aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* base-files/functions.sh: use && instead of -aRosen Penev2020-01-171-2/+2
| | | | | | | | -a is not well defined. https://github.com/koalaman/shellcheck/wiki/SC2166 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* base-files/functions.sh: remove useless catRosen Penev2020-01-171-2/+2
| | | | | | | | The cut command can take a file as an input. https://github.com/koalaman/shellcheck/wiki/SC2002 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* base-files/functions.sh: don't use $var in $(())Rosen Penev2020-01-171-3/+3
| | | | | | | | It's not needed. It can also lead to subtle bugs. https://github.com/koalaman/shellcheck/wiki/Sc2004 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcxx: fix build for x86/64Stijn Tintel2020-01-171-0/+1
| | | | | | | | | | When building libcxx for x86/64, the library is installed in /usr/lib64. As the install section tries to copy the library from /usr/lib, this breaks build on x86/64. Override the lib dir suffix to fix this. Fixes: 856ea2bad3b3 ("libcxx: Add package") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Rosen Penev <rosenp@gmail.com>
* odhcpd: update to version 2020-01-14Hans Dedecker2020-01-161-3/+3
| | | | | | | | | 6db312a dhcpv6-ia: use dhcp leasetime to set preferred/valid statefull lifetimes 2520c48 dhcpv6-ia: introduce DHCPv6 pd and ia assignments flags b413d8a dhcpv6-ia: cleanup prefix delegation routes b0902af dhcpv6-ia: remove passing interface as parameter to apply_lease Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: add support for system cert bundle validationDavid Lam2020-01-162-6/+15
| | | | | | | | | | | | | | Currently, it is very cumbersome for a user to connect to a WPA-Enterprise based network securely because the RADIUS server's CA certificate must first be extracted from the EAPOL handshake using tcpdump or other methods before it can be pinned using the ca_cert(2) fields. To make this process easier and more secure (combined with changes in openwrt/openwrt#2654), this commit adds support for validating against the built-in CA bundle when the ca-bundle package is installed. Related LuCI changes in openwrt/luci#3513. Signed-off-by: David Lam <david@thedavid.net> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: cleanup IBSS-RSNDaniel Golle2020-01-162-6/+2
| | | | | | set noscan also for IBSS and remove redundant/obsolete variable. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-oxnas: fix memory leak in tool mkox820crcAndrea Dalla Costa2020-01-151-0/+3
| | | | | | | | In function `main` add calls to `free` for the variable `executable`. This is needed because the variable `executable` is allocated but never freed. This cause a memory leak. Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
* dropbear: fix compile errorJohn Crispin2020-01-151-1/+2
| | | | | Fixes: 0da193ee6943 ("dropbear: move failsafe code out of base-files") Signed-off-by: John Crispin <john@phrozen.org>
* wireguard: skip peer config if public key of the peer is not definedFlorian Eckert2020-01-151-0/+5
| | | | | | | | | | | | | | | If a config section of a peer does not have a public key defined, the whole interface does not start. The following log is shown daemon.notice netifd: test (21071): Line unrecognized: `PublicKey=' daemon.notice netifd: test (21071): Configuration parsing erro The command 'wg show' does only show the interface name. With this change we skip the peer for this interface and emit a log message. So the other peers get configured. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* busybox: fix build issuesJohn Crispin2020-01-151-1/+3
| | | | | Fixes: f704f97e4c57 ("busybox: Include hdparm by default on nas type device") Signed-off-by: John Crispin <john@phrozen.org>
* ath79: add support for Netgear WNDR4500 v3Michal Cieslakiewicz2020-01-151-0/+1
| | | | | | | | | | | | | | | | | | | This patch introduces support for Netgear WNDR4500v3. Router is very similar to WNDR4300v2 and is based on the same PCB. Information gathered from various Internet sources (including https://patchwork.ozlabs.org/patch/809227/) shows following differences to WNDR4300v2: * two USB 2.0 ports with separate LEDs * USB LEDs soldered to secondary pads * WPS and RFKILL buttons soldered to secondary pads * described as N900 device with 3x3:3 MIMO for 2.4GHz radio * power supply requirement is DC 12V 2.5A * vendor HW ID suffix differs in one digit * bigger chassis Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
* ath79: add support for Netgear WNDR4300 v2Michal Cieslakiewicz2020-01-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch introduces support for Netgear WNDR4300v2. Specification ============= * Description: Netgear WNDR4300 v2 * Loader: U-boot * SOC: Qualcomm Atheros QCA9563 (775 MHz) * RAM: 128 MiB * Flash: 2 MiB SPI-NOR + 128 MiB SPI-NAND - NOR: U-boot binary: 256 KiB - NOR: U-boot environment: 64 KiB - NOR: ART Backup: 64 KiB - NOR: Config: 64 KiB - NOR: Traffic Meter: 64 KiB - NOR: POT: 64 KiB - NOR: Reserved: 1408 KiB - NOR: ART: 64 KiB - NAND: Firmware: 25600 KiB (see notes for OpenWrt) - NAND: Language: 2048 KiB - NAND: mtdoops Crash Dump: 128 KiB - NAND: Reserved: 103296 KiB * Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8337) * Wireless: - 2.4 GHz b/g/n (internal) - 5 GHz a/n (AR9580) * USB: yes, 1 x USB 2.0 * Buttons: - Reset - WiFi (rfkill) - WPS * LEDs: - Power (amber/green) - WAN (amber/green) - WLAN 2G (green) - WLAN 5G (blue) - 4 x LAN (amber/green) - USB (green) - WPS (green) * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1 * Power supply: DC 12V 1.5A * MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2 Important Notes =============== 0. NOR Flash (2 MiB) is not touched by OpenWrt installation. 1. NAND Flash (128 MiB) layout under OpenWrt is changed as follows: all space is split between 4 MiB kernel and 124 MiB UBI areas; vendor partitions (language and mtdoops) are removed; kernel space size can be further expanded if needed; maximum image size is set to 25600k for compatibility reasons and can also be increased. 2. CPU clock is 775 MHz, not 750 MHz. 3. 5 GHz wireless radio chip is Atheros AR9580-AR1A with bogus PCI device ID 0xabcd. For ath9k driver to load successfully, this is overriden in DTS with correct value for this chip, 0x0033. 4. RFKILL button is wired to AR9580 pin 9 which is normally disabled by chip definition in ath9k code (0x0000F4FF gpio mask). Therefore 'qca,gpio-mask=<0xf6ff>' hack must be used for button to work properly. 5. USB port is always on, no GPIO for 5V power control has been identified. Installation ============ * TFTP recovery * TFTP via U-boot prompt * sysupgrade * Web interface Test build configuration ======================== CONFIG_TARGET_ath79=y CONFIG_TARGET_ath79_nand=y CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr4300-v2=y CONFIG_ALL_KMODS=y CONFIG_DEVEL=y CONFIG_CCACHE=y CONFIG_COLLECT_KERNEL_DEBUG=y CONFIG_IMAGEOPT=y Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
* mac80211: ath9k: add GPIO mask dts propertyMichal Cieslakiewicz2020-01-151-0/+25
| | | | | | | | | | | | | | | This patch adds 'qca,gpio-mask=<u32>' device tree property to ath9k node. This optional setting is a hack and should only be used in very special (and rare) cases when a button or LED is wired to a GPIO pin normally masked out (due to being one-way etc). Netgear WNDR4300 v2 is one such example - it uses GPI9 for RFKILL. See ath9k/reg.h *_GPIO_MASK constants. Use with caution and expect to see stream of kernel warnings if wrong mask value is provided. Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
* zram-swap: support swap priorityMaxim Storchak2020-01-152-2/+4
| | | | | | | | If zram-backed swap is added after an existing swap, it gets a lower priority. Assiming that usually all other swaps are slower, there should be a way to assign a higher priority to zram swap. Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
* perf: Add libunwind only if selectedRosen Penev2020-01-151-2/+2
| | | | | | | | | The depends are totally wrong. libunwind does not work with powerpc and i386 as it needs glibc. Instead of duplicating the platforms, just change the dependency. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* uhttpd: add enable instance optionFlorian Eckert2020-01-152-1/+5
| | | | | | | | With this change it is now possible to switch off single instances of the uhttpd config. Until now it was only possible to switch all instances of uhttpd on or off. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* hostapd: add wpa_strict_rekey supportKyle Copperfield2020-01-151-1/+3
| | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Rekey GTK on STA disassociate Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
* hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_requiredKyle Copperfield2020-01-152-3/+12
| | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Allows dtim_period to be configurable, the default is from hostapd. Adds additional regulatory tunables for power constraint and spectrum managment. Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
* dropbear: move failsafe code out of base-filesKyle Copperfield2020-01-154-8/+11
| | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Failsafe code of dropbear should be in the dropbear package not the base-files package. Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
* busybox: Include hdparm by default on nas type deviceLinus Walleij2020-01-151-0/+3
| | | | | | | | | NAS devices certainly need to have hdparm to configure things like spin-down time or their disks will be constantly spinning. Just catenate CONFIG_HDPARM=y on these configs. Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
* cryptodev-linux: remove DEFAULT redefinitionEneas U de Queiroz2020-01-151-1/+0
| | | | | | | | The 'DEFAULT:=m if ALL' line prevents the phase1 buildbots from building the package, and users from downloading it, since they use 'ALL_KMODS=y' but 'ALL' is not set. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* mac80211: fix MAC address allocations if the local bit is set on the base addrFelix Fietkau2020-01-151-1/+1
| | | | | | | If it's set, don't subtract 1 from the interface index encoded into the first byte of the address Signed-off-by: Felix Fietkau <nbd@nbd.name>
* valgrind: do not strip internal preload libraries and executablesJo-Philipp Wich2020-01-141-2/+20
| | | | | | | | | | Implement the suggestions laid out in README_PACKAGERS, mainly by preventing the stripping of the internal vgpreload*.so libraries. Also retain the symbol information of valgrind's private helper executables and enable LTO as suggested in the packagers readme. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: fix build for /sbin/pkg_checkXu Wang2020-01-141-2/+2
| | | | | | | | | | Setting CONFIG_IPK_FILES_CHECKSUMS=y causes sha256 checksum files to be included with the packages to check for corruption. This commit fixes two issues: - /sbin/pkg_check was being removed incorrectly if IPK_FILES_CHECKSUMS=y - checksums were being saved in the wrong file Signed-off-by: Xu Wang <xwang1498@gmx.com>
* hostapd: add support for subject validationDavid Lam2020-01-142-1/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The wpa_supplicant supports certificate subject validation via the subject match(2) and altsubject_match(2) fields. domain_match(2) and domain_suffix_match(2) fields are also supported for advanced matches. This validation is especially important when connecting to access points that use PAP as the Phase 2 authentication type. Without proper validation, the user's password can be transmitted to a rogue access point in plaintext without the user's knowledge. Most organizations already require these attributes to be included to ensure that the connection from the STA and the AP is secure. Includes LuCI changes via openwrt/luci#3444. From the documentation: subject_match - Constraint for server certificate subject. This substring is matched against the subject of the authentication server certificate. If this string is set, the server sertificate is only accepted if it contains this string in the subject. The subject string is in following format: /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as .example.com subject_match2 - Constraint for server certificate subject. This field is like subject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. altsubject_match - Constraint for server certificate alt. subject. Semicolon separated string of entries to be matched against the alternative subject name of the authentication server certificate. If this string is set, the server sertificate is only accepted if it contains one of the entries in an alternative subject name extension. altSubjectName string is in following format: TYPE:VALUE Example: EMAIL:server@example.com Example: DNS:server.example.com;DNS:server2.example.com Following types are supported: EMAIL, DNS, URI altsubject_match2 - Constraint for server certificate alt. subject. This field is like altsubject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. domain_match - Constraint for server domain name. If set, this FQDN is used as a full match requirement for the server certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same full match comparison. This behavior is similar to domain_suffix_match, but has the requirement of a full match, i.e., no subdomains or wildcard matches are allowed. Case-insensitive comparison is used, so "Example.com" matches "example.com", but would not match "test.Example.com". More than one match string can be provided by using semicolons to separate the strings (e.g., example.org;example.com). When multiple strings are specified, a match with any one of the values is considered a sufficient match for the certificate, i.e., the conditions are ORed together. domain_match2 - Constraint for server domain name. This field is like domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. domain_suffix_match - Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for the AAA server certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison. Suffix match here means that the host/domain name is compared one label at a time starting from the top-level domain and all the labels in domain_suffix_match shall be included in the certificate. The certificate may include additional sub-level labels in addition to the required labels. More than one match string can be provided by using semicolons to separate the strings (e.g., example.org;example.com). When multiple strings are specified, a match with any one of the values is considered a sufficient match for the certificate, i.e., the conditions are ORed together. For example, domain_suffix_match=example.com would match test.example.com but would not match test-example.com. This field is like domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. domain_suffix_match2 - Constraint for server domain name. This field is like domain_suffix_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Signed-off-by: David Lam <david@thedavid.net>
* mac80211: fix list_phy_interfaces for multiple wiphys on the same deviceFelix Fietkau2020-01-141-1/+10
| | | | | | | Network interfaces are looked up based on the device behind a phy, so the phy needs to be checked separately Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix a page refcounting issue leading to leaks/crashes in rx A-MSDU ↵Felix Fietkau2020-01-141-0/+25
| | | | | | decap Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix sta TID stats leak on a few nl80211 callsFelix Fietkau2020-01-142-0/+43
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: renumber subsys patches accepted upstreamFelix Fietkau2020-01-144-0/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* base-files: use jshn lib for ubus sysupgrade argument generationFlorian Eckert2020-01-141-14/+11
| | | | | | | | With this change the well known jshn library will be used, to build the json arguments for the ubus sysupgrade method. This is also used in all other shell program that uses JSON. This commit unifies that. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* rpcd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | This activates PIE ASLR support by default when the regular option is selected. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* odhcpd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: odhcpd-ipv6only Installed-Size: 36821 -> 38216 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: procd Installed-Size: 44931 -> 47362 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ubus: activate PIE ASLR by defaultPetr Štetiar2020-01-141-1/+2
| | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: ubus Installed-Size: 5602 -> 5950 ubusd Installed-Size: 11643 -> 12119 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uhttpd: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 39% uncompressed and 21% compressed on MIPS BE. old: 33,189 /usr/sbin/uhttpd 23,016 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk new: 46,212 /usr/sbin/uhttpd 27,979 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* hostapd: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 26% uncompressed and 16% compressed on MIPS BE. old: 460,933 /usr/sbin/wpad 283,891 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk new: 584,508 /usr/sbin/wpad 330,281 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* dropbear: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 18% uncompressed and 17% compressed on MIPS BE. old: 164,261 /usr/sbin/dropbear 85,648 dropbear_2019.78-2_mips_24kc.ipk new: 194,492 /usr/sbin/dropbear 100,309 dropbear_2019.78-2_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* dnsmasq: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 37% uncompressed and 18% compressed on MIPS BE. old: 146,933 /usr/sbin/dnsmasq 101,837 dnsmasq_2.80-14_mips_24kc.ipk new: 202,020 /usr/sbin/dnsmasq 120,577 dnsmasq_2.80-14_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* ethtool: bump to 5.4Hans Dedecker2020-01-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7dc0af7 Release version 5.4. 914912e ethtool: add 0x16 and 0x1c extended compliance codes 600b779 ethtool: mark 10G Base-ER as SFF-8472 revision 10.4 onwards 696565d ethtool: correctly interpret bitrate of 255 2941970 fix unused parameter warning in e1000_get_mac_type() 5e814f2 fix unused parameter warning in fjes_dump_regs() b1a5279 fix unused parameter warning in ixgb_dump_regs() 6608751 fix unused parameter warning in ibm_emac_dump_regs() 1c30119 fix unused parameter warning in et131x_dump_regs() a56aba4 fix unused parameter warning in amd8111e_dump_regs() f40d32d fix unused parameter warning in fec_dump_regs() 8b84f1a fix unused parameter warning in at76c50x_usb_dump_regs() f725f5a fix unused parameter warning in smsc911x_dump_regs() a12cd66 fix unused parameter warning in e1000_dump_regs() e058656 fix unused parameter warning in igb_dump_regs() debac02 fix unused parameter warning in de2104[01]_dump_regs() d434eea fix unused parameter warning in e100_dump_regs() 8df12f3 fix unused parameter warning in vioc_dump_regs() 92d716b fix unused parameter warning in tg3_dump_{eeprom, regs}() 211c99e fix unused parameter warning in fec_8xx_dump_regs() 362fb8b fix unused parameter warning in ixgbevf_dump_regs() 87903c2 fix unused parameter warning in st_{mac100, gmac}_dump_regs() c1eaddf fix unused parameter warning in vmxnet3_dump_regs() 313c9f8 fix unused parameter warning in dsa_dump_regs() 183e8a2 fix unused parameter warning in {skge, sky2}_dump_regs() 7f84c13 fix unused parameter warning in lan78xx_dump_regs() 02d0aaa fix unused parameter warning in realtek_dump_regs() 726d607 fix unused parameter warning in ixgbe_dump_regs() 967177c fix unused parameter warning in netsemi_dump_eeprom() 710a414 fix unused parameter warning in natsemi_dump_regs() 283398a fix unused parameter warning in print_simple_table() 0404267 fix unused parameter warning in sfc_dump_regs() 57c7298 fix unused parameter warning in altera_tse_dump_regs() 302e91a fix unused parameter warning in dump_eeprom() 2054a8c fix unused parameter warning in find_option() d5432a9 fix unused parameter warnings in do_version() and show_usage() c430e75 fix arithmetic on pointer to void is a GNU extension warning e568431 ethtool: implement support for Energy Detect Power Down e391f4c ethtool: sync ethtool-copy.h: adds support for EDPD Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kernel: remove obsolete kernel version switchesAdrian Schmutzler2020-01-1217-99/+57
| | | | | | | | | After kernel 4.9 has been removed, this removes all (now obsolete) kernel version switches that deal with versions before 4.14. Package kmod-crypto-iv is empty now and thus removed entirely. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ipq40xx: add support for EZVIZ CS-W3-WD1200G EUPTom Brouwer2020-01-122-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardware: SOC: Qualcomm IPQ4018 RAM: 128 MB Nanya NT5CC64M16GP-DI FLASH: 16 MB Macronix MX25L12805D ETH: Qualcomm QCA8075 (4 Gigabit ports, 3xLAN, 1xWAN) WLAN: Qualcomm IPQ4018 (2.4 & 5 Ghz) BUTTON: Shared WPS/Reset button LED: RGB Status/Power LED SERIAL: Header J8 (UART, Left side of board). Numbered from top to bottom: (1) GND, (2) TX, (3) RX, (4) VCC (White triangle next to it). 3.3v, 115200, 8N1 Tested/Working: * Ethernet * WiFi (2.4 and 5GHz) * Status LED * Reset Button (See note below) Implementation notes: * The shared WPS/Reset button is implemented as a Reset button * I could not find a original firmware image to reverse engineer, meaning currently it's not possible to flash OpenWrt through the Web GUI. Installation (Through Serial console & TFTP): 1. Set your PC to fixed IP 192.168.1.12, Netmask 255.255.255.0, and connect to one of the LAN ports 2. Rename the initramfs image to 'C0A8010B.img' and enable a TFTP server on your pc, to serve the image 2. Connect to the router through serial (See connection properties above) 3. Hit a key during startup, to pause startup 4. type `setenv serverip 192.168.1.12`, to set the tftp server address 5. type `tftpboot`, to load the image from the laptop through tftp 6. type `bootm` to run the loaded image from memory 6. (If you want to return to stock firmware later, create an full MTD backup, e.g. using instructions here https://openwrt.org/docs/guide-user/installation/generic.backup#create_full_mtd_backup) 7. Transfer the 'sysupgrade' OpenWrt firmware image from PC to router, e.g.: `scp xxx-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/upgrade.bin` 8. Run sysupgrade to permanently install OpenWrt to flash: `sysupgrade -n /tmp/upgrade.bin` Revert to stock: To revert to stock, you need the MTD backup from step 6 above: 1. Unpack the MTD backup archive 2. Transfer the 'firmware' partition image to the router (e.g. mtd8_firmware.backup) 3. On the router, do `mtd write mtd8_firmware.backup firmware` Signed-off-by: Tom Brouwer <tombrouwer@outlook.com> [removed BOARD_NAME, OpenWRT->OpenWrt, changed LED device name to board name] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: add kmod packages for Broadcom bcm53xxx switch supportTobias Schramm2020-01-121-0/+30
| | | | Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
* kmod-sched-cake: bump to 20200110Kevin Darbyshire-Bryant2020-01-111-2/+2
| | | | | | | | | | | | | | | | | Keep up with a small amount of churn in the upstream repository. Upstream now represents the version of CAKE as found in the linux kernel from 4.19 onwards but with some compatibility stubs to allow building on <4.19. After a diversion related to an experimental ECN implementation which has now been reverted, the important and relevant changes for us are: 8a8946b sch_cake: avoid possible divide by zero in cake_enqueue() 183b320 RFC 8622 diffserv3, 4 & 8 LE PHB support 6ff4561 sch_cake: Make sure we can write the IP header before changing DSCP bits 9fba602 sch_cake: Use tc_skb_protocol for getting packet protocol Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard-tools: bump to 1.0.20200102Jason A. Donenfeld2020-01-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * systemd: update documentation URL * global: bump copyright Usual house keeping. * Makefile: DEBUG_TOOLS -> DEBUG and document * Makefile: port static analysis check * dns-hatchet: adjust path for new repo layout * Makefile: rework automatic version.h mangling These are some important-ish cleanups for downstream package maintainers that should make packaging this a lot smoother. * man: add documentation about removing explicit listen-port Documentation improvement. * wg-quick: linux: quote ifname for nft This should fix issues with weirdly named ifnames and odd versions of nft(8). * fuzz: find bugs in the config syntax parser * fuzz: find bugs when parsing uapi input These are two fuzzers that have been laying around without a repo for a while. Perhaps somebody with enough compute power will find bugs with them. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard: bump to 0.0.20200105Jason A. Donenfeld2020-01-091-2/+2
| | | | | | | | | | | | | | | | | | | * socket: mark skbs as not on list when receiving via gro Certain drivers will pass gro skbs to udp, at which point the udp driver simply iterates through them and passes them off to encap_rcv, which is where we pick up. At the moment, we're not attempting to coalesce these into bundles, but we also don't want to wind up having cascaded lists of skbs treated separately. The right behavior here, then, is to just mark each incoming one as not on a list. This can be seen in practice, for example, with Qualcomm's rmnet_perf driver. This lead to crashes on OnePlus devices and possibly other Qualcomm 4.14 devices. But I fear that it could lead to issues on other drivers on weird OpenWRT routers. This commit is upstream in net-next as: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=736775d06bac60d7a353e405398b48b2bd8b1e54 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* dnsmasq: add uci-defaults script for config migrationDaniel Golle2020-01-092-1/+9
| | | | | | | | | When running sysupgrade from an existing configuration, UCI option dhcp.@dnsmasq[0].resolvfile needs to be modified in case it has not been changed from it's original value. Accomplish that using a uci-defaults script. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: disable ft_psk_generate_local for non-PSK networksDavid Bauer2020-01-091-1/+9
| | | | | | | | | | | | Without this commit, ft_psk_generate_local is enabled for non-PSK networks by default. This breaks 802.11r for EAP networks. Disable ft_psk_generate_local by default for non-PSK networks resolves this misbehavior. Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net> Signed-off-by: David Bauer <mail@david-bauer.net> Tested-by: Martin Weinelt <martin@darmstadt.freifunk.net>
* ixp4xx: remove unmaintained targetAdrian Schmutzler2020-01-0814-712/+0
| | | | | | | | | | | This target is still on kernel 4.9, and it looks like there is no active maintainer for this target anymore. Remove the code and all the packages which are only used by this target. To add this target to OpenWrt again port it to a recent and supported kernel version. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ar7: remove unmaintained targetAdrian Schmutzler2020-01-0839-10017/+1
| | | | | | | | | | | This target seems to have been unmaintained for quite a while, and not a single tester for the (now outdated) kernel 4.14 patches has been found. Remove the code and all the packages which are only used by this target. To add this target to OpenWrt again port it to a recent and supported kernel version. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>