Commit Graph

20491 Commits

Author SHA1 Message Date
Felix Fietkau
68ef2d1856 netifd: update to the latest version
077e05f2b129 vlan/vlandev: pass through extra vlan information passed via hotplug
40fad91eb5be wireless: add network_vlan config attribute

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-06-22 15:58:44 +02:00
Flole Systems
984786a2f7 filogic: add support for Netgear WAX220
Hardware
--------
SOC:   MediaTek MT7986
RAM:   1024MB DDR3
FLASH: 128MB SPI-NAND (Winbond)
WIFI:  Mediatek MT7986 DBDC 802.11ax 2.4/5 GHz
ETH:   Realtek RTL8221B-VB-CG 2.5 N-Base-T PHY with PoE
UART:  3V3 115200 8N1 (Pinout silkscreened / Do not connect VCC)

Installation
------------

1. Download the OpenWrt initramfs image. Copy the image to a TFTP server
2. Connect the TFTP server to the WAX220. Conect to the serial console,
   interrupt the autoboot process by pressing '0' when prompted.
3. Download & Boot the OpenWrt initramfs image.

   $ setenv ipaddr 192.168.2.1
   $ setenv serverip 192.168.2.2
   $ tftpboot openwrt.bin
   $ bootm

4. Wait for OpenWrt to boot. Transfer the sysupgrade image to the device
   using scp and install using sysupgrade.

   $ sysupgrade -n <path-to-sysupgrade.bin>

Signed-off-by: Flole Systems <flole@flole.de>
Signed-off-by: Stefan Agner <stefan@agner.ch>
2023-06-21 23:32:26 +02:00
Robert Marko
83314c13d0
qualcommax: move ipq807x support to subtarget
Now that qualcommax exists as a target and dependencies have been updated
let move ipq807x support to subtarget of qualcommax.

This is mostly copy/paste with the exception of having to update SSDK and
NSS-DP to use CONFIG_TARGET_SUBTARGET.

This is a preparation for later addition of IPQ60xx and IPQ50xx support.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-06-16 11:11:09 +02:00
Robert Marko
f02f6aaa8d
ipq807x: rename target to qualcommax
Currently, ipq807x only covers Qualcomm IPQ807x SoC-s.
However, Qualcomm also has IPQ60xx and IPQ50xx SoC-s under the AX WiSoC-s
and they share a lot of stuff with IPQ807x, especially IPQ60xx so to avoid
duplicating kernel patches and everything lets make a common target with
per SoC subtargets.

Start doing that by renaming ipq807x to qualcommax so that dependencies
on ipq807x target can be updated.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-06-16 11:11:08 +02:00
Stijn Tintel
b57703264f hostapd: add UCI option for Multiple BSSID
Add an UCI option to enable Multiple BSSID Advertisement. Enabling this
will announce all BSSIDS on a phy in a single beacon frame. The
interface that is brought up first will be the transmitting profile, all
others are non-transmitting profiles and will be advertised in the
Multiple BSSID element in Beacon and Probe Response frames of the first
interface.

This depends on driver and client support. Enabling this will result in
all but the first interface not being visible at all for clients that do
not support it.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-06-16 02:42:04 +03:00
Álvaro Fernández Rojas
434df8df54 base-files: upgrade: nand: add JFFS2 cleanmarkers support
Some Broadcom MIPS devices require JFFS2 cleanmarkers to be present on the
kernel partition or the bootloader will identify the partition as corrupt and
won't boot the kernel.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-06-15 10:49:41 +02:00
Jitao Lu
51f57e7c2d openssl: passing cflags to configure
openssl sets additional cflags in its configuration script. We need to
make it aware of our custom cflags to avoid adding conflicting cflags.

Fixes: #12866
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
2023-06-14 21:16:15 +08:00
Christian Marangi
8c1bd9b6a5
ppp: backport patches improving ppp interface creation
Backport patches improving ppp interface creation. As a side effect this
also fix a bug from using netdev trigger that suffer from LED state
wrongly set due to using old ioctl for ppp creation.

Tested-by: Csaba Sipos <metro4@freemail.hu>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-06-14 05:40:26 +02:00
Christian Marangi
0a1ee53235
restool: update source.codeaurora.org repository link
source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-06-11 15:22:49 +02:00
Christian Marangi
52fd8d8ba3
ls-dpl: update source.codeaurora.org repository link
source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-06-11 15:20:01 +02:00
Lech Perczak
a9237c1af9 uqmi: do not start 464xlat for dual-stack configurations
If dual-stack configuration is in use, and dhcpv6 option is set, do not start
464xlat sub-interface for dhcpv6 sub-interace , as the configuration already
provides IPv4 connectivty, be it through single or dual APN configuration.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-06-11 18:26:41 +02:00
Lech Perczak
48e8bf1b8f uqmi: support split-APN IPv4 and IPv6 dual-stack
Add two new "v6apn" and "v6profile" properties, to support split-APN
dual-stack onfiguration. This extends the existing ipv4v6 PDP type,
allowing simultaneous connection to two distinct APNs,
one for IPv4 and one for IPv6.
The parameters override existing 'apn' and 'profile' respectively,
if set, but only for IPv6 part of the connection.
If unset, they default to their original values, constituting a standard
IPv4v6 setup.

If a different APN is set for IPv6, a corresponding profile MUST also be
configured, with a different ID, than the IPv4 profile, for example,
profile 2.
Both APNs must match ones configured through QMI or through 'AT+CGDCONT'
command.

Example configuration in UCI:

config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option autoconnect '1'
        option pdptype 'ipv4v6'
        option apn 'internet'
        option v6apn 'internetipv6'
	option profile '1'
	option v6profile '2'

Corresponding profile configuration:
AT+CGDCONT?
+CGDCONT: 1,"IP","internet","0.0.0.0",0,0,0,0
+CGDCONT: 2,"IPV6","internetipv6","0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0",0,0,0,0

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-06-11 18:26:41 +02:00
nichel Chen
2b0b28f479
swconfig: fix memory leak when cli call swlib_get_attr()
The cli is a one-time run, and memory leaks would have been irrelevant. But people call libsw with cli programs as samples.
Doing a good job of memory management calls means that people who call libsw are not so easy to make mistakes.

Signed-off-by: nichel Chen <nichelnich@gmail.com>
2023-06-11 02:42:31 +02:00
Maximilian Weinmann
8fcfb21b16 ramips: Add support for Beeline SmartBox TURBO+
This adds support for Beeline Smart Box TURBO+ (Serсomm S3 CQR) router.

Device specification
--------------------
SoC Type: MediaTek MT7621AT (880 MHz, 2 cores)
RAM (Nanya NT5CC64M16GP): 128 MiB
Flash (Macronix MX30LF1G18AC): 128 MiB
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7615N): a/n/ac, 4x4
Ethernet: 5 ports - 5×GbE (WAN, LAN1-4)
USB ports: 1xUSB3.0
Buttons: 2 button (reset, wps)
LEDs: Red, Green, Blue
Zigbee (EFR32MG1B232GG): 3.0
Stock bootloader: U-Boot 1.1.3
Power: 12 VDC, 1.5 A

Installation (fw 2.0.9)
-----------------------
1.  Login to the web interface under SuperUser (root) credentials.
    Password: SDXXXXXXXXXX, where SDXXXXXXXXXX is serial number of the
    device written on the backplate stick.
2.  Navigate to Setting -> WAN. Add:
       Name - WAN1
       Connection Type - Static
       IP Address - 172.16.0.1
       Netmask - 255.255.255.0
    Save -> Apply. Set default: WAN1
3.  Enable SSH and HTTP on WAN. Setting -> Remote control. Add:
       Protocol - SSH
       Port - 22
       IP Address - 172.16.0.1
       Netmask - 255.255.255.0
       WAN Interface - WAN1
    Save ->Apply
    Add:
       Protocol - HTTP
       Port - 80
       IP Address - 172.16.0.1
       Netmask - 255.255.255.0
       WAN interface - WAN1
    Save -> Apply
4.  Set up your PC ethernet:
       Connection Type - Static
       IP Address - 172.16.0.2
       Netmask - 255.255.255.0
       Gateway - 172.16.0.1
5.  Connect PC using ethernet cable to the WAN port of the router
6.  Connect to the router using SSH shell under SuperUser account
7.  Make a mtd backup (optional, see related section)
8.  Change bootflag to Sercomm1 and reboot:
        printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
        reboot
9.  Login to the router web interface under admin account
10. Remove dots from the OpenWrt factory image filename
11. Update firmware via web using OpenWrt factory image

Revert to stock
---------------
Change bootflag to Sercomm1 in OpenWrt CLI and then reboot:
   printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3

mtd backup
----------
1. Set up a tftp server (e.g. tftpd64 for windows)
2. Connect to a router using SSH shell and run the following commands:
      cd /tmp
      for i in 0 1 2 3 4 5 6 7 8 9 10; do nanddump -f mtd$i /dev/mtd$i; \
      tftp -l mtd$i -p 172.16.0.2; md5sum mtd$i >> mtd.md5; rm mtd$i; done
      tftp -l mtd.md5 -p 171.16.0.2

Recovery
--------
Use sercomm-recovery tool.
Link: https://github.com/danitool/sercomm-recovery

MAC Addresses (fw 2.0.9)
------------------------
+-----+------------+---------+
| use | address    | example |
+-----+------------+---------+
| LAN | label      | *:e8    |
| WAN | label + 1  | *:e9    |
| 2g  | label + 4  | *:ec    |
| 5g  | label + 5  | *:ed    |
+-----+------------+---------+
The label MAC address was found in Factory 0x21000

Factory image format
--------------------
+---+-------------------+-------------+--------------------+
| # | Offset            | Size        | Description        |
+---+-------------------+-------------+--------------------+
| 1 | 0x0               | 0x200       | Tag Header Factory |
| 2 | 0x200             | 0x100       | Tag Header Kernel1 |
| 3 | 0x300             | 0x100       | Tag Header Kernel2 |
| 4 | 0x400             | SIZE_KERNEL | Kernel             |
| 5 | 0x400+SIZE_KERNEL | SIZE_ROOTFS | RootFS(UBI)        |
+---+-------------------+-------------+--------------------+

Co-authored-by: Mikhail Zhilkin <csharper2005@gmail.com>
Signed-off-by: Maximilian Weinmann <x1@disroot.org>
2023-06-11 13:36:38 +08:00
Petr Štetiar
b8e3fa2d12
uboot-armsr: add support for QEMU armv7/armv8
Add new package so we can use self-compiled bootloader during QEMU based
testing and development.

Backported fix[1] is needed for EFI boot from virtio devices.

1. https://patchwork.ozlabs.org/project/uboot/patch/20230424134946.v10.7.Ia5f5e39c882ac22b5f71c4d576941b34e868eeba@changeid/

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-06-10 21:50:22 +02:00
Mathew McBride
203deef82c
wolfssl: change armvirt reference to armsr
armvirt target has been renamed to armsr (Arm SystemReady).

Signed-off-by: Mathew McBride <matt@traverse.com.au>
2023-06-10 21:30:23 +02:00
Mathew McBride
c0bcfde58e
kernel: netdevices: change armvirt references to armsr
armvirt target has been renamed to armsr (Arm SystemReady)

Signed-off-by: Mathew McBride <matt@traverse.com.au>
2023-06-10 21:30:22 +02:00
Mathew McBride
4ce7d6c888
grub2: change armvirt reference to armsr
The armvirt target has been renamed to armsr (Arm SystemReady),
so the GRUB configuration also needs to change.

Signed-off-by: Mathew McBride <matt@traverse.com.au>
2023-06-10 21:30:21 +02:00
Petr Štetiar
2e910039dd
ipq807x: add initial support for prpl Foundation Haze board
Haze is prpl Foundation's reference board (WNC LVRP).

Board info:

 - IPQ8072A SoC
 - 2 GiB RAM
 - 4 GiB eMMC
 - 8MiB SPI NOR (MX25U6435F)

 - 3x 1GigE ports (QCA8075)
 - 1x 10GigE port (AQR113C)
 - 1x SFP cage

 - WiFi 6GHz 160MHz (QCN9074)
 - WiFi 5GHz 80+80MHz (QCN5054)
 - WiFi 2.4G (QCN5024)

 - ARM Standard 20-pin 2.54mm/0.1" JTAG (1V8 !!!)
 - Bluetooth v5.0 + EDR with integrated Class 1 PA (CYW20704)
 - 1x M.2 B-key socket with PCIe 3.0
 - 1x USB 3.0 port
 - UART marked J6 is 4-pin 2.54mm/0.1" connector 3V3(arrow),RX,TX,GND (115200 8N1)
 - Reset and WPS buttons

Flashing instructions:

 1. From U-Boot boot OpenWrt using initramfs image:

    IPQ807x# tftpboot openwrt-ipq807x-generic-prpl_haze-initramfs-uImage.itb && bootm

 2. In OpenWrt running from initramfs execute sysupgrade:

    root@OpenWrt:/# sysupgrade -n /tmp/openwrt-ipq807x-generic-prpl_haze-squashfs-sysupgrade.bin

Work in progress/known issues:

 * SFP feature not implemented/tested
 * M.2 feature not implemented/tested
 * Bluetooth feature not implemented/tested
 * 6GHz wireless should be working, but not tested
 * MAC address assigments for LAN interfaces

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-06-10 21:29:07 +02:00
Petr Štetiar
c2bb9f055b
ipq-wifi: update to version 2023-06-03
Contains following updates:

 * ipq8074: update RegDB in new submitted BDF
 * Revert "ipq8074: update RegDB in new submitted BDF"
 * qcn9074: update RegDB in new submitted BDF
 * ipq8074: update RegDB in new submitted BDF
 * qca-wireless: ipq40xx: add BDFs for ZTE MF287+
 * Add BDFs for prpl Foundation Haze board

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-06-10 21:29:06 +02:00
Robert Marko
ff0465b26e
kernel: qca-ssdk: renumber patches
Lets reexport the patches in order to have them renumbered from 0 again.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-06-10 17:51:31 +02:00
Robert Marko
feab4a804e
kernel: qca-ssdk: drop 5.15 support
There is no need for SSDK to support 5.15 anymore since the only user and
possible future ones are on 6.1.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-06-10 17:51:28 +02:00
Jianhui Zhao
6892603efa uboot-envtools: Add u-boot env config for GL-MT3000
This commit add u-boot env config for GL-MT3000, so
that we can use fw_printenv to print u-boot env and
use fw_setenv to set u-boot env in GL-MT3000.

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
2023-06-09 22:28:45 +02:00
Luiz Angelo Daros de Luca
1e4bc13eaa kernel: modules: fix mdio-bus-mux description
Simple error during copy/paste

Fixes: 2dbeb60725 ("kernel: add mdio-bus-mux support")
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2023-06-09 22:28:45 +02:00
Ivan Pavlov
6348850f10 openssl: update to 3.0.9
CVE-2023-2650 fix
Remove upstreamed patches

Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
 * Mitigate for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
 * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms (CVE-2023-1255)
 * Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
 * Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
 * Limited the number of nodes created in a policy tree (CVE-2023-0464)

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
2023-06-09 13:33:27 +02:00
Aleksander Jan Bajkowski
598e058080
kernel: ltq-ptm: do not write directly to dev->addr
One is never to write to dev->addr directly. In 6.1 it will be a const and
with the newly enabled WERROR, we get a failing grade.

Lets fix this ahead of time.

Ref: adeef3e321
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2023-06-06 20:10:34 +02:00
Daniel Golle
ec50d2d366 uboot-mediatek: adapt BPi-R3 and BPi-R64 to new device tree overlay
Update bootloader environment for BPi-R3 and BPi-R64 to adapt to new
device tree overlay mechanism now that support for multiple device
tree overlays has been added.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-06-05 11:36:32 +01:00
Petr Štetiar
a3ee2bf9a1
Revert "ipq807x: add initial support for prpl Foundation Haze board"
This reverts commit 48603a271e as this
was commited by accident, its still work in progress.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-06-05 11:46:47 +02:00
Petr Štetiar
b6a14ef7b9
Revert "ipq-wifi: add board files for prpl Foundation Haze board"
This reverts commit 6845c53ec3.  as this
was commited by accident, its still work in progress.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-06-05 11:46:37 +02:00
Petr Štetiar
5f2d81cd71
Revert "WIP: ipq-wifi: use my fork temporarily until upstreamed"
This reverts commit 1bad93c426 as this was
commited by accident, its still work in progress.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-06-05 11:46:12 +02:00
Robert Marko
2f29ddf01e
Revert "ath11k-firmware: update to WLAN.HK.2.9.0.1-01713-QCAHKSWPL_SILICONZ-1"
This reverts commit 5d2de00555.

I received multiple reports that in various configurations this FW version
is not stable and crashes, so lets revert to 01385 revision which works.

Fixes #12815
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [fixes tag]
2023-06-05 11:38:32 +02:00
Petr Štetiar
1bad93c426
WIP: ipq-wifi: use my fork temporarily until upstreamed
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-06-05 08:31:45 +02:00
Petr Štetiar
6845c53ec3
ipq-wifi: add board files for prpl Foundation Haze board
QSDK based factory firmware was setting following board_ids in DTS:

 ath11k_pci 0001:01:00.0: chip_id 0x0 chip_family 0x0 board_id 0xa4 soc_id 0xffffffff
 ath11k c000000.wifi1: chip_id 0x0 chip_family 0x0 board_id 0x294 soc_id 0xffffffff

Thus board-prpl_haze.qcn9074` was extracted from `bus=...qmi-board-id=164.bin`
file and `board-prpl_haze.ipq8074` from `bus=...qmi-board-id=660.bin` file.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-06-05 08:31:44 +02:00
Petr Štetiar
48603a271e
ipq807x: add initial support for prpl Foundation Haze board
Haze is prpl Foundation's reference board (WNC LVRP).

Board info:

 - IPQ8072A SoC
 - 2 GiB RAM
 - 4 GiB eMMC
 - 8MiB SPI NOR (MX25U6435F)

 - 3x 1GigE ports (QCA8075)
 - 1x 10GigE port (AQR113C)
 - 1x SFP cage

 - WiFi 6GHz 160MHz (QCN9074)
 - WiFi 5GHz 80+80MHz (QCN5054)
 - WiFi 2.4G (QCN5024)

 - ARM Standard 20-pin 2.54mm/0.1" JTAG (1V8 !!!)
 - Bluetooth v5.0 + EDR with integrated Class 1 PA (CYW20704)
 - 1x M.2 B-key socket with PCIe 3.0
 - 1x USB 3.0 port
 - UART 4-pin 3V3(arrow),RX,TX,GND (115200 8N1)
 - Reset and WPS buttons

Flashing instructions:

 1. From U-Boot boot OpenWrt using initramfs image:

    IPQ807x# tftpboot openwrt-ipq807x-generic-prpl_haze-initramfs-uImage.itb && bootm

 2. In OpenWrt running from initramfs execute sysupgrade:

    root@OpenWrt:/# sysupgrade -n /tmp/openwrt-ipq807x-generic-prpl_haze-squashfs-sysupgrade.bin

Work in progress/known issues:

 * SFP feature not implemented/tested
 * M.2 feature not implemented/tested
 * Bluetooth feature not implemented/tested
 * 6GHz wireless should be working, but not tested
 * MAC address assigments for LAN interfaces

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-06-05 08:31:43 +02:00
Petr Štetiar
38c7cf0e69
qca-nss-dp: fix oops in nss_dp_probe
Currently kernel crashes when of_phy_connect has issues:

 Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000308
 ...
 pc : phy_attached_print+0x28/0x1b0
 lr : phy_attached_info+0x14/0x20
 ...
 Call trace:
  phy_attached_print+0x28/0x1b0
  phy_attached_info+0x14/0x20
  nss_dp_adjust_link+0x544/0x6c4 [qca_nss_dp]

of_phy_connect returns either pointer or NULL, so can't be checked with
IS_ERR macro.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-06-05 08:31:36 +02:00
Felix Fietkau
b6e0a24c49 libubox: update to the latest version
b09b316aeaf6 blobmsg: add blobmsg_parse_attr function
eac92a4d5d82 blobmsg: add blobmsg_parse_array_attr
ef5e8e38bd38 usock: fix poll return code check
6fc29d1c4292 jshn.sh: Add pretty-printing to json_dump
5893cf78da40 blobmsg: Don't do at run-time what can be done at compile-time
362951a2d96e uloop: fix uloop_run_timeout
75a3b870cace uloop: add support for integrating with a different event loop

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-06-04 18:38:03 +02:00
Felix Fietkau
20ce21866e netifd: update to the latest version
ec9dba721245 system-linux: fix memory leak in system_bridge_vlan_check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-06-04 18:37:29 +02:00
Felix Fietkau
7b1e898336 unetd: update to the latest version
412d03012f13 network: prevent adding endpoint routes for addresses on the network
faaf9cee6ef4 utils: fix ipv4 checksum issue
0e1c2fad3540 pex-msg: fix memory leak on fread fail in pex_msg_update_request_init
51be0ed659d0 host: fix crash parsing gateway when no endpoint is specified
ca17601dc24e wg-linux: add support for splitting netlink messages for allowed ips
7d3986b7a5a2 wg-linux: increase default messages size

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-06-04 16:54:52 +02:00
Robert Marko
acde5271a6 mac80211: ath11k: sync with ath-next
Synchronize the ath11k backports with the current ath-next tree.

This introduces support for MBSSID and EMA, adds factory test mode and
some new HTT stats.

Tested-by: Francisco G Luna <frangonlun@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-06-04 12:50:31 +02:00
Robert Marko
84b5735b4c mac80211: backport EMA beacon support
Backport EMA beacon support from kernel 6.4.
It is required for MBSSID/EMA suport in ath11k that will follow.

Tested-by: Francisco G Luna <frangonlun@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-06-04 12:50:25 +02:00
Robert Marko
5d2de00555 ath11k-firmware: update to WLAN.HK.2.9.0.1-01713-QCAHKSWPL_SILICONZ-1
QCA released a point update for the 2.9.0.1 firmware, so lets update to it.

Runtime tested on Dynalink DL-WRX36.

Tested-by: Francisco G Luna <frangonlun@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-06-04 12:50:11 +02:00
Tianling Shen
a0d7193425 openssl: fix uci config for built-in engines
Built-in engine configs are added in libopenssl-conf/install stage
already, postinst/add_engine_config is just duplicating them, and
due to the lack of `config` header it results a broken uci config:

> uci: Parse error (invalid command) at line 3, byte 0

```
config engine 'devcrypto'
        option enabled '1'
engine 'devcrypto'
        option enabled '1'
        option builtin '1'
```

Add `builtin` option in libopenssl-conf/install stage and remove
duplicate engine configuration in postinst/add_engine_config to
fix this issue.

Fixes: 0b70d55a64 ("openssl: make UCI config aware of built-in engines")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-06-03 21:15:11 +02:00
Hauke Mehrtens
21f713d5ab netifd: Fix PKG_MIRROR_HASH
Fix the PKG_MIRROR_HASH value for netifd.

Fixes: d2ecaaca34 ("netifd: update to version 2023-05-31")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-06-03 14:40:03 +02:00
Kevin Darbyshire-Bryant
191742eb8d netfilter: fix typo in kmod-nft-dup-inet
Fix typo of 'family' in a7e9445975

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2023-06-03 13:09:27 +01:00
Hauke Mehrtens
d85013460d valgrind: update to 3.21.0
Release Notes:
https://valgrind.org/docs/manual/dist.news.html

This improves support for the memory allocator used in musl libc 1.2.2
and later which is currently used by OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-06-03 11:28:49 +02:00
Tony Ambardar
3886ea9b87 kselftests-bpf: add kernel BPF tests
Build and package kernel self-tests used for BPF testing, program and JIT
development. This package, together with the existing 'kmod-bpf-test', was
extensively used for past upstream Linux JIT submissions [1].

Currently this includes only 'test_verifier'; building 'test_progs' will
fail due to known endian limitations with bpftool skeletons.

[1]:https://lore.kernel.org/bpf/cover.1633392335.git.Tony.Ambardar@gmail.com

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2023-06-02 20:59:05 +02:00
Tony Ambardar
b3aaede2a7 base-files: enable BPF JIT kallsyms by default
Set net.core.bpf_jit_kallsyms=1 in /etc/sysctl.d/10-default.conf.

For privileged users, this exports addresses of JIT-compiled programs to
appear in /proc/kallsyms when present, allowing their use for debugging
and in traces.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2023-06-02 20:53:49 +02:00
Mathew McBride
3a7c8fd15e
kernel: kmod-amazon-ena: move to top level netdevices
The Amazon ENA network devices are also used on the
AWS Arm (Graviton) instance types, so move it from
the x86-only module file to the top level netdevices.

Signed-off-by: Mathew McBride <matt@traverse.com.au>
2023-06-02 11:36:39 +02:00
Mathew McBride
2dbeb60725
kernel: add mdio-bus-mux support
The MDIO bus multiplexing framework is used by some drivers
such as dwmac-sun8i.

As this is a per-driver requirement, set it to be hidden in the menu.

Signed-off-by: Mathew McBride <matt@traverse.com.au>
2023-06-02 11:36:31 +02:00
Mathew McBride
8f29b1573d
grub2: enable EFI for armvirt
This adds a separate package for EFI on Arm SystemReady
compatible machines. 32-bit Arm UEFI is supported as well.

It is very similar to x86-64 EFI setup, without the
need for BIOS backward compatibility and slightly
different default modules.

Signed-off-by: Mathew McBride <matt@traverse.com.au>
2023-06-02 11:36:12 +02:00
Tianling Shen
6f607ba043 firmware-utils: add missing build dependencies
Fixes the following build error:

```
CMake Error at CMakeLists.txt:9 (MESSAGE):
  Unable to find zlib library.
CMake Error at CMakeLists.txt:13 (MESSAGE):
  Unable to find OpenSSL librry.
```

Fixes: 24d6abe2d7 ("firmware-utils: new package replacing otrx")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-06-01 23:54:20 +02:00
Linus Walleij
33abdc07fb kernel: Package the new FOTG210 module properly
When using the Gemini, we apply patches that create a single
module that support both host and device mode these days.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
(move module to gemini target, keep both 6.1+2-ish + 5.15 module
CONFIG and files around until 5.15 is dropped)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-06-01 23:54:20 +02:00
Linhui Liu
4c5a9da869 selinux-policy: update to 1.2.5
30d503a uci jsonfilter: pipe and leak
e13cb64 rpcd leds
144781f jsonfilter, luci, ubus
1210762 rpcd and all agents get fd's leaked
ab9227c rpcd
2f99e0e luci rpcd
b43aaf3 rpcd (enable/disable services) luci peeraddr
f20f03e rpcd
7bc74f6 rpcd reads all subj state and luci-bwc leaks
9634b17 adds inotify perms to anon_inode
3d3c17c adds bare anon_inode (linux 5.15)
7104b20 dnsmasq and luci
0de2c66 luci,rpcd, ucode, wpad
14f5cf9 luci and ucode
e3ce84c rpcd, ucode and cgiio loose ends
96a2401 misc updates
9fe0490 initscript: remove redundant rules
71bd77e allow all init scripts to log to logd
f697331 sandbox: make ttydev handling more robust
a471877 simplify pty tty console access
f738984 sandbox: also remove TIOSCTI from all ttydevs

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
2023-05-31 22:00:48 +02:00
Tianling Shen
37fed89166 uboot-rockchip: add Orange Pi R1 Plus LTS support
Add support for the Xunlong Orange Pi R1 Plus LTS.
Manually generated of-platdata files to avoid swig dependency.

Tested-by: Volkan Yetik <no3iverson@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-05-31 21:41:46 +02:00
Tianling Shen
043f8a4f5e uboot-rockchip: add Orange Pi R1 Plus support
Add support for the Xunlong Orange Pi R1 Plus.
Manually generated of-platdata files to avoid swig dependency.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-05-31 21:41:46 +02:00
Hauke Mehrtens
0f6b8e6516 kernel: Make kmod-usb-net-smsc95xx depend on kmod-net-selftests
The smsc95xx driver got selftest support with kernel 5.18, add the new
dependency fixing the all kernel modules build on MIPS malta with kernel
6.1.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-05-31 21:29:36 +02:00
Hauke Mehrtens
3c55d8698a kernel: Make kmod-phylink depend on kmod-libphy
The CONFIG_PHYLINK Kconfig option in the kernel selects CONFIG_LIBPHY.
Add this dependency to fix the all kernel modules build on MIPS malta
and armvirt with kernel 6.1.

With kernel 5.15 mod-phylink and kmod-sfp are empty packages because
no OpenWrt kmod is selecting a module which needs sfp or phylink
support.

Fixes: #12758
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-05-31 21:28:37 +02:00
Petr Štetiar
d2ecaaca34
netifd: update to version 2023-05-31
Contains following changes:

 * bridge: bridge_dump_info: add dumping of bridge attributes
 * bridge: make it more clear why the config was applied
 * cmake: fix build by reordering the cflags definitions
 * treewide: fix multiple compiler warnings

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-05-31 19:13:38 +02:00
Rafał Miłecki
1d9d0ca376 firmware-utils: package oseama
It's required by bcm53xx. This allows dropping separated oseama package
and avoids some code duplication.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-05-29 12:22:38 +02:00
Rafał Miłecki
24d6abe2d7 firmware-utils: new package replacing otrx
Some of firmware utils may be required on target devices. It's useful
e.g. for dealing with some firmware formats. That is often required
(supporting specific format) to provide an option to revert to original
firmware.

So far we had packaged "otrx" util only for use on Broadcom targets.
Refactor that to package the whole firmware-utils project so we can
package any single util needed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-05-29 12:22:38 +02:00
Pawel Dembicki
0822040671 package: layerscape: change loadaddr address
At this moment loadaddr in most layerscape boards are configured to
0x81000000. 5.15 kernel on some boards is bigger than 5.10 and it cause error:

Loading kernel from FIT Image at 81000000 ...

Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: ARM64 OpenWrt Linux-5.15.112
Created: 2023-05-21 17:39:35 UTC
Type: Kernel Image
Compression: gzip compressed
Data Start: 0x810000ec
Data Size: 7513944 Bytes = 7.2 MiB
Architecture: AArch64
OS: Linux
Load Address: 0x80000000
Entry Point: 0x80000000
Hash algo: crc32
Hash value: 6fd69550
Hash algo: sha1
Hash value: ee34c753ffb615e199a428762824ad4a0aaef90a
Verifying Hash Integrity ... crc32+ sha1+ OK
Loading fdt from FIT Image at 81000000 ...

Using 'config-1' configuration
Trying 'fdt-1' fdt subimage
Description: ARM64 OpenWrt fsl_ls1088a-rdb-sdboot device tree blob
Created: 2023-05-21 17:39:35 UTC
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x8172a98c
Data Size: 19794 Bytes = 19.3 KiB
Architecture: AArch64
Hash algo: crc32
Hash value: 59792ba3
Hash algo: sha1
Hash value: 135585a49f86cd85acea559b78b0098ae99d5e12
Verifying Hash Integrity ... crc32+ sha1+ OK
Booting using the fdt blob at 0x8172a98c
Uncompressing Kernel Image
ERROR: new format image overwritten - must RESET the board to recover
resetting ...

This patch changes loadaddr to 0x88000000 (like LS1012A-FRDM board) to
avoid overlapping for bigger images (like initramfs) too.

Tested-by: Alexandra Alth <alexandra@alth.de> [LS1088ARDB]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2023-05-28 20:22:23 +02:00
Michał Kwiatek
a7e9445975 netfilter: add kmod-nft-dup-inet
Add kmod-nft-dup-inet package to allow packet duplication in ip/ip6/inet nftables family

Signed-off-by: Michał Kwiatek <michal@kwiatek.it>
2023-05-28 20:22:23 +02:00
Petr Štetiar
12494f5b8a
pcre2: fix host compilation of libselinux by enabling PIC
libselinux-3.5 fails to compile in Fedora 38 container due to the
following:

 cc -O2 -I/openwrt/staging_dir/host/include -I/openwrt/staging_dir/hostpkg/include -I/openwrt/staging_dir/target-x86_64_musl/host/include -I../include -D_GNU_SOURCE -DNO_ANDROID_BACKEND -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -I/openwrt/staging_dir/hostpkg/include -L/openwrt/staging_dir/host/lib -L/openwrt/staging_dir/hostpkg/lib -L/openwrt/staging_dir/target-x86_64_musl/host/lib -Wl,-rpath=/openwrt/staging_dir/hostpkg/lib -shared -o libselinux.so.1 avc.lo avc_internal.lo avc_sidtab.lo booleans.lo callbacks.lo canonicalize_context.lo checkAccess.lo check_context.lo checkreqprot.lo compute_av.lo compute_create.lo compute_member.lo compute_relabel.lo compute_user.lo context.lo deny_unknown.lo disable.lo enabled.lo fgetfilecon.lo freecon.lo freeconary.lo fsetfilecon.lo get_context_list.lo get_default_type.lo get_initial_context.lo getenforce.lo getfilecon.lo getpeercon.lo init.lo is_customizable_type.lo label.lo label_db.lo label_file.lo label_media.lo label_support.lo label_x.lo lgetfilecon.lo load_policy.lo lsetfilecon.lo mapping.lo matchmediacon.lo matchpathcon.lo policyvers.lo procattr.lo query_user_context.lo regex.lo reject_unknown.lo selinux_check_securetty_context.lo selinux_config.lo selinux_internal.lo selinux_restorecon.lo sestatus.lo setenforce.lo setexecfilecon.lo setfilecon.lo setrans_client.lo seusers.lo sha1.lo stringrep.lo validatetrans.lo -L/openwrt/staging_dir/hostpkg/lib -lpcre2-8 -lfts -ldl -Wl,-soname,libselinux.so.1,--version-script=libselinux.map,-z,defs,-z,relro
 /usr/bin/ld: /openwrt/staging_dir/hostpkg/lib/libpcre2-8.a(pcre2_compile.c.o): relocation R_X86_64_32S against symbol `_pcre2_ucd_stage1_8' can not be used when making a shared object; recompile with -fPIC
 /usr/bin/ld: failed to set dynamic section sizes: bad value

So lets fix it by enabling build of host static library with the
position independent code option enabled.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-05-28 08:58:07 +02:00
Robert Marko
87b03d9961
kernel: qca-nss-dp: add kernel 6.1 support
Add the required changes for kernel 6.1 support.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-05-28 08:57:08 +02:00
Robert Marko
8cae215d4d
kernel: qca-ssdk: add kernel 6.1 support
Add kernel 6.1 support to SSDK, it was just a case of adding the kernel
version identification and fixing up get_random_u32.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-05-28 08:57:08 +02:00
Robert Marko
e6d10b85ef
ath10k-ct: drop spectral fix for 5.10
This was needed when we had 5.10 kernel as well, but now that all
targets are running 5.15 or 6.1 we can safely drop it.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-05-28 08:56:42 +02:00
Robert Marko
e537ebbc23
ath10k-ct: use 6.2 version
ath10k-ct now offers 6.2 and 6.4 versions, so lets update to use 6.2
so we can get rid of the API update patch as well as NVMEM as that is
already present in the newer driver.
Ben merged the debug compilation patch so we can remove that one as well.

Update patches to point to 6.2 version and refresh them.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-05-28 08:56:39 +02:00
Zoltan HERPAI
91406797f9 uboot-sifiveu: add bootloader package for SiFive Ux40 boards
Add new package for building bootloader for the SiFive U-series boards. Supported
boards at this stage are the HiFive Unleashed and HiFive Unmatched.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2023-05-28 13:19:11 +02:00
Zoltan HERPAI
a0840ecd53 openssl: add linux-riscv64 into the targets list
Add "linux-riscv64-openwrt" into openssl configurations to enable building
on riscv64.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2023-05-28 13:19:11 +02:00
Zoltan HERPAI
944b13b3ee opensbi: add package for RISC-V
OpenSBI is a form of a first-stage bootloader, which initializes
certain parts of an SoC and then passes on control to the second
stage bootloader i.e. an u-boot image.

We're introducing the package with release v1.2, which provides
SBI v0.3 and the SBI SRST extensions which helps to gracefully
reboot/shutdown various HiFive-U SoCs.

Tested on SiFive Unleashed and Unmatched boards.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2023-05-28 13:19:11 +02:00
Tony Ambardar
ecc5324094 kernel: kmod-rxrpc: add missing dependencies
From commit dc0e6056de ("rxrpc: Fix missing dependency on NET_UDP_TUNNEL")
upstream, kmod-rxrpc uses functions enabled by CONFIG_NET_UDP_TUNNEL.

Add package dependencies on kmod-udptunnel4 and kmod-udptunnel6 to avoid
build errors like:

  Package kmod-rxrpc is missing dependencies for the following libraries:
    ip6_udp_tunnel.ko
    udp_tunnel.ko

This change applies to both kernels 5.15 and 6.1.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2023-05-28 07:45:50 +02:00
Tianling Shen
7c83b6ac86 ca-certificates: Update to version 20230311
Update the ca-certificates and ca-bundle package from version 20211016 to
version 20230311.

Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches.

Debian change-log entry [1]:
|[...]
|[ Đoàn Trần Công Danh ]
|* ca-certificates: compat with non-GNU mktemp (closes: #1000847)
|
|[ Ilya Lipnitskiy ]
|* certdata2pem.py: use UTC time when checking cert validity
|
|[ Julien Cristau ]
|* Update Mozilla certificate authority bundle to version 2.60
|   The following certificate authorities were added (+):
|   + "Autoridad de Certificacion Firmaprofesional CIF A62634068"
|   + "Certainly Root E1"
|   + "Certainly Root R1"
|   + "D-TRUST BR Root CA 1 2020"
|   + "D-TRUST EV Root CA 1 2020"
|   + "DigiCert TLS ECC P384 Root G5"
|   + "DigiCert TLS RSA4096 Root G5"
|   + "E-Tugra Global Root CA ECC v3"
|   + "E-Tugra Global Root CA RSA v3"
|   + "HARICA TLS ECC Root CA 2021"
|   + "HARICA TLS RSA Root CA 2021"
|   + "HiPKI Root CA - G1"
|   + "ISRG Root X2"
|   + "Security Communication ECC RootCA1"
|   + "Security Communication RootCA3"
|   + "Telia Root CA v2"
|   + "TunTrust Root CA"
|   + "vTrus ECC Root CA"
|   + "vTrus Root CA"
|  The following certificate authorities were removed (-):
|  - "Cybertrust Global Root" (expired)
|  - "EC-ACC"
|  - "GlobalSign Root CA - R2" (expired)
|  - "Hellenic Academic and Research Institutions RootCA 2011"
|  - "Network Solutions Certificate Authority"
|  - "Staat der Nederlanden EV Root CA" (expired)
|* Drop trailing space from debconf template causing misformatting
|  (closes: #980821)
|
|[ Wataru Ashihara ]
|* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244)
|[...]

[1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-05-27 22:51:18 +02:00
Chukun Pan
c51eb17730 uboot-mediatek: add Qihoo 360T7 support
The vendor uboot will verify firmware at boot.
So add a custom uboot build for this device.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2023-05-27 11:17:08 +01:00
Chukun Pan
602cb4f325 arm-trusted-firmware-mediatek: add build for MT7981 DDR3
Add new build option BOARD_QFN/BOARD_BGA.
This option is only useful for MT7981 device.
MT7981A/B: BOARD_BGA, MT7981C: BOARD_QFN.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2023-05-27 11:01:45 +01:00
Alexander Couzens
3eb354f999 mediatek: mt7981: add reserved memory to support pstore
Add reserved memory for pstore/ramoops to device tree used by Linux
as well as U-Boot.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-27 11:01:36 +01:00
Felix Fietkau
9713d62c01 mac80211: remove legacy unused lib80211 support patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-05-26 13:38:34 +02:00
Felix Fietkau
67e8cc07f9 hostapd: remove unused legacy wireless extension support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-05-26 13:33:45 +02:00
Antti Nykänen
86e7614e0d ipq-wifi: bump to latest git HEAD
0f73d32 ipq8074: update RegDB in new submitted BDF
a4cd21f ipq8074: add Compex WPQ873 BDF
c888dd0 qca-wireless: ipq40xx: Add BDFs for Eero Cento
6388ba9 ipq8074: update regdb for Netgear SXK80 BDF
77775d2 ipq8074: add Netgear SXK80

Signed-off-by: Antti Nykänen <antti.nykanen@nokia.com>
2023-05-26 13:05:02 +03:00
Antti Nykänen
07c45c0859 ipq807x: add support for Compex WPQ873
The Compex WPQ873 is a development board with two M.2 B-key
 slots for cellular modems.

Device info:
 - IPQ8072A SoC
 - 512MiB RAM
 - 256MiB NAND flash
 - 8MiB SPI NOR
 - 3x 1GigE ports
 - 1x 2.5GigE port
 - 2.4GHz/5GHz AX WLAN
 - 1x USB 3.0 port
 - 1x M.2 B-key socket with PCIe 3.0
 - 1x M.2 B-key socket with PCIe 2.0 and USB 3.0
 - 4x SIM card slots
 - Bluetooth LE 5.0 (QCA4024)

Prerequisites
1) TFTP server
2) 3.3V USB to TTL cable for UART console
   2.54mm pitch 4-pin header for UART is readily provided on board, no modifications are necessary to access it
   TTL connector pinout: 2=TX, 3=RX, 4=GND
   Arrow marks pin 1 which is 3.3V
   Serial port settings: 115200 8N1 no flow control

The device will most likely ship with a QSDK-based firmware.

1. Power on device and interrupt u-boot to obtain u-boot CLI

2. set serverip to IP address of the TFTP server, for example:

        `setenv serverip 192.168.1.10`

3. Download image from TFTP server:

        `tftpboot 0x44000000 openwrt-ipq807x-generic-compex_wpq873-squashfs-factory.ubi`

4. Flash ubi image to both partitions and reset:

        `sf probe
         imxtract 0x44000000 ubi
         nand device 0
         nand erase 0x0 0x3400000
         nand erase 0x3c00000 0x3400000
         nand write $fileaddr 0x0 $filesize
         nand write $fileaddr 0x3c00000 $filesize
         reset`

Afterwards, you can use sysupgrade to flash new OpenWRT images.

Signed-off-by: Antti Nykänen <antti.nykanen@nokia.com>
2023-05-26 13:05:02 +03:00
Tony Ambardar
afe1bf11f2 bpftools: update, split off bpftool and libbpf packages
My original bpftools package made "variant" builds of bpftool and libbpf
as a convenience, since both used the same local kernel sources with the
same versioning. This is no longer the case, since the commit below
switched to using an out-of-tree build mirror hosting repos for each.

Replace bpftools with separate bpftool and libbpf packages, each simplified
and correctly versioned. Also fix the broken libbpf ABI introduced in the
same commit. Existing build .config files are not impacted.

Fixes: 00cbf6f6ab ("bpftools: update to standalone bpftools + libbpf, use the latest version")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2023-05-24 21:17:20 +02:00
Tomasz Maciej Nowak
e81298463e
ubnt-ledbar: depend on mediatek and ramips subtargets
It's only used on devices in mt7621 and mt7622 subtargets, so no reason
to compile it for others.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2023-05-24 00:56:54 +02:00
Tomasz Maciej Nowak
3d63bf4da7
ubnt-ledbar: add kernel 6.1 compat
As of ed5c2f5fd10d ("i2c: Make remove callback return void") return
value of remove function is ignored.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2023-05-24 00:56:35 +02:00
Robert Marko
957f1ee85e
kernel: qca-ssdk: backport support for building as kernel module
Currently, SSDK is rather special in the sense that its not being built as
a proper out of tree module at all but rather like a userspace application
and that involves a lot of make magic which unfortunately broke with make
version 4.4 and newer.

Luckily QCA finally added a way to build SSDK as an out of tree module
and it uses the kernel buildsystem which makes it compile with make 4.4
as well.
So lets backport the support for it and switch to using it.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-05-23 23:51:39 +02:00
Robert Marko
bc4ba54a09 mac80211: backport merged version of A-MSDU mesh patch
Kernel 6.1 now has fortify_memcpy_chk() and it is causing the following
warning while trying to compile backports:
  CC [M]  /home/robimarko/Building/AX3600/ipq807x-5.15/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/backports-6.1.24/net/wireless/util.o
In file included from ./include/linux/string.h:253,
                 from /home/robimarko/Building/AX3600/ipq807x-5.15/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/backports-6.1.24/backport-include/linux/string.h:3,
                 from ./include/linux/bitmap.h:11,
                 from ./include/linux/cpumask.h:12,
                 from ./include/linux/smp.h:13,
                 from ./arch/arm64/include/asm/arch_timer.h:18,
                 from ./arch/arm64/include/asm/timex.h:8,
                 from ./include/linux/timex.h:67,
                 from ./include/linux/time32.h:13,
                 from ./include/linux/time.h:60,
                 from /home/robimarko/Building/AX3600/ipq807x-5.15/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/backports-6.1.24/backport-include/linux/time.h:3,
                 from ./include/linux/skbuff.h:15,
                 from /home/robimarko/Building/AX3600/ipq807x-5.15/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/backports-6.1.24/backport-include/linux/skbuff.h:3,
                 from ./include/linux/if_ether.h:19,
                 from /home/robimarko/Building/AX3600/ipq807x-5.15/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/backports-6.1.24/backport-include/linux/if_ether.h:3,
                 from ./include/linux/etherdevice.h:20,
                 from /home/robimarko/Building/AX3600/ipq807x-5.15/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/backports-6.1.24/backport-include/linux/etherdevice.h:3,
                 from /home/robimarko/Building/AX3600/ipq807x-5.15/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/backports-6.1.24/net/wireless/util.c:12:
In function 'fortify_memcpy_chk',
    inlined from 'ieee80211_strip_8023_mesh_hdr' at /home/robimarko/Building/AX3600/ipq807x-5.15/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/backports-6.1.24/net/wireless/util.c:590:3:
./include/linux/fortify-string.h:404:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
  404 |                         __write_overflow_field(p_size_field, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

This issue was fixed in the final version of
("wifi: mac80211: fix receiving A-MSDU frames on mesh interfaces") that was
merged upstream but we have a older version that is using:
memcpy(&payload.eth.h_dest, mesh_addr, 2 * ETH_ALEN);
instead of:
memcpy(&payload.eth, mesh_addr, 2 * ETH_ALEN);

So, lets just backport the merged version of patch to fix the issue.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-05-23 13:37:28 +02:00
Robert Marko
6dce5a7b58
kernel: modules: fs: adapt for kernel 6.1
Adapt filesystem kmods for building under kernel 6.1:
* Depend on kernel not being 5.10 rather than only 5.15
* kmod-fs-9p depends on kmod-fs-netfs from 5.17 as they started using
netfs helpers
* Set new KConfig options to N

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-05-22 22:28:20 +02:00
Robert Marko
4a02c5954f
kernel: modules: wwan: adapt for kernel 6.1
Update the WWAN kmods for compilation under kernel 6.1:
* Depend on kernel not being 5.10 rather than only 5.15
* Enable CONFIG_WWAN_DEBUGFS as its now optional from 5.17
* Add missing symbols for new WWAN drivers to generic config

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-05-22 22:28:20 +02:00
Christian Marangi
a511887644
kernel: modules: adapt for kernel 6.1
Adapt kernel modules to support kernel 6.1.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-05-22 22:28:20 +02:00
Nick Hainke
3b76f6eee4 busybox: update to 1.36.1
Release Notes:
http://lists.busybox.net/pipermail/busybox-cvs/2023-May/041510.html

Refresh commands, run after busybox is first built once (nothing changed
compared to 1.36.0):

  cd package/utils/busybox/config/
  ../convert_menuconfig.pl ../../../../build_dir/target-mipsel_24kc_musl/busybox-default/busybox-1.36.1
  cd ..
  ./convert_defaults.pl ../../../build_dir/target-mipsel_24kc_musl/busybox-default/busybox-1.36.1/.config > Config-defaults.in

Manual edits needed afterward:

* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6

* Config-defaults.in: OpenWrt config TARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)

* Config-defaults.in: OpenWrt logic applied to
  BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)

* Config-defaults.in: correct the default ports that get reset
  BUSYBOX_DEFAULT_FEATURE_HTTPD_PORT_DEFAULT    80
  BUSYBOX_DEFAULT_FEATURE_TELNETD_PORT_DEFAULT  23

* config/editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)

* config/shell/Config.in: change at "Options common to all shells" the conditional symbol
  SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
  (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
  Apparently our script does not see the hidden option while
  prepending config options with "BUSYBOX_CONFIG_" which leads to a
  missed dependency when the options are later evaluated.)

* Edit a few Config.in files by adding quotes to sourced items in
  config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)

Tested-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-05-22 20:55:33 +02:00
Nick Hainke
c520d682f0 libxml2: update to 2.11.4
Release Notes:
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-05-22 18:52:59 +02:00
Nick Hainke
78c45c1e59 libcap: update to 2.69
Release Notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe

Fixes: CVE-2023-2602 CVE-2023-2603
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-05-22 18:51:31 +02:00
Nick Hainke
17fbbafdcb lldpd: update to 1.0.17
Release Notes:
https://github.com/lldpd/lldpd/releases/tag/1.0.17

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-05-22 18:48:36 +02:00
Pietro Ameruoso
1c05388ab0 mediatek: add support for Zyxel EX5601-T0 router
Zyxel EX5601-T0 specifics
--------------
The operator specific firmware running on the Zyxel branded
EX5601-T0 includes  U-Boot modifications affecting the OpenWrt
installation.

Partition Table
| dev  | size     | erasesize | name          |
| ---- | -------- | --------- | ------------- |
| mtd0 | 20000000 | 00040000  | "spi0.1"      |
| mtd1 | 00100000 | 00040000  | "BL2"         |
| mtd2 | 00080000 | 00040000  | "u-boot-env"  |
| mtd3 | 00200000 | 00040000  | "Factory"     |
| mtd4 | 001c0000 | 00040000  | "FIP"         |
| mtd5 | 00040000 | 00040000  | "zloader"     |
| mtd6 | 04000000 | 00040000  | "ubi"         |
| mtd7 | 04000000 | 00040000  | "ubi2"        |
| mtd8 | 15a80000 | 00040000  | "zyubi"       |

The router boots BL2 which than loads FIP (u-boot).
U-boot has hardcoded a command to always launch Zloader "mtd read zloader 0x46000000" and than "bootm". Bootargs are deactivated.
Zloader is the zyxel booloader which allow to dual-boot ubi or ubi2, by default access to zloader is blocked.
Too zloader checks that the firmware contains a particolar file called zyfwinfo.
Additional details regarding Zloader can be found here:
https://hack-gpon.github.io/zyxel/
https://forum.openwrt.org/t/adding-openwrt-support-for-zyxel-ex5601-t0/155914

Hardware
--------
SOC: MediaTek MT7986a
CPU: 4 core cortex-a53 (2000MHz)
RAM: 1GB DDR4
FLASH: 512MB SPI-NAND (Micron xxx)
WIFI: Wifi6 Mediatek MT7976 802.11ax 5 GHz 4x4 + 2.4GHZ 4x4
ETH: MediaTek MT7531 Switch + SoC
3 x builtin 1G phy (lan1, lan2, lan3)
1 x MaxLinear GPY211B 2.5 N-Base-T phy5 (lan4)
1 x MaxLinear GPY211B 2.5Gbit xor SFP/N-Base-T phy6 (wan)
USB: 1 x USB 3.2 Enhanced SuperSpeed port
UART: 3V3 115200 8N1 (Pinout: GND KEY RX TX VCC)
VOIP: 2 FXS ports for analog phones

MAC Address Table
-----------------
eth0/lan    Factory 0x002a
eth1/wan    Factory 0x0024
wifi 2.4Ghz Factory 0x0004
wifi 5Ghz   Factory 0x0004 + 1

Serial console (UART)
---------------------
+-------+-------+-------+-------+-------+
| +3.3V |  RX   |  TX   |  KEY  |  GND  |
+---+---+-------+-------+-------+-------+
    |
    +--- Don't connect

Installation
------------
Keep in mind that openwrt can only run on the UBI partition, the openwrt firmware is not able to understand the zloader bootargs.
The procedure allows restoring the UBI partition with the Zyxel firmware and retains all the OEM functionalities.

1. Unlock Zloader (this will allow to swap manually between partitions UBI and UBI2):
- Attach a usb-ttl adapter to your computer and boot the router.
- While the router is booting at some point you will read the following: `Please press Enter to activate this console.`
- As soon as you read that press enter, type root and than press enter again (just do it, don't care about the logs scrolling).
- Most likely the router is still printing the boot log, leave it boot until it stops.
- If everything went ok you should have full root access "root@EX5601-T0:/#".
- Type the following command and press enter: "fw_setenv EngDebugFlag 0x1".
- Reboot the router.
- As soon as you read `Hit any key to stop autoboot:` press Enter.
- If everything went ok you should have the following prompt: "ZHAL>".
- You have successfully unlocked zloader access, this procedure must be done only once.

2. Check the current active partition:
- Boot the router and repeat the steps above to gain root access.
- Type the following command to check the current active image: "cat /proc/cmdline".
- If `rootubi=ubi` it means that the active partition is `mtd6`
- If `rootubi=ubi2` it means that the active partition is `mtd7`
- As mentioned earlier we need to flash openwrt into ubi/mtd6 and never overwrite ubi2/mtd7 to be able to fully roll-back.
- To activate and boot from mtd7 (ubi2) enter into ZHAL> command prompt and type the following commands:
atbt 1  # unlock write
atsw    # swap boot partition
atsr    # reboot the router
- After rebooting check again with "cat /proc/cmdline" that you are correctly booting from mtd7/ubi2
- If yes proceed with the installation guide. If not probably you don't have a firmware into ubi2 or you did something wrong.

3. Flashing:
- Download the sysupgrade file for the router from openwrt, than we need to add the zyfwinfo file into the sysupgrade tar.
Zloader only checks for the magic (which is a fixed value 'EXYZ') and the crc of the file itself (256bytes).
I created a script to create a valid zyfwinfo file but you can use anything that does exactly the same:
https://raw.githubusercontent.com/pameruoso/OpenWRT-Zyxel-EX5601-T0/main/gen_zyfwinfo.sh
- Add the zyfwinfo file into the sysupgrade tar.
- Enter via telnet or ssh into the router with admin credentials
- Enter the following commands to disable the firmware and model checks
"zycli fwidcheck off" and "zycli modelcheck off"
- Open the router web interface and in the update firmware page select the "restore default settings option"
- Select the sysupgrade file and click on upload.
- The router will flash and reboot itself into openwrt from UBI

4. Restoring and going back to Zyxel firmware.
- Use the ZHAL> command line to manually swap the boot parition to UBI2 with the following:
atbt 1  # unlock write
atsw    # swap boot partition
atsr    # reboot the router
- You will boot again the Zyxel firmware you have into UBI2 and you can flash the zyxel firmware to overwrite the UBI partition and openwrt.

Working features
----------------
3 gbit lan ports
Wifi
Zyxel partitioning for coexistance with Zloader and dual boot.
WAN SFP port (only after exporting pins 57 and 10. gpiobase411)
leds
reset button
serial interface
usb port
lan ethernet 2.5 gbit port (autosense)
wan ethernet 2.5 gbit port (autosense)

Not working
----------------
voip (missing drivers or proper zyxel platform software)

Swapping the wan ethernet/sfp xor port
----------------
The way to swap the wan port between sfp and ethernet is the following:
export the pins 57 and 10.
Pin 57 is used to probe if an sfp is present.
If pin 57 value is 0 it means that an sfp is present into the cage (cat /sys/class/gpio/gpio468/value).
If pin 57 value is 1 it means that no sfp is inserted into the cage.
In conclusion by default both 57 an 10 pins are by default 1, which means that the active port is the ethernet one.
After inserting an SFP pin 57 will become 0 and you have to manually change the value of pin 10 to 0 too.
This is totally scriptable of course.

Leds description
------------
All the leds are working out of the box but the leds managed by the 2 maxlinear phy (phy 5 lan, phy6 wan).
To activate the phy5 led (rj45 ethernet port led on the back of the router) you have to use mdio-tools.
To activate the phy6 led (led on the front of the router for 2.5gbit link) you have to use mdio-tools.
Example:
Set lan5 led to fast blink on 2500/1000, slow blink on 10/100:
mdio mdio-bus mmd 5:30 raw 0x0001 0x33FC

Set wan 2.5gbit led to constant on when wan is 2.5gbit:
mdio mdio-bus mmd 6:30 raw 0x0001 0x0080

Signed-off-by: Pietro Ameruoso <p.ameruoso@live.it>
2023-05-22 17:58:59 +02:00
Shiji Yang
0ffbef9317 ath79: add support for D-Link DIR-859 A3
Specifications:
  SOC:      QCA9563 775 MHz + QCA9880
  Switch:   QCA8337N-AL3C
  RAM:      Winbond W9751G6KB-25 64 MiB
  Flash:    Winbond W25Q128FVSG 16 MiB
  WLAN:     Wi-Fi4 2.4 GHz 3*3 + 5 GHz 3*3
  LAN:      LAN ports *4
  WAN:      WAN port *1
  Buttons:  reset *1 + wps *1
  LEDs: ethernet *5, power, wlan, wps

MAC Address:
  use      address               source1          source2
  label    40:9b:xx:xx:xx:3c     lan && wlan      u-boot,env@ethaddr
  lan      40:9b:xx:xx:xx:3c     devdata@0x3f     $label
  wan      40:9b:xx:xx:xx:3f     devdata@0x8f     $label + 3
  wlan2g   40:9b:xx:xx:xx:3c     devdata@0x5b     $label
  wlan5g   40:9b:xx:xx:xx:3e     devdata@0x76     $label + 2

Install via Web UI:
  Apply factory image in the stock firmware's Web UI.

Install via Emergency Room Mode:
  DIR-859 A1 will enter recovery mode when the system fails to boot
  or press reset button for about 10 seconds.

  First, set computer IP to 192.168.0.5 and Gateway to 192.168.0.1.
  Then we can open http://192.168.0.1 in the web browser to upload
  OpenWrt factory image or stock firmware. Some modern browsers may
  need to turn on compatibility mode.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2023-05-22 14:45:03 +02:00
Shiji Yang
e5d8739aa8 ath79: improve support for D-Link DIR-8x9 A1 series
1. Remove unnecessary new lines in the dts.
2. Remove duplicate included file "gpio.h" in the device dts.
3. Add missing button labels "reset" and "wps".
4. Unify the format of the reg properties.
5. Add u-boot environment support.
6. Reduce spi clock frequency since the max value suggested by the
   chip datasheet is only 25 MHz.
7. Add seama header fixup for DIR-859 A1. Without this header fixup,
   u-boot checksum for kernel will fail after the first boot.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2023-05-22 14:45:03 +02:00
Christian Lamparter
959563fb81 uml: exclude some /arch/x86 optimizations
The x86_64 UML target wants to include SSSE3 optimized
crypto code which lives under /arch/x86/crypto.

However, these are not built and this causes an error.
| ERROR: module '[...]/arch/x86/crypto/sha512-ssse3.ko' is missing.
| make[3]: *** [modules/crypto.mk:990: [...]/kmod-crypto-sha512_5.15.112-1_x86_64.ipk] Error 1

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-22 14:45:03 +02:00
Rafał Miłecki
bd26266314 mac80211: brcm: drop brcmfmac patch waiting for register_wiphy()
That was a workaround for OpenWrt generation of config files. This patch
was used to postpone returning from probe function until loading
firmware and calling register_wiphy().

All of that is not needed anymore thanks to the ieee80211 hotplug.d
script introduced in the commit 5f8f8a3661 ("base-files, mac80211,
broadcom-wl: wifi detection and configuration"). That takes care of
generating /etc/config/wireless entries even if wireless device appears
late in the booting process.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-05-22 08:18:45 +02:00
Christian Lamparter
8182c7edcb firmware: intel-microcode: update to 20230512
Debian changelog:

intel-microcode (3.20230512.1) unstable; urgency=medium

  * New upstream microcode datafile 20230512 (closes: #1036013)
    * Includes fixes or mitigations for an undisclosed security issue
    * New microcodes:
      sig 0x000906a4, pf_mask 0x40, 2022-10-12, rev 0x0004, size 115712
      sig 0x000b06e0, pf_mask 0x01, 2022-12-19, rev 0x0010, size 134144
    * Updated microcodes:
      sig 0x00050653, pf_mask 0x97, 2022-12-21, rev 0x1000171, size 36864
      sig 0x00050654, pf_mask 0xb7, 2022-12-21, rev 0x2006f05, size 44032
      sig 0x00050656, pf_mask 0xbf, 2022-12-21, rev 0x4003501, size 37888
      sig 0x00050657, pf_mask 0xbf, 2022-12-21, rev 0x5003501, size 37888
      sig 0x0005065b, pf_mask 0xbf, 2022-12-21, rev 0x7002601, size 29696
      sig 0x000606a6, pf_mask 0x87, 2022-12-28, rev 0xd000390, size 296960
      sig 0x000706e5, pf_mask 0x80, 2022-12-25, rev 0x00ba, size 113664
      sig 0x000806a1, pf_mask 0x10, 2023-01-13, rev 0x0033, size 34816
      sig 0x000806c1, pf_mask 0x80, 2022-12-28, rev 0x00aa, size 110592
      sig 0x000806c2, pf_mask 0xc2, 2022-12-28, rev 0x002a, size 97280
      sig 0x000806d1, pf_mask 0xc2, 2022-12-28, rev 0x0044, size 102400
      sig 0x000806e9, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806e9, pf_mask 0x10, 2023-01-02, rev 0x00f2, size 105472
      sig 0x000806ea, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806eb, pf_mask 0xd0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806ec, pf_mask 0x94, 2022-12-26, rev 0x00f6, size 105472
      sig 0x000806f8, pf_mask 0x87, 2023-03-13, rev 0x2b000461, size 564224
      sig 0x000806f7, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f6, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f5, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f4, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f8, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1, size 595968
      sig 0x000806f6, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000806f5, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000806f4, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000906a3, pf_mask 0x80, 2023-02-14, rev 0x042a, size 218112
      sig 0x000906a4, pf_mask 0x80, 2023-02-14, rev 0x042a
      sig 0x000906e9, pf_mask 0x2a, 2022-12-26, rev 0x00f2, size 108544
      sig 0x000906ea, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
      sig 0x000906eb, pf_mask 0x02, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000906ec, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
      sig 0x000906ed, pf_mask 0x22, 2023-02-05, rev 0x00f8, size 104448
      sig 0x000a0652, pf_mask 0x20, 2022-12-27, rev 0x00f6, size 96256
      sig 0x000a0653, pf_mask 0x22, 2023-01-01, rev 0x00f6, size 97280
      sig 0x000a0655, pf_mask 0x22, 2022-12-26, rev 0x00f6, size 96256
      sig 0x000a0660, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 97280
      sig 0x000a0661, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 96256
      sig 0x000a0671, pf_mask 0x02, 2022-12-25, rev 0x0058, size 103424
      sig 0x000b0671, pf_mask 0x32, 2023-02-06, rev 0x0113, size 207872
      sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992
      sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112
  * source: update symlinks to reflect id of the latest release, 20230512

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 16 May 2023 00:13:02 -0300

intel-microcode (3.20230214.1) unstable; urgency=medium

  * Non-maintainer upload.
  * New upstream microcode datafile 20230214
    - Includes Fixes for: (Closes: #1031334)
       - INTEL-SA-00700: CVE-2022-21216
       - INTEL-SA-00730: CVE-2022-33972
       - INTEL-SA-00738: CVE-2022-33196
       - INTEL-SA-00767: CVE-2022-38090
  * New Microcodes:
    sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
    sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
    sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e
    sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
    sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e
  * Updated Microcodes:
    sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864
    sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888
    sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888
    sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696
    sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960
    sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792
    sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776
    sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800
    sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664
    sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816
    sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
    sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429
    sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
    sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429
    sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480
    sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424
    sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872
    sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c

 -- Tobias Frost <tobi@debian.org>  Sun, 12 Mar 2023 18:16:50 +0100

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-21 14:25:52 +02:00
Philip Prindeville
3b2337b467 kernel: disable IGD (video DRM) support
IGD is only useful when accelerating a VM guest that wants to direct
render to memory in the host's framebuffer, but since OpenWrt
typically runs on headless hardware, this serves no purpose.

Also build vfio with VFIO_NOIOMMU undefined (to get all of the code
enabled), but allow it to be enabled via boot-time modparams
settings (or at run-time via sysfs writes to
"/sys/module/vfio/parameters/enable_unsafe_noiommu_mode".

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-05-21 14:25:52 +02:00
Nozomi Miyamori
d728d05c6c dropbear: add ForceCommand uci option
adds ForceCommand option. If the command is specified,
it forces users to execute the command when they log in.

Signed-off-by: Nozomi Miyamori <inspc43313@yahoo.co.jp>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 23:24:50 +02:00
Christian Lamparter
857345496b tfa-layerscape: fix fiptool's build
A missing '\' caused the remaining parameters not to be passed to make.

This fixes the following error:

| gcc -c [...] fiptool.c -o fiptool.o
| In file included from fiptool.h:16,
|                 from fiptool.c:19:
|fiptool_platform.h:19:11: fatal error: openssl/sha.h: No such file or directory
|   19 | # include <openssl/sha.h>
|      |           ^~~~~~~~~~~~~~~
|compilation terminated.
|make[3]: *** [Makefile:58: fiptool.o] Error 1

as the HOST_CFLAGS are no longer passed.

then, HOST_CFLAGS is specified as a command argument, this
is a specific problem of our built since appending these
needs the override directive.

Fixes: df28bfe03247 ("tfa-layerscape: Change to github and use the latest tag")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 23:20:48 +02:00