aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* ramips: add support for Senao Engenius ESR600HMichael Pratt2020-12-221-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | FCC ID: A8J-ESR750H Engenius ESR600H is an indoor wireless router with a gigabit switch, 2.4 GHz and 5 GHz wireless, internal and external antennas, and a USB port. **Specification:** - RT3662F MIPS SOC, 5 GHz WMAC (2x2) - RT5392L PCI on-board, 2.4 GHz (2x2) - AR8327 RGMII, 7-port GbE, 25 MHz clock - 40 MHz reference clock - 8 MB FLASH 25L6406EM2I-12G - 64 MB RAM - UART at J12 (unpopulated) - 2 internal antennas (5 GHz) - 2 external antennas (2.4 GHz) - 9 LEDs, 1 button (power, wps, wifi2g, wifi5g, 5 LAN/WAN) - USB 2 port (GPIO controlled power) **MAC addresses:** MAC Addresses are labeled as WAN and WLAN U-boot environment has the the vendor MAC address for ethernet MAC addresses in "factory" are part of wifi calibration data eth0.2 WAN *:13:e7 u-boot-env wanaddr eth0.1 ---- *:13:e8 u-boot-env wanaddr + 1 phy0 WLAN *:14:b8 factory 0x8004 phy1 ---- *:14:bc factory 0x4 **Installation:** Method 1: Firmware upgrade page OEM webpage at 192.168.0.1 username and password "admin" Navigate to Network Setting --> Tools --> Firmware Click Browse and select the factory.dlf image Click Continue to confirm and wait 6 minutes or more... Method 2: Serial console to load TFTP image: (see TFTP recovery) **Return to OEM:** Unlike most Engenius boards, this does not have a 'failsafe' image the only way to return to OEM is serial access to uboot Unlike most Engenius boards, public images are not available... so the only way to return to OEM is to have a copy of the MTD partition "firmware" BEFORE flashing openwrt. **TFTP recovery:** Unlike most Engenius boards, TFTP is reliable here however it requires serial console access (soldering pins to the UART pinouts) build your own image... with 'ramdisk' selected under 'Target Images' rename initramfs-kernel.bin to 'uImageESR-600H' make the file available on a TFTP server at 192.168.99.8 interrupt boot by holding or pressing '4' in serial console as soon as board is powered on `tftpboot 0x81000000` `bootm 0x81000000` perform a sysupgrade **Format of OEM firmware image:** This Engenius board uses the Senao proprietary header with a unique Product ID. The header for factory.bin is generated by the mksenaofw program included in openwrt. .dlf file extension is also required for OEM software to accept it **Note on using OKLI:** the kernel is now too large for the bootloader to handle so OKLI is used via the `kernel-loader` image command recently in master several other ramips boards have the same problem 'Kernel panic - not syncing: Failed to find ralink,rt3883-sysc node' see commit ad19751edc21ae713bd95df6b93be64bd1e0c612 Signed-off-by: Michael Pratt <mcpratt@pm.me>
* toolchain: remove uClibc install stuffRosen Penev2020-12-221-28/+3
| | | | | | This is preparation for removing uClibc-ng. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* hostapd: Use EAPOLv1 (802.1X-2001) if WPA enabledNick Lowe2020-12-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, EAPOLv2 (802.1X-2004) is used by default for legacy clients that are not WPA2 (RSN) capable. These legacy clients are often intolerant to this EAPOL version and fail to connect. hostapd.conf upstream documents for eapol_version the following and that this is a known compatibility issue with version 2: // IEEE 802.1X/EAPOL version // hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL // version 2. However, there are many client implementations that do not handle // the new version number correctly (they seem to drop the frames completely). // In order to make hostapd interoperate with these clients, the version number // can be set to the older version (1) with this configuration value. // Note: When using MACsec, eapol_version shall be set to 3, which is // defined in IEEE Std 802.1X-2010. //eapol_version=2 For the wpa parameter, hostapd.conf upstream documents that this is a bitfield, configured as follows: // Enable WPA. Setting this variable configures the AP to require WPA (either // WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either // wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK. // Instead of wpa_psk / wpa_passphrase, wpa_psk_radius might suffice. // For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys), // RADIUS authentication server must be configured, and WPA-EAP must be included // in wpa_key_mgmt. // This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0) // and/or WPA2 (full IEEE 802.11i/RSN): // bit0 = WPA // bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled) // Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2. // In other words, for WPA3, wpa=2 is used the configuration (and // wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK). //wpa=2 For client compatibility therefore: EAPOLv1 (802.1X-2001) should be used by default where WPA is enabled. EAPOLv2 (802.1X-2004) should be used by default where WPA is disabled. To fix this, we can therefore change in the script: set_default eapol_version 0 To the following: set_default eapol_version $((wpa & 1)) This therefore: 1) Sets eapol_version to 1 where WPA has been enabled via wpa bit0 being set. 2) Sets eapol_version to 0 where WPA has been disabled via wpa bit0 being unset. For usual configurations that only have WPA2 enabled, EAPOLv2 is then used. Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
* mac80211: fix MAC address allocations when local bit set on base addrPaul Fertser2020-12-221-2/+2
| | | | | | | | | | | | | | | Testing with hwsim reveals two problems: 1. phyX/addresses has two addresses and mac80211_get_addr keeps returning the last one when asked for more; 2. The base address has the local bit set and the operation unsets it. Fix both. Fixes: 866790fd827cb0187353cdf484eb46a9b38fb6ba Reported-by: Zero_Chaos Signed-off-by: Paul Fertser <fercerpav@gmail.com>
* base-files: flush kernel memory cache during sysupgradeHannu Nyman2020-12-222-0/+2
| | | | | | | | | | | Flush kernel memory caches during sysupgrade in order to mitigate the impact from memory consumption spikes in low-RAM devices. This may help to prevent sysupgrade causing a reboot before the actual flashing starts. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* uboot-tegra: bump to 2020.04Tomasz Maciej Nowak2020-12-221-2/+2
| | | | | | | | | This fixes error when host GCC >= 10. /usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here collect2: error: ld returned 1 exit status Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
* tcpdump: fix pcap-config issuesRosen Penev2020-12-222-115/+4
| | | | | | | | | | | | | | The patch removes a libpcap check to avoid a problem with libpcap. Fix libpcap instead. Modernize Makefile: Use a normal autoconf bool instead of checking for CONFIG_IPV6. Remove old configure and MAKE_FLAGS hacks. Removing them results in compilation continuing to work without a problem. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libpcap: fix pcap-configRosen Penev2020-12-221-2/+10
| | | | | | | | | | | | | pcap-config as installed is using OS paths instead of OpenWrt ones. Take fix from libpng and adjust as needed. This problem seems to occur on Arch Linux and not on Debian/Fedora based distros. No idea why. Remove CMAKE_INSTALL as there is now an InstallDev section. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* fs/cifs: update module dependenciesRosen Penev2020-12-221-7/+10
| | | | | | | | | | | 0fdfef9aa7ee68ddd508aef7c98630cfc054f8d6 upstream removed CIFS_SMB311. Kernels 4.19 and above do not have it. Currently only kernels 4.19 and 5.4 are in the tree. The Kconfig file in the kernel has more selection that what is in here. Add the rest and reorder based on upstream ordering. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* pcre: fix paths in config fileRosen Penev2020-12-221-1/+2
| | | | | | | | | The paths are pointing to OS paths, not OpenWrt ones. Use SED line from libpng to fix and adjust accordingly. This may allow certain packages that use the config file to pick up pcre. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* nettle: update to 3.6Rosen Penev2020-12-221-6/+6
| | | | | | | | | | | Updated ABI_VERSION. Switched PKG_BUILD_PARALLEL on as there seems to be no issue anymore. I can't find any information about why it was turned off. Fixed license information. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* binutils: update to 2.35.1Rosen Penev2020-12-221-2/+2
| | | | | | Fixes compilation with musl 1.2.x. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* elfutils: update to 0.180Rosen Penev2020-12-223-6/+6
| | | | | | Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* hostapd: parse skip_inactivity_poll optionNadim Atiya2020-12-222-3/+5
| | | | | | | | | | | | hostapd.sh does not parse skip_inactivity_poll boolean from /etc/config/wireless despite being mentioned in the documentation [1]. This change fixes this, and by default sets its value to 0 [1]. [1] https://openwrt.org/docs/guide-user/network/wifi/basic Signed-off-by: Nadim Atiya <nadim.atiya@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org> [fix and reformat commit message, make patch apply]
* base-files: upgrade: fix initramfs detectionRobert Marko2020-12-202-2/+2
| | | | | | | | | | | | | | | Commit "initramfs: switch to tmpfs to fix ujail" switched initramfs to now use tmpfs, it causes $(rootfs_type) to now return tmpfs when running initramfs image instead of being empty. This broke initramfs detection which prevents config files from being saved as it does not work from initramfs. So, lets test for $(rootfs_type) returning "tmpfs" instead. Fixes: 7fd3c68 ("initramfs: switch to tmpfs to fix ujail) Signed-off-by: Robert Marko <robimarko@gmail.com>
* uhttpd: don't redirect to HTTPS by defaultPetr Štetiar2020-12-201-1/+1
| | | | | | | | | | | | | | | | | | | So we can ship px5g-wolfssl by default in the release image, but still make the HTTPS for LuCI optional. This small change with addition of `CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the next release should provide optional HTTPS in the next release. Disabling the current default automatic uhttpd's redirect to HTTPS should make the HTTPS optional. That's it, user would either need to switch to HTTPS by manually switching to https:// protocol in the URL or by issuing the following commands to make the HTTPS automatic redirect permanent: $ uci set uhttpd.main.redirect_https=1 $ uci commit uhttpd $ service uhttpd reload Signed-off-by: Petr Štetiar <ynezz@true.cz>
* mt76: Fix compile against glibcHauke Mehrtens2020-12-192-1/+26
| | | | | | The mt76 test tools did not compile against glibc. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: Deactivate sanitizer on MIPS and ARCHauke Mehrtens2020-12-191-4/+4
| | | | | | | | | | MIPS 32 bit support for sanitizer was added with GCC 9, MIPS 64 bit and ARC are still not supported in GCC 10. Deactivate them for now and change this when we change the default compiler to GCC 9 or later. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: do not drop tx nulldata packets on encrypted linksFelix Fietkau2020-12-181-0/+25
| | | | | | Fixes sending out nulldata probing frames Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mt76: update to the latest versionFelix Fietkau2020-12-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7f53d68b1af9 mt76: mt7615: add debugfs knob for setting extended local mac addresses 1a2547b27dfc mt76: do not set NEEDS_UNIQUE_STA_ADDR for 7615 and 7915 2741fd071bb7 mt76: mt7915: support 32 station interfaces 709f2cd77810 mt76: mt7915: fix processing txfree events 434940e08233 mt76: mt7915: measure channel noise and report it via survey 236326896589 mt76: mt7615: retry if mt7615_mcu_init returns -EAGAIN b5c593b63f4c mt76: mt7663s: move tx/rx processing in the same txrx workqueue 75157b59ae4e mt76: mt7663s: convert txrx_work to mt76_worker 6dc67b058e2a mt76: mt7663s: disable interrupt during txrx_worker processing b381729626bb mt76: sdio: convert {status/net}_work to mt76_worker 9cb12f7042cc mt76: mt7915: fix DRR sta bss group index 75977a85e844 mt76: mt7915: disable OFDMA/MU-MIMO UL 6cdebe805862 mt76: rename __mt76_mcu_send_msg to mt76_mcu_send_msg eb9afae96b65 mt76: rename __mt76_mcu_skb_send_msg to mt76_mcu_skb_send_msg 8c73f3b15ada mt76: implement .mcu_parse_response in struct mt76_mcu_ops fcfbb046c2f3 mt76: move mcu timeout handling to .mcu_parse_response 477caa196ffe mt76: move waiting and locking out of mcu_ops->mcu_skb_send_msg a4d71501bad6 mt76: make mcu_ops->mcu_send_msg optional 80c310c59ad1 mt76: mt7603: switch to .mcu_skb_send_msg 082b26181013 mt76: implement functions to get the response skb for MCU calls ee40800df2e4 mt76: mt7915: move eeprom parsing out of mt7915_mcu_parse_response d33943baac47 mt76: mt7915: query station rx rate from firmware b8874e8756d9 mt76: add back the SUPPORTS_REORDERING_BUFFER flag 633ae5961db6 mt76: mt7615: enable beacon filtering by default for offload fw 9a203fea3540 mt76: mt7615: introduce quota debugfs node for mt7663s f9ae638af7e2 mt76: mt7663s: get rid of mt7663s_sta_add 1a5758d894d0 mt76: mt7663s: fix a possible ple quota underflow dea10c03316f mt76: sdio: get rid of sched.lock eb4c09957938 mt76: mt7915: set fops_sta_stats.owner to THIS_MODULE 594890b11155 mt76: mt7915: update ppe threshold 8884a5def518 mt76: mt7915: rename mt7915_mcu_get_rate_info to mt7915_mcu_get_tx_rate 33b89f4a1bf4 mt76: set fops_tx_stats.owner to THIS_MODULE 4d019c9672ec sync with upstream changes 35e3cd1db479 mt76: mt7603: fix ED/CCA monitoring with single-stream devices 4f9f79b085b1 wireless: mt76: convert tasklets to use new tasklet_setup() API 20e8cf935ed0 mt76: dma: fix possible deadlock running mt76_dma_cleanup 36089a655f58 mt76: mt7915: fix sparse warning cast from restricted __le16 68c4eedafd61 mt76: fix memory leak if device probing fails 9a1a0a4dec71 mt76: mt7603: add additional EEPROM chip ID 01b943295719 mt76: move mt76_mcu_send_firmware in common module 0aee4999902a mt76: mt7663s: introduce WoW support via GPIO 79ebad117325 mt76: switch to wep sw crypto for mt7615/mt7915 af139725193a mt76: fix tkip configuration for mt7615/7663 devices 664e66b35c0b mt76: mt7615: run key configuration in mt7615_set_key for usb/sdio devices f675358267d6 mt76: mt76u: rely on woker APIs for rx work b9f9c16cb1bd mt76: mt76u: use dedicated thread for status work cdeb1b29cd15 mt76: testmode: switch ib and wb rssi to array type for per-antenna report 0a898c0549b6 mt76: testmode: add snr attribute in rx statistics 3ea9a0433bcc mt76: testmode: add tx_rate_stbc parameter 73427ebbbd27 mt76: testmode: add support for LTF and GI combinations for HE mode 88ebccfe8a39 mt76: mt7915: fix tx rate related fields in tx descriptor 9909c0551e4c mt76: testmode: add support for HE rate modes 03ed0909f922 mt76: mt7915: implement testmode tx support 0aa696834a9c mt76: mt7915: implement testmode rx support 5ed3a34b46ce mt76: mt7915: add support to set txpower in testmode f86361654e94 mt76: mt7915: add support to set tx frequency offset in testmode 64a765be750a mt76: mt7915: make mt7915_eeprom_read static 9b48c13b52f7 mt76: mt7915: use BIT_ULL for omac_idx 27227fd57ea7 mt76: mt7915: remove unused mt7915_mcu_bss_sync_tlv() cd795267612d mt76: mt7615: support 16 interfaces 82da525ad0c8 mt76: mt7615: refactor usb/sdio rate code b9a50da503ad mt76: mt7915: rely on eeprom definitions c79d18723df0 mt76: move mt76_init_tx_queue in common code b0b221e91445 mt76: sdio: introduce mt76s_alloc_tx_queue caba5a99e5ae mt76: sdio: rely on mt76_queue in mt76s_process_tx_queue signature 3ed4aad81ce9 mt76: mt7663s: rely on mt76_queue in mt7663s_tx_run_queue signature 216cf8b28579 mt76: dma: rely on mt76_queue in mt76_dma_tx_cleanup signature 0f9350bef1b5 mt76: rely on mt76_queue in tx_queue_skb signature 8932975be066 mt76: introduce mt76_init_mcu_queue utility routine b0eb7edcc624 mt76: rely on mt76_queue in tx_queue_skb_raw signature ccd62467d0f3 mt76: move mcu queues to mt76_dev q_mcu array 2e217fb9e962 mt76: move tx hw data queues in mt76_phy 576647f2ec6a mt76: mt7915: fix endian issues e881fd67c718 mt76: move band capabilities in mt76_phy c728cecd7b77 mt76: rely on mt76_phy in mt76_init_sband_2g and mt76_init_sband_5g 231ef27697f9 mt76: move band allocation in mt76_register_phy 8aa24c91b13b mt76: move hw mac_addr in mt76_phy b436da4d9d92 mt76: mt7915: introduce dbdc support 1e34a02c2dcb mt76: mt7915: get rid of dbdc debugfs knob d8e681bd3268 mt76: mt7615: fix rdd mcu cmd endianness 19c9e277eff6 mt76: mt7915: fix memory leak in mt7915_mcu_get_rx_rate() e361b6a71e4b mt76: improve tx queue stop/wake fb24e5f2305b mt76: mt7915: stop queues when running out of tx tokens 066cc441eb8f mt76: attempt to free up more room when filling the tx queue 93c806a34ec2 mt7915: fix minor issues in the token queue blocking change c017e329a326 mt76: mt7915: ensure that init work completes before starting the device 9e9da427b8a6 mt76: mt7915: fix polling firmware-own status 5cd805ddfb25 mt76: add more conditions for stopping tx scheduling aa893c73bf85 mt76: mt7915; increase txq memory limit for non-DBDC 7915 cards to 32 MiB e44b7c91070e mt76: skip queue stop/wake, rely entirely on txq scheduling 6c6a5c59c101 mt76: mt7915: do not set DRR group for stations 510cb5be1bf7 mt76: usb: remove wake logic in mt76u_status_worker 34f318a25421 mt76: sdio: remove wake logic in mt76s_process_tx_queue 4a90fdf6105e mt76: mt76s: fix NULL pointer dereference in mt76s_process_tx_queue Signed-off-by: Felix Fietkau <nbd@nbd.name>
* nat46: Fix PKG_MIRROR_HASHHauke Mehrtens2020-12-171-1/+1
| | | | | | | The PKG_MIRROR_HASH was not updated when updating the package. Fixes: f75c70aecaca ("nat46: update to latest git HEAD") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wireless-regdb: Update to version 2020.11.20Hauke Mehrtens2020-12-161-2/+2
| | | | | | | | | | | | 9efa1da wireless-regdb: update regulatory rules for Egypt (EG) ede87f5 wireless-regdb: restore channel 12 & 13 limitation in the US 5bcafa3 wireless-regdb: Update regulatory rules for Croatia (HR) 4e052f1 wireless-regdb: Update regulatory rules for Pakistan (PK) on 5GHz f9dfc58 wireless-regdb: update 5.8 GHz regulatory rule for GB c19aad0 wireless-regdb: Update regulatory rules for Kazakhstan (KZ) 07057d3 wireless-regdb: update regulatory database based on preceding changes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* util-linux: update to 2.36.1Rosen Penev2020-12-163-30/+4
| | | | | | | | Removed upstream patch. Refreshed other ones. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libunwind: update to 1.5.0Rosen Penev2020-12-163-17/+14
| | | | | | | | | | | | | | Cleanup Makefile for consistency with other ones. Remove PKG_SSP. It can be fixed with -lssp_nonshared. Add PKG_BUILD_PARALLEL for faster compilation. Add zlib dependency. 1.5.0 requires it now. Refresh patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mac80211: Update to version 5.8.18-1Hauke Mehrtens2020-12-1619-218/+38
| | | | | | The removed patches were applied upstream. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* e2fsprogs: Add TARGET_LDFLAGS to e4cryptHauke Mehrtens2020-12-162-1/+29
| | | | | | The TARGET_LDFLAGS were dropped in the linking of e4crypt. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libnetfilter-conntrack: update to 1.0.8Rosen Penev2020-12-151-9/+8
| | | | | | | | | | Previous git version was 1.0.7. Switched to using tarballs for simplicity. Fixed license information. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* netifd: update to latest versionNick Hainke2020-12-141-3/+3
| | | | | | 458b1a7e9473 netifd: add segment routing support Signed-off-by: Nick Hainke <vincent@systemli.org>
* kernel: package kmod-keys-encrypted and kmod-keys-trustedDaniel Golle2020-12-141-0/+41
| | | | | | | Add kernel module packages for handling encrypted and TPM trusted keys on the kernel chain. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uclient: update to Git version 2020-12-10Petr Štetiar2020-12-141-4/+4
| | | | | | | | | | | | | | | | | 2c843b2bc04c Add initial GitLab CI support 073f89f567c0 uclient-fetch: wolfSSL: fix certificate validation 086c292160ac uclient-fetch: init_ca_cert: fix memory leak a3c1a88b031a cmake: enable extra compiler checks 32ff717ed316 uclient-http: fix extra compiler warnings on mips_24kc and cortex-a9+neon 86a2ac6ac46f uclient-fetch: fix potential memory leaks 158dd9dd289c uclient: fix initialized but never read variable 66b4420856a7 uclient-fetch: fix statement may fallt hrough 436f9b3af2ad uclient-http: fix freeing of stack allocated memory e6b5b8a98ce2 Fix extra compiler warnings 12df67e45bb0 Add basic cram based unit tests b6e34845124f cmake: fix building out of the tree Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ustream-ssl: update to Git version 2020-12-10Petr Štetiar2020-12-141-4/+4
| | | | | | | | | | | | | | | | | 68d09243b6fd Add initial GitLab CI support 8280140db9d1 wolfssl: remove now deprecated compatibility code cee6791b362a ustream-mbedtls: fix certificate verification 55c3fd89d508 ustream-mbedtls: implement set_require_validation c6b4c48689a3 ustream-openssl: wolfSSL: fix certificate validation 3bc05402bfab cmake: enable extra compiler checks cd2c3d12db43 ustream-mbedtls: fix comparison of integers of different signs 5896991e46a3 ustream-openssl: fix BIO_method memory leak 2c342ae57c5b ustream-openssl: fix wolfSSL includes fa8ecd6ed140 cmake: fix linking when mbed TLS not in default paths 63656f81045f cmake: fix linking when wolfSSL not in default paths c26f71e844df cmake: fix building out of the tree Signed-off-by: Petr Štetiar <ynezz@true.cz>
* zram-swap: remove the compression streams settingsRui Salvaterra2020-12-131-15/+0
| | | | | | | | | Zram switched to per-cpu compression streams since Linux 4.7 [1]. Drop the irrelevant configuration (no-op). [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/block/zram?h=v4.7&id=43209ea2d17aae1540d4e28274e36404f72702f2 Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* uboot-zynq: fix dtc compilation on host gcc 10Luis Araneda2020-12-131-0/+48
| | | | | | | | | | | | gcc 10 defaults to -fno-common, which causes an error when linking. Back-port the following Linux kernel commit to fix it: e33a814e772c (scripts/dtc: Remove redundant YYLOC global declaration) Tested on an Arch Linux host with gcc 10.1.0 Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* odhcpd: remove local mkdir_p implementationDaniel Golle2020-12-131-3/+3
| | | | | | | Replace local mkdir_p implementation in favour of using mkdir_p now added to libubox. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2020-12-121-3/+3
| | | | | | | 111416d jail: remove unreachable code 7f12c89 treewide: replace local mkdir_p implementations Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2020-12-121-3/+3
| | | | | | | | 0c6fb90 jffs2-reset: allow doing a factory reset and passing a sysupgrade.tgz 4862530 mount: restorecon: guard against execl() errors f415323 block: replace local mkdir_p implementation Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libubox: utils: introduce mkdir_pDaniel Golle2020-12-121-4/+4
| | | | | | | Add new utility function mkdir_p(char *path, mode_t mode) to replace the partially buggy implementations found accross fstools and procd. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to version 0.4Daniel Golle2020-12-121-2/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* xfrm: support 'multicast' attribute on interfacesPhilip Prindeville2020-12-112-3/+6
| | | | | | | | | | | | | | You shouldn't need the overhead of GRE just to add multicast capability on a point-to-point interface (for instance, you might want to run mDNS over IPsec transport connections, and Avahi requires IFF_MULTICAST be set on interfaces, even point-to-point ones). Borrowed heavily from: b3c9321b9e gre: Support multicast configurable gre interfaces Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* openssl: update to 1.1.1iEneas U de Queiroz2020-12-111-3/+3
| | | | | | | | Fixes: CVE-2020-1971, defined as high severity, summarized as: NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS attack. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* kernel: add Aquantia AQtion USB-to-5GbE adaptersMarty Jones2020-12-111-0/+15
| | | | | | | | | This add support for USB-to-Ethernet Aquantia AQtion 5/2.5GbE adapters based on the AQC111U controllers. Run-tested: x86 Adapter-tested: Sabrent NT-SS5G Signed-off-by: Marty Jones <mj8263788@gmail.com>
* dropbear: bump package versionKonstantin Demin2020-12-111-1/+1
| | | | | | | | Bump package version after previous changes. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> [added missing commit description] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* dropbear: add ssh-askpass support in configurationKonstantin Demin2020-12-112-1/+12
| | | | | | | | | | binary size cost is much less than 1k. tested on ath79/generic: bin: 215128 -> 215132 (+4b) ipk: 111183 -> 111494 (+311b) Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: roll up recipes into mapping listsKonstantin Demin2020-12-111-24/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this commit removes manual recipes for options and introduces mapping lists: - DB_OPT_COMMON holds option mappings which are common for all builds; - DB_OPT_CONFIG holds option mappings which are depend on config settings. DB_OPT_COMMON is space-separated list of 'words', each of them is in format: 'header_option|value' 'header_option' is added with value 'value' to 'localoptions.h'. if 'header_option' is preceded by two exclamation marks ('!!') then option is not added to 'localoptions.h' but replaced in 'sysoptions.h'. in short: option|value - add option to localoptions.h !!option|value - replace option in sysoptions.h DB_OPT_CONFIG is space-separated list of 'words', each of them is in format: 'header_option|config_variable|value_enabled|value_disabled' 'header_option' is handled likewise in DB_OPT_COMMON. if 'config_variable' is enabled (technically: not disabled) then 'header_option' is set to 'value_enabled' and 'value_disabled' otherwise. in short: option|config|enabled|disabled = add option to localoptions.h !!option|config|enabled|disabled = replace option in sysoptions.h option := (config) ? enabled : disabled If you're not sure that option's value doesn't have '|' within - add your recipe manually right after '$(Build/Configure/dropbear_headers)' and write some words about your decision. PS about two exclamation marks: early idea was to use one exclamation mark to denote such header options but then i thought single exclamation mark may be overlooked by mistake. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: rework recipes that configure buildKonstantin Demin2020-12-111-22/+17
| | | | | | | | - add two helper functions to avoid mistakes with choice of correct header file to work with - update rules accordingly Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: reorder options in Configure recipeKonstantin Demin2020-12-111-11/+11
| | | | | | | put static options at first place, then place configurable options. also put DROPBEAR_ECC right before DROPBEAR_ECC_FULL to ease maintainance. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: enable back DROPBEAR_USE_PASSWORD_ENVKonstantin Demin2020-12-111-2/+1
| | | | | | | | | | | | | this option was disabled in 2011 and these long nine years showed us that change was definitely wrong. binary size cost is much less than 1k. tested on ath79/generic: bin: 215128 -> 215128 (no change) ipk: 111108 -> 111183 (+75b) Fixes: 3c801b3dc0359 ("tune some more options by default to decrease size") Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* package/base-files: caldata: use dd iflag fullblockJohn Thomson2020-12-112-13/+26
| | | | | | | | | | | | | | | | This dd flag ensures that the requested size is retrieved from pipes or special filesystems (if available). Without this flag, on multi-core systems, Piped or special filesystem data can be truncated when a size greater than PIPE_BUF is requested. Fixes: FS#3494 Fixes: 7557e7f ("package/base-files: caldata: work around dd's limitation") Cc: Thibaut VARÈNE <hacks@slashdirt.org> Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
* wolfssl: fix broken wolfSSL_X509_check_hostPetr Štetiar2020-12-112-1/+124
| | | | | | | Backport upstream post 4.5.0 fix for broken wolfSSL_X509_check_host(). References: https://github.com/wolfSSL/wolfssl/issues/3329 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: compile with --enable-opensslallEneas U de Queiroz2020-12-111-1/+2
| | | | | | | | | | This enables all OpenSSL API available. It is required to avoid some silent failures, such as when performing client certificate validation. Package size increases from 356.6K to 374.7K for arm_cortex-a9_vfpv3-d16. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>