as indicated in commit c5bf408ed6 "(ramips: fix image generation for mt76x8")
more rework was needed to fix the other issues.
Building on another machine, but using the same arch, showed
the application failing again for different reasons.
Fix this by completely rewriting the application, fixing following found issues:
- buffer overflows, resulting in stack corruption
- flaws in memory requirement calculations (too small, too large)
- memory leaks
- missing bounds checking on string handling
- non-reproducable images, by using unitilized memory in checksum calculation
- missing error handling, resulting in succes on specific image errors
- endianness errors when building on BE machines
- various minor build warnings
- documentation did not match the code actions (header item locations)
- allowing input to be decimal, hex or octal now
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Buildbot fails to generate images for targets also generating a
Sercomm binary with following error:
Opening file: /mnt/ramdisk/koen/firmware/builds/owrt_mt76x8/build_dir/target-mipsel_24kc_musl/linux-ramips_mt76x8/tmp/openwrt-ramips-mt76x8-netgear_r6120-squashfs-factory.img.rootfs.zip
Filesize: 3648606 .
mksercommfw: malloc.c:2427: sysmalloc: Assertion `(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)' failed.
Makefile:287: recipe for target '/mnt/ramdisk/koen/firmware/builds/owrt_mt76x8/build_dir/target-mipsel_24kc_musl/linux-ramips_mt76x8/tmp/openwrt-ramips-mt76x8-netgear_r6120-squashfs-factory.img' failed
Debugging using valgrind shows stack corruption due to a buffer overflow.
The author of the generator assumes the filename ends with "root",
while it should be "rootfs".
Fix this by accounting for the 2 missing characters which solves the build issues.
More work is required to cleanup this source, which will be done later on.
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
These targets are already defined as having a dynamic partition
but the safeloader was not adapted for them.
This causes a build warning for the sysupgrade image being too big.
Targets:
- c58-v1
- c60-v1
- c60-v2
- TL-WR1043 v5
- TL-WR902AC v1
- TL-WR942N V1
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Targets:
- TP-LINK ER355
- TP-LINK C25 V1
- TP-LINK C59 V1
- TP-LINK C7 V4
- TP-LINK C7 V5
Fixes build issues seen due to the kernel being too big
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
As mentioned in commit 5f24933 recent changes on ar71xx (switch to 4.14,
memory compaction, ...) cause an increase in kernel size, making it too
big for RE450.
RE450 images were not build due to the following error message:
os-image partition too big (more than 1572864 bytes): Success
Tested on RE450, device boots and was used to send this patch.
Reported-by: Enrico Mioso <mrkiko.rs@gmail.com>
Suggested-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Radek Dostál <rd@radekdostal.com>
[rewrote commit msg keeping it tight + fixed SoB lines]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Go for openwrt passes pkg-config arguments in the format of
pkg-config --cflags -- pkg-name
which in turn will be passed down to the real pkg-config as something
like
pkg-config.real --cflags -- pkg-name --define...
and causes the real pkg-config implementation to missinterpret the given
argument list.
This also helps to fix https://github.com/golang/go/issues/27940
Signed-off-by: Arthur Skowronek <arthur.skowronek@tuta.io>
uscan reports a new CVE now that PKG_CPE_ID was added.
Reordered patches by date.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[re-title commit & refresh patches]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
A new test case was adding in one of the patches fixing a problem, this
also included a change in the test/Makefile.am to add this test case.
The build system detected a change in the Makefile.am and wants to
regenerate the Makefile.in, but this fails because automake-1.15 is not
installed yet. As automake depends on patch being build first, make sure
we do not modify the Makefile.am.
This fixes build problem seen by the build bots.
Fixes: 4797dddfde ("patch: apply upstream cve fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The Makefile.am changed and now patch wants to use automake to
regenerate the Makefile.in. Make sure automake was build before we build
patch.
This fixes build problem seen by the build bots.
Fixes: 4797dddfde ("patch: apply upstream cve fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Apply two upstream patches to address two CVEs:
* CVE-2018-1000156
* CVE-2018-6952
Add PKG_CPE_ID to Makefile.
Build tested on apm821xx and ar71xx.
Signed-off-by: Russell Senior <russell@personaltelco.net>
This patch adds a new type of ubiquiti image, the WA image. First seen
on the NanoStation AC loco the generic name implies that we will see
this type of image on more ubiquiti devices thus it makes sense to
implement it in mkfwimage.
The main difference is that WA images are signed. The "END" header has
been replaced by a "ENDS" header followed by a 2048 bit RSA signature.
This signature is not being generated by mkfwimage and filled with 0x00.
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
On some systems (Gentoo) configure stage fails because of docbook2man
working with SGML rather than with XML. We don't need xmlwf man pages so
we disable this.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
In addition to the default little-endianness format, I added a mode
so that we can generate firmware with big-endianness format.
example: ELECOM WRC-300GHBK2-I (QCA9563)
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
The current make-ras.sh image generation script for the ZyXEL NBG6617
has portability issues with bash. Because of this, factory images are
currently not built correctly by the OpenWRT buildbots.
This commit replaces the make-ras.sh by C-written mkrasimage.
The new mkrasimage is also compatible with other ZyXEL devices using
the ras image-format.
This is not tested with the NBG6616 but it correctly builds the
header for ZyXEL factory image.
Signed-off-by: David Bauer <mail@david-bauer.net>
This adds a tool to generate a firmware file accepted
by Netgear or sercomm devices.
They use a zip-packed rootfs with header and a custom
checksum. The generated Image can be flashed via the
nmrpflash tool or the webinterface of the router.
Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
Add a temporary workaround to compile with glibc 2.28
as some constants were removed and others made private
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
Add a temporary workaround to compile with glibc 2.28
as some constants were removed and others made private
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
Adds Support for the TP-LINK CPE510 V2.0 by TP-Link.
The hardware is almost the same as the CPE510 V1.0
Follow the same processes as for the CPE510 V1.0
Signed-off-by: Andrew Cameron <apcameron@softhome.net>
TP-Link Archer C59v2 is a dual-band AC1350 router based on
Qualcomm/Atheros QCA9561+QCA9886 chips.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- USB 2.0 port
- UART header on PCB
Flash instruction:
- via web UI:
1. Download openwrt-ar71xx-generic-archer-c59-v2-squashfs-factory.bin
2. Login to router and open the Advanced tab
3. Navigate to System Tools -> Firmware Upgrade
4. Upload firmware using the Manual Upgrade form
- via TFTP:
1. Set PC to fixed ip address 192.168.0.66
2. Download openwrt-ar71xx-generic-archer-c59-v2-squashfs-factory.bin
and rename it to tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
Signed-off-by: Keith Maika <keithm@aoeex.com>
Use the new dynamic partition split in tplink-safeloader so we no longer
have to worry about kernel size increases.
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Use the new dynamic partition split in tplink-safeloader so we no longer
have to worry about kernel size increases.
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
Add support to dynamically split the firmware partition into os-image
and file-system partitions. This is done by replacing those entries in
the partition table with a single unified firmware partition, which is
then split according to actual kernel image size.
The factory image will have the file-system partition aligned to a 64K
erase block, but the sysupgrade image skips this and aligns only the
JFFS2 EOF marker to squeeze out more space.
This should prevent further creeping updates to the kernel partition
size while maximizing space for the overlay filesystem on smaller
devices.
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
Add an option (-O) to calculate rootfs offset for combined images.
This is needed for the TP-Link mtdsplit driver to locate the rootfs
when the start is not aligned to an erase block. This will be the
case for sysupgrade images produced by tplink-safeloader with upcoming
dynamic partition splitting.
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
This PR adds support for a popular low-cost 2.4GHz N based AP
Specifications:
- SoC: Qualcomm Atheros QCA9533 (650MHz)
- RAM: 64MB
- Storage: 8 MB SPI NOR
- Wireless: 2.4GHz N based built into SoC 2x2
- Ethernet: 1x 100/10 Mbps, integrated into SoC, 24V POE IN
Installation:
Flash factory image through stock firmware WEB UI
or through TFTP
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP adress:192.168.0.254
Notes:
TP-Link does not use bootstrap registers so without this patch reference
clock detects as 40MHz while it is actually 25MHz.
This is due to messed up bootstrap resistor configuration on the PCB.
Provided GPL code just forces 25MHz reference clock.
That causes booting with completely wrong clocks, for example, CPU tries
to boot at 1040MHz while the stock is 650MHz.
So this PR depends on PR #672 to remove 40MHz reference clock.
Thanks to Sven Eckelmann <sven@narfation.org> for properly patching that.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
TP-Link Archer C7 v5 is a dual-band AC1750 router, based on Qualcomm/Atheros
QCA9563+QCA9880.
Specification:
- 750/400/250 MHz (CPU/DDR/AHB
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 3T3R 5 GHz
- 5x 10/100/1000 Mbps Ethernet
- 10x LED, 2x button
- UART header on PCB
Flash instruction:
1. Upload lede-ar71xx-generic-archer-c7-v5-squashfs-factory.bin via Web interface
Flash instruction using TFTP recovery:
1. Set PC to fixed ip address 192.168.0.66
2. Download lede-ar71xx-generic-archer-c7-v5-squashfs-factory.bin
and rename it to ArcherC7v5_tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
Signed-off-by: Arvid E. Picciani <aep@exys.org>
122ca37 Rename bits in hostflags to match new identifiers for the hostflags
32c2a3c Change order of identifiers to be ascending with the spr numbers
f7016b5 Remove definitions which are not Broadcom specific
b77c0a3 debug: Fix ordering of HF bits
3f46e61 fwcutter: Add firmware 9.10.178.27
27892ef fwcutter/make: Avoid _DEFAULT_SOURCE warning
Signed-off-by: Krystian Kozak <krystian.kozak20@gmail.com>
Certain Netgear and AVM devices use BE squashfs for the kernel image. As
squashfs4 only supports creating LE images, add squashfs (v3) into
the tools to be built for ath79.
Trying to use an LE squashfs (thus trying to use squashfs4 only for
building the image) for the kernel image results in the bootloader
barfing and stopping.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Update bison to 3.0.5
Bugfix release
Remove 001-fix-macos-vasnprintf.patch as it is fixed upstream
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
8e29d86 linuxrc: remove superfluous shebang line
12d2045 gitignore: remove Windows stuff
57d8969 Add travis hint
8edf4cc sdimage: use fsync before closing the device (fixes#1)
d395b31 uuc: fix some compiler warnings
Signed-off-by: Krystian Kozak <krystian.kozak20@gmail.com>
Our pkg-config wrapper relies on the ability to redefine the $prefix and
$exec_prefix variables in order to construct proper search paths relative
to the build environment.
Patch the .pc file template to construct libdir, sharedlibdir and includedir
relative to the ${prefix} variable so that it can be overridden as needed.
This also fixes the libxml2/host build issue raised at
https://github.com/openwrt/packages/issues/6073 - it was caused by libxml2's
configure picking up a wrong host search path through zlib.pc, letting it
include the wrong endian.h, causing spurious member redeclaration errors in
system headers.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The default image does not fit 2 MB anymore, expand os-image partition
to 4 MB.
Upgrading works transparently via sysupgrade in both directions.
Another option would have been to merge "os-image" and "rootfs" into a
single "firmware" partition using MTD_SPLIT_TPLINK_FW, but just
changing the sizes of the existing partitioning has been deemed safer
and actually tested on an affected device; the maximum for rootfs
changes from 27 MB to 25 MB.
Run-tested on TP-Link Archer C2600.
Signed-off-by: Joris de Vries <joris@apptrician.nl>
[slh: extend comments and commit message, rename rootfs]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
This tool is used to create headers on images for the
D-Link DNS-313 in gemini target.
Will be used after switching gemini to 4.14 kernel.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
MacOSX does not support "-Wl,-Bstatic" so do not force the static
linking.
We only copy the static libz library into the staging libraries
directories, the linker will anyway only find the static version and
link against that on all systems.
Fixes: 8dcd941d8b ("tools/zlib: move zlib build to tools")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Libressl version 2.7.0 and later implement more of the OpenSSL 1.1 API
and this needs some modifications of the code using it.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This version now uses autotools to configure the build system. They are
also using the newly added zlib package.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
These functions are not declared in any header file and only used in
same compile unit, mark them as static to remove one gcc warning and
make it easier for the compiler to optimize them out.
This also fixes some style problems to make this patch match the version
in the packages folder.
This is copied from this commit to the mtd-utils we pack into the image:
56d0dd56e9 ("mtd-utils: Mark some lzma functions as static")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This allows us to link the other tools against our libz and we do not
need the system zlib any more.
Only the static linked library is copied to the staging directory so we
have a statically linked library on all systems and not only on Linux.
This also adds the new dependencies of the packages which are depending
on zlib.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The new mkimage version requires a CONFIG_MKIMAGE_DTC_PATH variable to be
provided during build, in order to hardcode a path to a suitable DT
compiler executable.
Failure to do so will result in stray "sh: 1: -I: not found" errors when
invoking mkimage for FIT image generation.
Fix the issue by supplying "dtc" as CONFIG_MKIMAGE_DTC_PATH value during
build. As we intend our host utilities to be relocatable and since we're
already overriding PATH when invoking mkimage, an absolute path is not
required.
Fixes: b13e981d72 ("tools/mkimage: update to version 2018.03")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This activates support for fit images and some other new mkimage
features. Some of the patches were applied upstream and could be
removed.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update cmake to 3.11.0
Remove 110-alpine_musl-compat.patch as it's integrated upstream
Rename and refresh patches
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Having the metainfo between kernel and rootfs prevents us from resizing
the kernel partition as necessary.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
TP-Link Archer C60 v2 is a dual-band AC1350 router, based on
Qualcomm/Atheros QCA9561 + QCA9886.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 7x LED, 2x button
- UART header on PCB
Flash instruction (web):
Download lede-ar71xx-generic-archer-c60-v2-squashfs-factory.bin and use
OEM System Tools - Firmware Upgrade site.
Flash instruction (recovery):
1. Set PC to fixed IP address 192.168.0.66
2. Download lede-ar71xx-generic-archer-c60-v2-squashfs-factory.bin and
rename it to tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root
directory
4. Turn off the router
5. Press and hold reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time the firmware should
be transferred from the tftp server
8. Wait ~30 second to complete recovery
Flash instruction (under U-Boot, using UART):
tftp 0x81000000 lede-ar71xx-...-sysupgrade.bin
erase 0x9f030000 +$filesize
cp.b $fileaddr 0x9f030000 $filesize
reset
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
Those converted factory images can be used to regain the original
tp-link firmware.
Be aware of firmware upgrade which additional require changes of
other partition than os-image (kernel) & file-system (rootfs).
OEM factory images from tplink can change nearly all partitions.
However using those images, OpenWrt's sysupgrade will only
modify the partitions os-image and file-system.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
For some boards u-boot binary environment file is required,
which is generated by mkenvimage utility. But in OpenWrt there
is no separate support for mkenvimage, which is a part of u-boot tools.
mkenvimage gets built in u-boot/tools as well as mkimage anyways.
So lets just copy mkenvimage to the $(STAGING_DIR_HOST)/bin/ directory.
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: Hauke Mehrtens <hauke@hauke-m.de>
CC: John Crispin <john@phrozen.org>
This device is identical as TP-Link RE450
RE355 is a dual-band AC1200 router, based on Qualcomm/Atheros
QCA9558+QCA9880.
Specification:
720/600/200 MHz (CPU/DDR/AHB)
64/128 MB of RAM (DDR2)
8 MB of FLASH (SPI NOR)
3T3R 2.4 GHz
3T3R 5 GHz
1x 10/100/1000 Mbps Ethernet
7x LED, 3x button
UART header on PCB
Flash instruction:
Web:
Download lede-ar71xx-generic-archer-c60-v2-squashfs-factory.bin
and use OEM System Tools - Firmware Upgrade site.
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
According to console log during TP-Link TL-WR840N v5 OEM firmware update
procedure 0x3e0000-0x3f0000 64kB "config" partition, which is used to store
router's configuration settings, is erased and recreated again during every
OEM firmware update procedure, thus does not contain any valuable factory data.
So it is conviniant to use this extra 64kB erase block for jffs overlay due
limited flash size on this device like it used on TP-Link's ar71xx boards.
Signed-off-by: Serg Studzinskii <serguzhg@gmail.com>