Christian Lamparter [Sun, 7 Jun 2020 15:22:02 +0000 (17:22 +0200)]
ca-certificates: update to version
20200601
This patch updates the ca-certificates and ca-bundle package.
This version changed the files directory again, to work/, so
PKG_BUILD_DIR was brought back.
A list of changes from Debian's change-log entry for
20200601 [0]:
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.40.
Closes: #956411, #955038
* mozilla/blacklist.txt
Add distrusted Symantec CA list to blacklist for explicit removal.
Closes: #911289
Blacklist expired root certificate, "AddTrust External Root"
Closes: #961907
The following certificate authorities were added (+):
+ "Certigna Root CA"
+ "emSign ECC Root CA - C3"
+ "emSign ECC Root CA - G3"
+ "emSign Root CA - C1"
+ "emSign Root CA - G1"
+ "Entrust Root Certification Authority - G4"
+ "GTS Root R1"
+ "GTS Root R2"
+ "GTS Root R3"
+ "GTS Root R4"
+ "Hongkong Post Root CA 3"
+ "UCA Extended Validation Root"
+ "UCA Global G2 Root"
The following certificate authorities were removed (-):
- "AddTrust External Root"
- "Certinomis - Root CA"
- "Certplus Class 2 Primary CA"
- "Deutsche Telekom Root CA 2"
- "GeoTrust Global CA"
- "GeoTrust Primary Certification Authority"
- "GeoTrust Primary Certification Authority - G2"
- "GeoTrust Primary Certification Authority - G3"
- "GeoTrust Universal CA"
- "thawte Primary Root CA"
- "thawte Primary Root CA - G2"
- "thawte Primary Root CA - G3"
- "VeriSign Class 3 Public Primary Certification Authority - G4"
- "VeriSign Class 3 Public Primary Certification Authority - G5"
- "VeriSign Universal Root Certification Authority"
[0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
f611b014a713d82d7c7da4c171f3aa04a8984063)
Daniel Golle [Tue, 9 Jun 2020 15:44:23 +0000 (16:44 +0100)]
oxnas: build with 8021Q VLAN support
CONFIG_VLAN_8021Q was explicitely disabled in oxnas kernel config.
Don't do that, so VLANs can be used on the target.
Fixes:
dcc34574ef ("oxnas: bring in new oxnas target")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
fd0cc72d9ceba6d4dc315c7f0e52d6513023f669)
Lech Perczak [Fri, 29 May 2020 18:50:05 +0000 (20:50 +0200)]
ath79: add support for TP-Link TL-WR802N V1 and V2
Specification:
- SoC: Qualcomm Atheros QCA9533 (560 MHz, MIPS 24Kc)
- RAM: 32 MiB
- Storage: 4 MiB of Flash on board
- Wireless: Built into QCA9533 (Honey Bee), PHY modes b/g/n
- Ethernet: 1x100M (port0)
Installation through OEM Web Interface:
- Connect to TL-WR802N by Ethernet or Wi-Fi
- Go to web interface:
[V1] http://192.168.0.1
[V2] http://192.168.0.254
Default user is "admin" & password is "admin".
On V2, there is no DHCP server running by default, so remember to set
IP manually.
- Go to "System Tools -> Firmware Upgrade"
- Browse for firmware:
[V1] "*.factory.bin"
[V2] "*.factory-us.bin" or "*.factory-eu.bin" for eu model
Web interface may complain if filename is too long. In such case,
rename .bin to something shorter.
- Click upgrade
Installation through tftp:
Note: T_OUT, T_IN and GND on the board must be connected to USB TTL
Serial Configuration 115200 8n1
- Boot the TL-WR802N
- When "Autobooting in 1 seconds" appears type "tpl" followed by enter
- Connect to the board Ethernet port
(IPADDR: 192.168.1.1, ServerIP: 192.168.1.10)
- tftpboot 0x80000000 <Firmware Image Name>
- Record the result of "printenv bootcmd"
- Enter "erase <Result of 'printenv bootcmd'> +0x3c0000"
(e.g erase 0x9f020000 +0x3c0000)
- Enter "cp.b 0x80000000 <Result of 'printenv bootcmd'> 0x3c0000"
(e.g cp.b 0x80000000 0x9f020000 0x3c0000)
- Enter "bootm <Result of 'printenv bootcmd'>"
(e.g bootm 0x9f020000)
Notes:
When porting from ar71xx target to ath79, I found out that on V2,
reset button is on GPIO12 and active low, instead of GPIO11 and
active high. By cross-flashing V1 firmware to V2, I confirmed
the same is true for V1.
Also according to manual of V1, this one also has green
LED instead of blue - both of those issues were fixed accordingly.
The MAC address assignment has been checked with OEM firmware.
Installation manual based on ar71xx support by Thomas Roberts
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[slightly adjust commit message, add MAC address comment]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
7e513136c63108bf55b38be4d2b65aa00b0d2b26)
Roger Pueyo Centelles [Thu, 28 May 2020 09:44:54 +0000 (11:44 +0200)]
ath79: update WA/XC devices UBNT_VERSION to 8.5.3
Ubiquiti WA devices with newer hw version 2011K require UBNT_VERSION
to be at least 8.5.3, otherwise the image is rejected:
New ver: WA.ar934x.v8.5.0-42.OpenWrt-r10947-
65030d81f3
Versions: New(525568) 8.5.0, Required(525571) 8.5.3
Invalid version 'WA.ar934x.v8.5.0-42.OpenWrt-r10947-
65030d81f3'
For consistency, also increase version number for XC devices.
Tested-by: Pedro <pedrowrt@cas.cat>
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(cherry picked from commit
95caa3436d98dac3709e550765f3f86d11a99782)
Samantha Collard [Sat, 30 May 2020 23:49:51 +0000 (09:49 +1000)]
ipq806x: EA8500 fix boot partition detection
Remove extraneous code that disabled boot partition detection.
Fixes:
b3770eaca39f ("mtd: base-files: Unify dual-firmware devices (Linksys)")
Signed-off-by: Samantha Collard <sammyrc34@gmail.com>
(cherry picked from commit
0f910a8c4c03d92e399dd79dbc5d707eb03b22df)
Adrian Schmutzler [Sun, 31 May 2020 10:46:26 +0000 (12:46 +0200)]
ath79: fix LEDs for GL.inet GL-AR150
Since the wireless LED was used for boot and set up with a DT
trigger, the WiFi indication hasn't worked on ath79 at all.
In addition, a look into the manual revealed that the OEM
configuration is as follows:
LED 1 (green): power
LED 2 (green): configurable
LED 3 (red): wireless
So, let's just keep the WiFi trigger and convert the rest to its
"intended" use.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
705fe43522c756962589b360141d4c398363ce1c)
Lech Perczak [Fri, 29 May 2020 19:56:18 +0000 (21:56 +0200)]
ar71xx: fix reset key for TP-Link TL-WR802N V1/V2
During porting support for this router to ath79 target
it was discovered that GPIO mapping was incorrect (GPIO11 active high).
Correct mapping for both V1 and V2 is GPIO12 active low.
Default configuration from GPL source for V2 explicitly states this, and
this was confirmed experimentally on ath79 by looking on
/sys/kernel/debug/gpio. Correctness of this was also validated for V1 by
cross-flashing vendor firmware for V1 on V2 hardware, in which reset
button also worked.
Fix it.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[slightly adjust commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
f841e706403b1a111cbb6dc5930b7886307bf633)
John Crispin [Mon, 6 Apr 2020 05:04:38 +0000 (07:04 +0200)]
generic: fix flow table hw offload
Make the driver work with recent upstream changes.
Fixes: FS#2632
Ref: https://github.com/openwrt/openwrt/pull/2815
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit
6786dc26a205da55ec2d9771693cdfb99e756e59)
David Bauer [Sat, 30 May 2020 14:24:03 +0000 (16:24 +0200)]
ar71xx: correct button type for TL-MR3020 mode slider
The TP-Link TL-MR3020 has a three-state mode slider which was previously
integrated as a button (EV_KEY). This led to spurious activations of
failsafe mode.
Set the type for the button to switch (EV_SW), to avoid unintended
activations of failsafe mode.
Related: commit
27f3f493de06 ("gpio-button-hotplug: unify polled and
interrupt code")
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
b017a016cc0cd26f84a7e6b8de3dc02dc101e888)
Adrian Schmutzler [Thu, 28 May 2020 16:30:17 +0000 (18:30 +0200)]
ar71xx: fix splitting firmware partition for TL-WR902AC v1
The -O option for the tplink-v1-header was missing for the TP-Link
TL-WR902AC v1, while safeloader and MTDPARTS where set up with a
single firmware partition.
This led to bootloops after using sysupgrade.
Fixes: FS#3118
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
a7b07f8ba880895f0d235a63729dd189cb2410a7)
Jo-Philipp Wich [Fri, 29 May 2020 08:34:58 +0000 (10:34 +0200)]
qos-scripts: fix interface resolving
Also ensure that the error message is actually printed to stderr and that
the rule generation is aborted if an interface cannot be resolved.
Ref: https://github.com/openwrt/luci/issues/3975
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
559b3384666bbc6e4e9e6d86cf54bd88d30b341f)
Jo-Philipp Wich [Thu, 28 May 2020 11:03:02 +0000 (13:03 +0200)]
broadcom-wl: don't inherit lock descriptor in nas process
Add a local hack to prevent the Broadcom WPA authenticator process from
inheriting the lock descriptor 1000 used to prevent concurrent executions
of the init script.
Without this fix, repeated invocations of /etc/init.d/network, e.g. for
obtaining the enabled state, would hang forever.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
a03d6d2fab13c478a0f6cfc3082bec141f2adcf1)
Matthias Schiffer [Sat, 23 May 2020 19:16:44 +0000 (21:16 +0200)]
musl: fix locking synchronization bug
Import proposed upstream fix [2] for the critical locking
synchronization bug recently found in musl [1].
This affects all programs that are temporarily multithreaded, but then
return to single-threaded operation.
[1] https://www.openwall.com/lists/musl/2020/05/22/3
[2] https://www.openwall.com/lists/musl/2020/05/22/10
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
10c211031ccd4703230493025a5a3b9d6fcad2f2)
Jo-Philipp Wich [Tue, 26 May 2020 15:29:09 +0000 (17:29 +0200)]
rpcd: update to latest openwrt-19.07 Git HEAD
67c8a3f uci: reset uci_ptr flags when merging options during section add
970ce1a session: deny access if password login is disabled
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 26 May 2020 15:23:08 +0000 (17:23 +0200)]
Revert "rpcd: update to latest Git HEAD"
This reverts commit
adf5d753eff2385063555da8bd4323e69311752a.
Reverting this commit because it relies on a changed libiwinfo API.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 26 May 2020 14:13:16 +0000 (16:13 +0200)]
rpcd: update to latest Git HEAD
078bb57 uci: reset uci_ptr flags when merging options during section add
3df62bc session: deny access if password login is disabled
efe51f4 iwinfo: add current hw and ht mode to info call
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Felix Fietkau [Tue, 26 May 2020 08:45:06 +0000 (10:45 +0200)]
libubox: update to the latest version
86818eaa976b blob: make blob_parse_untrusted more permissive
cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len
c2fc622b771f blobmsg: fix length in blobmsg_check_array
639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name
66195aee5042 blobmsg: fix missing length checks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
b371182d2450b3c4f15cbe790351d92a2a7b5a67)
Rafał Miłecki [Sun, 24 May 2020 14:30:02 +0000 (16:30 +0200)]
libubox: update to the latest master
5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len()
eeddf22 tests: runqueue: try to fix race on GitLab CI
89fb613 libubox: runqueue: fix use-after-free bug
1db3e7d libubox: runqueue fix comment in header
7c4ef0d tests: list: add test case for list_empty iterator
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
a765b063ee3e1dd6519f6a4a9e4d4f72214b33b8)
Petr Štetiar [Tue, 11 Feb 2020 10:17:41 +0000 (11:17 +0100)]
ramips: gsw_mt7621: disable PORT 5 MAC RX/TX flow control by default
Looking at the current upstream driver implementation, it seems like the
TX/RX flow control is enabled only if the flow control pause option is
resolved from the device/link partner advertisements (or otherwise set).
On the other hand, our current in-tree driver force enables TX/RX
flow control by default, thus possibly leading to TX timeouts if the
other end sends pause frames (which are not properly handled?):
WARNING: CPU: 3 PID: 0 at net/sched/sch_generic.c:320 dev_watchdog+0x1ac/0x324
NETDEV WATCHDOG: eth0 (mtk_soc_eth): transmit queue 0 timed out
Disabling the flow control on PORT 5 MAC seems to fix this issues as the
pause frames are then filtered out. While at it, I'm removing the if
condition completely as suggested, since this code is run only on mt7621
SoC, so there is no need to check for the silicon revisions.
Ref: https://lists.openwrt.org/pipermail/openwrt-devel/2017-November/009882.html
Ref: https://forum.openwrt.org/t/mtk-soc-eth-watchdog-timeout-after-r11573/50000/12
Suggested-by: Felix Fietkau <nbd@nbd.name>
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
c8f8e59816eca49d776562d2d302bf990a87faf0)
Daniel Golle [Sat, 16 May 2020 21:23:41 +0000 (23:23 +0200)]
hostapd: backport wolfssl bignum fixes
crypto_bignum_rand() use needless time-consuming filtering
which resulted in SAE no longer connecting within time limits.
Import fixes from hostap upstream to fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
631c437a91c20df678b25dcc34fe23636116a35a)
Matthias Schiffer [Sun, 24 May 2020 15:01:36 +0000 (17:01 +0200)]
ucert: update to latest git HEAD
00b921d80ac0 Do not print line number in debug messages
96c42c5ed320 Fix length checks in cert_load()
fe06b4b836b3 usign-exec: improve usign -F output handling
19f9e1917e1b usign-exec: return code fixes
077feb5b5824 usign-exec: close writing end of pipe early in parent process
7ec4bb764e1e usign-exec: remove redundant return statements
5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17]
112488bbbccc usign-exec: do not close stdin and stderr before exec
38dcb1a6f121 usign-exec: fix exec error handling
a9be4fb17df2 usign-exec: simplify usign execv calls
854d93e2326a Introduce read_file() helper, improve error reporting
afc86f352bf7 Fix return code of write_file()
fdff10852326 stdout/stderr improvements
dddb2aa8124d ci: fix unit test failures by enabling full ucert build
5f206bcfe5c2 ci: enable unit testing
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Jo-Philipp Wich [Sat, 16 Nov 2019 20:23:42 +0000 (21:23 +0100)]
brcm47xx: disable Netgear WNR2000 v2 by default
Disable the Netgear WNR2000 v2 image by default as the device has
insufficient flash space for release build images.
Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/72
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
[drop change on netgear-wnr3500l-v1-na]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Hauke Mehrtens [Sun, 24 May 2020 10:23:31 +0000 (12:23 +0200)]
squashfs: Fix compile with GCC 10
Fixes the following build error with GCC 10:
/usr/bin/ld: read_fs.o:(.bss+0x0): multiple definition of `swap'; mksquashfs.o:(.bss+0x1b2a88): first defined here
And a compile warning.
Fixes: FS#3104, FS#3119
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
1bbc1aa884902fd05cc579b53d68b2ba0b18683f)
Matthias Schiffer [Sat, 23 May 2020 11:38:12 +0000 (13:38 +0200)]
usign: update to latest git HEAD
f1f65026a941 Always pad fingerprints to 16 characters
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
e35e40ad824eab9d51cdd690fb747e576e01412f)
Hauke Mehrtens [Fri, 20 Sep 2019 23:05:42 +0000 (01:05 +0200)]
usign: update to latest Git HEAD
f34a383 main: fix some resource leaks
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
81e93fff7d867851f2fedd966a931336d4092686)
Adrian Schmutzler [Wed, 15 Apr 2020 12:01:34 +0000 (14:01 +0200)]
ath79: add support for TP-Link TL-WA901ND v4 and v5
This ports support for the TL-WA901ND v4 and v5 from ar71xx to ath79.
They are similar to the TP9343-based TL-WR940N v3/v4 and TL-WR941ND v6.
Specifications:
SoC: TP9343
Flash/RAM: 4/32 MiB
CPU: 750 MHz
WiFi: 2.4 GHz b/g/n
Ethernet: 1 port (100M)
Flashing instructions:
Upload the factory image via the vendor firmware upgrade option.
Flash instruction (TFTP):
1. Set PC to fixed ip address 192.168.0.66
2. Download *-factory.bin image and rename it to * (see below)
3. Start a tftp server with the image file in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
* The image name for TFTP recovery is wa901ndv4_tp_recovery.bin for
both variants.
In ar71xx, a MAC address with offset 1 was used for ethernet port.
That's probably wrong, but this commit sticks to it until we know
the correct value.
Like in ar71xx, this builds the default factory.bin with EU country
code.
Thanks to Leonardo Weiss for testing on the v5.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(backported from commit
4a61a88f9006f70444e00699f76551c75f73c14e)
Adrian Schmutzler [Fri, 14 Feb 2020 14:38:55 +0000 (15:38 +0100)]
ath79: add support for TP-Link TL-WA701ND/730RE/801ND/901ND v1
This adds support for the various clones of the TL-WA830RE recently
supported in
fb99ac6807f2 ("ath79: add support for TP-Link TL-WA830RE v1"):
- tplink,tl-wa701nd-v1
- tplink,tl-wa730re-v1
- tplink,tl-wa801nd-v1
- tplink,tl-wa830re-v1 (already supported)
- tplink,tl-wa901nd-v1
Since these devices are 100%-clones in ar71xx, this patch adds all
of them without run-testing (as this has been done for TL-WA830RE v1).
Specifications:
- SOC: Atheros AR7240
- CPU: 400MHz
- Flash: 4 MiB (Spansion S25FL032P)
- RAM: 32 MiB (Zentel A3S56D40FTP-G5)
- WLAN: Atheros AR9280 bgn 2x2
- Ethernet: 1 port (100M)
Flash instructions:
- install from u-boot with tftp (requires serial access)
> setenv ipaddr a.b.c.d
> setenv serverip e.f.g.h
> tftpboot 0x80000000 \
openwrt-ath79-tiny-tplink_tl-waxxxxx-v1-squashfs-factory.bin
> erase 0x9f020000 +0x3c0000
> cp.b 0x80000000 0x9f020000 0x3c0000
> bootm 0x9f020000
- flash factory image from OEM WebUI
- sysupgrade from ar71xx image
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(backported from commit
2f1cc5c3d5e35d6aa76e794e3d5b4f5856cd38bc)
Adrian Schmutzler [Mon, 5 Aug 2019 15:51:16 +0000 (17:51 +0200)]
ath79: add support for TP-Link TL-WR940N v6
The TL-WR940N v6 is similar to v3/v4, it just has different
LEDs and MAC address assignment.
Specification:
- 750 MHz CPU
- 32 MB of RAM
- 4 MB of FLASH
- 2.4 GHz WiFi
- 4x 10/100 Mbps Ethernet
The use of LEDs is based on ar71xx, so blue LED is used for WAN
and orange LED for diag (boot/failsafe/etc.).
Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.
Flash instruction (TFTP):
1. Set PC to fixed ip address 192.168.0.66
2. Download *-factory.bin image and rename it to
wr940nv6_tp_recovery.bin
3. Start a tftp server with the image file in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
Thanks to Manuel Kock for reviewing and testing this patch.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Manuel Kock <github.web@manu.li>
(backported from commit
fbd00bb8d406a0ace7ea9c49a79cbad2418689a5)
Christian Buschau [Wed, 5 Feb 2020 21:05:39 +0000 (22:05 +0100)]
ath79: add support for TP-Link TL-WA830RE v1
This ports support for the TL-WA830RE v1 range extender from ar71xx to
ath79.
Specifications:
- SOC: Atheros AR7240
- CPU: 400MHz
- Flash: 4 MiB (Spansion S25FL032P)
- RAM: 32 MiB (Zentel A3S56D40FTP-G5)
- WLAN: Atheros AR9280 bgn 2x2
- Ethernet: 1 port (100M)
Flash instructions:
- install from u-boot with tftp (requires serial access)
> setenv ipaddr a.b.c.d
> setenv serverip e.f.g.h
> tftpboot 0x80000000 \
openwrt-ath79-tiny-tplink_tl-wa830re-v1-squashfs-factory.bin
> erase 0x9f020000 +0x3c0000
> cp.b 0x80000000 0x9f020000 0x3c0000
> bootm 0x9f020000
- flash factory image from OEM WebUI
- sysupgrade from ar71xx image
The device seems to be a clone of the following devices not yet
added to ath79:
- tl-wa701nd-v1
- tl-wa730re-v1
- tl-wa801nd-v1
- tl-wa901nd-v1
Signed-off-by: Christian Buschau <christian.buschau@mailbox.org>
[make use of ar7240_tplink.dtsi, add note about clones]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
fb99ac6807f29eb5fe50271eff711e7415038731)
Adrian Schmutzler [Tue, 11 Feb 2020 00:31:05 +0000 (01:31 +0100)]
ath79: reorganize DTSI for ar7240 TP-Link devices
The current set of TP-Link devices with ar7240 SoC all share
the same DTSI file. As the latter is very similar to the
definition required for the to-be-supported TP-Link TL-WA devices
with ar7240, this patch splits the definitions into a shared part
for all TP-Link devices (ar7240_tplink.dtsi) and a file containing
the specific setup for the present TL-WR devices
(ar7240_tplink_tl-wr.dtsi), equivalent to the former
ar7240_tplink_tl-wr74xn-v1.dtsi.
While at it, remove unused firmware partition label and rename
pinmux_switch_led_pins.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
273e00c4a506c076dddfc51c3c00d4523496f5f4)
Lim Guo Wei [Mon, 12 Aug 2019 07:54:11 +0000 (15:54 +0800)]
ath79: migrate TP-Link TL-MR3420v2 to ath79
Specifications:
- SoC: ar9341
- RAM: 32M
- Flash: 4M
- Ethernet: 5x FE ports
- WiFi: ar9341-wmac
Flash instruction:
Upload generated factory firmware on vendor's web interface.
This changes the key assignment compared to ar71xx support of this
device, since of the two keys on the device one is used as combined
Reset/WPS and the second one as WiFi on/off button.
Despite, the reset button required GPIO_ACTIVE_HIGH to work correctly.
Signed-off-by: Lim Guo Wei <limguowei@gmail.com>
[redo commit message]
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(backported from commit
e7ab1b517397fdf6613f4682b7a752649841f7cd)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Wed, 24 Jul 2019 14:49:08 +0000 (16:49 +0200)]
ath79: add support for TP9343-based TP-Link TL-WR94x devices
This adds support for several TP-Link devices based on TP9343
("a QCA9561 without PCIe and USB"):
- TL-WR940N v3
- TL-WR940N v4
- TL-WR941ND v6
The devices are only different concerning LEDs and MAC address
assignment.
All TL-WR940 are with non-detachable antennas (N), all
TL-WR941 devices are with detachable antennas (ND).
Specification:
- 750 MHz CPU
- 32 MB of RAM
- 4 MB of FLASH
- 2.4 GHz WiFi
- 4x 10/100 Mbps Ethernet
Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.
Flash instruction (TFTP):
1. Set PC to fixed ip address 192.168.0.66
2. Download *-factory.bin image and rename it to * (see below)
3. Start a tftp server with the image file in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
* TFTP image names:
940 v3: wr941ndv6_tp_recovery.bin
940 v4: wr940nv4_tp_recovery.bin
941 v6: wr941ndv6_tp_recovery.bin
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(backported picked from commit
c02b9818a51ab189be11218e626e9cad2c21ec94)
Thibaut VARÈNE [Mon, 18 May 2020 11:07:12 +0000 (13:07 +0200)]
generic: platform/mikrotik: disambiguate SPDX-License-Identifier
I meant it to be GPL-2.0-only, as evidenced by the boilerplate.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit
6934b20912d308854b7adf63a7098d38bf67d153)
Adrian Schmutzler [Thu, 14 May 2020 14:00:14 +0000 (16:00 +0200)]
ramips: drop non-existant ralink,port-map for Ravpower WD03
The property "ralink,port-map" has been obsolete long before
this device was added, and the device is a one-port anyway.
Just remove it.
Fixes:
5ef79af4f80f ("ramips: add support for Ravpower WD03")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
c00b2df6c8e421ea7aa96f53178dc85db99f2305)
Álvaro Fernández Rojas [Mon, 18 May 2020 07:23:50 +0000 (09:23 +0200)]
bcm63xx: mask interrupts on init
Fixes BCM6348/BCM6358 hangs while booting:
https://bugs.openwrt.org/index.php?do=details&task_id=2202
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit
13c33f3f121ca6fe2ab1f80e04cf2d4f2cd6abec)
Daniel Gonzalez Cabanelas [Mon, 18 May 2020 07:20:03 +0000 (09:20 +0200)]
bcm63xx: periph_intc: report effective affinity
The bcm6345-periph-intc driver only targets a single CPU at a time, even
if the notional affinity is wider. Let's inform the core code about this.
This patch gets rid of the kernel message:
"genirq: irq_chip bcm6345-periph-intc did not update eff. affinity mask
of irq 52"
Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit
e04ff3c7cc52c23f5b40730ee426710e22940d68)
Álvaro Fernández Rojas [Mon, 18 May 2020 07:19:06 +0000 (09:19 +0200)]
bcm63xx: ext_intc: fix warning
In file included from ./arch/mips/include/asm/io.h:34,
from ./arch/mips/include/asm/mmiowb.h:5,
from ./include/linux/spinlock.h:60,
from ./include/linux/irq.h:14,
from drivers/irqchip/irq-bcm6345-ext.c:10:
drivers/irqchip/irq-bcm6345-ext.c: In function 'bcm6345_ext_intc_of_init':
./arch/mips/include/asm/mach-bcm63xx/ioremap.h:48:9: warning: 'base' may be used uninitialized in this function [-Wmaybe-uninitialized]
return is_bcm63xx_internal_registers((unsigned long)addr);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/irqchip/irq-bcm6345-ext.c:255:16: note: 'base' was declared here
void __iomem *base;
^~~~
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit
29c3bb5f413f0962971c66e6516b8409a78e0135)
Álvaro Fernández Rojas [Mon, 18 May 2020 07:16:02 +0000 (09:16 +0200)]
bcm63xx: periph_intc: fix warning
drivers/irqchip/irq-bcm6345-periph.c: In function 'bcm6345_periph_irq_handle':
drivers/irqchip/irq-bcm6345-periph.c:55:21: warning: 'block' may be used uninitialized in this function [-Wmaybe-uninitialized]
struct intc_block *block;
^~~~~
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit
f2f2cf07a61e9c170ab8d65e1e054f0131a84e2a)
Álvaro Fernández Rojas [Mon, 18 May 2020 07:12:30 +0000 (09:12 +0200)]
bcm63xx: redboot: fix warning
drivers/mtd/parsers/redboot.c: In function 'parse_redboot_partitions':
drivers/mtd/parsers/redboot.c:194:59: warning: suggest parentheses around '-' in operand of '&' [-Wparentheses]
fis_origin = (buf[i].flash_base & (master->size << 1) - 1);
~~~~~~~~~~~~~~~~~~~~^~~
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit
f314cbe54be4d90e748e18ae5e9fb00d5fd31c91)
Álvaro Fernández Rojas [Mon, 18 May 2020 07:10:16 +0000 (09:10 +0200)]
bcm63xx: bcm6362: fix pinctrl bug
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit
ee6bf7e865510ff1e0645b08bec65f8212ed70d4)
Álvaro Fernández Rojas [Mon, 18 May 2020 06:57:36 +0000 (08:57 +0200)]
bcm63xx: refresh kernel config
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Hauke Mehrtens [Sat, 16 May 2020 18:40:11 +0000 (20:40 +0200)]
OpenWrt v19.07.3: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 16 May 2020 18:39:58 +0000 (20:39 +0200)]
OpenWrt v19.07.3: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Thibaut VARÈNE [Sat, 16 May 2020 15:12:06 +0000 (17:12 +0200)]
generic: platform/mikrotik: fix LZOR support
31e99fe3da which introduced this code was unfortunately untested.
This commit fixes a number of issues and works around the fact that in
this particular scheme, the LZO payload may be padded at the end which
will trigger a harmless lzo decompression error.
This commit also disambiguates the debug printks.
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Fixes:
31e99fe3da ("generic: platform/mikrotik: support LZOR encoding")
(cherry picked from commit
2ea481193c1654c9cb42aa0331cdbc4570783e26)
Robert Marko [Tue, 12 May 2020 20:18:33 +0000 (22:18 +0200)]
libjson-c: backport security fixes
This backports upstream fixes for the out of bounds write vulnerability in json-c.
It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592
Addresses CVE-2020-12762
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
[bump PKG_RELEASE, rebase patches on top of json-c 0.12]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit
bc0288b76816578f5aeccb2abd679f82bfc5738e)
Adrian Schmutzler [Wed, 26 Feb 2020 17:24:55 +0000 (18:24 +0100)]
ar71xx: remove hard-coded folder name from Mikrotik RB upgrade
So far, specifying "BOARD_NAME := routerboard" is required by the
upgrade code of Mikrotik NAND devices, as "sysupgrade-routerboard"
is hardcoded in platform_do_upgrade_mikrotik_rb().
This patch replaces the latter with a grep for the name like it
is already done in nand_upgrade_tar() in /lib/upgrade/nand.sh.
This should enable upgrades from ar71xx to ath79 without setting
BOARD_NAME for the latter.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(backported from commit
281785d74fcc70153c0741be36ee1f9d05e74f6f)
Daniel Golle [Tue, 12 May 2020 09:48:50 +0000 (10:48 +0100)]
fstools: blockd: fix segfault triggered by non-autofs mounts
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
at fstools-2020-05-06-
eec16e2f/block.c:1193
1193: if (!m->autofs && (mp = find_mount_point(pr->dev))) {
Fixes:
3b9e4d6d4c4f ("fstools: update to the latest version")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
b181294b02499e41b6b6fa24163f59c9ee4988ed)
Thibaut VARÈNE [Fri, 8 May 2020 11:46:42 +0000 (13:46 +0200)]
ar71xx: mikrotik: mach-rbspi.c remove wlan id
Following on the previous commit, this patch removes useless id argument
from rbspi_wlan_init().
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Thibaut VARÈNE [Fri, 8 May 2020 11:39:10 +0000 (13:39 +0200)]
ar71xx: mikrotik: bypass id check in __rb_get_wlan_data()
The id parameter in __rb_get_wlan_data() was incorrectly used on the
assumption that id "0" would always be tied to ath9k with RLE encoding
and positive id (in fact, only id "1" was valid) would always be tied to
("external") ath10k with LZO encoding.
Newer hardware revisions of supported devices prove this assumption to
be invalid, with ath9k caldata being now wrapped in MAGIC_ERD and LZO
compressed, so disable this check to allow newer hardware to correctly
decode caldata for ath9k. Since ath10k caldata is no longer pulled from
this implementation, this commit also disables the publication in sysfs
to avoid wasting memory.
Note: this patch assumes that ath9k caldata is never stored with the new
"LZOR" encoding scheme found on some ath10k devices.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Thibaut VARÈNE [Fri, 8 May 2020 11:31:06 +0000 (13:31 +0200)]
ar71xx: mikrotik: ath10k: use new sysfs driver
Fetch ath10k calibration data from backported mikrotik sysfs driver
which supports the newer "LZOR" encoding.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Thibaut VARÈNE [Fri, 27 Mar 2020 13:33:48 +0000 (14:33 +0100)]
generic: platform/mikrotik: support LZOR encoding
Some newer MikroTik RouterBOARD devices use a new encoding scheme
for their WLAN calibration data. This patch provides support for
decoding this new scheme.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Thibaut VARÈNE [Wed, 25 Mar 2020 10:45:51 +0000 (11:45 +0100)]
ar71xx: enable mikrotik platform driver
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Thibaut VARÈNE [Fri, 8 May 2020 11:27:48 +0000 (13:27 +0200)]
generic: mikrotik platform build bits
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Thibaut VARÈNE [Sun, 22 Mar 2020 20:46:42 +0000 (21:46 +0100)]
generic: routerboot sysfs platform driver
This driver exposes the data encoded in the "hard_config" flash segment
of MikroTik RouterBOARDs devices. It presents the data in a sysfs folder
named "hard_config". The WLAN calibration data is available on demand via
the 'wlan_data' sysfs file in that folder.
This driver permanently allocates a chunk of RAM as large as the
"hard_config" MTD partition (typically 4KB), although it is technically
possible to operate entirely from the MTD device without using a local
buffer (except when requesting WLAN calibration data), at the cost of a
performance penalty.
This driver does not reuse any of the existing code previously found in
routerboot.c.
This driver has been successfully tested on BE (ath79) and LE (ipq40xx
and ramips) hardware.
Tested-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Tested-by: Baptiste Jonglez <git@bitsofnetworks.org>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
Tested-by: Christopher Hill <ch6574@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Koen Vandeputte [Mon, 11 May 2020 10:08:05 +0000 (12:08 +0200)]
kernel: bump 4.14 to 4.14.180
Refreshed all patches.
Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Lech Perczak [Thu, 7 May 2020 22:41:36 +0000 (00:41 +0200)]
ath79: dts: add missing 'serial0' alias for TP-Link TL-MR3040v2
Out of all devices currently supported based on AR9331 chipset,
this one had the 'serial0' alias missing. Add it to fix setting of
/dev/console and login shell on the onboard UART.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit
94f344997769a9a18e2d73574d9d17785828955d)
Hauke Mehrtens [Fri, 8 May 2020 18:35:13 +0000 (20:35 +0200)]
opkg: Fix PKG_MIRROR_HASH
Fixes:
c61fbdd0879b ("odhcpd: fix PKG_SOURCE_DATE")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
DENG Qingfang [Mon, 20 Jan 2020 17:06:22 +0000 (01:06 +0800)]
ath10k-firmware: fix mirror hash
Fix PKG_MIRROR_HASH hash mismatch.
Fixes:
641a93f0f226 ("ath10k-firmware: update wave 1 firmware to 10.2.4-1.0-00047")
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
2d758129ca000620ab07f78e774464a96e8f212d)
Jo-Philipp Wich [Thu, 7 May 2020 20:47:47 +0000 (22:47 +0200)]
opkg: update to latest Git HEAD
f2166a8 libopkg: implement lightweight package listing logic
cf4554d libopkg: support passing callbacks to feed parsing functions
2a0210f opkg-cl: don't read feeds on opkg update
b6f1967 libopkg: use xsystem() to spawn opkg-key
60b9af2 file_util.c: refactor and fix checksum_hex2bin()
206ebae file_util.c: fix possible bad memory access in file_read_line_alloc()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
79da9d78b98e1cd4574a37e2c4c5f8315b91563d)
Jason A. Donenfeld [Wed, 6 May 2020 22:22:46 +0000 (16:22 -0600)]
wireguard: bump to 1.0.
20200506
* compat: timeconst.h is a generated artifact
Before we were trying to check for timeconst.h by looking in the kernel
source directory. This isn't quite correct on configurations in which
the object directory is separate from the kernel source directory, for
example when using O="elsewhere" as a make option when building the
kernel. The correct fix is to use $(CURDIR), which should point to
where we want.
* compat: use bash instead of bc for HZ-->USEC calculation
This should make packaging somewhat easier, as bash is generally already
available (at least for dkms), whereas bc isn't provided by distros by
default in their build meta packages.
* socket: remove errant restriction on looping to self
It's already possible to create two different interfaces and loop
packets between them. This has always been possible with tunnels in the
kernel, and isn't specific to wireguard. Therefore, the networking stack
already needs to deal with that. At the very least, the packet winds up
exceeding the MTU and is discarded at that point. So, since this is
already something that happens, there's no need to forbid the not very
exceptional case of routing a packet back to the same interface; this
loop is no different than others, and we shouldn't special case it, but
rather rely on generic handling of loops in general. This also makes it
easier to do interesting things with wireguard such as onion routing.
At the same time, we add a selftest for this, ensuring that both onion
routing works and infinite routing loops do not crash the kernel. We
also add a test case for wireguard interfaces nesting packets and
sending traffic between each other, as well as the loop in this case
too. We make sure to send some throughput-heavy traffic for this use
case, to stress out any possible recursion issues with the locks around
workqueues.
* send: cond_resched() when processing tx ringbuffers
Users with pathological hardware reported CPU stalls on CONFIG_
PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning
these workers would never terminate. That turned out not to be okay on
systems without forced preemption. This commit adds a cond_resched() to
the bottom of each loop iteration, so that these workers don't hog the
core. We don't do this on encryption/decryption because the compat
module here uses simd_relax, which already includes a call to schedule
in preempt_enable.
* selftests: initalize ipv6 members to NULL to squelch clang warning
This fixes a worthless warning from clang.
* send/receive: use explicit unlikely branch instead of implicit coalescing
Some code readibility cleanups.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit
4f6343ffe7fe8f7018f904b153dea9fc6038daf4)
Jason A. Donenfeld [Fri, 27 Dec 2019 14:41:12 +0000 (15:41 +0100)]
wireguard: bump to
20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit
ea980fb9c6de24350976dcc6c20da2bed5fc8cb8)
Hans Dedecker [Thu, 7 May 2020 05:59:40 +0000 (07:59 +0200)]
odhcpd: fix PKG_SOURCE_DATE
Fixes:
5e8b50da15 (odhcpd : fix lan host reachibility due to identical RIO and PIO prefixes (FS#3056))
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 6 May 2020 19:20:09 +0000 (21:20 +0200)]
odhcpd: fix lan host reachibility due to identical RIO and PIO prefixes (FS#3056)
49e4949 router: fix Lan host reachibility due to identical RIO and PIO prefixes (FS#3056)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Jo-Philipp Wich [Wed, 6 May 2020 17:46:48 +0000 (19:46 +0200)]
ustream-ssl: update to 19.07 Git HEAD
40b563b ustream-openssl: clear error stack before SSL_read/SSL_write
30cebb4 ustream-ssl: mbedtls: fix ssl client verification
77de09f ustream-ssl: mbedtls: fix net_sockets.h include warning
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 6 May 2020 17:42:11 +0000 (19:42 +0200)]
uhttpd: update to 19.07 Git HEAD
975dce2 client: allow keep-alive for POST requests
d062f85 file: poke ustream after starting deferred program
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rafał Miłecki [Wed, 6 May 2020 15:49:59 +0000 (17:49 +0200)]
fstools: update to the latest version
eec16e2 blockd: add optional "device" parameter to "info" ubus method
9ab936d block(d): always call hotplug.d "mount" scripts from blockd
4963db4 blockd: use uloop_process for calling /sbin/hotplug-call mount
cddd902 Truncate FAT filesystem label until 1st occurance of a blank (0x20)
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
c3a43753b984657d1b65c666f776856cdf3af61d)
Chuanhong Guo [Tue, 5 May 2020 09:37:02 +0000 (17:37 +0800)]
generic: ar8216: fix unknown packet flooding for ar8229/ar8236
ar8229 and ar8236 don't allow unknown unicast/multicast frames and
broadcast frames to be flooded to cpu port. This isn't desired behavior
for swconfig as we treat it as a standalone switch.
Current code doesn't enable unicast frame flooding for ar8229 and uses
wrong setup for ar8236. This commit fixes both of them by enabling port
0 flooding for all unknown frames.
Fixes: FS#2848
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit
47f17b066259589b4a7b4181522321abf0660e18)
Jo-Philipp Wich [Tue, 5 May 2020 22:47:55 +0000 (00:47 +0200)]
libpcap: fix library packaging issues
Workaround a bug in patches/100-debian_shared_lib.patch - it attemptss to
extract the library major version from debian/changelog which does not exist
in the vanilla upstream tarball.
Create a fake changelog file for now to satisfy the version extraction
routine until we get around to properly augment the patch.
Fixes: FS#2970
Fixes:
96ee7c8bfd ("libpcap: Update shared-lib patch from Debian to fix linking problems")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Petr Štetiar [Tue, 5 May 2020 20:08:01 +0000 (22:08 +0200)]
kernel: bump 4.14 to 4.14.179
Runtime-tested on: qemu-x86-64
Compile-tested on: x86/64
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Rafał Miłecki [Tue, 5 May 2020 07:14:40 +0000 (09:14 +0200)]
fstools: update to the latest version
8b9e601 block: always use st_dev (device ID) of / when looking for root
37c9148 block: simplify check_extroot() a bit
d70774d block: add some basic extroot documentation
32db27d Revert "block: support hierarchical mount/umount"
0b93429 Revert "block: mount_action: handle mount/umount deps"
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
9295ce70069fee39f2a6b5cf961d8514406a64a7)
Felix Fietkau [Thu, 9 Apr 2020 12:25:51 +0000 (14:25 +0200)]
fstools: update to the latest version
84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
b7d6e80feea21aac80d5bd25dc3a0dd5b148fec9)
Hauke Mehrtens [Mon, 4 May 2020 20:39:52 +0000 (22:39 +0200)]
mac80211: Update to version 4.19.120
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Paul Spooren [Mon, 6 Apr 2020 11:53:19 +0000 (01:53 -1000)]
scripts/download: add sources CDN as first mirror
OpenWrt now has a CDN for sources at sources.cdn.openwrt.org which
mirrors sources.openwrt.org.
Downloading sources outside Europe or US (mainland) could
result in low throughput, extremely slowing down the first compilation of
the build system.
This patch adds sources.cdn.openwrt.org as the first mirror to offer
worldwide fast download speeds by default. If the CDN goes down for
whatever reason, the script jumps to the next available mirror and
downloads requested files as before (in regional varying speed).
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
c737a9ee6a9c47b6e553ac81bf293b1161e59799)
Hauke Mehrtens [Sat, 18 Apr 2020 15:42:02 +0000 (17:42 +0200)]
upgs: Remove extra _DEFAULT_SOURCE definition
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-
cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
#define _DEFAULT_SOURCE
<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
70a962ca6f13e82d8d67f5c8ee65064a41f66a9c)
Hauke Mehrtens [Sat, 18 Apr 2020 15:50:03 +0000 (17:50 +0200)]
dante: Fix compile with glibc
When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.
This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1
Fixes:
aaf46a8fe23e ("dante: disable sched_getscheduler() - not implemented in musl")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
ce1798e915181e6c1f3ba735b254b37b84261303)
Yangbo Lu [Tue, 14 Apr 2020 07:24:50 +0000 (15:24 +0800)]
perf: build with NO_LIBCAP=1
Build with NO_LIBCAP=1. This is to resolve build issue.
Package perf is missing dependencies for the following libraries:
libcap.so.2
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
(cherry picked from commit
80f128d2aa7586ce068bbc24badc46ffab2edd4a)
Linus Lüssing [Wed, 5 Feb 2020 19:10:43 +0000 (20:10 +0100)]
mac80211: ath10k: increase rx buffer size to 2048
Before, only frames with a maximum size of 1528 bytes could be
transmitted between two 802.11s nodes.
For batman-adv for instance, which adds its own header to each frame,
we typically need an MTU of at least 1532 bytes to be able to transmit
without fragmentation.
This patch now increases the maxmimum frame size from 1528 to 1656
bytes.
Tested with two ath10k devices in 802.11s mode, as well as with
batman-adv on top of 802.11s with forwarding disabled.
Fix originally found and developed by Ben Greear.
Link: https://github.com/greearb/ath10k-ct/issues/89
Link: https://github.com/greearb/ath10k-ct/commit/9e5ab25027e0971fa24ccf93373324c08c4e992d
Cc: Ben Greear <greearb@candelatech.com>
Signed-off-by: Linus Lüssing <ll@simonwunderlich.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit
066ec97167e49b5c037b04dc4ec76c4cad5b75e2)
Matt Merhar [Sun, 19 Apr 2020 21:12:03 +0000 (17:12 -0400)]
kernel: backport fix for non-regular inodes on f2fs
Upstream commit
dda9f4b9ca ("f2fs: fix to skip verifying block address
for non-regular inode").
On 4.14, attempting to perform operations on a non-regular inode
residing on an f2fs filesystem, such rm-ing a device node, would fail
and lead to a warning / call trace in dmesg. This fix was already
applied to other kernels upstream - including 4.19, from which the patch
was taken.
More info at https://bugzilla.kernel.org/show_bug.cgi?id=202495.
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry picked from commit
ee500186a5617dfe80f4b762fd6bd0c38af93d49)
Adrian Schmutzler [Mon, 27 Apr 2020 21:26:18 +0000 (23:26 +0200)]
ath79: indicate boot/failsafe/upgrade for NanoBeam/Nanostation AC
Like for Ubiquiti PowerBeam 5AC Gen2, the highest RSSI LED can
be exploited to indicate boot/failsafe/upgrade for the NanoBeam AC
and Nanostation AC as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
80a094aaf3247059846e7d857c236b4fa9e497c7)
Adrian Schmutzler [Tue, 28 Apr 2020 18:28:06 +0000 (20:28 +0200)]
ath79: add SUPPORTED_DEVICES based on ar71xx for some devices
This adds some still-missing board names for old TP-Link devices
to ath79 SUPPORTED_DEVICES.
Fixes: FS#3017
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
522f6b7eee479768dd7851e83c4530c3329b9f53)
Petr Štetiar [Mon, 4 May 2020 12:53:34 +0000 (14:53 +0200)]
kernel: bump 4.14 to 4.14.178
Refreshed all patches and removed upstreamed:
oxnas/001-irqchip-versatile-fpga-Handle-chained-IRQs-properly.patch
oxnas/002-irqchip-versatile-fpga-Apply-clear-mask-earlier.patch
Fixes: CVE-2020-12114 and CVE-2020-11669
Runtime-tested on: qemu-x86-64
Compile-tested on: ath79/generic, x86/64, imx6
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Antonio Quartulli [Tue, 28 Apr 2020 10:06:58 +0000 (12:06 +0200)]
wpad-wolfssl: fix crypto_bignum_sub()
Backport patch from hostapd.git master that fixes copy/paste error in
crypto_bignum_sub() in crypto_wolfssl.c.
This missing fix was discovered while testing SAE over a mesh interface.
With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with
wpad-mesh-wolfssl.
Cc: Sean Parkinson <sean@wolfssl.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
4b3b8ec81cd1965d0bd548fa31db491295b83354)
Felix Fietkau [Sat, 18 Jan 2020 17:41:08 +0000 (18:41 +0100)]
mac80211: backport fix for an no-ack tx status issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Tested-by: Jérôme Benoit <jerome.benoit@piment-noir.org> [WRT1900AC v1]
[added missing package version bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
e0ab33ea496f371a0683b18d5555d651f8df1f5e)
Felix Fietkau [Tue, 28 Jan 2020 13:12:08 +0000 (14:12 +0100)]
hostapd: unconditionally enable ap/mesh for wpa-cli
Without this change, wpa-cli features depend on which wpad build variant was
used to build the wpa-cli package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Tested-by: Jérôme Benoit <jerome.benoit@piment-noir.org> [WRT1900AC v1]
[added missing package version bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
03e9e4ba9ea8f00ff7c6f076f2cdc322e18cd3a4)
Petr Štetiar [Sat, 25 Apr 2020 12:56:20 +0000 (14:56 +0200)]
wireless-regdb: backport three upstream fixes
Another release is overdue for quite some time, so I'm backporting three
fixes from upstream which I plan to backport into 19.07 as well.
Ref: FS#2880
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
76a0ddf1308782a4da2693978955aee9cf631862)
Petr Štetiar [Fri, 1 May 2020 08:12:11 +0000 (10:12 +0200)]
curl: backport fix for CVE-2019-15601
On Windows, refuse paths that start with \\ ... as that might cause an
unexpected SMB connection to a given host name.
Ref: PR#2730
Ref: https://curl.haxx.se/docs/CVE-2019-15601.html
Suggested-by: Jerome Benoit <jerome.benoit@sap.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Pawel Dembicki [Sat, 18 Apr 2020 19:47:44 +0000 (21:47 +0200)]
uboot-kirkwood: fix ethernet and usb
Before 2019.01 version was introduced patch, which changes cache
routines:
93b283d4 ("ARM: CPU: arm926ejs: Consolidate cache
routines to common file"). Unfortunately that patch make ethernet
and usb in kirkwood broken.
This patch backport commit
599f7aa5 ("ARM: kirkwood: disable dcache
for Kirkwood boards"), which are fix for that problem.
Fixes:
dc08514e6d ("uboot-kirkwood: update to 2019.01")
Run tested: pogoplugv4
Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Chuanhong Guo [Mon, 27 Apr 2020 12:20:08 +0000 (20:20 +0800)]
ramips: remove memory node for ZBT MT7621 devices
It's known that ZBT sells 256M variants of these routers. As a result,
our images won't be able to boot on these routers.
This commit removes memory node for them. With previously backported
memory detection patch, kernel is able to detect memory size itself.
Fixes: FS#3053
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Sungbo Eo [Sun, 26 Apr 2020 11:22:33 +0000 (20:22 +0900)]
ramips: remove unnecessary DEVICE_PACKAGES for Belkin F7C027
kmod-usb-dwc2 and kmod-usb-ledtrig-usbport are not target default packages, and
Belkin F7C027 does not have a USB port anyway. Just drop it.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit
1dedad2a00d8519d4892b8529b5f2fffcb768220)
Sungbo Eo [Sun, 22 Mar 2020 17:41:08 +0000 (02:41 +0900)]
oxnas: move service file to correct place
This service file has been misplaced from the very beginning.
Fixes:
dcc34574efba ("oxnas: bring in new oxnas target")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit
01961f163d927d6b44097f48a67bbc5b4c63eaf7)
Kevin Darbyshire-Bryant [Sat, 25 Apr 2020 09:27:22 +0000 (10:27 +0100)]
relayd: bump to version 2020-04-25
f4d759b dhcp.c: further improve validation
Further improve input validation for CVE-2020-11752
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
9e7d11f3e275d6f5d6b3edd7f0fa0440da43c45a)
Kevin Darbyshire-Bryant [Sat, 25 Apr 2020 09:30:08 +0000 (10:30 +0100)]
umdns: update to version 2020-04-25
cdac046 dns.c: fix input validation fix
Due to a slight foobar typo, failing to de-reference a pointer, previous
fix not quite as complete as it should have been.
Improve CVE-2020-11750 fix
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
9f7c8ed0786be97eda879e5f6681994e4de53d74)
Henrique de Moraes Holschuh [Sun, 1 Mar 2020 03:08:43 +0000 (00:08 -0300)]
dnsmasq: fix dnssec+ntp chicken-and-egg workaround (FS#2574)
Fix the test for an enabled sysntp initscript in dnsmasq.init, and get
rid of "test -o" while at it.
Issue reproduced on openwrt-19.07 with the help of pool.ntp.br and an
RTC-less ath79 router. dnssec-no-timecheck would be clearly missing
from /var/etc/dnsmasq.conf.* while the router was still a few days in
the past due to non-working DNSSEC + DNS-based NTP server config.
The fix was tested with the router in the "DNSSEC broken state": it
properly started dnsmasq in dnssec-no-timecheck mode, and eventually ntp
was able to resolve the server name to an IP address, and set the system
time. DNSSEC was then enabled by SIGINT through the ntp hotplug hook,
as expected.
A missing system.ntp.enabled UCI node is required for the bug to show
up. The reasons for why it would be missing in the first place were not
investigated.
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit
556b8581a15c855b2de0efbea6b625ab16cc9daf)
Petr Štetiar [Sat, 25 Apr 2020 11:59:19 +0000 (13:59 +0200)]
libpcap: fix build breakage with very high number of simultaneous jobs
Building libpcap with high number (64) of simultaneous jobs fails:
In file included from ./fmtutils.c:42:0:
./ftmacros.h:106:0: warning: "_BSD_SOURCE" redefined
#define _BSD_SOURCE
<command-line>:0:0: note: this is the location of the previous definition
./gencode.c:67:10: fatal error: grammar.h: No such file or directory
#include "grammar.h"
^~~~~~~~~~~
compilation terminated.
Makefile:99: recipe for target 'gencode_pic.o' failed
So fix this by less intrusive way by disabling the parallel builds for
this package.
Ref: FS#3010
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Tue, 21 Apr 2020 20:51:20 +0000 (22:51 +0200)]
openssl: bump to 1.1.1g
Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with
high severity, assigned CVE-2020-1967.
Ref: https://www.openssl.org/news/secadv/
20200421.txt
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
3773ae127ac83766028f767ac744e87a7ddcaf50)
Kevin Darbyshire-Bryant [Mon, 20 Apr 2020 08:08:20 +0000 (09:08 +0100)]
relayd: bump to version 2020-04-20
796da66 dhcp.c: improve input validation & length checks
Addresses CVE-2020-11752
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
be172e663f318ec364c13f795df025bbcce9ac18)
Kevin Darbyshire-Bryant [Mon, 20 Apr 2020 08:03:52 +0000 (09:03 +0100)]
umdns: update to version 2020-04-20
e74a3f9 dns.c: improve input validation
Addresses CVE-2020-11750
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
533da61ac63079f218a9946cd8e347b880c33dc0)
Kevin Darbyshire-Bryant [Sun, 5 Apr 2020 08:14:43 +0000 (09:14 +0100)]
umdns: update to the version 2020-04-05
ab7a39a umdns: fix unused error
45c4953 dns: explicitly endian-convert all fields in header and question
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
22ae8bd50ef6d056b25a96ce6c77de0b0d53c1a1)
(cherry picked from commit
17c4593e63f5847868f2c38185275199d37d379a)
Kevin Darbyshire-Bryant [Sat, 4 Apr 2020 08:20:08 +0000 (09:20 +0100)]
umdns: suppress address-of-packed-member warning
gcc 8 & 9 appear to be more picky with regards access alignment to
packed structures, leading to this warning in dns.c:
dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer
(alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer
(alignment 2) may result in an unaligned pointer value
[-Werror=address-of-packed-member]
261 | uint16_t *swap = (uint16_t *) q;
Work around what I think is a false positive by turning the warning off.
Not ideal, but not quite as not ideal as build failure.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
02640f014719a994e2e538b2cb6376a189cd39de)
(cherry picked from commit
a10b6ec1c8cd6d14a3b76a2ec3d81442b85f7321)
Hans Dedecker [Sat, 18 Apr 2020 08:34:10 +0000 (10:34 +0200)]
binutils: add ALTERNATIVES for strings (FS#3001)
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit
5f126c541a743e2ff5d8f406128d477ab5a509b4)