openwrt/openwrt.git
4 years agofirmware-utils/tplink-safeloader: add compat level
Sander Vanheule [Sat, 11 Jul 2020 21:06:54 +0000 (23:06 +0200)]
firmware-utils/tplink-safeloader: add compat level

TP-Link has introduced a compatibility level to prevent certain
downgrades. This information is stored in the soft-version partition,
changing the data length from 0xc to 0x10.

The compatibility level doesn't change frequently. For example, it has
the following values for the EAP245v3 (released 2018-Q4):
* FW v2.2.0  (2019-05-30): compat_level=0
* FW v2.3.0  (2019-07-31): compat_level=0
* FW v2.3.1  (2019-10-29): compat_level=1
* FW v2.20.0 (2020-04-23): compat_level=1

Empty flash values (0xffffffff) are interpreted as compat_level=0.
If a firmware upgrade file has a soft-version block without
compatibility level (data length < 0x10), this is also interpreted as
compat_level=0.

By including a high enough compatibility level in factory images, stock
firmware can be convinced to accept the image. A compatibility level
aware firmware will keep the original value.

Example upgrade log of TP-Link EAP245v3 FWv2.3.0 to FWv2.20.0:
    [NM_Debug](nm_fwup_verifyFwupFile) 02073: curSoftVer:2.3.0 Build
        20190731 Rel. 51932,newSoftVer:2.20.0 Build 20200423 Rel. 36779
    ...
    AddiHardwareVer check: NEW(0x1) >= CUR(0x0), Success.
    ...
    [NM_NOTICE](updateDataToNvram) 00575: Restore old additionalHardVer:
    0x0.(new 0x1)
    [NM_NOTICE](updateDataToNvram) 00607: PTN 07: name = soft-version,
        base = 0x00092000, size = 0x00000100 Bytes, upDataType = 1,
        upDataStart = 7690604b, upDataLen = 00000018
    [NM_Debug](updateDataToNvram) 00738: PTN 07: write bytes = 000002eb

Other firmware upgrades have been observed to modify the compabitility
stored level (e.g. TP-Link EAP225-Outdoor FWv1.4.1 to FWv1.7.0).
Therefore, it seems to be the safest option to set the OpenWrt
compatibility level to the highest known value instead of the highest
possible value (0xfffffffe), to ensure users do not get unexpectedly
refused firmware upgrades when using a device reverted back to stock.

To remain compatible with existing devices and not produce different
images, the image builder doesn't store a compatibility level if it is
zero.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
4 years agofirmware-utils/tplink-safeloader: soft-version magic is data length
Sander Vanheule [Sat, 11 Jul 2020 20:58:07 +0000 (22:58 +0200)]
firmware-utils/tplink-safeloader: soft-version magic is data length

The soft-version partition actually contains a header and trailing data:
* header: {data length, [zero]}
* data: {version, bcd encoded date, revision}

The data length is currently treated as a magic number, but should
contain the length of the partition data.

This header is also present the following partitions (non-exhaustive):
* string-based soft-version
* support-list

Signed-off-by: Sander Vanheule <sander@svanheule.net>
4 years agoath79: enable elf mtd splitter
Sander Vanheule [Sat, 11 Jul 2020 11:13:40 +0000 (13:13 +0200)]
ath79: enable elf mtd splitter

Enabled the ELF firmware partition splitter 4.19 and 5.4 in preparation
for the TP-Link EAP245v3 device support.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
4 years agokernel: mtdsplit: support ELF loader splitting
Sander Vanheule [Thu, 2 Jul 2020 20:33:56 +0000 (22:33 +0200)]
kernel: mtdsplit: support ELF loader splitting

To parse the ELF kernel loader, a small ELF parser is used that can
handle both ELF32 or ELF64 class loaders. The splitter assumes that the
kernel is always located before the rootfs, whether it is embedded in
the loader or not. If the kernel is located after the rootfs on the
firmware partition, then the rootfs splitter will include it in the
dynamically created rootfs_data partition and the kernel will be
corrupted.

The kernel image is preferably embedded inside the ELF loader, so the
end of the loader equals the end of the kernel partition. This is due to
the way mtd_find_rootfs_from searches for the the rootfs:
- if the kernel image is embedded in the loader, the appended rootfs may
  follow the loader immediately, within the same erase block.
- if the kernel image is not embedded in the loader, but placed at some
  offset behind the loader (OKLI-style loader), the rootfs must be
  aligned to an erase-block after the loader and kernel image.

In case section header table is empty, determine the elf loader size by
finding the end of the last segment, as defined by the program header
table.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
4 years agobuild: allow file modes per binary package
Sebastian Kemper [Wed, 9 Sep 2020 10:29:50 +0000 (12:29 +0200)]
build: allow file modes per binary package

Currently the global variable PKG_FILE_MODES is used for all ipkg
creations. This works for Makefiles which output a single package, or
variants of a single package.

But if a Makefile outputs multiple packages that each contain different
files, setting PKG_FILE_MODES causes build failure when any of the files
in the variable do not exist in the folder that is currently being
packaged.

Example:

/openwrt/staging_dir/host/bin/fakeroot -l /openwrt/staging_dir/host/lib/libfakeroot.so -f /openwrt/staging_dir/host/bin/faked /openwrt/scripts/ipkg-build -m "/usr/lib/mariadb/plugin/auth_pam_tool_dir:root:376:0750" /openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks /openwrt/bin/packages/mips_24kc/packages
+chown: cannot access '/openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks//usr/lib/mariadb/plugin/auth_pam_tool_dir': No such file or directory

This commit changes the file mode handling a bit. The file mode can now
be set either globally via PKG_FILE_MODES (no behavior change) or on a
per-package basis via FILE_MODES. This way specific file modes can be
used for any particular package.

This behavior is already used for other OpenWrt variables, hence it is
familiar:

PKG_MAINTAINER vs MAINTAINER
PKG_SOURCE_SUBDIR vs SUBDIR
PKG_LICENSE vs LICENSE
...

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
4 years agoramips: disable default build for Ravpower RP-WD03
Adrian Schmutzler [Wed, 9 Sep 2020 12:12:14 +0000 (14:12 +0200)]
ramips: disable default build for Ravpower RP-WD03

This device has a 1.5M kernel size limit during boot and is
unbootable since February 2019 [1].

[1] https://forum.openwrt.org/t/ravpower-wd03-does-not-start-with-openwrt-master/49792

Reported-by: Szabolcs Hubai <szab.hu@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoopenvpn: fix shell compare operator in openvpn.init
Martin Schiller [Wed, 24 Jun 2020 05:22:17 +0000 (07:22 +0200)]
openvpn: fix shell compare operator in openvpn.init

Don't use bash syntax, because /bin/sh is used here.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agotools: fakeroot: use TCP as IPC transport
Jo-Philipp Wich [Tue, 8 Sep 2020 11:52:10 +0000 (13:52 +0200)]
tools: fakeroot: use TCP as IPC transport

Some environments, e.g. first gen WSL, do not support SysV IPC.
Enforce the use of TCP transport instead which should be universally
available.

Fixes: FS#3317
Ref: https://github.com/microsoft/WSL/issues/4067
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years agomediatek/ramips: remove an ethernet optimization patch that was reported to cause...
Felix Fietkau [Wed, 9 Sep 2020 09:51:21 +0000 (11:51 +0200)]
mediatek/ramips: remove an ethernet optimization patch that was reported to cause a regression

In some tests, crashes were observed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agomac80211: update encap offload patches to the latest version
Felix Fietkau [Tue, 8 Sep 2020 12:22:28 +0000 (14:22 +0200)]
mac80211: update encap offload patches to the latest version

Minor cleanup and code reorganization, along with a change to not disable
offload anymore when a tkip or sw crypto key is added

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agomediatek: backport the latest version of the mt7531 support patches
Felix Fietkau [Mon, 7 Sep 2020 15:47:15 +0000 (17:47 +0200)]
mediatek: backport the latest version of the mt7531 support patches

Fixes unknown unicast flooding issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agowireguard: bump to 1.0.20200908
Jason A. Donenfeld [Tue, 8 Sep 2020 16:28:30 +0000 (18:28 +0200)]
wireguard: bump to 1.0.20200908

* compat: backport kfree_sensitive and switch to it
* netlink: consistently use NLA_POLICY_EXACT_LEN()
* netlink: consistently use NLA_POLICY_MIN_LEN()
* compat: backport NLA policy macros

Backports from upstream changes.

* peerlookup: take lock before checking hash in replace operation

A fix for a race condition caught by syzkaller.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agohostapd: add UCI support for Hotspot 2.0
Daniel Golle [Tue, 8 Sep 2020 19:00:05 +0000 (20:00 +0100)]
hostapd: add UCI support for Hotspot 2.0

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agonetifd: update to git HEAD
Daniel Golle [Tue, 8 Sep 2020 19:01:11 +0000 (20:01 +0100)]
netifd: update to git HEAD

 3d9bd73 utils: fix check_pid_path to work with deleted file as well
 330f403 vlan: initialize device ifname earlier at creation time
 c057e71 device: do not check state from within device_init
 cb0c07b system-dummy: fix resolving ifindex
 ccd9ddc bridge: add support for turning on vlan_filtering
 82bcb64 bridge: add support for adding vlans to a bridge
 0e8cea0 bridge: add support for VLAN filtering
 6086b63 config: enable bridge vlan filtering by default for bridges that define VLANs
 ac0710b device: look up full device name before traversing vlan chain
 e32e21e bridge: flush vlan list on bridge free
 645ceed interface-ip: clear host bits of the device prefix
 d7b614a netifd-wireless: parse 'osen' encryption

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agotreewide: revert sysupgrade adjustments for early DSA-adopters
Adrian Schmutzler [Sat, 8 Aug 2020 19:33:25 +0000 (21:33 +0200)]
treewide: revert sysupgrade adjustments for early DSA-adopters

The uci-default mechanism to update the compat-version was only
meant for early DSA-adopters, which should have updated by now.

Remove this workaround again in order to prevent the intended
experiences for all the other people.

This reverts:
a9703db72030 ("mvebu: fix sysupgrade experience for early DSA-adopters")
86c89bf5e8f5 ("kirkwood: fix sysupgrade experience for early DSA-adopters")

Partially reverted:
1eac573b5304 ("ramips: mt7621: implement compatibility version for DSA migration")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoRevert "treewide: add sysupgrade comment for early DSA-adopters"
Adrian Schmutzler [Sat, 8 Aug 2020 19:30:44 +0000 (21:30 +0200)]
Revert "treewide: add sysupgrade comment for early DSA-adopters"

This reverts commit e81e625ca375d6dc3c885ec870ec15757ac76d72.

This was meant just for early DSA-adopters. Those should have
updated by now, remove it so future updaters get the intended
experience.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agofakeroot: add license information
Daniel Golle [Tue, 8 Sep 2020 13:58:17 +0000 (14:58 +0100)]
fakeroot: add license information

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agodropbear: Enable Ed25519 for normal devices
Paul Spooren [Tue, 1 Sep 2020 19:13:28 +0000 (09:13 -1000)]
dropbear: Enable Ed25519 for normal devices

The Ed25519 key pairs are much shorter than RSA pairs and are supported
by default in OpenSSH. Looking at websites explaining how to create new
SSH keys, many suggest using Ed25519 rather than RSA, however consider
the former as not yet widely established. OpenWrt likely has a positive
influence on that development.

As enabling Ed25519 is a compile time option, it is currently not
possible to install the feature via `opkg` nor select that option in an
ImageBuilder.

Due to the size impact of **12kB** the option should only be enabled for
devices with `!SMALL_FLASH`.

This approach seems cleaner than splitting `dropbear` into two packages
like `dropbear` and `dropbear-ed25519`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agoutil-linux: Fix build when libmagic is present
Rosen Penev [Tue, 1 Sep 2020 22:37:03 +0000 (15:37 -0700)]
util-linux: Fix build when libmagic is present

When the libmagic from the file package in the packages feed was also
compiled and provided its libmagic.so file, util-linux tried to link
against it. Avoid this by explicitly disable libmagic support.

This fixes the following build error:
Package more is missing dependencies for the following libraries:
libmagic.so.1

Fixes: 36d9ed360a34 ("util-linux: update to 2.36")
Acked-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[Add commit description]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agowolfssl: Activate link time optimization (LTO)
Hauke Mehrtens [Tue, 1 Sep 2020 12:50:52 +0000 (14:50 +0200)]
wolfssl: Activate link time optimization (LTO)

The ipk sizes for mips_24Kc change like this:
old:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk 391.545

new:
libwolfssl24_4.5.0-stable-2_mips_24kc.ipk 387.439

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agoiw: Update to version 5.8
Hauke Mehrtens [Tue, 1 Sep 2020 12:23:44 +0000 (14:23 +0200)]
iw: Update to version 5.8

The ipk sizes for mips_24Kc change like this:
old:
iw_5.4-1_mips_24kc.ipk 35.767
iw-full_5.4-1_mips_24kc.ipk 68.423

new:
iw_5.8-1_mips_24kc.ipk 36.883
iw-full_5.8-1_mips_24kc.ipk 71.992

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agonftables: Activate link time optimization (LTO)
Hauke Mehrtens [Tue, 1 Sep 2020 12:05:12 +0000 (14:05 +0200)]
nftables: Activate link time optimization (LTO)

The ipk sizes for mips_24Kc change like this:
old:
nftables-json_0.9.6-1_mips_24kc.ipk 231.968
nftables-nojson_0.9.6-1_mips_24kc.ipk 204.731

new:
nftables-json_0.9.6-2_mips_24kc.ipk 221.894
nftables-nojson_0.9.6-2_mips_24kc.ipk 193.932

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agolibnftnl: Activate link time optimization (LTO)
Hauke Mehrtens [Tue, 1 Sep 2020 12:04:22 +0000 (14:04 +0200)]
libnftnl: Activate link time optimization (LTO)

The ipk sizes for mips_24Kc change like this:
old:
libnftnl12_1.1.7-1_mips_24kc.ipk 47.459

new:
libnftnl12_1.1.7-2_mips_24kc.ipk 45.742

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agojansson: Activate link time optimization (LTO)
Hauke Mehrtens [Tue, 1 Sep 2020 12:02:47 +0000 (14:02 +0200)]
jansson: Activate link time optimization (LTO)

The ipk sizes for mips_24Kc change like this:
old:
jansson4_2.13.1-1_mips_24kc.ipk 19.171

new:
jansson4_2.13.1-2_mips_24kc.ipk 18.936

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agonftables: Update to version 0.9.6
Hauke Mehrtens [Mon, 24 Aug 2020 10:04:58 +0000 (12:04 +0200)]
nftables: Update to version 0.9.6

The ipk sizes for mips_24Kc change like this:
old:
nftables-json_0.9.3-1_mips_24kc.ipk 220.262
nftables-nojson_0.9.3-1_mips_24kc.ipk 192.937

new:
nftables-json_0.9.6-1_mips_24kc.ipk 231.968
nftables-nojson_0.9.6-1_mips_24kc.ipk 204.731

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agolibnftnl: Update to version 1.1.7
Hauke Mehrtens [Mon, 24 Aug 2020 10:04:38 +0000 (12:04 +0200)]
libnftnl: Update to version 1.1.7

The ipk sizes for mips_24Kc change like this:
old:
libnftnl12_1.1.5-1_mips_24kc.ipk 46.252

new:
libnftnl12_1.1.7-1_mips_24kc.ipk 47.459

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agojansson: Update to version 2.13.1
Hauke Mehrtens [Mon, 24 Aug 2020 10:04:15 +0000 (12:04 +0200)]
jansson: Update to version 2.13.1

This also sets the ABI_VERSION as this is a versioned shared library.

The ipk sizes for mips_24Kc change like this:
old:
jansson_2.12-1_mips_24kc.ipk 18.692

new:
jansson4_2.13.1-1_mips_24kc.ipk 19.171

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agokernel: bump 5.4 to 5.4.63
John Audia [Sat, 5 Sep 2020 17:43:41 +0000 (13:43 -0400)]
kernel: bump 5.4 to 5.4.63

Manually merged:
 hack-5.4
  230-openwrt_lzma_options.patch
 bcm27xx
  950-0283-hid-usb-Add-device-quirks-for-Freeway-Airmouse-T3-an.patch
 x86
  011-tune_lzma_options.patch

Remove upstreamed patches in collaboration with Ansuel Smith:
 ipq806x
  093-1-v5.8-ipq806x-PCI-qcom-Add-missing-ipq806x-clocks-in-PCIe-driver.patch
  093-2-v5.8-ipq806x-PCI-qcom-Change-duplicate-PCI-reset-to-phy-reset.patch
  093-3-v5.8-ipq806x-PCI-qcom-Add-missing-reset-for-ipq806x.patch

All other modifications made by update_kernel.sh

Build-tested: bcm27xx/bcm2708, ipq806x, x86/64
Run-tested: ipq806x (R7800), x86/64

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>
[update commit message/tested]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath25: disable devices with 4M flash
Adrian Schmutzler [Sun, 6 Sep 2020 17:50:36 +0000 (19:50 +0200)]
ath25: disable devices with 4M flash

Devices with 4M flash are not built be default for 20.xx anymore.

Building them with buildbot settings does not work anymore anyway.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath25: apply vendor_model scheme
Adrian Schmutzler [Sun, 6 Sep 2020 15:24:36 +0000 (17:24 +0200)]
ath25: apply vendor_model scheme

This applies the vendor_model scheme for this target as well, so
naming is consistent throughout supported targets.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath25: eth: fix crash on skb DMA (un-)map
Sergey Ryazanov [Fri, 4 Sep 2020 23:51:31 +0000 (02:51 +0300)]
ath25: eth: fix crash on skb DMA (un-)map

AR2315 Ethernet driver pass NULL instead of a real device pointer to DMA
(un-)map calls. With kernel version 5.4 such behaviour causes a kernel
panic. Fix this issue by preserving device pointer during the probe
procedure and pass it to each skb data DMA (un-)map call.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
4 years agoath25: fix ethernet supported link modes for ar2313
Sergey Ryazanov [Sun, 6 Sep 2020 15:00:08 +0000 (17:00 +0200)]
ath25: fix ethernet supported link modes for ar2313

Rework ethernet supported link modes to linkmode bitmask.

This is needed to suppress compilation errors:

   drivers/net/ethernet/atheros/ar231x/ar231x.c:1153:20: ...
     error: assignment to expression with array type
     phydev->supported &= (SUPPORTED_10baseT_Half
                       ^~

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
[cut out of bigger patch, adjust commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath25: fix compilation for AR2315 MTD driver
Adrian Schmutzler [Mon, 13 Apr 2020 17:11:22 +0000 (19:11 +0200)]
ath25: fix compilation for AR2315 MTD driver

Kernel commit e7bfb3fdbde3 ("mtd: Stop updating erase_info->state
and calling mtd_erase_callback()") removed erase_info->state
updates and calls of mtd_erase_callback().

Drop these erase callback invocations from AR2315 MTD driver as well.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath25: update config for kernel 5.4
Adrian Schmutzler [Sun, 6 Sep 2020 12:08:43 +0000 (14:08 +0200)]
ath25: update config for kernel 5.4

Update config with make kernel_oldconfig.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath25: refresh patches for kernel 5.4
Adrian Schmutzler [Mon, 13 Apr 2020 17:11:20 +0000 (19:11 +0200)]
ath25: refresh patches for kernel 5.4

Refresh patches to make them apply to kernel 5.4.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath25: add back target support
Adrian Schmutzler [Sun, 6 Sep 2020 11:57:27 +0000 (13:57 +0200)]
ath25: add back target support

Discussion on the mailing list reveals that this target has active
users. As we are finally able to upgrade this target to kernel 5.4,
add it back to master.

This reverts commit 7d29a5571403 ("ath25: drop target") and
immediately moves the relevant files to 5.4, without touching
the content.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath79: drop Build/loader-kernel-cmdline
Adrian Schmutzler [Wed, 2 Sep 2020 11:19:59 +0000 (13:19 +0200)]
ath79: drop Build/loader-kernel-cmdline

This is the same as  loader-kernel since the KERNEL_CMDLINE
parameter has been removed in [1] and not used at all anyway.

Remove it.

[1] f77db1a59036 ("ath79: cleanup image build code")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Paul Spooren <mail@aparcar.org>
4 years agoramips: add support for D-Link DIR-2660 A1
Josh Bendavid [Tue, 14 Jul 2020 15:39:21 +0000 (17:39 +0200)]
ramips: add support for D-Link DIR-2660 A1

This patch adds support for D-Link DIR-2660 A1.

Specifications:
* Board: AP-MTKH7-0002
* SoC: MediaTek MT7621AT
* RAM: 256 MB (DDR3)
* Flash: 128 MB (NAND)
* WiFi: MediaTek MT7615N (x2)
* Switch: 1 WAN, 4 LAN (Gigabit)
* Ports: 1 USB 2.0, 1 USB 3.0
* Buttons: Reset, WPS
* LEDs: Power (white/orange), Internet (white/orange), WiFi 2.4G (white),
        WiFi 5G (white), USB 3.0 (white), USB 2.0 (white)

Notes:
* WiFi 2.4G and WiFi 5G LEDs are wired directly to the wireless chips

Installation:
* D-Link Recovery GUI: power down the router, press and hold the reset
  button, then re-plug it. Keep the reset button pressed until the power
  LED starts flashing orange, manually assign a static IP address under
  the 192.168.0.xxx subnet (e.g. 192.168.0.2) and go to http://192.168.0.1

* Some modern browsers may have problems flashing via the Recovery GUI,
  if that occurs consider uploading the firmware through cURL:

    curl -v -i -F "firmware=@file.bin" 192.168.0.1

MAC addresses:

lan   factory 0xe000     *:a7 (label)
wan   factory 0xe006     *:aa
2.4   factory 0xe000 +1  *:a8
5.0   factory 0xe000 +2  *:a9

Seems like vendor didn't replace the dummy entries in the calibration data.

Signed-off-by: Josh Bendavid <joshbendavid@gmail.com>
[rebase onto already merged DIR-1960 A1, add MAC addresses to commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agokernel: backport GRO improvements
Felix Fietkau [Sun, 6 Sep 2020 11:29:48 +0000 (13:29 +0200)]
kernel: backport GRO improvements

Improves network performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agokernel: backport improved checksum function for ARM64
Felix Fietkau [Sun, 6 Sep 2020 11:28:59 +0000 (13:28 +0200)]
kernel: backport improved checksum function for ARM64

Improves network performance in some cases when checksum offload is not
available

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agomediatek/mt7622: adjust kernel cpu features to match the hardware
Felix Fietkau [Sun, 6 Sep 2020 10:19:32 +0000 (12:19 +0200)]
mediatek/mt7622: adjust kernel cpu features to match the hardware

Disable unnecessary errata/features
Enable potentially needed ones

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agoapm821xx: provide legacy interrupts for PCIe in DT
Christian Lamparter [Thu, 3 Sep 2020 19:24:16 +0000 (21:24 +0200)]
apm821xx: provide legacy interrupts for PCIe in DT

Devices with PCIe-Switches like the WNDR4700, MR24 and WNDAP660
need to have the interrupts property specified in the device-tree
for the legacy pci interrupt signaling method to work.

If the proper interrupt value is not specified, the default INTA
IRQ 12 is taken for all devices. This is especially bad, if the
device is setup to use INTC, because these interrupts will not
be serviced.

Russell Senior reported his experience on the MR24:
"The symptom is client devices can't see the beacons.
Wifi ifaces appear, can scan and hear other networks,
but clients can't see the MR24's SSIDs."

(The interrupts-property on the WNDAP620 was optional since it
uses INTA by default. Likewise the MX60W is in the same category)

Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
4 years agobase-files: support label-property-less in get_dt_leds
Christian Lamparter [Sun, 30 Aug 2020 02:42:54 +0000 (04:42 +0200)]
base-files: support label-property-less in get_dt_leds

The LED's "label" property has been deprecated in upstream by:

|commit c5d18dd6b64e09dd6984bda9bdd55160af537a8c
|Author: Jacek Anaszewski <jacek.anaszewski@gmail.com>
|Date:   Sun Jun 9 20:19:04 2019 +0200
|
|    dt-bindings: leds: Add properties for LED name construction
|
|    Introduce dedicated properties for conveying information about
|    LED function and color. Mark old "label" property as deprecated.
|
|    Additionally function-enumerator property is being provided
|    for the cases when neither function nor color can be used
|    for LED differentiation.

in order to be somewhat prepared, this patch adds a fallback
as a last resort to make the current led code work by falling
back to the node-name as the "label".

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
4 years agoppp: update to latest git HEAD
Hans Dedecker [Sat, 5 Sep 2020 17:12:28 +0000 (19:12 +0200)]
ppp: update to latest git HEAD

af30be0 Fix setting prefix for IPv6 link-local addresss
0314df4 Disable asking password again when prompt program returns 128

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agofirewall: bump to latest HEAD
David Bauer [Sat, 5 Sep 2020 10:58:07 +0000 (12:58 +0200)]
firewall: bump to latest HEAD

8c2f9fa fw3: zones: limit zone names to 11 bytes
78d52a2 options: fix parsing of boolean attributes

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agobuild: fix extreme build system slowdown caused by SOURCE_DATE_EPOCH changes
Felix Fietkau [Sat, 5 Sep 2020 09:19:11 +0000 (11:19 +0200)]
build: fix extreme build system slowdown caused by SOURCE_DATE_EPOCH changes

Adding inline shell invocations in per-target variables causes them to be
executed over and over again, which causes a significant slowdown.
Fix this by evaluating it only once per package directory

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agomediatek: enable coherent DMA for ethernet and PCI
Felix Fietkau [Fri, 4 Sep 2020 17:41:46 +0000 (19:41 +0200)]
mediatek: enable coherent DMA for ethernet and PCI

Improves performance by eliminating the need for extra cache flushes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agomediatek: fix an irq handling issue
Felix Fietkau [Fri, 4 Sep 2020 17:41:33 +0000 (19:41 +0200)]
mediatek: fix an irq handling issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agomediatek/ramips: add patch to avoid unnecessary rearming of interrupts
Felix Fietkau [Fri, 4 Sep 2020 16:30:07 +0000 (18:30 +0200)]
mediatek/ramips: add patch to avoid unnecessary rearming of interrupts

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agomediatek: disable packet steering by default
Felix Fietkau [Tue, 25 Aug 2020 08:18:52 +0000 (10:18 +0200)]
mediatek: disable packet steering by default

mt76 now spreads the load over multiple CPUs more smoothly, processing
ethernet packets should be faster running on one core

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agomac80211: add preliminary support for enabling 802.11ax in config
Felix Fietkau [Wed, 26 Aug 2020 10:30:12 +0000 (12:30 +0200)]
mac80211: add preliminary support for enabling 802.11ax in config

No advanced features are configurable yet, just basic enabling of HE modes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agomediatek: enable kernel PCIe ASPM support, refresh kernel config
Felix Fietkau [Fri, 4 Sep 2020 10:31:17 +0000 (12:31 +0200)]
mediatek: enable kernel PCIe ASPM support, refresh kernel config

Improves performance on PCIe devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agolibselinux: package executables into -utils
Daniel Golle [Fri, 4 Sep 2020 01:49:23 +0000 (02:49 +0100)]
libselinux: package executables into -utils

Add new package libselinux-utils containing the executable
utilities included with libselinux.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agolayerscape: fix linux headers install issue
Yangbo Lu [Thu, 20 Aug 2020 12:30:38 +0000 (20:30 +0800)]
layerscape: fix linux headers install issue

The linux upstream commit had treated config leak as error.
5967577 scripts: headers_install: Exit with error on config leak

It is causing below build issue. Provide a kernel patch to fix
it by replacing CONFIG_COMPAT kernel option with FM_COMPAT instead.

  HDRINST usr/include/linux/fmd/integrations/integration_ioctls.h
  HDRINST usr/include/linux/fmd/Peripherals/fm_port_ioctls.h
error: include/uapi/linux/fmd/Peripherals/fm_port_ioctls.h: leak
CONFIG_COMPAT to user-space
scripts/Makefile.headersinst:63: recipe for target
'usr/include/linux/fmd/Peripherals/fm_port_ioctls.h' failed
make[5]: *** [usr/include/linux/fmd/Peripherals/fm_port_ioctls.h] Error 1
Makefile:1198: recipe for target 'headers' failed
make[4]: *** [headers] Error 2

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
4 years agoconfig: add KERNEL_LSM symbol
Paul Spooren [Wed, 2 Sep 2020 00:32:45 +0000 (14:32 -1000)]
config: add KERNEL_LSM symbol

The LSM (Linux security mechanism) list is the successor of the now
legacy *major LSM*. Instead of defining a single security mechanism the
LSM symbol is a comma separated list of mechanisms to load.

Until recently OpenWrt would only support DAC (Unix discretionary access
controls) which don't require an additional entry in the LSM list. With
the newly introduced SELinux support the LSM needs to be extended else
only a manual modified Kernel cmdline (`security=selinux`) would
activate SELinux.

As the default OpenWrt Kernel config sets DAC as default security
mechanism, SELinux is stripped from the LSM list, even if
`KERNEL_DEFAULT_SECURITY_SELINUX` is activated. To allow SELinux without
a modified cmdline this commit sets a specific LSM list if
`KERNEL_SECURITY_SELINUX` is enabled.

The upstream Kconfig adds even more mechanisms
(smack,selinux,tomoyo,apparmor), but until they're ported to OpenWrt,
these can be ignored.

To compile SELinux Kernel support but disable it from loading, the
already present options `KERNEL_SECURITY_SELINUX_DISABLE` or
`KERNEL_SECURITY_SELINUX_BOOTPARAM` (with custom cmdline `selinux=0`)
can be used. Further it's possible to edit `/etc/selinux/config`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agoramips: add support for HooToo HT-TM05
Russell Morris [Wed, 25 Dec 2019 00:38:36 +0000 (18:38 -0600)]
ramips: add support for HooToo HT-TM05

The HooToo HT-TM05 is a battery powered router, with an Ethernet and USB port.
Vendor U-Boot limited to 1.5 MB kernel size, so use lzma loader (loader-okli).

Specifications:

  SOC:     MediaTek MT7620N
  BATTERY: 10400mAh
  WLAN:    802.11bgn
  LAN:     1x 10/100 Mbps Ethernet
  USB:     1x USB 2.0 (Type-A)
  RAM:     64 MB
  FLASH:   GigaDevice GD25Q64, Serial 8 MB Flash, clocked at 50 MHz
           Flash itself specified to 80 MHz, but speed limited by mt7620 SPI
           fast-read enabled (m25p)
  LED:     Status LED (blue after boot, green with WiFi traffic
           4 leds to indicate power level of the battery (unable to control)
  INPUT:   Power, reset button

MAC assignment based on vendor firmware:

  2.4 GHz    *:b4   (factory 0x04)
  LAN/label  *:b4   (factory 0x28)
  WAN        *:b5   (factory 0x2e)

Tested and working:

 - Ethernet
 - 2.4 GHz WiFi (Correct MAC-address)
 - Installation from TFTP (recovery)
 - OpenWRT sysupgrade (Preserving and non-preserving), through the usual
   ways: command line and LuCI
 - LEDs (except as noted above)
 - Button (reset)
 - I2C, which is needed for reading battery charge status and level
 - U-Boot environment / variables (from U-Boot, and OpenWrt)

Installation:

 - Download the needed OpenWrt install files, place them in the root
   of a clean TFTP server running on your computer. Rename the files as,
   - ramips-mt7620-hootoo_tm05-squashfs-kernel.bin => kernel
   - ramips-mt7620-hootoo_tm05-squashfs-rootfs.bin => rootfs
 - Plug the router into your computer via Ethernet
 - Set your computer to use 10.10.10.254 as its IP address
 - With your router shut down, hold down the power button until the first
   white LED lights up.
 - Push and hold the reset button and release the power button. Continue
   holding the reset button for 30 seconds or until it begins searching
   for files on your TFTP server, whichever comes first.
 - The router (10.10.10.128) will look for your computer at 10.10.10.254
   and install the two files. Once it has finished installation, it will
   automatically reboot and start up OpenWrt.
 - Set your computer to use DHCP for its IP address

Notes:

 - U-Boot environment can be modified, u-boot-env is preserved on initial
   install or sysupgrade
 - mtd-concat functionality is included, to leave a "hole" for u-boot-env,
   combining the OEM kernel and rootfs partitions

I would like to thank @mpratt14 and @xabolcs for their help getting the
lzma loader to work!

Signed-off-by: Russell Morris <rmorris@rkmorris.us>
[drop changes in image/Makefile, fix indent and PKG_RELEASE in
uboot-envtools, fix LOADER_FLASH_OFFS, minor commit message facelift,
add COMPILE to Device/Default]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoramips: image: add recipe for OKLI loader
Chuanhong Guo [Wed, 2 Sep 2020 06:22:30 +0000 (14:22 +0800)]
ramips: image: add recipe for OKLI loader

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
4 years agoramips: lzma-loader: make FLASH_START configurable
Chuanhong Guo [Wed, 2 Sep 2020 06:22:29 +0000 (14:22 +0800)]
ramips: lzma-loader: make FLASH_START configurable

FLASH_START is supposed to point at the memory area where NOR flash are
mapped. We currently have an incorrect FLASH_START copied from ar71xx
back then and the loader doesn't work under OKLI mode.
On ramips, mt7621 has it's flash mapped to 0x1fc00000 and other SoCs
uses 0x1c000000. This commit makes FLASH_START a configurable value to
handle both cases.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
4 years agopolicycoreutils: add nls.mk
Rosen Penev [Wed, 2 Sep 2020 21:25:19 +0000 (14:25 -0700)]
policycoreutils: add nls.mk

Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years agokernel: remove obsolete kernel version switches for 4.14
Adrian Schmutzler [Fri, 7 Aug 2020 12:21:10 +0000 (14:21 +0200)]
kernel: remove obsolete kernel version switches for 4.14

This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.

This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agokernel: remove support for kernel 4.14
Adrian Schmutzler [Fri, 7 Aug 2020 12:29:11 +0000 (14:29 +0200)]
kernel: remove support for kernel 4.14

No target uses kernel 4.14 anymore.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoramips: drop support for kernel 4.14
Adrian Schmutzler [Fri, 7 Aug 2020 14:35:05 +0000 (16:35 +0200)]
ramips: drop support for kernel 4.14

The target seems to be working on 5.4, so drop 4.14 support in
preparation for removing it from master entirely.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agopistachio: drop support for kernel 4.14
Adrian Schmutzler [Thu, 20 Aug 2020 12:26:27 +0000 (14:26 +0200)]
pistachio: drop support for kernel 4.14

The target seems to be working on 5.4, so drop 4.14 support in
preparation for removing it from master entirely.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoarc770: drop support for kernel 4.14
Adrian Schmutzler [Fri, 7 Aug 2020 14:34:09 +0000 (16:34 +0200)]
arc770: drop support for kernel 4.14

The target seems to be working on 5.4, so drop 4.14 support in
preparation for removing it from master entirely.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agosamsung: drop target
Adrian Schmutzler [Fri, 7 Aug 2020 14:11:39 +0000 (16:11 +0200)]
samsung: drop target

This target is still on kernel 4.14, and no attempt has been made to
update it to a newer kernel. Since we already are two LTS versions ahead
of that the target is dropped, as the chance of somebody bumping it will
only decrease with time.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agorb532: drop target
Adrian Schmutzler [Fri, 7 Aug 2020 14:08:28 +0000 (16:08 +0200)]
rb532: drop target

This target is still on kernel 4.14, and recent attempts to move it to
kernel 5.4 have not led to success. The device tester reported that it
wouldn't boot with the following messages:

From sysupgrade:

  Press any key within 4 seconds to enter setup....
  loading kernel from nand... OK
  setting up elf image... OK
  jumping to kernel code

At this point the system hangs.

From CompactFlash:

  Press any key within 4 seconds to enter setup....
  Booting CF
  Loading kernel... done
  setting up elf image... kernel out of range kernel loading failed

The tester reported that the same was observed with current master
(kernel 4.14) as well. This looks like some kernel size restriction.

Since this target is quite old and only supports one device, and since
nobody else seemed interested in working on this for quite some time,
I decided to not put further work into analyzing the problem and drop
this together with the other 4.14-only targets.

Patchwork series:
https://patchwork.ozlabs.org/project/openwrt/list/?series=197066&state=*

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath25: drop target
Adrian Schmutzler [Fri, 7 Aug 2020 13:58:52 +0000 (15:58 +0200)]
ath25: drop target

This target still only works with kernel 4.14, and not so recent
attempts of getting newer kernel versions supported did not lead
to success. Therefore, drop the target, as we are already two
LTS kernel versions ahead and it does not seem like anybody will
pick up the work.

Patchwork series:
https://patchwork.ozlabs.org/project/openwrt/list/?series=169991&state=*

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agotools: sort alphabetically
Adrian Schmutzler [Mon, 31 Aug 2020 11:27:57 +0000 (13:27 +0200)]
tools: sort alphabetically

This sorts the added tools and builddir dependencies alphabetically
to make it easier to find something in the Makefile.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agotools: drop unused upslug2 and wrt350nv2-builder
Adrian Schmutzler [Mon, 31 Aug 2020 11:17:54 +0000 (13:17 +0200)]
tools: drop unused upslug2 and wrt350nv2-builder

These tools have been used by the orion target which has been
removed in Jan 2020 [1].

Both were specifically meant for the WRT350Nv2, which is not
supported anymore.

So, let's remove them as well.

[1] 89f2deb372b7 ("orion: remove unmaintained target")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agombedtls: update to 2.16.8
Magnus Kroken [Tue, 1 Sep 2020 20:28:25 +0000 (22:28 +0200)]
mbedtls: update to 2.16.8

This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.

* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
4 years agobase-files: fix comment typo in lib/functions/network.sh
Walter Sonius [Tue, 1 Sep 2020 21:49:54 +0000 (23:49 +0200)]
base-files: fix comment typo in lib/functions/network.sh

Fix typo in comment.

Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agohostapd: add hs20 variant
Daniel Golle [Tue, 1 Sep 2020 20:31:20 +0000 (21:31 +0100)]
hostapd: add hs20 variant

Add hostapd variant compiled with support for Hotspot 2.0 AP features.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agotools/squashfskit4: fix build on non-linux systems
Felix Fietkau [Tue, 1 Sep 2020 13:37:14 +0000 (15:37 +0200)]
tools/squashfskit4: fix build on non-linux systems

The xattr related function calls are linux specific

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agomac80211: remove an obsolete patch that is no longer doing anything useful
Felix Fietkau [Sat, 29 Aug 2020 05:50:07 +0000 (07:50 +0200)]
mac80211: remove an obsolete patch that is no longer doing anything useful

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agomac80211: add more AQL fixes/improvements
Felix Fietkau [Thu, 27 Aug 2020 11:02:42 +0000 (13:02 +0200)]
mac80211: add more AQL fixes/improvements

Fix aggregation length estimation, add HE and VHT160 support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agomediatek/ramips: unify ethernet driver fixes and add performance optimizations
Felix Fietkau [Thu, 27 Aug 2020 04:39:48 +0000 (06:39 +0200)]
mediatek/ramips: unify ethernet driver fixes and add performance optimizations

Increase DMA burst size and tx ring size and optimize tx processing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agobuild: fix path to libfakeroot on macOS
Felix Fietkau [Tue, 1 Sep 2020 15:00:45 +0000 (17:00 +0200)]
build: fix path to libfakeroot on macOS

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agorefpolicy: skip building docs
Daniel Golle [Tue, 1 Sep 2020 13:34:15 +0000 (14:34 +0100)]
refpolicy: skip building docs

Building docs requires xmllint and other bulky things being present on
the host. Skip that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agolibaudit: add host-build required by policycoreutils/host
Daniel Golle [Tue, 1 Sep 2020 13:23:07 +0000 (14:23 +0100)]
libaudit: add host-build required by policycoreutils/host

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agolibsemanage: host-build depends on renamed libaudit package
Daniel Golle [Tue, 1 Sep 2020 11:29:51 +0000 (12:29 +0100)]
libsemanage: host-build depends on renamed libaudit package

Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agougps: update to the latest version
Hauke Mehrtens [Tue, 1 Sep 2020 11:04:23 +0000 (13:04 +0200)]
ugps: update to the latest version

511a5b3 ugps: fix 64-bit time_t

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agofstools: update to the latest version
Hauke Mehrtens [Tue, 1 Sep 2020 11:00:52 +0000 (13:00 +0200)]
fstools: update to the latest version

5345343 fstoools: add define for GLOB_ONLYDIR

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agomediatek: pull in some fixes fromt he latest SDK
John Crispin [Tue, 1 Sep 2020 07:09:13 +0000 (09:09 +0200)]
mediatek: pull in some fixes fromt he latest SDK

Signed-off-by: John Crispin <john@phrozen.org>
4 years agouboot-mediatek: update to latest version
John Crispin [Tue, 1 Sep 2020 07:08:52 +0000 (09:08 +0200)]
uboot-mediatek: update to latest version

Signed-off-by: John Crispin <john@phrozen.org>
4 years agobuild: unbreak fakeroot in SDK
Daniel Golle [Tue, 1 Sep 2020 03:08:47 +0000 (04:08 +0100)]
build: unbreak fakeroot in SDK

Using fakeroot without passing the paths to libfakeroot.sh and faked
causes havoc. Use the $(FAKEROOT) Make variable which includes them.

Fixes: 353ce2e521 ("build: ipkg-build use fakeroot with PKG_FILE_MODES")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agotools: fakeroot: pass paths of libfakeroot.so and faked
Daniel Golle [Tue, 1 Sep 2020 03:07:11 +0000 (04:07 +0100)]
tools: fakeroot: pass paths of libfakeroot.so and faked

Fixes: 9e7ef46065 ("tools: add fakeroot")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agolibaudit: drop unused file
Daniel Golle [Mon, 31 Aug 2020 23:31:22 +0000 (00:31 +0100)]
libaudit: drop unused file

Drop init script from libaudit package. It will be added to the
'audit' package in the packages feed.

Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agobuild: opkg-key variable key folder
Paul Spooren [Wed, 26 Aug 2020 00:55:27 +0000 (14:55 -1000)]
build: opkg-key variable key folder

The key folder is used by `opkg` and `usign` to store and retrieve
trusted public keys. Using `opkg-key` outside a running device is
unfeasible as the key folder is hard coded to `/etc/opkg/keys`.

This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys`
if unset, however allows set arbitrary key folder locations.

Arbitrary key folder locations are useful to add signature verification
to the ImageBuilders.

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agopx5g-wolfssl: cleanup Makefile and SPDX license
Paul Spooren [Mon, 31 Aug 2020 20:55:04 +0000 (10:55 -1000)]
px5g-wolfssl: cleanup Makefile and SPDX license

Minor cosmetic cleanups of the Makefile and add a SPDX compatible
license headers.

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agolibsemanage: add missing package metadata
Daniel Golle [Mon, 31 Aug 2020 21:01:46 +0000 (22:01 +0100)]
libsemanage: add missing package metadata

License and CPE-ID were missing, add them.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agoaudit: build only libaudit
Daniel Golle [Mon, 31 Aug 2020 20:49:36 +0000 (21:49 +0100)]
audit: build only libaudit

Turns out auditd depends on libev. Lets have that in packages.git.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agostrace: Update to version 5.8
Hauke Mehrtens [Mon, 24 Aug 2020 09:47:52 +0000 (11:47 +0200)]
strace: Update to version 5.8

Deactivate multiple personalities support, because this causes compile
problems at least on the x86/64 target. As OpenWrt compiles all
binaries itself all binaries will use the native personality which is
also used by strace. This change will make it impossible to debug i386
binaries on x86_64 OpenWrt targets for example.

Just deactivate it for ARM64 too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agoutil-linux: update to 2.36
Rosen Penev [Fri, 7 Aug 2020 21:23:39 +0000 (14:23 -0700)]
util-linux: update to 2.36

hwclock was fixed to work with musl.

Unfortunately, the fix breaks under musl 1.2.x. Backported patch to fix
that.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years agolibcxx: update to 10.0.0
Rosen Penev [Sat, 29 Aug 2020 03:17:39 +0000 (20:17 -0700)]
libcxx: update to 10.0.0

Switched to upstream tarballs.

Switched to libcxxabi as using libsupc++ is quite wonky.

Fixed description.

Removed patches. The fixes are cosmetic.

Added ssp patch. This one is needed for i386 and powerpc under musl.

Compile tested every C++ package in the tree with the exception of
several boost packages. There's something broken with boost.

Ran tested with gerbera.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years agolibcxxabi: add
Rosen Penev [Sat, 29 Aug 2020 03:17:38 +0000 (20:17 -0700)]
libcxxabi: add

This will be used for libcxx.

libcxxabi is needed as libsupc++ is not good enough for libcxx. It uses
GCC specific stuff which causes failed compilation for some packages.
There are also runtime issues, most notably with cxxopts where the
program just crashes.

Reference: https://github.com/gerbera/gerbera/issues/795

Added patch to fix ARM compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years agotoolchain: Update GCC 10 to version 10.2.0
DENG Qingfang [Tue, 25 Aug 2020 04:03:28 +0000 (12:03 +0800)]
toolchain: Update GCC 10 to version 10.2.0

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
4 years agotoolchain/binutils: add binutils 2.35
DENG Qingfang [Tue, 25 Aug 2020 03:55:05 +0000 (11:55 +0800)]
toolchain/binutils: add binutils 2.35

Add binutils version 2.35

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
4 years agocheckpolicy: build-depend on libselinux
Daniel Golle [Mon, 31 Aug 2020 19:41:21 +0000 (20:41 +0100)]
checkpolicy: build-depend on libselinux

Static libraries and headers of libselinux and libsepol are required
for checkpolicy to build.
Fixes error:
policy_parse.y:45:10: fatal error: sepol/policydb/expand.h: No such file or directory
 #include <sepol/policydb/expand.h>
          ^~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agopolicycoreutils: fix i18n depends
Daniel Golle [Mon, 31 Aug 2020 19:36:32 +0000 (20:36 +0100)]
policycoreutils: fix i18n depends

Fixes build error:
load_policy.c:11:10: fatal error: libintl.h: No such file or directory
 #include <libintl.h>  /* for gettext() */
          ^~~~~~~~~~~
 compilation terminated.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agoath79: add support for Senao Engenius ENH202 v1
Michael Pratt [Mon, 17 Aug 2020 19:35:20 +0000 (15:35 -0400)]
ath79: add support for Senao Engenius ENH202 v1

FCC ID: U2M-ENH200

Engenius ENH202 is an outdoor wireless access point with 2 10/100 ports,
built-in ethernet switch, internal antenna plates and proprietery PoE.

Specification:

  - Qualcomm/Atheros AR7240 rev 2
  - 40 MHz reference clock
  - 8 MB FLASH                  ST25P64V6P (aka ST M25P64)
  - 32 MB RAM
  - UART at J3                  (populated)
  - 2x 10/100 Mbps Ethernet     (built-in switch at gmac1)
  - 2.4 GHz, 2x2, 29dBm         (Atheros AR9280 rev 2)
  - internal antenna plates     (10 dbi, semi-directional)
  - 5 LEDs, 1 button            (LAN, WAN, RSSI) (Reset)

Known Issues:

  - Sysupgrade from ar71xx no longer possible
  - Power LED not controllable, or unknown gpio

MAC addresses:

  eth0/eth1  *:11   art 0x0/0x6
  wlan       *:10   art 0x120c

  The device label lists both addresses, WLAN MAC and ETH MAC,
  in that order.

  Since 0x0 and 0x6 have the same content, it cannot be
  determined which is eth0 and eth1, so we chose 0x0 for both.

Installation:

  2 ways to flash factory.bin from OEM:

  - Connect ethernet directly to board (the non POE port)
      this is LAN for all images
  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop or halt which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    In upper right select Reset
    "Restore to factory default settings"
    Wait for reboot and login again
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt boot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9f670000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions

  *DISCLAIMER*
  The Failsafe image is unique to Engenius boards.
  If the failsafe image is missing or damaged this will not work
  DO NOT downgrade to ar71xx this way, can cause kernel loop or halt

  The easiest way to return to the OEM software is the Failsafe image
  If you dont have a serial cable, you can ssh into openwrt and run

  `mtd -r erase fakeroot`

  Wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

Format of OEM firmware image:

  The OEM software of ENH202 is a heavily modified version
  of Openwrt Kamikaze bleeding-edge. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-enh202-uImage-lzma.bin
    openwrt-senao-enh202-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring, and by swapping headers to see
  what the OEM upgrade utility accepts and rejects.

  OKLI kernel loader is required because the OEM firmware
  expects the kernel to be no greater than 1024k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on built-in switch:

  ENH202 is originally configured to be an access point,
  but with two ethernet ports, both WAN and LAN is possible.

  the POE port is gmac0 which is preferred to be
  the port for WAN because it gives link status
  where swconfig does not.

Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[assign label_mac in 02_network, use ucidef_set_interface_wan,
use common device definition, some reordering]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>