Bind to the configured system interfaces only. Switchport interfaces
are no longer ignored and uci interface values for LLDPD are honored.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
Add the possibility that colored LEDs can also be configured via the uci.
config led 'led1'
option name '<name>'
option sysfs '<path>'
option trigger 'default-on'
option default '1'
--> option color_{$color} '<0-255>'
The supported names of the variable "${color}" for the selected LED can be
queried in the file with the name 'multi_index'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Setting the trigger and checking whether the trigger can be set belong
together and should not be interrupted by other lines of code.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
There are monochrome LEDs that can only display one color. However, there
are also LEDs that can display multiple colors. This can be tested in the
led subsystem of the kernel if the files 'multi_index' and 'multi_intensity'
are present in the folder '/sys/class/leds/<ledname>'.
Until now it was not possible to reset the default color. This commit adds
the missing information in the file '/var/run/led.state' so that the bootup
color can be seen on the LED again when the LED configuration has been changed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
v4l2-common.ko was merged into videodev.ko and no longer exists.
Fixes: ac5671f46c ("kernel: remove obsolete kernel version switches for 4.19")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The maintainer and repository of wireless-regdb has changed.
https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/
Changes:
37dcea0 wireless-regdb: Update keys and maintainer information
9e0aee6 wireless-regdb: Makefile: Reproducible signatures
8c784a1 wireless-regdb: Update regulatory rules for China (CN)
149c709 wireless-regdb: Update regulatory rules for Japan (JP) for December 2023
bd69898 wireless-regdb: Update regulatory rules for Singapore (SG) for September 2023
d695bf2 wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)
4541300 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
Useful for UI and config generators. Will be used as intermediate
step for generating the default wifi configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The coda kernel modules were moved between 5.15 and 6.1.
Adapt the coda-vpu and imx-vdoa modules for that.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Linux 6.1 changed DRM_GEM_DMA_HELPER to a module (drm_dma_helper.ko).
Add this to the drm-imx to fix module dependencies.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Linux 6.1 wraps core video drivers in a MEDIA_PLATFORM_DRIVERS submenu.
Enable that for 6.1 and add some new necessary undefines to
target/linux/generic/config-6.1 to avoid build failures.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
kmod-drm-imx-hdmi depends on kmod-drm-display-helper since 6.1. Include
that in OpenWrt's recipes.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
This adds support for the Fritzbox 7490 device. It contains two
SoCs, one Lantiq without WiFi and one QCA9558 with 2.4GHz
and 5 GHz WiFi. Only the Lantiq has access to the flash memory,
the Atheros runs fully from RAM and is booted by using a remoteproc
kernel module and is not supported with this commit.
The devices were manufactured with varying NAND chips which
requires Micron and non-Micron versions of the images.
Specifications:
- SoC: Lantiq 500 MHz
- RAM: 256 MB
- Storage: 512 MB NAND, 1MB FLASH
- Wireless, separate SOC QCA9558 with 128MB RAM (not supported yet):
· Qualcomm-QCA9558 w/ 3×3 MIMO for 2.4GHz 802.11b/g/n
· Qualcomm-QCA9880 w/ 3×3 MIMO for 5GHz 802.11a/ac
· AG71xx ethernet
- Ethernet: Built-in AR 803x, 7 port 4 phy switch,
4x 1000/100/10 port, Port 5 is fixed and connected to the WASP SOC
- Renesas µPD720202 USB3 PCIe, requires firmware binary on the device
- VDSL2 modem
Unsupported:
- DECT and ISDN telephony
Installation:
Check which NAND the device has by using the following procedure with
stock firmware:
Go to to http://<fritzbox_ip>/support.lua, download the support data
file and search for string "NAND device" to get the manufacturer kernel
output.
Use Micron image if Micron is displayed otherwise the non-Micron image.
Use the eva_ramboot.py script to boot the initramfs image. Follow the
procedure to interrupt booting by ftp into 192.168.178.1 within
5 seconds after poweron.
Then transfer the sysupgrade image to the device and run sysupgrade to
flash it to the NAND.
For making USB work, an renesas xhci firmware file (e.g. v2026) is
needed and it should be copied to /lib/firmware/ (file name
renesas_usb_fw.mem).
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Comfast CF-E393AX is a dual-band Wi-Fi 6 POE ceiling mount access point.
Oem firmware is a custom openwrt 21.02 snapshot version.
We can gain access via ssh once we remove the root password.
Hardware specification:
SoC: MediaTek MT7981A 2x A53
Flash: 128 MB SPI-NAND
RAM: 256MB DDR3
Ethernet: 1x 10/100/1000 Mbps built-in PHY (WAN)
1x 10/100/1000/2500 Mbps MaxLinear GPY211C (LAN)
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976D
LEDS: 1x (Red, Blue and Green)
Button: Reset
UART: 3.3v, 115200n8
--------------------------
| Layout |
| ----------------- |
| 4 | VCC GND TX RX | <= |
| ----------------- |
--------------------------
Gain SSH access:
1. Login into web interface (http://apipaddress/computer/login.html),
and download the
configuration(http://apipaddress/computer/config.html).
2. Rename downloaded backup config - 'backup.file to backup.tar.gz',
Enter 'fakeroot' command then decompress the configuration:
tar -zxf backup.tar.gz
3. Edit 'etc/shadow', update (remove) root password:
With password =
'root:$1$xf7D0Hfg$5gkjmvgQe4qJbe1fi/VLy1:19362:0:99999:7:::'
'root:$1$xf7D0Hfg$5gkjmvgQe4qJbe1fi/VLy1:19362:0:99999:7:::'
to
Without password =
'root::0:99999:7:::'
'root::0:99999:7:::'
4. Repack 'etc' directory back to a new backup file:
tar -zcf backup-ssh.tar.gz etc/
5. Rename new config tar.gz file to 'backup-ssh.file'
Exit fakeroot - 'exit'
6. Upload new configuration via web interface, now you
can SSH with the following:
'ssh -vv -o HostKeyAlgorithms=+ssh-rsa \
-o PubkeyAcceptedAlgorithms=+ssh-rsa root@192.168.10.1'.
Backup the mtd partitions
- https://openwrt.org/docs/guide-user/installation/generic.backup
7. Copy openwrt factory firmware to the tmp folder to install via ssh:
'scp -o HostKeyAlgorithms=+ssh-rsa \
-o PubkeyAcceptedAlgorithms=+ssh-rsa \
*-mediatek-filogic-comfast_cf-e393ax-squashfs-factory.bin \
root@192.168.10.1:/tmp/'
'sysupgrade -n -F \
/tmp/*--mediatek-filogic-comfast_cf-e393ax-squashfs-factory.bin'
8. Once led has stopped flashing - Connect via ssh with the
default openwrt ip address - 'ssh root@192.168.1.1'
9. SSH copy the openwrt sysupgrade firmware and upgrade
as per the default instructions.
Signed-off-by: David Bentham <db260179@gmail.com>
Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]
* Fixed PKCS12 Decoding crashes
([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07
([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q parameter
value ([CVE-2023-5678])
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Bump PKG_RELEASE which should have been done by commit 7b1c3068b7
("uhttpd: restart when interface to listen becomes available").
Fixes: 7b1c3068b7 ("uhttpd: restart when interface to listen becomes available")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Since we have the 'GPIO support' menu, it is strange to look up
gpio related modules in 'Other modules' menu. So move these
modules and put them in the gpio menu.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Send error output of umount to /dev/null to mute error in case
ubiblock device has already been unmounted (which is usually the
case).
Gets rid of bogus error message:
umount: can't unmount /dev/ubiblock0_4: Invalid argument
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Currently uhttpd won't start with a listening interface configured if
the interface isn't already up at the time uhttpd starts. Make sure we
attempt to start uhttpd when it comes up.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changelog:
edddd80 Release libbsd 0.11.8
dd0bdb5 test: Close all descriptors before initializing them for closefrom()
0813f37 build: Check out-of-tree builds in CI
df116b5 Adjust strlcpy() and strlcat() per glibc adoption
ecb44e1 Do not add a pointer to the NULL constant
459b7f7 Do not confuse code analyzers with out-of-bounds array access look alike
a44f885 test: Fix short-lived memory leak
3f5ca0a build: Add a coverage regex to the CI job
9d3e59a man: Use VARIANTS instead of ALTERNATIVES in libbsd(7)
f02562d man: Markup function references with Xr instead of Fn
b7367c9 build: Add missing dash to macro title bar
6777eb6 pwcache: Do not declare uidtb and gidtb when not used
d4e0cdc fgetln: Include <stdio.h> after <sys/*>
f41d6c1 build: Refactor GNU .init_array support check into a new m4 function
30b48ed build: Refactor linker script detection into a new m4 function
d0d8d01 build: Do not provide prototypes for arc4random() on Solaris
cf61ebb build: Do not build the progname module if it is not needed
73b25a8 build: Sort entries alphabetically
5434ba1 build: Conditionalize wcslcpy() and wcslcat() functions on macOS
dc1bd1a build: Conditionalize only id-from-name functions not the entire pwcache
edc746e build: Conditionalize getprogname()/setprogname on macOS
8f998d1 progname: Include <procinfo.h> if available
d08163b build: Check whether we need libperfstat on AIX
1186cf8 build: Annotate droppable functions for musl on next SOVERSION bump
6385ccc build: Conditionalize bsd_getopt() on macOS
c120681 Move the version script comments before the symbols
9fa0676 Port getprogname() to AIX
92337b1 Make getprogname() porting mandatory
90b7f3a test: Do not use /dev/null as compiler output file
426bf45 build: Add generated *.sym files to .gitignore
21d12b0 build: On macOS do not build functions provided by the system
bc65806 build: Select whether to include funopen() in the build system
8b7a4d9 build: Move Windows OS detection to the OS features section
ccbfd1c build: Remove __MUSL__ definition from configure
e0976d7 build: Add a new libbsd_strong_alias() macro and switch users to it
49c7dd1 build: Only emit link warnings for ELF objects
8622767 build: Use an export symbols file if there is no version script support
8f61036 build: Add -no-undefined libtool flag
ae7942b build: Do not override the default DEPENDENCIES for libbsd
a5faf17 Only use <stdio_ext.h> if present
06e8a1b Define _NSIG if it is not defined by the system
44824ac Declare environ if the system does not do so
1fb6c3f Use lockf() when flock() is not available
fe16f38 test: Use open_memstream() only if available
7c652a9 test: Do not hardcode root:root user and group names
ed2eb31 test: Fix closefrom() test on macOS
0f8bcdf test: Fix closefrom() test to handle open file descriptor limits
07192b3 test: Disable blank_stack_side_effects() on non-Hurd systems
ca3db5e build: Do not enable ASAN for musl CI pipelines
ff46386 man: Add HISTORY section to arc4random(3bsd)
4c6da57 man: Switch arc4random(3bsd) man page from OpenBSD to NetBSD
830dd88 doc: Remove written-by attribution
257800a build: Add support for sanitizer compiler flags
536a7d4 test: Exempt blank_stack_side_effects() from sanitizer checks
7ed5de0 test: Import explicit_bzero() sanitizer support changes from OpenBSD
05a802a test: Fix memory leaks in fpurge test
5962e03 man: Fix BSD and glibc versions
59a21c7 man: Update STANDARDS and HISTORY sections
7b4ebd6 include: Adjust closefrom() per glibc adoption
0dfbe76 build: Switch to debian:latest Docker image
dec783d build: Fix version script linker support detection
fe21244 include: Use __has_builtin to detect __builtin_offsetof support
ec88b7b funopen: Replace off64_t with off_t in funopen_seek()
2337719 man: Prune unneeded <sys/types.h> include in setproctitle(3)
5dea9da build: Improve C99 compatibility of __progname configure check
b9bf42d build: Enable -Wall for automake
e57c078 build: Add missing AM_PROG_AR macro call to configure.ac
80f1927 build: Fix configure.ac indentation
b7a8bc2 build: Require automake 1.11
e508962 build: Do not require funopen() to be ported
00b538f build: Terminate lists in variables with «# EOL»
5cfa39e build: Use «yes» instead of «true» for AC_CHECK_FUNCS cache value
Signed-off-by: Nick Hainke <vincent@systemli.org>
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:
* Timing side channel in private key RSA operations (CVE-2024-23170)
Mbed TLS is vulnerable to a timing side channel in private key RSA
operations. This side channel could be sufficient for an attacker to
recover the plaintext. A local attacker or a remote attacker who is
close to the victim on the network might have precise enough timing
measurements to exploit this. It requires the attacker to send a large
number of messages for decryption.
* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)
When writing x509 extensions we failed to validate inputs passed in to
mbedtls_x509_set_extension(), which could result in an integer overflow,
causing a zero-length buffer to be allocated to hold the extension. The
extension would then be copied into the buffer, causing a heap buffer
overflow.
Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
Disable compiling qca8081 PHY driver in favor of upstream to better
support it and add better control of attached LEDs.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Completely disable dump_survey code on ARCH_BCM2835 to fix defined but not
used warning.
512b762ddb (commitcomment-137899352)
Fixes: 512b762ddb ("mac80211: brcm: disable dump_survey on Raspberry Pi")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
6339204c212b CMakeLists.txt: bump minimum cmake version
c1be505732e6 udebug: fix crash in udebug_entry_vprintf with longer strings
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Adds MediaTek MT7916AN and Cypress CYW43455 (Raspberry Pi 5) devices.
a34977c devices: add device id for Cypress CYW43455
3eb34df devices: add device id for MediaTek MT7916AN
There are no ABI changes.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Enabling this causes slow iwinfo calls on Raspberry Pi and LuCI slows down
when wireless is enabled.
Fixes: https://github.com/openwrt/openwrt/issues/14013
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This patch has been reverted in the Raspberry Pi linux repository.
Also refresh the rest of the patches.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Backport merged upstream patch that adds support for firmware loader
from NVMEM or attached filesystem for Aquantia PHYs.
Refresh all kernel patches affected by this change.
Also update the path for aquantia .ko that got moved to dedicated
directory upstream.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
[rmilecki: port to 5.15]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The RPi 5 expects the same NVRAM as the one from RPi 4 on a different file.
Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Reword commit description, add missing PKG_RELEASE bump]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
When wpa_psk_file is used, there is a chance that no PSK is set. This means
that the FT key will be generated using only the mobility domain which
could be considered a security vulnerability but only for a very specific
and niche config.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
802.11r can not be used when selecting WPA. It needs at least WPA2.
This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.
Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>