The firmware blobs have all different licenses from the different
manufacturers of the binary blobs. This information is contained in the
upstream 'linux-firmware' repositroy.
This commit extends the package handling so that this information can be
added as an additional argument during packages generation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 5c14de1d7e)
Link: https://github.com/openwrt/openwrt/pull/15918
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update the deprecated license information from GPL-2.0 to GPL-2.0-only
as written in the COPYING file of the linux source tree.
Also add the 'COPYING' file to the PKG_LICENSE_FILES variable.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 879826154f)
Link: https://github.com/openwrt/openwrt/pull/15918
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The lincense information for the packages mac80211 are missing.
This commit adds the missing information.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [backport]
(cherry picked from commit 3128157ec7)
Link: https://github.com/openwrt/openwrt/pull/15918
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The package has no licence information. So let's fix it.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 0da116f25b)
Link: https://github.com/openwrt/openwrt/pull/15918
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Netgear EAX12, EAX11v2, EAX15v2 are wall-plug 802.11ax (Wi-Fi 6)
extenders that share the SoC, WiFi chip, and image format with the
WAX202.
Specifications:
* MT7621, 256 MiB RAM, 128 MiB NAND
* MT7915: 2.4/5 GHz 2x2 802.11ax (DBDC)
* Ethernet: 1 port 10/100/1000
* UART: 115200 baud (labeled on board)
All LEDs and buttons appear to work without state_default.
Installation:
* Flash the factory image through the stock web interface, or TFTP to
the bootloader. NMRP can be used to TFTP without opening the case.
Revert to stock firmware:
* Flash the stock firmware to the bootloader using TFTP/NMRP.
References in GPL source:
https://www.downloads.netgear.com/files/GPL/EAX12_EAX11v2_EAX15v2_GPL_V1.0.3.34_src.tar.gz
* target/linux/ramips/dts/mt7621-rfb-ax-nand.dts
DTS file for this device.
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
(cherry picked from commit 32ea8a9a7e)
General specification:
SoC Type: MediaTek MT7620A (580MHz)
ROM: 8 MB SPI-NOR (MX25L6406E)
RAM: 64 MB DDR (W9751G6KB-25)
Switch: MediaTek MT7530
Ethernet: 5 ports - 5×100MbE (WAN, LAN1-4)
Wireless: 2.4 GHz (MediaTek RT5390): b/g/n
Wireless: 5 GHz (MediaTek MT7610EN): ac/n
Buttons: 2 button (POWER, WPS/RESET)
Bootloader: U-Boot 1.1.3
Power: 12 VDC, 0.5 A
MACs:
| LAN | [Factory + 0x04] - 2 |
| WLAN 2.4g | [Factory + 0x04] - 1 |
| WLAN 5g | [Factory + 0x8004] - 3 |
| WAN | [Factory + 0x04] - 2 |
OEM easy installation:
1. Use a PC to browse to http://192.168.0.1.
2. Go to the System section and open the Firmware Update section.
3. Under the Local Update at the right, click on the CHOOSE FILE...
4. When a modal window appears, choose the firmware file and click on
the Open.
5. Next click on the UPDATE FIRMWARE button and upload the firmware image.
Wait for the router to flash and reboot.
OEM installation using the TFTP method (need level converter):
1. Download the latest firmware image.
2. Set up a Tftp server on a PC (e.g. Tftpd32) and place the firmware
image to the root directory of the server.
3. Power off the router and use a twisted pair cable to connect the PC
to any of the router's LAN ports.
4. Configure the network adapter of the PC to use IP address 192.168.0.180
and subnet mask 255.255.255.0.
5. Connect serial port (57600 8N1) and turn on the router.
6. Then interrupt "U-Boot Boot Menu" by hitting 2 key (select "2: Load
system code then write to Flash via TFTP.").
7. Press Y key when show "Warning!! Erase Linux in Flash then burn new
one. Are you sure? (Y/N)"
Input device IP (192.168.0.1) ==:192.168.0.1
Input server IP (192.168.0.180) ==:192.168.0.180
Input Linux Kernel filename () ==:firmware_name
The router should download the firmware via TFTP and complete flashing in
a few minutes.
After flashing is complete, use the PC to browse to http://192.168.1.1 or
ssh to proceed with the configuration.
Signed-off-by: Alexey Bartenev <41exey@proton.me>
(cherry picked from commit ce998cb6e1)
Specification:
- MT7981 CPU using 2.4GHz and 5GHz WiFi (both AX)
- MT7531 switch
- 512MB RAM
- 128MB NAND flash with two UBI partitions with identical size
- 1 multi color LED (red, green, blue, white) connected via GCA230718
- 3 buttons (WPS, reset, LED on/off)
- 1 1Gbit WAN port
- 4 1Gbit LAN ports
Disassembly:
- There are four screws at the bottom: 2 under the rubber feets, 2 under the label.
- After removing the screws, the white plastic part can be shifted out of the blue part.
- Be careful because the antennas are mounted on the side and the top of the white part.
Serial Interface
- The serial interface can be connected to the 4 pin holes on the side of the board.
- Pins (from front to rear):
- 3.3V
- RX
- TX
- GND
- Settings: 115200, 8N1
MAC addresses:
- WAN MAC is stored in partition "Odm" at offset 0x81
- LAN (as printed on the device) is WAN MAC + 1
- WLAN MAC (2.4 GHz) is WAN MAC + 2
- WLAN MAC (5GHz) is WAN MAC + 3
Flashing via Recovery Web Interface:
- The recovery web interface always flashes to the currently active partition.
- If OpenWrt is flahsed to the second partition, it will not boot.
- Ensure that you have an OEM image available (encrypted and decrypted version). Decryption is described in the end.
- Set your IP address to 192.168.200.10, subnetmask 255.255.255.0
- Press the reset button while powering on the device
- Keep the reset button pressed until the LED blinks red
- Open a Chromium based and goto http://192.168.200.1 (recovery web interface)
- Download openwrt-mediatek-filogic-dlink_aquila-pro-ai-m30-a1-squashfs-recovery.bin
- The recovery web interface always reports successful flashing, even if it fails
- After flashing, the recovery web interface will try to forward the browser to 192.168.0.1 (can be ignored)
- If OpenWrt was flashed to the first partition, OpenWrt will boot (The status LED will start blinking white and stay white in the end). In this case you're done and can use OpenWrt.
- If OpenWrt was flashed to the second partition, OpenWrt won't boot (The status LED will stay red forever). In this case, the following steps are reuqired:
- Start the web recovery interface again and flash the **decrypted OEM image**. This will be flashed to the second partition as well. The OEM firmware web interface is afterwards accessible via http://192.168.200.1.
- Now flash the **encrypted OEM image** via OEM firmware web interface. In this case, the new firmware is flashed to the first partition. After flashing and the following reboot, the OEM firmware web interface should still be accessible via http://192.168.200.1.
- Start the web recovery interface again and flash the OpenWrt recovery image. Now it will be flashed to the first partition, OpenWrt will boot correctly afterwards and is accessible via 192.168.1.1.
Flashing via U-Boot:
- Open the case, connect to the UART console
- Set your IP address to 192.168.200.2, subnet mask 255.255.255.0. Connect to one of the LAN interfaces of the router
- Run a tftp server which provides openwrt-mediatek-filogic-dlink_aquila-pro-ai-m30-a1-initramfs-kernel.bin.
- Power on the device and select "7. Load image" in the U-Boot menu
- Enter image file, tftp server IP and device IP (if they differ from the default).
- TFTP download to RAM will start. After a few seconds OpenWrt initramfs should start
- The initramfs is accessible via 192.168.1.1, change your IP address accordingly (or use multiple IP addresses on your interface)
- Perform a sysupgrade using openwrt-mediatek-filogic-dlink_aquila-pro-ai-m30-a1-squashfs-sysupgrade.bin
- Reboot the device. OpenWrt should start from flash now
Revert back to stock using the Recovery Web Interface:
- Set your IP address to 192.168.200.2, subnetmask 255.255.255.0
- Press the reset button while powering on the device
- Keep the reset button pressed until the LED blinks red
- Open a Chromium based and goto http://192.168.200.1 (recovery web interface)
- Flash a decrypted firmware image from D-Link. Decrypting an firmware image is described below.
Decrypting a D-Link firmware image:
- Download https://github.com/RolandoMagico/firmware-utils/blob/M32/src/m32-firmware-util.c
- Compile a binary from the downloaded file, e.g. gcc m32-firmware-util.c -lcrypto -o m32-firmware-util
- Run ./m32-firmware-util M30 --DecryptFactoryImage <OriginalFirmware> <OutputFile>
- Example for firmware M30A1_FW101B05: ./m32-firmware-util M30 --DecryptFactoryImage M30A1_FW101B05\(0725091522\).bin M30A1_FW101B05\(0725091522\)_decrypted.bin
Flashing via OEM web interface is not possible, as it will change the active partition and OpenWrt is only running on the first UBI partition.
Controlling the LEDs:
- The LEDs are controlled by a chip called "GCA230718" which is connected to the main CPU via I2C (address 0x40)
- I didn't find any documentation or driver for it, so the information below is purely based on my investigations
- If there is already I driver for it, please tell me. Maybe I didn't search enough
- I implemented a kernel module (leds-gca230718) to access the LEDs via DTS
- The LED controller supports PWM for brightness control and ramp control for smooth blinking. This is not implemented in the driver
- The LED controller supports toggling (on -> off -> on -> off) where the brightness of the LEDs can be set individually for each on cycle
- Until now, only simple active/inactive control is implemented (like when the LEDs would have been connected via GPIO)
- Controlling the LEDs requires three sequences sent to the chip. Each sequence consists of
- A reset command (0x81 0xE4) written to register 0x00
- A control command (for example 0x0C 0x02 0x01 0x00 0x00 0x00 0xFF 0x01 0x00 0x00 0x00 0xFF 0x87 written to register 0x03)
- The reset command is always the same
- In the control command
- byte 0 is always the same
- byte 1 (0x02 in the example above) must be changed in every sequence: 0x02 -> 0x01 -> 0x03)
- byte 2 is set to 0x01 which disables toggling. 0x02 would be LED toggling without ramp control, 0x03 would be toggling with ramp control
- byte 3 to 6 define the brightness values for the LEDs (R,G,B,W) for the first on cycle when toggling
- byte 7 defines the toggling frequency (if toggling enabled)
- byte 8 to 11 define the brightness values for the LEDs (R,G,B,W) for the second on cycle when toggling
- byte 12 is constant 0x87
Comparison to M32/R32:
- The algorithms for decrypting the OEM firmware are the same for M30/M32/R32, only the keys differ
- The keys are available in the GPL sources for the M32
- The M32/R32 contained raw data in the firmware images (kernel, rootfs), the R30 uses a sysupgrade tar instead
- Creation of the recovery image is quite similar, only the header start string changes. So mostly takeover from M32/R32 for that.
- Turned out that the bytes at offset 0x0E and 0x0F in the recovery image header are the checksum over the data area
- This checksum was not checked in the recovery web interface of M32/R32 devices, but is now active in R30
- I adapted the recovery image creation to also calculate the checksum over the data area
- The recovery image header for M30 contains addresses which don't match the memory layout in the DTS. The same addresses are also present in the OEM images
- The recovery web interface either calculates the correct addresses from it or has it's own logic to determine where which information must be written
Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
(cherry picked from commit 29cca6cfee)
Add basic support for the LED driver for GCA230718.
- I didn't find any documentation or driver for it, so the information below is purely based on my investigations
- If there is already I driver for it, please tell me. Maybe I didn't search enough
- I implemented a kernel module (leds-gca230718) to access the LEDs via DTS
- The LED controller supports PWM for brightness control and ramp control for smooth blinking. This is not implemented in the driver
- The LED controller supports toggling (on -> off -> on -> off) where the brightness of the LEDs can be set individually for each on cycle
- Until now, only simple active/inactive control is implemented (like when the LEDs would have been connected via GPIO)
- Controlling the LEDs requires three sequences sent to the chip. Each sequence consists of
- A reset command (0x81 0xE4) written to register 0x00
- A control command (for example 0x0C 0x02 0x01 0x00 0x00 0x00 0xFF 0x01 0x00 0x00 0x00 0xFF 0x87 written to register 0x03)
- The reset command is always the same
- In the control command
- byte 0 is always the same
- byte 1 (0x02 in the example above) must be changed in every sequence: 0x02 -> 0x01 -> 0x03)
- byte 2 is set to 0x01 which disables toggling. 0x02 would be LED toggling without ramp control, 0x03 would be toggling with ramp control
- byte 3 to 6 define the brightness values for the LEDs (R,G,B,W) for the first on cycle when toggling
- byte 7 defines the toggling frequency (if toggling enabled)
- byte 8 to 11 define the brightness values for the LEDs (R,G,B,W) for the second on cycle when toggling
- byte 12 is constant 0x87
Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
(cherry picked from commit 0682974aa8)
Alexander reported following:
iwlwifi 0000:00:14.3: Detected crf-id 0x3617, cnv-id 0x20000302 wfpm id 0x80000000
iwlwifi 0000:00:14.3: PCI dev a0f0/0074, rev=0x351, rfid=0x10a100
iwlwifi 0000:00:14.3: Direct firmware load for iwlwifi-QuZ-a0-hr-b0-77.ucode failed with error -2
It seems, that as of the current date, the highest firmware API version
supported by Linux 6.8-rc7 is still 77.
Closes: #14771
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8db83d4cc0)
[Reduce to API version 72 for older mac80211]
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
On some setup failures, iface->bss can be NULL
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 1ee5b7e506)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This contains a fix for:
CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
API mishandles shared memory.
(cherry picked from commit 360ac07eb9)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
uid/gid range should be limited to 16bit unsigned integer range to
avoid "wraparound" issues with permissions where jffs2
is employed for storage and chown 65536 (first auto-created user)
becomes equivalent to chown 0
Fixes: #13927
Signed-off-by: Thomas Winkler <tewinkler86@gmail.com>
(cherry picked from commit 140b48a9e9)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Select DRIVER_11AX_SUPPORT and KERNEL_RELAY also for kmod-mt7996 to
prevent build failure if only this driver is selected during build and
end up with (most) required hostap features (IEEE 802.11be rates are not
yet supported).
Reported-by: Arınç ÜNAL <arinc.unal@arinc9.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 83311b7470)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Debian changelog:
intel-microcode (3.20240531.1) unstable; urgency=medium
* New upstream microcode datafile 20240531
* Fix unspecified functional issues on Pentium Silver N/J5xxx,
Celeron N/J4xxx
* Updated Microcodes:
sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800
* source: update symlinks to reflect id of the latest release, 20240531
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 01 Jun 2024 11:49:47 -0300
intel-microcode (3.20240514.1) unstable; urgency=medium
* New upstream microcode datafile 20240514
* Mitigations for INTEL-SA-01051 (CVE-2023-45733)
Hardware logic contains race conditions in some Intel Processors may
allow an authenticated user to potentially enable partial information
disclosure via local access.
* Mitigations for INTEL-SA-01052 (CVE-2023-46103)
Sequence of processor instructions leads to unexpected behavior in
Intel Core Ultra Processors may allow an authenticated user to
potentially enable denial of service via local access.
* Mitigations for INTEL-SA-01036 (CVE-2023-45745, CVE-2023-47855)
Improper input validation in some Intel TDX module software before
version 1.5.05.46.698 may allow a privileged user to potentially enable
escalation of privilege via local access.
* Fix for unspecified functional issues on 4th gen and 5th gen Xeon
Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for
Core i3 N-series processors.
* Updated microcodes:
sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632
sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400
sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256
sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208
sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433
sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808
sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040
sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240
sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960
sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230
* source: update symlinks to reflect id of the latest release, 20240514
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 16 May 2024 21:40:52 -0300
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7d9b9762c9)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The data is modified within hostapd_add_iface
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 032d3fcf7a)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The kmod-fs-btrfs package has a soft dependency to kmod-crypto-blake2b
The CONFIG_BTRFS_FS kernel build option selects CONFIG_CRYPTO_BLAKE2B,
but we did not package it before.
Link: https://github.com/openwrt/openwrt/pull/15833
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f89091bba6)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The kernel provides two variants of the lz4 compression a normal version
and a high compression mode version. The old kmod-lib-lz4 package
contained the normal version plus one part of the lz4hc version. There
was already code which selected the kmod-lib-lz4hc package which did
not exists.
I split this into 3 packages. kmod-lib-lz4 and kmod-lib-lz4hc for the
normal the and high compression algorithm which contain the specific
code and the kmod-lib-lz4-decompress which contains the common
decompressor.
New we are also packaging lz4hc.ko
Link: https://github.com/openwrt/openwrt/pull/15833
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit fac507606d)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The nf_dup_ipv4.ko and nf_dup_ipv6.ko kernel module were packaged by
kmod-ipt-tee and kmod-nft-dup-inet at the same time. Extract them into a
separate package used by both.
Link: https://github.com/openwrt/openwrt/pull/15833
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b0953c4fbf)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Without this configuration it is not possible to run the radio using HE160 on channels 149-177.
Fixes: #14906
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
(cherry picked from commit a91b79fd04)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes WARN_ONs when using AP_VLANs after station removal. The flush
call passed AP_VLAN vif to driver, but because these vifs are virtual and
not registered with drivers, we need to translate to the correct AP vif
first.
Fixes: openwrt#12420
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
[Rename to 360-wifi-mac80211-do-not-pass-ap_vlan-vif-pointer-to-dri.patch]
(cherry picked from commit 3e738781a9)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The vendor uboot requires special fit verification.
So add a custom uboot build for this device.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 0170666d89)
The vendor U-Boot has enabled signature verification, so add
a custom U-Boot build for OpenWrt.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 6fa4fbbc52)
The PKG_MIRROR_HASH was updated to a wrong version.
Fixes: f64576f367 ("mt76: update to Git HEAD (2024-04-03)")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This updates mac80211 to version 6.1.97-1. This code is based on Linux
6.1.97 and contains all fixes included in the upstream wireless
subsystem from that kernel version. This includes many bugfixes and also
some security fixes.
The removed patches are already integrated in upstream Linux 6.1.97 or
in backports.
The following patches were integrated in upstream Linux:
ath11k/0013-wifi-ath11k-synchronize-ath11k_mac_he_gi_to_nl80211_.patch
ath11k/0035-wifi-ath11k-Use-platform_get_irq-to-get-the-interrup.patch
ath11k/0036-wifi-ath11k-fix-SAC-bug-on-peer-addition-with-sta-ba.patch
ath11k/0047-wifi-ath11k-fix-deinitialization-of-firmware-resourc.patch
ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch
ath11k/0060-wifi-ath11k-Ignore-frags-from-uninitialized-peer-in-.patch
ath11k/0065-wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch
ath11k/0067-wifi-ath11k-Fix-SKB-corruption-in-REO-destination-ri.patch
ath11k/0069-wifi-ath11k-fix-registration-of-6Ghz-only-phy-withou.patch
ath11k/0080-wifi-ath11k-add-support-default-regdb-while-searchin.patch
ath11k/0085-wifi-ath11k-fix-memory-leak-in-WMI-firmware-stats.patch
ath11k/0086-wifi-ath11k-Add-missing-check-for-ioremap.patch
ath11k/0096-wifi-ath11k-fix-boot-failure-with-one-MSI-vector.patch
subsys/337-wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
The following patches were integrated in upstream backports:
ath11k/901-wifi-ath11k-pci-fix-compilation-in-5.16-and-older.patch
build/080-resv_start_op.patch
build/110-backport_napi_build_skb.patch
The following files are missing in backports, we do not have to remove
them any more. Some were already missing before some were removed in
this update:
include/linux/cordic.h
include/linux/crc8.h
include/linux/eeprom_93cx6.h
include/linux/wl12xx.h
include/net/ieee80211.h
backport-include/linux/bcm47xx_nvram.h
include/linux/ath9k_platform.h
include/net/bluetooth/
backports ships a dummy Mediatek wed header for older kernel versions.
We backported the feature in our kernel, remove the dummy header:
backport-include/linux/soc/mediatek/mtk_wed.h
Remove header files for subsystems used form the mainline kernel:
include/trace/events/qrtr.h
include/net/rsi_91x.h
backport-include/linux/platform_data/brcmnand.h
Link: https://github.com/openwrt/openwrt/pull/15827
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update the nl80211.h file in iw with the version from backports.
The files were out of sync already before the mac80211 update. If iw set
the NL80211_ATTR_WIPHY_ANTENNA_GAIN attribute the kernel assumed it set
the NL80211_ATTR_PUNCT_BITMAP attribute because the id was the same.
Link: https://github.com/openwrt/openwrt/pull/15827
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
R32 is like the M32 part of the EAGLE PRO AI series from D-Link.
Specification:
- MT7622BV SoC with 2.4GHz wifi
- MT7975AN + MT7915AN for 5GHz
- MT7531BE Switch
- 512MB RAM
- 128 MB flash
- 2 LEDs (Status and Internet, both can be either orange or white)
- 2 buttons (WPS and Reset)
Compared to M32, the R32 has the following differences:
- 4 LAN ports instead of 2
- The recory image starts with DLK6E6015001 instaed of DLK6E6010001
- Individual LEDs for power and internet
- MAC address is stored at another offset in the ODM partition
MAC addresses:
- WAN MAC is stored in partition "Odm" at offset 0x81
- LAN (as printed on the device) is WAN MAC + 1
- WLAN MAC (2.4 GHz) is WAN MAC + 2
- WLAN MAC (5GHz) is WAN MAC + 3
Flashing via Recovery Web Interface:
- Set your IP address to 192.168.0.10, subnetmask 255.255.255.0
- Press the reset button while powering on the deivce
- Keep the reset button pressed until the internet LED blinks fast
- Open a Chromium based and goto http://192.168.0.1
- Download openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-a1-squashfs-recovery.bin
Flashing via uBoot:
- Open the case, connect to the UART console
- Set your IP address to 10.10.10.3, subnet mask 255.255.255.0. Connect to one of the LAN interfaces of the router
- Run a tftp server which provides openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-initramfs-kernel.bin.
- You can rename the file to iverson_uImage (no extension), then you don't have to enter the whole file name in uboot later.
- Power on the device and select "1. System Load Linux to SDRAM via TFTP." in the boot menu
- Enter image file, tftp server IP and device IP (if they differ from the default).
- TFTP download to RAM will start. After a few seconds OpenWrt initramfs should start
- The initramfs is accessible via 192.168.1.1, change your IP address accordingly (or use multiple IP addresses on your interface)
- Create a backup of the Kernel1 partition, this file is required if a revert to stock should be done later
- Perform a sysupgrade using openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-squashfs-sysupgrade.bin
- Reboot the device. OpenWrt should start from flash now
Revert back to stock using the Recovery Web Interface:
- Set your IP address to 192.168.0.10, subnetmask 255.255.255.0
- Press the reset button while powering on the deivce
- Keep the reset button pressed until the internet LED blinks fast
- Open a Chromium based and goto http://192.168.0.1
- Flash a decrypted firmware image from D-Link. Decrypting an firmware image is described below.
Decrypting a D-Link firmware image:
- Download https://github.com/RolandoMagico/firmware-utils/blob/M32/src/m32-firmware-util.c
- Compile a binary from the downloaded file, e.g. gcc m32-firmware-util.c -lcrypto -o m32-firmware-util
- Run ./m32-firmware-util R32 --DecryptFactoryImage <OriginalFirmware> <OutputFile>
- Example for firmware R32A1_FW103B01: ./m32-firmware-util R32 --DecryptFactoryImage R32A1_FW103B01.bin R32A1_FW103B01.decrypted.bin
Revert back to stock using uBoot:
- Open the case, connect to the UART console
- Set your IP address to 10.10.10.3, subnet mask 255.255.255.0. Connect to one of the LAN interfaces of the router
- Run a tftp server which provides the previously created backup of the Kernel1 partition.
- You can rename the file to iverson_uImage (no extension), then you don't have to enter the whole file name in uboot later.
- Power on the device and select "2. System Load Linux Kernel then write to Flash via TFTP." in the boot menu
- Enter image file, tftp server IP and device IP (if they differ from the default).
- TFTP download to FLASH will start. After a few seconds the stock firmware should start again
There is also an image openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-a1-squashfs-tftp.bin which can directly be flashed via U-Boot and TFTP.
It can be used if no backup of the Kernel1 partition is reuqired.
Flahsing via OEM web interface is currently not possible, the OEM images are encrypted. Creating images is only possible manually at the moment.
The support for the M32/R32 already includes support for flashing from the OEM web interface:
- The device tree contains both partitions (Kernel1 and Kernel2) with conditions to select the correct one based on the kernel command line
- The U-Boot variable "boot_part" is set accordingly during startup to finish the partition swap after flashing from the OEM web interface
- OpenWrt sysupgrade flashing always uses the partition where it was initially flashed to (no partition swap)
Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
(cherry picked from commit fdb87a91b4)
Link: https://github.com/openwrt/openwrt/pull/15776
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently, the build option to enable/disable engine support isn't
reflected in the final '/etc/ssl/openssl.cnf' config. It assumes `engines`
is always enabled, producing an error whenever running any
commands in openssl util or programs that explicitly use settings
from '/etc/ssl/openssl.cnf'.
```
➤ openssl version
FATAL: Startup failure (dev note: apps_startup()) for openssl
307D1EA97F000000:error:12800067:lib(37):dlfcn_load:reason(103):crypto/dso/dso_dlfcn.c:118:filename(libengines.so):
Error loading shared library libengines.so: No such file or directory
307D1EA97F000000:error:12800067:lib(37):DSO_load:reason(103):crypto/dso/dso_lib.c:152:
307D1EA97F000000:error:0700006E:lib(14):module_load_dso:reason(110):crypto/conf/conf_mod.c:321:module=engines, path=engines
307D1EA97F000000:error:07000071:lib(14):module_run:reason(113):crypto/conf/conf_mod.c:266:module=engines
```
Build should check for the `CONFIG_OPENSSL_ENGINE` option, and comment out `engines`
if not explicitly enabled.
Example:
```
[openssl_init]
providers = provider_sect
```
After this change, openssl util works correctly.
```
➤ openssl version
OpenSSL 3.0.14 4 Jun 2024 (Library: OpenSSL 3.0.14 4 Jun 2024)
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/15661
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 31ec4515c3)
Link: https://github.com/openwrt/openwrt/pull/15873
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [04-Jun-2024]
* Fixed potential use after free after SSL_free_buffers() is called.
[CVE-2024-4741]
* Fixed checking excessively long DSA keys or parameters may be very slow.
[CVE-2024-4603]
* Fixed an issue where some non-default TLS server configurations can cause
unbounded memory growth when processing TLSv1.3 sessions. An attacker may
exploit certain server configurations to trigger unbounded memory growth that
would lead to a Denial of Service. [CVE-2024-2511]
* New atexit configuration switch, which controls whether the OPENSSL_cleanup
is registered when libcrypto is unloaded. This can be used on platforms
where using atexit() from shared libraries causes crashes on exit
Signed-off-by: John Audia <therealgraysky@proton.me>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
(cherry picked from commit bac2f1bed6)
Link: https://github.com/openwrt/openwrt/pull/15873
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes multiple security problems:
* [High] CVE-2024-0901 Potential denial of service and out of bounds
read. Affects TLS 1.3 on the server side when accepting a connection
from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
it is recommended to update the version of wolfSSL used.
* [Med] CVE-2024-1545 Fault Injection vulnerability in
RsaPrivateDecryption function that potentially allows an attacker
that has access to the same system with a victims process to perform
a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
Zhang, Qingni Shen for the report (Peking University, The University
of Western Australia)."
* [Med] Fault injection attack with EdDSA signature operations. This
affects ed25519 sign operations where the system could be susceptible
to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
Qingni Shen for the report (Peking University, The University of
Western Australia).
Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk
(cherry picked from commit f475a44c03)
Link: https://github.com/openwrt/openwrt/pull/15872
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Comfast CF-E393AX is a dual-band Wi-Fi 6 POE ceiling mount access point.
Oem firmware is a custom openwrt 21.02 snapshot version.
We can gain access via ssh once we remove the root password.
Hardware specification:
SoC: MediaTek MT7981A 2x A53
Flash: 128 MB SPI-NAND
RAM: 256MB DDR3
Ethernet: 1x 10/100/1000 Mbps built-in PHY (WAN)
1x 10/100/1000/2500 Mbps MaxLinear GPY211C (LAN)
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976D
LEDS: 1x (Red, Blue and Green)
Button: Reset
UART: 3.3v, 115200n8
--------------------------
| Layout |
| ----------------- |
| 4 | VCC GND TX RX | <= |
| ----------------- |
--------------------------
Gain SSH access:
1. Login into web interface (http://apipaddress/computer/login.html),
and download the
configuration(http://apipaddress/computer/config.html).
2. Rename downloaded backup config - 'backup.file to backup.tar.gz',
Enter 'fakeroot' command then decompress the configuration:
tar -zxf backup.tar.gz
3. Edit 'etc/shadow', update (remove) root password:
With password =
'root:$1$xf7D0Hfg$5gkjmvgQe4qJbe1fi/VLy1:19362:0:99999:7:::'
'root:$1$xf7D0Hfg$5gkjmvgQe4qJbe1fi/VLy1:19362:0:99999:7:::'
to
Without password =
'root::0:99999:7:::'
'root::0:99999:7:::'
4. Repack 'etc' directory back to a new backup file:
tar -zcf backup-ssh.tar.gz etc/
5. Rename new config tar.gz file to 'backup-ssh.file'
Exit fakeroot - 'exit'
6. Upload new configuration via web interface, now you
can SSH with the following:
'ssh -vv -o HostKeyAlgorithms=+ssh-rsa \
-o PubkeyAcceptedAlgorithms=+ssh-rsa root@192.168.10.1'.
Backup the mtd partitions
- https://openwrt.org/docs/guide-user/installation/generic.backup
7. Copy openwrt factory firmware to the tmp folder to install via ssh:
'scp -o HostKeyAlgorithms=+ssh-rsa \
-o PubkeyAcceptedAlgorithms=+ssh-rsa \
*-mediatek-filogic-comfast_cf-e393ax-squashfs-factory.bin \
root@192.168.10.1:/tmp/'
'sysupgrade -n -F \
/tmp/*--mediatek-filogic-comfast_cf-e393ax-squashfs-factory.bin'
8. Once led has stopped flashing - Connect via ssh with the
default openwrt ip address - 'ssh root@192.168.1.1'
9. SSH copy the openwrt sysupgrade firmware and upgrade
as per the default instructions.
Signed-off-by: David Bentham <db260179@gmail.com>
(cherry picked from commit d8f4453bf2)
Specifications:
SoC: MediaTek MT7981B
RAM: 256MiB
Flash: SPI-NAND 128 MiB
Switch: 1 WAN, 3 LAN (Gigabit)
Buttons: Reset, Mesh
Power: DC 12V 1A
WiFi: MT7976CN
UART: 115200n8
UART Layout:
VCC-RX-TX-GND
No. of Antennas: 6
Note: Upon opening the router, only 5 antennas were connected
to the mainboard.
Led Layout:
Power-Mesh-5gwifi-WAN-LAN3-LAN2-LAN1-2gWiFi
Buttons:
Reset-Mesh
Installation:
A. Through OpenWrt Dashboard:
If your router comes with OpenWrt preinstalled (modified by the seller),
you can easily upgrade by going to the dashboard (192.168.1.1) and then
navigate to System -> Backup/Flash firmware, then flash the firmware
B. Through TFTP
Standard installation via UART:
1. Connect USB Serial Adapter to the UART, (NOTE: Don't connect the VCC pin).
2. Power on the router. Make sure that you can access your router via UART.
3. Restart the router then repeatedly press ctrl + c to skip default boot.
4. Type > bootmenu
5. Press '2' to select upgrade firmware
6. Press 'Y' on 'Run image after upgrading?'
7. Press '0' and hit 'enter' to select TFTP client (default)
8. Fill the U-Boot's IP address and TFTP server's IP address.
9. Finally, enter the 'firmware' filename.
Signed-off-by: Ian Oderon <ianoderon@gmail.com>
(cherry picked from commit 4300bc6688)
This is mostly a cosmetic cleanup. The absence of
the return statement was not causing any problems.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
(cherry picked from commit 8cf4ac5195)
