Commit Graph

17938 Commits

Author SHA1 Message Date
Hauke Mehrtens
7aa8c00e4b ppp: Remove already applied patch
This patch was already applied upstream and not needed here.

Fixes: 06403981e1 ("ppp: update to version 2.4.7.git-2019-05-06")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-01 19:55:59 +01:00
Eneas U de Queiroz
ba40da9045 wolfssl: Update to v4.6.0-stable
This version fixes a large number of bugs, although no security
vulnerabilities are listed.

Full changelog at:
https://www.wolfssl.com/docs/wolfssl-changelog/
or, as part of the version's README.md:
https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md

Due a number of API additions, size increases from 374.7K to 408.8K for
arm_cortex_a9_vfpv3-d16.  The ABI does not change from previous version.

Backported patches were removed; remaining patch was refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-01-01 19:55:59 +01:00
Russell Senior
c22b689cf8 iproute2: update to 5.10.0
c8faeca5 (ss: mptcp: fix add_addr_accepted stat print, 2020-11-18)
0d78e8ea (tc: pedit: fix memory leak in print_pedit, 2020-12-11)
ec1346ac (devlink: fix memory leak in cmd_dev_flash(), 2020-12-11)
309e6027 (man: tc-flower: fix manpage, 2020-12-11)
376367d9 (uapi: merge in change to bpf.h, 2020-12-14)
2e80ae89 (Merge branch 'gcc-10' into main, 2020-12-03)
755b1c58 (tc/mqprio: json-ify output, 2020-12-02)
975c4944 (ip/netns: use flock when setting up /run/netns, 2020-11-27)
fb054cb3 (uapi: update devlink.h, 2020-11-29)
c95d63e4 (uapi: update devlink.h, 2020-11-29)
cae2e929 (f_u32: fix compiler gcc-10 compiler warning, 2020-11-29)
c0149839 (misc: fix compiler warning in ifstat and nstat, 2020-11-29)
2319db90 (tc: fix compiler warnings in ip6 pedit, 2020-11-29)
5bdc4e91 (bridge: fix string length warning, 2020-11-29)
f8176999 (devlink: fix uninitialized warning, 2020-11-29)
7a49ff9d (bridge: report correct version, 2020-11-15)
8682f588 (tc-mpls: fix manpage example and help message string, 2020-11-02)
7c7a0fe0 (tc-vlan: fix help and error message strings, 2020-11-02)
72f88bd4 (uapi: update kernel headers from 5.10-rc2, 2020-11-08)
b90c39be (rdma: fix spelling error in comment, 2020-11-08)
c8424b73 (man: fix spelling errors, 2020-11-08)
cbf64817 (tc/m_gate: fix spelling errors, 2020-11-08)
14b189f0 (uapi: updates from 5.10-rc1, 2020-11-03)
9fc5bf73 (libnetlink: define __aligned conditionally, 2020-10-26)
eb12cc9a (Merge branch 'main' into next, 2020-10-25)
f1298d76 (m_mpls: test the 'mac_push' action after 'modify', 2020-10-22)
2b7a7684 (Merge branch 'tipc-encryption' into next, 2020-10-20)
2bf1ba5a (tipc: add option to set rekeying for encryption, 2020-10-16)
5fb36818 (tipc: add option to set master key for encryption, 2020-10-16)
b4edd6a8 (Merge branch 'tc-mpls-l2-vpn' into next Guillaume Nault  says:, 2020-10-20)
02a261b5 (m_mpls: add mac_push action, 2020-10-19)
d61167dd (m_vlan: add pop_eth and push_eth actions, 2020-10-19)
3342688a (devlink: display elapsed time during flash update, 2020-10-14)
cb7ce51c (v5.9.0, 2020-10-15)
b5a583fb (Merge branch 'main' into next Signed-off-by: David Ahern <dsahern@gmail.com>, 2020-10-11)
78120128 (genl: ctrl: print op -> policy idx mapping, 2020-10-03)
91c54917 (Merge branch 'bridge-igmpv3-mldv2' into next Nikolay Aleksandrov  says:, 2020-10-11)
86588450 (bridge: mdb: print protocol when available, 2020-10-08)
2de81d1e (bridge: mdb: print source list when available, 2020-10-08)
1d28c480 (bridge: mdb: print filter mode when available, 2020-10-08)
e331677e (bridge: mdb: show igmpv3/mldv2 flags, 2020-10-08)
f94e8b07 (bridge: mdb: print fast_leave flag, 2020-10-08)
547b3197 (bridge: mdb: add support for source address, 2020-10-08)
f905191a (Update kernel headers, 2020-10-11)
4322b13c (ip xfrm: support setting XFRMA_SET_MARK_MASK attribute in states, 2020-10-02)
8dc1db80 (devlink: Add health reporter test command support, 2020-10-01)
01216471 (devlink: support setting the overwrite mask attribute, 2020-09-30)
34be2d26 (Update kernel headers, 2020-10-07)
d2be31d9 (ss: add support for xdp statistics, 2020-09-24)
f481515c (Update kernel headers, 2020-09-29)
b8663da0 (ip: promote missed packets to the -s row, 2020-09-16)
cec67df9 (Merge branch 'devlink-controller-external-info' into next Parav Pandit  says:, 2020-09-22)
748cbad3 (devlink: Show controller number of a devlink port, 2020-09-18)
8fadd011 (devlink: Show external port attribute, 2020-09-18)
454429e8 (Update kernel headers, 2020-09-22)
ad34d5fa (iproute2: ss: add support to expose various inet sockopts, 2020-08-19)
c8eb4b52 (Update kernel headers, 2020-09-08)
abee772f (tipc: support 128bit node identity for peer removing, 2020-08-27)
6fd53b2a (iplink: add support for protodown reason, 2020-08-28)
af27494d (ip xfrm: support printing XFRMA_SET_MARK_MASK attribute in states, 2020-08-28)
275eed9b (Merge branch 'main' into next, 2020-09-01)
cc889b82 (genl: ctrl: support dumping netlink policy, 2020-08-24)
d5acae24 (libnetlink: add nl_print_policy() helper, 2020-08-24)
784fa9f6 (libnetlink: add rtattr_for_each_nested() iteration macro, 2020-08-24)

OpenWrt patches unchanged.
Successfully built for ramips/mt7621 and x86/geode with:

CONFIG_PACKAGE_devlink=m
CONFIG_PACKAGE_genl=m
CONFIG_PACKAGE_ip-bridge=m
CONFIG_PACKAGE_ip-full=m
CONFIG_PACKAGE_ip-tiny=m
CONFIG_PACKAGE_nstat=m
CONFIG_PACKAGE_rdma=m
CONFIG_PACKAGE_ss=m
CONFIG_PACKAGE_tc=m

Minimally run-tested ip-tiny on ramips/mt7621 (ubnt-erx).

Signed-off-by: Russell Senior <russell@personaltelco.net>
2021-01-01 13:22:58 +01:00
Felix Fietkau
e1851720f1 hostapd: do not restart hostapd instance on wireless restarts
Add the flag that prevents netifd from killing hostapd/wpa_supplicant

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-31 14:26:00 +01:00
Felix Fietkau
a7ff013eb6 netifd: update to the latest version
39fb8c3edc74 wireless: add support for not killing processes on teardown

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-31 14:25:59 +01:00
Johannes Kimmel
3f5619f259 vxlan: allow for dynamic source ip selection (FS#3426)
By setting 'auto', the zero address or the empty string as source
address (option ipaddr, option ip6addr), vxlan will choose one
dynamically. This helps in setups where a wan ip or prefix changes.

This corresponse to setting up an vxlan tunnel with:

proto vxlan6:
    # ip link add vx0 type vxlan id ID local :: ...
proto vxlan:
    # ip link add vx0 type vxlan id ID local 0.0.0.0 ...

While it is possible to not specify a source ip at all, the kernel will
default to setting up a ipv4 tunnel. The kernel will take any hint from
source and peer ips to figure out, what tunnel type to use. To make sure
we setup an ipv6 tunnel for proto vxlan6, this workaround is needed.

This will not change the behaviour of currently working configurations.
However this will allow former broken configurations, namely those not
specifying both a source address and tunnel interface, to setup a
tunnel interface. Previously those configurations weren't reporting an
error and were stueck in a setup loop like in Bug FS#3426.

This change lifts the currently very strict behaviour and should fix the
following bug:

Fixes: FS#3426
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3426

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2020-12-31 11:53:21 +01:00
Sven Eckelmann
80713657b2 ath79: Add support for OpenMesh OM5P
Device specifications:
======================

* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 5 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + builtin switch port 1
    + used as LAN interface
  - eth1
    + 18-24V passive POE (mode B)
    + used as WAN interface
* 12-24V 1A DC
* internal antennas

WAN/LAN LEDs appear to be wrong in ar71xx and have been swapped here.

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[add LED swap comment]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-12-30 23:32:07 +01:00
Sven Eckelmann
ff9e48e75c ath79: Add support for OpenMesh OM2P v2
Device specifications:
======================

* Qualcomm/Atheros AR9330 rev 1
* 400/400/200 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 1T1R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + builtin switch port 1
    + used as LAN interface
  - eth1
    + 18-24V passive POE (mode B)
    + used as WAN interface
* 12-24V 1A DC
* external antenna

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to
the device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-30 23:32:07 +01:00
Sven Eckelmann
eb3a5ddba0 ath79: Add support for OpenMesh OM2P-LC
Device specifications:
======================

* Qualcomm/Atheros AR9330 rev 1
* 400/400/200 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 1T1R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + builtin switch port 1
    + used as LAN interface
  - eth1
    + 18-24V passive POE (mode B)
    + used as WAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to
the device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-30 23:32:07 +01:00
Hans Dedecker
23fec971ca odhcp6c: update to git HEAD
eac1961 dhcpv6: fix displaying IA info
0475e18 dhcpv6: display status code as a string

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-30 20:20:06 +01:00
Adrian Schmutzler
93b6122212 base-files: sysupgrade: add function for conffiles retrieval
The find command to retrieve files from /etc/sysupgrade.conf and
/lib/upgrade/keep.d/* is used twice in almost the same way.

Move it into a function to consolidate, enhance readability and make
future adjustments easier.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Paul Spooren <mail@aparcar.org>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-12-30 00:00:13 +01:00
Maxim Storchak
f17c300983 busybox: define BUSYBOX_SYM before the first use
Since PKG_FILE_MODES relies on BUSYBOX_SYM, it should be defined early enough

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2020-12-29 12:19:39 -10:00
Sven Eckelmann
75900a25ed ath79: add support for OpenMesh OM2P-HS v3
Device specifications:
======================

* Qualcomm/Atheros AR9341 rev 1
* 535/400/200 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + 802.3af POE
    + builtin switch port 1
    + used as LAN interface
  - eth1
    + 18-24V passive POE (mode B)
    + used as WAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to
the device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-29 00:03:26 +01:00
Sven Eckelmann
f096accce2 ath79: add support for OpenMesh OM2P-HS v2
Device specifications:
======================

* Qualcomm/Atheros AR9341 rev 1
* 535/400/200 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + 802.3af POE
    + builtin switch port 1
    + used as LAN interface
  - eth1
    + 18-24V passive POE (mode B)
    + used as WAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to
the device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-29 00:03:26 +01:00
Sven Eckelmann
a462412977 ath79: add support for OpenMesh OM2P-HS v1
Device specifications:
======================

* Qualcomm/Atheros AR9341 rev 1
* 535/400/200 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + 802.3af POE
    + builtin switch port 1
    + used as LAN interface
  - eth1
    + 18-24V passive POE (mode B)
    + used as WAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to
the device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[drop redundant status from eth1]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-12-29 00:03:26 +01:00
Rafał Miłecki
dbb542f194 bcm63xx-cfe: update to the latest master
c0b3691 netgear: r8000p: add cferam file
ae870eb asus: gt-ac5300: add cferam file
424b57c sfr: neufbox-6v-foxconn-r0: update cferam file
81a2a8b sfr: neufbox-6v-foxconn-r0: add cferam file
2730361 sercomm: h500-s: add cferam file

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-12-28 23:09:17 +01:00
Sven Eckelmann
5b37b52e69 ath79: Add support for OpenMesh OM2P-HS v4
Device specifications:
======================

* Qualcomm/Atheros QCA9533 v2
* 650/600/217 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + 24V passive POE (mode B)
    + used as WAN interface
  - eth1
    + 802.3af POE
    + builtin switch port 1
    + used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to
the device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-28 19:37:24 +01:00
Sven Eckelmann
dd1d95cb03 ath79: Add support for OpenMesh OM2P v4
Device specifications:
======================

* Qualcomm/Atheros QCA9533 v2
* 650/600/217 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 1T1R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + Label: Ethernet 1
    + 24V passive POE (mode B)
  - eth1
    + Label: Ethernet 2
    + 802.3af POE
    + builtin switch port 1
* 12-24V 1A DC
* external antenna

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to
the device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
[wrap two very long lines, fix typo in comment]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-12-28 19:37:24 +01:00
Álvaro Fernández Rojas
e1938d3397 ath10k-ct-firmware: update to 022 (2020-11-08)
Runtime-tested on ath79 (TP-Link Archer C7 v2) and ipq806x (Netgear R7800).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-12-28 18:07:34 +01:00
Álvaro Fernández Rojas
da9beb070d ath10k-ct: update to latest version
Changelog:
- ath10k-ct: Fix invalid use of ath-cb struct

Runtime-tested on ath79 (TP-Link Archer C7 v2) and ipq806x (Netgear R7800).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-12-28 18:07:29 +01:00
Hans Dedecker
19d7e73ecc ethtool: update to version 5.10
The ipkg sizes changes as follows for mips 24kc :
	5.9  : ethtool_5.9-1_mips_24kc.ipk 35246
	5.10 : ethtool_5.10-1_mips_24kc.ipk 35385

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-26 20:39:25 +01:00
Yousong Zhou
1508841b4e kmod-tcp-hybla: new module for hybla congestion control algorithm
Just the module and no default sysctl conf file is provided

Link: https://forum.openwrt.org/t/20-xx-tcp-hybla/83076
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-12-26 10:08:08 +08:00
Yousong Zhou
d45b50389d kmod-tcp-bbr: use AutoProbe
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-12-26 10:08:08 +08:00
Yousong Zhou
72447181bc kmod-tcp-bbr: leave CONFIG_TCP_CONG_ADVANCED to target config
Since generic has the option set to y and other targets now inherit that
choice, there is no behaviour change

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-12-26 10:08:08 +08:00
Dongming Han
b9389186b0 ipq40xx: add support for GL.iNet GL-AP1300
Specifications:
SOC:        Qualcomm IPQ4018 (DAKOTA) ARM Quad-Core
RAM:        256 MiB
FLASH1:     4 MiB NOR
FLASH2:     128 MiB NAND
ETH:        Qualcomm QCA8075
WLAN1:      Qualcomm Atheros QCA4018 2.4GHz 802.11b/g/n 2x2
WLAN2:      Qualcomm Atheros QCA4018 5GHz 802.11n/ac W2 2x2
INPUT:      Reset
LED:        Power, Internet
UART1:      On board pin header near to LED (3.3V, TX, RX, GND), 3.3V without pin - 115200 8N1
OTHER:      On board with BLE module - by cp210x USB serial chip
            On board hareware watchdog with GPIO0 high to turn on, and GPIO4 for watchdog feed

Install via uboot tftp or uboot web failsafe.

By uboot tftp:
(IPQ40xx) # tftpboot 0x84000000 openwrt-ipq40xx-generic-glinet_gl-ap1300-squashfs-nand-factory.ubi
(IPQ40xx) # run lf

By uboot web failsafe:
Push the reset button for 10 seconds util the power led flash faster,
then use broswer to access http://192.168.1.1

Afterwards upgrade can use sysupgrade image.

Signed-off-by: Dongming Han <handongming@gl-inet.com>
2020-12-25 10:38:13 +01:00
Yanase Yuki
3bb1618573 ipq806x: add support for NEC Platforms Aterm WG2600HP3
NEC Platforms Aterm WG2600HP3 is a dual-band router based on Qualcomm IPQ8062.

Specification
-------------
- SoC: Qualcomm IPQ8062
- RAM: 512MiB
- Flash memory: SPI-NOR 32MiB (Cypress S25FL256S)
- Wi-Fi: Qualcomm QCA9984 (2.4GHz, 1ch - 13ch)
- Wi-Fi: Qualcomm QCA9984 (5GHz, 36ch - 64ch, 100ch - 140ch)
- Ethernet: 4x 100/1000 Mbps (1x WAN, 4x LAN)
- LED: 6x green LED, 6x red LED
- Input: 2x tactile switch, 1x SP3T slide switch
- Serial console: 115200bps, through-hole J3
  - [  ] [GND] [  ] [TX] [RX] ----> DC jack
- Power: DC 12V 1.5A

This device does not support VHT160 and VHT80+80.
Custom BDFs are required to limit VHT capabilities.

Flash instructions
------------------
1. Setup TFTP server (IP address: 192.168.1.2)
2. Put initramfs image into TFTP server directory
3. Connect WG2600HP3 lan port and computer that runs TFTP server
4. Connect to the serial console
5. Interrupt booting by Esc key (password: chiron)
6. Execute the following commands
    # setenv bootcmd "nboot 0x44000000 1 0x860000"
    # saveenv
    # setenv ipaddr 192.168.1.1
    # setenv serverip 192.168.1.2
    # tftpboot 0x44000000 openwrt-ipq806x-generic-nec_wg2600hp3-initramfs-uImage
7. After booting OpenWrt initramfs image, backup SPI-NOR flash memory
8. Erase firmware partition
    # mtd erase firmware
9. Run sysupgrade

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
2020-12-25 10:38:13 +01:00
Sven Eckelmann
b4009f453c ipq-wifi: Fix suffix for Plasma Cloud PA2200 QCA4019 board-2.bin
The Makefile is rejecting all files with for a given prefix (here
"board-plasmacloud_pa2200") when it didn't match a known suffix. Instead it
stops the build with an error like:

  Makefile:135: *** Unrecognized board-file suffix '.ipq4019' for 'board-plasmacloud_pa2200.ipq4019'. Stop.

The correct suffix for the QCA4019/hw1.0 is qca4019 and not ipq4019.

Fixes: 4871fd2616 ("ipq40xx: add support for Plasma Cloud PA2200")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-25 10:38:13 +01:00
Sven Eckelmann
1c557e27fd ipq-wifi: Fix suffix for Plasma Cloud PA1200 QCA4019 board-2.bin
The Makefile is rejecting all files with for a given prefix (here
"board-plasmacloud_pa1200") when it didn't match a known suffix. Instead it
stops the build with an error like:

  Makefile:135: *** Unrecognized board-file suffix '.ipq4019' for 'board-plasmacloud_pa1200.ipq4019'. Stop.

The correct suffix for the QCA4019/hw1.0 is qca4019 and not ipq4019.

Fixes: ea5bb6bbfe ("ipq40xx: add support for Plasma Cloud PA1200")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-25 10:38:13 +01:00
Michael Pratt
33d26a9a40 ath79: add support for Senao Engenius EAP350 v1
FCC ID: U2M-EAP350

Engenius EAP350 is a wireless access point with 1 gigabit PoE ethernet port,
2.4 GHz wireless, external ethernet switch, and 2 internal antennas.

Specification:

  - AR7242 SOC
  - AR9283 WLAN			(2.4 GHz, 2x2, PCIe on-board)
  - AR8035-A switch		(GbE with 802.3af PoE)
  - 40 MHz reference clock
  - 8 MB FLASH			MX25L6406E
  - 32 MB RAM			EM6AA160TSA-5G
  - UART at J2			(populated)
  - 3 LEDs, 1 button		(power, eth, 2.4 GHz) (reset)
  - 2 internal antennas

MAC addresses:

  MAC address is labeled as "MAC"
  Only 1 address on label and in flash
  The OEM software reports these MACs for the ifconfig

  eth0	MAC	*:0c	art 0x0
  phy0	---	*:0d	---

Installation:

  2 ways to flash factory.bin from OEM:

  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.10.1
    username and password "admin"
    Navigate to "Upgrade Firmware" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9f670000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions
  otherwise, uboot-env can be used to make uboot load the failsafe image

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt

  ssh into openwrt and run
  `fw_setenv rootfs_checksum 0`
  reboot, wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

Format of OEM firmware image:

  The OEM software of EAP350 is a heavily modified version
  of Openwrt Kamikaze. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-eap350-uImage-lzma.bin
    openwrt-senao-eap350-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  The OEM upgrade script is at /etc/fwupgrade.sh

  Later models in the EAP series likely have a different platform
  and the upgrade and image verification process differs.

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1024k
  and the factory.bin upgrade procedure would
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8035-A switch between
  the SOC and the ethernet PHY chips.

  For AR724x series, the PLL register for GMAC0
  can be seen in the DTSI as 0x2c.
  Therefore the PLL register can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x1805002c 1`.

  uboot did not have a good value for 1 GBps
  so it was taken from other similar DTS file.

Tested from master, all link speeds functional

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2020-12-25 10:38:13 +01:00
Michael Pratt
6c98edaae2 ath79: add support for Senao Engenius EAP600
FCC ID: A8J-EAP600

Engenius EAP600 is a wireless access point with 1 gigabit ethernet port,
dual-band wireless, external ethernet switch, 4 internal antennas
and 802.3af PoE.

Specification:

  - AR9344 SOC			(5 GHz, 2x2, WMAC)
  - AR9382 WLAN			(2.4 GHz, 2x2, PCIe on-board)
  - AR8035-A switch		(GbE with 802.3af PoE)
  - 40 MHz reference clock
  - 16 MB FLASH			MX25L12845EMI-10G
  - 2x 64 MB RAM		NT5TU32M16DG
  - UART at H1			(populated)
  - 5 LEDs, 1 button		(power, eth, 2.4 GHz, 5 GHz, wps) (reset)
  - 4 internal antennas

MAC addresses:

  MAC addresses are labeled MAC1 and MAC2
  The MAC address in flash is not on the label
  The OEM software reports these MACs for the ifconfig

  eth0	MAC 1	*:5e	---
  phy1	MAC 2	*:5f	---	(2.4 GHz)
  phy0	-----	*:60	art 0x0	(5 GHz)

Installation:

  2 ways to flash factory.bin from OEM:

  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    Navigate to "Upgrade Firmware" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fdf0000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions
  otherwise, uboot-env can be used to make uboot load the failsafe image

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt

  ssh into openwrt and run
  `fw_setenv rootfs_checksum 0`
  reboot, wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

Format of OEM firmware image:

  The OEM software of EAP600 is a heavily modified version
  of Openwrt Kamikaze. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-eap600-uImage-lzma.bin
    openwrt-senao-eap600-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  The OEM upgrade script is at /etc/fwupgrade.sh

  Later models in the EAP series likely have a different platform
  and the upgrade and image verification process differs.

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8035-A switch between
  the SOC and the ethernet PHY chips.

  For AR934x series, the PLL register for GMAC0
  can be seen in the DTSI as 0x2c.
  Therefore the PLL register can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x1805002c 1`.

  Unfortunately uboot did not have the best values
  so they were taken from other similar DTS files.

Tested from master, all link speeds functional

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2020-12-25 10:38:13 +01:00
Michael Pratt
4a55ef639d ath79: add support for Senao Engenius ECB600
FCC ID: A8J-ECB600

Engenius ECB600 is a wireless access point with 1 gigabit PoE ethernet port,
dual-band wireless, external ethernet switch, and 4 external antennas.

Specification:

  - AR9344 SOC			(5 GHz, 2x2, WMAC)
  - AR9382 WLAN			(2.4 GHz, 2x2, PCIe on-board)
  - AR8035-A switch		(GbE with 802.3af PoE)
  - 40 MHz reference clock
  - 16 MB FLASH			MX25L12845EMI-10G
  - 2x 64 MB RAM		NT5TU32M16DG
  - UART at H1			(populated)
  - 4 LEDs, 1 button		(power, eth, 2.4 GHz, 5 GHz) (reset)
  - 4 external antennas

MAC addresses:

  MAC addresses are labeled MAC1 and MAC2
  The MAC address in flash is not on the label
  The OEM software reports these MACs for the ifconfig

  phy1	MAC 1	*:52	---	(2.4 GHz)
  phy0	MAC 2	*:53	---	(5 GHz)
  eth0	-----	*:54	art 0x0

Installation:

  2 ways to flash factory.bin from OEM:

  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    Navigate to "Upgrade Firmware" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fdf0000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions
  otherwise, uboot-env can be used to make uboot load the failsafe image

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt

  ssh into openwrt and run
  `fw_setenv rootfs_checksum 0`
  reboot, wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

Format of OEM firmware image:

  The OEM software of ECB600 is a heavily modified version
  of Openwrt Kamikaze. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-ecb600-uImage-lzma.bin
    openwrt-senao-ecb600-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  The OEM upgrade script is at /etc/fwupgrade.sh

  Later models in the ECB series likely have a different platform
  and the upgrade and image verification process differs.

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8035-A switch between
  the SOC and the ethernet PHY chips.

  For AR934x series, the PLL register for GMAC0
  can be seen in the DTSI as 0x2c.
  Therefore the PLL register can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x1805002c 1`.

  Unfortunately uboot did not have the best values
  so they were taken from other similar DTS files.

Tested from master, all link speeds functional

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2020-12-25 10:38:13 +01:00
Hans Dedecker
bc99b56d7e odhcpd: update to latest git HEAD
b75bcad dhcpv6-ia: remove assignment equal to 0 checks
d1ae052 dhcpv6-ia: fix logic to include IA_PD prefix with lifetimes set to 0
9d5e379 dhcpv6-ia: fix prefix delegation behavior

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-24 17:23:41 +01:00
Daniel Golle
8348896357 opkg: update to git HEAD
9bbc7ea pkg_hash: pkg_hash_check_unresolved: fix segfault

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-24 11:12:57 +00:00
Dobroslaw Kijowski
1a9b896d8b treewide: nuke DRIVER_11W_SUPPORT
As of hostapd upstream commit 7d2ed8ba "Remove CONFIG_IEEE80211W build parameter"
https://w1.fi/cgit/hostap/commit?id=7d2ed8bae86a31dd2df45c24b3f7281d55315482
802.11w feature is always enabled in the build time.

It doesn't make sense to opt-in 802.11w per driver as hostapd will always
be compiled with this feature enabled.

As suggested by Hauke Mehrtens, for now keep 11w enabled in build_features.h
for compatibility reasons. This option will be dropped when LuCI is adjusted.

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
2020-12-23 16:36:08 +01:00
Felix Fietkau
3d8d2c3a80 netifd: update to the latest version
88c6003e2b4f netifd: fix a typo in vlandev hotplug support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-23 11:22:23 +01:00
Piotr Dymacz
8c28da9724 base-files: drop banner.failsafe if failsafe is disabled
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-12-22 21:27:25 +01:00
Stefan Schake
d3c8881194 ipq40xx: add support for devolo Magic 2 WiFi next
SOC:     IPQ4018 / QCA Dakota
CPU:     Quad-Core ARMv7 Processor rev 5 (v71) Cortex-A7
DRAM:    256 MiB
NOR:     32 MiB
ETH:     Qualcomm Atheros QCA8075 (2 ports)
PLC:     MaxLinear G.hn 88LX5152
WLAN1:   Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:   Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:   RESET, WiFi, PLC Button
LEDS:    red/white home, white WiFi

To modify a retail device to run OpenWRT firmware:
1) Setup a TFTP server on IP address 192.168.0.100 and copy the OpenWRT
   initramfs (initramfs-fit-uImage.itb) to the TFTP root as 'uploadfile'.
2) Power on the device while pressing the recessed reset button next to
   the Ethernet ports. This causes the bootloader to retrieve and start
   the initramfs.
3) Once the initramfs is booted, the device will come up with IP
   192.168.1.1. You can then connect through SSH (allow some time for
   the first connection).
4) On the device shell, run 'fw_printenv' to show the U-boot environment.
   Backup this information since it contains device unique factory data.
5) Change the boot command to support booting OpenWRT:
   # fw_setenv bootcmd 'sf probe && sf read 0x84000000 0x180000 0x400000 && bootm'
6) Change directory to /tmp, download the sysupgrade (e.g. through wget)
   and install it with sysupgrade. The device will reboot into OpenWRT.

Notice that there is currently no support for booting the G.hn chip.
This requires userland software we lack the rights to share right now.

Signed-off-by: Stefan Schake <stefan.schake@devolo.de>
2020-12-22 20:55:40 +01:00
John Crispin
ceb612e463 hostapd: pass respawn settings when registering the service
When hostapd gets restarted to often/quickly will cause procd to not restart it
anymore. it will think that hapd is in a crash loop.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [adjust respawn time]
2020-12-22 19:30:26 +01:00
Kip Porterfield
6ffe8a473e kirkwood: add support for Seagate BlackArmor NAS220
The Seagate BlackArmor NAS220 is a consumer NAS
with two internal drive bays. The stock OS runs
RAID 1 over the disks via mdadm.

Device specification:
- SoC: Marvell 88F6192 800 MHz
- RAM: 128 MB
- Flash: 32 MB
- 2 x internal SATA II drives
- Ethernet: 10/100/1000 Mbps (single port, no switch)
- WLAN: None
- LED: Power, Status, Sata Activity
- Key: Power, Reset
- Serial: 10 pin header, (115200,8,N,1), 3.3V TTL
	9|x  -   x|10
	7|x  -   x|8
	5|x  - GND|6
	3|x  -  RX|4
	1|TX -   x|2
	front of case
- USB ports: 2 x USB 2.0

Flash instruction:

NOTE: this process uses a serial connection. It will upgrade the
bootloader and reset the bootloader environment variables

TFTP server setup
- Setup PC with TFTP server set the PC IP to 10.4.50.5 as TFTP server
- Copy these files to TFTP server location
    - u-boot.kwb
    - seagate_blackarmor-nas220-initramfs-uImage
    - seagate_blackarmor-nas220-squashfs-sysupgrade.bin
    - seagate_blackarmor-nas220-squashfs-factory.bin

Seagate NAS setup
- Connect LAN cable between PC and seagate device
- Connect to serial to seagate device

Install u-boot
- Boot seagate device and stop in bootloader by pressing any key
- run 'printenv' from u-boot and save the values
- tftpboot 0x2000000 u-boot.kwb
- nand erase.part uboot
- nand write 0x2000000 0x0 ${filesize}
- reset

Update MAC address in u-boot env
- Stop in u-boot by pressing any key
- Get your MAC address from your saved printenv. Is also on chassis
- setenv ethaddr <your MAC>
- saveenv

Option 1 (recommended) - Install OpenWrt via initramfs and sysupgrade
- tftpboot 0x2000000 seagate_blackarmor-nas220-initramfs-uImage
- bootm 0x2000000
- *OpenWrt should be running now, however it is not written to flash yet*
- From the running instance of OpenWrt use Luci's "flash image" feature
    from the web site or use sysupgrade from the console to write
    seagate_blackarmor-nas220-squashfs-sysupgrade.bin to flash

Option 2 - Install OpenWrt by flashing factory image from u-boot
- nand erase.part ubi
- tftpboot 0x2000000 seagate_blackarmor-nas220-squashfs-factory.bin
- nand write 0x2000000 ubi ${filesize}
- reset

Signed-off-by: Kip Porterfield <kip.porterfield@gmail.com>
2020-12-22 19:11:50 +01:00
Michael Pratt
fe2f53f21c ath79: add support for Senao Engenius EnStationAC v1
FCC ID: A8J-ENSTAC

Engenius EnStationAC v1 is an outdoor wireless access point/bridge with
2 gigabit ethernet ports on 2 external ethernet switches,
5 GHz only wireless, internal antenna plates, and proprietery PoE.

Specification:

  - QCA9557 SOC
  - QCA9882 WLAN		(PCI card, 5 GHz, 2x2, 26dBm)
  - AR8035-A switch		(RGMII GbE with PoE+ IN)
  - AR8031 switch		(SGMII GbE with PoE OUT)
  - 40 MHz reference clock
  - 16 MB FLASH			MX25L12845EMI-10G
  - 2x 64 MB RAM		NT5TU32M16FG
  - UART at J10			(unpopulated)
  - internal antenna plates	(19 dbi, directional)
  - 7 LEDs, 1 button		(power, eth, wlan, RSSI) (reset)

MAC addresses:

  MAC addresses are labeled as ETH and 5GHz
  Vendor MAC addresses in flash are duplicate

  eth0	ETH	*:d3	art 0x0/0x6
  eth1	----	*:d4	---
  phy0	5GHz	*:d5	---

Installation:

  2 ways to flash factory.bin from OEM:

  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    Navigate to "Firmware" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fd70000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions
  otherwise, uboot-env can be used to make uboot load the failsafe image

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt

  ssh into openwrt and run
  `fw_setenv rootfs_checksum 0`
  reboot, wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

TFTP recovery:

  rename initramfs to 'vmlinux-art-ramdisk'
  make available on TFTP server at 192.168.1.101
  power board
  hold or press reset button repeatedly

  NOTE: for some Engenius boards TFTP is not reliable
  try setting MTU to 600 and try many times

Format of OEM firmware image:

  The OEM software of EnStationAC is a heavily modified version
  of Openwrt Altitude Adjustment 12.09. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-ar71xx-enstationac-uImage-lzma.bin
    openwrt-ar71xx-enstationac-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  Newer EnGenius software requires more checks but their script
  includes a way to skip them, otherwise the tar must include
  a text file with the version and md5sums in a deprecated format.

  The OEM upgrade script is at /etc/fwupgrade.sh.

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8033 switch between
  the SOC and the ethernet PHY chips.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  For eth0 at 1000 speed, the value returned was
  ae000000 but that didn't work, so following
  the logical pattern from the rest of the values,
  the guessed value of a3000000 works better.

  later discovered that delay can be placed on the PHY end only
  with phy-mode as 'rgmii-id' and set register to 0x82...

Tested from master, all link speeds functional

Signed-off-by: Michael Pratt <mcpratt@pm.me>
[fixed SoB to match From:]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-22 19:11:50 +01:00
Marek Lindner
4871fd2616 ipq40xx: add support for Plasma Cloud PA2200
Device specifications:

* QCA IPQ4019
* 256 MB of RAM
* 32 MB of SPI NOR flash (w25q256)
  - 2x 15 MB available; but one of the 15 MB regions is the recovery image
* 2T2R 2.4 GHz
  - QCA4019 hw1.0 (SoC)
  - requires special BDF in QCA4019/hw1.0/board-2.bin with
    bus=ahb,bmi-chip-id=0,bmi-board-id=20,variant=PlasmaCloud-PA2200
* 2T2R 5 GHz (channel 36-64)
  - QCA9888 hw2.0 (PCI)
  - requires special BDF in QCA9888/hw2.0/board-2.bin
    bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=PlasmaCloud-PA2200
* 2T2R 5 GHz (channel 100-165)
  - QCA4019 hw1.0 (SoC)
  - requires special BDF in QCA4019/hw1.0/board-2.bin with
    bus=ahb,bmi-chip-id=0,bmi-board-id=21,variant=PlasmaCloud-PA2200
* GPIO-LEDs for 2.4GHz, 5GHz-SoC and 5GHz-PCIE
* GPIO-LEDs for power (orange) and status (blue)
* 1x GPIO-button (reset)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x gigabit ethernet
  - phy@mdio3:
    + Label: Ethernet 1
    + gmac0 (ethaddr) in original firmware
    + used as LAN interface
  - phy@mdio4:
    + Label: Ethernet 2
    + gmac1 (eth1addr) in original firmware
    + 802.3at POE+
    + used as WAN interface
* 12V 2A DC

Flashing instructions:

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.

Signed-off-by: Marek Lindner <marek.lindner@kaiwoo.ai>
[sven@narfation.org: prepare commit message, rebase, use all LEDs, switch
to dualboot_datachk upgrade script, use eth1 as designated WAN interface]
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-22 19:11:50 +01:00
Marek Lindner
ea5bb6bbfe ipq40xx: add support for Plasma Cloud PA1200
Device specifications:

* QCA IPQ4018
* 256 MB of RAM
* 32 MB of SPI NOR flash (w25q256)
  - 2x 15 MB available; but one of the 15 MB regions is the recovery image
* 2T2R 2.4 GHz
  - QCA4019 hw1.0 (SoC)
  - requires special BDF in QCA4019/hw1.0/board-2.bin with
    bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=PlasmaCloud-PA1200
* 2T2R 5 GHz
  - QCA4019 hw1.0 (SoC)
  - requires special BDF in QCA4019/hw1.0/board-2.bin with
    bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=PlasmaCloud-PA1200
* 3x GPIO-LEDs for status (cyan, purple, yellow)
* 1x GPIO-button (reset)
* 1x USB (xHCI)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x gigabit ethernet
  - phy@mdio4:
    + Label: Ethernet 1
    + gmac0 (ethaddr) in original firmware
    + used as LAN interface
  - phy@mdio3:
    + Label: Ethernet 2
    + gmac1 (eth1addr) in original firmware
    + 802.3af/at POE(+)
    + used as WAN interface
* 12V/24V 1A DC

Flashing instructions:

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.

Signed-off-by: Marek Lindner <marek.lindner@kaiwoo.ai>
[sven@narfation.org: prepare commit message, rebase, use all LEDs, switch
to dualboot_datachk upgrade script, use eth1 as designated WAN interface]
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-22 19:11:50 +01:00
Sven Eckelmann
17e5920490 ath79: Add support for Plasma Cloud PA300E
Device specifications:

* Qualcomm/Atheros QCA9533 v2
* 650/600/217 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash (mx25l12805d)
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + Label: Ethernet 1
    + 24V passive POE (mode B)
    + used as WAN interface
  - eth1
    + Label: Ethernet 2
    + 802.3af POE
    + builtin switch port 2
    + used as LAN interface
* 12-24V 1A DC
* external antennas

Flashing instructions:

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-22 19:11:50 +01:00
Sven Eckelmann
5fc28ef479 ath79: Add support for Plasma Cloud PA300
Device specifications:

* Qualcomm/Atheros QCA9533 v2
* 650/600/217 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash (mx25l12805d)
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + Label: Ethernet 1
    + 24V passive POE (mode B)
    + used as WAN interface
  - eth1
    + Label: Ethernet 2
    + 802.3af POE
    + builtin switch port 2
    + used as LAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-12-22 19:11:50 +01:00
Michael Pratt
7073ebf0f9 ath79: add support for Senao Engenius ECB350 v1
FCC ID: A8J-ECB350

Engenius ECB350 v1 is an indoor wireless access point with a gigabit ethernet port,
2.4 GHz wireless, external antennas, and PoE.

**Specification:**

  - AR7242 SOC
  - AR9283 WLAN			2.4 GHz (2x2), PCIe on-board
  - AR8035-A switch		RGMII, GbE with 802.3af PoE
  - 40 MHz reference clock
  - 8 MB FLASH			25L6406EM2I-12G
  - 32 MB RAM
  - UART at J2			(populated)
  - 2 external antennas
  - 3 LEDs, 1 button		(power, lan, wlan) (reset)

**MAC addresses:**

  MACs are labeled as WLAN and WAN
  vendor MAC addresses in flash are duplicate

  phy0	WLAN	*:b8	---
  eth0	WAN	*:b9	art 0x0/0x6

**Installation:**

  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

  OEM webpage at 192.168.1.1
  username and password "admin"
  Navigate to "Firmware" page from left pane
  Click Browse and select the factory.bin image
  Upload and verify checksum
  Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

  After connecting to serial console and rebooting...
  Interrupt uboot with any key pressed rapidly
  execute `run failsafe_boot` OR `bootm 0x9f670000`
  wait a minute
  connect to ethernet and navigate to
  "192.168.1.1/index.htm"
  Select the factory.bin image and upload
  wait about 3 minutes

**Return to OEM:**

  If you have a serial cable, see Serial Failsafe instructions
  otherwise, uboot-env can be used to make uboot load the failsafe image

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt

  ssh into openwrt and run
  `fw_setenv rootfs_checksum 0`
  reboot, wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

**TFTP recovery** (unstable / not reliable):

  rename initramfs to 'vmlinux-art-ramdisk'
  make available on TFTP server at 192.168.1.101
  power board while holding or pressing reset button repeatedly

  NOTE: for some Engenius boards TFTP is not reliable
  try setting MTU to 600 and try many times

**Format of OEM firmware image:**

  The OEM software of ECB350 v1 is a heavily modified version
  of Openwrt Kamikaze. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names
  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  The OEM upgrade script is at /etc/fwupgrade.sh.

  OKLI kernel loader is required because the OEM software
  expects the kernel size to be no greater than 1536k
  and otherwise the factory.bin upgrade procedure would
  overwrite part of the kernel when writing rootfs.
  The factory upgrade script follows the original mtd partitions.

**Note on PLL-data cells:**

  The default PLL register values will not work
  because of the AR8035 switch between
  the SOC and the ethernet port.

  For AR724x series, the PLL register for GMAC0
  can be seen in the DTSI as 0x2c.
  Therefore the PLL register can be read from u-boot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x1805002c 1`

  However the registers that u-boot sets are not ideal and sometimes wrong...
  the at803x driver supports setting the RGMII clock/data delay on the PHY side.
  This way the pll-data register only needs to handle invert and phase.

  for this board no extra adjustements are needed on the MAC side
  all link speeds functional

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2020-12-22 19:11:50 +01:00
Michael Pratt
f244143609 ath79: add support for Senao Engenius ECB1200
FCC ID: A8J-ECB1200

Engenius ECB1200 is an indoor wireless access point with a GbE port,
2.4 GHz and 5 GHz wireless, external antennas, and 802.3af PoE.

**Specification:**

  - QCA9557 SOC			MIPS, 2.4 GHz (2x2)
  - QCA9882 WLAN		PCIe card, 5 GHz (2x2)
  - AR8035-A switch		RGMII, GbE with 802.3af PoE, 25 MHz clock
  - 40 MHz reference clock
  - 16 MB FLASH			25L12845EMI-10G
  - 2x 64 MB RAM		1538ZFZ V59C1512164QEJ25
  - UART at JP1			(unpopulated, RX shorted to ground)
  - 4 external antennas
  - 4 LEDs, 1 button		(power, eth, wifi2g, wifi5g) (reset)

**MAC addresses:**

  MAC Addresses are labeled as ETH and 5GHZ
  U-boot environment has the vendor MAC addresses
  MAC addresses in ART do not match vendor

  eth0	ETH	*:5c	u-boot-env ethaddr
  phy0	5GHZ	*:5d	u-boot-env athaddr
  ----	----	????	art 0x0/0x6

**Installation:**

  Method 1: Firmware upgrade page:

  OEM webpage at 192.168.1.1
  username and password "admin"
  Navigate to "Firmware" page from left pane
  Click Browse and select the factory.bin image
  Upload and verify checksum
  Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

  After connecting to serial console and rebooting...
  Interrupt uboot with any key pressed rapidly

  (see TFTP recovery)
  perform a sysupgrade

**Serial Access:**

  the RX line on the board for UART is shorted to ground by resistor R176
  therefore it must be removed to use the console
  but it is not necessary to remove to view boot log
  optionally, R175 can be replaced with a solder bridge short

  the resistors R175 and R176 are next to the UART pinout at JP1

**Return to OEM:**

  If you have a serial cable, see Serial Failsafe instructions

  Unlike most Engenius boards, this does not have a 'failsafe' image
  the only way to return to OEM is TFTP or serial access to u-boot

**TFTP recovery:**

  Unlike most Engenius boards, TFTP is reliable here

  rename initramfs-kernel.bin to 'ap.bin'
  make the file available on a TFTP server at 192.168.1.10
  power board while holding or pressing reset button repeatedly

  or with serial access:
  run `tftpboot` or `run factory_boot` with initramfs-kernel.bin
  then `bootm` with the load address

**Format of OEM firmware image:**

  The OEM software of ECB1200 is a heavily modified version
  of Openwrt Altitude Adjustment 12.09.

  This Engenius board, like ECB1750, uses a proprietary header
  with a unique Product ID. The header for factory.bin is
  generated by the mksenaofw program included in openwrt.

**Note on PLL-data cells:**

  The default PLL register values will not work
  because of the AR8035 switch between
  the SOC and the ethernet port.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  However the registers that u-boot sets are not ideal and sometimes wrong...
  the at803x driver supports setting the RGMII clock/data delay on the PHY side.
  This way the pll-data register only needs to handle invert and phase.

  for this board clock invert is needed on the MAC side
  all link speeds functional

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2020-12-22 19:11:50 +01:00
Michael Pratt
a459696eb1 ramips: add support for Senao Engenius ESR600H
FCC ID: A8J-ESR750H

Engenius ESR600H is an indoor wireless router with a gigabit switch,
2.4 GHz and 5 GHz wireless, internal and external antennas, and a USB port.

**Specification:**

  - RT3662F			MIPS SOC, 5 GHz WMAC (2x2)
  - RT5392L			PCI on-board, 2.4 GHz (2x2)
  - AR8327			RGMII, 7-port GbE, 25 MHz clock
  - 40 MHz reference clock
  - 8 MB FLASH			25L6406EM2I-12G
  - 64 MB RAM
  - UART at J12			(unpopulated)
  - 2 internal antennas		(5 GHz)
  - 2 external antennas		(2.4 GHz)
  - 9 LEDs, 1 button		(power, wps, wifi2g, wifi5g, 5 LAN/WAN)
  - USB 2 port			(GPIO controlled power)

**MAC addresses:**

  MAC Addresses are labeled as WAN and WLAN
  U-boot environment has the the vendor MAC address for ethernet
  MAC addresses in "factory" are part of wifi calibration data

  eth0.2	WAN	*:13:e7		u-boot-env wanaddr
  eth0.1	----	*:13:e8		u-boot-env wanaddr + 1
  phy0		WLAN	*:14:b8		factory 0x8004
  phy1		----	*:14:bc		factory 0x4

**Installation:**

  Method 1: Firmware upgrade page

  OEM webpage at 192.168.0.1
  username and password "admin"
  Navigate to Network Setting --> Tools --> Firmware
  Click Browse and select the factory.dlf image
  Click Continue to confirm and wait 6 minutes or more...

  Method 2: Serial console to load TFTP image:

  (see TFTP recovery)

**Return to OEM:**

  Unlike most Engenius boards, this does not have a 'failsafe' image
  the only way to return to OEM is serial access to uboot

  Unlike most Engenius boards, public images are not available...
  so the only way to return to OEM is to have a copy
  of the MTD partition "firmware" BEFORE flashing openwrt.

**TFTP recovery:**

  Unlike most Engenius boards, TFTP is reliable here
  however it requires serial console access
  (soldering pins to the UART pinouts)

  build your own image...
  with 'ramdisk' selected under 'Target Images'

  rename initramfs-kernel.bin to 'uImageESR-600H'
  make the file available on a TFTP server at 192.168.99.8
  interrupt boot by holding or pressing '4' in serial console
  as soon as board is powered on

  `tftpboot 0x81000000`
  `bootm 0x81000000`
  perform a sysupgrade

**Format of OEM firmware image:**

  This Engenius board uses the Senao proprietary header
  with a unique Product ID. The header for factory.bin is
  generated by the mksenaofw program included in openwrt.

  .dlf file extension is also required for OEM software to accept it

**Note on using OKLI:**

  the kernel is now too large for the bootloader to handle
  so OKLI is used via the `kernel-loader` image command
  recently in master several other ramips boards have the same problem

  'Kernel panic - not syncing: Failed to find ralink,rt3883-sysc node'

  see commit ad19751edc

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2020-12-22 19:11:50 +01:00
Rosen Penev
57fe7d5401 toolchain: remove uClibc install stuff
This is preparation for removing uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 19:11:50 +01:00
Nick Lowe
cb41bc5088 hostapd: Use EAPOLv1 (802.1X-2001) if WPA enabled
Currently, EAPOLv2 (802.1X-2004) is used by default for legacy clients that
are not WPA2 (RSN) capable. These legacy clients are often intolerant to this
EAPOL version and fail to connect.

hostapd.conf upstream documents for eapol_version the following and that this
is a known compatibility issue with version 2:

// IEEE 802.1X/EAPOL version
// hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
// version 2. However, there are many client implementations that do not handle
// the new version number correctly (they seem to drop the frames completely).
// In order to make hostapd interoperate with these clients, the version number
// can be set to the older version (1) with this configuration value.
// Note: When using MACsec, eapol_version shall be set to 3, which is
// defined in IEEE Std 802.1X-2010.
//eapol_version=2

For the wpa parameter, hostapd.conf upstream documents that this is a bitfield,
configured as follows:

// Enable WPA. Setting this variable configures the AP to require WPA (either
// WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
// wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
// Instead of wpa_psk / wpa_passphrase, wpa_psk_radius might suffice.
// For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
// RADIUS authentication server must be configured, and WPA-EAP must be included
// in wpa_key_mgmt.
// This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
// and/or WPA2 (full IEEE 802.11i/RSN):
// bit0 = WPA
// bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
// Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2.
// In other words, for WPA3, wpa=2 is used the configuration (and
// wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK).
//wpa=2

For client compatibility therefore:

EAPOLv1 (802.1X-2001) should be used by default where WPA is enabled.
EAPOLv2 (802.1X-2004) should be used by default where WPA is disabled.

To fix this, we can therefore change in the script:

set_default eapol_version 0

To the following:

set_default eapol_version $((wpa & 1))

This therefore:
1) Sets eapol_version to 1 where WPA has been enabled via wpa bit0 being set.
2) Sets eapol_version to 0 where WPA has been disabled via wpa bit0 being unset.

For usual configurations that only have WPA2 enabled, EAPOLv2 is then used.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2020-12-22 19:11:50 +01:00
Paul Fertser
39c8bc4422 mac80211: fix MAC address allocations when local bit set on base addr
Testing with hwsim reveals two problems:

1. phyX/addresses has two addresses and mac80211_get_addr keeps
returning the last one when asked for more;

2. The base address has the local bit set and the operation unsets it.

Fix both.

Fixes: 866790fd82
Reported-by: Zero_Chaos
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
2020-12-22 18:59:10 +01:00
Hannu Nyman
3d12b47985 base-files: flush kernel memory cache during sysupgrade
Flush kernel memory caches during sysupgrade in order
to mitigate the impact from memory consumption spikes
in low-RAM devices.

This may help to prevent sysupgrade causing a reboot
before the actual flashing starts.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2020-12-22 18:59:10 +01:00
Tomasz Maciej Nowak
fa77051037 uboot-tegra: bump to 2020.04
This fixes error when host GCC >= 10.

/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
6a1ad19cd3 tcpdump: fix pcap-config issues
The patch removes a libpcap check to avoid a problem with libpcap. Fix
libpcap instead.

Modernize Makefile:

Use a normal autoconf bool instead of checking for CONFIG_IPV6.

Remove old configure and MAKE_FLAGS hacks. Removing them results in
compilation continuing to work without a problem.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
2a92754ce9 libpcap: fix pcap-config
pcap-config as installed is using OS paths instead of OpenWrt ones.

Take fix from libpng and adjust as needed.

This problem seems to occur on Arch Linux and not on Debian/Fedora
based distros. No idea why.

Remove CMAKE_INSTALL as there is now an InstallDev section.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
57ad2a9421 fs/cifs: update module dependencies
0fdfef9aa7ee68ddd508aef7c98630cfc054f8d6 upstream removed CIFS_SMB311.
Kernels 4.19 and above do not have it. Currently only kernels 4.19 and
5.4 are in the tree.

The Kconfig file in the kernel has more selection that what is in here.
Add the rest and reorder based on upstream ordering.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
6e5759f6b4 pcre: fix paths in config file
The paths are pointing to OS paths, not OpenWrt ones. Use SED line from
libpng to fix and adjust accordingly.

This may allow certain packages that use the config file to pick up pcre.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
36540aa973 nettle: update to 3.6
Updated ABI_VERSION.

Switched PKG_BUILD_PARALLEL on as there seems to be no issue anymore.
I can't find any information about why it was turned off.

Fixed license information.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
5036383ccc binutils: update to 2.35.1
Fixes compilation with musl 1.2.x.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Rosen Penev
0d502293e6 elfutils: update to 0.180
Refreshed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Nadim Atiya
1302bee12a hostapd: parse skip_inactivity_poll option
hostapd.sh does not parse skip_inactivity_poll boolean from
/etc/config/wireless despite being mentioned in the documentation [1].
This change fixes this, and by default sets its value to 0 [1].

[1] https://openwrt.org/docs/guide-user/network/wifi/basic

Signed-off-by: Nadim Atiya <nadim.atiya@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[fix and reformat commit message, make patch apply]
2020-12-22 15:23:35 +00:00
Robert Marko
20d847d133 base-files: upgrade: fix initramfs detection
Commit "initramfs: switch to tmpfs to fix ujail" switched initramfs to
now use tmpfs, it causes $(rootfs_type) to now return tmpfs when
running initramfs image instead of being empty.

This broke initramfs detection which prevents config files from
being saved as it does not work from initramfs.

So, lets test for $(rootfs_type) returning "tmpfs" instead.

Fixes: 7fd3c68 ("initramfs: switch to tmpfs to fix ujail)

Signed-off-by: Robert Marko <robimarko@gmail.com>
2020-12-20 17:14:56 +00:00
Petr Štetiar
0cf3c5dd72 uhttpd: don't redirect to HTTPS by default
So we can ship px5g-wolfssl by default in the release image, but still
make the HTTPS for LuCI optional. This small change with addition of
`CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the
next release should provide optional HTTPS in the next release.

Disabling the current default automatic uhttpd's redirect to HTTPS
should make the HTTPS optional. That's it, user would either need to
switch to HTTPS by manually switching to https:// protocol in the URL or
by issuing the following commands to make the HTTPS automatic redirect
permanent:

 $ uci set uhttpd.main.redirect_https=1
 $ uci commit uhttpd
 $ service uhttpd reload

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-20 10:36:51 +01:00
Hauke Mehrtens
736eee5cc6 mt76: Fix compile against glibc
The mt76 test tools did not compile against glibc.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-19 23:18:38 +01:00
Hauke Mehrtens
aa08f43cab toolchain: Deactivate sanitizer on MIPS and ARC
MIPS 32 bit support for sanitizer was added with GCC 9, MIPS 64 bit and
ARC are still not supported in GCC 10.

Deactivate them for now and change this when we change the default
compiler to GCC 9 or later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-19 23:18:38 +01:00
Felix Fietkau
3ab695368a mac80211: do not drop tx nulldata packets on encrypted links
Fixes sending out nulldata probing frames

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-18 23:05:50 +01:00
Felix Fietkau
b837534f02 mt76: update to the latest version
7f53d68b1af9 mt76: mt7615: add debugfs knob for setting extended local mac addresses
1a2547b27dfc mt76: do not set NEEDS_UNIQUE_STA_ADDR for 7615 and 7915
2741fd071bb7 mt76: mt7915: support 32 station interfaces
709f2cd77810 mt76: mt7915: fix processing txfree events
434940e08233 mt76: mt7915: measure channel noise and report it via survey
236326896589 mt76: mt7615: retry if mt7615_mcu_init returns -EAGAIN
b5c593b63f4c mt76: mt7663s: move tx/rx processing in the same txrx workqueue
75157b59ae4e mt76: mt7663s: convert txrx_work to mt76_worker
6dc67b058e2a mt76: mt7663s: disable interrupt during txrx_worker processing
b381729626bb mt76: sdio: convert {status/net}_work to mt76_worker
9cb12f7042cc mt76: mt7915: fix DRR sta bss group index
75977a85e844 mt76: mt7915: disable OFDMA/MU-MIMO UL
6cdebe805862 mt76: rename __mt76_mcu_send_msg to mt76_mcu_send_msg
eb9afae96b65 mt76: rename __mt76_mcu_skb_send_msg to mt76_mcu_skb_send_msg
8c73f3b15ada mt76: implement .mcu_parse_response in struct mt76_mcu_ops
fcfbb046c2f3 mt76: move mcu timeout handling to .mcu_parse_response
477caa196ffe mt76: move waiting and locking out of mcu_ops->mcu_skb_send_msg
a4d71501bad6 mt76: make mcu_ops->mcu_send_msg optional
80c310c59ad1 mt76: mt7603: switch to .mcu_skb_send_msg
082b26181013 mt76: implement functions to get the response skb for MCU calls
ee40800df2e4 mt76: mt7915: move eeprom parsing out of mt7915_mcu_parse_response
d33943baac47 mt76: mt7915: query station rx rate from firmware
b8874e8756d9 mt76: add back the SUPPORTS_REORDERING_BUFFER flag
633ae5961db6 mt76: mt7615: enable beacon filtering by default for offload fw
9a203fea3540 mt76: mt7615: introduce quota debugfs node for mt7663s
f9ae638af7e2 mt76: mt7663s: get rid of mt7663s_sta_add
1a5758d894d0 mt76: mt7663s: fix a possible ple quota underflow
dea10c03316f mt76: sdio: get rid of sched.lock
eb4c09957938 mt76: mt7915: set fops_sta_stats.owner to THIS_MODULE
594890b11155 mt76: mt7915: update ppe threshold
8884a5def518 mt76: mt7915: rename mt7915_mcu_get_rate_info to mt7915_mcu_get_tx_rate
33b89f4a1bf4 mt76: set fops_tx_stats.owner to THIS_MODULE
4d019c9672ec sync with upstream changes
35e3cd1db479 mt76: mt7603: fix ED/CCA monitoring with single-stream devices
4f9f79b085b1 wireless: mt76: convert tasklets to use new tasklet_setup() API
20e8cf935ed0 mt76: dma: fix possible deadlock running mt76_dma_cleanup
36089a655f58 mt76: mt7915: fix sparse warning cast from restricted __le16
68c4eedafd61 mt76: fix memory leak if device probing fails
9a1a0a4dec71 mt76: mt7603: add additional EEPROM chip ID
01b943295719 mt76: move mt76_mcu_send_firmware in common module
0aee4999902a mt76: mt7663s: introduce WoW support via GPIO
79ebad117325 mt76: switch to wep sw crypto for mt7615/mt7915
af139725193a mt76: fix tkip configuration for mt7615/7663 devices
664e66b35c0b mt76: mt7615: run key configuration in mt7615_set_key for usb/sdio devices
f675358267d6 mt76: mt76u: rely on woker APIs for rx work
b9f9c16cb1bd mt76: mt76u: use dedicated thread for status work
cdeb1b29cd15 mt76: testmode: switch ib and wb rssi to array type for per-antenna report
0a898c0549b6 mt76: testmode: add snr attribute in rx statistics
3ea9a0433bcc mt76: testmode: add tx_rate_stbc parameter
73427ebbbd27 mt76: testmode: add support for LTF and GI combinations for HE mode
88ebccfe8a39 mt76: mt7915: fix tx rate related fields in tx descriptor
9909c0551e4c mt76: testmode: add support for HE rate modes
03ed0909f922 mt76: mt7915: implement testmode tx support
0aa696834a9c mt76: mt7915: implement testmode rx support
5ed3a34b46ce mt76: mt7915: add support to set txpower in testmode
f86361654e94 mt76: mt7915: add support to set tx frequency offset in testmode
64a765be750a mt76: mt7915: make mt7915_eeprom_read static
9b48c13b52f7 mt76: mt7915: use BIT_ULL for omac_idx
27227fd57ea7 mt76: mt7915: remove unused mt7915_mcu_bss_sync_tlv()
cd795267612d mt76: mt7615: support 16 interfaces
82da525ad0c8 mt76: mt7615: refactor usb/sdio rate code
b9a50da503ad mt76: mt7915: rely on eeprom definitions
c79d18723df0 mt76: move mt76_init_tx_queue in common code
b0b221e91445 mt76: sdio: introduce mt76s_alloc_tx_queue
caba5a99e5ae mt76: sdio: rely on mt76_queue in mt76s_process_tx_queue signature
3ed4aad81ce9 mt76: mt7663s: rely on mt76_queue in mt7663s_tx_run_queue signature
216cf8b28579 mt76: dma: rely on mt76_queue in mt76_dma_tx_cleanup signature
0f9350bef1b5 mt76: rely on mt76_queue in tx_queue_skb signature
8932975be066 mt76: introduce mt76_init_mcu_queue utility routine
b0eb7edcc624 mt76: rely on mt76_queue in tx_queue_skb_raw signature
ccd62467d0f3 mt76: move mcu queues to mt76_dev q_mcu array
2e217fb9e962 mt76: move tx hw data queues in mt76_phy
576647f2ec6a mt76: mt7915: fix endian issues
e881fd67c718 mt76: move band capabilities in mt76_phy
c728cecd7b77 mt76: rely on mt76_phy in mt76_init_sband_2g and mt76_init_sband_5g
231ef27697f9 mt76: move band allocation in mt76_register_phy
8aa24c91b13b mt76: move hw mac_addr in mt76_phy
b436da4d9d92 mt76: mt7915: introduce dbdc support
1e34a02c2dcb mt76: mt7915: get rid of dbdc debugfs knob
d8e681bd3268 mt76: mt7615: fix rdd mcu cmd endianness
19c9e277eff6 mt76: mt7915: fix memory leak in mt7915_mcu_get_rx_rate()
e361b6a71e4b mt76: improve tx queue stop/wake
fb24e5f2305b mt76: mt7915: stop queues when running out of tx tokens
066cc441eb8f mt76: attempt to free up more room when filling the tx queue
93c806a34ec2 mt7915: fix minor issues in the token queue blocking change
c017e329a326 mt76: mt7915: ensure that init work completes before starting the device
9e9da427b8a6 mt76: mt7915: fix polling firmware-own status
5cd805ddfb25 mt76: add more conditions for stopping tx scheduling
aa893c73bf85 mt76: mt7915; increase txq memory limit for non-DBDC 7915 cards to 32 MiB
e44b7c91070e mt76: skip queue stop/wake, rely entirely on txq scheduling
6c6a5c59c101 mt76: mt7915: do not set DRR group for stations
510cb5be1bf7 mt76: usb: remove wake logic in mt76u_status_worker
34f318a25421 mt76: sdio: remove wake logic in mt76s_process_tx_queue
4a90fdf6105e mt76: mt76s: fix NULL pointer dereference in mt76s_process_tx_queue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-18 19:01:51 +01:00
Hauke Mehrtens
fca0eb2d92 nat46: Fix PKG_MIRROR_HASH
The PKG_MIRROR_HASH was not updated when updating the package.

Fixes: f75c70aeca ("nat46: update to latest git HEAD")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-17 12:13:27 +01:00
Hauke Mehrtens
94d1b2508c wireless-regdb: Update to version 2020.11.20
9efa1da wireless-regdb: update regulatory rules for Egypt (EG)
ede87f5 wireless-regdb: restore channel 12 & 13 limitation in the US
5bcafa3 wireless-regdb: Update regulatory rules for Croatia (HR)
4e052f1 wireless-regdb: Update regulatory rules for Pakistan (PK) on 5GHz
f9dfc58 wireless-regdb: update 5.8 GHz regulatory rule for GB
c19aad0 wireless-regdb: Update regulatory rules for Kazakhstan (KZ)
07057d3 wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-16 22:11:19 +01:00
Rosen Penev
47f30a566e util-linux: update to 2.36.1
Removed upstream patch.

Refreshed other ones.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-16 22:11:19 +01:00
Rosen Penev
e030a19a57 libunwind: update to 1.5.0
Cleanup Makefile for consistency with other ones.

Remove PKG_SSP. It can be fixed with -lssp_nonshared.

Add PKG_BUILD_PARALLEL for faster compilation.

Add zlib dependency. 1.5.0 requires it now.

Refresh patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-16 22:11:19 +01:00
Hauke Mehrtens
6cdc21b20e mac80211: Update to version 5.8.18-1
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-16 22:11:19 +01:00
Hauke Mehrtens
c9c7cdbbb7 e2fsprogs: Add TARGET_LDFLAGS to e4crypt
The TARGET_LDFLAGS were dropped in the linking of e4crypt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-16 22:11:19 +01:00
Rosen Penev
3040791608 libnetfilter-conntrack: update to 1.0.8
Previous git version was 1.0.7.

Switched to using tarballs for simplicity.

Fixed license information.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-15 00:18:12 +01:00
Nick Hainke
05a1b11c71 netifd: update to latest version
458b1a7e9473 netifd: add segment routing support

Signed-off-by: Nick Hainke <vincent@systemli.org>
2020-12-14 20:25:21 +01:00
Daniel Golle
c74ae89574 kernel: package kmod-keys-encrypted and kmod-keys-trusted
Add kernel module packages for handling encrypted and TPM trusted
keys on the kernel chain.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-14 17:25:14 +00:00
Petr Štetiar
ce1163dfa7 uclient: update to Git version 2020-12-10
2c843b2bc04c Add initial GitLab CI support
073f89f567c0 uclient-fetch: wolfSSL: fix certificate validation
086c292160ac uclient-fetch: init_ca_cert: fix memory leak
a3c1a88b031a cmake: enable extra compiler checks
32ff717ed316 uclient-http: fix extra compiler warnings on mips_24kc and cortex-a9+neon
86a2ac6ac46f uclient-fetch: fix potential memory leaks
158dd9dd289c uclient: fix initialized but never read variable
66b4420856a7 uclient-fetch: fix statement may fallt hrough
436f9b3af2ad uclient-http: fix freeing of stack allocated memory
e6b5b8a98ce2 Fix extra compiler warnings
12df67e45bb0 Add basic cram based unit tests
b6e34845124f cmake: fix building out of the tree

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-14 09:41:39 +01:00
Petr Štetiar
23bbaa02a9 ustream-ssl: update to Git version 2020-12-10
68d09243b6fd Add initial GitLab CI support
8280140db9d1 wolfssl: remove now deprecated compatibility code
cee6791b362a ustream-mbedtls: fix certificate verification
55c3fd89d508 ustream-mbedtls: implement set_require_validation
c6b4c48689a3 ustream-openssl: wolfSSL: fix certificate validation
3bc05402bfab cmake: enable extra compiler checks
cd2c3d12db43 ustream-mbedtls: fix comparison of integers of different signs
5896991e46a3 ustream-openssl: fix BIO_method memory leak
2c342ae57c5b ustream-openssl: fix wolfSSL includes
fa8ecd6ed140 cmake: fix linking when mbed TLS not in default paths
63656f81045f cmake: fix linking when wolfSSL not in default paths
c26f71e844df cmake: fix building out of the tree

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-14 09:41:39 +01:00
Rui Salvaterra
116191eddf zram-swap: remove the compression streams settings
Zram switched to per-cpu compression streams since Linux 4.7 [1]. Drop the
irrelevant configuration (no-op).

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/block/zram?h=v4.7&id=43209ea2d17aae1540d4e28274e36404f72702f2

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-12-13 13:55:03 -10:00
Luis Araneda
8b870418f1 uboot-zynq: fix dtc compilation on host gcc 10
gcc 10 defaults to -fno-common, which causes an error
when linking.

Back-port the following Linux kernel commit to fix it:
e33a814e772c (scripts/dtc: Remove redundant YYLOC global declaration)

Tested on an Arch Linux host with gcc 10.1.0

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2020-12-13 16:12:45 +01:00
Daniel Golle
b2d48c1dfe odhcpd: remove local mkdir_p implementation
Replace local mkdir_p implementation in favour of using mkdir_p now
added to libubox.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-13 00:13:18 +00:00
Daniel Golle
54239ccfe7 procd: update to git HEAD
111416d jail: remove unreachable code
 7f12c89 treewide: replace local mkdir_p implementations

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 23:34:10 +00:00
Daniel Golle
278b1e95a7 fstools: update to git HEAD
0c6fb90 jffs2-reset: allow doing a factory reset and passing a sysupgrade.tgz
 4862530 mount: restorecon: guard against execl() errors
 f415323 block: replace local mkdir_p implementation

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 23:34:10 +00:00
Daniel Golle
ee0ff7343e libubox: utils: introduce mkdir_p
Add new utility function mkdir_p(char *path, mode_t mode) to replace
the partially buggy implementations found accross fstools and procd.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 23:34:10 +00:00
Daniel Golle
be6aa93e4d selinux-policy: update to version 0.4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 14:45:32 +00:00
Philip Prindeville
5d2b577a53 xfrm: support 'multicast' attribute on interfaces
You shouldn't need the overhead of GRE just to add multicast
capability on a point-to-point interface (for instance, you might
want to run mDNS over IPsec transport connections, and Avahi
requires IFF_MULTICAST be set on interfaces, even point-to-point
ones).

Borrowed heavily from:

    b3c9321b9e gre: Support multicast configurable gre interfaces

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-12-11 20:53:36 +01:00
Eneas U de Queiroz
882ca13d92 openssl: update to 1.1.1i
Fixes: CVE-2020-1971, defined as high severity, summarized as:
NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS
attack.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-12-11 13:57:04 +01:00
Marty Jones
b63e57ba17 kernel: add Aquantia AQtion USB-to-5GbE adapters
This add support for USB-to-Ethernet Aquantia AQtion
5/2.5GbE adapters based on the AQC111U controllers.

Run-tested: x86
Adapter-tested: Sabrent NT-SS5G
Signed-off-by: Marty Jones <mj8263788@gmail.com>
2020-12-11 13:57:04 +01:00
Konstantin Demin
52aa2017d3 dropbear: bump package version
Bump package version after previous changes.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-11 13:48:24 +01:00
Konstantin Demin
228298290e dropbear: add ssh-askpass support in configuration
binary size cost is much less than 1k.

tested on ath79/generic:
  bin: 215128 -> 215132 (+4b)
  ipk: 111183 -> 111494 (+311b)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
e1bd9645b6 dropbear: roll up recipes into mapping lists
this commit removes manual recipes for options and introduces mapping lists:
- DB_OPT_COMMON holds option mappings which are common for all builds;
- DB_OPT_CONFIG holds option mappings which are depend on config settings.

DB_OPT_COMMON is space-separated list of 'words', each of them is in format:
  'header_option|value'

'header_option' is added with value 'value' to 'localoptions.h'.

if 'header_option' is preceded by two exclamation marks ('!!')
then option is not added to 'localoptions.h' but replaced in 'sysoptions.h'.

in short:
   option|value - add option to localoptions.h
 !!option|value - replace option in sysoptions.h

DB_OPT_CONFIG is space-separated list of 'words', each of them is in format:
  'header_option|config_variable|value_enabled|value_disabled'

'header_option' is handled likewise in DB_OPT_COMMON.

if 'config_variable' is enabled (technically: not disabled)
then 'header_option' is set to 'value_enabled' and 'value_disabled' otherwise.

in short:
   option|config|enabled|disabled = add option to localoptions.h
 !!option|config|enabled|disabled = replace option in sysoptions.h

   option := (config) ? enabled : disabled

If you're not sure that option's value doesn't have '|' within - add your recipe
manually right after '$(Build/Configure/dropbear_headers)' and write some words
about your decision.

PS about two exclamation marks:
early idea was to use one exclamation mark to denote such header options
but then i thought single exclamation mark may be overlooked by mistake.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
79d5c24724 dropbear: rework recipes that configure build
- add two helper functions to avoid mistakes with
  choice of correct header file to work with
- update rules accordingly

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
42eff7c7e6 dropbear: reorder options in Configure recipe
put static options at first place, then place configurable options.
also put DROPBEAR_ECC right before DROPBEAR_ECC_FULL to ease maintainance.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
7e122c353a dropbear: enable back DROPBEAR_USE_PASSWORD_ENV
this option was disabled in 2011 and these long nine years showed us that change was definitely wrong.

binary size cost is much less than 1k.

tested on ath79/generic:
  bin: 215128 -> 215128 (no change)
  ipk: 111108 -> 111183 (+75b)

Fixes: 3c801b3dc0 ("tune some more options by default to decrease size")
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
John Thomson
d82c191283 package/base-files: caldata: use dd iflag fullblock
This dd flag ensures that the requested size
is retrieved from pipes or special filesystems (if available).

Without this flag, on multi-core systems,
Piped or special filesystem data can be truncated
when a size greater than PIPE_BUF is requested.

Fixes: FS#3494
Fixes: 7557e7f ("package/base-files: caldata: work around dd's
limitation")
Cc: Thibaut VARÈNE <hacks@slashdirt.org>

Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
2020-12-11 13:48:24 +01:00
Petr Štetiar
064d65c2f7 wolfssl: fix broken wolfSSL_X509_check_host
Backport upstream post 4.5.0 fix for broken wolfSSL_X509_check_host().

References: https://github.com/wolfSSL/wolfssl/issues/3329
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-11 13:48:24 +01:00
Eneas U de Queiroz
f31c9cd383 wolfssl: compile with --enable-opensslall
This enables all OpenSSL API available.  It is required to avoid some
silent failures, such as when performing client certificate validation.

Package size increases from 356.6K to 374.7K for
arm_cortex-a9_vfpv3-d16.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-12-11 13:48:24 +01:00
Eneas U de Queiroz
4e8a0014aa wolfssl: add lighty support, skip crypttests
Tnis adds the --enable-lighty option to configure, enabling the minimum
API needed to run lighttpd, in the packages feed.  Size increase is
about 120 bytes for arm_cortex-a9_vfpv3-d16.

While at it, speed up build by disabling crypt bench/test.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-12-11 13:48:24 +01:00
Paul Spooren
6ea03ec94c opkg: remove legacy dist and extra_data
efb26a3 libopkg: remove "extra_data" option
1d67ab7 libopkg: remove support for "dist" config

Reduces opkg size by about 400 Bytes.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-12-09 23:24:38 -10:00
Paul Spooren
e7e16667ff iftop: remove package
The package has no reason to be in openwrt.git. Move it to packages.git.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2020-12-09 23:24:22 -10:00
Hans Dedecker
dd3464023f odhcp6c: update to latest git HEAD
0ffa3a3 dhcpv6: harden reconfigure logic
3999b6d dhcpv6: rework DHCPv6 message to string implementation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-09 22:33:34 +01:00
Jo-Philipp Wich
dd5b3b58d8 lldpd: fix autoreconf failure
The lldpd sources ship a modified local AX_LIB_READLINE M4 macro which
conflicts with the official macro shipped by autoconf-archive.

Due to the official macro having the same name and a higher serial
number, autoconf will prefer including that one instead of the local
copy, preventing the substitution of @READLINE_LIBS@ in Makefile.in
templates, ultimately leading to the following build failure when
linking lldpcli:

    ...-gcc: error: READLINE_LIBS@: No such file or directory

Avoid this problem by renaming the locally shipped macro to not clash
with the official implementation anymore.

Ref: https://github.com/lldpd/lldpd/pull/423
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-12-09 12:36:40 +01:00
Adrian Schmutzler
af07c6de9c uboot-envtools: ramips: use full names for Xiaomi Mi Routers
This updates uboot-envtools with the updated names from ramips
target.

Fixes: 6d4382711a ("ramips: use full names for Xiaomi Mi Router devices")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-12-08 23:45:10 +01:00
Rosen Penev
f7d7a3a18b libcxx[abi]: remove
This is a neat project, but offers no benefit to OpenWrt. The initial
reason for it was to be a replacement for libstdcpp as it is smaller
and lacks compatibility for C++98. Unfortunately, compiling several
packages with it results in larger ipk sizes.

While not a member of the packages feed, this will be moved to
packages-abandoned to keep it somewhere.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-07 10:46:43 -10:00
Rosen Penev
588933ae9a lzo: remove
This is not used by any package in base. It will be moved to packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-06 11:21:44 -10:00
Rosen Penev
0afc629c83 mtd-utils: remove lzo build dependency
The build option `--withouth-lzo` is added in the Makefile which makes
the existence of lzo obsolete. To remove the lzo package from
openwrt.git entirely, remove the legacy dependency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[improved commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-12-06 11:21:37 -10:00
Rui Salvaterra
e273c1715b kernel: kmod-lib-zstd: enable crypto API support
Zstd is supported by the crypto API since Linux 4.18. Enable this feature and
reveal the package in the configuration section, so the user can select it.
This allows zstd to be used as a compression algorithm in zram, for example.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-12-06 08:56:59 -10:00
Nick Lowe
ce5bcff304 hostapd: Disable 802.11b data rates by default
Set legacy_rates to 0 by default to disable 802.11b data rates by default.

The time has long come where 802.11b DSSS/CCK data rates should be disabled
by default in OpenWRT. Users in need of 802.11b client support can reasonably
enable these where they are needed.

The balance of equities has significantly, and for a long time, tipped
such that dropping backwards compatibility by default with 802.11b
devices is appropriate, proportionate and justified. By doing so,
management and control traffic is moved by default to a 20
MHz wide 6 Mb/s OFDM data rate instead of a 22 MHz wide 1 Mb/s DSSS data
rate. This is significantly more airtime efficient.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2020-12-06 08:51:32 -10:00
Eneas U de Queiroz
2f75348923 openssl: use --cross-compile-prefix in Configure
This sets the --cross-compile-prefix option when running Configure, so
that that it will not use the host gcc to figure out, among other
things, compiler defines.  It avoids errors, if the host 'gcc' is
handled by clang:

mips-openwrt-linux-musl-gcc: error: unrecognized command-line option
'-Qunused-arguments'

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2020-12-06 18:32:14 +01:00
Sven Roederer
13961da6ce procd: also depend on jshn
fixes "file no found" error on stripped down images, caused by prod.sh:43.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-12-05 22:18:07 -10:00
Rosen Penev
28a9ac74cc openvpn: remove
This will be moved to packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Paul Spooren <mail@aparcar.org>
2020-12-05 10:09:01 -10:00
Rosen Penev
57a8028949 openvpn-easy-rsa: remove
This will be moved to packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-05 10:08:49 -10:00
Hans Dedecker
13734075d2 odhcp6c: update to git HEAD
faed29a dhcpv6: only refresh timers when reconfigure is valid
9c50975 dhcpv6: fix printing identity association id
a7b2221 dhcpv6: avoid sending continuous renew/rebind messages
d7afa2b dhcpv6: add extra syslog info traces
f5728e4 odhcp6c_find_entry: exclude priority from the list of fields that must match

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-05 20:48:50 +01:00
Daniel Golle
4dc5b64760 procd: output warning if user 'ubus' doesn't exist
6acc48c early: fall-back to run ubus as root if user can't be found

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-04 14:41:26 +00:00
Daniel Golle
533895e05e ubus: make sure ubusd starts in case user 'ubus' doesn't exist
d1d9ddf ubusd: attempt to create socket folder

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-04 14:41:26 +00:00
Stan Grishin
b4f1f9c9e4 base-files: informative service command in /etc/shinit. service command shows services enabled/disabled and running status, when the service command is invoked with no/invalid arguments, like this:
Usage: service <service> [command]
The following services are available:
/etc/init.d/acme                   enabled         stopped
/etc/init.d/boot                   enabled         stopped
/etc/init.d/cron                   enabled         running
/etc/init.d/dnsmasq                enabled         running
...

Signed-off-by: Stan Grishin <stangri@melmac.net>
2020-12-03 23:28:43 -10:00
Hauke Mehrtens
d346beb08c build: Extract trusted-firmware-a.mk
The include/trusted-firmware-a.mk file is based on the
include/u-boot.mk file and should be used to build a Trusted Firmware-A
(TFA) which was previously named Arm trusted firmware.

This is useful for targets where the TFA is board specific like for
Marvell SoCs and probably also NXP Layerscape SoCs.

This also makes use of this abstraction in the
arm-trusted-firmware-mvebu package to build board specific ATF binaries.

The ATF binaries will be automatically activated and build when the
board is selected in the normal build or all boards are selected. This
should also activate the build when build bot creates images.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-02 23:46:01 +01:00
Felix Fietkau
36db12b883 netifd: update to the latest version
d6bd1047d004 vlandev: dump vlan id in device status
e0c838bd06a6 vlandev: support bridge-vlan aliases in the vid config parameter
574dc4a17105 system-dummy: print configured mac address
14f0e8ff928f system-linux: simplify mask check in system_if_apply_settings
524310276f20 system-linux: move device settings handling to device.c
42c48866f1c1 config: parse default mac address from board.json

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-02 12:08:52 +01:00
John Crispin
9290539ca9 base-files: allow setting device and bridge macs
Add code for setting mac addresses inside board.json and rendering
them out to uci. On switches we want to have a unique MAC on each port.
With 48 port switches that would require 48 device sections in
/etc/config/network. Doing so via board.json is easier.

Signed-off-by: John Crispin <john@phrozen.org>
2020-12-02 07:51:36 +01:00
John Crispin
f3926d233d uboot-envtools: add support for the realtek target
On most boards the MAC is located inside the u-boot-env.

Signed-off-by: John Crispin <john@phrozen.org>
2020-12-02 07:51:00 +01:00
Daniel Golle
c71500fd45 procd: update to git HEAD
f3c3563 jail: improve seccomp BPF generator
 f67a66f jail: always call cgroups_free()
 4625350 jail: seccomp: improve code readability

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-30 10:39:15 +00:00
Daniel Golle
aa6fe00a48 busybox: add check for capabilities file
Similar to the previous commit adding a check to the init script of
umdns, do a similar change for sysntpd, just to be on the safe side.

Inspired-by: 520403cd49 ("umdns: add check for seccomp list")

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-30 10:39:01 +00:00
Jan Pavlinec
520403cd49 umdns: add check for seccomp list
This should fix an issue when user have a router with enabled seccomp
and tries to run umdns package which was build with SDK with disabled
seccomp support.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-11-30 10:38:13 +00:00
Nick Lowe
81ff23fc91 hostapd: Add cell_density data rates option
Add a cell_density option to configure data rates for normal, high and
very high cell density wireless deployments.

The purpose of using a minimum basic/mandatory data rate that is higher
than 6 Mb/s, or 5.5 Mb/s (802.11b compatible), in high cell density
environments is to transmit broadcast/multicast data frames using less
airtime or to reduce management overheads where significant co-channel
interference (CCI) exists and cannot be avoided.

Caution: Without careful design and validation, configuration of a too
high minimum basic/mandatory data rate can sacrifice connection stability
or disrupt the ability to reliably connect and authenticate for little to
no capacity benefit. This is because this configuration affects the
ability of clients to hear and demodulate management, control and
broadcast/multicast data frames.

Deployments that have not been specifically designed and validated are
usually best suited to use 6, 12 and 24 Mb/s as basic/mandatory data
rates.

Only usually seek to configure a 12 Mb/s, or 11 Mb/s (802.11b
compatible), minimum basic/mandatory rate in high cell density
deployments that have been designed and validated for this.

For many deployments, the minimum basic/mandatory data rate should not be
configured above 12 Mb/s to 18 Mb/s, 24 Mb/s or higher. Such a
configuration is only appropriate for use in very high cell density
deployment scenarios.

A cell_density of Very High (3) should only be used where a deployment
has a valid use case and has been designed and validated specifically for
this use, nearly always with highly directional antennas - an example
would be stadium deployments. For example, with a 24 Mb/s OFDM minimum
basic/mandatory data rate, approximately a -73 dBm RSSI is required to
decode frames. Many clients will not have roamed elsewhere by the time
that they experience -73 dBm and, where they do, they frequently may not
hear and be able to demodulate beacon, control or broadcast/multicast
data frames causing connectivity issues.

There is a myth that disabling lower basic/mandatory data rates will
improve roaming and avoid sticky clients. For 802.11n, 802.11ac and
802.11ax clients this is not correct as clients will shift to and use
lower MCS rates and not to the 802.11b or 802.11g/802.11a rates that are
able to be used as basic/mandatory data rates.

There is a myth that disabling lower basic/mandatory data rates will
ensure that clients only use higher data rates and that better
performance is assured. For 802.11n, 802.11ac and 802.11ax clients this
is not correct as clients will shift around and use MCS rates and not the
802.11b or 802.11g/802.11a rates that able to be used as basic/mandatory
data rates.

Cell Density

0 - Disabled (Default)
Setting cell_density to 0 does not configure data rates. This is the
default.

1 - Normal Cell Density
Setting cell_density to 1 configures the basic/mandatory rates to 6, 12
and 24 Mb/s OFDM rates where legacy_rates is 0. Supported rates lower
than the minimum basic/mandatory rate are not offered.
Setting cell_density to 1 configures the basic/mandatory rates to the 5.5
and 11 Mb/s DSSS rates where legacy_rates is 1. Supported rates lower
than the minimum basic/mandatory rate are not offered.

2 - High Cell Density
Setting the cell_density to 2 configures the basic/mandatory rates to the
12 and 24 Mb/s OFDM rates where legacy_rates is 0. Supported rates lower
than the minimum basic/mandatory rate are not offered.
Setting the cell_density to 2 configures the basic/mandatory rates to the
11 Mb/s DSSS rate where legacy_rates is 1. Supported rates lower than the
minimum basic/mandatory rate are not offered.

3 - Very High Cell Density
Setting the cell_density to 3 configures the basic/mandatory rates to the
24 Mb/s OFDM rate where legacy_rates is 0. Supported rates lower than the
minimum basic/mandatory rate are not offered.
Setting the cell_density to 3 only has effect where legacy_rates is 0,
else this has the same effect as being configured with a cell_density of 2.

Where specified, the basic_rate and supported_rates options continue to
override both the cell_density and legacy_rates options.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2020-11-30 09:31:15 +01:00
Huangbin Zhan
451c1eb8c2 base-files: fix alias more to properly detect /usr/bin/more
Package more is installed to /usr/bin rather than /bin.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-11-28 15:12:36 -10:00
Álvaro Fernández Rojas
61e381d322 ath10k-firmware: remove unused package
All firmwares were added to linux-firmware, so there's no need to keep this
package definitions.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-28 18:19:37 +01:00
Álvaro Fernández Rojas
655091ec45 ath10k-ct-firmware: switch to linux-firmware board binaries
Instead of duplicating board firmware binaries, which are exactly the same
as the ones from linux-firmware, add dependencies and remove duplicated
downloads.

Runtime-tested on ath79 (TP-Link Archer C7 v2) and ipq806x (Netgear R7800).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-28 18:19:37 +01:00
Álvaro Fernández Rojas
c3b2efaf24 linux-firmware: ath10k: add board firmware packages
Split ath10k firmwares into board and firmware packages.
This way we can add dependencies to ath10k-ct firmware packages.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-28 18:19:37 +01:00
Rosen Penev
c7778acf10 libnetfilter-cthelper: remove
conntrack was moved to packages where this is used. This will be moved
there as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-28 14:24:25 +01:00
Rosen Penev
6d242414e4 libnetfilter-cttimeout: remove
conntrack was moved to packages where this is used. This will be moved
there as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-28 14:24:25 +01:00
Rosen Penev
f06aface3c libnetfilter-log: remove
ulogd in the packages feed is the only user of this. It will be moved
there.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-28 14:24:25 +01:00
Rosen Penev
530965dfb4 libnetfilter-queue: remove
Nothing in base uses this. This will be moved to packages where it is
used.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-28 14:24:25 +01:00
Petr Štetiar
e5ba6e9c28 kernel: sfc,sfc-falcon: fix kernel config symbols
I've just noticed on i.mx6 target, that there are missing kernel symbols
so I'm fixing it.

Fixes: 3c5d70ad26 ("kernel: add module support Solarflare network adapter")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-11-27 14:46:13 +01:00
Rosen Penev
9762cf107b libroxml: remove
This will be moved to the packages feed as nothing here uses it.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-27 00:58:48 -10:00
Imran Khan
9c2eceef90 base-files: merge /etc/passwd on rw-rootfs
Support installations without root-overlayfs (and hence without /rom)
when migrating user accounts.

Signed-off-by: Imran Khan <gururug@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[simplified patch, bumped PKG_RELEASE, cleaned message]
2020-11-27 09:59:14 +00:00
Daniel Golle
64cbfd1f54 umdns: update seccomp filter rules
Add 'writev' syscall to list of allowed syscalls.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-27 01:23:43 +00:00
Daniel Golle
8cf0ac3f1f procd: update to git HEAD
3019f50 jail: leak less memory
 7e01453 jail: fix segfault on missing name and refactor
 5abee8f jail: fix and simplify userns uid/gid maps from OCI
 4ba72ec jail: relax /etc/resolv.conf creation
 db5ef86 jail: don't use NULL arguments for mount syscall
 19ac9df jail: don't fail if can't mount-bind /etc/resolv.conf
 acf36f2 jail: seteuid before clone(CLONE_NEWUSER)
 e40828f jail: fix typo in usage output
 b87984b jail: don't attempt to mount /sys with noatime
 b275b11 jail: enter existing cgroups namespace if given
 31e0a46 jail: properly initialize timens_fd

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-27 01:23:43 +00:00
Rosen Penev
8a87ab43d1 libiconv-full: Makefile polishing
Added PKG_INSTALL to avoid using an explicit define Build/Compile

Added PKG_BUILD_PARALLEL for faster compilation.

Removed TARGET_CLAFGS. They are no longer necessary.
fPIC is default now. So is gnu99. -DUSE_DOS is a hack to include old
and mostly unused conversions.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-26 13:09:32 -10:00
Josef Schlehofer
75063b941b libiconv-full: update to version 1.16
- Removed following patches:
100-strip_charsets.patch - makes the full variant slim.
101-autotools.patch - this one fails to apply because it was backported
from newer versions for 1.11.1.
103-configure_ac_fix.patch - backported from newer versions
200-work-with-libtool2.patch - is not needed anymore, it is done
differently in upstream
300-fortify-source-compat.patch - these files are not there anymore

- TVHeadend requires working iconv library e.g. transliteration to ASCII
and this does not work with libiconv-full currently.

There is a simple test, which requires to install iconv package.

Before applying this update:
root@turris:/# echo ŽluťoučkýKůň | iconv -t ASCII//TRANSLIT//IGNORE
luoukK

After applying this update:
root@turris:~# echo ŽluťoučkýKůň | iconv -t ASCII//TRANSLIT//IGNORE
Zlutouck'yKun

- Makefile changes:
Use HTTPS for their website
Fixed deprecated SPDX License Identifier
Move PKG_MAINTAINER above PKG_LICENSE

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Tested-by: Rosen Penev <rosenp@gmail.com> [malta]
2020-11-26 13:09:24 -10:00
Kevin Darbyshire-Bryant
6429307a3d nettle: fix build on macos xcode 12
compiler warns that exit() isn't defined so checks for build system
compiler fail.

include <stdlib.h> to define exit()

Tested under macos Catalina & Big Sur

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-11-26 17:37:42 +00:00
Paul Spooren
66732c5cd9 opkg: cleanup man pages and md5 fixup
66f458d fix md5sum calculation
02eaf9c man: remove obsolete manual pages

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-25 14:46:46 -10:00
Stijn Tintel
26c26e11a2 hostapd: fix "sh: out of range" errors
Several variables in hostapd.sh can be used uninitialized in numerical
comparisons, causing errors in logread:

netifd: radio24 (1668): sh: out of range

Set defaults for those variables to silence those errors.

Fixes: b518f07d4b ("hostapd: remove ieee80211v option")
Fixes: cc80cf53c5 ("hostapd: add FTM responder support")
Fixes: e66bd0eb04 ("hostapd: make rrm report independent of ieee80211k setting")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-11-26 02:25:23 +02:00
Stijn Tintel
c5ea37af7e lldpd: bump to 1.0.7
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-11-26 00:25:25 +02:00
Stijn Tintel
864a76d237 ath10k-ct: switch to driver version 5.8
Since we are using mac80211 5.8, let's also switch the ath10k-ct driver
to the new 5.8 version.

Modify patches so they patch the new ath10k-ct driver version.
Adapt 164-ath10k-commit-rates-from-mac80211.patch.
Drop upstreamed 205-ath10k-Add-NL80211_EXT_FEATURE_AQL-flag.patch.

Drop the other options for CT_KVER from the comment, as it is incorrect
and there are too many versions to sum up and maintain there.

Runtime-tested on ath79 (D-Link DAP-2695-A1, TP-Link EAP245-v3).

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-11-26 00:17:47 +02:00
Ataberk Özen
4287f73989 ramips: add support for Xiaomi Mi Router 4C
This commit adds support for Xiaomi's Mi Router 4C device.

Specifications:

- CPU: MediaTek MT7628AN (580MHz)
- Flash: 16MB
- RAM: 64MB DDR2
- 2.4 GHz: IEEE 802.11b/g/n with Integrated LNA and PA
- Antennas: 4x external single band antennas
- WAN: 1x 10/100M
- LAN: 2x 10/100M
- LEDs: 2x yellow/blue. Programmable (labelled as power on case)
                      - Non-programmable (shows WAN activity)
- Button: Reset

How to install:

1- Use OpenWRTInvasion to gain telnet and ftp access.
2- Push openwrt firmware to /tmp/ using ftp.
3- Connect to router using telnet. (IP: 192.168.31.1 -
   Username: root - No password)
4- Use command "mtd -r write /tmp/firmware.bin OS1" to flash into
   the router..
5- It takes around 2 minutes. After that router will restart itself
   to OpenWrt.

Signed-off-by: Ataberk Özen <ataberkozen123@gmail.com>
[wrap commit message, bump PKG_RELEASE for uboot-envtools, remove
dts-v1 from DTS, fix LED labels]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-25 19:34:13 +01:00
Lukas Tribus
1b493aabb9 busybox: enable find -mmin support by default
Enable busybox's find -mmin time support, which is extremely small,
however also very useful in scripts:

72d1a2357d

Comparing package sizes...
Change 	Local	Remote 	Package
+7	229009	229002	busybox

Signed-off-by: Lukas Tribus <lukas@ltri.eu>
[fix commit message long line and missing size change]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-25 08:13:14 -10:00
Rosen Penev
b9246bbdc9 base-files: functions.sh: replace [^...] with [!...] in case
Strictly speaking, ash does not support it.

From https://wiki.ubuntu.com/DashAsBinSh#A.5B.5E.5D

Not to be confused by sed's and other program's regular expression
syntax. Uses of [^...] in case (parameter/word expansion in general) need
to be replaced with [!...].

Found with shellcheck: https://github.com/koalaman/shellcheck/wiki/SC2169

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[minor commit title/message adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-25 17:22:39 +01:00
Michael Pratt
b31aaa0580 ath79: add support for Senao Engenius EAP300 v2
FCC ID: A8J-EAP300A

Engenius EAP300 v2 is an indoor wireless access point with a
100/10-BaseT ethernet port, 2.4 GHz wireless, internal antennas,
and 802.3af PoE.

**Specification:**

  - AR9341
  - 40 MHz reference clock
  - 16 MB FLASH			MX25L12845EMI-10G
  - 64 MB RAM
  - UART at J1			(populated)
  - Ethernet port with POE
  - internal antennas
  - 3 LEDs, 1 button		(power, eth, wlan) (reset)

**MAC addresses:**

  phy0  *:d3   art 0x1002 (label)
  eth0  *:d4   art 0x0/0x6

**Installation:**

  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

  OEM webpage at 192.168.1.1
  username and password "admin"
  Navigate to "Firmware" page from left pane
  Click Browse and select the factory.bin image
  Upload and verify checksum
  Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

  After connecting to serial console and rebooting...
  Interrupt uboot with any key pressed rapidly
  execute `run failsafe_boot` OR `bootm 0x9fdf0000`
  wait a minute
  connect to ethernet and navigate to
  "192.168.1.1/index.htm"
  Select the factory.bin image and upload
  wait about 3 minutes

**Return to OEM:**

  If you have a serial cable, see Serial Failsafe instructions

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, can cause kernel loop or halt

  The easiest way to return to the OEM software is the Failsafe image
  If you dont have a serial cable, you can ssh into openwrt and run

  `mtd -r erase fakeroot`

  Wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

**TFTP recovery** (unstable / not reliable):

  rename initramfs to 'vmlinux-art-ramdisk'
  make available on TFTP server at 192.168.1.101
  power board while holding or pressing reset button repeatedly

  NOTE: for some Engenius boards TFTP is not reliable
  try setting MTU to 600 and try many times

**Format of OEM firmware image:**

  The OEM software of EAP300 v2 is a heavily modified version
  of Openwrt Kamikaze. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names
  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  The OEM upgrade script is at /etc/fwupgrade.sh.

  OKLI kernel loader is required because the OEM software
  expects the kernel size to be no greater than 1536k
  and otherwise the factory.bin upgrade procedure would
  overwrite part of the kernel when writing rootfs.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
[clarify MAC address section, bump PKG_RELEASE for uboot-envtools]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-25 13:23:06 +01:00
Rosen Penev
a058349ff9 libusb-compat: remove
No package in base relies on this library. This library will be moved
to packages where it is needed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-25 13:23:06 +01:00
Álvaro Fernández Rojas
2418657104 linux-firmware: brcm: use RPI 4B NVRAM file
Use the dedicated RPI 4B NVRAM file introduced in 20191215.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-25 10:46:15 +01:00
Álvaro Fernández Rojas
3c0059773c cypress-nvram: add proper package conflicts
There are linux firmware packages for all RPIs NVRAMs.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-25 10:30:44 +01:00
Álvaro Fernández Rojas
3678778445 cypress-firmware: add proper package conflicts
There are linux firmwares packages for 43362, 43430 and 43455 which shouldn't
be installed at the same time as Cypress firmwares.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-25 10:30:44 +01:00
Karel Kočí
bbe302d2b6 ath10k-ct-firmware: add conflicts and better provides
This expands packages to define not only provides but also conflicts.
These packages provides same files so they should specify conflicts.

Second expansion is that *-ct-htt and *-ct-full-htt firmwares can also
provide *-ct variant as that allows explicit dependency on CT variant
with various firmware modifications.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
[Bump PKG_RELEASE and format PROVIDES/CONFLICTS]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-25 10:30:44 +01:00
Rosen Penev
ee1150e362 exfat: update to 5.10.1
Remove tar hacks and use PKG_BUILD_DIR.

Added missing URL.

Changelog:

d5eb2e1 exfat: remove useless check in exfat_move_file()
8cb2bc3 exfat: use i_blocksize() to get blocksize
4cd0435 exfat: fix misspellings using codespell tool
485d677 exfat: fix use of uninitialized spinlock on error path
03b3db6 exfat: remove 'rwoffset' in exfat_inode_info
90797eb exfat: replace memcpy with structure assignment
d144149 exfat: remove useless directory scan in exfat_add_entry()
fc67230 exfat: eliminate dead code in exfat_find()
7c25c64 exfat: fix pointer error checking
bfea1fb exfat: retain 'VolumeFlags' properly

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-24 23:14:40 -10:00
Paul Spooren
7c114f33dd opkg: purge package from cache on hash mismatch
61b3c62 opkg_verify_integrity: better logging and error conditions
f73d42f download: purge cached packages that have incorrect checksum
1c1480e download: factor out the logic for building cache filenames
293b1ce libopkg: factor out checksum and size verification
a786e25 download: remove compatibility with old cache naming scheme

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-24 22:06:37 -10:00
Jan Pavlinec
5bb3cc749e tcpdump: patch CVE-2020-8037
This PR backports upstream fix for CVE-2020-8037.  This fix is only
relevant for tcpdump package, tcpdump-mini is not affeted by this issue.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-11-25 05:49:09 +01:00
Álvaro Fernández Rojas
89854d3834 ath10k-ct: update to latest version
1d28d17 ath10k-ct: Fix RSSI reporting for wave-1 firmware.
0c2949e ath10k-ct: fwcfg allows configuring dma-burst setting.
13319ff ath10k-ct: stable patches, debugfs crashdump, 5.8 driver

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-11-24 17:43:15 +01:00
Martin Schiller
b4b829fe64 uqmi: set plmn only if necessary
Setting the plmn to '0' (auto) will implicitly lead to a (delayed)
network re-registration, which could further lead to some timing
related issues in the qmi proto handler.

On the other hand, if you switch back from manual plmn selection
to auto mode you have to set it to '0', because this setting is
permanently "saved" in the wwan module.

Conclusion:
If plmn is configured, check if it's already set euqally in the module.
If so, do nothing. Otherwise set it.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-24 15:18:16 +00:00
Tomasz Maciej Nowak
bc64b9c32e treewide: update email address of Tomasz Maciej Nowak
Replace my o2.pl email address.

I'm still available at the old address.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rephrase commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-24 15:39:07 +01:00
Vladimir Vid
c0af4a0ca2 mvebu: add initial support for Globalscale ESPRESSObin-Ultra
This patch adds support for Globalscale ESPRESSObin-Ultra. Device uses
the same Armada-3720 SoC with extended hardware support.

- SoC: Armada-3720
- RAM: 1 GB DDR4
- Flash: 4MB SPI NOR (mx25u3235f) + 8 GB eMMC
- Ethernet: Topaz 6341 88e6341 (4x GB LAN + 1x WAN with 30W PoE)
- WiFI: 2x2 802.11ac Wi-Fi marvell (88w8997 PCIe+USB)
- 1x USB 2.0 port
- 1x USB 3.0 port
- 1x microSD slot
- 1x mini-PCIe slot (USB [with nano-sim slot])
- 1x mini-USB debug UART
- 1x RTC Clock and battery
- 1x reset button
- 1x power button
- 4x LED (RGBY)
- Optional 1x M.2 2280 slot

** Installation **

Copy dtb from build_dir to bin/ and run tftpserver there:
$ cp ./build_dir/target-aarch64_cortex-a53_musl/linux-mvebu_cortexa53/
linux-5.4.65/arch/arm64/boot/dts/marvell/armada-3720-espressobin-ultra.dtb
bin/targets/mvebu/cortexa53/
$ in.tftpd -L -s bin/targets/mvebu/cortexa53/

Connect to the device UART via microUSB port on the back side and power on the device.

Power on the device and hit any key to stop the autoboot.

Set serverip (host IP) and ipaddr (any free IP address on the same subnet), e.g:
$ setenv serverip 192.168.1.10 # Host
$ setenv ipaddr 192.168.1.15 # Device

Ping server to confirm network is working:
$ ping $serverip
Using neta@30000 device
host 192.168.1.15 is alive

Tftpboot the firmware:
$ tftpboot $kernel_addr_r openwrt-mvebu-cortexa53-globalscale_espressobin-ultra-initramfs-kernel.bin
$ tftpboot $fdt_addr_r armada-3720-espressobin-ultra.dtb

Set the console and boot the image:
$ setenv bootargs $console
$ booti $kernel_addr_r - $fdt_addr_r

Once the initramfs is booted, transfer openwrt-mvebu-cortexa53-globalscale_espressobin-ultra-squashfs-sdcard.img.gz
to /tmp dir on the device.

Gunzip and dd the image:
$ gunzip /tmp/openwrt-mvebu-cortexa53-globalscale_espressobin-ultra-squashfs-sdcard.img.gz
$ dd if=/tmp/openwrt-mvebu-cortexa53-globalscale_espressobin-ultra-squashfs-sdcard.img of=/dev/mmcblk0 && sync

Reboot the device.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2020-11-23 22:53:15 +01:00
Leon M. George
651f0c0999 hostapd: fix patch offset
Fixes the offset of the patch added in 93bbd998aa
  ("hostapd: enter DFS state if no available channel is found").

Signed-off-by: Leon M. George <leon@georgemail.eu>
2020-11-23 22:53:15 +01:00
Pawel Dembicki
cdff729b27 layerscape: enable spi-uart in LS1012A-FRDM
This patch add missing support of SC16IS740 serial controller, installed
on LS1012A-FRDM board.

It was required to change RCW bits, because SPI was disabled by default.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-11-23 22:53:15 +01:00
Pawel Dembicki
a1158b3170 kernel: iio: add fxas21002c driver support
This patch adds kernel modules for Freescale FXAS21002C 3-axis gyro driver.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-11-23 22:53:15 +01:00
Pawel Dembicki
65f8d7360c layerscape: make initramfs kernel fit packed
This will make developing process easier, because dtb will be included
into image.
Not need to enable initramfs image by default.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-11-23 22:53:15 +01:00
John Audia
991e6f8ccc linux-firmware: update to 20201118
git log --pretty=oneline --abbrev-commit 20201022..20201118
2ea8667 (tag: 20201118) rtlwifi: v88.2 firmware files for RTL8192CU
e850cf3 Merge https://github.com/rjliao-qca/qca-btfw into main
65370db rtw88: RTL8822C: Update firmware to v9.9.4
e371b7c Revert "rtw88: RTL8822C: Update firmware to v9.9.4"
51d2c81 vpdma: Move firmware to ti directory
d7a24c9 Merge branch 'master' of https://github.com/shahasit/video-linux-firmware into main
9ee1543 Merge branch 'master' of https://github.com/shahasit/bt-linux-firmware into main
3bcc4c1 amdgpu: update picasso VCN firmware
b6b4542 amdgpu: update raven2 VCN firmware
79aa335 amdgpu: update raven VCN firmware
c93834e rtw88: RTL8822C: Update firmware to v9.9.4
3ef6c93 rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099A_281A
b503c96 Merge branch 'ath10k-20201023' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/linux-firmware into main
463fdea QCA: Update Bluetooth firmware for QCA6390
8a46c32 qcom : updated venus firmware files for v5.4
d7793e5 QCA : Fixed BT SSR due to command timeout / IO fatal error
d842d8c ath11k: QCA6390 hw2.0: add to WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1
8fb1a6e ath11k: QCA6390 hw2.0: add board-2.bin
34cb5fc ath11k: IPQ8074 hw2.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2
c0a8efd ath11k: IPQ8074 hw2.0: add board-2.bin
ac7f5e9 ath11k: IPQ6018 hw1.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2
2594e51 ath11k: IPQ6018 hw1.0: add board-2.bin
d8f10d4 ath10k: QCA6174 hw3.0: add firmware-sdio-6.bin version WLAN.RMH.4.4.1-00077
6652297 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00131
36059aa ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00131
1e5629d ath10k: QCA6174 hw3.0: update board-2.bin
e315d1a ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00157-QCARMSWPZ-1

Signed-off-by: John Audia <graysky@archlinux.us>
2020-11-23 22:53:15 +01:00
Felix Fietkau
4799810745 netifd: update to the latest version
213748a9bcd9 system-linux: implement full device present state management for force-external devices
3abe1fc87151 system-linux: add retry for adding member devices to a bridge

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-23 12:52:11 +01:00
Rui Salvaterra
dd4e6a70f2 hostapd: enable the epoll-based event loop
Hostapd supports epoll() since 2014. Let's enable it for better performance.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-11-23 03:02:21 +00:00
Daniel Golle
97ac290090 uhttpd: update to git HEAD
f53a639 ubus: fix uhttpd crash

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-23 02:06:35 +00:00
Daniel Golle
2eb0d711a4 procd: update to git HEAD
d4d78db uxc: also delete procd runtime state on 'delete'
 e935c0c jail: add 'debug' extern variable to preload_seccomp

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-23 00:32:48 +00:00
Daniel Golle
e065c9184c uqmi: update to git HEAD
65796a6 nas: add --get-plmn
 0a19b5b uqmi: add timeout parameter

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 21:58:22 +00:00
Filip Moc
ce293cd3ac uqmi: set device-operating-mode to online
This is required for LTE module MR400 (in TL-MR6400 v4).
Otherwise LTE module won't register to GSM network.

Signed-off-by: Filip Moc <lede@moc6.cz>
2020-11-22 21:14:09 +00:00
Filip Moc
9ebbb55113 uqmi: add support for IPv4 autoconf from QMI
There already was an option for autoconfiguring IPv4 from QMI but this
was removed by commit 3b9b963e6e ("uqmi: always use DHCP for IPv4").

DHCP does not work on MR400 LTE module (in TL-MR6400 v4) so let's readd
support for IPv4 autoconf from QMI but this time allow to configure this
for IPv4 and IPv6 independently and keep DHCP default on IPv4.

Signed-off-by: Filip Moc <lede@moc6.cz>
2020-11-22 21:13:39 +00:00
Thomas Richard
2b3a0cabea uqmi: wait forever registration if timeout set to 0
Give possibility to wait forever the registration by setting timeout
option to 0.

No timeout can be useful if the interface starts whereas no network is
available, because at the end of timeout the interface will be stopped
and never restarted.

Signed-off-by: Thomas Richard <thomas.richard@kontron.com>
2020-11-22 21:13:18 +00:00
Daniel Golle
6e9b707ee2 Revert "refpolicy: add variant that builds modular policy"
This reverts commit 9eb9943f82.
Building the 'modular' variant requires 'semodule_package' from
'selinux-python' to be installed on the buildhost.
Apart from that, this change also broke the monolithic refpolicy
'targeted' build.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 15:20:35 +00:00
Daniel Golle
8262c99fc3 procd: update to git HEAD
04a2edd uxc: make force-delete kill container process
 be6da62 seccomp: silence 'unknown syscall' warnings
 b22e625 jail: cgroup hack: rewrite cgroup -> cgroup2
 df7fa7b uxc: fix incomplete commit

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 03:24:33 +00:00
Felix Fietkau
5242bf7cf7 netifd: update to the latest version
351d690f1a09 wireless: fix passing bridge name for vlan hotplug pass-through
c1c2728946b5 config: initialize bridge and bridge vlans before other devices
5e18d5b9ccb1 interface: do not force link-ext hotplug interfaces to present by default
4544f026bb09 bridge-vlan: add support for defining aliases for vlan ids

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-21 10:24:37 +01:00
John Crispin
8134c542e2 base-files: generated named bridge-vlan sections
Signed-off-by: John Crispin <john@phrozen.org>
2020-11-19 15:38:37 +01:00
Piotr Dymacz
1bce45fc0f uboot-envtools: ath79: add support for ALFA Network Pi-WiFi4
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-11-18 23:49:34 +01:00
Hauke Mehrtens
a8030ea40f valgrind: Update to version 3.16.1
No special changes, just get in sync with recent code.
See here for the changelog:
https://valgrind.org/docs/manual/dist.news.html

The ipkg sizes changes as follows for mips 24kc :
	3.15   : valgrind_3.15.0-2_mips_24kc.ipk 1450680
	3.16.1 : valgrind_3.16.1-1_mips_24kc.ipk 1491954

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-18 19:01:44 +01:00
Hauke Mehrtens
557fe9cd3b strace: Update to version 5.9
No special changes, just get in sync with recent code.
See here for the changelog:
https://github.com/strace/strace/releases/tag/v5.9

The ipkg sizes changes as follows for mips 24kc :
	5.8 : strace_5.8-1_mips_24kc.ipk 271195
	5.9 : strace_5.9-1_mips_24kc.ipk 278352

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-18 19:01:33 +01:00
Hauke Mehrtens
ad0711559d iperf3: Update to version 3.9
No special changes, just get in sync with recent code.
See here for the changelog:
http://software.es.net/iperf/news.html#iperf-3-9-released

The ipkg sizes changes as follows for mips 24kc :
	3.7 : iperf3_3.7-1_mips_24kc.ipk 39675
	3.9 : iperf3_3.9-1_mips_24kc.ipk 41586

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-18 18:59:36 +01:00
Hans Dedecker
7330348f2d ethtool: update to version 5.9
The ipkg sizes changes as follows for mips 24kc :
	5.8 : ethtool_5.8-1_mips_24kc.ipk 34930
	5.9 : ethtool_5.9-1_mips_24kc.ipk 35241

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-17 21:31:23 +01:00
Matthias Schiffer
3f1109bf2a
base-files: fix backwards compatiblity of rc.common EXTRA_COMMANDS
Avoid needlessly breaking old initscripts that set EXTRA_COMMANDS. This
will aid in debugging (as it simplifies reverting to an older version of
a package) and unbreaks third-party feeds (and packages that maintain
their OpenWrt initscripts as part of the software's repo instead of the
OpenWrt feed like fastd).

Without this, initscripts that set EXTRA_COMMANDS become completely
unusable, as all default commands like start/stop cease working.

Fixes: 1a69f50dc6 ("base-files: fix rc.common help alignment")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-11-17 17:57:42 +01:00
David Bauer
21dfdfd78b hostapd: set validity interval for BSS TMRA
This sets the validity interval for the BSS transition candidate
list to the same value as the disassociation timer.

Currently the value is always 0, which is the specification states is a
reserved value. Also, wpa_supplicant and from the looks of it some
Android implementations will outright ignore the candidate list in this
case.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:06:39 +01:00
Dobroslaw Kijowski
edb93eda16 hostapd: add support for static airtime policy configuration
* Add support for passing airtime_sta_weight into hostapd configuration.
* Since that commit it is possible to configure station weights. Set higher
  value for larger airtime share, lower for smaller share.

I have tested this functionality by modyfing /etc/config/wireless to:

config wifi-device 'radio0'
	...
        option airtime_mode '1'

config wifi-iface 'default_radio0'
	...
        list airtime_sta_weight '01:02:03:04:05:06 1024'

Now, when the station associates with the access point it has been assigned
a higher weight value.
root@OpenWrt:~# cat /sys/kernel/debug/ieee80211/phy0/netdev\:wlan0/stations/01\:02\:03\:04\:05\:06/airtime
RX: 12656 us
TX: 10617 us
Weight: 1024
Deficit: VO: -2075 us VI: 256 us BE: -206 us BK: 256 us

[MAC address has been changed into a dummy one.]

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
2020-11-17 17:06:16 +01:00
Dobroslaw Kijowski
03cdeb5f97 hostapd: fix per-BSS airtime configuration
airtime_mode is always parsed as an empty string since it hasn't been
added into hostapd_common_add_device_config function.

Fixes: e289f183 ("hostapd: add support for per-BSS airtime configuration")
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
2020-11-17 17:05:20 +01:00
David Bauer
0ce5f15f9c hostapd: ubus: add get_status method
This adds a new get_status method to a hostapd interface, which
provides information about the current interface status.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:05:06 +01:00
David Bauer
80b531614b hostapd: ubus: add VHT capabilities to client list
This adds parsed VHT capability information to the hostapd
get_clients method.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:04:40 +01:00
David Bauer
cd8052da49 hostapd: ubus: add driver information to client list
This adds information from mac80211 to hostapd get_client ubus function.
This way, TX as well as RX status information as well as the signal can
be determined.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:04:33 +01:00
David Bauer
7463a0b5ee hostapd: fix variable shadowing
Fixes commit 838b412cb5 ("hostapd: add interworking support")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:04:22 +01:00
Daniel Golle
01b83040d3 umdns: convert seccomp filter rules to OCI format
procd-seccomp switched to OCI-compliant seccomp parser instead of our
(legacy, OpenWrt-specific) format. Convert ruleset to new format.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-17 13:12:37 +00:00
Daniel Golle
62a3430f9b procd: drop legacy seccomp support, switch to OCI parsers
d8f36f5 seccomp: specifying architectures is optional
 d352e6e seccomp: switch to new OCI compliant parser
 c110405 trace: switch to OCI seccomp JSON output

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-17 13:12:37 +00:00
Alberto Bursi
a4d52522c7 wireguard-tools: fix category/description in menuconfig
wireguard-tools is trying to import the menuconfig section
from the wireguard package, but since it's not anymore in
the same makefile this seems to fail and wireguard-tools
ends up in "extra packages" category instead with other
odds and ends.

Same for the description, it's trying to import it from the
wireguard package but it fails so it only shows the line
written in this makefile.

remove the broken imports and add manually the entries
and description they were supposed to load

Fixes: ea980fb9c6 ("wireguard: bump to 20191226")

Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
[fix trailing whitespaces, add Fixes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-17 13:03:16 +01:00
DENG Qingfang
03d178727a kernel: remove mvsw61xx swconfig driver
All targets that used mvsw61xx have switched to upstream mv88e6xxx DSA
driver, so it can be removed.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-11-16 13:55:05 +01:00
Hans Dedecker
0f7a3288e1 odhcpd: update to latest git HEAD
fb55e80 dhcpv6-ia : write statefile atomically

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-15 18:48:33 +01:00
Hans Dedecker
aaf3443e1a dropbear: update to 2.81
Update dropbear to latest stable 2.81; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES

Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-15 18:23:47 +01:00
Rui Salvaterra
c63908afd2 wireguard-tools: drop the dependency on ip-{tiny,full}
BusyBox ip already provides the required functionality and is enabled by default
in OpenWrt. This patch drops the ip dependency and makes the BusyBox ip required
dependencies explicit, allowing for a significant image size reduction.

openwrt-ath79-generic-ubnt_nanostation-loco-m-squashfs-sysupgrade.bin size:
4588354 bytes (with ip-tiny)
4457282 bytes (with BusyBox ip)

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-11-14 17:46:35 +01:00
Felix Fietkau
5752ccb60f libjson-c: enable rpath for host builds to fix errors on recent macOS
Same approach as on libubox

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-14 14:48:30 +01:00
Hans Dedecker
ee8ef9b10b iproute2: update to 5.9
Update iproute2 to latest stable 5.9; for the changes see https://lwn.net/Articles/834755/

Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Hauke Mehrtens <hauke@huake-m.de>
2020-11-14 09:24:48 +01:00
Felix Fietkau
bc91ce3a70 kernel: remove kmod-capi
We don't package any driver that uses this module

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-13 13:16:25 +01:00
Felix Fietkau
c4600e6261 netifd: update to the latest version
4a41135750d9 system-linux: only overwrite dev->present state on check_state for simple devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-13 12:49:27 +01:00
Brett Mastbergen
e800ecfa3d libnetfilter-log: Backport kernel header syncs
Backport upstream commits that sync the local kernel header
copies in this library, with up to date copies.  These updated
headers ensure that libnetfilter-log users can use current
kernel functionality such as requesting that conntrack
information be appended to nflog events sent to userspace via
the NFULNL_CFG_F_CONNTRACK flag.  This functionality has been
available since kernel version 4.4

Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
2020-11-12 18:21:55 +01:00
Roman Kuzmitskii
02e8182d87 sunxi: add support for Libre Computer ALL-H3-CC H5
Specification:

- CPU: Allwinner H5, Quad-core Cortex-A53 Up to 1GHz
- DDR3 RAM: 2GB
- Network:
    10/100M Ethernet x 1
- IR: x1 (Receive)
- USB (Host) Type-A x3
- USB (OTG) Type-A x1
- MicroSD Slot x 1
- eMMC Slot x1
- MicroUSB power input
- GPIO 40pin header
- UART 3pin header
- Leds:
    - librecomputer:blue:status
    - librecomputer:green:pwr
- Buttons:
    - uboot button (used to enter fel mode)
    - power button (can trigger power on)
- Power Supply via MicroUSB or GPIO 5V/2A

Installation:

- Write the image to SD Card with dd
- Boot from the SD Card

Signed-off-by: Roman Kuzmitskii <damex.pp@icloud.com>
[Fixed Signed-off-by]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-11-12 18:21:17 +01:00
Tan Zien
3c5d70ad26 kernel: add module support Solarflare network adapter
According to Solarflare user guide
it is recommended to install lm-sensors and
use the following command to obtain adapter health info

$ sensors | grep sfc
sfc pci 0400
sfc pci 0401

$ sensors sfc pci 0400
sfc pci 0400
Adapter: PCI adapter
1.2V supply:                        N/A
3.3V supply:                    +3.22 V  (min =  +3.00 V, max =  +3.60 V)
12.0V supply:                  +12.14 V  (min = +11.04 V, max = +12.96 V)
0.9V supply (ext. ADC):         +1.03 V  (min =  +0.50 V, max =  +1.10 V)
                                         (crit max =  +1.15 V)
0.9V phase A supply:                N/A
PHY overcurrent:                    N/A
ERROR: Can't get value of subfeature temp1_alarm: Can't read
PHY temp.:                          N/A
AOE FPGA temp.:                 +68.0°C  (low  =  +0.0°C, high = +95.0°C)
                                         (crit = +105.0°C)
Ambient temp.:                  +56.0°C  (low  =  +0.0°C, high = +75.0°C)
                                         (crit = +85.0°C)
Controller die (TDIODE) temp.:  +77.0°C  (low  =  +0.0°C, high = +95.0°C)
                                         (crit = +105.0°C)
Board front temp.:              +59.0°C  (low  =  +0.0°C, high = +75.0°C)
                                         (crit = +85.0°C)
Board back temp.:               +62.0°C  (low  =  +0.0°C, high = +75.0°C)
                                         (crit = +85.0°C)
1.2V supply current:                N/A
0.9V phase A supply current:        N/A
3.3V supply current:                N/A
12V supply current:                 N/A

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-11-12 18:19:44 +01:00
Brett Mastbergen
df8e4906f7 netfilter: Add queue support for nftables
This change adds the configuration option to build and include
the nft_queue kernel module, which allows traffic to be queued up
to userspace from an nftables rule

Tested-by: Sébastien Delafond sdelafond@gmail.com
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
2020-11-12 18:19:44 +01:00
Huangbin Zhan
86917e4979 rpcd: remove file when applied
Make sure exit value of this script is zero. Or the file won't be deleted.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-11-12 18:19:44 +01:00
Jianhui Zhao
8d7a6d48eb ca-certificates: canonical the build dir
The previous build directory "build_dir/target-xx/work/"
contaminated the entire build directory.

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
2020-11-12 18:19:44 +01:00
Bruno Randolf
7185c5ec7d busybox: Let procd respawn cron
On some systems I see the issue that crond dies after a few days.
Simply letting procd respawn the process is a simple safety-net.

Signed-off-by: Bruno Randolf <br1@einfach.org>
2020-11-12 18:19:44 +01:00
Antonis Kanouras
cb8c94f516 uboot-envtools: support Xiaomi Mi Router 3G v2/4A Gigabit
Add support for the following devices:

- Xiaomi Mi Wi-Fi Router 3G v2
- Xiaomi Mi Router 4A Gigabit Edition

Signed-off-by: Antonis Kanouras <antonis@metadosis.eu>
[add explicit case for 4A, bump PKG_RELEASE,
improve commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-12 17:18:26 +01:00
Yangbo Lu
01aa24f985 layerscape: make restool depend on TARGET_layerscape_armv8_64b
The restool is for Layerscape DPAA2 platforms which are
ARMv8 platforms.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-11-12 17:18:26 +01:00
Jason A. Donenfeld
a0df35e89c wireguard: bump to 1.0.20201112
* noise: take lock when removing handshake entry from table

This is a defense in depth patch backported from upstream to account for any
future issues with list node lifecycles.

* netns: check that route_me_harder packets use the right sk

A test for an issue that goes back to before Linux's git history began. I've
fixed this upstream, but it doesn't look possible to put it into the compat
layer, as it's a core networking problem. But we still test for it in the
netns test and warn on broken kernels.

* qemu: drop build support for rhel 8.2

We now test 8.3+.

* compat: SYM_FUNC_{START,END} were backported to 5.4
* qemu: bump default testing version

The real motivation for this version bump: 5.4.76 made a change that broke our
compat layer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-12 13:28:38 +01:00
Felix Fietkau
128ef379ae libnl-tiny: update to the latest version
2584ebc642b2 libnl-tiny: install pkgconfig file
c291088f631d unl: add support for connecting to rtnl

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:26:03 +01:00
Felix Fietkau
0bb5d39b7a mac80211: add minstrel fixes that fix mt76 issues in legacy mode
Remove deferred sampling code which does not work well with rate tables +
probing.
Fix tx status handling if the first invalid rate idx is not set to -1

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:24:42 +01:00
Felix Fietkau
bf3158b620 mac80211: backport the new tasklet API
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:24:42 +01:00
Felix Fietkau
a0be58576c netifd: update to the latest version
3023b0cc7352 bridge: add support for defining port member vlans via hotplug ops
a3016c451248 vlan: add pass-through hotplug ops that pass the VLAN info to the bridge
d59f3ddcbaf0 vlandev: add pass-through hotplug ops that pass the VLAN info to the bridge
dd5e61153636 bridge: show vlans in device status
a56e14afa612 bridge: preserve hotplug ports on vlan update if config is unchanged
d1e8884f8911 bridge: fix use-after-free bug on bridge member free
3a2b21001c3c system-dummy: set present state only for simple devices
ed11f0c0ffe4 bridge: only overwrite implicit vlan assignment if vlans are configured

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:24:42 +01:00
Aleksandr Mezin
acb336235c dnsmasq: 'ipset' config sections
Allow configuring ipsets with dedicated config sections:

    config ipset
        list name 'ss_rules_dst_forward'
        list name 'ss_rules6_dst_forward'
        list domain 't.me'
        list domain 'telegram.org'

instead of current, rather inconvenient syntax:

    config dnsmasq
        ...
        list ipset '/t.me/telegram.org/ss_rules_dst_forward,ss_rules6_dst_forward'

Current syntax will still continue to work though.

With this change, a LuCI GUI for DNS ipsets should be easy to implement.

Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-11-11 20:47:34 +01:00
Yousong Zhou
600bcaf9c9 base-files: bump PKG_RELEASE
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
00fb51f97e base-files: upgrade: stage2: use v for log lines
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
128bb4e8d3 base-files: upgrade: fwtool.sh: rewording logs
The intent is to make it sound more like info level message, not some
error like "404 not found".  x86 target at the moment makes image with
only signature but no metadata (ref commit f8141216 "x86: append
metadata to combined images").

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Reviewed-By: Philip Prindeville <philipp@redfish-solutions.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
856b288d27 base-files: upgrade: fwtool.sh: use v for log lines
This will have at least the following effects

 - Log lines will have common prefix
 - They will be output to stderr instead of stdout

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
50b870ee3c base-files: upgrade: add get_image_dd()
This is mainly to handle stderr message "Broken pipe", "F+P records
in/out" by common pattern "xcat | dd .."

Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3140
Reported-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Reviewed-By: Philip Prindeville <philipp@redfish-solutions.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
bd21e4a936 base-files: upgrade: use stdin redirection to replace cat command
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
7863c33cea base-files: upgrade: add vn and variants
To be used with in the following pattern

  vn "Remaining: "
  for p in $xx; do
    _vn "$p"
  done
  _v

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
826bb13742 base-files: upgrade: log with date prefix
And log to stderr

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Jan Pavlinec
a86c0d97b5 dnsmasq: explictly set ednspacket_max value
This is related to DNS Flag Day 2020. It sets default
ends buffer size value to 1232.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-11-09 20:44:46 +01:00
W. Michael Petullo
9eb9943f82 refpolicy: add variant that builds modular policy
This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-11-09 13:06:19 +00:00
Paul Spooren
753309c7dd uhttpd: use P-256 for certs
The uhttpd package takes care of creating self-signed certificates if
px5g is installed. This improves the security of router management as it
encrypts the LuCI connection.

The EC P-256 curve is faster than RSA which which improves the user
experience on embedded devices. EC P-256 is support for as old devices
as Android 4.4.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-09 10:54:29 +00:00
Rui Salvaterra
682843adad hostapd: add a hostapd-basic-wolfssl variant
If only AP mode is needed, this is currently the most space-efficient way to
provide support for WPA{2,3}-PSK, 802.11w and 802.11r.

openwrt-ath79-generic-ubnt_nanostation-loco-m-squashfs-sysupgrade.bin sizes:

4719426 bytes (with wpad-basic-wolfssl)
4457282 bytes (with hostapd-basic-wolfssl)

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-11-08 20:25:59 +00:00
Daniel Golle
9867d08e07 procd: bump to git HEAD
b0de894 jail: fix capabilities

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-07 06:03:49 +00:00
Daniel Golle
c8a81ada58 procd: bump to git HEAD
2f381fe jail: guard boolean blobmsg attributes
 602b8fa jail: add option for pidfile
 bba6de7 jail: handle mount propagation flags
 6963d50 jail: relax seccomp unknown syscall handling
 e1fcfdc jail: add support for absolute root path in OCI spec
 257f29b jail: don't fail if maskedPath cannot be found
 75f2374 uxc: mimic runc cmdline by using getopt_long

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-05 02:17:25 +00:00
Daniel Golle
4a976beff4 gdb: fix building with NLS enabled
Building gdb failed with CONFIG_BUILD_NLS enabled. Use nls.mk and
add the necessary dependencies for libintl and libiconv.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-05 00:55:37 +00:00
Rafał Dzięgiel
ed2491ba67 mac80211: ath9k: enable OEM cards support on x86
A lot of devices running OpenWrt x86 arch (32 or 64 bit) are either
"home-made routers" or devices that use PC class OEM components.

This commit enables OEM cards support on those devices by default.

Signed-off-by: Rafał Dzięgiel <rafostar.github@gmail.com>
[reformat commit message]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-04 23:58:50 +01:00
John Crispin
229623e310 mediatek: update uboot to latest patchset provided by MTK
MTK sent us their latest version of the staging uboot. Lets merge the patches.

Signed-off-by: John Crispin <john@phrozen.org>
2020-11-04 20:32:52 +01:00
John Crispin
be09c5a3cd base-files: add board.d support for bridge device
Latest netifd allows us to setup network bridges with implicit vlan
tagging. For this to work, we need to setup several additional uci
sections. This feature is particularly usefull for DSA tupe devices.
Add board.d and uci-defaults support for generating the sections.

Signed-off-by: John Crispin <john@phrozen.org>
2020-11-04 07:36:49 +01:00
Daniel Golle
08d90a75f9 opkg: clean up and fix performance regression
da9746a libopkg: clean up handling of unresolved dependencies

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-03 04:43:19 +00:00
Daniel Golle
f5c5a8abd2 opkg: fix yet another dependency resolution bug
The previous fix of a fix caused yet another problem leading to
`opkg show-upgradable` ending up in an infinite loop.
Fix that.

Fixes: 4a2b1ff7fb ("opkg: fix dependency resolution")
Reported-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-02 23:31:50 +00:00
Daniel Golle
4a2b1ff7fb opkg: fix dependency resolution
The previous commit broke opkg in a way that it would no longer
include dependencies when installing a package, effectively leading
to broken images and unusable systems.
Fix that by making sure dependencies are still going to be checked.
Also reduce size of struct abstract_pkg as suggested by @jow- while at
it.

Fixes: 1445d333aa ("opkg: bump to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-02 20:51:30 +00:00
Florian Eckert
0232bf601d zram-swap: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
42675aa30c dropbear: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
ba9b8da466 ltq-vdsl-app: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
00e87255f2 ltq-adsl-app: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
1a69f50dc6 base-files: fix rc.common help alignment
This commit introduces a new function `extra_command` to better format
the help text without having to calculate the indentation in every startup
script that wants to add a new command. So far it looks weird and is not
formatted correctly on some startup scripts.

After using the new `extra_command` wrapper the alignement looks correctly.

And if the indentation is not sufficient in the future, this can be
changed in the function extra_command at a central location.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
John Audia
e48aac89a2 linux-firmware: update to 20201022
git log --pretty=oneline --abbrev-commit 20200918..20201022
dae4b4c (HEAD -> main, tag: 20201022, origin/master, origin/main, origin/HEAD) Merge branch 'v1.1.5' of https://github.com/irui-wang/linux_fw_vpu_v1.1.5 into main
04f71fe cypress: add Cypress firmware and clm_blob files
4d0755b Merge https://github.com/shahasit/bt-linux-firmware into main
2a262bb Merge https://github.com/shahasit/video-linux-firmware into main
c024640 Merge tag 'iwlwifi-fw-2020-10-14' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware into main
09e8cff rtl_bt: Update RTL8821C BT FW to 0xAA6C_A99E
d7904d5 ath10k: add SDIO firmware for QCA9377 WiFi
ecdc272 Merge branch 'dg1_dmc_v2_02' of git://anongit.freedesktop.org/drm/drm-firmware into main
c86361d ice: update package file to 1.3.16.0
76ceac8 mediatek: separate venc service thread
8877322 QCA : Updated firmware file for WCN3991
4f41e9d iwlwifi: update and add new FWs from core56-54 release
346057d iwlwifi: update 3168, 7265D, 8000C and 8265 firmwares
a140ef3 i915: Add DG1 DMC v2.02
a09b728 qcom : updated venus firmware files for v5.4
58d41d0 ice: Add comms package file for Intel E800 series driver
c1bef9e copy-firmware: Always write Link: entries
b95e230 Merge commit 'ad1da95d52f1a9206da3ef52f3484f3b89ec6615' of https://github.com/shahasit/linux-firmware-bt into main
0b884ec amdgpu: update vega20 firmware for 20.40
bca0233 amdgpu: update vega12 firmware for 20.40
8652e02 amdgpu: update vega10 firmware for 20.40
9f46d48 amdgpu: update renoir firmware for 20.40
e667605 amdgpu: update raven2 firmware for 20.40
a487f2f amdgpu: update raven firmware for 20.40
aa7b732 amdgpu: update picasso firmware for 20.40
a18981e amdgpu: update navi14 firmware for 20.40
1696e2e amdgpu: update navi12 firmware for 20.40
6b8a6ea amdgpu: update navi10 firmware for 20.40
5b30b38 linux-firmware: Add new VPDMA firmware 1b8.bin
ad1da95 QCA : Updated firmware files for WCN3991
b78a66c linux-firmware: Update firmware for Cadence MHDP8546 DP bridge
afbfb5f linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D1)
a38b8ed Mellanox: Add new mlxsw_spectrum firmware xx.2008.1312
1487a8a linux-firmware: nvidia: move firmware symlinks to WHENCE
bdd5617 linux-firmware: move i915 firmware symlinks to WHENCE
ab69b57 linux-firmware: move iwlwifi-7265D-10.ucode symlink to WHENCE
49c4ff5 Merge branch 'mrvl-prestera' of https://github.com/PLVision/linux-firmware into main
7a02212 linux-firmware: Update Marvell Switchdev firmware with ABI changes

Signed-off-by: John Audia <graysky@archlinux.us>
2020-11-01 20:54:37 +01:00
Hauke Mehrtens
ffee6bb471 gdb: Disable tests
We do not use the tests or ubsan in our gdb package.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-01 20:54:37 +01:00
Hauke Mehrtens
8698a727dd gdb: Always use system zlib
Instead of using the system zlib when the package is selected and using
the internal zlib if it is not selected in OpenWrt, just activate it
always. This should make the package more deterministic.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-01 20:54:37 +01:00
Hauke Mehrtens
f1f0ed869a gdb: Update to version 10.1
gdb 10.1 adds many new features for example gdbserver support for
  - ARC GNU/Linux
  - RISC-V GNU/Linux

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-01 20:54:37 +01:00
Hans Dedecker
cafa3dc7c7 odhcpd: fix compile problem on 64-bit systems
735c783 dhcpv6: fix size_t fields in syslog format

Fixes 5cdc65f6d1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-01 20:44:54 +01:00
Hans Dedecker
5cdc65f6d1 odhcpd: update to latest git HEAD
5700919 dhcpv6: add explicit dhcpv4o6 server address
e4f4e62 dhcpv6: add DHCPv4-over-DHCPv6 support
aff290b dhcpv6: check message type
2677fa1 router: fix advertisement interval option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-10-31 21:27:47 +01:00
Rui Salvaterra
f8c88a8775 hostapd: enable OWE for the basic-{openssl, wolfssl} variants
Opportunistic Wireless Encryption is needed to create/access encrypted networks
which don't require authentication.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-10-31 13:02:28 +00:00
Daniel Golle
237f708b3c libselinux: remove dependency on musl-fts for non-musl builds
Suggested-by: Curtis Deptuck <curtdept@users.noreply.github.com>
Tested-by: Curtis Deptuck <curtdept@users.noreply.github.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-31 00:49:43 +00:00
Adrian Schmutzler
ac5671f46c kernel: remove obsolete kernel version switches for 4.19
This removes switches dependent on kernel version 4.19 as well as
several packages/modules selected only for that version.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-30 19:44:41 +01:00
Daniel Golle
499924adf0 Revert "kmod-nft-reject: Fix for "nft_reject_ipv4.ko missing" warning"
This reverts commit 7f94e2afcf.

Package kmod-nft-core is missing dependencies for the following libraries:
nft_reject.ko

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-30 01:39:01 +00:00
Philip Prindeville
7f94e2afcf kmod-nft-reject: Fix for "nft_reject_ipv4.ko missing" warning
Seeing the following:

    ERROR: module '/home/philipp/lede/build_dir/target-x86_64_musl/linux-x86_64/linux-5.4.33/net/ipv4/netfilter/nft_reject_ipv4.ko' is missing.
    modules/netfilter.mk:1068: recipe for target '/home/philipp/lede/bin/targets/x86/64/packages/kmod-nft-core_5.4.33-1_x86_64.ipk' failed
    make[3]: *** [/home/philipp/lede/bin/targets/x86/64/packages/kmod-nft-core_5.4.33-1_x86_64.ipk] Error 1

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-10-30 00:39:09 +00:00
Daniel Golle
c3a4cddaaf hostapd: remove hostapd-hs20 variant
Hotspot 2.0 AP features have been made available in the -full variants
of hostapd and wpad. Hence we no longer need a seperate package for
that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-30 00:39:09 +00:00
Rui Salvaterra
10e73b1e9e hostapd: add {hostapd,wpad}-basic-openssl variants
Add OpenSSL-linked basic variants (which provides WPA-PSK only, 802.11r and
802.11w) of both hostapd and wpad. For people who don't need the full hostapd
but are stuck with libopenssl for other reasons, this saves space by avoiding
the need of an additional library (or a larger hostapd with built-in crypto).

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-10-30 00:39:09 +00:00
Daniel Golle
1445d333aa opkg: bump to git HEAD
8769c75 pkg_hash: don't suggest incompatible packages

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-30 00:39:09 +00:00
David Bauer
9f1927173a hostapd: wpas: add missing config symbols
This adds missing config symbols for interworking as well as Hotspot 2.0
to the wpa_supplicant-full configuration.

These symbols were added to the hostapd-full configuration prior to this
commit. Without adding them to the wpa_supplicant configuration,
building of wpad-full fails.

Thanks to Rene for reaching out on IRC.

Fixes: commit be9694aaa2 ("hostapd: add UCI support for Hotspot 2.0")
Fixes: commit 838b412cb5 ("hostapd: add interworking support")
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 03:25:25 +01:00
Daniel Golle
256fa157a9 dnsmasq: install /etc/hotplug.d/ntp/25-dnsmasqsec world-readable
/etc/hotplug.d/ntp/25-dnsmasqsec is being sourced by /sbin/hotplug-call
running as ntpd user. For that to work the file needs to be readable by
that user.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-28 02:01:04 +00:00
Sven Eckelmann
7ca9b82c38 mac80211: Fix wpa_supplicant config removal ubus call
If mac80211_setup_supplicant() is called with enabled=0 then it should just
destroy the interface and remove the configuration from wpa_supplicant. But
the ubus method call always returned

  Command failed: Method not found

because the actual name of the method is "config_remove".

Fixes: b5516603dd ("mac80211: more wifi reconf related fixes")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:11:12 +01:00
David Bauer
83d40aef13 hostapd: bump PKG_RELEASE
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:09:34 +01:00
David Bauer
838b412cb5 hostapd: add interworking support
This adds configuration options to enable interworking for hostapd.
All options require iw_enabled to be set to 1 for a given VAP.

All IEEE802.11u related settings are supported with exception of the
venue information which will be added as separate UCI sections at a
later point.

The options use the same name as the ones from the hostapd.conf file
with a "iw_" prefix added.

All UCI configuration options are passed without further modifications
to hostapd with exceptions of the following options, whose elements can
be provided using UCI lis elements:

 - iw_roaming_consortium
 - iw_anqp_elem
 - iw_nai_realm
 - iw_domain_name
 - iw_anqp_3gpp_cell_net

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:09:04 +01:00
David Bauer
cc80cf53c5 hostapd: add FTM responder support
This adds support for enabling the FTM responder flag for the APs
extended capabilities. On supported hardware, enabling the ftm_responder
config key for a given AP will enable the FTM responder bit.

FTM support itself is unconditionally implemented in the devices
firmware (ath10k 2nd generation with 3.2.1.1 firmware). There's
currently no softmac implementation.

Also allow to configure LCI and civic location information which can be
transmitted to a FTM initiator.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:56 +01:00
David Bauer
daeda8a87e mac80211: pass phy name to hostapd_set_bss_options
hostapd_set_bss_options expects the PHY as second and the VIF as third
argument. However, only the VIF was passed as second argument without a
third argument at all.

This was never a problem, as both PHY and VIF were never accessed.
However, with FTM support the PHY is needed to determine the HW support
when configuring the BSS.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:49 +01:00
David Bauer
b518f07d4b hostapd: remove ieee80211v option
Remove the ieee80211v option. It previously was required to be enabled
in order to use time_advertisement, time_zone, wnm_sleep_mode and
bss_transition, however it didn't enable any of these options by default.

Remove it, as configuring these options independently is enough.

This change does not influence the behavior of any already configured
setting.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:29 +01:00
David Bauer
e66bd0eb04 hostapd: make rrm report independent of ieee80211k setting
Allow to configure both RRM beacon as well as neighbor reports
independently and only enable them by default in case the ieee80211k
config option is set.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:22 +01:00
Petr Štetiar
43fe0bd18d uci: fix package mirror hash
I've forget to update PKG_MIRROR_HASH in my previous package version
bump.

Fixes: 095cc2b745 ("uci: update to version 2020-10-06")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-10-27 22:58:27 +01:00
Petr Štetiar
f9005d4f80 umdns: update to version 2020-10-26
59e4fc98162d cache: cache_answer: fix off by one
4cece9cc7db4 cache: cache_record_find: fix buffer overflow
be687257ee0b cmake: tests: provide umdns-san binary
bf01f2dd0089 tests: add dns_handle_packet_file tool
134afc728846 tests: add libFuzzer based fuzzing
de08a2c71ca8 cmake: create static library
cdc18fbb3ea8 interface: fix possible null pointer dereference
1fa034c65cb6 interface: fix value stored to 'fd' is never read
3a67ebe3fc66 Add initial GitLab CI support
50caea125517 cmake: fix include dirs and libs lookup

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-10-27 22:51:59 +01:00
Petr Štetiar
095cc2b745 uci: update to version 2020-10-06
52bbc99f69ea Replace malloc() + memset() with calloc()
3fbd6c923434 ucimap: Check return of malloc()
eae126f66663 file: Check buffer size after strtok()
7f574273180a file: use size_t for position and pointer
19770b6949b9 file: use dynamic memory allocation for tempfile name
aa46546794ac file: uci_file_commit: fix memory leak
671c7554bfde uci: silence UBSAN error by using offsetof macro from compiler
ea5bbd57d0e1 tests: cram: add uci import testing on fuzzer corpus
31f78bfbf75f cmake: add uci-san cli built with clang sanitizers
a3e650911f5e file: uci_parse_package: fix heap use after free
9bd361ca3236 tests: add libFuzzer based fuzzing

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-10-27 22:51:59 +01:00
Joel Johnson
d7db32440f dnsmasq: include IPv6 local nameserver entry
For IPv6 native connections when using IPv6 DNS lookups, there is no
valid default resolver if ignoring WAN DHCP provided nameservers.

This uses a runtime check to determine if IPv6 is supported on the host.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
2020-10-26 18:51:35 +01:00
Biwen Li
3a47dc1df2 layerscape: update tfa to LSDK-20.04-update-290520
Update tfa to LSDK-20.04-update-290520.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[fix PKG_RELEASE bump]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-26 00:40:12 +01:00
Biwen Li
bd15d49838 layerscape: update u-boot to LSDK-20.04-update-290520
Update u-boot to LSDK-20.04-update-290520.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[fix PKG_RELEASE bump]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-26 00:40:12 +01:00
Biwen Li
348602186a layerscape: update ls-rcw to LSDK-20.04-update-290520
Update ls-rcw to LSDK-20.04-update-290520.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[rebase, fix PKG_RELEASE change]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-26 00:40:12 +01:00
Pawel Dembicki
a254279a6c layerscape: Change to combined rootfs on sd images
At this moment layerscape images are ext4 only. It causes problem with
save changes durring sysupgrade and make "firstboot" and failsafe mode
useless.

This patch changes sd-card images to squashfs + f2fs combined images.
To make place, for saving config, kernel space ar now ext4 partition
with fit kernel.

This method of image generation is similar to rest of OpenWrt sd-card
targets.

Reviewed-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[reword README, reword DEVICE_COMPAT_MESSAGE, keep original indent]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-26 00:40:12 +01:00
Pawel Dembicki
3605eff881 layerscape: add dtb to sysupgrade
At this moment sysupgrade replaces only kernel and rootfs.

This patch add dtb part to sysupgrade images to avoid situation
when old dtb make system broken.

Is possible to sysupgrade older images for NOR devices:
1. Firmware partition in bootargs need to be updated to:
   "49m@0xf00000(firmware)". Env should be saved after changes.
2. After step one, "sysupgrade -F" will work.

Run tested: LS1046A-RDB

Reviewed-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[bump PKG_RELEASE for uboot-layerscape]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-26 00:40:12 +01:00
Daniel Golle
2a0d08d827 ubus: bump to git HEAD
ad0cd11 ubusd_acl: add support for wildcard in methods

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 18:23:45 +00:00
Daniel Golle
2e746b4d29 busybox: make username consistent
ntpd in packages feed had already a user 'ntp' with UID 123 declared.
Rename the username of busybox-ntpd to be 'ntp' instead of 'ntpd' so
it doesn't clash.

Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 17:26:30 +00:00
Daniel Golle
70c17268a8 dnsmasq: adapt to non-root ntpd
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 13:01:35 +00:00
Daniel Golle
2d34355e16 busybox: allow ntpd to run as non-root ntpd user
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 13:01:35 +00:00
Daniel Golle
ccb283c71c procd: ujail fixes
ec461ff jail: mount more stuff read-only
33b799b ujail: elf: work around GCC bug on MIPS64

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 12:41:44 +00:00
Daniel Golle
bd8c3314fb ubox: run logd non-root as user logd
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 12:36:22 +00:00
Yousong Zhou
d23443f4d9 netifd: bump to version 2020-10-22
Changelog follows

  ced0d535 build: find and use libnl header dirs
  5722218e proto: rework parse_addr to return struct device_addr
  3d7bf604 device_addr: record address index as in the blob
  24ce1eab interface: proto_ip: order by address index first

This bump mainly affects order of interface addresses in ubus output.  At the
moment dnsmasq uses first address of an interface for setting dhcp-range option
in its config

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-10-24 18:35:27 +08:00
Daniel Golle
0b31713c85 rpcd: adapt defaults for changed ubus.sock path
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-22 15:13:38 +01:00
Daniel Golle
061904d7e3 uhttpd: adapt defaults for changes ubus.sock path
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-22 15:13:38 +01:00
Daniel Golle
de7ca7dafa base-files: merge /etc/passwd et al at sysupgrade config restore
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-22 14:25:55 +01:00
Daniel Golle
a2def3663a procd: jail: clean up capability handling and non-root ubusd
Unify capability handling to only use OCI spec parsers even for ujail
slim containers which previously supposedly used their own format.

 80c9516 cgroups: restrict allowed keys in 'unified' section
 5ade567 cgroups: memory controller fixes
 3121467 early: run ubusd non-root as user ubus, group ubus
 12a5b97 jail: adapt to new ubus socket path
 788d144 instance: actually wire up capabilities filename
 ebc5a7f jail: nuke old capabilities code in favour of reusing OCI code
 6c5233a jail: capabilities: apply in two phases

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-21 15:22:30 +01:00
Daniel Golle
2dffadece9 ubus: prepare to run ubusd as non-root user
Move /var/run/ubus.sock to /var/run/ubus/ubus.sock in preparation for
having ubusd run as non-root user.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-21 15:20:10 +01:00
Daniel Golle
d355b578b7 target: include selinux-variants if CONFIG_SELINUX is set
Rather than unconditionally adding busybox and procd to the set of
default packages, add busybox-selinux and procd-selinux in case
CONFIG_SELINUX is set.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-21 11:56:26 +01:00
Markov Mikhail
610843f3bc mac80211: rt2x00: save survey for every channel visited
rt2800 olny gives you survey for current channel.

Survey-based ACS algorithms are failing to perform their job when working
with rt2800.

Make rt2800 save survey for every channel visited and be able to give away
that information.

There is a bug registred https://dev.archive.openwrt.org/ticket/19081 and
this patch solves the issue.

Signed-off-by: Markov Mikhail <markov.mikhail@itmh.ru>
2020-10-21 11:56:26 +01:00
Hauke Mehrtens
7f5f738466 sunxi: Adapt U-Boot config to board rename
The board was renamed without changing the BUILD_DEVICES in the U-Boot
Makefile, this broken the build.

Fixes: 0830ae3a2f ("sunxi: Correct manufacturer name to Sinovoip")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-10-18 15:46:42 +02:00
Jayantajit Gogoi
e6d9f6fdff sunxi: add support for FriendlyARM NanoPi R1
Specification:

- CPU: Allwinner H3, Quad-core Cortex-A7 Up to 1.2GHz
- DDR3 RAM: 512MB/1GB
- Network:
    10/100/1000M Ethernet x 1,
    10/100M Ethernet x 1
- WiFi: 802.11b/g/n, with SMA antenna interface
- USB Host: Type-A x2
- MicroSD Slot x 1
- MicroUSB: for OTG and power input
- Debug Serial Port: 3Pin 2.54mm pitch pin-header
- LED:
    nanopi:red:status
    nanopi:green:wan
    nanopi:green:lan
- KEY:
    reset
- Power Supply: DC 5V/2A

Installation:

- Write the image to SD Card with dd
- Boot NanoPi from the SD Card

Signed-off-by: Jayantajit Gogoi <jayanta.gogoi525@gmail.com>
2020-10-18 15:46:42 +02:00
Felix Fietkau
4a0688ed71 base-files: remove block2mtd checks from sysupgrade
This hasn't been used in a long time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-10-17 16:43:17 +02:00
Felix Fietkau
08a42ef057 mac80211: fix memory leak on filtered powersave frames
After the status rework, ieee80211_tx_status_ext is leaking un-acknowledged
packets for stations in powersave mode.
To fix this, move the code handling those packets from __ieee80211_tx_status
into ieee80211_tx_status_ext

Reported-by: Tobias Waldvogel <tobias.waldvogel@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-10-17 16:43:17 +02:00
Daniel Golle
00c28c51fb
selinux-policy: update to git tag v0.3
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-16 13:49:38 +01:00
Daniel Golle
21a7c4d97a fstools: update to git HEAD
8e0f29a mount: remove support for legacy overlayfs before v2.3
 0f8a443 mount: fix log format string and indentation
 46a56d3 overlay: use precompiler macros for reoccuring path names
 f25ab8a mount: apply SELinux labels before overlayfs mount

Total ipk size change (ipq40xx): +120b

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-16 01:53:00 +01:00
Daniel Golle
1923669413 policycoreutils: 'restorecon' is a 'setfiles' applet
Instead of duplicating the '/sbin/setfiles' binary, have
'/sbin/restorecon' as yet another alias for
'/sbin/policycoreutils-setfiles'.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-16 00:38:06 +01:00
Daniel Golle
63e2e086be hostapd: ubus: add handler for wps_status and guard WPS calls
Expose WPS ubus API only if compiled with WPS support and add new
handler for wps_status call.
Also add '-v wps' option to check whether WPS support is present in
hostapd.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-16 00:38:06 +01:00
Felix Fietkau
953435795d build: always build package/kernel/linux
build: always build package/kernel/linux

If no in-tree module packages are selected, the build system does not process
package/kernel/linux. This package is required for building the virtual
'kernel' package, which is specified as a dependency for all kernel packages.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-10-15 13:25:58 +02:00
Arturas Moskvinas
679db02b10 sunxi: add support for FriendlyArm Zeropi
Specification

    CPU: Allwinner H3, Quad-core Cortex-A7 Up to 1.2GHz
    DDR3 RAM: 256MB/512MB
    Connectivity: 10/100/1000Mbps Ethernet
    USB Host: Type-A x 1
    MicroSD Slot x 1
    MicroUSB: for power input only
    Debug Serial Port: 4Pin, 2.54 mm pitch pin header
    Power Supply: DC 5V/2A
    PCB Dimension: 40 x 40 x 1.2mm

Installation:

    Burn the image file to an SD Card with dd or any image burning tool
    Boot ZeroPi from the SD Card

The following features are working and tested:

    Ethernet port 10/100/1000M Ethernet

Remarks: SBC is mostly compatible and boots with FriendlyARM NanoPI M1 plus DTS also (zeropi has no working hdmi)

Signed-off-by: Arturas Moskvinas <arturas.moskvinas@gmail.com>
2020-10-11 18:29:26 +02:00
Andre Heider
111895aa19 kernel: add a kmod package for the SoC S/PDIF codec
Size of the modules for a Cortex A7 build:
43920 linux-5.4.66/sound/soc/codecs/snd-soc-spdif-rx.ko
44044 linux-5.4.66/sound/soc/codecs/snd-soc-spdif-tx.ko

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 17:45:02 +02:00
Andre Heider
447fe1454e kernel: fix name of CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM
CONFIG_SND_SOC_DMAENGINE_PCM was removed and replaced with
CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM seven years ago, see:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=28c4468b00a1e55e08cc20117de968f7c6275441
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b7ae6f31d8243ec684af16bc5c763eccdfabaec0

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 17:45:02 +02:00
Andre Heider
60c9a27cbc uboot-envtools: mvebu: fix config for mainline u-boot
Mainline u-boot dynamically passes the mtd partitions via devicetree:
$ cat /proc/mtd
dev:    size   erasesize  name
mtd0: 003f0000 00001000 "firmware"
mtd1: 00010000 00001000 "u-boot-env"

Add support for this setup.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 16:53:20 +02:00
Hauke Mehrtens
7c0496f29b kernel: Move CONFIG_*_FS_XATTR to generic kernel config
This option is now activated in the generic kernel configuration, no
need to do it for a specific package.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-10-11 16:38:16 +02:00
Hauke Mehrtens
722906d144 kernel: move CONFIG_F2FS_CHECK_FS to generic kernel config
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-10-11 16:38:16 +02:00
Hauke Mehrtens
6542615e41 kernel: Move CONFIG_F2FS_FS_SECURITY to generic kernel config
Move the CONFIG_F2FS_FS_SECURITY kernel configuration option to the
generic kernel configuration.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-10-11 16:38:16 +02:00
Hauke Mehrtens
18deed29be kernel: Remove 2FS_FS_XATTR and F2FS_STAT_FS symbols from target configs
This config option was moved to the generic kernel configuration.

Fixes: ab1bd57656 ("kernel: move F2FS_FS_XATTR and F2FS_STAT_FS symbols to generic")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-10-11 16:38:16 +02:00
Andre Heider
b79d2356db arm-trusted-firmware-mvebu: fix topology for ESPRESSObin V3-V5 (1GB 1CS)
Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 16:38:16 +02:00
Andre Heider
8870ad58b6 uboot-mvebu: don't install 64bit binaries
u-boot binaries are not useful for these boards, they need to be combined
with atf for a proper firmware.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 16:38:16 +02:00
Andre Heider
1d234cfdfd uboot-mvebu: don't default to enable a3700 builds
u-boot binaries for this SoC are only required for the atf package,
disable them per default so they don't get build unnecessarily.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 16:38:16 +02:00
Andre Heider
f06a60b734 uboot-mvebu: don't add CONFIG_NET_RANDOM_ETHADDR to defconfig
All targets already enable it in their defconfig with the used
u-boot version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 16:38:16 +02:00
Andre Heider
ed20d4cc41 uboot-mvebu: update to v2020.10
Remove merged patches and update the emmc set.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-11 16:38:16 +02:00
Josef Schlehofer
9f9243887e trace-cmd: disable AUDIT (libaudit library)
If you compile first libaudit library and then trace-cmd package,
compilations fails with:

Package trace-cmd is missing dependencies for the following libraries:
libaudit.so.1

If you enable libaudit for trace-cmd, it will show system name calls while using command profile.
Try to be slim as much as possible - libaudit .ipk has 42,4 kB.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-10-11 16:16:24 +02:00
Rosen Penev
49bb986b62 perf: disable libzstd support
libzstd from the packages feed gets picked up. Remove it.

Fixes:

Package perf is missing dependencies for the following libraries:
libzstd.so.1

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-10-11 16:16:24 +02:00
Marek Behún
3d0fa1a012 perf: pass CFLAGS correctly
For this package CFLAGS have to be passed via EXTRA_CFLAGS.
On arm this bug causes build to fail because no -fPIC is present in CFLAGS.

Signed-off-by: Marek Behún <kabel@blackhole.sk>
2020-10-11 16:16:24 +02:00
Marek Behún
d4161798dd perf: fix building with musl when NLS is enabled
This package fails with a strange error when building with musl when NLS
is enabled. The configuration thinks that libelf is not present, even
though DEPENDS contains +libelf, because when NLS is enabled, libelf.so
depends on libintl, and the correct LDFLAGS are missing for
libintl-full. This then causes the configuration script to check for
glibc, but this fails because we are using musl.

Signed-off-by: Marek Behún <kabel@blackhole.sk>
2020-10-11 16:16:24 +02:00
Hans Dedecker
156b72b9aa netifd: update to latest git HEAD
64ff909 system-linux: initialize ifreq struct before using it

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-10-10 21:15:38 +02:00
Daniel Golle
486faa0036 seclic: depends on libsepol
Add missing dependency for target build of seclic which requires
libsepol (just like the host build requires libsepol/host).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-09 19:00:35 +01:00
Dominick Grift
bf12f05bbf selinux-policy: adds new package
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2020-10-09 02:10:05 +01:00
Dominick Grift
9ee7c1ec60 secilc: adds new package
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2020-10-09 02:10:05 +01:00
Daniel Golle
e0d482fdcf rt2x00: mt7620: differentiate based on SoC's CHIP_VER
The vendor driver does things differently based on what it finds in the
SoC's CHIP_VER register, which should tell whether this is MT7620N or
MT7620A (PKG) and probably also the revision (VER) and most likely
also something about the silicon implementer (ECO).
Introduce codepaths just like the ones in the vendor driver to handle
the different chips properly.

Some of those paths are most likely dead code and left-overs from FPGA
versions or early prototypes of the chip. It'd thus be great if people
can post their kernel logs, at least the line telling the chip version
and eco, so we know what's actually out there in the wild -- all I
could find is
[ 0.000000] SoC Type: Ralink MT7620A ver:2 eco:6
and
[ 0.000000] SoC Type: Ralink MT7620N ver:2 eco:6
which would make things easier, as then we really just need to know
whether it's MT7620N or MT7620A and not care about FPGA or prototypes
with ver <= 1 and eco <= 2.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-09 01:50:30 +01:00
Sungbo Eo
8f29e36963 ipq40xx: improve support for Edgecore ECW5211
This adds several stylistic and functional improvements of the recently
added Edgecore ECW5211, especially:

* Drop the local BDFs as those are already in the upstream under different names
* Add SPDX tag to DTS
* Add label MAC address
* Move LED trigger to DTS
* Remove unnecessary status="okay"
* Disable unused SS USB phy as the USB port only supports USB 2.0
* Make uboot-env partition writable
* Remove qcom,poll_required_dynamic property as the driver does not use it
* Tidy up the device recipe

Fixes: 4488b260a0 ("ipq40xx: add Edgecore ECW5211 support")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Acked-by: Robert Marko <robert.marko@sartura.hr>
2020-10-07 18:07:54 +02:00
Hans Dedecker
e5f7a9889c ppp: update to version 2.4.8.git-2020-10-03
2937722 Enable IPv6 by default (#171)
6d39c65 pppd: Fix blank password usage

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-10-05 21:29:01 +02:00
Jo-Philipp Wich
2a90d308c7 uhttpd: update to latest Git HEAD
14a3cb4 ubus: fix legacy empty reply format
0f38b03 client: fix spurious keepalive connection timeouts
88ba2fa client: really close connection on timeout
c186212 ubus: support GET method with CORS requests

Fixes: FS#3369
Fixes: https://github.com/openwrt/luci/issues/4467
Fixes: https://github.com/openwrt/luci/issues/4470
Fixes: https://github.com/openwrt/luci/issues/4479
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-10-04 23:09:59 +02:00
Andre Heider
4950071d30
omap: update uboot to v2020.04
Fixes the build error:
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status

Successfully tested on boneblack.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2020-10-04 03:45:21 +02:00
Marty Jones
6cc99c656d uboot-rockchip: add Rock Pi 4 support
Add support for the  Raxda Rock Pi 4.

Signed-off-by: Marty Jones <mj8263788@gmail.com>
2020-10-03 22:51:50 +02:00
David Bauer
0abf2c081c linux-firmware: update to 20200918
00a84c5 linux-firmware: Update AMD SEV firmware
71338c2 Merge branch 'for-master' of https://github.com/CosmicPenguin/linux-firmware into main
07367b9 linux-firmware: Update firmware file for Intel Bluetooth AX200
1d1586a linux-firmware: Update firmware file for Intel Bluetooth AX201
28b333d linux-firmware: Update firmware file for Intel Bluetooth 9560
db30380 linux-firmware: Update firmware file for Intel Bluetooth 9260
eb3aa1f Mellanox: Add new mlxsw_spectrum firmware xx.2008.1310
ec88f05 mediatek: update MT7915 firmware to 20200819
a9993f8 brcm: Fix a stale symlink for RPi3 model b+
f48fec4 qcom: Add updated a5xx and a6xx microcode
d5f9eea wl18xx: update firmware file 8.9.0.0.83
7a237c6 linux-firmware: mt7615: update firmware to 20200814 version
74bd44f amdgpu: add navi12 firmware from 20.30
b9f69cd amdgpu: update navi10 firmware for 20.30

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-03 22:51:16 +02:00
David Bauer
ea9046d1ae Revert "uboot-rockchip: update NanoPi R2S patches"
This reverts commit bda6f6572b.

This commit breaks the onboard ethernet on some units. Revert it for
now.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-03 19:00:49 +02:00
Pawel Dembicki
2d72671b6e layerscape: add layerscape's SATA driver package
This patch intruduce SATA support for layerscape devices.
Target specific package with ahci_qoriq driver was added
to local modules.mk.
Kmod package was added to default packages for devices with
SATA interface.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Reviewed-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-10-02 17:08:28 +02:00
Pawel Dembicki
7c8f677207 uboot-layerscape: fix LS1012A-FRDM fdt_high value
LS1012A-FRDM have configured wrong fdt_high value.
That causes impossibility of booting.

This patch fix it.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Reviewed-by: Yangbo Lu <yangbo.lu@nxp.com>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-02 17:03:53 +02:00
Adrian Schmutzler
9b4eab023c base-files: allow exceptions when removing devicename from LEDs
Without the model-based devicename for LEDs, there are still cases
where a third component is required, typically when it refers to
internal "devices" like phys etc. An example are the following two
found on ramips:

  - rt2800soc-phy0::radio
  - rt2800pci-phy0::radio

So far, the rt2800*-phy: prefixes would be removed by the devicename
removal ("migration") script, and the configuration for these LEDs
would be broken.

To address this, this patch allows to add arguments to a call of
remove_devicename_leds, which will be compared against the first
part of the LED names/labels, and then be ignored by the routine,
and thus not removed:

  remove_devicename_leds "rt2800soc-phy0" "rt2800pci-phy0"

This mechanism is supposed to be used when a "devicename" applies
to several devices. If only a single device is affected, it might
be more effective to use a case statement and exclude the device
from migration by that entirely.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-02 14:51:57 +02:00
Adrian Schmutzler
365a639f91 base-files: add function to remove devicename from LED labels
Currently, we request LED labels in OpenWrt to follow the scheme

  modelname:color:function

However, specifying the modelname at the beginning is actually
entirely useless for the devices we support in OpenWrt. In patches
subsequent to this one, we will thus remove the modelname from
the label definitions on various targets.

To migrate the existing definitions from older installations,
a migration script needs to be deployed that does

  modelname:color:function -> color:function

e.g.

  dir-789:green:status -> green:status

This patch introduces two functions that do exactly that:
For each entry in /etc/config/system, the routine will check whether
two (or more) colons are present, and then remove everything up to
(and including) the first colon.

For now, this will be applied unconditionally, i.e. if the function
is called for a device, all labels will be cut like this.

However, for a future case of mixed three-part and two-part labels,
it should not be too hard to provide a function argument with
exceptions to the removal.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-02 13:50:50 +02:00
Paul Spooren
624298dc27 policycoreutils: add missing gettext dependency
Add missing build dependency to both host and target build. The `msgfmt`
is required which is missing without gettext-full.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-10-01 04:14:50 +01:00
Paul Spooren
359a4b46bb refpolicy: fix path to setfiles and checkpolicy
Directly set path via MAKE vars instead of defning TESTTOOLS. This way
setfiles, which is required by the ImageBuilder, ends up in /host/bin
while checkpolicy can stay in hostpkg/bin.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-30 03:26:12 +01:00
David Bauer
bda6f6572b uboot-rockchip: update NanoPi R2S patches
Update the patches required for the NanoPi R2S to match the DTS accepted
for upstream Linux. The U-Boot patch meanwhile is still pending
upstream.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-30 00:06:45 +02:00
Felix Fietkau
cba4120768 mac80211: add support for specifying a per-device scan list
This is useful to bring up multiple client mode interfaces on a single
channel much faster without having to scan through a lot of channels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-29 17:32:26 +02:00
Felix Fietkau
1ed6eb176c mac80211: backport sched_set_fifo_low
This is needed for newer mt76 updates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-29 17:32:26 +02:00
Felix Fietkau
5b296141c2 mac80211: another fix for the sta connection monitor
Make the code more closely match the original behavior

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-29 17:32:26 +02:00
Daniel Golle
3fab4ace57 refpolicy: mark as architecture independent
Use PKGARCH:=all to declare this package to be free of any
architecture dependent code.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-29 04:04:00 +01:00
Paul Spooren
96d1dc5ebf policycoreutils: install to host/bin not hostpkg
By installing policycoreutils to host/bin it is also available within
the ImageBuilder and SDK, allowing to correctly label both filesystems
and packages.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-29 00:06:32 +01:00
David Bauer
f29c7a1f30 ath10k-firmware: package Wave1 from linux-firmware
The firmware for Wave1 chips was updated to the latest release
10.2.4-1.0-00047 at the end of 2019 (commit 513d70cc50b).
Package firmware for these chips from linux-firmware.

This avoids downloading the ath10k-firmware repository.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-28 16:23:33 +02:00
Eneas U de Queiroz
475838de1a openssl: bump to 1.1.1h
This is a bug-fix release.  Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-09-28 08:49:39 +02:00
Piotr Dymacz
b4e9e81002 uboot-envtools: ath79: add support for ALFA Network N5Q
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
6ae0684297 uboot-envtools: ath79: add support for ALFA Network N2Q
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
9181b039f3 uboot-envtools: ath79: add support for ALFA Network R36A
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
c40b693bd8 uboot-envtools: ath79: add support for Samsung WAM250
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
9b699301f5 uboot-envtools: ath79: add support for Wallys DR531
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Piotr Dymacz
77598f19cc uboot-envtools: ath79: add support for ALFA Network AP121FE
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-09-28 01:28:37 +02:00
Daniel Golle
d96d324280 libsepol: break out chkcon utility
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-27 17:22:01 +01:00
Daniel Golle
e8b34880f9 policycoreutils: fix host utils rpath and bin directory
'setfiles' and others should be installed to $(STAGING_DIR_HOSTPKG)/bin
rather than $(...)/sbin which isn't in PATH.
Also using -Wl,-rpath to set library search location instead of setting
LD_LIBRARY_PATH when calling setfiles in image.mk.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-27 17:22:01 +01:00
Christian Lamparter
f6fbc39706 build: define PWM_SUPPORT arch feature flag
As the PWM has its own sub-system in the Linux kernel,
I think it should be handled in the same way as GPIO, RTC, PCI...

This patch introduces a specific feature flag "pwm" and the
"leds-pwm" kernel module as the first customer.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-25 19:32:33 +02:00
Hans Geiblinger
a9071d02b5 ipq40xx: Add support for Linksys MR8300 (Dallas)
The Linksys MR8300 is based on QCA4019 and QCA9888
and provides three, independent radios.
NAND provides two, alternate kernel/firmware images
with fail-over provided by the OEM U-Boot.

Hardware Highlights:

SoC: IPQ4019 at 717 MHz (4 CPUs)
RAM: 512MB RAM

SoC:	Qualcomm IPQ4019 at 717 MHz (4 CPUs)
RAM:	512M DDR3
FLASH:	256 MB NAND (Winbond W29N02GV, 8-bit parallel)
ETH:	Qualcomm QCA8075 (4x GigE LAN, 1x GigE Internet Ethernet Jacks)
BTN:	Reset and WPS
USB:	USB3.0, single port on rear with LED
SERIAL:	Serial pads internal (unpopulated)
LED:	Four status lights on top + USB LED
WIFI1:	2x2:2 QCA4019 2.4 GHz radio on ch. 1-14
WIFI2:  2x2:2 QCA4019 5 GHz radio on ch. 36-64
WIFI3:  2x2:2 QCA9888 5 GHz radio on ch. 100-165

Support is based on the already supported EA8300.
Key differences:
	EA8300 has 256MB RAM where MR8300 has 512MB RAM.
	MR8300 has a revised top panel LED setup.

Installation:
"Factory" images may be installed directly through the OEM GUI using
URL: https://ip-of-router/fwupdate.html (Typically 192.168.1.1)

Signed-off-by: Hans Geiblinger <cybrnook2002@yahoo.com>
[copied Hardware-highlights from EA8300. Fixed alphabetical order.
fixed commit subject, removed bogus unit-address of keys,
fixed author (used Signed-off-By to From:) ]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-25 19:31:51 +02:00
Tomasz Maciej Nowak
e24635710c ipq40xx: add support for Luma Home WRTQ-329ACN
Luma Home WRTQ-329ACN, also known as Luma WiFi System, is a dual-band
wireless access point.

Specification
SoC: Qualcomm Atheros IPQ4018
RAM: 256 MB DDR3
Flash: 2 MB SPI NOR
       128 MB SPI NAND
WIFI: 2.4 GHz 2T2R integrated
      5 GHz 2T2R integrated
Ethernet: 2x 10/100/1000 Mbps QCA8075
USB: 1x 2.0
Bluetooth: 1x 4.0 CSR8510 A10, connected to USB bus
LEDS: 16x multicolor LEDs ring, controlled by MSP430G2403 MCU
Buttons: 1x GPIO controlled
EEPROM: 16 Kbit, compatible with AT24C16
UART: row of 4 holes marked on PCB as J19, starting count from the side
      of J19 marking on PCB
      1. GND, 2. RX, 3. TX, 4. 3.3V
      baud: 115200, parity: none, flow control: none

The device supports OTA or USB flash drive updates, unfotunately they
are signed. Until the signing key is known, the UART access is mandatory
for installation. The difficult part is disassembling the casing, there
are a lot of latches holding it together.

Teardown
Prepare three thin, but sturdy, prying tools. Place the device with back
of it facing upwards. Start with the wall having a small notch. Insert
first tool, until You'll feel resistance and keep it there. Repeat the
procedure for neighbouring walls. With applying a pressure, one edge of
the back cover should pop up. Now carefully slide one of the tools to
free the rest of the latches.
There's no need to solder pins to the UART holes, You can use hook clips,
but wiring them outside the casing, will ease debuging and recovery if
problems occur.

Installation
1. Prepare TFTP server with OpenWrt initramfs image.
2. Connect to UART port (don't connect the voltage pin).
3. Connect to LAN port.
4. Power on the device, carefully observe the console output and when
   asked quickly enter the failsafe mode.
5. Invoke 'mount_root'.
6. After the overlayfs is mounted run:
     fw_setenv bootdelay 3
   This will allow to access U-Boot shell.
7. Reboot the device and when prompted to stop autoboot, hit any key.
8. Adjust "ipaddr" and "serverip" addresses in U-Boot environment, use
   'setenv' to do that, then run following commands:
     tftpboot 0x84000000 <openwrt_initramfs_image_name>
     bootm 0x84000000
   and wait till OpenWrt boots.
9. In OpenWrt command line run following commands:
     fw_setenv openwrt "setenv mtdids nand1=spi_nand; setenv mtdparts mtdparts=spi_nand:-(ubi); ubi part ubi; ubi read 0x84000000 kernel; bootm 0x84000000"
     fw_setenv bootcmd "run openwrt"
10. Transfer OpenWrt sysupgrade image to /tmp directory and flash it
    with:
     ubirmvol /dev/ubi0 -N ubi_rootfs
     sysupgrade -v -n /tmp/<openwrt_sysupgrade_image_name>
11. After flashing, the access point will reboot to OpenWrt, then it's
    ready for configuration.

Reverting to OEM firmware
1. Execute installation guide steps: 1, 2, 3, 7, 8.
2. In OpenWrt command line run following commands:
     ubirmvol /dev/ubi0 -N rootfs_data
     ubirmvol /dev/ubi0 -N rootfs
     ubirmvol /dev/ubi0 -N kernel
     ubirename /dev/ubi0 kernel1 kernel ubi_rootfs1 ubi_rootfs
     ubimkvol /dev/ubi0 -S 34 -N kernel1
     ubimkvol /dev/ubi0 -S 320 -N ubi_rootfs1
     ubimkvol /dev/ubi0 -S 264 -N rootfs_data
     fw_setenv bootcmd bootipq
3. Reboot.

Known issues
The LEDs ring doesn't have any dedicated driver or application to control
it, the only available option atm is to manipulate it with 'i2cset'
command. The default action after applying power to device is spinning
blue light. This light will stay active at all time. To disable it
install 'i2c-tools' with opkg and run:
 i2cset -y 2 0x48 3 1 0 0 i
The light will stay off until next cold boot.

Additional information
After completing 5. step from installation guide, one can disable asking
for root password on OEM firmware by running:
 sed -e 's/root/root::/' -i /etc/passwd
This is useful for investigating the OEM firmware. One can look
at the communication between the stock firmware and the vendor's
cloud servers or as a way of making a backup of both flash chips.
The root password seems to be constant across all sold devices.
This is output of 'led_ctl' from OEM firmware to illustrate
possibilities of LEDs ring:

Usage: led_ctl [status | upgrade | force_upgrade | version]
       led_ctl solid    COLOR <brightness>
       led_ctl single   COLOR INDEX <brightness 0 - 15>
       led_ctl spinning COLOR <period 1 - 16 (lower = faster)>
       led_ctl fill     COLOR <period 1 - 16 (lower = faster)>
                                             ( default is 5 )
       led_ctl flashing COLOR <on dur 1 - 128>  <off dur 1 - 128>
                              (default is  34)  ( default is 34 )
       led_ctl pulsing  COLOR
COLOR: red, green, blue, yellow, purple, cyan, white

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[squash "ipq-wifi: add BDFs for Luma Home WRTQ-329ACN" into commit,
changed ubi volumes for easier integration, slightly reworded
commit message, changed ubi volume layout to use standard names all
around]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-25 19:30:19 +02:00