aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* openvpn: openssl: explicitly depend on deprecated APIsMagnus Kroken2019-04-031-1/+1
| | | | | | | | OpenVPN as of 2.4.7 uses some OpenSSL APIs that are deprecated in OpenSSL >= 1.1.0. Signed-off-by: Magnus Kroken <mkroken@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [white space fix]
* ath79: Add support for TP-Link CPE210 v2Adrian Schmutzler2019-04-024-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR adds support for a popular low-cost 2.4GHz N based AP Specifications: - SoC: Qualcomm Atheros QCA9533 (650MHz) - RAM: 64MB - Storage: 8 MB SPI NOR - Wireless: 2.4GHz N based built into SoC 2x2 - Ethernet: 1x 100/10 Mbps, integrated into SoC, 24V POE IN Installation: Flash factory image through stock firmware WEB UI or through TFTP To get to TFTP recovery just hold reset button while powering on for around 4-5 seconds and release. Rename factory image to recovery.bin Stock TFTP server IP:192.168.0.100 Stock device TFTP adress:192.168.0.254 This is based on the support patch for the identical CPE210 v3 by Mario Schroen <m.schroen@web.de>. Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> [renamed dtsi filename] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ath79: Add support for TP-Link CPE210 v3Mario Schroen2019-04-026-0/+191
| | | | | | | | | | | | | | | | | | | | | | | | | | | Specifications: * SoC: Qualcomm Atheros QCA9533 (650MHz) * RAM: 64MB * Storage: 8 MB SPI NOR * Wireless: 2.4GHz N based built into SoC 2x2 * Ethernet: 1x 100/10 Mbps, integrated into SoC, 24V POE IN Installation: Flash factory image through stock firmware WEB UI or TFTP To get to TFTP recovery just hold reset button while powering on for around 4-5 seconds and release. Rename factory image to recovery.bin Stock TFTP server IP:192.168.0.100 Stock device TFTP adress:192.168.0.254 Thanks to robimarko for the work inside the ar71xx tree. Thanks to adrianschmutzler for deep discussion and fixes. Signed-off-by: Mario Schroen <m.schroen@web.de> [Split into DTS/DTSI, read-only config partition in DTSI] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> [renamed dtsi filename, light subject touches] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ar71xx: Add support for TP-Link CPE210 v3Robert Marko2019-04-027-2/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | Looks identical to the v2. This PR adds support for a popular low-cost 2.4GHz N based AP Specifications: - SoC: Qualcomm Atheros QCA9533 (650MHz) - RAM: 64MB - Storage: 8 MB SPI NOR - Wireless: 2.4GHz N based built into SoC 2x2 - Ethernet: 1x 100/10 Mbps, integrated into SoC, 24V POE IN Installation: Flash factory image through stock firmware WEB UI or through TFTP To get to TFTP recovery just hold reset button while powering on for around 4-5 seconds and release. Rename factory image to recovery.bin Stock TFTP server IP:192.168.0.100 Stock device TFTP adress:192.168.0.254 Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Signed-off-by: Robert Marko <robimarko@gmail.com> [Rebased, adjusted for separate tplink-safeloader entry, dynamic partitioning] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ar71xx: Use dynamic partitions for TP-Link CPE210 v2Adrian Schmutzler2019-04-022-3/+4
| | | | | | | This is also helpful to add support in ath79. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* netifd: update to latest git HEADHans Dedecker2019-04-011-3/+3
| | | | | | | 361b3e4 proto-shell: return error in case setup fails a97297d interface: set interface in TEARDOWN state when checking link state Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* build: image: Fix off-by-one in DTC kernel version checksPetr Štetiar2019-04-011-4/+4
| | | | | | | | | | | | It was reported to me on IRC today, that my change causes issues with kernel versions between 4.14 and 4.19. It's because I've wrongly used `git describe` in order to get kernel version where we should disable noisy DTC checks, but I should've used `git tag --contains` instead. Fixes: cbbef976e2b ("build: dtc: Disable noisy warnings by default") Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ar71xx: ens202ext: Fix whitespace issuesPetr Štetiar2019-04-011-4/+4
| | | | | | | | I've missed leading whitespace issues in the original patch, so fixing it in this commit. Thanks to pepe2k for letting me know. Fixes: d260813d ("ar71xx: ens202ext: Fix VLAN switch") Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openvpn: update to 2.4.7Magnus Kroken2019-04-013-5/+5
| | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mwlwifi: Fix pcie timeout issueKabuli Chana2019-04-011-3/+3
| | | | | | | | | | | | Increase MAX_WAIT_FW_COMPLETE_ITERATIONS to 10000 as before commit e5e0700 to prevent timeout as reported here: #308 (Original OP issue is probably not related though as his post preceeds commit e5e0700). compile/test target mvebu/mamba, rango Signed-off-by: Kabuli Chana <newtownBuild@gmail.com> [commit subject and message tweaks] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ramips: add missing SPDX identifier for EX6150David Bauer2019-03-311-0/+1
| | | | | | | This adds the SPDX license identifier for the NETGEAR EX6150. It was missed when submitting the original patch. Signed-off-by: David Bauer <mail@david-bauer.net>
* ar71xx: ens202ext: Fix VLAN switchMichael Pratt2019-03-311-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The target ENS202EXT was just recently added right before the stable release of Openwrt 18. It flashes fine, but the physical switch is almost impossible to use until you have a VLAN set up. Tested on two devices. The actual problem is that eth0 represents nothing for whatever reason. In other words, both WAN and LAN are running from eth1. There may be an underlying problem in the build, but for now, I assume that this is correct and that a VLAN switch is an appropriate fix. Also, it's virtually impossible to get the switch running right through LuCI. It is one thing to get a switch to appear, but attempting to configure it breaks the whole thing. The VLAN has to be set up perfectly, otherwise, interfaces will not start up, and one is forced to reset settings, OR, the new LuCI feature kicks in and reverses any steps. It is extremely difficult to determine which virtual ports correspond to which physical ethernet ports without being able to set up the switch in LuCI. Temporary Workaround: followed directions here [openwrt/luci#867](https://github.com/openwrt/luci/issues/867) Reviewed-by: Marty Plummer <hanetzer@startmail.com> Signed-off-by: Michael Pratt <mpratt51@gmail.com> [commit author fix, subject fix, message text wrap] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ath10k-firmware: update Candela Tech firmware imagesChristian Lamparter2019-03-301-24/+24
| | | | | | | | | | | | | | | | | | | Release notes since last time: Release notes for wave-1 / 10.1: 2019-03-28: Fix sometimes using bad TID for management frames in htt-mgt mode. (Backported from wave2, looks like bug would be the same though.) Release notes for wave-2 / 10.4: 2019-03-28: Fix off-channel scanning while associated in proxy-station mode. 2019-03-29: Fix sometimes sending mgt frames on wrong tid when using htt-mgt. This bug has been around since I first enabled htt-mgt mode. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* odhcpd: update to latest git HEADHans Dedecker2019-03-291-3/+3
| | | | | | | 7798d50 netlink: rework IPv4 address refresh logic 0b20876 netlink: rework IPv6 address refresh logic Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kernel: bump 4.14 to 4.14.109Koen Vandeputte2019-03-291-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.166Koen Vandeputte2019-03-291-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: ar7 Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ramips: Increase GB-PC1 SPI frequency to 80MHzRosen Penev2019-03-291-1/+2
| | | | | | | | | | | | | | | | | | | | The specific flash chip used (W25Q256FVEM) accepts 50MHz for read requests and higher for others. 104MHz for fast reads. ramips seems to be limited to 80MHz based on testing with higher values (no speedup). Based on upstream commit: 97738374a310b9116f9c33832737e517226d3722 time dd if=/dev/mtdblock3 of=/dev/null bs=64k from 42.96s to 7.01s [test done with backported upstream v4.19 driver[1], for numbers on stock 4.14 driver please take a look at `ramips: Increase GB-PC2 SPI frequency to 80MHz` commit message] 1. https://github.com/openwrt/openwrt/pull/1578 Signed-off-by: Rosen Penev <rosenp@gmail.com> [expanded note about spi driver version] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ramips: Increase GB-PC2 SPI frequency to 80MHzRosen Penev2019-03-291-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | The flash chip on the board (Spansion S25FL256SAIF00) is rated to support at least 50MHz for normal read requests according to the datasheet. 133MHz for fast reads. However, ramips seems to be limited to 80MHz. >From testing this, higher values do not improve speeds. time dd if=/dev/mtdblock3 of=/dev/null bs=64k from 42.82s to 14.09s. boot speed is also faster: [ 66.884087] procd: - init - vs [ 48.976049] procd: - init - Since spi speed was requested: [ 3.538884] spi-mt7621 1e000b00.spi: sys_freq: 225000000 CPU is 900MHz: [ 0.000000] CPU Clock: 900MHz Signed-off-by: Rosen Penev <rosenp@gmail.com> [fixed commit message by adding missing 0 in the spi-mt7621 clock output] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ramips: add Netgear EX6150David Bauer2019-03-293-0/+259
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SoC: MediaTek MT7621 RAM: 64M (Winbond W9751G6KB-25) FLASH: 16MB (Macronix MX25L12835F) WiFi: MediaTek MT7662E bgn 2SS WiFi: MediaTek MT7662E nac 2SS BTN: ON/OFF - Reset - WPS - AP/Extender toggle LED: - Arrow Right (blue) - Arrow Left (blue) - WiFi 1 (red/green) - WiFi 2 (red/green) - Power (green/amber) - WPS (Green) UART: UART is present as Pads on the backside of the PCB. They are located on the other side of the Ethernet port. 3.3V - GND - TX - RX / 57600-8N1 3.3V is the nearest one to the antenna connectors Installation ------------ Update the factory image via the Netgear web-interfaces (by default: 192.168.1.250/24). You can also use the factory image with the nmrpflash tool. For more information see https://github.com/jclehner/nmrpflash Signed-off-by: David Bauer <mail@david-bauer.net> [merge conflict in 02_network, flash@0 node rename, wlan DTS triggers] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ramips: add support for ZyXEL Keenetic StartVladimir Kot2019-03-294-0/+132
| | | | | | | | | | | | | | | | | | | | | | | | | | Device specification: - SoC: RT5350F - CPU Frequency: 360 MHz - Flash Chip: Winbond 25Q32 (4096 KiB) - RAM: 32768 KiB - 5x 10/100 Mbps Ethernet (4x LAN, 1x WAN) - 1x external, non-detachable antenna - UART (J1) header on PCB (57800 8n1) - Wireless: SoC-intergated: 2.4GHz 802.11bgn - USB: None - 3x LED, 2x button Flash instruction: 1. Configure PC with static IP 192.168.1.2/24 and start TFTP server. 2. Rename "openwrt-ramips-rt305x-kn_st-squashfs-sysupgrade.bin" to "kstart_recovery.bin" and place it in TFTP server directory. 3. Connect PC with one of LAN ports, press the reset button, power up the router and keep button pressed until power LED start blinking. 4. Router will download file from TFTP server, write it to flash and reboot. Signed-off-by: Vladimir Kot <vova28rus@gmail.com> [fixed git commit author and whitespace issues in DTS] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ramips: add support for WIZnet WizFi630S boardTobias Welz2019-03-293-0/+204
| | | | | | | | | | | | | | | | | | | | The WIZnet WizFi630S board is in the miniPCIe form factor. SoC: Mediatek MT7688AN RAM: 128MB Flash: 32Mb WiFi: 2.4GHz Ethernet: 3x 100Mbit USB: 1 (USB 2.0) serial ports: 2 (1x full, 1xlite) Flash and recovery instructions: Use the factory installed u-boot boot loader. It is available on UART2 (115200,8,n,1). Then get the sysupgrade image from a tftp server. Signed-off-by: Tobias Welz <tw@wiznet.eu> [whitespace and device name in makefile fixes] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* iwinfo: Fix 802.11ad channel to frequencyDaniel Golle2019-03-281-3/+3
| | | | | | | c2cfe9d iwinfo: Fix 802.11ad channel to frequency Fixes 9725aa271a ("iwinfo: update to latest git HEAD") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to the latest master branchPetr Štetiar2019-03-281-3/+3
| | | | | | | ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant bc2c876 libfstools: Print error in case of loop blkdev failure Signed-off-by: Petr Štetiar <ynezz@true.cz>
* package/uboot-omap: backport patches to fix buildAlexander Couzens2019-03-283-1/+3168
| | | | | | | * 106: fix build when libfdt-devel is installed on host * 107: fix stdbool.h includes Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* wireguard: introduce 'nohostroute' optionDaniel Golle2019-03-271-1/+2
| | | | | | | | | | Instead of creating host-routes depending on fwmark as (accidentally) pushed by commit 1e8bb50b93 ("wireguard: do not add host-dependencies if fwmark is set") use a new config option 'nohostroute' to explicitely prevent creation of the route to the endpoint. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* IB: fix generating .profile.mk for profiles without metadataDaniel Golle2019-03-271-1/+1
| | | | | | Fixes d6fa04a437 ("IB: include SUPPORTED_DEVICES in 'make info' output") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wireguard: do not add host-dependencies if fwmark is setDaniel Golle2019-03-271-6/+8
| | | | | | | | | | The 'fwmark' option is used to define routing traffic to wireguard endpoints to go through specific routing tables. In that case it doesn't make sense to setup routes for host-dependencies in the 'main' table, so skip setting host dependencies if 'fwmark' is set. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* odhcpd: update to latest git HEAD (FS#2204)Hans Dedecker2019-03-271-3/+3
| | | | | | 420945c netlink: fix IPv6 address updates (FS#2204) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kernel: fix missing dependency in 4.14.108Koen Vandeputte2019-03-271-1/+1
| | | | | | | | | | | | The 4.14.108 bump introduced a missing dependency when building specific netfilters. Thsi was not seen as the error does not occur on all targets. Thanks to Jo-Philipp Wich for providing the fix Fixes: af6c86dbe56e ("kernel: bump 4.14 to 4.14.108") Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* mt76: update to the latest versionFelix Fietkau2019-03-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | f2a18f5 mt76x02: introduce mt76x02_beacon.c 91ade88 mt76x02: add hrtimer for pre TBTT for USB 6370485 mt76x02: introduce beacon_ops 37af803 mt76x02u: implement beacon_ops 41d6190 mt76x02: generalize some mmio beaconing functions dcccc04 mt76x02u: add sta_ps 5ac5289 mt76x02: disable HW encryption for group frames e284cc2 mt76x02u: implement pre TBTT work for USB 77e56b8 mt76x02: make beacon slots bigger for USB d4c740f mt76x02u: add mt76_release_buffered_frames 65e6344 mt76: unify set_tim f720e49 mt76x02: enable AP mode for USB cf1838d mt76usb: change mt76u_submit_buf 16b2ccf mt76: remove rx_page_lock e1bfbeb mt76usb: change mt76u_fill_rx_sg arguments e9c0171 mt76usb: use usb_dev private data a4eb5db mt76usb: remove mt76u_buf redundant fileds 3f9b68d mt76usb: move mt76u_buf->done to queue entry 4a366bd mt76usb: remove mt76u_buf and use urb directly 0904bc4 mt76usb: remove MT_RXQ_MAIN queue from mt76u_urb_alloc 42f2899 mt76usb: resue mt76u_urb_alloc for tx 4d4d73a mt76usb: remove unneded sg_init_table 57309c7 mt76usb: allocate urb and sg as linear data 2e89721 mt76usb: remove queue variable from rx_tasklet 30a256a mt76x02: remove extra_tx_headroom (obsoleted by mac8211 skb aligning) ae166b0 Revert "mt76: mt7603: store software PN/IV in wcid" bf6e72d Revert "mt76: mt76x02: store software PN/IV in wcid" a11b673 mt76: fix tx power issues Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: bump 4.14 to 4.14.108Koen Vandeputte2019-03-2710-25/+26
| | | | | | | | | | | | Refreshed all patches. Altered patches: - 950-0033-i2c-bcm2835-Add-debug-support.patch Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.165Koen Vandeputte2019-03-272-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: ar7 Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* scripts/gen_image_generic.sh: fail on errorsStijn Tintel2019-03-271-1/+1
| | | | | | | | | | | The script always exits with value 0, even if some of the commands fail. This can potentially create broken, unbootable images, e.g. when make_ext4fs fails due to TARGET_KERNEL_PARTSIZE being too small for the kernel. Avoid this by failing the script when any command fails. Acked-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ar71xx: add support for MikroTik RouterBOARD 922UAGS-5HPacDKoen Vandeputte2019-03-266-29/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds support for the MikroTik RouterBOARD 922UAGS-5HPacD with a built-in 802.11ac High-Power radio (31dBm). See https://mikrotik.com/product/RB922UAGS-5HPacD for more info. Specifications: - SoC: Qualcomm Atheros QCA9557 (720 MHz) - RAM: 128 MB - Storage: 128 MB NAND - Wireless: external QCA9882 802.11a/ac 2x2:2 - Ethernet: 1x 1000/100/10 Mbps, integrated, via AR8031 PHY, passive PoE-in 24V - SFP: 1x host - USB: 1x 2.0 type A - PCIe: 1x Mini slot (also contains USB 2.0 for 3G/LTE modems) - SIM slot: 1x mini-SIM Working: - Board/system detection - NAND storage detection - PCIe - USB: Type A & mini PCIe - Wireless - Ethernet - LED's (excl. SFP and RSSI levels) - Reset button - Sysupgrade Not working: - SFP cage Installation: - Boot vmlinux-initramfs image via BOOTP/TFTP and then flash sysupgrade image using "sysupgrade -n" Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
* mvebu: Add dependency to kmod-i2c-mux-pca954x for armada-macchiatobinHauke Mehrtens2019-03-261-1/+1
| | | | | | This driver is needed for the I2C mux on the board. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* mvebu: Refresh kernel configurationHauke Mehrtens2019-03-263-12/+16
| | | | | | | | | | | | | | | | | This refreshes the current kernel configuration to remove unneeded options, add some automatically added ones and reorders them. The normal build did this automatically, so the builds already used this configuration. CONFIG_HW_RANDOM_OMAP is explicitly activated for the cortexa72 subtarget because it has an inside-secure,safexcel-eip76 IP core. This was done with this command on the cortexa9 subtarget: make kernel_oldconfig and this one on the other subtargets: make kernel_oldconfig CONFIG_TARGET=subtarget Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mvebu: Fix typo in MACCHIATOBin detectionHauke Mehrtens2019-03-251-1/+1
| | | | | | The name in the device tree file is written with two C. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* linux: Add kmod-sched-act-vlanHauke Mehrtens2019-03-251-0/+16
| | | | | | This allows to configure rules to push or pop vlan headers. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* linux: Add kmod-sched-flowerHauke Mehrtens2019-03-251-0/+16
| | | | | | | This allows to classify packets based on a configurable combination of packet keys and masks. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* linux: Add kmod-sched-mqprioHauke Mehrtens2019-03-251-0/+16
| | | | | | This adds Multi-queue priority scheduler (MQPRIO). Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* linux: Add kmod-crxypto-xcbcHauke Mehrtens2019-03-251-0/+12
| | | | | | This can be used for IPsec. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* dropbear: split ECC support to basic and fullKonstantin Demin2019-03-252-8/+31
| | | | | | | | | | - limit ECC support to ec*-sha2-nistp256: * DROPBEAR_ECC now provides only basic support for ECC - provide full ECC support as an option: * DROPBEAR_ECC_FULL brings back support for ec{dh,dsa}-sha2-nistp{384,521} - update feature costs in binary size Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: rewrite init script startup logic to handle both host key filesKonstantin Demin2019-03-251-24/+38
| | | | Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: change type of config option "Port" to scalar type "port"Konstantin Demin2019-03-251-1/+1
| | | | | | it was never used anywhere, even LuCI works with "Port" as scalar type. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: introduce config option "keyfile" (replacement for "rsakeyfile")Konstantin Demin2019-03-251-1/+56
| | | | | | | | | | | | * option "keyfile" is more generic than "rsakeyfile". * option "rsakeyfile" is considered to be deprecated and should be removed in future releases. * warn user (in syslog) if option "rsakeyfile" is used * better check options ("rsakeyfile" and "keyfile"): don't append "-r keyfile" to command line if file is absent (doesn't exist or empty), warn user (in syslog) about such files Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: add initial support for ECC host keyKonstantin Demin2019-03-251-0/+2
| | | | Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: fix regression where TTY modes weren't reset for clientKonstantin Demin2019-03-251-0/+46
| | | | | | cherry-pick upstream commit 7bc6280613f5ab4ee86c14c779739070e5784dfe Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: honour CFLAGS while building bundled libtomcrypt/libtommathKonstantin Demin2019-03-251-0/+48
| | | | | | | | Felix Fietkau pointed out that bundled libtomcrypt/libtommath do funny stuff with CFLAGS. fix this with checking environment variable OPENWRT_BUILD in both libs. change in dropbear binary size is drastical: 221621 -> 164277. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: fix hardening flags during configureKonstantin Demin2019-03-251-0/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | compiler complains about messed up CFLAGS in build log: <command-line>: warning: "_FORTIFY_SOURCE" redefined <command-line>: note: this is the location of the previous definition and then linker fails: mips-openwrt-linux-musl-gcc [...] -o dropbearmulti [...] collect2: fatal error: ld terminated with signal 11 [Segmentation fault] compilation terminated. /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans0.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans1.ltrans.o: relocation R_MIPS_HI16 against `ses' can not be used when making a shared object; recompile with -fPIC /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans2.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550 [...] /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550 make[3]: *** [Makefile:198: dropbearmulti] Error 1 make[3]: *** Deleting file 'dropbearmulti' make[3]: Leaving directory '/build_dir/target-mips_24kc_musl/dropbear-2018.76' make[2]: *** [Makefile:158: /build_dir/target-mips_24kc_musl/dropbear-2018.76/.built] Error 2 make[2]: Leaving directory '/package/network/services/dropbear' This FTBFS issue was caused by hardening flags set up by dropbear's configure script. By default, Dropbear offers hardening via CFLAGS and LDFLAGS, but this may break or confuse OpenWrt settings. Remove most Dropbear's hardening settings in favour of precise build, but preserve Spectre v2 mitigations: * -mfunction-return=thunk * -mindirect-branch=thunk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: bump to 2019.77Konstantin Demin2019-03-2512-517/+52
| | | | | | | | | | | | | - drop patches applied upstream: * 010-runtime-maxauthtries.patch * 020-Wait-to-fail-invalid-usernames.patch * 150-dbconvert_standalone.patch * 610-skip-default-keys-in-custom-runs.patch - refresh patches - move OpenWrt configuration from patch to Build/Configure recipe, thus drop patch 120-openwrt_options.patch Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>