aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* libubox: update to git HEADDaniel Golle2021-03-021-3/+3
| | | | | | 2e52c7e libubox: fix BLOBMSG_CAST_INT64 (do not override BLOBMSG_TYPE_DOUBLE) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: bpi-r64: make sure eMMC installation runs only onceDaniel Golle2021-03-021-3/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: bpi-r64: fix eMMC installation menu labelDaniel Golle2021-03-011-1/+1
| | | | | | Change boot menu label for eMMC installation to tell what it does now. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mediatek: mt7622: bpi-r64: simplify eMMC install procedureDaniel Golle2021-03-011-6/+10
| | | | | | | | Write everything needed for eMMC install into the gaps between partitions on SD card. In that way, installation to eMMC only needs the SD card, no additional files need to be loaded via TFTP any more. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* treewide: fix spelling 'seperate' -> 'separate'Daniel Golle2021-02-283-4/+4
| | | | | | | This popular spelling mistake was also introduced by myself lately. Fix it everywhere. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: P2P: Fix a corner case in peer addition based on PD RequestStefan Lippers-Hollmann2021-03-011-0/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | p2p_add_device() may remove the oldest entry if there is no room in the peer table for a new peer. This would result in any pointer to that removed entry becoming stale. A corner case with an invalid PD Request frame could result in such a case ending up using (read+write) freed memory. This could only by triggered when the peer table has reached its maximum size and the PD Request frame is received from the P2P Device Address of the oldest remaining entry and the frame has incorrect P2P Device Address in the payload. Fix this by fetching the dev pointer again after having called p2p_add_device() so that the stale pointer cannot be used. This fixes the following security vulnerabilities/bugs: - CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
* igmpproxy: update to version 0.3Jan Pavlinec2021-03-011-11/+3
| | | | | | | | | Changes: - Remove custom Build/Compile because it's no longer needed - Remove std=gnu99 which is added automaticaly by igmpproxy if needed - Remove -Dlog from CFLAGS because igmpproxy doesn't have log function Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* libunwind: Add MIPS64 dep checkDonald Hoskins2021-03-011-1/+1
| | | | | | | | | | | libunwind dependency check does not allow for MIPS64 arch. Add MIPS64 awareness. libunwind seems to support MIPS64 without issues, it was limited by the dep arch check in the Makefile. Used to compile Suricata6/Rust locally without issue. Signed-off-by: Donald Hoskins <grommish@gmail.com>
* uboot-sunxi: add missing type __u64Georgi Valkov2021-03-011-0/+10
| | | | | | | | | | | | | | | Non Linux systems e.g. macOS lack the __u64 type and produce build errors: In file included from tools/aisimage.c:9: In file included from include/image.h:19: In file included from ./arch/arm/include/asm/byteorder.h:29: In file included from include/linux/byteorder/little_endian.h:13: include/linux/types.h:146:9: error: unknown type name '__u64'; did you mean '__s64'? typedef __u64 __bitwise __le64; Resolved by declaring __u64 in include/linux/types.h Build tested on macOS and Ubuntu. Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
* bpftools: update to latest stable 5.11.2Tony Ambardar2021-03-012-7/+2
| | | | | | | Compile and run-tested on malta/mip32be, using bpftool directly and also libbpf (linked with tc) to inspect and load simple eBPF programs. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: update to 5.11.0Tony Ambardar2021-03-0111-29/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The latest iproute2 version brings various improvements and fixes: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0 In particular, ip and tc now use libbpf as the standard way to load BPF programs, rather than the old, limited custom loader. This allows more consistent and featureful BPF program handling e.g. support for global initialized variables. Also fix a longstanding problem with iproute2 builds where unneeded DSO dependencies are added to most utilities, bloating their installation footprint. From research and testing, explicitly using a "--as-needed" linker flag avoids the issue. Update accordingly and drop extra package dependencies from Makefile. Additional build and packaging updates include: - install missing development header to iproute2/bpf_elf.h - propagate OpenWrt verbose flag during build - update and refresh patches Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10. All iproute2 packages were built and installed to the test image. Some regression testing using ip-full and tc was successfully performed to exercise several kmods, tc modules, and simple BPF programs. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* libpcap: update to 1.10.0Rosen Penev2021-03-017-109/+73
| | | | | | | | | | | | | | | | | | | | | Simplify cmake option handling by putting everything in blocks. Add openssl patch as there's no easy way to disable. Rebase the skip manpages patch. Remove the monitor mode patch as it no longer applies. Remove flex patch as normal Makefile is no longer used. Remove USB path patch. While it is deprecated, the codepath is never taken. /sys/bus/usb/devices is checked before hand. If it exists, the function does stuff and returns. Additionally, this path is used elsewhere in the code. Refresh other patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* kernel/zram: remove obsolete symbolRui Salvaterra2021-03-011-1/+0
| | | | | | | | | Zsmalloc page table mappings are dead and gone [1]. Drop the respective kconfig symbol. [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=69dc72f058c9b98f9b66bed184cfab7c2e9f49b0 Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* busybox: sysntpd: option to bind server to ifaceAlexey Dobrovolsky2021-03-011-2/+10
| | | | | | | | | | | NTPD in busybox has option -I to bind server to IFACE. However, capabilities of the busybox are limited, the -I option cannot be repeated and only one interface can be effectively specified in it. This option is currently not configurable via UCI. The patch adds an interface option to the system config, ntp section. Also sort options for uci_load_validate alphabetically. Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
* uboot-envtools: adjust compile patch to version v2021.01Ronny Kotzschmar2021-03-011-2/+2
| | | | | | | with u-boot v2020.07 some variables have been renamed so this patch needs to be adjusted otherwise at least with macOS as build system there are build errors Signed-off-by: Ronny Kotzschmar <ro.ok@me.com>
* lantiq: ltq-tapi: disable KPI and QOSMathias Kresin2021-03-011-2/+2
| | | | | | | | | | The QOS feature depends on KPI2UDP which was removed from the tree with commit a95775e4b2a9 ("drop unmaintained packages") in 2012. Since QOS was the last user of the KPI, the feature can be disabled by default. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ltq-vdsl-app: fix -Wundef warningsMathias Kresin2021-03-012-3/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | The following warnings are shown during build: /usr/include/vdsl/cmv_message_format.h:33:6: warning: "MEI_SUPPORT_DEBUG_STREAMS" is not defined, evaluates to 0 [-Wundef] #if (MEI_SUPPORT_DEBUG_STREAMS == 1) ^~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/vdsl/drv_mei_cpe_interface.h:2256:6: warning: "MEI_SUPPORT_OPTIMIZED_FW_DL" is not defined, evaluates to 0 [-Wundef] #if (MEI_SUPPORT_OPTIMIZED_FW_DL == 1) ^~~~~~~~~~~~~~~~~~~~~~~~~~~ The headers are provided by the MEI driver, but the defines are never set by the vdsl app. While the struct with the MEI_SUPPORT_OPTIMIZED_FW_DL conditional isn't used by the vdsl app, however CMV_USED_PAYLOAD_8BIT_SIZE which value depends on MEI_SUPPORT_DEBUG_STREAMS is. Since the MEI driver doesn't provide an autogenerated header with compile flags, the flags are hardcoded for the vdsl app. Set them for the MEI driver as well, to indicate a relation to the values used for the vdsl app and to be not surprised by a changed default in case the MEI driver gets updated. Use the current default values defined in the MEI driver. Signed-off-by: Mathias Kresin <dev@kresin.me>
* selinux-policy: update to version 0.7Daniel Golle2021-02-281-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a857b45 resolv/locale: eventually this should be more efficient 11ed281 some more optimization 764a475 add redundant calls to file.search_conffile_dirs() 7d4558e fs: treat devtmpfs that same as tmpfs 81b677e adds irqbalance skeleton 5506244 irqbalance rules cc96cd8 adds usbutil and gtpfdisk skels 01e2a55 some fsck, gptfdisk, mkfs and usbutil rules d6d1e7d usbutil: output to terminal da576fa fsck, gptfdisk and usbutil rules 09b39e9 unbound 241a029 hotplugcall: allow dac_read_search (is a subset of dac_override) af0fe90 adds label for tcsh 160f79e adds tcpdump 6d02b96 adds coreutil execfile for busybox alternatives ac54884 coreutilexecfile: these are known to require privileges, so exclude 8cb3b66 adds chrootexecfile 6d329d3 this saves 9KiB and its a bit more robust 88e2425 move addpart/delpart/partx to gptfdisk.cil 261012d ntphotplug: reads ubox data files 0473ace various 740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10) bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31 cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes 07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all) 8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap b8156cd adds a note about how i forgot to target blockd 6e82ab8 adds blockd and related 254ff43 Makefile: exclude blockd from mintesttgt 4dc6bc2 pppd update related and unbound-odhcp rules Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-envtools: add defaults for Bananapi BPi-R64Daniel Golle2021-02-281-0/+7
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mt7623n-preloader: remove mt7622-preloaderDaniel Golle2021-02-281-14/+0
| | | | | | mt7622-preloader has been superseeded by arm-trusted-firmware-mediatek. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: rework support for Bananapi BPi-R64 boardDaniel Golle2021-02-284-3/+608
| | | | | | | | | | | | | | Provide U-Boot variants for SD-card as well as eMMC boot, so we can generate whole-disk images for the device. While at it, rename 'mt7622' to 'mt7622-rfb1' to make it less confusing now that more boards are being added. Thanks to Frank Wunderlich (@frank-w) for making that nice SVG image explaining the MMC boot process[1] and for providing the necessary binary header blobs. [1]: https://github.com/frank-w/BPI-R64-ATF Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-envtools: add defaults for linksys-e8450-ubiDaniel Golle2021-02-281-0/+25
| | | | | | | | Add U-Boot environment configuration for the Linksys E8450 (UBI) to allow access to the bootloader environment from OpenWrt via 'fw_printenv' and 'fw_setenv'. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: add support for Linksys E8450Daniel Golle2021-02-2813-160/+713
| | | | | | | | | | | | | | | | | | | | | Build U-Boot for the Linksys E8450 in order to have support for UBI. The loader has a default environment with scripts handling the reset button as well as fall-back to recovery firmware. If the loader comes up without a valid environment found in UBI, it will automatically make sure UBI is formatted and create a new environment and proceed to load recovery firmware (either from UBI or via TFTP if recovery is corrupted or unavailable). If the button is held down during power-on, the yellow status LED turns on and the bootloader environment is reset to factory defaults. If the button is released at this point, the recovery firmware (if existing) is loaded from UBI and booted. If the button is continously held down even beyond the point that the yellow LED turned on, the loader will try to load the recovery firmware via TFTP from server 192.168.1.254, write it to UBI and boot. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* arm-trusted-firmware-mediatek: add patch for Fidelix SPI NANDDaniel Golle2021-02-281-0/+24
| | | | | | | | The Linksys E8450 aka. Belkin RT3200 comes with a rather fresh brand of SPI NAND storage. Add support for it to the nandx driver in arm-trusted-firmware-mediatek, so we can boot from that chip. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: add support for restoring config from tmpfsDaniel Golle2021-02-281-2/+3
| | | | | | | | Instead of only relying in /sysupgrade.tgz being present in rootfs to restore configuration, also grab /tmp/sysupgrade.tar which may have magically gotten there during preinit... Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-02-281-4/+4
| | | | | | bad1835 fstools: add partname volume driver Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* kernel: no chacha-mips.ko on mips32 r1 targetsIlya Lipnitskiy2021-02-271-2/+5
| | | | | | | | | | | | | CHACHA_MIPS depends on CPU_MIPS32_R2. Therefore, kmod-crypto-lib-chacha20 should not contain chacha-mips.ko on MIPS32 R1 targets. Enforce that in the target-specific definition. Fixes bcm47xx, bcm63xx, lantiq/ase, ath25 builds. Fixes: 06351f1 ("kernel: migrate wireguard into the kernel tree") Cc: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard-tools: depend on kmod-wireguardIlya Lipnitskiy2021-02-261-1/+4
| | | | | | | | | | | | | | | To the vast majority of the users, wireguard-tools are not useful without the underlying kernel module. The cornercase of only generating keys and not using the secure tunnel is something that won't be done on an embedded OpenWrt system often. On the other hand, maintaining a separate meta-package only for this use case introduces extra complexity. WireGuard changes for Linux 5.10 remove the meta-package. So let's make wireguard-tools depend on kmod-wireguard to make WireGuard easier to use without having to install multiple packages. Fixes: ea980fb9 ("wireguard: bump to 20191226") Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
* kernel: fix kmod-wireguard package fieldsIlya Lipnitskiy2021-02-261-4/+2
| | | | | | | | | Use NETWORK_SUPPORT_MENU like all other modules in netsupport.mk. Drop SECTION and CATEGORY fields as they are set by default and to match other packages in netsupport.mk. Use better TITLE for kmod-wireguard (taken from upstream drivers/net/Kconfig). Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
* wireguard-tools: bump to 1.0.20210223Jason A. Donenfeld2021-02-261-2/+2
| | | | | | Simple version bump with accumulated fixes. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* kernel: migrate wireguard into the kernel treeIlya Lipnitskiy2021-02-263-89/+181
| | | | | | | | | | On Linux 5.4, build WireGuard from backports. Linux 5.10 contains wireguard in-tree. Add in-kernel crypto libraries required by WireGuard along with arch-specific optimizations. Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
* download: add mirror alias for DebianDavid Bauer2021-02-263-3/+3
| | | | | | | Add an alias for Debian packages and download them from the Debian mirror redirector. Signed-off-by: David Bauer <mail@david-bauer.net>
* ramips: add support for ZTE MF283+Lech Perczak2021-02-261-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ZTE MF283+ is a dual-antenna LTE category 4 router, based on Ralink RT3352 SoC, and built-in ZTE P685M PCIe MiniCard LTE modem. Hardware highlighs: - CPU: MIPS24KEc at 400MHz, - RAM: 64MB DDR2, - Flash: 16MB SPI, - Ethernet: 4 10/100M port switch with VLAN support, - Wireless: Dual-stream 802.11n (RT2860), with two internal antennas, - WWAN: Built-in ZTE P685M modem, with two internal antennas and two switching SMA connectors for external antennas, - FXS: Single ATA, with two connectors marked PHONE1 and PHONE2, internally wired in parallel by 0-Ohm resistors, handled entirely by internal WWAN modem. - USB: internal miniPCIe slot for modem, unpopulated USB A connector on PCB. - SIM slot for the WWAN modem. - UART connector for the console (unpopulated) at 3.3V, pinout: 1: VCC, 2: TXD, 3: RXD, 4: GND, settings: 57600-8-N-1. - LEDs: Power (fixed), WLAN, WWAN (RGB), phone (bicolor, controlled by modem), Signal, 4 link/act LEDs for LAN1-4. - Buttons: WPS, reset. Installation: As the modem is, for most of the time, provided by carriers, there is no possibility to flash through web interface, only built-in FOTA update and TFTP recovery are supported. There are two installation methods: (1) Using serial console and initramfs-kernel - recommended, as it allows you to back up original firmware, or (2) Using TFTP recovery - does not require disassembly. (1) Using serial console: To install OpenWrt, one needs to disassemble the router and flash it via TFTP by using serial console: - Locate unpopulated 4-pin header on the top of the board, near buttons. - Connect UART adapter to the connector. Use 3.3V voltage level only, omit VCC connection. Pin 1 (VCC) is marked by square pad. - Put your initramfs-kernel image in TFTP server directory. - Power-up the device. - Press "1" to load initramfs image to RAM. - Enter IP address chosen for the device (defaults to 192.168.0.1). - Enter TFTP server IP address (defaults to 192.168.0.22). - Enter image filename as put inside TFTP server - something short, like firmware.bin is recommended. - Hit enter to load the image. U-boot will store above values in persistent environment for next installation. - If you ever might want to return to vendor firmware, BACK UP CONTENTS OF YOUR FLASH NOW. For this router, commonly used by mobile networks, plain vendor images are not officially available. To do so, copy contents of each /dev/mtd[0-3], "firmware" - mtd3 being the most important, and copy them over network to your PC. But in case anything goes wrong, PLEASE do back up ALL OF THEM. - From under OpenWrt just booted, load the sysupgrade image to tmpfs, and execute sysupgrade. (2) Using TFTP recovery - Set your host IP to 192.168.0.22 - for example using: sudo ip addr add 192.168.0.22/24 dev <interface> - Set up a TFTP server on your machine - Put the sysupgrade image in TFTP server root named as 'root_uImage' (no quotes), for example using tftpd: cp openwrt-ramips-rt305x-zte_mf283plus-squashfs-sysupgrade.bin /srv/tftp/root_uImage - Power on the router holding BOTH Reset and WPS buttons held for around 5 seconds, until after WWAN and Signal LEDs blink. - Wait for OpenWrt to start booting up, this should take around a minute. Return to original firmware: Here, again there are two possibilities are possible, just like for installation: (1) Using initramfs-kernel image and serial console (2) Using TFTP recovery (1) Using initramfs-kernel image and serial console - Boot OpenWrt initramfs-kernel image via TFTP the same as for installation. - Copy over the backed up "firmware.bin" image of "mtd3" to /tmp/ - Use "mtd write /tmp/firmware.bin /dev/mtd3", where firmware.bin is your backup taken before OpenWrt installation, and /dev/mtd3 is the "firmware" partition. (2) Using TFTP recovery - Follow the same steps as for installation, but replacing 'root_uImage' with firmware backup you took during installation, or by vendor firmware obtained elsewhere. A few quirks of the device, noted from my instance: - Wired and wireless MAC addresses written in flash are the same, despite being in separate locations. - Power LED is hardwired to 3.3V, so there is no status LED per se, and WLAN LED is controlled by WLAN driver, so I had to hijack 3G/4G LED for status - original firmware also does this in bootup. - FXS subsystem and its LED is controlled by the modem, so it work independently of OpenWrt. Tested to work even before OpenWrt booted. I managed to open up modem's shell via ADB, and found from its kernel logs, that FXS and its LED is indeed controlled by modem. - While finding LEDs, I had no GPL source drop from ZTE, so I had to probe for each and every one of them manually, so this might not be complete - it looks like bicolor LED is used for FXS, possibly to support dual-ported variant in other device sharing the PCB. - Flash performance is very low, despite enabling 50MHz clock and fast read command, due to using 4k sectors throughout the target. I decided to keep it at the moment, to avoid breaking existing devices - I identified one potentially affected, should this be limited to under 4MB of Flash. The difference between sysupgrade durations is whopping 3min vs 8min, so this is worth pursuing. In vendor firmware, WWAN LED behaviour is as follows, citing the manual: - red - no registration, - green - 3G, - blue - 4G. Blinking indicates activity, so netdev trigger mapped from wwan0 to blue:wwan looks reasonable at the moment, for full replacement, a script similar to "rssileds" would need to be developed. Behaviour of "Signal LED" in vendor firmware is as follows: - Off - no signal, - Blinking - poor coverage - Solid - good coverage. A few more details on the built-in LTE modem: Modem is not fully supported upstream in Linux - only two CDC ports (DIAG and one for QMI) probe. I sent patches upstream to add required device IDs for full support. The mapping of USB functions is as follows: - CDC (QCDM) - dedicated to comunicating with proprietary Qualcomm tools. - CDC (PCUI) - not supported by upstream 'option' driver yet. Patch submitted upstream. - CDC (Modem) - Exactly the same as above - QMI - A patch is sent upstream to add device ID, with that in place, uqmi did connect successfully, once I selected correct PDP context type for my SIM (IPv4-only, not default IPv4v6). - ADB - self-explanatory, one can access the ADB shell with a device ID added to 51-android.rules like so: SUBSYSTEM!="usb", GOTO="android_usb_rules_end" LABEL="android_usb_rules_begin" SUBSYSTEM=="usb", ATTR{idVendor}=="19d2", ATTR{idProduct}=="1275", ENV{adb_user}="yes" ENV{adb_user}=="yes", MODE="0660", GROUP="plugdev", TAG+="uaccess" LABEL="android_usb_rules_end" While not really needed in OpenWrt, it might come useful if one decides to move the modem to their PC to hack it further, insides seem to be pretty interesting. ADB also works well from within OpenWrt without that. O course it isn't needed for normal operation, so I left it out of DEVICE_PACKAGES. Signed-off-by: Lech Perczak <lech.perczak@gmail.com> [remove kmod-usb-ledtrig-usbport, take merged upstream patches] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* rtl8812au-ct: fix PKG_MIRROR_HASHDavid Bauer2021-02-241-1/+1
| | | | Signed-off-by: David Bauer <mail@david-bauer.net>
* arm-trusted-firmware-mediatek: correct location of PKG_LICENSEDaniel Golle2021-02-241-1/+2
| | | | | | | | | As PKG_LICENSE is originally set by include/trusted-firmware-a.mk it can only be appended after that. Hence move that line below the include to actually make sense. (cosmetical change, already slipped into openwrt-21.02 branch) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* imx-bootlets: refresh patchesAdrian Schmutzler2021-02-243-32/+25
| | | | | | Tidy this up a little. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* zlib: properly split patchesAdrian Schmutzler2021-02-244-502/+501
| | | | | | | | | | This package had two patches (with two headers etc.) in one file, which would have quilt merging them during a refresh. Separate these patches into two files, as the original intent seems to be having them separate. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* base-files: remove unneeded '$' signs in nand.shDaniel Golle2021-02-241-2/+2
| | | | | | | When using Shell arithmetric evaluation via $((..)) the variables in the expression do not need to be prefixed by the '$' sign. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* sysupgrade-nand: allow limiting rootfs_data by setting env variableDaniel Golle2021-02-241-4/+16
| | | | | | | | | | | | | | | | | Check if firmware environment variable 'rootfs_data_max' exists and is set to a numerical value greater than 0. If so, limit rootfs_data volume to that size instead of using the maximum available size. This is useful on devices with lots of flash where users may want to have eg. a volume for persistent logs and statistics or for external applications/containers. Persistence on rootfs overlay is limited by the size of memory available during the sysugprade process as that data needs to be copied to RAM while the volume is being recreated during sysupgrade. Hence it is unsuitable for keeping larger amounts of data accross upgrade which makes additional volume(s) for application data desirable. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* image: add support for building FIT image with filesystemDaniel Golle2021-02-241-37/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow for single (external-data) FIT image to hold kernel, dtb and squashfs. In that way, the bootloader verifies the system integrity including the rootfs, because what's the point of checking that the hash of the kernel is correct if it won't boot in case of squashfs being corrupted? Better allow bootloader to check everything needed to make it at least up to failsafe mode. As a positive side effect this change also makes the sysupgrade process on nand potentially much easier as it is now. In short: mkimage has a parameter '-E' which allows generating FIT images with 'external' data rather than embedding the data into the device-tree blob itself. In this way, the FIT structure itself remains small and can be parsed easily (rather than having to page around megabytes of image content). This patch makes use of that and adds support for adding sub-images of type 'filesystem' which are used to store the squashfs. Now U-Boot can verify the whole OS and the new partition parsers added in the Linux kernel can detect the filesystem sub-images, create partitions for them, and select the active rootfs volume based on the configuration in FIT (passing configuration via device tree could be implemented easily at a later stage). This new FIT partition parser works for NOR flash (on top of mtdblock), NAND flash (on top of ubiblock) as well as classic block devices (ie. eMMC, SDcard, SATA, NVME, ...). It could even be used to mount such FIT images via `losetup -P` on a user PC if this patch gets included in Linux upstream one day ;) Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* pcre: disable C++ bindingsRosen Penev2021-02-241-18/+3
| | | | | | Nothing uses them. Allows to simplify the Makefile. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ppp: Update to version 2.4.9Hauke Mehrtens2021-02-2431-891/+226
| | | | | | | | | | | | | | | | | | | | | | | | Upstream integrated multiple patches from Distributions and did other changes: * rp-pppoe.so was renamed to pppoe.so * Converted to ANSI C The following patches were applied upstream: * 100-debian_ip-ip_option.patch * 101-debian_close_dev_ppp.patch * 103-debian_fix_link_pidfile.patch * 106-debian_stripMSdomain.patch * 107-debian_pppoatm_wildcard.patch * 110-debian_defaultroute.patch * 202-no_strip.patch Compilation with musl libc was fixed upstream so 140-pppoe_compile_fix.patch is not needed any more Parts of the 203-opt_flags.patch patch were applied in a different way upstream. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: always build with GOST engine supportEneas U de Queiroz2021-02-233-18/+19
| | | | | | | | | | | | | | The packages feed has a proposed package for a GOST engine, which needs support from the main openssl library. It is a default option in OpenSSL. All that needs to be done here is to not disable it. Package increases by a net 1-byte, so it is not really really worth keeping this optional. This commit also includes a commented-out example engine configuration in openssl.cnf, as it is done for other available engines. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* uboot-envtools: add support for ZyXEL GS-1900-8HP v1 and v2Stijn Segers2021-02-231-0/+2
| | | | | | This adds the necessary nuts and bolts for the uboot settings for both the ZyXEL GS1900-8HP v1 and v2. Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* wolfssl: bump to v4.7.0-stableEneas U de Queiroz2021-02-235-92/+4
| | | | | | | | | | | | | | Biggest fix for this version is CVE-2021-3336, which has already been applied here. There are a couple of low severity security bug fixes as well. Three patches are no longer needed, and were removed; the one remaining was refreshed. This tool shows no ABI changes: https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wireguard: don't build on Linux 5.10Ilya Lipnitskiy2021-02-231-2/+2
| | | | | | | | | | | | There are efforts underway to bring wireguard in-tree for Linux 5.4 and to have a common build infrastructure for both 5.4 and 5.10 for kmod-wireguard[0]. Until then, restrict kmod-wireguard to build only on Linux 5.4, because the wireguard-compat package will not build on Linux 5.10. [0]: https://github.com/openwrt/openwrt/pull/3885 Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
* kernel: 5.10: fix kmod build failuresIlya Lipnitskiy2021-02-236-16/+44
| | | | | | | | | | Modify existing modules to reflect their new location in Linux 5.10. Add missing dependenices. Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> [enable CRYPTO_USER_API_ENABLE_OBSOLETE; add kmod-crypto-hash dependency to usb-net-rtl8152] Signed-off-by: David Bauer <mail@david-bauer.net>
* kernel: 5.10: fix rtl8812au-ct buildIlya Lipnitskiy2021-02-232-16/+9
| | | | | | | | Pull in upstream: https://github.com/greearb/rtl8812AU_8821AU_linux/commit/c8d243936fed0c5fe1d77a06b36d26f41c8c46f4 https://github.com/greearb/rtl8812AU_8821AU_linux/commit/1e9689c89fa627d2d764ba0e8359fd444fe8458f Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
* arm-trusted-firmware-mediatek: use @OPENWRT mirror for blobsDaniel Golle2021-02-231-1/+1
| | | | | | | Now that mirrors have picked it up, switch to using the @OPENWRT mirror instead of hosting those files on Github. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-02-231-3/+3
| | | | | | | 2be57ed cosmetics: provide compatible system info on Aarch64 37eed13 system: expose if system was booted from initramfs Signed-off-by: Daniel Golle <daniel@makrotopia.org>