There are 2 different chips (w25q256fv and w25q256jv) that share
the same JEDEC ID. Only w25q256jv fully supports 4-byte opcodes.
Use SFDP header version to differentiate between them.
Fixes broken reboot on 8devices Habanero since f0f35fdac
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters
Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Some FullMAC cfg80211 wireless devices do not support virtual
interfaces, hence there is script logic to keep the existing network
device. Improve this to support renaming the interface if needed and
make sure the existing interface actually belongs to the right phy.
Change calls to 'iw' to avoid outputing warnings and errors to not
confuse users of such devices.
Also bump PKG_RELEASE which has been forgotten in the previous two
mac80211 changes.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Refreshed all patches, run tested on apalis.
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.
This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.
Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.
Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
This commit adds support for the AVM Fritz!WLAN Repeater 1750E
SOC: Qualcomm QCA9556 (Scorpion) 720MHz MIPS74Kc
RAM: 64MB Zentel A3R12E40CBF DDR2
FLASH: 16MiB Winbond W25Q128 SPI NOR
WLAN1: QCA9556 2.4 GHz 802.11b/g/n 3x3
WLAN2: QCA9880 5 GHz 802.11 n/ac 3x3
INPUT: WPS button
LED: Power, WiFi, LAN, RSSI indicator
Serial: Header Next to Black metal shield
Pinout is 3.3V - RX - TX - GND (Square Pad is 3.3V)
The Serial setting is 115200-8-N-1.
Tested and working:
- Ethernet
- 2.4 GHz WiFi (correct MAC)
- 5 GHz WiFi (correct MAC)
- Installation via EVA bootloader
- OpenWRT sysupgrade
- Buttons
- LEDs
Installation via EVA:
In the first seconds after Power is connected, the bootloader will
listen for FTP connections on 192.168.178.1. Firmware can be uploaded
like following:
ftp> quote USER adam2
ftp> quote PASS adam2
ftp> binary
ftp> debug
ftp> passive
ftp> quote MEDIA FLSH
ftp> put openwrt-sysupgrade.bin mtd1
Note that this procedure might take up to two minutes.
You need to powercycle the Device afterwards to boot OpenWRT.
Signed-off-by: David Bauer <mail@david-bauer.net>
The QCA9550 family of SoCs have a slightly different reset
sequence compared to older chips.
Normally the bootloader performs this sequence, however
some bootloader implementation expect the operating system
to clear the reset. Also get the PCIe resets from OF to
support the second RC of the QCA9558.
This is required for the AVM FRITZ!WLAN Repeater 1750E to work,
as EVA leaves the PCIe bus in reset.
Tested: AVM FRITZ!WLAN Repeater 1750E - OCEDO Koala
Signed-off-by: David Bauer <mail@david-bauer.net>
Instead of using the actual interface name, a hard-coded 'wlan0' has
slipped into the script. Replace it.
Fixes: ccf2aa9d4b ("mac80211: detect existing interface before adding")
Reported-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The previous spi-max-frequency value did not work with all the CPU speed
settings (configurable with rbcfg or from the stock firmware); the new
one does for the three of them.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Improve the status LED functionality in GL-AR750
by adding the definitions for different statuses
(boot, failsafe, running, flashing).
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This adds the board name from ar71xx to support upgrade without
-F for the TP-Link TL-WA901ND v2.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
ubnt er-x/xiaomi/netgear sercomm devices are known to have troble
extracting a big kernel from flash and has support for uncompressed
uimage
This commit uses uncompressed uimage with lzma-loader for these devices
to fix boot issue.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Now that the x86 target uses the new image generation code we can also
attach metadata to the created images.
As currently the `SUPPORTED_DEVICES` list is empty, no JSON metadata is
attached, however the signing happens in the same step.
This results in signature verification for x86 images.
Signed-off-by: Paul Spooren <mail@aparcar.org>
OpenWrt now has a CDN for sources at sources.cdn.openwrt.org which
mirrors sources.openwrt.org.
Downloading sources outside Europe or US (mainland) could
result in low throughput, extremely slowing down the first compilation of
the build system.
This patch adds sources.cdn.openwrt.org as the first mirror to offer
worldwide fast download speeds by default. If the CDN goes down for
whatever reason, the script jumps to the next available mirror and
downloads requested files as before (in regional varying speed).
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The JSON `WORK_DIR` ($(KDIR)/json_info_files) is only created if the new
image generation methods from `image.mk` are used. However some targets
like `armvirt` do not use it yet, so the folder is never created.
The `json_overview_image_info.py` script used to raise an error if the
given `WORK_DIR` isn't a folder, however it should just notify about
missing JSON files.
This patch removes the Python assert and exists with code 0 even if no
JSON files were found, as this is not necessarily an error but simply
not yet implemented. Using `glob` on an not existing `Path` results in
an empty list, therefore the for loop won't run.
Signed-off-by: Paul Spooren <mail@aparcar.org>
CC: Petr Štetiar <ynezz@true.cz>
From kernel 4.20 msm-gpio driver is broken and cause the
malfunction of the buttons on every ipq806x target.
Add a patch to fix this.
Tested-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
32c717e jail: only mess with rootfs if CLONE_NEWNS was set
b275a62 instance: harmonize instance API
511fd97 jail: make /proc more secure
4953b7c jail: mount /sys read-only
a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
a4cc165 jail: always mount /dev as additional tmpfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This applies further fixes to the DTS of ZyXEL NBG6716 based on
what is found in ar71xx (mach-nbg6716.c):
- use WiFi label names as in ar71xx
- fix WPS gpio number
- fix GPIO_ACTIVE_HIGH and mode for WiFi switch
- add codes for USB eject buttons
- fix node name for "internet" LED
This device has separate LEDs for WAN and "Internet". As the WAN-LED
(and the four LAN-LEDs) are driven independent of the setup in
DT/01_leds, the "internet" LED is left unassigned (in contrast to
ar71xx, where it was set up effectively as a second WAN LED)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This reverts commit 1b973b54ea4d5d20dec5e71c48bff6a3e0bcb4ac.
It turns out act_police is included in the kmod-sched package so this
package turns out to be superfluous and causes file provision conflicts.
Ooooops! Best revert it then.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Some devices have bootloaders with broken lzma code resulting in failed
decompression or corrupted kernel code.
This image recipe allows to sacrifice 5KB for OpenWrt LZMA loader and
take over the task of decompress kernel.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Loader platform is a per-soc variable instead of a per-device one.
Determine corresponding loader platform at the beginning of image
Makefile.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Enables spi-mem interface usage. It speeds up flash read
in about 3x while it also workaround a possible hardware
bug when normal spi read is used.
Fixes: FS#2742
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Reimplements read optimization on top of spi-mem. Similar to
what 461-spi-ath79-add-fast-flash-read.patch used to do with
the dropped flash read interface.
It accelerate only fast-read op reading flash directly from
memory mapped region. 'm25p,fast-read' must be set in order
to use the new spi-mem.
It improved read speed up to 3x on old devices (tplink,tl-wr2543-v1)
while no speed improvement was noticed on newer devices like
(tplink,archer-c7-v2).
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
The previous commit introduced a regression for netns jails without
jail_ifname set. Fix that.
Fixes: 4e4f7c6d2d ("netifd: network namespace jail improvements")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
aaaca2e interface: allocate and free memory for jail name
d93126d interface: allow renaming interface when moving to jail netns
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
forcedeth is necessary to use the integrated
ethernet controller of Nvidia nForce chipset.
There are PC motherboards with this chipset
from 2001 that run 32bit Athlon XP CPUs and
more modern ones up to 2009 that can run Intel
and AMD 64bit processors, so add this to
all non-geode x86 targets.
Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
These patches were necessarry for Atheros and some Intel WiFi cards.
After short testing, the current upstream driver state is enough for
these WiFi cards to work. If there are still some issues with other
devices, the patches could be easily restored.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Buffalo LinkStation LS421DE is a dual bay NAS, based on Marvell Armada 370
Hardware:
SoC: Marvell Armada 88F6707-A1
CPU: Cortex-A9 1200 MHz, 1 core
Flash: SPI-NOR 1 MiB, NAND 512 MiB
RAM: DDR3 512 MiB
Ethernet: 1x 10/100/1000 Mbps
USB: 1x 2.0, 1x 3.0
SATA: 2x 3.0 Gbps
LEDs/Input : 5x / 2x (1x button, 1x slide-switch)
RTC: Ricoh RS5C372A, I2C, no battery
Flash instruction (UART+TFTP):
1. Downgrade the OEM firmware to 1.34 version (BUFFALO_BOOTVER=0.13)
2. Remove any hard drive from inside the bays.
3. Boot the Openwrt initramfs image using the U-Boot serial console:
tftpboot 0x1200000 buffalo_ls421de-initramfs-kernel.bin
bootm 0x1200000
4. Flash the sysupgrade image using the Openwrt console:
sysupgrade -n buffalo_ls421de-squashfs-sysupgrade.bin
5. Wait until it finish, the device will reboot with Openwrt installed
on the NAND flash.
Note:
- Device shuting down doesn't work, even if the power slide switch is
used. We must first, via MDIO, set the unused LED2 at the ethernet
phy0 to off state. Reboot works ok.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
This was introduced with 014d3b98b96872d020ffccf0358ba60967b3f1c0 , which
is almost 10 years old. uClibc-ng does not suffer from this problem.
Note that this hack prevents libstdc++ from using C++11 math functions.
Tested by removing all of the mpd patches designed to fix this and
compiling.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Removed sys/cdefs usage. The header is deprecated.
Removed canonicalize_file_name define. It's already fixed upstream.
Added --disable-debuginfod. Seems to be needed.
Modified patch 005 to build more stuff. It was failing before. It still
only builds libraries.
Modified patch 100 to use strerror under non-glibc. It is used under
glibc as strerror is not thread safe. It is under musl and uClibc-ng.
strerror_l is not available under uClibc-ng.
Signed-off-by: Rosen Penev <rosenp@gmail.com>