aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* wireguard: skip peer config if public key of the peer is not definedFlorian Eckert2020-01-151-0/+5
| | | | | | | | | | | | | | | If a config section of a peer does not have a public key defined, the whole interface does not start. The following log is shown daemon.notice netifd: test (21071): Line unrecognized: `PublicKey=' daemon.notice netifd: test (21071): Configuration parsing erro The command 'wg show' does only show the interface name. With this change we skip the peer for this interface and emit a log message. So the other peers get configured. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* busybox: fix build issuesJohn Crispin2020-01-151-1/+3
| | | | | Fixes: f704f97e4c57 ("busybox: Include hdparm by default on nas type device") Signed-off-by: John Crispin <john@phrozen.org>
* ath79: add support for Netgear WNDR4500 v3Michal Cieslakiewicz2020-01-156-5/+63
| | | | | | | | | | | | | | | | | | | This patch introduces support for Netgear WNDR4500v3. Router is very similar to WNDR4300v2 and is based on the same PCB. Information gathered from various Internet sources (including https://patchwork.ozlabs.org/patch/809227/) shows following differences to WNDR4300v2: * two USB 2.0 ports with separate LEDs * USB LEDs soldered to secondary pads * WPS and RFKILL buttons soldered to secondary pads * described as N900 device with 3x3:3 MIMO for 2.4GHz radio * power supply requirement is DC 12V 2.5A * vendor HW ID suffix differs in one digit * bigger chassis Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
* ath79: add support for Netgear WNDR4300 v2Michal Cieslakiewicz2020-01-157-5/+297
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch introduces support for Netgear WNDR4300v2. Specification ============= * Description: Netgear WNDR4300 v2 * Loader: U-boot * SOC: Qualcomm Atheros QCA9563 (775 MHz) * RAM: 128 MiB * Flash: 2 MiB SPI-NOR + 128 MiB SPI-NAND - NOR: U-boot binary: 256 KiB - NOR: U-boot environment: 64 KiB - NOR: ART Backup: 64 KiB - NOR: Config: 64 KiB - NOR: Traffic Meter: 64 KiB - NOR: POT: 64 KiB - NOR: Reserved: 1408 KiB - NOR: ART: 64 KiB - NAND: Firmware: 25600 KiB (see notes for OpenWrt) - NAND: Language: 2048 KiB - NAND: mtdoops Crash Dump: 128 KiB - NAND: Reserved: 103296 KiB * Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8337) * Wireless: - 2.4 GHz b/g/n (internal) - 5 GHz a/n (AR9580) * USB: yes, 1 x USB 2.0 * Buttons: - Reset - WiFi (rfkill) - WPS * LEDs: - Power (amber/green) - WAN (amber/green) - WLAN 2G (green) - WLAN 5G (blue) - 4 x LAN (amber/green) - USB (green) - WPS (green) * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1 * Power supply: DC 12V 1.5A * MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2 Important Notes =============== 0. NOR Flash (2 MiB) is not touched by OpenWrt installation. 1. NAND Flash (128 MiB) layout under OpenWrt is changed as follows: all space is split between 4 MiB kernel and 124 MiB UBI areas; vendor partitions (language and mtdoops) are removed; kernel space size can be further expanded if needed; maximum image size is set to 25600k for compatibility reasons and can also be increased. 2. CPU clock is 775 MHz, not 750 MHz. 3. 5 GHz wireless radio chip is Atheros AR9580-AR1A with bogus PCI device ID 0xabcd. For ath9k driver to load successfully, this is overriden in DTS with correct value for this chip, 0x0033. 4. RFKILL button is wired to AR9580 pin 9 which is normally disabled by chip definition in ath9k code (0x0000F4FF gpio mask). Therefore 'qca,gpio-mask=<0xf6ff>' hack must be used for button to work properly. 5. USB port is always on, no GPIO for 5V power control has been identified. Installation ============ * TFTP recovery * TFTP via U-boot prompt * sysupgrade * Web interface Test build configuration ======================== CONFIG_TARGET_ath79=y CONFIG_TARGET_ath79_nand=y CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr4300-v2=y CONFIG_ALL_KMODS=y CONFIG_DEVEL=y CONFIG_CCACHE=y CONFIG_COLLECT_KERNEL_DEBUG=y CONFIG_IMAGEOPT=y Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
* ath79: WNDR4300: increase kernel partition to 4MMichal Cieslakiewicz2020-01-152-6/+6
| | | | | | | | | Increase kernel partition from 2 MiB to 4 MiB for Netgear WNDR routers with NAND flash. Change affects following devices: * Netgear WNDR3700 v4 * Netgear WNDR4300 Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
* mac80211: ath9k: add GPIO mask dts propertyMichal Cieslakiewicz2020-01-151-0/+25
| | | | | | | | | | | | | | | This patch adds 'qca,gpio-mask=<u32>' device tree property to ath9k node. This optional setting is a hack and should only be used in very special (and rare) cases when a button or LED is wired to a GPIO pin normally masked out (due to being one-way etc). Netgear WNDR4300 v2 is one such example - it uses GPI9 for RFKILL. See ath9k/reg.h *_GPIO_MASK constants. Use with caution and expect to see stream of kernel warnings if wrong mask value is provided. Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
* zram-swap: support swap priorityMaxim Storchak2020-01-152-2/+4
| | | | | | | | If zram-backed swap is added after an existing swap, it gets a lower priority. Assiming that usually all other swaps are slower, there should be a way to assign a higher priority to zram swap. Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
* ath79: add support for D-Link DIR-505David Bauer2020-01-154-0/+164
| | | | | | | | | | | | | | | | | | | | | | | This commit adds support for the D-Link DIR-505, previously supported in ar71xx. Hardware -------- SoC: Atheros AR9330 FLASH: 8M SPI-NOR RAM: 64M WIFI: 1T1R 1SS Atheros AR9330 LED: Power green, Status red BTN: WPS, Reset Installation ------------ Currently, installation is only possible by sysupgrading from an earlier OpenWrt version, U-Boot TFTP or a modded U-Boot. I do not have the original bootloader from D-Link on my device anymore, so i cannot test the factory image. Signed-off-by: David Bauer <mail@david-bauer.net>
* perf: Add libunwind only if selectedRosen Penev2020-01-151-2/+2
| | | | | | | | | The depends are totally wrong. libunwind does not work with powerpc and i386 as it needs glibc. Instead of duplicating the platforms, just change the dependency. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* uhttpd: add enable instance optionFlorian Eckert2020-01-152-1/+5
| | | | | | | | With this change it is now possible to switch off single instances of the uhttpd config. Until now it was only possible to switch all instances of uhttpd on or off. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* hostapd: add wpa_strict_rekey supportKyle Copperfield2020-01-151-1/+3
| | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Rekey GTK on STA disassociate Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
* hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_requiredKyle Copperfield2020-01-152-3/+12
| | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Allows dtim_period to be configurable, the default is from hostapd. Adds additional regulatory tunables for power constraint and spectrum managment. Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
* ath79: GL-AR750S (NOR/NAND): limit factory.img kernel size to 2 MBJeff Kletsky2020-01-151-1/+4
| | | | | | | | | | | | | | | | The present U-Boot for GL-AR750S has a limit of 2 MB for kernel size. While sysupgrade can manage kernels up to the present limit of 4 MB, directly flashing a factory.img with a kernel size greater than 2 MB through U-Boot will result in an unbootable device. This commit uses the newly-introduced check-kernel-size build operation to prevent the output of factory.img when the kernel exceeds 2 MB in size, yet permits output of sysupgrade.img as long as the kernel is within KERNEL_SIZE := 4096k Cc: Chuanhong Guo <gch981213@gmail.com> Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
* build: define check-kernel-size to remove unflashable imagesJeff Kletsky2020-01-151-0/+7
| | | | | | | | | | | | | | | | | | | | | Certain boards have limitations on U-Boot that prevent flashing of images where the kernel size exceeds a threshold, yet sysupgrade can sucessfully manage larger kernels. The current check-size will remove the target artifact if its total size exceeds the threshold. If applied after append-kernel, it will remove the kernel, but the remaining image-assembly steps will continue, resulting in an image without a kernel that is likely unbootable. By defining check-kernel-size, it is now possible to prevent release of such unbootable images through a construct similar to: IMAGE/factory.img := append-kernel | pad-to $$$$(GL_UBOOT_UBI_OFFSET) | \ append-ubi | check-kernel-size $$$$(GL_UBOOT_UBI_OFFSET) Cc: Chuanhong Guo <gch981213@gmail.com> Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
* dropbear: move failsafe code out of base-filesKyle Copperfield2020-01-154-8/+11
| | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Failsafe code of dropbear should be in the dropbear package not the base-files package. Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
* busybox: Include hdparm by default on nas type deviceLinus Walleij2020-01-151-0/+3
| | | | | | | | | NAS devices certainly need to have hdparm to configure things like spin-down time or their disks will be constantly spinning. Just catenate CONFIG_HDPARM=y on these configs. Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
* ath79: wlr-7100: use ath10k-ct smallbuffers package variantTomasz Maciej Nowak2020-01-151-1/+1
| | | | | | | | The memory hacks got removed from ath10k with 1e27bef ("mac80211: remove ath10k_pci memory hacks"). As this device has low amount of RAM, switch to ath-10k-ct small buffers variant, to avoid the OOM Reaper. Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
* cryptodev-linux: remove DEFAULT redefinitionEneas U de Queiroz2020-01-151-1/+0
| | | | | | | | The 'DEFAULT:=m if ALL' line prevents the phase1 buildbots from building the package, and users from downloading it, since they use 'ALL_KMODS=y' but 'ALL' is not set. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* mac80211: fix MAC address allocations if the local bit is set on the base addrFelix Fietkau2020-01-151-1/+1
| | | | | | | If it's set, don't subtract 1 from the interface index encoded into the first byte of the address Signed-off-by: Felix Fietkau <nbd@nbd.name>
* lantiq: reorganize 02_network board.d filesAdrian Schmutzler2020-01-145-276/+378
| | | | | | | | | | This reorganizes 02_network board.d files based on what's done for ath79 and ramips: Instead of putting all settings into a single big case, the interface/dsl/MAC address setup is put into separate functions with a specific switch case for each of them. This makes grouping of devices much easier and should be easier to read, too. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* lantiq: move common DSL setup into lantiq.shAdrian Schmutzler2020-01-146-52/+20
| | | | | | | | | DSL setup consists of the same commands for all subtargets, so move it into a helper function. While at it, remove shebang from library file. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* lantiq: split base-files into subtargetsAdrian Schmutzler2020-01-1417-214/+523
| | | | | | | | | | | | | | | | | | This splits the device-dependent base-files into subtarget directories, like done recently for ath79 and ramips. While this increases the overall lines of codes, it will make the code per subtarget smaller and easier to keep track of features and devices. While at it, several variables at the top of 02_network are removed, as they were never changed. The values are put directly into the function calls where they are used. Remove unneeded LED setup from 01_leds, and remove 01_leds entirely for falcon subtarget (as it is not used there). Applies alphabetic reordering to device cases in base-files. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* valgrind: do not strip internal preload libraries and executablesJo-Philipp Wich2020-01-141-2/+20
| | | | | | | | | | Implement the suggestions laid out in README_PACKAGERS, mainly by preventing the stripping of the internal vgpreload*.so libraries. Also retain the symbol information of valgrind's private helper executables and enable LTO as suggested in the packagers readme. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: fix build for /sbin/pkg_checkXu Wang2020-01-142-3/+3
| | | | | | | | | | Setting CONFIG_IPK_FILES_CHECKSUMS=y causes sha256 checksum files to be included with the packages to check for corruption. This commit fixes two issues: - /sbin/pkg_check was being removed incorrectly if IPK_FILES_CHECKSUMS=y - checksums were being saved in the wrong file Signed-off-by: Xu Wang <xwang1498@gmx.com>
* wrt350nv2-builder: Fix memory leakAndrea Dalla Costa2020-01-141-0/+1
| | | | | | | Add missing call to `free` for variable `buffer` in function `create_bin_file`. Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
* firmware-utils/mktitanimg: fix possible resource leakAndrea Dalla Costa2020-01-141-0/+1
| | | | | | Add missing call to `fclose` for file pointer `nsp_image`. Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
* firmware-utils/mksenaofw: fix possible memory leakAndrea Dalla Costa2020-01-141-0/+2
| | | | | | Add missing calls to `free` for variable `pmodel`. Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
* firmware-utils/mkfwimage: fix possible memory and resource leakAndrea Dalla Costa2020-01-142-0/+6
| | | | | | | | | Add missing calls to `free` for variable `mem`. Add missing call to `fclose` for variable `f`. The same changes were made in both `mkfwimage.c` and `mkfwimage2.c`. Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
* firmware-utils/mkchkimg: fix possible resource leaksAndrea Dalla Costa2020-01-141-0/+8
| | | | | | | | Add missing `fclose` calls for file pointers `kern_fp`, `fs_fp` and `out_fp`. Not closing files could lead to resource leaks. Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
* firmware-utils: fix possible memory leak and resource leakAndrea Dalla Costa2020-01-141-0/+3
| | | | | | | | | | Add missing calls to `free` for variable `buffer`. This could lead to a memory leak. Add missing call to `close` for file pointer `fdin`. This could lead to a resource leak. Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
* firmware-utils/dgfirmare: fix possible resource leakAndrea Dalla Costa2020-01-141-0/+6
| | | | | | | | Add missing calls to `fclose` in functions `write_img`, `write_rootfs` and `write_kernel`. The not-closed files could lead to resource leaks. Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
* hostapd: add support for subject validationDavid Lam2020-01-142-1/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The wpa_supplicant supports certificate subject validation via the subject match(2) and altsubject_match(2) fields. domain_match(2) and domain_suffix_match(2) fields are also supported for advanced matches. This validation is especially important when connecting to access points that use PAP as the Phase 2 authentication type. Without proper validation, the user's password can be transmitted to a rogue access point in plaintext without the user's knowledge. Most organizations already require these attributes to be included to ensure that the connection from the STA and the AP is secure. Includes LuCI changes via openwrt/luci#3444. From the documentation: subject_match - Constraint for server certificate subject. This substring is matched against the subject of the authentication server certificate. If this string is set, the server sertificate is only accepted if it contains this string in the subject. The subject string is in following format: /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as .example.com subject_match2 - Constraint for server certificate subject. This field is like subject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. altsubject_match - Constraint for server certificate alt. subject. Semicolon separated string of entries to be matched against the alternative subject name of the authentication server certificate. If this string is set, the server sertificate is only accepted if it contains one of the entries in an alternative subject name extension. altSubjectName string is in following format: TYPE:VALUE Example: EMAIL:server@example.com Example: DNS:server.example.com;DNS:server2.example.com Following types are supported: EMAIL, DNS, URI altsubject_match2 - Constraint for server certificate alt. subject. This field is like altsubject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. domain_match - Constraint for server domain name. If set, this FQDN is used as a full match requirement for the server certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same full match comparison. This behavior is similar to domain_suffix_match, but has the requirement of a full match, i.e., no subdomains or wildcard matches are allowed. Case-insensitive comparison is used, so "Example.com" matches "example.com", but would not match "test.Example.com". More than one match string can be provided by using semicolons to separate the strings (e.g., example.org;example.com). When multiple strings are specified, a match with any one of the values is considered a sufficient match for the certificate, i.e., the conditions are ORed together. domain_match2 - Constraint for server domain name. This field is like domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. domain_suffix_match - Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for the AAA server certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison. Suffix match here means that the host/domain name is compared one label at a time starting from the top-level domain and all the labels in domain_suffix_match shall be included in the certificate. The certificate may include additional sub-level labels in addition to the required labels. More than one match string can be provided by using semicolons to separate the strings (e.g., example.org;example.com). When multiple strings are specified, a match with any one of the values is considered a sufficient match for the certificate, i.e., the conditions are ORed together. For example, domain_suffix_match=example.com would match test.example.com but would not match test-example.com. This field is like domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. domain_suffix_match2 - Constraint for server domain name. This field is like domain_suffix_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Signed-off-by: David Lam <david@thedavid.net>
* netfilter: package required kmods for nftablesJo-Philipp Wich2020-01-141-13/+15
| | | | | | | | | | | | | Package new kmods "nf_tables_set" and "nft_objref" which got introduced with kernel 4.18 and restrict the old "nft_set_rbtree" and "nft_set_hash" modules to sub-4.18 versions. Also reorder the nftables related netfilter.mk entries alphabetically while touching this code section. Fixes: FS#2699 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2699#comment7450 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mac80211: fix list_phy_interfaces for multiple wiphys on the same deviceFelix Fietkau2020-01-141-1/+10
| | | | | | | Network interfaces are looked up based on the device behind a phy, so the phy needs to be checked separately Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix a page refcounting issue leading to leaks/crashes in rx A-MSDU ↵Felix Fietkau2020-01-141-0/+25
| | | | | | decap Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix sta TID stats leak on a few nl80211 callsFelix Fietkau2020-01-142-0/+43
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: renumber subsys patches accepted upstreamFelix Fietkau2020-01-144-0/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mediatek: split base-files into subtargetsAdrian Schmutzler2020-01-146-27/+81
| | | | | | | | | | | | | | | This splits some base-files across subtargets, as done previously on ath79 and ramips and also introduced for mt7629 subtarget here already. Most of the existing base-files content is specific to mt7623. While at it, apply the following fixes: - Remove lots of trailing whitespaces - Remove wildcard on unielec,u7623-02-emmc-512m - Remove inconsistent quotation marks in cases Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Acked-by: John Crispin <john@phrozen.org>
* ipq40xx: add support for Aruba AP-303HDavid Bauer2020-01-146-3/+443
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Aruba AP-303H is the hospitality version of the Aruba AP-303 with a POE-passthrough enabled ethernet switch instead of a sigle PHY. Hardware -------- SoC: Qualcomm IPQ4029 RAM: 512M DDR3 FLASH: - 128MB SPI-NAND (Macronix) - 4MB SPI-NOR (Macronix MX25R3235F) TPM: Atmel AT97SC3203 BLE: Texas Instruments CC2540T attached to ttyMSM1 ETH: Qualcomm QCA8075 LED: WiFi (amber / green) System (red / green /amber) PSE (green) BTN: Reset USB: USB 2.0 To connect to the serial console, you can solder to the labled pads next to the USB port or use your Aruba supplied UARt adapter. Do NOT plug a standard USB cable into the Console labled USB-port! Aruba/HPE simply put UART on the micro-USB pins. You can solder yourself an adapter cable: VCC - NC D+ - TX D- - RX GND - GND The console setting in bootloader and OS is 9600 8N1. Voltage level is 3.3V. To enable a full list of commands in the U-Boot "help" command, execute the literal "diag" command. Installation ------------ 1. Get the OpenWrt initramfs image. Rename it to ipq40xx.ari and put it into the TFTP server root directory. Configure the TFTP server to be reachable at 192.168.1.75/24. Connect the machine running the TFTP server to the E0 (!) ethernet port of the access point, as it only tries to pull from the WAN port. 2. Connect to the serial console. Interrupt autobooting by pressing Enter when prompted. 3. Configure the bootargs and bootcmd for OpenWrt. $ setenv bootargs_openwrt "setenv bootargs console=ttyMSM0,9600n8" $ setenv nandboot_openwrt "run bootargs_openwrt; ubi part aos1; ubi read 0x85000000 kernel; set fdt_high 0x87000000; bootm 0x85000000" $ setenv ramboot_openwrt "run bootargs_openwrt; setenv ipaddr 192.168.1.105; setenv serverip 192.168.1.75; netget; set fdt_high 0x87000000; bootm" $ setenv bootcmd "run nandboot_openwrt" $ saveenv 4. Load OpenWrt into RAM: $ run ramboot_openwrt 5. After OpenWrt booted, transfer the OpenWrt sysupgrade image to the /tmp folder on the device. You will need to plug into E1-E3 ports of the access point to reach OpenWrt, as E0 is the WAN port of the device. 6. Flash OpenWrt: $ ubidetach -p /dev/mtd16 $ ubiformat /dev/mtd16 $ sysupgrade -n /tmp/openwrt-sysupgrade.bin To go back to the stock firmware, simply reset the bootcmd in the bootloader to the original value: $ setenv bootcmd "boot" $ saveenv Signed-off-by: David Bauer <mail@david-bauer.net>
* ath79: add support for Ubiquiti EdgeSwitch/ToughSwitch 5XPTobias Schramm2020-01-143-0/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Ubiquiti ToughSwitch 5XP is a 5-port PoE Gigabit switch with a single Fast-Ethernet management port. It supports both 24V passive PoE out on all five ports. Flash: 8 MB RAM: 64 MB SoC: AR7242 Switch: ar8327 USB: 1x USB 2.0 Ethernet: 5x GbE, 1x FE Installation of the firmware is possible either via serial + tftpboot or the factory firmware update function via webinterface. By default the single Fast-Ethernet port labeled "MGMT" is configured as the WAN port. Thus access to the device is only possible via the five switch ports. Serial: 3v3 115200 8n1 The serial header is located in the lower left corner of the switches PCB: ``` | | | | o | o RX | o TX | o GND | | ++ +-++-+ ++ ++ + +--+ ++ +--++--++--+ ``` Signed-off-by: Tobias Schramm <tobleminer@gmail.com> [remove ubnt,sw compatible - fix spelling - wrap commit message - remove superfluous phy-mode property] Signed-off-by: David Bauer <mail@david-bauer.net>
* ath79: add generic dtsi for Ubiquiti SW boardsTobias Schramm2020-01-142-133/+143
| | | | | | Signed-off-by: Tobias Schramm <tobleminer@gmail.com> [remove ubnt,sw compatible] Signed-off-by: David Bauer <mail@david-bauer.net>
* ramips: mt7621: disable images for gehua_ghl-r-001Petr Štetiar2020-01-141-0/+1
| | | | | | | | | | This device OOPs during the boot due to broken flash. It can be probably fixed with `broken-flash-reset` once ramips is on 4.19 kernel. So disable images for this device until its fixed. Ref: FS#2695, PR#2483 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* base-files: use jshn lib for ubus sysupgrade argument generationFlorian Eckert2020-01-141-14/+11
| | | | | | | | With this change the well known jshn library will be used, to build the json arguments for the ubus sysupgrade method. This is also used in all other shell program that uses JSON. This commit unifies that. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* rpcd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | This activates PIE ASLR support by default when the regular option is selected. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* odhcpd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: odhcpd-ipv6only Installed-Size: 36821 -> 38216 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: procd Installed-Size: 44931 -> 47362 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ubus: activate PIE ASLR by defaultPetr Štetiar2020-01-141-1/+2
| | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: ubus Installed-Size: 5602 -> 5950 ubusd Installed-Size: 11643 -> 12119 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uhttpd: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 39% uncompressed and 21% compressed on MIPS BE. old: 33,189 /usr/sbin/uhttpd 23,016 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk new: 46,212 /usr/sbin/uhttpd 27,979 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* hostapd: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 26% uncompressed and 16% compressed on MIPS BE. old: 460,933 /usr/sbin/wpad 283,891 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk new: 584,508 /usr/sbin/wpad 330,281 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* dropbear: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 18% uncompressed and 17% compressed on MIPS BE. old: 164,261 /usr/sbin/dropbear 85,648 dropbear_2019.78-2_mips_24kc.ipk new: 194,492 /usr/sbin/dropbear 100,309 dropbear_2019.78-2_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>