This is to align the implementation with upstream `linux-firmware`.
Instead of moving these firmware files to `brcm` subdirectory and changing
their names, leave them in `cypress` subdirectory, keep their names intact
and use symbolic links to provide compatibility with Broadcom FullMAC
driver.
This gives more context to where the firmware comes from.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
This is to align the implementation with upstream `linux-firmware`.
Some Raspberry Pi boards do not have dedicated NVRAM in `linux-firmware`
source repository, their NVRAM is provided through a symbolic link to
NVRAM of another board with an identical wireless design.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
PROVIDES for these packages will cause ambiguity and circular dependency
in planned changes.
For example, if there is a package `brcmfmac-firmware-43455-sdio-rpi-cm4`
that depends on `brcmfmac-firmware-43455-sdio-rpi-4b`, there is no way to
tell which one of below packages the system will go for.
- package named `brcmfmac-firmware-43455-sdio-rpi-4b`
- package named `cypress-nvram-43455-sdio-rpi-4b` that PROVIDES
`brcmfmac-firmware-43455-sdio-rpi-4b`
When ambiguity is unacceptable, PROVIDES (aliases) shall be removed and
packages shall only be used through their exact name.
So remove PROVIDES and keep only CONFLICTS.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
Some copper SFP modules come with Marvell's 88E1xxx PHY and need this
module to function. Package it, so users can easily install this PHY
driver and use e.g. FINISAR CORP. FCLF-8521-3-HC SFP.
Without marvell PHY driver:
sfp sfp2: module FINISAR CORP. FCLF-8521-3-HC rev A sn XXXXXXX dc XXXXXX
mt7530 mdio-bus:1f sfp2: validation with support 0000000,00000000,00000000 failed: -22
sfp sfp2: sfp_add_phy failed: -22
With marvell PHY driver:
sfp sfp2: module FINISAR CORP. FCLF-8521-3-HC rev A sn XXXXXXX dc XXXXXX
mt7530 mdio-bus:1f sfp2: switched to inband/sgmii link mode
mt7530 mdio-bus:1f sfp2: PHY [i2c:sfp2:16] driver [Marvell 88E1111] (irq=POLL)
mt7530 mdio-bus:1f sfp2: Link is Up - 1Gbps/Full - flow control rx/tx
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ruckus ZoneFlex 7025 is a single 2.4GHz radio 802.11n 1x1 enterprise
access point with built-in Ethernet switch, in an electrical outlet form factor.
Hardware highligts:
- CPU: Atheros AR7240 SoC at 400 MHz
- RAM: 64MB DDR2
- Flash: 16MB SPI-NOR
- Wi-Fi: AR9285 built-in 2.4GHz 1x1 radio
- Ethernet: single Fast Ethernet port inside the electrical enclosure,
coupled with internal LSA connector for direct wiring,
four external Fast Ethernet ports on the lower side of the device.
- PoE: 802.3af PD input inside the electrical box.
802.3af PSE output on the LAN4 port, capable of sourcing
class 0 or class 2 devices, depending on power supply capacity.
- External 8P8C pass-through connectors on the back and right side of the device
- Standalone 48V power input on the side, through 2/1mm micro DC barrel jack
Serial console: 115200-8-N-1 on internal JP1 header.
Pinout:
---------- JP1
|5|4|3|2|1|
----------
Pin 1 is near the "H1" marking.
1 - RX
2 - n/c
3 - VCC (3.3V)
4 - GND
5 - TX
Installation:
There are two methods of installation:
- Using serial console [1] - requires some disassembly, 3.3V USB-Serial
adapter, TFTP server, and removing a single T10 screw,
but with much less manual steps, and is generally recommended, being
safer.
- Using stock firmware root shell exploit, SSH and TFTP [2]. Does not
work on some rare versions of stock firmware. A more involved, and
requires installing `mkenvimage` from u-boot-tools package if you
choose to rebuild your own environment, but can be used without
disassembly or removal from installation point, if you have the
credentials.
If for some reason, size of your sysupgrade image exceeds 13312kB,
proceed with method [1]. For official images this is not likely to
happen ever.
[1] Using serial console:
0. Connect serial console to H1 header. Ensure the serial converter
does not back-power the board, otherwise it will fail to boot.
1. Power-on the board. Then quickly connect serial converter to PC and
hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
you'll enter U-boot shell. Then skip to point 3.
Connection parameters are 115200-8-N-1.
2. Allow the board to boot. Press the reset button, so the board
reboots into U-boot again and go back to point 1.
3. Set the "bootcmd" variable to disable the dual-boot feature of the
system and ensure that uImage is loaded. This is critical step, and
needs to be done only on initial installation.
> setenv bootcmd "bootm 0x9f040000"
> saveenv
4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:
> setenv serverip 192.168.1.2
> setenv ipaddr 192.168.1.1
> tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7025-initramfs-kernel.bin
> bootm 0x81000000
5. Optional, but highly recommended: back up contents of "firmware" partition:
$ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7025_fw1_backup.bin
6. Copy over sysupgrade image, and perform actual installation. OpenWrt
shall boot from flash afterwards:
$ ssh root@192.168.1.1
# sysupgrade -n openwrt-ath79-generic-ruckus_zf7025-squashfs-sysupgrade.bin
[2] Using stock root shell:
0. Reset the device to factory defaullts. Power-on the device and after
it boots, hold the reset button near Ethernet connectors for 5
seconds.
1. Connect the device to the network. It will acquire address over DHCP,
so either find its address using list of DHCP leases by looking for
label MAC address, or try finding it by scanning for SSH port:
$ nmap 10.42.0.0/24 -p22
From now on, we assume your computer has address 10.42.0.1 and the device
has address 10.42.0.254.
2. Set up a TFTP server on your computer. We assume that TFTP server
root is at /srv/tftp.
3. Obtain root shell. Connect to the device over SSH. The SSHD ond the
frmware is pretty ancient and requires enabling HMAC-MD5.
$ ssh 10.42.0.254 \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyCheking=no \
-o MACs=hmac-md5
Login. User is "super", password is "sp-admin".
Now execute a hidden command:
Ruckus
It is case-sensitive. Copy and paste the following string,
including quotes. There will be no output on the console for that.
";/bin/sh;"
Hit "enter". The AP will respond with:
grrrr
OK
Now execute another hidden command:
!v54!
At "What's your chow?" prompt just hit "enter".
Congratulations, you should now be dropped to Busybox shell with root
permissions.
4. Optional, but highly recommended: backup the flash contents before
installation. At your PC ensure the device can write the firmware
over TFTP:
$ sudo touch /srv/tftp/ruckus_zf7025_firmware{1,2}.bin
$ sudo chmod 666 /srv/tftp/ruckus_zf7025_firmware{1,2}.bin
Locate partitions for primary and secondary firmware image.
NEVER blindly copy over MTD nodes, because MTD indices change
depending on the currently active firmware, and all partitions are
writable!
# grep rcks_wlan /proc/mtd
Copy over both images using TFTP, this will be useful in case you'd
like to return to stock FW in future. Make sure to backup both, as
OpenWrt uses bot firmwre partitions for storage!
# tftp -l /dev/<rcks_wlan.main_mtd> -r ruckus_zf7025_firmware1.bin -p 10.42.0.1
# tftp -l /dev/<rcks_wlan.bkup_mtd> -r ruckus_zf7025_firmware2.bin -p 10.42.0.1
When the command finishes, copy over the dump to a safe place for
storage.
$ cp /srv/tftp/ruckus_zf7025_firmware{1,2}.bin ~/
5. Ensure the system is running from the BACKUP image, i.e. from
rcks_wlan.bkup partition or "image 2". Otherwise the installation
WILL fail, and you will need to access mtd0 device to write image
which risks overwriting the bootloader, and so is not covered here
and not supported.
Switching to backup firmware can be achieved by executing a few
consecutive reboots of the device, or by updating the stock firmware. The
system will boot from the image it was not running from previously.
Stock firmware available to update was conveniently dumped in point 4 :-)
6. Prepare U-boot environment image.
Install u-boot-tools package. Alternatively, if you build your own
images, OpenWrt provides mkenvimage in host staging directory as well.
It is recommended to extract environment from the device, and modify
it, rather then relying on defaults:
$ sudo touch /srv/tftp/u-boot-env.bin
$ sudo chmod 666 /srv/tftp/u-boot-env.bin
On the device, find the MTD partition on which environment resides.
Beware, it may change depending on currently active firmware image!
# grep u-boot-env /proc/mtd
Now, copy over the partition
# tftp -l /dev/mtd<N> -r u-boot-env.bin -p 10.42.0.1
Store the stock environment in a safe place:
$ cp /srv/tftp/u-boot-env.bin ~/
Extract the values from the dump:
$ strings u-boot-env.bin | tee u-boot-env.txt
Now clean up the debris at the end of output, you should end up with
each variable defined once. After that, set the bootcmd variable like
this:
bootcmd=bootm 0x9f040000
You should end up with something like this:
bootcmd=bootm 0x9f040000
bootargs=console=ttyS0,115200 rootfstype=squashfs init=/sbin/init
baudrate=115200
ethaddr=0x00:0xaa:0xbb:0xcc:0xdd:0xee
mtdparts=mtdparts=ar7100-nor0:256k(u-boot),7168k(rcks_wlan.main),7168k(rcks_wlan.bkup),1280k(datafs),256k(u-boot-env)
mtdids=nor0=ar7100-nor0
bootdelay=2
filesize=52e000
fileaddr=81000000
ethact=eth0
stdin=serial
stdout=serial
stderr=serial
partition=nor0,0
mtddevnum=0
mtddevname=u-boot
ipaddr=192.168.0.1
serverip=192.168.0.2
stderr=serial
ethact=eth0
These are the defaults, you can use most likely just this as input to
mkenvimage.
Now, create environment image and copy it over to TFTP root:
$ mkenvimage -s 0x40000 -b -o u-boot-env.bin u-boot-env.txt
$ sudo cp u-boot-env.bin /srv/tftp
This is the same image, gzipped and base64-encoded:
H4sICOLMEGMAA3UtYm9vdC1lbnYtbmV3LmJpbgDt0E1u00AUAGDfgm2XDUrTsUV/pTkFSxZoEk+o
lcQJtlNaLsURwU4FikDiBN+3eDNvLL/3Zt5/+vFuud8Pq10dp3V3EV4e1uFDGBXTQeq+9HG1b/v9
NsdheP0Y5mV5U4Vw0Y1f1/3wesix/3pM/dO6v2jaZojX/bJpr6dtsUzHuktDjm//FHl4SnXdxfAS
wmN4SWkMy+UYVqsx1PUYci52Q31I3dDHP5vU3ZUhXLX7LjxWN7eby+PVNNxsflfe3m8uu9Wm//xt
m9rFLjXtv6fLzfEwm5fVfdhc1mlI6342Pytzldvn2dS1qfs49Tjvd3qFOm/Ta6yKdbPNffM9x5sq
Ty805acL3Zfh5HTD1RDHJRT9WLGNfe6atJ2S/XE4y3LX/c6mSzZDs29P3edhmqXOz+1xF//s0y7H
t3GL5nDqWT5Ui/Gii7Aoi7HQ81jrcHZY/dXkfLLiJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8
xy8jb4zOAAAEAA==
7. Perform actual installation. Copy over OpenWrt sysupgrade image to
TFTP root:
$ sudo cp openwrt-ath79-generic-ruckus_zf7025-squashfs-sysupgrade.bin /srv/tftp
Now load both to the device over TFTP:
# tftp -l /tmp/u-boot-env.bin -r u-boot-env.bin -g 10.42.0.1
# tftp -l /tmp/openwrt.bin -r openwrt-ath79-generic-ruckus_zf7025-squashfs-sysupgrade.bin -g 10.42.0.1
Verify checksums of both images to ensure the transfer over TFTP
was completed:
# sha256sum /tmp/u-boot-env.bin /tmp/openwrt.bin
And compare it against source images:
$ sha256sum /srv/tftp/u-boot-env.bin /srv/tftp/openwrt-ath79-generic-ruckus_zf7025-squashfs-sysupgrade.bin
Locate MTD partition of the primary image:
# grep rcks_wlan.main /proc/mtd
Now, write the images in place. Write U-boot environment last, so
unit still can boot from backup image, should power failure occur during
this. Replace MTD placeholders with real MTD nodes:
# flashcp /tmp/openwrt.bin /dev/<rcks_wlan.main_mtd>
# flashcp /tmp/u-boot-env.bin /dev/<u-boot-env_mtd>
Finally, reboot the device. The device should directly boot into
OpenWrt. Look for the characteristic power LED blinking pattern.
# reboot -f
After unit boots, it should be available at the usual 192.168.1.1/24.
Return to factory firmware:
1. Boot into OpenWrt initramfs as for initial installation. To do that
without disassembly, you can write an initramfs image to the device
using 'sysupgrade -F' first.
2. Unset the "bootcmd" variable:
fw_setenv bootcmd ""
3. Concatenate the firmware backups, if you took them during installation using method 2:
$ cat ruckus_zf7025_fw1_backup.bin ruckus_zf7025_fw2_backup.bin > ruckus_zf7025_backup.bin
3. Write factory images downloaded from manufacturer website into
fwconcat0 and fwconcat1 MTD partitions, or restore backup you took
before installation:
# mtd write ruckus_zf7025_backup.bin /dev/mtd1
4. Reboot the system, it should load into factory firmware again.
Quirks and known issues:
- Flash layout is changed from the factory, to use both firmware image
partitions for storage using mtd-concat, and uImage format is used to
actually boot the system, which rules out the dual-boot capability.
- The 2.4 GHz radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
OpenWrt by choice.
It is controlled by data in the top 64kB of RAM which is unmapped,
to avoid the interference in the boot process and accidental
switch to the inactive image, although boot script presence in
form of "bootcmd" variable should prevent this entirely.
- On some versions of stock firmware, it is possible to obtain root shell,
however not much is available in terms of debugging facitilies.
1. Login to the rkscli
2. Execute hidden command "Ruckus"
3. Copy and paste ";/bin/sh;" including quotes. This is required only
once, the payload will be stored in writable filesystem.
4. Execute hidden command "!v54!". Press Enter leaving empty reply for
"What's your chow?" prompt.
5. Busybox shell shall open.
Source: https://alephsecurity.com/vulns/aleph-2019014
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Inspired by commit 9565c5726a, and by
facts that all Ubiquiti XM devices share flash layout, and images are
mostly compatible between all of them - enable uboot-envtools support for
whole XM line.
Build tested on: Ubiquiti Airrouter, Bullet-M (7240,7241), Nanobridge-M,
Nanostation-M (+ Loco), Picostation-M, Powerbridge-M, Rocket-M.
Runtime tested on: Ubiquiti Nanobridge M5 (XM).
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Rostelecom RT-SF-1 is a wireless WiFi 5 router manufactured by Sercomm
company.
Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB
Flash: 256 MiB, Micron MT29F2G08ABAGA3W
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7615E): a/n/ac, 4x4
Ethernet: 5xGbE (WAN, LAN1, LAN2, LAN3, LAN4)
USB ports: 1xUSB3.0
ZigBee: 3.0, EFR32 MG1B232GG
Button: 2 buttons (Reset & WPS)
LEDs:
- 1x Status (RGB)
- 1x 2.4G (blue, hardware, mt76-phy0)
- 1x 5G (blue, hardware, mt76-phy1)
Power: 12 VDC, 1.5 A
Connector type: barrel
Bootloader: U-Boot
Installation
-----------------
1. Remove dots from the OpenWrt factory image filename
2. Login to the router web interface
3. Update firmware using web interface with the OpenWrt factory image
4. If OpenWrt is booted, then no further steps are required. Enjoy!
Otherwise (Stock firmware has booted again) proceed to the next step.
5. Update firmware using web interface with any version of the Stock
firmware
6. Update firmware using web interface with the OpenWrt factory image
Revert to stock
---------------
Change bootflag to Sercomm1 in OpenWrt CLI and then reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
Recovery
--------
Use sercomm-recovery tool.
Link: https://github.com/danitool/sercomm-recovery
MAC Addresses
-------------
+-----+------------+------------+
| use | address | example |
+-----+------------+------------+
| LAN | label | *:72, *:d2 |
| WAN | label + 11 | *:7d, *:dd |
| 2g | label + 2 | *:74, *:d4 |
| 5g | label + 3 | *:75, *:d5 |
+-----+------------+------------+
The label MAC address was found in Factory 0x21000
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
enable additional crypto algorithms for hostap
hostap uses local implementations if not provided by crypto library,
so might as well enable in the crypto library for shared use by others.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Passing all arguments to /etc/init.d/$service restores the
behaviour of openwrt 21.02. This is relevant for services
such as etherwake which take more then one argument, e.g.:
"service etherwake start <list of devices to wake>"
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
It's not just required for the PCI version, but for USB and presumably
SDIO as well.
Tested with 0e8d:7961 Comfast CF-953AX (MT7921AU).
Signed-off-by: Andre Heider <a.heider@gmail.com>
Realtek bluetooth devices need firmware. Add packages for some of
these.
Tested on a WNDR3700v4 with rtl8761bu firmware.
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
USB adaptors with the RTL8761B chipset are cheap and readily available
but so far support is missing in Openwrt. Enable the relevant kernel
options and add a module to the kmod-bluetooth package. Increases size
of kmod-bluetooth ipk from 279140 bytes to 285320 bytes on my ath79 build.
Tested on a WNDR3700v4 with rtl8761bu firmware.
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
This add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6
addresses from DNS answers. these options is supported since version 2.87.
Co-authored-by: NueXini <nuexini@alumni.tongji.edu.cn>
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Changes:
712460c linux-firmware: Update firmware file for Intel Bluetooth 9462
90d5f7e linux-firmware: Update firmware file for Intel Bluetooth 9462
48954ba linux-firmware: Update firmware file for Intel Bluetooth 9560
0e205fd linux-firmware: Update firmware file for Intel Bluetooth 9560
06b941e linux-firmware: Update firmware file for Intel Bluetooth AX201
ba958ff linux-firmware: Update firmware file for Intel Bluetooth AX201
02bdea2 linux-firmware: Update firmware file for Intel Bluetooth AX211
7044d46 linux-firmware: Update firmware file for Intel Bluetooth AX211
1b99bcd linux-firmware: Update firmware file for Intel Bluetooth AX210
4668ae9 linux-firmware: Update firmware file for Intel Bluetooth AX200
5bdfdba linux-firmware: Update firmware file for Intel Bluetooth AX201
b0f995c amdgpu: update DMCUB firmware for DCN 3.1.6
d991031 rtl_bt: Update RTL8822C BT UART firmware to 0xFFB8_ABD6
fd62f01 rtl_bt: Update RTL8822C BT USB firmware to 0xFFB8_ABD3
b15fc21 WHENCE: mrvl: prestera: Add WHENCE entries for newly updated 4.1 FW images
bf5a337 mrvl: prestera: Update Marvell Prestera Switchdev FW to v4.1
4a733c2 iwlwifi: add new FWs from core74_pv-60 release
7d2bb50 qcom: drop split a530_zap firmware file
7d56713 qcom/vpu-1.0: drop split firmware in favour of the mbn file
1431496 qcom/venus-4.2: drop split firmware in favour of the mbn file
cf95783 qcom/venus-4.2: replace split firmware with the mbn file
1fe6f49 qcom/venus-1.8: replace split firmware with the mbn file
abc0302 linux-firmware: Add firmware for Cirrus CS35L41 on new ASUS Laptop
20d9516 iwlwifi: add new PNVM binaries from core74-44 release
06dbfbc iwlwifi: add new FWs from core69-81 release
05df8e6 qcom: update venus firmware files for VPU-2.0
cd6fcdb qcom: remove split SC7280 venus firmware images
1612706 qcom: update venus firmware file for v5.4
ad9fdba qcom: replace split SC7180 venus firmware images with symlink
dae5d46 rtw89: 8852b: update fw to v0.27.32.1
a8e86ec rtlwifi: update firmware for rtl8192eu to v35.7
9aa8db1 rtlwifi: Add firmware v4.0 for RTL8188FU
8f86b5a i915: Add HuC 7.10.3 for DG2
48407ff cnm: update chips&media wave521c firmware.
bd31846 brcm: add symlink for Pi Zero 2 W NVRAM file
771968c linux-firmware: Add firmware for Cirrus CS35L41 on ASUS Laptops
6f9620e linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops
1d18cb9 linux-firmware: Add firmware for Cirrus CS35L41 on HP Laptops
e497757 rtw89: 8852b: add initial fw v0.27.32.0
98b5577 iwlwifi: add new FWs from core72-129 release
604026c iwlwifi: update 9000-family firmwares to core72-129
Signed-off-by: Nick Hainke <vincent@systemli.org>
dtim_period is a bss property, not a device one.
It is already handled properly in mac80211.sh
Fixes: 30c64825c7 ("hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_required")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Specifications:
SOC: Qualcomm IPQ4018 (DAKOTA) ARM Quad-Core
RAM: 256 MiB
FLASH1: 4 MiB NOR
FLASH2: 128 MiB NAND
ETH: Qualcomm QCA8075
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11b/g/n 2x2
WLAN2: Qualcomm Atheros QCA4018 5G 802.11n/ac W2 2x2
USB: 1 x USB 3.0 port
Button: 1 x Reset button
Switch: 1 x Mode switch
LED: 1 x Blue LED + 1 x White LED
Install via uboot tftp or uboot web failsafe.
By uboot tftp:
(IPQ40xx) # tftpboot 0x84000000 openwrt-ipq40xx-generic-glinet_gl-a1300-squashfs-nand-factory.ubi
(IPQ40xx) # nand erase 0 0x8000000
(IPQ40xx) # nand write 0x84000000 0 $filesize
By uboot web failsafe:
Push the reset button for 10 seconds util the power led flash faster,
then use broswer to access http://192.168.1.1
Afterwards upgrade can use sysupgrade image.
Signed-off-by: Weiping Yang <weiping.yang@gl-inet.com>
Get rid of drivers that are either limited to 802.11b/g or don't even support
cfg80211/mac80211. Most of these are either limited to boards that we don't even
support anymore because of firmware size, or were only used for custom hacks by
a really small number of users in the past.
Let's get rid of those to reduce the maintenance effort and the number of useless
packages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add kernel package 'mt7916-firmware' with firmware files for MT7916E devices.
These share the same driver as the MT7915 chipset, but use their own firmware.
Tested using a pair of AsiaRF AW7916-NPD cards.
Signed-off-by: Andrew Powers-Holmes <aholmes@omnom.net>
Add build option for nftables sets. By default disable iptables ipset
support. By default enable nftable nftset support since this is what
fw4 uses.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
dnsmasq: nftset: serve from ipset config
Use existing ipset configs as source for nftsets to be compatible with
existing configs. As the OS can either have iptables XOR nftables
support, it's fine to provide both to dnsmasq. dnsmasq will silently
fail for the present one. Depending on the dnsmasq compile time options,
the ipsets or nftsets option will not be added to the dnsmasq config
file.
dnsmasq will try to add the IP addresses to all sets, regardless of the
IP version defined for the set. Adding an IPv6 to an IPv4 set and vice
versa will silently fail.
Signed-off-by: Mathias Kresin <dev@kresin.me>
dnsmasq: support populating nftsets in addition to ipsets
Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in
the system. Keep the same configuration syntax in /etc/config/dhcp, for
compatibility purposes.
Huge thanks to Jo-Philipp Wich for basically writing the function.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
dnsmasq: obtain nftset ip family from nft
Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address
family to an nft set is made.
Heuristic to guess which ip family a nft set might belong by inferring
from the set name.
In order of preference:
If setname ends with standalone '4' or '6' use that, else
if setname has '4' or '6' delimited by '-' or '_' use that (eg
foo-4-bar) else
If setname begins with '4' or '6' standalone use that.
By standalone I mean not as part of a larger number eg. 24
If the above fails then use the existing nft set query mechanism and if
that fails, well you're stuffed!
With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp
knowledge.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
dnsmasq: specify firewall table for nftset
Permit ipsets to specify an nftables table for the set. New config
parameter is 'table'. If not specified the default of 'fw4' is used.
config ipset
list name 'BK_4,BK_6'
option table 'dscpclassify'
option table_family 'ip'
option family '4'
list domain 'ms-acdc.office.com'
list domain 'windowsupdate.com'
list domain 'update.microsoft.com'
list domain 'graph.microsoft.com'
list domain '1drv.ms'
list domain '1drv.com'
The table family can also be specified, usually 'ip' or 'ip6' else the
default 'inet' capable of both ipv4 & ipv6 is used.
If the table family is not specified then finally a family option is
available to specify either '4' or '6' for ipv4 or ipv6 respectively.
This is all in addition to the existing heuristic that will look in the
nftset name for an ip family clue, or in total desperation, query the
value from the nftset itself.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
When running sysupgrade from an existing configuration, move existing
ipset definitions to a dedicated config section. Later on, it will allow
to serve ipset as well as nftable sets from the same configuration.
Signed-off-by: Mathias Kresin <dev@kresin.me>
SIM AX18T and Haier HAR-20S2U1 Wi-Fi6 AX1800 routers are designed based
on Tenbay WR1800K. They have the same hardware circuits and u-boot.
SIM AX18T has three carrier customized models: SIMAX1800M (China Mobile),
SIMAX1800T (China Telecom) and SIMAX1800U (China Unicom). All of these
models run the same firmware.
Specifications:
SOC: MT7621 + MT7905 + MT7975
ROM: 128 MiB
RAM: 256 MiB
LED: status *3 R/G/B
Button: reset *1 + wps/mesh *1
Ethernet: lan *3 + wan *1 (10/100/1000Mbps)
TTL Baudrate: 115200
TFTP Server: 192.168.1.254
TFTP IP: 192.168.1.28 or 192.168.1.160 (when envs is broken)
MAC Address:
use address source
label 30:xx:xx:xx:xx:62 wan
lan 30:xx:xx:xx:xx:65 factory.0x8004
wan 30:xx:xx:xx:xx:62 factory.0x8004 -3
wlan2g 30:xx:xx:xx:xx:64 factory.0x0004
wlan5g 32:xx:xx:xx:xx:64 factory.0x0004 set 7th bit
TFTP Installation (initramfs image only & recommend):
1. Set local tftp server IP: 192.168.1.254 and NetMask: 255.255.255.0
2. Rename initramfs-kernel.bin to "factory.bin" and put it in the root
directory of the tftp server. (tftpd64 is a good choice for Windows)
3. Start the TFTP server, plug in the power supply, and wait for the
system to boot.
4. Backup "firmware" partition and rename it to "firmware.bin", we need
it to back to stock firmware.
5. Use "fw_printenv" command to list envs.
If "firmware_select=2" is observed then set u-boot enviroment:
/# fw_setenv firmware_select 1
6. Apply sysupgrade.bin in OpenWrt LuCI.
Web UI Installation:
1. Apply update by uploading initramfs-factory.bin to the web UI.
2. Use "fw_printenv" command to list envs.
If "firmware_select=2" is observed then set u-boot enviroment:
/# fw_setenv firmware_select 1
3. Apply squashfs-sysupgrade.bin in OpenWrt LuCI.
Recovery to stock firmware:
a. Upload "firmware.bin" to OpenWrt /tmp, then execute:
/# mtd -r write /tmp/firmware.bin firmware
b. We can also write factory image "UploadBrush-bin.img" to firmware
partition to recovery. Upload image file to /tmp, then execute:
/# mtd erase firmware
/# mtd -r write /tmp/UploadBrush-bin.img firmware
How to extract stock firmware image:
Download stock firmware, then use openssl:
openssl aes-256-cbc -d -salt -in [Downloaded_Firmware] \
-out "firmware.tar.tgz" -k QiLunSmartWL
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Do not use find_vpid(), but get_task_pid() to get the pid from
pThrCntrl->tid. This is now a ponter to struct task_struct instead of
an integer.
This fixes the build of ltq-tapi with lantiq/xway.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not include asm/irq.h directly, but include linux/interrupt.h instead.
This fixes the build of ltq-tapi with lantiq/xway.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This backports a commit which fixes a use after free bug in awk.
CVE-2022-30065 description:
A use-after-free in Busybox 1.35-x's awk applet leads to denial of
service and possibly code execution when processing a crafted awk
pattern in the copyvar function.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.
CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In a254279a6c LS1012A-IOT kernel image was switched to FIT.
But u-boot config is lack of FIT and ext4 support.
This patch enables it.
It also fix envs, because for some reason this board need to use "loadaddr"
variable in brackets.
Fixes: #9894
Fixes: a254279a6c ("layerscape: Change to combined rootfs on sd images")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
In my commit da5c45f4d8 ("kernel: remove handling of xfrm[4|6]_mode_*
modules") I missed a few default config options and description entries.
Those should be gone as well.
Fixes: da5c45f4d8 ("kernel: remove handling of xfrm[4|6]_mode_* modules")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
Calling /etc/init.d/uhttpd reload directly in the acme hotplug script
can inadvertently start a stopped instance.
Signed-off-by: Glen Huang <i@glenhuang.com>
