phy0" "rt2800pci-phy0"

This mechanism is supposed to be used when a "devicename" applies
to several devices. If only a single device is affected, it might
be more effective to use a case statement and exclude the device
from migration by that entirely.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-02 14:51:57 +02:00
Adrian Schmutzler
365a639f91 base-files: add function to remove devicename from LED labels
Currently, we request LED labels in OpenWrt to follow the scheme

  modelname:color:function

However, specifying the modelname at the beginning is actually
entirely useless for the devices we support in OpenWrt. In patches
subsequent to this one, we will thus remove the modelname from
the label definitions on various targets.

To migrate the existing definitions from older installations,
a migration script needs to be deployed that does

  modelname:color:function -> color:function

e.g.

  dir-789:green:status -> green:status

This patch introduces two functions that do exactly that:
For each entry in /etc/config/system, the routine will check whether
two (or more) colons are present, and then remove everything up to
(and including) the first colon.

For now, this will be applied unconditionally, i.e. if the function
is called for a device, all labels will be cut like this.

However, for a future case of mixed three-part and two-part labels,
it should not be too hard to provide a function argument with
exceptions to the removal.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-02 13:50:50 +02:00
Paul Spooren
624298dc27 policycoreutils: add missing gettext dependency
Add missing build dependency to both host and target build. The `msgfmt`
is required which is missing without gettext-full.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-10-01 04:14:50 +01:00
Paul Spooren
359a4b46bb refpolicy: fix path to setfiles and checkpolicy
Directly set path via MAKE vars instead of defning TESTTOOLS. This way
setfiles, which is required by the ImageBuilder, ends up in /host/bin
while checkpolicy can stay in hostpkg/bin.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-30 03:26:12 +01:00
David Bauer
bda6f6572b uboot-rockchip: update NanoPi R2S patches
Update the patches required for the NanoPi R2S to match the DTS accepted
for upstream Linux. The U-Boot patch meanwhile is still pending
upstream.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-30 00:06:45 +02:00
Felix Fietkau
cba4120768 mac80211: add support for specifying a per-device scan list
This is useful to bring up multiple client mode interfaces on a single
channel much faster without having to scan through a lot of channels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-29 17:32:26 +02:00
Felix Fietkau
1ed6eb176c mac80211: backport sched_set_fifo_low
This is needed for newer mt76 updates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-29 17:32:26 +02:00
Felix Fietkau
5b296141c2 mac80211: another fix for the sta connection monitor
Make the code more closely match the original behavior

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-29 17:32:26 +02:00
Daniel Golle
3fab4ace57 refpolicy: mark as architecture independent
Use PKGARCH:=all to declare this package to be free of any
architecture dependent code.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-29 04:04:00 +01:00
Paul Spooren
96d1dc5ebf policycoreutils: install to host/bin not hostpkg
By installing policycoreutils to host/bin it is also available within
the ImageBuilder and SDK, allowing to correctly label both filesystems
and packages.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-29 00:06:32 +01:00
David Bauer
f29c7a1f30 ath10k-firmware: package Wave1 from linux-firmware
The firmware for Wave1 chips was updated to the latest release
10.2.4-1.0-00047 at the end of 2019 (commit 513d70cc50b).
Package firmware for these chips from linux-firmware.

This avoids downloading the ath10k-firmware repository.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-28 16:23:33 +02:00
Eneas U de Queiroz
475838de1a openssl: bump to 1.1.1h
This is a bug-fix release.  Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-09-28 08:49:39 +02:00
Piotr Dymacz
b4e9e81002 uboot-envtools: ath79: add support for ALFA Network N5Q
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
6ae0684297 uboot-envtools: ath79: add support for ALFA Network N2Q
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
9181b039f3 uboot-envtools: ath79: add support for ALFA Network R36A
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
c40b693bd8 uboot-envtools: ath79: add support for Samsung WAM250
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
9b699301f5 uboot-envtools: ath79: add support for Wallys DR531
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
77598f19cc uboot-envtools: ath79: add support for ALFA Network AP121FE
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Daniel Golle
d96d324280 libsepol: break out chkcon utility
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-27 17:22:01 +01:00
Daniel Golle
e8b34880f9 policycoreutils: fix host utils rpath and bin directory
'setfiles' and others should be installed to $(STAGING_DIR_HOSTPKG)/bin
rather than $(...)/sbin which isn't in PATH.
Also using -Wl,-rpath to set library search location instead of setting
LD_LIBRARY_PATH when calling setfiles in image.mk.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-27 17:22:01 +01:00
Christian Lamparter
f6fbc39706 build: define PWM_SUPPORT arch feature flag
As the PWM has its own sub-system in the Linux kernel,
I think it should be handled in the same way as GPIO, RTC, PCI...

This patch introduces a specific feature flag "pwm" and the
"leds-pwm" kernel module as the first customer.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-25 19:32:33 +02:00
Hans Geiblinger
a9071d02b5 ipq40xx: Add support for Linksys MR8300 (Dallas)
The Linksys MR8300 is based on QCA4019 and QCA9888
and provides three, independent radios.
NAND provides two, alternate kernel/firmware images
with fail-over provided by the OEM U-Boot.

Hardware Highlights:

SoC: IPQ4019 at 717 MHz (4 CPUs)
RAM: 512MB RAM

SoC:	Qualcomm IPQ4019 at 717 MHz (4 CPUs)
RAM:	512M DDR3
FLASH:	256 MB NAND (Winbond W29N02GV, 8-bit parallel)
ETH:	Qualcomm QCA8075 (4x GigE LAN, 1x GigE Internet Ethernet Jacks)
BTN:	Reset and WPS
USB:	USB3.0, single port on rear with LED
SERIAL:	Serial pads internal (unpopulated)
LED:	Four status lights on top + USB LED
WIFI1:	2x2:2 QCA4019 2.4 GHz radio on ch. 1-14
WIFI2:  2x2:2 QCA4019 5 GHz radio on ch. 36-64
WIFI3:  2x2:2 QCA9888 5 GHz radio on ch. 100-165

Support is based on the already supported EA8300.
Key differences:
	EA8300 has 256MB RAM where MR8300 has 512MB RAM.
	MR8300 has a revised top panel LED setup.

Installation:
"Factory" images may be installed directly through the OEM GUI using
URL: https://ip-of-router/fwupdate.html (Typically 192.168.1.1)

Signed-off-by: Hans Geiblinger <cybrnook2002@yahoo.com>
[copied Hardware-highlights from EA8300. Fixed alphabetical order.
fixed commit subject, removed bogus unit-address of keys,
fixed author (used Signed-off-By to From:) ]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-25 19:31:51 +02:00
Tomasz Maciej Nowak
e24635710c ipq40xx: add support for Luma Home WRTQ-329ACN
Luma Home WRTQ-329ACN, also known as Luma WiFi System, is a dual-band
wireless access point.

Specification
SoC: Qualcomm Atheros IPQ4018
RAM: 256 MB DDR3
Flash: 2 MB SPI NOR
       128 MB SPI NAND
WIFI: 2.4 GHz 2T2R integrated
      5 GHz 2T2R integrated
Ethernet: 2x 10/100/1000 Mbps QCA8075
USB: 1x 2.0
Bluetooth: 1x 4.0 CSR8510 A10, connected to USB bus
LEDS: 16x multicolor LEDs ring, controlled by MSP430G2403 MCU
Buttons: 1x GPIO controlled
EEPROM: 16 Kbit, compatible with AT24C16
UART: row of 4 holes marked on PCB as J19, starting count from the side
      of J19 marking on PCB
      1. GND, 2. RX, 3. TX, 4. 3.3V
      baud: 115200, parity: none, flow control: none

The device supports OTA or USB flash drive updates, unfotunately they
are signed. Until the signing key is known, the UART access is mandatory
for installation. The difficult part is disassembling the casing, there
are a lot of latches holding it together.

Teardown
Prepare three thin, but sturdy, prying tools. Place the device with back
of it facing upwards. Start with the wall having a small notch. Insert
first tool, until You'll feel resistance and keep it there. Repeat the
procedure for neighbouring walls. With applying a pressure, one edge of
the back cover should pop up. Now carefully slide one of the tools to
free the rest of the latches.
There's no need to solder pins to the UART holes, You can use hook clips,
but wiring them outside the casing, will ease debuging and recovery if
problems occur.

Installation
1. Prepare TFTP server with OpenWrt initramfs image.
2. Connect to UART port (don't connect the voltage pin).
3. Connect to LAN port.
4. Power on the device, carefully observe the console output and when
   asked quickly enter the failsafe mode.
5. Invoke 'mount_root'.
6. After the overlayfs is mounted run:
     fw_setenv bootdelay 3
   This will allow to access U-Boot shell.
7. Reboot the device and when prompted to stop autoboot, hit any key.
8. Adjust "ipaddr" and "serverip" addresses in U-Boot environment, use
   'setenv' to do that, then run following commands:
     tftpboot 0x84000000 <openwrt_initramfs_image_name>
     bootm 0x84000000
   and wait till OpenWrt boots.
9. In OpenWrt command line run following commands:
     fw_setenv openwrt "setenv mtdids nand1=spi_nand; setenv mtdparts mtdparts=spi_nand:-(ubi); ubi part ubi; ubi read 0x84000000 kernel; bootm 0x84000000"
     fw_setenv bootcmd "run openwrt"
10. Transfer OpenWrt sysupgrade image to /tmp directory and flash it
    with:
     ubirmvol /dev/ubi0 -N ubi_rootfs
     sysupgrade -v -n /tmp/<openwrt_sysupgrade_image_name>
11. After flashing, the access point will reboot to OpenWrt, then it's
    ready for configuration.

Reverting to OEM firmware
1. Execute installation guide steps: 1, 2, 3, 7, 8.
2. In OpenWrt command line run following commands:
     ubirmvol /dev/ubi0 -N rootfs_data
     ubirmvol /dev/ubi0 -N rootfs
     ubirmvol /dev/ubi0 -N kernel
     ubirename /dev/ubi0 kernel1 kernel ubi_rootfs1 ubi_rootfs
     ubimkvol /dev/ubi0 -S 34 -N kernel1
     ubimkvol /dev/ubi0 -S 320 -N ubi_rootfs1
     ubimkvol /dev/ubi0 -S 264 -N rootfs_data
     fw_setenv bootcmd bootipq
3. Reboot.

Known issues
The LEDs ring doesn't have any dedicated driver or application to control
it, the only available option atm is to manipulate it with 'i2cset'
command. The default action after applying power to device is spinning
blue light. This light will stay active at all time. To disable it
install 'i2c-tools' with opkg and run:
 i2cset -y 2 0x48 3 1 0 0 i
The light will stay off until next cold boot.

Additional information
After completing 5. step from installation guide, one can disable asking
for root password on OEM firmware by running:
 sed -e 's/root/root::/' -i /etc/passwd
This is useful for investigating the OEM firmware. One can look
at the communication between the stock firmware and the vendor's
cloud servers or as a way of making a backup of both flash chips.
The root password seems to be constant across all sold devices.
This is output of 'led_ctl' from OEM firmware to illustrate
possibilities of LEDs ring:

Usage: led_ctl [status | upgrade | force_upgrade | version]
       led_ctl solid    COLOR <brightness>
       led_ctl single   COLOR INDEX <brightness 0 - 15>
       led_ctl spinning COLOR <period 1 - 16 (lower = faster)>
       led_ctl fill     COLOR <period 1 - 16 (lower = faster)>
                                             ( default is 5 )
       led_ctl flashing COLOR <on dur 1 - 128>  <off dur 1 - 128>
                              (default is  34)  ( default is 34 )
       led_ctl pulsing  COLOR
COLOR: red, green, blue, yellow, purple, cyan, white

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[squash "ipq-wifi: add BDFs for Luma Home WRTQ-329ACN" into commit,
changed ubi volumes for easier integration, slightly reworded
commit message, changed ubi volume layout to use standard names all
around]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-25 19:30:19 +02:00
Yousong Zhou
7dc78d1d28 dnsmasq: fix handling ignore condition for dnssec
It should return false to indicate that the option should not be ignored

Fixes 064dc1e8 ("dnsmasq: abort when dnssec requested but not
available")

Reported-by: Sami Olmari <sami@olmari.fi>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-09-25 10:31:36 +08:00
W. Michael Petullo
d20007ce91 dnsmasq: support tftp_unique_root in /etc/config/dhcp
The TFTP server provided by dnsmasq supports serving a select boot image
based on the client's MAC or IP address. This allows an administrator
to activate this feature in /etc/config/dhcp. Here is an example
/etc/config/dhcp that configures dnsmasq with --tftp-unique-root=mac:

...

config dnsmasq
	option enable_tftp 1
	option tftp_root /usr/libexec/tftpboot
	option tftp_unique_root mac

config boot router
	option serveraddress 192.168.1.1
	option servername tftp.example.com
	option filename openwrt-initramfs-kernel.bin

...

With this configuration, dnsmasq will serve
/usr/libexec/tftpboot/00-11-22-33-44-55/openwrt-initramfs-kernel.bin to
the client with MAC address 00:11:22:33:44:55.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-09-24 22:38:37 +02:00
Hans Dedecker
ad3044c424 vxlan: fix rsc config option
Fix route short circuit config option; fixes commit 036221ce5a

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-24 22:14:36 +02:00
Hans Dedecker
036221ce5a vxlan: add extra config options
Add config options:
  srcportmin/srcportmax : range of port numbers to use as  UDP source ports
                          to communicate to the remote VXLAN tunnel endpoint
  ageing                : lifetime in seconds of FDB entries learnt by the kernel
  maxaddress            : maximum number of FDB entries
  learning              : enable/disable entering unknown source link layer addresses
                          and IP addresses into the VXLAN device FDB.
  rsc                   : enable/disable route short circuit
  proxy                 : enable/disable ARP proxy
  l2miss                : enable/disable netlink LLADDR miss notifications
  l3miss                : enable/disable netlink IP ADDR miss notifications
  gbp                   : enable/disable the Group Policy extension

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-23 21:45:15 +02:00
J. Scott Heppler
620f9c7734 ramips: add support for Linksys EA7300 v2
This submission relied heavily on the work of
Santiago Rodriguez-Papa <contact at rodsan.dev>

Specifications:

*  SoC:            MediaTek  MT7621A            (880  MHz  2c/4t)
*  RAM:            Winbond W632GG6MB-12         (256M  DDR3-1600)
*  Flash:          Winbond W29N01HVSINA         (128M  NAND)
*  Eth:            MediaTek  MT7621A            (10/100/1000  Mbps  x5)
*  Radio:          MT7603E/MT7615N              (2.4  GHz  &  5  GHz)
                     4  antennae:  1  internal  and  3  non-deatachable
*  USB:            3.0  (x1)
*  LEDs:
          White    (x1  logo)
          Green    (x6  eth  +  wps)
          Orange   (x5,  hardware-bound)
*  Buttons:
          Reset    (x1)
          WPS      (x1)

Installation:

Flash factory image through GUI.

This might fail due to the A/B nature of this device. When flashing, OEM
firmware writes over the non-booted partition. If booted from 'A',
flashing over 'B' won't work. To get around this, you should flash the
OEM image over itself. This will then boot the router from 'B' and
allow you to flash OpenWRT without problems.

Reverting to factory firmware:

Hard-reset the router three times to force it to boot from 'B.' This is
where the stock firmware resides. To remove any traces of OpenWRT from
your router simply flash the OEM image at this point.

Signed-off-by: J. Scott Heppler <shep971@centurylink.net>
2020-09-23 12:17:32 +02:00
Felix Fietkau
127ca3c631 mt76: update to the latest version
73301065ac32 mt76: mt7615: reduce maximum VHT MPDU length to 7991
8c47ed12c2be mt76: mt7915: add offchannel condition in switch channel command
1449e602fa10 mt76: Convert to DEFINE_SHOW_ATTRIBUTE
b22977c2727d mt76: mt7663s: remove max_tx_fragments limitation

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-23 08:39:26 +02:00
Felix Fietkau
4bd7689d85 mac80211: update sta connection monitor regression fix
Reset the connection monitor on all acked frames

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-23 08:39:26 +02:00
David Bauer
c5eea362f3 hostapd: ubus: make (B)SSID optional for neighbor report
Make the BSSID and SSID fields optional when configuring a neighbor
report into hostapd.

Both options can now be an empty string. For the BSSID, the first 6 byte
are copied from the neighbor report. For the SSID, the SSID for the
affected hostapd BSS is used.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-22 17:41:10 +02:00
David Bauer
560e54c69e hostapd: ubus: send notification instead of event
Rafal Milecki pointed out that ubus events are meant for low-level ubus
events only (e.g. addition or removal of an object). Higher level
events should happen as notifications on the ubus object itself.

Dispatch BSS events on the main hostapd ubus object instead of
publishing them as ubus events.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-22 17:40:08 +02:00
David Bauer
d643b10a76 hostapd: ubus: fix infinite loop when configuring RRM NR
The return-code was set, however it was never returned, nor was
the loop interrupted.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-21 21:27:56 +02:00
David Bauer
8e7aa739fb hostapd: send procd event on BSS update
Dispatch ubus events also to procd in order to trigger service reloads
on hostapd updates.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-21 21:26:27 +02:00
David Bauer
6254af0c37 hostapd: send ubus event on BSS update
hostapd will emit a ubus event with the eventname hostapd.<ifname>.<event>
when adding, removing or reloading a BSS.

This way, services which install state (for example the RMM neighbor
list) can on-demand reinstall this information for the BSS without
polling this state.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-21 21:26:12 +02:00
Stijn Segers
ec80139629 odhcpd: number UCI defaults script
UCI defaults scripts are supposed to be numbered, but odhcpd's lacked numbering, which
turned out to mess up my custom scripts numbered 9[0-9]_*. The idea is to have high number
(custom) scripts executed last. Jow confirmed numbering is the default case, not the
exception (thanks).

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2020-09-21 20:59:40 +02:00
Daniel Golle
236e79abb7 policycoreutils: fix ALTERNATIVES install location
Fixes: 7817c831ef ("policycoreutils: break into smaller packages")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-21 18:58:14 +01:00
Daniel Golle
7817c831ef policycoreutils: break into smaller packages
Instead of vaguely describing dependencies in the package description
actually split-up into individual packages, each with their
dependencies expressed accurately.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-21 18:40:38 +01:00
Daniel Golle
81d895d1f1 libselinux: split utility packages and add PKG_LICENSE
Split utility packages similar to coreutils in packages feed, adding
ALTERNATIVES for those which are also provided by busybox-selinux.
Also add missing license information.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-21 18:40:38 +01:00
Felix Fietkau
1c6d45644a mac80211: fix regression in station connection monitor optimization
When the nulldata frame was acked, the probe send count needs to be reset,
otherwise it will keep increasing until the connection is considered dead,
even though it fine.

Reported-by: Georgi Valkov <gvalkov@abv.bg>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-21 17:56:31 +02:00
Rui Salvaterra
90853439a1 zram-swap: explicitly use mkswap/swapon/swapoff from /sbin
The required BusyBox applets are enabled by default, so we can rely on them
being present in the system. This way, we make sure there are no conflicts
with less featured variants of these same applets which might also be
present in the system.

Fixes: 0bd7dfa3ed ("zram-swap: enable swap discard")

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[wrap commit description]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-20 17:52:25 +02:00
Davide Fioravanti
cd36c0d2f0 mac80211: select the first available channel for 5GHz interfaces
Some 5GHz wifi interfaces, especially in Tri-band routers, can't use
channel 36. In these cases, the default configuration for 5GHz
interfaces, once enabled, doesn't work.

This patch selects the first non-disabled channel for 5GHz interfaces.

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
2020-09-20 17:52:25 +02:00
David Woodhouse
9e7369d37e mediatek: mt7623n-preloader: add preloader for Banana Pi R64
We want to be able to make full system images for this system too, just
as we now can for the MT7623 platforms.

The package directory (mt7623n) is now a bit misnamed as it's overly
specific, but the precise set of platforms which we support this way
is evolving and we'll fix it up when the dust settles and we know what
nomenclature makes most sense.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-09-19 13:39:29 +01:00
Andre Heider
8cfb839907 arm-trusted-firmware-mvebu: add support for espressobin
Use build variants to cover all 11 hardware options [0]:
espressobin-512mb
espressobin-v3-v5-1gb-1cs
espressobin-v3-v5-1gb-1cs-emmc
espressobin-v3-v5-1gb-2cs
espressobin-v3-v5-1gb-2cs-emmc
espressobin-v3-v5-2gb
espressobin-v3-v5-2gb-emmc
espressobin-v7-1gb
espressobin-v7-1gb-emmc
espressobin-v7-2gb
espressobin-v7-2gb-emmc

CLOCKSPRESET is set to CPU_800_DDR_800 for all builds, which is the only
stable configuration. That actually matches what Globalscale shipped as
CPU_1000_DDR_800 combined with kernel versions < v4.19.42. [1][2].

[0] https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/plat/marvell/armada/build.rst
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8db82563451f976597ab7b282ec655e4390a4088
[2] https://forum.armbian.com/topic/10335-espressobin-update-to-585-results-in-kernel-panic/?tab=comments#comment-79916

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
f6378b9e53 arm-trusted-firmware-mvebu: update a3700-utils
Update to current head of the branch A3700_utils-armada-18.12-fixed:
0967979 ddr: Add DDR3 2CS layout for EspressoBin v5 2GB board
486523e ddr: fix typo for ESPRESSObin 2GB layout
490b2b3 TBB: Fix building for Crypto++ 6.0 and later
0141dd1 TBB: Split INCDIR from LIBDIR

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
65c1c91942 arm-trusted-firmware-mvebu: update to v2.3
Switch to release tarballs and add missing license information while
here.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
75e9d8e6e7 arm-trusted-firmware-mvebu: install to own subdir
Lift the dependency on the build order, where flash-image.bin may be missing
from the u-boot dir.

While at it, also install the uart images for rescue purposes.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
53065b2dee arm-trusted-firmware-mvebu: fix compiler spam
Gets rid of these warnings:
cc1: note: someone does not honour COPTS correctly, passed 0 times

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:06 +02:00
Andre Heider
847b5927c6 arm-trusted-firmware-mvebu: reuse default prepare target
Don't wipe internal state files, fixes e.g. refreshing patches.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:05 +02:00
Andre Heider
72bb66caad uboot-mvebu: add support for espressobin
This builds two u-boot binaries: one for boards without eMMC and one
with.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:05 +02:00
Andre Heider
ae2e521b34 uboot-mvebu: update to v2020.10-rc4
TODO: switch to release v2020.10 once released.

Remove one merged patch, refresh the rest.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-09-18 21:42:05 +02:00
Tony Ambardar
5582fbd613 bpftools: support NLS, fix ppc build and update to 5.8.9
With global NLS support enabled (CONFIG_BUILD_NLS), the linked libelf.so
and libbfd.so libraries will depend on libintl.so. Import the nls.mk helper
to set library prefixes and flags accordingly, and also conditionally add
"-lintl" as link-time library.

Fix a build error on ppc due to a EDEADLOCK redefinition in errno.h.

Use upstream stable kernel 5.8.9, and fix overriding of feature detection
to only allow/hide detected features. Also refresh existing patches.

Fixes: 2f0d672088 ("bpftools: add utility and library packages supporting
eBPF usage")

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-09-18 21:42:05 +02:00
Tan Zien
e826e00765 firmware: intel-microcode: update to 20200616
intel-microcode (3.20200616.1)

  * New upstream microcode datafile 20200616
    + Downgraded microcodes (to a previously shipped revision):
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
  * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
  * This update *removes* the SRBDS mitigations from the above processors
  * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2

intel-microcode (3.20200609.2)

  * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
    * Microcode rollbacks (closes: LP#1883002)
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
    * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
    * Avoid hangs on boot on (some?) Skylake-U/Y processors,
  * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
    just in case.  Note that Debian does not do late loading by itself.
    Refer to LP#1883002 for the report, 0x806ec hangs upon late load.

intel-microcode (3.20200609.1)

  * SECURITY UPDATE
    * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
      on the processor model
    * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
      L1DCES mitigations, plus mitigations described in the changelog entry
      for package release 3.20191112.1.
    * Expect some performance impact, the mitigations are enabled by
      default.  A Linux kernel update will be issued that allows one to
      selectively disable the mitigations.
  * New upstream microcode datafile 20200609
    * Implements mitigation for CVE-2020-0543 Special Register Buffer Data
      Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
    * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
      (VRDS), INTEL-SA-00329
    * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
      (L1DCES), INTEL-SA-00329
    * Known to fix the regression introduced in release 2019-11-12 (sig
      0x50564, rev. 0x2000065), which would cause several systems with
      Skylake Xeon, Skylake HEDT processors to hang while rebooting
    * Updated Microcodes:
      sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
      sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
      sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
      sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
      sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
      sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
      sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
      sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
      sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
      sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
      sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
      sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
      sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
  * Restores the microcode-level fixes that were reverted by release
    3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)

intel-microcode (3.20200520.1)

  * New upstream microcode datafile 20200520
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456

intel-microcode (3.20200508.1)

  * New upstream microcode datafile 20200508
    + Updated Microcodes:
      sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
    * Likely fixes several critical errata on IceLake-U/Y causing system
      hangs

intel-microcode (3.20191115.2)

  * Microcode rollbacks (closes: #946515, LP#1854764):
    sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
  * Avoids hangs on warm reboots (cold boots work fine) on HEDT and
    Xeon processors with signature 0x50654.

intel-microcode (3.20191115.1)

  * New upstream microcode datafile 20191115
    + Updated Microcodes:
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
      sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
      sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
      sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
      sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136

intel-microcode (3.20191113.1)

  * New upstream microcode datafile 20191113
    + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
      Adds microcode update for CFL-S (Coffe Lake Desktop)
      INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
    + Updated Microcodes (previously removed):
      sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328

intel-microcode (3.20191112.1)

  * New upstream microcode datafile 20191112
    + SECURITY UPDATE
      - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
      - Implements TA Indirect Sharing mitigation, and improves the
        MDS mitigation (VERW)
      - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
        CVE-2019-11139
      - Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
    + CRITICAL ERRATA FIXES
      - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
        Ice Lake), causes a 0-3% typical perforance hit (can be as bad
        as 10%).  But ensures the processor will actually jump where it
        should, so don't even *dream* of not applying this fix.
      - Fixes AVX SHUF* instruction implementation flaw erratum
    + Removed Microcodes:
      sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
    + New Microcodes:
      sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
      sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
      sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
      sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
      sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
      sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
    + Updated Microcodes:
      sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
      sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
      sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
      sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
      sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
      sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
    + Updated Microcodes (previously removed):
      sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-09-18 20:08:51 +02:00
Tan Zien
182c7d955f firmware: amd64-microcode: update to 20191218
amd64-microcode (3.20191218.1)

  * New microcode update packages from AMD upstream:
    + Removed Microcode updates (known to cause issues):
      sig 0x00830f10, patch id 0x08301025, 2019-07-11
  * README: update for new release

amd64-microcode (3.20191021.1)

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00830f10, patch id 0x08301025, 2019-07-11
    + Updated Microcodes:
      sig 0x00800f12, patch id 0x08001250, 2019-04-16
      sig 0x00800f82, patch id 0x0800820d, 2019-04-16

amd64-microcode (3.20181128.1)

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00800f82, patch id 0x0800820b, 2018-06-20

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-09-18 20:08:51 +02:00
Aleksander Jan Bajkowski
b0aff40ae3 kernel: drop kmod-bmp085, kmod-bmp085-i2c and kmod-bmp085-spi
CONFIG_BMP085* is replaced by CONFIG_BMP280 since 4.9[1] and this package is empty.
OpenWRT also has kmod-iio-bmp280* package and we can drop old packages.

1. [ misc: retire the old BMP085 driver ]
(832c8232dd (diff-5000d544d790c669405eb2a6775e5981))

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
2020-09-18 20:08:51 +02:00
Tan Zien
4742ba41d0 kernel: add module support Intel Ethernet Controller I225 Series
add kernel module igc support Intel Ethernet Controller I225 Series.

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-09-18 20:08:51 +02:00
Felix Fietkau
e18534f905 mt76: update to the latest version
3b946a6dc588 mt76: dma: cache dma map address/len in struct mt76_queue_entry
c4c8b6a20d3b mt76: mt7915: fix HE BSS info
15391c1c947f mt76: fix tx hang on non-AQL frame limit
72c8a81e64e8 mt76: mt7915: fix encap offload multicast traffic with 4-address mode
69b3f868d14b mt76: mt7915: use napi_consume_skb to bulk-free tx skbs
5f080033ec7d mt76: move txwi handling code to dma.c, since it is mmio specific
b1f425686125 mt76: mt7915: fix VHT LDPC capability
8f48855f5d14 mt76: mt7915: simplify mt7915_lmac_mapping
cfaf40858718 mt76: mt7915: fix queue/tid mapping for airtime reporting
115b62efac21 mt76: remove retry_q from struct mt76_txq and related code
e22c65cdc585 mt76: mt7915: simplify checks for the 802.3 offload path
bab866a01e4f mt76: mt7915: fix unexpected firmware mode
0fc3c5eb61d0 mt76: dma: queue more rx frames internally before passing them to the stack
130e5de09364 Revert "mt76: dma: queue more rx frames internally before passing them to the stack"
e3af31409d41 update mt7915 firmware to the latest version
e2b8a4ec9891 mt76: testmode: add a limit for queued tx_frames packets
146488631f7b mt76: mt7615: Remove set but unused variable 'index'
0b7d2b76288e mt76: mt7615: fix VHT LDPC capability
848f4a6334a8 mt76: mt7622: fix fw hang on mt7622
0a955d944bd0 mt76: mt7663s: do not use altx for ctl/mgmt traffic
13b96411513b mt76: mt7663s: split mt7663s_tx_update_sched in mt7663s_tx_{pick,update}_quota
d62ba15b1bbf mt76: mt7663s: introduce __mt7663s_xmit_queue routine
fdf14d1b6aec mt76: move pad estimation out of mt76_skb_adjust_pad
d048f8e87ba0 mt76: mt7663s: fix possible quota leak in mt7663s_refill_sched_quota
979c0fdc5d27 mt76: mt7663s: introduce sdio tx aggregation
56e77a3a3ade mt76: mt7663: check isr read return value in mt7663s_rx_work
f96cffa03e57 mt76: mt7615: unlock dfs bands
1ccd31bbe1f4 mt76: Use fallthrough pseudo-keyword
448cd2d36ee2 mt76: mt76x0: Move tables used only by init.c to their own header file
17ba3432f5af Revert "mt76: mt7615: unlock dfs bands"
fee1f4a8e87f mt76: mt7915: fix possible memory leak in mt7915_mcu_add_beacon
5b78e5292777 mt76: Fix unsigned expressions compared with zero
ec84891a4d23 mt76: mt7915: convert to use le16_add_cpu()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-18 17:29:04 +02:00
Rafał Miłecki
14247c82c0 rpcd: update to the latest master
3fea655 rc: support init.d scripts with START=0

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-18 08:19:04 +02:00
Rafał Miłecki
c57b907f86 uhttpd: update to the latest master
47c34bd ubus: add ACL support for "subscribe" request

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-18 08:16:06 +02:00
Martin Schiller
a594a5a330 lantiq: use uniform "u-boot-env" mtd label
This is the most popular choice in the linux kernel tree.

Within OpenWrt, this change will establish consistency with ath79
and ramips targets.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[extend commit message, include netgear_dm200, update base-files]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-17 21:09:51 +02:00
David Bauer
520074e57e usbutils: update USB IDs to the latest version
Update from 0.321 to 0.339

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-17 18:10:41 +02:00
David Bauer
c2e75017a2 libjson-c: update to 0.15
Drop patches as they've been upstreamed:
 * 001-Fix-CVE-2020-12762.patch

Refresh patches:
 * 000-libm.patch

Add patch to avoid build failure due to missing docs in tarball.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-17 18:08:54 +02:00
Felix Fietkau
caf727767a mac80211: do not allow bigger VHT MPDUs than the hardware supports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-17 14:48:33 +02:00
Rui Salvaterra
419f149e48 zram-swap: default to lzo instead of lzo-rle compression
On devices with small amounts of RAM, zram-swap fails to initialise due to the
default compression algorithm (lzo-rle). Startup example on an AirGrid M2, with
32 MiB of RAM:

root@airgrid:/etc/config# /etc/init.d/zram start
zram_start: activating '/dev/zram0' for swapping (13 MegaBytes)
zram_reset: enforcing defaults via /sys/block/zram0/reset
sh: write error: Out of memory
mkswap: image is too small
swapon: /dev/zram0: Invalid argument
root@airgrid:/etc/config#

Fix this by defaulting to traditional lzo, which works fine and is always
available.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-09-17 10:29:40 +02:00
John Crispin
0fbdb51f76 ipq40xx: add Edgecore OAP-100 support
flashing the unit
* first update to latest edcore FW as per the PDF instructions
* boot the initramfs
  - tftpboot 0x88000000 openwrt-ipq40xx-generic-edgecore_oap100-initramfs-fit-uImage.itb; bootm
* inside the initramfs call the following commiands
  - ubiattach -p /dev/mtd0
  - ubirmvol /dev/ubi0 -n0
  - ubirmvol /dev/ubi0 -n1
  - ubirmvol /dev/ubi0 -n2
* scp the sysupgrade image to the board and call
  - sysupgrade -n openwrt-ipq40xx-generic-edgecore_oap100-squashfs-nand-sysupgrade.bin

Signed-off-by: John Crispin <john@phrozen.org>
2020-09-17 08:43:07 +02:00
Robert Marko
4488b260a0 ipq40xx: add Edgecore ECW5211 support
This patch adds support for the Edgecore ECW5211 indoor AP.

Specification:
- SoC: Qualcomm Atheros IPQ4018 ARMv7-A 4x Cortex A-7
- RAM: 256MB DDR3
- NOR Flash: 16MB SPI NOR
- NAND Flash: 128MB MX35LFxGE4AB SPI-NAND
- Ethernet: 2 x 1G via Q8075 PHY connected to ethernet adapter via PSGMII (802.3af POE IN on eth0)
- USB: 1 x USB 3.0 SuperSpeed
- WLAN: Built-in IPQ4018 (2x2 802.11bng, 2x2 802.11 acn)
- CC2540 BLE connected to USB 2.0 port
- Atmel AT97SC3205T I2C TPM

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2020-09-17 08:43:03 +02:00
Robert Marko
59f0a0fd83 ipq806x: add Edgecore ECW5410 support
This patch adds support for the Edgecore ECW5410 indoor AP.

Specification:
- SoC: Qualcomm Atheros IPQ8068 ARMv7 2x Cortex A-15
- RAM: 256MB(225 usable) DDR3
- NOR Flash: 16MB SPI NOR
- NAND Flash: 128MB S34MS01G2 Parallel NAND
- Ethernet: 2 x 1G via 2x AR8033 PHY-s connected directly to GMAC2 and GMAC3 via SGMII (802.3af POE IN on eth0)
- USB: 1 x USB 3.0 SuperSpeed
- WLAN: 2x QCA9994 AC Wawe 2 (1x 2GHz bgn, 1x 5GHz acn)
- CC2540 BLE
- UART console on RJ45 next to ethernet ports exposed.
Its Cisco pin compatible, 115200 8n1 baud.

Installation instructions:
Through stock firmware or initramfs.

1.Connect to console
2. Login with root account, if password is unknown then interrupt the boot with f and reset it in failsafe.
3. Transfer factory image
4. Flash the image with ubiformat /dev/mtd1 -y -f <your factory image path>

This will replace the rootfs2 with OpenWrt, if you are currently running from rootfs2 then simply change /dev/mtd1 to /dev/mtd0

Note

Initramfs:
1.  Connect to console
2.  Transfer the image from TFTP server with tftpboot,
or by using DHCP advertised image with dhcp command.
3. bootm
4. Run ubiformat /dev/mtd1

You need to interrupt the bootloader after rebooting and run:
run altbootcmd

This will switch your active rootfs partition to one you wrote to and boot from it.

So if rootfs1 is active, then it will change it to rootfs2.

This will format the rootfs2 partition, if your active partition is 2 then simply change /dev/mtd1 with /dev/mtd0
If you dont format the partition you will be writing too, then sysupgrade will find existing UBI rootfs and kernel volumes and update those.
This will result in wrong ordering and OpenWrt will panic on boot.

5. Transfer sysupgrade image
6. Flash with sysupgrade -n.

Note that sysupgrade will write the image to rootfs partition that is not currently in use.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2020-09-17 08:42:17 +02:00
Robert Marko
179073b0cc firmware: ipq-wifi: enable use on IPQ806x
This enables the ipq-wifi package to be used on IPQ806x target.
Its needed for boards using a different BDF than one shipped in the upstream board-2.bin.

Currently needed for Edgecore ECW5410.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2020-09-17 08:42:17 +02:00
Felix Fietkau
673062fc56 mac80211: allow bigger A-MSDU sizes in VHT, even if HT is limited
Improves tx throughput when connecting to some APs (e.g. Asus RT-AC88U)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-16 18:49:11 +02:00
Adrian Schmutzler
cb9bb908de base-files: drop default setup for vconfig
vconfig has been disabled by default since 2015 [1] and there are
no remaining uses in entire OpenWrt trunk. However, we still set up
a specific name_type for it during boot.

While this setup is properly implemented to be only triggered when
vconfig is present, it still seems anachronistic and unnecessary
to set up a standard for a tool that is not used anymore.

Therefore, this removes the set_name_type initialization and leaves
it for those people actually using the tool to configure it as needed.

[1] 899a23227e ("busybox: improve applets & deprecate ifconfig, route")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-16 17:28:20 +02:00
Rafał Miłecki
4a3230683b uhttpd: update to the latest master
1172357 ubus: add new RESTful API
fe1888f ubus: fix blob_buf initialization

Fixes: 3d167ed805 ("uhttpd: update to the latest master")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-15 13:45:33 +02:00
Adrian Schmutzler
a9790dff53 cns3xxx: drop target
This target has not been updated to 5.4 yet, and the only person
trying it (Koen) decided to retreat based on the following reasons:

- The target is not DT-aware at all

- The huge amount of effort required

- The SoC itself reached EoL at Cavium for some time now

- Upstream removed some important parts as it's also slowly getting EoL
  over there

- The commercial product that used this will fade out shortly

- The amount of download for this binary suggest that the target is not
  that popular

Since nobody has picked up the work since then, and this is the last
remaining 4.19-only target, finally drop it now.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-14 00:19:27 +02:00
Klaus Kudielka
04d3b517dc uboot-envtools: mvebu: update uci defaults for Turris Omnia
On the Turris Omnia 2019, u-boot environment is located at 0xF0000, instead
of 0xC0000. The switch happened with u-boot-omnia package version 2019-04-2
(May 10, 2019).

Check the installed u-boot release, and set the default accordingly.

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
[bump PKG_RELEASE, use lower case for hex offset]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-13 13:56:47 +02:00
Hans Dedecker
96586ad8ca netifd: update to latest git HEAD
55a7b6b netifd: vxlan: add aging and maxaddress options
11223f5 netifd: vxlan: add most missing boolean options
226566b netifd: vxlan: refactor mapping of boolean attrs
a3c033e netifd: vxlan: handle srcport range

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-12 21:29:20 +02:00
Adrian Schmutzler
07aa858a73 ramips: fix partitions and boot for RAVPower RP-WD03
The RAVPower RP-WD03 is a battery powered router, with an Ethernet and
USB port. Due due a limitation in the vendor supplied U-Boot bootloader,
we cannot exceed a 1.5 MB kernel size, as is the case with recent builds
(i.e. post v19.07). This breaks both factory and sysupgrade images.

To address this, use the lzma loader (loader-okli) to work around this
limitation.

The improvements here also address the "misplaced" U-Boot environment
partition, which is located between the kernel and rootfs in the stock
image / implementation. This is addressed by making use of mtd-concat,
maximizing space available in the booted image.
This will make sysupgrade from earlier versions impossible.

Changes are based on the recently supported HooToo HT-TM05, as the
hardware is almost identical (except for RAM size) and is from the same
vendor (SunValley). While at it, also change the SPI frequency
accordingly.

Installation:

 - Download the needed OpenWrt install files, place them in the root
   of a clean TFTP server running on your computer. Rename the files as,
   - openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-kernel.bin => kernel
   - openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-rootfs.bin => rootfs
 - Plug the router into your computer via Ethernet
 - Set your computer to use 10.10.10.254 as its IP address
 - With your router shut down, hold down the power button until the first
   white LED lights up.
 - Push and hold the reset button and release the power button. Continue
   holding the reset button for 30 seconds or until it begins searching
   for files on your TFTP server, whichever comes first.
 - The router (10.10.10.128) will look for your computer at 10.10.10.254
   and install the two files. Once it has finished installation, it will
   automatically reboot and start up OpenWrt.
 - Set your computer to use DHCP for its IP address

Notes:

 - U-Boot environment can be modified, u-boot-env is preserved on initial
   install or sysupgrade
 - mtd-concat functionality is included, to leave a "hole" for u-boot-env,
   combining the OEM kernel and rootfs partitions

Most of the changes in this commit are the work of Russell Morris (as
credited below), I only wrapped them up and added compat-version.
Thanks to @mpratt14 and @xabolcs for their help getting the lzma loader
to work!

Fixes: 5ef79af4f8 ("ramips: add support for Ravpower WD03")

Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-11 19:31:03 +02:00
David Bauer
e289f18347 hostapd: add support for per-BSS airtime configuration
Add support for per-BSS airtime weight configuration. This allows to set
a airtime weight per BSS as well as a ratio limit based on the weight.

Support for this feature is only enabled in the full flavors of hostapd.

Consult the hostapd.conf documentation (Airtime policy configuration)
for more information on the inner workings of the exposed settings.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-11 17:35:48 +02:00
David Bauer
e087bb5bd7 base-files: disable LEDs if default state is undefined
Set the default state for LEDs to off. When a trigger is set, the
trigger will turn the LED automatically on.

Currently LEDs might stay on, e.g. when the LED trigger is set to a
netdev trigger and the interface is never activated or the 'none'
trigger is selected without setting the 'default' option to 0 and it's
set for the LED indicating the system running state.

Using off as a default value is also consistent with the documentation
in the OpenWrt wiki.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-11 17:34:54 +02:00
Bob Cai
f1bc66c765 kernel: improve the description of fs-nfs-v4
TITLE is "NFS4 filesystem client support" (Line 428)
but the description is "Kernel module for NFS v4 support" (Line 438).

Use "Kernel module for NFS v4 client support" on line 438.

Signed-off-by: Bob Cai <1119283622@qq.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-10 18:52:15 +02:00
Rafał Miłecki
8b8015031b rpcd: update to the latest master
rc: new ubus object for handling /etc/init.d/ scripts

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-10 13:35:05 +02:00
Daniel Golle
fb22f4ae3a rssileds: update maintainer email address
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-10 02:58:30 +01:00
Jason A. Donenfeld
bf0881dc72 wireguard-tools: bump to 1.0.20200827
* ipc: split into separate files per-platform

This is in preparation for FreeBSD support, which I had hoped to have this
release, but we're still waiting on some tooling fixes, so hopefully next
wg(8) will support that. Either way, the code base is now a lot more amenable
to adding more kernel platform support.

* man: wg-quick: use syncconf instead of addconf for strip example

Simple documentation fix.

* pubkey: isblank is a subset of isspace
* ctype: use non-locale-specific ctype.h

In addition to ensuring that isalpha() and such isn't locale-specific, we also
make these constant time, even though we're never distinguishing between bits
of a secret using them. From that perspective, though, this is markedly better
than the locale-specific table lookups in glibc, even though base64 characters
span two cache lines and valid private keys must hit both. This may be useful
for other projects too: https://git.zx2c4.com/wireguard-tools/tree/src/ctype.h

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-09 20:47:19 +02:00
Martin Schiller
d6235f48f8 openvpn: fix shell compare operator in openvpn.init
Don't use bash syntax, because /bin/sh is used here.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-09 14:02:21 +02:00
Felix Fietkau
d717343c85 mac80211: update encap offload patches to the latest version
Minor cleanup and code reorganization, along with a change to not disable
offload anymore when a tkip or sw crypto key is added

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-09 11:51:47 +02:00
Jason A. Donenfeld
d8104c8353 wireguard: bump to 1.0.20200908
* compat: backport kfree_sensitive and switch to it
* netlink: consistently use NLA_POLICY_EXACT_LEN()
* netlink: consistently use NLA_POLICY_MIN_LEN()
* compat: backport NLA policy macros

Backports from upstream changes.

* peerlookup: take lock before checking hash in replace operation

A fix for a race condition caught by syzkaller.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-09 07:54:20 +02:00
Daniel Golle
be9694aaa2 hostapd: add UCI support for Hotspot 2.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-08 20:04:14 +01:00
Daniel Golle
7ed34f65d0 netifd: update to git HEAD
3d9bd73 utils: fix check_pid_path to work with deleted file as well
 330f403 vlan: initialize device ifname earlier at creation time
 c057e71 device: do not check state from within device_init
 cb0c07b system-dummy: fix resolving ifindex
 ccd9ddc bridge: add support for turning on vlan_filtering
 82bcb64 bridge: add support for adding vlans to a bridge
 0e8cea0 bridge: add support for VLAN filtering
 6086b63 config: enable bridge vlan filtering by default for bridges that define VLANs
 ac0710b device: look up full device name before traversing vlan chain
 e32e21e bridge: flush vlan list on bridge free
 645ceed interface-ip: clear host bits of the device prefix
 d7b614a netifd-wireless: parse 'osen' encryption

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-08 20:04:14 +01:00
Paul Spooren
d0f295837a dropbear: Enable Ed25519 for normal devices
The Ed25519 key pairs are much shorter than RSA pairs and are supported
by default in OpenSSH. Looking at websites explaining how to create new
SSH keys, many suggest using Ed25519 rather than RSA, however consider
the former as not yet widely established. OpenWrt likely has a positive
influence on that development.

As enabling Ed25519 is a compile time option, it is currently not
possible to install the feature via `opkg` nor select that option in an
ImageBuilder.

Due to the size impact of **12kB** the option should only be enabled for
devices with `!SMALL_FLASH`.

This approach seems cleaner than splitting `dropbear` into two packages
like `dropbear` and `dropbear-ed25519`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-06 23:19:20 +02:00
Rosen Penev
83e946d718 util-linux: Fix build when libmagic is present
When the libmagic from the file package in the packages feed was also
compiled and provided its libmagic.so file, util-linux tried to link
against it. Avoid this by explicitly disable libmagic support.

This fixes the following build error:
Package more is missing dependencies for the following libraries:
libmagic.so.1

Fixes: 36d9ed360a ("util-linux: update to 2.36")
Acked-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[Add commit description]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 23:19:12 +02:00
Hauke Mehrtens
787de4331f wolfssl: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk	391.545

new:
libwolfssl24_4.5.0-stable-2_mips_24kc.ipk	387.439

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:51 +02:00
Hauke Mehrtens
b71433f42d iw: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
iw_5.4-1_mips_24kc.ipk		35.767
iw-full_5.4-1_mips_24kc.ipk	68.423

new:
iw_5.8-1_mips_24kc.ipk		36.883
iw-full_5.8-1_mips_24kc.ipk	71.992

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:51 +02:00
Hauke Mehrtens
103225b412 nftables: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
nftables-json_0.9.6-1_mips_24kc.ipk	231.968
nftables-nojson_0.9.6-1_mips_24kc.ipk	204.731

new:
nftables-json_0.9.6-2_mips_24kc.ipk	221.894
nftables-nojson_0.9.6-2_mips_24kc.ipk	193.932

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
56c2e9fe37 libnftnl: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
libnftnl12_1.1.7-1_mips_24kc.ipk	47.459

new:
libnftnl12_1.1.7-2_mips_24kc.ipk	45.742

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
a617861d4c jansson: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
jansson4_2.13.1-1_mips_24kc.ipk	19.171

new:
jansson4_2.13.1-2_mips_24kc.ipk	18.936

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
13b4ed4cf4 nftables: Update to version 0.9.6
The ipk sizes for mips_24Kc change like this:
old:
nftables-json_0.9.3-1_mips_24kc.ipk	220.262
nftables-nojson_0.9.3-1_mips_24kc.ipk	192.937

new:
nftables-json_0.9.6-1_mips_24kc.ipk	231.968
nftables-nojson_0.9.6-1_mips_24kc.ipk	204.731

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
082354e4bb libnftnl: Update to version 1.1.7
The ipk sizes for mips_24Kc change like this:
old:
libnftnl12_1.1.5-1_mips_24kc.ipk	46.252

new:
libnftnl12_1.1.7-1_mips_24kc.ipk	47.459

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
cd2aad3812 jansson: Update to version 2.13.1
This also sets the ABI_VERSION as this is a versioned shared library.

The ipk sizes for mips_24Kc change like this:
old:
jansson_2.12-1_mips_24kc.ipk	18.692

new:
jansson4_2.13.1-1_mips_24kc.ipk	19.171

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Adrian Schmutzler
081e944be6 ath25: add back target support
Discussion on the mailing list reveals that this target has active
users. As we are finally able to upgrade this target to kernel 5.4,
add it back to master.

This reverts commit 7d29a55714 ("ath25: drop target") and
immediately moves the relevant files to 5.4, without touching
the content.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-06 19:49:05 +02:00
Christian Lamparter
a487e67cbc base-files: support label-property-less in get_dt_leds
The LED's "label" property has been deprecated in upstream by:

|commit c5d18dd6b64e09dd6984bda9bdd55160af537a8c
|Author: Jacek Anaszewski <jacek.anaszewski@gmail.com>
|Date:   Sun Jun 9 20:19:04 2019 +0200
|
|    dt-bindings: leds: Add properties for LED name construction
|
|    Introduce dedicated properties for conveying information about
|    LED function and color. Mark old "label" property as deprecated.
|
|    Additionally function-enumerator property is being provided
|    for the cases when neither function nor color can be used
|    for LED differentiation.

in order to be somewhat prepared, this patch adds a fallback
as a last resort to make the current led code work by falling
back to the node-name as the "label".

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-05 23:24:46 +02:00
Hans Dedecker
04e0e4167e ppp: update to latest git HEAD
af30be0 Fix setting prefix for IPv6 link-local addresss
0314df4 Disable asking password again when prompt program returns 128

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-05 20:13:40 +02:00
David Bauer
7f676b5ed6 firewall: bump to latest HEAD
8c2f9fa fw3: zones: limit zone names to 11 bytes
78d52a2 options: fix parsing of boolean attributes

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-05 15:43:16 +02:00
Felix Fietkau
acf1733496 mac80211: add preliminary support for enabling 802.11ax in config
No advanced features are configurable yet, just basic enabling of HE modes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-04 15:49:35 +02:00
Daniel Golle
c2c701e058 libselinux: package executables into -utils
Add new package libselinux-utils containing the executable
utilities included with libselinux.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-04 02:50:20 +01:00
Russell Morris
45a81f7056 ramips: add support for HooToo HT-TM05
The HooToo HT-TM05 is a battery powered router, with an Ethernet and USB port.
Vendor U-Boot limited to 1.5 MB kernel size, so use lzma loader (loader-okli).

Specifications:

  SOC:     MediaTek MT7620N
  BATTERY: 10400mAh
  WLAN:    802.11bgn
  LAN:     1x 10/100 Mbps Ethernet
  USB:     1x USB 2.0 (Type-A)
  RAM:     64 MB
  FLASH:   GigaDevice GD25Q64, Serial 8 MB Flash, clocked at 50 MHz
           Flash itself specified to 80 MHz, but speed limited by mt7620 SPI
           fast-read enabled (m25p)
  LED:     Status LED (blue after boot, green with WiFi traffic
           4 leds to indicate power level of the battery (unable to control)
  INPUT:   Power, reset button

MAC assignment based on vendor firmware:

  2.4 GHz    *:b4   (factory 0x04)
  LAN/label  *:b4   (factory 0x28)
  WAN        *:b5   (factory 0x2e)

Tested and working:

 - Ethernet
 - 2.4 GHz WiFi (Correct MAC-address)
 - Installation from TFTP (recovery)
 - OpenWRT sysupgrade (Preserving and non-preserving), through the usual
   ways: command line and LuCI
 - LEDs (except as noted above)
 - Button (reset)
 - I2C, which is needed for reading battery charge status and level
 - U-Boot environment / variables (from U-Boot, and OpenWrt)

Installation:

 - Download the needed OpenWrt install files, place them in the root
   of a clean TFTP server running on your computer. Rename the files as,
   - ramips-mt7620-hootoo_tm05-squashfs-kernel.bin => kernel
   - ramips-mt7620-hootoo_tm05-squashfs-rootfs.bin => rootfs
 - Plug the router into your computer via Ethernet
 - Set your computer to use 10.10.10.254 as its IP address
 - With your router shut down, hold down the power button until the first
   white LED lights up.
 - Push and hold the reset button and release the power button. Continue
   holding the reset button for 30 seconds or until it begins searching
   for files on your TFTP server, whichever comes first.
 - The router (10.10.10.128) will look for your computer at 10.10.10.254
   and install the two files. Once it has finished installation, it will
   automatically reboot and start up OpenWrt.
 - Set your computer to use DHCP for its IP address

Notes:

 - U-Boot environment can be modified, u-boot-env is preserved on initial
   install or sysupgrade
 - mtd-concat functionality is included, to leave a "hole" for u-boot-env,
   combining the OEM kernel and rootfs partitions

I would like to thank @mpratt14 and @xabolcs for their help getting the
lzma loader to work!

Signed-off-by: Russell Morris <rmorris@rkmorris.us>
[drop changes in image/Makefile, fix indent and PKG_RELEASE in
uboot-envtools, fix LOADER_FLASH_OFFS, minor commit message facelift,
add COMPILE to Device/Default]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-03 14:15:30 +02:00
Rosen Penev
7a5e4f5f00 policycoreutils: add nls.mk
Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-09-03 00:33:20 +01:00
Adrian Schmutzler
6362a04725 kernel: remove obsolete kernel version switches for 4.14
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.

This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:23 +02:00
Adrian Schmutzler
bc88ee0aff samsung: drop target
This target is still on kernel 4.14, and no attempt has been made to
update it to a newer kernel. Since we already are two LTS versions ahead
of that the target is dropped, as the chance of somebody bumping it will
only decrease with time.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Adrian Schmutzler
7d29a55714 ath25: drop target
This target still only works with kernel 4.14, and not so recent
attempts of getting newer kernel versions supported did not lead
to success. Therefore, drop the target, as we are already two
LTS kernel versions ahead and it does not seem like anybody will
pick up the work.

Patchwork series:
https://patchwork.ozlabs.org/project/openwrt/list/?series=169991&state=*

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Magnus Kroken
66893063ab mbedtls: update to 2.16.8
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.

* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-09-02 15:12:12 +02:00
Walter Sonius
46abcb3ade base-files: fix comment typo in lib/functions/network.sh
Fix typo in comment.

Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 01:11:17 +02:00
Daniel Golle
80a194b100 hostapd: add hs20 variant
Add hostapd variant compiled with support for Hotspot 2.0 AP features.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 21:37:35 +01:00
Felix Fietkau
91fb3ce56b mac80211: remove an obsolete patch that is no longer doing anything useful
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Felix Fietkau
2c14710c54 mac80211: add more AQL fixes/improvements
Fix aggregation length estimation, add HE and VHT160 support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Daniel Golle
76368a5c0a refpolicy: skip building docs
Building docs requires xmllint and other bulky things being present on
the host. Skip that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 14:35:00 +01:00
Daniel Golle
d136848b8b libaudit: add host-build required by policycoreutils/host
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 14:24:07 +01:00
Daniel Golle
3ce21b8797 libsemanage: host-build depends on renamed libaudit package
Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 12:32:52 +01:00
Hauke Mehrtens
413fdc6676 ugps: update to the latest version
511a5b3 ugps: fix 64-bit time_t

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-01 13:04:44 +02:00
Hauke Mehrtens
db8e09f1c2 fstools: update to the latest version
5345343 fstoools: add define for GLOB_ONLYDIR

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-01 13:01:15 +02:00
John Crispin
2ddd8387a7 uboot-mediatek: update to latest version
Signed-off-by: John Crispin <john@phrozen.org>
2020-09-01 09:08:52 +02:00
Daniel Golle
93ed51e5b6 libaudit: drop unused file
Drop init script from libaudit package. It will be added to the
'audit' package in the packages feed.

Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 00:32:54 +01:00
Paul Spooren
395ac4d018 build: opkg-key variable key folder
The key folder is used by `opkg` and `usign` to store and retrieve
trusted public keys. Using `opkg-key` outside a running device is
unfeasible as the key folder is hard coded to `/etc/opkg/keys`.

This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys`
if unset, however allows set arbitrary key folder locations.

Arbitrary key folder locations are useful to add signature verification
to the ImageBuilders.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 22:44:26 +01:00
Paul Spooren
18b1cc2838 px5g-wolfssl: cleanup Makefile and SPDX license
Minor cosmetic cleanups of the Makefile and add a SPDX compatible
license headers.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 22:29:37 +01:00
Daniel Golle
2e2425ce7f libsemanage: add missing package metadata
License and CPE-ID were missing, add them.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 22:02:12 +01:00
Daniel Golle
efdf619f21 audit: build only libaudit
Turns out auditd depends on libev. Lets have that in packages.git.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 21:51:45 +01:00
Hauke Mehrtens
2b141ad392 strace: Update to version 5.8
Deactivate multiple personalities support, because this causes compile
problems at least on the x86/64 target. As OpenWrt compiles all
binaries itself all binaries will use the native personality which is
also used by strace. This change will make it impossible to debug i386
binaries on x86_64 OpenWrt targets for example.

Just deactivate it for ARM64 too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-31 22:15:26 +02:00
Rosen Penev
36d9ed360a util-linux: update to 2.36
hwclock was fixed to work with musl.

Unfortunately, the fix breaks under musl 1.2.x. Backported patch to fix
that.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Rosen Penev
879e68eafd libcxx: update to 10.0.0
Switched to upstream tarballs.

Switched to libcxxabi as using libsupc++ is quite wonky.

Fixed description.

Removed patches. The fixes are cosmetic.

Added ssp patch. This one is needed for i386 and powerpc under musl.

Compile tested every C++ package in the tree with the exception of
several boost packages. There's something broken with boost.

Ran tested with gerbera.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Rosen Penev
3f9bd9e8ee libcxxabi: add
This will be used for libcxx.

libcxxabi is needed as libsupc++ is not good enough for libcxx. It uses
GCC specific stuff which causes failed compilation for some packages.
There are also runtime issues, most notably with cxxopts where the
program just crashes.

Reference: https://github.com/gerbera/gerbera/issues/795

Added patch to fix ARM compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Daniel Golle
86307bc908 checkpolicy: build-depend on libselinux
Static libraries and headers of libselinux and libsepol are required
for checkpolicy to build.
Fixes error:
policy_parse.y:45:10: fatal error: sepol/policydb/expand.h: No such file or directory
 #include <sepol/policydb/expand.h>
          ^~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 20:45:14 +01:00
Daniel Golle
c2996ee267 policycoreutils: fix i18n depends
Fixes build error:
load_policy.c:11:10: fatal error: libintl.h: No such file or directory
 #include <libintl.h>  /* for gettext() */
          ^~~~~~~~~~~
 compilation terminated.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 20:45:14 +01:00
Michael Pratt
22caf30a65 ath79: add support for Senao Engenius ENH202 v1
FCC ID: U2M-ENH200

Engenius ENH202 is an outdoor wireless access point with 2 10/100 ports,
built-in ethernet switch, internal antenna plates and proprietery PoE.

Specification:

  - Qualcomm/Atheros AR7240 rev 2
  - 40 MHz reference clock
  - 8 MB FLASH                  ST25P64V6P (aka ST M25P64)
  - 32 MB RAM
  - UART at J3                  (populated)
  - 2x 10/100 Mbps Ethernet     (built-in switch at gmac1)
  - 2.4 GHz, 2x2, 29dBm         (Atheros AR9280 rev 2)
  - internal antenna plates     (10 dbi, semi-directional)
  - 5 LEDs, 1 button            (LAN, WAN, RSSI) (Reset)

Known Issues:

  - Sysupgrade from ar71xx no longer possible
  - Power LED not controllable, or unknown gpio

MAC addresses:

  eth0/eth1  *:11   art 0x0/0x6
  wlan       *:10   art 0x120c

  The device label lists both addresses, WLAN MAC and ETH MAC,
  in that order.

  Since 0x0 and 0x6 have the same content, it cannot be
  determined which is eth0 and eth1, so we chose 0x0 for both.

Installation:

  2 ways to flash factory.bin from OEM:

  - Connect ethernet directly to board (the non POE port)
      this is LAN for all images
  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    In upper right select Reset
    "Restore to factory default settings"
    Wait for reboot and login again
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt boot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9f670000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, can cause kernel loop or halt

  The easiest way to return to the OEM software is the Failsafe image
  If you dont have a serial cable, you can ssh into openwrt and run

  `mtd -r erase fakeroot`

  Wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

Format of OEM firmware image:

  The OEM software of ENH202 is a heavily modified version
  of Openwrt Kamikaze bleeding-edge. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-enh202-uImage-lzma.bin
    openwrt-senao-enh202-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring, and by swapping headers to see
  what the OEM upgrade utility accepts and rejects.

  OKLI kernel loader is required because the OEM firmware
  expects the kernel to be no greater than 1024k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on built-in switch:

  ENH202 is originally configured to be an access point,
  but with two ethernet ports, both WAN and LAN is possible.

  the POE port is gmac0 which is preferred to be
  the port for WAN because it gives link status
  where swconfig does not.

Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[assign label_mac in 02_network, use ucidef_set_interface_wan,
use common device definition, some reordering]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-31 17:41:21 +02:00
Michael Pratt
6decbf3186 ath79: add support for Senao Engenius ENS202EXT v1
Engenius ENS202EXT v1 is an outdoor wireless access point with 2 10/100 ports,
with built-in ethernet switch, detachable antennas and proprietery PoE.

FCC ID:	A8J-ENS202

Specification:

  - Qualcomm/Atheros AR9341 v1
  - 535/400/200/40 MHz          (CPU/DDR/AHB/REF)
  - 64 MB of RAM
  - 16 MB of FLASH              MX25L12835F(MI-10G)
  - UART (J1) header on PCB     (unpopulated)
  - 2x 10/100 Mbps Ethernet     (built-in switch Atheros AR8229)
  - 2.4 GHz, up to 27dBm        (Atheros AR9340)
  - 2x external, detachable antennas
  - 7x LED (5 programmable in ath79), 1x GPIO button (Reset)

Known Issues:

  - Sysupgrade from ar71xx no longer possible
  - Ethernet LEDs stay on solid when connected, not programmable

MAC addresses:

  eth0/eth1  *:7b   art 0x0/0x6
  wlan       *:7a   art 0x1002

  The device label lists both addresses, WLAN MAC and ETH MAC,
  in that order.

  Since 0x0 and 0x6 have the same content, it cannot be
  determined which is eth0 and eth1, so we chose 0x0 for both.

Installation:

  2 ways to flash factory.bin from OEM:

  - Connect ethernet directly to board (the non POE port)
      this is LAN for all images
  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    In upper right select Reset
    "Restore to factory default settings"
    Wait for reboot and login again
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt boot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fdf0000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

  *If you are unable to get network/LuCI after flashing*
  You must perform another factory reset:

    After waiting 3 minutes or when Power LED stop blinking:

    Hold Reset button for 15 seconds while powered on
    or until Power LED blinks very fast

    release and wait 2 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions

  *DISCLAIMER*
  The Failsafe image is unique to this model.
  The following directions are unique to this model.
  DO NOT downgrade to ar71xx this way, can cause kernel loop

  The easiest way to return to the OEM software is the Failsafe image
  If you dont have a serial cable, you can ssh into openwrt and run

  `mtd -r erase fakeroot`

  Wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

TFTP Recovery:

  For some reason, TFTP is not reliable on this board.
  Takes many attempts, many timeouts before it fully transfers.

  Starting with an initramfs.bin:

  Connect to ethernet
  set IP address and TFTP server to 192.168.1.101
  set up infinite ping to 192.168.1.1
  rename the initramfs.bin to "vmlinux-art-ramdisk" and host on TFTP server
  disconnect power to the board
  hold reset button while powering on board for 8 seconds

  Wait a minute, power LED should blink eventually if successful
  and a minute after that the pings should get replies
  You have now loaded a temporary Openwrt with default settings temporarily.
  You can use that image to sysupgrade another image to overwrite flash.

Format of OEM firmware image:

  The OEM software of ENS202EXT is a heavily modified version
  of Openwrt Kamikaze bleeding-edge. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-ens202ext-uImage-lzma.bin
    openwrt-senao-ens202ext-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring, and by swapping headers to see
  what the OEM upgrade utility accepts and rejects.

Note on the factory.bin:

  The newest kernel is too large to be in the kernel partition

  the new ath79 kernel is beyond   1592k
  Even ath79-tiny is               1580k

  Checksum fails at boot because the bootloader (modified uboot)
  expects kernel to be 1536k. If the kernel is larger, it gets
  overwritten when rootfs is flashed, causing a broken image.
  The mtdparts variable is part of the build and saving a new
  uboot environment will not persist after flashing.
  OEM version might interact with uboot or with the custom
  OEM partition at 0x9f050000.

  Failed checksums at boot cause failsafe image to launch,
  allowing any image to be flashed again.

  HOWEVER: one should not install older Openwrt from failsafe
  because it can cause rootfs to be unmountable,
  causing kernel loop after successful checksum.
  The only way to rescue after that is with a serial cable.

  For these reasons, a fake kernel (OKLI kernel loader)
  and fake squashfs rootfs is implemented to take care of
  the OEM firmware image verification and checksums at boot.
  The OEM only verifies the checksum of the first image
  of each partition respectively, which is the loader
  and the fake squashfs. This completely frees
  the "firmware" partition from all checks.

  virtual_flash is implemented to make use of the wasted space.
  this leaves only 2 erase blocks actually wasted.

  The loader and fakeroot partitions must remain intact, otherwise
  the next boot will fail, redirecting to the Failsafe image.

  Because the partition table required is so different
  than the OEM partition table and ar71xx partition table,
  sysupgrades are not possible until one switches to ath79 kernel.

Note on sysupgrade.tgz:

  To make things even more complicated, another change is needed to
  fix an issue where network does not work after flashing from either
  OEM software or Failsafe image, which implants the OEM (Openwrt Kamikaze)
  configuration into the jffs2 /overlay when writing rootfs from factory.bin.

  The upgrade script has this:

    mtd -j "/tmp/_sys/sysupgrade.tgz" write "${rootfs}" "rootfs"

  However, it also accepts scripts before and after:

    before_local="/etc/before-upgradelocal.sh"
    after_local="/etc/after-upgradelocal.sh"
    before="before-upgrade.sh"
    after="after-upgrade.sh"

  Thus, we can solve the issue by making the .tgz an empty file
  by making a before-upgrade.sh in the factory.bin

Note on built-in switch:

  There is two ports on the board, POE through the power supply brick,
  the other is on the board. For whatever reason, in the ar71xx target,
  both ports were on the built-in switch on eth1. In order to make use
  of a port for WAN or a different LAN, one has to set up VLANs.

  In ath79, eth0 and eth1 is defined in the DTS so that the
  built-in switch is seen as eth0, but only for 1 port
  the other port is on eth1 without a built-in switch.

  eth0: switch0
    CPU is port 0
    board port is port 1

  eth1: POE port on the power brick

  Since there is two physical ports,
  it can be configured as a full router,
  with LAN for both wired and wireless.

  According to the Datasheet, the port that is not on the switch
  is connected to gmac0. It is preferred that gmac0 is chosen as WAN
  over a port on an internal switch, so that link status can pass
  to the kernel immediately which is more important for WAN connections.

Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[apply sorting in 01_leds, make factory recipe more generic, create common
device node, move label-mac to 02_network, add MAC addresses to commit
message, remove kmod-leds-gpio, use gzip directly]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-31 17:41:21 +02:00
Daniel Golle
e868809861 libsemanage: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[removed python part for inclusion in core]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 13:52:05 +01:00
Thomas Petazzoni
73912b850b audit: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[fix build with GCC 10 and disable MIPS16 as build emits sync instruction]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 13:38:12 +01:00
Tony Ambardar
2f0d672088 bpftools: add utility and library packages supporting eBPF usage
Add support for building bpftool and libbpf from the latest 5.8.3 kernel
sources, ensuring up-to-date functionality and fixes. Both are written to
be backwards compatible, which simplfies build and usage across different
OpenWRT image kernels.

'bpftool' is the primary userspace tool widely used for introspection and
manipulation of eBPF programs and maps. Two variants are built: a 'full'
version which supports object disassembly and depends on libbfd/libopcodes
(total ~500KB); and a 'minimal' version without disassembly functions and
dependencies. The default 'minimal' variant is otherwise fully functional,
and both are compiled using LTO for further (~30KB) size reductions.

'libbpf' provides shared/static libraries and dev files needed for building
userspace programs that perform eBPF interaction.

Several cross-compilation and build-failure problems are addressed by new
patches and ones backported from farther upstream:

  * 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
  * 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
  * 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
  * 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-08-31 12:23:59 +01:00
Paul Spooren
c1875d1ebb build: switch VERSION_REPO to HTTPS
The variable VERSION_REPO is used by opkg to download package(list)s.
Now that the default installation support encrypted HTTP opkg should
make use of it.

Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
2020-08-31 11:26:10 +01:00
Paul Spooren
35f2116519 treewide: https for downloads.openwrt.org sources
Instead of using http and https for source downloads from
downloads.openwrt.org, always use https for it's better security.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:26:10 +01:00
Paul Spooren
62d5ec7306 build: store SourceDateEpoch in manifest
The usage of granular `SOURCE_DATE_EPOCH` for packages is an
incrementing integer which could be useful for downstream tooling,
therefore add it to the packages manifest.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:18:06 +01:00
Paul Spooren
7d26f294cd busybox: Use PKG_FILE_MODES for SUID
Instead of using INSTALL_SUID use the more flexible PKG_FILE_MODES
variable withn the Makefile to set the SUID bit.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:15:17 +01:00
Daniel Golle
2bd55d0a2b opkg: update to git HEAD
4318ab1 opkg: allow to configure the path to the signature verification script
 cf44c2f libopkg: fix compiler warning

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 11:03:24 +01:00
Paul Spooren
976d3e2234 px5g: rename to px5g-mbedtls
Two versions of `px5g` exists without sharing code. For clarification
rename the previously existing MbedTLS based version to `px5g-mbedtls`
to exists next to `px5g-wolfssl`.

Rename code file of MbedTLS from `px5g.c` to `px5g-mbedtls.c`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00
Paul Spooren
7078294b59 px5g-wolfssl: add package
This package creates certificates and private keys, just like `px5g`
does. Hower it uses WolfSSL rather than MbedTLS.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00
Paul Spooren
367c23740f wolfssl: add certgen config option
The option allows to generate certificates.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00
Hans Dedecker
9ee27c232e nghttp2: move to packages.git
As the package curl has been moved to packages.git and only libcurl
depends on libnghttps move it as well to packages.git.
This is based on the Hamburg  2019 decision that non essential packages
should move outside base.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-31 08:01:27 +02:00
Thomas Petazzoni
e5e54e52f7 refpolicy: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 2.20200229, adjust Makefile, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Thomas Petazzoni
21992303fa checkpolicy: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Thomas Petazzoni
d28adeb37d policycoreutils: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, use ALTERNATIVES, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Sven Wegener
6a9c76a6c4 leds: add activity led trigger kernel module package
The activity trigger flashes like the heartbeat trigger, but adjusts
based on system load.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens
4e2a994d2d ethtool: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
ethtool_5.4-1_mips_24kc.ipk	101.909

new:
ethtool_5.8-1_mips_24kc.ipk	109.699

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens
0b2f97beed iproute2: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
ip-full_5.7.0-2_mips_24kc.ipk	165.786
ip-tiny_5.7.0-2_mips_24kc.ipk	117.730
tc_5.7.0-2_mips_24kc.ipk	144.405

new:
ip-full_5.8.0-1_mips_24kc.ipk	169.775
ip-tiny_5.8.0-1_mips_24kc.ipk	119.808
tc_5.8.0-1_mips_24kc.ipk	149.053

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens
ca5ee6eba3 mac80211: Fix potential endless loop
Backport a fix from kernel 5.8.3.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-30 22:21:34 +02:00
Adrian Schmutzler
4e4ee46495 ar71xx: drop target
This target has been mostly replaced by ath79 and won't be included
in the upcoming release anymore. Finally put it to rest.

This also removes all references in packages, tools, etc. as well as
the uboot-ar71xx and vsc73x5-ucode packages.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-30 22:18:35 +02:00
Aaron Goodman
47b2ee2d9a wireguard-tools: add tunlink option for hostroute
In a multi-wan setup, netifd may need guidance on which wan device to
use to create the route to the remote peer.

This commit adds a 'tunlink' option similar to other tunneling interfaces
such as 6in4, 6rd, gre, etc.

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
2020-08-30 21:47:13 +02:00
Paul Spooren
a5d030a54f curl: move package to packages.git
curl is replaced by uclient-fetch within the OpenWrt build system and we
can therefore move curl to packages.git. This is based on the Hamburg
2019 decision that non essential packages should move outside base.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-27 21:18:21 +02:00
Hauke Mehrtens
bc19481826 hostapd: Fix compile errors after wolfssl update
This fixes the following compile errors after the wolfssl 4.5.0 update:
  LD  wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
    type = GEN_EMAIL;
           ^~~~~~~~~
           ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
    type = GEN_DNS;
           ^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
    type = GEN_URI;
           ^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
   if (gen->type != GEN_EMAIL &&
                    ^~~~~~~~~
                    ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
       gen->type != GEN_DNS &&
                    ^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
       gen->type != GEN_URI)
                    ^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed

Fixes: 00722a720c ("wolfssl: Update to version 4.5.0")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-27 12:11:47 +02:00
Hauke Mehrtens
c1aa2d4411 mtd-utils: Update to version 2.1.2
The release notes says this:
As already said, the changes since 2.1.1 are primarily bug fixes, addressing
compiler warnings and issues reported by diagnostic tools, but also build
failures for some configurations.
https://lists.infradead.org/pipermail/linux-mtd/2020-July/081299.html

The size of the ubi-utils ipk increases on mips BE by 0.2%
old:
ubi-utils_2.1.1-1_mips_24kc.ipk:	70992
new:
ubi-utils_2.1.2-1_mips_24kc.ipk:	71109

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 23:29:35 +02:00
Hauke Mehrtens
00722a720c wolfssl: Update to version 4.5.0
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk:	386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk:	391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 23:29:30 +02:00
Hauke Mehrtens
2745f6afe6 curl: Use wolfssl by default
Instead of using mbedtls by default use wolfssl. We now integrate
wolfssl in the default build so use it also as default ssl library for
curl.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 21:00:43 +02:00
Hauke Mehrtens
b5191f3366 curl: Fix build with wolfssl
Backport a commit from upstream curl to fix a problem in configure with
wolfssl.

checking size of time_t... configure: error: cannot determine a size for time_t

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 21:00:42 +02:00
Adrian Schmutzler
e7c235612b uboot-at91: harmonize indent in Makefile
The indent in Makefile is mixed, harmonize it where reasonable.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-25 19:28:42 +02:00
Adrian Schmutzler
2f92e1d418 at91bootstrap: harmonize indent in Makefiles
The indent in Makefiles is mixed, harmonize it where reasonable.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-25 19:28:42 +02:00
Adrian Schmutzler
7f1540cc46 at91: introduce vendor_model scheme and drop board names
This introduces the vendor_model scheme to this target in order to
harmonize device names within the target and with the rest of
OpenWrt. In addition, custom board names are dropped in favor
of the generic script which takes the compatible.

Use the SUPPORTED_DEVICES variable to store the compatible where it
deviates from the device name, so we can use it in build recipes.

While at it, harmonize a few indents as well.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-25 19:28:42 +02:00
Sandeep Sheriker M
abf6c288c1 uboot-at91: bump version to linux4sam-2020.04
Bump version to linux4sam-2020.04 and add patch to fix Wformat-security
warnings.

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2020-08-25 19:28:42 +02:00
Sandeep Sheriker M
9b36ca8032 at91bootstrap: bump version to v3.9.3
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2020-08-25 19:28:42 +02:00
Felix Fietkau
e12ac40552 mt76: update to the latest version
f0beb7cbc443 mt76: mt7663u: fix memory leaks in mt7663u_probe
90c8422d3f56 mt76: mt7915: fix typo in function name
9cbbe4a30eaf mac80211: simplify TX aggregation start
974486ec2642 util: in worker setup, only overwrite function pointer if not NULL
519510277a8b mt76: initialize tx worker function earlier
3c361b1e3f4e mt76: mt7663u: fix dma header initialization
e8d489647c7f mt76: usb: fix use of q->head and q->tail
8124daf53130 mt76: sdio: fix use of q->head and q->tail
3c2cd8580377 mt76: unify queue tx cleanup code
780cdabb8659 mt76: remove qid argument to drv->tx_complete_skb
05aa857861fc mt76: remove swq from struct mt76_sw_queue
e861cb051833 mt76: rely on AQL for burst size limits on tx queueing
3218b914a2fb mt76: remove struct mt76_sw_queue
23529b5e93c1 mt76: mt7603: tune tx ring size
f6ca436ebea4 mt76: mt76x02: tune tx ring size
97e65131440c mt76: mt7603: check for single-stream EEPROM configuration
957b6c5ac273 mt76: mt7615: fix MT_ANT_SWITCH_CON register definition
96a541eedda9 mt76: mt7615: fix antenna selection for testmode tx_frames
b36d7ae096a3 mt76: mt7603: move number of streams detection to eeprom init

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-25 14:12:51 +02:00
Hauke Mehrtens
a69949a13f firewall: Fix PKG_MIRROR_HASH
Fixes: 6c57fb7aa9 ("firewall: bump to version 2020-07-05")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-24 18:54:00 +02:00
Magnus Kroken
201d6776a0 mbedtls: update to 2.16.7
Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch,
and provides bug fixes and minor enhancements. This release includes
fixes for security issues and the most severe one is described in more
detail in a security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07

* Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
* Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private
key that didn't include the uncompressed public key), as well as
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
f_rng argument. An attacker with access to precise enough timing and
memory access information (typically an untrusted operating system
attacking a secure enclave) could fully recover the ECC private key.
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
macros).

Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some
changes to the download URLs are required. For the time being, the
ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[Use https://codeload.github.com and new tar.gz file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-24 18:54:00 +02:00
Rosen Penev
161fe0b662 exfat: update to 5.8.7
93e2334 exfat: fix build error on linux-5.4,5.5 kernel
01a7b8c exfat: fix name_hash computation on big endian systems
8f92bc0 exfat: fix wrong size update of stream entry by typo

Removed commented material that was for testing compilation.

Removed patch as the error was fixed upstream. First entry above.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-24 18:53:59 +02:00
mohammad rasim
785c7d9b16 kernel: add ar5523 driver
The driver currently only support managed and monitor mode

Changes since v1:
- drop the @DRIVER_11N_SUPPORT dependency

Signed-off-by: mohammad rasim <mohammad.rasim96@gmail.com>
2020-08-24 18:53:59 +02:00
Josef Schlehofer
e742a31f07 ipset: update to version 7.6
Changelog:
https://ipset.netfilter.org/changelog.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-08-24 18:53:59 +02:00
Josef Schlehofer
ed381e2fb2 linux-firmware: add support for Marvell SDIO 8997
For example, Turris MOX SDIO card is using Marvell (NXP) 88W8997 chip.

Technical specs of 88W8997:
- 28nm
- 802.11 ac wave-2
It should support simultaneous dual-band 2.4 GHz and 5 GHz,
but it requires to support multiSSID for one Wi-Fi card [1], which is
not supported in OpenWrt, yet and if we tried to run two instances of
hostapd, it didn't work well, so it's 2.4 GHz or 5 GHz.
- 2x2 MU-MIMO
- Bluetooth 5.1 with LE support
- Unfortunately, there can be connected only 8 clients at the same time
(limited by FW, however, there exists "enterprise" chip, its equal chip,
it is just different that it uses different FW)

Symlink is necessary as mwifiex_sdio tries to load sd8997_uapsta.bin
[   13.651182] mwifiex_sdio mmc0:0001:1: Direct firmware load for mrvl/sd8997_uapsta.bin failed with error -2
[   13.661065] mwifiex_sdio mmc0:0001:1: Falling back to user helper
[   13.684880] firmware mrvl!sd8997_uapsta.bin: firmware_loading_store: map pages failed
[   13.695910] mwifiex_sdio mmc0:0001:1: Failed to get firmware mrvl/sd8997_uapsta.bin
[   13.703774] mwifiex_sdio mmc0:0001:1: info: _mwifiex_fw_dpc: unregister device

Pali Rohár sent two patches [2] [3] into kernel to fix default firmware name for SD8997, so
the symlink will not be required in the future versions of kernel, which
was accepted and right now, according to my details it was backported to 5.8, 5.7 and 5.4

[1] https://bugs.openwrt.org/index.php?do=details&task_id=3243
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=00eb0cb36fad5
[3] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2e1fcac52a9ea

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-08-24 18:53:59 +02:00
Josef Schlehofer
18aca6b17d linux-firmware: update to version 20200817
git log --pretty=oneline --abbrev-commit 20200619..20200817
7a30af1 (HEAD -> master, tag: 20200817, origin/master, origin/main, origin/HEAD) Merge branch 'i915-firmware-updates-08-2020' of git://anongit.freedesktop.org/drm/drm-firmware into main
923bfa6 brcm: Add brcmfmac43455-sdio.raspberrypi,3-model-a-plus.txt symlink
33e11ab rtl_bt: Update RTL8822C BT UART firmware to 0x0599_8A4F
1b81373 i915: Add DMC firmware 2.02 for RKL
bdf8d7a i915: Add DMC firmware 2.08 for TGL
1bcdc9a i915: Add HuC firwmare v7.5.0 for TGL
c331aa9 amdgpu: update vega20 firmware for 20.30
a434387 amdgpu: update vega12 firmware for 20.30
49e9ea8 amdgpu: update vega10 firmware for 20.30
d89e9b1 amdgpu: update renoir firmware for 20.30
373c08a amdgpu: update raven2 firmware for 20.30
69ca06e amdgpu: update raven firmware for 20.30
12042c2 amdgpu: update picasso firmware for 20.30
2c9d97a amdgpu: update navi14 firmware for 20.30
eaa3e55 amdgpu: update navi10 firmware for 20.30
9bc3789 linux-firmware: update NXP SDSD-8997 firmware image
6c79b68 Mellanox: Add new mlxsw_spectrum firmware xx.2008.1036
2b823fc (tag: 20200721) linux-firmware: Update AMD SEV firmware
e33306f Merge branch 'qca_0714' of https://github.com/bgodavar/qca_bt_fw into main
1d1c80b Update to 20200629111339 version to aligh SDK. Mainly fix DFS false alarm.
69c7f0b rtl_nic: update firmware for RTL8125B
f39b687 Update binary firmware for MT7663 based devices to include firmware offload feature and low power feature.
3882702 QCA: Add correct bin file for WCN3991
3d3a06f linux-firmware: Update firmware file for Intel Bluetooth AX201
b7849f7 linux-firmware: Update firmware file for Intel Bluetooth AX200
07b0375 linux-firmware: Update firmware file for Intel Bluetooth 9560
44bf1b1 linux-firmware: Update firmware file for Intel Bluetooth 9260
7169ab3 linux-firmware: wilc1000: add wilc1000 v15.4 FW
b1497fc Merge https://github.com/rjliao-qca/qca-btfw into main
c4e04b4 QCA: Update Bluetooth firmware for QCA6390
74ac3b5 Merge https://github.com/bgodavar/qca_wcn3991 into main
1a0c0c2 amdgpu: add UVD firmware for SI asics
24cc617 QCA: Update WCN3991 FW files

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-08-24 18:53:59 +02:00
Adrian Schmutzler
cc501ab021 kernel: set WATCHDOG_CORE dependency in kmod-hwmon-sch5627
For many target we have added CONFIG_WATCHDOG_CORE=y to the target
config due to the following error:

 Package kmod-hwmon-sch5627 is missing dependencies for the following
 libraries:
 watchdog.ko

However, actually the proper way appears to be setting the
dependency for the kmod-hwmon-sch5627 package, as the error message
demands.

Do this in this patch and remove the target config entries added
due to this issue.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-24 14:09:11 +02:00
Daniel Golle
2eaf03b4d8 busybox: fix typo in Makefile
'conffiiles' -> 'conffiles'

Fixes: 2e06f8ae24 ("busybox: add selinux variant")
Reported-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-23 23:59:37 +01:00
Paul Spooren
aeea91d5ee f2fs-tools: add selinux variant
This variant is build with `libselinux` and required to set labels
during runtime.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-23 23:37:08 +01:00
Paul Spooren
2e06f8ae24 busybox: add selinux variant
This commit adds a `selinux` variant which comes with with a number of
SELinux applets and also SELinux label support.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-23 23:37:08 +01:00
Hans Dedecker
f75c70aeca nat46: update to latest git HEAD
362640b nat46-module: fix compilation with kernel 5.6

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-23 20:08:44 +02:00
Hans Dedecker
4358373e69 curl: disable zstd support
Fixes package libcurl build issue :

Package libcurl is missing dependencies for the following libraries:
libzstd.so.1

Suggested-by: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-23 11:03:40 +02:00
Felix Fietkau
b52b4afa15 mt76: update to the latest version
8027c7d95274 mt76: mt7615: fix reading airtime statistics
3743e7c904de mt76: mt7915: optimize mt7915_mac_sta_poll
d2fe5e8330c6 mt76: mt7915: fix variable initialization in sta poll
692065b4c9db mt76: mt7915: only enable hw amsdu for AP and station
b54157df7c27 mt7615: update firmware to version 20200814
888990e159d2 mt76: use threaded NAPI
3a3306e408f2 mt76: mt7915: add 802.11 encap offload support
795b772cd392 mt76: mt7915: add encap offload for 4-address mode stations
55d79ab7fa23 mt76: dma: update q->queued immediately on cleanup
23dbd64d6324 mt76: mt7915: schedule tx tasklet in mt7915_mac_tx_free
5cf34cda70af mt76: mt7915: significantly reduce interrupt load
87a69429069f mt76: add utility functions for deferring work to a kernel thread
2f1318a06d0a mt76: convert from tx tasklet to tx worker thread
72f0979566be mt76: mt7915: add support for accessing mapped registers via bus ops
f9ce5c776c9a mt76: use ieee80211_rx_list to pass frames to the network stack as a batch
25dd8bdae3bf mt76: mt7615: significantly reduce interrupt load
7c5445dec812 mt76: mt7615: release mutex in mt7615_reset_test_set
e68c3e254822 mt76: mt7663s: use NULL instead of 0 in sdio code
4368380e20e7 mt76: mt7663s: fix resume failure
bea386f27914 mt76: mt7663s: fix unable to handle kernel paging request
b8780c44c716 mt76: mt7615: fix possible memory leak in mt7615_tm_set_tx_power
37a1c7ed6796 mt76: mt7615: fix a possible NULL pointer dereference in mt7615_pm_wake_work
8c7c1a207d25 mt76: fix a possible NULL pointer dereference in mt76_testmode_dump

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-22 21:24:10 +02:00
Felix Fietkau
e7f7101182 mac80211: rework encapsulation offload support
Fix a number of deficiencies in the existing API

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-22 07:02:01 +02:00
Josef Schlehofer
17d16e093f curl: update to version 7.72.0
Changes in this version can be found here:
https://curl.haxx.se/changes.html#7_72_0

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-08-21 21:25:56 +02:00
Felix Fietkau
010682067b mac80211: add missing return code checks in AQL improvements
Fixes throughput issues with some drivers (e.g. ath10k)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-21 18:29:52 +02:00
Hauke Mehrtens
5efe459012 kernel: wpan: Add kmod-ca8210
This device is found on the pistachio marduk board.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-21 11:46:13 +02:00
Hauke Mehrtens
b0751d4c0f kernel: wpan: Add missing AUTOLOAD to load kernel module
These kernel modules were not loaded automatically, fix this by adding
the AUTOLOAD definition.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-21 11:46:13 +02:00
David Bauer
aa403a440a dnsmasq: abort dhcp_check on interface state
Abort the dhcp-check based on the interface instead of the carrier
state. In cases where the interface is up but the carrier is down,
netifd won't cause a dnsmasq reload, thus dhcp won't become active
on this interface.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-08-20 23:45:26 +02:00
Remi NGUYEN VAN
bcf0704bd2 map: rename type to maptype (FS#3287)
"type" is already used as a common option for all protocols types, so
using the same option name for the map type makes the configuration
ambiguous. Luci in particular adds controls for both options and sees
errors when reading the resulting configuration.

Use "maptype" instead, but still fallback to "type" if "maptype" is not
set. This allows configurations to migrate without breaking old
configurations.

This addresses FS#3287.

Signed-off-by: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-08-19 21:14:00 +02:00
Adrian Schmutzler
18ab496c32 ltq-dsl-base: remove useless echos in lantiq_dsl.sh
The is no reason to catch the output by $() and then echo it again.

Remove the useless echos.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-17 23:25:41 +02:00
Remi NGUYEN VAN
1e696c6ced map: add a legacymap option
The legacy map version based on the IPv6 Interface Identifier in
draft-ietf-softwire-map-03 was typically used by uncommenting the LEGACY
variable in the map.sh file, which is not ideal. A proper configuration
option is needed instead.

The IPv6 Interface Identifier format described in the draft was
eventually changed in RFC7597, but is still used by some major ISPs,
including in Japan.

Signed-off-by: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-08-15 20:37:02 +02:00
Rui Salvaterra
763ce13b0b dropbear: allow disabling support for scp
If not needed, disabling scp allows for a nice size reduction.

Dropbear executable size comparison:

153621 bytes (baseline)
133077 bytes (without scp)

In other words, we trim a total of 20544 bytes.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-08-15 20:25:08 +02:00
Tomasz Maciej Nowak
ebf71533f9 ath79: add support for ALLNET ALL-WAP02860AC
ALLNET ALL-WAP02860AC is a dual-band wireless access point.

Specification
SoC: Qualcomm Atheros QCA9558
RAM: 128 MB DDR2
Flash: 16 MB SPI NOR
WIFI: 2.4 GHz 3T3R integrated
      5 GHz 3T3R QCA9880 Mini PCIe card
Ethernet: 1x 10/100/1000 Mbps AR8035-A, PoE capable (802.3at)
LEDS: 5x, which four are GPIO controlled
Buttons: 1x GPIO controlled
UART: 4 pin header near Mini PCIe card, starting count from white
      triangle on PCB
      1. VCC 3.3V, 2. GND, 3. TX, 4. RX
      baud: 115200, parity: none, flow control: none

MAC addresses
Calibration data does not contain valid MAC addresses.
The calculated MAC addresses are chosen in accordance with OEM firmware.

Because of:
a) constrained environment (SNMP) when connecting through Telnet
   or SSH,
b) hard-coded kernel and rootfs sizes,
c) checksum verification of kerenel and rootfs images in bootloder,

creating factory image accepted by OEM web interface is difficult,
therefore, to install OpenWrt on this device UART connection is needed.
The teardown is simple, unscrew four screws to disassemble the casing,
plus two screws to separate mainboard from the casing.
Before flashing, be sure to have a copy of factory firmware, in case You
wish to revert to original firmware.

Installation
1. Prepare TFTP server with OpenWrt initramfs-kernel image.
2. Connect to LAN port.
3. Connect to UART port.
4. Power on the device and when prompted to stop autoboot, hit any key.
5. Alter U-Boot environment with following commands:
    setenv failsafe_boot bootm 0x9f0a0000
    saveenv
6. Adjust "ipaddr" and "serverip" addresses in U-Boot environment, use
   'setenv' to do that, then run following commands:
    tftpboot 0x81000000 <openwrt_initramfs-kernel_image_name>
    bootm 0x81000000
7. Wait about 1 minute for OpenWrt to boot.
8. Transfer OpenWrt sysupgrade image to /tmp directory and flash it
   with:
    sysupgrade -n /tmp/<openwrt_sysupgrade_image_name>
9. After flashing, the access point will reboot to OpenWrt. Wait few
   minutes, until the Power LED stops blinking, then it's ready for
   configuration.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[add MAC address comment to commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-15 15:58:39 +02:00
Felix Fietkau
6bdd4c967b mac80211: add missing backports for building with 4.14 kernels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-14 17:27:31 +02:00
Daniel Golle
bda1c127cc libselinux: fix Makefile style
Also fix line order in libselinux Makefile.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-14 02:43:31 +01:00
Daniel Golle
0133160177 libsepol: fix Makefile style
Fix line ordering (cosmetic).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-14 02:42:25 +01:00
Daniel Golle
4469e45f60 pcre: clean up Makefile line order
The most recent patch added add lines in one block instead of in the
appropriate places to keep Makefiles in consistent style. Fix that.

Fixes: ff02e1561f ("pcre: add host variant of libpcre")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-14 02:42:25 +01:00
Thomas Petazzoni
ff02e1561f pcre: add host variant of libpcre
This is needed to build the host variant of libselinux.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-14 02:29:03 +01:00
Felix Fietkau
072c5876c5 libselinux: fix build on non-Linux systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-13 20:08:29 +02:00
Felix Fietkau
2a9fb827aa libsepol: fix build on non-Linux systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-13 20:08:29 +02:00
Felix Fietkau
431fb8cae9 mac80211: add AQL improvements
Add AQL support for HE drivers.
Improve assumed aggregation length based on tx rate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-13 17:57:19 +02:00
Felix Fietkau
6bee8f2865 mt76: update to the latest version
34aed01ca865 mt76: mt7915: use ieee80211_free_txskb to free tx skbs
efc8669db5f9 mt76: mt7915: fix max_mpdu_size field for A-MSDU

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-13 17:57:19 +02:00
Daniel Golle
ff6b815691 libselinux: don't depend on kernel config symbols
Dependencies are meant to express actual run-time dependencies and
strictly speaking, libselinux can be build and used on kernels without
SELinux (not in a very meaningful way, but never mind).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 14:07:18 +01:00
Daniel Golle
74dfe25d41 procd: remove duplicate confguration menu
Fixes: 962e73c1a4 ("procd: add selinux variant")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 14:07:18 +01:00
Daniel Golle
0709f6e798 iproute2: disable SELinux for now
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 14:03:07 +01:00
Daniel Golle
ab4c6f1632 musl-fts: import from packages feed
libselinux requires musl-fts to build with musl. Import it from
packages feed as well.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 11:44:05 +01:00
Daniel Golle
e16b84df15 pcre: import from packages feeds
libselinux require pcre, import to to core so it can build without
packages feeds.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 11:28:28 +01:00
Paul Spooren
962e73c1a4 procd: add selinux variant
This commit adds a `selinux` variant to `procd` allowing to load an
SELinux policy at boot.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 09:53:50 +01:00
Thomas Petazzoni
a0df664531 libselinux: add new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-13 09:31:34 +01:00
Thomas Petazzoni
6531eee347 libsepol: add new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-13 09:31:34 +01:00
Ansuel Smith
87e92d50e5 kernel: usb: move phy-qcom-ipq806x-usb to ipq806x modules.mk
This driver is only used by ipq806x SoCs. Move it there and drop
dependency from ipq40xx since it's not used anywere.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[rebase on changes to previous patches]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Paul Blazejowski <paulb@blazebox.homeip.net> [R7800]
2020-08-13 02:12:12 +02:00
Ansuel Smith
0c45ad41e1 ipq806x: replace phy dwc3 patch with upstream version
- Replace dwc3 phy patch with upstream version
- Rework the dts to use the upstream bindings
- Update changed config flags
- Rename module to reflect config name

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[fix qcom,tx-deamp_3_5db typo, refresh patches, rename kmod]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Paul Blazejowski <paulb@blazebox.homeip.net> [R7800]
2020-08-13 02:12:12 +02:00
Rui Salvaterra
e5eeb34a8c dropbear: fix ssh alternative when dbclient isn't built
The ssh symlink was still being created even when dbclient was disabled in the
build configuration. Fix this annoyance.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-08-12 21:57:37 +02:00
Felix Fietkau
37615174f5 mt76: update to the latest version
8d9a62e4def7 mt76: mt7915: fix crash on tx rate report for invalid stations
825343467df4 mt76: fix double DMA unmap of the first buffer on 7615/7915
99804560372b mt76: mt7615: register ext_phy if DBDC is detected
93407be934b2 mt76: mt7615: move drv_own/fw_own in mt7615_mcu_ops
e7774de844e8 mt76: mt7663s: move drv_own/fw_own in mt7615_mcu_ops
a5602514ab03 mt76: mt7615: hold mt76 lock queueing wd in mt7615_queue_key_update
5c42061ce181 mt76: do not inject packets if MT76_STATE_PM is set
ae4757a0ae90 mt76: mt7615: reschedule runtime-pm receiving a tx interrupt
c4544d1e8a1a mt76: mt76s: fix oom in mt76s_tx_queue_skb_raw
dc73103874cc mt76: mt76s: move tx processing in a dedicated wq
c828c84cb134 mt76: mt7663s: move rx processing in txrx wq
2b34f2f6b0ef mt76: mt76s: move status processing in txrx wq
f957b050d848 mt76: mt76s: move tx/rx processing in 2 separate works
6fe964295bd9 mt76: mt76s: get rid of unused variable
43d6127d8851 mt76: mt7915: enable U-APSD on AP side
58774b605f1c mt76: set interrupt mask register to 0 before requesting irq
06f722d8046c mt76: mt7915: clean up and fix interrupt masking in the irq handler
2fbd6baac103 mt76: mt7615: only clear unmasked interrupts in irq tasklet
5ea8b6187da2 mt76: mt76x02: clean up and fix interrupt masking in the irq handler
f2e71f0c1b7e mt76: mt7615: do not do any work in napi poll after calling napi_complete_done()
1eb94624bb12 mt76: mt7915: do not do any work in napi poll after calling napi_complete_done()
5e0c587b9ac1 mt76: mt7915: clean up station stats polling and rate control update
9ab20dfbf7b1 mt76: mt7915: increase tx retry count
fa69dd96f9c0 mt76: mt7915: enable offloading of sequence number assignment
9816f9812adb mt76: move mt76_check_agg_ssn to driver tx_prepare calls
ad90170b0af9 mt76: mt7615: remove mtxq->agg_ssn assignment
335cd51be4c6 mt76: mt7915: simplify aggregation session check
21f7734cbb49 mt76: mt7915: add missing flags in WMM parameter settings
21182f90d947 mt76: mt7915: add Tx A-MSDU offloading support
27670514328f mt76: mt7615: use v1 MCU API on MT7615 to fix issues with adding/removing stations

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-12 12:31:00 +02:00
Michael Yartys
91aab77bf1 ath10k-ct-firmware: update firmware images
Not a large change from last time, but should fix at least one rare wave-2
crash. The htt-mgt-community builds are trimmed for supporting lots of
stations (typically 150+ stations per radio).

Tested on Netgear R7800.

Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-08-12 11:50:48 +02:00
Adrian Schmutzler
7de3daa997 treewide: bump PKG_RELEASE after replacing which
Bump PKG_RELEASE for the affected packages as replacing "which" by
"command -v" represents a content change.

Fixes: 1fdf6b745c ("treewide: replace `which` with `command -v`")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:17:22 +02:00
Paul Spooren
1fdf6b745c treewide: replace which with command -v
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.

Using `command -v` is POSIX compliant while `which` is not.  Also to
mention, `command -v` is a shell builtin whereas `which` is a separate
busybox applet.

Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.

Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Paul Spooren <mail@aparcar.org>
[also replace cases in zram-swap]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:08:05 +02:00
Magnus Kroken
4165232c45 busybox: delete redundant patch
This problem has been fixed in upstream commit
6b6a3d9339f1c08efaa18a7fb7357e20b48bdc95. This patch now (harmlessly)
adds the same definition a second time.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:08:05 +02:00
David Woodhouse
0002d177e4 uboot-mediatek: resync patches with upstream
Now that my patches have been merged into upstream U-Boot, resync the
cosmetic changes and the commit IDs from the final commits.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-08-12 11:08:05 +02:00
Rosen Penev
b59a98b009 libjson-c: fix pkgconfig file
The pkgconfig file references the host directories, not the openwrt
ones. Used SED to fix as is done elsewhere. Removed CMAKE_INSTALL as a
result.

Removed now pointless CFLAGS.

Added PKG_BUILD_PARALLEL for faster compilation.

Various rearrangements for consistency between packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-11 21:29:44 +02:00
Hans Dedecker
5e512cc9c1 ppp: update to latest git HEAD
677aa53 Fix -W option for pppoe-discovery utility (#157)
115c419 Accept Malformed Windows Success Message (#156)
5bdb148 pppd: Add documentation of stop-bits option to pppd man page (#154)
2a7981f Add ipv6cp-accept-remote option
0678d3b pppd: Fix the default value for ipv6cp-accept-local to false

Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-11 21:27:07 +02:00
Hauke Mehrtens
0a864f20fb bintuils: Pack libctf-nobfd.so in addition
readelf is linked against this library on MIPS64BE
This fixes a build problem on MIPS64BE.

In addition also explicitly activate it in the configure command.

Fixes: 60f595daab ("binutils: update to version 2.34")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-10 23:02:37 +02:00
Hauke Mehrtens
fce0f1501b mac80211: Update to version 5.8
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-10 19:34:37 +02:00
Christoph Krapp
d32010d5ff uboot-envtools: ath79: add ZyXEL NBG6616 uboot env support
This adds support for ZyXEL NBG6616 uboot-env access

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
2020-08-10 18:37:47 +02:00
Adrian Schmutzler
d4ac0ad543 treewide: make dependency on kmod-usb-net selective
A bunch of kernel modules depends on kmod-usb-net, but does not
select it. Make AddDepends/usb-net selective, so we can drop
some redundant +kmod-usb-net definitions for DEVICE_PACKAGES.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-10 12:54:30 +02:00
Thomas Petazzoni
12178be465 procd: add SELinux support
This commit adds a patch to procd to support loading the SELinux
policy early at boot time, and adjusts the procd package to use this
SELinux support when libselinux is enabled.

The procd patch has been submitted separately [1]: obviously the
intent is to have it merged in the procd Git repository rather than
have it in OpenWrt itself.

[1] http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025791.html

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[split commit into openwrt.git and procd.git]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-10 09:54:50 +01:00
Daniel Golle
cfe235c436 kernel: modules: add package kmod-iosched-bfq
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-10 09:52:31 +01:00
Christoph Krapp
eb95ca3b5c uboot-envtools: ar71xx: add ZyXEL NBG6616 uboot env support
This adds support for ZyXEL NBG6616 uboot-env access

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
[add "ar71xx" to commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-09 23:57:17 +02:00
Felix Fietkau
eff8c76aa0 mac80211: fix spurious disconnect issues with disassoc_low_ack=1 (default)
mac80211 reports a packet loss event to user space when 50 consecutive packets
were not acked. On a high throughput link with long aggregates and sudden
link changes, this can trigger way too easily.
Mitigate false positives by only triggering the event on a packet loss if
no ACK was received for at least a second

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-09 14:01:49 +02:00
David Bauer
1bfba18a36 mac80211: exchange mesh 6GHz IE patch for upstream accepted
Exchange the patch fixing the kernel ringbuffer WARNING flood for the
one accepted upstream.

Fixes commit a956c14d6a ("mac80211: util: don't warn on missing sband
iftype data")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-08-08 10:31:57 +02:00
Jo-Philipp Wich
bc1c9fdc20 hostapd: recognize option "key" as alias for "auth_secret"
The hostapd configuration logic is supposed to accept "option key" as
legacy alias for "option auth_secret". This particular fallback option
failed to work though because "key" was not a registered configuration
variable.

Fix this issue by registering the "key" option as well, similar to the
existing "server" nad "port" options.

Ref: https://github.com/openwrt/openwrt/pull/3282
Suggested-by: Michael Jones <mike@meshplusplus.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-07 21:19:29 +02:00
Jo-Philipp Wich
321503dbf3 hostapd: make "key" option optional if "wpa_psk_file" is provided
If an existing "wpa_psk_file" is passed to hostapd, the "key" option may
be omitted.

While we're at it, also improve the passphrase length checking to ensure
that it is either exactly 64 bytes or 8 to 63 bytes.

Fixes: FS#2689
Ref: https://github.com/openwrt/openwrt/pull/3283
Suggested-by: Michael Jones <mike@meshplusplus.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-07 21:04:02 +02:00
David Bauer
a4e72013e7 exfat: add dependency on nls-base
Add a dependency on kmod-nls-base for the new exfat driver. Otherwise
the build fails on ramips and ath79 on kernel 5.4:

Package kmod-fs-exfat is missing dependencies for the following libraries:
nls_base.ko

Fixes commit cd41234d2f ("exfat: add out of tree module")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-08-07 16:51:58 +02:00
Adrian Schmutzler
1d5b08ca51 om-watchdog: fix board name for teltonika,rut5xx
The board name is equivalent to the compatible, not the device
definition. Fix it.

Fixes: b4588c8538 ("kernel/om-watchdog: Apply device renames from ramips")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-07 16:30:55 +02:00
Hans Dedecker
f74edb3e95 nat46: update to latest git HEAD
71e9f09 nat46-core: fix compilation with kernel 5.4

Remove 100-kernel-5.4-compat patch as upstream accepted

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-07 13:40:26 +02:00
Petr Štetiar
c487cf8e94 hostapd: add wpad-basic-wolfssl variant
Add package which provides size optimized wpad with support for just
WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
[adapt to recent changes, add dependency for WPA_WOLFSSL config]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-07 12:02:19 +02:00
Jo-Philipp Wich
4a6795409d base-files: functions.sh: fix config_get() on invalid identifiers
When passing a section or option value to config_get() which contains
characters that happen to be valid variable interpolation expressions,
the function returns a nonsensical expression result instead of the
expected empty string.

When the passed section or option name contains other characters which
are not valid within a shell variable name, a substitution error is
occuring instead.

The issue can be easily reproduced by one of the following examples:

    root@OpenWrt:~# . /lib/functions.sh
    root@OpenWrt:~# config load system
    root@OpenWrt:~# config_get variable invalid-section option
    root@OpenWrt:~# echo "$variable"
    section_option:-

    root@OpenWrt:~# . /lib/functions.sh
    root@OpenWrt:~# config load system
    root@OpenWrt:~# config_get variable section invalid-option
    root@OpenWrt:~# echo "$variable"
    option:-

    root@OpenWrt:~# . /lib/functions.sh
    root@OpenWrt:~# config load system
    root@OpenWrt:~# config_get variable section invalid@option
    -ash: eval: syntax error: bad substitution

Fix this issue by only performing interpolations when the given section
and option arguments are free of illegal characters.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-07 11:05:16 +02:00
Yousong Zhou
064dc1e81b dnsmasq: abort when dnssec requested but not available
Before this commit, if uci option "dnssec" was set, we pass "--dnssec"
and friends to dnsmasq, let it start and decide whether to quit and
whether to emit message for diagnosis

  # dnsmasq --dnssec; echo $?
  dnsmasq: DNSSEC not available: set HAVE_DNSSEC in src/config.h
  1

DNSSEC as a feature is different from others like dhcp, tftp in that
it's a security feature.  Better be explicit.  With this change
committed, we make it so by not allowing it in the first in the
initscript, should dnsmasq later decides to not quit (not likely) or
quit without above explicit error (unlikely but less so ;)

So this is just being proactive.  on/off choices with uci option
"dnssec" are still available like before

Link: https://github.com/openwrt/openwrt/pull/3265#issuecomment-667795302
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-08-07 15:56:30 +08:00
Jo-Philipp Wich
11ea7ba698 Revert "dsaconfig: introduce package for UCI configuration of VLAN filter rules"
This reverts commit 96b87196b0.

This commit was not meant to go into master.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-06 19:13:43 +02:00
Jo-Philipp Wich
f85bc0d77d Revert "add vfconfig"
This reverts commit 34553e8cc9.

This commit was not meant to go into master.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-06 19:13:21 +02:00
Daniel Golle
48f2596e78 procd: update to git HEAD
47a9f0d service: add method to query available container features
 afbaba9 initd: attempt to mount cgroup2
 ead60fe jail: use pidns semantics also for timens
 759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
 83053b6 instance: add instances into unified cgroup hierarchy
 16159bb jail: parse OCI cgroups resources
 282ff0c jail: only free cgroups if they were allocated
 ab55357 jail: fix freeing cgroups avl

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 16:17:37 +01:00
Daniel Golle
728a0c68d1 Revert "procd: update to git HEAD"
This reverts commit e0e607f0d0.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 16:17:37 +01:00
Davy Hollevoet
394f54ee62 ath79/nand: add support for Netgear WNDR4300TN
This patch adds support for the WNDR4300TN, marketed by Belgian ISP
Telenet. The hardware is the same as the WNDR4300 v1, without the
fifth ethernet port (WAN) and the USB port. The circuit board has
the traces, but the components are missing.

Specifications:
* SoC: Atheros AR9344
* RAM: 128 MB
* Flash: 128 MB NAND flash
* WiFi: Atheros AR9580 (5 GHz) and AR9344 (2.4 GHz)
* Ethernet: 4x 1000Base-T
* LED: Power, LAN, WiFi 2.4GHz, WiFi 5GHz, WPS
* UART: on board, to the right of the RF shield at the top of the board

Installation:

* Flashing through the OEM web interface:
  + Connect your computer to the router with an ethernet cable and browse
    to http://192.168.0.51/
  + Log in with the default credentials are admin:password
  + Browse to Advanced > Administration > Firmware Upgrade in the Telenet
    interface
  + Upload the Openwrt firmware: openwrt-ath79-nand-netgear_wndr4300tn-squashfs-factory.img
  + Proceed with the firmware installation and give the device a few
    minutes to finish and reboot.

* Flashing through TFTP:
  + Configure your wired client with a static IP in the 192.168.1.x range,
    e.g. 192.168.1.10 and netmask 255.255.255.0.
  + Power off the router.
  + Press and hold the RESET button (the factory reset button on the bottom
    of the device, with the gray circle around it, next to the Telenet logo)
    and turn the router on while keeping the button pressed.
  + The power LED will start flashing orange. You can release the button
    once it switches to flashing green.
  + Transfer the image over TFTP:
    $ tftp 192.168.1.1 -m binary -c put openwrt-ath79-nand-netgear_wndr4300tn-squashfs-factory.img

Signed-off-by: Davy Hollevoet <github@natox.be>
[use DT label reference for adding LEDs in DTSI files]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-06 16:56:07 +02:00
Daniel Golle
e0e607f0d0 procd: update to git HEAD
47a9f0d service: add method to query available container features
 afbaba9 initd: attempt to mount cgroup2
 ead60fe jail: use pidns semantics also for timens
 759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
 83053b6 instance: add instances into unified cgroup hierarchy
 16159bb jail: parse OCI cgroups resources

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 15:27:51 +01:00
Daniel Golle
2d9b653a2f libubox: update to git HEAD
9e52171 blobmsg: introduce BLOBMSG_CAST_INT64

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 15:27:51 +01:00
Felix Fietkau
3d731fc903 mac80211: merge performance improvement patches
Fix fq_codel performance issues
Add a new rx function for batch processing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-06 12:43:25 +02:00
Felix Fietkau
b7727a8005 mac80211: fix AQL issues
- Remove bogus STA txq pending airtime underflow warning
- Improve tx airtime estimation for A-MPDU traffic

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-06 12:42:29 +02:00
Felix Fietkau
60f595daab binutils: update to version 2.34
Fixes perf on aarch64

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-06 12:42:16 +02:00
Felix Fietkau
bab0d1c33c mt76: update to 2020-07-22
7bc58ca2b375 mt76: add missing lock configuring coverage class
43febd452110 mt76: mt7615: fix lmac queue debugsfs entry
0b9975254694 mt76: mt7615: fix hw queue mapping
4058595e146e mt76: overwrite qid for non-bufferable mgmt frames
49c7131dd0c5 mt76: mt76x02: do not access uninitialized NAPI structs
f185d90ec51c update mt7915 firmware to the latest version
0ed6a335ebc2 mt76: mt7615: re-enable offloading of sequence number assignment
2a52eabbddc5 mt76: usb: rely on mt76_for_each_q_rx
90fc1d8614e1 mt76: mt7663: introduce ARP filter offload
b57223dd01b9 mt76: mt7615: fix up typo in Kconfig for MT7663U
ec4057d685c0 mt76: add script for generating single-sku device tree data
769b030de636 mt76: add functions for parsing rate power limits from DT
1d2aedb248d0 mt76: extend DT rate power limits to support 11ax devices
a3e17ff8e624 mt76: mt7615: implement support for using DT rate power limits
a48a4ae32d48 mt76: allow more channels, allowed in ETSI domain
869ba618ef54 mt76: fix include in pci.h
b1ddec840aa4 mt76: rely on register macros
d6d9a7ea428d mt76: add U-APSD support on AP side
ee13b78367db mt76: mt7615: fix EEPROM buffer size
82a94173b162 mt76: mt7915: add missing CONFIG_MAC80211_DEBUGFS
c0dbbd930d32 mt76: mt7615: add .set_tsf callback
84d54df76996 mt76: mt7915: add a fixed AC queue mapping
dacc2d29672d mt76: mt7915: add MU-MIMO support
1ce4660a0ea3 mt76: mt7915: use ieee80211_tx_queue_params to avoid open coded
53891242a682 mt76: mt7915: add support for DT rate power limits
b3a4d78914f6 mt76: mt7915: rework the flow of txpower setting
c6ea163c019b mt76: mt7915: directly read per-rate tx power from registers
8ae83adc73a8 mt76: mt7915: overwrite qid for non-bufferable mgmt frames
740b0bfdf279 mt76: mt76x2e: rename routines in pci.c
b5eee1b52234 mt76: mt7615: schedule tx tasklet and sta poll on mac tx free
72f34107248e mt76: mt7615: add support for accessing mapped registers via bus ops
46bc8a0b5347 mt76: mt7615: add support for accessing RF registers via MCU
882cec420609 mt76: mt7615: use full on-chip memory address for WF_PHY registers
b1ddb8e35ca2 mt76: vif_mask to struct mt76_phy
3a1ea7287eb2 mt76: add API for testmode support
d7467bc018e5 mt76: mt7615: implement testmode support
3ea5da1639fe add utility for using testmode support
6789a2db7246 mt7615: fix getting wideband RSSI in test mode
7941217ffe46 mt76: mt7915: remove unused parameters in mt7915_puts_rate_txpower()
13ab1d648684 mt76: mt7915: update HE capabilities
3f0e66dc25de mt76: mt76x2: fix pci suspend/resume on mt7612e
c605f2b6940b mt76: mt76x2u: enable HC-M7662BU1
ca2b797ee52d mt76: mt7915: avoid memcpy in rxv operation
dad3f93e8f6a mt76: mt7615: avoid polling in fw_own for mt7663
ec303bfad299 mt76: move mt76 workqueue in common code
0bf82270568a mt76: mt7615: add mt7615_pm_wake utility routine
091e9b5df6af mt76: mt7615: introduce mt7615_mutex_{acquire,release} utilities
e3850966d74c mt76: mt7615: wake device before accessing regmap in debugfs
e6dcb71d7992 mt76: mt7615: wake device before configuring hw keys
050f8cd9cbe7 mt76: mt7615: introduce pm_power_save delayed work
56779a6c7dec mt76: mt7615: wake device in mt7615_update_channel before access regmap
b0bcdd66ccaa mt76: mt7615: acquire driver_own before configuring device for suspend
58369fdce235 mt76: mt7615: wake device before performing freq scan
2c188db1f7c7 mt76: mt7615: add missing lock in mt7615_regd_notifier
6fdb20a025eb mt76: mt7615: run mt7615_mcu_set_wmm holding mt76 mutex
36a789c00e4f mt76: mt7615: run mt7615_mcu_set_roc holding mt76 mutex
b8cdce45c131 mt76: mt7615: wake device before pulling packets from mac80211 queues
82e8e0525d6c mt76: mt7615: wake device before pushing frames in mt7615_tx
65ccc40c14e1 mt76: mt7615: run mt7615_pm_wake in mt7615_mac_sta_{add,remove}
2107caf92e71 mt76: mt7615: check MT76_STATE_PM flag before accessing the device
28a2f5fa6eed mt76: mt7615: do not request {driver,fw}_own if already granted
94519eac69c3 mt76: mt7615: add runtime-pm knob in mt7615 debugfs
ccc90dafea66 mt76: mt7615: enable beacon hw filter for runtime-pm
29f2bebe1a1e mt76: mt7615: add idle-timeout knob in mt7615 debugfs
58057d1f232b mt76: mt7615: improve mt7615_driver_own reliability
a873b7c8e3de mt76: mt7663u: sync probe sampling with rate configuration
b469c59c616c mt76: mt7615: avoid scheduling runtime-pm during hw scan
f1ff52acb6a7 mt76: mt7615: reschedule ps work according to last activity
1f670a534451 mt76: mt7663u: fix memory leak in set key
afff00ad2b60 mt76: mt7663u: fix potential memory leak in mcu message handler
4c9309f47ddf mt76: mt7615: fix potential memory leak in mcu message handler
379445b4aa7f mt76: mt7915: potential array overflow in mt7915_mcu_tx_rate_report()
750797b61ba8 mt76: fix copy&paste error in mt76_testmode_cmd
f9a7a2f7dbc2 testmode: fix setting tx_power
1641aa201682 mt76: mt7615: fix mt7615_mcu_set_test_param set non-bool parameters
6838d002f9de mt76: mt7615: fix tx_frames setup
8c0a25d6a38c mt76: mt7615: take into account sdio bus configuring txwi
c0cbef79eb45 mt76: mt76u: add mt76_skb_adjust_pad utility routine
98412356c959 mt76: mt7615: sdio code must access rate/key regs in preocess context
fa16627d7e3a mt76: mt7615: introduce mt7663-usb-sdio-common module
bf88e70c7a68 mt76: introduce mt76_sdio module
aa97be8e02de mt76: mt7615: introduce mt7663s support
1eb8b7d689a3 mt76: testmode: fix tx_done accounting on enqueue failures
632ce698e8ee mt76: mt7615: fix antenna settings for test mode
4d2f622190b6 mt76: mt76s: move queue accounting in mt76s_tx_queue_skb
9a3723c8febc mt76: mt7915: fix potential memory leak in mcu message handler
88fa973f59c2 mt76: mt7615: fix possible memory leak in mt7615_mcu_wtbl_sta_add
2fff7d77befd mt76: mt76u: add missing release on skb in __mt76x02u_mcu_send_msg
b5df0fbb1847 mt7615: update firmware to version 20200629

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-06 12:41:50 +02:00
Felix Fietkau
25e0ae6bfc mac80211: make cfg80211 testmode support optional (and disabled by default)
Testmode commands are typically only used for manufacturing or vendor specific
debugging features, so they should not be in the default image

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-06 12:36:23 +02:00
Jo-Philipp Wich
b92f54b919 openvpn: fix arguments passing to wrapped up and down scripts
With the introduction of the generic OpenVPN hotplug mechanism, wrapped
--up and --down scripts got the wrong amount and order of arguments passed,
breaking existing configurations and functionality.

Fix this issue by passing the same amount of arguments in the same expected
order as if the scripts were executed by the OpenVPN daemon directly.

Ref: https://github.com/openwrt/openwrt/pull/1596#issuecomment-668935156
Fixes: 8fe9940db6 ("openvpn: add generic hotplug mechanism")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-06 08:34:31 +02:00
Jo-Philipp Wich
34553e8cc9 add vfconfig
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-06 08:34:19 +02:00
Jo-Philipp Wich
96b87196b0 dsaconfig: introduce package for UCI configuration of VLAN filter rules
This package provides the necessary files to translate `config dsa_vlan`
and `config dsa_port` sections  of `/etc/config/network` into appropriate
bridge vlan filter rules.

The approach of the configuration is to bridge all DSA ports into a logical
bridge device, called "switch0" by default, and to set VLAN port membership,
tagging state and PVID as specified by UCI on each port and on the switch
bridge device itself, allowing logical interfaces to reference port VLAN
groups by using "switch0.N" as ifname, where N denotes the VLAN ID.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-06 08:34:19 +02:00
Rafał Miłecki
3d167ed805 uhttpd: update to the latest master
212f836 ubus: rename JSON-RPC format related functions
628341f ubus: use local "blob_buf" in uh_ubus_handle_request_object()
9d663e7 ubus: use BLOBMSG_TYPE_UNSPEC for "params" JSON attribute
77d345e ubus: drop unused "obj" arguments
8d9e1fc ubus: parse "call" method params only for relevant call

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-08-05 15:49:03 +02:00
Jason A. Donenfeld
80a6d3d4a2 wireguard: bump to 1.0.20200729
* compat: rhel 8.3 beta removed nf_nat_core.h
* compat: ipv6_dst_lookup_flow was ported to rhel 7.9 beta

This compat tag adds support for RHEL 8.3 beta and RHEL 7.9 beta, in addition
to RHEL 8.2 and RHEL 7.8. It also marks the first time that
<https://www.wireguard.com/build-status/> is all green for all RHEL kernels.
After quite a bit of trickery, we've finally got the RHEL kernels building
automatically.

* compat: allow override of depmod basedir

When building in an environment with a different modules install path, it's
not possible to override the depmod basedir flag by setting the DEPMODBASEDIR
environment variable.

* compat: add missing headers for ip_tunnel_parse_protocol

This fixes compilation with some unusual configurations.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-03 23:14:24 +02:00
Adrian Schmutzler
50413e1ec8 package: replace remaining occurrences of ifconfig with ip
ifconfig is effectively deprecated for quite some time now. Let's
replace the remaining occurrences for packages by the
corresponding ip commands now.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-03 10:42:35 +02:00
Magnus Kroken
48a9d99a21 openvpn: revise sample configuration
Update the openvpn sample configurations to use modern options in favor
of deprecated ones, suggest more sane default settings and add some
warnings.

* Add tls_crypt and ncp_disable to the sample configuration
* Replace nsCertType with remote_cert_tls in client sample configuration
* Comment out "option compress", compression should not be preferred
* Advise 2048-bit Diffie-Hellman parameters by default
* Add warnings about compression and use of Blowfish (BF-CBC)

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-08-01 14:54:39 +01:00
Rui Salvaterra
9565c5726a uboot-envtools: ath79: add support for the Nanostation M (XM)
Tested on an AirGrid M2 (AG‑HP‑2G16).

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-08-01 14:54:39 +01:00
Rui Salvaterra
f2af32c20c wireguard-tools: allow compiling with MIPS16 instructions
The wg utility compiles and runs without issues in MIPS16 mode, despite setting
PKG_USE_MIPS16:=0 in the makefile. Let's remove this, allowing for a substantial
size reduction of the wg executable. Since wg is a just a configuration utility,
it shouldn't be performance-critical, as the crypto heavy-lifting is done on the
kernel side.

wg sizes for both modes:

MIPS32: 64309 bytes
MIPS16: 42501 bytes

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-08-01 14:54:39 +01:00
Rosen Penev
cd41234d2f exfat: add out of tree module
>From an email conversation with the person responsible for upstreaming
the exFAT driver, it seems the staging one in kernel 5.4 is not so
good. Excerpts below.

Namjae Jeon:
Hm... exfat in 5.4 kernel  that we did crap shit long time ago is
contributed by someone who we don't know.
This version is unstable and low quality code. We have been improving
it continuously.
and staging version exfat is removed from linux 5.7 kernel.

linux exfat oot  version is a backport of exfat in linux 5.7 kernel to
support lower version kernel, and it is a real.
You can see the patch history fro linux-exfat-oot.
this version support timezone and boot sector verification feature newly.
and better filesystem structure and much clean code quality that
reviewed by high profile kernel developers. and add many bug fixes.
And this version is officially maintained by me and kernel guys.

I would not recommend to use staging exfat version.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-01 14:54:39 +01:00
Rosen Penev
d157ee0c12 staging: remove staging exfat driver
This will be replaced with the driver found in newer kernels.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-01 14:54:39 +01:00
David Bauer
68bf5a9659 mac80211: don't kill wireless daemon on teardown
Don't kill the wireless daemon on teardown. hostapd as well as
wpa_supplicant are managed by procd which would detect the shutdown of
either process as a crash loop.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-31 19:52:03 +02:00
David Bauer
8b3e170526 hostapd: fix incorrect service name
When retrieving the PID for hostapd and wpa_supplicant via ubus the
wrong service name is currently used. This leads to the following error
in the log:

netifd: radio0 (1409): WARNING (wireless_add_process):
executable path /usr/sbin/wpad does not match process  path (/proc/exe)

Fixing the service name retrieves the correct PID and therefore the
warning won't occur.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-31 19:51:51 +02:00
Adrian Schmutzler
65305cb448 kirkwood: use real model names for Linksys devices
This replaces the internal device names "Audi" and "Viper" with the
real model names, which a user would look for. This makes the
Linksys devices on this target consistent with the names recently
changed for mvebu based on the same idea.

As a consequence, the "viper" device definition is split into two
separate definitions with the correct names for both real models.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-31 15:03:43 +02:00
Tony Ambardar
217877d046 base-files: mount bpffs at boot
Explicitly mount the BPF filesystem if available. This is used for pinning
eBPF programs and maps, making them accessible to other eBPF programs or
from userspace with the help of libbpf or bpftool.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
[daniel@makrotopia.org: bumped PKG_RELEASE]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-31 13:43:03 +01:00
Adrian Schmutzler
c4dd7fc23b hostapd: reorganize config selection hierarchy for WPA3
The current selection of DRIVER_MAKEOPTS and TARGET_LDFLAGS is
exceptionally hard to read. This tries to make things a little
easier by inverting the hierarchy of the conditions, so SSL_VARIANT
is checked first and LOCAL_VARIANT is checked second.

This exploits the fact that some of the previous conditions were
unnecessary, e.g. there is no hostapd-mesh*, so we don't need
to exclude this combination.

It also should make it a little easier to see which options are
actually switched by SSL_VARIANT and which by LOCAL_VARIANT.

The patch is supposed to be cosmetic.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-31 11:40:15 +02:00
Adrian Schmutzler
02d6ac1060 base-files: fwtool: make compat_version backward compatible
So far, the compatibility mechanism only works if both device and
image are already updated to the new routines. This patch extends
the sysupgrade metadata and fwtool_check_image() to account for
"older" images as well:

The basic mechanism for older devices to check for image compatibility
is the supported_devices entry. This can be exploited by putting
a custom message into this variable of the metadata, so older FW
will produce a mismatch and print the message as it thinks it's the
list of supported devices. So, we have two cases:

device 1.0, image 1.0:
  The metadata will just contain supported_devices as before.

device 1.0, image 1.1:
  The metadata will contain:

  "new_supported_devices":["device_string1", "device_string2", ...],
  "supported_devices":["Image version 1.1 incompatible to device: ..."]

  If the device is "legacy", i.e. does not have the updated fwtool.sh,
  it will just fail with image check and print the content of
  supported_devices. If DEVICE_COMPAT_MESSAGE is set, this will be
  printed on old devices as well through the same mechanism. Otherwise
  a generic "Please check documentation ..." is appended.

  Upgrade can still be performed with -F like when
  SUPPORTED_DEVICES has been removed to prevent bricking.

  If the device has updated fwtool.sh (but is 1.0), it will just use
  the new_supported_devices instead, and work as intended (flashing
  with -n will work, flashing without will print the appropriate
  warning).

This mechanism should provide a fair tradeoff between simplicity
and functionality.

Since we touched a lot of fields in metadata, this also bumps
metadata_version to 1.1.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-31 11:40:15 +02:00
Adrian Schmutzler
ad3e1f9db4 base-files: fwtool: implement compatibility check for images
We regularly encounter the situation that devices are subject to
changes that will make them incompatible to previous versions.
Removing SUPPORTED_DEVICES will not really be helpful in most of these
cases, as this only helps after a rename.

To solve this situation, this patchset introduces a compatibility
version for devices. In this patch, the actual checks are implemented
into fwtool_check_image():

If an incompatible change is introduced, one can increase either
the minor version (1.0->1.1) or the major version (1.0->2.0).

Minor version increment:
This will still allow sysupgrade, but require to reset config
(-n or SAVE_CONFIG=0). If sysupgrade is called without -n, a
corresponding message will be printed. If sysupgrade is called
with -n, it will just pass, with supported devices being checked
as usual. (Which will allow us to add back SUPPORTED_DEVICES for
many cases.)

Major version increment:
This is meant for potential (rare) cases where sysupgrade is
not possible at all, because it would break the device.
In this case, a warning will be printed, and -n won't help.

If image check fails because of one of the versions parts not
matching, the content of DEVICE_COMPAT_MESSAGE is printed in
addition to the generic message (if set).

For both cases, upgrade can still be forced with -F as usual.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-31 11:40:15 +02:00
Adrian Schmutzler
735de53b2a base-files: add support for compat_version on device
We regularly encounter the situation that devices are subject to
changes that will make them incompatible to previous versions.
Removing SUPPORTED_DEVICES will not really be helpful in most of these
cases, as this only helps after a rename.

To solve this situation, this patchset introduces a compatibility
version for devices. To complement the DEVICE_COMPAT_VERSION set
for the image to be flashed, this implements a compat_version on
the device, so it will have something to compare with the image.

The only viable way to achieve this seems to be via board.d files,
i.e. this is technically adding a compat version for the device's
config.

Like for the network setup, this will set up a command
ucidef_set_compat_version to set the compat_version in board.d.
This will then add a string to /etc/board.json, which will be
translated into uci system config by bin/config_generate.
By this, the compat_version, being a version of the config, will
also be exposed to the user.

As with DEVICE_COMPAT_VERSION, missing uci entry will be assumed
as compat_version "1.0", so we only need to add this if a device
needs to be bumped, e.g.

   ucidef_set_compat_version "1.1"

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-31 11:40:15 +02:00
Daniel Golle
d15b6e4895 procd: update to git HEAD
28be011 instance: make sure values are not inherited from previous runs
 2ae5cbc uxc: remove debugging left-over

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-30 17:16:53 +01:00
Adrian Schmutzler
917980fd8a hostapd: improve TITLE for packages
For a few packages, the current TITLE is too long, so it is not
displayed at all when running make menuconfig. Despite, there is
no indication of OpenSSL vs. wolfSSL in the titles.

Thus, this patch adjusts titles to be generally shorter, and adds
the SSL variant to it.

While at it, make things easier by creating a shared definition for
eapol-test like it's done already for all the other flavors.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-30 16:27:44 +01:00
Daniel Golle
34705946e2 hostapd: update mesh DFS patches and add mesh HE support
Drop outdated and by now broken patchset originally supplied by
Peter Oh in August 2018 but never merged upstream.
Instead add the more promissing rework recently submitted by
Markus Theil who picked up Peter's patchset, fixed and completed it
and added support for HE (802.11ax) in mesh mode.

This is only compile tested and needs some real-life testing.

Fixes: FS#3214
Fixes: 167028b750 ("hostapd: Update to version 2.9 (2019-08-08)")
Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed")
Fixes: 017320ead3 ("hostapd: bring back mesh patches")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-30 16:27:44 +01:00
Daniel Golle
a15ed964cf procd: update to git HEAD
c3ca99f jail: serialize hook execution
 8ff8970 jail: add some remaining OCI features
 9d5fa0a uxc: behave more like a compliant OCI run-time
 1274033 uxc: fix create operation
 2d811a4 jail: add 'kill' method to container.%s object
 08133b8 uxc: use new container.%s kill ubus API

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-29 10:33:19 +01:00
David Bauer
c3e252d080 base-files: add function for generating random MAC
This adds a function for generating a valid random MAC address (unset MC
bit / set locally administered bit).

It is necessary for devices which do not have a MAC address programmed
by the manufacturer.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-28 15:52:44 +02:00
David Bauer
04f06787f1 uboot-rockchip: add NanoPi R2S support
Add support for the FriendlyARM NanoPi R2S.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-28 15:52:44 +02:00
David Bauer
65ac670b79 uboot-rockchip: update to v2020.07
Update the U-Boot to version v2020.07. Also replace the Makefile rewrite
with a proper patch, explaining why this hack is needed.

Run-tested: FriendlyARM NanoPi R2S

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-28 15:52:44 +02:00
Lucian Cristian
444b107118 atf-rockchip: update to 2.3
also install the firmware for all the supported boards

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[fix ATF blob path in uboot-rockchip]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-28 15:52:44 +02:00
Adrian Schmutzler
8126e572dd imx6: use device-tree compatible for board name
In imx6, we currently use the model from DTS to derive a board name
manually in /lib/imx6.sh.

However, if we have individual DTS files anyway, we can exploit
generic 02_sysinfo and use the compatible as board name directly.

While at it, remove the wildcards from /lib/upgrade/platform.sh as
these might make code shorter, but are quite unpleasant when grepping
for a specific device.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-27 12:10:45 +02:00
Adrian Schmutzler
0f3c3a5fb2 layerscape: harmonize device strings
OpenWrt lately has harmonized device (definition) names to the
pattern vendor_model to improve overall consistency, also with
other values like the DTS compatible.

This patch applies that scheme to the layerscape target.

Since this (intentionally) creates a bigger overlap between DTS names,
compatible, and device definition name, it also moves DEVICE_DTS and
SUPPORTED_DEVICES definitions to the Device/Default blocks.

Apart from that, it also modifies several packages to use consistent
naming in order to keep the $(1) file references working.

While at it, remove one layer of complexity for the setup in
tfa-layerscape package.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-27 12:06:52 +02:00
Yousong Zhou
6c57fb7aa9 firewall: bump to version 2020-07-05
Changes since last source version

  e9b90df zones: apply tcp mss clamping also on ingress path
  050816a redirects: fix segmentation fault
  f62a52b treewide: replace unsafe string functions
  23cc543 improve reload logic
  9d7f49d redurects: add support to define multiple zones for dnat reflection rules
  f87d0b0 firewall3: defaults: fix uci flow_offloading option
  fe9602c rules: fix typo
  7cc2a84 defaults: robustify flow table detection.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-07-26 18:10:52 +08:00
David Woodhouse
ad295e0ee8 mediatek: add U-Boot build for UniElec U7623
Patches submitted upstream at
https://patchwork.ozlabs.org/project/uboot/list/?series=189178

Tested on Banana Pi R2 and U7623-06.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-26 16:42:36 +08:00
David Bauer
a956c14d6a mac80211: util: don't warn on missing sband iftype data
The kernel currently floods the ringbuffer with warnings when adding a
mesh interface for a device not support HE 6GHz modes.

Return without warning in this case, as mesh_add_he_6ghz_cap_ie calls
ieee80211_ie_build_he_6ghz_cap regardless of the supported interface
modes.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-25 22:36:34 +02:00
Daniel Golle
98b60b3efa procd: jail: fix build on glibc and uclibc
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-25 16:54:40 +01:00
Daniel Golle
114e5255c4 procd: update to git HEAD
48777de rcS: cast format string to int64_t
 a4df90f jail: fix wrong format for 32-bit
 c482c5d jail: add support for referencing existing namespaces

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-25 16:07:59 +01:00
Kevin Darbyshire-Bryant
b2f7355eec cake-oot: update to latest HEAD
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-07-24 18:44:31 +01:00
Hauke Mehrtens
ed2015c386 mac80211: Update to version 5.8-rc2-1
The following patches:
* 972-ath10k_fix-crash-due-to-wrong-handling-of-peer_bw_rxnss_override-parameter.patch
* 973-ath10k_fix-band_center_freq-handling-for-VHT160-in-recent-firmwares.patch
are replaced by this commit in the upstream kernel:
* 3db24065c2c8 ("ath10k: enable VHT160 and VHT80+80 modes")

The following patches were applied upstream:
* 001-rt2800-enable-MFP-support-unconditionally.patch
* 090-wireless-Use-linux-stddef.h-instead-of-stddef.h.patch

The rtw88 driver is now split into multiple kernel modules, just put it
all into one OpenWrt kernel package.

rtl8812au-ct was patched to compile against the mac80211 from kernel
5.8, but not runtime tested.

Add a patch which fixes ath10k on IPQ40XX, this patch was send upstream
and fixes a crash when loading ath10k on this SoC.

Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq40xx/ map-ac2200]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-07-23 23:39:56 +02:00
Hauke Mehrtens
d1100c76b3 mac80211: Update to version 5.7.5-1
The b43 and b43legacy driver now support DRIVER_11W_SUPPORT.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-07-23 22:28:52 +02:00
Rosen Penev
1db3fb5842 uboot-mediatek: remove swig requirement
Ever since this package was introduced, the SDK for mt7629 failed to
build as it started failing on this package.

Fixed by porting Hauke's similar patch for uboot-sunxi to uboot-mediatek.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-07-23 17:38:13 +02:00
Michal Hrusecky
cdb25bcef3 openvpn: Allow override of interface name
If using a configuration file for OpenVPN, allow overriding name of the
interface. The reason is that then people could use configuration file
provided by VPN provider directly and override the name of the interface
to include it in correct firewall zone without need to alter the
configuration file.

Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
(cherry picked from commit c93667358515ec078ef4ac96393623ac084e5c9e)
2020-07-23 13:10:09 +02:00
Michal Hrusecky
8483bf3126 openpvn: Split out config parsing code for reuse
Split out code that parses openvpn configuration file into separate file
that can be later included in various scripts and reused.

Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
(cherry picked from commit 86d8467c8ab792c79809a08c223dd9d40da6da2e)
2020-07-23 13:10:09 +02:00
Kevin Darbyshire-Bryant
9b9726aeb4 kmod-sched-cake-oot: fix PKG_MIRROR_HASH
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-07-22 15:59:54 +01:00
Kevin Darbyshire-Bryant
017cd5bfb0 umdns: fix compiling using gcc 10
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-07-22 15:59:54 +01:00
David Bauer
93bbd998aa hostapd: enter DFS state if no available channel is found
Previously hostapd would not stop transmitting when a DFS event was
detected and no available channel to switch to was available.

Disable and re-enable the interface to enter DFS state. This way, TX
does not happen until the kernel notifies hostapd about the NOP
expiring.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-20 15:08:19 +02:00
David Bauer
cfd2f3bf6f mac80211: create channel list for fixed channel operation
Currently a device which has a DFS channel selected using the UCI
channel setting might switch to a non-DFS channel in case no chanlist is
provided (UCI setting "channels") when the radio detects a DFS event.

Automatically add a chanlist consisting of the configured channel when
the device does not operate in auto-channel mode and no chanlist set to
circumvent this issue.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-20 15:07:47 +02:00
Johannes Kimmel
65e9de3c33 vxlan: add capability for multiple fdb entries
Similar to wireguard, vxlan can configure multiple peers or add specific
entries to the fdb for a single mac address.

While you can still use peeraddr/peer6addr option within the proto
vxlan/vxlan6 section to not break existing configurations, this patch
allows to add multiple sections that conigure fdb entries via the bridge
command. As such, the bridge command is now a dependency of the vxlan
package. (To be honest without the bridge command available, vxlan isn't
very much fun to use or debug at all)

Field names are taken direclty from the bridge command.

Example with all supported parameters, since this hasn't been documented so
far:

  config interface 'vx0'
      option proto     'vxlan6'      # use vxlan over ipv6

      # main options
      option ip6addr   '2001:db8::1' # listen address
      option tunlink   'wan6'        # optional if listen address given
      option peer6addr '2001:db8::2' # now optional
      option port      '8472'        # this is the standard port under linux
      option vid       '42'          # VXLAN Network Identifier to use
      option mtu       '1430'        # vxlan6 has 70 bytes overhead

      # extra options
      option rxcsum  '0'  # allow receiving packets without checksum
      option txcsum  '0'  # send packets without checksum
      option ttl     '16' # specifies the TTL value for outgoing packets
      option tos     '0'  # specifies the TOS value for outgoing packets
      option macaddr '11:22:33:44:55:66' # optional, manually specify mac
                                         # default is a random address

Single peer with head-end replication. Corresponds to the following call
to bridge:

  $ bridge fdb append 00:00:00:00:00:00 dev vx0 dst 2001:db8::3

  config vxlan_peer
      option vxlan 'vx0'
      option dst '2001:db8::3' # always required

For multiple peers, this section can be repeated for each dst address.

It's possible to specify a multicast address as destination. Useful when
multicast routing is available or within one lan segment:

  config vxlan_peer
      option vxlan 'vx0'
      option dst 'ff02::1337' # multicast group to join.
                              # all bum traffic will be send there
      option via 'eth1'       # for multicast, an outgoing interface needs
                              # to be specified

All available peer options for completeness:

  config vxlan_peer
      option vxlan   'vx0'               # the interface to configure
      option lladdr  'aa:bb:cc:dd:ee:ff' # specific mac,
      option dst     '2001:db8::4'       # connected to this peer
      option via     'eth0.1'            # use this interface only
      option port    '4789'              # use different port for this peer
      option vni     '23'                # override vni for this peer
      option src_vni '123'               # see man 3 bridge

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2020-07-20 13:43:36 +02:00
Johannes Kimmel
5222aadbf3 vxlan: remove mandatory peeraddr
vxlan can be configured without a peer address. This is used to prepare
an interface and add peers later.

Fixes: FS#2743

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Acked-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-07-20 13:43:36 +02:00
Kevin Darbyshire-Bryant
a197fa093c dnsmasq: bump to 2.82
This fixes a nasty problem introduced in 2.81 which causes random
crashes on systems where there's significant DNS activity over TCP. It
also fixes DNSSEC validation problems with zero-TTL DNSKEY and DS
records.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-07-20 10:38:35 +01:00
Daniel Golle
5aedd5a110 procd: bump to git HEAD once again
Further complete OCI container support in ujail:
 f5f305e jail: move /tmp/resolv.conf.d to /dev/resolv.conf.d
 6f078ae jail: add support for defining devices
 686cf7a jail: actually apply filesystem-specific mount options
 f91009a jail: refactor default mounts into new structure
 66ae2d9 jail: re-implement /proc/sys/net read-write in netns hack

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-20 04:39:11 +01:00
Daniel Golle
211548c523 procd: update to git HEAD
9eddf0f jail: fix hooks
 1b1286b jail: parse and apply OCI sysctl values
 c049047 jail: implement OCI user additionalGIDs
 0e1920c jail: read and apply umask from OCI if defined
 1c46cc3 jail: parse and apply POSIX rlimits
 76adac5 jail: /proc/$pid/oom_score_adj to OCI defined oomScoreAdj

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-19 19:35:47 +01:00
Daniel Golle
bae4204e34 procd: bump to git HEAD
8d5208f jail: fix false return in case of nofail mount
 b41f76b procd: fix compile if procd-ujail is not selected
 86a5105 jail: fs: fix build on uClibc-ng
 bfce7d1 jail: fix some more mount options
 268126a jail: add support for maskedPaths and readonlyPaths

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-17 12:00:00 +01:00
Martin Schiller
6299c1760a ltq-*dsl-app: dsl_control: remove unneeded check for lantiq_dsl.sh
This file is always present because it is part of the ltq-dsl-base
package on which these packages depend.

This check would not have been necessary in the past, because the script
was part of the TARGET_LANTIQ on which these packages also depend.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2020-07-17 12:14:32 +02:00
Martin Schiller
4d8552c265 lantiq: move dsl related base-files into own package
It does not make sense to install this components on lantiq systems
where the dsl subsystem is not needed/used.

This also makes it possible to use the files also on other targets.
(hopefully ipq401x / FritzBox 7530 in the near future)

Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
2020-07-17 12:14:32 +02:00
Rosen Penev
cc66580293 lzo: fix pkgconfig paths
The last commit to this package that added the pkgconfig file did not
fix the paths to point to the prefix.

This allows packages to find lzo properly.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-07-17 11:00:33 +02:00
Alberto Bursi
f013cc4b26 uboot-mvebu: add uboot for helios 4
add u-boot for Helios 4 NAS

Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
2020-07-17 11:00:33 +02:00
Hans Dedecker
546e140382 nat46: update to latest git HEAD
ac712ad nat46-netdev: Add support for removing a rule

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-07-16 22:18:34 +02:00
Santiago Rodriguez-Papa
ed087cba8a ramips: add support for Linksys EA7300 v1
Specifications:

* SoC:      MediaTek MT7621A              (880 MHz 2c/4t)
* RAM:      Nanya NT5CC128M16IP-DIT       (256M DDR3-1600)
* Flash:    Macronix MX30LF1G18AC-TI      (128M NAND)
* Eth:      MediaTek MT7621A              (10/100/1000 Mbps x5)
* Radio:    MT7615N                       (2.4 GHz & 5 GHz)
            4 antennae: 1 internal and 3 non-deatachable
* USB:      3.0 (x1)
* LEDs:
    White   (x1 logo)
    Green   (x6 eth + wps)
    Orange  (x5, hardware-bound)
* Buttons:
    Reset   (x1)
    WPS     (x1)

Everything works! Been running it for a couple weeks now and haven't had
any problems. Please let me know if you run into any.

Installation:

Flash factory image through GUI.

This might fail due to the A/B nature of this device. When flashing, OEM
firmware writes over the non-booted partition. If booted from 'A',
flashing over 'B' won't work. To get around this, you should flash the
OEM image over itself. This will then boot the router from 'B' and
allow you to flash OpenWRT without problems.

Reverting to factory firmware:

Hard-reset the router three times to force it to boot from 'B.' This is
where the stock firmware resides. To remove any traces of OpenWRT from
your router simply flash the OEM image at this point.

Signed-off-by: Santiago Rodriguez-Papa <contact@rodsan.dev>
[use v1 only, minor DTS adjustments, use LINKSYS_HWNAME and add it to
DEVICE_VARS, wrap DEVICE_PACKAGES, adjust commit message/title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-16 13:39:44 +02:00
Adrian Schmutzler
e49fac097c base-files: replace backticks in lib/upgrade/nand.sh
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-15 18:33:56 +02:00
Adrian Schmutzler
9c170cb92f package: drop PKG_VERSION for purely local packages
In the package guidelines, PKG_VERSION is supposed to be used as
"The upstream version number that we're downloading", while
PKG_RELEASE is referred to as "The version of this package Makefile".
Thus, the variables in a strict interpretation provide a clear
distinction between "their" (upstream) version in PKG_VERSION and
"our" (local OpenWrt trunk) version in PKG_RELEASE.

For local (OpenWrt-only) packages, this implies that those will only
need PKG_RELEASE defined, while PKG_VERSION does not apply following
a strict interpretation. While the majority of "our" packages actually
follow that scheme, there are also some that mix both variables or
have one of them defined but keep them at "1".

This is misleading and confusing, which can be observed by the fact
that there typically either one of the variables is never bumped or
the choice of the variable to increase depends on the person doing the
change.

Consequently, this patch aims at clarifying the situation by
consistently using only PKG_RELEASE for "our" packages. To achieve
that, PKG_VERSION is removed there, bumping PKG_RELEASE where
necessary to ensure the resulting package version string is bigger
than before.

During adjustment, one has to make sure that the new resulting composite
package version will not be considered "older" than the previous one.

A useful tool for evaluating that is 'opkg compare-versions'. In
principle, there are the following cases:

1. Sole PKG_VERSION replaced by sole PKG_RELEASE:
   In this case, the resulting version string does not change, it's
   just the value of the variable put in the file. Consequently, we
   do not bump the number in these cases so nobody is tempted to
   install the same package again.

2. PKG_VERSION and PKG_RELEASE replaced by sole PKG_RELEASE:
   In this case, the resulting version string has been "version-release",
   e.g. 1-3 or 1.0-3. For this case, the new PKG_RELEASE will just
   need to be higher than the previous PKG_VERSION.
   For the cases where PKG_VERSION has always sticked to "1", and
   PKG_RELEASE has been incremented, we take the most recent value of
   PKG_RELEASE.

Apart from that, a few packages appear to have developed their own
complex versioning scheme, e.g. using x.y.z number for PKG_VERSION
_and_ a PKG_RELEASE (qos-scripts) or using dates for PKG_VERSION
(adb-enablemodem, wwan). I didn't touch these few in this patch.

Cc: Hans Dedecker <dedeckeh@gmail.com>
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Andre Valentin <avalentin@marcant.net>
Cc: Matthias Schiffer <mschiffer@universe-factory.net>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Steven Barth <steven@midlink.org>
Cc: Daniel Golle <dgolle@allnet.de>
Cc: John Crispin <john@phrozen.org>

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-15 18:33:56 +02:00
Adrian Schmutzler
b29d620ed2 vxlan: bump and change to PKG_RELEASE
Bumping package version has been overlooked in a previous commit.

While at it, use PKG_RELEASE instead of PKG_VERSION, as the latter
is meant for upstream version number only.
(The effective version string for the package would be "3" in both
cases, so there is no harm done for version comparison.)

Fixes: 0453c3866f ("vxlan: fix udp checksum control")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-15 18:33:56 +02:00
David Bauer
f886a26851 ravpower-mcu: bump PKG_RELEASE
Fixes commit b94d1a2d27 ("ravpower-mcu: remove target dependency")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-15 09:56:23 +02:00
Johannes Kimmel
0453c3866f vxlan: fix udp checksum control
So far, passing "rxcsum" and "txcsum" had no effect.

Fixes: 95ab18e012 ("vxlan: add options to enable and disable UDP
checksums")

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
[add Fixes:]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-15 00:23:38 +02:00
David Bauer
b94d1a2d27 ravpower-mcu: remove target dependency
Remove the target dependency as the tool is also usable with other
battery-powered routers.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-15 00:03:18 +02:00
Tony Ambardar
e89a7d72a5 iproute2: tc: fix missing em_ipset module
Feature detection doesn't recognize ipset v7 use on kernel v5.x systems
and thus disables the tc ematch function em_ipset.

- backport patch:
  * 002-configure-support-ipset-v7.patch:
    650591a7a70c configure: support ipset version 7 with kernel version 5

Fixes: 4e0c54bc5b ("kernel: add support for kernel 5.4")

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-07-14 22:00:43 +02:00
Tony Ambardar
9852104c71 iproute2: tc: fix dynamic symbol table size optimization
Recent iproute2 5.x versions modified the symbols resolved for plugins,
causing "tc .. action xt .." to fail. Update the list of symbols to fix.

Fixes: b61495409b ("iproute2: tc: reduce size of dynamic symbol table")

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-07-14 22:00:43 +02:00
Daniel Bailey
5792f6a104 procd: allow optional watchdog instance parameter
Optional instance watchdog timeout and watchdog mode can be set by
adding: procd_set_param $mode $timeout

$mode is an integer [0-1] representing instance watchdog mode of
operation:
0 = disabled
1 = passive mode, client must periodically poke watchdog via ubus

$timeout is an integer representing how often, in seconds, the watchdog must be poked.

Signed-off-by: Daniel Bailey <danielb@meshplusplus.com>
2020-07-14 00:25:02 +01:00
Daniel Golle
732b70c5bd procd: update to git HEAD
639df57 uxc: fix build with uClibc-ng
 b2230e4 procd: add service instance watchdog

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-14 00:25:02 +01:00
Daniel Golle
79fd87ef9d procd: update to git HEAD
aed7fb3 procd: fix compilation with uClibc-ng
 9d0f831 jail: fix segfault with len(uidmap/gidmap) > 1
 42a6217 jail: consider PATH for argv in OCI container
 83f4b72 jail: actually chdir into OCI defined CWD
 fc9f614 jail: parse and run OCI hooks
 02eec92 jail: memory allocation fixes
 71e75f4 jail: refactor mount support to cover OCI spec
 b586e7d jail: don't make mount source read-only
 dacab12 uxc: fix 'stop' command

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-13 12:20:28 +01:00
Jason A. Donenfeld
ad81e2da08 wireguard: bump to 1.0.20200712
This release brings parity with the commits Linus released a few hours
ago into 5.8-rc5.

* receive: account for napi_gro_receive never returning GRO_DROP

The napi_gro_receive function no longer returns GRO_DROP ever, making
handling GRO_DROP dead code. This commit removes that dead code.
Further, it's not even clear that device drivers have any business in
taking action after passing off received packets; that's arguably out of
their hands.

* device: implement header_ops->parse_protocol for AF_PACKET

WireGuard uses skb->protocol to determine packet type, and bails out if
it's not set or set to something it's not expecting. For AF_PACKET
injection, we need to support its call chain of:

    packet_sendmsg -> packet_snd -> packet_parse_headers ->
      dev_parse_header_protocol -> parse_protocol

Without a valid parse_protocol, this returns zero, and wireguard then
rejects the skb. So, this wires up the ip_tunnel handler for layer 3
packets for that case.

* queueing: make use of ip_tunnel_parse_protocol

Now that wg_examine_packet_protocol has been added for general
consumption as ip_tunnel_parse_protocol, it's possible to remove
wg_examine_packet_protocol and simply use the new
ip_tunnel_parse_protocol function directly.

* compat: backport ip_tunnel_parse_protocol and ip_tunnel_header_ops

These are required for moving wg_examine_packet_protocol out of
wireguard and into upstream.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-13 08:02:02 +02:00
Tomasz Maciej Nowak
2dc5ce622a mvebu: add support for MACCHIATObin Single Shot
Add support for Marvell MACCHIATObin Single Shot, cortex-a72 based
Marvell ARMADA 8040 Community board. Single Shot was broken as the
device tree is different on the Double Shot Board.

Specifications:
- Quad core Cortex-A72 (up to 2GHz)
- DDR4 DIMM slot with optional ECC and single/dual chip select support
- Dual 10GbE (1/2.5/10GbE) SFP+
  2.5GbE (1/2.5GbE) via SFP
  1GbE via copper
- SPI Flash
- 3 X SATA 3.0 connectors
- MicroSD connector
- eMMC
- PCI x4 3.0 slot
- USB 2.0 Headers (Internal)
- USB 3.0 connector
- Console port (UART) over microUSB connector
- 20-pin Connector for CPU JTAG debugger
- 2 X UART Headers
- 12V input via DC Jack
- ATX type power connector
- Form Factor: Mini-ITX (170 mm x 170 mm)

More details at http://macchiatobin.net

Installation:

Write the Image to your Micro SD Card and insert it in the
MACCHIATObin Single Shot SD Card Slot.

In the U-Boot Environment:
   1. reset U-Boot environment:
      env default -a
      saveenv

   2. prepare U-Boot with boot script:
      setenv bootcmd "load mmc 1:1 0x4d00000 boot.scr; source 0x4d00000"
      saveenv

   or manually (hanging lines indicate wrapped one-line command):
      setenv fdt_name armada-8040-mcbin-singleshot.dtb
      setenv image_name Image
      setenv bootcmd 'mmc dev 1; ext4load mmc 1:1 $kernel_addr
         $image_name;ext4load mmc 1:1 $fdt_addr $fdt_name;setenv
         bootargs $console root=/dev/mmcblk1p2 rw rootwait; booti
         $kernel_addr - $fdt_addr'
      saveenv

   On newer Bootloaders (18.12) the Variables have been changed, use:
      setenv fdt_name armada-8040-mcbin-singleshot.dtb
      setenv image_name Image
      setenv bootcmd 'mmc dev 1; ext4load mmc 1:1 $kernel_addr_r
         $image_name;ext4load mmc 1:1 $fdt_addr_r $fdt_name;setenv
         bootargs $console root=/dev/mmcblk1p2 rw rootwait; booti
         $kernel_addr_r - $fdt_addr_r'

Reported-by: Alexandra Alth <alexandra@alth.de>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: Alexandra Alth <alexandra@alth.de>
[add specs and installation as provided by Alexandra Alth]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-12 02:06:02 +02:00
Adrian Schmutzler
9faf9f8f23 mvebu: fix support for Marvell 8040 MACCHIATOBin
Between kernels 4.20 and 5.0, a new variant of this board has been
introduced ("Single Shot"), and the existing one has been renamed
with the appendix "Double Shot". [1]
This also adjusted the first compatible in the list:

marvell,armada8040-mcbin -> marvell,armada8040-mcbin-doubleshot

This patch updates the OpenWrt implementation of this device by
adjusting the relevant references to that compatible (i.e., our
board name).

To still provide support for 4.19 with our setup, this adds a
small patch to change the compatible there as well.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b1f0bbe2700051886b954192b6c1751233fe0f52

Cc: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-07-11 18:38:42 +02:00
Sebastian Kemper
ff8b8fee89 ltq-vmmc: update permission handling
The firmware is currently just copied. It can end up with o= on the
device (this is the case for voice_ar9_firmware.bin for instance).
Instead of copying it the Makefile is changed to use the macro
"$(INSTALL_DATA)" in order for the file to be world-readable.

While at it refactor the device node creation in the init script with
loop.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
[removed 2nd part with custom group handling for device nodes]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-11 14:49:10 +02:00
Yangbo Lu
c4d0e57e16 layerscape: support sysupgrade for squashfs rootfs
Support sysupgrade for all Layerscape boards with squashfs
rootfs.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-07-11 14:44:22 +02:00
Yangbo Lu
5ca8903631 layerscape: convert to squashfs rootfs for QSPI NOR boot
There had been an issue in Layerscape QSPI driver for very long
time, which made squashfs,jffs2 rootfs not work on QSPI NOR.
And the ubifs had been used as a workaround.
Now the issue has been fixed. So convert to use squashfs,jffs2
rootfs on QSPI NOR for Layerscape boards (LS1012ARDB/LS1046ARDB/
LS1088ARDB), and update u-boot bootargs for booting.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-07-11 14:44:22 +02:00
Rui Salvaterra
eb24a57b7f busybox: store applet usage messages uncompressed
The rootfs squashfs is already highly (XZ) compressed. Storing the applet
messages in compressed form will increase the entropy and reduce the overall
image compression ratio.

Size diffs (compressed vs uncompressed):

busybox (the executable): 364596 vs 384804 bytes.

OpenWrt target images (the kernel image is unchanged, obviously):

 omnia-medkit-openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs.tar.gz:

  9163597 vs 9162531 bytes (1066 bytes difference).

openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs-kernel.bin:

  9161688 vs 9160600 bytes (1088 bytes difference).

openwrt-mvebu-cortexa9-cznic_turris-omnia-sysupgrade.img.gz:

 9729550 vs 9729230 bytes (320 bytes difference).

All in all, we save just a little bit over 1 kiB. As an added bonus, we
also don't have to decompress the messages twice, (first from squashfs,
then from the bzip2 message storage).

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[added additional size comparision diff detaisl]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-11 14:42:32 +02:00
Rosen Penev
8e6f2c029f base-files/functions.sh: use command -v instead of which
which must be executed. command -v is a shell builtin.

https://github.com/koalaman/shellcheck/wiki/SC2230

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-07-11 14:42:32 +02:00
Rui Salvaterra
99dae00fa8 kernel: kmod-zram: break the strict dependency from lz4
Zram is only strictly dependent on lzo, not lz4. Break this dependency and
make the lz4 module visible in the configuration, in order for the user to
have the choice of enabling/disabling it, if (s)he sees fit.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-07-11 13:33:28 +02:00
Rui Salvaterra
0b6155de0b zram-swap: correctly express the required dependencies
The block-mount swapon implementation doesn't support discard, so make zram-swap
depend only on the default BusyBox implementation or, when unavailable, on the
one present in the swap-utils package.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-07-11 13:33:28 +02:00
Rui Salvaterra
0bd7dfa3ed zram-swap: enable swap discard
Zram block devices have supported trim/discard for over six years, let's
enable it. This allows the zram device to actually free up allocated memory
when it's marked as unused in the filesystem metadata, as explained in more
detail in the original commit message [1].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/block/zram/zram_drv.c?h=linux-4.14.y&id=f4659d8e620d08bd1a84a8aec5d2f5294a242764

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-07-11 13:33:28 +02:00
Rui Salvaterra
c5c652e5ad busybox: use CLOCK_MONOTONIC instead of gettimeofday
The clock_gettime(CLOCK_MONOTONIC) syscall exists for so long that the first
kernel version to support it is not even specified in the man page [1]. Let's
enable it on BusyBox by default. Otherwise, gettimeofday will be used instead,
which will give wrong results if the date/time is reset (time moving backwards).

[1] https://linux.die.net/man/2/clock_gettime

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-07-11 13:33:28 +02:00
Rosen Penev
f61110e8f2 lzo: switch to building with CMake
CMake is less error prone that autotools and also compiles faster.

Fixed license information.

Added pkgconfig file to InstallDev so that packages that use it can
find lzo.

Before:

time make package/lzo/compile -j 12
________________________________________________________
Executed in   20.87 secs   fish           external
   usr time   26.95 secs    0.00 micros   26.95 secs
   sys time    5.49 secs  305.00 micros    5.49 secs

After:

time make package/lzo/compile -j 12
________________________________________________________
Executed in   13.22 secs   fish           external
   usr time   19.59 secs  328.00 micros   19.59 secs
   sys time    4.03 secs   10.00 micros    4.03 secs

Time output is with fish shell. make clean was ran before both attempts.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-07-11 13:33:28 +02:00
Petr Štetiar
0b76410231 libubox: update to version 2020-07-11
f4e9bf73ac5c examples/lua: attempt to highlight some traps
 53b9a2123fc6 lua/uloop: fd_add: use absolute indices for arguments
 c0941d3289fc lua/uloop: make get_sock_fd capable of absolute addresses
 161c25960ba2 lua/uloop: fd_add() better args checking

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-11 13:33:28 +02:00
Tomasz Maciej Nowak
4d92a558f2 linux-firmware: package EIP197 mini firmware
Quoting part of original message from eefb5f741015 commit in
linux-firmware repository:

This adds the "minifw" version of the EIP197 firmware, which the inside-
secure driver will use as a fallback if the original full-featured
firmware cannot be found. This allows for using the inside-secure driver
and hardware without access to "official" firmware only available under
NDA.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-07-11 13:33:28 +02:00
Pawel Dembicki
67ce9aedd6 kirkwood: add support for Check Point L-50
This patch adds support for the Check Point L-50 from 600/1100 series
routers.

Specification:
-CPU: Marvell Kirkwood 88F6281 1200MHz
-RAM: 512MB
-Flash: NAND 512MB
-WiFi: mPCIe card based on Atheros AR9287 b/g/n
-WAN: 1 Gigabit Port (Marvell 88E1116R PHY)
-LAN: 9 Gigabit Ports (2x Marvell 88E6171(5+4))
-USB: 2x USB2.0
-Express card slot
-SD card slot
-Serial console: RJ-45 115200 8n1
-Unsupported DSL

Known issues:
-DSL not supported
-Expresscard not tested

Installation:

Step one -> backup:
make backup u-boot and env for revert stock posibility
make backup dsl_mac_addr, dmz_mac_addr, eth1addr, ethaddr and all lanX_mac_addr

Step two -> Use kwboot tool to upload openwrt u-boot to RAM:

run kwboot: "kwboot -B 115200 /dev/ttyUSB0 -b u-boot.kwb -p -t"
end start u-boot

Step three -> Restore macs (e.g. below):
setenv eth1addr 00:1C:XX:XX:XX:6C
setenv ethaddr 00:1C:XX:XX:XX:6B
setenv lan1_mac_addr 00:1C:XX:XX:XX:6C
setenv lan2_mac_addr 00:1C:XX:XX:XX:6D
setenv lan3_mac_addr 00:1C:XX:XX:XX:6E
setenv lan4_mac_addr 00:1C:XX:XX:XX:6F
setenv lan5_mac_addr 00:1C:XX:XX:XX:70
setenv lan6_mac_addr 00:1C:XX:XX:XX:71
setenv lan7_mac_addr 00:1C:XX:XX:XX:72
setenv lan8_mac_addr 00:1C:XX:XX:XX:73
setenv dmz_mac_addr 00:1C:XX:XX:XX:74
setenv dsl_mac_addr 00:1C:XX:XX:XX:75

Step four -> flash u-boot:
mw 0x0800000 0xffff 0x100000
nand erase 0x0 100000
tftp 0x0800000 openwrt-kirkwood-l50-u-boot.kwb
nand write 0x0800000 0x0 0x100000
saveenv

Step five -> run initramfs image:

tftpboot 0x02000000 openwrt.bin; bootm 0x02000000;

Step six -> install sysupgrade OpenWrt image:

copy to /tmp/ sysupgrade image
run sysupgrade

Back to stock:
Restore original u-boot end env.
Install factory image via stock u-boot.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-07-11 13:33:28 +02:00
Pawel Dembicki
c881d7ab03 uboot-kirkwood: add uboot for CheckPoint L-50
This patch add u-boot for CheckPoint L-50 routers.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-07-11 13:33:28 +02:00
Pawel Dembicki
9c99187e61 kernel: add package for Seiko S-35390A I2C RTC
This patch adds kernel package for Seiko Instruments S-35390A.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-07-11 13:33:28 +02:00
Huangbin Zhan
7d97fe55f4 uboot-envtools: ath79: update ubootenv partion index for gl-ar300m
The block index of u-boot-env changed from mtd1 to mtd3 after upgrading kernel to 5.4.
This patch search the mtd block by label name, work as expect when perform a clean flash.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-07-11 13:33:28 +02:00
Adrian Schmutzler
9362ea1661 base-files: remove useless cat
Check file contents directly instead of using cat.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-11 12:52:01 +02:00
Adrian Schmutzler
b837216345 wireguard-tools: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-11 12:52:01 +02:00
Adrian Schmutzler
d7d6e055e9 base-files: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

This does not touch lib/upgrade/nand.sh, as there replacement is
not trivial.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-11 12:52:01 +02:00
Daniel Golle
5115cb0501 procd: fix yet another build issue, this time with capabilities
3034eaf jail: use linux/capability.h instead of sys/capability.h

Fixes: b6e440a0f5 ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-11 11:28:48 +01:00
Daniel Golle
560093222c procd: fix another seccomp-related build issue
3473671 ujail: add dependency on syscall-names-h

Fixes: b6e440a0f5 ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-11 10:54:43 +01:00
Daniel Golle
a6160de3f7 procd: jail: fix build on platforms without seccomp support
Fixes: b6e440a0f5 ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-11 00:09:18 +01:00
Daniel Golle
b6e440a0f5 procd: update to git HEAD
ea7a790 jail: add support for running OCI bundle
 bb4a446 uxc: add container management CLI tool

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-10 18:57:05 +01:00
Daniel Golle
727685c317 mac80211: rt2x00: define RF5592 in init_eeprom routine
Make sure RF5592 is set for RT5592 chip which apparently sometimes
doesn't have RF defined (but always comes with RF5592).
This patch was originally submitted on linux-wireless by
Tom Psyborg <pozega.tomislav@gmail.com> but got rejected.
Turns out the patch is actually needed.

Reported-by: Sebastian Gottschall <s.gottschall@dd-wrt.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-10 18:53:52 +01:00
Lucian Cristian
1337093e87 kernel: iscsi-initator: fix kernel config symbols
Enable SCSI low-level drivers on targets that don't have it already in
order to fix following build failures on few platforms:

  .config:4739:warning: symbol value 'm' invalid for SCSI_LOWLEVEL
 * Restart config...
 * SCSI low-level drivers
 SCSI low-level drivers (SCSI_LOWLEVEL) [Y/n] (NEW) aborted!

Fixes: b88f8202c4 ("kernel: add iscsi-initator support")
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[commit subject and description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-09 10:28:40 +02:00
Sungbo Eo
358aec7775 ath79: add support for Arduino Yun
Arduino Yun is a microcontroller development board, based on Atmel
ATmega32u4 and Atheros AR9331.

Specifications:
- MCU: ATmega32U4
- SoC: AR9331
- RAM: DDR2 64MB
- Flash: SPI NOR 16MB
- WiFi:
  - 2.4GHz: SoC internal
- Ethernet: 1x 10/100Mbps
- USB: 1x 2.0
- MicroSD: 1x SDHC

Notes:
- Stock firmware is based on OpenWrt AA.
- The SoC UART can be accessed only through the MCU.
  YunSerialTerminal is recommended for access to serial console.
- Stock firmware uses non-standard 250000 baudrate by default.
- The MCU can be reprogrammed from the SoC with avrdude linuxgpio.

Installation:
1.  Update U-Boot environment variables to adapt to new partition scheme.
    > setenv bootcmd "run addboard; run addtty; run addparts; run addrootfs; bootm 0x9f050000 || bootm 0x9fea0000"
    > setenv mtdparts "spi0.0:256k(u-boot)ro,64k(u-boot-env),15936k(firmware),64k(nvram),64k(art)ro"
    > saveenv
2.  Boot into stock firmware normally and perform sysupgrade with
    sysupgrade image.
    # sysupgrade -n -F /tmp/sysupgrade.bin

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-07-08 23:22:30 +02:00
Sungbo Eo
dc61e3b7ff base-files: add functions to set or clear bit in MAC address
Some devices (e.g. Arduino Yun) need bitwise operations during MAC address
setup. This commit adds generalized versions of macaddr_setbit_la(), which
are helpful when manipulating a single bit in a MAC address.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-07-08 23:22:30 +02:00
David Woodhouse
7adc29f59e mediatek: add SD card image creation for Banana Pi R2
Based on work by Alexey Loukianov <lx2@lexa2.ru> and others.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
David Woodhouse
0c7bce7efd mediatek: use U-Boot FAT environment support for Banana Pi R2
Instead of building in a default environment which loads our environment
from the FAT partition....  just ask U-Boot to do it.

Submitted upstream at
https://patchwork.ozlabs.org/project/uboot/list/?series=184688

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
David Woodhouse
dc4699470b mediatek: fix U-Boot pinctrl setup for mt7623 eMMC
The U-Boot pinctrl driver for mt7623 was incomplete and didn't handle the
settings required for eMMC to work.

Submitted upstream at
https://patchwork.ozlabs.org/project/uboot/list/?series=184529

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
David Woodhouse
f0b51c1389 mediatek: add mt7623 u-boot build for Banana Pi R2
For building full SD/eMMC images for Banana Pi R2 we'll want a u-boot
image built for that platform.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
David Woodhouse
1e4c885395 mediatek: new mt7623n preloader package for Banana Pi
Download the boot preloader code from the Banana Pi github repo and make
it available for bootable SD card image creation.

Supports only Banana Pi R2 for now.

Based on work by Alexey Loukianov <lx2@lexa2.ru> and others.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
David Woodhouse
7d9fb6aed9 fstools: update to the latest version
d34ea8e Use autoclear for overlay loopback device

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
Petr Štetiar
bbdd99619c kernel: iscsi-initator: fix missing dependency
Fixes following issue:

 Package kmod-iscsi-initiator is missing dependencies for the following libraries:
 crypto_hash.ko

Fixes: b88f8202c4 ("kernel: add iscsi-initator support")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-08 21:13:14 +02:00
Bjørn Mork
d512657195 mt7621-qtn-rgmii: enable RGMII connected Quantenna QV840
Write a magic value to a magic destination.  This might
be specific to the Mitrastar designed ZyXEL WAP6805.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
2020-07-08 16:07:05 +02:00
Pawel Dembicki
20c7abd4b7 ipq806x: add support for Linksys EA7500 V1
This patch adds support for the Linksys EA7500 V1 router.

Specification:
 - CPU: Qualcomm IPQ8064
 - RAM: 256MB
 - Flash: NAND 128MB
 - WiFi: QCA9982 an+ac + QCA9983 bgn
 - Ethernet: 5 GBE Ports (WAN+ 4xLAN) (QCA8337)
 - USB: 1x USB 3.0 1x USB2.0
 - Serial console: RJ-45 115200 8n1 (1V8 Voltage level)
 - 2 Buttons
 - 1 LED

Known issues:
 - Some devices won't flash via web gui

Installation:
- Newer stock images doesn't allow to install custom firmware.
- Please downgrade software to 1.1.2 version. Official firmware:
https://downloads.linksys.com/downloads/firmware/FW_EA7500_1.1.2.172843_prod.gpg.img
- Do it two times to downgrade all stored images.
- Apply factory image via web-gui.

Serial + TFTP method:
 - downgrade to 1.1.2 two times
 - connect ehternet and serial cable
 - set ip address of tftp server to 192.168.1.254
 - put openwrt factory image to tftp folder and rename it to macan.bin
 - stop device while booting in u-boot
 - run command: "run flashimg"
 - run command: "setenv boot_part 1"
 - run command "saveenv"
 - reset

Back to stock:
- Please use old non-gpg image like this 1.1.2:
https://downloads.linksys.com/downloads/firmware/FW_EA7500_1.1.2.172843_prod.img
- ssh to router and copy image to tmp
- use sysupgrade -n -F

Tested by github users: @jack338c and @grzesiczek1

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[removed i2c4_pins, mdio0_pins, nand_pins, rgmii2_pins from DTSI]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-08 16:07:05 +02:00
Yanase Yuki
4a77a060ab ipq40xx: add support for Buffalo WTR-M2133HP
Buffalo WTR-M2133HP is a Tri-Band router based on IPQ4019.

Specification
-------------
- SoC: Qualcomm IPQ4019
- RAM: 512MiB
- Flash Memory: NAND 128MiB (MXIC MX30LF1G18AC)
- Wi-Fi: Qualcomm IPQ4019 (2.4GHz, 1ch - 13ch)
- Wi-Fi: Qualcomm IPQ4019 (5GHz, 36ch - 64ch)
- Wi-Fi: Qualcomm QCA9984 (2T2R, 5GHz, 100ch - 140ch)
- Ethernet: 4x 10/100/1000 Mbps (1x WAN, 3x LAN)
- LED: 4x white LED, 4x orange LED, 1x blue LED
- USB: 1x USB 3.0 port
- Input: 2x tactile switch, 2x slide switch (2x SP3T)
- Serial console: 115200bps, pinheader JP5 on PCB
- Power: DC 12V 2A

Flash instruction
-----------------
1. Set up a TFTP server (IP address: 192.168.11.10)
2. Rename "initramfs-fit-uImage.itb" to "WTR-M2133HP-initramfs.uImage"
   and put it into the TFTP server directory.
3. Connect the TFTP server and WTR-M2133HP.
4. Hold down the AOSS button, then power on the router.
5. After booting OpenWrt initramfs image, connect to the router by SSH.
6. Transfer "squashfs-nand-factory.ubi" to the router.
7. Execute the following commands.
    # ubidetach -p /dev/mtd15
    # ubiformat /dev/mtd15 -f /tmp/openwrt-ipq40xx-generic-buffalo_wtr-m2133hp-squashfs-nand-factory.ubi
    # fw_setenv bootcmd bootipq
8. Perform reboot.

Recover to stock firmware
-------------------------
1. Execute the following command.
    # fw_setenv bootcmd bootbf
2. Reboot and wait several minutes.

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
2020-07-08 16:07:05 +02:00
Pawel Dembicki
d2c3131b3f kirkwood: add support for Zyxel NSA310S
Zyxel NSA310S is a NAS based on Marvell kirkwood SoC.

Specification:
 - Processor Marvell 88F6702 1 GHz
 - 256MB RAM
 - 128MB NAND
 - 1x GBE LAN port (PHY: Marvell 88E1318)
 - 2x USB 2.0
 - 1x SATA
 - 3x button
 - 7x leds
 - serial on J1 connector (115200 8N1) (GND-NOPIN-RX-TX-VCC)

Known issues:
 - no kernel module for RTC. [*]
 - buzzer (connected to MPP43) need to be drived by 1kHz signal
 - no kernel module for internal MCU connected via I2C[**]

[*]
Karoly Pocsi made simple, unofficial driver for HT1382.
It can be found here:
https://www.madadmin.com/zyxel-nsa320s-es-debian-linux-4-resz/

[**]
Karoly Pocsi found how CPU talk with MCU:
It is possible to query the MCU-controlled fan speed and temperature:
i2cget -y 0x0 0x0a 0x07
i2cget -y 0x0 0x0a 0x08
The first value (0x07) is the temperature in ° C, the second (0x08) is
the time in milliseconds to complete one fan revolution (rpm = 60,000 / value).
Info translated from:
https://www.madadmin.com/zyxel-nsa320s-es-debian-linux-4-resz/

Installation:

TFTP:
1. Run serial console and go to u-boot.
2. Copy u-boot via tftp and write to NAND:
	=> mw 0x0800000 0xffff 0x100000
	=> nand erase 0x0 100000
	=> setenv ipaddr 192.168.1.2
	=> setenv serverip 192.168.1.4
	=> tftp 0x0800000 nsa310s-u-boot.kwb
	=> nand write 0x0800000 0x0 0x100000
	=> reset
3. Run new u-Boot, repair bootcmd and restore MAC address from sticker
	=> setenv ethaddr AA:BB:CC:DD:EE:FF
	=> saveenv
4. Copy and run initramfs image
	=> setenv ipaddr 192.168.1.2
	=> setenv serverip 192.168.1.4
	=> tftpboot zyxel_nsa310s-initramfs-uImage
	=> bootm 0x800000
5. Download sysupgrade image and perform sysupgrade

USB:

1. Prepare usb fat32 drive with u-boot.kwb and initramfs image.
   Stick it to USB 2.0 port.
2. Run serial console and go to u-boot.
3. Copy u-boot from usb and write to NAND:
	=> mw 0x0800000 0xffff 0x100000
	=> nand erase 0x0 100000
	=> usb start
	=> fatload usb 0 0x0800000 u-boot.kwb
	=> nand write 0x0800000 0x0 0x100000
	=> reset
4. Run new u-Boot, repair bootcmd and restore MAC address from sticker
	=> setenv ethaddr AA:BB:CC:DD:EE:FF
	=> saveenv
5. Copy and run initramfs image:
	=> usb start
	=> fatload usb 0 0x0800000 initramfs-uImage
	=> bootm 0x800000
6. Download sysupgrade image and perform sysupgrade.

Based on work ThBexx <thomas.beckler@hotmail.com>
DTS based on dropped support in 0ebdf0c.

Tested-by: Lech Perczak <lech.perczak@gmail.com>
Reviewed-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[NSA310s -> NSA310S in DEVICE_MODEL]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-08 16:07:05 +02:00
Pawel Dembicki
4c2e475842 uboot-kirkwood: add support for Zyxel NSA310S
This patch modifies the u-boot config for the Zyxel NSA310S to work with
OpenWrt.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-07-08 16:07:05 +02:00
Kirill Lukonin
667fbb8151 comgt: add new script to send ussd request and get the answer
New script for comgt. Should help to fetch balance or any additional information with USSD.
This script uses the standard AT command which should be supported by all modems.

Run-tested on: Mikrotik wAP LTE KIT

Signed-off-by: Kirill Lukonin <klukonin@gmail.com>
[fixed from/sob]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-08 16:07:05 +02:00
Dongming Han
f103321349 ipq40xx: add support for GL.iNet GL-S1300
Specifications:
SOC:        Qualcomm IPQ4029 (DAKOTA) ARM Quad-Core
RAM:        512 MiB
FLASH1:     16 MiB NOR - SPI0
FLASH2:     8 GiB eMMC
ETH:        Qualcomm QCA8075
WLAN1:      Qualcomm Atheros QCA4029 2.4GHz 802.11b/g/n 2x2
WLAN2:      Qualcomm Atheros QCA4029 5GHz 802.11n/ac W2 2x2
INPUT:      Reset, WPS
LED:        Power, Mesh, WLAN
UART1:      On board pin header near to LED (3.3V, TX, RX, GND), 3.3V without pin - 115200 8N1
UART2:      On board with BLE module
SPI1:       On board socket for Zigbee module

Install via tftp
- NB: need to flash transition image firstly

Firstly install transition image:
(IPQ40xx) # tftpboot 0x84000000 s1300-factory-to-openwrt.img
(IPQ40xx) # sf probe && imgaddr=0x84000000 && source :script

Secondly install openwrt sysupgrade bin:
(IPQ40xx) # run lf

Revert to factory image:
(IPQ40xx) # tftpboot 0x84000000 s1300-openwrt-to-factory.img
(IPQ40xx) # sf probe && imgaddr=0x84000000 && source :script

The kernel and rootfs of factory firmware are on eMMC, and openwrt
firmware is on NOR flash. The transition image includes U-boot
and partition table, which decides where to load kernel and rootfs.
After you firstly install openwrt image, you can switch between
factory and openwrt firmware by flashing transition image.

Signed-off-by: Dongming Han <handongming@gl-inet.com>
2020-07-08 16:07:05 +02:00
Lucian Cristian
b88f8202c4 kernel: add iscsi-initator support
Module is needed for using iscsi-initiator userspace applications

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[added missing newline between kernel modules]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-08 16:07:05 +02:00
Wren Turkal
9f02026933 uclibc++: make verbosity affect uClibc++ build
Before this change, setting the verbosity to anything with V=blah would
cause uclibc++ build to print errors to the screen. Now, it the
clibc++ build verbosity will be altered in the following manners:
* V=s will set V=1 in the uclibc++ build
* V=sc will set V=2 in the uclibc++ build

Signed-off-by: Wren Turkal <wt@penguintechs.org>
2020-07-08 16:07:05 +02:00
Emir Efe Kucuk
53a1fede1f ramips: Add support for Xiaomi Mi Router(Black,R2100)
The Xiaomi Mi Router AC2100 is a *black* cylindrical router that shares many
characteristics (apart from its looks and the GPIO ports) with the 6-antenna
*white* "Xiaomi Redmi Router AC2100"

See the visual comparison of the two routers here:
https://github.com/emirefek/openwrt-R2100/raw/imgcdn/rm2100-r2100.jpg

Specification of R2100:
- CPU: MediaTek MT7621A
- RAM: 128 MB DDR3
- FLASH: 128 MB ESMT NAND
- WIFI: 2x2 802.11bgn (MT7603)
- WIFI: 4x4 802.11ac (MT7615)
- ETH: 3xLAN+1xWAN 1000base-T
- LED: Power, WAN in Yellow and Blue
- UART: On board (Don't know where is should be confirmed by anybody else)
- Modified u-boot

Hacking of official firmware process is same at both RM2100 and R2100.
Thanks to @namidairo

Here is the detailed guide Hack: https://github.com/impulse/ac2100-openwrt-guide
Guide is written for MacOS but it will work at linux.
needed packages: python3(with scapy), netcat, http server, telnet client

1. Run PPPoE&exploit to get nc and wget busybox, get telnet and wget firmware
2. mtd write openwrt-ramips-mt7621-xiaomi_mi-router-ac2100-kernel1.bin kernel1
3. nvram set uart_en=1
4. nvram set bootdelay=5
5. nvram set flag_try_sys1_failed=1
6. nvram commit
7. mtd -r write openwrt-ramips-mt7621-xiaomi_mi-router-ac2100-rootfs0.bin rootfs0

other than these I specified in here. Everything is same with:
f3792690c4
Thanks for all community and especially for this device:
@Ilyas @scp07 @namidairo @Percy @thorsten97 @impulse (names@forum.openwrt.com)

MAC Locations:
WAN *:b5 = factory 0xe006
LAN *:b6 = factory 0xe000
WIFI 5ghz *:b8 = factory 0x8004
WIFI 2.4ghz *:b7 = factory 0x0004

Signed-off-by: Emir Efe Kucuk <emirefek@gmail.com>
[refactored common image bits into Device/xiaomi-ac2100, fixed From:]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-08 16:07:05 +02:00
Hans Dedecker
2b479512bc curl: bump to 7.71.1
For changes in 7.71.1; see https://curl.haxx.se/changes.html#7_71_1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-07-07 22:16:47 +02:00
Hans Dedecker
ebddd0b327 nat46: fix translation of ICMP protocol unreachable
Refresh patch

1182f30 nat46-core: Fix translation of ICMP protocol unreachable

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-07-07 21:42:49 +02:00
Petr Štetiar
4e57fd5ada dropbear: make rsa-sha2-256 pubkeys usable again
Upstream in commit 972d723484d8 ("split signkey_type and signature_type
for RSA sha1 vs sha256") has added strict checking of pubkey algorithms
which made keys with SHA-256 hashing algorithm unusable as they still
reuse the `ssh-rsa` public key format. So fix this by disabling the
check for `rsa-sha2-256` pubkeys.

Ref: https://tools.ietf.org/html/rfc8332#section-3
Fixes: d4c80f5b17 ("dropbear: bump to 2020.80")
Tested-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-07 19:47:24 +02:00
David Bauer
4c8eb4ad9e ravpower-mcu: add missing PKG_RELEASE
This fixes the imagebuilder for this device.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-06 17:59:18 +02:00
Jan Hoffmann
dfe0bc860f mac80211: allow ACS restriction with fixed channel
This can be useful when a DFS channel is configured, as the ACS channel
list is taken into account when switching channels after a radar event.
For example, this allows to prevent the SRD channels from being used in
that case.

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[reorder structure]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-06 17:56:54 +02:00
John Audia
556eb9872d linux-firmware: Update linux-firmware to 20200619
git log --pretty=oneline --abbrev-commit 20200122..20200619

e96c121 (tag: 20200619, origin/main) amdgpu: update renoir firmware from 20.20 release
db0402e amdgpu: update picasso firmware from 20.20 release
c4e6e8f amdgpu: update raven2 firmware from 20.20 release
1967282 amdgpu: update raven firmware from 20.20 release
f73f82c amdgpu: add vega20 TA firmware from 20.20 release
9ecaba8 amdgpu: update vega20 firmware from 20.20 release
3866af1 amdgpu: update vega12 firmware from 20.20 release
adba945 amdgpu: update vega10 firmware from 20.20 release
3c5eef0 amdgpu: update navi10 firmware from 20.20 release
152c929 amdgpu: update navi14 firmware from 20.20 release
3890db3 (HEAD -> master, origin/master, origin/HEAD) rtl_nic: add firmware for RTL8125B
887d2a1 linux-firmware: Update firmware file for Intel Bluetooth AX200
3914943 linux-firmware: Update firmware file for Intel Bluetooth AX201
4966923 linux-firmware: Update firmware file for Intel Bluetooth 9560
5ee82c0 linux-firmware: Update firmware file for Intel Bluetooth 9260
d9880b1 Mellanox: Add new mlxsw_spectrum firmware xx.2007.1168
c2e313b rtw88: RTL8822C: update firmware version to v9.9
4d91664 Merge branch 'mrvl-prestera' of https://github.com/PLVision/linux-firmware
a54dfbe Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
51a773d cxgb4: Update firmware to revision 1.24.17.0
5611000 mrvl: add firmware for Prestera ASIC devices
8ba6fa6 (tag: 20200519) Merge tag 'iwlwifi-fw-2020-05-19' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
5ee1c7d iwlwifi: update and add new FWs from core50-70 and core52-81 releases
401bd6d rtw88: RTL8821C: add firmware file v24.5
2ae9974 iwlwifi: update FWs to core47-142 release
50c1340 iwlwifi: update 8265 FW
f8d32e4 rtw88: update firmware information and README
412f95a linux-firmware: add firmware for MT7915E
619d339 QCA: Add Bluetooth firmware for QCA9377
1392591 linux-firmware: add rebb firmware for mt7663
b2cad6a linux-firmware: Update firmware file for Intel Bluetooth AX200
c5ac1ad linux-firmware: Update firmware file for Intel Bluetooth AX201
642d115 linux-firmware: Update firmware file for Intel Bluetooth 9560
dc3047c linux-firmware: Update firmware file for Intel Bluetooth 9260
78c0348 (tag: 20200421) Use Link function for brcmfmac43362-sdio.lemaker,bananapro.txt
f2df706 Add symlink for Dell XPS 15 9550 Broadcom Bluetooth patch-ram file
87dcb0e rtl_bt: Update RTL8822C BT FW to 0x0999_3AA1
3aa3ae4 Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
8aa36f5 cxgb4: Update T6 config file
6314fa0 amdgpu: update vega20 firmware for 20.10
1f308f1 amdgpu: update vega12 firmware for 20.10
1ffd569 amdgpu: update vega10 firmware for 20.10
9a0b0f4 amdgpu: update renoir firmware for 20.10
428a747 amdgpu: update raven2 firmware for 20.10
624ecdf amdgpu: update raven firmware for 20.10
7532f50 amdgpu: update picasso firmware for 20.10
75e352e amdgpu: update navi10 firmware for 20.10
3c175d1 amdgpu: update navi14 firmware for 20.10
8d7ac32 amdgpu: add navi14 TA firmware from 20.10
dd6b4db Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
3afe520 cxgb4: Update firmware to revision 1.24.14.0
64dba0f Merge branch 'a630-zap' of https://github.com/andersson/linux-firmware
236ec45 linux-firmware: add firmware for MT7663 Wifi/BT combo device
107b9a2 Merge https://github.com/bgodavar/qca_bt_fw
5b240e5 Merge https://github.com/rjliao-qca/qca-btfw
47533bc linux-firmware: Update firmware file for Intel Bluetooth AX200
677930a linux-firmware: Update firmware file for Intel Bluetooth AX201
e6ff1e7 qcom: Add SDM845 Adreno ZAP shader firmware
1a8b0dc qca: Enable transparent WBS for WCN3991
4921f73 QCA: Add Bluetooth firmware for QCA6390
edf390c Merge branch 'v12573.77' of https://github.com/erinlo/linux_fw_scp
3c213aa mediatek: Add mt8183 SCP firmware
8eb0b28 (tag: 20200316) linux-firmware: Update firmware file for Intel Bluetooth AX200
b9f720f linux-firmware: Update firmware file for Intel Bluetooth AX201
426db50 linux-firmware: Update firmware file for Intel Bluetooth 9560
9361709 linux-firmware: Update firmware file for Intel Bluetooth 9260
3b3dd5a amdgpu: update vega20 firmware from 19.50
4871e7a amdgpu: update vega12 firmware from 19.50
4e7f0f8 amdgpu: update vega10 firmware from 19.50
fce60a9 rtl_bt: Add firmware and configuration files for RTL8822C BT UART chip
d553c05 Merge branch 'tgl_huc_7.0.12_dmc_2.06' of git://anongit.freedesktop.org/drm/drm-firmware
fb83402 i915: Add DMC firmware v2.06 for TGL
45d36b5 i915: add HuC firmware v7.0.12 for TGL
0148cfe Merge https://github.com/rjliao-qca/qca-btfw
94cb0a6 check_whence: python3/utf-8 support
7fa32bc Makefile: improve `make check` usefulness
4bb6805 mediatek: Remove in-tree symlinks
6f50efe Merge branch 'v1.1.4' of https://github.com/ruiwang-mtk/linux_fw_vpu
2db3978 qca: Fix blueooth firmware name for QCA6174
a8a18d1 mediatek: move MT8173 VPU FW to subfolder
efcfa03 linux-firmware: Update firmware file for Intel Bluetooth AX201
83cb43e Merge https://github.com/bgodavar/qca_bt_wcn3991
54b017d qca: Add firmware files for BT chip wcn3991.
2277987 nvidia: add TU116/117 signed firmware
f63922d drm/amdgpu: update to latest 19.50 firmware for raven
1168a90 Merge branch 'v1.1.4' of https://github.com/ruiwang-mtk/linux_fw_vpu_v1.1.4
0bd965d mediatek: update MT8173 VPU firmware to v1.1.4
6f89735 rtl_nic: update firmware for RTL8153A
5351afe rtl_bt: Update RTL8822C BT FW to V0x0998_C2B4
83a7c50 linux-firmware: add firmware for MT7622
feb91a4 linux-firmware: add version 2 for MT7615E
b791e15 amdgpu: update to latest navi10 firmware from 19.50
0ff2f37 Revert "radeon: update oland rlc microcode from amdgpu"
c2df39a Merge branch 'amlogic-vdec' of https://github.com/Elyotna/linux-firmware
fb505a6 amlogic: update video decoder firmwares
6d9f399 amdgpu: add renoir firmware for 19.50
2c08b38 amdgpu: update raven2 firmware for 19.50
8846543 Merge commit '779514ec044a75ee6c9c20e52a2bf291f80d7d4e' of https://github.com/Netronome/linux-firmware
74d71b6 Merge branch 'bt-20200122' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/linux-firmware
779514e nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.12.A.13
3055060 qca: update bluetooth firmware for QCA6174

Signed-off-by: John Audia <graysky@archlinux.us>
2020-07-04 21:12:42 +02:00
DENG Qingfang
78b632134f libjson-c: update to 0.14
Update libjson-c to 0.14
Changelog: https://github.com/json-c/json-c/wiki/Notes-for-v0.14-release

Switch to CMake because the upstream build system was changed

ipk size increased by 2KB

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-07-04 21:00:11 +02:00
Hans Dedecker
9858a8c582 odhcpd: bump to latest git HEAD
5da5299 odhcpd: fix compilation with GCC10

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-07-02 22:28:06 +02:00
Hans Dedecker
cbb66f9edb curl: bump to 7.71.0
For changes in 7.71.0; see https://curl.haxx.se/changes.html#7_71_0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-07-01 22:19:50 +02:00
Álvaro Fernández Rojas
f786de2095 ath10k-ct: update to version 2020-06-30
Backports commit "a1769bb68a850508a492e3674ab1e5e479b11254", which reverts
upstream commit "76d164f582150fd0259ec0fcbc485470bcd8033e" (ath10k: fix DMA
related firmware crashes on multiple devices).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-07-01 15:39:15 +02:00
Hans Dedecker
d4c80f5b17 dropbear: bump to 2020.80
- drop patches (applied upstream)
 * 001-backport_GNU_SOURCE-for-random.patch
 * 002-backport-move-GNU_SOURCE-earlier.patch
 * 010-backport-disable-toom-and-karatsuba.patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-30 22:13:46 +02:00
Rui Salvaterra
835c932ccb zram-swap: init: replace backticks with $()
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-30 19:03:15 +02:00
Rui Salvaterra
69ca308673 dropbear: init: replace backticks with $()
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-30 19:01:18 +02:00
David Bauer
1ba0466d43 package: add ravpower-mcu package
This package allows to read battery status information and control the
power state of the RAVPower RP-WD009 power management IC.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-06-29 12:24:04 +02:00
David Bauer
e959048c12 ramips: add support for RAVPower RP-WD009
The RAVPower RP-WD009 is a batter-powered pocket sized router with SD
card lot and USB port.

Hardware
--------
CPU:   MediaTek MT7628AN
RAM:   64M DDR2
FLASH: 16M GigaDevices SPI-NOR
WLAN:  MediaTek MT7628AN 2T2R b/g/n
       MediaTek MT7610E  1T1R n/ac
ETH:   1x FastEthernet
SD:    SD Card slot
USB:   USB 2.0

Custom PMIC on the I2C bus (address 0x0a).

Installation
------------

1. Press and hold down the reset button.

2. Power up the Device. Keep pressing the reset button for 10
   more seconds until the Globe LED lights up.

3. Attach your Computer to the Ethernet port. Assign yourself the
   address 10.10.10.1/24.

4. Access the recovery page at 10.10.10.128 and upload the OpenWrt
   factory image.

5. The flashing will take around 1 minute. The device will reboot
   automatically into OpenWrt.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-06-29 12:24:01 +02:00
Hauke Mehrtens
143c81716d uboot-kirkwood: Revert "uboot-kirkwood: enable sata in nsa310 uboot"
This reverts commit 930f3c0148.

The build fails with the following build error:
arm-openwrt-linux-muslgnueabi-ld.bfd: drivers/built-in.o: in function `ide_init':
build_dir/target-arm_xscale_musl_eabi/u-boot-nsa310/u-boot-2020.04/drivers/block/ide.c:750: undefined reference to `ide_preinit'
make[4]: *** [Makefile:1700: u-boot] Error 1

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-06-27 18:39:32 +02:00
Scott Roberts
dd13add3ce kernel: i2c-pxa: remove slave
Removing i2c pxa slave

The i2c-pxa is typically not use in slave mode. It does not make sense
to have slave mode enabled by default.
Having slave mode enabled prevents the i2c controller from being reset
if a real slave device such as an SFP is attached to the i2c-pxa bus and
locks it up.
Disable slave mode so that the i2c controller can be reset if the bus is
locked up.
If someone actually has a need for pxa slave mode this can be enabled in
kernel config.

Signed-off-by: Scott Roberts <ttocsr@gmail.com>
2020-06-27 00:19:13 +02:00
Sukru Senli
c856f7adfb netifd: replace timesvr with timesrv
/lib/netifd/dhcp.script:
         Keep support for 'timesvr' while also supporting 'timesrv'
         Add log message indicating deprecation of 'timesvr'

Signed-off-by: Sukru Senli <sukru.senli@iopsys.eu>
2020-06-27 00:19:13 +02:00
Alberto Bursi
930f3c0148 uboot-kirkwood: enable sata in nsa310 uboot
the uboot of nsa310 cannot use the network chip
as it is a realtek on the PCIe lanes and not a
Marvell ethernet from the SoC.

Therefore tftp is not possible on this device
and the only way to install is by loading files
from a USB drive.
If the USB subsystem is dead there is no way to
install OpenWrt.
Enable sata support and commands so it can be
used as a fallback in case of USB issues.

Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
2020-06-27 00:19:13 +02:00
Huangbin Zhan
fed9bfbfeb base-files: coreutil-sha256sum breaks status code
With package "coreutil-sha256sum" installed "sysupgrade" fails to perform 'sha256sum -s' and instead returns 'invalid option -- 's''.
This is caused due to:
	different syntax for a sha256sum status check ('sha256sum --status' with "coreutil-sha256sum")
	'/usr/bin/sha256sum' being symlinked to '/usr/bin/gnu-sha256sum' (after installation of "coreutil-sha256sum")
"coreutil-sha256sum" package from the packages feed replaces the Busybox sha256sum
This patch restores for 'sysupgrade' the busybox call to its sha256sum applet.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-06-27 00:19:13 +02:00
Huangbin Zhan
3d6ac4d20f ubox: add ALTERNATIVES
This avoids a conflict with the kmod util from the package feed.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-06-26 23:48:51 +02:00
Huangbin Zhan
67575b6410 logger: enable alternatives support
Avoid conflict with busybox

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-06-26 20:54:53 +02:00
Florian Eckert
97bc87d81a kernel: add gpio-amd-fch module description
Add a module description for the new gpio-amd-fch device driver.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-06-26 20:54:53 +02:00
Florian Eckert
2b550a6be1 kernel/leds-apu2: remove deprecated leds-apu2 driver
Remove leds-apu2 out of tree driver. There is a new upstream device gpio
and leds driver stack available for the APUv2 and APUv3 boards from pc
egnines. This new driver stack was add in kernel version 4.15.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-06-26 20:54:53 +02:00
David Bauer
870588b6eb mac80211: ath9k: enable MFP capability unconditionally
ath9k will already fallback on software-crypto for chipsets not
supporting IEEE802.11w (MFP). So advertising MFP is not dependent
on disabling HW crypto for all traffic entirely.

Tested on Sonicwall SonicPoint Ni (AR9132)

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-06-25 02:36:19 +02:00
Hans Dedecker
751e6ab8e6 dropbear: fix compilation for uClibc
Backport patches which fix compile issue for uClibc-ng :

dbrandom.c:174:8: warning: implicit declaration of function 'getrandom'; did you mean 'genrandom'? [-Wimplicit-function-declaration]
  ret = getrandom(buf, sizeof(buf), GRND_NONBLOCK);
        ^~~~~~~~~
        genrandom
dbrandom.c:174:36: error: 'GRND_NONBLOCK' undeclared (first use in this function); did you mean 'SOCK_NONBLOCK'?
  ret = getrandom(buf, sizeof(buf), GRND_NONBLOCK);
                                    ^~~~~~~~~~~~~
                                    SOCK_NONBLOCK

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-24 22:36:21 +02:00
Sungbo Eo
d4dea7efcd urandom-seed: update Makefile
- update SPDX license identifier
- use https in URL
- use default PKG_BUILD_DIR

Suggested-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-06-24 16:05:55 +02:00
Jason A. Donenfeld
ea5192e6c5 wireguard: bump to 1.0.20200623
* compat: drop centos 8.1 support as 8.2 is now out

Of note, as well, is that we now have both RHEL7 and RHEL8 in our CI at
<https://www.wireguard.com/build-status/>.

* Kbuild: remove -fvisibility=hidden from cflags

This fixes an issue when compiling wireguard as a module for ARM kernels in
THUMB2 mode without the JUMP11 workaround.

* noise: do not assign initiation time in if condition

Style fix.

* device: avoid circular netns references

Fixes a circular reference issue with network namespaces.

* netns: workaround bad 5.2.y backport

This works around a back backport in the 5.2.y series.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-24 08:01:37 +02:00
Leon M. George
8f95220bcb mac80211: fix use of local variable
mac80211_get_addr is called from mac80211_generate_mac, where the local variable
initialisation id="${macidx:-0}" suggests that macidx is not always defined.
Probably, idx was supposed to be used instead of $(($macidx + 1)).

Fixes: 4d99db168c ("mac80211: try to get interface addresses from wiphy sysfs 'addresses' if no mask is set")

Signed-off-by: Leon M. George <leon@georgemail.eu>
2020-06-24 01:21:24 +02:00
Sungbo Eo
46a6586c83 base-files: remove urandom-seed definition
urandom-seed has a separate Makefile, we can safely remove the definition here.

Fixes: 27bfde9c9f ("base-files: move urandom seed bits into separate package")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-06-23 22:23:21 +02:00
Sven Roederer
7e67d14486 igmpproxy: remove some bashism
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.
This follows up 3519bf4976

As a result, we also need to move the and/or out of the test brackets.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
[squash from two patches, adjust commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-23 20:00:16 +02:00
Catalin Patulea
492a6594b9 libnetfilter-queue: fix package title and description
The original text was copy/pasted from some other package.
Adjust the package title and description to match the description
on the publishers page.

Signed-off-by: Catalin Patulea <catalinp@google.com>
[slightly adjust content and commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-23 19:25:20 +02:00
Konstantin Demin
29e170dbaa dropbear: bump to 2020.79
- drop patches (applied upstream):
  * 010-backport-change-address-logging.patch
  * 020-backport-ed25519-support.patch
  * 021-backport-chacha20-poly1305-support.patch
- backport patches:
  * 010-backport-disable-toom-and-karatsuba.patch:
    reduce dropbear binary size (about ~8Kb).
- refresh patches.
- don't bother anymore with following config options
  because they are disabled in upstream too:
  * DROPBEAR_3DES
  * DROPBEAR_ENABLE_CBC_MODE
  * DROPBEAR_SHA1_96_HMAC
- explicitly disable DO_MOTD as it was before commit a1099ed:
  upstream has (accidentally) switched it to 0 in release 2019.77,
  but reverted back in release 2020.79.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-06-21 21:33:23 +02:00
Chen Minqiang
a57fb86d6a toolchain: glibc ldd env path fixup
This replace the shell script header of ldd
when it install to `/usr/bin/ldd` where
`#! /..../staging_dir/host/bin/bash`
should be
`#!/bin/sh`

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2020-06-18 20:08:18 +02:00
Kuan-Yi Li
c5bf9a8ced base-files: gpio switch: add named GPIO support
Previously, gpio_switch only accepts GPIO pin number as input. Once a
GPIO pin is exported and named by device tree, its pin state cannot be
configured and saved across reboots by UCI.

This patch adds support for named GPIO pins. Thus GPIO pin can be
exported by device tree with active high/low correctly configured,
having human-readable name in /sys/class/gpio/ is also now possible.

More importantly, GPIO pins which are referenced by name will be immune
from pin mapping breakage while unintentional pin number changes are
introduced by kernel or driver updates.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
2020-06-18 20:08:18 +02:00
Alan Swanson
a4c0767fbc mac80211: ath9k: enable adding wireless noise to kernel entropy pool
This option allows adding the ath9k ADC register output as a source
of randomness into the Linux entropy pool at sufficient quality
random data (at least 10 bits and up to 22 bits of min-entropy for
a 32-bit value).

Fixes FS#1444
Signed-off-by: Alan Swanson <reiver@improbability.net>
2020-06-18 20:08:18 +02:00
Karel Kočí
a4248577a0 hostapd: fix compilation of wpa_supplicant
Ubus patch as it seems have been broken by some rebase in the past as
the location of line that adds ubus object file was in condition for
CONFIG_MACSEC. That condition was adding object files that are not
touched by ubus patch. This means ubus.o does not have to be included in
that case. When it has to be and when build fails is when CONFIG_AP is
set. All files included in wpa_supplicant that are touched by this patch
are in this condition. This means that this is for sure the original
place for it.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
2020-06-18 20:08:18 +02:00
Ian Cooper
b933f9cf0c toolchain: remove gcc libssp and use libc variant
Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.

Stack smashing protection configuration options are now uniform
across all supported libc variants.

This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.

Signed-off-by: Ian Cooper <iancooper@hotmail.com>
2020-06-17 23:57:07 +02:00
Rozhuk Ivan
ba7ddae9a9 comgt-ncm: do not attempt to connect if the control device is invalid
After a hardware reconnect, the control device might be unavailable and
attempting to interact with it will lead to hanging gcom calls, leaving
the protocol setup in an unrecoverable state.

Change the protocol handler to bail out early and notify netifd if the
control device is not defined or if the underlying device node does not
exist.

Also ensure that the "disconnect", "connect" and "setmode" commands are
actually defined before trying to invoke them.

Finally attempt to re-query the device manufacturer if it is unset in
the interface state in order to prevent UNUPPORTED_MODEM errors after
a modem hardware reconnect.

Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com>
[reword subject and commit message]
Ref: https://github.com/openwrt/openwrt/pull/2352
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-06-17 23:14:46 +02:00
Florian Eckert
8fe9940db6 openvpn: add generic hotplug mechanism
Pass a default --up and --down executable to each started OpenVPN instance
which triggers /etc/hotplug.d/openvpn/ scripts whenever an instance
goes up or down.

User-configured up and down scripts are invoked by the default shipped
01-user hotplug handler to ensure that existing setups continue to work
as before.

As a consequence of this change, the up, down and script_security OpenVPN
options are removed from the option file, since we're always passing them
via the command line, they do not need to get included into the generated
configuration.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[reword commit message, move hotplug executable to /usr/libexec]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-06-17 22:43:48 +02:00
Daniel Golle
8e98613f4d uclient: uclient-fetch: add option to read POST data from file
c660986 uclient-fetch: add option to read POST data from file

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-06-17 16:38:35 +01:00
Pawel Dembicki
c5356d10c0 kirkwood: move mmc/sd features to modules
All devices are using nand images. Built-in MMC/SD modules are not needed
anymore.

Run tested: pogo v4

Reviewed-by: Sungbo Eo <mans0n@gorani.run>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-06-14 21:16:20 +02:00
Hans Dedecker
a241f439dc iproute2: update to 5.7.0
Update iproute2 to latest stable 5.7.0; for the changes see https://lwn.net/Articles/822152/

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-13 21:36:27 +02:00
Johann Neuhauser
c0ddb85a1d hostapd: hostapd_set_psk_file: fix defaut value for mac
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Bringing up of station vlan fails if the optional mac entry isn't set.
The default mac "00:00:00:00:00:00", which should match all stations,
is mistakenly set to the non used variable "isolate". This results in
a wrong formatted .psk file which has to be "vlan_id mac key".

fixes: 5aa2ddd0: hostapd: add support for wifi-station and wifi-vlan sections

Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
2020-06-13 18:31:43 +02:00
Yen-Ting-Shen
3f61e5e1b9 ipq40xx: add support for EnGenius EMR3500
SOC:     IPQ4018 / QCA Dakota
CPU:     Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:    256 MiB
NOR:     32 MiB
ETH:     Qualcomm Atheros QCA8072 (2 ports)
USB:     1 x 2.0 (Host controller in the SoC)
WLAN1:   Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:   Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:   RESET Button
LEDS:    White, Blue, Red, Orange

Flash instruction:

From EnGenius firmware to OpenWrt firmware:

In Firmware Upgrade page, upgrade your openwrt-ipq40xx-generic-engenius_emr3500-squashfs-factory.bin directly.

From OpenWrt firmware to EnGenius firmware:

1. Setup a TFTP server on your computer and configure static IP to 192.168.99.8
   Put the EnGenius firmware in the TFTP server directory on your computer.
2. Power up EMR3500. Press 4 and then press any key to enter u-boot.
3. Download EnGenius firmware
   (IPQ40xx) # tftpboot 0x84000000 openwrt-ipq40xx-emr3500-nor-fw-s.img
4. Flash the firmware
   (IPQ40xx) # imgaddr=0x84000000 && source 0x84000000:script
5. Reboot
   (IPQ40xx) # reset

Signed-off-by: Yen-Ting-Shen <frank.shen@senao.com>
[squashed update patch, updated to 5.4, dropped BOARD_NAME,
migrated to SOC]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-13 14:38:03 +02:00
Stijn Tintel
4f02496c50 mtd: enable wrgg support for ath79
This is required for the D-Link DAP-2695-A1.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-06-11 19:44:36 +03:00
Kevin Darbyshire-Bryant
46555ce5bc odhcpd: remove bogus IPKG_INSTROOT reference
IPKG_INSTROOT is only set under image builder and we won't be running
this script at build time either, so remove the reference before it gets
cargo-culted into other scripts.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-11 15:46:55 +01:00
Adrian Schmutzler
78e8360878 soloscli: fix uci-defaults file
The folder for the uci-defaults file of this package is wrong, so
the file most probably has not been executed at all for several
years at least.

Fix the folder and remove the useless shebang for the file.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-11 01:49:24 +02:00
Renaud Lepage
108df3eabb ath79: add support for the Netgear WNDRMAC v1
The Netgear WNDRMAC v1 is a hardware variant of the Netgear WNDR3700 v2

Specifications
==============
* SoC: Atheros AR7161
* RAM: 64mb
* Flash on board: 16mb
* WiFi: Atheros AR9220 (a/n), Atheros AR9223 (b/g/n)
* Ethernet: RealTek RTL8366SR (1xWAN, 4xLAN, Gigabit)
* Power: 12 VDC, 2.5 A
* Full specs on [openwrt.org](https://openwrt.org/toh/hwdata/netgear/netgear_wndrmac_v1)

Flash Instructions
==================
It is possible to use the OEM Upgrade page to install the `factory`
variant of the firmware.

After the initial upgrade, you will need to telnet into the router
(default IP 192.168.1.1) to install anything. You may install LuCI
this way. At this point, you will have a web interface to configure
OpenWRT on the WNDRMAC v1.

Please use the `sysupgrade` variant for subsequent flashes.

Recovery Instructions
=====================
A TFTP-based recovery flash is possible if the need arises. Please refer
to the WNDR3700 page on openwrt.org for details.

https://openwrt.org/toh/netgear/wndr3700#troubleshooting_and_recovery

Signed-off-by: Renaud Lepage <root@cybikbase.com>
[update DTSI include name]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-11 01:44:13 +02:00
Felix Fietkau
4baf90de8d netifd: disable receive packet steering for DSA slave devices
It is already handled on the master device. Doing it twice reduces
performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 16:17:12 +02:00
Felix Fietkau
bf3f06f1ba mt76: enable hostapd 802.11ax support if kmod-mt7915e is selected
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 12:56:35 +02:00
Felix Fietkau
41d7a14ead hostapd: add config symbol for allowing drivers to enable 802.11ax support
Also expose a build feature for it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 12:56:35 +02:00
Christian Lamparter
f611b014a7 ca-certificates: update to version 20200601
This patch updates the ca-certificates and ca-bundle package.
This version changed the files directory again, to work/, so
PKG_BUILD_DIR was brought back.

A list of changes from Debian's change-log entry for 20200601 [0]:

  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.40.
    Closes: #956411, #955038
  * mozilla/blacklist.txt
    Add distrusted Symantec CA list to blacklist for explicit removal.
    Closes: #911289
    Blacklist expired root certificate, "AddTrust External Root"
    Closes: #961907
    The following certificate authorities were added (+):
    + "Certigna Root CA"
    + "emSign ECC Root CA - C3"
    + "emSign ECC Root CA - G3"
    + "emSign Root CA - C1"
    + "emSign Root CA - G1"
    + "Entrust Root Certification Authority - G4"
    + "GTS Root R1"
    + "GTS Root R2"
    + "GTS Root R3"
    + "GTS Root R4"
    + "Hongkong Post Root CA 3"
    + "UCA Extended Validation Root"
    + "UCA Global G2 Root"
    The following certificate authorities were removed (-):
    - "AddTrust External Root"
    - "Certinomis - Root CA"
    - "Certplus Class 2 Primary CA"
    - "Deutsche Telekom Root CA 2"
    - "GeoTrust Global CA"
    - "GeoTrust Primary Certification Authority"
    - "GeoTrust Primary Certification Authority - G2"
    - "GeoTrust Primary Certification Authority - G3"
    - "GeoTrust Universal CA"
    - "thawte Primary Root CA"
    - "thawte Primary Root CA - G2"
    - "thawte Primary Root CA - G3"
    - "VeriSign Class 3 Public Primary Certification Authority - G4"
    - "VeriSign Class 3 Public Primary Certification Authority - G5"
    - "VeriSign Universal Root Certification Authority"

[0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-09 18:07:38 +02:00
Petr Štetiar
df6a33a8d4 hostapd: update to latest Git hostap_2_9-1331-g5a8b366233f5
Bump to latest Git and refresh all patches in order to get fix for "UPnP
SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695).

 General security vulnerability in the way the callback URLs in the UPnP
 SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
 Some of the described issues may be applicable to the use of UPnP in WPS
 AP mode functionality for supporting external registrars.

Ref: https://w1.fi/security/2020-1/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-09 16:59:33 +02:00
Kevin Darbyshire-Bryant
68b94f0fb4 umdnsd: update to latest git HEAD
d13290b Fix advertised IPv6 addresses

Don't just serve link-local addresses via mdns, offer all.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-06-08 20:16:17 +01:00
Stijn Tintel
8a858363b0 hostapd: silence rm
When bringing up wifi the first time after boot, these warnings appear:

netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.psk': No such file or directory
netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.vlan': No such file or directory

Silence them by adding the "-f" option to rm.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
2020-06-08 08:59:02 +03:00
Stijn Tintel
25787e002b bcm27xx-gpu-fw: bump to most recent good version
This updates to the last firmware version before the switch to building
from the common firmware branch, which introduces various issues.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 10:26:54 +03:00
Stijn Tintel
afdc413d9d Revert "bcm27xx-gpu-fw: update to latest version"
This reverts commit 9e467a764b.

The Raspberry Pi firmware recently switched to building from the common
firmware branch. This introduces changes in the core clock handling,
causing various issues.

E.g. enable_uart=1 no longer fixes the core clock frequency to 250MHz.
When the disable-bt DT overlay is not loaded, the core clock frequency
is increased to 400MHz. As a result, the UART baud rate is no longer
correct, and this causes garbled serial console, or communication
problems with HATs that use the UART.

As a workaround, the core clock could be fixed to 250MHz by adding
'core_freq=250' in /boot/config.txt, but as there appear to be other
issues than just the UART being broken, the safer bet is to revert the
firmware for now.

Upstream bug: https://github.com/raspberrypi/firmware/issues/1376

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 10:25:50 +03:00
Hans Dedecker
9e7fe7faf5 netifd: update to latest git HEAD
51e9fb8 system-linux: improve handling of device rename

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-06 20:55:53 +02:00
Toke Høiland-Jørgensen
56db8e4615 kernel: Add kmod-sch-cake-virtual intermediate package
As reported in https://github.com/openwrt/packages/issues/12072, the
imagebuilder fails due to a dependency resolution error when the userspace
packages are built using a target that has a different kernel version than
that which is being run. To resolve this, add a virtual kernel package with
the conditional dependency currently used in sqm-scripts. The idea is to
move the sqm-scripts dependency to this virtual package, which hopefully
should be consistent with the actual kernel module being built.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2020-06-06 19:15:43 +01:00
Hans Dedecker
4e65838871 nghttp2: bump to 1.41.0
8f7b008b Update bash_completion
83086ba9 Update manual pages
c3b46625 Merge pull request from GHSA-q5wr-xfw9-q7xr
3eecc2ca Bump version number to v1.41.0, LT revision to 34:0:20
881c060d Update AUTHORS
f8da73bd Earlier check for settings flood
336a98fe Implement max settings option
ef415836 Revert "Add missing connection error handling"
979e6c53 Merge pull request #1459 from nghttp2/proxyprotov2
b7d16101 Add missing connection error handling
cd53bd81 Merge pull request #1460 from gportay/patch-1
e5625b8c Fix doc
c663349f integration: Add PROXY protocol v2 tests
854e9fe3 nghttpx: Always call init_forwarded_for
c60ea227 Update doc
49cd8e6e nghttpx: Add PROXY-protocol v2 support
3b17a659 Merge pull request #1453 from Leo-Neat/master
600fcdf5 Merge pull request #1455 from xjtian/long_serials
4922bb41 static_cast size parameter in StringRef constructor to size_t
aad86975 Fix get_x509_serial for long serial numbers
dc7a7df6 Adding CIFuzz
b3f85e2d Merge pull request #1444 from nghttp2/fix-recv-window-flow-control-issue
ffb49c6c Merge pull request #1435 from geoffhill/master
2ec58551 Fix receiving stream data stall
459df42b Merge pull request #1442 from nghttp2/upgrade-llhttp
a4c1fed5 Bump llhttp to 2.0.4
866eadb5 Enable session_create_idle_stream test, fix errors
5e13274b Fix typo
e0d7f7de h2load: Allow port in --connect-to
df575f96 h2load: add --connect-to option
1fff7379 clang-format-9
b40c6c86 Merge pull request #1418 from vszakats/patch-1
9bc2c75e lib/CMakeLists.txt: Make hard-coded static lib suffix optional
2d5f7659 Bump up version number to 1.41.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-06 14:11:41 +02:00
Paul Spooren
df6f3090c4 mvebu: rename Linksys devices based on their common names
The Linksys devices in mvebu target feature a mixed naming,
where parts are based on the official product name (device
node, image; e.g. WRT3200ACM) and parts are based on the
internal code name (DTS file name, compatible, LED labels;
e.g. rango). This inconsistent naming has been perceived
as quite confusing.

A recent attempt by Paul Spooren to harmonize this naming
in kernel has been declined there. However, for us it still
makes sense to apply at least a part of these changes
locally.

Primarily, this patch changes the compatible in DTS and thus
the board name used in various scripts to have them in line
with the device, model and image names. Due to the recent
switch from swconfig to DSA, this allows us to drop
SUPPORTED_DEVICES and thus prevent seamless upgrade between
these incompatible setups.

However, this does not include the LED label rename from
Paul's initial patch: I don't think it's worth keeping the
enormous diff locally for this case, as we can implement
this much easier in 01_leds if we have to live with the
inconsistency anyway.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, extend to all devices, drop DT LED changes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-05 21:54:43 +02:00
Felix Fietkau
2dd26fda16 kernel: fix portability issue with perf on linux 5.4
Remove dependencies on core kernel headers in host tools used to build perf,
which break on any non-linux system

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-04 21:52:57 +02:00
John Crispin
5aa2ddd0d6 hostapd: add support for wifi-station and wifi-vlan sections
This patch adds support for 2 new uci sections.

config wifi-vlan
	# iface is optional. if it is not defined the vlan will apply
	# to all interfaces
        option iface	default_radio0
        option name	guest
        option vid	100
        option network	guest

config wifi-station
	# iface is optional. if it is not defined the station will apply
	# to all interfaces
        option iface	default_radio0
        # mac is optional. if it is not defined it will be a catch all
	# for any sta using this key
	option mac	'00:11:22:33:44:55'
        # vid is optional. if it is not defined, the sta will be part of
	# the primary iface.
	option vid	100
        option key	testtest

With this patch applied it is possible to use multiple PSKs on a single BSS.

Signed-off-by: John Crispin <john@phrozen.org>
2020-06-04 13:36:37 +02:00
John Crispin
303b463394 netifd: update to latest HEAD
db275e1 interface-ip: fix build on non-linux systems
3392046 system-dummy: fix missing return
a56b457 netifd: wireless: add support for tracking wifi-station sections
4ce33ce netifd: wireless: add support for tracking wifi-vlan sections

Signed-off-by: John Crispin <john@phrozen.org>
2020-06-04 13:36:37 +02:00
Petr Štetiar
7f0fb3e5d4 iwinfo: update to version 2020-06-03
2faa20e5e9d1 iwinfo: add device id for Mikrotik R11e-5HacD miniPCIe card
d577a9d38a3b iwinfo: add device id for Marvell 88W8997 SDIO wifi card
f6b7d16d2ffa iwinfo: add device id for Atheros AR9287 PCIe wifi card

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Tim Harvey
25641709d8 kernel: iio: add drivers for st_lsm6dsx IMU MEMS sensors
Add kmod for the ST LSM6DSX IMU driver.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
[fixed missing regmap module dependencies]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Tim Harvey
41cab5029b kernel: iio: fix st_accel_{i2c, spi} driver
Add missing kernel module and rename driver

Fixes: 2d8f4c4fbd ("kernel: iio: add st-accel driver modules")
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2020-06-03 16:49:28 +02:00
Eneas U de Queiroz
750d52f6c9 wolfssl: use -fomit-frame-pointer to fix asm error
32-bit x86 fail to compile fast-math feature when compiled with frame
pointer, which uses a register used in a couple of inline asm functions.

Previous versions of wolfssl had this by default.  Keeping an extra
register available may increase performance, so it's being restored for
all architectures.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-06-03 16:49:28 +02:00
Rosen Penev
a9f712a79b exfat-utils: move into packages feed
This will be moved to packages:

https://github.com/openwrt/packages/pull/12378

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[commit subject facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Rosen Penev
e86b67e700 xfsprogs: move into packages feed
Does not seem to be needed here. This will be imported into packages.

Ref: https://github.com/openwrt/packages/pull/12256
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[subject facelift, PR ref]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Rosen Penev
173d2843c7 libconfig: move into packages feed
No package in base uses libconfig. Everything is in the packages feed.

Ref: https://github.com/openwrt/packages/pull/12255
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[subject facelift, PR ref]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Florian Eckert
0b3e1205df kernel: add gpio-it87
Since commit 910df3f06c we have build in
on all X86/64 platforms the gpio-it87 driver.

Since this change I am getting the following error message on boot.
 > kern.err kernel: [    1.009416] gpio_it87: no device

I do not have this device on my system. To prevent the nonsensical
message and the loading of the module I have added this as a package, so
that it can be installed later or during image building.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-06-03 16:49:28 +02:00
Sergey Ryazanov
880c1f0336 base-files: prevent issues w/ overlay on powerloss after sysupgrade
Due to filesystem write caching the old configuration data could stay
out of flash for a long time during a first boot after the sysupgrade.
Power loss during this period could damage the overlay data and even
make device inaccessable via the network.

Fix this by syncing data to a flash as soon as the previous
configuration will be unpacked after the sysupgrade. Also sync the FS
state after the sysupgrade.tgz archive removing to prevent duplicative
extraction of a previous configuration.

Tested with AMD Geode based board.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2020-06-03 16:49:28 +02:00
Sven Roederer
2171493f7f dnsmasq: add /etc/dnsmasq.d/ to conffiles
This directory can hold configuration-snippets which should also included in the backup.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-06-03 16:49:28 +02:00
Michael Heimpold
d71fa37aa3 uboot-mxs: bump to v2020.04
Also update the U-Boot BSP patch for I2SE Duckbill devices.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2020-06-03 16:49:28 +02:00
Thomas Albers
e914de7c96 base-files: fix LED IDE trigger
This changes the ide-disk LED trigger to the generic disk-activity as
ide-disk trigger was removed in upstream commit eb25cb9956cc ("leds:
convert IDE trigger to common disk trigger").

Signed-off-by: Thomas Albers <thomas.gameiro@googlemail.com>
[split into separate commit, commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Daniel Golle
b1f26b7160 uhttpd: fix script timeout
939c281 proc: do not cancel script killing after writing headers

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-06-03 10:50:01 +01:00
Hans Dedecker
8d2c031f21 ppp: update to version 2.4.8.git-2020-05-25
ddd57c2 pppd: Add lcp-echo-adaptive option
c319558 pppd: Handle SIGINT and SIGTERM during interrupted syscalls (#148)
0bc11fb Added missing options to manual pages. (#149)
b1fcf16 Merge branch 'monotonic-time' of https://github.com/themiron/ppp
c78e312 pppd: linux: use monotonic time if possible

Remove patch 121-debian_adaptive_lcp_echo as patch is upstream accepted
Remove patch 206-compensate_time_change.patch as timewrap issues are
solved by a patch making use of monotonic time

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-31 21:13:50 +02:00
Felix Fietkau
479f1f2c92 mt76: update to the latest version (adds 7663e, 7663u, 7915 drivers)
7aabfd0c9282 mt7615: add CONFIG_MT76_LEDS to cflags
10a5b7630a37 mt76: mt7615: fix getting maximum tx power from eeprom
8688ed70c987 mt76: mt7615: use module parameter option for offload firmware preference
04798aab1257 net: mt7603: remove duplicate error message
9636177117d8 mt76: mt7615: fix ssid configuration in mt7615_mcu_hw_scan
d4ba139d8b8b mt76: mt7615: introduce mt7615_check_offload_capability routine
2cc0d54b65a1 mt76: mt7615: do not mark sched_scan disabled in mt7615_scan_work
5b73be962388 mt76: mt7615: add passive mode for hw scan
96e429e18174 mt76: mt7615: free pci_vector if mt7615_pci_probe fails
8fddbf6390ac mt76: mt7615: introduce support for hardware beacon filter
f2c760177bdd mt76: mt7615: introduce mt7615_mcu_set_hif_suspend mcu command
db454605106f mt76: mt7615: add WoW support
20b87321c39f mt76: mt7663u: introduce suspend/resume to mt7663u
20db7e73c586 mt76: mt7615: introduce PM support
523716bba561 mt76: mt7615: add gtk rekey offload support
50d377a825cc mt76: mt7615: introduce beacon_loss mcu event
4ef1957cea35 mt76: mt7663: read tx streams from eeprom
f25a43cc53e7 mt76: mt7615: check return value of mt7615_eeprom_get_power_index
0a9f71652927 mt76: mt7615: fix ibss mode for mt7663
83f2ba3101b4 mt76: mt7663: fix target power parsing
3e6968593b61 mt76: mt7615: fix delta tx power for mt7663
c1d3ad194ae4 mt76: mt7663: introduce WoW with net detect support
891136ab99da mt76: mt7663: add support to sched scan with randomise addr
82e4d3ebe967 mt76: mt7615: scan all channels if not specified
690b84821cd3 mt76: avoid rx reorder buffer overflow
f0117d3107b4 mt76: add support for HE RX rate reporting
cc68782bab1a mt76: add Rx stats support for radiotap
3ec47f2fba61 mt76: adjust wcid size to support new 802.11ax generation
0a9f4173dd07 mt76: add HE phy modes and hardware queue
c6b002bcdfa6 mt76: add mac80211 driver for MT7915 PCIe-based chipsets
b96af5039581 mt76: mt7915: enable Rx HE rate reporting
230054096155 mt76: mt7915: implement HE per-rate tx power support
c8f4b6cf1add mt76: mt7915: register per-phy HE capabilities for each interface
de1e8af96e19 mt76: mt7915: add HE bss_conf support for interfaces
135a5085932b mt76: mt7915: add HE capabilities support for peers
3b5d908dae2f mt76: mt7915: add Rx radiotap header support
158253e2c11e mt76: mt7915: add .sta_add_debugfs support
7f40e8c2b98d mt76: mt7915: add .sta_statistics support
a5368e5cad11 mt76: mt7915: set peer Tx fixed rate through debugfs
4f79c516be5c mt76: mt7915: add tsf related callbacks
509fceb43235 mt76: mt7915: enable firmware module debug support
56405976fc7b mt76: set runtime stream caps by mt76_phy
6bbf1a35c0da linux-firmware: add rebb firmware for mt7663
d7a10094c4e5 mt7663: add client offload firmware
9200732e8534 mt76: mt7663u: copy key pointer in mt7663u_mac_write_txwi
3aa810bde810 mt76: mt7663u: add missing register definitions
e236ea5be344 mt76: mt7615: usb: cancel ps work stopping the vif
1d0903de2131 mt76: mt7915: introduce mt7915_get_he_phy_cap
095c72c81c74 mt76: mt7915: add Tx beamformer support
5f9e7664cd26 mt76: mt7915: add Tx beamformee support
ac505404c385 mt76: mt7915: add TxBF capabilities
6656bebd39cd mt76: mt7915: add debugfs to track TxBF status
9590db025475 mt76: mt7915: allocate proper size for tlv tags
26eb1ed65987 mt76: mt7915: fix possible deadlock in mt7915_stop
f85c1f3fc189 firmware: add mt7915 firmware
9b07251b00b0 mt76: mt7615: fix typo defining ps work
060e375a9244 mt76: fix per-driver wcid range checks after wcid array size bump
7270b56389a9 mt76: mt7615: do not report scan_complete twice to mac80211
8c9e4847d01e mt76: mt7615: reduce hw scan timeout
8bd88a1b1880 mt76: enable p2p support
1ea444d0e8e5 mt76: mt7615: configure bss info adding the interface
fa81da5bb4e9 mt76: mt7615: introduce remain_on_channel support
44f2262c0289 mt76: mt76x02: remove check in mt76x02_mcu_msg_send
7005aa891440 mt76: mt7915: add spatial reuse support
1e3dc5b76649 mt76: mt7915: fix some sparse warnings
01b784174cd5 mt76: mt7915: fix sparse warnings: incorrect type initializer
40b7b5354a16 mt76: mt7615: fix NULL pointer deref in mt7615_register_ext_phy
6d731d188d31 mt76: mt7915: fix decoded radiotap HE flags
b74d5b1c14cf mt76: mt7915: fix some sparse warnings
6679d35be5cc mt76: mt7615: switch to per-vif power_save support
01e870b44769 mt76: mt7915: fix a handful of spelling mistakes
7b2d16655904 mt76: mt7663: fix the usage WoW with net detect support
ed3a244fb647 mt76: mt7915: Fix build error
5396a61cec99 mt76: mt7615: fix hw_scan with ssid_type for specified SSID only
466a5b4d041d mt76: mt7915: fix possible NULL pointer dereference in mt7915_register_ext_phy
984a172609c0 mt76: fix wcid allocation issues
6e02acddcb1a mt76: mt7615: add support for MT7611N
4e6f4e432d0d mt76: only iterate over initialized rx queues
9ad940fee593 mt76: mt7615: Use kmemdup in mt7615_queue_key_update()
85c516081338 mt76: mt7915: remove set but not used variable 'msta'

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-05-31 14:23:07 +02:00
Vladislav Grishenko
f166cf9ca0 dropbear: add ed25519 and chacha20-poly1305
- add Ed25519 support (backport):
  * DROPBEAR_ED25519 option for ssh-ed25519,
  * disabled by default
- add Chacha20-Poly1305 support (backport):
  * DROPBEAR_CHACHA20POLY1305 for chacha20-poly1305@openssh.com,
  * enabled by default
- update feature costs in binary size

Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
2020-05-30 21:27:10 +02:00
John Crispin
02f08056bc mac80211: fix wifi teardown
reverts part of the recent wifi reconf patch.

Signed-off-by: John Crispin <john@phrozen.org>
2020-05-30 12:01:08 +02:00
Daniel Golle
a002a24536 mac80211: rt2x00: backport patch enabling MFP
From: Rui Salvaterra <rsalvaterra@gmail.com>
Date: Mon, 25 May 2020 14:49:07 +0100
Subject: [PATCH] rt2800: enable MFP support unconditionally

This gives us WPA3 support out of the box without having to manually disable
hardware crypto. The driver will fall back to software crypto if the connection
requires management frame protection.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-30 09:37:36 +01:00
Daniel Golle
f8b4aa5062 ugps: nmea: make sure date is valid
GPS time without date was previously used to set system date:
Tue Oct 10 11:48:21 2000 user.info kernel: [  108.786639] ugps: system time differs from GPS time by more than 5 seconds. Using 2000-10-10T10:48:21 UTC as the new time
Tue Oct 10 11:49:27 2000 user.info kernel: [  174.794699] ugps: system time differs from GPS time by more than 5 seconds. Using 2020-05-26T10:49:27 UTC as the new time

Fix this by ignoring incomplete dates and wait for complete time
information before adjusting system date/time.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-29 23:59:35 +01:00
Jo-Philipp Wich
559b338466 qos-scripts: fix interface resolving
Also ensure that the error message is actually printed to stderr and that
the rule generation is aborted if an interface cannot be resolved.

Ref: https://github.com/openwrt/luci/issues/3975
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-29 10:34:58 +02:00
Álvaro Fernández Rojas
5d3a0c6b26 bcm27xx-userland: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 19:12:42 +02:00
Daniel Golle
f47aeac9b9 procd: update to git HEAD
b84a329 jail: use sane termios settings for console pts
 b9b39e2 jail: handle containers seperately

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-28 14:29:08 +01:00
Enrique Rodríguez Valencia
6e8bb68996 hostapd: Add disable_vht when using NOHT/HT* modes
disable_vht parameter needs to be set when using wpa_supplicant NOHT/HT* modes.

Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
2020-05-28 14:06:55 +01:00
Enrique Rodríguez Valencia
84c96de606 mac80211: Fix setting radio htmode when using mesh mode
When configuring the radio in legacy mode from luci, the htmode is not set
correctly to NOHT, causing the radio in mesh mode to be set to HT40.

Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
2020-05-28 14:06:54 +01:00
Jo-Philipp Wich
a03d6d2fab broadcom-wl: don't inherit lock descriptor in nas process
Add a local hack to prevent the Broadcom WPA authenticator process from
inheriting the lock descriptor 1000 used to prevent concurrent executions
of the init script.

Without this fix, repeated invocations of /etc/init.d/network, e.g. for
obtaining the enabled state, would hang forever.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-28 13:08:14 +02:00
Álvaro Fernández Rojas
8b8fb79cbf bcm27xx-userland: update to latest version with 64 bit support
Support for 64 bits has been remove on latest master of raspberry/firmware.
Update to latest commit with 64 bit support since we don't support
installing 32 bit packages on 64 bit targets.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 11:57:03 +02:00
Thibaut VARÈNE
e430376b48 packages/utils: fbtest fix Makefile
The clean target tries to remove what looks like a bogus 'rbcfg',
probably carried over copy-pasta. Remove the name of the generated
executable ('fbtest') instead.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Fixes: 8099f4e0d3 ("fbtest utility ")
2020-05-28 11:22:22 +02:00
Thibaut VARÈNE
7557e7f267 package/base-files: caldata: work around dd's limitation
tl;dr: dd will silently truncate the output if reading from special
files (e.g. sysfs attributes) with a too large bs parameter.

This problem was exposed on some RouterBOARD ipq40xx devices which use a
caldata payload which is larger than PAGE_SIZE, contrary to all other
currently supported RouterBOARD devices: the caldata would fail to
properly load with the current scripts.

Background: dd doesn't seem to correctly handle read() results that
return less than requested data. sysfs attributes have a kernel exchange
buffer which is at most PAGE_SIZE big, so only 1 page can be read() at a
time. In this case, if bs is larger than PAGE_SIZE, dd will silently
truncate blocks to PAGE_SIZE. With the current scripts using bs=<size>
count=1, the data is truncated to PAGE_SIZE as soon as the requested
<size> exceeds this value.

This commit works around this problem by using `cat` in the caldata
routines that can read from a file (routines that read from mtd devices
are untouched). cat correctly handles partial read requests. The output
is then piped to dd with the same parameters as before, to ensure that
the resulting file remains exactly the same.

This is a simple workaround, the downside is that it uses a pipe and one
more executable, and therefore has a larger memory footprint and is
slower. This is deemed acceptable considering these routines are only
used at boot time.

Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-28 11:22:22 +02:00
Thibaut VARÈNE
f10da7cb4d packages/boot: remove rbcfg
The new sysfs soft_config driver makes buggy rbcfg obsolete and
entirely replaces it.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-28 11:09:10 +02:00
Álvaro Fernández Rojas
aabfd4b1db cypress-firmware: add PROVIDES sections
Some firmwares are already provided by linux-firmware.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 10:36:27 +02:00
Álvaro Fernández Rojas
9e467a764b bcm27xx-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 10:36:27 +02:00
Jo-Philipp Wich
e8a2c21069 rpcd: update to latest Git HEAD
078bb57 uci: reset uci_ptr flags when merging options during section add
3df62bc session: deny access if password login is disabled

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-26 16:08:54 +02:00
Stijn Segers
63bef34db9 uboot-envtools: ath79: add Netgear WNDR4300SW
Add Netgear WNDR4300SW to the list of supported boards.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2020-05-26 15:29:51 +02:00
Felix Fietkau
b371182d24 libubox: update to the latest version
86818eaa976b blob: make blob_parse_untrusted more permissive
cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len
c2fc622b771f blobmsg: fix length in blobmsg_check_array
639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name
66195aee5042 blobmsg: fix missing length checks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-05-26 10:45:44 +02:00
Rafał Miłecki
a765b063ee libubox: update to the latest master
5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len()
eeddf22 tests: runqueue: try to fix race on GitLab CI
89fb613 libubox: runqueue: fix use-after-free bug
1db3e7d libubox: runqueue fix comment in header
7c4ef0d tests: list: add test case for list_empty iterator

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-05-24 17:06:09 +02:00
Matthias Schiffer
42de3c89c7
ucert: update to latest git HEAD
00b921d80ac0 Do not print line number in debug messages
96c42c5ed320 Fix length checks in cert_load()
fe06b4b836b3 usign-exec: improve usign -F output handling
19f9e1917e1b usign-exec: return code fixes
077feb5b5824 usign-exec: close writing end of pipe early in parent process
7ec4bb764e1e usign-exec: remove redundant return statements
5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17]
112488bbbccc usign-exec: do not close stdin and stderr before exec
38dcb1a6f121 usign-exec: fix exec error handling
a9be4fb17df2 usign-exec: simplify usign execv calls
854d93e2326a Introduce read_file() helper, improve error reporting
afc86f352bf7 Fix return code of write_file()
fdff10852326 stdout/stderr improvements
dddb2aa8124d ci: fix unit test failures by enabling full ucert build
5f206bcfe5c2 ci: enable unit testing

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-24 17:01:36 +02:00
Matthias Schiffer
e35e40ad82
usign: update to latest git HEAD
f1f65026a941 Always pad fingerprints to 16 characters

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-23 13:38:12 +02:00
David Bauer
a9f7510150 hostapd: add WEP as queryable build feature
Commit 472fd98c5b ("hostapd: disable support for Wired Equivalent
Privacy by default") made support for WEP optional.

Expose the WEP support to LuCi or other userspace tools using the
existing interface. This way they are able to remove WEP from the
available ciphers if hostapd is built without WEP support.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-05-22 21:54:30 +02:00
Hauke Mehrtens
04b1a11f5c mac80211: Fix build on mpc85xx target
This fixes the following compile error seen on the mpc85xx target:
  CC [M]  /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o
In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89:
/builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t'
 typedef _Addr ptrdiff_t;
               ^~~~~~~~~
In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4,
                 from ./include/linux/list.h:5,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3,
                 from ./include/linux/module.h:9,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79:
./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here
 typedef __kernel_ptrdiff_t ptrdiff_t;
                            ^~~~~~~~~
scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed

Fixes: 289c632425 ("mac80211: Update to version 5.7-rc3-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 21:53:14 +02:00
Philip Prindeville
de8b88ce17 firewall: add rule for traceroute support
Running your firewall's "wan" zone in REJECT zone (1) exposes the
presence of the router, (2) depending on the sophistication of
fingerprinting tools might identify the OS and release running on
the firewall which then identifies known vulnerabilities with it
and (3) perhaps most importantly of all, your firewall can be
used in a DDoS reflection attack with spoofed traffic generating
ICMP Unreachables or TCP RST's to overwhelm a victim or saturate
his link.

This rule, when enabled, allows traceroute to work even when the
default input policy of the firewall for the wan zone has been
set to DROP.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-05-21 20:23:10 +02:00
Hans Dedecker
bc55258464 netifd: ingress/egress vlan qos mapping support
74e0222 vlandev: support setting ingress/egress QoS mappings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-21 20:21:02 +02:00
Hauke Mehrtens
289c632425 mac80211: Update to version 5.7-rc3-1
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

The 131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch patch
was manually adapted to the changes in kernel 5.7.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
64f343a881 mac80211: Update to version 5.6.8-1
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
9ca21dc7d5 mac80211: Update to version 5.5.19
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
a4b50c4bce mac80211: Update to version 5.4.36-1
This updates the mac80211 backport to the latest minor version.

The removed patch was a backport from the upstream kernel which is now
integrated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Daniel Golle
017320ead3 hostapd: bring back mesh patches
Bring back 802.11s mesh features to the level previously available
before the recent hostapd version bump. This is mostly to support use
of 802.11s on DFS channels, but also making mesh forwarding
configurable which is crucial for use of 802.11s MAC with other routing
protocols, such as batman-adv, on top.
While at it, fix new compiler warning by adapting 700-wifi-reload.patch
to upstream changes, now building without any warnings again.

Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-21 10:21:59 +01:00
Jason A. Donenfeld
a860fe2304 wireguard: bump to 1.0.20200520
This version has the various slew of bug fixes and compat fixes and
such, but the most interesting thing from an OpenWRT perspective is that
WireGuard now plays nicely with cake and fq_codel. I'll be very
interested to hear from OpenWRT users whether this makes a measurable
difference. Usual set of full changes follows.

This release aligns with the changes I sent to DaveM for 5.7-rc7 and were
pushed to net.git about 45 minutes ago.

* qemu: use newer iproute2 for gcc-10
* qemu: add -fcommon for compiling ping with gcc-10

These enable the test suite to compile with gcc-10.

* noise: read preshared key while taking lock

Matt noticed a benign data race when porting the Linux code to OpenBSD.

* queueing: preserve flow hash across packet scrubbing
* noise: separate receive counter from send counter

WireGuard now works with fq_codel, cake, and other qdiscs that make use of
skb->hash. This should significantly improve latency spikes related to
buffer bloat. Here's a before and after graph from some data Toke measured:
https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png

* compat: support RHEL 8 as 8.2, drop 8.1 support
* compat: support CentOS 8 explicitly
* compat: RHEL7 backported the skb hash renamings

The usual RHEL churn.

* compat: backport renamed/missing skb hash members

The new support for fq_codel and friends meant more backporting work.

* compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4

The main motivation for releasing this now: three stable kernels were released
at the same time, with a patch that necessitated updating in our compat layer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-21 08:18:01 +02:00
Petr Štetiar
472fd98c5b hostapd: disable support for Wired Equivalent Privacy by default
Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional
build parameter") has made WEP functionality an optional build parameter
disabled as default, because WEP should not be used for anything
anymore. As a step towards removing it completely, they moved all WEP
related functionality behind CONFIG_WEP blocks and disabled it by
default.

This functionality is subject to be completely removed in a future
release.

So follow this good security advice, deprecation notice and disable WEP
by default, but still allow custom builds with WEP support via
CONFIG_WPA_ENABLE_WEP config option till upstream removes support for
WEP completely.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-21 08:18:01 +02:00
Petr Štetiar
0a3ec87a66 hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed
Bump package to latest upstream Git HEAD which is commit dd2daf0848ed
("HE: Process HE 6 GHz band capab from associating HE STA"). Since last
update there was 1238 commits done in the upstream tree with 618 files
changed, 53399 insertions, 24928 deletions.

I didn't bothered to rebase mesh patches as the changes seems not
trivial and I don't have enough knowledge of those parts to do/test that
properly, so someone else has to forward port them, ideally upstream
them so we don't need to bother anymore. I've just deleted them for now:

 004-mesh-use-setup-completion-callback-to-complete-mesh-.patch
 005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch
 006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch
 007-mesh-apply-channel-attributes-before-running-Mesh.patch
 011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
 013-mesh-do-not-allow-pri-sec-channel-switch.patch
 015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch
 016-mesh-fix-channel-switch-error-during-CAC.patch
 018-mesh-make-forwarding-configurable.patch

Refreshed all other patches, removed upstreamed patches:

 051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch
 067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
 070-driver_nl80211-fix-WMM-queue-mapping-for-regulatory-.patch
 071-driver_nl80211-fix-regulatory-limits-for-wmm-cwmin-c.patch
 090-wolfssl-fix-crypto_bignum_sum.patch
 091-0001-wolfssl-Fix-compiler-warnings-on-size_t-printf-forma.patch
 091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch
 091-0003-wolfssl-Do-not-hardcode-include-directory-in-wpa_sup.patch
 800-usleep.patch

Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq8065/NBG6817; ipq40xx/MAP-AC2200]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-21 08:18:01 +02:00
Rosen Penev
5ff4b0d024 fuse: move package to packages feed
This package was last updated in 2016. All of the dependent packages
are in the packages feeds, where this will be moved.

Ref: https://github.com/openwrt/packages/pull/12190
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[commit subject/description tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-20 18:59:46 +02:00
Eneas U de Queiroz
3481f6ffc7 wolfssl: update to 4.4.0-stable
This version adds many bugfixes, including a couple of security
vulnerabilities:
 - For fast math (enabled by wpa_supplicant option), use a constant time
   modular inverse when mapping to affine when operation involves a
   private key - keygen, calc shared secret, sign.
 - Change constant time and cache resistant ECC mulmod. Ensure points
   being operated on change to make constant time.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-05-20 17:03:45 +02:00
Jeffery To
982d787773 kernel: kmod-ptp-qoriq: Package kernel object file
This updates the package to contain the kernel object (.ko) file instead
of the plain object (.o) file.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-05-20 15:26:22 +02:00
Richard Huynh
f3792690c4 ramips: Add support for Xiaomi Redmi Router AC2100 (RM2100)
Specification:
- CPU: MediaTek MT7621A
- RAM: 128 MB DDR3
- FLASH: 128 MB ESMT NAND
- WIFI: 2x2 802.11bgn (MT7603)
- WIFI: 4x4 802.11ac (MT7615)
- ETH: 3xLAN+1xWAN 1000base-T
- LED: Power, WAN, in Amber and White
- UART: On board near ethernet, opposite side from power
- Modified u-boot

Installation:

1. Run linked exploit to get shell, startup telnet and wget the files over
2. mtd write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-kernel1.bin kernel1
3. nvram set uart_en=1
4. nvram set bootdelay=5
5. nvram set flag_try_sys1_failed=1
6. nvram commit
7. mtd -r write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-rootfs0.bin rootfs0

Restore to stock:

1. Setup PXE and TFTP server serving stock firmware image
(See dhcp-boot option of dnsmasq)
2. Hold reset button down before powering on and wait for flashing amber led
3. Release reset button
4. Wait until status led changes from flashing amber to white

Notes:
This device has dual kernel and rootfs slots like other Xiaomi devices currently
supported (mir3g, etc.) thus, we use the second slot and overwrite the first
rootfs onwards in order to get more space.

Exploit and detailed instructions:

https://openwrt.org/toh/xiaomi/xiaomi_redmi_router_ac2100

An implementation of CVE-2020-8597 against stock firmware version 1.0.14

This requires a computer with ethernet plugged into the wan port and an active
PPPoE session, and if successful will open a reverse shell to 192.168.31.177
on port 31337.

As this shell is somewhat unreliable and likely to be killed in a random amount
of time, it is recommended to wget a static compiled busybox binary onto the
device and start telnetd with it.

The stock telnetd and dropbear unfortunately appear inoperable.
(Disabled on release versions of stock firmware likely)
Ie. wget https://yourip/busybox-mipsel -O /tmp/busybox
chmod a+x /tmp/busybox
/tmp/busybox telnetd -l /bin/sh

Tested-by: David Martinez <bonkilla@gmail.com>
Signed-off-by: Richard Huynh <voxlympha@gmail.com>
2020-05-20 15:26:22 +02:00
Álvaro Fernández Rojas
e55af8a4b0 bcm63xx-cfe: fix build with CONFIG_AUTOREMOVE
When CONFIG_AUTOREMOVE is enabled, CFE binaries are removed before the
image creation.
Install CFE binaries to kernel directory and let autoremove clean the
files in PKG_BUILD_DIR.
Also drop unneeded tar cmd/options.

Fixes: dcee4eaa42 ("bcm63xx-cfe: add package with CFE RAM binaries")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-20 08:46:13 +02:00
Jason A. Donenfeld
0727c83a76 wireguard-tools: bump to 1.0.20200513
* ipc: add support for openbsd kernel implementation
* ipc: cleanup openbsd support
* wg-quick: add support for openbsd kernel implementation
* wg-quick: cleanup openbsd support

Very exciting! wg(8) and wg-quick(8) now support the kernel implementation for
OpenBSD. OpenBSD is the second kernel, after Linux, to receive full fledged
and supported WireGuard kernel support. We'll probably send our patch set up
to the list during this next week. `ifconfig wg0 create` to make an interface,
and `wg ...` like usual to configure WireGuard aspects of it, like usual.

* wg-quick: support dns search domains

If DNS= has a non-IP in it, it is now treated as a search domain in
resolv.conf.  This new feature will be rolling out across our various GUI
clients in the next week or so.

* Makefile: simplify silent cleaning
* ipc: remove extra space
* git: add gitattributes so tarball doesn't have gitignore files
* terminal: specialize color_mode to stdout only

Small cleanups.

* highlighter: insist on 256-bit keys, not 257-bit or 258-bit

The highlighter's key checker is now stricter with base64 validation.

* wg-quick: android: support application whitelist

Android users can now have an application whitelist instead of application
blacklist.

* systemd: add wg-quick.target

This enables all wg-quick at .services to be restarted or managed as a unit via
wg-quick.target.

* Makefile: remember to install all systemd units

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-20 08:14:00 +02:00
Álvaro Fernández Rojas
86583384ff bcm63xx: smp: add NAND support
NAND controller is present on BCM6328, BCM6362, BCM6368 and BCM63268.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-18 18:24:06 +02:00
Álvaro Fernández Rojas
dcee4eaa42 bcm63xx-cfe: add package with CFE RAM binaries
CFE RAM is a second stage bootloader which is usually loaded by CFE ROM
(first stage bootloader) from a JFFS2 partition stored on the NAND.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-18 18:24:06 +02:00
Álvaro Fernández Rojas
8339f8d95e base-files: switch_to_ramfs: add nand-utils
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-18 18:24:06 +02:00
Davide Fioravanti
31b49f02ca ramips: add support for Linksys EA7500 v2
The Linksys EA7500 v2 is advertised as AC1900, but its internal
hardware is AC2600 capable.

Hardware
--------
SoC:   Mediatek MT7621AT (880 MHz, 2 cores 4 threads)
RAM:   256M (Nanya NT5CC128M16IP-DI)
FLASH: 128MB NAND (Macronix MX30LF1G18AC-TI)
ETH:   5x 10/100/1000 Mbps Ethernet (MT7530)
WIFI:
  - 2.4GHz: 1x MT7615N (4x4:4)
  - 5GHz:   1x MT7615N (4x4:4)
  - 4 antennas: 3 external detachable antennas and 1 internal
USB:
  - 1x USB 3.0
  - 1x USB 2.0
BTN:
  - 1x Reset button
  - 1x WPS button
LEDS:
  - 1x White led (Power)
  - 6x Green leds (link lan1-lan4, link wan, wps)
  - 5x Orange leds (act lan1-lan4, act wan) (working but unmodifiable)

Everything works correctly.

Installation
------------
The “factory” openwrt image can be flashed directly from OEM stock
firmware. After the flash the router will reboot automatically.

However, due to the dual boot system, the first installation could fail
(if you want to know why, read the footnotes).
If the flash succeed and you can reach OpenWrt through the web
interface or ssh, you are done.
Otherwise the router will try to boot 3 times and then will
automatically boot the OEM firmware (don’t turn off the router.
Simply wait and try to reach the router through the web interface
every now and then, it will take few minutes).

After this, you should be back in the OEM firmware.

Now you have to flash the OEM Firmware over itself using the OEM web
interface (I tested it using the FW_EA7500v2_2.0.8.194281_prod.img
downloaded from the Linksys website).

When the router reboots flash the “factory” OpenWrt image and this
time it should work.

After the OpenWrt installation you have to use the sysupgrade image
for future updates.

Restore OEM Firmware
--------------------
After the OpenWrt flash, the OEM firmware is still stored in the
second partition thanks to the dual boot system.
You can switch from OpenWrt to OEM firmware and vice-versa failing
the boot 3 times in a row:
 1) power on the router
 2) wait 15 seconds
 3) power off the router
 4) repeat steps 1-2-3 twice more.
 5) power on the router and you should be in the “other” firmware

If you want to completely remove OpenWrt from your router, switch to
the OEM firmware and then flash OEM firmware from the web interface
as a normal update.
This procedure will overwrite the OpenWrt partition.

Footnotes
---------
The Linksys EA7500-v2 has a dual boot system to avoid bricks.
This system works using 2 pair of partitions:
 1) "kernel" and "rootfs"
 2) "alt_kernel" and "alt_rootfs".
After 3 failed boot attempts, the bootloader tries to boot the other
pair of partitions and so on.

This system is managed by the bootloader, which writes a bootcount in
the s_env partition, and if successfully booted, the system add a
"zero-bootcount" after the previous value.

A system update performed from OEM firmware, writes the firmware on the
other pair of partitions and sets the bootloader to boot the new pair
of partitions editing the “boot_part” variable in the bootloader vars.
Effectively it's a quick and safe system to switch the selected boot
partition.

Another way to switch the boot partition is:
 1) power on the router
 2) wait 15 seconds
 3) power off the router
 4) repeat steps 1-2-3 twice more.
 5) power on the router and you should be in the “other” firmware

In this OpenWrt port, this dual boot system is partially working
because the bootloader sets the right rootfs partition in the cmdline
but unfortunately OpenWrt for ramips platform overwrites the cmdline
so is not possible to detect the right rootfs partition.

Because all of this, I preferred to simply use the first pair of
partitions and set read-only the other pair.

However this solution is not optimal because is not possible to know
without opening the case which is the current booted partition.
Let’s take for example a router booting the OEM firmware from the first
pair of partitions. If we flash the OpenWrt image, it will be written
on the second pair. In this situation the router will bootloop 3 times
and then will automatically come back to the first pair of partitions
containg the OEM firmware.
In this situation, to flash OpenWrt correctly is necessary to switch
the booting partition, flashing again the OEM firmware over itself.
At this point the OEM firmware is on both pair of partitions but the
current booted pair is the second one.
Now, flashing the OpenWrt factory image will write the firmware on
the first pair and then will boot correctly.

If this limitation in the ramips platform about the cmdline will be
fixed, the dual boot system can also be implemented in OpenWrt with
almost no effort.

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
Co-Developed-by: Jackson Lim <jackcolentern@gmail.com>
Signed-off-by: Jackson Lim <jackcolentern@gmail.com>
2020-05-17 18:44:28 +02:00
Davide Fioravanti
c33ad81373 mtd: add linksys_bootcount for ramips
Reset bc is needed for Linksys EA7500 v2's dual boot.

Size impact (tested with Linksys EA7500 v2 @ mt7621):

mtd_25_mipsel_24kc.ipk: 13174 -> 13628 (454 bytes)
initramfs: 3660350 -> 3660688 (338 bytes)

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
[add size impact information]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-17 18:43:19 +02:00
Adrian Schmutzler
b510ab513e kernel: drop outdated kernel version switches for local code
This drops kernel version switches for versions not supported by
OpenWrt master at the moment. This only adjusts local code, but
doesn't touch patches to existing external packages.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-17 18:35:51 +02:00
Daniel Golle
631c437a91 hostapd: backport wolfssl bignum fixes
crypto_bignum_rand() use needless time-consuming filtering
which resulted in SAE no longer connecting within time limits.
Import fixes from hostap upstream to fix that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-16 22:28:08 +01:00
Daniel Golle
8097fd4d5f procd: jail: fix segfault and add console feature
2e73848 jail: SIGSEGV must not be forwarded to the child process
 7e150f6 jail: unnamed jails can not have netns (fix segfault)
 1ab539b jail: add option to provide /dev/console to containers

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-15 19:19:32 +01:00
Adrian Schmutzler
f079db3844 procd: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
4cfa63edc0 wwan: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
04a8d3f453 comgt: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
ffa3a8e9b0 netifd: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
05afbcd14e mac80211: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
4202459541 ltq-vdsl-fw: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
d2d63cc6e0 ltq-vdsl-app: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Robert Marko
bc0288b768 libjson-c: backport security fixes
This backports upstream fixes for the out of bounds write vulnerability in json-c.
It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592

Addresses CVE-2020-12762

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-13 11:16:43 +02:00
Daniel Golle
b181294b02 fstools: blockd: fix segfault triggered by non-autofs mounts
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
    at fstools-2020-05-06-eec16e2f/block.c:1193
1193:    if (!m->autofs && (mp = find_mount_point(pr->dev))) {

Fixes: c3a43753b9 ("fstools: update to the latest version")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-12 10:51:24 +01:00
Kevin Darbyshire-Bryant
5e0a56b8ae umdns: re-enable address-of-packed-member warning
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-05-10 20:44:59 +01:00
Kevin Darbyshire-Bryant
ed91d72eac dnsmasq: hotplug script tidyup
Hotplug scripts are sourced so the #!/bin/sh is superfluous/deceptive.
Re-arrange script to only source 'procd' if we get to the stage of
needing to signal the process, reduce hotplug processing load a little.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-05-10 20:40:30 +01:00
Ali MJ Al-Nasrawy
a8a1ef8568 mac80211: distance config: allow "auto" as a value
The user can now enable the ACK timeout estimation algorithm (dynack)
for drivers that support it.
It is also expected that the distance config accepts the same values as:
$ iw phyX set distance XXX

Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
2020-05-09 15:08:39 +02:00
Jakov Petrina
b1cfbff0a7 mvebu: uDPU: switch default kernel and U-Boot PHY mode
Certain SFP modules (most notably Nokia GPON ones) first check
connectivity on 1000base-x, and switch to 2500base-x afterwards. This
is considered a quirk so the phylink switches the interface to
2500base-x as well.

However, after power-cycling the uDPU device, network interface/SFP module
will not work correctly until the module is re-seated. This patch
resolves this issue by forcing the interface to be brought up in
2500base-x mode by default.

Signed-off-by: Jakov Petrina <jakov.petrina@sartura.hr>
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Luka Perkov <luka.perkov@sartura.hr>
2020-05-09 14:34:23 +02:00
Javier Marcet
02656caa7b base-files: upgrade: fix indent
Use same indent as for the rest of the file.

Signed-off-by: Javier Marcet <javier@marcet.info>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-08 20:15:43 +02:00
Thibaut VARÈNE
02a9d3d6a9 package/base-files: add caldata_sysfsload_from_file()
This routine enables loading caldata binary via the kernel sysfs loader

See https://www.kernel.org/doc/html/v4.19/driver-api/firmware/fallback-mechanisms.html

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-08 15:17:17 +02:00
Thibaut VARÈNE
8f4735297b package/base-files: caldata: allow setting target file
This will enable platforms to extract caldata to an arbitrary file,
or patch mac in an abitrary file.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-08 15:17:17 +02:00
Thibaut VARÈNE
ab68939254 package/utils: remove rbextract
Rationale:
1/ This tool is no longer necessary following the implementation of a
   sysfs driver
2/ The upstream author, Robert Marko, stated[1] that this tool had been
   taken from his tree in an unfinished state not suitable for merging

[1] https://github.com/openwrt/openwrt/pull/2850#issuecomment-610277863

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-08 15:17:17 +02:00
Daniel A. Maierhofer
128250e8fc lldpd: add management IP setting
add option to set management IP pattern

also add missing 'unconfigure system hostname'

for example pattern '!192.168.1.1' makes it possible that
WAN IP is selected instead of LAN IP

Signed-off-by: Daniel A. Maierhofer <git@damadmai.at>
[grammar and spelling fixes in commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-05-08 05:54:39 +03:00
Rosen Penev
73fa1aba94 samba36: Remove
Samba 3.6 is completely unsupported, in addition to having tons of patches

It also causes kernel panics on some platforms when sendfile is enabled.
Example:

https://github.com/gnubee-git/GnuBee_Docs/issues/45

I have reproduced on ramips as well as mvebu in the past.

Samba 4 is an alternative available in the packages repo.

cifsd is a lightweight alternative available in the packages repo. It is
also a faster alternative to both Samba versions (lower CPU usage). It
was renamed to ksmbd.

To summarize, here are the alternatives:
- ksmbd + luci-app-cifsd
- samba4 + luci-app-samba4

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[drop samba36-server from GEMINI_NAS_PACKAGES, ksmbd rename + summary]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-05-08 03:32:52 +03:00
Jo-Philipp Wich
79da9d78b9 opkg: update to latest Git HEAD
f2166a8 libopkg: implement lightweight package listing logic
cf4554d libopkg: support passing callbacks to feed parsing functions
2a0210f opkg-cl: don't read feeds on opkg update
b6f1967 libopkg: use xsystem() to spawn opkg-key
60b9af2 file_util.c: refactor and fix checksum_hex2bin()
206ebae file_util.c: fix possible bad memory access in file_read_line_alloc()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-07 22:49:58 +02:00
Yangbo Lu
2b31f143f9 layerscape: update restool to LSDK-20.04
Update restool to latest LSDK-20.04.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
1b370e7f62 layerscape: update ls-dpl to LSDK-20.04
Update ls-dpl to latest LSDK-20.04.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
70a6a98149 layerscape: define only one package for ls-dpl
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain ls-dpl with only one package
installing all 4 files as intermediate files.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
b7820d57db layerscape: update ls-mc to LSDK-20.04
Update ls-mc to latest LSDK-20.04.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
2e61c4ac1f layerscape: define only one package for ls-mc
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain ls-mc with only one package
installing all two images as intermediate files.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
99091f6796 layerscape: update ppfe-firmware to LSDK-20.04
Update ppfe-firmware to latest LSDK-20.04.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
e920530847 layerscape: update fman-ucode to LSDK-20.04
Just update PKG_VERSION/PKG_MIRROR_HASH since fman-ucode
of LSDK-20.04 had no changes.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
6c9d8990a4 layerscape: define only one package for fman-ucode
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain fman-ucode with only one package
installing all two binaries as intermediate files.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
12bc4084bd layerscape: update tfa to LSDK-20.04
Update tfa package to latest LSDK-20.04 dropping one patch
which had already been integrated.

Add fixes,
- Fix DEPENDS/PKG_BUILD_DEPENDS.
- Remove HIDDEN:=1.
- Move intermediate files installing into Build/InstallDev.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
f9155a9b67 layerscape: update u-boot to LSDK-20.04
Update u-boot package to latest LSDK-20.04 dropping patches
which are no longer needed.
Adapt u-boot bootargs to kernel 5.4 for booting.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
2e2643f74d layerscape: update ls-rcw to latest LSDK-20.04
Update ls-rcw to latest LSDK-20.04.
Update patch 0001 with a new one.
Drop patch 0002 since it had been integrated.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
084c82c5b0 layerscape: define only one package for ls-rcw
We do not have to define package for each board, and
consider variant's building/installing.
It is easier to maintain ls-rcw with only one package
installing all boards RCW binaries as intermediate
files, each of which is just about hundreds of bytes.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Jason A. Donenfeld
4f6343ffe7 wireguard: bump to 1.0.20200506
* compat: timeconst.h is a generated artifact

Before we were trying to check for timeconst.h by looking in the kernel
source directory. This isn't quite correct on configurations in which
the object directory is separate from the kernel source directory, for
example when using O="elsewhere" as a make option when building the
kernel. The correct fix is to use $(CURDIR), which should point to
where we want.

* compat: use bash instead of bc for HZ-->USEC calculation

This should make packaging somewhat easier, as bash is generally already
available (at least for dkms), whereas bc isn't provided by distros by
default in their build meta packages.

* socket: remove errant restriction on looping to self

It's already possible to create two different interfaces and loop
packets between them. This has always been possible with tunnels in the
kernel, and isn't specific to wireguard. Therefore, the networking stack
already needs to deal with that. At the very least, the packet winds up
exceeding the MTU and is discarded at that point. So, since this is
already something that happens, there's no need to forbid the not very
exceptional case of routing a packet back to the same interface; this
loop is no different than others, and we shouldn't special case it, but
rather rely on generic handling of loops in general. This also makes it
easier to do interesting things with wireguard such as onion routing.
At the same time, we add a selftest for this, ensuring that both onion
routing works and infinite routing loops do not crash the kernel. We
also add a test case for wireguard interfaces nesting packets and
sending traffic between each other, as well as the loop in this case
too. We make sure to send some throughput-heavy traffic for this use
case, to stress out any possible recursion issues with the locks around
workqueues.

* send: cond_resched() when processing tx ringbuffers

Users with pathological hardware reported CPU stalls on CONFIG_
PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning
these workers would never terminate. That turned out not to be okay on
systems without forced preemption. This commit adds a cond_resched() to
the bottom of each loop iteration, so that these workers don't hog the
core. We don't do this on encryption/decryption because the compat
module here uses simd_relax, which already includes a call to schedule
in preempt_enable.

* selftests: initalize ipv6 members to NULL to squelch clang warning

This fixes a worthless warning from clang.

* send/receive: use explicit unlikely branch instead of implicit coalescing

Some code readibility cleanups.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-07 12:53:06 +02:00
Hauke Mehrtens
5019a06fc1 ppp: Fix mirror hash
Fixes: ae06a650d6 ("ppp: update to version 2.4.8.git-2020-03-21")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-06 21:29:08 +02:00
Rafał Miłecki
c3a43753b9 fstools: update to the latest version
eec16e2 blockd: add optional "device" parameter to "info" ubus method
9ab936d block(d): always call hotplug.d "mount" scripts from blockd
4963db4 blockd: use uloop_process for calling /sbin/hotplug-call mount
cddd902 Truncate FAT filesystem label until 1st occurance of a blank (0x20)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-05-06 17:50:31 +02:00
Rafał Miłecki
9295ce7006 fstools: update to the latest version
8b9e601 block: always use st_dev (device ID) of / when looking for root
37c9148 block: simplify check_extroot() a bit
d70774d block: add some basic extroot documentation
32db27d Revert "block: support hierarchical mount/umount"
0b93429 Revert "block: mount_action: handle mount/umount deps"

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-05-05 09:14:40 +02:00
Hans Dedecker
0836d0dea2 odhcpd: update to latest git HEAD (FS#3056)
5ce0770 router: fix Lan host reachibility due to identical RIO and PIO prefixes (FS#3056)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-04 21:29:24 +02:00
John Crispin
b9cf9ebdb7 mediatek: add uboot
Signed-off-by: John Crispin <john@phrozen.org>
2020-05-04 16:31:19 +02:00
John Crispin
b5516603dd mac80211: more wifi reconf related fixes
* uci state was not getting reset properly during teardown
* AP+STA co-exist state was not flushed properly upon channel switch
* remove a debug logger call
* properly teardown supplicant instances when they get disabled
* add md5 config support for supplicant
* don't call wpa_supplicant_prepare_interface twice

Signed-off-by: John Crispin <john@phrozen.org>
2020-05-04 16:22:03 +02:00
Josef Schlehofer
0e522d5f4a curl: update to version 7.70.0
- Release notes:
https://curl.haxx.se/changes.html#7_70_0

- Refreshed patch

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-05-04 07:59:46 +02:00
Stijn Tintel
3a79e3b185 argp-standalone: fix segfault in canon_doc_option
Backported from glibc.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-05-03 20:31:30 +03:00
Hans Dedecker
ad27c133eb base-files: generate config files with correct permissions
As touch creates files with permission 0644 use umask to create
config files with permission 0600 to be inline with INSTALL_CONF

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-30 21:51:12 +02:00
Hans Dedecker
2855be3151 uci: update to latest git HEAD
ec8d323 file: preserve original file mode after commit

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-30 21:51:02 +02:00
Jason A. Donenfeld
f57230c4e6 wireguard: bump to 1.0.20200429
* compat: support latest suse 15.1 and 15.2
* compat: support RHEL 7.8's faulty siphash backport
* compat: error out if bc is missing
* compat: backport hsiphash_1u32 for tests

We now have improved support for RHEL 7.8, SUSE 15.[12], and Ubuntu 16.04.

* compat: include sch_generic.h header for skb_reset_tc

A fix for a compiler error on kernels with weird configs.

* compat: import latest fixes for ptr_ring
* compat: don't assume READ_ONCE barriers on old kernels
* compat: kvmalloc_array is not required anyway

ptr_ring.h from upstream was imported, with compat modifications, to our
compat layer, to receive the latest fixes.

* compat: prefix icmp[v6]_ndo_send with __compat

Some distros that backported icmp[v6]_ndo_send still try to build the compat
module in some corner case circumstances, resulting in errors.  Work around
this with the usual __compat games.

* compat: ip6_dst_lookup_flow was backported to 3.16.83
* compat: ip6_dst_lookup_flow was backported to 4.19.119

Greg and Ben backported the ip6_dst_lookup_flow patches to stable kernels,
causing breaking in our compat module, which these changes fix.

* git: add gitattributes so tarball doesn't have gitignore files

Distros won't need to clean this up manually now.

* crypto: do not export symbols

These don't do anything and only increased file size.

* queueing: cleanup ptr_ring in error path of packet_queue_init

Sultan Alsawaf reported a memory leak on an error path.

* main: mark as in-tree

Now that we're upstream, there's no need to set the taint flag.

* receive: use tunnel helpers for decapsulating ECN markings

ECN markings are now decapsulated using RFC6040 instead of the old RFC3168.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-30 08:00:53 +02:00
Petr Štetiar
493eef5b27 wireless-regdb: bump to latest release 2020-04-29
Update to latest release.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-30 00:52:04 +02:00
Petr Štetiar
8036e7ebb5 ath10k-ct: update to version 2020-04-29
Pulls in workaround for TX rate code firmware bug which might as well
help track it down via different printk()s and thus possibly provide
more clue for proper fix.

Firmware currently sends wrong (0xff) TX rate code which causes
WARN_ONCE, so the workaround just changes this bogus value (0xff) into 0.

For 5.4 it also pulls in tx-queue-wake throttling patch "ath10k: Restart
xmit queues below low-water mark", which should improve performance with
high number of concurrent TCP streams.

Ref: https://github.com/greearb/ath10k-ct/pull/129
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-30 00:52:04 +02:00
Petr Štetiar
b17a5a9bdb dnsmasq: always inform about disabled dhcp service
Init script checks for an already active DHCP server on the interface
and if such DHCP server is found, then it logs "refusing to start DHCP"
message, starts dnsmasq without DHCP service unless `option force 1` is
set and caches the DHCP server check result.

Each consecutive service start then uses this cached DHCP server check
result, but doesn't provide log feedback about disabled DHCP service
anymore.

So this patch ensures, that the log message about disabled DHCP service
on particular interface is always provided.

Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-30 00:52:04 +02:00
Daniel Golle
447d335d00 ugps: nmea: fix time comparision
Fix bug causing system time to be set over and over again, and causing
massive log pollution.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-29 21:32:35 +01:00
David Bauer
3f660249e6 kernel: hwmon: add Analog Devices AD741x support
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-29 16:03:00 +02:00
Antonio Quartulli
4b3b8ec81c wpad-wolfssl: fix crypto_bignum_sub()
Backport patch from hostapd.git master that fixes copy/paste error in
crypto_bignum_sub() in crypto_wolfssl.c.

This missing fix was discovered while testing SAE over a mesh interface.

With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with
wpad-mesh-wolfssl.

Cc: Sean Parkinson <sean@wolfssl.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-28 11:45:44 +01:00
Álvaro Fernández Rojas
a882bfce05 ath10k-ct-firmware: add htt-mgt variants
For wave-2, there is now a new variant: htt-mgt-community (vs the old
full-htt-mgt-community).

The non-full one (hence forth 'diet') compiles out a lot of firmware features
that ath10k does not use. This saves a lot of resources and lets one
configure more stations/vdevs/etc using fwcfg.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-28 09:33:09 +02:00
Álvaro Fernández Rojas
06f510df6e ath10k-ct-firmware: update firmware images
No release notes this time.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-28 09:33:09 +02:00
Álvaro Fernández Rojas
2e5e9b459e ath10k-ct-firmware: rename ct-htt packages
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-28 09:33:09 +02:00
Álvaro Fernández Rojas
658e68f85c ath10k-firmware: move CT firmwares to new package
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-28 09:33:09 +02:00
Álvaro Fernández Rojas
ce2bd2bd03 ath10k-ct: remove old patches
Only keep 5.4 patches.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-28 09:33:09 +02:00
Luiz Angelo Daros de Luca
a3079fb7ba elfutils: powerpc build fix
Fixes following build error on mpc85xx/generic:

 ppc_initreg.c: In function 'ppc_set_initial_registers_tid':
 ppc_initreg.c:79:22: error: field 'r' has incomplete type
        struct pt_regs r;

Ref: FS#2924
Fixes: d27623b542 ("elfutils: update to 0.179")
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-28 07:45:00 +02:00
Petr Štetiar
76a0ddf130 wireless-regdb: backport three upstream fixes
Another release is overdue for quite some time, so I'm backporting three
fixes from upstream which I plan to backport into 19.07 as well.

Ref: FS#2880
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-28 07:45:00 +02:00
Felix Fietkau
1c008b61bd mt76: update to the latest version
bef8f8a5966d mt76: mt7615: remove a stray if statement
89bd7199487f mt76: remove variable 'val' set but not used
ee8ac234b84e mt76: mt7615: introduce mt7615_mcu_fill_msg
4999db4668f0 mt76: mt7615: introduce mt7615_mcu_wait_response
8ce6e40eba03 mt76: mt7615: cleanup fw queue just for mmio devices
9d1d2ee9add3 mt76: mt7615: introduce mt7615_init_device routine
7fbd2a57cea4 mt76: always init to 0 mcu messages
3b277cf18d95 mt76: mt7615: introduce mt7615_mcu_send_message routine
2a4132a55a4f mt76: mt7615: add mt7615_mcu_ops data structure
9ba71749a122 mt76: mt7615: move mt7615_mcu_set_bmc to mt7615_mcu_ops
2e991f3e8cdd mt76: mt7615: move mt7615_mcu_set_sta in mt7615_mcu_ops
56852057cb90 mt76: mt7615: rely on skb API for mt7615_mcu_set_eeprom
642ecd978887 mt76: mt7615: rework mt7615_mcu_set_bss_info using skb APIs
2b0810af4a52 mt76: mt7615: move more mcu commands in mt7615_mcu_ops data structure
7a6285e63d88 mt76: mt7615: introduce MCU_FW_PREFIX for fw mcu commands
e536b42ebc7d mt76: mt7615: introduce mt7615_register_map
fccbdb628ffd mt76: mt7615: add mt7663e support to mt7615_reg_map
d42244e9255c mt76: mt7615: add mt7663e support to mt7615_{driver,firmware}_own
aebbe088127f mt76: mt7615: add mt7663e support to mt7615_mcu_set_eeprom
28e22d07f892 mt76: mt7615: introduce mt7615_eeprom_parse_hw_band_cap routine
167428592647 mt76: mt7615: introduce mt7615_init_mac_chain routine
23ca7acfc856 mt76: mt7615: introduce uni cmd command types
c4171728cf70 mt76: mt7615: introduce set_bmc and st_sta for uni commands
9e5c76d2310a mt76: mt7615: add more uni mcu commands
779b2cebc147 mt76: mt7615: introduce set_ba uni command
21ee7da00f0a mt76: mt7615: get rid of sta_rec_wtbl data structure
2097f74f664c mt76: mt7615: introduce mt7663e support
8e9cd01228d0 mt7615: sync Kconfig with upstream
3b4f93840950 mt76: add memory barrier to DMA queue kick
8d301ace8ed7 mt76: mt7615: fix mt7663e firmware struct endianness
9bc1850ce711 mt76: mt7615: fix endianness in unified command
a1b9b7d94aa0 mt76: mt7615: add missing declaration in mt7615.h
6e4b2a709fe7 mt76: sync Makefile with upstream
258dfb6afb30 mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter
9c3d84b62cc0 mt76: mt76x2u: introduce Mercury UD13 support
ea8ea71933ca mt76: mt76x0: pci: add mt7610 PCI ID
9d555f82d329 mt76: mt7615: modify mt7615_ampdu_stat_read for each phy
8bd26d6c3172 mt76: mt7615: enable aggr_stats for both phy
1315afa511e0 mt76: mt7615: cleanup mib related defines and structs
072b50c61e0e mt76: mt7615: add more useful Tx mib counters
b23ff3e9343a mt76: mt7663: fix mt7615_mac_cca_stats_reset routine
294abe47c9b2 mt76: mt7663: enable nf estimation
d2d7bf2243f6 mt76: mt7615: make scs configurable per phy
908a2cfab88f mt76: mt7663: disable RDD commands
eaef0a268b95 mt76: mt7615: add ethool support to mt7663 driver
96e07ef1113d mt76: mt7615: introduce mt7615_mcu_set_channel_domain mcu command
67182f36e3be mt76: mt7663: keep Rx filters as the default
e6a3f3ffe53a mt76: mt7615: introduce hw scan support
12ecd5ba2146 mt76: mt7615: introduce scheduled scan support
f6ab0bee3172 mt76: mt7615: introduce BSS absence event
f208a9430044 mt76: mt7615: introduce rlm tlv in bss_info mcu command
ea4f4d216dbe mt76: mt7615: remove unnecessary register operations
72c9380e70f9 mt76: add headroom and tailroom to mt76_mcu_ops data structure
63e14669e09d mt76: mt7615: introduce mt7663u support to mt7615_write_txwi
29d359ac7626 mt76: mt7615: introduce mt7615_mac_update_rate_desc routine
1f1dd2cb5b49 mt76: mt7615: introduce __mt7663_load_firmware routine
cb6dcfd3cf13 mt76: mt7615: move mt7615_mac_wtbl_addr in mac.h
d28e8e7ef912 mt76: mt76u: rely on mt7622 queue scheme for mt7663u
f78cf8957aba mt76: mt7615: rework wtbl key configuration
2829497aaaf5 mt76: mt7615: introduce mt7615_wtbl_desc data structure
02c9ec4a15e7 mt76: mt7615: add address parameter to mt7615_eeprom_init
e9c640c0a79e mt76: mt7663: correct the name of the rom patch
1e8b2fe5ab03 mt76: mt7615: do not always reset the dfs state setting the channel
ec0ea46dacf9 mt76: mt7615: Delete an error message in mt7622_wmac_probe()
d16a4698f1ac mt76: mt7615: disable merge of OTP ROM data by default
2b58998bb594 mt76: mt7615: add support for applying DC offset calibration from EEPROM
55198aafb756 mt76: mt7615: add support for applying tx DPD calibration from EEPROM
5a1eaa38d380 mt76: mt7603: disable merge of OTP ROM data by default
bf60f43b12fb mt76: mt76x2: disable merge of OTP ROM data by default
9406eb1d110f mt76: mt7615: fix endian issues in applying flash calibration data
66d00b8c9dac mt76: mt7615: fix possible division by 0 in mt7615_mac_update_mib_stats
25d812dddcf8 mt76: mt7663: fix aggr range entry in debugfs
08b8bd2bc915 mt76: mt7615: disable hw/sched scan ops for non-offload firmware
8fb1cd20a776 mt76: mt7615: set hw scan limits only for firmware with offload support
05b23d7478fe mt76: mt7615: rework IRQ handling to prepare for MSI support
b92c0d576769 mt76: mt7622: fix DMA unmap length
03daa60ca69c mt76: mt7663: fix DMA unmap length
5f2f676b1f01 mt76: mt7615: enable MSI by default
5822911f8026 mt76: remove unnecessary annotations
a7035bce8517 mt76: mt7615: fix possible deadlock in mt7615_stop
d4e6e225bc06 mt76: mt7615: move core shared code in mt7615-common module
94827d2033c7 mt76: mt7615: introduce mt7663u support
36591dd35f91 mt76: mt7615: enable scs for mt7663 driver
bd80144cb5be mt76: mt7615: disable aspm by default
9dcb60b78ede mt76: mt7615: provide aid info to the mcu
6e443e89cce2 mt76: remove PS_NULLFUNC_STACK capability
ea133325faa6 mt76: mt7663: introduce 802.11 PS support in sta mode
ff3869b38cf2 mt76: mt7615: make Kconfig entry obvious for MT7663E
01fd34f3a6c5 mt76: mt7615: fix sta ampdu factor for VHT
e5adbb2077e2 mt76: fix A-MPDU density handling
d73e3a23a54e mt76: mt7615: use larger rx buffers if VHT is supported
257319e9b07d mt76: mt7615: never use an 802.11b CF-End rate on 5GHz
29a92c5606d6 mt76: mt7603: never use an 802.11b CF-End rate on 5GHz
c0b19ac97c07 mt76: mt7615: adjust timing in mt7615_mac_set_timing to match fw/hw values
1656882f2723 mt76: mt7615: do not adjust MAC timings if the device is not running
4e7ce907faf3 mt76: mt7615: fix tx status rate index calculation
8304b3866100 mt76: mt7603: fix tx status rate index calculation
722d1f47d8ba mt76: add rx queues info to mt76 debugfs
da329ef776b0 mt76: mt7615: parse mcu return code for unified commands
facf74fd506f mt76: mt7615: fix mt7615_firmware_own for mt7663e
e910787a9888 mt76: mt7615: fix max wtbl size for 7663
c9821f7d6a8c mt76: mt7615: fix mt7615_driver_own routine
e35cc532c3d2 mt76: mt7615: fix aid configuration in mt7615_mcu_wtbl_generic_tlv
b6cb91a71fe1 mt76: mt7615: rework mt7615_mac_sta_poll for usb code
b193dd8100f8 mt76: mt7663u: enable AirTimeFairness
31cffa98920f mt76: mt7615: move mcu bss upload before creating the sta
cde3716aa47e mt76: enable TDLS support
1846da5dd417 mt76: mt7615: set spatial extension index
6aaf0299730f mt76: mt7615: fix endian issues in dcoc/txdpd calibration
5de75b745cf9 mt76: mt7663: fix up BMC entry indicated to unicmd firmware
a5f394c5ca48 mt76: mt7615: add sta pointer to mt7615_mcu_add_bss_info signature
1f2f3dda76b9 mt76: mt7615: fix event report in mt7615_mcu_bss_event
c2a3cced36de mt76: mt76x0: enable MCS 8 and MCS9
1afabe78cfc5 mt76: mt7663: add the possibility to load firmware v2
5f3ccc722627 mt76: mt7663: remove check in mt7663_load_n9

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-04-27 20:09:24 +02:00
Adrian Schmutzler
3fdb08681b mvebu: tidy up support for GL.iNet GL-MV1000
This fixes a bunch of cosmetic issues with GL.iNet GL-MV1000:

- apply alphabetic sorting in multiple files
- use armada-3720 prefix for DTS like for other devices
- fix vendor capitalization for model in DTSes
- remove trivial comment in DTS files
- use DEVICE_VENDOR/DEVICE_MODEL
- remove redundant SUPPORTED_DEVICES
- use SOC instead of DEVICE_DTS
- remove empty line at EOF

Fixes: 050c24f05c ("mvebu: add support for GL.iNet GL-MV1000")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-27 00:25:12 +02:00
Li Zhang
050c24f05c mvebu: add support for GL.iNet GL-MV1000
This patch adds supports for GL-MV1000.

Specification:
	- SOC: Marvell Armada 88F3720 (1GHz)
	- Flash: 16MB (W25Q128FWSIG)
	- RAM: 1GB DDR4
	- Ethernet: 3x GE (1 WAN + 2 LAN)
	- EMMC: 8GB EMMC (KLM8G1GETF-B041)
	- MicroSD: 1x microSD slot
	- USB: 1x USB 2.0 port(TypeA),1x USB 3.0 port(TypeC)
	- Button: 1x reset button,1x slide switch
	- LED: 3x greed LED
	- UART: 1x UART on PCB (JP1: 3.3V, RX, TX, GND)

	Update firmware instructions
	============================
	In the compiled,please gzip -d xxx.img.gz,then update firmware on uboot web.

Signed-off-by: Li Zhang <li.zhang@gl-inet.com>
[Copied dts file to files-5.4]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-26 21:45:41 +02:00
Xiaobo Tian
5d81b28a82 kernel: support intel X7xx 10/40GbE adapters
Signed-off-by: Xiaobo Tian <peterwillcn@gmail.com>
[Add i40evf/i40evf.ko and setect CONFIG_IAVF]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-26 21:45:41 +02:00
weidong jia
75512fe0e7 uboot-envtools: fix domywifi_dw33d Bad CRC error
The current dw33d partition index has changed, this patch solves
this problem.

old partition layout
dev:    size   erasesize  name
mtd0: 00040000 00010000 "u-boot"
mtd1: 00010000 00010000 "u-boot-env"
mtd2: 00fa0000 00010000 "oem-firmware"
mtd3: 00010000 00010000 "art"
mtd4: 00500000 00020000 "kernel"
mtd5: 05b00000 00020000 "ubi"
mtd6: 02000000 00020000 "oem-backup"

new partition layout
dev:    size   erasesize  name
mtd0: 00500000 00020000 "kernel"
mtd1: 05b00000 00020000 "ubi"
mtd2: 02000000 00020000 "oem-backup"
mtd3: 00040000 00010000 "u-boot"
mtd4: 00010000 00010000 "u-boot-env"
mtd5: 00fa0000 00010000 "oem-firmware"
mtd6: 00010000 00010000 "art"

Signed-off-by: weidong jia <jwdsccd@gmail.com>
2020-04-26 21:45:30 +02:00
Lucian Cristian
b397df51aa uboot-envtools: update to 2020.04
also revert to directly download the archive from https

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2020-04-26 21:20:47 +02:00
Linus Lüssing
066ec97167 mac80211: ath10k: increase rx buffer size to 2048
Before, only frames with a maximum size of 1528 bytes could be
transmitted between two 802.11s nodes.

For batman-adv for instance, which adds its own header to each frame,
we typically need an MTU of at least 1532 bytes to be able to transmit
without fragmentation.

This patch now increases the maxmimum frame size from 1528 to 1656
bytes.

Tested with two ath10k devices in 802.11s mode, as well as with
batman-adv on top of 802.11s with forwarding disabled.

Fix originally found and developed by Ben Greear.

Link: https://github.com/greearb/ath10k-ct/issues/89
Link: 9e5ab25027
Cc: Ben Greear <greearb@candelatech.com>
Signed-off-by: Linus Lüssing <ll@simonwunderlich.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-04-26 21:20:47 +02:00
Yangbo Lu
80f128d2aa perf: build with NO_LIBCAP=1
Build with NO_LIBCAP=1. This is to resolve build issue.

Package perf is missing dependencies for the following libraries:
libcap.so.2

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-04-26 21:20:47 +02:00
Luiz Angelo Daros de Luca
b0416c9c12 gdb: disable gdbserver for arc
Although gdb is supported, gdbserver is still not.

 checking whether gdbserver is supported on this host... no

Build breaks as gdbserver executable is not found during packaging.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2020-04-26 21:20:47 +02:00
David Bauer
822c342d09 kernel: netdev: fix kmod-sfp symbols
Fixes: ec2f7a47d3 ("kernel: add module to support SFP cages")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-26 14:19:33 +02:00
Kevin Darbyshire-Bryant
9e7d11f3e2 relayd: bump to version 2020-04-25
f4d759b dhcp.c: further improve validation

Further improve input validation for CVE-2020-11752

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-26 13:00:36 +01:00
Kevin Darbyshire-Bryant
9f7c8ed078 umdns: update to version 2020-04-25
cdac046 dns.c: fix input validation fix

Due to a slight foobar typo, failing to de-reference a pointer, previous
fix not quite as complete as it should have been.

Improve CVE-2020-11750 fix

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-26 13:00:32 +01:00
David Bauer
b359a6b948 kernel: netdev: fix kmod-sfp description capitalization
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-26 12:07:58 +02:00
David Bauer
71d5a0d92b kernel: netdev: add phylink dependency for sfp
Fixes: ec2f7a47d3 ("kernel: add module to support SFP cages")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-26 11:48:26 +02:00
David Bauer
b23f72b5b6 kernel: netdev: add kmod-phylink
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-26 11:48:14 +02:00
René van Dorst
ec2f7a47d3 kernel: add module to support SFP cages
Enables kernel SFP case support.

Signed-off-by: René van Dorst <opensource@vdorst.com>
2020-04-25 23:45:16 +02:00
Daniel Golle
471b8bf8c1 procd: extend requirejail attribute handling
e2ed964 jail: don't fail unless requirejail is set
 17e7ae7 jail: don't load libpreload-seccomp.so if it doesn't exist

Fixes openwrt/packages#11913
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-25 10:31:33 +01:00
Adrian Schmutzler
d8b3f53f5e ltq-adsl(-fw): Makefile clean-up and fixes
This fixes a few minor issues (partially cosmetic) in ltq-adsl and
ltq-adsl-fw Makefiles:
- fix PKG_SOURCE_URL and switch to https
- remove non-existant FW_NAME variable
- fix package name for config inclusion
- fix config symbol for debugging

Fixes: 1d0a9d0c04 ("move ltq-adsl")

Cc: John Crispin <john@phrozen.org>

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-24 17:59:22 +02:00
Adrian Schmutzler
7b2731a691 kernel: replace "+@" IPV6 dependency by "+"
The combination +@IPV6:kmod-ipsec6 is not valid, the +a:b
syntax implies the @. Fix it.

Fixes: 2e6b6f9fca ("kernel: add @IPv6 dependency to ipv6 modules")

Reported-by: Oldřich Jedlička (@oldium)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-24 13:49:20 +02:00
Felix Fietkau
b7d6e80fee fstools: update to the latest version
84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-04-22 10:50:15 +02:00
Petr Štetiar
3773ae127a openssl: bump to 1.1.1g
Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with
high severity, assigned CVE-2020-1967.

Ref: https://www.openssl.org/news/secadv/20200421.txt
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-21 22:59:56 +02:00
Alexander Couzens
b77fd0d30b base-files: ensure VERBOSE is set
If not set, it shows the following error
sh: out of range

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2020-04-21 00:01:49 +02:00
Hans Dedecker
4298f0878f ubus: update to latest git HEAD
171469e lua: avoid truncation of large numeric values

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-20 21:26:58 +02:00
Petr Štetiar
97673d8771 uboot-rockchip: fix ident string
Commit 7975060116 ("uboot-rockchip: add new package") has added
`OpenWRT` ident string, fix it to proper `OpenWrt`.

Fixes: 7975060116 ("uboot-rockchip: add new package")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-20 16:44:17 +02:00
Tobias Mädel
7975060116 uboot-rockchip: add new package
This package is needed for the rockchip target.

Signed-off-by: Tobias Mädel <t.maedel@alfeld.de>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
2020-04-20 16:37:56 +02:00
Tobias Mädel
79d7109225 arm-trusted-firmware-rockchip: add new package
This is needed to build the uboot-rockchip, needed for the rockchip target

Signed-off-by: Tobias Mädel <t.maedel@alfeld.de>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
[replaced `mkdir -p` with INSTALL_DIR variable]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-20 16:37:56 +02:00
Pawel Dembicki
6cafea5c5e uboot-kirkwood: update to 2020.04
Update U-Boot to current 2020.04 release for kirkwood platform.

Catch up with upstream and move some configuration options from
the header files to the corresponding defconfig files.

Compile tested: all devices
Run tested: nsa310, pogoplugv4

Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-04-20 16:37:56 +02:00
Kevin Darbyshire-Bryant
be172e663f relayd: bump to version 2020-04-20
796da66 dhcp.c: improve input validation & length checks

Addresses CVE-2020-11752

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-20 11:32:07 +01:00
Kevin Darbyshire-Bryant
533da61ac6 umdns: update to version 2020-04-20
e74a3f9 dns.c: improve input validation

Addresses CVE-2020-11750

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-20 11:32:07 +01:00
Daniel Golle
7e9b56fde2 procd: fix jail when running on glibc
d200b70 jail: include /etc/nsswitch.conf in jail for glibc.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-19 23:19:40 +01:00
Hauke Mehrtens
ce1798e915 dante: Fix compile with glibc
When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.

This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1

Fixes: aaf46a8fe2 ("dante: disable sched_getscheduler() - not implemented in musl")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
14c59a147c rbcfg: Add missing mode to open call
When open() is called with O_CREAT a 3. parameter has to be given with
the file system permissions of the new file.

Not giving this is an error, which results in a compile error with glibc.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
In file included from /include/fcntl.h:329,
                 from main.c:18:
In function 'open',
    inlined from 'rbcfg_update' at main.c:501:7:
/include/bits/fcntl2.h:50:4: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
    __open_missing_mode ();
    ^~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
70a962ca6f upgs: Remove extra _DEFAULT_SOURCE definition
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
 #define _DEFAULT_SOURCE

<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
7637b84fde busybox: backport Remove stime() function calls
glibc 2.31 does not provide stime() any more, backport a fix from
current busybox master to avoid using this function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:36 +02:00
Magnus Kroken
d7e98bd7c5 openvpn: update to 2.4.9
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.

Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-04-18 20:34:08 +02:00
Hans Dedecker
5f126c541a binutils: add ALTERNATIVES for strings (FS#3001)
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-18 10:44:30 +02:00
Magnus Kroken
02fcbe2f3d mbedtls: update to 2.16.6
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters

Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-04-17 23:43:01 +02:00
Daniel Golle
0495324b9b mac80211: make sure existing iface belongs to correct (fullmac) phy
Some FullMAC cfg80211 wireless devices do not support virtual
interfaces, hence there is script logic to keep the existing network
device. Improve this to support renaming the interface if needed and
make sure the existing interface actually belongs to the right phy.
Change calls to 'iw' to avoid outputing warnings and errors to not
confuse users of such devices.

Also bump PKG_RELEASE which has been forgotten in the previous two
mac80211 changes.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-17 13:31:58 +01:00
Lucian Cristian
16ad4de2c0 elfutils: aarch64 fix build on musl
aarch64_initreg.c: In function 'aarch64_set_initial_registers_tid':
aarch64_initreg.c:85:37: error: invalid operands to binary & (have 'long double' and 'unsigned int')
     dwarf_fregs[r] = fregs.vregs[r] & 0xFFFFFFFF;
                      ~~~~~~~~~~~~~~ ^

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2020-04-17 13:43:34 +02:00
Petr Štetiar
8e99bbda19 uboot-sunxi: bump to 2020.04 relase
Refreshed patches, removed upstreamed patch:

 260-configs-a64-olinuxino-emmc-add-eMMC-boot-part-config.patch

Boot tested on a64-olinuxino-emmc.

Cc: Zoltan HERPAI <wigyori@uid0.hu>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 13:43:34 +02:00
Petr Štetiar
260a225ba4 uboot-imx6: bump to 2020.04 release
Refreshed all patches, run tested on apalis.

Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 13:43:34 +02:00
David Bauer
0f1b5ce2f5 mac80211: drop data frames without key on encrypted links
If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.

This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.

Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.

Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-17 13:27:40 +02:00
Daniel Golle
99d567a83d mac80211: fix detecting existing interface
Instead of using the actual interface name, a hard-coded 'wlan0' has
slipped into the script. Replace it.

Fixes: ccf2aa9d4b ("mac80211: detect existing interface before adding")
Reported-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-17 11:36:35 +01:00
Daniel Golle
7c2e0fa586 procd: jail fixes and improvements
32c717e jail: only mess with rootfs if CLONE_NEWNS was set
 b275a62 instance: harmonize instance API
 511fd97 jail: make /proc more secure
 4953b7c jail: mount /sys read-only
 a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
 a4cc165 jail: always mount /dev as additional tmpfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 16:16:06 +01:00
Daniel Golle
e23de62845 netifd: clean up netns functionality
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 13:53:11 +01:00
Kevin Darbyshire-Bryant
9fd36f54f5 Revert "kmod-sched: add act_police"
This reverts commit 1b973b54ea.

It turns out act_police is included in the kmod-sched package so this
package turns out to be superfluous and causes file provision conflicts.

Ooooops!  Best revert it then.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-14 08:48:33 +01:00
Daniel Golle
a5a90a94ce netifd: fix jail ifdown and jails without jail_ifname
The previous commit introduced a regression for netns jails without
jail_ifname set. Fix that.

Fixes: 4e4f7c6d2d ("netifd: network namespace jail improvements")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 00:55:02 +01:00
Daniel Golle
4e4f7c6d2d netifd: network namespace jail improvements
aaaca2e interface: allocate and free memory for jail name
 d93126d interface: allow renaming interface when moving to jail netns

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 00:22:21 +01:00
Daniel Golle
a66efbf916 mac80211: adapt for single-instance wpad
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 00:22:21 +01:00
Daniel Golle
f37d634236 hostapd: reduce to a single instance per service
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 00:22:21 +01:00
Rosen Penev
d27623b542 elfutils: update to 0.179
Removed sys/cdefs usage. The header is deprecated.

Removed canonicalize_file_name define. It's already fixed upstream.

Added --disable-debuginfod. Seems to be needed.

Modified patch 005 to build more stuff. It was failing before. It still
only builds libraries.

Modified patch 100 to use strerror under non-glibc. It is used under
glibc as strerror is not thread safe. It is under musl and uClibc-ng.
strerror_l is not available under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-04-13 22:40:19 +02:00
Rosen Penev
76d22fc24b hostapd: backport usleep patch
Optionally fixes compilation with uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-04-13 22:40:19 +02:00
Kirill Lukonin
dce97df740 wpa_supplicant: disable CONFIG_WRITE functionality
CONFIG_WRITE functionality is not used and could be removed.
Looks helpful for devices with small flash because wpad is also affected.

Little testing shows that about 6 KB could be saved.

Signed-off-by: Kirill Lukonin <klukonin@gmail.com>
2020-04-13 22:40:06 +02:00
Jose Olivera
93a8cdf5d8 mwlwifi: Update the 88W8964's firmware to 9.3.2.12 and fix backports version detection
Updates the 88W8964 firmware used in the Linksys WRT3200ACM and WRT32X
[v9.3.2.6 -> v9.3.2.12]

Removes 0c43219 ("mwlwifi: Fix loading with backports v5.3")
as it has been merged upstream.

Unfortunately, there is a bug wherein Kaloz's repo, the version
detection mechanism for fixing vendor commands doesn't work.

It pulls in the Linux kernel version, which as of this time is
"4.14.y" or "4.19.y"

However, the proper behaviour is that it should pull in the mac80211
backports version which as of now is "5.4.27"

The included patch works around this using a backports define found
only on versions >5.3, "VENDOR_CMD_RAW_DATA".

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
2020-04-13 22:11:26 +02:00
Lucian Cristian
8f342a39de kernel: hwmon: add dme1737 driver
SMSC DME1737, SCH3112, SCH3114, SCH3116, SCH5027 monitoring support

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2020-04-13 22:11:22 +02:00
Álvaro Fernández Rojas
97c5fb4709 cypress-firmware: update to v5.4.18-2020_0402
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-13 10:14:48 +02:00
Daniel Golle
0aa2ecf5b2 base-files: don't ship local build key when on buildbot
Including the local build key in /etc/opkg/keys isn't feasible when
building on the buildbot: The included key collides with its copy
already in openwrt-keyring which breaks the ImageBuilder.
Not including a locally generated key also makes the base-files package
more reproducible.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-12 20:35:00 +01:00
Chuanhong Guo
f017f617ae base-files: preinit: also config switch when no port roles defined
current preinit code in base-files doesn't config switch when there are
no port roles defined. But this kind of configuration exists on single
port devices where switch vlan is simply disabled.
configure reset and enable_vlan property when a switch node exist.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-12 22:29:02 +08:00
Kevin Darbyshire-Bryant
4f34e430ed dnsmasq: bump to v2.81
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-12 15:04:48 +01:00
Adrian Schmutzler
ae636effd2 base-files: source functions.sh in /lib/functions/system.sh
The file /lib/functions/system.sh depends on find_mtd_index() and
find_mtd_part() located in /lib/function.sh, so let's source that
file.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 14:16:57 +02:00
Adrian Schmutzler
282e817350 base-files: do not source system.sh in functions.sh
The default_postinst() function in /lib/functions.sh sources
/lib/functions/system.sh before cycling through uci-defaults files.

This creates a pseudo-cyclic dependency as system.sh also uses
functions that are located in functions.sh. Despite that, there
is actually only one uci-defaults file in the entire repo that needs
system.sh, and this one contains an explicit source for system.sh
anyway.

Consequently, this patch removes the sourcing of system.sh in
functions.sh. There are no relevant uses in packages, routing and
luci repositories.
This may require adjustments for downstream, though.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 14:16:54 +02:00
Adrian Schmutzler
23d3fafd87 broadcom-wl: fix compilation with kernel 5.4
This adds two fixes for compilation with kernel 5.4:

1. dev_open from include/linux/netdevice.h needs a second parameter
   since kernel 5.0:
   00f54e68924e ("net: core: dev: Add extack argument to dev_open()")
2. get_ds() macro definition has been dropped since kernel 5.1:
   736706bee329 ("get rid of legacy 'get_ds()' function")
   Since get_ds() has been just a macro before, replace it in
   the driver instead of creating a version switch.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 12:41:12 +02:00
Adrian Schmutzler
d761b9f211 broadcom-wl: fix compilation with kernel >= 4.15
Since kernel 4.15, init_timer is not available anymore, and has been
replaced by timer_setup. The fixes compilation of wl_linuc.c, which
returned the following errors beforehand (line-wrapped manually):

.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c: In function 'wl_init_timer':
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2576:2: error: implicit
	declaration of function 'init_timer'; did you mean 'init_timers'?
	[-Werror=implicit-function-declaration]
  init_timer(&t->timer);
  ^~~~~~~~~~
  init_timers
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2577:10: error:
	'struct timer_list' has no member named 'data'
  t->timer.data = (ulong) t;
          ^
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2578:20: error: assignment
	to 'void (*)(struct timer_list *)' from incompatible pointer type
	'void (*)(ulong)' {aka 'void (*)(long unsigned int)'}
	[-Werror=incompatible-pointer-types]
  t->timer.function = wl_timer;

This should fix build of several devices on bcm63xx with testing
kernel (4.19).

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 12:35:37 +02:00
Hans Dedecker
8d9e26457c iproute2: update to 5.6.0
Update iproute2 to latest stable 5.6.0; for the changes see https://lwn.net/Articles/816778/

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-11 21:02:26 +02:00
Pawel Dembicki
c30220d458 ipq40xx: add support for Cell C RTL30VW
Cell C RTL30VW is a LTE router with tho gigabit ethernets and integrated
QMI mPCIE modem.

This is stripped version of ASKEY RTL0030VW.

Hardware:

Specification:
-CPU: IPQ4019
-RAM: 256MB
-Flash: NAND 128MB + NOR 16MB
-WiFi: Integrated bgn/ac
-LTE: mPCIe card (Modem chipset MDM9230)
-LAN: 2 Gigabit Ports
-USB: 2x USB2.0
-Serial console: RJ-45 115200 8n1
-Unsupported VoIP

Known issues:

None so far.

Instruction install:

There are two methods: Factory web-gui and serial + tftp.

Web-gui:
1. Apply factory image via stock web-gui.

Serial + initramfs:
1. Rename OpenWrt initramfs image to "image"
2. Connect serial console (115200,8n1)
3. Set IP to different than 192.168.1.11, but 24 bit mask, eg. 192.168.1.4.

4. U-Boot commands:
sf probe && sf read 0x80000000 0x180000 0x10000
setenv serverip 192.168.1.4
set fdt_high 0x85000000
tftpboot 0x84000000 image
bootm 0x84000000

5. Install sysupgrade image via "sysupgrade -n"

Back to stock:

All is needed is swap 0x4c byte in mtd8 from 0 to 1 or 1 to 0,
do firstboot and factory reset with OFW:

1. read mtd8:
dd if=/dev/mtd8 of=/tmp/mtd8
2. go to tmp:
cd /tmp/
3. write first part of partition:
dd if=mtd8 of=mtd8.new bs=1 count=76
4. check which layout uses bootloader:
cat /proc/mtd
5a. If first are kernel_1 and rootfs_1 write 0:
echo -n -e '\x00' >> mtd8.new
5b. If first are kernel and rootfs write 1:
echo -n -e '\x01' >> mtd8.new
6. fill with rest of data:
dd if=mtd8 bs=1 skip=77 >> mtd8.new
7. CHECK IF mtd8.new HAVE CHANGED ONLY ONE BYTE! e.g with:
hexdump mtd8.new
8. write new mtd8 to flash:
mtd write mtd8.new /dev/mtd8
9. do firstboot
10.reboot
11. Do back to factory defaults in OFW GUI.

Based on work: Cezary Jackiewicz <cezary@eko.one.pl>

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-04-10 15:22:26 +02:00
DENG Qingfang
a30abb1b6b ipq40xx: add support for MobiPromo CM520-79F
MobiPromo CM520-79F is an AC1300 dual band router based on IPQ4019

Specification:

SoC/Wireless: QCA IPQ4019
RAM: 512MiB
Flash: 128MiB SLC NAND
Ethernet PHY: QCA8075
Ethernet ports: 1x WAN, 2x LAN
LEDs: 7 LEDs
      2 (USB, CAN) are GPIO
      other 5 (2.4G, 5G, LAN1, LAN2, WAN) are connected to a shift register
Button: Reset

Flash instruction:
Disassemble the router, connect UART pins like this:
 GND TX    RX
  [x x . . x .]
  [. . . . . .]

(QCA8075 and IPQ4019 below)
Baud-rate: 115200

Set up TFTP server: IP 192.168.1.188/24
Power on the router and interrupt the booting with UART console
env backup (in case you want to go back to stock and need it there):
	printenv
	(Copy the output to somewhere save)
Set bootenv:
	setenv set_ubi 'set mtdids nand0=nand0; set mtdparts mtdparts=nand0:0x7480000@0xb80000(fs); ubi part fs'
	setenv bootkernel 'ubi read 0x84000000 kernel; bootm 0x84000000#config@1'
	setenv cm520_boot 'run set_ubi; run bootkernel'
	setenv bootcmd 'run cm520_boot'
	setenv bootargs
	saveenv
Boot initramfs from TFTP:
	tftpboot openwrt-ipq40xx-generic-mobipromo_cm520-79f-initramfs-fit-zImage.itb
	bootm
After initramfs image is booted, backup rootfs partition in case of reverting to stock image
	cat /dev/mtd12 > /tmp/mtd12.bin
Then fetch it via SCP

Upload nand-factory.ubi to /tmp via SCP, then run
	mtd erase rootfs
	mtd write /tmp/*nand-factory.ubi rootfs
	reboot

To revert to stock image, restore default bootenv in uboot UART console
	setenv bootcmd 'bootipq'
	printenv
use the saved dump you did back when you installed OpenWrt to verify that
there are no other differences from back in the day.
	saveenv
upload the backed up mtd12.bin and run
	tftpboot mtd12.bin
	nand erase 0xb80000 0x7480000
	nand write 0x84000000 0xb80000 0x7480000
The BOOTCONFIG may have been configured to boot from alternate partition (rootfs_1) instead
In case of this, set it back to rootfs:
	cd /tmp
	cat /dev/mtd7 > mtd7.bin
	echo -ne '\x0b' | dd of=mtd7.bin conv=notrunc bs=1 count=1 seek=4
	for i in 28 48 68 108; do
		dd if=/dev/zero of=mtd7.bin conv=notrunc bs=1 count=1 seek=$i
	done
	mtd write mtd7.bin BOOTCONFIG
	mtd write mtd7.bin BOOTCONFIG1

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[renamed volume to ubi to support autoboot,
as per David Lam's test in PR#2432]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-04-10 15:22:26 +02:00
Kevin Darbyshire-Bryant
1b973b54ea kmod-sched: add act_police
"Whoop whoop, sound of da police"

Add an ingress capable traffic policer module configurable with tc.

From the man page:

The police action allows to limit bandwidth of traffic matched by the
filter it is attached to. Basically there are two different algorithms
available to measure the packet rate: The first one uses an internal
dual token bucket and is configured using the rate, burst, mtu,
peakrate, overhead and linklayer parameters. The second one uses an
in-kernel sampling mechanism. It can be fine-tuned using the estimator
filter parameter.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-10 12:26:31 +01:00
Daniel Engberg
cb511ceb45 e2fsprogs: Update to 1.45.6
Update e2fsprogs to 1.45.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2020-04-09 22:08:16 +02:00
Daniel Golle
de63466364 exfat-utils: add exFAT File System utilities package
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-09 15:11:44 +01:00
Daniel Golle
02a1914585 procd: bump to latest HEAD
2188d81 jail: add support for launching extroot containers
 6f3dbd2 jail: add support for userns and cgroupsns
 28a06e5 jail: add support for (ram-)overlayfs

Add handling for extroot, overlaydir and tmpoverlaysize as well as
jail flags for userns and cgroupsns to OpenWrt's shell script to
allow their use in init scripts.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-09 13:07:22 +01:00
Eneas U de Queiroz
1da014fcca busybox: quote 'source' filenames in Config.in
Newer versions of the kconfig program requires quoting the arguments of
the 'source' directive.  These are the last ones not using them.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-09 12:51:10 +02:00
Eneas U de Queiroz
2e6b6f9fca kernel: add @IPV6 dependency to ipv6 modules
IPv6 modules should all depend on @IPV6, to avoid circular dependencies
problems, especially if they select a module that depends on IPV6 as
well.  In theory, if a package A depends on IPV6, any package doing
'select A' (DEPENDS+= A) should also depend on IPV6; otherwise selecting
A will fail.  Sometimes the build system is forgiving this, but
eventually, and unexpectedly, it may blow up on some other commit.

Alternatively one can conditionally add IPv6 dependencies only if
CONFIG_IPV6 is selected: (DEPENDS+= +IPV6:package6).

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-09 12:51:10 +02:00
Norbert van Bolhuis
9aa3d5b345 linux-atm: Include linux/sockios.h for SIOCGSTAMP
Since linux kernel commit 0768e17073dc527ccd18ed5f96ce85f9985e9115
(2019-04-19) the asm-generic/sockios.h header no longer defines
SIOCGSTAMP. Instead it provides only SIOCGSTAMP_OLD.

The linux/sockios.h header now defines SIOCGSTAMP using either
SIOCGSTAMP_OLD or SIOCGSTAMP_NEW as appropriate. This linux only
header file is not included so we get a build failure.

Signed-off-by: Norbert van Bolhuis <nvbolhuis@aimvalley.nl>
2020-04-09 00:12:46 +02:00
Florian Eckert
91c61aae20 base-files: add enabled commands to service rc.common
Add missing enbaled command help output.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-04-08 22:07:18 +02:00
Pawel Dembicki
5a5a9b7a75 packages: mt76: add 14c3:7610 pci id to list
This commit add patch with 14c3:7610 pci id addition.

It was sent upstream.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[bumped PKG_RELEASE]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-08 14:05:29 +01:00
Rosen Penev
d8bde3687a iproute2: add kmod-netlink-diag for ss
Allows proper usage of the ss tool. Otherwise, several errors and bad
data gets thrown:

Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported

Originally reported here: https://github.com/openwrt/packages/issues/8232

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-04-07 20:40:03 +02:00
Rosen Penev
92792ead34 kmod: add netlink-diag package
This is used by the ss utility from iproute2.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-04-07 20:39:47 +02:00
Hans Dedecker
ae06a650d6 ppp: update to version 2.4.8.git-2020-03-21
Use upstream latest git HEAD as it allows to remove the patches
700-radius-Prevent-buffer-overflow-in-rc_mksid,
701-pppd-Fix-bounds-check-in-EAP-code and
702-pppd-Ignore-received-EAP-messages-when-not-doing-EAP and
take in other fixes.

41a7323 pppd: Fixed spelling 'unkown' => 'unknown' (#141)
6b014be pppd: Print version information to stdout instead of stderr (#133)
cba2736 pppd: Add RFC1990 (Multilink) to the See Also section of the man page
f2f9554 pppd: Add mppe.h to the list of headers to install if MPPE is defined
ae54fcf pppd: Obfuscate password argument string
8d45443 pppd: Ignore received EAP messages when not doing EAP
8d7970b pppd: Fix bounds check in EAP code
858976b radius: Prevent buffer overflow in rc_mksid()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-06 20:42:45 +02:00
Tan Zien
02f07c6401 kernel: netdev: add missing config for mlx5 driver
The mlk5 kmod lacks all necessary build symbols
for kernel 4.14 (again).

Add missing symbols to avoid build failure on these targets.

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
[rewrite commit message - reorder symbols]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-06 12:39:00 +02:00
Kevin Darbyshire-Bryant
4540c3c3bf dnsmasq: bump to 2.81rc5
Bump to 2.81rc5 and re-work ipset-remove-old-kernel-support.

More runtime kernel version checking is done in 2.81rc5 in various parts
of the code, so expand the ipset patch' scope to inlude those new areas
and rename to something a bit more generic.:wq

Upstream changes from rc4

532246f Tweak to DNSSEC logging.
8caf3d7 Fix rare problem allocating frec for DNSSEC.
d162bee Allow overriding of ubus service name.
b43585c Fix nameserver list in auth mode.
3f60ecd Fixed resource leak on ubus_init failure.
0506a5e Handle old kernels that don't do NETLINK_NO_ENOBUFS.
e7ee1aa Extend stop-dns-rebind to reject IPv6 LL and ULA addresses. We also reject the loopback address if rebind-localhost-ok is NOT set.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-06 09:30:45 +01:00
Peter Stadler
5c1d88a83f netifd: fix 14_migrate-dhcp-release script
prepend 'uci' to 'commit network'

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
2020-04-05 18:54:22 +02:00
Kevin Darbyshire-Bryant
82df192a01 dropbear: backport add ip address to exit without auth messages
201e359 Handle early exit when addrstring isn't set
fa4c464 Improve address logging on early exit messages (#83)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-05 10:56:52 +01:00
Kevin Darbyshire-Bryant
1c6143e4a0 hostapd: Move hostapd variants to WirelessAPD menu
It seemed very confusing when trying to select the different variants of
hostapd which are somewhat scattered about under the menu 'Network'.
Moving all hostapd variants under a common submenu helps avoid
confusion.

Inspired-by: Kevin Mahoney <kevin.mahoney@zenotec.net>
[Fixup badly formatted patch, change menu name]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-05 10:41:49 +01:00
Kevin Darbyshire-Bryant
22ae8bd50e umdns: update to the version 2020-04-05
ab7a39a umdns: fix unused error
45c4953 dns: explicitly endian-convert all fields in header and question

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-05 09:24:22 +01:00
Tan Zien
d24e43a7f6 kernel: Fix miss config and module for mlx driver
Missing config symbols could lead to build failures on kernel
4.14/4.19.

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
[rephrase commit message - reorder symbols]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-04 17:12:43 +02:00
Kevin Darbyshire-Bryant
02640f0147 umdns: suppress address-of-packed-member warning
gcc 8 & 9 appear to be more picky with regards access alignment to
packed structures, leading to this warning in dns.c:

dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer
(alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer
(alignment 2) may result in an unaligned pointer value
[-Werror=address-of-packed-member]

261 |  uint16_t *swap = (uint16_t *) q;

Work around what I think is a false positive by turning the warning off.
Not ideal, but not quite as not ideal as build failure.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-04 11:28:18 +01:00
Kevin Darbyshire-Bryant
c14c6902f5 treewide: convert sed -r to posix -E
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-04 11:28:15 +01:00
Tan Zien
3ec70052c5 kernel: add module for Mellanox mlx Network Driver
add module to support Mellanox Connect-X card
mlx4 supports ConnectX-3 series and previous cards
mlx5 supports Connect-IB/ConnectX-4 series and later cards

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-04-03 15:33:27 +02:00
Kevin Darbyshire-Bryant
fcd1401700 grub2: fix build when ASLR enabled
Disable ASLR and filter '-fno-plt' from CFLAGS: solves building when
ASLR enabled by basically disabling ASLR.

Solves errors similar to:
relocation R_X86_64_32S against `.rodata' can not be used when making a PIE object; recompile with -fPIE
or
module missing GLOBAL_OFFSET_TABLE

Suggested-by: 李国 <uxgood.org@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-02 13:42:26 +01:00
Kevin Darbyshire-Bryant
b74386acc6 kmod-sched-cake: switch to in-tree cake for 4.19+
Use in tree version of cake for kernels 4.19+ and backport features from
later kernel versions to 4.19.

Unfortunately PROVIDES dependency handling produces bogus circular
dependency warnings so whilst this package and kmod-sched-cake-oot
should be able to PROVIDE kmod-sched-cake this doesn't work.

Instead, remove the PROVIDES option and modify package sqm-scripts to
depend on the correct module independently.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-01 21:59:45 +01:00
Kevin Darbyshire-Bryant
475738c9af kmod-sched-cake: rename to kmod-sched-cake-oot
In preparation for dropping the out of tree cake module and using
in tree cake from upstream, rename the package to kmod-sched-cake-oot
(out of tree)

Initially add a PROVIDES kmod-sched-cake so that package dependencies
can be satisfied.

Ultimately this package will be removed when linux 4.14 is removed.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-01 21:59:45 +01:00
Jason A. Donenfeld
e32eaf5896 wireguard: bump to 1.0.20200401
Recent backports to 5.5 and 5.4 broke our compat layer. This release is
to keep things running with the latest upstream stable kernels.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-01 22:24:58 +02:00
Daniel Golle
a24a9bbc8c mac80211: rt2x00: prune more unnecessary exports
The calibration patches for MT7620 unnecessarily export symbols and
populate never accessed function pointers. Remove all that and make
functions static as the only place where each of those functions is
called is within rt2800lib.c.
Also make code more readable by fixing indentation, removing
unnecessary parantheses and simplifying some instructions using
shorthands here and there.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-01 19:47:59 +01:00
Kevin Darbyshire-Bryant
51edc4eb89 jansson: convert to cmake
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-01 16:36:04 +01:00
Eneas U de Queiroz
af5ccfbac7 openssl: bump to 1.1.1f
There were two changes between 1.1.1e and 1.1.1f:
- a change in BN prime generation to avoid possible fingerprinting of
  newly generated RSA modules
- the patch reversing EOF detection we had already applied.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-01 08:12:20 +02:00
李国
a6b7c3e672 x86: generate EFI platform bootable images
Add EFI platform bootable images for x86 platforms. These images can
also boot from legacy BIOS platform.

EFI System Partition need to be fat12/fat16/fat32 (not need to load
filesystem drivers), so the first partition of EFI images are not ext4
filesystem any more.

GPT partition table has an alternate partition table, we did not
generate it. This may cause problems when use these images as qemu disk
(kernel can not find rootfs), we pad enough sectors will be ok.

Signed-off-by: 李国 <uxgood.org@gmail.com>
[part_magic_* refactoring, removed genisoimage checks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-31 16:20:47 +02:00
李国
d9228514cc grub2: make some change to add efi platform support
1.generate boot image at Package/install section
2.move boot image to $(STAGING_DIR_IMAGE)/grub2/
3.add efi variant to support efi platform

Signed-off-by: 李国 <uxgood.org@gmail.com>
2020-03-31 16:20:47 +02:00
Álvaro Fernández Rojas
332ed4a835 bcm27xx-gpu-fw: update to latest version from RPi foundation
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-03-31 13:22:59 +02:00
Jason A. Donenfeld
84025110cc wireguard: bump to 1.0.20200330
* queueing: backport skb_reset_redirect change from 5.6
* version: bump

This release has only one slight change, to put it closer to the 5.6
codebase, but its main purpose is to bump us to a 1.0.y version number.
Now that WireGuard 1.0.0 has been released for Linux 5.6 [1], we can put
the same number on the backport compat codebase.

When OpenWRT bumps to Linux 5.6, we'll be able to drop this package
entirely, which I look forward to seeing.

[1] https://lists.zx2c4.com/pipermail/wireguard/2020-March/005206.html

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-31 08:01:34 +02:00
Jose Olivera
5c57d15aed ath10k-ct: Support AQL on ath10k CT_KVER-5.4
Commit ea50780 backported Airtime Queue Limits (AQL) from Linux 5.5
to OpenWrt's backports 5.4. However, this only enabled AQL for the
vanilla ath10k driver. This patch also enables it for ath10k-ct.

Tested on:
* 2xTP-Link Archer A7v5 (QCA9563/QCA988X)
* Backports version 5.4-rc8 & 5.4.27
* ath10k-ct and ath10k-ct-htt firmware version 014 to 017
* ath10k-ct driver versions dc025dc to 3d173a4 (CT_KVER-5.4)
* WPA2, 802.11krv

Tested since January 25, 2020.

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
2020-03-30 01:46:50 +02:00
Nick Hainke
c9c3fd1320 hostapd: add abridged flag in disassoc_imminent
If the abridged flag is set to 1 the APs that are listed in the BSS
Transition Candidate List are prioritized. If the bit is not set, the
APs have the same prioritization as the APs that are not in the list.

If you want to steer a client, you should set the flag!

The flag can be set by adding {...,'abridged': true,...} to the normal
ubus call.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2020-03-30 01:46:50 +02:00
Nick Hainke
c8ef465e10 hostapd: expose beacon reports through ubus
Subscribe to beacon reports through ubus.
Can be used for hearing map and client steering purposes.

First enable rrm:
    ubus call hostapd.wlan0 bss_mgmt_enable '{"beacon_report":True}'

Subscribe to the hostapd notifications via ubus.

Request beacon report:
    ubus call hostapd.wlan0 rrm_beacon_req
	'{"addr":"00:xx:xx:xx:xx:xx", "op_class":0, "channel":1,
	"duration":1,"mode":2,"bssid":"ff:ff:ff:ff:ff:ff", "ssid":""}'

Signed-off-by: Nick Hainke <vincent@systemli.org>
[rework identation]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-03-30 01:46:50 +02:00
Jesus Fernandez Manzano
86440659b5 hostapd: Add 802.11r support for WPA3-Enterprise
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
2020-03-30 01:46:50 +02:00
Hans Dedecker
089cddc252 odhcp6c: update to latest git HEAD
f575351 ra: fix sending router solicitations

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-03-29 22:24:30 +02:00
Kevin Darbyshire-Bryant
8d25c8e7f6 dnsmasq: bump to 2.81rc4
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-29 18:30:08 +01:00
Kevin Darbyshire-Bryant
94dae0f191 nftables: implement no/json variants
Replace the build time choice of json support with a package based
choice.  Users requiring a json aware version of 'nft' may now install
nftables-json.

The default choice to fulfill the 'nftables' package dependency is
'nftables-nojson'

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-29 17:27:54 +01:00
Kevin Darbyshire-Bryant
9e835377ad jansson: import jansson from packages
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-29 17:27:54 +01:00
Hauke Mehrtens
f0aff72c2b mac80211: Update to version 5.4.27
The removed patches are all integrated in the upstream version now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-03-29 18:22:10 +02:00
Hauke Mehrtens
94949801de mac80211: Fix rt2x00 exports
Do not export static functions, they are anyway not referenced by any
code in a different module.

This fixes the following compile warning:
WARNING: "rt2800_rf_aux_tx0_loopback" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_write_dc" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_rf_configstore" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_do_sqrt_accumulation" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_rf_configrecover" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_loft_search" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_iq_search" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_setbbptonegenerator" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_rf_aux_tx1_loopback" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL

Acked-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-03-29 18:22:01 +02:00