aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: SAE - Enable hunting-and-pecking and H2ENick Lowe2022-02-241-0/+2
| | | | | | | | | | | | | | | | | | | | | | | Enable both the hunting-and-pecking loop and hash-to-element mechanisms by default in OpenWRT with SAE. Commercial Wi-Fi solutions increasingly frequently now ship with both hunting-and-pecking and hash-to-element (H2E) enabled by default as this is more secure and more performant than offering hunting-and-pecking alone for H2E capable clients. The hunting and pecking loop mechanism is inherently fragile and prone to timing-based side channels in its design and is more computationally intensive to perform. Hash-to-element (H2E) is its long-term replacement to address these concerns. For clients that only support the hunting-and-pecking loop mechanism, this is still available to use by default. For clients that in addition support, or were to require, the hash-to-element (H2E) mechanism, this is then available for use. Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
* wolfssl: fix API breakage of SSL_get_verify_resultPetr Štetiar2022-02-221-0/+26
| | | | | | | | | | | | | | | | | | Backport fix for API breakage of SSL_get_verify_result() introduced in v5.1.1-stable. In v4.8.1-stable SSL_get_verify_result() used to return X509_V_OK when used on LE powered sites or other sites utilizing relaxed/alternative cert chain validation feature. After an update to v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA error and thus rendered all such connection attempts imposible: $ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org" Downloading 'https://letsencrypt.org' Connecting to 18.159.128.50:443 Connection error: Invalid SSL certificate Fixes: #9283 References: https://github.com/wolfSSL/wolfssl/issues/4879 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* base-files: make sure tools are present in sysupgrade ramdiskDaniel Golle2022-02-221-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Not all targets create /var/lock or touch /var/lock/fw_printenv.lock in their platform.sh. This is problematic as fw_printenv then fails in case /var/lock/fw_printenv.lock has not been created by previous calls to fw_printenv/fw_setenv before sysupgrade is run. Targets using fw_printenv/fw_setenv during sysupgrade: * ath79/* * ipq40xx/* * ipq806x/* * kirkwood/* * layerscape/* * mediatek/mt7622 * mvebu/* * ramips/* * realtek/* Targets currently using additional steps in /lib/upgrade/platform.sh to make sure /var/lock/fw_printenv.lock (or at least /var/lock) actually exists: * ath79/* (openmesh devices) * ipq40xx/* (linksys devices) * ipq806x/* (linksys devices) * kirkwood/* (linksys devices) * layerscape/* * mvebu/cortexa9 (linksys devices) Given that accessing the U-Boot environment during sysupgrade is not uncommon and the situation across targets is currently quite diverse, just make sure both tools as well fw_env.config are always copied to the ramdisk used for sysupgrade. Also make sure /var/lock always exists. This now allows to remove copying of fw_printenv/fw_setenv as well as fw_env.config, creation of /var/lock or even /var/lock/fw_printenv.lock from lib/upgrade/platform.sh or files included there. As the same applies also to 'fwtool' which is used by generic eMMC sysupgrade, also always copy that to ramdisk. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* openssl: configure engines with uciEneas U de Queiroz2022-02-225-62/+54
| | | | | | | | | | | | | | | | | | | | | | | | This uses uci to configure engines, by generating a list of enabled engines in /var/etc/ssl/engines.cnf from engines configured in /etc/config/openssl: config engine 'devcrypto' option enabled '1' Currently the only options implemented are 'enabled', which defaults to true and enables the named engine, and the 'force' option, that enables the engine even if the init script thinks the engine does not exist. The existence test is to check for either a configuration file /etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file /usr/lib/engines-1.1/%ENGINE%.so. The engine list is generated by an init script which is set to run after 'log' because it informs the engines being enabled or skipped. It should run before any service using OpenSSL as the crypto library, otherwise the service will not use any engine. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: configure engine packages during installEneas U de Queiroz2022-02-224-43/+111
| | | | | | | | | | | This enables an engine during its package's installation, by adding it to the engines list in /etc/ssl/engines.cnf.d/engines.cnf. The engine build system was reworked, with the addition of an engine.mk file that groups some of the engine packages' definitions, and could be used by out of tree engines as well. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: config engines in /etc/ssl/engines.cnf.dEneas U de Queiroz2022-02-2216-119/+82
| | | | | | | | | | | This changes the configuration of engines from the global openssl.cnf to files in the /etc/ssl/engines.cnf.d directory. The engines.cnf file has the list of enabled engines, while each engine has its own configuration file installed under /etc/ssl/engines.cnf.d. Patches were refreshed with --zero-commit. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* qosify: update to the latest versionFelix Fietkau2022-02-201-3/+3
| | | | | | 65b42032063f interface: add missing autorate-ingress options Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uboot-mvebu: backport pending patches for Marvell A38xJosef Schlehofer2022-02-203-0/+152
| | | | | | | | | | | | | | | | | | | | | | | 100-ddr-marvell-a38x-fix-BYTE_HOMOGENEOUS_SPLIT_OUT-deci.patch [1]: SoC Marvell A38x is used in Turris Omnia, and we thought that with recent fiddling around DDR training to fix it once for all, there were reproduced the issue in the upcoming new revision Turris Omnia boards. 101-arm-mvebu-spl-Add-option-to-reset-the-board-on-DDR-t.patch [2]: This is useful when some board may occasionally fail with DDR training, and it adds the option to reset the board on the DDR training failure 102-arm-mvebu-turris_omnia-Reset-the-board-immediately-o.patch [3]: This enables the option CONFIG_DDR_RESET_ON_TRAINING_FAILURE (added by 101 patch), so the Turris Omnia board is restarted immediately, and it does not require to reset the board manually or wait 120s for MCU to reset the board [1] https://patchwork.ozlabs.org/project/uboot/patch/20220217000837.13003-1-kabel@kernel.org/ [2] https://patchwork.ozlabs.org/project/uboot/patch/20220217000849.13028-1-kabel@kernel.org/ [3] https://patchwork.ozlabs.org/project/uboot/patch/20220217000849.13028-2-kabel@kernel.org/ Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* mac80211: add debug compile option for rtw88 devicesFlorian Eckert2022-02-201-0/+18
| | | | | | | | | | | | | This commit adds the following package compile options. CONFIG_PACKAGE_RTW88_DEBGUG: Compile the driver with additional debug logging output CONFIG_PACKAGE_RTW88_DEBGUGFS: Add the possibility to map information about the driver rtw88 into debugfs. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* ath79: uboot-envtools: fix partition for ZTE MF286Lech Perczak2022-02-201-1/+1
| | | | | | | | | | | | | | | | | | | By mistake, a wrong partition for U-boot environment was introduced for ZTE MF286 while adding support, when flash layout wasn't finalized. Fix that, according to the actual flash layout: dev: size erasesize name mtd0: 00140000 00020000 "fota-flag" mtd1: 00140000 00020000 "caldata" mtd2: 00140000 00020000 "mac" mtd3: 00f40000 00020000 "ubiconcat0" mtd4: 00400000 00020000 "kernel" mtd5: 06900000 00020000 "ubiconcat1" mtd6: 00080000 00010000 "u-boot" mtd7: 00020000 00010000 "u-boot-env" mtd8: 07840000 00020000 "ubi" Fixes: 8c78a13bfc1f ("ath79: support ZTE MF286") Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* netifd: bump to version 2022-02-20Petr Štetiar2022-02-201-3/+3
| | | | | | | | | Contains following changes: 136006b88826 cmake: fix usage of implicit library and include paths bc0e84d689e2 netifd: interface-ip: don't set fib6 policies if ipv6 disabled Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wireless-regdb: update to version 2022.02.18Sungbo Eo2022-02-201-2/+2
| | | | | | | | | | | | | | | | | e061299 wireless-regdb: Raise DFS TX power limit to 250 mW (24 dBm) for the US 2ce78ed wireless-regdb: Update regulatory rules for Croatia (HR) on 6GHz 0d39f4c wireless-regdb: Update regulatory rules for South Korea (KR) acad231 wireless-regdb: Update regulatory rules for France (FR) on 6 and 60 GHz ea83a82 wireless-regdb: add support for US S1G channels 4408149 wireless-regdb: add 802.11ah bands to world regulatory domain 5f3cadc wireless-regdb: Update regulatory rules for Spain (ES) on 6GHz e0ac69b Revert "wireless-regdb: Update regulatory rules for South Korea (KR)" 40e5e80 wireless-regdb: Update regulatory rules for South Korea (KR) e427ff2 wireless-regdb: Update regulatory rules for China (CN) 0970116 wireless-regdb: Update regulatory rules for the Netherlands (NL) on 6GHz 4dac44b wireless-regdb: update regulatory database based on preceding changes Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* kernel: add kmod-hwmon-lm70 supportChristian Lamparter2022-02-191-0/+17
| | | | | | | | package hwmon's lm70.ko. This module supports the National Semiconductor/TI LM70,LM71,LM74 and TI TMP121,TMP122,TMP123 and TMP124 chips (all SPI). Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* mpc85xx: Patch HiveAP 330 u-boot to fix bootMartin Kennedy2022-02-191-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When Kernel 5.10 was enabled for mpc85xx, the kernel once again became too large upon decompression (>7MB or so) to decompress itself on boot (see FS#4110[1]). There have been many attempts to fix booting from a compressed kernel on the HiveAP-330: - b683f1c36d8a ("mpc85xx: Use gzip compressed kernel on HiveAP-330") - 98089bb8ba82 ("mpc85xx: Use uncompressed kernel on the HiveAP-330") - 26cb167a5ca7 ("mpc85xx: Fix Aerohive HiveAP-330 initramfs image") We can no longer compress the kernel due to size, and the stock bootloader does not support any other types of compression. Since an uncompressed kernel no longer fits in the 8MiB kernel partition at 0x2840000, we need to patch u-boot to autoboot by running variable which isn't set by the bootloader on each autoboot. This commit repartitions the HiveAP, requiring a new COMPAT_VERSION, and uses the DEVICE_COMPAT_MESSAGE to guide the user to patch u-boot, which changes the variable run on boot to be `owrt_boot`; the user can then set the value of that variable appropriately. The following has been documented in the device's OpenWrt wiki page: <https://openwrt.org/toh/aerohive/hiveap-330>. Please look there first/too for more information. The from-stock and upgrade from a previous installation now becomes: 0) setup a network with a dhcp server and a tftp server at serverip (192.168.1.101) with the initramfs image in the servers root directory. 1) Hook into UART (9600 baud) and enter U-Boot. You may need to enter a password of administrator or AhNf?d@ta06 if prompted. If the password doesn't work. Try reseting the device by pressing and holding the reset button with the stock OS. 2) Once in U-Boot, set the new owrt_boot and tftp+boot the initramfs image: Use copy and paste! # fw_setenv owrt_boot 'setenv bootargs \"console=ttyS0,$baudrate\";bootm 0xEC040000 - 0xEC000000' # save # dhcp # setenv bootargs console=ttyS0,$baudrate # tftpboot 0x1000000 192.168.1.101:openwrt-mpc85xx-p1020-aerohive_hiveap-330-initramfs-kernel.bin # bootm 3) Once openwrt booted: carefully copy and paste this into the root shell. One step at a time # 3.0 install kmod-mtd-rw from the internet and load it opkg update; opkg install kmod-mtd-rw insmod mtd-rw i_want_a_brick=y # 3.1 create scripts that modifies uboot cat <<- "EOF" > /tmp/uboot-update.sh . /lib/functions/system.sh cp "/dev/mtd$(find_mtd_index 'u-boot')" /tmp/uboot cp /tmp/uboot /tmp/uboot_patched ofs=$(strings -n80 -td < /tmp/uboot | grep '^ [0-9]* setenv bootargs.*cp\.l' | cut -f2 -d' ') for off in $ofs; do printf "run owrt_boot; " | dd of=/tmp/uboot_patched bs=1 seek=${off} conv=notrunc done md5sum /tmp/uboot* EOF # 3.2 run the script to do the modification sh /tmp/uboot-update.sh # verify that /tmp/uboot and /tmp/uboot_patched are good # # my uboot was: (is printed during boot) # U-Boot 2009.11 (Jan 12 2017 - 00:27:25), Build: jenkins-HiveOS-Honolulu_AP350_Rel-245 # # d84b45a2e8aca60d630fbd422efc6b39 /tmp/uboot # 6dc420f24c2028b9cf7f0c62c0c7f692 /tmp/uboot_patched # 98ebc7e7480ce9148cd2799357a844b0 /tmp/uboot-update.sh <-- just for reference # 3.3 this produces the /tmp/u-boot_patched file. mtd write /tmp/uboot_patched u-boot 3) scp over the sysupgrade file to /tmp/ and run sysupgrade to flash OpenWrt: sysupgrade -n /tmp/openwrt-mpc85xx-p1020-aerohive_hiveap-330-squashfs-sysupgrade.bin 4) after the reboot, you are good to go. Other notes: - Note that after this sysupgrade, the AP will be unavailable for 7 minutes to reformat flash. The tri-color LED does not blink in any way to indicate this, though there is no risk in interrupting this process, other than the jffs2 reformat being reset. - Add a uci-default to fix the compat version. This will prevent updates from previous versions without going through the installation process. - Enable CONFIG_MTD_SPLIT_UIMAGE_FW and adjust partitioning to combine the kernel and rootfs into a single dts partition to maximize storage space, though in practice the kernel can grow no larger than 16MiB due to constraints of the older mpc85xx u-boot platform. - Because of that limit, KERNEL_SIZE has been raised to 16m. - A .tar.gz of the u-boot source for the AP330 (a.k.a. Goldengate) can be found here[2]. - The stock-jffs2 partition is also removed to make more space -- this is possible only now that it is no longer split away from the rootfs. - the console-override is gone. The device will now get the console through the bootargs. This has the advantage that you can set a different baudrate in uboot and the linux kernel will stick with it! - due to the repartitioning, the partition layout and names got a makeover. - the initramfs+fdt method is now combined into a MultiImage initramfs. The separate fdt download is no longer needed. - added uboot-envtools to the mpc85xx target. All targets have uboot and this way its available in the initramfs. [1]: https://bugs.openwrt.org/index.php?do=details&task_id=4110 [2]: magnet:?xt=urn:btih:e53b27006979afb632af5935fa0f2affaa822a59 Tested-by: Martin Kennedy <hurricos@gmail.com> Signed-off-by: Martin Kennedy <hurricos@gmail.com> (rewrote parts of the commit message, Initramfs-MultiImage, dropped bootargs-override, added wiki entry + link, uboot-envtools) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ksmbd: add out-of-tree moduleRosen Penev2022-02-192-0/+84
| | | | | | | | | | | | | ksmbd is an upstream linux alternative to Samba which is lighterweight and more performant, especially on underpowered devices. Moving it here from the packages feed as it is now an upstream kernel module. Also easier to update as version updates can be coordinated better The next LTS kernel (5.15) has this included. A depend on kernel < 5.15 will need to be added later. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* linux/modules: split up oid_registryRosen Penev2022-02-192-2/+12
| | | | | | This will be needed by ksmbd in a following commit. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* hostapd: fallback to psk when generating r0kh/r1khEneas U de Queiroz2022-02-191-4/+4
| | | | | | | | | | | | | | | | The 80211r r0kh and r1kh defaults are generated from the md5sum of "$mobility_domain/$auth_secret". auth_secret is only set when using EAP authentication, but the default key is used for SAE/PSK as well. In this case, auth_secret is empty, and the default value of the key can be computed from the SSID alone. Fallback to using $key when auth_secret is empty. While at it, rename the variable holding the generated key from 'key' to 'ft_key', to avoid clobbering the PSK. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> [make ft_key local] Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add STA extended capabilities to get_clientsDavid Bauer2022-02-191-0/+10
| | | | | | | | | | Add the STAs extended capabilities to the ubus STA information. This way, external daemons can be made aware of a STAs capabilities. This field is of an array type and contains 0 or more bytes of a STAs advertised extended capabilities. Signed-off-by: David Bauer <mail@david-bauer.net>
* base-files: add support for heartbeat led triggerAlexey Smirnov2022-02-191-0/+9
| | | | | | | | | | | This patch adds support for creation heartbeat led trigger with, for example, this command: ucidef_set_led_heartbeat "..." "..." "..." from /etc/board.d/01_leds. Signed-off-by: Alexey Smirnov <s.alexey@gmail.com>
* gpio-nxp-74hc153: remove packageMauri Sandberg2022-02-193-327/+0
| | | | | | | This module was used solely by Buffalo WZR-HP-G300NH devices and has become obsolete with the introduction of gpio-cascade. Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
* kernel: add package kmod-gpio-cascadeMauri Sandberg2022-02-191-0/+20
| | | | | | | Adds kernel module for Generic GPIO cascade. Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi> Signed-off-by: Petr Štetiar <ynezz@true.cz> [missing commit description]
* kernel: add package kmod-multiplexerMauri Sandberg2022-02-191-0/+34
| | | | | | | Adds new kernel module for GPIO controlled multiplexer support. Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi> Signed-off-by: Petr Štetiar <ynezz@true.cz> [missing commit description]
* procd: update to git HEADDaniel Golle2022-02-191-3/+3
| | | | | | | | | | a87d010 uxc: remove unused printf parameter ad65249 instance: exit in case asprintf() fails Build with glibc should again work after this commit. Fixes: e9e61d76fd ("procd: update to git HEAD") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2022-02-181-3/+3
| | | | | | | | df1123e uxc: add support for user-defined settings 0272c7c uxc: allow editing settings using 'create' a839518 uxc: clean up error handling Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: Make sure rootfs_data_max is consideredDaniel Golle2022-02-171-8/+5
| | | | | | | | | | | | | | | For sysupgrade on NAND/UBI devices there is the U-Boot environment variable rootfs_data_max which can be used to limit the size of the rootfs_data volume created on sysupgrade. This stopped working reliable with recent kernels, probably due to a race condition when reading the number of free erase blocks from sysfs just after removing a volume. Change the script to just try creating rootfs_data with the desired size and retry with maximum size in case that fails. Hence calculating the available size in the script can be dropped which works around the problem. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libnetfilter-conntrack: bump to 1.0.9Stijn Tintel2022-02-171-2/+2
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Jo-Philipp Wich <jo@mein.io>
* mt76: update to the latest versionFelix Fietkau2022-02-151-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | ddd3c2f38b30 mt76: redefine mt76_for_each_q_rx to adapt mt7986 changes 7fa5229a4228 mt76: improve signal strength reporting 025a72cd2d24 mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU 8c765fd92d97 mt76: mt7615: introduce SAR support 799a15bb68f9 mt76: fix endianness errors in reverse_frag0_hdr_trans c114919f0c08 mt76: mt7915: Fix channel state update error issue 93191a37e59a mt76: mt7915: fix potential memory leak of fw monitor packets cde589b2efb7 mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts 6ef22f4dc4e4 mt76: mt7915: add support for MT7986 7f1818cd8f2d mt76: mt7915: introduce band_idx in mt7915_phy 1d57a0d506db mt76: mt7915: initialize smps mode in mt7915_mcu_sta_rate_ctrl_tlv() 1f2a4816a3de mt76: mt7615: fix compiler warning on frame size d60f335e785b mt76: mt7915: fix endianness warnings in mt7915_debugfs_rx_fw_monitor d0ab636cb61c mt76: mt7915: fix endianness warnings in mt7915_mac_tx_free() 9d9bd7b3c48c mt76: connac: adjust wlan_idx size from u8 to u16 be1091f1172d mt76: mt7615: Fix assigning negative values to unsigned variable d4fc42889a30 mt76: mt7915: check band idx for bcc event 98ee3e2889ea mt76: mt7915: fix logic error and remove the unused member of mt7915_dev bbbbafb67bac mt76: mt7915: fix compiler warning abd80cf68db1 mt76: mt7915: fix the muru tlv issue a050c14b5631 mt76: mt7915: use min_t() to make code cleaner 9fee8f3736eb mt76: mt7915e: Fix degraded performance after temporary overheat f2e1a62cf0d0 mt76: mt7915e: Add a hwmon attribute to get the actual throttle state. c67df0d3130a mt76: mt7915e: Enable thermal management by default Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix traffic stalls on forwarded mesh packets due to wrong AC selectionFelix Fietkau2022-02-151-0/+50
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* procd: simplify uxc init scriptDaniel Golle2022-02-131-7/+1
| | | | | | | | 'uxc boot' is inteded to be called multiple times, so there is not need to guard the first call on boot -- the actual code anyway didn't do that, so just remove it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* tcpdump: Fix CVE-2018-16301Hauke Mehrtens2022-02-122-1/+102
| | | | | | | | | | | This fixes the following security problem: The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: fix rekey failure in drivers with 802.3 decap offloadFelix Fietkau2022-02-121-0/+43
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-02-121-3/+3
| | | | | | | | | | | | | 53caa1a fw4: resolve zone layer 2 devices for hw flow offloading 9fe58f5 fw4: rework and fix family inheritance logic 8795296 tests: mocklib: fix infinite recursion in wrapped print() 281b1bc tests: change mocked wan interface type to PPPoE 93b710d tests: mocklib: forward compatibility change 1a94915 fw4: only stage reflection rules if all required addrs are known 5c21714 fw4: add device iifname/oifname matches to DSCP and MARK rules 3eacc97 tests: adjust 01_ruleset test case to latest changes Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucode: update to latest Git HEADJo-Philipp Wich2022-02-121-3/+3
| | | | | | | | a29bad9 compiler: fix patchlist corruption on switch statement syntax errors 86f0662 lib: change `ord()` to always return single byte value 116a8ce vallist: fix storing/retrieving short strings with 8bit byte value Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* qosify: update to the latest versionFelix Fietkau2022-02-101-3/+3
| | | | | | | | e230e71e0a12 map: fix copy-paste error in codepoints map 580d2ccf89f3 bpf: declare tcp_ports/udp_ports without typedef 8d6c19a81f3f ubus: fix a use-after-free bug Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ucode: update to latest Git HEADJo-Philipp Wich2022-02-081-4/+4
| | | | | | a317c17 compiler: fix incorrect loop break targets Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wireguard-tools: allow generating private_keyLeonardo Mörlein2022-02-081-0/+19
| | | | | | | | | | When the uci configuration is created automatically during a very early stage, where no entropy daemon is set up, generating the key directly is not an option. Therefore we allow to set the private_key to "generate" and generate the private key directly before the interface is taken up. Signed-off-by: Leonardo Mörlein <me@irrelefant.net> Tested-by: Jan-Niklas Burfeind <git@aiyionpri.me>
* hostapd: refresh patchesDavid Bauer2022-02-0830-132/+132
| | | | | | Refresh patches after updating to hostapd v2.10. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: update to v2.10David Bauer2022-02-089-447/+57
| | | | | | | | | | | | | | | | | | Upstreamed patches: 020-mesh-make-forwarding-configurable.patch e6db1bc5da3fd7d5f4dba24aa102543b4749912f 550-WNM-allow-specifying-dialog-token.patch 979f19716539362f8ce60a77bf1b88fdcf5ba8e5 720-ACS-fix-channel-100-frequency.patch 2341585c349231af00cdef8d51458df01bc6965f 741-proxyarp-fix-compilation-with-Hotspot-2.0-disabled.patch 08bdf4f90de61a84ed8f4dd918272dd9d36e2e1f Compile-tested: wpad-wolfssl hostapd-openssl Run-tested: ath79-generic Signed-off-by: David Bauer <mail@david-bauer.net> Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-02-071-3/+3
| | | | | | | a0518b6 fw4: gracefully handle unsupported hardware offloading ac99eba init: fix boot action in init script Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: automatically calculate channel center freq on chan_switchFelix Fietkau2022-02-071-0/+34
| | | | | | Simplifies switching to different channels when on >= VHT80 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* rpcd: update to latest Git HEADJo-Philipp Wich2022-02-071-5/+6
| | | | | | | | | 909f2a0 ucode: adjust to latest ucode api 4c532bf ucode: add ucode interpreter plugin 9c6ba38 treewide: adjust ubus object type names 75a96dc build: honour CMake install prefix in hardcoded paths Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to latest Git HEADJo-Philipp Wich2022-02-073-9/+56
| | | | | | | | | | | | | 2f8b136 main: fix leaking -p/-s argument values 881fd3b ucode: adjust to latest ucode api 8b2868e file: specify UTF-8 as charset for dirlists, add option to override 3a5bd84 main: add ucode options to help text 16aa142 examples: add ucode handler example 3ceccd0 ucode: add ucode plugin support f0f1406 examples: add example Lua handler script 9e87095 listen: avoid invalid memory access Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-02-071-3/+3
| | | | | | | | | | | | | b54f462 fw4: parse traffic rules before forwarding rules 4d5af8b fw4: consolidate helper code 300c737 fw4: fix applying zone family restrictions to forwardings eb9c25a tests: implement fs.opendir() mock interface d30ff48 tests: fix mocked fs.popen() trace log 52831a0 fw4: improve flowtable handling 7cb10c8 fw4: disable "flow_offloading_hw" option for now b2241a1 fw4: fix enabling NAT reflection rules for DNATs without explicit family Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucode: update to latest Git HEADJo-Philipp Wich2022-02-071-3/+3
| | | | | | | | | | | | | | | | | | | | | 11adf0c source: convert source objects into proper uc_value_t type 3a49192 treewide: rework function memory model 7edad5c tests: add functional tests for builtin functions d5003fd lib: fix leaking tokener in uc_json() on parse exception 5d0ecd9 lib: fix infinite loop on empty regexp matches in uc_replace() 3ad57f1 lib: fix infinite loop on empty regexp matches in uc_match() 32d596d lib: fix infinite loop on empty regexp matches in uc_split() 3e3f38d vm: ensure consistent trace output between gcc and clang compiled ucode 3600ded vm: fix leaking function value on call exception 3059295 vm: NULL-initialize pointer to make cppcheck happy 98e59bf source: zero-initialize conversion union to make cppcheck happy 7a65c14 run_tests.sh: change workdir to testcase directory during execution afec8d7 run_tests.sh: support placing supplemental testcase files 3ada6e0 run_tests.sh: always treat outputs as text data 2cb627f program: rename bytecode load/write functions, track path of executed file 1094ffa lib: fix memory leak in uc_require_ucode() Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to latest Git HEADJo-Philipp Wich2022-02-071-3/+3
| | | | | | | | | fd4c9e1 system-linux: expose hw-tc-offload ethtool feature in device status dump 3d76f2e system-linux: add wrapper function for creating link config messages 88af2f1 system-linux: delete bridge devices using netlink 85c3548 system-linux: create bridge devices using netlink Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ramips: add support for Xiaomi Mi Router CR660x seriesRaymond Wang2022-02-071-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Xiaomi Mi Router CR6606 is a Wi-Fi6 AX1800 Router with 4 GbE Ports. Alongside the general model, it has three carrier customized models: CR6606 (China Unicom), CR6608 (China Mobile), CR6609 (China Telecom) Specifications: - SoC: MediaTek MT7621AT - RAM: 256MB DDR3 (ESMT M15T2G16128A) - Flash: 128MB NAND (ESMT F59L1G81MB) - Ethernet: 1000Base-T x4 (MT7530 SoC) - WLAN: 2x2 2.4GHz 574Mbps + 2x2 5GHz 1201Mbps (MT7905DAN + MT7975DN) - LEDs: System (Blue, Yellow), Internet (Blue, Yellow) - Buttons: Reset, WPS - UART: through-hole on PCB ([VCC 3.3v](RX)(GND)(TX) 115200, 8n1) - Power: 12VDC, 1A Jailbreak Notes: 1. Get shell access. 1.1. Get yourself a wireless router that runs OpenWrt already. 1.2. On the OpenWrt router: 1.2.1. Access its console. 1.2.2. Create and edit /usr/lib/lua/luci/controller/admin/xqsystem.lua with the following code (exclude backquotes and line no.): ``` 1 module("luci.controller.admin.xqsystem", package.seeall) 2 3 function index() 4 local page = node("api") 5 page.target = firstchild() 6 page.title = ("") 7 page.order = 100 8 page.index = true 9 page = node("api","xqsystem") 10 page.target = firstchild() 11 page.title = ("") 12 page.order = 100 13 page.index = true 14 entry({"api", "xqsystem", "token"}, call("getToken"), (""), 103, 0x08) 15 end 16 17 local LuciHttp = require("luci.http") 18 19 function getToken() 20 local result = {} 21 result["code"] = 0 22 result["token"] = "; nvram set ssh_en=1; nvram commit; sed -i 's/channel=.*/channel=\"debug\"/g' /etc/init.d/dropbear; /etc/init.d/drop bear start;" 23 LuciHttp.write_json(result) 24 end ``` 1.2.3. Browse http://{OWRT_ADDR}/cgi-bin/luci/api/xqsystem/token It should give you a respond like this: {"code":0,"token":"; nvram set ssh_en=1; nvram commit; ..."} If so, continue; Otherwise, check the file, reboot the rout- er, try again. 1.2.4. Set wireless network interface's IP to 169.254.31.1, turn off DHCP of wireless interface's zone. 1.2.5. Connect to the router wirelessly, manually set your access device's IP to 169.254.31.3, make sure http://169.254.31.1/cgi-bin/luci/api/xqsystem/token still have a similar result as 1.2.3 shows. 1.3. On the Xiaomi CR660x: 1.3.1. Login to the web interface. Your would be directed to a page with URL like this: http://{ROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/web/home#r- outer 1.3.2. Browse this URL with {STOK} from 1.3.1, {WIFI_NAME} {PASSWORD} be your OpenWrt router's SSID and password: http://{MIROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/api/misy- stem/extendwifi_connect?ssid={WIFI_NAME}&password={PASSWO- RD} It should return 0. 1.3.3. Browse this URL with {STOK} from 1.3.1: http://{MIROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/api/xqsy- stem/oneclick_get_remote_token?username=xxx&password=xxx&- nonce=xxx 1.4. Before rebooting, you can now access your CR660x via SSH. For CR6606, you can calculate your root password by this project: https://github.com/wfjsw/xiaoqiang-root-password, or at https://www.oxygen7.cn/miwifi. The root password for carrier-specific models should be the admi- nistration password or the default login password on the label. It is also feasible to change the root password at the same time by modifying the script from step 1.2.2. You can treat OpenWrt Router however you like from this point as long as you don't mind go through this again if you have to expl- oit it again. If you do have to and left your OpenWrt router unt- ouched, start from 1.3. 2. There's no official binary firmware available, and if you lose the content of your flash, no one except Xiaomi can help you. Dump these partitions in case you need them: "Bootloader" "Nvram" "Bdata" "crash" "crash_log" "firmware" "firmware1" "overlay" "obr" Find the corespond block device from /proc/mtd Read from read-only block device to avoid misoperation. It's recommended to use /tmp/syslogbackup/ as destination, since files would be available at http://{ROUTER_ADDR}/backup/log/YOUR_DUMP Keep an eye on memory usage though. 3. Since UART access is locked ootb, you should get UART access by modify uboot env. Otherwise, your router may become bricked. Excute these in stock firmware shell: a. nvram set boot_wait=on b. nvram set bootdelay=3 c. nvram commit Or in OpenWrt: a. opkg update && opkg install kmod-mtd-rw b. insmod mtd-rw i_want_a_brick=1 c. fw_setenv boot_wait on d. fw_setenv bootdelay 3 e. rmmod mtd-rw Migrate to OpenWrt: 1. Transfer squashfs-firmware.bin to the router. 2. nvram set flag_try_sys1_failed=0 3. nvram set flag_try_sys2_failed=1 4. nvram commit 5. mtd -r write /path/to/image/squashfs-firmware.bin firmware Additional Info: 1. CR660x series routers has a different nand layout compared to other Xiaomi nand devices. 2. This router has a relatively fresh uboot (2018.09) compared to other Xiaomi devices, and it is capable of booting fit image firmware. Unfortunately, no successful attempt of booting OpenWrt fit image were made so far. The cause is still yet to be known. For now, we use legacy image instead. Signed-off-by: Raymond Wang <infiwang@pm.me>
* ath79: add partial support for Netgear EX7300v2Wenli Looi2022-02-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardware -------- SoC: QCN5502 Flash: 16 MiB RAM: 128 MiB Ethernet: 1 gigabit port Wireless No1: QCN5502 on-chip 2.4GHz 4x4 Wireless No2: QCA9984 pcie 5GHz 4x4 USB: none Installation ------------ Flash the factory image using the stock web interface or TFTP the factory image to the bootloader. What works ---------- - LEDs - Ethernet port - 5GHz wifi (QCA9984 pcie) What doesn't work ----------------- - 2.4GHz wifi (QCN5502 on-chip) (I was not able to make this work, probably because ath9k requires some changes to support QCN5502.) Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
* base-files: replace fgrep with grep -FRosen Penev2022-02-061-1/+1
| | | | | | | fgrep is deprecated and replaced by grep -F. The latter is used throughout the tree whereas this is the only usage of the former. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* kernel: bpf-headers: fix build error when testing kernel is usedAnsuel Smith2022-02-061-0/+3
| | | | | | | | | | | | Now that we have separate files for each kernel version, only the version/hash for the target kernel are available. This cause a missing hash error (and wrong kernel version) for bpf-headers when a testing kernel version is used for the current target. Fix this error by manually including the kernel version/hash file for the specific kernel version requested. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* util-linux: package ipcs commandStijn Tintel2022-02-051-0/+18
| | | | | | | Add a package for util-linux' ipcs command, to show information about System V inter-process communication facilities. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>