Commit 432ec292cc ("rpcd: add respawn param") has introduced infinite
restarting of the service which could be reached over network. This is
not recommended security practice as it might give potential adversary
infinite number of tries in case there might be some issue in the rpcd
or its surrounding stack.
So lets remove the currently bogus `respawn_retry` variable (it wasn't
possible to override it anyway), reverting to the previous default max.
of 5 service restarts which could be now overriden via system's UCI
settings if desired.
Cc: Jo-Philip Wich <jow@mein.io>
Cc: Florian Eckert <fe@dev.tdt.de>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: 432ec292cc ("rpcd: add respawn param")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 52e6fb1369)
We must ensure that host ncurses is build before host readline.
Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
(cherry picked from commit ecef29b294)
In order to build squashfskit with GCC10, this backport from upstream is needed.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
[increase PKG_RELEASE]
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit be4ed1db18)
There is a restriction in the number of parameters(10) that may be passed to
the SetupHostCommand macro so continually adding explicit gcc'n' version
checks ends up breaking the compiler check for the later versions and
oddballs like Darwin as was done in 835d1c68a0 which added gcc10.
Drop all the explicitly specified gcc version checks. If a suitable gcc
compiler is not found, it may be specified at the dependency checking
stage after which that version will be symlinked into the build staging
host directory.
eg. 'CC=gccfoo CXX=g++foo make prereq'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 1fb3c003d6)
Lets add GCC 10 detection to the build system as distributions like Fedora 32 have started shipping with it.
Some tools like mtd-utils need work to compile under GCC10, but that will be next step.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit 835d1c68a0)
This adds patches to avoid possible application breakage caused by a
change in behavior introduced in 1.1.1e. It affects at least nginx,
which logs error messages such as:
nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error:
4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while
keepalive, client: xxxx, server: [::]:443
Openssl commits db943f4 (Detect EOF while reading in libssl), and
22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the
behavior when encountering an EOF in SSL_read(). Previous behavior was
to return SSL_ERROR_SYSCALL, but errno would still be 0. The commits
being reverted changed it to SSL_ERRO_SSL, and add an error to the
stack, which is correct. Unfortunately this affects a number of
applications that counted on the old behavior, including nginx.
The reversion was discussed in openssl/openssl#11378, and implemented as
PR openssl/openssl#11400.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 2e8a4db9b6)
Since commit 557f11b3a20f ("instance: provide error feedback if ujail
binary is missing") worrying log spam of the form "unable to find
/sbin/jail ..." may be encountered.
This corresponds with the changes done in the upstream commit
bcb86554f1b4 ("instance: add 'requirejail' attribute").
Ref: https://forum.openwrt.org/t/openwrt-19-07-2-service-release/57066
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Without this patch, when using rev 3 of the Atheros AR9344 SoC, the
gigabit switch (AR8327) does not work or works very erratically.
This is a re-spin of http://patchwork.ozlabs.org/patch/419857/ with a
different PLL value, according to the feedback from several users
(including myself) as shown here:
https://openwrt.org/toh/mikrotik/rb2011uias#tracking_reported_experience_with_suggested_patch_for_the_5_gige_ports
Performance is acceptable: testing L3 forwarding without NAT yields a
performance of 370 Mbit/s (iperf3 TCP) and 41 Kpps (iperf3 UDP with 64
bytes payload). Both tests show that 100% of CPU time is spent on softirq.
A similar fix for a different device (RB2011) was added in e457d22261
("Make GBit switch work on RB2011").
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 247043c968)
This ports support for the TL-WA860RE v1 range extender from ar71xx
to ath79.
Specifications:
Board: AP123 / AR9341 rev. 3
Flash/RAM: 4/32 MiB
CPU: 535 MHz
WiFi: 2.4 GHz b/g/n
Ethernet: 1 port (100M)
Two external antennas
Flashing instructions:
Upload the factory image via the vendor firmware upgrade option.
Recovery:
Note that this device does not provide TFTP via ethernet like many
other TP-Link devices do. You will have to open the case if you
require recovery beyond failsafe.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Sebastian Knapp <sebastian4842@outlook.com>
(cherry picked from commit 385f4868bc)
This ports support for the TL-WA850RE v1 range extender from ar71xx
to ath79.
Specifications:
Board: AP123 / AR9341 rev. 3
Flash/RAM: 4/32 MiB
CPU: 535 MHz
WiFi: 2.4 GHz b/g/n
Ethernet: 1 port (100M)
Flashing instructions:
Upload the factory image via the vendor firmware upgrade option.
Recovery:
Note that this device does not provide TFTP via ethernet like many
other TP-Link devices do. You will have to open the case if you
require recovery beyond failsafe.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6eaea3a8ba)
Use power led for device status.
The status led behavior has already been fixed in af28d8a539
("ath79: add support for GL.iNet GL-AR750S") when porting the
device to ath79. This fixes it for ar71xx as well.
Signed-off-by: Jan Alexander <jan@nalx.net>
[minor commit title/message adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit d394c354ee)
Build of the brcm2708 subtarget currently fails with the following error
message:
arch/arm/lib/memset_rpi.S: Assembler messages:
arch/arm/lib/memset_rpi.S:65: Error: garbage following instruction
-- `orr DAT0,DAT0,lsl#8'
arch/arm/lib/memset_rpi.S:67: Error: garbage following instruction
-- `orr DAT0,DAT0,lsl#16'
scripts/Makefile.build:427: recipe for target 'arch/arm/lib/memset_rpi.o'
failed
Using the assembly notation from master fixes this error.
Signed-off-by: David Bauer <mail@david-bauer.net>
Add option 'scriptarp' to uci dnsmasq config to enable --script-arp functions.
The default setting is false, meaning any scripts in `/etc/hotplug.d/neigh` intended
to be triggered by `/usr/lib/dnsmasq/dhcp-script.sh` will fail to execute.
Also enable --script-arp if has_handlers returns true.
Signed-off-by: Jordan Sokolic <oofnik@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
This version includes bug and security fixes, including medium-severity
CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit dcef8d6093)
This adds commented configuration help for the alternate, afalg-sync
engine to /etc/ssl/openssl.cnf.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d9d689589b)
This time DTS fix, again from Sungbo Eo <mans0n@gorani.run>
ARM: dts: oxnas: Fix clear-mask property
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9e5a25846f)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Sungbo Eo <mans0n@gorani.run> submitted another patch fixing an error
on reboot:
irqchip/versatile-fpga: Apply clear-mask earlier
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 19af00850f)
Hardware:
SoC: AR9344
CPU: 560 MHz
Flash: 8 MiB
RAM: 128 MiB
WiFi: Atheros AR9340 2.4GHz 802.11bgn
Atheros AR9300 5GHz 802.11an
Ethernet: AR934X built-in switch, WAN on separate physical interface
USB: 1x 2.0
Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.
Flash instruction (TFTP):
1. Set PC to fixed ip address 192.168.0.66
2. Download *-factory.bin image and rename it to
wdr3500v1_tp_recovery.bin
3. Start a tftp server with the image file in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[removed stray newline]
Signed-off-by: David Bauer <mail@david-bauer.net>
(backported from commit fbbb4eb8b4)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
TP-Link Archer C60 v3 is a dual-band AC1350 router,
based on Qualcomm/Atheros QCA9561 + QCA9886.
It seems to be identical to the v2 revision, except that
it lacks a WPS LED and has different GPIO for amber WAN LED.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 6x LED, 2x button
- UART header on PCB
Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.
Flash instruction (TFTP):
1. Set PC to fixed IP address 192.168.0.66
2. Download *-factory.bin image and rename it to tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root
directory
4. Turn off the router
5. Press and hold reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time the firmware should
be transferred from the tftp server
8. Wait ~30 second to complete recovery
While TFTP works for OpenWrt images, my device didn't accept the
only available official firmware "Archer C60(EU)_V3.0_190115.bin".
In contrast to earlier revisions (v2), the v3 contains the (same)
MAC address twice, once in 0x1fa08 and again in 0x1fb08.
While the partition-table on the device refers to the latter, the
firmware image contains a different partition-table for that region:
name device firmware
factory-boot 0x00000-0x1fb00 0x00000-0x1fa00
default-mac 0x1fb00-0x1fd00 0x1fa00-0x1fc00
pin 0x1fd00-0x1fe00 0x1fc00-0x1fd00
product-info 0x1fe00-0x1ff00 0x1fd00-0x1ff00
device-id 0x1ff00-0x20000 0x1ff00-0x20000
While the MAC address is present twice, other data like the PIN isn't,
so with the partitioning from the firmware image the PIN on the device
would actually be outside of its partition.
Consequently, the patch uses the MAC location from the device (which
is the same as for the v2).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 646d95c374)
Sungbo Eo <mans0n@gorani.run> posted a patch fixing the long-standing
reboot problem on the OXNAS OX820 platform:
irqchip/versatile-fpga: Handle chained IRQs properly
It got queued for 5.7. Import it to oxnas target patches for now.
Fixes: b4917fa907 ("oxnas: fix oxnas-rps-timer dt-match")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 67b04e767a)
kmod-i2c-mux-pca954x will not get into images unless kmod-i2c-mux is added to
DEVICE_PACKAGES as well.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit dffbe668ab)
This adds support for the TP-Link TL-WR740N v5, a clone of the
v4 only with a different TPLINK_HWID. It was already supported
in ar71xx as well.
Specifications:
SOC: Atheros AR9331
CPU: 400MHz
Flash: 4 MiB
RAM: 32 MiB
WLAN: Atheros AR9330 bgn
Ethernet: 5 ports (100M)
Flashing instructions:
- Flash factory image from OEM WebUI:
openwrt-ath79-tiny-tplink_tl-wr740n-v5-squashfs-factory.bin
- Sysupgrade from ar71xx image:
openwrt-ath79-tiny-tplink_tl-wr740n-v5-squashfs-sysupgrade.bin
Signed-off-by: Jun Su <howard0su@gmail.com>
[commit title/message facelift, backport for 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit b9f4f1f97a)
The labels on the LAN ports of the TP-Link Archer C60 v1/v2 are
actually inverted compared to the ports of the internal switch.
Add this information to 02_network.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 14a07fa1f0)
The labels on the LAN ports of the TP-Link Archer C60 v1/v2 are
actually inverted compared to the ports of the internal switch.
Add this information to 02_network.
This is the same for to-be-supported v3 of this device.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit b054729899)
The adjustment of the MAC address for Archer C60 v2 in 10_fix_wifi_mac
is broken since a "mac" partition is not set up for this device on
ar71xx. Instead, the MAC address is already patched correctly in
11-ath10k-caldata.
Remove the useless adjustment.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit cbdc919024)
The MAC addresses for lan/wan are swapped compared to the vendor
firmware. This adjusts to vendor configuration, which is:
lan *:7b label
wan *:7c label+1
2.4g *:7b label
5g *:7a label-1
Only one address is stored in <&mac 0x8>, corresponding to the label.
This has been checked on revisions v1, v2 and v3.
Since ar71xx calculates the ath10k MAC address based on the ethernet
addresses, the number there is adjusted, too.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 14eb54938b)
The MAC addresses for lan/wan are swapped compared to the vendor
firmware. This adjusts to vendor configuration, which is:
lan *:7b label
wan *:7c label+1
2.4g *:7b label
5g *:7a label-1
Only one address is stored in <&mac 0x8>, corresponding to the label.
This has been checked on revisions v1, v2 and v3.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 88aead0a66)
This adds the direct dependencies introduced by TARGET_LDFLAGS
to the package's DEPENDS variable.
This was found by accidentally building rssileds on octeon, which
resulted in:
"Package rssileds is missing dependencies for the following libraries:
libnl-tiny.so"
Though the dependencies are provided when building for the
relevant targets ar71xx, ath79 and ramips, it seems more tidy to
specify them explicitly.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a5b2c6f5ed)
8682e0d0b49c mt76: speed up usb bulk copy
884c25e7caca mt76: usb: use max packet length for m76u_copy
1ad98b95cf4a mt76: mt76u: rely only on data buffer for usb control messagges
3d491603caff mt76: fix array overflow on receiving too many fragments for a packet
9792a62e7f30 mt76: set dma-done flag for flushed descriptors
53233cdf9486 mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw
a4ae9219e6c7 mt76: dma: do not write cpu_idx on rx queue reset until after refill
1198fa57d185 mt76: mt7603: increase dma mcu rx ring size
91cd5be6ee37 mt76: avoid extra RCU synchronization on station removal
7d7fb26bb78a mt76: mt76x2: avoid starting the MAC too early
aac609809de1 mt76: fix LED link time failure
18627db2e633 mt76: mt76x0u: add support to TP-Link T2UHP
5ecfdb1a6e0a mt76: mt76x02: fix handling MCU timeouts during hw restart
f7e9be89db59 mt76: mt7603: add upper limit for dynamic sensitivity minimum receive power
23b834485070 mt76: mt7603: enable dynamic sensitivity adjustment by default
08054d5ab135 mt76: mt76x02: reset MCU timeout counter earlier in watchdog reset
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Doing up & down on non-Ethernet devices (e.g. monitor mode interface)
was consuming memory.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ec8e8e2ef0)
The rpcd service is an important service, but if the service stops
working for any reason, no one will ever respawn that service. With this
commit, the procd service will monitor if the rpcd service
is running. If the rpcd service has crashed, then
procd respawns the rpcd service.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 432ec292cc)
When changing the LED names for the Archer C7 to represent the correct
color, a migration for existing UCI entries was not created.
Add a migration to keep existing LED configurations working.
Fixes commit c79c001b59 ("ar71xx: Archer C7 v1 LED names and RFKILL
fixes")
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 4349d4c682)
The AVM FRITZ!WLAN Repeater 450E's WPS button is not active low.
Correct the active low flag to avoid unintenional activation of
failsafe mode on boot.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 1d4f2ca610)
When porting support from ar71xx to ath79, the reset-gpios option was
missed. Due to a hardware bug, this would eventually leave the devices
with RX-deaf Ethernet PHY.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(cherry picked from commit 6613a7f5cc)
This commit adds support for the NanoStation Loco M2/M5 XW devices
on the ath79 target (support was long ago available on ar71xx).
Specifications:
- AR9342 SoC @ 535 MHz
- 64 MB RAM
- 8 MB SPI flash
- 1x 10/100 Mbps Ethernet, 24 Vdc PoE-in
- AR8032 switch
- 2T2R 5 GHz radio, 22 dBm
- 13 dBi built-in antenna
- POWER/LAN green LEDs
- 4x RSSI LEDs (red, orange, green, green)
- UART (115200 8N1) on PCB
Flashing via TFTP:
- Use a pointy tool (e.g., pen cap, paper clip) and keep the reset
button on the device or on the PoE supply pressed
- Power on the device via PoE (keep reset button pressed)
- Keep pressing until LEDs flash alternatively LED1+LED3 =>
LED2+LED4 => LED1+LED3, etc.
- Release reset button
- The device starts a TFTP server at 192.168.1.20
- Set a static IP on the computer (e.g., 192.168.1.21/24)
- Upload via tftp the factory image:
$ tftp 192.168.1.20
tftp> bin
tftp> trace
tftp> put openwrt-ath79-generic-xxxxx-ubnt_nanostation-loco-m-xw-squashfs-factory.bin
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(backported from commit 633c4304ad)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This reverts commit 6b7eeb74db since it
didn't contain a reference to the CVE it addresses. The next commit
will re-add the commit including a CVE reference in its commit message.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
It has been notice a buf in L2 cache scaling where the scaling is not
done proprely if the frequency is set to the initial state before
the new frequency.
From: https://patchwork.kernel.org/patch/10565443/
* The clocks are set to aux clock rate first to make sure the
* secondary mux is not sourcing off of QSB. The rate is then set to
* two different rates to force a HFPLL reinit under all
* circumstances.
In the initial stage of boot to force a new frequency to apply, is
needed to first set the frequency back to the lowest one (aux_rate)
and then to the target one. This force and make sure the controller
actually switch the frequency to the right one. Apply the same
mechanism to L2 frequency scaling. Before scaling to the target
frequency, first set the frequency to the aux_rate to force the
transition, then scale it to the target frequency. Doing the wrong way
can produce unexpected results and could lock the scaling mechanism
until a full reboot is done (Causing a full reset by the krait-cc driver)
From: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=77612720a2362230af726baa4149c40ec7a7fb05
When the Hfplls are reprogrammed during the rate change,
the primary muxes which are sourced from the same hfpll
for higher frequencies, needs to be switched to the 'safe
secondary mux' as the parent for that small window. This
is done by registering a clk notifier for the muxes and
switching to the safe parent in the PRE_RATE_CHANGE notifier
and back to the original parent in the POST_RATE_CHANGE notifier.
This should apply also to L2 scaling... as we can't relly use
the notifier, we manually do this on L2 scaling.
Tested-By: Marc Benoit <marcb62185@gmail.com> [19.07: R7800]
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [nbg6817/ipq8065]
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit 5ab9c0b388)
Voltage tolerance is accounted per core, not per cpu, so add
missing DT entry.
Tested-By: Marc Benoit <marcb62185@gmail.com> [19.07: R7800]
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit 77e7d6c20d)