Compare commits

...

874 Commits

Author SHA1 Message Date
Mikhail Novosyolov 3cd69d3546 Remove yggdrasil for now
1. It seems to allow any connections in default mode, I don't want it
https://t.me/rosalinux/63611
2. This package is very heavy (3.5 MB), there is enough space, but still...
4 years ago
Mikhail Novosyolov 22f2d947d9 add sudo, drop openssh (dropbear is enough) 4 years ago
Mikhail Novosyolov a59a5551a7 preinstall my SSH keys 4 years ago
Mikhail Novosyolov 8f608e1601 Add config of the 1st successfull build for Mercusys AC12
Image is 5.1 MB
4 years ago
Hauke Mehrtens f3f38f40da OpenWrt v19.07.3: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
Thibaut VARÈNE 85e04e9f46 generic: platform/mikrotik: fix LZOR support
31e99fe3da which introduced this code was unfortunately untested.
This commit fixes a number of issues and works around the fact that in
this particular scheme, the LZO payload may be padded at the end which
will trigger a harmless lzo decompression error.
This commit also disambiguates the debug printks.

Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Fixes: 31e99fe3da ("generic: platform/mikrotik: support LZOR encoding")
(cherry picked from commit 2ea481193c)
4 years ago
Robert Marko 4cd9ae41c5 libjson-c: backport security fixes
This backports upstream fixes for the out of bounds write vulnerability in json-c.
It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592

Addresses CVE-2020-12762

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
[bump PKG_RELEASE, rebase patches on top of json-c 0.12]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit bc0288b768)
4 years ago
Adrian Schmutzler 6ffd4d8a4d ar71xx: remove hard-coded folder name from Mikrotik RB upgrade
So far, specifying "BOARD_NAME := routerboard" is required by the
upgrade code of Mikrotik NAND devices, as "sysupgrade-routerboard"
is hardcoded in platform_do_upgrade_mikrotik_rb().

This patch replaces the latter with a grep for the name like it
is already done in nand_upgrade_tar() in /lib/upgrade/nand.sh.

This should enable upgrades from ar71xx to ath79 without setting
BOARD_NAME for the latter.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(backported from commit 281785d74f)
4 years ago
Daniel Golle d2ee15ef76 fstools: blockd: fix segfault triggered by non-autofs mounts
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
    at fstools-2020-05-06-eec16e2f/block.c:1193
1193:    if (!m->autofs && (mp = find_mount_point(pr->dev))) {

Fixes: 3b9e4d6d4c ("fstools: update to the latest version")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit b181294b02)
4 years ago
Thibaut VARÈNE 4cd44e5dc7 ar71xx: mikrotik: mach-rbspi.c remove wlan id
Following on the previous commit, this patch removes useless id argument
from rbspi_wlan_init().

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
4 years ago
Thibaut VARÈNE 3fecb06fb1 ar71xx: mikrotik: bypass id check in __rb_get_wlan_data()
The id parameter in __rb_get_wlan_data() was incorrectly used on the
assumption that id "0" would always be tied to ath9k with RLE encoding
and positive id (in fact, only id "1" was valid) would always be tied to
("external") ath10k with LZO encoding.

Newer hardware revisions of supported devices prove this assumption to
be invalid, with ath9k caldata being now wrapped in MAGIC_ERD and LZO
compressed, so disable this check to allow newer hardware to correctly
decode caldata for ath9k. Since ath10k caldata is no longer pulled from
this implementation, this commit also disables the publication in sysfs
to avoid wasting memory.

Note: this patch assumes that ath9k caldata is never stored with the new
"LZOR" encoding scheme found on some ath10k devices.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
4 years ago
Thibaut VARÈNE b36aa168d8 ar71xx: mikrotik: ath10k: use new sysfs driver
Fetch ath10k calibration data from backported mikrotik sysfs driver
which supports the newer "LZOR" encoding.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
4 years ago
Thibaut VARÈNE fa2369e59b generic: platform/mikrotik: support LZOR encoding
Some newer MikroTik RouterBOARD devices use a new encoding scheme
for their WLAN calibration data. This patch provides support for
decoding this new scheme.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
4 years ago
Thibaut VARÈNE 612b64e6c4 ar71xx: enable mikrotik platform driver
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
4 years ago
Thibaut VARÈNE 511859de9b generic: mikrotik platform build bits
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
4 years ago
Thibaut VARÈNE ddae86cc69 generic: routerboot sysfs platform driver
This driver exposes the data encoded in the "hard_config" flash segment
of MikroTik RouterBOARDs devices. It presents the data in a sysfs folder
named "hard_config". The WLAN calibration data is available on demand via
the 'wlan_data' sysfs file in that folder.

This driver permanently allocates a chunk of RAM as large as the
"hard_config" MTD partition (typically 4KB), although it is technically
possible to operate entirely from the MTD device without using a local
buffer (except when requesting WLAN calibration data), at the cost of a
performance penalty.

This driver does not reuse any of the existing code previously found in
routerboot.c.

This driver has been successfully tested on BE (ath79) and LE (ipq40xx
and ramips) hardware.

Tested-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Tested-by: Baptiste Jonglez <git@bitsofnetworks.org>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
Tested-by: Christopher Hill <ch6574@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
4 years ago
Koen Vandeputte 2efcfb1d1a kernel: bump 4.14 to 4.14.180
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Lech Perczak ecea10f2b9 ath79: dts: add missing 'serial0' alias for TP-Link TL-MR3040v2
Out of all devices currently supported based on AR9331 chipset,
this one had the 'serial0' alias missing. Add it to fix setting of
/dev/console and login shell on the onboard UART.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 94f3449977)
4 years ago
Hauke Mehrtens a8c92e9eda opkg: Fix PKG_MIRROR_HASH
Fixes: c61fbdd087 ("odhcpd: fix PKG_SOURCE_DATE")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
DENG Qingfang 844b892a74 ath10k-firmware: fix mirror hash
Fix PKG_MIRROR_HASH hash mismatch.

Fixes: 641a93f0f2 ("ath10k-firmware: update wave 1 firmware to 10.2.4-1.0-00047")
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 2d758129ca)
4 years ago
Jo-Philipp Wich 7e9d84ee4a opkg: update to latest Git HEAD
f2166a8 libopkg: implement lightweight package listing logic
cf4554d libopkg: support passing callbacks to feed parsing functions
2a0210f opkg-cl: don't read feeds on opkg update
b6f1967 libopkg: use xsystem() to spawn opkg-key
60b9af2 file_util.c: refactor and fix checksum_hex2bin()
206ebae file_util.c: fix possible bad memory access in file_read_line_alloc()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 79da9d78b9)
4 years ago
Jason A. Donenfeld 81f3f6540e wireguard: bump to 1.0.20200506
* compat: timeconst.h is a generated artifact

Before we were trying to check for timeconst.h by looking in the kernel
source directory. This isn't quite correct on configurations in which
the object directory is separate from the kernel source directory, for
example when using O="elsewhere" as a make option when building the
kernel. The correct fix is to use $(CURDIR), which should point to
where we want.

* compat: use bash instead of bc for HZ-->USEC calculation

This should make packaging somewhat easier, as bash is generally already
available (at least for dkms), whereas bc isn't provided by distros by
default in their build meta packages.

* socket: remove errant restriction on looping to self

It's already possible to create two different interfaces and loop
packets between them. This has always been possible with tunnels in the
kernel, and isn't specific to wireguard. Therefore, the networking stack
already needs to deal with that. At the very least, the packet winds up
exceeding the MTU and is discarded at that point. So, since this is
already something that happens, there's no need to forbid the not very
exceptional case of routing a packet back to the same interface; this
loop is no different than others, and we shouldn't special case it, but
rather rely on generic handling of loops in general. This also makes it
easier to do interesting things with wireguard such as onion routing.
At the same time, we add a selftest for this, ensuring that both onion
routing works and infinite routing loops do not crash the kernel. We
also add a test case for wireguard interfaces nesting packets and
sending traffic between each other, as well as the loop in this case
too. We make sure to send some throughput-heavy traffic for this use
case, to stress out any possible recursion issues with the locks around
workqueues.

* send: cond_resched() when processing tx ringbuffers

Users with pathological hardware reported CPU stalls on CONFIG_
PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning
these workers would never terminate. That turned out not to be okay on
systems without forced preemption. This commit adds a cond_resched() to
the bottom of each loop iteration, so that these workers don't hog the
core. We don't do this on encryption/decryption because the compat
module here uses simd_relax, which already includes a call to schedule
in preempt_enable.

* selftests: initalize ipv6 members to NULL to squelch clang warning

This fixes a worthless warning from clang.

* send/receive: use explicit unlikely branch instead of implicit coalescing

Some code readibility cleanups.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 4f6343ffe7)
4 years ago
Jason A. Donenfeld b956f6bd13 wireguard: bump to 20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit ea980fb9c6)
4 years ago
Hans Dedecker c61fbdd087 odhcpd: fix PKG_SOURCE_DATE
Fixes: 5e8b50da15 (odhcpd : fix lan host reachibility due to identical RIO and PIO prefixes (FS#3056))

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years ago
Hans Dedecker 5e8b50da15 odhcpd: fix lan host reachibility due to identical RIO and PIO prefixes (FS#3056)
49e4949 router: fix Lan host reachibility due to identical RIO and PIO prefixes (FS#3056)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years ago
Jo-Philipp Wich ac5d5d8d09 ustream-ssl: update to 19.07 Git HEAD
40b563b ustream-openssl: clear error stack before SSL_read/SSL_write
30cebb4 ustream-ssl: mbedtls: fix ssl client verification
77de09f ustream-ssl: mbedtls: fix net_sockets.h include warning

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich a6caa8fad1 uhttpd: update to 19.07 Git HEAD
975dce2 client: allow keep-alive for POST requests
d062f85 file: poke ustream after starting deferred program

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Rafał Miłecki 3b9e4d6d4c fstools: update to the latest version
eec16e2 blockd: add optional "device" parameter to "info" ubus method
9ab936d block(d): always call hotplug.d "mount" scripts from blockd
4963db4 blockd: use uloop_process for calling /sbin/hotplug-call mount
cddd902 Truncate FAT filesystem label until 1st occurance of a blank (0x20)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c3a43753b9)
4 years ago
Chuanhong Guo d9244a1b5b generic: ar8216: fix unknown packet flooding for ar8229/ar8236
ar8229 and ar8236 don't allow unknown unicast/multicast frames and
broadcast frames to be flooded to cpu port. This isn't desired behavior
for swconfig as we treat it as a standalone switch.
Current code doesn't enable unicast frame flooding for ar8229 and uses
wrong setup for ar8236. This commit fixes both of them by enabling port
0 flooding for all unknown frames.

Fixes: FS#2848
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 47f17b0662)
4 years ago
Jo-Philipp Wich 429e4490c4 libpcap: fix library packaging issues
Workaround a bug in patches/100-debian_shared_lib.patch - it attemptss to
extract the library major version from debian/changelog which does not exist
in the vanilla upstream tarball.

Create a fake changelog file for now to satisfy the version extraction
routine until we get around to properly augment the patch.

Fixes: FS#2970
Fixes: 96ee7c8bfd ("libpcap: Update shared-lib patch from Debian to fix linking problems")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Petr Štetiar e678cb1595 kernel: bump 4.14 to 4.14.179
Runtime-tested on: qemu-x86-64
Compile-tested on: x86/64

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Rafał Miłecki 8fa4ed9ef7 fstools: update to the latest version
8b9e601 block: always use st_dev (device ID) of / when looking for root
37c9148 block: simplify check_extroot() a bit
d70774d block: add some basic extroot documentation
32db27d Revert "block: support hierarchical mount/umount"
0b93429 Revert "block: mount_action: handle mount/umount deps"

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9295ce7006)
4 years ago
Felix Fietkau 5c6dfb5bc0 fstools: update to the latest version
84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b7d6e80fee)
4 years ago
Hauke Mehrtens 607809dcdc mac80211: Update to version 4.19.120
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
Paul Spooren 96d280cc37 scripts/download: add sources CDN as first mirror
OpenWrt now has a CDN for sources at sources.cdn.openwrt.org which
mirrors sources.openwrt.org.

Downloading sources outside Europe or US (mainland) could
result in low throughput, extremely slowing down the first compilation of
the build system.

This patch adds sources.cdn.openwrt.org as the first mirror to offer
worldwide fast download speeds by default. If the CDN goes down for
whatever reason, the script jumps to the next available mirror and
downloads requested files as before (in regional varying speed).

Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c737a9ee6a)
4 years ago
Hauke Mehrtens 55ccb04046 upgs: Remove extra _DEFAULT_SOURCE definition
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
 #define _DEFAULT_SOURCE

<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 70a962ca6f)
4 years ago
Hauke Mehrtens ee480c50c1 dante: Fix compile with glibc
When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.

This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1

Fixes: aaf46a8fe2 ("dante: disable sched_getscheduler() - not implemented in musl")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ce1798e915)
4 years ago
Yangbo Lu 5f0e25d966 perf: build with NO_LIBCAP=1
Build with NO_LIBCAP=1. This is to resolve build issue.

Package perf is missing dependencies for the following libraries:
libcap.so.2

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
(cherry picked from commit 80f128d2aa)
4 years ago
Linus Lüssing 005adba939 mac80211: ath10k: increase rx buffer size to 2048
Before, only frames with a maximum size of 1528 bytes could be
transmitted between two 802.11s nodes.

For batman-adv for instance, which adds its own header to each frame,
we typically need an MTU of at least 1532 bytes to be able to transmit
without fragmentation.

This patch now increases the maxmimum frame size from 1528 to 1656
bytes.

Tested with two ath10k devices in 802.11s mode, as well as with
batman-adv on top of 802.11s with forwarding disabled.

Fix originally found and developed by Ben Greear.

Link: https://github.com/greearb/ath10k-ct/issues/89
Link: 9e5ab25027
Cc: Ben Greear <greearb@candelatech.com>
Signed-off-by: Linus Lüssing <ll@simonwunderlich.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 066ec97167)
4 years ago
Matt Merhar 0974d59b5f kernel: backport fix for non-regular inodes on f2fs
Upstream commit dda9f4b9ca ("f2fs: fix to skip verifying block address
for non-regular inode").

On 4.14, attempting to perform operations on a non-regular inode
residing on an f2fs filesystem, such rm-ing a device node, would fail
and lead to a warning / call trace in dmesg. This fix was already
applied to other kernels upstream - including 4.19, from which the patch
was taken.

More info at https://bugzilla.kernel.org/show_bug.cgi?id=202495.

Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry picked from commit ee500186a5)
4 years ago
Adrian Schmutzler f40947a8c0 ath79: indicate boot/failsafe/upgrade for NanoBeam/Nanostation AC
Like for Ubiquiti PowerBeam 5AC Gen2, the highest RSSI LED can
be exploited to indicate boot/failsafe/upgrade for the NanoBeam AC
and Nanostation AC as well.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 80a094aaf3)
4 years ago
Adrian Schmutzler 65cf72d5d2 ath79: add SUPPORTED_DEVICES based on ar71xx for some devices
This adds some still-missing board names for old TP-Link devices
to ath79 SUPPORTED_DEVICES.

Fixes: FS#3017

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 522f6b7eee)
4 years ago
Petr Štetiar f9ef0c5705 kernel: bump 4.14 to 4.14.178
Refreshed all patches and removed upstreamed:

 oxnas/001-irqchip-versatile-fpga-Handle-chained-IRQs-properly.patch
 oxnas/002-irqchip-versatile-fpga-Apply-clear-mask-earlier.patch

Fixes: CVE-2020-12114 and CVE-2020-11669

Runtime-tested on: qemu-x86-64
Compile-tested on: ath79/generic, x86/64, imx6

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Antonio Quartulli 2df0ea042d wpad-wolfssl: fix crypto_bignum_sub()
Backport patch from hostapd.git master that fixes copy/paste error in
crypto_bignum_sub() in crypto_wolfssl.c.

This missing fix was discovered while testing SAE over a mesh interface.

With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with
wpad-mesh-wolfssl.

Cc: Sean Parkinson <sean@wolfssl.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4b3b8ec81c)
4 years ago
Felix Fietkau ec6cb33452 mac80211: backport fix for an no-ack tx status issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Tested-by: Jérôme Benoit <jerome.benoit@piment-noir.org> [WRT1900AC v1]
[added missing package version bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit e0ab33ea49)
4 years ago
Felix Fietkau f141cdd200 hostapd: unconditionally enable ap/mesh for wpa-cli
Without this change, wpa-cli features depend on which wpad build variant was
used to build the wpa-cli package

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Tested-by: Jérôme Benoit <jerome.benoit@piment-noir.org> [WRT1900AC v1]
[added missing package version bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 03e9e4ba9e)
4 years ago
Petr Štetiar 54b6683390 wireless-regdb: backport three upstream fixes
Another release is overdue for quite some time, so I'm backporting three
fixes from upstream which I plan to backport into 19.07 as well.

Ref: FS#2880
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 76a0ddf130)
4 years ago
Petr Štetiar 55591e63bc curl: backport fix for CVE-2019-15601
On Windows, refuse paths that start with \\ ... as that might cause an
unexpected SMB connection to a given host name.

Ref: PR#2730
Ref: https://curl.haxx.se/docs/CVE-2019-15601.html
Suggested-by: Jerome Benoit <jerome.benoit@sap.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Pawel Dembicki 35ea808b97 uboot-kirkwood: fix ethernet and usb
Before 2019.01 version was introduced patch, which changes cache
routines: 93b283d4 ("ARM: CPU: arm926ejs: Consolidate cache
routines to common file"). Unfortunately that patch make ethernet
and usb in kirkwood broken.

This patch backport commit 599f7aa5 ("ARM: kirkwood: disable dcache
for Kirkwood boards"), which are fix for that problem.

Fixes: dc08514e6d ("uboot-kirkwood: update to 2019.01")

Run tested: pogoplugv4

Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
4 years ago
Chuanhong Guo 5feb0df9bb ramips: remove memory node for ZBT MT7621 devices
It's known that ZBT sells 256M variants of these routers. As a result,
our images won't be able to boot on these routers.
This commit removes memory node for them. With previously backported
memory detection patch, kernel is able to detect memory size itself.

Fixes: FS#3053
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
4 years ago
Sungbo Eo b80a98ae7f ramips: remove unnecessary DEVICE_PACKAGES for Belkin F7C027
kmod-usb-dwc2 and kmod-usb-ledtrig-usbport are not target default packages, and
Belkin F7C027 does not have a USB port anyway. Just drop it.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 1dedad2a00)
4 years ago
Sungbo Eo bfe652c5bd oxnas: move service file to correct place
This service file has been misplaced from the very beginning.

Fixes: dcc34574ef ("oxnas: bring in new oxnas target")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 01961f163d)
4 years ago
Kevin Darbyshire-Bryant 5b4e4a38d8 relayd: bump to version 2020-04-25
f4d759b dhcp.c: further improve validation

Further improve input validation for CVE-2020-11752

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 9e7d11f3e2)
4 years ago
Kevin Darbyshire-Bryant 4e5a29827f umdns: update to version 2020-04-25
cdac046 dns.c: fix input validation fix

Due to a slight foobar typo, failing to de-reference a pointer, previous
fix not quite as complete as it should have been.

Improve CVE-2020-11750 fix

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 9f7c8ed078)
4 years ago
Henrique de Moraes Holschuh c2efc973d5 dnsmasq: fix dnssec+ntp chicken-and-egg workaround (FS#2574)
Fix the test for an enabled sysntp initscript in dnsmasq.init, and get
rid of "test -o" while at it.

Issue reproduced on openwrt-19.07 with the help of pool.ntp.br and an
RTC-less ath79 router.  dnssec-no-timecheck would be clearly missing
from /var/etc/dnsmasq.conf.* while the router was still a few days in
the past due to non-working DNSSEC + DNS-based NTP server config.

The fix was tested with the router in the "DNSSEC broken state": it
properly started dnsmasq in dnssec-no-timecheck mode, and eventually ntp
was able to resolve the server name to an IP address, and set the system
time.  DNSSEC was then enabled by SIGINT through the ntp hotplug hook,
as expected.

A missing system.ntp.enabled UCI node is required for the bug to show
up.  The reasons for why it would be missing in the first place were not
investigated.

Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit 556b8581a1)
4 years ago
Petr Štetiar 6c020577ae libpcap: fix build breakage with very high number of simultaneous jobs
Building libpcap with high number (64) of simultaneous jobs fails:

 In file included from ./fmtutils.c:42:0:
 ./ftmacros.h:106:0: warning: "_BSD_SOURCE" redefined
   #define _BSD_SOURCE

 <command-line>:0:0: note: this is the location of the previous definition
 ./gencode.c:67:10: fatal error: grammar.h: No such file or directory
  #include "grammar.h"
           ^~~~~~~~~~~
 compilation terminated.
 Makefile:99: recipe for target 'gencode_pic.o' failed

So fix this by less intrusive way by disabling the parallel builds for
this package.

Ref: FS#3010
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Petr Štetiar efe837de84 openssl: bump to 1.1.1g
Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with
high severity, assigned CVE-2020-1967.

Ref: https://www.openssl.org/news/secadv/20200421.txt
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3773ae127a)
4 years ago
Kevin Darbyshire-Bryant 1df49d98e7 relayd: bump to version 2020-04-20
796da66 dhcp.c: improve input validation & length checks

Addresses CVE-2020-11752

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit be172e663f)
4 years ago
Kevin Darbyshire-Bryant b71c7c261b umdns: update to version 2020-04-20
e74a3f9 dns.c: improve input validation

Addresses CVE-2020-11750

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 533da61ac6)
4 years ago
Kevin Darbyshire-Bryant b6d8119c53 umdns: update to the version 2020-04-05
ab7a39a umdns: fix unused error
45c4953 dns: explicitly endian-convert all fields in header and question

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 22ae8bd50e)
(cherry picked from commit 17c4593e63f5847868f2c38185275199d37d379a)
4 years ago
Kevin Darbyshire-Bryant ef3df27507 umdns: suppress address-of-packed-member warning
gcc 8 & 9 appear to be more picky with regards access alignment to
packed structures, leading to this warning in dns.c:

dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer
(alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer
(alignment 2) may result in an unaligned pointer value
[-Werror=address-of-packed-member]

261 |  uint16_t *swap = (uint16_t *) q;

Work around what I think is a false positive by turning the warning off.
Not ideal, but not quite as not ideal as build failure.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 02640f0147)
(cherry picked from commit a10b6ec1c8cd6d14a3b76a2ec3d81442b85f7321)
4 years ago
Hans Dedecker 55312cc202 binutils: add ALTERNATIVES for strings (FS#3001)
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 5f126c541a)
4 years ago
Magnus Kroken 3b6f079d8d mbedtls: update to 2.16.6
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters

Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 02fcbe2f3d)
4 years ago
Tomasz Maciej Nowak 67ed408af2 mvebu: cortexa9: correct cpu subtype
Armada 370  processors have only 16 double-precision registers. The
change introduced by 8dcc108760 ("toolchain: ARM: Fix toolchain
compilation for gcc 8.x") switched accidentally the toolchain for mvebu
cortexa9 subtarget to cpu type with 32 double-precision registers. This
stems from gcc defaults which assume "vfpv3-d32" if only "vfpv3" as mfpu
is specified. That change resulted in unusable image, in which kernel
will kill userspace as soon as it causing "Illegal instruction".

Ref: https://forum.openwrt.org/t/gcc-was-broken-on-mvebu-armada-370-device-after-commit-on-2019-03-25/43272
Fixes: 8dcc108760 ("toolchain: ARM: Fix toolchain compilation for
gcc 8.x")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(cherry picked from commit 2d61f8821c)
4 years ago
Tomasz Maciej Nowak dee8fcfe9f tegra: correct cpu subtype
Tegra 2 processors have only 16 double-precision registers. The change
introduced by 8dcc108760 ("toolchain: ARM: Fix toolchain compilation
for gcc 8.x") switched accidentally the toolchain for tegra target to cpu
type with 32 double-precision registers. This stems from gcc defaults
which assume "vfpv3-d32" if only "vfpv3" as mfpu is specified. That
change resulted in unusable image, in which kernel will kill userspace as
soon as it causing "Illegal instruction".

Ref: https://forum.openwrt.org/t/gcc-was-broken-on-mvebu-armada-370-device-after-commit-on-2019-03-25/43272
Fixes: 8dcc108760 ("toolchain: ARM: Fix toolchain compilation for
gcc 8.x")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(cherry picked from commit 43d1d88510)
4 years ago
Joel Johnson d8e0b015e8 mvebu: backport ClearFog SPI enablement
Backport Device Tree change first added in kernel 4.19 to enable the SPI
device on ClearFog devices by default. This is tested and working in
snapshot builds with kernel 5.4+, include the change in future 19.07
patch releases.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
4 years ago
Koen Vandeputte 0232f57e1a kernel: bump 4.14 to 4.14.176
Refreshed all patches.

Remove upstreamed:
- 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
- 003-ARM-dts-oxnas-Fix-clear-mask-property.patch

Fixes:
- CVE-2020-8647
- CVE-2020-8648 (potentially)
- CVE-2020-8649

Compile-tested on: cns3xxx, octeontx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Adrian Schmutzler 286c407c3d ath79: add SUPPORTED_DEVICES for TP-Link TL-WA901ND v2
This adds the board name from ar71xx to support upgrade without
-F for the TP-Link TL-WA901ND v2.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 508462a399)
4 years ago
Josef Schlehofer 02c6deab8c mbedtls: update to version 2.16.5
Changelog:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released

Security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 36af1967f5)
4 years ago
Adrian Schmutzler 01b624e28e Revert "ramips: disable ZyXel Keenetic by default"
This reverts commit c38074de92.

Since ZyXEL Keenetic has actually 8 MiB flash as fixed in the
previous patch, we can re-enable it.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Alexey Dobrovolsky 14c8ea0245 ramips: use full 8MB flash on ZyXEL Keenetic
ZyXEL Keenetic has 8MB flash, but OpenWrt uses only 4MB.
This commit fixes the problem.

WikiDevi page [1] says that ZyXEL Keenetic has FLA1: 8 MiB, there is
an article with specs [2] (in Russian).

[1] https://wikidevi.wi-cat.ru/ZyXEL_Keenetic
[2] https://3dnews.ru/608774/page-2.html

Fixes: FS#2487
Fixes: a7cbf59e0e ("ramips: add new device ZyXEL Keenetic as kn")

Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
(cherry picked from commit fea232ae8f)
4 years ago
Dan Haab 5b9b833f8c bcm53xx: add support for Luxul FullMAC WiFi devices
This prepares support for models XAP-1610 and XWR-3150. Flashing
requires using Luxul firmware version:
1) 8.1.0 or newer for XAP-1610
2) 6.4.0 or newer for XWR-3150
and uploading firmware using "Firmware Update" web UI page.

Signed-off-by: Dan Haab <dan.haab@legrand.com>
(cherry picked from commit c459a6bf48)
4 years ago
Rafał Miłecki ab3549a870 bcm53xx: refactor board.d code in 02_network
1. Use functions for cleaner code
2. Always execute WAN interface generic code

Before this change WAN interface code wasn't executed on all devices due
to an early "exit 0".

Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b51ea43f90)
4 years ago
Rafał Miłecki 35413b047c bcm53xx: sysupgrade: optimize building UBI image
Use "truncate" to adjust size of existing file instead of "dd" which
required creating a copy. This saves space on tmpfs. It may be as low
as 2.1 MiB when using OpenWrt default user space and way more (20+ MiB)
when flashing vendor firmware.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8abefc8896)
4 years ago
Rafał Miłecki 55c29c398c busybox: enable truncate on bcm53xx target
It's needed for optimized sysupgrade. On host machine this change
increased busybox size by 4096 B.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 547f1ec25a)
4 years ago
Rafał Miłecki a89731ad7a bcm53xx: fix ASUS firmwares to use vendor format
Image building process was missing "asus-trx" step which resulted in raw
TRX files (without ASUS footer with device id).

Fixes: 0b9de8daa7 ("bcm53xx: add profiles for all other (SoftMAC) devices")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0493d57e04)
4 years ago
Eneas U de Queiroz 36373c5ddb openssl: bump to 1.1.1f
There were two changes between 1.1.1e and 1.1.1f:
- a change in BN prime generation to avoid possible fingerprinting of
  newly generated RSA modules
- the patch reversing EOF detection we had already applied.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit af5ccfbac7)
4 years ago
Adrian Schmutzler 470f7c046c ath79: add support for TP-Link TL-WDR4310 v1
This device seems to be identical to the TL-WDR4300, just with
different release date/region and TPLINK_HWID.

Support is added based on the ar71xx implementation.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 676ca94c3c)
4 years ago
Hauke Mehrtens 96ee7c8bfd libpcap: Update shared-lib patch from Debian to fix linking problems
This updates the shared-lib patch to the recent version from debian
found here:
https://salsa.debian.org/rfrancoise/libpcap/-/blob/debian/1.9.1-2/debian/patches/shared-lib.diff

This patch makes it include missing/strlcpy.o to the shared library
which is needed for OpenWrt glibc builds, otherwise there is an
undefined symbol and tcpdump and other builds are failing.

Fixes: 44f11353de ("libpcap: update to 1.9.1")
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
4 years ago
Michael T Farnworth 96092a8eea mkrasimage: fix segmentation fault
Code was attempting to determine the size of the file
before it was actually known and allocating insufficient
memory space.  Images above a certain size caused a
segmentation fault.  Moving the calloc() ensured ensured
that large images didn't result in a buffer overflow on
memcpy().

Signed-off-by: Michael T Farnworth <michael@turf.org>
[fixed name in From to match one in SoB]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b468353a37)
4 years ago
Petr Štetiar bf5ea2a8dc rpcd: fix respawn settings
Commit 432ec292cc ("rpcd: add respawn param") has introduced infinite
restarting of the service which could be reached over network. This is
not recommended security practice as it might give potential adversary
infinite number of tries in case there might be some issue in the rpcd
or its surrounding stack.

So lets remove the currently bogus `respawn_retry` variable (it wasn't
possible to override it anyway), reverting to the previous default max.
of 5 service restarts which could be now overriden via system's UCI
settings if desired.

Cc: Jo-Philip Wich <jow@mein.io>
Cc: Florian Eckert <fe@dev.tdt.de>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: 432ec292cc ("rpcd: add respawn param")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 52e6fb1369)
4 years ago
Jan Kardell 83381ce95d readline: needs host depend on ncurses to build
We must ensure that host ncurses is build before host readline.

Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
(cherry picked from commit ecef29b294)
4 years ago
Robert Marko 45b586c4a6 tools: squashfskit4: fix build with GCC10
In order to build squashfskit with GCC10, this backport from upstream is needed.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
[increase PKG_RELEASE]
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit be4ed1db18)
4 years ago
Alexander Couzens 79b60d878d squashfskit4/Makefile: introduce PKG_RELEASE=1
When adding patches, the PKG_RELEASE should be increased.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit 1f4020a293)
4 years ago
Kevin Darbyshire-Bryant a08394b3c6 build: prereq: tidy gcc version checks
There is a restriction in the number of parameters(10)  that may be passed to
the SetupHostCommand macro so continually adding explicit gcc'n' version
checks ends up breaking the compiler check for the later versions and
oddballs like Darwin as was done in 835d1c68a0 which added gcc10.

Drop all the explicitly specified gcc version checks.  If a suitable gcc
compiler is not found, it may be specified at the dependency checking
stage after which that version will be symlinked into the build staging
host directory.

eg. 'CC=gccfoo CXX=g++foo make prereq'

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 1fb3c003d6)
4 years ago
Robert Marko 66cbfeeaae build: add GCC 10 version detection
Lets add GCC 10 detection to the build system as distributions like Fedora 32 have started shipping with it.
Some tools like mtd-utils need work to compile under GCC10, but that will be next step.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit 835d1c68a0)
4 years ago
Eneas U de Queiroz eea3a9625c openssl: revert EOF detection change in 1.1.1
This adds patches to avoid possible application breakage caused by a
change in behavior introduced in 1.1.1e.  It affects at least nginx,
which logs error messages such as:
nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error:
4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while
keepalive, client: xxxx, server: [::]:443

Openssl commits db943f4 (Detect EOF while reading in libssl), and
22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the
behavior when encountering an EOF in SSL_read().  Previous behavior was
to return SSL_ERROR_SYSCALL, but errno would still be 0.  The commits
being reverted changed it to SSL_ERRO_SSL, and add an error to the
stack, which is correct.  Unfortunately this affects a number of
applications that counted on the old behavior, including nginx.

The reversion was discussed in openssl/openssl#11378, and implemented as
PR openssl/openssl#11400.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 2e8a4db9b6)
4 years ago
Hauke Mehrtens c6c3f6bb0a mac80211: Update to version 4.19.112
The removed patches are all integrated in the upstream version now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
Petr Štetiar 794fd4c6cf procd: turn error into debug message for missing ujail binary
Since commit 557f11b3a20f ("instance: provide error feedback if ujail
binary is missing") worrying log spam of the form "unable to find
/sbin/jail ..." may be encountered.

This corresponds with the changes done in the upstream commit
bcb86554f1b4 ("instance: add 'requirejail' attribute").

Ref: https://forum.openwrt.org/t/openwrt-19-07-2-service-release/57066
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Baptiste Jonglez f5b3cd1539 ar71xx: Fix gigabit switch support for Mikrotik RB951G-2HnD
Without this patch, when using rev 3 of the Atheros AR9344 SoC, the
gigabit switch (AR8327) does not work or works very erratically.

This is a re-spin of http://patchwork.ozlabs.org/patch/419857/ with a
different PLL value, according to the feedback from several users
(including myself) as shown here:

  https://openwrt.org/toh/mikrotik/rb2011uias#tracking_reported_experience_with_suggested_patch_for_the_5_gige_ports

Performance is acceptable: testing L3 forwarding without NAT yields a
performance of 370 Mbit/s (iperf3 TCP) and 41 Kpps (iperf3 UDP with 64
bytes payload). Both tests show that 100% of CPU time is spent on softirq.

A similar fix for a different device (RB2011) was added in e457d22261
("Make GBit switch work on RB2011").

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 247043c968)
4 years ago
Adrian Schmutzler bdbda30384 ath79: add support for TP-Link TL-WA860RE v1
This ports support for the TL-WA860RE v1 range extender from ar71xx
to ath79.

Specifications:
  Board: AP123 / AR9341 rev. 3
  Flash/RAM: 4/32 MiB
  CPU: 535 MHz
  WiFi: 2.4 GHz b/g/n
  Ethernet: 1 port (100M)
  Two external antennas

Flashing instructions:
  Upload the factory image via the vendor firmware upgrade option.

Recovery:
  Note that this device does not provide TFTP via ethernet like many
  other TP-Link devices do. You will have to open the case if you
  require recovery beyond failsafe.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Sebastian Knapp <sebastian4842@outlook.com>
(cherry picked from commit 385f4868bc)
4 years ago
Adrian Schmutzler 2e6bfab8c5 ath79: add support for TP-Link TL-WA850RE v1
This ports support for the TL-WA850RE v1 range extender from ar71xx
to ath79.

Specifications:
  Board: AP123 / AR9341 rev. 3
  Flash/RAM: 4/32 MiB
  CPU: 535 MHz
  WiFi: 2.4 GHz b/g/n
  Ethernet: 1 port (100M)

Flashing instructions:
Upload the factory image via the vendor firmware upgrade option.

Recovery:
Note that this device does not provide TFTP via ethernet like many
other TP-Link devices do. You will have to open the case if you
require recovery beyond failsafe.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6eaea3a8ba)
4 years ago
Rafał Miłecki dba6f418fa mac80211: fix brcmfmac monitor interface crash
This fixes bug in brcmfmac *exposed* by ipv6/addrconf fix.

Fixes: 6e4453aecc ("kernel: backport out-of-memory fix for non-Ethernet devices")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 038318f766)
4 years ago
Jan Alexander 27e77922a1 ar71xx: use status led for GL.iNet GL-AR750S
Use power led for device status.

The status led behavior has already been fixed in af28d8a539
("ath79: add support for GL.iNet GL-AR750S") when porting the
device to ath79. This fixes it for ar71xx as well.

Signed-off-by: Jan Alexander <jan@nalx.net>
[minor commit title/message adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit d394c354ee)
4 years ago
David Bauer 81264ebb51 brcm2708: fix build failure
Build of the brcm2708 subtarget currently fails with the following error
message:

 arch/arm/lib/memset_rpi.S: Assembler messages:
 arch/arm/lib/memset_rpi.S:65: Error: garbage following instruction
  -- `orr DAT0,DAT0,lsl#8'
 arch/arm/lib/memset_rpi.S:67: Error: garbage following instruction
  -- `orr DAT0,DAT0,lsl#16'
 scripts/Makefile.build:427: recipe for target 'arch/arm/lib/memset_rpi.o'
 failed

Using the assembly notation from master fixes this error.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years ago
Jordan Sokolic 39405644d5 dnsmasq: add 'scriptarp' option
Add option 'scriptarp' to uci dnsmasq config to enable --script-arp functions.
The default setting is false, meaning any scripts in `/etc/hotplug.d/neigh` intended
to be triggered by `/usr/lib/dnsmasq/dhcp-script.sh` will fail to execute.

Also enable --script-arp if has_handlers returns true.

Signed-off-by: Jordan Sokolic <oofnik@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
4 years ago
Eneas U de Queiroz d5b1f4430f openssl: update to 1.1.1e
This version includes bug and security fixes, including medium-severity
CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit dcef8d6093)
4 years ago
Eneas U de Queiroz 798ff37aaa openssl: add configuration example for afalg-sync
This adds commented configuration help for the alternate, afalg-sync
engine to /etc/ssl/openssl.cnf.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d9d689589b)
4 years ago
Daniel Golle 168acbb36d oxnas: yet another irqchip related patch
This time DTS fix, again from Sungbo Eo <mans0n@gorani.run>
  ARM: dts: oxnas: Fix clear-mask property

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9e5a25846f)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years ago
Daniel Golle cf4520d15e oxnas: backport another fix for irqchip
Sungbo Eo <mans0n@gorani.run> submitted another patch fixing an error
on reboot:
  irqchip/versatile-fpga: Apply clear-mask earlier

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 19af00850f)
4 years ago
Adrian Schmutzler 456e1c60d6 ath79: add support for TP-Link WDR3500 v1
Hardware:
SoC:      AR9344
CPU:      560 MHz
Flash:    8 MiB
RAM:      128 MiB
WiFi:     Atheros AR9340 2.4GHz 802.11bgn
          Atheros AR9300 5GHz 802.11an
Ethernet: AR934X built-in switch, WAN on separate physical interface
USB:      1x 2.0

Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.

Flash instruction (TFTP):
1. Set PC to fixed ip address 192.168.0.66
2. Download *-factory.bin image and rename it to
   wdr3500v1_tp_recovery.bin
3. Start a tftp server with the image file in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[removed stray newline]
Signed-off-by: David Bauer <mail@david-bauer.net>
(backported from commit fbbb4eb8b4)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Adrian Schmutzler e7fae8fc97 ath79: add support for TP-Link Archer C60 v3
TP-Link Archer C60 v3 is a dual-band AC1350 router,
based on Qualcomm/Atheros QCA9561 + QCA9886.

It seems to be identical to the v2 revision, except that
it lacks a WPS LED and has different GPIO for amber WAN LED.

Specification:

- 775/650/258 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 6x LED, 2x button
- UART header on PCB

Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.

Flash instruction (TFTP):
1. Set PC to fixed IP address 192.168.0.66
2. Download *-factory.bin image and rename it to tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root
   directory
4. Turn off the router
5. Press and hold reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time the firmware should
   be transferred from the tftp server
8. Wait ~30 second to complete recovery

While TFTP works for OpenWrt images, my device didn't accept the
only available official firmware "Archer C60(EU)_V3.0_190115.bin".

In contrast to earlier revisions (v2), the v3 contains the (same)
MAC address twice, once in 0x1fa08 and again in 0x1fb08.
While the partition-table on the device refers to the latter, the
firmware image contains a different partition-table for that region:

name           device            firmware
factory-boot   0x00000-0x1fb00   0x00000-0x1fa00
default-mac    0x1fb00-0x1fd00   0x1fa00-0x1fc00
pin            0x1fd00-0x1fe00   0x1fc00-0x1fd00
product-info   0x1fe00-0x1ff00   0x1fd00-0x1ff00
device-id      0x1ff00-0x20000   0x1ff00-0x20000

While the MAC address is present twice, other data like the PIN isn't,
so with the partitioning from the firmware image the PIN on the device
would actually be outside of its partition.
Consequently, the patch uses the MAC location from the device (which
is the same as for the v2).

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 646d95c374)
4 years ago
Daniel Golle 2bd9d2e08b oxnas: backport patch fixing hang after reboot
Sungbo Eo <mans0n@gorani.run> posted a patch fixing the long-standing
reboot problem on the OXNAS OX820 platform:
  irqchip/versatile-fpga: Handle chained IRQs properly

It got queued for 5.7. Import it to oxnas target patches for now.

Fixes: b4917fa907 ("oxnas: fix oxnas-rps-timer dt-match")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 67b04e767a)
4 years ago
Sungbo Eo 74a8e36975 layerscape: add kmod-i2c-mux to DEVICE_PACKAGES for traverse-ls1043
kmod-i2c-mux-pca954x will not get into images unless kmod-i2c-mux is added to
DEVICE_PACKAGES as well.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit dffbe668ab)
4 years ago
Jun Su 7ae345ecb7 ath79: add support for TP-Link TL-WR740N v5
This adds support for the TP-Link TL-WR740N v5, a clone of the
v4 only with a different TPLINK_HWID. It was already supported
in ar71xx as well.

Specifications:

SOC: Atheros AR9331
CPU: 400MHz
Flash: 4 MiB
RAM: 32 MiB
WLAN: Atheros AR9330 bgn
Ethernet: 5 ports (100M)

Flashing instructions:

- Flash factory image from OEM WebUI:
  openwrt-ath79-tiny-tplink_tl-wr740n-v5-squashfs-factory.bin
- Sysupgrade from ar71xx image:
  openwrt-ath79-tiny-tplink_tl-wr740n-v5-squashfs-sysupgrade.bin

Signed-off-by: Jun Su <howard0su@gmail.com>
[commit title/message facelift, backport for 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit b9f4f1f97a)
4 years ago
Adrian Schmutzler 76c1c1daea ar71xx: fix port order on TP-Link Archer C60 v1/v2
The labels on the LAN ports of the TP-Link Archer C60 v1/v2 are
actually inverted compared to the ports of the internal switch.

Add this information to 02_network.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 14a07fa1f0)
4 years ago
Adrian Schmutzler f1a3a6b79c ath79: fix port order on TP-Link Archer C60 v1/v2
The labels on the LAN ports of the TP-Link Archer C60 v1/v2 are
actually inverted compared to the ports of the internal switch.

Add this information to 02_network.

This is the same for to-be-supported v3 of this device.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit b054729899)
4 years ago
Adrian Schmutzler e4107e30a7 ar71xx: remove wrong MAC address adjustment for Archer C60 v2
The adjustment of the MAC address for Archer C60 v2 in 10_fix_wifi_mac
is broken since a "mac" partition is not set up for this device on
ar71xx. Instead, the MAC address is already patched correctly in
11-ath10k-caldata.

Remove the useless adjustment.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit cbdc919024)
4 years ago
Adrian Schmutzler 83f1015a6c ar71xx: fix swapped LAN/WAN MAC address for Archer C60 v1/v2
The MAC addresses for lan/wan are swapped compared to the vendor
firmware. This adjusts to vendor configuration, which is:

lan   *:7b   label
wan   *:7c   label+1
2.4g  *:7b   label
5g    *:7a   label-1

Only one address is stored in <&mac 0x8>, corresponding to the label.

This has been checked on revisions v1, v2 and v3.

Since ar71xx calculates the ath10k MAC address based on the ethernet
addresses, the number there is adjusted, too.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 14eb54938b)
4 years ago
Adrian Schmutzler 9f024d3587 ath79: fix swapped LAN/WAN MAC address for Archer C60 v1/v2
The MAC addresses for lan/wan are swapped compared to the vendor
firmware. This adjusts to vendor configuration, which is:

lan   *:7b   label
wan   *:7c   label+1
2.4g  *:7b   label
5g    *:7a   label-1

Only one address is stored in <&mac 0x8>, corresponding to the label.

This has been checked on revisions v1, v2 and v3.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 88aead0a66)
4 years ago
Adrian Schmutzler b32129d30b rssileds: add dependencies based on LDFLAGS
This adds the direct dependencies introduced by TARGET_LDFLAGS
to the package's DEPENDS variable.

This was found by accidentally building rssileds on octeon, which
resulted in:

"Package rssileds is missing dependencies for the following libraries:
libnl-tiny.so"

Though the dependencies are provided when building for the
relevant targets ar71xx, ath79 and ramips, it seems more tidy to
specify them explicitly.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a5b2c6f5ed)
4 years ago
Felix Fietkau 9da31d0fb4 mt76: update to the latest version
8682e0d0b49c mt76: speed up usb bulk copy
884c25e7caca mt76: usb: use max packet length for m76u_copy
1ad98b95cf4a mt76: mt76u: rely only on data buffer for usb control messagges
3d491603caff mt76: fix array overflow on receiving too many fragments for a packet
9792a62e7f30 mt76: set dma-done flag for flushed descriptors
53233cdf9486 mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw
a4ae9219e6c7 mt76: dma: do not write cpu_idx on rx queue reset until after refill
1198fa57d185 mt76: mt7603: increase dma mcu rx ring size
91cd5be6ee37 mt76: avoid extra RCU synchronization on station removal
7d7fb26bb78a mt76: mt76x2: avoid starting the MAC too early
aac609809de1 mt76: fix LED link time failure
18627db2e633 mt76: mt76x0u: add support to TP-Link T2UHP
5ecfdb1a6e0a mt76: mt76x02: fix handling MCU timeouts during hw restart
f7e9be89db59 mt76: mt7603: add upper limit for dynamic sensitivity minimum receive power
23b834485070 mt76: mt7603: enable dynamic sensitivity adjustment by default
08054d5ab135 mt76: mt76x02: reset MCU timeout counter earlier in watchdog reset

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years ago
Catrinel Catrinescu 68351990dc ar71xx/ath79: ew-dorin, fix the trigger level for WPS button
Because the WPS button had the wrong trigger level,
the failsafe mode was triggered quite often,
after this commit:
https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=27f3f493de

Signed-off-by: Catrinel Catrinescu <cc@80211.de>
(cherry picked from commit 3e03b7ac4a)
4 years ago
Rafał Miłecki 6e4453aecc kernel: backport out-of-memory fix for non-Ethernet devices
Doing up & down on non-Ethernet devices (e.g. monitor mode interface)
was consuming memory.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ec8e8e2ef0)
4 years ago
Koen Vandeputte 06f5a8d3e9 kernel: bump 4.14 to 4.14.172
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Florian Eckert e7f1313bbb rpcd: add respawn param
The rpcd service is an important service, but if the service stops
working for any reason, no one will ever respawn that service. With this
commit, the procd service will monitor if the rpcd service
is running. If the rpcd service has crashed, then
procd respawns the rpcd service.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 432ec292cc)
4 years ago
Jo-Philipp Wich f6f0cd54a2 rpcd: update to latest Git HEAD
aaa0836 file: extend exec acl checks to commands with arguments

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 762aac50c0)
4 years ago
David Bauer 1713707673 ar71xx: add missing LED migration for Archer C7
When changing the LED names for the Archer C7 to represent the correct
color, a migration for existing UCI entries was not created.

Add a migration to keep existing LED configurations working.

Fixes commit c79c001b59 ("ar71xx: Archer C7 v1 LED names and RFKILL
fixes")

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 4349d4c682)
4 years ago
David Bauer ef391799e3 ar71xx: correct AVM FRITZ Repeater 450E WPS button flag
The AVM FRITZ!WLAN Repeater 450E's WPS button is not active low.

Correct the active low flag to avoid unintenional activation of
failsafe mode on boot.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 1d4f2ca610)
4 years ago
Jo-Philipp Wich c56ed72d2b OpenWrt v19.07.2: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 33732f4a9c OpenWrt v19.07.2: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 65030d81f3 libubox: update to latest Git HEAD
7da6643 tests: blobmsg: add test case
75e300a blobmsg: fix wrong payload len passed from blobmsg_check_array

Fixes: FS#2833
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 955634b473)
4 years ago
Roger Pueyo Centelles b33cfb7eb2 ath79: add missing reset-gpios for NanoStation Loco M (XW)
When porting support from ar71xx to ath79, the reset-gpios option was
missed. Due to a hardware bug, this would eventually leave the devices
with RX-deaf Ethernet PHY.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(cherry picked from commit 6613a7f5cc)
4 years ago
Roger Pueyo Centelles 4edadfb997 ath79: add support for Ubiquiti NanoStation Loco M (XW)
This commit adds support for the NanoStation Loco M2/M5 XW devices
on the ath79 target (support was long ago available on ar71xx).

Specifications:

 - AR9342 SoC @ 535 MHz
 - 64 MB RAM
 - 8 MB SPI flash
 - 1x 10/100 Mbps Ethernet, 24 Vdc PoE-in
 - AR8032 switch
 - 2T2R 5 GHz radio, 22 dBm
 - 13 dBi built-in antenna
 - POWER/LAN green LEDs
 - 4x RSSI LEDs (red, orange, green, green)
 - UART (115200 8N1) on PCB

Flashing via TFTP:

 - Use a pointy tool (e.g., pen cap, paper clip) and keep the reset
   button on the device or on the PoE supply pressed
 - Power on the device via PoE (keep reset button pressed)
 - Keep pressing until LEDs flash alternatively LED1+LED3 =>
   LED2+LED4 => LED1+LED3, etc.
 - Release reset button
 - The device starts a TFTP server at 192.168.1.20
 - Set a static IP on the computer (e.g., 192.168.1.21/24)
 - Upload via tftp the factory image:
   $ tftp 192.168.1.20
   tftp> bin
   tftp> trace
   tftp> put openwrt-ath79-generic-xxxxx-ubnt_nanostation-loco-m-xw-squashfs-factory.bin

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(backported from commit 633c4304ad)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Petr Štetiar cf118077cd ppp: backport security fixes
8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP
8d7970b8f3db pppd: Fix bounds check in EAP code
858976b1fc31 radius: Prevent buffer overflow in rc_mksid()

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 215598fd03)
Fixes: CVE-2020-8597
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 0e9e5b1553 Revert "ppp: backport security fixes"
This reverts commit 6b7eeb74db since it
didn't contain a reference to the CVE it addresses. The next commit
will re-add the commit including a CVE reference in its commit message.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 9e2a1af62f uhttpd: update to latest Git HEAD
2ee323c file: poke ustream after starting deferred program

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 04069fde19)
4 years ago
Koen Vandeputte af79c3bccc kernel: bump 4.14 to 4.14.171
Refreshed all patches.

Fixes:
- CVE-2013-1798

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Ansuel Smith bc0ca20ca9 ipq806x: fix bug in L2 cache scaling
It has been notice a buf in L2 cache scaling where the scaling is not
done proprely if the frequency is set to the initial state before
the new frequency.

From: https://patchwork.kernel.org/patch/10565443/

* The clocks are set to aux clock rate first to make sure the
* secondary mux is not sourcing off of QSB. The rate is then set to
* two different rates to force a HFPLL reinit under all
* circumstances.

In the initial stage of boot to force a new frequency to apply, is
needed to first set the frequency back to the lowest one (aux_rate)
and then to the target one. This force and make sure the controller
actually switch the frequency to the right one. Apply the same
mechanism to L2 frequency scaling. Before scaling to the target
frequency, first set the frequency to the aux_rate to force the
transition, then scale it to the target frequency. Doing the wrong way
can produce unexpected results and could lock the scaling mechanism
until a full reboot is done (Causing a full reset by the krait-cc driver)

From: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=77612720a2362230af726baa4149c40ec7a7fb05

When the Hfplls are reprogrammed during the rate change,
the primary muxes which are sourced from the same hfpll
for higher frequencies, needs to be switched to the 'safe
secondary mux' as the parent for that small window. This
is done by registering a clk notifier for the muxes and
switching to the safe parent in the PRE_RATE_CHANGE notifier
and back to the original parent in the POST_RATE_CHANGE notifier.

This should apply also to L2 scaling... as we can't relly use
the notifier, we manually do this on L2 scaling.

Tested-By: Marc Benoit <marcb62185@gmail.com> [19.07: R7800]
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [nbg6817/ipq8065]
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit 5ab9c0b388)
4 years ago
Pavel Kubelun 191822b59f ipq806x: add missing core1 voltage tolerance
Voltage tolerance is accounted per core, not per cpu, so add
missing DT entry.

Tested-By: Marc Benoit <marcb62185@gmail.com> [19.07: R7800]
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit 77e7d6c20d)
4 years ago
Johann Neuhauser d0c8875faf ath79: ar934x: use reset for usb-phy-analog
This was already available on ar71xx, but is missing on ath79.
This solves the slow usb speed on TP-Link WDR3600/WDR4300 and similar,
as reported in Flyspray [0], OpenWRT Forum [1] and GitHub PR [2].

[0] https://bugs.openwrt.org/index.php?do=details&task_id=2567
[1] https://forum.openwrt.org/t/usb-wdr4300-low-speed-on-external-storage/46794
[2] https://github.com/openwrt/openwrt/pull/964

Tested-By: Lech Perczak <lech.perczak@gmail.com> [TL-WDR4300]
Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
(cherry picked from commit bda6b6144d)
4 years ago
Johann Neuhauser c9b6bb43ce ath79: phy-ar7200-usb: adapt old behavior of arch/mips/ath79/dev-usb.c
[ Upstream commit 6cca6fffa0 ]

Do not put usb-phy into reset if clearing the usb-phy reset or
setting the suspend_override has failed.

Reorder (de)asserts like in arch/mips/ath79/dev-usb.c.

Add an optional reset_control "usb-phy-analog", which is needed for
ar934x SoCs like in the old mach-driver arch/mips/ath79/dev-usb.c.

Tested-By: Lech Perczak <lech.perczak@gmail.com> [TL-WDR4300]
Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
[added reference to upstream commit, Tested-by]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Adrian Schmutzler b2660e67f0 Revert "ath79: add support for Ubiquiti NanoStation Loco M (XW)"
This reverts commit 21bf718b8c.

Until the mdio-reset is solved, this is not ready for stable release.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Roger Pueyo Centelles 21bf718b8c ath79: add support for Ubiquiti NanoStation Loco M (XW)
This commit adds support for the NanoStation Loco M2/M5 XW devices
on the ath79 target (support was long ago available on ar71xx).

Specifications:

 - AR9342 SoC @ 535 MHz
 - 64 MB RAM
 - 8 MB SPI flash
 - 1x 10/100 Mbps Ethernet, 24 Vdc PoE-in
 - AR8032 switch
 - 2T2R 5 GHz radio, 22 dBm
 - 13 dBi built-in antenna
 - POWER/LAN green LEDs
 - 4x RSSI LEDs (red, orange, green, green)
 - UART (115200 8N1) on PCB

Flashing via TFTP:

 - Use a pointy tool (e.g., pen cap, paper clip) and keep the reset
   button on the device or on the PoE supply pressed
 - Power on the device via PoE (keep reset button pressed)
 - Keep pressing until LEDs flash alternatively LED1+LED3 =>
   LED2+LED4 => LED1+LED3, etc.
 - Release reset button
 - The device starts a TFTP server at 192.168.1.20
 - Set a static IP on the computer (e.g., 192.168.1.21/24)
 - Upload via tftp the factory image:
   $ tftp 192.168.1.20
   tftp> bin
   tftp> trace
   tftp> put openwrt-ath79-generic-xxxxx-ubnt_nanostation-loco-m-xw-squashfs-factory.bin

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(backported from commit 633c4304ad)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Sungbo Eo 2d3a93335a ramips: append tail to WF2881 initramfs image
Stock firmware has a vendor-defined tail at the end of uImage for image
validation. This patch enables OpenWrt installation from stock firmware
without having to access the UART console.

Installation via web interface:
1.  Flash **initramfs** image through the stock web interface.
2.  Boot into OpenWrt and perform sysupgrade with sysupgrade image.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit be3e98ce26)
4 years ago
Adrian Schmutzler 8fa6107aee ath79: add support for Ubiquiti Picostation M (XM)
This adds support for the Ubiquiti Picostation M (XM), which has the
same board/LEDs as the Bullet M XM, but different case and antennas.

Specifications:
- AR7241 SoC @ 400 MHz
- 32 MB RAM
- 8 MB SPI flash
- 1x 10/100 Mbps Ethernet, 24 Vdc PoE-in
- External antenna: 5 dBi (USA), 2 dBi (EU)
- POWER/LAN green LEDs
- 4x RSSI LEDs (red, orange, green, green)
- UART (115200 8N1) on PCB

Flashing via WebUI:
  Upload the factory image via the stock firmware web UI.

  Attention: airOS firmware versions >= 5.6 have a new bootloader with
  an incompatible partition table!

  Please downgrade to <= 5.5 _before_ flashing OpenWrt!
  Refer to the device's Wiki page for further information.

Flashing via TFTP:
  Same procedure as other NanoStation M boards.

- Use a pointy tool (e.g., pen cap, paper clip) and keep the reset
  button on the device or on the PoE supply pressed
- Power on the device via PoE (keep reset button pressed)
- Keep pressing until LEDs flash alternatively LED1+LED3 =>
  LED2+LED4 => LED1+LED3, etc.
- Release reset button
- The device starts a TFTP server at 192.168.1.20
- Set a static IP on the computer (e.g., 192.168.1.21/24)
- Upload via tftp the factory image:
  $ tftp 192.168.1.20
  tftp> bin
  tftp> trace
  tftp> put openwrt-ath79-generic-xxxxx-ubnt_picostation-m-squashfs-factory.bin

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6fdaf16dd0)
4 years ago
Sven Roederer 6a950afde1 ath79: add support for Ubiquiti Nanostation Loco M (XM)
This adds support for the Ubiquiti Nanostation Loco M (XM), which
has the same board/LEDs as the Bullet M XM, but different case and
antennas.

Specifications:
- AR7241 SoC @ 400 MHz
- 32 MB RAM
- 8 MB SPI flash
- 1x 10/100 Mbps Ethernet, 24 Vdc PoE-in
- NS Loco M2: built-in antenna: 8 dBi; AR9287
- NS Loco M5: built-in antenna: 13 dBi; 2T2R 5 GHz radio
- POWER/LAN green LEDs
- 4x RSSI LEDs (red, orange, green, green)
- UART (115200 8N1) on PCB

Flashing via WebUI:
  Upload the factory image via the stock firmware web UI.
  Note that only certain firmware versions accept unsigned
  images. Refer to the device's Wiki page for further information.

Flashing via TFTP:
  Same procedure as other NanoStation M boards.

- Use a pointy tool (e.g., pen cap, paper clip) and keep the reset
  button on the device or on the PoE supply pressed
- Power on the device via PoE (keep reset button pressed)
- Keep pressing until LEDs flash alternatively LED1+LED3 =>
  LED2+LED4 => LED1+LED3, etc.
- Release reset button
- The device starts a TFTP server at 192.168.1.20
- Set a static IP on the computer (e.g., 192.168.1.21/24)
- Upload via tftp the factory image:
  $ tftp 192.168.1.20
  tftp> bin
  tftp> trace
  tftp> put openwrt-ath79-generic-xxxxx-ubnt_nanostation-loco-m-squashfs-factory.bin

Tested on NanoStation Loco M2.

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
Co-developed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit b56bcfe3be)
4 years ago
Adrian Schmutzler 7cbd39421e ath79: add gpio4 pinmux on TL-WR841N/ND v8, WR842N v2, MR3420 v2
This adds a pinmux to the shared DTSI for TP-Link TL-WR841N/ND v8,
TL-WR842N v2 and TL-MR3420 v2. It is supposed to be the equivalent
of:

/* config gpio4 as normal gpio function */
ath79_gpio_output_select(TL_MR3420V2_GPIO_USB_POWER,AR934X_GPIO_OUT_GPIO);

This allows to enable USB power on these devices.

While at it, move the jtag_disable_pins to &gpio node and remove the
redundant status=okay there.

Tested on TP-Link TL-WR842N v2.

Fixes: FS#2753

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Armin Fuerst <armin@fuerst.priv.at>
[backport: change individual DTS files, no mr3420-v2 present]
(backported from commit 18c95c9d6e)
4 years ago
Adrian Schmutzler 085f38351f ath79: enable forceless sysupgrade from ar71xx on fritz300e
This adds the ar71xx board name to the SUPPORTED_DEVICES on ath79,
so forceless sysupgrade on this device becomes possible.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 49ff00db34)
4 years ago
Petr Štetiar 6b7eeb74db ppp: backport security fixes
8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP
8d7970b8f3db pppd: Fix bounds check in EAP code
858976b1fc31 radius: Prevent buffer overflow in rc_mksid()

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 215598fd03)
4 years ago
Chuanhong Guo 95d5cbdec3 ath79: add wmac migration for all ar93xx/qca95xx SoCs
Add migration for all ar71xx device path as well as previously
incorrect ath79 path.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit d08b5bb344)
Tested-by: Lech Perczak <lech.perczak@gmail.com> [TP-Link TL-WDR4300 v1]
4 years ago
Chuanhong Guo 2d21357b65 ath79: ar93xx/qca95xx: move gmac/wmac/pcie node out of apb bus
according to functional block diagram in datasheet, these devices
don't belong to apb bus.
Move these nodes out to match datasheet description.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit f65501e1c2)
Tested-by: Lech Perczak <lech.perczak@gmail.com> [TP-Link TL-WDR4300 v1]
4 years ago
Jo-Philipp Wich b6c01fec92 hostapd: remove erroneous $(space) redefinition
The $(space) definition in the hostapd Makefile ceased to work with
GNU Make 4.3 and later, leading to syntax errors in the generated
Kconfig files.

Drop the superfluous redefinition and reuse the working $(space)
declaration from rules.mk to fix this issue.

Fixes: GH#2713
Ref: https://github.com/openwrt/openwrt/pull/2713#issuecomment-583722469
Reported-by: Karel Kočí <cynerd@email.cz>
Suggested-by: Jonas Gorski <jonas.gorski@gmail.com>
Tested-by: Shaleen Jain <shaleen@jain.sh>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 766e778226)
4 years ago
Adrian Schmutzler 5000fc53a1 ath79: fix DTS node names for Ubiquiti XW partitions
Some node names were inconsistent with the reg property. Fix it.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 1a0d6e1eba)
[fixed XM->XW in commit title for backport]
4 years ago
Michal Cieslakiewicz a0ca72d9ab uboot-envtools: ath79: add Netgear WNDR3700v2
Add Netgear WNDR3700v2 to the list of supported boards.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
[rebase, adjusted commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a09408fa57)
4 years ago
Michal Cieslakiewicz 53cd2299ee ath79: WNDR3700 v1/v2: make u-boot env partition writable
Remove read-only flag from U-boot environment partition for Netgear
WNDR3700 v1 and v2 so u-boot-envtools can modify data there.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit 6227c8d1bf)
4 years ago
Dan Haab cff3795450 bcm53xx: build images for Luxul ABR-4500 and XBR-4500 routers
Luxul ABR-4500 and XBR-4500 devices are wired routers with 5 Ethernet
ports and 1 USB 3.0 port. Flashing requires using Luxul firmware 6.4.0
or newer and uploading firmware using "Firmware Update" web UI page.

Signed-off-by: Dan Haab <dan.haab@legrand.com>
(cherry picked from commit 1d47f81581)
[rmilecki: use DEVICE_TITLE for 19.07]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
4 years ago
Dan Haab cf2b042855 firmware-utils: add lxlfw tool for generating Luxul firmwares
It's a simple tool prepending image with a Luxul header.

Signed-off-by: Dan Haab <dan.haab@legrand.com>
(cherry picked from commit 9aa6569aa6)
4 years ago
Rafał Miłecki 887eb669f9 mac80211: brcm: backport remaining 5.6 kernel patches
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit aca274091a)
4 years ago
Koen Vandeputte d91b52b1a2 kernel: add missing symbol
Reported by Buildbot:

x86 instruction decoder selftest (X86_DECODER_SELFTEST) [N/y/?] (NEW) aborted!

Fixes: eca8a2ee0d ("kernel: bump 4.14 to 4.14.169")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Koen Vandeputte 2a844349fa kernel: add support for GD25D05 SPI NOR
This chip is used on newer RB912UAG-5HPnD r2 boards:

Before:

[    0.642553] m25p80 spi0.0: unrecognized JEDEC id bytes: c8, 40, 10
[    0.649381] NAND flash driver for the RouterBOARD 91x series

After:

[    0.641714] m25p80 spi0.0: found gd25d05, expected m25p80
[    0.649916] m25p80 spi0.0: gd25d05 (64 Kbytes)
[    0.655122] Creating 4 MTD partitions on "spi0.0":
[    0.660164] 0x000000000000-0x00000000c000 : "routerboot"
[    0.667782] 0x00000000c000-0x00000000d000 : "hard_config"
[    0.675073] 0x00000000d000-0x00000000e000 : "bios"
[    0.682613] 0x00000000e000-0x00000000f000 : "soft_config"
[    0.690304] NAND flash driver for the RouterBOARD 91x series

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Koen Vandeputte eca8a2ee0d kernel: bump 4.14 to 4.14.169
Refreshed all patches.

Fixes:
- CVE-2019-14896
- CVE-2019-14897

Remove upstreamed:
- 023-0007-crypto-crypto4xx-Fix-wrong-ppc4xx_trng_probe-ppc4xx_.patch
- 001-4.22-01-MIPS-BCM63XX-drop-unused-and-broken-DSP-platform-dev.patch

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Mason Clarke 3d1c84d424 ramips: reenable image creation for the D-Link DIR-645
This commit reenables the image creation for the D-Link DIR-645.

Images built for the D-Link DIR-645 work just fine, there is no reason
to disable the image creation for it.

I tested the OpenWrt 18.06.5 and 19.07.0-rc1 images, as well as an
image I built from the current 19.07 branch (git HEAD 62d5ece) with
the default 19.07 release config, and I cannot confirm the report that
commit 2607c02ed5
("ramips: disable D-Link DIR-645 by default") references.
Configuration changes were applied successfully and remained set after
a reboot as well. The log also showed no anomalies.

This reverts commit 2607c02ed5.

Signed-off-by: Mason Clarke <mclarke2355@gmail.com>
4 years ago
Jan Alexander aed6632d31 ramips: use tpt DTS trigger for TP-Link TL-MR3020 v3 and TL-WA801ND v5
This converts the TP-Link TL-MR3020v3 board to use the WLAN throughput
LED trigger in order to react to all VAPs.

It also moves the WLAN trigger config of the TP-Link TL-WA801NDv5 to the
DTS and merges the now identical LAN LED configs.

Verified these changes on a TL-MR3020v3 and TL-WA801NDv5.

Signed-off-by: Jan Alexander <jan@nalx.net>
[changed commit title and extended commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[added comment about test result on TL-WA801ND v5]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 20eb45da4f)
4 years ago
Adrian Schmutzler a229907150 ramips: remove duplicate DEVICE_PACKAGES for TP-Link Archer C20i
DEVICE_PACKAGES is specified twice for the same device. Remove the
first (=older) assignment.

Fixes: 40692f0fb5 ("ramips: mt7620: select only the matching mt76 driver")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 4ecd6510bf)
4 years ago
Jo-Philipp Wich 4668ae3bed OpenWrt v19.07.1: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 901bbe2ab9 OpenWrt v19.07.1: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich c155900f66 opkg: update to latest Git HEAD
80d161e opkg: Fix -Wformat-overflow warning
c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums

Fixes: CVE-2020-7982
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c69c20c667)
4 years ago
Felix Fietkau 8ab2b42fac kernel: fix dst reference leak in flow offload
Fixes a significant amount of leaked memory with lots of connections

Ref: PR#2721
Tested-by: Jerome Benoit <jerome.benoit@sap.com> [WRT1900AC v1]
Signed-off-by: Felix Fietkau <nbd@nbd.name>
[removed 4.19 patch during cherry-pick]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit c6c4701def)
4 years ago
Adrian Schmutzler 47935940d6 ath79: fix SUPPORTED_DEVICES not matching ar71xx board names
Based on a script for comparison, this fixes (hopefully) all errors
in SUPPORTED_DEVICES for ar71xx->ath79 upgrade.

Devices where old string is removed as the device does not exist
in ar71xx:
- dlink_dir-859-a1
- tplink_archer-a7-v5
- tplink_cpe510-v3 [only in master]

Devices where string is changed because it did not match the board
name in ar71xx:
- tplink_tl-mr3220-v1
- tplink_tl-mr3420-v1
- tplink_tl-wr2543-v1
- tplink_tl-wr741nd-v4
- tplink_tl-wr841-v7
- ubnt_unifiac-mesh
- ubnt_unifiac-mesh-pro
- ubnt_unifiac-pro

For this device, the correct string could not be found, but we could
not determine the correct one. Thus, the string is removed for now:
- tplink_tl-wr740n-v4

The script for checking this is quite simple (note that newer
entries, i.e. ath79->ath79 upgrade, are displayed as missing):

  newpath=target/linux/ath79/image/
  oldpath=target/linux/ar71xx/base-files/lib/ar71xx.sh

  for s in $(grep -roh "SUPPORTED_DEVICES.*" $newpath | sed 's/SUPPORTED_DEVICES *.= *//'); do
    found="Missing"
    grep -q -r "\"$s\"" $oldpath && found="Found"
    echo "$s: $found."
  done

The errors might be filtered by appending 'grep "Missing"' to the script.

Fixes: FS#2751

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 07ce940b77)
4 years ago
Adrian Schmutzler da5b5ae9b9 ath79: remove SUPPORTED_DEVICES for TP-Link Archer D50 v1
This device has not been supported in ar71xx, so there is no need
for an explicit SUPPORTED_DEVICES entry.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 894bdee756)
4 years ago
Hauke Mehrtens f84981f6f8 mac80211: Update to version 4.19.98
The removed patches are all integrated in the upstream version now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
Martin Schiller 3212290a3b lantiq: ltq-ptm: vr9: fix skb handling in ptm_hard_start_xmit()
Call skb_orphan(skb) to call the owner's destructor function and make
the skb unowned.

This is necessary to prevent sk_wmem_alloc of a socket from overflowing,
which leads to ENOBUFS errors on application level.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 996f02e5ba)
4 years ago
Magnus Kroken 6ee0138a6c mbedtls: update to 2.16.4
Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA.

Release announcement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released

Security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12

Fixes:
 * CVE-2019-18222: Side channel attack on ECDSA

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 6e96fd9047)
4 years ago
Koen Vandeputte 1c5ac590c4 kernel: bump 4.14 to 4.14.167
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Petr Štetiar 8038846b62 procd: update to version 2020-01-24
Get only fix backports from openwr-19.07 procd branch:

 31e4b2dfdbd7 state: fix reboot causing shutdown inside LXC container
 557f11b3a20f instance: provide error feedback if ujail binary is missing
 0a11aa405d3f instance: Fix instance_config_move_strdup() function
 44dd9419812b instance: fix typo in error message
 153820c76471 instance: fix pidfile and seccomp attributes double free

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Petr Štetiar 4e91c4e156 ramips: mt7621: ubnt-erx: allow sysupgrade from master
Currently it's not possible to downgrade from master:

 Device ubiquiti,edgerouterx not supported by this image
 Supported devices: ubnt-erx

So fix it by adding a DTS based device name from master into
SUPPORTED_DEVICES list.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Felix Fietkau 4a58a871c4 hostapd: fix faulty WMM IE parameters with ETSI regulatory domains
hostapd sets minimum values for CWmin/CWmax/AIFS and maximum for TXOP.
The code for applying those values had a few bugs leading to bogus values,
which caused significant latency and packet loss.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years ago
Anderson Vulczak abaf329dad tools: tplink-safeloader: update soft_ver for TP-Link Archer C6 v2 (EU)
This patch updates "soft_ver" for TP-Link Archer C6 v2 (EU).

It makes possible to upload OpenWrt on lastest vendor's firmware
as the web-based updater checks for major.minor version during upload.

Due to that on next major/minor version update TP-Link will stop
us from using the web-based firmware update tool, so it will
require a new patch on soft_ver to match major and minor version.
Up to today's latest stock firmware the patch (major.minor.patch)
version does not matters, that allows downgrade from 1.1.4 to 1.1.1
but do not allow downgrade from 1.1.X to 1.0.X.

Signed-off-by: Anderson Vulczak <andi@andi.com.br>
(cherry picked from commit 7a8bfbf0ff)
(cherry picked from commit eeb93e5c2b23518e372737ecf8fdde4b9f139a49)
4 years ago
Kimmo Vuorinen 177c9ed4b0 uboot-envtools: ath79: add support for glinet,gl-ar150
Add ubootenv uci config for GL.inet GL-AR150

Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a8723c48ad)
4 years ago
Kimmo Vuorinen a1502b0443 uboot-envtools: ar71xx: add support for gl-ar150/-domino/-mifi
Add ubootenv uci config for gl-ar150, gl-domino and gl-mifi

Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
[commit message/title facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit dc6dfaac80)
4 years ago
Kimmo Vuorinen b6675c2b2e ar71xx: change u-boot-env to read-write for gl-ar150/-domino/mifi
Change u-boot-env partitions to be mounted as read-write for gl-ar150,
gl-domino and gl-mifi so uboot-envtools support is possible.

Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 2c1cfacdde)
4 years ago
Petr Štetiar eed8f30b98 urngd: update to version 2020-01-21
c7f7b6b65b82 Tag version 1.0.2
236b7a0aef21 Fix blocked entropy generation

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3d8edd9bb4)
4 years ago
Petr Štetiar 1636e99e80 urngd: update to latest Git head
* 40f939d57c67 Tag version 1.0.1
 * 9e758e6e6aec jitterentropy-rngd: update to version v1.1.0 + clang compile fix
 * 193586a25adc Fix wrong types in format strings used in debug build
 * d474977bb611 Add initial GitLab CI support

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ed67b137c7)
4 years ago
Lech Perczak 1b4b4e3fae ar71xx: ubnt-rocket-m-ti: fix RSSI LED definitions
When mapping for RSSI LEDs was defined for interface wlan0 on
Ubiquiti Rocket M Titanium, it missed connection to actual interface.
Therefore create the mapping to interface, so RSSI LEDs work without
additional configuration, after starting rssileds service.

While at that, split RSSI into ~equal intervals for 6 LEDs,
and remove coefficients needed for PWM LEDs, as this board does not
support PWM LEDs.

Finally, for complete support, enable 'rssileds' package in per-device
rootfs, so the indicator works out of box.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 83708f233d)
4 years ago
Walter Sonius c1245ebc96 brcm47xx: fix switch port order for Netgear WN2500RP V1
The Netgear WN2500RP V1 switch0 already works for LAN
however the port order for the LAN ports is inverted. Correct
physical port order watched from the back of the device is:
4 / 3 / 2 / 1
WAN port is absent on this device and therefore removed
from switch config.

Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[move block to maintain alphabetic sorting]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 098cbc68ee)
4 years ago
Stephan Knauss f638ef4325 kirkwood: fix HDD LED labels for Zyxel NSA325 in 01_leds
Change the LED labels for hdd1/hdd2 in 01_leds to match their
counterpart in DTS.

Signed-off-by: Stephan Knauss <openwrt@stephans-server.de>
[improve commit title and message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit fbf297be38)
4 years ago
Walter Sonius d3c2547cf1 brcm47xx: fix switch port order for Netgear WNR3500 V2
The Netgear WNR3500 V2 switch0 already works for WAN/LAN
however the port order for the LAN ports is inverted. Correct
physical port order watched from the back of the device is:
Internet / 4 / 3 / 2 / 1 this resembles the Linksys E3000 V1.

Verfied with imagebuilder edit FILES=/etc/board.d/01_network

Signed-off-by: Walter Sonius <walterav1984@gmail.com>
(cherry picked from commit cf2f1fc687)
4 years ago
Sungbo Eo f6ab1f1566 ramips: rt305x: remove unnecessary mediatek,portmap
"#mediatek,portmap" is not a valid property name.

If mediatek,portmap equals 0x0, then the esw driver ditches it and uses
the default value, 0x3f.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit f87281b295)
4 years ago
Sungbo Eo 1d56a7b75d ramips: mt76x8: fix bogus mediatek,portmap
mt76x8 uses esw_rt3050 driver, which does not accept mediatek,portmap with
string values. Convert the strings to integers to make it work.

According to its switch setup, WRTnode 2P/2R have a WAN port at port 0,
so the correct value should be 0x3e.

tplink_8m.dtsi uses "llllw", but it does not match switch setups of any
device using the DTSI. Remove it from the DTSI and add correct value to DTS
for each device.

These devices have a WAN port at port 0. Set the value to 0x3e.
- tplink,archer-c20-v4
- tplink,archer-c50-v3
- tplink,tl-mr3420-v5
- tplink,tl-wr840n-v4
- tplink,tl-wr841n-v13
- tplink,tl-wr842n-v5

These devices have only one ethernet port. They don't need portmap setting.
- tplink,tl-wa801nd-v5
- tplink,tl-wr802n-v4
- tplink,tl-wr902ac-v3

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(backported from commit 7a387bf9a0)
[removed TL-WR841N v14 which is not present in 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Maxim Anisimov 49b240cde8 ramips: fix portmap for TP-Link Archer C50 v4
According to 02_network portmap is wan=0 lan1=1 lan2=2 lan3=3 lan4=4

Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
(cherry picked from commit ebf535a6cf)
4 years ago
Sungbo Eo d3eabe44d0 ramips: mt7620/mt7621: remove invalid mediatek,portmap
mt7620 and mt7621 use mt7530 driver, which only accepts "llllw", "wllll",
and "lwlll" values.

According to its switch setup, Mi Router 3G v2 has a WAN port at port 4,
so the correct value should be "llllw".

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(backported from commit d3c0a94405)
[removed devices not in 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Christoph Krapp 67595ce380 ramips: add factory image for Netgear R6350
This adds factory image generation for all three
devices. These images can be flashed via WebUI
for easy installation.

Thanks to David Bauer for the inspiration.

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
[altered commit to only include the R6350]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 3c8df280a9)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years ago
Christoph Krapp 9c6913ccad ramips: add mt7615e support to Netgear R6350
Signed-off-by: Christoph Krapp <achterin@googlemail.com>
(cherry picked from commit 9861fa7aba)
4 years ago
Petr Štetiar f8902d1ae6 libubox: update to version 2020-01-20
43a103ff17ee blobmsg: blobmsg_parse and blobmsg_parse_array oob read fixes
 5c0faaf4f5e2 tests: prefer dynamically allocated buffers
 1ffa41535369 blobmsg_json: prefer snprintf usage
 132ecb563da7 blobmsg: blobmsg_vprintf: prefer vsnprintf
 a2aab30fc918 jshn: prefer snprintf usage
 b0886a37f39a cmake: add a possibility to set library version
 a36ee96618a9 blobmsg: blobmsg_add_json_element() 64-bit values
 f0da3a4283b7 blobmsg_json: fix int16 serialization
 20a070f08139 tests: blobmsg/json: add more test cases
 379cd33d1992 tests: include json script shunit2 based testing

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5c73bb12c8)
4 years ago
Petr Štetiar 5ca066a5c2 fstools: backport fix from version 2020-01-18
Contains only the FS#2735 fix:

 189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer

Commit adding new feature wasn't backported (needs patched kernel anyway):

 f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images)

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 63000bfaf7)
4 years ago
Koen Vandeputte ae953449f2 kernel: bump 4.14 to 4.14.166
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Koen Vandeputte 945db9fb01 kernel: bump 4.14 to 4.14.165
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Koen Vandeputte 9298c443df kernel: bump 4.14 to 4.14.164
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
DENG Qingfang d46b00cf0f ramips: fix HiWiFi HC5962 status LED
Match LED behavior to stock firmware:

Red: booting
White: running

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit 9a3c9a9656)
4 years ago
DENG Qingfang 03c35bda03 ramips: fix HiWiFi HC5962 switch configuration
HC5962 has only 3 LAN ports, switch port 0 is unused

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(backported from commit 68f49df315)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Ozgur Can Leonard a885f7d3d0 ramips: add kmod-mt7615e to Xiaomi Mi Router 3 Pro images
Now that the mt76/mt7615e driver is in Openwrt, might as well use it.

Signed-off-by: Ozgur Can Leonard <ozgurcan@gmail.com>
(cherry picked from commit d7c082ba4f)
4 years ago
Thomas Nixon 67c8e586c8 ar71xx/mikrotik: use ath10k-ct-smallbuffers for 64 MiB devices
This image is only needed on one device (wAP AC); since this target is
going to be removed anyway it doesn't make sense to add an extra "low
RAM" image.

Fixes OOM issues on RouterBoard wAP AC.

Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
(cherry picked from commit 788c8485eb)
4 years ago
Jan Alexander e18c87ef45 ramips: fix wps leds/btn for TP-Link TL-WA801ND v5
- fix color and active mode for existing wps led
- add green wps led
- add wps button

Signed-off-by: Jan Alexander <jan@nalx.net>
[wrap line]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 26105974e7)
4 years ago
Daniel Golle 455ba76bf9 hostapd: cleanup IBSS-RSN
set noscan also for IBSS and remove redundant/obsolete variable.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 702c70264b)
4 years ago
Eneas U de Queiroz dd4d49dcc1 cryptodev-linux: remove DEFAULT redefinition
The 'DEFAULT:=m if ALL' line prevents the phase1 buildbots from building
the package, and users from downloading it, since they use 'ALL_KMODS=y'
but 'ALL' is not set.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 9b25f833eb)
4 years ago
Felix Fietkau 44b37774f9 mac80211: fix a page refcounting issue leading to leaks/crashes in rx A-MSDU decap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 9501469e11)
4 years ago
Felix Fietkau a3b6ffe01b mac80211: fix sta TID stats leak on a few nl80211 calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit d5b3024139)
4 years ago
Petr Štetiar 25e1afb9e1 ucert: update to version 2019-12-19
14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted
19a7225ac018 fix leaking memory in cert_dump_blob
9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker
4462ff9dedfa add cram based unit tests
5fe64b5606aa cmake: split usign bits into static library
5d7626a2b6d8 cmake: reindent the file
e284ed941972 cmake: enable hardening compiler flags and fix the reported issues
7e5390666347 add initial GitLab CI support
fa0bf4ef45b1 cmake: add proper include and library dependencies

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 2544cb1ba3)
4 years ago
Petr Štetiar fe197b8b09 ramips: mt7621: disable images for gehua_ghl-r-001
This device OOPs during the boot due to broken flash. It can be probably
fixed with `broken-flash-reset` once ramips is on 4.19 kernel.

So disable images for this device until its fixed.

Ref: FS#2695, PR#2483
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 28080d54d2)
4 years ago
Maxim Anisimov 08d9828b76 ramips: fix leds for TP-Link Archer C20 v4
- add "gpio" group for wan_orange led
- use tpt triggers for wifi led indication
- add wifi 5 GHz led support

Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
[slight commit message adjustment, backport]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 3a538db60a)
4 years ago
Adrian Schmutzler fd28ef59db ath79: add SUPPORTED_DEVICES for TP-Link TL-WR841N/ND v9 to v12
In ar71xx, v10 and v12 did not have separate board_name.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 7ed643d205)
4 years ago
Adrian Schmutzler 7a0d9b2eea ath79: add support for TP-Link TL-WR841N/ND v12
This router has the same hardware as TP-LINK TL-WR841N/ND v11 (same
FCC ID, same TFTP image name...).

Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.

Flash instruction (TFTP):
1. Set PC to fixed ip address 192.168.0.66
2. Download *-factory.bin image and rename it to wr841nv11_tp_recovery.bin
   (it's really v11, not v12)
3. Start a tftp server with the image file in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 8b76c6695b)
4 years ago
Adrian Schmutzler bd3eb071fd ath79: add support for TP-Link TL-WR841N/ND v10
The TL-WR841N/ND v10 is mostly identical to the v9. Apart from some minor
changes, it contains a newer revision of the QCA9533 SoC and the CPU clock
is significantly higher.

Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.

Flash instruction (TFTP):
1. Set PC to fixed ip address 192.168.0.66
2. Download *-factory.bin image and rename it to wr841nv10_tp_recovery.bin
3. Start a tftp server with the image file in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 4254193c1d)
4 years ago
Andrew Cameron 19ff3f5105 ath79: add support for the TP-LINK CPE220 V3
This adds support for a popular low-cost 2.4GHz N based AP

Specifications:
SoC: Qualcomm Atheros QCA9533 (650MHz)
RAM: 64MB
Storage: 8 MB SPI NOR
Wireless: 2.4GHz N based built into SoC 2x2
Ethernet: 2x 100/10 Mbps, integrated into SoC

Installation:
Flash factory image through stock firmware WEB UI
or through TFTP
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP adress:192.168.0.254

This also applies some minor changes to the common DTSI:
- use &wmac for label-mac-device, as this one is actually set up in
  common DTSI
- move &eth0 to parent DTSI
- fix several leading spaces, added/removed newlines

Signed-off-by: Andrew Cameron <apcameron@softhome.net>
[DTS style fixes/improvements, updated commit message/title,
backport to 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Matthias Schiffer 44c827215d
ethtool: fix PKG_CONFIG_DEPENDS
Add missing CONFIG_ prefix.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 41c19dd542)
4 years ago
Hauke Mehrtens eb15634541 OpenWrt v19.07.0: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
Hauke Mehrtens aca39acedf OpenWrt v19.07.0: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
Hauke Mehrtens a3ffeb413b ramips: Fix sysupgrade for Xiaomi mir3g
This mostly reverts the original commit e9929ebeea ("ramips: Fix
sysupgrade for Xiaomi mir3g") and replaces it with setting the
BOARD_NAME to the old value.

This way the folder in the tar will be named sysupgrade-mir3g and not
sysupgrade-xiaomi_mir3g and the sysupgrade in OpenWrt 18.06 can find it.

Without this change sysupgrade from 18.06 to 19.07 is only possible with
the -F option.

I tested the following sysupgrades successfully without -F
18.06 -> 19.07
19.07 -> master
master -> 19.07

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
Hauke Mehrtens f58705b77e dnsmasq: Fix potential dnsmasq crash with TCP
This is a backport from the dnsmasq master which should fix a bug which
could cause a crash in dnsmasq.

I saw the following crashes in my log:
[522413.117215] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from 2a001450
[522413.124464] epc = 004197f1 in dnsmasq[400000+23000]
[522413.129459] ra  = 004197ef in dnsmasq[400000+23000]
This is happening in blockdata_write() when block->next is
dereferenced, but I am not sure if this is related to this problem or if
this is a different problem. I am unable to reproduce this problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 414d054138)
4 years ago
Petr Štetiar 54711e528d x86: fix missing led variable warning during boot
Fixes following warning during the boot:

 WARNING: Variable 'led' does not exist or is not an array/object

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5816caad26)
4 years ago
Maxim Storchak abb0665bec ca-certificates: provide ca-certs by both ca-certificates and ca-bundle
- both packages provide ca-certs
- make ca-bundle the default provider

This should allow easy transition between these two forms of CA certificates storage

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
(cherry picked from commit dd299805ad)
4 years ago
Hauke Mehrtens e9929ebeea ramips: Fix sysupgrade for Xiaomi mir3g
Without this change sysupgrade from 18.06 to 19.07 is only possible with
the -F option.
In OpenWrt 18.06 the nand_do_platform_check() function is called with
the board name mir3g only, if the tar does not use mir3g it will fail.
OpenWrt 19.07 and later support the metadata with the supported_devices
attribute to allow renaming. Do the renaming of the target between 19.07
and master like it is done for some other boards.

I tested the following sysupgrades successfully without -F
18.06 -> 19.07
19.07 -> master
master -> 19.07

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
Jack Chen dc399c4e12 ramips: remove duplicate dts nodes of MediaTek LinkIt Smart 7688
There are two identical wmac nodes in the dts file of MediaTek
LinkIt Smart 7688, so delete one of them.

Signed-off-by: Jack Chen <redchenjs@live.com>
(cherry picked from commit 4be271a486)
4 years ago
Petr Štetiar a5653ec87e package: remove accidentally added symlink
In the commit f3439c4019 ("procd: update to version 2020-01-04") I've
somehow managed to add local testing symlink to the uledd package, so
removing it now.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Jo-Philipp Wich 6395ac4126 fstools: update to latest Git HEAD
823faa0 block: re-discover mtd devices on extroot mount retry

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 22a178e892)
4 years ago
Petr Štetiar f3439c4019 procd: update to version 2020-01-04
Contains following changes:

 a5af33ce9a16 instance: strdup string attributes
 d2e8bf6ef7cf system: watchdog_set: fix misleading indentation
 9814807bd71c system: sysupgrade: fix possibly misleading error
 c7a2db3c1eb6 system: sysupgrade: rework firmware validation
 ea45c4a0f07c system: fix failing image validation due to EINTR
 4fde95506243 cmake: fix lookup of external libraries
 5ed190aae1b3 jail: remove accidentally added lines
 52c5c1980ba3 jail: set user and group inside jail
 3aa051b44177 system: sysupgrade: close input side of pipe before reading
 f47622e89c4d instance: Warn about unexpected number of parameters
 564ecdfd9cc4 instance: ujail: Fix allocated size for no_new_privs parameter
 7fb2e1dfa221 procd: simplify code in procd_inittab_run
 4a127c3c60af procd: replace exit(-1) with exit(EXIT_FAILURE)
 bc0a73eaad58 procd: add upgraded binary to .gitignore
 ba4c4dbbbd65 procd: add start-console support
 3e39fe539490 procd: shift arguments for askfirst only once
 5d6282906baf procd: skip respawn in case device disappeared
 d27949f12fd7 procd: guard fork_worker calls
 258aa04328a2 procd: Add cached and available to memory table
 8e9fb51fa66e procd: Switch to nanosleep
 c844ace9729a system: Fix possible integer overflows

Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Petr Štetiar 64c45d95d6 ubus: update to version 2019-12-27
Contains following changes:

 041c9d1c052b ubusd/libubus-io: fix socket descriptor passing
 8f2292478c57 ci: enable unit testing
 a1523d76b016 fix blob parsing vulnerability by using blob_parse_untrusted
 c60583743ccf ubus_monitor: workaround possibly false positive uses of memory after it is freed
 dac6c7c575ac ubusd_monitor: fix possible null pointer dereference
 060dfbb26da3 ubus_common: remove duplicate ARRAY_SIZE and add missing include
 c5f2053dfcfd workaround possibly false positive uses of memory after it is freed
 72be8e93f07d lua: ubus_lua_do_subscribe: fix copy&paste error
 a995b1e68129 lua: workaround false positive dereference of null pointer
 08f17c87a000 add fuzzer and cram based unit tests
 c413be9b376c refactor ubusd.c into reusable ubusd_library
 afd47189e864 examples: remove dead increments
 b2e544238672 add initial GitLab CI support
 058f4e9526ed libubus: fix incompatible pointer types assigment
 d2e026a33df8 iron out all extra compiler warnings
 5d7ca8309d0a ubusd/libubus-io: fix variable sized struct position warning
 d61282db5640 ubusd: fix comparison of integers of different signs
 90fb16234c22 cmake: enable extra compiler checks
 2e051f628996 ubus: Support static builds
 588baa3cd784 ubusd: retry sending messages on EINTR
 76ea27a62774 libubus: attempt to receive data before calling poll
 4daab27d004f libubus: do not abort recv_retry before completing a message

and bumps ABI_VERSION to 20191227.

Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Petr Štetiar 04fd5e22b2 libubox: update to version 2019-12-28
Contains following changes:

 cd75136b1342 blobmsg: fix wrong payload len passed from blobmsg_check_array
 eb7eb6393d47 blobmsg: fix array out of bounds GCC 10 warning
 86f6a5b8d1f1 blobmsg: reuse blobmsg_namelen in blobmsg_data
 586ce031eaa0 tests: fuzz: fuzz _len variants of checking methods
 b0e21553ae8c blobmsg: add _len variants for all attribute checking methods
 cd3059796a57 Replace use of blobmsg_check_attr by blobmsg_check_attr_len
 143303149c8b Ensure blob_attr length check does not perform out of bounds reads
 f2b2ee441adb blobmsg: fix heap buffer overflow in blobmsg_parse
 4dfd24ed88c4 blobmsg: make blobmsg_len and blobmsg_data_len return unsigned value
 2df6d35e3299 tests: add test cases for blobmsg parsing
 8a34788b46c4 test: fuzz: add blobmsg_check_attr crashes
 478597b9f9ae blob: fix OOB access in blob_check_type
 325418a7a3c0 tests: use blob_parse_untrusted variant
 0b24e24b93e1 blob: introduce blob_parse_untrusted
 6d27336e4a8b blob: refactor attr parsing into separate function
 833d25797b16 test: fuzz: add blob_parse crashes
 09ee90f8d6ed tests: add test cases for blob parsing
 436d6363a10b tests: add libFuzzer based tests
 bf680707acfd tests: add unit tests covered with Clang sanitizers
 f804578847de cmake: add more hardening compiler flags
 46f8268b4b5b blobmsg/ulog: fix format string compiler warnings
 eb216a952407 cmake: use extra compiler warnings only on gcc6+
 07413cce72e1 tests: jshn: add more test cases
 26586dae43a8 jshn: fix missing usage for -p and -o arguments
 8e832a771d3a jshn: fix off by one in jshn_parse_file
 cb698e35409b jshn: jshn_parse: fix leaks of memory pointed to by 'obj'
 c42f11cc7c0f jshn: main: fix leak of memory pointed to by 'vars'
 93848ec96dc5 jshn: refactor main into smaller pieces
 9b6ede0e5312 avl: guard against theoretical null pointer dereference
 c008294a8323 blobmsg_json: fix possible uninitialized struct member
 0003ea9c45cc base64: fix possible null pointer dereference
 8baeeea1f52d add assert.h component
 b0a5cd8a28bf add cram based unit tests
 1fefb7c4d7f9 add initial GitLab CI support
 c955464d7a9b enable extra compiler checks
 6228df9de91d iron out all extra compiler warnings

and bumps ABI_VERSION to 20191228.

Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Petr Štetiar bf99f79200 base-files: sysupgrade: exit if the firmware download failed
Sysupgrade process shouldn't continue if the firmware image couldn't be
downloaded.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020940.html
Reported-by: Petr Novák <petrn@me.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cf3da66d2c)
4 years ago
Klaus Kudielka 3140d38042 base-files: upgrade: add case to export_bootdevice
The factory uboot of the Turris Omnia boots with "root=b301", and we
instruct new users to sysupgrade from there (e.g. method 1, step 7).
Currently, this will fail with "Unable to determine upgrade device".
Add a new case to export_bootdevice, which parses the hex argument.

Ref: https://github.com/openwrt/openwrt/pull/2340#issuecomment-561317688
Fixes: 2e5a0b81ec ("mvebu: sysupgrade: sdcard: keep user added partitons")
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3a4f587c46)
4 years ago
Florian Fainelli 3c11032039 sunxi: Turn on CONFIG_PINCTRL_SUN4I_A10 for A20
CONFIG_PINCTRL_SUN4I_A10 controls both the A10 and the A20 enablong of
the pinctrl driver, this is necessary since upstream commit
5d8d349618a9464714c07414c5888bfd9416638f ("pinctrl: sunxi: add A20
support to A10 driver") which has been included in v4.13 and onwards.

Fixes: ad2b3bf310 ("sunxi: Add support for kernel 4.14")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 32e4eaef1b)
4 years ago
Eneas U de Queiroz 3fc47dd443 wolfssl: bump to 4.3.0-stable
This update fixes many bugs, and six security vulnerabilities, including
CVE-2019-18840.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d5ede68f8b)
4 years ago
Hauke Mehrtens 330046922b kernel: bump 4.14 to 4.14.162
Refreshed all patches.

Compile-tested on: ipq40xx, ramips
Runtime-tested on: ipq40xx

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
Hauke Mehrtens 084dfb8ebd kernel: bump 4.14 to 4.14.161
Refreshed all patches.

Compile-tested on: ipq40xx, ramips
Runtime-tested on: ipq40xx

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
David Bauer f8543adb14 mt76: update to the latest openwrt-19.07 version
8a78567 mt76: fix compilation warning in mt76_eeprom_override()

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years ago
David Bauer bce5342fb6 mt76: fix incorrect firmware path
The mt76 driver does load the firmware for the MT7615 chip from
/lib/firmware/mediatek instead of /lib/firmware. The driver loads the
firmware from this path since mt76 commit
ea3ab68c7589 ("mt76: mt7615: fix mt7615 firmware path definitions").

Fixes: a2e2c40b5e ("mt76: update to the latest openwrt-19.07 version")

Reported-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Segers <foss@volatilesystems.org>
4 years ago
David Bauer 594f731e04 ramips: fix Archer C20i wireless MAC address
The TP-Link Archer C20i previously had a generic Ralink MAC address set
for both radios, as the caldata does only contain a generic MAC address.

Set the MAC address from the vendor firmware for both radios to assign
unique MAC addresses to every device.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 3b013dcdf8)
4 years ago
David Bauer 037a151c56 ramips: fix Archer C2 v1 5GHz MAC address
The TP-Link Archer C2 v1 previously had a generic Ralink MAC address set
for the 5GHz radio (MT7610), as the caldata does only contain a generic
MAC address.

Set the MAC address from the vendor firmware for the 5GHz radio to
assign unique MAC addresses to every device.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit dcc923a4c4)
4 years ago
David Bauer 3e8b66e0da ramips: add system LED indicators for TP-Link C20i
Use the WPS LED to indicate system status like it is done for the
TP-Link Archer C2 v1 and many other boards.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit a272fafc9c)
4 years ago
David Bauer 80e0b97d07 ramips: convert TP-Link MT7620 boards to tpt trigger
This converts all MediaTek MT7620 boards from TP-Link to use the now
supported WiFi throughput LED trigger. This way, the LED state now
covers all VAPs regardless of their name.

Also align all single-WiFi LEDs to represent the state of the 2.4GHz
radio. This was not always the case previously, as later-added support
for the MT7610 altered the phy probing order.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 1e7c6381f0)
4 years ago
David Bauer a2e2c40b5e mt76: update to the latest openwrt-19.07 version
330e832 mt76: mt76x0: fix default mac address overwrite
f97c33e mt76: mt7603: fix input validation issues for powersave-filtered frames
875f6d7 mt76: mt7615: increase MCU command timeout
abd7d86 mt76: clear skb pointers from rx aggregation reorder buffer during cleanup
96c7b07 mt76: eeprom: add support for big endian eeprom partition
19c8e20 mt76: fix possible undetected invalid MAC address
df64c56 mt76: Off by one in mt76_calc_rx_airtime()
1702b24 mt76: mt7603: reset STA_CCA counter setting the channel
383a631 mt76: mt76x0u: do not reset radio on resume
2dcfbdd mt76: disable bh in mt76_dma_rx_poll
947d20d mt76: fix rx dma ring descriptor state on reset
f3348f5 mt7615: replace sta_state callback with sta_add/sta_remove
faf5e6f mt76: mt7615: read {tx,rx} mask from eeprom
db78ee0 mt76: move mt76_get_antenna in mt76_core module
7121e16 mt76: fix possible out-of-bound access in mt7615_fill_txs/mt7603_fill_txs
5dfb0ec mt76: mt7615: disable radar pattern detector during scanning
e2f90ad mt76: move interface_modes definition in mt76_core module
cfdb751 mt76: mt7615: add ibss support
e0731a8 mt76: move SUPPORTS_REORDERING_BUFFER hw property in mt76_register_device
a85c06c mt76: use mt76_dev in mt76_is_{mmio,usb}
ea19cd7 mt76: Remove set but not used variable 'idx'
3cbaf81 mt76: mt76u: rely on a dedicated stats workqueue
20f0589 mt76: mt76u: rely on usb_interface instead of usb_dev
f2be00b mt76: dma: fix buffer unmap with non-linear skbs
c14d656 mt76: mt76x2e: disable pcie_aspm by default
58e1e96 mt76: mt7615: remove unneeded semicolon
c93a2d1 mt76: mt76x02u: update ewma pkt len in mt76x02u_tx_prepare_skb
1987b74 mt76: mt76x0: remove 350ms delay in mt76x0_phy_calibrate
50b1e9b mt76: refactor cc_lock locking scheme
d868638 mt76: remove obsolete .add_buf() from struct mt76_queue_ops
dc14ac6 mt7615: remove vif sta from poll list on interface remove
2a0a191 mt7603: remove vif sta from poll list on interface remove
d3a5895 mt76: fix a-mpdu boundary detection issue for airtime reporting
391e148 mt76: add sanity check for a-mpdu rx wcid index
01642d8 mt76: mt76x02: fix use-after-free in tx status code handling airtime
c11a4ad mt76: mt76x0: eeprom: add support for MAC address from OF
d94cc81 mt76: drop rcu read lock in mt76_rx_aggr_stop
7d8764d mt76: avoid enabling interrupt if NAPI poll is still pending
5b02a07 mt76: add missing locking around ampdu action
71c2ef0 mt76: fix aggregation stop issue
6f7d0f5 mt76: fix use-after-free bug in airtime fairness code
8f22de0 mt76: do not use devm API for led classdev
e7199f9 mt76: enable airtime fairness
81f2be0 mt76: mt7615: track tx/rx airtime for airtime fairness
2579122 mt76: mt7615: introduce mt7615_mac_wtbl_update routine
d91f7c1 mt76: mt7615: fix survey channel busy time
028071d mt76: mt7615: report tx_time, bss_rx and busy time to mac80211
0e5050e mt76: mt76x02: track approximate tx airtime for airtime fairness and survey
3429cc7 mt76: mt76x02: move MT_CH_TIME_CFG init to mt76x02_mac_cc_reset
de118bb mt76: unify channel survey update code
fdf0163 mt76: mt7603: switch to a different counter for survey busy time
ee31030 mt76: mt7603: track tx airtime for airtime fairness and survey
f34b1ae mt76: track rx airtime for airtime fairness and survey
a1d6891 mt76: store current channel survey_state in struct mt76_dev
b042987 mt76: rename mt76_driver_ops txwi_flags to drv_flags and include tx aligned4
2027763 mt76: report rx a-mpdu subframe status
1ddcadb mt76: mt7603: remove q_rx field from struct mt7603_dev
ea3ab68 mt76: mt7615: fix mt7615 firmware path definitions
081926a mt76: mt7603: collect aggregation stats
696c0fc mt76: mt7615: collect aggregation stats
23e8aed mt76: move aggr_stats array in mt76_dev
1118b5e mt76: mt7615: add queue entry in debugfs
fbc59e6 mt76: move queue debugfs entry to driver specific code
0b01ace mt76: mt76x02u: move mt76x02u_mac_start in mt76x02-usb module
c394887 mt76: mt76x0u: reset counter starting the device
0355b7a mt76: mt76x2: move mt76x02_mac_reset_counters in mt76x02_mac_start
f3792b5 mt76: mt76x02: move mac_reset_counter in mt76x02_lib module
63e8152 mt76: mt7615: enable SCS by default
b140512 mt76: mt76x0e: make array mt76x0_chan_map static const, makes object smaller
a20c20b mt76: usb: add lockdep_assert_held in __mt76u_vendor_request
0308d75 mt76: remove empty flag in mt76_txq_schedule_list
0efbc5d mt76: use cancel_delayed_work_sync in mt76_rx_aggr_shutdown
9c5df3c mt76: remove aggr_work field from struct mt76_wcid
8739f87 mt76: mt7615: fix control frame rx in monitor mode
e07407a mt7603: fix build with CONFIG_KERNEL_DYNAMIC_DEBUG=y
c7f8214 mt76: mt7615: add support to read temperature from mcu
6797378 mt76: mt7615: introduce mt7615_txwi_to_txp utility routine
496c78e mt76: mt76x0: remove unneeded return value on set channel
1d2acd5 mt76: mt76x0: remove redundant chandef copy
0167bfa mt76: make mt76_rx_convert static

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years ago
Moritz Warning 1f927bd2f0 ramips: fix inverted reset button for Ravpower WD03
The button events "pressed" and "released" were switched. Tested with v18.06.4.

Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit 3e1325b219)
4 years ago
David Bauer 7ab5dc77b2 ramips: add LED trigger for TL-WR902AC v3 WAN LED
This adds an LED trigger for the WAN LED on top of the TP-Link
TL-WR902AC v3. Currently, only the LED on the port itself shows the link
state, while the LED on top of the device stays dark.

The WAN port of the device is a hybrid LAN/WAN one, hence why the LED at
the port was labled LAN.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit c48b571ad7)
4 years ago
David Bauer ad4b939bd0 rt2x00: add throughput LED trigger
This adds a (currently missing) throughput LED trigger for the rt2x00
driver. Previously, LED triggers had to be assigned to the netdev, which
was limited to a single VAP.

Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Christoph Krapp <achterin@googlemail.com>
(cherry picked from commit 985ec835ae)
4 years ago
Felix Fietkau 91dde4291c mac80211: fix build without CONFIG_PCI
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit fa37dbbc43)
4 years ago
Felix Fietkau 30301dfcf0 mac80211: add patch to include local BSS rx time in survey information
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 6a3739dc42)
4 years ago
Felix Fietkau da7dde8993 mac80211: add pcie apsm backport changes
Required for newer versions of mt76

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit d64daf7026)
4 years ago
Adrian Schmutzler 62d5ece70b ramips: remove bogus ralink,mtd-eeprom with offset 0x4
Several devices in mt76x8 subtarget use the following line to set
up wmac in their DTS(I) files:

ralink,mtd-eeprom = <&factory 0x4>

This is strange for several reasons:
- They should use mediatek,mtd-eeprom on this SOC
- The caldata is supposed to start at 0x0
- The parent DTSI mt7628an.dtsi specifies mediatek,mtd-eeprom anyway,
  starting from 0x0
- The offset coincides with the default location of the MAC address
  in caldata

Based on the comment in b28e94d4bf ("ramips: MiWiFi Nano fixes"),
it looks like the author for this device wanted to actually use
mtd-mac-address instead of ralink,mtd-eeprom. A check on the same
device revealed that actually the MAC address start at offset 4 there,
so the correct caldata offset is 0x0.

Based on these findings, and the fact that the expected location on
this SOC is 0x0, we remove the "ralink,mtd-eeprom = <&factory 0x4>"
statement from all devices in ramips (being only mt7628an anyway).

Thanks to Sungbo Eo for finding and researching this.

Reported-by: Sungbo Eo <mans0n@gorani.run>
Fixes: b28e94d4bf ("ramips: MiWiFi Nano fixes")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 09d38a3bc3)
4 years ago
Paul Fertser 94153971bb ipq40xx: use ath10k-ct-smallbuffers for 128 MiB devices
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
(cherry picked from commit 0b7d779dcf)
4 years ago
Hauke Mehrtens d13c6d078e kernel: bump 4.14 to 4.14.160
Refreshed all patches.

Compile-tested on: ipq40xx, ath79
Runtime-tested on: ipq40xx

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
Koen Vandeputte f80272dd9c kernel: bump 4.14 to 4.14.159
Refreshed all patches.

Remove upstreamed:
- 302-0002-dmaengine-dw-implement-per-channel-protection-contro.patch

Fixes:
- CVE-2019-19332

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Paul Fertser 3030abfa7e ath79: use ath10k-ct-smallbuffers for 64 MiB devices
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
4 years ago
Hauke Mehrtens 36057763fa ath10k-firmware: Add kmod-ath10k-ct-smallbuffers to depends
Only select ath10k-ct-regular when smallbuffers version was not
selected.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 80f06cb601)
4 years ago
Paul Fertser 450b306e54 kernel: ath10k-ct: provide a build variant for small RAM devices
According to many bugreports [0][1][2] the default ath10k-ct kernel
module is unusable on devices with just 64 MiB RAM or with 128 MiB and
dual ath10k cards. The target boards boot but eventually oom-killer
starts to interfere with normal operation, so the current state is
effectively broken.

Since the two patches in question have a performance impact (and
possibly some other unexpected side-effects) a dedicated build variant
is added so that users of the low RAM devices can still benefit from all
the ath10k-ct advantages.

According to testing [3] results, the issue can be experienced even with
"a 256MB device with three radios". Measured performance impact of
implementing small buffers was lowering "the maximum 5 GHz throughput on
an IPQ40xx device without RPS/XPS optimizations from 494/432 Mbit/s for
TCP transfers (download/upload) to 438/343 Mbit/s"

The patches were apparently inspired by QSDK tweaks used by ODMs for the
affected devices.

[0] http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020573.html
[1] https://github.com/openwrt/openwrt/pull/1077
[2] https://bugs.openwrt.org/index.php?do=details&task_id=2664
[3] https://github.com/freifunk-gluon/gluon/pull/1440#issue-195607701

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
[Remove double CONFIG_ATH10K-CT_LEDS entry]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1ac627024d)
4 years ago
Jo-Philipp Wich e50d44d985 fstools: update to latest git HEAD
b4e25d5 libblkid-tiny: fix symbol collision with full libblkid

Fixes: FS#2691, FS#2692
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5f4244150f)
4 years ago
Rafał Miłecki 6a151d6558 fstools: update to latest git HEAD
111a43f libblkid-tiny: vfat: Change parsing label in special cases
f43a1aa libblkid-tiny: vfat: Fix reading labels which starts with byte 0x05
157924d libblkid-tiny: add blkid_probe_set_id_label() stub
0c5761f libblkid-tiny: use separated buffer for each block device read
b82c5c1 libblkid-tiny: add functions for allocating & freeing probe struct
12851d6 blockd: don't flush devices list on "hotplug" call
5ea47fe blockd: fix vlist memory corruption

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4ebc9dc9c4)
4 years ago
Yousong Zhou 43c5927312 fstools: bump to version 2019-11-03
2f2a09a block: mount_device: err log only when mp deviates from spec
da4edc1 block: mount_device: skip extroot earlier
32c3126 block: mount_action: handle mount/umount deps
fb0700f block: support hierarchical mount/umount
1212b5b block: umount: skip / unless -a is given
eda8b3f block: use fsck.fat instead of dosfsck
d05276d libblkid-tiny: ntfs: fix use-after-free

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit e4af39d563)
4 years ago
Hauke Mehrtens f7779d64ba fstools: update to latest Git HEAD
4327ed4 mkdev: Avoid out of bounds read
9b3eb63 libblkid-tiny: use blkid_probe_set_utf8label for label set
c9d0462 libblkid-tiny: adds blkid_probe_set_utf8label support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 541a321070)
4 years ago
Yousong Zhou ab7386bd67 libubox: bump to version 2019-10-29
It contains a single change to vlist.h header file: "vlist: add more
macros for loop iteration".  This is needed for newer version of fstools

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 51e7624776)
4 years ago
Roman Yeryomin c34499a6e4 libubox: update to latest git HEAD
eb30a03 libubox, jshn: add option to write output to a file

Signed-off-by: Roman Yeryomin <roman@advem.lv>
(cherry picked from commit c0e7ec91a0)
4 years ago
Sungbo Eo 7203a58d7b kernel: remove LINUX_4_9 dependency of kmod-dax
This patch resolves recursive dependency warning on a feed package:

$ make defconfig
Collecting package info: done
tmp/.config-package.in:104721:error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:104721:symbol PACKAGE_nfs-kernel-server depends on NFS_KERNEL_SERVER_V4
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
feeds/packages/net/nfs-kernel-server/Config.in:4:symbol NFS_KERNEL_SERVER_V4 depends on PACKAGE_nfs-kernel-server
#
# configuration written to .config
#

19.07 branch uses kernel 4.14 only, so CONFIG_LINUX_4_9 symbol is not
needed anyway.

Ref: https://github.com/openwrt/packages/issues/10490

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
4 years ago
Jiri Kastner 0c07224b5a scripts/dowload.pl: add archive.apache.org to apache mirror list
apache mirrors holds only latest releases, to download
older releases, one must use archive.apache.org to get
them.

Signed-off-by: Jiri Kastner <cz172638@gmail.com>
(cherry picked from commit dc34c695c4)
4 years ago
Sungbo Eo 4fba5dc103 kernel: fix *-gpio-custom module unloading
Unloading and reloading the modules fails, as platform_device_put() does not
release resources fully.

root@OpenWrt:/# insmod i2c-gpio-custom bus0=0,18,0,5
[  196.860620] Custom GPIO-based I2C driver version 0.1.1
[  196.871162] ------------[ cut here ]------------
[  196.880517] WARNING: CPU: 0 PID: 1365 at fs/sysfs/dir.c:31 0x80112158
[  196.893431] sysfs: cannot create duplicate filename '/devices/platform/i2c-gpio.0'
...
[  197.513200] kobject_add_internal failed for i2c-gpio.0 with -EEXIST, don't try to register things with the same name in the same directory.

This patch fixes it by replacing platform_device_put() to
platform_device_unregister().

Fixes: da77408537 ("i2c-gpio-custom: minor bugfix")
Fixes: 3bc81edc70 ("package: fix w1-gpio-custom package (closes #6770)")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit a22b7a60d9)
4 years ago
Rosen Penev df45ef5436 cmake: Install host packages to lib instead of lib64
Several CMake packages such as log4cplus and protobuf(-c) install to
lib64 instead of lib on some hosts. This completely breaks rpath linking.
Override it globally to avoid fixing each package individually.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 383abffb11)
4 years ago
Bjørn Mork 6351205d73 adb: fix for SuperSpeed devices
The USB descriptor parsing in adb fails to detect SuperSpeed devices
because of the SuperSpeed Endpoint Companion Descriptor.  This
cherry-picks the upstream fix for the problem.

Unfortunately there never were a release with this fix before the
conversion to C++, so upgrading to a newer version isn't an option.

This makes adb work with SuperSpeed devices like the Sierra Wireless
EM7565.  Tested and verified.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit d034a1f457)
4 years ago
Jeffery To d2e87c7800 toolchain/gcc: Backport patch to fix unconditional MULTIARCH_DIRNAME
This backports the patch for GCC PR target/89587 (gcc's rs6000
configuration unconditionally sets MULTIARCH_DIRNAME, even when
multiarch is disabled).

This currently affects apm821xx and may cause issues when
cross-compiling packages, e.g. Python 3[1].

This includes patches for GCC 8 (with the changelog diff removed);
this change is already included in GCC 9.2 and 7.5.

[1]: https://github.com/openwrt/packages/issues/10552

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
[Removed patch for GCC 7.4.0, GCC 7.5.0 already contains this]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit c102f702e7)
4 years ago
Yorkie Liu a7d880e830 toolchain/gcc: correct the check expr for newer clang
This fixes gcc build error within clang 11.0, it tweaks the version
string from LLVM to clang.

Signed-off-by: Yorkie Liu <yorkiefixer@gmail.com>
(cherry picked from commit 65a561fd09)
4 years ago
Aleksander Jan Bajkowski 3a863da268 lantiq: fix phys led
led2l and led2h value is incorrectly set by led3l and led3h.
Bug was introduced in commit: 863e79f8d5

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
Fixes: 863e79f8d5 ("lantiq: add support for kernel 4.9")
(cherry picked from commit 692390225d)
4 years ago
Jo-Philipp Wich 18107f4481 uhttpd: reset PKG_RELEASE
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 97af1fc979)
4 years ago
Jo-Philipp Wich 414ea30927 uhttpd: update to latest Git HEAD
5f9ae57 client: fix invalid data access through invalid content-length values

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f34f9a414d)
4 years ago
Sungbo Eo 27eea24921 ar71xx: fix MAC address setup for TL-WDR4300 board
The current ethernet MAC address setup of TL-WDR4300 board is different
from the setup of stock firmware:

OpenWrt: lan = label_mac -2, wan = label_mac -2
  stock: lan = label_mac,    wan = label_mac +1

This patch applies to all devices using TL-WDR4300 board:
TL-WDR3600 v1
TL-WDR4300 v1
TL-WDR4300 v1 (IL)
TL-WDR4310 v1
Mercury MW4530R v1

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 9b02d32e34)
4 years ago
Sungbo Eo 9bdd3d39ad ath79: fix MAC address setup for TP-Link TL-WDR3600/TL-WDR4300
The current ethernet MAC address setup of TL-WDR4300 board is different
from the setup of stock firmware:

OpenWrt: lan = label_mac -2, wan = label_mac -2
  stock: lan = label_mac,    wan = label_mac +1

The full address assignment is as follows:
LAN  label
WAN  label + 1
5G   label
2G   label - 1

This patch changes all devices using TL-WDR4300 board:
TL-WDR3600 v1 (checked on device)
TL-WDR4300 v1 (checked on device)
TL-WDR4300 v1 (IL)

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[rephrase/extend commit title/message, backport]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a4260eaab7)
4 years ago
Sungbo Eo 08c850f046 ramips: fix USB LED for Belkin F9K1109v1
Device support for Belkin F9K1109v1 was added using set_usb_led()
although this was removed in 772b27c207 ("ramips: set F5D8235 v1
usb led trigger via devicetree").

Use ucidef_set_led_usbport() instead.

Fixes: f2c83532f9 ("ramips: add support for Belkin F9K1109v1")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[rephrase commit title and message, backport]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 1f455418ef)
4 years ago
Rafał Miłecki 2c16044ccf mac80211: brcm: add support for BCM4359 SDIO chipset
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 17e2246eca)
4 years ago
Rafał Miłecki c0f2905fa9 mac80211: brcm: backport 5.5 and 5.6 kernel patches
This update doesn't include:
3b1e0a7bdfee brcmfmac: add support for SAE authentication offload
be898fed355e brcmfmac: send port authorized event for FT-802.1X
due to nl80211 dependencies.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c3aa33bf70)
4 years ago
Sungbo Eo 3243523c46 ath79: migrate LED paths of TL-WDR4300 board
TL-WDR4300 board uses only green LED names in DTSI.
This patch adds migration for them.

The actual LED colors on the devices have been reported to vary
across subrevisions (v1.x). Despite, the USB LEDs on the back might
have different color than the other LEDs on the front.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[extended commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 01d39cd18c)
4 years ago
Daniel Golle d0a71a89e1 malta: remove CONFIG_LEGACY_PTY from kernel config
Having legacy PTYs enabled causes problems with procd-hotplug.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e964338110)
4 years ago
Daniel Golle 9e6fb4463b sunxi: remove CONFIG_LEGACY_PTY from kernel config
Having legacy PTYs enabled causes problems with procd-hotplug.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2105354968)
4 years ago
Daniel Golle 4aebbaeac1 layerscape: remove CONFIG_LEGACY_PTY from kernel config
Having legacy PTYs enabled causes problems with procd-hotplug.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 414d027ae8)
4 years ago
Daniel Golle a2ac5b3a97 kirkwood: remove CONFIG_LEGACY_PTY from kernel config
Having legacy PTYs enabled causes problems with procd-hotplug.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 411e824ec3)
4 years ago
Daniel Golle a467f39e55 at91: disable legacy PTYs and virtual terminals
Enabling legacy PTYs causes problems with procd-hotplug.
And as this is a headless target, no need to have virtual terminals.
Remove corresponding kernel config options, they are disabled in
generic kernel config.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c1db4d9c56)
4 years ago
Daniel Golle a77d4bc3a5 mpc85xx: remove CONFIG_LEGACY_PTY from kernel config
Having legacy PTYs enabled causes problems with procd-hotplug.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d0d7f5d9e4)
4 years ago
Daniel Golle 40a7e761a0 uml: remove CONFIG_LEGACY_PTY from kernel config
Having legacy PTYs enabled causes problems with procd-hotplug.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit dcf48fda05)
4 years ago
Daniel Golle 852ec97e1c oxnas: disable legacy PTYs and virtual terminals
Enabling legacy PTYs causes problems with procd-hotplug.
And as this is a headless target, no need to have virtual terminals.
Remove corresponding kernel config options, they are disabled in
generic kernel config.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c881769a55)
4 years ago
Hans Dedecker 1f1867dd9b odhcpd: optimize syslog priority values
e53fec8 treewide: optimize syslog priority values

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years ago
Manuel Kock 03c93679b4 lantiq: remove redundant WiFi LED on FRITZ!Box 7320
The led wireless trigger is already set correctly to phy0tpt through the
alias in the device tree.

Signed-off-by: Manuel Kock <github.web@manu.li>
[rephrased commit title]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 509894cffb)
4 years ago
David Bauer 795df80917 mpc85xx: add support for Enterasys WS-AP3710i
Hardware
--------

SoC:   NXP P1020 (2x e500 @ 800MHz)
RAM:   256M DDR3 (Micron)
FLASH: 32M NOR (Spansion S29GL128S)
BTN:   1x Reset
WiFi:  1x Atheros AR9590 2.4 bgn 3x3
       2x Atheros AR9590 5.0 an 3x3
ETH:   1x Gigabit Ethernet (Atheros AR8033)
LED:   System (green/red) - Radio{0,1} (green)
       LAN (connected to PHY)
        - GE blue
        - FE green

Serial is a Cisco-compatible RJ45 next to the ethernet port.
115200-N-8 are the settings for OS and U-Boot.

Installation
------------

1. Grab the OpenWrt initramfs, rename it to 01C8A8C0.img. Place it in
   the root directory of a TFTP server and serve it at
   192.168.200.200/24.

2. Connect to the serial port and boot the AP. Stop autoboot in U-Boot
   by pressing Enter when prompted. Credentials are identical to the one
   in the APs interface. By default it is admin / new2day.

3. Set the bootcmd so the AP can boot OpenWrt by executing

   $ setenv boot_openwrt "setenv bootargs;
     cp.b 0xee000000 0x1000000 0x1000000; bootm 0x1000000"
   $ setenv bootcmd "run boot_openwrt"
   $ saveenv

   If you plan on going back to the vendor firmware - the bootcmd for it
   is stored in the boot_flash variable.

4. Load the initramfs image to RAM and boot by executing

   $ tftpboot 0x1000000 192.168.200.200:01C8A8C0.img; bootm

5. Make a backup of the "firmware" partition if you ever wish to go back
   to the vendor firmware.

6. Upload the OpenWrt sysupgrade image via SCP to the devices /tmp
   folder.

7. Flash OpenWrt using sysupgrade.

   $ sysupgrade -n /tmp/openwrt-sysupgrade.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 16b01fb1b9)
4 years ago
Hans Dedecker 3959f11005 glibc: update to latest 2.27 commit (BZ #2503, BZ #2504)
bef0b1cb31 libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203]
4d5cfeb510 rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]
92f04eedb5 mips: Force RWX stack for hard-float builds that can run on pre-4.8 kernels

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years ago
Alin Nastac a50c2190d3 glibc: backport fix for regexec buffer read overrun
Problem found by AddressSanitizer[1]:

 Latest `grep` (git commit 1019e6e) compiled with asan may cause a
 heap-buffer-overflow when `-i` is specified.

     ./grep -i '\(\(\)*.\)*\(\)\(\)\1' /bin/chvt

 =================================================================
 ==16206==ERROR: AddressSanitizer: heap-buffer-overflow on address

1. https://debbugs.gnu.org/34140

Ref: https://sourceware.org/bugzilla/show_bug.cgi?id=24114
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
[commit title and description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Hans Dedecker 929c6d733a glibc: update to latest 2.27 commit (BZ#23637)
5b4f7382af Add undef to fix test failure.
9456483fb2 Improve performance of memmem
373f8b06a3 Improve performance of strstr
4ec1b9e913 Fix strstr bug with huge needles (bug 23637)
ecd6271ed8 Speedup first memmem match
bba6b9288f Simplify and speedup strstr/strcasestr first match
7a4da6ef7a Improve strstr performance

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years ago
Hans Dedecker e8e09c5893 glibc: update to latest 2.27 commit (BZ #24228, BZ #24744, BZ #24699)
5f0d2e0491 [AArch64] Add ifunc support for Ares
e6b7252040 aarch64,falkor: Use vector registers for memcpy
c74b884f70 aarch64,falkor: Ignore prefetcher tagging for smaller copies
0fc5934ebd aarch64/strncmp: Use lsr instead of mov+lsr
e0a0bd3acc aarch64/strncmp: Unbreak builds with old binutils
638caf3000 aarch64: Improve strncmp for mutually misaligned inputs
d5f45a29ff aarch64/strcmp: fix misaligned loop jump target
7f690fafad aarch64: Improve strcmp unaligned performance
40df047b3b aarch64: Fix branch target to loop16
062139f233 aarch64: Optimized memcmp for medium to large sizes
f3e2add213 aarch64: Use the L() macro for labels in memcmp
22bd3ab40e posix: Fix large mmap64 offset for mips64n32 (BZ#24699)
bdd16894aa aarch64: handle STO_AARCH64_VARIANT_PCS
0b48caab9a aarch64: add STO_AARCH64_VARIANT_PCS and DT_AARCH64_VARIANT_PCS
949da7f2fd io: Remove copy_file_range emulation [BZ #24744]
f056ac8363 libio: do not attempt to free wide buffers of legacy streams [BZ #24228]
5f90e009b1 NEWS: add entries for bugs 22964, 24180, and 24531

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years ago
Adrian Schmutzler 6e24df296c ath79: add support for TP-Link TL-WDR4300 v1 (IL)
The TL-WDR4300 v1 sold in Israel has a different TPLINK_HWID.

Thanks to Josh4300 for testing on device.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit c642a97aa6)
4 years ago
Adrian Schmutzler 52c9f95178 ramips: allow JCG_MAXSIZE in kiB in Build/jcg-header
This allows JCG_MAXSIZE to be specified in kilobytes. This makes
this value more consistent and easier comparable with other size
variables.

This also changes the only occurence of the variable, for Cudy WR1000.

This is backported to 19.07 for convenience, as other developers
backporting device support might not be aware that JCG_MAXSIZE in
kilobytes would not work there.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 0bf4d681d4)
4 years ago
Olli Asikainen e33a123140 brcm47xx: add switch configuration for WNR3500L
Netgear WNR3500L is an already supported device, but out of the
box, the device has no switch configuration and there is no wan.
The correct configuration for this specific model is similar to
some other models. This simple commit adds the correct switch
and the out-of-the-box experience is improved.

Experimentally determined:

Port 0 => WAN
Port 1..4 => LAN
Port 5..7 => unused
Port 8 => CPU

Signed-off-by: Olli Asikainen <olli.asikainen@gmail.com>
Tested-by: Fabian Zaremba <fabian@youremail.eu>
[added port mapping to commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit deb835849a)
4 years ago
Martin Schiller d1d84da1c3 ramips: fix number of LAN Ports for Mikrotik RBM33G
The Mikrotik RBM33G has only 2 LAN ports.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[moved node in 02_network to maintain alphabetic sorting; backport]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 3a55c7935d)
4 years ago
Walter Sonius fa700ed714 ramips: fix switch port order for TP-Link Archer C20i
Physical port order watched from the backside of the C20i
(from left to right) is: Internet / 1 / 2 / 3 / 4

Physical Port	Switch port
WAN             0
LAN 3           1
LAN 4           2
LAN 1           3
LAN 2           4
(not used)      5
CPU             6

Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[commit message/title improvements; backport to 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a065cd29bf)
4 years ago
Koen Vandeputte 0bb4733e67 ath10k-firmware: update Candela Tech firmware images
The release notes since last time for wave-1:

  *  November 29, 2019:  Fix IBSS merge issue, related to TSF id leakage bug in firmware code.
                         Thanks for Ahmed Zaki @ Mage-Networks for helping to diagnose and test.

The release notes since last time for wave-2:

  *  December 6, 2019:  Fix 160Mhz problem caused by logic that did not take into account the fact that
                        160Mhz has only 1/2 of the NSS of lower bandwidths in the rate table.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 30109782df3c74becd60dd13216346e1ea2fcc96)
4 years ago
Koen Vandeputte c3cc419cc6 kernel: bump 4.14 to 4.14.158
Refreshed all patches.

Altered patches:
- 400-mtd-add-rootfs-split-support.patch

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Santiago Piccinini d2d12346e8 mac80211: unify setup of iw htmode for mesh and adhoc
This also fixes mac80211_prepare_vif iw set channel in monitor or
mesh mode.

Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: fixed commit message]
(cherry picked from commit c7fb12beb1)
4 years ago
Daniel Golle 06bf1a9b67 ucert: update to latest git HEAD
e4bd927 cast ucert_argv to proper type when passing to execv

Fixes warnings:

warning: passing argument 2 of 'execv' from incompatible pointer type
[-Wincompatible-pointer-types]
  254 |       execv(usign_argv[0], usign_argv)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9c272dd3e4)
4 years ago
Hauke Mehrtens d74526c1c5 OpenWrt v19.07.0-rc2: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
Hauke Mehrtens 628e996928 OpenWrt v19.07.0-rc2: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
David Bauer db8345d8e4 generic ar8xxx: increase VLAN table for AR83x7
The Atheros AR8327 and AR8337 have (according to their datasheet) a
VLAN table with a maximum of 4096 entries.

Currently, there's a hard limit of 128 VLANs, which is the same as
for most other Atheros switches. Increase this limit only for the
AR83x7 series and modify some shared functions to allow them to work
with a variable max VLAN count.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 3f79aaa297)
4 years ago
Satadru Pramanik cde70954ef busybox: add glibc dependency for vi regex option
Build with musl libc fails with BUSYBOX_DEFAULT_FEATURE_VI_REGEX_SEARCH
enabled. Enabling BusyBox's vi regex search option depends upon GNU
regex.  Musl libc does not support GNU regex[1].

So this patch adds explicit dependency on GNU libc and while at it
remove the FIXME comment.

1. https://wiki.musl-libc.org/functional-differences-from-glibc.html

Ref: https://dev.archive.openwrt.org/ticket/21741.html
Ref: https://forum.openwrt.org/t/busybox-not-compiling/
Ref: https://github.com/openwrt/packages/issues/4453
Signed-off-by: Satadru Pramanik <satadru@umich.edu>
[commit subject/description tweaks, From: fix, USE_GLIBC fix, removed comments]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f1410902e6)
4 years ago
Hauke Mehrtens a4d798e8dd usign: Activate LTO compile option
This decreases the size of the usign application by 16% on MIPS BE.

old:
24,597 /usr/bin/usign

new:
20,501 /usr/bin/usign

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6ffd8a8f92)
4 years ago
Hauke Mehrtens 1fc05c3115 swconfig: Activate LTO compile option
This decreases the size of the swconfig application by 25% on MIPS BE.

old:
16,916 /sbin/swconfig

new:
12,565 /sbin/swconfig

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e926681387)
4 years ago
Hauke Mehrtens 5cb845ebfe mtd: Activate LTO compile option
This decreases the size of the mtd application by 25% on MIPS BE.

old:
20,597 /sbin/mtd

new:
16,421 /sbin/mtd

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1eb34b7287)
4 years ago
Jo-Philipp Wich c38074de92 ramips: disable ZyXel Keenetic by default
Disable the ZyXel Keenetic images by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/72
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 432a349761 ramips: disable WR512-3GN 4MB variant by default
Disable the WR512-3GN 4MB image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/72
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 67aca5f0ae ramips: disable A5-V11 by default
Disable the A5-V11 image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/72
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich eb836ea8e9 ar71xx: disable TP-Link TL-WA855RE by default
Disable the TP-Link TL-WA855RE image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/72
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 59ef47ae2c brcm47xx: disable Linksys E1000 v1 by default
Disable the Linksys E1000 v1 image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/72
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 7232d9247e ramips: disable TP-Link TL-WA750RE by default
Disable the TP-Link TL-WA750RE image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/30
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 531ab59804 ar71xx: disable TP-Link TL-WA850RE by default
Disable the TP-Link TL-WA850RE image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/30
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 634db7930a ramips: disable TP-Link TL-WR840N v5 by default
Disable the TP-Link TL-WR840N v5 image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/29
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 6a124efb99 ramips: disable Sitecom WL-351 by default
Disable the Sitecom WL-351 image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/24
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 2607c02ed5 ramips: disable D-Link DIR-645 by default
Disable the D-Link DIR-645 image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/23
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 02fc43b4b4 ramips: disable D-Link DIR-300 B5/B6/B7 by default
Disable the D-Link DIR-300 B5/B6/B7 image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/18
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 0686418338 ar71xx: disable Netgear WNR2000v4 by default
Disable the Netgear WNR2000v4 image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/11
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 6af348f6a1 ar71xx: disable On Networks N150R by default
Disable the On Networks N150R image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/10
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich c65f09b641 ar71xx: disable TP-Link TL-WA850RE v2 by default
Disable the TP-Link TL-WA850RE v2 image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/9
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 1793baee46 ar71xx: disable Netgear WNR612 v2 by default
Disable the Netgear WNR612 v2 image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/4
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Jo-Philipp Wich 4b759caf51 ramips: disable ASUS RT-N10+ B1 by default
Disable the ASUS RT-N10+ B1 image by default as the device has
insufficient flash space for release build images.

Ref: https://forum.openwrt.org/t/devices-too-big-to-save-overlay/18161/1
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Koen Vandeputte 953d9c384f kernel: bump 4.14 to 4.14.156
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Stijn Tintel 7581a7bebc config: kernel: fix typo in HFSPLUG_FS_POSIX_ACL
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 5f68333952)
4 years ago
Piotr Dymacz 1859391e9e uboot-envtools: ath79: add support for YunCore XD4200 and A782
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 5d2a900163)
4 years ago
Piotr Dymacz 45c9923edf ath79: add support for YunCore XD4200 and A782
YunCore XD4200 ('XD4200_W6.0' marking on PCB) is Qualcomm/Atheros based
(QCA9563, QCA9886, QCA8334) dual-band, Wave-2 AC1200 ceiling AP with PoE
(802.3at) support. A782 model ('T750_V5.1' marking on PCB) is a smaller
version of the XD4200, with similar specification but lower TX power.

Specification:

- QCA9563 (775 MHz)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 2x 10/100/1000 Mbps Ethernet (QCA8334), with 802.3at PoE support (WAN)
- Wi-Fi 2.4 GHz:
  - XD4200: 2T2R (QCA9563), with ext. PA (SKY65174-21) and LNA
  - A782: 2T2R (QCA9563), with ext. FEM (SKY85329-11)
- Wi-Fi 5 GHz:
  - XD4200: 2T2R (QCA9886), with ext. FEM (SKY85728-11)
  - A782: 2T2R (QCA9886), with ext. FEM (SKY85735-11)
- LEDs:
  - XD4200: 5x (2x driven by SOC, 1x driven by AC radio, 2x Ethernet)
  - A782: 3x (1x RGB, driven by SOC and radio, 2x Ethernet)
- 1x button (reset)
- 1x UART (4-pin, 2.54 mm pitch) header on PCB
- 1x DC jack (12 V)

Flash instructions:

If your device comes with generic QSDK based firmware, you can login
over telnet (login: root, empty password, default IP: 192.168.188.253),
issue first (important!) 'fw_setenv' command and then perform regular
upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download
image to the device, SSH server is not available):

  fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
  sysupgrade -n -F openwrt-...-yuncore_...-squashfs-sysupgrade.bin

In case your device runs firmware with YunCore custom GUI, you can use
U-Boot recovery mode:

1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with
   'tftp' image renamed to 'upgrade.bin'
2. Power the device with reset button pressed and release it after 5-7
   seconds, recovery mode should start downloading image from server
   (unfortunately, there is no visible indication that recovery got
   enabled - in case of problems check TFTP server logs)

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(backported from commit e5d4c09667)
4 years ago
Vincent Wiemann 83a18aefbd ath79: add support for YunCore TFTP image generation
YunCore QCA9k based devices released in 2019 require a custom TFTP image
for U-Boot built-in recovery mode (triggered with reset button). Image
has to be prepended with 'YUNCORE' keyword followed by U-Boot CLI
commands which will be executed later. Images without the custom header
will be ignored by U-Boot.

To be able to support both the vendor firmware (QSDK) and OpenWrt flash
layouts, used here commands change the 'bootcmd' before flashing image.

This commit adds generic helper script for YunCore devices with 16 MB of
flash and enables TFTP image generation for A770 model.

Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com>
[pepe2k@gmail.com: commit description reworded, recipe renamed]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 8016f64864)
4 years ago
Adrian Schmutzler 449433d131 ath79: Add support for TP-Link Archer C60 v2
TP-Link Archer C60 v2 is a dual-band AC1350 router,
based on Qualcomm/Atheros QCA9561 + QCA9886.

Specification:

- 775/650/258 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 7x LED, 2x button
- UART header on PCB

Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.

Flash instruction (TFTP):
1. Set PC to fixed IP address 192.168.0.66
2. Download *-factory.bin image and rename it to tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root
   directory
4. Turn off the router
5. Press and hold reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time the firmware should
   be transferred from the tftp server
8. Wait ~30 second to complete recovery

Flash instruction (under U-Boot, using UART):
tftp 0x81000000 ...-sysupgrade.bin
erase 0x9f030000 +$filesize
cp.b $fileaddr 0x9f030000 $filesize
reset

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 974d6958a7)
4 years ago
Adrian Schmutzler 70233e3afe ath79: Add support for TP-Link Archer C60 v1
TP-Link Archer C60v1 is a dual-band AC1350 router,
based on Qualcomm/Atheros QCA9561+QCA9886.

Specification:

- 775/650/258 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 7x LED, 2x button
- UART header on PCB

Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.

Flash instruction (TFTP):
1. Set PC to fixed ip address 192.168.0.66
2. Download *-factory.bin image and rename it to tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.

Flash instruction under U-Boot, using UART:
1. tftp 0x81000000 ...-sysupgrade.bin
2. erase 0x9f020000 +$filesize
3. cp.b $fileaddr 0x9f020000 $filesize
4. reset

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6d313da6dc)
4 years ago
Sungbo Eo a2d9de21b8 base-files: config_generate: split macaddr with multiple ifaces
netifd does not handle network.@device[x].name properly if it
contains multiple ifaces separated by spaces. Due to this, board.d
lan_mac setup does not work if multiple ifaces are set to LAN by
ucidef_set_interface_lan.

To fix this, create a device node for each member iface when
running config_generate instead. Those are named based on the
member ifname:

  ucidef_set_interface_lan "eth0 eth1.1"
  ucidef_set_interface_macaddr "lan" "yy:yy:yy:yy:yy:01"

will return

  config device 'lan_eth0_dev'
        option name 'eth0'
        option macaddr 'yy:yy:yy:yy:yy:01'

  config device 'lan_eth1_1_dev'
        option name 'eth1.1'
        option macaddr 'yy:yy:yy:yy:yy:01'

ref: https://github.com/openwrt/openwrt/pull/2542

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[always use new scheme, extend description, change commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 298814e6be)
4 years ago
Lech Perczak 3a5e28bd26 ar71xx: ubnt-(xm,xw): add rssileds package
In order to make RSSI indicator on the device work out of box,
include "rssileds" package in per-device rootfs image by default
for Ubiquiti XM and XW devices, namely:
- Bullet M (XM/XW)
- Rocket M (XM/XW)
- Nanostation M (XM/XW)
- Nanostation Loco-M (XW)

This moves the package addition to the individual devices in order
to prevent accidental inclusions of the package when not looking
at the parent node carefully enough.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[add bullet-m-xw, remove rocket-m-ti, extend commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 08d9c95417)
4 years ago
Adrian Schmutzler 1cb763c559 ath79: add PoE passthrough switch for Ubiquiti Nanostation (XM/XW)
This adds the gpio switch to enable PoE passthrough on Ubiquiti
Nanostation (XM/XW).

Values are copied from the implementation in ar71xx.

GPIO values checked on:
- NanoStation M5 XW
- NanoStation M2 XM

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 317e98a5a2)
4 years ago
Piotr Dymacz a0897f8a46 uboot-envtools: ramips: add support for ALFA Network Quad-E4G
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 10bcf1eb40)
4 years ago
Piotr Dymacz 71469caa0a ramips: add support for ALFA Network Quad-E4G
ALFA Network Quad-E4G is a universal Wi-Fi/4G platform, which offers
three miniPCIe (PCIe, USB 2.0, SIM) and a single M.2 B-key (dual-SIM,
USB 3.0) slots, RTC and five Gigabit Ethernet ports with PoE support.

Specification:

- MT7621A (880 MHz)
- 256/512 MB of RAM (DDR3)
- 16/32+ MB of FLASH (SPI NOR)
- optional second SPI flash (8-pin WSON/SOIC)
- 1x microSD (SDXC) flash card reader
- 5x 10/100/1000 Mbps Ethernet, with passive PoE support (24 V) in LAN1
- optional 802.3at/af PoE module for WAN
- 3x miniPCIe slot (with PCIe and USB 2.0 buses, micro SIM and 5 V)
- 1x M.2/NGFF B-key 3042 (USB 3.0/2.0, mini + micro SIM)
- RTC (TI BQ32002, I2C bus) with backup battery (CR2032)
- external hardware watchdog (EM Microelectronic EM6324)
- 1x USB 2.0 Type-A
- 1x micro USB Type-B for system serial console (Holtek HT42B534)
- 11x LED (5 for Ethernet, 5 driven by GPIO, 1x power indicator)
- 3x button (reset, user1, user2)
- 1x I2C (4-pin, 2.54 mm pitch) header on PCB
- 4x SIM (6-pin, 2.00 mm pitch) headers on PCB
- 2x UART2/3 (4-pin, 2.54 mm pitch) headers on PCB
- 1x mechanical power switch
- 1x DC jack with lock (24 V)

Other:

- U-Boot selects default SIM slot, based on value of 'default_sim' env
  variable: '1' or unset -> SIM1 (mini), '2' -> SIM2 (micro). This board
  has additional logic circuit for M.2 SIM switching. The 'sim-select'
  will work only if both SIM slots are occupied. Otherwise, always slot
  with SIM inside is selected, no matter 'sim-select' value.
- U-Boot enables power in all three miniPCIe and M.2 slots before
  loading the kernel
- this board supports 'dual image' feature (controlled by 'dual_image'
  U-Boot environment variable)
- all three miniPCIe slots have additional 5 V supply on pins 47 and 49
- the board allows to install up to two oversized miniPCIe cards (vendor
  has dedicated MediaTek MT7615N/D cards for this board)
- this board has additional logic circuit controlling PERSTn pins inside
  miniPCIe slots. By default, PERSTn (GPIO19) is routed to all miniPCIe
  slots but setting GPIO22 to high allows PERSTn control per slot, using
  GPIO23-25 (value is inverted)

Flash instructions:

You can use the 'sysupgrade' image directly in vendor firmware which is
based on OpenWrt (make sure to not preserve settings - use 'sysupgrade
-n -F ...' command). Alternatively, use web recovery mode in U-Boot:

1. Power the device with reset button pressed, the modem LED will start
   blinking slowly and after ~3 seconds, when it starts blinking faster,
   you can release the button.
2. Setup static IP 192.168.1.2/24 on your PC.
3. Go to 192.168.1.1 in browser and upload 'sysupgrade' image.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(backported from commit e68539aca4)
4 years ago
Piotr Dymacz 939dfe61ed uboot-envtools: ramips: add support for ALFA Network R36M-E4G
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 3cfea3a321)
4 years ago
Piotr Dymacz c515cd7c34 ramips: add support for ALFA Network R36M-E4G
ALFA Network R36M-E4G is a dual-SIM, N300 Wi-Fi, compact size platform
based on MediaTek MT7620A WiSoC. This product is designed for operation
with 4G modem (can be bought in bundle with Quectel EC25, EG25 or EP06)
but supports also Wi-Fi modules (miniPCIe slot has USB and PCIe buses).

Specification:

- MT7620A (580 MHz)
- 64/128/256 MB of RAM (DDR2)
- 16/32+ MB of FLASH (SPI NOR)
- 2x 10/100 Mbps Ethernet, with passive PoE support (24 V)
- 2T2R 2.4 GHz (MT7620A), with ext. LNA (RFFM4227)
- 1x miniPCIe slot (with PCIe and USB 2.0 buses and optional 5 V)
- 2x SIM slot (mini, micro) with detect and switch driven by GPIO
- 2x u.fl antenna connectors (for Wi-Fi)
- 8x LED (7 driven by GPIO)
- 2x button (reset, wifi)
- 2x UART (4-pin/2.54 mm pitch, 10-pin/1.27 mm pitch) headers on PCB
- 1x I2C (4-pin, 1.27 mm pitch) header on PCB
- 1x LED (8-pin, 1.27 mm pitch) header on PCB
- 1x DC jack with lock (12 V)

Other:

- there is a dedicated, 4-pin connector for optional RTC module (Holtek
  HT138x) with 'enable' input, not available at the time of preparing
  support for this board
- miniPCIe slot supports additional 5 V supply on pins 47 and 49 but a
  jumper resistor (R174) is not installed by default
- U-Boot selects default SIM slot, based on value of 'default_sim' env
  variable: '1' or unset -> SIM1 (mini), '2' -> SIM2 (micro). This will
  work only if both slots are occupied, otherwise U-Boot will always
  select slot with SIM card inside (user can override it later, in
  user-space)
- U-Boot resets the modem, using PERSTn signal, before starting kernel
- this board supports 'dual image' feature (controlled by 'dual_image'
  U-Boot environment variable)

Flash instruction:

You can use the 'sysupgrade' image directly in vendor firmware which is
based on OpenWrt (make sure to not preserve settings - use 'sysupgrade
-n -F ...' command). Alternatively, use web recovery mode in U-Boot:

1. Power the device with reset button pressed, the modem LED will start
   blinking slowly and after ~3 seconds, when it starts blinking faster,
   you can release the button.
2. Setup static IP 192.168.1.2/24 on your PC.
3. Go to 192.168.1.1 in browser and upload 'sysupgrade' image.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(backported from commit dfecf94c20)
4 years ago
Piotr Dymacz 7a62e909b2 ramips: support dual image feature on ALFA Network boards
New U-Boot version for MediaTek MT76x8/MT762x based ALFA Network boards
includes support for a 'dual image' feature. Users can enable it using
U-Boot environment variable 'dual_image' ('1' -> enabled).

When 'dual image' feature is enabled, U-Boot will modify DTB and divide
the original 'firmware' flash area into two, equal in size and aligned
to 64 KB partitions: 'firmware' and 'backup'. U-Boot will also adjust
size of 'firmware' area to match installed flash chip size.

U-Boot will load kernel from active partition which is marked with env
variable 'bootactive' ('1' -> first partition, '2' -> second partition)
and rename both partitions accordingly ('firmware' <-> 'backup').

There are 3 additional env variables used to control 'dual image' mode:
- bootlimit   - maximum number of unsuccessful boot tries (default: '3')
- bootcount   - current number of boot tries
- bootchanged - flag which informs that active partition was changed; if
                it is set and 'bootcount' reaches 'bootlimit' value,
                U-Boot will start web-based recovery which then updates
                both partitions with provided image

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(backported from commit bc173ddd83)
4 years ago
Piotr Dymacz ee71837e38 ramips: refresh all subtargets kernel configs
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
4 years ago
Chuanhong Guo 3806899a50 ramips: use upstream RAW_APPENDED_DTB instead of our OWRTDTB
Upstream kernel added support for RAW_APPENDED_DTB on ralink arch
in the following commit:
02564fc89d3d ("ralink: Introduce fw_passed_dtb to arch/mips/ralink")

Use upstream solution and get rid of our OWRTDTB hack.
This commit set DEVICE_DTS to $$(DTS) instead of replacing DTS with
DEVICE_DTS in device profile because DTS variable will be dropped
in later commits.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
[Tested on mt7621/mt76x8]
Tested-by: Chuanhong Guo <gch981213@gmail.com>
[Tested on rt305x/mt7620]
Tested-by: INAGAKI Hiroshi <musashino.open@gmail.com>
(cherry picked from commit 7a8d3432c7)
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
4 years ago
Stijn Segers f97d2351e2 ath79: remove ath10k drivers from Archer C7 v1 profile
Ath10k packages were removed from ar71xx in master in commit
34113999ef ("ar71xx: Remove ath10k packages from archer-c7-v1 (fixes
FS#1743)") but ath79 in master and the 19.07 branch still suffer from
the issue.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
[commit subject and description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Yousong Zhou 7c321e00dd kernel: nf_conntrack_rtcache: fix WARNING on rmmod
Fixes b7c58a1ee ("kernel: nf_conntrack_rtcache: fix cleanup on netns
delete and rmmod")

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit b3779e920e)
4 years ago
Yousong Zhou 2a2f9ffe81 kernel: nf_conntrack_rtcache: fix WARNING on forward path
Fixes b7c58a1ee ("kernel: nf_conntrack_rtcache: fix cleanup on netns
delete and rmmod")

Resolves FS#2624

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 1c5df850a0)
4 years ago
Kamil Wcislo 15ce616c2d
build: add PKG_SOURCE_URL_FILE support
It seems that there is a missing PKG_SOURCE_URL_FILE support.
This little fix adds the support for packages to change the name of the
downloaded file.

Sometimes it is desirable to change the downloaded archive file name, like
for mitigating name conflicts for different packages (some files on the server
could be named like, e.g. 2018-01-01.tar.gz) or for the cases that there is
no name for the file in the URL (e.g. http://someserver.com/download).

Signed-off-by: Kamil Wcislo <kamil.wcislo@lpnplant.io>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 09c428ec6b)
4 years ago
Yousong Zhou 436dbf12aa kernel: nf_conntrack_rtcache: fix cleanup on netns delete and rmmod
Fixes FS#1472, FS#2353, FS#2426

Fixes: b3f95490 ("kernel: generic: Add kernel 4.14 support")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b7c58a1eeb)
4 years ago
Sebastian Kemper b177b180bb mac80211: add default value for noscan
Commit b3d8b3a introduced a new test:

[ -n "$noscan" -a "$noscan" -gt 0 ] && hostapd_noscan=1

But if length of "$noscan" is zero (noscan is not set) this doesn't stop
the shell to evaluate the rest of the test.

root@hank2:~# [ -n "$noscan" -a "$noscan" -gt 0 ]
ash: out of range
root@hank2:~#

So when radios are brought up this shows in the log:

Sat Nov 23 10:51:38 2019 daemon.info procd: - init complete -
Sat Nov 23 10:52:24 2019 daemon.notice netifd: radio1 (1243): sh: out of range
Sat Nov 23 10:52:25 2019 user.notice firewall: Reloading firewall due to ifup of wan (eth0.2)
Sat Nov 23 10:52:25 2019 daemon.notice netifd: radio0 (1242): sh: out of range
Sat Nov 23 10:52:26 2019 authpriv.info dropbear[1536]: Not backgrounding

This commit sets noscan to 0 if unset and removes the gratuitous length
check, preventing the warning.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 28d84331f4)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years ago
Hauke Mehrtens e68d589e7b e2fsprogs: Fix CVE-2019-5094 in libsupport
This adds the following patch from debian:
https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=debian/stable&id=09fe1fd2a1f9efc3091b4fc61f1876d0785956a8
libsupport: add checks to prevent buffer overrun bugs in quota code

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 0062aad8ec)
4 years ago
David Bauer 6160f773fe
ipq40xx: add support for AVM FRITZ!Repeater 1200
Hardware
--------
SoC:   Qualcomm IPQ4019
RAM:   256M DDR3
FLASH: 128M NAND
WiFi:  2T2R IPQ4019 bgn
       2T2R IPQ4019 a/n/ac
ETH:   Atheros AR8033 RGMII PHY
BTN:   1x Connect (WPS)
LED:   Power (green/red/yellow)

Installation
------------

1. Grab the uboot for the Device from the 'u-boot-fritz1200'
   subdirectory. Place it in the same directory as the 'eva_ramboot.py'
   script. It is located in the 'scripts/flashing' subdirectory of the
   OpenWRT tree.

2. Assign yourself the IP address 192.168.178.10/24. Connect your
   Computer to one of the boxes LAN ports.

3. Connect Power to the Box. As soon as the LAN port of your computer
   shows link, load the U-Boot to the box using following command.

   > ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz1200.bin

4. The U-Boot will now start. Now assign yourself the IP address
   192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
   server root directory and rename it to 'FRITZ1200.bin'.

5. The Box will now boot OpenWRT from RAM. This can take up to two
   minutes.

6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
   scp. SSH into the Box and first write the Bootloader to both previous
   kernel partitions.

   > mtd write /path/to/uboot-fritz1200.bin uboot0
   > mtd write /path/to/uboot-fritz1200.bin uboot1

7. Remove the AVM filesystem partitions to make room for our kernel +
   rootfs + overlayfs.

   > ubirmvol /dev/ubi0 --name=avm_filesys_0
   > ubirmvol /dev/ubi0 --name=avm_filesys_1

8. Flash OpenWRT peristently using sysupgrade.

   > sysupgrade -n /path/to/openwrt-sysupgrade.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7f187229a8)
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
4 years ago
David Bauer 63b1e8f8d2
ipq-wifi: add AVM FRITZ!Repeater 1200 bdf
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit c0f4078164)
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
4 years ago
David Bauer 496489ea95
uboot-fritz4040: update to latest HEAD
f92be9d add support for AVM FRITZ!Repeater 1200
d651302 enable support for Atheros AR8033 PHY
e4c857c add machtype override hack

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 36f43b61a7)
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
4 years ago
Hauke Mehrtens e30ca0d90a mac80211: update to version 4.19.85
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Hauke Mehrtens b1ef0e4437 layerscape: Fix kernel patch
The kernel update added one "+" too much.

Fixes: db345220b4 ("kernel: bump 4.14 to 4.14.155")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years ago
Hauke Mehrtens ad0463c2e8 kernel: Add missing configuration option
This was found by the build bot.

Fixes: db345220b4 ("kernel: bump 4.14 to 4.14.155")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 103e49f62e)
4 years ago
Jo-Philipp Wich b0adf79c9e firewall: update to latest Git HEAD
8174814 utils: persist effective extra_src and extra_dest options in state file
72a486f zones: fix emitting match rules for zones with only "extra" options

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 482114d3f7)
4 years ago
Hans Dedecker b416195927 firewall: update to latest git HEAD
daed0cf utils: fix resource leak

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 27bf8abe69)
4 years ago
Koen Vandeputte 3685f86cef cns3xxx: use proper macros for defining partition regions
While at it, also reorder the items for
improved readability.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 6b2f953db346cfb4ddf05654efa3ad7eb84ed99f)
4 years ago
Koen Vandeputte db345220b4 kernel: bump 4.14 to 4.14.155
Refreshed all patches.

Altered patches:
- 707-dpaa-ethernet-support-layerscape.patch

Remove upstreamed:
- 034-v4.20-MIPS-BCM47XX-Enable-USB-power-on-Netgear-WNDR3400v3.patch
- 001-4.21-01-BCM63XX-fix-switch-core-reset-on-BCM6368.patch
- 073-qcom-ipq4019-fix-cpu0-s-qcom-saw2-reg-value.patch

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Petr Štetiar 538ca42dda wireless-regdb: fix build when python2 from package feeds exists
wireless-regdb fails to build if there is python2 installed from package
feeds, as staging_dir/hostpkg/bin/python is python2 and
staging_dir/hostpkg/bin takes precedence over staging_dir/host/bin
(proper place with python -> python3 symlink) which leads to the build
failure of wireless-regdb, so this patch makes it explicit which python
should be used.

Reported-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Russell Senior <russell@personaltelco.net>
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b6bae4a2c9)
4 years ago
Kevin Darbyshire-Bryant 2751c5c752 wireless-regdb: fix patch fuzz
Refresh patches to tidy up some fuzz warnings

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 12840674d0)
4 years ago
John Crispin d6ecadb05c wireless-regdb: fix Makefile indentation
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 8562e77953)
4 years ago
Petr Štetiar 0a4071b550 wireless-regdb: set PKGARCH:=all
As it's an architecture-independent binary file.

Ref: https://github.com/openwrt/openwrt/pull/1521#issuecomment-514687053
Suggested-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 57d1c05ec9)
4 years ago
Petr Štetiar e8d528af7e wireless-regdb: prefer python provided by make variable
Usage of predefined make variables is preferred.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d3853d17a3)
4 years ago
Hauke Mehrtens 53d8de0207 wireless-regdb: Make it build with python2
This backports a patch to build it work with python2 in addition to
python3.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d3a8a62692)
4 years ago
Zachary Riedlshah f2ef9b4fea wireless-regdb: update to 2019.06.03
Fixes build issues on a python3 host (issues with the print statement
formatting in the current build).

Includes 100-regdb-write-firmware-file-format-version-code-20.patch and
other fixes.

Closes bugs.openwrt.org/index.php?do=details&task_id=1605.

Uses the tarball as requested.

Signed-off-by: Zachary Riedlshah <git@zacharyrs.me>
(cherry picked from commit ef3f868da0)
4 years ago
Adrian Schmutzler 8fac0b398c ar71xx: fix buttons for TP-Link TL-WDR4900 v2
TP-Link TL-WDR4900 v2 only has one combined WPS/Reset button, so
don't set up an RFKILL for this device.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 25127f58b4)
4 years ago
Adrian Schmutzler 3c65c47ce6 ar71xx: fix LED setup for TL-WDR4900 v2
In ar71xx there is only one combined mach file for Archer C5/C7 and
TL-WDR4900 v2. This one uses the same LED struct for all devices,
defining "green" LEDs for them. However, WDR4900 uses blue front
LEDs, while only C5/C7 uses green ones. Despite, in base-files
WDR4900 is actually set up with "blue" for the mentioned LEDs.

Thus, this patch creates a separate LED struct for WDR4900, so the
LEDs can be set up correctly. Despite, the wlan5g LED is removed as
it is controlled by ath9k chip for WDR4900 (in contrast to C5/C7).

Note: While front LEDs are blue, USB LEDs (on the back) are green,
so colors are mixed intentionally for the WDR4900 v2.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 93f2bcc35e)
4 years ago
Sungbo Eo b6c80f85cb ramips: set uImage name of WeVO 11AC NAS and W2914NS v2
The stock firmware and bootloader only accept uImage with names that
match certain patterns. This patch enables OpenWrt installation from
stock firmware without having to reflash the bootloader or access the
UART console.

Installation via web interface:
1.  Flash **initramfs** image through the stock web interface.
2.  Boot into OpenWrt and perform sysupgrade with sysupgrade image.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 19800ac095)
[backported]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Adrian Schmutzler e945c43142 ar71xx: fix MAC address setup for TL-WDR4900 v2
The MAC address setup of the TL-WDR4900 v2 is different from the
C5/C7. This aligns ar71xx with the setup in ath79:

wlan0 (5GHz) : -2
wlan1 (2.4GHz) : -1
eth1 (LAN) : 0
eth0 (WAN) : 1

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a9d3084b83)
4 years ago
Adrian Schmutzler 8a21bc3622 ar71xx: fix MAC addresses for Archer C5 v1, C7 v1/v2, WDR4900 v2
As discussed in 1d18a14a90 ("ath79: really fix TP-Link Archer C7
v2 MAC address"), stock firmware MAC address assignment is
actually as follows:

wlan0 (5GHz) : -1
wlan1 (2.4GHz) : 0
eth1 (LAN) : 0
eth0 (WAN) : 1

This has never been fixed for ar71xx, so let's do it now.
Note that with WDR4900 v2 even both wlan0 and wlan1 where assigned
to basemac-1 before ...

Fixes: FS#408

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a021268032)
4 years ago
Koen Vandeputte ca3339c0fc ipq40xx: fix build error
Add missing brace which was accidentally omitted

Fixes: 3c5c49af8b ("kernel: bump 4.14 to 4.14.154")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Koen Vandeputte 75d11f665c mac80211: backport upstream fixes
This potentially fixes some issues seen on IBSS
when interfaces go out of range and then re-appear.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Koen Vandeputte dd284c6c57 toolchain/gcc: bump to 7.5.0
This updates the GCC to the next minor release which fixes +213 bugs.
Tested on ARMv6, ARMv7, MIPS R2, x86

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Koen Vandeputte 3c5c49af8b kernel: bump 4.14 to 4.14.154
Refreshed all patches.

Altered patches:
- 902-debloat_proc.patch
- 040-dmaengine-qcom-bam-Process-multiple-pending-descript.patch
- 807-usb-support-layerscape.patch
- 809-flexcan-support-layerscape.patch
- 816-pcie-support-layerscape.patch

Remove upstreamed:
- 303-spi-nor-enable-4B-opcodes-for-mx66l51235l.patch

New symbols:
X86_INTEL_MPX
X86_INTEL_MEMORY_PROTECTION_KEYS
CONFIG_X86_INTEL_TSX_MODE_OFF
X86_INTEL_TSX_MODE_ON
X86_INTEL_TSX_MODE_AUTO
SGL_ALLOC

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Hauke Mehrtens 17d8e47d35 mac80211: Adapt to changes to skb_get_hash_perturb()
The skb_get_hash_perturb() function now takes a siphash_key_t instead of
an u32. This was changed in commit 55667441c84f ("net/flow_dissector:
switch to siphash"). Use the correct type in the fq header file
depending on the kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit eaa047179a)
4 years ago
Rafał Miłecki 67957cd807 mac80211: brcmfmac: fix PCIe reset crash and WARNING
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cde8c2f2fb)
4 years ago
Adrian Schmutzler a8b293598f ath79: fix sysupgrade from ar71xx for WNDR3700 V2 and WNDR3800(CH)
ar71xx has just one board name "wndr3700" for WNDR3700 V1/V2,
WNDR3800 and WNDR3800CH, whereas ath79 provides separate images for
the boards. So, update SUPPORTED_DEVICES to store the correct
ar71xx board names.

Fixes: FS#2510

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit fc44a8481c)
4 years ago
Roger Pueyo Centelles fe82c71964 ath79: include rssileds package for ubnt devices with LEDs
Some Ubiquiti devices had the RSSI LEDs configured in 01_leds but
were missing the rssileds package, while others that don't have
RSSI LEDS had the package included.

This commit includes the rssileds package only for those devices
that need it.

Tested on a NanoStation M XW.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(cherry picked from commit 1c6066a867)
[backported to 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Christian Lamparter 960de44fa9 ramips: assign correct key-code to wps buttons
The two ASUS WL-330N and WL-330N3G had the
reset keycode assigned to the WPS button. This patch
changes all three devices to use KEY_WPS_BUTTON in
the hopes that this fixes unwanted restarts/
unexpected behavior from the users point of view.

[dropped RG21S]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit ad65d9d7b2)
4 years ago
Christian Lamparter b50177d151 ath79: remap D-Link DIR-859 A1 WPS button to WPS
The WPS button was mapped to the restart/reset. This patch
changes it to emit the KEY_WPS_BUTTON keycode so pressing
the WPS button does initiate WPS.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7a7610c21b)
4 years ago
Jo-Philipp Wich 1bd280b1ef ramips: disable D-Link DIR-300 B1 by default
Disable the DIR-300 B1 image by default as the device has insufficient
flash space for release build images.

Fixes: FS#2606
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years ago
Petr Štetiar a1ff175dbf ramips: rt3833: fix build breakage
Commit 60f41c6c9e ("ramips: add usb-ledtrig-usbport to DEVICE_PACKAGES
of CY-SWR1100") added stray | during backport which caused build
breakage on the buildbots:

 bash: -c: line 0: syntax error near unexpected token `|'
 bash: -c: line 0: `echo kmod-usb-core kmod-usb-ledtrig-usbport kmod-usb-ohci kmod-usb2 swconfig | | mkhash md5 | head -c 8'

Fixes: 60f41c6c9e ("ramips: add usb-ledtrig-usbport to DEVICE_PACKAGES of CY-SWR1100")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years ago
Sungbo Eo 60f41c6c9e ramips: add usb-ledtrig-usbport to DEVICE_PACKAGES of CY-SWR1100
CY-SWR1100 has a USB LED but kmod-usb-ledtrig-usbport is missing
in default images. This commit adds it.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[changed commit title, backported to 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 261c746631)
4 years ago
Sungbo Eo 079b202749 ramips: fix MAC address setup for Samsung CY-SWR1100
Ethernet MAC address setup has been broken since c3e420f28c. Restore
original setting.

Fixes: c3e420f28c ("ramips: Add support for D-Link DCH-M225")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 7231c1edd9)
[backported due to base-files split]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Sungbo Eo 2117f632e3 kernel: fix typo in fb-sys-fops autoload
AutoLoad parameter must match the exact kernel module name. Fix it.

Fixes: 125f1ce9ad ("kernel: video: add DRM core and IMX DRM support for HDMI/LVDS")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 6990510aca)
4 years ago
Kyle Copperfield a6e7f68c7f hostapd: add IEEE 802.11k support
Enables radio resource management to be reported by hostapd to clients.

Ref: https://github.com/lede-project/source/pull/1430
Co-developed-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
[removed the DMARC crap]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 87f9292300)
4 years ago
Hauke Mehrtens f6111dbeed hostapd: Add mesh support for wpad full
This increases the size of the binary slightly:

old:
427722 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431696 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

new:
442109 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
445997 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 49cc712b44)
4 years ago
Hauke Mehrtens 0e85b638f7 hostapd: use getrandom syscall
hostapd will not use the getrandom() syscall and as a fallback use
/dev/random, the syscall is supported since Linux 3.17 and in the musl,
glibc and uclibc version used by OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 998686364d)
4 years ago
Hauke Mehrtens 81908622a9 hostapd: Remove unneeded patch
All the content of this function is proceeded by IEEE8021X_EAPOL no code
accesses the ssid variable outside of this ifdef.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 0d86bf518a)
4 years ago
Hauke Mehrtens 90a0daf4fe hostapd: use config option CONFIG_NO_LINUX_PACKET_SOCKET_WAR
Instead of patching the workaround away, just use the config option.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9b4a27455c)
4 years ago
Hauke Mehrtens 5e8d1b52da hostapd: Update to version 2.9 (2019-08-08)
The size of the ipkgs increase a bit (between 0.7% and 1.1%):

old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 167028b750)
4 years ago
Hauke Mehrtens 80b58a9db6 hostapd: Update to version 2.8 (2019-04-21)
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.

The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*

The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.

The size of the ipkgs increase a bit (between 1.3% and 2.3%):

old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk

new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 8af79550e6)
4 years ago
Jo-Philipp Wich e1854815aa hostapd: mirror ieee80211w ap mode defaults in station mode
For AP mode, OpenWrt automatically sets ieee80211w to either 1 or 2, depending
on whether the encryption is set to sae-mixed, or sae/owe/eap suite-b.

Mirror the same defaults for client mode connections, in order to allow an
OpenWrt station to associate to an OpenWrt ap with SAE, OWE or Suite-B encryption
without the need to manually specify "option ieee80211w" on the station.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit abb4f4075e)
4 years ago
Jo-Philipp Wich 3e9b3d0ba9 hostapd: fix OWE settings in client mode
This changes fixes the generation of the wpa_supplicant client configuration
in WPA3 OWE client mode. Instead of incorrectly emitting key_mgmt=NONE, use
the proper key_mgmt=OWE setting instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4209b28d23)
4 years ago
Leon M. George eba68342f9 hostapd: declare struct wpa_bss early
wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if
CONFIG_WPS is not defined.  With the later inclusion of
600-ubus_support, the issue manifests in warnings like these:

wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration
        struct wpa_bss *bss)
               ^~~~~~~

This patch forward declares 'struct wpa_bss' regardless.

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f974f8213b)
4 years ago
Leon M. George 0fcf02d0a5 hostapd: revert signature change in patch
The original wpa_hexdump uses a 'void *' for the payload.  With patch
410-limit_debug_messages, the signature changes and compiler warnings
occur at various places.  One such warning is:

 wpa_debug.h:106:20: note: expected 'const u8 * {aka const unsigned char *}' but argument is of type 'struct wpa_eapol_key *'

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit a123df2758)
4 years ago
Eneas U de Queiroz 047329273b hostapd: adjust removed wolfssl options
This edjusts the selection of recently removed wolfssl options which
have always been built into the library even in their abscence.
Also remove the selection of libwolfssl itself, allowing the library to
be built as a module.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 94d131332b)
4 years ago
Russell Senior d5f509861e base-files: add /usr/share/libubox/jshn.sh to sysupgrade stage2
Discovered recent changes had broken sysupgrade for ar71xx mikrotik
rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh after
switching to tmpfs.

Signed-off-by: Russell Senior <russell@personaltelco.net>
4 years ago
Michal Cieslakiewicz d1fbaa3fbc ath79: update uboot-envtools for Netgear WNR routers
Boards added: WNR1000v2, WNR2000v3, WNR612v2, WNDR3700.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit d47b687006)
[removed WNR1000v2/WNR2000v3 since not supported in 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years ago
Adrian Schmutzler ab29ffbb10 ath79: fix SUPPORTED_DEVICES for TP-Link TL-WR1043ND v3
In ar71xx, the board name for the TL-WR1043ND v3 is equal to v2:
tl-wr1043nd-v2

Fix SUPPORTED_DEVICES for v3 in ath79 accordingly.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit b5791118cc)
4 years ago
南浦月 3d840ee798 ar71xx: fix tl-wdr3320-v2 upgrade
Fix the error that tl-wdr3320-v2 can't upgrade firmware via web
interface by using magic_ver="0200" for this device.

Signed-off-by: 南浦月 <nanpuyue@gmail.com>
[commit message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 0ff2385a92)
4 years ago
Michal Cieslakiewicz c9e5979dbe ar71xx: update uboot-envtools for Netgear WNR routers
Boards added: WNR1000v2, WNR2000v3, WNR2200, WNR612v2, WNDR4300.
Boards changed: WNDR3700 (u-boot env size is 2 sectors not 1).

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit 1105290049)
4 years ago
Koen Vandeputte 6ac1aa1957 kernel: bump 4.14 to 4.14.152
Refreshed all patches.

Altered patches:
- 301-arch-support-layerscape.patch

Remove upstreamed:
- 950-0311-sc16is7xx-Fix-for-Unexpected-interrupt-8.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years ago
Zoltan HERPAI 5e1864da33 firmware: intel-microcode: bump to 20190918
* New upstream microcode datafile 20190918

      *Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given
      the set of processors being updated.
  * Updated Microcodes:
      sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456
      sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432
      sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336
      sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720
      sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
      sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200
      sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768
      sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576
      sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576
      sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
4 years ago
Zoltan HERPAI 8cd24d3256 firmware: intel-microcode: bump to 20190618
* Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
  * Updated Microcodes:
    sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
    sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
4 years ago
Zoltan HERPAI a6b30f962c firmware: intel-microcode: bump to 20190514
* New Microcodes:
    sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
    sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
    sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
    sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
    sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
    sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
    sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
    sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
    sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
    sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
    sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280

  * Updated Microcodes:
    sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
    sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
    sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
    sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
    sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
    sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
    sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
    sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
    sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
    sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
    sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
    sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
    sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
    sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
    sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
    sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
    sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
    sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
    sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
    sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
    sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
    sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
    sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
    sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
    sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
    sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
    sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
    sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
    sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
  * Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
4 years ago
Adrian Schmutzler cc598c91c1 ath79: fix identifier for Nanostation M in ath9k caldata extraction
When Nanostation M was renamed from ubnt,nano-m to ubnt,nanostation-m
in commit f1396ac753 ("ath79: align naming of Ubiquiti Nanostation M"),
the caldata extraction in 10-ath9k-eeprom was overlooked.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 5dc535419f)
4 years ago
Jo-Philipp Wich