Commit Graph

17311 Commits (master)

Author SHA1 Message Date
Felix Fietkau acf1733496 mac80211: add preliminary support for enabling 802.11ax in config
No advanced features are configurable yet, just basic enabling of HE modes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-04 15:49:35 +02:00
Daniel Golle c2c701e058 libselinux: package executables into -utils
Add new package libselinux-utils containing the executable
utilities included with libselinux.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-04 02:50:20 +01:00
Russell Morris 45a81f7056 ramips: add support for HooToo HT-TM05
The HooToo HT-TM05 is a battery powered router, with an Ethernet and USB port.
Vendor U-Boot limited to 1.5 MB kernel size, so use lzma loader (loader-okli).

Specifications:

  SOC:     MediaTek MT7620N
  BATTERY: 10400mAh
  WLAN:    802.11bgn
  LAN:     1x 10/100 Mbps Ethernet
  USB:     1x USB 2.0 (Type-A)
  RAM:     64 MB
  FLASH:   GigaDevice GD25Q64, Serial 8 MB Flash, clocked at 50 MHz
           Flash itself specified to 80 MHz, but speed limited by mt7620 SPI
           fast-read enabled (m25p)
  LED:     Status LED (blue after boot, green with WiFi traffic
           4 leds to indicate power level of the battery (unable to control)
  INPUT:   Power, reset button

MAC assignment based on vendor firmware:

  2.4 GHz    *:b4   (factory 0x04)
  LAN/label  *:b4   (factory 0x28)
  WAN        *:b5   (factory 0x2e)

Tested and working:

 - Ethernet
 - 2.4 GHz WiFi (Correct MAC-address)
 - Installation from TFTP (recovery)
 - OpenWRT sysupgrade (Preserving and non-preserving), through the usual
   ways: command line and LuCI
 - LEDs (except as noted above)
 - Button (reset)
 - I2C, which is needed for reading battery charge status and level
 - U-Boot environment / variables (from U-Boot, and OpenWrt)

Installation:

 - Download the needed OpenWrt install files, place them in the root
   of a clean TFTP server running on your computer. Rename the files as,
   - ramips-mt7620-hootoo_tm05-squashfs-kernel.bin => kernel
   - ramips-mt7620-hootoo_tm05-squashfs-rootfs.bin => rootfs
 - Plug the router into your computer via Ethernet
 - Set your computer to use 10.10.10.254 as its IP address
 - With your router shut down, hold down the power button until the first
   white LED lights up.
 - Push and hold the reset button and release the power button. Continue
   holding the reset button for 30 seconds or until it begins searching
   for files on your TFTP server, whichever comes first.
 - The router (10.10.10.128) will look for your computer at 10.10.10.254
   and install the two files. Once it has finished installation, it will
   automatically reboot and start up OpenWrt.
 - Set your computer to use DHCP for its IP address

Notes:

 - U-Boot environment can be modified, u-boot-env is preserved on initial
   install or sysupgrade
 - mtd-concat functionality is included, to leave a "hole" for u-boot-env,
   combining the OEM kernel and rootfs partitions

I would like to thank @mpratt14 and @xabolcs for their help getting the
lzma loader to work!

Signed-off-by: Russell Morris <rmorris@rkmorris.us>
[drop changes in image/Makefile, fix indent and PKG_RELEASE in
uboot-envtools, fix LOADER_FLASH_OFFS, minor commit message facelift,
add COMPILE to Device/Default]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-03 14:15:30 +02:00
Rosen Penev 7a5e4f5f00 policycoreutils: add nls.mk
Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-09-03 00:33:20 +01:00
Adrian Schmutzler 6362a04725 kernel: remove obsolete kernel version switches for 4.14
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.

This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:23 +02:00
Adrian Schmutzler bc88ee0aff samsung: drop target
This target is still on kernel 4.14, and no attempt has been made to
update it to a newer kernel. Since we already are two LTS versions ahead
of that the target is dropped, as the chance of somebody bumping it will
only decrease with time.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Adrian Schmutzler 7d29a55714 ath25: drop target
This target still only works with kernel 4.14, and not so recent
attempts of getting newer kernel versions supported did not lead
to success. Therefore, drop the target, as we are already two
LTS kernel versions ahead and it does not seem like anybody will
pick up the work.

Patchwork series:
https://patchwork.ozlabs.org/project/openwrt/list/?series=169991&state=*

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 16:29:22 +02:00
Magnus Kroken 66893063ab mbedtls: update to 2.16.8
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.

* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-09-02 15:12:12 +02:00
Walter Sonius 46abcb3ade base-files: fix comment typo in lib/functions/network.sh
Fix typo in comment.

Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-02 01:11:17 +02:00
Daniel Golle 80a194b100 hostapd: add hs20 variant
Add hostapd variant compiled with support for Hotspot 2.0 AP features.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 21:37:35 +01:00
Felix Fietkau 91fb3ce56b mac80211: remove an obsolete patch that is no longer doing anything useful
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Felix Fietkau 2c14710c54 mac80211: add more AQL fixes/improvements
Fix aggregation length estimation, add HE and VHT160 support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-01 17:01:56 +02:00
Daniel Golle 76368a5c0a refpolicy: skip building docs
Building docs requires xmllint and other bulky things being present on
the host. Skip that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 14:35:00 +01:00
Daniel Golle d136848b8b libaudit: add host-build required by policycoreutils/host
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 14:24:07 +01:00
Daniel Golle 3ce21b8797 libsemanage: host-build depends on renamed libaudit package
Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 12:32:52 +01:00
Hauke Mehrtens 413fdc6676 ugps: update to the latest version
511a5b3 ugps: fix 64-bit time_t

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-01 13:04:44 +02:00
Hauke Mehrtens db8e09f1c2 fstools: update to the latest version
5345343 fstoools: add define for GLOB_ONLYDIR

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-01 13:01:15 +02:00
John Crispin 2ddd8387a7 uboot-mediatek: update to latest version
Signed-off-by: John Crispin <john@phrozen.org>
2020-09-01 09:08:52 +02:00
Daniel Golle 93ed51e5b6 libaudit: drop unused file
Drop init script from libaudit package. It will be added to the
'audit' package in the packages feed.

Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 00:32:54 +01:00
Paul Spooren 395ac4d018 build: opkg-key variable key folder
The key folder is used by `opkg` and `usign` to store and retrieve
trusted public keys. Using `opkg-key` outside a running device is
unfeasible as the key folder is hard coded to `/etc/opkg/keys`.

This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys`
if unset, however allows set arbitrary key folder locations.

Arbitrary key folder locations are useful to add signature verification
to the ImageBuilders.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 22:44:26 +01:00
Paul Spooren 18b1cc2838 px5g-wolfssl: cleanup Makefile and SPDX license
Minor cosmetic cleanups of the Makefile and add a SPDX compatible
license headers.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 22:29:37 +01:00
Daniel Golle 2e2425ce7f libsemanage: add missing package metadata
License and CPE-ID were missing, add them.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 22:02:12 +01:00
Daniel Golle efdf619f21 audit: build only libaudit
Turns out auditd depends on libev. Lets have that in packages.git.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 21:51:45 +01:00
Hauke Mehrtens 2b141ad392 strace: Update to version 5.8
Deactivate multiple personalities support, because this causes compile
problems at least on the x86/64 target. As OpenWrt compiles all
binaries itself all binaries will use the native personality which is
also used by strace. This change will make it impossible to debug i386
binaries on x86_64 OpenWrt targets for example.

Just deactivate it for ARM64 too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-31 22:15:26 +02:00
Rosen Penev 36d9ed360a util-linux: update to 2.36
hwclock was fixed to work with musl.

Unfortunately, the fix breaks under musl 1.2.x. Backported patch to fix
that.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Rosen Penev 879e68eafd libcxx: update to 10.0.0
Switched to upstream tarballs.

Switched to libcxxabi as using libsupc++ is quite wonky.

Fixed description.

Removed patches. The fixes are cosmetic.

Added ssp patch. This one is needed for i386 and powerpc under musl.

Compile tested every C++ package in the tree with the exception of
several boost packages. There's something broken with boost.

Ran tested with gerbera.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Rosen Penev 3f9bd9e8ee libcxxabi: add
This will be used for libcxx.

libcxxabi is needed as libsupc++ is not good enough for libcxx. It uses
GCC specific stuff which causes failed compilation for some packages.
There are also runtime issues, most notably with cxxopts where the
program just crashes.

Reference: https://github.com/gerbera/gerbera/issues/795

Added patch to fix ARM compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-31 22:11:23 +02:00
Daniel Golle 86307bc908 checkpolicy: build-depend on libselinux
Static libraries and headers of libselinux and libsepol are required
for checkpolicy to build.
Fixes error:
policy_parse.y:45:10: fatal error: sepol/policydb/expand.h: No such file or directory
 #include <sepol/policydb/expand.h>
          ^~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 20:45:14 +01:00
Daniel Golle c2996ee267 policycoreutils: fix i18n depends
Fixes build error:
load_policy.c:11:10: fatal error: libintl.h: No such file or directory
 #include <libintl.h>  /* for gettext() */
          ^~~~~~~~~~~
 compilation terminated.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 20:45:14 +01:00
Michael Pratt 22caf30a65 ath79: add support for Senao Engenius ENH202 v1
FCC ID: U2M-ENH200

Engenius ENH202 is an outdoor wireless access point with 2 10/100 ports,
built-in ethernet switch, internal antenna plates and proprietery PoE.

Specification:

  - Qualcomm/Atheros AR7240 rev 2
  - 40 MHz reference clock
  - 8 MB FLASH                  ST25P64V6P (aka ST M25P64)
  - 32 MB RAM
  - UART at J3                  (populated)
  - 2x 10/100 Mbps Ethernet     (built-in switch at gmac1)
  - 2.4 GHz, 2x2, 29dBm         (Atheros AR9280 rev 2)
  - internal antenna plates     (10 dbi, semi-directional)
  - 5 LEDs, 1 button            (LAN, WAN, RSSI) (Reset)

Known Issues:

  - Sysupgrade from ar71xx no longer possible
  - Power LED not controllable, or unknown gpio

MAC addresses:

  eth0/eth1  *:11   art 0x0/0x6
  wlan       *:10   art 0x120c

  The device label lists both addresses, WLAN MAC and ETH MAC,
  in that order.

  Since 0x0 and 0x6 have the same content, it cannot be
  determined which is eth0 and eth1, so we chose 0x0 for both.

Installation:

  2 ways to flash factory.bin from OEM:

  - Connect ethernet directly to board (the non POE port)
      this is LAN for all images
  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    In upper right select Reset
    "Restore to factory default settings"
    Wait for reboot and login again
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt boot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9f670000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, can cause kernel loop or halt

  The easiest way to return to the OEM software is the Failsafe image
  If you dont have a serial cable, you can ssh into openwrt and run

  `mtd -r erase fakeroot`

  Wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

Format of OEM firmware image:

  The OEM software of ENH202 is a heavily modified version
  of Openwrt Kamikaze bleeding-edge. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-enh202-uImage-lzma.bin
    openwrt-senao-enh202-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring, and by swapping headers to see
  what the OEM upgrade utility accepts and rejects.

  OKLI kernel loader is required because the OEM firmware
  expects the kernel to be no greater than 1024k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on built-in switch:

  ENH202 is originally configured to be an access point,
  but with two ethernet ports, both WAN and LAN is possible.

  the POE port is gmac0 which is preferred to be
  the port for WAN because it gives link status
  where swconfig does not.

Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[assign label_mac in 02_network, use ucidef_set_interface_wan,
use common device definition, some reordering]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-31 17:41:21 +02:00
Michael Pratt 6decbf3186 ath79: add support for Senao Engenius ENS202EXT v1
Engenius ENS202EXT v1 is an outdoor wireless access point with 2 10/100 ports,
with built-in ethernet switch, detachable antennas and proprietery PoE.

FCC ID:	A8J-ENS202

Specification:

  - Qualcomm/Atheros AR9341 v1
  - 535/400/200/40 MHz          (CPU/DDR/AHB/REF)
  - 64 MB of RAM
  - 16 MB of FLASH              MX25L12835F(MI-10G)
  - UART (J1) header on PCB     (unpopulated)
  - 2x 10/100 Mbps Ethernet     (built-in switch Atheros AR8229)
  - 2.4 GHz, up to 27dBm        (Atheros AR9340)
  - 2x external, detachable antennas
  - 7x LED (5 programmable in ath79), 1x GPIO button (Reset)

Known Issues:

  - Sysupgrade from ar71xx no longer possible
  - Ethernet LEDs stay on solid when connected, not programmable

MAC addresses:

  eth0/eth1  *:7b   art 0x0/0x6
  wlan       *:7a   art 0x1002

  The device label lists both addresses, WLAN MAC and ETH MAC,
  in that order.

  Since 0x0 and 0x6 have the same content, it cannot be
  determined which is eth0 and eth1, so we chose 0x0 for both.

Installation:

  2 ways to flash factory.bin from OEM:

  - Connect ethernet directly to board (the non POE port)
      this is LAN for all images
  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    In upper right select Reset
    "Restore to factory default settings"
    Wait for reboot and login again
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt boot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fdf0000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

  *If you are unable to get network/LuCI after flashing*
  You must perform another factory reset:

    After waiting 3 minutes or when Power LED stop blinking:

    Hold Reset button for 15 seconds while powered on
    or until Power LED blinks very fast

    release and wait 2 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions

  *DISCLAIMER*
  The Failsafe image is unique to this model.
  The following directions are unique to this model.
  DO NOT downgrade to ar71xx this way, can cause kernel loop

  The easiest way to return to the OEM software is the Failsafe image
  If you dont have a serial cable, you can ssh into openwrt and run

  `mtd -r erase fakeroot`

  Wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

TFTP Recovery:

  For some reason, TFTP is not reliable on this board.
  Takes many attempts, many timeouts before it fully transfers.

  Starting with an initramfs.bin:

  Connect to ethernet
  set IP address and TFTP server to 192.168.1.101
  set up infinite ping to 192.168.1.1
  rename the initramfs.bin to "vmlinux-art-ramdisk" and host on TFTP server
  disconnect power to the board
  hold reset button while powering on board for 8 seconds

  Wait a minute, power LED should blink eventually if successful
  and a minute after that the pings should get replies
  You have now loaded a temporary Openwrt with default settings temporarily.
  You can use that image to sysupgrade another image to overwrite flash.

Format of OEM firmware image:

  The OEM software of ENS202EXT is a heavily modified version
  of Openwrt Kamikaze bleeding-edge. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-ens202ext-uImage-lzma.bin
    openwrt-senao-ens202ext-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring, and by swapping headers to see
  what the OEM upgrade utility accepts and rejects.

Note on the factory.bin:

  The newest kernel is too large to be in the kernel partition

  the new ath79 kernel is beyond   1592k
  Even ath79-tiny is               1580k

  Checksum fails at boot because the bootloader (modified uboot)
  expects kernel to be 1536k. If the kernel is larger, it gets
  overwritten when rootfs is flashed, causing a broken image.
  The mtdparts variable is part of the build and saving a new
  uboot environment will not persist after flashing.
  OEM version might interact with uboot or with the custom
  OEM partition at 0x9f050000.

  Failed checksums at boot cause failsafe image to launch,
  allowing any image to be flashed again.

  HOWEVER: one should not install older Openwrt from failsafe
  because it can cause rootfs to be unmountable,
  causing kernel loop after successful checksum.
  The only way to rescue after that is with a serial cable.

  For these reasons, a fake kernel (OKLI kernel loader)
  and fake squashfs rootfs is implemented to take care of
  the OEM firmware image verification and checksums at boot.
  The OEM only verifies the checksum of the first image
  of each partition respectively, which is the loader
  and the fake squashfs. This completely frees
  the "firmware" partition from all checks.

  virtual_flash is implemented to make use of the wasted space.
  this leaves only 2 erase blocks actually wasted.

  The loader and fakeroot partitions must remain intact, otherwise
  the next boot will fail, redirecting to the Failsafe image.

  Because the partition table required is so different
  than the OEM partition table and ar71xx partition table,
  sysupgrades are not possible until one switches to ath79 kernel.

Note on sysupgrade.tgz:

  To make things even more complicated, another change is needed to
  fix an issue where network does not work after flashing from either
  OEM software or Failsafe image, which implants the OEM (Openwrt Kamikaze)
  configuration into the jffs2 /overlay when writing rootfs from factory.bin.

  The upgrade script has this:

    mtd -j "/tmp/_sys/sysupgrade.tgz" write "${rootfs}" "rootfs"

  However, it also accepts scripts before and after:

    before_local="/etc/before-upgradelocal.sh"
    after_local="/etc/after-upgradelocal.sh"
    before="before-upgrade.sh"
    after="after-upgrade.sh"

  Thus, we can solve the issue by making the .tgz an empty file
  by making a before-upgrade.sh in the factory.bin

Note on built-in switch:

  There is two ports on the board, POE through the power supply brick,
  the other is on the board. For whatever reason, in the ar71xx target,
  both ports were on the built-in switch on eth1. In order to make use
  of a port for WAN or a different LAN, one has to set up VLANs.

  In ath79, eth0 and eth1 is defined in the DTS so that the
  built-in switch is seen as eth0, but only for 1 port
  the other port is on eth1 without a built-in switch.

  eth0: switch0
    CPU is port 0
    board port is port 1

  eth1: POE port on the power brick

  Since there is two physical ports,
  it can be configured as a full router,
  with LAN for both wired and wireless.

  According to the Datasheet, the port that is not on the switch
  is connected to gmac0. It is preferred that gmac0 is chosen as WAN
  over a port on an internal switch, so that link status can pass
  to the kernel immediately which is more important for WAN connections.

Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[apply sorting in 01_leds, make factory recipe more generic, create common
device node, move label-mac to 02_network, add MAC addresses to commit
message, remove kmod-leds-gpio, use gzip directly]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-31 17:41:21 +02:00
Daniel Golle e868809861 libsemanage: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[removed python part for inclusion in core]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 13:52:05 +01:00
Thomas Petazzoni 73912b850b audit: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[fix build with GCC 10 and disable MIPS16 as build emits sync instruction]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 13:38:12 +01:00
Tony Ambardar 2f0d672088 bpftools: add utility and library packages supporting eBPF usage
Add support for building bpftool and libbpf from the latest 5.8.3 kernel
sources, ensuring up-to-date functionality and fixes. Both are written to
be backwards compatible, which simplfies build and usage across different
OpenWRT image kernels.

'bpftool' is the primary userspace tool widely used for introspection and
manipulation of eBPF programs and maps. Two variants are built: a 'full'
version which supports object disassembly and depends on libbfd/libopcodes
(total ~500KB); and a 'minimal' version without disassembly functions and
dependencies. The default 'minimal' variant is otherwise fully functional,
and both are compiled using LTO for further (~30KB) size reductions.

'libbpf' provides shared/static libraries and dev files needed for building
userspace programs that perform eBPF interaction.

Several cross-compilation and build-failure problems are addressed by new
patches and ones backported from farther upstream:

  * 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
  * 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
  * 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
  * 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-08-31 12:23:59 +01:00
Paul Spooren c1875d1ebb build: switch VERSION_REPO to HTTPS
The variable VERSION_REPO is used by opkg to download package(list)s.
Now that the default installation support encrypted HTTP opkg should
make use of it.

Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
2020-08-31 11:26:10 +01:00
Paul Spooren 35f2116519 treewide: https for downloads.openwrt.org sources
Instead of using http and https for source downloads from
downloads.openwrt.org, always use https for it's better security.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:26:10 +01:00
Paul Spooren 62d5ec7306 build: store SourceDateEpoch in manifest
The usage of granular `SOURCE_DATE_EPOCH` for packages is an
incrementing integer which could be useful for downstream tooling,
therefore add it to the packages manifest.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:18:06 +01:00
Paul Spooren 7d26f294cd busybox: Use PKG_FILE_MODES for SUID
Instead of using INSTALL_SUID use the more flexible PKG_FILE_MODES
variable withn the Makefile to set the SUID bit.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:15:17 +01:00
Daniel Golle 2bd55d0a2b opkg: update to git HEAD
4318ab1 opkg: allow to configure the path to the signature verification script
 cf44c2f libopkg: fix compiler warning

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 11:03:24 +01:00
Paul Spooren 976d3e2234 px5g: rename to px5g-mbedtls
Two versions of `px5g` exists without sharing code. For clarification
rename the previously existing MbedTLS based version to `px5g-mbedtls`
to exists next to `px5g-wolfssl`.

Rename code file of MbedTLS from `px5g.c` to `px5g-mbedtls.c`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00
Paul Spooren 7078294b59 px5g-wolfssl: add package
This package creates certificates and private keys, just like `px5g`
does. Hower it uses WolfSSL rather than MbedTLS.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00
Paul Spooren 367c23740f wolfssl: add certgen config option
The option allows to generate certificates.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00
Hans Dedecker 9ee27c232e nghttp2: move to packages.git
As the package curl has been moved to packages.git and only libcurl
depends on libnghttps move it as well to packages.git.
This is based on the Hamburg  2019 decision that non essential packages
should move outside base.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-31 08:01:27 +02:00
Thomas Petazzoni e5e54e52f7 refpolicy: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 2.20200229, adjust Makefile, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Thomas Petazzoni 21992303fa checkpolicy: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Thomas Petazzoni d28adeb37d policycoreutils: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, use ALTERNATIVES, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Sven Wegener 6a9c76a6c4 leds: add activity led trigger kernel module package
The activity trigger flashes like the heartbeat trigger, but adjusts
based on system load.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens 4e2a994d2d ethtool: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
ethtool_5.4-1_mips_24kc.ipk	101.909

new:
ethtool_5.8-1_mips_24kc.ipk	109.699

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens 0b2f97beed iproute2: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
ip-full_5.7.0-2_mips_24kc.ipk	165.786
ip-tiny_5.7.0-2_mips_24kc.ipk	117.730
tc_5.7.0-2_mips_24kc.ipk	144.405

new:
ip-full_5.8.0-1_mips_24kc.ipk	169.775
ip-tiny_5.8.0-1_mips_24kc.ipk	119.808
tc_5.8.0-1_mips_24kc.ipk	149.053

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens ca5ee6eba3 mac80211: Fix potential endless loop
Backport a fix from kernel 5.8.3.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-30 22:21:34 +02:00
Adrian Schmutzler 4e4ee46495 ar71xx: drop target
This target has been mostly replaced by ath79 and won't be included
in the upcoming release anymore. Finally put it to rest.

This also removes all references in packages, tools, etc. as well as
the uboot-ar71xx and vsc73x5-ucode packages.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-30 22:18:35 +02:00
Aaron Goodman 47b2ee2d9a wireguard-tools: add tunlink option for hostroute
In a multi-wan setup, netifd may need guidance on which wan device to
use to create the route to the remote peer.

This commit adds a 'tunlink' option similar to other tunneling interfaces
such as 6in4, 6rd, gre, etc.

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
2020-08-30 21:47:13 +02:00
Paul Spooren a5d030a54f curl: move package to packages.git
curl is replaced by uclient-fetch within the OpenWrt build system and we
can therefore move curl to packages.git. This is based on the Hamburg
2019 decision that non essential packages should move outside base.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-27 21:18:21 +02:00
Hauke Mehrtens bc19481826 hostapd: Fix compile errors after wolfssl update
This fixes the following compile errors after the wolfssl 4.5.0 update:
  LD  wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
    type = GEN_EMAIL;
           ^~~~~~~~~
           ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
    type = GEN_DNS;
           ^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
    type = GEN_URI;
           ^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
   if (gen->type != GEN_EMAIL &&
                    ^~~~~~~~~
                    ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
       gen->type != GEN_DNS &&
                    ^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
       gen->type != GEN_URI)
                    ^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed

Fixes: 00722a720c ("wolfssl: Update to version 4.5.0")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-27 12:11:47 +02:00
Hauke Mehrtens c1aa2d4411 mtd-utils: Update to version 2.1.2
The release notes says this:
As already said, the changes since 2.1.1 are primarily bug fixes, addressing
compiler warnings and issues reported by diagnostic tools, but also build
failures for some configurations.
https://lists.infradead.org/pipermail/linux-mtd/2020-July/081299.html

The size of the ubi-utils ipk increases on mips BE by 0.2%
old:
ubi-utils_2.1.1-1_mips_24kc.ipk:	70992
new:
ubi-utils_2.1.2-1_mips_24kc.ipk:	71109

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 23:29:35 +02:00
Hauke Mehrtens 00722a720c wolfssl: Update to version 4.5.0
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk:	386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk:	391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 23:29:30 +02:00
Hauke Mehrtens 2745f6afe6 curl: Use wolfssl by default
Instead of using mbedtls by default use wolfssl. We now integrate
wolfssl in the default build so use it also as default ssl library for
curl.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 21:00:43 +02:00
Hauke Mehrtens b5191f3366 curl: Fix build with wolfssl
Backport a commit from upstream curl to fix a problem in configure with
wolfssl.

checking size of time_t... configure: error: cannot determine a size for time_t

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 21:00:42 +02:00
Adrian Schmutzler e7c235612b uboot-at91: harmonize indent in Makefile
The indent in Makefile is mixed, harmonize it where reasonable.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-25 19:28:42 +02:00
Adrian Schmutzler 2f92e1d418 at91bootstrap: harmonize indent in Makefiles
The indent in Makefiles is mixed, harmonize it where reasonable.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-25 19:28:42 +02:00
Adrian Schmutzler 7f1540cc46 at91: introduce vendor_model scheme and drop board names
This introduces the vendor_model scheme to this target in order to
harmonize device names within the target and with the rest of
OpenWrt. In addition, custom board names are dropped in favor
of the generic script which takes the compatible.

Use the SUPPORTED_DEVICES variable to store the compatible where it
deviates from the device name, so we can use it in build recipes.

While at it, harmonize a few indents as well.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-25 19:28:42 +02:00
Sandeep Sheriker M abf6c288c1 uboot-at91: bump version to linux4sam-2020.04
Bump version to linux4sam-2020.04 and add patch to fix Wformat-security
warnings.

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2020-08-25 19:28:42 +02:00
Sandeep Sheriker M 9b36ca8032 at91bootstrap: bump version to v3.9.3
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2020-08-25 19:28:42 +02:00
Felix Fietkau e12ac40552 mt76: update to the latest version
f0beb7cbc443 mt76: mt7663u: fix memory leaks in mt7663u_probe
90c8422d3f56 mt76: mt7915: fix typo in function name
9cbbe4a30eaf mac80211: simplify TX aggregation start
974486ec2642 util: in worker setup, only overwrite function pointer if not NULL
519510277a8b mt76: initialize tx worker function earlier
3c361b1e3f4e mt76: mt7663u: fix dma header initialization
e8d489647c7f mt76: usb: fix use of q->head and q->tail
8124daf53130 mt76: sdio: fix use of q->head and q->tail
3c2cd8580377 mt76: unify queue tx cleanup code
780cdabb8659 mt76: remove qid argument to drv->tx_complete_skb
05aa857861fc mt76: remove swq from struct mt76_sw_queue
e861cb051833 mt76: rely on AQL for burst size limits on tx queueing
3218b914a2fb mt76: remove struct mt76_sw_queue
23529b5e93c1 mt76: mt7603: tune tx ring size
f6ca436ebea4 mt76: mt76x02: tune tx ring size
97e65131440c mt76: mt7603: check for single-stream EEPROM configuration
957b6c5ac273 mt76: mt7615: fix MT_ANT_SWITCH_CON register definition
96a541eedda9 mt76: mt7615: fix antenna selection for testmode tx_frames
b36d7ae096a3 mt76: mt7603: move number of streams detection to eeprom init

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-25 14:12:51 +02:00
Hauke Mehrtens a69949a13f firewall: Fix PKG_MIRROR_HASH
Fixes: 6c57fb7aa9 ("firewall: bump to version 2020-07-05")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-24 18:54:00 +02:00
Magnus Kroken 201d6776a0 mbedtls: update to 2.16.7
Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch,
and provides bug fixes and minor enhancements. This release includes
fixes for security issues and the most severe one is described in more
detail in a security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07

* Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
* Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private
key that didn't include the uncompressed public key), as well as
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
f_rng argument. An attacker with access to precise enough timing and
memory access information (typically an untrusted operating system
attacking a secure enclave) could fully recover the ECC private key.
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
macros).

Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some
changes to the download URLs are required. For the time being, the
ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[Use https://codeload.github.com and new tar.gz file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-24 18:54:00 +02:00
Rosen Penev 161fe0b662 exfat: update to 5.8.7
93e2334 exfat: fix build error on linux-5.4,5.5 kernel
01a7b8c exfat: fix name_hash computation on big endian systems
8f92bc0 exfat: fix wrong size update of stream entry by typo

Removed commented material that was for testing compilation.

Removed patch as the error was fixed upstream. First entry above.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-24 18:53:59 +02:00
mohammad rasim 785c7d9b16 kernel: add ar5523 driver
The driver currently only support managed and monitor mode

Changes since v1:
- drop the @DRIVER_11N_SUPPORT dependency

Signed-off-by: mohammad rasim <mohammad.rasim96@gmail.com>
2020-08-24 18:53:59 +02:00
Josef Schlehofer e742a31f07 ipset: update to version 7.6
Changelog:
https://ipset.netfilter.org/changelog.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-08-24 18:53:59 +02:00
Josef Schlehofer ed381e2fb2 linux-firmware: add support for Marvell SDIO 8997
For example, Turris MOX SDIO card is using Marvell (NXP) 88W8997 chip.

Technical specs of 88W8997:
- 28nm
- 802.11 ac wave-2
It should support simultaneous dual-band 2.4 GHz and 5 GHz,
but it requires to support multiSSID for one Wi-Fi card [1], which is
not supported in OpenWrt, yet and if we tried to run two instances of
hostapd, it didn't work well, so it's 2.4 GHz or 5 GHz.
- 2x2 MU-MIMO
- Bluetooth 5.1 with LE support
- Unfortunately, there can be connected only 8 clients at the same time
(limited by FW, however, there exists "enterprise" chip, its equal chip,
it is just different that it uses different FW)

Symlink is necessary as mwifiex_sdio tries to load sd8997_uapsta.bin
[   13.651182] mwifiex_sdio mmc0:0001:1: Direct firmware load for mrvl/sd8997_uapsta.bin failed with error -2
[   13.661065] mwifiex_sdio mmc0:0001:1: Falling back to user helper
[   13.684880] firmware mrvl!sd8997_uapsta.bin: firmware_loading_store: map pages failed
[   13.695910] mwifiex_sdio mmc0:0001:1: Failed to get firmware mrvl/sd8997_uapsta.bin
[   13.703774] mwifiex_sdio mmc0:0001:1: info: _mwifiex_fw_dpc: unregister device

Pali Rohár sent two patches [2] [3] into kernel to fix default firmware name for SD8997, so
the symlink will not be required in the future versions of kernel, which
was accepted and right now, according to my details it was backported to 5.8, 5.7 and 5.4

[1] https://bugs.openwrt.org/index.php?do=details&task_id=3243
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=00eb0cb36fad5
[3] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2e1fcac52a9ea

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-08-24 18:53:59 +02:00
Josef Schlehofer 18aca6b17d linux-firmware: update to version 20200817
git log --pretty=oneline --abbrev-commit 20200619..20200817
7a30af1 (HEAD -> master, tag: 20200817, origin/master, origin/main, origin/HEAD) Merge branch 'i915-firmware-updates-08-2020' of git://anongit.freedesktop.org/drm/drm-firmware into main
923bfa6 brcm: Add brcmfmac43455-sdio.raspberrypi,3-model-a-plus.txt symlink
33e11ab rtl_bt: Update RTL8822C BT UART firmware to 0x0599_8A4F
1b81373 i915: Add DMC firmware 2.02 for RKL
bdf8d7a i915: Add DMC firmware 2.08 for TGL
1bcdc9a i915: Add HuC firwmare v7.5.0 for TGL
c331aa9 amdgpu: update vega20 firmware for 20.30
a434387 amdgpu: update vega12 firmware for 20.30
49e9ea8 amdgpu: update vega10 firmware for 20.30
d89e9b1 amdgpu: update renoir firmware for 20.30
373c08a amdgpu: update raven2 firmware for 20.30
69ca06e amdgpu: update raven firmware for 20.30
12042c2 amdgpu: update picasso firmware for 20.30
2c9d97a amdgpu: update navi14 firmware for 20.30
eaa3e55 amdgpu: update navi10 firmware for 20.30
9bc3789 linux-firmware: update NXP SDSD-8997 firmware image
6c79b68 Mellanox: Add new mlxsw_spectrum firmware xx.2008.1036
2b823fc (tag: 20200721) linux-firmware: Update AMD SEV firmware
e33306f Merge branch 'qca_0714' of https://github.com/bgodavar/qca_bt_fw into main
1d1c80b Update to 20200629111339 version to aligh SDK. Mainly fix DFS false alarm.
69c7f0b rtl_nic: update firmware for RTL8125B
f39b687 Update binary firmware for MT7663 based devices to include firmware offload feature and low power feature.
3882702 QCA: Add correct bin file for WCN3991
3d3a06f linux-firmware: Update firmware file for Intel Bluetooth AX201
b7849f7 linux-firmware: Update firmware file for Intel Bluetooth AX200
07b0375 linux-firmware: Update firmware file for Intel Bluetooth 9560
44bf1b1 linux-firmware: Update firmware file for Intel Bluetooth 9260
7169ab3 linux-firmware: wilc1000: add wilc1000 v15.4 FW
b1497fc Merge https://github.com/rjliao-qca/qca-btfw into main
c4e04b4 QCA: Update Bluetooth firmware for QCA6390
74ac3b5 Merge https://github.com/bgodavar/qca_wcn3991 into main
1a0c0c2 amdgpu: add UVD firmware for SI asics
24cc617 QCA: Update WCN3991 FW files

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-08-24 18:53:59 +02:00
Adrian Schmutzler cc501ab021 kernel: set WATCHDOG_CORE dependency in kmod-hwmon-sch5627
For many target we have added CONFIG_WATCHDOG_CORE=y to the target
config due to the following error:

 Package kmod-hwmon-sch5627 is missing dependencies for the following
 libraries:
 watchdog.ko

However, actually the proper way appears to be setting the
dependency for the kmod-hwmon-sch5627 package, as the error message
demands.

Do this in this patch and remove the target config entries added
due to this issue.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-24 14:09:11 +02:00
Daniel Golle 2eaf03b4d8 busybox: fix typo in Makefile
'conffiiles' -> 'conffiles'

Fixes: 2e06f8ae24 ("busybox: add selinux variant")
Reported-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-23 23:59:37 +01:00
Paul Spooren aeea91d5ee f2fs-tools: add selinux variant
This variant is build with `libselinux` and required to set labels
during runtime.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-23 23:37:08 +01:00
Paul Spooren 2e06f8ae24 busybox: add selinux variant
This commit adds a `selinux` variant which comes with with a number of
SELinux applets and also SELinux label support.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-23 23:37:08 +01:00
Hans Dedecker f75c70aeca nat46: update to latest git HEAD
362640b nat46-module: fix compilation with kernel 5.6

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-23 20:08:44 +02:00
Hans Dedecker 4358373e69 curl: disable zstd support
Fixes package libcurl build issue :

Package libcurl is missing dependencies for the following libraries:
libzstd.so.1

Suggested-by: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-23 11:03:40 +02:00
Felix Fietkau b52b4afa15 mt76: update to the latest version
8027c7d95274 mt76: mt7615: fix reading airtime statistics
3743e7c904de mt76: mt7915: optimize mt7915_mac_sta_poll
d2fe5e8330c6 mt76: mt7915: fix variable initialization in sta poll
692065b4c9db mt76: mt7915: only enable hw amsdu for AP and station
b54157df7c27 mt7615: update firmware to version 20200814
888990e159d2 mt76: use threaded NAPI
3a3306e408f2 mt76: mt7915: add 802.11 encap offload support
795b772cd392 mt76: mt7915: add encap offload for 4-address mode stations
55d79ab7fa23 mt76: dma: update q->queued immediately on cleanup
23dbd64d6324 mt76: mt7915: schedule tx tasklet in mt7915_mac_tx_free
5cf34cda70af mt76: mt7915: significantly reduce interrupt load
87a69429069f mt76: add utility functions for deferring work to a kernel thread
2f1318a06d0a mt76: convert from tx tasklet to tx worker thread
72f0979566be mt76: mt7915: add support for accessing mapped registers via bus ops
f9ce5c776c9a mt76: use ieee80211_rx_list to pass frames to the network stack as a batch
25dd8bdae3bf mt76: mt7615: significantly reduce interrupt load
7c5445dec812 mt76: mt7615: release mutex in mt7615_reset_test_set
e68c3e254822 mt76: mt7663s: use NULL instead of 0 in sdio code
4368380e20e7 mt76: mt7663s: fix resume failure
bea386f27914 mt76: mt7663s: fix unable to handle kernel paging request
b8780c44c716 mt76: mt7615: fix possible memory leak in mt7615_tm_set_tx_power
37a1c7ed6796 mt76: mt7615: fix a possible NULL pointer dereference in mt7615_pm_wake_work
8c7c1a207d25 mt76: fix a possible NULL pointer dereference in mt76_testmode_dump

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-22 21:24:10 +02:00
Felix Fietkau e7f7101182 mac80211: rework encapsulation offload support
Fix a number of deficiencies in the existing API

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-22 07:02:01 +02:00
Josef Schlehofer 17d16e093f curl: update to version 7.72.0
Changes in this version can be found here:
https://curl.haxx.se/changes.html#7_72_0

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-08-21 21:25:56 +02:00
Felix Fietkau 010682067b mac80211: add missing return code checks in AQL improvements
Fixes throughput issues with some drivers (e.g. ath10k)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-21 18:29:52 +02:00
Hauke Mehrtens 5efe459012 kernel: wpan: Add kmod-ca8210
This device is found on the pistachio marduk board.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-21 11:46:13 +02:00
Hauke Mehrtens b0751d4c0f kernel: wpan: Add missing AUTOLOAD to load kernel module
These kernel modules were not loaded automatically, fix this by adding
the AUTOLOAD definition.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-21 11:46:13 +02:00
David Bauer aa403a440a dnsmasq: abort dhcp_check on interface state
Abort the dhcp-check based on the interface instead of the carrier
state. In cases where the interface is up but the carrier is down,
netifd won't cause a dnsmasq reload, thus dhcp won't become active
on this interface.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-08-20 23:45:26 +02:00
Remi NGUYEN VAN bcf0704bd2 map: rename type to maptype (FS#3287)
"type" is already used as a common option for all protocols types, so
using the same option name for the map type makes the configuration
ambiguous. Luci in particular adds controls for both options and sees
errors when reading the resulting configuration.

Use "maptype" instead, but still fallback to "type" if "maptype" is not
set. This allows configurations to migrate without breaking old
configurations.

This addresses FS#3287.

Signed-off-by: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-08-19 21:14:00 +02:00
Adrian Schmutzler 18ab496c32 ltq-dsl-base: remove useless echos in lantiq_dsl.sh
The is no reason to catch the output by $() and then echo it again.

Remove the useless echos.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-17 23:25:41 +02:00
Remi NGUYEN VAN 1e696c6ced map: add a legacymap option
The legacy map version based on the IPv6 Interface Identifier in
draft-ietf-softwire-map-03 was typically used by uncommenting the LEGACY
variable in the map.sh file, which is not ideal. A proper configuration
option is needed instead.

The IPv6 Interface Identifier format described in the draft was
eventually changed in RFC7597, but is still used by some major ISPs,
including in Japan.

Signed-off-by: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-08-15 20:37:02 +02:00
Rui Salvaterra 763ce13b0b dropbear: allow disabling support for scp
If not needed, disabling scp allows for a nice size reduction.

Dropbear executable size comparison:

153621 bytes (baseline)
133077 bytes (without scp)

In other words, we trim a total of 20544 bytes.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-08-15 20:25:08 +02:00
Tomasz Maciej Nowak ebf71533f9 ath79: add support for ALLNET ALL-WAP02860AC
ALLNET ALL-WAP02860AC is a dual-band wireless access point.

Specification
SoC: Qualcomm Atheros QCA9558
RAM: 128 MB DDR2
Flash: 16 MB SPI NOR
WIFI: 2.4 GHz 3T3R integrated
      5 GHz 3T3R QCA9880 Mini PCIe card
Ethernet: 1x 10/100/1000 Mbps AR8035-A, PoE capable (802.3at)
LEDS: 5x, which four are GPIO controlled
Buttons: 1x GPIO controlled
UART: 4 pin header near Mini PCIe card, starting count from white
      triangle on PCB
      1. VCC 3.3V, 2. GND, 3. TX, 4. RX
      baud: 115200, parity: none, flow control: none

MAC addresses
Calibration data does not contain valid MAC addresses.
The calculated MAC addresses are chosen in accordance with OEM firmware.

Because of:
a) constrained environment (SNMP) when connecting through Telnet
   or SSH,
b) hard-coded kernel and rootfs sizes,
c) checksum verification of kerenel and rootfs images in bootloder,

creating factory image accepted by OEM web interface is difficult,
therefore, to install OpenWrt on this device UART connection is needed.
The teardown is simple, unscrew four screws to disassemble the casing,
plus two screws to separate mainboard from the casing.
Before flashing, be sure to have a copy of factory firmware, in case You
wish to revert to original firmware.

Installation
1. Prepare TFTP server with OpenWrt initramfs-kernel image.
2. Connect to LAN port.
3. Connect to UART port.
4. Power on the device and when prompted to stop autoboot, hit any key.
5. Alter U-Boot environment with following commands:
    setenv failsafe_boot bootm 0x9f0a0000
    saveenv
6. Adjust "ipaddr" and "serverip" addresses in U-Boot environment, use
   'setenv' to do that, then run following commands:
    tftpboot 0x81000000 <openwrt_initramfs-kernel_image_name>
    bootm 0x81000000
7. Wait about 1 minute for OpenWrt to boot.
8. Transfer OpenWrt sysupgrade image to /tmp directory and flash it
   with:
    sysupgrade -n /tmp/<openwrt_sysupgrade_image_name>
9. After flashing, the access point will reboot to OpenWrt. Wait few
   minutes, until the Power LED stops blinking, then it's ready for
   configuration.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[add MAC address comment to commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-15 15:58:39 +02:00
Felix Fietkau 6bdd4c967b mac80211: add missing backports for building with 4.14 kernels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-14 17:27:31 +02:00
Daniel Golle bda1c127cc libselinux: fix Makefile style
Also fix line order in libselinux Makefile.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-14 02:43:31 +01:00
Daniel Golle 0133160177 libsepol: fix Makefile style
Fix line ordering (cosmetic).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-14 02:42:25 +01:00
Daniel Golle 4469e45f60 pcre: clean up Makefile line order
The most recent patch added add lines in one block instead of in the
appropriate places to keep Makefiles in consistent style. Fix that.

Fixes: ff02e1561f ("pcre: add host variant of libpcre")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-14 02:42:25 +01:00
Thomas Petazzoni ff02e1561f pcre: add host variant of libpcre
This is needed to build the host variant of libselinux.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-14 02:29:03 +01:00
Felix Fietkau 072c5876c5 libselinux: fix build on non-Linux systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-13 20:08:29 +02:00
Felix Fietkau 2a9fb827aa libsepol: fix build on non-Linux systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-13 20:08:29 +02:00
Felix Fietkau 431fb8cae9 mac80211: add AQL improvements
Add AQL support for HE drivers.
Improve assumed aggregation length based on tx rate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-13 17:57:19 +02:00
Felix Fietkau 6bee8f2865 mt76: update to the latest version
34aed01ca865 mt76: mt7915: use ieee80211_free_txskb to free tx skbs
efc8669db5f9 mt76: mt7915: fix max_mpdu_size field for A-MSDU

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-13 17:57:19 +02:00
Daniel Golle ff6b815691 libselinux: don't depend on kernel config symbols
Dependencies are meant to express actual run-time dependencies and
strictly speaking, libselinux can be build and used on kernels without
SELinux (not in a very meaningful way, but never mind).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 14:07:18 +01:00
Daniel Golle 74dfe25d41 procd: remove duplicate confguration menu
Fixes: 962e73c1a4 ("procd: add selinux variant")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 14:07:18 +01:00
Daniel Golle 0709f6e798 iproute2: disable SELinux for now
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 14:03:07 +01:00
Daniel Golle ab4c6f1632 musl-fts: import from packages feed
libselinux requires musl-fts to build with musl. Import it from
packages feed as well.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 11:44:05 +01:00
Daniel Golle e16b84df15 pcre: import from packages feeds
libselinux require pcre, import to to core so it can build without
packages feeds.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 11:28:28 +01:00
Paul Spooren 962e73c1a4 procd: add selinux variant
This commit adds a `selinux` variant to `procd` allowing to load an
SELinux policy at boot.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 09:53:50 +01:00
Thomas Petazzoni a0df664531 libselinux: add new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-13 09:31:34 +01:00
Thomas Petazzoni 6531eee347 libsepol: add new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-13 09:31:34 +01:00
Ansuel Smith 87e92d50e5 kernel: usb: move phy-qcom-ipq806x-usb to ipq806x modules.mk
This driver is only used by ipq806x SoCs. Move it there and drop
dependency from ipq40xx since it's not used anywere.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[rebase on changes to previous patches]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Paul Blazejowski <paulb@blazebox.homeip.net> [R7800]
2020-08-13 02:12:12 +02:00
Ansuel Smith 0c45ad41e1 ipq806x: replace phy dwc3 patch with upstream version
- Replace dwc3 phy patch with upstream version
- Rework the dts to use the upstream bindings
- Update changed config flags
- Rename module to reflect config name

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[fix qcom,tx-deamp_3_5db typo, refresh patches, rename kmod]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Paul Blazejowski <paulb@blazebox.homeip.net> [R7800]
2020-08-13 02:12:12 +02:00
Rui Salvaterra e5eeb34a8c dropbear: fix ssh alternative when dbclient isn't built
The ssh symlink was still being created even when dbclient was disabled in the
build configuration. Fix this annoyance.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-08-12 21:57:37 +02:00
Felix Fietkau 37615174f5 mt76: update to the latest version
8d9a62e4def7 mt76: mt7915: fix crash on tx rate report for invalid stations
825343467df4 mt76: fix double DMA unmap of the first buffer on 7615/7915
99804560372b mt76: mt7615: register ext_phy if DBDC is detected
93407be934b2 mt76: mt7615: move drv_own/fw_own in mt7615_mcu_ops
e7774de844e8 mt76: mt7663s: move drv_own/fw_own in mt7615_mcu_ops
a5602514ab03 mt76: mt7615: hold mt76 lock queueing wd in mt7615_queue_key_update
5c42061ce181 mt76: do not inject packets if MT76_STATE_PM is set
ae4757a0ae90 mt76: mt7615: reschedule runtime-pm receiving a tx interrupt
c4544d1e8a1a mt76: mt76s: fix oom in mt76s_tx_queue_skb_raw
dc73103874cc mt76: mt76s: move tx processing in a dedicated wq
c828c84cb134 mt76: mt7663s: move rx processing in txrx wq
2b34f2f6b0ef mt76: mt76s: move status processing in txrx wq
f957b050d848 mt76: mt76s: move tx/rx processing in 2 separate works
6fe964295bd9 mt76: mt76s: get rid of unused variable
43d6127d8851 mt76: mt7915: enable U-APSD on AP side
58774b605f1c mt76: set interrupt mask register to 0 before requesting irq
06f722d8046c mt76: mt7915: clean up and fix interrupt masking in the irq handler
2fbd6baac103 mt76: mt7615: only clear unmasked interrupts in irq tasklet
5ea8b6187da2 mt76: mt76x02: clean up and fix interrupt masking in the irq handler
f2e71f0c1b7e mt76: mt7615: do not do any work in napi poll after calling napi_complete_done()
1eb94624bb12 mt76: mt7915: do not do any work in napi poll after calling napi_complete_done()
5e0c587b9ac1 mt76: mt7915: clean up station stats polling and rate control update
9ab20dfbf7b1 mt76: mt7915: increase tx retry count
fa69dd96f9c0 mt76: mt7915: enable offloading of sequence number assignment
9816f9812adb mt76: move mt76_check_agg_ssn to driver tx_prepare calls
ad90170b0af9 mt76: mt7615: remove mtxq->agg_ssn assignment
335cd51be4c6 mt76: mt7915: simplify aggregation session check
21f7734cbb49 mt76: mt7915: add missing flags in WMM parameter settings
21182f90d947 mt76: mt7915: add Tx A-MSDU offloading support
27670514328f mt76: mt7615: use v1 MCU API on MT7615 to fix issues with adding/removing stations

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-12 12:31:00 +02:00
Michael Yartys 91aab77bf1 ath10k-ct-firmware: update firmware images
Not a large change from last time, but should fix at least one rare wave-2
crash. The htt-mgt-community builds are trimmed for supporting lots of
stations (typically 150+ stations per radio).

Tested on Netgear R7800.

Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-08-12 11:50:48 +02:00
Adrian Schmutzler 7de3daa997 treewide: bump PKG_RELEASE after replacing `which`
Bump PKG_RELEASE for the affected packages as replacing "which" by
"command -v" represents a content change.

Fixes: 1fdf6b745c ("treewide: replace `which` with `command -v`")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:17:22 +02:00
Paul Spooren 1fdf6b745c treewide: replace `which` with `command -v`
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.

Using `command -v` is POSIX compliant while `which` is not.  Also to
mention, `command -v` is a shell builtin whereas `which` is a separate
busybox applet.

Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.

Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Paul Spooren <mail@aparcar.org>
[also replace cases in zram-swap]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:08:05 +02:00
Magnus Kroken 4165232c45 busybox: delete redundant patch
This problem has been fixed in upstream commit
6b6a3d9339f1c08efaa18a7fb7357e20b48bdc95. This patch now (harmlessly)
adds the same definition a second time.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:08:05 +02:00
David Woodhouse 0002d177e4 uboot-mediatek: resync patches with upstream
Now that my patches have been merged into upstream U-Boot, resync the
cosmetic changes and the commit IDs from the final commits.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-08-12 11:08:05 +02:00
Rosen Penev b59a98b009 libjson-c: fix pkgconfig file
The pkgconfig file references the host directories, not the openwrt
ones. Used SED to fix as is done elsewhere. Removed CMAKE_INSTALL as a
result.

Removed now pointless CFLAGS.

Added PKG_BUILD_PARALLEL for faster compilation.

Various rearrangements for consistency between packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-11 21:29:44 +02:00
Hans Dedecker 5e512cc9c1 ppp: update to latest git HEAD
677aa53 Fix -W option for pppoe-discovery utility (#157)
115c419 Accept Malformed Windows Success Message (#156)
5bdb148 pppd: Add documentation of stop-bits option to pppd man page (#154)
2a7981f Add ipv6cp-accept-remote option
0678d3b pppd: Fix the default value for ipv6cp-accept-local to false

Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-11 21:27:07 +02:00
Hauke Mehrtens 0a864f20fb bintuils: Pack libctf-nobfd.so in addition
readelf is linked against this library on MIPS64BE
This fixes a build problem on MIPS64BE.

In addition also explicitly activate it in the configure command.

Fixes: 60f595daab ("binutils: update to version 2.34")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-10 23:02:37 +02:00
Hauke Mehrtens fce0f1501b mac80211: Update to version 5.8
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-10 19:34:37 +02:00
Christoph Krapp d32010d5ff uboot-envtools: ath79: add ZyXEL NBG6616 uboot env support
This adds support for ZyXEL NBG6616 uboot-env access

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
2020-08-10 18:37:47 +02:00
Adrian Schmutzler d4ac0ad543 treewide: make dependency on kmod-usb-net selective
A bunch of kernel modules depends on kmod-usb-net, but does not
select it. Make AddDepends/usb-net selective, so we can drop
some redundant +kmod-usb-net definitions for DEVICE_PACKAGES.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-10 12:54:30 +02:00
Thomas Petazzoni 12178be465 procd: add SELinux support
This commit adds a patch to procd to support loading the SELinux
policy early at boot time, and adjusts the procd package to use this
SELinux support when libselinux is enabled.

The procd patch has been submitted separately [1]: obviously the
intent is to have it merged in the procd Git repository rather than
have it in OpenWrt itself.

[1] http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025791.html

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[split commit into openwrt.git and procd.git]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-10 09:54:50 +01:00
Daniel Golle cfe235c436 kernel: modules: add package kmod-iosched-bfq
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-10 09:52:31 +01:00
Christoph Krapp eb95ca3b5c uboot-envtools: ar71xx: add ZyXEL NBG6616 uboot env support
This adds support for ZyXEL NBG6616 uboot-env access

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
[add "ar71xx" to commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-09 23:57:17 +02:00
Felix Fietkau eff8c76aa0 mac80211: fix spurious disconnect issues with disassoc_low_ack=1 (default)
mac80211 reports a packet loss event to user space when 50 consecutive packets
were not acked. On a high throughput link with long aggregates and sudden
link changes, this can trigger way too easily.
Mitigate false positives by only triggering the event on a packet loss if
no ACK was received for at least a second

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-09 14:01:49 +02:00
David Bauer 1bfba18a36 mac80211: exchange mesh 6GHz IE patch for upstream accepted
Exchange the patch fixing the kernel ringbuffer WARNING flood for the
one accepted upstream.

Fixes commit a956c14d6a ("mac80211: util: don't warn on missing sband
iftype data")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-08-08 10:31:57 +02:00
Jo-Philipp Wich bc1c9fdc20 hostapd: recognize option "key" as alias for "auth_secret"
The hostapd configuration logic is supposed to accept "option key" as
legacy alias for "option auth_secret". This particular fallback option
failed to work though because "key" was not a registered configuration
variable.

Fix this issue by registering the "key" option as well, similar to the
existing "server" nad "port" options.

Ref: https://github.com/openwrt/openwrt/pull/3282
Suggested-by: Michael Jones <mike@meshplusplus.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-07 21:19:29 +02:00
Jo-Philipp Wich 321503dbf3 hostapd: make "key" option optional if "wpa_psk_file" is provided
If an existing "wpa_psk_file" is passed to hostapd, the "key" option may
be omitted.

While we're at it, also improve the passphrase length checking to ensure
that it is either exactly 64 bytes or 8 to 63 bytes.

Fixes: FS#2689
Ref: https://github.com/openwrt/openwrt/pull/3283
Suggested-by: Michael Jones <mike@meshplusplus.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-07 21:04:02 +02:00
David Bauer a4e72013e7 exfat: add dependency on nls-base
Add a dependency on kmod-nls-base for the new exfat driver. Otherwise
the build fails on ramips and ath79 on kernel 5.4:

Package kmod-fs-exfat is missing dependencies for the following libraries:
nls_base.ko

Fixes commit cd41234d2f ("exfat: add out of tree module")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-08-07 16:51:58 +02:00
Adrian Schmutzler 1d5b08ca51 om-watchdog: fix board name for teltonika,rut5xx
The board name is equivalent to the compatible, not the device
definition. Fix it.

Fixes: b4588c8538 ("kernel/om-watchdog: Apply device renames from ramips")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-07 16:30:55 +02:00
Hans Dedecker f74edb3e95 nat46: update to latest git HEAD
71e9f09 nat46-core: fix compilation with kernel 5.4

Remove 100-kernel-5.4-compat patch as upstream accepted

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-07 13:40:26 +02:00
Petr Štetiar c487cf8e94 hostapd: add wpad-basic-wolfssl variant
Add package which provides size optimized wpad with support for just
WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
[adapt to recent changes, add dependency for WPA_WOLFSSL config]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-07 12:02:19 +02:00
Jo-Philipp Wich 4a6795409d base-files: functions.sh: fix config_get() on invalid identifiers
When passing a section or option value to config_get() which contains
characters that happen to be valid variable interpolation expressions,
the function returns a nonsensical expression result instead of the
expected empty string.

When the passed section or option name contains other characters which
are not valid within a shell variable name, a substitution error is
occuring instead.

The issue can be easily reproduced by one of the following examples:

    root@OpenWrt:~# . /lib/functions.sh
    root@OpenWrt:~# config load system
    root@OpenWrt:~# config_get variable invalid-section option
    root@OpenWrt:~# echo "$variable"
    section_option:-

    root@OpenWrt:~# . /lib/functions.sh
    root@OpenWrt:~# config load system
    root@OpenWrt:~# config_get variable section invalid-option
    root@OpenWrt:~# echo "$variable"
    option:-

    root@OpenWrt:~# . /lib/functions.sh
    root@OpenWrt:~# config load system
    root@OpenWrt:~# config_get variable section invalid@option
    -ash: eval: syntax error: bad substitution

Fix this issue by only performing interpolations when the given section
and option arguments are free of illegal characters.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-07 11:05:16 +02:00
Yousong Zhou 064dc1e81b dnsmasq: abort when dnssec requested but not available
Before this commit, if uci option "dnssec" was set, we pass "--dnssec"
and friends to dnsmasq, let it start and decide whether to quit and
whether to emit message for diagnosis

  # dnsmasq --dnssec; echo $?
  dnsmasq: DNSSEC not available: set HAVE_DNSSEC in src/config.h
  1

DNSSEC as a feature is different from others like dhcp, tftp in that
it's a security feature.  Better be explicit.  With this change
committed, we make it so by not allowing it in the first in the
initscript, should dnsmasq later decides to not quit (not likely) or
quit without above explicit error (unlikely but less so ;)

So this is just being proactive.  on/off choices with uci option
"dnssec" are still available like before

Link: https://github.com/openwrt/openwrt/pull/3265#issuecomment-667795302
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-08-07 15:56:30 +08:00
Jo-Philipp Wich 11ea7ba698 Revert "dsaconfig: introduce package for UCI configuration of VLAN filter rules"
This reverts commit 96b87196b0.

This commit was not meant to go into master.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-06 19:13:43 +02:00
Jo-Philipp Wich f85bc0d77d Revert "add vfconfig"
This reverts commit 34553e8cc9.

This commit was not meant to go into master.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-06 19:13:21 +02:00
Daniel Golle 48f2596e78 procd: update to git HEAD
47a9f0d service: add method to query available container features
 afbaba9 initd: attempt to mount cgroup2
 ead60fe jail: use pidns semantics also for timens
 759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
 83053b6 instance: add instances into unified cgroup hierarchy
 16159bb jail: parse OCI cgroups resources
 282ff0c jail: only free cgroups if they were allocated
 ab55357 jail: fix freeing cgroups avl

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 16:17:37 +01:00
Daniel Golle 728a0c68d1 Revert "procd: update to git HEAD"
This reverts commit e0e607f0d0.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 16:17:37 +01:00
Davy Hollevoet 394f54ee62 ath79/nand: add support for Netgear WNDR4300TN
This patch adds support for the WNDR4300TN, marketed by Belgian ISP
Telenet. The hardware is the same as the WNDR4300 v1, without the
fifth ethernet port (WAN) and the USB port. The circuit board has
the traces, but the components are missing.

Specifications:
* SoC: Atheros AR9344
* RAM: 128 MB
* Flash: 128 MB NAND flash
* WiFi: Atheros AR9580 (5 GHz) and AR9344 (2.4 GHz)
* Ethernet: 4x 1000Base-T
* LED: Power, LAN, WiFi 2.4GHz, WiFi 5GHz, WPS
* UART: on board, to the right of the RF shield at the top of the board

Installation:

* Flashing through the OEM web interface:
  + Connect your computer to the router with an ethernet cable and browse
    to http://192.168.0.51/
  + Log in with the default credentials are admin:password
  + Browse to Advanced > Administration > Firmware Upgrade in the Telenet
    interface
  + Upload the Openwrt firmware: openwrt-ath79-nand-netgear_wndr4300tn-squashfs-factory.img
  + Proceed with the firmware installation and give the device a few
    minutes to finish and reboot.

* Flashing through TFTP:
  + Configure your wired client with a static IP in the 192.168.1.x range,
    e.g. 192.168.1.10 and netmask 255.255.255.0.
  + Power off the router.
  + Press and hold the RESET button (the factory reset button on the bottom
    of the device, with the gray circle around it, next to the Telenet logo)
    and turn the router on while keeping the button pressed.
  + The power LED will start flashing orange. You can release the button
    once it switches to flashing green.
  + Transfer the image over TFTP:
    $ tftp 192.168.1.1 -m binary -c put openwrt-ath79-nand-netgear_wndr4300tn-squashfs-factory.img

Signed-off-by: Davy Hollevoet <github@natox.be>
[use DT label reference for adding LEDs in DTSI files]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-06 16:56:07 +02:00
Daniel Golle e0e607f0d0 procd: update to git HEAD
47a9f0d service: add method to query available container features
 afbaba9 initd: attempt to mount cgroup2
 ead60fe jail: use pidns semantics also for timens
 759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
 83053b6 instance: add instances into unified cgroup hierarchy
 16159bb jail: parse OCI cgroups resources

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 15:27:51 +01:00
Daniel Golle 2d9b653a2f libubox: update to git HEAD
9e52171 blobmsg: introduce BLOBMSG_CAST_INT64

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 15:27:51 +01:00
Felix Fietkau 3d731fc903 mac80211: merge performance improvement patches
Fix fq_codel performance issues
Add a new rx function for batch processing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-06 12:43:25 +02:00
Felix Fietkau b7727a8005 mac80211: fix AQL issues
- Remove bogus STA txq pending airtime underflow warning
- Improve tx airtime estimation for A-MPDU traffic

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-06 12:42:29 +02:00
Felix Fietkau 60f595daab binutils: update to version 2.34
Fixes perf on aarch64

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-06 12:42:16 +02:00
Felix Fietkau bab0d1c33c mt76: update to 2020-07-22
7bc58ca2b375 mt76: add missing lock configuring coverage class
43febd452110 mt76: mt7615: fix lmac queue debugsfs entry
0b9975254694 mt76: mt7615: fix hw queue mapping
4058595e146e mt76: overwrite qid for non-bufferable mgmt frames
49c7131dd0c5 mt76: mt76x02: do not access uninitialized NAPI structs
f185d90ec51c update mt7915 firmware to the latest version
0ed6a335ebc2 mt76: mt7615: re-enable offloading of sequence number assignment
2a52eabbddc5 mt76: usb: rely on mt76_for_each_q_rx
90fc1d8614e1 mt76: mt7663: introduce ARP filter offload
b57223dd01b9 mt76: mt7615: fix up typo in Kconfig for MT7663U
ec4057d685c0 mt76: add script for generating single-sku device tree data
769b030de636 mt76: add functions for parsing rate power limits from DT
1d2aedb248d0 mt76: extend DT rate power limits to support 11ax devices
a3e17ff8e624 mt76: mt7615: implement support for using DT rate power limits
a48a4ae32d48 mt76: allow more channels, allowed in ETSI domain
869ba618ef54 mt76: fix include in pci.h
b1ddec840aa4 mt76: rely on register macros
d6d9a7ea428d mt76: add U-APSD support on AP side
ee13b78367db mt76: mt7615: fix EEPROM buffer size
82a94173b162 mt76: mt7915: add missing CONFIG_MAC80211_DEBUGFS
c0dbbd930d32 mt76: mt7615: add .set_tsf callback
84d54df76996 mt76: mt7915: add a fixed AC queue mapping
dacc2d29672d mt76: mt7915: add MU-MIMO support
1ce4660a0ea3 mt76: mt7915: use ieee80211_tx_queue_params to avoid open coded
53891242a682 mt76: mt7915: add support for DT rate power limits
b3a4d78914f6 mt76: mt7915: rework the flow of txpower setting
c6ea163c019b mt76: mt7915: directly read per-rate tx power from registers
8ae83adc73a8 mt76: mt7915: overwrite qid for non-bufferable mgmt frames
740b0bfdf279 mt76: mt76x2e: rename routines in pci.c
b5eee1b52234 mt76: mt7615: schedule tx tasklet and sta poll on mac tx free
72f34107248e mt76: mt7615: add support for accessing mapped registers via bus ops
46bc8a0b5347 mt76: mt7615: add support for accessing RF registers via MCU
882cec420609 mt76: mt7615: use full on-chip memory address for WF_PHY registers
b1ddb8e35ca2 mt76: vif_mask to struct mt76_phy
3a1ea7287eb2 mt76: add API for testmode support
d7467bc018e5 mt76: mt7615: implement testmode support
3ea5da1639fe add utility for using testmode support
6789a2db7246 mt7615: fix getting wideband RSSI in test mode
7941217ffe46 mt76: mt7915: remove unused parameters in mt7915_puts_rate_txpower()
13ab1d648684 mt76: mt7915: update HE capabilities
3f0e66dc25de mt76: mt76x2: fix pci suspend/resume on mt7612e
c605f2b6940b mt76: mt76x2u: enable HC-M7662BU1
ca2b797ee52d mt76: mt7915: avoid memcpy in rxv operation
dad3f93e8f6a mt76: mt7615: avoid polling in fw_own for mt7663
ec303bfad299 mt76: move mt76 workqueue in common code
0bf82270568a mt76: mt7615: add mt7615_pm_wake utility routine
091e9b5df6af mt76: mt7615: introduce mt7615_mutex_{acquire,release} utilities
e3850966d74c mt76: mt7615: wake device before accessing regmap in debugfs
e6dcb71d7992 mt76: mt7615: wake device before configuring hw keys
050f8cd9cbe7 mt76: mt7615: introduce pm_power_save delayed work
56779a6c7dec mt76: mt7615: wake device in mt7615_update_channel before access regmap
b0bcdd66ccaa mt76: mt7615: acquire driver_own before configuring device for suspend
58369fdce235 mt76: mt7615: wake device before performing freq scan
2c188db1f7c7 mt76: mt7615: add missing lock in mt7615_regd_notifier
6fdb20a025eb mt76: mt7615: run mt7615_mcu_set_wmm holding mt76 mutex
36a789c00e4f mt76: mt7615: run mt7615_mcu_set_roc holding mt76 mutex
b8cdce45c131 mt76: mt7615: wake device before pulling packets from mac80211 queues
82e8e0525d6c mt76: mt7615: wake device before pushing frames in mt7615_tx
65ccc40c14e1 mt76: mt7615: run mt7615_pm_wake in mt7615_mac_sta_{add,remove}
2107caf92e71 mt76: mt7615: check MT76_STATE_PM flag before accessing the device
28a2f5fa6eed mt76: mt7615: do not request {driver,fw}_own if already granted
94519eac69c3 mt76: mt7615: add runtime-pm knob in mt7615 debugfs
ccc90dafea66 mt76: mt7615: enable beacon hw filter for runtime-pm
29f2bebe1a1e mt76: mt7615: add idle-timeout knob in mt7615 debugfs
58057d1f232b mt76: mt7615: improve mt7615_driver_own reliability
a873b7c8e3de mt76: mt7663u: sync probe sampling with rate configuration
b469c59c616c mt76: mt7615: avoid scheduling runtime-pm during hw scan
f1ff52acb6a7 mt76: mt7615: reschedule ps work according to last activity
1f670a534451 mt76: mt7663u: fix memory leak in set key
afff00ad2b60 mt76: mt7663u: fix potential memory leak in mcu message handler
4c9309f47ddf mt76: mt7615: fix potential memory leak in mcu message handler
379445b4aa7f mt76: mt7915: potential array overflow in mt7915_mcu_tx_rate_report()
750797b61ba8 mt76: fix copy&paste error in mt76_testmode_cmd
f9a7a2f7dbc2 testmode: fix setting tx_power
1641aa201682 mt76: mt7615: fix mt7615_mcu_set_test_param set non-bool parameters
6838d002f9de mt76: mt7615: fix tx_frames setup
8c0a25d6a38c mt76: mt7615: take into account sdio bus configuring txwi
c0cbef79eb45 mt76: mt76u: add mt76_skb_adjust_pad utility routine
98412356c959 mt76: mt7615: sdio code must access rate/key regs in preocess context
fa16627d7e3a mt76: mt7615: introduce mt7663-usb-sdio-common module
bf88e70c7a68 mt76: introduce mt76_sdio module
aa97be8e02de mt76: mt7615: introduce mt7663s support
1eb8b7d689a3 mt76: testmode: fix tx_done accounting on enqueue failures
632ce698e8ee mt76: mt7615: fix antenna settings for test mode
4d2f622190b6 mt76: mt76s: move queue accounting in mt76s_tx_queue_skb
9a3723c8febc mt76: mt7915: fix potential memory leak in mcu message handler
88fa973f59c2 mt76: mt7615: fix possible memory leak in mt7615_mcu_wtbl_sta_add
2fff7d77befd mt76: mt76u: add missing release on skb in __mt76x02u_mcu_send_msg
b5df0fbb1847 mt7615: update firmware to version 20200629

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-06 12:41:50 +02:00
Felix Fietkau 25e0ae6bfc mac80211: make cfg80211 testmode support optional (and disabled by default)
Testmode commands are typically only used for manufacturing or vendor specific
debugging features, so they should not be in the default image

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-06 12:36:23 +02:00
Jo-Philipp Wich b92f54b919 openvpn: fix arguments passing to wrapped up and down scripts
With the introduction of the generic OpenVPN hotplug mechanism, wrapped
--up and --down scripts got the wrong amount and order of arguments passed,
breaking existing configurations and functionality.

Fix this issue by passing the same amount of arguments in the same expected
order as if the scripts were executed by the OpenVPN daemon directly.

Ref: https://github.com/openwrt/openwrt/pull/1596#issuecomment-668935156
Fixes: 8fe9940db6 ("openvpn: add generic hotplug mechanism")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-06 08:34:31 +02:00
Jo-Philipp Wich 34553e8cc9 add vfconfig
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-06 08:34:19 +02:00
Jo-Philipp Wich 96b87196b0 dsaconfig: introduce package for UCI configuration of VLAN filter rules
This package provides the necessary files to translate `config dsa_vlan`
and `config dsa_port` sections  of `/etc/config/network` into appropriate
bridge vlan filter rules.

The approach of the configuration is to bridge all DSA ports into a logical
bridge device, called "switch0" by default, and to set VLAN port membership,
tagging state and PVID as specified by UCI on each port and on the switch
bridge device itself, allowing logical interfaces to reference port VLAN
groups by using "switch0.N" as ifname, where N denotes the VLAN ID.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-06 08:34:19 +02:00
Rafał Miłecki 3d167ed805 uhttpd: update to the latest master
212f836 ubus: rename JSON-RPC format related functions
628341f ubus: use local "blob_buf" in uh_ubus_handle_request_object()
9d663e7 ubus: use BLOBMSG_TYPE_UNSPEC for "params" JSON attribute
77d345e ubus: drop unused "obj" arguments
8d9e1fc ubus: parse "call" method params only for relevant call

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-08-05 15:49:03 +02:00