| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Now that $UPGRADE_BACKUP is set conditionally there is no need to check
the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
| |
b8238df sysupgrade: support "backup" attribute
This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
| |
This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make treat copy-kernel.o as intermediate and delete it when it's no
longer needed. This can fail when the same submake was triggered
multiple times for different devices.
arm-openwrt-linux-muslgnueabi-as -k -o copy-kernel.o copy-kernel.S
export MAKEFLAGS= ;make -w -C copy-kernel CROSS_COMPILE=arm-openwrt-linux-muslgnueabi-
arm-openwrt-linux-muslgnueabi-objcopy -O binary -S copy-kernel.o copy-kernel.bin
make[5]: Entering directory '/builder/shared-workdir/build/target/linux/gemini/image/copy-kernel'
arm-openwrt-linux-muslgnueabi-objcopy -O binary -S copy-kernel.o copy-kernel.bin
rm copy-kernel.o
make[5]: Leaving directory '/builder/shared-workdir/build/target/linux/gemini/image/copy-kernel'
# "App" partition is the rootfs
arm-openwrt-linux-muslgnueabi-objcopy: 'copy-kernel.o': No such file
Makefile:27: recipe for target 'copy-kernel.bin' failed
make[5]: Leaving directory '/builder/shared-workdir/build/target/linux/gemini/image/copy-kernel'
make[5]: *** [copy-kernel.bin] Error 1
Makefile:244: recipe for target '/builder/shared-workdir/build/build_dir/target-arm_fa526_musl_eabi/linux-gemini/tmp/openwrt-gemini-storlink_sl93512r-ext4-factory.bin' failed
make[4]: *** [/builder/shared-workdir/build/build_dir/target-arm_fa526_musl_eabi/linux-gemini/tmp/openwrt-gemini-storlink_sl93512r-ext4-factory.bin] Error 2
With this change, output files are directed to $(KDIR)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
|
|
|
|
|
|
|
|
| |
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes:
CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment"
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
This shouöld not affect OpenWrt in the default settings as we do not use
EAP-pwd.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
| |
The 2.4 GHz radio had very poor signal reception (-89 dBm for an AP
sitting 5 m away). By enabling the external amplifier, received signal
has improved to -50 dBm for the same AP.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
|
|
|
|
|
|
| |
e2a7bc4 iwinfo: add WPA3 support
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
Patch getting RAM info got upstreamed. A debugging fs entry for testing
reset feature was added.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
5f0d2e0491 [AArch64] Add ifunc support for Ares
e6b7252040 aarch64,falkor: Use vector registers for memcpy
c74b884f70 aarch64,falkor: Ignore prefetcher tagging for smaller copies
0fc5934ebd aarch64/strncmp: Use lsr instead of mov+lsr
e0a0bd3acc aarch64/strncmp: Unbreak builds with old binutils
638caf3000 aarch64: Improve strncmp for mutually misaligned inputs
d5f45a29ff aarch64/strcmp: fix misaligned loop jump target
7f690fafad aarch64: Improve strcmp unaligned performance
40df047b3b aarch64: Fix branch target to loop16
062139f233 aarch64: Optimized memcmp for medium to large sizes
f3e2add213 aarch64: Use the L() macro for labels in memcmp
22bd3ab40e posix: Fix large mmap64 offset for mips64n32 (BZ#24699)
bdd16894aa aarch64: handle STO_AARCH64_VARIANT_PCS
0b48caab9a aarch64: add STO_AARCH64_VARIANT_PCS and DT_AARCH64_VARIANT_PCS
949da7f2fd io: Remove copy_file_range emulation [BZ #24744]
f056ac8363 libio: do not attempt to free wide buffers of legacy streams [BZ #24228]
5f90e009b1 NEWS: add entries for bugs 22964, 24180, and 24531
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
69eeb1b file: refactor message parsing and permission checking
f65527a iwinfo: expose all rate info fields in assoclist reply
7fec636 sys: fix symbol redeclaration
27c24c7 rpcd: sys: actually move timespec declaration
345363b file: add remove operation
604db20 rpcd: Switch to nanosleep
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
| |
487bd0d utils: Fix string format message
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
This allows platform code to check if firmware image can be used with
preserving a backup. It may be used e.g. when installing vendor
firmwares that won't restore appended backup archive.
Suggested-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
| |
4d0c703 firewall3: Fix some format string problems
8c404ef iptables.c: lock the xtables.lock
c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path()
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far, MAC address setup for those devices has been using local
addresses although additional MAC addresses are available on flash.
On device, we found the following situation:
position Y1 Y1S
0x4 *:d4 *:e4
0x8004 *:d6 *:e8
0x28 *:d4 *:e4
0x2e *:d7 *:eb
Since 0x4 and 0x28 yield the same address, the former was set for
ðernet in DTS. However, the typical location on this
architecture is 0x28, so this patch changes that.
For further setup in 02_network, the local bit for lan_mac is
removed, so the address from ðernet is used at all. For wan_mac,
instead of calculating an address with local bit set, this patch
exploits the previously unused address in 0x2e.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes wan MAC address setup from retrieving it by
calculation to reading it from flash.
Changes are limited to cases where on-device check was possible.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[fix mac for newifi-d1; drop adslr,g7 because it's unlikely for
vendor to specifically use 2.4g mac as wan_mac]
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In 555ca422d1cb ("ramips: fix D-Link DIR-615 H1 switch port
mapping"), port setup for dir-615-h1 was changed without removing
the old one. This was working as the new one was triggered earlier
than the old one.
(In the meantine, changed sorting during ramips rename patches
actually inversed that order.)
Anyway, just remove the wrong case now.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
ARC FreeStation5 is present twice in MAC address setup.
From older commits/changes, it is not possible to reconstruct
the correct choice only by reading the annotations.
Thus, remove the second case and keep the first one, so behavior
stays the same (as nobody seems to have complained about it).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes unnecessary MAC address setup statements in
ramips' 02_network by doing several optimizations:
1. For the following devices, lan_mac was set up with
mtd_get_mac_binary although the same address was set in DTS.
The lan_mac statement is removed in 02_network, but
wan_mac is kept:
- mercury,mac1200r-v2
- phicomm,k2g
- skylab,skw92a
- wiznet,wizfi630a
2. For the following devices, wan_mac was set up with
mtd_get_mac_binary although the same address was set in DTS.
The wan_mac statement is removed in 02_network, no
lan_mac is present:
- buffalo,whr-g300n
- glinet,gl-mt300n-v2
- zyxel,keenetic-start
3. For the following device, lan_mac and wan_mac were set up
with mtd_get_mac_binary to the same address as set in DTS.
Both statements are removed in 02_network:
- buffalo,whr-600d
4. For some devices, it was possible to move setup from 02_network
to DTS by introducing previously missing mtd_mac_address:
- buffalo,whr-1166d
- buffalo,whr-300hp2
- buffalo,wsr-600dhp
- ohyeah,oy-0001
- planex,vr500
5. For one device, mtd_mac_address was just wrong and overwritten
by 02_network. Put the correct value in DTS and remove redundant
statement in 02_network:
- asus,rt-ac57u
6. For one device, MAC address defined in DTS is exchanged together
with lan_mac/wan_mac setup in 02_network, so that cases in
02_network can be merged:
- phicomm,k2p
For some devices, an empty case has to be used to prevent them
from falling into the default case and have
WAN address = eth0 address + 1 set to them.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1c0290c5cc6258c48b8ba46b4f9c85a21de4f875.
Dropping the nopad can make the padding overflow into the next erase
block on devices using a non-aligned rootfs start. This breaks the jffs2
overlay partition with the following messages:
[ 30.343877] jffs2_scan_eraseblock(): End of filesystem marker found at 0x10000
[ 30.376512] jffs2: Cowardly refusing to erase blocks on filesystem with no valid JFFS2 nodes
[ 30.385253] jffs2: empty_blocks 196, bad_blocks 0, c->nr_blocks 197
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
|
|
|
|
|
|
| |
e199804 dhcpv6: sanitize oro options
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
| |
This provides TRX validation result to the validation JSON. It also
prevents users from installing broken firmware files.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
| |
Fixes: 853e4dd3 ("ipqx0xx: add Generic subtarget")
Ref: https://forum.openwrt.org/t/ipq40xx-snapshot-not-updated-since-22nd-august/44126
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.
This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
| |
0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code
This update includes a fix for uninitialized variable usage.
Fixes: 7290963d0992 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.
This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
|
|
|
|
|
|
|
| |
The mtd_get_mac_text helper method did not support hexadecimal offset
values, resulting them to break after 75bfc393ba6c ("treewide:
convert MAC address location offsets to hexadecimal")
This commit fixes this by evaluating the hexadecimal input,
converting them to decimal.
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
| |
$CONF_TAR shouldn't be assumed to always point to the sysupgrade.tgz.
This change makes code more generic and allows refactoring $CONF_TAR.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
| |
1) Add BACKUP_FILE and use it when copying an archive to be restored
after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
| |
That was a result of accidentally running "sed" twice on some files.
Fixes: 5797fe84a3b5 ("treewide: replace remaining (not working now) $SAVE_CONFIG uses")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
| |
This var has been replaced by the $UPGRADE_OPT_UPGRADE_OPT_SAVE_CONFIG
Fixes: b534ba961100 ("base-files: pass "save_config" option to the "sysupgrade" method")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This updates the U-Boot which provides the host tools like mkimage to
version 2019.07.
The patches were cleaned up and it was checked if this still compiles
on Linux and FreeBSD.
CONFIG_FIT_SIGNATURE_MAX_SIZE is set to the default value.
The patch for libressl was merged upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
|
|
|
|
|
|
| |
Forcing arm_64bit is no longer required with latest firmware.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
|
|
|
|
| |
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch does the following things:
1. mark u-boot-env writable
2. add bootcount support
Currently, u-boot has a flag_boot_success env variable to reset.
Also reset it in our firmware to follow the behavior in vendor's
firmware.
3. disable usb support
This router doesn't have usb port at all.
4. increase spi clock to 40MHz
5. fix pinmux groups
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
34ac88c system: reject sysupgrade of invalid firmware images by default
f55c235 system: reject sysupgrade of broken firmware images
e990e21 system: add "validate_firmware_image" ubus method
This update changes "sysupgrade" ubus method API. It's now required to
pass "force" attribute whenever invalid firmware is meant to be
installed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
| |
This makes sysupgrade work with the most recent procd that validates
firmware before proceeding.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This provides TRX validation result, so final JSON may look like:
{
"tests": {
"fwtool_signature": true,
"fwtool_device_match": true,
"trx_valid": true
},
"valid": true,
"forceable": true
}
It also prevents users from installing broken firmware files, e.g.:
root@OpenWrt:/# sysupgrade -F -n /tmp/TZ
Image metadata not found
Invalid image type. Please use firmware specific for this device.
Image check failed but --force given - will update anyway!
Commencing upgrade. Closing all shell sessions.
Firmware image is broken and cannot be installed
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
| |
Disable Bluetooth and restore UART to GPIOs 14 & 15.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hardware:
SoC: AR9344
CPU: 560 MHz
Flash: 8 MiB
RAM: 128 MiB
WiFi: Atheros AR9340 2.4GHz 802.11bgn
Atheros AR9300 5GHz 802.11an
Ethernet: AR934X built-in switch, WAN on separate physical interface
USB: 1x 2.0
Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.
Flash instruction (TFTP):
1. Set PC to fixed ip address 192.168.0.66
2. Download *-factory.bin image and rename it to
wdr3500v1_tp_recovery.bin
3. Start a tftp server with the image file in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[removed stray newline]
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This has two improvements over the current version. An autotools fix and
application of the wrt350v2 patch.
Cleaned up Makefile as a result of makefiles being fixed.
Note that this package is not really used as it depends on orion, which is
classified as broken.
This is the last package that uses svn in the tree.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Ensure that the kernel objtool utilities are processed by the library
bundler in order to ensure that they're usable on foreign systems with
different libc versions.
Fixes: a9f6fceb42 ("sdk: fix building external modules when CONFIG_STACK_VALIDATION=y")
Acked-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pass suitable pkg-config overrides to the kernel build process in
order to let our pkg-config wrapper discover libraries provided
by tools/.
This mainly affects the use of libelf which is required for the
CONFIG_STACK_VALIDATION features. So far, the build system either
silently used host system libraries or kbuild simply disabled the
feature due to the lack of a suitable libelf.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When libelf from tools/ is used for building the kernel, compilation
aborts due to access to undefined defines since Kbuild adds -Wundef
to the compiler flags.
Patch the header files to use `#if defined(...)` instead of `#if ...`
to prevent such issues.
Ref: https://github.com/NixOS/nixpkgs/issues/59929
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
Install the pkg-config definition for libelf in order to allow the
kernel build process discover it later on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
| |
Same game as for 853e4dd3062df7cb5704b15d6af6730e3194b571. Add generic
to the filenames.
CC: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 775b70f8d5df renamed parse_file() parameters without
updating the recursive call. This broke parsing of any feeds.conf
using 'src-include'.
$ scripts/feeds update -a
Can't use string ("defaults") as a HASH ref while "strict refs" in use at scripts/feeds line 63, <$fh> line 1.
Fixes: 775b70f8d5df ("scripts/feeds: allow adding parameters to feeds")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
|
|
|
|
|
|
| |
415f9e4 uci/file: replace mktemp() with mkstemp()
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|