Commit Graph

4611 Commits

Author SHA1 Message Date
Matthias Schiffer
b68f2484ff
treewide: remove leftover GLUON_SPECIALIZE_KERNEL dependencies (#2514)
This was removed in commit c23bc293ef ("treewide: remove
GLUON_SPECIALIZE_KERNEL").
2022-05-08 12:14:03 +02:00
naveen
341ed3b311 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-05-08 01:00:16 +00:00
Matthias Schiffer
9d403c9849
docs: dev/hardware: update hardware support documentation (#2458)
Replace most of the page to account for the changes that have happened
in Gluon and OpenWrt in the last 4 years:

- Switch from Shell-based target definition language to Lua
- Removal of targets using legacy build code

Closes #2360
2022-05-07 18:27:45 +02:00
David Bauer
56eaf4aa28
treewide: switch crypto lib to WolfSSL (#2509)
WolfSSL has a significant lower flash footprint. Also, issues with OWE /
SAE connections were fixed in OpenWrt a while ago.

See ddcb970274

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-05-07 15:17:03 +02:00
Matthias Schiffer
b1a12a4a0c
generic: reduce kernel size some more (#2510)
Remove a few features that became enabled by default since OpenWrt 19.07.
Disabling CONFIG_RELAY also reduces RAM usage.
2022-05-07 15:16:47 +02:00
David Bauer
1bcd4a47c9
Merge pull request #2508 from blocktrron/gluon-size
generic: reduce flash consumption
2022-05-07 00:01:45 +02:00
David Bauer
fd6f8c2919 generic: optimize kernel size
Remove kernel symbols which are not required for Gluon.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-05-06 20:57:25 +02:00
David Bauer
6fe2e6fc80 target: remove nftables
Gluon still uses firewall3 and iptables, so remove dependency on
nftables.
2022-05-06 20:57:03 +02:00
David Bauer
d656d38c7c mesh-vpn-core: require legacy iptables
Require legacy iptables, as Gluon still depends on firewall3. Otherwise,
nftables is pulled in as a dependency.
2022-05-06 20:55:57 +02:00
David Bauer
436d6053cb
Merge pull request #2504 from freifunk-gluon/update-modules
Update modules
2022-05-06 08:43:35 +02:00
Matthias Schiffer
8ebba2350a
modules: update OpenWrt packages
948ea0e9c046 ecdsautils: update to v0.4.1
97333939dbcc hwdata: update to version 0.359
22c8efd9377c tor: bump to 0.4.7.7 stable
241e70f5fd84 etherwake-nfqueue: swap iptables for nftables dependency
61e0ee2e8e30 rclone: Update to 1.58.1
a8374c48e14f apfree-wifidog: fix compile error
2af08fe724f3 gst1-libav: fix compilation with ffmpeg5
419054a05f56 libtorrent-rasterbar: Update to 2.0.6

With the update to ecdsautils 0.4.1, we can remove the downstream patch
again.
2022-05-05 20:08:12 +02:00
Matthias Schiffer
f0e76390ef
modules: update OpenWrt base
5ff900e0ade7 firewall: config: remove restictions on DHCPv6 allow rule
2ac5ee7f8a99 fstools: update to git HEAD
ffe12f8b48cf procd: update to git HEAD
0dc3ecf0da1c base-files: simplify restorecon logic
efc38b315e9b selinux-policy: update to version 1.1
6cb08b17979c base-files: add missing $IPKG_INSTROOT to restorecon call
9282cb0be06c base-files: address sed in-place without SELinux awareness
dc71658a802b fstools: update to git HEAD
3a974b5bcd77 ipq40xx: fix BDF file for pcie wifi chip on the GL.Inet GL-B2200
d90c7621f40f kernel: bump 5.10 to 5.10.113
e9c14fa85f4d kernel: bump 5.10 to 5.10.112
fa8e050c4bcb f2fs-tools: fix resize.f2fs (#9800)
0c25b9cb11bf ath79: add USB power control for GL-AR300M series
a142d96ade46 mpc85xx: Fix output location of padded dtb
fbd9605a908d build: don't remove BUILD_LOG_DIR in _clean
946f60aaebc6 dnsmasq: add logfacility file to jail mounts
6d5a097232b0 ath79: ubnt: drop swconfig on ac-{lite,lr,mesh}
18649fbff04a bcm63xx: fix description fix name case
d79380ac1dff ath79: ZTE MF286R: add comgt-ncm to DEVICE_PACKAGES
4c5d2cde1307 ramips: zbt-wg2626: Add the reset gpio for PCIe port 1
2022-05-05 20:07:26 +02:00
Matthias Schiffer
605c7e0806
docs: import v2021.1.2 release notes and update README 2022-05-05 20:01:08 +02:00
Matthias Schiffer
9aaeda8df3
Update copyright years 2022-05-05 19:57:47 +02:00
Matthias Schiffer
204f7e56e3
Merge pull request from GHSA-xqhj-fmc7-f8mv
ecdsautils: verify: fix signature verification (CVE-2022-24884)
2022-05-05 18:02:38 +02:00
J. Burfeind
743ba02fe9
ramips-mt76x8: add support for TP-Link Archer C20 v4 (#2500)
Co-authored-by: Ilja Gerhardt <ilja@cryptix.net>

Co-authored-by: Ilja Gerhardt <ilja@cryptix.net>
2022-05-05 11:10:07 +02:00
J. Burfeind
40f8275918
ath79-generic: (re)add Archer C7 v4 (#2497)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-05 01:19:29 +02:00
J. Burfeind
ab3e831b7c
ath79-generic: (re)add support for tl-wdr3500-v1 (#2450)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-04 00:33:05 +02:00
Matthias Schiffer
5e6bac4e52
ecdsautils: verify: fix signature verification (CVE-2022-24884)
A vulnerability was found in ecdsautils which allows forgery of ECDSA
signatures. An adversary exploiting this vulnerability can create an update
manifest accepted by the autoupdater, which can be used to distribute
malicious firmware updates by spoofing a Gluon node's connection to the
update server.
2022-05-03 20:35:16 +02:00
J. Burfeind
6526612aaf
ath79-generic: (re)add archer c60 (#2496)
Device is marked as broken due to ath9k+ath10k 8/64.

Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-02 23:38:56 +02:00
Andreas Ziegler
948d3e10e7
ath79-generic: (re)add support for archer-c59-v1 (#2489) 2022-05-01 19:38:12 +02:00
J. Burfeind
4ec8c4db19
ath79-generic: (re)add support for gl-usb150 (#2476)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-01 19:36:13 +02:00
Tom Herbers
aef006e02e
mpc85xx-p1020: add Extreme Networks WS-AP3825i (#2495) 2022-05-01 10:43:32 +02:00
David Bauer
154ecf6ad8
Merge pull request #2426 from freifunk-gluon/switch-2203
modules: use OpenWrt 22.03
2022-04-30 23:47:27 +02:00
David Bauer
90dfd25e06 mpc85xx-p1010: remove TP-Link WDR4900
Remove support for the TP-Link WDR4900, as it us currently unable to
load its kernel sure to factory bootloader constraints.

Progress on this topic is tracked in #2491
2022-04-30 16:35:44 +02:00
David Bauer
78b2bca383 generic: remove jool workaround
Jool can be built without error on 22.03. Remove this workaround.
2022-04-30 16:35:06 +02:00
David Bauer
8fde14f63d generic: remove firewall4 2022-04-30 16:35:06 +02:00
David Bauer
3dc3b40819 treewide: replace ip6tables with ip6tables-legacy 2022-04-30 16:35:06 +02:00
David Bauer
e453b503bd modules: switch to OpenWrt 22.03 2022-04-30 16:35:05 +02:00
David Bauer
f54c0e789f
Merge pull request #2493 from blocktrron/modules-220427
modules: update to latest HEAD
2022-04-27 19:03:57 +02:00
Matthias Schiffer
a27edd4baa
Merge pull request #2459 from ffgraz/cm
gluon-setup-mode: add gluon-enter-setup-mode
2022-04-27 18:36:59 +02:00
Matthias Schiffer
1992383134
Merge pull request #2457 from MyIgel/statuspage-fix-tables
gluon-status-page: explicitly add tbody element to fix table manipulation
2022-04-27 17:20:24 +02:00
David Bauer
61b7085ff7 modules: update routing
b8461cc batman-adv: compat: Add atomic mc_forwarding support for stable kernels
a0d61bd mesh11sd: [New Package] Release v1.0.0
6166db3 naywatch: fix reboot_now
2022-04-27 13:57:23 +02:00
David Bauer
0bb999732c modules: update packages
0d142ffd2 telegraf: Update to version 1.22.2
587caf22a xray-core: Update to 1.5.5
87f14264f prometheus-node-exporter-lua: improve ubnt-manager
959860dc4 git: update to version 2.34.3
636342ee4 golang: Update to 1.17.9
51231fc5c ffmpeg: update to version 4.3.4
45426fa3d ruby: update to 3.0.4
4d34758b6 ci: use openwrt/gh-action-sdk@v4
edc9829bd delve: Update to 1.8.2
fe3e0493d usteer: update to latest HEAD
8995d3f02 python3-speedtest-cli: update to 2.1.3
827c37533 ooniprobe: Update 3.14.2
04a580232 ooniprobe: update to version 3.10.1
a33113111 ooniprobe: update to version 3.9.2
9f90da736 ooniprobe: update to version 3.9.0
918ca913b ooniprobe: update to version 3.8.0
a11f9a412 ooniprobe: update to version 3.7.0
915fed260 ooniprobe: update to version 3.5.2
78bcd00c1 yq: Update to 4.24.5
8406439bd yq: Update to 4.24.4
754c075a8 prometheus-node-exporter-lua: fix ubnt-manager collector
8ac019e76 prometheus-node-exporter-lua: add ubnt-manager collector
406abcbcc ubnt-manager: add ubnt-manager
216a37d65 pdns-recursor: add patch for CVE-2022-27227
f618daa55 pdns: add patch for CVE-2022-27227
427f2f995 haveged: update to 1.9.18
25a2c9f70 php7-pecl-redis: update to 5.3.7
3094dfadd php7-pecl-http: update to 3.2.5
77dcb4c90 php8: update to 8.0.17
e74e59d04 telegraf: Update to version 1.22.1
14d7e1608 keepalived: fix libip6tc dependency
3fbe10e59 keepalived: add missing CONFIG_ prefix to PKG_CONFIG_DEPENDS elements
bbb13556d adguardhome: Update adguardhome to v0.107.5
19e621a43 adguardhome: Bump adguardhome to v0.107.3 stable
d86d6d02b adguardhome: Update to v0.107.2 stable
9fa3942a8 nextdns: Update to version 1.37.11
894f58ceb yq: Update to 4.24.2
fbcaa8bce ksmbd-tools: revert update to 3.4.4
2022-04-27 13:57:23 +02:00
David Bauer
70ed8ea18b modules: update openwrt
5b7d01b427 iwinfo: update to latest HEAD
39aaec62ca hostapd: refresh patches
e2030fcfa7 hostapd: add ubus link-measurements notifications
1a2940f68e hostapd: add ubus method for requesting link measurements
b4a9597154 hostapd: add support for enabling link measurements
5a18028c69 iwinfo: update to latest HEAD
b519d76276 iwinfo: update to latest Git head
01cc5e195d iwinfo: update to latest Git HEAD
44781b265c iwinfo: update to the latest version
f7c445aa7d iwinfo: update to the latest version
75cbd8de00 wolfssl: fix compilation with /dev/crypto
1418439da9 kernel: add missing config symbols
39f1815b3e mac80211: fix QCA9561 PA bias
1769e3162e ramips: mt7620: disable SOC VLANs for external switches
30e47fb1e4 ramips: mt7620: ethernet: use more macros and bump version
3f976d0225 ramips: mt7620: fix RGMII TXID PHY mode
6685eb29e5 ramips: mt7620: add ephy-disable option to switch driver
47db830b82 ramips: mt7620: move mt7620_mdio_mode() to ethernet driver
6876465875 ramips: mt7620: use DTS to set PHY base address for external PHYs
5d7805c78b ramips: mt7620: allow both internal and external PHYs
01bbed7444 ramips: mt7620: fix ethernet driver GMAC port init
6491212ea7 ramips: mt7620: remove useless GMAC nodes
a14c2d409c ramips: mt7620: simplify DTS properties for GMAC
c652a06eef ramips: mt7620: enable autonegotiation for all ports
08ec622c46 ramips: make PHY initialization more descriptive
4123f177f9 ramips: add support for the Wavlink WL-WN579X3
92af15077f ramips: split Youku YK1 to YK-L1 and YK-L1c
55f8eb84d2 ramips: improve pinctrl for Youku YK-L1
92489b4f82 ramips: speed up spi frequency for Youku YK-L1
bea1891182 ramips: remove obsolete mx25l25635f compatible hack
6c44b157e5 mvebu: kernel: enable CONFIG_BLK_DEV_NVME
f0f9b7ac5c OpenWrt v21.02.3: revert to branch defaults
42a15ca378 OpenWrt v21.02.3: adjust config defaults
1d4dea6d4f ath79: Move TPLink WPA8630Pv2 to ath79-tiny target
41a97c2074 bcm27xx: add AMP2 to HifiBerry DAC+ / DAC+ Pro package
9a765554f4 ath79: add support for MikroTik RouterBOARD mAP lite
2cc9ee8000 ath79: add support for Yuncore A930
06874171d1 ath79: add support for Yuncore XD3200
c5ef62a218 wolfssl: bump to 5.2.0
99b00edf35 mac80211: Update to version 5.10.110-1
9132344444 bpftools: fix feature override for masking clang
169c9e3a88 ramips: fix reboot for remaining 32 MB boards
39bf2aee0e kernel: bump 5.4 to 5.4.188
3008f1f441 imagebuilder: fix broken image generation with external targets
2022-04-27 13:57:23 +02:00
David Bauer
099d2bd693
docs: fix mpc85xx-p1010 target name (#2492)
The mpc85xx-generic target was renamed to mpc85xx-p1010 in OpenWrt
21.02. The target name in Gluon docs was never adjusted however.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-04-25 00:02:08 +02:00
J. Burfeind
ed0cb90d42
ath79-generic: (re)add support for archer-c25-v1 (#2477)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-04-21 22:42:07 +02:00
J. Burfeind
374b81ddc0
ath79-generic: (re)add support for wndr3700v2 (#2485)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-04-21 22:34:11 +02:00
Igor Scheller
1ceb4428da gluon-status-page: Use querySelector instead of firstElementChild 2022-04-17 23:26:17 +02:00
Igor Scheller
68a5a74d1d gluon-status-page: Move mesh vpn id to table body, directly use table body 2022-04-17 23:10:40 +02:00
eberhab
9ec4abd043
ramips-mt76x8: add support for TP-Link Archer C20 v5 (#2481)
https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=86e7353bff2a5de257de8ec62e782f016eed143c

Co-authored-by: Tom Herbers <mail@tomherbers.de>
2022-04-17 20:47:27 +02:00
Matthias Schiffer
a8d25670ce
gluon-core: use copy of "WAN" role list for "single" default (#2478)
Instead of using roles.wan directly as the default for roles.single,
create a copy of the table, so subsequent modifications of roles.single
don't affect roles.wan as well.

Fixes migration of Mesh-on-WAN status when no default for "single"
interfaces is set in site.conf.
2022-04-17 20:46:53 +02:00
Tom Herbers
588502cff1
ath79-generic: (re)add support for tl-wr1043n-v5 (#2483)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-04-17 20:31:43 +02:00
Manu.WTF
f63fa832fd
ath79-generic: (re)add support for unifiac-pro (#2439) 2022-04-17 11:56:19 +02:00
Matthias Schiffer
1252871217
gluon-core: fix gluon.util.get_role_interfaces() with empty role list (#2472)
The function failed when an interface has no roles assigned, breaking
several upgrade scripts.

Closes #2471
2022-04-17 01:19:22 +02:00
Matthias Schiffer
4225bd3853
gluon-core: fix setting interface default roles from site.conf (#2463)
Make the code match the docs and check_site.lua by actually looking up
the "default_roles" field, not "roles".
2022-04-13 00:49:46 +02:00
Igor Scheller
ea7b3163d1 gluon-status-page: Code clarification and formatting 2022-04-11 23:51:19 +02:00
J. Burfeind
684b4a80a0
ath79-generic: (re)add support for wbs210v1 (#2461)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-04-08 00:18:34 +02:00
Maciej Krüger
1d7d50cf23
gluon-setup-mode: use gluon-enter-setup-mode 2022-04-06 22:30:02 +02:00
Maciej Krüger
cc49806e08
gluon-setup-mode: add gluon-enter-setup-mode
Script to enable setup mode and reboot

Fixes #2412
2022-04-06 22:29:45 +02:00