Commit Graph

17821 Commits

Author SHA1 Message Date
Daniel Golle
ffa0ae17f7
arm-trusted-firmware-tools: fix passing of CFLAGS
HOST_CFLAGS were ignored as they were passed on incorrectly which lead
to build failure if OpenSSL wasn't present on the build host.
Fix that by properly passing HOST_CFLAGS when building each tool.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-10 01:20:58 +00:00
Hauke Mehrtens
1f559cafe5 wolfssl: Backport fix for CVE-2021-3336
This should fix CVE-2021-3336:
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not
cease processing for certain anomalous peer behavior (sending an
ED22519, ED448, ECC, or RSA signature without the corresponding
certificate).

The patch is backported from the upstream wolfssl development branch.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-09 23:12:49 +01:00
Daniel Golle
ff076f873f
arm-trusted-firmware-tools: remove tools which require libopenssl
They are anyway not used for now, so only build fiptool and sptool.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-09 20:24:58 +00:00
Hauke Mehrtens
98d61b516f uboot-envtools: Update to version 2021.01
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-08 22:46:27 +01:00
Andre Heider
3e7c7d4446 ltq-dsl-base: remove usused lantiq_dsl.sh
All users have been converted to ubus.

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Andre Heider
dea953744d ltq-adsl-app: use ubus to provide metrics
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-02-08 21:43:00 +01:00
Andre Heider
5e1a929bf2 ltq-vdsl-app: use ubus to provide metrics
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Andre Heider
42fc827b11 ltq-adsl-app: add ubus support to get metrics
As with ltq-vdsl-app, see previous commit.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-02-08 21:43:00 +01:00
Andre Heider
5372205ca9 ltq-vdsl-app: add ubus support to get metrics
Add a 'dsl' ubus object with a 'metrics' function to replace the
expensive shell parsing done by /etc/init.d/dsl_control [dsl|luci]stat.

All metrics are gathered by using syscalls. An additional thread is started
to handle ubus events.

$ time /etc/init.d/dsl_control dslstat
real	0m 2.66s
user	0m 0.90s
sys	0m 1.76s

$ time ubus call dsl metrics
real	0m 0.02s
user	0m 0.00s
sys	0m 0.01s

Example output:
{
	"api_version": "4.17.18.6",
	"firmware_version": "5.8.1.5.0.7",
	"chipset": "Lantiq-VRX200",
	"driver_version": "1.5.17.6",
	"state": "Showtime with TC-Layer sync",
	"up": true,
	"uptime": 3891,
	"atu_c": {
		"vendor_id": [
			181,
			0,
			66,
			68,
			67,
			77,
			178,
			26
		],
		"vendor": "Broadcom 178.26",
		"system_vendor_id": [
			181,
			0,
			66,
			68,
			67,
			77,
			0,
			0
		],
		"system_vendor": "Broadcom",
		"version": [
			49,
			57,
			46,
			48,
			46,
			51,
			53,
			46,
			50,
			32,
			86,
			69,
			95,
			49,
			49,
			95
		],
		"serial": [
			65,
			65,
			49,
			52,
			52,
			54,
			70,
			69,
			48,
			90,
			87,
			45,
			48,
			56,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0
		]
	},
	"power_state": "L0 - Synchronized",
	"xtse": [
		0,
		0,
		0,
		0,
		0,
		0,
		0,
		2
	],
	"annex": "B",
	"standard": "G.993.2",
	"profile": "17a",
	"mode": "G.993.2 (VDSL2, Profile 17a, with down- and upstream vectoring)",
	"upstream": {
		"vector": true,
		"trellis": true,
		"bitswap": true,
		"retx": true,
		"virtual_noise": false,
		"interleave_delay": 0,
		"data_rate": 31999000,
		"latn": 8.500000,
		"satn": 8.400000,
		"snr": 12.700000,
		"actps": -90.100000,
		"actatp": 13.400000,
		"attndr": 37180000
	},
	"downstream": {
		"vector": true,
		"trellis": true,
		"bitswap": true,
		"retx": true,
		"virtual_noise": false,
		"interleave_delay": 140,
		"data_rate": 89998000,
		"latn": 9.500000,
		"satn": 9.600000,
		"snr": 13.300000,
		"actps": -90.100000,
		"actatp": -1.600000,
		"attndr": 116315372
	},
	"errors": {
		"near": {
			"es": 1,
			"ses": 0,
			"loss": 3,
			"uas": 424,
			"lofs": 0,
			"fecs": 0,
			"hec": 0,
			"ibe": 0,
			"crc_p": 0,
			"crcp_p": 0,
			"cv_p": 0,
			"cvp_p": 0,
			"rx_corrupted": 27740,
			"rx_uncorrected_protected": 27010,
			"rx_retransmitted": 0,
			"rx_corrected": 730,
			"tx_retransmitted": 16222
		},
		"far": {
			"es": 242,
			"ses": 71,
			"loss": 0,
			"uas": 424,
			"lofs": 0,
			"fecs": 22687,
			"hec": 0,
			"ibe": 0,
			"crc_p": 0,
			"crcp_p": 0,
			"cv_p": 0,
			"cvp_p": 0,
			"rx_corrupted": 1383552,
			"rx_uncorrected_protected": 1220215,
			"rx_retransmitted": 0,
			"rx_corrected": 163337,
			"tx_retransmitted": 1574051
		}
	}
}

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Andre Heider
4ba6fad7f7 ltq-vdsl-app: shutdown upon sigterm
procd sends sigterm to stop daemons, hook it up.

This speeds up the shutdown sequence and gets rid of the following message:
daemon.info procd: Instance dsl_control::instance1 pid 15408 not stopped on SIGTERM, sending SIGKILL instead

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Kevin Darbyshire-Bryant
db00f312d3 dnsmasq: Bump to v2.84
dnsmasq v2.84rc2 has been promoted to release.

No functional difference between v2.83test3 and v2.84/v2.84rc2

Backport 2 patches to fix the version reporting

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-02-08 13:16:24 +00:00
Daniel Golle
aed95c4cb8 dnsmasq: switch to ubus-based hotplug call
Use new ubus-based hotplug call in dhcp-script.sh
As sysntpd now makes use of the new ubus-based hotplug calls, dnsmasq
no longer needs to ship ACL to cover ntpd-hotplug.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-08 00:57:14 +00:00
Daniel Golle
29a6a71d52 busybox: sysntpd: make use of new ubus hotplug.ntp object
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-08 00:57:14 +00:00
Daniel Golle
3010f16f44 procd: add hotplug-call dispatcher ubus objects
Add per-subsystem ubus objects exposing hotplug-call.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-08 00:57:14 +00:00
Ilya Lipnitskiy
3b65b0c13f acx-mac80211: replace dead URLs with OpenWrt CDN
erley.org no longer exists; attempting to connect to it during package
download results in lengthy timeouts. Use the new OpenWrt CDN alias to
download from reliable OpenWrt mirrors.

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-02-07 11:26:36 -10:00
Paul Spooren
8286f3a3d3 treewide: unify OpenWrt hosted source via @OPENWRT
Multiple sources are hosted on OpenWrts source server only. The source
URLs to point to the server vary based on different epochs in OpenWrts
history.

Replace all by @OPENWRT which is an "empty" mirror, therefore using the
fallback servers sources.cdn.openwrt.org and sources.openwrt.org.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-02-05 12:00:24 -10:00
Daniel Golle
381a458d58 selinux-policy: update to version 0.6
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-05 13:17:49 +00:00
Petr Štetiar
43ff6e641e hostapd: add forgotten patch for P2P vulnerability fix
Commit 7c8c4f1be6 ("hostapd: fix P2P group information processing
vulnerability") was missing the actual patch for the vulnerability.

Fixes: 7c8c4f1be6 ("hostapd: fix P2P group information processing vulnerability")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-02-04 09:11:50 +01:00
Daniel Golle
7c8c4f1be6 hostapd: fix P2P group information processing vulnerability
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners.
This issue was discovered by fuzz testing of wpa_supplicant by Google's
OSS-Fuzz.

https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-04 01:05:32 +00:00
Daniel Golle
c3959cd54f arm-trusted-firmware-mediatek: make use of trusted-firmware-a.mk
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-03 15:19:14 +00:00
Daniel Golle
84bc7d31e0 tfa-layerscape: don't build fiptool
tfa-fiptool is now provided by an extra package. Use that instead.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-03 15:19:14 +00:00
Daniel Golle
1f1d8d4f47 arm-trusted-firmware-tools: add package
Package ARM Trusted Firmware host tools separately.
(instead of building tfa-fiptool as part of tfa-layerscape)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-03 15:19:14 +00:00
Curtis Deptuck
abe348168b iptables: update to 1.8.7
ChangeLog:
https://netfilter.org/projects/iptables/files/changes-iptables-1.8.7.txt

Refresh patch:
None required

Signed-off-by: Curtis Deptuck <curtdept@me.com>
2021-02-02 21:06:45 +01:00
Daniel Golle
a3b55ae510 arm-trusted-firmware-mediatek: add ATF builds for MT7622
ATF bl2 comes in 4 variants for MT7622 depending on the boot media:
 * nor
 * snand
 * emmc
 * sdmmc

Additional binary headers needed for emmc and sdmmc are downloaded as
well and provided along with bl2*.bin and bl31.bin to allow building
images including ATF for MT7622.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-02 18:13:15 +00:00
Daniel Golle
740af59b9c procd: update to git HEAD
0aee1c3 hotplug.c: set nl_pid to zero
 d6dda31 procd: fix compiler warning
 92c8e8f jail: remove duplicate check for hook file permissions
 0a74c06 jail: only output BPF instr. table header if debugging
 fd18379 jail: cgroups: fix uninitialized variabl

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-02 13:29:36 +00:00
Felix Fietkau
84fa59b5a8 mac80211: fix station rate table updates on assoc
If the driver uses .sta_add, station entries are only uploaded after the sta
is in assoc state. Fix early station rate table updates by deferring them
until the sta has been uploaded

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-01 10:00:23 +01:00
David Bauer
8019c54d8a mac80211: fix incorrect parameter
he_mu_beamformer only accepts values of 0 and 1 according to the hostapd
documentation.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-01 00:48:37 +01:00
Marty Jones
1735026632 uboot-rockchip: fix RockPro64 boot from eMMC
With upstream commit f81f9f0ebac5 ("rockchip: rockpro64: initialize USB in
preboot") CONFIG_USE_PREBOOT was enabled on the RockPro64, which is causing
boot issues when a eMMC is used, as a workaround will temporarily disable
this option.

Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Improve patch description]
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-01 00:48:06 +01:00
David Bauer
0c499f6068 mac80211: convert UniFi Outdoor+ HSR support to OF
Enable support for the Ubiquiti UniFi Outdoor+ RF filter via
device-tree. The old way of using platform data is not required anymore,
as it was only used on the now removed ar71xx target.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-01 00:47:36 +01:00
Rosen Penev
cbedb5de75 util-linux: remove custom pkgconfig patch
Replace with sed as done elsewhere.

Fixes error with at least btrfs-progs:

Package '@LIBSELINUX@', required by 'mount', not found
Package '@LIBCRYPTSETUP@', required by 'mount', not foun

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-31 16:25:08 +01:00
Daniel Golle
f4d974d7f8 selinux-policy: update to git tag v0.5
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-31 14:02:19 +00:00
Hans Dedecker
1b484f1a12 odhcpd: update to latest git HEAD
8d8a8cd dhcpv6-ia: apply prefix_filter on dhcpv6

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-30 21:25:09 +01:00
Andre Heider
a04bffebba arm-trusted-firmware-mvebu: pass commit ids to a3700-utils/mv-ddr-marvell
The two required tools fail to identify their version when not compiling
from a git clone, patch that in and pass on the used commit hashes.

Upon boot it now prints "WTMI-devel-18.12.1-5598e150".

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-01-30 14:46:32 +01:00
Andre Heider
5fae94d987 arm-trusted-firmware-mvebu: bump espressobin boards to CPU_1000_DDR_800
The cpufreq issue has been identified and a fix is in the process of beeing
upstreamed [0].

Bump the boards to the default 1000MHz so they can run at that frequency
once the fix is merged. Until then the boards are stuck at 800MHz (just
claiming to run 1000Hz, which is a lie).

[0] https://lore.kernel.org/linux-arm-kernel/20210114124032.12765-1-pali@kernel.org/

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-01-30 14:46:32 +01:00
Andre Heider
8f3bd881c9 arm-trusted-firmware-mvebu: update to v2.4
Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-01-30 14:46:32 +01:00
Andre Heider
a9c20d56f1 uboot-mvebu: update to v2021.01
u-boot now detects emmc variants at runtime, we don't need to build
seperate binaries anymore.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-01-30 14:46:32 +01:00
Andre Heider
00bf2c0cbe arm-trusted-firmware-mvebu: don't build emmc variants
Starting with u-boot v2021.01 a single binary will be used for non-emmc
and emmc variants.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-01-30 14:46:32 +01:00
Geordan Neukum
e9d551fac1 strace: update package to v5.10
v5.10 has been released for strace. As such, let's go ahead bring in the
latest version of this package.

See here for the changelog:
    https://github.com/strace/strace/releases/tag/v5.10

Signed-off-by: Geordan Neukum <gneukum1@gmail.com>
2021-01-30 01:03:00 +01:00
Brian Norris
95b30f84d2 base-files: mount pstore if present
Pstore (persistent store) can be used to stash debug information (kernel
console, panics, ftrace) across reboots or crashes. If the filesystem is
present, mount it.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2021-01-29 22:26:36 +01:00
Michael Yartys
5b66c447f3 ath10k-ct: update to latest version
Changelog:
- ath10k-ct: Pull in some upstream patches.

Runtime-tested on ipq806x (Netgear R7800).

Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
2021-01-29 21:22:28 +01:00
Paul Menzel
ea1cdd1901 ca-certicficates: Update to version 20210119
Update the ca-certificates and ca-bundle package from version 20200601 to
version 2021019.

This version uses Python 3 for the build, fixing a build issue on systems,
where `/usr/bin/python3` is a wrapper script [1].

Debian change-log entry [2]:

>   [ Julien Cristau ]
>   * New maintainer (closes: #976406)
>   * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate
> authority
>     bundle to version 2.46.
>     The following certificate authorities were added (+):
>     + "certSIGN ROOT CA G2"
>     + "e-Szigno Root CA 2017"
>     + "Microsoft ECC Root Certificate Authority 2017"
>     + "Microsoft RSA Root Certificate Authority 2017"
>     + "NAVER Global Root Certification Authority"
>     + "Trustwave Global Certification Authority"
>     + "Trustwave Global ECC P256 Certification Authority"
>     + "Trustwave Global ECC P384 Certification Authority"
>     The following certificate authorities were removed (-):
>     - "EE Certification Centre Root CA"
>     - "GeoTrust Universal CA 2"
>     - "LuxTrust Global Root 2"
>     - "OISTE WISeKey Global Root GA CA"
>     - "Staat der Nederlanden Root CA - G2" (closes: #962079)
>     - "Taiwan GRCA"
>     - "Verisign Class 3 Public Primary Certification Authority - G3"
>
>   [ Michael Shuler ]
>   * mozilla/blacklist:
>     Revert Symantec CA blacklist (#911289). Closes: #962596
>     The following root certificates were added back (+):
>     + "GeoTrust Primary Certification Authority - G2"
>     + "VeriSign Universal Root Certification Authority"
>
>   [ Gianfranco Costamagna ]
>   * debian/{rules,control}:
>     Merge Ubuntu patch from Matthias Klose to use Python3 during build.
>     Closes: #942915

[1]: https://github.molgen.mpg.de/mariux64/mxtools/issues/148
[2]: https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20210119_changelog

Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
2021-01-29 21:20:40 +01:00
Adrian Schmutzler
396a35dd51 base-files: remove execute bit and shebang from functions.sh
/lib/functions.sh was executable for no obvious reason and its
execute property was even checked in package-ipkg.mk just to
source it afterwards.

Remove the execute bit and shebang as this is clearly a library.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
2021-01-29 14:30:32 +01:00
Adrian Schmutzler
331892f85f treewide: drop shebang from non-executable lib files
This drops the shebang from another bunch of files in various /lib
folders, as these are sourced and the shebang is useless.

Fix execute bit in one case, too.

This should cover almost all trivial cases now, i.e. where /lib is
actually used for library files.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-29 14:29:41 +01:00
Jiang Yongquan
799fca7602 sunxi: add support for linksprite pcDuino3 nano board
Specifications:

 - SoC: Allwinner A20 @ 1Ghz
 - DRAM: 1GiB DDR3 @ 408MHz (K4B4G1646Q-HYK0)
 - NAND: 4GB MLC NAND (H27UBG8T2BTR-BC)
 - Ethernet: 10/100/1000Mbps Ethernet (Realtek RTL8211E)

Flash instructions:

dd if=openwrt-sunxi-cortexa7-linksprite_pcduino3-nano-ext4-sdcard.img
of=/dev/sdX

Signed-off-by: Jiang Yongquan <woxwchc@foxmail.com>
[Remove CONFIG_REALTEK_PHY from sunxi/cortexa53 config]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-27 23:14:30 +01:00
Felix Fietkau
ddc75ff704 mt76: update to the latest version
65abbcd9f6fb mt76: usb: process URBs with status EPROTO properly
3199ef5fa35e mt76: mt7615: set mcu country code in mt7615_mcu_set_channel_domain()
5c86d5bb079b mt76: mt7915: Remove unneeded semicolon
3f546330b59d mt76: mt7915: support TxBF for DBDC
032ad7e02545 mt76: mt7615: unify init work
cc3f23d1e654 mt76: mt7915: bring up the WA event rx queue for band1
fa3d334a0e22 mt76: fix crash on tearing down ext phy
c4c9c402d14a mt76: mt7915: fix vif sta index for DBDC
eca2f0ec0d4c mt76: mt7915: fix command id for txbf action
c828124ef9a5 mt76: mt7915: add support for using a secondary PCIe link for gen1
dbaf0f4679f3 mt76: mt7915: make vif index per adapter instead of per band
fb3e5ce1eb00 mt76: move vif_mask back from mt76_phy to mt76_dev
be2bea66d6e3 mt76: mt7915: detect wrong nss eeprom parameter on dbdc cards
8dc5d4a0da7c Revert "mt76: mt7915: fix vif sta index for DBDC"
8c796a33781c mt76: mt7915: only set int1 when using the second hif
4eb5caaf6cc1 mt76: reduce q->lock hold time
0714890bf0fd mt76: mt7615: reduce VHT maximum MPDU length
2f85aa5cbc62 mt76: mt7915: avoid writes to MT_PCIE_RECOG_ID when not using gen1 devices
8696919d9aae mt76: dma: fix a possible memory leak in mt76_add_fragment()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-27 21:02:24 +01:00
Paul Spooren
2d72be766d base-files: bump Copyright to 2021
This commit is only added to keep the PKG_RELEASE correct after fixing
the $(COMMITCOUNT) logic in the previous commit.

This way the PKG_RELEASE stays the same while the compiled packages
content isn't changed.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-26 17:30:09 -10:00
Jeffrey Elms
ff2087d9a9 px5g-wolfssl: Fix certificate signature
Certificate signature algorithm was being set after call to
`wc_MakeCert`, resulting in a mismatch between specified signature in
certificate and the actual signature type.

Signed-off-by: Jeffrey Elms <jeff@wolfssl.com>
[fix commit subject, use COMMITCOUNT]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-26 16:59:53 -10:00
Paul Spooren
7b63d89b52 umdns: bump to 2021-01-26
* i78aa36b umdns: fix 64-bit time format string
* start using $(AUTORELEASE)
* Update Copyright

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-26 13:08:56 -10:00
Felix Fietkau
7ca75a2d01 mac80211: fix an uninitialized variable warning
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-26 20:00:03 +01:00
Felix Fietkau
56c20f0a5a mac80211: minstrel_ht: fix regression in the max_prob_rate fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-26 16:46:45 +01:00
Felix Fietkau
1fdbb8779a mac80211: remove accidentally duplicated line in minstrel_ht patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-26 16:46:45 +01:00
Tony Ambardar
23be333401 bpftools: update to 5.10.10
Use the latest stable kernel since the previous 5.8.x series is EOL.

Also drop the following patches recently accepted upstream:

  * 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
  * 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
  * 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
  * 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-01-25 14:37:41 +01:00
Felix Fietkau
37752336bd mac80211: add significant minstrel_ht performance improvements
Completely redesign the rate sampling approach

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-25 12:19:22 +01:00
Kevin Darbyshire-Bryant
297f82fc58 dnsmasq: Update to 2.84test3
dnsmasq v2.83 has a bug in handling duplicate queries which means it may
try to reply using the incorrect network socket.  This is especially
noticeable in dual stack environments where replies may be mis-directed to
IPv4 addresses on an IPv6 socket or IPv6 addresses on an IPv4 socket.

This results in system log spam such as:
dnsmasq[16020]: failed to send packet: Network unreachable
dnsmasq[16020]: failed to send packet: Address family not supported by protocol

dnsmasq v2.84test3 resolves these issues.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-01-24 15:56:39 +00:00
Michael Pratt
96017a6013 ath79: add support for Senao Engenius EAP1200H
FCC ID: A8J-EAP1200H

Engenius EAP1200H is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+

**Specification:**

  - QCA9557 SOC
  - QCA9882 WLAN	PCI card, 5 GHz, 2x2, 26dBm
  - AR8035-A PHY	RGMII GbE with PoE+ IN
  - 40 MHz clock
  - 16 MB FLASH		MX25L12845EMI-10G
  - 2x 64 MB RAM	NT5TU32M16FG
  - UART at J10		populated
  - 4 internal antenna plates (5 dbi, omni-directional)
  - 5 LEDs, 1 button (power, eth0, 2G, 5G, WPS) (reset)

**MAC addresses:**

  MAC addresses are labeled as ETH, 2.4G, and 5GHz
  Only one Vendor MAC address in flash

  eth0 ETH  *:a2 art 0x0
  phy1 2.4G *:a3 ---
  phy0 5GHz *:a4 ---

**Serial Access:**

  the RX line on the board for UART is shorted to ground by resistor R176
  therefore it must be removed to use the console
  but it is not necessary to remove to view boot log

  optionally, R175 can be replaced with a solder bridge short

  the resistors R175 and R176 are next to the UART RX pin at J10

**Installation:**

  2 ways to flash factory.bin from OEM:

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fd70000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

**Return to OEM:**

  If you have a serial cable, see Serial Failsafe instructions
  otherwise, uboot-env can be used to make uboot load the failsafe image

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will brick the device
  DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt

  ssh into openwrt and run
  `fw_setenv rootfs_checksum 0`
  reboot, wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

**TFTP recovery:**

  Requires serial console, reset button does nothing

  rename initramfs to 'vmlinux-art-ramdisk'
  make available on TFTP server at 192.168.1.101
  power board, interrupt boot
  execute tftpboot and bootm 0x81000000

  NOTE: TFTP is not reliable due to bugged bootloader
  set MTU to 600 and try many times

**Format of OEM firmware image:**

  The OEM software of EAP1200H is a heavily modified version
  of Openwrt Kamikaze. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-ar71xx-generic-eap1200h-uImage-lzma.bin
    openwrt-ar71xx-generic-eap1200h-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  Newer EnGenius software requires more checks but their script
  includes a way to skip them, otherwise the tar must include
  a text file with the version and md5sums in a deprecated format.

  The OEM upgrade script is at /etc/fwupgrade.sh.

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  The clock delay required for RGMII can be applied
  at the PHY side, using the at803x driver `phy-mode`.
  Therefore the PLL registers for GMAC0
  do not need the bits for delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2021-01-23 12:53:22 +01:00
Adrian Schmutzler
b2bab95116 maccalc: remove package
This is a helpful utility, but it does not have any dependencies
in this repository. Move it to packages feed.

The package does not seem to have a maintainer.

Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Nick Hainke <vincent@systemli.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-23 12:43:45 +01:00
Adrian Schmutzler
511d71e689 owipcalc: remove package
This is a helpful utility, but it does not have any dependencies
in this repository. Move it to packages feed.

Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Nick Hainke <vincent@systemli.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-23 12:43:29 +01:00
Paul Spooren
465eaa0e07 uboot-envtools: use $(AUTORELEASE) for PKG_RELEASE
Use `$(AUTORELEASE)` variable rather than setting a PKG_RELEASE
on every commit manually.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-22 19:03:53 -10:00
Paul Spooren
aa589c77b4 base-files: use $(COMMITCOUNT) in PKG_RELEASE
The newly added `$(COMMITCOUNT)` varialbe allows automatic versioning
based on the number of Git commits of a package. Replace *tedious to
bump* and *merge conflict causing* `PKG_RELEASE` and replace it with
`$(COMMITCOUNT)`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-22 19:03:53 -10:00
Florian Eckert
e779d30f32 iperf3: remove
This package is not needed in base. It will be imported in the packages
feed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-01-22 14:53:50 -10:00
Florian Eckert
ad54af2ae0 iperf: remove
This package is not needed in base. It will be imported in the packages
feed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-01-22 14:53:50 -10:00
Dmytro Oz
c2a7bb520a ramips: mt7621: add support for Xiaomi Mi Router 4
Xiaomi Mi Router 4 is the same as Xiaomi Mi Router 3G, except for
the RAM (256Mib→128Mib), LEDs and gpio (MiNet button).

Specifications:

Power: 12 VDC, 1 A
Connector type: barrel
CPU1: MediaTek MT7621A (880 MHz, 4 cores)
FLA1: 128 MiB (ESMT F59L1G81MA)
RAM1: 128 MiB (ESMT M15T1G1664A)
WI1 chip1: MediaTek MT7603EN
WI1 802dot11 protocols: bgn
WI1 MIMO config: 2x2:2
WI1 antenna connector: U.FL
WI2 chip1: MediaTek MT7612EN
WI2 802dot11 protocols: an+ac
WI2 MIMO config: 2x2:2
WI2 antenna connector: U.FL
ETH chip1: MediaTek MT7621A
Switch: MediaTek MT7621A

UART Serial
[o] TX
[o] GND
[o] RX
[ ] VCC - Do not connect it

MAC addresses as verified by OEM firmware:

use   address   source
LAN   *:c2      factory 0xe000 (label)
WAN   *:c3      factory 0xe006
2g    *:c4      factory 0x0000
5g    *:c5      factory 0x8000

Flashing instructions:

1.Create a simple http server (nginx etc)
2.set uart enable
To enable writing to the console, you must reset to factory settings
Then you see uboot boot, press the keyboard 4 button (enter uboot command line)
If it is not successful, repeat the above operation of restoring the factory settings.
After entering the uboot command line, type:

setenv uart_en 1
saveenv
boot

3.use shell in uart
cd /tmp
wget http://"your_computer_ip:80"/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin
wget http://"your_computer_ip:80"/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-rootfs0.bin
mtd write openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin kernel1
mtd write openwrt-ramips-mt7621-xiaomi_mir4-squashfs-rootfs0.bin rootfs0
nvram set flag_try_sys1_failed=1
nvram commit
reboot
4.login to the router http://192.168.1.1/

Installation via Software exploit
Find the instructions in the https://github.com/acecilia/OpenWRTInvasion

Signed-off-by: Dmytro Oz <sequentiality@gmail.com>
[commit message facelift, rebase onto shared DTSI/common device
definition, bump uboot-envtools]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-21 22:53:19 +01:00
Sven Eckelmann
0988e03f0e ath79: Add support for OpenMesh MR1750 v2
Device specifications:
======================

* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi (11n)
* 3T3R 5 GHz Wi-Fi (11ac)
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
  - AR8035 ethernet PHY (RGMII)
  - 10/100/1000 Mbps Ethernet
  - 802.3af POE
  - used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-19 21:41:26 +01:00
Sven Eckelmann
ae7680dc4b ath79: Add support for OpenMesh MR1750 v1
Device specifications:
======================

* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi (11n)
* 3T3R 5 GHz Wi-Fi (11ac)
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
  - AR8035 ethernet PHY (RGMII)
  - 10/100/1000 Mbps Ethernet
  - 802.3af POE
  - used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, apply shared DTSI/device node, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-19 21:41:26 +01:00
Sven Eckelmann
31172e53f9 ath79: Add support for OpenMesh MR900 v2
Device specifications:
======================

* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi
* 3T3R 5 GHz Wi-Fi
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
  - AR8035 ethernet PHY (RGMII)
  - 10/100/1000 Mbps Ethernet
  - 802.3af POE
  - used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-19 15:39:36 +01:00
Sven Eckelmann
e06c9eec5d ath79: Add support for OpenMesh MR900 v1
Device specifications:
======================

* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi
* 3T3R 5 GHz Wi-Fi
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
  - AR8035 ethernet PHY (RGMII)
  - 10/100/1000 Mbps Ethernet
  - 802.3af POE
  - used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-19 15:39:36 +01:00
Sven Eckelmann
d9a3af46d8 ath79: Add support for OpenMesh MR600 v2
Device specifications:
======================

* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi
* 2T2R 5 GHz Wi-Fi
* 8x GPIO-LEDs (6x wifi, 1x wps, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
  - AR8035 ethernet PHY (RGMII)
  - 10/100/1000 Mbps Ethernet
  - 802.3af POE
  - used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-19 15:39:36 +01:00
Sven Eckelmann
4b35999588 ath79: Add support for OpenMesh MR600 v1
Device specifications:
======================

* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi
* 2T2R 5 GHz Wi-Fi
* 4x GPIO-LEDs (2x wifi, 1x wps, 1x power)
* 1x GPIO-button (reset)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
  - AR8035 ethernet PHY (RGMII)
  - 10/100/1000 Mbps Ethernet
  - 802.3af POE
  - used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, make WLAN LEDs consistent, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-19 15:39:36 +01:00
Nick Hainke
0fda8049a7 owipcalc: remove clone in cidr_contains6
The "cidr_contains6" functions clones the given cidr. The contains4
does not clone the cidr. Both functions do not behave the same.

I see no reason to push the cidr. I think that we get only a negligible
performance gain, but it makes ipv4 and ipv6 equal again.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-01-19 15:39:36 +01:00
Hauke Mehrtens
e87c0d934c dnsmasq: Update to version 2.83
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
  Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
  overflow in sort_rrset() when DNSSEC is used. This can allow a remote
  attacker to write arbitrary data into target device's memory that can
  lead to memory corruption and other unexpected behaviors on the target
  device.
* CVE-2020-25682:
  Dnsmasq versions before 2.83 is susceptible to buffer overflow in
  extract_name() function due to missing length check, when DNSSEC is
  enabled. This can allow a remote attacker to cause memory corruption
  on the target device.
* CVE-2020-25683:
  Dnsmasq version before 2.83 is susceptible to a heap-based buffer
  overflow when DNSSEC is enabled. A remote attacker, who can create
  valid DNS replies, could use this flaw to cause an overflow in a heap-
  allocated memory. This flaw is caused by the lack of length checks in
  rtc1035.c:extract_name(), which could be abused to make the code
  execute memcpy() with a negative size in get_rdata() and cause a crash
  in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
  A lack of proper address/port check implemented in Dnsmasq version <
  2.83 reply_query function makes forging replies easier to an off-path
  attacker.
* CVE-2020-25685:
  A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
  versions before 2.83 reply_query function allows remote attackers to
  spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
  Multiple DNS query requests for the same resource name (RRNAME) by
  Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
  traffic, using a birthday attack (RFC 5452), that can lead to DNS
  cache poisoning.
* CVE-2020-25687:
  Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
  overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
  remote attacker, who can create valid DNS replies, could use this flaw
  to cause an overflow in a heap-allocated memory. This flaw is caused
  by the lack of length checks in rtc1035.c:extract_name(), which could
  be abused to make the code execute memcpy() with a negative size in
  sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
  Service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-19 13:01:03 +01:00
Hauke Mehrtens
20a7c9d5c9 uboot-at91: Add PKG_MIRROR_HASH to fix download
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-18 22:10:14 +01:00
Hauke Mehrtens
a141e7a00e at91bootstrap: Add PKG_MIRROR_HASH to fix download
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-18 22:10:03 +01:00
Rafał Miłecki
f559b89bd0 bcm63xx-cfe: enable package for bcm4908
bcm4908 target needs to include cferam images in firmware files too

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-01-18 07:39:09 +01:00
Rosen Penev
f13b623f5e mbedtls: update to 2.16.9
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-18 00:49:14 +01:00
Hans Dedecker
e857b09767 netifd: fix IPv6 routing loop on point-to-point links
c00c833 interface-ip: add unreachable route if address is offlink
e71909c interface-ip: coding style fixes

Tested-by: Karl Vogel <karl.vogel@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-17 21:22:39 +01:00
Hans Dedecker
4301541351 odhcp6c: fix routing loop on point-to-point links
53f07e9 ra: fix routing loop on point to point links
2b6959d ra: align ifindex resolving

Tested-by: Karl Vogel <karl.vogel@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-17 21:22:39 +01:00
Rosen Penev
43539a6aab libusb: make InstallDev explicit
Helps to see what actually gets installed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-16 23:37:08 -10:00
Rosen Penev
3d2dab5660 libusb: cleanup PKG_ variables
Reordered for consistency between packages.

Fixed license information.

Change PKG_BUILD_PARALLEL to 1. This is no longer a problem.1

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-16 23:26:52 -10:00
Rosen Penev
0798b13d7d libusb: update to 1.0.24
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-16 23:25:27 -10:00
Sungbo Eo
583e39e3d5 kernel: drop empty kmod-ledtrig-* packages
The following four led triggers are enabled in generic config.

* kmod-ledtrig-default-on
* kmod-ledtrig-heartbeat
* kmod-ledtrig-netdev
* kmod-ledtrig-timer

Drop the packages and remove them from DEVICE_PACKAGES.
There's no other package depending on them in this repo.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2021-01-15 18:24:31 +01:00
Leon M. George
d5bbd4975c hostapd: fix setting wps_state to "not configured"
With encryption disabled, it was intended to set wpa_state=1 (enabled,
not configured) through the 'wps_not_configured' flag.
The flag is set appropriately but the condition using it is broken.
Instead, 'wps_configured' is checked and wpa_state is always 2 (enabled,
configured). Fix it by using the correct variable name.

Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit title/message improvements]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-15 18:17:45 +01:00
Sungbo Eo
218eff5bdb kernel: update kmod-thermal package
CONFIG_THERMAL option was changed to boolean in upstream linux commit
554b3529fe01 ("thermal/drivers/core: Remove the module Kconfig's option").
Switch it to 'y' and remove FILES and AUTOLOAD for non-existant module file.

And update the descripton text for the package as in upstream linux commit
eb8504620381 ("thermal: Rephrase the Kconfig text for thermal").

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2021-01-15 17:47:33 +01:00
Nick Hainke
5beea4c3fd owipcalc: use v6 in cidr_parse6 function
The cidr_parse6 function parses a string to an ipv6-address.
The cidr struct contains a union called buf for the ipv4 and ipv6
address. Since it is a char pointer and the struct is initialized with
the maximum size (so ipv6 string) it does not make any difference.
However, we should access the buffer using the v6 name, since it could
be confusing otherwise.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-01-15 17:40:27 +01:00
Felix Fietkau
b0ad07e9a0 mac80211: fix rounding error in minstrel_ht throughput calculation
Fixes rate selection with lower data rates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-15 13:05:40 +01:00
Felix Fietkau
faeaf5a010 mac80211: fix an uninitialized stack variable in the minstrel update
It can lead to out-of-bounds access and invalid rates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-14 20:12:29 +01:00
Felix Fietkau
f841855f10 mt76: update to the latest version
a46f9a9160e9 mt76: mt7915: add vif check in mt7915_update_vif_beacon()
27ad12352ac9 mt76: mt7615: add vif check in mt7615_update_vif_beacon()
0a449cef024e mt76: mt7915: fix MT_CIPHER_BIP_CMAC_128 setkey
eacd2d493c61 mt76: mt7915: reset token when mac_reset happens
e4b23301e6c9 mt76: mt7615: reset token when mac_reset happens
6e22bbfe0360 mt76: mt7615: convert comma to semicolon
37865118ae2d mt76: mt7915: convert comma to semicolon
742c36b2e527 mt76: mt7915: run mt7915_configure_filter holding mt76 mutex
a515727e8423 mt76: mt7915: add support for flash mode
b6f7b3da5216 mt76: mt7915: fix endianness warning in mt7915_mcu_set_radar_th
062f3f4f06a2 mt76: mt7915: simplify mt7915_mcu_send_message routine
dbba9b993300 mt76: mt7915: drop zero-length packet to avoid Tx hang
36a745d0f71c mt76: Fix queue ID variable types after mcu queue split
a4539760b0b1 mt7915: update the testmode support to the latest upstream patch
64bd6f87e4c2 mt7915: fix crash on failure in pci_set_dma_mask
c202ace409e0 mt76: remove unused variable q
d1b827781f84 mt76: mt7915: add partial add_bss_info command on testmode init
a897a69769f5 mt76: testmode: introduce dbdc support
b44472e99822 mt76: testmode: move mtd part to mt76_dev
45e27e6cdc12 mt76: mt7915: move testmode data from dev to phy
b6673b005770 mt76: mt7615: move testmode data from dev to phy
abdd471e9f2d mt76: mt7915: fix ht mcs in mt7915_mcu_get_rx_rate()
d679b56b9585 mt76: move mac_work in mt76_core module
36cd48ab4454 mt76: move chainmask in mt76_phy
89a6781ed045 mt76: mt7915: force ldpc for bw larger than 20MHz in testmode
3d0834e78005 mt76: testmode: add support to set user-defined spe index
cc05f4679667 mt76: testmode: add attributes for ipg related parameters
77b18b16fe16 mt76: testmode: make tx queued limit adjustable
6365a58573cb mt76: mt7915: split edca update function
e56282bf67f6 mt76: mt7915: add support for ipg in testmode
6fa642903e4e mt76: mt7915: calculate new packet length when tx_time is set in testmode
729ec5daeba5 mt76: mt7915: clean hw queue before starting new testmode tx
981443da5cf7 mt76: testmode: add a new state for continuous tx
4793fc9b3d48 mt76: mt7915: rework set state part in testmode
11a1e86e5946 mt76: mt7915: add support for continuous tx in testmode
364affef82fc mt76: mt7615: mt7915: disable txpower sku when testmode enabled
9fc19db51293 mt76: mt7915: simplify peer's TxBF capability check
6377b7f330be mt76: mt7915: add implicit Tx beamforming support
983091a40633 mt76: mt7915: fix MESH ifdef block
bbb7a9e77751 mt76: mt76u: fix NULL pointer dereference in mt76u_status_worker
a28a8dd2f7de mt76: usb: fix crash on device removal
9c312f2ce2c5 mt76: mt7915: rework mcu API
e6fe82acb111 mt76: mt7915: disable RED support in the WA firmware
25d7429bdc41 mt76: mt7915: fix eeprom parsing for DBDC
7a93026dd3dc mt76: mt7915: fix eeprom DBDC band selection
4c8a09cc45d0 tools: Set mode for new file /tmp/mt76-test-%s

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-14 14:06:00 +01:00
Leon M. George
fa02225ee6 hostapd: fix key_mgmt typo
The key_mgmt variable was mistyped when checking against "WPS", so
the if clause was never entered.

Fixes: f5753aae23 ("hostapd: add support for WPS pushbutton station")

Signed-off-by: Leon M. George <leon@georgemail.eu>
[add commit message, bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-14 03:54:06 +01:00
Leon M. George
f72ce73e36 hostapd: remove trailing whitespaces
Signed-off-by: Leon M. George <leon@georgemail.eu>
2021-01-14 03:50:38 +01:00
Leon M. George
4bde00c2a3 hostapd: remove unused variable
'base' was never used.

Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")

Signed-off-by: Leon M. George <leon@georgemail.eu>
2021-01-14 03:48:41 +01:00
Leon M. George
3497b30b9c hostapd: remove unused variable
'enc_str' was never used.

Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")

Signed-off-by: Leon M. George <leon@georgemail.eu>
2021-01-14 03:45:17 +01:00
Daniel Golle
1f78538387 hostapd: run as user 'network' if procd-ujail is installed
Granting capabilities CAP_NET_ADMIN and CAP_NET_RAW allows running
hostapd and wpa_supplicant without root priviledges.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-14 00:52:50 +00:00
Daniel Golle
d9d6988434 mac80211: improve error handling when adding hostapd config
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-14 00:52:50 +00:00
Daniel Golle
1e2d162092 hostapd: improve error handling when adding supplicant config
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-14 00:52:49 +00:00
Etan Kissling
7babb978ad hostapd: add multicast_to_unicast and per_sta_vif
This allows configuration of multicast_to_unicast and per_sta_vif options.
- multicast_to_unicast requests multicast-to-unicast conversion.
- per_sta_vif assigns each station its own AP_VLAN interface.

Signed-off-by: Etan Kissling <etan_kissling@apple.com>
2021-01-14 00:52:49 +00:00
Etan Kissling
02abd99f89 mbedtls: add config option to compile with hkdf
This adds a config option to allow compiling with HKDF algorithm support
to support applications that require this feature.

Signed-off-by: Etan Kissling <etan_kissling@apple.com>
2021-01-14 00:52:49 +00:00
Etan Kissling
39add246c1 nf-conntrack: allow querying conntrack info in nfqueue
This allows libnetfilter_queue to access connection tracking information
by requesting NFQA_CFG_F_CONNTRACK. Connection tracking information is
provided in the NFQA_CT attribute.
CONFIG_NETFILTER_NETLINK_GLUE_CT enables the interaction between
nf_queue and nf_conntrack_netlink. Without this option, trying to access
connection tracking information results in "Operation not supported".

Signed-off-by: Etan Kissling <etan_kissling@apple.com>
2021-01-14 00:52:49 +00:00
Jan Alexander
6738b5e2ac uboot-envtools: add support for Aruba AP-303 and AP-365
Both devices use u-boot env variables to boot OpenWrt from its flash
partition. Using u-boot envtools, it is possible to change the bootcmd
back to the stock firmware partition directly from OpenWrt without
attaching a serial cable or even physically accessing the device.

Signed-off-by: Jan Alexander <jan@nalx.net>
2021-01-14 01:04:02 +01:00
Jan Alexander
4e46beb313 ipq806x: add support for Ubiquiti UniFi AC HD
Hardware
--------

SoC:   Qualcomm IPQ8064
RAM:   512MB DDR3
Flash: 256MB NAND (Micron MT29F2G08ABBEAH4)
       32MB SPI-NOR (Macronix MX25U25635F)
WLAN:  Qualcomm Atheros QCA9994 4T4R b/g/n
       Qualcomm Atheros QCA9994 4T4R a/n/ac
ETH:   eth0 - SECONDARY (Atheros AR8033)
       eth1 - MAIN (Atheros AR8033)
USB:   USB-C
LED:   Dome (white / blue)
BTN:   Reset

Installation
------------

Copy the OpenWrt sysupgrade image to the /tmp directory of the device
using scp. Default IP address is 192.168.1.20 and default username and
password are "ubnt".

SSH to the device and write the bootselect flag to ensure it is booting
from the mtd partition the OpenWrt image will be written to. Verify the
output device below matches mtd partition "bootselect" using /proc/mtd.

> dd if=/dev/zero bs=1 count=1 seek=7 conv=notrunc of=/dev/mtd11

Write the OpenWrt sysupgrade image to the mtd partition labeled
"kernel0". Also verify the used partition device using /proc/mtd.

> dd if=/tmp/sysupgrade.bin of=/dev/mtdblock12

Reboot the device.

Back to stock
-------------

Use the TFTP recovery procedure with the Ubiquiti firmware image to
restore the vendor firmware.

Signed-off-by: Jan Alexander <jan@nalx.net>
2021-01-14 01:03:54 +01:00
David Bauer
3c20768bb9 uboot-rockchip: update NanoPi R2S patches
Update the NanoPi R2S to the latest version submitted
upstream.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-01-14 01:03:48 +01:00
Marty Jones
d567a24200 uboot-rockchip: update to v2021.01
Update the U-Boot to version v2021.01.

Run-tested: FriendlyARM NanoPi R2S
            Radxa Rock Pi 4
            Pine64 RockPro64

Signed-off-by: Marty Jones <mj8263788@gmail.com>
[format commit message]
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-01-14 01:03:41 +01:00