Commit Graph

21748 Commits

Author SHA1 Message Date
Rany Hany
db7f70fe61 hostapd: fix SAE H2E security vulnerability
This patch backports fixes for a security vulnerability impacting the
hostapd implementation of SAE H2E.

As upgrading hostapd would require more testing, the second mitigation
step which involves backporting several patches was adopted as outlined
in the official advisory[1].

An explanation of the impact of the vulnerability is provided from the
advisory[1]:

This vulnerability allows the attacker to downgrade the negotiated group
to another enabled group if both the AP and STA have enabled SAE H2E and
multiple groups. It should be noted that the H2E option is not enabled
by default and the attack is not applicable to the default option, i.e.,
hunting-and-pecking, since it does not have any downgrade protection for
group negotiation. In addition, the default configuration for enabled
SAE groups in hostapd is to enable only a single group, so the
vulnerability is not applicable unless hostapd has been explicitly
configured to enable more groups for SAE.

[1]: https://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt

Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16042
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-08-02 23:13:44 +02:00
Marek Mojík
17ecd37c6a utils: Add the omnia-mcutool utility
Add a new utility, omnia-mcutool, which main purpose is to upgrade the
firmware on the microcontroller on the Turris Omnia router. Depends on
omnia-mcu-firmware, and the upgrade process is pretty simple:

  omnia-mcutool --upgrade

Besides firmware upgrade, the utility can be used to show and configure
various firmware settings.

Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-08-02 22:11:05 +02:00
Marek Mojík
56706d33cf firmware: Add CZ.NIC Turris Omnia MCU firmware
Add a new package, omnia-mcu-firmware, containing firmware binaries for
the microcontroller on the Turris Omnia router.

Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-08-02 22:11:05 +02:00
Marek Behún
cbc8d072c8 gpio-button-hotplug: add vendor button handling
Handle the KEY_VENDOR key in gpio-button-hotplug driver. This is used
by Turris Omnia.

Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-08-02 22:11:05 +02:00
Daniel Golle
ee8c05f9b6 netifd: update to git HEAD
68c8a4f system-linux: re-apply ethtool on phy attachment
 890929b wireless: add support for defining wifi interfaces via procd service data
 b57e40b wireless: use blobmsg_parse_attr
 7a6532f proto-shell: add proto property for skipping device config
 33ec3da CMake: bump the minimum required CMake version to 3.5

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-08-01 20:48:24 +01:00
FUKAUMI Naoki
7e06815257 mac80211: realtek: rtw88: add support for RTL8723DS and RTL8723DU
add Realtek RTL8723DS and RTL8723DU support to rtw88 package.

Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15910
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-08-01 00:04:41 +02:00
Hauke Mehrtens
4e6212e62f linux-firmware: amd64-microcode: Remove TARGET_x86 dependency
Build the amd64-microcode package on all architectures even if it only
makes sense to use it on x86. If the package build is done by a builder
not building for x86 it will not include the package otherwise.

Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-30 21:42:33 +02:00
Hauke Mehrtens
4992946bc9 firmware-utils: Mark as nonshared to build in step 1
Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different  target.

Fixes: 24d6abe2d7 ("firmware-utils: new package replacing otrx")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-30 21:42:33 +02:00
Hauke Mehrtens
9ac50c0aa3 dns320l-mcu: Mark as nonshared to build in step 1
Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different  target.

Fixes: 8619d7af67 ("kirkwood: add D-Link DNS-320L support")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-30 21:42:33 +02:00
Hauke Mehrtens
54258c396f kobs-ng: Mark as nonshared to build in step 1
Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different  target.

Fixes: 1eb21b87bd ("kobs-ng: add new package")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-30 21:42:33 +02:00
Hauke Mehrtens
9a981ffb51 imx-bootlets: Mark as nonshared to build in step 1
Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different  target.

Fixes: 07043a853a ("imx23: rename imx23 to mxs for upcoming imx23/28 support")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-30 21:42:33 +02:00
Hauke Mehrtens
fe62370e55 firmware: Mark Intel/Lantiq firmware packages as nonshared
Package the firmware files in the target specific build step and not in
the architecture common step. The architecture common step is not
necessary build for the ipq40xx target. If it is build for a different
target these packages are not packaged at all. This moves the build to
the ipq40xx target specific build step. This change is needed to make
the firmware files show up in the buildbot images.

Fixes: 02db8a19cb ("firmware: add Intel/Lantiq VRX518 ACA firmware package")
Fixes: 07b0e6f3d9 ("firmware: add Intel/Lantiq VRX518 PPE firmware package")
Fixes: 13eb1f564a ("firmware: add Intel/Lantiq VRX518 DSL firmware package")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-30 21:42:33 +02:00
FUKAUMI Naoki
649bc715b2 rockchip: add support for Radxa ROCK Pi E v3.0
Radxa ROCK Pi E v3.0 is a compact networking SBC[1] using the Rockchip
RK3328 SoC.

Hardware
--------
- Rockchip RK3328 SoC
- Quad A53 CPU
- 512MB/1GB/2GB DDR4 RAM
- 4/8/16/32GB eMMC
- Micro SD Card slot
- WiFi 4 and BT 4, or WiFi 5 and BT 5 (not supported yet)
- 1x 1000M Ethernet with PoE support (additional PoE HAT required)
- 1x 100M Ethernet
- 1x USB 3.0 Type-A port (Host)
- 1x 4-ring 3.5mm headphone jack
- 40 Pin GPIO header

[1] https://radxa.com/products/rockpi/pie

Installation
------------
Uncompress the OpenWrt sysupgrade and write it to a micro SD card or
internal eMMC using dd.

Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15984
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-29 23:00:14 +02:00
Hauke Mehrtens
91573ac145 ncurses: Fix path in ncursesw.pc
The file contains the the /usr/lib path from the toolchain directory and
not from the target directory. The /usr/lib directory for the toolchain
is empty and the shared library is not in the specified paths. On RISCV
the linker of util-linux was finding the libncursesw.so in my host
system, tried to link against it and failed. Fix the .pc file.

Fixes: #15942
Co-authored-by: Thomas Weißschuh <thomas@t-8ch.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://github.com/openwrt/openwrt/pull/16018
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-07-28 19:30:35 +02:00
Aleksey Vasilenko
d261be1d9e mwlwifi: fix mac80211 broken after update to 6.9.9
Port of kernel commit: https://github.com/torvalds/linux/commit/0a44dfc
Fixes: https://github.com/openwrt/openwrt/issues/15975
Fixes: 1bfcc1e ("mac80211: update to version 6.9.9")

Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16016
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-07-28 19:16:34 +02:00
INAGAKI Hiroshi
08705d4481 uboot-ath79: add support for NEC Aterm series based on AR9344
Add support for NEC Aterm series devices based on Atheros AR9344.
The following devices have almost the same hardware, so the same U-Boot
binary can be used for them.

- NEC Aterm WR8750N
- NEC Aterm WR9500N
- NEC Aterm WG600HP

By the way, on NetBSD-based NEC Aterm devices, only 0x20000 (128KiB) is
available for a bootloader on the flash chip and that limitation is too
small for mainline U-Boot with the default options. So many
features/commands not required for booting OpenWrt and recoverying are
disabled on that devices, like the followings.

- networking support
- FIT support
- all decompression methods support

etc...

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15432
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-28 18:47:56 +02:00
INAGAKI Hiroshi
e08b4bab8f uboot-ath79: add new U-Boot package for Atheros/QCA devices
Add U-Boot package for the devices that based on Atheros/Qualcomm
Atheros SoCs.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15432
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-28 18:47:56 +02:00
Hauke Mehrtens
e33ebdd00e ltq-ptm: Fix netdev ioctls with kernel > 5.15
.ndo_do_ioctl is not called for SIOCDEVPRIVATE any more, the kernel
calls .ndo_siocdevprivate now.

The function gets the data pointer from the callback directly, make use
of it.

See upstream Linux kernel commit:
https://git.kernel.org/linus/b9067f5dc4a07c8e24e01a1b277c6722d91be39e

Link: https://github.com/openwrt/openwrt/pull/16005
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-28 16:12:51 +02:00
Thomas Weißschuh
edf927690e util-linux: update to v2.40.2
Release Notes:
        https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.40/v2.40-ReleaseNotes
        https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.40/v2.40.1-ReleaseNotes
        https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.40/v2.40.2-ReleaseNotes

Remove upstreamed:
        0001-meson-Fix-build-python-option.patch

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
Link: https://github.com/openwrt/openwrt/pull/15995
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-27 18:59:42 +02:00
Rafał Miłecki
a67b20e3d5 base-files: upgrade: nand: allow custom fw extraction in nand_do_upgrade()
By default nand_do_upgrade() can only deal with raw and gzipped firmware
files. Vendors often use custom firmware containers. Allow passing
custom extraction command to allow using nand_do_upgrade() with vendor
firmwares.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-07-26 13:41:25 +02:00
Chukun Pan
ee382f65a9 uboot-mediatek: add TP-LINK TL-XTR8488 support
Same as TP-Link TL-XDR608x, this router comes with locked vendor
loader. Add U-Boot build for replacement loader for this device.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/15930
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-25 22:54:16 +02:00
FUKAUMI Naoki
d94d14a5ed rockchip: add support for Radxa ROCK 3A
Radxa ROCK 3A is a credit card sized SBC with rich interfaces[1] using
the Rockchip RK3328 SoC.

Hardware
--------
- Rockchip RK3568 SoC
- Quad Cortex-A55 CPU
- Mail G52 GPU
- 1 TOPs NPU
- 2/4/8GB LPDDR4 RAM
- 1x eMMC connector
- 1x M.2 M Key (2-lane PCIe 3.0) supporting NVMe SSD
- 1x Micro SD card slot
- 1x 1000M Ethernet with PoE support (additional PoE HAT required)
- 1x USB 3.0 Type-A port (Host)
- 1x USB 3.0 Type-A port (OTG)
- 2x USB 2.0 Type-A ports (Host)
- 40 pin color GPIO header

[1] https://radxa.com/products/rock3/3a

Installation
------------
Uncompress the OpenWrt sysupgrade and write it to a micro SD card or
internal eMMC using dd.

Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15985
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-25 22:50:28 +02:00
FUKAUMI Naoki
bbcd5111cb rockchip: add support for Radxa ROCK Pi S
Radxa ROCK Pi S is a small in size, full in features SBC[1] using the
Rockchip RK3308B SoC.

Hardware
--------
- Rockchip RK3308B SoC
- Quad A35 CPU
- 256/512MB DDR3 RAM
- Optional 4/8GB eMMC
- Micro SD Card slot
- Optional WiFi 4 and BT 4 (not supported yet)
- 1x 100M Ethernet with PoE support (additional PoE HAT required)
- 1x USB 2.0 Type-A port (Host)
- 1x USB 2.0 Type-C port (OTG)
- 2x 26 Pin GPIO header

[1] https://radxa.com/products/rockpi/pis

Installation
------------
Uncompress the OpenWrt sysupgrade and write it to a micro SD card or
internal eMMC using dd.

Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15933
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-24 00:03:02 +02:00
FUKAUMI Naoki
2d31004133 wifi-scripts: add missing dependency on ucode-mod-rtnl
rtnl is used in hostap/common.uc.

$ grep -r rtnl files
files/usr/share/hostap/common.uc:import * as rtnl from "rtnl";
files/usr/share/hostap/common.uc:	     rtnl.request(rtnl.const.RTM_SETLINK, 0, { dev: reuse_ifname, ifname: name}) != false))
files/usr/share/hostap/common.uc:	rtnl.request(rtnl.const.RTM_SETLINK, 0, { dev: name, change: 1, flags: up ? 1 : 0 });

Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15922
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-23 23:49:36 +02:00
Martin Schiller
13eb1f564a firmware: add Intel/Lantiq VRX518 DSL firmware package
This is required by the DSL CPE API driver.

Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[update for new license]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15550
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-21 21:42:09 +02:00
Martin Schiller
07b0e6f3d9 firmware: add Intel/Lantiq VRX518 PPE firmware package
This firmware is used by the vrx518 tc driver.

Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[update for new license]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15550
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-21 21:42:09 +02:00
Martin Schiller
02db8a19cb firmware: add Intel/Lantiq VRX518 ACA firmware package
This firmware is used by the vrx518 ep driver.

Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[update for new license]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15550
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-21 21:42:09 +02:00
Borys Zhukov
f25cd55bd1 ramips: add support for Netgear WAX214v2
Netgear WAX214v2 is an 802.11ax (Wi-Fi 6) wireless access point.

Specifications:
* SoC: MediaTek MT7621AT
* RAM: 512 MiB
* Flash: NAND 128 MiB (ESMT PSU1GA30DT)
* Wi-Fi: 2.4/5 GHz 4T4R (MediaTek MT7915E)
* Ethernet: 1x 10/100/1000 Mbps LAN
* Switch: MediaTek MT7530 (SoC built-in)
* LEDs/Keys
  * Power (green, blue, amber)
  * LAN (green, amber)
  * WLAN 2.4GHz (green, blue)
  * WLAN 5GHz (green, blue)
  * Reset button
* USB: None
* UART: Marked J1 on board, 115200 8N1
* Power
  * 12 VDC, 1.5 A
  * IEEE 802.3at (PoE+)

Load addresses (same as Netgear WAX202):
* stock
  * 0x80010000: FIT image
  * 0x81001000: kernel image -> entry
* OpenWrt
  * 0x80010000: FIT image
  * 0x82000000: uncompressed kernel+relocate image
  * 0x80001000: relocated kernel image -> entry

MAC addresses as verified by OEM firmware:

vendor   OpenWrt   address
eth0     lan       label
ra0      phy0      label + 2
rax0     phy1      label + 3

Installation:
* Flash the factory image by TFTP to the bootloader.
  NMRP can be used to TFTP without opening the case.

Revert to stock firmware:
* Flash the stock firmware to the bootloader using TFTP/NMRP.

References to WAX214v2 GPL source:
https://www.downloads.netgear.com/files/GPL/WAX214v2-V1.0.1.5-gpl-src.tar.gz

* openwrt/target/linux/ramips/dts/mt7621-ax-nand-wax214v2.dts
  DTS file for this device.

Signed-off-by: Borys Zhukov <borys@zhukov.org>
Link: https://github.com/openwrt/openwrt/pull/14401
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-21 20:05:14 +02:00
Luiz Angelo Daros de Luca
403c17cadf kernel: modules: video: add kmod-video-gspca-pac7302
Add the package for the Pixart PAC7302 USB Camera Driver kernel module.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15886
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-21 19:01:23 +02:00
Philip Prindeville
0037100e12 base-files: ipcalc.sh handle start and range being empty strings
If we're being paranoid and quote all the arguments to ipcalc.sh,
it's possible to pass in empty start and range arguments.  This
should be handled the same as their being absent.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Link: https://github.com/openwrt/openwrt/pull/15946
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-21 17:31:59 +02:00
Marco von Rosenberg
f84a9f7dc0 ath79: add support for Huawei AP6010DN
Huawei AP6010DN is a dual-band, dual-radio 802.11a/b/g/n 2x2 MIMO
enterprise access point with one Gigabit Ethernet port and PoE
support.

Hardware highlights:
- CPU: AR9344 SoC at 480MHz
- RAM: 128MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: AR9344-internal radio
- Wi-Fi 5GHz: AR9580 PCIe WLAN SoC
- Ethernet: 10/100/1000 Mbps Ethernet through Atheros AR8035 PHY
- PoE: yes
- Standalone 12V/2A power input
- Serial console externally available through RJ45 port
- External watchdog: CAT706SVI (1.6s timeout)

Serial console:
  9600n8 (9600 baud, no stop bits, no parity, 8 data bits)

MAC addresses:
  Each device has 32 consecutive MAC addresses allocated by
  the vendor, which don't overlap between devices.
  This was confirmed with multiple devices with consecutive
  serial numbers.
  The MAC address range starts with the address on the label.
  To be able to distinguish between the interfaces,
  the following MAC address scheme is used:
    - eth0 = label MAC
    - radio0 (Wi-Fi 2.4GHz) = label MAC + 1
    - radio1 (Wi-Fi 5GHz) = label MAC + 2

Installation:
0. Connect some sort of RJ45-to-USB adapter to "Console" port of the AP

1. Power up the AP

2. At prompt "Press f or F  to stop Auto-Boot in 3 seconds",
   do what they say.
   Log in with default admin password "admin@huawei.com".

3. Boot the OpenWrt initramfs from TFTP using the hidden script "run ramboot".
   Replace IP address as needed:

   > setenv serverip 192.168.1.10
   > setenv ipaddr 192.168.1.1
   > setenv rambootfile openwrt-ath79-generic-huawei_ap6010dn-initramfs-kernel.bin
   > saveenv
   > run ramboot

4. Optional but recommended as the factory firmware cannot be downloaded publicly:
   Back up contents of "firmware" partition using the web interface or ssh:

   $ ssh root@192.168.1.1 cat /dev/mtd11 > huawei_ap6010dn_fw_backup.bin

5. Run sysupgrade using sysupgrade image. OpenWrt
   shall boot from flash afterwards.

Return to factory firmware (using firmware upgrade package downloaded from non-public Huawei website):
1. Start a TFTP server in the directory where
   the firmware upgrade package is located

2. Boot to u-boot as described above

3. Install firmware upgrade package and format the config partitions:

   > update system FatAP6X10XN_SOMEVERSION.bin
   > format_fs

Return to factory firmware (from previously created backup):
1. Copy over the firmware partition backup to /tmp,
   for example using scp

2. Use sysupgrade with force to restore the backup:
   sysupgrade -F huawei_ap6010dn_fw_backup.bin

3. Boot AP to U-Boot as described above

Quirks and known issues:
- The stock firmware has a semi dual boot concept where the primary
kernel uses a squashfs as root partition and the secondary kernel uses
an initramfs. This dual boot concept is circumvented on purpose to gain
more flash space and since the stock firmware's flash layout isn't
compatible with mtdsplit.
- The external watchdog's timeout of 1.6s is very hard to satisfy
during bootup. This is why the GPIO15 pin connected to the watchdog input
is configured directly in the LZMA loader to output the AHB_CLK/2 signal
which keeps the watchdog happy until the wdt-gpio kernel driver takes
over. Because it would also take too long to read the whole kernel image
from flash, the uImage header only includes the loader which then reads
the kernel image from flash after GPIO15 is configured.

Signed-off-by: Marco von Rosenberg <marcovr@selfnet.de>
Link: https://github.com/openwrt/openwrt/pull/15941
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-21 16:51:52 +02:00
Tianling Shen
f2f428c699 mediatek: add ABT ASR3000 support
Hardware specification:
  SoC: MediaTek MT7981B 2x A53
  Flash: 128 MB SPI-NAND
  RAM: 256MB
  Ethernet: 4x 10/100/1000 Mbps
  Switch: MediaTek MT7531AE
  WiFi: MediaTek MT7976C
  Button: Reset, Mesh
  Power: DC 12V 1A

Gain telnet access:
1. Login into web interface, and download the configuration.
2. Decode and uncompress the configuration:
     * Enter fakeroot if you are not login as root.
   base64 -d e-xxxxxxxxxxxx-cfg.tar.gz | tar -zx
3. Edit 'etc/passwd', remove root password: 'root::1:0:99999:7:::'.
4. Edit 'etc/rc.local', insert telnetd command before 'exit 0':
   ( sleep 3s; /usr/sbin/telnetd; ) &
5. Repack the configuration:
   tar -zc etc/ | base64 > e-xxxxxxxxxxxx-cfg.tar.gz
6. Upload new configuration via web interface, now you can connect to
   ASR3000 via telnet.

Flash instructions:
1. Connect to ASR3000, backup everything, especially 'Factory' part.
2. Write new BL2:
   mtd write openwrt-mediatek-filogic-abt_asr3000-preloader.bin BL2
3. Write new FIP:
   mtd write openwrt-mediatek-filogic-abt_asr3000-bl31-uboot.fip FIP
4. Set static IP on your PC:
   IP 192.168.1.254/24, GW 192.168.1.1
5. Serve OpenWrt initramfs image using TFTP server.
6. Cut off the power and re-engage, wait for TFTP recovery to complete.
7. After OpenWrt has booted, perform sysupgrade.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/15887
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-21 16:13:06 +02:00
Sean Khan
02e8285051 mac80211: fix kconf build warnings
This patch cleans up the following warnings during build:

"warning: format not a string literal"

```
conf.c: In function 'conf_askvalue':
conf.c:89:17: warning: format not a string literal and no format arguments [-Wformat-security]
    89 |                 printf(_("(NEW) "));
      |                 ^~~~~~
conf.c: In function 'conf_choice':
conf.c:285:33: warning: format not a string literal and no format arguments [-Wformat-security]
  285 |                                 printf(_(" (NEW)"));
      |                                 ^~~~~~
conf.c: In function 'check_conf':
conf.c:440:41: warning: format not a string literal and no format arguments [-Wformat-security]
  440 |                                         printf(_("*\n* Restart config...\n*\n"));
      |                                         ^~~~~~
conf.c: In function 'main':
conf.c:617:41: warning: format not a string literal and no format arguments [-Wformat-security]
  617 |                                         _("\n*** The configuration requires explicit update.\n\n"));
      |                                         ^
conf.c:669:25: warning: format not a string literal and no format arguments [-Wformat-security]
  669 |                         fprintf(stderr, _("\n*** Error during writing of the configuration.\n\n"));
      |                         ^~~~~~~
conf.c:673:25: warning: format not a string literal and no format arguments [-Wformat-security]
  673 |                         fprintf(stderr, _("\n*** Error during update of the configuration.\n\n"));
      |                         ^~~~~~~
conf.c:684:25: warning: format not a string literal and no format arguments [-Wformat-security]
  684 |                         fprintf(stderr, _("\n*** Error during writing of the configuration.\n\n"));
      |                         ^~~~~~~
```

And POSIX Yacc warnings
```
lex -ozconf.lex.c -L zconf.l
yacc -ozconf.tab.c -t -l zconf.y
zconf.y:34.1-7: warning: POSIX Yacc does not support %expect [-Wyacc]
    34 | %expect 32
      | ^~~~~~~
zconf.y:97.1-11: warning: POSIX Yacc does not support %destructor [-Wyacc]
    97 | %destructor {
      | ^~~~~~~~~~~
gcc -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -DKBUILD_NO_NLS   -c -o zconf.tab.o zconf.tab.c
gcc   conf.o zconf.tab.o   -o conf
```

After:

gcc -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -DKBUILD_NO_NLS   -c -o conf.o conf.c
yacc -Wno-yacc -ozconf.tab.c -t -l zconf.y
gcc -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -DKBUILD_NO_NLS   -c -o zconf.tab.o zconf.tab.c
gcc   conf.o zconf.tab.o   -o conf

Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/15953
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-21 14:01:21 +02:00
Tony Ambardar
2bebf13357 libbpf: Update to v1.4.5
Update to the latest upstream release to include recent improvements and
bugfixes.

Link: https://github.com/libbpf/libbpf/releases/tag/v1.4.5
Link: https://github.com/libbpf/libbpf/releases/tag/v1.4.4
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-07-19 12:14:47 -07:00
Rafał Miłecki
715634e6d1 base-files: upgrade: nand: use "cmd" argument for extracting command
NAND code uses either "cat" or "zcat" for getting firmware image
content. Code was full of duplicated ${gz}cat calls. Use "cmd" variable
that is determined by a caller and passed to lower level functions. This
avoids code duplication and allows adding support for more formats.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-07-19 08:48:51 +02:00
Rafał Miłecki
4565699ebe base-files: upgrade: nand: document nand_do_upgrade()
Describe what firmware files are supported.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-07-19 08:48:51 +02:00
Tianling Shen
39c824f846 mediatek: switch to fitblk for cmcc rax3000m
Use the new fitblk driver.

Tested-by: Yangyu Chen <cyy@cyyself.name>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-07-18 13:20:58 +01:00
Daniel Golle
de2df0f2c5 base-files: remove fitblk_get_bootdev() from /lib/upgrade/common.sh
The function was moved to /lib/upgrade/fit.sh which is part of the fitblk
package. Remove it from /lib/upgrade/common.sh to safe space on boards
not using unified uImage.FIT images.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-07-18 11:48:53 +01:00
Daniel Golle
386855dca8 uboot-envtools: use /lib/upgrade/fit.sh
Use export_fitblk_bootdev() in /lib/upgrade/fit.sh instead of now
deprecated fitblk_get_bootdev() function. Include /lib/upgrade/fit.sh
instead of /lib/upgrade/common.sh to allow removing the function there.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-07-18 11:48:53 +01:00
Daniel Golle
ec2dc60d57 fitblk: move shell functions to common file
Move shell functions used for sysupgrade into /lib/upgrade/fit.sh.
Introduce improved fitblk boot device detection function which
works also in case ubiblock devices have not yet been created or
even UBI itself not yet being attached.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-07-18 11:48:53 +01:00
Hauke Mehrtens
3a0232ffd3 wolfssl: Update to version 5.7.2
This fixes multiple security problems:
 * [Medium] CVE-2024-1544
   Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.

 * [Medium] CVE-2024-5288
   A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.

 * [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.

 * [Low] CVE-2024-5991
   In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.

 * [Medium] CVE-2024-5814
   A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.

 * [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.

 * [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.

Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.

Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-15 23:57:44 +02:00
Felix Fietkau
37f5a3bb01 uboot-mediatek: fix build error on mt7988-rfb
Remove an unnecessary config option that was breaking the build

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-07-15 11:55:48 +02:00
Daniel Golle
850a5caaa3 fstools: update to git HEAD
408c2cc libfstools: skip JFFS2 padding when BLOCKSIZE was given
 013050f fstools: remove redundant F2FS_MINSIZE definition

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-07-14 19:45:21 +01:00
Daniel Golle
3a85467427 uboot-mediatek: remove hard-coded UBI volume numbers
There is no point in hard-coding the UBI volume numbers as we are
dynamically looking up the volume by volume name in all cases by now.

Remove this relict as it causes problems without being useful for
anything.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-07-14 16:29:49 +01:00
Shiji Yang
a40e0c7529 uboot-mediatek: refresh device defconfig files
It seems that most of them are manually modified. However, we can
use `make savedefconfig` to generate a clean defconfig file.

Refreshed by:
```
Boards=(
	mt7623n_bpir2_defconfig \
	mt7623a_unielec_u7623_02_defconfig \
	mt7622_bananapi_bpi-r64-sdmmc_defconfig \
	mt7622_bananapi_bpi-r64-emmc_defconfig \
	mt7622_bananapi_bpi-r64-snand_defconfig \
	mt7622_linksys_e8450_defconfig \
	mt7622_ubnt_unifi-6-lr-v1_defconfig \
	mt7622_ubnt_unifi-6-lr-v2_defconfig \
	mt7622_ubnt_unifi-6-lr-v3_defconfig \
	ravpower-rp-wd009-ram_defconfig \
	mt7621_zbtlink_zbt-wg3526-16m_defconfig \
	mt7986_netcore_n60_defconfig \
	mt7986a_bpi-r3-emmc_defconfig \
	mt7986a_bpi-r3-nor_defconfig \
	mt7986a_bpi-r3-sd_defconfig \
	mt7986a_bpi-r3-snand_defconfig \
	mt7986_xiaomi_redmi-ax6000_defconfig \
	mt7986_tplink_tl-xdr4288_defconfig \
	mt7986_tplink_tl-xdr6086_defconfig \
	mt7986_tplink_tl-xdr6088_defconfig \
	mt7981_qihoo-360t7_defconfig \
	mt7981_xiaomi_mi-router-wr30u_defconfig \
	mt7981_h3c_magic-nx30-pro_defconfig \
	mt7986a_glinet_gl-mt6000_defconfig \
	mt7981_cmcc_rax3000m-emmc_defconfig \
	mt7981_cmcc_rax3000m-nand_defconfig \
	mt7981_jcg_q30-pro_defconfig \
	mt7986_zyxel_ex5601-t0_defconfig \
	mt7981_xiaomi_mi-router-ax3000t_defconfig \
	mt7986a_jdcloud_re-cp-03_defconfig \
	mt7986a_bpi-r3-mini-emmc_defconfig \
	mt7986a_bpi-r3-mini-snand_defconfig \
	mt7981_nokia_ea0326gmp_defconfig \
	mt7988a_bananapi_bpi-r4-emmc_defconfig \
	mt7988a_bananapi_bpi-r4-sdmmc_defconfig \
	mt7988a_bananapi_bpi-r4-snand_defconfig \
	mt7988a_bananapi_bpi-r4-poe-emmc_defconfig \
	mt7988a_bananapi_bpi-r4-poe-sdmmc_defconfig \
	mt7988a_bananapi_bpi-r4-poe-snand_defconfig \
	mt7622_xiaomi_redmi-router-ax6s-ubi-loader_defconfig \
	mt7981_openwrt-one-nor_defconfig \
	mt7981_openwrt-one-spi-nand_defconfig \
	)

for Board in ${Boards[@]}
do
	echo "Refresh board ${Board}"
	make ${Board}
	make savedefconfig
	cat ./defconfig > ./configs/${Board}
done
```

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2024-07-14 16:29:49 +01:00
Shiji Yang
6951526792 uboot-mediatek: update to U-Boot release v2024.07
1. Rename function _do_env_set() to env_do_env_set().
2. Replace kwbimage hack with UBOOT_CUSTOMIZE_CONFIG:
   "--disable TOOLS_KWBIMAGE" and "--disable TOOLS_LIBCRYPTO".
3. Disable CONFIG_CMD_BOOTEFI_BOOTMGR for all supported devices
   because the newly added UEFI bootmenu entries doesn't work.
4. Enable CONFIG_VERSION_VARIABLE for the OpenWrt One.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
2024-07-14 16:29:49 +01:00
Felix Fietkau
7f44f8d8d6 mt76: update to Git HEAD (2024-07-13)
564cd93961fc mt76: sync with upstream changes
3b47d9df427c wifi: mt76: mt7915: fix oops on non-dbdc mt7986

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-07-13 15:31:32 +02:00
谢致邦 (XIE Zhibang)
e4ce494529 netfilter: kmod-nft-netdev: add egress support
The netdev egress hook was added in Linux kernel 5.16.

Link: https://patchwork.ozlabs.org/project/openwrt/patch/tencent_EB1DF62723D08576A747D0DAE16FFB99B505@qq.com/
Signed-off-by: 谢致邦 (XIE Zhibang) <Yeking@Red54.com>
2024-07-13 14:54:35 +02:00
Shiji Yang
419ceead11 rtl8812au-ct: fix build with mac80211 6.9.9 backport
The change_beacon() API has been updated since the 6.7 kernel. Ref:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.9.9&id=66f85d57b7109baf8a7d5ee04049ac9412611d35

Fix build error:
../rtl8812au-ct-2022.10.26~9b2b203a/os_dep/linux/ioctl_cfg80211.c:5984:26: error: initialization of 'int (*)(struct wiphy *, struct net_device *, struct cfg80211_ap_update *)' from incompatible pointer type 'int (*)(struct wiphy *, struct net_device *, struct cfg80211_beacon_data *)' [-Werror=incompatible-pointer-types]
 5984 |         .change_beacon = cfg80211_rtw_change_beacon,
      |                          ^~~~~~~~~~~~~~~~~~~~~~~~~~
../rtl8812au-ct-2022.10.26~9b2b203a/os_dep/linux/ioctl_cfg80211.c:5984:26: note: (near initialization for 'rtw_cfg80211_ops.change_beacon')

Link: https://patchwork.ozlabs.org/project/openwrt/patch/TYCP286MB0895A26BA1C0517F2CBE71F0BCA72@TYCP286MB0895.JPNP286.PROD.OUTLOOK.COM/
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2024-07-13 14:25:36 +02:00
Shiji Yang
192afd31e3 mac80211: rt2x00: remove upstreamed patch
This BBP register fix patch has already been upstreamed. Ref:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.9.9&id=50da74e1e8b682853d1e07fc8bbe3a0774ae5e09

Fixes: 1bfcc1ea8a ("mac80211: update to version 6.9.9")
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2024-07-13 09:28:17 +02:00