Commit Graph

4538 Commits

Author SHA1 Message Date
David Bauer
a8a1a058b4 modules: update openwrt
b42511c007 ath79: fix label MAC address for D-Link DIR-825B1
0ed3446bfc OpenWrt v22.03.0-rc3: revert to branch defaults
f0e0bcba5e OpenWrt v22.03.0-rc3: adjust config defaults
9f415792e1 ath79: NanoBeam M5 fix target_devices
d9cb31f944 ath79: add support for Ubiquiti NanoBeam M5
fca0069247 OpenWrt v22.03.0-rc2: revert to branch defaults
4f6f9caf1f OpenWrt v22.03.0-rc2: adjust config defaults
2022-05-29 00:03:07 +02:00
lemoer
c133fbbef6
push_pkg.sh: use scp protocol for openssh scp (#2479)
Starting from OpenSSH 9.0p, scp started to use sftp in favor of the
scp protocol by default. As dropbear in OpenWrt currently does not
support sftp by default, we now use the fallback cli switch "-O"
to use the scp protocol for scp.
2022-05-28 20:41:10 +02:00
Jan
b690939fae
ramips-mt7620: remove "broken" status for ASUS RT-AC51U (#2494) 2022-05-27 21:40:05 +02:00
Sebastian Schaper
d56a0f2602 ath79-generic: migrate D-Link DIR-825 B1 from ar71xx
Signed-off-by: Sebastian Schaper <openwrt@sebastianschaper.net>
2022-05-27 19:28:04 +02:00
Matthias Schiffer
92a6b81e8a
gluon-autoupdater: check that good_signatures does not exceed number of provided pubkeys 2022-05-27 12:12:26 +02:00
Matthias Schiffer
3a893f67ce
ci: minimal-site: set good_signatures to 0
Do not fail the new check that good_signatures ≤ #pubkeys.
2022-05-27 12:12:26 +02:00
Matthias Schiffer
53cf8796c7
gluon-autoupdater: revert to default branch when configured branch is invalid
An invalid branch may be set for various reasons:

- Previous firmware had an invalid default branch
- Branch list has changed and old UCI branch config was removed by a
  site-specific upgrade script
- Manual UCI configuration
2022-05-27 12:00:32 +02:00
Matthias Schiffer
2c65f0834b
gluon-autoupdater: factor out default_branch() function
Make the code clearer and prepare for invalid branch fixup.
2022-05-27 12:00:32 +02:00
Matthias Schiffer
db48b6b693
gluon-autoupdater: check default branch name
Check the default branch (both from site.conf and GLUON_AUTOUPDATER_BRANCH)
against the list of configured branch names to avoid misconfiguration.
2022-05-27 12:00:32 +02:00
Matthias Schiffer
d24ae56378
gluon-core: check-site: support checking "custom" values
The new "value" helper can be used to turn a Lua value into a path that
can be passed to need_*() etc.
2022-05-27 12:00:31 +02:00
Matthias Schiffer
674ec7b64a
ath79-generic: re-add support for Ubiquiti UniFi AP Outdoor+ (#2440)
Removed in 45c84a117b ("ar71xx: drop target").
2022-05-26 23:35:18 +02:00
Maciej Krüger
a0df96eb97
ath79-mikrotik: add support for Mikrotik RB951Ui-2nD (#2377)
Re-add mikrotik target

Note that previous images were generic ones and as such no migration
path is provided other than manually flashing the image via config-mode.
2022-05-22 11:45:28 +02:00
David Bauer
1ef3edbe58
Merge pull request #2352 from lemoer/pr_site_vpn_mtu_in_provider
RFC: gluon-mesh-vpn-*: make MTU of VPN device provider specific
2022-05-22 11:45:10 +02:00
J. Burfeind
36f406746e
gluon-status-page: fix mesh-vpn section for wg (#2502)
Since freifunk-gluon/packages#250 mesh-vpn-peers
can be empty arrays if they're not connected
and the node is in a WireGuard site.
2022-05-21 20:27:14 +02:00
lemoer
d3dbc3d8ed docs: move mtu in site.rst 2022-05-21 20:09:01 +02:00
lemoer
5f8da70ffd docs: adjust example site.conf 2022-05-21 20:08:52 +02:00
David Bauer
ae27394f78
Merge pull request #2528 from blocktrron/upstream-master-updates
base: update modules
2022-05-21 18:13:31 +02:00
lemoer
7c81897b4c gluon-mesh-vpn-*: make vpn MTU provider specific
If a community uses different vpn providers, they typically
assume the same MTU for the wan device underneath the VPN. As
different VPN providers however have different overhead, the MTU
of the VPN device differs for each provider. Therefore this
commit makes the MTU of the VPN device provider specific.

This has two advantages:
1. The same site.conf can used to bake firmwares for different
   VPN providers (only by selecting a diferent vpn feature in the
   site.mk).
2. We are coming closer to the option of integrating multiple VPN
   providers into one firmware.
2022-05-21 18:12:49 +02:00
David Bauer
18818bb624 modules: update routing
f6d2b09 babeld: rewrite description
37d2c78 babled: update to 1.12.1
255c859 babeld: update to 1.12
f2bebea alfred: Merge bugfixes from 2022.1
2bebe7e batctl: Merge bugfixes from 2022.1
0ab07cf batman-adv: Merge bugfixes from 2022.1
2022-05-21 18:09:26 +02:00
David Bauer
6fcc04ab64 modules: update packages
b708cf5a1 ffmpeg: update to 5.0.1
2d0893afb pigeonhole: update to 2.3.18
2904343fb dovecot: update to 2.3.18
771fc2373 openconnect: bump to version 9.01
6621ab68b miniflux: update to 2.0.36
aaab4075c openldap: drop use of HTTP in favor of HTTPS
2abb60c16 audit: avoid interferece with base libaudit build
964e972af audit: remove host build
0c44bdcea audit: Fix compilation with kernel 5.15
223f6215b poemgr: add package
9f4253df4 shadowsocks-libev: fix compat issue with newer version of ucode
044425dc4 bluez: Update to 5.64, update/refresh patches
30c39ca1d docker: Update to v20.10.16
b23eb24dc dockerd: Update to v20.10.16
6f3e7f879 libnetwork: Updated to 339b97 for docker v20.10.16
c5061b93d containerd: Update to v1.6.4 for docker v20.10.16 * Overrode `PREFIX` to have the old behaviour
33d3642c8 runc: Update to v1.1.1 for docker v20.10.16
001ab241e icu: bump to 71.1
136fb020f usteer: update to latest HEAD
db966f719 telegraf: Update to version 1.22.4
864bc0eac golang: Update to 1.18.2
867ad434f micropython-lib: Update to latest master
0cd609b67 ci: Look for changed packages in the PR branch only
9d2246b28 docker: fix compilation with glibc
5af6f2592 dockerd: fix compilation with glibc
8905f9808 dockerd: Add firewall independent dependencies
79614bb2a dockerd: Sorted dependencies for better diffs
c227c65c6 docker:  Update to 20.10.14
df8b28232 dockerd: Update to 20.10.14, and update version checking mechanism
23547de3c containerd: Update to 1.5.11
c79b4f85b runc: update to 1.0.3
f8892740c privoxy: update to 3.0.33 and fix the init script
6f606107e lxc: export systemd cgroups after install
245c658fa cloudflared: Update to 2022.5.1
61a2e96d2 dnsproxy: Update to 0.42.3
f8e2c5dca dawn: update to 2022-05-09
68c7cb1d3 haproxy: Update HAProxy to v2.4.16
db148cc08 adblock: list maintenance
821fd2499 strongswan: add wolfssl plugin
220c75cef htop: update to 3.2.0
dad9ae19e v2rayA: Update to 1.5.7
2aa2a157b cloudreve: Update to 3.5.3
d51f7c20b cloudreve: Update to 3.5.2
0e639eb47 cloudflared: Update to 2022.5.0
23fc3e63c youtube-dl: update to 2021.12.17
50e306326 usteer: update to latest HEAD
f26d5e546 passh: updated per OpenWrt's common practice
3bd1d510e passh: an sshpass alternative
7fddd201f sexpect: updated per OpenWrt's common practice
40e42950c sexpect: Expect for Shells
b282f5bba https-dns-proxy: 2021-11-22-3: add support for Canary Domains
b93534691 zerotier: fix segfault on ARM platforms
2022-05-21 18:09:25 +02:00
David Bauer
7a80663f18 modules: update openwrt
34b6abf5a8 ath79: add support for MikroTik hAP (RB951Ui-2nD)
03cfdf72e2 ath79: add support for MikroTik RouterBOARD hAP ac lite
80baa60259 firewall4: update to latest Git HEAD
4575498276 ucode: update to latest Git HEAD
e90f74feb6 kernel: bump 5.10 to 5.10.116
95c315f200 ath79: fix ar934x spi driver delays
97a2012ecc openssl: bump to 1.1.1o
6f8db8fee3 wolfssl: bump to v5.3.0-stable
3aeb6e975f ipq806x: add support for Arris TR4400 v2 / RAC2V1A
a11c3cde27 realtek: add support for ZyXEL GS1900-16
9b20e2a699 ath79: add Netgear WNDAP360
6729fa2dd2 ath79: add support for TP-Link Deco M4R v1 and v2
3c57430d1c ramips: add led_source for Asus RT-AC1200 devices
e431195abf ramips: add support for Cudy X6
5439efe37d ramips: Add support for SERCOMM NA502S
fe5943a7bd ramips: add support for Wavlink WL-WN533A8
5454735574 ramips: create shared DTSI for Wavlink WN53XAX devices
7152bc84f4 ramips: add support for TP-Link RE650 v2
d627ea510c ramips: add support for YunCore AX820/HWAP-AX820
9c2ed54aa2 firmware-utils: bump to git HEAD
87f9dd665a firmware-utils: bump to git HEAD
3963a90df8 kernel: Add missing devm_regulator_get_exclusive()
7a0af40e37 kernel: bump 5.10 to 5.10.115
e0aaecdbb8 kernel: bump 5.10 to 5.10.114
416e8aefe1 IPQ4019: AVM FRITZ!Box 7530: Remove NAND ECC restrictions from DTS
ec45e1ff68 kernel: add support for Toshiba TC58NVG0S3HTA00 NAND flash
144d9c4a43 uboot-fritz4040: Add support for Toshiba NAND
9ef931f96b ath79: ZTE MF286[A,R]: add "Power button blocker" GPIO switch
54e759d05d ipq40xx: revert Cell-C RTL30VW to legacy caldata extraction
0f8eba4f95 ath79: fix I2C on GL-AR300M devices
308ce46076 ipq40xx: Lyra: update RGB LED-Controller node for 5.10+
19a8c723b6 lantiq: xway: disable unused switch drivers
a374a959b9 realtek: do not reset SerDes on link change
7b4702afef realtek: Trap all frames with switch as destination to CPU-port
1c6a179e1a ramips: fix booting on Samknows SK-WB8
6120a66e6a bcm27xx: include 'rtc' in target's 'FEATURES'
ae64d0624c kernel: fix corrupted padding on small packets with mt753x dsa
53fc6e9ede kernel: fix flow offload issues with pppoe
77e123340f mediatek: add patches for MT7622 WED (wireless ethernet dispatch)
2022-05-21 18:09:18 +02:00
Martin Weinelt
99bdce1072
ramips-mt7621: add TP-Link RE650v1 (#2527)
- [x] Must be flashable from vendor firmware
  - [x] Web interface
  - [ ] TFTP (untested, but possible according to OpenWrt wiki)
  - [ ] Other: <specify>
- [x] Must support upgrade mechanism
  - [x] Must have working sysupgrade
    - [x] Must keep/forget configuration (`sysupgrade [-n]`, `firstboot`)
  - [x] Gluon profile name matches autoupdater image name
        (`lua -e 'print(require("platform_info").get_image_name())'`)
- [x] Reset/WPS/... button must return device into config mode
- [x] Primary MAC address should match address on device label (or packaging)
      (https://gluon.readthedocs.io/en/latest/dev/hardware.html#notes)
  - When re-adding a device that was supported by an earlier version of Gluon, a
    factory reset must be performed before checking the primary MAC address, as
    the setting from the old version is not reset otherwise.
- Wired network
  - [x] should support all network ports on the device
  - [x] must have correct port assignment (WAN/LAN)
    - On devices supplied via PoE, there is usually no explicit WAN/LAN labeling on the hardware.
      The PoE input should be the WAN port in this case.
- Wireless network (if applicable)
  - [x] Association with AP must be possible on all radios
  - [x] Association with 802.11s mesh must work on all radios
  - [x] AP+mesh mode must work in parallel on all radios
- LED mapping
  - Power/system LED
    - [x] Lit while the device is on
    - [x] Should display config mode blink sequence
          (https://gluon.readthedocs.io/en/latest/features/configmode.html)
  - Radio LEDs
    - [x] Should map to their respective radio
    - [x] Should show activity
  - Switch port LEDs
    - [x] Should map to their respective port (or switch, if only one led present)
    - [x] Should show link state and activity
2022-05-21 14:17:29 +02:00
Maciej Krüger
57c0bdbf56
gluon-core: add post-setup.d .keep (#2525)
This folder is referenced in files/lib/netifd/proto/gluon_mesh.sh, but 
there's no .keep for it
2022-05-20 18:59:37 +02:00
Sebastian Schaper
3ee60c77ba ath79-generic: fix whitespace
Signed-off-by: Sebastian Schaper <openwrt@sebastianschaper.net>
2022-05-17 18:54:15 +02:00
J. Burfeind
02edf564bd
ath79-generic: (re)add CPE210v3 (#2506)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-13 23:36:34 +02:00
J. Burfeind
523dead05b
ath79-generic: (re)add support for wndr3700 (#2482)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-11 23:00:43 +02:00
David Bauer
6ccd7c587b
Merge pull request #2503 from freifunk-gluon/import-release-notes
Import v2021.1.2 release notes, README / copyright updates
2022-05-08 12:14:19 +02:00
Matthias Schiffer
b68f2484ff
treewide: remove leftover GLUON_SPECIALIZE_KERNEL dependencies (#2514)
This was removed in commit c23bc293ef ("treewide: remove
GLUON_SPECIALIZE_KERNEL").
2022-05-08 12:14:03 +02:00
naveen
341ed3b311 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-05-08 01:00:16 +00:00
Matthias Schiffer
9d403c9849
docs: dev/hardware: update hardware support documentation (#2458)
Replace most of the page to account for the changes that have happened
in Gluon and OpenWrt in the last 4 years:

- Switch from Shell-based target definition language to Lua
- Removal of targets using legacy build code

Closes #2360
2022-05-07 18:27:45 +02:00
David Bauer
56eaf4aa28
treewide: switch crypto lib to WolfSSL (#2509)
WolfSSL has a significant lower flash footprint. Also, issues with OWE /
SAE connections were fixed in OpenWrt a while ago.

See ddcb970274

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-05-07 15:17:03 +02:00
Matthias Schiffer
b1a12a4a0c
generic: reduce kernel size some more (#2510)
Remove a few features that became enabled by default since OpenWrt 19.07.
Disabling CONFIG_RELAY also reduces RAM usage.
2022-05-07 15:16:47 +02:00
David Bauer
1bcd4a47c9
Merge pull request #2508 from blocktrron/gluon-size
generic: reduce flash consumption
2022-05-07 00:01:45 +02:00
David Bauer
fd6f8c2919 generic: optimize kernel size
Remove kernel symbols which are not required for Gluon.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-05-06 20:57:25 +02:00
David Bauer
6fe2e6fc80 target: remove nftables
Gluon still uses firewall3 and iptables, so remove dependency on
nftables.
2022-05-06 20:57:03 +02:00
David Bauer
d656d38c7c mesh-vpn-core: require legacy iptables
Require legacy iptables, as Gluon still depends on firewall3. Otherwise,
nftables is pulled in as a dependency.
2022-05-06 20:55:57 +02:00
David Bauer
436d6053cb
Merge pull request #2504 from freifunk-gluon/update-modules
Update modules
2022-05-06 08:43:35 +02:00
Matthias Schiffer
8ebba2350a
modules: update OpenWrt packages
948ea0e9c046 ecdsautils: update to v0.4.1
97333939dbcc hwdata: update to version 0.359
22c8efd9377c tor: bump to 0.4.7.7 stable
241e70f5fd84 etherwake-nfqueue: swap iptables for nftables dependency
61e0ee2e8e30 rclone: Update to 1.58.1
a8374c48e14f apfree-wifidog: fix compile error
2af08fe724f3 gst1-libav: fix compilation with ffmpeg5
419054a05f56 libtorrent-rasterbar: Update to 2.0.6

With the update to ecdsautils 0.4.1, we can remove the downstream patch
again.
2022-05-05 20:08:12 +02:00
Matthias Schiffer
f0e76390ef
modules: update OpenWrt base
5ff900e0ade7 firewall: config: remove restictions on DHCPv6 allow rule
2ac5ee7f8a99 fstools: update to git HEAD
ffe12f8b48cf procd: update to git HEAD
0dc3ecf0da1c base-files: simplify restorecon logic
efc38b315e9b selinux-policy: update to version 1.1
6cb08b17979c base-files: add missing $IPKG_INSTROOT to restorecon call
9282cb0be06c base-files: address sed in-place without SELinux awareness
dc71658a802b fstools: update to git HEAD
3a974b5bcd77 ipq40xx: fix BDF file for pcie wifi chip on the GL.Inet GL-B2200
d90c7621f40f kernel: bump 5.10 to 5.10.113
e9c14fa85f4d kernel: bump 5.10 to 5.10.112
fa8e050c4bcb f2fs-tools: fix resize.f2fs (#9800)
0c25b9cb11bf ath79: add USB power control for GL-AR300M series
a142d96ade46 mpc85xx: Fix output location of padded dtb
fbd9605a908d build: don't remove BUILD_LOG_DIR in _clean
946f60aaebc6 dnsmasq: add logfacility file to jail mounts
6d5a097232b0 ath79: ubnt: drop swconfig on ac-{lite,lr,mesh}
18649fbff04a bcm63xx: fix description fix name case
d79380ac1dff ath79: ZTE MF286R: add comgt-ncm to DEVICE_PACKAGES
4c5d2cde1307 ramips: zbt-wg2626: Add the reset gpio for PCIe port 1
2022-05-05 20:07:26 +02:00
Matthias Schiffer
605c7e0806
docs: import v2021.1.2 release notes and update README 2022-05-05 20:01:08 +02:00
Matthias Schiffer
9aaeda8df3
Update copyright years 2022-05-05 19:57:47 +02:00
Matthias Schiffer
204f7e56e3
Merge pull request from GHSA-xqhj-fmc7-f8mv
ecdsautils: verify: fix signature verification (CVE-2022-24884)
2022-05-05 18:02:38 +02:00
J. Burfeind
743ba02fe9
ramips-mt76x8: add support for TP-Link Archer C20 v4 (#2500)
Co-authored-by: Ilja Gerhardt <ilja@cryptix.net>

Co-authored-by: Ilja Gerhardt <ilja@cryptix.net>
2022-05-05 11:10:07 +02:00
J. Burfeind
40f8275918
ath79-generic: (re)add Archer C7 v4 (#2497)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-05 01:19:29 +02:00
J. Burfeind
ab3e831b7c
ath79-generic: (re)add support for tl-wdr3500-v1 (#2450)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-04 00:33:05 +02:00
Matthias Schiffer
5e6bac4e52
ecdsautils: verify: fix signature verification (CVE-2022-24884)
A vulnerability was found in ecdsautils which allows forgery of ECDSA
signatures. An adversary exploiting this vulnerability can create an update
manifest accepted by the autoupdater, which can be used to distribute
malicious firmware updates by spoofing a Gluon node's connection to the
update server.
2022-05-03 20:35:16 +02:00
J. Burfeind
6526612aaf
ath79-generic: (re)add archer c60 (#2496)
Device is marked as broken due to ath9k+ath10k 8/64.

Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-02 23:38:56 +02:00
Andreas Ziegler
948d3e10e7
ath79-generic: (re)add support for archer-c59-v1 (#2489) 2022-05-01 19:38:12 +02:00
J. Burfeind
4ec8c4db19
ath79-generic: (re)add support for gl-usb150 (#2476)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-01 19:36:13 +02:00
Tom Herbers
aef006e02e
mpc85xx-p1020: add Extreme Networks WS-AP3825i (#2495) 2022-05-01 10:43:32 +02:00