Thibaut VARÈNE [Sat, 16 May 2020 15:12:06 +0000 (17:12 +0200)]
generic: platform/mikrotik: fix LZOR support
31e99fe3da which introduced this code was unfortunately untested.
This commit fixes a number of issues and works around the fact that in
this particular scheme, the LZO payload may be padded at the end which
will trigger a harmless lzo decompression error.
This commit also disambiguates the debug printks.
Tested-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> Fixes: 31e99fe3da ("generic: platform/mikrotik: support LZOR encoding")
(cherry picked from commit 2ea481193c1654c9cb42aa0331cdbc4570783e26)
Robert Marko [Tue, 12 May 2020 20:18:33 +0000 (22:18 +0200)]
libjson-c: backport security fixes
This backports upstream fixes for the out of bounds write vulnerability in json-c.
It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592
Addresses CVE-2020-12762
Signed-off-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
[bump PKG_RELEASE, rebase patches on top of json-c 0.12] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit bc0288b76816578f5aeccb2abd679f82bfc5738e)
Adrian Schmutzler [Wed, 26 Feb 2020 17:24:55 +0000 (18:24 +0100)]
ar71xx: remove hard-coded folder name from Mikrotik RB upgrade
So far, specifying "BOARD_NAME := routerboard" is required by the
upgrade code of Mikrotik NAND devices, as "sysupgrade-routerboard"
is hardcoded in platform_do_upgrade_mikrotik_rb().
This patch replaces the latter with a grep for the name like it
is already done in nand_upgrade_tar() in /lib/upgrade/nand.sh.
This should enable upgrades from ar71xx to ath79 without setting
BOARD_NAME for the latter.
Daniel Golle [Tue, 12 May 2020 09:48:50 +0000 (10:48 +0100)]
fstools: blockd: fix segfault triggered by non-autofs mounts
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
at fstools-2020-05-06-eec16e2f/block.c:1193
1193: if (!m->autofs && (mp = find_mount_point(pr->dev))) {
Fixes: 3b9e4d6d4c4f ("fstools: update to the latest version") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit b181294b02499e41b6b6fa24163f59c9ee4988ed)
Thibaut VARÈNE [Fri, 8 May 2020 11:39:10 +0000 (13:39 +0200)]
ar71xx: mikrotik: bypass id check in __rb_get_wlan_data()
The id parameter in __rb_get_wlan_data() was incorrectly used on the
assumption that id "0" would always be tied to ath9k with RLE encoding
and positive id (in fact, only id "1" was valid) would always be tied to
("external") ath10k with LZO encoding.
Newer hardware revisions of supported devices prove this assumption to
be invalid, with ath9k caldata being now wrapped in MAGIC_ERD and LZO
compressed, so disable this check to allow newer hardware to correctly
decode caldata for ath9k. Since ath10k caldata is no longer pulled from
this implementation, this commit also disables the publication in sysfs
to avoid wasting memory.
Note: this patch assumes that ath9k caldata is never stored with the new
"LZOR" encoding scheme found on some ath10k devices.
Thibaut VARÈNE [Fri, 27 Mar 2020 13:33:48 +0000 (14:33 +0100)]
generic: platform/mikrotik: support LZOR encoding
Some newer MikroTik RouterBOARD devices use a new encoding scheme
for their WLAN calibration data. This patch provides support for
decoding this new scheme.
Thibaut VARÈNE [Sun, 22 Mar 2020 20:46:42 +0000 (21:46 +0100)]
generic: routerboot sysfs platform driver
This driver exposes the data encoded in the "hard_config" flash segment
of MikroTik RouterBOARDs devices. It presents the data in a sysfs folder
named "hard_config". The WLAN calibration data is available on demand via
the 'wlan_data' sysfs file in that folder.
This driver permanently allocates a chunk of RAM as large as the
"hard_config" MTD partition (typically 4KB), although it is technically
possible to operate entirely from the MTD device without using a local
buffer (except when requesting WLAN calibration data), at the cost of a
performance penalty.
This driver does not reuse any of the existing code previously found in
routerboot.c.
This driver has been successfully tested on BE (ath79) and LE (ipq40xx
and ramips) hardware.
Tested-by: Roger Pueyo Centelles <roger.pueyo@guifi.net> Tested-by: Baptiste Jonglez <git@bitsofnetworks.org> Tested-by: Tobias Schramm <t.schramm@manjaro.org> Tested-by: Christopher Hill <ch6574@gmail.com> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Lech Perczak [Thu, 7 May 2020 22:41:36 +0000 (00:41 +0200)]
ath79: dts: add missing 'serial0' alias for TP-Link TL-MR3040v2
Out of all devices currently supported based on AR9331 chipset,
this one had the 'serial0' alias missing. Add it to fix setting of
/dev/console and login shell on the onboard UART.
Before we were trying to check for timeconst.h by looking in the kernel
source directory. This isn't quite correct on configurations in which
the object directory is separate from the kernel source directory, for
example when using O="elsewhere" as a make option when building the
kernel. The correct fix is to use $(CURDIR), which should point to
where we want.
* compat: use bash instead of bc for HZ-->USEC calculation
This should make packaging somewhat easier, as bash is generally already
available (at least for dkms), whereas bc isn't provided by distros by
default in their build meta packages.
* socket: remove errant restriction on looping to self
It's already possible to create two different interfaces and loop
packets between them. This has always been possible with tunnels in the
kernel, and isn't specific to wireguard. Therefore, the networking stack
already needs to deal with that. At the very least, the packet winds up
exceeding the MTU and is discarded at that point. So, since this is
already something that happens, there's no need to forbid the not very
exceptional case of routing a packet back to the same interface; this
loop is no different than others, and we shouldn't special case it, but
rather rely on generic handling of loops in general. This also makes it
easier to do interesting things with wireguard such as onion routing.
At the same time, we add a selftest for this, ensuring that both onion
routing works and infinite routing loops do not crash the kernel. We
also add a test case for wireguard interfaces nesting packets and
sending traffic between each other, as well as the loop in this case
too. We make sure to send some throughput-heavy traffic for this use
case, to stress out any possible recursion issues with the locks around
workqueues.
* send: cond_resched() when processing tx ringbuffers
Users with pathological hardware reported CPU stalls on CONFIG_
PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning
these workers would never terminate. That turned out not to be okay on
systems without forced preemption. This commit adds a cond_resched() to
the bottom of each loop iteration, so that these workers don't hog the
core. We don't do this on encryption/decryption because the compat
module here uses simd_relax, which already includes a call to schedule
in preempt_enable.
* selftests: initalize ipv6 members to NULL to squelch clang warning
This fixes a worthless warning from clang.
* send/receive: use explicit unlikely branch instead of implicit coalescing
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Hans Dedecker [Thu, 7 May 2020 05:59:40 +0000 (07:59 +0200)]
odhcpd: fix PKG_SOURCE_DATE
Fixes: 5e8b50da15 (odhcpd : fix lan host reachibility due to identical RIO and PIO prefixes (FS#3056)) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Rafał Miłecki [Wed, 6 May 2020 15:49:59 +0000 (17:49 +0200)]
fstools: update to the latest version
eec16e2 blockd: add optional "device" parameter to "info" ubus method 9ab936d block(d): always call hotplug.d "mount" scripts from blockd 4963db4 blockd: use uloop_process for calling /sbin/hotplug-call mount cddd902 Truncate FAT filesystem label until 1st occurance of a blank (0x20)
Chuanhong Guo [Tue, 5 May 2020 09:37:02 +0000 (17:37 +0800)]
generic: ar8216: fix unknown packet flooding for ar8229/ar8236
ar8229 and ar8236 don't allow unknown unicast/multicast frames and
broadcast frames to be flooded to cpu port. This isn't desired behavior
for swconfig as we treat it as a standalone switch.
Current code doesn't enable unicast frame flooding for ar8229 and uses
wrong setup for ar8236. This commit fixes both of them by enabling port
0 flooding for all unknown frames.
Jo-Philipp Wich [Tue, 5 May 2020 22:47:55 +0000 (00:47 +0200)]
libpcap: fix library packaging issues
Workaround a bug in patches/100-debian_shared_lib.patch - it attemptss to
extract the library major version from debian/changelog which does not exist
in the vanilla upstream tarball.
Create a fake changelog file for now to satisfy the version extraction
routine until we get around to properly augment the patch.
Fixes: FS#2970 Fixes: 96ee7c8bfd ("libpcap: Update shared-lib patch from Debian to fix linking problems") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rafał Miłecki [Tue, 5 May 2020 07:14:40 +0000 (09:14 +0200)]
fstools: update to the latest version
8b9e601 block: always use st_dev (device ID) of / when looking for root 37c9148 block: simplify check_extroot() a bit d70774d block: add some basic extroot documentation 32db27d Revert "block: support hierarchical mount/umount" 0b93429 Revert "block: mount_action: handle mount/umount deps"
Felix Fietkau [Thu, 9 Apr 2020 12:25:51 +0000 (14:25 +0200)]
fstools: update to the latest version
84965b92f635 blockd: print symlink error code and string message 62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts d1f1f2b38fa1 block: remove mount target file if it's a link 830441d790d6 blockd: remove symlink linkpath file if it's a dir or link c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found
Paul Spooren [Mon, 6 Apr 2020 11:53:19 +0000 (01:53 -1000)]
scripts/download: add sources CDN as first mirror
OpenWrt now has a CDN for sources at sources.cdn.openwrt.org which
mirrors sources.openwrt.org.
Downloading sources outside Europe or US (mainland) could
result in low throughput, extremely slowing down the first compilation of
the build system.
This patch adds sources.cdn.openwrt.org as the first mirror to offer
worldwide fast download speeds by default. If the CDN goes down for
whatever reason, the script jumps to the next available mirror and
downloads requested files as before (in regional varying speed).
Signed-off-by: Paul Spooren <mail@aparcar.org> Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c737a9ee6a9c47b6e553ac81bf293b1161e59799)
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
#define _DEFAULT_SOURCE
<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors
When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.
This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1
Fixes: aaf46a8fe23e ("dante: disable sched_getscheduler() - not implemented in musl") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ce1798e915181e6c1f3ba735b254b37b84261303)
Linus Lüssing [Wed, 5 Feb 2020 19:10:43 +0000 (20:10 +0100)]
mac80211: ath10k: increase rx buffer size to 2048
Before, only frames with a maximum size of 1528 bytes could be
transmitted between two 802.11s nodes.
For batman-adv for instance, which adds its own header to each frame,
we typically need an MTU of at least 1532 bytes to be able to transmit
without fragmentation.
This patch now increases the maxmimum frame size from 1528 to 1656
bytes.
Tested with two ath10k devices in 802.11s mode, as well as with
batman-adv on top of 802.11s with forwarding disabled.
Matt Merhar [Sun, 19 Apr 2020 21:12:03 +0000 (17:12 -0400)]
kernel: backport fix for non-regular inodes on f2fs
Upstream commit dda9f4b9ca ("f2fs: fix to skip verifying block address
for non-regular inode").
On 4.14, attempting to perform operations on a non-regular inode
residing on an f2fs filesystem, such rm-ing a device node, would fail
and lead to a warning / call trace in dmesg. This fix was already
applied to other kernels upstream - including 4.19, from which the patch
was taken.
More info at https://bugzilla.kernel.org/show_bug.cgi?id=202495.
Adrian Schmutzler [Mon, 27 Apr 2020 21:26:18 +0000 (23:26 +0200)]
ath79: indicate boot/failsafe/upgrade for NanoBeam/Nanostation AC
Like for Ubiquiti PowerBeam 5AC Gen2, the highest RSSI LED can
be exploited to indicate boot/failsafe/upgrade for the NanoBeam AC
and Nanostation AC as well.
Antonio Quartulli [Tue, 28 Apr 2020 10:06:58 +0000 (12:06 +0200)]
wpad-wolfssl: fix crypto_bignum_sub()
Backport patch from hostapd.git master that fixes copy/paste error in
crypto_bignum_sub() in crypto_wolfssl.c.
This missing fix was discovered while testing SAE over a mesh interface.
With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with
wpad-mesh-wolfssl.
Cc: Sean Parkinson <sean@wolfssl.com> Signed-off-by: Antonio Quartulli <a@unstable.cc> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4b3b8ec81cd1965d0bd548fa31db491295b83354)
Before 2019.01 version was introduced patch, which changes cache
routines: 93b283d4 ("ARM: CPU: arm926ejs: Consolidate cache
routines to common file"). Unfortunately that patch make ethernet
and usb in kirkwood broken.
This patch backport commit 599f7aa5 ("ARM: kirkwood: disable dcache
for Kirkwood boards"), which are fix for that problem.
Fixes: dc08514e6d ("uboot-kirkwood: update to 2019.01")
Run tested: pogoplugv4
It's known that ZBT sells 256M variants of these routers. As a result,
our images won't be able to boot on these routers.
This commit removes memory node for them. With previously backported
memory detection patch, kernel is able to detect memory size itself.
Sungbo Eo [Sun, 22 Mar 2020 17:41:08 +0000 (02:41 +0900)]
oxnas: move service file to correct place
This service file has been misplaced from the very beginning.
Fixes: dcc34574efba ("oxnas: bring in new oxnas target") Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 01961f163d927d6b44097f48a67bbc5b4c63eaf7)
Fix the test for an enabled sysntp initscript in dnsmasq.init, and get
rid of "test -o" while at it.
Issue reproduced on openwrt-19.07 with the help of pool.ntp.br and an
RTC-less ath79 router. dnssec-no-timecheck would be clearly missing
from /var/etc/dnsmasq.conf.* while the router was still a few days in
the past due to non-working DNSSEC + DNS-based NTP server config.
The fix was tested with the router in the "DNSSEC broken state": it
properly started dnsmasq in dnssec-no-timecheck mode, and eventually ntp
was able to resolve the server name to an IP address, and set the system
time. DNSSEC was then enabled by SIGINT through the ntp hotplug hook,
as expected.
A missing system.ntp.enabled UCI node is required for the bug to show
up. The reasons for why it would be missing in the first place were not
investigated.
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit 556b8581a15c855b2de0efbea6b625ab16cc9daf)
Petr Štetiar [Sat, 25 Apr 2020 11:59:19 +0000 (13:59 +0200)]
libpcap: fix build breakage with very high number of simultaneous jobs
Building libpcap with high number (64) of simultaneous jobs fails:
In file included from ./fmtutils.c:42:0:
./ftmacros.h:106:0: warning: "_BSD_SOURCE" redefined
#define _BSD_SOURCE
<command-line>:0:0: note: this is the location of the previous definition
./gencode.c:67:10: fatal error: grammar.h: No such file or directory
#include "grammar.h"
^~~~~~~~~~~
compilation terminated.
Makefile:99: recipe for target 'gencode_pic.o' failed
So fix this by less intrusive way by disabling the parallel builds for
this package.
Ref: FS#3010 Signed-off-by: Petr Štetiar <ynezz@true.cz>
Kevin Darbyshire-Bryant [Sat, 4 Apr 2020 08:20:08 +0000 (09:20 +0100)]
umdns: suppress address-of-packed-member warning
gcc 8 & 9 appear to be more picky with regards access alignment to
packed structures, leading to this warning in dns.c:
dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer
(alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer
(alignment 2) may result in an unaligned pointer value
[-Werror=address-of-packed-member]
261 | uint16_t *swap = (uint16_t *) q;
Work around what I think is a false positive by turning the warning off.
Not ideal, but not quite as not ideal as build failure.
Hans Dedecker [Sat, 18 Apr 2020 08:34:10 +0000 (10:34 +0200)]
binutils: add ALTERNATIVES for strings (FS#3001)
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings
Magnus Kroken [Thu, 16 Apr 2020 15:47:47 +0000 (17:47 +0200)]
mbedtls: update to 2.16.6
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters
Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
Tomasz Maciej Nowak [Wed, 18 Mar 2020 18:04:12 +0000 (19:04 +0100)]
mvebu: cortexa9: correct cpu subtype
Armada 370 processors have only 16 double-precision registers. The
change introduced by 8dcc1087602e ("toolchain: ARM: Fix toolchain
compilation for gcc 8.x") switched accidentally the toolchain for mvebu
cortexa9 subtarget to cpu type with 32 double-precision registers. This
stems from gcc defaults which assume "vfpv3-d32" if only "vfpv3" as mfpu
is specified. That change resulted in unusable image, in which kernel
will kill userspace as soon as it causing "Illegal instruction".
Ref: https://forum.openwrt.org/t/gcc-was-broken-on-mvebu-armada-370-device-after-commit-on-2019-03-25/43272 Fixes: 8dcc1087602e ("toolchain: ARM: Fix toolchain compilation for
gcc 8.x") Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(cherry picked from commit 2d61f8821c7cf99354e904139226c132554ba180)
Tomasz Maciej Nowak [Wed, 18 Mar 2020 18:04:13 +0000 (19:04 +0100)]
tegra: correct cpu subtype
Tegra 2 processors have only 16 double-precision registers. The change
introduced by 8dcc1087602e ("toolchain: ARM: Fix toolchain compilation
for gcc 8.x") switched accidentally the toolchain for tegra target to cpu
type with 32 double-precision registers. This stems from gcc defaults
which assume "vfpv3-d32" if only "vfpv3" as mfpu is specified. That
change resulted in unusable image, in which kernel will kill userspace as
soon as it causing "Illegal instruction".
Ref: https://forum.openwrt.org/t/gcc-was-broken-on-mvebu-armada-370-device-after-commit-on-2019-03-25/43272 Fixes: 8dcc1087602e ("toolchain: ARM: Fix toolchain compilation for
gcc 8.x") Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(cherry picked from commit 43d1d88510621801d66a0a7f46f4c4f44d89633a)
Joel Johnson [Fri, 27 Mar 2020 17:31:37 +0000 (11:31 -0600)]
mvebu: backport ClearFog SPI enablement
Backport Device Tree change first added in kernel 4.19 to enable the SPI
device on ClearFog devices by default. This is tested and working in
snapshot builds with kernel 5.4+, include the change in future 19.07
patch releases.
Dan Haab [Mon, 6 Apr 2020 23:14:39 +0000 (16:14 -0700)]
bcm53xx: add support for Luxul FullMAC WiFi devices
This prepares support for models XAP-1610 and XWR-3150. Flashing
requires using Luxul firmware version:
1) 8.1.0 or newer for XAP-1610
2) 6.4.0 or newer for XWR-3150
and uploading firmware using "Firmware Update" web UI page.
Rafał Miłecki [Thu, 20 Feb 2020 12:40:55 +0000 (13:40 +0100)]
bcm53xx: sysupgrade: optimize building UBI image
Use "truncate" to adjust size of existing file instead of "dd" which
required creating a copy. This saves space on tmpfs. It may be as low
as 2.1 MiB when using OpenWrt default user space and way more (20+ MiB)
when flashing vendor firmware.
Rafał Miłecki [Mon, 2 Mar 2020 21:03:09 +0000 (22:03 +0100)]
bcm53xx: fix ASUS firmwares to use vendor format
Image building process was missing "asus-trx" step which resulted in raw
TRX files (without ASUS footer with device id).
Fixes: 0b9de8daa70e ("bcm53xx: add profiles for all other (SoftMAC) devices") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0493d57e04774d47921a7d2014b567455d5dc16b)
Eneas U de Queiroz [Tue, 31 Mar 2020 20:51:45 +0000 (17:51 -0300)]
openssl: bump to 1.1.1f
There were two changes between 1.1.1e and 1.1.1f:
- a change in BN prime generation to avoid possible fingerprinting of
newly generated RSA modules
- the patch reversing EOF detection we had already applied.
Hauke Mehrtens [Fri, 20 Mar 2020 18:07:31 +0000 (19:07 +0100)]
libpcap: Update shared-lib patch from Debian to fix linking problems
This updates the shared-lib patch to the recent version from debian
found here:
https://salsa.debian.org/rfrancoise/libpcap/-/blob/debian/1.9.1-2/debian/patches/shared-lib.diff
This patch makes it include missing/strlcpy.o to the shared library
which is needed for OpenWrt glibc builds, otherwise there is an
undefined symbol and tcpdump and other builds are failing.
Fixes: 44f11353de04 ("libpcap: update to 1.9.1") Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Michael T Farnworth [Sat, 22 Feb 2020 14:20:49 +0000 (14:20 +0000)]
mkrasimage: fix segmentation fault
Code was attempting to determine the size of the file
before it was actually known and allocating insufficient
memory space. Images above a certain size caused a
segmentation fault. Moving the calloc() ensured ensured
that large images didn't result in a buffer overflow on
memcpy().
Signed-off-by: Michael T Farnworth <michael@turf.org>
[fixed name in From to match one in SoB] Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b468353a373d181c4362ff690d7b22a08f5f6949)
Petr Štetiar [Thu, 5 Mar 2020 08:33:52 +0000 (09:33 +0100)]
rpcd: fix respawn settings
Commit 432ec292ccc8 ("rpcd: add respawn param") has introduced infinite
restarting of the service which could be reached over network. This is
not recommended security practice as it might give potential adversary
infinite number of tries in case there might be some issue in the rpcd
or its surrounding stack.
So lets remove the currently bogus `respawn_retry` variable (it wasn't
possible to override it anyway), reverting to the previous default max.
of 5 service restarts which could be now overriden via system's UCI
settings if desired.
Robert Marko [Thu, 19 Mar 2020 11:22:07 +0000 (12:22 +0100)]
tools: squashfskit4: fix build with GCC10
In order to build squashfskit with GCC10, this backport from upstream is needed.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
[increase PKG_RELEASE] Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit be4ed1db18e68cc57f03788b4529afbbf629411c)
Kevin Darbyshire-Bryant [Tue, 24 Mar 2020 11:05:27 +0000 (11:05 +0000)]
build: prereq: tidy gcc version checks
There is a restriction in the number of parameters(10) that may be passed to
the SetupHostCommand macro so continually adding explicit gcc'n' version
checks ends up breaking the compiler check for the later versions and
oddballs like Darwin as was done in 835d1c68a0 which added gcc10.
Drop all the explicitly specified gcc version checks. If a suitable gcc
compiler is not found, it may be specified at the dependency checking
stage after which that version will be symlinked into the build staging
host directory.
eg. 'CC=gccfoo CXX=g++foo make prereq'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Acked-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 1fb3c003d68d3feaf797e8b64edccc9fa622d250)
Robert Marko [Wed, 18 Mar 2020 18:39:43 +0000 (19:39 +0100)]
build: add GCC 10 version detection
Lets add GCC 10 detection to the build system as distributions like Fedora 32 have started shipping with it.
Some tools like mtd-utils need work to compile under GCC10, but that will be next step.
Eneas U de Queiroz [Fri, 27 Mar 2020 02:20:08 +0000 (23:20 -0300)]
openssl: revert EOF detection change in 1.1.1
This adds patches to avoid possible application breakage caused by a
change in behavior introduced in 1.1.1e. It affects at least nginx,
which logs error messages such as:
nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error: 4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while
keepalive, client: xxxx, server: [::]:443
Openssl commits db943f4 (Detect EOF while reading in libssl), and 22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the
behavior when encountering an EOF in SSL_read(). Previous behavior was
to return SSL_ERROR_SYSCALL, but errno would still be 0. The commits
being reverted changed it to SSL_ERRO_SSL, and add an error to the
stack, which is correct. Unfortunately this affects a number of
applications that counted on the old behavior, including nginx.
The reversion was discussed in openssl/openssl#11378, and implemented as
PR openssl/openssl#11400.
Petr Štetiar [Sat, 28 Mar 2020 12:42:05 +0000 (13:42 +0100)]
procd: turn error into debug message for missing ujail binary
Since commit 557f11b3a20f ("instance: provide error feedback if ujail
binary is missing") worrying log spam of the form "unable to find
/sbin/jail ..." may be encountered.
This corresponds with the changes done in the upstream commit bcb86554f1b4 ("instance: add 'requirejail' attribute").
Ref: https://forum.openwrt.org/t/openwrt-19-07-2-service-release/57066 Signed-off-by: Petr Štetiar <ynezz@true.cz>
Baptiste Jonglez [Thu, 26 Mar 2020 18:03:42 +0000 (19:03 +0100)]
ar71xx: Fix gigabit switch support for Mikrotik RB951G-2HnD
Without this patch, when using rev 3 of the Atheros AR9344 SoC, the
gigabit switch (AR8327) does not work or works very erratically.
This is a re-spin of http://patchwork.ozlabs.org/patch/419857/ with a
different PLL value, according to the feedback from several users
(including myself) as shown here:
Performance is acceptable: testing L3 forwarding without NAT yields a
performance of 370 Mbit/s (iperf3 TCP) and 41 Kpps (iperf3 UDP with 64
bytes payload). Both tests show that 100% of CPU time is spent on softirq.
A similar fix for a different device (RB2011) was added in e457d22261
("Make GBit switch work on RB2011").
Flashing instructions:
Upload the factory image via the vendor firmware upgrade option.
Recovery:
Note that this device does not provide TFTP via ethernet like many
other TP-Link devices do. You will have to open the case if you
require recovery beyond failsafe.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Tested-by: Sebastian Knapp <sebastian4842@outlook.com>
(cherry picked from commit 385f4868bc58b04e465db2fbcfce848a75009a74)
Flashing instructions:
Upload the factory image via the vendor firmware upgrade option.
Recovery:
Note that this device does not provide TFTP via ethernet like many
other TP-Link devices do. You will have to open the case if you
require recovery beyond failsafe.
Jan Alexander [Tue, 24 Mar 2020 12:36:57 +0000 (13:36 +0100)]
ar71xx: use status led for GL.iNet GL-AR750S
Use power led for device status.
The status led behavior has already been fixed in af28d8a539fe
("ath79: add support for GL.iNet GL-AR750S") when porting the
device to ath79. This fixes it for ar71xx as well.
Signed-off-by: Jan Alexander <jan@nalx.net>
[minor commit title/message adjustments] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit d394c354ee0e8660f876889f6293803c581cbf85)
Jordan Sokolic [Thu, 19 Mar 2020 12:23:22 +0000 (14:23 +0200)]
dnsmasq: add 'scriptarp' option
Add option 'scriptarp' to uci dnsmasq config to enable --script-arp functions.
The default setting is false, meaning any scripts in `/etc/hotplug.d/neigh` intended
to be triggered by `/usr/lib/dnsmasq/dhcp-script.sh` will fail to execute.
Also enable --script-arp if has_handlers returns true.
Signed-off-by: Jordan Sokolic <oofnik@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Daniel Golle [Sun, 22 Mar 2020 13:30:22 +0000 (13:30 +0000)]
oxnas: yet another irqchip related patch
This time DTS fix, again from Sungbo Eo <mans0n@gorani.run>
ARM: dts: oxnas: Fix clear-mask property
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9e5a25846f501acfd4aedccae8cef31ad8f2c456) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.
Flash instruction (TFTP):
1. Set PC to fixed ip address 192.168.0.66
2. Download *-factory.bin image and rename it to
wdr3500v1_tp_recovery.bin
3. Start a tftp server with the image file in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[removed stray newline] Signed-off-by: David Bauer <mail@david-bauer.net>
(backported from commit fbbb4eb8b41d59b38f41fe382c6e4108a36aa909) Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.
Flash instruction (TFTP):
1. Set PC to fixed IP address 192.168.0.66
2. Download *-factory.bin image and rename it to tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root
directory
4. Turn off the router
5. Press and hold reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time the firmware should
be transferred from the tftp server
8. Wait ~30 second to complete recovery
While TFTP works for OpenWrt images, my device didn't accept the
only available official firmware "Archer C60(EU)_V3.0_190115.bin".
In contrast to earlier revisions (v2), the v3 contains the (same)
MAC address twice, once in 0x1fa08 and again in 0x1fb08.
While the partition-table on the device refers to the latter, the
firmware image contains a different partition-table for that region:
While the MAC address is present twice, other data like the PIN isn't,
so with the partitioning from the firmware image the PIN on the device
would actually be outside of its partition.
Consequently, the patch uses the MAC location from the device (which
is the same as for the v2).
Daniel Golle [Thu, 19 Mar 2020 22:37:17 +0000 (22:37 +0000)]
oxnas: backport patch fixing hang after reboot
Sungbo Eo <mans0n@gorani.run> posted a patch fixing the long-standing
reboot problem on the OXNAS OX820 platform:
irqchip/versatile-fpga: Handle chained IRQs properly
It got queued for 5.7. Import it to oxnas target patches for now.
Fixes: b4917fa907 ("oxnas: fix oxnas-rps-timer dt-match") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 67b04e767a0dcd01d39fe71eed9bdff7d5be72f0)
projects / users / dwmw2 / openwrt.git / log