From 16dee5650325e0e107aa9a4623da263d19b2748f Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 22 Jun 2021 13:16:25 +0800 Subject: [PATCH 01/19] target: tweak default packages Signed-off-by: Tianling Shen --- include/target.mk | 78 ++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 67 insertions(+), 11 deletions(-) diff --git a/include/target.mk b/include/target.mk index 05120e22e1..4354f6bff8 100644 --- a/include/target.mk +++ b/include/target.mk @@ -10,13 +10,22 @@ __target_inc=1 DEVICE_TYPE?=router # Default packages - the really basic set -DEFAULT_PACKAGES:=base-files libc libgcc dropbear mtd uci opkg netifd fstools uclient-fetch logd urandom-seed urngd \ -block-mount kmod-nf-nathelper kmod-nf-nathelper-extra kmod-ipt-raw wget-ssl libustream-openssl ca-certificates \ -default-settings luci luci-app-ddns luci-app-upnp luci-app-adbyby-plus luci-app-autoreboot \ -luci-app-filetransfer luci-app-vsftpd luci-app-ssr-plus luci-app-unblockmusic \ -luci-app-arpbind luci-app-vlmcsd luci-app-wol luci-app-ramfree \ -luci-app-turboacc luci-app-nlbwmon luci-app-accesscontrol luci-app-cpufreq \ -ddns-scripts_aliyun ddns-scripts_dnspod +DEFAULT_PACKAGES:=\ + base-files \ + ca-bundle \ + dropbear \ + fstools \ + libc \ + libgcc \ + libustream-openssl \ + logd \ + mtd \ + netifd \ + opkg \ + uci \ + uclient-fetch \ + urandom-seed \ + urngd ifneq ($(CONFIG_SELINUX),) DEFAULT_PACKAGES+=busybox-selinux procd-selinux @@ -24,11 +33,51 @@ else DEFAULT_PACKAGES+=busybox procd endif +# For the basic set +DEFAULT_PACKAGES.basic:= # For nas targets -DEFAULT_PACKAGES.nas:=block-mount fdisk lsblk mdadm +DEFAULT_PACKAGES.nas:=\ + block-mount \ + fdisk \ + lsblk \ + mdadm # For router targets -DEFAULT_PACKAGES.router:=dnsmasq-full iptables ppp ppp-mod-pppoe firewall -DEFAULT_PACKAGES.bootloader:= +DEFAULT_PACKAGES.router:=\ + dnsmasq-full \ + firewall \ + iptables \ + ppp \ + ppp-mod-pppoe +# For easy usage +DEFAULT_PACKAGES.tweak:=\ + block-mount \ + ca-certificates \ + coreutils \ + ddns-scripts_aliyun \ + ddns-scripts_dnspod \ + default-settings \ + kmod-ipt-raw \ + kmod-nf-nathelper \ + kmod-nf-nathelper-extra \ + luci \ + luci-app-accesscontrol \ + luci-app-arpbind \ + luci-app-autoreboot \ + luci-app-cpufreq \ + luci-app-ddns \ + luci-app-filetransfer \ + luci-app-nlbwmon \ + luci-app-turboacc \ + luci-app-ramfree \ + luci-app-ssr-plus \ + luci-app-vlmcsd \ + luci-app-wol \ + luci-compat \ + luci-lib-base \ + luci-lib-fs \ + luci-lib-ipkg \ + luci-proto-relay \ + wget-ssl ifneq ($(DUMP),) all: dumpinfo @@ -61,6 +110,9 @@ else endif endif +# Add tweaked packages +DEFAULT_PACKAGES += $(DEFAULT_PACKAGES.tweak) + # Add device specific packages (here below to allow device type set from subtarget) DEFAULT_PACKAGES += $(DEFAULT_PACKAGES.$(DEVICE_TYPE)) @@ -178,6 +230,8 @@ ifeq ($(DUMP),1) CPU_CFLAGS += -mno-branch-likely CPU_CFLAGS_mips32 = -mips32 -mtune=mips32 CPU_CFLAGS_mips64 = -mips64 -mtune=mips64 -mabi=64 + CPU_CFLAGS_mips64r2 = -mips64r2 -mtune=mips64r2 -mabi=64 + CPU_CFLAGS_4kec = -mips32r2 -mtune=4kec CPU_CFLAGS_24kc = -mips32r2 -mtune=24kc CPU_CFLAGS_74kc = -mips32r2 -mtune=74kc CPU_CFLAGS_octeonplus = -march=octeon+ -mabi=64 @@ -232,7 +286,9 @@ ifeq ($(DUMP),1) .PRECIOUS: $(TMP_CONFIG) ifdef KERNEL_TESTING_PATCHVER - FEATURES += testing-kernel + ifneq ($(KERNEL_TESTING_PATCHVER),$(KERNEL_PATCHVER)) + FEATURES += testing-kernel + endif endif ifneq ($(CONFIG_OF),) FEATURES += dt From 4cec6aacfb2467408a2c5c2afde5460532abdeed Mon Sep 17 00:00:00 2001 From: Paul Spooren Date: Wed, 16 Jun 2021 18:05:04 -1000 Subject: [PATCH 02/19] build: create profiles.json per default The file is a info file just like config.buildinfo, feeds.buildinfo and version.buildinfo. It bundles these and more information in a machine readable way. This commit enables the creation of profiles.json by default and not only for buildbots. By doing so it follow the behaviour of the ImageBuilder which always creates the file, lastly this increases the files visibility for downstream projects. Signed-off-by: Paul Spooren (cherry picked from commit 181054bf7939decd8ce6f32b6f8e2a363ab55e24) --- config/Config-build.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/Config-build.in b/config/Config-build.in index 93d2f48371..7fb3c154ae 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -7,7 +7,7 @@ menu "Global build settings" config JSON_OVERVIEW_IMAGE_INFO bool "Create JSON info file overview per target" - default BUILDBOT + default y help Create a JSON info file called profiles.json in the target directory containing machine readable list of built profiles From f4e68f469101bcc29885df113259af1b49147f6b Mon Sep 17 00:00:00 2001 From: Michael Yartys Date: Mon, 21 Jun 2021 13:37:20 +0200 Subject: [PATCH 03/19] ath10k-ct: fix typo in Makefile Add forgotten colon to Makefile. Signed-off-by: Michael Yartys (cherry picked from commit f0f1d68d528402b4d51a1dd08d2e2c9034167f92) --- package/kernel/ath10k-ct/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/kernel/ath10k-ct/Makefile b/package/kernel/ath10k-ct/Makefile index dbf9d8cd63..a4a4caa333 100644 --- a/package/kernel/ath10k-ct/Makefile +++ b/package/kernel/ath10k-ct/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ath10k-ct -PKG_RELEASE=1 +PKG_RELEASE:=1 PKG_LICENSE:=GPLv2 PKG_LICENSE_FILES:= From d6bbe61e1baabcc17354863ad73a9dd8d41c54a1 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Thu, 8 Apr 2021 09:28:02 +0200 Subject: [PATCH 04/19] uci: add uci_revert function Add missing uci_revert shell function wrapper. Signed-off-by: Florian Eckert (cherry picked from commit 92ac2a20ebba9f8695b464041cc8aeb30bb85576) --- package/system/uci/Makefile | 2 +- package/system/uci/files/lib/config/uci.sh | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/package/system/uci/Makefile b/package/system/uci/Makefile index 57d8b401e9..360d58b617 100644 --- a/package/system/uci/Makefile +++ b/package/system/uci/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=uci -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE_URL=$(PROJECT_GIT)/project/uci.git PKG_SOURCE_PROTO:=git diff --git a/package/system/uci/files/lib/config/uci.sh b/package/system/uci/files/lib/config/uci.sh index 8d32cd1743..6ebfb73ae4 100644 --- a/package/system/uci/files/lib/config/uci.sh +++ b/package/system/uci/files/lib/config/uci.sh @@ -149,6 +149,14 @@ uci_remove_list() { /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} del_list "$PACKAGE.$CONFIG.$OPTION=$VALUE" } +uci_revert() { + local PACKAGE="$1" + local CONFIG="$2" + local OPTION="$3" + + /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} revert "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}" +} + uci_commit() { local PACKAGE="$1" /sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} commit $PACKAGE From 46fec74be839b3a975399ac7f914a65286edfcb5 Mon Sep 17 00:00:00 2001 From: Chris Blake Date: Tue, 15 Jun 2021 08:03:05 -0500 Subject: [PATCH 05/19] kernel/modules: make sure igb loads at boot Without loading the igb at boot, the recovery wouldn't have network available. All network drivers should be loaded before etc/board.d/02_network is called. Note that other network drivers already have this set, such as tg3. Fixes: 7e0e5110bc90 ("kernel: add igb kernel module") Signed-off-by: Chris Blake (cherry picked from commit f1e41155c98cb5f2e0647e064ec0b3cfbf346e41) --- package/kernel/linux/modules/netdevices.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/kernel/linux/modules/netdevices.mk b/package/kernel/linux/modules/netdevices.mk index d0cfb3eb26..b619327176 100644 --- a/package/kernel/linux/modules/netdevices.mk +++ b/package/kernel/linux/modules/netdevices.mk @@ -588,7 +588,7 @@ define KernelPackage/igb CONFIG_IGB_HWMON=y \ CONFIG_IGB_DCA=n FILES:=$(LINUX_DIR)/drivers/net/ethernet/intel/igb/igb.ko - AUTOLOAD:=$(call AutoLoad,35,igb) + AUTOLOAD:=$(call AutoLoad,35,igb,1) endef define KernelPackage/igb/description From 67e77ac373e957c6a7d72d14c50d2ddf03df8527 Mon Sep 17 00:00:00 2001 From: Dirk Neukirchen Date: Thu, 10 Jun 2021 12:15:58 +0200 Subject: [PATCH 06/19] grub2: update to 2.06 -300-CVE-2015-8370.patch is upstreamed with different code (upstream id: 451d80e52d851432e109771bb8febafca7a5f1f2) - fixup OpenWrts setup_root patch compile tested: x86_64,i386 runtime tested: VM x86_64,VM i386 - booted fine - grub-editenv worked Signed-off-by: Dirk Neukirchen (cherry picked from commit 2c9537e27495afdf929975c8a154cc66de902df0) --- package/boot/grub2/Makefile | 6 +-- .../grub2/patches/100-grub_setup_root.patch | 32 +++++++-------- .../grub2/patches/300-CVE-2015-8370.patch | 40 ------------------- 3 files changed, 19 insertions(+), 59 deletions(-) delete mode 100644 package/boot/grub2/patches/300-CVE-2015-8370.patch diff --git a/package/boot/grub2/Makefile b/package/boot/grub2/Makefile index 3cdb608cbf..9c67ff589b 100644 --- a/package/boot/grub2/Makefile +++ b/package/boot/grub2/Makefile @@ -7,12 +7,12 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=grub PKG_CPE_ID:=cpe:/a:gnu:grub2 -PKG_VERSION:=2.06~rc1 +PKG_VERSION:=2.06 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=https://alpha.gnu.org/gnu/grub -PKG_HASH:=2c87f1f21e2ab50043e6cd9163c08f1b6c3a6171556bf23ff9ed65b074145484 +PKG_SOURCE_URL:=@GNU/grub +PKG_HASH:=b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1 HOST_BUILD_PARALLEL:=1 PKG_BUILD_DEPENDS:=grub2/host diff --git a/package/boot/grub2/patches/100-grub_setup_root.patch b/package/boot/grub2/patches/100-grub_setup_root.patch index e075d052cb..f20b310e12 100644 --- a/package/boot/grub2/patches/100-grub_setup_root.patch +++ b/package/boot/grub2/patches/100-grub_setup_root.patch @@ -18,24 +18,24 @@ --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -1720,7 +1720,7 @@ main (int argc, char *argv[]) - /* Now perform the installation. */ +@@ -1721,7 +1721,7 @@ main (int argc, char *argv[]) if (install_bootsector) - grub_util_bios_setup (platdir, "boot.img", "core.img", -- install_drive, force, -+ NULL, install_drive, force, - fs_probe, allow_floppy, add_rs_codes, - !grub_install_is_short_mbrgap_supported ()); - break; -@@ -1747,7 +1747,7 @@ main (int argc, char *argv[]) - /* Now perform the installation. */ + { + grub_util_bios_setup (platdir, "boot.img", "core.img", +- install_drive, force, ++ NULL, install_drive, force, + fs_probe, allow_floppy, add_rs_codes, + !grub_install_is_short_mbrgap_supported ()); + +@@ -1752,7 +1752,7 @@ main (int argc, char *argv[]) if (install_bootsector) - grub_util_sparc_setup (platdir, "boot.img", "core.img", -- install_drive, force, -+ NULL, install_drive, force, - fs_probe, allow_floppy, - 0 /* unused */, 0 /* unused */ ); - break; + { + grub_util_sparc_setup (platdir, "boot.img", "core.img", +- install_drive, force, ++ NULL, install_drive, force, + fs_probe, allow_floppy, + 0 /* unused */, 0 /* unused */ ); + --- a/util/grub-setup.c +++ b/util/grub-setup.c @@ -87,6 +87,8 @@ static struct argp_option options[] = { diff --git a/package/boot/grub2/patches/300-CVE-2015-8370.patch b/package/boot/grub2/patches/300-CVE-2015-8370.patch deleted file mode 100644 index 22f6c90928..0000000000 --- a/package/boot/grub2/patches/300-CVE-2015-8370.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hector Marco-Gisbert -Date: Fri, 13 Nov 2015 16:21:09 +0100 -Subject: [PATCH] Fix security issue when reading username and password - - This patch fixes two integer underflows at: - * grub-core/lib/crypto.c - * grub-core/normal/auth.c - -Resolves: CVE-2015-8370 - -Signed-off-by: Hector Marco-Gisbert -Signed-off-by: Ismael Ripoll-Ripoll ---- - grub-core/lib/crypto.c | 2 +- - grub-core/normal/auth.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - ---- a/grub-core/lib/crypto.c -+++ b/grub-core/lib/crypto.c -@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - if (cur_len) - cur_len--; ---- a/grub-core/normal/auth.c -+++ b/grub-core/normal/auth.c -@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned - break; - } - -- if (key == GRUB_TERM_BACKSPACE) -+ if (key == GRUB_TERM_BACKSPACE && cur_len) - { - if (cur_len) - { From e2b9f61a63bae1cca31a1073c4231d6791690c4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Mon, 21 Jun 2021 11:42:25 +0200 Subject: [PATCH 07/19] ustream-ssl: variants conflict with each other MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This adds conflicts between variants of libustream pacakge. They provide the same file and thus it should not be possible to install them side by side. Signed-off-by: Karel Kočí (cherry picked from commit 219e17a35088a90eea664fbb4c66549d701a3cb4) --- package/libs/ustream-ssl/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package/libs/ustream-ssl/Makefile b/package/libs/ustream-ssl/Makefile index 3d1e48dcbd..f762c89d29 100644 --- a/package/libs/ustream-ssl/Makefile +++ b/package/libs/ustream-ssl/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ustream-ssl -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git @@ -37,6 +37,7 @@ define Package/libustream-wolfssl $(Package/libustream/default) TITLE += (wolfssl) DEPENDS += +PACKAGE_libustream-wolfssl:libwolfssl + CONFLICTS := libustream-openssl VARIANT:=wolfssl endef @@ -44,6 +45,7 @@ define Package/libustream-mbedtls $(Package/libustream/default) TITLE += (mbedtls) DEPENDS += +libmbedtls + CONFLICTS := libustream-openssl libustream-wolfssl VARIANT:=mbedtls DEFAULT_VARIANT:=1 endef From 7535adf0d1f4252f00f7c0ca0d03903a71543671 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 22 Jun 2021 17:33:45 +0800 Subject: [PATCH 08/19] dnsmasq: support DNS redirect for IPv6 Signed-off-by: Tianling Shen --- package/network/services/dnsmasq/files/dnsmasq.init | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 76dc0c8886..dac15e4c55 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -1121,7 +1121,10 @@ dnsmasq_start() config_get_bool dns_redirect "$cfg" dns_redirect 0 config_get dns_port "$cfg" port 53 - [ "$dns_redirect" = 1 ] && iptables -t nat -A PREROUTING -m comment --comment "DNSMASQ" -p udp --dport 53 -j REDIRECT --to-ports $dns_port + if [ "$dns_redirect" = 1 ]; then + iptables -t nat -A PREROUTING -m comment --comment "DNSMASQ" -p udp --dport 53 -j REDIRECT --to-ports $dns_port + [ -n "$(command -v ip6tables)" ] && ip6tables -t nat -A PREROUTING -m comment --comment "DNSMASQ" -p udp --dport 53 -j REDIRECT --to-ports $dnsport + fi } dnsmasq_stop() From b1b7452f333b409932fc179f44abab034cb30838 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 22 Jun 2021 18:45:52 +0800 Subject: [PATCH 09/19] dnsmasq: cleanup IPv6 DNS redirect rule when stop running Signed-off-by: Tianling Shen --- .../services/dnsmasq/files/dnsmasq.init | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index dac15e4c55..4c0a324657 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -1123,7 +1123,7 @@ dnsmasq_start() config_get dns_port "$cfg" port 53 if [ "$dns_redirect" = 1 ]; then iptables -t nat -A PREROUTING -m comment --comment "DNSMASQ" -p udp --dport 53 -j REDIRECT --to-ports $dns_port - [ -n "$(command -v ip6tables)" ] && ip6tables -t nat -A PREROUTING -m comment --comment "DNSMASQ" -p udp --dport 53 -j REDIRECT --to-ports $dnsport + [ -n "$(command -v ip6tables)" ] && ip6tables -t nat -A PREROUTING -m comment --comment "DNSMASQ" -p udp --dport 53 -j REDIRECT --to-ports $dns_port fi } @@ -1144,19 +1144,9 @@ dnsmasq_stop() iptables_clear() { - nums=$(iptables -t nat -n -L PREROUTING 2>/dev/null | grep -c "DNSMASQ") - if [ -n "$nums" ]; then - until [ "$nums" = 0 ] - do - rules=$(iptables -t nat -n -L PREROUTING --line-num 2>/dev/null | grep "DNSMASQ" | awk '{print $1}') - for rule in $rules - do - iptables -t nat -D PREROUTING $rule 2> /dev/null - break - done - nums=$(expr $nums - 1) - done - fi + config_get dns_port "$cfg" port 53 + iptables -t nat -D PREROUTING -m comment --comment "DNSMASQ" -p udp --dport 53 -j REDIRECT --to-ports $dns_port 2>"/dev/null" + [ -n "$(command -v ip6tables)" ] && ip6tables -t nat -D PREROUTING -m comment --comment "DNSMASQ" -p udp --dport 53 -j REDIRECT --to-ports $dns_port 2>"/dev/null" } add_interface_trigger() From efa57dd53a2a442b6b3ff66b88ff3ff0d87c8431 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Mon, 7 Jun 2021 19:25:06 +0200 Subject: [PATCH 10/19] base-files: fix enabled for services with only STOP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There are services that have only STOP value set. They are executed only on shutdown and it is common to use them for system cleanup. There is one such service shipped directly with base-files, it is 'umount'. Those work the same way as those with START but enabled does not report them as enabled although it should have as they can be enabled and disabled as any other service. This also changes check from check for executable to check for symbolic link. The implementation depends on those being links to service file and it is much cleaner and direct to check for them being links. Signed-off-by: Karel Kočí --- package/base-files/files/etc/rc.common | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/package/base-files/files/etc/rc.common b/package/base-files/files/etc/rc.common index f39b69464e..5dcbf5138d 100755 --- a/package/base-files/files/etc/rc.common +++ b/package/base-files/files/etc/rc.common @@ -55,7 +55,12 @@ enable() { enabled() { name="$(basename "${initscript}")" - [ -x "$IPKG_INSTROOT/etc/rc.d/S${START}${name##S[0-9][0-9]}" ] + name="${name##[SK][0-9][0-9]}" + { + [ -z "${START:-}" ] || [ -L "$IPKG_INSTROOT/etc/rc.d/S${START}$name" ] + } && { + [ -z "${STOP:-}" ] || [ -L "$IPKG_INSTROOT/etc/rc.d/K${STOP}$name" ] + } } depends() { From 7b56be91d3c1d15725cff4dd8ef4778bbf8e45c9 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Tue, 22 Jun 2021 00:45:20 +0200 Subject: [PATCH 11/19] base-files: failsafe: Remove the VLAN modifier from interface name Some interfaces have a VLAN modifier like :t in lan1:t, this modifier should be removed from the interface before calling preinit_ip_config(). Signed-off-by: Hauke Mehrtens --- package/base-files/files/lib/preinit/10_indicate_preinit | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package/base-files/files/lib/preinit/10_indicate_preinit b/package/base-files/files/lib/preinit/10_indicate_preinit index 6ffcb36d08..bc48a99817 100755 --- a/package/base-files/files/lib/preinit/10_indicate_preinit +++ b/package/base-files/files/lib/preinit/10_indicate_preinit @@ -90,6 +90,8 @@ preinit_config_board() { else # trim any vlan ids ifname=${ifname%\.*} + # trim any vlan modifiers like :t + ifname=${ifname%\:*} fi pi_ifname=$ifname From c168074ccb893bbafd6a15982bb98b2b87c22a46 Mon Sep 17 00:00:00 2001 From: Aleksander Jan Bajkowski Date: Mon, 3 May 2021 10:49:06 +0200 Subject: [PATCH 12/19] kernel: crypto: limit crypto-hw-hifn-795x to devices with pci support CONFIG_CRYPTO_DEV_HIFN_795X depends on PCI. This driver only makes sense on devices with pci support. Signed-off-by: Aleksander Jan Bajkowski --- package/kernel/linux/modules/crypto.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/kernel/linux/modules/crypto.mk b/package/kernel/linux/modules/crypto.mk index a588459f1e..6413827d91 100644 --- a/package/kernel/linux/modules/crypto.mk +++ b/package/kernel/linux/modules/crypto.mk @@ -348,7 +348,7 @@ $(eval $(call KernelPackage,crypto-hw-geode)) define KernelPackage/crypto-hw-hifn-795x TITLE:=HIFN 795x crypto accelerator - DEPENDS:=+kmod-random-core +kmod-crypto-manager + DEPENDS:=@PCI_SUPPORT +kmod-random-core +kmod-crypto-manager KCONFIG:= \ CONFIG_CRYPTO_HW=y \ CONFIG_CRYPTO_DEV_HIFN_795X \ From 87959bdcb74a1bd6da16ad07cb095a9036282ef9 Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Tue, 22 Jun 2021 00:45:22 +0200 Subject: [PATCH 13/19] base-files: bring up vlan interface too Vlan subinterface was never brought up when using vlan-based preinit network. Tested forcing ifname="" before preinit_ip() on a Tp-Link Archer C5v4. Signed-off-by: Luiz Angelo Daros de Luca --- package/base-files/files/lib/preinit/10_indicate_preinit | 3 +++ 1 file changed, 3 insertions(+) diff --git a/package/base-files/files/lib/preinit/10_indicate_preinit b/package/base-files/files/lib/preinit/10_indicate_preinit index bc48a99817..9a527041a2 100755 --- a/package/base-files/files/lib/preinit/10_indicate_preinit +++ b/package/base-files/files/lib/preinit/10_indicate_preinit @@ -18,6 +18,9 @@ preinit_ip_config() { fi ip link set dev $netdev up + if [ -n "$vid" ]; then + ip link set dev $1 up + fi ip -4 address add $pi_ip/$pi_netmask broadcast $pi_broadcast dev $1 } From 28f8bfc08adabbd74a87562f02b600fd72b10df6 Mon Sep 17 00:00:00 2001 From: AmadeusGhost <42570690+AmadeusGhost@users.noreply.github.com> Date: Wed, 23 Jun 2021 23:02:31 +0800 Subject: [PATCH 14/19] mbedtls: refresh patches --- ...and-GCM-with-ARMv8-Crypto-Extensions.patch | 55 ++++++++----------- 1 file changed, 22 insertions(+), 33 deletions(-) diff --git a/package/libs/mbedtls/patches/100-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch b/package/libs/mbedtls/patches/100-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch index b6531181f0..7c840c020f 100644 --- a/package/libs/mbedtls/patches/100-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch +++ b/package/libs/mbedtls/patches/100-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch @@ -27,15 +27,13 @@ QEMU seems to also need Then run normal make or cmake etc. --- -diff -ruNa --binary a/ChangeLog.d/armv8_crypto_extensions.txt b/ChangeLog.d/armv8_crypto_extensions.txt ---- a/ChangeLog.d/armv8_crypto_extensions.txt 1970-01-01 08:00:00.000000000 +0800 -+++ b/ChangeLog.d/armv8_crypto_extensions.txt 2021-03-07 15:07:17.781911791 +0800 +--- a/ChangeLog.d/armv8_crypto_extensions.txt ++++ b/ChangeLog.d/armv8_crypto_extensions.txt @@ -0,0 +1,2 @@ +Features + * Support ARMv8 Cryptography Extensions for AES and GCM. -diff -ruNa --binary a/include/mbedtls/armv8ce_aes.h b/include/mbedtls/armv8ce_aes.h ---- a/include/mbedtls/armv8ce_aes.h 1970-01-01 08:00:00.000000000 +0800 -+++ b/include/mbedtls/armv8ce_aes.h 2021-03-07 15:07:17.781911791 +0800 +--- a/include/mbedtls/armv8ce_aes.h ++++ b/include/mbedtls/armv8ce_aes.h @@ -0,0 +1,63 @@ +/** + * \file armv8ce_aes.h @@ -100,9 +98,8 @@ diff -ruNa --binary a/include/mbedtls/armv8ce_aes.h b/include/mbedtls/armv8ce_ae + const unsigned char b[16] ); + +#endif /* MBEDTLS_ARMV8CE_AES_H */ -diff -ruNa --binary a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h ---- a/include/mbedtls/check_config.h 2020-12-10 20:54:15.000000000 +0800 -+++ b/include/mbedtls/check_config.h 2021-03-07 15:06:45.625543309 +0800 +--- a/include/mbedtls/check_config.h ++++ b/include/mbedtls/check_config.h @@ -95,6 +95,10 @@ #error "MBEDTLS_AESNI_C defined, but not all prerequisites" #endif @@ -119,9 +116,8 @@ diff -ruNa --binary a/include/mbedtls/check_config.h b/include/mbedtls/check_con #endif /* MBEDTLS_CHECK_CONFIG_H */ + -diff -ruNa --binary a/include/mbedtls/config.h b/include/mbedtls/config.h ---- a/include/mbedtls/config.h 2020-12-10 20:54:15.000000000 +0800 -+++ b/include/mbedtls/config.h 2021-03-07 15:14:27.957855484 +0800 +--- a/include/mbedtls/config.h ++++ b/include/mbedtls/config.h @@ -73,6 +73,7 @@ * Requires support for asm() in compiler. * @@ -130,7 +126,7 @@ diff -ruNa --binary a/include/mbedtls/config.h b/include/mbedtls/config.h * library/aria.c * library/timing.c * include/mbedtls/bn_mul.h -@@ -1888,6 +1889,21 @@ +@@ -1905,6 +1906,21 @@ #define MBEDTLS_AESNI_C /** @@ -152,9 +148,8 @@ diff -ruNa --binary a/include/mbedtls/config.h b/include/mbedtls/config.h * \def MBEDTLS_AES_C * * Enable the AES block cipher. -diff -ruNa --binary a/library/aes.c b/library/aes.c ---- a/library/aes.c 2020-12-10 20:54:15.000000000 +0800 -+++ b/library/aes.c 2021-03-07 15:06:45.625543309 +0800 +--- a/library/aes.c ++++ b/library/aes.c @@ -69,7 +69,9 @@ #if defined(MBEDTLS_AESNI_C) #include "mbedtls/aesni.h" @@ -178,9 +173,8 @@ diff -ruNa --binary a/library/aes.c b/library/aes.c #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) if( aes_padlock_ace ) { -diff -ruNa --binary a/library/armv8ce_aes.c b/library/armv8ce_aes.c ---- a/library/armv8ce_aes.c 1970-01-01 08:00:00.000000000 +0800 -+++ b/library/armv8ce_aes.c 2021-03-07 15:07:17.781911791 +0800 +--- a/library/armv8ce_aes.c ++++ b/library/armv8ce_aes.c @@ -0,0 +1,142 @@ +/* + * ARMv8 Cryptography Extensions -- Optimized code for AES and GCM @@ -324,9 +318,8 @@ diff -ruNa --binary a/library/armv8ce_aes.c b/library/armv8ce_aes.c +#endif /* MBEDTLS_GCM_C */ + +#endif /* MBEDTLS_ARMV8CE_AES_C */ -diff -ruNa --binary a/library/CMakeLists.txt b/library/CMakeLists.txt ---- a/library/CMakeLists.txt 2020-12-10 20:54:15.000000000 +0800 -+++ b/library/CMakeLists.txt 2021-03-07 15:06:45.625543309 +0800 +--- a/library/CMakeLists.txt ++++ b/library/CMakeLists.txt @@ -7,6 +7,7 @@ aesni.c arc4.c @@ -335,9 +328,8 @@ diff -ruNa --binary a/library/CMakeLists.txt b/library/CMakeLists.txt asn1parse.c asn1write.c base64.c -diff -ruNa --binary a/library/gcm.c b/library/gcm.c ---- a/library/gcm.c 2020-12-10 20:54:15.000000000 +0800 -+++ b/library/gcm.c 2021-03-07 15:06:45.625543309 +0800 +--- a/library/gcm.c ++++ b/library/gcm.c @@ -71,6 +71,10 @@ #include "mbedtls/aesni.h" #endif @@ -374,9 +366,8 @@ diff -ruNa --binary a/library/gcm.c b/library/gcm.c #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) { unsigned char h[16]; -diff -ruNa --binary a/library/Makefile b/library/Makefile ---- a/library/Makefile 2020-12-10 20:54:15.000000000 +0800 -+++ b/library/Makefile 2021-03-07 15:12:49.277078224 +0800 +--- a/library/Makefile ++++ b/library/Makefile @@ -65,6 +65,7 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ @@ -385,10 +376,9 @@ diff -ruNa --binary a/library/Makefile b/library/Makefile base64.o bignum.o blowfish.o \ camellia.o ccm.o chacha20.o \ chachapoly.o cipher.o cipher_wrap.o \ -diff -ruNa --binary a/library/version_features.c b/library/version_features.c ---- a/library/version_features.c 2020-12-10 20:54:15.000000000 +0800 -+++ b/library/version_features.c 2021-03-07 15:06:45.625543309 +0800 -@@ -583,6 +583,9 @@ +--- a/library/version_features.c ++++ b/library/version_features.c +@@ -586,6 +586,9 @@ #if defined(MBEDTLS_AESNI_C) "MBEDTLS_AESNI_C", #endif /* MBEDTLS_AESNI_C */ @@ -398,4 +388,3 @@ diff -ruNa --binary a/library/version_features.c b/library/version_features.c #if defined(MBEDTLS_AES_C) "MBEDTLS_AES_C", #endif /* MBEDTLS_AES_C */ - From b75e6ec413773096b4a5f58158806ad43130af22 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Fri, 9 Apr 2021 17:22:48 -0700 Subject: [PATCH 15/19] base-files: fix zoneinfo support The system init script currently sets /tmp/localinfo when zoneinfo is populated. However, zoneinfo has spaces in it whereas the actual files have _ instead of spaces. This made the if condition never return true. Example failure when removing the if condition: /tmp/localtime -> /usr/share/zoneinfo/America/Los Angeles This file does not exist. America/Los_Angeles does. Ran through shfmt -w -ci -bn -sr -s Signed-off-by: Rosen Penev --- package/base-files/files/etc/init.d/system | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/package/base-files/files/etc/init.d/system b/package/base-files/files/etc/init.d/system index 08cf86b97f..2290964d7e 100755 --- a/package/base-files/files/etc/init.d/system +++ b/package/base-files/files/etc/init.d/system @@ -4,8 +4,7 @@ START=10 USE_PROCD=1 -validate_system_section() -{ +validate_system_section() { uci_load_validate system system "$1" "$2" \ 'hostname:string:OpenWrt' \ 'conloglevel:uinteger' \ @@ -22,9 +21,13 @@ system_config() { echo "$hostname" > /proc/sys/kernel/hostname [ -z "$conloglevel" -a -z "$buffersize" ] || dmesg ${conloglevel:+-n $conloglevel} ${buffersize:+-s $buffersize} - echo "$timezone" > /tmp/TZ - [ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/$zonename" ] && \ - ln -sf "/usr/share/zoneinfo/$zonename" /tmp/localtime && rm -f /tmp/TZ + rm -f /tmp/TZ + if [ -n "$zonename" ]; then + local zname=$(echo "$zonename" | tr ' ' _) + [ -f "/usr/share/zoneinfo/$zname" ] && ln -sf "/usr/share/zoneinfo/$zname" /tmp/localtime + else + echo "$timezone" > /tmp/TZ + fi # apply timezone to kernel hwclock -u --systz @@ -35,8 +38,7 @@ reload_service() { config_foreach validate_system_section system system_config } -service_triggers() -{ +service_triggers() { procd_add_reload_trigger "system" procd_add_validation validate_system_section } From 26663f405a02f50ce0cbdf212884342fc7a112c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Thu, 10 Jun 2021 07:14:03 +0200 Subject: [PATCH 16/19] ipq40xx: specify FritzBox 7530 LAN port label numbers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This helps managing LAN ports. Ref: https://forum.openwrt.org/t/openwrt-21-02-0-second-release-candidate/98026/121 Fixes: 95b0c07a618f ("ipq40xx: add support for FritzBox 7530") Cc: David Bauer Signed-off-by: Rafał Miłecki --- target/linux/ipq40xx/base-files/etc/board.d/02_network | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/linux/ipq40xx/base-files/etc/board.d/02_network b/target/linux/ipq40xx/base-files/etc/board.d/02_network index 439787b602..181be19d1e 100755 --- a/target/linux/ipq40xx/base-files/etc/board.d/02_network +++ b/target/linux/ipq40xx/base-files/etc/board.d/02_network @@ -50,7 +50,7 @@ ipq40xx_setup_interfaces() ;; avm,fritzbox-7530) ucidef_add_switch "switch0" \ - "0t@eth0" "1:lan" "2:lan" "3:lan" "4:lan" + "0t@eth0" "1:lan:4" "2:lan:3" "3:lan:2" "4:lan:1" ;; aruba,ap-303|\ aruba,ap-365|\ From 0a5e5ca336821c7f5b1b45873f7b18c3f349730d Mon Sep 17 00:00:00 2001 From: Paul Spooren Date: Thu, 24 Jun 2021 07:42:53 -1000 Subject: [PATCH 17/19] base-files: fix /tmp/TZ when zoneinfo not installed The zoneinfo packages are not installed per default so neither /tmp/localtime nor /tmp/TZ is generated. This patch mostly reverts the previous fix and instead incooperates a solution suggested by Jo. Fixes "base-files: fix zoneinfo support " 8af62ed Signed-off-by: Paul Spooren --- package/base-files/files/etc/init.d/system | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/package/base-files/files/etc/init.d/system b/package/base-files/files/etc/init.d/system index 2290964d7e..dcfc2616c6 100755 --- a/package/base-files/files/etc/init.d/system +++ b/package/base-files/files/etc/init.d/system @@ -21,13 +21,10 @@ system_config() { echo "$hostname" > /proc/sys/kernel/hostname [ -z "$conloglevel" -a -z "$buffersize" ] || dmesg ${conloglevel:+-n $conloglevel} ${buffersize:+-s $buffersize} - rm -f /tmp/TZ - if [ -n "$zonename" ]; then - local zname=$(echo "$zonename" | tr ' ' _) - [ -f "/usr/share/zoneinfo/$zname" ] && ln -sf "/usr/share/zoneinfo/$zname" /tmp/localtime - else - echo "$timezone" > /tmp/TZ - fi + echo "$timezone" > /tmp/TZ + [ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/${zonename// /_}" ] \ + && ln -sf "/usr/share/zoneinfo/${zonename// /_}" /tmp/localtime \ + && rm -f /tmp/TZ # apply timezone to kernel hwclock -u --systz From 89e77fb426b6908e247758d691af198235b830e0 Mon Sep 17 00:00:00 2001 From: Rui Salvaterra Date: Thu, 24 Jun 2021 20:05:21 +0100 Subject: [PATCH 18/19] zram-swap: robustify mkswap/swapon/swapoff invocation Instead of assuming /sbin contains the correct BusyBox symlinks, directly invoke the busybox executable. The required utilities are guaranteed to be present, since the zram-swap package selects them. Additionally, don't assume busybox resides in /bin, rely on PATH to find it. While at it, update the copyright year, use SPDX and switch to AUTORELEASE. Signed-off-by: Rui Salvaterra --- package/system/zram-swap/Makefile | 9 ++---- package/system/zram-swap/files/zram.init | 40 ++++++------------------ 2 files changed, 13 insertions(+), 36 deletions(-) diff --git a/package/system/zram-swap/Makefile b/package/system/zram-swap/Makefile index 80f87fcdff..d0d1baddd1 100644 --- a/package/system/zram-swap/Makefile +++ b/package/system/zram-swap/Makefile @@ -1,14 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-only # -# Copyright (C) 2013 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# +# Copyright (C) 2013-2021 OpenWrt.org include $(TOPDIR)/rules.mk PKG_NAME:=zram-swap -PKG_RELEASE:=8 +PKG_RELEASE:=$(AUTORELEASE) PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) diff --git a/package/system/zram-swap/files/zram.init b/package/system/zram-swap/files/zram.init index 2899f53f2e..1a5521f965 100755 --- a/package/system/zram-swap/files/zram.init +++ b/package/system/zram-swap/files/zram.init @@ -25,31 +25,6 @@ zram_getsize() # in megabytes fi } -zram_applicable() -{ - local zram_dev="$1" - - [ -e "$zram_dev" ] || { - logger -s -t zram_applicable -p daemon.crit "[ERROR] device '$zram_dev' not found" - return 1 - } - - [ -x /sbin/mkswap ] || { - logger -s -t zram_applicable -p daemon.err "[ERROR] 'BusyBox mkswap' not installed" - return 1 - } - - [ -x /sbin/swapon ] || { - logger -s -t zram_applicable -p daemon.err "[ERROR] 'BusyBox swapon' not installed" - return 1 - } - - [ -x /sbin/swapoff ] || { - logger -s -t zram_applicable -p daemon.err "[ERROR] 'BusyBox swapoff' not installed" - return 1 - } -} - zram_dev() { local idx="$1" @@ -159,9 +134,14 @@ start() return 1 fi - local zram_size="$( zram_getsize )" local zram_dev="$( zram_getdev )" - zram_applicable "$zram_dev" || return 1 + + [ -e "$zram_dev" ] || { + logger -s -t zram_start -p daemon.crit "[ERROR] device '$zram_dev' not found" + return 1 + } + + local zram_size="$( zram_getsize )" local zram_priority="$( uci -q get system.@system[0].zram_priority )" zram_priority=${zram_priority:+-p $zram_priority} @@ -170,8 +150,8 @@ start() zram_reset "$zram_dev" "enforcing defaults" zram_comp_algo "$zram_dev" echo $(( $zram_size * 1024 * 1024 )) >"/sys/block/$( basename "$zram_dev" )/disksize" - /sbin/mkswap "$zram_dev" - /sbin/swapon -d $zram_priority "$zram_dev" + busybox mkswap "$zram_dev" + busybox swapon -d $zram_priority "$zram_dev" } stop() @@ -180,7 +160,7 @@ stop() for zram_dev in $( grep zram /proc/swaps |awk '{print $1}' ); do { logger -s -t zram_stop -p daemon.debug "deactivate swap $zram_dev" - /sbin/swapoff "$zram_dev" && zram_reset "$zram_dev" "claiming memory back" + busybox swapoff "$zram_dev" && zram_reset "$zram_dev" "claiming memory back" local dev_index="$( echo $zram_dev | grep -o "[0-9]*$" )" if [ $dev_index -ne 0 ]; then logger -s -t zram_stop -p daemon.debug "removing zram $zram_dev" From b0ff6bb8a669eafd2428fb73b6da9834de38b502 Mon Sep 17 00:00:00 2001 From: Ali MJ Al-Nasrawy Date: Wed, 18 Sep 2019 20:14:42 +0300 Subject: [PATCH 19/19] mac80211: distance config: allow "auto" as a value The user can now enable the ACK timeout estimation algorithm (dynack) for drivers that support it. It is also expected that the distance config accepts the same values as: $ iw phyX set distance XXX Signed-off-by: Ali MJ Al-Nasrawy (cherry picked from commit a8a1ef856871dc8403ea9c0a3bb347c7120b0e65) Signed-off-by: Tianling Shen --- package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh b/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh index 9ffec7ac22..3c3ed68852 100644 --- a/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh +++ b/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh @@ -24,8 +24,9 @@ drv_mac80211_init_device_config() { config_add_string path phy 'macaddr:macaddr' config_add_string hwmode config_add_string tx_burst + config_add_string distance config_add_int beacon_int chanbw frag rts - config_add_int rxantenna txantenna antenna_gain txpower distance + config_add_int rxantenna txantenna antenna_gain txpower config_add_boolean noscan ht_coex config_add_array ht_capab config_add_array channels