[OpenWrt-Devel] [PATCH] buildbot: signall.sh store usign.key as usign.sec
The signall.sh script signs all files inside a tar via GPG and signify-openbsd (similar to usign)e and attaches the signatures to the same archive. Using more recent versions of signify-openbsd requires a specific naming schema for keys, private ending with .sec and public with .pub. This was introduced at 763e1148f68f03cb2fa85d022500acf8c66af222[0]. This patch renames the stored key as usign.sec instead of usign.key. As of the temporary nature of the key storing, this very unlikely breaks any existing setups. [0]: https://github.com/openbsd/src/commit/763e1148f68f03cb2fa85d022500acf8c66af222 Signed-off-by: Paul Spooren --- Tested and working on Debian 10 https://buildmaster.aparcar.org/#/builders/79/builds/4/steps/64/logs/stdio scripts/signall.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/signall.sh b/scripts/signall.sh index 269375f..8f39500 100755 --- a/scripts/signall.sh +++ b/scripts/signall.sh @@ -84,11 +84,11 @@ if [ -n "$USIGNKEY" ]; then fi umask 077 - printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.key" + printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.sec" umask 022 find "$tmpdir/tar/" -type f -not -name "*.asc" -and -not -name "*.sig" -exec \ - signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.key")" -m "{}" \; || finish 5 + signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.sec")" -m "{}" \; || finish 5 fi tar -C "$tmpdir/tar/" -czf "$tarball" . || finish 6 -- 2.24.0.rc1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] base-files: add /usr/share/libubox/jshn.sh to sysupgrade stage2
It should be harmless. +1 On Wed, Nov 13, 2019 at 3:22 PM wrote: > Hi, > > > -Original Message- > > From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org] > > On Behalf Of Russell Senior > > Sent: Donnerstag, 14. November 2019 00:16 > > To: Daniel Golle > > Cc: openwrt-devel@lists.openwrt.org > > Subject: Re: [OpenWrt-Devel] [PATCH] base-files: add > > /usr/share/libubox/jshn.sh to sysupgrade stage2 > > > > > "Daniel" == Daniel Golle writes: > > > > Daniel> Hi Russell, > > Daniel> On Tue, Nov 12, 2019 at 03:33:48PM -0800, Russell Senior wrote: > > >> > > >> Discovered recent changes had broken sysupgrade for ar71xx mikrotik > > >> rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh > > >> after switching to tmpfs. > > > > Daniel> I've applied your patch to master. Do we need to apply it for > > Daniel> openwrt-19.07 as well? > > > > I'm not sure, I haven't tested 19.07. > > I think most of the sysupgrade changes have been backported. Despite, we > are fixing ar71xx here, it makes no sense to fix ar71xx in master only ... > And adding a file should not break anything, in worst case the file would > be just useless? > > So, I'd vote for backport. > > Best > > Adrian > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] Build problems for kernel zImage and squashfs for the PowerPC P1020
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software.--- Begin Message --- I posted this to the forum, so I’ll post it to the mail list as well. Some time ago, I don't know exactly when, the standard configuration for the MPC85XX OpenWRT seems to have deleted the building of the following files. Currently it seems to build for some board named 'panda', or 'hive', which don't match my board that I've been building OpenWRT for, for the last 5 or so years. There seems to be the option somewhere to build these files, but I can not figure out what options at the top level to just make it happen. Has anyone else had this problem or does anyone use the PowerPC with OpenWRT since the grand amalgamation of LED and OpenWRT. Help/explanation would be appreciated. John C. --- End Message --- ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] base-files: add /usr/share/libubox/jshn.sh to sysupgrade stage2
Hi, > -Original Message- > From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org] > On Behalf Of Russell Senior > Sent: Donnerstag, 14. November 2019 00:16 > To: Daniel Golle > Cc: openwrt-devel@lists.openwrt.org > Subject: Re: [OpenWrt-Devel] [PATCH] base-files: add > /usr/share/libubox/jshn.sh to sysupgrade stage2 > > > "Daniel" == Daniel Golle writes: > > Daniel> Hi Russell, > Daniel> On Tue, Nov 12, 2019 at 03:33:48PM -0800, Russell Senior wrote: > >> > >> Discovered recent changes had broken sysupgrade for ar71xx mikrotik > >> rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh > >> after switching to tmpfs. > > Daniel> I've applied your patch to master. Do we need to apply it for > Daniel> openwrt-19.07 as well? > > I'm not sure, I haven't tested 19.07. I think most of the sysupgrade changes have been backported. Despite, we are fixing ar71xx here, it makes no sense to fix ar71xx in master only ... And adding a file should not break anything, in worst case the file would be just useless? So, I'd vote for backport. Best Adrian openpgp-digital-signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] base-files: add /usr/share/libubox/jshn.sh to sysupgrade stage2
> "Daniel" == Daniel Golle writes: Daniel> Hi Russell, Daniel> On Tue, Nov 12, 2019 at 03:33:48PM -0800, Russell Senior wrote: >> >> Discovered recent changes had broken sysupgrade for ar71xx mikrotik >> rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh >> after switching to tmpfs. Daniel> I've applied your patch to master. Do we need to apply it for Daniel> openwrt-19.07 as well? I'm not sure, I haven't tested 19.07. -- Russell Senior, President russ...@personaltelco.net ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] Security Advisory 2019-11-05-2 - LuCI CSRF vulnerability (CVE-2019-17367)
Security Advisory 2019-11-05-2 - LuCI CSRF vulnerability (CVE-2019-17367) DESCRIPTION A logic flaw in LuCI's HTTP routing component led to ineffective CSRF token testing for various request endpoints, specifically ones using the `arcombine()` dispatch action. This allows 3rd party web pages running in the same browser session as an active LuCI login session to perform unintended operations on the device without user intervention, such as changing firewall rules or reconfiguring the network. REQUIREMENTS In order to exploit this vulnerability, a user needs to be logged into LuCI while visiting malicious websites in the same browser session, e.g. within a different tab. MITIGATIONS To fix this issue, update the affected LuCI package using the command below. `opkg update; opkg upgrade luci-base` The fix is contained in the following and later versions: - OpenWrt master: git-19.282.28544-f8c6eb6 - OpenWrt 19.07: git-19.282.28544-f8c6eb6 - OpenWrt 18.06: git-19.282.28671-ee38da9 To workaround the problem, avoid visiting malicious sites while being logged into LuCI. Changing the default router IP and hostname can also help to mitigate the issue somewhat as CSRF exploits require predictable URL targets to work. AFFECTED VERSIONS To our knowledge, LuCI packages with OpenWrt versions 18.06.0 to 18.06.4 are affected. The fixed LuCI packages are integrated in the OpenWrt 18.06.5, OpenWrt 19.07.0-rc1 and subsequent releases. Older versions of OpenWrt (e.g. OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more. CREDITS The issue has been reported by Abhinav Mohanty , Parag Mhatre and Dr. Meera Sridhar from the University of North Carolina, Charlotte on 8th October 2019. The issue has been fixed by Jo-Philipp Wich REFERENCES https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17367 https://github.com/openwrt/luci/commit/f8c6eb67cd9da09ee20248fec6ab742069635e47 https://github.com/openwrt/luci/commit/ee38da958abeceb31fbd1f3b8e42afe5897dde7f ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] Security Advisory 2019-11-05-1 - LuCI stored XSS
Security Advisory 2019-11-05-1 - LuCI stored XSS DESCRIPTION A vulnerability has been reported in LuCI which allows injection of script code through maliciously crafted wireless network SSIDs. When joining a wireless network by clicking Network -> Wireless -> Join, the subsequent configuration view interprets the SSID of the network to join without proper escaping, allowing to execute arbitrary JavaScript in the client's web browser through network names which contains payload, for example AP Additionally the network interface overview displays configured wireless network SSID without proper escaping. Since the SSID string is stored in the UCI configuration, the issue effectively becomes a stored Stored Cross Site Scripting (XSS) vulnerability. REQUIREMENTS In order to exploit this vulnerability, a user needs to either explicitly pick a network with a malicious SSID from the wireless scan result list or manually add a wireless network with an SSID containing embedded script and browsing to the network interface overview page. The wireless scan result list is not affected by this issue, so no automatic script code execution is possible through it. MITIGATIONS To fix this issue, update the affected LuCI package using the command below. The fix is contained in version `git-19.309.48729-bc17ef673` and later. `opkg update; opkg upgrade luci-mod-admin-full` To workaround the problem, avoid joining networks with HTML code in the SSID. AFFECTED VERSIONS To our knowledge, LuCI packages with OpenWrt versions 18.06.0 to 18.06.4 are affected. OpenWrt 19.07 is not affected by this problem. The fixed LuCI packages are integrated in the OpenWrt 18.06.5. Older versions of OpenWrt (e.g. OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more. CREDITS The issue has been reported by Marcin Zieba on 27th October 2019 and independently by Ridwan Maulana on 5th November 2019. The issue has been fixed by Jo-Philipp Wich REFERENCES https://github.com/openwrt/luci/commit/bc17ef673f734ea8e7e696ba5735588da9111dcd ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] Security Advisory 2019-11-05-3 - ustream-ssl information disclosure (CVE-2019-5101, CVE-2019-5102)
Security Advisory 2019-11-05-3 - ustream-ssl information disclosure (CVE-2019-5101, CVE-2019-5102) DESCRIPTION An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. REQUIREMENTS In order to exploit this vulnerability, a malicious actor needs to perform a man-in-the-middle attack, presenting a requesting ustream-ssl client with any invalid certificate. The ustream-ssl client will eventually tear down the SSL connection due to that, but only after flushing pending data, e.g. the HTTP request payload in case of an HTTPS client application. MITIGATIONS To fix this issue, update the affected ustream-ssl packages using the command below. `opkg update; opkg upgrade libustream-mbedtls libustream-openssl` The fix is contained in the following and later versions: - OpenWrt master: 2019-11-05-c9b66682-1 - OpenWrt 19.07: 2019-08-17-e8f9c22d-2 - OpenWrt 18.06: 2018-07-30-23a3f283-2 AFFECTED VERSIONS To our knowledge, OpenWrt versions 18.06.0 to 18.06.4 are affected. The fixed packages are integrated in the OpenWrt 18.06.5, OpenWrt 19.07.0-rc1 and subsequent releases. Older versions of OpenWrt (e.g. OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more. CREDITS The issue has been reported by the Claudio Bozzato of Cisco Talos on 11th September 2019. http://talosintelligence.com/vulnerability-reports/ The issue has been fixed by Jo-Philipp Wich REFERENCES https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5101 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5102 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893 https://git.openwrt.org/?p=project/ustream-ssl.git;a=commitdiff;h=c9b6668215a27f2346d5eedd6f29cc720985b448 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Download link not working for 18.06.5 and 19.07.0rc1
>The OpenWrt front page has a "Download a firmware image for your device" for >each released version. However, the last two links are currently useless. Both >show no devices. >For 18.06.5, it seems that something somewhere must be updated from 18.06.4 to >18.06.5. Fixed. >For 19.07, it could be only a temporary issue while in RC. However, if so, >OpenWrt should not advertise that link for now. Fixed. Regards, Thomas ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] build: support python 3.8
LGTM On 11/13/19 10:09 AM, Thomas Weißschuh wrote: Signed-off-by: Thomas Weißschuh --- include/prereq-build.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/prereq-build.mk b/include/prereq-build.mk index 4c59910056..65baf1f5e5 100644 --- a/include/prereq-build.mk +++ b/include/prereq-build.mk @@ -144,12 +144,14 @@ $(eval $(call SetupHostCommand,perl,Please install Perl 5.x, \ $(eval $(call CleanupPython2)) $(eval $(call SetupHostCommand,python,Please install Python >= 3.5, \ + python3.8 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3.7 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3.6 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3.5 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?')) $(eval $(call SetupHostCommand,python3,Please install Python >= 3.5, \ + python3.8 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3.7 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3.6 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3.5 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 2/2] ath79: GL-AR750S (NOR/NAND): limit factory.img kernel size to 2 MB
From: Jeff Kletsky The present U-Boot for GL-AR750S has a limit of 2 MB for kernel size. While sysupgrade can manage kernels up to the present limit of 4 MB, directly flashing a factory.img with a kernel size greater than 2 MB through U-Boot will result in an unbootable device. This commit uses the newly-introduced check-kernel-size build operation to prevent the output of factory.img when the kernel exceeds 2 MB in size, yet permits output of sysupgrade.img as long as the kernel is within KERNEL_SIZE := 4096k Cc: Chuanhong Guo Signed-off-by: Jeff Kletsky --- target/linux/ath79/image/nand.mk | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/target/linux/ath79/image/nand.mk b/target/linux/ath79/image/nand.mk index 7940167e1a..75c1af89bb 100644 --- a/target/linux/ath79/image/nand.mk +++ b/target/linux/ath79/image/nand.mk @@ -89,12 +89,15 @@ define Device/glinet_gl-ar750s-common VID_HDR_OFFSET := 2048 endef +# NB: The kernel size is intentionally restricted at this time; see commit message define Device/glinet_gl-ar750s-nor-nand $(Device/glinet_gl-ar750s-common) DEVICE_VARIANT := NOR/NAND BLOCKSIZE := 128k + GL_UBOOT_UBI_OFFSET := 2048k IMAGES += factory.img - IMAGE/factory.img := append-kernel | pad-to (KERNEL_SIZE) | append-ubi + IMAGE/factory.img := append-kernel | pad-to (GL_UBOOT_UBI_OFFSET) | \ + append-ubi | check-kernel-size (GL_UBOOT_UBI_OFFSET) IMAGE/sysupgrade.bin := sysupgrade-tar | append-metadata SUPPORTED_DEVICES += glinet,gl-ar750s-nor endef -- 2.20.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 1/2] build: define check-kernel-size to remove unflashable images
From: Jeff Kletsky Certain boards have limitations on U-Boot that prevent flashing of images where the kernel size exceeds a threshold, yet sysupgrade can sucessfully manage larger kernels. The current check-size will remove the target artifact if its total size exceeds the threshold. If applied after append-kernel, it will remove the kernel, but the remaining image-assembly steps will continue, resulting in an image without a kernel that is likely unbootable. By defining check-kernel-size, it is now possible to prevent release of such unbootable images through a construct similar to: IMAGE/factory.img := append-kernel | pad-to (GL_UBOOT_UBI_OFFSET) | \ append-ubi | check-kernel-size (GL_UBOOT_UBI_OFFSET) Cc: Chuanhong Guo Signed-off-by: Jeff Kletsky --- include/image-commands.mk | 7 +++ 1 file changed, 7 insertions(+) diff --git a/include/image-commands.mk b/include/image-commands.mk index 5dfd6a2c2f..f561ad4669 100644 --- a/include/image-commands.mk +++ b/include/image-commands.mk @@ -271,6 +271,13 @@ define Build/check-size } endef +define Build/check-kernel-size + @[ $$(($(subst k,* 1024,$(subst m, * 1024k,$(1) -ge "$$(stat -c%s $(IMAGE_KERNEL))" ] || { \ + echo "WARNING: Kernel for $@ is too big > $(1)" >&2; \ + rm -f $@; \ + } +endef + define Build/combined-image -sh $(TOPDIR)/scripts/combined-image.sh \ "$(IMAGE_KERNEL)" \ -- 2.20.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] build: support python 3.8
Signed-off-by: Thomas Weißschuh --- include/prereq-build.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/prereq-build.mk b/include/prereq-build.mk index 4c59910056..65baf1f5e5 100644 --- a/include/prereq-build.mk +++ b/include/prereq-build.mk @@ -144,12 +144,14 @@ $(eval $(call SetupHostCommand,perl,Please install Perl 5.x, \ $(eval $(call CleanupPython2)) $(eval $(call SetupHostCommand,python,Please install Python >= 3.5, \ + python3.8 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3.7 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3.6 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3.5 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?')) $(eval $(call SetupHostCommand,python3,Please install Python >= 3.5, \ + python3.8 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3.7 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3.6 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ python3.5 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \ -- 2.24.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] base-files: add /usr/share/libubox/jshn.sh to sysupgrade stage2
Hi Russell, On Tue, Nov 12, 2019 at 03:33:48PM -0800, Russell Senior wrote: > > Discovered recent changes had broken sysupgrade for ar71xx mikrotik > rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh after > switching to tmpfs. I've applied your patch to master. Do we need to apply it for openwrt-19.07 as well? Cheers Daniel > > > Signed-off-by: Russell Senior > --- > package/base-files/files/lib/upgrade/stage2 | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/package/base-files/files/lib/upgrade/stage2 > b/package/base-files/files/lib/upgrade/stage2 > index 5d3d46ee80..41a3b2aeb3 100755 > --- a/package/base-files/files/lib/upgrade/stage2 > +++ b/package/base-files/files/lib/upgrade/stage2 > @@ -48,7 +48,7 @@ switch_to_ramfs() { > local file="$(which "$binary" 2>/dev/null)" > [ -n "$file" ] && install_bin "$file" > done > - install_file /etc/resolv.conf /lib/*.sh /lib/functions/*.sh > /lib/upgrade/*.sh /lib/upgrade/do_stage2 $RAMFS_COPY_DATA > + install_file /etc/resolv.conf /lib/*.sh /lib/functions/*.sh > /lib/upgrade/*.sh /lib/upgrade/do_stage2 /usr/share/libubox/jshn.sh > $RAMFS_COPY_DATA > > [ -L "/lib64" ] && ln -s /lib $RAM_ROOT/lib64 > > -- > 2.24.0 > > > > -- > Russell Senior, President > russ...@personaltelco.net > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH 1/2] ath79: split dts file for Netgear WNDR4300
Hi, > -Original Message- > From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org] > On Behalf Of Paul Blazejowski > Sent: Mittwoch, 13. November 2019 20:20 > To: openwrt-devel@lists.openwrt.org > Cc: Michal Cieslakiewicz > Subject: [OpenWrt-Devel] [PATCH 1/2] ath79: split dts file for Netgear > WNDR4300 this is 1:1 equivalent to the previous submission by Michal, which I will mark as superseded. The patch just copies everything to the DTSI: Reviewed-by: Adrian Schmutzler Best Adrian openpgp-digital-signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 2/2] ath79: add support for Netgear WNDR3700v4
This patch adds ath79 support for Netgear WNDR3700v4. Router was previously supported by ar71xx target only. Note: device requires 'ar934x-nand' driver in kernel. Specification = * Description: Netgear WNDR3700v4 * Loader: U-boot * SOC: Atheros AR9344 (560 MHz) * RAM: 128 MiB * Flash: 128 MiB (NAND) - U-boot binary: 256 KiB - U-boot environment: 256 KiB - ART: 256 KiB - POT: 512 KiB - Language: 2 MiB - Config: 512 KiB - Traffic Meter: 3 MiB - Firmware: 25 MiB - ART Backup: 256 KiB - Reserved: 96 MiB * Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8327) * Wireless: - 2.4 GHz b/g/n (internal) - 5 GHz a/n (AR9580) * USB: yes, 1 x USB 2.0 * Buttons: - Reset - WiFi (rfkill) - WPS * LEDs: - Power (amber/green) - WAN (amber/green) - WLAN 2G (green) - WLAN 5G (blue) - 4 x LAN (amber/green) - USB (green) - WPS (amber/green) * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1 * Power supply: DC 12V 2.5A * MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2 Installation * TFTP recovery * TFTP via U-boot prompt * sysupgrade * Web interface Note about partitioning: firmware partition offset (0x6c) is hardcoded into vendor's u-boot, so this partition cannot be moved and resized to include Netgear-specific flash areas (pot, language, config, traffic_meter) not used by OpenWrt. Test build configuration CONFIG_TARGET_ath79=y CONFIG_TARGET_ath79_nand=y CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr3700-v4=y CONFIG_ALL_KMODS=y CONFIG_DEVEL=y CONFIG_CCACHE=y CONFIG_COLLECT_KERNEL_DEBUG=y CONFIG_IMAGEOPT=y Signed-off-by: Paul Blazejowski --- package/boot/uboot-envtools/files/ath79 | 1 + .../linux/ath79/dts/ar9344_netgear_wndr3700-v4.dts | 9 + target/linux/ath79/image/nand.mk | 12 .../linux/ath79/nand/base-files/etc/board.d/01_leds | 1 + .../ath79/nand/base-files/etc/board.d/02_network | 2 ++ .../etc/hotplug.d/firmware/10-ath9k-eeprom | 2 ++ 6 files changed, 27 insertions(+) create mode 100644 target/linux/ath79/dts/ar9344_netgear_wndr3700-v4.dts diff --git a/package/boot/uboot-envtools/files/ath79 b/package/boot/uboot-envtools/files/ath79 index fefbb48801..c5c2a6b11e 100644 --- a/package/boot/uboot-envtools/files/ath79 +++ b/package/boot/uboot-envtools/files/ath79 @@ -39,6 +39,7 @@ buffalo,wzr-hp-ag300h) netgear,wndr3700) ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x2" "0x1" ;; +netgear,wndr3700-v4|\ netgear,wndr4300) ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x4" "0x2" ;; diff --git a/target/linux/ath79/dts/ar9344_netgear_wndr3700-v4.dts b/target/linux/ath79/dts/ar9344_netgear_wndr3700-v4.dts new file mode 100644 index 00..8a38aeab59 --- /dev/null +++ b/target/linux/ath79/dts/ar9344_netgear_wndr3700-v4.dts @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT +/dts-v1/; + +#include "ar9344_netgear_wndr.dtsi" + +/ { + compatible = "netgear,wndr3700-v4", "qca,ar9344"; + model = "Netgear WNDR3700 v4"; +}; diff --git a/target/linux/ath79/image/nand.mk b/target/linux/ath79/image/nand.mk index ef6b607002..75808dcbfb 100644 --- a/target/linux/ath79/image/nand.mk +++ b/target/linux/ath79/image/nand.mk @@ -80,6 +80,18 @@ define Device/netgear_ath79_nand UBINIZE_OPTS := -E 5 endef +define Device/netgear_wndr3700-v4 + ATH_SOC := ar9344 + DEVICE_MODEL := WNDR3700 + DEVICE_VARIANT := v4 + NETGEAR_KERNEL_MAGIC := 0x33373033 + NETGEAR_BOARD_ID := WNDR3700v4 + NETGEAR_HW_ID := 29763948+128+128 + SUPPORTED_DEVICES += wndr3700v4 + $(Device/netgear_ath79_nand) +endef +TARGET_DEVICES += netgear_wndr3700-v4 + define Device/netgear_wndr4300 ATH_SOC := ar9344 DEVICE_MODEL := WNDR4300 diff --git a/target/linux/ath79/nand/base-files/etc/board.d/01_leds b/target/linux/ath79/nand/base-files/etc/board.d/01_leds index f851b3d886..d95958dc88 100755 --- a/target/linux/ath79/nand/base-files/etc/board.d/01_leds +++ b/target/linux/ath79/nand/base-files/etc/board.d/01_leds @@ -11,6 +11,7 @@ case "$board" in glinet,gl-ar300m-nand) ucidef_set_led_netdev "lan" "LAN" "gl-ar300m:green:lan" "eth0" ;; +netgear,wndr3700-v4|\ netgear,wndr4300) ucidef_set_led_switch "wan-amber" "WAN (amber)" "netgear:amber:wan" "switch0" "0x20" ;; diff --git a/target/linux/ath79/nand/base-files/etc/board.d/02_network b/target/linux/ath79/nand/base-files/etc/board.d/02_network index 9d7a19c2eb..0edba29e2b 100755 --- a/target/linux/ath79/nand/base-files/etc/board.d/02_network +++ b/target/linux/ath79/nand/base-files/etc/board.d/02_network @@ -11,6 +11,7 @@ ath79_setup_interfaces() aerohive,hiveap-121) ucidef_set_interface_lan "eth0" ;; + netgear,wndr3700-v4|\ netgear,wndr4300) ucidef_add_switch
[OpenWrt-Devel] [PATCH 1/2] ath79: split dts file for Netgear WNDR4300
From: Michal Cieslakiewicz Move board configuration to dtsi file in preparation for WNDR3700v4 router support. Signed-off-by: Michal Cieslakiewicz --- .../linux/ath79/dts/ar9344_netgear_wndr.dtsi | 290 ++ .../ath79/dts/ar9344_netgear_wndr4300.dts | 286 + 2 files changed, 291 insertions(+), 285 deletions(-) create mode 100644 target/linux/ath79/dts/ar9344_netgear_wndr.dtsi diff --git a/target/linux/ath79/dts/ar9344_netgear_wndr.dtsi b/target/linux/ath79/dts/ar9344_netgear_wndr.dtsi new file mode 100644 index 00..16a4e3f6e8 --- /dev/null +++ b/target/linux/ath79/dts/ar9344_netgear_wndr.dtsi @@ -0,0 +1,290 @@ +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT +/dts-v1/; + +#include +#include + +#include "ar9344.dtsi" + +/ { + chosen { + bootargs = "console=ttyS0,115200n8"; + }; + + aliases { + led-boot = _power_amber; + led-failsafe = _power_amber; + led-running = _power_green; + led-upgrade = _power_amber; + label-mac-device = + }; + + keys { + compatible = "gpio-keys"; + + wps { + label = "wps"; + linux,code = ; + gpios = < 12 GPIO_ACTIVE_LOW>; + }; + + reset { + label = "reset"; + linux,code = ; + gpios = < 21 GPIO_ACTIVE_LOW>; + }; + + rfkill { + label = "rfkill"; + linux,code = ; + gpios = < 15 GPIO_ACTIVE_LOW>; + }; + }; + + leds { + compatible = "gpio-leds"; + + pinctrl-names = "default"; + pinctrl-0 = <_gpio_11>; + + led_power_green: power_green { + label = "netgear:green:power"; + gpios = < 0 GPIO_ACTIVE_LOW>; + }; + + led_power_amber: power_amber { + label = "netgear:amber:power"; + gpios = < 2 GPIO_ACTIVE_LOW>; + default-state = "keep"; + }; + + wan_green { + label = "netgear:green:wan"; + gpios = < 1 GPIO_ACTIVE_LOW>; + }; + + wan_amber { + label = "netgear:amber:wan"; + gpios = < 3 GPIO_ACTIVE_LOW>; + }; + + wlan2g_green { + label = "netgear:green:wlan2g"; + gpios = < 11 GPIO_ACTIVE_LOW>; + linux,default-trigger = "phy0tpt"; + }; + + wlan5g_blue { + label = "netgear:blue:wlan5g"; + gpios = < 14 GPIO_ACTIVE_LOW>; + linux,default-trigger = "phy1tpt"; + }; + + wps_green { + label = "netgear:green:wps"; + gpios = < 16 GPIO_ACTIVE_LOW>; + }; + + wps_amber { + label = "netgear:amber:wps"; + gpios = < 17 GPIO_ACTIVE_LOW>; + }; + + usb_green { + label = "netgear:green:usb"; + gpios = < 13 GPIO_ACTIVE_LOW>; + trigger-sources = <_port>; + linux,default-trigger = "usbport"; + }; + }; +}; + + { + enable_gpio_11: pinmux_enable_gpio_11 { + pinctrl-single,bits = <0x8 0x0 0xff00>; + }; +}; + + { + status = "okay"; + + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + partition@0 { + label = "u-boot"; + reg = <0x0 0x4>; + read-only; + }; + + partition@4 { + label = "u-boot-env"; + reg = <0x4 0x4>; + }; + + art: partition@8 { + label = "caldata"; + reg = <0x8 0x4>; + read-only; + }; + + partition@c { + label = "pot"; + reg = <0xc 0x8>; + }; + + partition@14 { + label = "language"; + reg = <0x14 0x20>; + }; + + partition@34 { + label = "config"; + reg = <0x34 0x8>; + }; + + partition@3c { + label = "traffic_meter"; + reg = <0x3c
Re: [OpenWrt-Devel] FW: [PATCH 2/2] ath79: add support for Netgear WNDR3700v4
On 11/13/19 12:42 PM, Schmutzler, Adrian wrote: > > > > > *From:*Adrian Schmutzler [mailto:m...@adrianschmutzler.de] > *Sent:* Mittwoch, 13. November 2019 18:39 > *To:* 'Paul Blazejowski' ; > 'openwrt-devel@lists.openwrt.org' > *Subject:* RE: [PATCH 2/2] ath79: add support for Netgear WNDR3700v4 > > Hi Adrian, > > Hi, > >> diff --git a/target/linux/ath79/dts/ar9344_netgear_wndr3700-v4.dts >> b/target/linux/ath79/dts/ar9344_netgear_wndr3700-v4.dts >> new file mode 100644 >> index 00..eb1ad731c3 >> --- /dev/null >> +++ b/target/linux/ath79/dts/ar9344_netgear_wndr3700-v4.dts >> @@ -0,0 +1,9 @@ >> +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT >> +/dts-v1/; >> + >> +#include "ar9344_netgear_wndr.dtsi" >> + >> +/ { >> + compatible = "netgear,wndr3700-v4", "qca,ar9344"; >> + model = "Netgear WNDR3700 v4"; >> +}; > > Indent should be fixed here (-> tab). Ok, noted! > > One could also copy the flashing instructions to the commit message, so > you do not have to search for them. OK > > Both could also be done by a willing dev during merge, unless there is > more to fix. Thanks for your help! > > Best > > Adrian > Cheerios! -paul ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH v2] ath79: add support for COMFAST CF-E130N v2
Hi Pavel, > Specifications: > > - QCA9531 SoC > - 1x 10/100 Mbps Ethernet, both with PoE-in support If it has one Ethernet, then there's only one PoE-in. Cheers! signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] ath79: add support for COMFAST CF-E130N v2
Well, rather than looking at the specifications, I'd check if the actual hardware is 802.11bgn. :) You could try the "iw list" command to see if the available channels match the 802.11bgn band or not. Cheers! El 13/11/19 a les 11:33, Kryma ha escrit: > Hi, > >> In addition to Adrian's comments, could it be that the device was a >> 802.11bgn router? >> > Looking at the specifications, it seems to be one indeed. Should I > make any changes regarding that? signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] uhttpd/luci/rpcd is broken?
Am 13.11.2019 um 13:53 schrieb Dirk Brenken: > On Wed, 2019-11-13 at 13:44 +0100, e9hack wrote: >> Hi, >> >> it looks like that uhttpd/luci/rpcd is broken again. After login in >> the web interface, the main status page times out and shows this >> error message: >> >> RPCError: RPC call to luci.ddns/get_services_status failed with error >> -32000: Object not found >> at handleCallReply ( >> https://wlan-dsl8.lan/luci-static/resources/rpc.js?v=git-19.317.29469-8da8f38:12:3 >> ) > > Seems to be a file permission issue, try: > > chmod +x /usr/libexec/rpcd/luci.ddns > /etc/init.d/rpcd restart Yes, this does fix it. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH v2] ath79: add support for COMFAST CF-E130N v2
From: Pavel Balan This patch adds support for the COMFAST CF-E130N v2, an outdoor wireless CPE with a single Ethernet port and a 802.11bgn radio. Specifications: - QCA9531 SoC - 1x 10/100 Mbps Ethernet, both with PoE-in support - 64 MB of RAM (DDR2) - 16 MB of FLASH - 5 dBi built-in antenna - POWER/LAN/WLAN green LEDs - 4x RSSI LEDs (2x red, 2x green) - UART (115200 8N1) and GPIO (J9) headers on PCB Flashing instructions: The original firmware is based on OpenWrt so a sysupgrade image can be installed via the stock web GUI. The U-boot bootloader also contains a backup TFTP client to upload the firmware from. Upon boot, it checks its ethernet network for the IP 192.168.1.10. Host a TFTP server and provide the image to be flashed as file firmware_auto.bin. Changes since v1: -Formatting fixes. -Looked into rssi_medium_high more - found the correct GPIO pin. -Removed the pin muxer. -Changed 802.11an to 802.11bgn in the patch description. Open questions: -LED menu in LUCI does not show the list of LEDs properly. A LUCI issue or a device config one? Signed-off-by: Pavel Balan --- .../ath79/dts/qca9531_comfast_cf-e130n-v2.dts | 139 ++ .../generic/base-files/etc/board.d/01_leds| 8 + target/linux/ath79/image/generic.mk | 10 ++ 3 files changed, 157 insertions(+) create mode 100644 target/linux/ath79/dts/qca9531_comfast_cf-e130n-v2.dts diff --git a/target/linux/ath79/dts/qca9531_comfast_cf-e130n-v2.dts b/target/linux/ath79/dts/qca9531_comfast_cf-e130n-v2.dts new file mode 100644 index 00..b5527c0a49 --- /dev/null +++ b/target/linux/ath79/dts/qca9531_comfast_cf-e130n-v2.dts @@ -0,0 +1,139 @@ +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT +/dts-v1/; + +#include +#include + +#include "qca953x.dtsi" + +/ { + compatible = "comfast,cf-e130n-v2", "qca,qca9531"; + model = "COMFAST CF-E130N v2"; + + aliases { + serial0 = + led-boot = _rssihigh; + led-failsafe = _rssihigh; + led-upgrade = _rssihigh; + label-mac-device = + }; + + leds { + compatible = "gpio-leds"; + + pinctrl-names = "default"; + pinctrl-0 = <_rssimediumhigh_pin>; + + led_wlan { + label = "cf-e130n-v2:green:wlan"; + gpios = < 0 GPIO_ACTIVE_LOW>; + linux,default-trigger = "phy0tpt"; + }; + + led_lan { + label = "cf-e130n-v2:green:lan"; + gpios = < 2 GPIO_ACTIVE_LOW>; + }; + + led_unused { + label = "cf-e130n-v2:green:unused"; + gpios = < 3 GPIO_ACTIVE_LOW>; + }; + + led_rssilow { + label = "cf-e130n-v2:red:rssilow"; + gpios = < 11 GPIO_ACTIVE_LOW>; + }; + + led_rssimediumlow { + label = "cf-e130n-v2:red:rssimediumlow"; + gpios = < 12 GPIO_ACTIVE_LOW>; + }; + + led_rssimediumhigh { + label = "cf-e130n-v2:green:rssimediumhigh"; + gpios = < 14 GPIO_ACTIVE_LOW>; + }; + + led_rssihigh: led_rssihigh { + label = "cf-e130n-v2:green:rssihigh"; + gpios = < 16 GPIO_ACTIVE_LOW>; + }; + }; + + keys { + compatible = "gpio-keys"; + + reset { + label = "reset"; + linux,code = ; + gpios = < 17 GPIO_ACTIVE_LOW>; + debounce-interval = <60>; + }; + }; +}; + + { + status = "okay"; + + num-cs = <1>; + + flash@0 { + compatible = "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <2500>; + + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + partition@0 { + label = "u-boot"; + reg = <0x00 0x01>; + read-only; + }; + + art: partition@1 { + label = "art"; + reg = <0x01 0x01>; + read-only; + }; + + partition@2 { + compatible = "denx,uimage"; + label = "firmware"; + reg = <0x02 0x7d>; + }; + + partition@7f { + label = "nvram";
Re: [OpenWrt-Devel] [PATCH 2/2] ath79: add support for Netgear WNDR3700v4
Hi, > diff --git a/target/linux/ath79/dts/ar9344_netgear_wndr3700-v4.dts > b/target/linux/ath79/dts/ar9344_netgear_wndr3700-v4.dts > new file mode 100644 > index 00..eb1ad731c3 > --- /dev/null > +++ b/target/linux/ath79/dts/ar9344_netgear_wndr3700-v4.dts > @@ -0,0 +1,9 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT > +/dts-v1/; > + > +#include "ar9344_netgear_wndr.dtsi" > + > +/ { > +compatible = "netgear,wndr3700-v4", "qca,ar9344"; > +model = "Netgear WNDR3700 v4"; > +}; Indent should be fixed here (-> tab). One could also copy the flashing instructions to the commit message, so you do not have to search for them. Both could also be done by a willing dev during merge, unless there is more to fix. Best Adrian openpgp-digital-signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [Info] Fwd: [PATCH v4 0/4] MTD concat
If I understand this properly, the ability to logically concatenate MTD partitions may have benefits to the project in the future. http://lists.infradead.org/pipermail/linux-mtd/2019-November/092535.html Jeff --- Hello, A year ago Bernhard Frauendienst started an effort to bring MTD devices concatenation generic [1]. Today I also need this concatenation to be possible in order to support configurations where two MTD devices are treated like one bigger in order to be able to define partitions across chip boundaries, hence reviving this patchset. After having talked with Mark Brown and Boris Brezillon this approach seems to be the cleanest and easiest one. If discussions need to happen, it is probably on the dt-bindings file where I tried to summarize the issue and the possible solutions in the commit log. I changed a bit the code logic and style but not so much, all the changes with the 2018 version are in [ ] in the commit logs. I would like to add another way to concatenate devices: with module parameters/arguments on the cmdline. I will extend this work once the bindings will have been discussed and accepted. Thanks, Miquèl [1] https://lwn.net/ml/linux-kernel/20180907173515.19990-1-ker...@nospam.obeliks.de/ Bernhard Frauendienst (3): mtd: Add get_mtd_device_by_node() helper dt-bindings: mtd: Describe mtd-concat devices mtd: Add driver for concatenating devices Miquel Raynal (1): mtd: concat: Fix a comment referring to an unknown symbol .../devicetree/bindings/mtd/mtd-concat.yaml | 56 drivers/mtd/Kconfig | 8 ++ drivers/mtd/Makefile | 1 + drivers/mtd/mtd_virt_concat.c | 132 ++ drivers/mtd/mtdconcat.c | 5 +- drivers/mtd/mtdcore.c | 38 + include/linux/mtd/mtd.h | 2 + 7 files changed, 238 insertions(+), 4 deletions(-) create mode 100644 Documentation/devicetree/bindings/mtd/mtd-concat.yaml create mode 100644 drivers/mtd/mtd_virt_concat.c -- 2.20.1 __ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/ ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH 19.07] ar71xx: fix sysupgrade to ath79 for wndr3700v2 and wndr3800
Hi Petr, > -Original Message- > From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org] On > Behalf Of Adrian Schmutzler > Sent: Dienstag, 1. Oktober 2019 12:07 > To: 'Petr Štetiar' > Cc: openwrt-devel@lists.openwrt.org > Subject: Re: [OpenWrt-Devel] [PATCH 19.07] ar71xx: fix sysupgrade to ath79 for > wndr3700v2 and wndr3800 > just stumbled over this "old" patch again. I think it would be good to merge it soon (before a -rc2 comes up) or adjust the ath79 SUPPORTED_DEVICES otherwise. I think we should establish a forceless upgrade path (and some user testing for the changed board names) before 19.07.0 is released. Best Adrian openpgp-digital-signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] kernel: nf_conntrack_rtcache: fix cleanup on netns delete and rmmod
Fixes FS#1472, FS#2353, FS#2426 Fixes: b3f95490 ("kernel: generic: Add kernel 4.14 support") Signed-off-by: Yousong Zhou --- .../020-backport_netfilter_rtcache.patch | 14 +- .../020-backport_netfilter_rtcache.patch | 14 +- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch b/target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch index 8a6fba4307..d745a97026 100644 --- a/target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch +++ b/target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch @@ -127,7 +127,7 @@ Signed-off-by: Florian Westphal # netlink interface for nf_conntrack --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,428 @@ +@@ -0,0 +1,440 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -444,6 +444,11 @@ Signed-off-by: Florian Westphal + .destroy = nf_conn_rtcache_destroy, +}; + ++static int __net_init rtcache_net_init(struct net *net) ++{ ++ return nf_register_net_hooks(net, rtcache_ops, ARRAY_SIZE(rtcache_ops)); ++} ++ +static void __net_exit rtcache_net_exit(struct net *net) +{ + /* remove hooks so no new connections get rtcache extension */ @@ -451,6 +456,7 @@ Signed-off-by: Florian Westphal +} + +static struct pernet_operations rtcache_ops_net_ops = { ++ .init = rtcache_net_init, + .exit = rtcache_net_exit, +}; + @@ -531,6 +537,11 @@ Signed-off-by: Florian Westphal + synchronize_net(); + + unregister_netdevice_notifier(_rtcache_notifier); ++ unregister_pernet_subsys(_ops_net_ops); ++ for_each_net(net) ++ nf_unregister_net_hooks(net, rtcache_ops, ARRAY_SIZE(rtcache_ops)); ++ ++ synchronize_net(); + + rtnl_lock(); + @@ -547,6 +558,7 @@ Signed-off-by: Florian Westphal + } + + rtnl_unlock(); ++ + synchronize_net(); + nf_ct_extend_unregister(_extend); +} diff --git a/target/linux/generic/backport-4.19/020-backport_netfilter_rtcache.patch b/target/linux/generic/backport-4.19/020-backport_netfilter_rtcache.patch index 3a35381ce3..2d84bc2acf 100644 --- a/target/linux/generic/backport-4.19/020-backport_netfilter_rtcache.patch +++ b/target/linux/generic/backport-4.19/020-backport_netfilter_rtcache.patch @@ -127,7 +127,7 @@ Signed-off-by: Florian Westphal # netlink interface for nf_conntrack --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,428 @@ +@@ -0,0 +1,440 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -444,6 +444,11 @@ Signed-off-by: Florian Westphal + .destroy = nf_conn_rtcache_destroy, +}; + ++static int __net_init rtcache_net_init(struct net *net) ++{ ++ return nf_register_net_hooks(net, rtcache_ops, ARRAY_SIZE(rtcache_ops)); ++} ++ +static void __net_exit rtcache_net_exit(struct net *net) +{ + /* remove hooks so no new connections get rtcache extension */ @@ -451,6 +456,7 @@ Signed-off-by: Florian Westphal +} + +static struct pernet_operations rtcache_ops_net_ops = { ++ .init = rtcache_net_init, + .exit = rtcache_net_exit, +}; + @@ -531,6 +537,11 @@ Signed-off-by: Florian Westphal + synchronize_net(); + + unregister_netdevice_notifier(_rtcache_notifier); ++ unregister_pernet_subsys(_ops_net_ops); ++ for_each_net(net) ++ nf_unregister_net_hooks(net, rtcache_ops, ARRAY_SIZE(rtcache_ops)); ++ ++ synchronize_net(); + + rtnl_lock(); + @@ -547,6 +558,7 @@ Signed-off-by: Florian Westphal + } + + rtnl_unlock(); ++ + synchronize_net(); + nf_ct_extend_unregister(_extend); +} ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] ipq40xx progress on GitHub
Hi, there are several ipq40xx device support PRs on GitHub being already two months old that haven't even received initial reviews so far (despite some formal nitpicks). In case someone familiar with that target is interested in having a look: https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Atarget%2Fipq40xx Despite, note that I'm now more aggressively using the "needs reviewer" tag for stuff that hasn't been looked at by committers for some time/at all: https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3A"needs+reviewer; There is also a lot of very old "packages" stuff there. Best Adrian openpgp-digital-signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH procd] initd/init: add minimal SELinux policy loading support
In order to support SELinux in OpenWRT, this commit introduces minimal support for loading the SELinux policy in the init code. The logic is very much inspired from what Busybox is doing: call selinux_init_load_policy() from libselinux, and then re-execute init so that it runs with the SELinux policy in place and enforced. Signed-off-by: Thomas Petazzoni --- I have patches ready to add some minimal SELinux support to OpenWRT, which I intend to send in the near future. --- CMakeLists.txt | 9 - initd/init.c | 41 + 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4b3eebd..865e43c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -40,6 +40,12 @@ IF(ZRAM_TMPFS) SET(SOURCES_ZRAM initd/zram.c) ENDIF() +IF(SELINUX) + include(FindPkgConfig) + pkg_search_module(SELINUX REQUIRED libselinux) + add_compile_definitions(WITH_SELINUX) +ENDIF() + add_subdirectory(upgraded) ADD_EXECUTABLE(procd ${SOURCES}) @@ -56,7 +62,8 @@ ADD_DEFINITIONS(-DDISABLE_INIT) ELSE() ADD_EXECUTABLE(init initd/init.c initd/early.c initd/preinit.c initd/mkdev.c sysupgrade.c watchdog.c utils/utils.c ${SOURCES_ZRAM}) -TARGET_LINK_LIBRARIES(init ${LIBS}) +TARGET_INCLUDE_DIRECTORIES(init PUBLIC ${SELINUX_INCLUDE_DIRS}) +TARGET_LINK_LIBRARIES(init ${LIBS} ${SELINUX_LIBRARIES}) INSTALL(TARGETS init RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR} ) diff --git a/initd/init.c b/initd/init.c index 9b47826..f765b60 100644 --- a/initd/init.c +++ b/initd/init.c @@ -29,6 +29,10 @@ #include #include +#if defined(WITH_SELINUX) +#include +#endif + #include "../utils/utils.h" #include "init.h" #include "../watchdog.h" @@ -67,6 +71,41 @@ cmdline(void) } } +#if defined(WITH_SELINUX) +static int +selinux(char **argv) +{ + int enforce = 0; + int ret; + + /* SELinux already initialized */ + if (getenv("SELINUX_INIT")) + return 0; + + putenv("SELINUX_INIT=1"); + + printf("Loading SELinux policy...\n"); + + ret = selinux_init_load_policy(); + printf("selinux_init_load_policy returned %d\n", ret); + if (ret == 0) + execv(argv[0], argv); + + if (enforce > 0) { + fprintf(stderr, "Cannot load SELinux policy, but system in enforcing mode. Halting.\n"); + return 1; + } + + return 0; +} +#else +static int +selinux(char **argv) +{ + return 0; +} +#endif + int main(int argc, char **argv) { @@ -79,6 +118,8 @@ main(int argc, char **argv) sigaction(SIGUSR2, _shutdown, NULL); sigaction(SIGPWR, _shutdown, NULL); + if (selinux(argv)) + exit(-1); early(); cmdline(); watchdog_init(1); -- 2.23.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH v2 maintainer-tools] patchwork-apply.sh: try to fix DMARC mangled patches
On Sun, 10 Nov 2019 at 10:05, Petr Štetiar wrote: > > In order to avoid DMARC plague in the commit messages: > > 87f9292300cf hostapd: add IEEE 802.11k support > 450d44a8ead2 openssl: change defaults: ENGINE:on, NPN:off, misc > eabc1ddc4541 build: Honour NO_COLOR in include/scan.mk > 3fb45576ac16 cryptodev-linux: move from packages feed > a73283dc10f7 kernel: nf-nathelper-extra depends on ipt-raw > 0317fc3658eb libpcap: patch to add limits.h to pcap-usb-linux.c > 26dbf79f4905 libevent2: Don't build tests and samples > d59126040701 brcm63xx: initial support for Sky SR102 router > 094d49cddf93 kernel: bump 4.14 to 4.14.51 > 247055cbfbf1 igmpproxy: bump to 0.2.1 > c451434b963d cake: bump to 20180504 bake > 080fb7a3fbb6 iproute2: import latest cake > ad5af37ca793 iproute2: backport json_print-fix-hidden-64-bit-type-promotion > 78f4305933b9 iftop: bump to latest > 7783f31359cb base-files: nand: use CI_KERNPART whenever the kernel volume is > needed > > Signed-off-by: Petr Štetiar > --- > patchwork-apply.sh | 7 +++ > 1 file changed, 7 insertions(+) > > diff --git a/patchwork-apply.sh b/patchwork-apply.sh > index 5506adbfe451..1543c7fdaceb 100755 > --- a/patchwork-apply.sh > +++ b/patchwork-apply.sh > @@ -140,6 +140,13 @@ echo "$1" | grep -sqE '^[0-9]+$' || { > } > } > > +grep --color --context=3 "DMARC Reject/Quarantine" "$1.patch" && { > + if ! yesno "DMARC manled patch detected, attempt to fix it?" "y"; then > + exit 4 > + fi > + sed -i '/The sender domain has a DMARC/,/automatically by the mailing > list software./d' "$1.patch" > +} > + The patch author itself also needs unmangling. it currently is "foo bar via openwrt-devel <...>". The original author seems to be available in a "Reply-To:" header - no idea how stable that is. After that it looks good IMHO. And yes, having a sanity check as a commit hook would be good, but is a separate thing from this patch. Same for a fixed patchwork version, but there has been no release yet with the fix[1]. Regards Jonas [1] https://github.com/getpatchwork/patchwork/commit/8279a84238c10acbcadd075e4e998dffdc39f2e9 > git am "$1.patch" || { > echo "Failed to apply patch $1" >&2 > git am --abort > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] uhttpd/luci/rpcd is broken?
On Wed, 2019-11-13 at 13:44 +0100, e9hack wrote: > Hi, > > it looks like that uhttpd/luci/rpcd is broken again. After login in > the web interface, the main status page times out and shows this > error message: > > RPCError: RPC call to luci.ddns/get_services_status failed with error > -32000: Object not found > at handleCallReply ( > https://wlan-dsl8.lan/luci-static/resources/rpc.js?v=git-19.317.29469-8da8f38:12:3 > ) Seems to be a file permission issue, try: chmod +x /usr/libexec/rpcd/luci.ddns /etc/init.d/rpcd restart > > Regards, > Hartmut > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > > https://lists.openwrt.org/mailman/listinfo/openwrt-devel > > signature.asc Description: This is a digitally signed message part ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] uhttpd/luci/rpcd is broken?
Hi, it looks like that uhttpd/luci/rpcd is broken again. After login in the web interface, the main status page times out and shows this error message: RPCError: RPC call to luci.ddns/get_services_status failed with error -32000: Object not found at handleCallReply (https://wlan-dsl8.lan/luci-static/resources/rpc.js?v=git-19.317.29469-8da8f38:12:3) Regards, Hartmut ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH v2 maintainer-tools] patchwork-apply.sh: try to fix DMARC mangled patches
Hi, > -Original Message- > From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org] On > Behalf Of Petr Štetiar > Sent: Sonntag, 10. November 2019 10:05 > To: openwrt-devel@lists.openwrt.org > Cc: Petr Štetiar > Subject: [OpenWrt-Devel] [PATCH v2 maintainer-tools] patchwork-apply.sh: try > to fix DMARC mangled patches > > In order to avoid DMARC plague in the commit messages: > > 87f9292300cf hostapd: add IEEE 802.11k support > 450d44a8ead2 openssl: change defaults: ENGINE:on, NPN:off, misc > eabc1ddc4541 build: Honour NO_COLOR in include/scan.mk > 3fb45576ac16 cryptodev-linux: move from packages feed > a73283dc10f7 kernel: nf-nathelper-extra depends on ipt-raw > 0317fc3658eb libpcap: patch to add limits.h to pcap-usb-linux.c > 26dbf79f4905 libevent2: Don't build tests and samples > d59126040701 brcm63xx: initial support for Sky SR102 router > 094d49cddf93 kernel: bump 4.14 to 4.14.51 > 247055cbfbf1 igmpproxy: bump to 0.2.1 > c451434b963d cake: bump to 20180504 bake > 080fb7a3fbb6 iproute2: import latest cake > ad5af37ca793 iproute2: backport json_print-fix-hidden-64-bit-type-promotion > 78f4305933b9 iftop: bump to latest > 7783f31359cb base-files: nand: use CI_KERNPART whenever the kernel volume is > needed > > Signed-off-by: Petr Štetiar I just want to support Petr, as I also think having just the DMARC comment in the commit message is really a problem and should be addressed. I think it should be dealt with both in patchwork-apply.sh and as a hook when pushing to git.openwrt.org. Best Adrian openpgp-digital-signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] ath79: add support for COMFAST CF-E130N v2
Hi, > -Original Message- > From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org] On > Behalf Of Kryma > Sent: Montag, 11. November 2019 23:02 > To: openwrt-devel@lists.openwrt.org > Subject: Re: [OpenWrt-Devel] [PATCH] ath79: add support for COMFAST CF- > E130N v2 > > Hi, > > > That's wrong. You have 0x7d, not 0xfd ... > > There seems to be some discrepancy, possibly v1 vs v2. The > specifications on the website and the partitioning seem to imply a 8MB > image size - however, U-boot bootloader and the sum of MTD block sizes > gives us 16MB. Unsure, I tried both 8000 and 16192. Both seem to work > well, save for some I/O errors when writing files to homedir with both. > Not sure what that implies, but assuming 16MB as size all that given. based on how we use it currently, IMAGE_SIZE should match the size of the firmware partition. > > > Will this work without a defined gpio? > > Could you elaborate? + rssimediumhigh { + label = "cf-e130n-v2:green:rssimediumhigh"; +// No individual GPIOs matched this LED! + }; Will this still work when using rssimediumhigh in 01_leds? Best Adrian openpgp-digital-signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] OpenWrt: read label MAC address for FRITZ!WLAN Repeater 300E
> Hey Adrian, > > all mac-addresses can be found in the urlader key value store. > > maca 24:65:11:AE:CB:6B > macb 24:65:11:AE:CB:6C > macwlan 24:65:11:AE:CB:6D > macdsl24:65:11:AE:CB:6E > > Following the fritz_tffs call in 02_network it will be: > > lan=$(fritz_tffs -n maca -i $(find_mtd_part "tffs (1)")) > wlan=$(fritz_tffs -n macwlan -i $(find_mtd_part "tffs (1)")) > > FYI, the label mac is macwlan. > > Does that answer your question? Thanks, that's exactly what I needed (and easier than I thought). Already applied it in https://github.com/openwrt/openwrt/commit/d421a8b9448968de0e3265f5beb469c210a909ab Adrian openpgp-digital-signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] International Broadcast Conference 2019
Dear Exhibitor, Thanks for being a part of our International Broadcast Conference 2019. IBC 2019 updated delegates contacts is Now Available. You can make use of the contact list by Appointment Setting, Networking and other campaigns too. This is the best time to follow up on those leads to Boost your sales team's productivity by contacting them through email or call with no restriction on usage. Shall I get back with counts and pricing available quickly? Regards, Susan Dauber - Event Attendees Specialist International Broadcast Conference 2019 13 - 17 September 2019| RAI Amsterdam ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel