Russell King [Wed, 27 Nov 2019 11:45:30 +0000 (11:45 +0000)]
kernel: add SFP support for Methode DM7052 NBASE-T module
Add support for Methode DM7052 NBASE-T module to OpenWRT. These
patches are taken from my "phy" branch, and will be sent for the
next kernel merge window.
Signed-off-by: Russell King <linux@armlinux.org.uk>
[jonas.gorski: move patches to pending, refresh patches]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Russell King [Wed, 27 Nov 2019 11:45:25 +0000 (11:45 +0000)]
kernel: add backported phy/phylink/sfp patches
Backport the phy/phylink/sfp patches currently queued in netdev or in
mainline necessary to support GPON popular modules, specifically to
support Huawei and Nokia GPON modules.
Signed-off-by: Russell King <linux@armlinux.org.uk>
[jonas.gorski: include kernel version in file names, refresh patches]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Russell King [Wed, 27 Nov 2019 11:45:20 +0000 (11:45 +0000)]
kernel: move phylink patches from mvebu to generic
Move two phylink patches from mvebu to generic, so that everyone can
benefit from them.
Signed-off-by: Russell King <linux@armlinux.org.uk>
[jonas.gorski: add kernel version to file names]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Russell King [Wed, 27 Nov 2019 11:45:15 +0000 (11:45 +0000)]
kernel: remove obsolete phylink/SFP patches
Remove the old phylink/SFP patches from the OpenWRT build; these will
be updated with a new set in subsequent.
450-reprobe_sfp_phy is also removed for several reasons:
1) it is not in mainline.
2) it breaks copper modules that do not have a PHY.
3) it makes backporting the current patch set harder.
Discussion is ongoing with the patch author for a mainline Linux kernel
patch for this.
Signed-off-by: Russell King <linux@armlinux.org.uk>
Jan Pavlinec [Fri, 10 Jan 2020 15:42:33 +0000 (16:42 +0100)]
curl: update to version 7.68.0 (security fix)
Fixes
CVE-2019-15601
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Hannu Nyman [Sat, 18 Jan 2020 18:56:33 +0000 (20:56 +0200)]
tools/bison: update to 3.5
Update bison to 3.5
Release notes:
https://lists.gnu.org/archive/html/info-gnu/2019-12/msg00002.html
Note for future: release notes mention that YYPRINT macro is
declared deprecated, but apparently still works for now. I found
one possible use of that in scripts/config/zconf.tab.c_shipped
That might be modernized at some point, but as the file is synced
with the one from upstream Linux, it might get fixed there.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Adrian Schmutzler [Tue, 21 Jan 2020 17:00:31 +0000 (18:00 +0100)]
ath79: remove usused TPLINK_BOARD_NAME variable for DEVICE_VARS
TPLINK_BOARD_NAME has been renamed to TPLINK_BOARD_ID a long time
ago (
7d6c63d87542: "build: rename TPLINK_BOARD_NAME to
TPLINK_BOARD_ID" for ar71xx), and before introducing ath79 target
at all.
TPLINK_BOARD_NAME seems to have been introduced into ath79 target
only by mistake. It has never been used. Remove it.
Fixes:
53c474abbdfe ("ath79: add new OF only target for QCA MIPS silicon")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Petr Štetiar [Tue, 21 Jan 2020 16:05:19 +0000 (17:05 +0100)]
Revert "kernel: mtd: Make subpartitions inherit parent's access mode"
This reverts commit
de80424f706682e8bba27c60bcd2a9c1b4a5e875 which needs
more work and testing as it broke at least jffs2 overlays at least on
ath79 platform, marking them as read-only, thus unusable:
jffs2_build_filesystem(): erasing all blocks after the end marker...
jffs2: Erase at 0x009e0000 failed immediately: -EROFS. Is the sector locked?
Ref: http://lists.infradead.org/pipermail/openwrt-devel/2020-January/021344.html
Reported-by: Steve Brown <sbrown@ewol.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Tue, 21 Jan 2020 16:14:57 +0000 (17:14 +0100)]
fstools: update to version 2020-01-21
deb745f82b93 Revert "fstools: Add support to read-only MTD partitions (eg. recovery images)"
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Tue, 21 Jan 2020 16:03:21 +0000 (17:03 +0100)]
urngd: update to version 2020-01-21
c7f7b6b65b82 Tag version 1.0.2
236b7a0aef21 Fix blocked entropy generation
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Adrian Schmutzler [Sat, 18 Jan 2020 01:21:14 +0000 (02:21 +0100)]
zynq: derive DEVICE_DTS from device definition name
In zynq target, the DEVICE_DTS variable is always set consistent
with the model part of the device definition name.
This patch replaces the redundant definitions for the individual
devices with a common recipe.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Sat, 18 Jan 2020 01:21:13 +0000 (02:21 +0100)]
mvebu: split base-files across subtargets
For the mvebu target in particular, there is a lot of files in
base-files that are only relevant for one subtarget. Improve
overview and reduce size per subtarget by moving/splitting
base-files depending on the subtarget they belong to.
While at it, consolidate 01_leds by using the model part of
the board name as variable.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Adrian Schmutzler [Sat, 18 Jan 2020 01:21:12 +0000 (02:21 +0100)]
mvebu: use SOC to derive DEVICE_DTS
This introduces the SOC variable to mvebu target to derive some of
the DEVICE_DTS variables based on the SOC prefix and the device
definition name.
Since DTS names and compatible are inconsistent also in the kernel
for this target, the scheme cannot be applied to all devices, though.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Adrian Schmutzler [Sat, 18 Jan 2020 01:21:11 +0000 (02:21 +0100)]
mvebu: move subtarget image Makefile switch to parent Makefile
This moves the if conditions for choosing which image Makefiles
are used to the parent image/Makefile. It seems more convenient
to have "codeflow" in the parent while the subtarget-specific
files only contain the definitions.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Enrico Mioso [Fri, 17 Jan 2020 12:15:52 +0000 (13:15 +0100)]
ath79: add support for TP-Link TL-MR6400
This device is an LTE router supported in ar71xx so far.
As per original commit, hardware specifications (v1.0 EU):
- SoC: QCA9531
- Flash: Winbond W25Q64FV (8MiB)
- RAM: EtronTech EM6AB160TSE-5G (64MiB)
- Wireless: SoC platform only (2.4GHz b/g/n, 2x internal antenna)
- Ethernet: 2NIC (3x100M + 1x100M)
- WWAN: TP-LINK LTE MODULE (2x external detachable antenna)
- Power: DC 12V 1A
Flashing instructions:
You can flash via tftp recovery (serve factory image as /mr6400_tp_recovery.bin
on 192.168.0.66/24, connect to any ethernet port and power on device while
holding the reset button). Flashing via OEM web interface does not work.
Known issues:
- LTE module does not always come up during boot (showing USB enumeration errors). Similar behavior has been reported at least from one user for ar71xx, too. Turning USB off and on again will serve as a workaround.
- eth0 (LAN) always shows carrier as 1 even if no cable is plugged in (this works "correctly" on ar71xx)
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
[several adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Filip Moc <lede@moc6.cz>
Lech Perczak [Sun, 17 Nov 2019 19:57:10 +0000 (20:57 +0100)]
ar71xx: ubnt-rocket-m-ti: fix RSSI LED definitions
When mapping for RSSI LEDs was defined for interface wlan0 on
Ubiquiti Rocket M Titanium, it missed connection to actual interface.
Therefore create the mapping to interface, so RSSI LEDs work without
additional configuration, after starting rssileds service.
While at that, split RSSI into ~equal intervals for 6 LEDs,
and remove coefficients needed for PWM LEDs, as this board does not
support PWM LEDs.
Finally, for complete support, enable 'rssileds' package in per-device
rootfs, so the indicator works out of box.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Daniel Golle [Tue, 21 Jan 2020 10:52:12 +0000 (12:52 +0200)]
procd: update to latest git HEAD
58c12f7 jail: add basic support for network namespaces
ba69639 jail: create resolv.conf symlink for netns jails
81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/
Add new 'netns' flag for procd_add_jail to make ujail setup a new
network namespace for the jailed service.
See previous netifd commit for example configuration for netns jailed
service.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 21 Jan 2020 08:18:10 +0000 (10:18 +0200)]
netifd: add basic support for jail network namespaces
Prepare netifd for handling procd service jails having their own
network namespace.
Intefaces having the jail attribute will only be brought up inside the
jail's network namespace by procd calling the newly introduced ubus
method 'netns_updown'.
Currently proto 'static' is supported and configuration changes are
not yet being handled (ie. you'll have to restart the jailed service
for changes to take effect).
Example /etc/config/network snippet:
config device 'veth0'
option type 'veth'
option name 'vhost0'
option peer_name 'virt0'
config interface 'virt'
option type 'bridge'
list ifname 'vhost0'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.255.0'
config interface 'virt0'
option ifname 'virt0'
option proto 'static'
option ipaddr '10.0.0.2'
option netmask '255.255.255.0'
option gateway '10.0.0.1'
option dns '10.0.0.1'
option jail 'transmission'
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Michal Cieslakiewicz [Mon, 20 Jan 2020 20:34:02 +0000 (21:34 +0100)]
ath79: fix SUPPORTED_DEVICES for WNDR4300 and WNDR3700v4
Kernel partition increase to 4 MiBs for Netgear WNDR3700v4 and WNDR4300
routers breaks sysupgrade image compatibility with ar71xx builds.
Therefore, SUPPORTED_DEVICES variable has to be removed for both devices
from target makefile.
Reported-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Petr Štetiar [Mon, 20 Jan 2020 15:22:07 +0000 (16:22 +0100)]
libubox: update to version 2020-01-20
43a103ff17ee blobmsg: blobmsg_parse and blobmsg_parse_array oob read fixes
5c0faaf4f5e2 tests: prefer dynamically allocated buffers
1ffa41535369 blobmsg_json: prefer snprintf usage
132ecb563da7 blobmsg: blobmsg_vprintf: prefer vsnprintf
a2aab30fc918 jshn: prefer snprintf usage
b0886a37f39a cmake: add a possibility to set library version
a36ee96618a9 blobmsg: blobmsg_add_json_element() 64-bit values
f0da3a4283b7 blobmsg_json: fix int16 serialization
20a070f08139 tests: blobmsg/json: add more test cases
379cd33d1992 tests: include json script shunit2 based testing
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Bruno Pena [Sat, 9 Nov 2019 14:23:58 +0000 (15:23 +0100)]
kernel: mtd: Make subpartitions inherit parent's access mode
Currently it's not possible to effectively mark a "firmware" partition
as read-only. The sub-partitions "kernel", "rootfs" and "rootfs_data"
are always created as read-write (ignoring the parent access mode).
This patch enforces the access mode of sub-partitions to match the
parent partition, which is useful for recovery images that are meant
to be fully read-only to avoid accidental damage from end-user.
An example of such implementation (read-only firmware image) is the
recovery image used on the Zsun-SD100 [1].
Please note the related patch for fstools [2] to enable this read-only
concept.
[1] https://github.com/brunompena/zsun-resources
[2] http://lists.infradead.org/pipermail/openwrt-devel/2020-January/021043.html
Signed-off-by: Bruno Pena <brunompena@gmail.com>
[removed already obsolete 4.9 kernel patch]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Sat, 18 Jan 2020 13:49:11 +0000 (14:49 +0100)]
fstools: update to version 2020-01-18
f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images)
189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Koen Vandeputte [Mon, 20 Jan 2020 11:25:02 +0000 (12:25 +0100)]
kernel: bump 4.19 to 4.19.97
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 20 Jan 2020 11:23:38 +0000 (12:23 +0100)]
kernel: bump 4.14 to 4.14.166
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 20 Jan 2020 10:04:32 +0000 (11:04 +0100)]
kernel: bump 4.19 to 4.19.96
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 20 Jan 2020 10:00:59 +0000 (11:00 +0100)]
kernel: bump 4.14 to 4.14.165
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 14 Jan 2020 15:34:24 +0000 (16:34 +0100)]
kernel: bump 4.19 to 4.19.95
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 14 Jan 2020 13:39:40 +0000 (14:39 +0100)]
kernel: bump 4.14 to 4.14.164
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Walter Sonius [Fri, 27 Dec 2019 11:41:35 +0000 (12:41 +0100)]
brcm47xx: fix switch port order for Netgear WN2500RP V1
The Netgear WN2500RP V1 switch0 already works for LAN
however the port order for the LAN ports is inverted. Correct
physical port order watched from the back of the device is:
4 / 3 / 2 / 1
WAN port is absent on this device and therefore removed
from switch config.
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[move block to maintain alphabetic sorting]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Maximilian Pachl [Wed, 13 Nov 2019 11:57:28 +0000 (12:57 +0100)]
ramips: apply LED_POLARITY rt3050-esw on MT7628AN/MT7688
The device tree property "mediatek,led_polarity" is ignored for
MT7628AN and MT7688. According to the datasheet both SoCs have
the matching register. Therefore the property should be applied
on these two devices as well.
Signed-off-by: Maximilian Pachl <m@ximilian.info>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
Tested-by: Sungbo Eo <mans0n@gorani.run>
Anderson Vulczak [Wed, 27 Nov 2019 23:31:52 +0000 (21:31 -0200)]
tools: tplink-safeloader: update soft_ver for TP-Link Archer C6 v2 (EU)
This patch updates "soft_ver" for TP-Link Archer C6 v2 (EU).
It makes possible to upload OpenWrt on lastest vendor's firmware
as the web-based updater checks for major.minor version during upload.
Due to that on next major/minor version update TP-Link will stop
us from using the web-based firmware update tool, so it will
require a new patch on soft_ver to match major and minor version.
Up to today's latest stock firmware the patch (major.minor.patch)
version does not matters, that allows downgrade from 1.1.4 to 1.1.1
but do not allow downgrade from 1.1.X to 1.0.X.
Signed-off-by: Anderson Vulczak <andi@andi.com.br>
Stephan Knauss [Sat, 18 Jan 2020 18:37:08 +0000 (19:37 +0100)]
kirkwood: fix HDD LED labels for Zyxel NSA325 in 01_leds
Change the LED labels for hdd1/hdd2 in 01_leds to match their
counterpart in DTS.
Signed-off-by: Stephan Knauss <openwrt@stephans-server.de>
[improve commit title and message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Walter Sonius [Fri, 27 Dec 2019 11:25:39 +0000 (12:25 +0100)]
brcm47xx: fix switch port order for Netgear WNR3500 V2
The Netgear WNR3500 V2 switch0 already works for WAN/LAN
however the port order for the LAN ports is inverted. Correct
physical port order watched from the back of the device is:
Internet / 4 / 3 / 2 / 1 this resembles the Linksys E3000 V1.
Verfied with imagebuilder edit FILES=/etc/board.d/01_network
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
Steffen Förster [Mon, 23 Dec 2019 21:48:06 +0000 (22:48 +0100)]
ramips: add support for TP-Link RE305 v1
Specification:
SoC: MediaTek MT7628AN
RAM: 64MiB
Flash: 8MiB
Wifi:
- 2.4GHz: MT7628AN
- 5GHz: MT7612EN
LAN: 1x 10/100 Mbps
Flash instructions:
Flash factory image through stock firmware WEB UI.
Back to stock is possible by using TFTP and stripping down the Firmware
provided by TP-Link to a initramfs.
The flash space between 0x650000 and 0x7f0000
is blank in the stock firmware so I left it out as well.
Signed-off-by: Steffen Förster <nemesis@chemnitz.freifunk.net>
Sungbo Eo [Sat, 18 Jan 2020 14:32:01 +0000 (23:32 +0900)]
kernel: remove further obsolete kernel version switches
Most of the kernel version switches below 4.14 were removed in commit
97940f876616 ("kernel: remove obsolete kernel version switches"),
but some of them still remained. Remove them now.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Adrian Schmutzler [Sat, 18 Jan 2020 18:02:44 +0000 (19:02 +0100)]
ath79: add led_ prefix for Phicomm K2T LED label
Using the led_ prefix for the node label is now common in ath79,
so also apply it here.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Sat, 18 Jan 2020 17:58:10 +0000 (18:58 +0100)]
ath79: use rssihigh LED instead of WAN LED for status indication
Using the LED of network interfaces for status (boot/failsafe/...)
indication is somewhat misleading, as the blinking might be
mistaken for network activity. This uses rssi LEDs instead, which
do not blink normally and thus are less ambiguous.
The rssihigh LED has also been used consistently for the TP-Link CPE
devices.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Sat, 18 Jan 2020 01:17:28 +0000 (02:17 +0100)]
octeon: remove redundant network setup
No need to have specific setup when default case does the same.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Hannu Nyman [Sat, 18 Jan 2020 08:30:27 +0000 (10:30 +0200)]
tools/cmake: update to 3.16.2
Update cmake to 3.16.2 and refresh patches.
Release notes:
https://cmake.org/cmake/help/v3.16/release/3.16.html
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Sungbo Eo [Wed, 1 Jan 2020 12:34:33 +0000 (21:34 +0900)]
ramips: rt305x: remove unnecessary mediatek,portmap
"#mediatek,portmap" is not a valid property name.
If mediatek,portmap equals 0x0, then the esw driver ditches it and uses
the default value, 0x3f.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Sungbo Eo [Wed, 1 Jan 2020 12:34:10 +0000 (21:34 +0900)]
ramips: mt76x8: fix bogus mediatek,portmap
mt76x8 uses esw_rt3050 driver, which does not accept mediatek,portmap with
string values. Convert the strings to integers to make it work.
According to its switch setup, WRTnode 2P/2R have a WAN port at port 0,
so the correct value should be 0x3e.
tplink_8m.dtsi uses "llllw", but it does not match switch setups of any
device using the DTSI. Remove it from the DTSI and add correct value to DTS
for each device.
These devices have a WAN port at port 0. Set the value to 0x3e.
- tplink,archer-c20-v4
- tplink,archer-c50-v3
- tplink,tl-mr3420-v5
- tplink,tl-wr840n-v4
- tplink,tl-wr841n-v13
- tplink,tl-wr842n-v5
These devices have only one ethernet port. They don't need portmap setting.
- tplink,tl-wa801nd-v5
- tplink,tl-wr802n-v4
- tplink,tl-wr902ac-v3
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Sungbo Eo [Wed, 1 Jan 2020 12:33:10 +0000 (21:33 +0900)]
ramips: mt7620/mt7621: remove invalid mediatek,portmap
mt7620 and mt7621 use mt7530 driver, which only accepts "llllw", "wllll",
and "lwlll" values.
According to its switch setup, Mi Router 3G v2 has a WAN port at port 4,
so the correct value should be "llllw".
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Rosen Penev [Fri, 17 Jan 2020 22:36:29 +0000 (14:36 -0800)]
base-files/functions.sh: use grep -q instead of []
It's cleaner and faster as it does not need to do extra work.
Also removed $() to avoid executing the output. The shell can handle it.
https://github.com/koalaman/shellcheck/wiki/SC2143
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[correct || to && for one conversion]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Jan Alexander [Wed, 15 Jan 2020 20:12:33 +0000 (21:12 +0100)]
ramips: fix wps leds/btn for TP-Link TL-WA801ND v5
- fix color and active mode for existing wps led
- add green wps led
- add wps button
Signed-off-by: Jan Alexander <jan@nalx.net>
[wrap line]
Signed-off-by: David Bauer <mail@david-bauer.net>
Rosen Penev [Fri, 17 Jan 2020 04:43:59 +0000 (20:43 -0800)]
base-files/system.sh: remove $ in $(())
Not needed.
https://github.com/koalaman/shellcheck/wiki/Sc2004
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Fri, 17 Jan 2020 04:43:57 +0000 (20:43 -0800)]
base-files/functions.sh: use && instead of -a
-a is not well defined.
https://github.com/koalaman/shellcheck/wiki/SC2166
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Fri, 17 Jan 2020 04:43:56 +0000 (20:43 -0800)]
base-files/functions.sh: remove useless cat
The cut command can take a file as an input.
https://github.com/koalaman/shellcheck/wiki/SC2002
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Fri, 17 Jan 2020 04:43:53 +0000 (20:43 -0800)]
base-files/functions.sh: don't use $var in $(())
It's not needed. It can also lead to subtle bugs.
https://github.com/koalaman/shellcheck/wiki/Sc2004
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Stijn Tintel [Thu, 16 Jan 2020 22:05:53 +0000 (00:05 +0200)]
libcxx: fix build for x86/64
When building libcxx for x86/64, the library is installed in /usr/lib64.
As the install section tries to copy the library from /usr/lib, this
breaks build on x86/64. Override the lib dir suffix to fix this.
Fixes:
856ea2bad3b3 ("libcxx: Add package")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rosen Penev <rosenp@gmail.com>
Hans Dedecker [Thu, 16 Jan 2020 20:50:11 +0000 (21:50 +0100)]
odhcpd: update to version 2020-01-14
6db312a dhcpv6-ia: use dhcp leasetime to set preferred/valid statefull lifetimes
2520c48 dhcpv6-ia: introduce DHCPv6 pd and ia assignments flags
b413d8a dhcpv6-ia: cleanup prefix delegation routes
b0902af dhcpv6-ia: remove passing interface as parameter to apply_lease
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
DENG Qingfang [Thu, 16 Jan 2020 15:35:00 +0000 (23:35 +0800)]
ccache: update to 3.7.7
Update ccache to 3.7.7
Release notes:
https://ccache.dev/releasenotes.html#_ccache_3_7_7
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
DENG Qingfang [Thu, 16 Jan 2020 16:27:59 +0000 (00:27 +0800)]
ramips: fix HiWiFi HC5962 status LED
Match LED behavior to stock firmware:
Red: booting
White: running
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
DENG Qingfang [Thu, 16 Jan 2020 16:24:43 +0000 (00:24 +0800)]
ramips: fix HiWiFi HC5962 switch configuration
HC5962 has only 3 LAN ports, switch port 0 is unused
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
David Lam [Thu, 16 Jan 2020 08:01:35 +0000 (00:01 -0800)]
hostapd: add support for system cert bundle validation
Currently, it is very cumbersome for a user to connect to a WPA-Enterprise
based network securely because the RADIUS server's CA certificate must first be
extracted from the EAPOL handshake using tcpdump or other methods before it can
be pinned using the ca_cert(2) fields. To make this process easier and more
secure (combined with changes in openwrt/openwrt#2654), this commit adds
support for validating against the built-in CA bundle when the ca-bundle
package is installed. Related LuCI changes in openwrt/luci#3513.
Signed-off-by: David Lam <david@thedavid.net>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Daniel Golle [Thu, 16 Jan 2020 08:13:51 +0000 (10:13 +0200)]
hostapd: cleanup IBSS-RSN
set noscan also for IBSS and remove redundant/obsolete variable.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Johann Neuhauser [Thu, 19 Dec 2019 12:11:26 +0000 (13:11 +0100)]
ath79: ar934x: use reset for usb-phy-analog
This was already available on ar71xx, but is missing on ath79.
This solves the slow usb speed on TP-Link WDR3600/WDR4300 and similar,
as reported in Flyspray [0], OpenWRT Forum [1] and GitHub PR [2].
[0] https://bugs.openwrt.org/index.php?do=details&task_id=2567
[1] https://forum.openwrt.org/t/usb-wdr4300-low-speed-on-external-storage/46794
[2] https://github.com/openwrt/openwrt/pull/964
Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
Johann Neuhauser [Thu, 19 Dec 2019 12:07:17 +0000 (13:07 +0100)]
ath79: phy-ar7200-usb: adapt old behavior of arch/mips/ath79/dev-usb.c
Do not put usb-phy into reset if clearing the usb-phy reset or
setting the suspend_override has failed.
Reorder (de)asserts like in arch/mips/ath79/dev-usb.c.
Add an optional reset_control "usb-phy-analog", which is needed for
ar934x SoCs like in the old mach-driver arch/mips/ath79/dev-usb.c.
Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
Thomas Nixon [Sun, 5 Jan 2020 21:38:36 +0000 (21:38 +0000)]
ar71xx/mikrotik: use ath10k-ct-smallbuffers for 64 MiB devices
This image is only needed on one device (wAP AC); since this target is
going to be removed anyway it doesn't make sense to add an extra "low
RAM" image.
Fixes OOM issues on RouterBoard wAP AC.
Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
Andrea Dalla Costa [Sat, 28 Dec 2019 16:43:40 +0000 (17:43 +0100)]
uboot-oxnas: fix memory leak in tool mkox820crc
In function `main` add calls to `free` for the variable `executable`.
This is needed because the variable `executable` is allocated but
never freed. This cause a memory leak.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
Adrian Schmutzler [Wed, 15 Jan 2020 22:03:16 +0000 (23:03 +0100)]
ath79: use caldata partition label consistently
Change the caldata partition DTS node label to be consistent with
the label property for some Netgear WNDR devices.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Aleksander Jan Bajkowski [Mon, 6 Jan 2020 11:02:36 +0000 (12:02 +0100)]
malta: enable HighMem on MIPS32
It allows to use more than 256MB memory on MIPS32.
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
John Crispin [Wed, 15 Jan 2020 20:31:12 +0000 (21:31 +0100)]
dropbear: fix compile error
Fixes:
0da193ee6943 ("dropbear: move failsafe code out of base-files")
Signed-off-by: John Crispin <john@phrozen.org>
Florian Eckert [Thu, 5 Dec 2019 10:33:38 +0000 (11:33 +0100)]
wireguard: skip peer config if public key of the peer is not defined
If a config section of a peer does not have a public key defined, the
whole interface does not start. The following log is shown
daemon.notice netifd: test (21071): Line unrecognized: `PublicKey='
daemon.notice netifd: test (21071): Configuration parsing erro
The command 'wg show' does only show the interface name.
With this change we skip the peer for this interface and emit a log
message. So the other peers get configured.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
John Crispin [Wed, 15 Jan 2020 20:17:13 +0000 (21:17 +0100)]
busybox: fix build issues
Fixes:
f704f97e4c57 ("busybox: Include hdparm by default on nas type device")
Signed-off-by: John Crispin <john@phrozen.org>
Michal Cieslakiewicz [Sun, 22 Dec 2019 20:55:54 +0000 (21:55 +0100)]
ath79: add support for Netgear WNDR4500 v3
This patch introduces support for Netgear WNDR4500v3. Router
is very similar to WNDR4300v2 and is based on the same PCB.
Information gathered from various Internet sources (including
https://patchwork.ozlabs.org/patch/809227/) shows following
differences to WNDR4300v2:
* two USB 2.0 ports with separate LEDs
* USB LEDs soldered to secondary pads
* WPS and RFKILL buttons soldered to secondary pads
* described as N900 device with 3x3:3 MIMO for 2.4GHz radio
* power supply requirement is DC 12V 2.5A
* vendor HW ID suffix differs in one digit
* bigger chassis
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Michal Cieslakiewicz [Sun, 22 Dec 2019 20:54:33 +0000 (21:54 +0100)]
ath79: add support for Netgear WNDR4300 v2
This patch introduces support for Netgear WNDR4300v2.
Specification
=============
* Description: Netgear WNDR4300 v2
* Loader: U-boot
* SOC: Qualcomm Atheros QCA9563 (775 MHz)
* RAM: 128 MiB
* Flash: 2 MiB SPI-NOR + 128 MiB SPI-NAND
- NOR: U-boot binary: 256 KiB
- NOR: U-boot environment: 64 KiB
- NOR: ART Backup: 64 KiB
- NOR: Config: 64 KiB
- NOR: Traffic Meter: 64 KiB
- NOR: POT: 64 KiB
- NOR: Reserved: 1408 KiB
- NOR: ART: 64 KiB
- NAND: Firmware: 25600 KiB (see notes for OpenWrt)
- NAND: Language: 2048 KiB
- NAND: mtdoops Crash Dump: 128 KiB
- NAND: Reserved: 103296 KiB
* Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8337)
* Wireless:
- 2.4 GHz b/g/n (internal)
- 5 GHz a/n (AR9580)
* USB: yes, 1 x USB 2.0
* Buttons:
- Reset
- WiFi (rfkill)
- WPS
* LEDs:
- Power (amber/green)
- WAN (amber/green)
- WLAN 2G (green)
- WLAN 5G (blue)
- 4 x LAN (amber/green)
- USB (green)
- WPS (green)
* UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
* Power supply: DC 12V 1.5A
* MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2
Important Notes
===============
0. NOR Flash (2 MiB) is not touched by OpenWrt installation.
1. NAND Flash (128 MiB) layout under OpenWrt is changed as follows:
all space is split between 4 MiB kernel and 124 MiB UBI areas;
vendor partitions (language and mtdoops) are removed; kernel space
size can be further expanded if needed; maximum image size is set
to 25600k for compatibility reasons and can also be increased.
2. CPU clock is 775 MHz, not 750 MHz.
3. 5 GHz wireless radio chip is Atheros AR9580-AR1A with bogus PCI
device ID 0xabcd. For ath9k driver to load successfully, this is
overriden in DTS with correct value for this chip, 0x0033.
4. RFKILL button is wired to AR9580 pin 9 which is normally disabled
by chip definition in ath9k code (0x0000F4FF gpio mask). Therefore
'qca,gpio-mask=<0xf6ff>' hack must be used for button to work
properly.
5. USB port is always on, no GPIO for 5V power control has been
identified.
Installation
============
* TFTP recovery
* TFTP via U-boot prompt
* sysupgrade
* Web interface
Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_nand=y
CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr4300-v2=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Michal Cieslakiewicz [Sun, 22 Dec 2019 20:53:29 +0000 (21:53 +0100)]
ath79: WNDR4300: increase kernel partition to 4M
Increase kernel partition from 2 MiB to 4 MiB for Netgear WNDR routers
with NAND flash. Change affects following devices:
* Netgear WNDR3700 v4
* Netgear WNDR4300
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Michal Cieslakiewicz [Sun, 22 Dec 2019 20:51:48 +0000 (21:51 +0100)]
mac80211: ath9k: add GPIO mask dts property
This patch adds 'qca,gpio-mask=<u32>' device tree property to ath9k node.
This optional setting is a hack and should only be used in very special
(and rare) cases when a button or LED is wired to a GPIO pin normally
masked out (due to being one-way etc). Netgear WNDR4300 v2 is one such
example - it uses GPI9 for RFKILL.
See ath9k/reg.h *_GPIO_MASK constants.
Use with caution and expect to see stream of kernel warnings if wrong
mask value is provided.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Maxim Storchak [Thu, 9 Jan 2020 18:27:44 +0000 (20:27 +0200)]
zram-swap: support swap priority
If zram-backed swap is added after an existing swap, it gets a lower
priority. Assiming that usually all other swaps are slower, there should
be a way to assign a higher priority to zram swap.
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
David Bauer [Sun, 12 Jan 2020 19:20:43 +0000 (20:20 +0100)]
ath79: add support for D-Link DIR-505
This commit adds support for the D-Link DIR-505, previously supported in
ar71xx.
Hardware
--------
SoC: Atheros AR9330
FLASH: 8M SPI-NOR
RAM: 64M
WIFI: 1T1R 1SS Atheros AR9330
LED: Power green, Status red
BTN: WPS, Reset
Installation
------------
Currently, installation is only possible by sysupgrading from an earlier
OpenWrt version, U-Boot TFTP or a modded U-Boot. I do not have the
original bootloader from D-Link on my device anymore, so i cannot test
the factory image.
Signed-off-by: David Bauer <mail@david-bauer.net>
Rosen Penev [Sun, 22 Dec 2019 01:51:47 +0000 (17:51 -0800)]
perf: Add libunwind only if selected
The depends are totally wrong. libunwind does not work with powerpc and
i386 as it needs glibc.
Instead of duplicating the platforms, just change the dependency.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Florian Eckert [Thu, 7 Nov 2019 10:40:31 +0000 (11:40 +0100)]
uhttpd: add enable instance option
With this change it is now possible to switch off single instances of
the uhttpd config. Until now it was only possible to switch all
instances of uhttpd on or off.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Kyle Copperfield [Sat, 9 Nov 2019 03:42:57 +0000 (19:42 -0800)]
hostapd: add wpa_strict_rekey support
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Rekey GTK on STA disassociate
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
Kyle Copperfield [Sat, 9 Nov 2019 03:42:56 +0000 (19:42 -0800)]
hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_required
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Allows dtim_period to be configurable, the default is from hostapd.
Adds additional regulatory tunables for power constraint and spectrum
managment.
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
Jeff Kletsky [Wed, 13 Nov 2019 21:09:49 +0000 (13:09 -0800)]
ath79: GL-AR750S (NOR/NAND): limit factory.img kernel size to 2 MB
The present U-Boot for GL-AR750S has a limit of 2 MB for kernel size.
While sysupgrade can manage kernels up to the present limit of 4 MB,
directly flashing a factory.img with a kernel size greater than 2 MB
through U-Boot will result in an unbootable device.
This commit uses the newly-introduced check-kernel-size build
operation to prevent the output of factory.img when the kernel
exceeds 2 MB in size, yet permits output of sysupgrade.img
as long as the kernel is within KERNEL_SIZE := 4096k
Cc: Chuanhong Guo <gch981213@gmail.com>
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Jeff Kletsky [Wed, 13 Nov 2019 21:09:48 +0000 (13:09 -0800)]
build: define check-kernel-size to remove unflashable images
Certain boards have limitations on U-Boot that prevent flashing
of images where the kernel size exceeds a threshold, yet
sysupgrade can sucessfully manage larger kernels. The current
check-size will remove the target artifact if its total size
exceeds the threshold. If applied after append-kernel,
it will remove the kernel, but the remaining image-assembly
steps will continue, resulting in an image without a kernel
that is likely unbootable.
By defining check-kernel-size, it is now possible to prevent release
of such unbootable images through a construct similar to:
IMAGE/factory.img := append-kernel | pad-to $$$$(GL_UBOOT_UBI_OFFSET) | \
append-ubi | check-kernel-size $$$$(GL_UBOOT_UBI_OFFSET)
Cc: Chuanhong Guo <gch981213@gmail.com>
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Kyle Copperfield [Tue, 19 Nov 2019 18:50:00 +0000 (18:50 +0000)]
dropbear: move failsafe code out of base-files
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Failsafe code of dropbear should be in the dropbear package not the
base-files package.
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
Linus Walleij [Wed, 1 Jan 2020 13:34:11 +0000 (14:34 +0100)]
busybox: Include hdparm by default on nas type device
NAS devices certainly need to have hdparm to configure
things like spin-down time or their disks will be
constantly spinning. Just catenate CONFIG_HDPARM=y
on these configs.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Tomasz Maciej Nowak [Tue, 14 Jan 2020 16:40:04 +0000 (17:40 +0100)]
ath79: wlr-7100: use ath10k-ct smallbuffers package variant
The memory hacks got removed from ath10k with
1e27bef ("mac80211: remove
ath10k_pci memory hacks"). As this device has low amount of RAM, switch
to ath-10k-ct small buffers variant, to avoid the OOM Reaper.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Eneas U de Queiroz [Wed, 15 Jan 2020 18:28:05 +0000 (15:28 -0300)]
cryptodev-linux: remove DEFAULT redefinition
The 'DEFAULT:=m if ALL' line prevents the phase1 buildbots from building
the package, and users from downloading it, since they use 'ALL_KMODS=y'
but 'ALL' is not set.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Felix Fietkau [Wed, 15 Jan 2020 12:54:28 +0000 (13:54 +0100)]
mac80211: fix MAC address allocations if the local bit is set on the base addr
If it's set, don't subtract 1 from the interface index encoded into the first
byte of the address
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Adrian Schmutzler [Tue, 17 Dec 2019 13:37:26 +0000 (14:37 +0100)]
lantiq: reorganize 02_network board.d files
This reorganizes 02_network board.d files based on what's done for
ath79 and ramips: Instead of putting all settings into a single big
case, the interface/dsl/MAC address setup is put into separate
functions with a specific switch case for each of them. This makes
grouping of devices much easier and should be easier to read, too.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Tue, 14 Jan 2020 20:45:43 +0000 (21:45 +0100)]
lantiq: move common DSL setup into lantiq.sh
DSL setup consists of the same commands for all subtargets, so move it
into a helper function.
While at it, remove shebang from library file.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Tue, 17 Dec 2019 00:15:35 +0000 (01:15 +0100)]
lantiq: split base-files into subtargets
This splits the device-dependent base-files into subtarget directories,
like done recently for ath79 and ramips. While this increases the
overall lines of codes, it will make the code per subtarget smaller
and easier to keep track of features and devices.
While at it, several variables at the top of 02_network are removed,
as they were never changed. The values are put directly into the
function calls where they are used.
Remove unneeded LED setup from 01_leds, and remove 01_leds entirely
for falcon subtarget (as it is not used there).
Applies alphabetic reordering to device cases in base-files.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Jo-Philipp Wich [Fri, 25 Oct 2019 17:42:09 +0000 (19:42 +0200)]
valgrind: do not strip internal preload libraries and executables
Implement the suggestions laid out in README_PACKAGERS, mainly by preventing
the stripping of the internal vgpreload*.so libraries.
Also retain the symbol information of valgrind's private helper executables
and enable LTO as suggested in the packagers readme.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Xu Wang [Mon, 6 Jan 2020 17:12:43 +0000 (17:12 +0000)]
base-files: fix build for /sbin/pkg_check
Setting CONFIG_IPK_FILES_CHECKSUMS=y causes sha256 checksum files to be
included with the packages to check for corruption. This commit fixes two
issues:
- /sbin/pkg_check was being removed incorrectly if IPK_FILES_CHECKSUMS=y
- checksums were being saved in the wrong file
Signed-off-by: Xu Wang <xwang1498@gmx.com>
Andrea Dalla Costa [Sat, 11 Jan 2020 23:21:10 +0000 (00:21 +0100)]
wrt350nv2-builder: Fix memory leak
Add missing call to `free` for variable `buffer` in function
`create_bin_file`.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
Andrea Dalla Costa [Sat, 11 Jan 2020 23:05:55 +0000 (00:05 +0100)]
firmware-utils/mktitanimg: fix possible resource leak
Add missing call to `fclose` for file pointer `nsp_image`.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
Andrea Dalla Costa [Sat, 11 Jan 2020 22:55:25 +0000 (23:55 +0100)]
firmware-utils/mksenaofw: fix possible memory leak
Add missing calls to `free` for variable `pmodel`.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
Andrea Dalla Costa [Sat, 11 Jan 2020 22:27:17 +0000 (23:27 +0100)]
firmware-utils/mkfwimage: fix possible memory and resource leak
Add missing calls to `free` for variable `mem`.
Add missing call to `fclose` for variable `f`.
The same changes were made in both `mkfwimage.c` and `mkfwimage2.c`.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
Andrea Dalla Costa [Sat, 11 Jan 2020 22:10:51 +0000 (23:10 +0100)]
firmware-utils/mkchkimg: fix possible resource leaks
Add missing `fclose` calls for file pointers `kern_fp`, `fs_fp`
and `out_fp`.
Not closing files could lead to resource leaks.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
Andrea Dalla Costa [Sat, 11 Jan 2020 21:41:31 +0000 (22:41 +0100)]
firmware-utils: fix possible memory leak and resource leak
Add missing calls to `free` for variable `buffer`.
This could lead to a memory leak.
Add missing call to `close` for file pointer `fdin`.
This could lead to a resource leak.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
Andrea Dalla Costa [Sat, 11 Jan 2020 21:27:39 +0000 (22:27 +0100)]
firmware-utils/dgfirmare: fix possible resource leak
Add missing calls to `fclose` in functions `write_img`, `write_rootfs`
and `write_kernel`.
The not-closed files could lead to resource leaks.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
David Lam [Tue, 14 Jan 2020 08:27:28 +0000 (00:27 -0800)]
hostapd: add support for subject validation
The wpa_supplicant supports certificate subject validation via the
subject match(2) and altsubject_match(2) fields. domain_match(2) and
domain_suffix_match(2) fields are also supported for advanced matches.
This validation is especially important when connecting to access
points that use PAP as the Phase 2 authentication type. Without proper
validation, the user's password can be transmitted to a rogue access
point in plaintext without the user's knowledge. Most organizations
already require these attributes to be included to ensure that the
connection from the STA and the AP is secure. Includes LuCI changes via
openwrt/luci#3444.
From the documentation:
subject_match - Constraint for server certificate subject. This substring
is matched against the subject of the authentication server certificate.
If this string is set, the server sertificate is only accepted if it
contains this string in the subject. The subject string is in following
format: /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as
.example.com
subject_match2 - Constraint for server certificate subject. This field is
like subject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST
tunnel) authentication.
altsubject_match - Constraint for server certificate alt. subject.
Semicolon separated string of entries to be matched against the
alternative subject name of the authentication server certificate. If
this string is set, the server sertificate is only accepted if it
contains one of the entries in an alternative subject name extension.
altSubjectName string is in following format: TYPE:VALUE Example:
EMAIL:server@example.com Example:
DNS:server.example.com;DNS:server2.example.com Following types are
supported: EMAIL, DNS, URI
altsubject_match2 - Constraint for server certificate alt. subject. This
field is like altsubject_match, but used for phase 2 (inside
EAP-TTLS/PEAP/FAST tunnel) authentication.
domain_match - Constraint for server domain name. If set, this FQDN is
used as a full match requirement for the
server certificate in SubjectAltName dNSName element(s). If a
matching dNSName is found, this constraint is met. If no dNSName
values are present, this constraint is matched against SubjectName CN
using same full match comparison. This behavior is similar to
domain_suffix_match, but has the requirement of a full match, i.e.,
no subdomains or wildcard matches are allowed. Case-insensitive
comparison is used, so "Example.com" matches "example.com", but would
not match "test.Example.com". More than one match string can be
provided by using semicolons to
separate the strings (e.g., example.org;example.com). When multiple
strings are specified, a match with any one of the values is considered
a sufficient match for the certificate, i.e., the conditions are ORed
together.
domain_match2 - Constraint for server domain name. This field is like
domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel)
authentication.
domain_suffix_match - Constraint for server domain name. If set, this
FQDN is used as a suffix match requirement for the AAA server
certificate in SubjectAltName dNSName element(s). If a matching dNSName
is found, this constraint is met. If no dNSName values are present,
this constraint is matched against SubjectName CN using same suffix
match comparison. Suffix match here means that the host/domain name is
compared one label at a time starting from the top-level domain and all
the labels in domain_suffix_match shall be included in the certificate.
The certificate may include additional sub-level labels in addition to
the required labels. More than one match string can be provided by using
semicolons to separate the strings (e.g., example.org;example.com).
When multiple strings are specified, a match with any one of the values
is considered a sufficient match for the certificate, i.e., the
conditions are ORed together. For example,
domain_suffix_match=example.com would match test.example.com but would
not match test-example.com. This field is like domain_match, but used
for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication.
domain_suffix_match2 - Constraint for server domain name. This field is
like domain_suffix_match, but used for phase 2 (inside
EAP-TTLS/PEAP/FAST tunnel) authentication.
Signed-off-by: David Lam <david@thedavid.net>
Jo-Philipp Wich [Tue, 14 Jan 2020 15:50:08 +0000 (16:50 +0100)]
netfilter: package required kmods for nftables
Package new kmods "nf_tables_set" and "nft_objref" which got introduced
with kernel 4.18 and restrict the old "nft_set_rbtree" and "nft_set_hash"
modules to sub-4.18 versions.
Also reorder the nftables related netfilter.mk entries alphabetically
while touching this code section.
Fixes: FS#2699
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2699#comment7450
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Felix Fietkau [Mon, 13 Jan 2020 21:10:03 +0000 (22:10 +0100)]
mac80211: fix list_phy_interfaces for multiple wiphys on the same device
Network interfaces are looked up based on the device behind a phy, so the
phy needs to be checked separately
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 13 Jan 2020 18:43:40 +0000 (19:43 +0100)]
mac80211: fix a page refcounting issue leading to leaks/crashes in rx A-MSDU decap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 13 Jan 2020 18:43:20 +0000 (19:43 +0100)]
mac80211: fix sta TID stats leak on a few nl80211 calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 13 Jan 2020 18:38:55 +0000 (19:38 +0100)]
mac80211: renumber subsys patches accepted upstream
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Adrian Schmutzler [Mon, 11 Nov 2019 15:27:50 +0000 (16:27 +0100)]
mediatek: split base-files into subtargets
This splits some base-files across subtargets, as done previously
on ath79 and ramips and also introduced for mt7629 subtarget here
already. Most of the existing base-files content is specific to
mt7623.
While at it, apply the following fixes:
- Remove lots of trailing whitespaces
- Remove wildcard on unielec,u7623-02-emmc-512m
- Remove inconsistent quotation marks in cases
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: John Crispin <john@phrozen.org>