Daniel Golle [Sun, 15 Sep 2019 18:14:26 +0000 (20:14 +0200)]
ramips: only add spidev node in for WrtNode2R (and not for 2P)
Only the 2R version got the STM32 uC connected as 2nd SPI device.
Hence move the spidev node from mt7628an_wrtnode_wrtnode2.dtsi to
mt7628an_wrtnode_wrtnode2r.dts.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Felix Fietkau [Sun, 15 Sep 2019 17:53:17 +0000 (19:53 +0200)]
scripts/feeds: fix accepting "-" in feed type string
Fixes a syntax error in processing the type src-git-full
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Yousong Zhou [Tue, 10 Sep 2019 13:10:08 +0000 (13:10 +0000)]
apm821xx: image: remove unused kernel.dtb from IMAGES
It's a leftover from
2271967f ("apm821xx: utilize build ARTIFACTs")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Christian Lamparter <chunkeey@gmail.com>
Yousong Zhou [Thu, 12 Sep 2019 07:37:05 +0000 (07:37 +0000)]
imx6: install-dtb as separate IMAGE
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Tue, 10 Sep 2019 13:40:43 +0000 (13:40 +0000)]
build: install-dtb: fix race condition when copying dtb
Currently for at91 target, Build/install-dtb can be triggered concurrently for
multiple different TARGET_FILESYSTEMS, cp command can fail when the
target file is already open exclusively by other cp process
[ -f /builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/at91sam9263ek-uImage -a -f /builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/root.ubifs+fs=-m_2048_-e_126KiB_-c_2048+pkg=
68b329da ]
[ -f /builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/at91sam9263ek-uImage -a -f /builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/root.ext4+pkg=
68b329da ]
cp -fpR /builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/linux-4.14.141/arch/arm/boot/dts/at91sam9263ek.dtb /builder/shared-workdir/build/bin/targets/at91/sam9x/openwrt-at91-sam9x-at91sam9263ek.dtb;
cp -fpR /builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/linux-4.14.141/arch/arm/boot/dts/at91sam9263ek.dtb /builder/shared-workdir/build/bin/targets/at91/sam9x/openwrt-at91-sam9x-at91sam9263ek.dtb;
cp: cannot create regular file '/builder/shared-workdir/build/bin/targets/at91/sam9x/openwrt-at91-sam9x-at91sam9263ek.dtb': File exists
Makefile:87: recipe for target '/builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/tmp/openwrt-at91-sam9x-at91sam9263ek-ubifs-dtb' failed
make[4]: *** [/builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/tmp/openwrt-at91-sam9x-at91sam9263ek-ubifs-dtb] Error 1
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Koen Vandeputte [Sat, 14 Sep 2019 14:21:57 +0000 (16:21 +0200)]
ar71xx: make IRQ fixes target specific
Move the IRQ fix from generic to ar71xx specific.
Other targets like ath79 have specific pathes to delete this code.
This resulted in a build failure on ath79
While at it, wipe the 4.19 version, as ar71xx will never reach this.
Fixes:
530f76708cef ("ar71xx: Fix potentially missed IRQ handling during
dispatch")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Adrian Schmutzler [Wed, 11 Sep 2019 18:56:48 +0000 (20:56 +0200)]
brcm63xx: remove redundant variable definition in Makefile
For devices inheriting from bcm63xx_netgear, the IMAGES variable
is overwritten with the same values as defined in the parent
definition. So, remove the unnecessary overwrite.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Jonas Gorski [Tue, 3 Sep 2019 12:16:12 +0000 (14:16 +0200)]
images: fix boot failures on NAND with small sub pages
SquashFS has a minimum block size of at least 1k, so we need to make
sure the last data block is also at least that big.
This is not an issue on NOR or SD CARD devices, since their rootfs
partitions go all the way to the end of the usable space.
But on NAND with ubiblock, the rootfs partition will be the exact space,
rounded up to LEB size. Unfortunately, some NAND chips with small sub
pages have a LEB size of x.5 kiB. This can cause the the last data block
to be less than 1k, which will cause the last block to be inaccessible,
causing boot failures as seen on MR24:
[ 1.532960] block ubiblock0_3: created from ubi0:3(rootfs)
[ 1.538457] ubiblock: device ubiblock0_3 (rootfs) set to be root filesystem
[ 1.552847] SQUASHFS error: squashfs_read_data failed to read block 0x621472
[ 1.559896] squashfs: SQUASHFS error: unable to read id index table
[ 1.566474] VFS: Cannot open root device "(null)" or unknown-block(254,0): error -5
Since on most NOR devices, the start of the squashfs partition is not
aligned. Since the start of the rootfs_data partition there is dependend
on the SquashFS size, we cannot just always pad it, as the padding could
creep into the rootfs_data partition, breaking jffs2.
So fix this by ensuring a squashfs rootfs is always a multiple of 1k
only for UBI and NAND sysupgrade images.
Fixes #2460 without affecting NOR devices.
Tested-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Koen Vandeputte [Wed, 11 Sep 2019 10:47:27 +0000 (12:47 +0200)]
ar71xx: fix potential IRQ misses during dispatch for qca953x
If both interrupts are set in the current implementation
only the 1st will be handled and the 2nd will be skipped
due to the "if else" condition.
Fix this by using the same approach as done for QCA955x
just below it.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 11 Sep 2019 10:22:42 +0000 (12:22 +0200)]
ar71xx: Fix potentially missed IRQ handling during dispatch
If both interrupts are set in the current implementation
only the 1st will be handled and the 2nd will be skipped
due to the "if else" condition.
Fix this by using the same approach as done for QCA955x
just below it.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 11 Sep 2019 09:35:24 +0000 (11:35 +0200)]
kernel: bump 4.19 to 4.19.72
Refreshed all patches.
Remove upstreamed:
- 390-v5.3-net-sched-fix-action-ipt-crash.patch
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 11 Sep 2019 09:34:00 +0000 (11:34 +0200)]
kernel: bump 4.14 to 4.14.143
Refreshed all patches.
Remove upstreamed:
- 390-v5.3-net-sched-fix-action-ipt-crash.patch
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 11 Sep 2019 09:19:39 +0000 (11:19 +0200)]
kernel: bump 4.9 to 4.9.192
Refreshed all patches.
Compile-tested on: none
Runtime-tested on: none
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Hans Dedecker [Thu, 12 Sep 2019 20:31:01 +0000 (22:31 +0200)]
odhcpd: fix update to git HEAD
Fixes commit
7ff5b12e90
e73bf11 config: ra_management compatibility support
d818380 odhcpd: router: Fix out of scope memory access
94a1c94 dhcpv6-ia: free assignment when validity timer expires
752fc2c router: speed up initial router advertisements
09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed
79eb160 router: fix previous commit
6034b5c router: close socket upon NETEV_IFINDEX_CHANGE
000182f router: fix lingering uloop socket descriptor
f6c2242 router: support ra_lifetime being 0
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Ingo Feinerer [Wed, 11 Sep 2019 11:14:05 +0000 (13:14 +0200)]
umbim: update to latest git HEAD
184b707 umbim: add home provider query support
Signed-off-by: Ingo Feinerer <feinerer@logic.at>
Hans Dedecker [Sat, 29 Jun 2019 19:07:12 +0000 (21:07 +0200)]
odhcpd: update to latest git HEAD (FS#2019)
e73bf11 config: ra_management compatibility support
d818380 odhcpd: router: Fix out of scope memory access
94a1c94 dhcpv6-ia: free assignment when validity timer expires
752fc2c router: speed up initial router advertisements
09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed
79eb160 router: fix previous commit
6034b5c router: close socket upon NETEV_IFINDEX_CHANGE
000182f router: fix lingering uloop socket descriptor
f6c2242 router: support ra_lifetime being 0
d111809 router: make RA flags configurable (FS#2019)
Update odhcpd defaults according to the new RA flags implementation
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Felix Fietkau [Thu, 12 Sep 2019 15:15:40 +0000 (17:15 +0200)]
mt76: probe load mt7615 driver asynchronously
It can take a long time to load the firmware
Signed-off-by: Felix Fietkau <nbd@nbd.name>
David Bauer [Fri, 6 Sep 2019 22:43:19 +0000 (00:43 +0200)]
ath79: fix UniFi AC LED mapping
The UniFi AC LED mapping is currently off. The blue/white LED are used
as WiFi indicators, while the vendor firmware does not feature WiFI
LEDs.
Instead, the LEDs are used to indicate the devices status. Align the LED
mapping to match the vendor firmware as good as possible.
Signed-off-by: David Bauer <mail@david-bauer.net>
David Bauer [Sun, 8 Sep 2019 13:48:43 +0000 (15:48 +0200)]
iwinfo: update to latest Git HEAD
a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886
1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887
Signed-off-by: David Bauer <mail@david-bauer.net>
Daniel Golle [Thu, 12 Sep 2019 11:17:24 +0000 (13:17 +0200)]
config: kernel: only enable container features if !SMALL_FLASH
KERNEL_DEVPTS_MULTIPLE_INSTANCES and KERNEL_POSIX_MQUEUE were
previously enabled by default only if KERNEL_LXC_MISC was selected.
KERNEL_LXC_MISC was enabled only if the SMALL_FLASH (anti-)feature
was not selected.
Now that KERNEL_LXC_MISC no longer exists, make sure that those
options are also only enabled by default for !SMALL_FLASH targets.
Fixes:
4f94a331 ("config: kernel: remove KERNEL_LXC_MISC")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Yousong Zhou [Tue, 27 Aug 2019 06:35:10 +0000 (06:35 +0000)]
config: kernel: remove KERNEL_LXC_MISC
Kernel features are neutral. The two cascaded features can also be
useful for other container related tools
It's also less error-prone if only kconfig symbols from the kernel are
prefixed KERNEL_
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Tue, 27 Aug 2019 03:52:56 +0000 (03:52 +0000)]
config: kernel: add KERNEL_X86_VSYSCALL_EMULATION
Binaries in container images may need this. E.g. nginx:1.7.9 used in
k8s default deployment manifest file for demostration [1]
[1] https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#creating-a-deployment
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Koen Vandeputte [Wed, 11 Sep 2019 21:40:42 +0000 (23:40 +0200)]
Revert "ar71xx: use platform code for qca955x usb0 init"
This reverts commit
5b98061bb1ac7e3affadda7b55c6f4ed4eb8268e.
As Piotr Dymacz pointed out:
In QCA MIPS based WiSOCs, for first USB interface,
device/host mode can be selected _only_ in hardware
see description of
57c641ba6e
QCA955x and QCA9563, second USB can be switched to device
mode in software (tested and confirmed on real hardware).
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Moritz Warning [Mon, 9 Sep 2019 22:03:07 +0000 (00:03 +0200)]
imx6: split up DEVICE_TITLE
DEVICE_TITLE is split up into DEVICE_VENDOR, DEVICE_MODEL and DEVICE_VARIANT
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Moritz Warning [Mon, 9 Sep 2019 22:15:49 +0000 (00:15 +0200)]
samsung: split up DEVICE_TITLE
DEVICE_TITLE is split up into DEVICE_VENDOR, DEVICE_MODEL and DEVICE_VARIANT
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Tomislav Požega [Tue, 3 Sep 2019 22:48:37 +0000 (00:48 +0200)]
ar71xx: qca955x pci init/reset fixes
Current ar724x code does the reset only on single pci bus, and
in case of qca9558 writes the wrong register (0x10 vs 0x0c).
This change allows the reset of second pci bus, commonly used in
Archer C7 devices, in case host controller is stuck in reset.
If the resetting controller on boot can solve any other issue it
can be enabled unconditionally by removing reset check before
ar724x_pci_hw_init is called.
Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
[refreshed to apply cleanly]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tomislav Požega [Tue, 3 Sep 2019 15:10:31 +0000 (17:10 +0200)]
ar71xx: enable ddr wb flush on qca955x
Enable flushing of write buffers on qca955x. GPL code has 0x88 reg
defined for PCI flush which is likely an error since the device
freezes on boot. So use DS default value 0xA8 for PCI flush.
Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Tomislav Požega [Tue, 3 Sep 2019 15:04:17 +0000 (17:04 +0200)]
ar71xx: use platform code for qca955x usb0 init
Switch from ci_usb_setup to generic platform initialization of
usb0 port.
Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Koen Vandeputte [Mon, 9 Sep 2019 11:24:41 +0000 (13:24 +0200)]
kernel: bump 4.19 to 4.19.71
Refreshed all patches.
Remove upstreamed:
- 950-0774-watchdog-bcm2835_wdt-Fix-module-autoload.patch
- 0017-usb-host-fotg2-restart-hcd-after-port-reset.patch
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 9 Sep 2019 11:24:19 +0000 (13:24 +0200)]
kernel: bump 4.14 to 4.14.142
Refreshed all patches.
Remove upstreamed:
- 0032-usb-host-fotg2-restart-hcd-after-port-reset.patch
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 9 Sep 2019 11:21:20 +0000 (13:21 +0200)]
kernel: bump 4.9 to 4.9.191
Refreshed all patches.
Compile-tested on: none
Runtime-tested on: none
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Rafał Miłecki [Fri, 6 Sep 2019 05:10:54 +0000 (07:10 +0200)]
treewide: sysupgrade: use $UPGRADE_BACKUP to check for backup
Now that $UPGRADE_BACKUP is set conditionally there is no need to check
the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Wed, 11 Sep 2019 07:03:36 +0000 (09:03 +0200)]
procd: update to the latest git HEAD
b8238df sysupgrade: support "backup" attribute
This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Fri, 6 Sep 2019 05:10:52 +0000 (07:10 +0200)]
base-files: sysupgrade: pass "backup" ubus attribute
This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Yousong Zhou [Tue, 10 Sep 2019 02:19:05 +0000 (02:19 +0000)]
gemini: image: fix race condition when building copy-kernel.bin
Make treat copy-kernel.o as intermediate and delete it when it's no
longer needed. This can fail when the same submake was triggered
multiple times for different devices.
arm-openwrt-linux-muslgnueabi-as -k -o copy-kernel.o copy-kernel.S
export MAKEFLAGS= ;make -w -C copy-kernel CROSS_COMPILE=arm-openwrt-linux-muslgnueabi-
arm-openwrt-linux-muslgnueabi-objcopy -O binary -S copy-kernel.o copy-kernel.bin
make[5]: Entering directory '/builder/shared-workdir/build/target/linux/gemini/image/copy-kernel'
arm-openwrt-linux-muslgnueabi-objcopy -O binary -S copy-kernel.o copy-kernel.bin
rm copy-kernel.o
make[5]: Leaving directory '/builder/shared-workdir/build/target/linux/gemini/image/copy-kernel'
# "App" partition is the rootfs
arm-openwrt-linux-muslgnueabi-objcopy: 'copy-kernel.o': No such file
Makefile:27: recipe for target 'copy-kernel.bin' failed
make[5]: Leaving directory '/builder/shared-workdir/build/target/linux/gemini/image/copy-kernel'
make[5]: *** [copy-kernel.bin] Error 1
Makefile:244: recipe for target '/builder/shared-workdir/build/build_dir/target-arm_fa526_musl_eabi/linux-gemini/tmp/openwrt-gemini-storlink_sl93512r-ext4-factory.bin' failed
make[4]: *** [/builder/shared-workdir/build/build_dir/target-arm_fa526_musl_eabi/linux-gemini/tmp/openwrt-gemini-storlink_sl93512r-ext4-factory.bin] Error 2
With this change, output files are directed to $(KDIR)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Hauke Mehrtens [Sun, 8 Sep 2019 21:53:18 +0000 (23:53 +0200)]
hostapd: SAE/EAP-pwd side-channel attack update
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 8 Sep 2019 21:27:04 +0000 (23:27 +0200)]
hostapd: Fix security problem
This fixes:
CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment"
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
This shouöld not affect OpenWrt in the default settings as we do not use
EAP-pwd.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Roger Pueyo Centelles [Wed, 4 Sep 2019 09:29:12 +0000 (11:29 +0200)]
ramips: enable external amplifier for D-Link DIR-810L
The 2.4 GHz radio had very poor signal reception (-89 dBm for an AP
sitting 5 m away). By enabling the external amplifier, received signal
has improved to -50 dBm for the same AP.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Jo-Philipp Wich [Tue, 10 Sep 2019 13:25:12 +0000 (15:25 +0200)]
rpcd: update to latest Git HEAD
e2a7bc4 iwinfo: add WPA3 support
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rafał Miłecki [Mon, 9 Sep 2019 07:37:53 +0000 (09:37 +0200)]
mac80211: brcmfmac: backport more kernel 5.4 changes
Patch getting RAM info got upstreamed. A debugging fs entry for testing
reset feature was added.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hans Dedecker [Sun, 8 Sep 2019 19:13:59 +0000 (21:13 +0200)]
glibc: update to latest 2.27 commit (BZ #24228, BZ #24744, BZ #24699)
5f0d2e0491 [AArch64] Add ifunc support for Ares
e6b7252040 aarch64,falkor: Use vector registers for memcpy
c74b884f70 aarch64,falkor: Ignore prefetcher tagging for smaller copies
0fc5934ebd aarch64/strncmp: Use lsr instead of mov+lsr
e0a0bd3acc aarch64/strncmp: Unbreak builds with old binutils
638caf3000 aarch64: Improve strncmp for mutually misaligned inputs
d5f45a29ff aarch64/strcmp: fix misaligned loop jump target
7f690fafad aarch64: Improve strcmp unaligned performance
40df047b3b aarch64: Fix branch target to loop16
062139f233 aarch64: Optimized memcmp for medium to large sizes
f3e2add213 aarch64: Use the L() macro for labels in memcmp
22bd3ab40e posix: Fix large mmap64 offset for mips64n32 (BZ#24699)
bdd16894aa aarch64: handle STO_AARCH64_VARIANT_PCS
0b48caab9a aarch64: add STO_AARCH64_VARIANT_PCS and DT_AARCH64_VARIANT_PCS
949da7f2fd io: Remove copy_file_range emulation [BZ #24744]
f056ac8363 libio: do not attempt to free wide buffers of legacy streams [BZ #24228]
5f90e009b1 NEWS: add entries for bugs 22964, 24180, and 24531
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Jo-Philipp Wich [Sun, 8 Sep 2019 16:48:15 +0000 (18:48 +0200)]
rpcd: update to latest Git HEAD
69eeb1b file: refactor message parsing and permission checking
f65527a iwinfo: expose all rate info fields in assoclist reply
7fec636 sys: fix symbol redeclaration
27c24c7 rpcd: sys: actually move timespec declaration
345363b file: add remove operation
604db20 rpcd: Switch to nanosleep
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hauke Mehrtens [Sun, 8 Sep 2019 16:37:59 +0000 (18:37 +0200)]
firewall: update to latest git HEAD
487bd0d utils: Fix string format message
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rafał Miłecki [Thu, 5 Sep 2019 11:08:13 +0000 (13:08 +0200)]
base-files: validate firmware for compatibility with backup
This allows platform code to check if firmware image can be used with
preserving a backup. It may be used e.g. when installing vendor
firmwares that won't restore appended backup archive.
Suggested-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hans Dedecker [Sat, 7 Sep 2019 11:17:55 +0000 (13:17 +0200)]
firewal: update to latest git HEAD
4d0c703 firewall3: Fix some format string problems
8c404ef iptables.c: lock the xtables.lock
c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path()
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Adrian Schmutzler [Fri, 16 Aug 2019 13:39:43 +0000 (15:39 +0200)]
ramips: fix MAC address setup for Newifi Y1 and Y1S
So far, MAC address setup for those devices has been using local
addresses although additional MAC addresses are available on flash.
On device, we found the following situation:
position Y1 Y1S
0x4 *:d4 *:e4
0x8004 *:d6 *:e8
0x28 *:d4 *:e4
0x2e *:d7 *:eb
Since 0x4 and 0x28 yield the same address, the former was set for
ðernet in DTS. However, the typical location on this
architecture is 0x28, so this patch changes that.
For further setup in 02_network, the local bit for lan_mac is
removed, so the address from ðernet is used at all. For wan_mac,
instead of calculating an address with local bit set, this patch
exploits the previously unused address in 0x2e.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 16 Aug 2019 10:59:09 +0000 (12:59 +0200)]
ramips: initialize MAC addresses from flash where possible
This patch changes wan MAC address setup from retrieving it by
calculation to reading it from flash.
Changes are limited to cases where on-device check was possible.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[fix mac for newifi-d1; drop adslr,g7 because it's unlikely for
vendor to specifically use 2.4g mac as wan_mac]
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Adrian Schmutzler [Mon, 12 Aug 2019 11:35:39 +0000 (13:35 +0200)]
ramips: fix duplicate network setup for dlink,dir-615-h1
In
555ca422d1cb ("ramips: fix D-Link DIR-615 H1 switch port
mapping"), port setup for dir-615-h1 was changed without removing
the old one. This was working as the new one was triggered earlier
than the old one.
(In the meantine, changed sorting during ramips rename patches
actually inversed that order.)
Anyway, just remove the wrong case now.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Mon, 12 Aug 2019 11:31:23 +0000 (13:31 +0200)]
ramips: remove duplicate case for MAC setup of freestation5
ARC FreeStation5 is present twice in MAC address setup.
From older commits/changes, it is not possible to reconstruct
the correct choice only by reading the annotations.
Thus, remove the second case and keep the first one, so behavior
stays the same (as nobody seems to have complained about it).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Mon, 12 Aug 2019 11:21:05 +0000 (13:21 +0200)]
ramips: clean and improve MAC address setup in 02_network
This patch removes unnecessary MAC address setup statements in
ramips' 02_network by doing several optimizations:
1. For the following devices, lan_mac was set up with
mtd_get_mac_binary although the same address was set in DTS.
The lan_mac statement is removed in 02_network, but
wan_mac is kept:
- mercury,mac1200r-v2
- phicomm,k2g
- skylab,skw92a
- wiznet,wizfi630a
2. For the following devices, wan_mac was set up with
mtd_get_mac_binary although the same address was set in DTS.
The wan_mac statement is removed in 02_network, no
lan_mac is present:
- buffalo,whr-g300n
- glinet,gl-mt300n-v2
- zyxel,keenetic-start
3. For the following device, lan_mac and wan_mac were set up
with mtd_get_mac_binary to the same address as set in DTS.
Both statements are removed in 02_network:
- buffalo,whr-600d
4. For some devices, it was possible to move setup from 02_network
to DTS by introducing previously missing mtd_mac_address:
- buffalo,whr-1166d
- buffalo,whr-300hp2
- buffalo,wsr-600dhp
- ohyeah,oy-0001
- planex,vr500
5. For one device, mtd_mac_address was just wrong and overwritten
by 02_network. Put the correct value in DTS and remove redundant
statement in 02_network:
- asus,rt-ac57u
6. For one device, MAC address defined in DTS is exchanged together
with lan_mac/wan_mac setup in 02_network, so that cases in
02_network can be merged:
- phicomm,k2p
For some devices, an empty case has to be used to prevent them
from falling into the default case and have
WAN address = eth0 address + 1 set to them.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Jonas Gorski [Fri, 6 Sep 2019 12:55:36 +0000 (14:55 +0200)]
Revert "build: remove harmful -nopad option from mksquashfs"
This reverts commit
1c0290c5cc6258c48b8ba46b4f9c85a21de4f875.
Dropping the nopad can make the padding overflow into the next erase
block on devices using a non-aligned rootfs start. This breaks the jffs2
overlay partition with the following messages:
[ 30.343877] jffs2_scan_eraseblock(): End of filesystem marker found at 0x10000
[ 30.376512] jffs2: Cowardly refusing to erase blocks on filesystem with no valid JFFS2 nodes
[ 30.385253] jffs2: empty_blocks 196, bad_blocks 0, c->nr_blocks 197
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Hans Dedecker [Sat, 7 Sep 2019 11:08:27 +0000 (13:08 +0200)]
odhcp6c: update to latest git HEAD
e199804 dhcpv6: sanitize oro options
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Rafał Miłecki [Fri, 6 Sep 2019 10:44:49 +0000 (12:44 +0200)]
bcm53xx: extend firmware validation
This provides TRX validation result to the validation JSON. It also
prevents users from installing broken firmware files.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Yousong Zhou [Fri, 6 Sep 2019 08:29:50 +0000 (08:29 +0000)]
uboot-fritz4040: build with ipq40xx "generic" subtarget
Fixes:
853e4dd3 ("ipqx0xx: add Generic subtarget")
Ref: https://forum.openwrt.org/t/ipq40xx-snapshot-not-updated-since-22nd-august/44126
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Rafał Miłecki [Thu, 5 Sep 2019 21:33:19 +0000 (23:33 +0200)]
treewide: use new procd sysupgrade $UPGRADE_BACKUP variable
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.
This change requires the most recent procd with the commit
0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Thu, 5 Sep 2019 21:16:17 +0000 (23:16 +0200)]
procd: update to the latest git HEAD
0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code
This update includes a fix for uninitialized variable usage.
Fixes:
7290963d0992 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Adrian Schmutzler [Thu, 5 Sep 2019 11:29:37 +0000 (13:29 +0200)]
base-files: use get_mac_binary() in mtd_get_mac_binary_ubi()
The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.
This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
David Bauer [Wed, 4 Sep 2019 18:46:10 +0000 (20:46 +0200)]
base-files: fix mtd_get_mac_text not accepting hex offsets
The mtd_get_mac_text helper method did not support hexadecimal offset
values, resulting them to break after
75bfc393ba6c ("treewide:
convert MAC address location offsets to hexadecimal")
This commit fixes this by evaluating the hexadecimal input,
converting them to decimal.
Signed-off-by: David Bauer <mail@david-bauer.net>
Rafał Miłecki [Wed, 4 Sep 2019 14:57:40 +0000 (16:57 +0200)]
treewide: when copying a backup file always specify dest name
$CONF_TAR shouldn't be assumed to always point to the sysupgrade.tgz.
This change makes code more generic and allows refactoring $CONF_TAR.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Wed, 4 Sep 2019 14:57:39 +0000 (16:57 +0200)]
treewide: don't hardcode "sysupgrade.tgz" file name
1) Add BACKUP_FILE and use it when copying an archive to be restored
after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Thu, 5 Sep 2019 06:53:44 +0000 (08:53 +0200)]
treewide: fix invalid UPGRADE_OPT_SAVE_CONFIG spellings
That was a result of accidentally running "sed" twice on some files.
Fixes:
5797fe84a3b5 ("treewide: replace remaining (not working now) $SAVE_CONFIG uses")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Thu, 5 Sep 2019 06:40:29 +0000 (08:40 +0200)]
treewide: replace remaining (not working now) $SAVE_CONFIG uses
This var has been replaced by the $UPGRADE_OPT_UPGRADE_OPT_SAVE_CONFIG
Fixes:
b534ba961100 ("base-files: pass "save_config" option to the "sysupgrade" method")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hauke Mehrtens [Sat, 11 May 2019 15:09:07 +0000 (17:09 +0200)]
uboot-envtools: Update to U-Boot version 2019.07
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 11 May 2019 14:57:15 +0000 (16:57 +0200)]
tools/mkimage: Update U-Boot to version 2019.07
This updates the U-Boot which provides the host tools like mkimage to
version 2019.07.
The patches were cleaned up and it was checked if this still compiles
on Linux and FreeBSD.
CONFIG_FIT_SIGNATURE_MAX_SIZE is set to the default value.
The patch for libressl was merged upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Álvaro Fernández Rojas [Wed, 4 Sep 2019 17:01:23 +0000 (19:01 +0200)]
brcm2708: update to latest patches from RPi foundation
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Álvaro Fernández Rojas [Wed, 4 Sep 2019 16:11:25 +0000 (18:11 +0200)]
brcm2708: bcm2711: remove custom config file
Forcing arm_64bit is no longer required with latest firmware.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Álvaro Fernández Rojas [Wed, 4 Sep 2019 16:09:34 +0000 (18:09 +0200)]
brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Chuanhong Guo [Tue, 3 Sep 2019 15:58:07 +0000 (23:58 +0800)]
ramips: improve support for Xiaomi Miwifi Nano
This patch does the following things:
1. mark u-boot-env writable
2. add bootcount support
Currently, u-boot has a flag_boot_success env variable to reset.
Also reset it in our firmware to follow the behavior in vendor's
firmware.
3. disable usb support
This router doesn't have usb port at all.
4. increase spi clock to 40MHz
5. fix pinmux groups
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Rafał Miłecki [Wed, 4 Sep 2019 09:12:44 +0000 (11:12 +0200)]
procd: update to the latest git HEAD
34ac88c system: reject sysupgrade of invalid firmware images by default
f55c235 system: reject sysupgrade of broken firmware images
e990e21 system: add "validate_firmware_image" ubus method
This update changes "sysupgrade" ubus method API. It's now required to
pass "force" attribute whenever invalid firmware is meant to be
installed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Tue, 3 Sep 2019 12:44:40 +0000 (14:44 +0200)]
base-files: pass "force" parameter to the "sysupgrade" call
This makes sysupgrade work with the most recent procd that validates
firmware before proceeding.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Wed, 4 Sep 2019 04:35:31 +0000 (06:35 +0200)]
brcm47xx: extend firmware validation
This provides TRX validation result, so final JSON may look like:
{
"tests": {
"fwtool_signature": true,
"fwtool_device_match": true,
"trx_valid": true
},
"valid": true,
"forceable": true
}
It also prevents users from installing broken firmware files, e.g.:
root@OpenWrt:/# sysupgrade -F -n /tmp/TZ
Image metadata not found
Invalid image type. Please use firmware specific for this device.
Image check failed but --force given - will update anyway!
Commencing upgrade. Closing all shell sessions.
Firmware image is broken and cannot be installed
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Álvaro Fernández Rojas [Tue, 3 Sep 2019 11:01:50 +0000 (13:01 +0200)]
brcm2708: restore UART on RPi 0W, 3B, 3B+ and 4B
Disable Bluetooth and restore UART to GPIOs 14 & 15.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Adrian Schmutzler [Sun, 28 Jul 2019 10:20:26 +0000 (12:20 +0200)]
ath79: add support for TP-Link WDR3500 v1
Hardware:
SoC: AR9344
CPU: 560 MHz
Flash: 8 MiB
RAM: 128 MiB
WiFi: Atheros AR9340 2.4GHz 802.11bgn
Atheros AR9300 5GHz 802.11an
Ethernet: AR934X built-in switch, WAN on separate physical interface
USB: 1x 2.0
Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.
Flash instruction (TFTP):
1. Set PC to fixed ip address 192.168.0.66
2. Download *-factory.bin image and rename it to
wdr3500v1_tp_recovery.bin
3. Start a tftp server with the image file in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[removed stray newline]
Signed-off-by: David Bauer <mail@david-bauer.net>
Rosen Penev [Thu, 8 Aug 2019 22:57:56 +0000 (15:57 -0700)]
upslug2: Update to git repository
This has two improvements over the current version. An autotools fix and
application of the wrt350v2 patch.
Cleaned up Makefile as a result of makefiles being fixed.
Note that this package is not really used as it depends on orion, which is
classified as broken.
This is the last package that uses svn in the tree.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Jo-Philipp Wich [Fri, 30 Aug 2019 13:45:06 +0000 (15:45 +0200)]
sdk: use bundle-libraries.sh to ship kernel objtool tools
Ensure that the kernel objtool utilities are processed by the library
bundler in order to ensure that they're usable on foreign systems with
different libc versions.
Fixes:
a9f6fceb42 ("sdk: fix building external modules when CONFIG_STACK_VALIDATION=y")
Acked-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Fri, 30 Aug 2019 13:24:45 +0000 (15:24 +0200)]
include: kernel-build: pass pkg-config overrides to kernel build
Pass suitable pkg-config overrides to the kernel build process in
order to let our pkg-config wrapper discover libraries provided
by tools/.
This mainly affects the use of libelf which is required for the
CONFIG_STACK_VALIDATION features. So far, the build system either
silently used host system libraries or kbuild simply disabled the
feature due to the lack of a suitable libelf.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Fri, 30 Aug 2019 13:22:01 +0000 (15:22 +0200)]
tools: libelf: fix headers to trigger -Wundef warnings
When libelf from tools/ is used for building the kernel, compilation
aborts due to access to undefined defines since Kbuild adds -Wundef
to the compiler flags.
Patch the header files to use `#if defined(...)` instead of `#if ...`
to prevent such issues.
Ref: https://github.com/NixOS/nixpkgs/issues/59929
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Fri, 30 Aug 2019 13:28:27 +0000 (15:28 +0200)]
tools: libelf: install pkg-config file
Install the pkg-config definition for libelf in order to allow the
kernel build process discover it later on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Paul Spooren [Fri, 23 Aug 2019 08:30:10 +0000 (22:30 -1000)]
bcm53xx: add generic subtarget
Same game as for
853e4dd3062df7cb5704b15d6af6730e3194b571. Add generic
to the filenames.
CC: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Rafał Miłecki <rafal@milecki.pl>
Bjørn Mork [Mon, 2 Sep 2019 11:49:21 +0000 (13:49 +0200)]
scripts/feeds: fix 'src-include' directive
Commit
775b70f8d5df renamed parse_file() parameters without
updating the recursive call. This broke parsing of any feeds.conf
using 'src-include'.
$ scripts/feeds update -a
Can't use string ("defaults") as a HASH ref while "strict refs" in use at scripts/feeds line 63, <$fh> line 1.
Fixes:
775b70f8d5df ("scripts/feeds: allow adding parameters to feeds")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Hauke Mehrtens [Sun, 1 Sep 2019 17:52:41 +0000 (19:52 +0200)]
uci: update to latest Git HEAD
415f9e4 uci/file: replace mktemp() with mkstemp()
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 1 Sep 2019 17:47:50 +0000 (19:47 +0200)]
iwinfo: update to latest Git HEAD
f599a8d iwinfo: Fix rate buffer size
71ec9be iwinfo: Fix buffer size
f8ef450 iwinfo: Add support for WPA3
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tomasz Maciej Nowak [Thu, 18 Jul 2019 13:32:39 +0000 (15:32 +0200)]
grub2: bump to 2.04
* GCC 8 and 9 support.
* Gnulib integration overhaul.
* RISC-V support.
* Xen PVH support.
* Native UEFI secure boot support.
* UEFI TPM driver.
* New IEEE 1275 obdisk driver.
* Btrfs RAID 5 and RIAD 6 support.
* bootin from F2FS support.
* PARTUUID support.
* VLAN support.
* Native DHCP support.
* Many ARM and ARM64 fixes.
* Many SPARC fixes.
* Many IEEE 1275 fixes.
* ...and tons of other fixes and cleanups...
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Luis Araneda [Sun, 18 Aug 2019 16:00:29 +0000 (12:00 -0400)]
uboot-zynq: update to 2019.07
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
Thomas Langer [Thu, 22 Aug 2019 12:21:14 +0000 (12:21 +0000)]
Fix handling of BUILD_SUFFIX in remote-gdb script
When CONFIG_BUILD_SUFFIX is enabled, the target-* folders in build_dir
and staging_dir have this suffix in the name, but not the
toolchain directories. When detecting the names for "arch" and "libc",
also accept the suffix and do not use it for the toolchain path.
Signed-off-by: Thomas Langer <thomas.langer@intel.com>
Daniel Engberg [Sat, 16 Mar 2019 21:09:22 +0000 (21:09 +0000)]
tools/cmake: Update to 3.15.1
Update CMake to 3.15.1
Refresh patches
Remove inofficial fossies.org and replace with GitHub (link on official site)
Remove 150-C-feature-checks-Match-warnings-more-strictly.patch as it's
a no longer needed backport from upstream.
Disable ccache if GCC is 4.8, 4.9 or 5.X to avoid build failures.
Reference: https://github.com/openwrt/openwrt/pull/1929
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Konstantin Demin [Wed, 21 Aug 2019 06:25:06 +0000 (09:25 +0300)]
nftables: bump to version 0.9.2
- exclude Python-related stuff from build
- drop patches:
* 010-uclibc-ng.patch, applied upstream
ipkg size decrease by 2.8%:
old:
194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk
new:
189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Konstantin Demin [Wed, 21 Aug 2019 06:41:07 +0000 (09:41 +0300)]
libnftnl: bump to version 1.1.4
ABI version is same.
The ipkg size increase by about 2.2%:
old:
47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk
new:
48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
DENG Qingfang [Wed, 21 Aug 2019 14:40:48 +0000 (22:40 +0800)]
mvebu: fix Linksys WRT LAN/WAN MAC addresses
According to 02_network, eth0.1 is LAN and eth1.2 is WAN,
but $mac_wan was assigned incorrectly to eth0 in preinit.
Swap eth0 and eth1 to fix this.
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Cong Wang [Sun, 25 Aug 2019 12:35:06 +0000 (05:35 -0700)]
kernel: net_sched: fix a NULL pointer deref in ipt action
The net pointer in struct xt_tgdtor_param is not explicitly
initialized therefore is still NULL when dereferencing it.
So we have to find a way to pass the correct net pointer to
ipt_destroy_target().
The best way I find is just saving the net pointer inside the per
netns struct tcf_idrinfo, which could make this patch smaller.
Fixes:
0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed by ruleset")
Reported-and-tested-by: Tony Ambardar <itugrok@xxxxxxxxx>
Cc: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
Cc: Jiri Pirko <jiri@xxxxxxxxxxx>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
[Backport for kernel v4.19 and v4.14]
Link: https://bugzilla.kernel.org/show_bug.cgi?id=204681]
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Jo-Philipp Wich [Sun, 1 Sep 2019 16:33:03 +0000 (18:33 +0200)]
rpcd: update to latest Git HEAD
821045f file: add path based read/write/exec ACL checks
fb337e5 file: add stat() information to directory listings
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Eneas U de Queiroz [Mon, 5 Aug 2019 18:34:39 +0000 (15:34 -0300)]
uhttpd: add support to generate EC keys
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Mon, 5 Aug 2019 18:34:38 +0000 (15:34 -0300)]
px5g: support EC keys
This adds an 'eckey' command to generate an EC key, with an optional
curve name argument, with P-256 as default.
For the 'selfsigned' command, it adds an 'ec' algorithm argument to the
'-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option,
mirroring the way openssl specifies the curve name.
Notice that curve names are not necessarily the same in mbedtls and
openssl. In particular, secp256r1 works for mbedtls, but openssl uses
prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256
and P-384 are specifically supported.
Package size increased by about 900 bytes (arm).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Mon, 5 Aug 2019 18:34:37 +0000 (15:34 -0300)]
openssl: always build with EC support
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tomasz Maciej Nowak [Fri, 23 Aug 2019 13:50:52 +0000 (15:50 +0200)]
ath79: image: disable sysupgrade images for routerstations and ja76pf2
Because a bug in handling partial erase blocks in 4.19 kernel, using
sysupgrade images will hard brick devices that use RedBoot bootloader
and have "FIS directory" with "RedBoot config" on the same erase block.
Since flashing the devices from bootloader is safe, and to not cause a
situation where external chip programmer or JTAG is needed, disable
sysupgrade images for affected boards while creating kernel.bin and
rootfs.bin for jjPlus JA76PF2 board, which doesn't have factory image.
To set up the JA76PF2 board follow "Installation" instructions in
b3a0c97
("ath79: add support for jjPlus JA76PF2") except the part of loading
initramfs image and using sysupgrade image for flashing (point 6 and 7).
Enter following commands to flash the board from bootloader:
fis init
load -r -b 0x80060000 <openwrt_kernel_image_name>
fis create linux
load -r -b %{FREEMEMLO} <openwrt_rootfs_image_name>
fis create rootfs
fis load -l linux
exec -c ""
For RouterStations use TFTP recovery procedure.
Ref: FS#2428
Cc: Matt Merhar <mattmerhar@protonmail.com>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tomasz Maciej Nowak [Fri, 23 Aug 2019 13:50:51 +0000 (15:50 +0200)]
ath79: fix FIS partition detection for 4.19 kernel
When bumping to 4.19 the patch responsible for scaning flash for FIS
partition got left out. Without it devices with RedBoot bootloader using
automatic partitions detection in dts won't boot with the new kernel.
Fixes:
3771176 ("ath79: add support for linux 4.19")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tomasz Maciej Nowak [Fri, 23 Aug 2019 13:50:50 +0000 (15:50 +0200)]
ath79: image: add supported string for routerstations and ja76pf2
Now that the md5 check is fixed and metadata present, sysupgrade on
ar71xx will complain about device not being supported by the image.
Since the cause is not matching strings for supported devices add them
accordingly.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tomasz Maciej Nowak [Fri, 23 Aug 2019 13:50:49 +0000 (15:50 +0200)]
ath79: image: append metadata to routerstations and ja76pf2 images
This target enforces metadata check so add the necessary information. It
was previously removed because md5 sum check. When using these sysupgrade
images on ar71xx target the check would complain about them not matching.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tomasz Maciej Nowak [Fri, 23 Aug 2019 13:50:48 +0000 (15:50 +0200)]
ar71xx: sysupgrade: accept ath79 combined-image
There is md5 sum of whole image embedded in combined-image header which
is checked on sysupgrade. The check will fail for ath79 images which
may have embedded metadata. This is because metadata are appended after
the combined image is created. To allow smooth transition from ar71xx to
ath79, strip metadata before calculating md5 sum for whole image.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tomasz Maciej Nowak [Fri, 23 Aug 2019 13:50:47 +0000 (15:50 +0200)]
ath79: image: retire combined-image for Adtran/Bluesocket devices
During review it slipped by that these devices use combined-image which
should never be used for newly added ones. Therefore switch to
sysupgrade-tar generated images introduced in
8f6f260 ("ath79:
routerstation: prepare to use sysupgrade-tar format image"). The
sysupgrade accepts both images for now so no reression should occur.
Cc: Brian Gonyer <bgonyer@gmail.com>
Cc: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>