Commit Graph

20828 Commits

Author SHA1 Message Date
Lech Perczak
aa7873a9e6 umbim: extract common code from static and dhcp(v6) setup procedure
Beginnings and endings of sub-interface creation procedure were
literally duplicates - extract them outside if "if" blocks

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
e4db21b413 umbim: handle MTU configuration
Allow setting interface MTU through UCI. If this is not set,
use MBIM-provided MTU, if provided through control channel.
If separate MTUs are provided for IPv4 and IPv6, apply larger of them.
This is very unlikely and possible only for IPv4v6 dual-stack configuration.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
2bfbc2dbd8 umbim: delegate RFC7278 IPv6 prefixes from OOB config
Delegate prefixes received through MBIM control channel the same way, as
would be done through DHCP, according to RFC7278.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
9808b09b91 umbim: drop IP configuration parsing using 'eval'
Finally, when new helper is in use, drop old IP configuration parser.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
c13a1b412b umbim: support multiple-valued configuration fields
MBIM supports multiple values for IP address and DNS server, and such
configuration is available through output of MBIM. Use new helper
method to support adding multiple addresses and DNS servers to static
interfaces for both IPv4 and IPv6.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
f01fff63fb umbim: add "_proto_mbim_get_field" helper
Add a new helper to extract IP configuration from umbim output. This is
required to extract fields which can possibly have multiple values,
namely IP addresses and DNS servers, and get rid of primitive parser
using 'eval' builtin without support for this.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
5f873df8d4 umbim: log output of 'config' step
Display full configuration obtained using MBIM control channel in the
log, from umbim output verbatim, for easier troubleshooting, and in
preparation for parser refactoring.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
9ddbcd73d8 umbim: pass ipXtable to child interfaces
Inspired by commti e51aa699f7, allow setting specific routing tables
via ip4table and ip6table options, by passing them on child interfaces
created by MBIM protocol handler.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
e2655e0a6b umbim: respect 'Enable IPv6 negotiation' option
Don't bring IPv6 part of interface up if it's disabled,
or system does not support it.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
ca8df8a992 umbim: use static config by default, fallback to DHCP
Finally, inspired by ModemManager's logic, make static configuration
obtained through MBIM control channel, preferred.
If IP configuration is not available this way, fallback to DHCP(v6) if
enabled, else do not create a sub-interface for unavailable IP type.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
464d81fe4a umbim: separate DHCPv6 configuration from DHCP(v4)
Now, that sub-interface setup is split by IP type, and separate checks
are performed for DHCP selection, it is possible to control DHCP on v4
an v6 sub-interfaces instantly. Add "dhcpv6" variable, akin to QMI
option, to control behaviour of DHCPv6 separately from IPv4 option,
which is required for some mobile operators.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
03692dee73 umbim: restructure IPv4/IPv6 handling
Check whether interface is configured per IP type, not per DHCP. This is
preparation to allow fallback to DHCP if static IP configuration is not
available, which is the default option for MBIM modems

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
c1e0d07744 umbim: inherit firewall zone membership from parent interface
Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.
Inspired by 64bb88841f.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
c84bf89b3a umbim: inherit "peerdns" option from parent interface
MBIM protocol handler should intherit "peerdns" options from parent
interface on sub-interfaces, otherwise upstream DNS servers are applied
regardless of configuration.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
9bb4b9a968 umbim: use IP configuration provided by MBIM by default
Previously, DHCP was used. According to MBIM Specification v1.0 errata 1 [1],
section 10.5.20, MBIM_CID_IP_CONFIGURATION,
if MBIM information element containing IP configuration is available,
host shall use it, and fall back to in-band mechanisms to acquire it therwise -
therefore make static configuration the default.

[1] https://www.usb.org/document-library/mobile-broadband-interface-model-v10-errata-1-and-adopters-agreement

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
356a6f0eee umbim: detect actual connection IP type
Current implementation needlessly creates both IPv4 and IPv6
sub-interfaces for single-stack IP types. Limit this only to selected IP
type. While at that, ensure that IP type is also passed to umbim during
"connect" phase. In addition, detect the actual established connection
type returned by umbim and set up subinterfaces according to that,
not to requested configuration. While at that, allow empty IP type explicitly,
interpreted as "any" according to MBIM specification.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
da84eddedb umbim: fail connect step immediately
Subsequent calls to 'umbim connect' do not have any effect if a failure
occured, and in such case an infinite loop without timeout is created,
leading to possibility of interface stuck at connecting forever.
Drop this loop, and issue MBIM disconnect properly, so netifd can
restart from scratch.
This issue can be observed with Sierra EM7455 at changing APN, which
causes network re-registration by default, and a MBIM transaction
timeout, which is resolved on next interface bringup by netifd.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
0be14c622b umbim: connect session for only the selected PDP type
Previous implementation automatically set up connections for both IPv4
and IPv6, even if one of them isn't supported. Respect the "pdptype"
option in the same way, as it is done for QMI or NCM, and only start the
respective PDN sessions, if set.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Martin Schiller
512bb17f3e umbim: add support for non-dhcp mode
There are mbim compatible wwan modules available which do not support
the dhcp autoconfiguration. (e.g. gemalto Cinterion ELS81)

This adds the possibility to get the configuration parameters from mbim.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Eneas U de Queiroz
1c5cafa3eb openssl: fix low-severity CVE-2023-1255
This applies commit 02ac9c94 to fix this OpenSSL Security Advisory
issued on 20th April 2023[1]:

Input buffer over-read in AES-XTS implementation on 64 bit ARM
(CVE-2023-1255)
==============================================================

Severity: Low

Issue summary: The AES-XTS cipher decryption implementation for 64 bit
ARM platform contains a bug that could cause it to read past the input
buffer, leading to a crash.

Impact summary: Applications that use the AES-XTS algorithm on the 64
bit ARM platform can crash in rare circumstances. The AES-XTS algorithm
is usually used for disk encryption.

The AES-XTS cipher decryption implementation for 64 bit ARM platform
will read past the end of the ciphertext buffer if the ciphertext size
is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the
memory after the ciphertext buffer is unmapped, this will trigger a
crash which results in a denial of service.

If an attacker can control the size and location of the ciphertext
buffer being decrypted by an application using AES-XTS on 64 bit ARM,
the application is affected. This is fairly unlikely making this issue a
Low severity one.

1. https://www.openssl.org/news/secadv/20230420.txt

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-29 12:33:44 +02:00
Glen Huang
e1c0bda3fc kernel: crypto: crypto-rng: select SHA512 for >= 5.14.0
drbg swtiched to use HMAC(SHA-512) since 5.14.0
5261cdf457

Signed-off-by: Glen Huang <me@glenhuang.com>
2023-04-29 12:30:30 +02:00
Álvaro Fernández Rojas
1e8b318ebe broadcom-sprom: update to latest version
Replaces SPROMs with the ones from bmips fixups to prevent errors such as:
https://github.com/openwrt/openwrt/pull/11474#issuecomment-1524235591

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-27 17:46:12 +02:00
Ilario Gelmetti
8f427f1a05 busybox: turn on BUSYBOX_DEFAULT_ASH_RANDOM_SUPPORT for having $RANDOM
$RANDOM shell variable is a convenient way for getting a random number from 0 to 32767

Signed-off-by: Ilario Gelmetti <iochesonome@gmail.com>
2023-04-25 22:01:20 +02:00
Hauke Mehrtens
fca966aab2 busybox: Activate resize tool by default
The resize tool will resize the prompt to match the current terminal
size. This is helpful when connecting to the system using UART to make
the vi or top output match the current terminal size.

This increases the busybox binary size by 136 bytes and the ipkg size by
335 bytes on aarch64.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-25 22:00:03 +02:00
Andreas Böhler
097f350aeb ath79: add support for Alcatel HH40V
The Alcatel HH40V is a CAT4 LTE router used by various ISPs.

Specifications
==============

SoC: QCA9531 650MHz
RAM: 128MiB
Flash: 32MiB SPI NOR
LAN: 1x 10/100MBit
WAN: 1x 10/100MBit
LTE: MDM9607 USB 2.0 (rndis configuration)
WiFi: 802.11n (SoC integrated)

MAC address assignment
======================

There are three MAC addresses stored in the flash ROM, the assignment
follows stock. The MAC on the label is the WiFi MAC address.

Installation (TFTP)
===================

1. Connect serial console
2. Configure static IP to 192.168.1.112
3. Put OpenWrt factory.bin file as firmware-system.bin
4. Press Power + WPS and plug in power
5. Keep buttons pressed until TFTP requests are visible
6. Wait for the system to finish flashing and wait for reboot
7. Bootup will fail as the kernel offset is wrong
8. Run "setenv bootcmd bootm 0x9f150000"
9. Reset board and enjoy OpenWrt

Installation (without UART)
===========================

Installation without UART is a bit tricky and requires several steps too
long for the commit message. Basic steps:

1. Create configure backup
2. Patch backup file to enable SSH
3. Login via SSH and configure the new bootcmd
3. Flash OpenWrt factory.bin image manually (sysupgrade doesn't work)

More detailed instructions will be provided on the Wiki page.

Tested by: Christian Heuff <christian@heuff.at>
Signed-off-by: Andreas Böhler <dev@aboehler.at>
2023-04-23 19:32:18 +02:00
Nick Hainke
304423a4ff
hostapd: update to 2023-03-29
Add patches:
- 170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch

Remove upstreamed:
- 170-DPP-fix-memleak-of-intro.peer_key.patch
- 461-driver_nl80211-use-new-parameters-during-ibss-join.patch
- 800-acs-don-t-select-indoor-channel-on-outdoor-operation.patch
- 992-openssl-include-rsa.patch

Automatically refreshed:
- 011-mesh-use-deterministic-channel-on-channel-switch.patch
- 021-fix-sta-add-after-previous-connection.patch
- 022-hostapd-fix-use-of-uninitialized-stack-variables.patch
- 030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
- 040-mesh-allow-processing-authentication-frames-in-block.patch
- 050-build_fix.patch
- 110-mbedtls-TLS-crypto-option-initial-port.patch
- 120-mbedtls-fips186_2_prf.patch
- 140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
- 150-add-NULL-checks-encountered-during-tests-hwsim.patch
- 160-dpp_pkex-EC-point-mul-w-value-prime.patch
- 200-multicall.patch
- 300-noscan.patch
- 310-rescan_immediately.patch
- 330-nl80211_fix_set_freq.patch
- 341-mesh-ctrl-iface-channel-switch.patch
- 360-ctrl_iface_reload.patch
- 381-hostapd_cli_UNKNOWN-COMMAND.patch
- 390-wpa_ie_cap_workaround.patch
- 410-limit_debug_messages.patch
- 420-indicate-features.patch
- 430-hostapd_cli_ifdef.patch
- 450-scan_wait.patch
- 460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
- 463-add-mcast_rate-to-11s.patch
- 465-hostapd-config-support-random-BSS-color.patch
- 500-lto-jobserver-support.patch
- 590-rrm-wnm-statistics.patch
- 710-vlan_no_bridge.patch
- 720-iface_max_num_sta.patch
- 730-ft_iface.patch
- 750-qos_map_set_without_interworking.patch
- 751-qos_map_ignore_when_unsupported.patch
- 760-dynamic_own_ip.patch
- 761-shared_das_port.patch
- 990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch

Manually refresh:
- 010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
- 301-mesh-noscan.patch
- 340-reload_freq_change.patch
- 350-nl80211_del_beacon_bss.patch
- 370-ap_sta_support.patch
- 380-disable_ctrl_iface_mib.patch
- 464-fix-mesh-obss-check.patch
- 470-survey_data_fallback.patch
- 600-ubus_support.patch
- 700-wifi-reload.patch
- 711-wds_bridge_force.patch
- 740-snoop_iface.patch

Tested-by: Packet Please <pktpls@systemli.org> [Fritzbox 4040 (ipq40xx),
           EAP225-Outdoor (ath79); 802.11s, WPA3 OWE, and WPA3 PSK]
Tested-by: Andrew Sim <andrewsimz@gmail.com> [mediatek/filogic]
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-22 23:18:15 +02:00
Álvaro Fernández Rojas
77d85a1bd3 mac80211: b43: only enable bcma or ssb on bmips
By default both kmod-bcma and kmod-ssb are selected by kmod-b43.
However, only one of both modules is needed for bmips subtargets:
- bcma: bcm6318, bcm6328, bcm6362, bcm63268
- ssb: bcm6358, bcm6368

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-23 12:18:36 +02:00
Álvaro Fernández Rojas
e656bcbab0 kernel: add bcma/ssb fallback SPROM support
This adds generic kernel support for Broadcom Fallback SPROMs so that it can be
used in any target, even non Broadcom ones.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-23 12:18:35 +02:00
Álvaro Fernández Rojas
876be833c7 broadcom-sprom: add new package
This adds a new package with Broadcom SPROMs that can be used as fallback when
the devices lack physical SPROMs.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-23 12:18:35 +02:00
Daniel Golle
cc00e22029 uboot-mediatek: add TP-Link TL-XDR4288 and TL-XDR608x
TP-Link TL-XDR608x comes with locked vendor loader. Add U-Boot build
for replacement loader for both TL-XDR6086 and TL-XDR6088. The only
difference at U-Boot level is the different filename requested via
TFTP, matching the corresponding OpenWrt build artifacts for each
device.

The TP-Link TL-XDR4288 has the same hardware as the TP-Link TL-XDR6088
except for the wireless part. Also create a uboot for the TP-Link
TL-XDR4288.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[rebase to uboot 23.04, correct led and button]
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2023-04-22 04:10:19 +01:00
Nick Hainke
b64c471b8e libpcap: update to 1.10.4
Changes:
https://git.tcpdump.org/libpcap/blob/104271ba4a14de6743e43bcf87536786d8fddea4:/CHANGES

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-22 02:35:19 +02:00
Andrew Sim
a247f49794
ksmbd: update to latest 3.4.8 release
Changelog: https://github.com/cifsd-team/ksmbd/releases/tag/3.4.8

Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
2023-04-20 14:23:04 +02:00
Daniel Golle
42eeb22450 uboot-mediatek: fix factory/reset button
U-Boot commit ea6fdc13595 ("dm: button: add support for linux_code in
button-gpio.c driver") makes it mandatory to specify linux,code for all
buttons. As that broke handling of the reset button in U-Boot with the
update to U-Boot 2023.04, add linux,code for all butons.

Reported-by: @DragonBluep
Fixes: 50f7c5af4a ("uboot-mediatek: update to v2023.04")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-20 11:40:24 +01:00
Stefan Lippers-Hollmann
9931188edc kernel: fix up qrtr packaging after 5.15.107 bump
qrtr/ns.ko is now merged into qrtr/qrtr.ko, so drop the individual module packaging.

Fixes: f4989239cc ("kernel: bump 5.15 to 5.15.107")
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> #ipq807x/ax3600, x86_64/FW-7543B, mt7621/dap-x1860
2023-04-19 00:59:00 +02:00
Kabuli Chana
ab3f151aa8 mwlwifi: update to version 10.3.9.0-20230311
upstream PR 408 improvements:
 -Fix AMSDU packets unused
 -Removed the ASMDU packets queue
 -Add more info in the iw tool
 -fix is_hw_crypto_enabled
 -Optimization AMPDU_TX_OPERATIONAL (avoid a spinlock)

change to wongsyrone mod

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2023-04-19 00:48:21 +02:00
Robert Marko
f7f47b1369
mac80211: ath11k: replace 160MHz fix with upstream pending one
QCA has finally sent a proper fixup for the 160MHz regression upstream,
so lets use the pending fix which also properly sets center frequency 2
in case 80+80 MHz is used.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-04-18 13:59:12 +02:00
Michał Kępień
27acf2413e
yafut: add a kernel update tool for MikroTik NAND
Commit 9d96b6fb72 ("ath79/mikrotik: disable building NAND images")
disabled building images for MikroTik devices with NAND flash due to a
less than satisfactory method used for updating the kernel on those
devices back then.

To address the problem, add support for updating the kernel on MikroTik
devices with NAND flash using a new tool, Yafut, which enables copying
files from/to Yaffs file systems even if the kernel does not have native
support for the Yaffs file system compiled in.  Instead of erasing the
entire NAND partition holding the kernel during every system upgrade
(which is what the previously-used approach employing kernel2minor
involved), Yafut preserves the Yaffs filesystem present on that
partition and only replaces the kernel executable.  This allows bad
block information to be preserved across sysupgrade runs and also
enables wear leveling on the NAND partition holding the kernel.  Yafut
does not rely on kernel2minor in any way and intends to eventually
supersede the latter for NAND devices.

Signed-off-by: Michał Kępień <openwrt@kempniu.pl>
2023-04-18 13:53:04 +02:00
Felix Fietkau
e722b667c5 mac80211: update to v6.1.24
Drop patches accepted upstream

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-04-18 10:43:06 +02:00
Felix Fietkau
10eb3fa35a netifd: update to the latest version
7de5440a520f device: fix segfault when recreating devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-04-17 13:14:43 +02:00
Nick Hainke
36c30bee5e tcpdump: update to 4.99.4
Fixes CVE-2023-1801.

Changelog can be found here:
https://git.tcpdump.org/tcpdump/blob/55bc126b0216cfe409b8d6bd378f65679d136ddf:/CHANGES

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-17 15:32:48 +08:00
Daniel Golle
00a240e77f uboot-mediatek: fix build for RAVPower RP-WD009
Updating to U-Boot 2023.04 broke the build for the RAVPower RP-WD009
MT7628 board. This was due to upstream conversion of CONFIG_* to CFG_*
which was not applied to our downstream patch adding support for the
RAVPower RP-WD009 device.

Apply CONFIG_* to CFG_* converion analog to what has been done also
for mt7928_rfb upstream.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-14 17:54:54 +01:00
Matthias Schiffer
4f1c2e8dee
uclient: update to Git version 2023-04-13
007d94546749 uclient: cancel state change timeout in uclient_disconnect()
644d3c7e13c6 ci: improve wolfSSL test coverage
dc54d2b544a1 tests: add certificate check against letsencrypt.org

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2023-04-13 20:51:05 +02:00
Daniel Golle
50f7c5af4a uboot-mediatek: update to v2023.04
Update to next U-Boot timed release.
Remove now obsolete patch
100-01-board-mediatek-add-more-network-configurations.patch
Default IP addresses are now dealt with in Kconfig, no longer in board-
specific C header files.

Add patches to restore ANSI support in bootmenu which was broken upstream,
always use high-speed mode on serial UART for improved stability and fix
an issue with pinconf not being applied on MT7623 resulting in eMMC
being inaccessible when booting from micro SD card.

In order to keep the size of the bootloader on MT7623 below 512kB remove
some unneeded commands on both MT7623 boards.

Tested on:
 * BananaPi BPi-R2 (MT7623N)
 * BananaPi BPi-R3 (MT7986A)
 * BananaPi BPi-R64 (MT7622A)
 * Linksys E8450 (MT7622B)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-12 22:02:27 +01:00
Andre Heider
28e357d528
base-files: add 'isup' to the wifi script
This is a silent command that allows easy wifi up/down automation for
scripts.

It takes one or multiple devices as arguments (or all if none are passed),
and the exit code indicates if any of those is not up.

E.g.:
wifi isup && echo "all wifi devices are up"
wifi isup radio0 || echo "this wifi is down"

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-04-12 19:49:30 +02:00
Andre Heider
8fbe7738b9
base-files: use named variables in the wifi script
Use the already present but unused $cmd and $dev variables instead of
positional parameters in ubus_wifi_cmd() to improve readability.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-04-12 19:49:22 +02:00
Robert Marko
930e702d72
mac80211: ath11k: sync with ath-next
Synchronize the ath11k backports with the current ath-next tree.

This replaces the management TLV pending fix with the upstreamed one,
fixes traffic flooding when AP and monitor modes are used at the same time,
fixes QCN9074 always showing -95 dBm for station RSSI in dumps,
fixes potential crash on boot if spectral scan is enabled due to writing to
unitialized memory and adds 11d scan offloading for WCN6750 and WCN6855.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-04-12 16:06:03 +02:00
Christian Marangi
69812bf8ed
ipq-wifi: bump to latest git HEAD
b22487d ath11k: qcn8074: Update regDb in every BDF
3add8be ath11k: ipq8074: Update regDb in every BDF
8bb6039 ath11k: ipq8074: add Netgear RAX120v2

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-12 12:02:57 +02:00
Robert Marko
7475321f46 mac80211: ath11k: Remove regulatory intersection
Currently, during initialization ath11k will receive a regulatory event
from the firmware in which it will receive the default regulatory domain
code and accompanying rules list and report those to the kernel.

Then if you try to change the regulatory domain to a different country code
it will do a weird thing in which it will send that to the FW and after
receiving the appropriate regulatory event it will parse the rules.
However, while its parsing there is a weird thing being done, and that is
that new raw rules from FW get intersected with the rules from the default
domain.
This is creating a big issue as the default domain is almost always set to
"US" or just "00" aka world so ath11k will unfairly limit you to the most
restrictive combination of rules based on the default domain and your
desired domain.
For example, in ETSI countries this is causing channels 12 and 13 on 2.4GHz
to not be usable since "US" limits 2.4GHz to 2472MHz instead of 2482MHz
like ETSI countries do.

So, lets do what TIP and even QCA do in their ath11k downstream tree and
completely get rid of the interesection code in ath11k.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-04-11 20:20:18 +02:00
Nick Hainke
fea4ffdef2 uboot-envtools: update to 2023.04
Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-11 17:24:29 +02:00
Rafał Miłecki
c798adad6b base-files: fix nand_upgrade_ubinized()
When using "ubiformat" with stdin it requires passing image size using
the -S argument. Provide it just like we do for "ubiupdatevol".

This fixes:
ubiformat: error!: must use '-S' with non-zero value when reading from stdin

This change fixes sysupgrade for bcm53xx and bcm4908 NAND devices
possibly some other targets too.

Cc: Rodrigo Balerdi <lanchon@gmail.com>
Cc: Daniel Golle <daniel@makrotopia.org>
Fixes: 9710712120 ("base-files: accept gzipped nand sysupgrade images")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Daniel Golle <daniel@makrotopia.org>
Tested-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-04-11 13:42:47 +01:00
Arturas Moskvinas
21d02e598a uboot-sunxi: update support for FriendlyARM ZeroPI
Since commit torvalds/linux@bbc4d71 ("net: phy: realtek: fix rtl8211e rx/tx
delay config") network is broken on the FriendlyELEC(ARM) ZeroPi.

Replaces custom patches with upstream uboot patch:
2527b24f39

Signed-off-by: Arturas Moskvinas <arturas.moskvinas@gmail.com>
2023-04-10 13:50:58 +02:00
Hauke Mehrtens
d679b15d31 mbedtls: Update to version 2.28.3
This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3

The 100-fix-compile.patch patch was merged upstream, see:
https://github.com/Mbed-TLS/mbedtls/issues/6243
https://github.com/Mbed-TLS/mbedtls/pull/7013

The code style of all files in mbedtls 2.28.3 was changed. I took a new
version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this
pull request: https://github.com/Mbed-TLS/mbedtls/pull/6475

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-10 13:36:26 +02:00
Petr Štetiar
57392d6377 kernel: crypto: fix missing dependecies for CRYPTO_USER_API_ENABLE_OBSOLETE
CRYPTO_USER_API_ENABLE_OBSOLETE config symbol depends on CRYPTO_USER so
lets add this dependency to relevant modules.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-04-10 07:36:33 +02:00
Petr Štetiar
8a554a2878 kernel: crypto: fix architecture specific modules
While tracking one bug report related to wrong package dependencies I've
noticed, that a bunch of the crypto modules are actually not
architecture specific, but either board/subtarget (x86/64) or board
(mpc85xx) specific.

So lets fix it, by making those modules architecture specific:

 x86/64  -> x86_64
 mpc85xx -> powerpc

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-04-10 07:36:33 +02:00
Nick Hainke
0c53801968 libcap: update to 2.68
Release Notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.vdh3d47czmle

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-08 15:52:56 +02:00
David Bauer
765f66810a mpc85xx: add support for Enterasys WS-AP3715i
Hardware
--------

SoC:   NXP P1010 (1x e500 @ 800MHz)
RAM:   256M DDR3 (2x Samsung K4B1G1646G-BCH9)
FLASH: 32M NOR (Spansion S25FL256S)
BTN:   1x Reset
WiFi:  1x Atheros AR9590 2.4 bgn 3x3
       2x Atheros AR9590 5.0 an 3x3
ETH:   2x Gigabit Ethernet (Atheros AR8033 / AR8035)
UART:  115200 8N1 (RJ-45 Cisco)

Installation
------------
1. Grab the OpenWrt initramfs, rename it to ap3715.bin. Place it in
   the root directory of a TFTP server and serve it at
   192.168.1.66/24.

2. Connect to the serial port and boot the AP. Stop autoboot in U-Boot
   by pressing Enter when prompted. Credentials are identical to the one
   in the APs interface. By default it is admin / new2day.

3. Alter the bootcmd in U-Boot:

 $ setenv ramboot_openwrt "setenv ipaddr 192.168.1.1;
   setenv serverip 192.168.1.66; tftpboot 0x2000000 ap3715.bin; bootm"

 $ setenv boot_openwrt "sf probe 0; sf read 0x2000000 0x140000 0x1000000;
   bootm 0x2000000"

 $ setenv bootcmd "run boot_openwrt"

 $ saveenv

4. Boot the initramfs image

 $ run ramboot_openwrt

5. Transfer the OpenWrt sysupgrade image to the AP using SCP. Install
   using sysupgrade.

 $ sysupgrade -n <path-to-sysupgrade.bin>

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
Eneas U de Queiroz
c3cb2d48da
openssl: fix CVE-2023-464 and CVE-2023-465
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:

- Excessive Resource Usage Verifying X.509 Policy Constraints
  (CVE-2023-0464)
  Severity: Low
  A security vulnerability has been identified in all supported versions
  of OpenSSL related to the verification of X.509 certificate chains
  that include policy constraints.  Attackers may be able to exploit
  this vulnerability by creating a malicious certificate chain that
  triggers exponential use of computational resources, leading to a
  denial-of-service (DoS) attack on affected systems.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

- Invalid certificate policies in leaf certificates are silently ignored
  (CVE-2023-0465)
  Severity: Low
  Applications that use a non-default option when verifying certificates
  may be vulnerable to an attack from a malicious CA to circumvent
  certain checks.
  Invalid certificate policies in leaf certificates are silently ignored
  by OpenSSL and other certificate policy checks are skipped for that
  certificate.  A malicious CA could use this to deliberately assert
  invalid certificate policies in order to circumvent policy checking on
  the certificate altogether.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466.  It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.

Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-07 11:26:26 +02:00
Robert Marko
3188480092
mac80211: ath11k: Fix invalid mgmt rx frame length issue
FW 2.9 uses multiple TLV-s for the RX mgmt even which driver currently does
not support, so import a pending upstream patch to fix that [1].

[1] https://patchwork.kernel.org/project/linux-wireless/patch/20230320133840.30162-1-quic_nmaran@quicinc.com/

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-04-07 11:11:44 +02:00
Robert Marko
c1f39adaf9
ath11k-firmware: update to WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1
Current WLAN.HK.2.5.0.1 FW is quite old and buggy, but we had to hold off
from updating to 2.6.0.1 and 2.7.0.1 as they had compatibility regressions,
but now QCA finally released 2.9.0.1 FW which is working on all of the
boards.

So finally update IPQ8074 and QCN9074 FW to the latest
WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1 firmware.

In order to do so, we have to switch to using QCA-s QUIC repo instead of
Kalle-s.
QCA-s QUIC repo does not have BDF-s so we have to get the QCN9074 BDF from
Kalles repo.

Tested-by: Mireia Fernández Casals <meirin.f@gmail.com> # Xiaomi AX3600
Tested-by: Francisco G Luna <frangonlun@gmail.com> #Netgear WAX218
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-04-07 11:11:43 +02:00
Eneas U de Queiroz
0dc5fc8fa5
openssl: add legacy provider
This adapts the engine build infrastructure to allow building providers,
and packages the legacy provider.  Providers are the successors of
engines, which have been deprecated.

The legacy provider supplies OpenSSL implementations of algorithms that
have been deemed legacy, including DES, IDEA, MDC2, SEED, and Whirlpool.

Even though these algorithms are implemented in a separate package,
their removal makes the regular library smaller by 3%, so the build
options will remain to allow lean custom builds.  Their defaults will
change to 'y' if not bulding for a small flash, so that the regular
legacy package will contain a complete set of algorithms.

The engine build and configuration structure was changed to accomodate
providers, and adapt to the new style of openssl.cnf in version 3.0.

There is not a clean upgrade path for the /etc/ssl/openssl.cnf file,
installed by the openssl-conf package.  It is recommended to rename or
remove the old config file when flashing an image with the updated
openssl-conf package, then apply the changes manually.

An old openssl.cnf file will silently work, but new engine or provider
packages will not be enabled.  Any remaining engine config files under
/etc/ssl/engines.cnf.d can be removed.

On the build side, the include file used by engine packages was renamed
to openssl-module.mk, so the engine packages in other feeds need to
adapt.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-05 08:24:49 -03:00
Eneas U de Queiroz
0b70d55a64
openssl: make UCI config aware of built-in engines
Engines that are built into the main libcrypto OpenSSL library can't be
disabled through UCI.  Add a 'builtin' setting to signal that the engine
can't be disabled through UCI, and show a message explaining this in
case buitin=1 and enabled=0.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-05 08:24:49 -03:00
Eneas U de Queiroz
975036f6f9
openssl: avoid OPENSSL_SMALL_FOOTPRINT, no-asm
Building openssl with OPENSSL_SMALL_FOOTPRINT yelds only from 1% to 3%
decrease in size, dropping performance from 2% to 91%, depending on the
target and algorithm.

For example, using AES256-GCM with 1456-bytes operations, X86_64 appears
to be the least affected with 2% performance penalty and 1% reduction in
size; mips drops performance by 13%, size by 3%;  Arm drops 29% in
performance, 2% in size.

On aarch64, it slows down ghash so much that I consider it broken
(-91%).  SMALL_FOOTPRINT will reduce AES256-GCM performance by 88%, and
size by only 1%.  It makes an AES-capable CPU run AES128-GCM at 35% of
the speed of Chacha20-Poly1305:

Block-size=1456 bytes   AES256-GCM   AES128-GCM  ChaCha20-Poly1305
SMALL_FOOTPRINT           62014.44     65063.23          177090.50
regular                  504220.08    565630.28          182706.16

OpenSSL 1.1.1 numbers are about the same, so this should have been
noticed a long time ago.

This creates an option to use OPENSSL_SMALL_FOOTPRINT, but it is turned
off by default unless SMALL_FLASH or LOW_MEMORY_FOOTPRINT is used.

Compiling with -O3 instead of -Os, for comparison, will increase size by
about 14-15%, with no measureable effect on AES256-GCM performance, and
about 2% increase in Chacha20-Poly1305 performance on Aarch64.

There are no Arm devices with the small flash feature, so drop the
conditional default.  The package is built on phase2, so even if we
include an Arm device with small flash later, a no-asm library would
have to be built from source anyway.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-05 08:24:49 -03:00
Christian Marangi
75f7e2d10b
odhcpd: bump to latest git HEAD
40ab806 config: use dedicated link local function to check interface
a84bff2 netlink: add support for getting interface linklocal
2ea065f Revert "config: recheck have_link_local on interface reload if already init"
4b38e6b config: fix feature for enabling service only when interface RUNNING

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-04 06:43:23 +02:00
Lech Perczak
90603d443f uqmi: explicitly disconnect IPv6 address family
Some modems (namely, Telit LE910C4) require the IPv6 connection state to
be cleared explicitly, to avoid reporting "no effect" if IPv6
connection is already connected through autoconnect mechanism, or during
LTE default bearer attach, which would lead to established session, but
without a way to inform protocol handler of the status.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-02 18:54:39 +02:00
Lech Perczak
8c445d56f1 uqmi: set IPv6 family explicitly in status check
Some modems require CID to be set explicitly during IPv6 connection
status check, others require IPv6 address family to be checked explicitly
after establishing connection, in order to provide correct status.
Set both fields in the request to satisfy them.

Fixes: c8a88118af ("uqmi: set CID during 'query-data-status' operation")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-02 18:54:39 +02:00
Hauke Mehrtens
18d516a649 libnl-tiny: update to the latest version
f5d9b7e libnl-tiny: fix duplicated branch in family.h
11b7c5f attr: add NLA_S* definitions

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-02 02:25:16 +02:00
Andrey Erokhin
506bb436c6 netifd: strip mask from IP address in DHCP client params
ipaddr option can be in CIDR notation,
but udhcp wants just an IP address

Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
2023-04-01 22:40:35 +02:00
Ian Dall
ed86454578 dnsmasq: configure dynamic dhcp6 and dhcp4 independently
Given ipv6 has SLAAC it is quite plausible to wish to use dynamic
dhcp4 but static dhcp6. This patch keeps dynamicdhcp as the default
option for both, but is overridden by dynamicdhcpv6 or dynamicdhcpv4

Signed-off-by: Ian Dall <ian@beware.dropbear.id.au>
2023-04-01 22:35:13 +02:00
Ruben Jenster
936df715de dnsmasq: add dhcphostsfile to ujail sandbox
The dhcphostsfile must be mounted into the (ujail) sandbox.
The file can not be accessed without this mount.

Signed-off-by: Ruben Jenster <rjenster@gmail.com>
2023-04-01 22:22:49 +02:00
Aleksander Jan Bajkowski
69a14e4230 kernel: modules: tg3: limit to devices with pci support
Kmod-tg3 supports Ethernet adapters over PCIe bus. On targets without
PCI support, this package is empty. Symbol CONFIG_TIGON3 depends on
CONFIG_PCI.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2023-04-01 22:06:26 +02:00
Aleksander Jan Bajkowski
31b1330223 kernel: modules: hfcpci: limit to devices with pci support
Kmod-hfcpci and kmod-hfcmulti supports ISDN adapters over PCI. On targets
without PCI support, this package is empty. Symbol CONFIG_MISDN_HFCMULTI
and CONFIG_MISDN_HFCPCI depends on CONFIG_PCI.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2023-04-01 22:06:26 +02:00
Nick Hainke
fca03b4bad libtraceevent: update to 1.7.2
Changes:
1c6f0f3 libtraceevent: version 1.7.2
73f6a8a libtraceevent: Fix some missing commas in big endian blocks
da2ea6b libtraceevent: Rename "ok" to "token_has_paren" in process_sizeof()
e6f7cfa libtraceevent: No need for testing ok in else if (!ok) in process_sizeof()
a4b1ba5 libtraceevent: Fix double free in parsing sizeof()

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-01 22:02:24 +02:00
Robert Marko
da4f7e51f3 mac80211: ath11k: restore 160MHz support
Recent ath11k sync introduced a regression causing 80+80 and 160MHz to
stop being advertised and thus not selectable due to the respective feature
flags being cleared.

So, until we get answers upstream to what was the reasoning behind this and
it gets fixed, lets just remove the flag clearing to reanable 160MHz.

Fixes: 789a0bac35 ("mac80211: ath11k: sync with ath-next")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-04-01 19:30:48 +02:00
Felix Fietkau
3c3d797c4d busybox: enable taskset by default
This is useful for controlling process affinity on SMP systems

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-04-01 09:16:30 +02:00
Stijn Tintel
53796f9248 arm-trusted-firmware-sunxi: bump to 2.8
Use latest release build instead of a git snapshot. As this tarball
extracts in a trusted-firmware-a-2.8 subdirectory, we no longer need to
override the PKG_NAME defined in trusted-firmware-a.mk. The actual
package name is still the same, so we don't need to update any
dependencies.

Tested on A64-OLinuXino-1Ge16GW.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-04-01 01:22:19 +03:00
Stijn Tintel
17c89fd71f uboot-sunxi: bump to 2020.07
This is the newest release where 210-sunxi-deactivate-binman.patch still
applies.

Tested on A64-Olinuxino-eMMC.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-04-01 01:22:19 +03:00
Felix Fietkau
d54c91bd9a mac80211, mt76: add fixes for recently discovered security issues
Fixes CVE-2022-47522

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-30 11:40:11 +02:00
Szabolcs Hubai
dbd6ebd6d8 comgt: ncm: support Mikrotik R11e-LTE6 modem
The Mikrotik R11e-LTE6 modem is similar to ZTE MF286R modem, added
earlier: it has a Marvel chip, able to work in ACM+RNDIS mode, knows ZTE
specific commands, runs OpenWrt Barrier Breaker fork.
While the modem is able to offer IPv6 address, the RNDIS setup is unable
to complete if there is an IPv6 adress.

While it works in ACM+RNDIS mode, the user experience isn't as good as
with "proto 3g": the modem happily serves a local IP (192.168.1.xxx)
without internet access. Of course, if the modem has enough time
(for example at the second dialup), it will serve a public IP.

Modifing the DHCP Lease (to a short interval before connect and back to
default while finalizing) is a workaround to get a public IP at the
first try.

A safe workaround for this is to excercise an offline script of the
pingcheck program: simply restart (ifdown - ifup) the connection.

Another pitfall is that the modem writes a few messages at startup,
which confuses the manufacturer detection algorithm and got disabled.

    daemon.notice netifd: Interface 'mikrotik' is setting up now
    daemon.notice netifd: mikrotik (2366): Failed to parse message data
    daemon.notice netifd: mikrotik (2366): WARNING: Variable 'ok' does not exist or is not an array/object
    daemon.notice netifd: mikrotik (2366): Unsupported modem
    daemon.notice netifd: mikrotik (2426): Stopping network mikrotik
    daemon.notice netifd: mikrotik (2426): Failed to parse message data
    daemon.notice netifd: mikrotik (2426): WARNING: Variable '*simdetec:1,sim' does not exist or is not an array/object
    daemon.notice netifd: mikrotik (2426): Unsupported modem
    daemon.notice netifd: Interface 'mikrotik' is now down

A workaround for this is to use the "delay" option in the interface
configuration.

I want to thank Forum members dchard (in topic Adding support for
MikroTik hAP ac3 LTE6 kit (D53GR_5HacD2HnD)) [1]
and mrhaav (in topic OpenWrt X86_64 + Mikrotik R11e-LTE6) [2]
for sharing their experiments and works.
Another information page was found at eko.one.pl [3].

[1]: https://forum.openwrt.org/t/137555
[2]: https://forum.openwrt.org/t/151743
[3]: https://eko.one.pl/?p=modem-r11elte

Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
2023-03-29 17:29:02 +02:00
Szabolcs Hubai
91eca7b04f comgt: add quirk for Mikrotik modems based on Mikrotik R11e-LTE6
The MikroTik R11e-LTE6 modem goes into flight mode (CFUN=4) at startup
and the radio is off (*RADIOPOWER: 0):

    AT+RESET
    OK

    OK

    *SIMDETEC:2,NOS

    *SIMDETEC:1,SIM

    *ICCID: 8936500119010596302

    *EUICC: 1

    +MSTK: 11, D025....74F3

    *ADMINDATA: 0, 2, 0

    +CPIN: READY

    *EUICC: 1

    *ECCLIST: 5, 0, 112, 0, 000, 0, 08, 0, 118, 0, 911

    +CREG: 0

    $CREG: 0

    +CESQ: 99,99,255,255,255,255

    *CESQ: 99,99,255,255,255,255,0

    +CGREG: 0

    +CEREG: 0

    +CESQ: 99,99,255,255,255,255

    *CESQ: 99,99,255,255,255,255,0

    *RADIOPOWER: 0

    +MMSG: 0, 0

    +MMSG: 0, 0

    +MMSG: 1, 0

    +MPBK: 1

While the chat script is able to establish the PPP connection,
it's closed instantly by the modem: LCP terminated by peer.

    local2.info chat[7000]: send (ATD*99***1#^M)
    local2.info chat[7000]: expect (CONNECT)
    local2.info chat[7000]: ^M
    local2.info chat[7000]: ATD*99***1#^M^M
    local2.info chat[7000]: CONNECT
    local2.info chat[7000]:  -- got it
    local2.info chat[7000]: send ( ^M)
    daemon.info pppd[6997]: Serial connection established.
    kern.info kernel: [  453.659146] 3g-mikrotik: renamed from ppp0
    daemon.info pppd[6997]: Renamed interface ppp0 to 3g-mikrotik
    daemon.info pppd[6997]: Using interface 3g-mikrotik
    daemon.notice pppd[6997]: Connect: 3g-mikrotik <--> /dev/ttyACM0
    daemon.info pppd[6997]: LCP terminated by peer
    daemon.notice pppd[6997]: Connection terminated.
    daemon.notice pppd[6997]: Modem hangup
    daemon.info pppd[6997]: Exit.
    daemon.notice netifd: Interface 'mikrotik' is now down

Sending "AT+CFUN=1" to modem deactivates the flight mode and
solves the issue:

    daemon.notice netifd: Interface 'mikrotik' is setting up now
    daemon.notice netifd: mikrotik (7051): sending -> AT+CFUN=1
    daemon.notice pppd[7137]: pppd 2.4.9 started by root, uid 0
    local2.info chat[7140]: abort on (BUSY)
    local2.info chat[7140]: abort on (NO CARRIER)
    local2.info chat[7140]: abort on (ERROR)
    local2.info chat[7140]: report (CONNECT)
    local2.info chat[7140]: timeout set to 10 seconds
    local2.info chat[7140]: send (AT&F^M)
    local2.info chat[7140]: expect (OK)
    local2.info chat[7140]: ^M
    local2.info chat[7140]: +CESQ: 99,99,255,255,255,255^M
    local2.info chat[7140]: ^M
    local2.info chat[7140]: *CESQ: 99,99,255,255,255,255,0^M
    local2.info chat[7140]: AT&F^MAT&F^M^M
    local2.info chat[7140]: OK
    local2.info chat[7140]:  -- got it
    ...
    local2.info chat[7140]: send (ATD*99***1#^M)
    local2.info chat[7140]: expect (CONNECT)
    local2.info chat[7140]: ^M
    local2.info chat[7140]: ATD*99***1#^M^M
    local2.info chat[7140]: CONNECT
    local2.info chat[7140]:  -- got it
    local2.info chat[7140]: send ( ^M)
    daemon.info pppd[7137]: Serial connection established.
    kern.info kernel: [  463.094254] 3g-mikrotik: renamed from ppp0
    daemon.info pppd[7137]: Renamed interface ppp0 to 3g-mikrotik
    daemon.info pppd[7137]: Using interface 3g-mikrotik
    daemon.notice pppd[7137]: Connect: 3g-mikrotik <--> /dev/ttyACM0
    daemon.warn pppd[7137]: Could not determine remote IP address: defaulting to 10.64.64.64
    daemon.notice pppd[7137]: local  IP address 100.112.63.62
    daemon.notice pppd[7137]: remote IP address 10.64.64.64
    daemon.notice pppd[7137]: primary   DNS address 185.29.83.64
    daemon.notice pppd[7137]: secondary DNS address 185.62.131.64
    daemon.notice netifd: Network device '3g-mikrotik' link is up
    daemon.notice netifd: Interface 'mikrotik' is now up

To send this AT command to the modem the "runcommand.gcom" script
dependency is moved from comgt-ncm to comgt.
As the comgt-ncm package depends on comgt already, this change
is a NOOP from that point of view.
But from the modem's point it is a low hanging fruit as the modem
is usable with installing comgt and kmod-usb-ncm packages.

Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
2023-03-29 17:29:02 +02:00
Mike Wilson
8f27093ce7 ncm: add error check and retry mechanism for gcom call
This patch solves the problem of receiving "error" responses when
initially calling gcom. This avoids unnecessary NO_DEVICE failures.

A retry loop retries the call after an "error" response within the
specified delay. A successful response will continue with the connection
immediately without waiting for max specified delay, bringing the
interface up sooner.

Signed-off-by: Mike Wilson <mikewse@hotmail.com>
2023-03-28 14:19:33 +02:00
Christian Marangi
42a5917786
ipq-wifi: bump to latest git HEAD
ccd7e46 ipq40xx: add support for Wallystech DR40x9
2ce60e1 Revert "ipq40xx: add support for Wallystech DR40x9"
ea962ca ipq40xx: add Emplus WAP551 BDF

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-27 18:15:13 +02:00
Alexey Bartenev
dc79b51533 ramips: add support for Keenetic Lite III rev. A
General specification:
SoC Type: MediaTek MT7620N (580MHz)
ROM: 8 MB SPI-NOR (W25Q64FV)
RAM: 64 MB DDR (EM6AB160TSD-5G)
Switch: MediaTek MT7530
Ethernet: 5 ports - 5×100MbE (WAN, LAN1-4)
Wireless: 2.4 GHz (MediaTek RT5390): b/g/n
Buttons: 3 button (POWER, RESET, WPS)
Slide switch: 4 position (BASE, ADAPTER, BOOSTER, ACCESS POINT)
Bootloader: U-Boot 1.1.3
Power: 9 VDC, 0.6 A

MAC in stock:
|-	+			|
| LAN 	| RF-EEPROM + 0x04	|
| WLAN	| RF-EEPROM + 0x04	|
| WAN 	| RF-EEPROM + 0x28	|

OEM easy installation
1. Use a PC to browse to http://my.keenetic.net.
2. Go to the System section and open the Files tab.
3. Under the Files tab, there will be a list of system
files. Click on the Firmware file.
4. When a modal window appears, click on the Choose File
button and upload the firmware image.
5. Wait for the router to flash and reboot.

OEM installation using the TFTP method
1. Download the latest firmware image and rename it to
klite3_recovery.bin.
2. Set up a Tftp server on a PC (e.g. Tftpd32) and place the
firmware image to the root directory of the server.
3. Power off the router and use a twisted pair cable to connect
the PC to any of the router's LAN ports.
4. Configure the network adapter of the PC to use IP address
192.168.1.2 and subnet mask 255.255.255.0.
5. Power up the router while holding the reset button pressed.
6. Wait approximately for 5 seconds and then release the
reset button.
7. The router should download the firmware via TFTP and
complete flashing in a few minutes.
After flashing is complete, use the PC to browse to
http://192.168.1.1 or ssh to proceed with the configuration.

Signed-off-by: Alexey Bartenev <41exey@proton.me>
2023-03-27 02:09:58 +02:00
Martin Kennedy
12f52336d2 ath79: Add Aruba AP-175 support
This board is very similar to the Aruba AP-105, but is
outdoor-first. It is very similar to the MSR2000 (though certain
MSR2000 models have a different PHY[^1]).

A U-Boot replacement is required to install OpenWrt on these
devices[^2].

Specifications
--------------
* Device:	Aruba AP-175
* SoC:		Atheros AR7161 680 MHz MIPS
* RAM:		128MB - 2x Mira P3S12D40ETP
* Flash:	16MB MXIC MX25L12845EMI-10G (SPI-NOR)
* WiFi:		2 x DNMA-H92 Atheros AR9220-AC1A 802.11abgn
* ETH:		IC+ IP1001 Gigabit + PoE PHY
* LED:		2x int., plus 12 ext. on TCA6416 GPIO expander
* Console:	CP210X linking USB-A Port to CPU console @ 115200
* RTC:		DS1374C, with internal battery
* Temp:		LM75 temperature sensor

Factory installation:

- Needs a u-boot replacement. The process is almost identical to that
  of the AP105, except that the case is easier to open, and that you
  need to compile u-boot from a slightly different branch:
  https://github.com/Hurricos/u-boot-ap105/tree/ap175

  The instructions for performing an in-circuit reflash with an
  SPI-Flasher like a CH314A can be found on the OpenWrt Wiki
  (https://openwrt.org/toh/aruba/ap-105); in addition a detailed guide
  may be found on YouTube[^3].

- Once u-boot has been replaced, a USB-A-to-A cable may be used to
  connect your PC to the CP210X inside the AP at 115200 baud; at this
  point, the normal u-boot serial flashing procedure will work (set up
  networking; tftpboot and boot an OpenWrt initramfs; sysupgrade to
  OpenWrt proper.)

- There is no built-in functionality to revert back to stock firmware,
  because the AP-175 has been declared by the vendor[^4] end-of-life
  as of 31 Jul 2020. If for some reason you wish to return to stock
  firmware, take a backup of the 16MiB flash before flashing u-boot.

[^1]: https://github.com/shalzz/aruba-ap-310/blob/master/platform/bootloader/apboot-11n/include/configs/msr2k.h#L186

[^2]: https://github.com/Hurricos/u-boot-ap105/tree/ap175

[^3]: https://www.youtube.com/watch?v=Vof__dPiprs

[^4]: https://www.arubanetworks.com/support-services/end-of-life/#product=access-points&version=0

Signed-off-by: Martin Kennedy <hurricos@gmail.com>
2023-03-27 00:27:59 +02:00
Felix Fietkau
3ab670b24e mac80211: fix receiving mesh packets in forwarding=0 networks
When forwarding is set to 0, frames are typically sent with ttl=1.
Move the ttl decrement check below the check for local receive in order to
fix packet drops.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-26 17:19:39 +02:00
Oskari Rauta
1558bbd116 util-linux: add rev utility package
I found use for this in my scripts; I noticed that it is already
compiled with util-linux - there just isn't package for it -
let's package it then.

Description:
The rev utility copies the specified files to the standard output,
reversing the order of characters in everyline.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
2023-03-25 16:39:37 +01:00
Felix Fietkau
9779ee021d mac80211: fix invalid calls to drv_sta_pre_rcu_remove
Potentially fixes some driver data structure corruption issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-24 13:32:51 +01:00
Felix Fietkau
66f0878633 firewall4: update to the latest version
39e8c70957c7 fw4: fix handling the ipset "comment" option
e6e82a55206c fw4: add further symbolic ICMP type declarations
ce9a37829a76 tests: add testcase for automatic includes
30ee17a9c65d fw4: fix syntax errors in ICMP type declarations
1ecfadd52291 fw4: remove accidentally committed .orig and .rej file
04a06bd70b98 fw4: enable flowtable counters

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-24 10:15:23 +01:00
Christian Marangi
eeaa71a3de
odhcpd: bump to latest git HEAD
29c934d config: recheck have_link_local on interface reload if already init

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-24 02:01:07 +01:00
Felix Fietkau
d0a06965e8 mediatek: add kernel code for supporting offloading wlan->eth and wlan->wlan flows
Will be enabled by an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-23 17:54:18 +01:00
Lech Perczak
0eebc6f0dd ath79: support Ruckus ZoneFlex 7341/7343/7363
Ruckus ZoneFlex 7363 is a dual-band, dual-radio 802.11n 2x2 MIMO enterprise
access point. ZoneFlex 7343 is the single band variant of 7363
restricted to 2.4GHz, and ZoneFlex 7341 is 7343 minus two Fast Ethernet
ports.

Hardware highligts:
- CPU: Atheros AR7161 SoC at 680 MHz
- RAM: 64MB DDR
- Flash: 16MB SPI-NOR
- Wi-Fi 2.4GHz: AR9280 PCI 2x2 MIMO radio with external beamforming
- Wi-Fi 5GHz: AR9280 PCI 2x2 MIMO radio with external beamforming
- Ethernet 1: single Gigabit Ethernet port through Marvell 88E1116R gigabit PHY
- Ethernet 2: two Fast Ethernet ports through Realtek RTL8363S switch,
  connected with Fast Ethernet link to CPU.
- PoE: input through Gigabit port
- Standalone 12V/1A power input
- USB: optional single USB 2.0 host port on the -U variants.

Serial console: 115200-8-N-1 on internal H1 header.
Pinout:

H1 ----------
   |1|x3|4|5|
   ----------

Pin 1 is near the "H1" marking.
1 - RX
x - no pin
3 - VCC (3.3V)
4 - GND
5 - TX

Installation:
- Using serial console - requires some disassembly, 3.3V USB-Serial
  adapter, TFTP server, and removing a single PH1 screw.

0. Connect serial console to H1 header. Ensure the serial converter
   does not back-power the board, otherwise it will fail to boot.

1. Power-on the board. Then quickly connect serial converter to PC and
   hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
   you'll enter U-boot shell. Then skip to point 3.
   Connection parameters are 115200-8-N-1.

2. Allow the board to boot.  Press the reset button, so the board
   reboots into U-boot again and go back to point 1.

3. Set the "bootcmd" variable to disable the dual-boot feature of the
   system and ensure that uImage is loaded. This is critical step, and
   needs to be done only on initial installation.

   > setenv bootcmd "bootm 0xbf040000"
   > saveenv

4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed.
   Use the Gigabit interface, Fast Ethernet ports are not supported
   under U-boot:

   > setenv serverip 192.168.1.2
   > setenv ipaddr 192.168.1.1
   > tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7363-initramfs-kernel.bin
   > bootm 0x81000000

5. Optional, but highly recommended: back up contents of "firmware" partition:

   $ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7363_fw_backup.bin

6. Copy over sysupgrade image, and perform actual installation. OpenWrt
   shall boot from flash afterwards:

   $ ssh root@192.168.1.1
   # sysupgrade -n openwrt-ath79-generic-ruckus_zf7363-squashfs-sysupgrade.bin

   After unit boots, it should be available at the usual 192.168.1.1/24.

Return to factory firmware:

1. Copy over the backup to /tmp, for example using scp
2. Unset the "bootcmd" variable:
   fw_setenv bootcmd ""
3. Use sysupgrade with force to restore the backup:
   sysupgrade -F ruckus_zf7363_backup.bin
4. System will reboot.

Quirks and known issues:
- Fast Ethernet ports on ZF7363 and ZF7343 are supported, but management
  features of the RTL8363S switch aren't implemented yet, though the
  switch is visible over MDIO0 bus. This is a gigabit-capable switch, so
  link establishment with a gigabit link partner may take a longer time
  because RTL8363S advertises gigabit, and the port magnetics don't
  support it, so a downshift needs to occur. Both ports are accessible
  at eth1 interface, which - strangely - runs only at 100Mbps itself.
- Flash layout is changed from the factory, to use both firmware image
  partitions for storage using mtd-concat, and uImage format is used to
  actually boot the system, which rules out the dual-boot capability.
- Both radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
  OpenWrt by choice.
  It is controlled by data in the top 64kB of RAM which is unmapped,
  to avoid the interference in the boot process and accidental
  switch to the inactive image, although boot script presence in
  form of "bootcmd" variable should prevent this entirely.
- On some versions of stock firmware, it is possible to obtain root shell,
  however not much is available in terms of debugging facitilies.
  1. Login to the rkscli
  2. Execute hidden command "Ruckus"
  3. Copy and paste ";/bin/sh;" including quotes. This is required only
     once, the payload will be stored in writable filesystem.
  4. Execute hidden command "!v54!". Press Enter leaving empty reply for
     "What's your chow?" prompt.
  5. Busybox shell shall open.
  Source: https://alephsecurity.com/vulns/aleph-2019014
- There is second method to achieve root shell, using command injection
  in the web interface:
  1. Login to web administration interface
  2. Go to Administration > Diagnostics
  3. Enter |telnetd${IFS}-p${IFS}204${IFS}-l${IFS}/bin/sh into "ping"
     field
  4. Press "Run test"
  5. Telnet to the device IP at port 204
  6. Busybox shell shall open.
  Source: https://github.com/chk-jxcn/ruckusremoteshell

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-03-22 22:25:08 +01:00
Lech Perczak
694b8e6521 ath79: support Ruckus ZoneFlex 7351
Ruckus ZoneFlex 7351 is a dual-band, dual-radio 802.11n 2x2 MIMO enterprise
access point.

Hardware highligts:
- CPU: Atheros AR7161 SoC at 680 MHz
- RAM: 64MB DDR
- Flash: 16MB SPI-NOR
- Wi-Fi 2.4GHz: AR9280 PCI 2x2 MIMO radio with external beamforming
- Wi-Fi 5GHz: AR9280 PCI 2x2 MIMO radio with external beamforming
- Ethernet: single Gigabit Ethernet port through Marvell 88E1116R gigabit PHY
- Standalone 12V/1A power input
- USB: optional single USB 2.0 host port on the 7351-U variant.

Serial console: 115200-8-N-1 on internal H1 header.
Pinout:

H1 ----------
   |1|x3|4|5|
   ----------

Pin 1 is near the "H1" marking.
1 - RX
x - no pin
3 - VCC (3.3V)
4 - GND
5 - TX

Installation:
- Using serial console - requires some disassembly, 3.3V USB-Serial
  adapter, TFTP server, and removing a single T10 screw.

0. Connect serial console to H1 header. Ensure the serial converter
   does not back-power the board, otherwise it will fail to boot.

1. Power-on the board. Then quickly connect serial converter to PC and
   hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
   you'll enter U-boot shell. Then skip to point 3.
   Connection parameters are 115200-8-N-1.

2. Allow the board to boot.  Press the reset button, so the board
   reboots into U-boot again and go back to point 1.

3. Set the "bootcmd" variable to disable the dual-boot feature of the
   system and ensure that uImage is loaded. This is critical step, and
   needs to be done only on initial installation.

   > setenv bootcmd "bootm 0xbf040000"
   > saveenv

4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:

   > setenv serverip 192.168.1.2
   > setenv ipaddr 192.168.1.1
   > tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7351-initramfs-kernel.bin
   > bootm 0x81000000

5. Optional, but highly recommended: back up contents of "firmware" partition:

   $ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7351_fw_backup.bin

6. Copy over sysupgrade image, and perform actual installation. OpenWrt
   shall boot from flash afterwards:

   $ ssh root@192.168.1.1
   # sysupgrade -n openwrt-ath79-generic-ruckus_zf7351-squashfs-sysupgrade.bin

   After unit boots, it should be available at the usual 192.168.1.1/24.

Return to factory firmware:
1. Copy over the backup to /tmp, for example using scp
2. Unset the "bootcmd" variable:
   fw_setenv bootcmd ""
3. Use sysupgrade with force to restore the backup:
   sysupgrade -F ruckus_zf7351_backup.bin
4. System will reboot.

Quirks and known issues:
- Flash layout is changed from the factory, to use both firmware image
  partitions for storage using mtd-concat, and uImage format is used to
  actually boot the system, which rules out the dual-boot capability.
- Both radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
  OpenWrt by choice.
  It is controlled by data in the top 64kB of RAM which is unmapped,
  to avoid the interference in the boot process and accidental
  switch to the inactive image, although boot script presence in
  form of "bootcmd" variable should prevent this entirely.
- On some versions of stock firmware, it is possible to obtain root shell,
  however not much is available in terms of debugging facitilies.
  1. Login to the rkscli
  2. Execute hidden command "Ruckus"
  3. Copy and paste ";/bin/sh;" including quotes. This is required only
     once, the payload will be stored in writable filesystem.
  4. Execute hidden command "!v54!". Press Enter leaving empty reply for
     "What's your chow?" prompt.
  5. Busybox shell shall open.
  Source: https://alephsecurity.com/vulns/aleph-2019014
- There is second method to achieve root shell, using command injection
  in the web interface:
  1. Login to web administration interface
  2. Go to Administration > Diagnostics
  3. Enter |telnetd${IFS}-p${IFS}204${IFS}-l${IFS}/bin/sh into "ping"
     field
  4. Press "Run test"
  5. Telnet to the device IP at port 204
  6. Busybox shell shall open.
  Source: https://github.com/chk-jxcn/ruckusremoteshell

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-03-22 22:25:08 +01:00
Christian Marangi
d2fc620d0a
odhcpd: bump to latest git HEAD
7c0f603 router: skip RA and wait for LINK-LOCAL to be assigned
ba30afc config: skip interface setup if interface not IFF_RUNNING
06b111e Revert "odhcpd: Reduce error messages"
90d6cc9 odhcpd: Reduce error messages

Also drop AUTORELEASE since it got deprecated.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-22 06:39:51 +01:00
Robert Marko
1342afcd27
kernel: qca-ssdk: opt-out of LTO
SSDK is doing everything custom, so trying to use mold and/or LTO
fails, so lets opt-out of using both of them.

Signed-off-by: Robert Marko <robimarko@gmail.com>
[a.heider: split and switch to PKG_BUILD_FLAGS]
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:23 +01:00
Andre Heider
9fe7cc62a6
treewide: opt-out of tree-wide LTO usage
These fail to build with LTO enabled or packages depending on them do.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:23 +01:00
Andre Heider
07730ff346
treewide: add support for "lto" in PKG_BUILD_FLAGS
This reduces open coding and allows to easily add a knob to enable
it treewide, where chosen packages can still opt-out via "no-lto".

Some packages used LTO, but not the linker plugin. This unifies 'em
all to attempt to produce better code.
Quoting man gcc(1):
"This improves the quality of optimization by exposing more code to the
link-time optimizer."

Also use -flto=auto instead of -flto=jobserver, as it's not guaranteed
that every buildsystem uses +$(MAKE) correctly.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:22 +01:00
Andre Heider
da3700988d
treewide: add support for "gc-sections" in PKG_BUILD_FLAGS
This reduces open coding and allows to easily add a knob to
enable it treewide, where chosen packages can still opt-out via
"no-gc-sections".

Note: libnl, mbedtls and opkg only used the CFLAGS part without the
LDFLAGS counterpart. That doesn't help at all if the goal is to produce
smaller binaries. I consider that an accident, and this fixes it.

Note: there are also packages using only the LDFLAGS part. I didn't
touch those, as gc might have been disabled via CFLAGS intentionally.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:22 +01:00
Andre Heider
5c545bdb36
treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16
Keep backwards compatibility via PKG_USE_MIPS16 for now, as this is
used in all package feeds.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:22 +01:00
Robert Marko
eb564690c9 ipq40xx: add support for Wallystech DR40x9
Adds support for the Wallys DR40x9 series boards.
They come in IPQ4019 and IPQ4029 versions.
IPQ4019/4029 only differ in that that IPQ4029 is the industrial version that is rated to higher temperatures.

Specifications are:
* CPU: Qualcomm IPQ40x9 (4x ARMv7A Cortex A7) at 716 MHz
* RAM: 512 MB
* Storage: 2MB of SPI-NOR, 128 MB of parallel NAND
* USB 3.0 TypeA port for users
* MiniPCI-E with PCI-E 2.0 link
* MiniPCI-E for LTE modems with only USB2.0 link
* 2 SIM card slots that are selected via GPIO11
* MicroSD card slot
* Ethernet: 2x GBe with 24~48V passive POE
* SFP port (Does not work, I2C and GPIO's not connected on hardware)
* DC Jack
* UART header
* WLAN: In-SoC 2x2 802.11b/g/n and 2x2 802.11a/n/ac
* 4x MMCX connectors for WLAN
* Reset button
* 8x LED-s

Installation instructions:
Connect to UART, pins are like this:
-> 3.3V | TX | RX | GND

Settings are 115200 8n1

Boot initramfs from TFTP:
tftpboot 0x84000000 openwrt-ipq40xx-generic-wallys_dr40x9-initramfs-fit-uImage.itb

bootm

Then copy the sysupgrade image to the /tmp folder and execute sysupgrade -n <image_name>

The board file binary was provided from Wallystech on March 14th 2023
including full permission to use and distribute.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-03-21 16:38:23 +01:00
Koen Vandeputte
7699a5b1d7 ipq-wifi: bump to latest git HEAD
f9cece0 ipq40xx: add support for Wallystech DR40x9

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-03-21 16:38:23 +01:00
Nick Hainke
27a5f33d2c linux-firmware: update to 20230310
Changes:
588dd07 qat: update licence text
a03713d rtl_bt: Update RTL8822C BT USB firmware to 0x0CC6_D2E3
63dac62 rtl_bt: Update RTL8822C BT UART firmware to 0x05C6_D2E3
5adebcf WHENCE: remove duplicate File entries
d32de23 WHENCE: remove trailing white space
24c9df9 linux-firmware: add fw for qat_4xxx
b568bbc Fix symlinks for Intel firmware
f49c572 linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
db6e357 linux-firmware: update firmware for MT7921 WiFi device
4309412 iwlwifi: update core69 and core72 firmwares for Ty device
4cc3eda rtlwifi: Add firmware v16.0 for RTL8710BU aka RTL8188GU
76ad275 brcm: Add nvram for the Lenovo Yoga Book X90F / X90L convertible
1bc8afb brcm: Fix Xiaomi Inc Mipad2 nvram/.txt file macaddr
d02d58a brcm: Add nvram for the Advantech MICA-071 tablet
c51488f rtl_bt: Update RTL8852C BT USB firmware to 0xD7B8_FABF
3653d69 rtl_bt: Add firmware and config files for RTL8821CS
7375bcf rtw89: 8852b: update fw to v0.29.29.0
5148670 rtw89: 8852b: update fw to v0.29.26.0
c600840 liquidio: remove lio_23xx_vsw.bin
23afbfe intel: avs: Add AudioDSP base firmware for CNL-based platforms
284e55d intel: avs: Add AudioDSP base firmware for APL-based platforms
289e3a9 intel: avs: Add AudioDSP base firmware for SKL-based platforms
c7a57ef ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23
6a4e7f6 ath11k: WCN6855 hw2.0: update board-2.bin
0e2486b ath11k: WCN6750 hw1.0: update board-2.bin
f48fbe4 ath11k: IPQ5018 hw1.0: add to WLAN.HK.2.6.0.1-00861-QCAHKSWPL_SILICONZ-1
9dacec6 ath11k: IPQ5018 hw1.0: add board-2.bin
15054af ath10k: QCA6174 hw3.0: update firmware-sdio-6.bin to version WLAN.RMH.4.4.1-00174
024cc5e ath10k: WCN3990 hw1.0: update board-2.bin
a253a37 cnm: update chips&media wave521c firmware.
c0a0bc2 amdgpu: Update GC 11.0.1 firmware
4296b7a intel: catpt: Add AudioDSP base firmware for BDW platforms
f79e4ba linux-firmware: Update AMD cpu microcode
1fd4c55 brcm: revert firmware files for Cypress devices
5aa0b27 brcm: restore previous firmware file for BCM4329 device
c3f3baa rtw88: 8822c: Update normal firmware to v9.9.14
c1181ae i915: Add DMC v2.11 for MTL
2fd61bc linux-firmware: Add firmware for Cirrus CS35L41 on UM3402 ASUS Laptop
a60d908 linux-firmware: Add missing tuning files for HP Laptops using Cirrus Amps
a5046f4 i915: Add DMC v2.18 for ADLP
5c11a37 amdgpu: Add VCN 4.0.2 firmware
5fe2d73 amdgpu: Add PSP 13.0.4 firmware
a3332f8 amdgpu: Add SDMA 6.0.1 fimware
4535de6 amdgpu: Add GC 11.0.1 firmware
2e93e4c amdgpu: Add DCN 3.1.4 firmware
3435843 iwlwifi: remove old intermediate 5.15+ firmwares
494389c iwlwifi: remove 5.10 and 5.15 intermediate old firmwares
177c593 iwlwifi: remove 5.4 and 5.10 intermediate old firmwares
fa3a6d5 iwlwifi: remove 4.19 and 5.4 intermediate old firmwares
d11eb6f iwlwifi: remove old unsupported older than 4.14 LTS
bb2d42d linux-firmware: update firmware for MT7921 WiFi device
3f0f338 linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
f88f1f8 amdgpu: update vangogh firmware

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-20 23:35:18 +01:00
Alexandru Gagniuc
7801161c4b ipq807x: add support for Netgear WAX218
Netgear WAX218 is a 802.11ax AP claiming AX3600 support. It is wall
or ceiling mountable. It can be powered via PoE, or a 12 V adapter.

The board has footprints for 2.54mm UART headers. They're difficult to
solder because the GND is connected to a large copper plane. Only try
soldering if you are very skilled. Otherwise, use pogo pins.

Specifications:
---------------
    * CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
    * RAM: 366 MB of RAM available to OS, not sure of total amount
    * Storage: Macronix MX30UF2G18AC 256MB NAND
    * Ethernet:
            * 2.5G RJ45 port (QCA8081) with PoE input
    * WLAN:
            * 2.4GHz/5GHz with 8 antennas
    * LEDs:
            * Power (Amber)
            * LAN (Blue)
            * 2G WLAN (Blue)
            * 5G WLAN (Blue)
    * Buttons:
            * 1x Factory reset
    * Power: 12V DC Jack
    * UART: Two 4-pin unpopulated headers near the LEDs
            * "J2 UART" is the CPU UART, 3.3 V level

Installation:
=============

Web UI method
-------------

Flashing OpenWRT using the vendor's Web UI is problematic on this
device. The u-boot mechanism for communicating the active rootfs is
antiquated and unreliable. Instead of setting the kernel commandline,
it relies on patching the DTS partitions of the nand node. The way
partitions are patched is incompatible with newer kernels.

Newer kernels use the SMEM partition table, which puts "rootfs" on
mtd12. The vendor's Web UI will flash to either mtd12 or mtd14. One
reliable way to boot from mtd14 and avoid boot loops is to use an
initramfs image.

 1. In the factory web UI, navigate to System Manager -> Firmware.
 2. In the "Local Firmware Upgrade" section, click Browse
 3. Navigate and select the 'web-ui-factory.fit' image
 4. Click "Upload"
 5. On the following page, click on "Proceed"

The flash proceeds at this point and the system will reboot
automatically to OpenWRT.

 6. Flash the 'nand-sysupgrade.bin' using Luci or the commandline

SSH method
----------

Enable SSH using the CLI or Web UI. The root account is locked out to
ssh, and the admin account defaults to Netgear's CLI application.
So we need to get creative:

First, make sure the device boots from the second firmware partition:

    ssh -okexalgorithms=diffie-hellman-group14-sha1 admin@<ipaddr> \
        /usr/sbin/fw_setenv active_fw 1

Then reboot the device, and run the update:

    scp -O -o kexalgorithms=diffie-hellman-group14-sha1 \
        -o hostkeyalgorithms=ssh-rsa \
        netgear_wax218-squashfs-nand-factory.ubi \
        admin@<ipaddr>:/tmp/openwrt.ubi

    ssh -okexalgorithms=diffie-hellman-group14-sha1 admin@<ipaddr> \
        /usr/sbin/ubiformat /dev/mtd12 -f /tmp/openwrt.ubi

    ssh -okexalgorithms=diffie-hellman-group14-sha1 admin@<ipaddr> \
        /usr/sbin/fw_setenv active_fw 0

Now reboot the device, and it should boot into a ready-to-use OpenWRT.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Tested-by: Francisco G Luna <frangonlun@gmail.com>
2023-03-20 11:40:36 -05:00
Robert Marko
789a0bac35 mac80211: ath11k: sync with ath-next
Synchronize the ath11k backports with the current ath-next tree.

This brings in actually setting the MU-MIMO parameters in HW and 6GHz
regulatory support along with some minor resource handling fixes.

This allows to easily backport further fixes as cherry picking them has
started requiring manual conflict resolution.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-03-20 12:23:11 +01:00
Nick Hainke
d033c3ba87
mac80211: mark patches accepted upstream
Add kernel tags to the patches that got accepted upstream.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-19 18:10:36 +01:00
Kristjan Krušič
cd47a58b73
ipq-wifi: bump to latest git HEAD
31ff96d ipq806x: add support for Nokia Airscale AC400i
1af1df2 ath11k: ipq8074: add Netgear WAX218

Signed-off-by: Kristjan Krušič <kristjan.krusic@krusic22.com>
2023-03-19 18:02:35 +01:00
Kristjan Krušič
f574b535eb
ipq806x: add support for Nokia Airscale AC400i
Hardware
--------

SoC:    Qualcomm IPQ8065
RAM:    512 MB DDR3
Flash:  256 MB NAND (Macronix MX30UF2G18AC) (split into 2x128MB)
        4 MB SPI-NOR (Macronix MX25U3235F)
WLAN:   Qualcomm Atheros QCA9984 - 2.4Ghz
        Qualcomm Atheros QCA9984 - 5Ghz
ETH:    eth0 - POE (100Mbps in U-Boot, 1000Mbps in OpenWrt)
        eth1 - (1000Mbps in both)
        Auto-negotiation broken on both.
USB:    USB 2.0
LED:    5G, 2.4G, ETH1, ETH2, CTRL, PWR (All support green and red)
BTN:    Reset
Other:  SD card slot (non-functional)
Serial: 115200bps, near the Ethernet transformers, labeled 9X.
        Connections from the arrow to the 9X text:
		[NC] - [TXD] - [GND] - [RXD] - [NC]

Installation
------------

0. Connect to the device
Plug your computer into LAN2 (1000Mbps connection required).
If you use the LAN1/POE port, set your computer to force a 100Mbps link.

Connect to the device via TTL (Serial) 115200n8.
Locate the header (or solder pads) labeled 9X,
near the Ethernet jacks/transformers.
There should be an arrow on the other side of the header marking.
The connections should go like this:
(from the arrow to the 9X text): NC - TXD - GND - RXD - NC

1. Prepare for installation
While the AP is powering up, interrupt the startup process.
MAKE SURE TO CHECK YOUR CURRENT PARTITION!

If you see: "Current Partition is : partB" or
"Need to switch partition from partA to partB",
you have to force the device into partA mode, before continuing.
This can be done by changing the PKRstCnt to 5 and resetting the device.

setenv PKRstCnt 5
saveenv
reset

After you interrupt the startup process again,
you should see: Need to switch partition from partB to partA

You can now continue to the next step.

If you see: "Current Partition is : partA",
you can continue to the next step.

2. Prevent partition switching.
To prevent the device from switching partitions,
we are going to modify the startup command.
set bootcmd "setenv PKRstCnt 0; saveenv; bootipq"
setenv

3. First boot
Now, we have to boot the OpenWrt intifs.
The easiest way to do this is by using Tiny PXE.
You can also use the normal U-Boot tftp method.

Run "bootp" this will get an IP from the DHCP server
and possibly the firmware image.
If it doesn't download the firmware image, run "tftpboot".

Now run "bootm" to run the image.

You might see:
"ERROR: new format image overwritten - must RESET the board to recover"
this means that the image you are trying to load is too big.
Use a smaller image for the initial boot.

4. Install OpenWrt from initfs
Once you are booted into OpenWrt,
transfer the OpenWrt upgrade image and
use sysupgrade to install OpenWrt to the device.

Signed-off-by: Kristjan Krušič <kristjan.krusic@krusic22.com>
2023-03-19 18:02:34 +01:00
Nick Hainke
ab514c28a8 nftables: update to 1.0.7
Release Notes:
https://marc.info/?l=netfilter-devel&m=167873533214563&w=2

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-19 17:00:45 +01:00
Nick Hainke
8d975708fc libnftnl: update to 1.2.5
Upstream switched to "tar.xz".

Release Notes:
https://www.spinics.net/lists/netfilter/msg61016.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-19 17:00:45 +01:00
Christian Marangi
2e72ee1b23
ipq-wifi: bump to latest git HEAD
86180c4 ath10k-firmware: IPQ4019 hw1.0:  Rename variant to ZTE MF18A specific BDF

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-18 12:46:33 +01:00
Christian Marangi
880b4811c2
ipq-wifi: bump to latest git HEAD
1f35a8c ath10k-firmware: IPQ4019 hw1.0:  Add variant to Teltonika RUTX10 specific BDF
a49672f ath10k-firmware: QCA99X0 hw2.0:  Add variant to ZTE MF18A specific BDF

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-18 12:06:13 +01:00
John Audia
fbfec3286e kernel: tcindex classifier has been retired
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.15.100&id=7c183dc0af472dec33d2c0786a5e356baa8cad19

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-03-18 12:48:27 +01:00
Eneas U de Queiroz
1781e7408a
uencrypt: split common and library-specific code
This splits the code in 4 files:
 - uencrypt.h
 - uencrypt.c - main program
 - uencrypt-openssl.c - OpenSSL/wolfSSL implementation
 - uencrypt-mbedtls - mbedTLS implementation

Other changes, accounting for ~400 bytes increase in ipk size:
 - more error condition checking and reporting,
 - hide key and iv command line arguments

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-03-17 17:22:54 -03:00
Eneas U de Queiroz
4662adef2a
uencrypt: add support for mbedtls
This commit includes some additional changes:
 - better handling of iv and keys in openssl/wolfssl variants
 - fix compiler warnings and whitespace
 - build all 3 variants as separate packages
 - adjust the new package name in targets' DEVICE_PACKAGES
 - remove PKG_FLAGS:=nonshared

[Beeline SmartBox Flash - OK]
Tested-by: Mikhail Zhilkin <csharper2005@gmail.com>
[after test: replaced a hardcoded IV size of 16 by cipher_info->iv_size]
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-03-17 17:22:53 -03:00
Mantas Pucka
93b7f0f0ed
ipq-wifi: bump to latest git HEAD and add 8devices boards
2dae618 ipq-wifi: update 8devices Jalapeno BDF
08e92db ipq-wifi: update 8devices Habanero BDF

Signed-off-by: Mantas Pucka <mantas@8devices.com>
[ split ipq40xx changes in separate commit ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-17 14:35:49 +01:00
Christian Marangi
6634fb00dd
rpcd: bump to latest git HEAD
d978830 rc: add option to get info for a single script in list method
632b4fc rc: add option to skip running check for list method
5577db9 rc: add support for scanning USE_PROCD and skip running if not supported
4de3f02 rc: fix and improve script scanning START and STOP

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-17 03:34:50 +01:00
Christian Marangi
f576762814
firmware: ipq-wifi: use project branch and drop local file
Source BDF files out of project dedicated repository and drop local file
from openwrt main repository.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-15 16:26:57 +01:00
Mark Mentovai
8dea8bde2a
odhcp6c: add "verbose" option
odhcp6c logs messages related to its activity when invoked with -v, but
there is no way to configure this from within OpenWrt. This adds a UCI
option to turn on odhcp6c logging, disabled by default. To enable, set,
for example, network.wan6.verbose = 1.

Signed-off-by: Mark Mentovai <mark@mentovai.com>
2023-03-14 22:47:34 +01:00
Nick Hainke
56f4d5ec6b elfutils: update to 1.89
Release Notes:
https://sourceware.org/pipermail/elfutils-devel/2023q1/006023.html

Refresh patch:
- 003-libintl-compatibility.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-12 13:54:50 +01:00
Nick Hainke
166ab6f90e strace: update to 6.2
Release Notes:
https://github.com/strace/strace/releases/tag/v6.2

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-10 20:57:32 +01:00
Hauke Mehrtens
73db6ca08b kernel: modules: add missing kmod-mdio-devres for lan743x
This fixes a build problem on some targets.

Fixes: 3e9005546a ("kernel: modules: package Microchip LAN743x PCIe gigE driver")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-10 01:45:38 +01:00
Hauke Mehrtens
d9a00c5e2d binutils: Deactivate msgpack
Deactivate the msgpack option. The binutils build might detect the
libmsgpackc.so.2 library and will try to link against it, if it is not
explicitly deactivated.

This prevents the following build errors seen in the build bots.
Package binutils is missing dependencies for the following libraries:
libmsgpackc.so.2

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-09 21:38:17 +01:00
Chuanhong Guo
f30757b94e
kernel: modules: add missing kmod-ptp for lan743x
Fixes: 3e9005546a ("kernel: modules: package Microchip LAN743x PCIe gigE driver")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2023-03-09 17:27:15 +08:00
Tim Harvey
3e9005546a kernel: modules: package Microchip LAN743x PCIe gigE driver
Package the Microchip LAN743x PCIe gigE driver

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2023-03-08 23:57:13 +01:00
Aleksey Nasibulin
d45659a571 ramips: add support for SNR-CPE-ME2-SFP
SNR-CPE-ME2-SFP is a wireless router with SFP cage manufactured by SNR/NAG company.

Specification:
- SoC: MediaTek MT7621A
- CPU: 880MHz
- Flash: 16 MB (GD25Q127CSIG)
- RAM:  256 MB
- WLAN: 2.4 GHz, 5 GHz (MediaTek MT7615DN)
- Ethernet: 4x 10/100/1000 Mbps
- SFP cage (using RTL8211FS-CG)
- USB 3.0 port
- Power: 12 VDC, 2 A

Flash instruction via TFTP:
1. Boot SNR-CPE-ME2 to recovery mode
  (press reset button and power on device, hold button for ~10 seconds)
2. Send firmware via TFTP client:
 TFTP Server address: 192.168.1.1
 TFTP Client address: 192.168.1.131
3. Wait ~120 seconds to complete flashing
4. Do sysupgrade using web-interface

MAC Addresses(stock)
--------------------
+----------+------------------+-------------------+
| use      | address          | example           |
+----------+------------------+-------------------+
| Device   | label            | 6A:C4:DD:xx:xx:28 |
| Ethernet | + 1              | 6A:C4:DD:xx:xx:29 |
| 2g       | + 2              | 6A:C4:DD:xx:xx:2A |
| 5g       | + 3              | 6A:C4:DD:xx:xx:2B |
+----------+------------------+-------------------+

Notes:
- Reading sfp eeprom is not supported [1] (driver issue). Stock image has the same situation.

References:
1. https://forum.openwrt.org/t/mt7621-and-reading-sfp-eeprom/152249

Signed-off-by: Aleksey Nasibulin <alealexpro100@ya.ru>
2023-03-08 23:44:59 +01:00
Felix Fietkau
9d8374cadc qosify: update to the latest version
ca4509cf84d2 bpf: switch to using bpf_skb_utils.h
d064439009d0 qosify-bpf: skip unnecessary flow lookups
9c625ae96f2d map: fix deleting port based rules
9a47ea4b683d map: fix return code check for bpf_map_get_next_key calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 21:53:37 +01:00
David Bauer
35f6d79513 mpc85xx: add support for Watchguard Firebox T10
Hardware
--------
SoC:    Freescale P1010
RAM:    512MB
FLASH:  1 MB SPI-NOR
        512 MB NAND
ETH:    3x Gigabite Ethernet (Atheros AR8033)
SERIAL: Cisco RJ-45 (115200 8N1)
RTC:    Battery-Backed RTC (I2C)

Installation
------------

1. Patch U-Boot by dumping the content of the SPI-Flash using a SPI
   programmer. The SHA1 hash for the U-Boot password is currently
   unknown.

   A tool for patching U-Boot is available at
   https://github.com/blocktrron/t10-uboot-patcher/

   You can also patch the unknown password yourself. The SHA1 hash is
   E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA

2. Interrupt the bootmenu by pressing CTRL+C. A password prompt appears.
   The patched password is '1234' (without quotation marks)

3. Download the OpenWrt initramfs image. Copy it to a TFTP server
   reachable at 10.0.1.13/24 and rename it to uImage.

4. Connect the TFTP server to ethernet port 0 of the Watchguard T10.

5. Download and boot the initramfs image by entering "tftpboot; bootm;"
   in U-Boot.

6. After OpenWrt booted, create a UBI volume on the old data partition.
   The "ubi" mtd partition should be mtd7, check this using

   $ cat /proc/mtd

   Create a UBI partition by executing

   $ ubiformat /dev/mtd7 -y

7. Increase the loadable kernel-size of U-Boot by executing

   $ fw_setenv SysAKernSize 800000

8. Transfer the OpenWrt sysupgrade image to the Watchguard T10 using
   scp. Install the image by using sysupgrade:

   $ sysupgrade -n <path-to-sysupgrade>

   Note: The LAN ports of the T10 are 1 & 2 while 0 is WAN. You might
   have to change the ethernet-port.

9. OpenWrt should now boot from the internal NAND. Enjoy.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-03-07 14:05:02 +01:00
Felix Fietkau
635d177ac9 hostapd: enable radius server support
This is useful in combination with the built-in eap server support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 10:24:05 +01:00
Felix Fietkau
cf992ca862 hostapd: add missing return code for the bss_mgmt_enable ubus method
Fixes bogus errors on ubus calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 10:24:05 +01:00
Felix Fietkau
d10e1b4a71 hostapd: add support for defining multiple acct/auth servers
This allows adding backup servers, in case the primary ones fail.
Assume that port and shared secret are going to be the same.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 10:24:05 +01:00
Eneas U de Queiroz
c75cd5f602
openssl: fix variable reference in conffiles
Fix the trivial abscence of $() when assigning engine config files to
the main libopenssl-config package even if the corresponding engines
were not built into the main library.

This is mostly cosmetic, since scripts/ipkg-build tests the file's
presence before it is actually included in the package's conffiles.

Fixes: 30b0351039 "openssl: configure engine packages during install"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-03-06 18:11:36 -03:00
Eneas U de Queiroz
387c2df15c
openssl: fix sysupgrade failure with devcrypto
The bump to 3.0.8 inadvertently removed patches that are needed here,
but were not adopted upstream.  The most important one changes the
default value of the DIGESTS setting from ALL to NONE.  The absence of
this patch causes a sysupgrade failure while the engine is in use with
digests enabled.  When this happens, the system fails to boot with a
kernel panic.

Also, explicitly set DIGESTS to NONE in the provided config file, and
change the default ciphers setting to disable ECB, which has been
recommended for a long time and may cause trouble with some apps.

The config file change by itself is not enough because the config file
may be preserved during sysupgrade.

For people affected by this bug:

You can either:
1. remove, the libopenssl-devcrypto package
2. disable the engine in /etc/config/openssl;
3. change /etc/ssl/engines.cnf.d/devcrypto.cnf to set DIGESTS=NONE;
4. update libopenssl-devcrypto to >=3.0.8-3

However, after doing any of the above, **you must reboot the device
before running sysupgrade** to ensure no running application is using
the engine.  Running `/etc/init.d/openssl restart` is not enough.

Fixes: 7e7e76afca "openssl: bump to 3.0.8"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-03-06 18:09:13 -03:00
Hauke Mehrtens
a03076cc39 binutils: Update to version 2.40
binutils 2.39: https://lists.gnu.org/archive/html/info-gnu/2022-08/msg00002.html
binutils 2.40: https://lists.gnu.org/archive/html/info-gnu/2023-01/msg00003.html

This version includes a new libsframe.so library, pack it into the
libbfd package as it is used by this library. Also deactivate some
optional configuration options for now.

An extra patch to fix compile problem in AARCH64 is added.
gprofng needs a C++ standard library, deactivate it for now.

Activate feature-disassembler-init-styled in bpftools too to fix
compilation with the updated binutils.

An bpftool version 7.0 or later is needed for binutils 2.39 and later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-05 19:23:42 +01:00
Hauke Mehrtens
26a65e852c bpftool: Update to version 7.1.0
bpftool changelog: https://github.com/libbpf/bpftool/releases
libbpf changelog: https://github.com/libbpf/libbpf/releases

This updates the bfptool to version 7.1.0. This also includes an update
of the libbpf to version 1.1.

This also adds some new feature options and removes some old ones which
were also removed form the source code. zlib for example is now
mandatory.

Add -flto also to LD flags to make it really work.

Before this change bpftool was on a git commit between version 6.7 and
6.8 and libbpf was on a commit between version 0.7 and 0.8.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-05 19:23:42 +01:00
Rosen Penev
d650ca9247 mac80211: enable ATH9K_HWRNG
in kernel 5.17, fcd09c90c3c5254b18ef34e30c57c65d34290a84 integrated it
better with thee random framework.

Gives boot time randomness on supported devices.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2023-03-05 19:13:22 +01:00
Rosen Penev
44c24b3ac5 ksmbd: update to 3.4.7
Remove upstreamed patches.

Switch to normal tarballs. Codeload recently had a reproducibility issue.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2023-03-05 18:48:40 +01:00
Tim Harvey
8298270b60 kernel: add kmod-hwmon-max6642 support
Add package for Maxim MAX6642 i2c based temperature sensor.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2023-03-05 16:45:25 +01:00
Hauke Mehrtens
11822d8be2 uci: update to git HEAD
5de3871 cli: drop redundant uci_add_delta_path() call for -P
f49a2fd delta: simplify uci_load_delta() by using a helper
9b6605e uci: fix use-after-free uci_set on update option
b7ceda9 uci: maintain option position in uci_set
7e01d66 uci: optimize update option in uci_set
47697e6 uci: fix use-after-free uci_add_list
74f2797 uci: fix atomicity of uci_add_list
b2f3417 uci: maintain option position in uci_add_list
16e8a3b uci: fix memory leak uci_set on update section
ae61e1c uci: optimize update section in uci_set
04d0c46 uci: macro uci_alloc_element not in uci.h

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-05 16:39:24 +01:00
Nick Hainke
69ff678711 dtc: update to 1.7.0
Changelog:
039a994 Bump version to v1.7.0
3f29d6d pylibfdt: add size_hint parameter for get_path
2022bb1 checks: Update #{size,address}-cells check for 'dma-ranges'
abbd523 pylibfdt: Work-around SWIG limitations with flexible arrays
a41509b libfdt: Replace deprecated 0-length arrays with proper flexible arrays
2cd89f8 dtc: Warning rather than error on possible truncation of cell values
55778a0 libfdt: tests: add get_next_tag_invalid_prop_len
7359034 libfdt: prevent integer overflow in fdt_next_tag
035fb90 libfdt: add fdt_get_property_by_offset_w helper
98a0700 Makefile: fix infinite recursion by dropping non-existent `%.output`
a036cc7 Makefile: limit make re-execution to avoid infinite spin
c6e9210 libdtc: remove duplicate judgments
e37c256 Don't generate erroneous fixups from reference to path
5045465 libfdt: Don't mask fdt_get_name() returned error
e64a204 manual.txt: Follow README.md and remove Jon
f508c83 Update README in MANIFEST.in and setup.py to README.md
c2ccf8a Add description of Signed-off-by lines
90b9d9d Split out information for contributors to CONTRIBUTING.md
0ee1d47 Remove Jon Loeliger from maintainers list
b33a73c Convert README to README.md
7ad6073 Allow static building with meson
fd9b8c9 Allow static building with make
fda71da libfdt: Handle failed get_name() on BEGIN_NODE
c7c7f17 Fix test script to run also on dash shell
01f23ff Add missing relref_merge test to meson test list
ed31080 pylibfdt: add FdtRo.get_path()
c001fc0 pylibfdt: fix swig build in install
26c54f8 tests: add test cases for label-relative path references
ec7986e dtc: introduce label relative path references
651410e util: introduce xstrndup helper
4048aed setup.py: fix out of tree build
ff5afb9 Handle integer overflow in check_property_phandle_args()
ca72944 README: Explain how to add a new API function
c0c2e11 Fix a UB when fdt_get_string return null
cd5f69c tests: setprop_inplace: use xstrdup instead of unchecked strdup
a04f690 pylibfdt: add Property.as_*int*_array()
8310271 pylibfdt: add Property.as_stringlist()
d152126 Fix Python crash on getprop deallocation
17739b7 Support 'r' format for printing raw bytes with fdtget
45f3d1a libfdt: overlay: make overlay_get_target() public
c19a4ba libfdt: fix an incorrect integer promotion
1cc41b1 pylibfdt: Add packaging metadata
db72398 README: Update pylibfdt install instructions
383e148 pylibfdt: fix with Python 3.10
23b56cb pylibfdt: Move setup.py to the top level
69a7607 pylibfdt: Split setup.py author name and email
0b106a7 pylibfdt: Use setuptools_scm for the version
c691776 pylibfdt: Use setuptools instead of distutils
5216f3f libfdt: Add static lib to meson build
4eda259 CI: Cirrus: bump used FreeBSD from 12.1 to 13.0
0a3a9d3 checks: Add an interrupt-map check
8fd2474 checks: Ensure '#interrupt-cells' only exists in interrupt providers
d8d1a9a checks: Drop interrupt provider '#address-cells' check
52a16fd checks: Make interrupt_provider check dependent on interrupts_extended_is_cell
37fd700 treesource: Maintain phandle label/path on output
e33ce1d flattree: Use '\n', not ';' to separate asm pseudo-ops
d24cc18 asm: Use assembler macros instead of cpp macros
ff3a30c asm: Use .asciz and .ascii instead of .string
5eb5927 fdtdump: fix -Werror=int-to-pointer-cast
0869f82 libfdt: Add ALIGNMENT error string
69595a1 checks: Fix bus-range check
72d09e2 Makefile: add -Wsign-compare to warning options
b587787 checks: Fix signedness comparisons warnings
69bed6c dtc: Wrap phandle validity check
9102211 fdtget: Fix signedness comparisons warnings
d966f08 tests: Fix signedness comparisons warnings
ecfb438 dtc: Fix signedness comparisons warnings: pointer diff
5bec74a dtc: Fix signedness comparisons warnings: reservednum
24e7f51 fdtdump: Fix signedness comparisons warnings

Remove upstreamed:
- 0001-Support-r-format-for-printing-raw-bytes-with-fdtget.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-05 01:37:24 +01:00
Nick Hainke
79c3f8ce24 mac80211: refresh patches
The last mac80211 commits did not refresh the patches.

Refresh:
- ath/402-ath_regd_optional.patch
- ath10k/080-ath10k_thermal_config.patch
- ath10k/974-ath10k_add-LED-and-GPIO-controlling-support-for-various-chipsets.patch
- ath9k/551-ath9k_ubnt_uap_plus_hsr.patch
- rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-05 01:32:08 +01:00
Chukun Pan
3e4c014008 bpf-headers: fix package category
This removes the non-selectable 'Kernel' item
when make menuconfig.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2023-03-04 17:18:56 +01:00
Felix Fietkau
b934c63518 uboot-mediatek: mark all packages as hidden
They are enabled by selecting devices. Fixes build errors when enabling extra
devices without creating a new config from scratch.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-04 16:27:25 +01:00
Felix Fietkau
f6a7ce2501 mac80211: fix regression in sw a-msdu tx introduced in mesh improvement patches
Fixes: 6262d3eb06 ("mac80211: sync mesh fast xmit patch with upstream requested changes")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-03 11:21:26 +01:00
David Bauer
7662700613 fritz-tools: fix segfault in caldata-extract
* Fix incorrect error message in case input file opening fails
 * Don't close files in case the pointers are invalid

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-03-02 17:04:28 +01:00
Felix Fietkau
19817fa3f5 mac80211: add mesh fast-rx support
This helps bring down rx CPU usage by avoiding calls to the rx handlers in
the slow path. Supports forwarding and local rx, including A-MSDU.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-02 14:04:07 +01:00
Felix Fietkau
23b46b1c61 linux-firmware: add mt7986 offload firmware
This is needed for WED support on MT7986.
Enable it by default for the filogic subtarget.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-02 11:25:17 +01:00
Felix Fietkau
4dd0eaffc1 mt76: update to the latest version
71d84bfb343e wifi: mt76: mt76x0u: report firmware version through ethtool
99d13130b517 wifi: mt76: support ww power config in dts node
09c614734880 Revert "wifi: mt76: mt7996: rely on mt76_connac2_mac_decode_he_radiotap"
e1c9c1cb50a8 mt76: mt7921: Let PCI core handle power state and use pm_sleep_ptr()
34064dbcd72a wifi: mt76: mt7921e: add pci .shutdown() support
18ccfa73a9e2 wifi: mt76: remove redundent MCU_UNI_CMD_* definitions
282845ce7f3d wifi: mt76: mt7921: fix wrong command to set STA channel
546934dacfd4 wifi: mt76: mt7921: fix PCI DMA hang after reboot
fc2ed0dfc5b0 wifi: mt76: mt7996: Remove unneeded semicolon
1b602db9c235 wifi: mt76: mt7915: unlock on error in mt7915_thermal_temp_store()
ce2438aa616a wifi: mt76: mt7996: fix radiotap bitfield
17ec2146b8f0 wifi: mt76: dynamic channel bandwidth changes in AP mode
ab2d3650a456 wifi: mt76: mt7915: expose device tree match table
90d78253498e wifi: mt76: mt7915: add dev->hif2 support for mt7916 WED device
a69c34a60451 wifi: mt76: mt7915: rework init flow in mt7915_thermal_init()
39079b5e44a7 wifi: mt76: drop the incorrect scatter and gather frame
f9ca70d6367a wifi: mt76: mt7915: add back 160MHz channel width support for MT7915
eff7666e1aa4 wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
920bc6e1fc8e wifi: mt76: do not run mt76_unregister_device() on unregistered hw
b0721b96927b wifi: mt76: connac: refresh tx session timer for WED device
c32d6d849c43 wifi: mt76: usb: fix use-after-free in mt76u_free_rx_queue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-02 11:18:27 +01:00
Felix Fietkau
97a060dce2 mac80211: add patch for allowing the driver to refresh aggregation sessions
Required by a mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-02 11:18:27 +01:00
Felix Fietkau
ee9d706c20 mac80211: backport upstream HE/VHT capability handling changes
Will be required by an mt76 update at some point

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-02 11:17:34 +01:00
Felix Fietkau
6262d3eb06 mac80211: sync mesh fast xmit patch with upstream requested changes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-02 11:17:34 +01:00
Tim Harvey
339a67cb7f kernel: fix hwmon-gsc driver
Fix hwmon-gsc driver by replacing out-of-tree hwmon-gsc driver with in-tree
driver that was merged in Linux v5.8:
 - remove the old out-of-tree module
 - add configuration for the in-tree modules

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2023-03-01 23:25:41 +01:00
Nick Hainke
7ce266767c kexec-tools: update to 2.0.26
Release Notes:
- 2.0.22: https://www.spinics.net/lists/kexec/msg26864.html
- 2.0.23: https://www.spinics.net/lists/kexec/msg27693.html
- 2.0.24: https://www.spinics.net/lists/kexec/msg28922.html
- 2.0.25: https://lore.kernel.org/all/YuYl22cyGldQQc5m@vergenet.net/
- 2.0.26: https://www.spinics.net/lists/kexec/msg30743.html

Remove upstreamed patch:
- 001-arm-do-not-copy-magic-4-bytes-of-appended-DTB-in-zIm.patch

Tested-by: Linhui Liu <liulinhui36@gmail.com> # x86_64
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-01 22:13:27 +01:00
Florian Eckert
b3702fda8f kernel: add tty led trigger kernel module package
This allows LEDs to be controlled by activity on ttys which includes
serial devices like '/dev/ttyS0'.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2023-03-01 22:10:42 +01:00
Rafał Miłecki
fdd1af9a44 fstools: update to the latest master
bfe882d libblkid-tiny: add exfat superblock support

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-02-28 10:05:19 +01:00
Felix Fietkau
1272cb0a0d mac80211: fix mesh path discovery based on unicast packets
If a packet has reached its intended destination, it was bumped to the code
that accepts it, without first checking if a mesh_path needs to be created
based on the discovered source.
Fix this by moving the destination address check further down

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-26 23:45:07 +01:00
Felix Fietkau
2f96580c52 mac80211: rework mesh fast xmit implementation
Refactor in order to make use of generic fast xmit functions
Fix issues with mesh SA/DA addressing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-26 23:45:07 +01:00
Tomasz Maciej Nowak
bdd78897c3 grub2: re-add test module
It seems more hardware needs early load of firmware when initialised
to work properly (at least Intel hardware). One of previous case is CPU
microcode, which this series[1] tried to change. The second one is Intel
graphics IC, which needs firmware for controlling DMC circuit (switch
conncted display to DC6 power state). As it stands, the i915 module is
built-in and it seems the hardware can't cope with firmware loaded
later from rootfs, it needs to be supplied when the module is loaded.
Unfortunately we need bootloader to handle the load of firmware in this
case, but as previously mentioned series[1], there was an error when
initrd was hardcoded, instead of testing existence for it and then
loading. To remedy this in later the 55b808e0c4 ('x86: image: add test
module to bootloader') was commited. Which was later accidentally
dropped when grub2 image creation was moved to packages. Therefore bring
back test module, so we can test for cases of existing firmware in
grub.cfg.

1. https://patchwork.ozlabs.org/project/openwrt/cover/20181120162044.16371-1-tomek_n@o2.pl

Fixes: 5a5df62d95 ("x86/grub2: move grub2 image creation to package")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2023-02-26 22:22:48 +01:00
Daniel González Cabanelas
be0f1c1b26 mvebu: add support for Buffalo LinkStation LS220DE
The Buffalo LinkStation LS220DE is a dual bay NAS, based on Marvell
Armada 370

Hardware:
   SoC:         Marvell Armada 88F6707
   CPU:         Cortex-A9 800 MHz, 1 core
   Flash 1:     SPI-NOR 1 MiB (U-Boot)
   Flash 2:     NAND 512 MiB (OS)
   RAM:         DDR3 256 MiB
   Ethernet:    1x 1GbE
   USB:         1x 2.0
   SATA:        2x 3Gb/s
   LEDs/Input:  5x / 2x (1x button, 1x slide-switch)
   Fan:         1x casing

Flash instructions, from hard drive:
  1. Get access to the "boot" partition at the hard drive where the stock
     firmware is installed. It can be done with acp-commander or by
     plugging the hard drive to a computer.
  2. Backup the stock uImage:
         mv /boot/uImage.buffalo /boot/uImage.buffalo.bak
  3. Move and rename the Openwrt initramfs image to the boot partition:
         mv openwrt-initramfs-kernel.bin /boot/uImage.buffalo
  4. Power on the Linkstation with the hardrive inside. Now Openwrt will
     boot, but still not installed.
  5. Connect via ssh to OpenWrt:
         ssh root@192.168.1.1
  6. Rename boot files inside boot partition
         mount -t ext3 /dev/sda1 /mnt
         mv /mnt/uImage.buffalo /mnt/uImage.buffalo.openwrt.bak
         mv /mnt/initrd.buffalo /mnt/initrd.buffalo.bak
  7. Format ubi partitions at the NAND flash ("kernel_ubi" and "ubi"):
         ubiformat /dev/mtd0 -y
         ubidetach -p /dev/mtd1
         ubiformat /dev/mtd1 -y
  8. Flash the sysupgrade image:
         sysupgrade -n openwrt-squashfs-sysupgrade.bin
  9. Wait until it finish, the device will reboot with OpenWrt installed
     on the NAND flash.

Restore the stock firmware:
  1. Take the hard drive used for the installation and restore boot backup
     files to their original names:
         mount -t ext3 /dev/sda1 /mnt
         mv /mnt/uImage.buffalo.bak /mnt/uImage.buffalo
         mv /mnt/initrd.buffalo.bak /mnt/initrd.buffalo
  2. Boot from the hard drive and perform a stock firmware update using
     the Buffalo utility. The NAND will be restored to the original
     state.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
2023-02-26 22:22:48 +01:00
Felix Fietkau
1d82a47b49 mac80211: fix mesh fast xmit header cache flush
split into multiple functions depending on sta, mpath or mpp

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-26 08:13:44 +01:00
Tobias Hilbig
888b207f1a ncurses: add alacritty terminfo
Add terminfo file for the terminal emulator alacritty.

https://github.com/alacritty/alacritty

Signed-off-by: Tobias Hilbig <web.tobias@hilbig-ffb.de>
2023-02-26 01:12:02 +01:00
Kevin Darbyshire-Bryant
c9df2d5c64 dnsmasq: bump to v2.89
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2023-02-25 20:49:47 +00:00
Hauke Mehrtens
2a104365dc netifd: update to the latest version
ed65a00 netifd: bridge: Fix format string position
19372d8 netifd: Fix multiple -Wsign-compare warnings
8ebf033 netifd: Do not return values in void function
c77417a netifd: Explicitly zero initialize variables
463a120 netifd: Activate -Wextra compile warnings

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-02-25 19:57:47 +01:00
Hauke Mehrtens
32a9fdfc02 ustream-ssl: update to Git version 2023-02-25
498f6e2 ustream-mbedtls: Use getrandom() instead of /dev/urandom

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-02-25 18:37:26 +01:00
Nick Hainke
638ebd3067 iproute2: update to 6.2
Release Notes:
https://lwn.net/Articles/923952/

Refresh patches:
- 110-darwin_fixes.patch
- 115-add-config-xtlibdir.patch
- 140-allow_pfifo_fast.patch
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 170-ip_tiny.patch
- 175-reduce-dynamic-syms.patch
- 180-drop_FAILED_POLICY.patch
- 190-fix-nls-rpath-link.patch
- 195-build_variant_ip_tc.patch
- 200-drop_libbsd_dependency.patch
- 300-selinux-configurable.patch

Remove upstreamed:
- 320-configure-Remove-include-sys-stat.h.patch

While working on it remove AUTORELEASE.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-25 13:32:35 +01:00
Nick Hainke
c98a202446 ethtool: update to 6.2
Release notes:
- Feature: link down event statistics (no option)
- Feature: JSON output for coalesce (-c)
- Feature: new link modes (no option)
- Feature: JSON output for ring (-g)
- Feature: netlink handler for RSS get (-x)
- Fix: fix boolean value output in JSON output
- Fix: fix build errors and warnings

Remove upstreamed patches:
- 100-uapi-Bring-in-if-h.patch
- 101-netlink-Fix-maybe-uninitialized-meters-variable.patch
- 102-raw-marvell-c-Fix-build-with-musl-libc.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-25 13:29:07 +01:00
Nick Hainke
530f5c2fda libcap: update to 2.67
Release notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.o8papfkfh1x9

While working on it, remove $(AUTORELEASE).

Tested-by: Linhui Liu liulinhui36@gmail.com # Xiaomi AX3600
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-25 00:14:38 +01:00
Mark Baker
f35e2422b8 base-files: add support for retrieving IPv6 assignments
In DHCPv6-PD enabled environments, addresses are assigned to interfaces.
These new functions retrieve the IPv6 assigned prefix(es).

Signed-off-by: Mark Baker <mark@vpost.net>
2023-02-24 23:56:36 +01:00
Robert Marko
524704e677
mac80211: ath11k: sync with ath-next
Synchronize the ath11k backports with the current ath-next tree.

This backports several memory leak issues, PCI IRQ fixup, peer add locking
fix as well as IPQ5018 support, though IPQ5018 support is unused for now.

This allows to easily backport further fixes as cherry picking them has
started requiring manual conflict resolution.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-02-22 10:31:48 +01:00
Eneas U de Queiroz
595509cc78
openssl: fix powerpc & arc libatomic dependencies
PowerPC CONFIG_ARCH is defined as powerpc, not ppc.  Fix that in the
DEPENDS condition.

Arc needs to be built with libatomic.  Change the OpenSSL configuration
file, and add it to the libatomic DEPENDS condition.

Fixes: 7e7e76afca "openssl: bump to 3.0.8"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-22 11:05:06 -03:00
Eneas U de Queiroz
7e7e76afca
openssl: bump to 3.0.8
This is a major update to the current LTS version, supported until
2026-09-07.

Changelog:
https://github.com/openssl/openssl/blob/openssl-3.0.8/CHANGES.md

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-20 11:24:17 +01:00
Felix Fietkau
57db2280a2 mac80211: fix mesh issues and improve performance
fix forwarding received mesh a-msdu packets
add fast xmit support for mesh to improve performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-20 12:59:51 +01:00
Leon M. Busch-George
ae751535de
hostapd: always use sae_password for mesh/SAE auth
This patch fixes a corner case when using passwords that are exactly 64
characters in length with mesh mode or passwords longer than 63 characters
with SAE because 'psk' is used instead of 'sae_password'.
SAE is obligatory for 802.11s (mesh point).

The 'psk' option for hostapd is suited for WPA2 and enforces length
restrictions on passwords. Values of 64 characters are treated as PMKs.
With SAE, PMKs are always generated during the handshake and there are no
length restrictions.
The 'sae_password' option is more suited for SAE and should be used
instead.

Before this patch, the 'sae_password' option is only used with mesh mode
passwords that are not 64 characters long.
As a consequence:
- mesh passwords can't be 64 characters in length
- SAE only works with passwords with lengths >8 and <=63 (due to psk
  limitation).

Fix this by always using 'sae_password' with SAE/mesh and applying the PMK
differentiation only when PSK is used.

Fixes: #11324
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ improve commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-19 19:43:57 +01:00
Leon M. Busch-George
3c10c42ddd
hostapd: add quotes in assignments
It's generally advised to use quotes for variable assignments in bash.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-02-19 19:43:54 +01:00
Yuan Tao
fa08d900d4 base-files: sysfixtime: Fix time on the fake RTC
On some devices the chip has RTC but no battery save time.
This leads back to getting the wrong time
and skipping the check of the last file modification date.

This commit ensures that the file time is checked even
if the RTC exists.
which would ordinarily return an approbiate
system time used for e.g. certificate generation.

Tested-on: NanoPi R2S

Signed-off-by: Yuan Tao <ty@wevs.org>
2023-02-19 20:04:59 +08:00
Andre Heider
78dc8e2b13 wireguard-tools: remove unnecessary .mk includes
Including kernel.mk moves the package build folder in the linux one, which
is confusing since this isn't building any kernel modules.

package-defaults.mk is already included my package.mk.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-02-18 19:59:12 +01:00
Brian Norris
a3adbec370 kernel: kmod-ramoops: Include pstore console support
Pstore ramoops support is useful even when there isn't an explicit
panic/crash. We can log all kernel messages via a "console", and then
retrieve them in the event of some non-kernel-panic reset (e.g.,
watchdog).

Since the buffer memory is already reserved, there isn't much overhead
to doing this.

The new console files will show up as:

  /sys/fs/pstore/console-ramoops-N

Cc: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-02-18 19:58:22 +01:00
Andre Heider
0859c7129f elfutils: fix build with GCC 11
GCC 11 doesn't know about -Wno-error=use-after-free and aborts
compilation.

Fixes: 2748c45d "elfutils: Ignore wrong use-after-free error"
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-02-18 19:55:37 +01:00
Tim Harvey
29d02d8ce5 kernel: can: fix MCP251x CAN controller module autoload
Fix autoload module name for can-mcp251x kmod.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2023-02-18 19:54:08 +01:00
Aviana Cruz
144fa4d4e7 netfilter: add kmod-nf-conntrack
There have been some demands for the `ct count` expression,
like https://forum.openwrt.org/t/22-03-2-unable-to-use-ct-count-nft-rules/146680.

This adds the required kernel modules for the expression to work.

Signed-off-by: Aviana Cruz <gwencroft@proton.me>
2023-02-18 17:12:30 +01:00
Michael Pratt
4ef86c620f ramips: add support for Senao Engenius EPG600
FCC ID: A8J-EPG600

Engenius EPG600 is an indoor wireless router with
1 Gb ethernet switch, dual-band wireless,
internal antenna plates, USB, and phone lines (not supported)

this board is a Senao device:
the hardware is equivalent to EnGenius ESR600 (except for phone lines)
the software is Senao SDK which is based on openwrt and uboot
which uses the legacy Senao header with Vendor / Product IDs
to verify the firmware upgrade image.

**Specification:**

  - MT7620 SOC		MIPS 24kec, 2.4 GHz WMAC, 2x2
  - RT5592N WLAN	PCI chip, 5 GHz, 2x2
  - QCA8337N Gb SW	RGMII GbE, SW P0 -- SOC P5, 5 LEDs
  - 40 MHz clock
  - 16 MB FLASH		MX25L12845EMI-10G
  - 64 MB RAM		NT5TU32M16
  - UART console	J2, populated
  - USB 2.0 port	direct to SOC
  - 6 GPIO LEDs		power, 2G, 5G, wps2g, wps5g, line
  - 3 buttons		reset, wps, "reg" (registeration)
  - 4 antennas		internal omni-directional plates

NOT YET SUPPORTED: VoIP

  - Si3050-FT + Si3019-FT	Voice DAA, SPI control, PCM data
  - Phone Ports "TEL", "LINE"	RJ11, 4P2C (2 pins)

**MAC addresses:**

  MAC address labeled as MAC ADDRESS
  MACs present in both wifi cal data and uboot environment

  eth0.1/phy1	----	*:82	rf 0x4
  phy0		----	*:83	factory 0x4
  eth0.2	MAC	*:b8	"wanaddr"

**Installation:**

  Method 1: Firmware upgrade page:

    (if you cannot access the APs webpage)
    factory reset with the reset button
    connect ethernet to a computer
    OEM webpage at 192.168.0.1
    username and password 'admin'

    Navigate to gear icon, "Device Management", "Tools"
    select the factory.dlf image
    Upload and verify checksum

  Method 2: Serial to upload initramfs:

    Follow directions for TFTP recovery
    upload and boot initramfs and do a sysupgrade

**TFTP recovery:**

  Requires UART serial console, reset button does nothing

  rename initramfs-kernel.bin to 'uImageEPG600'
  make available on TFTP server at 192.168.99.8
  power board, interrupt boot with "4"
  execute `tftpboot` and `bootm` (with the load address)

**Return to OEM:**

  Images from OEM are provided, but not compatible
  with openwrt sysupgrade. So it must be modified.

  Alternatively, back up all mtd partitions before flashing

**Note on switch registers:**

  The necessary registers needed for the QCA8337 switch
  can be read from interrupted boot (tftpboot, bootm)
  by using the following lines in the switch driver ar8327.c
  in the function 'ar8327_hw_config_of'
  where 'qca,ar8327-initvals' is parsed from DTS
  before the new register values are written:

    pr_info("0x04 %08x\n", ar8xxx_read(priv, AR8327_REG_PAD0_MODE));
    pr_info("0x08 %08x\n", ar8xxx_read(priv, AR8327_REG_PAD5_MODE));
    pr_info("0x0c %08x\n", ar8xxx_read(priv, AR8327_REG_PAD6_MODE));
    pr_info("0x10 %08x\n", ar8xxx_read(priv, AR8327_REG_POWER_ON_STRAP));

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-02-18 16:55:35 +01:00
Yuu Toriyama
1173edf23b wireless-regdb: update to 2023.02.13
Changes:
  7f7a9f7 wireless-regdb: update regulatory database based on preceding changes
  660a1ae wireless-regdb: Update regulatory info for Russia (RU) on 5GHz
  fe05cc9 wireless-regdb: Update regulatory rules for Japan (JP) on 6GHz
  d8584dc wireless-regdb: Update regulatory rules for Japan (JP) on 5GHz
  c04fd9b wireless-regdb: update regulatory rules for Switzerland (CH)
  f29772a wireless-regdb: Update regulatory rules for Brazil (BR)

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
2023-02-18 16:27:37 +01:00
Stijn Tintel
65c9b5ffb0 odhcpd: bump to git HEAD
dfab0fa dhcpv4: detect noarp interfaces
  5a17751 router: improve RA logging
  edc5e17 router: always check ra_default

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-02-17 16:30:03 +02:00
Stijn Tintel
baf76634f3 build: add option to use preinit IP as LAN IP
We currently have build options to customize the IP address used in the
preinit phase of the boot process, but not to set the default LAN IP.

Introduce a boolean build option that, when enabled, results in the IP
address configured for the preinit phase, to be also used as the default
LAN IP address.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-02-17 16:20:03 +02:00
Robert Marko
061e863bae
kernel: modules: package Aquantia PHY driver
Package the Aquantia AQR PHY driver as kmod.

This enables using the Aquantia driver with hwmon support on targets where
hwmon is not compiled-in.

Currently, in case when AQR driver is compiled-in but hwmon core is not
hwmon code in AQR driver will not get compiled because of macro
IS_REACHABLE(CONFIG_HWMON) evaluating to false.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-02-15 23:28:57 +01:00
Rafał Miłecki
3c66ac7e22 iptables: iptables-mod-conntrack-extra: don't select kmod-ipt-raw
Package kmod-ipt-raw enables CONFIG_IP_NF_RAW and packages
iptable_raw.ko

According to kernel's net/netfilter/Kconfig there are only 3 kernel
symbols that depend on the IP_NF_RAW:
1. NETFILTER_XT_TARGET_CT (xt_CT.ko)
2. NETFILTER_XT_TARGET_NOTRACK (unused symbol?!)
3. NETFILTER_XT_TARGET_TRACE (xt_TRACE.ko)

Now: iptables-mod-conntrack-extra selects kmod-ipt-conntrack-extra which
provides: xt_helper.ko nf_conncount.ko xt_connlimit.ko xt_connmark.ko
xt_recent.ko and xt_connbytes.ko (none of them seems to require
iptable_raw.ko).

It seems there is no explicit reason for iptables-mod-conntrack-extra to
require kmod-ipt-raw (iptables_raw.ko).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-02-15 14:28:08 +01:00
Rafał Miłecki
601257e388 netifd: refactor packet steering init
1. Move setup code to independent script file
2. Add init.d script to allow automatic updates
3. Support platform specific /usr/libexec/platform/packet-steering.sh

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-02-15 14:25:38 +01:00
Daniel Golle
e8625c89ef treewide: replace /sys/devices/virtual/ubi by /sys/class/ubi
Starting from Linux Kernel version 6.3 UBI devices will no longer be
considered virtual, but rather have an MTD device parent. Hence they
will no longer be listed under /sys/devices/virtual/ubi which is
used in multiple places in OpenWrt. Prepare for future kernels by
using /sys/class/ubi instead of /sys/devuces/virtual/ubi.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-02-15 03:27:59 +00:00
Daniel Golle
62e583ddb9 fstools: update to git HEAD
12155d3 libfstools: use class interface to iterate over ubi devices

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-02-15 03:27:35 +00:00
Felix Fietkau
ac4fae2338 ucode: update to the latest version
08c709c58187 rtnl: add support for registering an uloop based listener
599a7fb59380 Merge pull request #140 from nbd168/rtnl
c4125c516e0a nl80211: fix NL80211_ATTR_SURVEY_INFO
c43bb9d8fe8d Merge pull request #141 from dhewg/master
c1342d934b2d nl80211: add missing ucv_get() calls
9022b270683a rtnl: add missing ucv_get() calls
837cffec5a5c Merge pull request #142 from nbd168/ref-fixes
65b1f181e642 rtnl: add missing uc_vm_registry_set call
ab2f3f70257d Merge pull request #143 from nbd168/rtnl-fix

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-14 09:59:16 +01:00
INAGAKI Hiroshi
f490295bf2
ipq807x: add support for Buffalo WXR-5950AX12
Buffalo WXR-5950AX12 is a 2.4/5 GHz band 11ax (Wi-Fi 6) router, based on
IPQ8074A.

Specification:

- SoC         : Qualcomm IPQ8074A
- RAM         : DDR3 1024 MiB (2x Nanya NT5CC256M16ER-EK)
- Flash       : RAW NAND 256 MiB (Winbond W29N02GZBIBA)
- WLAN        : 2.4/5 GHz (IPQ8074A)
- Ethernet    : 5 ports
  - WAN       : 100/1000/2500/10000 Mbps x1 (AQR113C)
  - LAN       : 100/1000/2500/10000 Mbps x1 (AQR113C),
                10/100/1000 Mbps x3 (QCA8075)
- LED/Keys    : 8x/5x
- UART        : pin header on PCB (J7)
  - assignment: 3.3V, GND, TX, RX from disc marking
  - settings  : 115200n8
- Power       : 12 VDC, 4 A

Flash instruction using initramfs image:

1. Prepare TFTP server with IP address 192.168.11.10
2. Rename OpenWrt initramfs image to "WXR-5950AX12-initramfs.uImage and
   place it to TFTP directory
3. Hold AOSS (WPS) button and power on WXR-5950AX12
4. WXR-5950AX12 downloads initramfs image from TFTP server and boots
   with it automatically
5. Upload sysupgrade image to WXR-5950AX12 and perform sysupgrade
6. Wait ~120 seconds to complete flashing

Partition layout:

0x000000000000-0x000000100000 : "0:sbl1"
0x000000100000-0x000000200000 : "0:mibib"
0x000000200000-0x000000280000 : "0:bootconfig"
0x000000280000-0x000000300000 : "0:bootconfig1"
0x000000300000-0x000000600000 : "0:qsee"
0x000000600000-0x000000900000 : "0:qsee_1"
0x000000900000-0x000000980000 : "0:devcfg"
0x000000980000-0x000000a00000 : "0:devcfg_1"
0x000000a00000-0x000000a80000 : "0:apdp"
0x000000a80000-0x000000b00000 : "0:apdp_1"
0x000000b00000-0x000000b80000 : "0:rpm"
0x000000b80000-0x000000c00000 : "0:rpm_1"
0x000000c00000-0x000000c80000 : "0:cdt"
0x000000c80000-0x000000d00000 : "0:cdt_1"
0x000000d00000-0x000000d80000 : "0:appsblenv"
0x000000d80000-0x000000e80000 : "0:appsbl"
0x000000e80000-0x000000f80000 : "0:appsbl_1"
0x000000f80000-0x000001000000 : "0:art"
0x000001000000-0x000001080000 : "0:art_1"
0x000001080000-0x000001100000 : "0:orgdata"
0x000001100000-0x000001180000 : "0:orgdata_1"
0x000001180000-0x000005180000 : "rootfs"
0x000005180000-0x000009180000 : "rootfs_recover"
0x000009180000-0x000010000000 : "user_property"

Notes:

- WXR-5950AX12 has 2x OS images on NAND flash. The 1st image is for
  normal operation and the 2nd one is for recoverying or firmware
  upgrading on stock.

- Stock U-Boot checks MD5 hashes in "fw_hash" volume in each "root*"
  partition when booting. This is just a comparation of hash strings.

  Behaviors:

  - both "fw_hash" volumes exist, hashes are rootfs == rootfs_recover
    ---> boot from rootfs

  - both "fw_hash" volumes exist, hashes are rootfs != rootfs_recover
    ---> boot from rootfs_recover

    Note: this behavior is used for firmware upgrading on stock

  - "fw_hash" volume in rootfs is missing
    ---> boot from rootfs_recover

  - "fw_hash" volume in rootfs_recover is missing
    ---> boot from rootfs

  - "fw_hash" volumes in both root* partition are missing
    ---> boot from rootfs_recover

Reverting to stock firmware:

1. Decrypt official image by buffalo-enc and remove header

   example of decryption:

   $ buffalo-enc -i wxr_5950ax12_jp_305 -o wxr_5950ax12_jp_305.dec \
                 -d -k olaffuB -O 0xc8

   example of removing header (v3.05):

   - before

   $ hexdump -n 64 -v -C wxr_5950ax12_jp_305.dec
   00000000  57 58 52 2d 35 39 35 30  41 58 31 32 5f 33 2e 30  |WXR-5950AX12_3.0|
   00000010  35 5f 31 2e 30 31 5f 4a  50 5f 6a 70 5f 71 63 61  |5_1.01_JP_jp_qca|
   00000020  0a 66 69 6c 65 6c 65 6e  3d 34 35 33 35 30 39 31  |.filelen=4535091|
   00000030  32 0a 55 42 49 23 01 00  00 00 00 00 00 00 00 00  |2.UBI#..........|
   00000040

   - after

   $ hexdump -n 64 -v -C wxr_5950ax12_jp_305.ubi
   00000000  55 42 49 23 01 00 00 00  00 00 00 00 00 00 00 00  |UBI#............|
   00000010  00 00 08 00 00 00 10 00  78 cf c4 91 00 00 00 00  |........x.......|
   00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
   00000030  00 00 00 00 00 00 00 00  00 00 00 00 3d 2a 64 fd  |............=*d.|
   00000040

2. Boot WXR-5950AX12 with OpenWrt initramfs image

3. Upload modified stock image to WXR-5950AX12

4. Find partitions "rootfs" and "rootfs_recover"

   example:

   root@OpenWrt:/# cat /proc/mtd
   dev:    size   erasesize  name
   ...
   mtd22: 04000000 00020000 "rootfs"
   mtd23: 04000000 00020000 "rootfs_recover"
   ...

   in this case, "rootfs" is mtd22 and "rootfs_recover" is mtd23

5. Format "rootfs"/"rootfs_recover" partition with the uploaded image

   example:

   ubiformat /dev/mtd22 -f /tmp/wxr_5950ax12_jp_305.ubi
   ubiformat /dev/mtd23 -f /tmp/wxr_5950ax12_jp_305.ubi

6. Remove "rootfs"/"rootfs_data" volume from user_property partition

   example:

   . /lib/upgrade/nand.sh
   UBI=$(nand_attach_ubi user_property)
   ubirmvol /dev/$UBI -N rootfs
   ubirmvol /dev/$UBI -N rootfs_data

7. Reboot

MAC addresses:

LAN    : 50:C4:DD:xx:xx:28 (0:APPSBLENV, ethaddr (text))
WAN    : 50:C4:DD:xx:xx:28 (0:APPSBLENV, ethaddr (text))
2.4 GHz: 50:C4:DD:xx:xx:30 (0:APPSBLENV, wlan0addr (text))
5 GHz  : 50:C4:DD:xx:xx:38 (0:APPSBLENV, wlan1addr (text))

Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2023-02-12 01:18:39 +01:00
INAGAKI Hiroshi
54c5f33b30 uboot-envtools: add support for APRESIA ApresiaLightGS120GT-SS
This patch adds support for APRESIA ApresiaLightGS120GT-SS to
uboot-envtools.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2023-02-13 12:22:17 +01:00
Felix Fietkau
ec33a6ca2c mac80211: add fixes for receiving A-MSDU packets on mesh interfaces
The standard defines the A-MSDU header length field differently for mesh
compared to other modes. Deal with this accordingly and work around broken
implementations (e.g. ath10k, ath11k).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-13 11:45:43 +01:00
Nick Hainke
9639ef2a5b e2fsprogs: update to 1.47.0
Release notes:
https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.47.0

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-13 00:48:25 +01:00
Karl Chan
92276eef70 ramips: add support for ASUS RT-AX54
Specifications:
- Device: ASUS RT-AX54 (AX1800S/HP,AX54HP)
- SoC: MT7621AT
- Flash: 128MB
- RAM: 256MB
- Switch: 1 WAN, 4 LAN (10/100/1000 Mbps)
- WiFi: MT7905 2x2 2.4G + MT7975 2x2 5G
- LEDs: 1x POWER (blue, configurable)
        1x LAN (blue, configurable)
        1x WAN (blue, configurable)
	1x 2.4G (blue, not configurable)
	1x 5G (blue, not configurable)

Flash by U-Boot TFTP method:
- Configure your PC with IP 192.168.1.2
- Set up TFTP server and put the factory.bin image on your PC
- Connect serial port(rate:115200) and turn on AP, then interrupt "U-Boot Boot Menu" by hitting any key
   Select "2. Upgrade firmware"
   Press enter when show "Run firmware after upgrading? (Y/n):"
   Select 0 for TFTP method
   Input U-Boot's IP address: 192.168.1.1
   Input TFTP server's IP address: 192.168.1.2
   Input IP netmask: 255.255.255.0
   Input file name: openwrt-ramips-mt7621-asus_rt-ax1800hp-squashfs-factory.bin
- Restart AP aftre see the log "Firmware upgrade completed!"

Signed-off-by: Karl Chan <exkc@exkc.moe>
2023-02-12 18:27:45 +01:00
John Audia
4ae86b3358 openssl: bump to 1.1.1t
Removed upstreamed patch: 010-padlock.patch

Changes between 1.1.1s and 1.1.1t [7 Feb 2023]

  *) Fixed X.400 address type confusion in X.509 GeneralName.

     There is a type confusion vulnerability relating to X.400 address processing
     inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
     but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
     vulnerability may allow an attacker who can provide a certificate chain and
     CRL (neither of which need have a valid signature) to pass arbitrary
     pointers to a memcmp call, creating a possible read primitive, subject to
     some constraints. Refer to the advisory for more information. Thanks to
     David Benjamin for discovering this issue. (CVE-2023-0286)

     This issue has been fixed by changing the public header file definition of
     GENERAL_NAME so that x400Address reflects the implementation. It was not
     possible for any existing application to successfully use the existing
     definition; however, if any application references the x400Address field
     (e.g. in dead code), note that the type of this field has changed. There is
     no ABI change.
     [Hugo Landau]

  *) Fixed Use-after-free following BIO_new_NDEF.

     The public API function BIO_new_NDEF is a helper function used for
     streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
     to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
     be called directly by end user applications.

     The function receives a BIO from the caller, prepends a new BIO_f_asn1
     filter BIO onto the front of it to form a BIO chain, and then returns
     the new head of the BIO chain to the caller. Under certain conditions,
     for example if a CMS recipient public key is invalid, the new filter BIO
     is freed and the function returns a NULL result indicating a failure.
     However, in this case, the BIO chain is not properly cleaned up and the
     BIO passed by the caller still retains internal pointers to the previously
     freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
     then a use-after-free will occur. This will most likely result in a crash.
     (CVE-2023-0215)
     [Viktor Dukhovni, Matt Caswell]

  *) Fixed Double free after calling PEM_read_bio_ex.

     The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
     decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
     data. If the function succeeds then the "name_out", "header" and "data"
     arguments are populated with pointers to buffers containing the relevant
     decoded data. The caller is responsible for freeing those buffers. It is
     possible to construct a PEM file that results in 0 bytes of payload data.
     In this case PEM_read_bio_ex() will return a failure code but will populate
     the header argument with a pointer to a buffer that has already been freed.
     If the caller also frees this buffer then a double free will occur. This
     will most likely lead to a crash.

     The functions PEM_read_bio() and PEM_read() are simple wrappers around
     PEM_read_bio_ex() and therefore these functions are also directly affected.

     These functions are also called indirectly by a number of other OpenSSL
     functions including PEM_X509_INFO_read_bio_ex() and
     SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
     internal uses of these functions are not vulnerable because the caller does
     not free the header argument if PEM_read_bio_ex() returns a failure code.
     (CVE-2022-4450)
     [Kurt Roeckx, Matt Caswell]

  *) Fixed Timing Oracle in RSA Decryption.

     A timing based side channel exists in the OpenSSL RSA Decryption
     implementation which could be sufficient to recover a plaintext across
     a network in a Bleichenbacher style attack. To achieve a successful
     decryption an attacker would have to be able to send a very large number
     of trial messages for decryption. The vulnerability affects all RSA padding
     modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
     (CVE-2022-4304)
     [Dmitry Belyavsky, Hubert Kario]

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-02-12 00:08:29 +01:00
Xu Yiming
1a145ccb0a
kernel: kmod-fs-ntfs3: fix typo
Fix typo that mistaken the description of ntfs3 for fuse.

Signed-off-by: Xu Yiming <xuyiming.open@outlook.com>
2023-02-09 03:16:51 +01:00
Nick Hainke
b6bc924b19 e2fsprogs: update to 1.46.6
Release information:
https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6

Remove upstreamed patch:
- 004-CVE-2022-1304-libext2fs-add-sanity-check-to-extent-manipulation.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-08 00:14:53 +01:00
Leon M. George
67d2a7ef9e
base-files: ipcalc.sh: fix awk regex syntax
It worked fine before but gawk warns about it.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:58 +01:00
Leon M. George
2903924b57
base-files: ipcalc.sh: trim for statement
For gawk compatibility.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
e4bd3de1be
dnsmasq: refuse to add empty DHCP range
Use ipcalc's return value to react to invalid range specifications.
By simply ignoring the range instead of aborting with an error code,
dnsmasq should still start when there's an error (best effort).
Aborting the config generation or working with invalid range specs leaves
dnsmasq crash-looping which is the right thing to do concerning that
particular interface but it also hinders DHCP service on other interfaces
and DNS on the router itself.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
6ce9f42b98
base-files: ipcalc.sh: use shebang to invoke awk
There's hardly an shell logic in ipcalc.sh and a $* that would garble
parameter positions.
Move the awk invokation to the shebang.

A rename from "ipcalc.sh" to "ipcalc" is desirable but could prove tricky
with packages in other repositories depending on the filename.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
a40a96e54b
base-files: ipcalc.sh: fail when network is too small
It's possible to move range boundaries in a way that the start address
lies behind the end address.
Detect this condition and exit with an error message.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:56 +01:00
Leon M. George
4fe106afd1
base-files: ipcalc.sh: don't include own address in range
Make sure our own address doesn't lie in the calculated range.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:56 +01:00
Leon M. George
00a20335ba
base-files: ipcalc.sh: check for params before calculating start/end
With this patch, ipcalc only calculates range boundaries if the
corresponding parameters are supplied.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:52 +01:00
Christian Marangi
f28a604df4
iwinfo: bump to latest git HEAD
c7eb8eb nl80211: restore iterating over all devices in nl80211_phy2ifname()

Fixes: #11902
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-06 21:36:51 +01:00
Christian Marangi
3ef655375a
fstools: bump to latest Git HEAD
14d535e partname: Correct fstools_partname_fallback_scan comparison

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-04 20:04:58 +01:00
Brian Norris
3cd882744d base-files: upgrade: Fix export_partdevice() quoting
$BOOTDEV_MAJOR may be empty for many of the uevents parsed in this
function. This condition thus tends to fail benignly (we just skip to
the next device), but it can really clutter the stage2 sysupgrade
stderr, since it looks like the "=" operand doesn't have an appropriate
left-hand argument.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-02-03 14:09:46 +01:00
Brian Norris
ecafdfa894 kernel: modules: add lkdtm module
Useful for debugging panic/error handling, crash logging, and more.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-02-03 13:48:11 +01:00
Jan Hoffmann
b91d7d9d78 ltq-*-app: extend ubus metrics/statistics
Expose a few additional useful values via ubus:

- Channel error counters (CRC, FEC)
- Retransmission counters (MINEFTR, LEFTRS)
- Impulse noise protection level
- Rate adaptation mode
- OLR statistics (Bitswap, SRA, SOS)
- Pilot tones
- Upstream/downstream band information

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2023-02-03 13:40:47 +01:00
Jan Hoffmann
723963543a ltq-vdsl-vr9: fix upstream MINEFTR
The upstream value read from the device seems to already be in bits per
second, so there is no need to multiply by 1000 again (which for typical
values causes an overflow of the 32-bit unsigned integer).

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2023-02-03 13:33:36 +01:00
Chen Minqiang
fcde517d35 wolfssl: fix build with make < 4.2
Inline the preinst.arm-ce script. Support for including was added in
make 4.2 and is not working with older make versions.

Fixes: https://github.com/openwrt/openwrt/issues/11866
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2023-02-03 12:18:19 +01:00
Glenn Strauss
2a691fc7f2 mbedtls: x509 crt verify SAN iPAddress
backport from
X509 crt verify SAN iPAddress
https://github.com/Mbed-TLS/mbedtls/pull/6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
https://github.com/Mbed-TLS/mbedtls/issues/6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
https://github.com/openwrt/packages/issues/19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-02-03 11:27:58 +01:00
Felix Fietkau
acd8e94d20 mt76: update PKG_SOURCE_HASH
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-02 11:37:48 +01:00
Felix Fietkau
ff4c872c7c mt76: fix typo in PKG_SOURCE_DATE
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-02 11:36:50 +01:00
Felix Fietkau
521efb62eb mt76: update to the latest version, import WED related mtk_eth_soc patches
6c256218e59e wifi: mt76: dma: use napi_build_skb
679254c50f27 mt7915: add CONFIG_MT76_LEDS to cflags
15b9dd6b1b6a wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work
8e5c21fe7c5c wifi: mt76: mt7915: rework mt7915_mcu_set_thermal_throttling
87cb74fe42d9 wifi: mt76: mt7915: rework mt7915_thermal_temp_store()
c6f24b83eba5 wifi: mt76: mt7915: add error message in mt7915_thermal_set_cur_throttle_state()
99e96b89ee4d wifi: mt76: mt7915: add chip id condition in mt7915_check_eeprom()
833cd420480f wifi: mt76: mt7921: fix channel switch fail in monitor mode
f1f8bae6092d wifi: mt76: mt7921: add ack signal support
f47087a6dd62 wifi: mt76: mt7996: fix chainmask calculation in mt7996_set_antenna()
2f3b0acc1588 wifi: mt76: mt7996: update register for CFEND_RATE
7e9540dcbd70 wifi: mt76: mt7996: do not hardcode vht beamform cap
a37e427d0959 wifi: mt76: connac: fix POWER_CTRL command name typo
98aa346042bd wifi: mt76: mt7915: remove BW160 and BW80+80 support
94fed6a43541 wifi: mt76: mt7921: fix invalid remain_on_channel duration
3c162384d80a wifi: mt76: introduce mt76_queue_is_wed_rx utility routine
a409a9454587 wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit
8b27ecd3a684 wifi: mt76: mt7996: fix memory leak in mt7996_mcu_exit
683760461dd0 wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
0c750cf08f85 wifi: mt76: dma: fix memory leak running mt76_dma_tx_cleanup
5de9ae29bea2 wifi: mt76: mt7915: avoid mcu_restart function pointer
dad96dd3e62d wifi: mt76: mt7603: avoid mcu_restart function pointer
19d36dd9c8ea wifi: mt76: mt7615: avoid mcu_restart function pointer
6fe2c2383d3d wifi: mt76: mt7921: avoid mcu_restart function pointer
9df89143bf71 wifi: mt76: mt7915: get rid of wed rx_buf_ring page_frag_cache
8d51d11760cb wifi: mt76: fix switch default case in mt7996_reverse_frag0_hdr_trans
0d8057dbd51c wifi: mt76: mt7921u: add support for Comfast CF-952AX
ddbf4e933d54 wifi: mt76: mt7915: set sku initial value to zero
06a8904e954e wifi: mt76: mt7915: wed: enable red per-band token drop
724a337caef9 wifi: mt76: mt7915: fix WED TxS reporting
747ca943a5bb wifi: mt76: add flexible polling wait-interval support
133d7859977a wifi: mt76: mt7921: reduce polling time in pmctrl
5fe319a0550e wifi: mt76: add memory barrier to SDIO queue kick
822f060b9d19 wifi: mt76: mt7921: fix rx filter incorrect by drv/fw inconsistent
c6794954a723 wifi: mt76: mt7915: fix memory leak in mt7915_mmio_wed_init_rx_buf
9686cd7cc65c wifi: mt76: switch to page_pool allocator
04da4eaa8235 wifi: mt76: enable page_pool stats
1af4a911ebcb wifi: mt76: mt7915: release rxwi in mt7915_wed_release_rx_buf
e8c10835cf06 wifi: mt76: fix compile error without CONFIG_PAGE_POOL_STATS
0cf0ede7cc42 net: ethernet: mtk_wed: add reset to rx_ring_setup callback
715b3ed9708a net: ethernet: mtk_wed: add reset to tx_ring_setup callback
9107381d0ff3 wifi: mt76: mt7921: fix error code of return in mt7921_acpi_read
36d2a5bf7802 wifi: mt76: mt7996: rely on mt76_connac2_mac_tx_rate_val
c67f57d2cda2 wifi: mt76: dma: add reset to mt76_dma_wed_setup signature
3dace36e2941 wifi: mt76: dma: reset wed queues in mt76_dma_rx_reset
4b229d2da562 wifi: mt76: mt7915: add mt7915 wed reset callbacks
f83958376085 wifi: mt76: mt7915: complete wed reset support
321edbb414dc wifi: mt76: mt7996: rely on mt76_connac_txp_common structure
bdb7dc38a6d1 wifi: mt76: mt7996: rely on mt76_connac_txp_skb_unmap
8688756305c6 wifi: mt76: mt7996: rely on mt76_connac_tx_complete_skb
fbf986dbd4c0 wifi: mt76: mt7996: rely on mt76_connac2_mac_decode_he_radiotap
adc556cbce37 wifi: mt76: mt7996: avoid mcu_restart function pointer
5eb4e2303be4 wifi: mt76: remove __mt76_mcu_restart macro
e7a61c5f70f5 wifi: mt76: add EHT phy type
b375845abc10 wifi: mt76: connac: add CMD_CBW_320MHZ
68b17a243332 wifi: mt76: connac: add helpers for EHT capability
02ec1f61b3a2 wifi: mt76: connac: add cmd id related to EHT support
9209294cd81b wifi: mt76: increase wcid size to 1088
5e85136c9b2f wifi: mt76: add EHT rate stats for ethtool
a171f672fdeb wifi: mt76: mt7996: add variants support
eda8fd62c105 wifi: mt76: mt7996: add helpers for wtbl and interface limit
4a5a9f4cdc3b wifi: mt76: mt7996: rework capability init
06b73c155680 wifi: mt76: mt7996: add EHT capability init
ae71a1b8294f wifi: mt76: mt7996: add support for EHT rate report
65bdfae2991d wifi: mt76: mt7996: enable EHT support in firmware
b2360d59747c wifi: mt76: mt7996: add EHT beamforming support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-02 11:16:49 +01:00
Petr Štetiar
3d7d93cf65 ubus: fix wrong package mirror hash
I've somehow managed to commit wrong package mirror hash in commit 36076b5a40
("ubus: update to version 2022-06-15"), so lets fix it by using a proper
one.

Fixes: 36076b5a40 ("ubus: update to version 2022-06-15")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-01-30 10:58:00 +01:00
Felix Fietkau
83d3e255f1 bridger: update to the latest version
8be8bb9df789 nl: fix accessing hairpin mode and isolated from the right attribute set

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-01-29 10:08:21 +01:00
Felix Fietkau
908397f6d2 mac80211: backport napi_build_skb for 5.10
It is needed for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-01-29 10:08:21 +01:00
Felix Fietkau
74e5e213da ucode: update to the latest version
1c8df08824ef style: add .editorconfig file
ec167d39b803 nl80211: refactor command bitmask handling
6704ec0d5b29 nl80211: add support for registering an uloop based listener
48a6eac1da15 fs: implement `fs.pipe()`
f1be0d725735 types: fix array unshift operations and add test coverage
941d14837faf Merge pull request #138 from nbd168/nl80211

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-01-29 10:08:21 +01:00
Daniel Golle
90dbdb4941 uboot-envtools: filogic: bpi-r3: fix env selection
Selecting the environment when booting from SD card has been broken by
a previous commit. Fix it.

Fixes: f46355b4d7 ("uboot-envtools: mediatek_filogic: fix BPi-R3 when no OS is installed")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-01-29 03:43:58 +00:00
Daniel Golle
e51a57e192 uboot-envtools: mt7622: bpi-r64: fix env selection
Selecting the environment when booting from SD card has been broken by
a previous commit. Fix it.

Fixes: 84b5b0f88c ("uboot-envtools: mediatek/mt7622: don't rely on mapped rootfs")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-01-29 03:43:58 +00:00
Chen Minqiang
781a3ae5dc base-files: fix nand_do_platform_check fail
This change ensures compatibility with both types of sysupgrade-tar files.

1. For some boards like xiaomi,redmi-router-ax6s, sysupgrade-tar
   is pack in directory `vendor,name/`

2. For some boards like xiaomi,mi-router-3g, sysupgrade-tar is pack
   in directory `vendor_name/`

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2023-01-29 01:02:45 +00:00
Andre Heider
b246385126 ucode: move to the lang submenu
Just as lua or the various languages from the package feed.
libucode is the exception, so move it to the libs menu instead.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-28 22:37:35 +01:00
Andre Heider
9902c8520b uhttpd: clean up Makefile
uhttpd's cmake options all default to ON. Either we set all of them or
none if the defaults need to be changed. Let's go with the latter.

Because support for all modules is always compiled in, remove two unused
and useless config toggles.

uhttpd detects and uses libcrypt itself, no need to add it here again.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-28 22:37:35 +01:00
Hauke Mehrtens
d1893f1c88 px5g-mbedtls: Use getrandom()
Instead of accessing /dev/urandom use the getrandom syscall. This way we
do not have to keep the file open all the time.
This also fixes a compile error with glibc:

--------
px5g-mbedtls.c: In function '_urandom':
px5g-mbedtls.c:48:9: error: ignoring return value of 'read' declared with attribute 'warn_unused_result' [-Werror=unused-result]
   48 |         read(urandom_fd, out, len);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
--------

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 22:26:06 +01:00
Tony Butler
a7f3a51982 kernel: add kmod-lib-842
"842" is a compression scheme and this is the software implementation
which is too slow to really use beyond a proof of concept.  It can be
selected in ZRAM, ZSWAP, or `fs/pstore`, and is here for completeness.
In general you need a Power8 or better with 842-in-hardware for it to
be fast, but other 842-accelerators are emerging.

Signed-off-by: Tony Butler <spudz76@gmail.com>
2023-01-28 21:19:17 +01:00
Michael Pratt
52992efc34 ath79: add support for Senao Engenius EWS660AP
FCC ID: A8J-EWS660AP

Engenius EWS660AP is an outdoor wireless access point with
2 gigabit ethernet ports, dual-band wireless,
internal antenna plates, and 802.3at PoE+

**Specification:**

  - QCA9558 SOC		2.4 GHz, 3x3
  - QCA9880 WLAN	mini PCIe card, 5 GHz, 3x3, 26dBm
  - AR8035-A PHY	RGMII GbE with PoE+ IN
  - AR8033 PHY		SGMII GbE with PoE+ OUT
  - 40 MHz clock
  - 16 MB FLASH		MX25L12845EMI-10G
  - 2x 64 MB RAM
  - UART at J1		populated, RX grounded
  - 6 internal antenna plates (5 dbi, omni-directional)
  - 5 LEDs, 1 button (power, eth0, eth1, 2G, 5G) (reset)

**MAC addresses:**

  Base MAC addressed labeled as "MAC"
  Only one Vendor MAC address in flash

  eth0 *:d4 MAC art 0x0
  eth1 *:d5 --- art 0x0 +1
  phy1 *:d6 --- art 0x0 +2
  phy0 *:d7 --- art 0x0 +3

**Serial Access:**

  the RX line on the board for UART is shorted to ground by resistor R176
  therefore it must be removed to use the console
  but it is not necessary to remove to view boot log

  optionally, R175 can be replaced with a solder bridge short

  the resistors R175 and R176 are next to the UART RX pin

**Installation:**

  2 ways to flash factory.bin from OEM:

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fd70000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

**Return to OEM:**

  If you have a serial cable, see Serial Failsafe instructions
  otherwise, uboot-env can be used to make uboot load the failsafe image

  ssh into openwrt and run
  `fw_setenv rootfs_checksum 0`
  reboot, wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

**TFTP recovery:**

  Requires serial console, reset button does nothing

  rename initramfs.bin to '0101A8C0.img'
  make available on TFTP server at 192.168.1.101
  power board, interrupt boot
  execute tftpboot and bootm 0x81000000

**Format of OEM firmware image:**

  The OEM software of EWS660AP is a heavily modified version
  of Openwrt Kamikaze. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-ar71xx-generic-ews660ap-uImage-lzma.bin
    openwrt-ar71xx-generic-ews660ap-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  Newer EnGenius software requires more checks but their script
  includes a way to skip them, otherwise the tar must include
  a text file with the version and md5sums in a deprecated format.

  The OEM upgrade script is at /etc/fwupgrade.sh.

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  The clock delay required for RGMII can be applied
  at the PHY side, using the at803x driver `phy-mode`.
  Therefore the PLL registers for GMAC0
  do not need the bits for delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

Tested-by: Niklas Arnitz <openwrt@arnitz.email>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-01-28 20:34:00 +01:00
Nick Hainke
364a9be338 ethtool: update to 6.1
Release notes:
https://lore.kernel.org/netdev/20221219225600.r54vejiqapn266cm@lion.mk-sys.cz/T/

Add patches fixing compilation:
- 100-uapi-Bring-in-if-h.patch
- 101-netlink-Fix-maybe-uninitialized-meters-variable.patch
- 102-raw-marvell-c-Fix-build-with-musl-libc.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-28 20:26:22 +01:00
Hauke Mehrtens
015c108755 relayd: bump to version 2023-01-28
f646ba4 route: Fix compile warning with glibc

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 20:24:22 +01:00
Hauke Mehrtens
d14559e9df uhttpd: update to latest Git HEAD
47561aa mimetypes: add audio/video support for apple airplay
6341357 ucode: respect all arguments passed to send()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 19:31:42 +01:00
David Bauer
a63430eac3 mac80211: use 802.11ax iw modes
This adds missing HE modes to mac80211_prepare_ht_modes.

Previously mesh without wpa_supplicant would be initialized with 802.11g
/NO-HT only, as this method did not parse channel bandwidth for HE
operation.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-01-28 13:53:39 +01:00
Petr Štetiar
36076b5a40 ubus: update to version 2022-06-15
Update which contains just a following fix:

 * ubusd: add lookup command queuing support

   Defers and continues a client's lookup command to avoid unnecessary
   buffering under load.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-01-27 11:04:07 +01:00
Nick Hainke
1a47f19080 linux-firmware: update to 20230117
Changes:
32d3199 linux-firmware: Update firmware file for Intel Bluetooth AX201
2da8a7a linux-firmware: Update firmware file for Intel Bluetooth AX201
8b5ddf4 linux-firmware: Update firmware file for Intel Bluetooth AX211
4219dac linux-firmware: Update firmware file for Intel Bluetooth AX211
fb34135 linux-firmware: Update firmware file for Intel Bluetooth AX210
becd3fc linux-firmware: Update firmware file for Intel Bluetooth AX200
7101c57 linux-firmware: Update firmware file for Intel Bluetooth AX201
49e87fa linux-firmware: Update firmware file for Intel Bluetooth 9560
86b73ce linux-firmware: Update firmware file for Intel Bluetooth 9260
3723b48 brcm: add configuration files for CyberTan WC121
7f626ef qcom: add firmware files for Adreno A200
fc5a25f rtw89: 8852c: update fw to v0.27.56.10
2ba1bea  QCA: Add Bluetooth firmware for QCA2066
a1ad1d5 amdgpu: add VCN4.0.4 firmware from amd-5.4
9e01e17 amdgpu: add SMU13.0.7 firmware from amd-5.4
3a50eb8 amdgpu: add SDMA6.0.2 firmware from amd-5.4
19995fb amdgpu: add PSP13.0.7 firmware from amd-5.4
32e7c93 amdgpu: add GC11.0.2 firmware from amd-5.4
20c8060 amdgpu: add DCN3.2.1 firmware from amd-5.4
5c8e895 amdgpu: update VCN4.0.0 firmware from amd-5.4
66b3435 amdgpu: update SMU13.0.0 firmware from amd-5.4
604df78 amdgpu: update SDMA6.0.0 firmware from amd-5.4
3e9169a amdgpu: update PSP13.0.0 firmware from amd-5.4
bd1b7f7 amdgpu: update GC11.0.0 firmware from amd-5.4
c8ff1f4 iwlwifi: add new FWs from core76-35 release
5630963 iwlwifi: update cc/Qu/QuZ firmwares for core76-35 release
8bbec22 iwlwifi: add new FWs from core75-47 release
e20a687 iwlwifi: update 9000-family firmwares to core75-47
504b691 amdgpu: update renoir DMCUB firmware
1ed02d5 amdgpu: Update renoir PSP firmware
d0598c3 amdgpu: update copyright date for LICENSE.amdgpu
cee86df linux-firmware: update firmware for MT7921 WiFi device
e2d1174 linux-firmware: update firmware for MT7922 WiFi device
ce7cc73 linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
91f4c6b linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
52e62d6 cxgb4: Update firmware to revision 1.27.1.0
4704e25 qca: Update firmware files for BT chip WCN6750
c9c1958 rtw89: 8852c: update fw to v0.27.56.9
9e91f0c rtw89: 8852c: update fw to v0.27.56.8

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-26 22:15:43 +01:00
Linhui Liu
340d3d84dc firmware: intel-microcode: update to 20221108
Changelog:
  * New Microcodes:
    sig 0x000606c1, pf_mask 0x10, 2022-08-07, rev 0x1000201, size 286720
    sig 0x000b0671, pf_mask 0x32, 2022-09-07, rev 0x010e, size 204800

  * Updated Microcodes:
    sig 0x000706e5, pf_mask 0x80, 2022-08-02, rev 0x00b6, size 113664
    sig 0x000806c1, pf_mask 0x80, 2022-06-28, rev 0x00a6, size 110592
    sig 0x000806d1, pf_mask 0xc2, 2022-06-28, rev 0x0042, size 102400
    sig 0x000806ec, pf_mask 0x94, 2022-07-31, rev 0x00f4, size 105472
    sig 0x00090661, pf_mask 0x01, 2022-07-15, rev 0x0017, size 20480
    sig 0x00090672, pf_mask 0x07, 2022-09-19, rev 0x0026, size 218112
    sig 0x00090675, pf_mask 0x07, 2022-09-19, rev 0x0026
    sig 0x000b06f2, pf_mask 0x07, 2022-09-19, rev 0x0026
    sig 0x000b06f5, pf_mask 0x07, 2022-09-19, rev 0x0026
    sig 0x000906a3, pf_mask 0x80, 2022-09-19, rev 0x0424, size 217088
    sig 0x000906a4, pf_mask 0x80, 2022-09-19, rev 0x0424
    sig 0x000906ed, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 104448
    sig 0x000a0652, pf_mask 0x20, 2022-07-31, rev 0x00f4, size 96256
    sig 0x000a0653, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 97280
    sig 0x000a0655, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 96256
    sig 0x000a0660, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 97280
    sig 0x000a0661, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 96256
    sig 0x000a0671, pf_mask 0x02, 2022-08-02, rev 0x0056, size 103424

We need to update to this version because
https://ftp.debian.org/debian/pool/non-free/i/intel-microcode/intel-microcode_3.20220809.1.tar.xz
has been removed.

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
2023-01-26 00:22:08 +01:00
Nick Hainke
d68a73a025 tcpdump: update to 4.99.3
Changes:
https://git.tcpdump.org/tcpdump/blob/032e4923e5202ea4d5a6d1cead83ed1927135874:/CHANGES

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-26 00:17:59 +01:00
Wenli Looi
f0eb73a888 ath79: consolidate Netgear EX7300 series images
This change consolidates Netgear EX7300 series devices into two images
corresponding to devices that share the same manufacturer firmware
image. Similar to the manufacturer firmware, the actual device model is
detected at runtime. The logic is taken from the netgear GPL dumps in a
file called generate_board_conf.sh.

Hardware details for EX7300 v2 variants
---------------------------------------
SoC: QCN5502
Flash: 16 MiB
RAM: 128 MiB
Ethernet: 1 gigabit port
Wireless 2.4GHz (currently unsupported due to lack of ath9k support):
- EX6250 / EX6400 v2 / EX6410 / EX6420: QCN5502 3x3
- EX7300 v2 / EX7320: QCN5502 4x4
Wireless 5GHz:
- EX6250: QCA9986 3x3 (detected by ath10k as QCA9984 3x3)
- EX6400 v2 / EX6410 / EX6420 / EX7300 v2 / EX7320: QCA9984 4x4

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2023-01-25 00:42:52 +01:00
Christian Marangi
b61404a6ad
rssileds: bump PKG_RELEASE due to libiwinfo ABI change
Bump PKG_RELEASE due to libiwinfo ABI change to trigger a package
rebuild.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-23 13:55:42 +01:00
Christian Marangi
114c168522
rpcd: bump libiwinfo abi requirement to >= 2023-01-21
Bump libiwinfo abi requirement to >= 2023-01-21 for rpcd.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-23 13:55:42 +01:00
Christian Marangi
57586ddd71
iwinfo: update to latest Git HEAD
1e4e709 iwinfo: readd missing define for IWINFO_AUTH in header

Fixes: #11860
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-23 13:54:13 +01:00
Christian Marangi
fb7f4d4b54
fstool: bump to latest Git HEAD
1ea5855 partname: Introduce fstools_partname_fallback_scan option

While at it also drop AUTORELEASE from PKG_RELEASE.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-22 17:30:42 +01:00
ValdikSS ValdikSS
2fc170cc21 openssl: fix VIA Padlock AES-192 and 256 encryption
Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.

This commit correctly sets the number of swapping loops to be done.

Upstream: 2bcf8e69bd

Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: ValdikSS ValdikSS <iam@valdikss.org.ru>
2023-01-22 01:33:33 +01:00
Hannu Nyman
a57796b137
dnsmasq: set an increased cachesize default value
Dnsmasq DNS cache size is only 150 by default.
Set the uci default value to 1000, so that cache gets used more
and unnecessary DNS queries to upstream can be avoided.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2023-01-21 11:13:44 +01:00
Christian Marangi
5d409062a3
rpcd: update to latest Git HEAD
c0df2a7 iwinfo: add "band" and "mhz" to the scan output
06ad60f iwinfo: add "band" to the freqlist output
b32fd32 iwinfo: add flags to freqlist output

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-21 01:26:19 +01:00
Christian Marangi
f3d8de7398
iwinfo: update to latest Git HEAD
Bump ABI to 20230121 due to struct changes

f766138 cli: print the flags on the frequency list
8ee7971 lib: add IWINFO_FREQ_FLAG_NAMES
81184d2 nl80211: fix some comments
2c4ee84 nl80211: prefer non-supplicant-based devices
6194aaf nl80211: simplify iterating over phy's devices
acbf4fe nl80211: remove redundant check in nl80211_phy2ifname()
0172c97 cli: print the frequency and band on the scan list
bbe424f cli: print the band on the frequency list
afa147c nl80211: add "mhz" and "band" to iwinfo_scanlist_entry
0d5ea34 nl80211: add "band" to iwinfo_freqlist_entry
dba0f06 nl80211: add support for radiation and indoor chan restriction
7e3d7de iwinfo: reorganize iwinfo header to enum and defines
9b47b03 devices: add USB devices supported by the mt76 driver
c0fda7c utils: skip comment lines when parsing devices.txt
dbc0ee7 cli: describe USB devices as such
891acee devices: add MediaTek MT7628 card
fac0787 devices: add support for declaring compatible matched devices

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-21 01:23:22 +01:00
Christian Marangi
bd0f9d8ffc
fstools: bump to latest Git HEAD
e9b59f0 partname: Ignore root=PARTUUID...

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-21 01:02:25 +01:00
Brian Norris
d3c19c71f6
base-files: Remove nand.sh dependency from emmc upgrade
emmc_do_upgrade() relies on identify() from the nand.sh upgrade helper.
This only works because FEATURES=emmc targets also tend to include
FEATURES=nand.

Rename identify_magic() to identify_magic_long() to match the common.sh
style and make it clear it pairs with other *_long() variants (and not,
say *_word()).

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-01-21 01:02:23 +01:00
Brian Norris
bf1634f318
ucode: update to latest Git HEAD
To bring in isatty() support.

Includes new commits:

be30472bfdbb fs: add `isatty()` function
0a58d510529e nl80211: add support for NL80211_ATTR_MPATH_INFO

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
[ remove additional merge commit ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-21 01:02:23 +01:00
André Valentin
5dee596501
ipq807x: Add ZyXEL NBG7815
ZyXEL NBG7815 is a premium 802.11ax "tri"-band router/AP.
Specifications:
* CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
* RAM: 1 GB 2x Nanya NT5CC256M16ER-EK
* Storage:
        * 8MB serial flash Winbond W25Q64DW
        * 4GB eMMC flash Kingston EMMC04G-M627
* Ethernet:
        * 4x1G RJ45 ports (QCA8074A) with 1x status LED per port
        * 1x2.5G RJ45 port (QCA8081) with 1x status LED
        * 1x10G RJ45 port (AQR113C) with 1x status LED
* Switch: Qualcomm Atheros QCA8075
* WLAN:
        * 2.4GHz: Qualcomm QCN5024 4x4@40MHz 802.11b/g/n/ax 1147 Mbps PHY rate
        * 2x 5GHz: Qualcomm QCN5054 4x4 802.11a/b/g/n/ac/ax 2402 PHY rate
* Bluetooth CSR8811 using HSUART, currently unsupported
* USB: 1x USB3.0 Type-A port
* LED-s currently not supported:
        * White
        * Dark Blu
        * Amber
        * Purple
        * Purple and dark blue
        * Red
* Buttons:
        * 1x Soft reset
* Power: 12V DC Jack

Installation instructions:
* Disconnect WAN
* Reset device to factory defaults by pushing reset button 15 sec,
  LEDs should lit orange color.
* After 5-10 minutes, when the LEDs turn constant dark blue,
  put your LAN cable and connect at address 192.168.123.1 by telnet on port 23
* Login with
  NBG7815 login: root
  password: nbg7815@2019
* cd /tmp/ApplicationData
* wget -O openwrt-ipq807x-generic-zyxel_nbg7815-squashfs-sysupgrade.bin http://...
* wget https://github.com/itorK/nbg7815_tools/blob/main/flash_to_openwrt.sh
* run flash_to_openwrt.sh
If you can't use wget, you can transfer the files via nc.
See https://openwrt.org/inbox/toh/zyxel/nbg7815_armor_g5 for installation details.

Bluetooth usage:
* you need at least package bluez-utils, recommended bluez-daemon
* run following commands to enable and start
  hciattach  /dev/ttyMSM1 bcsp
  hciconfig hci0 up

Many thanks to itorK for his work on this device:
https://github.com/itorK/openwrt/tree/nbg7815

Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: André Valentin <avalentin@marcant.net>
2023-01-19 13:26:15 +01:00
David Bauer
00f1463df7 mbedtls: move source modification to patch
Patch the mbedtls source instead of modifying the compile-targets
in the prepare buildstep within OpenWrt.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-01-18 23:36:22 +01:00
Jo Deisenhofer
ef9acfb68b uboot-mediatek: Fix ramips/mt76x8 buildbot
Move defines from header to defconfig
The package build and the Buildbot hang in 'make syncconfig' for
u-boot-ravpower_rp-wd009 because CONFIG_SYS_MIPS_TIMER_FREQ is not in
the .config, causing a console prompt. Also moved two other defines in
defconfig causing duplicate definition warnings.

Fixes: 3d5c5427e1 ("uboot-mediatek: update to U-Boot 2023.01")
Signed-off-by: Jo Deisenhofer <jo.deisenhofer@gmail.com>
2023-01-18 20:26:39 +00:00
Vincent Tremblay
afcf1a4de4
uboot-envtools: ipq40xx: fix WHW03V2 mtd partition
The configured u_env partition for the Linksys WHW03 V2 was not correct.
It should have been set to mtd6.

This fix allow to flash the OEM firmware from OpenWRT and to change the
boot partition using fw_setenv.

Fixes: 9e4ede8344 ("ipq40xx: add support for Linksys WHW03 V2")
Signed-off-by: Vincent Tremblay <vincent@vtremblay.dev>
2023-01-18 00:07:30 +01:00
Josef Schlehofer
2f83369e3e uboot-mvebu: update to version 2023.01
In the version 2023.01, the U-boot image was renamed because of the
upstream change [1]

[1] 87ac4b4b4c

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2023-01-17 23:17:33 +01:00
Nick Hainke
e846606900 libpcap: update to 1.10.3
Changelog:
https://git.tcpdump.org/libpcap/blob/95691ebe7564afa3faa5c6ba0dbd17e351be455a:/CHANGES

Refresh patch:
- 300-Add-support-for-B.A.T.M.A.N.-Advanced.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-17 23:16:02 +01:00
Nick Hainke
a04bbbbea4 ipset: update to 7.17
Release notes:
https://lwn.net/Articles/918784/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-17 23:14:46 +01:00
Martin Schiller
6e4c9738be ltq-vdsl-vr11-app: add version 4.23.1 for vr11 targets
This uses version 4.23.1 of the dsl_cpe_control package from the Intel
UGW 8.5.2.10 for the VRX518.

Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[rebased]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[update to 4.23.1, added Jan's vector mac patch, fix warnings,
 switch to tag tarball]
Signed-off-by: Andre Heider <a.heider@gmail.com>
[add missing nLine in autoboot script, fix disconnect on termination,
 remove unneeded VR9 leftovers in init script]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-16 23:41:41 +00:00
Andre Heider
6361eb47cd ltq-dsl-base: enable for ipq40xx
This is required by the DSL userland tool for hotplug support.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-16 23:41:41 +00:00
Martin Schiller
1f7ec35077 kernel: add new ltq-vdsl-vr11 driver
This uses version 4.23.1 of the drv_dsl_cpe_api package from the Intel
UGW 8.5.2.10 for the VRX518.

Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[rebased and updated for kernel 5.10]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[update to 4.23.1, switch to tag tarball, update patches]
Signed-off-by: Andre Heider <a.heider@gmail.com>
[added fix for elapsed time and upstream MINEFTR]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-16 23:41:41 +00:00
Martin Schiller
bc442076f2 kernel: add new ltq-vdsl-vr11-mei driver
This uses version 1.11.1 of the drv_mei_cpe package from the Intel UGW
8.5.2.10 for the VRX518.

Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[updated for kernel 5.10]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[update to 1.11.1, switch to tag tarball, update patches]
Signed-off-by: Andre Heider <a.heider@gmail.com>
[update for kernel 5.15]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-16 23:41:41 +00:00
Andre Heider
2a0aa9eefa ltq-ifxos: enable for ipq40xx
This is required for the MEI CPE driver.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-16 23:41:41 +00:00
Martin Schiller
474bbe23b7 kernel: add Intel/Lantiq VRX518 TC driver
This driver version is also included in Intel UGW 8.5.2.10.

Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[updated for kernel 5.10]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[update to 1.5.12.4, switch to tag tarball]
Signed-off-by: Andre Heider <a.heider@gmail.com>
[add working software data path]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-16 23:41:41 +00:00
Martin Schiller
568d17989f kernel: add Intel/Lantiq VRX518 EP driver
This driver was picked from the Intel UGW 8.5.2.

Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[updated for kernel 5.10]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[update to 8.5.2]
Signed-off-by: Andre Heider <a.heider@gmail.com>
[fix masking interrupts and add locking]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-16 23:41:41 +00:00
Daniel Golle
f0a98bf048
procd: update to git HEAD
04d7570 jail: fs: don't overwrite existing mount target
 6b9629b jail: don't assume positive return value of creat
 190f13a init: attempt to mount efivarfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-01-16 22:05:01 +00:00
Dirk Buchwalder
26c095cb4d ipq807x: add Dynalink DL-WRX36
Dynalink DL-WRX36 is a AX WIFI router with 4 1G and 1 2.5G ports.

Specifications:

    •     CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
    •     RAM: 1024MB of DDR3
    •     Storage: 256MB Nand
    •     Ethernet: 4x 1G RJ45 ports (QCA8075) + 1 2.5G Port (QCA8081)
    •     WLAN:
          2.4GHz: Qualcomm QCN5024 2x2 802.11b/g/n/ax 1174 Mbps PHY rate
          5GHz: Qualcomm QCN5054 4x4 802.11a/b/g/n/ac/ax 2402 PHY rate
    •     1x USB 3.0

    •     1 gpio-controlled dual color led (blue/red)

            • Buttons: 1x soft reset / 1x WPS
            • Power: 12V DC jack

        A poulated serial header is onboard (J1004)
        the connector size is a 4-pin 2.0 mm JST PH.
        RX/TX is working, u-boot bootwait is active, secure boot is enabled.

        Notes:
	- Serial is completely deactivated in the stock firmware image.
	- This commit adds only single partition support, that means
	  sysupgrade is upgrading the current rootfs partition.
	- Installation can be done by serial connection or
	  SSH access on OEM firmware

	Installation Instructions:

	Most part of the installation is performed from an initramfs image
	running OpenWrt, and there are two options to boot it.

	Boot initramfs option 1: Using serial connection (3.3V)
	1. Stop auto boot to get to U-boot shell
	2. Transfer initramfs image to device
	   (openwrt-ipq807x-generic-dynalink_dl-wrx36-initramfs-uImage.itb)
	   Tested using TFTP and a FAT-formatted USB flash drive.
	3. Boot the initramfs image
	   # bootm

	Boot initramfs option 2: From SSH access on OEM firmware
	1. Copy the initramfs image to a FAT-formatted flash drive
	   (tested on single-partition drive) and connect it to device USB port.
	2. Change boot command so it loads the initramfs image on next boot
	   Fallback to OEM firmware is provided.
	   # fw_setenv bootcmd 'usb start && fatload usb 0:1 0x44000000 openwrt-ipq807x-generic-dynalink_dl-wrx36-initramfs-uImage.itb && bootm 0x44000000; bootipq'
	3. Reboot the device to boot the initramfs
	   # reboot

	Install OpenWrt from initramfs image:
	1. Use SCP (or other way) to transfer OpenWrt factory image
	2. Connect to device using SSH (on a LAN port)
	3. Check MTD partition table.
	   rootfs and rootfs_1 should be mtd18 and mtd20
	   depending on current OEM slot.
	   # cat /proc/mtd
	4. Do a ubiformat to both rootfs partitions:
	   # ubiformat /dev/mtd18 -y -f /path_to/factory_image
	   # ubiformat /dev/mtd20 -y -f /path_to/factory_image
	5. Set U-boot env variable: mtdids
	   # fw_setenv mtdids 'nand0=nand0'
	6. Get offset of mtd18 to determine current OEM slot
	   - If current OEM slot is 1, offset is 16777216  (0x1000000)
	   - If current OEM slot is 2, offset is 127926272 (0x7a00000)
	   # cat /sys/class/mtd/mtd18/offset
	7. Set U-boot env variable: mtdparts
	   If current OEM slot is 1, run:
	   # fw_setenv mtdparts 'mtdparts=nand0:0x6100000@0x1000000(fs),0x6100000@0x7a00000(fs_1)'
	   If current OEM slot is 2, run:
	   # fw_setenv mtdparts 'mtdparts=nand0:0x6100000@0x7a00000(fs),0x6100000@0x1000000(fs_1)'
	8. Set U-boot env variable: bootcmd
	   # fw_setenv bootcmd 'setenv bootargs console=ttyMSM0,115200n8 ubi.mtd=rootfs rootfstype=squashfs rootwait; ubi part fs; ubi read 0x44000000 kernel; bootm 0x44000000#config@rt5010w-d350-rev0'
	9. Reboot the device
	   # reboot

        Note: this PR adds only single partition support, that means sysupgrade is
              upgrading the current rootfs partition

Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
2023-01-16 12:42:23 +01:00
Matthew Hagan
6e03304c76 ipq807x: add Edgecore EAP102
The Edgecore EAP102 is a wall/ceiling mountable AP. The AP can be
powered by either PoE or AC adapter.

Device info:
 - IPQ8071-A SoC
 - 1GiB RAM
 - 256MiB NAND flash
 - 32MiB SPI NOR
 - 2 Ethernet ports
 - 1 Console port
 - 2GHz/5GHz AX WLAN
 - 2 USB 2.0 ports

Install instructions:

Prerequistes - TFTP server, preferrably within 192.168.1.0/24
	       Console cable plugged in (115200 8N1 no flow control)

1. Power on device and interrupt u-boot to obtain u-boot CLI

2. set serverip to IP address of the TFTP server:

	`setenv serverip 192.168.1.250`

3. Download image from TFTP server:

	`tftpboot 0x44000000 openwrt-ipq807x-generic-edgecore_eap102-squashfs-nand-factory.ubi`

4. Flash ubi image to both partitions and reset:

	`sf probe
	 imxtract 0x44000000 ubi
	 nand device 0
	 nand erase 0x0 0x3400000
	 nand erase 0x3c00000 0x3400000
	 nand write $fileaddr 0x0 $filesize
	 nand write $fileaddr 0x3c00000 $filesize
	 reset`

Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
2023-01-16 12:42:23 +01:00
Robert Marko
2ddb2057cd ipq807x: Add Xiaomi AX9000
Xiaomi AX9000 is a premium 802.11ax "tri"-band router/AP.
Specifications:
* CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
* RAM: 1024MB of DDR3
* Storage: 256MB of parallel NAND
* Ethernet:
	* 4x1G RJ45 ports (QCA8075) with 1x status LED per port
	* 1x2.5G RJ45 port (QCA8081) with 1x status LED
* WLAN:
	* PCI based Qualcomm QCA9889 1x1 802.11ac Wawe 2 for IoT
	* 2.4GHz: Qualcomm QCN5024 4x4@40MHz 802.11b/g/n/ax 1147 Mbps PHY rate
	* 5.8GHz: Qualcomm QCN5054 4x4@80MHz or 2x2@160MHz 802.11a/b/g/n/ac/ax 2402Mbps PHY rate
	* 5GHz: PCI based Qualcomm QCN9024 4x4@160MHz 802.11a/b/g/n/ac/ax 4804Mbps PHY rate
* USB: 1x USB3.0 Type-A port
* LED-s:
	* System (Blue and Yellow)
	* Network (Blue and Yellow)
	* RGB light bar on top in X shape
* Buttons:
	* 1x Power switch
	* 1x Soft reset
	* 1x Mesh button
* Power: 12V DC Jack

Installation instructions:

Obtaining SSH access is mandatory
https://openwrt.org/inbox/toh/xiaomi/ax9000#obtain_ssh_access

Installation is done by the ubiformat method, through SSH:
1. Open an SSH shell to the router
2. Copy the file openwrt-ipq807x-generic-xiaomi_ax9000-initramfs-factory.ubi to the /tmp directory
3. Check which rootfs partition is your router booted in (0 = rootfs | 1 = rootfs_1):
nvram get flag_boot_rootfs

4. Find the rootfs and rootfs_1 mtd indexes respectively:
cat /proc/mtd
Please confirm if mtd21 and mtd22 are the correct indexes from above!

5. Use the command ubiformat to flash the opposite mtd with UBI image:

If nvram get flag_boot_rootfs returned 0:
ubiformat /dev/mtd22 -y -f /tmp/openwrt-ipq807x-generic-xiaomi_ax9000-initramfs-factory.ubi && nvram set flag_boot_rootfs=1 && nvram set flag_last_success=1 && nvram commit

otherwise:
ubiformat /dev/mtd21 -y -f /tmp/openwrt-ipq807x-generic-xiaomi_ax9000-initramfs-factory.ubi && nvram set flag_boot_rootfs=0 && nvram set flag_last_success=0 && nvram commit

6. Reboot the device by:
reboot

Previous commands flashed an ubinized OpenWrt initramfs that will serve as the intermediate step
since OpenWrt uses unified rootfs in order to fully utilize NAND and provide enough space for packages.
Continue in order to pernamently flash OpenWrt:

7. SSH into OpenWrt from one of the LAN ports
8. Copy the file openwrt-ipq807x-generic-xiaomi_ax9000-squashfs-sysupgrade.bin to the /tmp directory
9. Sysupgrade the device:
sysupgrade -n /tmp/openwrt-ipq807x-generic-xiaomi_ax9000-squashfs-sysupgrade.bin

Device will reboot with OpenWrt, and then sysupgrade can be used to upgrade the device when desired.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-01-16 12:42:23 +01:00
Dirk Buchwalder
bd17683261 ipq807x: add QNAP 301w
QNAP 301w is a AX WIFI router with 4 1G and 2 10G ports.

Specifications:

    •     CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
    •     RAM: 1024MB of DDR3
    •     Storage: 4GB eMMC (contains kernel and rootfs) / 8MB NOR
          (contains art and u-boot-env)
    •     Ethernet: 4x 1G RJ45 ports + 2 10G ports (Aquantia AQR113C)
    •     WLAN:
          2.4GHz: Qualcomm QCN5024 4x4 (40 MHz) 802.11b/g/n/ax 1174 Mbps PHY rate
          5GHz: Qualcomm QCN5054 4x4 (80 MHz) or 2x2 (160 MHz) 802.11a/b/g/n/ac/ax 2402 PHY rate

    •     LEDs:
          7 x GPIO-controlled dual color LEDs + 2 GPIO-controlled single color LEDs

            • Buttons: 1x soft reset / 1x WPS
            • Power: 12V DC jack

        A poulated serial header is onboard.
        RX/TX is working, bootwait is active, secure boot is not enabled.

        SSH can be activated in the stock firmware, hold WPS button til the second beep
	(yes the router has a buzzer)
        SSH is available on port 22200, login with user admin and
	password "mac address of the router".

        Installation Instructions:

            • obtain serial access (https://openwrt.org/inbox/toh/qnap/301w#serial)
            • stop auto boot
            • setenv serverip 192.168.10.1
            • setenv ipaddr 192.168.10.10
            • tftpboot the initramfs image
              (openwrt-ipq807x-generic-qnap_301w-initramfs-fit-uImage.itb)
            • bootm

            • make sure that current_entry is set to "0":
              "fw_printenv -n current_entry" should be print "0". If not,
	       do "fw_setenv current_entry 0"
            • copy openwrt-ipq807x-generic-qnap_301w-squashfs-sysupgrade.bin
	          to the device to /tmp folder
            • sysupgrade -n /tmp/openwrt-ipq807x-generic-qnap_301w-squashfs-sysupgrade.bin
              this flashes openwrt to the first kernel and rootfs partition (mmcblk0p1 / mmcblk0p4)
            • reboot

        Note: this leaves the second kernel / rootfs parition untouched. So if you want
              to go back to stock, stop u-boot autoboot, "setenv current_entry 1" ,
	       "saveenv", "bootipq".
              Stock firmware should start from the second partition.
	      Then do a firmwareupgrade in the stock gui, that should overwrite the openwrt
	      in the first partitions

        Make 10G Aquantia phy's work:
              The aquantia phy's need a firmware to work. This can either be loaded
	      in linux with a userspace tool or in u-boot.

              I was not successfull to load the firmware in linux (aq-fw-download) but luckily there is
	      aq_load_fw available in u-boot. But first the right firmware needs to write
	      to the 0:ETHPHYFW mtd partition (it is empty on my device)

              Grab the ethphy firmware image from:
	      https://github.com/kirdesde/nbg7815_gpl/blob/master/target/linux/ipq/ipq807x_64/prebuilt_images/AQR_ethphyfw.mbn
	      and scp that to openwrt.

              Check the 0:ETHPHYFW partition number:
              cat /proc/mtd|grep "0:ETHPHYFW", should be mtd10.

              Backup the 0:ETHPHYFW partition:
              dd if=/dev/mtd10 of=/tmp/ethphyfw.backup, scp ethphyfw.backup to a save place.

              Write the new firmware image to the 0:ETHPHYFW partition:
              "mtd erase /dev/mtd10", "mtd -n write AQR_ethphyfw.mbn /dev/mtd10".

              Reboot to u-boot.

              Check if aq_load_fw is working:

              "aq_load_fw 0", that checks the firmware and if successfull,
	      loads iram and dram to one of the aquantia phy's.

              If that worked, add the aq_load_fw to the bootcmd:
              setenv bootcmd "aq_load_fw 0 && aq_load_fw 8 && bootipq"

              "saveenv"

              "reset"

              Board reboots and the firmware load to both phy's should start and
	      then openwrt boots.

              Check if the 10G ports work.

              Note: lan port labeled "10G-2" is configured as WAN port as per default.
	      All other port are in the br-lan. This can be changed in the network config.

Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
2023-01-16 12:42:23 +01:00
Dirk Buchwalder
a36fc589fe ipq807x: add Edimax CAX1800
Edimax CAX1800 is a 802.11 ax dual-band AP
with PoE. AP can be ceiling or wall mount.

Specifications:

    •     CPU: Qualcomm IPQ8070A Quad core Cortex-A53 1.4GHz
    •     RAM: 512MB of DDR3
    •     Storage: 128MB NAND (contains rootfs) / 8MB NOR (contains art and uboot-env)
    •     Ethernet: 1x 1G RJ45 port (QCA8072) PoE
    •     WLAN:
          2.4GHz: Qualcomm QCN5024 2x2 802.11b/g/n/ax 574 Mbps PHY rate
          5GHz: Qualcomm QCN5054 2x2 802.11a/b/g/n/ac/ax 1201 PHY rate

    •     LEDs:
          3 x GPIO-controlled System-LEDs
          (form one virtual RGB System-LED)
            black_small_square  Buttons: 1x soft reset
            black_small_square  Power: 12V DC jack or PoE (802.3af )

        An unpopulated serial header is onboard.
        RX/TX is working, bootwait is active, secure boot is not enabled.

        SSH can be activated in the stock firmware, but it drops only
        to a limited shell .

        Installation Instructions:

            black_small_square obtain serial access
            black_small_square stop auto boot

            black_small_square tftpboot the initramfs image (serverip is set to 192.168.99.8 in uboot)
            black_small_square bootm

            black_small_square copy openwrt-ipq807x-generic-edimax_cax1800-squashfs-nand-factory.ubi
	      to the device
            black_small_square write the image to the NAND:
            black_small_square cat /proc/mtd and look for rootfs partition (should be mtd0)
            black_small_square ubiformat /dev/mtd0 -f -y  openwrt-ipq807x-generic-edimax_cax1800-squashfs-
              nand-factory.ubi
            black_small_square reboot

	Note: Device is not using dual partitioning (NAND contains other partitions
        with different manufacture data etc.)
	Draytek VigorAP 960C and Lancom LW-600 both look similar, but I haven't checked them.

Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
2023-01-16 12:42:23 +01:00
Zhijun You
8253cb2de5 ipq807x: add Redmi AX6
Redmi AX6 is a budget 802.11ax dual-band router/AP

Specifications:
* CPU: Qualcomm IPQ8071A Quad core Cortex-A53 1.4GHz
* RAM: 512MB of DDR3
* Storage: 128MB NAND
* Ethernet: 4x1G RJ45 ports (QCA8075)
* WLAN:
	* 2.4GHz: Qualcomm QCN5024 2x2 802.11b/g/n/ax 574 Mbps PHY rate
	* 5GHz: Qualcomm QCN5054 4x4@80MHz or 2x2@160MHz 802.11a/b/g/n/ac/ax 2402 PHY rate
* LEDs:
	* System (Blue/Yellow)
	* Network (Blue/Yellow)
*Buttons: 1x soft reset
*Power: 12V DC jack

Installation instructions:

Obtaining SSH access is mandatory
https://openwrt.org/inbox/toh/xiaomi/xiaomi_redmi_ax6_ax3000#ssh_access

Installation is done by the ubiformat method, through SSH:
1. Open an SSH shell to the router
2. Copy the file openwrt-ipq807x-generic-redmi_ax6-initramfs-factory.ubi to the /tmp directory
3. Check which rootfs partition is your router booted in (0 = rootfs | 1 = rootfs_1):
nvram get flag_boot_rootfs

4. Find the rootfs and rootfs_1 mtd indexes respectively:
cat /proc/mtd
Please confirm if mtd12 and mtd13 are the correct indexes from above!

5. Use the command ubiformat to flash the opposite mtd with UBI image:

If nvram get flag_boot_rootfs returned 0:
ubiformat /dev/mtd13 -y -f /tmp/openwrt-ipq807x-generic-redmi_ax6-initramfs-factory.ubi && nvram set flag_boot_rootfs=1 && nvram set flag_last_success=1 && nvram commit

otherwise:
ubiformat /dev/mtd12 -y -f /tmp/openwrt-ipq807x-generic-redmi_ax6-initramfs-factory.ubi && nvram set flag_boot_rootfs=0 && nvram set flag_last_success=0 && nvram commit

6. Reboot the device by:
reboot

Previous commands flashed an ubinized OpenWrt initramfs that will serve as the intermediate step
since OpenWrt uses unified rootfs in order to fully utilize NAND and provide enough space for packages.
Continue in order to pernamently flash OpenWrt:

7. SSH into OpenWrt from one of the LAN ports
8. Copy the file openwrt-ipq807x-generic-redmi_ax6-squashfs-sysupgrade.bin to the /tmp directory
9. Sysupgrade the device:
sysupgrade -n /tmp/openwrt-ipq807x-generic-redmi_ax6-squashfs-sysupgrade.bin

Device will reboot with OpenWrt, and then sysupgrade can be used to upgrade the device when desired.

Signed-off-by: Zhijun You <hujy652@gmail.com>
2023-01-16 12:42:23 +01:00
Robert Marko
8364f08164 ipq807x: add Xiaomi AX3600
Xiaomi AX3600 is a budget 802.11ax dual-band router/AP.
Specifications:
* CPU: Qualcomm IPQ8071A Quad core Cortex-A53 1.4GHz
* RAM: 512MB of DDR3
* Storage: 256MB of parallel NAND
* Ethernet: 4x1G RJ45 ports (QCA8075) with 1x status LED per port
* WLAN:
	* PCI based Qualcomm QCA9889 1x1 802.11ac Wawe 2 for IoT
	* 2.4GHz: Qualcomm QCN5024 2x2 802.11b/g/n/ax 574 Mbps PHY rate
	* 5GHz: Qualcomm QCN5054 4x4@80MHz or 2x2@160MHz 802.11a/b/g/n/ac/ax 2402 PHY rate
* LED-s:
	* System (Blue and Yellow)
	* IoT (Blue)
	* Network (Blue and Yellow)
* Buttons: 1x Soft reset
* Power: 12V DC Jack

Installation instructions:

Obtaining SSH access is mandatory
https://openwrt.org/inbox/toh/xiaomi/xiaomi_ax3600#obtain_ssh_access

Installation is done by the ubiformat method, through SSH:
1. Open an SSH shell to the router
2. Copy the file openwrt-ipq807x-generic-xiaomi_ax3600-initramfs-factory.ubi to the /tmp directory
3. Check which rootfs partition is your router booted in (0 = rootfs | 1 = rootfs_1):
nvram get flag_boot_rootfs

4. Find the rootfs and rootfs_1 mtd indexes respectively:
cat /proc/mtd
Please confirm if mtd12 and mtd13 are the correct indexes from above!

5. Use the command ubiformat to flash the opposite mtd with UBI image:

If nvram get flag_boot_rootfs returned 0:
ubiformat /dev/mtd13 -y -f /tmp/openwrt-ipq807x-generic-xiaomi_ax3600-initramfs-factory.ubi -s 2048 -O 2048 && nvram set flag_boot_rootfs=1 && nvram set flag_last_success=1 && nvram commit

otherwise:
ubiformat /dev/mtd12 -y -f /tmp/openwrt-ipq807x-generic-xiaomi_ax3600-initramfs-factory.ubi -s 2048 -O 2048 && nvram set flag_boot_rootfs=0 && nvram set flag_last_success=0 && nvram commit

6. Reboot the device by:
reboot

Previous commands flashed an ubinized OpenWrt initramfs that will serve as the intermediate step
since OpenWrt uses unified rootfs in order to fully utilize NAND and provide enough space for packages.
Continue in order to pernamently flash OpenWrt:

7. SSH into OpenWrt from one of the LAN ports
8. Copy the file openwrt-ipq807x-generic-xiaomi_ax3600-squashfs-sysupgrade.bin to the /tmp directory
9. Sysupgrade the device:
sysupgrade -n /tmp/openwrt-ipq807x-generic-xiaomi_ax3600-squashfs-sysupgrade.bin

Device will reboot with OpenWrt, and then sysupgrade can be used to upgrade the device when desired.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-01-16 12:42:23 +01:00
Robert Marko
2558e7b443 kernel: add Qualcomm NSS dataplane ethernet driver
Qualcomm NSS-DP is as its name says Qualcomms ethernet driver for the NSS
subsystem (Networking subsystem) built-into various Qualcomm SoCs.

It has 2 modes of operation:
* Without NSS FW and rest of code required for offloading

This is the one that we will use as the amount of kernel patching required
for NSS offloading and the fact that its not upstreamable at all makes it
unusable for us.

Driver in this mode is rather basic, it currently only offers NAPI GRO
(Added by us as part of the fixup) and basically relies on the powerfull
CPU to get good throughput.

* With NSS FW and rest of code required for offloading

In this mode, driver just registers the interfaces and hooks them into
NSS-ECM to allow offloading.
This mode is not viable for use in OpenWrt due to reasons already described
above.

This driver is required for ipq807x to have wired networking until a better
one is available, so lets add the fixed-up version for 5.15 for now.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-01-16 12:42:23 +01:00
Robert Marko
c608f70325 kernel: add Qualcomm SSDK driver
Qualcomm SSDK is driver for Qualcomm Atheros switches and PHY-s.

It is quite complicated and used by rest of the Qualcomm SDK stack for
anything switch or PHY related.

It is required for IPQ807x support as currently, there is no better driver
for the built-in switch or UNIPHY.

So, lets add the fixed-up version that supports kernel 5.15 for use on
ipq807x target until a better driver is available.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-01-16 12:42:23 +01:00
Robert Marko
35f28f2838 mac80211: add ath11k AHB support
This is the follow up to the PCI support commit now providing support for
AHB variant as well, though currently only for ipq807x as that is only
OpenWrt supported SoC ath11k supports as well.

Currently, we are disabling coldboot calibration on ipq807x as it does not
work, there is a remoteproc bug that makes it come late out of reset so
disable coldboot until that is fixed.

Also, as ath11k is quite memory hungry, we are introducing a config option
to use the limits for 512MB of RAM, similar to what QCA does downstream but
in way simpler and cleaner way so that 512MB save some RAM.
512MB profile is also set as the default for now.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-01-16 12:42:23 +01:00
Robert Marko
b5f32064ed ipq807x: add Qualcomm Atheros IPQ807x target
Qualcomm Atheros IPQ807x is a modern WiSoC featuring:
* Quad Core ARMv8 Cortex A-53
	* @ 2.2 GHz (IPQ8072A/4A/6A/8A) Codename Hawkeye
	* @ 1.4 GHz (IPQ8070A/1A) Codename Acorn
* Dual Band simultaneaous IEEE 802.11ax
	* 5G: 8x8/80 or 4x4/160MHz (IPQ8074A/8A)
	* 5G: 4x4/80 or 2x2/160MHz (IPQ8071A/2A/6A)
	* 5G: 2x2/80MHz (IPQ8070A)
	* 2G: 4x4/40MHz (IPQ8072A/4A/6A/8A)
	* 2G: 2x2/40MHz (IPQ8070A/1A)
* 1x PSGMII via QCA8072/5 (Max 5x 1GbE ports)
* 2x SGMII/USXGMII (1/2.5/5/10 GbE) on Hawkeye
* 2x SGMII/USXGMII (1/2.5/5 GbE) on Acorn
* DDR3L/4 32/16 bit up to 2400MT/s
* SDIO 3.0/SD card 3.0/eMMC 5.1
* Dual USB 3.0
* One PCIe Gen2.1 and one PCIe Gen3.0 port (Single lane)
* Parallel NAND (ONFI)/LCD
* 6x QUP BLSP SPI/I2C/UART
* I2S, PCM, and TDMA
* HW PWM
* 1.8V configurable GPIO
* Companion PMP8074 PMIC via SPMI (GPIOS, RTC etc)

Note that only v2 SOC models aka the ones ending with A suffix are
supported, v1 models do not comply to the final 802.11ax and have
lower clocks, lack the Gen3 PCIe etc.

SoC itself has two UBI32 cores for the NSS offloading system, however
currently no offloading is supported.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-01-16 12:42:23 +01:00
Robert Marko
4f592fb819 mac80211: ath11k: hack for multiple card support
This is a temporary workaround for supporting multiple cards or AHB+PCI.

There is ongoing upstream work to properly support this based of
advertised FW features, but that is still ongoing.

This is only supported on QCN9074 cards due to FW limitation, so HW ID
is checked in order to prevent breaking QCA6390 and other popular cards.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-01-16 12:42:23 +01:00
Robert Marko
af6da88814 firmware: add ath11k-firmware package
Package ath11k firmware for AHB devices as well as QCN9074 which is a non
consumer card targeted as a companion for QCA WiSoC-s.

linux-firmware is always out of date for these, so fetch them from Kalle-s
repo like we do for ath10k.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-01-16 12:42:23 +01:00
Harm Berntsen
09f313bfd7 ramips: mt7621: Add Arcadyan WE420223-99 support
The Arcadyan WE420223-99 is a WiFi AC simultaneous dual-band access
point distributed as Experia WiFi by KPN in the Netherlands. It features
two ethernet ports and 2 internal antennas.

Specifications
--------------
SOC   : Mediatek MT7621AT
ETH   : Two 1 gigabit ports, built into the SOC
WIFI  : MT7615DN
BUTTON: Reset
BUTTON: WPS
LED   : Power (green+red)
LED   : WiFi (green+blue)
LED   : WPS (green+red)
LED   : Followme (green+red)
Power : 12 VDC, 1A barrel plug

Winbond variant:
RAM   : Winbond W631GG6MB12J, 1GBIT DDR3 SDRAM
Flash : Winbond W25Q256JVFQ, 256Mb SPI
U-Boot: 1.1.3 (Nov 23 2017 - 16:40:17), Ralink 5.0.0.1

Macronix variant:
RAM   : Nanya NT5CC64M16GP-DI, 1GBIT DDR3 SDRAM
Flash : MX25l25635FMI-10G, 256Mb SPI
U-Boot: 1.1.3 (Dec  4 2017 - 11:37:57), Ralink 5.0.0.1

Serial
------
The serial port needs a TTL/RS-232 3V3 level converter! The Serial
setting is 57600-8-N-1. The board has an unpopulated 2.54mm straight pin
header.

The pinout is: VCC (the square), RX, TX, GND.

Installation
------------
See the Wiki page [1] for more details, it comes down to:

1. Open the device, take off the heat sink
2. Connect the SPI flash chip to a flasher, e.g. a Raspberry Pi. Also
   connect the RESET pin for stability (thanks @FPSUsername for reporting)
3. Make a backup in case you want to revert to stock later
4. Flash the squashfs-factory.trx file to offset 0x50000 of the flash
5. Ensure the bootpartition variable is set to 0 in the U-Boot
   environment located at 0x30000

Note that the U-Boot is password protected, this can optionally be
removed. See the forum [2] for more details.

MAC Addresses(stock)
--------------------
+----------+------------------+-------------------+
| use      | address          | example           |
+----------+------------------+-------------------+
| Device   | label            | 00:00:00:11:00:00 |
| Ethernet | + 3              | 00:00:00:11:00:03 |
| 2g       | + 0x020000f00001 | 02:00:00:01:00:01 |
| 5g       | + 1              | 00:00:00:11:00:01 |
+----------+------------------+-------------------+

The label address is stored in ASCII in the board_data partition

Notes
-----
- This device has a dual-boot partition scheme, but OpenWRT will claim
  both partitions for more storage space.

Known issues
------------
- 2g MAC address does not match stock due to missing support for that in
  macaddr_add
- Only the power LED is configured by default

References
----------
[1] https://openwrt.org/inbox/toh/arcadyan/astoria/we420223-99
[2] https://forum.openwrt.org/t/adding-openwrt-support-for-arcadyan-we420223-99-kpn-experia-wifi/132653

Acked-by: Arınç ÜNAL <arinc.unal@arinc9.com>
Signed-off-by: Harm Berntsen <git@harmberntsen.nl>
2023-01-15 13:41:02 +01:00
Vincent Tremblay
9e4ede8344 ipq40xx: add support for Linksys WHW03 V2
SOC:             Qualcomm IPQ4019
WiFi 1:          QCA4019 IEEE 802.11b/g/n
WiFi 2:          QCA4019 IEEE 802.11a/n/ac
WiFi 3:          QCA8888 IEEE 802.11a/n/ac
Bluetooth:       Qualcomm CSR8811 (A12U)
Zigbee:          Silicon Labs EM3581 NCP + Skyworks SE2432L
Ethernet:        Qualcomm Atheros QCA8072 (2-port)
Flash 1:         Mactronix MX30LF4G18AC-XKI
RAM (NAND):      SK hynix H5TC4G63CFR-PBA (512MB)
LED Controller:  NXP PCA9633 (I2C)
Buttons:         Single reset button (GPIO).

- The three WiFis were fully tested and are configured with the same settings as in the vendor firmware.
- The specific board files were submitted to the ATH10k mailing list but I'm still waiting for a reply. They can be removed once they are approved upstream.
- Two ethernet ports are accessible on the device. By default one is configured as WAN and the other one is LAN. They are fully working.

Bluetooth:
========
- Fully working with the following caveats:
  - RFKILL need to be enabled in the kernel.
  - An older version of bluez is needed as bccmd is needed to configure the chip.

Zigbee:
======
- The spidev device is available in the /dev directory.
- GPIOs are configured the same way as in the vendor firmware.
- Tests are on-going. I am working on getting access to the Silicon Labs stack to validate that it is fully working.

Installation:
=========
The squash-factory image can be installed via the Linksys Web UI:
1. Open "http://192.168.1.1/ca" (Change the IP with the IP of your device).
2. Login with your admin password.
3. To enter into the support mode, click on the "CA" link and the bottom of the page.
4. Open the "Connectivity" menu and upload the squash-factory image with the "Choose file" button.
5. Click start. Ignore all the prompts and warnings by click "yes" in all the popups.

The device uses a dual partition mechanism. The device automatically revert to the previous partition after 3 failed boot attempts.
If you want to force the previous firmware to load, you can turn off and then turn on the device for 2 seconds, 3 times in a row.

It can also be done via TFTP:
1. Setup a local TFTP server and configure its IP to 192.168.1.100.
2. Rename your image to "nodes_v2.img" and put it to the TFTP root of your server.
3. Connect to the device through the serial console.
4. Power on device and press enter when prompted to drop into U-Boot.
5. Flash the partition of your choice by typing "run flashimg" or "run flashimg2".
6. Once flashed, enter "reset" to reboot the device.

Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Vincent Tremblay <vincent@vtremblay.dev>
2023-01-15 12:55:38 +01:00
Marcin Gajda
700c47a5f6 ipq40xx: Add support ZTE MF18A
Light and small router ( In Poland operators sells together with MC7010 outdoor modem to provide WIFI inside home).
Device specification

SoC Type: Qualcomm IPQ4019
RAM: 256 MiB
Flash: 128 MiB SPI NAND (Winbond W25N01GV)
ROM: 2MiB SPI Flash (GD25Q16)
Wireless 2.4 GHz (IP4019): b/g/n, 2x2
Wireless 5 GHz (QCA9982): a/n/ac, 3x3
Ethernet: 2xGbE (WAN/LAN1, LAN2)
USB ports: No
Button: 2 (Reset/WPS)
LEDs: 3 external leds: Power (blue) , WiFI (blue and red), SMARTHOME (blue and red) and 1 internal (blue) -- NOTE: Power controls all external led (if down ,all others also not lights even signal is up)
Power: 5VDC, 2,1A via USB-C socket
Bootloader: U-Boot
On board ZWave and Zigbee (EFR32 MG1P232GG..)  modules ( not supported by orginal software )
Installation

 1.Open MF18A case by ungluing rubber pad under the router and unscrew screws, and connect to serial console port,
   with the following pinout, starting from pin 1, which is the topmost pin when the board is upright (reset button on the bottom) :

    VCC (3.3V). Do not use unless you need to source power for the converer from it.
    TX
    RX
    GND

    Default port configuration in U-boot as well as in stock firmware is 115200-8-N-1.

 2.Place OpenWrt initramfs image for the device on a TFTP in the server's root. This example uses Server IP: 192.168.0.2

 3.Connect TFTP server to RJ-45 port (WAN/LAN1).

 4.Power on MF18A , stop in u-Boot (using ESC button) and run u-Boot commands:
    setenv serverip 192.168.0.2
    setenv ipaddr 192.168.0.1
    set fdt_high 0x85000000
    tftpboot 0x84000000 openwrt-ipq40xx-generic-zte_mf18a-initramfs-fit-zImage.itb
    bootm 0x84000000

 5.Please make backup of original partitions, if you think about revert to stock, specially mtd8 (Web UI) and mtd9 (rootFS). Use /tmp as temporary storage and do:

WEB PARITION

cat /dev/mtd8 > /tmp/mtd8.bin
scp /tmp/mtd8.bin root@YOURSERVERIP:/
rm /tmp/mtd8.bin
ROOT PARITION

cat /dev/mtd9 > /tmp/mtd9.bin
scp /tmp/mtd9.bin root@YOURSERVERIP:/
rm /tmp/mtd9.bin

If you are sure ,that you want to flash openwrt, from uBoot, before bootm, clean rootfs partition with command:
nand erase 0x1800000 0x1D00000

 6.Login via ssh or serial and remove stock partitions (default IP 192.168.1.1):
ubiattach -m 9 # it could return error if ubi was attached before or rootfs part was erased before
ubirmvol /dev/ubi0 -N ubi_rootfs # it could return error if rootfs part was erased before
ubirmvol /dev/ubi0 -N ubi_rootfs_data # some devices doesn't have it

 7. Install image via :
sysupgrade -n /tmp/openwrt-ipq40xx-generic-zte_mf18a-squashfs-sysupgrade.bin

previously wgeting bin. Sometimes it could print ubi attach error, but please ignore it if process goes forward.

Back to Stock (!!! need original dump taken from initramfs !!!) -------------

Place mtd8.bin and mtd9.bin initramfs image for the device on a TFTP in the server's root. This example uses Server IP: 192.168.0.2
Connect serial console (115200,8n1) to serial console connector .
Connect TFTP server to RJ-45 port (WAN/LAN1).
rename mtd8.bin to web.img and mtd9.bin to root_uImage_s
Stop in u-Boot (using ESC button) and run u-Boot commands:
This will erase Web and RootFS:
nand erase 0x1000000 0x800000
nand erase 0x1800000 0x1D00000

This will restore RootFS:
tftpboot 0x84000000 root_uImage_s
nand erase 0x1800000 0x1D00000
nand write 0x84000000 0x1800000 0x1D00000

This will restore Web Interface:
tftpboot 0x84000000 web.img
nand erase 0x1000000 0x800000
nand write 0x84000000 0x1000000 0x800000

After first boot on stock firwmare, do a factory reset. Push reset button for 5 seconds so all parameters will be reverted to the one printed on label on bottom of the router

As reference was taken MF289F support by Giammarco Marzano stich86@gmail.com and MF286D by Pawel Dembicki paweldembicki@gmail.com

Signed-off-by: Marcin Gajda <mgajda@o2.pl>
2023-01-14 19:19:36 +01:00
Mikhail Zhilkin
1a35edfbdb ramips: add basic support for TP-Link EC330-G5u v1
This adds basic support for TP-Link EC330-G5u Ver:1.0 router (also known
as TP-Link Archer C9ERT).

Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 128 MiB, Nanya NT5CC64M16GP-DI
Flash: 128 MiB NAND, ESMT F59L1G81MA-25T
Wireless 2.4 GHz (MediaTek MT7615N): b/g/n, 4x4
Wireless 5 GHz (MediaTek MT7615N): a/n/ac, 4x4
Ethernet: 5xGbE (WAN, LAN1, LAN2, LAN3, LAN4)
USB ports: 1xUSB3.0
Button: 4 (Led, WiFi On/Off, Reset, WPS)
LEDs: 7 blue LEDs, 1 orange(amber) LED, 1 white(non-gpio) LED
Power: 12 VDC, 2 A
Connector type: Barrel
Bootloader: First U-Boot (1.1.3), Main U-Boot (1.1.3). Additionally,
original TP-Link firmware contains Image U-Boot (1.1.3).

Serial console (UART)
---------------------
                            V
+-------+-------+-------+-------+
| +3.3V |  GND  |  TX   |  RX   |
+---+---+-------+-------+-------+
    |              J2
    |
    +--- Don't connect

Installation
------------
1. Rename OpenWrt initramfs image to test.bin and place it on tftp server
   with IP 192.168.0.5
2. Attach UART, switch on the router and interrupt the boot process by
   pressing 't'
3. Load and run OpenWrt initramfs image:
      tftpboot
      bootm
4. Once inside OpenWrt, switch to the first boot image:
      fw_setenv BootImage 0
5. Run 'sysupgrade -n' with the sysupgrade OpenWrt image

Back to Stock
-------------
1. Run in the OpenWrt shell:
      fw_setenv BootImage 1
      reboot

Recovery
--------
1. Press Reset button and power on the router
2. Navigate to U-Boot recovery web server (http://192.168.0.1/) and upload
   the OEM firmware

MAC addresses
-------------
+---------+-------------------+-------------------+-------------+
|         | MAC example 1     | MAC example 2     | Algorithm   |
+---------+-------------------+-------------------+-------------+
| label   | 68:ff:7b:xx:xx:f4 | 50:d4:f7:xx:xx:da | label       |
| LAN     | 68:ff:7b:xx:xx:f4 | 50:d4:f7:xx:xx:da | label       |
| WAN     | 72:ff:7b:xx:xx:f5 | 54:d4:f7:xx:xx:db | label+1 [1] |
| WLAN 2g | 68:ff:7b:xx:xx:f4 | 50:d4:f7:xx:xx:da | label       |
| WLAN 5g | 68:ff:7b:xx:xx:f6 | 50:d4:f7:xx:xx:dc | label+2     |
+---------+-------------------+-------------------+-------------+
label MAC address was found in factory at 0x165 (text format
xx:xx:xx:xx:xx:xx).

Notes
-----
[1] WAN MAC address:
   a. First octet of WAN MAC is differ than others and OUI is not related
      to TP-Link company. This probably should be fixed.
   b. Flipping bits in first octet and hex delta are different for the
      different MAC examples:
      +-----------------+----------------+----------------+
      |                 | Example 1      | Example 2      |
      +-----------------+----------------+----------------+
      | LAN             | 68 = 0110 1000 | 50 = 0101 0000 |
      | MAC (1st octet) |         ^ ^ ^  |                |
      +-----------------+----------------+----------------+
      | WAN             | 72 = 0111 0010 | 54 = 0101 0100 |
      | MAC (1st octet) |         ^ ^ ^  |            ^   |
      +-----------------+----------------+----------------+
      | HEX delta       | 0xa            | 0x4            |
      +-----------------+----------------+----------------+
      | DEC delta       | 4              | 4              |
      +-----------------+----------------+----------------+
   c. DEC delta is a constant (4). This looks like a mistake in OEM
      firmware and probably should be fixed.
   Based on the above, I decided to keep correct OUI and make WAN MAC =
   label + 1.

[2] Bootloaders
   The device contains 3 bootloaders:
   - First U-Boot: U-Boot 1.1.3 (Mar 18 2019 - 12:50:24). The First U-Boot
     located on NAND Flash to load next full-feature Uboot.
   - Main U-Boot + its backup: U-Boot 1.1.3 (Mar 18 2019 - 12:50:29). This
     bootloader includes recovery webserver. Requires special uImages to
     continue the boot process:
        0x00 (os0, os1) - firmware uImage
        0x40 (os0, os1) - standalone uImage (OpenWrt kernel is here)
   - Additionally, both slots of the original TP-Link firmware contains
     Image U-Boot: U-Boot 1.1.3 (Oct 16 2019 - 08:14:45). It checks image
     magics and CRCs. We don't use this U-Boot with OpenWrt.

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2023-01-14 18:36:33 +01:00
Nick Hainke
c051693ef4 trace-cmd: update to v3.1.6
Update to latest release.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-13 22:02:20 +01:00
Nick Hainke
d649c32989 libtracefs: update to 1.6.4
Update to latest release.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-13 22:02:20 +01:00
Nick Hainke
d1bdf5a9d9 libtraceevent: update to 1.7.1
Update to latest release.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-13 22:02:20 +01:00
Daniel Golle
3d5c5427e1 uboot-mediatek: update to U-Boot 2023.01
Support for MT7981 and MT7986 has been merged, remove patches.
Tested on a couple of MT7986, MT7622 and MT7623 boards.
MIPS builds are untested.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-01-13 14:49:52 +00:00
Linhui Liu
5b605f4b51 uboot-envtools: update to 2023.01
Update to latest version.

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
2023-01-13 14:49:52 +00:00
Robert Marko
c83dbcdf8f
mac80211: ath11k: fix monitor bringup
Currently, ath11k will crash the crash if we try to bringup the monitor
mode interface.
Luckily, it has already been fixed upstream, so backport the patches
fixing it.

Fixes: 93ae4353cd ("mac80211: add ath11k PCI support")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-01-12 15:17:18 +01:00
Christian Marangi
d9aa41dcda
lldpd: use release tar instead of codeload
There is currently a problem with making reproducible version of lldpd.
The tool version is generated based on 3 source:
1. .dist-version file in release tar
2. git hash with presence of .git directory
3. current date

Using the codeload tar from github results in getting the repo without
the .git directory and since they are not release tar, we don't have
.dist-version. This results in having lldpd bin with a version set to
the current build time.

Switch to release tar so that we correctly have a .dist-version file and
the version is not based on the build time.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2023-01-12 14:55:07 +01:00
Hauke Mehrtens
76c67fcc66 ksmbd: Fix ZDI-CAN-18259
This fixes a security problem in ksmbd. It currently has the
ZDI-CAN-18259 ID assigned, but no CVE yet.

Backported from:
8824b7af40
cc4f3b5a6a

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-11 22:07:51 +01:00
Christian Marangi
ee397759b6
iwinfo: update to latest Git HEAD
c7b420a devices: add Qualcomm Atheros QCN6024/9024/9074 cards
5914d71 iwinfo: devices: add Qualcomm Atheros IPQ8074 WiSoC

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-10 00:54:31 +01:00
Felix Fietkau
0cc1c302b1 ucode-mod-bpf: add new package for a ucode libbpf binding
The bpf plugin provides functionality for loading and interacting with
eBPF modules.

It allows loading full modules and pinned maps/programs and supports
interacting with maps and attaching programs as tc classifiers.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-01-09 11:35:20 +01:00
Felix Fietkau
d6a284e4ce ucode: update to the latest version
34cfbb922c96 README.md: various spelling and documentation fixes
ff32355ea645 build: make rtnl/nl80211 depend on linux instead of !APPLE
c0e413c21f7b include: add uc_fn_thisval()
1e4d20932646 Merge pull request #134 from nbd168/thisval

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-01-09 11:35:20 +01:00
Hauke Mehrtens
25223b22c8 rtl8812au-ct: Ignore address errors
GCC 12.2.0 shows these error messages:
````
rtl8812au-ct-2021-11-07-39df5596/core/rtw_sta_mgt.c: In function 'rtw_mfree_stainfo':
rtl8812au-ct-2021-11-07-39df5596/core/rtw_sta_mgt.c:210:24: error: the comparison will always evaluate as 'true' for the address of 'lock' will never be NULL [-Werror=address]
  210 |         if(&psta->lock != NULL)
      |                        ^~
In file included from rtl8812au-ct-2021-11-07-39df5596/include/drv_types.h:109,
                 from rtl8812au-ct-2021-11-07-39df5596/core/rtw_sta_mgt.c:22:
rtl8812au-ct-2021-11-07-39df5596/include/sta_info.h:95:17: note: 'lock' declared here
   95 |         _lock   lock;
      |                 ^~~~
````

````
  CC [M]  rtl8812au-ct-2021-11-07-39df5596/os_dep/linux/ioctl_cfg80211.o
rtl8812au-ct-2021-11-07-39df5596/os_dep/linux/ioctl_cfg80211.c: In function 'cfg80211_rtw_scan':
rtl8812au-ct-2021-11-07-39df5596/os_dep/linux/ioctl_cfg80211.c:2176:32: warning: the comparison will always evaluate as 'true' for the address of 'ssid' will never be NULL [-Waddress]
 2176 |                 if(ssids->ssid != NULL
      |                                ^~
In file included from rtl8812au-ct-2021-11-07-39df5596/include/osdep_service_linux.h:88,
                 from rtl8812au-ct-2021-11-07-39df5596/include/osdep_service.h:41,
                 from rtl8812au-ct-2021-11-07-39df5596/include/drv_types.h:32,
                 from rtl8812au-ct-2021-11-07-39df5596/os_dep/linux/ioctl_cfg80211.c:22:
/home/hauke/openwrt/openwrt/staging_dir/target-mips_24kc_musl/usr/include/mac80211/net/cfg80211.h:2364:12: note: 'ssid' declared here
 2364 |         u8 ssid[IEEE80211_MAX_SSID_LEN];
      |            ^~~~
````

````
  CC [M]  rtl8812au-ct-2021-11-07-39df5596/hal/OUTSRC/phydm_debug.o
rtl8812au-ct-2021-11-07-39df5596/hal/OUTSRC/phydm_debug.c: In function 'phydm_cmd_parser':
rtl8812au-ct-2021-11-07-39df5596/hal/OUTSRC/phydm_debug.c:873:28: warning: the comparison will always evaluate as 'true' for the pointer operand in 'input + ((sizetype)i + 1) * 16' must not be NULL [-Waddress]
  873 |                         if(input[i+1]) {
      |                            ^~~~~
rtl8812au-ct-2021-11-07-39df5596/hal/OUTSRC/phydm_debug.c:894:28: warning: the comparison will always evaluate as 'true' for the pointer operand in 'input + ((sizetype)i + 1) * 16' must not be NULL [-Waddress]
  894 |                         if(input[i+1]) {
      |                            ^~~~~
````

This one was only seen on the rockchip/armv8 target:
````
  CC [M]  rtl8812au-ct-2021-11-07-39df5596/core/rtw_br_ext.o
In function '__nat25_add_pppoe_tag',
    inlined from 'nat25_db_handle' at rtl8812au-ct-2021-11-07-39df5596/core/rtw_br_ext.c:909:10:
rtl8812au-ct-2021-11-07-39df5596/core/rtw_br_ext.c:118:9: error: 'memcpy' reading between 2052 and 9220 bytes from a region of size 40 [-Werror=stringop-overread]
  118 |         memcpy((unsigned char *)ph->tag, tag, data_len);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rtl8812au-ct-2021-11-07-39df5596/core/rtw_br_ext.c: In function 'nat25_db_handle':
rtl8812au-ct-2021-11-07-39df5596/core/rtw_br_ext.c:878:63: note: source object 'tag_buf' of size 40
  878 |                                                 unsigned char tag_buf[40];
      |                                                               ^~~~~~~
````

Most of them are looking like real errors to me, but some fixes need a
deeper understanding of the driver and probably bigger changes to the driver.

Ignore these error messages for now. It would be nice if someone would
fix them.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-09 00:23:22 +01:00
Hauke Mehrtens
dc12c76dc5 uqmi: Ignore wrong maybe-uninitialized and dangling-pointer error
GCC 12.2.0 shows this false positive error message:
````
uqmi-2022-05-04-56cb2d40/dev.c: In function 'qmi_request_wait':
uqmi-2022-05-04-56cb2d40/dev.c:217:23: error: storing the address of local variable 'complete' in '*req.complete' [-Werror=dangling-pointer=]
  217 |         req->complete = &complete;
      |         ~~~~~~~~~~~~~~^~~~~~~~~~~
uqmi-2022-05-04-56cb2d40/dev.c:208:14: note: 'complete' declared here
  208 |         bool complete = false;
      |              ^~~~~~~~
uqmi-2022-05-04-56cb2d40/dev.c:208:14: note: 'req' declared here
cc1: all warnings being treated as errors
````

and this one:
````
In file included from uqmi-2022-05-04-56cb2d40/commands.c:28:
In function 'blobmsg_close_table',
    inlined from 'cmd_nas_get_cell_location_info_cb' at /home/haukeuqmi-2022-05-04-56cb2d40/commands-nas.c:897:4:
/usr/include/libubox/blobmsg.h:256:9: error: 'c' may be used uninitialized [-Werror=maybe-uninitialized]
  256 |         blob_nest_end(buf, cookie);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from uqmi-2022-05-04-56cb2d40/commands.c:169:
uqmi-2022-05-04-56cb2d40/commands-nas.c: In function 'cmd_nas_get_cell_location_info_cb':
uqmi-2022-05-04-56cb2d40/commands-nas.c:713:15: note: 'c' was declared here
  713 |         void *c, *t, *cell, *freq;
      |               ^
cc1: all warnings being treated as errors
````

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-09 00:10:52 +01:00
Hauke Mehrtens
2748c45d46 elfutils: Ignore wrong use-after-free error
GCC 12.2.0 shows this false positive error message:
````
In function 'bigger_buffer',
    inlined from '__libdw_gunzip' at gzip.c:374:12:
gzip.c:96:9: error: pointer may be used after 'realloc' [-Werror=use-after-free]
   96 |     b = realloc (state->buffer, more -= 1024);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gzip.c:94:13: note: call to 'realloc' here
   94 |   char *b = realloc (state->buffer, more);
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
````

GCC bug report: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104069

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-09 00:10:52 +01:00
Hannu Nyman
98b09ba250 busybox: update to 1.36.0
Update busybox to version 1.36.0

* refresh patches (remove the backported upstream fix)
* refresh config

Config refresh:

Refresh commands, run after busybox is first built once:

cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.36.0
cd ..
./convert_defaults.pl ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.36.0/.config > Config-defaults.in

Manual edits needed after config refresh:

* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6

* Config-defaults.in: OpenWrt config TARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)

* Config-defaults.in: OpenWrt logic applied to
  BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)

* Config-defaults.in: correct the default ports that get reset
  BUSYBOX_DEFAULT_FEATURE_HTTPD_PORT_DEFAULT    80
  BUSYBOX_DEFAULT_FEATURE_TELNETD_PORT_DEFAULT  23

* config/editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)

* config/shell/Config.in: change at "Options common to all shells" the conditional symbol
  SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
  (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
  Apparently our script does not see the hidden option while
  prepending config options with "BUSYBOX_CONFIG_" which leads to a
  missed dependency when the options are later evaluated.)

* Edit a few Config.in files by adding quotes to sourced items in
  config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2023-01-07 17:22:54 +01:00
Linhui Liu
9ee12db67c util-linux: update to 2.38.1
Release Notes:
    https://cdn.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38.1-ReleaseNotes

Remove upstreamed:
- 010-meson-typo.patch
- 020-meson-fix-compilation-without-systemd.patch
- 110-meson-fix-when-HAVE_CLOCK_GETTIME-is-set.patch

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
2023-01-07 17:18:41 +01:00
Shiji Yang
9a07895729 mt76: add stand-alone MT7622 firmware package
Add a separate firmware package to avoid installing the MT7615 firmware
on all MT7622 target devices by default. Now we only add MT7615 firmware
packages for devices that use MT7615E. This commit also removes the
explicit dependency on kmod-mt7615e to refine the package dependency.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2023-01-07 17:11:00 +01:00
Shiji Yang
fc9dd3f083 mt76: add stand-alone MT7915 firmware package
The mt7915e driver supports MT7915, MT7916 and MT7986 chips. And Only
MT7915 series chips need the MT7915 firmware. To save storage, extract
them from the common code package and create a new package to provide
the firmware.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2023-01-07 17:11:00 +01:00
Shiji Yang
3410f010a2 mt76: remove unnecessary dependency from mt7915e
The kmod-mt7615-common package does not contain any code that
related to mt7915e Wi-Fi6 driver, so remove it.

Tested on ramips/mt7621: SIM SIMAX1800T

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2023-01-07 17:11:00 +01:00
David Bauer
f97ce066a8 zyxel-bootconfig: clean up script
Drop unused variable and fix identation.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-01-07 01:32:58 +01:00
Nick Hainke
5809fb4546 tcpdump: update to 4.99.2
Update to latest version. For release information look into CHANGES
file [0].

Automatically refreshed:
- 001-remove_pcap_debug.patch

Manually refreshed:
- 100-tcpdump_mini.patch

old ipkg sizes:
316554 bin/packages/mips_24kc/base/tcpdump_4.99.1-1_mips_24kc.ipk
141457 bin/packages/mips_24kc/base/tcpdump-mini_4.99.1-1_mips_24kc.ipk

new ipkg sizes:
318089 bin/packages/mips_24kc/base/tcpdump_4.99.2-1_mips_24kc.ipk
141941 bin/packages/mips_24kc/base/tcpdump-mini_4.99.2-1_mips_24kc.ipk

[0] - https://github.com/the-tcpdump-group/tcpdump/blob/master/CHANGES

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-06 16:22:28 +01:00
Nick Hainke
acbae4f234 libpcap: update to 1.20.2
A huge rewrite in libpcap was introduced by dc14a7babca1 ("rpcap: have
the server tell the client its byte order.") [0]. The patch
"201-space_optimization.patch" does not apply at all anymore. So remove
it.

Refresh:
- 100-no-openssl.patch
- 102-skip-manpages.patch

Update the "300-Add-support-for-B.A.T.M.A.N.-Advanced.patch" with latest
PR [1].

old ipkg size:
90964 bin/packages/mips_24kc/base/libpcap1_1.10.1-5_mips_24kc.ipk

new ipkg size:
93340 bin/packages/mips_24kc/base/libpcap1_1.10.2-1_mips_24kc.ipk

[0] - dc14a7babc
[1] - https://github.com/the-tcpdump-group/libpcap/pull/980

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-06 16:20:06 +01:00
Nick Hainke
b331ffe807 nftables: update to 1.0.6
Remove upstreamed patches:
- 0001-fix-nft.patch

Upstream switched to "tar.xz" archives.

old ipkg size:
273678 bin/packages/mips_24kc/base/nftables-json_1.0.5-2_mips_24kc.ipk

new ipkg size:
271624 bin/packages/mips_24kc/base/nftables-json_1.0.6-1_mips_24kc.ipk

Release Information:
https://netfilter.org/projects/nftables/files/changes-nftables-1.0.6.txt

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-06 16:14:45 +01:00
Michael Pratt
1e3a8f454e base-files: rework mtd_get_mac_text()
It's necessary to be able to specify the length
for MAC addresses that are stored in flash, for example,
in a case where it is stored without any delimiter.

Let both offset and length have default values.

Add a sanity check related to partition size.

Also, clean up syntax and unnecessary lines.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-01-06 15:34:07 +01:00
Linhui Liu
87b9825521 ncurses: update to 6.4
Update to the latest released version.

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
2023-01-05 00:11:53 +01:00
Nikolay Martynov
665c2154ef ramips: add basic support for tp-link er605-v2
This is a MT7621-based device with 128MB NAND flash, 256MB RAM, and a USB port.
The board has headers to attach console. In order for them to work two solder
bridges near those pads need to be made.

The defice has the following partition table:

```
0x000000000000-0x000000080000 : "u-boot"
0x000000080000-0x000000100000 : "u-boot-env"
0x000000100000-0x000000140000 : "factory"
0x000000140000-0x000007e00000 : "firmware"
0x000007e00000-0x000008000000 : "panic-ops"
```

`firmware` partition contains UBI volumes. Unfortunately I accidentally wiped
partition and I no longer have access to it.

`firmware` partition contains 'secondary' U-Boot which is run by 'first' u-boot.
It also contains various configuration partitions that include device info and
MAC address. There also seems to be 'primary' and 'backup' set of 'main' volumes.

U-boot has `mtkupgrade` command that just overrides data on firmware partitions.
Firmware file provided by TP-Link cannot be used with that command.

U-boot also has 'recovery' http server. Unfortunately I was not able to make it
work with manufacturer's firmware.

Manufacturer's firmware essentially contains multiple UBI volumes along with
'partition table'. Unfortunately I no longer can properly run manufacturer's
firmware so I cannot at the moment try to a support for building 'factory' images.

This patch adds support for initramfs image as well as sysupgrade image.

This seems to be pretty standard MT7621 board otherwise.

Things that work:
* network
* leds
* usb
* factory MAC detection

Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
2023-01-04 23:19:19 +01:00
Felix Fietkau
4455ed65c6 bridger: update to the latest version
def7755c459d add missing copyright headers
f68307fd96d7 add hairpin mode support
9ee8f433ba4e nl: do not pass NDA_VLAN with vid=0
978c1f9eed07 add support for the bridge port isolated flag

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-01-03 13:28:47 +01:00
Hauke Mehrtens
ee47a28cec treewide: Trigger reinstall of all wolfssl dependencies
The ABI of the wolfssl library changed a bit between version 5.5.3 and
5.5.4. This release update will trigger a rebuild of all packages which
are using wolfssl to make sure they are adapted to the new ABI.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-01 21:06:54 +01:00
Nick Hainke
04634b2d82 wolfssl: update to 5.5.4-stable
Remove upstreamed:
- 001-Fix-enable-devcrypto-build-error.patch

Refresh patch:
- 100-disable-hardening-check.patch

Release notes:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.4-stable

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-01 21:05:31 +01:00
Hauke Mehrtens
55d176fd0b tfa-layerscape: Use trusted-firmware-a.mk
This converts the trusted firmware arm build Makefile to make use of
the common trusted-firmware-a.mk file. This also fixes the build with
binutils 2.39.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-31 20:02:09 +01:00
Hauke Mehrtens
c5bb7a99a6 arm-trusted-firmware-mvebu: Use host flags for cryptest compilation
Without these changes it used the system LDFLAGS for the compilation of
the cryptopp library. This does not always work when we add
"-no-warn-rwx-segments" which is done to support binutils 2.39 inside of
OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-31 19:55:42 +01:00
Hauke Mehrtens
dd9d1a8ccb arm-trusted-firmware-sunxi: Use common trusted-firmware-a.mk
Make use of the definitions from trusted-firmware-a.mk to build the
Trusted firmware arm. This fixes the build with binutils 2.39.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-31 19:03:00 +01:00
Tony Ambardar
9cbc825b30 base-files: stage2: add 'tail' to sysupgrade environment
This is used to access footer data in firmare files, and is simpler and
less error-prone than using 'dd' with calculated offsets.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2022-12-31 05:02:38 -08:00
Tony Ambardar
2a9f3b7717 ipq40xx: fix up Linksys WHW01 board name, device definition
Update the board name defined in DTS to match online documentation and the
name encoded into factory firmware. This helps supports flashing firmware
factory images using 'sysupgrade'.

Original WHW01 device definition assumes the rootfs IMAGE_SIZE is 33 MB
instead of the correct 74 MB, and defines factory images which include
extra adjustments/padding that do not match OEM factory images and may
cause problems flashing. Update image size and build recipe to fix these.

Suggested-by: Wyatt Martin <wawowl@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2022-12-31 05:02:38 -08:00
Hauke Mehrtens
af3c9b74e1 mbedtls: update to version 2.28.2
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.

Fixes the following CVEs:
* CVE-2022-46393: Fix potential heap buffer overread and overwrite in
DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

* CVE-2022-46392: An adversary with access to precise enough information
about memory accesses (typically, an untrusted operating system
attacking a secure enclave) could recover an RSA private key after
observing the victim performing a single private-key operation if the
window size used for the exponentiation was 3 or smaller.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-31 03:19:58 +01:00
Felix Fietkau
12fdb4c9f4 mac80211: fix receiving multicast packets on multiple sta interfaces
Also fix MLO sta sdata link initialization

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-30 21:20:04 +01:00
Felix Fietkau
2e61469a6c netifd: update to the latest version
2cffe0c44e62 treewide: correctly apply IFNAMSIZ limit
96bcbb2e4eb6 wireless: allow set_retry ubus notify command to trigger a wdev restart
a2e8cd75dbf6 wireless: add support for disabling multicast-to-unicast per virtual interface
e9f44189ade7 system: move netdev types to system-linux.c where they are used
a3fab0119ef1 utils: include utils.h last
7ce73fc16765 vlandev: propagate topology changes
81c1fbcba2f2 device: fix vlan device issues with disappearing lower devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-30 16:42:57 +01:00
Chuanhong Guo
d29dbf052a
mediatek: drop redmi-ax6000 variant with modified env
This variant uses xiaomi factory u-boot and modified u-boot-env &
bootcmd.
By modifying uboot-env, the xiaomi firmware recovery provided in
the vendor u-boot doesn't work anymore. It's possible to put
u-boot into a state where it refuese to take any serial input.
If the u-boot is in this state, users can't restore their
firmware without taking the flash off the board.
We now have a -stock variant where the vendor u-boot is used in
a way that xiaomi firmware recovery still works, and a -ubootmod
variant where we get rid of all xiaomi components, have more
usable space and no uart console lock. These two should cover all
use cases and we don't need this variant anymore.
Drop this redmi-ax6000 variant. Existing users of this variant
should perform a u-boot mod or restore to the -stock layout.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2022-12-30 16:11:59 +08:00
Hauke Mehrtens
f12bad6c19 tree-wide: Do not use package librt and libpthread
The libraries libpthread, libdl, libutil, libanl have been integrated
into the libc library in version 2.34. it is not needed to explicitly
link them any more.

Most of the functions have been moved from the librt.so into libc.so
some time ago already.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-29 18:50:24 +01:00
Robert Marko
9d8eff6799
linux-firmware: disable stripping
It has been brought to my attention that recently added WCN6855 firmware
is broken as it is getting stripped during building due to being 2 ELF
binaries.
I am sure WCN6750 and any other ELF binaries are having the same issue,
so since stripping firmware binaries is clearly unwanted disable it.

Fixes: b4d3694f81 ("linux-firmware: package ath11k consumer cards firmware")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2022-12-29 14:15:55 +01:00
Furong Xu
1613e3340b uboot-mediatek: add support for Xiaomi Redmi Router AX6000
U-Boot flash instructions:

0. OpenWrt U-Boot does not support stock layout, it comes with recovery
boot support, automatic tftp recovery and never blocks UART.

A new flash layout is introduced, we call it OpenWrt U-Boot layout,
stock flash layout and the old OpenWrt layout are not supported.

During the whole flash procedure, please do not reboot or power off
unless requested explicitly, or you will break your device.

1. Your device should already running OpenWrt.
If not, follow the instructions to flash OpenWrt:
https://github.com/openwrt/openwrt/pull/11115

2. Backup BL2 Nvram Bdata Factory and FIP in case you break something or
in case you want to go back to stock firmware one day.

cat /dev/mtdblock0 > /tmp/BL2.bin
cat /dev/mtdblock1 > /tmp/Nvram.bin
cat /dev/mtdblock2 > /tmp/Bdata.bin
cat /dev/mtdblock3 > /tmp/Factory.bin
cat /dev/mtdblock4 > /tmp/FIP.bin

And save all whose bin files to somewhere safe.

Then backup your configurations, since ubiformat for entire mtd device is
required to create new ubootenv volume for OpenWrt U-Boot.

3. Run the following cmd to boot into an initramfs with the new OpenWrt
U-Boot layout that expand ubi partion to the end of flash:

ubiformat /dev/mtd7 -y -f /tmp/ax6000-ubootmod-initramfs-factory.ubi

4. After boot into initramfs, check mtd partion info.
The ubi partion should be mtd5

root@OpenWrt:~# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00100000 00020000 BL2
mtd1: 00040000 00020000 Nvram
mtd2: 00040000 00020000 Bdata
mtd3: 00200000 00020000 Factory
mtd4: 00200000 00020000 FIP
mtd5: 07a80000 00020000 ubi

5. Load kmod-mtd-rw to temporarily make the bootloader partions writable.
The kmod-mtd-rw is from the feeds, it is not packed in initramfs-factory
by default.

To install kmod-mtd-rw via opkg:

opkg update && opkg install kmod-mtd-rw

Or, download kmod-mtd-rw.ipk from OpenWrt server and install it manually
e.g:
https://downloads.openwrt.org/snapshots/targets/mediatek/filogic/kmods/
Select your OpenWrt release version and kernel version accordingly.

Load kmod-mtd-rw:
insmod /lib/modules/$(uname -r)/mtd-rw.ko i_want_a_brick=1

6. Run the following cmd to clean all pending crash dumps in pstore,
or OpenWrt U-Boot may boot into NAND recovery or tftp recovery.

rm -f /sys/fs/pstore/*

7. Format ubi and create new ubootenv volume:

ubidetach -p /dev/mtd5; ubiformat /dev/mtd5 -y; ubiattach -p /dev/mtd5
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB

8. This is optional. Skip this if you do not want to have NAND recovery
boot feature offered by OpenWrt U-Boot. Don't worry, you always have
automatic tftp recovery feature enabled.

ubimkvol /dev/ubi0 -n 2 -N recovery -s 10MiB
ubiupdatevol /dev/ubi0_2 /tmp/ax6000-ubootmod-initramfs-recovery.itb

9. Now, flash new U-Boot. Bye-bye ugly stock U-Boot.

mtd write /tmp/ax6000-ubootmod-preloader.bin BL2
mtd write /tmp/ax6000-ubootmod-bl31-uboot.fip FIP

10. Flash the squashfs-sysupgrade.bin as usual:

sysupgrade -n /tmp/ax6000-ubootmod-squashfs-sysupgrade.itb

Enjoy!

Signed-off-by: Furong Xu <xfr@outlook.com>
2022-12-29 03:04:42 +00:00
Robert Marko
214c230a79 linux-firmware: ath11k: add symlink for WCN6855 hw2.1
WCN6855 exists in 2 HW revisions, but both use the same FW so upstream
just has a symlink for hw2.1 to hw2.0 that I forgot to make.

Fixes: b4d3694f81 ("linux-firmware: package ath11k consumer cards firmware")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2022-12-28 21:57:05 +01:00
Nick Hainke
4f44b4e506 linux-firmware: update to 20221214
Changes:
f3c283e amdgpu: updated navi10 firmware for amd-5.4
ba115d4 amdgpu: updated yellow carp firmware for amd-5.4
b8aba70 amdgpu: updated raven2 firmware for amd-5.4
2b21c5e amdgpu: updated raven firmware for amd-5.4
fc9a1c9 amdgpu: updated PSP 13.0.8 firmware for amd-5.4
7d43336 amdgpu: updated GC 10.3.7 RLC firmware for amd-5.4
c089dab amdgpu: updated vega20 firmware for amd-5.4
75e3494 amdgpu: updated PSP 13.0.5 firmware for amd-5.4
31c5734 amdgpu: add VCN 4.0.0 firmware for amd-5.4
a735158 amdgpu: add SMU 13.0.0 firmware for amd-5.4
0bef6bb amdgpu: Add SDMA 6.0.0 firmware for amd-5.4
bb56d1a amdgpu: add PSP 13.0.0 firmware for amd-5.4
e32209f amdgpu: add GC 11.0.0 firmware for amd-5.4
613db81 amdgpu: add DCN 3.2.0 firmware for amd-5.4
1fc8f6c amdgpu: updated vega10 firmware for amd-5.4
2257447 amdgpu: updated beige goby firmware for amd-5.4
6aa0023 amdgpu: updated dimgrey cavefish firmware for amd-5.4
dd1225a amdgpu: updated vangogh firmware for amd-5.4
5cb010e amdgpu: updated picasso firmware for amd-5.4
edf9699 amdgpu: updated navy flounder firmware for amd-5.4
b7e83d9 amdgpu: updated green sardine firmware for amd-5.4
f820cc3 amdgpu: updated sienna cichlid firmware for amd-5.4
b77f539 amdgpu: updated arcture firmware for amd-5.4
dccfdf1 amdgpu: updated navi14 firmware for amd-5.4
5d1af6d amdgpu: updated renoir firmware for amd-5.4
13b9c94 amdgpu: updated navi12 firmware for amd-5.4
e9b8357 amdgpu: updated aldebaran firmware for amd-5.4
b4af754 sr150 : Add NXP SR150 UWB firmware
0707b2f brcm: add/update firmware files for brcmfmac driver
16c9630 rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x75b8_f098
80ed874 amdgpu: update sdma_5.2.7 firmware
32d8681 QCA: Add Bluetooth firmware for WCN785x This commit will add required Bluetooth firmware files for QCA WCN785x. The image version is 2.0.0-00515.
cdf9499 linux-firmware: update firmware for MT7916
685ea4d linux-firmware: update firmware for MT7915
7f6279b i915: Add DMC v2.08 for DG2
391fb47 amdgpu: update green sardine DMCUB firmware
de854c9 i915: Add DMC v2.10 for MTL
daff404 linux-firmware: update firmware for MT7986
70494e3 linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
750c0dc linux-firmware: update firmware for MT7921 WiFi device

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-12-28 20:20:01 +01:00
Felix Baumann
75451681d0
uboot-envtools: add support for ramips Asus RX-AX53U
Adds uboot-envtools support for ramips Asus RX-AX53U now that partition
can be correctly read.

Signed-off-by: Felix Baumann <felix.bau@gmx.de>
[ improve commit title and description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-12-28 14:04:58 +01:00
Felix Fietkau
090ad03343 hostapd: allow sharing the incoming DAS port across multiple interfaces
Use the NAS identifier to find the right receiver context on incoming messages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-27 19:10:04 +01:00
Hauke Mehrtens
fb15cb4ce9 iproute2: Fix build with GCC 12 and glibc 2.36
This fixes the detection of name_to_handle_at() when GCC 12 and glibc
2.36 are used.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-26 15:18:08 +01:00
Hauke Mehrtens
73dca49f35 uhttpd: update to latest Git HEAD
2397755 client: fix incorrectly emitting HTTP 413 for certain content lengths

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-26 15:18:08 +01:00
Xuefer H
ab31547df0 libbsd: fix libpath to not use host path
libpath.so uses host path in ld script causing other packages fail to
cross compile, e.g. perl:
"ld: cannot find /usr/lib/libbsd.so.0.11.6: No such file or directory"

Fixes: openwrt/packages#19390

Signed-off-by: Xuefer H <xuefer@gmail.com>
2022-12-26 13:36:41 +01:00
Kevin Darbyshire-Bryant
5c7e4a9d2e dnsmasq: bump to v2.88
Most relevant feature for openwrt in this release, supports dynamically
removing hosts from 'hostsdir' supplied host files.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-12-25 15:07:36 +00:00
Kuan-Yi Li
a5f16b4f4f
uboot-omap: build with omap generic subtarget
Fix image build fail by using the generic subtarget.

Fixes: b2bfea48 ("omap: add generic subtarget")
Ref: 40e3f660 ("uboot-fritz4040: build with ipq40xx generic subtarget")
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
[ add commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-12-25 11:55:54 +01:00
Kuan-Yi Li
808046b2ee
uboot-tegra: build with tegra generic subtarget
Fix image build fail by using the generic subtarget.

Fixes: c028e1b1 ("tegra: add generic subtarget")
Ref: 40e3f660 ("uboot-fritz4040: build with ipq40xx generic subtarget")
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
[ add commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-12-25 11:55:53 +01:00
Kuan-Yi Li
64bfb8b7d6
uboot-zynq: build with zynq generic subtarget
Fix image build fail by using the generic subtarget.

Fixes: 6d7129ef ("zynq: add generic subtarget")
Ref: 40e3f660 ("uboot-fritz4040: build with ipq40xx generic subtarget")
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
[ add commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-12-25 11:55:53 +01:00
Kuan-Yi Li
1c35dc26f1
uboot-mxs: build with mxs generic subtarget
Fix image build fail by using the generic subtarget.

Fixes: 64ef920b ("mxs: add generic subtarget")
Ref: 40e3f660 ("uboot-fritz4040: build with ipq40xx generic subtarget")
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
[ add commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-12-25 11:55:52 +01:00
Kuan-Yi Li
5c85c1f344
uboot-kirkwood: build with kirkwood generic subtarget
Fix image build fail by using the generic subtarget.

Fixes: cada395a ("kirkwood: add generic subtarget")
Ref: 40e3f660 ("uboot-fritz4040: build with ipq40xx generic subtarget")
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
[ add commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-12-25 11:55:52 +01:00
Jan-Niklas Burfeind
c7d3bbb909 sunxi: ensure NanoPi R1 has unique MAC address
Ensure the MAC address for all NanoPi R1 boards is assigned uniquely for
each board.

The vendor ships the device in two variants; one with and one without
eMMC; but both without static mac-addresses.
In order to assign both board types unique MAC addresses, fall back on
the same method used for the NanoPi R2S and R4S in case the EEPROM
chip is not present by generating the board MAC from the SD card CID.

[0] https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R1#Hardware_Spec

Similar too and based on:

commit b5675f500d ("rockchip: ensure NanoPi R4S has unique MAC address")

Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
2022-12-25 02:27:55 +01:00
Hauke Mehrtens
cb7d662dac mac80211: Do not build brcmsmac on bcm47xx_legacy
brcmsmac needs bcma. bcma is build into the kernel for the other bcm47xx
subtargets, but not for the legacy target because it only uses ssb. We
could build bcma as a module for bcm47xx_legacy, but none of these old
devices uses a wifi card supported by brcsmac.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-24 15:14:58 +01:00
Felix Fietkau
274dfcb19e mt76: update to the latest version
a03ef0aab93e wifi: mt76: mt7921: fix deadlock in mt7921_abort_roc
5b509e80384a wifi: mt76: dma: fix a regression in adding rx buffers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-22 16:19:55 +01:00
Jan-Niklas Burfeind
bf06a7c865 uboot-sunxi: use UUID of bootdev and bootpart
Several sunxi devices come with multiple mmc devices. On such devices,
the mmc device order is unpredictable, so using /dev/mmcblk0p2 as root
device doesn't always work, which results in unbootable devices.

For the Banana Pi BPI-R3 in the mediatek target, this has been solved by
defining aliases for the mmc devices in the DTS. Ideally we would do the
same here, but for sunxi-a64 we already use UUID probing, so let's start
with that (5f2ff607e2 ("uboot-sunxi: a64: allow booting directly from
eMMC")).

Since we're building and including u-boot in each supported device
image, and this method has been proven to work fine for a64, let's just
change the default u-boot env file to do the same.

Fixes: #10080
Fixes: e6d9f6fdff ("sunxi: add support for FriendlyARM NanoPi R1")
Co-authored-by: Karl Palsson <karlp@etactica.com>
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
[use UUID in default u-boot env, rewrite commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-12-22 13:33:47 +02:00
Jan-Niklas Burfeind
5b82eeb320 sunxi: remove frequency for NanoPi R1
The frequency appears as unlisted initial frequency.
Removed it as Hauke suggested.

Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
2022-12-22 00:05:29 +01:00
Stijn Tintel
9ed1830bdc arm-trusted-firmware-sunxi: drop CPE ID
The CPE ID is already set in trusted-firmware-a.mk.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-12-20 18:36:26 +00:00
Daniel Golle
6675a9aaf4 xdp-tools: update to version 1.2.9
Changes since v1.2.8:
 32aaf32 libxdp: Fix incorrect rx_ring_setup_done
 6049671 headers: add bpf_endian.h for parsing_helpers.h
 2682c1c export-man: Ignore errors when executing git shell command
 8afda7a xdp-loader/README: Mention lack of support for HW mode in most cards
 dc69919 libxdp: fix prog_fd checks for fd >= 0
 3d7c22a libxdp: Allow falling back to single-program attachment for loaded programs
 af00429 libxdp: Fix check in xdp_program__attach_single()
 41703d2 libxdp: Make sure to set the the program autoload when loading a program
 b1fd2e5 test-xdpdump: Only run tshark attribute test on newer versions of tshark
 5dfe342 libxdp: Convert xdp-dispatcher to use strict section names
 929a22e configure: Try to auto-detect versioned clang binaries
 074fcfb libxdp: Check program name when determining if a program is a dispatcher
 e13a191 Bump TOOLS_VERSION to 1.2.9

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-12-20 13:57:34 +00:00
Rosen Penev
6d1df35747 hostapd: add mbedtls variant
This adds the current WIP mbedtls patches for hostapd. The motivation
here is to reduce size.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-12-19 12:27:35 +00:00
Robert Marko
93ae4353cd
mac80211: add ath11k PCI support
ath11k is the upstream driver for Qualcomm 802.11ax radios, both for the
internal AHB and PCI based cards.
This commit does however only provide PCI support while AHB will follow
but its SoC specific so it will require an OpenWrt target first.

It differs a bit from ath10k as it requires stuff like QRTR, MHI and QMI
helpers.

PCI variant requires qrtr-mhi and mhi-bus which backports do provide,
however we are dropping those in a patch as they will conflict with
support for the AHB variant as that one requires qrtr-smd which in turn
requires RPMSG and GLINK and its not feasable to provide those in
backports as they are really SoC specific.

QRTR and MHI in kernel 5.10 are not usable and backporting the changes
is not easy as they have changed drastically from 5.10 to 5.15 ath11k will
only be available on targets that use kernel 5.15.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2022-12-19 01:01:57 +01:00
Robert Marko
b4d3694f81
linux-firmware: package ath11k consumer cards firmware
Package firmware for ath11k supported QCA consumer cards from linux-firmware.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2022-12-19 01:01:57 +01:00
Robert Marko
5968290a21
kernel: package QRTR support
QRTR is Qualcomm IPC router protocol and ath11k requires it for both
AHB and PCI support, so package it as a kernel module so it can be
added as a dependency to the ath11k module.

Only kernel 5.15 is currently supported due to various things missing in
5.10 whose backporting is out of scope for this patch.

SMD, TUN and MHI variants are packaged.

SMD variant depends on the ipq807x
target as it has dependency on the RPMSG drivers which are Qualcomm
and SoC specific anyway.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2022-12-19 01:01:52 +01:00
Nick Hainke
8ed53e0928 iproute2: update to 6.1.0
Announcement:
https://lore.kernel.org/netdev/20221214094130.7b11ec2e@hermes.local/T/#t

Refresh patch:
- 170-ip_tiny.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-12-18 16:33:16 +01:00
Alexey Bartenev
3f201d1f8e ramips: add support for SNR-CPE-W4N-MT router
General specification:
- SoC Type: MediaTek MT7620N (580MHz)
- ROM: 8 MB SPI-NOR (W25Q64FV)
- RAM: 64 MB DDR (M13S5121632A)
- Switch: MediaTek MT7530
- Ethernet: 5 ports - 5×100MbE (WAN, LAN1-4)
- Wireless 2.4 GHz: b/g/n
- Buttons: 1 button (RESET)
- Bootloader: U-Boot 1.1.3, MediaTek U-Boot: 5.0.0.5
- Power: 12 VDC, 1.0 A

Flash by the native uploader in 2 stages:
1. Use the native uploader to flash an initramfs image. Choose
 openwrt-ramips-mt7620-snr_cpe-w4n-mt-initramfs-kernel.bin file by
 "Administration/Management/Firmware update/Choose File" in vendor's
 web interface (ip: 192.168.1.10, login: Admin, password: Admin).
 Wait ~160 seconds.
2. Flash a sysupgrade image via the initramfs image. Choose
 openwrt-ramips-mt7620-snr_cpe-w4n-mt-squashfs-sysupgrade.bin
 file by "System/Backup/Flash Firmware/Flash image..." in
 LuCI web interface (ip: 192.168.1.1, login: root, no password).
 Wait ~240 seconds.

Flash by U-Boot TFTP method:
1. Configure your PC with IP 192.168.1.131
2. Set up TFTP server and put the
 openwrt-ramips-mt7620-snr_cpe-w4n-mt-squashfs-sysupgrade.bin
 image on your PC
3. Connect serial port (57600 8N1) and turn on the router.
 Then interrupt "U-Boot Boot Menu" by hitting 2 key (select "2:
 Load system code then write to Flash via TFTP.").
Press Y key when show "Warning!! Erase Linux in Flash then burn
 new one. Are you sure? (Y/N)"
Input device IP (192.168.1.1) ==:192.168.1.1
Input server IP (192.168.1.131) ==:192.168.1.131
Input Linux Kernel filename () ==:
openwrt-ramips-mt7620-snr_cpe-w4n-mt-squashfs-sysupgrade.bin
3. Wait ~120 seconds to complete flashing

Signed-off-by: Alexey Bartenev <41exey@proton.me>
2022-12-17 22:34:44 +01:00
Hauke Mehrtens
a442974cfa gdb: Do not link against xxhash
libxxhash is now available in the OpenWrt package feed and gdb will link
against it if gdb finds this library. Explicitly deactivate the usage
of xxhash.

This should fix the build of gdb in build bots.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-17 22:34:44 +01:00
Chukun Pan
53123b93b0 sunxi: fix board_name for MarsBoard A10
The compatible in the device tree is "haoyu,a10-marsboard",
modify the board_name to keep it consistent.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2022-12-17 20:55:47 +01:00
Nick Hainke
74b7d69601 strace: update to 6.1
Release Notes:
https://github.com/strace/strace/releases/tag/v6.1

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-12-17 20:28:18 +01:00
Nick Hainke
95ed519b25 trace-cmd: update to v3.1.5
Update to latest release.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-12-17 20:24:46 +01:00
Nick Hainke
b5d317f47e libtracefs: update to 1.6.3
Update to latest release.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-12-17 20:24:46 +01:00
Nick Hainke
b01f2d9f38 libtraceevent: update to 1.7.0
Update to latest release.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-12-17 20:24:46 +01:00
Hauke Mehrtens
243a7256c1 kernel: Make use of KERNEL_MAKE
Make use of KERNEL_MAKE in kernel packages were easily possible.
This moves some more code to common places and reduces the number of
lines.

It is defined like this:
KERNEL_MAKE = $(MAKE) $(KERNEL_MAKEOPTS)
KERNEL_MAKEOPTS = -C $(LINUX_DIR) $(KERNEL_MAKE_FLAGS)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-17 20:12:31 +01:00
Chen Minqiang
18bea173a6 mediatek: add alternative stock layout for Xiaomi Redmi Router AX6000
In this implementation, the flash partition layout is adjusted to avoid
modifying the uboot environment of mtdparts. This ensures that the 30M
ubi_kernel partition remains aligned with the stock ubi partition, and
the kernel volume is placed in it. This allows the stock uboot to boot
from it without changing the mtdparts, which is useful for reverting back
to the stock firmware using Xiaomi Firmware Tools. In actual testing,
modifying mtdparts has been found to break Xiaomi Firmware Tools.

1. use ARTIFACTS to generate initramfs-factory.ubi for easy installation.
2. The NAND flash layout is changed to allow for reverting back to the
   stock firmware.
3. Before performing sysupgrade, do some cleanup in platform_pre_upgrade
   to ensure a clean installation of OpenWRT.
4. Setup the uboot env to ensure that the system always boot, which can
   be helpful for users who may forget to do this before sysupgrade in
   the initramfs.

New flash instructions:
1. Gain ssh access. Please refer to:
   https://openwrt.org/toh/xiaomi/redmi_ax6000#installation)

2. Check which system current u-boot is loading from:
   COMMAND: `cat /proc/cmdline`
   sample OUTPUT: `console=ttyS0,115200n1 loglevel=8 firmware=1 uart_en=1`
   if firmware=1, current system is ubi1
   if firmware=0, current system is ubi0

3. Setup nvram and write the firmware:
   If the current system is ubi1, please set it up so that the next time
   it will boot from ubi, and write the firmware to ubi:
```
nvram set boot_wait=on
nvram set uart_en=1
nvram set flag_boot_rootfs=0
nvram set flag_last_success=0
nvram set flag_boot_success=1
nvram set flag_try_sys1_failed=0
nvram set flag_try_sys2_failed=0
nvram commit
ubiformat /dev/mtd8 -y -f /tmp/initramfs-factory.ubi
```
   If the current system is ubi, please set it up so that the next time
   it will boot from ubi1, and write the firmware to ubi1:
```
nvram set boot_wait=on
nvram set uart_en=1
nvram set flag_boot_rootfs=1
nvram set flag_last_success=1
nvram set flag_boot_success=1
nvram set flag_try_sys1_failed=0
nvram set flag_try_sys2_failed=0
nvram commit
ubiformat /dev/mtd9 -y -f /tmp/initramfs-factory.ubi
```

4. After rebooting, the system should now boot into the openwrt initramfs.
   Flash the squashfs-sysupgrade.bin via using ssh or luci.
```
sysupgrade -n /tmp/squashfs-sysupgrade.bin
```
Done.

For existing users of the Redmi AX6000 running OpenWrt, here are the steps to
switch to this new layout:

1. Flash initramfs-factory.ubi
```
mtd -r -e ubi write /tmp/initramfs-factory.ubi ubi
```

2. After rebooting, the system will boot into the new openwrt-initramfs.
Log in and perform a sysupgrade to complete the process.
```
sysupgrade -n /tmp/squashfs-sysupgrade.bin
```

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2022-12-17 15:04:16 +08:00
Chuanhong Guo
189637c964 base-files: sysupgrade-tar: allow separated kernel/rootfs ubi
There are some devices putting kernel and rootfs on separated
ubi volumes. To make OpenWrt compatible with their bootloader,
we need to put kernel and rootfs into separated ubi volumes.
Add support for CI_KERN_UBIPART and CI_ROOT_UBIPART for this
situation.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2022-12-17 14:08:58 +08:00
Chuanhong Guo
c48e511fef base-files: split ubi attaching out of nand_upgrade_prepare_ubi
split ubi reformat/attach into nand_attach_ubi in preparation
for reusing this code in other functions.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2022-12-17 14:08:58 +08:00
Chuanhong Guo
9e2c01e4a6
kernel: add driver package for WS2812B LEDs
Two WS2812B (NeoPixel) clones are used in Xiaomi Redmi AX6000 as
indicator lights. Add a driver for controlling it using SPI MOSI.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2022-12-16 21:41:57 +08:00
Felix Fietkau
d07d47d0e3 mac80211: fix a regression in processing management frames for AP VLAN interfaces
Fixes re-assoc of WDS stations

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-16 14:32:47 +01:00
Felix Fietkau
581f2b15b2 hostapd: enable coredumps
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-16 14:32:47 +01:00
Felix Fietkau
c2fde432b3 hostapd: always set a default for the nas identifier
It is used for both 802.11r and WPA enterprise.
Setting it when not needed is harmless

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-16 14:32:47 +01:00
Felix Fietkau
133a1e2f37 mac80211: work around a race condition on detecting a phy while bringing it up
When reloading modules and running wifi, a phy can sometimes be renamed
while in the middle of a hotplug call that tries to detect new phys
This can lead to bogus wifi-device sections being created

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-16 14:32:47 +01:00
Felix Fietkau
92acd9f3e8 mac80211: fix uninitialized variable in rx->link/link_sta initialization fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-16 14:32:47 +01:00
Felix Fietkau
2fb38b77a2 hostapd: add support for automatically setting RADIUS own-ip dynamically
Some servers use the NAS-IP-Address attribute as a destination address

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-16 14:32:47 +01:00
Jo-Philipp Wich
d15b1fbed7 rpcd: update to latest Git HEAD
7de4820 iwinfo: add "hwmodes_text" to the info output
b3f530b iwinfo: clean up rpc_iwinfo_call_hw_ht_mode()
c46ad61 iwinfo: reuse infos provided by libiwinfo
6c5e900 iwinfo: constify string map arg for rpc_iwinfo_call_int()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-12-16 00:55:51 +01:00
Jo-Philipp Wich
4a4d0bf78d iwinfo: update to latest Git HEAD
8d15809 cli: print current HT mode
8f86dd6 cli: use IWINFO_HTMODE_COUNT
f36b72b cli: use IWINFO_KMGMT_NAMES
91be7e0 cli: use IWINFO_CIPHER_NAMES
49b6ec9 cli: fix printing the scan channel width
b1c8873 cli: fix marking the active channel
9e14e64 utils: add iwinfo_band2ghz() and iwinfo_ghz2band() helpers
e084781 utils: add helper functions to get names by values
d09a77a utils: add iwinfo_htmode_is_{ht|vht|he} helpers
8752977 utils: add and use iwinfo_format_hwmodes()
02f433e lib: add IWINFO_80211_COUNT and IWINFO_80211_NAMES
1d30df1 lib: add IWINFO_BAND_COUNT and IWINFO_BAND_NAMES
aefd0ef lib: use common IWINFO_CIPHER_NAMES strings
a5b30de lib: add IWINFO_OPMODE_COUNT and use it for IWINFO_OPMODE_NAMES
9f29e79 lib: constify and fixup the string array definitions
fddc015 nl80211: mark frequencies where HE operation in not allowed
6d50a7c nl80211: add support for HE htmodes
4ba5713 nl80211: properly get available bands for the hwmode
91b2ada nl80211: update the kernel header nl80211.h
3f619a5 nl80211: fix frequency/channel conversion for the 6G band
a77d915 nl80211: don't guess if a name is an ifname
c27ce71 devices: add usb device MediaTek MT7921AU
14f864e nl80211: add ability to describe USB devices
a5a75fd nl80211: remove ancient wpa_supplicant ctrl socket path
dd4e1ff nl80211: fix wpa supplicant ctrl socket permissions
d638163 fix -Wdangling-else warnings
4aa6c5a fix -Wreturn-type warning
3112726 fix -Wpointer-sign warning
ebd5f84 fix -Wmaybe-uninitialized warning
5469898 fix -Wunused-variable warnings
462b679 fix -Wduplicate-decl-specifier warnings
ccaabb4 fix -Wformat-truncation warnings
50380db enable useful compiler warnings via -Wall

Fixes: https://github.com/openwrt/openwrt/issues/10158
Fixes: https://github.com/openwrt/openwrt/issues/10687
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-12-16 00:55:51 +01:00
Felix Fietkau
b7a7a97037 mac80211: fix connecting multiple wds stations to an AP
A faulty check prevented the AP_VLAN interfaces from being brought up

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-14 13:54:02 +01:00
Linus Lüssing
26d10bad7c libpcap: add support for B.A.T.M.A.N. Advanced
This adds support for the layer 2 mesh routing protocol
B.A.T.M.A.N. Advanced. "batadv" can be used to filter on batman-adv
packets. It also allows later filters to look at frames inside the
tunnel when both "version" and "type" are specified.

Documentation for the batman-adv protocol can be found at the following
locations:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/batman-adv.rst
https://www.open-mesh.org/

--

This is a backport of the following upstream pull request:

https://github.com/the-tcpdump-group/libpcap/pull/980
-> "Add support for B.A.T.M.A.N. Advanced #980"

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2022-12-14 01:06:26 +01:00
Mikhail Zhilkin
0ec8d991c2 ramips: add support for Etisalat S3
Etisalat S3 is a wireless WiFi 5 router manufactured by Sercomm company.

Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB
Flash: 128 MiB
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7615E): a/n/ac, 4x4
Ethernet: 5x GbE (WAN, LAN1, LAN2, LAN3, LAN4)
USB ports: 1x USB3.0
Button: 2 buttons (Reset & WPS)
LEDs:
   - 1x Status (RGB)
   - 1x 2.4G (blue, hardware, mt76-phy0)
   - 1x 5G (blue, hardware, mt76-phy1)
Power: 12 VDC, 1.5 A
Connector type: barrel
Bootloader: U-Boot

Installation
-----------------
1.  Login to the router web interface under admin account
2.  Navigate to Settings -> Configuration -> Save to Computer
3.  Decode the configuration. For example, using cfgtool.py tool (see
    related section):
       cfgtool.py -u configurationBackup.cfg
4.  Open configurationBackup.xml and find the following line:
    <PARAMETER name="Password" type="string" value="<your router serial \
       is here>" writable="1" encryption="1" password="1"/>
5.  Insert the following line after and save:
<PARAMETER name="Enable" type="boolean" value="1" writable="1" encryption="0"/>
6.  Encode the configuration. For example, using cfgtool.py tool:
       cfgtool.py -p configurationBackup.xml
7.  Upload the changed configuration (configurationBackup_changed.cfg) to
    the router
8.  Login to the router web interface (SuperUser:ETxxxxxxxxxx, where
    ETxxxxxxxxxx is the serial number from the backplate label)
9.  Navigate to Settings -> WAN -> Add static IP interface (e.g.
    10.0.0.1/255.255.255.0)
10. Navigate to Settings -> Remote cotrol -> Add SSH, port 22,
    10.0.0.0/255.255.255.0 and interface created before
11. Change IP of your client to 10.0.0.2/255.255.255.0 and connect the
    ethernet cable to the WAN port of the router
12. Connect to the router using SSH shell under SuperUser account
13. Run in SSH shell:
       sh
14. Make a mtd backup (optional, see related section)
15. Change bootflag to Sercomm1 and reboot:
       printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
       reboot
16. Login to the router web interface under admin account
17. Remove dots from the OpenWrt factory image filename
18. Update firmware via web using OpenWrt factory image

Revert to stock
---------------
Change bootflag to Sercomm1 in OpenWrt CLI and then reboot:
   printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3

mtd backup
----------
1. Set up a tftp server (e.g. tftpd64 for windows)
2. Connect to a router using SSH shell and run the following commands:
      cd /tmp
      for i in 0 1 2 3 4 5 6 7 8 9 10; do nanddump -f mtd$i /dev/mtd$i; \
      tftp -l mtd$i -p 10.0.0.2; md5sum mtd$i >> mtd.md5; rm mtd$i; done
      tftp -l mtd.md5 -p 10.0.0.2

Recovery
--------
Use sercomm-recovery tool.
Link: https://github.com/danitool/sercomm-recovery

MAC Addresses
-------------
+-----+------------+---------+
| use | address    | example |
+-----+------------+---------+
| LAN | label      | *:50    |
| WAN | label + 11 | *:5b    |
| 2g  | label + 2  | *:52    |
| 5g  | label + 3  | *:53    |
+-----+------------+---------+
The label MAC address was found in Factory 0x21000

cfgtool.py
----------
A tool for decoding and encoding Sercomm configs.
Link: https://github.com/r3d5ky/sercomm_cfg_unpacker

Co-authored-by: Karim Dehouche <karimdplay@gmail.com>
Co-authored-by: Maximilian Weinmann <x1@disroot.org>
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-12-13 23:06:20 +01:00
Felix Fietkau
a4339c5a21 mac80211: add a fix for a crash in __ieee80211_rx_h_amsdu
Fix initialization of rx->link_sta

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-13 21:14:43 +01:00
Andre Heider
7c63295bf4 treewide: remove DRIVER_11N_SUPPORT
hostapd's compile time option CONFIG_IEEE80211N was removed almost 3 years
ago, 80.211n/HT is always included since then.

Noticed because `hostapd -v11n` confusingly returned an error.

See hostapd's commit:
f3bcd69603 "Remove CONFIG_IEEE80211N build option"

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-12-13 10:54:50 +01:00
Andre Heider
2d36f60d88 hostapd: fix 350-nl80211_del_beacon_bss.patch
Pass the expected struct:

../src/drivers/driver_nl80211.c: In function 'wpa_driver_nl80211_del_beacon':
../src/drivers/driver_nl80211.c:2945:31: warning: passing argument 1 of 'nl80211_bss_msg' from incompatible pointer type [-Wincompatible-pointer-types]
 2945 |         msg = nl80211_bss_msg(drv, 0, NL80211_CMD_DEL_BEACON);
      |                               ^~~
      |                               |
      |                               struct wpa_driver_nl80211_data *
../src/drivers/driver_nl80211.c:695:50: note: expected 'struct i802_bss *' but argument is of type 'struct wpa_driver_nl80211_data *'
  695 | struct nl_msg * nl80211_bss_msg(struct i802_bss *bss, int flags, uint8_t cmd)
      |                                 ~~~~~~~~~~~~~~~~~^~~

Fixes: 35ff1affe8 "hostapd: update to 2022-05-08"
Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-12-13 10:54:50 +01:00
Andre Heider
3bc060440a hostapd: remove an unused function from ubus.c
eee80211_frequency_to_channel() isn't used anymore, which is a leftover from:
2a31e9ca97 "hostapd: add op-class to get_status output"

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-12-13 10:54:50 +01:00
Felix Fietkau
e046500fe9 ath9k: add missing dependency on random core
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-13 10:25:27 +01:00
Christian Lamparter
19b3b14e54 sunxi: fix 253-sunxi-h5-add-support-for-nanopi-r1s-h5 patch offset
This showed up in the log:
|Hunk #1 succeeded at 555 (offset -83 lines).

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-12-12 09:06:17 +01:00
Tony Butler
1e240f60a5 kernel: modules/lib-lz4: add lz4hc_compress
enable option `CONFIG_CRYPTO_LZ4HC` to match default kernel config

this only adds the `lz4hc_compress` module, and has no effect on the
`lz4_decompress` module which already supports any flavor

Signed-off-by: Tony Butler <spudz76@gmail.com>
2022-12-11 09:32:53 -08:00
Felix Fietkau
03518a1b3a rtl8812au-ct: fix build with newer backports cfg80211 api
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-11 09:48:38 +01:00
Chukun Pan
171691500e wolfssl: fix build with /dev/crypto
Backport upstream patch to fix build error when
/dev/crypto enabled.

dc9f46a3be

Fixes: #10944
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2022-12-11 03:30:14 +01:00
Julio Gonzalez Gil
840ce0a65b umbim: Allow roaming and partner connections
Allow registration if the SIM is roaming or partner mode, by adding two
new options to the protocol.

Until now, such registration failed because umbim returns exit codes 4 and
5 for such situations.

Signed-off-by: Julio Gonzalez Gil <git@juliogonzalez.es>
2022-12-11 03:24:45 +01:00
Nick Hainke
b76bcdb210 libtracefs: update to 1.6.2
378a9dd libtracefs: version 1.6.2
e6daa60 libtracefs: Add unit test to test mounting of tracefs_{tracing,debug}_dir()
32acbbf libtracefs: Have tracefs_{tracing,debug}_dir() mount {tracefs,debugfs} if not mounted

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-12-11 02:45:28 +01:00
Felix Fietkau
a75a798162 mt76: update to the latest version
ec46d7486ab9 sync with upstream
2575de3aea33 wifi: mt76: mt7921: introduce chanctx support
473cebb3c3e1 wifi: mt76: fix bandwidth 80MHz link fail in 6GHz band
de3e77227f62 wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices
f0c191a9f6cd wifi: mt76: mt7996: add missing argument in mt7996_queue_rx_skb()
d3838a52df62 wifi: mt76: mt7996: enable use_cts_prot support
98492dff3bec wifi: mt76: mt7996: enable ack signal support
2a41e7a82f86 wifi: mt76: mt7996: add support to configure spatial reuse parameter set
194cb3392829 mt76: mt7915: add missing of_node_put()
f91d6f3b73ac wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host
1ce4970d799f wifi: mt76: mt7915: fix mt7915_rate_txpower_get() resource leaks
379f3fc0fc43 wifi: mt76: mt7996: fix insecure data handling of mt7996_mcu_ie_countdown()
233c272f0f86 wifi: mt76: mt7996: fix insecure data handling of mt7996_mcu_rx_radar_detected()
5616c4cc1d5d wifi: mt76: mt7996: fix integer handling issue of mt7996_rf_regval_set()
f9598e6d4c2c wifi: mt76: mt7915: split mcu chan_mib array up
b252d94bd763 wifi: mt76: mt7915: check return value before accessing free_block_num
f1cc3696d725 wifi: mt76: mt7996: check return value before accessing free_block_num
b94ba58fa698 wifi: mt76: mt7915: check the correctness of event data
35843a1670c0 wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr()
01a256c1dc41 wifi: mt76: mt7996: drop always true condition of __mt7996_reg_addr()
5185bbab8953 wifi: mt76: mt7996: fix endianness warning in mt7996_mcu_sta_he_tlv
eeb6949c4d06 wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power
063823aba978 wifi: mt76: mt7921: add support to update fw capability with MTFG table
a44109267e4e wifi: mt76: mt7996: fix unintended sign extension of mt7996_hw_queue_read()
be5dbb781068 wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read()
adf9042b6f63 wifi: mt76: fix coverity uninit_use_in_call in mt76_connac2_reverse_frag0_hdr_trans()
551201379efe wifi: mt76: move leds field in leds struct
14fbb6d6e85e wifi: mt76: move leds struct in mt76_phy
81edc468fc62 wifi: mt76: mt7915: enable per-phy led support
bbad827e447f wifi: mt76: mt7615: enable per-phy led support
8e7e7e52fc09 wifi: mt76: dma: do not increment queue head if mt76_dma_add_buf fails
95c66d651133 wifi: mt76: handle possible mt76_rx_token_consume failures
52d04463a66e wifi: mt76: dma: rely on queue page_frag_cache for wed rx queues
7fae1de12ae7 wifi: mt76: mt7921: resource leaks at mt7921_check_offload_capability()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-10 15:15:42 +01:00
Felix Fietkau
8d90b9fef1 mac80211: update to linux 6.1-rc8
This should help stay in sync with upstream development

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-10 15:15:19 +01:00
Felix Fietkau
b1b29ba987 mt76: update to version 2022-12-01
3deafbad7061 wifi: mt76: mt7915: fix uninitialized irq_mask
6ca31dc64da4 wifi: mt76: mt7921: introduce remain_on_channel support
7962005b0734 wifi: mt76: connac: rework macros for unified command
3b2882ca704e wifi: mt76: connac: update struct sta_rec_phy
c4d46cb1dd45 wifi: mt76: connac: rework fields for larger bandwidth support in sta_rec_bf
532c322fd72f wifi: mt76: connac: add more unified command IDs
4c43e060726b wifi: mt76: connac: introduce unified event table
4c423058920d wifi: mt76: connac: add more bss info command tags
143d7ab8ef92 wifi: mt76: connac: add more starec command tags
733ef9887b2c wifi: mt76: connac: introduce helper for mt7996 chipset
8e309b5560e1 wifi: mt76: mt7921: fix wrong power after multiple SAR set
d791ed1f5877 wifi: mt76: mt7915: add missing MODULE_PARM_DESC
3b8eed9c3866 wifi: mt76: mt7915: add support to configure spatial reuse parameter set
417cca39bab2 wifi: mt76: introduce rxwi and rx token utility routines
629f8631f54f wifi: mt76: add WED RX support to mt76_dma_{add,get}_buf
13c2dc8993b6 wifi: mt76: add WED RX support to mt76_dma_rx_fill
86e94f4162b7 wifi: mt76: add WED RX support to dma queue alloc
1361519851f3 wifi: mt76: add info parameter to rx_skb signature
a2e5e0667553 wifi: mt76: connac: introduce mt76_connac_mcu_sta_wed_update utility routine
f38faf294310 wifi: mt76: mt7915: enable WED RX support
a887a5feb3d1 wifi: mt76: mt7915: enable WED RX stats
4c23061ebcfc wifi: mt76: mt7915: add basedband Txpower info into debugfs
a9c88ded5cac wifi: mt76: mt7915: enable .sta_set_txpwr support
2c172bb6cd9f wifi: mt76: mt7915: fix band_idx usage
1b88dd07f153 linux-firmware: update firmware for MT7915
6196f6080506 linux-firmware: update firmware for MT7916
daae6ca5d81f linux-firmware: update firmware for MT7986
e7a9f7a0440c wifi: mt76: mt7915: fix unused-but-set warning
340f3be65397 wifi: mt76: fix coverity overrun-call in mt76_get_txpower()
aa7132da0326 wifi: mt76: mt7915: fix endianness of mt7915_mcu_set_obss_spr_pd()
a36017d09324 wifi: mt76: mt7921: Add missing __packed annotation of struct mt7921_clc
66dc48bea883 wifi: mt76: do not send firmware FW_FEATURE_NON_DL region
fa79eeeadc2d mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2()
ff94604b2edd wifi: mt76: mt7915: introduce mt7915_get_power_bound()
5082a58f8082 wifi: mt76: mt7915: enable per bandwidth power limit support
a7b915302147 wifi: mt76: mt7915: fix scene detection flow of spatial reuse
525592c28d6b wifi: mt76: mt7915: rely on band_idx of mt76_phy
cdd7229e769b wifi: mt76: mt7915: mmio: fix naming convention

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-10 13:18:10 +01:00
Felix Fietkau
a797f0e82a hostapd: use wpa_supplicant for unencrypted mesh connections
It's more reliable than using iw

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-10 12:38:46 +01:00
Rafał Miłecki
57a8ea6d74 uboot-bcm4908: update to the latest generic
4435700d18 Remove redundant YYLOC global declaration

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-12-08 12:10:21 +01:00
Hauke Mehrtens
69f0c29b8b ustream-ssl: update to Git version 2022-12-07
9217ab4 ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
2ce1d48 ci: fix building with i.MX6 SDK
584f1f6 ustream-openssl: wolfSSL: provide detailed information in debug builds
aa8c48e cmake: add a possibility to set library version

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-08 01:17:26 +01:00
Jan-Niklas Burfeind
13f82ce264 comgt-ncm: add support for quectel modem EC200T-EU
context_type is an integer mapping of pdptype:
1: IPV4
2: IPV6
3: IPV4V6

Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
2022-12-07 12:30:39 +01:00
Andre Heider
8138d66fcc fritz-tools: fritz_tffs_nand: cache already read sector ids
This speeds up the tool significantly, especially when using the "-a"
argument.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-12-07 12:30:23 +01:00
Andre Heider
902378dc87 fritz-tools: fritz_tffs_nand: get rid of struct tffs_sectors
This doesn't help and "[0]" gets in the way of bounds checks.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-12-07 12:30:17 +01:00
Andre Heider
4e2d5f4f9f fritz-tools: fritz_tffs_nand: exclude oob code when disabled
Skip unnecessary stuff if checking the oob data is disabled.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-12-07 12:30:10 +01:00
Jo-Philipp Wich
f1f3d19387 firewall4: add missing PKG_MIRROR_HASH
Fixes: 84183f0d98 ("firewall4: update to latest Git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-12-07 08:54:56 +01:00
Hauke Mehrtens
60e335b76e e2fsprogs: Fix CVE-2022-1304
This fixes CVE-2022-1304:
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.
This issue leads to a segmentation fault and possibly arbitrary code
execution via a specially crafted filesystem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-06 23:09:00 +01:00
Jo-Philipp Wich
84183f0d98 firewall4: update to latest Git HEAD
700a925 fw4: prevent null access when no ipsets are defined
6443ec7 config: drop input traffic by default
119ee1a ruleset: drop ctstate invalid traffic for masq-enabled zones

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-12-06 11:43:06 +01:00
Jo-Philipp Wich
86b8e245c8 ucode: update to latest Git HEAD
46d93c9 tests: fixup testcases
4c654df types: adjust double printing format
eac2add compiler: fix bytecode for logical assignments of properties
3903b18 fs: add `realpath()` function
8366102 math: add isnan() function
eef83d3 tests: relax sleep() test
394e901 lib: uc_json(): accept trailing whitespace when parsing strings
1867c8b uloop: terminate parent uloop in task child processes
d2cc003 uci: auto-load package in `ctx.foreach()` and `ctx.get_first()`
6c5ee53 compiler: ensure that arrow functions with block bodies return no value
fdc9b6a compiler: fix `??=`, `||=` and `&&=` logical assignment semantics
88dcca7 add cmake to install requires for debian

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-12-06 11:43:06 +01:00
Christian Marangi
ada4d0d0ab
iucode-tool: fix compile error with musl libc and USE_CPUID_DEVICE
Add patch to fix compilation error with USE_CPUID_DEVICE enabled and musl
used as libc. Musl doesn't add limits.h header by default and this is
required if USE_CPUID_DEVICE is used.

The package currently compile because fortify headers include limits.h
by default.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-12-04 13:21:46 +01:00
Hauke Mehrtens
077622a198 mac80211: Update to version 5.15.81
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-03 18:32:19 +01:00
Daniel Golle
366bcffa0e
uboot-mediatek: bpi-r3: raise CONFIG_LMB_MAX_REGIONS to 64
Raise CONFIG_LMB_MAX_REGIONS to 64 as there are going to be more than
8 (the default value) reserved regions to allow supporting offloading
Wireless-to-Ethernet traffic on MT7986.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-11-29 19:44:43 +00:00
Daniel Golle
aa12a0fdd1
dnsmasq: add option to expose additional paths to jail
Add new UCI list 'addn_mount' allowing the expose additional filesystem
paths to the jailed dnsmasq process. This is useful e.g. in case of
manually configured includes to the configuration file or symlinks
pointing outside of the exposed paths as used by e.g. the safe-search
package in the packages feed.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-11-27 14:06:08 +00:00
Pawel Dembicki
afcccaad82 layerscape: Switch LS1012A-FRDM initramfs to gzip
At this moment LS1012A-FRDM have uncompressed initramfs image.

Error was caused, because gzip extract area overlap image.

Let's change loadaddr and enable gzip initramfs images again.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2022-11-27 13:18:29 +01:00
Michael Pratt
6de9287abd ath79: add support for Senao Engenius EAP1750H
FCC ID: A8J-EAP1750H

Engenius EAP1750H is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+

**Specification:**

  - QCA9558 SOC
  - QCA9880 WLAN	PCI card, 5 GHz, 3x3, 26dBm
  - AR8035-A PHY	RGMII GbE with PoE+ IN
  - 40 MHz clock
  - 16 MB FLASH		MX25L12845EMI-10G
  - 2x 64 MB RAM	NT5TU32M16FG
  - UART at J10		populated
  - 4 internal antenna plates (5 dbi, omni-directional)
  - 5 LEDs, 1 button (power, eth0, 2G, 5G, WPS) (reset)

**MAC addresses:**

  MAC addresses are labeled as ETH, 2.4G, and 5GHz
  Only one Vendor MAC address in flash

  eth0 ETH  *:fb art 0x0
  phy1 2.4G *:fc ---
  phy0 5GHz *:fd ---

**Serial Access:**

  the RX line on the board for UART is shorted to ground by resistor R176
  therefore it must be removed to use the console
  but it is not necessary to remove to view boot log

  optionally, R175 can be replaced with a solder bridge short

  the resistors R175 and R176 are next to the UART RX pin at J10

**Installation:**

  2 ways to flash factory.bin from OEM:

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fd70000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

**Return to OEM:**

  If you have a serial cable, see Serial Failsafe instructions
  otherwise, uboot-env can be used to make uboot load the failsafe image

  ssh into openwrt and run
  `fw_setenv rootfs_checksum 0`
  reboot, wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

**TFTP recovery:**

  Requires serial console, reset button does nothing

  rename initramfs to 'vmlinux-art-ramdisk'
  make available on TFTP server at 192.168.1.101
  power board, interrupt boot
  execute tftpboot and bootm 0x81000000

  NOTE: TFTP is not reliable due to bugged bootloader
  set MTU to 600 and try many times
  if your TFTP server supports setting block size
  higher block size is better.

**Format of OEM firmware image:**

  The OEM software of EAP1750H is a heavily modified version
  of Openwrt Kamikaze. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-ar71xx-generic-eap1750h-uImage-lzma.bin
    openwrt-ar71xx-generic-eap1750h-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  Newer EnGenius software requires more checks but their script
  includes a way to skip them, otherwise the tar must include
  a text file with the version and md5sums in a deprecated format.

  The OEM upgrade script is at /etc/fwupgrade.sh.

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  The clock delay required for RGMII can be applied
  at the PHY side, using the at803x driver `phy-mode`.
  Therefore the PLL registers for GMAC0
  do not need the bits for delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-11-27 13:18:29 +01:00
Nick Hainke
6640c788fe mac80211: subsys: complete patch files for use with git am
Adding proper fields to patch files allowing for `git am` to properly
function.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-27 13:18:29 +01:00
Tony Butler
3d205eb216 wolfssl: fix Config.in typo
Fix simple typo `/crytpo/crypto/` in a description string

Signed-off-by: Tony Butler <spudz76@gmail.com>
2022-11-27 12:58:33 +01:00
Nick Hainke
745f1ca976 wolfssl: update to v5.5.3
Remove "200-ecc-rng.patch" because it was upstramed by:
e2566bab21
Refreshed "100-disable-hardening-check.patch".

Fixes CVE 2022-42905.

Release Notes:
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.3-stable

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-27 12:58:33 +01:00
Nick Hainke
68714f2135 ipset: update to 7.16
Release Notes:
https://lore.kernel.org/netfilter-devel/d65fe5d8-d5ea-ef7-102d-aa1d15bb4d69@netfilter.org/T/#u

Patch "0001-lib-ipset-fix-printf-warning.patch" replaced upstream by:
http://git.netfilter.org/ipset/commit/?id=e39e3466d2d38cdfe83447f391b550e607bc3ce8

Remove upstreamed:
- 0002-Fix-IPv6-sets-nftables-translation.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-27 12:58:33 +01:00
Alexander Couzens
4943ce98ff
kernel/module/iio: add TI am335x ADC driver
Add the iio driver for the embedded ADC in the
TI Sitara am335x SoCs.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2022-11-24 15:47:01 +00:00
Jonas Albrecht
74a5718223 lantiq: ltq-tapi: add customer pulse digit time
With this patch you can change the pulse digit time by loading the Lantiq
FXS driver kernel module called ltq-tapi. This is relevant for old
rotaryphones that uses pulsedialing.

The default values are:
30-80ms for the low pulse
30-80ms for the high pulse
300ms for minimum Interdigit time

this is OK but on some Phones it can be usefull to customize the values
If you want to change the values to high and low pulse to 40-90ms and
minimum interdigit time to 400ms

than change /etc/modules.d/20-ltq-tapi to (without linebrakes):
drv_tapi min_digit_low=40  min_digit_high=90 max_digit_low=40 \
max_digit_high=90 min_interdigit=400

Signed-off-by: Jonas Albrecht <plonkbong100@protonmail.com>
2022-11-18 20:27:52 +01:00
Nick Hainke
8db2db9890 libtracefs: update to 1.6.1
Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-18 20:27:52 +01:00
Nick Hainke
c17b6343f3 lldpd: update to 1.0.16
Release Notes:
https://github.com/lldpd/lldpd/releases/tag/1.0.16

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-18 20:27:52 +01:00
Álvaro Fernández Rojas
1996d600bd cypress-firmware: update to v5.10.9-2022_0909
The following firmwares have been updated:
- cyfmac43012-sdio (v13.10.271.266 -> v13.10.271.289)
- cyfmac43430-sdio (v7.45.98.118 -> v7.45.98.125)
- cyfmac43455-sdio (v7.45.234 -> v7.45.250)
- cyfmac4354-sdio (v7.35.349.104 -> v7.35.349.117)
- cyfmac4356-pcie (v7.35.180.208 -> v7.35.180.212)
- cyfmac4356-sdio (v7.35.349.104 -> v7.35.349.115)
- cyfmac4373-sdio (v13.10.246.253 -> v13.10.246.289)
- cyfmac4373-usb (v13.10.246.253 -> v13.10.246.289)
- cyfmac54591-pcie (v13.35.225 -> v13.35.284)

The following firmwares have been added:
- cyfmac43439-sdio (v7.95.55)
- cyfmac4373-pcie (v13.35.205.66)
- cyfmac54591-sdio (v13.35.284)
- cyfmac55560-pcie (v18.53.53.4)
- cyfmac55572-pcie (v18.53.117.2)
- cyfmac55572-sdio (v18.53.117.2)

More info: https://github.com/Infineon/ifx-linux-firmware/compare/release-v5.4.18-2021_0812...release-v5.10.9-2022_0909

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2022-11-17 16:43:55 +01:00
Álvaro Fernández Rojas
0db537975d cypress-firmware: fix cyfmac4356-pcie symbolic links
The symbolic link introduced in 22e9d8bc89 is wrong.

Fixes: 22e9d8bc89 ("cypress-firmware: use symlink to provide firmware in brcm")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2022-11-17 12:27:41 +01:00
Daniel Golle
4c67d1e066 uboot-mediatek: optimize MMC erase
Fix mmc_write_vol hush script used by many boards to avoid timeouts on
slow SD cards:
Instead of erasing a complete partition, only erase blocks for the
to-be-written image when writing to MMC.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-11-17 01:55:55 +00:00
Kuan-Yi Li
49bbfd9968 cypress-nvram: consolidate NVRAM packages
NVRAM packages for the same wireless chip are consolidated into one as
they contain only small text files and symlinks.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
2022-11-16 20:14:13 +01:00
Kuan-Yi Li
c6e86d8095 linux-firmware: broadcom: consolidate NVRAM packages
NVRAM packages for the same wireless chip are consolidated into one as
they contain only small text files and symlinks.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
2022-11-16 20:14:13 +01:00
Kuan-Yi Li
22fd8b0df6 cypress-nvram: disassociate from external source repo
Since all NVRAM files in external repo are now upstreamed and to lower
future maintenance cost, disassociate the package from external source
repo.

All upstream pending NVRAM files shall be stored locally from now on.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
[Remove outdated URL, add SPDX-License-Identifier]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2022-11-16 20:14:13 +01:00
Glenn Strauss
0d43c22d47 libmbedtls: use defaults if no build opts selected
use defaults if no build opts selected
(allows build with defaults when mbedtls not selected and configured)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-16 12:27:18 +02:00
Kuan-Yi Li
a110418027 linux-firmware: offer two versions of firmware for CYW4339
According to commit 6f6c2fb321, AP6335 module used in PICO-PI-IMX7D works
only with firmware from `linux-firmware`. However, firmware from
`cypress-firmware` suite is directly from the chip company (Infineon) and
is actually newer.

Instead of dropping the firmware from Infineon, create a package named
`brcmfmac-firmware-4339-sdio`, and keep the Infineon version of
`cypress-firmware-4339-sdio` around.

This gives us devs the option to choose. Also, it means that

 - packages `brcmfmac-firmware-*` uniformly come from `linux-firmware`
 - packages `cypress-firmware-*` uniformly come from `cypress-firmware`

so hopefully brings more clarity.

Tested-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
2022-11-15 20:49:58 +01:00
Kuan-Yi Li
60832584aa linux-firmware: broadcom: use symlink to provide NVRAM for some RPis
This is to align the implementation with upstream `linux-firmware`.

Some Raspberry Pi boards do not have dedicated NVRAM in `linux-firmware`
source repository, their NVRAM is provided through a symbolic link to
NVRAM of another board with an identical wireless design.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
2022-11-15 20:48:20 +01:00
Kuan-Yi Li
22e9d8bc89 cypress-firmware: use symlink to provide firmware in brcm
This is to align the implementation with upstream `linux-firmware`.

Instead of moving these firmware files to `brcm` subdirectory and changing
their names, leave them in `cypress` subdirectory, keep their names intact
and use symbolic links to provide compatibility with Broadcom FullMAC
driver.

This gives more context to where the firmware comes from.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
2022-11-15 20:48:08 +01:00
Kuan-Yi Li
efaad5e901 cypress-nvram: use symlink to provide NVRAM for some RPis
This is to align the implementation with upstream `linux-firmware`.

Some Raspberry Pi boards do not have dedicated NVRAM in `linux-firmware`
source repository, their NVRAM is provided through a symbolic link to
NVRAM of another board with an identical wireless design.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
2022-11-15 20:47:54 +01:00
Kuan-Yi Li
ce6f86e134 cypress-nvram: remove PROVIDES in NVRAM packages
PROVIDES for these packages will cause ambiguity and circular dependency
in planned changes.

For example, if there is a package `brcmfmac-firmware-43455-sdio-rpi-cm4`
that depends on `brcmfmac-firmware-43455-sdio-rpi-4b`, there is no way to
tell which one of below packages the system will go for.

 - package named `brcmfmac-firmware-43455-sdio-rpi-4b`
 - package named `cypress-nvram-43455-sdio-rpi-4b` that PROVIDES
   `brcmfmac-firmware-43455-sdio-rpi-4b`

When ambiguity is unacceptable, PROVIDES (aliases) shall be removed and
packages shall only be used through their exact name.

So remove PROVIDES and keep only CONFLICTS.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
2022-11-15 20:46:12 +01:00
Daniel Golle
ebe2b7190b
kernel: modules: package Marvell gigE PHY driver
Some copper SFP modules come with Marvell's 88E1xxx PHY and need this
module to function. Package it, so users can easily install this PHY
driver and use e.g. FINISAR CORP. FCLF-8521-3-HC SFP.

Without marvell PHY driver:
sfp sfp2: module FINISAR CORP.    FCLF-8521-3-HC   rev A    sn XXXXXXX          dc XXXXXX
mt7530 mdio-bus:1f sfp2: validation with support 0000000,00000000,00000000 failed: -22
sfp sfp2: sfp_add_phy failed: -22

With marvell PHY driver:
sfp sfp2: module FINISAR CORP.    FCLF-8521-3-HC   rev A    sn XXXXXXX          dc XXXXXX
mt7530 mdio-bus:1f sfp2: switched to inband/sgmii link mode
mt7530 mdio-bus:1f sfp2: PHY [i2c:sfp2:16] driver [Marvell 88E1111] (irq=POLL)
mt7530 mdio-bus:1f sfp2: Link is Up - 1Gbps/Full - flow control rx/tx

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-11-15 19:12:39 +00:00
Lech Perczak
6fdeb48c1e ath79: support Ruckus ZoneFlex 7025
Ruckus ZoneFlex 7025 is a single 2.4GHz radio 802.11n 1x1 enterprise
access point with built-in Ethernet switch, in an electrical outlet form factor.

Hardware highligts:
- CPU: Atheros AR7240 SoC at 400 MHz
- RAM: 64MB DDR2
- Flash: 16MB SPI-NOR
- Wi-Fi: AR9285 built-in 2.4GHz 1x1 radio
- Ethernet: single Fast Ethernet port inside the electrical enclosure,
  coupled with internal LSA connector for direct wiring,
  four external Fast Ethernet ports on the lower side of the device.
- PoE: 802.3af PD input inside the electrical box.
  802.3af PSE output on the LAN4 port, capable of sourcing
  class 0 or class 2 devices, depending on power supply capacity.
- External 8P8C pass-through connectors on the back and right side of the device
- Standalone 48V power input on the side, through 2/1mm micro DC barrel jack

Serial console: 115200-8-N-1 on internal JP1 header.
Pinout:

---------- JP1
|5|4|3|2|1|
----------

Pin 1 is near the "H1" marking.
1 - RX
2 - n/c
3 - VCC (3.3V)
4 - GND
5 - TX

Installation:
There are two methods of installation:
- Using serial console [1] - requires some disassembly, 3.3V USB-Serial
  adapter, TFTP server,  and removing a single T10 screw,
  but with much less manual steps, and is generally recommended, being
  safer.
- Using stock firmware root shell exploit, SSH and TFTP [2]. Does not
  work on some rare versions of stock firmware. A more involved, and
  requires installing `mkenvimage` from u-boot-tools package if you
  choose to rebuild your own environment, but can be used without
  disassembly or removal from installation point, if you have the
  credentials.
  If for some reason, size of your sysupgrade image exceeds 13312kB,
  proceed with method [1]. For official images this is not likely to
  happen ever.

[1] Using serial console:
0. Connect serial console to H1 header. Ensure the serial converter
   does not back-power the board, otherwise it will fail to boot.

1. Power-on the board. Then quickly connect serial converter to PC and
   hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
   you'll enter U-boot shell. Then skip to point 3.
   Connection parameters are 115200-8-N-1.

2. Allow the board to boot.  Press the reset button, so the board
   reboots into U-boot again and go back to point 1.

3. Set the "bootcmd" variable to disable the dual-boot feature of the
   system and ensure that uImage is loaded. This is critical step, and
   needs to be done only on initial installation.

   > setenv bootcmd "bootm 0x9f040000"
   > saveenv

4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:

   > setenv serverip 192.168.1.2
   > setenv ipaddr 192.168.1.1
   > tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7025-initramfs-kernel.bin
   > bootm 0x81000000

5. Optional, but highly recommended: back up contents of "firmware" partition:

   $ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7025_fw1_backup.bin

6. Copy over sysupgrade image, and perform actual installation. OpenWrt
   shall boot from flash afterwards:

   $ ssh root@192.168.1.1
   # sysupgrade -n openwrt-ath79-generic-ruckus_zf7025-squashfs-sysupgrade.bin

[2] Using stock root shell:
0. Reset the device to factory defaullts. Power-on the device and after
   it boots, hold the reset button near Ethernet connectors for 5
   seconds.

1. Connect the device to the network. It will acquire address over DHCP,
   so either find its address using list of DHCP leases by looking for
   label MAC address, or try finding it by scanning for SSH port:

   $ nmap 10.42.0.0/24 -p22

   From now on, we assume your computer has address 10.42.0.1 and the device
   has address 10.42.0.254.

2. Set up a TFTP server on your computer. We assume that TFTP server
   root is at /srv/tftp.

3. Obtain root shell. Connect to the device over SSH. The SSHD ond the
   frmware is pretty ancient and requires enabling HMAC-MD5.

   $ ssh 10.42.0.254 \
   -o UserKnownHostsFile=/dev/null \
   -o StrictHostKeyCheking=no \
   -o MACs=hmac-md5

   Login. User is "super", password is "sp-admin".
   Now execute a hidden command:

   Ruckus

   It is case-sensitive. Copy and paste the following string,
   including quotes. There will be no output on the console for that.

   ";/bin/sh;"

   Hit "enter". The AP will respond with:

   grrrr
   OK

   Now execute another hidden command:

   !v54!

   At "What's your chow?" prompt just hit "enter".
   Congratulations, you should now be dropped to Busybox shell with root
   permissions.

4. Optional, but highly recommended: backup the flash contents before
   installation. At your PC ensure the device can write the firmware
   over TFTP:

   $ sudo touch /srv/tftp/ruckus_zf7025_firmware{1,2}.bin
   $ sudo chmod 666 /srv/tftp/ruckus_zf7025_firmware{1,2}.bin

   Locate partitions for primary and secondary firmware image.
   NEVER blindly copy over MTD nodes, because MTD indices change
   depending on the currently active firmware, and all partitions are
   writable!

   # grep rcks_wlan /proc/mtd

   Copy over both images using TFTP, this will be useful in case you'd
   like to return to stock FW in future. Make sure to backup both, as
   OpenWrt uses bot firmwre partitions for storage!

   # tftp -l /dev/<rcks_wlan.main_mtd> -r ruckus_zf7025_firmware1.bin -p 10.42.0.1
   # tftp -l /dev/<rcks_wlan.bkup_mtd> -r ruckus_zf7025_firmware2.bin -p 10.42.0.1

   When the command finishes, copy over the dump to a safe place for
   storage.

   $ cp /srv/tftp/ruckus_zf7025_firmware{1,2}.bin ~/

5. Ensure the system is running from the BACKUP image, i.e. from
   rcks_wlan.bkup partition or "image 2". Otherwise the installation
   WILL fail, and you will need to access mtd0 device to write image
   which risks overwriting the bootloader, and so is not covered here
   and not supported.

   Switching to backup firmware can be achieved by executing a few
   consecutive reboots of the device, or by updating the stock firmware. The
   system will boot from the image it was not running from previously.
   Stock firmware available to update was conveniently dumped in point 4 :-)

6. Prepare U-boot environment image.
   Install u-boot-tools package. Alternatively, if you build your own
   images, OpenWrt provides mkenvimage in host staging directory as well.
   It is recommended to extract environment from the device, and modify
   it, rather then relying on defaults:

   $ sudo touch /srv/tftp/u-boot-env.bin
   $ sudo chmod 666 /srv/tftp/u-boot-env.bin

   On the device, find the MTD partition on which environment resides.
   Beware, it may change depending on currently active firmware image!

   # grep u-boot-env /proc/mtd

   Now, copy over the partition

   # tftp -l /dev/mtd<N> -r u-boot-env.bin -p 10.42.0.1

   Store the stock environment in a safe place:

   $ cp /srv/tftp/u-boot-env.bin ~/

   Extract the values from the dump:

   $ strings u-boot-env.bin | tee u-boot-env.txt

   Now clean up the debris at the end of output, you should end up with
   each variable defined once. After that, set the bootcmd variable like
   this:

   bootcmd=bootm 0x9f040000

   You should end up with something like this:

bootcmd=bootm 0x9f040000
bootargs=console=ttyS0,115200 rootfstype=squashfs init=/sbin/init
baudrate=115200
ethaddr=0x00:0xaa:0xbb:0xcc:0xdd:0xee
mtdparts=mtdparts=ar7100-nor0:256k(u-boot),7168k(rcks_wlan.main),7168k(rcks_wlan.bkup),1280k(datafs),256k(u-boot-env)
mtdids=nor0=ar7100-nor0
bootdelay=2
filesize=52e000
fileaddr=81000000
ethact=eth0
stdin=serial
stdout=serial
stderr=serial
partition=nor0,0
mtddevnum=0
mtddevname=u-boot
ipaddr=192.168.0.1
serverip=192.168.0.2
stderr=serial
ethact=eth0

   These are the defaults, you can use most likely just this as input to
   mkenvimage.

   Now, create environment image and copy it over to TFTP root:

   $ mkenvimage -s 0x40000 -b -o u-boot-env.bin u-boot-env.txt
   $ sudo cp u-boot-env.bin /srv/tftp

   This is the same image, gzipped and base64-encoded:

H4sICOLMEGMAA3UtYm9vdC1lbnYtbmV3LmJpbgDt0E1u00AUAGDfgm2XDUrTsUV/pTkFSxZoEk+o
lcQJtlNaLsURwU4FikDiBN+3eDNvLL/3Zt5/+vFuud8Pq10dp3V3EV4e1uFDGBXTQeq+9HG1b/v9
NsdheP0Y5mV5U4Vw0Y1f1/3wesix/3pM/dO6v2jaZojX/bJpr6dtsUzHuktDjm//FHl4SnXdxfAS
wmN4SWkMy+UYVqsx1PUYci52Q31I3dDHP5vU3ZUhXLX7LjxWN7eby+PVNNxsflfe3m8uu9Wm//xt
m9rFLjXtv6fLzfEwm5fVfdhc1mlI6342Pytzldvn2dS1qfs49Tjvd3qFOm/Ta6yKdbPNffM9x5sq
Ty805acL3Zfh5HTD1RDHJRT9WLGNfe6atJ2S/XE4y3LX/c6mSzZDs29P3edhmqXOz+1xF//s0y7H
t3GL5nDqWT5Ui/Gii7Aoi7HQ81jrcHZY/dXkfLLiJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8
xy8jb4zOAAAEAA==

7. Perform actual installation. Copy over OpenWrt sysupgrade image to
   TFTP root:

   $ sudo cp openwrt-ath79-generic-ruckus_zf7025-squashfs-sysupgrade.bin /srv/tftp

   Now load both to the device over TFTP:

   # tftp -l /tmp/u-boot-env.bin -r u-boot-env.bin -g 10.42.0.1
   # tftp -l /tmp/openwrt.bin -r openwrt-ath79-generic-ruckus_zf7025-squashfs-sysupgrade.bin -g 10.42.0.1

   Verify checksums of both images to ensure the transfer over TFTP
   was completed:

   # sha256sum /tmp/u-boot-env.bin /tmp/openwrt.bin

   And compare it against source images:

   $ sha256sum /srv/tftp/u-boot-env.bin /srv/tftp/openwrt-ath79-generic-ruckus_zf7025-squashfs-sysupgrade.bin

   Locate MTD partition of the primary image:

   # grep rcks_wlan.main /proc/mtd

   Now, write the images in place. Write U-boot environment last, so
   unit still can boot from backup image, should power failure occur during
   this. Replace MTD placeholders with real MTD nodes:

   # flashcp /tmp/openwrt.bin /dev/<rcks_wlan.main_mtd>
   # flashcp /tmp/u-boot-env.bin /dev/<u-boot-env_mtd>

   Finally, reboot the device. The device should directly boot into
   OpenWrt. Look for the characteristic power LED blinking pattern.

   # reboot -f

   After unit boots, it should be available at the usual 192.168.1.1/24.

Return to factory firmware:

1. Boot into OpenWrt initramfs as for initial installation. To do that
   without disassembly, you can write an initramfs image to the device
   using 'sysupgrade -F' first.
2. Unset the "bootcmd" variable:
   fw_setenv bootcmd ""
3. Concatenate the firmware backups, if you took them during installation using method 2:

   $ cat ruckus_zf7025_fw1_backup.bin ruckus_zf7025_fw2_backup.bin > ruckus_zf7025_backup.bin

3. Write factory images downloaded from manufacturer website into
   fwconcat0 and fwconcat1 MTD partitions, or restore backup you took
   before installation:

   # mtd write ruckus_zf7025_backup.bin /dev/mtd1

4. Reboot the system, it should load into factory firmware again.

Quirks and known issues:
- Flash layout is changed from the factory, to use both firmware image
  partitions for storage using mtd-concat, and uImage format is used to
  actually boot the system, which rules out the dual-boot capability.
- The 2.4 GHz radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
  OpenWrt by choice.
  It is controlled by data in the top 64kB of RAM which is unmapped,
  to avoid   the interference in the boot process and accidental
  switch to the inactive image, although boot script presence in
  form of "bootcmd" variable should prevent this entirely.
- On some versions of stock firmware, it is possible to obtain root shell,
  however not much is available in terms of debugging facitilies.
  1. Login to the rkscli
  2. Execute hidden command "Ruckus"
  3. Copy and paste ";/bin/sh;" including quotes. This is required only
     once, the payload will be stored in writable filesystem.
  4. Execute hidden command "!v54!". Press Enter leaving empty reply for
     "What's your chow?" prompt.
  5. Busybox shell shall open.
  Source: https://alephsecurity.com/vulns/aleph-2019014

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-11-13 22:36:06 +01:00
Lech Perczak
a98fa04362 uboot-envtools: ath79: add support for Ubiquiti XM devices
Inspired by commit 9565c5726a, and by
facts that all Ubiquiti XM devices share flash layout, and images are
mostly compatible between all of them - enable uboot-envtools support for
whole XM line.

Build tested on: Ubiquiti Airrouter, Bullet-M (7240,7241), Nanobridge-M,
Nanostation-M (+ Loco), Picostation-M, Powerbridge-M, Rocket-M.
Runtime tested on: Ubiquiti Nanobridge M5 (XM).

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-11-13 22:36:06 +01:00
Mikhail Zhilkin
0cfd15552e ramips: add support for Rostelecom RT-SF-1
Rostelecom RT-SF-1 is a wireless WiFi 5 router manufactured by Sercomm
company.

Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB
Flash: 256 MiB, Micron MT29F2G08ABAGA3W
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7615E): a/n/ac, 4x4
Ethernet: 5xGbE (WAN, LAN1, LAN2, LAN3, LAN4)
USB ports: 1xUSB3.0
ZigBee: 3.0, EFR32 MG1B232GG
Button: 2 buttons (Reset & WPS)
LEDs:
   - 1x Status (RGB)
   - 1x 2.4G (blue, hardware, mt76-phy0)
   - 1x 5G (blue, hardware, mt76-phy1)
Power: 12 VDC, 1.5 A
Connector type: barrel
Bootloader: U-Boot

Installation
-----------------
1. Remove dots from the OpenWrt factory image filename
2. Login to the router web interface
3. Update firmware using web interface with the OpenWrt factory image
4. If OpenWrt is booted, then no further steps are required. Enjoy!
   Otherwise (Stock firmware has booted again) proceed to the next step.
5. Update firmware using web interface with any version of the Stock
   firmware
6. Update firmware using web interface with the OpenWrt factory image

Revert to stock
---------------
Change bootflag to Sercomm1 in OpenWrt CLI and then reboot:
    printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3

Recovery
--------
Use sercomm-recovery tool.
Link: https://github.com/danitool/sercomm-recovery

MAC Addresses
-------------
+-----+------------+------------+
| use | address    | example    |
+-----+------------+------------+
| LAN | label      | *:72, *:d2 |
| WAN | label + 11 | *:7d, *:dd |
| 2g  | label + 2  | *:74, *:d4 |
| 5g  | label + 3  | *:75, *:d5 |
+-----+------------+------------+
The label MAC address was found in Factory 0x21000

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-11-13 21:51:22 +01:00
Glenn Strauss
1064252259 libmbedtls: disable older RSA ciphers
disable older RSA ciphers

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-13 21:51:22 +01:00
Glenn Strauss
aeeb12eb83 libmbedtls: enable crypto algorithms for hostap
enable additional crypto algorithms for hostap

hostap uses local implementations if not provided by crypto library,
so might as well enable in the crypto library for shared use by others.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-13 21:51:22 +01:00
Glenn Strauss
602a76ed65 libmbedtls: build option submenu
menuconfig libmbedtls build option submenu

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-13 21:51:22 +01:00
Andrew Ammerlaan
b2e83c16e1 procd: service: pass all arguments to service
Passing all arguments to /etc/init.d/$service restores the
behaviour of openwrt 21.02. This is relevant for services
such as etherwake which take more then one argument, e.g.:
"service etherwake start <list of devices to wake>"

Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
2022-11-13 21:51:10 +01:00
Nick Hainke
de79a0a9e0 zlib: update to 1.2.13
Remove "001-neon-implementation-of-adler32.patch" because upstreamed
deleted assembler code optimizations:
d0704a8201

Remove upstreamed patches:
- 006-fix-CVE-2022-37434.patch
- 007-fix-null-dereference-in-fix-CVE-2022-37434.patch

Refresh patches:
- 002-arm-specific-optimisations-for-inflate.patch
- 003-arm-specific-optimisations-for-inflate.patch
- 004-attach-sourcefiles-in-patch-002-to-buildsystem.patch

Switch to "https github.com" for downloading source files.

Release Announcements:
https://github.com/madler/zlib/releases/tag/v1.2.13

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-13 20:47:57 +01:00
Uwe Kleine-König
cec9cbef44 kernel: add kmod-hwmon-sht3x support
The driver supports the temperature and humidity sensors chips SHT3x and
STS3x by Sensirion.

Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
2022-11-13 20:47:57 +01:00
Andre Heider
6f729163b1 mt76: move the mt7921 firmware to its own package
It's not just required for the PCI version, but for USB and presumably
SDIO as well.

Tested with 0e8d:7961 Comfast CF-953AX (MT7921AU).

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-11-12 20:26:48 +01:00
Felix Fietkau
9179f484bf mt76: update to the latest version
4bf2607362fc wifi: mt76: fix dbdc number of spatial streams limit

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-11-12 19:19:08 +01:00
Quintin Hill
0bf512aa86 linux-firmware: add rtl8761 bluetooth firmware
Realtek bluetooth devices need firmware.  Add packages for some of
these.

Tested on a WNDR3700v4 with rtl8761bu firmware.

Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
2022-11-12 17:05:13 +01:00
Quintin Hill
bc67c27283 kernel: support for Realtek USB bluetooth devices
USB adaptors with the RTL8761B chipset are cheap and readily available
but so far support is missing in Openwrt.  Enable the relevant kernel
options and add a module to the kmod-bluetooth package.  Increases size
of kmod-bluetooth ipk from 279140 bytes to 285320 bytes on my ath79 build.

Tested on a WNDR3700v4 with rtl8761bu firmware.

Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
2022-11-12 17:05:13 +01:00
Chen Minqiang
4979d16fb1 dnsmasq: add support for filter-AAAA/A
This add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6
addresses from DNS answers. these options is supported since version 2.87.

Co-authored-by: NueXini <nuexini@alumni.tongji.edu.cn>
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2022-11-12 17:05:13 +01:00
Nick Hainke
6830fb37cb libnftnl: update to 1.2.4
Release Announcement:
https://lore.kernel.org/netfilter-devel/Y20W+LT%2F+sq%2Fi2rz@salvia/T/#u

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-12 13:15:16 +01:00
Nick Hainke
63d5a6deca linux-firmware: update to 20221109
Changes:
712460c linux-firmware: Update firmware file for Intel Bluetooth 9462
90d5f7e linux-firmware: Update firmware file for Intel Bluetooth 9462
48954ba linux-firmware: Update firmware file for Intel Bluetooth 9560
0e205fd linux-firmware: Update firmware file for Intel Bluetooth 9560
06b941e linux-firmware: Update firmware file for Intel Bluetooth AX201
ba958ff linux-firmware: Update firmware file for Intel Bluetooth AX201
02bdea2 linux-firmware: Update firmware file for Intel Bluetooth AX211
7044d46 linux-firmware: Update firmware file for Intel Bluetooth AX211
1b99bcd linux-firmware: Update firmware file for Intel Bluetooth AX210
4668ae9 linux-firmware: Update firmware file for Intel Bluetooth AX200
5bdfdba linux-firmware: Update firmware file for Intel Bluetooth AX201
b0f995c amdgpu: update DMCUB firmware for DCN 3.1.6
d991031 rtl_bt: Update RTL8822C BT UART firmware to 0xFFB8_ABD6
fd62f01 rtl_bt: Update RTL8822C BT USB firmware to 0xFFB8_ABD3
b15fc21 WHENCE: mrvl: prestera: Add WHENCE entries for newly updated 4.1 FW images
bf5a337 mrvl: prestera: Update Marvell Prestera Switchdev FW to v4.1
4a733c2 iwlwifi: add new FWs from core74_pv-60 release
7d2bb50 qcom: drop split a530_zap firmware file
7d56713 qcom/vpu-1.0: drop split firmware in favour of the mbn file
1431496 qcom/venus-4.2: drop split firmware in favour of the mbn file
cf95783 qcom/venus-4.2: replace split firmware with the mbn file
1fe6f49 qcom/venus-1.8: replace split firmware with the mbn file
abc0302 linux-firmware: Add firmware for Cirrus CS35L41 on new ASUS Laptop
20d9516 iwlwifi: add new PNVM binaries from core74-44 release
06dbfbc iwlwifi: add new FWs from core69-81 release
05df8e6 qcom: update venus firmware files for VPU-2.0
cd6fcdb qcom: remove split SC7280 venus firmware images
1612706 qcom: update venus firmware file for v5.4
ad9fdba qcom: replace split SC7180 venus firmware images with symlink
dae5d46 rtw89: 8852b: update fw to v0.27.32.1
a8e86ec rtlwifi: update firmware for rtl8192eu to v35.7
9aa8db1 rtlwifi: Add firmware v4.0 for RTL8188FU
8f86b5a i915: Add HuC 7.10.3 for DG2
48407ff cnm: update chips&media wave521c firmware.
bd31846 brcm: add symlink for Pi Zero 2 W NVRAM file
771968c linux-firmware: Add firmware for Cirrus CS35L41 on ASUS Laptops
6f9620e linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops
1d18cb9 linux-firmware: Add firmware for Cirrus CS35L41 on HP Laptops
e497757 rtw89: 8852b: add initial fw v0.27.32.0
98b5577 iwlwifi: add new FWs from core72-129 release
604026c iwlwifi: update 9000-family firmwares to core72-129

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-12 13:14:59 +01:00
Felix Fietkau
2403428c75 mt76: update to the latest version
8cc34bdc9ef0 wifi: mt76: mt7921: set MT_DRV_AMSDU_OFFLOAD for USB/SDIO
2182de50a37c wifi: mt76: fix receiving LLC packets on mt7615/mt7915
269df4b01f27 wifi: mt76: fix rx checksum offload on mt7615/mt7915/mt7921
fa4ace8e3b58 ieee80211: add EHT 1K aggregation definitions
176df35e7e80 wifi: mt76: mt7915: improve accuracy of time_busy calculation
94b335fa88e1 wifi: mt76: mt7915: add ack signal support
3365c129f73c wifi: mt76: mt7915: enable use_cts_prot support
ad9bd2ba361e wifi: mt76: mt7615: enable use_cts_prot support
68bdcccb0aa7 wifi: mt76: mt7915: fix reporting of TX AGGR histogram
242fece4323f wifi: mt76: mt7921: fix reporting of TX AGGR histogram
75003c69a9bd wifi: mt76: mt7615: rely on mt7615_phy in mt7615_mac_reset_counters
65c70a32f1cf wifi: mt76: move aggr_stats array in mt76_phy
b1ddf8bec058 wifi: mt76: mt7915: rework mt7915_dma_reset()
1ad31c3f76f4 wifi: mt76: mt7915: enable full system reset support
6b0668de7a53 wifi: mt76: mt7915: add full system reset into debugfs
a5e48378d2a6 wifi: mt76: mt7915: enable coredump support
1e9060420c92 wifi: mt76: mt7915: fix incorrect tx path number configuration
0263711ba362 wifi: mt76: mt7915: fix antenna selection with bad eeprom.
869815e5ef86 wifi: mt76: mt7915: Fix chainmask calculation on mt7915 DBDC
fc410557b7e1 wifi: mt76: mt7915: Fix VHT beamforming capabilities with DBDC
daa30a31cf70 wifi: mt76: mt7915: don't claim 160MHz support with mt7915 DBDC
80bcecdbc2ff wifi: mt76: connac: update nss calculation in txs
465219c1f56c wifi: mt76: do not run mt76u_status_worker if the device is not running
c7db15903e5c wifi: mt76: connac: add mt76_connac_mcu_uni_set_chctx
7a2b1a13b1b0 wifi: mt76: mt7921: add chanctx parameter to mt76_connac_mcu_uni_add_bss signature
dece6921e606 wifi: mt76: mt7921: add unified ROC cmd/event support
d4da182389b6 wifi: mt76: mt7921: drop ieee80211_[start, stop]_queues in driver
0c3ef988d8dc wifi: mt76: connac: accept hw scan request at a time
c477225fd10e mt7615: update cr4 firmware to 20190415154149
413a4bf39513 mt76: mt7915: fix unused-but-set variable
f5034abea899 mt76: mt7915: fix format string
a9ac73ed8275 wifi: mt76: mt7615: increase eeprom size for mt7663
4a27f23fc4f2 linux-firmware: update firmware for MT7921 WiFi device

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-11-11 20:05:27 +01:00
Daniel Golle
047d471317
procd: update to git HEAD
24f6bc4 jail: correctly check for null pointer
 93b2c2d jail: ignore missing .dynamic sect
 039b88f sysupgrade: print errno on failure

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-11-10 21:35:38 +00:00
Felix Fietkau
161b22d103 mac80211: fix mesh airtime link metric estimation
fix reading the per-packet rate on devices with firmware rate control

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-11-10 14:47:07 +01:00
Rafał Miłecki
8a4537d2a9 fstools: update to git HEAD
3affe9e block: try multiple NTFS filesystem implementations

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-11-10 14:09:07 +01:00
Felix Fietkau
ddf736e543 hostapd: remove invalid dtim_period option processing
dtim_period is a bss property, not a device one.
It is already handled properly in mac80211.sh

Fixes: 30c64825c7 ("hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_required")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-11-10 13:09:18 +01:00
Weiping Yang
9945d05171 ipq40xx: add support for GL.iNet GL-A1300
Specifications:
SOC:		Qualcomm IPQ4018 (DAKOTA) ARM Quad-Core
RAM:		256 MiB
FLASH1:		4 MiB NOR
FLASH2:		128 MiB NAND
ETH:		Qualcomm QCA8075
WLAN1:		Qualcomm Atheros QCA4018 2.4GHz 802.11b/g/n 2x2
WLAN2:		Qualcomm Atheros QCA4018 5G 802.11n/ac W2 2x2
USB:		1 x USB 3.0 port
Button:		1 x Reset button
Switch:		1 x Mode switch
LED:		1 x Blue LED + 1 x White LED

Install via uboot tftp or uboot web failsafe.

By uboot tftp:
(IPQ40xx) # tftpboot 0x84000000 openwrt-ipq40xx-generic-glinet_gl-a1300-squashfs-nand-factory.ubi
(IPQ40xx) # nand erase 0 0x8000000
(IPQ40xx) # nand write 0x84000000 0 $filesize

By uboot web failsafe:
Push the reset button for 10 seconds util the power led flash faster,
then use broswer to access http://192.168.1.1

Afterwards upgrade can use sysupgrade image.

Signed-off-by: Weiping Yang <weiping.yang@gl-inet.com>
2022-11-09 23:34:37 +01:00
Felix Fietkau
a06e023b4e mac80211: remove old legacy legacy drivers
Get rid of drivers that are either limited to 802.11b/g or don't even support
cfg80211/mac80211. Most of these are either limited to boards that we don't even
support anymore because of firmware size, or were only used for custom hacks by
a really small number of users in the past.
Let's get rid of those to reduce the maintenance effort and the number of useless
packages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-11-09 20:44:28 +01:00
Andrew Powers-Holmes
94d0cb9d2e mt76: add firmware package for mt7916
Add kernel package 'mt7916-firmware' with firmware files for MT7916E devices.

These share the same driver as the MT7915 chipset, but use their own firmware.

Tested using a pair of AsiaRF AW7916-NPD cards.

Signed-off-by: Andrew Powers-Holmes <aholmes@omnom.net>
2022-11-09 20:43:32 +01:00
Nick Hainke
2426dbb734
mac80211: subsys: add tags to upstreamed patches
Some patches were already upstreamed.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-09 17:10:03 +01:00
Nick Hainke
b2272c6194
mac80211: rt2x00: add tags to upstreamed patches
Some patches are already upstreamed.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-09 17:09:30 +01:00
Nick Hainke
f472a2fb15
mac80211: brcm: add tag to upstreamed patch
Add tag to upstreamed patch.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-09 17:08:49 +01:00
Nick Hainke
6f5e1df597
mac80211: ath9k: add tag to upstreamed patch
Add tag to upstreamed patch.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-09 17:08:12 +01:00
Nick Hainke
c47f8dacb8
mac80211: ath10k: add tags for upstreamed patches
Add tags to already upstreamed patches.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-09 17:07:42 +01:00
Rafał Miłecki
b066ad7d9a kernel: improve description of NTFS kernel packages
This helps choosing the right NTFS driver from two available options.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-11-08 09:14:20 +01:00
Kevin Darbyshire-Bryant
41691ce9ac dnsmasq: remove backported CVE patch
Patch no longer applies/required since bump to v2.87

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-11-06 23:04:27 +00:00
Kevin Darbyshire-Bryant
d7f378796f dnsmasq: Support nftables nftsets
Add build option for nftables sets. By default disable iptables ipset
support.  By default enable nftable nftset support since this is what
fw4 uses.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

dnsmasq: nftset: serve from ipset config

Use existing ipset configs as source for nftsets to be compatible with
existing configs. As the OS can either have iptables XOR nftables
support, it's fine to provide both to dnsmasq. dnsmasq will silently
fail for the present one. Depending on the dnsmasq compile time options,
the ipsets or nftsets option will not be added to the dnsmasq config
file.

dnsmasq will try to add the IP addresses to all sets, regardless of the
IP version defined for the set. Adding an IPv6 to an IPv4 set and vice
versa will silently fail.

Signed-off-by: Mathias Kresin <dev@kresin.me>

dnsmasq: support populating nftsets in addition to ipsets

Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in
the system. Keep the same configuration syntax in /etc/config/dhcp, for
compatibility purposes.

Huge thanks to Jo-Philipp Wich for basically writing the function.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>

dnsmasq: obtain nftset ip family from nft

Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address
family to an nft set is made.

Heuristic to guess which ip family a nft set might belong by inferring
from the set name.

In order of preference:

If setname ends with standalone '4' or '6' use that, else
if setname has '4' or '6' delimited by '-' or '_' use that (eg
foo-4-bar) else
If setname begins with '4' or '6' standalone use that.

By standalone I mean not as part of a larger number eg. 24

If the above fails then use the existing nft set query mechanism and if
that fails, well you're stuffed!

With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp
knowledge.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

dnsmasq: specify firewall table for nftset

Permit ipsets to specify an nftables table for the set.  New config
parameter is 'table'.  If not specified the default of 'fw4' is used.

config ipset
	list name 'BK_4,BK_6'
	option table 'dscpclassify'
	option table_family 'ip'
	option family '4'
	list domain 'ms-acdc.office.com'
	list domain 'windowsupdate.com'
	list domain 'update.microsoft.com'
	list domain 'graph.microsoft.com'
	list domain '1drv.ms'
	list domain '1drv.com'

The table family can also be specified, usually 'ip' or 'ip6' else the
default 'inet' capable of both ipv4 & ipv6 is used.

If the table family is not specified then finally a family option is
available to specify either '4' or '6' for ipv4 or ipv6 respectively.

This is all in addition to the existing heuristic that will look in the
nftset name for an ip family clue, or in total desperation, query the
value from the nftset itself.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-11-06 19:47:13 +00:00
Mathias Kresin
7cdf74e163 dnsmasq: add uci-defaults script for ipset migration
When running sysupgrade from an existing configuration, move existing
ipset definitions to a dedicated config section. Later on, it will allow
to serve ipset as well as nftable sets from the same configuration.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2022-11-06 19:47:13 +00:00
Kevin Darbyshire-Bryant
bf27d977f0 dnsmasq: bump to 2.87
Bump dnsmasq to 2.87 & refresh patches

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-11-06 19:47:13 +00:00
Shiji Yang
f7f9203854 ramips: add support for SIM SIMAX1800T and Haier HAR-20S2U1
SIM AX18T and Haier HAR-20S2U1 Wi-Fi6 AX1800 routers are designed based
on Tenbay WR1800K. They have the same hardware circuits and u-boot.
SIM AX18T has three carrier customized models: SIMAX1800M (China Mobile),
SIMAX1800T (China Telecom) and SIMAX1800U (China Unicom). All of these
models run the same firmware.

Specifications:
 SOC:      MT7621 + MT7905 + MT7975
 ROM:      128 MiB
 RAM:      256 MiB
 LED:      status *3 R/G/B
 Button:   reset *1 + wps/mesh *1
 Ethernet:      lan *3 + wan *1 (10/100/1000Mbps)
 TTL Baudrate:  115200
 TFTP Server:   192.168.1.254
 TFTP IP:       192.168.1.28 or 192.168.1.160 (when envs is broken)

MAC Address:
 use        address               source
 label      30:xx:xx:xx:xx:62     wan
 lan        30:xx:xx:xx:xx:65     factory.0x8004
 wan        30:xx:xx:xx:xx:62     factory.0x8004 -3
 wlan2g     30:xx:xx:xx:xx:64     factory.0x0004
 wlan5g     32:xx:xx:xx:xx:64     factory.0x0004 set 7th bit

TFTP Installation (initramfs image only & recommend):
1. Set local tftp server IP: 192.168.1.254 and NetMask: 255.255.255.0
2. Rename initramfs-kernel.bin to "factory.bin" and put it in the root
   directory of the tftp server. (tftpd64 is a good choice for Windows)
3. Start the TFTP server, plug in the power supply, and wait for the
   system to boot.
4. Backup "firmware" partition and rename it to "firmware.bin", we need
   it to back to stock firmware.
5. Use "fw_printenv" command to list envs.
   If "firmware_select=2" is observed then set u-boot enviroment:
   /# fw_setenv firmware_select 1
6. Apply sysupgrade.bin in OpenWrt LuCI.

Web UI Installation:
1. Apply update by uploading initramfs-factory.bin to the web UI.
2. Use "fw_printenv" command to list envs.
   If "firmware_select=2" is observed then set u-boot enviroment:
   /# fw_setenv firmware_select 1
3. Apply squashfs-sysupgrade.bin in OpenWrt LuCI.

Recovery to stock firmware:
a. Upload "firmware.bin" to OpenWrt /tmp, then execute:
   /# mtd -r write /tmp/firmware.bin firmware
b. We can also write factory image "UploadBrush-bin.img" to firmware
   partition to recovery. Upload image file to /tmp, then execute:
   /# mtd erase firmware
   /# mtd -r write /tmp/UploadBrush-bin.img firmware

How to extract stock firmware image:
  Download stock firmware, then use openssl:
  openssl aes-256-cbc -d -salt -in [Downloaded_Firmware] \
  -out "firmware.tar.tgz" -k QiLunSmartWL

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2022-11-05 22:38:01 +01:00
Hauke Mehrtens
898b4104b3 ltq-tapi: Fix compile with kernel 5.15
Do not use find_vpid(), but get_task_pid() to get the pid from
pThrCntrl->tid. This is now a ponter to struct task_struct instead of
an integer.

This fixes the build of ltq-tapi with lantiq/xway.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-05 22:35:58 +01:00
Hauke Mehrtens
b3aa998f6c ltq-ifxos: Fix compile with ltq-tapi
Do not include asm/irq.h directly, but include linux/interrupt.h instead.
This fixes the build of ltq-tapi with lantiq/xway.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-05 22:35:46 +01:00
Hauke Mehrtens
8b383ee2a0 busybox: awk: fix use after free (CVE-2022-30065)
This backports a commit which fixes a use after free bug in awk.

CVE-2022-30065 description:
A use-after-free in Busybox 1.35-x's awk applet leads to denial of
service and possibly code execution when processing a crafted awk
pattern in the copyvar function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-05 22:07:09 +01:00
Hauke Mehrtens
002a99eccd dnsmasq: Backport DHCPv6 server fix (CVE-2022-0934)
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.

CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-05 22:05:47 +01:00
Pawel Dembicki
d75ed3726d uboot-layerscape: adjust LS1012A-IOT config and env
In a254279a6c LS1012A-IOT kernel image was switched to FIT.

But u-boot config is lack of FIT and ext4 support.

This patch enables it.

It also fix envs, because for some reason this board need to use "loadaddr"
variable in brackets.

Fixes: #9894
Fixes: a254279a6c ("layerscape: Change to combined rootfs on sd images")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2022-11-05 21:12:03 +01:00
Nick Hainke
8623a449c2 valgrind: update to 3.20.0
Release Notes:
https://valgrind.org/docs/manual/dist.news.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 16:29:28 +01:00
Martin Schiller
1e028ac51e kernel: further cleanup of xfrm[4|6]_mode*
In my commit da5c45f4d8 ("kernel: remove handling of xfrm[4|6]_mode_*
modules") I missed a few default config options and description entries.
Those should be gone as well.

Fixes: da5c45f4d8 ("kernel: remove handling of xfrm[4|6]_mode_* modules")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2022-11-05 16:28:33 +01:00
John Audia
a0814f04ed openssl: bump to 1.1.1s
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]

  *) Fixed a regression introduced in 1.1.1r version not refreshing the
     certificate data to be signed before signing the certificate.
     [Gibeom Gwon]

 Changes between 1.1.1q and 1.1.1r [11 Oct 2022]

  *) Fixed the linux-mips64 Configure target which was missing the
     SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
     platform.
     [Adam Joseph]

  *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
     causing incorrect results in some cases as a result.
     [Paul Dale]

  *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
     report correct results in some cases
     [Matt Caswell]

  *) Fixed a regression introduced in 1.1.1o for re-signing certificates with
     different key sizes
     [Todd Short]

  *) Added the loongarch64 target
     [Shi Pujin]

  *) Fixed a DRBG seed propagation thread safety issue
     [Bernd Edlinger]

  *) Fixed a memory leak in tls13_generate_secret
     [Bernd Edlinger]

  *) Fixed reported performance degradation on aarch64. Restored the
     implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
     32-bit lane assignment in CTR mode") for 64bit targets only, since it is
     reportedly 2-17% slower and the silicon errata only affects 32bit targets.
     The new algorithm is still used for 32 bit targets.
     [Bernd Edlinger]

  *) Added a missing header for memcmp that caused compilation failure on some
     platforms
     [Gregor Jasny]

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-11-05 14:07:46 +00:00
Nick Hainke
bef3699ad5 elfutils: update to 1.88
Release Notes:
https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html

Refresh patches:
- 003-libintl-compatibility.patch
- 100-musl-compat.patch
- 101-no-fts.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
Nick Hainke
6dd14bab3f strace: update to 6.0
Release Notes:
https://github.com/strace/strace/releases/tag/v6.0

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
Glen Huang
46fbe55971 uhttpd: use procd to reload on acme renew
Calling /etc/init.d/uhttpd reload directly in the acme hotplug script
can inadvertently start a stopped instance.

Signed-off-by: Glen Huang <i@glenhuang.com>
2022-11-04 16:21:00 +01:00
Rafał Miłecki
c3322cf04a kernel: sort filesystems symbols alphabetically
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-11-02 20:10:42 +01:00
Baptiste Jonglez
ef597b026b firewall: config: drop input traffic by default
This is necessary with firewall4 to avoid a hard-to-diagnose race
condition during boot, causing DNAT rules not to be taken into account
correctly.

The root cause is that, during boot, the ruleset is mostly empty, and
interface-related rules (including DNAT rules) are added incrementally.
If a packet hits the input chain before the DNAT rules are setup, it can
create buggy conntrack entries that will persist indefinitely.

This new default should be safe because firewall4 explicitly accepts
authorized traffic and rejects the rest.  Thus, in normal operations, the
default policy is not used.

Fixes: #10749
Ref: https://github.com/openwrt/openwrt/issues/10749
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2022-11-01 23:25:39 +01:00
Hauke Mehrtens
5b7c99bc4c libnl-tiny: update to the latest version
db3b2cd libnl-tiny: set SOCK_CLOEXEC if available

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-01 18:04:39 +01:00
Hauke Mehrtens
5c70b19c42 iwinfo: update to the latest version
00aab87 Correctly identify key management algorithms starting with "FT-"

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-01 18:04:39 +01:00
Sven Eckelmann
8d3e932b65 uboot-envtools: Fix format of autogenerated sectors
The sector number must be stored in hex. Otherwise, the number (like 16)
will be parsed as hex and any write to the partition will end up with an
error like:

  MTD erase error on /dev/mtd5: Invalid argument

Fixes: 9adfeccd84 ("uboot-envtools: Add support for IPQ806x AP148 and DB149")
Fixes: 54b275c8ed ("ipq40xx: add target")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@fungible.com>
2022-11-01 18:04:38 +01:00
Hauke Mehrtens
633f3e1118 kernel: Add kmod-drm-ttm-helper
Add a package for drm_ttm_helper.ko. CONFIG_DRM_TTM_HELPER is compiled
into the kernel on armvirt/64, x86/64, x86/generic and x86/legacy
because also some DRM drivers are compiled into the kernel. On x86/geode
it is not compiled into the kernel, but kmod-drm-amdgpu and
kmod-drm-radeon depend on it.

This fixes the x86/geode build.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-01 14:47:14 +01:00
Martin Schiller
da5c45f4d8 kernel: remove handling of xfrm[4|6]_mode_* modules
For kernel versions before 5.2, the required IPsec modes have to be
enabled explicitly (they are built-in for newer kernels).

Commit 1556ed155a ("kernel: mode_beet mode_transport mode_tunnel xfram
modules") tried to handle this, but it does not really work.

Since we don't support these kernel versions anymore and the code is
also broken, let's remove it.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Remove old generic config options too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-31 21:58:15 +01:00
Hans Dedecker
63db906516 odhcpd: update to git HEAD
a92c0a7 dhcpv6-ia: make tmp lease file hidden
4a673e1 fix null pointer dereference for INFORM messages
860ca90 odhcpd: Support for Option NTP and SNTP

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-10-31 17:56:10 +01:00
Florian Eckert
1dccc6e749 kernel: replace gpio-mcp23s08 with pinctrl-mcp23s08*
The kernel module gpio-mcp23s08 has been replaced by the new
pinctrl-mcp23s08* kernel modules.

There are now 3 kernel modules for this device
- Common module for both I2C and SPI kmod-pinctrl-mcp23s08
- Module for I2C kmod-pinctrl-mcp23s08-i2c
- Module for SPI kmod-pinctrl-mcp23s08-spi

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-10-30 23:14:45 +01:00
Roland Barenbrug
cc5d8ae427 ltq-vdsl-vr9-app: extend ubus call to provide DSL statistics
Adding a new method to `ubus call dsl` to retrieve DSL statistics
used to feed the DSL charts (bit allocation, SNR, QLN and HLOG)

Signed-off-by: Roland Barenbrug <roland@treslong.com>
[fix pointer error, clean up]
Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-10-30 23:14:45 +01:00
Roland Barenbrug
5787e0c9fe ltq-vdsl-vr9-app: skip invalid line status values
DSL_G997_LineStatusData_t defines special invalid values, skip these
metrics.

Signed-off-by: Roland Barenbrug <roland@treslong.com>
[split patch]
Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-10-30 23:14:45 +01:00
Edward Chow
50f727b773 ath79: add support for Linksys EA4500 v3
Add support for the Linksys EA4500 v3 wireless router

Hardware
--------
SoC:    Qualcomm Atheros QCA9558
RAM:    128M DDR2 (Winbond W971GG6KB-25)
FLASH:  128M SPI-NAND (Spansion S34ML01G100TFI00)
WLAN:   QCA9558 3T3R 802.11 bgn
        QCA9580 3T3R 802.11 an
ETH:    Qualcomm Atheros QCA8337
UART:   115200 8n1, same as ea4500 v2
USB:	1 single USB 2.0 host port
BUTTON: Reset - WPS
LED:    1x system-LED
        LEDs besides the ethernet ports are controlled
        by the ethernet switch

MAC Address:
 use        address(sample 1)    source
 label      94:10:3e:xx:xx:6f   caldata@cal_macaddr
 lan        94:10:3e:xx:xx:6f   $label
 wan        94:10:3e:xx:xx:6f   $label
 WiFi4_2G   94:10:3e:xx:xx:70   caldata@cal_ath9k_soc
 WiFi4_5G   94:10:3e:xx:xx:71   caldata@cal_ath9k_pci

Installation from Serial Console
------------

1. Connect to the serial console. Power up the device and interrupt
   autoboot when prompted

2. Connect a TFTP server reachable at 192.168.1.0/24
   (e.g. 192.168.1.66) to the ethernet port. Serve the OpenWrt
   initramfs image as "openwrt.bin"

3. To test OpenWrt only, go to step 4 and never execute step 5;
   To install, auto_recovery should be disabled first, and boot_part
   should be set to 1 if its current value is not.

   ath> setenv auto_recovery no
   ath> setenv boot_part 1
   ath> saveenv

4. Boot the initramfs image using U-Boot

   ath> setenv serverip 192.168.1.66
   ath> tftpboot 0x84000000 openwrt.bin
   ath> bootm

5. Copy the OpenWrt sysupgrade image to the device using scp and
   install it like a normal upgrade (with no need to keeping config
   since no config from "previous OpenWRT installation" could be kept
   at all)

   # sysupgrade -n /path/to/openwrt/sysupgrade.bin

Note: Like many other routers produced by Linksys, it has a dual
      firmware flash layout, but because I do not know how to handle
      it, I decide to disable it for more usable space. (That is why
      the "auto_recovery" above should be disabled before installing
      OpenWRT.) If someone is interested in generating factory
      firmware image capable to flash from stock firmware, as well as
      restoring the dual firmware layout, commented-out layout for the
      original secondary partitions left in the device tree may be a
      useful hint.

Installation from Web Interface
------------

1. Login to the router via its web interface (default password: admin)

2. Find the firmware update interface under "Connectivity/Basic"

3. Choose the OpenWrt factory image and click "Start"

4. If the router still boots into the stock firmware, it means that
   the OpenWrt factory image has been installed to the secondary
   partitions and failed to boot (since OpenWrt on EA4500 v3 does not
   support dual boot yet), and the router switched back to the stock
   firmware on the primary partitions. You have to install a stock
   firmware (e.g. 3.1.6.172023, downloadable from
   https://www.linksys.com/support-article?articleNum=148385 ) first
   (to the secondary partitions) , and after that, install OpenWrt
   factory image (to the primary partitions). After successful
   installation of OpenWrt, auto_recovery will be automatically
   disabled and router will only boot from the primary partitions.

Signed-off-by: Edward Chow <equu@openmail.cc>
2022-10-30 23:14:45 +01:00
Daniel Golle
84ff6c90dd
base-files: bring back nand_do_upgrade_success
Several Broadcom targets were using the nand_do_upgrade_success
shell function which has been removed by commit e25e6d8e54
("base-files: fix and clean up nand sysupgrade code"). Refactor the
new nand_do_upgrade to bring back nand_do_upgrade_success with the
behavior expected by those users.

Fixes: e25e6d8e54 ("base-files: fix and clean up nand sysupgrade code")
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-10-30 20:26:12 +00:00
Chukun Pan
641e4f2f04 mediatek: add Xiaomi Redmi Router AX6000 support
Hardware specification:
  SoC: MediaTek MT7986A 4x A53
  Flash: ESMT F50L1G41LB 128 MB
  RAM: K4A4G165WF-BCWE 512 MB
  Ethernet: 4x 10/100/1000 Mbps
  WiFi1: MT7976GN 2.4GHz ax 4x4
  WiFi2: MT7976AN 5GHz ax 4x4
  Button: Mesh, Reset

Flash instructions:
  1. Gain ssh and serial port access, see the link below:
     https://openwrt.org/toh/xiaomi/redmi_ax6000#installation
  2. Use ssh or serial port to log in to the router, and
     execute the following command:
     nvram set boot_wait=on
     nvram set flag_boot_rootfs=0
     nvram set flag_boot_success=1
     nvram set flag_last_success=1
     nvram set flag_try_sys1_failed=8
     nvram set flag_try_sys2_failed=8
     nvram commit
  3. Set a static ip on the ethernet interface of your computer
     (e.g. default: ip 192.168.31.100, gateway 192.168.31.1)
  4. Download the initramfs image, rename it to initramfs.bin,
     and host it with the tftp server.
  5. Interrupt U-Boot and run these commands:
     setenv mtdparts nmbm0:1024k(bl2),256k(Nvram),256k(Bdata),2048k(factory),2048k(fip),256k(crash),256k(crash_log),112640k(ubi)
     saveenv
     tftpboot initramfs.bin
     bootm
  6. After openwrt boots up, use scp or luci web
     to upload sysupgrade.bin to upgrade.

Revert to stock firmware:
  Restore mtdparts back to default, then use the
  vendor's recovery tool (Windows only).

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2022-10-30 14:30:22 +00:00
Rodrigo Balerdi
9d1e687da3 base-files: verify nand sysupgrade images
For nand sysupgrade image files having tar/gzip/tgz envelopes, verify
envelope integrity before starting sysupgrade.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-10-30 14:29:56 +00:00
Rodrigo Balerdi
9710712120 base-files: accept gzipped nand sysupgrade images
When firmware images only contained compressed kernels and squashfs roots,
uncompressed tar files were a good option. We are now using UBIFS images,
both raw and tarred, as well as ubinized (full UBI partition) images, all
of which benefit greatly from compression.

For example, a raw ubinized backup taken from a running Askey RT4230W REV6
(such full backups can be restored via the LUCI's sysupgrade UI) is over
400 MB, but compresses to less than 10 MB.

This commit adds support for gzipped versions of all file types already
accepted by the nand sysupgrade mechanism, be them raw or tarred.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-10-30 14:29:56 +00:00
Rodrigo Balerdi
af34733593 base-files: fix ubinized nand sysupgrade
It has been reported that ubinized nand sysupgrade fails under certain
circumstances, being unable to detach the existing ubi partition due to
volumes within the partition being mounted.

This is an attempt to solve such issues by unmounting and removing
ubiblock devices and unmounting ubi volumes within the target partition
prior to detaching and formatting it.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-10-30 14:29:56 +00:00
Rodrigo Balerdi
e25e6d8e54 base-files: fix and clean up nand sysupgrade code
- Never return from 'nand_do_upgrade', not even in case of errors, as that
  would cause execution of sysupgrade code not intended for NAND devices.
- Unify handling of sysupgrade success and failure.
- Detect and report more error conditions.
- Fix outdated/incorrect/unclear comments.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-10-30 14:29:56 +00:00
Bob Cantor
80a62a675d
base-files: wifi: for wifi reconf, scan_wifi after network reload
Commit e8b5429609 included an unintended change and we now call
scan_wifi before a network reload.

Restore the original behaviour and call scan_wifi only after a network
reload.

Fixes: e8b5429609 ("base-files: wifi: tidy up the reconf code")
Signed-off-by: Bob Cantor <bobc@confidesk.com>
2022-10-25 09:24:37 +02:00
Bob Cantor
fcfce8f208
base-files: wifi: for wifi up, scan_wifi after network reload
Commit b82cc80713 included an unintended change and we now call
scan_wifi before a network reload.

Restore the original behaviour and call scan_wifi only after a network
reload.

Fixes: b82cc80713 ("base-files: wifi: swap the order of some ubus calls")
Signed-off-by: Bob Cantor <bobc@confidesk.com>
2022-10-25 09:24:27 +02:00
Andre Heider
8246ab6a27 mac80211: fix masking nested A-MSDU support for mesh
CONFIG_MAC80211_MESH isn't defined for this package, rendering the patch
useless. Match protecting the access of sta_info.mesh with the very same
define declaring it.

Fixes 45109f69a6 "mac80211: fix compile error when mesh is disabled"
Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-10-25 00:32:58 +02:00
Felix Fietkau
e4b9538ddb mac80211: use KERNEL_MAKEOPTS instead of KERNEL_MAKE_FLAGS
Fixes issues with disabling stack validation on non-linux systems

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-24 20:49:34 +02:00
Felix Fietkau
24bf94ecb7 button-hotplug: simplify build
Remove unnecessary kconfig junk

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-24 20:49:34 +02:00
Hauke Mehrtens
58b65525f3 mac80211: Update to version 5.15.74-1
This updates mac80211 to version 5.15.74-1 which is based on kernel
5.15.74.
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-23 22:33:46 +02:00
Nick Hainke
96aa052c40 readline: update to 8.2
Release Announcement:
https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00013.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-23 18:16:22 +02:00
Nick Hainke
71cb448210 gdb: add patch adding support for readline 8.2
Add "001-Add-support-for-readline-8.2.patch" adding support for readline
8.2.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-23 18:16:03 +02:00
Nick Hainke
78cbcc77cc ksmbd: update to 3.4.6
Release Announcement:
https://github.com/cifsd-team/ksmbd/releases/tag/3.4.6

Remove upstreamed:
- 10-fix-build-on-kernel-5.15.52-or-higher.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-23 01:45:52 +02:00
Nick Hainke
0dfe1d2175 iproute2: update to 6.0.0
Release Notes:
https://lore.kernel.org/netdev/20221004082610.56b04719@hermes.local/t/

Remove upstreamed patch:
- 010-ipstats-Add-param.h-for-musl.patch

Refreshed:
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 170-ip_tiny.patch
- 190-fix-nls-rpath-link.patch
- 200-drop_libbsd_dependency.patch
- 300-selinux-configurable.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:50:36 +02:00
Nick Hainke
5479281c72 thc-ipv6: update to 3.8
Remove upstreamed patches:
- 000-cflags_override.patch

Manually refresh patches:
- 100-no-ssl.patch

Add patches:
- 101-remove-march-native.patch

Add THC_APPLETS:
- toobigsniff6
- flood_unreach6
- connect6

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 21:10:34 +02:00
Nick Hainke
b6d850317b gettext-full: update to 0.21.1
Release Announcement:
https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.html

Further, refresh 001-autotools.patch and manually refresh 010-m4.patch.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 21:10:34 +02:00
Nick Hainke
8ad82d31a0 libbsd: update to 0.11.7
Changes:
084911c Release libbsd 0.11.7
3538d38 man: Discourage using the library in non-overlay mode
03fccd1 include: Adjust reallocarray() per glibc adoption
6b6e686 include: Adjust arc4random() per glibc adoption
da1f45a include: explicit_bzero() requires _DEFAULT_SOURCE
2f9eddc include: Simplify glibc version dependent macro handling
28298ac doc: Switch references from pkg-config to pkgconf
ef981f9 doc: Add missing empty line to separate README sections
6928d78 doc: Refer to the main git repository as primary
d586575 test: Fix explicit_bzero() test on the Hurd
be327c6 fgetwln: Add comment about lack of getwline(3) for recommendation
a14612d setmode: Dot not use saveset after free
f4baceb man: Rewrite gerprogname(3bsd) from scratch
f35c545 man: Lowercase man page title
b466b14 man: Document that some arc4random(3) functions are now in glibc 2.36
1f6a48b Sync arc4random(3) implementation from OpenBSD
873639e Fix ELF support for big endian SH
c9c78fd man: Use -compact also for alternative functions in libbsd(7)
5f21307 getentropy: Fix function cast for getauxval()

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 21:10:34 +02:00
Nick Hainke
0dd124465c trace-cmd: update to v3.1.4
ae6db8e trace-cmd record: Use result of fcntl(GETPIPE_SZ)

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 21:10:34 +02:00
Nick Hainke
91fa5992bd uboot-envtools: update to 2022.10
Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 21:10:34 +02:00
Nick Hainke
555cd82c22 linux-firmware: update to 20221012
Changes:
cfbd668 rtl_bt: Update RTL8852C BT USB firmware to 0xD5B8_A40A
f49effc amdgpu: update GC 10.3.6 RLC firmware
f9a1c7f amdgpu: update GC 10.3.7 RLC firmware
eb1e45c amdgpu: update Yellow Carp RLC firmware
88557e1 amdgpu: update Beige Goby RLC firmware
2d3c1f8 amdgpu: update Dimgrey Cavefish RLC firmware
d513825 amdgpu: update Navy Flounder RLC firmware
c132bef amdgpu: update Sienna Cichlid RLC firmware
675bd6a mediatek: Update mt8195 SOF firmware to v0.4.1
44fa25d qcom: add squashed version of a530 zap shader
d2aac63 rtw89: 8852c: update fw to v0.27.56.1
c9a1ddf rtw89: 8852c: update fw to v0.27.56.0
b7d6c9f mediatek: Update mt8186 SCP firmware
fdf1a65 linux-firmware: Update AMD cpu microcode
375d450 mediatek: mt8195: Update scp.img to v2.0.11956
daee413 mediatek: Add new mt8195 SOF firmware
213255f mediatek: Update mt8186 SOF firmware to v0.2.1
9f88ec4 linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
bb3f948 rtl_bt: Update RTL8852A BT USB firmware to 0xD9B8_8207
6be4c4c linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
ea94bda linux-firmware: update firmware for MT7922 WiFi device
9490e8a linux-firmware: update firmware for MT7921 WiFi device
e6e48db cxgb4: Update firmware to revision 1.27.0.0
51fff4e i915: Add versionless HuC files for current platforms
067440c i915: Add GuC v70.5.1 for DG1, DG2, TGL and ADL-P
0e8f546 qca: Update firmware files for BT chip WCN3991.
3593bb7 Removing crnv32

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 21:10:34 +02:00
Nick Hainke
3c0c775cab mtd-utils: update to 2.1.5
Release Notes:
https://lore.kernel.org/buildroot/c0992bbb-9487-9a51-ea9f-39cf074b61ec@sigma-star.at/

Refresh patches:
- 130-lzma_jffs2.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 19:55:52 +02:00
Martin Blumenstingl
a075ddb8ca kernel: ltq-adsl-mei: Fix compilation with Linux 5.15
struct of_device_id is not implicitly included anymore. Include
<linux/mod_devicetable.h> to fix compilation on Linux 5.15.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2022-10-22 19:44:46 +02:00
Martin Blumenstingl
2964353927 kernel: ltq-vmmc: Fix compilation with Linux 5.15
MODULE_SUPPORTED_DEVICE is gone after Linux 5.15. Drop it's usage on
newer kernels to fix compilation with Linux 5.15.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2022-10-22 19:44:45 +02:00
Martin Blumenstingl
f4ce7df4fc kernel: ltq-vdsl-vr9-mei: Fix compilation with Linux 5.15
The result of copy_to_user() now has to be checked explicitly. Also
MODULE_SUPPORTED_DEVICE is gone after Linux 5.10.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2022-10-22 19:44:45 +02:00
Martin Blumenstingl
22fbc2d896 kernel: ltq-tapi: Fix compilation with Linux 5.15
MODULE_SUPPORTED_DEVICE was removed after Linux 5.10. Drop it from the
driver as well.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2022-10-22 19:44:45 +02:00
Martin Blumenstingl
d6e506eaaa kernel: ltq-deu: Fix compilation with Linux 5.15
struct of_device_id is not implicitly included anymore. Include
<linux/mod_devicetable.h> to fix compilation on Linux 5.15.
Also upstream commit a24d22b225ce15 ("crypto: sha - split sha.h into
sha1.h and sha2.h") from Linux 5.11 moves functionality from sha.h to
sha1.h.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2022-10-22 19:44:45 +02:00
Jan Hoffmann
e4c76e6fa3 ltq-ifxos: add compatibility with kernel 5.15
set_fs is no longer supported since kernel 5.13 for mips.

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2022-10-22 19:44:45 +02:00
Hauke Mehrtens
b9b0407901 kernel: x86: Add glue_helper.ko only on kernel < 5.12
This module was removed with kernel 5.12.
This fixes the build of the x86 target.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-22 02:31:57 +02:00
Andre Heider
edbf9f156f
uboot-fritz4040: build FritzBox 7520 variant
Support was added as variant of 7530 (DEVICE_ALT0_*) in:
cb6f4be1 "ipq40xx: add support for FRITZ!Box 7520"

u-boot has a distinct config for it [0], built it.

[0] https://github.com/chunkeey/FritzBox-4040-UBOOT/pull/6

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2022-10-20 17:42:06 +02:00
Daniel Golle
e57ca876cc
kernel: modules: iio: create and use AddDepends
Just like for other subsystems, create a reusable AddDepends call.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-10-19 23:20:42 +01:00
Petr Štetiar
a80e198cd3 wireless-tools: add package CPE ID
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.

Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-10-19 21:40:23 +02:00
Petr Štetiar
3826e72b8e ncurses: add package CPE ID
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.

Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-10-19 21:40:23 +02:00
Petr Štetiar
0671e78a65 arm-trusted-firmware-sunxi: add package CPE ID
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.

Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-10-19 21:40:23 +02:00
Petr Štetiar
efb4324c36 libnftnl: add package CPE ID
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.

Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-10-19 21:40:23 +02:00
Nick Hainke
0ecb971a6f kernel: test for kernel version greater 5.13 to fix mmc-spi
The of_mmc_spi.o resource is provider agnostic in kernels greater 5.13
and does not depend anymore on CONFIG_OF [0].

[0] - edd6021465

Suggested-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-19 21:40:23 +02:00
Daniel Golle
84b5b0f88c
uboot-envtools: mediatek/mt7622: don't rely on mapped rootfs
Similar to the implementation for the BPi-R3 use the same logic also
for determining the device to look for the U-Boot environment of the
BPi-R64.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-10-19 20:05:21 +01:00
Rafał Miłecki
ad0731cc65 kernel: disable kmod-fs-ntfs3 for Linux 5.10
This new NTFS driver was added in kernel 5.15. Avoid building empty
package for kernel 5.10.

Fixes: bd0db6017b ("kernel: 5.15: add new module")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-10-19 07:07:14 +02:00
Daniel Golle
f46355b4d7
uboot-envtools: mediatek_filogic: fix BPi-R3 when no OS is installed
Fix accessing the environment in case no OS is installed on the flash
media selected for boot as this is possible when booting initramfs.
In case of relying on the device specified to be mounted as rootfs to
be present, rather just use the kernel cmdline 'root' variable as a
hint to decide where to read/write the U-Boot environment.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-10-18 20:08:53 +01:00
Daniel Golle
2c6b212a2f
fstools: update to git HEAD
ee54c6b libfstools: skip JFFS2 padding on block devices

Fixes config restore on the BPi R3 when using MMC storage.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-10-18 20:08:39 +01:00
Daniel Golle
537b423d9f
uboot-mediatek: update to U-Boot 2022.10
Remove patches adding support for MT7621 which have been merged upsteam.
Patches for MT7981 and MT7986 have been merged too, but not in time to
be included in the 2022.10 release, so we have to keep carrying them
until the 2023.01 release.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-10-18 20:08:35 +01:00
Nick Hainke
7129d1e9c9 ethtool: update to 6.0
Release Notes:
https://lwn.net/Articles/910841/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-18 15:09:23 +02:00
Andrey Butirsky
bf9dc17651 base-files: add protocol qmi/mbim support for ucidef_set_interface()
Make it possible to setup default WAN interface for devices with built-in LTE
modems, using QMI or MBIM.

Signed-off-by: Andrey Butirsky <butirsky@gmail.com>
Reviewed-by: Lech Perczak <lech.perczak@gmail.com>
2022-10-18 15:09:23 +02:00
Hauke Mehrtens
63460a5ba2 rtl8812au-ct: Fix compile
Replace the extern inline with a static inline. With extern inline the
compiler will generate the function in all compile units including this
file which breaks linking later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-18 15:09:23 +02:00
Jo-Philipp Wich
1b90c7441b ucode: update to latest Git HEAD
00af065 fs: expose `getdelim()` functionality through `fd.read()`
21ace5e lexer: fixes for regex literal parsing

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-10-18 11:07:28 +02:00
Jo-Philipp Wich
5e2e048c0e firewall4: update to latest Git HEAD
7ae5e14 fw4: gracefully handle `null` return values from `fd.read("line")`

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-10-18 09:50:05 +02:00
Glen Huang
1bd63df263 uhttpd: use acme hotplug
Reload uhttpd after certificates are renewed with acme.

Reviewed-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Glen Huang <i@glenhuang.com>
2022-10-18 08:38:07 +02:00
Robert Marko
b58f3c573d
arm-trusted-firmware-mvebu: add Methode eDPU support
Provide ATF support for Methode eDPU as well, this makes it easy for
OpenWrt users to update the included U-boot+ATF combo.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2022-10-17 15:42:50 +02:00
Robert Marko
1324fe468c
uboot-mvebu: add Methode eDPU support
Add support for building for Methode eDPU board, no patches are needed
as board has been upstreamed and is part of the 2022.10-rc releases.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2022-10-17 15:42:50 +02:00
Robert Marko
4f348a200b
uboot-mvebu: update to 2022.10
Update mvebu U-boot to 2022.10 to avoid backporting patches in order
to support Methode eDPU.

It also allows dropping existing patches as they are all backports.

Tested-by: Andre Heider <a.heider@gmail.com> # espressobin-v3-v5-1gb-2cs
Tested-by: Russell Morris <github@rkmorris.us> # espressobin-v3-v5-1gb-1cs
Tested-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [Turris Omnia]
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2022-10-17 15:42:30 +02:00
Jo-Philipp Wich
cb24be47ff firewall4: update to latest Git HEAD
4fbf6d7 ruleset.uc: log forwarded traffic not matched by zone policies
c7201a3 main.uc: reintroduce set reload restriction
756f1e2 ruleset: fix emitting set_mark/set_xmark rules with masks
3db4741 ruleset: properly handle zone names starting with a digit
43d8ef5 fw4: fix formatting of default log prefix
592ba45 main.uc: remove uneeded/wrong set reload restrictions
b0a6bff tests: fix testcases
145e159 fw4: recognize `option log` and `option counter` in `config nat` sections
ce050a8 fw4: fall back to device if l3_device is not available in ifstatus

Fixes: #10639, #10965
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-10-15 00:39:48 +02:00
Jo-Philipp Wich
5110dcb1fa ucode: update to latest Git HEAD
4ae7072 fs: use `getline()` for line wise read operations
21ace5e lexer: fixes for regex literal parsing
00965fa lib: implement slice() function
76d396d main: implement print mode
7bbba78 compiler: optimize function return opcode generation
a45f2a3 lexer: improve regex literal handling
d64d5d6 vm: maintain export symbol tables per program
f4b4ded uloop: task: gracefully handle absent output callback
a58fe47 ubus: hold reference to underlying connection until deferred is concluded
e23b58a lib: uc_system(): retry waitpid() on EINTR

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-10-15 00:39:48 +02:00
Jo-Philipp Wich
db17c75271 rpcd: update to latest Git HEAD
8c852b6 ucode: write ucode runtime exceptions to stderr

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-10-15 00:39:48 +02:00
Uwe Kleine-König
63e5ba8e69 busybox: nslookup: ensure unique transaction IDs for the DNS queries
On machines with a coarse monotonic clock (here: TP-Link RE200 powered
by a MediaTek MT7620A) it can happen that the two DNS requests (for A
and AAAA) share the same transaction ID. If this happens the second
reply is wrongly dropped and nslookup reports "No answer".

Fix this by ensuring that the transaction IDs are unique.

Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
2022-10-14 20:51:35 +02:00
Felix Fietkau
a7ca1b2314 mac80211: use board.json provided phy names in generated default config
The phy will be automatically renamed on setup

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-14 13:13:11 +02:00
Felix Fietkau
50a03decdf mac80211: change the default config for a renamed wiphy
use option phy to reference the device instead of path/macaddr

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-14 13:13:01 +02:00
Felix Fietkau
db9c4a066a mac80211: fix detecting highest radio* config section index
Deal with gaps by iterating over existing sections instead of counting

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-14 13:12:49 +02:00
Felix Fietkau
4d323303e7 mac80211: rename phy according to board.json entries on bringup
This allows phy names specified in board.json to be used directly instead of
the path option

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-14 13:12:42 +02:00
Felix Fietkau
6603748e0c mac80211: change default ifname to <phy>-<type><index>
This makes it clear, which phy a wlan device belongs to and also helps with
telling them apart by including the mode in the ifname.
Preparation for automatically renaming PHYs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-14 13:12:36 +02:00
Felix Fietkau
7f9d3a00d8 base-files: add helper functions for adding wlan device entries to board.json
These will be used to give WLAN PHYs a specific name based on path specified
in board.json. The platform board.d script can assign a specific order based
on available slots (PCIe slots, WMAC device) and device tree configuration.

This helps with maintaining config compatibility in case the device path
changes due to kernel upgrades.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-14 13:12:30 +02:00
Felix Fietkau
0a4a0c7193 libubox: update to the latest version
ea56013409d5 jshn.sh: add json_add_fields function for adding multiple fields at once

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-14 13:12:23 +02:00
Felix Fietkau
735f5f18dd iwinfo: update to the latest version
0496c722f1d7 nl80211: fix issues with renamed wiphy and multiple phy per device

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-14 13:12:07 +02:00
Felix Fietkau
da6b77215b mac80211: fix typo in netifd script
Reported-by: Chad Monroe <chad.monroe@smartrg.com>
Fixes: 590eaaeed5 ("mac80211: fix issues in HE capabilities")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-13 21:50:34 +02:00
Nick Hainke
e5cab973a4
hostapd: add measurement report value for beacon reports
Add the measurement report value to the beacon reports send via ubus. It
is possible to derive from the measurement report if a station refused to
do a beacon report and why. It is important to know why a station refuses
to do a beacon-report. In particular, we should not request a beacon
report from a station again that refused a beacon-report before.

The rejection reasons can be found by looking at the bits defined by:
- MEASUREMENT_REPORT_MODE_ACCEPT
- MEASUREMENT_REPORT_MODE_REJECT_LATE
- MEASUREMENT_REPORT_MODE_REJECT_INCAPABLE
- MEASUREMENT_REPORT_MODE_REJECT_REFUSED

Suggested-by: Ian Clowes <clowes_ian@hotmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-13 16:53:37 +02:00
Felix Fietkau
88803cb0e6 mac80211: add patch that gives the driver more control over netdev offloads
This can be used to selectively disable checksum, SG or GSO offloads

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-13 15:04:33 +02:00
Felix Fietkau
26f400210d mac80211: backport security fixes
This mainly affects scanning and beacon parsing, especially with MBSSID enabled

Fixes: CVE-2022-41674
Fixes: CVE-2022-42719
Fixes: CVE-2022-42720
Fixes: CVE-2022-42721
Fixes: CVE-2022-42722
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-13 15:00:59 +02:00
Felix Fietkau
590eaaeed5 mac80211: fix issues in HE capabilities
Enable HE SU beamformee by default
Fix spatial reuse configuration:
- he_spr_sr_control is not a bool for enabling, it contains multiple bits
  which disable features that should be disabled by default
- one of the features (PSR) can be enabled through he_spr_psr_enabled
- add option to disable bss color / spatial reuse

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-13 13:45:42 +02:00
Chukun Pan
bb212092df
uboot-mediatek: fixes defconfig typo for UniFi 6 LR
CONFIG_CMD_MTDPART does not exist, fix it.

Fixes: e9ad412 ("uboot-mediatek: add build for Ubiquiti Networks UniFi 6 LR")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2022-10-11 14:34:11 +02:00
Chukun Pan
b3c81c9f21
uboot-mediatek: fixes defconfig typo for Linksys E8450
CONFIG_CMD_MTDPART does not exist, fix it.

Fixes: ed50004 ("uboot-mediatek: add support for Linksys E8450")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2022-10-11 14:34:07 +02:00
Chukun Pan
ffd29a55c3 libnl-tiny: update to the latest version
c42d890 build static library
28c44ca genl_family: explicitly null terminate
                     strncpy destination buffer

This fixes the compilation with gcc 12.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2022-10-09 22:52:48 +02:00
Lech Perczak
df08849c00 odhcp6c: respect 'delegate' option for 464XLAT sub-interface
dhcpv6.script contained support for disabling prefix delegation of 464XLAT
sub-interface, but netifd protocol handler was missing the required
export to disable this. Add missing export, akin to DS-Lite and MAP.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2022-10-09 19:08:36 +02:00
Felix Fietkau
f6c359a655 mac80211: sync rx STP fix with updated version
Add back skb length check and fix a minor issue in protocol detection

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-07 14:59:11 +02:00
Felix Fietkau
cec7dfa497 mac80211: fix issues with receiving small STP packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-07 11:30:16 +02:00
Daniel Cousens
3bd04767ba
build: prefer HTTPS if available (for packages)
Changes PKG_SOURCE_URL's for arptables, bsdiff, dnsmasq,
fortify-headers, ipset, ipset-dns, libaudit, libpcap, libressl,
lua, lua5.3, tcpdump and valgrind, to HTTPS

Signed-off-by: Daniel Cousens <github@dcousens.com>
2022-10-05 17:37:07 +02:00
Koen Vandeputte
45109f69a6 mac80211: fix compile error when mesh is disabled
This fixes following compile error seen when
building mac80211 with mesh disabled:

.../backports-5.15.58-1/net/mac80211/agg-rx.c: In function 'ieee80211_send_addba_resp':
...backports-5.15.58-1/net/mac80211/agg-rx.c:255:17: error: 'struct sta_info' has no member named 'mesh'
  255 |         if (!sta->mesh)
      |                 ^~

sta_info.h shows this item as being optional based on flags:

	struct mesh_sta *mesh;

Guard the check to fix this.

Fixes: f96744ba6b ("mac80211: mask nested A-MSDU support for mesh")
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2022-10-04 11:22:29 +02:00
Petr Štetiar
f1b7e1434f treewide: fix security issues by bumping all packages using libwolfssl
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-10-03 17:52:06 +02:00
David Bauer
f96744ba6b mac80211: mask nested A-MSDU support for mesh
mac80211 incorrectly processes A-MSDUs contained in A-MPDU frames. This
results in dropped packets and severely impacted throughput.

As a workaround, don't indicate support for A-MSDUs contained in
A-MPDUs. This improves throughput over mesh links by factor 10.

Ref: https://github.com/openwrt/mt76/issues/450

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-10-02 23:04:38 +02:00
Josef Schlehofer
185541f50f uboot-mvebu: backport LibreSSL patches for older version of LibreSSL
If you would like to compile the newest version of U-boot together with the stable
OpenWrt version, which does not have LibreSSL >= 3.5, which was updated
in the master branch by commit 5451b03b7c
("tools/libressl: bump to v3.5.3"), then you need these two patches to
fix it. They are backported from U-boot repository.

This should be backported to stable OpenWrt versions.

Reported-by: Michal Vasilek <michal.vasilek@nic.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-10-02 20:22:54 +02:00
Josef Schlehofer
9c7472950b uboot-mvebu: backport patch to fix compilation on non glibc system
This issue was reported by @paper42, who is using Void Linux with musl
to compile OpenWrt and its packages and found out it is not possible to
compile U-boot for Turris Omnia (neither any other).

It fixes following output:
```
  HOSTCC  tools/kwboot
tools/kwboot.c: In function 'kwboot_tty_change_baudrate':
tools/kwboot.c:662:6: error: 'struct termios' has no member named 'c_ospeed'
  662 |   tio.c_ospeed = tio.c_ispeed = baudrate;
      |      ^
tools/kwboot.c:662:21: error: 'struct termios' has no member named 'c_ispeed'
  662 |   tio.c_ospeed = tio.c_ispeed = baudrate;
      |                     ^
tools/kwboot.c:690:31: error: 'struct termios' has no member named 'c_ospeed'
  690 |  if (!_is_within_tolerance(tio.c_ospeed, baudrate, 3))
      |                               ^
tools/kwboot.c:693:31: error: 'struct termios' has no member named 'c_ispeed'
  693 |  if (!_is_within_tolerance(tio.c_ispeed, baudrate, 3))
      |
```

Tested-by: Michal Vasilek <michal.vasilek@nic.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-10-02 20:22:54 +02:00
Nick Hainke
17c1bf7e6c trace-cmd: update to v3.1.3
Remove upstremed patch:
- 100-tracecmd-add-NO_LIBZSTD-option-to-disable-libzstd.patch

Changes:
c65c02c trace-cmd: Version 3.1.3
14a7aca trace-cmd library: Add API for mapping between host and guests
9191b8e tracecmd extract: Allow using --compression.
d63ae35 trace-cmd report: Add callback for kvm plugin to show guest functions
0c7ef72 trace-cmd library: Add man pages for iterator functions
3cd1b55 trace-cmd library: Add tracecmd_follow_event()
27ea9e1 libtracecmd: Add documentation on tracecmd_set/get_private()
3c544ad libtracecmd: Add a man pages for handling of time stamps
5baf7a3 libtracecmd: Add check-manpages.sh
ee007a1 trace-cmd library: Make tracecmd_filter_match() local
cb04105 tracecmd library documentation: Use star and not underscore for function names
54931be trace-cmd: Do not return zero length name for guest by name
43ffa27 trace-cmd: Close socket descriptor on failed connection
4744ca3 trace-cmd record/agent: Add --notimeout option
e512b22 trace-cmd: Add compile time overrides for libraries
a6fe935 trace-cmd: README: Add note on installing libtracecmd
067f45f trace-cmd: libtracecmd: Fixing linking to C++ code
689a0d4 tracecmd: Add NO_LIBZSTD option to disable libzstd
6bbcd3e trace-cmd report: Use library tracecmd_filter_*() logic
955d05f trace-cmd report: Make filter arguments match their files
82ed4a9 trace-cmd library: Add filtering logic for iterating events
dbd8777 trace-cmd report: Use tracecmd_iterate_events_multi()
78a74b1 trace-cmd library: Allow callers to save private data in tracecmd_input handlers
b37903a tracecmd library: Add tracecmd_iterate_events_multi()
d83b662 tracecmd utest: Add test to test using the libraries to read
2cb6cc2 tracecmd library: Add tracecmd_iterate_events()
762839a tracecmd: Use make variable instead of if statement for zlib test
1504f3f trace-cmd: Document new proxy args for {agent,record}
9a1c5d7 trace-cmd record: Keep --proxy from being passed to agents
ef8a8d7 trace-cmd libs: Initialize msg to NULL tracecmd_msg_read_data()
39ec10a trace-cmd: Do not use instance from trace context

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 20:22:54 +02:00
Nick Hainke
4f70380ff1 libtracefs: update to 1.5.0
Changes:
93f4d52 libtracefs: version 1.5
bc857db libtracefs: Add tracefs_u{ret}probe_alloc to generic man page
db55441 libtracefs: Add tracefs_debug_dir() to generic libtracefs man page
d2d5924 libtracefs: Add test instructions for openSUSE
4a7b475 libtracefs: Fix test suite typo
ee8c644 libtracefs: Add tracefs_tracer_available() helper
799d88e libtracefs: Add API to set custom tracing directory
1bb00d1 libtracefs: allow pthread inclusion overrideable in Makefile
04651d0 libtracefs sqlhist: Allow pointers to match longs
9de59a0 libtracefs: Remove double free attempt of new_event in tracefs_synth_echo_cmd()
0aaa86a libtracefs: Fix use after free in tracefs_synth_alloc()
d2d5340 libtracefs: Add missed_events to record
9aaa8b0 libtracefs: Set the number of CPUs in tracefs_local_events_system()
56a0ba0 libtracefs: Return negative number when tracefs_filter_string_append() fails
c5f849f libtracefs: Set the long size of the tep handle in tracefs_local_events_system()
5c8103e revert: 0de961e74f96 ("libtracefs: Set visibility of parser symbols as 'internal'")

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 20:22:54 +02:00
Nick Hainke
cef2ec62ab libtraceevent: update to 1.6.3
Changes:
fda4ad9 libtraceevent: version 1.6.3
d02a61e libtraceevent: Add man pages for tep_plugin_kvm_get/put_func()
6643bf9 libtraceevent: Have kvm_exit/enter be able to show guest function
a596299 libtraceevent: Add tep_print_field() to check-manpages.sh deprecated
065c9cd libtraceevent: Add man page documentation of tep_get_sub_buffer_size()
6e18ecc libtraceevent: Add man page for tep_plugin_add_option()
6738713 libtraceevent: Add some missing functions to generic libtraceevent man page
deefe29 libtraceevent: Include meta data functions in libtraceevent man pages
cf6dd2d libtraceevent: Add tep_get_function_count() to libtraceevent man page
5bfc11e libtraceevent: Add printk documentation to libtraceevent man page
65c767b libtraceevent: Update man page to reflect tep_is_pid_registered() rename
7cd173f libtraceevent: Add check-manpages.sh
fd6efc9 libtraceevent: Documentation: Correct typo in example
5c375b0 libtraceevent: Fixing linking to C++ code
7839fc2 libtraceevent: Makefile - set LIBS as conditional assignment
c5493e7 libtraceevent: Remove double assignment of val in eval_num_arg()
efd3289 libtraceevent: Add warnings if fields are outside the event

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 20:22:54 +02:00
Nick Hainke
d327466149 popt: update to 1.19
Add patch to fix compilation:
- 100-configure.ac-remove-require-gettext-version.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 20:22:54 +02:00
Nick Hainke
04119d7cce libcap: update to 2.66
4f96e67 Up the release version to 2.66
60ff008 Fix typos in the cap_from_text.3 man page.
281b6e4 Add captrace to .gitignore file
09a2c1d Add an example of using BPF kprobing to trace capability use.
26e3a09 Clean up getpcaps code.
fc804ac getpcaps: catch PID parsing errors.
fc437fd Fix an issue with bash displaying an error.
7db9589 Some more simplifications for building
27e801b Fix for "make clean ; make -j48 test"

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 20:22:54 +02:00
Felix Fietkau
3968529285 mt76: update to the latest version
e4fa68a9b3b3 linux-firmware: update firmware for MT7921 WiFi device
60fcf08fe659 linux-firmware: update firmware for MT7921 WiFi device
9d601f4eee8f linux-firmware: update firmware for MT7922 WiFi device
e49b6063fb4b wifi: mt76: move mt76_rate_power from core to mt76x02 driver code
3f27f6adb1ab wifi: mt76: mt76x02: simplify struct mt76x02_rate_power
c07f3d2d5ede wifi: mt76: mt7921: fix antenna signal are way off in monitor mode
9059a5de3bd0 wifi: mt76: Remove unused inline function mt76_wcid_mask_test()
d75f15ddeb90 wifi: mt76: mt7915: fix bounds checking for tx-free-done command
06df7e689294 wifi: mt76: mt7915: reserve 8 bits for the index of rf registers
ad3d0f8db00b wifi: mt76: mt7915: rework eeprom tx paths and streams init
66065073177b wifi: mt76: mt7915: deal with special variant of mt7916
b0114a0abb57 wifi: mt76: mt7915: rework testmode tx antenna setting
6dee964e1f36 wifi: mt76: connac: introduce mt76_connac_spe_idx()
48c116d92939 wifi: mt76: mt7915: add spatial extension index support
db6db4ded0fd wifi: mt76: mt7915: set correct antenna for radar detection on MT7915D
2b8f56a72d76 wifi: mt76: mt7915: fix mt7915_mac_set_timing()
d554a02554db wifi: mt76: mt7915: move wed init routines in mmio.c
61ce40e65852 wifi: mt76: mt7915: enable wed for mt7986 chipset
584a96ec4a0f wifi: mt76: mt7915: enable wed for mt7986-wmac chipset
172d68b6253d mt76: mt76x02: fix vht rate power array overrun
72b87836d368 Revert "mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD"

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-01 17:22:26 +02:00
Daniel Golle
7bba6b6f63 ubnt-ledbar: make package available on other targets
As also ramips/mt7621 now has a user of the ubnt-ledbar driver, make
the package available on all targets by removing the dependency on
@TARGET_mediatek_mt7622.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-30 13:29:58 +01:00
Felix Fietkau
2e375e9b31 kernel: remove hack patch, move kirkwood specific kmods to target modules.mk
Tweaking the KCONFIG line of kmod-ata-marvell-sata makes the hack patch
unnecessary

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-30 12:59:19 +02:00
Felix Fietkau
4363faef8a kernel: move ubnt ledbar driver to a separate package
Simplifies the tree by removing a non-upstream kernel patch and related kconfig
symbols

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-30 11:28:51 +02:00
Felix Fietkau
eb07020de2 mac80211: fix decap offload for stations on AP_VLAN interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-30 11:28:51 +02:00
Petr Štetiar
ec8fb542ec wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-29 07:53:56 +02:00
Petr Štetiar
a0cd133fde Revert "wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable release"
This reverts commit a596a8396b as I've
just discovered private email, that the issue has CVE-2022-39173
assigned so I'm going to reword the commit and push it again.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-29 07:53:12 +02:00
Petr Štetiar
8ad9a72cbe wolfssl: refresh patches
So they're tidy and apply cleanly.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-29 07:36:19 +02:00
Petr Štetiar
a596a8396b wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable release
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-29 07:36:19 +02:00
Manas Sambhus
3e2ea10e5e
qos-scripts: fix trailing whitespace in config files
Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>
2022-09-27 17:16:46 +02:00
Manas Sambhus
0ca634e9ef
qos-scripts: replace modprobe by rmmod
modprobe -r is not available on all platforms, hence use rmmod

Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>
2022-09-27 17:16:45 +02:00
Manas Sambhus
4cc7011da0
kernel: netsupport: replace insmod by modprobe
Replace insmod by modprobe in TEQL hotplug script

Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>
2022-09-27 17:16:45 +02:00
Manas Sambhus
db0c0a31d8
ppp: use modprobe in place of insmod
This will prevent `module is already loaded` lines from
appearing in the logs when a PPP connection is reconnecting

Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>
2022-09-27 17:16:42 +02:00
Felix Fietkau
3a8825ad6a build: fix issues with targets installed via feeds
- fix including modules.mk when a target is being replaced
- fix calling make targets from target/linux

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-27 13:41:12 +02:00
Kevin Darbyshire-Bryant
582c098c09 nftables: backport fix to interval based rules
'rule inet dscpclassify dscp_match  meta l4proto { udp }  th dport { 3478 }
 th sport { 3478-3497, 16384-16387 } goto ct_set_ef' works with
'nft add', but not 'nft insert', the latter yields:
"BUG: unhandled op 4".

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-09-26 18:02:15 +01:00
Kevin Darbyshire-Bryant
dafa663012 sysfsutils: Define START early in file
The luci ucode rewrite exposed the definition of START as being over 1K
from start of file.  Initial versions limited the search for START &
STOP to within the 1st 1K of a file.  Whilst the search has been
expanded, it doesn't do any harm to define START early in the file like
all other init scripts seen so far.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-09-26 17:58:32 +01:00
Christian Marangi
4ed90e84f8
Revert "mt76: fix compilation error with mt7915 and kernel >= 5.15.61"
This reverts commit 6e9613844c.

The patch was wrong in the first place as we base everything on
backports package and the compilation error was caused by an ath11k
present downstream. (will be needed later when backports package will be
updated but not now)

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-25 20:36:42 +02:00
Christian Marangi
6e9613844c
mt76: fix compilation error with mt7915 and kernel >= 5.15.61
With kernel 5.15.61 the define IEEE80211_MAX_AMPDU_BUF got changed to
IEEE80211_MAX_AMPDU_BUF_HE. Add patch to fix compilation error on next
5.15 kernel versions.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-25 16:07:16 +02:00
Eneas U de Queiroz
d08c9da43c
wolfssl: prefer regular libwolfssl over cpu-crypto
Rename libwolfssl-cpu-crypto to libwolfsslcpu-crypto so that the
regular libwolfssl version comes first when running:
opkg install libwolfssl

Normally, if the package name matches the opkg parameter, that package
is preferred.  However, for libraries, the ABI version string is
appended to the package official name, and the short name won't match.
Failing a name match, the candidate packages are sorted in alphabetical
order, and a dash will come before any number.  So in order to prefer
the original library, the dash should be removed from the alternative
library.

Fixes: c3e7d86d2b (wolfssl: add libwolfssl-cpu-crypto package)
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-09-25 15:19:10 +02:00
Eneas U de Queiroz
50d0b41b38
wolfssl: ABI version shouldn't depend on benchmark
Move CONFIG_PACKAGE_libwolfssl-benchmark from the top of
PKG_CONFIG_DEPENDS to after PKG_ABI_VERSION is set.

This avoids changing the ABI version hash whether the bnechmark package
package is selected or not.

Fixes: 05df135cac (wolfssl: Rebuild when libwolfssl-benchmark gets changes)
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-09-25 15:19:07 +02:00
Giammarco Marzano
0de6a3339f ipq40xx: Add ZTE MF289F
It's a 4G Cat.20 router used by Vodafone Italy (called Vodafone FWA)
and Vodafone DE\T-Mobile PL (called GigaCube).

Modem is a MiniPCIe-to-USB based on Snapdragon X24,
it supports 4CA aggregation.

There are currently two hardware revisions, which
differ on the 5Ghz radio:

AT1 = QCA9984 5Ghz Radio on PCI-E bus
AT2 = IPQ4019 5Ghz Radio inside IPQ4019 like 2.4Ghz

Device specification
--------------------
SoC Type: Qualcomm IPQ4019
RAM: 256 MiB
Flash: 128 MiB SPI NAND (Winbond W25N01GV)
ROM: 2MiB SPI Flash (GD25Q16)
Wireless 2.4 GHz (IP4019): b/g/n, 2x2
Wireless 5 GHz:
	(QCA9984): a/n/ac, 4x4 HW REV AT1
	(IPA4019): a/n/ac, 2x2 HW REV AT2
Ethernet: 2xGbE (WAN/LAN1, LAN2)
USB ports: No
Button: 2 (Reset/WPS)
LEDs: 3 external leds: Network (white or red), Wifi, Power and 1 internal (blue)
Power: 12 VDC, 1 A
Connector type: Barrel
Bootloader: U-Boot

Installation
------------
1. Place OpenWrt initramfs image for the device on a TFTP
   in the server's root. This example uses Server IP: 192.168.0.2
2. Connect serial console (115200,8n1) to serial connector
   GND (which is right next to the thing with MF289F MIMO-V1.0), RX, TX
   (refer to this image: https://ibb.co/31Gngpr).
3. Connect TFTP server to RJ-45 port (WAN/LAN1).
4. Stop in u-Boot (using ESC button) and run u-Boot commands:

setenv serverip 192.168.0.2
setenv ipaddr 192.168.0.1
set fdt_high 0x85000000
tftp openwrt-ipq40xx-generic-zte_mf289f-initramfs-fit-zImage.itb
bootm $loadaddr

5. Please make backup of original partitions, if you think about revert to
   stock, specially mtd16 (Web UI) and mtd17 (rootFS).
Use /tmp as temporary storage and do:

WEB PARITION
--------------------------------------
cat /dev/mtd16 > /tmp/mtd16.bin
scp /tmp/mtd16.bin root@YOURSERVERIP:/
rm /tmp/mtd16.bin

ROOT PARITION
--------------------------------------
cat /dev/mtd17 > /tmp/mtd17.bin
scp /tmp/mtd17.bin root@YOURSERVERIP:/
rm /tmp/mtd17.bin

6. Login via ssh or serial and remove stock partitions
   (default IP 192.168.0.1):

 # this can return an error, if ubi was attached before
 # or rootfs part was erased before.
ubiattach -m 17

 # it could return error if rootfs part was erased before
ubirmvol /dev/ubi0 -N ubi_rootfs
 # some devices doesn't have it
ubirmvol /dev/ubi0 -N ubi_rootfs_data

7. download and install image via sysupgrade -n
 (either use wget/scp to copy the mf289f's squashfs-sysupgrade.bin
 to the device's /tmp directory)

 sysupgrade -n /tmp/openwrt-...-zte_mf289f-squashfs-sysupgrade.bin

Sometimes it could print ubi attach error, but please ignore it
if process goes forward.

Flash Layout

NAND:
mtd8: 000a0000 00020000 "fota-flag"
mtd9: 00080000 00020000 "0:ART"
mtd10: 00080000 00020000 "mac"
mtd11: 000c0000 00020000 "reserved2"
mtd12: 00400000 00020000 "cfg-param"
mtd13: 00400000 00020000 "log"
mtd14: 000a0000 00020000 "oops"
mtd15: 00500000 00020000 "reserved3"
mtd16: 00800000 00020000 "web"
mtd17: 01d00000 00020000 "rootfs"
mtd18: 01900000 00020000 "data"
mtd19: 03200000 00020000 "fota"
mtd20: 0041e000 0001f000 "kernel"
mtd21: 0101b000 0001f000 "ubi_rootfs"

SPI:
mtd0: 00040000 00010000 "0:SBL1"
mtd1: 00020000 00010000 "0:MIBIB"
mtd2: 00060000 00010000 "0:QSEE"
mtd3: 00010000 00010000 "0:CDT"
mtd4: 00010000 00010000 "0:DDRPARAMS"
mtd5: 00010000 00010000 "0:APPSBLENV"
mtd6: 000c0000 00010000 "0:APPSBL"
mtd7: 00050000 00010000 "0:reserved1"

Back to Stock (!!! need original dump taken from initramfs !!!)
-------------
1. Place mtd16.bin and mtd17.bin initramfs image
   for the device on a TFTP in the server's root.
   This example uses Server IP: 192.168.0.2
2. Connect serial console (115200,8n1) to serial console
   connector (refer to the pin-out from above).
3. Connect TFTP server to RJ-45 port (WAN/LAN1).
4. rename mtd16.bin to web.img and mtd17.bin to root_uImage_s
5. Stop in u-Boot (using ESC button) and run u-Boot commands:

This will erase RootFS+Web:
nand erase 0x1000000 0x800000
nand erase 0x1800000 0x1D00000

This will restore RootFS:
tftpboot 0x84000000 ${dir}root_uImage_s
nand erase 0x1800000 0x1D00000
nand write $fileaddr 0x1800000 $filesize

This will restore Web Interface:
tftpboot 0x84000000 ${dir}web.img
nand erase 0x1000000 0x800000
nand write $fileaddr 0x1000000 $filesize

After first boot on stock firwmare, do a factory reset.
Push reset button for 5 seconds so all parameters will
be reverted to the one printed on label on bottom of the router

Signed-off-by: Giammarco Marzano <stich86@gmail.com>
Reviewed-by: Lech Perczak <lech.perczak@gmail.com>
(Warning: commit message did not conform to UTF-8 - hopefully fixed?,
added description of the pin-out if image goes down, reformatted
commit message to be hopefully somewhat readable on git-web,
redid some of the gpio-buttons & leds DT nodes, etc.)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-09-24 23:53:53 +02:00
INAGAKI Hiroshi
c34f071972 ipq40xx: add support for Sony NCP-HG100/Cellular
Sony NCP-HG100/Cellular is a IoT Gateway with 2.4/5 GHz band 11ac
(WiFi-5) wireless function, based on IPQ4019.

Specification:

- SoC                   : Qualcomm IPQ4019
- RAM                   : DDR3 512 MiB (H5TC4G63EFR)
- Flash                 : eMMC 4 GiB (THGBMNG5D1LBAIT)
- WLAN                  : 2.4/5 GHz 2T2R (IPQ4019)
- Ethernet              : 10/100/1000 Mbps x2
  - Transceiver         : Qualcomm QCA8072
- WWAN                  : Telit LN940A9
- Z-Wave                : Silicon Labs ZM5101
- Bluetooth             : Qualcomm CSR8811
- Audio DAC             : Realtek ALC5629
- Audio Amp.            : Realtek ALC1304
- Voice Input Processor : Conexant CX20924
- Micro Controller Unit : Nuvoton MINI54FDE
  - RGB LED, Fan, Temp. sensors
- Touch Sensor          : Cypress CY8C4014LQI
- RGB LED driver        : TI LP55231 (2x)
- LEDs/Keys             : 11x, 6x
- UART                  : through-hole on PCB
  - J1: 3.3V, TX, RX, GND from tri-angle marking
  - 115200n8
- Power                 : 12 VDC, 2.5 A

Flash instruction using initramfs image:

1. Prepare TFTP server with the IP address 192.168.132.100 and place the
   initramfs image to TFTP directory with the name "C0A88401.img"

2. Boot NCP-HG100/Cellular and interrupt after the message
   "Hit any key to stop autoboot:  2"

3. Perform the following commands and set bootcmd to allow booting from
   eMMC

   setenv bootcmd "mmc read 0x84000000 0x2e22 0x4000 && bootm 0x84000000"
   saveenv

4. Perform the following command to load/boot the OpenWrt initramfs image

   tftpboot && bootm

5. On the initramfs image, perform sysupgrade with the sysupgrade image
   (if needed, backup eMMC partitions by dd command and download to
   other place before performing sysupgrade)

6. Wait for ~120 seconds to complete flashing

Known issues:

- There are no drivers for audio-related chips/functions in Linux Kernel
  and OpenWrt, they cannot be used.

- There is no driver for MINI54FDE Micro-Controller Unit, customized for
  this device by the firmware in the MCU. This chip controls the
  following functions, but they cannot be controlled in OpenWrt.

  - RGB LED
  - Fan
    this fan is controlled automatically by MCU by default, without
    driver
  - Thermal Sensors (2x)

- Currently, there is no driver or tool for CY8C4014LQI and cannot be
  controlled. It cannot be exited from "booting mode" and moved to "normal
  op mode" after booting. And also, the 4x buttons (mic mute, vol down,
  vol up, alexa trigger) connected to the IC cannot be controlled.

  - it can be exited from "booting mode" by installing and executing
    i2cset command:

    opkg update
    opkg install i2c-tools
    i2cset -y 1 0x14 0xf 1

- There is a connection issue on the control by uqmi for the WWAN module.
  But modemmanager can be used without any issues and the use of it is
  recommended.

- With the F2FS format, too many errors are reported on erasing eMMC
  partition "rootfs_data" while booting:

  [    1.360270] sdhci: Secure Digital Host Controller Interface driver
  [    1.363636] sdhci: Copyright(c) Pierre Ossman
  [    1.369730] sdhci-pltfm: SDHCI platform and OF driver helper
  [    1.374729] sdhci_msm 7824900.sdhci: Got CD GPIO
  ...
  [    1.413552] mmc0: SDHCI controller on 7824900.sdhci [7824900.sdhci] using ADMA 64-bit
  [    1.528325] mmc0: new HS200 MMC card at address 0001
  [    1.530627] mmcblk0: mmc0:0001 004GA0 3.69 GiB
  [    1.533530] mmcblk0boot0: mmc0:0001 004GA0 partition 1 2.00 MiB
  [    1.537831] mmcblk0boot1: mmc0:0001 004GA0 partition 2 2.00 MiB
  [    1.542918] mmcblk0rpmb: mmc0:0001 004GA0 partition 3 512 KiB, chardev (247:0)
  [    1.550323] Alternate GPT is invalid, using primary GPT.
  [    1.561669]  mmcblk0: p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17
  ...
  [    8.841400] mount_root: loading kmods from internal overlay
  [    8.860241] kmodloader: loading kernel modules from //etc/modules-boot.d/*
  [    8.863746] kmodloader: done loading kernel modules from //etc/modules-boot.d/*
  [    9.240465] block: attempting to load /etc/config/fstab
  [    9.246722] block: unable to load configuration (fstab: Entry not found)
  [    9.246863] block: no usable configuration
  [    9.254883] mount_root: overlay filesystem in /dev/mmcblk0p17 has not been formatted yet
  [    9.438915] urandom_read: 5 callbacks suppressed
  [    9.438924] random: mkfs.f2fs: uninitialized urandom read (16 bytes read)
  [   12.243332] mmc_erase: erase error -110, status 0x800
  [   12.246638] mmc0: cache flush error -110
  [   15.134585] mmc_erase: erase error -110, status 0x800
  [   15.135891] mmc_erase: group start error -110, status 0x0
  [   15.139850] mmc_erase: group start error -110, status 0x0
  ...(too many the same errors)...
  [   17.350811] mmc_erase: group start error -110, status 0x0
  [   17.356197] mmc_erase: group start error -110, status 0x0
  [   17.439498] sdhci_msm 7824900.sdhci: Card stuck in wrong state! card_busy_detect status: 0xe00
  [   17.446910] mmc0: tuning execution failed: -5
  [   17.447111] mmc0: cache flush error -110
  [   18.012440] F2FS-fs (mmcblk0p17): Found nat_bits in checkpoint
  [   18.062652] F2FS-fs (mmcblk0p17): Mounted with checkpoint version = 428fa16b
  [   18.198691] block: attempting to load /etc/config/fstab
  [   18.198972] block: unable to load configuration (fstab: Entry not found)
  [   18.203029] block: no usable configuration
  [   18.211371] mount_root: overlay filesystem has not been fully initialized yet
  [   18.214487] mount_root: switching to f2fs overlay

  So, this support uses ext4 format instead which has no errors.

Note:

- The primary uart is shared for debug console and Z-Wave chip. The
  function is switched by GPIO15 (Linux: 427).

  value:

    1: debug console
    0: Z-Wave

- NCP-HG100/Cellular has 2x os-image pairs in eMMC.

  - 0:HLOS, rootfs
  - 0:HLOS_1, rootfs_1

  In OpenWrt, the first image pair is used.

- "bootipq" command in U-Boot requires authentication with signed-image
  by default. To boot unsigned image of OpenWrt, use "mmc read" and
  "bootm" command instead.

- This support is for "Cellular" variant of NCP-HG100 and not tested on
  "WLAN" (non-cellular) variant.

- The board files of ipq-wifi may also be used in "WLAN" variant of
  NCP-HG100, but unconfirmed and add files as for "Cellular" variant.

- "NET" LED is used to indicate WWAN status in stock firmware.

- There is no MAC address information in the label on the case, use the
  address included in UUID in the label as "label-MAC" instead.

- The "CLOUD" LEDs are partially used for indication of system status in
  stock firmware, use they as status LEDs in OpenWrt instead of RGB LED
  connected to the MCU.

MAC addresses:

LAN    : 5C:FF:35:**:**:ED (ART, 0x6    (hex))
WAN    : 5C:FF:35:**:**:EF (ART, 0x0    (hex))
2.4 GHz: 5C:FF:35:**:**:ED (ART, 0x1006 (hex))
5 GHz  : 5C:FF:35:**:**:EE (ART, 0x5006 (hex))

partition layout in eMMC (by fdisk, GPT):

Disk /dev/mmcblk0: 7733248 sectors, 3776M
Logical sector size: 512
Disk identifier (GUID): ****
Partition table holds up to 20 entries
First usable sector is 34, last usable sector is 7634910

Number  Start (sector)    End (sector)  Size Name
     1              34            1057  512K 0:SBL1
     2            1058            2081  512K 0:BOOTCONFIG
     3            2082            3105  512K 0:QSEE
     4            3106            4129  512K 0:QSEE_1
     5            4130            4641  256K 0:CDT
     6            4642            5153  256K 0:CDT_1
     7            5154            6177  512K 0:BOOTCONFIG1
     8            6178            6689  256K 0:APPSBLENV
     9            6690            8737 1024K 0:APPSBL
    10            8738           10785 1024K 0:APPSBL_1
    11           10786           11297  256K 0:ART
    12           11298           11809  256K 0:HSEE
    13           11810           28193 8192K 0:HLOS
    14           28194           44577 8192K 0:HLOS_1
    15           44578          306721  128M rootfs
    16          306722          568865  128M rootfs_1
    17          568866         3958065 1654M rootfs_data

[initial work]
Signed-off-by: Iwao Yuki <dev.clef@gmail.com>
Co-developed-by: Iwao Yuki <dev.clef@gmail.com>
[adjustments, cleanups, commit message, sending patch]
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
(dropped clk_unused_ignore, dropped 901-* patches, renamed
key nodes, changed LEDs chan/labels to match func-en, made
:net -> (w)wan leds)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-09-24 23:53:53 +02:00
Christian Lamparter
bb73828b89 firmware: intel-microcode: update to 20220809
Debian's changelog by Henrique de Moraes Holschuh <hmh@debian.org>:

  * New upstream microcode datafile 20220809
    * Fixes INTEL-SA-00657, CVE-2022-21233
      Stale data from APIC leaks SGX memory (AEPIC leak)
    * Fixes unspecified errata (functional issues) on Xeon Scalable
    * Updated Microcodes:
      sig 0x00050653, pf_mask 0x97, 2022-03-14, rev 0x100015e, size 34816
      sig 0x00050654, pf_mask 0xb7, 2022-03-08, rev 0x2006e05, size 44032
      sig 0x000606a6, pf_mask 0x87, 2022-04-07, rev 0xd000375, size 293888
      sig 0x000706a1, pf_mask 0x01, 2022-03-23, rev 0x003c, size 75776
      sig 0x000706a8, pf_mask 0x01, 2022-03-23, rev 0x0020, size 75776
      sig 0x000706e5, pf_mask 0x80, 2022-03-17, rev 0x00b2, size 112640
      sig 0x000806c2, pf_mask 0xc2, 2022-03-19, rev 0x0028, size 97280
      sig 0x000806d1, pf_mask 0xc2, 2022-03-28, rev 0x0040, size 102400
      sig 0x00090672, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x00090675, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x000906a3, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
      sig 0x000906a4, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
      sig 0x000a0671, pf_mask 0x02, 2022-03-17, rev 0x0054, size 103424
      sig 0x000b06f2, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x000b06f5, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-09-24 23:53:53 +02:00
Alberto Martinez-Alvarez
b02b95d1b0 mac80211: fix parameter reading for AC_BE tx bursting
The "tx_burst" option which should control the value was
expecting more of a list and hence tx_queue_data2_burst
value wasn't updated.

Yes, it would make sense to have a list for this, the
existing  code only updates tx_queue_data2_burst and
not the other tx_queue_data[0134]_burst values.

Signed-off-by: Alberto Martinez-Alvarez <amteza@gmail.com>
(formatted commit message, wrote extra information into commit,
moved tx_burst to existing json_get_vars)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-09-24 17:41:38 +02:00
Felix Fietkau
a6fd151308 mac80211: remove broken CFG80211_WEXT select from the r8723bs driver
Fixes a build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-23 18:11:27 +02:00
Felix Fietkau
3f814ecd24 mac80211: mark lib80211 as hidden
Prevents build errors by ensuring that it is only selected when a wext based
driver that needs it is also selected

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-23 12:06:06 +02:00
Michael Pratt
524f52a471 prism54-firmware: set DL_DIR to package specific subdirectory
This package downloads raw files
which have names that are not corresponding to
the name and version of the package
as it is defined in the Makefile.

Use the option DL_SUBDIR to set the DL_DIR
to be a subdirectory named with
PKG_NAME and PKG_RELEASE
to better organize the downloads.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-09-22 16:48:37 -04:00
Michael Pratt
b99fe7d050 b43legacy-firmware: set DL_DIR to package specific subdirectory
This package downloads raw files
which have names that are not corresponding to
the name and version of the package
as it is defined in the Makefile.

Use the option DL_SUBDIR to set the DL_DIR
to be a subdirectory named with
PKG_NAME and PKG_VERSION
to better organize the downloads.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-09-22 16:48:36 -04:00
Michael Pratt
0720c29a77 ath10k-ct-firmware: set DL_DIR to package specific subdirectory
This package downloads raw files
which have names that are not corresponding to
the name and version of the package
as it is defined in the Makefile.

Use the option DL_SUBDIR to set the DL_DIR
to be a subdirectory named with
PKG_NAME and PKG_VERSION
to better organize the downloads.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-09-22 16:48:36 -04:00
Michael Pratt
331830af51 acx-mac80211: set DL_DIR to package specific subdirectory
This package downloads raw files
which have names that are not corresponding to
the name and version of the package
as it is defined in the Makefile.

Use the option DL_SUBDIR to set the DL_DIR
to be a subdirectory named with
PKG_NAME and PKG_SOURCE_DATE
to better organize the downloads.

Define PKG_VERSION here
using PKG_SOURCE_DATE.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-09-22 16:48:36 -04:00
Olliver Schinagl
211f4302e4
base-files: Actually set default name
The currently used shell expansion doesn't seem to exist [0] and also
does not work. This surely was not intended, so lets allow default
naming to actually work.

[0]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html

Fixes: be09c5a3cd ("base-files: add board.d support for bridge device")
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2022-09-22 21:37:45 +02:00
Felix Fietkau
c787962e1d iwinfo: update to the latest version
46f04f3808e8 devices: add MediaTek MT7986 WiSoC
b3e08c8b5a8f ops: make support for wireless extensions optional
1f695d9c7f82 nl80211: allow phy names that don't start with 'phy'
b7f9f06e1594 nl80211: fix phy/netdev index lookup
4a43b0d40ba5 nl80211: look up the phy name instead of assuming name == phy<idx>

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Felix Fietkau
8cb995445a hostapd: add ubus notification on sta authorized
Also include the station auth_type in the ubus and log message in order
to detect, if clients used FT or FILS to associate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Felix Fietkau
f613c1368b mac80211: disable drivers that rely on wireless extensions
They are unmaintained and don't work properly with current wifi scripts

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Felix Fietkau
6eeb5d4564 kernel: disable wireless extensions only when needed
They are only needed by a few very old drivers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Nicola Corna
f089f7373e kernel: add VFIO kernel packages
Add kmod-vfio and kmod-vfio-pci packages.

Signed-off-by: Nicola Corna <nicola@corna.info>
2022-09-21 13:06:10 +02:00
Tomasz Maciej Nowak
100536bd37 arm-trusted-firmware-mvebu: stop cluttering Image Builder
All contents of staging_dir/image are included in Image Builder (IB) in
case some binary needs to be included in final image. But in case of
this package, all sources are stored there and those clutter the final
tarball of IB for no reason. Those sources are not used during image
creation and are just dead weight. To put it in perspective, the IB for
21.02.0 is 158 MiB, 22.03.0-rc6 is 366 MiB and snapshot is over 620 MiB!
To fix it, put them in package build directory, so they won't end up
included in IB tarball.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Reviewed-by: Andre Heider <a.heider@gmail.com>
2022-09-21 13:06:10 +02:00
Daniel Golle
3cee396bf8 xdp-tools: update to version 1.2.8
82628d8 libxdp: Fix resource leaks
 7fb0af0 libxdp: always clone program fd before taking ownership of it
 d8cd007 headers: Update kernel btf.h header file
 2265125 (tag: v1.2.7) xdp-filter: Update examples in documentation
 2b65008 libxdp: Fix libxdp compilation error
 2387514 xsk: remove unused variable outstanding_tx
 00b5a95 Fix section names in xsk programs
 d4ff1f9 (tag: v1.2.8) Bump TOOLS_VERSION to 1.2.8

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-20 04:33:12 +01:00
David Bauer
94037ab6b0 hostapd: update to 2022-07-29
b704dc72e tests: sigma_dut and updated ConfResult value for Configurator failures
89de431f2 DPP: Add config response status value to DPP-CONF-SENT
10104915a tests: sigma_dut and DPP PB session overlap
80d5e264c Enhance QCA vendor roam event to indicate MLO links after reassociation
662249306 Update copyright notices for the QCA vendor definitions
8adcdd659 tests: Temporary workaround for dpp_chirp_ap_5g
ddcd15c2d tests: Fix fuzzing/sae build
7fa67861a tests: Fix p2p_channel_avoid3
ee3567d65 tests: Add more time for scan/connection
1d08b238c nl80211: Allow more time for the initial scan with 6 GHz
ac9e6a2ab tests: Allow 6 GHz opclasses in MBO checks
faf9c04cb Remove a host of unnecessary OPENSSL_IS_BORINGSSL ifdefs
b9cd5a82f Always process pending QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH data
ef4cd8e33 QoS: Use common classifier_mask for ipv4/ipv6
93be02592 Add fixed FDD mode to qca_btc_chain_mode QCA vendor attribute
e7cbfa1c1 tests: sigma_dut and DPP Enrollee unsupported curves
5565fbee2 DPP: Check Enrollee supported curves when building Config Response
ceae05cec tests: sigma_dut and DPP MUDURL setting for hostapd
4cfb484e9 DPP: Allow dpp_controller_start without arguments in CLIs
c97000933 Fix ifdef condition for imsi_privacy_cert
2a9a61d6c tests: SAE with extended key AKM
e35f6ed1d tests: More detailed report on SAE PMKSA caching error case
f70db167a SAE: Derive a variable length PMK with the new AKM suites
91010e6f6 SAE: Indicate AKM suite selector in commit for new AKM suites
e81ec0962 SAE: Use H2E unconditionally with the new AKM suites
f8eed2e8b SAE: Store PMK length and AKM in SAE data
9dc4e9d13 SAE: EAPOL-Key and key/MIC length information for the new AKM suites
a32ef3cfb SAE: Driver capability flags for the new SAE AKM suites
91df8c9c6 SAE: Internal WPA_KEY_MGMT_* defines for extended key AKMs
5c8a714b1 SAE: Use wpa_key_mgmt_sae() helper
5456b0f26 Define new RSN AKM suite selector values
def33101c DPP: Clear push button announcement state on wpa_supplicant FLUSH
35587fa8f tests: DPP Controller/Relay with need to discover Controller
d22dfe918 DPP: Event message for indicating when Relay would need a Controller
ca7892e98 tests: DPP Relay and adding/removing connection to a Controller
bfe3cfc38 DPP: Allow Relay connections to Controllers to be added and removed
808834b18 Add a comparison function for hostapd_ip_addr
f7763880b DPP: Advertise Configurator connectivity on Relay automatically
ff7cc1d49 tests: DPP Relay and dynamic Controller addition
ca682f80a DPP: Dynamic Controller initiated connection on Relay
d2388bcca DPP: Strict validation of PKEX peer bootstrapping key during auth
a7b8cef8b DPP3: Fix push button boostrapping key passing through PKEX
69d7c8e6b DPP: Add peer=id entry for PKEX-over-TCP case
b607d2723 tests: sigma_dut and DPP PB Configurator in wpa_supplicant
1ff9251a8 DPP3: Push button Configurator in wpa_supplicant
b94e46bc7 tests: PB Configurator in wpa_supplicant
ca4e82cbf tests: sigma_dut DPP/PKEX initiator as Configurator over TCP and Wi-Fi
e9137950f DPP: Recognize own PKEX Exchange Request if it ends up being received
692956446 DPP: Note PKEX code/identifier deletion in debug log
dfa9183b1 tests: DPP reconfig after Controller-initiated operation through Relay
ae4a3a6f6 DPP: Add DPP-CONF-REQ-RX event for Controller
17216b524 tests: sigma_dut DPP/PKEX initiator as Configurator (TCP) through Relay
fb2937b85 DPP: Allow Controller to initiate PKEX through Relay
15af83cf1 DPP: Delete PKEX code and identifier on success completion of PKEX
d86ed5b72 tests: Allow DPP_PKEX_REMOVE success in dpp_pkex_hostapd_errors
0a4f391b1 tests: sigma_dut and DPP Connector Privacy
479e412a6 DPP3: Default value for dpp_connector_privacy
7d12871ba test: DPP Private Peer Introduction protocol
148de3e0d DPP3: Private Peer Introduction protocol
786ea402b HPKE base mode with single-shot API
f0273bc81 OpenSSL: Remove a forgotten debug print
f2bb0839f test: DPP 3rd party config information
68209ddbe DPP: Allow 3rd party information to be added into config object
0e2217c95 DPP: Allow 3rd party information to be added into config request obj
3d82fbe05 Add QCA vendor subcommand and attributes for SCS rule configuration
16b62ddfa QCA vendor attribute for DBAM configuration
004b1ff47 tests: DPP Controller initiating through Relay
451ede2c3 DPP: Allow AP/Relay to be configured to listed for new TCP connections
248654d36 tests: sigma_dut DPP PB test cases
697b7d7ec tests: DPP push button
7bbe85987 DPP3: Allow external configuration to be specified on AP for PB
8db786a43 DPP3: Testing functionality for push button announcements
37bccfcab DPP3: Push button bootstrap mechanism
a0054fe7c Add AP and STA specific P802.11az security capabilities (vendor command)
159e63613 QCA vendor command for CoAP offload processing
3b7bb17f6 Add QCA vendor attribute for TIM beacon statistics
09a281e52 Add QCA vendor interface for PASN offload to userspace
809fb96fa Add a vendor attribute to configure concurrency policy for AP interface
a5754f531 Rename QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY
085a3fc76 EHT: Add 320 channel width support
bafe35df0 Move CHANWIDTH_* definitions from ieee80211_defs.h to defs.h
92f549901 tests: Remove the 80+80 vs. 160 part from wpa2_ocv_ap_vht160_mismatch
c580c2aec tests: Make OCV negative test error cases more robust
3c2ba98ad Add QCA vendor event to indicate driver recovery after internal failures
6b461f68c Set current_ssid before changing state to ASSOCIATING
8dd826741 QCA vendor attribute to configure direct data path for audio traffic
504be2f9d QCA vendor command support to get WLAN radio combinations
d5905dbc8 OCV: Check the Frequency Segment 1 Channel Number only on 80+80 MHz

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-09-20 01:15:36 +02:00
Daniel Golle
412fcf3d44 mac80211: rt2x00: replace patches with v3 of pending series
See also patchwork for submission progress:
https://patchwork.kernel.org/project/linux-wireless/cover/cover.1663445157.git.daniel@makrotopia.org/

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-18 20:05:18 +01:00
Felix Fietkau
00094efec3 build: fix including modules.mk for targets pulled in from feeds
Fixes: ebc36ebb23 ("scripts/feeds: install targets to target/linux/feeds and support overriding")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-18 06:27:53 +02:00
David Bauer
5110cf7ebd hostapd: don't select indoor channel on outdoor operation
Don't select channels designated for exclusive-indoor use when the
country3 element is set on outdoor operation.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-09-18 03:58:54 +02:00
Nick Hainke
1d2d69c810 wireless-regdb: update to 2022-08-12
Changes:
9dc9c89 wireless-regdb: update regulatory database based on preceding changes
442bc25 wireless-regdb: update 5 GHz rules for PK and add 60 GHz rule
daee7f3 wireless-regdb: add 5 GHz rules for GY

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-17 23:16:43 +02:00
Nick Hainke
181dc64a82 linux-firmware: update to 20220913
Changes:
f09bebf amdgpu: update yellow carp DMCUB firmware
db6db36 amdgpu: add firmware for VCN 3.1.2 IP block
3647da5 amdgpu: add firmware for SDMA 5.2.6 IP block
639b5c1 amdgpu: add firmware for PSP 13.0.5 IP block
7658946 amdgpu: add firmware for GC 10.3.6 IP block
427ca6c amdgpu: add firmware for DCN 3.1.5 IP block
edf9a2b qcom: rename Lenovo ThinkPad X13s firmware paths
9ebd5a5 rtw89: 8852c: update fw to v0.27.42.0
7546432 rtw89: 8852c: update fw to v0.27.36.0
2f2f018 Mellanox: Add new mlxsw_spectrum firmware xx.2010.3146
706a462 amdgpu: update beige goby VCN firmware
09ec438 amdgpu: update dimgrey cavefish VCN firmware
647021b amdgpu: update navy flounder VCN firmware
3c1662d amdgpu: update sienna cichlid VCN firmware
d3c9228 rtl_bt: Update RTL8852C BT USB firmware to 0xDFB8_5A33
a1c4b15 mediatek: reference the LICENCE file for MediaTek firmwares

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-17 23:16:43 +02:00
Nick Hainke
58271ed057 linux-firmware: update to 20220815
Changes:
12ca075 mediatek: Add new mt8186 SOF firmware
aed71f2 ice: Update package to 1.3.30.0
1ee415b QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00438
c58f001 brcm: Add nvram for Lenovo Yoga Tablet 2 830F/L and 1050F/L tablets
d4a4224 brcm: Add nvram for the Xiaomi Mi Pad 2 tablet
7220731 brcm: Add nvram for the Asus TF103C tablet
89ec619 Add amd-ucode README file
4f8f67e qca: Update firmware files for BT chip WCN6750.
        This commit will update required firmware files for WCN6750.
e6857b6 amdgpu: Update Yellow Carp VCN firmware
e6185d5 linux-firmware: Update firmware file for Intel Bluetooth 9462
140beaf linux-firmware: Update firmware file for Intel Bluetooth 9462
045847e linux-firmware: Update firmware file for Intel Bluetooth 9560
f7f3d1f linux-firmware: Update firmware file for Intel Bluetooth 9560
45c5e53 linux-firmware: Update firmware file for Intel Bluetooth AX201
1068c45 linux-firmware: Update firmware file for Intel Bluetooth AX201
b93bf2c linux-firmware: Update firmware file for Intel Bluetooth AX211
31d24ca linux-firmware: Update firmware file for Intel Bluetooth AX211
447ca4a linux-firmware: Update firmware file for Intel Bluetooth AX210
87d07fd linux-firmware: Update firmware file for Intel Bluetooth AX200
63a87d2 linux-firmware: Update firmware file for Intel Bluetooth AX201
a45053c Mellanox: Add new mlxsw_spectrum firmware xx.2010.3020
4ae4ae8 qcom: Add firmware for Lenovo ThinkPad X13s
feda199 linux-firmware: Add firmware for Cirrus CS35L41
a4235e0 i915: Add GuC v70.4.1 for DG2
3ab394a i915: Add DMC v2.07 for DG2
150864a amdgpu partially revert "amdgpu: update beige goby to release 22.20"
56cf646 mediatek: Update mt8183/mt8192/mt8195 SCP firmware
4421586 amdgpu: update renoir to release 22.20
06cead1 amdgpu: update beige goby to release 22.20
d3e37b7 amdgpu: update yellow carp to release 22.20
9149732 amdgpu: update dimgrey cavefish to release 22.20
c2f5699 amdgpu: update vega20 to release 22.20
c3afe6a amdgpu: update vega12 to release 22.20
e840fe5 amdgpu: update raven to release 22.20
efe98d4 amdgpu: update navy flounder to release 22.20
5f13921 amdgpu: update vega10 to release 22.20
8da4640 amdgpu: update sienna cichlid to release 22.20
3fbfd89 amdgpu: update navi14 to release 22.20
8fe4b42 amdgpu: update green sardine to release 22.20
ca36bb9 amdgpu: update vangogh to release 22.20
21ba56c amdgpu: update navi12 to release 22.20
e9918d2 amdgpu: update navi10 to release 22.20
f379030 amdgpu: update picasso to release 22.20
1826c07 amdgpu: update aldebaran to release 22.20
1cbf1c6 amdgpu: update psp 13.0.8 TA firmware
35bb3bd WHENCE: Fix the dangling symlinks fix
84661a3 amdgpu: update DMCUB firmware for DCN 3.1.6
dfa2931 WHENCE: Correct dangling symlinks

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-17 23:16:43 +02:00
Sungbo Eo
d826c91704 mac80211: rt2x00: fix typo
Add missing semicolon and refresh patches.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-09-18 03:09:19 +09:00
Andre Heider
1afd0fefd2 ltq-[a|v]dsl-app: provide ltq-dsl-app
This makes it easier for packages to depend on any
lantiq/intel/maxlinear compatible dsl daemon.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-09-17 17:39:23 +02:00
Andre Heider
33e2115fe4 ltq-vdsl-app: rename to ltq-vdsl-vr9-app
This matches the scheme used by other target packages and will avoid
confusion with any future version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-09-17 17:39:23 +02:00
Andre Heider
07536cff51 lantiq: rename ltq-vdsl folder to ltq-vdsl-vr9
Now PKG_NAME matches the folder name, and this will avoid confusion with
any future version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-09-17 17:39:23 +02:00
Andre Heider
5d53b8e9f9 lantiq: rename ltq-vdsl-mei folder to ltq-vdsl-vr9-mei
Now PKG_NAME matches the folder name, and this will avoid confusion with
any future version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-09-17 17:39:23 +02:00
Daniel Golle
e785ca05e9 mac80211: clean and submit a bunch of rt2x00 patches
Clean and submit patches, mostly related to MT7620 to linux-wireless
mailing list:
https://patchwork.kernel.org/project/linux-wireless/list/?series=677770

Replace local patches with now submitted versions.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-17 00:44:08 +01:00
Daniel Golle
1c785d2567 packages: libusb: add package 'fxload' (from libusb examples)
The 'fxload' tool contained in the examples provided with libusb is
actually useful and turns out to be the only way to load firmware into
some rather ancient EZ-USB microcontrollers made by Cypress (formerly
Anchor Chips).
The original 'fxload' tool from hotplug-linux has been abandonned long
ago and requires usbfs to be mounted in /proc/bus/usb/ (like it was in
Linux 2.4...).
Hence the best option is to package the modern 'fxload' from the libusb
examples which (unsurprisingly) uses libusb and works on modern
systems.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-17 00:44:08 +01:00
Felix Fietkau
2b1e651178 unetd: add missing init script
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-16 22:02:28 +02:00
Felix Fietkau
51c727e268 unetd: update to the latest version
e065a7627a46 pex: update last query sent timestamp
6c888f897862 unet-cli: add stun server list editing support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-16 21:58:07 +02:00
Felix Fietkau
40874f0934 unetd: update to the latest version
21360a1b1ce6 cli: fix typo
abfebece0af1 wg-linux: ship a copy of linux/wireguard.h
1cbb1a543cb3 pex: reduce unnecessary ping traffic
0c2f39e52d5d pex: remove pex event debug spam
dcf1362c2104 pex: add support for sending/receiving global PEX messages via unix socket
df5f70b8858c ubus: notify on network updates
e58a56697131 add DHT discovery service
be175767bc67 pex: keep active pex hosts after the specified timeout
543e4a3d2ed7 pex: move rx header check to callback function
395659b9c415 pex: move raw ip send code to sendto_rawudp() in utils.c
dda15ea8b3b2 pex: add utility function to get the sockets based on type / address family
e88f2cd4d3f0 utils: add support for passings address family to network_get_endpoint()
639cdcdf6eda pex: add support for figuring out the external data port via STUN servers
9144339ebe1f pex: improve handling of a longer list of PEX hosts
38212218ecdd unet-cli: add DHT support
0d37ca75434d pex: automatically create host entries from incoming endpoint port notifications
035fcc56ef60 host: keep multiple endpoint candidates, one for each type
a089e8ae7504 pex: avoid sending a query to a host more than once every 15 seconds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-16 21:11:32 +02:00
Felix Fietkau
f8e3d7a4e3 unetd: select unetd from unet-cli instead of depending on it
Some people may explicitly want to select unet-cli for admin purposes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-16 21:11:32 +02:00
Eneas U de Queiroz
c3e7d86d2b
wolfssl: add libwolfssl-cpu-crypto package
libwolfssl-cpu-crypto is a variant of libwolfssl with support for
cryptographic CPU instructions on x86_64 and aarch64.

On aarch64, wolfSSL does not perform run-time detection, so the library
will crash when the AES functions are called.  A preinst script attempts
to check for support by querying /proc/cpuinfo, if installed in a
running system.  When building an image, the script will check the
DISTRIB_TARGET value in /etc/openwrt_release, and will abort
installation if target is bcm27xx.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-09-16 08:30:26 +02:00
Jo-Philipp Wich
94129cbefb rpcd: update to latest Git HEAD
e80d0b2 ucode: pass-through `ubus_rpc_session` argument
0d02243 ucode: initialize module search path early

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-09-16 15:15:20 +02:00
Jo-Philipp Wich
639754e36d ucode: update to latest Git HEAD
cc4eb79 ubus: support obtaining numeric error code
01c412c ubus: add toplevel constants for ubus status codes
8e240fa ubus: allow object method call handlers to return a numeric status code
5cdddd3 lib: add limit support to split() and replace()
0ba9c3e fs: add optional third permission argument to fs.open()
c1f7b3b lib: remove fixed capture group limit in match() and regex replace()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-09-16 15:15:20 +02:00
Koen Vandeputte
aa9be386d4 mac80211: merge upstream fixes
fetched from upstream kernel v5.15.67

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2022-09-16 09:17:17 +02:00
Felix Fietkau
8b06e06832 mac80211: merge pending fixes for tx queueing issues
Fixes a potential deadlock and a tx queue hang on STA assoc

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-15 16:43:04 +02:00
Felix Fietkau
b36de68da6 mt76: update to the latest version
94eb0bc1374d wifi: mt76: testmode: use random payload for tx packets
f8ece810002b wifi: mt76: add rx_check callback for usb devices
67fbdb7bed90 wifi: mt76: mt7921e: fix race issue between reset and suspend/resume
a9b09dd2715f wifi: mt76: mt7921s: fix race issue between reset and suspend/resume
ee3eb0d6d52e wifi: mt76: mt7921u: fix race issue between reset and suspend/resume
9706ccef5447 wifi: mt76: mt7921u: remove unnecessary MT76_STATE_SUSPEND
74a29eb4f714 wifi: mt76: mt7921: move mt7921_rx_check and mt7921_queue_rx_skb in mac.c
f49e06c4cfce wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work
322656141fa4 wifi: mt76: sdio: poll sta stat when device transmits data
dee0a3cbfb03 wifi: mt76: mt7915: fix an uninitialized variable bug
9dd7be2c5164 wifi: mt76: mt7921: fix use after free in mt7921_acpi_read()
0ad02c9a4512 wifi: mt76: sdio: add rx_check callback for sdio devices
fe85e5ccbaca wifi: mt76: sdio: fix transmitting packet hangs
206c7ebd7464 wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload
bf79f5d73e4f wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup
c4132ab0bea2 wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv
52eec74986cf wifi: mt76: mt7663s: add rx_check callback
019ef069e754 wifi: mt76: mt76_usb.mt76u_mcu.burst is always false remove related code
0a392ca03db8 wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start, stop]_ap
fbb3554b6236 wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload
b55a4eb2ee21 wifi: mt76: mt7921: fix the firmware version report
2d72c9a74011 wifi: mt76: move move mt76_sta_stats to mt76_wcid
873365b06c5c wifi: mt76: add PPDU based TxS support for WED device
0c64a80a61c2 wifi: mt76: connac: fix in comment
d11f971a452e wifi: mt76: mt7921: get rid of the false positive reset
2ac22300c7ac wifi: mt76: mt7915: fix mcs value in ht mode
5e45533e4ba2 wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx
e06376af21dd wifi: mt76: mt7915: do not check state before configuring implicit beamform
0c0bda4aea05 wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value
cddc4b43ea93 wifi: mt76: mt7921e: fix rmmod crash in driver reload test
ebbd68842ee0 wifi: mt76: mt7921: introduce Country Location Control support
763a1d90133b wifi: mt76: mt7921e: fix random fw download fail

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-15 13:36:09 +02:00
Daniel Golle
8010d3da03 mediatek: build USB XHCI support as module
Instead of always including the XHCI driver in the kernel on all
MediaTek boards, selectively include the kernel module only on boards
which actually make use of USB functionality.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-14 20:26:58 +01:00
Ilya Katsnelson
e8135247c1
libcap: use more compatible shebang
Patch a script to use a shebang that works on systems that don't have
a /bin/bash, e.g. NixOS or GuixSD.

Signed-off-by: Ilya Katsnelson <me@0upti.me>
2022-09-14 00:06:18 +02:00
Kabuli Chana
c3e4a0d99b
kernel: netsupport: Add FQ-PIE as an optional sched kmod and extract PIE
add Flow Queuing with Proportional Integral controller Enhanced (FQ-PIE) as an
optional kmod in network support and extract sched-pie from kmod-sched to
allow dependency on just kmod-sched-pie (PIE).

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2022-09-13 22:25:41 +02:00
Alexandru Gagniuc
01e2184c49 realtek: add support for TP-Link SG2210P
Add support for the TP-Link SG2210P switch. This is an RTL8380 based
switch with eight RJ-45 ports with 802.3af PoE, and two SFP ports.

This device shares the same board with the SG2008P and SG2008. To
model this, declare all the capabilities in the sg2xxx dtsi, and
disable unpopulated on the lower end models.

Specifications:
---------------
 - SoC:       Realtek RTL8380M
 - Flash:     32 MiB SPI flash (Vendor varies)
 - RAM:	      256 MiB (Vendor varies)
 - Ethernet:  8x 10/100/1000 Mbps with PoE (all ports)
              2x SFP ports
 - Buttons:   1x "Reset" button on front panel
 - Power:     53.5V DC barrel jack
 - UART:      1x serial header, unpopulated
 - PoE:       2x TI TPS23861 I2C PoE controller

Works:
------
  - (8) RJ-45 ethernet ports
  - (2) SFP ports (with caveats)
  - Switch functions
  - System LED

Not yet enabled:
----------------
  - Power-over-Ethernet (driver works, but doesn't enable "auto" mode)
  - PoE LEDs

Enabling SFP ports:
-------------------

The SFP port control lines are hardwired, except for tx-disable. These
lines are controller by the RTL8231 in shift register mode. There is
no driver support for this yet.

However, to enable the lasers on SFP1 and SFP2 respectively:

    echo 0x0510ff00 > /sys/kernel/debug/rtl838x/led/led_p_en_ctrl
    echo      0x140 > /sys/kernel/debug/rtl838x/led/led_sw_p_ctrl.26
    echo      0x140 > /sys/kernel/debug/rtl838x/led/led_sw_p_ctrl.24

Install via serial console/tftp:
--------------------------------

The footprints R27 (0201) and R28 (0402) are not populated. To enable
serial console, 50 ohm resistors should be soldered -- any value from
0 ohm to 50 ohm will work. R27 can be replaced by a solder bridge.

The u-boot firmware drops to a TP-Link specific "BOOTUTIL" shell at
38400 baud. There is no known way to exit out of this shell, and no
way to do anything useful.

Ideally, one would trick the bootloader into flashing the sysupgrade
image first. However, if the image exceeds 6MiB in size, it will not
work. The sysupgrade image can also be flashed. To install OpenWrt:

Prepare a tftp server with:
 1. server address: 192.168.0.146
 2. the image as: "uImage.img"

Power on device, and stop boot by pressing any key.
Once the shell is active:
 1. Ground out the CLK (pin 16) of the ROM (U7)
 2. Select option "3. Start"
 3. Bootloader notes that "The kernel has been damaged!"
 4. Release CLK as sson as bootloader thinks image is corrupted.
 5. Bootloader enters automatic recovery -- details printed on console
 6. Watch as the bootloader flashes and boots OpenWrt.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[OpenWrt capitalisation in commit message]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-09-13 09:22:26 +02:00
Petr Štetiar
a575788b8f uboot-mediatek: fix extraneous right parens
Fixes following warning:

 Makefile:310: extraneous text after 'ifeq' directive

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-13 09:14:09 +02:00
Daniel Golle
31a6605de0 mac80211: rt2x00: experimental improvements for MT7620 wifi
Serge Vasilugin reports:

To improve mt7620 built-in wifi performance some changes:
1. Correct BW20/BW40 switching (see comments with mark (1))
2. Correct TX_SW_CFG1 MAC reg from v3 of vendor driver see
	https://gitlab.com/dm38/padavan-ng/-/blob/master/trunk/proprietary/rt_wifi/rtpci/3.0.X.X/mt76x2/chips/rt6352.c#L531
3. Set bbp66 for all chains.
4. US_CYC_CNT init based on Programming guide, default value was 33 (pci),
   set chipset bus clock with fallback to cpu clock/3.
5. Don't overwrite default values for mt7620.
6. Correct some typos.
7. Add support for external LNA:
    a) RF and BBP regs never be corrected for this mode
    b) eLNA is driven the same way as ePA with mt7620's pin PA
	but vendor driver explicitly pin PA to gpio mode (for forrect calibration?)
	so I'm not sure that request for pa_pin in dts-file will be enough

First 5 changes (really 2) improve performance for boards w/o eLNA/ePA.
Changes 7 add support for eLNA

Configuration w/o eLAN/ePA and with eLNA show results
tx/rx (from router point of view) for each stream:
 35-40/30-35 Mbps for HT20
 65-70/60-65 Mbps for HT40

Yes. Max results for 2T2R client is 140-145/135-140
with peaks 160/150, It correspond to mediatek driver results.
Boards with ePA untested.

Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-12 21:37:08 +01:00
Daniel Golle
d4feb66048 mac80211: add patch descriptions to rt2x00 patches
Prepare patches for sending upstream by adding patch descriptions
generated from the original OpenWrt commits adding each patch.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-12 21:36:58 +01:00
Felix Fietkau
55aa11d121 unetd: only depend on bpf-headers if BPF toolchain support is available
If BPF is unavailable, unetd can be built without it (by disabling VXLAN support).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-12 21:31:27 +02:00
Yoonji Park
c27279dc26 mediatek: add support for ipTIME A6004MX Add basic support for ipTIME A6004MX.
Hardware:
SoC: MediaTek MT7629 Cortex-A7 (ARMv7 1.25GHz, Dual-Core)
RAM: DDR3 128MB
Flash: Macronix MX35LF1GE4AB (SPI-NAND 128MB)
WiFi: MediaTek MT7761N (2.4GHz) / MediaTek MT7762N (5GHz) - no driver
Ethernet: SoC (WAN) / MediaTek MT7531 (LAN x4)
UART: [GND, RX, TX, 3.3V] (115200)

Installation:
- Flash recovery image with TFTP recovery

Revert to stock firmware:
- Flash stock firmware with TFTP recovery

TFTP Recovery method:
1. Unplug the router
2. Hold the reset button and plug in
3. Release when the power LED stops flashing and go off
4. Set your computer IP address manually to 192.168.0.x / 255.255.255.0
5. Flash image with TFTP client to 192.168.0.1

Signed-off-by: Yoonji Park <koreapyj@dcmys.kr>
2022-09-12 01:43:49 +01:00
Daniel Golle
f5d6ed3007 xdp-tools: don't rely on host bpf headers
xdp-tools build currently breaks on build hosts which do not have
libbpf headers installed because the build system wrongly tries to
use the host's include path.
Properly pass path to libbpf headers to xdp-tools build system to
fix build e.g. on the buildbots.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-12 01:43:49 +01:00
Nick French
20581ee8b5 ath79: add support for TP-Link Deco S4
Add support for TP-Link Deco S4 wifi router

The label refers to the device as S4R and the TP-Link firmware
site calls it the Deco S4 v2. (There does not appear to be a v1)

Hardware (and FCC id) are identical to the Deco M4R v2 but the
flash layout is ordered differently and the OEM firmware encrypts
some config parameters (including the label mac address) in flash

In order to set the encrypted mac address, the wlan's caldata
node is removed from the DTS so the mac can be decrypted with
the help of the uencrypt tool and patched into the wlan fw
via hotplug

Specifications:
SoC: QCA9563-AL3A
RAM: Zentel A3R1GE40JBF
Wireless 2.4GHz: QCA9563-AL3A (main SoC)
Wireless 5GHz: QCA9886
Ethernet Switch: QCA8337N-AL3C
Flash: 16 MB SPI NOR

UART serial access (115200N1) on board via solder pads:
RX = TP1 pad
TX = TP2 pad
GND = C201 (pad nearest board edge)

The device's bootloader and web gui will only accept images that
were signed using TP-Link's RSA key, however a memory safety bug
in the bootloader can be leveraged to install openwrt without
accessing the serial console. See developer forum S4 support page
for link to a "firmware" file that starts a tftp client, or you
may generate one on your own like this:
```
python - > deco_s4_faux_fw_tftp.bin <<EOF
import sys
from struct import pack

b = pack('>I', 0x00008000) + b'X'*16 + b"fw-type:" \
  + b'x'*256 + b"S000S001S002" + pack('>I', 0x80060200) \

b += b"\x00"*(0x200-len(b)) \
  + pack(">33I", *[0x3c0887fc, 0x35083ddc, 0xad000000, 0x24050000,
                   0x3c048006, 0x348402a0, 0x3c1987f9, 0x373947f4,
                   0x0320f809, 0x00000000, 0x24050000, 0x3c048006,
                   0x348402d0, 0x3c1987f9, 0x373947f4, 0x0320f809,
                   0x00000000, 0x24050000, 0x3c048006, 0x34840300,
                   0x3c1987f9, 0x373947f4, 0x0320f809, 0x00000000,
                   0x24050000, 0x3c048006, 0x34840400, 0x3c1987f9,
                   0x373947f4, 0x0320f809, 0x00000000, 0x1000fff1,
                   0x00000000])

b += b"\xff"*(0x2A0-len(b)) + b"setenv serverip 192.168.0.2\x00"
b += b"\xff"*(0x2D0-len(b)) + b"setenv ipaddr 192.168.0.1\x00"
b += b"\xff"*(0x300-len(b)) + b"tftpboot 0x81000000 initramfs-kernel.bin\x00"
b += b"\xff"*(0x400-len(b)) + b"bootm 0x81000000\x00"
b += b"\xff"*(0x8000-len(b))

sys.stdout.buffer.write(b)
EOF
```

Installation:
1. Run tftp server on pc with static ip 192.168.0.2
2. Place openwrt "initramfs-kernel.bin" image in tftp root dir
3. Connect pc to router ethernet port1
4. While holding in reset button on bottom of router, power on router
5. From pc access router webgui at http://192.168.0.1
6. Upload deco_s4_faux_fw_tftp.bin
7. Router will load and execture in-memory openwrt
8. Switch pc back to dhcp or static 192.168.1.x
9. Flash openwrt sysupgrade image via luci/ssh at 192.168.1.1

Revert to stock:
Press and hold reset button while powering device to start the
bootloader's recovery mode, where stock firmware can be uploaded
via web gui at 192.168.0.1

Please note that one additional non-github commits is also needed:
firmware-utils: add tplink-safeloader support for Deco S4

Signed-off-by: Nick French <nickfrench@gmail.com>
2022-09-11 21:54:00 +02:00
Michael Pratt
5df1b33298 ath79: add support for Senao Watchguard AP100
FCC ID: U2M-CAP2100AG

WatchGuard AP100 is an indoor wireless access point with
1 Gb ethernet port, dual-band but single-radio wireless,
internal antenna plates, and 802.3at PoE+

this board is a Senao device:
the hardware is equivalent to EnGenius EAP300 v2
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails

**Specification:**

  - AR9344 SOC          MIPS 74kc, 2.4 GHz AND 5 GHz WMAC, 2x2
  - AR8035-A EPHY       RGMII GbE with PoE+ IN
  - 25 MHz clock
  - 16 MB FLASH         mx25l12805d
  - 2x 64 MB RAM
  - UART console        J11, populated
  - GPIO watchdog       GPIO 16, 20 sec toggle
  - 2 antennas          5 dBi, internal omni-directional plates
  - 5 LEDs              power, eth0 link/data, 2G, 5G
  - 1 button            reset

**MAC addresses:**

  Label has no MAC
  Only one Vendor MAC address in flash at art 0x0

  eth0 ---- *:e5 art 0x0 -2
  phy0 ---- *:e5 art 0x0 -2

**Installation:**

  Method 1: OEM webpage

    use OEM webpage for firmware upgrade to upload factory.bin

  Method 2: root shell

    It may be necessary to use a Watchguard router to flash the image to the AP
    and / or to downgrade the software on the AP to access SSH
    For some Watchguard devices, serial console over UART is disabled.

  NOTE: DHCP is not enabled by default after flashing

**TFTP recovery:**

  reset button has no function at boot time
  only possible with modified uboot environment,
  (see commit message for Watchguard AP300)

**Return to OEM:**

  user should make backup of MTD partitions
  and write the backups back to mtd devices
  in order to revert to OEM reliably

  It may be possible to use sysupgrade
  with an OEM image as well...
  (not tested)

**OEM upgrade info:**

  The OEM upgrade script is at /etc/fwupgrade.sh

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

**Note on eth0 PLL-data:**

  The default Ethernet Configuration register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For AR934x series, the PLL registers for eth0
  can be see in the DTSI as 0x2c.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x1805002c 1`.

  The clock delay required for RGMII can be applied
  at the PHY side, using the at803x driver `phy-mode`.
  Therefore the PLL registers for GMAC0
  do not need the bits for delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

**Note on WatchGuard Magic string:**

  The OEM upgrade script is a modified version of
  the generic Senao sysupgrade script
  which is used on EnGenius devices.

  On WatchGuard boards produced by Senao,
  images are verified using a md5sum checksum of
  the upgrade image concatenated with a magic string.
  this checksum is then appended to the end of the final image.

  This variable does not apply to all the senao devices
  so set to null string as default

Tested-by: Steve Wheeler <stephenw10@gmail.com>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-09-11 21:54:00 +02:00
Michael Pratt
9f6e247854 ath79: add support for Senao WatchGuard AP200
FCC ID: U2M-CAP4200AG

WatchGuard AP200 is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+

this board is a Senao device:
the hardware is equivalent to EnGenius EAP600
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails

**Specification:**

  - AR9344 SOC		MIPS 74kc, 2.4 GHz WMAC, 2x2
  - AR9382 WLAN		PCI card 168c:0030, 5 GHz, 2x2, 26dBm
  - AR8035-A EPHY	RGMII GbE with PoE+ IN
  - 25 MHz clock
  - 16 MB FLASH		mx25l12805d
  - 2x 64 MB RAM
  - UART console        J11, populated
  - GPIO watchdog       GPIO 16, 20 sec toggle
  - 4 antennas          5 dBi, internal omni-directional plates
  - 5 LEDs              power, eth0 link/data, 2G, 5G
  - 1 button            reset

**MAC addresses:**

  Label has no MAC
  Only one Vendor MAC address in flash at art 0x0

  eth0 ---- *:be art 0x0 -2
  phy1 ---- *:bf art 0x0 -1
  phy0 ---- *:be art 0x0 -2

**Installation:**

  Method 1: OEM webpage

    use OEM webpage for firmware upgrade to upload factory.bin

  Method 2: root shell

    It may be necessary to use a Watchguard router to flash the image to the AP
    and / or to downgrade the software on the AP to access SSH
    For some Watchguard devices, serial console over UART is disabled.

  NOTE: DHCP is not enabled by default after flashing

**TFTP recovery:**

  reset button has no function at boot time
  only possible with modified uboot environment,
  (see commit message for Watchguard AP300)

**Return to OEM:**

  user should make backup of MTD partitions
  and write the backups back to mtd devices
  in order to revert to OEM reliably

  It may be possible to use sysupgrade
  with an OEM image as well...
  (not tested)

**OEM upgrade info:**

  The OEM upgrade script is at /etc/fwupgrade.sh

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

**Note on eth0 PLL-data:**

  The default Ethernet Configuration register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For AR934x series, the PLL registers for eth0
  can be see in the DTSI as 0x2c.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x1805002c 1`.

  The clock delay required for RGMII can be applied
  at the PHY side, using the at803x driver `phy-mode`.
  Therefore the PLL registers for GMAC0
  do not need the bits for delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

**Note on WatchGuard Magic string:**

  The OEM upgrade script is a modified version of
  the generic Senao sysupgrade script
  which is used on EnGenius devices.

  On WatchGuard boards produced by Senao,
  images are verified using a md5sum checksum of
  the upgrade image concatenated with a magic string.
  this checksum is then appended to the end of the final image.

  This variable does not apply to all the senao devices
  so set to null string as default

Tested-by: Steve Wheeler <stephenw10@gmail.com>
Tested-by: John Delaney <johnd@ankco.net>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-09-11 21:54:00 +02:00
Michael Pratt
146aaeafb7 ath79: add support for Senao WatchGuard AP300
FCC ID: Q6G-AP300

WatchGuard AP300 is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+

this board is a Senao device:
the hardware is equivalent to EnGenius EAP1750
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails

**Specification:**

  - QCA9558 SOC		MIPS 74kc, 2.4 GHz WMAC, 3x3
  - QCA9880 WLAN	PCI card 168c:003c, 5 GHz, 3x3, 26dBm
  - AR8035-A PHY	RGMII GbE with PoE+ IN
  - 40 MHz clock
  - 32 MB FLASH		S25FL512S
  - 2x 64 MB RAM	NT5TU32M16
  - UART console	J10, populated
  - GPIO watchdog	GPIO 16, 20 sec toggle
  - 6 antennas		5 dBi, internal omni-directional plates
  - 5 LEDs		power, eth0 link/data, 2G, 5G
  - 1 button		reset

**MAC addresses:**

  MAC address labeled as ETH
  Only one Vendor MAC address in flash at art 0x0

  eth0 ETH  *:3c art 0x0
  phy1 ---- *:3d ---
  phy0 ---- *:3e ---

**Serial console access:**

  For this board, its not certain whether UART is possible
  it is likely that software is blocking console access

  the RX line on the board for UART is shorted to ground by resistor R176
  the resistors R175 and R176 are next to the UART RX pin at J10

  however console output is garbage even after this fix

**Installation:**

  Method 1: OEM webpage

    use OEM webpage for firmware upgrade to upload factory.bin

  Method 2: root shell access

    downgrade XTM firewall to v2.0.0.1
    downgrade AP300 firmware: v1.0.1
    remove / unpair AP from controller
    perform factory reset with reset button
    connect ethernet to a computer
    login to OEM webpage with default address / pass: wgwap
    enable SSHD in OEM webpage settings
    access root shell with SSH as user 'root'
    modify uboot environment to automatically try TFTP at boot time
    (see command below)

    rename initramfs-kernel.bin to test.bin
    load test.bin over TFTP (see TFTP recovery)
    (optionally backup all mtdblocks to have flash backup)
    perform a sysupgrade with sysupgrade.bin

  NOTE: DHCP is not enabled by default after flashing

**TFTP recovery:**

  server ip: 192.168.1.101

  reset button seems to do nothing at boot time...
  only possible with modified uboot environment,
  running this command in the root shell:

  fw_setenv bootcmd 'if ping 192.168.1.101; then tftp 0x82000000 test.bin && bootm 0x82000000; else bootm 0x9f0a0000; fi'

  and verify that it is correct with

  fw_printenv

  then, before boot, the device will attempt TFTP from 192.168.1.101
  looking for file 'test.bin'

  to return uboot environment to normal:

  fw_setenv bootcmd 'bootm 0x9f0a0000'

**Return to OEM:**

  user should make backup of MTD partitions
  and write the backups back to mtd devices
  in order to revert to OEM
  (see installation method 2)

  It may be possible to use sysupgrade
  with an OEM image as well...
  (not tested)

**OEM upgrade info:**

  The OEM upgrade script is at /etc/fwupgrade.sh

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

**Note on eth0 PLL-data:**

  The default Ethernet Configuration register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  The clock delay required for RGMII can be applied
  at the PHY side, using the at803x driver `phy-mode`.
  Therefore the PLL registers for GMAC0
  do not need the bits for delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

**Note on WatchGuard Magic string:**

  The OEM upgrade script is a modified version of
  the generic Senao sysupgrade script
  which is used on EnGenius devices.

  On WatchGuard boards produced by Senao,
  images are verified using a md5sum checksum of
  the upgrade image concatenated with a magic string.
  this checksum is then appended to the end of the final image.

  This variable does not apply to all the senao devices
  so set to null string as default

Tested-by: Alessandro Kornowski <ak@wski.org>
Tested-by: John Wagner <john@wagner.us.org>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-09-11 21:54:00 +02:00
Daniel Golle
4133102898 kernel: modules: package kmod-crypto-essiv
Package kernel module providing ESSIV support for block encryption.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-11 19:04:44 +01:00
Lech Perczak
f1d112ee5a ath79: support Ruckus ZoneFlex 7321
Ruckus ZoneFlex 7321 is a dual-band, single radio 802.11n 2x2 MIMO enterprise
access point. It is very similar to its bigger brother, ZoneFlex 7372.

Hardware highligts:
- CPU: Atheros AR9342 SoC at 533 MHz
- RAM: 64MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi: AR9342 built-in dual-band 2x2 MIMO radio
- Ethernet: single Gigabit Ethernet port through AR8035 gigabit PHY
- PoE: input through Gigabit port
- Standalone 12V/1A power input
- USB: optional single USB 2.0 host port on the 7321-U variant.

Serial console: 115200-8-N-1 on internal H1 header.
Pinout:

H1 ----------
   |1|x3|4|5|
   ----------

Pin 1 is near the "H1" marking.
1 - RX
x - no pin
3 - VCC (3.3V)
4 - GND
5 - TX

JTAG: Connector H5, unpopulated, similar to MIPS eJTAG, standard,
but without the key in pin 12 and not every pin routed:

------- H5
|1 |2 |
-------
|3 |4 |
-------
|5 |6 |
-------
|7 |8 |
-------
|9 |10|
-------
|11|12|
-------
|13|14|
-------

3 - TDI
5 - TDO
7 - TMS
9 - TCK
2,4,6,8,10 - GND
14 - Vref
1,11,12,13 - Not connected

Installation:
There are two methods of installation:
- Using serial console [1] - requires some disassembly, 3.3V USB-Serial
  adapter, TFTP server,  and removing a single T10 screw,
  but with much less manual steps, and is generally recommended, being
  safer.
- Using stock firmware root shell exploit, SSH and TFTP [2]. Does not
  work on some rare versions of stock firmware. A more involved, and
  requires installing `mkenvimage` from u-boot-tools package if you
  choose to rebuild your own environment, but can be used without
  disassembly or removal from installation point, if you have the
  credentials.
  If for some reason, size of your sysupgrade image exceeds 13312kB,
  proceed with method [1]. For official images this is not likely to
  happen ever.

[1] Using serial console:
0. Connect serial console to H1 header. Ensure the serial converter
   does not back-power the board, otherwise it will fail to boot.

1. Power-on the board. Then quickly connect serial converter to PC and
   hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
   you'll enter U-boot shell. Then skip to point 3.
   Connection parameters are 115200-8-N-1.

2. Allow the board to boot.  Press the reset button, so the board
   reboots into U-boot again and go back to point 1.

3. Set the "bootcmd" variable to disable the dual-boot feature of the
   system and ensure that uImage is loaded. This is critical step, and
   needs to be done only on initial installation.

   > setenv bootcmd "bootm 0x9f040000"
   > saveenv

4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:

   > setenv serverip 192.168.1.2
   > setenv ipaddr 192.168.1.1
   > tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7321-initramfs-kernel.bin
   > bootm 0x81000000

5. Optional, but highly recommended: back up contents of "firmware" partition:

   $ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7321_fw1_backup.bin
   $ ssh root@192.168.1.1 cat /dev/mtd5 > ruckus_zf7321_fw2_backup.bin

6. Copy over sysupgrade image, and perform actual installation. OpenWrt
   shall boot from flash afterwards:

   $ ssh root@192.168.1.1
   # sysupgrade -n openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin

[2] Using stock root shell:
0. Reset the device to factory defaullts. Power-on the device and after
   it boots, hold the reset button near Ethernet connectors for 5
   seconds.

1. Connect the device to the network. It will acquire address over DHCP,
   so either find its address using list of DHCP leases by looking for
   label MAC address, or try finding it by scanning for SSH port:

   $ nmap 10.42.0.0/24 -p22

   From now on, we assume your computer has address 10.42.0.1 and the device
   has address 10.42.0.254.

2. Set up a TFTP server on your computer. We assume that TFTP server
   root is at /srv/tftp.

3. Obtain root shell. Connect to the device over SSH. The SSHD ond the
   frmware is pretty ancient and requires enabling HMAC-MD5.

   $ ssh 10.42.0.254 \
   -o UserKnownHostsFile=/dev/null \
   -o StrictHostKeyCheking=no \
   -o MACs=hmac-md5

   Login. User is "super", password is "sp-admin".
   Now execute a hidden command:

   Ruckus

   It is case-sensitive. Copy and paste the following string,
   including quotes. There will be no output on the console for that.

   ";/bin/sh;"

   Hit "enter". The AP will respond with:

   grrrr
   OK

   Now execute another hidden command:

   !v54!

   At "What's your chow?" prompt just hit "enter".
   Congratulations, you should now be dropped to Busybox shell with root
   permissions.

4. Optional, but highly recommended: backup the flash contents before
   installation. At your PC ensure the device can write the firmware
   over TFTP:

   $ sudo touch /srv/tftp/ruckus_zf7321_firmware{1,2}.bin
   $ sudo chmod 666 /srv/tftp/ruckus_zf7321_firmware{1,2}.bin

   Locate partitions for primary and secondary firmware image.
   NEVER blindly copy over MTD nodes, because MTD indices change
   depending on the currently active firmware, and all partitions are
   writable!

   # grep rcks_wlan /proc/mtd

   Copy over both images using TFTP, this will be useful in case you'd
   like to return to stock FW in future. Make sure to backup both, as
   OpenWrt uses bot firmwre partitions for storage!

   # tftp -l /dev/<rcks_wlan.main_mtd> -r ruckus_zf7321_firmware1.bin -p 10.42.0.1
   # tftp -l /dev/<rcks_wlan.bkup_mtd> -r ruckus_zf7321_firmware2.bin -p 10.42.0.1

   When the command finishes, copy over the dump to a safe place for
   storage.

   $ cp /srv/tftp/ruckus_zf7321_firmware{1,2}.bin ~/

5. Ensure the system is running from the BACKUP image, i.e. from
   rcks_wlan.bkup partition or "image 2". Otherwise the installation
   WILL fail, and you will need to access mtd0 device to write image
   which risks overwriting the bootloader, and so is not covered here
   and not supported.

   Switching to backup firmware can be achieved by executing a few
   consecutive reboots of the device, or by updating the stock firmware. The
   system will boot from the image it was not running from previously.
   Stock firmware available to update was conveniently dumped in point 4 :-)

6. Prepare U-boot environment image.
   Install u-boot-tools package. Alternatively, if you build your own
   images, OpenWrt provides mkenvimage in host staging directory as well.
   It is recommended to extract environment from the device, and modify
   it, rather then relying on defaults:

   $ sudo touch /srv/tftp/u-boot-env.bin
   $ sudo chmod 666 /srv/tftp/u-boot-env.bin

   On the device, find the MTD partition on which environment resides.
   Beware, it may change depending on currently active firmware image!

   # grep u-boot-env /proc/mtd

   Now, copy over the partition

   # tftp -l /dev/mtd<N> -r u-boot-env.bin -p 10.42.0.1

   Store the stock environment in a safe place:

   $ cp /srv/tftp/u-boot-env.bin ~/

   Extract the values from the dump:

   $ strings u-boot-env.bin | tee u-boot-env.txt

   Now clean up the debris at the end of output, you should end up with
   each variable defined once. After that, set the bootcmd variable like
   this:

   bootcmd=bootm 0x9f040000

   You should end up with something like this:

bootcmd=bootm 0x9f040000
bootargs=console=ttyS0,115200 rootfstype=squashfs init=/sbin/init
baudrate=115200
ethaddr=0x00:0xaa:0xbb:0xcc:0xdd:0xee
mtdparts=mtdparts=ar7100-nor0:256k(u-boot),13312k(rcks_wlan.main),2048k(datafs),256k(u-boot-env),512k(Board Data),13312k(rcks_wlan.bkup)
mtdids=nor0=ar7100-nor0
bootdelay=2
ethact=eth0
filesize=78a000
fileaddr=81000000
partition=nor0,0
mtddevnum=0
mtddevname=u-boot
ipaddr=10.0.0.1
serverip=10.0.0.5
stdin=serial
stdout=serial
stderr=serial

   These are the defaults, you can use most likely just this as input to
   mkenvimage.

   Now, create environment image and copy it over to TFTP root:

   $ mkenvimage -s 0x40000 -b -o u-boot-env.bin u-boot-env.txt
   $ sudo cp u-boot-env.bin /srv/tftp

   This is the same image, gzipped and base64-encoded:

H4sIAAAAAAAAA+3QQW7TQBQAUF8EKRtQI6XtJDS0VJoN4gYcAE3iCbWS2MF2Sss1ORDYqVq6YMEB3rP0
Z/7Yf+aP3/56827VNP16X8Zx3E/Cw8dNuAqDYlxI7bcurpu6a3Y59v3jlzCbz5eLECbt8HbT9Y+HHLvv
x9TdbbpJVVd9vOxWVX05TotVOpZt6nN8qilyf5fKso3hIYTb8JDSEFarIazXQyjLIeRc7PvykNq+iy+T
1F7PQzivmzbcLpYftmfH87G56Wz+/v18sT1r19vu649dqi/2qaqns0W4utmelalPm27I/lac5/p+OluO
NZ+a1JaTz8M3/9hmtT0epmMjVdnF8djXLZx+TJl36TEuTlda93EYQrGpdrmrfuZ4fZPGHzjmp/vezMNJ
MV6n6qumPm06C+MRZb6vj/v4Mk/7HJ+6LarDqXweLsZnXnS5vc9tdXheWRbd0GIdh/Uq7cakOfavsty2
z1nxGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAD+1x9eTkHLAAAEAA==

7. Perform actual installation. Copy over OpenWrt sysupgrade image to
   TFTP root:

   $ sudo cp openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin /srv/tftp

   Now load both to the device over TFTP:

   # tftp -l /tmp/u-boot-env.bin -r u-boot-env.bin -g 10.42.0.1
   # tftp -l /tmp/openwrt.bin -r openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin -g 10.42.0.1

   Vverify checksums of both images to ensure the transfer over TFTP
   was completed:

   # sha256sum /tmp/u-boot-env.bin /tmp/openwrt.bin

   And compare it against source images:

   $ sha256sum /srv/tftp/u-boot-env.bin /srv/tftp/openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin

   Locate MTD partition of the primary image:

   # grep rcks_wlan.main /proc/mtd

   Now, write the images in place. Write U-boot environment last, so
   unit still can boot from backup image, should power failure occur during
   this. Replace MTD placeholders with real MTD nodes:

   # flashcp /tmp/openwrt.bin /dev/<rcks_wlan.main_mtd>
   # flashcp /tmp/u-boot-env.bin /dev/<u-boot-env_mtd>

   Finally, reboot the device. The device should directly boot into
   OpenWrt. Look for the characteristic power LED blinking pattern.

   # reboot -f

   After unit boots, it should be available at the usual 192.168.1.1/24.

Return to factory firmware:

1. Boot into OpenWrt initramfs as for initial installation. To do that
   without disassembly, you can write an initramfs image to the device
   using 'sysupgrade -F' first.
2. Unset the "bootcmd" variable:
   fw_setenv bootcmd ""
3. Write factory images downloaded from manufacturer website into
   fwconcat0 and fwconcat1 MTD partitions, or restore backup you took
   before installation:
   mtd write ruckus_zf7321_fw1_backup.bin /dev/mtd1
   mtd write ruckus_zf7321_fw2_backup.bin /dev/mtd5
4. Reboot the system, it should load into factory firmware again.

Quirks and known issues:
- Flash layout is changed from the factory, to use both firmware image
  partitions for storage using mtd-concat, and uImage format is used to
  actually boot the system, which rules out the dual-boot capability.
- The 5GHz radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
  OpenWrt by choice.
  It is controlled by data in the top 64kB of RAM which is unmapped,
  to avoid   the interference in the boot process and accidental
  switch to the inactive image, although boot script presence in
  form of "bootcmd" variable should prevent this entirely.
- U-boot disables JTAG when starting. To re-enable it, you need to
  execute the following command before booting:
  mw.l 1804006c 40
  And also you need to disable the reset button in device tree if you
  intend to debug Linux, because reset button on GPIO0 shares the TCK
  pin.
- On some versions of stock firmware, it is possible to obtain root shell,
  however not much is available in terms of debugging facitilies.
  1. Login to the rkscli
  2. Execute hidden command "Ruckus"
  3. Copy and paste ";/bin/sh;" including quotes. This is required only
     once, the payload will be stored in writable filesystem.
  4. Execute hidden command "!v54!". Press Enter leaving empty reply for
     "What's your chow?" prompt.
  5. Busybox shell shall open.
  Source: https://alephsecurity.com/vulns/aleph-2019014

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-09-11 01:36:25 +02:00
Lech Perczak
59cb4dc91d ath79: support Ruckus ZoneFlex 7372
Ruckus ZoneFlex 7372 is a dual-band, dual-radio 802.11n 2x2 MIMO enterprise
access point.

Ruckus ZoneFlex 7352 is also supported, lacking the 5GHz radio part.

Hardware highligts:
- CPU: Atheros AR9344 SoC at 560 MHz
- RAM: 128MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: AR9344 built-in 2x2 MIMO radio
- Wi-Fi 5Ghz: AR9582 2x2 MIMO radio (Only in ZF7372)
- Antennas:
  - Separate internal active antennas with beamforming support on both
    bands with 7 elements per band, each controlled by 74LV164 GPIO
    expanders, attached to GPIOs of each radio.
  - Two dual-band external RP-SMA antenna connections on "7372-E"
    variant.
- Ethernet 1: single Gigabit Ethernet port through AR8035 gigabit PHY
- Ethernet 2: single Fast Ethernet port through AR9344 built-in switch
- PoE: input through Gigabit port
- Standalone 12V/1A power input
- USB: optional single USB 2.0 host port on "-U" variants.

The same image should support:
- ZoneFlex 7372E (variant with external antennas, without beamforming
  capability)
- ZoneFlex 7352 (single-band, 2.4GHz-only variant).

which are based on same baseboard (codename St. Bernard),
with different populated components.

Serial console: 115200-8-N-1 on internal H1 header.
Pinout:

H1
---
|5|
---
|4|
---
|3|
---
|x|
---
|1|
---

Pin 5 is near the "H1" marking.
1 - RX
x - no pin
3 - VCC (3.3V)
4 - GND
5 - TX

JTAG: Connector H2, similar to MIPS eJTAG, standard,
but without the key in pin 12 and not every pin routed:

------- H2
|1 |2 |
-------
|3 |4 |
-------
|5 |6 |
-------
|7 |8 |
-------
|9 |10|
-------
|11|12|
-------
|13|14|
-------

3 - TDI
5 - TDO
7 - TMS
9 - TCK
2,4,6,8,10 - GND
14 - Vref
1,11,12,13 - Not connected

Installation:
There are two methods of installation:
- Using serial console [1] - requires some disassembly, 3.3V USB-Serial
  adapter, TFTP server,  and removing a single T10 screw,
  but with much less manual steps, and is generally recommended, being
  safer.
- Using stock firmware root shell exploit, SSH and TFTP [2]. Does not
  work on some rare versions of stock firmware. A more involved, and
  requires installing `mkenvimage` from u-boot-tools package if you
  choose to rebuild your own environment, but can be used without
  disassembly or removal from installation point, if you have the
  credentials.
  If for some reason, size of your sysupgrade image exceeds 13312kB,
  proceed with method [1]. For official images this is not likely to
  happen ever.

[1] Using serial console:
0. Connect serial console to H1 header. Ensure the serial converter
   does not back-power the board, otherwise it will fail to boot.

1. Power-on the board. Then quickly connect serial converter to PC and
   hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
   you'll enter U-boot shell. Then skip to point 3.
   Connection parameters are 115200-8-N-1.

2. Allow the board to boot.  Press the reset button, so the board
   reboots into U-boot again and go back to point 1.

3. Set the "bootcmd" variable to disable the dual-boot feature of the
   system and ensure that uImage is loaded. This is critical step, and
   needs to be done only on initial installation.

   > setenv bootcmd "bootm 0x9f040000"
   > saveenv

4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:

   > setenv serverip 192.168.1.2
   > setenv ipaddr 192.168.1.1
   > tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7372-initramfs-kernel.bin
   > bootm 0x81000000

5. Optional, but highly recommended: back up contents of "firmware" partition:

   $ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7372_fw1_backup.bin
   $ ssh root@192.168.1.1 cat /dev/mtd5 > ruckus_zf7372_fw2_backup.bin

6. Copy over sysupgrade image, and perform actual installation. OpenWrt
   shall boot from flash afterwards:

   $ ssh root@192.168.1.1
   # sysupgrade -n openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin

[2] Using stock root shell:
0. Reset the device to factory defaullts. Power-on the device and after
   it boots, hold the reset button near Ethernet connectors for 5
   seconds.

1. Connect the device to the network. It will acquire address over DHCP,
   so either find its address using list of DHCP leases by looking for
   label MAC address, or try finding it by scanning for SSH port:

   $ nmap 10.42.0.0/24 -p22

   From now on, we assume your computer has address 10.42.0.1 and the device
   has address 10.42.0.254.

2. Set up a TFTP server on your computer. We assume that TFTP server
   root is at /srv/tftp.

3. Obtain root shell. Connect to the device over SSH. The SSHD ond the
   frmware is pretty ancient and requires enabling HMAC-MD5.

   $ ssh 10.42.0.254 \
   -o UserKnownHostsFile=/dev/null \
   -o StrictHostKeyCheking=no \
   -o MACs=hmac-md5

   Login. User is "super", password is "sp-admin".
   Now execute a hidden command:

   Ruckus

   It is case-sensitive. Copy and paste the following string,
   including quotes. There will be no output on the console for that.

   ";/bin/sh;"

   Hit "enter". The AP will respond with:

   grrrr
   OK

   Now execute another hidden command:

   !v54!

   At "What's your chow?" prompt just hit "enter".
   Congratulations, you should now be dropped to Busybox shell with root
   permissions.

4. Optional, but highly recommended: backup the flash contents before
   installation. At your PC ensure the device can write the firmware
   over TFTP:

   $ sudo touch /srv/tftp/ruckus_zf7372_firmware{1,2}.bin
   $ sudo chmod 666 /srv/tftp/ruckus_zf7372_firmware{1,2}.bin

   Locate partitions for primary and secondary firmware image.
   NEVER blindly copy over MTD nodes, because MTD indices change
   depending on the currently active firmware, and all partitions are
   writable!

   # grep rcks_wlan /proc/mtd

   Copy over both images using TFTP, this will be useful in case you'd
   like to return to stock FW in future. Make sure to backup both, as
   OpenWrt uses bot firmwre partitions for storage!

   # tftp -l /dev/<rcks_wlan.main_mtd> -r ruckus_zf7372_firmware1.bin -p 10.42.0.1
   # tftp -l /dev/<rcks_wlan.bkup_mtd> -r ruckus_zf7372_firmware2.bin -p 10.42.0.1

   When the command finishes, copy over the dump to a safe place for
   storage.

   $ cp /srv/tftp/ruckus_zf7372_firmware{1,2}.bin ~/

5. Ensure the system is running from the BACKUP image, i.e. from
   rcks_wlan.bkup partition or "image 2". Otherwise the installation
   WILL fail, and you will need to access mtd0 device to write image
   which risks overwriting the bootloader, and so is not covered here
   and not supported.

   Switching to backup firmware can be achieved by executing a few
   consecutive reboots of the device, or by updating the stock firmware. The
   system will boot from the image it was not running from previously.
   Stock firmware available to update was conveniently dumped in point 4 :-)

6. Prepare U-boot environment image.
   Install u-boot-tools package. Alternatively, if you build your own
   images, OpenWrt provides mkenvimage in host staging directory as well.
   It is recommended to extract environment from the device, and modify
   it, rather then relying on defaults:

   $ sudo touch /srv/tftp/u-boot-env.bin
   $ sudo chmod 666 /srv/tftp/u-boot-env.bin

   On the device, find the MTD partition on which environment resides.
   Beware, it may change depending on currently active firmware image!

   # grep u-boot-env /proc/mtd

   Now, copy over the partition

   # tftp -l /dev/mtd<N> -r u-boot-env.bin -p 10.42.0.1

   Store the stock environment in a safe place:

   $ cp /srv/tftp/u-boot-env.bin ~/

   Extract the values from the dump:

   $ strings u-boot-env.bin | tee u-boot-env.txt

   Now clean up the debris at the end of output, you should end up with
   each variable defined once. After that, set the bootcmd variable like
   this:

   bootcmd=bootm 0x9f040000

   You should end up with something like this:

bootcmd=bootm 0x9f040000
bootargs=console=ttyS0,115200 rootfstype=squashfs init=/sbin/init
baudrate=115200
ethaddr=0x00:0xaa:0xbb:0xcc:0xdd:0xee
bootdelay=2
mtdids=nor0=ar7100-nor0
mtdparts=mtdparts=ar7100-nor0:256k(u-boot),13312k(rcks_wlan.main),2048k(datafs),256k(u-boot-env),512k(Board Data),13312k(rcks_wlan.bkup)
ethact=eth0
filesize=1000000
fileaddr=81000000
ipaddr=192.168.0.7
serverip=192.168.0.51
partition=nor0,0
mtddevnum=0
mtddevname=u-boot
stdin=serial
stdout=serial
stderr=serial

   These are the defaults, you can use most likely just this as input to
   mkenvimage.

   Now, create environment image and copy it over to TFTP root:

   $ mkenvimage -s 0x40000 -b -o u-boot-env.bin u-boot-env.txt
   $ sudo cp u-boot-env.bin /srv/tftp

   This is the same image, gzipped and base64-encoded:

H4sIAAAAAAAAA+3QTW7TQBQAYB+AQ2TZSGk6Tpv+SbNBrNhyADSJHWolsYPtlJaDcAWOCXaqQhdIXOD7
Fm/ee+MZ+/nHu58fV03Tr/dFHNf9JDzdbcJVGGRjI7Vfurhu6q7ZlbHvnz+FWZ4vFyFM2mF30/XPhzJ2
X4+pe9h0k6qu+njRrar6YkyzVToWberL+HImK/uHVBRtDE8h3IenlIawWg1hvR5CUQyhLE/vLcpdeo6L
bN8XVdHFumlDTO1NHsL5mI/9Q2r7Lv5J3uzeL5bX27Pj+XjRdJZfXuaL7Vm73nafv+1SPd+nqp7OFuHq
dntWpD5tuqH6e+K8rB+ns+V45n2T2mLyYXjmH9estsfD9DTSuo/DErJNtSu76vswbjg5NU4D3752qsOp
zu8W8/z6dh7mN1lXto9lWx3eNJd5Ng5V9VVTn2afnSYuysf6uI9/8rQv48s3Z93wn+o4XFWl3Vg0x/5N
Vbbta5X9AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAID/+Q2Z/B7cAAAEAA==

7. Perform actual installation. Copy over OpenWrt sysupgrade image to
   TFTP root:

   $ sudo cp openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin /srv/tftp

   Now load both to the device over TFTP:

   # tftp -l /tmp/u-boot-env.bin -r u-boot-env.bin -g 10.42.0.1
   # tftp -l /tmp/openwrt.bin -r openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin -g 10.42.0.1

   Verify checksums of both images to ensure the transfer over TFTP
   was completed:

   # sha256sum /tmp/u-boot-env.bin /tmp/openwrt.bin

   And compare it against source images:

   $ sha256sum /srv/tftp/u-boot-env.bin /srv/tftp/openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin

   Locate MTD partition of the primary image:

   # grep rcks_wlan.main /proc/mtd

   Now, write the images in place. Write U-boot environment last, so
   unit still can boot from backup image, should power failure occur during
   this. Replace MTD placeholders with real MTD nodes:

   # flashcp /tmp/openwrt.bin /dev/<rcks_wlan.main_mtd>
   # flashcp /tmp/u-boot-env.bin /dev/<u-boot-env_mtd>

   Finally, reboot the device. The device should directly boot into
   OpenWrt. Look for the characteristic power LED blinking pattern.

   # reboot -f

   After unit boots, it should be available at the usual 192.168.1.1/24.

Return to factory firmware:

1. Boot into OpenWrt initramfs as for initial installation. To do that
   without disassembly, you can write an initramfs image to the device
   using 'sysupgrade -F' first.
2. Unset the "bootcmd" variable:
   fw_setenv bootcmd ""
3. Write factory images downloaded from manufacturer website into
   fwconcat0 and fwconcat1 MTD partitions, or restore backup you took
   before installation:
   mtd write ruckus_zf7372_fw1_backup.bin /dev/mtd1
   mtd write ruckus_zf7372_fw2_backup.bin /dev/mtd5
4. Reboot the system, it should load into factory firmware again.

Quirks and known issues:
- This is first device in ath79 target to support link state reporting
  on FE port attached trough the built-in switch.
- Flash layout is changed from the factory, to use both firmware image
  partitions for storage using mtd-concat, and uImage format is used to
  actually boot the system, which rules out the dual-boot capability.
  The 5GHz radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
  OpenWrt by choice.
  It is controlled by data in the top 64kB of RAM which is unmapped,
  to avoid   the interference in the boot process and accidental
  switch to the inactive image, although boot script presence in
  form of "bootcmd" variable should prevent this entirely.
- U-boot disables JTAG when starting. To re-enable it, you need to
  execute the following command before booting:
  mw.l 1804006c 40
  And also you need to disable the reset button in device tree if you
  intend to debug Linux, because reset button on GPIO0 shares the TCK
  pin.
- On some versions of stock firmware, it is possible to obtain root shell,
  however not much is available in terms of debugging facitilies.
  1. Login to the rkscli
  2. Execute hidden command "Ruckus"
  3. Copy and paste ";/bin/sh;" including quotes. This is required only
     once, the payload will be stored in writable filesystem.
  4. Execute hidden command "!v54!". Press Enter leaving empty reply for
     "What's your chow?" prompt.
  5. Busybox shell shall open.
  Source: https://alephsecurity.com/vulns/aleph-2019014
- Stock firmware has beamforming functionality, known as BeamFlex,
  using active multi-segment antennas on both bands - controlled by
  RF analog switches, driven by a pair of 74LV164 shift registers.
  Shift registers used for each radio are connected to GPIO14 (clock)
  and GPIO15 of the respective chip.
  They are mapped as generic GPIOs in OpenWrt - in stock firmware,
  they were most likely handled directly by radio firmware,
  given the real-time nature of their control.
  Lack of this support in OpenWrt causes the antennas to behave as
  ordinary omnidirectional antennas, and does not affect throughput in
  normal conditions, but GPIOs are available to tinker with nonetheless.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-09-11 01:36:25 +02:00
Rosen Penev
f4eef5f2a1 ramips: add support for Linksys E7350
Linksys E7350 is an 802.11ax (Wi-Fi 6) router, based on MediaTek
MT7621A.

Specifications:
- SoC: MT7621 (880MHz, 2 Cores)
- RAM: 256 MB
- Flash: 128 MB NAND
- Wi-Fi:
  - MT7915D: 2.4/5 GHz (DBDC)
- Ethernet: 5x 1GiE MT7530
- USB: 1x USB 3.0
- UART: J4 (57600 baud)
  - Pinout: [3V3] (TXD) (RXD) (blank) (GND)

Notes:
* This device has a dual-boot partition scheme, but this firmware works
  only on boot partition 1.

Installation:

Upload the generated factory.bin image via the stock web firmware
updater.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-11 01:30:11 +02:00
Rosen Penev
26a6a6a60b ramips: add support for Belkin RT1800
Belkin RT1800 is an 802.11ax (Wi-Fi 6) router, based on MediaTek
MT7621A.

Specifications:
- SoC: MT7621 (880MHz, 2 Cores)
- RAM: 256 MB
- Flash: 128 MB NAND
- Wi-Fi:
  - MT7915D: 2.4/5 GHz (DBDC)
- Ethernet: 5x 1GiE MT7530
- USB: 1x USB 3.0
- UART: J4 (57600 baud)
  - Pinout: [3V3] (TXD) (RXD) (blank) (GND)

Notes:
* This device has a dual-boot partition scheme, but this firmware works
  only on boot partition 1.

Installation:

Upload the generated factory.bin image via the stock web firmware
updater.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-11 01:30:11 +02:00
Andrey Butirsky
5806914794 ramips: add support for Kroks Rt-Cse SIM Injector DS
Aka Kroks Rt-Cse5 UW DRSIM (KNdRt31R16), ID 1958:
https://kroks.ru/search/?text=1958
See Kroks OpenWrt fork for support of other models:
https://github.com/kroks-free/openwrt

Device specs:
- CPU: MediaTek MT7628AN
- Flash: 16MB SPI NOR
- RAM: 64MB
- Bootloader: U-Boot
- Ethernet: 5x 10/100 Mbps
- 2.4 GHz: b/g/n SoC
- USB: 1x
- SIM-reader: 2x (driven by a dedicated chip with it's own firmware)
- Buttons: reset
- LEDs: 1x Power, 1x Wi-Fi, 12x others (SIM status, Internet, etc.)

Flashing:
- sysupgrade image via stock firmware WEB interface, IP: 192.168.1.254
- U-Boot launches a WEB server if Reset button is held during power up,
  IP: 192.168.1.1

MAC addresses as verified by OEM firmware:
vendor   OpenWrt   source
LAN      eth0      factory 0x4 (label)
2g       wlan0     label

Signed-off-by: Andrey Butirsky <butirsky@gmail.com>
2022-09-11 01:30:11 +02:00
Andrey Butirsky
0a79c77a4e ramips: add support for Kroks Rt-Pot mXw DS RSIM router
Aka "Kroks KNdRt31R19".
Ported from v19.07.8 of OpenWrt fork:
see https://github.com/kroks-free/openwrt
for support of other models.

Device specs:
- CPU: MediaTek MT7628AN
- Flash: 16MB SPI NOR
- RAM: 64MB
- Bootloader: U-Boot
- Ethernet: 1x 10/100 Mbps
- 2.4 GHz: b/g/n SoC
- mPCIe: 1x (usually equipped with an LTE modem by vendor)
- Buttons: reset
- LEDs: 1x Modem, 1x Injector, 1x Wi-Fi, 1x Status

Flashing:
- sysupgrade image via stock firmware WEB interface.
- U-Boot launches a WEB server if Reset button is held during power up.
Server IP: 192.168.1.1

SIM card switching:
The device supports up to 4 SIM cards - 2 locally on board and 2 on
remote SIM-injector.
By default, 1-st local SIM is active.
To switch to e.g. 1-st remote SIM:
echo 0 > /sys/class/gpio/modem1power/value
echo 0 > /sys/class/gpio/modem1sim1/value
echo 1 > /sys/class/gpio/modem1rsim1/value
echo 1 > /sys/class/gpio/modem1power/value

MAC addresses as verified by OEM firmware:
vendor   OpenWrt   source
LAN      eth0      factory 0x4 (label)
2g       wlan0     label

Signed-off-by: Kroks <dev@kroks.ru>
[butirsky@gmail.com: port to master; drop dts-v1]
Signed-off-by: Andrey Butirsky <butirsky@gmail.com>
2022-09-11 01:30:11 +02:00
Nick Hainke
5a80226e96 lldpd: update to 1.0.15
Release Notes:
https://github.com/lldpd/lldpd/releases/tag/1.0.15

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-11 01:30:11 +02:00
Nick Hainke
f42e24f19d libbsd: update to 0.11.6
Update to latest version. Needs libmd.

Old size:
37615	libbsd0_0.10.0-1_aarch64_cortex-a53.ipk
new size (libmd linked static):
38514	libbsd0_0.11.6-1_aarch64_cortex-a53.ipk

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-11 01:30:11 +02:00
Nick Hainke
89a3987607 libmd: add library providing message digest functions
This library is needed by >= libbsd-0.11.3.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-11 01:30:11 +02:00
Kien Truong
fa468d4bcd iproute2: add missing libbpf dependency
This patch adds libbpf to the dependencies of tc-mod-iptables.

The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491

    LIBBPF_FORCE=on set, but couldn't find a usable libbpf

The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.

Fixes: #9491
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-09-11 01:30:11 +02:00
Jian Huang
7b1740e208 px5g-wolfssl: replace unnecessary strncmp()
Replace some of the calls to strncmp() with strcmp().

Signed-off-by: Jian Huang <JyanHw@outlook.com>
2022-09-11 01:30:11 +02:00
Andreas Böhler
5f8c86e654 realtek: add support for TP-Link SG2452P v4 aka T1600G-52PS v4
This is an RTL8393-based switch with 802.3af on all 48 ports.

Specifications:
---------------
 * SoC:       Realtek RTL8393M
 * Flash:     32 MiB SPI flash
 * RAM:       256 MiB
 * Ethernet:  48x 10/100/1000 Mbps with PoE+
 * Buttons:   1x "Reset" button, 1x "Speed" button
 * UART:      1x serial header, unpopulated
 * PoE:       12x TI TPS23861 I2C PoE controller, 384W PoE budget
 * SFP:       4 SFP ports

Works:
------
  - (48) RJ-45 ethernet ports
  - Switch functions
  - Buttons
  - All LEDs on front panel except port LEDs
  - Fan monitoring and basic control

Not yet enabled:
----------------
  - PoE - ICs are not in AUTO mode, so the kernel driver is not usable
  - Port LEDs
  - SFP cages

Install via web interface:
-------------------------

Not supported at this time.

Install via serial console/tftp:
--------------------------------

The U-Boot firmware drops to a TP-Link specific "BOOTUTIL" shell at
38400 baud. There is no known way to exit out of this shell, and no
way to do anything useful.

Ideally, one would trick the bootloader into flashing the sysupgrade
image first. However, if the image exceeds 6MiB in size, it will not
work. To install OpenWRT:

Prepare a tftp server with:
 1. server address: 192.168.0.146
 2. the image as: "uImage.img"

Power on device, and stop boot by pressing any key.
Once the shell is active:
 1. Ground out the CLK (pin 16) of the ROM (U6)
 2. Select option "3. Start"
 3. Bootloader notes that "The kernel has been damaged!"
 4. Release CLK as soon as bootloader thinks image is corrupted.
 5. Bootloader enters automatic recovery -- details printed on console
 6. Watch as the bootloader flashes and boots OpenWRT.

Blind install via tftp:
-----------------------

This method works when it's not feasible to install a serial header.

Prepare a tftp server with:
 1. server address: 192.168.0.146
 2. the image as: "uImage.img"
 3. Watch network traffic (tcpdump or wireshark works)
 4. Power on the device.
 5. Wait 1-2 seconds then ground out the CLK (pin 16) of the ROM (U6)
 6. When 192.168.0.30 makes tftp requests, release pin 16
 7. Wait 2-3 minutes for device to auto-flash and boot OpenWRT

Signed-off-by: Andreas Böhler <dev@aboehler.at>
2022-09-10 22:13:52 +02:00