Commit Graph

1645 Commits

Author SHA1 Message Date
Alexander Couzens
ddc361f1a6 tools: assign PKG_CPE_ID
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining tools which have a CPE ID.
Not every tool has CPE id.

Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2023-09-27 17:23:27 +02:00
Sergey V. Lobanov
784565b6a0
tools/mkimage: fix build on MacOS arm64
Fixed -no-pie compilation warning on MacOS
Fixed errors related to using absolute addressing on MacOS arm64

Based on upstream patch from Jessica Clarke and suggestions from Ronny Kotzschmar

Link to original patch and discussion:
3b142045e8

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 8261b85844)
2022-12-09 03:25:49 +01:00
Adam Konrad
202d404f74 cmake: update to version 3.19.8
Updating CMake to latest patched version 3.19.8 which is fixing issue with ccache.

Related issue: https://github.com/openwrt/openwrt/issues/8555

Compile-tested: arm64

Signed-off-by: Adam Konrad <git@adamkonrad.com>
2022-12-06 23:58:42 +01:00
Petr Štetiar
c6d3f39ecc tools: remove xxd package
It shouldn't be needed anymore as we've now `scripts/xxdi.pl`, which
should be self contained and fully compatible `xxd -i` replacement.

Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 88c9056a70)
2022-09-21 11:52:40 +02:00
Isaev Ruslan
2f82fc6bf0 tools/libelf: alpine linux os type: linux-musl fix
Prevents ./configure "checking build system" test fail on Alpine linux.

Signed-off-by: Isaev Ruslan <legale.legale@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [commit description]
2022-08-28 07:58:46 +02:00
Josef Schlehofer
206d790680 tools/libressl: update to version 3.4.3
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt

```
It includes the following security fix:

    * A malicious certificate can cause an infinite loop.
      Reported by and fix from Tavis Ormandy and David Benjamin, Google.
      (CVE-2022–0778)
```

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 25534d5cc2)
2022-07-15 15:52:13 +02:00
Petr Štetiar
f65edc9b99 zlib: backport security fix for a reproducible crash in compressor
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.

Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.

Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b3aa2909a7)
(cherry picked from commit 3965dda0fa)
2022-03-24 09:40:12 +01:00
Daniel Golle
92020d4242 tools: xxd: use more convenient source tarball
Don't download all of vim just to build xxd. Use a tight tarball
containing only xxd sources instead.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2b94aac7a1)
2022-03-15 18:50:32 +01:00
Daniel Golle
17e9553284 tools: add xxd (from vim)
U-Boot requires xxd to create the default environment from an external
file as done in uboot-mediatek.
Build xxd (only, not the rest of vim) as part of tools to make sure it
is present on the buildhost.

Reported-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c4dd2441e7)
2022-03-15 18:50:26 +01:00
Josef Schlehofer
0327104686 tools/libressl: update to version 3.4.2
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt

```
It includes the following security fix

  * In some situations the X.509 verifier would discard an error on an
    unverified certificate chain, resulting in an authentication bypass.
    Thanks to Ilya Shipitsin and Timo Steinlein for reporting.
```

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 495c4f4e19)
2022-03-06 20:56:23 +01:00
Rosen Penev
8ed3b5b04b tools/libressl: update to 3.4.1
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 03bb3412a2)
2022-03-06 20:56:23 +01:00
Rosen Penev
2736a5df94 tools/libressl: update to 3.3.4
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f78ad901e1)
2022-03-06 20:56:23 +01:00
Rosen Penev
49b2e6365d tools/libressl: update to 3.3.3
Fix wrong FPIC variable usage. Fixes compilation under sparc64 host.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit bf4dbbb55e)
2022-03-06 20:56:23 +01:00
Rosen Penev
b7af850bd2 tools/mtools: update to 4.0.35
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from commit aae4bf7c62)
2022-02-16 20:38:47 +01:00
Felix Fietkau
5d553d8767 tools/fakeroot: fix unresolved symbols on arm64 macOS
The $INODE64 symbol variants are not present, since the base system
always uses 64-bit file offsets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 53ebacacf9)
2022-02-16 20:38:47 +01:00
Sergey V. Lobanov
c8d6a7c84e tools/fakeroot: fix build on MacOS arm64
Added patch for MacOS without 32 bit inodes support
(__DARWIN_ONLY_64_BIT_INO_T is true)

This patch based on discussion https://github.com/archmac/bootstrap/issues/4

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry-picked from commit 8fedc17d01)
2022-02-16 20:38:47 +01:00
Felix Fietkau
83bf22ba2e tools/fakeroot: explicitly pass CPP variable
For some reason, the generated configure script fails to properly set up
the internal preprocessor command variable, causing the host OS check for
Darwin to fail after the last update.
Explicitly setting CPP fixes this issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 48e209e5c5)
2022-02-16 20:38:47 +01:00
Matthias Schiffer
b59f3b08b4
firmware-utils: tplink-safeloader: fix Archer A7v5 factory flashing from vendor fw > v1.1.x
Apply the same fix that was previously done for the Archer C7v5 to the
A7v5 as well to make the web UI accept our images again.

This is a backport of firmware-utils
commit 84dbf8ee49f522d3a4528763c9473cf3dd7c8c52.

Tested-by: Luflosi <luflosi@luflosi.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2022-01-14 23:15:05 +01:00
DENG Qingfang
8166bbf680 ccache: update to 4.2.1
Update ccache to 4.2.1

While compiling on Gentoo, the ccache can not be compiled due to this
error:

/openwrt/build_dir/host/ccache-4.1/unittest/../src/third_party/doctest.h:4084:47: error: size of array 'altStackMem' is not an integral constant-expression
 4084 |         static char             altStackMem[4 * SIGSTKSZ];
      |                                               ^

This was fixed in ccache version 4.2.1 [1] by upgrading doctest [2].

[1] https://github.com/ccache/ccache/issues/825
[2] https://github.com/doctest/doctest/issues/473

Signed-off-by: DENG Qingfang <dqfext@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patch]
(cherry picked from commit 3ebfd0078d)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[improved commit message]
2021-12-29 21:18:52 +01:00
Rui Salvaterra
a13efd2253 tools/isl: update the download URL
isl.gforge.inria.fr has been dead since early this month [1]. Switch to
libisl.sourceforge.io for the time being.

[1] https://groups.google.com/g/isl-development/c/JGaMo2VUu_8

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit dd0ad9b661)
2021-10-21 22:31:22 +02:00
Rosen Penev
aa2d61eced tools/m4: update to 1.4.19
Remove upstreamed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fc9682ed39)
2021-10-20 22:47:20 +02:00
Michael Pratt
7a4bd9cc51 ath79: use dynamic partitioning for TP-Link CPE series
CPExxx and WBSxxx boards with AR9344 SOC
use the OKLI lzma kernel loader
with the offset of 3 blocks of length 4k (0x3000)
in order to have a fake "kernel" that cannot grow larger
than how it is defined in the now static OEM partition table.

Before recent changes to the mtdsplit driver,
the uImage parser for OKLI only supported images
that started exactly on an eraseblock boundary.

The mtdsplit parser for uImage now supports identifying images
with any magic number value
and at any offset from the eraseblock boundary
using DTS properties to define those values.

So, it is no longer necessary to use fixed sizes
for kernel and rootfs

Tested-by: Andrew Cameron <apcameron@softhome.net>  [CPE510 v2]
Tested-by: Bernhard Geier <freifunk@geierb.de>      [WBS210 v2]
Tested-by: Petrov <d7c48mWsPKx67w2@gmail.com>       [CPE210 v1]
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit 7b9a0c264c)
2021-06-18 08:39:14 +02:00
Georgi Vlaev
31be361269 ramips: add support for TP-Link Archer C6U v1 (EU)
This patch adds support for TP-Link Archer C6U v1 (EU).
The device is also known in some market as Archer C6 v3.
This patch supports only Archer C6U v1 (EU).

Specifications:
--------------

* SoC: Mediatek MT7621AT 2C2T, 880MHz
* RAM: 128MB DDR3
* Flash: 16MB SPI NOR flash (Winbond 25Q128)
* WiFi 5GHz: Mediatek MT7613BEN (2x2:2)
* WiFi 2.4GHz: Mediatek MT7603EN (2x2:2)
* Ethernet: MT7630, 5x 1000Base-T.
* LED: Power, WAN, LAN, WiFi 2GHz and 5GHz, USB
* Buttons: Reset, WPS.
* UART: Serial console (115200 8n1), J1(GND:3)
* USB: One USB2 port.

Installation:
------------

Install the OpenWrt factory image for C6U is from the
TP-Link web interface.

1) Go to "Advanced/System Tools/Firmware Update".
2) Click "Browse" and upload the OpenWrt factory image:
openwrt-ramips-mt7621-tplink_archer-c6u-v1-squashfs-factory.bin.
3) Click the "Upgrade" button, and select "Yes" when prompted.

Recovery to stock firmware:
--------------------------

The C6U bootloader has a failsafe mode that provides a web
interface (running at 192.168.0.1) for reverting back to the
stock TP-Link firmware. The failsafe interface is triggered
from the serial console or on failed kernel boot. Unfortunately,
there's no key combination that enables the failsafe mode. This
gives us two options for recovery:

1) Recover using the serial console (J1 header).
The recovery interface can be selected by hitting 'x' when
prompted on boot.

2) Trigger the bootloader failsafe mode.
A more dangerous option is force the bootloader into
recovery mode by erasing the OpenWrt partition from the
OpenWrt's shell - e.g "mtd erase firmware". Please be
careful, since erasing the wrong partition can brick
your device.

MAC addresses:
-------------

OEM firmware configuration:
D8:07:B6:xx:xx:83 : 5G
D8:07:B6:xx:xx:84 : LAN (label)
D8:07:B6:xx:xx:84 : 2.4G
D8:07:B6:xx:xx:85 : WAN

Signed-off-by: Georgi Vlaev <georgi.vlaev@konsulko.com>
(cherry picked from commit a46ad596a3)
2021-06-10 17:09:35 +02:00
Vinay Patil
30915e5a70 ramips: add support for TP-Link Archer A6 v3
The patch adds support for the TP-Link Archer A6 v3
The router is sold in US and India with FCC ID TE7A6V3

Specification
-------------
MediaTek MT7621 SOC
RAM:         128MB DDR3
SPI Flash:   W25Q128 (16MB)
Ethernet:    MT7530 5x 1000Base-T
WiFi 5GHz:   Mediatek MT7613BE
WiFi 2.4GHz: Mediatek MT7603E
UART/Serial: 115200 8n1

Device Configuration & Serial Port Pins
---------------------------------------
ETH Ports:    LAN4 LAN3 LAN2 LAN1 WAN
             _______________________
             |                     |
Serial Pins: |   VCC GND TXD RXD   |
             |_____________________|

LEDs:         Power Wifi2G Wifi5G LAN WAN

Build Output
------------
The build will generate following set of files
[1] openwrt-ramips-mt7621-tplink_archer-a6-v3-initramfs-kernel.bin
[2] openwrt-ramips-mt7621-tplink_archer-a6-v3-squashfs-factory.bin
[3] openwrt-ramips-mt7621-tplink_archer-a6-v3-squashfs-sysupgrade.bin

How to Use - Flashing from TP-Link Web Interface
------------------------------------------------
* Go to "Advanced/System Tools/Firmware Update".
* Click "Browse" and upload the OpenWrt factory image: factory.bin[2]
* Click the "Upgrade" button, and select "Yes" when prompted.

TFTP Booting
------------
Setup a TFTP boot server with address 192.168.0.5.
While starting U-boot press '4' key to stop autoboot.
Copy the initramfs-kernel.bin[1] to TFTP server folder, rename as test.bin
From u-boot command prompt run tftpboot followed by bootm.

Recovery
--------
Archer A6 V3 has recovery page activated if SPI booting from flash fails.
Recovery page can be activated from serial console only.
Press 'x' while u-boot is starting
Note: TFTP boot can be activated only from u-boot serial console.
Device recovery address: 192.168.0.1

Thanks to: Frankis for Randmon MAC address fix.

Signed-off-by: Vinay Patil <post2vinay@gmail.com>
[remove superfluous factory image definition, whitespacing]
Signed-off-by: David Bauer <mail@david-bauer.net>

(cherry picked from commit f8f8935adb)
2021-06-10 17:09:35 +02:00
Kevin Darbyshire-Bryant
27f4559281 firmware-utils: fix coverity zytrx.c resource leak
fix coverity resource leak warning:

    	*len = stat.st_size;
    	mapped = mmap(NULL, stat.st_size, PROT_READ, MAP_SHARED, fd, 0);
    	if (close(fd) < 0)
CID 1484880:  Resource leaks  (RESOURCE_LEAK)
Variable "mapped" going out of scope leaks the storage it points to.
    		return NULL;
    	return mapped;
    }

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit baf2a50ef3)
2021-06-10 17:09:35 +02:00
Bjørn Mork
dd6f02a3f4 firmware-utils: zytrx: Add util for ZyXEL specific header
The ZyXEL NR7101 prepend an additional header to U-Boot images. This
header use the TRX magic 0x30524448 (HDR0), but is incompatible with
TRX images.

This code is reverse-engineered based on matching 32 bit numbers
found in the header with lengths and different checksum
calculations of the vendor images found on the device.  The result
was matched against the validation output produced by the
bootloader to name the associated header fields.

Example bootloader validation output:

 Zyxel TRX Image 1 --> Found!  Header Checksum OK
 ============ZyXEL header information==================
         chipId             : MT7621A
         boardId            : NR7101
         modelId            : 07 01 00 01
         kernel_len         : (14177560)
         kernelChksum       : (0x8DD31F69)
         swVersionInt       : 1.00(ABUV.0)D1
         swVersionExt       : 1.00(ABUV.0)D1

 Zyxel TRX Image 2 --> Found!  Header Checksum OK
 ============ZyXEL header information==================
         chipId             : MT7621A
         boardId            : NR7101
         modelId            : 07 01 00 01
         kernel_len         : (14176660)
         kernelChksum       : (0x951A7637)
         swVersionInt       : 1.00(ABUV.0)D0
         swVersionExt       : 1.00(ABUV.0)D0

 =================================================
 Check image validation:
 Image1 Header Magic Number --> OK
 Image2 Header Magic Number --> OK
 Image1 Header Checksum --> OK
 Image2 Header Checksum --> OK
 Image1 Data Checksum --> OK
 Image2 Data Checksum --> OK
 Image1 Stable Flag --> Stable
 Image1 Try Counter --> 0
 Image1: OK
 Image2: OK

The coverage and algorithm for the kernelChksum field is unknown.
This field is not validated by the bootloader or the OEM firmware
upgrade tool. It is therefore set to a static value for now.

The swVersion fields contain free form string values.  The OEM firmware
use ZyXEL structured version numbers as shown above.  The strings are
not interpreted or validated on boot, so they can be repurposed for
anything we want the bootloader to display to the user.  But the OEM
web GUI fails to flash images with freeform strings.

The purpose of the other strings in the header is not known.  The
values appear to be static.  We assume they are fixed for now, until
we have other examples.  One of these strings is the platform name,
which is taken as an input parameter for support other members of
the device family.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Tested-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit 48cad07a55)
2021-06-10 17:09:35 +02:00
Ruslan Isaev
a162fe9a96 fakeroot: Alpine linux libc.musl build error fix
Prevent build error on Alpine Linux host:
libfakeroot.c error: conflicting types for 'id_t'
Error relocating openwrt/staging_dir/host/lib/libfakeroot.so: SEND_GET_XATTR: symbol not found

Signed-off-by: Ruslan Isaev <legale.legale@gmail.com>
(cherry picked from commit 7a70f78fb7)
2021-05-23 16:10:59 +02:00
David Adair
a52842a8d0 ccache: Build with ENABLE_DOCUMENTATION=OFF
This adjusts the Makefile to use the new option to turn off the
doc builds. It will not cause any problems except a warning
about unused options if combined with a ccache source missing
the upstream patch.

Since a config setting is required to re-enable the doc build this
is equivalent to unconditionally disabling the docs if the config
setting is not created.

Signed-off-by: David Adair <djabhead@aol.com>
(cherry picked from commit 2d15468323)
2021-05-23 16:10:59 +02:00
Alex Henrie
10a535a90c tplink-safeloader: fix product_name of TP-Link AD7200
The stock firmware does not accept firmware with "Talon" in the name.

Tested on firmware version 1.0.10 Build 20160902 rel. 57400 which came
preinstalled, as well as latest firmware version 2.0.1 Build 20170103
rel.71053 flashed from
AD7200v1-up-ver2-0-1-P1[20170103-rel71053]_2017-01-04_10.08.28.bin.

Fixes: 1a775a4fd0 ("ipq806x: add support for TP-Link Talon AD7200")
Signed-off-by: Alex Henrie <alexhenrie24@gmail.com>
[added details about vendor firmware]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit dfef88b6ca)
2021-05-06 09:53:44 +02:00
Petr Štetiar
6fd65c6573 tplink-safeloader: fix C7v5 factory flashing from vendor fw > v1.1.x
Currently it's not possible to flash factory images on devices shipped
with vendor firmware versions 1.1.0 Build 20201120 rel. 50406 (published
2020-12-22):

 (curFw_ver, newFw_ver) == (1.1, 1.0) [NM_Error](nm_checkSoftVer) 00848: Firmwave not supports, check failed.
 [NM_Error](nm_checkUpdateContent) 01084: software version dismatched
 [NM_Error](nm_buildUpgradeStruct) 01188: checkUpdateContent failed.

They've even following note in release notes:

 Note: You will be unable to downgrade to the previous firmware version
       after updating this firmware.

This version check in vendor firmware is implemented in
/usr/bin/nvrammanager binary likely as following C code[1]:

 sscanf(buf, "%d.%d.%*s",&upd_fw_major, &upd_fw_minor);
 ...
 if (((int)upd_fw_major < (int)cur_fw_major) ||
     ((ret = 1, cur_fw_major == upd_fw_major && (upd_fw_minor < (int)cur_fw_minor)))) {
       ret = 0;
       printf("[NM_Error](%s) %05d: Firmwave not supports, check failed.\r\n\r\n","nm_checkSoftVer" ,0x350);
 }
 ...
 return ret;

So in order to fix this and make it future proof it should be enough to
ship our factory firmware images with major version 7 (lucky number).

Tested on latest firmware version 1.1.2 Build 20210125 rel.37999:

 Firmwave supports, check OK.
  (curFw_ver, newFw_ver) == (1.1, 7.0) check firmware ok!

Flashing back to vendor firmware
c7v5_us-up-ver1-1-2-P1[20210125-rel37999]_2021-01-25_10.33.55.bin works
as well:

 U-Boot 1.1.4-gbec22107-dirty (Nov 18 2020 - 18:19:12)
 ...
 Firmware downloaded... filesize = 0xeeae77 fileaddr = 0x80060000.
 Firmware Recovery file length : 15642231
 Firmware process id 2.
 handle_fw_cloud 146
 Image verify OK!
 Firmware file Verify ok!
 product-info:product_name:Archer C7
 product_ver:5.0.0
 special_id:55530000
 [Error]sysmgr_cfg_checkSupportList(): 1023 @ specialId 45550000 NOT Match.
 Firmware supports, check OK.
 Firmware Recovery check ok!

1. https://gist.github.com/ynezz/2e0583647d863386a66c3d231541b6d1

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit e6d66375cb)
2021-04-13 10:36:47 +02:00
Rafał Miłecki
91e0865ff5 firmware-utils: bcm4908img: convert into a package
bcm4908img is a tool managing BCM4908 platform images. It's used for
creating them as well as checking, modifying and extracting data from.

It's required by both: host (for building firmware images) and target
(for sysupgrade purposes). Make it a host/target package.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9b4fc4cae9)
2021-04-08 13:16:13 +02:00
Rafał Miłecki
7b3bde801b firmware-utils: bcm4908img: fix uninitialized var usage
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5a2086d230)
2021-04-08 13:16:13 +02:00
Rafał Miłecki
2e2b583393 firmware-utils: bcm4908img: extract bootfs without padding
JFFS2 bootfs partition in a BCM4908 image usually includes some padding.
For flashing it individually (writing to designed MTD partition) we want
just JFFS2 data.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ed7edf88e2)
2021-04-08 13:16:13 +02:00
Rafał Miłecki
fe302010d3 firmware-utils: bcm4908img: fix extracting cferom
Fix offset to extract proper data when image contains vendor header.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit dcbde11af1)
2021-04-08 13:16:12 +02:00
Rafał Miłecki
e708c5ef08 firmware-utils: bcm4908img: support extracting bootfs & rootfs
It's required for upgrading firmware using single partitions instead of
just blindly writing whole image.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e33957c241)
2021-04-08 13:16:12 +02:00
Rafał Miłecki
cbf8ac82c6 firmware-utils: bcm4908img: replace size with offset
It's much easier to operate on BCM4908 image data with absolute offset
of each section stored. It doesn't require summing sizes over and over.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5314cab729)
2021-04-08 13:16:12 +02:00
Rafał Miłecki
f1f1ecfab4 firmware-utils: bcm4908img: add bootfs support
This adds support for accessing bootfs JFFS2 partition in the BCM4908
image. Support includes:
1. Listing files
2. Renaming file (requires unchanged name length)

Above commands are useful for flashing BCM4908 images which by defualt
come with cferom.000 file and require renaming it.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ed847ef5f3)
2021-04-08 13:16:12 +02:00
Rafał Miłecki
0b333eb093 firmware-utils: bcm4908img: support extracting image data
It's useful for upgrading cferom, firmware, etc.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9c039d56a1)
2021-04-08 13:16:12 +02:00
Rafał Miłecki
c1fb10feba firmware-utils: bcm4908img: find cferom size
It's important for modifying / extracting firmware content. cferom is
optional image content at the file beginning.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 6af45b842b)
2021-04-08 13:16:11 +02:00
Rafał Miłecki
e9a7c22d3c firmware-utils: bcm4908img: use "info" command displaying file info
BCM4908 image format contains some info that may be useful for info /
debugging purposes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9b9184f178)
2021-04-08 13:16:11 +02:00
Rafał Miłecki
6f6da65a8d firmware-utils: bcm4908img: support reading from stdin
1. Don't allow pipe stdin as we need to fseek()
2. Don't alow TTY as it doesn't make sense for binary input

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d533b27bc0)
2021-04-08 13:16:11 +02:00
Rafał Miłecki
c251ec739f firmware-utils: bcm4908img: detect Netgear vendor firmware
Netgear uses CHK header which needs to be skipped when validating
BCM4908 image. Detect it directly in the bcm4908img tool. Dealing with
binary structs and endianess is way simpler in C.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a39f85d8b6)
2021-04-08 13:16:11 +02:00
Rafał Miłecki
9db0cc5787 firmware-utils: bcm4908img: extract parsing code
Move code parsing existing firmware file to separated function. This
cleans up existing code and allows reusing parsing code for other
commands.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7d5f743942)
2021-04-08 13:16:11 +02:00
Rafał Miłecki
636b8bfac0 firmware-utils: bcm4908kernel: name struct fields
Less magic names / values.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a3611432a6)
2021-04-08 13:16:11 +02:00
Rafał Miłecki
cb16581df5 firmware-utils: bcm4908img: name fields & values
Less magic numbers

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1ff7569387)
2021-04-08 13:16:10 +02:00
Sander Vanheule
a7c0c9bb7e ramips: mt7621: add TP-Link EAP235-Wall support
The TP-Link EAP235-Wall is a wall-mounted, PoE-powered AC1200 access
point with four gigabit ethernet ports.

When connecting to the device's serial port, it is strongly advised to
use an isolated UART adapter. This prevents linking different power
domains created by the PoE power supply, which may damage your devices.

The device's U-Boot supports saving modified environments with
`saveenv`. However, there is no u-boot-env partition, and saving
modifications will cause the partition table to be overwritten. This is
not an issue for running OpenWrt, but will prevent the vendor FW from
functioning properly.

Device specifications:
* SoC: MT7621DAT
* RAM: 128MiB
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (MT7603EN): b/g/n, 2x2
* Wireless 5GHz (MT7613BEN): a/n/ac, 2x2
* Ethernet: 4× GbE
  * Back side: ETH0, PoE PD port
  * Bottom side: ETH1, ETH2, ETH3
* Single white device LED
* LED button, reset button (available for failsafe)
* PoE pass-through on port ETH3 (enabled with GPIO)

Datasheet of the flash chip specifies a maximum frequency of 33MHz, but
that didn't work. 20MHz gives no errors with reading (flash dump) or
writing (sysupgrade).

Device mac addresses:
Stock firmware uses the same MAC address for ethernet (on device label)
and 2.4GHz wireless. The 5GHz wireless address is incremented by one.
This address is stored in the 'info' ('default-mac') partition at an
offset of 8 bytes.
From OEM ifconfig:
    eth     a4:2b:b0:...:88
    ra0     a4:2b:b0:...:88
    rai0    a4:2b:b0:...:89

Flashing instructions:
* Enable SSH in the web interface, and SSH into the target device
* run `cliclientd stopcs`, this should return "success"
* upload the factory image via the web interface

Debricking:
U-boot can be interrupted during boot, serial console is 57600 baud, 8n1
This allows installing a sysupgrade image, or fixing the device in
another way.
* Access serial header from the side of the board, close to ETH3,
  pin-out is (1:TX, 2:RX, 3:GND, 4:3.3V), with pin 1 closest to ETH3.
* Interrupt bootloader by holding '4' during boot, which drops the
  bootloader into its shell
* Change default 'serverip' and 'ipaddr' variables (optional)
* Download initramfs with `tftpboot`, and boot image with `bootm`
    # tftpboot 84000000 openwrt-initramfs.bin
    # bootm

Revert to stock:
Using the tplink-safeloader utility from the firmware-utils package,
TP-Link's firmware image can be converted to an OpenWrt-compatible
sysupgrade image:
  $ ./staging_dir/host/bin/tplink-safeloader -B EAP235-WALL-V1 \
      -z EAP235-WALLv1_XXX_up_signed.bin -o eap235-sysupgrade.bin

This can then be flashed using the OpenWrt sysupgrade interface. The
image will appear to be incompatible and must be force flashed, without
keeping the current configuration.

Known issues:
- DFS support is incomplete (known issue with MT7613)
- MT7613 radio may stop responding when idling, reboot required.
  This was an issue with the ddc75ff704 version of mt76, but appears to
  have improved/disappeared with bc3963764d.
  Error notice example:
  [ 7099.554067] mt7615e 0000:02:00.0: Message 73 (seq 1) timeout

Hardware was kindly provided for porting by Stijn Segers.

Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit 1e75909a35)
2021-02-19 20:09:28 +01:00
Felix Fietkau
1da945b760 tools/fakeroot: fix build regression on macOS
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 19:58:54 +01:00
Ilya Lipnitskiy
43dc26af63 fakeroot: fix to work with glibc 2.33
The following commit removed _STAT_VER definitions from glibc:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8ed005daf0ab03e142500324a34087ce179ae78e

That subsequently broke fakeroot:
https://bugs.archlinux.org/task/69572
https://bugzilla.redhat.com/show_bug.cgi?id=1889862#c13
https://forum.openwrt.org/t/unable-to-build-toolchain-fakeroot-fails-perhaps-others-after-it/87966

Make the patch based on Jan Pazdziora's suggestion from here:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/SMQ3RYXEYTVZH6PLQMKNB3NM4XLPMNZO/

Add wrappers for newly exported symbols in glibc.

Apply patch from Debian to fix warnings in fts_read and fts_children:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676428
https://sources.debian.org/patches/fakeroot/1.25.3-1.1/eglibc-fts-without-LFS/

Fix __xmknod{,at} dev pointer argument. Switch default to assume * and
not the absence of *. On glibc 2.33+, there is no definition for these
functions in header files, so the compile test doesn't work. But, we
can default to using the pointer (as is the case with newer glibc), and
use the header file on older platforms to fail the test and use no pointer.

Tested on my x86_64 Arch Linux machine, fakeroot unit tests pass.
Also tested by building various .ipks and examining the tar contents, to
ensure that the owner uid/gid was 0/0.

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-02-15 07:39:43 +01:00
Ilya Lipnitskiy
0052daae60 tools/patchelf: bump to use latest master
Recent ABI_VERSION commits make use of patchelf. It was discovered that
with patchelf 0.10(and even 0.12) various big endian targets fail to
link against libubox SO that was processed through patchelf. Using
latest master patchelf fixes those link errors.

Potential commits affecting big-endian processing
884eccc4f0
d148bae6c1

Recent builds with failures:
http://buildbot.openwrt.org/master/images/builders/lantiq%2Fxrx200/builds/682
http://buildbot.openwrt.org/master/images/builders/ath79%2Fmikrotik/builds/449

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 07:12:51 +01:00
Hauke Mehrtens
e6ccb40ba5 tools: mkimage: Update U-Boot to version 2021.01
* The fit image is now created with 0666 permission in upstream U-Boot
  remove our patch switch creates it with 0744
* The generated/autoconf.h file is created now as an empty file, it is
  not needed to remove this include any more.
* Upstream lib/rsa/rsa-sign.c now includes stdlib.h instead of malloc.h
* ALIGN_MASK was moved to imagetool.h, own patch should not be needed
  any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-08 22:46:27 +01:00