bcm53xx: add switch ports for Buffalo WZR-900DHP & re-enable it
Specify the switch ports in the DTS file.
Re-enable it after it was disabled by commit e9672b1a8fa4 ("bcm53xx: switch to the
upstream DSA-based b53 driver").
Paul Spooren [Mon, 28 Mar 2022 02:29:09 +0000 (03:29 +0100)]
build: store sha256_unsigned in JSON
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.
Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.
Flashing instructions:
* Boot to CFE Recovery Mode by holding the reset button while power-on.
* Connect to the router with an ethernet cable.
* Set IPv4 address of the computer to 192.168.1.2 subnet 255.255.255.0.
* Head to http://192.168.1.1.
* Reset NVRAM.
* Upload the OpenWrt image.
CFE bootloader may reject flashing the image due to image integrity check.
In that case, follow the instructions below.
* Rename the OpenWrt image as firmware.trx.
* Run a TFTP server and make it serve the firmware.trx file.
* Run the URL below on a browser or curl.
http://192.168.1.1/do.htm?cmd=flash+-noheader+192.168.1.2:firmware.trx+flash0.trx
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
[rmilecki: mark BROKEN until we sort out nvram & CFE recovery] Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Stijn Tintel [Sat, 19 Feb 2022 15:54:22 +0000 (17:54 +0200)]
image: let mksquashfs4 use all processors
Drop the -processors argument from the mksquashfs4 call, so it will use
all available processors. This dramatically reduces the time to create
squashfs filesystems.
The times below are observed when building an image for my main router,
the WatchGuard Firebox M300 (qoriq target):
Before:
real 4m45,973s
After:
real 0m23,497s
With this commit `mksquashfs` may use more cores than defined via `-j`.
This is the same behaviour as for archive creation of ImageBuilder, SDK
or toolchain. There is no trivial way to limit `mksquashfs` CPU core
usage to the amount of "free" make jobs since two running `mksquashfs`
instances would each run with the total allowed number (-j) of threads.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[extended reasoning in commit message] Signed-off-by: Paul Spooren <mail@aparcar.org>
Hauke Mehrtens [Mon, 28 Feb 2022 20:57:55 +0000 (21:57 +0100)]
realtek: Use firewall4
The realtek target is not a router, but basic device, see DEVICE_TYPE.
The basic device type does not come with firewall by default, see
include/target.mk for details. The realtek target extended
DEFAULT_PACKAGES manually with firewall.
This changes the defaults to take firewall4 and nftables instead of
firewall and iptables. This also adds the additional package
kmod-nft-offload.
The only difference to the router type is the missing ppp,
ppp-mod-pppoe, dnsmasq and odhcpd-ipv6only package.
This increases the compressed image size by about 422KBytes.
Hauke Mehrtens [Fri, 25 Mar 2022 12:57:40 +0000 (13:57 +0100)]
realtek: Remove dnsmasq and odhcpd-ipv6only from default
Do not include the dnsmasq and odhcpd-ipv6only package by default any
more. These services are not needed on a switch. If someone needs this
it is still possible to use opkg or image builder to add them.
This decreases the compressed image size by about 165KBytes.
Petr Štetiar [Mon, 28 Mar 2022 09:35:57 +0000 (11:35 +0200)]
generic: backport 5.16 fix for hv utils build failure
Backports following fix:
hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
The hyperv utilities use PTP clock interfaces and should depend a
a kconfig symbol such that they will be built as a loadable module or
builtin so that linker errors do not happen.
Prevents these build errors:
ld: drivers/hv/hv_util.o: in function `hv_timesync_deinit':
hv_util.c:(.text+0x37d): undefined reference to `ptp_clock_unregister'
ld: drivers/hv/hv_util.o: in function `hv_timesync_init':
hv_util.c:(.text+0x738): undefined reference to `ptp_clock_register'
References: https://lore.kernel.org/stable/20220328093115.7486-1-ynezz@true.cz/T/#u Signed-off-by: Petr Štetiar <ynezz@true.cz>
Daniel Golle [Tue, 29 Mar 2022 00:53:08 +0000 (01:53 +0100)]
generic: 5.15: fix FIT partition parser on block partitions
Using set_disk_ro() doesn't have the desired effect and instead of
just setting the single partition to be read-only it affects the
whole disk. Use the bd_read_only flag in struct block_device instead
to mark a partition being read-only.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
John Thomson [Mon, 28 Mar 2022 01:50:44 +0000 (11:50 +1000)]
kernel: 5.15: fix mediatek usb module change
The mediatek USB kernel module xhci-mtk was restructed.
The module after kernel 5.13 is named xhci-mtk-hcd.
Link:
https://lore.kernel.org/all/0b62e21ddfacc1c2874726dd27ccab80c993f303.1615170625.git.chunfeng.yun@mediatek.com/
Linux 14295a150050 ("usb: xhci-mtk: support to build xhci-mtk-hcd.ko")
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
urandom-seed: use seedrng for seeding the random number generator
The RNG can't actually be seeded from a shell script, due to the
reliance on ioctls. For this reason, the seedrng project provides a
basic script meant to be copy and pasted into projects like OpenWRT
and tweaked as needed: <https://git.zx2c4.com/seedrng/about/>.
This commit imports it into the urandom-seed package and wires up the
init scripts to call it. This also is a significant improvement over the
current init script, which does not robustly handle cleaning up of seeds
and syncing to prevent reuse. Additionally, the existing script creates
a new seed immediately after writing an old one, which means that the
amount of entropy might actually regress, due to failing to credit the
old seed.
Closes: https://github.com/openwrt/openwrt/issues/9570 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> [fixed missing INSTALL_DIR]
Petr Štetiar [Mon, 28 Mar 2022 06:43:41 +0000 (08:43 +0200)]
tools/zlib: bump to latest stable release 1.2.12 (CVE-2018-25032)
List of changes since previous release from 2018 is quite long:
* Fix crc32.c to compile local functions only if used.
* Check for cc masquerading as gcc or clang in configure.
* Remove destructive aspects of make distclean.
* Separate out address sanitizing from warnings in configure.
* Eliminate use of ULL constants.
* Add fallthrough comments for gcc.
* Clean up minizip to reduce warnings for testing.
* Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
* minizip warning fix if MAXU32 already defined. (gvollant)
* Replace black/white with allow/block. (theresa-m)
* Fix indentation in minizip's zip.c.
* Improve portability of contrib/minizip.
* Correct typo in blast.c.
* Change macro name in inflate.c to avoid collision in VxWorks.
* Clarify gz* function interfaces, referring to parameter names.
* Fix error in comment on the polynomial representation of a byte.
* Fix memory leak on error in gzlog.c.
* Avoid adding empty gzip member after gzflush with Z_FINISH.
* Explicitly note that the 32-bit check values are 32 bits.
* Use ARM crc32 instructions if the ARM architecture has them.
* Add use of the ARMv8 crc32 instructions when requested.
* Correct comment in crc32.c.
* Don't bother computing check value after successful inflateSync().
* Use atomic test and set, if available, for dynamic CRC tables.
* Speed up software CRC-32 computation by a factor of 1.5 to 3.
* Add crc32_combine_gen() and crc32_combine_op() for fast combines.
* Add tables for crc32_combine(), to speed it up by a factor of 200.
* Fix the zran.c example to work on a multiple-member gzip file.
* Add gznorm.c example, which normalizes gzip files.
* Show all the codes for the maximum tables size in enough.c.
* Clarify that prefix codes are counted in enough.c.
* Use inline function instead of macro for index in enough.c.
* Clean up code style in enough.c, update version.
* Use a macro for the printf format of big_t in enough.c.
* Use a structure to make globals in enough.c evident.
* Assure that the number of bits for deflatePrime() is valid.
* Fix a bug that can crash deflate on some input when using Z_FIXED.
* Correct the initialization requirements for deflateInit2().
* Emphasize the need to continue decompressing gzip members.
* Add legal disclaimer to README.
* Fix deflateEnd() to not report an error at start of raw deflate.
* Remove old assembler code in which bugs have manifested.
* Make the names in functions declarations identical to definitions.
* Avoid an undefined behavior of memcpy() in _tr_stored_block().
* Avoid undefined behaviors of memcpy() in gz*printf().
* Avoid an undefined behavior of memcpy() in gzappend().
* Avoid the use of ptrdiff_t.
* Handle case where inflateSync used when header never processed.
* Don't compute check value for raw inflate if asked to validate.
* Add address checking in clang to -w option of configure.
* Return an error if the gzputs string length can't fit in an int.
* Small speedup to inflate [psumbera].
* Update use of errno for newer Windows CE versions.
* Avoid some conversion warnings in gzread.c and gzwrite.c.
* Have Makefile return non-zero error code on test failure.
* Avoid a conversion error in gzseek when off_t type too small.
* Fix CLEAR_HASH macro to be usable as a single statement.
* Fix bug when window full in deflate_stored().
* Limit hash table inserts after switch from stored deflate.
* Permit a deflateParams() parameter change as soon as possible.
* Cygwin does not have _wopen(), so do not create gzopen_w() there.
Removed 006-fix-compressor-crash-on-certain-inputs.patch which was
hotfix for CVE-2018-25032 and is now included in this release.
This release is not available on @SF (yet?) so the sources are now
pulled from GitHub.
Fixes: CVE-2018-25032 Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 28 Mar 2022 06:38:26 +0000 (08:38 +0200)]
libs/zlib: bump to latest stable release 1.2.12 (CVE-2018-25032)
List of changes since previous release from 2018 is quite long:
* Fix crc32.c to compile local functions only if used.
* Check for cc masquerading as gcc or clang in configure.
* Remove destructive aspects of make distclean.
* Separate out address sanitizing from warnings in configure.
* Eliminate use of ULL constants.
* Add fallthrough comments for gcc.
* Clean up minizip to reduce warnings for testing.
* Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
* minizip warning fix if MAXU32 already defined. (gvollant)
* Replace black/white with allow/block. (theresa-m)
* Fix indentation in minizip's zip.c.
* Improve portability of contrib/minizip.
* Correct typo in blast.c.
* Change macro name in inflate.c to avoid collision in VxWorks.
* Clarify gz* function interfaces, referring to parameter names.
* Fix error in comment on the polynomial representation of a byte.
* Fix memory leak on error in gzlog.c.
* Avoid adding empty gzip member after gzflush with Z_FINISH.
* Explicitly note that the 32-bit check values are 32 bits.
* Use ARM crc32 instructions if the ARM architecture has them.
* Add use of the ARMv8 crc32 instructions when requested.
* Correct comment in crc32.c.
* Don't bother computing check value after successful inflateSync().
* Use atomic test and set, if available, for dynamic CRC tables.
* Speed up software CRC-32 computation by a factor of 1.5 to 3.
* Add crc32_combine_gen() and crc32_combine_op() for fast combines.
* Add tables for crc32_combine(), to speed it up by a factor of 200.
* Fix the zran.c example to work on a multiple-member gzip file.
* Add gznorm.c example, which normalizes gzip files.
* Show all the codes for the maximum tables size in enough.c.
* Clarify that prefix codes are counted in enough.c.
* Use inline function instead of macro for index in enough.c.
* Clean up code style in enough.c, update version.
* Use a macro for the printf format of big_t in enough.c.
* Use a structure to make globals in enough.c evident.
* Assure that the number of bits for deflatePrime() is valid.
* Fix a bug that can crash deflate on some input when using Z_FIXED.
* Correct the initialization requirements for deflateInit2().
* Emphasize the need to continue decompressing gzip members.
* Add legal disclaimer to README.
* Fix deflateEnd() to not report an error at start of raw deflate.
* Remove old assembler code in which bugs have manifested.
* Make the names in functions declarations identical to definitions.
* Avoid an undefined behavior of memcpy() in _tr_stored_block().
* Avoid undefined behaviors of memcpy() in gz*printf().
* Avoid an undefined behavior of memcpy() in gzappend().
* Avoid the use of ptrdiff_t.
* Handle case where inflateSync used when header never processed.
* Don't compute check value for raw inflate if asked to validate.
* Add address checking in clang to -w option of configure.
* Return an error if the gzputs string length can't fit in an int.
* Small speedup to inflate [psumbera].
* Update use of errno for newer Windows CE versions.
* Avoid some conversion warnings in gzread.c and gzwrite.c.
* Have Makefile return non-zero error code on test failure.
* Avoid a conversion error in gzseek when off_t type too small.
* Fix CLEAR_HASH macro to be usable as a single statement.
* Fix bug when window full in deflate_stored().
* Limit hash table inserts after switch from stored deflate.
* Permit a deflateParams() parameter change as soon as possible.
* Cygwin does not have _wopen(), so do not create gzopen_w() there.
Removed 006-fix-compressor-crash-on-certain-inputs.patch which was
hotfix for CVE-2018-25032 and is now included in this release.
This release is not available on @SF (yet?) so the sources are now
pulled from GitHub.
Fixes: CVE-2018-25032 Signed-off-by: Petr Štetiar <ynezz@true.cz>
Marek Behún [Mon, 21 Mar 2022 16:53:10 +0000 (17:53 +0100)]
kernel: Backport mv88e6xxx patch to keep pvid at 0 if VLAN-unaware and remove hack
Backport patch 8b6836d82470 ("net: dsa: mv88e6xxx: keep the pvid at 0 when VLAN-unaware")
from 5.15.
Keeping the pvid at 0 when VLAN-unaware makes it possible to drop the
hack introduced in commit 920eaab1d817 ("kernel: DSA roaming fix for
Marvell mv88e6xxx"). Dropping the hack makes it possible to use VLAN
interfaces with VID 1 on DSA ports without problems with FDB.
Ansuel Smith [Fri, 5 Nov 2021 02:32:30 +0000 (03:32 +0100)]
ipq806x: 5:15: fix dedicated krait cpufreq
Fix dedicated cpufreq for kernel 5.15 as they changed module
order and now it can happen that cpufreq probe after cache driver.
Also add lock between cache scaling in set_target as it's now required
by opp functions.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Ansuel Smith [Sun, 16 Jan 2022 02:54:58 +0000 (03:54 +0100)]
ipq806x: rework rootfs conflicts patch for smem
Now that smem actually free the leaked parts, when
a rootfs partition is detected, the kernel panics as
it try to free the static space allocated for the "ubi"
name. Change the logic and fix the name at the allocate_partition
function to correctly free the space allocated by smem.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Ansuel Smith [Fri, 5 Nov 2021 00:14:57 +0000 (01:14 +0100)]
ipq806x: 5:15: add testing kernel version
Refresh patch for 5.15
Rework tweak patch to sync with upstream ipq8064 dtsi and fix
regression introduced.
Rename nand_controller to nand in every dts.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Since the Google Wifi (Gale) is currently the only target in
this sub-target. So this means that subtarget has to be disabled
from the time being to not be picked up by the builders.
For people wanting to checkout out OpenWrt on the Google Wifi:
please compile it locally.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
gpio-cdev: move kmod-leds-uleds dependency to MX100
The inclusion of the kmod-leds-uleds into the userspace
nu801 package causes a circular dependency inside the
buildsystem... which causes it to be picked regardless
of other DEPENDS values.
In case of the mx100, this could be solved by moving the
kmod-leds-uled dependency to the kmod-meraki-mx100.
Bonus: drop @!LINUX_5_4 from kmod-meraki-mx100 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Chen Minqiang reported that he has troubles downloading nu801.
His logs showed the followin TLS Handshake failure.
|Checking out files from the git repository...
|Cloning into 'nu801-d9942c0c'...
|fatal: unable to access 'https://github.com/chunkeey/nu801.git/':
| gnutls_handshake() failed: The TLS connection was non-properly terminated.
|Makefile:39: recipe for target '[...]/dl/nu801-d9942c0c.tar.xz' failed
This can be fixed by providing a PKG_MIRROR_HASH. The download
scripts will now be able to pull the source from OpenWrt's source
archive, which should be available through HTTP.
Reported-by: Chen Minqiang <ptpt52@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Ansuel Smith [Tue, 1 Mar 2022 15:47:11 +0000 (16:47 +0100)]
generic: fix compilation warning for ar8xxx swconfig
There are 2 warning for ar8xxx swconfig.
- Fix not used dev variable when ETHERNET_PACKET_MANGLE
is not selected
- Convert fallthrough comment to compilation macro
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Robert Marko [Sun, 6 Mar 2022 11:33:35 +0000 (12:33 +0100)]
generic: 5.15: fix AQR 113C and 813
Patches that add the additional AQR PHY ID-s is just copy/paste from 5.10
and kernel 5.11 dropped the ack_interrupt method for PHY IRQ handling,
instead handle_interrupt is used.
So, simply switch to using handle_interrupt like other upstream AQR PHY-s.
Signed-off-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Robert Marko [Sat, 8 Jan 2022 13:39:54 +0000 (14:39 +0100)]
generic: 5.15: fix new AQR PHY patches
After fixing the original 720 patch, it looks like more were added for
additional AQR ID-s.
Patches that add the additional AQR PHY ID-s is just copy/paste from 5.10
and kernel 5.11 dropped the ack_interrupt method for PHY IRQ handling,
instead handle_interrupt is used.
So, simply switch to using handle_interrupt like other upstream AQR PHY-s.
Ansuel Smith [Thu, 4 Nov 2021 20:59:09 +0000 (21:59 +0100)]
kernel: 5.15: add new module
Add new module require in 5.15
- Changes in block module
- Changes in netfilter module (log module unified)
- Changes in fs module (mainly new depends for cifs and new ntfs3 module)
- Changes in lib add shared lib now used by more than 1 kmod
- Changes in crypto, dropped one crypto algo added arm crypto accellerator
- Changes in other, add zram default compressor choice and missing lib
by tpm module
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Standardize pending patch tcp_no_window_check patch as with
new kernel they added a check for global variables.
The 2 new condition are that they must be read-only or
the data pointer should not point to kernel/module global
data.
Remove the global variable and move it to a standard place
following other variables logic.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Ansuel Smith [Thu, 4 Nov 2021 22:25:50 +0000 (23:25 +0100)]
generic: 5.15: rework hack patch
Rework hack patch in dir for kernel 5.15.
For the specific patch of packet mangeling introduce a new extra_priv_flags
as we don't have enough space to add additional flags in priv_flags.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Daniel Golle [Sat, 26 Mar 2022 22:51:21 +0000 (22:51 +0000)]
generic: sync mtd rootfs hack with part_bits
In commit ab143647ef ("kernel: generic: improve FIT partition parser")
part_bits was bumped to 2 in order to allow up to 3 additional FIT
sub-images mapped into sub-partitions.
This change has to be reflected also in our local patch
420-mtd-set-rootfs-to-be-root-dev.patch
which still assumed part_bits==1 for mtdblock devices in case of
CONFIG_FIT_PARTITION=y.
Fixes: #9557 Fixes: ab143647ef ("kernel: generic: improve FIT partition parser") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Shiji Yang [Mon, 14 Mar 2022 16:16:15 +0000 (00:16 +0800)]
ramips: fix wifi mac address of HiWiFi series devices
For HiWiFi series devices, label_mac can be read from bdinfo partition,
and lan_mac, wlan2g_mac are same as the label_mac. Converting label_mac
to wlan5g_mac only needs to unset 6th bit. (It seems that all HiWiFi's
label_mac start with D4:EE)
For example:
label D4:EE:07:32:84:88
lan D4:EE:07:32:84:88
wan D4:EE:07:32:84:89
wlan2g D4:EE:07:32:84:88
wlan5g D0:EE:07:32:84:88
kernel: add (disabled) ASYMMETRIC_TPM_KEY_SUBTYPE symbol
at91/sama7 fails to build due to:
| Asymmetric (public-key cryptographic) key type (ASYMMETRIC_KEY_TYPE) [Y/?] y
| Asymmetric public-key crypto algorithm subtype (ASYMMETRIC_PUBLIC_KEY_SUBTYPE) [Y/?] y
| Asymmetric TPM backed private key subtype (ASYMMETRIC_TPM_KEY_SUBTYPE) [N/m/?] (NEW)
|Error in reading or end of file.
please note that asym_tpm (module) has been removed in 5.17:
<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d3cff4a9>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
removes usb-port remains as neither the WAC510 nor the WAC505
come with a USB port. Update the LED properties to phase out
labels and introduce generic node-names as well as adding
the color, function and function-enumerator properties.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
ARM Builds like sunxi/cortexa53 or the rpi family failed
to build due to a new symbols showing up:
|Google Firmware Drivers (GOOGLE_FIRMWARE) [Y/n/?] y
| Coreboot Table Access (GOOGLE_COREBOOT_TABLE) [M/n/y/?] m
| Coreboot Framebuffer (GOOGLE_FRAMEBUFFER_COREBOOT) [N/m/?] (NEW)
|Error in reading or end of file.
Fixes: e5b009e53281 ("kernel: Package GOOGLE_FIRMWARE drivers") Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Stijn Tintel [Wed, 19 Jan 2022 13:44:58 +0000 (15:44 +0200)]
ramips: move mt7621_nand driver to files
The patch was rejected by upstream. The mtk_nand driver should be
modified to support the mt7621 flash controller instead. As there is no
newer version to backport, or no upstream version to fix bugs, let's
move the driver to the files dir under the ramips target. This makes it
easier to make changes to the driver while waiting for mt7621 support to
land in mtk_nand.
projects / thirdparty / openwrt.git / log
