Instead of using INSTALL_SUID use the more flexible PKG_FILE_MODES
variable withn the Makefile to set the SUID bit.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The `ipkg-build` script converts a folder into a `opkg` installable
package. Until now it would use root:root for all packages and try to
preserve file modes.
This has the two drawbacks of packages want to add non-root files or add
SUID files, like the `sudo` package does.
To give more flexibility regarding file modes and avoid init script
hacks, a new variable called `PKG_FILE_MODES`. The variable contains a
list of files modes in the format `path:owner:group:mode`.
An example for the `sudo` package below:
```
PKG_FILE_MODES:=\
/usr/bin/sudo:root:root:4755 \
/etc/sudoers:root:root:0440
```
The `ipkg-build` now runs within a fakeroot environment to set any mode
and directly store it in the resulting `ipk` package archive.
Both options `-o` and `-g` are no longer required due to the introduction
of the more flexible `-m` options, which takes the `PKG_FILE_MODES` as
input.
Lastly the option `-c` is removed as it's unused within the script.
Signed-off-by: Paul Spooren <mail@aparcar.org>
4318ab1 opkg: allow to configure the path to the signature verification script
cf44c2f libopkg: fix compiler warning
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Two versions of `px5g` exists without sharing code. For clarification
rename the previously existing MbedTLS based version to `px5g-mbedtls`
to exists next to `px5g-wolfssl`.
Rename code file of MbedTLS from `px5g.c` to `px5g-mbedtls.c`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This package creates certificates and private keys, just like `px5g`
does. Hower it uses WolfSSL rather than MbedTLS.
Signed-off-by: Paul Spooren <mail@aparcar.org>
As the package curl has been moved to packages.git and only libcurl
depends on libnghttps move it as well to packages.git.
This is based on the Hamburg 2019 decision that non essential packages
should move outside base.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 2.20200229, adjust Makefile, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, use ALTERNATIVES, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
This adds a number of options to config/Config-kernel.in so that
packages related to SELinux support can enable the appropriate Linux
kernel support.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase; add ext4, F2FS, UBIFS, and JFFS2 support; add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
SELinux uses extended attributes to store SELinux security contexts.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
This allows the build process to prepare a squashfs filesystem for use
with SELinux.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
lzma-old host package is required for building ath79 images, as
mksquashfs-lzma is required for generating netgear images.
Fixes commit 4e4ee4649553 ("ar71xx: drop target")
Signed-off-by: David Bauer <mail@david-bauer.net>
The kernel has become too big again for the ar9344-based TP-Link
CPE/WBS devices which still have no firmware-partition splitter.
Current buildbots produce a kernel size of about 2469 kiB, while
the partition is only 2048 kiB (0x200000). Therefore, increase it
to 0x300000 to provide enough room for this and, hopefully, the
next kernel.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This target has been mostly replaced by ath79 and won't be included
in the upcoming release anymore. Finally put it to rest.
This also removes all references in packages, tools, etc. as well as
the uboot-ar71xx and vsc73x5-ucode packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
In a multi-wan setup, netifd may need guidance on which wan device to
use to create the route to the remote peer.
This commit adds a 'tunlink' option similar to other tunneling interfaces
such as 6in4, 6rd, gre, etc.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
This patch fixes various typos or tab-vs-space issues in
the APM821XX device targets Device-Tree source files.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch silences the following warnings:
>netgear-wndr4700.dts:168.3-13:Warning (reg_format): /plb/sata@bffd1800/sata-port@0:reg:property has invalid length (4 bytes) (#address-cells == 2, #size-cells == 1)
>netgear-wndr4700.dts:167.26-170.4: Warning (avoid_default_addr_size):/plb/sata@bffd1800/sata-port@0: Relying on default #address-cells value
>netgear-wndr4700.dts:167.26-170.4: Warning (avoid_default_addr_size):/plb/sata@bffd1800/sata-port@0: Relying on default #size-cells value
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds the pcie-switch and bridge configuration of the
WNDR4700.
This allows to get rid of the legacy firmware monikers and drop
the usbport LED declaration.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Changing the factory image of KD20 was used during testing and wasn't
intended to be included in the commit fixing a SATA bug on oxnas.
Revert that part of the commit.
Fixes: 5793112f75 ("oxnas: reduce size of ATA DMA descriptor space")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Compile the Linkstation poweroff module for the Buffalo LS421DE.
Without this driver the device remains forever halted if a power off
command is executed.
The driver will also allow to use the WoL feature, which wasn't availabe
in the stock firmware.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Backport the Linkstation poweroff driver from the kernel upstream (commit
a7f79f99541ef)
This driver is required by the Buffalo LinkStation LS421DE for a correct
power off operation. It also allows to use the WoL feature.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
The DIR-645 fails to boot if the kernel is large.
Enabling lzma-loader resolves the issue.
Run-tested on D-Link DIR-645.
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
This patch adds support for Wavlink WL-WN531A6 (Quantum D6).
Specifications:
--------------
* SoC: Mediatek MT7621AT 2C2T, 880MHz
* RAM: 128MB DDR3, Nanya NT5CB64M16GP-EK
* Flash: 16MB SPI NOR flash, GigaDevice GD25Q127CSIG
* WiFi 5GHz: Mediatek MT7615N (4x4:4) on mini PCIE slot.
* WiFi 2.4GHz: Mediatek MT7603EN (2x2:2) on mini PCIE slot.
* Ethernet: MT7630, 5x 1000Base-T
* LED: Power, WAN, LAN(x4), WiFi, WPS, dual color
"WAVLINK" LED logo on the top cover.
* Buttons: Reset, WPS, "Turbo", touch button on the top
cover via RH6015C touch sensor.
* UART: UART1: serial console (57600 8n1) on the J4 header
located below the top heatsink.
UART2: J12 header, located on the right side of
the board.
* USB: One USB3 port.
* I2C: J9 header, located below the top heatsink.
Backup the OEM Firmware:
-----------------------
There isn't any firmware released for the WL-WN531A6 on
the Wavlink web site. Reverting back to the OEM firmware is
not possible unless we have a backup of the original OEM
firmware.
The OEM firmware is stored on /dev/mtd4 ("Kernel").
1) Plug a FAT32 formatted USB flash drive into the USB port.
2) Navigate to "Setup->USB Storage". Under the "Available
Network folder" you can see part of the mount point of
the newly mounted flash drive filesystem - e.g "sda1".
The full mount point is prefixed with "/media", so in
this case the mount point becomes "/media/sda1".
3) Go to http://192.168.10.1/webcmd.shtml .
4) Type the following line in the "Command" input box:
dd if=/dev/mtd4ro of=/media/sda1/firmware.bin
5) Click "Apply"
6) After few seconds, in the text area should appear this
output:
30080+0 records in
30080+0 records out
7) Type "sync" in the "Command" input box and click "Apply".
8) At this point the OEM firmware is stored on the flash
drive as "firmware.bin". The size of the file is 15040 KB.
Installation:
------------
* Flashing instructions (OEM web interface):
The OEM web interface accepts only files with names containing
"WN531A6". It's also impossible to flash the *-sysupgrade.bin
image, so we have to flash the *-initramfs-kernel.bin first and
use the OpenWrt's upgrade interface to write the sysupgrade
image.
1) Rename openwrt-ramips-mt7621-wavlink_wl-wn531a6-initramfs-kernel.bin
to WN531A6.bin.
2) Connect your computer to the one of the LAN ports of the
router with an Ethernet cable and open http://192.168.10.1
3) Browse to Setup -> Firmware Upgrade interface.
4) Upload the (renamed) OpenWrt image - WN531A6.bin.
5) Proceed with the firmware installation and give the device
a few minutes to finish and reboot.
6) After reboot wait for the "WAVLINK" logo on the top cover
to turn solid blue, and open http://192.168.1.1
7) Use the OpenWrt's "Flash Firmware" interface to write the
OpenWrt sysupgrade image:
openwrt-ramips-mt7621-wavlink_wl-wn531a6-squashfs-sysupgrade.bin
* Flashing instructions (u-boot TFTP):
1) Configure a TFTP server on your computer and set its IP
to 192.168.10.100
2) Rename the OpenWrt sysupgrade image to firmware.bin and
place it in the root folder of the TFTP server.
3) Power off the device and connect an Ethernet cable from
one of its LAN ports your computer.
4) Press the "Reset" button (and keep it pressed)
5) Power on the device.
6) After a few seconds, when the connected port LAN LED stops
blinking fast, release the "Reset" button.
7) Flashing OpenWrt takes less than a minute, system will
reboot automatically.
8) After reboot the WAVLINK logo on the top cover will indicate
the current OpenWrt running status (wait until the logo tunrs
solid blue).
Revert to the OEM Firmware:
--------------------------
* U-boot TFTP:
Follow "Flashing instructions (u-boot TFTP)" and use the
"firmware.bin" backup image.
* OpenWrt "Flash Firmware" interface:
Upload the "firmware.bin" backup image and select "Force update"
before continuing.
Notes:
-----
* The MAC address shown on the label at the back of the device
is assigned to the 2.4G WiFi adapter.
MAC addresses assigned by the OEM firmware:
2.4G: *:XX (label): factory@0x0004
5G: *:XX + 1 : factory@0x8004
WAN: *:XX - 1 : factory@0xe006
LAN: *:XX - 2 : factory@0xe000
* The I2C bus and UART2 are fully functional. The headers are
not populated.
Signed-off-by: Georgi Vlaev <georgi.vlaev@konsulko.com>
curl is replaced by uclient-fetch within the OpenWrt build system and we
can therefore move curl to packages.git. This is based on the Hamburg
2019 decision that non essential packages should move outside base.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This patch adds support for the TP-Link TL-WR850N v2. This device
is very similar to TP-Link TL-WR840 v4 and TP-Link TL-WR841 v13.
Specifications:
SOC: MediaTek MT7628NN
Flash: 8 MiB SPI
RAM: 64 MiB
WLAN: MediaTek MT7628NN
Ethernet: 5 ports (100M)
Installation Using the integrated tftp capability of the router:
1. Turn off the router.
2. Connect pc to one of the router LAN ports.
3. Set your PC IPv4 address to 192.168.0.66/24.
4. Run any TFTP server on the PC.
5. Put the recovery firmware on the root directory of TFTP server
and name the file tp_recovery.bin
6. Start the router by pressing power button while holding the
WPS/Reset button (or both WPS/Reset and WIFI buttons)
7. Router connects to your PC with IPv4 address 192.168.0.2,
downloads the firmware, installs it and reboots. LEDs are
flashing. Now you have OpenWrt installed.
8. Change your IPv4 PC address to something in 192.168.1.0/24
network or use DHCP to get an address from your OpenWrt router.
9. Done! You can login to your router via ssh.
Forum link:
https://forum.openwrt.org/t/add-support-for-tp-link-tl-wr850n-v2/66899
Signed-off-by: Andrew Freeman <labz56@gmail.com>
[squash an tidy up commits, sort nodes]
Signed-off-by: Darsh Patel <darshkpatel@gmail.com>
[minor commit message adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The at91 target sets
FEATURES:=usb usbgadget ...
in the target Makefile, which sets CONFIG_USB_SUPPORT=y in the
.config file for both subtargets.
However, when building with all kmods, the build fails with the
following error message:
ERROR: module [...]/drivers/bluetooth/btusb.ko is missing.
It appears that only a part of the bluetooth files are compiled.
The package depends @USB_SUPPORT.
This can be easily healed by adding CONFIG_USB_SUPPORT=y to the
sam9x subtarget configuration. Before the 4.14->5.4 bump, the
same was also set in the target's config-4.14 file along with
several other USB config options that are not reimplemented.
Still, it remains a mystery to me why setting the same symbol
via target kernel config creates a different result than the
feature setting the same symbol in target-metadata.pl.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This fixes the following compile errors after the wolfssl 4.5.0 update:
LD wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
type = GEN_EMAIL;
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
type = GEN_DNS;
^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
type = GEN_URI;
^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
if (gen->type != GEN_EMAIL &&
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
gen->type != GEN_DNS &&
^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
gen->type != GEN_URI)
^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed
Fixes: 00722a720c77 ("wolfssl: Update to version 4.5.0")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
While commit 734a8c46e703 focussed on removing stuff directly
selected by the NET_RALINK_* symbols, this patch removes additional
unused mt7621-specific code from the ethernet driver.
As with the previous patch, the main reason is to reduce the amount
of code we have to maintain and care about.
Note that this patch still keeps a few lines with
IS_ENABLED(CONFIG_SOC_MT7621) in mtk_eth_soc.h/.c, as this file is
still selected for the mt7621 subtarget.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The release notes says this:
As already said, the changes since 2.1.1 are primarily bug fixes, addressing
compiler warnings and issues reported by diagnostic tools, but also build
failures for some configurations.
https://lists.infradead.org/pipermail/linux-mtd/2020-July/081299.html
The size of the ubi-utils ipk increases on mips BE by 0.2%
old:
ubi-utils_2.1.1-1_mips_24kc.ipk: 70992
new:
ubi-utils_2.1.2-1_mips_24kc.ipk: 71109
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The release notes says this:
As already said, the changes since 2.1.1 are primarily bug fixes, addressing
compiler warnings and issues reported by diagnostic tools, but also build
failures for some configurations.
https://lists.infradead.org/pipermail/linux-mtd/2020-July/081299.html
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
channel attacks are present.
* Leak of private key in the case that PEM format private keys are
bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application.
Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/
Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255
The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Instead of using mbedtls by default use wolfssl. We now integrate
wolfssl in the default build so use it also as default ssl library for
curl.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>