Commit Graph

58519 Commits

Author SHA1 Message Date
David Bauer
3b85719b62 ucode: fix missing backslash
Fixes: ae42ecaad4 ("ucode: fix host installation")

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 9d663c7435)
2024-09-15 03:32:18 +02:00
Hauke Mehrtens
461102d99c ncurses: Fix path in ncursesw.pc
The file contains the the /usr/lib path from the toolchain directory and
not from the target directory. The /usr/lib directory for the toolchain
is empty and the shared library is not in the specified paths. On RISCV
the linker of util-linux was finding the libncursesw.so in my host
system, tried to link against it and failed. Fix the .pc file.

Fixes: #15942
Co-authored-by: Thomas Weißschuh <thomas@t-8ch.de>
Link: https://github.com/openwrt/openwrt/pull/16018
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 91573ac145)
Link: https://github.com/openwrt/openwrt/pull/16390
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-15 02:03:25 +02:00
Philip Prindeville
b1858ffbf3 build: autoconf: set ac_cv_func_setresuid=true
MUSL and eglibc provide these symbols.

Bind needs setresuid() to build properly in recent versions.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Link: https://github.com/openwrt/openwrt/pull/15952
(cherry picked from commit 0bd129a5d3)
Link: https://github.com/openwrt/openwrt/pull/16390
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-15 02:03:25 +02:00
Yan Cangang
912acb6c09 filogic: add missing 2.5G PHY LEDs configuration for Zyxel EX5700
configure 2.5G PHY LEDs to:

2500/1000: green with blink on TX/RX
100/10: green+yellow with blink on TX/RX

which is similar to other 1G PHY LEDs, which are:

1000: green with blink on TX/RX
100/10: green+yellow with blink on TX/RX

Fixes: 6cc14bf66a ("filogic: support Telenor branded ZyXEL EX5700")

Signed-off-by: Yan Cangang <nalanzeyu@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16082
(cherry picked from commit 3de653a0af)
Link: https://github.com/openwrt/openwrt/pull/16390
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-15 02:03:25 +02:00
Hauke Mehrtens
7e42fdcafe mac80211: Update to version 6.1.110-1
This updates mac80211 to version 6.1.110-1. This code is based on Linux
6.1.110 and contains all fixes included in the upstream wireless
subsystem from that kernel version. This includes many bugfixes and also
some security fixes.

The removed patches are already integrated in upstream Linux 6.1.110.

The following patches were integrated in upstream Linux:
   subsys/311-v6.2-wifi-mac80211-fix-and-simplify-unencrypted-drop-chec.patch
   subsys/312-v6.3-wifi-cfg80211-move-A-MSDU-check-in-ieee80211_data_to.patch
   subsys/313-v6.3-wifi-cfg80211-factor-out-bridge-tunnel-RFC1042-heade.patch
   subsys/314-v6.3-wifi-mac80211-remove-mesh-forwarding-congestion-chec.patch
   subsys/315-v6.3-wifi-mac80211-fix-receiving-A-MSDU-frames-on-mesh-in.patch
   subsys/316-v6.3-wifi-mac80211-add-a-workaround-for-receiving-non-sta.patch
   subsys/321-mac80211-fix-mesh-forwarding.patch
   subsys/322-wifi-mac80211-fix-mesh-path-discovery-based-on-unica.patch
   subsys/329-wifi-mac80211-fix-receiving-mesh-packets-in-forwardi.patch
   subsys/339-wifi-cfg80211-fix-receving-mesh-packets-without-RFC1.patch
   subsys/350-v6.3-wifi-mac80211-Allow-NSS-change-only-up-to-capability.patch
   subsys/351-v6.9-wifi-mac80211-track-capability-opmode-NSS-separately.patch

Link: https://github.com/openwrt/openwrt/pull/16368
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-15 01:59:41 +02:00
Ivan Pavlov
4fa16c1e24 openssl: update to 3.0.15
OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this release is Moderate.

This release incorporates the following bug fixes and mitigations:

  * Fixed possible denial of service in X.509 name checks (CVE-2024-6119)

  * Fixed possible buffer overread in SSL_select_next_proto() (CVE-2024-5535)

Added github releases url as source mirror

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16332
(cherry picked from commit 62d3773bf1)
Link: https://github.com/openwrt/openwrt/pull/16346
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-14 17:04:20 +02:00
Hauke Mehrtens
a0ebff651d mbedtls: Update to 2.28.9
This contains a fix for:
CVE-2024-45157:
Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.

Link: https://github.com/openwrt/openwrt/pull/16367
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-14 17:02:22 +02:00
Hauke Mehrtens
8e5e62416f kernel: bump 5.15 to 5.15.167
Manually adapted:
   generic/backport-5.15/020-v6.1-05-mm-multi-gen-LRU-groundwork.patch
   ramips/patches-5.15/311-MIPS-use-set_mode-to-enable-disable-the-cevt-r4k-irq.patch

Link: https://github.com/openwrt/openwrt/pull/16366
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-14 16:51:13 +02:00
Hauke Mehrtens
fd6e077ddf kernel: bump 5.15 to 5.15.166
Manually adapted:
   bcm27xx/patches-5.15/950-0030-Revert-Bluetooth-Always-request-for-user-confirmatio.patch

Link: https://github.com/openwrt/openwrt/pull/16366
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-14 16:51:13 +02:00
Hauke Mehrtens
bad01d4806 kernel: bump 5.15 to 5.15.165
Removed because they are upstream:
   generic/pending-5.15/110-v6.3-0001-spidev-Add-Silicon-Labs-EM3581-device-compatible.patch
   https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=bff165a3993683daddf3f00563960e7675966f91

   ipq807x/patches-5.15/0004-v5.16-arm64-dts-qcom-msm8996-Move-clock-cells-to-QMP-PHY-c.patch
   https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=32f0e52f16d45d743b473659329f93d4a27c68bf

Manually adapted:
   bcm27xx/patches-5.15/950-0040-spi-spidev-Completely-disable-the-spidev-warning.patch
   bcm27xx/patches-5.15/950-0578-spi-spidev-Restore-loading-from-Device-Tree.patch
   generic/pending-5.15/110-v6.3-0002-spidev-Add-Silicon-Labs-SI3210-device-compatible.patch

Adapt kernel configuration for newly added option
CONFIG_ARM64_ERRATUM_3194386.

The leddev_list_lock attribute changed from rwlock_t to spinlock_t in:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=590304b798a3b89e716b6b564f8ad14bc9373d93

Link: https://github.com/openwrt/openwrt/pull/16366
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-14 16:51:13 +02:00
David Bauer
cc938b18a8 ucode: fix host installation
The path for linking libucode.so was not specified for the ucode binary.
This breaks execution of ucode in the host context.

Signed-off-by: David Bauer <david.bauer@uniberg.com>
(cherry picked from commit ae42ecaad4)
2024-09-13 03:16:31 +02:00
Rafał Miłecki
ee3efefc5e treewide: fixup models names for UniFi U6 series
Ubiquiti has a set of UniFi 802.11ax (Wi-Fi 6) AP devices. All models
include "U6" in their names and also have code names with no special
characters (including spaces).

Examples:
1. U6 Lite (codename U6-Lite)
2. U6 Long-Range (codename U6-LR)
3. U6+ (codename U6-PLUS)
4. U6 Pro (codename U6-Pro)
5. U6 Mesh (codename U6-Mesh)
6. U6 Mesh Pro (codename U6-Mesh-Pro)
7. U6 Enterprise (codename U6-Enterprise)

Use proper full names for those devices. Names in OpenWrt/DTS code may
need updating too but it can be handled later.

Cc: Elbert Mai <code@elbertmai.com>
Cc: Daniel Golle <daniel@makrotopia.org>
Cc: Henrik Riomar <henrik.riomar@gmail.com>
Cc: David Bauer <mail@david-bauer.net>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 74879140a1)
2024-09-12 14:37:59 +02:00
David Bauer
7447eeac91 ipq40xx: define config-names for Aruba boards
Aruba boards now ship with multiple DTS and image-configurations per
image. Newer apboot revs expect a configuration for their hardware to be
present.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit c7ba5574f5)
2024-09-11 17:47:11 +02:00
Matthias Schiffer
5773538c90
base-files: fix merge of passwd/shadow/group lines with trailing colons
Empty trailing fields get lost when the lines are split and merged again
at colons, resulting in unparsable entries. Only use the split fields for
matching against the other file, but emit the original line unchanged
to fix the issue.

Fixes: de7ca7dafa ("base-files: merge /etc/passwd et al at sysupgrade config restore")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 9bbaa6f2c0)
2024-08-29 21:07:48 +02:00
Matthias Schiffer
c4c43c64aa
tools: libtool: do not symlink files in bootstrap
Another instance of files in build_dir symlinking to staging_dir. While
the symlinks do not currently cause any bugs in the libtool package,
such symlinks were found to make the build more fragile, as writing to
the symlink may accidentally modify the shared file in staging_dir. Pass
--copy to bootstrap to disable the symlinking.

Link: https://github.com/openwrt/openwrt/pull/15825
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit d6e5459319)
2024-08-29 20:06:03 +02:00
Matthias Schiffer
d811a09524
include: autotools: do not symlink files in autoreconf
In Gluon's Github Actions CI, we were occasionally seeing bizarre build
errors that looked like a config.sub file had been corrupted, or changed
while it was being executed.

The cause turned out to be an interaction of the symlinks created by
autoreconf (pointing from individual tools' build dirs into
`staging_dir/host/share/automake-1.16`) and OpenWrt's host-build.mk,
which replaced config.guess and config.sub *after* autoreconf. The
result was that the replacement of these files ended up following the
symlinks and writing the files in `staging_dir/host/share/automake-1.16`
instead of a package's build dir. This could cause other packages' builds
to fail if they were currently executing the scripts while they were
being written.

To fix this, disable autoreconf's symlinking feature, so that modifying
these files in a package's build directory can't accidentally affect the
staged versions.

Link: https://github.com/openwrt/openwrt/pull/15825
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit c364cb8e46)
2024-08-29 20:06:02 +02:00
Sarah Maedel
5a8588e360 hostapd: fix anqp_3gpp_cell_net list delimiter
This patch fixes the list delimiter between 3GPP networks
passed to hostapd.

> list iw_anqp_3gpp_cell_net '262,001'
> list iw_anqp_3gpp_cell_net '262,002'

When passing a list of "iw_anqp_3gpp_cell_net" parameters via UCI,
hostapd would crash at startup:
> daemon.err hostapd: Line 73: Invalid anqp_3gpp_cell_net: 262,001:262,002

Using a semicolon as a delimiter, hostapd will start as expected.

Signed-off-by: Sarah Maedel <git@tbspace.de>
(cherry picked from commit 8de185a176)
2024-08-28 12:00:23 +02:00
Jakob Haufe
a07a531329 octeon: ubnt-edgerouter: Disable PCIe
Some devices lock up on PCIe initialization:

[   64.309697] PCIe: Port 0 in endpoint mode, skipping.
[   64.320496] PCIe: Initializing port 1
[   64.325257] PCIe: BIST FAILED for port 1 (0xffffffffffffffff)
(system hangs here)

Given the ER contains no PCIe peripherals, has no way to attach any
and the stock kernel doesn't have PCIe support either, just disable it.

(cherry picked from commit 308630aea6)
Signed-off-by: Jakob Haufe <sur5r@sur5r.net>
Link: https://github.com/openwrt/openwrt/pull/16223
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-08-22 11:41:22 +02:00
Álvaro Fernández Rojas
bd79a16674 kernel: r8126: print link status when link up
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from 5d2a008670)
2024-08-19 12:46:30 +02:00
Álvaro Fernández Rojas
4d33716f96 kernel: r8125: print link status when link up
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from a57a3e5cc5)
2024-08-19 12:46:14 +02:00
Álvaro Fernández Rojas
561d534adb kernel: r8168: print link status when link up
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from 2f846a3315)
2024-08-19 12:45:59 +02:00
Álvaro Fernández Rojas
fe8c1fdd24 kernel: r8101: print link status when link up
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from fe0240f27e)
2024-08-19 12:45:41 +02:00
Álvaro Fernández Rojas
403af43fd4 kernel: r8126: ignore the rss rxnfc log
This log is noisy and useless, just ignore it.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from 8d9893ff34)
2024-08-18 12:21:15 +02:00
Chukun Pan
6a877053dd kernel: r8125: ignore the rss rxnfc log
This log is noisy and useless, just ignore it.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from 2fd0102cc3)
2024-08-18 12:20:55 +02:00
Álvaro Fernández Rojas
c615bcf438 kernel: r8126: add RSS variant
Instead of enabling RSS support, let's introduce a variant and let users
choose between both variants since it can cause network issues.

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from bfeef9b3d7)
2024-08-17 12:40:26 +02:00
Álvaro Fernández Rojas
a79157f257 package: add kmod-r8126 ethernet driver
r8126 is an out of tree driver provided by Realtek for RTL8126 devices.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from 54623c6a1d)
2024-08-17 12:40:22 +02:00
Álvaro Fernández Rojas
4d0dc5e15e kernel: r8125: add RSS variant
Instead of enabling RSS support, let's introduce a variant and let users
choose between both variants since it can cause network issues.

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from f063f4620c)
2024-08-17 12:35:09 +02:00
Álvaro Fernández Rojas
68d5ed7526 package: add kmod-r8125 ethernet driver
r8125 is an out of tree driver provided by Realtek for RTL8125 devices.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from ddb4070c96)
2024-08-17 12:34:50 +02:00
Álvaro Fernández Rojas
7d6366dcd7 package: add kmod-r8168 ethernet driver
r8168 is an out of tree driver provided by Realtek for RTL8168 devices.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
((cherry picked from commit 1565eeda4e)
2024-08-17 08:06:25 +02:00
Álvaro Fernández Rojas
d1de7d3c92 package: add kmod-r8101 ethernet driver
r8101 is an out of tree driver provided by Realtek for RTL8101 devices.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit b72c4b5386)
2024-08-17 08:03:48 +02:00
Tianling Shen
cce5b49de4 mediatek: fix lan/wan macaddr for cmcc rax3000m
The MAC address assigned to lan/wan was reversed on eMMC boards.

Fixes: d3c193525e ("mediatek: add CMCC RAX3000M support")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/15077
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-08-11 19:18:39 +02:00
Tianling Shen
a591f9cd14 mediatek: enable rootwait for cmcc rax3000m emmc version
Sometimes the mmc deivce may come up later than kernel attempts to
mount rootfs, resulting kernel panic. Enable rootwait to fix it.

Reported-by: Yangyu Chen <cyy@cyyself.name>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/15077
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-08-11 19:18:39 +02:00
Tianling Shen
6fadcee50b mediatek: increase phy assert time for jdcloud re-cp-03
According to RTL8221B's datasheet, the PHY requires at least 10ms
for assert and 68ms (recommended) for de-assert. So increase the
assert/de-assert time to 15ms and 68ms respectively.

Fixes: c0c3234e17 ("mediatek: add support for JDCloud RE-CP-03")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/16106
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d1954aa535)
2024-08-08 22:07:08 +02:00
Bjørn Mork
c241885687 kernel: ubootenv-nvram: driver for RAM backed environments
The vendor U-Boot implementaion on Telenor branded ZyXEL EX5700
devices does not store its environment on flash. It is instead
kept in a memory region.  This is persistent over reboots, but
not over power cycling.

The dual partition failsafe system used by the vendor U-Boot
requires the OS to modify a variable in this memory environment.
This driver allows the ordinary uboot-envtools to access a
memory region like it was a partition on NOR flash.

The specific vendor U-Boot adds a "no-map" /reserved-memory
section and a top level /ubootenv node pointing to the memory
environment.  The driver uses this device specific fact to
locate the region.  The matching and probing code will likely
have to be adjusted for any other devices to be supported.

Example partial device tree:

 / {
    ..
    ubootenv {
        memory-region = <&uenv>;
        compatible = "ubootenv";
    };
    ..
    reserved-memory {
        ..
        uenv: ubootenv@7ffe8000 {
            no-map;
            reg = <0 0x7ffe8000 0 0x4000>;
        };

Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit b2e810f495)
2024-08-07 12:12:30 +02:00
Rany Hany
e4625c37c4 hostapd: fix SAE H2E security vulnerability
This patch backports fixes for a security vulnerability impacting the
hostapd implementation of SAE H2E.

As upgrading hostapd would require more testing, the second mitigation
step which involves backporting several patches was adopted as outlined
in the official advisory[1].

An explanation of the impact of the vulnerability is provided from the
advisory[1]:

This vulnerability allows the attacker to downgrade the negotiated group
to another enabled group if both the AP and STA have enabled SAE H2E and
multiple groups. It should be noted that the H2E option is not enabled
by default and the attack is not applicable to the default option, i.e.,
hunting-and-pecking, since it does not have any downgrade protection for
group negotiation. In addition, the default configuration for enabled
SAE groups in hostapd is to enable only a single group, so the
vulnerability is not applicable unless hostapd has been explicitly
configured to enable more groups for SAE.

[1]: https://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt

Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16043
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit db7f70fe61)
2024-08-02 23:18:03 +02:00
Hauke Mehrtens
07cb7cb885 kernel: bump 5.15 to 5.15.164
No manual changes needed.

Link: https://github.com/openwrt/openwrt/pull/16027
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-29 23:11:33 +02:00
Hauke Mehrtens
f99dffcaca mac80211: Update to version 6.1.102-1
Upstream removed SSB and BCMA, the drivers are now compiled against the
in kernel versions. No need to patch this for OpenWrt.

Link: https://github.com/openwrt/openwrt/pull/15983
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-29 23:09:51 +02:00
Hauke Mehrtens
6edde2b502 ath25: eth: Fix PHY access over ar2313 driver
.ndo_do_ioctl is not called any more. For PHY MII ioctl handling, the
kernel calls .ndo_eth_ioctl now.

See upstream Linux kernel commit:
https://git.kernel.org/linus/a76053707dbf0dc020a73b4d90cd952409ef3691

Link: https://github.com/openwrt/openwrt/pull/16023
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-28 23:56:36 +02:00
Hauke Mehrtens
2e064182bf ipq40xx: eth: Fix PHY access over ipqess driver
.ndo_do_ioctl is not called any more. For PHY MII ioctl handling, the
kernel calls .ndo_eth_ioctl now.

See upstream Linux kernel commit:
https://git.kernel.org/linus/a76053707dbf0dc020a73b4d90cd952409ef3691

Link: https://github.com/openwrt/openwrt/pull/16005
(cherry picked from commit f0bb25aba2)
Link: https://github.com/openwrt/openwrt/pull/16023
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-28 23:56:36 +02:00
Hauke Mehrtens
c4dc5dbd33 ramips: eth: Fix PHY access over mtk_eth_soc driver
.ndo_do_ioctl is not called any more. For PHY MII ioctl handling, the
kernel calls .ndo_eth_ioctl now.

See upstream Linux kernel commit:
https://git.kernel.org/linus/a76053707dbf0dc020a73b4d90cd952409ef3691

Link: https://github.com/openwrt/openwrt/pull/16005
(cherry picked from commit dbccc9cf91)
Link: https://github.com/openwrt/openwrt/pull/16023
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-28 23:56:36 +02:00
Hauke Mehrtens
e5233fa70e ath79: Fix PHY access over ag71xx driver
.ndo_do_ioctl is not called any more. For PHY MII ioctl handling, the
kernel calls .ndo_eth_ioctl now.

The SIOCSIFHWADDR and SIOCGIFHWADDR operation are handled in the generic
code in the same way just with more input validation.

See upstream Linux kernel commit:
https://git.kernel.org/linus/a76053707dbf0dc020a73b4d90cd952409ef3691

Reported-by: Cthulhu88 in https://forum.openwrt.org/t/ethernet-leds-control-for-tp-link-tl-wr1043nd-v2-v3/202378
Link: https://github.com/openwrt/openwrt/pull/16005
(cherry picked from commit f86273e742)
Link: https://github.com/openwrt/openwrt/pull/16023
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-28 23:56:36 +02:00
Hauke Mehrtens
1478f641bd ltq-ptm: Fix netdev ioctls with kernel > 5.15
.ndo_do_ioctl is not called for SIOCDEVPRIVATE any more, the kernel
calls .ndo_siocdevprivate now.

The function gets the data pointer from the callback directly, make use
of it.

See upstream Linux kernel commit:
https://git.kernel.org/linus/b9067f5dc4a07c8e24e01a1b277c6722d91be39e

Link: https://github.com/openwrt/openwrt/pull/16005
(cherry picked from commit e33ebdd00e)
Link: https://github.com/openwrt/openwrt/pull/16023
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-28 23:56:35 +02:00
Hauke Mehrtens
f791ec1f6d kernel: bump 5.15 to 5.15.163
Manually adapted:
   lantiq/patches-5.15/0028-NET-lantiq-various-etop-fixes.patch

Link: https://github.com/openwrt/openwrt/pull/15982
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-27 00:40:25 +02:00
Hauke Mehrtens
56a84b3c47 mac80211: Fix wifi throughput
Backport 2 patches from upstream Linux to fix a Wifi throughput
problem.

Fixes: 323e249ce8 ("mac80211: Update to version 6.1.97-1")
Link: https://github.com/openwrt/openwrt/pull/16007
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-27 00:38:46 +02:00
Hauke Mehrtens
76a0c2932c OpenWrt v23.05.4: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-16 23:51:26 +02:00
Hauke Mehrtens
b9510660ce OpenWrt v23.05.4: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-16 23:51:19 +02:00
Paul Spooren
d8dd03c46f build: include tests/Makefile if available
Testing OpenWrt is important, and there is a test suite in the making.
For maximum convenience and minimal CI over-usage, make it simple to run
tests locally. The main Makefile now attempts to include
`tests/Makefile` and silently fails if it doesn't.

While the test suite[1] is still young, it provides good examples of how
to test things around OpenWrt: starting with shell scripts using
`bats`[2], followed by QEMU tests, and finally real device tests using
LabGrid[3]. This could lead to the creation of the best OpenWrt version
yet.

Please consult the `openwrt-tests.git` README.md for details on the
setup. Once installed you may run commands like the following:

* make tests/shell  # run shell tests
* make tests/x86-64 # run  and test x86/64 in QEMU

[1]: http://github.com/aparcar/openwrt-tests/
[2]: https://bats-core.readthedocs.io
[3]: https://labgrid.readthedocs.io

Signed-off-by: Paul Spooren <mail@aparcar.org>
Link: https://github.com/openwrt/openwrt/pull/15647
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit a8ff0c1b7e)
2024-07-16 00:14:18 +02:00
Hauke Mehrtens
84b000e5d0 wolfssl: Update to version 5.7.2
This fixes multiple security problems:
 * [Medium] CVE-2024-1544
   Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.

 * [Medium] CVE-2024-5288
   A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.

 * [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.

 * [Low] CVE-2024-5991
   In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.

 * [Medium] CVE-2024-5814
   A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.

 * [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.

 * [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.

Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.

Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3a0232ffd3)
2024-07-16 00:05:18 +02:00
Leon M. Busch-George
d3552ccb17 mediatek: filogic: prevent faulty mac address assignment
The vendor U-Boot on the Cudy M3000 and the Yuncore AX835 assign random
mac addresses on boot and set the 'local-mac-address' property which
prevents Openwrt from assigning the correct address from evmem.

This patch removes the alias for ethernet0 so that U-Boot doesn't add the
property, removes the workaround from 02_network, and adds back the nvmem
definition for the M3000.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit a55ab9e134)
2024-07-15 16:13:59 +02:00
Leon M. Busch-George
74df6ce9db mediatek: filogic: add support for Cudy M3000 v1
Hardware:
  SoC:     MT7981b
  RAM:     256 MB
  Flash:   128 MB SPI NAND
  Ethernet:
    1x 2.5Gbps (rtl8221b)
    1x 1Gbps (integrated phy)
  WiFi:    2x2 MT7981
  Buttons: Reset, WPS
  LED:     1x multicolor

Solder on UART:
  - remove rubber ring on the bottom
  - remove screws
  - pull up the cylinder, maybe help by push on an ethernet socket with a screwdriver
  - remove the (3) screws holding the board in the frame
  - remove the board from the frame to get to the screws for the silver, flat heat shield
  - remove the (3) screws holding the heat shield
  - solder UART pins to the back of the board
    - make sure to have the pins point out on side with the black, finned heat spread
    - the markings for the pins are going to be below the silver heat shield
    - Vcc is not needed

If you don't intend on using the UART outside of the installation process, you might not
want to solder:

  - carefully scrape off the thin layer of epoxy on the holes (not the copper)
  - place your pin header with the UART attached in the holes
  - the pins, starting with the one closest to the socket:
    - Vcc (not required)
    - GND
    - RX
    - TX
  - either wedge the header or hold it with your fingers so that the pins stay in contact with the board

Installation (UART):
  - attach an Ethernet cable to the 1Gbps port (black) on the router
  - hold the reset button while powering the router
  - press CTRL-C or wait for the timeout to get to the U-Boot prompt
  - prepare a TFTP server on the network to supply ..-initramfs-kernel.bin
  - use 'tftpboot' in the U-Boot shell to pull the image
  - boot the image using 'bootm'
  - push the ..-sysupgrade to the router using your preferred method
  - perform the upgrade with 'sysupgrade -n'

There is a recovery mechanism that involves fetching a file called 'recovery.bin' but that is not understood yet.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit 20e4a18feb)
2024-07-15 16:12:33 +02:00