Commit Graph

50496 Commits

Author SHA1 Message Date
David Bauer
0621b23efb generic: add various kernel 5.10 config symbols
These symbols were unset when configuring for ath79.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-18 01:16:20 +01:00
David Bauer
634c13c186 mediatek: add support for Ubiquiti UniFi 6 LR
Hardware
--------

MediaTek MT7622
512MB DDR3 RAM
64M SPI-NOR Flash (Winbond W25Q512JV)
MediaTek MT7622 802.11bgn 4T4R WMAC
MediaTek MT7915 802.11ax 4T4R
Marvell AQR1112 100/1000/2500 NBase-T PHY
Holtek HT32F52241 LED controller
Reset Switch

UART
----

CPU UART0 at the pinout next to the Holtek MCU.

Pinout (first pin next to SoC / MCU)

0 3V3
1 RX
2 TX
3 GND

Settings are 115200 8N1.

Opening the case
----------------

Opening the case is not a nice task, as itis glued together. Insert a
flat knife between the front and back casing below the ethernet port.
Open up a gap this way and insert a flat scredriver, remove the knife.

Work your way around the casing by applying force to seperate the front
and back casing. This losens the glue and opens the plastic clips. Be
gentle, as these clips are very cheap and break quickly.

Installation
------------

1. Connect to the booted device at 192.168.1.20 using username/password
   "ubnt".

2. Transfer the OpenWrt sysupgrade image to the device using SCP.

3. Check the mtd partition number for bs / kernel0 / kernel1

   $ cat /proc/mtd

4. Set the bootselect flag to boot from kernel0

   $ dd if=/dev/zero bs=1 count=1 of=/dev/mtdblock6

5. Write the OpenWrt sysupgrade image to both kernel0 as well as kernel1

   $ dd if=openwrt.bin of=/dev/mtdblock8
   $ dd if=openwrt.bin of=/dev/mtdblock9

6. Reboot the device. It should boot into OpenWrt.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-18 01:15:45 +01:00
David Bauer
c9137e2ddf mediatek: add Ubiquiti LED driver
Add a driver for controlling the RGB LED via Ubiquitis own "LEDBAR" LED
controller based on the Holtek HT32F52241 MCU.

This driver is initially used by the Ubiquiti UniFi 6 LR, however
judging from FCC pictures the MCU is also found on the U6-Mesh as well
as the U6-Extender.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-18 01:15:33 +01:00
Álvaro Fernández Rojas
f323dec4f8 bcm63xx: add kernel 5.10 support
Runtime-tested on Comtrend AR-5387un.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-17 20:40:16 +01:00
Daniel Golle
5bb9954826 kernel: update kernel 5.10 to 5.10.16
Compile and runtime-tested on mediatek/mt7622

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-17 13:48:43 +00:00
Felix Fietkau
5ea33837f8 build: fix build with CONFIG_STRIP_KERNEL_EXPORTS
Only use symtab.h on the final kernel link

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-17 13:49:43 +01:00
Eneas U de Queiroz
482c9ff289 openssl: bump to 1.1.1j
This fixes 4 security vulnerabilities/bugs:

- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
  SSLv2, but the affected functions still exist. Considered just a bug.

- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
  EVP_DecryptUpdate may overflow the output length argument in some
  cases where the input length is close to the maximum permissable
  length for an integer on the platform. In such cases the return value
  from the function call will be 1 (indicating success), but the output
  length value will be negative.

- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
  create a unique hash value based on the issuer and serial number data
  contained within an X509 certificate. However it was failing to
  correctly handle any errors that may occur while parsing the issuer
  field (which might occur if the issuer field is maliciously
  constructed). This may subsequently result in a NULL pointer deref and
  a crash leading to a potential denial of service attack.

- Fixed SRP_Calc_client_key so that it runs in constant time. This could
  be exploited in a side channel attack to recover the password.

The 3 CVEs above are currently awaiting analysis.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-02-17 09:24:47 +01:00
Rosen Penev
b59905f045 gettext-full: update to 0.21
Add m4 patch to avoid conflict with tools/autoconf-archive.

Add build parallel as it seems to work now.

Remove a bunch of uClibc-ng hacks as it is not in the tree anymore.

Format security patch was fixed upstream.

Refreshed other patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-16 19:27:55 -10:00
Adrian Schmutzler
0e43f62f21 kernel: 5.10: refresh patches
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-16 23:48:23 +01:00
Adrian Schmutzler
0c7340f0a2 kernel: 5.10: add missing partitions doc syntax commit
This patch has been added to 5.4, but not been copied to 5.10:
7495acb555 ("kernel: backport mtd commit converting partitions doc syntax")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-16 23:48:23 +01:00
Adrian Schmutzler
1013bf433b kernel: hack-5.10: make UDP tunneling user-selectable
This applies another patch from 5.4 to 5.10 as well:
de09355f74 ("kernel/hack-5.4: make UDP tunneling user-selectable")

UDP tunneling support isn't user-selectable, but it's required by WireGuard
which is, for the time being, an out-of-tree module. We currently work around
this issue by selecting an unrelated module which depends on UDP tunnelling
(VXLAN). This is inconvenient, as it implies this unrelated module needs to be
built-in when doing a monolithic build.

Fix this inconvenience by making UDP tunneling user-selectable in the kernel
configuration.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-16 23:48:23 +01:00
Adrian Schmutzler
487b7ae5eb kernel: 5.4: fix .patch file extension
File extension was truncated for
pending-5.4/770-11-net-ethernet-mtk_eth_soc-avoid-rearming-interrupt-if.pa

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-16 23:48:23 +01:00
Adrian Schmutzler
99f2b464b4 kernel: 5.10: fix busy wait loop in mediatek PPE code
Reapply changes added to 5.4 but not copied to 5.10:
3da4acaa7b ("kernel: fix busy wait loop in mediatek PPE code")

The intention is for the loop to timeout if the body does not succeed.
The current logic calls time_is_before_jiffies(timeout) which is false
until after the timeout, so the loop body never executes.

time_is_after_jiffies(timeout) will return true until timeout is less
than jiffies, which is the intended behavior here.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-16 23:46:30 +01:00
Adrian Schmutzler
0e407dfe8b generic: ar8216: update version switch for of_get_phy_mode fix
Kernel has changed the of_get_phy_mode API in commit 0c65b2b90d13
("net: of_get_phy_mode: Change API to solve int/unit warnings").

This is already included in kernel 5.5, so fix the version switch
(though this will not actually matter for the versions we support).

Similar driver adjustments to account for the API change will
probably be necessary to various other local drivers.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-16 23:42:43 +01:00
David Bauer
a24df045db generic: ar8216: fix kernel 5.10 compile error
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-16 22:53:10 +01:00
Felix Fietkau
b10d604459 kernel: add linux 5.10 support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-16 20:06:51 +01:00
Felix Fietkau
299b855418 build: make zstd initramfs selectable
fix typo in kernel initramfs zstd compression option

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-16 20:02:09 +01:00
Felix Fietkau
5ed1e5140a build: build kernel image before building modules/packages
This is needed for linux 5.10, where modules.builtin is generated from
vmlinux.o

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-16 20:00:41 +01:00
Felix Fietkau
d02088762a build: reorder more BuildPackages lines to deal with ABI_VERSION
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-16 11:29:38 +01:00
Álvaro Fernández Rojas
a5c4c40476 ath10k-ct: switch to 5.10
Let's switch to 5.10 now that mac80211 has been updated.
Runtime-tested on ipq806x (Netgear R7800).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-16 07:31:28 +01:00
Rafał Miłecki
ad8b759fd1 bcm4908: add bcm_sf2 fixes for the 5th GPHY
This allows using the last integrated PHY (and so e.g. WAN port on the
ASUS GT-AC5300).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-02-16 07:10:33 +01:00
R. Diez
a015d91708 build: IS_TTY is now set according to GNU Make's MAKE_TERMOUT
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Fixes: FS#2086
The logic for IS_TTY was broken, because it was testing stdin
instead of stdout.
MAKE_TERMOUT was introduced in GNU Make version 4.1 (05 Oct 2014),
so it should be available everywhere nowadays.

Signed-off-by: R. Diez <rdiezmail-openwrt@yahoo.com>
2021-02-15 16:36:13 -10:00
Paul Spooren
6dba010157 build/prereq: require make 4.1 or later
FS#2086 "IS_TTY in the makefile is broken" reports flawed detection of
stdout piping to a file. The issue describes how e.g. terminal color
codes and up in log files if running make like `make > log.txt`.

The proposed solution uses the make variable "MAKE_TERMOUT", which was
introduced in make 4.1. All major distributions seem to updated to 4.1
or later, so this ideally dosen't break anything.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-02-15 16:35:49 -10:00
Felix Fietkau
46b6ee7ffc util-linux: move libuuid BuildPackage line further up to fix ABI versioning
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-16 00:00:14 +01:00
Felix Fietkau
7d6a636918 build: fix getting ABI version for binary packages from the same source package
We can't rely on the .version file being created yet, so use package variables
to get it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 23:11:44 +01:00
Hauke Mehrtens
1132340a22 mac80211: Update to version 5.10.16-1
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 22:29:42 +01:00
Hauke Mehrtens
0cde9a0a65 mac80211: Refresh patches again
A wrong quilt configuration was used last time.

Fixes: ed1e234d87 ("mac80211: refresh patches")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 22:29:42 +01:00
Rafał Miłecki
f0933303d6 bcm4908: fix GPIOs support by limiting them to 64
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-02-15 22:18:50 +01:00
Rafał Miłecki
da92e9825a bcm4908: use DTS patches sent upstream
There are 2 new patches:
1. Netgear R8000P switch ports
2. Netgear R8000P LEDs

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-02-15 22:18:45 +01:00
Felix Fietkau
c68d527991 build: filter out own packages on package version check
This was accidentally dropped in 27a4a71c24
("metadata: handle ABI version rebuild tracking for transient dependencies")

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 21:10:48 +01:00
Felix Fietkau
1da945b760 tools/fakeroot: fix build regression on macOS
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 19:58:54 +01:00
Felix Fietkau
8edb1797d5 libubox: update to the latest version, set ABI_VERSION dynamically
2537be018587 cmake: add a possibility to set library version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 19:41:13 +01:00
Felix Fietkau
542eab31a6 build: only overwrite ABI version for provided packages when base version changed
Should avoid some spurious rebuilds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 18:56:50 +01:00
Felix Fietkau
075fa4cd9a Mostly revert "build: add support for fixing up library soname"
This reverts commit b12288fa69.
The patchelf approach is too fragile, and the only users of this have been
converted to make patching unnecessary
Leave the abi_version_str variable in place in rules.mk

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 18:47:21 +01:00
Felix Fietkau
26a899e3e8 wolfssl: use libtool patch for PKG_ABI_VERSION
Makes it unnecessary to patch .so files after build

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 18:47:19 +01:00
Felix Fietkau
f696cd3df3 build: add support for patching libtool to include ABI version in soname
Use the version from PKG_ABI_VERSION

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 18:47:19 +01:00
Felix Fietkau
0a497c4640 libubox: use build system variable to specify ABI version
This removes the need to patch it afterwards

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 18:47:19 +01:00
Rafał Miłecki
95359dac82 bcm4908: add USB packages to the DEFAULT_PACKAGES
All known 41 BCM4908 devices have USB ports so it makes sense to include
those packages by default.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-02-15 16:54:28 +01:00
Rafał Miłecki
26052fb355 bcm4908: fix backport of PMB driver
Missing Makefile change was preventing kernel from actually compiling
the driver.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-02-15 16:54:25 +01:00
Rafał Miłecki
09fbc79bf6 kernel: drop ofpart patch dropped from upstream mtd tree
It stopped ofpart_parser_init() from being called

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-02-15 15:06:40 +01:00
Rafał Miłecki
ac7d45b5e7 kernel: backport "ofpart" mtd parser upstream quirks support
This adds quirks support to the "ofpart" parser. It's required to
support fixed partitions that require some extra logic.

Right now only BCM4908 binding is supported (BCM4908 requires detecting
currently used "firmware" partition).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-02-15 12:02:33 +01:00
Ilya Lipnitskiy
3da4acaa7b kernel: fix busy wait loop in mediatek PPE code
The intention is for the loop to timeout if the body does not succeed.
The current logic calls time_is_before_jiffies(timeout) which is false
until after the timeout, so the loop body never executes.

time_is_after_jiffies(timeout) will return true until timeout is less
than jiffies, which is the intended behavior here.

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-02-15 08:13:16 +01:00
Felix Fietkau
f378d81da6 wolfssl: use dynamic ABI_VERSION depending on the configuration and package version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 07:40:47 +01:00
Felix Fietkau
a933c26852 libubox: use PKG_ABI_VERSION
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 07:40:45 +01:00
Ilya Lipnitskiy
43dc26af63 fakeroot: fix to work with glibc 2.33
The following commit removed _STAT_VER definitions from glibc:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8ed005daf0ab03e142500324a34087ce179ae78e

That subsequently broke fakeroot:
https://bugs.archlinux.org/task/69572
https://bugzilla.redhat.com/show_bug.cgi?id=1889862#c13
https://forum.openwrt.org/t/unable-to-build-toolchain-fakeroot-fails-perhaps-others-after-it/87966

Make the patch based on Jan Pazdziora's suggestion from here:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/SMQ3RYXEYTVZH6PLQMKNB3NM4XLPMNZO/

Add wrappers for newly exported symbols in glibc.

Apply patch from Debian to fix warnings in fts_read and fts_children:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676428
https://sources.debian.org/patches/fakeroot/1.25.3-1.1/eglibc-fts-without-LFS/

Fix __xmknod{,at} dev pointer argument. Switch default to assume * and
not the absence of *. On glibc 2.33+, there is no definition for these
functions in header files, so the compile test doesn't work. But, we
can default to using the pointer (as is the case with newer glibc), and
use the header file on older platforms to fail the test and use no pointer.

Tested on my x86_64 Arch Linux machine, fakeroot unit tests pass.
Also tested by building various .ipks and examining the tar contents, to
ensure that the owner uid/gid was 0/0.

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-02-15 07:39:43 +01:00
Ilya Lipnitskiy
0052daae60 tools/patchelf: bump to use latest master
Recent ABI_VERSION commits make use of patchelf. It was discovered that
with patchelf 0.10(and even 0.12) various big endian targets fail to
link against libubox SO that was processed through patchelf. Using
latest master patchelf fixes those link errors.

Potential commits affecting big-endian processing
884eccc4f0
d148bae6c1

Recent builds with failures:
http://buildbot.openwrt.org/master/images/builders/lantiq%2Fxrx200/builds/682
http://buildbot.openwrt.org/master/images/builders/ath79%2Fmikrotik/builds/449

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 07:12:51 +01:00
Daniel Golle
d79eeba688
odhcpd: setup dhcpv4 server automagically
Automatically setup dhcpv4 server just like it's done for dhcpv6.
To select whether odhcpd or dnsmasq are serving DHCPv4 requests there
still is the 'maindhcp' option. To make things less confusing, make
sure things really work out-of-the-box in case dnsmasq is not even
installed at the time the uci-defaults script is being run.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-15 00:34:43 +00:00
Hauke Mehrtens
304df2836a Revert "wolfssl: use dynamic ABI_VERSION depending on the configuration and package version"
This fixes the build on MIPS BE like ath25 and ath79 target.
We get this error message when linking libwolfssl:
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so when searching for -lwolfssl
mips-openwrt-linux-musl/bin/ld: cannot find -lwolfssl
collect2: error: ld returned 1 exit status

This reverts commit 2591c83b34.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 01:15:49 +01:00
Hauke Mehrtens
505a808302 Revert "libubox: use PKG_ABI_VERSION"
This fixes the build on MIPS BE like ath25 and ath79 target.
We get this error message when linking libubox:
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so when searching for -lubox

This reverts commit f421fefa8a.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 01:15:49 +01:00
Kurt Roeckx
539966554d ramips: mark toggle input on EX6150 as a switch
The Netgear EX6150 has an Access Point/Extender switch. Set it as
an EV_SW. Otherwise when it's set to Access Point, it will trigger
failsafe mode during boot.

Fixes: FS#3590
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
2021-02-15 00:00:38 +01:00