Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 06f510df6e2aa0b1e40124bbd758672458d01482)
[adapt variables and package names because we did not backport 2e5e9b459ed5 ("ath10k-ct-firmware: rename ct-htt packages")] Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* March 19, 2020: Fix problem where power-save was not enabled when going off-channel to scan.
The problem was a boolean logic inversion in the chmgr code, a regression I introduced
a long time ago.
* March 19, 2020: When scanning only on current working channel, do not bother with disable/enable
powersave. This should make an on-channel scan less obtrusive than it was previously.
* March 23, 2020: Fix channel-mgr use-after-free problem that caused crashes in some cases. The crash
was exacerbated by recent power-save changes.
* March 23, 2020: Fix station-mode power-save related crash: backported the fix from 10.2 QCA firmware.
* March 23, 2020: Attempt to better clean up power-save objects and state, especially in station mode.
Release notes for 016:
Wave-1 changes, some debugging code for a crash someone reported, plus:
* February 28, 2020: Fix custom-tx path when sending in 0x0 for rate-code. Have tries == 0 mean
one try but NO-ACK (similar to how wave-2 does it).
wave-2:
* Fixed some long-ago regressions related to powersave and/or multicast. Maybe fix some
additional multicast and/or tx-scheduling bugs.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> Acked-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 84f4a783c6987fd9d67c089a76e2f90b7491f446)
Michael Yartys [Thu, 3 Sep 2020 20:56:47 +0000 (22:56 +0200)]
ath10k-firmware: update ath10k-ct firmware
This supports better per-chain noise floor reporting, which in turn allows for
better RSSI reporting in the driver.
Wave-2 fixes a long-standing rate-ctrl problem when connected to xbox (and probably other devices).
Wave-2 has fix for crash likely related to rekeying.
Wave-1 has some debugging code added where a user reported a crash.
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq806x+qca9984,ipq4019+qca9986] Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
(cherry picked from commit 18622638831707038556b9b8bd5a0b4d4a53ce53)
* No changes to wave-1, but I make a version .014 copy anyway to keep
the makefile in sync.
The release notes since last time for wave-2:
* December 16, 2019: Wave-2 has a fix to make setting txpower work
better. Before setting the power was ignored at
least some of the time (it also appeared to work
mostly, so I guess it was being correctly set in
other ways).
NeilBrown [Tue, 29 Oct 2019 17:23:28 +0000 (10:23 -0700)]
ramips: ethernet: fix to interrupt handling
The current code acknowledged interrupts *after* polling.
This is the wrong way around, and could cause an interrupt to
be missed.
This is not likely to be fatal as another packet, and so another
interrupt, should come along soon. But maybe it is causing
problems, so let's fix it anyway.
Signed-off-by: NeilBrown <neil@brown.name>
(Note that this matches the upstream driver.) Signed-off-by: Rosen Penev <rosenp@gmail.com>
Hauke Mehrtens [Thu, 27 Aug 2020 10:09:58 +0000 (12:09 +0200)]
hostapd: Fix compile errors after wolfssl update
This fixes the following compile errors after the wolfssl 4.5.0 update:
LD wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
type = GEN_EMAIL;
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
type = GEN_DNS;
^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
type = GEN_URI;
^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
if (gen->type != GEN_EMAIL &&
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
gen->type != GEN_DNS &&
^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
gen->type != GEN_URI)
^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed
Fixes: 00722a720c77 ("wolfssl: Update to version 4.5.0") Reported-by: Andre Heider <a.heider@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit bc19481826e0da9119945eaae4f25736306f023b)
Hauke Mehrtens [Mon, 24 Aug 2020 10:11:29 +0000 (12:11 +0200)]
wolfssl: Update to version 4.5.0
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
channel attacks are present.
* Leak of private key in the case that PEM format private keys are
bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application.
Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/
Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255
The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528
wolfssl: use -fomit-frame-pointer to fix asm error
32-bit x86 fail to compile fast-math feature when compiled with frame
pointer, which uses a register used in a couple of inline asm functions.
Previous versions of wolfssl had this by default. Keeping an extra
register available may increase performance, so it's being restored for
all architectures.
This version adds many bugfixes, including a couple of security
vulnerabilities:
- For fast math (enabled by wpa_supplicant option), use a constant time
modular inverse when mapping to affine when operation involves a
private key - keygen, calc shared secret, sign.
- Change constant time and cache resistant ECC mulmod. Ensure points
being operated on change to make constant time.
Magnus Kroken [Tue, 1 Sep 2020 20:28:25 +0000 (22:28 +0200)]
mbedtls: update to 2.16.8
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.
* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.
Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
Daniel Golle [Mon, 10 Aug 2020 22:33:00 +0000 (23:33 +0100)]
oxnas: reduce size of ATA DMA descriptor space
After years of trying to find the reason for random kernel crashes
while both CPU and SATA are under load it has been found.
Some odd commented-out #defines in kref's single-port driver [1] which
were copied from the vendor driver made me develop a theory:
The IO-mapped memory area for DMA descriptors apparetly got some holes
just before the alignment boundaries.
This feels like an off-by-one bug in the hardware or maybe those fields
are used internally by the SATA controller's firmware.
Whatever the cause is: they cannot be used and trying to use them
results in reading back unexpected stuff and ends up with oopsing
Unable to handle kernel paging request at virtual address d085c004
Work around the issue by reducing the area used for bmdma descriptors.
This reduces SATA performance (iops) quite a bit, but finally makes
things work reliably. Possibly one could optimize this much more by
really just skipping the holes in that memory area -- however, that
seems to be non-trivial with the driver and libata in it's current form
(suggestions are welcome).
The 'proper' way to have good SATA performance would be to make use of
the hardware RAID features (one can use the JBOD mode to access even
just a single disc transparently through the RAID controller integrated
in the SATA host instead of accessing the SATA ports 'raw' as we do
now).
Magnus Kroken [Sat, 25 Jul 2020 12:19:28 +0000 (14:19 +0200)]
mbedtls: update to 2.16.7
Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch,
and provides bug fixes and minor enhancements. This release includes
fixes for security issues and the most severe one is described in more
detail in a security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07
* Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
* Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private
key that didn't include the uncompressed public key), as well as
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
f_rng argument. An attacker with access to precise enough timing and
memory access information (typically an untrusted operating system
attacking a secure enclave) could fully recover the ECC private key.
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
macros).
Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some
changes to the download URLs are required. For the time being, the
ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[Use https://codeload.github.com and new tar.gz file] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 201d6776a0b5858b8ce43a2392c9fe48aa1c4dd7)
The only difference from the v1 is the TP-Link hardware ID/revision.
Attention:
The TL-WR710N v2.0 (!) has only 4 MB flash and cannot be flashed with
this image. It has a different TPLINK_HWREV, so accidental flashing
of the factory image should be impossible without additional measures.
Unfortunately, the v2.0 in ar71xx has the same board name, so sysupgrade
from ar71xx v2.0 into ath79 v1/v2.1 will not be prevented, but will brick
the device.
Flashing instruction:
Upload the factory image via the OEM firmware GUI upgrade mechanism.
Further notes:
To make implementation easier if somebody desires to port the 4M v2.0,
this already creates two DTSI files.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Tested-by: Fabian Eppig <fabian@eppig.de>
(backported from eb531337a779a48a2d17bc66f0d222325d6c1563)
tools/tplink-safeloader: use soft_ver 1.9.1 for archer c6 v2
TP-LINK published a firmware update for the archer c6 v2.
This updates also reached the factory devices. Newer software version
rejects downgrading to 1.2.x. Use 1.9.x to allow installing the factory images
and have a little bit time to change it again.
Georgi Vlaev [Fri, 27 Mar 2020 10:33:53 +0000 (12:33 +0200)]
tplink-safeloader: update soft_ver for TP-Link Archer C6 v2 (EU)
The last couple of TP-Link firmware releases for Archer C6 v2 (EU)
have switched to version 1.2.x. Bump the soft_ver to "1.2.1" to
allow firmware updates from the vendor web interface.
The source CDN has been discontinued in its current form and will take a
while to be reestablished. Even then it makes little sense to put a CDN
before other CDNs such as kernel.org, apache.org, sourceforge etc.
All other SoC DTSI files have gpio enabled by default, only
ar9330/ar9331 disable it by default, only to have it enabled again
afterwards for each individual device.
So, do not disable it in the first place, and drop all device-specific
status statements afterwards.
Though this is a cosmetic commit, it might be a pitfall for
device-support backporters if missing. Since backporting it is trivial,
let's just do it.
ath79: ar724x: make sure builtin-switch is enabled in DT
On ar7240/ar7241 the mdioX node with the builtin-switch is enabled
in the DTSI files, but the parent ethX node is left disabled. It
only gets enabled per device or device family, and has not been
enabled at all yet for the TP-Link WA devices with ar7240, making
the switch unavailable there.
This patch makes sure ð0/ð1 nodes are enabled together with
the &mdio0/&mdio1 nodes containing the builtin-switch.
For ar7240_tplink_tl-wa.dtsi, ð0 is properly hidden again via
compatible = "syscon", "simple-mfd";
This partially fixes FS#2887, however it seems dmesg still does
not show cable (dis)connect in dmesg for ar7240 TP-Link WA
devices.
This patch improves ath79 support for Netgear WNR612v2.
Router functionality becomes identical to ar71xx version.
Changes include:
* software control over LAN LEDs via sysfs
* correct MAC addresses for network interfaces
* correct image size in device definition
* dts: 'keys' renamed to 'ath9k-keys'
* dts: 'label-mac-device' set to eth1 (LAN)
* dts: formatting adjustments
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit d74324e407de7fb641310070762923f7e4cd2d6c)
[remove label-mac-device] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
ath79: add LAN LEDs control bits for AR724x GPIO function pinmux
Currently AR724x pinmux for register 0x18040028 controls only JTAG disable bit.
This patch adds new DTS settings to control LAN LEDs and CLKs that allow
full software control over these diodes - exactly the same is done by ar71xx
target in device setup phase for many routers (WNR2000v3 for example).
'switch_led_disable_pins' clears AR724X_GPIO_FUNC_ETH_SWITCH_LED[0-4]_EN bits.
'clks_disable_pins' clears AR724X_GPIO_FUNC_CLK_OBS[1-5]_EN and
AR724X_GPIO_FUNC_GE0_MII_CLK_EN bits. These all should be used together, along
with 'jtag_disable_pins', to allow OS to control all GPIO-connected LEDs and
buttons on device.
Chih-Wei Chen [Wed, 16 Oct 2019 06:34:14 +0000 (14:34 +0800)]
ramips: fix Xiaomi MiWiFi Mini switch definition
Based on OpenWRT Table of Hardware > Xiaomi > Xiaomi Mi WiFi Mini
Switch Ports Defaults:
0, 1: LAN
4: WAN
6: CPU
Port in Web GUI (word printed on bottom of case)
WAN(Internet) map to switch port 4
LAN1(.) map to switch port 1
LAN2(..) map to switch port 0
CPU map to switch port 6
current setting is 1 WAN/ 4 LAN port, fix it.
Signed-off-by: Chih-Wei Chen <changeway@gmail.com>
[rebased after base-files split, fixed commit title] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(backported from commit 3e88ab79b03917bc4b03b34db12edf622bde1de1)
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[bump PKG_RELEASE] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 4165232c45df224f32a94f43b9938d13d643b2a8)
Hauke Mehrtens [Thu, 21 May 2020 19:49:21 +0000 (21:49 +0200)]
mac80211: Fix build on mpc85xx target
This fixes the following compile error seen on the mpc85xx target:
CC [M] /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o
In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89:
/builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t'
typedef _Addr ptrdiff_t;
^~~~~~~~~
In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4,
from ./include/linux/list.h:5,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3,
from ./include/linux/module.h:9,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79:
./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here
typedef __kernel_ptrdiff_t ptrdiff_t;
^~~~~~~~~
scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed
Fixes: d6b158b86981 ("mac80211: Update to 4.19.137-1") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 04b1a11f5ca72a741493addca1b1ae093f37934f)
Paul Spooren [Mon, 3 Aug 2020 17:31:43 +0000 (07:31 -1000)]
scripts: Add Buildbot dump-target-info.pl script
The script comes from buildbot.git[0] and is used to print available
targets and architectures, which are then build.
As the buildbot clones openwrt.git anyway, the script might as well live
here to be used for other cases as well, e.g. determining what
architectures are available when building Docker containers or show
developers an overview which architectures are used by which target.
It's called with either the parameter `architectures` or `targets`,
showing architectures followed by supported targets or targets, followed
by the supported architectures:
Christoph Krapp [Sun, 9 Aug 2020 11:39:05 +0000 (13:39 +0200)]
uboot-envtools: ar71xx: add ZyXEL NBG6616 uboot env support
This adds support for ZyXEL NBG6616 uboot-env access
Signed-off-by: Christoph Krapp <achterin@googlemail.com>
[add "ar71xx" to commit title] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit eb95ca3b5c8b33e3212896f906922eba5f72abb3)
Christoph Krapp [Sun, 9 Aug 2020 11:40:26 +0000 (13:40 +0200)]
ar71xx: change u-boot-env to read-write for ZyXEL NBG6616
As the ath79 port of this device uses a combined kernel + root
partition the uboot bootcmd variable needs to be changed. As using
cli/luci is more convenient than opening up the case and using a uart
connection, lets unlock the uboot-env partition for write access.
Petr Štetiar [Tue, 4 Aug 2020 14:24:35 +0000 (16:24 +0200)]
hostapd: add wpad-basic-wolfssl variant
Add package which provides size optimized wpad with support for just
WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[adapt to recent changes, add dependency for WPA_WOLFSSL config] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit c487cf8e94cbdf582dfc3c2bdaab913a146a2100)
hostapd: reorganize config selection hierarchy for WPA3
The current selection of DRIVER_MAKEOPTS and TARGET_LDFLAGS is
exceptionally hard to read. This tries to make things a little
easier by inverting the hierarchy of the conditions, so SSL_VARIANT
is checked first and LOCAL_VARIANT is checked second.
This exploits the fact that some of the previous conditions were
unnecessary, e.g. there is no hostapd-mesh*, so we don't need
to exclude this combination.
It also should make it a little easier to see which options are
actually switched by SSL_VARIANT and which by LOCAL_VARIANT.
The patch is supposed to be cosmetic. However, the improvement
for readers and the maintained consistency with master qualify
this for backporting.
Tobias Welz [Tue, 4 Aug 2020 15:55:40 +0000 (17:55 +0200)]
ramips: correct WizFi630S pin mappings
WizFi630S had some pins changed in the release version of the board.
The run led, wps button and a slide switch where affected.
This patch is correcting this.
i2c is removed as it is sharing a pin with the run (system) led.
uart2 is enabled as it is also enabled in the OEM firmware.
Signed-off-by: Tobias Welz <tw@wiznet.eu>
(backported from commit d0b229f553a814b22c16976e40a197f892c0c0df) Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tobias Welz [Mon, 3 Aug 2020 19:28:31 +0000 (21:28 +0200)]
ramips: enable flashing WizFi630S via OEM firmware
WIZnet WizFi630s board name is written slightly different it its OEM
OpenWrt firmware. This causes an incompatibility warning during flashing
with sysupgrade. This patch is adding the vendor board name to the
supported devices list to avoid this warning. For initial flashing you
can use sysupgrade via command line or luci beside of TFTP.
Do not keep the OEM configuration during sysupgrade.
Josua Mayer [Thu, 26 Dec 2019 11:08:16 +0000 (12:08 +0100)]
mvebu: fix LAN/WAN port assignment on ClearFog Base/Pro
The comments in code already describe the intended lan / wan assignment:
lan: switch
wan: standalone ethernet and sfp
Update the interface handles to match the comments, as observed with
OpenWRT-19.07-rc2 on a Clearfog Pro Rev 2.0.
This also matches the effective assignment on master, while the actual
interface names (ethX) are different due to the reassignment in
06_set_iface_mac, which is included in 19.07 but was dropped for master.
Sungbo Eo [Sun, 12 Jan 2020 12:35:00 +0000 (21:35 +0900)]
ar71xx: restore support for boot console with arbitrary baud rates
Commit 1bfbf2de6df9 ("ar71xx: serial: core: add support for boot console
with arbitrary baud rates") added support for arbitrary baud rates which
enabled 250000 baud rate for Yun. But the patch was not ported to kernel
4.9, and since then the kernel set its baud rate to 9600. This commit ports
the patch to kernel 4.14, thereby restoring the serial console of Yun.
ath79: restore support for boot console with arbitrary baud rates
The Arduino Yun uses a baud rate of 250000 by default. The serial is
going over the Atmel ATmega and is used to connect to this chip.
Without this patch Linux wants to switch the console to 9600 Baud.
With this patch Linux will use the configured baud rate and not a
default one specified in uart_register_driver().
This has been added for ath79 4.19 and 5.4 in master as part of fc59b2f79b50 ("ath79: add support for Arduino Yun"), this backports
it separately to 4.14.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Sungbo Eo [Sun, 12 Jan 2020 12:35:00 +0000 (21:35 +0900)]
ar71xx: fix sysupgrade for Arduino Yun
Commit bb46b635df48 changed its partition scheme, but sysupgrade image
validation still uses the old format. This commit fixes it so that
force flag is not needed for sysupgrade.
Fixes: bb46b635df48 ("ar71xx: move Arduino Yun to generic building code") Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 58dc1d0637425cfe023192466e6212009332b677)
In FS#2738 we can see that patch first introduced in e8ebcff ("ramips: add a explicit reset to dwc2")
breaks USB functionality since 18.06. Thus, this patch should be removed.
For a few packages, the current TITLE is too long, so it is not
displayed at all when running make menuconfig. Despite, there is
no indication of OpenSSL vs. wolfSSL in the titles.
Thus, this patch adjusts titles to be generally shorter, and adds
the SSL variant to it.
While at it, make things easier by creating a shared definition for
eapol-test like it's done already for all the other flavors.
David Woodhouse [Tue, 21 Jul 2020 08:53:32 +0000 (09:53 +0100)]
mediatek: mt7623: fix sysupgrade from vendor OpenWrt on UniElec U7623
This board ships with an ancient 14.07-based OpenWrt using block2mtd, and
the MBR partition table contains nonsense.
It is possible to sysupgrade to an upstream OpenWrt image, but the
legacy layout of the OpenWrt images start at 0xA00 in the eMMC, with
a raw uImage. The legacy OpenWrt image doesn't "own" the beginning
of the device, including the MBR and U-Boot.
This means that when a user upgrades to upstream OpenWrt, it doesn't
boot because it can't find the right partitions. So hard-code them on
the kernel's command line using CONFIG_CMDLINE_PARTITION (for block).
Additionally, the vendor firmware doesn't cope with images larger than
about 36MiB, because it only overwrites the contents of its "firmware"
MTD partition. The current layout of the legacy image wastes a lot of
space, allowing over 32MiB for the kernel and another 10MiB for the FAT
recovery file system which is only created as 3MiB. So pull those in
to allow 4¾ MiB for the kernel, 3MiB for recovery, and then we have over
20MiB for the root file system.
This doesn't affect the new images which ship with a full eMMC image
including a different MBR layout and a partition for U-Boot, because
our modern U-Boot can actually pass the command line to the kernel, and
the built-in one doesn't get used anyway.
Tested by upgrading from vendor OpenWrt to the current legacy image,
from legacy to itself, to the previous legacy layout, and then to
finally the full-system image.
ath79: correctly define WiFi switch for TL-WR841ND v8
The TL-WR841ND v8 feature a WiFi switch instead of a button.
This adds the corresponding input-type to prevent booting into
failsafe regularly.
This has been defined correctly in ar71xx, but was overlooked
when migrating to ath79. In contrast, the TL-WR842ND v2, which
has the key set up as switch in ar71xx, actually has a button.
The TL-MR3420 v2 has a button as well and is set up correctly
for both targets. (Information based on TP-Link user guide)
Note:
While looking into this, I found that support PR for TL-MR3420 v2
switched reset button to ACTIVE_HIGH. However, the other two
device still use ACTIVE_LOW. This seems strange, but I cannot
verify it lacking the affected devices.
Fixes: FS#2733 Fixes: 9601d94138de ("add support for TP-Link TL-WR841N/ND v8") Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(backported from commit 5e86877f36b0d95127dcef8ed3abf78ecd78061d)
lantiq/xrx200: make WLAN button responsive on Fritzbox 7360 & 7362
Pressing the 'WLAN' button should enable/disable wireless activity.
Currently, the button is mapped to the KEY_WLAN, which will not
have this effect.
This patch changes the mapping of the WLAN button, so a button
press will emit an action for the 'rfkill' key instead of 'wlan'.
Apparently, this is what stock OpenWRT expects.
This fix is analogous to the preceding patch for Fritzbox 3370.
Dustin Gathmann [Wed, 20 May 2020 23:22:53 +0000 (01:22 +0200)]
lantiq/xrx200: fix WLAN button actions for Fritzbox 3370
The WLAN button actions are reversed, i.e. pressing the button emits a
'released' action, and vice versa.
This can easily be checked by adding
logger -t button_action "$BUTTON $ACTION"
as the second line of /etc/rc.button/rfkill, and using logread to read
the events (assuming the preceding patch has been applied).
Defining the GPIO as ACTIVE_LOW corrects this behavior.
Dustin Gathmann [Wed, 20 May 2020 22:13:43 +0000 (00:13 +0200)]
lantiq/xrx200: make WLAN button responsive on Fritzbox 3370
Pressing the 'WLAN' button should enable/disable wireless activity.
However, on the Fritzbox 3370 this doesn't have an effect.
This patch changes the mapping of the physical WLAN button, so a button
press will emit an action for the 'rfkill' key instead of 'wlan'.
Apparently, this is what stock OpenWRT expects, and also what is
implemented for most other devices.
Bumping package version has been overlooked in a previous commit.
While at it, use PKG_RELEASE instead of PKG_VERSION, as the latter
is meant for upstream version number only.
(The effective version string for the package would be "3" in both
cases, so there is no harm done for version comparison.)
Fixes: 0453c3866feb ("vxlan: fix udp checksum control") Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit b29d620ed2521fe6fda40ddafe6cb0f1d70e4503)
Johannes Kimmel [Mon, 8 Jun 2020 14:14:43 +0000 (16:14 +0200)]
vxlan: fix udp checksum control
So far, passing "rxcsum" and "txcsum" had no effect.
Fixes: 95ab18e0124e ("vxlan: add options to enable and disable UDP
checksums")
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
[add Fixes:] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 0453c3866feb701160bbab4ecf9762c5a3038503)
Paul Spooren [Sun, 12 Jul 2020 04:44:55 +0000 (18:44 -1000)]
build,json: fix compatibility with Python 3.5
The f-string feature was introduced in Python 3.6. As Buildbots may run
on Debian 9, which comes per default with Python 3.5, this would cause
an issue. Instead of f-strings use the *legacy* `.format()` function.
On a system python3 is linked to python3.6, fail to perform json_overview_image_info
and got `TypeError: __init__() got an unexpected keyword argument 'capture_output'`.
This patch emulate the behaviour on python 3.7+.
Daniel Golle [Fri, 3 Jul 2020 20:57:52 +0000 (21:57 +0100)]
build,json: fix build failure in case no data is found
Only collect arch_packages if actually generating any output.
Fixes: commit f09b9319 ("build,json: store arch_packages in profiles.json"( Signed-off-by: Daniel Golle <daniel@makrotopia.org> Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 3b0f698760ae3a62173a28f18e9e1e3adef9c492)
Paul Spooren [Tue, 30 Jun 2020 11:02:43 +0000 (01:02 -1000)]
build: store default/device packages in JSON
With this commit the `profiles.json` contain both the target specific
`default_packages` as well as the device specific `device_packages` as a
array of strings.
This information is required for downstream projects like the various
web-based interactive firmware generators.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 263f7e5bbd119ebed1f514c16f659a2e2a2b132c)
Paul Spooren [Tue, 9 Jun 2020 04:15:05 +0000 (18:15 -1000)]
imagebuilder: Remove json_info_files/ before build
The folder `json_info_files` contains multiple JSON files which describe
created firmware images. The folder is not removed between builds as the
ImageBuilder does not use `image.mk`.
Not removing the JSON files result in a merged `profiles.json` file
containing entries for outdated or non-existing images.
This commit adds the `json_info_files/` cleanup step to the ImageBuilder
Makefile.
lantiq: dts: Move the &usb_vbus nodes out of &gpio
Move the USB VBUS regulator nodes out of the GPIO controller node. This
fixes a problem where the "regulator-fixed" driver wasn't probed for
these regulators because the GPIO driver doesn't scan the child-nodes
and based on the dt-bindings documentation it's not supposed to.
This fixed the following error reported by Luca Olivetti:
...
dwc2 1e101000.usb: DWC OTG Controller
dwc2 1e101000.usb: new USB bus registered, assigned bus number 1
dwc2 1e101000.usb: irq 62, io mem 0x1e101000
dwc2 1e101000.usb: startup error -517
dwc2 1e101000.usb: USB bus 1 deregistered
dwc2 1e101000.usb: dwc2_hcd_init() FAILED, returning -517
Fixes: FS#1634 Cc: Luca Olivetti <luca@ventoso.org> Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
[backported from 982468de35d499f85470b7b547d2b27cea53bae0] Signed-off-by: Luca Olivetti <luca@ventoso.org>
This fixes the following compile error:
drivers/mtd/nand/rb91x_nand.c: In function 'rb91x_nand_remove':
drivers/mtd/nand/rb91x_nand.c:445:16: error: 'rbni' undeclared (first use in this function)
nand_release(&rbni->chip);
Petr Štetiar [Tue, 23 Jun 2020 07:24:57 +0000 (09:24 +0200)]
armvirt,x86: fix build breakage of crypto ccp module
Upstream in commit f9f8f0c24203 ("crypto: ccp -- don't "select"
CONFIG_DMADEVICES") removed dependency on CONFIG_DMADEVICES symbol which
leads to build breakage of ccp crypto module, so fix this by adding that
symbol back in the kernel config.
Fixes: f4985a22ca1b ("kernel: Update kernel 4.14 to version 4.14.187") Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 472b8fc91bbab0530d72e9780a482bacc1bbe5f7)
Hans Dedecker [Sat, 6 Jun 2020 12:00:37 +0000 (14:00 +0200)]
nghttp2: bump to 1.41.0
8f7b008b Update bash_completion 83086ba9 Update manual pages c3b46625 Merge pull request from GHSA-q5wr-xfw9-q7xr 3eecc2ca Bump version number to v1.41.0, LT revision to 34:0:20 881c060d Update AUTHORS f8da73bd Earlier check for settings flood 336a98fe Implement max settings option ef415836 Revert "Add missing connection error handling" 979e6c53 Merge pull request #1459 from nghttp2/proxyprotov2 b7d16101 Add missing connection error handling cd53bd81 Merge pull request #1460 from gportay/patch-1 e5625b8c Fix doc c663349f integration: Add PROXY protocol v2 tests 854e9fe3 nghttpx: Always call init_forwarded_for c60ea227 Update doc 49cd8e6e nghttpx: Add PROXY-protocol v2 support 3b17a659 Merge pull request #1453 from Leo-Neat/master 600fcdf5 Merge pull request #1455 from xjtian/long_serials 4922bb41 static_cast size parameter in StringRef constructor to size_t aad86975 Fix get_x509_serial for long serial numbers dc7a7df6 Adding CIFuzz b3f85e2d Merge pull request #1444 from nghttp2/fix-recv-window-flow-control-issue ffb49c6c Merge pull request #1435 from geoffhill/master 2ec58551 Fix receiving stream data stall 459df42b Merge pull request #1442 from nghttp2/upgrade-llhttp a4c1fed5 Bump llhttp to 2.0.4 866eadb5 Enable session_create_idle_stream test, fix errors 5e13274b Fix typo e0d7f7de h2load: Allow port in --connect-to df575f96 h2load: add --connect-to option 1fff7379 clang-format-9 b40c6c86 Merge pull request #1418 from vszakats/patch-1 9bc2c75e lib/CMakeLists.txt: Make hard-coded static lib suffix optional 2d5f7659 Bump up version number to 1.41.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Note this is cherry-pick from master. It fixes CVE-2020-11080
and https://github.com/nxhack/openwrt-node-packages/issues/679
This bump fixes breakage introduced by kernel commit 8ab8786f78c3fc930f9abf6d6d85e95567de4e1f,
which is part of the 4.14.181 kernel bump, and backported ip6_dst_lookup_flow to 4.14.
This breaks the older WireGuard version currently in 19.07.
For reference, the compilation error is the one below:
build_dir/target-x86_64_musl/linux-x86_64/wireguard-linux-compat-1.0.20200506/src/compat/compat.h:104:42: error: 'const struct ipv6_stub' has no member named 'ipv6_dst_lookup'; did you mean 'ipv6_dst_lookup_flow'?
#define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, &dst, c) + (void *)0 ?: dst
Changelogs below taken from the official release announcements.
This release aligns with the changes I sent to DaveM for 5.7-rc7 and were
pushed to net.git about 45 minutes ago.
* qemu: use newer iproute2 for gcc-10
* qemu: add -fcommon for compiling ping with gcc-10
These enable the test suite to compile with gcc-10.
* noise: read preshared key while taking lock
Matt noticed a benign data race when porting the Linux code to OpenBSD.
* queueing: preserve flow hash across packet scrubbing
* noise: separate receive counter from send counter
WireGuard now works with fq_codel, cake, and other qdiscs that make use of
skb->hash. This should significantly improve latency spikes related to
buffer bloat. Here's a before and after graph from some data Toke measured:
https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png
* compat: support RHEL 8 as 8.2, drop 8.1 support
* compat: support CentOS 8 explicitly
* compat: RHEL7 backported the skb hash renamings
The usual RHEL churn.
* compat: backport renamed/missing skb hash members
The new support for fq_codel and friends meant more backporting work.
* compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4
* qemu: always use cbuild gcc rather than system gcc
* qemu: remove -Werror in order to build ancient kernels better
* qemu: patch kernels that rely on ancient make
* qemu: force 2MB pages for binutils 2.31
* qemu: use cbuild gcc for avx512 exclusion
* qemu: add extra fill in idt handler for newer binutils
* qemu: support fetching kernels for arbitrary URLs
* qemu: patch in UTS_UBUNTU_RELEASE_ABI for Ubuntu detection
* qemu: work around broken centos8 kernel
* qemu: mark per_cpu_load_addr as static for gcc-10
Our qemu test suite can now handle more kernels and more compilers. Scroll
down to the bottom of https://www.wireguard.com/build-status/ to see the
expanded array of kernels we now test against, including some distro kernels.
* compat: widen breadth of integer constants
* compat: widen breadth of memzero_explicit backport
* compat: backport skb_scrub_packet to 3.11
* compat: widen breadth of prandom_u32_max backport
* compat: narrow the breadth of iptunnel_xmit backport
* compat: backport iptunnel_xmit to 3.11
With the expanded qemu test suite, it was possible to expand our list of
mainline kernels, so the backport compat layer is now more precise.
* compat: ubuntu appears to have backported ipv6_dst_lookup_flow
* compat: bionic-hwe-5.0/disco kernel backported skb_reset_redirect and ipv6 flow
Ubuntu kernels changed recently, so this ensures we can compile with the
latest Ubuntu releases.
Leon M. George [Thu, 30 Apr 2020 08:26:36 +0000 (10:26 +0200)]
mac80211: fix use of local variable
mac80211_get_addr is called from mac80211_generate_mac, where the local variable
initialisation id="${macidx:-0}" suggests that macidx is not always defined.
Probably, idx was supposed to be used instead of $(($macidx + 1)).
Fixes: 4d99db168cf7 ("mac80211: try to get interface addresses from wiphy sysfs 'addresses' if no mask is set") Signed-off-by: Leon M. George <leon@georgemail.eu>
(cherry picked from commit 8f95220bcb554b1b668114e5264ebce4028c5f93)
Paul Spooren [Wed, 8 Apr 2020 20:17:01 +0000 (10:17 -1000)]
scripts: JSON merge don't crash if no JSON found
The JSON `WORK_DIR` ($(KDIR)/json_info_files) is only created if the new
image generation methods from `image.mk` are used. However some targets
like `armvirt` do not use it yet, so the folder is never created.
The `json_overview_image_info.py` script used to raise an error if the
given `WORK_DIR` isn't a folder, however it should just notify about
missing JSON files.
This patch removes the Python assert and exists with code 0 even if no
JSON files were found, as this is not necessarily an error but simply
not yet implemented. Using `glob` on an not existing `Path` results in
an empty list, therefore the for loop won't run.
Paul Spooren [Thu, 12 Mar 2020 22:55:41 +0000 (12:55 -1000)]
build: refactor JSON info files to `profiles.json`
JSON info files contain machine readable information of built profiles
and resulting images. These files were added in commit 881ed09ee6e2
("build: create JSON files containing image info").
They are useful for firmware wizards and script checking for
reproducibility.
Currently all JSON files are stored next to the built images, resulting
in up to 168 individual files for the ath79/generic target.
This patch refactors the JSON creation to store individual per image
(not per profile) files in $(BUILD_DIR)/json_info_files and create an
single overview file called `profiles.json` in the target directory.
Storing per image files and not per profile solves the problem of
parallel file writes. If a profiles sysupgrade and factory image are
finished at the same time both processes would write to the same JSON
file, resulting in randomly broken outputs.
Some target like x86/64 do not use the image code yet, resulting in
missing JSON files. If no JSON info files were created, no
`profiles.json` files is created as it would be empty anyway.
As before, this creation is enabled by default only if `BUILDBOT` is set.
Tested via buildroot & ImageBuilder on ath79/generic, imx6 and x86/64.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[json_info_files dir handling in Make, if case refactoring] Signed-off-by: Petr Štetiar <ynezz@true.cz>
(backported from commit 07449f692ce4c4525e946401f4c3ed0cbbc8c4df) Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Petr Štetiar [Tue, 5 Nov 2019 22:57:37 +0000 (23:57 +0100)]
build: image: fix build breakage of some images
Commit 881ed09ee6e2 ("build: create JSON files containing image info")
has removed the crucial empty new line from the image copy step
resulting in the following errors during make function expansion:
GZ_SUFFIX :=
bash: GZ_SUFFIX: command not found
Makefile:86: recipe for target 'openwrt-ath79-generic-tplink_archer-c7-v5-squashfs-sysupgrade.bin' failed
Fixes: 881ed09ee6e2 ("build: create JSON files containing image info") Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 0fb23d67f00a18c3f9e712ca97cfc34b38071f4a)
Signed-off-by: Paul Spooren <mail@aparcar.org>
(backported from commit 881ed09ee6e23f6c224184bb7493253c4624fb9f) Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
ath79: do not build TP-Link tiny images by default
For quite some time, the tiny (4M flash) TP-Link sysupgrade and
factory images cannot be built anymore by the buildbots, just
the initramfs-kernel.bin files are still there.
Disable these images for the buildbots and don't waste build
resources.
Note that these devices still build fine with default settings,
just not with the additional packages and config symbols for
the buildbots.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
mediatek: fix IPv4-only corner case and commit in 99-net-ps
The uci config section network.globals set up in /bin/config_generate
will only be created if /proc/sys/net/ipv6 exists.
Correspondingly, lacking IPv6 support, the command
uci set network.globals.packet_steering=1
will fail with "uci: Invalid argument" as the network.globals config
has not been set up.
Fix that by adding the setup there as well.
While at it, limit the uci commit to the network config file.
Fix the switch LAN labels for the DGND3700v1/DGND3800B router,
the order is reversed.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
[cut out of bigger patch, adjust commit title/message accordingly] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 583b3e40254076693eb5227a9d9ae49eb2b0bcbf)
Jose Olivera [Mon, 20 May 2019 13:10:56 +0000 (21:10 +0800)]
mvebu: fix default EU regdomain for Linksys WRT AC devices
The mwlwifi driver sets the default country code for EU (fi-
rmware region code 0x30) certified devices to FR (France),
not DE (Germany). Whilst this is a trivial fix, novice users
may not know how mwlwifi negatively reacts to a non-matching
country code and may leave the setting alone. Especially si-
nce it is under the advanced settings section in LuCI.
The mwlwifi driver readme states "Please don't change country
code and let mwlwifi set it for you." However, OpenWrt's current
behaviour does not adhere to this with its default, 'just flashed
from factory' setting for EU devices.
Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
[rebase, extend commit message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit d0e8b8310f7079ccf250f7eddbdf8b9d319c274d)
Sungbo Eo [Sun, 23 Feb 2020 04:17:39 +0000 (13:17 +0900)]
base-files: remove urandom-seed definition
urandom-seed has a separate Makefile, we can safely remove the definition here.
Fixes: 27bfde9c9f78 ("base-files: move urandom seed bits into separate package") Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 46a6586c83e029446ea35b02a328e5f7935d4a9f)
ath79: drop and consolidate redundant chosen/bootargs
In ath79, for several SoCs the console bootargs are defined to the
very same value in every device's DTS. Consolidate these definitions
in the SoC dtsi files and drop further redundant definitions elsewhere.
The only device without any bootargs set has been OpenMesh OM5P-AC V2.
This will now inherit the setting from qca955x.dtsi
While this is a cosmetic change, backporting it to 19.07 will be a
major help for anyone doing backports of device support. Without it,
every backporter would have to remember to manually add the chosen node
to the device's DTS.
In contrast to the implementation in ar71xx (reset and WiFi button),
the device actually features reset and WPS buttons.
Flashing instructions:
Upload the ...-factory.bin file via OEM web interface.
TFTP Recovery:
1. Set PC to fixed IP address 192.168.0.66
2. Download *-factory.bin image and rename it to
wa801ndv3_tp_recovery.bin
3. Start a tftp server with the image file in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
TFTP recovery has only been tested with v3, and the Wiki states
that the procedure won't work for v4, which cannot be verified
or falsified at the moment.
Tested by Tim Ward (see forum):
https://forum.openwrt.org/t/ath79-support-for-tp-link-tl-wa901nd-v3-v4-v5/61246/13
projects / thirdparty / openwrt.git / log
