Commit Graph

2698 Commits

Author SHA1 Message Date
Koen Vandeputte
364ab348dc kernel: bump 4.14 to 4.14.105
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-07 16:32:23 +01:00
Koen Vandeputte
3ca38dcfa2 kernel: bump 4.9 to 4.9.162
Refreshed all patches.

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-07 16:32:23 +01:00
Daniel Golle
13c379e5c6 ib: display whether profile comes with image metadata
Having image metadata (and signature) appended is a condition for
semi-automated sysupgrade, hence IB needs to be able to tell which
images will end up with metadata.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-06 14:50:42 +01:00
Paul Spooren
7fa9794c4c metadata: add "metadata_version" field
allow downstream projects to see the current version of the metadata,
usefull if eventually more variables change

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-03-06 01:11:54 +01:00
Paul Spooren
208f287908 metadata: add "target" entry
add "target" entry based on $(TARGETID) resulting in
`<target>/<subtarget>`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-03-06 01:11:54 +01:00
Paul Spooren
26c16aec67 metadata: fixup "board"
currently the "board" parameter contains $(BOARD) which actually results
to `<target>` (like ramips, ar71xx) without subtarget. However, one
actually excepts (not?) to contain BOARD_NAME or DEVICE_NAME.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-03-06 01:11:54 +01:00
Koen Vandeputte
1cfbf95393 kernel: bump 4.14 to 4.14.104
Refreshed all patches.

Altered patches:
- 332-arc-add-OWRTDTB-section.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-05 13:19:43 +01:00
Koen Vandeputte
fc45ae4461 kernel: bump 4.9 to 4.9.161
Refreshed all patches.

Altered patches:
- 332-arc-add-OWRTDTB-section.patch

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-05 13:19:43 +01:00
Alexander Couzens
ba3690c90c
include/kernel: sort autoload modules list to fix reproducible builds
When autoloading more than one modules per packages,
/etc/modules.d/$module depends on the file system ordering.
To test this: use disorderfs on the build_dir and build kmod-sched.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-02-28 17:57:30 +01:00
Alexander Couzens
889b6423b7
tools: migrate from squashfs4 to squashfskit4
squashfskit is a fork of the squashfs-tools.
squashfskit creates reproducible filesystems and includes
many of the distro patches.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Tested-by: Paul Spooren <mail@aparcar.org>
2019-02-28 01:38:46 +01:00
Piotr Dymacz
fe90e48c39 build: qsdk-ipq-*: include dtc in PATH before calling mkimage
Use 'dtc' from kernel sources instead of relying on host tool.

Fixes: bf4630e5ad ("build: add helpers for generating QSDK sysupgrade compatible images")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-02-26 13:38:47 +01:00
Piotr Dymacz
bf4630e5ad build: add helpers for generating QSDK sysupgrade compatible images
Qualcomm SDK (QSDK) sysupgrade compatible images for IPQ40xx, IPQ806x
and IPQ807x use FIT format together with 'dumpimage' tool from U-Boot
for verifying and extracting them. Based on 'images' sections names,
corresponding mtd partitions are flashed. For example, in case of
NOR-only boards, below mapping is used (section name -> mtd name):

  hlos*   -> 0:HLOS
  rootfs* -> rootfs

And for boards with NAND (kernel inside UBI):

  ubi* -> rootfs

Above mappings come from unmodified QSDK sources and might be wrong for
boards running custom or modified QSDK-based firmware. Some of vendors
adjust them to meet their modified mtd layout or features like recovery
or dual-image support.

This adds simple script 'mkits-qsdk-ipq-image.sh' (based on 'mkits.sh')
for generating FIT images tree source files, compatible with the QSDK
sysupgrade format. Resulting images can be used for initial (factory ->
OpenWrt) installation and would work both in CLI and GUI.

The script is universal in a way it allows to include as many sections
as needed. To make use of it, two generic/basic build recipes for NOR
and NAND based boards are also included in 'image-commands.mk':

  Build/qsdk-ipq-factory-nand
  Build/qsdk-ipq-factory-nor

Example usage for board with UBI in NAND:

  IMAGE/nand-factory.bin := append-ubi | qsdk-ipq-factory-nand

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-02-25 17:36:16 +01:00
Koen Vandeputte
f20fea9dcd kernel: bump 4.19 to 4.19.25
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-25 17:33:16 +01:00
Koen Vandeputte
ceed0665cc kernel: bump 4.14 to 4.14.103
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-25 17:33:16 +01:00
Koen Vandeputte
151d806c78 kernel: bump 4.9 to 4.9.160
Refreshed all patches.

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-25 17:33:16 +01:00
Koen Vandeputte
d037c873bf kernel: bump 3.18 to 3.18.136
Refreshed all patches.

Fixes:
- CVE-2019-6974

Compile-tested: adm5120
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-25 17:33:16 +01:00
Koen Vandeputte
d9ab3240a5 kernel: bump 4.19 to 4.19.24
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-22 10:53:42 +01:00
Koen Vandeputte
3a2668c6d5 kernel: bump 4.14 to 4.14.102
Refreshed all patches.

Remove upstreamed:
- 272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch

Remove upstreamed hunks:
- 080-pinctrl-msm-fix-gpio-hog-related-boot-issues.patch

Fixes:
- CVE-2018-1000026

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-22 10:53:42 +01:00
Koen Vandeputte
8f980a8cfe kernel: bump 4.9 to 4.9.159
Refreshed all patches.

Remove upstreamed:
- 023-1-smsc95xx-Use-skb_cow_head-to-deal-with-cloned-skbs.patch
- 023-6-ch9200-use-skb_cow_head-to-deal-with-cloned-skbs.patch
- 023-7-kaweth-use-skb_cow_head-to-deal-with-cloned-skbs.patch
- 050-usb-dwc2-Remove-unnecessary-kfree.patch
- 092-netfilter-nf_tables-fix-mismatch-in-big-endian-syste.patch
- 272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch

Fixes:
- CVE-2018-1000026

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-22 10:53:42 +01:00
Koen Vandeputte
26f8644510 kernel: bump 3.18 to 3.18.135
Refreshed all patches.

Fixes:
- CVE-2019-3819
- CVE-2019-7221
- CVE-2019-7222

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-22 10:53:42 +01:00
Hauke Mehrtens
d0b45962ef build: Fix print without color
The original patch removed the printing completely, just remove the
color.

Fixes: eabc1ddc45  ("build: Honour NO_COLOR in include/scan.mk")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-17 19:30:34 +01:00
Sven Eckelmann
9a5a10eb69 build: Accept BIN_DIR parameter for legacy-images
BIN_DIR can be set to overwrite the output path for new images. This is an
advertised feature for the imagebuilder and is used by systems like
LibreMesh's chef.

The legacy images are build using a new sub-make which doesn't receive the
variable overwrites of the parent make process. As result, the BIN_DIR is
automatically defined to the default value from rules.mk. The images will
therefore not be placed in the output path which was selected by the user.

Providing BIN_DIR as an explicit variable override to the sub-make works
around this problem.

Fixes: 26c771452c ("image.mk: add LegacyDevice wrapper to allow legacy image building code to be used for device profiles")
Reported-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-02-17 19:22:39 +01:00
R. Diez
eabc1ddc45 build: Honour NO_COLOR in include/scan.mk
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Hi all:

This is my first OpenWrt patch. I am a clean, pure newbie! 8-)

Honour NO_COLOR in Makefile function 'progress' in include/scan.mk, in the same way that include/verbose.mk does.

Signed-off-by: R. Diez <rdiezmail-openwrt@yahoo.com>
2019-02-17 19:22:04 +01:00
Koen Vandeputte
ca13820d13 kernel: bump 4.19 to 4.19.23
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-15 21:53:27 +01:00
Koen Vandeputte
3967376eb7 kernel: bump 4.14 to 4.14.101
Refreshed all patches.

Fixes:
- CVE-2019-3819

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-15 21:53:27 +01:00
Koen Vandeputte
276d8b86a7 kernel: bump 4.9 to 4.9.158
Refreshed all patches.

Fixes:
- CVE-2019-3819

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-15 21:53:27 +01:00
Koen Vandeputte
6b6f238b82 kernel: bump 4.19 to 4.19.21
Refreshed all patches.

Remove upstreamed:
- 0007-ARM-dts-Fix-up-the-D-Link-DIR-685-MTD-partition-info.patch

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-14 16:45:01 +01:00
Koen Vandeputte
9a1d7ff187 kernel: bump 4.14 to 4.14.99
Refreshed all patches.

Remove upstreamed:
- 950-0434-mmc-bcm2835-Recover-from-MMC_SEND_EXT_CSD.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-14 16:45:01 +01:00
Koen Vandeputte
a23a13dec2 kernel: bump 4.9 to 4.9.156
Refreshed all patches.

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-14 16:45:01 +01:00
Christian Lamparter
0dc48905cb build: add KERNEL_ENTRY and sort DEFAULT_DEVICE_VARS
The KERNEL_ENTRY was missing from the DEFAULT_DEVICE_VARS.

This bug was discovered while preparing alternative images
for the mpc85xx's TP-Link WDR4900-V1, which all failed to
boot due to this:
|## Booting kernel from Legacy Image at 02000000 ...
|   Image Name:   POWERPC OpenWrt Linux-4.14.96
|   Image Type:   PowerPC Linux Kernel Image (uncompressed)
|   Data Size:    2056568 Bytes = 2 MiB
|   Load Address: 01000000
|   Entry Point:  00000000
|   Verifying Checksum ... OK

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-02-11 19:01:50 +01:00
Koen Vandeputte
9a3599de2c kernel: bump 4.19 to 4.19.20
Refreshed all patches.

Remove upstreamed:
- 100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch

Altered patches:
- 721-phy_packets.patch

Compile-tested on: imx6
Runtime-tested on: imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-08 17:27:47 +01:00
Koen Vandeputte
89bf16ad50 kernel: bump 4.14 to 4.14.98
Refreshed all patches.

Remove upstreamed:
- 100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch

Altered patches:
- 721-phy_packets.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-08 17:27:47 +01:00
Koen Vandeputte
34e80b5d3b kernel: bump 4.9 to 4.9.155
Refreshed all patches.

Remove upstreamed:
- 100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch

Altered patches:
- 721-phy_packets.patch

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-08 17:27:47 +01:00
Koen Vandeputte
4c20c6fa94 kernel: bump 3.18 to 3.18.134
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-08 17:27:47 +01:00
Petr Štetiar
bb23cb1bf2 build: Fix missing device variables for artifacts
It was reported to me today on IRC, that building of artifacts doesn't
work properly if the concat_cmd references DEVICE_NAME variable. I've
found out, that it's due to missing call of Device/Export in artifacts
building code path, so this patch adds the missing Device/Export call
which in turn exports DEFAULT_DEVICE_VARS into the artifacts
environment.

Fixes: 493c9a3551 ("build: Introduce building of artifacts")
Tested-by: Oskari Lemmela <oskari@lemmela.net>
Reported-by: Oskari Lemmela <oskari@lemmela.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-02-05 19:37:30 +01:00
Koen Vandeputte
3da230a2e6 kernel: bump 4.19 to 4.19.19
Refreshed all patches.

Remove upstreamed patch:
- 800-v5.0-usb-leds-fix-regression-in-usbport-led-trigger.patch

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-01 11:41:00 +01:00
Koen Vandeputte
206bebcad4 kernel: bump 4.14 to 4.14.97
Refreshed all patches.

Adapted patches:
- 012-kbuild-add-macro-for-controlling-warnings-to-linux-c.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-01 11:41:00 +01:00
Koen Vandeputte
604eb94550 kernel: bump 4.9 to 4.9.154
Refreshed all patches.

Adapted patches:
- 012-kbuild-add-macro-for-controlling-warnings-to-linux-c.patch

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-01 11:41:00 +01:00
Michal Hrusecky
37e91861cc build: Use LINUX_DIR for Kernel/Patch
Use LINUX_DIR as a path when patching kernel. Doesn't break the current usage,
but allows to create packages that will contain variation of a kernel with
kernel being build in some subdirectory of PKG_BUILD_DIR.

Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
2019-01-30 13:20:14 +01:00
Thorsten Glaser
da5bee5345 build: fix umask detection bashism
the leading 0 is optional and not emitted by some shells

Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
2019-01-30 12:39:18 +01:00
Jeffery To
a117093679 build: fix STAGING_DIR cleaning for packages
This fixes two issues with cleaning package files from STAGING_DIR:

* CleanStaging currently can only remove files and not directories. This
  changes CleanStaging to use clean-package.sh, which does remove
  directories.

* Because of the way directories are ordered in the staging files list,
  clean-package.sh currently tries (and fails) to remove parent
  directories before removing subdirectories. This changes
  clean-package.sh to process the staging files list in reverse, so that
  subdirectories are removed first.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-01-30 12:32:07 +01:00
Koen Vandeputte
f003d732d7 kernel: bump 4.19 to 4.19.18
Refreshed all patches.

Removed upstreamed:
- 031-v5.0-MIPS-BCM47XX-Setup-struct-device-for-the-SoC.patch
- 142-jffs2-Fix-use-of-uninitialized-delayed_work-lockdep-.patch

Removed upstreamed hunk in:
- 800-bcma-get-SoC-device-struct-copy-its-DMA-params-to-th.patch

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-28 18:17:32 +01:00
Koen Vandeputte
3662157d8b kernel: bump 4.14 to 4.14.96
Refreshed all patches.

Remove upstreamed patches:
- 142-jffs2-Fix-use-of-uninitialized-delayed_work-lockdep-.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-28 18:17:32 +01:00
Koen Vandeputte
662b926146 kernel: bump 4.9 to 4.9.153
Refreshed all patches.

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-28 18:17:32 +01:00
Koen Vandeputte
aa95bdd80f kernel: bump 3.18 to 3.18.133
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-28 18:17:32 +01:00
Petr Štetiar
cbbef976e2 build: dtc: Disable noisy warnings by default
While helping with review and build testing of a few 4.19 pull requests,
I've noticed, that dtc compiler in OpenWrt uses different options then
upstream kernel, which is leading to a very noisy output[1]. It wouldn't
be that bad per se, but a lot of such warnings aren't easily fixable so
I think, that we should follow what upstream does and simply ignore^W
silence those noisy warnings.

So this patch tries to syncs dtc compiler flags with upstream kernel
till version 4.19.13, disabling those warnings as they were added in
upstream kernel:

 v4.6-rc1-2-gbc55398 dtc: turn off dtc unit address warnings by default

  The newly added dtc warning to check DT unit-address without reg
  property and vice-versa generates lots of warnings. Turn off the check
  unless building with W=1 or W=2.

 v4.11-rc2-11-g8654cb8 dtc: update warning settings for new bus and node/property

  dtc gained new warnings checking PCI and simple buses, unit address
  formatting, and stricter node and property name checking. Disable the
  new dtc warnings by default as there are 1000s. As before, warnings are
  enabled with W=1 or W=2. The strict node and property name checks are a
  bit subjective, so they are only enabled for W=2.

 v4.16-rc3-9-g4fd98e3 scripts: turn off some new dtc warnings by default

  The latest dtc update adds some new noisy warnings, so turn them off by
  default. Disable 'avoid_unnecessary_addr_size' and 'alias_paths'. They
  can be re-enabled by building with 'W=1'.

 v4.17-rc1-27-g74656b6 kbuild: disable new dtc graph and unit-address warnings

  dtc gained some new warnings for OF graphs and unique unit addresses,
  but they are currently much too noisy. So turn off
  'graph_child_address', 'graph_port', and 'unique_unit_address' warnings
  by default. They can be enabled by building dtbs with W=1.

Build tested on imx6 and ath79 with 4.14 and 4.19.

1. https://github.com/openwrt/openwrt/pull/1694#issuecomment-450864335

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-01-27 00:16:14 +01:00
Petr Štetiar
66a4978b43 u-boot.mk: Fix building of recent U-Boot sources
This patch fixes following error with U-Boot 2019.01 on imx6:

 In file included from tools/lib/crc16.c:1:0:
 ./tools/../lib/crc16.c: In function 'crc16_ccitt':
 ./tools/../lib/crc16.c:70:2: error: 'for' loop initial declarations are only allowed in C99 mode
   for (int i = 0;  i < len;  i++)
   ^
 ./tools/../lib/crc16.c:70:2: note: use option -std=c99 or -std=gnu99 to compile your code

Code was introduced in the upstream v2019.01-rc1-154-g51c2345:

 commit 51c2345bd24837f9f67f16268da6dc71573f1325
 Author: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
 Date:   Sun Nov 25 19:22:19 2018 +0100

    Roll CRC16-CCITT into the hash infrastructure

Upstream has added -std=gnu11 host flag in v2018.07-rc2-1-gfa89399:

 commit fa893990e9b53425af5f5059e04a2bffde91ccf9
 Author: Tom Rini <trini@konsulko.com>
 Date:   Tue Jun 19 23:53:54 2018 -0400

    Makefile: Ensure we build with -std=gnu11

Build tested on imx6: apalis, mx6sabresd, nitrogen6dl, nitrogen6dl2g,
                      nitrogen6q, nitrogen6q2g, nitrogen6s, nitrogen6s1g,
                      wandboard

Run tested: apalis (pending PR #1595)

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-01-26 21:46:32 +01:00
Oever González
892d741259 build: add a script for generating Linksys factory images
This commit adds the 'Build/linksys-image' rule and the
'linksys-image.sh' script to the build system.

This change is needed for generating factory images for the Linksys
EA6350v3 device. Without this patch, only valid sysupgrade images can be
generated. With this patch, users can flash the device without the
need of physical access or disassembly.

Signed-off-by: Ryan Pannell <ryan@osukl.com>
Signed-off-by: Oever González <notengobattery@gmail.com>
2019-01-26 21:43:07 +01:00
Hauke Mehrtens
e61061a088 toolchain: Include hardening.mk for toolchain build
This adds the hardening options also to the toolchain build.
With this change the /usr/lib/libstdc++.so.6.0.24 library will have
stack canaries and the /lib/libgcc_s.so.1 library will have Full RELRO.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-01-24 21:52:39 +01:00
Jo-Philipp Wich
790bce92ad build: formatting fixes for per-provide ABI_VERSION suffixes
- Filter out potential duplicates with the package name
   (e.g. when renaming libfoo1 w/ ABI_VERSION:=1 to libfoo)
 - Use the GetABISuffix macro to properly separate the suffix
   with a dash in case the basename ends with a number

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 12:51:39 +01:00
Jo-Philipp Wich
60558790a2 build: extend ABI_VERSION suffixing to provides
When a library package specifies additional provides, e.g. libncurses
which provides libncursesw, we should also append the abi version
suffix to each provide, since there may be more than one package
providing the virtual library.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 10:39:29 +01:00
Koen Vandeputte
528508ae8b kernel: bump 4.14 to 4.14.95
Refreshed all patches.

Removed superseded patches:
- 0400-Revert-MIPS-smp-mt-Use-CPU-interrupt-controller-IPI-.patch

Compile-tested on: ar71xx, cns3xxx, imx6, lantiq (xrx200, AVM 3370), x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, lantiq (xrx200, AVM 3370)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Mathias Kresin <dev@kresin.me>
Tested-by: Robert Resch <openwrt@webnmail.de>
2019-01-24 10:10:45 +01:00
Koen Vandeputte
ed6322a7f8 kernel: bump 4.9 to 4.9.152
Refreshed all patches.

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-24 10:10:45 +01:00
Michal Hrusecky
74450124f6 build: Optionally provide file checksums in package metadata
This may be useful if you don't entirely trust your flash and want to be able
to check for corruptions.

Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net>
2019-01-22 09:22:25 +01:00
Koen Vandeputte
3fe555c719 kernel: bump 4.14 to 4.14.94
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-21 13:08:39 +01:00
Koen Vandeputte
c594cdae0c kernel: bump 4.9 to 4.9.151
Refreshed all patches.

Compile-tested on: ar7
Compile-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-21 13:08:39 +01:00
Jo-Philipp Wich
e6bcf1e4ac build: add ABI_VERSION to binary package names
Add the ABI_VERSION source makefile variable to the binary package basename
and resolve source dependencies on packages with ABI_VERSION set to such
expanded names.

If for example a package specifies DEPENDS:=libopenssl while the OpenSSL
Makefile specifies ABI_VERSION:=1.0.0, the resulting ipk control data
dependency will be "Depends: libopenssl1.0.0" and the libopenssl ipk file
will be called "libopenssl1.0.0_<version>_<arch>.ipk".

The next time a library such as OpenSSL is updated to an incompatible
version, the ABI_VERSION shall be changed accordingly to prevent opkg from
simply upgrading to an incompatible library without considering the
dependencies of already installed packages.

Also introduce another "SourceName" control field which is required by
the newly introduced "scritps/ipkg-remove" to determine the proper related
.ipk files to delete upon buildroot package clean operations.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-19 14:32:12 +01:00
Jo-Philipp Wich
e3d5b384aa build: expose ABI version in .packageauxvars
Subdequent commits need this information to resolve the ABI version when
computing binary ipk dependencies.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-19 14:32:01 +01:00
Jo-Philipp Wich
2d9d57b9de build: rename .packagesubdirs to .packageauxvars
Subsequent commits will put more auxiliary information into this file,
such as the per-package ABI version, so rename the metadata script
subcommand and file names accordingly.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-19 14:31:56 +01:00
Stijn Tintel
a37098a2d0 kernel: bump 4.19 to 4.19.16
Refresh patches.
Remove upstreamed patches:
- backport/096-mips-math-emu-Write-protect-delay-slot-emulation-pages.patch
- backport/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
- backport/424-v4.20-net-dsa-fix-88e6060-roaming.patch
- hack/100-mtd-rawnand-qcom-fix-memory-corruption-that-causes-p.patch
- pending/510-f2fs-fix-sanity_check_raw_super-on-big-endian-machines.patch
Update patch that no longer applies:
- backport/343-netfilter-nft_flow_offload-handle-netdevice-events-f.patch

Compile-tested: mesongx
Runtime-tested: mesongx

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-01-17 03:04:13 +02:00
Koen Vandeputte
63a2ed3ba5 kernel: bump 4.9 to 4.9.150
Refreshed all patches.

Remove upstreamed:
- 096-mips-math-emu-Write-protect-delay-slot-emulation-pages.patch

Altered patches:
- 024-7-net-reorganize-struct-sock-for-better-data-locality.patch

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-16 12:56:30 +01:00
Koen Vandeputte
5be22ef2fa kernel: bump 3.18 to 3.18.132
Refreshed all patches.

Compile-tested: adm5120
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-16 12:56:30 +01:00
Mathias Kresin
26a016731d firmware-utils: mksercommfw: overhaul image creation
Move the zip compression into a build recipe. Pad the image using the
existing build recipes as well to remove duplicate functionality

Change the code to append header and footer in two steps. Allow to use a
fixed filename as the netgear update image does.

Use a fixed timestamp within the zip archive to make the images
reproducible.

Due to the changes we are now compatible to the gnu89 c standard used by
default on the buildbots and we don't need to force a more recent
standard anymore.

Beside all changes, the footer still looks wrong in compare to the
netgear update image.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2019-01-15 19:11:54 +01:00
Stijn Tintel
8c6f00ef4f kernel: bump 4.14 to 4.14.93
Refresh patches.
Remove upstreamed patches:
- backport/096-mips-math-emu-Write-protect-delay-slot-emulation-pages.patch
- pending/510-f2fs-fix-sanity_check_raw_super-on-big-endian-machines.patch
- brcm2708/950-0415-qmi_wwan-apply-SET_DTR-quirk-to-the-SIMCOM-shared-de.patch

Compile-tested: ar71xx, ath79, brcm2708/bcm27{08,10}, octeon, x86/64
Runtime-tested: ar71xx, ath79, brcm2708/bcm27{08,10}, octeon, x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-01-14 02:20:40 +02:00
Mathias Kresin
6a3f8b8818 build: remove duplicate mksercomfw image recipe
Keep the ramips/mt76x8 copy, since it's only required for this target at
the moment.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2019-01-13 18:31:10 +01:00
Koen Vandeputte
f56a4e809b kernel: bump 4.14 to 4.14.91
Refreshed all patches.

Removed upstreamed:
- 500-ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-07 17:09:06 +01:00
Koen Vandeputte
30d518bf16 kernel: bump 4.9 to 4.9.148
Refreshed all patches.

Altered patches:
- 902-debloat_proc.patch

Removed upstreamed:
- 424-v4.20-net-dsa-fix-88e6060-roaming.patch

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-07 17:09:06 +01:00
Koen Vandeputte
a18f68ff30 kernel: bump 3.18 to 3.18.131
Refreshed all patches.

Altered patches:
- 902-debloat_proc.patch

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-07 17:09:06 +01:00
Mathias Kresin
fd35c5b205 build: move seama commands to image-commands.mk
Move it to image-commands.mk to get rid of duplicate recipes.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-12-30 20:08:13 +01:00
INAGAKI Hiroshi
99df98442e build: move xor-image into image-commands
I moved xor-image into image-commands.mk to use it in ath79 target.

It required for NEC WG800HP.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-12-24 19:18:07 +01:00
Kevin Darbyshire-Bryant
5b3afca757 kernel: bump 4.14 to 4.14.90
Refresh all patches

Remove upstream patch:
backport-4.14/424-v4.20-net-dsa-fix-88e6060-roaming.patch

Minor tweak to generic/hack-4.14/902-debloat_proc.patch to cleanly apply
after upstream changes.

Tested-on: ath79

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-12-24 15:06:33 +00:00
Yousong Zhou
eda3094eb9 build: fix build dependency of kmod .ipk with version filtered files
We need to use resolved file list as prerequisites for repacking kmod
.ipk files.  Note that currently version_filter uses a Makefile macro
KERNEL_PATCHVER that should be available at ipk building time.

Reported-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-12-18 20:04:17 +00:00
Koen Vandeputte
9f2739e924 kernel: bump 4.14 to 4.14.89
Refreshed all patches.

Remove upstreamed patches:
- 096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-18 14:24:57 +01:00
Koen Vandeputte
dd0a213bed kernel: bump 4.9 to 4.9.146
Refreshed all patches.

Compile-tested on: brcm2708
Runtime-tested on: brcm2708

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-18 14:24:57 +01:00
Koen Vandeputte
902a9f23d6 kernel: bump 3.18 to 3.18.130
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-18 14:24:57 +01:00
Mathias Kresin
09004e6e13 build: drop cameo-factory recipe
The cameo factory images are created using existing image build
commands, which makes the code obsolete.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-12-17 23:21:40 +01:00
Mathias Kresin
ffdce856e0 build: move append-string to image-commands.mk
Move it to image-commands.mk so that it can used by other targets.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-12-17 23:21:26 +01:00
Sebastian Kemper
b8271e9da0 image: remove duplicate cameo-factory
The function was accidentally added twice. Remove the duplicate.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-12-17 19:44:45 +01:00
Sebastian Kemper
6c3c4436ee ath79: add d-link dir-825-c1 and dir-835-a1
This commit ports both dir-825-c1 and dir-835-a1 from ar71xx to ath79.
They're pretty much identical, except dir-835-a1 has less LEDs.

The routers come with 128 MByte of RAM and 16 MBytes of flash and sport
2.4GHz and 5.0GHz wireless. Both routers have entries already in
OpenWrt's TOH. Please check there for more information on these
antiquities.

https://openwrt.org/toh/hwdata/d-link/d-link_dir-825_c1
https://openwrt.org/toh/hwdata/d-link/d-link_dir-835_a1

Installation:

1. Connect to the web interface of the vendor firmware (usually
   listening on 192.168.0.1).
2. Go to "Tools", then "Firmware".
3. In the "Firmware Upgrade" box click "Browse".
4. Select the OpenWrt factory image for your router.
5. Click "Upload", confirm the popups if you agree to flash the file you
   selected.
6. Wait for firmware upgrade to complete. It takes about 5 minutes.

Run-tested on dir-825-c1. dir-835-a1 should work as well, but I don't
have this router so I can't confirm.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [trivial changes]
2018-12-17 00:21:34 +01:00
Sebastian Kemper
247fdceab6 image: add cameo-factory command
This command enables factory image generation for Cameo boards. On
upgrade the vendor firmware will check the size of the provided image
and if a specific string is located at the end of the binary.
cameo-factory will generate an image that the vendor firmware accepts.

Tested on a D-Link DIR-825 C1 with vendor firmwares 3.01 and 3.04.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-12-17 00:21:34 +01:00
Brett Mastbergen
2b6eab507a netfilter: Add fib support for nftables
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
2018-12-16 00:57:20 +01:00
Hauke Mehrtens
fbaf48387e kernel: netfilter: chain filters merged into nf_tables.ko
In mainline kernel commit 02c7b25e5f5 ("netfilter: nf_tables: build-in
filter chain type") all chain filters were merged into one file and into
one kernel module to save some memory. The code protected by these
configuration options CONFIG_NF_TABLES_BRIDGE, CONFIG_NF_TABLES_IPV4,
CONFIG_NF_TABLES_ARP, CONFIG_NF_TABLES_IPV6, CONFIG_NF_TABLES_NETDEV and
CONFIG_NF_TABLES_INET was merged into the nft_chain_filter.c file which
is now always compiled into the nf_tables.ko file.

This only happened in kernel 4.19 and OpenWrt has to select these as
modules in older kennel versions. Mark them as build-in in the kernel
4.19 specific kernel configuration file which will then not be
overwritten by the package specific settings which try to make them
modular again.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
f891670704 kernel: netfilter: Adapt merge ipv4/ipv6 masquerade code
In kernel commit 0168e8b361 ("netfilter: nat: merge ipv4/ipv6 masquerade
code into main nat module") the CONFIG_NF_NAT_MASQUERADE_IPV4 and
CONFIG_NF_NAT_MASQUERADE_IPV6 kernel configuration option were changed
to bool and the code will not be compiled as a own module any more, but
it will be integrated into nf_nat_ipv4.ko or nf_nat_ipv6.ko to save some
memory.

Activate these options as bool in the generic kernel 4.19 configuration
only, to always build them into the nf_nat_ipv*.ko modules. The kmod
file will still try to select them as module, but the generic
configuration will not be overwritten.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
f72f793c9e kernel: netfilter: Add nf_conncount.ko
Some kernel modules from kmod-ipt-conntrack-extra depend on
nf_conncount.ko, which was added in kernel 4.16, add it to the kmod.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
89806545cc kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}
The nf_socket.ko module was split in commit 8db4c5be88f ("netfilter:
move socket lookup infrastructure to nf_socket_ipv{4,6}.c") into a
common, n IPv4 and an IPv6 part.
The nf_tproxy.ko module was split in commit 45ca4e0cf27 ("netfilter:
Libify xt_TPROXY") into a common, an IPv4 and an IPv6 part.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
35929059b7 kernel: netfilter: Add nf_defrag_ipv6.ko to NF_CONNTRACK on 4.19
In kernel commit a0ae2562c6c ("netfilter: conntrack: remove l3proto
abstraction") The modules nf_conntrack_ipv4.ko, nf_conntrack_ipv6.ko and
nf_conntrack.ko were squashed together into one module. This module now
depends on nf_defrag_ipv6 when IPv6 support was activated. This is part
of the main netfilter packages, so add nf_defrag_ipv6.ko also to the
default netfilter packages on kernel 4.19 and later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
9261e7447e kernel: Make the patches apply on top of 4.19
This makes the patches which were just copied in the previous commit
apply on top of kernel 4.19.

The patches in the backports-4.19 folder were checked if they are really
in kernel 4.19 based on the title and only removed if they were found in
the upstream kernel.

The following additional patches form the pending folder went into
upstream Linux 4.19:
pending-4.19/171-usb-dwc2-Fix-inefficient-copy-of-unaligned-buffers.patch
pending-4.19/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch
pending-4.19/478-mtd-spi-nor-Add-support-for-XM25QH64A-and-XM25QH128A.patch
pending-4.19/479-mtd-spi-nor-add-eon-en25qh32.patch
pending-4.19/950-tty-serial-exar-generalize-rs485-setup.patch
pending-4.19/340-MIPS-mm-remove-mips_dma_mapping_error.patch

Bigger changes were introduced to the m25p80 spi nor driver, as far as I
saw it in the new code, it now has the functionality provided in this
patch:
pending-4.19/450-mtd-m25p80-allow-fallback-from-spi_flash_read-to-reg.patch

Part of this patch went upstream independent of OpenWrt:
hack-4.19/220-gc_sections.patch
This patch was reworked to match the changes done upstream.

The MIPS DMA API changed a lot, this patch was rewritten to match the
new DMA handling:
pending-4.19/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch

I did bigger manual changes to the following patches and I am not 100% sure if they are all correct:
pending-4.19/0931-w1-gpio-fix-problem-with-platfom-data-in-w1-gpio.patch
pending-4.19/411-mtd-partial_eraseblock_write.patch
pending-4.19/600-netfilter_conntrack_flush.patch
pending-4.19/611-netfilter_match_bypass_default_table.patch
pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
hack-4.19/211-host_tools_portability.patch
hack-4.19/221-module_exports.patch
hack-4.19/321-powerpc_crtsavres_prereq.patch
hack-4.19/902-debloat_proc.patch

This is based on patchset from Marko Ratkaj <marko.ratkaj@sartura.hr>

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:48 +01:00
Koen Vandeputte
fdd11a6eae kernel: bump 4.14 to 4.14.88
Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Fixes CVE:
- CVE-2018-14625

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-14 13:01:49 +01:00
Koen Vandeputte
fd918b413a kernel: bump 4.9 to 4.9.145
Refreshed all patches.

Fixes CVE:
- CVE-2018-14625

Compile-tested on: brcm2708
Runtime-tested on: brcm2708

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-14 13:01:45 +01:00
Koen Vandeputte
2bc4af1770 kernel: bump 3.18 to 3.18.129
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-14 13:01:41 +01:00
Koen Vandeputte
f6e9f23771 kernel: bump 4.14 to 4.14.87
Refreshed all patches.

Remove upstreamed:
- 0008-MIPS-ralink-Fix-mt7620-nd_sd-pinmux.patch

Compile-tested: cns3xxx, imx6
Runtime-tested: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-10 16:32:22 +01:00
Koen Vandeputte
861dcd717f kernel: bump 4.9 to 4.9.144
Refreshed all patches.

Remove upstreamed:
- 014-Kbuild-suppress-packed-not-aligned-warning-for-defau.patch

Compile-tested: ar7, brcm2708
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-10 16:32:22 +01:00
Koen Vandeputte
0028f86687 kernel: bump 4.14 to 4.14.86
Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-10 11:48:44 +01:00
Koen Vandeputte
dfbf836a52 kernel: bump 4.9 to 4.9.143
Refreshed all patches.

Altered patches:
- 950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch
- 201-extra_optimization.patch

New symbol:
- CONFIG_HARDEN_BRANCH_PREDICTOR

Compile-tested on: ar7, at91, brcm2708, ixp4xx, layerscape, orion
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[fix brcm2708/950-0149-Update-vfpmodule.c.patch]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-10 11:48:44 +01:00
Koen Vandeputte
4e38fc824c kernel: bump 3.18 to 3.18.128
Refreshed all patches.

Altered patches:
- 002-phy_drivers_backport.patch

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-10 11:48:44 +01:00
Rafał Miłecki
966ba6daa4 kernel: fix downloading rcX releases
They are no longer stored in the "testing" subdirectory and are not
available as .tar.xz archives. If -rc is detected download it from the
git.kernel.org and use .tar.gz.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-12-03 09:34:57 +01:00
INAGAKI Hiroshi
879f2ef7c0 ath79: modify mtd partitions for Buffalo BHR-4GRV2
This commit modifies mtd partitions define for Buffalo BHR-4GRV2 and
move it to generic subtarget.

In Buffalo BHR-4GRV2, "kernel" partition is located behined "rootfs"
partition in the stock firmware. This causes the size of the kernel
to be limited by the fixed value.

0x50000                       0xe80000        0xff0000
  +-------------------------------+--------------+
  |            rootfs             |    kernel    |
  |           (14528k)            |    (1472k)   |
  +-------------------------------+--------------+

After ar71xx was updated to Kernel 4.14, the kernel size of BHR-4GRV2
exceeded the limit, and it breaks builds on official buildbot.
Since this issue was also confirmed in ath79, I modified the mtd
partitions to get rid of that limitation.

0x50000                                       0xff0000
  +----------------------------------------------+
  |                   firmware                   |
  |                   (16000k)                   |
  +----------------------------------------------+

However, this commit breaks compatibility with ar71xx firmware, so I
dropped "SUPPORTED_DEVICES += bhr-4grv2".

This commit requires new flash instruction instead of the old one.

Flash instruction using initramfs image:

1. Connect the computer to the LAN port of BHR-4GRV2
2. Set the IP address of the computer to 192.168.12.10
3. Rename the OpenWrt initramfs image to
"bhr4grv2-uImage-initramfs-gzip.bin" and place it into the TFTP
directory
4. Start the tftp server on the computer
5. While holding down the "ECO" button, connect power cable to
BHR-4GRV2 and turn on it
6. Flashing (orange) diag LED and release the finger from the button,
BHR-4GRV2 downloads the intiramfs image from TFTP server and boot
with it
7. On the initramfs image, create "/etc/fw_env.config" file with
following contents
  /dev/mtd1 0x0 0x10000 0x10000
8. Execute following commands to add environment variables for
u-boot
  fw_setenv ipaddr 192.168.12.1
  fw_setenv serverip 192.168.12.10
  fw_setenv ethaddr 00:aa:bb:cc:dd:ee
  fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
9. Perform sysupgrade with squashfs-sysupgrade image
10. Wait ~150 seconds to complete flashing

And this commit includes small fix; BHR-4GRV2 has QCA9557 as a SoC,
not QCA9558.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-11-26 12:28:17 +01:00
Tomasz Maciej Nowak
31075313bf include/rootfs.mk: remove boot directory
Currently every file in boot directory is copied over target /boot on
root file system and is usually inaccessible because appropriate boot
file system is mounted on top of it. Therefore remove /boot, which in
result will also save space on target root file system.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-11-26 12:05:44 +01:00
Petr Štetiar
493c9a3551 build: Introduce building of artifacts
We currently could (ab)use IMAGES for this task, but the downside is,
that the filenames has filesystem tied to the filename, which might be
confusing as the artifact itself don't has to be used with that specific
filesystem. Another downside is, that the artifacts built with IMAGES
target are build for every FILESYSTEMS filesystem.

Consider following use case:

 define Device/apalis
   ...
   FILESYSTEMS := ext4 squashfs
   IMAGES := spl-uboot.bin recovery.scr
   IMAGE/spl-uboot.bin := append-uboot-spl | pad-to 68k | append-uboot
   IMAGE/recovery.scr := recovery-scr
 endef

Where we would get target binaries with following filenames:

 openwrt-imx6-apalis-squashfs.recovery.scr
 openwrt-imx6-apalis-squashfs.spl-uboot.bin
 openwrt-imx6-apalis-ext4.recovery.scr
 openwrt-imx6-apalis-ext4.spl-uboot.bin

With proposed patch, we could now just do:

 define Device/apalis
   ...
   ARTIFACTS := spl-uboot.bin recovery.scr
   ARTIFACT/spl-uboot.bin := append-uboot-spl | pad-to 68k | append-uboot
   ARTIFACT/recovery.scr := recovery-scr
 endef

Which would produce target binaries with following filenames:

 openwrt-imx6-apalis-recovery.scr
 openwrt-imx6-apalis-spl-uboot.bin

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-11-26 09:39:20 +01:00
Koen Vandeputte
3a1978bbb4 kernel: bump 3.18 to 3.18.126
Refreshed all patches.

Compile-tested: adm5120
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-22 12:40:19 +01:00
Koen Vandeputte
02e16e9e82 kernel: bump 4.14 to 4.14.82
Refreshed all patches.

Compile-tested: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-11-22 10:49:01 +01:00
Koen Vandeputte
e1debc557c kernel: bump 4.9 to 4.9.138
Refreshed all patches.

Compile-tested: ar71xx, layerscape
Runtime-tested: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-22 10:49:01 +01:00
Koen Vandeputte
e14dc93073 kernel: bump 4.14 to 4.14.81
Refreshed all patches.

Removed upstreamed patches:
- 081-spi-bcm-qspi-switch-back-to-reading-flash-using-smal.patch

Altered patches:
- 0054-cpufreq-dt-Handle-OPP-voltage-adjust-events

Compile-tested on: cns3xxx, imx6, ipq806x, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-14 16:27:43 +01:00
Koen Vandeputte
7e20e4ab96 kernel: bump 4.9 to 4.9.137
Refreshed all patches.

Removed upstreamed hunks in:
- 703-phy-support-layerscape.patch

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-14 16:27:43 +01:00
Koen Vandeputte
f7a406deaf kernel: bump 3.18 to 3.18.125
Refreshed all patches.

Compile-tested on: adm5120
Compile-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-14 16:27:43 +01:00
Stijn Tintel
e95e9fcbb2 kernel: bump 4.14 to 4.14.80
Refresh patches.

Compile-tested: ar71xx, ath79, x86/64
Runtime-tested: ar71xx, ath79, x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-11-13 00:44:01 +02:00
Koen Vandeputte
c764b2b531 kernel: bump 4.14 to 4.14.79
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-05 16:00:00 +01:00
Koen Vandeputte
bc3d47cd12 kernel: bump 4.14 to 4.14.78
Refreshed all patches.

Remove upstreamed:
- 050-net-emac-fix-fixed-link-setup-for-the-RTL8363SB-swit.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-22 15:28:31 +02:00
Koen Vandeputte
9c42391c0d kernel: bump 4.9 to 4.9.135
Refreshed all patches.

Fixes:
- CVE-2018-10883

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-22 15:28:31 +02:00
Christian Lamparter
92bcd08989 build: remove obsolete -rc kernel testing rewrites
The -rcX "testing" kernels are no longer hosted on
cdn.kernel.org file servers directly in a "testing"
directory. Therefore the logic that tested for "-rc"
can be removed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-10-20 16:13:39 +02:00
Koen Vandeputte
ca88f4153f kernel: bump 4.14 to 4.14.77
Refreshed all patches.

Altered patches:
- 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch

New symbol for arm targets:
- HARDEN_BRANCH_PREDICTOR

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-19 10:01:57 +02:00
Koen Vandeputte
6d682d82b0 kernel: bump 4.9 to 4.9.134
Refreshed all patches.

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-19 10:01:57 +02:00
Kevin Darbyshire-Bryant
1063d904b7 hostapd: add basic variant
Add a basic variant which provides WPA-PSK only, 802.11r and 802.11w and
is intended to support 11r & 11w (subject to driver support) out of the
box.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-10-16 15:07:41 +01:00
Koen Vandeputte
0d0bd8e6da kernel: bump 4.14 to 4.14.76
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-16 10:08:56 +02:00
Koen Vandeputte
e80af4b53b kernel: bump 4.9 to 4.9.133
Refreshed all patches.

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-16 10:08:54 +02:00
Koen Vandeputte
912340033a kernel: bump 3.18 to 3.18.124
Refreshed all patches.

Compile-tested: adm5120
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-16 10:06:45 +02:00
Koen Vandeputte
f983956a8b kernel: bump 4.14 to 4.14.75
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-10 14:45:11 +02:00
Koen Vandeputte
571fe28464 kernel: bump 4.9 to 4.9.132
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-10 14:45:11 +02:00
Hauke Mehrtens
5933958168 image: ignore usign build errors
The tl-wa850re-v2 images from the ar71xx/tiny target are getting too big
with the default packages. The size check is done before the meta data
is added so there is no file to add meta data to or to sign. Originally
errors in Build/append-metadata were getting ignored, but if the signing
fails the error is not ignored.
This adds a check if the file to be signed is there and only does the
signing if it is there. This way it does not fail if the package
creation was already aborted earlier.

Fixes: 848b455d2e ("image: use ucert to append signature")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-10-07 22:14:35 +02:00
Felix Fietkau
b7855230a3 build: insert blank line after KernelPackage template to allow chaining calls to it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-10-06 13:02:29 +02:00
Koen Vandeputte
a2adeffffc kernel: bump 4.14 to 4.14.74
Refreshed all patches.

Fixes CVE:

- CVE-2018-7755

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-04 16:15:03 +02:00
Koen Vandeputte
0bcff6b0db kernel: bump 4.9 to 4.9.131
Refreshed all patches.

Fixes CVE:

- CVE-2018-10880
- CVE-2018-7755

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-04 16:15:03 +02:00
Koen Vandeputte
7bfe757bc4 kernel: bump 4.14 to 4.14.73
Refreshed all patches.

Removed upstreamed:
- 192-Revert-ubifs-xattr-Don-t-operate-on-deleted-inodes.patch

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-02 13:44:36 +02:00
Koen Vandeputte
00f1dc55e8 kernel: bump 4.9 to 4.9.130
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-02 13:44:36 +02:00
Felix Fietkau
c3a0102195 build: fix kernel headers install for uml
The kernel headers makefile needs to override LINUX_KARCH

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-29 18:09:45 +02:00
Amol Bhave
366e6ef5c3 build: use CMAKE_SOURCE_SUBDIR variable to cmake.mk
Sometimes, the CMakeLists.txt file is not in the root directory of a
repo. In those cases, the CMAKE_SOURCE_SUBDIR variable can be specified
to use CMakeLists.txt from a subdirectory instead.

Signed-off-by: Amol Bhave <ambhave@fb.com>
2018-09-29 17:23:11 +02:00
Koen Vandeputte
e9d92bf1e1 kernel: bump 4.14 to 4.14.72
Refreshed all patches.

Removed upstreamed:
- 203-MIPS-ath79-fix-restart.patch
- 0013-MIPS-ath79-fix-system-restart.patch
- 180-earlycon-initialize-port-uartclk-based-on-clock-frequency-property.patch
- 181-earlycon-remove-hardcoded-port-uartclk-initialization-in-of_setup_earlycon. patch
- 700-1-6-e1000e-Remove-Other-from-EIAC.patch
- 700-2-6-Partial-revert-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
- 700-3-6-e1000e-Fix-queue-interrupt-re-raising-in-Other-interrupt.patch
- 700-4-6-e1000e-Avoid-missed-interrupts-following-ICR-read.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-26 15:54:18 +02:00
Koen Vandeputte
3caf940cc6 kernel: bump 4.9 to 4.9.129
Refreshed all patches.

Removed upstreamed:
- 203-MIPS-ath79-fix-restart.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-26 15:54:18 +02:00
Koen Vandeputte
17e90d88e2 kernel: bump 3.18 to 3.18.123
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-26 15:54:18 +02:00
Koen Vandeputte
0dbdb476f3 kernel: bump 4.14 to 4.14.71
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-21 13:23:16 +02:00
Koen Vandeputte
72e9b4059e kernel: bump 4.9 to 4.9.128
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-21 13:23:16 +02:00
Koen Vandeputte
0cda4af005 kernel: bump 4.14 to 4.14.70
Refreshed all patches.

Added new patch:
- 192-Revert-ubifs-xattr-Don-t-operate-on-deleted-inodes.patch

This fixes a bug introduced in upstream 4.14.68 which caused targets using
ubifs to produce file-system errors on boot, rendering them useless.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-17 15:47:44 +02:00
Koen Vandeputte
784d7f0251 kernel: bump 4.9 to 4.9.127
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-17 15:47:44 +02:00
Koen Vandeputte
92511d21cc kernel: bump 3.18 to 3.18.122
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-17 15:47:44 +02:00
Koen Vandeputte
079871983c kernel: bump 4.14 to 4.14.68
Refreshed all patches.

Remove upstream accepted:
- 330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch

Altered:
- 303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
- 308-mips32r2_tune.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Koen Vandeputte
752ee31ad2 kernel: bump 4.9 to 4.9.125
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Koen Vandeputte
b4bd6c2c95 kernel: bump 3.18 to 3.18.121
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Koen Vandeputte
01793e8752 kernel: bump 4.14 to 4.14.67
Refreshed all patches.

Removed upstreamed patches:
- 037-v4.18-0008-ARM-dts-BCM5301x-Fix-i2c-controller-interrupt-type.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-28 23:05:39 +02:00
Koen Vandeputte
22f899c6dd kernel: bump 4.9 to 4.9.124
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-28 23:05:39 +02:00
David Bauer
8e9a59a6b9 build: add mkrasimage
The current make-ras.sh image generation script for the ZyXEL NBG6617
has portability issues with bash. Because of this, factory images are
currently not built correctly by the OpenWRT buildbots.

This commit replaces the make-ras.sh by C-written mkrasimage.

The new mkrasimage is also compatible with other ZyXEL devices using
the ras image-format.
This is not tested with the NBG6616 but it correctly builds the
header for ZyXEL factory image.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-08-28 11:26:53 +02:00
Koen Vandeputte
6b4ba118ac kernel: bump 4.14 to 4.14.66
Refreshed all patches

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:47:13 +02:00
Koen Vandeputte
7a9afb8783 kernel: bump 4.9 to 4.9.123
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:47:13 +02:00
Koen Vandeputte
548182bc6d kernel: bump 3.18 to 3.18.119
Refreshed all patches.

Compile-tested on: adm5120, adm8668, au1000, mcs814x, ppc40x, ppc44x, xburst
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:03:23 +02:00
Koen Vandeputte
1f7ce19df2 kernel: bump 4.14 to 4.14.65
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:03:22 +02:00
Koen Vandeputte
ba30490d05 kernel: bump 4.9 to 4.9.122
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:03:22 +02:00
Daniel Engberg
fc9cbf3bc0 target.mk: Remove obsolete octeon CPU_CFLAGS
As of commit c6e02b49f6 the octeon target
uses octeonplus instead of octeon

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-08-19 18:58:30 +02:00
Hauke Mehrtens
b547ab3143 kernel: bump kernel 4.9 to version 4.9.120
The following patch was integrated upstream:
 * target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

This fixes tries to work around the following security problems:
 * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
 * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:32:07 +02:00
Hauke Mehrtens
e4bad5f0ac kernel: bump kernel 4.14 to version 4.14.63
The following patches were integrated upstream:
 * target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
 * target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch

This fixes tries to work around the following security problems:
 * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
 * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:31:56 +02:00
Ludwig Thomeczek
e5b802b9c2 firmware-utils: add sercomm/netgear tool
This adds a tool to generate a firmware file accepted
by Netgear or sercomm devices.

They use a zip-packed rootfs with header and a custom
checksum. The generated Image can be flashed via the
nmrpflash tool or the webinterface of the router.

Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
2018-08-13 08:37:19 +02:00
INAGAKI Hiroshi
a6369206fe ath79: add support for I-O DATA WN-AC1600DGR2
I-O DATA WN-AC1600DGR2 is a 2.4/5 GHz band 11ac router, based on
Qualcomm Atheros QCA9557.

Specification:

- Qualcomm Atheros QCA9557
- 128 MB of RAM
- 16 MB of Flash
- 2.4/5 GHz wifi
  - 2.4 GHz: 2T2R (SoC internal)
  - 5 GHz: 3T3R (QCA9880)
- 5x 10/100/1000 Mbps Ethernet
- 6x LEDs, 6x keys (4x buttons, 1x slide switch)
- UART header on PCB
  - Vcc, GND, TX, RX from ethernet port side
  - 115200n8

Flash instruction using factory image:

1. Connect the computer to the LAN port of WN-AC1600DGR2
2. Connect power cable to WN-AC1600DGR2 and turn on it
3. Access to "http://192.168.0.1/" and open firmware update page
("ファームウェア")
4. Select the OpenWrt factory image and click update ("更新") button
5. Wait ~150 seconds to complete flashing

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-08-11 21:45:06 +02:00
Koen Vandeputte
0ddb34b6b5 kernel: bump 4.14 to 4.14.62
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-10 18:43:23 +02:00
Koen Vandeputte
21a229317f kernel: bump 4.9 to 4.9.119
Refreshed all patches.

Delete upstreamed patch:
- 100-tcp-add-tcp_ooo_try_coalesce-helper.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-10 18:43:23 +02:00
INAGAKI Hiroshi
23519edbca ath79: add support for Buffalo BHR-4GRV2
Buffalo BHR-4GRV2 is a wired router, based on Qualcomm Atheros
QCA9558.
Ported from ar71xx target.

Specification:

- Qualcomm Atheros QCA9558
- 64 MB of RAM
- 16 MB of Flash
- 5x 10/100/1000 Ethernet
  - QCA8337N
- 4x LEDs, 2x keys
- UART header on PCB
  - Vcc, TX, RX, GND from LED side
  - 115200n8

Flash instruction using factory image:

1. Connect the computer to the LAN port of BHR-4GRV2
2. Connect power cable to BHR-4GRV2 and turn on it
3. Access to "http://192.168.12.1/" and open firmware update
page ("ファームウェア更新")
4. Select the OpenWrt factory image and click update ("更新実行")
button
5. Wait ~120 seconds to complete flashing

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-08-09 18:44:57 +02:00
Koen Vandeputte
0ef25a7aee kernel: remove linux 4.4 support
No targets are using this one anymore

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-08 09:51:23 +02:00
Daniel Golle
ec78f03de5 image: fix build without ucert
Make sure the Shell-expression returns true also in case of
key-build.ucert being absent.

Fixes commit 848b455d2e ("image: use ucert to append signature")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-08 00:48:53 +02:00
Daniel Golle
848b455d2e image: use ucert to append signature
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 23:20:49 +02:00
Koen Vandeputte
7a254aeeb8 kernel: bump 4.14 to 4.14.61
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-07 12:53:47 +02:00
Koen Vandeputte
f7036a34ac kernel: bump 4.9 to 4.9.118
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-07 12:53:47 +02:00
Jo-Philipp Wich
93ac8b03b0 Revert "netfilter: separate IPv6 relevant kernel modules from IPv4"
This reverts commit 42a3c6465a.

The change was apparently never build-tested with all kmods enabled. I took
a brief look but found no simple way to untangle this, so revert it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-06 19:46:37 +02:00
Rosy Song
42a3c6465a netfilter: separate IPv6 relevant kernel modules from IPv4
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-08-06 12:09:04 +02:00
Jo-Philipp Wich
d3ddf6631e build: remove GNU time dependency
Replace the GNU time program invocation with a simple Perl script reporting
the timing values. Since we require Perl anyway for the build system, we can
as well use that instead of requiring a random GNU utility rarely installed
by default.

Fixes: ff6e62b288 ("build: log time taken by each packages/steps")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-05 00:06:27 +02:00
Koen Vandeputte
f960490fc8 kernel: bump 4.14 to 4.14.60
Refreshed all patches

Removed upstreamed patches:
- 500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-03 16:10:38 +02:00
Koen Vandeputte
4ec4dd2a11 kernel: bump 4.9 to 4.9.117
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-03 16:10:38 +02:00
Chen Minqiang
33bce21bb0 base-files: fix HOME_URL replace
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2018-08-02 07:54:40 +02:00
Koen Vandeputte
fec8fe8069 kernel: bump 4.9 to 4.9.116
Refreshed all patches

Remove upstreamed patches.
- 103-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch
- 403-mtd_fix_cfi_cmdset_0002_status_check.patch
- 001-4.11-01-mtd-m25p80-consider-max-message-size-in-m25p80_read.patch
- 001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
- 001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
- 900-gen_stats-fix-netlink-stats-padding.patch

Introduce a new backported patch to address ext4 breakage, introduced in 4.9.112
- backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

This patch has been slightly altered to compensate for a new helper function
introduced in later kernels.

Also add ARM64_SSBD symbol to ARM64 targets still running kernel 4.9

Compile-tested on: ar71xx, bcm2710
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-01 09:46:59 +02:00
Bjørn Mork
c72f3b5e2b include/feeds.mk: fix distfeeds.conf without per-feed repos
commit 514a4b3e1b ("include/feeds.mk: rework generation of opkg
distfeeds.conf") made the per-feed "base" repo unconditional, making
the default configuration fail when PER_FEED_REPO is disabled:

 root@wrt1900ac-1:~# cat /etc/opkg/distfeeds.conf
 src/gz openwrt_core http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages
 src/gz openwrt_base http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base
 root@wrt1900ac-1:~# opkg update
 Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.gz
 Updated list of available packages in /var/opkg-lists/openwrt_core
 Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.sig
 Signature check passed.
 Downloading http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz
 *** Failed to download the package list from http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz

 Collected errors:
  * opkg_download: Failed to download http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz, wget returned 8.

Cc: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 514a4b3e1b ("include/feeds.mk: rework generation of opkg distfeeds.conf")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
[whitespace/indentation fix]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-31 14:04:45 +02:00
Stijn Tintel
22b9f99b87 kernel: bump 4.14 to 4.14.59
Drop patch that was superseded upstream:
ramips/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch

Drop upstreamed patches:
- apm821xx/020-0001-crypto-crypto4xx-remove-bad-list_del.patch
- apm821xx/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch
- ath79/0011-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch
- brcm63xx/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
- brcm63xx/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
- generic/backport/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch
- generic/pending/170-usb-dwc2-Fix-DMA-alignment-to-start-at-allocated-boun.patch
- generic/pending/900-gen_stats-fix-netlink-stats-padding.patch

In 4.14.55, a patch was introduced that breaks ext4 images in some
cases. The newly introduced patch
backport-4.14/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
addresses this breakage.

Fixes the following CVEs:
- CVE-2018-10876
- CVE-2018-10877
- CVE-2018-10879
- CVE-2018-10880
- CVE-2018-10881
- CVE-2018-10882
- CVE-2018-10883

Compile-tested: ath79, octeon, x86/64
Runtime-tested: ath79, octeon, x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-07-31 05:11:07 +03:00
Julien Dusser
4dfa6b7a30 build: fix ASLR for LTO packages
Fix building packages with LTO when CONFIG_PKG_ASLR_PIE is enabled.

Despite comment of PR lto/80838, it seems that GCC needs -fPIC on linker
command line, even if all objects are -fPIC. This may change as PR
lto/80838 is merged into 8.1

compile-tested: ar71xx, ath79

Fix commits:
6dac92a42e
8c11133c9d
07940acc34
e7397eef69
ef16a394d2
ef96d1e34a
47b42137ce
73fc67b614
154c0c4006
804c51e1e6

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-07-30 14:26:16 +02:00
Daniel Engberg
0aaa650755 include/verbose.mk: Add sc to failure message
Add sc to build error message

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-30 10:43:36 +02:00
Jo-Philipp Wich
991c7a4f69 build: do not override CCACHE_DIR when ccache is disabled
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-24 15:23:05 +02:00
Jo-Philipp Wich
a6f4c7bce8 build: prereq-build.mk: fix gcc/g++ SetupHostCommand invocation
A missing comma caused the first command option to be considered part of
the error message.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-24 13:37:24 +02:00
Jo-Philipp Wich
69ea512c62 build: do not alter global default package selection from profiles
This partly reverts ca32373c95 which lets
profiles that suppress packages to alter the package selection for all
devices of the target when building with CONFIG_TARGET_PER_DEVICE_ROOTFS.

In particular, this caused the brcm47xx Edimax PS-1208MFG profile to
disable mtd, dropbear, firewall and other essential packages for all
brcm47xx/generic builds.

To solve this problem, prevent profiles from mangling the global
DEFAULT_PACKAGES selection and restrict the supression of negated
packages to the local PACKAGE variable list only.

Fixes ca32373c95 ("target.mk: let profile remove from DEFAULT_PACKAGES")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-21 20:52:48 +02:00
Felix Fietkau
7c306ae640 build: fix compile error when a package includes itself in PROVIDES
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-20 10:40:58 +02:00
Matthias Schiffer
b123921a92
include/prereq-build.mk: explicitly check for -f flag when using busybox time
On Debian, busybox does have a time applet, but it does not support the -f
flag. Catch this in prereq check to give users to proper error message.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-14 15:46:35 +02:00
Matthias Schiffer
36fa1bbf6f
include/kernel-build.mk: fix kernel rebuild on backport patch changes
An incorrect variable name was referenced in KERNEL_FILE_DEPENDS, leading
to the omission of the backport-* patch dirs in the generation of the
prepared stamp name.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-14 13:07:34 +02:00
Matthias Schiffer
16035a7dd3
include/feeds.mk: rework generation of opkg distfeeds.conf
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-12 21:18:41 +02:00
Matthias Schiffer
9af22f1ac9
include/feeds.mk: always add available feeds to PACKAGE_SUBDIRS
Setting CONFIG_FEED_... symbols combined two different effects: Disabling
a feed in the generated opkg distfeeds.conf, and omitting the feed from
PACKAGE_SUBDIRS.

It does not make sense to omit built feeds from PACKAGE_SUBDIRS, as it will
only lead to packages that can be enabled in .config (and that will
consequently be built) not to be found during rootfs creation, breaking
the build. All feeds that packages are emitted to should simply always be
added to PACKAGE_SUBDIRS instead; the CONFIG_FEED_... only configure the
generated distfeeds.conf like this.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-12 21:18:41 +02:00
李国
671999157d verbose.mk: quote SUBMAKE options
build openwrt on centos 6 I should use devtoolset-3 to get gcc 4.9, but
it fail when make menuconfig. so I have to give option HOSTCC='gcc
-Wl,--copy-dt-needed-entries' to make. But it passed to sub make to
HOSTCC=gcc as micro SUBMAKE expand to HOSTCC=gcc
-Wl,--copy-dt-needed-entries. This patch fix this issue.

make -C build menuconfig HOSTCC='gcc -Wl,--copy-dt-needed-entries' V='1'
make: Entering directory `/work/openwrt/openwrt/build'
/opt/rh/devtoolset-3/root/usr/libexec/gcc/x86_64-redhat-linux/4.9.2/ld:
lxdialog/checklist.o: undefined reference to symbol 'acs_map'
//lib64/libtinfo.so.5: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make[1]: *** [mconf] Error 1
make -s -C scripts/config all CC=gcc -Wl,--copy-dt-needed-entries: build
failed. Please re-run make with -j1 V=s to see what's going on
make: *** [scripts/config/mconf] Error 1
make: Leaving directory `/work/openwrt/openwrt/build'

Signed-off-by: 李国 <uxgood.org@gmail.com>
2018-07-12 10:24:36 +02:00
Koen Vandeputte
ba2b0f0ac6 kernel: bump 4.14 to 4.14.54
Rereshed all patches

Reworked patches to match upstream:
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-11 16:02:24 +02:00
Yousong Zhou
9009efa18b download.mk: enable DownloadMethod/github_archive
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-07-05 01:30:57 +08:00
Yousong Zhou
04b9f85873 scripts/dl_github_archive.py: rename from download.py
- Make the code more GitHub-specific
 - Requires mirror hash to work with .gitattributes
 - Use different API depending on whether PKG_SOURCE_VERSION is a
   complete commit id or other ref types like tags
 - Fix removing symbolic link
 - pre-clean dir_untar for possible leftovers from previous run

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-07-05 01:30:57 +08:00
Yousong Zhou
e48ea13b3b download.mk: add more comments
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-07-05 01:30:57 +08:00
Koen Vandeputte
d0839e020d kernel: bump 4.14 to 4.14.53
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-04 14:16:37 +02:00
Koen Vandeputte
01ca20cdfd kernel: bump 4.9 to 4.9.111
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-04 14:16:37 +02:00
Kevin Darbyshire-Bryant
89b59994eb build: ASLR hardening use $(FPIC)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-03 14:19:10 +01:00
Felix Fietkau
29b2199eb0 build: fix target metadata scan dependencies
Move SCAN_DEPS to scan.mk to eliminate redundancy with scripts/feeds
Add image/*.mk to SCAN_DEPS for targets to pick up newly added devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-02 14:27:06 +02:00
Felix Fietkau
516d995d6a build: ensure that iwinfo is selected when building for multiple devices
extra_packages needs to be added there, like on profiles and target
packages lists

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-02 14:27:04 +02:00
Koen Vandeputte
f4ac88b509 kernel: bump 4.14 to 4.14.52
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-02 07:04:48 +02:00
Koen Vandeputte
8e622aae58 kernel: bump 4.9 to 4.9.110
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-02 07:04:34 +02:00
Yousong Zhou
e15565a01c download.mk: restore the old dl_method implementation
Seems like the python download.py dl_method call causes serious
performance regression for fresh "make defconfig" as reported in
FS#1621.  GitHub tarball download will also be disabled with this

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-06-29 13:54:17 +08:00
Mathias Kresin
52a9edb1bf base-files: add menuconfig option for HOME_URL
Add a menuconfig option to set the HOME_URL exposed in
/usr/lib/os-release independent from the
LEDE_DEVICE_MANUFACTURER_URL.

Fixes: FS#1123

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-06-27 08:40:34 +02:00
Yousong Zhou
75ab064d2b build: download code from github using archive API
A new python script scripts/download.py is added to fetch tarballs using
GitHub archive API [1], then repack in a reproducible way same as the
current DownloadMethod/git

GitHub imposes a 60 reqs/hour rate limit on unauthenticated API
access[2].  This affects fetching commit date for feeding tar --mtime=
argument.  However, observation indicates that archive download is NOT
subject to this limit at the moment.  In the rare cases where download
fails because of this, we will falback to using DownloadMethod/git

The missing piece in the GitHub API is that it cannot provide in the
tarball dependent submodules's source code.  In that case, the
implementation will also fallback to using DownloadMethod/git

 [1] Get archive link, https://developer.github.com/v3/repos/contents/#get-archive-link
 [2] Rate limiting, https://developer.github.com/v3/#rate-limiting

v2 <- v1:

 - allow passing multiple urls with --urls argument
 - add commit ts cache.  can be helpful on retry

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-06-27 10:51:27 +08:00
Christian Lamparter
82618062cf ipq40xx: add support for the ZyXEL NBG6617
This patch adds support for ZyXEL NBG6617

Hardware highlights:

SOC:    IPQ4018 / QCA Dakota
CPU:    Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:   256 MiB DDR3L-1600/1866 Nanya NT5CC128M16IP-DI @ 537 MHz
NOR:    32 MiB Macronix MX25L25635F
ETH:    Qualcomm Atheros QCA8075 Gigabit Switch (4 x LAN, 1 x WAN)
USB:    1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1:  Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:  Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:  RESET Button, WIFI/Rfkill Togglebutton, WPS Button
LEDS:   Power, WAN, LAN 1-4, WLAN 2.4GHz, WLAN 5GHz, USB, WPS

Serial:
	WARNING: The serial port needs a TTL/RS-232 3.3v level converter!
	The Serial setting is 115200-8-N-1. The 1x4 .1" header comes
	pre-soldered. Pinout:
	  1. 3v3 (Label printed on the PCB), 2. RX, 3. GND, 4. TX

first install / debricking / restore stock:
 0. Have a PC running a tftp-server @ 192.168.1.99/24
 1. connect the PC to any LAN-Ports
 2. put the openwrt...-factory.bin (or V1.00(ABCT.X).bin for stock) file
    into the tftp-server root directory and rename it to just "ras.bin".
 3. power-cycle the router and hold down the the WPS button (for 30sek)
 4. Wait (for a long time - the serial console provides some progress
    reports. The u-boot says it best: "Please be patient".
 5. Once the power LED starts to flashes slowly and the USB + WPS LEDs
    flashes fast at the same time. You have to reboot the device and
    it should then come right up.

Installation via Web-UI:
 0. Connect a PC to the powered-on router. It will assign your PC a
    IP-address via DHCP
 1. Access the Web-UI at 192.168.1.1 (Default Passwort: 1234)
 2. Go to the "Expert Mode"
 3. Under "Maintenance", select "Firmware-Upgrade"
 4. Upload the OpenWRT factory image
 5. Wait for the Device to finish.
    It will reboot into OpenWRT without any additional actions needed.

To open the ZyXEL NBG6617:
 0. remove the four rubber feet glued on the backside
 1. remove the four philips screws and pry open the top cover
    (by applying force between the plastic top housing from the
    backside/lan-port side)

Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:

|   Hit any key to stop autoboot:  3

The user is then dropped to a locked shell.

|NBG6617> HELP
|ATEN    x[,y]     set BootExtension Debug Flag (y=password)
|ATSE    x         show the seed of password generator
|ATSH              dump manufacturer related data in ROM
|ATRT    [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO              boot up whole system
|ATUR    x         upgrade RAS image (filename)
|NBG6617>

In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!

First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.

|NBG6617> ATSE NBG6617
|012345678901

This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):

- tool.sh -
ror32() {
  echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -

|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711

copy and paste the result into the shell to unlock zloader.

|NBG6617> ATEN 1,0046B0017430

If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.

|NBG6617> ATGU
|NBG6617#

Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
2018-06-26 08:57:26 +02:00
Alin Nastac
ab07ae2f27 netfilter: add bpf match support
Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.

Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2018-06-26 08:57:25 +02:00
Kevin Darbyshire-Bryant
094d49cddf kernel: bump 4.14 to 4.14.51
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Refresh patches.

Remove patch that can be reverse applied:
mvebu/patches-4.14/530-ATA-ahci_mvebu-enable-stop_engine-override.patch
mvebu/patches-4.14/531-ATA-ahci_mvebu-pmp-stop-errata-226.patch

Update patch that no longer applied:
ipq806x/patches-4.14/0035-clk-mux-Split-out-register-accessors-for-reuse.patch

Compiled-tested-for: lantiq, ramips
Run-tested-on: lantiq BT hh5a, ramips MIR3g

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Michael Yartys <michael.yartys@protonmail.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2018-06-26 08:57:21 +02:00
Jo-Philipp Wich
333e609703 build: change version.mk defaults to OpenWrt
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 13:45:03 +02:00
Daniel Engberg
c6e02b49f6 octeon: Add and set CPU type Octeon+ as default
The lowest CPU type used by supported Octeon platform
is Octeon+ (EdgeRouter Lite) while EdgeRouter Pro/ER-8 uses
Octeon II which is backwards compatible with Octeon+.

Sources:
https://community.ubnt.com/t5/EdgeRouter/EdgeRouter-Pro-CPU/td-p/654599
https://www.cavium.com/octeon-II-CN68XX.html
"OCTEON II family is fully software compatible with the widely-adopted
OCTEON Plus family"

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-06-20 15:36:02 +02:00
Andy Boyett
591780615b build: add busybox support to time prereq-check
Busybox time supports the GNU time '-f' syntax used by the build time
logging implemented in ff6e62b288, however the prerequisite check added
only works with GNU time installed as `time` or `gtime`.

As busybox is a multicall binary, the name of the symlink setup by
SetupHostCommand also must be changed from `gtime` to `time` to fix the
value of argv[0]. This causes a number of shells (including bash) to use
their builtin impelementation of time, so the sole invocation has been
changed to use `env time` to use the value found on the $PATH.

Signed-off-by: Andy Boyett <agb@agb.io>
2018-06-18 21:27:01 +02:00
Hannu Nyman
dcfe2a461e include/image-commands.mk: shorter version in Netgear factory header
Shorten the version string in Netgear factory image header in order
to enable u-boot TFTP recovery flash mode to work again.

Strip 'r7210-14cb05909a' into 'r7210' in the Netgear image header
by removing the hash (anything after "-").

background:
Some Netgear routers have recently been unable to flash Openwrt
factory image with the TFTP recovery flash mode provided by Netgear
u-boot. That is due to over-long Openwrt version string overflowing
into the router type string in u-boot code. Modern git versions
produce 10-digit short hashes for the Openwrt main repo, and that
causes the version string to be too long in the image header,
breaking the image ID verification by the TFTP flash routine.

(Other option could be to force a shorter hash in scripts/getver.sh,
but as the problem only concerns Netgear routers, let's patch just
them.)

More detailed explanations in FS#1583

Tested with WNDR3800

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-06-18 20:29:37 +02:00
Koen Vandeputte
510f2efab6 kernel: bump 4.14 to 4.14.50
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 15:25:42 +02:00