Commit Graph

19367 Commits

Author SHA1 Message Date
Hauke Mehrtens
1c7a167366 kernel: kmod-phy-smsc: Add new PHY
This adds the SMSC PHY which is needed by the kmod-usb-net-smsc95xx
driver.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5b016a88f9)
2022-08-14 00:29:19 +02:00
Hauke Mehrtens
fd4a354f3e kernel: kmod-phy-ax88796b: Add new PHY
This adds the AX88796B PHY which is needed by the kmod-usb-net-asix
driver.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 712ff388bc)
2022-08-14 00:29:19 +02:00
Hauke Mehrtens
13d66ef33f kernel: kmod-ipt-ulog: Remove package
The ulog iptables target was removed with kernel 3.17, remove the kernel
and also the iptables package in OpenWrt too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2a0284fb03)
2022-08-14 00:29:19 +02:00
Hauke Mehrtens
534e256c02 kernel: kmod-nft-nat6: Remove package
The nft NAT packages for IPv4 and IPv6 were merged into the common
packages with kernel 5.1. The kmod-nft-nat6 package was empty in our
build, remove it.

Multiple kernel configuration options were also removed, remove them
from our generic kernel configuration too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b75425370d)
2022-08-14 00:29:19 +02:00
Hauke Mehrtens
2a6fa77b77 kernel: ipt-ipset: Add ipset/ip_set_hash_ipmac.ko
Add the ipset/ip_set_hash_ipmac.ko file. The CONFIG_IP_SET_HASH_IPMAC
KConfig option is already set by the package.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 6a2e9f3da6)
2022-08-14 00:06:21 +02:00
Thomas Langer
fc05102d51 kernel: netsupport: kmod-sched: explicitly define included modules
Change SCHED_MODULES_EXTRA to an explicit list of modules
instead of taking everything that is not filtered out.
This removes the need of updating the filter each time an extra
sch_*, act_* or similar is added with an own kmod definition.

Signed-off-by: Thomas Langer <tlanger@maxlinear.com>
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 1b956e66cc)
2022-08-14 00:01:48 +02:00
Hauke Mehrtens
3b51f74a91 kernel: netsupport: kmod-sched: Add kmod-lib-textsearch dependency
The CONFIG_NET_EMATCH_TEXT configuration option depends on the
kmod-lib-textsearch package.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 3cc878a8d3)
2022-08-14 00:01:48 +02:00
Hauke Mehrtens
9727b71147 kernel: netsupport: kmod-sched: Remove sch_fq_codel and sch_fifo
The sch_fq_codel.ko and the sch_fifo.ko are always compiled into the
kernel, they are activated in the generic kernel configuration. There is
no need to activate the build of these kernel modules in the kmod-sched*
packages.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 606e357bf8)
2022-08-14 00:01:48 +02:00
Daniel Golle
0038e96c27 arm-trusted-firmware-mediatek: skip bad blocks on SPI-NAND (SNFI)
Add patch to skip bad blocks when reading from SPI-NAND. This is needed
in case erase block(s) early in the flash inside the FIP area are bad
and hence need to be skipped in order to be able to boot on such damaged
chips.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c0109537d1)
2022-08-12 22:47:39 +02:00
Florian Eckert
5c69416246 fstools: add uci fstab section to conffiles for package block-mount
The command 'opkg search /etc/config/fstab' does not return a package
name for this config file. In order to know to which package this config
file belongs to, a 'conffiles' entry was made for this file to package
'block-mount'.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 885f04b305)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-12 22:46:51 +02:00
Vincent Pelletier
0855549b4b kernel: scale nf_conntrack_max more reasonably
Use the kernel's built-in formula for computing this value.
The value applied by OpenWRT's sysctl configuration file does not scale
with the available memory, under-using hardware capabilities.
Also, that formula also influences net.netfilter.nf_conntrack_buckets,
which should improve conntrack performance in average (fewer connections
per hashtable bucket).

Backport upstream commit for its effect on the number of connections per
hashtable bucket.

Apply a hack patch to set the RAM size divisor to a more reasonable value (2048,
down from 16384) for our use case, a typical router handling several thousands
of connections.

Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 15fbb91666)
2022-08-11 21:54:09 +01:00
Bruno Victal
0179ba7851 dnsmasq: fix jail_mount for serversfile
Fix 'serversfile' option not being jail_mounted by the init script.

Signed-off-by: Bruno Victal <brunovictal@outlook.com>
(cherry picked from commit 0276fab649)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-10 15:06:30 +02:00
Petr Štetiar
707ec48ab3 zlib: backport null dereference fix
The curl developers found test case that crashed in their testing when
using zlib patched against CVE-2022-37434, same patch we've backported
in commit 7df6795d4c ("zlib: backport fix for heap-based buffer
over-read (CVE-2022-37434)"). So we need to backport following patch in
order to fix issue introduced in that previous CVE-2022-37434 fix.

References: https://github.com/curl/curl/issues/9271
Fixes: 7df6795d4c ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f443e9de70)
2022-08-09 08:12:46 +02:00
Petr Štetiar
5e0173de51 zlib: bump PKG_RELEASE after CVE fix
Fixing missed bump of PKG_RELEASE while backporting commit 7561eab8e8
("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)")
as package in master is using AUTORELEASE.

Fixes: 7561eab8e8 ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-08-08 09:55:33 +02:00
Petr Štetiar
7561eab8e8 zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow
in inflate in inflate.c via a large gzip header extra field. NOTE: only
applications that call inflateGetHeader are affected. Some common
applications bundle the affected zlib source code but may be unable to
call inflateGetHeader.

Fixes: CVE-2022-37434
References: https://github.com/ivd38/zlib_overflow
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 7df6795d4c)
2022-08-08 09:46:36 +02:00
Hans Dedecker
1f9d603141 odhcpd: update to git HEAD
860ca90 odhcpd: Support for Option NTP and SNTP
83e14f4 router: advertise removed addresses as invalid in 3 consecutive RAs

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 73c6d8fd04)
2022-08-07 12:38:55 +02:00
Andre Heider
39ac29a68a uboot-mvebu: update to v2022.07
- Release announcement:
https://lore.kernel.org/u-boot/20220711134339.GV1146598@bill-the-cat/

- Changes between 2022.04 and 2022.07:
https://source.denx.de/u-boot/u-boot/-/compare/v2022.04...v2022.07?from_project_id=531

Remove one upstreamed patch and add patch to fix issue with sunxi tool
as it uses function from newer version libressl (3.5.0).

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [Turris Omnia]
(cherry picked from commit 24bf6813bad98a8eba5430ed5e4da89d54797274)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[Improve commit message]
2022-08-06 22:25:43 +02:00
Wenli Looi
247ef07540 ramips: support fw_printenv for Netgear WAX202
Config partition contains uboot env for the first 0x20000 bytes.
The rest of the partition contains other data including the device MAC
address and the password printed on the label.

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
(cherry picked from commit 0bfe1cfbb1)
2022-08-06 22:25:13 +02:00
Chen Minqiang
62fff4e1e6 umdns: add missing syscall to seccomp filter
There is some syscall missing:
'getdents64'
'getrandom'
'statx'
'newfstatat'

Found with:
'mkdir /etc/umdns; ln -s /tmp/1.json /etc/umdns/; utrace /usr/sbin/umdns'

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
(cherry picked from commit 31cca8f8d3)
2022-08-06 22:25:07 +02:00
Oleg S
ecf0dc7055 ramips: Add support command fw_setsys for Xiaomi routers
The system parameters are contained in the Bdata partition.
To use the fw_setsys command, you need to create a file
fw_sys.config.
This file is created after calling the functions
ubootenv_add_uci_sys_config and ubootenv_add_app_config.

Signed-off-by: Oleg S <remittor@gmail.com>
[ wrapped commit description to 72 char ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6c7e337c80)
2022-08-06 22:24:42 +02:00
Roland Barenbrug
bd9bb13012 ltq-vdsl-app: Fix counter overflow resulting in negative values
The re-transmit counters can overflow the 32 bit representation resulting
in negative values being displayed. Background being that the numbers are
treated at some point as signed INT rather than unsigned INT.
Change the counters from 32 bit to 64 bit, should provide sufficient room
to avoid any overflow. Not the nicest solution but it works

Fixes: #10077
Signed-off-by: Roland Barenbrug <roland@treslong.com>
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit 456b9029d7)
2022-08-06 22:24:39 +02:00
Mark Mentovai
daa73dc681 libmnl: fix build when bash is not located at /bin/bash
This fixes the libmnl build on macOS, which ships with an outdated bash
at /bin/bash. During the OpenWrt build, a modern host bash is built and
made available at staging_dir/host/bin/bash, which is present before
/bin/bash in the build's PATH.

This is similar to 8f7ce3aa6d, presently appearing at
package/kernel/mac80211/patches/build/001-fix_build.patch.

Signed-off-by: Mark Mentovai <mark@mentovai.com>
(cherry picked from commit beeb49740b)
2022-08-05 15:24:57 +02:00
Hauke Mehrtens
596efe1356 OpenWrt v22.03.0-rc6: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-01 00:05:33 +02:00
Hauke Mehrtens
f1ff3fd95c OpenWrt v22.03.0-rc6: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-01 00:05:27 +02:00
Hauke Mehrtens
042d558536 mac80211: Update to version 5.15.58-1
This updates mac80211 to version 5.15.58-1 which is based on kernel
5.15.58.
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3aa18f71f9)
2022-07-31 17:12:47 +02:00
John Audia
c9cc3189ed wolfssl: fix math library build
Apply upstream patch[1] to fix breakage around math libraries.
This can likely be removed when 5.5.0-stable is tagged and released.

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

1. https://github.com/wolfSSL/wolfssl/pull/5390

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit c2aa816f28)
2022-07-31 17:12:47 +02:00
Dávid Benko
535f4a5bff odhcp6c: update to latest git HEAD
9212bfc odhcp6c: fix IA discard when T1 > 0 and T2 = 0

Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
(cherry picked from commit f920908626)
2022-07-31 17:12:47 +02:00
Michael Pratt
5a7bcd6977 firewall3: update file hash
the hash and timestamp of the remote copy of the archive
has changed since last bump
meaning the remote archive copy was recreated

Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit ba7da73680)
2022-07-31 17:12:47 +02:00
Claudiu Beznea
c5f0eab222 uboot-at91: fix build on buildbots
Buidbots are throwing the following compile error:

In file included from tools/aisimage.c:9:
include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
            ^~~~~~~~~~~~~~~
compilation terminated.

Fix it by passing `UBOOT_MAKE_FLAGS` variable to make.

Suggested-by: Petr Štetiar <ynezz@true.cz>
Fixes: 6d5611af28 ("uboot-at91: update to linux4sam-2022.04")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
(cherry picked from commit 95a24b5479)
2022-07-31 17:12:47 +02:00
Claudiu Beznea
972b833e91 uboot-at91: update to linux4sam-2022.04
Update uboot-at91 to linux4sam-2022.04. As linux4sam-2022.04 is based on
U-Boot v2022.01 which contains commit
93b196532254 ("Makefile: Only build dtc if needed") removed also the DTC
variable passed to MAKE to force the compilation of DTC.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
(cherry picked from commit 6d5611af28)
2022-07-31 17:12:47 +02:00
Claudiu Beznea
39810995fb at91bootstrap: update at91bootstrap v4 targets to v4.0.3
Update AT91Bootstrap v4 capable targets to v4.0.3.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
(cherry picked from commit 859f5f9aec)
2022-07-31 17:12:47 +02:00
Jo-Philipp Wich
8b6b73d0e8 wolfssl: make shared again
Disable the usage of target specific CPU crypto instructions by default
to allow the package being shared again. Since WolfSSL does not offer
a stable ABI or a long term support version suitable for OpenWrt release
timeframes, we're forced to frequently update it which is greatly
complicated by the package being nonshared.

People who want or need CPU crypto instruction support can enable it in
menuconfig while building custom images for the few platforms that support
them.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 0063e3421d)
2022-07-30 17:22:16 +02:00
Rafał Miłecki
e0d3dc5de1 uboot-bcm4908: include SoC in output files
This fixes problem of overwriting BCM4908 U-Boot and DTB files by
BCM4912 ones. That bug didn't allow booting BCM4908 devices.

Fixes: f4c2dab544 ("uboot-bcm4908: add BCM4912 build")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a8e1e30543)
2022-07-28 00:50:13 +02:00
Christian Lamparter
f2c12b8940 layerscape: update PKG_HASH / PKG_MIRROR_HASH
The change of the PKG_VERSION caused the hash of the package to
change. This is because the PKG_VERSION is present in the
internal directory structure of the archive.

Fixes: 038d5bdab1 ("layerscape: use semantic versions for LSDK")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit e879cccaa2)
(cherry picked from commit d4391ef073)
2022-07-23 00:11:21 +02:00
Christian Lamparter
bddfd3f7ed sdk: add spidev-test to the bundle of userspace sources
moves and extends the current facilities, which have been
added some time ago for the the usbip utility, to support
more utilites that are shipped with the Linux kernel tree
to the SDK.

this allows to drop all the hand-waving and code for
failed previous attempts to mitigate the SDK build failures.

Fixes: bdaaf66e28 ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit b479db9062)
2022-07-22 22:26:26 +02:00
Hauke Mehrtens
a1068f77c9 wolfssl: Do not activate HW acceleration on armvirt by default
The armvirt target is also used to run OpenWrt in lxc on other targets
like a Raspberry Pi. If we set WOLFSSL_HAS_CPU_CRYPTO by default the
wolfssl binray is only working when the CPU supports the hardware crypto
extension.

Some targets like the Raspberry Pi do not support the ARM CPU crypto
extension, compile wolfssl without it by default. It is still possible
to activate it in custom builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d1b5d17d03)
2022-07-20 18:12:52 +02:00
Jianhui Zhao
dbe19b1041 libpcap: fix PKG_CONFIG_DEPENDS for rpcapd
This fix allows trigger a rerun of Build/Configure when
rpcapd was selected.

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
(cherry picked from commit 6902af4f30)
2022-07-20 18:12:52 +02:00
Pascal Ernster
a12eb71c88 wolfssl: WOLFSSL_HAS_WPAS requires WOLFSSL_HAS_DH
Without this, WOLFSSL_HAS_DH can be disabled even if WOLFSSL_HAS_WPAS is
enabled, resulting in an "Anonymous suite requires DH" error when trying
to compile wolfssl.

Signed-off-by: Pascal Ernster <git@hardfalcon.net>
Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 21825af2da)
2022-07-20 18:12:52 +02:00
Rui Salvaterra
cb9a69807e firewall3: bump to latest git HEAD
4cd7d4f Revert "firewall3: support table load on access on Linux 5.15+"
50979cc firewall3: remove unnecessary fw3_has_table

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry-picked from commit 435d7a052b)
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2022-07-19 21:30:56 +02:00
Josef Schlehofer
a8001815a6 opkg: update to 2022-02-24
Changes:
9c44557 opkg_remove: avoid remove pkg repeatly with option --force-removal-of-dependent-packages
2edcfad libopkg: set 'const' attribute for argv

This should fix the CI error in the packages repository, which happens with perl.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e21fea9289)
2022-07-17 15:15:11 +02:00
Christian Lamparter
479890083d firmware: intel-microcode: update to 20220510
Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>:

 * New upstream microcode datafile 20220419
  * Fixes errata APLI-11 in Atom E3900 series processors
  * Updated Microcodes:
    sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384

 * New upstream microcode datafile 20220510
  * Fixes INTEL-SA-000617, CVE-2022-21151:
    Processor optimization removal or modification of security-critical
    code may allow an authenticated user to potentially enable information
    disclosure via local access (closes: #1010947)
  * Fixes several errata (functional issues) on Xeon Scalable, Atom C3000,
    Atom E3900
  * New Microcodes:
    sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
    sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
    sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
  * Updated Microcodes:
    sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224
    sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496
    sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816
    sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008
    sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888
    sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888
    sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696
    sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408
    sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568
    sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264
    sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912
    sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776
    sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776
    sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640
    sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816
    sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568
    sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280
    sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400
    sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472
    sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472
    sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480
    sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480
    sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544
    sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
    sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
    sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448
    sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256
    sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280
    sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256
    sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256
    sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256
    sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 2747a94f09)
2022-07-17 14:28:31 +02:00
Dustin Lundquist
c5ee4b7863 openssl: bump to 1.1.1q
Changes between 1.1.1p and 1.1.1q [5 Jul 2022]

  *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
     implementation would not encrypt the entirety of the data under some
     circumstances.  This could reveal sixteen bytes of data that was
     preexisting in the memory that wasn't written.  In the special case of
     "in place" encryption, sixteen bytes of the plaintext would be revealed.

     Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
     they are both unaffected.
     (CVE-2022-2097)
     [Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]

Signed-off-by: Dustin Lundquist <dustin@null-ptr.net>
(cherry picked from commit 3899f68b54)
2022-07-17 14:28:31 +02:00
Eneas U de Queiroz
ade7c6db1e
wolfssl: bump to 5.4.0
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.

The patch fixing x86 aesni build has been merged upstream.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 9710fe70a6)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-07-16 22:26:51 +02:00
Eneas U de Queiroz
4fb05e45df
wolfssl: re-enable AES-NI by default for x86_64
Apply an upstream patch that removes unnecessary CFLAGs, avoiding
generation of incompatible code.

Commit 0bd5367233 is reverted so the
accelerated version builds by default on x86_64.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 639419ec4f)
2022-07-15 07:03:31 +02:00
Felix Fietkau
ec9f82fa18 mac80211: fix AQL issue with multicast traffic
Exclude multicast from pending AQL budget

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 9f1d622328)
2022-07-13 10:36:16 +02:00
Hauke Mehrtens
f854de6ada OpenWrt v22.03.0-rc5: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-07-06 23:01:51 +02:00
Hauke Mehrtens
0345c613ba OpenWrt v22.03.0-rc5: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-07-06 23:01:47 +02:00
Andre Heider
5c7aed8b1e openssl: bump to 1.1.1p
Changes between 1.1.1o and 1.1.1p [21 Jun 2022]

  *) In addition to the c_rehash shell command injection identified in
     CVE-2022-1292, further bugs where the c_rehash script does not
     properly sanitise shell metacharacters to prevent command injection have been
     fixed.

     When the CVE-2022-1292 was fixed it was not discovered that there
     are other places in the script where the file names of certificates
     being hashed were possibly passed to a command executed through the shell.

     This script is distributed by some operating systems in a manner where
     it is automatically executed.  On such operating systems, an attacker
     could execute arbitrary commands with the privileges of the script.

     Use of the c_rehash script is considered obsolete and should be replaced
     by the OpenSSL rehash command line tool.
     (CVE-2022-2068)
     [Daniel Fiala, Tomáš Mráz]

  *) When OpenSSL TLS client is connecting without any supported elliptic
     curves and TLS-1.3 protocol is disabled the connection will no longer fail
     if a ciphersuite that does not use a key exchange based on elliptic
     curves can be negotiated.
     [Tomáš Mráz]

Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit eb7d2abbf0)
2022-07-04 23:40:43 +02:00
Daniel Golle
fa56db5ccc
uboot-mediatek: update UniFi 6 LR board name
Select matching U-Boot for both v1 and v2 variants.

Fixes: 15a02471bb ("mediatek: new target mt7622-ubnt-unifi-6-lr-v1")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2caa03ec86)
2022-07-04 19:58:08 +01:00
Felix Fietkau
fcd62930f7 mt76: update to the latest version
93e3fce916c6 mt76: pass original queue id from __mt76_tx_queue_skb to the driver

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 06d0cc2fb3)
2022-07-03 19:25:44 +02:00
Felix Fietkau
32e9095662 mt76: update to the latest version
c07f45927839 firmware: update mt7622 firmware to version 20220630
af406a2d1c36 mt76: do not use skb_set_queue_mapping for internal purposes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8e90abb396)
2022-07-02 17:00:23 +02:00
Felix Fietkau
a3946a7cd1 mac80211: fix mesh queue selection issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 51e9d496ba)
2022-07-02 16:57:30 +02:00
Robert Marko
3e38bd1353 ipq-wifi: remove packaged BDF-s for MikroTik devices
Since we now provide the BDF-s for MikroTik IPQ40xx devices on the fly,
there is noneed to include package and ship them like we do now.

This also resolves the performance issues that happen as MikroTik
changes the boards and ships them under the same revision but they
actually ship with and require a different BDF.

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit ab141a6e2c)
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2022-07-01 12:46:45 +02:00
Robert Marko
02cfd1f5a8 mac80211: ath10k: backport bus and device specific API 1 BDF selection
Some ath10k IPQ40xx devices like the MikroTik hAP ac2 and ac3 require the
BDF-s to be extracted from the device storage instead of shipping packaged
API 2 BDF-s.

This is required as MikroTik has started shipping boards that require BDF-s
to be updated, as otherwise their WLAN performance really suffers.
This is however impossible as the devices that require this are release under
the same revision and its not possible to differentiate them from devices
using the older BDF-s.

In OpenWrt we are extracting the calibration data during runtime and we are
able to extract the BDF-s in the same manner, however we cannot package the
BDF-s to API 2 format on the fly and can only use API 1 to provide BDF-s on
the fly.
This is an issue as the ath10k driver explicitly looks only for the board.bin
file and not for something like board-bus-device.bin like it does for pre-cal
data.
Due to this we have no way of providing correct BDF-s on the fly, so lets
extend the ath10k driver to first look for BDF-s in the board-bus-device.bin
format, for example: board-ahb-a800000.wifi.bin
If that fails, look for the default board file name as defined previously.

So, backport the upstream ath10k patch.

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 3daf2d477e)
[prune unrelated patch refreshes]
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2022-07-01 12:46:45 +02:00
Robert Marko
52a64755fc ath10k-ct: update to 2022-05-13
Update ath10k-ct to the latest version which includes the backported
ath10k commit for requesting API 1 BDF-s with a unique name like caldata.

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit ab97b2a25d)
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2022-07-01 12:46:45 +02:00
Stijn Tintel
1edf306b31 firewall4: bump to git HEAD
11f5c7b fw4.uc: fix zone helper assignment
  b9d35ff fw4.uc: don't skip zone for unavailable helper
  e35e26b tests: add test for zone helpers
  a063317 ruleset: fix conntrack helpers
  e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps
  11410b8 ruleset: reorder declarations & output tweaks
  880dd31 fw4: fix skipping invalid IPv6 ipset entries
  5994466 fw4: simplify `is_loopback_dev()`
  53886e5 fw4: fix crash in parse_cthelper() if no helpers are present
  11256ff fw4: add support for configurable includes
  3b5a033 tests: add test coverage for firewall includes
  d79911c fw4: support sets with timeout capability but without default expiry
  15c3831 fw4: add support for `option log` in rule and redirect sections

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit e8433fb433)
2022-07-01 13:45:18 +03:00
Etienne Champetier
fb3b927643 iptables: default to ip(6)tables-nft
OpenWrt now uses firewall4 (nft) by default,
so iptables should also default to nftables backend.

When multiple packages provide the same virtual package,
opkg pick the first one by alphabetical order,
so we rename iptables-legacy to iptables-zz-legacy and add
iptables-legacy in PROVIDES.

We also need to remove IPTABLES_NFTABLES config as
this cause recursive dependencies.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 35fec487e3)
2022-06-29 22:39:56 +02:00
Konstantin Demin
d8d8b82c59 dropbear: cherry-pick upstream commit 544f28a0
Resolves #10081

Reported-By: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit f98bb1ffe5)
2022-06-27 22:34:07 +02:00
Eneas U de Queiroz
f91b0d7a92 wolfssl: disable AES-NI by default for x86_64
WolfSSL is crashing with an illegal opcode in some x86_64 CPUs that have
AES instructions but lack other extensions that are used by WolfSSL
when AES-NI is enabled.

Disable the option by default for now until the issue is properly fixed.
People can enable them in a custom build if they are sure it will work
for them.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0bd5367233)
2022-06-27 22:34:07 +02:00
Florian Fainelli
d989124c02 broadcom-wl: Fix compilation with kernel 5.10
This adds a few fixes for compiling against Linux 5.10:

1. segment_eq() has been removed with upstream commit
   428e2976a5bf7e7f5554286d7a5a33b8147b106a ("uaccess: remove
   segment_eq") and can use uaccess_kernel() instead
2. ioremap_nocache() is removed and is now an alias for ioremap() with
   upstream commit 4bdc0d676a643140bdf17dbf7eafedee3d496a3c ("remove
   ioremap_nocache and devm_ioremap_nocache")

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit cd3de51bb4)
2022-06-27 22:34:05 +02:00
Alin Nastac
d8f8c78d96 464xlat: delete SNATed conntracks on interface teardown
Existing conntracks will continue to be SNATed to 192.0.0.1 even after
464xlat interface gets teared down. To prevent this, matching
conntracks must be killed.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit 289c46869b)
2022-06-27 19:54:13 +02:00
Stijn Tintel
267f86a7b2 wireless-regdb: bump to 2022.06.06
902b321 wireless-regdb: Update regulatory rules for Israel (IL)
  20f6f34 wireless-regdb: add missing spaces for US S1G rules
  25652b6 wireless-regdb: Update regulatory rules for Australia (AU)
  081873f wireless-regdb: update regulatory database based on preceding changes
  166fbdd wireless-regdb: add db files missing from previous commit
  e3f03f9 Regulatory update for 6 GHz operation in Canada (CA)
  888da5f Regulatory update for 6 GHz operation in United States (US)
  647bcaa Regulatory update for 6 GHz operation in FI
  c6b079d wireless-regdb: update regulatory rules for Bulgaria (BG) on 6GHz
  2ed39be wireless-regdb: Remove AUTO-BW from 6 GHz rules
  7a6ad1a wireless-regdb: Unify 6 GHz rules for EU contries
  68a8f2f wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit e3e9eb31a2)
2022-06-27 19:54:12 +02:00
Felix Fietkau
08e1812900 mac80211: increase airtime scheduler quantum
improves performance by requiring fewer iterations over tx queues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 7bf5233a2a)
2022-06-27 09:25:08 +02:00
Felix Fietkau
aab535d2bb mac80211: add airtime fairness improvements
This reverts the airtime scheduler back from the virtual-time based scheduler
to the deficit round robin scheduler implementation.
This reduces burstiness and improves fairness by improving interaction with AQL.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 6d49a25804)
2022-06-27 09:25:08 +02:00
Florian Eckert
8a3fb45722 netfilter: kmod-nft-xfrm
Add kmod-nft-xfrm package.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 9379bc2fcf)
2022-06-25 00:05:21 +02:00
Leo Soares
43fd8f4aba libusb: fix missing link
adds `libusb-1.0.so` link on the target root again.

Fixes: 43539a6aab ("libusb: make InstallDev explicit")
Signed-off-by: Leo Soares <leo@hyper.ag>
(added fixed tag, reworded commit)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit dc59a22f1d)
2022-06-25 00:05:21 +02:00
Felix Fietkau
f608779f92 mt76: update to the latest version
65042bfd759c mt76: mt7915: introduce 802.11ax multi-bss support
e756ea3bd069 mt76: fix wrong HE data rate in sniffer tool
47b64131e820 mt76: mt7921: don't enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set
7a05f4628e76 mt76: fix monitor rx FCS error in DFS channel
104dd5cb0a40 mt76: mt7915: fix DBDC default band selection on MT7915D
a7805e4e1d58 mt76: reduce tx queue lock hold time
0b1deb9292cd mt76: dma: use kzalloc instead of devm_kzalloc for txwi
2e51013b38c9 mt76: dma: reduce lock contention in mt76_dma_tx_cleanup
c96fbb86f7e5 mt76: mt7915: rework hardware/phy initialization
c2bb44cab51e mt76: mt7915: accept rx frames with non-standard VHT MCS10-11
36c23a4a8422 mt76: mt7921: accept rx frames with non-standard VHT MCS10-11
5b7dd093c8f0 mt76: fix use-after-free by removing a non-RCU wcid pointer
c692aacb9bde mt76: fix MBSS index condition in DBDC mode
fd6541905aa4 mt76: mt7921u: add suspend/resume support
201b33cf42c2 mt76: mt7921: rely on mt76_dev rxfilter in mt7921_configure_filter
9666c08228e7 mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter
1442710d7936 mt76: mt7915: always call mt7915_wfsys_reset() during init
ec4d9b9e8b70 mt76: mt7915: fix unbounded shift in mt7915_mcu_beacon_mbss
6b1efcd72946 mt76: mt7915: fix wfsys reset regression
376ea8152b2b mt76: mt7915: add missing chunk from wfsys reset fix
eed44048ca57 Revert "mt76: dma: reduce lock contention in mt76_dma_tx_cleanup"
5beb87716e70 mt76: dma: add wrapper macro for accessing queue registers
e0bc736d5617 mt76: add support for overriding the device used for DMA mapping
b8c842daa081 mt76: make number of tokens configurable dynamically
87a962e0608f mt76: mt7915: add Wireless Ethernet Dispatch support
2accb74e6be3 mt76: mt7915: fix using null pointer when wfsys on
e5227f2f3120 mt76: mt7921: Fix the error handling path of mt7921_pci_probe()
ec0e9f4da32f mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup
5a87be892ba7 mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector
fe441e5d3dcf mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set
f3ddfe886283 mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate
2a0d370cb5fe mt76: mt7915: use 0xff to initialize bitrate_mask in mt7915_init_bitrate_mask
506bb0605e3e mt76: mt7921: Add AP mode support
d4937118ec4f mt76: fix rx reordering with non explicit / psmp ack policy
f50672518bcc mt76: do not attempt to reorder received 802.3 packets without agg session
75e046e3c9ae mt76: fix antenna config missing in 6G cap
64ede85f14b5 mt76: mt7915: remove SCS feature
db0a67582028 mt76: mt7915: make read-only array ppet16_ppet8_ru3_ru0 static const
68a2f68d5c01 mt76: mt7921: make read-only array ppet16_ppet8_ru3_ru0 static const
1e7b77294e97 mt76: mt7921: fix kernel crash at mt7921_pci_remove
795830a99a6c mt76: mt7915: add debugfs knob for RF registers read/write
60a8ec12a8eb mt76: mt7603: move spin_lock_bh() to spin_lock()
5ec7a2eac867 mt76: mt7915: disable RX_HDR_TRANS_SHORT
eecbb4992073 mt76: fix encap offload ethernet type check
a666d5637bc3 mt76: fix tx status related use-after-free race on station removal
6da21a0b7280 linux-firmware: update firmware for MT7921 WiFi device
4876688c41dc linux-firmware: update firmware for MT7915
79b1b86040de linux-firmware: add firmware for MT7986
784c27b159b9 linux-firmware: add firmware for MT7922
079e41dc71a1 mt76: mt7915: configure soc clocks in mt7986_wmac_init
747c70fc6c89 mt76: connac: use skb_put_data instead of open coding
e98f58815018 mt76: mt7915: update mt7986 patch in mt7986_wmac_adie_patch_7976()
b7104b4b2f2d mt76: mt7915: fix twt table_mask to u16 in mt7915_dev
d39368f336ee mt76: mt7915: reject duplicated twt flows
4718ed04a655 mt76: mt7915: limit minimum twt duration
84319691b742 mt76: mt7915: reowrk SER debugfs knob
bac5f22365a2 mt76: mt7915: introduce mt7915_mac_severe_check()
81524067686c mt76: mt7915: move MT_INT_MASK_CSR to init.c
2b7f5e85290e mt76: mt7915: add support for 6G in-band discovery
31273183ea0a mt76: mt7615/mt7915: do reset_work with mt76's work queue
bb54f5e1c115 mt76: mt7915: improve error handling for fw_debug knobs
838529da6470 mt76: mt7915: add more statistics from fw_util debugfs knobs
3a65deb93737 mt76: add gfp to mt76_mcu_msg_alloc signature
8e87669eefcf mt76: mt7921: add ipv6 NS offload support
e1b2c18eee29 mt76: mt7915: fix endianness in mt7915_rf_regval_get
0742eaeafee2 mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
d299ad96d867 mt76: mt7915: fix endian bug in mt7915_rf_regval_set()
380eac6f31ec mt76: add 6 GHz band support in mt76_sar_freq_ranges
268ce38e9e36 mt76: mt7921: introduce ACPI SAR support
8c27300b4271 mt76: mt7921: introduce ACPI SAR config in tx power
54b6504a3ef8 mt76: mt7915: add more ethtool stats
cdd66d642977 mt76: add DBDC rxq handlings into mac_reset_work
b284684f5cba mt76: mt7921: add PATCH_FINISH_REQ cmd response handling
f8b9be4287cc mt76: mt7921s: fix firmware download random fail
28b19d2cc53f mt76: mt7915: add missing bh-disable around tx napi enable/schedule
1d8af168e86f mt76: mt7615: add missing bh-disable around rx napi enable/schedule
4554ee652caf mt76: mt7921: fix warning Using plain integer as NULL pointer
a3f1d6ccf3ca mt76: mt7921: add missing bh-disable around rx napi schedule
9aeca2a5ce47 mt76: mt7921: get rid of mt7921_mcu_exit
fee8a5911c76 mt76: connac: move shared fw structures in connac module
db4d784ae7ba mt76: mt7921: move fw toggle in mt7921_load_firmware
16ab6bf49556 mt76: connac: move mt76_connac2_load_ram in connac module
29fd748801c6 mt76: connac: move mt76_connac2_load_patch in connac module
051c68d18214 mt76: mt7663: rely on mt76_connac2_fw_trailer
d6ae3505ac6c mt76: enable the VHT extended NSS BW feature
488a5ccc9762 mt76: mt7921: rely on mt76_dev in mt7921_mac_write_txwi signature
934029bb93e2 mt76: mt7915: rely on mt76_dev in mt7915_mac_write_txwi signature
ecefae4c7d72 mt76: connac: move mac connac2 defs in mt76_connac2_mac.h
b5eecc841df8 mt76: connac: move connac2_mac_write_txwi in mt76_connac module
012e619a07b9 mt76: connac: move mt76_connac2_mac_add_txs_skb in connac module
1b492be795ea mt76: mt7921: not support beacon offload disable command
f1f46d3b4b19 mt76: mt7921: fix command timeout in AP stop period
cae61112ef1d mt76: connac: move HE radiotap parsing in connac module
487674062643 mt76: connac: move mt76_connac2_reverse_frag0_hdr_trans in mt76-connac module
649bdc4983c4 mt76: connac: move mt76_connac2_mac_fill_rx_rate in connac module
cb75aaa39252 mt76: mt7921s: remove unnecessary goto in mt7921s_mcu_drv_pmctrl
e0eaf66eaebb mt76: mt7615: do not update pm stats in case of error
f8d125b4ea30 mt76: mt7921: do not update pm states in case of error
6329a834907e mt76: mt7921s: fix possible sdio deadlock in command fail
8a04f1b04662 mt76: mt7921: fix aggregation subframes setting to HE max
e52283439094 mt76: mt7915: disable UL MU-MIMO for mt7915
fd3958970e3d mt76: mt7921: enlarge maximum VHT MPDU length to 11454
18df38fe77f7 mt76: mt7915: get rid of unnecessary new line in mt7915_mac_write_txwi
149e95f5d7a6 mt76: connac: move mt76_connac_fw_txp in common module
899d192e8a79 mt76: move mt7615_txp_ptr in mt76_connac module
7184f0a6f6a5 mt76: connac: move mt76_connac_tx_free in shared code
c42d45278fa5 mt76: connac: move mt76_connac_tx_complete_skb in shared code
0993f4ef96f8 mt76: connac: move mt76_connac_write_hw_txp in shared code
467960fab791 mt76: connac: move mt7615_txp_skb_unmap in common code
2e758064b085 mt76: mt7915: rely on mt76_connac_tx_free
2065a7901671 mt76: move mcu_txd/mcu_rxd structures in shared code
576c1b7c472b mt76: move mt76_connac2_mcu_fill_message in mt76_connac module
7275f7758090 mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx
1696f9eb8b40 mt76: mt7915: do not copy ieee80211_ops pointer in mt7915_mmio_probe
a4db5869d660 mt76: mt7915: update mpdu density in 6g capability
500c18014d95 mt76: mt7915: add sta_rec with EXTRA_INFO_NEW for the first time only
3ef66fc7c714 mt76: do not check the ccmp pn for ONLY_MONITOR frame
dd682eead016 mt76: mt7915: update the maximum size of beacon offload
4fb991f2c997 mt76: mt7615: add sta_rec with EXTRA_INFO_NEW for the first time only
ba39ed3b44f1 mt76: mt76x02: improve reliability of the beacon hang check
fd8211cf7c59 mt76: mt7921: sync with updated patch
f2edd340ddb4 mt76: allow receiving frames with invalid CCMP PN via monitor interfaces
b6e865e2cc70 mt76: mt7615: fix throughput regression on DFS channels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 29ed58c8be)
2022-06-24 23:09:34 +02:00
David Bauer
618ab576be base-files: allow ignoring minor compat-version check
Downstream projects might re-generate device-specific configuration
based on OpenWrt's defaults on each upgrade, thus being unaffected by
forward- as well as backwards-breaking configuration.

Add a new sysupgrade parameter, which allows sysupgrades between minor
compat-versions. Upgrades will still fail upon mismatching major compat
versions.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 34437af888)
2022-06-23 00:32:16 +02:00
David Bauer
76c5c95d94 Revert "mac80211: add a bug fix for a rare crash"
This reverts commit 33df033b73.

It was reported this commit breaks 802.11s mesh connections, failing
link establishment.

Reported-by: Andreas Ziegler <dev@andreas-ziegler.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
2022-06-18 22:18:19 +02:00
David Bauer
f393581f66 hostapd: add owe_transition_ifname
Add the owe_transition_ifname config option to wifi-ifaces.

This allows to configure OWE transition VAPs without adding SSID / BSSID
to the uci conifg but instead autodiscovering these parameters from
other networks on the same PHY.

The following configuration creates a OWE transition mode network
constellation.

config wifi-iface 'open0'
	option device 'radio0'
	option ifname 'open0'
	option network 'lan'
	option mode 'ap'
	option ssid 'FreeNet'
	option encryption 'none'
	option owe_transition_ifname 'owe0'

config wifi-iface 'owe0'
	option device 'radio0'
	option ifname 'owe0'
	option network 'lan'
	option mode 'ap'
	option ssid 'owe_tm.FreeNet'
	option encryption 'owe'
	option hidden '1'
	option owe_transition_ifname 'open0'

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 574539ee2c)
2022-06-16 11:08:02 +02:00
Josef Schlehofer
3a02b8a29f uboot-mvebu: update to version v2022.04
Release announcement:
https://lore.kernel.org/u-boot/20220404143253.GQ14476@bill-the-cat/

Release notes between tags:
https://source.denx.de/u-boot/u-boot/-/compare/v2022.01...v2022.04?from_project_id=531

All patches were removed, since they are included in this release.

Run tested: Turris Omnia, mvebu/cortex-a9, OpenWrt daily snapshots

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 4f51f1fc9b)
2022-06-14 21:41:35 +02:00
Josef Schlehofer
b65e4d7c5f uboot-mvebu: remove enabled CONFIG_CMD_SETEXPR
We don't need to make sure that we want to have enabled
CONFIG_CMD_SETEXPR by default, since this is already done in U-boot [1].
This was actually needed only for clearfog board [2], which was added in
commit: da0005a6d08ae33d958a6d8a6c0c12dc07b5b2b8 ("uboot-mvebu: add
patch to enable setexpr for clearfog boards) and send to U-boot to fix
it properly. After a while, there was added support for Turris Omnia,
which uses setexpr as well [3], but for this board, there are no fixes
needed in U-boot and that's why we can remove this option here.

It is helpful with shell scripting. If some downstream distributions are
using it, they should correct it in defconfig for related boards.

[1] e95afa5675/cmd/Kconfig (L1504)

[2] 852126680e/target/linux/mvebu/image/clearfog.bootscript (L7)

[3] 852126680e/target/linux/mvebu/image/turris-omnia.bootscript (L2)

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 69cef74c67)
2022-06-14 21:41:35 +02:00
Josef Schlehofer
68a6d7aaab uboot-mvebu: add patch to enable setexpr for clearfog boards
Option CMD_SETEXPR is already default in U-boot [1], since this was
disabled since initial version for this board, there is send this
	patch to U-boot mailing list to enable it.

It is required to use in OpenWrt bootscript for these boards [2].

[1] e95afa5675/cmd/Kconfig (L1504)

[2] 852126680e/target/linux/mvebu/image/clearfog.bootscript (L7)

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit b3c2072504)
2022-06-14 21:41:35 +02:00
Xu Wang
3cfe050c4a kernel: crypto: add kmod-crypto-chacha20poly1305
Needed by strongSwan IPsec VPN for strongswan-mod-chapoly. Not to be confused with
kmod-crypto-LIB-chacha20poly1305, which is an 8-byte nonce version used
by wireguard.

Signed-off-by: Xu Wang <xwang1498@gmx.com>
(cherry picked from commit 197b672c40)
2022-06-11 16:04:40 +03:00
Hauke Mehrtens
d5f911e68f OpenWrt v22.03.0-rc4: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-06-10 21:37:09 +02:00
Hauke Mehrtens
677e3c18fe OpenWrt v22.03.0-rc4: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-06-10 21:36:53 +02:00
Eneas U de Queiroz
3b90edaff9 wolfssl: make WOLFSSL_HAS_OPENVPN default to y
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y.  When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it.  Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y.  This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.

Fixes: #9738

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-06-09 02:53:00 +02:00
Eneas U de Queiroz
fe9c4593b5 wolfssl: enable CPU crypto instructions
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures.  Add this to the hardware acceleration choice, since they
can't be enabled at the same time.

The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them.  There is no run-time detection of this for arm.

NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0a2edc2714)
2022-06-09 00:06:55 +02:00
Eneas U de Queiroz
50b6f5604b wolfssl: add benchmark utility
This packages the wolfssl benchmark utility.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 18fd12edb8)
2022-06-09 00:06:55 +02:00
Eneas U de Queiroz
f4b7541b22 wolfssl: don't change ABI because of hw crypto
Enabling different hardware crypto acceleration should not change the
library ABI.  Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 677774d445)
2022-06-09 00:06:55 +02:00
John Audia
0ca9367069 kernel: bump 5.10 to 5.10.119
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.

Build system: x86_64
Build-tested: ipq806x/R7800, x86/64

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit cd634afe6c)
2022-06-07 22:28:59 +02:00
Rosen Penev
b24c301709 ksmbd: update to 3.4.5
Major changes are:

Add support for smbd-direct multi-desctriptor.
Add support for dkms.
Add support for key exchange.
Fix seveal bugs.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 95adbc24e7)
2022-06-07 22:28:59 +02:00
Felix Fietkau
33df033b73 mac80211: add a bug fix for a rare crash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 9a93b62f31)
2022-06-07 22:28:59 +02:00
Petr Štetiar
d04a947b6b uboot-imx: fix wrong make flags overriding
Buidbots are currently choking on the following compile error:

 In file included from tools/aisimage.c:9:
 include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
  #  include <openssl/evp.h>
             ^~~~~~~~~~~~~~~
 compilation terminated.

This is caused by a complete overriding of make flags which are provided
correctly in `UBOOT_MAKE_FLAGS` variable, but currently overriden
instead of extended. This then leads to the usage of build host include
dirs, which are not available.

Fix it by extending `UBOOT_MAKE_FLAGS` variable in all device recipes.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 481339a042)
2022-06-07 22:28:59 +02:00
Felix Fietkau
fe04b41d70 libubox: update to the latest version
f2d6752901f2 blob: clear buf->head when freeing a buffer
45210ce14136 list.h: add container_of_safe macro
cfa372ff8aed blobmsg: implicitly reserve space for 0-terminator in string buf alloc
d2223ef9da71 blobmsg: work around false positive gcc -Warray-bounds warnings

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3e300e724b)
2022-06-07 21:36:58 +02:00
Jan Hoffmann
9c0f94e955 ltq-vdsl-app: disconnect when service is stopped
Stop the connection when the control daemon is terminated. The code is
a modified version of the termination routine in version 4.23.1 of the
daemon (which doesn't support VR9 modems anymore).

This could also be implemented by calling the acos and acs commands via
dsl_cpe_pipe.sh in the init script. However, doing it in the daemon
itself has the advantage of also working if it is terminated in another
way (for example during sysupgrade).

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit 1daaef31b3)
2022-06-07 21:36:58 +02:00
Jan Hoffmann
8f4b5fdd5f ltq-vdsl/ltq-adsl: fix elapsed time calculation
The driver maintains elapsed times by repeatedly accumulating the time
since the previous update in a loop. For the elapsed showtime time, the
time difference is truncated to seconds before adding it, leading to a
sizable error over time.

Move the truncation to before calculation of the time difference in
order to remove this error. Also maintain the total elapsed time in the
same way in full seconds, to prevent the unsigned 32-bit counter from
wrapping around after about 50 days.

Testing on a VR9 device shows that the reported line uptime now matches
the actual elapsed wall time. The ADSL variant is only compile-tested,
but it should also work as the relevant code is identical.

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit db4bf4b968)
2022-06-07 21:36:58 +02:00
Jan Hoffmann
ea0744fbc6 ltq-atm/ltq-ptm: avoid unnecessary build dependencies
Right now, both ltq-adsl-mei and ltq-vdsl-mei are always built, even
when they aren't necessary for the selected variant. This can cause the
build to fail, for example ltq-vdsl-mei doesn't build successfully here
on xway target due to the vectoring callback.

Make these dependencies conditional on the specific package variants,
so they are only built when actually needed.

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit 2f484aeff5)
2022-06-07 21:36:58 +02:00
Jan Hoffmann
290c13b7d7 ltq-vdsl-mei: add locking to interrupt handler
Some users noticed repeated resyncs at random intervals, which go away
when the MEI driver is configured to use polling instead of interrupts.
Debugging shows that this seems to be caused by concurrent calls to
MEI_ReadMailbox (in the interrupt handler) and MEI_WriteMailbox. This
appears to be mostly triggered when there is an interrupt for vectoring
error reports.

In polling mode, calls to MEI_ReadMailbox are protected by the same
semaphore as is used in MEI_WriteMailbox. When interrupts are used,
MEI_WriteMailbox appears to rely on MEI_DisableDeviceInt and
MEI_EnableDeviceInt to provide mutual exclusion with the interrupt
handler. These functions mask/unmask interrupts, and there is an
additional check of the mask in the interrupt handler itself. However,
this is not sufficient on systems with SMP, as the interrupt handler
may be running in parallel, and could already be past the interrupt
mask check at this point.

This adds a lock to the interrupt handler, and also acquires this lock
in MEI_DisableDeviceInt. This should make sure that after a call to
MEI_DisableDeviceInt the interrupt is masked, and the interrupt handler
is either not running, has alread finished its work, or is still before
the interrupt mask check, and is thus going to detect the change.

Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit 1700424553)
2022-06-07 21:36:58 +02:00
Jan Hoffmann
d0397abd9d ltq-vdsl-app: set MAC address for vectoring error reports
This tells the modem about the WAN MAC address, which is used as source
address for vectoring error reports that are generated by the firmware.

It needs to be set early, as the MEI driver only actually writes the
value to the modem when is in reset state (i.e. the firmware has been
loaded, but connection has not started yet).

Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit b35d33c8b8)
2022-06-07 21:36:58 +02:00
Jan Hoffmann
642d6c0c6d ltq-vdsl-mei: enable vectoring error sample callback
This re-enables the vectoring error sample callback and adds a
dependency to the corresponding driver.

Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit 93f0e1f922)
2022-06-07 21:36:58 +02:00
Jan Hoffmann
e56836dfc1 ltq-vectoring: add driver
In order to calculate the required pre-distortion for downstream
vectoring, the vectoring control entity (VCE) at the carrier office
needs error samples from the modem. On Lantiq VR9 modems, error reports
are generated by the firmware, but need to be multiplexed into the data
stream by the driver on the main processor when L2 encapsulation is
selected by the VCE.

This driver provides the necessary callback function, which is called by
the MEI driver after receiving an error report from the firmware.

Originally, it is part of the Lantiq PPA driver, but after a few changes
it also works with the PTM driver used in OpenWrt. The direct call to
ndo_start_xmit needs to be replaced, as the PTM driver relies on locks
from the kernel. Instead dev_queue_xmit is used, which is called from a
work queue, as it is not safe to call from an interrupt handler.

Additional changes include fixes to support recent kernel versions and
a change of the used interface from ptm0 to dsl0.

Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit f872b96609)
2022-06-07 21:36:58 +02:00
Arınç ÜNAL
638220bfee packages: nvram: add NVRAM quirks for bcm53xx target
Add NVRAM quirks script for the bcm53xx target. Split NVRAM quirks for the
bcm47xx and bcm53xx targets. Move clear partialboot NVRAM quirk for Linksys
EA9500 here. Add set wireless LED behaviour quirk for Asus RT-AC88U.

Use boot() instead of start() as nvram commands are meant to be executed
only once, at boot.

Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit f4e219fd5e)
2022-06-07 16:18:20 +02:00
Raylynn Knight
ee4a765090 realtek: add support for ZyXEL GS1900-24E
The ZyXEL GS1900-24E is a 24 port gigabit switch similar to other GS1900
switches.

Specifications
--------------
* Device:    ZyXEL GS1900-24E
* SoC:       Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash:     16 MiB Macronix MX25L12835F
* RAM:       128 MiB DDR2 SDRAM Nanya NT5TU128M8GE
* Ethernet:  24x 10/100/1000 Mbps
* LEDs:      1 PWR LED (green, not configurable)
             1 SYS LED (green, configurable)
             24 ethernet port link/activity LEDs (green, SoC controlled)
* Buttons:   1 "RESET" button on front panel
* Switch:    1 Power switch on rear of device
* Power      120-240V AC C13
* UART:      1 serial header (JP2) with populated standard pin connector on
             the left side of the PCB.
             Pinout (front to back):
             + Pin 1 - VCC marked with white dot
             + Pin 2 - RX
             + Pin 3 - TX
             + PIn 4 - GND

Serial connection parameters:  115200 8N1.

Installation
------------

OEM upgrade method:

* Log in to OEM management web interface
* Navigate to Maintenance > Firmware
* Select the HTTP radio button
* Select the Active radio button
* Use the browse button to locate the
realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin
file and select open so File Path is updated with filename.
* Select the Apply button. Screen will display "Prepare
for firmware upgrade ...".
*Wait until screen shows "Do you really want to reboot?"
then select the OK button
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
   > sysupgrade -n /tmp/realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin
   it may be necessary to restart the network (/etc/init.d/network restart) on
   the running initramfs image.

U-Boot TFTP method:

* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
  space bar, and enable the network:
   > rtk network on
* Since the GS1900-24E is a dual-partition device, you want to keep the OEM
  firmware on the backup partition for the time being. OpenWrt can only boot
  from the first partition anyway (hardcoded in the DTS). To make sure we are
  manipulating the first partition, issue the following commands:
  > setsys bootpartition 0
  > savesys
* Download the image onto the device and boot from it:
   > tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin
   > bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
   > sysupgrade -n /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin
   it may be necessary to restart the network (/etc/init.d/network restart) on
   the running initramfs image.

Signed-off-by: Raylynn Knight <rayknight@me.com>
(cherry picked from commit b515ad10a6)
2022-06-06 11:05:29 +02:00
Daniel Golle
4afa65af8e
fstools: update to git HEAD
93369be Revert "fstools: remove SELinux restorecon hack"

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit b641dadc13)
2022-06-05 11:38:20 +01:00
Daniel Golle
0a47d52287 ubus: update to git HEAD
2f793a4 lua: add optional path filter to objects() method
 2bebf93 ubusd: handle invoke on event object without data

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 1521d5f453)
2022-06-05 11:38:12 +01:00
Daniel Golle
76b4b50bbe
netifd: update to git HEAD
2e1fcf4 netifd: fix hwmode for 60g band
 39ef9fe interface-ip: fix memory corruption bug when using jail network namespaces

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7eb83b2015)
2022-06-05 11:37:57 +01:00
Daniel Golle
19f287a7ca
procd: update to git HEAD
557c98e init: selinux: don't relabel virtual filesystems
 7a00968 init: only relabel rootfs if started from initramfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4cbc26b212)
2022-06-05 11:37:52 +01:00
Felix Fietkau
2ca8bccb00
netifd: update to the latest version
4b4849cf5e5a interface-ip: unify host and proto route handling
507c0513d176 interface-ip: add support for excluding interfaces in host route lookup

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 24cc341fdc)
2022-06-05 11:37:47 +01:00
Daniel Golle
002e05bf9f
uqmi: update to git HEAD
56cb2d4 nas: add decoding of cell_id
 9a9019a uqmi: wms - added storage to read text messages

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 51c442c265)
2022-06-05 11:35:37 +01:00
David Bauer
f765f2f114 ipq40xx: add Aruba AP-365 specific BDF
Aruba deploys a BDF in the root filesystem, however this matches the one
used for the DK04 reference board.

The board-specific BDFs are built into the kernel. The AP-365 shows
sinificant degraded performance with increased range when used with the
reference BDF.

Replace the BDF with the one extracted from Arubas kernel.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit b21b98627d)
2022-06-02 17:01:22 +02:00
Jo-Philipp Wich
dbd4c345fb firewall4: update to latest Git HEAD
210991d fw4: prefer /dev/stdin if available
4e5e322 fw4: make `fw4 restart` behavior more robust
221040e ruleset: emit time ranges when both start and stop times are specified
30a7d47 fw4: fix datetime parsing
fb9a6b2 ruleset: correct mangle_output chain type
6dd2617 fw4: fix logic flaw in testing hw flow offloading support
c7c9c84 fw4: ensure that negative bitcounts are properly translated
c4a78ed fw4: fix typo in emitted set types

Fixes: #9764, #9923, #9927, #9935, #9955
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit a7ddef6ef1)
2022-06-01 13:51:19 +02:00
Jo-Philipp Wich
dad1533030 ucode: update to latest Git HEAD
d996047 syntax: adjust number literal parsing and string to number conversion
9efbe18 lib: refactor `uc_int()`
da3f089 lib: rework uc_index() implementation
559029e ci: make jobs faster during pull request testing

Fixes: #9923
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commits 251e70c887 and
 7f998088f0)
2022-06-01 13:49:53 +02:00
Hauke Mehrtens
0ed3446bfc OpenWrt v22.03.0-rc3: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-05-27 12:09:52 +02:00
Hauke Mehrtens
f0e0bcba5e OpenWrt v22.03.0-rc3: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-05-27 12:09:29 +02:00
Jo-Philipp Wich
80baa60259 firewall4: update to latest Git HEAD
c22eeef fw4: support negative CIDR bit notation
628d791 hotplug: reliably handle interfaces with ubus zone hints
d005293 fw4: store zone associations from ubus in statefile as well
b268225 fw4: filter non hw-offload capable devices when resolving lower devices
57984e0 fw4: always resolve lower flowtable devices
7782017 tests: fix mocked `fd.read("line")` api
72b196d config: remove restictions on DHCPv6 allow rule
f0cc317 fw4: refactor family selection for forwarding rules
b0b8122 treewide: use modern syntax
05995f1 fw4: fix emitting device jump rules for family restricted zones
b479815 fw4: fix family auto-selection for config nat rules
2816a82 ruleset: ensure that family-agnostic ICMP rules cover ICMPv6 as well
2379c3d tests: add test coverage for zone family selection logic

Fixes: #5066, #9611, #9765, #9854
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 2df17604a4)
2022-05-20 20:08:24 +02:00
Jo-Philipp Wich
4575498276 ucode: update to latest Git HEAD
081871e compiler: fix segmentation fault on compiling unexpected unary expressions
090b426 fs: avoid input buffering with small limits in fs.readfile()
8da140f lib: introduce hexenc() and hexdec()
9a72423 Update README.md

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e2ce2a8d3c)
2022-05-20 20:08:19 +02:00
Eneas U de Queiroz
97a2012ecc openssl: bump to 1.1.1o
This release comes with a security fix related to c_rehash.  OpenWrt
does not ship or use it, so it was not affected by the bug.

There is a fix for a possible crash in ERR_load_strings() when
configured with no-err, which OpenWrt does by default.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7a5ddc0d06)
2022-05-17 23:15:46 +02:00
Eneas U de Queiroz
6f8db8fee3 wolfssl: bump to v5.3.0-stable
This is mostly a bug fix release, including two that were already
patched here:
- 300-fix-SSL_get_verify_result-regression.patch
- 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 73c1fe2890)
2022-05-17 23:15:46 +02:00
Rodrigo Balerdi
3aeb6e975f ipq806x: add support for Arris TR4400 v2 / RAC2V1A
Hardware specs:
  SoC: Qualcomm IPQ8065 (dual core Cortex-A15)
  RAM: 512 MB DDR3
  Flash: 256 MB NAND, 32 MB NOR
  WiFi: QCA9983 2.4 GHz, QCA9984 5 GHz
  Switch: QCA8337
  Ethernet: 5x 10/100/1000 Mbit/s
  USB: 1x USB 3.0 Type-A
  Buttons: WPS, Reset
  Power: 12 VDC, 2.5 A

Ethernet ports:
  1x WAN: connected to eth2
  4x LAN: connected via the switch to eth0 and eth1
          (eth0 is disabled in OEM firmware)

MAC addresses (OEM and OpenWrt):
  fw_env @ 0x00  d4🆎82:??:??:?a  LAN (eth1)
  fw_env @ 0x06  d4🆎82:??:??:?b  WAN (eth2)
  fw_env @ 0x0c  d4🆎82:??:??:?c  WLAN 2.4 GHz (ath1)
  fw_env @ 0x12  d4🆎82:??:??:?d  WLAN 5 GHz (ath0)
  fw_env @ 0x18  d4🆎82:??:??:?e  OEM usage unknown (eth0 in OpenWrt)

  OID d4🆎82 is registered to:
  ARRIS Group, Inc., 6450 Sequence Drive, San Diego CA 92121, US

More info:
  https://openwrt.org/inbox/toh/arris/tr4400_v2

IMPORTANT:

This port requires moving the 'fw_env' partition prior to first boot to
consolidate 70% of the usable space in flash into a contiguous partition.
'fw_env' contains factory-programmed MAC addresses, SSIDs, and passwords.
Its contents must be copied to 'rootfs_1' prior to booting via initramfs.
Note that the stock 'fw_env' partition  will be wiped during sysupgrade.

A writable 'stock_fw_env' partition pointing to the old, stock location
is included in the port to help rolling back this change if desired.

Installation:

- Requires serial access and a TFTP server.
- Fully boot stock, press ENTER, type in:
mtd erase /dev/mtd21
dd if=/dev/mtd22 bs=128K count=1 | mtd write - /dev/mtd21
umount /config && ubidetach -m 23 && mtd erase /dev/mtd23
- Reboot and interrupt U-Boot by pressing a key, type in:
set mtdids 'nand0=nand0'
set mtdparts 'mtdparts=nand0:155M@0x6500000(mtd_ubi)'
set bootcmd 'ubi part mtd_ubi && ubi read 0x44000000 kernel && bootm'
env save
- Setup TFTP server serving initramfs image as 'recovery.bin', type in:
set ipaddr 192.168.1.1
set serverip 192.168.1.2
tftpboot recovery.bin && bootm
- Use sysupgrade to install squashfs image.

This port is based on work done by AmadeusGhost <amadeus@jmu.edu.cn>.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
[add 5.15 changes for 0069-arm-boot-add-dts-files.patch]
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit f8b0010dfb)
2022-05-17 23:15:44 +02:00
Raylynn Knight
a11c3cde27 realtek: add support for ZyXEL GS1900-16
The ZyXEL GS1900-16 is a 16 port gigabit switch similar to other GS1900 switches.

Specifications
--------------
* Device:    ZyXEL GS1900-16
* SoC:       Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash:     16 MiB Macronix MX25L12835F
* RAM:       128 MiB DDR2 SDRAM Nanya NT5TU128M8HE
* Ethernet:  16x 10/100/1000 Mbps
* LEDs:      1 PWR LED (green, not configurable)
             1 SYS LED (green, configurable)
             16 ethernet port link/activity LEDs (green, SoC controlled)
* Buttons:   1 "RESET" button on front panel
* Power      120-240V AC C13
* UART:      1 serial header (J12) with populated standard pin connector on
             the right back of the PCB.
             Pinout (front to back):
             + Pin 1 - VCC marked with white dot
             + Pin 2 - RX
             + Pin 3 - TX
             + PIn 4 - GND

Serial connection parameters:  115200 8N1.

Installation
------------

OEM upgrade method:

* Log in to OEM management web interface
* Navigate to Maintenance > Firmware
* Select the HTTP radio button
* Select the Active radio button
* Use the browse button to locate the
realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin
file amd select open so File Path is update with filename.
* Select the Apply button. Screen will display "Prepare
for firmware upgrade ...".
*Wait until screen shows "Do you really want to reboot?"
then select the OK button
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
   > sysupgrade -n /tmp/realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin
   it may be necessary to restart the network (/etc/init.d/network restart) on
   the running initramfs image.

U-Boot TFTP method:

* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
  space bar, and enable the network:
   > rtk network on
* Since the GS1900-16 is a dual-partition device, you want to keep the OEM
  firmware on the backup partition for the time being. OpenWrt can only boot
  from the first partition anyway (hardcoded in the DTS). To make sure we are
  manipulating the first partition, issue the following commands:
  > setsys bootpartition 0
  > savesys
* Download the image onto the device and boot from it:
   > tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin
   > bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
   > sysupgrade -n /tmp/openwrt-realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin
   it may be necessary to restart the network (/etc/init.d/network restart) on
   the running initramfs image.

Signed-off-by: Raylynn Knight <rayknight@me.com>
[removed duplicate patch title, align RAM specification]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit 580723e86a)
2022-05-17 21:14:46 +02:00
Clemens Hopfer
d627ea510c ramips: add support for YunCore AX820/HWAP-AX820
There are two versions which are identical apart from the enclosure:
  YunCore AX820: indoor ceiling mount AP with integrated antennas
  YunCore HWAP-AX820: outdoor enclosure with external (N) connectors

Hardware specs:
  SoC: MediaTek MT7621DAT
  Flash: 16 MiB SPI NOR
  RAM: 128MiB (DDR3, integrated)
  WiFi: MT7905DAN+MT7975DN 2.4/5GHz 2T2R 802.11ax
  Ethernet: 10/100/1000 Mbps x2 (WAN/PoE+LAN)
  LED: Status (green)
  Button: Reset
  Power: 802.11af/at PoE; DC 12V,1A
  Antennas: AX820(indoor): 4dBi internal; HWAP-AX820(outdoor): external

Flash instructions:
  The "OpenWRT support" version of the AX820 comes with a LEDE-based
  firmware with proprietary MTK drivers and a luci webinterface and
  ssh accessible under 192.168.1.1 on LAN; user root, no password.
  The sysupgrade.bin can be flashed using luci or sysupgrade via ssh,
  you will have to force the upgrade due to a different factory name.
  Remember: Do *not* preserve factory configuration!

MAC addresses as used by OEM firmware:
  use   address            source
  2g    44:D1:FA:*:0b      Factory 0x0004 (label)
  5g    46:D1:FA:*:0b      LAA of 2g
  lan   44:D1:FA:*:0c      Factory 0xe000
  wan   44:D1:FA:*:0d      Factory 0xe000 + 1
The wan MAC can also be found in 0xe006 but is not used by OEM dtb.

Due to different MAC handling in mt76 the LAA derived from lan is used
for 2g to prevent duplicate MACs when creating multiple interfaces.

Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
(cherry picked from commit 4891b86538)
2022-05-17 21:14:23 +02:00
Christian Lamparter
144d9c4a43 uboot-fritz4040: Add support for Toshiba NAND
From Andreas Böhler:

"Some revisions of the FRITZ!7530 use a Toshiba NAND with 8 bit ECC
in contrast to the Macronix NAND with 4 bit ECC.".

Uboot needs to know this in order to have a chance to load from
the NAND.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 057bac2e1f)
2022-05-15 16:39:45 +02:00
Tiago Gaspar
5ff900e0ad firewall: config: remove restictions on DHCPv6 allow rule
Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.

Fixes: #5066

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 65258f5d60)
2022-05-04 15:28:41 +02:00
Daniel Golle
2ac5ee7f8a fstools: update to git HEAD
9e11b37 fstools: remove SELinux restorecon hack

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4509b790f0)
2022-05-03 20:32:48 +01:00
Daniel Golle
ffe12f8b48 procd: update to git HEAD
652e6df init: restore SELinux labels after policy is loaded

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit fb01111866)
2022-05-03 20:32:48 +01:00
Daniel Golle
0dc3ecf0da base-files: simplify restorecon logic
Remove forgotten redundant selinuxenabled call and skip the whole
thing in case $IPKG_INSTROOT is set as labels are anyway applied only
later on in fakeroot when squashfs is created.

Fixes: 6d7272852e ("base-files: add missing $IPKG_INSTROOT to restorecon call")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7b07c3cff5)
2022-05-03 20:32:48 +01:00
Dominick Grift
efc38b315e selinux-policy: update to version 1.1
try to clean up some labeling inconsistencies
iwinfo loose ends
ucode loose ends
Makefile: adjust mintesttgt (adds blockmount/blockd)
nftables: reads inherited netifd pipe
ucode: reads inherited netifd pipes
mountroot: fowner
sandbox: writes inherited dropbear pipes
unbound related to /tmp/etc/ssl
unbound loose ends
adds a sslconftmpfile for /tmp/etc/ssl
README: maintain a wish list in the README
iwinfo: netifd forgot write
gptfdisk loose ends
iwinfo: netifd wpad reads/writes inherited netifd fifo files
netifd (mac80211.sh) executes iwinfo
luci: executes wireguard
luci-cgi: audits xtables execute access
rcuhttpd: lists ssl certfile dirs
iwinfo, wifi,nftables usage of ttyd pty if available
urandomseed: seedrng needs cap_sys_admin
iwinfo iwinfo, nftables and some chronyd rules related to ntp nts server
nftables, wifi and adds iwinfo skel
nftables, rpcd, ucode
nftables, ucode and seedrng ucode, fw3/nftables, luci
adds ucode skel and some fw3/nftables related
urandomseed: some seedrng rules
fw3 adds some support for fw4
urandomseed: /etc/seedrng is for seed.credit
hotplugcal: runs ucode which is interpreter like
adds a nftables skeleton and makes xtables optional
agent: allow all agents to write inherited dropbear pipes
urandomseed: this seems to be replaced by seedrng
kmodloader: label /etc/modules.conf kmodloader.conffile
Revert "shelexecfile: remove auditallow rule"
Makefile: sort the modules to process by secilc
Moves back to git.defensec.nl
unbound odhcpd (ip) reads net proc
tcp dump
shelexecfile: remove auditallow rule
rrd.cil: fixes indent
Target rddtool from cgi-io instead of runnit it without transition
rrd.cil related
rrd, rpcd, cgiio clean ups related to luci-app-statistics
Rules for rrd files and luci-statistics
unboundcontrol ordering
Several missing permissions
blockmount, dnsmasq, hotplugcall, rpcd, unbound
adds mctp_socket (linux 5.15)
ip: forgot tc-tiny type transition to go along with the fc spec
ip: adds a fc spec for tc-tiny (called by sqm)
adds ttyACM fc spec and various assorted loose ends
.gitattributes: do not export the github workflows
workflow use selinux 3.3

project moved back to https://git.defensec.nl/selinux-policy.git

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 4379457098)
2022-05-03 20:32:48 +01:00
Daniel Golle
6cb08b1797 base-files: add missing $IPKG_INSTROOT to restorecon call
Update to overlooked v2 version of Dominick Grift's patch.

Fixes: 5109bd164c ("base-files: address sed in-place without SELinux awareness")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6d7272852e)
2022-05-03 20:32:38 +01:00
Dominick Grift
9282cb0be0 base-files: address sed in-place without SELinux awareness
sed(1) in busybox does not support this functionality:
https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598

This causes /etc/group to become mislabeled when a package requests
that a uid/gid be added on OpenWrt with SELinux

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[move restorecon inside lock]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 5109bd164c)
2022-05-03 20:32:38 +01:00
Daniel Golle
dc71658a80 fstools: update to git HEAD
f0fc66a libfstools: check for overlay mounting errors
 128ecaf Update / fix extroot comments
 8a0ba3b libfstools: get rid of "extroot_prefix" global variable
 649cd3f libfstools: use variable for overlay mount-point
 922f1b3 libfstools: avoid segfault in find_mount_point
 ce5eacb libfstools: mtd: improve error handling
 898b328 blockd: restore device_move semantics
 0917d22 block: don't probe mtdblock on NAND (with legacy exceptions)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4e8d095013)
2022-05-03 20:31:37 +01:00
Enrico Mioso
3a974b5bcd ipq40xx: fix BDF file for pcie wifi chip on the GL.Inet GL-B2200
After the switch to pre-calibration, ath10k would fail to initialize
the PCIE Wi-Fi on the GL-B200 as follows:

ath10k_pci 0000:01:00.0: enabling device (0140 -> 0142)
ath10k_pci 0000:01:00.0: qca9888 hw2.0 target 0x01000000 chip_id 0x00000000 sub 0000:0000
[...]
ath10k_pci 0000:01:00.0: failed to fetch board data for bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=GL-B2200 from ath10k/QCA9888/hw2.0/board-2.bin
ath10k_pci 0000:01:00.0: failed to fetch board-2.bin or board.bin from ath10k/QCA9888/hw2.0
ath10k_pci 0000:01:00.0: failed to fetch board file: -12
ath10k_pci 0000:01:00.0: could not probe fw (-12)

Repackage the BDF file after renaming relevant fields and files to
allow for the Wi-Fi interface to start again.

Fixes: 80d34d9d59 ("ipq40xx: document pcie wifi chip on the GL.Inet GL-B2200")
CC: Christian Lamparter <chunkeey@gmail.com>
CC: Robert Marko <robimarko@gmail.com>
Reviewed-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
(cherry picked from commit e3f9af4fb6)
2022-05-02 21:25:46 +02:00
Kerma Gérald
fa8e050c4b f2fs-tools: fix resize.f2fs (#9800)
resolve issue
- https://github.com/openwrt/openwrt/issues/9800
add the upstream patch:
- f2fs-tools.git/patch/?id=f056fbeff08d30a6d9acdb9e06704461ceee3500

Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit 1aac1b36d3)
2022-05-01 13:23:12 +02:00
Daniel Golle
946f60aaeb dnsmasq: add logfacility file to jail mounts
If logfacility is a path to a file it needs to be r/w mounted in the
sandbox as well for dnsmasq to work.

Reported-by: @iointerrupt
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2b5fa44f60)
2022-05-01 13:23:12 +02:00
Jo-Philipp Wich
5a11704244 ucode: reorder BuildPackage calls
Ensure that the libucode recipe is processed before the ucode one in
order to reliably encode the ABI version into ucode's libucode dependency.

Fixes: #9788
Ref: https://forum.openwrt.org/t/fw4-wont-start-after-upgrade/126308
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 573ce80ca6)
2022-04-28 10:46:49 +02:00
David Bauer
832e3ad71a iwinfo: update to latest HEAD
dc6847e iwinfo: nl80211: omit A-hwmode on non-5GHz hardware

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f757a8a098)
2022-04-27 00:55:07 +02:00
David Bauer
1b7cf4dd1c uboot-envtools: add WS-AP3825i config
Add configuration to use uboot-envtools with the Extreme Networks
WS-AP3825i.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit fb7ff6b027)
2022-04-26 01:04:44 +02:00
Jo-Philipp Wich
0481a5a35a firewall4: update to latest Git HEAD
fc83d46 ruleset: set auto-merge directive for interval sets
9bce873 fw4: fix skipping invalid ipset entries
425ea8a fw4: fix applying zone flags for source bound rules
a378883 fw4: fix emitting family specific redirect rules without any addrs
11feddf fw4: bracketize IPv6 addresses in dnat addr:port notation
9972f7d fw4: ensure to capitalize weekday names
fde8070 treewide: forward compatibility changes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commits 1a35ac9990 and
 af02a12d7c)
2022-04-25 09:55:23 +02:00
Jo-Philipp Wich
23170c6f4e ucode: update to latest Git HEAD
e14b099 syntax: implement support for ES6 template literals
111cf06 vm: stop executing bytecode on return of nested calls
33f1e0b treewide: move json-c compat shims into internal header file
e0e9431 vm: move unhandled exception reporting out of `uc_vm_execute_chunk()`
2b59140 vm: fix callframe double free on unhanded exceptions
7d7e950 main: abort when failing to load a preload library
1032a67 lib: let `json()` accept input objects implementing `read()` method
5ee68d5 fs: implement `fs.readfile()` and `fs.writefile()`
df6b861 ci: debian: change path before attempting to invoke Git operations
dfaf05a ci: debian: automatically update changelog from Git tag
34f3c45 ci: fix YAML syntax of Debian workflow
e956bcf fs: fix off-by-one in fs.dirname() function
6fc4b6c .gitignore: fix overmatching patterns, blacklist cram .venv
7c2e082 build: remove legacy json-c check
77942af build: add polyfills for older libjson-c versions
0b4aaa3 CI: build Debian package
f404285 debian: Add package definition
a37f654 types: fix escape sequence encoding of high byte values in JSON strings
aae5312 Update README.md
8134e25 build: fix symlink install target
87c7296 treewide: replace some leftover "utpl" occurrences, update .gitignore
7d27ad5 build: only stage ucc symlink if compile support is enabled
171402f lib: add date and time related functions
8b5dc60 lib: provide API function to obtain stdlib function implementations
eb0d2f1 main: turn ucode into multicall executable
28ee7e1 uloop: add support for tasks
753dea9 CI: build on macOS
668c5c0 lib: add argument position support (`%m$`) to `sprintf()` and `printf()`
ab46fdf treewide: remove legacy json-c include directives
b8f49b1 tests: 21_regex_literals: generalize syntax error test case
fd2e5e7 tests: 16_sort: fix logic flaw exposed on OS X
2c71bf2 tests: run_tests.sh: pass dummy value to `-T` flag
55c4a90 lib: disallow zero padding for %s formats
0d05cb5 tests: run_tests.sh: use greadlink if available
271e520 resolv: make OS X compatible
d13c320 fs: avoid Linux specific sys/sysmacros.h include on OS X
33397a3 uloop: use execvp() on OS X
bafdc8f lib: add naive sigtimedwait() stub for OS X
ada1585 build: consolidate CMakeLists.txt and cover OS X deviations
befbb69 include: add OS X compatible endian.h header
49838a8 include: rename include guards to avoid clashes with system headers
91f65de nl80211: add missing attributes and correct some attribute flags
b4a1fd5 lib: adjust require(), render() and include() raw mode semantics
4618807 main: rework CLI frontend
73dcd78 lib: fix potential integer underflow on empty render output
c402551 vm: fix crash on object literals with non-string computed properties
efe8a02 syntax: support add new operators
078d686 ubus: add event support
6c66c83 ubus: refactor error and argument handling
1cb04f9 ubus: add object publishing, notify and subscribe support
0e85974 uloop: clear errno before integer conversion attempts
05bd7ed types: treat resource type prototypes as GC roots
a2a26ca lib: introduce uloop binding
6b6d01f vm: release this context on exception in managed method call
1af23a9 tests: fix proto() testcase
4ce69a8 fs: implement access(), mkstemp(), file.flush() and proc.flush()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commits cef3e6a69c,
 0400774a10 and
 c59704334c)
2022-04-25 09:52:14 +02:00
David Bauer
dbe8d4fa2e iwinfo: update to latest HEAD
a479b9b devices: remove whitespace
562d015 iwinfo: nl80211: fix hwmode parsing for multi-band NICs

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-04-24 23:13:04 +02:00
Daniel Golle
e4d8c0f9b4 uboot-mediatek: remove '0x' prefix from pstore node
Remove '0x' prefix from pstore node in dts, just like it was done
for the device tree used by Linux on MT7622.
This change is done in preparation to update U-Boot to 2022.04.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 810b48e793)
2022-04-23 18:48:58 +01:00
Hauke Mehrtens
0e607d60ef OpenWrt v22.03.0-rc1: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-04-21 00:28:54 +02:00
Hauke Mehrtens
6945ddde9b OpenWrt v22.03.0-rc1: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-04-21 00:28:50 +02:00
Eneas U de Queiroz
df622768da wolfssl: fix compilation with /dev/crypto
This is trivial fix of a duplicate definition of 'int ret'.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-04-20 12:37:37 +02:00
Jo-Philipp Wich
204259356e netfilter: move nf-log modules into separate packages
Both legacy iptables and nftables require nf-log modules for rule logging,
so move them into a separate package both firewall implementations can
depend on.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit bea01fa57f)
2022-04-19 23:57:14 +02:00
Martin Kennedy
d60b3bf890 realtek: add ZyXEL GS1900-24HP v1 support
The ZyXEL GS1900-24HP v1 is a 24 port PoE switch with two SFP ports,
similar to the other GS1900 switches.

Specifications
--------------
* Device:    ZyXEL GS1900-24HP v1
* SoC:       Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash:     16 MiB
* RAM:       Winbond W9751G8KB-25 64 MiB DDR2 SDRAM
* Ethernet:  24x 10/100/1000 Mbps, 2x SFP 100/1000 Mbps
* LEDs:
  * 1 PWR LED (green, not configurable)
  * 1 SYS LED (green, configurable)
  * 24 ethernet port link/activity LEDs (green, SoC controlled)
  * 24 ethernet port PoE status LEDs
  * 2 SFP status/activity LEDs (green, SoC controlled)
* Buttons:
  * 1 "RESET" button on front panel (soft reset)
  * 1 button ('SW1') behind right hex grate (hardwired power-off)
* PoE:
  * Management MCU: ST Micro ST32F100 Microcontroller
  * 6 BCM59111 PSE chips
  * 170W power budget
* Power:     120-240V AC C13
* UART:      Internal populated 10-pin header ('J5') providing RS232;
             connected to SoC UART through a TI or SIPEX 3232C for voltage
             level shifting.

* 'J5' RS232 Pinout (dot as pin 1):
  2) SoC RXD
  3) GND
  10) SoC TXD

Serial connection parameters: 115200 8N1.

Installation
------------

OEM upgrade method:

* Log in to OEM management web interface

* Navigate to Maintenance > Firmware > Management

* If "Active Image" has the first option selected, OpenWrt will need to be
  flashed to the "Active" partition. If the second option is selected,
  OpenWrt will need to be flashed to the "Backup" partition.

* Navigate to Maintenance > Firmware > Upload

* Upload the openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-initramfs-kernel.bin
  file by your preferred method to the previously determined partition.
  When prompted, select to boot from the newly flashed image, and reboot
  the switch.

* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:

  > sysupgrade /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-squashfs-sysupgrade.bin

U-Boot TFTP method:

* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).

* Set up a TFTP server on your client and make it serve the initramfs
  image.

* Connect serial, power up the switch, interrupt U-boot by hitting the
  space bar, and enable the network:

  > rtk network on

* Since the GS1900-24HP v1 is a dual-partition device, you want to keep the
  OEM firmware on the backup partition for the time being. OpenWrt can
  only be installed in the first partition anyway (hardcoded in the
  DTS). To ensure we are set to boot from the first partition, issue the
  following commands:

  > setsys bootpartition 0
  > savesys

* Download the image onto the device and boot from it:

  > tftpboot 0x81f00000 192.168.1.10:openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-initramfs-kernel.bin
  > bootm

* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:

  > sysupgrade /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-squashfs-sysupgrade.bin

Signed-off-by: Martin Kennedy <hurricos@gmail.com>
[Add info on PoE hardware to commit message]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit a5ac8ad0ba)
2022-04-19 21:45:46 +02:00
Andrew Powers-Holmes
ff9264fabc ath79: add support for Sophos AP100/AP55 family
The Sophos AP100, AP100C, AP55, and AP55C are dual-band 802.11ac access
points based on the Qualcomm QCA9558 SoC. They share PCB designs with
several devices that already have partial or full support, most notably the
Devolo DVL1750i/e.

The AP100 and AP100C are hardware-identical to the AP55 and AP55C, however
the 55 models' ART does not contain calibration data for their third chain
despite it being present on the PCB.

Specifications common to all models:
 - Qualcomm QCA9558 SoC @ 720 MHz (MIPS 74Kc Big-endian processor)
 - 128 MB RAM
 - 16 MB SPI flash
 - 1x 10/100/1000 Mbps Ethernet port, 802.3af PoE-in
 - Green and Red status LEDs sharing a single external light-pipe
 - Reset button on PCB[1]
 - Piezo beeper on PCB[2]
 - Serial UART header on PCB
 - Alternate power supply via 5.5x2.1mm DC jack @ 12 VDC

Unique to AP100 and AP100C:
 - 3T3R 2.4GHz 802.11b/g/n via SoC WMAC
 - 3T3R 5.8GHz 802.11a/n/ac via QCA9880 (PCI Express)

AP55 and AP55C:
 - 2T2R 2.4GHz 802.11b/g/n via SoC WMAC
 - 2T2R 5.8GHz 802.11a/n/ac via QCA9880 (PCI Express)

AP100 and AP55:
 - External RJ45 serial console port[3]
 - USB 2.0 Type A port, power controlled via GPIO 11

Flashing instructions:

This firmware can be flashed either via a compatible Sophos SG or XG
firewall appliance, which does not require disassembling the device, or via
the U-Boot console available on the internal UART header.

To flash via XG appliance:
 - Register on Sophos' website for a no-cost Home Use XG firewall license
 - Download and install the XG software on a compatible PC or virtual
   machine, complete initial appliance setup, and enable SSH console access
 - Connect the target AP device to the XG appliance's LAN interface
 - Approve the AP from the XG Web UI and wait until it shows as Active
   (this can take 3-5 minutes)
 - Connect to the XG appliance over SSH and access the Advanced Console
   (Menu option 5, then menu option 3)
 - Run `sudo awetool` and select the menu option to connect to an AP via
   SSH. When prompted to enable SSH on the target AP, select Yes.
 - Wait 2-3 minutes, then select the AP from the awetool menu again. This
   will connect you to a root shell on the target AP.
 - Copy the firmware to /tmp/openwrt.bin on the target AP via SCP/TFTP/etc
 - Run `mtd -r write /tmp/openwrt.bin astaro_image`
 - When complete, the access point will reboot to OpenWRT.

To flash via U-Boot serial console:
 - Configure a TFTP server on your PC, and set IP address 192.168.99.8 with
   netmask 255.255.255.0
 - Copy the firmware .bin to the TFTP server and rename to 'uImage_AP100C'
 - Open the target AP's enclosure and locate the 4-pin 3.3V UART header [4]
 - Connect the AP ethernet to your PC's ethernet port
 - Connect a terminal to the UART at 115200 8/N/1 as usual
 - Power on the AP and press a key to cancel autoboot when prompted
 - Run the following commands at the U-Boot console:
    - `tftpboot`
    - `cp.b $fileaddr 0x9f070000 $filesize`
    - `boot`
 - The access point will boot to OpenWRT.

MAC addresses as verified by OEM firmware:

use   address     source
LAN   label       config 0x201a (label)
2g    label + 1   art 0x1002    (also found at config 0x2004)
5g    label + 9   art 0x5006

Increments confirmed across three AP55C, two AP55, and one AP100C.

These changes have been tested to function on both current master and
21.02.0 without any obvious issues.

[1] Button is present but does not alter state of any GPIO on SoC
[2] Buzzer and driver circuitry is present on PCB but is not connected to
    any GPIO. Shorting an unpopulated resistor next to the driver circuitry
    should connect the buzzer to GPIO 4, but this is unconfirmed.
[3] This external RJ45 serial port is disabled in the OEM firmware, but
    works in OpenWRT without additional configuration, at least on my
    three test units.
[4] On AP100/AP55 models the UART header is accessible after removing
    the device's top cover. On AP100C/AP55C models, the PCB must be removed
    for access; three screws secure it to the case.
    Pin 1 is marked on the silkscreen. Pins from 1-4 are 3.3V, GND, TX, RX

Signed-off-by: Andrew Powers-Holmes <andrew@omnom.net>
(cherry picked from commit 6f1efb2898)
2022-04-19 21:45:46 +02:00
Abdul Aziz Amar
3b3dccae0e ramips: add support for BOLT! Arion
This device is from now-defunct BOLT! ISP in Indonesia.
The original firmware is based on mediatek SDK running linux 2.6 or 3.x in later revision.

Specifications:

- SoC:      MediaTek MT7621
- Flash:    32 MiB NOR SPI
- RAM:      128 MiB DDR3
- Ethernet: 2x 10/100/1000 Mbps (switched, LAN + WAN)
- WIFI0:    MT7603E 2.4GHz 802.11b/g/n
- WIFI1:    MT7612E 5GHz 802.11ac
- Antennas: 2x internal, non-detachable
- LEDs:     Programmable LEDs: 5 blue LEDs (wlan, tel, sig1-3) and 2 red LEDs (wlan and sig1)
            Non-programmable "Power"  LED
- Buttons:  Reset and WPS

Instalation:
Install from TFTP

Set your PC IP to 10.10.10.3 and gateway to 10.10.10.123
Press "1" when turning on the router, and type the initramfs file name

You also need to solder pin header or cable to J4 or neighboring test points (T19-T21)
Pinouts from top to bottom: GND, TX, RX, VCC (3.3v)
Baudrate: 57600n8

There's also an additional gigabit transformer and RTL8211FD managed by the LTE module on the backside of the PCB.

Signed-off-by: Abdul Aziz Amar <abdulaziz.amar@gmail.com>
(cherry picked from commit 78c3534645)
2022-04-19 21:45:46 +02:00
Thibaut VARÈNE
b78db9daa4 mac80211: fix QCA9561 PA bias
This patch fixes an invalid TX PA DC bias level on QCA9561, which
results in a very low output power and very low throughput as devices
are further away from the AP (compared to other 2.4GHz APs),
following a suggestion from nbd[1].

This patch has been submitted upstream[2].

[1] https://lore.kernel.org/all/91c58969-c60e-2f41-00ac-737786d435ae@nbd.name
[2] https://lore.kernel.org/linux-wireless/20220417145145.1847-1-hacks+kernel@slashdirt.org/

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit 7dc52a78ae)
2022-04-18 06:43:06 +02:00
Rosen Penev
541acd3933 readline: add host PIC
Python seems to fail to link to libreadline properly because of this.
Not a fatal error but an error nontheless.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit b363f74886)
2022-04-17 21:47:11 +02:00
Hauke Mehrtens
d86980eab2 linux-firmware: Update to version 20220411
The following files used in OpenWrt changed:
 amd64-microcode/lib/firmware/amd-ucode/microcode_amd_fam17h.bin
 amd64-microcode/lib/firmware/amd-ucode/microcode_amd_fam19h.bin
 amdgpu-firmware/lib/firmware/amdgpu/aldebaran_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/aldebaran_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/aldebaran_rlc.bin
 amdgpu-firmware/lib/firmware/amdgpu/aldebaran_sdma.bin
 amdgpu-firmware/lib/firmware/amdgpu/aldebaran_smc.bin
 amdgpu-firmware/lib/firmware/amdgpu/aldebaran_sos.bin
 amdgpu-firmware/lib/firmware/amdgpu/aldebaran_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/aldebaran_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/arcturus_sdma.bin
 amdgpu-firmware/lib/firmware/amdgpu/beige_goby_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/beige_goby_dmcub.bin
 amdgpu-firmware/lib/firmware/amdgpu/beige_goby_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/beige_goby_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/beige_goby_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/beige_goby_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/beige_goby_rlc.bin
 amdgpu-firmware/lib/firmware/amdgpu/beige_goby_sdma.bin
 amdgpu-firmware/lib/firmware/amdgpu/beige_goby_smc.bin
 amdgpu-firmware/lib/firmware/amdgpu/beige_goby_sos.bin
 amdgpu-firmware/lib/firmware/amdgpu/beige_goby_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/beige_goby_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/cyan_skillfish2_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/cyan_skillfish2_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/cyan_skillfish2_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/cyan_skillfish2_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/cyan_skillfish2_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/dcn_3_1_6_dmcub.bin
 amdgpu-firmware/lib/firmware/amdgpu/dimgrey_cavefish_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/dimgrey_cavefish_dmcub.bin
 amdgpu-firmware/lib/firmware/amdgpu/dimgrey_cavefish_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/dimgrey_cavefish_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/dimgrey_cavefish_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/dimgrey_cavefish_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/dimgrey_cavefish_rlc.bin
 amdgpu-firmware/lib/firmware/amdgpu/dimgrey_cavefish_sdma.bin
 amdgpu-firmware/lib/firmware/amdgpu/dimgrey_cavefish_smc.bin
 amdgpu-firmware/lib/firmware/amdgpu/dimgrey_cavefish_sos.bin
 amdgpu-firmware/lib/firmware/amdgpu/dimgrey_cavefish_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/dimgrey_cavefish_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/gc_10_3_7_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/gc_10_3_7_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/gc_10_3_7_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/gc_10_3_7_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/gc_10_3_7_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/gc_10_3_7_rlc.bin
 amdgpu-firmware/lib/firmware/amdgpu/green_sardine_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/green_sardine_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/green_sardine_dmcub.bin
 amdgpu-firmware/lib/firmware/amdgpu/green_sardine_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/green_sardine_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/green_sardine_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/green_sardine_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/green_sardine_rlc.bin
 amdgpu-firmware/lib/firmware/amdgpu/green_sardine_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/green_sardine_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi10_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi10_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi10_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi10_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi10_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi10_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi10_sos.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi10_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi10_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi12_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi12_sdma.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi12_sdma1.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi12_sos.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi12_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi12_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi14_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi14_smc.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi14_sos.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi14_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/navi14_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/navy_flounder_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/navy_flounder_dmcub.bin
 amdgpu-firmware/lib/firmware/amdgpu/navy_flounder_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/navy_flounder_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/navy_flounder_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/navy_flounder_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/navy_flounder_rlc.bin
 amdgpu-firmware/lib/firmware/amdgpu/navy_flounder_sdma.bin
 amdgpu-firmware/lib/firmware/amdgpu/navy_flounder_smc.bin
 amdgpu-firmware/lib/firmware/amdgpu/navy_flounder_sos.bin
 amdgpu-firmware/lib/firmware/amdgpu/navy_flounder_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/navy_flounder_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/picasso_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/picasso_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/picasso_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/picasso_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/picasso_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/picasso_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/picasso_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/picasso_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/psp_13_0_8_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/psp_13_0_8_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/psp_13_0_8_toc.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven2_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven2_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven2_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven2_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven2_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven2_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven2_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven2_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/raven_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/renoir_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/renoir_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/renoir_dmcub.bin
 amdgpu-firmware/lib/firmware/amdgpu/renoir_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/renoir_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/renoir_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/renoir_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/renoir_rlc.bin
 amdgpu-firmware/lib/firmware/amdgpu/renoir_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/renoir_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/sdma_5_2_7.bin
 amdgpu-firmware/lib/firmware/amdgpu/sienna_cichlid_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/sienna_cichlid_dmcub.bin
 amdgpu-firmware/lib/firmware/amdgpu/sienna_cichlid_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/sienna_cichlid_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/sienna_cichlid_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/sienna_cichlid_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/sienna_cichlid_rlc.bin
 amdgpu-firmware/lib/firmware/amdgpu/sienna_cichlid_sdma.bin
 amdgpu-firmware/lib/firmware/amdgpu/sienna_cichlid_smc.bin
 amdgpu-firmware/lib/firmware/amdgpu/sienna_cichlid_sos.bin
 amdgpu-firmware/lib/firmware/amdgpu/sienna_cichlid_ta.bin
 amdgpu-firmware/lib/firmware/amdgpu/sienna_cichlid_vcn.bin
 amdgpu-firmware/lib/firmware/amdgpu/vangogh_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/vangogh_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/vangogh_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/vangogh_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/vangogh_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/vangogh_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega10_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega10_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega10_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega10_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega10_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega10_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega12_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega12_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega12_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega12_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega12_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega12_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega20_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega20_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega20_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega20_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega20_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/vega20_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/yellow_carp_asd.bin
 amdgpu-firmware/lib/firmware/amdgpu/yellow_carp_ce.bin
 amdgpu-firmware/lib/firmware/amdgpu/yellow_carp_me.bin
 amdgpu-firmware/lib/firmware/amdgpu/yellow_carp_mec.bin
 amdgpu-firmware/lib/firmware/amdgpu/yellow_carp_mec2.bin
 amdgpu-firmware/lib/firmware/amdgpu/yellow_carp_pfp.bin
 amdgpu-firmware/lib/firmware/amdgpu/yellow_carp_rlc.bin
 amdgpu-firmware/lib/firmware/amdgpu/yellow_carp_ta.bin
 ibt-firmware/lib/firmware/intel/ibt-hw-37.8.10-fw-22.50.19.14.f.bseq
 iwlwifi-firmware-ax210/lib/firmware/iwlwifi-ty-a0-gf-a0.pnvm
 iwlwifi-firmware-iwl9260/lib/firmware/iwlwifi-9260-th-b0-jf-b0-46.ucode
 iwlwifi-firmware-iwl9000/lib/firmware/iwlwifi-9000-pu-b0-jf-b0-46.ucode

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 54d9051c55)
2022-04-17 21:31:02 +02:00
Cezary Jackiewicz
0a5f3b0126 comgt: support ZTE MF286R modem
The modem is based on Marvell PXA1826 and uses ACM+RNDIS interface to
establish connection with custom commands specific to ZTE modems.
Two variants of modems were discovered, some identifying themselves
as "ZTE", and others as plain "Marvell", the chipset manufacturer.
The modem itself runs a fork of OpenWrt inside, which root shell can be
accessed via ADB interface.

Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit e02fb42c53)
2022-04-17 21:31:02 +02:00
Lech Perczak
83003b6c06 comgt: ncm: try to detect interface for ttyACM ports
Some modems expose ttyACM as their control ports, which have the
"device" symlink pointing one level down in sysfs tree. Try to find
network interfaces for them as well, this is commonly used for modems
exposing ACM + RNDIS or ACM + ECM interface combinations.

Co-developed-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit ed7957810c)
2022-04-17 21:31:02 +02:00
Lech Perczak
839cb17e3a comgt: ncm: select first available network interface for device
Some modems expose multiple network interfaces on the same USB device,
causing the connection setup script to fail, because glob matching in
the detection phase causes 'ls' to output more than one interface name
plus their base directories in sysfs. Avoid that by listing the
directories explicitly and then selecting first available interface.
This is the case for some variants of ZTE MF286R built-in modem, which
exposes both RNDIS and CDC-ECM network interfaces, causing the
connection setup to fail.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit b2940bb8b2)
2022-04-17 21:31:02 +02:00
Lech Perczak
c138cb80e9 comgt: ncm: allow specification of interface name
Add ifname property to UCI, which can be used to override the
autodetected interface name in case the detection fails due to having
none or more than one interface exposed by the modem, which is not
explicitly linked to TTY port. This is needed on certain variants of ZTE
MF286R built-in modem, which exposes both RNDIS and CDC-ECM interfaces
on the modem, on which the automatic detection may select the wrong
network interface.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit a67629bbe2)
2022-04-17 21:31:02 +02:00
David Bauer
75b83e94a3 hostapd: add ubus link-measurements notifications
Notify external ubus subscribers of received link-measurement reports.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f6445cfa1a)
2022-04-17 01:16:58 +02:00
David Bauer
fd20720c71 hostapd: add ubus method for requesting link measurements
Add a ubus method to request link-measurements from connected STAs.

In addition to the STAs address, the used and maximum transmit power can
be provided by the external process for the link-measurement. If they
are not provided, 0 is used as the default value.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 965aa33a18)
2022-04-17 01:16:44 +02:00
David Bauer
04bc07ab84 hostapd: add support for enabling link measurements
Allow external processes to enable advertisement of link-measurement RRM
capability.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2ca5c3da04)
2022-04-17 01:16:37 +02:00
Daniel Golle
7ea412ef5a
netifd: relax check in dhcp proto handler
Checking whether /sbin/udhcpc is a symbolic link breaks using the
DHCP proto handler inside procd-ujail where bind-mounts are used for
the resolved link. Check whether /sbin/udhcpc is executable instead
to allow using the proto handler for DHCP-provisioned containers.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c5f113c43f)
2022-04-15 14:12:09 +01:00
Daniel Golle
7cd482662f
procd: update to git HEAD
6343c3a procd: completely remove tmp-on-zram support
 5c5e63f uxc: fix potential NULL-pointer dereference
 eb03f03 jail: include necessary files for per-netns netifd instance

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2c8873033e)
2022-04-15 14:12:04 +01:00
Daniel Golle
6fe3852d47
base-files: more robust sysupgrade on NAND
Make sure sysupgrade on NAND also works in case of UBI volumes having
index >9. While at it, also make sure UBI device is detected and abort
in case it isn't. Use Shell built-in shorthand ':' instead of 'true'.

Fixes #9708
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0dbca1b2ba)
2022-04-15 14:11:59 +01:00
Thibaut VARÈNE
321ec22f52 ath79: add support for Yuncore A930
Specification:

- QCA9533 (650 MHz), 64 or 128MB RAM, 16MB SPI NOR
- 2x 10/100 Mbps Ethernet, with 802.3at PoE support (WAN)
- 2T2R 802.11b/g/n 2.4GHz

Flash instructions:

If your device comes with generic QSDK based firmware, you can login
over telnet (login: root, empty password, default IP: 192.168.188.253),
issue first (important!) 'fw_setenv' command and then perform regular
upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download
image to the device, SSH server is not available):

  fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
  sysupgrade -n -F openwrt-...-yuncore_...-squashfs-sysupgrade.bin

In case your device runs firmware with YunCore custom GUI, you can use
U-Boot recovery mode:

1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with
   'tftp' image renamed to 'upgrade.bin'
2. Power the device with reset button pressed and release it after 5-7
   seconds, recovery mode should start downloading image from server
   (unfortunately, there is no visible indication that recovery got
   enabled - in case of problems check TFTP server logs)

Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit a05dcb0724)
2022-04-15 08:14:50 +02:00
Thibaut VARÈNE
708b883168 ath79: add support for Yuncore XD3200
Specification:

- QCA9563 (775MHz), 128MB RAM, 16MB SPI NOR
- 2T2R 802.11b/g/n 2.4GHz
- 2T2R 802.11n/ac 5GHz
- 2x 10/100/1000 Mbps Ethernet, with 802.3at PoE support (WAN port)

LED for 5 GHz WLAN is currently not supported as it is connected directly
to the QCA9882 radio chip.

Flash instructions:

If your device comes with generic QSDK based firmware, you can login
over telnet (login: root, empty password, default IP: 192.168.188.253),
issue first (important!) 'fw_setenv' command and then perform regular
upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download
image to the device, SSH server is not available):

  fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
  sysupgrade -n -F openwrt-...-yuncore_...-squashfs-sysupgrade.bin

In case your device runs firmware with YunCore custom GUI, you can use
U-Boot recovery mode:

1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with
   'tftp' image renamed to 'upgrade.bin'
2. Power the device with reset button pressed and release it after 5-7
   seconds, recovery mode should start downloading image from server
   (unfortunately, there is no visible indication that recovery got
   enabled - in case of problems check TFTP server logs)

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit c91df224f5)
2022-04-15 08:14:50 +02:00
Felix Fietkau
968c1dedc2 mac80211: backport minstrel_ht fix for legacy rates
Fixes OFDM rates on 5 GHz

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 5d5afd5177)
2022-04-12 09:34:07 +02:00
Rosen Penev
724a9bb3ea musl-fts: add host build
This will be used for libselinux.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 1fb099341e)
2022-04-11 23:17:55 +02:00
Eneas U de Queiroz
fb597a9d4c nftables: add CONFLICT between versions
Have nftables-json conflict with nftables-nojson.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 1135b75d1f)
2022-04-11 22:45:16 +02:00
Hauke Mehrtens
706c7706a3 mac80211: Update to version 5.15.33-1
This updates mac80211 to version 5.15.33-1 which is based on kernel
5.15.33.
The removed patches were applied upstream.

This new release contains many fixes which were merged into the upstream
Linux kernel.
This also contains the following new drivers which are needed for ath11k:
* net/qrtr/
* drivers/bus/mhi/

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3aa96efa24)
2022-04-11 22:44:17 +02:00
Eneas U de Queiroz
2393b09b59 wolfssl: bump to 5.2.0
Fixes two high-severity vulnerabilities:

- CVE-2022-25640: A TLS v1.3 server who requires mutual authentication
  can be bypassed.  If a malicious client does not send the
  certificate_verify message a client can connect without presenting a
  certificate even if the server requires one.

- CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS
  v1.3 server can have its certificate heck bypassed. If the sig_algo in
  the certificate_verify message is different than the certificate
  message checking may be bypassed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit e89f3e85eb)
2022-04-11 22:44:17 +02:00
Daniel Golle
1a2689a460 arm-trusted-firmware-mediatek: remove no longer needed Configure step
As anyway only the default is called now we can as well also just remove
the override for Build/Configure.

Fixes: e2cffbb805 ("arm-trusted-firmware-mediatek: update to 2021-03-10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit dffad93d3e)
2022-04-10 16:32:20 +01:00
Konstantin Demin
d118e57b35 dropbear: bump to 2022.82
- update dropbear to latest stable 2022.82;
  for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- use $(AUTORELEASE) in PKG_RELEASE
- use https for all uris
- refresh all patches
- rewrite patches:
  - 100-pubkey_path.patch
  - 130-ssh_ignore_x_args.patch

binary/pkg size changes:
- ath79/generic, mips:
  - binary: 215112 -> 219228 (+4116)
  - pkg: 111914 -> 113404 (+1490)
- ath79/tiny, mips:
  - binary: 172501 -> 172485 (-16)
  - pkg: 89871 -> 90904 (+1033)

Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit 65256aee23)
2022-04-10 16:26:01 +01:00
Nick Hainke
53c2874e07 libmnl: update to 1.0.5
Changes:

Duncan Roe (5):
      nlmsg: Fix a missing doxygen section trailer
      build: doc: "make" builds & installs a full set of man pages
      build: doc: get rid of the need for manual updating of Makefile
      build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
      src: doc: Fix messed-up Netlink message batch diagram

Fernando Fernandez Mancera (1):
      src: fix doxygen function documentation

Florian Westphal (1):
      libmnl: zero attribute padding

Guillaume Nault (1):
      callback: mark cb_ctl_array 'const' in mnl_cb_run2()

Kylie McClain (1):
      examples: nfct-daemon: Fix test building on musl libc

Laura Garcia Liebana (4):
      examples: add arp cache dump example
      examples: fix neigh max attributes
      examples: fix print line format
      examples: reduce LOCs during neigh attributes validation

Pablo Neira Ayuso (3):
      doxygen: remove EXPORT_SYMBOL from the output
      include: add MNL_SOCKET_DUMP_SIZE definition
      build: libmnl 1.0.5 release

Petr Vorel (1):
      examples: Add rtnl-addr-add.c

Stephen Hemminger (1):
      examples: rtnl-addr-dump: fix typo

igo95862 (1):
      doxygen: Fixed link to the git source tree on the website.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit c3b7389339)
2022-04-10 16:26:01 +01:00
Nick Hainke
8215bba00e libnfnetlink: update to 1.0.2
Changes:

c63f193 bump version to 1.0.2
3cffa84 libnfnetlink: Check getsockname() return code
90ba679 include: Silence gcc warning in linux_list.h
bb4f6c8 Make it clear that this library is deprecated
e46569c Minimally resurrect doxygen documentation
5087de4 libnfnetlink: hide private symbols
62ca426 autogen: don't convert __u16 to u_int16_t
efa1d8e src: Use stdint types everywhere
7a1a07c include: Sync with kernel headers
7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings
94b68f3 configure: uclinux is also linux
617fe82 src: get source code license header in sync with current licensing terms
97a3960 build: resolve automake-1.12 warnings

Removed the patch 100-missing_include.patch, libnfnetlink compiles fine
with musl without this patch.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit aecf088b37)
2022-04-10 16:26:01 +01:00
Andrey Erokhin
8f4124c252 gpio-button-hotplug: fix data race
bh_event_add_var can be called by multiple threads concurrently,
so it shall not use a static char buffer

Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
(cherry picked from commit 1e991e09b7)
2022-04-10 16:26:01 +01:00
Daniel Golle
dbec41685b libselinux: add missing host-build dependency on libsepol/host
The host-build of libselinux requires libsepol/host.
Add the libsepol/host to HOST_BUILD_DEPENDS to allow build on hosts
which don't have libsepol installed.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0d3850dc5a)
2022-04-10 16:26:01 +01:00
Valentyn Datsko
660923cd74 dnsmasq: add procd interface index tracking
Problem exist when dnsmasq is exclusively bind to particular interface.
After reconfiguring or restarting this interface, its index changes, but
dnsmasq uses the old one. When this problem occurs, dnsmasq does not
listen on the correct interface so DHCP does not work, and clients do not
get an IP address. Procd netdev param can be added to restart dnsmasq when
the interface index is changed.

Signed-off-by: Valentyn Datsko <valikk.d@gmail.com>
[combined into a single &&-connected statement]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 76f55e3c3f)
2022-04-10 16:26:01 +01:00
Rosen Penev
ce7ee54c55 libselinux: use musl-fts for host builds
Fixes compilation under musl based distros like Alpine Linux.

Also add pcre/host as a build dependency as it's needed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit abb2683de3)
2022-04-10 16:26:01 +01:00
Paul Spooren
f56ddb0f58 toolchain: reproducible libstdcpp
A Python script containing an unreproducible path is copied by default.
Remove it before generating the package.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 950bd40a27)
2022-04-06 13:59:44 +01:00
Paul Spooren
fd81c052f7 grub2: add missing license
The PKG_LICENSE field was missing.
While at it, normalize the Makefile a bit.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 839b1ff1fc)
2022-04-05 23:33:35 +02:00
Daniel Golle
2dafc04b4d kernel: load device-mapper early on boot
Previously commit openwrt/packages@3abb7cb ("lvm2: Added script and updated Makefile[...]")
couldn't actually work and allow rootfs_data to be stored on a LVM2 as
the necessary kernel modules had not been loaded at this point.
Fix this by loading device-mapper modules early at boot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 82f9ad6ab2)
2022-04-05 23:33:35 +02:00
Piotr Dymacz
66c075c5d2 kernel: modules: drop 'AddDepends/bluetooth' calls
Function 'AddDepends/bluetooth' doesn't exist in our codebase.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 173198e35a)
2022-04-05 23:33:35 +02:00
Hauke Mehrtens
d18e365b17 busybox: Fix snprintf arguments in lock
The first argument for snprintf is the buffer and the 2. one is the
size. Fix the order. This broke the lock application.

Fixes: 9d2b26d5a7 ("busybox: fix busybox lock applet pidstr buffer overflow")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d80336e1a9)
2022-04-05 23:33:16 +02:00
Qichao Zhang
9d2b26d5a7 busybox: fix busybox lock applet pidstr buffer overflow
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.

Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
(cherry picked from commit 34567750db)
2022-04-05 00:20:24 +02:00
Rosen Penev
56463b0221 pcre: disable shared libraries for host builds
Getting rid of shared libraries for hostpkg avoids having to use rpath
hacks to find the library. It also fixes compilation with host glib2
binaries.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f8571749a7)
2022-04-05 00:20:24 +02:00
Rosen Penev
308adb76d2 musl-fts: remove shared libraries from host
Avoids having to add rpath to the various packages using it. Also add
PIC to fix compilation as static libraries do not use PIC by default.

Fixes: 1fb099341e ("musl-fts: add host build")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8a75ed4ba0)
2022-04-05 00:20:24 +02:00
Stijn Tintel
3a3fdd6239 gettext-full: add gmsgfmt symlink in host install
Some configure scripts look for msgfmt and gmsgfmt. As we don't install
the latter, configure might pick up one from staging_dir/hostpkg, and
the other from the host:

checking for msgfmt... /home/stijn/Development/OpenWrt/openwrt/staging_dir/hostpkg/bin/msgfmt
checking for gmsgfmt... /usr/bin/gmsgfmt

This could potentially lead to hard to debug undefined behaviour.
Install a symlink in the host install phase to avoid this.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 636cb00ecc)
2022-04-05 00:20:24 +02:00
Robert Marko
9ae93c14fb uboot-mvebu: backport patch to fix eMMC
v2022.01 has a regression that broke eMMC usage on most if not all Armada
SoC-s, thus breaking boards like uDPU which use eMMC for storage.

Fix it by backporting a recent upstream patch.

Fixes: 782d4c8306 ("uboot-mvebu: update to version 2022.01")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit a703830806)
2022-04-05 00:20:24 +02:00
Daniel Golle
d7354297bb uqmi: fix acquiring PIN status
Evaluating the return value of 'json_load' didn't work in the
intended way resulting in PIN status no longer being read on modems
where --get-pin-status doesn't fail.
Fix this by trying --get-pin-status first and checking if pin1_status
field exists in JSON, and if it doesn't try again with
--uim-get-sim-state.

Fixes: #9501
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ee7cb5e885)
2022-03-27 16:14:00 +01:00
Felix Fietkau
52e0ce2327 mac80211: backport patch that allows receiving packets with non-standard VHT MCS10-11 rates
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 56ae4eb908)
2022-03-27 16:14:00 +01:00
Daniel Golle
64fd2713a3 uboot-mediatek: add patch to allow accessing bootconf from Linux
Store selected boot configuration in '/chosen' node in device tree, so
it can be accessed by Linux (and used for fine-tuning the FIT partition
parser).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit dfc3ea6810)
2022-03-27 16:14:00 +01:00
Daniel Golle
ef822ac8d8 uboot-envtools: oxnas: fix wrong eraseblock size for shuttle,kd20
Shuttle KD20 has NAND flash with 0x20000 (128KiB) erase blocks.
Correctly set that in uboot-envtools as well to allow writing to the
bootloader environment using fw_setenv.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit fa67639513)
2022-03-27 16:14:00 +01:00
Petr Štetiar
b8f076c9a4 openwrt-keyring: fix broken install step
In commit 2d03f27f0f ("openwrt-keyring: make opkg use 22.03 usign
key") I've accidentally removed the `endef` keyword, so fix it by adding
it back.

Fixes: 2d03f27f0f ("openwrt-keyring: make opkg use 22.03 usign key")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-03-27 11:48:31 +02:00
Petr Štetiar
2d03f27f0f openwrt-keyring: make opkg use 22.03 usign key
In order to make opkg usable with artifacts produced by project's
buildbot:

 Downloading https://downloads.openwrt.org/releases/22.03-SNAPSHOT/packages/x86_64/luci/Packages.sig
 Signature check failed.
 Remove wrong Signature file.

References: https://gitlab.com/openwrt/docker/-/jobs/2255191689
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-03-27 11:06:40 +02:00
张 鹏
e93af247a3 ipq40xx: update E2600AC c1/c2 board
Modified the radio frequency hardware part of e2600ac c1/c2,
need to cooperate with the modified board.bin file, the device
can work normally.

Signed-off-by: 张 鹏 <sd20@qxwlan.com>
(cherry picked from commit bdc786e82c)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-03-26 21:28:41 +01:00
Josef Schlehofer
2ce4ae55db cypress-firmware: drop several packages
1. Drop package: cypress-firmware-4359-pcie
This binary is no longer provided and there are not many details what
happened.

2. Drop package: cypress-firmware-4359-sdio
This binary is no longer provided, but in this case, to compare it with
PCIe package mention as first, there was added
support in Linux-firmware [1], but no sign of firmware file.

4. Drop package: cypress-firmware-89459-pcie [2]
According to Infineon: "CYW89459 is an automotive Wi-Fi chip which is not
supported in the broad market community."

[1] https://patchwork.kernel.org/project/linux-wireless/patch/20191211235253.2539-6-smoch@web.de/

[2] https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/the-wifi-driver-for-CYW89459-in-linux4-14-98-2-3-00/m-p/138971

Fixes: 7ca7e0b22d ("cypress-firmware: update it to version 5.4.18-2021_0812")

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 51dee3f4f7)
2022-03-26 21:28:41 +01:00
Petr Štetiar
161ff660fc openwrt-keyring: add OpenWrt 22.03 GPG/usign keys
62471e693b4f usign: add 22.03 release build public key
 70817cffc905 gpg: add OpenWrt 22.03 signing key

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 759886345d)
2022-03-25 14:28:50 +01:00
Petr Štetiar
3965dda0fa zlib: backport security fix for a reproducible crash in compressor
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.

Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.

Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b3aa2909a7)
2022-03-24 08:18:21 +01:00
Felix Fietkau
68b008756f qosify: update to the latest version
391a9fbd5ace dns: fix parsing vlan encapsulated protocol
6aeeddbc91ad interface: extend dns filters to cover vlan tagged traffic as well
1ab53d4ca601 bpf: return TC_ACT_UNSPEC to allow other filters to proceed
ca21e729af23 interface: switch to using clsact for filters
5d158f6b3c15 interface: run ingress bpf filter on main device ingress instead of ifb egress
bdfcb11847ce interface: fix duplicated dns filter line
b97405aa632a Revert "ubus: remove dnsmasq subscriber"
8fbaf39dbc95 interface: rework adding/removing filters, do not delete clsact
d7ba5804eae4 interface: replace open-coded ifb-dns string with QOSIFY_DNS_IFNAME
91cf440db9e2 loader: fix use of deprecated functions
57c7817f91c2 qosify: fix dscp values of ubus-added dns host entries

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit af434e0da2)
2022-03-22 10:29:18 +01:00
Rui Salvaterra
714ed05a41 kmod-lzo: include the lzo-rle kmod in the package
Albeit a separate crypto module, lzo-rle uses the same kernel library as lzo.
Crypto API users (zram, for example) expect both lzo and lzo-rle to be
available, so let's include lzo-rle (about 5.5 kiB) in the lib-lzo package.

Based on e9hack's original patch: https://patchwork.ozlabs.org/project/openwrt/patch/541cbfbd-76f2-59b3-a867-47b6f0fc7da9@gmail.com/

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit aaa0c09785)
2022-03-22 09:25:40 +00:00
Richard Huynh
9470160c35 mediatek: Add support for Xiaomi Redmi Router AX6S
Also known as the "Xiaomi Router AX3200" in western markets,
but only the AX6S is widely installation-capable at this time.

SoC: MediaTek MT7622B
RAM: DDR3 256 MiB (ESMT M15T2G16128A)
Flash: SPI-NAND 128 MiB (ESMT F50L1G41LB or Gigadevice GD5F1GQ5xExxG)
WLAN: 2.4/5 GHz 4T4R
2.4 GHz: MediaTek MT7622B
5 GHz: MediaTek MT7915E
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531B
LEDs/Keys: 2/2 (Internet + System LED, Mesh button + Reset pin)
UART: Marked J1 on board VCC RX GND TX, beginning from "1". 3.3v, 115200n8
Power: 12 VDC, 1.5 A

Notes:
U-Boot passes through the ethaddr from uboot-env partition,
but also has been known to reset it to a generic mac address
hardcoded in the bootloader.

However, bdata is also populated with the ethernet mac addresses,
but is also typically never written to. Thus this is used instead.

Installation:
1. Flash stock Xiaomi "closed beta" image labelled
'miwifi_rb03_firmware_stable_1.2.7_closedbeta.bin'.
(MD5: 5eedf1632ac97bb5a6bb072c08603ed7)

2. Calculate telnet password from serial number and login

3. Execute commands to prepare device
nvram set ssh_en=1
nvram set uart_en=1
nvram set boot_wait=on
nvram set flag_boot_success=1
nvram set flag_try_sys1_failed=0
nvram set flag_try_sys2_failed=0
nvram commit

4. Download and flash image
On computer:
python -m http.server
On router:
cd /tmp
wget http://<IP>:8000/factory.bin
mtd -r write factory.bin firmware

Device should reboot at this point.

Reverting to stock:
Stock Xiaomi recovery tftp that accepts their signed images,
with default ips of 192.168.31.1 + 192.168.31.100.
Stock image should be renamed to tftp server ip in hex (Eg. C0A81F64.img)
Triggered by holding reset pin on powerup.

A simple implementation of this would be via dnsmasq's
dhcp-boot option or using the vendor's (Windows only)
recovery tool available on their website.

Signed-off-by: Richard Huynh <voxlympha@gmail.com>
(cherry picked from commit 9f9477b275)
2022-03-21 13:11:56 +00:00
Paul Spooren
43e6d979b8 OpenWrt v22.03: set branch defaults
Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-20 13:05:00 +00:00
Huangbin Zhan
3bf10bac11 ncurses: update to 6.3
release notes: https://invisible-island.net/ncurses/announce-6.3.html

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2022-03-19 17:42:29 +01:00
Mikhail Zhilkin
f8b02130d2 ramips: add support for Beeline SmartBox Flash
Beeline SmartBox Flash is a wireless AC1300 (WiFi 5) router manufactured
by Arcadyan company.

Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB, Winbond W632GU6NB
Flash: 128 MiB (NAND), Winbond W29N01HVSINF
Wireless 2.4 GHz (MT7615DN): b/g/n, 2x2
Wireless 5 GHz (MT7615DN): a/n/ac, 2x2
Ethernet: 3xGbE (WAN, LAN1, LAN2)
USB ports: 1xUSB3.0
Button: 1 (Reset/WPS)
LEDs: 1 RGB LED
Power: 12 VDC, 1.5 A
Connector type: Barrel
Bootloader: U-Boot (Ralink UBoot Version: 5.0.0.2)
OEM: Arcadyan WE42022

Installation
------------
1. Place *factory.trx on any web server (192.168.1.2 in this example)
2. Connect to the router using telnet shell (no password required)
3. Save MAC adresses to U-Boot environment:
   uboot_env --set --name eth2macaddr --value $(ifconfig | grep eth2 | \
    awk '{print $5}')
   uboot_env --set --name eth3macaddr --value $(ifconfig | grep eth3 | \
    awk '{print $5}')
   uboot_env --set --name ra0macaddr --value $(ifconfig | grep ra0 | \
    awk '{print $5}')
   uboot_env --set --name rax0macaddr --value $(ifconfig | grep rax0 | \
    awk '{print $5}')
4. Ensure that MACs were saved correctly:
   uboot_env --get --name eth2macaddr
   uboot_env --get --name eth3macaddr
   uboot_env --get --name ra0macaddr
   uboot_env --get --name rax0macaddr
5. Download and write the OpenWrt images:
   cd /tmp
   wget http://192.168.1.2/factory.trx
   mtd_write erase /dev/mtd4
   mtd_write write factory.trx /dev/mtd4
6. Set 1st boot partition and reboot:
   uboot_env --set --name bootpartition --value 0
   reboot

Back to Stock
-------------
1. Run in the OpenWrt shell:
   fw_setenv bootpartition 1
   reboot
2. Optional step. Upgrade the stock firmware with any version to
   overwrite the OpenWrt in Slot 1.

MAC addresses
-------------
+-----------+-------------------+----------------+
| Interface | MAC               | Source         |
+-----------+-------------------+----------------+
| label     | 30:xx:xx:51:xx:09 | No MACs was    |
| LAN       | 30:xx:xx:51:xx:09 | found on Flash |
| WAN       | 30:xx:xx:51:xx:06 | [1]            |
| WLAN_2g   | 30:xx:xx:51:xx:07 |                |
| WLAN_5g   | 32:xx:xx:41:xx:07 |                |
+-----------+-------------------+----------------+
[1]:
a. Label wasb't found neither in factory nor in other places.
b. MAC addresses are stored in encrypted partition "glbcfg". Encryption
   key hasn't known yet. To ensure the correct MACs in OpenWrt, a hack
   with saving of the MACs to u-boot-env during the installation was
   applied.
c. Default Ralink ethernet MAC address (00:0C:43:28:80:36) was found in
   "Factory" 0xfff0. It's the same for all Smartbox Flash devices. OEM
   firmware also uses this MAC when initialazes ethernet driver. In
   OpenWrt we use it only as internal GMAC (eth0), all other MACs are
   unique. Therefore, there is no any barriers to the operation of several
   Smartbox Flash devices even within the same broadcast domain.

Stock firmware image format
---------------------------
+--------------+---------------+----------------------------------------+
| Offset       | 1.0.15        | Description                            |
+==============+===============+========================================+
| 0x0          | 5d 43 6f 74   | TRX magic "]Cot"                       |
+--------------+---------------+----------------------------------------+
| 0x4          | 00 70 ff 00   | Length (reverse)                       |
+--------------+---------------+----------------------------------------+
|              |               | htonl(~crc) from 0xc ("flag_version")  |
| 0x8          | 72 b3 93 16   | to "Length"                            |
+--------------+---------------+----------------------------------------+
| 0xc          | 00 00 01 00   | Flags                                  |
+--------------+---------------+----------------------------------------+
|              |               | Offset (reverse) of Kernel partition   |
| 0x10         | 1c 00 00 00   | from the start of the header           |
+--------------+---------------+----------------------------------------+
|              |               | Offset (reverse) of RootFS partition   |
| 0x14         | 00 00 42 00   | from the start of the header           |
+--------------+---------------+----------------------------------------+
| 0x18         | 00 00 00 00   | Zeroes                                 |
+--------------+---------------+----------------------------------------+
| 0x1c         | 27 05 19 56 … | Kernel data + zero padding             |
+--------------+---------------+----------------------------------------+
|              |               | RootFS data (starting with "hsqs") +   |
| 0x420000     | 68 73 71 73 … | zero padding to "Length"               |
+--------------+---------------+----------------------------------------+
|              |               | Some signature data (format is         |
|              |               | unknown). Necessary for the fw         |
| "Lenght"     | 00 00 00 00 … | update via oem fw web interface.       |
+--------------+---------------+----------------------------------------+
| "Lenght" +   |               | TRX magic "HDR0". U-Boot is            |
| 0x10c        | 48 44 52 30   | checking it at every boot.             |
+--------------+---------------+----------------------------------------+
|              |               | 1.00:                                  |
|              |               |   Zero padding to ("Lenght" + 0x23000) |
|              |               | 1.0.12:                                |
|              |               |   Zero padding to ("Lenght" + 0x2a000) |
| "Lenght" +   |               | 1.0.13, 1.0.15, 1.0.16:                |
| 0x110        | 00 00 00 00   |   Zero padding to ("Lenght" + 0x10000) |
+--------------+---------------+----------------------------------------+

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-03-19 16:14:01 +01:00
Florian Eckert
09c41ea679 base-files: add wrapper for procd service list command
A service managed by procd does have a json object with usefull information.
This information could by dumped with the following command.

ubus call service list "{ 'verbose':true, 'name': '<service-name>)'". }"

This line is long and complicated to enter. This commit adds a wrapper
call to the procd service section tool to simplify the input and get the
output faster.

We could now enter the command /etc/initd/<service> info to get the info
faster.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-19 16:13:58 +01:00
Florian Eckert
b9017384ca procd: move service command to procd
The service command belongs to the procd and does not belong in the
shinit. In the course of the move, the script was also checked with
shellcheck and cleaned up.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-19 16:13:58 +01:00
Etienne Champetier
30c15d06e8 iptables: bump PKG_RELEASE
Following {arp,eb}tables-nft addition, bump PKG_RELEASE

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
66bb6dde36 iptables: add {arp,eb}tables-nft
Add a patch to add some missing init_extensions{a,b}() calls
Package lib{arp,eb}t_*.so

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
c913be1da1 iptables: add xtables-nft package
This allows to install ip6tables-nft without iptables-nft
This prepare the addition of {arp,eb}tables-nft

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
afb6824a2c iptables: add xtables-legacy package
This allows to install ip6tables-legacy without iptables-legacy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
905b49920f ebtables: rename to ebtables-legacy
This prepare the introduction of ebtables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
2f5088ef5f arptables: rename package to arptables-legacy
This prepare the introduction of arptables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00