aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* packages/utils: fbtest fix MakefileThibaut VARÈNE2020-05-281-1/+1
| | | | | | | | | The clean target tries to remove what looks like a bogus 'rbcfg', probably carried over copy-pasta. Remove the name of the generated executable ('fbtest') instead. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> Fixes: 8099f4e0d3af ("fbtest utility ")
* package/base-files: caldata: work around dd's limitationThibaut VARÈNE2020-05-282-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tl;dr: dd will silently truncate the output if reading from special files (e.g. sysfs attributes) with a too large bs parameter. This problem was exposed on some RouterBOARD ipq40xx devices which use a caldata payload which is larger than PAGE_SIZE, contrary to all other currently supported RouterBOARD devices: the caldata would fail to properly load with the current scripts. Background: dd doesn't seem to correctly handle read() results that return less than requested data. sysfs attributes have a kernel exchange buffer which is at most PAGE_SIZE big, so only 1 page can be read() at a time. In this case, if bs is larger than PAGE_SIZE, dd will silently truncate blocks to PAGE_SIZE. With the current scripts using bs=<size> count=1, the data is truncated to PAGE_SIZE as soon as the requested <size> exceeds this value. This commit works around this problem by using `cat` in the caldata routines that can read from a file (routines that read from mtd devices are untouched). cat correctly handles partial read requests. The output is then piped to dd with the same parameters as before, to ensure that the resulting file remains exactly the same. This is a simple workaround, the downside is that it uses a pipe and one more executable, and therefore has a larger memory footprint and is slower. This is deemed acceptable considering these routines are only used at boot time. Tested-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* packages/boot: remove rbcfgThibaut VARÈNE2020-05-286-1349/+0
| | | | | | | The new sysfs soft_config driver makes buggy rbcfg obsolete and entirely replaces it. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* cypress-firmware: add PROVIDES sectionsÁlvaro Fernández Rojas2020-05-281-0/+4
| | | | | | Some firmwares are already provided by linux-firmware. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm27xx-gpu-fw: update to latest versionÁlvaro Fernández Rojas2020-05-281-15/+15
| | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* rpcd: update to latest Git HEADJo-Philipp Wich2020-05-261-4/+4
| | | | | | | 078bb57 uci: reset uci_ptr flags when merging options during section add 3df62bc session: deny access if password login is disabled Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uboot-envtools: ath79: add Netgear WNDR4300SWStijn Segers2020-05-261-1/+2
| | | | | | Add Netgear WNDR4300SW to the list of supported boards. Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* libubox: update to the latest versionFelix Fietkau2020-05-261-3/+3
| | | | | | | | | | 86818eaa976b blob: make blob_parse_untrusted more permissive cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len c2fc622b771f blobmsg: fix length in blobmsg_check_array 639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name 66195aee5042 blobmsg: fix missing length checks Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: update to the latest masterRafał Miłecki2020-05-241-3/+3
| | | | | | | | | | 5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len() eeddf22 tests: runqueue: try to fix race on GitLab CI 89fb613 libubox: runqueue: fix use-after-free bug 1db3e7d libubox: runqueue fix comment in header 7c4ef0d tests: list: add test case for list_empty iterator Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ucert: update to latest git HEADMatthias Schiffer2020-05-241-3/+3
| | | | | | | | | | | | | | | | | | | | 00b921d80ac0 Do not print line number in debug messages 96c42c5ed320 Fix length checks in cert_load() fe06b4b836b3 usign-exec: improve usign -F output handling 19f9e1917e1b usign-exec: return code fixes 077feb5b5824 usign-exec: close writing end of pipe early in parent process 7ec4bb764e1e usign-exec: remove redundant return statements 5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17] 112488bbbccc usign-exec: do not close stdin and stderr before exec 38dcb1a6f121 usign-exec: fix exec error handling a9be4fb17df2 usign-exec: simplify usign execv calls 854d93e2326a Introduce read_file() helper, improve error reporting afc86f352bf7 Fix return code of write_file() fdff10852326 stdout/stderr improvements dddb2aa8124d ci: fix unit test failures by enabling full ucert build 5f206bcfe5c2 ci: enable unit testing Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* usign: update to latest git HEADMatthias Schiffer2020-05-231-3/+3
| | | | | | f1f65026a941 Always pad fingerprints to 16 characters Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* hostapd: add WEP as queryable build featureDavid Bauer2020-05-221-0/+4
| | | | | | | | | | | Commit 472fd98c5b12 ("hostapd: disable support for Wired Equivalent Privacy by default") made support for WEP optional. Expose the WEP support to LuCi or other userspace tools using the existing interface. This way they are able to remove WEP from the available ciphers if hostapd is built without WEP support. Signed-off-by: David Bauer <mail@david-bauer.net>
* mac80211: Fix build on mpc85xx targetHauke Mehrtens2020-05-212-1/+32
| | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following compile error seen on the mpc85xx target: CC [M] /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89: /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t' typedef _Addr ptrdiff_t; ^~~~~~~~~ In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4, from ./include/linux/list.h:5, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3, from ./include/linux/module.h:9, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79: ./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here typedef __kernel_ptrdiff_t ptrdiff_t; ^~~~~~~~~ scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed Fixes: 289c6324259e ("mac80211: Update to version 5.7-rc3-1") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* firewall: add rule for traceroute supportPhilip Prindeville2020-05-211-0/+13
| | | | | | | | | | | | | | | | | Running your firewall's "wan" zone in REJECT zone (1) exposes the presence of the router, (2) depending on the sophistication of fingerprinting tools might identify the OS and release running on the firewall which then identifies known vulnerabilities with it and (3) perhaps most importantly of all, your firewall can be used in a DDoS reflection attack with spoofed traffic generating ICMP Unreachables or TCP RST's to overwhelm a victim or saturate his link. This rule, when enabled, allows traceroute to work even when the default input policy of the firewall for the wan zone has been set to DROP. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* netifd: ingress/egress vlan qos mapping supportHans Dedecker2020-05-211-3/+3
| | | | | | 74e0222 vlandev: support setting ingress/egress QoS mappings Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mac80211: Update to version 5.7-rc3-1Hauke Mehrtens2020-05-2124-297/+511
| | | | | | | | | | | This updates the mac80211 backport. The removed patches are already integrated in the upstream version. The 131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch patch was manually adapted to the changes in kernel 5.7. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.6.8-1Hauke Mehrtens2020-05-2138-1419/+58
| | | | | | | | This updates the mac80211 backport. The removed patches are already integrated in the upstream version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.5.19Hauke Mehrtens2020-05-2143-2899/+420
| | | | | | | | This updates the mac80211 backport. The removed patches are already integrated in the upstream version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.4.36-1Hauke Mehrtens2020-05-2117-198/+50
| | | | | | | | | This updates the mac80211 backport to the latest minor version. The removed patch was a backport from the upstream kernel which is now integrated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: bring back mesh patchesDaniel Golle2020-05-2128-108/+792
| | | | | | | | | | | | | Bring back 802.11s mesh features to the level previously available before the recent hostapd version bump. This is mostly to support use of 802.11s on DFS channels, but also making mesh forwarding configurable which is crucial for use of 802.11s MAC with other routing protocols, such as batman-adv, on top. While at it, fix new compiler warning by adapting 700-wifi-reload.patch to upstream changes, now building without any warnings again. Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wireguard: bump to 1.0.20200520Jason A. Donenfeld2020-05-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This version has the various slew of bug fixes and compat fixes and such, but the most interesting thing from an OpenWRT perspective is that WireGuard now plays nicely with cake and fq_codel. I'll be very interested to hear from OpenWRT users whether this makes a measurable difference. Usual set of full changes follows. This release aligns with the changes I sent to DaveM for 5.7-rc7 and were pushed to net.git about 45 minutes ago. * qemu: use newer iproute2 for gcc-10 * qemu: add -fcommon for compiling ping with gcc-10 These enable the test suite to compile with gcc-10. * noise: read preshared key while taking lock Matt noticed a benign data race when porting the Linux code to OpenBSD. * queueing: preserve flow hash across packet scrubbing * noise: separate receive counter from send counter WireGuard now works with fq_codel, cake, and other qdiscs that make use of skb->hash. This should significantly improve latency spikes related to buffer bloat. Here's a before and after graph from some data Toke measured: https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png * compat: support RHEL 8 as 8.2, drop 8.1 support * compat: support CentOS 8 explicitly * compat: RHEL7 backported the skb hash renamings The usual RHEL churn. * compat: backport renamed/missing skb hash members The new support for fq_codel and friends meant more backporting work. * compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4 The main motivation for releasing this now: three stable kernels were released at the same time, with a patch that necessitated updating in our compat layer. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: disable support for Wired Equivalent Privacy by defaultPetr Štetiar2020-05-212-0/+14
| | | | | | | | | | | | | | | | | | | Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional build parameter") has made WEP functionality an optional build parameter disabled as default, because WEP should not be used for anything anymore. As a step towards removing it completely, they moved all WEP related functionality behind CONFIG_WEP blocks and disabled it by default. This functionality is subject to be completely removed in a future release. So follow this good security advice, deprecation notice and disable WEP by default, but still allow custom builds with WEP support via CONFIG_WPA_ENABLE_WEP config option till upstream removes support for WEP completely. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848edPetr Štetiar2020-05-2147-1327/+262
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump package to latest upstream Git HEAD which is commit dd2daf0848ed ("HE: Process HE 6 GHz band capab from associating HE STA"). Since last update there was 1238 commits done in the upstream tree with 618 files changed, 53399 insertions, 24928 deletions. I didn't bothered to rebase mesh patches as the changes seems not trivial and I don't have enough knowledge of those parts to do/test that properly, so someone else has to forward port them, ideally upstream them so we don't need to bother anymore. I've just deleted them for now: 004-mesh-use-setup-completion-callback-to-complete-mesh-.patch 005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch 006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch 007-mesh-apply-channel-attributes-before-running-Mesh.patch 011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch 013-mesh-do-not-allow-pri-sec-channel-switch.patch 015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch 016-mesh-fix-channel-switch-error-during-CAC.patch 018-mesh-make-forwarding-configurable.patch Refreshed all other patches, removed upstreamed patches: 051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch 067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch 070-driver_nl80211-fix-WMM-queue-mapping-for-regulatory-.patch 071-driver_nl80211-fix-regulatory-limits-for-wmm-cwmin-c.patch 090-wolfssl-fix-crypto_bignum_sum.patch 091-0001-wolfssl-Fix-compiler-warnings-on-size_t-printf-forma.patch 091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch 091-0003-wolfssl-Do-not-hardcode-include-directory-in-wpa_sup.patch 800-usleep.patch Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq8065/NBG6817; ipq40xx/MAP-AC2200] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* fuse: move package to packages feedRosen Penev2020-05-204-154/+0
| | | | | | | | | | This package was last updated in 2016. All of the dependent packages are in the packages feeds, where this will be moved. Ref: https://github.com/openwrt/packages/pull/12190 Signed-off-by: Rosen Penev <rosenp@gmail.com> [commit subject/description tweaks] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: update to 4.4.0-stableEneas U de Queiroz2020-05-201-2/+2
| | | | | | | | | | | | This version adds many bugfixes, including a couple of security vulnerabilities: - For fast math (enabled by wpa_supplicant option), use a constant time modular inverse when mapping to affine when operation involves a private key - keygen, calc shared secret, sign. - Change constant time and cache resistant ECC mulmod. Ensure points being operated on change to make constant time. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* kernel: kmod-ptp-qoriq: Package kernel object fileJeffery To2020-05-201-2/+2
| | | | | | | This updates the package to contain the kernel object (.ko) file instead of the plain object (.o) file. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* ramips: Add support for Xiaomi Redmi Router AC2100 (RM2100)Richard Huynh2020-05-201-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specification: - CPU: MediaTek MT7621A - RAM: 128 MB DDR3 - FLASH: 128 MB ESMT NAND - WIFI: 2x2 802.11bgn (MT7603) - WIFI: 4x4 802.11ac (MT7615) - ETH: 3xLAN+1xWAN 1000base-T - LED: Power, WAN, in Amber and White - UART: On board near ethernet, opposite side from power - Modified u-boot Installation: 1. Run linked exploit to get shell, startup telnet and wget the files over 2. mtd write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-kernel1.bin kernel1 3. nvram set uart_en=1 4. nvram set bootdelay=5 5. nvram set flag_try_sys1_failed=1 6. nvram commit 7. mtd -r write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-rootfs0.bin rootfs0 Restore to stock: 1. Setup PXE and TFTP server serving stock firmware image (See dhcp-boot option of dnsmasq) 2. Hold reset button down before powering on and wait for flashing amber led 3. Release reset button 4. Wait until status led changes from flashing amber to white Notes: This device has dual kernel and rootfs slots like other Xiaomi devices currently supported (mir3g, etc.) thus, we use the second slot and overwrite the first rootfs onwards in order to get more space. Exploit and detailed instructions: https://openwrt.org/toh/xiaomi/xiaomi_redmi_router_ac2100 An implementation of CVE-2020-8597 against stock firmware version 1.0.14 This requires a computer with ethernet plugged into the wan port and an active PPPoE session, and if successful will open a reverse shell to 192.168.31.177 on port 31337. As this shell is somewhat unreliable and likely to be killed in a random amount of time, it is recommended to wget a static compiled busybox binary onto the device and start telnetd with it. The stock telnetd and dropbear unfortunately appear inoperable. (Disabled on release versions of stock firmware likely) Ie. wget https://yourip/busybox-mipsel -O /tmp/busybox chmod a+x /tmp/busybox /tmp/busybox telnetd -l /bin/sh Tested-by: David Martinez <bonkilla@gmail.com> Signed-off-by: Richard Huynh <voxlympha@gmail.com>
* bcm63xx-cfe: fix build with CONFIG_AUTOREMOVEÁlvaro Fernández Rojas2020-05-201-6/+7
| | | | | | | | | | | When CONFIG_AUTOREMOVE is enabled, CFE binaries are removed before the image creation. Install CFE binaries to kernel directory and let autoremove clean the files in PKG_BUILD_DIR. Also drop unneeded tar cmd/options. Fixes: dcee4eaa4214 ("bcm63xx-cfe: add package with CFE RAM binaries") Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* wireguard-tools: bump to 1.0.20200513Jason A. Donenfeld2020-05-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ipc: add support for openbsd kernel implementation * ipc: cleanup openbsd support * wg-quick: add support for openbsd kernel implementation * wg-quick: cleanup openbsd support Very exciting! wg(8) and wg-quick(8) now support the kernel implementation for OpenBSD. OpenBSD is the second kernel, after Linux, to receive full fledged and supported WireGuard kernel support. We'll probably send our patch set up to the list during this next week. `ifconfig wg0 create` to make an interface, and `wg ...` like usual to configure WireGuard aspects of it, like usual. * wg-quick: support dns search domains If DNS= has a non-IP in it, it is now treated as a search domain in resolv.conf. This new feature will be rolling out across our various GUI clients in the next week or so. * Makefile: simplify silent cleaning * ipc: remove extra space * git: add gitattributes so tarball doesn't have gitignore files * terminal: specialize color_mode to stdout only Small cleanups. * highlighter: insist on 256-bit keys, not 257-bit or 258-bit The highlighter's key checker is now stricter with base64 validation. * wg-quick: android: support application whitelist Android users can now have an application whitelist instead of application blacklist. * systemd: add wg-quick.target This enables all wg-quick at .services to be restarted or managed as a unit via wg-quick.target. * Makefile: remember to install all systemd units Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* bcm63xx: smp: add NAND supportÁlvaro Fernández Rojas2020-05-181-1/+1
| | | | | | NAND controller is present on BCM6328, BCM6362, BCM6368 and BCM63268. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm63xx-cfe: add package with CFE RAM binariesÁlvaro Fernández Rojas2020-05-181-0/+42
| | | | | | | CFE RAM is a second stage bootloader which is usually loaded by CFE ROM (first stage bootloader) from a JFFS2 partition stored on the NAND. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* base-files: switch_to_ramfs: add nand-utilsÁlvaro Fernández Rojas2020-05-182-2/+2
| | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* ramips: add support for Linksys EA7500 v2Davide Fioravanti2020-05-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Linksys EA7500 v2 is advertised as AC1900, but its internal hardware is AC2600 capable. Hardware -------- SoC: Mediatek MT7621AT (880 MHz, 2 cores 4 threads) RAM: 256M (Nanya NT5CC128M16IP-DI) FLASH: 128MB NAND (Macronix MX30LF1G18AC-TI) ETH: 5x 10/100/1000 Mbps Ethernet (MT7530) WIFI: - 2.4GHz: 1x MT7615N (4x4:4) - 5GHz: 1x MT7615N (4x4:4) - 4 antennas: 3 external detachable antennas and 1 internal USB: - 1x USB 3.0 - 1x USB 2.0 BTN: - 1x Reset button - 1x WPS button LEDS: - 1x White led (Power) - 6x Green leds (link lan1-lan4, link wan, wps) - 5x Orange leds (act lan1-lan4, act wan) (working but unmodifiable) Everything works correctly. Installation ------------ The “factory” openwrt image can be flashed directly from OEM stock firmware. After the flash the router will reboot automatically. However, due to the dual boot system, the first installation could fail (if you want to know why, read the footnotes). If the flash succeed and you can reach OpenWrt through the web interface or ssh, you are done. Otherwise the router will try to boot 3 times and then will automatically boot the OEM firmware (don’t turn off the router. Simply wait and try to reach the router through the web interface every now and then, it will take few minutes). After this, you should be back in the OEM firmware. Now you have to flash the OEM Firmware over itself using the OEM web interface (I tested it using the FW_EA7500v2_2.0.8.194281_prod.img downloaded from the Linksys website). When the router reboots flash the “factory” OpenWrt image and this time it should work. After the OpenWrt installation you have to use the sysupgrade image for future updates. Restore OEM Firmware -------------------- After the OpenWrt flash, the OEM firmware is still stored in the second partition thanks to the dual boot system. You can switch from OpenWrt to OEM firmware and vice-versa failing the boot 3 times in a row: 1) power on the router 2) wait 15 seconds 3) power off the router 4) repeat steps 1-2-3 twice more. 5) power on the router and you should be in the “other” firmware If you want to completely remove OpenWrt from your router, switch to the OEM firmware and then flash OEM firmware from the web interface as a normal update. This procedure will overwrite the OpenWrt partition. Footnotes --------- The Linksys EA7500-v2 has a dual boot system to avoid bricks. This system works using 2 pair of partitions: 1) "kernel" and "rootfs" 2) "alt_kernel" and "alt_rootfs". After 3 failed boot attempts, the bootloader tries to boot the other pair of partitions and so on. This system is managed by the bootloader, which writes a bootcount in the s_env partition, and if successfully booted, the system add a "zero-bootcount" after the previous value. A system update performed from OEM firmware, writes the firmware on the other pair of partitions and sets the bootloader to boot the new pair of partitions editing the “boot_part” variable in the bootloader vars. Effectively it's a quick and safe system to switch the selected boot partition. Another way to switch the boot partition is: 1) power on the router 2) wait 15 seconds 3) power off the router 4) repeat steps 1-2-3 twice more. 5) power on the router and you should be in the “other” firmware In this OpenWrt port, this dual boot system is partially working because the bootloader sets the right rootfs partition in the cmdline but unfortunately OpenWrt for ramips platform overwrites the cmdline so is not possible to detect the right rootfs partition. Because all of this, I preferred to simply use the first pair of partitions and set read-only the other pair. However this solution is not optimal because is not possible to know without opening the case which is the current booted partition. Let’s take for example a router booting the OEM firmware from the first pair of partitions. If we flash the OpenWrt image, it will be written on the second pair. In this situation the router will bootloop 3 times and then will automatically come back to the first pair of partitions containg the OEM firmware. In this situation, to flash OpenWrt correctly is necessary to switch the booting partition, flashing again the OEM firmware over itself. At this point the OEM firmware is on both pair of partitions but the current booted pair is the second one. Now, flashing the OpenWrt factory image will write the firmware on the first pair and then will boot correctly. If this limitation in the ramips platform about the cmdline will be fixed, the dual boot system can also be implemented in OpenWrt with almost no effort. Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com> Co-Developed-by: Jackson Lim <jackcolentern@gmail.com> Signed-off-by: Jackson Lim <jackcolentern@gmail.com>
* mtd: add linksys_bootcount for ramipsDavide Fioravanti2020-05-171-1/+1
| | | | | | | | | | | | | Reset bc is needed for Linksys EA7500 v2's dual boot. Size impact (tested with Linksys EA7500 v2 @ mt7621): mtd_25_mipsel_24kc.ipk: 13174 -> 13628 (454 bytes) initramfs: 3660350 -> 3660688 (338 bytes) Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com> [add size impact information] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: drop outdated kernel version switches for local codeAdrian Schmutzler2020-05-1715-174/+0
| | | | | | | | This drops kernel version switches for versions not supported by OpenWrt master at the moment. This only adjusts local code, but doesn't touch patches to existing external packages. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* hostapd: backport wolfssl bignum fixesDaniel Golle2020-05-164-1/+107
| | | | | | | | crypto_bignum_rand() use needless time-consuming filtering which resulted in SAE no longer connecting within time limits. Import fixes from hostap upstream to fix that. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: jail: fix segfault and add console featureDaniel Golle2020-05-152-3/+17
| | | | | | | | 2e73848 jail: SIGSEGV must not be forwarded to the child process 7e150f6 jail: unnamed jails can not have netns (fix segfault) 1ab539b jail: add option to provide /dev/console to containers Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: replace backticks by $(...)Adrian Schmutzler2020-05-132-3/+3
| | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* wwan: replace backticks by $(...)Adrian Schmutzler2020-05-131-1/+1
| | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* comgt: replace backticks by $(...)Adrian Schmutzler2020-05-131-2/+2
| | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* netifd: replace backticks by $(...)Adrian Schmutzler2020-05-133-3/+3
| | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* mac80211: replace backticks by $(...)Adrian Schmutzler2020-05-132-2/+2
| | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ltq-vdsl-fw: replace backticks by $(...)Adrian Schmutzler2020-05-131-3/+3
| | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ltq-vdsl-app: replace backticks by $(...)Adrian Schmutzler2020-05-131-1/+1
| | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* libjson-c: backport security fixesRobert Marko2020-05-135-1/+175
| | | | | | | | | | | | This backports upstream fixes for the out of bounds write vulnerability in json-c. It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592 Addresses CVE-2020-12762 Signed-off-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* fstools: blockd: fix segfault triggered by non-autofs mountsDaniel Golle2020-05-121-3/+3
| | | | | | | | | | Program received signal SIGSEGV, Segmentation fault. main_autofs (argv=<optimized out>, argc=<optimized out>) at fstools-2020-05-06-eec16e2f/block.c:1193 1193: if (!m->autofs && (mp = find_mount_point(pr->dev))) { Fixes: c3a43753b9 ("fstools: update to the latest version") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* umdns: re-enable address-of-packed-member warningKevin Darbyshire-Bryant2020-05-101-1/+1
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: hotplug script tidyupKevin Darbyshire-Bryant2020-05-102-6/+3
| | | | | | | | Hotplug scripts are sourced so the #!/bin/sh is superfluous/deceptive. Re-arrange script to only source 'procd' if we get to the stage of needing to signal the process, reduce hotplug processing load a little. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* mac80211: distance config: allow "auto" as a valueAli MJ Al-Nasrawy2020-05-091-1/+2
| | | | | | | | | The user can now enable the ACK timeout estimation algorithm (dynack) for drivers that support it. It is also expected that the distance config accepts the same values as: $ iw phyX set distance XXX Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
* mvebu: uDPU: switch default kernel and U-Boot PHY modeJakov Petrina2020-05-091-0/+43
| | | | | | | | | | | | | | | | Certain SFP modules (most notably Nokia GPON ones) first check connectivity on 1000base-x, and switch to 2500base-x afterwards. This is considered a quirk so the phylink switches the interface to 2500base-x as well. However, after power-cycling the uDPU device, network interface/SFP module will not work correctly until the module is re-seated. This patch resolves this issue by forcing the interface to be brought up in 2500base-x mode by default. Signed-off-by: Jakov Petrina <jakov.petrina@sartura.hr> Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr> Cc: Luka Perkov <luka.perkov@sartura.hr>