openwrt/openwrt.git
4 years agoumdns: update to version 2020-04-25
Kevin Darbyshire-Bryant [Sat, 25 Apr 2020 09:30:08 +0000 (10:30 +0100)]
umdns: update to version 2020-04-25

cdac046 dns.c: fix input validation fix

Due to a slight foobar typo, failing to de-reference a pointer, previous
fix not quite as complete as it should have been.

Improve CVE-2020-11750 fix

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
4 years agox86: fix unusable squashfs images by adding missing padding
Petr Štetiar [Sat, 25 Apr 2020 10:47:43 +0000 (12:47 +0200)]
x86: fix unusable squashfs images by adding missing padding

It was reported, that after image generation rework
x86-64-generic-squashfs-rootfs.img image won't boot on XenServer x86_64
anymore:

 F2FS-fs (xvda): Magic Mismatch, valid(0xf2f52010) - read(0x84289960)
 F2FS-fs (xvda): Can't find valid F2FS filesystem in 1th superblock
 F2FS-fs (xvda): Magic Mismatch, valid(0xf2f52010) - read(0x4e8ee223)
 F2FS-fs (xvda): Can't find valid F2FS filesystem in 2th superblock
 List of all partitions:
 ca00            4207 xvda
  driver: vbd
 No filesystem could mount root, tried:
  ext3
  ext2
  ext4
  squashfs
  iso9660
  f2fs

 Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(202,0)

So lets fix this by adding back padding which was introduced in commit
a17d9482f5e2 ("x86: image: fix small disk space in squashfs overlay").

Ref: FS#3036
Fixes: 258f070d1a4f ("x86: fix missing squashfs and ext4 rootfs images")
Fixes: cb007a7bf619 ("x86: switch image generation to new code")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agokernel: netdev: fix kmod-sfp description capitalization
David Bauer [Sun, 26 Apr 2020 10:07:46 +0000 (12:07 +0200)]
kernel: netdev: fix kmod-sfp description capitalization

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agokernel: netdev: add phylink dependency for sfp
David Bauer [Sun, 26 Apr 2020 09:13:53 +0000 (11:13 +0200)]
kernel: netdev: add phylink dependency for sfp

Fixes: ec2f7a47d379 ("kernel: add module to support SFP cages")
Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agokernel: netdev: add kmod-phylink
David Bauer [Sun, 26 Apr 2020 09:02:16 +0000 (11:02 +0200)]
kernel: netdev: add kmod-phylink

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agoramips: enable SFP port for Ubiquiti ER-X-SFP
René van Dorst [Tue, 10 Mar 2020 17:34:33 +0000 (01:34 +0800)]
ramips: enable SFP port for Ubiquiti ER-X-SFP

SFP cage of this device is connected via a AT8031 phy to port 5 of the switch.
This phy act as a RGMII-to-SerDes converter.

Also a I2C clock gate needs to be enabled in order to access the SFP module via I2C bus.
SFP cage also has module detect pin which is connected to I2C gpio expander.

With this patch the kernel/PHYLINK now can detect, readout and use the SFP module/port.

NOTE: SFP cage / AT8033 PHY only support 1000base-X encoding!
This means that some SGMII modules can work and only at forced 1GBit/full-duplex!

Signed-off-by: René van Dorst <opensource@vdorst.com>
4 years agokernel: add module to support SFP cages
René van Dorst [Tue, 7 Apr 2020 21:50:31 +0000 (23:50 +0200)]
kernel: add module to support SFP cages

Enables kernel SFP case support.

Signed-off-by: René van Dorst <opensource@vdorst.com>
4 years agoramips: phy: at803x: support RGMII-to-SerDes and SFP support
DENG Qingfang [Tue, 10 Mar 2020 17:30:02 +0000 (01:30 +0800)]
ramips: phy: at803x: support RGMII-to-SerDes and SFP support

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: René van Dorst <opensource@vdorst.com>
4 years agokernel: backport support for clause 37 1000Base-X auto-negotiation
DENG Qingfang [Tue, 10 Mar 2020 17:32:12 +0000 (01:32 +0800)]
kernel: backport support for clause 37 1000Base-X auto-negotiation

This patch is needed for clause 37 1000Base-X encoding used in many SFP modules.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: René van Dorst <opensource@vdorst.com>
4 years agokernel: bump 5.4 to 5.4.35
Petr Štetiar [Sat, 25 Apr 2020 08:58:07 +0000 (10:58 +0200)]
kernel: bump 5.4 to 5.4.35

Refreshed one patch.

Run tested: qemu-x86-64
Build tested: x86/64, imx6, sunxi/a53, rockchip/armv8

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoimx6: add back perf monitor related config symbol
Petr Štetiar [Sat, 25 Apr 2020 09:13:41 +0000 (11:13 +0200)]
imx6: add back perf monitor related config symbol

Commit 0543eb111081 ("imx6: 5.4: add missing kernel perf monitor
symbol") has added missing kernel config symbol FSL_IMX8_DDR_PMU which
is exposed only when building perf, so add it back.

Fixes: 8d9b36270b1f ("imx6: refresh kernel config")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoprocd: extend requirejail attribute handling
Daniel Golle [Sat, 25 Apr 2020 09:18:22 +0000 (10:18 +0100)]
procd: extend requirejail attribute handling

 e2ed964 jail: don't fail unless requirejail is set
 17e7ae7 jail: don't load libpreload-seccomp.so if it doesn't exist

Fixes openwrt/packages#11913
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agoipq40xx: fix alphabetical order in 02_network
David Bauer [Wed, 22 Apr 2020 23:21:11 +0000 (01:21 +0200)]
ipq40xx: fix alphabetical order in 02_network

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agoath79: fix QCA953x DDR and GPIO compatible bindings
David Bauer [Sun, 19 Apr 2020 16:28:09 +0000 (18:28 +0200)]
ath79: fix QCA953x DDR and GPIO compatible bindings

The memory as well as GPIO controller had the wrong SoC name used for
their compatible binding.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agoath79: correct QCA9550 machine compatible binding
David Bauer [Sat, 18 Apr 2020 17:16:05 +0000 (19:16 +0200)]
ath79: correct QCA9550 machine compatible binding

Some boards using a QCA9556 or QCA9558 had their machine compatible
binding incorrectly set to qca,qca9557.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agoath79: rename qca9557.dtsi to qca955x.dtsi
David Bauer [Fri, 17 Apr 2020 00:05:23 +0000 (02:05 +0200)]
ath79: rename qca9557.dtsi to qca955x.dtsi

There are at least 3 different chips in the Scorpion series of SoCs.
Rename the common DTSI to better reflect it's purpose for the whole
series.

Also rename the compatible bindings from qca,ar9557 and qca,qca9557
to qca,qca9550.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agoltq-adsl(-fw): Makefile clean-up and fixes
Adrian Schmutzler [Tue, 14 Apr 2020 14:10:49 +0000 (16:10 +0200)]
ltq-adsl(-fw): Makefile clean-up and fixes

This fixes a few minor issues (partially cosmetic) in ltq-adsl and
ltq-adsl-fw Makefiles:
- fix PKG_SOURCE_URL and switch to https
- remove non-existant FW_NAME variable
- fix package name for config inclusion
- fix config symbol for debugging

Fixes: 1d0a9d0c0470 ("move ltq-adsl")
Cc: John Crispin <john@phrozen.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath79: move tplinkpart.c parser to patches
Adrian Schmutzler [Mon, 13 Apr 2020 16:43:44 +0000 (18:43 +0200)]
ath79: move tplinkpart.c parser to patches

Between 4.19 and 5.4, mtd parsers have been moved to "parsers"
subdirectory. Like for myloader.c in the previous patch,
this patch moves tplinkpart.c to the kernel patches, so the
code and the kernel includes are at the same location and
the path can be adjusted per kernel.

While at it, remove some outdated kernel version switches from
the C code.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agokernel: fix include of myloader.o since kernel 5.4
Adrian Schmutzler [Mon, 13 Apr 2020 16:43:43 +0000 (18:43 +0200)]
kernel: fix include of myloader.o since kernel 5.4

Between 4.19 and 5.4, mtd parsers have been moved to "parsers"
subdirectory. Based on this, the selection of myloader.o in OpenWrt
was also moved to that subdirectory, while the Kconfig and our local
myloader.c file remained in /drivers/mtd.

This resulted in linking errors like the following (on ath25@5.4):

make[8]: *** No rule to make target 'drivers/mtd/parsers/myloader.o', ...
   needed by 'drivers/mtd/parsers/built-in.a'.  Stop.
make[7]: *** [scripts/Makefile.build:500: drivers/mtd/parsers] Error 2
make[6]: *** [scripts/Makefile.build:500: drivers/mtd] Error 2

Since myloader.c is not too big, this patch moves it to the kernel patches,
allowing to adjust the path for kernel 5.4 and keeping Makefiles and
file paths better in sync.

Other patches have been refreshed accordingly.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agokernel: replace "+@" IPV6 dependency by "+"
Adrian Schmutzler [Sun, 12 Apr 2020 09:39:42 +0000 (11:39 +0200)]
kernel: replace "+@" IPV6 dependency by "+"

The combination +@IPV6:kmod-ipsec6 is not valid, the +a:b
syntax implies the @. Fix it.

Fixes: 2e6b6f9fcaae ("kernel: add @IPv6 dependency to ipv6 modules")
Reported-by: Oldřich Jedlička (@oldium)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoramips: remove config-4.14 for mt7621/mt76x8
Adrian Schmutzler [Wed, 15 Apr 2020 16:34:50 +0000 (18:34 +0200)]
ramips: remove config-4.14 for mt7621/mt76x8

mt7621 and mt76x8 subtargets have been moved to kernel 5.4 and their
DTS(I) files are incompatible to kernel 4.14.

Remove the corresponding kernel config files to signal that more
boldly and to prevent accidentally patching the wrong kernel when
pulling in older config patches.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoocteon: use kernel version 5.4 for testing
Adrian Schmutzler [Thu, 23 Apr 2020 15:03:57 +0000 (17:03 +0200)]
octeon: use kernel version 5.4 for testing

Tested on EdgeRouter Lite (by Daniel Engberg)

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoocteon: update config for kernel 5.4
Daniel Engberg [Fri, 17 Apr 2020 21:39:35 +0000 (23:39 +0200)]
octeon: update config for kernel 5.4

Update config with make kernel_oldconfig.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[split patch, redo kernel_oldconfig, add description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoocteon: refresh patches for kernel 5.4
Daniel Engberg [Fri, 17 Apr 2020 19:56:37 +0000 (21:56 +0200)]
octeon: refresh patches for kernel 5.4

Refresh patches to make them apply to kernel 5.4.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[split patch, refresh on newer kernel, add description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoocteon: copy files to kernel 5.4
Daniel Engberg [Fri, 17 Apr 2020 19:53:14 +0000 (21:53 +0200)]
octeon: copy files to kernel 5.4

Copy config and patches to kernel 5.4.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[split patch, fix patches-5.4 dirname, add description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agomediatek: disable the unused pcie port for elecom wrc-2533gent
Felix Fietkau [Thu, 9 Apr 2020 17:57:47 +0000 (19:57 +0200)]
mediatek: disable the unused pcie port for elecom wrc-2533gent

Fixes MSI support for the primary device

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agofstools: update to the latest version
Felix Fietkau [Thu, 9 Apr 2020 12:25:51 +0000 (14:25 +0200)]
fstools: update to the latest version

84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agoopenssl: bump to 1.1.1g
Petr Štetiar [Tue, 21 Apr 2020 20:51:20 +0000 (22:51 +0200)]
openssl: bump to 1.1.1g

Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with
high severity, assigned CVE-2020-1967.

Ref: https://www.openssl.org/news/secadv/20200421.txt
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agokernel: bump 5.4 to 5.4.34
Petr Štetiar [Tue, 21 Apr 2020 09:09:30 +0000 (11:09 +0200)]
kernel: bump 5.4 to 5.4.34

Refreshed patches.

Run tested: qemu-x86-64, apalis, a64-olinuxino
Build tested: x86/64, imx6, sunxi/a53

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoimx6: refresh kernel config
Koen Vandeputte [Tue, 21 Apr 2020 12:46:23 +0000 (14:46 +0200)]
imx6: refresh kernel config

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years agobase-files: ensure VERBOSE is set
Alexander Couzens [Wed, 13 Nov 2019 17:13:13 +0000 (18:13 +0100)]
base-files: ensure VERBOSE is set

If not set, it shows the following error
sh: out of range

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
4 years agolantiq/fritz 7312: set maximum speed to 100 mbit
Alexander Couzens [Mon, 24 Jun 2019 15:41:22 +0000 (17:41 +0200)]
lantiq/fritz 7312: set maximum speed to 100 mbit

The fritz 7312 does not support 1000 gbit. Advertising it makes it
worse. Some NIC will change to 1000 gibt and turn off and on again for
ever.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
4 years agoubus: update to latest git HEAD
Hans Dedecker [Mon, 20 Apr 2020 19:22:46 +0000 (21:22 +0200)]
ubus: update to latest git HEAD

171469e lua: avoid truncation of large numeric values

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agox86: really remove packages already enabled in kconfig
Daniel Golle [Mon, 20 Apr 2020 18:21:50 +0000 (19:21 +0100)]
x86: really remove packages already enabled in kconfig

This commit really removes packages in geode profiles already enabled
in kernel config.

Fixes: 9c23ecee57 ("x86: move packages selection to profiles")
Reported-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agox86: move packages selection to profiles
Tomasz Maciej Nowak [Mon, 20 Apr 2020 17:46:34 +0000 (19:46 +0200)]
x86: move packages selection to profiles

This can be rather confusing for contributors, since there are three
layers in which they can be added. As for now there are none profiles
other than generic (exception: geos) let's move them to these profiles.
Being here this commit also removes packages in geode profiles already
enabled in kernel config.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
4 years agox86: select kmod-button-hotplug by default
Tomasz Maciej Nowak [Mon, 20 Apr 2020 17:46:33 +0000 (19:46 +0200)]
x86: select kmod-button-hotplug by default

This package is useful by all subtargets, therefore move it to default
packages selection.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
4 years agox86: fix kmod-forcedeth package selection
Tomasz Maciej Nowak [Mon, 20 Apr 2020 17:46:32 +0000 (19:46 +0200)]
x86: fix kmod-forcedeth package selection

There's no such package as forcedeth, threfore the driver is never
selected. Fix it by properly specifying package name.

Fixes: 35f208d ("x86: add nforce eth to default packages")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
4 years agox86: image: drop dead code
Tomasz Maciej Nowak [Mon, 20 Apr 2020 17:46:31 +0000 (19:46 +0200)]
x86: image: drop dead code

These are remnants of old image generation code, which now serve no
purpose.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
4 years agouboot-rockchip: fix ident string
Petr Štetiar [Mon, 20 Apr 2020 14:42:47 +0000 (16:42 +0200)]
uboot-rockchip: fix ident string

Commit 797506011695 ("uboot-rockchip: add new package") has added
`OpenWRT` ident string, fix it to proper `OpenWrt`.

Fixes: 797506011695 ("uboot-rockchip: add new package")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agorockchip: add support for Pine64 RockPro64
Tobias Mädel [Sun, 12 Apr 2020 11:57:25 +0000 (13:57 +0200)]
rockchip: add support for Pine64 RockPro64

This adds the new rockchip target and support for RockPro64 RK3399

Flash:    16 MiB SPI NOR
RAM:      2 GiB/4 GiB LPDDR4
SoC:      RK3399
USB:      2x USB 2.0, 1x USB 3.0, 1x USB-C
Ethernet: 1x GbE
PCIe:     PCIe 2.0, 4 lanes
Storage:  eMMC or SD card
Optional SDIO wifi/bt module

The Pine64 RockPro64 is a single-board-computer with a 4x PCIe connector,
6 ARM64 cores (4 little, 2 big), plenty of RAM and storage.

By default the single Gigabit-Ethernet port is configured as the
LAN port.

Installation of the firware is possible by dd'ing the image
to an SD card or the eMMC flash.

Serial: 3v3 1500000 8n1

U-boot is build from the mainline tree and
integrated into the images. Required ATF to build u-boot
is downloaded from a CI build bot.

Signed-off-by: Tobias Mädel <t.maedel@alfeld.de>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
4 years agouboot-rockchip: add new package
Tobias Mädel [Sun, 12 Apr 2020 11:53:56 +0000 (13:53 +0200)]
uboot-rockchip: add new package

This package is needed for the rockchip target.

Signed-off-by: Tobias Mädel <t.maedel@alfeld.de>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
4 years agoarm-trusted-firmware-rockchip: add new package
Tobias Mädel [Sun, 12 Apr 2020 11:51:49 +0000 (13:51 +0200)]
arm-trusted-firmware-rockchip: add new package

This is needed to build the uboot-rockchip, needed for the rockchip target

Signed-off-by: Tobias Mädel <t.maedel@alfeld.de>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
[replaced `mkdir -p` with INSTALL_DIR variable]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agouboot-kirkwood: update to 2020.04
Pawel Dembicki [Sat, 11 Apr 2020 13:44:14 +0000 (15:44 +0200)]
uboot-kirkwood: update to 2020.04

Update U-Boot to current 2020.04 release for kirkwood platform.

Catch up with upstream and move some configuration options from
the header files to the corresponding defconfig files.

Compile tested: all devices
Run tested: nsa310, pogoplugv4

Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
4 years agokernel: netfilter.mk: fix kmod-ipt-nat6 installation on 5.4
DENG Qingfang [Sun, 19 Apr 2020 11:23:24 +0000 (19:23 +0800)]
kernel: netfilter.mk: fix kmod-ipt-nat6 installation on 5.4

xt_MASQUERADE.ko is picked up by both kmod-ipt-nat and kmod-ipt-nat6, causing
conflict
As kmod-ipt-nat6 already depends on kmod-ipt-nat, remove xt_MASQUERADE from it

Fixes: FS#2924
Fixes: 0fad8af85158 ("kernel: Include xt_MASQUERADE for kernel 5.2 and later")
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
4 years agorelayd: bump to version 2020-04-20
Kevin Darbyshire-Bryant [Mon, 20 Apr 2020 08:08:20 +0000 (09:08 +0100)]
relayd: bump to version 2020-04-20

796da66 dhcp.c: improve input validation & length checks

Addresses CVE-2020-11752

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
4 years agoumdns: update to version 2020-04-20
Kevin Darbyshire-Bryant [Mon, 20 Apr 2020 08:03:52 +0000 (09:03 +0100)]
umdns: update to version 2020-04-20

e74a3f9 dns.c: improve input validation

Addresses CVE-2020-11750

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
4 years agoramips: mt7621: add NETGEAR R7200 as DEVICE_ALT1
Pawel Dembicki [Wed, 15 Apr 2020 13:43:51 +0000 (15:43 +0200)]
ramips: mt7621: add NETGEAR R7200 as DEVICE_ALT1

Netgear R7200 is another clone of Netgear R6700v2, introduced in:
6e80df5 ("ramips: add support for NETGEAR R6700v2/AC2400")

Reported-by: Joel Pinsker, github user @joelp64
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
4 years agoprocd: fix jail when running on glibc
Daniel Golle [Sun, 19 Apr 2020 22:18:15 +0000 (23:18 +0100)]
procd: fix jail when running on glibc

 d200b70 jail: include /etc/nsswitch.conf in jail for glibc.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agoath79: add support for AVM FRITZ!WLAN Repeater 450E
David Bauer [Tue, 14 Apr 2020 01:58:37 +0000 (03:58 +0200)]
ath79: add support for AVM FRITZ!WLAN Repeater 450E

SOC:    Qualcomm QCA9556 (Scorpion) 560MHz MIPS74Kc
RAM:    64MB Zentel A3R12E40CBF DDR2
FLASH:  16MiB Winbond W25Q128 SPI NOR
WLAN1:  QCA9556 2.4 GHz 802.11b/g/n 3x3
INPUT:  WPS button
LED:    Power, WiFi, LAN, RSSI indicator
Serial: Header Next to Black metal shield
        Pinout is 3.3V - RX - TX - GND (Square Pad is 3.3V)
        The Serial setting is 115200-8-N-1.

Installation via EVA:
In the first seconds after Power is connected, the bootloader will
listen for FTP connections on 192.168.178.1. Firmware can be uploaded
like following:

  ftp> quote USER adam2
  ftp> quote PASS adam2
  ftp> binary
  ftp> debug
  ftp> passive
  ftp> quote MEDIA FLSH
  ftp> put openwrt-sysupgrade.bin mtd1

Note that this procedure might take up to two minutes.
You need to powercycle the device afterwards to boot OpenWRT.

Tested-by: Andreas Ziegler <dev@andreas-ziegler.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agoramips: replace pinctrl property names for ipTIME A1004ns
Sungbo Eo [Sat, 18 Apr 2020 13:47:34 +0000 (22:47 +0900)]
ramips: replace pinctrl property names for ipTIME A1004ns

The pinctrl driver had been replaced with the upstream one in b756ea2a909a
("ramips: replace pinctrl property names"), but the initial A1004ns support
patch did not reflect the changes. This commit updates its pinctrl property
names.

Fixes: 9169482f640c ("ramips: add support for ipTIME A1004ns")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
4 years agotoolchain: glibc: Define minimum support kernel version as 4.14
Hauke Mehrtens [Sat, 18 Apr 2020 18:00:35 +0000 (20:00 +0200)]
toolchain: glibc: Define minimum support kernel version as 4.14

This will compile glibc in a way that it will only support kernel 4.14
and later. Compatibility code for older kernel versions will be removed.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agotoolchain: glibc: Update glibc to version 2.31
Hauke Mehrtens [Mon, 16 Mar 2020 14:28:13 +0000 (15:28 +0100)]
toolchain: glibc: Update glibc to version 2.31

This updates glibc to the most recent version 2.31.

001-regex-read-overrun.patch was a backport from a more recent version
and is integrated in glibc 2.31.

050-Revert-Disallow-use-of-DES-encryption-functions-in-n.patch is needed
to add the DES crypto functions back again. They were removed in glibc
2.28, but we still use them in ppp.
musl lib also provides these DES crypto functions. Without them we would
have to link ppp against openssl or an other crypto library.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agodante: Fix compile with glibc
Hauke Mehrtens [Sat, 18 Apr 2020 15:50:03 +0000 (17:50 +0200)]
dante: Fix compile with glibc

When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.

This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1

Fixes: aaf46a8fe23e ("dante: disable sched_getscheduler() - not implemented in musl")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agorbcfg: Add missing mode to open call
Hauke Mehrtens [Sat, 18 Apr 2020 15:44:13 +0000 (17:44 +0200)]
rbcfg: Add missing mode to open call

When open() is called with O_CREAT a 3. parameter has to be given with
the file system permissions of the new file.

Not giving this is an error, which results in a compile error with glibc.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
In file included from /include/fcntl.h:329,
                 from main.c:18:
In function 'open',
    inlined from 'rbcfg_update' at main.c:501:7:
/include/bits/fcntl2.h:50:4: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
    __open_missing_mode ();
    ^~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agoupgs: Remove extra _DEFAULT_SOURCE definition
Hauke Mehrtens [Sat, 18 Apr 2020 15:42:02 +0000 (17:42 +0200)]
upgs: Remove extra _DEFAULT_SOURCE definition

This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
 #define _DEFAULT_SOURCE

<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agobusybox: backport Remove stime() function calls
Hauke Mehrtens [Mon, 23 Mar 2020 22:22:04 +0000 (23:22 +0100)]
busybox: backport Remove stime() function calls

glibc 2.31 does not provide stime() any more, backport a fix from
current busybox master to avoid using this function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agobcm63xx: switch to 5.4 kernel
Álvaro Fernández Rojas [Sat, 18 Apr 2020 18:52:56 +0000 (20:52 +0200)]
bcm63xx: switch to 5.4 kernel

Seems stable after 6 days of testing on some of my devices.
Let's switch to 5.4 in order to get more feedback.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
4 years agoopenvpn: update to 2.4.9
Magnus Kroken [Fri, 17 Apr 2020 15:34:42 +0000 (17:34 +0200)]
openvpn: update to 2.4.9

This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.

Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
4 years agobinutils: add ALTERNATIVES for strings (FS#3001)
Hans Dedecker [Sat, 18 Apr 2020 08:34:10 +0000 (10:34 +0200)]
binutils: add ALTERNATIVES for strings (FS#3001)

Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agoramips: mt7621: use lzma-loader for newifi d1/d2/thunder timecloud
Chuanhong Guo [Sat, 18 Apr 2020 06:19:38 +0000 (14:19 +0800)]
ramips: mt7621: use lzma-loader for newifi d1/d2/thunder timecloud

These devices failed to properly extract kernel. enable lzma loader
for them.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
4 years agoramips: don't reuse KERNEL_DTB for lzma-loader
Chuanhong Guo [Sat, 18 Apr 2020 05:40:31 +0000 (13:40 +0800)]
ramips: don't reuse KERNEL_DTB for lzma-loader

mt7621 overrides KERNEL_DTB to limit dictionary size, which isn't needed
for our lzma loader.
This saves 15KB on mt7621 devices using uimage-lzma-loader.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
4 years agoramips: mt7621: backport more pcie driver fixes
Chuanhong Guo [Sat, 18 Apr 2020 04:51:03 +0000 (12:51 +0800)]
ramips: mt7621: backport more pcie driver fixes

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
4 years agoramips: increase spi-max-frequency for ipTIME mt7620 devices
Sungbo Eo [Sun, 5 Apr 2020 05:11:34 +0000 (14:11 +0900)]
ramips: increase spi-max-frequency for ipTIME mt7620 devices

This commit increases the hardware SPI frequency from 24.2MHz to 48.3MHz.

[    5.314163] m25p80 spi0.0: speed: 24166666/40000000, rate: 8, prescal: 2, loops: 226
[    5.076323] m25p80 spi0.0: speed: 48333333/50000000, rate: 4, prescal: 1, loops: 162

`time cat /dev/mtd2 >/dev/null` is reduced from 5.64s to 4.36s on A104ns,
and from 11.39s to 8.81s on A1004ns.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
4 years agoramips: add support for ipTIME A1004ns
Sungbo Eo [Thu, 26 Sep 2019 15:21:25 +0000 (00:21 +0900)]
ramips: add support for ipTIME A1004ns

ipTIME A1004ns is a 2.4/5GHz band AC750 router, based on MediaTek MT7620A.

Specifications:
- SoC: MT7620A
- RAM: DDR2 128MB
- Flash: SPI NOR 16MB
- WiFi:
  - 2.4GHz: SoC internal
  - 5GHz: MT7610EN
- Ethernet: 5x 10/100/1000Mbps
  - Switch: MT7530BU
- USB: 1x 2.0
- UART:
  - J2: 3.3V, TX, RX, GND (3.3V is the square pad) / 57600 8N1

Installation via web interface:
1.  Flash **initramfs** image through the stock web interface.
2.  Boot into OpenWrt and perform sysupgrade with sysupgrade image.

Revert to stock firmware:
1.  Perform sysupgrade with stock image.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
4 years agoramips: mt7621: Ubiquiti ER-X-SFP: fix gpio numbers for POE enable gpios
René van Dorst [Tue, 7 Apr 2020 20:00:20 +0000 (22:00 +0200)]
ramips: mt7621: Ubiquiti ER-X-SFP: fix gpio numbers for POE enable gpios

With v5.4 kernel a new gpio driver is used.
GPIO numbering has changed so update 03_gpio_switches too.

Signed-off-by: René van Dorst <opensource@vdorst.com>
4 years agoramips: mt7621: Ubiquiti ER-X: fix gpio number for POE enable gpio
René van Dorst [Thu, 9 Apr 2020 12:03:13 +0000 (14:03 +0200)]
ramips: mt7621: Ubiquiti ER-X: fix gpio number for POE enable gpio

With v5.4 kernel a new gpio driver is used.
GPIO numbering has changed so update 03_gpio_switches too.

Signed-off-by: René van Dorst <opensource@vdorst.com>
4 years agoramips: use all reserved space for HiWiFi HC5962
DENG Qingfang [Mon, 6 Apr 2020 05:17:47 +0000 (13:17 +0800)]
ramips: use all reserved space for HiWiFi HC5962

These stock partitons: "backup", "hw_panic", "overly", firmware_backup", "opt"
do not contain any device-specific data and can be used for /overlay, resulting in
121M space

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
4 years agoramips: increase HiWiFi HC5962 kernel partition to 4M
DENG Qingfang [Mon, 6 Apr 2020 05:17:43 +0000 (13:17 +0800)]
ramips: increase HiWiFi HC5962 kernel partition to 4M

Increase kernel partition because 2M is insufficient for 5.4
Because the partition changes, previous version of OpenWrt cannot upgrade
to this version, and requires a new installation

Recovery to stock instruction:
1. Download stock firmware at
   http://ur.ikcd.net/HC5962-sysupgrade-20171221-b00a04d1.bin
2. Power off the router
3. Press and hold the reset button for 4~6 sec while power it back on
4. Connect a PC to router's LAN
5. Visit http://192.168.2.1 and upload the firmware

Then repeat the instruction in edae3479e64e to install OpenWrt

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
4 years agogeneric: spi-nor: fix 4-byte opcode support for w25q256
Mantas Pucka [Thu, 16 Apr 2020 06:40:49 +0000 (09:40 +0300)]
generic: spi-nor: fix 4-byte opcode support for w25q256

There are 2 different chips (w25q256fv and w25q256jv) that share
the same JEDEC ID. Only w25q256jv fully supports 4-byte opcodes.
Use SFDP header version to differentiate between them.

Fixes broken reboot on 8devices Habanero since f0f35fdac

Signed-off-by: Mantas Pucka <mantas@8devices.com>
4 years agombedtls: update to 2.16.6
Magnus Kroken [Thu, 16 Apr 2020 15:47:47 +0000 (17:47 +0200)]
mbedtls: update to 2.16.6

Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters

Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
4 years agokernel: bump 5.4 to 5.4.33
Petr Štetiar [Fri, 17 Apr 2020 12:29:33 +0000 (14:29 +0200)]
kernel: bump 5.4 to 5.4.33

Refreshed patches, removed upstreamed patches:

 oxnas: 001-irqchip-versatile-fpga-Handle-chained-IRQs-properly.patch
 oxnas: 002-irqchip-versatile-fpga-Apply-clear-mask-earlier.patch

Run tested: qemu-x86-64, apalis
Build tested: x86/64, imx6, sunxi/a53

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agomac80211: make sure existing iface belongs to correct (fullmac) phy
Daniel Golle [Fri, 17 Apr 2020 12:11:11 +0000 (13:11 +0100)]
mac80211: make sure existing iface belongs to correct (fullmac) phy

Some FullMAC cfg80211 wireless devices do not support virtual
interfaces, hence there is script logic to keep the existing network
device. Improve this to support renaming the interface if needed and
make sure the existing interface actually belongs to the right phy.
Change calls to 'iw' to avoid outputing warnings and errors to not
confuse users of such devices.

Also bump PKG_RELEASE which has been forgotten in the previous two
mac80211 changes.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agoath79: remove stray pipe
David Bauer [Fri, 17 Apr 2020 12:15:06 +0000 (14:15 +0200)]
ath79: remove stray pipe

Fixes: 8918c038f330 ("ath79: add support for AVM FRITZ!WLAN Repeater 1750E")
Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agoelfutils: aarch64 fix build on musl
Lucian Cristian [Fri, 17 Apr 2020 10:04:37 +0000 (13:04 +0300)]
elfutils: aarch64 fix build on musl

aarch64_initreg.c: In function 'aarch64_set_initial_registers_tid':
aarch64_initreg.c:85:37: error: invalid operands to binary & (have 'long double' and 'unsigned int')
     dwarf_fregs[r] = fregs.vregs[r] & 0xFFFFFFFF;
                      ~~~~~~~~~~~~~~ ^

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
4 years agouboot-sunxi: bump to 2020.04 relase
Petr Štetiar [Tue, 14 Apr 2020 21:30:56 +0000 (23:30 +0200)]
uboot-sunxi: bump to 2020.04 relase

Refreshed patches, removed upstreamed patch:

 260-configs-a64-olinuxino-emmc-add-eMMC-boot-part-config.patch

Boot tested on a64-olinuxino-emmc.

Cc: Zoltan HERPAI <wigyori@uid0.hu>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agouboot-imx6: bump to 2020.04 release
Petr Štetiar [Tue, 14 Apr 2020 21:21:19 +0000 (23:21 +0200)]
uboot-imx6: bump to 2020.04 release

Refreshed all patches, run tested on apalis.

Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agomac80211: drop data frames without key on encrypted links
David Bauer [Thu, 16 Apr 2020 19:30:27 +0000 (21:30 +0200)]
mac80211: drop data frames without key on encrypted links

If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.

This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.

Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.

Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agoath79: add support for AVM FRITZ!WLAN Repeater 1750E
David Bauer [Sun, 12 Apr 2020 11:33:01 +0000 (13:33 +0200)]
ath79: add support for AVM FRITZ!WLAN Repeater 1750E

This commit adds support for the AVM Fritz!WLAN Repeater 1750E

SOC: Qualcomm QCA9556 (Scorpion) 720MHz MIPS74Kc
RAM:    64MB Zentel A3R12E40CBF DDR2
FLASH:  16MiB Winbond W25Q128 SPI NOR
WLAN1:  QCA9556 2.4 GHz 802.11b/g/n 3x3
WLAN2:  QCA9880 5 GHz 802.11 n/ac 3x3
INPUT:  WPS button
LED:    Power, WiFi, LAN, RSSI indicator
Serial: Header Next to Black metal shield
        Pinout is 3.3V - RX - TX - GND (Square Pad is 3.3V)
        The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet
 - 2.4 GHz WiFi (correct MAC)
 - 5 GHz WiFi (correct MAC)
 - Installation via EVA bootloader
 - OpenWRT sysupgrade
 - Buttons
 - LEDs

Installation via EVA:
In the first seconds after Power is connected, the bootloader will
listen for FTP connections on 192.168.178.1. Firmware can be uploaded
like following:

  ftp> quote USER adam2
  ftp> quote PASS adam2
  ftp> binary
  ftp> debug
  ftp> passive
  ftp> quote MEDIA FLSH
  ftp> put openwrt-sysupgrade.bin mtd1

Note that this procedure might take up to two minutes.
You need to powercycle the Device afterwards to boot OpenWRT.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agoath79: add QCA9550 reset sequence
David Bauer [Sun, 12 Apr 2020 11:03:31 +0000 (13:03 +0200)]
ath79: add QCA9550 reset sequence

The QCA9550 family of SoCs have a slightly different reset
sequence compared to older chips.

Normally the bootloader performs this sequence, however
some bootloader implementation expect the operating system
to clear the reset. Also get the PCIe resets from OF to
support the second RC of the QCA9558.

This is required for the AVM FRITZ!WLAN Repeater 1750E to work,
as EVA leaves the PCIe bus in reset.

Tested: AVM FRITZ!WLAN Repeater 1750E - OCEDO Koala

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agomac80211: fix detecting existing interface
Daniel Golle [Fri, 17 Apr 2020 10:33:40 +0000 (11:33 +0100)]
mac80211: fix detecting existing interface

Instead of using the actual interface name, a hard-coded 'wlan0' has
slipped into the script. Replace it.

Fixes: ccf2aa9d4b ("mac80211: detect existing interface before adding")
Reported-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agokernel: add support for GD25D05 SPI NOR (5.4)
Koen Vandeputte [Thu, 16 Apr 2020 12:35:48 +0000 (14:35 +0200)]
kernel: add support for GD25D05 SPI NOR (5.4)

This chip is used on newer RB912UAG-5HPnD r2 and 922UAGS-5HPacD boards:

Before:

[    0.824562] spi-nor spi0.0: unrecognized JEDEC id bytes: c8 40 10 c8 40 10
[    0.831607] spi-nor: probe of spi0.0 failed with error -2

After:

[    0.825347] spi-nor spi0.0: gd25d05 (64 Kbytes)
[    0.830291] 1 routerbootpart partitions found on MTD device spi0.0
[    0.836577] Creating 1 MTD partitions on "spi0.0":
[    0.841448] 0x000000000000-0x000000010000 : "partitions"
[    0.848418] 4 routerbootpart partitions found on MTD device partitions
[    0.855092] Creating 4 MTD partitions on "partitions":
[    0.860318] 0x000000000000-0x00000000c000 : "routerboot"
[    0.866548] 0x00000000c000-0x00000000d000 : "hard_config"
[    0.872832] 0x00000000d000-0x00000000e000 : "bios"
[    0.878580] 0x00000000e000-0x00000000f000 : "soft_config"

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years agoath79: reduce spi-max-frequency for Mikrotik wAP G-5HacT2HnD
Roger Pueyo Centelles [Wed, 8 Apr 2020 08:37:52 +0000 (10:37 +0200)]
ath79: reduce spi-max-frequency for Mikrotik wAP G-5HacT2HnD

The previous spi-max-frequency value did not work with all the CPU speed
settings (configurable with rbcfg or from the stock firmware); the new
one does for the three of them.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
4 years agoath79: MikroTik: fix missing nand on kernel 5.4
Koen Vandeputte [Thu, 16 Apr 2020 10:21:52 +0000 (12:21 +0200)]
ath79: MikroTik: fix missing nand on kernel 5.4

Following symbol got renamed upstream:
CONFIG_MTD_NAND --> CONFIG_MTD_RAW_NAND

Also add this renamed symbol so NAND also works on kernel 5.4.

After:
[    0.628372] nand: device found, Manufacturer ID: 0xec, Chip ID: 0xf1
[    0.634862] nand: Samsung NAND 128MiB 3,3V 8-bit
[    0.639554] nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
[    0.647263] Scanning device for bad blocks
[    0.656228] random: fast init done
[    0.789652] 3 fixed-partitions partitions found on MTD device ar934x-nand
[    0.796550] Creating 3 MTD partitions on "ar934x-nand":
[    0.801874] 0x000000000000-0x000000040000 : "booter"
[    0.807715] 0x000000040000-0x000000400000 : "kernel"
[    0.813551] 0x000000400000-0x000008000000 : "ubi"

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years agokernel: bump 4.19 to 4.19.115
Koen Vandeputte [Wed, 15 Apr 2020 13:11:54 +0000 (15:11 +0200)]
kernel: bump 4.19 to 4.19.115

Refreshed all patches.

Remove upstreamed:
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
- 184-USB-serial-option-add-Wistron-Neweb-D19Q1.patch

Fixes:
- CVE-2020-8647
- CVE-2020-8648 (potentially)
- CVE-2020-8649

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years agokernel: bump 4.14 to 4.14.176
Koen Vandeputte [Wed, 15 Apr 2020 12:31:12 +0000 (14:31 +0200)]
kernel: bump 4.14 to 4.14.176

Refreshed all patches.

Remove upstreamed:
- 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
- 184-USB-serial-option-add-Wistron-Neweb-D19Q1.patch

Fixes:
- CVE-2020-8648 (potentially)
- CVE-2020-8647
- CVE-2020-8649

Compile-tested on: cns3xxx, octeontx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
4 years agoath79: improve status LED definitions for GL-AR750
Hannu Nyman [Wed, 15 Apr 2020 20:05:27 +0000 (23:05 +0300)]
ath79: improve status LED definitions for GL-AR750

Improve the status LED functionality in GL-AR750
by adding the definitions for different statuses
(boot, failsafe, running, flashing).

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
4 years agoath79: add SUPPORTED_DEVICES for TP-Link TL-WA901ND v2
Adrian Schmutzler [Wed, 15 Apr 2020 10:45:28 +0000 (12:45 +0200)]
ath79: add SUPPORTED_DEVICES for TP-Link TL-WA901ND v2

This adds the board name from ar71xx to support upgrade without
-F for the TP-Link TL-WA901ND v2.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoramips: mt7621: enable lzma-loader for some devices
Chuanhong Guo [Wed, 15 Apr 2020 01:32:02 +0000 (09:32 +0800)]
ramips: mt7621: enable lzma-loader for some devices

ubnt er-x/xiaomi/netgear sercomm devices are known to have troble
extracting a big kernel from flash and has support for uncompressed
uimage
This commit uses uncompressed uimage with lzma-loader for these devices
to fix boot issue.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
4 years agox86: append metadata to combined images
Paul Spooren [Fri, 10 Apr 2020 09:54:52 +0000 (23:54 -1000)]
x86: append metadata to combined images

Now that the x86 target uses the new image generation code we can also
attach metadata to the created images.

As currently the `SUPPORTED_DEVICES` list is empty, no JSON metadata is
attached, however the signing happens in the same step.

This results in signature verification for x86 images.

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agoscripts/download: add sources CDN as first mirror
Paul Spooren [Mon, 6 Apr 2020 11:53:19 +0000 (01:53 -1000)]
scripts/download: add sources CDN as first mirror

OpenWrt now has a CDN for sources at sources.cdn.openwrt.org which
mirrors sources.openwrt.org.

Downloading sources outside Europe or US (mainland) could
result in low throughput, extremely slowing down the first compilation of
the build system.

This patch adds sources.cdn.openwrt.org as the first mirror to offer
worldwide fast download speeds by default. If the CDN goes down for
whatever reason, the script jumps to the next available mirror and
downloads requested files as before (in regional varying speed).

Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
4 years agoscripts: JSON merge don't crash if no JSON found
Paul Spooren [Wed, 8 Apr 2020 20:17:01 +0000 (10:17 -1000)]
scripts: JSON merge don't crash if no JSON found

The JSON `WORK_DIR` ($(KDIR)/json_info_files) is only created if the new
image generation methods from `image.mk` are used. However some targets
like `armvirt` do not use it yet, so the folder is never created.

The `json_overview_image_info.py` script used to raise an error if the
given `WORK_DIR` isn't a folder, however it should just notify about
missing JSON files.

This patch removes the Python assert and exists with code 0 even if no
JSON files were found, as this is not necessarily an error but simply
not yet implemented. Using `glob` on an not existing `Path` results in
an empty list, therefore the for loop won't run.

Signed-off-by: Paul Spooren <mail@aparcar.org>
CC: Petr Štetiar <ynezz@true.cz>
4 years agokernel: bump 5.4 to 5.4.32
Petr Štetiar [Tue, 14 Apr 2020 15:55:55 +0000 (17:55 +0200)]
kernel: bump 5.4 to 5.4.32

Refreshed patches, removed upstreamed patches:

 generic: 746-stable-net-dsa-mt7530-fix-null-pointer-dereferencing-in-por.patch

Run tested: qemu-x86-64, apalis
Build tested: x86/64, imx6, sunxi/a53

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoipq806x: add patch to fix broken buttons
Ansuel Smith [Tue, 14 Apr 2020 00:43:49 +0000 (02:43 +0200)]
ipq806x: add patch to fix broken buttons

From kernel 4.20 msm-gpio driver is broken and cause the
malfunction of the buttons on every ipq806x target.
Add a patch to fix this.

Tested-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
4 years agoprocd: jail fixes and improvements
Daniel Golle [Tue, 14 Apr 2020 15:11:05 +0000 (16:11 +0100)]
procd: jail fixes and improvements

 32c717e jail: only mess with rootfs if CLONE_NEWNS was set
 b275a62 instance: harmonize instance API
 511fd97 jail: make /proc more secure
 4953b7c jail: mount /sys read-only
 a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
 a4cc165 jail: always mount /dev as additional tmpfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agonetifd: clean up netns functionality
Daniel Golle [Tue, 14 Apr 2020 12:52:36 +0000 (13:52 +0100)]
netifd: clean up netns functionality

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agoath79: further fixes for ZyXEL NBG6716
Adrian Schmutzler [Wed, 8 Apr 2020 12:43:04 +0000 (14:43 +0200)]
ath79: further fixes for ZyXEL NBG6716

This applies further fixes to the DTS of ZyXEL NBG6716 based on
what is found in ar71xx (mach-nbg6716.c):

- use WiFi label names as in ar71xx
- fix WPS gpio number
- fix GPIO_ACTIVE_HIGH and mode for WiFi switch
- add codes for USB eject buttons
- fix node name for "internet" LED

This device has separate LEDs for WAN and "Internet". As the WAN-LED
(and the four LAN-LEDs) are driven independent of the setup in
DT/01_leds, the "internet" LED is left unassigned (in contrast to
ar71xx, where it was set up effectively as a second WAN LED)

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoRevert "kmod-sched: add act_police"
Kevin Darbyshire-Bryant [Tue, 14 Apr 2020 07:48:33 +0000 (08:48 +0100)]
Revert "kmod-sched: add act_police"

This reverts commit 1b973b54ea4d5d20dec5e71c48bff6a3e0bcb4ac.

It turns out act_police is included in the kmod-sched package so this
package turns out to be superfluous and causes file provision conflicts.

Ooooops!  Best revert it then.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
4 years agoramips: define image recipe for uncompressed uimage with loader
Chuanhong Guo [Tue, 14 Apr 2020 04:01:50 +0000 (12:01 +0800)]
ramips: define image recipe for uncompressed uimage with loader

Some devices have bootloaders with broken lzma code resulting in failed
decompression or corrupted kernel code.
This image recipe allows to sacrifice 5KB for OpenWrt LZMA loader and
take over the task of decompress kernel.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
4 years agoramips: define lzma loader platform in target
Chuanhong Guo [Tue, 14 Apr 2020 03:17:47 +0000 (11:17 +0800)]
ramips: define lzma loader platform in target

Loader platform is a per-soc variable instead of a per-device one.
Determine corresponding loader platform at the beginning of image
Makefile.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
4 years agoramips: add missing DEVICE_VARS for lzma-loader
Chuanhong Guo [Tue, 14 Apr 2020 03:00:03 +0000 (11:00 +0800)]
ramips: add missing DEVICE_VARS for lzma-loader

LOADER_TYPE is a per-device variable which should be included in
DEVICE_VARS.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>