[PATCH 2/3] rtl838x: d-link_dgs-1210: refactor common family bits
So it can be easily shared with other boards in the family and while at
it add missing SPDX license identifiers into the DTS files.
Signed-off-by: Petr Štetiar
---
.../dts/rtl8382_d-link_dgs-1210-16.dts| 81 +-
.../rtl838x/dts/rtl8382_d-link_dgs-1210.dtsi | 84 +++
target/linux/rtl838x/image/Makefile | 14 ++--
3 files changed, 94 insertions(+), 85 deletions(-)
create mode 100644 target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210.dtsi
diff --git a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
index 3fb3cfb35346..3843af1371a7 100644
--- a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
+++ b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
@@ -1,87 +1,10 @@
-#include "rtl838x.dtsi"
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
-#include
-#include
+#include "rtl8382_d-link_dgs-1210.dtsi"
/ {
compatible = "d-link,dgs-1210-16", "realtek,rtl838x-soc";
model = "D-Link DGS-1210-16";
-
- aliases {
- led-boot = &led_power;
- led-failsafe = &led_power;
- led-running = &led_power;
- led-upgrade = &led_power;
- };
-
- chosen {
- bootargs = "console=ttyS0,115200";
- };
-
- leds {
- compatible = "gpio-leds";
-
- led_power: power {
- label = "green:power";
- gpios = <&gpio0 24 GPIO_ACTIVE_LOW>;
- };
- };
-};
-
-&gpio0 {
- indirect-access-bus-id = <0>;
-};
-
-&spi0 {
- status = "okay";
- flash@0 {
- compatible = "jedec,spi-nor";
- reg = <0>;
- spi-max-frequency = <1000>;
-
- partitions {
- compatible = "fixed-partitions";
- #address-cells = <1>;
- #size-cells = <1>;
-
- partition@0 {
- label = "u-boot";
- reg = <0x 0x8>;
- read-only;
- };
- partition@8 {
- label = "u-boot-env";
- reg = <0x0008 0x4>;
- read-only;
- };
- partition@c {
- label = "u-boot-env2";
- reg = <0x000c 0x4>;
- read-only;
- };
- partition@28 {
- label = "firmware";
- compatible = "denx,uimage";
- reg = <0x0010 0xd8>;
- };
- partition@be8 {
- label = "kernel2";
- reg = <0x00e8 0x18>;
- };
- partition@100 {
- label = "sysinfo";
- reg = <0x0100 0x4>;
- };
- partition@104 {
- label = "rootfs2";
- reg = <0x0104 0xc0>;
- };
- partition@1c4 {
- label = "jffs2";
- reg = <0x01c4 0x3c>;
- };
- };
- };
};
ðernet0 {
diff --git a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210.dtsi
b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210.dtsi
new file mode 100644
index ..74043c097af8
--- /dev/null
+++ b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210.dtsi
@@ -0,0 +1,84 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "rtl838x.dtsi"
+
+#include
+#include
+
+/ {
+ aliases {
+ led-boot = &led_power;
+ led-failsafe = &led_power;
+ led-running = &led_power;
+ led-upgrade = &led_power;
+ };
+
+ chosen {
+ bootargs = "console=ttyS0,115200";
+ };
+
+ leds {
+ compatible = "gpio-leds";
+
+ led_power: power {
+ label = "green:power";
+ gpios = <&gpio0 24 GPIO_ACTIVE_LOW>;
+ };
+ };
+};
+
+&gpio0 {
+ i
[PATCH 1/3] rtl838x: clean whitespace issues in rtl8382_d-link_dgs-1210-16.dts
So it's tidy.
Signed-off-by: Petr Štetiar
---
target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
index 2d7abc00db1b..3fb3cfb35346 100644
--- a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
+++ b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
@@ -12,7 +12,7 @@
led-failsafe = &led_power;
led-running = &led_power;
led-upgrade = &led_power;
- };
+ };
chosen {
bootargs = "console=ttyS0,115200";
@@ -90,7 +90,7 @@
regmap = <ðernet0>;
#address-cells = <1>;
#size-cells = <0>;
-
+
/* External phy RTL8218B */
phy0: ethernet-phy@0 {
reg = <0>;
@@ -166,7 +166,7 @@
compatible = "ethernet-phy-ieee802.3-c22";
phy-is-integrated;
};
-
+
/* External phy: RTL8214FC */
phy24: ethernet-phy@24 {
compatible = "ethernet-phy-ieee802.3-c22";
@@ -248,7 +248,6 @@
phy-handle = <&phy7>;
phy-mode = "qsgmii";
};
-
port@8 {
reg = <8>;
label = "lan9";
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 3/3] rtl838x: add support for D-Link DGS-1210-28
Hardware specification
--
* RTL8382M SoC, 1 MIPS 4KEc core @ 500MHz
* 128MB DRAM
* 32MB NOR Flash (MX25L25635E)
* 24 x 10/100/1000BASE-T ports
- Internal PHY with 8 ports (RTL8218B)
- Two external PHYs with 8 ports each (RTL8218B)
* 4 x Gigabit RJ45/SFP Combo ports
- External PHY with 4 SFP ports (RTL8214FC)
* Power LED
* Reset button on front panel
* UART (115200 8N1) via unpopulated standard 0.1" pin header marked J6
UART pinout
---
[]J3 [o]ooo|J6
| ^ ||`-- GND
| | |`--- RX
| | ` TX
| `-- Vcc (3V3)
|
`-- J3 is power input connector nearby J6 UART
Boot initramfs image from U-Boot
1. Press Escape key during `Hit Esc key to stop autoboot` prompt
2. Press CTRL+C keys to get into real U-Boot prompt
3. Init network with `rtk network on` command
4. Load image with `tftpboot 0x8f00
openwrt-rtl838x-generic-d-link_dgs-1210-16-initramfs-kernel.bin` command
5. Boot the image with `bootm` command
To install, upload the sysupgrade image to the OEM webpage or sysupgrade
from the system running from initramfs image.
It has been developed and tested on device with F1 revision.
Signed-off-by: Petr Štetiar
---
.../dts/rtl8382_d-link_dgs-1210-28.dts| 339 ++
target/linux/rtl838x/image/Makefile | 6 +
2 files changed, 345 insertions(+)
create mode 100644 target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-28.dts
diff --git a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-28.dts
b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-28.dts
new file mode 100644
index ..f154ca963d1c
--- /dev/null
+++ b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-28.dts
@@ -0,0 +1,339 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "rtl8382_d-link_dgs-1210.dtsi"
+
+/ {
+ compatible = "d-link,dgs-1210-28", "realtek,rtl838x-soc";
+ model = "D-Link DGS-1210-28";
+};
+
+ðernet0 {
+ mdio: mdio-bus {
+ compatible = "realtek,rtl838x-mdio";
+ regmap = <ðernet0>;
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ /* External phy RTL8218B */
+ phy0: ethernet-phy@0 {
+ reg = <0>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy1: ethernet-phy@1 {
+ reg = <1>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy2: ethernet-phy@2 {
+ reg = <2>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy3: ethernet-phy@3 {
+ reg = <3>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy4: ethernet-phy@4 {
+ reg = <4>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy5: ethernet-phy@5 {
+ reg = <5>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy6: ethernet-phy@6 {
+ reg = <6>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy7: ethernet-phy@7 {
+ reg = <7>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+
+ /* Internal phy RTL8218B */
+ phy8: ethernet-phy@8 {
+ reg = <8>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ phy-is-integrated;
+ };
+ phy9: ethernet-phy@9 {
+ reg = <9>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ phy-is-integrated;
+ };
+ phy10: ethernet-phy@10 {
+ reg = <10>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ phy-is-integrated;
+ };
+ phy11: ethernet-phy@11 {
+ reg = <11>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ phy-is-integrated;
+ };
+ phy12: ethernet-phy@12 {
+ reg = <12>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ phy-is-integrated;
+ };
+ phy13: ethernet-phy@13 {
+ r
[PATCH v2 5/6] rtl838x: rtl838x.dtsi: fix missing interrupt-parent for uart0
Fixes following dtc warning: Warning (interrupts_property): /uart@b8002000: Missing interrupt-parent Signed-off-by: Petr Štetiar --- target/linux/rtl838x/dts/rtl838x.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/linux/rtl838x/dts/rtl838x.dtsi b/target/linux/rtl838x/dts/rtl838x.dtsi index 699a621f62fb..99c324bf52d2 100644 --- a/target/linux/rtl838x/dts/rtl838x.dtsi +++ b/target/linux/rtl838x/dts/rtl838x.dtsi @@ -53,6 +53,8 @@ reg = <0xb8002000 0x100>; clock-frequency = <2>; + + interrupt-parent = <&cpuintc>; interrupts = <31>; reg-io-width = <1>; ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 1/6] rtl838x: clean whitespace issues in rtl8382_d-link_dgs-1210-16.dts
So it's tidy.
Signed-off-by: Petr Štetiar
---
target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
index 2d7abc00db1b..3fb3cfb35346 100644
--- a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
+++ b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
@@ -12,7 +12,7 @@
led-failsafe = &led_power;
led-running = &led_power;
led-upgrade = &led_power;
- };
+ };
chosen {
bootargs = "console=ttyS0,115200";
@@ -90,7 +90,7 @@
regmap = <ðernet0>;
#address-cells = <1>;
#size-cells = <0>;
-
+
/* External phy RTL8218B */
phy0: ethernet-phy@0 {
reg = <0>;
@@ -166,7 +166,7 @@
compatible = "ethernet-phy-ieee802.3-c22";
phy-is-integrated;
};
-
+
/* External phy: RTL8214FC */
phy24: ethernet-phy@24 {
compatible = "ethernet-phy-ieee802.3-c22";
@@ -248,7 +248,6 @@
phy-handle = <&phy7>;
phy-mode = "qsgmii";
};
-
port@8 {
reg = <8>;
label = "lan9";
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 4/6] rtl838x: rtl838x.dtsi: remove reg property from root node
Fixes following dtc warning:
../dts/rtl838x.dtsi:38.3-145.3: Warning (reg_format): /: Root node has a "reg"
property
Signed-off-by: Petr Štetiar
---
target/linux/rtl838x/dts/rtl838x.dtsi | 1 -
1 file changed, 1 deletion(-)
diff --git a/target/linux/rtl838x/dts/rtl838x.dtsi
b/target/linux/rtl838x/dts/rtl838x.dtsi
index 5d562063ea7f..699a621f62fb 100644
--- a/target/linux/rtl838x/dts/rtl838x.dtsi
+++ b/target/linux/rtl838x/dts/rtl838x.dtsi
@@ -7,7 +7,6 @@
#size-cells = <1>;
compatible = "realtek,rtl838x-soc";
- reg = <0xbb00 0xa000>;
cpus {
#address-cells = <1>;
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 0/6] rtl838x: add support for D-Link DGS-1210-28
Hi, this patch series adds support for D-Link DGS-1210-28 device which is 28-Port Gigabit Switch. While at it, did some cleanup and refactoring so it's easier to add other devices from the same family. Changes since v1: - fixed two dtc warnings - fixed device order in image makefile - added macros for phy and switch definitions Cheers, Petr Petr Štetiar (6): rtl838x: clean whitespace issues in rtl8382_d-link_dgs-1210-16.dts rtl838x: d-link_dgs-1210: refactor common family bits rtl838x: add support for D-Link DGS-1210-28 rtl838x: rtl838x.dtsi: remove reg property from root node rtl838x: rtl838x.dtsi: fix missing interrupt-parent for uart0 rtl838x: dts: use macros for phy and switch definitions .../dts/rtl8382_allnet_all-sg8208m.dts| 111 +- .../dts/rtl8382_d-link_dgs-1210-10p.dts | 127 ++- .../dts/rtl8382_d-link_dgs-1210-16.dts| 347 +++--- .../dts/rtl8382_d-link_dgs-1210-28.dts| 98 + .../rtl838x/dts/rtl8382_d-link_dgs-1210.dtsi | 84 + target/linux/rtl838x/dts/rtl838x.dtsi | 36 +- target/linux/rtl838x/image/Makefile | 21 +- 7 files changed, 315 insertions(+), 509 deletions(-) create mode 100644 target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-28.dts create mode 100644 target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210.dtsi ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 2/6] rtl838x: d-link_dgs-1210: refactor common family bits
So the common bits can be easily shared with other boards in the family
and while at it add missing SPDX license identifiers into the DTS files
and fixed alphabetic sorting of the devices in the images.
Signed-off-by: Petr Štetiar
---
.../dts/rtl8382_d-link_dgs-1210-10p.dts | 2 +
.../dts/rtl8382_d-link_dgs-1210-16.dts| 81 +-
.../rtl838x/dts/rtl8382_d-link_dgs-1210.dtsi | 84 +++
target/linux/rtl838x/image/Makefile | 16 ++--
4 files changed, 97 insertions(+), 86 deletions(-)
create mode 100644 target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210.dtsi
diff --git a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-10p.dts
b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-10p.dts
index d7c6cbfc7c41..89e3746ad5af 100644
--- a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-10p.dts
+++ b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-10p.dts
@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
#include "rtl838x.dtsi"
#include
diff --git a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
index 3fb3cfb35346..3843af1371a7 100644
--- a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
+++ b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-16.dts
@@ -1,87 +1,10 @@
-#include "rtl838x.dtsi"
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
-#include
-#include
+#include "rtl8382_d-link_dgs-1210.dtsi"
/ {
compatible = "d-link,dgs-1210-16", "realtek,rtl838x-soc";
model = "D-Link DGS-1210-16";
-
- aliases {
- led-boot = &led_power;
- led-failsafe = &led_power;
- led-running = &led_power;
- led-upgrade = &led_power;
- };
-
- chosen {
- bootargs = "console=ttyS0,115200";
- };
-
- leds {
- compatible = "gpio-leds";
-
- led_power: power {
- label = "green:power";
- gpios = <&gpio0 24 GPIO_ACTIVE_LOW>;
- };
- };
-};
-
-&gpio0 {
- indirect-access-bus-id = <0>;
-};
-
-&spi0 {
- status = "okay";
- flash@0 {
- compatible = "jedec,spi-nor";
- reg = <0>;
- spi-max-frequency = <1000>;
-
- partitions {
- compatible = "fixed-partitions";
- #address-cells = <1>;
- #size-cells = <1>;
-
- partition@0 {
- label = "u-boot";
- reg = <0x 0x8>;
- read-only;
- };
- partition@8 {
- label = "u-boot-env";
- reg = <0x0008 0x4>;
- read-only;
- };
- partition@c {
- label = "u-boot-env2";
- reg = <0x000c 0x4>;
- read-only;
- };
- partition@28 {
- label = "firmware";
- compatible = "denx,uimage";
- reg = <0x0010 0xd8>;
- };
- partition@be8 {
- label = "kernel2";
- reg = <0x00e8 0x18>;
- };
- partition@100 {
- label = "sysinfo";
- reg = <0x0100 0x4>;
- };
- partition@104 {
- label = "rootfs2";
- reg = <0x0104 0xc0>;
- };
- partition@1c4 {
- label = "jffs2";
- reg = <0x01c4 0x3c>;
- };
- };
- };
};
ðernet0 {
diff --git a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210.dtsi
b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210.dtsi
new file mode 100644
index ..74043c097af8
--- /dev/null
+++ b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210.dtsi
@@ -0,0 +1,84 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "rtl838x.dtsi"
+
+#include
+#include
+
+/ {
+ aliases {
+ led-boot = &led_power;
+ led-fai
[PATCH v2 6/6] rtl838x: dts: use macros for phy and switch definitions
It's quite more readable, saves some tedious copy&pasting, more error
prone etc.
Signed-off-by: Petr Štetiar
---
.../dts/rtl8382_allnet_all-sg8208m.dts| 111 +-
.../dts/rtl8382_d-link_dgs-1210-10p.dts | 125 +-
.../dts/rtl8382_d-link_dgs-1210-16.dts| 261 ++---
.../dts/rtl8382_d-link_dgs-1210-28.dts| 359 +++---
target/linux/rtl838x/dts/rtl838x.dtsi | 33 ++
5 files changed, 170 insertions(+), 719 deletions(-)
diff --git a/target/linux/rtl838x/dts/rtl8382_allnet_all-sg8208m.dts
b/target/linux/rtl838x/dts/rtl8382_allnet_all-sg8208m.dts
index 5433b7f37286..a5dd3be0a4ab 100644
--- a/target/linux/rtl838x/dts/rtl8382_allnet_all-sg8208m.dts
+++ b/target/linux/rtl838x/dts/rtl8382_allnet_all-sg8208m.dts
@@ -103,46 +103,14 @@
#address-cells = <1>;
#size-cells = <0>;
- /* Internal phy */
- phy8: ethernet-phy@8 {
- reg = <8>;
- compatible = "ethernet-phy-ieee802.3-c22";
- };
-
- phy9: ethernet-phy@9 {
- reg = <9>;
- compatible = "ethernet-phy-ieee802.3-c22";
- };
-
- phy10: ethernet-phy@10 {
- reg = <10>;
- compatible = "ethernet-phy-ieee802.3-c22";
- };
-
- phy11: ethernet-phy@11 {
- reg = <11>;
- compatible = "ethernet-phy-ieee802.3-c22";
- };
-
- phy12: ethernet-phy@12 {
- reg = <12>;
- compatible = "ethernet-phy-ieee802.3-c22";
- };
-
- phy13: ethernet-phy@13 {
- reg = <13>;
- compatible = "ethernet-phy-ieee802.3-c22";
- };
-
- phy14: ethernet-phy@14 {
- reg = <14>;
- compatible = "ethernet-phy-ieee802.3-c22";
- };
-
- phy15: ethernet-phy@15 {
- reg = <15>;
- compatible = "ethernet-phy-ieee802.3-c22";
- };
+ INTERNAL_PHY(8)
+ INTERNAL_PHY(9)
+ INTERNAL_PHY(10)
+ INTERNAL_PHY(11)
+ INTERNAL_PHY(12)
+ INTERNAL_PHY(13)
+ INTERNAL_PHY(14)
+ INTERNAL_PHY(15)
};
};
@@ -151,61 +119,14 @@
#address-cells = <1>;
#size-cells = <0>;
- port@0 {
- reg = <8>;
- label = "lan1";
- phy-handle = <&phy8>;
- phy-mode = "internal";
- };
-
- port@1 {
- reg = <9>;
- label = "lan2";
- phy-handle = <&phy9>;
- phy-mode = "internal";
- };
-
- port@2 {
- reg = <10>;
- label = "lan3";
- phy-handle = <&phy10>;
- phy-mode = "internal";
- };
-
- port@3 {
- reg = <11>;
- label = "lan4";
- phy-handle = <&phy11>;
- phy-mode = "internal";
- };
-
- port@4 {
- reg = <12>;
- label = "lan5";
- phy-handle = <&phy12>;
- phy-mode = "internal";
- };
-
- port@5 {
- reg = <13>;
- label = "lan6";
- phy-handle = <&phy13>;
- phy-mode = "internal";
- };
-
- port@6 {
- reg = <14>;
- label = "lan7";
- phy-handle = <&phy14>;
- phy-mode = "internal";
- };
-
- port@7 {
- reg = <15>;
- label = "lan8";
- phy-handle = <&phy15>;
- phy-mode = "internal";
- };
+ SWITCH_PORT(8, 1, internal)
+ SWITCH_PORT(9, 2, internal)
+ SWITCH_PORT(10, 3, internal)
+ SWITCH_PORT(11, 4, internal)
+ SWITCH_PORT(12, 5, internal)
+
[PATCH v2 3/6] rtl838x: add support for D-Link DGS-1210-28
Hardware specification
--
* RTL8382M SoC, 1 MIPS 4KEc core @ 500MHz
* 128MB DRAM
* 32MB NOR Flash (MX25L25635E)
* 24 x 10/100/1000BASE-T ports
- Internal PHY with 8 ports (RTL8218B)
- Two external PHYs with 8 ports each (RTL8218B)
* 4 x Gigabit RJ45/SFP Combo ports
- External PHY with 4 SFP ports (RTL8214FC)
* Power LED
* Reset button on front panel
* UART (115200 8N1) via unpopulated standard 0.1" pin header marked J6
UART pinout
---
[]J3 [o]ooo|J6
| ^ ||`-- GND
| | |`--- RX
| | ` TX
| `-- Vcc (3V3)
|
`-- J3 is power input connector nearby J6 UART
Boot initramfs image from U-Boot
1. Press Escape key during `Hit Esc key to stop autoboot` prompt
2. Press CTRL+C keys to get into real U-Boot prompt
3. Init network with `rtk network on` command
4. Load image with `tftpboot 0x8f00
openwrt-rtl838x-generic-d-link_dgs-1210-16-initramfs-kernel.bin` command
5. Boot the image with `bootm` command
To install, upload the sysupgrade image to the OEM webpage or sysupgrade
from the system running from initramfs image.
It has been developed and tested on device with F1 revision.
Signed-off-by: Petr Štetiar
---
.../dts/rtl8382_d-link_dgs-1210-28.dts| 339 ++
target/linux/rtl838x/image/Makefile | 5 +
2 files changed, 344 insertions(+)
create mode 100644 target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-28.dts
diff --git a/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-28.dts
b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-28.dts
new file mode 100644
index ..f154ca963d1c
--- /dev/null
+++ b/target/linux/rtl838x/dts/rtl8382_d-link_dgs-1210-28.dts
@@ -0,0 +1,339 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "rtl8382_d-link_dgs-1210.dtsi"
+
+/ {
+ compatible = "d-link,dgs-1210-28", "realtek,rtl838x-soc";
+ model = "D-Link DGS-1210-28";
+};
+
+ðernet0 {
+ mdio: mdio-bus {
+ compatible = "realtek,rtl838x-mdio";
+ regmap = <ðernet0>;
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ /* External phy RTL8218B */
+ phy0: ethernet-phy@0 {
+ reg = <0>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy1: ethernet-phy@1 {
+ reg = <1>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy2: ethernet-phy@2 {
+ reg = <2>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy3: ethernet-phy@3 {
+ reg = <3>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy4: ethernet-phy@4 {
+ reg = <4>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy5: ethernet-phy@5 {
+ reg = <5>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy6: ethernet-phy@6 {
+ reg = <6>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+ phy7: ethernet-phy@7 {
+ reg = <7>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ };
+
+ /* Internal phy RTL8218B */
+ phy8: ethernet-phy@8 {
+ reg = <8>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ phy-is-integrated;
+ };
+ phy9: ethernet-phy@9 {
+ reg = <9>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ phy-is-integrated;
+ };
+ phy10: ethernet-phy@10 {
+ reg = <10>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ phy-is-integrated;
+ };
+ phy11: ethernet-phy@11 {
+ reg = <11>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ phy-is-integrated;
+ };
+ phy12: ethernet-phy@12 {
+ reg = <12>;
+ compatible = "ethernet-phy-ieee802.3-c22";
+ phy-is-integrated;
+ };
+ phy13: ethernet-phy@13 {
+ r
x86/64 SDK segfaults on some hosts [Was: Re: [PATCH 1/2] fakeroot: make fakeroot script relocatable]
Jo-Philipp Wich [2020-09-10 14:57:30]:
Hi,
> Patch the fakeroot script template to discover faked and libfakeroot.so
> relative to the STAGING_DIR_HOST environment variable, similar to how it
> is done for automake, libtool, quilt and autoconf already.
>
> This avoids the need for passing the paths to faked and libfakeroot.so
> manually every time we invoke fakeroot and subsequently allows us to
> drop OS X specific logic.
it seems like mixing dynamic loader from the host and libraries from SDK
doesn't work reliably in all cases and may result in crash.
Using loader from SDK works:
$ /sdk/staging_dir/host/lib/ld-linux-x86-64.so.2 --library-path
/sdk/staging_dir/host/lib /bin/uname
Linux
Using loader from host doesn't work and crashes:
$ /lib64/ld-linux-x86-64.so.2 --library-path /sdk/staging_dir/host/lib
/bin/uname
Segmentation fault (core dumped)
With gdb it's visible, that there seems to be issue with __vdso_time from
linux-vdso.so.1:
Starting program: /lib64/ld-linux-x86-64.so.2 --library-path
/sdk/staging_dir/host/lib /bin/uname
Program received signal SIGSEGV, Segmentation fault.
0x7fcea8831881 in do_lookup_x (undef_name=undef_name@entry=0x7fcea85df435
"__vdso_time", new_hash=new_hash@entry=2183040525,
old_hash=old_hash@entry=0x7ffce43e3180, ref=0x7ffce43e3230,
result=result@entry=0x7ffce43e3190, scope=, i=1,
version=0x7ffce43e3260, flags=0, skip=0x0, type_class=0,
undef_map=0x7fcea8851760) at dl-lookup.c:350
350dl-lookup.c: No such file or directory.
(gdb) bt
#0 0x7fcea8831881 in do_lookup_x
(undef_name=undef_name@entry=0x7fcea85df435 "__vdso_time",
new_hash=new_hash@entry=2183040525, old_hash=old_hash@entry=0x7ffce43e3180,
ref=0x7ffce43e3230,
result=result@entry=0x7ffce43e3190, scope=, i=1,
version=0x7ffce43e3260, flags=0, skip=0x0, type_class=0,
undef_map=0x7fcea8851760) at dl-lookup.c:350
#1 0x7fcea883238f in _dl_lookup_symbol_x (undef_name=0x7fcea85df435
"__vdso_time", undef_map=0x7fcea8851760, ref=0x7ffce43e3228,
symbol_scope=0x7fcea8851ae8, version=0x7ffce43e3260, type_class=0, flags=0,
skip_map=) at dl-lookup.c:814
#2 0x7fcea8591654 in ?? ()
#3 0x in ?? ()
Reproducer:
wget
https://downloads.openwrt.org/snapshots/targets/x86/64/openwrt-sdk-x86-64_gcc-8.4.0_musl.Linux-x86_64.tar.xz
; \
tar xvf openwrt-sdk-x86-64_gcc-8.4.0_musl.Linux-x86_64.tar.xz -C /tmp ; \
docker run --rm -it \
-v /tmp/openwrt-sdk-x86-64_gcc-8.4.0_musl.Linux-x86_64:/sdk "debian:10"
\
/bin/sh -c 'LD_LIBRARY_PATH=/sdk/staging_dir/host/lib uname'
BTW it seems to work inside debian:9 container.
It was discovered by the Docker SDK image testing[1].
1. https://gitlab.com/openwrt/docker/-/jobs/837338425#L229
Cheers,
Petr
> Signed-off-by: Jo-Philipp Wich
> ---
> tools/fakeroot/patches/000-relocatable.patch | 25
> 1 file changed, 25 insertions(+)
> create mode 100644 tools/fakeroot/patches/000-relocatable.patch
>
> diff --git a/tools/fakeroot/patches/000-relocatable.patch
> b/tools/fakeroot/patches/000-relocatable.patch
> new file mode 100644
> index 00..9f6915bfe8
> --- /dev/null
> +++ b/tools/fakeroot/patches/000-relocatable.patch
> @@ -0,0 +1,25 @@
> +--- a/scripts/fakeroot.in
> b/scripts/fakeroot.in
> +@@ -30,12 +30,19 @@ fatal ()
> + }
> +
> + # strip /bin/fakeroot to find install prefix
> +-FAKEROOT_PREFIX=@prefix@
> +-FAKEROOT_BINDIR=@bindir@
> ++if [ -n "$STAGING_DIR_HOST" ]; then
> ++FAKEROOT_PREFIX="${STAGING_DIR_HOST}"
> ++FAKEROOT_BINDIR="${STAGING_DIR_HOST}/bin"
> ++FAKEROOT_LIBDIR="${STAGING_DIR_HOST}/lib"
> ++else
> ++FAKEROOT_PREFIX=@prefix@
> ++FAKEROOT_BINDIR=@bindir@
> ++FAKEROOT_LIBDIR=@libdir@
> ++fi
> +
> + USEABSLIBPATH=@LDPRELOADABS@
> + LIB=lib@fakeroot_transformed@@DLSUFFIX@
> +-PATHS=@libdir@:${FAKEROOT_PREFIX}/lib64/libfakeroot:${FAKEROOT_PREFIX}/lib32/libfakeroot
> ++PATHS=${FAKEROOT_LIBDIR}:${FAKEROOT_PREFIX}/lib64/libfakeroot:${FAKEROOT_PREFIX}/lib32/libfakeroot
> + FAKED=${FAKEROOT_BINDIR}/@faked_transformed@
> +
> + FAKED_MODE="unknown-is-root"
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] rtl838x: fine tune default package set
Althought most of the switches aren't routers, they can be used as such, so let's add some of the packages from the router's DEVICE_TYPE. While at it, remove swconfig package which is not needed on DSA targets. Signed-off-by: Petr Štetiar --- target/linux/rtl838x/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/linux/rtl838x/Makefile b/target/linux/rtl838x/Makefile index 83cb074b89b6..a4e203718d90 100644 --- a/target/linux/rtl838x/Makefile +++ b/target/linux/rtl838x/Makefile @@ -21,6 +21,7 @@ include $(INCLUDE_DIR)/target.mk FEATURES := $(filter-out mips16,$(FEATURES)) -DEFAULT_PACKAGES += swconfig uboot-envtools ethtool kmod-gpio-button-hotplug +DEFAULT_PACKAGES += uboot-envtools ethtool kmod-gpio-button-hotplug \ + dnsmasq firewall ip6tables iptables odhcp6c odhcpd-ipv6only $(eval $(call BuildTarget)) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
QEMU x86/64 ubus issues [Was: Re: [PATCH 0/2] enable procd security features by default]
Daniel Golle [2020-11-07 14:17:12]: Hi, > A while ago we have added some useful kernel features to !SMALL_FLASH > devices[1]. To make more use of that by default in a way which will > make exploiting potential vulnerabilities in OpenWrt's services much > harder, it'd be great to also have procd-ujail as well as procd-seccomp > installed by default, adding about 38kB to squashfs rootfs. thanks a lot for your work on this features! > As it was reverted after it (actually something else) had broken the > build, I've extensively tested ujail on x86/64, ath79/generic, > ramips/mt7621, malta/mips64be and armvirt/64. I've started QEMU x86/64 (4 cores, 512MB RAM) with LAN/WAN interfaces yesterday in the afternoon and found it in unusable state this morning, without network and constantly OOMing. root@OpenWrt:/# uptime 05:33:32 up 15:22, load average: 0.00, 0.00, 0.00 root@OpenWrt:/# logread ^CFailed to connect to ubus root@OpenWrt:/# cat /proc/$(pgrep ubusd)/syscall 44 0x8 0x7fffa9faff58 0x4c 0x0 0x0 0x0 0x7fffa9fafea0 0x7f8fd7b7273a (44 is sendto) The OOMing is happening probably due to 8h DHCP lease time on WAN interface and following processes stuck on ubus access: root@OpenWrt:/# ps w | grep -c "ubus call network.interface notify_proto" 587 root@OpenWrt:/# ps w | grep -c "fw3 -q network wan6" 358 root@OpenWrt:/# ps w | grep -c "/lib/netifd/dhcpv6.script eth1 rebound" 640 BTW it is not related to your changes which made ubusd running under ubus user (it was happening with ubusd running as root also), but certainly caused by the ujail/seccomp stuff as I don't experience this issues without those features. My current config: CONFIG_TARGET_x86=y CONFIG_TARGET_x86_64=y CONFIG_TARGET_x86_64_DEVICE_generic=y CONFIG_DEVEL=y CONFIG_DEBUG=y CONFIG_FEED_luci=y CONFIG_FEED_packages=y CONFIG_GRUB_TIMEOUT="1" CONFIG_JSON_OVERVIEW_IMAGE_INFO=y CONFIG_KERNEL_PERF_EVENTS=y CONFIG_PACKAGE_MAC80211_DEBUGFS=y CONFIG_PACKAGE_MAC80211_MESH=y CONFIG_PACKAGE_block-mount=y CONFIG_PACKAGE_hostapd-common=y CONFIG_PACKAGE_ip-tiny=y CONFIG_PACKAGE_ipset=y CONFIG_PACKAGE_ipset-dns=y CONFIG_PACKAGE_iw=y CONFIG_PACKAGE_kmod-cfg80211=y CONFIG_PACKAGE_kmod-ipt-ipset=y CONFIG_PACKAGE_kmod-mac80211=y CONFIG_PACKAGE_kmod-nfnetlink=y CONFIG_PACKAGE_kmod-udptunnel4=y CONFIG_PACKAGE_kmod-udptunnel6=y CONFIG_PACKAGE_kmod-wireguard=y CONFIG_PACKAGE_libbfd=y CONFIG_PACKAGE_libbz2=y CONFIG_PACKAGE_libctf=y CONFIG_PACKAGE_libdw=y CONFIG_PACKAGE_libelf=y CONFIG_PACKAGE_libgmp=y CONFIG_PACKAGE_libipset=y CONFIG_PACKAGE_libiwinfo=y CONFIG_PACKAGE_liblua=y CONFIG_PACKAGE_libmnl=y CONFIG_PACKAGE_libnettle=y CONFIG_PACKAGE_libopcodes=y CONFIG_PACKAGE_libunwind=y CONFIG_PACKAGE_objdump=y CONFIG_PACKAGE_perf=y CONFIG_PACKAGE_procd-seccomp=y CONFIG_PACKAGE_rpcd=y CONFIG_PACKAGE_rpcd-mod-file=y CONFIG_PACKAGE_rpcd-mod-iwinfo=y CONFIG_PACKAGE_rpcd-mod-luci=y CONFIG_PACKAGE_rpcd-mod-rpcsys=y CONFIG_PACKAGE_trace-cmd=y CONFIG_PACKAGE_trace-cmd-extra=y CONFIG_PACKAGE_uhttpd=y CONFIG_PACKAGE_uhttpd-mod-lua=y CONFIG_PACKAGE_uhttpd-mod-ubus=y CONFIG_PACKAGE_wireguard=y CONFIG_PACKAGE_wireguard-tools=y CONFIG_PACKAGE_wireless-regdb=y CONFIG_PACKAGE_zlib=y CONFIG_SRC_TREE_OVERRIDE=y # CONFIG_TARGET_IMAGES_GZIP is not set CONFIG_TARGET_INITRAMFS_COMPRESSION_LZMA=y CONFIG_TARGET_ROOTFS_INITRAMFS=y CONFIG_uhttpd_lua=y Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: x86/64 SDK segfaults on some hosts [Was: Re: [PATCH 1/2] fakeroot: make fakeroot script relocatable]
Paul Spooren [2020-11-09 08:58:16]: > On Mon Nov 9, 2020 at 7:33 AM HST, Jo-Philipp Wich wrote: > > I probably missed the point of your mail - do you meant to imply that my > > patch introduced this regression? > > Since the CI builds start failing the same day as the patches were > commited there could be a correlation. There is also a GitHub issue > open: https://github.com/openwrt/packages/issues/13855 For the archives, it was fixed by Jo in https://git.openwrt.org/d4521fb132266 -- ynezz ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: Upcoming 19.07.4 and 18.07.9 stable releases
Hauke Mehrtens [2020-11-11 00:58:52]: Hi, > Currently 18.06 looks good for me and I would really like to do the final > release and call it then officially end of life. I've just noticed following "librpc: fix CE in mac os" https://github.com/openwrt/openwrt/pull/3263 -- ynezz ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] busybox: enable whois by default
Josef Schlehofer [2020-11-17 02:07:09]: Hi, > Whois can identify who owns a domain and how to get reach owner. Providing > this tool in OpenWrt someone does not need to use websites for everything. I don't think, that this tool is essential enough to be shipped by default. One can use whois on desktop or mobile phone for example. I think, that packaging whois[1] shouldn't be that hard, then you've it one `opkg install` away. 1. https://github.com/rfc1036/whois Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] download: handle possibly invalid local tarballs
Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.
From now on, we're going to always check the downloaded tarballs before
considering them valid.
Steps to reproduce:
1. remove cached tarball
rm dl/libubox-2020-08-06-9e52171d.tar.xz
2. download valid tarball again
make package/libubox/download
3. invalidate the tarball
sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/'
package/libs/libubox/Makefile
4. now compile with corrupt tarball source
make package/libubox/{clean,compile}
Signed-off-by: Petr Štetiar
---
include/download.mk | 2 +-
scripts/download.pl | 18 ++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/include/download.mk b/include/download.mk
index d393bf390716..7c2de929d347 100644
--- a/include/download.mk
+++ b/include/download.mk
@@ -317,7 +317,7 @@ define Download
)
download: $(DL_DIR)/$(FILE)
- $(DL_DIR)/$(FILE):
+ $(DL_DIR)/$(FILE): FORCE
mkdir -p $(DL_DIR)
$(call locked, \
$(if $(DownloadMethod/$(call dl_method,$(URL),$(PROTO))), \
diff --git a/scripts/download.pl b/scripts/download.pl
index cdccae133f49..b51c8f1127e8 100755
--- a/scripts/download.pl
+++ b/scripts/download.pl
@@ -261,6 +261,24 @@ foreach my $mirror (@ARGV) {
push @mirrors, 'https://sources.openwrt.org';
push @mirrors, 'https://mirror2.openwrt.org/sources';
+if (-f "$target/$filename") {
+ $hash_cmd and do {
+ if (system("cat '$target/$filename' | $hash_cmd >
'$target/$filename.hash'")) {
+ die "Failed to generate hash for $filename\n";
+ }
+
+ my $sum = `cat "$target/$filename.hash"`;
+ $sum =~ /^(\w+)\s*/ or die "Could not generate file hash\n";
+ $sum = $1;
+
+ exit 0 if $sum eq $file_hash;
+
+ die "Hash of the local file $filename does not match (file:
$sum, requested: $file_hash) - deleting download.\n";
+ unlink "$target/$filename";
+ cleanup();
+ };
+}
+
while (!-f "$target/$filename") {
my $mirror = shift @mirrors;
$mirror or die "No more mirrors to try - giving up.\n";
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: 20.xx: postponse LuCI HTTPS per default
Paul Spooren [2020-11-19 13:09:02]: Hi, > while 20.xx seems close, I don't share your view on this one, 21.xx is close, yes :-) Just being realistic here. So I would say, that if this issue should be tackled, there is still some time left to do so. > I'd like to suggest to postponse HTTPS LuCI (`luci-ssl` vs `luci`) per > default. Do we need to make this hard decission? Can't we leave it to the end users? We need most of the SSL stuff for other parts, so why not benefit from that in other parts? For the start, can't we simply introduce some first time welcome page on HTTP, explain to the user, that HTTPS is available, the pros and cons of this solution and let the user decide? In less intrusive way, this welcome page/wizard could be replaced with some information box "HTTPS is just a moments away", so the user would need to explicitly request that HTTPS feature. There might be some better UX approach, but please try hard to move forward, not backward :-) -- ynezz ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2] download: handle possibly invalid local tarballs
Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.
From now on, we're going to always check the downloaded tarballs before
considering them valid.
Steps to reproduce:
1. Remove cached tarball
rm dl/libubox-2020-08-06-9e52171d.tar.xz
2. Download valid tarball again
make package/libubox/download
3. Invalidate the tarball
sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/'
package/libs/libubox/Makefile
4. Now compile with corrupt tarball source
make package/libubox/{clean,compile}
Signed-off-by: Petr Štetiar
---
Changes since v1:
* fixed infinite re-downloading of the source tarball when using
KERNEL_GIT_LOCAL_REPOSITORY
include/host-build.mk | 2 ++
include/package.mk| 2 ++
scripts/download.pl | 18 ++
3 files changed, 22 insertions(+)
diff --git a/include/host-build.mk b/include/host-build.mk
index 7d84ab0f5fc4..4ac140518113 100644
--- a/include/host-build.mk
+++ b/include/host-build.mk
@@ -186,6 +186,8 @@ ifndef DUMP
clean-build: host-clean-build
endif
+ $(DL_DIR)/$(FILE): FORCE
+
$(_host_target)host-prepare: $(HOST_STAMP_PREPARED)
$(_host_target)host-configure: $(HOST_STAMP_CONFIGURED)
$(_host_target)host-compile: $(HOST_STAMP_BUILT) $(HOST_STAMP_INSTALLED)
diff --git a/include/package.mk b/include/package.mk
index 50bd838180d8..5eb4460db86c 100644
--- a/include/package.mk
+++ b/include/package.mk
@@ -189,6 +189,8 @@ define Build/CoreTargets
$(call Build/Autoclean)
$(call DefaultTargets)
+ $(DL_DIR)/$(FILE): FORCE
+
download:
$(foreach hook,$(Hooks/Download),
$(call $(hook))$(sep)
diff --git a/scripts/download.pl b/scripts/download.pl
index 351b06a08b2f..2d87f47f842b 100755
--- a/scripts/download.pl
+++ b/scripts/download.pl
@@ -262,6 +262,24 @@ foreach my $mirror (@ARGV) {
push @mirrors, 'https://sources.openwrt.org';
push @mirrors, 'https://mirror2.openwrt.org/sources';
+if (-f "$target/$filename") {
+ $hash_cmd and do {
+ if (system("cat '$target/$filename' | $hash_cmd >
'$target/$filename.hash'")) {
+ die "Failed to generate hash for $filename\n";
+ }
+
+ my $sum = `cat "$target/$filename.hash"`;
+ $sum =~ /^(\w+)\s*/ or die "Could not generate file hash\n";
+ $sum = $1;
+
+ exit 0 if $sum eq $file_hash;
+
+ die "Hash of the local file $filename does not match (file:
$sum, requested: $file_hash) - deleting download.\n";
+ unlink "$target/$filename";
+ cleanup();
+ };
+}
+
while (!-f "$target/$filename") {
my $mirror = shift @mirrors;
$mirror or die "No more mirrors to try - giving up.\n";
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 1/2] toolchain: kernel-headers: fix check target for kernel Git tree
Currently the check target fails if the kernel Git tree is used:
$ make toolchain/kernel-headers/{download,check}
make[2]: Entering directory 'toolchain/kernel-headers'
Makefile:105: *** ERROR: Unknown pack format for file openwrt/tmp/dl/. Stop.
make[2]: Leaving directory 'toolchain/kernel-headers'
toolchain/Makefile:100: recipe for target 'toolchain/kernel-headers/check'
failed
Signed-off-by: Petr Štetiar
---
toolchain/kernel-headers/Makefile | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/toolchain/kernel-headers/Makefile
b/toolchain/kernel-headers/Makefile
index a4120d587dbf..1bc650dc3c78 100644
--- a/toolchain/kernel-headers/Makefile
+++ b/toolchain/kernel-headers/Makefile
@@ -17,11 +17,18 @@ include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=linux
PKG_VERSION:=$(LINUX_VERSION)
PKG_SOURCE:=$(LINUX_SOURCE)
-ifneq ($(strip $(CONFIG_KERNEL_GIT_CLONE_URI)),"")
+ifneq ($(call qstrip,$(CONFIG_KERNEL_GIT_CLONE_URI)),)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=$(call qstrip,$(CONFIG_KERNEL_GIT_CLONE_URI))
- PKG_SOURCE_VERSION:=$(CONFIG_KERNEL_GIT_REF)
+ PKG_SOURCE_VERSION:=$(call qstrip,$(CONFIG_KERNEL_GIT_REF))
+ifdef CHECK
+ include $(INCLUDE_DIR)/kernel-version.mk
+ PKG_VERSION:=$(LINUX_VERSION)
else
+ PKG_SOURCE:=$(LINUX_SOURCE)
+endif
+else
+ PKG_SOURCE:=$(LINUX_SOURCE)
PKG_SOURCE_URL:=$(LINUX_SITE)
endif
HOST_BUILD_DIR:=$(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 2/2] toolchain: kernel-headers: kernel Git tree mirror hash
Allow setting of mirror hash for Git kernel tree. Signed-off-by: Petr Štetiar --- config/Config-devel.in| 5 + toolchain/kernel-headers/Makefile | 1 + 2 files changed, 6 insertions(+) diff --git a/config/Config-devel.in b/config/Config-devel.in index 6447a79db2ca..21e15f16dcb4 100644 --- a/config/Config-devel.in +++ b/config/Config-devel.in @@ -107,6 +107,11 @@ menuconfig DEVEL It can be a git hash or a branch name. If unused, the clone's repository HEAD will be checked-out. + config KERNEL_GIT_MIRROR_HASH + string "Enter hash of Git kernel tree source checkout tarball" if DEVEL + depends on (KERNEL_GIT_CLONE_URI != "") + default "" + config BUILD_LOG bool "Enable log files during build process" if DEVEL help diff --git a/toolchain/kernel-headers/Makefile b/toolchain/kernel-headers/Makefile index 1bc650dc3c78..eea0ffbde071 100644 --- a/toolchain/kernel-headers/Makefile +++ b/toolchain/kernel-headers/Makefile @@ -21,6 +21,7 @@ ifneq ($(call qstrip,$(CONFIG_KERNEL_GIT_CLONE_URI)),) PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=$(call qstrip,$(CONFIG_KERNEL_GIT_CLONE_URI)) PKG_SOURCE_VERSION:=$(call qstrip,$(CONFIG_KERNEL_GIT_REF)) + PKG_MIRROR_HASH:=$(call qstrip,$(CONFIG_KERNEL_GIT_MIRROR_HASH)) ifdef CHECK include $(INCLUDE_DIR)/kernel-version.mk PKG_VERSION:=$(LINUX_VERSION) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: QEMU x86/64 ubus issues [Was: Re: [PATCH 0/2] enable procd security features by default]
Petr Štetiar [2020-11-10 07:43:24]: Hi, > I've started QEMU x86/64 (4 cores, 512MB RAM) with LAN/WAN interfaces > yesterday in the afternoon and found it in unusable state this morning, > without network and constantly OOMing. I did tested it few more times and it looks like it's some bug in odhcp6c unrelated to the proposed patches, so for the series: Acked-by: Petr Štetiar Thanks! Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] Revert "build: switch VERSION_REPO to HTTPS"
Paul Spooren [2020-11-24 22:29:00]: Hi, > Using HTTPS for opkg dramatically slows down download of packages and reload > of indexes. do you've such dramatic numbers handy? > This was mostly introduced to secure the ImageBuilder. However with the > usign signature checking ability added to ImageBuilders, this becomes > obsolete. It is still possible to manually change feeds to HTTPS if desired, > but the default can be HTTP. I don't agree. From my point of view HTTPS is another protection layer and should be enabled by default. It's our safety net against issues like CVE-2020-7982[1] as we know, regressions are quite common in software world. > This was already requested via IRC and accepted somewhat accepted as the > current ustream-wolfssl implementation is broken. If it's broken, then it should be fixed. If it's unmaintained then the package should be disabled or removed. Disabling HTTPS is not going to fix that issue in ustream-wolfssl package as reported in FS#3465. -- ynezz ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] config: clean double whitespace in Config-build.in
Paul Spooren [2020-11-24 22:27:58]: > Trivial cosmetic cleanup. This also helps for script that parse for > options in Config files. > > Signed-off-by: Paul Spooren > --- > config/Config-build.in | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/config/Config-build.in b/config/Config-build.in > index 4148180cd5..bf0ea7d828 100644 > --- a/config/Config-build.in > +++ b/config/Config-build.in > @@ -290,11 +290,11 @@ menu "Global build settings" > bool "Strong" > endchoice > > - config KERNEL_STACKPROTECTOR > + config KERNEL_STACKPROTECTOR > bool > default KERNEL_CC_STACKPROTECTOR_REGULAR || > KERNEL_CC_STACKPROTECTOR_STRONG > > - config KERNEL_STACKPROTECTOR_STRONG > + config KERNEL_STACKPROTECTOR_STRONG > bool > default KERNEL_CC_STACKPROTECTOR_STRONG Reviewed-by: Petr Štetiar ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] Revert "build: switch VERSION_REPO to HTTPS"
Baptiste Jonglez [2020-11-25 12:41:18]: Hi, > For the imagebuilder, it increases the *total* build time (not just > download time!) by +50%: > > http://lists.openwrt.org/pipermail/openwrt-devel/2020-September/031406.html I don't consider 10 seconds dramatic increase of time, but it of course depends on your use case. If you aim for faster builds you can disable the HTTPS (one sed command) by yourself, proxy/cache the downloads etc. One of the project's goal is standard installation secure by default, which for me means HTTPS in this case and I'm willing to make this 10 second tradeoff. > On a device, I suspect it will be much worse but I can't currently test > that. It shouldn't be too hard, just make sure to clean opkg files > between each test to have a proper apple-to-apple comparison. You hardly download 100 packages on device. You don't care if it takes two minutes, because you're not doing it every day, it's running in the background etc. > The main problem is the lack of persistent connection, which means doing a > full expensive TLS exchange for each separate file download, however small > it is. It's a lot of crypto for a small CPU on devices, You can turn off HTTPS if you prefer speed over maximum security > and if it's widely deployed it will also impact the load on the download > server. There should be CDN from Fastly soon, hopefully before the release, SFC has already revisited the deal/documents and AFAIK it's waiting for the final signature. > Thus, it's not reasonable to have this by default in a release. I don't agree. It has to be default in the next release :-) > I'm working on adding persistent connection support to opkg but it's not > straightforward. Great, thanks! Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH 0/8] kernel: mtdsplit_uimage: use device tree properties for non-standard uimage parsing
Bjørn Mork [2020-11-25 12:45:03]: Hi, > Still not sure that was a good idea. 140 insertions(+), 377 deletions(-) nice numbers, I like it, thanks. Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] libroxml: switch to CMake
Rosen Penev [2020-07-11 11:20:15]: Hi, > Added patch to fix compilation with gcc10. > > Fixed license information. > > Fix ABI_VERSION. possibly another candidate for move into packages feed? Thanks! Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] openssl: fix compilation
Rosen Penev [2020-11-24 02:04:24]:
Hi,
> It seems the Makefile wrongly picks up dist CC and matches on a clang
> path.
>
> Fixes:
>
> mips-openwrt-linux-musl-gcc: error: unrecognized command-line option
> '-Qunused-arguments'
then the fix seems wrong. You should make sure, that proper CC is used.
> Signed-off-by: Rosen Penev
> ---
> package/libs/openssl/Makefile | 2 +-
> package/libs/openssl/patches/101-Configure-typo.patch | 11 +++
> 2 files changed, 12 insertions(+), 1 deletion(-)
> create mode 100644 package/libs/openssl/patches/101-Configure-typo.patch
>
> diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
> index 9696748106..325c736ed4 100644
> --- a/package/libs/openssl/Makefile
> +++ b/package/libs/openssl/Makefile
> @@ -11,7 +11,7 @@ PKG_NAME:=openssl
> PKG_BASE:=1.1.1
> PKG_BUGFIX:=h
> PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
> -PKG_RELEASE:=1
> +PKG_RELEASE:=2
> PKG_USE_MIPS16:=0
> ENGINES_DIR=engines-1.1
>
> diff --git a/package/libs/openssl/patches/101-Configure-typo.patch
> b/package/libs/openssl/patches/101-Configure-typo.patch
> new file mode 100644
> index 00..2a2344ff82
> --- /dev/null
> +++ b/package/libs/openssl/patches/101-Configure-typo.patch
> @@ -0,0 +1,11 @@
> +--- a/Configure
> b/Configure
> +@@ -1444,7 +1444,7 @@ if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O
> ne 'VMS') {
> + # but it apparently recognizes the option in question on all
> + # supported platforms even when it's meaningless. In other words
> + # probe would fail, but probed option always accepted...
> +-push @{$config{cflags}}, "-Wa,--noexecstack", "-Qunused-arguments";
> ++push @{$config{cflags}}, "-Wa,--noexecstack";
> + } else {
> + my $cc = $config{CROSS_COMPILE}.$config{CC};
> + open(PIPE, "$cc -Wa,--help -c -o null.$$.o -x assembler /dev/null
> 2>&1 |");
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
odhcp6c RENEW timeout issue leads to OOM/OOPS [Was: Re: QEMU x86/64 ubus issues ... ]
Hi Hans, I've tried to ping you on IRC few days ago as I've found some strange issue with odhcp6c which leads to OOM/OOPS[1] (log with just the important parts). It simply happens every time after about 10 hours for me when I boot the system in QEMU and have LAN/WAN networks connected there. It looks like that RENEW retry timeout is being decremented from 13060s down to 1s during those few hours, then it goes in the crazy loop and it seems to trash the machine completely, sometimes OOMs, sometimes OOPS and reboots due to the squashfs issues. Nothing is happening on that machine, I just boot it and then let it idle. I've also uploaded complete unfiltered syslog[2] for you. I'm able to reproduce it easily, so happy to help test the fix. This is on latest and greatest master, x86/64 in QEMU. Thanks! 1. http://sprunge.us/vv0Idx 2. http://ynezz.true.cz/openwrt/odhcp6c/syslog.log.gz Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Recovering mailing list archives
Hi, so far I've noticed 2 years of missing emails in openwrt-adm archives from 6/2018 to 5/2020 and would like to fix this situation. So here is my current vision: 1. Collect[A] email archives in maildir or mbox format for openwrt-devel and openwrt-adm lists * please send me the links to your archives off-list * mailman archives are not that good[B] but could be OK as a last resort 2. Import those archives into public-inbox Git repositories 3. Setup inbox.staging.openwrt.org with public-inbox interface * so we can have similar browsable archives as for example on lore.kernel.org[C] * anyone could easily access/mirror/backup the archives over Git 4. If we decide, that it's OK, move it from staging into inbox.openwrt.org * start serving the archives over Git from git.openwrt.org? * start mirroring to GitHub/GitLab Thanks! A. https://korg.docs.kernel.org/lore.html#collecting-archive-donations B. https://korg.docs.kernel.org/lore.html#can-we-use-mailman-archives C. https://www.kernel.org/lore.html Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH 0/2] enable procd security features by default
Daniel Golle [2020-11-07 14:17:12]: Hi, > Please report back testing now the latest master on rtl8382 booted from initramfs and seeing following: Thu Nov 26 14:45:35 2020 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses! Thu Nov 26 14:45:36 2020 user.notice dnsmasq: Allowing 127.0.0.0/8 responses Thu Nov 26 14:45:42 2020 user.err : jail: pivot_root(/tmp/ujail-CgOmPF, /tmp/ujail-CgOmPF/old) failed: Invalid argument Thu Nov 26 14:45:42 2020 daemon.info procd: Instance dnsmasq::cfg01411c s in a crash loop 14 crashes, 0 seconds since last crash Thu Nov 26 14:45:45 2020 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses! Thu Nov 26 14:45:45 2020 user.notice dnsmasq: Allowing 127.0.0.0/8 responses Thu Nov 26 14:45:46 2020 user.err : jail: pivot_root(/tmp/ujail-kfIjBM, /tmp/ujail-kfIjBM/old) failed: Invalid argument Thu Nov 26 14:45:46 2020 daemon.info procd: Instance dnsmasq::cfg01411c s in a crash loop 15 crashes, 0 seconds since last crash -- ynezz ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH 0/2] enable procd security features by default
Daniel Golle [2020-11-27 03:21:39]: Hi, > On Thu, Nov 26, 2020 at 05:43:53PM +0100, Petr Štetiar wrote: > > Daniel Golle [2020-11-07 14:17:12]: > > > > > Please report back > > > > testing now the latest master on rtl8382 booted from initramfs and seeing > > following: > > > > Thu Nov 26 14:45:35 2020 user.notice dnsmasq: DNS rebinding protection is > > active, will discard upstream RFC1918 responses! > > Thu Nov 26 14:45:36 2020 user.notice dnsmasq: Allowing 127.0.0.0/8 > > responses > > Thu Nov 26 14:45:42 2020 user.err : jail: pivot_root(/tmp/ujail-CgOmPF, > > /tmp/ujail-CgOmPF/old) failed: Invalid argument > > Thu Nov 26 14:45:42 2020 daemon.info procd: Instance dnsmasq::cfg01411c s > > in a crash loop 14 crashes, 0 seconds since last crash > > Thu Nov 26 14:45:45 2020 user.notice dnsmasq: DNS rebinding protection is > > active, will discard upstream RFC1918 responses! > > Thu Nov 26 14:45:45 2020 user.notice dnsmasq: Allowing 127.0.0.0/8 > > responses > > Thu Nov 26 14:45:46 2020 user.err : jail: pivot_root(/tmp/ujail-kfIjBM, > > /tmp/ujail-kfIjBM/old) failed: Invalid argument > > Thu Nov 26 14:45:46 2020 daemon.info procd: Instance dnsmasq::cfg01411c s > > in a crash loop 15 crashes, 0 seconds since last crash > > Should be fixed in latest master by > commit 7fd3c68137ee0fa4c9f5e7b6f993bd09005f7964 > Author: Daniel Golle > Date: Fri Nov 27 01:00:31 2020 +0100 > > initramfs: switch to tmpfs to fix ujail thanks a lot for quick fix, it works fine now Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] cmake.mk,rules.mk: fix host builds using CMake and ccache
Commit f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as
well") has introduced regression as it didn't taken usage of ccache into
the account so fix it by handling ccache use cases as well.
In order to get this working we need to export HOSTCXX_NOCACHE in
rules.mk as well.
Fixes: f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as well")
Reported-by: Ansuel Smith
Signed-off-by: Petr Štetiar
---
include/cmake.mk | 18 --
rules.mk | 1 +
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/include/cmake.mk b/include/cmake.mk
index 2cc10301aa4e..0a20530a16fe 100644
--- a/include/cmake.mk
+++ b/include/cmake.mk
@@ -23,12 +23,22 @@ ifeq ($(CONFIG_CCACHE),)
CMAKE_CXX_COMPILER:=$(call cmake_tool,$(TARGET_CXX))
CMAKE_C_COMPILER_ARG1:=
CMAKE_CXX_COMPILER_ARG1:=
+
+ CMAKE_HOST_C_COMPILER:=$(HOSTCC)
+ CMAKE_HOST_CXX_COMPILER:=$(HOSTCXX)
+ CMAKE_HOST_C_COMPILER_ARG1:=
+ CMAKE_HOST_CXX_COMPILER_ARG1:=
else
CCACHE:=$(STAGING_DIR_HOST)/bin/ccache
CMAKE_C_COMPILER:=$(CCACHE)
CMAKE_C_COMPILER_ARG1:=$(TARGET_CC_NOCACHE)
CMAKE_CXX_COMPILER:=$(CCACHE)
CMAKE_CXX_COMPILER_ARG1:=$(TARGET_CXX_NOCACHE)
+
+ CMAKE_HOST_C_COMPILER:=$(CCACHE)
+ CMAKE_HOST_C_COMPILER_ARG1:=$(HOSTCC_NOCACHE)
+ CMAKE_HOST_CXX_COMPILER:=$(CCACHE)
+ CMAKE_HOST_CXX_COMPILER_ARG1:=$(HOSTCXX_NOCACHE)
endif
CMAKE_AR:=$(call cmake_tool,$(TARGET_AR))
CMAKE_NM:=$(call cmake_tool,$(TARGET_NM))
@@ -97,8 +107,12 @@ define Host/Configure/Default
LDFLAGS="$(HOST_LDFLAGS)" \
cmake \
-DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_C_COMPILER="$(HOSTCC)" \
- -DCMAKE_CXX_COMPILER="$(HOSTCXX)" \
+ -DCMAKE_C_COMPILER="$(CMAKE_HOST_C_COMPILER)" \
+ -DCMAKE_C_COMPILER_ARG1="$(CMAKE_HOST_C_COMPILER_ARG1)"
\
+ -DCMAKE_CXX_COMPILER="$(CMAKE_HOST_CXX_COMPILER)" \
+
-DCMAKE_CXX_COMPILER_ARG1="$(CMAKE_HOST_CXX_COMPILER_ARG1)" \
+ -DCMAKE_ASM_COMPILER="$(CMAKE_HOST_C_COMPILER)" \
+
-DCMAKE_ASM_COMPILER_ARG1="$(CMAKE_HOST_C_COMPILER_ARG1)" \
-DCMAKE_C_FLAGS_RELEASE="-DNDEBUG" \
-DCMAKE_CXX_FLAGS_RELEASE="-DNDEBUG" \
-DCMAKE_EXE_LINKER_FLAGS:STRING="$(HOST_LDFLAGS)" \
diff --git a/rules.mk b/rules.mk
index adb103d81f2f..34222a3a7199 100644
--- a/rules.mk
+++ b/rules.mk
@@ -292,6 +292,7 @@ HOSTCXX_NOCACHE:=$(HOSTCXX)
export TARGET_CC_NOCACHE
export TARGET_CXX_NOCACHE
export HOSTCC_NOCACHE
+export HOSTCXX_NOCACHE
ifneq ($(CONFIG_CCACHE),)
TARGET_CC:= ccache_cc
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] cmake.mk, rules.mk: fix host builds using CMake and ccache
Ansuel Smith [2020-11-28 15:13:32]: Hi, > Can confirm that this fix the bug. sorry for the breakage and thank you for testing. Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: odhcp6c RENEW timeout issue leads to OOM/OOPS [Was: Re: QEMU x86/64 ubus issues ... ]
Hans Dedecker [2020-11-26 21:19:30]: Hi, > Is it possible to have a pcap trace of the DHCPv6 messages on the wan ? > I hope to find some time next weekend to investigate the issue further http://ynezz.true.cz/openwrt/odhcp6c/capture.pcap.gz Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 19.07 5/6] toolchain: kernel-headers: fix check target for kernel Git tree
Currently the check target fails if the kernel Git tree is used:
$ make toolchain/kernel-headers/{download,check}
make[2]: Entering directory 'toolchain/kernel-headers'
Makefile:105: *** ERROR: Unknown pack format for file openwrt/tmp/dl/. Stop.
make[2]: Leaving directory 'toolchain/kernel-headers'
toolchain/Makefile:100: recipe for target 'toolchain/kernel-headers/check'
failed
Signed-off-by: Petr Štetiar
(cherry picked from commit bb7ba6b6a81d1fb7ac6075edfd8e8b713dd61db2)
---
toolchain/kernel-headers/Makefile | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/toolchain/kernel-headers/Makefile
b/toolchain/kernel-headers/Makefile
index f7842cb9bd8b..1da1946a149c 100644
--- a/toolchain/kernel-headers/Makefile
+++ b/toolchain/kernel-headers/Makefile
@@ -17,11 +17,18 @@ include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=linux
PKG_VERSION:=$(LINUX_VERSION)
PKG_SOURCE:=$(LINUX_SOURCE)
-ifneq ($(strip $(CONFIG_KERNEL_GIT_CLONE_URI)),"")
+ifneq ($(call qstrip,$(CONFIG_KERNEL_GIT_CLONE_URI)),)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=$(call qstrip,$(CONFIG_KERNEL_GIT_CLONE_URI))
- PKG_SOURCE_VERSION:=$(CONFIG_KERNEL_GIT_REF)
+ PKG_SOURCE_VERSION:=$(call qstrip,$(CONFIG_KERNEL_GIT_REF))
+ifdef CHECK
+ include $(INCLUDE_DIR)/kernel-version.mk
+ PKG_VERSION:=$(LINUX_VERSION)
else
+ PKG_SOURCE:=$(LINUX_SOURCE)
+endif
+else
+ PKG_SOURCE:=$(LINUX_SOURCE)
PKG_SOURCE_URL:=$(LINUX_SITE)
endif
HOST_BUILD_DIR:=$(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 19.07 0/6] backport fixes
Hi, seems like dust has settled so I would like to backport fixes related to reproducibility of builds and one CMake fix for new macOS/XCode woes. Cheers, Petr Petr Štetiar (5): cmake.mk,rules.mk: fix host builds using CMake and ccache download: handle possibly invalid local tarballs download.pl: properly cleanup intermediate .hash file toolchain: kernel-headers: fix check target for kernel Git tree toolchain: kernel-headers: kernel Git tree mirror hash Rosen Penev (1): cmake.mk: set C/CXX compiler for host builds as well config/Config-devel.in| 5 + include/cmake.mk | 16 include/host-build.mk | 2 ++ include/package.mk| 2 ++ rules.mk | 1 + scripts/download.pl | 18 ++ toolchain/kernel-headers/Makefile | 12 ++-- 7 files changed, 54 insertions(+), 2 deletions(-) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 19.07 1/6] cmake.mk: set C/CXX compiler for host builds as well
From: Rosen Penev Without this, cmake will use whatever CC/CXX is set to, which could be clang. In that case, at least libjson-c/host will fail to compile. Signed-off-by: Rosen Penev (cherry picked from commit f98878e4c17d5f11e78994b4fc456e6b60b2660f) Signed-off-by: Petr Štetiar --- include/cmake.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/cmake.mk b/include/cmake.mk index a5ba7d31bf92..1f764ab95593 100644 --- a/include/cmake.mk +++ b/include/cmake.mk @@ -90,6 +90,8 @@ define Host/Configure/Default LDFLAGS="$(HOST_LDFLAGS)" \ cmake \ -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_C_COMPILER="$(HOSTCC)" \ + -DCMAKE_CXX_COMPILER="$(HOSTCXX)" \ -DCMAKE_C_FLAGS_RELEASE="-DNDEBUG" \ -DCMAKE_CXX_FLAGS_RELEASE="-DNDEBUG" \ -DCMAKE_EXE_LINKER_FLAGS:STRING="$(HOST_LDFLAGS)" \ ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 19.07 3/6] download: handle possibly invalid local tarballs
Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.
From now on, we're going to always check the downloaded tarballs before
considering them valid.
Steps to reproduce:
1. Remove cached tarball
rm dl/libubox-2020-08-06-9e52171d.tar.xz
2. Download valid tarball again
make package/libubox/download
3. Invalidate the tarball
sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/'
package/libs/libubox/Makefile
4. Now compile with corrupt tarball source
make package/libubox/{clean,compile}
Signed-off-by: Petr Štetiar
(cherry picked from commit 4e19cbc553350b8146985367ba46514cf50e3393)
---
include/host-build.mk | 2 ++
include/package.mk| 2 ++
scripts/download.pl | 18 ++
3 files changed, 22 insertions(+)
diff --git a/include/host-build.mk b/include/host-build.mk
index 827ea6bbfb1b..79a9b1f8d605 100644
--- a/include/host-build.mk
+++ b/include/host-build.mk
@@ -184,6 +184,8 @@ ifndef DUMP
clean-build: host-clean-build
endif
+ $(DL_DIR)/$(FILE): FORCE
+
$(_host_target)host-prepare: $(HOST_STAMP_PREPARED)
$(_host_target)host-configure: $(HOST_STAMP_CONFIGURED)
$(_host_target)host-compile: $(HOST_STAMP_BUILT) $(HOST_STAMP_INSTALLED)
diff --git a/include/package.mk b/include/package.mk
index c541f6edf7a9..f6aa5ea8d03d 100644
--- a/include/package.mk
+++ b/include/package.mk
@@ -185,6 +185,8 @@ define Build/CoreTargets
$(call Build/Autoclean)
$(call DefaultTargets)
+ $(DL_DIR)/$(FILE): FORCE
+
download:
$(foreach hook,$(Hooks/Download),
$(call $(hook))$(sep)
diff --git a/scripts/download.pl b/scripts/download.pl
index 5739c20ceae9..c1623bf91fe0 100755
--- a/scripts/download.pl
+++ b/scripts/download.pl
@@ -263,6 +263,24 @@ foreach my $mirror (@ARGV) {
push @mirrors, 'https://sources.openwrt.org';
push @mirrors, 'https://mirror2.openwrt.org/sources';
+if (-f "$target/$filename") {
+ $hash_cmd and do {
+ if (system("cat '$target/$filename' | $hash_cmd >
'$target/$filename.hash'")) {
+ die "Failed to generate hash for $filename\n";
+ }
+
+ my $sum = `cat "$target/$filename.hash"`;
+ $sum =~ /^(\w+)\s*/ or die "Could not generate file hash\n";
+ $sum = $1;
+
+ exit 0 if $sum eq $file_hash;
+
+ die "Hash of the local file $filename does not match (file:
$sum, requested: $file_hash) - deleting download.\n";
+ unlink "$target/$filename";
+ cleanup();
+ };
+}
+
while (!-f "$target/$filename") {
my $mirror = shift @mirrors;
$mirror or die "No more mirrors to try - giving up.\n";
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 19.07 6/6] toolchain: kernel-headers: kernel Git tree mirror hash
Allow setting of mirror hash for Git kernel tree. Signed-off-by: Petr Štetiar (cherry picked from commit 796d51834c5be85771d26e433fd509cd3bef72e3) --- config/Config-devel.in| 5 + toolchain/kernel-headers/Makefile | 1 + 2 files changed, 6 insertions(+) diff --git a/config/Config-devel.in b/config/Config-devel.in index fd7c3ead1e8e..1c514f86d424 100644 --- a/config/Config-devel.in +++ b/config/Config-devel.in @@ -100,6 +100,11 @@ menuconfig DEVEL It can be a git hash or a branch name. If unused, the clone's repository HEAD will be checked-out. + config KERNEL_GIT_MIRROR_HASH + string "Enter hash of Git kernel tree source checkout tarball" if DEVEL + depends on (KERNEL_GIT_CLONE_URI != "") + default "" + config BUILD_LOG bool "Enable log files during build process" if DEVEL help diff --git a/toolchain/kernel-headers/Makefile b/toolchain/kernel-headers/Makefile index 1da1946a149c..69318814937a 100644 --- a/toolchain/kernel-headers/Makefile +++ b/toolchain/kernel-headers/Makefile @@ -21,6 +21,7 @@ ifneq ($(call qstrip,$(CONFIG_KERNEL_GIT_CLONE_URI)),) PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=$(call qstrip,$(CONFIG_KERNEL_GIT_CLONE_URI)) PKG_SOURCE_VERSION:=$(call qstrip,$(CONFIG_KERNEL_GIT_REF)) + PKG_MIRROR_HASH:=$(call qstrip,$(CONFIG_KERNEL_GIT_MIRROR_HASH)) ifdef CHECK include $(INCLUDE_DIR)/kernel-version.mk PKG_VERSION:=$(LINUX_VERSION) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 19.07 4/6] download.pl: properly cleanup intermediate .hash file
It seems like after a build the /dl dir seems to now contain a .hash
file for each source file due to inproper cleanup so fix it by removing
those intermediate files before leaving the download action.
Fixes: 4e19cbc55335 ("download: handle possibly invalid local tarballs")
Reported-by: Hannu Nyman
Signed-off-by: Petr Štetiar
(cherry picked from commit 52a5d0d27f2557db99fc5435fbd7783b649cb9b2)
---
scripts/download.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/download.pl b/scripts/download.pl
index c1623bf91fe0..2876ae5807cd 100755
--- a/scripts/download.pl
+++ b/scripts/download.pl
@@ -273,11 +273,11 @@ if (-f "$target/$filename") {
$sum =~ /^(\w+)\s*/ or die "Could not generate file hash\n";
$sum = $1;
+ cleanup();
exit 0 if $sum eq $file_hash;
die "Hash of the local file $filename does not match (file:
$sum, requested: $file_hash) - deleting download.\n";
unlink "$target/$filename";
- cleanup();
};
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 19.07 2/6] cmake.mk, rules.mk: fix host builds using CMake and ccache
Commit f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as
well") has introduced regression as it didn't taken usage of ccache into
the account so fix it by handling ccache use cases as well.
In order to get this working we need to export HOSTCXX_NOCACHE in
rules.mk as well.
Fixes: f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as well")
Reported-by: Ansuel Smith
Tested-by: Ansuel Smith
Signed-off-by: Petr Štetiar
(cherry picked from commit 524fb5646eec6147aadfdd508219f39bcf8ba8fc)
---
include/cmake.mk | 18 --
rules.mk | 1 +
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/include/cmake.mk b/include/cmake.mk
index 1f764ab95593..8989b4744fe0 100644
--- a/include/cmake.mk
+++ b/include/cmake.mk
@@ -22,12 +22,22 @@ ifeq ($(CONFIG_CCACHE),)
CMAKE_CXX_COMPILER:=$(call cmake_tool,$(TARGET_CXX))
CMAKE_C_COMPILER_ARG1:=
CMAKE_CXX_COMPILER_ARG1:=
+
+ CMAKE_HOST_C_COMPILER:=$(HOSTCC)
+ CMAKE_HOST_CXX_COMPILER:=$(HOSTCXX)
+ CMAKE_HOST_C_COMPILER_ARG1:=
+ CMAKE_HOST_CXX_COMPILER_ARG1:=
else
CCACHE:=$(STAGING_DIR_HOST)/bin/ccache
CMAKE_C_COMPILER:=$(CCACHE)
CMAKE_C_COMPILER_ARG1:=$(TARGET_CC_NOCACHE)
CMAKE_CXX_COMPILER:=$(CCACHE)
CMAKE_CXX_COMPILER_ARG1:=$(TARGET_CXX_NOCACHE)
+
+ CMAKE_HOST_C_COMPILER:=$(CCACHE)
+ CMAKE_HOST_C_COMPILER_ARG1:=$(HOSTCC_NOCACHE)
+ CMAKE_HOST_CXX_COMPILER:=$(CCACHE)
+ CMAKE_HOST_CXX_COMPILER_ARG1:=$(HOSTCXX_NOCACHE)
endif
CMAKE_AR:=$(call cmake_tool,$(TARGET_AR))
CMAKE_NM:=$(call cmake_tool,$(TARGET_NM))
@@ -90,8 +100,12 @@ define Host/Configure/Default
LDFLAGS="$(HOST_LDFLAGS)" \
cmake \
-DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_C_COMPILER="$(HOSTCC)" \
- -DCMAKE_CXX_COMPILER="$(HOSTCXX)" \
+ -DCMAKE_C_COMPILER="$(CMAKE_HOST_C_COMPILER)" \
+ -DCMAKE_C_COMPILER_ARG1="$(CMAKE_HOST_C_COMPILER_ARG1)"
\
+ -DCMAKE_CXX_COMPILER="$(CMAKE_HOST_CXX_COMPILER)" \
+
-DCMAKE_CXX_COMPILER_ARG1="$(CMAKE_HOST_CXX_COMPILER_ARG1)" \
+ -DCMAKE_ASM_COMPILER="$(CMAKE_HOST_C_COMPILER)" \
+
-DCMAKE_ASM_COMPILER_ARG1="$(CMAKE_HOST_C_COMPILER_ARG1)" \
-DCMAKE_C_FLAGS_RELEASE="-DNDEBUG" \
-DCMAKE_CXX_FLAGS_RELEASE="-DNDEBUG" \
-DCMAKE_EXE_LINKER_FLAGS:STRING="$(HOST_LDFLAGS)" \
diff --git a/rules.mk b/rules.mk
index 80cb3d63f449..41ed9bafd01b 100644
--- a/rules.mk
+++ b/rules.mk
@@ -291,6 +291,7 @@ HOSTCXX_NOCACHE:=$(HOSTCXX)
export TARGET_CC_NOCACHE
export TARGET_CXX_NOCACHE
export HOSTCC_NOCACHE
+export HOSTCXX_NOCACHE
ifneq ($(CONFIG_CCACHE),)
TARGET_CC:= ccache_cc
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] kernel: enable SRv6 support
vinc...@systemli.org [2020-12-02 12:25:58]: Hi, > diff --git a/target/linux/generic/config-5.4 b/target/linux/generic/config-5.4 > index 10d14f6be5..942777b41e 100644 > --- a/target/linux/generic/config-5.4 > +++ b/target/linux/generic/config-5.4 > @@ -2387,7 +2387,7 @@ CONFIG_IO_STRICT_DEVMEM=y > # CONFIG_IPC_NS is not set > # CONFIG_IPMB_DEVICE_INTERFACE is not set > # CONFIG_IPMI_HANDLER is not set > -# CONFIG_IPV6 is not set > +CONFIG_IPV6=y ipv6 is config option, now you've included it for everybody. Take a look at config/Config-kernel.in and KERNEL_IPV6 option. -- ynezz ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH 19.07 6/6] toolchain: kernel-headers: kernel Git tree mirror hash
Adrian Schmutzler [2020-12-02 15:55:18]: Hi, > > Allow setting of mirror hash for Git kernel tree. > > Not sure whether backporting this very patch is absolutely necessary, but it > shouldn't hurt either. it's not obvious, but it's needed with patch 5/6, otherwise you can't set mirror hash and thus can't check validity of the local source tarball. Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: odhcp6c RENEW timeout issue leads to OOM/OOPS [Was: Re: QEMU x86/64 ubus issues ... ]
Hans Dedecker [2020-12-01 21:12:30]: Hi, > Can you check if commit > https://git.openwrt.org/?p=project/odhcp6c.git;a=commit;h=a7b2221f687264c020b7a18a4e690d79f312a667 > fixes the issue in your setup ? yes, it seems so as it's currently almost 24h up without any issues. > While doing the test can you put odhcp6c into verbose mode (-v) and > take again a pcap trace on the wan ? http://ynezz.true.cz/openwrt/odhcp6c/capture-2020-12-02.pcap.gz http://ynezz.true.cz/openwrt/odhcp6c/syslog-2020-12-02.log.gz Thanks! Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: odhcp6c RENEW timeout issue leads to OOM/OOPS [Was: Re: QEMU x86/64 ubus issues ... ]
Hans Dedecker [2020-12-03 21:18:11]: Hi, > Looking into the new pcap capture I must admit I've never seen such a DHCPv6 > server with such weird behavior. it's OpenWrt so odhcpd. -- ynezz ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: odhcp6c RENEW timeout issue leads to OOM/OOPS [Was: Re: QEMU x86/64 ubus issues ... ]
Hans Dedecker [2020-12-04 13:55:27]: > Could you run odhcpd with loglevel 7 as I would like to understand > what triggers the numerous transmission of the Reconfigure messages http://ynezz.true.cz/openwrt/odhcp6c/syslog-2020-12-05.log.gz ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: odhcp6c RENEW timeout issue leads to OOM/OOPS [Was: Re: QEMU x86/64 ubus issues ... ]
Petr Štetiar [2020-12-02 21:25:12]:
Hi,
> > Can you check if commit
> > https://git.openwrt.org/?p=project/odhcp6c.git;a=commit;h=a7b2221f687264c020b7a18a4e690d79f312a667
> > fixes the issue in your setup ?
>
> yes, it seems so as it's currently almost 24h up without any issues.
I was testing on odhcp6c with the following commits:
odhcp6c: update to 2020-12-01 version
bcd86c748aeb script: handle possible issues with script termination
031c39471396 cmake: fix out of tree building with libubox library
a7b2221f6872 dhcpv6: avoid sending continuous renew/rebind messages
d7afa2b6d31a dhcpv6: add extra syslog info traces
f5728e40ff79 odhcp6c_find_entry: exclude priority from the list of fields
that must match
FYI I've just updated to latest master with your commit 13734075d256
("odhcp6c: update to git HEAD") and it seems like the issue is back.
http://ynezz.true.cz/openwrt/odhcp6c/syslog-2020-12-07.log.gz
-- ynezz
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] ustream-ssl: openssl: fix bio memory leak
Rosen Penev [2020-12-08 17:02:03]: Hi, > Is this needed? AFAIK, OpenSSL 1.1 frees everything automatically. LeakSanitizer: $ uclient-fetch-san -q -O /dev/null 'https://expired.badssl.com/' = ==1990==ERROR: LeakSanitizer: detected memory leaks Direct leak of 96 byte(s) in 1 object(s) allocated from: #0 0x49716d in malloc (uclient-fetch-san+0x49716d) #1 0x7f551cbabe58 in CRYPTO_zalloc (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x17ae58) Indirect leak of 8 byte(s) in 1 object(s) allocated from: #0 0x49716d in malloc (uclient-fetch-san+0x49716d) #1 0x7f551cbb51c5 in CRYPTO_strdup (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x1841c5) SUMMARY: AddressSanitizer: 104 byte(s) leaked in 2 allocation(s). [1] Valgrind: $ valgrind --quiet --leak-check=full uclient-fetch -q -O /dev/null 'https://expired.badssl.com/' ==1966== 104 (96 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 9 ==1966==at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1966==by 0x5FC4E58: CRYPTO_zalloc (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1) ==1966==by 0x5EF712F: BIO_meth_new (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1) ==1966==by 0x5C48039: ustream_bio_new (ustream-io-openssl.c:125) ==1966==by 0x5C48039: ustream_set_io (ustream-io-openssl.c:141) ==1966==by 0x5C47CB0: _ustream_ssl_init (ustream-ssl.c:210) ==1966==by 0x4E4117A: uclient_setup_https (uclient-http.c:914) ==1966==by 0x4E4117A: uclient_http_connect (uclient-http.c:936) ==1966==by 0x401FD9: init_request (uclient-fetch.c:333) ==1966==by 0x401E08: main (uclient-fetch.c:745) ==1966== -- ynezz ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH ustream] ustream-openssl: fix bio memory leak
Eneas U de Queiroz [2020-12-09 13:06:45]: Hi, > Using the patch by Pan Chen as inspiration, this avoids a memory leak by > using a global BIO_METHOD pointer that doesn't ordinarily need to be > freed. this sounds weird, how is global pointer avoiding memory leaks? :-) > CC: Pan Chen > > Signed-off-by: Eneas U de Queiroz > > --- > Run-tested with a WRT-3200ACM, running uclient_fetch and uhttpd. > I have not run it with valgrind or any other debugger. how do you otherwise verify the correctness? :-) FYI this is my work in progress[1]. 1. https://gitlab.com/ynezz/openwrt-ustream-ssl/-/commit/807ce1de752e021802a563783dfa580950746a0c Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH ustream] ustream-openssl: fix bio memory leak
Eneas U de Queiroz [2020-12-09 14:39:06]: Hi, > So the answer to your question is because you only allocate the table if > methods_ustream is NULL, and it will point to the created table then. I was referencing the missing freeing of allocated resources. > We could free it in s_ustream_free, but only to have to create it again > with the same data the next time ustream_bio_new is called. I wouldn't do > it, but if you'd rather, I can add it in a v2. Is this micro optimization worth it? You're adding global variable in the library, you're breaking API layer etc. I'm not supposed to study how is it implemented _now_, because it will likely change with the next release (either OpenSSL or wolfSSL) and it might be source of regressions. The API boundary is given so I'm just trying to use it as designed and as seen in the docs/examples/tests etc. And there is always new/free combo. > As for the WIP, you're perhaps doing too much work. I'm spending time on this mainly because of FS#3465, perhaps mbedTLS has similar issues[1]. In the end I would like to have uclient/ustream-ssl CI tested (all 3 SSL libs combinations), with static analyzers, various sanitizers and Valgrind. So I have to fix all the issues those tools expose. Maybe it's too much work, but given the constraints (no globals, follow API), it's currently simplest working solution, but not fully tested yet. BTW I'm not discouraging you from v2, I've rejected the v1 patch, because it doesn't fix the memory leak as advertised in the subject :-) Thanks! 1. https://patchwork.ozlabs.org/project/openwrt/patch/trinity-0c56705d-7e2c-482a-a0b5-a3230d3e75b2-1533383113431@3c-app-gmx-bs62/ Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Security Advisory 2020-11-XX-2 - libuci import heap use after free (CVE-2020-XXXX)
Security Advisory 2020-12-09-2 - libuci import heap use after free (CVE-2020-28951) DESCRIPTION Possibly exploitable vulnerability was found in Unified Config Interface (UCI) library named libuci, specifically in uci_import() C API function. CVE-2020-28951[1] has been assigned to this issue, you can find the latest version of this advisory on our wiki[2]. REQUIREMENTS In order to exploit this vulnerability a malicious attacker would need to provide specially crafted config file to uci_import() C API function. For example, this is possible with UCI CLI by following shell command: uci import -f malicious.config MITIGATIONS To fix this issue, update the affected libuci package using the command below. opkg update; opkg upgrade libuci The fix is contained in the following and later versions: - OpenWrt 19.07: 19.07.5 (https://git.openwrt.org/78c4c04dd7979a7f6d3cadeb1783b6c38d63b575) - OpenWrt 18.06: 18.06.9 (https://git.openwrt.org/5625f5bc36954d644cb80adf8de47854c65d91c3) - OpenWrt master: 2020-10-27 (https://git.openwrt.org/095cc2b7454addeaf25b05aff194f287783219ed) AFFECTED VERSIONS To our knowledge, OpenWrt versions 18.06.0 to 18.06.8 and versions 19.07.0 to 19.07.4 are affected. The fixed packages will be integrated in the upcoming OpenWrt 18.06.9 and OpenWrt 19.07.5 releases. Older versions of OpenWrt (e.g. OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more. CREDITS This issue was identified by Jeremy Galindo, fixed by Petr Štetiar and Hauke Mehrtens. REFERENCES 1. https://nvd.nist.gov/vuln/detail/CVE-2020-28951 2. https://openwrt.org/advisory/2020-12-09-2 signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] wolfssl: fix broken wolfSSL_X509_check_host
Backport upstream post 4.5.0 fix for broken wolfSSL_X509_check_host().
References: https://github.com/wolfSSL/wolfssl/issues/3329
Signed-off-by: Petr Štetiar
---
package/libs/wolfssl/Makefile | 2 +-
.../200-fix-checkhostname-matching.patch | 123 ++
2 files changed, 124 insertions(+), 1 deletion(-)
create mode 100644
package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index aeea1b7b7b91..6758f7dd08d6 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
PKG_VERSION:=4.5.0-stable
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
diff --git a/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch
b/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch
new file mode 100644
index ..aaf14e46d9c8
--- /dev/null
+++ b/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch
@@ -0,0 +1,123 @@
+From ea5c290d605b2af7b10d6e5ce69aa3534f52385f Mon Sep 17 00:00:00 2001
+From: Eric Blankenhorn
+Date: Fri, 17 Jul 2020 08:37:02 -0500
+Subject: [PATCH] Fix CheckHostName matching
+
+---
+ src/internal.c | 18 --
+ src/ssl.c | 5 +
+ tests/api.c| 30 ++
+ 3 files changed, 47 insertions(+), 6 deletions(-)
+
+diff --git a/src/internal.c b/src/internal.c
+index dc57df0242..cda815d875 100644
+--- a/src/internal.c
b/src/internal.c
+@@ -9346,7 +9346,7 @@ int CheckForAltNames(DecodedCert* dCert, const char*
domain, int* checkCN)
+ altName = dCert->altNames;
+
+ if (checkCN != NULL) {
+-*checkCN = altName == NULL;
++*checkCN = (altName == NULL) ? 1 : 0;
+ }
+
+ while (altName) {
+@@ -9415,23 +9415,29 @@ int CheckForAltNames(DecodedCert* dCert, const char*
domain, int* checkCN)
+ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t
domainNameLen)
+ {
+ int checkCN;
++int ret = DOMAIN_NAME_MISMATCH;
+
+ /* Assume name is NUL terminated. */
+ (void)domainNameLen;
+
+ if (CheckForAltNames(dCert, domainName, &checkCN) != 1) {
+-WOLFSSL_MSG("DomainName match on alt names failed too");
+-return DOMAIN_NAME_MISMATCH;
++WOLFSSL_MSG("DomainName match on alt names failed");
+ }
++else {
++ret = 0;
++}
++
+ if (checkCN == 1) {
+ if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
+-domainName) == 0) {
++domainName) == 1) {
++ret = 0;
++}
++else {
+ WOLFSSL_MSG("DomainName match on common name failed");
+-return DOMAIN_NAME_MISMATCH;
+ }
+ }
+
+-return 0;
++return ret;
+ }
+
+ int CheckIPAddr(DecodedCert* dCert, const char* ipasc)
+diff --git a/src/ssl.c b/src/ssl.c
+index 11bc08a3cb..59ad9bae60 100644
+--- a/src/ssl.c
b/src/ssl.c
+@@ -43661,6 +43661,11 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const
char *chk, size_t chklen,
+ (void)flags;
+ (void)peername;
+
++if ((x == NULL) || (chk == NULL)) {
++WOLFSSL_MSG("Invalid parameter");
++return WOLFSSL_FAILURE;
++}
++
+ if (flags == WOLFSSL_NO_WILDCARDS) {
+ WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented");
+ return WOLFSSL_FAILURE;
+diff --git a/tests/api.c b/tests/api.c
+index 774a332968..db888952d4 100644
+--- a/tests/api.c
b/tests/api.c
+@@ -23875,6 +23875,35 @@ static void test_wolfSSL_X509_issuer_name_hash(void)
+ #endif
+ }
+
++static void test_wolfSSL_X509_check_host(void)
++{
++#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
++&& !defined(NO_SHA) && !defined(NO_RSA)
++
++X509* x509;
++const char altName[] = "example.com";
++
++printf(testingFmt, "wolfSSL_X509_check_host()");
++
++AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
++SSL_FILETYPE_PEM));
++
++AssertIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
++WOLFSSL_SUCCESS);
++
++AssertIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
++WOLFSSL_FAILURE);
++
++X509_free(x509);
++
++AssertIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
++WOLFSSL_FAILURE);
++
++printf(resultFmt, passed);
++
++#endif
++}
++
+ static void test_wolfSSL_DES(void)
+ {
+ #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
+@@ -36407,6 +36436,7 @@ void ApiTest(void)
+ test_wolfSSL_X509_INFO();
+ test_wolfSSL_X509_subject_name_hash();
+ test_wolfSSL_X509_issuer_name_hash();
++
[PATCH ustream-ssl 02/12] cmake: fix linking when wolfSSL not in default paths
Fixes following issue when wolfSSL libs are installed in different
paths:
/usr/bin/ld: cannot find -lwolfssl
Signed-off-by: Petr Štetiar
---
CMakeLists.txt | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 315aeb87c80b..42c7f1fb00de 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -13,9 +13,10 @@ IF(MBEDTLS)
SET(SSL_LIB mbedtls mbedcrypto mbedx509 m)
ELSEIF(WOLFSSL)
ADD_DEFINITIONS(-DHAVE_WOLFSSL)
+ FIND_LIBRARY(wolfssl_library wolfssl)
SET(SSL_SRC ustream-io-wolfssl.c ustream-openssl.c)
- SET(SSL_LIB wolfssl m)
- SET(CMAKE_REQUIRED_LIBRARIES "-lwolfssl -lm")
+ SET(SSL_LIB ${wolfssl_library} m)
+ SET(CMAKE_REQUIRED_LIBRARIES "${wolfssl_library} -lm")
CHECK_SYMBOL_EXISTS (wolfSSL_SSLSetIORecv "wolfssl/ssl.h"
HAVE_WOLFSSL_SSLSETIORECV)
IF (NOT HAVE_WOLFSSL_SSLSETIORECV)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl 01/12] cmake: fix building out of the tree
When building out of the tree, linker is unable to find the ubox library
so fix it by using find_library CMake command.
Signed-off-by: Petr Štetiar
---
CMakeLists.txt | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 86e1b0788613..315aeb87c80b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,9 +34,10 @@ ENDIF()
FIND_PATH(ubox_include_dir libubox/ustream.h)
INCLUDE_DIRECTORIES(${ubox_include_dir})
+FIND_LIBRARY(ubox_library NAMES ubox)
ADD_LIBRARY(ustream-ssl SHARED ustream-ssl.c ${SSL_SRC})
-TARGET_LINK_LIBRARIES(ustream-ssl ubox ${SSL_LIB})
+TARGET_LINK_LIBRARIES(ustream-ssl ${ubox_library} ${SSL_LIB})
ADD_EXECUTABLE(ustream-example-server ustream-example-server.c)
TARGET_LINK_LIBRARIES(ustream-example-server ustream-ssl)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl 07/12] cmake: enable extra compiler checks
Let's enforce additional automatic checks enforced by the compiler in order to catch possible errors during compilation. Signed-off-by: Petr Štetiar --- CMakeLists.txt | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index bb2abe5af596..b883751f6e3e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,13 @@ cmake_minimum_required(VERSION 2.6) INCLUDE(CheckSymbolExists) PROJECT(ustream-ssl C) -ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3 -Wmissing-declarations) + +ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3) +IF(CMAKE_C_COMPILER_VERSION VERSION_GREATER 6) +ADD_DEFINITIONS(-Wextra -Werror=implicit-function-declaration) +ADD_DEFINITIONS(-Wformat -Werror=format-security -Werror=format-nonliteral) +ENDIF() +ADD_DEFINITIONS(-Wno-unused-parameter -Wmissing-declarations) SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl 03/12] cmake: fix linking when mbed TLS not in default paths
Fixes following issue when mbed TLS libs are installed in different
paths:
/usr/bin/ld: cannot find -lmbedtls
/usr/bin/ld: cannot find -lmbedcrypto
/usr/bin/ld: cannot find -lmbedx509
Signed-off-by: Petr Štetiar
---
CMakeLists.txt | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 42c7f1fb00de..bb2abe5af596 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -10,7 +10,10 @@ SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
IF(MBEDTLS)
ADD_DEFINITIONS(-DHAVE_MBEDTLS)
SET(SSL_SRC ustream-mbedtls.c)
- SET(SSL_LIB mbedtls mbedcrypto mbedx509 m)
+ FIND_LIBRARY(mbedtls_library mbedtls)
+ FIND_LIBRARY(mbedx509_library mbedx509)
+ FIND_LIBRARY(mbedcrypto_library mbedcrypto)
+ SET(SSL_LIB ${mbedtls_library} ${mbedx509_library} ${mbedcrypto_library} m)
ELSEIF(WOLFSSL)
ADD_DEFINITIONS(-DHAVE_WOLFSSL)
FIND_LIBRARY(wolfssl_library wolfssl)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl 04/12] ustream-openssl: fix wolfSSL includes
Fixes following compilation errors: ustream-io-wolfssl.c:74:2: error: implicit declaration of function 'wolfSSL_SetIORecv' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ustream-io-wolfssl.c:75:2: error: implicit declaration of function 'wolfSSL_SetIOSend' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ustream-io-wolfssl.c:79:2: error: implicit declaration of function 'wolfSSL_SetIOReadCtx' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ustream-io-wolfssl.c:80:2: error: implicit declaration of function 'wolfSSL_SetIOWriteCtx' is invalid in C99 [-Werror,-Wimplicit-function-declaration] Signed-off-by: Petr Štetiar --- ustream-openssl.c | 3 +++ ustream-openssl.h | 6 -- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ustream-openssl.c b/ustream-openssl.c index f8e848d69fb3..dec2b9f7816d 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -20,7 +20,10 @@ #include #include "ustream-ssl.h" #include "ustream-internal.h" + +#if !defined(HAVE_WOLFSSL) #include +#endif /* Ciphersuite preference: * - for server, no weak ciphers are used if you use an ECDSA key. diff --git a/ustream-openssl.h b/ustream-openssl.h index 0a6ca91023d0..9663d21ffd70 100644 --- a/ustream-openssl.h +++ b/ustream-openssl.h @@ -21,10 +21,12 @@ #if defined(HAVE_WOLFSSL) #include -#endif - +#include +#else #include #include +#endif + #include void __ustream_ssl_session_free(void *ssl); ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl 00/12] fixes, improvements and CI
Hi, this series should fix several issues related to certificate verification in mbedTLS and wolfSSL like for example FS#3465. You can find the packages ready for testing in my staging tree: https://git.openwrt.org/?p=openwrt/staging/ynezz.git;a=shortlog;h=refs/heads/staging Cheers, Petr Petr Štetiar (12): cmake: fix building out of the tree cmake: fix linking when wolfSSL not in default paths cmake: fix linking when mbed TLS not in default paths ustream-openssl: fix wolfSSL includes ustream-openssl: fix BIO_method memory leak ustream-mbedtls: fix comparison of integers of different signs cmake: enable extra compiler checks ustream-openssl: wolfSSL: fix certificate validation ustream-mbedtls: implement set_require_validation ustream-mbedtls: fix certificate verification wolfssl: remove now deprecated compatibility code Add initial GitLab CI support .gitlab-ci.yml | 6 CMakeLists.txt | 34 +- ustream-internal.h | 1 + ustream-io-openssl.c | 47 + ustream-io-wolfssl.c | 7 ustream-mbedtls.c| 20 +-- ustream-openssl.c| 83 ustream-openssl.h| 11 -- ustream-ssl.c| 4 +-- ustream-ssl.h| 19 +- 10 files changed, 168 insertions(+), 64 deletions(-) create mode 100644 .gitlab-ci.yml ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl 09/12] ustream-mbedtls: implement set_require_validation
In commit "ustream-openssl: wolfSSL: fix certificate validation" we've
added new set_require_validation() function so implement it for mbed TLS
as well.
Signed-off-by: Petr Štetiar
---
ustream-mbedtls.c | 12
1 file changed, 12 insertions(+)
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 3424743c6452..1bea9832617f 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -290,6 +290,18 @@ __hidden int __ustream_ssl_set_ciphers(struct
ustream_ssl_ctx *ctx, const char *
return 0;
}
+__hidden int __ustream_ssl_set_require_validation(struct ustream_ssl_ctx *ctx,
bool require)
+{
+ int mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
+
+ if (!require)
+ mode = MBEDTLS_SSL_VERIFY_NONE;
+
+ mbedtls_ssl_conf_authmode(&ctx->conf, mode);
+
+ return 0;
+}
+
__hidden void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx)
{
#if defined(MBEDTLS_SSL_CACHE_C)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl 06/12] ustream-mbedtls: fix comparison of integers of different signs
Fixes following compiler extra warning:
ustream-mbedtls.c:40:11: error: comparison of integers of different signs:
'int' and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
if (slen > len)
^ ~~~
Signed-off-by: Petr Štetiar
---
ustream-mbedtls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 9f73c5836034..3424743c6452 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -37,7 +37,7 @@ static int s_ustream_read(void *ctx, unsigned char *buf,
size_t len)
return 0;
sbuf = ustream_get_read_buf(s, &slen);
- if (slen > len)
+ if ((size_t) slen > len)
slen = len;
if (!slen)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl 10/12] ustream-mbedtls: fix certificate verification
Fixes certificate verification if no CA certificates are available, it's
visible when you run:
$ uclient-fetch https://www.openwrt.org
(so no explicit certificate is given) and have *not* installed
`ca-certificates` or `ca-bundle` package, mbed TLS obviously can't do
verification since no root certificates are available. But then it
simply ignores the issue and continues SSL handshake without warning.
Further, if you run it like:
$ uclient-fetch --ca-certificate=/dev/null https://www.openwrt.org
ustream-mbedtls also does not do verification at all (gives no warning
either).
References:
https://lists.infradead.org/pipermail/openwrt-devel/2018-August/019183.html
Suggested-by: Paul Wassi
Signed-off-by: Petr Štetiar
---
ustream-mbedtls.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 1bea9832617f..e79e37ba5051 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -159,15 +159,17 @@ __ustream_ssl_context_new(bool server)
mbedtls_ssl_config_defaults(conf, ep, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT);
- mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_NONE);
mbedtls_ssl_conf_rng(conf, _urandom, NULL);
if (server) {
+ mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_NONE);
mbedtls_ssl_conf_ciphersuites(conf,
default_ciphersuites_server);
mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3);
- } else
+ } else {
+ mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
mbedtls_ssl_conf_ciphersuites(conf,
default_ciphersuites_client);
+ }
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_conf_session_cache(conf, &ctx->cache,
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl 12/12] Add initial GitLab CI support
Uses currently proof-of-concept openwrt-ci[1] in order to: * improve the quality of the codebase in various areas * decrease code review time and help merging contributions faster * get automagic feedback loop on various platforms and tools - out of tree build with OpenWrt SDK on following targets: * ath79-generic * imx6-generic * malta-be * mvebu-cortexa53 - out of tree native build on x86/64 with GCC (versions 8, 9, 10) and Clang 10 - out of tree native x86/64 static code analysis with cppcheck and scan-build from Clang 10 1. https://gitlab.com/ynezz/openwrt-ci/ Signed-off-by: Petr Štetiar --- .gitlab-ci.yml | 6 ++ 1 file changed, 6 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index ..aae5e9297edf --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,6 @@ +variables: + CI_TARGET_BUILD_DEPENDS: libubox openssl + +include: + - remote: https://gitlab.com/ynezz/openwrt-ci/raw/master/openwrt-ci/gitlab/main.yml + - remote: https://gitlab.com/ynezz/openwrt-ci/raw/master/openwrt-ci/gitlab/pipeline.yml ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl 05/12] ustream-openssl: fix BIO_method memory leak
Fixes following issues as reported by clang-12 LeakSanitizer:
$ uclient-fetch-san -q -O /dev/null 'https://expired.badssl.com/'
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x49716d in malloc (uclient-fetch-san+0x49716d)
#1 0x7f551cbabe58 in CRYPTO_zalloc
(/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x17ae58)
Indirect leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x49716d in malloc (uclient-fetch-san+0x49716d)
#1 0x7f551cbb51c5 in CRYPTO_strdup
(/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x1841c5)
SUMMARY: AddressSanitizer: 104 byte(s) leaked in 2 allocation(s).
and Valgrind:
$ valgrind --quiet --leak-check=full uclient-fetch -q -O /dev/null
'https://expired.badssl.com/'
==1966== 104 (96 direct, 8 indirect) bytes in 1 blocks are definitely lost in
loss record 4 of 9
==1966==at 0x4C31B0F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1966==by 0x5FC4E58: CRYPTO_zalloc (in
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==1966==by 0x5EF712F: BIO_meth_new (in
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==1966==by 0x5C48039: ustream_bio_new (ustream-io-openssl.c:125)
==1966==by 0x5C48039: ustream_set_io (ustream-io-openssl.c:141)
==1966==by 0x5C47CB0: _ustream_ssl_init (ustream-ssl.c:210)
==1966==by 0x4E4117A: uclient_setup_https (uclient-http.c:914)
==1966==by 0x4E4117A: uclient_http_connect (uclient-http.c:936)
==1966==by 0x401FD9: init_request (uclient-fetch.c:333)
==1966==by 0x401E08: main (uclient-fetch.c:745)
Suggested-by: Pan Chen
Signed-off-by: Petr Štetiar
---
ustream-io-openssl.c | 47 ++--
ustream-openssl.c| 7 +++
ustream-openssl.h| 5 +
3 files changed, 36 insertions(+), 23 deletions(-)
diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c
index 606ed4a36f40..7045bb660a36 100644
--- a/ustream-io-openssl.c
+++ b/ustream-io-openssl.c
@@ -48,18 +48,18 @@ s_ustream_free(BIO *b)
static int
s_ustream_read(BIO *b, char *buf, int len)
{
- struct ustream *s;
+ struct bio_ctx *ctx;
char *sbuf;
int slen;
if (!buf || len <= 0)
return 0;
- s = (struct ustream *)BIO_get_data(b);
- if (!s)
+ ctx = (struct bio_ctx *)BIO_get_data(b);
+ if (!ctx || !ctx->stream)
return 0;
- sbuf = ustream_get_read_buf(s, &slen);
+ sbuf = ustream_get_read_buf(ctx->stream, &slen);
BIO_clear_retry_flags(b);
if (!slen) {
@@ -71,7 +71,7 @@ s_ustream_read(BIO *b, char *buf, int len)
slen = len;
memcpy(buf, sbuf, slen);
- ustream_consume(s, slen);
+ ustream_consume(ctx->stream, slen);
return slen;
}
@@ -79,19 +79,19 @@ s_ustream_read(BIO *b, char *buf, int len)
static int
s_ustream_write(BIO *b, const char *buf, int len)
{
- struct ustream *s;
+ struct bio_ctx *ctx;
if (!buf || len <= 0)
return 0;
- s = (struct ustream *)BIO_get_data(b);
- if (!s)
+ ctx = (struct bio_ctx *)BIO_get_data(b);
+ if (!ctx || !ctx->stream)
return 0;
- if (s->write_error)
+ if (ctx->stream->write_error)
return len;
- return ustream_write(s, buf, len, false);
+ return ustream_write(ctx->stream, buf, len, false);
}
static int
@@ -119,19 +119,20 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num,
void *ptr)
static BIO *ustream_bio_new(struct ustream *s)
{
BIO *bio;
-
- BIO_METHOD *methods_ustream;
-
- methods_ustream = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream");
- BIO_meth_set_write(methods_ustream, s_ustream_write);
- BIO_meth_set_read(methods_ustream, s_ustream_read);
- BIO_meth_set_puts(methods_ustream, s_ustream_puts);
- BIO_meth_set_gets(methods_ustream, s_ustream_gets);
- BIO_meth_set_ctrl(methods_ustream, s_ustream_ctrl);
- BIO_meth_set_create(methods_ustream, s_ustream_new);
- BIO_meth_set_destroy(methods_ustream, s_ustream_free);
- bio = BIO_new(methods_ustream);
- BIO_set_data(bio, s);
+ struct bio_ctx *ctx = calloc(1, sizeof(struct bio_ctx));
+
+ ctx->stream = s;
+ ctx->meth = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream");
+
+ BIO_meth_set_write(ctx->meth, s_ustream_write);
+ BIO_meth_set_read(ctx->meth, s_ustream_read);
+ BIO_meth_set_puts(ctx->meth, s_ustream_puts);
+ BIO_meth_set_gets(ctx->meth, s_ustream_gets);
+ BIO_meth_set_ctrl(ctx->meth, s_ustream_ctrl);
+ BIO_meth_set_create(ctx->meth, s_ustream_new);
+ BIO_meth_set_destroy(ctx->meth, s_ustream_free);
+ bio = BIO_new(ctx->meth);
+ BIO_set_data(bio, ctx);
return bio;
}
diff --git a/ustream-openssl.c
[PATCH ustream-ssl 11/12] wolfssl: remove now deprecated compatibility code
Mainly that NO_X509_CHECK_HOST is causing certificate validation issues
in some setups:
root@OpenWrt:/# wget https://www.google.com
Downloading 'https://www.google.com'
Connecting to 172.217.23.196:443
Connection error: Server hostname does not match SSL certificate
but instead of spending time on fixing it, I've simply decided to remove
it as we're now on wolfSSL 4.5.0 and those symbols should be avaialable
so no symbol detection and handling should be needed anymore.
Signed-off-by: Petr Štetiar
---
CMakeLists.txt | 13 -
ustream-io-wolfssl.c | 7 ---
ustream-ssl.c| 3 ---
3 files changed, 23 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index b883751f6e3e..c98b12ac8d99 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,7 +1,5 @@
cmake_minimum_required(VERSION 2.6)
-INCLUDE(CheckSymbolExists)
-
PROJECT(ustream-ssl C)
ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3)
@@ -26,17 +24,6 @@ ELSEIF(WOLFSSL)
SET(SSL_SRC ustream-io-wolfssl.c ustream-openssl.c)
SET(SSL_LIB ${wolfssl_library} m)
SET(CMAKE_REQUIRED_LIBRARIES "${wolfssl_library} -lm")
- CHECK_SYMBOL_EXISTS (wolfSSL_SSLSetIORecv "wolfssl/ssl.h"
- HAVE_WOLFSSL_SSLSETIORECV)
- IF (NOT HAVE_WOLFSSL_SSLSETIORECV)
-ADD_DEFINITIONS(-DNO_WOLFSSL_SSLSETIO_SEND_RECV)
- ENDIF()
- CHECK_SYMBOL_EXISTS (wolfSSL_X509_check_host
- "wolfssl/options.h;wolfssl/ssl.h"
- HAVE_WOLFSSL_X509_CHECK_HOST)
- IF (NOT HAVE_WOLFSSL_X509_CHECK_HOST)
-ADD_DEFINITIONS(-DNO_X509_CHECK_HOST)
- ENDIF()
ELSE()
SET(SSL_SRC ustream-io-openssl.c ustream-openssl.c)
SET(SSL_LIB crypto ssl)
diff --git a/ustream-io-wolfssl.c b/ustream-io-wolfssl.c
index db69499a8e4b..4ff85d34e333 100644
--- a/ustream-io-wolfssl.c
+++ b/ustream-io-wolfssl.c
@@ -67,15 +67,8 @@ static int io_send_cb(SSL* ssl, char *buf, int sz, void *ctx)
__hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct
ustream *conn)
{
-#ifndef NO_WOLFSSL_SSLSETIO_SEND_RECV
wolfSSL_SSLSetIORecv(ssl, io_recv_cb);
wolfSSL_SSLSetIOSend(ssl, io_send_cb);
-#else
- wolfSSL_SetIORecv((void *) ctx, io_recv_cb);
- wolfSSL_SetIOSend((void *) ctx, io_send_cb);
- if (ssl == NULL)
- return;
-#endif
wolfSSL_SetIOReadCtx(ssl, conn);
wolfSSL_SetIOWriteCtx(ssl, conn);
}
diff --git a/ustream-ssl.c b/ustream-ssl.c
index 46ac5523d999..cd69f9e97449 100644
--- a/ustream-ssl.c
+++ b/ustream-ssl.c
@@ -199,9 +199,6 @@ static int _ustream_ssl_init(struct ustream_ssl *us, struct
ustream *conn, struc
us->conn = conn;
us->ctx = ctx;
-#if defined(HAVE_WOLFSSL) && defined(NO_WOLFSSL_SSLSETIO_SEND_RECV)
- ustream_set_io(ctx, NULL, conn);
-#endif
us->ssl = __ustream_ssl_session_new(us->ctx);
if (!us->ssl)
return -ENOMEM;
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl 08/12] ustream-openssl: wolfSSL: fix certificate validation
Currently wolfSSL doesn't validate any certificates, quoting from
README:
wolfSSL takes a different approach to certificate verification than
OpenSSL does. The default policy for the client is to verify the server,
this means that if you don't load CAs to verify the server you'll get a
connect error, no signer error to confirm failure (-188).
If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
verifying the server fails and reducing security you can do this by calling:
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling wolfSSL_new();. Though it's not recommended.
wolfSSL simply behaves differently then OpenSSL so once you set
SSL_VERIFY_NONE wolfSSL doesn't care about the certificates anymore so
every call to SSL_get_verify_result() is going to succeed (returns
X509_V_OK) even for invalid certificates and current OpenSSL based post
connection verification logic thus doesn't work.
So in order to get the validation working we need to use SSL_VERIFY_PEER
for wolfSSL by default and allow disabling it explicitly by new
`context_set_require_validation()` call. In order to keep the same error
handling/messages via `notify_verify_error()` callback we as well need
to handle certificate errors manually.
Fixes: FS#3465
Signed-off-by: Petr Štetiar
---
ustream-internal.h | 1 +
ustream-openssl.c | 73 ++
ustream-ssl.c | 1 +
ustream-ssl.h | 19 +++-
4 files changed, 86 insertions(+), 8 deletions(-)
diff --git a/ustream-internal.h b/ustream-internal.h
index 147141ab5f05..e80abf827515 100644
--- a/ustream-internal.h
+++ b/ustream-internal.h
@@ -39,6 +39,7 @@ int __ustream_ssl_add_ca_crt_file(struct ustream_ssl_ctx
*ctx, const char *file)
int __ustream_ssl_set_crt_file(struct ustream_ssl_ctx *ctx, const char *file);
int __ustream_ssl_set_key_file(struct ustream_ssl_ctx *ctx, const char *file);
int __ustream_ssl_set_ciphers(struct ustream_ssl_ctx *ctx, const char
*ciphers);
+int __ustream_ssl_set_require_validation(struct ustream_ssl_ctx *ctx, bool
require);
void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx);
enum ssl_conn_status __ustream_ssl_connect(struct ustream_ssl *us);
int __ustream_ssl_read(struct ustream_ssl *us, char *buf, int len);
diff --git a/ustream-openssl.c b/ustream-openssl.c
index ad77e721534c..9b4ac6c80894 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -130,7 +130,15 @@ __ustream_ssl_context_new(bool server)
if (!c)
return NULL;
+#if defined(HAVE_WOLFSSL)
+ if (server)
+ SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
+ else
+ SSL_CTX_set_verify(c, SSL_VERIFY_PEER, NULL);
+#else
SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
+#endif
+
SSL_CTX_set_options(c, SSL_OP_NO_COMPRESSION | SSL_OP_SINGLE_ECDH_USE |
SSL_OP_CIPHER_SERVER_PREFERENCE);
#if defined(SSL_CTX_set_ecdh_auto) && OPENSSL_VERSION_NUMBER < 0x1010L
@@ -203,6 +211,18 @@ __hidden int __ustream_ssl_set_ciphers(struct
ustream_ssl_ctx *ctx, const char *
return 0;
}
+__hidden int __ustream_ssl_set_require_validation(struct ustream_ssl_ctx *ctx,
bool require)
+{
+ int mode = SSL_VERIFY_PEER;
+
+ if (!require)
+ mode = SSL_VERIFY_NONE;
+
+ SSL_CTX_set_verify((void *) ctx, mode, NULL);
+
+ return 0;
+}
+
__hidden void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx)
{
SSL_CTX_free((void *) ctx);
@@ -270,6 +290,54 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
X509_free(cert);
}
+#ifdef WOLFSSL_SSL_H
+static bool handle_wolfssl_asn_error(struct ustream_ssl *us, int r)
+{
+ switch (r) {
+ case ASN_PARSE_E:
+ case ASN_VERSION_E:
+ case ASN_GETINT_E:
+ case ASN_RSA_KEY_E:
+ case ASN_OBJECT_ID_E:
+ case ASN_TAG_NULL_E:
+ case ASN_EXPECT_0_E:
+ case ASN_BITSTR_E:
+ case ASN_UNKNOWN_OID_E:
+ case ASN_DATE_SZ_E:
+ case ASN_BEFORE_DATE_E:
+ case ASN_AFTER_DATE_E:
+ case ASN_SIG_OID_E:
+ case ASN_TIME_E:
+ case ASN_INPUT_E:
+ case ASN_SIG_CONFIRM_E:
+ case ASN_SIG_HASH_E:
+ case ASN_SIG_KEY_E:
+ case ASN_DH_KEY_E:
+ case ASN_NTRU_KEY_E:
+ case ASN_CRIT_EXT_E:
+ case ASN_ALT_NAME_E:
+ case ASN_NO_PEM_HEADER:
+ case ASN_ECC_KEY_E:
+ case ASN_NO_SIGNER_E:
+ case ASN_CRL_CONFIRM_E:
+ case ASN_CRL_NO_SIGNER_E:
+ case ASN_OCSP_CONFIRM_E:
+ case ASN_NAME_INVALID_E:
+ case ASN_NO_SKID:
+ case ASN_NO_AKID:
+ case ASN_NO_KEYUSAGE:
+ case ASN_COUNTRY_SIZE_E:
+ case ASN_PATHLEN_SIZE_E:
+ case ASN_PATHLEN_INV_E:
+ case ASN_SELF_SIGNED_E:
+ if (us->notify_verify_error)
+ us->notify_verify_error(us, r, wc_
[PATCH uclient 04/12] uclient-http: fix freeing of stack allocated memory
Fixes following issue reported by clang-12 static analyzer:
uclient-http.c:568:2: warning: Memory allocated by alloca() should not be
deallocated [unix.Malloc]
free(buf_orig);
^~
Signed-off-by: Petr Štetiar
---
uclient-http.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/uclient-http.c b/uclient-http.c
index 279669620ebe..7eb469221d7f 100644
--- a/uclient-http.c
+++ b/uclient-http.c
@@ -441,7 +441,7 @@ uclient_http_add_auth_digest(struct uclient_http *uh)
struct uclient_url *url = uh->uc.url;
const char *realm = NULL, *opaque = NULL;
const char *user, *password;
- char *buf, *next, *buf_orig;
+ char *buf, *next;
int len, ofs;
int err = 0;
@@ -471,7 +471,7 @@ uclient_http_add_auth_digest(struct uclient_http *uh)
strcpy(buf, uh->auth_str);
/* skip auth type */
- buf_orig = strsep(&buf, " ");
+ strsep(&buf, " ");
next = buf;
while (*next) {
@@ -507,7 +507,7 @@ uclient_http_add_auth_digest(struct uclient_http *uh)
if (!realm || !data.qop || !data.nonce) {
err = -EINVAL;
- goto fail_buf;
+ goto fail;
}
sprintf(nc_str, "%08x", uh->nc++);
@@ -524,13 +524,13 @@ uclient_http_add_auth_digest(struct uclient_http *uh)
len = password - url->auth;
if (len > 256) {
err = -EINVAL;
- goto fail_buf;
+ goto fail;
}
user_buf = alloca(len + 1);
if (!user_buf) {
err = -ENOMEM;
- goto fail_buf;
+ goto fail;
}
strncpy(user_buf, url->auth, len);
@@ -564,8 +564,6 @@ uclient_http_add_auth_digest(struct uclient_http *uh)
return 0;
-fail_buf:
- free(buf_orig);
fail:
return err;
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH uclient 01/12] cmake: fix building out of the tree
When building out of the tree, linker is unable to find the ubox library
so fix it by using find_library CMake command.
Signed-off-by: Petr Štetiar
---
CMakeLists.txt | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 072afef92479..841bc0f8f17c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -10,8 +10,14 @@ SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
FIND_PATH(ubox_include_dir libubox/ustream-ssl.h)
INCLUDE_DIRECTORIES(${ubox_include_dir})
+IF(BUILD_STATIC)
+ FIND_LIBRARY(ubox_library NAMES ubox.a)
+ELSE(BUILD_STATIC)
+ FIND_LIBRARY(ubox_library NAMES ubox)
+ENDIF(BUILD_STATIC)
+
ADD_LIBRARY(uclient SHARED uclient.c uclient-http.c uclient-utils.c)
-TARGET_LINK_LIBRARIES(uclient ubox dl)
+TARGET_LINK_LIBRARIES(uclient ${ubox_library} dl)
ADD_EXECUTABLE(uclient-fetch uclient-fetch.c progress.c)
TARGET_LINK_LIBRARIES(uclient-fetch uclient)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH uclient 00/12] fixes, improvements and CI
Hi, this series should fix certificate verification in mbedTLS and wolfSSL like for example FS#3465, few issues spotted by Valgrind and clang-12 static code analyzer and adds basic cram based unit tests which should be executed on GitLab CI. You can find the packages ready for testing in my staging tree: https://git.openwrt.org/?p=openwrt/staging/ynezz.git;a=shortlog;h=refs/heads/staging Please note, that you need to update ustream-ssl I've sent in the previous series as well and you might need also other wolfSSL updates by Eneas found in that staging tree as well. Cheers, Petr Petr Štetiar (12): cmake: fix building out of the tree Add basic cram based unit tests Fix extra compiler warnings uclient-http: fix freeing of stack allocated memory uclient-fetch: fix statement may fallt hrough uclient: fix initialized but never read variable uclient-fetch: fix potential memory leaks uclient-http: fix extra compiler warnings on mips_24kc and cortex-a9+neon cmake: enable extra compiler checks uclient-fetch: init_ca_cert: fix memory leak uclient-fetch: wolfSSL: fix certificate validation Add initial GitLab CI support .gitlab-ci.yml | 7 +++ CMakeLists.txt | 39 +-- tests/CMakeLists.txt| 1 + tests/cram/CMakeLists.txt | 38 ++ tests/cram/server/lorem | 64 +++ tests/cram/test-san_uclient-fetch.t | 78 + tests/cram/test_uclient-fetch.t | 77 uclient-fetch.c | 38 +++--- uclient-http.c | 26 +- uclient.c | 4 +- 10 files changed, 336 insertions(+), 36 deletions(-) create mode 100644 .gitlab-ci.yml create mode 100644 tests/CMakeLists.txt create mode 100644 tests/cram/CMakeLists.txt create mode 100644 tests/cram/server/lorem create mode 100644 tests/cram/test-san_uclient-fetch.t create mode 100644 tests/cram/test_uclient-fetch.t ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH uclient 07/12] uclient-fetch: fix potential memory leaks
Fixes following issue reported by clang-12 static analyzer: uclient-fetch.c:612:25: warning: Potential leak of memory pointed to by 'username' [unix.Malloc] memset(optarg, '*', strlen(optarg)); ^~ uclient-fetch.c:618:25: warning: Potential leak of memory pointed to by 'password' [unix.Malloc] memset(optarg, '*', strlen(optarg)); ^~~~~~ Signed-off-by: Petr Štetiar --- uclient-fetch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/uclient-fetch.c b/uclient-fetch.c index 0c7a1232f256..1c66ac6d33ae 100644 --- a/uclient-fetch.c +++ b/uclient-fetch.c @@ -608,13 +608,13 @@ int main(int argc, char **argv) case L_USER: if (!strlen(optarg)) break; - username = strdup(optarg); + username = strdupa(optarg); memset(optarg, '*', strlen(optarg)); break; case L_PASSWORD: if (!strlen(optarg)) break; - password = strdup(optarg); + password = strdupa(optarg); memset(optarg, '*', strlen(optarg)); break; case L_USER_AGENT: ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH uclient 06/12] uclient: fix initialized but never read variable
Fixes following issue reported by clang-12 static analyzer:
uclient.c:290:22: warning: Value stored to 'url' during its initialization is
never read [deadcode.DeadStores]
struct uclient_url *url = cl->url;
^~~ ~~~
Signed-off-by: Petr Štetiar
---
uclient.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/uclient.c b/uclient.c
index 95e4585a61cf..a372d4a9dcbf 100644
--- a/uclient.c
+++ b/uclient.c
@@ -287,7 +287,7 @@ int uclient_set_proxy_url(struct uclient *cl, const char
*url_str, const char *a
int uclient_set_url(struct uclient *cl, const char *url_str, const char
*auth_str)
{
const struct uclient_backend *backend = cl->backend;
- struct uclient_url *url = cl->url;
+ struct uclient_url *url;
url = uclient_get_url(url_str, auth_str);
if (!url)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH uclient 05/12] uclient-fetch: fix statement may fallt hrough
Fixes following issue reported by clang-12 static analyzer: uclient-fetch.c:228:6: error: this statement may fall through [-Werror=implicit-fallthrough=] if (sscanf(blobmsg_get_string(tb[H_RANGE]), ^ uclient-fetch.c:236:2: note: here case 204: ^~~~ Signed-off-by: Petr Štetiar --- uclient-fetch.c | 1 + 1 file changed, 1 insertion(+) diff --git a/uclient-fetch.c b/uclient-fetch.c index 5f7ac6200bb8..0c7a1232f256 100644 --- a/uclient-fetch.c +++ b/uclient-fetch.c @@ -233,6 +233,7 @@ static void header_done_cb(struct uclient *cl) error_ret = 8; break; } + /* fall through */ case 204: case 200: if (no_output) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH uclient 08/12] uclient-http: fix extra compiler warnings on mips_24kc and cortex-a9+neon
Fixes following warnings as reported on 32-bit platforms
toolchain-mips_24kc_gcc-8.4.0_musl and
toolchain-arm_cortex-a9+neon_gcc-8.4.0_musl_eabi:
uclient-http.c::10: error: comparison of integer expressions of different
signedness: 'unsigned int' and 'int' [-Werror=sign-compare]
if (len > data_end - data)
^
uclient-http.c:1115:11: error: comparison of integer expressions of different
signedness: 'unsigned int' and 'long int' [-Werror=sign-compare]
if (len > uh->read_chunked)
^
uclient-http.c:1120:11: error: comparison of integer expressions of different
signedness: 'unsigned int' and 'long int' [-Werror=sign-compare]
if (len > uh->content_length)
^
References: https://gitlab.com/ynezz/openwrt-uclient/-/pipelines/226912126
Signed-off-by: Petr Štetiar
---
uclient-http.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/uclient-http.c b/uclient-http.c
index 7eb469221d7f..349e69cdd4ae 100644
--- a/uclient-http.c
+++ b/uclient-http.c
@@ -1108,16 +1108,17 @@ uclient_http_read(struct uclient *cl, char *buf,
unsigned int len)
}
}
- if (len > data_end - data)
- len = data_end - data;
+ unsigned int diff = data_end - data;
+ if (len > diff)
+ len = diff;
if (uh->read_chunked >= 0) {
- if (len > uh->read_chunked)
+ if (len > (unsigned long) uh->read_chunked)
len = uh->read_chunked;
uh->read_chunked -= len;
} else if (uh->content_length >= 0) {
- if (len > uh->content_length)
+ if (len > (unsigned long) uh->content_length)
len = uh->content_length;
uh->content_length -= len;
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH uclient 03/12] Fix extra compiler warnings
Fixes following -Wextra compiler warnings:
uclient.c:195:16: error: comparison of integers of different signs: 'int' and
'unsigned long' [-Werror,-Wsign-compare]
for (i = 0; i < ARRAY_SIZE(backends); i++) {
~ ^
uclient-http.c:619:2: error: comparison of integers of different signs:
'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
blobmsg_for_each_attr(cur, uh->headers.head, rem)
^
uclient-http.c:619:2: error: comparison of integers of different signs: 'int'
and 'unsigned long' [-Werror,-Wsign-compare]
blobmsg_for_each_attr(cur, uh->headers.head, rem)
^
uclient-http.c:993:16: error: comparison of integers of different signs: 'int'
and 'unsigned long' [-Werror,-Wsign-compare]
for (i = 0; i < ARRAY_SIZE(request_types); i++) {
~ ^ ~
uclient.c:195:16: error: comparison of integers of different signs: 'int' and
'unsigned long' [-Werror,-Wsign-compare]
for (i = 0; i < ARRAY_SIZE(backends); i++) {
~ ^
uclient-http.c:619:2: error: comparison of integers of different signs:
'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
blobmsg_for_each_attr(cur, uh->headers.head, rem)
^
uclient-http.c:619:2: error: comparison of integers of different signs: 'int'
and 'unsigned long' [-Werror,-Wsign-compare]
blobmsg_for_each_attr(cur, uh->headers.head, rem)
^
uclient-http.c:993:16: error: comparison of integers of different signs: 'int'
and 'unsigned long' [-Werror,-Wsign-compare]
for (i = 0; i < ARRAY_SIZE(request_types); i++) {
~ ^ ~
uclient-fetch.c:551:67: error: missing field 'flag' initializer
[-Werror,-Wmissing-field-initializers]
[L_NO_CHECK_CERTIFICATE] = { "no-check-certificate", no_argument },
Signed-off-by: Petr Štetiar
---
uclient-fetch.c | 30 +++---
uclient-http.c | 5 +++--
uclient.c | 2 +-
3 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/uclient-fetch.c b/uclient-fetch.c
index 061f0fd4f808..5f7ac6200bb8 100644
--- a/uclient-fetch.c
+++ b/uclient-fetch.c
@@ -497,7 +497,7 @@ static int usage(const char *progname)
static void init_ca_cert(void)
{
glob_t gl;
- int i;
+ unsigned int i;
glob("/etc/ssl/certs/*.crt", 0, NULL, &gl);
for (i = 0; i < gl.gl_pathc; i++)
@@ -548,20 +548,20 @@ enum {
};
static const struct option longopts[] = {
- [L_NO_CHECK_CERTIFICATE] = { "no-check-certificate", no_argument },
- [L_CA_CERTIFICATE] = { "ca-certificate", required_argument },
- [L_CIPHERS] = { "ciphers", required_argument },
- [L_USER] = { "user", required_argument },
- [L_PASSWORD] = { "password", required_argument },
- [L_USER_AGENT] = { "user-agent", required_argument },
- [L_POST_DATA] = { "post-data", required_argument },
- [L_POST_FILE] = { "post-file", required_argument },
- [L_SPIDER] = { "spider", no_argument },
- [L_TIMEOUT] = { "timeout", required_argument },
- [L_CONTINUE] = { "continue", no_argument },
- [L_PROXY] = { "proxy", required_argument },
- [L_NO_PROXY] = { "no-proxy", no_argument },
- [L_QUIET] = { "quiet", no_argument },
+ [L_NO_CHECK_CERTIFICATE] = { "no-check-certificate", no_argument, NULL,
0 },
+ [L_CA_CERTIFICATE] = { "ca-certificate", required_argument, NULL, 0 },
+ [L_CIPHERS] = { "ciphers", required_argument, NULL, 0 },
+ [L_USER] = { "user", required_argument, NULL, 0 },
+ [L_PASSWORD] = { "password", required_argument, NULL, 0 },
+ [L_USER_AGENT] = { "user-agent", required_argument, NULL, 0 },
+ [L_POST_DATA] = { "post-data", required_argument, NULL, 0 },
+ [L_POST_FILE] = { "post-file", required_argument, NULL, 0 },
+ [L_SPIDER] = { "spider", no_argument, NULL, 0 },
+ [L_TIMEOUT] = { "timeout", required_argument, NULL, 0 },
+ [L_CONTINUE] = { "continue", no_argument, NULL, 0 },
+ [L_PROXY] = { "proxy", required_argument, NULL, 0 },
+ [L_NO_PROXY] = { "no-proxy", no_argument, NULL, 0 },
+ [L_QUI
[PATCH uclient 09/12] cmake: enable extra compiler checks
Let's enforce additional automatic checks enforced by the compiler in order to catch possible errors during compilation. Signed-off-by: Petr Štetiar --- CMakeLists.txt | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c2f1fdb2f662..74031bb8ef57 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,12 @@ cmake_minimum_required(VERSION 2.6) INCLUDE(CheckIncludeFiles) PROJECT(uclient C) -ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3 -Wmissing-declarations) +ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3) +IF(CMAKE_C_COMPILER_VERSION VERSION_GREATER 6) +ADD_DEFINITIONS(-Wextra -Werror=implicit-function-declaration) +ADD_DEFINITIONS(-Wformat -Werror=format-security -Werror=format-nonliteral) +ENDIF() +ADD_DEFINITIONS(-Wno-unused-parameter -Wmissing-declarations) SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH uclient 10/12] uclient-fetch: init_ca_cert: fix memory leak
Fixes following memory leak:
$ valgrind --quiet --leak-check=full uclient-fetch -q
http://127.0.0.1:1922/does-not-exist
51 (16 direct, 35 indirect) bytes in 1 blocks are definitely lost in loss
record 4 of 9
at 0x4C31A3F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4C33D84: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x553C7DF: glob_in_dir (glob.c:1410)
by 0x553D5E8: glob@@GLIBC_2.27 (glob.c:1097)
by 0x401D62: init_ca_cert (uclient-fetch.c:503)
by 0x401D62: main (uclient-fetch.c:741)
Signed-off-by: Petr Štetiar
---
uclient-fetch.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/uclient-fetch.c b/uclient-fetch.c
index 1c66ac6d33ae..bbf5eec58d71 100644
--- a/uclient-fetch.c
+++ b/uclient-fetch.c
@@ -503,6 +503,7 @@ static void init_ca_cert(void)
glob("/etc/ssl/certs/*.crt", 0, NULL, &gl);
for (i = 0; i < gl.gl_pathc; i++)
ssl_ops->context_add_ca_crt_file(ssl_ctx, gl.gl_pathv[i]);
+ globfree(&gl);
}
static void init_ustream_ssl(void)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH uclient 02/12] Add basic cram based unit tests
For the start just basic uclient-fetch functionality coverage.
Signed-off-by: Petr Štetiar
---
CMakeLists.txt | 24 -
tests/CMakeLists.txt| 1 +
tests/cram/CMakeLists.txt | 38 ++
tests/cram/server/lorem | 64 +++
tests/cram/test-san_uclient-fetch.t | 78 +
tests/cram/test_uclient-fetch.t | 77
6 files changed, 280 insertions(+), 2 deletions(-)
create mode 100644 tests/CMakeLists.txt
create mode 100644 tests/cram/CMakeLists.txt
create mode 100644 tests/cram/server/lorem
create mode 100644 tests/cram/test-san_uclient-fetch.t
create mode 100644 tests/cram/test_uclient-fetch.t
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 841bc0f8f17c..c2f1fdb2f662 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -16,12 +16,32 @@ ELSE(BUILD_STATIC)
FIND_LIBRARY(ubox_library NAMES ubox)
ENDIF(BUILD_STATIC)
-ADD_LIBRARY(uclient SHARED uclient.c uclient-http.c uclient-utils.c)
+SET(LIB_SOURCES uclient.c uclient-http.c uclient-utils.c)
+ADD_LIBRARY(uclient SHARED ${LIB_SOURCES})
TARGET_LINK_LIBRARIES(uclient ${ubox_library} dl)
-ADD_EXECUTABLE(uclient-fetch uclient-fetch.c progress.c)
+SET(CLI_SOURCES uclient-fetch.c progress.c)
+ADD_EXECUTABLE(uclient-fetch ${CLI_SOURCES})
TARGET_LINK_LIBRARIES(uclient-fetch uclient)
+IF(UNIT_TESTING)
+ ADD_DEFINITIONS(-DUNIT_TESTING)
+ ENABLE_TESTING()
+ ADD_SUBDIRECTORY(tests)
+
+ IF(CMAKE_C_COMPILER_ID STREQUAL "Clang")
+ADD_LIBRARY(uclient-san SHARED ${LIB_SOURCES})
+TARGET_COMPILE_OPTIONS(uclient-san PRIVATE -g -fno-omit-frame-pointer
-fsanitize=undefined,address,leak -fno-sanitize-recover=all)
+TARGET_LINK_OPTIONS(uclient-san PRIVATE -fsanitize=undefined,address,leak)
+TARGET_LINK_LIBRARIES(uclient-san ${ubox_library} dl)
+
+ ADD_EXECUTABLE(uclient-fetch-san ${CLI_SOURCES})
+TARGET_COMPILE_OPTIONS(uclient-fetch-san PRIVATE -g
-fno-omit-frame-pointer -fsanitize=undefined,address,leak
-fno-sanitize-recover=all)
+TARGET_LINK_OPTIONS(uclient-fetch-san PRIVATE
-fsanitize=undefined,address,leak)
+TARGET_LINK_LIBRARIES(uclient-fetch-san uclient-san ${ubox_library} dl)
+ ENDIF()
+ENDIF()
+
INSTALL(FILES uclient.h uclient-utils.h
DESTINATION include/libubox
)
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
new file mode 100644
index ..3d339b1ebc53
--- /dev/null
+++ b/tests/CMakeLists.txt
@@ -0,0 +1 @@
+ADD_SUBDIRECTORY(cram)
diff --git a/tests/cram/CMakeLists.txt b/tests/cram/CMakeLists.txt
new file mode 100644
index ..ba75802ae21c
--- /dev/null
+++ b/tests/cram/CMakeLists.txt
@@ -0,0 +1,38 @@
+FIND_PACKAGE(PythonInterp 3 REQUIRED)
+FILE(GLOB test_cases "test_*.t")
+
+IF(CMAKE_C_COMPILER_ID STREQUAL "Clang")
+ FILE(GLOB test_cases_san "test-san_*.t")
+ENDIF()
+
+SET(PYTHON_VENV_DIR "${CMAKE_CURRENT_BINARY_DIR}/.venv")
+SET(PYTHON_VENV_PIP "${PYTHON_VENV_DIR}/bin/pip")
+SET(PYTHON_VENV_CRAM "${PYTHON_VENV_DIR}/bin/cram")
+
+ADD_CUSTOM_COMMAND(
+ OUTPUT ${PYTHON_VENV_CRAM}
+ COMMAND ${PYTHON_EXECUTABLE} -m venv ${PYTHON_VENV_DIR}
+ COMMAND ${PYTHON_VENV_PIP} install cram
+)
+ADD_CUSTOM_TARGET(prepare-cram-venv ALL DEPENDS ${PYTHON_VENV_CRAM})
+
+ADD_CUSTOM_TARGET(
+ http-server-kill ALL
+ COMMAND pkill --full -9 "${PYTHON_VENV_DIR}/bin/python3 -m http.server
1922 --bind 127.0.0.1" > /dev/null 2>&1 || true
+ DEPENDS ${PYTHON_VENV_CRAM}
+)
+
+ADD_CUSTOM_TARGET(
+ http-server ALL
+ COMMAND ${PYTHON_VENV_DIR}/bin/python3 -m http.server 1922 --bind
127.0.0.1 > /dev/null 2>&1 &
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/server
+ DEPENDS http-server-kill
+)
+
+ADD_TEST(
+ NAME cram
+ COMMAND ${PYTHON_VENV_CRAM} ${test_cases} ${test_cases_san}
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+)
+
+SET_PROPERTY(TEST cram APPEND PROPERTY ENVIRONMENT
"BUILD_BIN_DIR=$")
diff --git a/tests/cram/server/lorem b/tests/cram/server/lorem
new file mode 100644
index ..133af11d18f8
--- /dev/null
+++ b/tests/cram/server/lorem
@@ -0,0 +1,64 @@
+Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas accumsan dui
+diam, sit amet vehicula nisl tincidunt non. Duis orci urna, luctus porttitor
+viverra non, interdum id erat. Vivamus in tortor eu augue dignissim imperdiet
+vitae ut ligula. Nunc luctus arcu viverra dolor commodo, et pellentesque
+lectus convallis. Donec molestie gravida venenatis. Curabitur vitae nulla at
+nisi ullamcorper sagittis vitae eget arcu. Sed elementum neque metus, in
+sollicitudin lorem vestibulum sed. Etiam non leo id eros ultrices hendrerit.
+
+Etiam sed luctus lacus. Fusce congue quam varius, cursus enim id, varius
+tellus. Suspendisse at mauris blandit, tempor urna non, pharetra tortor. In
+laoreet turpis a s
[PATCH uclient 12/12] Add initial GitLab CI support
Uses currently proof-of-concept openwrt-ci[1] in order to: * improve the quality of the codebase in various areas * decrease code review time and help merging contributions faster * get automagic feedback loop on various platforms and tools - out of tree build with OpenWrt SDK on following targets: * ath79-generic * imx6-generic * malta-be * mvebu-cortexa53 - out of tree native build on x86/64 with GCC (versions 8, 9, 10) and Clang 10 - out of tree native x86/64 static code analysis with cppcheck and scan-build from Clang 10 1. https://gitlab.com/ynezz/openwrt-ci/ Signed-off-by: Petr Štetiar --- .gitlab-ci.yml | 7 +++ 1 file changed, 7 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index ..94befcee491e --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,7 @@ +variables: + CI_ENABLE_UNIT_TESTING: 1 + CI_TARGET_BUILD_DEPENDS: uclient + +include: + - remote: https://gitlab.com/ynezz/openwrt-ci/raw/master/openwrt-ci/gitlab/main.yml + - remote: https://gitlab.com/ynezz/openwrt-ci/raw/master/openwrt-ci/gitlab/pipeline.yml ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH uclient 11/12] uclient-fetch: wolfSSL: fix certificate validation
Currently wolfSSL doesn't validate any certificates, quoting from
README:
wolfSSL takes a different approach to certificate verification than
OpenSSL does. The default policy for the client is to verify the server,
this means that if you don't load CAs to verify the server you'll get a
connect error, no signer error to confirm failure (-188).
If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
verifying the server fails and reducing security you can do this by calling:
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling wolfSSL_new();. Though it's not recommended.
wolfSSL simply behaves differently then OpenSSL so once you set
SSL_VERIFY_NONE wolfSSL doesn't care about the certificates anymore so
every call to SSL_get_verify_result() is going to succeed (returns
X509_V_OK) even for invalid certificates and current OpenSSL based post
connection verification logic thus doesn't work.
So in order to get the validation working we need to use SSL_VERIFY_PEER
for wolfSSL by default and allow disabling it explicitly by new
`context_set_require_validation()` call.
Fixes: FS#3465
Signed-off-by: Petr Štetiar
---
uclient-fetch.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/uclient-fetch.c b/uclient-fetch.c
index bbf5eec58d71..958f75618194 100644
--- a/uclient-fetch.c
+++ b/uclient-fetch.c
@@ -591,6 +591,8 @@ int main(int argc, char **argv)
switch (longopt_idx) {
case L_NO_CHECK_CERTIFICATE:
verify = false;
+ if (ssl_ctx)
+
ssl_ops->context_set_require_validation(ssl_ctx, verify);
break;
case L_CA_CERTIFICATE:
has_cert = true;
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH ustream] ustream-openssl: fix bio memory leak
Eneas U de Queiroz [2020-12-10 11:29:36]: Hi, > access that memory after we free it. This would be after we call > BIO_free. The thing is, we aren't making that call. so we are leaking > that resource as well. IIRC this is solved by OpenSSL internal reference counting and executed in SSL_free() or SSL_shutdown(). > After tackling BIO_free, my suggestion would be to determine where the > method table variable should go, and where to call BIO_meth_new and > BIO_meth_free. I would add it to a defined struct > ustream_ssl_ctx--which is now just used with a cast to SSL_CTX--and IIRC I've tried that approach already(this WIP solution is like 3rd iteration), but that struct is opaque. > would create and free the object in __ustream_ssl_context_new and > __ustream_ssl_context_free, which would give it a possibly larger > lifetime than the ssl_session or the BIO object. AFAIK that's exactly what I'm doing in my current solution. > We should coordinate efforts. You're the boss, so tell me what you want me > to do, if anything. I didn't wanted to sound like the boss and I apologize if that was the case, sorry. I've just send out some patches for uclient/ustream-ssl, so I would be grateful if you could review and test those changes on your device(s), ideally on all three SSL libs and client/server setup. Thanks! Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] Revert "build: switch VERSION_REPO to HTTPS"
Paul Spooren [2020-11-25 08:52:30]: Hi, > Until somebody jumps on ustream-ssl and fixes the WolfSSL > implementation, we should consider to disable it. FYI I've just posted hopefully fixes for those issue(s): uclient https://patchwork.ozlabs.org/project/openwrt/list/?series=219813 ustream-ssl https://patchwork.ozlabs.org/project/openwrt/list/?series=219811 The updated packages are available in my staging tree[1]. Please let me know if there is anything else preventing marking this patch as 'Not applicable'. Thanks! 1. https://git.openwrt.org/?p=openwrt/staging/ynezz.git;a=shortlog;h=refs/heads/staging Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] build/json: add filesystem information
Paul Spooren [2020-12-13 14:40:55]:
> Some images are created using different filesystems, most popular
> squashfs and ext4. To allow downstream projects to distinguesh between
> those, add the `filesystem` information to created json files.
>
> Signed-off-by: Paul Spooren
Reviewed-by: Petr Štetiar
> ---
> include/image.mk | 1 +
> scripts/json_add_image_info.py | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/include/image.mk b/include/image.mk
> index 3234956484..563d3d805d 100644
> --- a/include/image.mk
> +++ b/include/image.mk
> @@ -573,6 +573,7 @@ define Device/Build/image
> SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
> IMAGE_NAME="$(IMAGE_NAME)" \
> IMAGE_TYPE=$(word 1,$(subst ., ,$(2))) \
> + IMAGE_FILESYSTEM="$(1)" \
> IMAGE_PREFIX="$(IMAGE_PREFIX)" \
> DEVICE_VENDOR="$(DEVICE_VENDOR)" \
> DEVICE_MODEL="$(DEVICE_MODEL)" \
> diff --git a/scripts/json_add_image_info.py b/scripts/json_add_image_info.py
> index ac907c777c..d394cf4d1f 100755
> --- a/scripts/json_add_image_info.py
> +++ b/scripts/json_add_image_info.py
> @@ -51,6 +51,7 @@ image_info = {
> "images": [
> {
> "type": getenv("IMAGE_TYPE"),
> +"filesystem": getenv("IMAGE_FILESYSTEM"),
> "name": getenv("IMAGE_NAME"),
> "sha256": image_hash,
> }
> --
> 2.29.2
>
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>
--
ynezz
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] build/prereq: requie make 4.1 or later
Paul Spooren [2020-12-12 21:17:02]: Hi, > FS#2086 "IS_TTY in the makefile is broken" reports flawed detection of > stdout piping to a file. The issue describes how e.g. terminal color > codes and up in log files if running make like `make > log.txt`. > > The proposed solution uses the make variable "MAKE_TERMOUT", which was > introduced in make 4.1. All major distributions seem to updated to 4.1 > or later, so this ideally dosn't break anything. BTW it would be nice to update the README as well. I think, that it would make sense to postpone this by a few days, right after the 20.12 is branched. I'm holding the gcc6+ patch[1] for the similar reasons. 1. https://patchwork.ozlabs.org/project/openwrt/patch/20191112200129.19396-1-yn...@true.cz/ Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] uhttpd: don't redirect to HTTPS by default
So we can ship px5g-wolfssl by default in the release image, but still make the HTTPS for LuCI optional. This small change with addition of `CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the next release should provide optional HTTPS in the next release. Disabling the current default automatic uhttpd's redirect to HTTPS should make the HTTPS optional. That's it, user would either need to switch to HTTPS by manually switching to https:// protocol in the URL or by issuing the following commands to make the HTTPS automatic redirect permanent: $ uci set uhttpd.main.redirect_https=1 $ uci commit uhttpd $ service uhttpd reload Signed-off-by: Petr Štetiar --- package/network/services/uhttpd/files/uhttpd.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config index aeded08afc95..40ce67fd010f 100644 --- a/package/network/services/uhttpd/files/uhttpd.config +++ b/package/network/services/uhttpd/files/uhttpd.config @@ -10,7 +10,7 @@ config uhttpd main list listen_https [::]:443 # Redirect HTTP requests to HTTPS if possible - option redirect_https 1 + option redirect_https 0 # Server document root option home /www ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH v2] procd: add info json output
Florian Eckert [2020-12-14 13:56:03]:
Hi,
> By adding the extra command `info` it is now possible to retrieve all
> relevant data from a procd started service directly via the init script.
whats the use case, how is this useful?
> Until now, you have to query the ubus with the command:
> ubus call service list '{"name":"","verbose":true}'
>
> With this change, the init script is now used with the command:
> /etc/init.d/ info
I find the `info` name ambiguous and misleading.
Cheers,
Petr
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] uhttpd: don't redirect to HTTPS by default
Jo-Philipp Wich [2020-12-14 23:24:23]: Hi, > > So we can ship px5g-wolfssl by default in the release image, but still > > make the HTTPS for LuCI optional. This small change with addition of > > `CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the > > next release should provide optional HTTPS in the next release. > > please note that LuCI is currently quite broken using the libustream-wolfssl > backend, definitely not in a releasable shape. I'm hearing you, that's why I've proposed this change, to make it opt-in. Without this change the HTTPS would be enabled by default and this is not desired. With this change it's strictly opt-in, so we can mention it in the relase notes, that HTTPS is available if folks want to try it out and send patches with fixes or just file bug reports. Speaking of bug reports, what does it mean "currently quite broken"? Do you've some reproducer or some idea how to trigger that issue(s) you're seeing? It would be nice to have those cases covered in unit tests. BTW I'm using LuCI with HTTPS for some time and apart from that sysauth cookie issue which is not related to libustream-wolfssl backend it seems quite usable to me, no memleaks etc. Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Make HTTPS in LuCI optional but dead simple in 20.12 [Was: Re: 20.xx: postponse LuCI HTTPS per default]
Petr Štetiar [2020-11-20 11:44:14]: > > I'd like to suggest to postponse HTTPS LuCI (`luci-ssl` vs `luci`) per > > default. > > Do we need to make this hard decission? Can't we leave it to the end users? > We need most of the SSL stuff for other parts, so why not benefit from that in > other parts? > > For the start, can't we simply introduce some first time welcome page on HTTP, > explain to the user, that HTTPS is available, the pros and cons of this > solution and let the user decide? > > In less intrusive way, this welcome page/wizard could be replaced with some > information box "HTTPS is just a moments away", so the user would need to > explicitly request that HTTPS feature. > > There might be some better UX approach, but please try hard to move forward, > not backward :-) this PR#4660[1] (needs PR#4659[2]) and uhttpd patch[3] is my complete attempt to make the HTTPS optional, but just two clicks away. 1. https://github.com/openwrt/luci/pull/4660 2. https://github.com/openwrt/luci/pull/4659 3. https://patchwork.ozlabs.org/project/openwrt/patch/20201214090743.14651-1-yn...@true.cz/ Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [RFC] raise gcc/make versions for 20.x
Paul Spooren [2020-12-15 16:26:14]: Hi, > I've seen two patches for version raises of build requirements and would > like to know if we should merge them before or after 20.x. > > make: 3.81.x -> 4.1.x > gcc: 4.8 -> 6.x > > I'm in favor to merge both *before* the branch. it would probably help to know the reason as well. "I'm in favor" might not be enough in this almost pre-release stage. AFAIK that Make version bump fixes an issue with possibly few stray ANSI color escapes (workaround is to use NO_COLOR=1 in this case) and \r characters in the log file. Is it really that big issue to do this last minute version bump? FYI that gcc6+ one was NACKed[1] by Yousong and I'm fine with that for 20.12 release. I plan to rebase/resend that patch once 20.12 is branched. 1. https://patchwork.ozlabs.org/project/openwrt/patch/20191112081625.27695-1-yn...@true.cz/#2301662 Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [RFC] raise gcc/make versions for 20.x
Rosen Penev [2020-12-15 19:03:55]: Hi, > The issue is with EL7. That would break the ability to compile. this is moot argument[1]: [root@9bb9a267fbb6 build]# cat /etc/redhat-release CentOS Linux release 7.7.1908 (Core) [root@9bb9a267fbb6 build]# gcc --version gcc (GCC) 8.3.1 20190311 (Red Hat 8.3.1-3) Copyright (C) 2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > there's a clang warning to fix the GCC 4.8 issue: > -Werror=gnu-empty-initializer . And what is your point? Are we supposed to handle this and possibly dozen other corner cases in GCC 4.8 just because someone wants to use EL7 in default setup and refuses to install and use modern toolchain? Even then, what's the problem? You could still simply revert the commit which would make gcc6+ requirement. 1. https://github.com/openwrt/openwrt/commit/4ba8f7b1ef1e4c0607185a41c06b51928c625d8b#commitcomment-35907238 Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH v3] procd: add procd json output to init
Florian Eckert [2020-12-17 09:40:08]:
Hi,
> By adding the extra command `procd` it is now possible to retrieve all
> relevant data from a procd started service directly via the init script.
>
> Until now, you have to query the ubus to get the information with the
> following command.
>
> `ubus call service list '{"name":"","verbose":true}'`
>
> With this change, the init script is now extend with the command to get
> this information easier.
I still lack the information about your use case, how do you use this output
of this command.
BTW it looks like you're doing something similar to what we're already doing
in the `status` command.
Maybe you just want to implement `status_verbose` (or such) command with all
the details you would like to get, but in human readable format?
I see the service command as CLI mainly for end users, so in my oppinion it
should provide human readable output.
> + json_init
> + json_add_string name "$service"
> + json_add_boolean verbose "1"
> + json_add_string name "$service"
Duplicate json_add_string line.
-- ynezz
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH v3] procd: add procd json output to init
Florian Eckert [2020-12-17 10:34:25]:
> So that I do not always have to type the whole string.
Well, you don't need to.
root@OpenWrt:/# cat ~/.shinit
procd_service_list() {
ubus call service list "{'name':\"$1\",'verbose':true}"
}
root@OpenWrt:/# procd_service_list urngd
{
"urngd": {
"instances": {
"instance1": {
"running": true,
"pid": 500,
"command": [
"/sbin/urngd"
],
"term_timeout": 5
}
}
}
}
Then just put this into your files/root/.shinit file and you've it in all your
images.
> I didn't realize it that way, that only human readable output are allowed.
allowed != expected
Cheers,
Petr
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: Upcoming 19.07.6 release plan
Hi, I'm really sorry for the previous email hiccup :-) Anyway, I just wanted to make you aware, that there is a plan to do a next 19.07.6 release somewhere in January 2021 around Tuesday 19th. So feel free to suggest backport/fixes which should be included in this release by replying to this email or via the standard contribution channels. Thanks! Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Meeting notes - 10th December 2020 virtual meeting
Hi, I would like to let you know, that there was virtual meeting week ago and you can find the meeting minutes on the wiki[1]. 1. https://openwrt.org/meetings/20201210 Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] build: replace which with Bash command built-in
`which` utility is not shipped by default for example on recent Arch
Linux and then any steps relying on its presence fails, like for example
following Python3 prereq build check:
$ python3 --version
Python 3.9.1
$ make
/bin/sh: line 1: which: command not found
/bin/sh: line 1: which: command not found
/bin/sh: line 1: which: command not found
...
Checking 'python3'... failed.
...
Fix this by switching to Bash builtin `command` which should provide
same functionality.
Fixes: FS#3525
Signed-off-by: Petr Štetiar
---
Other option is to check for `which` util presence in prereq-build and adding
`which` to the list of required host build utils.
Makefile | 3 ++-
include/cmake.mk | 2 +-
include/prereq.mk | 4 ++--
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index 24f5955c9066..f4519e00d28d 100644
--- a/Makefile
+++ b/Makefile
@@ -18,7 +18,8 @@ $(if $(findstring $(space),$(TOPDIR)),$(error ERROR: The path
to the OpenWrt dir
world:
-DISTRO_PKG_CONFIG:=$(shell which -a pkg-config | grep -E '\/usr' | head -n 1)
+WHICH:=command -pv
+DISTRO_PKG_CONFIG:=$(shell $(WHICH) pkg-config | grep -E '\/usr' | head -n 1)
export PATH:=$(TOPDIR)/staging_dir/host/bin:$(PATH)
ifneq ($(OPENWRT_BUILD),1)
diff --git a/include/cmake.mk b/include/cmake.mk
index 0a20530a16fe..ff00b5e779b5 100644
--- a/include/cmake.mk
+++ b/include/cmake.mk
@@ -15,7 +15,7 @@ MAKE_PATH = $(firstword $(CMAKE_BINARY_SUBDIR) .)
ifeq ($(CONFIG_EXTERNAL_TOOLCHAIN),)
cmake_tool=$(TOOLCHAIN_DIR)/bin/$(1)
else
- cmake_tool=$(shell which $(1))
+ cmake_tool=$(shell $(WHICH) $(1))
endif
ifeq ($(CONFIG_CCACHE),)
diff --git a/include/prereq.mk b/include/prereq.mk
index 83ac21242c65..a6ee2bb637f5 100644
--- a/include/prereq.mk
+++ b/include/prereq.mk
@@ -52,7 +52,7 @@ endef
define RequireCommand
define Require/$(1)
-which $(1)
+$(WHICH) $(1)
endef
$$(eval $$(call Require,$(1),$(2)))
@@ -106,7 +106,7 @@ define SetupHostCommand
$(call QuoteHostCommand,$(11)) $(call
QuoteHostCommand,$(12)); do \
if [ -n "cmd" ]; then \
bin="(PATH="$(subst $(space),:,$(filter-out
$(STAGING_DIR_HOST)/%,$(subst :,$(space),$(PATH" \
- which "{cmd%% *}")"; \
+ $(WHICH) "{cmd%% *}")"; \
if [ -x "bin" ] && eval "cmd"
>/dev/null 2>/dev/null; then \
mkdir -p "$(STAGING_DIR_HOST)/bin"; \
ln -sf "bin"
"$(STAGING_DIR_HOST)/bin/$(strip $(1))"; \
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] ca-certificated: use relative symlink for cert.pem
Rosen Penev [2020-12-19 19:11:48]: Hi, > Fixes dead symlink under InstallDev. where is that dead symlink? root@OpenWrt:/# ls -al /etc/ssl/cert.pem lrwxrwxrwx1 root root34 Dec 21 16:53 /etc/ssl/cert.pem -> /etc/ssl/certs/ca-certificates.crt root@OpenWrt:/# ls -al /etc/ssl/certs/ca-certificates.crt -rw-r--r--1 root root198416 Dec 21 16:53 /etc/ssl/certs/ca-certificates.crt root@OpenWrt:/# cat /etc/openwrt_version r15252+5-20d847d1338f > Signed-off-by: Rosen Penev > --- > package/system/ca-certificates/Makefile | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/package/system/ca-certificates/Makefile > b/package/system/ca-certificates/Makefile > index ca3756b34d..62a7d57e85 100644 > --- a/package/system/ca-certificates/Makefile > +++ b/package/system/ca-certificates/Makefile > @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk > > PKG_NAME:=ca-certificates > PKG_VERSION:=20200601 > -PKG_RELEASE:=1 > +PKG_RELEASE:=2 > PKG_MAINTAINER:= > > PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz > @@ -65,7 +65,7 @@ endef > define Package/ca-bundle/install > $(INSTALL_DIR) $(1)/etc/ssl/certs > cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt > >$(1)/etc/ssl/certs/ca-certificates.crt > - $(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem > + $(LN) certs/ca-certificates.crt $(1)/etc/ssl/cert.pem > endef > $(eval $(call BuildPackage,ca-bundle)) > $(eval $(call BuildPackage,ca-certificates)) > -- > 2.29.2 > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel > -- ynezz ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] ca-certificated: use relative symlink for cert.pem
Rosen Penev [2020-12-22 02:21:15]: > It's not on the installed device. It's under InstallDev. > > find staging_dir/target-mips_*/root-*/ -xtype l > > for more. $ find staging_dir/target-x86*/root-*/ -xtype l staging_dir/target-x86_64_musl/root-x86/etc/localtime staging_dir/target-x86_64_musl/root-x86/etc/TZ staging_dir/target-x86_64_musl/root-x86/etc/resolv.conf staging_dir/target-x86_64_musl/root-x86/etc/ppp/resolv.conf I'm not going to waste more time on this, if you think, that there is still the issue send v2 with proper commit description. I'm simply not going to accept this version as it's not clear what is currently wrong and how this patch fixes it. -- ynezz ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: firewall3: add udp/icmp flood protection
Maksym Kovalchuck [2020-11-04 15:40:04]:
Please add proper commit description, see openwrt.org/submitting-patches for
details
> Signed-off-by: Maksym Kovalchuck
> ---
> defaults.c | 54 ++
> options.h | 14 +++---
> 2 files changed, 65 insertions(+), 3 deletions(-)
>
> diff --git a/defaults.c b/defaults.c
> index f03765c..a8c9d4d 100644
> --- a/defaults.c
> +++ b/defaults.c
> @@ -28,6 +28,8 @@ static const struct fw3_chain_spec default_chains[] = {
> C(ANY, FILTER, CUSTOM_CHAINS, "output_rule"),
> C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_rule"),
> C(ANY, FILTER, SYN_FLOOD, "syn_flood"),
> + C(ANY, FILTER, UDP_FLOOD, "udp_flood"),
> + C(ANY, FILTER, ICMP_FLOOD,"icmp_flood"),
>
> C(V4, NAT,CUSTOM_CHAINS, "prerouting_rule"),
> C(V4, NAT,CUSTOM_CHAINS, "postrouting_rule"),
> @@ -49,6 +51,14 @@ const struct fw3_option fw3_flag_opts[] = {
> FW3_OPT("synflood_rate", limit,defaults, syn_flood_rate),
> FW3_OPT("synflood_burst", int, defaults,
> syn_flood_rate.burst),
>
> + FW3_OPT("udpflood_protect",bool, defaults, udp_flood),
> + FW3_OPT("udpflood_rate", limit,defaults, udp_flood_rate),
> + FW3_OPT("udpflood_burst", int, defaults,
> udp_flood_rate.burst),
> +
> + FW3_OPT("icmpflood_protect", bool, defaults, icmp_flood),
> + FW3_OPT("icmpflood_rate", limit,defaults, icmp_flood_rate),
> + FW3_OPT("icmpflood_burst", int, defaults,
> icmp_flood_rate.burst),
> +
> FW3_OPT("tcp_syncookies", bool, defaults, tcp_syncookies),
> FW3_OPT("tcp_ecn", int, defaults, tcp_ecn),
> FW3_OPT("tcp_window_scaling", bool, defaults, tcp_window_scaling),
> @@ -144,6 +154,10 @@ fw3_load_defaults(struct fw3_state *state, struct
> uci_package *p)
> defs->any_reject_code = FW3_REJECT_CODE_PORT_UNREACH;
> defs->syn_flood_rate.rate = 25;
> defs->syn_flood_rate.burst = 50;
> + defs->udp_flood_rate.rate = 50;
> + defs->udp_flood_rate.burst = 50;
> + defs->icmp_flood_rate.rate = 10;
> + defs->icmp_flood_rate.burst = 1;
> defs->tcp_syncookies = true;
> defs->tcp_window_scaling = true;
> defs->custom_chains= true;
> @@ -201,6 +215,12 @@ fw3_print_default_chains(struct fw3_ipt_handle *handle,
> struct fw3_state *state,
> if (defs->syn_flood)
> set(defs->flags, handle->family, FW3_FLAG_SYN_FLOOD);
>
> + if (defs->udp_flood)
> + set(defs->flags, handle->family, FW3_FLAG_UDP_FLOOD);
> +
> + if (defs->icmp_flood)
> + set(defs->flags, handle->family, FW3_FLAG_ICMP_FLOOD);
> +
> for (c = default_chains; c->format; c++)
> {
> /* don't touch user chains on selective stop */
> @@ -231,6 +251,8 @@ fw3_print_default_head_rules(struct fw3_ipt_handle
> *handle,
> struct fw3_defaults *defs = &state->defaults;
> struct fw3_device lodev = { .set = true };
> struct fw3_protocol tcp = { .protocol = 6 };
> + struct fw3_protocol udp = { .protocol = 17 };
> + struct fw3_protocol icmp = { .protocol = 1 };
> struct fw3_ipt_rule *r;
>
> const char *chains[] = {
> @@ -309,6 +331,38 @@ fw3_print_default_head_rules(struct fw3_ipt_handle
> *handle,
> fw3_ipt_rule_append(r, "INPUT");
> }
>
> + if (defs->udp_flood)
> + {
> + r = fw3_ipt_rule_create(handle, &udp, NULL, NULL, NULL,
> NULL);
> + fw3_ipt_rule_limit(r, &defs->udp_flood_rate);
> + fw3_ipt_rule_target(r, "RETURN");
> + fw3_ipt_rule_append(r, "udp_flood");
> +
> + r = fw3_ipt_rule_new(handle);
> + fw3_ipt_rule_target(r, "DROP");
> + fw3_ipt_rule_append(r, "udp_flood");
> +
> + r = fw3_ipt_rule_create(handle, &udp, NULL, NULL, NULL,
> NULL);
> + fw3_ipt_rule_target(r, "udp_flood");
> + fw3_ipt_rule_append(r, "INPUT");
> + }
> +
> + if (defs->icmp_flood)
> + {
> + r = fw3_ipt_rule_create(handle, &icmp, NULL, NULL,
> NULL, NULL);
> + fw3_ipt_rule_limit(r, &defs->icmp_flood_rate);
> + fw3_ipt_rule_target(r, "RETURN");
> + fw3_ipt_rule_append(r, "icmp_flood");
> +
> + r = fw3_ipt_rule_new(handle);
> + fw3_ipt_rule_target(r, "DROP");
> + fw3_ipt_rule_append(r, "icmp_flood");
> +
> + r = fw3_ipt_rule_create(handle, &icmp, NULL, NULL,
> NULL, NULL);
> + fw3_ipt_rule_target(r, "icmp_flood");
> + fw3_ipt_rule_append(r, "INPUT");
> + }
> +
>
Re: [PATCH] ath79: switch to kernel loader for ar9344 CPE/WBS
Sander Vanheule [2020-09-27 15:59:33]: Hi, > Now that firmware partitions starting with an ELF kernel loader can be > split automatically, move the TP-Link ar9344-based CPE and WBS devices > from an OKLI loader to a plain kernel loader. > > This reduces the size of the device images a bit (2kB for initramfs and > sysupgrade). More importantly it takes away the requirement to > periodically resize the kernel partition to allow for larger kernels. > > Note that the firmware size in tplink-safeloader.c is one erase block > smaller than the one in the DTSI, due to some runtime space reclamation > happening on these devices. > > Also rebases tplink-eap2x5 on the new tplink-safeloader-elf base device. does not apply anymore, so you should rebase and resend. Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] dnsmasq: Ignore carrier status for bridge interfaces
Reuben Dowle [2020-07-16 00:10:43]: Hi, > This occurs because netifd can incorrectly indicate carrier down on an > interface through devstatus after issuing a carrier up hotplug event. then it seems like this should be fixed in netifd. > This patch ignores carrier status for bridge interfaces, as this does not > reflect media state so is not a useful check. This looks like a band aid, not a proper fix. Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: Turris Omnia boot failure after "mvebu: fix initramfs/kernel image for CZNIC Turris Omnia"
Magnus Kroken [2020-12-18 00:30:42]: Hi Magnus, thank you for the bug report and sorry for the breakage. > Commit e401a2a42e6d7c892e1cf7d765fa5ec9b2db3fb3 causes my Turris Omnia > CZ11NIC13 to no longer boot. Compiling with EARLY_PRINTK does not show > anything of interest: > > ## Executing script at 0180 > Setting bus to 0 > reading armada-385-turris-omnia.dtb > 18748 bytes read in 20 ms (915 KiB/s) > reading zImage > 3151292 bytes read in 134 ms (22.4 MiB/s) > Kernel image @ 0x100 [ 0x00 - 0x2fcc80 ] > ## Flattened Device Tree blob at 0200 >Booting using the fdt blob at 0x200 >Loading Device Tree to 0fff8000, end 093b ... OK > > Starting kernel ... > > <--- device reboots ---> > U-Boot SPL 2015.10-rc2 (Aug 18 2016 - 20:43:35) > > Reverting the mentioned commit solves the issue. Any ideas about what the > problem is? Is there any additional data that would be useful? I've registered another report[1] and as the author doesn't care I plan to revert that commit soon. 1. https://github.com/openwrt/openwrt/commit/e401a2a42e6d7c892e1cf7d765fa5ec9b2db3fb3#commitcomment-45189788 Cheers, Petr ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
