| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Turns out auditd depends on libev. Lets have that in packages.git.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Deactivate multiple personalities support, because this causes compile
problems at least on the x86/64 target. As OpenWrt compiles all
binaries itself all binaries will use the native personality which is
also used by strace. This change will make it impossible to debug i386
binaries on x86_64 OpenWrt targets for example.
Just deactivate it for ARM64 too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
| |
hwclock was fixed to work with musl.
Unfortunately, the fix breaks under musl 1.2.x. Backported patch to fix
that.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switched to upstream tarballs.
Switched to libcxxabi as using libsupc++ is quite wonky.
Fixed description.
Removed patches. The fixes are cosmetic.
Added ssp patch. This one is needed for i386 and powerpc under musl.
Compile tested every C++ package in the tree with the exception of
several boost packages. There's something broken with boost.
Ran tested with gerbera.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will be used for libcxx.
libcxxabi is needed as libsupc++ is not good enough for libcxx. It uses
GCC specific stuff which causes failed compilation for some packages.
There are also runtime issues, most notably with cxxopts where the
program just crashes.
Reference: https://github.com/gerbera/gerbera/issues/795
Added patch to fix ARM compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Static libraries and headers of libselinux and libsepol are required
for checkpolicy to build.
Fixes error:
policy_parse.y:45:10: fatal error: sepol/policydb/expand.h: No such file or directory
#include <sepol/policydb/expand.h>
^~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes build error:
load_policy.c:11:10: fatal error: libintl.h: No such file or directory
#include <libintl.h> /* for gettext() */
^~~~~~~~~~~
compilation terminated.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FCC ID: U2M-ENH200
Engenius ENH202 is an outdoor wireless access point with 2 10/100 ports,
built-in ethernet switch, internal antenna plates and proprietery PoE.
Specification:
- Qualcomm/Atheros AR7240 rev 2
- 40 MHz reference clock
- 8 MB FLASH ST25P64V6P (aka ST M25P64)
- 32 MB RAM
- UART at J3 (populated)
- 2x 10/100 Mbps Ethernet (built-in switch at gmac1)
- 2.4 GHz, 2x2, 29dBm (Atheros AR9280 rev 2)
- internal antenna plates (10 dbi, semi-directional)
- 5 LEDs, 1 button (LAN, WAN, RSSI) (Reset)
Known Issues:
- Sysupgrade from ar71xx no longer possible
- Power LED not controllable, or unknown gpio
MAC addresses:
eth0/eth1 *:11 art 0x0/0x6
wlan *:10 art 0x120c
The device label lists both addresses, WLAN MAC and ETH MAC,
in that order.
Since 0x0 and 0x6 have the same content, it cannot be
determined which is eth0 and eth1, so we chose 0x0 for both.
Installation:
2 ways to flash factory.bin from OEM:
- Connect ethernet directly to board (the non POE port)
this is LAN for all images
- if you get Failsafe Mode from failed flash:
only use it to flash Original firmware from Engenius
or risk kernel loop or halt which requires serial cable
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
In upper right select Reset
"Restore to factory default settings"
Wait for reboot and login again
Navigate to "Firmware Upgrade" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt boot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9f670000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
Return to OEM:
If you have a serial cable, see Serial Failsafe instructions
*DISCLAIMER*
The Failsafe image is unique to Engenius boards.
If the failsafe image is missing or damaged this will not work
DO NOT downgrade to ar71xx this way, can cause kernel loop or halt
The easiest way to return to the OEM software is the Failsafe image
If you dont have a serial cable, you can ssh into openwrt and run
`mtd -r erase fakeroot`
Wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
Format of OEM firmware image:
The OEM software of ENH202 is a heavily modified version
of Openwrt Kamikaze bleeding-edge. One of the many modifications
is to the sysupgrade program. Image verification is performed
simply by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names...
openwrt-senao-enh202-uImage-lzma.bin
openwrt-senao-enh202-root.squashfs
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring, and by swapping headers to see
what the OEM upgrade utility accepts and rejects.
OKLI kernel loader is required because the OEM firmware
expects the kernel to be no greater than 1024k
and the factory.bin upgrade procedure would otherwise
overwrite part of the kernel when writing rootfs.
Note on built-in switch:
ENH202 is originally configured to be an access point,
but with two ethernet ports, both WAN and LAN is possible.
the POE port is gmac0 which is preferred to be
the port for WAN because it gives link status
where swconfig does not.
Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[assign label_mac in 02_network, use ucidef_set_interface_wan,
use common device definition, some reordering]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Engenius ENS202EXT v1 is an outdoor wireless access point with 2 10/100 ports,
with built-in ethernet switch, detachable antennas and proprietery PoE.
FCC ID: A8J-ENS202
Specification:
- Qualcomm/Atheros AR9341 v1
- 535/400/200/40 MHz (CPU/DDR/AHB/REF)
- 64 MB of RAM
- 16 MB of FLASH MX25L12835F(MI-10G)
- UART (J1) header on PCB (unpopulated)
- 2x 10/100 Mbps Ethernet (built-in switch Atheros AR8229)
- 2.4 GHz, up to 27dBm (Atheros AR9340)
- 2x external, detachable antennas
- 7x LED (5 programmable in ath79), 1x GPIO button (Reset)
Known Issues:
- Sysupgrade from ar71xx no longer possible
- Ethernet LEDs stay on solid when connected, not programmable
MAC addresses:
eth0/eth1 *:7b art 0x0/0x6
wlan *:7a art 0x1002
The device label lists both addresses, WLAN MAC and ETH MAC,
in that order.
Since 0x0 and 0x6 have the same content, it cannot be
determined which is eth0 and eth1, so we chose 0x0 for both.
Installation:
2 ways to flash factory.bin from OEM:
- Connect ethernet directly to board (the non POE port)
this is LAN for all images
- if you get Failsafe Mode from failed flash:
only use it to flash Original firmware from Engenius
or risk kernel loop which requires serial cable
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
In upper right select Reset
"Restore to factory default settings"
Wait for reboot and login again
Navigate to "Firmware Upgrade" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt boot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9fdf0000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
*If you are unable to get network/LuCI after flashing*
You must perform another factory reset:
After waiting 3 minutes or when Power LED stop blinking:
Hold Reset button for 15 seconds while powered on
or until Power LED blinks very fast
release and wait 2 minutes
Return to OEM:
If you have a serial cable, see Serial Failsafe instructions
*DISCLAIMER*
The Failsafe image is unique to this model.
The following directions are unique to this model.
DO NOT downgrade to ar71xx this way, can cause kernel loop
The easiest way to return to the OEM software is the Failsafe image
If you dont have a serial cable, you can ssh into openwrt and run
`mtd -r erase fakeroot`
Wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
TFTP Recovery:
For some reason, TFTP is not reliable on this board.
Takes many attempts, many timeouts before it fully transfers.
Starting with an initramfs.bin:
Connect to ethernet
set IP address and TFTP server to 192.168.1.101
set up infinite ping to 192.168.1.1
rename the initramfs.bin to "vmlinux-art-ramdisk" and host on TFTP server
disconnect power to the board
hold reset button while powering on board for 8 seconds
Wait a minute, power LED should blink eventually if successful
and a minute after that the pings should get replies
You have now loaded a temporary Openwrt with default settings temporarily.
You can use that image to sysupgrade another image to overwrite flash.
Format of OEM firmware image:
The OEM software of ENS202EXT is a heavily modified version
of Openwrt Kamikaze bleeding-edge. One of the many modifications
is to the sysupgrade program. Image verification is performed
simply by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names...
openwrt-senao-ens202ext-uImage-lzma.bin
openwrt-senao-ens202ext-root.squashfs
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring, and by swapping headers to see
what the OEM upgrade utility accepts and rejects.
Note on the factory.bin:
The newest kernel is too large to be in the kernel partition
the new ath79 kernel is beyond 1592k
Even ath79-tiny is 1580k
Checksum fails at boot because the bootloader (modified uboot)
expects kernel to be 1536k. If the kernel is larger, it gets
overwritten when rootfs is flashed, causing a broken image.
The mtdparts variable is part of the build and saving a new
uboot environment will not persist after flashing.
OEM version might interact with uboot or with the custom
OEM partition at 0x9f050000.
Failed checksums at boot cause failsafe image to launch,
allowing any image to be flashed again.
HOWEVER: one should not install older Openwrt from failsafe
because it can cause rootfs to be unmountable,
causing kernel loop after successful checksum.
The only way to rescue after that is with a serial cable.
For these reasons, a fake kernel (OKLI kernel loader)
and fake squashfs rootfs is implemented to take care of
the OEM firmware image verification and checksums at boot.
The OEM only verifies the checksum of the first image
of each partition respectively, which is the loader
and the fake squashfs. This completely frees
the "firmware" partition from all checks.
virtual_flash is implemented to make use of the wasted space.
this leaves only 2 erase blocks actually wasted.
The loader and fakeroot partitions must remain intact, otherwise
the next boot will fail, redirecting to the Failsafe image.
Because the partition table required is so different
than the OEM partition table and ar71xx partition table,
sysupgrades are not possible until one switches to ath79 kernel.
Note on sysupgrade.tgz:
To make things even more complicated, another change is needed to
fix an issue where network does not work after flashing from either
OEM software or Failsafe image, which implants the OEM (Openwrt Kamikaze)
configuration into the jffs2 /overlay when writing rootfs from factory.bin.
The upgrade script has this:
mtd -j "/tmp/_sys/sysupgrade.tgz" write "${rootfs}" "rootfs"
However, it also accepts scripts before and after:
before_local="/etc/before-upgradelocal.sh"
after_local="/etc/after-upgradelocal.sh"
before="before-upgrade.sh"
after="after-upgrade.sh"
Thus, we can solve the issue by making the .tgz an empty file
by making a before-upgrade.sh in the factory.bin
Note on built-in switch:
There is two ports on the board, POE through the power supply brick,
the other is on the board. For whatever reason, in the ar71xx target,
both ports were on the built-in switch on eth1. In order to make use
of a port for WAN or a different LAN, one has to set up VLANs.
In ath79, eth0 and eth1 is defined in the DTS so that the
built-in switch is seen as eth0, but only for 1 port
the other port is on eth1 without a built-in switch.
eth0: switch0
CPU is port 0
board port is port 1
eth1: POE port on the power brick
Since there is two physical ports,
it can be configured as a full router,
with LAN for both wired and wireless.
According to the Datasheet, the port that is not on the switch
is connected to gmac0. It is preferred that gmac0 is chosen as WAN
over a port on an internal switch, so that link status can pass
to the kernel immediately which is more important for WAN connections.
Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[apply sorting in 01_leds, make factory recipe more generic, create common
device node, move label-mac to 02_network, add MAC addresses to commit
message, remove kmod-leds-gpio, use gzip directly]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[removed python part for inclusion in core]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[fix build with GCC 10 and disable MIPS16 as build emits sync instruction]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for building bpftool and libbpf from the latest 5.8.3 kernel
sources, ensuring up-to-date functionality and fixes. Both are written to
be backwards compatible, which simplfies build and usage across different
OpenWRT image kernels.
'bpftool' is the primary userspace tool widely used for introspection and
manipulation of eBPF programs and maps. Two variants are built: a 'full'
version which supports object disassembly and depends on libbfd/libopcodes
(total ~500KB); and a 'minimal' version without disassembly functions and
dependencies. The default 'minimal' variant is otherwise fully functional,
and both are compiled using LTO for further (~30KB) size reductions.
'libbpf' provides shared/static libraries and dev files needed for building
userspace programs that perform eBPF interaction.
Several cross-compilation and build-failure problems are addressed by new
patches and ones backported from farther upstream:
* 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
* 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
* 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
* 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The variable VERSION_REPO is used by opkg to download package(list)s.
Now that the default installation support encrypted HTTP opkg should
make use of it.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
|
| |
|
|
|
|
|
| |
Instead of using http and https for source downloads from
downloads.openwrt.org, always use https for it's better security.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| |
|
|
|
|
|
|
| |
The usage of granular `SOURCE_DATE_EPOCH` for packages is an
incrementing integer which could be useful for downstream tooling,
therefore add it to the packages manifest.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| |
|
|
|
|
|
| |
Instead of using INSTALL_SUID use the more flexible PKG_FILE_MODES
variable withn the Makefile to set the SUID bit.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| |
|
|
|
|
|
| |
4318ab1 opkg: allow to configure the path to the signature verification script
cf44c2f libopkg: fix compiler warning
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
| |
Two versions of `px5g` exists without sharing code. For clarification
rename the previously existing MbedTLS based version to `px5g-mbedtls`
to exists next to `px5g-wolfssl`.
Rename code file of MbedTLS from `px5g.c` to `px5g-mbedtls.c`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| |
|
|
|
|
|
| |
This package creates certificates and private keys, just like `px5g`
does. Hower it uses WolfSSL rather than MbedTLS.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| |
|
|
|
|
| |
The option allows to generate certificates.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| |
|
|
|
|
|
|
|
| |
As the package curl has been moved to packages.git and only libcurl
depends on libnghttps move it as well to packages.git.
This is based on the Hamburg 2019 decision that non essential packages
should move outside base.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 2.20200229, adjust Makefile, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
| |
|
|
|
|
| |
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
| |
|
|
|
|
| |
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, use ALTERNATIVES, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
| |
|
|
|
|
|
| |
The activity trigger flashes like the heartbeat trigger, but adjusts
based on system load.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The ipk sizes for mips_24Kc change like this:
old:
ethtool_5.4-1_mips_24kc.ipk 101.909
new:
ethtool_5.8-1_mips_24kc.ipk 109.699
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ipk sizes for mips_24Kc change like this:
old:
ip-full_5.7.0-2_mips_24kc.ipk 165.786
ip-tiny_5.7.0-2_mips_24kc.ipk 117.730
tc_5.7.0-2_mips_24kc.ipk 144.405
new:
ip-full_5.8.0-1_mips_24kc.ipk 169.775
ip-tiny_5.8.0-1_mips_24kc.ipk 119.808
tc_5.8.0-1_mips_24kc.ipk 149.053
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
| |
Backport a fix from kernel 5.8.3.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
| |
This target has been mostly replaced by ath79 and won't be included
in the upcoming release anymore. Finally put it to rest.
This also removes all references in packages, tools, etc. as well as
the uboot-ar71xx and vsc73x5-ucode packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
| |
|
|
|
|
|
|
|
|
| |
In a multi-wan setup, netifd may need guidance on which wan device to
use to create the route to the remote peer.
This commit adds a 'tunlink' option similar to other tunneling interfaces
such as 6in4, 6rd, gre, etc.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
|
| |
|
|
|
|
|
|
| |
curl is replaced by uclient-fetch within the OpenWrt build system and we
can therefore move curl to packages.git. This is based on the Hamburg
2019 decision that non essential packages should move outside base.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following compile errors after the wolfssl 4.5.0 update:
LD wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
type = GEN_EMAIL;
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
type = GEN_DNS;
^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
type = GEN_URI;
^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
if (gen->type != GEN_EMAIL &&
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
gen->type != GEN_DNS &&
^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
gen->type != GEN_URI)
^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed
Fixes: 00722a720c77 ("wolfssl: Update to version 4.5.0")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The release notes says this:
As already said, the changes since 2.1.1 are primarily bug fixes, addressing
compiler warnings and issues reported by diagnostic tools, but also build
failures for some configurations.
https://lists.infradead.org/pipermail/linux-mtd/2020-July/081299.html
The size of the ubi-utils ipk increases on mips BE by 0.2%
old:
ubi-utils_2.1.1-1_mips_24kc.ipk: 70992
new:
ubi-utils_2.1.2-1_mips_24kc.ipk: 71109
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
channel attacks are present.
* Leak of private key in the case that PEM format private keys are
bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application.
Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/
Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255
The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
| |
Instead of using mbedtls by default use wolfssl. We now integrate
wolfssl in the default build so use it also as default ssl library for
curl.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
| |
Backport a commit from upstream curl to fix a problem in configure with
wolfssl.
checking size of time_t... configure: error: cannot determine a size for time_t
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
| |
The indent in Makefile is mixed, harmonize it where reasonable.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
| |
|
|
|
|
| |
The indent in Makefiles is mixed, harmonize it where reasonable.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces the vendor_model scheme to this target in order to
harmonize device names within the target and with the rest of
OpenWrt. In addition, custom board names are dropped in favor
of the generic script which takes the compatible.
Use the SUPPORTED_DEVICES variable to store the compatible where it
deviates from the device name, so we can use it in build recipes.
While at it, harmonize a few indents as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
| |
|
|
|
|
|
| |
Bump version to linux4sam-2020.04 and add patch to fix Wformat-security
warnings.
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
|
| |
|
|
| |
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
f0beb7cbc443 mt76: mt7663u: fix memory leaks in mt7663u_probe
90c8422d3f56 mt76: mt7915: fix typo in function name
9cbbe4a30eaf mac80211: simplify TX aggregation start
974486ec2642 util: in worker setup, only overwrite function pointer if not NULL
519510277a8b mt76: initialize tx worker function earlier
3c361b1e3f4e mt76: mt7663u: fix dma header initialization
e8d489647c7f mt76: usb: fix use of q->head and q->tail
8124daf53130 mt76: sdio: fix use of q->head and q->tail
3c2cd8580377 mt76: unify queue tx cleanup code
780cdabb8659 mt76: remove qid argument to drv->tx_complete_skb
05aa857861fc mt76: remove swq from struct mt76_sw_queue
e861cb051833 mt76: rely on AQL for burst size limits on tx queueing
3218b914a2fb mt76: remove struct mt76_sw_queue
23529b5e93c1 mt76: mt7603: tune tx ring size
f6ca436ebea4 mt76: mt76x02: tune tx ring size
97e65131440c mt76: mt7603: check for single-stream EEPROM configuration
957b6c5ac273 mt76: mt7615: fix MT_ANT_SWITCH_CON register definition
96a541eedda9 mt76: mt7615: fix antenna selection for testmode tx_frames
b36d7ae096a3 mt76: mt7603: move number of streams detection to eeprom init
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
| |
Fixes: 6c57fb7aa93d ("firewall: bump to version 2020-07-05")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch,
and provides bug fixes and minor enhancements. This release includes
fixes for security issues and the most severe one is described in more
detail in a security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07
* Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
* Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private
key that didn't include the uncompressed public key), as well as
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
f_rng argument. An attacker with access to precise enough timing and
memory access information (typically an untrusted operating system
attacking a secure enclave) could fully recover the ECC private key.
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
macros).
Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some
changes to the download URLs are required. For the time being, the
ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[Use https://codeload.github.com and new tar.gz file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
93e2334 exfat: fix build error on linux-5.4,5.5 kernel
01a7b8c exfat: fix name_hash computation on big endian systems
8f92bc0 exfat: fix wrong size update of stream entry by typo
Removed commented material that was for testing compilation.
Removed patch as the error was fixed upstream. First entry above.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The driver currently only support managed and monitor mode
Changes since v1:
- drop the @DRIVER_11N_SUPPORT dependency
Signed-off-by: mohammad rasim <mohammad.rasim96@gmail.com>
|
| |
|
|
|
|
|
| |
Changelog:
https://ipset.netfilter.org/changelog.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For example, Turris MOX SDIO card is using Marvell (NXP) 88W8997 chip.
Technical specs of 88W8997:
- 28nm
- 802.11 ac wave-2
It should support simultaneous dual-band 2.4 GHz and 5 GHz,
but it requires to support multiSSID for one Wi-Fi card [1], which is
not supported in OpenWrt, yet and if we tried to run two instances of
hostapd, it didn't work well, so it's 2.4 GHz or 5 GHz.
- 2x2 MU-MIMO
- Bluetooth 5.1 with LE support
- Unfortunately, there can be connected only 8 clients at the same time
(limited by FW, however, there exists "enterprise" chip, its equal chip,
it is just different that it uses different FW)
Symlink is necessary as mwifiex_sdio tries to load sd8997_uapsta.bin
[ 13.651182] mwifiex_sdio mmc0:0001:1: Direct firmware load for mrvl/sd8997_uapsta.bin failed with error -2
[ 13.661065] mwifiex_sdio mmc0:0001:1: Falling back to user helper
[ 13.684880] firmware mrvl!sd8997_uapsta.bin: firmware_loading_store: map pages failed
[ 13.695910] mwifiex_sdio mmc0:0001:1: Failed to get firmware mrvl/sd8997_uapsta.bin
[ 13.703774] mwifiex_sdio mmc0:0001:1: info: _mwifiex_fw_dpc: unregister device
Pali Rohár sent two patches [2] [3] into kernel to fix default firmware name for SD8997, so
the symlink will not be required in the future versions of kernel, which
was accepted and right now, according to my details it was backported to 5.8, 5.7 and 5.4
[1] https://bugs.openwrt.org/index.php?do=details&task_id=3243
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=00eb0cb36fad5
[3] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2e1fcac52a9ea
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
git log --pretty=oneline --abbrev-commit 20200619..20200817
7a30af1 (HEAD -> master, tag: 20200817, origin/master, origin/main, origin/HEAD) Merge branch 'i915-firmware-updates-08-2020' of git://anongit.freedesktop.org/drm/drm-firmware into main
923bfa6 brcm: Add brcmfmac43455-sdio.raspberrypi,3-model-a-plus.txt symlink
33e11ab rtl_bt: Update RTL8822C BT UART firmware to 0x0599_8A4F
1b81373 i915: Add DMC firmware 2.02 for RKL
bdf8d7a i915: Add DMC firmware 2.08 for TGL
1bcdc9a i915: Add HuC firwmare v7.5.0 for TGL
c331aa9 amdgpu: update vega20 firmware for 20.30
a434387 amdgpu: update vega12 firmware for 20.30
49e9ea8 amdgpu: update vega10 firmware for 20.30
d89e9b1 amdgpu: update renoir firmware for 20.30
373c08a amdgpu: update raven2 firmware for 20.30
69ca06e amdgpu: update raven firmware for 20.30
12042c2 amdgpu: update picasso firmware for 20.30
2c9d97a amdgpu: update navi14 firmware for 20.30
eaa3e55 amdgpu: update navi10 firmware for 20.30
9bc3789 linux-firmware: update NXP SDSD-8997 firmware image
6c79b68 Mellanox: Add new mlxsw_spectrum firmware xx.2008.1036
2b823fc (tag: 20200721) linux-firmware: Update AMD SEV firmware
e33306f Merge branch 'qca_0714' of https://github.com/bgodavar/qca_bt_fw into main
1d1c80b Update to 20200629111339 version to aligh SDK. Mainly fix DFS false alarm.
69c7f0b rtl_nic: update firmware for RTL8125B
f39b687 Update binary firmware for MT7663 based devices to include firmware offload feature and low power feature.
3882702 QCA: Add correct bin file for WCN3991
3d3a06f linux-firmware: Update firmware file for Intel Bluetooth AX201
b7849f7 linux-firmware: Update firmware file for Intel Bluetooth AX200
07b0375 linux-firmware: Update firmware file for Intel Bluetooth 9560
44bf1b1 linux-firmware: Update firmware file for Intel Bluetooth 9260
7169ab3 linux-firmware: wilc1000: add wilc1000 v15.4 FW
b1497fc Merge https://github.com/rjliao-qca/qca-btfw into main
c4e04b4 QCA: Update Bluetooth firmware for QCA6390
74ac3b5 Merge https://github.com/bgodavar/qca_wcn3991 into main
1a0c0c2 amdgpu: add UVD firmware for SI asics
24cc617 QCA: Update WCN3991 FW files
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For many target we have added CONFIG_WATCHDOG_CORE=y to the target
config due to the following error:
Package kmod-hwmon-sch5627 is missing dependencies for the following
libraries:
watchdog.ko
However, actually the proper way appears to be setting the
dependency for the kmod-hwmon-sch5627 package, as the error message
demands.
Do this in this patch and remove the target config entries added
due to this issue.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
