51793 Commits

Author SHA1 Message Date
Petr Štetiar
23bbaa02a9 ustream-ssl: update to Git version 2020-12-10
68d09243b6fd Add initial GitLab CI support
8280140db9d1 wolfssl: remove now deprecated compatibility code
cee6791b362a ustream-mbedtls: fix certificate verification
55c3fd89d508 ustream-mbedtls: implement set_require_validation
c6b4c48689a3 ustream-openssl: wolfSSL: fix certificate validation
3bc05402bfab cmake: enable extra compiler checks
cd2c3d12db43 ustream-mbedtls: fix comparison of integers of different signs
5896991e46a3 ustream-openssl: fix BIO_method memory leak
2c342ae57c5b ustream-openssl: fix wolfSSL includes
fa8ecd6ed140 cmake: fix linking when mbed TLS not in default paths
63656f81045f cmake: fix linking when wolfSSL not in default paths
c26f71e844df cmake: fix building out of the tree

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-14 09:41:39 +01:00
Paul Spooren
bc0ffff36a build/json: add filesystem information
Some images are created using different filesystems, most popular
squashfs and ext4. To allow downstream projects to distinguesh between
those, add the `filesystem` information to created json files.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-12-13 22:07:52 -10:00
David Bauer
cdc8d4b46f ipq40xx: revert usage of VLAN S-TAG
This reverts the usage of the S-Tag for separating LAN and WAN port on
the embedded switch. Many users complained about not being able to
manage C-Tag addition / removal on the switch as well as degraded
performance.

Fixes: commit 9da2b567605b ("ipq40xx: fix ethernet vlan double tagging")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-12-14 01:13:30 +01:00
Rui Salvaterra
116191eddf zram-swap: remove the compression streams settings
Zram switched to per-cpu compression streams since Linux 4.7 [1]. Drop the
irrelevant configuration (no-op).

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/block/zram?h=v4.7&id=43209ea2d17aae1540d4e28274e36404f72702f2

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-12-13 13:55:03 -10:00
Christian Lamparter
c29f6121fd bcm53xx: MR32: fix DEVICE_VENODR typo
DEVICE_VENDOR was misspelled as DEVICE_VENODR.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-12-13 17:16:36 +01:00
Yushi Nishida
5e9a5c15ba ipq40xx: fix 5Ghz tx/rx power on the ASUS MAP-AC2200
The ASUS MAP-AC2200 suffers from a lower transmit/receive
signal power as compared to the stock firmware.

Upon investigation, it was discovered that stock firmware from
the GPL_MAP-AC2200_3.0.0.4.384.46249-g97d05bb.tar archive.
set the following GPIOs in "release/src/router/rc/init.c".

GPIO 44 and 46 have to be set to output high
GPIO 45 and 47 have to be set to output low

Here are some results, after activating the relevant
gpios through cmdline:

<https://forum.openwrt.org/t/asus-map-ac2200-low-transmit-receive-signal-5ghz/69005/12>

THX @ slh

Fixes: 9ad3967f140 ("ipq40xx: add support for ASUS Lyra")
Signed-off-by: Yushi Nishida <kyro2man@gmx.net>
[slightly rewritten commit, added missing <>)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-12-13 16:12:45 +01:00
Luis Araneda
8b870418f1 uboot-zynq: fix dtc compilation on host gcc 10
gcc 10 defaults to -fno-common, which causes an error
when linking.

Back-port the following Linux kernel commit to fix it:
e33a814e772c (scripts/dtc: Remove redundant YYLOC global declaration)

Tested on an Arch Linux host with gcc 10.1.0

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2020-12-13 16:12:45 +01:00
lisaac
3cc85ac410
luci-app-diskman: improve stability 2020-12-13 11:03:32 +08:00
M1A6I3L
347d6219f7
qt5: add qt5-sql module 2020-12-13 11:02:26 +08:00
CN_SZTL
b764cf94bd
Merge Official Source 2020-12-13 10:06:34 +08:00
Daniel Golle
b2d48c1dfe odhcpd: remove local mkdir_p implementation
Replace local mkdir_p implementation in favour of using mkdir_p now
added to libubox.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-13 00:13:18 +00:00
Daniel Golle
54239ccfe7 procd: update to git HEAD
111416d jail: remove unreachable code
 7f12c89 treewide: replace local mkdir_p implementations

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 23:34:10 +00:00
Daniel Golle
278b1e95a7 fstools: update to git HEAD
0c6fb90 jffs2-reset: allow doing a factory reset and passing a sysupgrade.tgz
 4862530 mount: restorecon: guard against execl() errors
 f415323 block: replace local mkdir_p implementation

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 23:34:10 +00:00
Daniel Golle
ee0ff7343e libubox: utils: introduce mkdir_p
Add new utility function mkdir_p(char *path, mode_t mode) to replace
the partially buggy implementations found accross fstools and procd.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 23:34:10 +00:00
CN_SZTL
99b6e832c1
luci-app-vssr: bump to 1.20 2020-12-13 01:06:34 +08:00
CN_SZTL
3cc83b9b46
luci-app-passwall: bump to 4-3 2020-12-13 01:06:20 +08:00
AmadeusGhost
629bceabdf
luci-app-minieap: add package 2020-12-13 00:50:03 +08:00
Daniel Golle
be6aa93e4d selinux-policy: update to version 0.4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 14:45:32 +00:00
Philip Prindeville
5d2b577a53 xfrm: support 'multicast' attribute on interfaces
You shouldn't need the overhead of GRE just to add multicast
capability on a point-to-point interface (for instance, you might
want to run mDNS over IPsec transport connections, and Avahi
requires IFF_MULTICAST be set on interfaces, even point-to-point
ones).

Borrowed heavily from:

    b3c9321b9e gre: Support multicast configurable gre interfaces

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-12-11 20:53:36 +01:00
Beginner
ed0cf609de
xray: update to 1.1.3 2020-12-11 21:28:20 +08:00
Eneas U de Queiroz
882ca13d92 openssl: update to 1.1.1i
Fixes: CVE-2020-1971, defined as high severity, summarized as:
NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS
attack.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-12-11 13:57:04 +01:00
Marty Jones
b63e57ba17 kernel: add Aquantia AQtion USB-to-5GbE adapters
This add support for USB-to-Ethernet Aquantia AQtion
5/2.5GbE adapters based on the AQC111U controllers.

Run-tested: x86
Adapter-tested: Sabrent NT-SS5G
Signed-off-by: Marty Jones <mj8263788@gmail.com>
2020-12-11 13:57:04 +01:00
Karel Kočí
e401a2a42e mvebu: fix initramfs/kernel image for CZNIC Turris Omnia
This adds DTB to kernel and that way makes it possible to easily boot
initramfs image and also kernel.

The sequence to boot initramfs on Omnia is then just:
  env set bootargs earlyprintk console=ttyS0,115200
  dhcp 0x1000000 192.168.1.1:openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs-kernel.bin
  bootz 0x1000000

Without this change kernel boot won't proceed and is stuck on "Starting
kernel".

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
[fixed From: to match with SoB:]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-11 13:56:29 +01:00
Konstantin Demin
52aa2017d3 dropbear: bump package version
Bump package version after previous changes.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-11 13:48:24 +01:00
Konstantin Demin
228298290e dropbear: add ssh-askpass support in configuration
binary size cost is much less than 1k.

tested on ath79/generic:
  bin: 215128 -> 215132 (+4b)
  ipk: 111183 -> 111494 (+311b)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
e1bd9645b6 dropbear: roll up recipes into mapping lists
this commit removes manual recipes for options and introduces mapping lists:
- DB_OPT_COMMON holds option mappings which are common for all builds;
- DB_OPT_CONFIG holds option mappings which are depend on config settings.

DB_OPT_COMMON is space-separated list of 'words', each of them is in format:
  'header_option|value'

'header_option' is added with value 'value' to 'localoptions.h'.

if 'header_option' is preceded by two exclamation marks ('!!')
then option is not added to 'localoptions.h' but replaced in 'sysoptions.h'.

in short:
   option|value - add option to localoptions.h
 !!option|value - replace option in sysoptions.h

DB_OPT_CONFIG is space-separated list of 'words', each of them is in format:
  'header_option|config_variable|value_enabled|value_disabled'

'header_option' is handled likewise in DB_OPT_COMMON.

if 'config_variable' is enabled (technically: not disabled)
then 'header_option' is set to 'value_enabled' and 'value_disabled' otherwise.

in short:
   option|config|enabled|disabled = add option to localoptions.h
 !!option|config|enabled|disabled = replace option in sysoptions.h

   option := (config) ? enabled : disabled

If you're not sure that option's value doesn't have '|' within - add your recipe
manually right after '$(Build/Configure/dropbear_headers)' and write some words
about your decision.

PS about two exclamation marks:
early idea was to use one exclamation mark to denote such header options
but then i thought single exclamation mark may be overlooked by mistake.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
79d5c24724 dropbear: rework recipes that configure build
- add two helper functions to avoid mistakes with
  choice of correct header file to work with
- update rules accordingly

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
42eff7c7e6 dropbear: reorder options in Configure recipe
put static options at first place, then place configurable options.
also put DROPBEAR_ECC right before DROPBEAR_ECC_FULL to ease maintainance.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
7e122c353a dropbear: enable back DROPBEAR_USE_PASSWORD_ENV
this option was disabled in 2011 and these long nine years showed us that change was definitely wrong.

binary size cost is much less than 1k.

tested on ath79/generic:
  bin: 215128 -> 215128 (no change)
  ipk: 111108 -> 111183 (+75b)

Fixes: 3c801b3dc0359 ("tune some more options by default to decrease size")
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Rafał Mikrut
561bfc96f9 realtek: Add missing case in switch statement
Cppcheck shows here duplicated break.

Code `state->speed = SPEED_1000;` will be never executed because above
it there is break statement.

Almost identical statement is placed in another realtek driver
18a53d43d6/target/linux/realtek/files-5.4/drivers/net/dsa/rtl83xx/dsa.c (L286-L294)

Signed-off-by: Rafał Mikrut <mikrutrafal@protonmail.com>
2020-12-11 13:48:24 +01:00
Rafał Mikrut
848d668427 realtek: Fix self assignment
Cppcheck shows self initialization error, which is an obvious bug.

Basing on logic of similar fragment below I assigned to this variable,
value `RTL838X_LED_GLB_CTRL` which I think is proper.

Signed-off-by: Rafał Mikrut <mikrutrafal@protonmail.com>
2020-12-11 13:48:24 +01:00
John Thomson
d82c191283 package/base-files: caldata: use dd iflag fullblock
This dd flag ensures that the requested size
is retrieved from pipes or special filesystems (if available).

Without this flag, on multi-core systems,
Piped or special filesystem data can be truncated
when a size greater than PIPE_BUF is requested.

Fixes: FS#3494
Fixes: 7557e7f ("package/base-files: caldata: work around dd's
limitation")
Cc: Thibaut VARÈNE <hacks@slashdirt.org>

Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
2020-12-11 13:48:24 +01:00
Petr Štetiar
064d65c2f7 wolfssl: fix broken wolfSSL_X509_check_host
Backport upstream post 4.5.0 fix for broken wolfSSL_X509_check_host().

References: https://github.com/wolfSSL/wolfssl/issues/3329
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-11 13:48:24 +01:00
Eneas U de Queiroz
f31c9cd383 wolfssl: compile with --enable-opensslall
This enables all OpenSSL API available.  It is required to avoid some
silent failures, such as when performing client certificate validation.

Package size increases from 356.6K to 374.7K for
arm_cortex-a9_vfpv3-d16.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-12-11 13:48:24 +01:00
Eneas U de Queiroz
4e8a0014aa wolfssl: add lighty support, skip crypttests
Tnis adds the --enable-lighty option to configure, enabling the minimum
API needed to run lighttpd, in the packages feed.  Size increase is
about 120 bytes for arm_cortex-a9_vfpv3-d16.

While at it, speed up build by disabling crypt bench/test.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-12-11 13:48:24 +01:00
Daniel González Cabanelas
81df645572 bcm63xx: DGND3700v1: use the real board name
The Netgear DGND3700v1/DGND3800B shows kernel redundant info at the board
message, already provided by the machine info message.

Use the real board name which is silkscreened on the PCB and used in the
stock firmware header.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
2020-12-11 11:47:37 +01:00
AmadeusGhost
db67e47759
openssl: update to 1.1.1i
This version includes a high-security fixes: CVE-2020-1971.
2020-12-11 18:21:50 +08:00
Daniel Golle
8663072854 config: add big EXPERIMENTAL option
As discussed in the today's (2020-12-10) meeting, add a new option to
menuconfig to group the selection of all experimental features to be
selected by default.
Developers are recommended to make use of this new symbol to guard
new features.
Other developers and community members should feel encouraged to
build with this flag enabled to help testing and provide feedback.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-10 19:33:51 +00:00
Karel Kočí
a3e5b24d43 scripts/feeds: fix preference of package install
The previous behavior prefered same feed for dependent packages as
initial package. This caused inconsitency in installation of packages.
The difference was if two feeds provide same package (different version)
there was different result if you executed install for that specific
version compared to install for package depending on it from different
feed.

This ensures that preferred feed is propagated without change and
selected feed is used only really for package it was selected for.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
2020-12-09 23:25:05 -10:00
Paul Spooren
6ea03ec94c opkg: remove legacy dist and extra_data
efb26a3 libopkg: remove "extra_data" option
1d67ab7 libopkg: remove support for "dist" config

Reduces opkg size by about 400 Bytes.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-12-09 23:24:38 -10:00
Paul Spooren
e7e16667ff iftop: remove package
The package has no reason to be in openwrt.git. Move it to packages.git.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2020-12-09 23:24:22 -10:00
Hans Dedecker
dd3464023f odhcp6c: update to latest git HEAD
0ffa3a3 dhcpv6: harden reconfigure logic
3999b6d dhcpv6: rework DHCPv6 message to string implementation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-09 22:33:34 +01:00
Brian Norris
7f285d0b43 scripts/feeds: warn when skipping core package override
Otherwise, a n00b like myself can get quite confused when moving a
package from core to feeds, for example.

(Hint: one *really* needs to clear out the tmp/info/.packageinfo...
entries for the stale package, but '-f' works as well.)

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2020-12-09 11:30:07 -10:00
John Audia
3f165fa7cc kernel: bump 5.4 to 5.4.82
Removed since included upstream and could be reverse-applied by quilt:
  backport-5.4/315-v5.10-usbnet-ipeth-fix-connectivity-with-ios-14.patch

Remaining modifications made by update_kernel.sh

Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [build/run x86_64]
2020-12-09 17:05:40 +01:00
Jo-Philipp Wich
dd5b3b58d8 lldpd: fix autoreconf failure
The lldpd sources ship a modified local AX_LIB_READLINE M4 macro which
conflicts with the official macro shipped by autoconf-archive.

Due to the official macro having the same name and a higher serial
number, autoconf will prefer including that one instead of the local
copy, preventing the substitution of @READLINE_LIBS@ in Makefile.in
templates, ultimately leading to the following build failure when
linking lldpcli:

    ...-gcc: error: READLINE_LIBS@: No such file or directory

Avoid this problem by renaming the locally shipped macro to not clash
with the official implementation anymore.

Ref: https://github.com/lldpd/lldpd/pull/423
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-12-09 12:36:40 +01:00
Sieng Piaw Liew
a58826c34f bcm63xx: add support for Innacomm W3400V6
Innacomm W3400V6 is an xDSL B/G wireless router based on Broadcom BCM6328 SoC.

Hardware:
   SoC:          Broadcom BCM6328
   CPU:          BMIPS4350 V8.0, 320 MHz, 1 core
   Flash:        SPI-NOR 8MB, MX25L6406E
   RAM:          64 MB
   Ethernet:     4x 10/100 Mbps
   Switch:       Integrated
   Wireless:     802.11b/g, BCM4312
   LEDs/Buttons: 9x / 2x

Flash instruction, web UI:
1) Set a static IP on your computer compatible
with 192.168.1.1, i.e 192.168.1.100
2) Connect the ethernet cable from your computer to the router.
3) Make sure the router is powered off.
4) Press the reset button, don't release it yet!
5) While pressing reset, power on the router.
6) Wait 10 seconds or more.
Note: The power LED is red at first then turns to solid
green when ready.
8) Release the reset button.
9) Browse to 192.168.1.1
10) Select .bin file.
10) Upgrade the image.
11) Wait for it to reboot.

Signed-off-by: Sieng Piaw Liew <liew.s.piaw@gmail.com>
[Ammend commit description, merge patches, DT improvements]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-12-09 08:42:26 +01:00
Sieng Piaw Liew
21311ca6b6 kernel: unlock MX25L6406E with 4 bit Block Protect
Hacked in basic support for 4 bit Block Protection register, copied from
linux-master. Needed to unlock Innacomm W3400V's SPI flash MX25L6406E,
compatible with MX25L6405D.

Signed-off-by: Sieng Piaw Liew <liew.s.piaw@gmail.com>
[Amend commit description, refresh patch]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-12-09 08:42:26 +01:00
Adrian Schmutzler
af07c6de9c uboot-envtools: ramips: use full names for Xiaomi Mi Routers
This updates uboot-envtools with the updated names from ramips
target.

Fixes: 6d4382711a65 ("ramips: use full names for Xiaomi Mi Router devices")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-12-08 23:45:10 +01:00
Adrian Schmutzler
6d4382711a ramips: use full names for Xiaomi Mi Router devices
This aligns the device/image names of the older Xiaomi Mi Router
devices with their "friendly" model and DEVICE_MODEL properties.

This also reintroduces consistency with the newer devices already
following that scheme.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-12-08 17:18:57 +01:00
Adrian Schmutzler
89e6cc5c76 ramips: mt7628: create shared DTSI for Xiaomi Mi Router 4A/4C
The Xiaomi Mi Router 4A (100M) and 4C are relatively similar in
their specs. Create a shared DTSI for them.

Partitions are split in preparation for Mi Router 4AC.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-12-08 15:39:00 +01:00