Refresh multiple lzma configuration option patch with new version
proposed upstream. (Reintroduce -Xe option and add more checks and
general better code quality)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit a33b97dcb1.
A new version of the squashfs4 tool patch reintroduced the -Xe option.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Currently, during initialization ath11k will receive a regulatory event
from the firmware in which it will receive the default regulatory domain
code and accompanying rules list and report those to the kernel.
Then if you try to change the regulatory domain to a different country code
it will do a weird thing in which it will send that to the FW and after
receiving the appropriate regulatory event it will parse the rules.
However, while its parsing there is a weird thing being done, and that is
that new raw rules from FW get intersected with the rules from the default
domain.
This is creating a big issue as the default domain is almost always set to
"US" or just "00" aka world so ath11k will unfairly limit you to the most
restrictive combination of rules based on the default domain and your
desired domain.
For example, in ETSI countries this is causing channels 12 and 13 on 2.4GHz
to not be usable since "US" limits 2.4GHz to 2472MHz instead of 2482MHz
like ETSI countries do.
So, lets do what TIP and even QCA do in their ath11k downstream tree and
completely get rid of the interesection code in ath11k.
Signed-off-by: Robert Marko <robimarko@gmail.com>
When using "ubiformat" with stdin it requires passing image size using
the -S argument. Provide it just like we do for "ubiupdatevol".
This fixes:
ubiformat: error!: must use '-S' with non-zero value when reading from stdin
This change fixes sysupgrade for bcm53xx and bcm4908 NAND devices
possibly some other targets too.
Cc: Rodrigo Balerdi <lanchon@gmail.com>
Cc: Daniel Golle <daniel@makrotopia.org>
Fixes: 9710712120 ("base-files: accept gzipped nand sysupgrade images")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Daniel Golle <daniel@makrotopia.org>
Tested-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
It appears that the refactor of the upgrade process for NAND devices resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.
This corrects a typo in the call of nand_do_upgrade_failed for ipq40xx
and ipq806x devices using the linksys.sh script.
Fixes: 8634c1080d ("ipq40xx: Fix Linksys upgrade, restore config step")
Fixes: 2715aff5df ("ipq806x: Fix Linksys upgrade, restore config step")
Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
It appears that the refactor of the upgrade process for NAND devices resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.
This restores the preservation of configs for mvebu/cortexa9 devices using the
linksys.sh script.
Fixes: e25e6d8e54 ("base-files: fix and clean up nand sysupgrade code")
Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
It appears that the refactor of the upgrade process for NAND devices
resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.
This restores the preservation of configs for kirkwood devices using the
linksys.sh script.
Fixes: e25e6d8e54 ("base-files: fix and clean up nand sysupgrade code")
Fixes: #12298
Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
Getting ready for the next release.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[rmilecki: tested on GT-AC5300: boot, sysupgrade & 940 Mbps NAT]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
bmips target is now more stable and it's time to start generating buildbot
images in order to receive a wider testing, which will be essential to replace
bcm63xx target in the future.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
BMIPS is a generic arch that can be used for multiple Broadcom SoCs, each one
with its own specific drivers, so instead of having a huge kernel supporting
all of them, let's switch to a subtarget per SoC like other OpenWrt targets.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
CRYPTO_USER_API_ENABLE_OBSOLETE config symbol depends on CRYPTO_USER so
lets add this dependency to relevant modules.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
While tracking one bug report related to wrong package dependencies I've
noticed, that a bunch of the crypto modules are actually not
architecture specific, but either board/subtarget (x86/64) or board
(mpc85xx) specific.
So lets fix it, by making those modules architecture specific:
x86/64 -> x86_64
mpc85xx -> powerpc
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Add BCM6328 and BCM6358 LED kernel modules.
This allows selecting the LED controllers only for those devices using them.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Sercomm SHG2500 is a BCM63168 with 128M of RAM, 256M of NAND, an external
BCM53124S switch for the LAN ports and internal/external Broadcom wifi.
LEDs are connected to an external MSP430G2513 MCU controlled via SPI.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Make use of sercomm-pid script for generating the Sercomm PID, which avoids
having to add an array of hex bytes for every new Sercomm device.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
SERCOMM_VERSION is ambiguous and it should be more clear that it refers to the
version used for the filesystem.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Apparently, Sercomm sets 2 padding bytes instead of 1 (ramips).
The HW version is a bit different than the one used for ramips.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Instead of passing an array of hex bytes for the Sercomm PID we can now use
the --pid-file parameter.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Allow passing Sercomm PID from file.
Until now, Sercomm PID could only be passed as an array of hex bytes.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Hardware
--------
SoC: NXP P1010 (1x e500 @ 800MHz)
RAM: 256M DDR3 (2x Samsung K4B1G1646G-BCH9)
FLASH: 32M NOR (Spansion S25FL256S)
BTN: 1x Reset
WiFi: 1x Atheros AR9590 2.4 bgn 3x3
2x Atheros AR9590 5.0 an 3x3
ETH: 2x Gigabit Ethernet (Atheros AR8033 / AR8035)
UART: 115200 8N1 (RJ-45 Cisco)
Installation
------------
1. Grab the OpenWrt initramfs, rename it to ap3715.bin. Place it in
the root directory of a TFTP server and serve it at
192.168.1.66/24.
2. Connect to the serial port and boot the AP. Stop autoboot in U-Boot
by pressing Enter when prompted. Credentials are identical to the one
in the APs interface. By default it is admin / new2day.
3. Alter the bootcmd in U-Boot:
$ setenv ramboot_openwrt "setenv ipaddr 192.168.1.1;
setenv serverip 192.168.1.66; tftpboot 0x2000000 ap3715.bin; bootm"
$ setenv boot_openwrt "sf probe 0; sf read 0x2000000 0x140000 0x1000000;
bootm 0x2000000"
$ setenv bootcmd "run boot_openwrt"
$ saveenv
4. Boot the initramfs image
$ run ramboot_openwrt
5. Transfer the OpenWrt sysupgrade image to the AP using SCP. Install
using sysupgrade.
$ sysupgrade -n <path-to-sysupgrade.bin>
Signed-off-by: David Bauer <mail@david-bauer.net>
The kernel is already compressed with XZ by the bootwrapper, thus we
gain nothing by compressing it a second time.
Signed-off-by: David Bauer <mail@david-bauer.net>
The bootpage for the second core is placed by U-Boot in the upper 128k
of syste-memory.
This could either be a reserved-area or deducted from the total
system-memory. As only the latter is parsed by the bootwrapper, reduce
the available system memory for linux in order to preserve the bootpage
from being overwritten.
Signed-off-by: David Bauer <mail@david-bauer.net>
Kernel 5.10 builds currently fail because the patch for using the
simpleImage bootwrapper were not added to 5.10.
Signed-off-by: David Bauer <mail@david-bauer.net>
This adds properties to PCIe as well as ethernet nodes which are
normally added by the Extreme Networks U-Boot.
Signed-off-by: David Bauer <mail@david-bauer.net>
This adds properties normally filled by U-Boot. Also it fixes the node
name, which is incorrectly referring to a P1010 core.
Signed-off-by: David Bauer <mail@david-bauer.net>
This is normally filled by U-Boot. Prevents double-printing of early
console messages. Also enables debug-output by the zImage wrapper.
Signed-off-by: David Bauer <mail@david-bauer.net>
Prevent the BBT translation layer from remapping the UBI used for
storing rootfs.
Explicitly define the number of blocks reserved for remapping.
Signed-off-by: David Bauer <mail@david-bauer.net>
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:
- Excessive Resource Usage Verifying X.509 Policy Constraints
(CVE-2023-0464)
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit
this vulnerability by creating a malicious certificate chain that
triggers exponential use of computational resources, leading to a
denial-of-service (DoS) attack on affected systems.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
- Invalid certificate policies in leaf certificates are silently ignored
(CVE-2023-0465)
Severity: Low
Applications that use a non-default option when verifying certificates
may be vulnerable to an attack from a malicious CA to circumvent
certain checks.
Invalid certificate policies in leaf certificates are silently ignored
by OpenSSL and other certificate policy checks are skipped for that
certificate. A malicious CA could use this to deliberately assert
invalid certificate policies in order to circumvent policy checking on
the certificate altogether.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466. It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.
Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Fix mis-typed DEVICE-MODEL in mk file for EnGenius EWS2910P.
Signed-off-by: Raylynn Knight <rayknight@me.com>
[ fix wrong SoB format and improve commit title/description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>