Commit Graph

47482 Commits (a2cf87a7b1fa1566e2f8f6e2916b098339c19f71)

Author SHA1 Message Date
Hauke Mehrtens a2cf87a7b1 toolchain: glibc: Define minimum support kernel version as 4.14
This will compile glibc in a way that it will only support kernel 4.14
and later. Compatibility code for older kernel versions will be removed.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens 02c5019a35 toolchain: glibc: Update glibc to version 2.31
This updates glibc to the most recent version 2.31.

001-regex-read-overrun.patch was a backport from a more recent version
and is integrated in glibc 2.31.

050-Revert-Disallow-use-of-DES-encryption-functions-in-n.patch is needed
to add the DES crypto functions back again. They were removed in glibc
2.28, but we still use them in ppp.
musl lib also provides these DES crypto functions. Without them we would
have to link ppp against openssl or an other crypto library.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens ce1798e915 dante: Fix compile with glibc
When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.

This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1

Fixes: aaf46a8fe2 ("dante: disable sched_getscheduler() - not implemented in musl")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens 14c59a147c rbcfg: Add missing mode to open call
When open() is called with O_CREAT a 3. parameter has to be given with
the file system permissions of the new file.

Not giving this is an error, which results in a compile error with glibc.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
In file included from /include/fcntl.h:329,
                 from main.c:18:
In function 'open',
    inlined from 'rbcfg_update' at main.c:501:7:
/include/bits/fcntl2.h:50:4: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
    __open_missing_mode ();
    ^~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens 70a962ca6f upgs: Remove extra _DEFAULT_SOURCE definition
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
 #define _DEFAULT_SOURCE

<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens 7637b84fde busybox: backport Remove stime() function calls
glibc 2.31 does not provide stime() any more, backport a fix from
current busybox master to avoid using this function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:36 +02:00
Álvaro Fernández Rojas d27e2c67ed bcm63xx: switch to 5.4 kernel
Seems stable after 6 days of testing on some of my devices.
Let's switch to 5.4 in order to get more feedback.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-18 20:58:38 +02:00
Magnus Kroken d7e98bd7c5 openvpn: update to 2.4.9
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.

Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-04-18 20:34:08 +02:00
Hans Dedecker 5f126c541a binutils: add ALTERNATIVES for strings (FS#3001)
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-18 10:44:30 +02:00
Chuanhong Guo 19d9db5a96 ramips: mt7621: use lzma-loader for newifi d1/d2/thunder timecloud
These devices failed to properly extract kernel. enable lzma loader
for them.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-18 14:19:38 +08:00
Chuanhong Guo 1e5d014ba2 ramips: don't reuse KERNEL_DTB for lzma-loader
mt7621 overrides KERNEL_DTB to limit dictionary size, which isn't needed
for our lzma loader.
This saves 15KB on mt7621 devices using uimage-lzma-loader.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-18 13:40:31 +08:00
Chuanhong Guo 51c6b14092 ramips: mt7621: backport more pcie driver fixes
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-18 13:06:48 +08:00
Sungbo Eo 13a185bf8a ramips: increase spi-max-frequency for ipTIME mt7620 devices
This commit increases the hardware SPI frequency from 24.2MHz to 48.3MHz.

[    5.314163] m25p80 spi0.0: speed: 24166666/40000000, rate: 8, prescal: 2, loops: 226
[    5.076323] m25p80 spi0.0: speed: 48333333/50000000, rate: 4, prescal: 1, loops: 162

`time cat /dev/mtd2 >/dev/null` is reduced from 5.64s to 4.36s on A104ns,
and from 11.39s to 8.81s on A1004ns.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-04-18 12:35:54 +08:00
Sungbo Eo 9169482f64 ramips: add support for ipTIME A1004ns
ipTIME A1004ns is a 2.4/5GHz band AC750 router, based on MediaTek MT7620A.

Specifications:
- SoC: MT7620A
- RAM: DDR2 128MB
- Flash: SPI NOR 16MB
- WiFi:
  - 2.4GHz: SoC internal
  - 5GHz: MT7610EN
- Ethernet: 5x 10/100/1000Mbps
  - Switch: MT7530BU
- USB: 1x 2.0
- UART:
  - J2: 3.3V, TX, RX, GND (3.3V is the square pad) / 57600 8N1

Installation via web interface:
1.  Flash **initramfs** image through the stock web interface.
2.  Boot into OpenWrt and perform sysupgrade with sysupgrade image.

Revert to stock firmware:
1.  Perform sysupgrade with stock image.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-04-18 12:35:54 +08:00
René van Dorst d682dcc939 ramips: mt7621: Ubiquiti ER-X-SFP: fix gpio numbers for POE enable gpios
With v5.4 kernel a new gpio driver is used.
GPIO numbering has changed so update 03_gpio_switches too.

Signed-off-by: René van Dorst <opensource@vdorst.com>
2020-04-18 11:59:41 +08:00
René van Dorst 2fac1322f7 ramips: mt7621: Ubiquiti ER-X: fix gpio number for POE enable gpio
With v5.4 kernel a new gpio driver is used.
GPIO numbering has changed so update 03_gpio_switches too.

Signed-off-by: René van Dorst <opensource@vdorst.com>
2020-04-18 11:59:41 +08:00
DENG Qingfang d74fb0088c ramips: use all reserved space for HiWiFi HC5962
These stock partitons: "backup", "hw_panic", "overly", firmware_backup", "opt"
do not contain any device-specific data and can be used for /overlay, resulting in
121M space

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-04-18 11:52:12 +08:00
DENG Qingfang 7dc82528a2 ramips: increase HiWiFi HC5962 kernel partition to 4M
Increase kernel partition because 2M is insufficient for 5.4
Because the partition changes, previous version of OpenWrt cannot upgrade
to this version, and requires a new installation

Recovery to stock instruction:
1. Download stock firmware at
   http://ur.ikcd.net/HC5962-sysupgrade-20171221-b00a04d1.bin
2. Power off the router
3. Press and hold the reset button for 4~6 sec while power it back on
4. Connect a PC to router's LAN
5. Visit http://192.168.2.1 and upload the firmware

Then repeat the instruction in edae3479e6 to install OpenWrt

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-04-18 11:50:57 +08:00
Mantas Pucka 4745969ad7 generic: spi-nor: fix 4-byte opcode support for w25q256
There are 2 different chips (w25q256fv and w25q256jv) that share
the same JEDEC ID. Only w25q256jv fully supports 4-byte opcodes.
Use SFDP header version to differentiate between them.

Fixes broken reboot on 8devices Habanero since f0f35fdac

Signed-off-by: Mantas Pucka <mantas@8devices.com>
2020-04-18 11:37:06 +08:00
Magnus Kroken 02fcbe2f3d mbedtls: update to 2.16.6
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters

Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-04-17 23:43:01 +02:00
Petr Štetiar 23916bca61 kernel: bump 5.4 to 5.4.33
Refreshed patches, removed upstreamed patches:

 oxnas: 001-irqchip-versatile-fpga-Handle-chained-IRQs-properly.patch
 oxnas: 002-irqchip-versatile-fpga-Apply-clear-mask-earlier.patch

Run tested: qemu-x86-64, apalis
Build tested: x86/64, imx6, sunxi/a53

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 15:18:12 +02:00
Daniel Golle 0495324b9b mac80211: make sure existing iface belongs to correct (fullmac) phy
Some FullMAC cfg80211 wireless devices do not support virtual
interfaces, hence there is script logic to keep the existing network
device. Improve this to support renaming the interface if needed and
make sure the existing interface actually belongs to the right phy.
Change calls to 'iw' to avoid outputing warnings and errors to not
confuse users of such devices.

Also bump PKG_RELEASE which has been forgotten in the previous two
mac80211 changes.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-17 13:31:58 +01:00
David Bauer edf812e25c ath79: remove stray pipe
Fixes: 8918c038f3 ("ath79: add support for AVM FRITZ!WLAN Repeater 1750E")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-17 14:15:09 +02:00
Lucian Cristian 16ad4de2c0 elfutils: aarch64 fix build on musl
aarch64_initreg.c: In function 'aarch64_set_initial_registers_tid':
aarch64_initreg.c:85:37: error: invalid operands to binary & (have 'long double' and 'unsigned int')
     dwarf_fregs[r] = fregs.vregs[r] & 0xFFFFFFFF;
                      ~~~~~~~~~~~~~~ ^

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2020-04-17 13:43:34 +02:00
Petr Štetiar 8e99bbda19 uboot-sunxi: bump to 2020.04 relase
Refreshed patches, removed upstreamed patch:

 260-configs-a64-olinuxino-emmc-add-eMMC-boot-part-config.patch

Boot tested on a64-olinuxino-emmc.

Cc: Zoltan HERPAI <wigyori@uid0.hu>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 13:43:34 +02:00
Petr Štetiar 260a225ba4 uboot-imx6: bump to 2020.04 release
Refreshed all patches, run tested on apalis.

Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 13:43:34 +02:00
David Bauer 0f1b5ce2f5 mac80211: drop data frames without key on encrypted links
If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.

This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.

Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.

Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-17 13:27:40 +02:00
David Bauer 8918c038f3 ath79: add support for AVM FRITZ!WLAN Repeater 1750E
This commit adds support for the AVM Fritz!WLAN Repeater 1750E

SOC:	Qualcomm QCA9556 (Scorpion) 720MHz MIPS74Kc
RAM:    64MB Zentel A3R12E40CBF DDR2
FLASH:  16MiB Winbond W25Q128 SPI NOR
WLAN1:  QCA9556 2.4 GHz 802.11b/g/n 3x3
WLAN2:  QCA9880 5 GHz 802.11 n/ac 3x3
INPUT:  WPS button
LED:    Power, WiFi, LAN, RSSI indicator
Serial: Header Next to Black metal shield
        Pinout is 3.3V - RX - TX - GND (Square Pad is 3.3V)
        The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet
 - 2.4 GHz WiFi (correct MAC)
 - 5 GHz WiFi (correct MAC)
 - Installation via EVA bootloader
 - OpenWRT sysupgrade
 - Buttons
 - LEDs

Installation via EVA:
In the first seconds after Power is connected, the bootloader will
listen for FTP connections on 192.168.178.1. Firmware can be uploaded
like following:

  ftp> quote USER adam2
  ftp> quote PASS adam2
  ftp> binary
  ftp> debug
  ftp> passive
  ftp> quote MEDIA FLSH
  ftp> put openwrt-sysupgrade.bin mtd1

Note that this procedure might take up to two minutes.
You need to powercycle the Device afterwards to boot OpenWRT.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-17 13:27:40 +02:00
David Bauer d883eaacd4 ath79: add QCA9550 reset sequence
The QCA9550 family of SoCs have a slightly different reset
sequence compared to older chips.

Normally the bootloader performs this sequence, however
some bootloader implementation expect the operating system
to clear the reset. Also get the PCIe resets from OF to
support the second RC of the QCA9558.

This is required for the AVM FRITZ!WLAN Repeater 1750E to work,
as EVA leaves the PCIe bus in reset.

Tested: AVM FRITZ!WLAN Repeater 1750E - OCEDO Koala

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-17 13:23:06 +02:00
Daniel Golle 99d567a83d mac80211: fix detecting existing interface
Instead of using the actual interface name, a hard-coded 'wlan0' has
slipped into the script. Replace it.

Fixes: ccf2aa9d4b ("mac80211: detect existing interface before adding")
Reported-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-17 11:36:35 +01:00
Koen Vandeputte 75ef28be59 kernel: add support for GD25D05 SPI NOR (5.4)
This chip is used on newer RB912UAG-5HPnD r2 and 922UAGS-5HPacD boards:

Before:

[    0.824562] spi-nor spi0.0: unrecognized JEDEC id bytes: c8 40 10 c8 40 10
[    0.831607] spi-nor: probe of spi0.0 failed with error -2

After:

[    0.825347] spi-nor spi0.0: gd25d05 (64 Kbytes)
[    0.830291] 1 routerbootpart partitions found on MTD device spi0.0
[    0.836577] Creating 1 MTD partitions on "spi0.0":
[    0.841448] 0x000000000000-0x000000010000 : "partitions"
[    0.848418] 4 routerbootpart partitions found on MTD device partitions
[    0.855092] Creating 4 MTD partitions on "partitions":
[    0.860318] 0x000000000000-0x00000000c000 : "routerboot"
[    0.866548] 0x00000000c000-0x00000000d000 : "hard_config"
[    0.872832] 0x00000000d000-0x00000000e000 : "bios"
[    0.878580] 0x00000000e000-0x00000000f000 : "soft_config"

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-04-16 14:36:35 +02:00
Roger Pueyo Centelles c0430b8da4 ath79: reduce spi-max-frequency for Mikrotik wAP G-5HacT2HnD
The previous spi-max-frequency value did not work with all the CPU speed
settings (configurable with rbcfg or from the stock firmware); the new
one does for the three of them.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2020-04-16 13:44:18 +02:00
Koen Vandeputte 20efd5614a ath79: MikroTik: fix missing nand on kernel 5.4
Following symbol got renamed upstream:
CONFIG_MTD_NAND --> CONFIG_MTD_RAW_NAND

Also add this renamed symbol so NAND also works on kernel 5.4.

After:
[    0.628372] nand: device found, Manufacturer ID: 0xec, Chip ID: 0xf1
[    0.634862] nand: Samsung NAND 128MiB 3,3V 8-bit
[    0.639554] nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
[    0.647263] Scanning device for bad blocks
[    0.656228] random: fast init done
[    0.789652] 3 fixed-partitions partitions found on MTD device ar934x-nand
[    0.796550] Creating 3 MTD partitions on "ar934x-nand":
[    0.801874] 0x000000000000-0x000000040000 : "booter"
[    0.807715] 0x000000040000-0x000000400000 : "kernel"
[    0.813551] 0x000000400000-0x000008000000 : "ubi"

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-04-16 13:23:11 +02:00
Koen Vandeputte 3c3825436e kernel: bump 4.19 to 4.19.115
Refreshed all patches.

Remove upstreamed:
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
- 184-USB-serial-option-add-Wistron-Neweb-D19Q1.patch

Fixes:
- CVE-2020-8647
- CVE-2020-8648 (potentially)
- CVE-2020-8649

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-04-16 13:23:11 +02:00
Koen Vandeputte e31d158c4d kernel: bump 4.14 to 4.14.176
Refreshed all patches.

Remove upstreamed:
- 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
- 184-USB-serial-option-add-Wistron-Neweb-D19Q1.patch

Fixes:
- CVE-2020-8648 (potentially)
- CVE-2020-8647
- CVE-2020-8649

Compile-tested on: cns3xxx, octeontx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-04-16 13:23:11 +02:00
Hannu Nyman a7423fef32 ath79: improve status LED definitions for GL-AR750
Improve the status LED functionality in GL-AR750
by adding the definitions for different statuses
(boot, failsafe, running, flashing).

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2020-04-16 00:02:03 +02:00
Adrian Schmutzler 508462a399 ath79: add SUPPORTED_DEVICES for TP-Link TL-WA901ND v2
This adds the board name from ar71xx to support upgrade without
-F for the TP-Link TL-WA901ND v2.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-15 12:47:43 +02:00
Chuanhong Guo ad19751edc ramips: mt7621: enable lzma-loader for some devices
ubnt er-x/xiaomi/netgear sercomm devices are known to have troble
extracting a big kernel from flash and has support for uncompressed
uimage
This commit uses uncompressed uimage with lzma-loader for these devices
to fix boot issue.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-15 10:14:19 +08:00
Paul Spooren f814121600 x86: append metadata to combined images
Now that the x86 target uses the new image generation code we can also
attach metadata to the created images.

As currently the `SUPPORTED_DEVICES` list is empty, no JSON metadata is
attached, however the signing happens in the same step.

This results in signature verification for x86 images.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-04-14 23:38:08 +01:00
Paul Spooren c737a9ee6a scripts/download: add sources CDN as first mirror
OpenWrt now has a CDN for sources at sources.cdn.openwrt.org which
mirrors sources.openwrt.org.

Downloading sources outside Europe or US (mainland) could
result in low throughput, extremely slowing down the first compilation of
the build system.

This patch adds sources.cdn.openwrt.org as the first mirror to offer
worldwide fast download speeds by default. If the CDN goes down for
whatever reason, the script jumps to the next available mirror and
downloads requested files as before (in regional varying speed).

Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-14 23:16:55 +01:00
Paul Spooren 14cbd8fb2d scripts: JSON merge don't crash if no JSON found
The JSON `WORK_DIR` ($(KDIR)/json_info_files) is only created if the new
image generation methods from `image.mk` are used. However some targets
like `armvirt` do not use it yet, so the folder is never created.

The `json_overview_image_info.py` script used to raise an error if the
given `WORK_DIR` isn't a folder, however it should just notify about
missing JSON files.

This patch removes the Python assert and exists with code 0 even if no
JSON files were found, as this is not necessarily an error but simply
not yet implemented. Using `glob` on an not existing `Path` results in
an empty list, therefore the for loop won't run.

Signed-off-by: Paul Spooren <mail@aparcar.org>
CC: Petr Štetiar <ynezz@true.cz>
2020-04-14 23:16:55 +01:00
Petr Štetiar 0bea89a1d0 kernel: bump 5.4 to 5.4.32
Refreshed patches, removed upstreamed patches:

 generic: 746-stable-net-dsa-mt7530-fix-null-pointer-dereferencing-in-por.patch

Run tested: qemu-x86-64, apalis
Build tested: x86/64, imx6, sunxi/a53

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-14 21:58:16 +02:00
Ansuel Smith 9abf01246e ipq806x: add patch to fix broken buttons
From kernel 4.20 msm-gpio driver is broken and cause the
malfunction of the buttons on every ipq806x target.
Add a patch to fix this.

Tested-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2020-04-14 21:58:16 +02:00
Daniel Golle 7c2e0fa586 procd: jail fixes and improvements
32c717e jail: only mess with rootfs if CLONE_NEWNS was set
 b275a62 instance: harmonize instance API
 511fd97 jail: make /proc more secure
 4953b7c jail: mount /sys read-only
 a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
 a4cc165 jail: always mount /dev as additional tmpfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 16:16:06 +01:00
Daniel Golle e23de62845 netifd: clean up netns functionality
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 13:53:11 +01:00
Adrian Schmutzler d0cb6e995b ath79: further fixes for ZyXEL NBG6716
This applies further fixes to the DTS of ZyXEL NBG6716 based on
what is found in ar71xx (mach-nbg6716.c):

- use WiFi label names as in ar71xx
- fix WPS gpio number
- fix GPIO_ACTIVE_HIGH and mode for WiFi switch
- add codes for USB eject buttons
- fix node name for "internet" LED

This device has separate LEDs for WAN and "Internet". As the WAN-LED
(and the four LAN-LEDs) are driven independent of the setup in
DT/01_leds, the "internet" LED is left unassigned (in contrast to
ar71xx, where it was set up effectively as a second WAN LED)

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-14 12:03:57 +02:00
Kevin Darbyshire-Bryant 9fd36f54f5 Revert "kmod-sched: add act_police"
This reverts commit 1b973b54ea.

It turns out act_police is included in the kmod-sched package so this
package turns out to be superfluous and causes file provision conflicts.

Ooooops!  Best revert it then.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-14 08:48:33 +01:00
Chuanhong Guo 75f19deb3a ramips: define image recipe for uncompressed uimage with loader
Some devices have bootloaders with broken lzma code resulting in failed
decompression or corrupted kernel code.
This image recipe allows to sacrifice 5KB for OpenWrt LZMA loader and
take over the task of decompress kernel.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-14 12:01:50 +08:00
Chuanhong Guo d9e9a0e6b1 ramips: define lzma loader platform in target
Loader platform is a per-soc variable instead of a per-device one.
Determine corresponding loader platform at the beginning of image
Makefile.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-14 11:17:47 +08:00
Chuanhong Guo 111029bea7 ramips: add missing DEVICE_VARS for lzma-loader
LOADER_TYPE is a per-device variable which should be included in
DEVICE_VARS.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-14 11:14:15 +08:00