Felix Fietkau [Sun, 13 Sep 2020 07:34:37 +0000 (09:34 +0200)]
ramips/mediatek: improve GRO performance, fix PPE packet parsing
Backport upstream changes to initialize GDM settings and reset PPE
Allow GMAC to recognize the special tag to fix PPE packet parsing
Improve GRO performance by passing PPE L4 hash as skb hash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
John Audia [Sat, 12 Sep 2020 16:16:41 +0000 (12:16 -0400)]
kernel: bump 5.4 to 5.4.65
All modifications made by update_kernel.sh/no manual intervention needed
Build-tested: x86_64
Run-tested: ipq806x (R7800)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Hans Dedecker [Sat, 12 Sep 2020 19:25:15 +0000 (21:25 +0200)]
netifd: update to latest git HEAD
55a7b6b netifd: vxlan: add aging and maxaddress options
11223f5 netifd: vxlan: add most missing boolean options
226566b netifd: vxlan: refactor mapping of boolean attrs
a3c033e netifd: vxlan: handle srcport range
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Sander Vanheule [Sun, 26 Jul 2020 20:40:54 +0000 (22:40 +0200)]
ath79: support for TP-Link EAP225-Wall v2
TP-Link EAP225-Wall v2 is an AC1200 (802.11ac Wave-2) wall plate access
point. UART access and debricking require fine soldering.
The device was kindly provided for porting by Stijn Segers.
Device specifications:
* SoC: QCA9561 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR (GD25Q127CSIG)
* Wireless 2.4GHz (SoC): b/g/n, 2x2
* Wireless 5Ghz (QCA9886): a/n/ac, 2x2 MU-MIMO
* Ethernet (SoC): 4× 100Mbps
* Eth0 (back): 802.3af/at PoE in
* Eth1, Eth2 (bottom)
* Eth3 (bottom): PoE out (can be toggled by GPIO)
* One status LED
* Two buttons (both work as failsafe)
* LED button, implemented as KEY_BRIGHTNESS_TOGGLE
* Reset button
Flashing instructions, requires recent firmware (tested on 1.20.0):
* ssh into target device and run `cliclientd stopcs`
* Upgrade with factory image via web interface
Debricking:
* Serial port can be soldered on PCB J4 (1: TXD, 2: RXD, 3: GND, 4: VCC)
* Bridge unpopulated resistors R162 (TXD) and R165 (RXD)
Do NOT bridge R164
* Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via sysupgrade or LuCI web interface
MAC addresses:
MAC address (as on device label) is stored in device info partition at
an offset of 8 bytes. ath9k device has same address as ethernet, ath10k
uses address incremented by 1.
From OEM ifconfig:
br0 Link encap:Ethernet HWaddr 50:...:04
eth0 Link encap:Ethernet HWaddr 50:...:04
wifi0 Link encap:UNSPEC HWaddr 50-...-04-...
wifi1 Link encap:UNSPEC HWaddr 50-...-05-...
Signed-off-by: Sander Vanheule <sander@svanheule.net>
[fix IMAGE_SIZE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Zhong Jianxin [Sat, 5 Sep 2020 11:03:09 +0000 (19:03 +0800)]
ath79: add support for Mercury MW4530R v1
Mercury MW4530R is a TP-Link TL-WDR4310 clone.
Specification:
* SOC: Atheros AR9344 (560 MHz)
* RAM: 128 MiB
* Flash: 8192 KiB
* Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8327)
* Wireless:
- 2.4 GHz b/g/n (internal)
- 5 GHz a/n (AR9580)
* USB: yes, 1 x USB 2.0
Installation:
Flash factory image via OEM web interface.
Signed-off-by: Zhong Jianxin <azuwis@gmail.com>
John Audia [Thu, 10 Sep 2020 19:17:13 +0000 (15:17 -0400)]
kernel: bump 5.4 to 5.4.64
Remove upstreamed patches:
generic-backport
701-v5.5-net-core-use-listified-Rx-for-GRO_NORMAL-in-napi_gro.patch
Manually merged:
mediatek/patches-5.4
0603-net-dsa-mt7530-Extend-device-data-ready-for-adding-a.patch
All other modifications made by update_kernel.sh
Build-tested: ipq806x, lantiq/xrx200, mvebu, x86/64
Run-tested: ipq806x (R7800), mvebu (mamba, rango),
lantiq/xrx200 (Easybox 904 xDSL), x86/64
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[add community build/run tests to commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 11 Sep 2020 16:09:33 +0000 (18:09 +0200)]
ramips: create common DTSI for Sunvalley Filehub devices
HooToo HT-TM05 and RAVPower RP-WD03 have almost identical hardware
(except for RAM size) and are from the same vendor (SunValley).
Create a common DTSI file for them.
Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 11 Sep 2020 23:20:47 +0000 (01:20 +0200)]
ramips: fix baud rate for RAVPower RP-WD03
The baud rate for the RAVPower RP-WD03 is 57600, not 115200.
Since this is the default from mt7620n.dtsi, the chosen node can
simply be removed from the device DTS.
Fixes: 5ef79af4f80f ("ramips: add support for Ravpower WD03")
Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 11 Sep 2020 16:01:19 +0000 (18:01 +0200)]
ramips: assign LEDs for RAVPower RP-WD03
According to the User Manual, there is a "Wi-Fi LED" with blue and
green colors, doing the following by default:
Flashing Blue: System loading
Solid Blue: System loaded
Flashing Green: Connecting to the Internet
Solid Green: Connected to the Internet
According to this vendor behavior, we keep refer to the LED as "wifi"
but implement the according default behavior as in OEM firmware.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 11 Sep 2020 15:52:02 +0000 (17:52 +0200)]
ramips: fix MAC address assignment for RAVPower RP-WD03
MAC assignment based on vendor firmware:
2.4 GHz *:b4 (factory 0x04)
LAN/label *:b4 (factory 0x28)
WAN *:b5 (factory 0x2e)
The previously used location 0x4000 for ethernet is actually empty.
Therefore, fix the ethernet MAC address and set it as label-mac-address.
Fixes: 5ef79af4f80f ("ramips: add support for Ravpower WD03")
Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 11 Sep 2020 15:40:46 +0000 (17:40 +0200)]
ramips: fix partitions and boot for RAVPower RP-WD03
The RAVPower RP-WD03 is a battery powered router, with an Ethernet and
USB port. Due due a limitation in the vendor supplied U-Boot bootloader,
we cannot exceed a 1.5 MB kernel size, as is the case with recent builds
(i.e. post v19.07). This breaks both factory and sysupgrade images.
To address this, use the lzma loader (loader-okli) to work around this
limitation.
The improvements here also address the "misplaced" U-Boot environment
partition, which is located between the kernel and rootfs in the stock
image / implementation. This is addressed by making use of mtd-concat,
maximizing space available in the booted image.
This will make sysupgrade from earlier versions impossible.
Changes are based on the recently supported HooToo HT-TM05, as the
hardware is almost identical (except for RAM size) and is from the same
vendor (SunValley). While at it, also change the SPI frequency
accordingly.
Installation:
- Download the needed OpenWrt install files, place them in the root
of a clean TFTP server running on your computer. Rename the files as,
- openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-kernel.bin => kernel
- openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-rootfs.bin => rootfs
- Plug the router into your computer via Ethernet
- Set your computer to use 10.10.10.254 as its IP address
- With your router shut down, hold down the power button until the first
white LED lights up.
- Push and hold the reset button and release the power button. Continue
holding the reset button for 30 seconds or until it begins searching
for files on your TFTP server, whichever comes first.
- The router (10.10.10.128) will look for your computer at 10.10.10.254
and install the two files. Once it has finished installation, it will
automatically reboot and start up OpenWrt.
- Set your computer to use DHCP for its IP address
Notes:
- U-Boot environment can be modified, u-boot-env is preserved on initial
install or sysupgrade
- mtd-concat functionality is included, to leave a "hole" for u-boot-env,
combining the OEM kernel and rootfs partitions
Most of the changes in this commit are the work of Russell Morris (as
credited below), I only wrapped them up and added compat-version.
Thanks to @mpratt14 and @xabolcs for their help getting the lzma loader
to work!
Fixes: 5ef79af4f80f ("ramips: add support for Ravpower WD03")
Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 11 Sep 2020 15:09:44 +0000 (17:09 +0200)]
ramips: use proper name for RAVPower RP-WD03
The proper model name is RP-WD03 (i.e. with the RP- prefix).
Adjust all names to that.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 11 Sep 2020 16:38:57 +0000 (18:38 +0200)]
kernel: use proper upstream inclusion version for patch
The patch is only included in kernel 5.5.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 11 Sep 2020 16:26:38 +0000 (18:26 +0200)]
ramips: move ravpower-wd009-factory recipe to mt76x8.mk
The recipe is only used for a single device, so put it in the
subtarget file.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
David Bauer [Sat, 5 Sep 2020 23:24:00 +0000 (01:24 +0200)]
ipq40xx: essedma: enable VLAN tag offload for single-port
Enable the VLAN tag offloading mechanism for RGMII single-port devices.
This allows those devices to use 802.1Q VLANs on the ethernet port.
Previously, RX frames were double tagged, as the RX TAG removal flag was
not enabled and an additional 802.1Q header was inserted elsewhere in
the code.
On the TX side, tagging was completely not present for single-port
devices. Enable tagging if an 802.1Q frame should be transmitted and
disable the default tagging mechanism for single-port devices.
Tested on Aruba AP-303
Signed-off-by: David Bauer <mail@david-bauer.net>
David Bauer [Thu, 27 Aug 2020 23:39:45 +0000 (01:39 +0200)]
hostapd: add support for per-BSS airtime configuration
Add support for per-BSS airtime weight configuration. This allows to set
a airtime weight per BSS as well as a ratio limit based on the weight.
Support for this feature is only enabled in the full flavors of hostapd.
Consult the hostapd.conf documentation (Airtime policy configuration)
for more information on the inner workings of the exposed settings.
Signed-off-by: David Bauer <mail@david-bauer.net>
David Bauer [Sat, 8 Aug 2020 22:33:57 +0000 (00:33 +0200)]
scripts: download.pl: fix indentation
Signed-off-by: David Bauer <mail@david-bauer.net>
David Bauer [Sun, 26 Jul 2020 20:37:53 +0000 (22:37 +0200)]
base-files: disable LEDs if default state is undefined
Set the default state for LEDs to off. When a trigger is set, the
trigger will turn the LED automatically on.
Currently LEDs might stay on, e.g. when the LED trigger is set to a
netdev trigger and the interface is never activated or the 'none'
trigger is selected without setting the 'default' option to 0 and it's
set for the LED indicating the system running state.
Using off as a default value is also consistent with the documentation
in the OpenWrt wiki.
Signed-off-by: David Bauer <mail@david-bauer.net>
Bob Cai [Wed, 9 Sep 2020 03:27:58 +0000 (11:27 +0800)]
kernel: improve the description of fs-nfs-v4
TITLE is "NFS4 filesystem client support" (Line 428)
but the description is "Kernel module for NFS v4 support" (Line 438).
Use "Kernel module for NFS v4 client support" on line 438.
Signed-off-by: Bob Cai <1119283622@qq.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Sergey Ryazanov [Sun, 6 Sep 2020 16:45:02 +0000 (19:45 +0300)]
ath25: fix preinit Ethernet port configuration
vconfig is no more installed by default to a firmware image. So, replace
vconfig calls for VLAN subinterface configuration by coresponding
ip-link commands.
Also drop few useless comments from the preinit hook script, while we
are at it.
I have no chance to test this fix since I have no board with a subject
switch IC, but this is still better then call an utility that is
unavailable in the firmware for years.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
[use documented syntax for ip link add]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Jo-Philipp Wich [Thu, 10 Sep 2020 11:55:48 +0000 (13:55 +0200)]
scripts: bundle-libraries.sh: retain preloaded libraries
Since the introduction of fakeroot support, wrapped SDK executables might
be invoked from a shell that has libfakeroot.so preloaded.
Since we're using preloading as well in order to mangle argv[0] when
invoking the shipped ELF interpreter directly, we must take care of
preloading the already preloaded libraries as well, to avoid invoked
programs losing their fakeroot capabilities.
Extend the bundle-libraries.sh script to take any existing $LD_PRELOAD
into account when invoking the target ELF executable with a preloaded
runas.so library.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rafał Miłecki [Thu, 10 Sep 2020 11:34:33 +0000 (13:34 +0200)]
rpcd: update to the latest master
rc: new ubus object for handling /etc/init.d/ scripts
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Daniel Golle [Thu, 10 Sep 2020 01:57:54 +0000 (02:57 +0100)]
rssileds: update maintainer email address
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Adrian Schmutzler [Wed, 9 Sep 2020 20:04:47 +0000 (22:04 +0200)]
kernel: add recently introduced CONFIG_MTD_SPLIT_ELF_FW
The config symbol was introduced in drivers, but not added to
generic kernel config files. This will halt build asking for the
value.
Fix it by adding the value (setting it to disabled).
Fixes: 3f7047db7aaf ("kernel: mtdsplit: support ELF loader splitting")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Jason A. Donenfeld [Tue, 8 Sep 2020 16:30:01 +0000 (18:30 +0200)]
wireguard-tools: bump to 1.0.
20200827
* ipc: split into separate files per-platform
This is in preparation for FreeBSD support, which I had hoped to have this
release, but we're still waiting on some tooling fixes, so hopefully next
wg(8) will support that. Either way, the code base is now a lot more amenable
to adding more kernel platform support.
* man: wg-quick: use syncconf instead of addconf for strip example
Simple documentation fix.
* pubkey: isblank is a subset of isspace
* ctype: use non-locale-specific ctype.h
In addition to ensuring that isalpha() and such isn't locale-specific, we also
make these constant time, even though we're never distinguishing between bits
of a secret using them. From that perspective, though, this is markedly better
than the locale-specific table lookups in glibc, even though base64 characters
span two cache lines and valid private keys must hit both. This may be useful
for other projects too: https://git.zx2c4.com/wireguard-tools/tree/src/ctype.h
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Sander Vanheule [Thu, 4 Jun 2020 18:59:13 +0000 (20:59 +0200)]
ath79: add support for TP-Link EAP245-v3
TP-Link EAP245 v3 is an AC1750 (802.11ac Wave-2) ceiling mount access
point. UART access (for debricking) requires non-trivial soldering.
Specifications:
* SoC: QCA9563 (CPU/DDR/AHB @ 775/650/258 MHz)
* RAM: 128MiB
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n 3x3
* Wireless 5GHz (QCA9982): a/n/ac 3x3 with MU-MIMO
* Ethernet (QCA8337N switch): 2× 1GbE, ETH1 (802.3at PoE) and ETH2
* Green and amber status LEDs
* Reset switch (GPIO, available for failsafe)
Flashing instructions:
All recent firmware versions (latest is 2.20.0), can disable firmware
signature verification and use a padded firmware file to flash OpenWrt:
* ssh into target device and run `cliclientd stopcs`
* upload factory image via web interface
The stopcs-method is supported from firmware version 2.3.0. Earlier
versions need to be upgraded to a newer stock version before flashing
OpenWrt.
Factory images for these devices are RSA signed by TP-Link. While the
signature verification can be disabled, the factory image still needs to
have a (fake) 1024 bit signature added to pass file checks.
Debricking instructions:
You can recover using u-boot via the serial port:
* Serial port is available from J3 (1:TX, 2:RX, 3:GND, 4:3.3V)
* Bridge R237 to connect RX, located next to J3
* Bridge R225 to connect TX, located inside can on back-side of board
* Serial port is 115200 baud, 8n1, interrupt u-boot by holding ctrl+B
* Upload initramfs with tftp and upgrade via OpenWrt
Device mac addresses:
Stock firmware has the same mac address for 2.4GHz wireless and
ethernet, 5GHz is incremented by one. The base mac address is stored in
the 'default-mac' partition (offset 0x90000) at an offset of 8 bytes.
ART blobs contain no mac addresses.
From OEM ifconfig:
ath0 Link encap:Ethernet HWaddr 74:..:E2
ath10 Link encap:Ethernet HWaddr 74:..:E3
br0 Link encap:Ethernet HWaddr 74:..:E2
eth0 Link encap:Ethernet HWaddr 74:..:E2
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
Sander Vanheule [Sat, 11 Jul 2020 21:06:54 +0000 (23:06 +0200)]
firmware-utils/tplink-safeloader: add compat level
TP-Link has introduced a compatibility level to prevent certain
downgrades. This information is stored in the soft-version partition,
changing the data length from 0xc to 0x10.
The compatibility level doesn't change frequently. For example, it has
the following values for the EAP245v3 (released 2018-Q4):
* FW v2.2.0 (2019-05-30): compat_level=0
* FW v2.3.0 (2019-07-31): compat_level=0
* FW v2.3.1 (2019-10-29): compat_level=1
* FW v2.20.0 (2020-04-23): compat_level=1
Empty flash values (0xffffffff) are interpreted as compat_level=0.
If a firmware upgrade file has a soft-version block without
compatibility level (data length < 0x10), this is also interpreted as
compat_level=0.
By including a high enough compatibility level in factory images, stock
firmware can be convinced to accept the image. A compatibility level
aware firmware will keep the original value.
Example upgrade log of TP-Link EAP245v3 FWv2.3.0 to FWv2.20.0:
[NM_Debug](nm_fwup_verifyFwupFile) 02073: curSoftVer:2.3.0 Build
20190731 Rel. 51932,newSoftVer:2.20.0 Build
20200423 Rel. 36779
...
AddiHardwareVer check: NEW(0x1) >= CUR(0x0), Success.
...
[NM_NOTICE](updateDataToNvram) 00575: Restore old additionalHardVer:
0x0.(new 0x1)
[NM_NOTICE](updateDataToNvram) 00607: PTN 07: name = soft-version,
base = 0x00092000, size = 0x00000100 Bytes, upDataType = 1,
upDataStart =
7690604b, upDataLen =
00000018
[NM_Debug](updateDataToNvram) 00738: PTN 07: write bytes =
000002eb
Other firmware upgrades have been observed to modify the compabitility
stored level (e.g. TP-Link EAP225-Outdoor FWv1.4.1 to FWv1.7.0).
Therefore, it seems to be the safest option to set the OpenWrt
compatibility level to the highest known value instead of the highest
possible value (0xfffffffe), to ensure users do not get unexpectedly
refused firmware upgrades when using a device reverted back to stock.
To remain compatible with existing devices and not produce different
images, the image builder doesn't store a compatibility level if it is
zero.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Sander Vanheule [Sat, 11 Jul 2020 20:58:07 +0000 (22:58 +0200)]
firmware-utils/tplink-safeloader: soft-version magic is data length
The soft-version partition actually contains a header and trailing data:
* header: {data length, [zero]}
* data: {version, bcd encoded date, revision}
The data length is currently treated as a magic number, but should
contain the length of the partition data.
This header is also present the following partitions (non-exhaustive):
* string-based soft-version
* support-list
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Sander Vanheule [Sat, 11 Jul 2020 11:13:40 +0000 (13:13 +0200)]
ath79: enable elf mtd splitter
Enabled the ELF firmware partition splitter 4.19 and 5.4 in preparation
for the TP-Link EAP245v3 device support.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Sander Vanheule [Thu, 2 Jul 2020 20:33:56 +0000 (22:33 +0200)]
kernel: mtdsplit: support ELF loader splitting
To parse the ELF kernel loader, a small ELF parser is used that can
handle both ELF32 or ELF64 class loaders. The splitter assumes that the
kernel is always located before the rootfs, whether it is embedded in
the loader or not. If the kernel is located after the rootfs on the
firmware partition, then the rootfs splitter will include it in the
dynamically created rootfs_data partition and the kernel will be
corrupted.
The kernel image is preferably embedded inside the ELF loader, so the
end of the loader equals the end of the kernel partition. This is due to
the way mtd_find_rootfs_from searches for the the rootfs:
- if the kernel image is embedded in the loader, the appended rootfs may
follow the loader immediately, within the same erase block.
- if the kernel image is not embedded in the loader, but placed at some
offset behind the loader (OKLI-style loader), the rootfs must be
aligned to an erase-block after the loader and kernel image.
In case section header table is empty, determine the elf loader size by
finding the end of the last segment, as defined by the program header
table.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Sebastian Kemper [Wed, 9 Sep 2020 10:29:50 +0000 (12:29 +0200)]
build: allow file modes per binary package
Currently the global variable PKG_FILE_MODES is used for all ipkg
creations. This works for Makefiles which output a single package, or
variants of a single package.
But if a Makefile outputs multiple packages that each contain different
files, setting PKG_FILE_MODES causes build failure when any of the files
in the variable do not exist in the folder that is currently being
packaged.
Example:
/openwrt/staging_dir/host/bin/fakeroot -l /openwrt/staging_dir/host/lib/libfakeroot.so -f /openwrt/staging_dir/host/bin/faked /openwrt/scripts/ipkg-build -m "/usr/lib/mariadb/plugin/auth_pam_tool_dir:root:376:0750" /openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks /openwrt/bin/packages/mips_24kc/packages
+chown: cannot access '/openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks//usr/lib/mariadb/plugin/auth_pam_tool_dir': No such file or directory
This commit changes the file mode handling a bit. The file mode can now
be set either globally via PKG_FILE_MODES (no behavior change) or on a
per-package basis via FILE_MODES. This way specific file modes can be
used for any particular package.
This behavior is already used for other OpenWrt variables, hence it is
familiar:
PKG_MAINTAINER vs MAINTAINER
PKG_SOURCE_SUBDIR vs SUBDIR
PKG_LICENSE vs LICENSE
...
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Adrian Schmutzler [Wed, 9 Sep 2020 12:12:14 +0000 (14:12 +0200)]
ramips: disable default build for Ravpower RP-WD03
This device has a 1.5M kernel size limit during boot and is
unbootable since February 2019 [1].
[1] https://forum.openwrt.org/t/ravpower-wd03-does-not-start-with-openwrt-master/49792
Reported-by: Szabolcs Hubai <szab.hu@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Martin Schiller [Wed, 24 Jun 2020 05:22:17 +0000 (07:22 +0200)]
openvpn: fix shell compare operator in openvpn.init
Don't use bash syntax, because /bin/sh is used here.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Jo-Philipp Wich [Tue, 8 Sep 2020 11:52:10 +0000 (13:52 +0200)]
tools: fakeroot: use TCP as IPC transport
Some environments, e.g. first gen WSL, do not support SysV IPC.
Enforce the use of TCP transport instead which should be universally
available.
Fixes: FS#3317
Ref: https://github.com/microsoft/WSL/issues/4067
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Felix Fietkau [Wed, 9 Sep 2020 09:51:21 +0000 (11:51 +0200)]
mediatek/ramips: remove an ethernet optimization patch that was reported to cause a regression
In some tests, crashes were observed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 8 Sep 2020 12:22:28 +0000 (14:22 +0200)]
mac80211: update encap offload patches to the latest version
Minor cleanup and code reorganization, along with a change to not disable
offload anymore when a tkip or sw crypto key is added
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 7 Sep 2020 15:47:15 +0000 (17:47 +0200)]
mediatek: backport the latest version of the mt7531 support patches
Fixes unknown unicast flooding issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Jason A. Donenfeld [Tue, 8 Sep 2020 16:28:30 +0000 (18:28 +0200)]
wireguard: bump to 1.0.
20200908
* compat: backport kfree_sensitive and switch to it
* netlink: consistently use NLA_POLICY_EXACT_LEN()
* netlink: consistently use NLA_POLICY_MIN_LEN()
* compat: backport NLA policy macros
Backports from upstream changes.
* peerlookup: take lock before checking hash in replace operation
A fix for a race condition caught by syzkaller.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Daniel Golle [Tue, 8 Sep 2020 19:00:05 +0000 (20:00 +0100)]
hostapd: add UCI support for Hotspot 2.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 8 Sep 2020 19:01:11 +0000 (20:01 +0100)]
netifd: update to git HEAD
3d9bd73 utils: fix check_pid_path to work with deleted file as well
330f403 vlan: initialize device ifname earlier at creation time
c057e71 device: do not check state from within device_init
cb0c07b system-dummy: fix resolving ifindex
ccd9ddc bridge: add support for turning on vlan_filtering
82bcb64 bridge: add support for adding vlans to a bridge
0e8cea0 bridge: add support for VLAN filtering
6086b63 config: enable bridge vlan filtering by default for bridges that define VLANs
ac0710b device: look up full device name before traversing vlan chain
e32e21e bridge: flush vlan list on bridge free
645ceed interface-ip: clear host bits of the device prefix
d7b614a netifd-wireless: parse 'osen' encryption
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Adrian Schmutzler [Sat, 8 Aug 2020 19:33:25 +0000 (21:33 +0200)]
treewide: revert sysupgrade adjustments for early DSA-adopters
The uci-default mechanism to update the compat-version was only
meant for early DSA-adopters, which should have updated by now.
Remove this workaround again in order to prevent the intended
experiences for all the other people.
This reverts:
a9703db72030 ("mvebu: fix sysupgrade experience for early DSA-adopters")
86c89bf5e8f5 ("kirkwood: fix sysupgrade experience for early DSA-adopters")
Partially reverted:
1eac573b5304 ("ramips: mt7621: implement compatibility version for DSA migration")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Sat, 8 Aug 2020 19:30:44 +0000 (21:30 +0200)]
Revert "treewide: add sysupgrade comment for early DSA-adopters"
This reverts commit
e81e625ca375d6dc3c885ec870ec15757ac76d72.
This was meant just for early DSA-adopters. Those should have
updated by now, remove it so future updaters get the intended
experience.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Daniel Golle [Tue, 8 Sep 2020 13:58:17 +0000 (14:58 +0100)]
fakeroot: add license information
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Paul Spooren [Tue, 1 Sep 2020 19:13:28 +0000 (09:13 -1000)]
dropbear: Enable
Ed25519 for normal devices
The
Ed25519 key pairs are much shorter than RSA pairs and are supported
by default in OpenSSH. Looking at websites explaining how to create new
SSH keys, many suggest using
Ed25519 rather than RSA, however consider
the former as not yet widely established. OpenWrt likely has a positive
influence on that development.
As enabling
Ed25519 is a compile time option, it is currently not
possible to install the feature via `opkg` nor select that option in an
ImageBuilder.
Due to the size impact of **12kB** the option should only be enabled for
devices with `!SMALL_FLASH`.
This approach seems cleaner than splitting `dropbear` into two packages
like `dropbear` and `dropbear-
ed25519`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Rosen Penev [Tue, 1 Sep 2020 22:37:03 +0000 (15:37 -0700)]
util-linux: Fix build when libmagic is present
When the libmagic from the file package in the packages feed was also
compiled and provided its libmagic.so file, util-linux tried to link
against it. Avoid this by explicitly disable libmagic support.
This fixes the following build error:
Package more is missing dependencies for the following libraries:
libmagic.so.1
Fixes: 36d9ed360a34 ("util-linux: update to 2.36")
Acked-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[Add commit description]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Tue, 1 Sep 2020 12:50:52 +0000 (14:50 +0200)]
wolfssl: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk 391.545
new:
libwolfssl24_4.5.0-stable-2_mips_24kc.ipk 387.439
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Tue, 1 Sep 2020 12:23:44 +0000 (14:23 +0200)]
iw: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
iw_5.4-1_mips_24kc.ipk 35.767
iw-full_5.4-1_mips_24kc.ipk 68.423
new:
iw_5.8-1_mips_24kc.ipk 36.883
iw-full_5.8-1_mips_24kc.ipk 71.992
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Tue, 1 Sep 2020 12:05:12 +0000 (14:05 +0200)]
nftables: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
nftables-json_0.9.6-1_mips_24kc.ipk 231.968
nftables-nojson_0.9.6-1_mips_24kc.ipk 204.731
new:
nftables-json_0.9.6-2_mips_24kc.ipk 221.894
nftables-nojson_0.9.6-2_mips_24kc.ipk 193.932
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Tue, 1 Sep 2020 12:04:22 +0000 (14:04 +0200)]
libnftnl: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
libnftnl12_1.1.7-1_mips_24kc.ipk 47.459
new:
libnftnl12_1.1.7-2_mips_24kc.ipk 45.742
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Tue, 1 Sep 2020 12:02:47 +0000 (14:02 +0200)]
jansson: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
jansson4_2.13.1-1_mips_24kc.ipk 19.171
new:
jansson4_2.13.1-2_mips_24kc.ipk 18.936
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Mon, 24 Aug 2020 10:04:58 +0000 (12:04 +0200)]
nftables: Update to version 0.9.6
The ipk sizes for mips_24Kc change like this:
old:
nftables-json_0.9.3-1_mips_24kc.ipk 220.262
nftables-nojson_0.9.3-1_mips_24kc.ipk 192.937
new:
nftables-json_0.9.6-1_mips_24kc.ipk 231.968
nftables-nojson_0.9.6-1_mips_24kc.ipk 204.731
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Mon, 24 Aug 2020 10:04:38 +0000 (12:04 +0200)]
libnftnl: Update to version 1.1.7
The ipk sizes for mips_24Kc change like this:
old:
libnftnl12_1.1.5-1_mips_24kc.ipk 46.252
new:
libnftnl12_1.1.7-1_mips_24kc.ipk 47.459
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Mon, 24 Aug 2020 10:04:15 +0000 (12:04 +0200)]
jansson: Update to version 2.13.1
This also sets the ABI_VERSION as this is a versioned shared library.
The ipk sizes for mips_24Kc change like this:
old:
jansson_2.12-1_mips_24kc.ipk 18.692
new:
jansson4_2.13.1-1_mips_24kc.ipk 19.171
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
John Audia [Sat, 5 Sep 2020 17:43:41 +0000 (13:43 -0400)]
kernel: bump 5.4 to 5.4.63
Manually merged:
hack-5.4
230-openwrt_lzma_options.patch
bcm27xx
950-0283-hid-usb-Add-device-quirks-for-Freeway-Airmouse-T3-an.patch
x86
011-tune_lzma_options.patch
Remove upstreamed patches in collaboration with Ansuel Smith:
ipq806x
093-1-v5.8-ipq806x-PCI-qcom-Add-missing-ipq806x-clocks-in-PCIe-driver.patch
093-2-v5.8-ipq806x-PCI-qcom-Change-duplicate-PCI-reset-to-phy-reset.patch
093-3-v5.8-ipq806x-PCI-qcom-Add-missing-reset-for-ipq806x.patch
All other modifications made by update_kernel.sh
Build-tested: bcm27xx/bcm2708, ipq806x, x86/64
Run-tested: ipq806x (R7800), x86/64
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[update commit message/tested]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Sun, 6 Sep 2020 17:50:36 +0000 (19:50 +0200)]
ath25: disable devices with 4M flash
Devices with 4M flash are not built be default for 20.xx anymore.
Building them with buildbot settings does not work anymore anyway.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Sun, 6 Sep 2020 15:24:36 +0000 (17:24 +0200)]
ath25: apply vendor_model scheme
This applies the vendor_model scheme for this target as well, so
naming is consistent throughout supported targets.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Sergey Ryazanov [Fri, 4 Sep 2020 23:51:31 +0000 (02:51 +0300)]
ath25: eth: fix crash on skb DMA (un-)map
AR2315 Ethernet driver pass NULL instead of a real device pointer to DMA
(un-)map calls. With kernel version 5.4 such behaviour causes a kernel
panic. Fix this issue by preserving device pointer during the probe
procedure and pass it to each skb data DMA (un-)map call.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Sergey Ryazanov [Sun, 6 Sep 2020 15:00:08 +0000 (17:00 +0200)]
ath25: fix ethernet supported link modes for ar2313
Rework ethernet supported link modes to linkmode bitmask.
This is needed to suppress compilation errors:
drivers/net/ethernet/atheros/ar231x/ar231x.c:1153:20: ...
error: assignment to expression with array type
phydev->supported &= (SUPPORTED_10baseT_Half
^~
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
[cut out of bigger patch, adjust commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Mon, 13 Apr 2020 17:11:22 +0000 (19:11 +0200)]
ath25: fix compilation for AR2315 MTD driver
Kernel commit
e7bfb3fdbde3 ("mtd: Stop updating erase_info->state
and calling mtd_erase_callback()") removed erase_info->state
updates and calls of mtd_erase_callback().
Drop these erase callback invocations from AR2315 MTD driver as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Sun, 6 Sep 2020 12:08:43 +0000 (14:08 +0200)]
ath25: update config for kernel 5.4
Update config with make kernel_oldconfig.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Mon, 13 Apr 2020 17:11:20 +0000 (19:11 +0200)]
ath25: refresh patches for kernel 5.4
Refresh patches to make them apply to kernel 5.4.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Sun, 6 Sep 2020 11:57:27 +0000 (13:57 +0200)]
ath25: add back target support
Discussion on the mailing list reveals that this target has active
users. As we are finally able to upgrade this target to kernel 5.4,
add it back to master.
This reverts commit
7d29a5571403 ("ath25: drop target") and
immediately moves the relevant files to 5.4, without touching
the content.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Wed, 2 Sep 2020 11:19:59 +0000 (13:19 +0200)]
ath79: drop Build/loader-kernel-cmdline
This is the same as loader-kernel since the KERNEL_CMDLINE
parameter has been removed in [1] and not used at all anyway.
Remove it.
[1]
f77db1a59036 ("ath79: cleanup image build code")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Paul Spooren <mail@aparcar.org>
Josh Bendavid [Tue, 14 Jul 2020 15:39:21 +0000 (17:39 +0200)]
ramips: add support for D-Link DIR-2660 A1
This patch adds support for D-Link DIR-2660 A1.
Specifications:
* Board: AP-MTKH7-0002
* SoC: MediaTek MT7621AT
* RAM: 256 MB (DDR3)
* Flash: 128 MB (NAND)
* WiFi: MediaTek MT7615N (x2)
* Switch: 1 WAN, 4 LAN (Gigabit)
* Ports: 1 USB 2.0, 1 USB 3.0
* Buttons: Reset, WPS
* LEDs: Power (white/orange), Internet (white/orange), WiFi 2.4G (white),
WiFi 5G (white), USB 3.0 (white), USB 2.0 (white)
Notes:
* WiFi 2.4G and WiFi 5G LEDs are wired directly to the wireless chips
Installation:
* D-Link Recovery GUI: power down the router, press and hold the reset
button, then re-plug it. Keep the reset button pressed until the power
LED starts flashing orange, manually assign a static IP address under
the 192.168.0.xxx subnet (e.g. 192.168.0.2) and go to http://192.168.0.1
* Some modern browsers may have problems flashing via the Recovery GUI,
if that occurs consider uploading the firmware through cURL:
curl -v -i -F "firmware=@file.bin" 192.168.0.1
MAC addresses:
lan factory 0xe000 *:a7 (label)
wan factory 0xe006 *:aa
2.4 factory 0xe000 +1 *:a8
5.0 factory 0xe000 +2 *:a9
Seems like vendor didn't replace the dummy entries in the calibration data.
Signed-off-by: Josh Bendavid <joshbendavid@gmail.com>
[rebase onto already merged DIR-1960 A1, add MAC addresses to commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Felix Fietkau [Sun, 6 Sep 2020 11:29:48 +0000 (13:29 +0200)]
kernel: backport GRO improvements
Improves network performance
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 6 Sep 2020 11:28:59 +0000 (13:28 +0200)]
kernel: backport improved checksum function for ARM64
Improves network performance in some cases when checksum offload is not
available
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 6 Sep 2020 10:19:32 +0000 (12:19 +0200)]
mediatek/mt7622: adjust kernel cpu features to match the hardware
Disable unnecessary errata/features
Enable potentially needed ones
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Christian Lamparter [Thu, 3 Sep 2020 19:24:16 +0000 (21:24 +0200)]
apm821xx: provide legacy interrupts for PCIe in DT
Devices with PCIe-Switches like the WNDR4700, MR24 and WNDAP660
need to have the interrupts property specified in the device-tree
for the legacy pci interrupt signaling method to work.
If the proper interrupt value is not specified, the default INTA
IRQ 12 is taken for all devices. This is especially bad, if the
device is setup to use INTC, because these interrupts will not
be serviced.
Russell Senior reported his experience on the MR24:
"The symptom is client devices can't see the beacons.
Wifi ifaces appear, can scan and hear other networks,
but clients can't see the MR24's SSIDs."
(The interrupts-property on the WNDAP620 was optional since it
uses INTA by default. Likewise the MX60W is in the same category)
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian Lamparter [Sun, 30 Aug 2020 02:42:54 +0000 (04:42 +0200)]
base-files: support label-property-less in get_dt_leds
The LED's "label" property has been deprecated in upstream by:
|commit
c5d18dd6b64e09dd6984bda9bdd55160af537a8c
|Author: Jacek Anaszewski <jacek.anaszewski@gmail.com>
|Date: Sun Jun 9 20:19:04 2019 +0200
|
| dt-bindings: leds: Add properties for LED name construction
|
| Introduce dedicated properties for conveying information about
| LED function and color. Mark old "label" property as deprecated.
|
| Additionally function-enumerator property is being provided
| for the cases when neither function nor color can be used
| for LED differentiation.
in order to be somewhat prepared, this patch adds a fallback
as a last resort to make the current led code work by falling
back to the node-name as the "label".
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Hans Dedecker [Sat, 5 Sep 2020 17:12:28 +0000 (19:12 +0200)]
ppp: update to latest git HEAD
af30be0 Fix setting prefix for IPv6 link-local addresss
0314df4 Disable asking password again when prompt program returns 128
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
David Bauer [Sat, 5 Sep 2020 10:58:07 +0000 (12:58 +0200)]
firewall: bump to latest HEAD
8c2f9fa fw3: zones: limit zone names to 11 bytes
78d52a2 options: fix parsing of boolean attributes
Signed-off-by: David Bauer <mail@david-bauer.net>
Felix Fietkau [Sat, 5 Sep 2020 09:19:11 +0000 (11:19 +0200)]
build: fix extreme build system slowdown caused by SOURCE_DATE_EPOCH changes
Adding inline shell invocations in per-target variables causes them to be
executed over and over again, which causes a significant slowdown.
Fix this by evaluating it only once per package directory
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 4 Sep 2020 17:41:46 +0000 (19:41 +0200)]
mediatek: enable coherent DMA for ethernet and PCI
Improves performance by eliminating the need for extra cache flushes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 4 Sep 2020 17:41:33 +0000 (19:41 +0200)]
mediatek: fix an irq handling issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 4 Sep 2020 16:30:07 +0000 (18:30 +0200)]
mediatek/ramips: add patch to avoid unnecessary rearming of interrupts
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 25 Aug 2020 08:18:52 +0000 (10:18 +0200)]
mediatek: disable packet steering by default
mt76 now spreads the load over multiple CPUs more smoothly, processing
ethernet packets should be faster running on one core
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 26 Aug 2020 10:30:12 +0000 (12:30 +0200)]
mac80211: add preliminary support for enabling 802.11ax in config
No advanced features are configurable yet, just basic enabling of HE modes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 4 Sep 2020 10:31:17 +0000 (12:31 +0200)]
mediatek: enable kernel PCIe ASPM support, refresh kernel config
Improves performance on PCIe devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Daniel Golle [Fri, 4 Sep 2020 01:49:23 +0000 (02:49 +0100)]
libselinux: package executables into -utils
Add new package libselinux-utils containing the executable
utilities included with libselinux.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Yangbo Lu [Thu, 20 Aug 2020 12:30:38 +0000 (20:30 +0800)]
layerscape: fix linux headers install issue
The linux upstream commit had treated config leak as error.
5967577 scripts: headers_install: Exit with error on config leak
It is causing below build issue. Provide a kernel patch to fix
it by replacing CONFIG_COMPAT kernel option with FM_COMPAT instead.
HDRINST usr/include/linux/fmd/integrations/integration_ioctls.h
HDRINST usr/include/linux/fmd/Peripherals/fm_port_ioctls.h
error: include/uapi/linux/fmd/Peripherals/fm_port_ioctls.h: leak
CONFIG_COMPAT to user-space
scripts/Makefile.headersinst:63: recipe for target
'usr/include/linux/fmd/Peripherals/fm_port_ioctls.h' failed
make[5]: *** [usr/include/linux/fmd/Peripherals/fm_port_ioctls.h] Error 1
Makefile:1198: recipe for target 'headers' failed
make[4]: *** [headers] Error 2
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Paul Spooren [Wed, 2 Sep 2020 00:32:45 +0000 (14:32 -1000)]
config: add KERNEL_LSM symbol
The LSM (Linux security mechanism) list is the successor of the now
legacy *major LSM*. Instead of defining a single security mechanism the
LSM symbol is a comma separated list of mechanisms to load.
Until recently OpenWrt would only support DAC (Unix discretionary access
controls) which don't require an additional entry in the LSM list. With
the newly introduced SELinux support the LSM needs to be extended else
only a manual modified Kernel cmdline (`security=selinux`) would
activate SELinux.
As the default OpenWrt Kernel config sets DAC as default security
mechanism, SELinux is stripped from the LSM list, even if
`KERNEL_DEFAULT_SECURITY_SELINUX` is activated. To allow SELinux without
a modified cmdline this commit sets a specific LSM list if
`KERNEL_SECURITY_SELINUX` is enabled.
The upstream Kconfig adds even more mechanisms
(smack,selinux,tomoyo,apparmor), but until they're ported to OpenWrt,
these can be ignored.
To compile SELinux Kernel support but disable it from loading, the
already present options `KERNEL_SECURITY_SELINUX_DISABLE` or
`KERNEL_SECURITY_SELINUX_BOOTPARAM` (with custom cmdline `selinux=0`)
can be used. Further it's possible to edit `/etc/selinux/config`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Russell Morris [Wed, 25 Dec 2019 00:38:36 +0000 (18:38 -0600)]
ramips: add support for HooToo HT-TM05
The HooToo HT-TM05 is a battery powered router, with an Ethernet and USB port.
Vendor U-Boot limited to 1.5 MB kernel size, so use lzma loader (loader-okli).
Specifications:
SOC: MediaTek MT7620N
BATTERY: 10400mAh
WLAN: 802.11bgn
LAN: 1x 10/100 Mbps Ethernet
USB: 1x USB 2.0 (Type-A)
RAM: 64 MB
FLASH: GigaDevice GD25Q64, Serial 8 MB Flash, clocked at 50 MHz
Flash itself specified to 80 MHz, but speed limited by mt7620 SPI
fast-read enabled (m25p)
LED: Status LED (blue after boot, green with WiFi traffic
4 leds to indicate power level of the battery (unable to control)
INPUT: Power, reset button
MAC assignment based on vendor firmware:
2.4 GHz *:b4 (factory 0x04)
LAN/label *:b4 (factory 0x28)
WAN *:b5 (factory 0x2e)
Tested and working:
- Ethernet
- 2.4 GHz WiFi (Correct MAC-address)
- Installation from TFTP (recovery)
- OpenWRT sysupgrade (Preserving and non-preserving), through the usual
ways: command line and LuCI
- LEDs (except as noted above)
- Button (reset)
- I2C, which is needed for reading battery charge status and level
- U-Boot environment / variables (from U-Boot, and OpenWrt)
Installation:
- Download the needed OpenWrt install files, place them in the root
of a clean TFTP server running on your computer. Rename the files as,
- ramips-mt7620-hootoo_tm05-squashfs-kernel.bin => kernel
- ramips-mt7620-hootoo_tm05-squashfs-rootfs.bin => rootfs
- Plug the router into your computer via Ethernet
- Set your computer to use 10.10.10.254 as its IP address
- With your router shut down, hold down the power button until the first
white LED lights up.
- Push and hold the reset button and release the power button. Continue
holding the reset button for 30 seconds or until it begins searching
for files on your TFTP server, whichever comes first.
- The router (10.10.10.128) will look for your computer at 10.10.10.254
and install the two files. Once it has finished installation, it will
automatically reboot and start up OpenWrt.
- Set your computer to use DHCP for its IP address
Notes:
- U-Boot environment can be modified, u-boot-env is preserved on initial
install or sysupgrade
- mtd-concat functionality is included, to leave a "hole" for u-boot-env,
combining the OEM kernel and rootfs partitions
I would like to thank @mpratt14 and @xabolcs for their help getting the
lzma loader to work!
Signed-off-by: Russell Morris <rmorris@rkmorris.us>
[drop changes in image/Makefile, fix indent and PKG_RELEASE in
uboot-envtools, fix LOADER_FLASH_OFFS, minor commit message facelift,
add COMPILE to Device/Default]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Chuanhong Guo [Wed, 2 Sep 2020 06:22:30 +0000 (14:22 +0800)]
ramips: image: add recipe for OKLI loader
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Chuanhong Guo [Wed, 2 Sep 2020 06:22:29 +0000 (14:22 +0800)]
ramips: lzma-loader: make FLASH_START configurable
FLASH_START is supposed to point at the memory area where NOR flash are
mapped. We currently have an incorrect FLASH_START copied from ar71xx
back then and the loader doesn't work under OKLI mode.
On ramips, mt7621 has it's flash mapped to 0x1fc00000 and other SoCs
uses 0x1c000000. This commit makes FLASH_START a configurable value to
handle both cases.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Rosen Penev [Wed, 2 Sep 2020 21:25:19 +0000 (14:25 -0700)]
policycoreutils: add nls.mk
Fixes compilation under uClibc-ng.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Adrian Schmutzler [Fri, 7 Aug 2020 12:21:10 +0000 (14:21 +0200)]
kernel: remove obsolete kernel version switches for 4.14
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.
This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 7 Aug 2020 12:29:11 +0000 (14:29 +0200)]
kernel: remove support for kernel 4.14
No target uses kernel 4.14 anymore.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 7 Aug 2020 14:35:05 +0000 (16:35 +0200)]
ramips: drop support for kernel 4.14
The target seems to be working on 5.4, so drop 4.14 support in
preparation for removing it from master entirely.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Thu, 20 Aug 2020 12:26:27 +0000 (14:26 +0200)]
pistachio: drop support for kernel 4.14
The target seems to be working on 5.4, so drop 4.14 support in
preparation for removing it from master entirely.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 7 Aug 2020 14:34:09 +0000 (16:34 +0200)]
arc770: drop support for kernel 4.14
The target seems to be working on 5.4, so drop 4.14 support in
preparation for removing it from master entirely.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 7 Aug 2020 14:11:39 +0000 (16:11 +0200)]
samsung: drop target
This target is still on kernel 4.14, and no attempt has been made to
update it to a newer kernel. Since we already are two LTS versions ahead
of that the target is dropped, as the chance of somebody bumping it will
only decrease with time.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 7 Aug 2020 14:08:28 +0000 (16:08 +0200)]
rb532: drop target
This target is still on kernel 4.14, and recent attempts to move it to
kernel 5.4 have not led to success. The device tester reported that it
wouldn't boot with the following messages:
From sysupgrade:
Press any key within 4 seconds to enter setup....
loading kernel from nand... OK
setting up elf image... OK
jumping to kernel code
At this point the system hangs.
From CompactFlash:
Press any key within 4 seconds to enter setup....
Booting CF
Loading kernel... done
setting up elf image... kernel out of range kernel loading failed
The tester reported that the same was observed with current master
(kernel 4.14) as well. This looks like some kernel size restriction.
Since this target is quite old and only supports one device, and since
nobody else seemed interested in working on this for quite some time,
I decided to not put further work into analyzing the problem and drop
this together with the other 4.14-only targets.
Patchwork series:
https://patchwork.ozlabs.org/project/openwrt/list/?series=197066&state=*
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Fri, 7 Aug 2020 13:58:52 +0000 (15:58 +0200)]
ath25: drop target
This target still only works with kernel 4.14, and not so recent
attempts of getting newer kernel versions supported did not lead
to success. Therefore, drop the target, as we are already two
LTS kernel versions ahead and it does not seem like anybody will
pick up the work.
Patchwork series:
https://patchwork.ozlabs.org/project/openwrt/list/?series=169991&state=*
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Mon, 31 Aug 2020 11:27:57 +0000 (13:27 +0200)]
tools: sort alphabetically
This sorts the added tools and builddir dependencies alphabetically
to make it easier to find something in the Makefile.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Mon, 31 Aug 2020 11:17:54 +0000 (13:17 +0200)]
tools: drop unused upslug2 and wrt350nv2-builder
These tools have been used by the orion target which has been
removed in Jan 2020 [1].
Both were specifically meant for the WRT350Nv2, which is not
supported anymore.
So, let's remove them as well.
[1]
89f2deb372b7 ("orion: remove unmaintained target")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Magnus Kroken [Tue, 1 Sep 2020 20:28:25 +0000 (22:28 +0200)]
mbedtls: update to 2.16.8
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.
* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.
Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Walter Sonius [Tue, 1 Sep 2020 21:49:54 +0000 (23:49 +0200)]
base-files: fix comment typo in lib/functions/network.sh
Fix typo in comment.
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Daniel Golle [Tue, 1 Sep 2020 20:31:20 +0000 (21:31 +0100)]
hostapd: add hs20 variant
Add hostapd variant compiled with support for Hotspot 2.0 AP features.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Felix Fietkau [Tue, 1 Sep 2020 13:37:14 +0000 (15:37 +0200)]
tools/squashfskit4: fix build on non-linux systems
The xattr related function calls are linux specific
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 29 Aug 2020 05:50:07 +0000 (07:50 +0200)]
mac80211: remove an obsolete patch that is no longer doing anything useful
Signed-off-by: Felix Fietkau <nbd@nbd.name>