Commit Graph

20036 Commits

Author SHA1 Message Date
John Audia
4ae86b3358 openssl: bump to 1.1.1t
Removed upstreamed patch: 010-padlock.patch

Changes between 1.1.1s and 1.1.1t [7 Feb 2023]

  *) Fixed X.400 address type confusion in X.509 GeneralName.

     There is a type confusion vulnerability relating to X.400 address processing
     inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
     but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
     vulnerability may allow an attacker who can provide a certificate chain and
     CRL (neither of which need have a valid signature) to pass arbitrary
     pointers to a memcmp call, creating a possible read primitive, subject to
     some constraints. Refer to the advisory for more information. Thanks to
     David Benjamin for discovering this issue. (CVE-2023-0286)

     This issue has been fixed by changing the public header file definition of
     GENERAL_NAME so that x400Address reflects the implementation. It was not
     possible for any existing application to successfully use the existing
     definition; however, if any application references the x400Address field
     (e.g. in dead code), note that the type of this field has changed. There is
     no ABI change.
     [Hugo Landau]

  *) Fixed Use-after-free following BIO_new_NDEF.

     The public API function BIO_new_NDEF is a helper function used for
     streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
     to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
     be called directly by end user applications.

     The function receives a BIO from the caller, prepends a new BIO_f_asn1
     filter BIO onto the front of it to form a BIO chain, and then returns
     the new head of the BIO chain to the caller. Under certain conditions,
     for example if a CMS recipient public key is invalid, the new filter BIO
     is freed and the function returns a NULL result indicating a failure.
     However, in this case, the BIO chain is not properly cleaned up and the
     BIO passed by the caller still retains internal pointers to the previously
     freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
     then a use-after-free will occur. This will most likely result in a crash.
     (CVE-2023-0215)
     [Viktor Dukhovni, Matt Caswell]

  *) Fixed Double free after calling PEM_read_bio_ex.

     The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
     decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
     data. If the function succeeds then the "name_out", "header" and "data"
     arguments are populated with pointers to buffers containing the relevant
     decoded data. The caller is responsible for freeing those buffers. It is
     possible to construct a PEM file that results in 0 bytes of payload data.
     In this case PEM_read_bio_ex() will return a failure code but will populate
     the header argument with a pointer to a buffer that has already been freed.
     If the caller also frees this buffer then a double free will occur. This
     will most likely lead to a crash.

     The functions PEM_read_bio() and PEM_read() are simple wrappers around
     PEM_read_bio_ex() and therefore these functions are also directly affected.

     These functions are also called indirectly by a number of other OpenSSL
     functions including PEM_X509_INFO_read_bio_ex() and
     SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
     internal uses of these functions are not vulnerable because the caller does
     not free the header argument if PEM_read_bio_ex() returns a failure code.
     (CVE-2022-4450)
     [Kurt Roeckx, Matt Caswell]

  *) Fixed Timing Oracle in RSA Decryption.

     A timing based side channel exists in the OpenSSL RSA Decryption
     implementation which could be sufficient to recover a plaintext across
     a network in a Bleichenbacher style attack. To achieve a successful
     decryption an attacker would have to be able to send a very large number
     of trial messages for decryption. The vulnerability affects all RSA padding
     modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
     (CVE-2022-4304)
     [Dmitry Belyavsky, Hubert Kario]

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-02-12 00:08:29 +01:00
Xu Yiming
1a145ccb0a
kernel: kmod-fs-ntfs3: fix typo
Fix typo that mistaken the description of ntfs3 for fuse.

Signed-off-by: Xu Yiming <xuyiming.open@outlook.com>
2023-02-09 03:16:51 +01:00
Nick Hainke
b6bc924b19 e2fsprogs: update to 1.46.6
Release information:
https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6

Remove upstreamed patch:
- 004-CVE-2022-1304-libext2fs-add-sanity-check-to-extent-manipulation.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-08 00:14:53 +01:00
Leon M. George
67d2a7ef9e
base-files: ipcalc.sh: fix awk regex syntax
It worked fine before but gawk warns about it.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:58 +01:00
Leon M. George
2903924b57
base-files: ipcalc.sh: trim for statement
For gawk compatibility.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
e4bd3de1be
dnsmasq: refuse to add empty DHCP range
Use ipcalc's return value to react to invalid range specifications.
By simply ignoring the range instead of aborting with an error code,
dnsmasq should still start when there's an error (best effort).
Aborting the config generation or working with invalid range specs leaves
dnsmasq crash-looping which is the right thing to do concerning that
particular interface but it also hinders DHCP service on other interfaces
and DNS on the router itself.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
6ce9f42b98
base-files: ipcalc.sh: use shebang to invoke awk
There's hardly an shell logic in ipcalc.sh and a $* that would garble
parameter positions.
Move the awk invokation to the shebang.

A rename from "ipcalc.sh" to "ipcalc" is desirable but could prove tricky
with packages in other repositories depending on the filename.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
a40a96e54b
base-files: ipcalc.sh: fail when network is too small
It's possible to move range boundaries in a way that the start address
lies behind the end address.
Detect this condition and exit with an error message.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:56 +01:00
Leon M. George
4fe106afd1
base-files: ipcalc.sh: don't include own address in range
Make sure our own address doesn't lie in the calculated range.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:56 +01:00
Leon M. George
00a20335ba
base-files: ipcalc.sh: check for params before calculating start/end
With this patch, ipcalc only calculates range boundaries if the
corresponding parameters are supplied.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:52 +01:00
Christian Marangi
f28a604df4
iwinfo: bump to latest git HEAD
c7eb8eb nl80211: restore iterating over all devices in nl80211_phy2ifname()

Fixes: #11902
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-06 21:36:51 +01:00
Christian Marangi
3ef655375a
fstools: bump to latest Git HEAD
14d535e partname: Correct fstools_partname_fallback_scan comparison

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-04 20:04:58 +01:00
Brian Norris
3cd882744d base-files: upgrade: Fix export_partdevice() quoting
$BOOTDEV_MAJOR may be empty for many of the uevents parsed in this
function. This condition thus tends to fail benignly (we just skip to
the next device), but it can really clutter the stage2 sysupgrade
stderr, since it looks like the "=" operand doesn't have an appropriate
left-hand argument.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-02-03 14:09:46 +01:00
Brian Norris
ecafdfa894 kernel: modules: add lkdtm module
Useful for debugging panic/error handling, crash logging, and more.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-02-03 13:48:11 +01:00
Jan Hoffmann
b91d7d9d78 ltq-*-app: extend ubus metrics/statistics
Expose a few additional useful values via ubus:

- Channel error counters (CRC, FEC)
- Retransmission counters (MINEFTR, LEFTRS)
- Impulse noise protection level
- Rate adaptation mode
- OLR statistics (Bitswap, SRA, SOS)
- Pilot tones
- Upstream/downstream band information

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2023-02-03 13:40:47 +01:00
Jan Hoffmann
723963543a ltq-vdsl-vr9: fix upstream MINEFTR
The upstream value read from the device seems to already be in bits per
second, so there is no need to multiply by 1000 again (which for typical
values causes an overflow of the 32-bit unsigned integer).

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2023-02-03 13:33:36 +01:00
Chen Minqiang
fcde517d35 wolfssl: fix build with make < 4.2
Inline the preinst.arm-ce script. Support for including was added in
make 4.2 and is not working with older make versions.

Fixes: https://github.com/openwrt/openwrt/issues/11866
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2023-02-03 12:18:19 +01:00
Glenn Strauss
2a691fc7f2 mbedtls: x509 crt verify SAN iPAddress
backport from
X509 crt verify SAN iPAddress
https://github.com/Mbed-TLS/mbedtls/pull/6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
https://github.com/Mbed-TLS/mbedtls/issues/6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
https://github.com/openwrt/packages/issues/19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-02-03 11:27:58 +01:00
Felix Fietkau
acd8e94d20 mt76: update PKG_SOURCE_HASH
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-02 11:37:48 +01:00
Felix Fietkau
ff4c872c7c mt76: fix typo in PKG_SOURCE_DATE
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-02 11:36:50 +01:00
Felix Fietkau
521efb62eb mt76: update to the latest version, import WED related mtk_eth_soc patches
6c256218e59e wifi: mt76: dma: use napi_build_skb
679254c50f27 mt7915: add CONFIG_MT76_LEDS to cflags
15b9dd6b1b6a wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work
8e5c21fe7c5c wifi: mt76: mt7915: rework mt7915_mcu_set_thermal_throttling
87cb74fe42d9 wifi: mt76: mt7915: rework mt7915_thermal_temp_store()
c6f24b83eba5 wifi: mt76: mt7915: add error message in mt7915_thermal_set_cur_throttle_state()
99e96b89ee4d wifi: mt76: mt7915: add chip id condition in mt7915_check_eeprom()
833cd420480f wifi: mt76: mt7921: fix channel switch fail in monitor mode
f1f8bae6092d wifi: mt76: mt7921: add ack signal support
f47087a6dd62 wifi: mt76: mt7996: fix chainmask calculation in mt7996_set_antenna()
2f3b0acc1588 wifi: mt76: mt7996: update register for CFEND_RATE
7e9540dcbd70 wifi: mt76: mt7996: do not hardcode vht beamform cap
a37e427d0959 wifi: mt76: connac: fix POWER_CTRL command name typo
98aa346042bd wifi: mt76: mt7915: remove BW160 and BW80+80 support
94fed6a43541 wifi: mt76: mt7921: fix invalid remain_on_channel duration
3c162384d80a wifi: mt76: introduce mt76_queue_is_wed_rx utility routine
a409a9454587 wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit
8b27ecd3a684 wifi: mt76: mt7996: fix memory leak in mt7996_mcu_exit
683760461dd0 wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
0c750cf08f85 wifi: mt76: dma: fix memory leak running mt76_dma_tx_cleanup
5de9ae29bea2 wifi: mt76: mt7915: avoid mcu_restart function pointer
dad96dd3e62d wifi: mt76: mt7603: avoid mcu_restart function pointer
19d36dd9c8ea wifi: mt76: mt7615: avoid mcu_restart function pointer
6fe2c2383d3d wifi: mt76: mt7921: avoid mcu_restart function pointer
9df89143bf71 wifi: mt76: mt7915: get rid of wed rx_buf_ring page_frag_cache
8d51d11760cb wifi: mt76: fix switch default case in mt7996_reverse_frag0_hdr_trans
0d8057dbd51c wifi: mt76: mt7921u: add support for Comfast CF-952AX
ddbf4e933d54 wifi: mt76: mt7915: set sku initial value to zero
06a8904e954e wifi: mt76: mt7915: wed: enable red per-band token drop
724a337caef9 wifi: mt76: mt7915: fix WED TxS reporting
747ca943a5bb wifi: mt76: add flexible polling wait-interval support
133d7859977a wifi: mt76: mt7921: reduce polling time in pmctrl
5fe319a0550e wifi: mt76: add memory barrier to SDIO queue kick
822f060b9d19 wifi: mt76: mt7921: fix rx filter incorrect by drv/fw inconsistent
c6794954a723 wifi: mt76: mt7915: fix memory leak in mt7915_mmio_wed_init_rx_buf
9686cd7cc65c wifi: mt76: switch to page_pool allocator
04da4eaa8235 wifi: mt76: enable page_pool stats
1af4a911ebcb wifi: mt76: mt7915: release rxwi in mt7915_wed_release_rx_buf
e8c10835cf06 wifi: mt76: fix compile error without CONFIG_PAGE_POOL_STATS
0cf0ede7cc42 net: ethernet: mtk_wed: add reset to rx_ring_setup callback
715b3ed9708a net: ethernet: mtk_wed: add reset to tx_ring_setup callback
9107381d0ff3 wifi: mt76: mt7921: fix error code of return in mt7921_acpi_read
36d2a5bf7802 wifi: mt76: mt7996: rely on mt76_connac2_mac_tx_rate_val
c67f57d2cda2 wifi: mt76: dma: add reset to mt76_dma_wed_setup signature
3dace36e2941 wifi: mt76: dma: reset wed queues in mt76_dma_rx_reset
4b229d2da562 wifi: mt76: mt7915: add mt7915 wed reset callbacks
f83958376085 wifi: mt76: mt7915: complete wed reset support
321edbb414dc wifi: mt76: mt7996: rely on mt76_connac_txp_common structure
bdb7dc38a6d1 wifi: mt76: mt7996: rely on mt76_connac_txp_skb_unmap
8688756305c6 wifi: mt76: mt7996: rely on mt76_connac_tx_complete_skb
fbf986dbd4c0 wifi: mt76: mt7996: rely on mt76_connac2_mac_decode_he_radiotap
adc556cbce37 wifi: mt76: mt7996: avoid mcu_restart function pointer
5eb4e2303be4 wifi: mt76: remove __mt76_mcu_restart macro
e7a61c5f70f5 wifi: mt76: add EHT phy type
b375845abc10 wifi: mt76: connac: add CMD_CBW_320MHZ
68b17a243332 wifi: mt76: connac: add helpers for EHT capability
02ec1f61b3a2 wifi: mt76: connac: add cmd id related to EHT support
9209294cd81b wifi: mt76: increase wcid size to 1088
5e85136c9b2f wifi: mt76: add EHT rate stats for ethtool
a171f672fdeb wifi: mt76: mt7996: add variants support
eda8fd62c105 wifi: mt76: mt7996: add helpers for wtbl and interface limit
4a5a9f4cdc3b wifi: mt76: mt7996: rework capability init
06b73c155680 wifi: mt76: mt7996: add EHT capability init
ae71a1b8294f wifi: mt76: mt7996: add support for EHT rate report
65bdfae2991d wifi: mt76: mt7996: enable EHT support in firmware
b2360d59747c wifi: mt76: mt7996: add EHT beamforming support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-02 11:16:49 +01:00
Petr Štetiar
3d7d93cf65 ubus: fix wrong package mirror hash
I've somehow managed to commit wrong package mirror hash in commit 36076b5a40
("ubus: update to version 2022-06-15"), so lets fix it by using a proper
one.

Fixes: 36076b5a40 ("ubus: update to version 2022-06-15")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-01-30 10:58:00 +01:00
Felix Fietkau
83d3e255f1 bridger: update to the latest version
8be8bb9df789 nl: fix accessing hairpin mode and isolated from the right attribute set

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-01-29 10:08:21 +01:00
Felix Fietkau
908397f6d2 mac80211: backport napi_build_skb for 5.10
It is needed for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-01-29 10:08:21 +01:00
Felix Fietkau
74e5e213da ucode: update to the latest version
1c8df08824ef style: add .editorconfig file
ec167d39b803 nl80211: refactor command bitmask handling
6704ec0d5b29 nl80211: add support for registering an uloop based listener
48a6eac1da15 fs: implement `fs.pipe()`
f1be0d725735 types: fix array unshift operations and add test coverage
941d14837faf Merge pull request #138 from nbd168/nl80211

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-01-29 10:08:21 +01:00
Daniel Golle
90dbdb4941 uboot-envtools: filogic: bpi-r3: fix env selection
Selecting the environment when booting from SD card has been broken by
a previous commit. Fix it.

Fixes: f46355b4d7 ("uboot-envtools: mediatek_filogic: fix BPi-R3 when no OS is installed")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-01-29 03:43:58 +00:00
Daniel Golle
e51a57e192 uboot-envtools: mt7622: bpi-r64: fix env selection
Selecting the environment when booting from SD card has been broken by
a previous commit. Fix it.

Fixes: 84b5b0f88c ("uboot-envtools: mediatek/mt7622: don't rely on mapped rootfs")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-01-29 03:43:58 +00:00
Chen Minqiang
781a3ae5dc base-files: fix nand_do_platform_check fail
This change ensures compatibility with both types of sysupgrade-tar files.

1. For some boards like xiaomi,redmi-router-ax6s, sysupgrade-tar
   is pack in directory `vendor,name/`

2. For some boards like xiaomi,mi-router-3g, sysupgrade-tar is pack
   in directory `vendor_name/`

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2023-01-29 01:02:45 +00:00
Andre Heider
b246385126 ucode: move to the lang submenu
Just as lua or the various languages from the package feed.
libucode is the exception, so move it to the libs menu instead.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-28 22:37:35 +01:00
Andre Heider
9902c8520b uhttpd: clean up Makefile
uhttpd's cmake options all default to ON. Either we set all of them or
none if the defaults need to be changed. Let's go with the latter.

Because support for all modules is always compiled in, remove two unused
and useless config toggles.

uhttpd detects and uses libcrypt itself, no need to add it here again.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-28 22:37:35 +01:00
Hauke Mehrtens
d1893f1c88 px5g-mbedtls: Use getrandom()
Instead of accessing /dev/urandom use the getrandom syscall. This way we
do not have to keep the file open all the time.
This also fixes a compile error with glibc:

--------
px5g-mbedtls.c: In function '_urandom':
px5g-mbedtls.c:48:9: error: ignoring return value of 'read' declared with attribute 'warn_unused_result' [-Werror=unused-result]
   48 |         read(urandom_fd, out, len);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
--------

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 22:26:06 +01:00
Tony Butler
a7f3a51982 kernel: add kmod-lib-842
"842" is a compression scheme and this is the software implementation
which is too slow to really use beyond a proof of concept.  It can be
selected in ZRAM, ZSWAP, or `fs/pstore`, and is here for completeness.
In general you need a Power8 or better with 842-in-hardware for it to
be fast, but other 842-accelerators are emerging.

Signed-off-by: Tony Butler <spudz76@gmail.com>
2023-01-28 21:19:17 +01:00
Michael Pratt
52992efc34 ath79: add support for Senao Engenius EWS660AP
FCC ID: A8J-EWS660AP

Engenius EWS660AP is an outdoor wireless access point with
2 gigabit ethernet ports, dual-band wireless,
internal antenna plates, and 802.3at PoE+

**Specification:**

  - QCA9558 SOC		2.4 GHz, 3x3
  - QCA9880 WLAN	mini PCIe card, 5 GHz, 3x3, 26dBm
  - AR8035-A PHY	RGMII GbE with PoE+ IN
  - AR8033 PHY		SGMII GbE with PoE+ OUT
  - 40 MHz clock
  - 16 MB FLASH		MX25L12845EMI-10G
  - 2x 64 MB RAM
  - UART at J1		populated, RX grounded
  - 6 internal antenna plates (5 dbi, omni-directional)
  - 5 LEDs, 1 button (power, eth0, eth1, 2G, 5G) (reset)

**MAC addresses:**

  Base MAC addressed labeled as "MAC"
  Only one Vendor MAC address in flash

  eth0 *:d4 MAC art 0x0
  eth1 *:d5 --- art 0x0 +1
  phy1 *:d6 --- art 0x0 +2
  phy0 *:d7 --- art 0x0 +3

**Serial Access:**

  the RX line on the board for UART is shorted to ground by resistor R176
  therefore it must be removed to use the console
  but it is not necessary to remove to view boot log

  optionally, R175 can be replaced with a solder bridge short

  the resistors R175 and R176 are next to the UART RX pin

**Installation:**

  2 ways to flash factory.bin from OEM:

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fd70000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

**Return to OEM:**

  If you have a serial cable, see Serial Failsafe instructions
  otherwise, uboot-env can be used to make uboot load the failsafe image

  ssh into openwrt and run
  `fw_setenv rootfs_checksum 0`
  reboot, wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

**TFTP recovery:**

  Requires serial console, reset button does nothing

  rename initramfs.bin to '0101A8C0.img'
  make available on TFTP server at 192.168.1.101
  power board, interrupt boot
  execute tftpboot and bootm 0x81000000

**Format of OEM firmware image:**

  The OEM software of EWS660AP is a heavily modified version
  of Openwrt Kamikaze. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-ar71xx-generic-ews660ap-uImage-lzma.bin
    openwrt-ar71xx-generic-ews660ap-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring.

  Newer EnGenius software requires more checks but their script
  includes a way to skip them, otherwise the tar must include
  a text file with the version and md5sums in a deprecated format.

  The OEM upgrade script is at /etc/fwupgrade.sh.

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  The clock delay required for RGMII can be applied
  at the PHY side, using the at803x driver `phy-mode`.
  Therefore the PLL registers for GMAC0
  do not need the bits for delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

Tested-by: Niklas Arnitz <openwrt@arnitz.email>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-01-28 20:34:00 +01:00
Nick Hainke
364a9be338 ethtool: update to 6.1
Release notes:
https://lore.kernel.org/netdev/20221219225600.r54vejiqapn266cm@lion.mk-sys.cz/T/

Add patches fixing compilation:
- 100-uapi-Bring-in-if-h.patch
- 101-netlink-Fix-maybe-uninitialized-meters-variable.patch
- 102-raw-marvell-c-Fix-build-with-musl-libc.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-28 20:26:22 +01:00
Hauke Mehrtens
015c108755 relayd: bump to version 2023-01-28
f646ba4 route: Fix compile warning with glibc

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 20:24:22 +01:00
Hauke Mehrtens
d14559e9df uhttpd: update to latest Git HEAD
47561aa mimetypes: add audio/video support for apple airplay
6341357 ucode: respect all arguments passed to send()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 19:31:42 +01:00
David Bauer
a63430eac3 mac80211: use 802.11ax iw modes
This adds missing HE modes to mac80211_prepare_ht_modes.

Previously mesh without wpa_supplicant would be initialized with 802.11g
/NO-HT only, as this method did not parse channel bandwidth for HE
operation.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-01-28 13:53:39 +01:00
Petr Štetiar
36076b5a40 ubus: update to version 2022-06-15
Update which contains just a following fix:

 * ubusd: add lookup command queuing support

   Defers and continues a client's lookup command to avoid unnecessary
   buffering under load.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-01-27 11:04:07 +01:00
Nick Hainke
1a47f19080 linux-firmware: update to 20230117
Changes:
32d3199 linux-firmware: Update firmware file for Intel Bluetooth AX201
2da8a7a linux-firmware: Update firmware file for Intel Bluetooth AX201
8b5ddf4 linux-firmware: Update firmware file for Intel Bluetooth AX211
4219dac linux-firmware: Update firmware file for Intel Bluetooth AX211
fb34135 linux-firmware: Update firmware file for Intel Bluetooth AX210
becd3fc linux-firmware: Update firmware file for Intel Bluetooth AX200
7101c57 linux-firmware: Update firmware file for Intel Bluetooth AX201
49e87fa linux-firmware: Update firmware file for Intel Bluetooth 9560
86b73ce linux-firmware: Update firmware file for Intel Bluetooth 9260
3723b48 brcm: add configuration files for CyberTan WC121
7f626ef qcom: add firmware files for Adreno A200
fc5a25f rtw89: 8852c: update fw to v0.27.56.10
2ba1bea  QCA: Add Bluetooth firmware for QCA2066
a1ad1d5 amdgpu: add VCN4.0.4 firmware from amd-5.4
9e01e17 amdgpu: add SMU13.0.7 firmware from amd-5.4
3a50eb8 amdgpu: add SDMA6.0.2 firmware from amd-5.4
19995fb amdgpu: add PSP13.0.7 firmware from amd-5.4
32e7c93 amdgpu: add GC11.0.2 firmware from amd-5.4
20c8060 amdgpu: add DCN3.2.1 firmware from amd-5.4
5c8e895 amdgpu: update VCN4.0.0 firmware from amd-5.4
66b3435 amdgpu: update SMU13.0.0 firmware from amd-5.4
604df78 amdgpu: update SDMA6.0.0 firmware from amd-5.4
3e9169a amdgpu: update PSP13.0.0 firmware from amd-5.4
bd1b7f7 amdgpu: update GC11.0.0 firmware from amd-5.4
c8ff1f4 iwlwifi: add new FWs from core76-35 release
5630963 iwlwifi: update cc/Qu/QuZ firmwares for core76-35 release
8bbec22 iwlwifi: add new FWs from core75-47 release
e20a687 iwlwifi: update 9000-family firmwares to core75-47
504b691 amdgpu: update renoir DMCUB firmware
1ed02d5 amdgpu: Update renoir PSP firmware
d0598c3 amdgpu: update copyright date for LICENSE.amdgpu
cee86df linux-firmware: update firmware for MT7921 WiFi device
e2d1174 linux-firmware: update firmware for MT7922 WiFi device
ce7cc73 linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
91f4c6b linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
52e62d6 cxgb4: Update firmware to revision 1.27.1.0
4704e25 qca: Update firmware files for BT chip WCN6750
c9c1958 rtw89: 8852c: update fw to v0.27.56.9
9e91f0c rtw89: 8852c: update fw to v0.27.56.8

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-26 22:15:43 +01:00
Linhui Liu
340d3d84dc firmware: intel-microcode: update to 20221108
Changelog:
  * New Microcodes:
    sig 0x000606c1, pf_mask 0x10, 2022-08-07, rev 0x1000201, size 286720
    sig 0x000b0671, pf_mask 0x32, 2022-09-07, rev 0x010e, size 204800

  * Updated Microcodes:
    sig 0x000706e5, pf_mask 0x80, 2022-08-02, rev 0x00b6, size 113664
    sig 0x000806c1, pf_mask 0x80, 2022-06-28, rev 0x00a6, size 110592
    sig 0x000806d1, pf_mask 0xc2, 2022-06-28, rev 0x0042, size 102400
    sig 0x000806ec, pf_mask 0x94, 2022-07-31, rev 0x00f4, size 105472
    sig 0x00090661, pf_mask 0x01, 2022-07-15, rev 0x0017, size 20480
    sig 0x00090672, pf_mask 0x07, 2022-09-19, rev 0x0026, size 218112
    sig 0x00090675, pf_mask 0x07, 2022-09-19, rev 0x0026
    sig 0x000b06f2, pf_mask 0x07, 2022-09-19, rev 0x0026
    sig 0x000b06f5, pf_mask 0x07, 2022-09-19, rev 0x0026
    sig 0x000906a3, pf_mask 0x80, 2022-09-19, rev 0x0424, size 217088
    sig 0x000906a4, pf_mask 0x80, 2022-09-19, rev 0x0424
    sig 0x000906ed, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 104448
    sig 0x000a0652, pf_mask 0x20, 2022-07-31, rev 0x00f4, size 96256
    sig 0x000a0653, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 97280
    sig 0x000a0655, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 96256
    sig 0x000a0660, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 97280
    sig 0x000a0661, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 96256
    sig 0x000a0671, pf_mask 0x02, 2022-08-02, rev 0x0056, size 103424

We need to update to this version because
https://ftp.debian.org/debian/pool/non-free/i/intel-microcode/intel-microcode_3.20220809.1.tar.xz
has been removed.

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
2023-01-26 00:22:08 +01:00
Nick Hainke
d68a73a025 tcpdump: update to 4.99.3
Changes:
https://git.tcpdump.org/tcpdump/blob/032e4923e5202ea4d5a6d1cead83ed1927135874:/CHANGES

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-26 00:17:59 +01:00
Wenli Looi
f0eb73a888 ath79: consolidate Netgear EX7300 series images
This change consolidates Netgear EX7300 series devices into two images
corresponding to devices that share the same manufacturer firmware
image. Similar to the manufacturer firmware, the actual device model is
detected at runtime. The logic is taken from the netgear GPL dumps in a
file called generate_board_conf.sh.

Hardware details for EX7300 v2 variants
---------------------------------------
SoC: QCN5502
Flash: 16 MiB
RAM: 128 MiB
Ethernet: 1 gigabit port
Wireless 2.4GHz (currently unsupported due to lack of ath9k support):
- EX6250 / EX6400 v2 / EX6410 / EX6420: QCN5502 3x3
- EX7300 v2 / EX7320: QCN5502 4x4
Wireless 5GHz:
- EX6250: QCA9986 3x3 (detected by ath10k as QCA9984 3x3)
- EX6400 v2 / EX6410 / EX6420 / EX7300 v2 / EX7320: QCA9984 4x4

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2023-01-25 00:42:52 +01:00
Christian Marangi
b61404a6ad
rssileds: bump PKG_RELEASE due to libiwinfo ABI change
Bump PKG_RELEASE due to libiwinfo ABI change to trigger a package
rebuild.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-23 13:55:42 +01:00
Christian Marangi
114c168522
rpcd: bump libiwinfo abi requirement to >= 2023-01-21
Bump libiwinfo abi requirement to >= 2023-01-21 for rpcd.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-23 13:55:42 +01:00
Christian Marangi
57586ddd71
iwinfo: update to latest Git HEAD
1e4e709 iwinfo: readd missing define for IWINFO_AUTH in header

Fixes: #11860
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-23 13:54:13 +01:00
Christian Marangi
fb7f4d4b54
fstool: bump to latest Git HEAD
1ea5855 partname: Introduce fstools_partname_fallback_scan option

While at it also drop AUTORELEASE from PKG_RELEASE.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-22 17:30:42 +01:00
ValdikSS ValdikSS
2fc170cc21 openssl: fix VIA Padlock AES-192 and 256 encryption
Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.

This commit correctly sets the number of swapping loops to be done.

Upstream: 2bcf8e69bd

Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: ValdikSS ValdikSS <iam@valdikss.org.ru>
2023-01-22 01:33:33 +01:00
Hannu Nyman
a57796b137
dnsmasq: set an increased cachesize default value
Dnsmasq DNS cache size is only 150 by default.
Set the uci default value to 1000, so that cache gets used more
and unnecessary DNS queries to upstream can be avoided.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2023-01-21 11:13:44 +01:00
Christian Marangi
5d409062a3
rpcd: update to latest Git HEAD
c0df2a7 iwinfo: add "band" and "mhz" to the scan output
06ad60f iwinfo: add "band" to the freqlist output
b32fd32 iwinfo: add flags to freqlist output

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-21 01:26:19 +01:00
Christian Marangi
f3d8de7398
iwinfo: update to latest Git HEAD
Bump ABI to 20230121 due to struct changes

f766138 cli: print the flags on the frequency list
8ee7971 lib: add IWINFO_FREQ_FLAG_NAMES
81184d2 nl80211: fix some comments
2c4ee84 nl80211: prefer non-supplicant-based devices
6194aaf nl80211: simplify iterating over phy's devices
acbf4fe nl80211: remove redundant check in nl80211_phy2ifname()
0172c97 cli: print the frequency and band on the scan list
bbe424f cli: print the band on the frequency list
afa147c nl80211: add "mhz" and "band" to iwinfo_scanlist_entry
0d5ea34 nl80211: add "band" to iwinfo_freqlist_entry
dba0f06 nl80211: add support for radiation and indoor chan restriction
7e3d7de iwinfo: reorganize iwinfo header to enum and defines
9b47b03 devices: add USB devices supported by the mt76 driver
c0fda7c utils: skip comment lines when parsing devices.txt
dbc0ee7 cli: describe USB devices as such
891acee devices: add MediaTek MT7628 card
fac0787 devices: add support for declaring compatible matched devices

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-21 01:23:22 +01:00