This reverts commit dcdcfc1511.
This is a firmware for third-party u-boot mod, which should not
be carried here by us.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 1b7e62b20b)
When an IBBS interface is configured for IBSS legacy mode, wdev.htmode
is empty. This is empty string results in an empty positional argument
to the "ibbs join" command, for example:
iw dev phy0-ibss0 ibss join crymesh 2412 '' fixed-freq beacon-interval 100
This empty argument is interpreted as an invalid HT mode by 'iw',
causing the entire command to fail and print a "usage" message:
daemon.notice netifd: radio0 (4527): Usage: iw [options] \
dev <devname> ibss join <SSID> <freq in MHz> ...
Although nobody will ever need more than 640K of IBSS, explicitly use
"NOHT" if an HT mode is not given. This fixes the problem.
Fixes: e56c5f7b27 ("hostapd: add ucode support, use ucode for the main ubus object")
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [extend to cover more cases]
(cherry picked from commit cee9fcdb73)
Changes:
73529a8 Revert "wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)"
87941e4 wireless-regdb: Update regulatory rules for Taiwan (TW) on 6GHz
33797ae wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 65c1f0d433)
This fixes:
mt7603/dma.c: In function 'mt7603_rx_loopback_skb':
mt7603/dma.c:60:17: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
Fixes: 2568b30285 ("mt76: backport mt7603 fixes important for its stability")
Fixes: https://github.com/openwrt/openwrt/issues/15510
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Those are required for stable MT7603E & on-SoC MT7628/MT7688 wireless
support. After mt76 receiving more testing we may just update codebase
and drop those backports.
Fixes: https://github.com/openwrt/mt76/issues/865
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
bebd9cffc2ae wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 1a57d758f2)
[rmilecki: it's a no-change for 23.05 as we had that fix backported]
f63f87cd5b45 wifi: mt76: mt7996: fix shift overflow warning on 32 bit systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit da7b0351fc)
[rmilecki: it's a no-change for 23.05 as we had that fix backported]
mDNS broadcast can't accept empty TXT record and would fail
registration.
Current procd_add_mdns_service checks only if the first passed arg is
empty but don't make any verification on the other args permittins
insertion of empty values in TXT record.
Example:
procd_add_mdns "blah" \
"tcp" "50" \
"1" \
"" \
"3"
Produce:
{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "", "3" ] } }
The middle empty TXT record should never be included as it's empty.
This can happen with scripts that make fragile parsing and include
variables even if they are empty.
Prevent this and make the TXT record more solid by checking every
provided TXT record and include only the non-empty ones.
The fixed JSON is the following:
{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "3" ] } }
Fixes: b0d9dcf84d ("procd: update to latest git HEAD")
Reported-by: Paul Donald <newtwen@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15331
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 4b04304713)
This reverts commit 997ff740dc.
78cbd5apick as it should be fixed in commit 78cbd5a57e11 ("tools: macOS:
types.h: fix missing unsigned types").
References: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f691830307)
This reverts commit 3cc57ba462 as it
should be fixed in commit 78cbd5a57e11 ("tools: macOS: types.h: fix
missing unsigned types").
References: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit bc47613cf0)
It's needed by some drivers, e.g. mt7925, see:
mt7925/main.c:264:9: error: implicit declaration of function '_ieee80211_set_sband_iftype_data' [-Werror=implicit-function-declaration]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It's needed by some drivers, e.g. mt7925, see:
mt7925/mcu.c:2181:23: error: implicit declaration of function 'ieee80211_vif_is_mld' [-Werror=implicit-function-declaration]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Some queues can't be tweaked and return -ENOENT if it's not multiqueue.
Silence any error from echo to produce a more clean bootlog.
Fixes: #12095
Suggested-by: Andris PE <neandris@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add kernel module for lp5562 LED driver.
The kmod-leds-lp5562 depends on kmod-leds-lp55xx-common.
Signed-off-by: CheWei Chien <chewei.chien@wnc.com.tw>
(cherry picked from commit b33fa6ac90)
Huawei AP5030DN is a dual-band, dual-radio 802.11ac Wave 1 3x3 MIMO
enterprise access point with two Gigabit Ethernet ports and PoE
support.
Hardware highlights:
- CPU: QCA9550 SoC at 720MHz
- RAM: 256MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: QCA9550-internal radio
- Wi-Fi 5GHz: QCA9880 PCIe WLAN SoC
- Ethernet 1: 10/100/1000 Mbps Ethernet through Broadcom B50612E PHY
- Ethernet 2: 10/100/1000 Mbps Ethernet through Marvell 88E1510 PHY
- PoE: input through Ethernet 1 port
- Standalone 12V/2A power input
- Serial console externally available through RJ45 port
- External watchdog: SGM706 (1.6s timeout)
Serial console:
9600n8 (9600 baud, no stop bits, no parity, 8 data bits)
MAC addresses:
Each device has 32 consecutive MAC addresses allocated by
the vendor, which don't overlap between devices.
This was confirmed with multiple devices with consecutive
serial numbers.
The MAC address range starts with the address on the label.
To be able to distinguish between the interfaces,
the following MAC address scheme is used:
- eth0 = label MAC
- eth1 = label MAC + 1
- radio0 (Wi-Fi 5GHz) = label MAC + 2
- radio1 (Wi-Fi 2.4GHz) = label MAC + 3
Installation:
0. Connect some sort of RJ45-to-USB adapter to "Console" port of the AP
1. Power up the AP
2. At prompt "Press f or F to stop Auto-Boot in 3 seconds",
do what they say.
Log in with default admin password "admin@huawei.com".
3. Boot the OpenWrt initramfs from TFTP using the hidden script
"run ramboot". Replace IP address as needed:
> setenv serverip 192.168.1.10
> setenv ipaddr 192.168.1.1
> setenv rambootfile
openwrt-ath79-generic-huawei_ap5030dn-initramfs-kernel.bin
> saveenv
> run ramboot
4. Optional but recommended as the factory firmware cannot
be downloaded publicly:
Back up contents of "firmware" partition using the web interface or ssh:
$ ssh root@192.168.1.1 cat /dev/mtd11 > huawei_ap5030dn_fw_backup.bin
5. Run sysupgrade using sysupgrade image. OpenWrt
shall boot from flash afterwards.
Return to factory firmware (using firmware upgrade package downloaded from
non-public Huawei website):
1. Start a TFTP server in the directory where
the firmware upgrade package is located
2. Boot to u-boot as described above
3. Install firmware upgrade package and format the config partitions:
> update system FatAP5X30XN_SOMEVERSION.bin
> format_fs
Return to factory firmware (from previously created backup):
1. Copy over the firmware partition backup to /tmp,
for example using scp
2. Use sysupgrade with force to restore the backup:
sysupgrade -F huawei_ap5030dn_fw_backup.bin
3. Boot AP to U-Boot as described above
Quirks and known issues
-----------------------
- On initial power-up, the Huawei-modified bootloader suspends both
ethernet PHYs (it sets the "Power Down" bit in the MII control
register). Unfortunately, at the time of the initial port, the kernel
driver for the B50612E/BCM54612E PHY behind eth0 doesn't have a resume
callback defined which would clear this bit. This makes the PHY unusable
since it remains suspended forever. This is why the backported kernel
patches in this commit are required which add this callback and for
completeness also a suspend callback.
- The stock firmware has a semi dual boot concept where the primary
kernel uses a squashfs as root partition and the secondary kernel uses
an initramfs. This dual boot concept is circumvented on purpose to gain
more flash space and since the stock firmware's flash layout isn't
compatible with mtdsplit.
- The external watchdog's timeout of 1.6s is very hard to satisfy
during bootup. This is why the GPIO15 pin connected to the watchdog input
is configured directly in the LZMA loader to output the CPU_CLK/4 signal
which keeps the watchdog happy until the wdt-gpio kernel driver takes
over. Because it would also take too long to read the whole kernel image
from flash, the uImage header only includes the loader which then reads
the kernel image from flash after GPIO15 is configured.
Signed-off-by: Marco von Rosenberg <marcovr@selfnet.de>
[fixed 6.6 backport patch naming]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 06cdc07f8c)
52144f723bec pex: after receiving data update req, notify peer of local address/port
29aacb9386e0 pex: track indirect hosts (reachable via gateway) as peers without adding them to wg
48049524d4fc pex: do not send peer notifications for hosts with a gateway
12ac684ee22a pex: do not query for hosts with a gateway
203c88857354 pex: fix endian issues on config transfer
a29d45c71bca network: fix endian issue in converting port to network id
cbbe9d337a17 unet-cli: emit id by default
806457664ab6 unet-cli: strip initial newline in usage message
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a112ed4126)
This adds support for the Iomega ix4-200d device in uboot-envtools.
Signed-off-by: Sander van Deijck <sander@vandeijck.com>
(cherry picked from commit 2cfe86d383)
These two patches are fixing minor problems with DNSSEC found shortly
after the dnsmasq 2.90 release.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 28c87d7ecd)
dnsmasq was recently updated to 2.90, but PKG_RELEASE was not reset to 1.
Fixes: 838a27f64f ("dnsmasq: version 2.90")
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 694e647784)
Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).
Catch up our 200-ubus_dns.patch, too.
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
(cherry picked from commit 838a27f64f)
If the dnsmasq process forks to handle TCP connections, it closes the ubus
context. But instead of changing the daemon wide pointer to NULL, only the
local variable was adjusted - and this portion of the code was even dropped
(dead store) by some optimizing compilers.
It makes more sense to change the daemon->ubus pointer because various
functions are already checking it for NULL. It is also the behavior which
ubus_destroy() implements.
Fixes: d8b33dad0b ("dnsmasq: add support for monitoring and modifying dns lookup results via ubus")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 711dcb7763)
Debian changelog:
intel-microcode (3.20240312.1) unstable; urgency=medium
* New upstream microcode datafile 20240312 (closes: #1066108)
- Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
Protection mechanism failure of bus lock regulator for some Intel
Processors may allow an unauthenticated user to potentially enable
denial of service via network access.
- Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
Non-transparent sharing of return predictor targets between contexts in
some Intel Processors may allow an authorized user to potentially
enable information disclosure via local access. Affects SGX as well.
- Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
Information exposure through microarchitectural state after transient
execution from some register files for some Intel Atom Processors and
E-cores of Intel Core Processors may allow an authenticated user to
potentially enable information disclosure via local access. Enhances
VERW instruction to clear stale register buffers. Affects SGX as well.
Requires kernel update to be effective.
- Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
Processors when using Intel SGX or Intel TDX may allow a privileged
user to potentially enable escalation of privilege via local access.
NOTE: effective only when loaded by firmware. Allows SMM firmware to
attack SGX/TDX.
- Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
Incorrect calculation in microcode keying mechanism for some Intel
Xeon D Processors with Intel SGX may allow a privileged user to
potentially enable information disclosure via local access.
* Fixes for other unspecified functional issues on many processors
* Updated microcodes:
sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
* New microcodes:
sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
* source: update symlinks to reflect id of the latest release, 20240312
* changelog, debian/changelog: fix typos
-- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 12 Mar 2024 20:28:17 -0300
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7b911a9c49)
The ubootmod bootlaoder for EX5601-T0 uses two partitions
in ubi to store enviroment variables. so proper config
is needed.
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit 2a0805fd3d)
Flash procedure is described in next commit.
TLDR:
Copy preloader and uboot to /tmp and write them in the mtd.
This will also require new UBI partition and
volumes to boot openwrt.
mtd write /tmp/openwrt-mediatek-filogic-zyxel_ex5601-t0-ubootmod-preloader.bin bl2
mtd write /tmp/openwrt-mediatek-filogic-zyxel_ex5601-t0-ubootmod-bl31-uboot.fip fip
Changelist:
- Added profile for 4k+256 SPI NAND_TYPE
- Added basic Zyxel EX5601-T0 uboot profile
Backported from hitech95 branch:
- Button RESET pin fix
- Button WPS pin fix
Signed-off-by: Valerio 'ftp21' Mancini <ftp21@ftp21.eu>
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit a9cf87027e)
dsmark support was removed in kernel 5.15.150 and 6.1.80. Remove it from
the kmod package as well
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit bd6b37f463)
It was announced [1] that the original staging repositories are no longer
used for staging of new firmware binaries. And that the old repository will
be removed [2] in June 2024.
The ath11k-firmware package must therefore point to the new repository
before the old one is no longer accessible.
[1] https://lore.kernel.org/r/bac97f31-4a70-4c4c-8179-4ede0b32f869@quicinc.com
[2] 8d2cc160f3
Signed-off-by: Sven Eckelmann <sven@narfation.org>
802.11r can not be used when selecting WPA. It needs at least WPA2.
This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.
Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit cdc4c55175)
When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit e2f6bfb833)
Fixes: https://github.com/openwrt/luci/issues/6930
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The dependency can't be satisfied when building using the SDK, breaking
package builds. As the staging and bin dirs are distributed with the SDK
archive, ignoring the dependency is fine when SDK is set.
Fixes: fbb924abff ("build: add $(STAGING_DIR) and $(BIN_DIR) ...")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 2b46cbef81)
In a pristine build, these directories are created as dependencies of
the tools subdir compile, however this step never runs when the tools
compile stamp already exists. Since commit ed6ba2801c ("tools: keep
stamp file in $(STAGING_DIR_HOST)"), this will happen after `make clean`:
$(STAGING_DIR) has been deleted, but the tools stamp still exists, so
the next build will fail because $(STAGING_DIR) has not been set up
correctly.
Fix builds after `make clean` by adding the preparation as dependencies
for the target and package directories as well.
Fixes: ed6ba2801c ("tools: keep stamp file in $(STAGING_DIR_HOST)")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit fbb924abff)
asterisk-chan-lantiq is by now the only user of the VMMC interface.
And asterisk runs as user 'asterisk' which doesn't give it permission
to open the /dev/vmmc* devices.
Introduce a new user group 'vmmc' and give permission to access the
/dev/vmmc* devices to that group.
Another commit for asterisk-chan-lantiq will add the 'asterisk' user
to that group.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 37bbed6f95)
Synchronize the ath11k backports with upstream linux.
Most of them are changes in kernel 6.5, the rest are
fixes for the ath11k_pci. The most important one is
"Revert 'wifi: ath11k: Enable threaded NAPI'", which
fixes the problem that QCN9074 cannot be used after
restarting on the x86 platform.
[ 23.462718] ath11k_pci 0000:02:00.0: failed to vdev 0 create peer for AP: -110
[ 28.503020] ath11k_pci 0000:02:00.0: Timeout in receiving vdev delete response
Changes to ipq8074 coldboot part pick from commit
b33bfcf ("mac80211: ath11k: sync with ath-next").
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5df7a78e82)
Fix netifd hostapd.sh selection of FILS-SHA384 algorithm with eap-192.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 472312f83f)
Backport merged upstream patch that adds support for firmware loader
from NVMEM or attached filesystem for Aquantia PHYs.
Refresh all kernel patches affected by this change.
Also update the path for aquantia .ko that got moved to dedicated
directory upstream.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
[rmilecki: port to 5.15]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1b3259eb5c)
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.
Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 2b4941a6f1)
The maintainer and repository of wireless-regdb has changed.
https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/
Changes:
37dcea0 wireless-regdb: Update keys and maintainer information
9e0aee6 wireless-regdb: Makefile: Reproducible signatures
8c784a1 wireless-regdb: Update regulatory rules for China (CN)
149c709 wireless-regdb: Update regulatory rules for Japan (JP) for December 2023
bd69898 wireless-regdb: Update regulatory rules for Singapore (SG) for September 2023
d695bf2 wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)
4541300 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit b463737826)
Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]
* Fixed PKCS12 Decoding crashes
([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07
([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q parameter
value ([CVE-2023-5678])
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 44cd90c49a)
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:
* Timing side channel in private key RSA operations (CVE-2024-23170)
Mbed TLS is vulnerable to a timing side channel in private key RSA
operations. This side channel could be sufficient for an attacker to
recover the plaintext. A local attacker or a remote attacker who is
close to the victim on the network might have precise enough timing
measurements to exploit this. It requires the attacker to send a large
number of messages for decryption.
* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)
When writing x509 extensions we failed to validate inputs passed in to
mbedtls_x509_set_extension(), which could result in an integer overflow,
causing a zero-length buffer to be allocated to hold the extension. The
extension would then be copied into the buffer, causing a heap buffer
overflow.
Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
(cherry picked from commit 920414ca88)
Use postinst script to reload service instead of uci-defaults hack. It's
possible thanks to recent base-files change that executes postinst after
uci-defaults.
This fixes support for uhttpd customizations. It's possible (again) to
adjust uhttpd config with custom uci-defaults before it gets started.
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: d25d281fd6 ("uhttpd: Reload config after uhttpd-mod-ubus was added")
Ref: b799dd3c70 ("base-files: execute package's "postinst" after executing uci-defaults")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1f11a4e283)
Allow "postinst" scripts to perform extra actions after applying all
kind of fixups implemented using uci-defaults.
This is needed e.g. by uhttpd-mod-ubus which after installation in a
running systems needs to:
1. Update uhttpd config using its uci-defaults script
2. Reload uhttpd
While this approach makes sense there is a risk it'll blow up some
corner case postinst usages. There is only 1 way to find out.
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b799dd3c70)
raspberrypi/firmware is about 40G, so getting the full history log isn't an
option.
There have been multiple improvements and also support for the RPi 5 has been
added.
(cherry picked from commit e8f5581701)
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This is the last update for bcm27xx-userland as it has been
deprecated but funcional up to raspberry pi 5.
96a7334 README: Update to make it clear that most code in this repo is deprecated
3c97f76 userland: dtoverlay: /boot/firmware is a valid path
153a235 Assorted clang static analysis fixes
eca070c bcm_host: Update kms/fkms check for pi5
06a7618 dtoverlay: Support bcm2712 as a platform
0489c07 dtoverlay: Add dtoverlay_first/next_subnode
a1c7f81 dtoverlay: Support literal assignments of path strings
44a3953 raspivid: Also flush PTS file if flush is enabled
cc1ca18 userland: dtoverlay: Use os_prefix if set
9d5250f libfdt: Add null-ptr check for prop-data to resolve clang --analyzer warning
50527c6 mmal: Only include Videocore components if not running on Videocore
df245ea tvservice: Update unsupported message to recommend kmsprint
de0cfe8 dtoverlay: Fix clang warnings
0182f05 dtoverlay: Fix various compiler warnings
2a6306b dtoverlay: Fix path rebasing and exports
d1e92d7 dtoverlay: Add support for string escape sequences
b1ee39e gencmd: Add a fallback to mailbox interface if vchiq is not available
54fd97a hello_pi: Fix some build issues
Signed-off-by: Marty Jones <mj8263788@gmail.com>
(cherry picked from commit 3df664101a)
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(based on support for ASUS RT-AX59U by liushiyou006)
SOC: MediaTek MT7986
RAM: 512MB DDR4
FLASH: 128MB SPI-NAND (Winbond W25N01GV)
WIFI: Mediatek MT7986 DBDC 802.11ax 2.4/5 GHz
ETH: MediaTek MT7531 Switch
UART: 3V3 115200 8N1 (Pinout silkscreened / Do not connect VCC)
Upgrade from AsusWRT to OpenWRT using UART
Download the OpenWrt initramfs image.
Copy the image to a TFTP server reachable at 192.168.1.70/24. Rename the image to rtax59u.bin.
Connect the PC with TFTP server to the RT-AX59U.
Set a static ip on the ethernet interface of your PC.
(ip address: 192.168.1.70, subnet mask:255.255.255.0)
Conect to the serial console, interrupt the autoboot process by pressing '4' when prompted.
Download & Boot the OpenWrt initramfs image.
$ setenv ipaddr 192.168.1.1
$ setenv serverip 192.168.1.70
$ tftpboot 0x46000000 rtax59u.bin
$ bootm 0x46000000
Wait for OpenWrt to boot. Transfer the sysupgrade image to the device using scp and install using sysupgrade.
$ sysupgrade -n <path-to-sysupgrade.bin>
Upgrade from AsusWRT to OpenWRT using WebUI
Download transit TRX file from https://drive.google.com/drive/folders/1A20QdjK7Udagu31FSszpWAk8-cGlCwsq
Upgrade firmware from WebUI (192.168.50.1) using downloaded TRX file
Wait for OpenWRT to boot (192.168.1.1).
Upgrade system with sysupgrade image using luci or uploading it through scp and executing sysupgrade command
MAC Address for WLAN 5g is not following the same algorithm as in AsusWRT.
We have increased by one the WLAN 5g to avoid collisions with other networks from WLAN 2g
when bit 28 is already set.
: Stock : OpenWrt
WLAN 2g (1) : C8:xx:xx:0D:xx:D4 : C8:xx:xx:0D:xx:D4
WLAN 2g (2) : : CA:xx:xx:0D:xx:D4
WLAN 2g (3) : : CE:xx:xx:0D:xx:D4
WLAN 5g (1) : CA:xx:xx:1D:xx:D4 : CA:xx:xx:1D:xx:D5
WLAN 5g (2) : : CE:xx:xx:1D:xx:D5
WLAN 5g (3) : : C2:xx:xx:1D:xx:D5
WLAN 2g (1) : 08:xx:xx:76:xx:BE : 08:xx:xx:76:xx:BE
WLAN 2g (2) : : 0A:xx:xx:76:xx:BE
WLAN 2g (3) : : 0E:xx:xx:76:xx:BE
WLAN 5g (1) : 0A:xx:xx:76:xx:BE : 0A:xx:xx:76:xx:BF
WLAN 5g (2) : : 0E:xx:xx:76:xx:BF
WLAN 5g (3) : : 02:xx:xx:76:xx:BF
Signed-off-by: Xavier Franquet <xavier@franquet.es>
(cherry picked from commit 782eb05008)
[Upstream Backport]
The range for the 5 GHz channel 118 was encoded with an incorrect
channel number.
Fixes: ed8e13decc71 (ACS: Extract bw40/80/160 freqs out of acs_usable_bwXXX_chan())
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 56d7887917)
Frequent crashes have been observed on MT7916 based platforms. While the
root of these crashes are currently unknown, they happen when decoding
rate information of connected STAs in AP mode. The rate-information is
associated with a band which is not available on the PHY.
Check for this condition in order to avoid crashing the whole system.
This patch should be removed once the roout cause has been found and
fixed.
Link: https://github.com/freifunk-gluon/gluon/issues/2980
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 1278d47bea)
This prevents min_tx_power from functioning properly in some circumstances.
Add the missing newline.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
(cherry picked from commit 6ca8752a9c)
Rostelecom RT-FE-1A is a wireless WiFi 5 router manufactured by Sercomm
company.
Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB
Flash: 128 MiB
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7615E): a/n/ac, 4x4
Ethernet: 5x GbE (WAN, LAN1, LAN2, LAN3, LAN4)
USB ports: No
Button: 2 buttons (Reset & WPS)
LEDs:
- 1x Power (green, unmanaged)
- 1x Status (green, gpio)
- 1x 2.4G (green, hardware, mt76-phy0)
- 1x 2.4G (blue, gpio)
- 1x 5G (green, hardware, mt76-phy1)
- 1x 5G (blue, gpio)
- 5x Ethernet (green, hardware, 4x LAN & WAN)
Power: 12 VDC, 1.5 A
Connector type: barrel
Bootloader: U-Boot
Installation
-----------------
1. Login to the router web interface (default http://192.168.0.1/)
under "admin" account
2. Navigate to Settings -> Configuration -> Save to Computer
3. Decode the configuration. For example, using cfgtool.py tool (see
related section):
cfgtool.py -u configurationBackup.cfg
4. Open configurationBackup.xml and find the following block:
<OBJECT name="User." type="object" writable="1" encryption="0" >
<OBJECT name="1." type="object" writable="1" encryption="0" >
<PARAMETER name="Password" type="string" value="<some value>" writable="1" encryption="1" password="1" />
</OBJECT>
5. Replace <some value> by a new superadmin password and add a line
which enabling superadmin login after. For example, the block after
the changes:
<OBJECT name="User." type="object" writable="1" encryption="0" >
<OBJECT name="1." type="object" writable="1" encryption="0" >
<PARAMETER name="Password" type="string" value="s0meP@ss" writable="1" encryption="1" password="1" />
<PARAMETER name="Enable" type="boolean" value="1" writable="1" encryption="0"/>
</OBJECT>
6. Encode the configuration. For example, using cfgtool.py tool:
cfgtool.py -p configurationBackup.xml
7. Upload the changed configuration (configurationBackup_changed.cfg) to
the router
8. Login to the router web interface (superadmin:xxxxxxxxxx, where
xxxxxxxxxx is a new password from the p.5)
9. Enable SSH access to the router (Settings -> Access control -> SSH)
10. Connect to the router using SSH shell using superadmin account
11. Run in SSH shell:
sh
12. Make a mtd backup (optional, see related section)
13. Change bootflag to Sercomm1 and reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
reboot
14. Login to the router web interface under admin account
15. Remove dots from the OpenWrt factory image filename
16. Update firmware via web using OpenWrt factory image
Revert to stock
---------------
Change bootflag to Sercomm1 in OpenWrt CLI and then reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
mtd backup
----------
1. Set up a tftp server (e.g. tftpd64 for windows)
2. Connect to a router using SSH shell and run the following commands:
cd /tmp
for i in 0 1 2 3 4 5 6 7 8 9; do nanddump -f mtd$i /dev/mtd$i; \
tftp -l mtd$i -p 192.168.0.2; md5sum mtd$i >> mtd.md5; rm mtd$i; done
tftp -l mtd.md5 -p 192.168.0.2
MAC Addresses
-------------
+-----+------------+---------+
| use | address | example |
+-----+------------+---------+
| LAN | label | f4:*:66 |
| WAN | label + 11 | f4:*:71 |
| 2g | label + 2 | f4:*:68 |
| 5g | label + 3 | f4:*:69 |
+-----+------------+---------+
The label MAC address was found in Factory, 0x21000
cfgtool.py
----------
A tool for decoding and encoding Sercomm configs.
Link: https://github.com/r3d5ky/sercomm_cfg_unpacker
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
(cherry picked from commit f3cdc9f988)
fast-xmit must only be enabled after the sta has been uploaded to the driver,
otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls
to the driver, leading to potential crashes because of uninitialized drv_priv
data.
Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 438a97fab6)
c739dee0a37b system-linux: refresh MAC address on DSA port conduit change
8587c074f1eb interface-ip: fix IPv4 route target masking
33d6c261aacb system-linux: fix bogus debug error messages on adding bridge members
0832e8f04778 wireless: add bridge_isolate option
5ca7a9058e98 bridge: fix reload on bridge vlan changes
be4ffb3b78bc bridge: rework config change pvid handling
923c4370a1d4 system-linux: set master early on apply settings
b9442415c785 system-linux: skip refreshing MAC on master change if custom MAC
b635a09cdadf system-linux: set pending to 0 on ifindex found or error for if_get_master
2bbe49c36224 device: Log error message if device initialization failed
2703f740a23e Revert "system-linux: set pending to 0 on ifindex found or error for if_get_master"
9cb0cb418303 system-linux: fix race condition in netlink socket error handing
c18cc79d5000 device: restore cleared flags on device down
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Increasing the receive window size improves throughout on higher-latency
links such as WAN connections. The current default of 24KB caps out at
around 500 KB/s.
Increasing the receive buffer to 256KB increases the throughput to at
least 11 MB/s.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f95eecfb21)
Adds the 2 required firmware files for MT7922 chips.
Signed-off-by: Daniel Danzberger <dd@embedd.com>
(cherry picked from commit 9eecf49053)
Signed-off-by: Anya Lin <hukk1996@gmail.com>
Fix typo calling lua53 instead of lua5.3 for Package Default definition.
This cause only missing description of the package and doesn't cause
any build regression.
Fixes: c52ca08d40 ("lua5.3: build shared library")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 25e215c14e)
Specifications:
SoC: MediaTek MT7981B
RAM: 1024MiB
Flash: SPI-NAND 128 MiB
Switch: 1 WAN, 4 LAN (Gigabit)
USB: two M.2 slots for 5G modems via USB 3.0 hub, external USB 3.0 port
Buttons: Reset, Mesh
Power: DC 12V 1A
WiFi: MT7976CN
UART: 115200n8
UART Layout:
VCC-RX-TX-GND
Installation:
A. Through OpenWrt Dashboard:
If your router comes with OpenWrt preinstalled (modified by the seller),
you can easily upgrade by going to the dashboard (192.168.1.1) and then
navigate to System -> Backup/Flash firmware, then flash the firmware
B. Through TFTP
Standard installation via UART:
1. Connect USB Serial Adapter to the UART, (NOTE: Don't connect the VCC pin).
2. Power on the router. Make sure that you can access your router via UART.
3. Restart the router then repeatedly press ctrl + c to skip default boot.
4. Type > bootmenu
5. Press '2' to select upgrade firmware
6. Press 'Y' on 'Run image after upgrading?'
7. Press '0' and hit 'enter' to select TFTP client (default)
8. Fill the U-Boot's IP address and TFTP server's IP address.
9. Finally, enter the 'firmware' filename.
Based on patch adding support for similar Zbtlink ZBT-Z8103AX device by
Ian Ishmael C. Oderon.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c8c2f52262)
The vendor uboot will verify firmware at boot.
So add a custom uboot build for this device.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit b42c527228)
Let ucode-mod-* packages select the ucode interpreter instead of depending
on it to avoid recursive dependency chains in unrelated packages.
Fixes: https://github.com/openwrt/packages/issues/22837
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 01d1c1ad29)
The mt76 driver usually reads the eeprom on the mtd partition at dts.
For emmc device we need to use caldata_extract script to read the
eeprom. However, the default eeprom file breaks the caldata script
execution, so remove it.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit e3aa645b26)
**Hardware specification:**
- SoC: MediaTek MT7981B 2x A53
- Flash: ESMT F50L1G41LB 128MB
- RAM: Nanya NT5CC128M16JR-EK 256MB
- Ethernet: 4 x 10/100/1000 Mbps
- Switch: MediaTek MT7531AE
- WiFi: MediaTek MT7976C
- Button: Reset, Mesh
- Power: DC 12V 1A
- UART: 3.3v, 115200n8
| Layout: |
| :-------- |
| <Antenna> |
| VCC |
| GND |
| Tx |
| Rx |
**Flash instructions:**
1. Rename `openwrt-mediatek-filogic-cetron_ct3003-squashfs-factory.bin` to `factory.bin`.
2. Upload the `factory.bin` using the device's Web interface.
3. Click the upgrade button and wait for the process to finish.
4. Access the OpenWrt interface using the same password.
5. Use the 'Restore' function to reset the firmware to its initial state.
**Notes:**
If you plan to recovery the stock firmware in the future, it's advisable
to connect the device via the serial port and enter failsafe mode to
back up all the MTD partitions before proceeding the steps above.
Signed-off-by: Patricia Lee <patricialee320@gmail.com>
(cherry picked from commit 907e9e0bd3)
Telenor quirks
--------------
The operator specific firmware running on the Telenor branded
ZyXEL EX5700 includes U-Boot modifications affecting the OpenWrt
installation.
Notable changes to U-Boot include
- environment is stored in RAM and reset to defaults when power
cycled
- dual partition scheme with "nomimal" or "rescue" systems, falling
back to "rescue" unless the OS signals success in 3 attempts
- several runtime additions to the device-tree
Some of these modifications have side effects requiring workarounds
- U-Boot modifies /chosen/bootargs in an unsafe manner, and will crash
unless this node exists
- U-Boot verifies that the selected rootfs UBI volume exists, and
refuses to boot if it doesn't. The chosen "rootfs" volume must contain
a squashfs signature even for tftp or initramfs booting.
- U-Boot parses the "factoryparams" UBI volume, setting the "ethaddr"
variable to the label mac. But "factoryparams" does not always
exist. Instead there is a "RIP" volume containing all the factory
data. Copying the "RIP" volume to "factoryparams" will fix this
Hardware
--------
SOC: MediaTek MT7986
RAM: 1GB DDR4
FLASH: 512MB SPI-NAND (Mikron xxx)
WIFI: Mediatek MT7986 802.11ax 5 GHz
Mediatek MT7916 DBDC 802.11ax 2.4 + 6 GHz
ETH: MediaTek MT7531 Switch + SoC
3 x builtin 1G phy (lan1, lan2, lan3)
2 x MaxLinear GPY211C 2.5 N-Base-T phy (lan4, wan)
USB: 1 x USB 3.2 Enhanced SuperSpeed port
UART: 3V3 115200 8N1 (Pinout: GND KEY RX TX VCC)
Installation
------------
1. Download the OpenWrt initramfs image. Copy the image to a TFTP server
reachable at 192.168.1.2/24. Rename the image to C0A80101.img.
2. Connect the TFTP server to lan1, lan2 or lan3. Connect to the serial
console, Interrupt the autoboot process by pressing ESC when prompted.
3. Download and boot the OpenWrt initramfs image.
$ env set uboot_bootcount 0
$ env set firmware nominal
$ tftpboot
$ bootm
4. Wait for OpenWrt to boot. Transfer the sysupgrade image to the device
using scp and install using sysupgrade.
$ sysupgrade -n <path-to-sysupgrade.bin>
Missing features
----------------
- The "lan1", "lan2" and "lan3" port LEDs are driven by the switch but
OpenWrt does not correctly configure the output.
- The "lan4" and "wan" port LEDs are driven by the GPH211C phys and
not configured by OpenWrt.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit 6cc14bf66a)
The 'label' property in led node has been deprecated and we'd better
to avoid using it. This patch allows us to extract DT OF LED name
from the newly introduced LED properties "color", "function" and
"function-enumerator".
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit e814acc599)
1d42292d8063 tplink-safeloader: Add TP-Link Archer A6 V3.20
3338f5389d72 tplink-safeloader: add TL-WPA8635P v3
17ca5eeb1c10 tplink-safeloader: add TL-WPA8631P v4
f730ad2fa0b4 bcmblob: new tool for reading Broadcom's BLOBs
cb1ddac98124 firmware-utils: fix typo in error message when no OpenSSL library found
916633160dc9 bcmclm: new tool for reading Broadcom's CLM data
a2d49fb1e188 tplink-safeloader: add RU support-list entry for Archer C6U v1
bb12cf5c3fa9 tplink-safeloader: Add support for TP-Link Deco M5 The special_id values are the same for EU and Asian models, and they apply to all models: v1, v2, and v3. They are not sorted as they are currently in the same order as extracted from the official firmware image.
9e2de8515be1 tplink-safeloader: add EAP610 v3 and EAP613 v1
a170683c0e11 firmware-utils: fix use of NULL string progname
89875fc18b57 tplink-safeloader: CPE510: add Canadian support
9e211d2980fe mktplinkfw2: add support to extract bootloader images
c18f662f3c74 mktplinkfw2: add support to pack bootloader
3dc133915f87 mktplinkfw2: show exact exceed bytes when the image is to big
d16ff798d58a tplink-safeloader: WPA8631: add v4 AU, US
0fa1cc51013f zytrx: add LTE5398-M904
635466123429 firmware-utils: ptgen: add SiFive GPT partition support
ba5bc4e1ae9d add dlink-sge-image for D-Link devices by SGE
3b114de29cf7 lxlfw: move code opening LXL to helper function
8e149e480391 lxlfw: move code copying data to helper function
16fa89076122 lxlfw: fix struct lxl_hdr attribute
d770cab82e58 lxlfw: support embedding blobs
eaf2ea28dbe6 lxlfw: support extracting image
12bf1a99bd6e lxlfw: support certificate & signature blobs
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b117e7244f)
It's required by bcm53xx. This allows dropping separated oseama package
and avoids some code duplication.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1d9d0ca376)
Some of firmware utils may be required on target devices. It's useful
e.g. for dealing with some firmware formats. That is often required
(supporting specific format) to provide an option to revert to original
firmware.
So far we had packaged "otrx" util only for use on Broadcom targets.
Refactor that to package the whole firmware-utils project so we can
package any single util needed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 24d6abe2d7)
A previous commit supposed to mask out excess host bits in route targets
failed to correctly calculate the mask value, causing it to produce
improper results for certain mask lengths.
Fixes: https://github.com/openwrt/netifd/issues/17
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add configuration to access U-Boot environment on MeiG SLT866.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f8414f1a6f)
eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d45d72a6da)
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1714087442)
0352a33 uloop: support new interval and signal APIs
1468cc4 syntax: don't treat `as` and `from` as reserved keywords
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 551963662b)
Refresh patches for hostapd using make package/hostapd/refresh.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 05e516b12d)
Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never
permitted.
This is probably due to the complexity of setting periodic check for the
intolerant bit. When noscan option is set, we ignore the presence of the
intoleran bit in near AP, so we can enable 40MHz and ignore any complex
logic for checking.
Fixes: #13112
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6c9ac57d58)
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b1c7b1bd67)
noscan option for mesh was broken and actually never applied.
This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1b5ea2e199)
noscan option was changed to hostapd_noscan but the entry in
wpa_supplicant was never updated resulting in the noscan option actually
never set.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1070fbce6e)
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.*
-rw-r--r-- 1 root root 749 Nov 6 23:14 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 23:14 /etc/uhttpd.key
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6aad5ab099)
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r-- 1 root root 519 Nov 6 22:58 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 22:58 /etc/uhttpd.key
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 929c9a58c9)
Apply them directly using nl80211 after setting up the interface.
Use the same method in wdev.uc as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 531314260d)
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 41d7439af5)
Hardware specification:
SoC: MediaTek MT7981B 2x A53
Flash: 64GB eMMC or 128 MB SPI-NAND
RAM: 512MB
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976C
Button: Reset, Mesh
Power: DC 12V 1A
- UART: 3.3v, 115200n8
--------------------------
| Layout |
| ----------------- |
| 4 | GND TX VCC RX | <= |
| ----------------- |
--------------------------
Gain SSH access:
1. Login into web interface, and download the configuration.
2. Enter fakeroot, decompress the configuration:
tar -zxf cfg_export_config_file.conf
3. Edit 'etc/config/dropbear', set 'enable' to '1'.
4. Edit 'etc/shadow', update (remove) root password:
'root::19523:0:99999:7:::'
5. Repack 'etc' directory:
tar -zcf cfg_export_config_file.conf etc/
* If you find an error about 'etc/wireless/mediatek/DBDC_card0.dat',
just ignore it.
6. Upload new configuration via web interface, now you can SSH to RAX3000M.
Check stroage type:
Check the label on the back of the device:
"CH EC CMIIT ID: xxxx" is eMMC version
"CH CMIIT ID: xxxx" is NAND version
eMMC Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'factory' part.
('data' partition can be ignored, it's useless.)
2. Write new GPT table:
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-gpt.bin of=/dev/mmcblk0 bs=512 seek=0 count=34 conv=fsync
3. Erase and write new BL2:
echo 0 > /sys/block/mmcblk0boot0/force_ro
dd if=/dev/zero of=/dev/mmcblk0boot0 bs=512 count=8192 conv=fsync
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-preloader.bin of=/dev/mmcblk0boot0 bs=512 conv=fsync
4. Erase and write new FIP:
dd if=/dev/zero of=/dev/mmcblk0 bs=512 seek=13312 count=8192 conv=fsync
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-bl31-uboot.fip of=/dev/mmcblk0 bs=512 seek=13312 conv=fsync
5. Set static IP on your PC:
IP 192.168.1.254, GW 192.168.1.1
6. Serve OpenWrt initramfs image using TFTP server.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt has booted, perform sysupgrade.
9. Additionally, if you want to have eMMC recovery boot feature:
(Don't worry! You will always have TFTP recovery boot feature.)
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb of=/dev/mmcblk0p4 bs=512 conv=fsync
NAND Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'Factory' part.
2. Erase and write new BL2:
mtd erase BL2
mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-preloader.bin BL2
3. Erase and write new FIP:
mtd erase FIP
mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-bl31-uboot.fip FIP
4. Set static IP on your PC:
IP 192.168.1.254, GW 192.168.1.1
5. Serve OpenWrt initramfs image using TFTP server.
6. Cut off the power and re-engage, wait for TFTP recovery to complete.
7. After OpenWrt has booted, erase UBI volumes:
ubidetach -p /dev/mtd0
ubiformat -y /dev/mtd0
ubiattach -p /dev/mtd0
8. Create new ubootenv volumes:
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Additionally, if you want to have NAND recovery boot feature:
(Don't worry! You will always have TFTP recovery boot feature.)
ubimkvol /dev/ubi0 -n 2 -N recovery -s 20MiB
ubiupdatevol /dev/ubi0_2 openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb
10. Perform sysupgrade.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 423186d7d8)
[rebased to 23.05]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The OEM U-Boot uses dual boot and signature verification which does not
support by OpenWrt. So add a custom U-Boot build for OpenWrt.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit fddd735dd5)
Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110
This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk
Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3c17cdbc36)
Some packages (like wavemon >= 0.9.4) depend on libnl-cli. Add support
for this part of the lib. libnl-cli itself depends on libnl-genl and
libnl-nf. On MIPS, this component adds 81kB.
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(punctuation correction and reorganisation of commit message)
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 4bdd1c1a13)
d8118f6 config: make sure timer is not on the timeouts list before freeing
4bbc6e7 add hostsfile output in addition to statefile
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 0221b86032)
With patch 101-03-spi-mtk_spim-get-spi-clk-rate-only-once.patch
a new system to calculate the SPI clocks has been added.
Unfortunately, the do_div macro overrides the global
priv->pll_clk_rate field. This will cause to have a reduced
clock rate on each subsequent SPI call.
Signed-off-by: Valerio 'ftp21' Mancini <ftp21@ftp21.eu>
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit 8849ccb995)
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl/ath11k
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.
The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.
Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
Bug-Debian: https://bugs.debian.org/1004524
Bug-ArchLinux: https://bugs.archlinux.org/task/73495
Upstream-Status: Changes Requested [https://patchwork.ozlabs.org/project/hostap/patch/20220130192200.10883-1-mail@david-bauer.net]
Reported-by: Étienne Morice <neon.emorice@mail.com>
Tested-by: Étienne Morice <neon.emorice@mail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 6dca88aa4a)
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.
So lets add support for CycloneDX SBOM for packages and images
manifests.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d604a07225)
Remove ABI version, since its format is not accepted by the linker.
Enable rpath to avoid clash with system libraries
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 5eb8a21ba5)
It must read the entire image for previous code of 'imsz' or 'imszb'.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Suggested-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 3bbc1d5fba)
Improve and package builds for various boot media configurations of the
MediaTek MT7981 reference board.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 8428bed15d)
When adding builds for MT7981 the related Makefile sections for MT7986
have apparently been copied, but in one instance the rename from 7986 to
7981 has been omitted. Fix that now.
Fixes: 602cb4f325 ("arm-trusted-firmware-mediatek: add build for MT7981 DDR3")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit be6e257fe6)
The code for hostapd-mbedtls did not work when used for OWE association.
When handling association requests, the buffer offsets and length
assumptions were incorrect, leading to never calculating the y point,
thus denying association.
Also when crafting the association response, the buffer contained the
trailing key-type.
Fix up both issues to adhere to the specification and make
hostapd-mbedtls work with the OWE security type.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 39341f422f)
This fixes building with USE_LTO enabled.
<artificial>:(.text+0xc22): relocation R_MIPS16_26 against `libxt_DNAT_init' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol printf
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 5dbdf3bb3a)
This fixes building with USE_LTO enabled.
<artificial>:(.text+0xcc8): relocation R_MIPS16_26 against `luaL_argerror' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol strcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 246b97b607)
This fixes building with USE_LTO enabled.
<artificial>:(.text+0x4194): relocation R_MIPS16_26 against `cil_printf.lto_priv.0' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol memcmp
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 1925a183a3)
This fixes building with USE_LTO enabled:
<artificial>:(.text.exit+0x6e): relocation R_MIPS16_26 against `pthread_key_delete' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol stpcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 2a33d26d21)
This fixes building with USE_LTO enabled.
<artificial>:(.text+0x400c): relocation R_MIPS16_26 against `iwinfo_close' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol strcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit fbacc5ae52)
Currently the zram default compressor choice is displayed whether or not
zram is activated. Since the default choice is lzo-rle, this adds a
false dependency on kmod-lib-lzo.
With this patch, the choice options appear only when activating zram.
Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit 62ada26de2)
Commit 572ea68070 ("uboot-mediatek: add patches for MT7988 and
builds for RFB") renamed HSGMII to 2500basex, but forgot to update
the dts of Redmi Router AX6000, makes the network unusable.
This patch makes the network usable again.
Fixes: #13724
Fixes: 572ea68070 ("uboot-mediatek: add patches for MT7988 and builds for RFB")
Signed-off-by: Furong Xu <xfr@outlook.com>
(cherry picked from commit 03987d2d11)
479c7f8676d9 cache: make record/hostname lookup case-insensitive
26c97a5a50bf ubus: add a browse flag for suppressing cached ip addresses
c286c51a9bd9 Fix AVL tree traversal in cache_record_find and cache_host_is_known
4035fe42df58 interface: use a global socket instead of per-interface ones
c63d465698c7 cache: dump hostname target from srv records
b42b22152d73 use hostname from SRV record to look up IP addresses
d45c443aa1e6 ubus: add array flag support for the hosts method
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3e1ac00ccb)
c8c9f10 uim: fix help formatting
aac0776 uqmi: add APN profile commands
ffc5eea uim: support SIM card power-up/down
d6c963d uim: add application state to SIM status
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 0da74dbb45)
Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e4ebc7b566)
1) clear nvram partialboots upon successful boot
This behavior is already defined for EA9500; enabled for EA9200 too.
2) fix MAC address in board.d/02_network
Use the correct nvram variable to derive lan/wan MAC address.
Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit 9c42d23c5f)
The ucidef_set_network_device_* functions in uci-defaults.sh disagree
on whether to use "network-device" or "network_device" in board.json.
With the additional caveat that jshn will translate hyphens (-) into
underscores (_). This casues problems in netifd which expected
"network_device" causing boards which depend on assigning MACs in
board.json via uci-defaults.sh (or jshn in general) to fail.
This commit addresses the issue by using network_device in
uci-defaults.sh.
The bug was uncovered in the forums here:
https://forum.openwrt.org/t/support-for-rtl838x-based-managed-switches/57875/2596
This was exposed by commit 4ebba8a05d ("realtek: add support for HPE
1920-8g-poe+") where the board_config_load call from 03_gpio introduced
the key normalization by jshn.
Fixes: 9290539ca9 ("base-files: allow setting device and bridge macs")
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Michael 'ASAP' Weinrich <michael@a5ap.net>
[ improve commit title, description and fix wrong Tested-by tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 12bc79d6d5)
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi
supports a timeout parameter. Unfortunately qmi.sh didn't make use of
this parameter. So qmi.sh is now invoking an early dummy access to
unlock the modem
Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
(cherry picked from commit 32a696f9e4)
Add missing PKG_MIRROR_HASH. This is always needed as is used to
generate and use a tar instead of git clone and validate the hash of it.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit a181b9f0f9)
Recent hostapd changes just edited the ucode files. It is required to
bump the PKG_RELEASE to include the newest changes in the latest builds.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 91d2ead3c3)
If the full interface is restarted while bringing up an AP, it can trigger a
wpa_supplicant interface start before wpa_supplicant is notified of the
allocated mac addresses.
Fix this by moving the iface_update_supplicant_macaddr call to just after
the point where mac addresses are allocated.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit abceef120d)
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Ensure that the iface disable in uc_hostapd_iface_start also clears the ACS
state.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f1bb528ae7)
Changes between 3.0.10 and 3.0.11 [19 Sep 2023]
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows. ([CVE-2023-4807])
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit bfd54529fa)
This is needed for ksh/bash style process substitution such as
<(command) and >(command) which was introduced in ash as of busybox
version 1.34.0 to work.
Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
(cherry picked from commit fdce970dbb)
Changes:
9dc0800 wireless-regdb: Update regulatory rules for Philippines (PH)
111ba89 wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines
ae1421f wireless-regdb: Update regulatory info for Türkiye (TR)
20e5b73 wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
991b1ef wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 0e13363de6)
The ZTE MF287 requires a different board calibration file for ath10k than
the ZTE MF287+. The two devices receive their own DTS, thus the device tree
is slightly refactored.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 9c7578d560)
The patch refresh accidentally moved the hostapd_ucode_free_iface call to
the wrong function
Fixes: e9722aef9e ("hostapd: fix a crash when disabling an interface during channel list update")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3a5ad6e3d7)
Some users have their routers configured to supply a DHCP range that
includes the local interface address.
That worked with dnsmasq because it automatically skips the local
address.
Re-enable those existing configurations for the release and hint at
possible future problems.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ wrap commit description and remove unecessary text ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Allow grace period for DFS available after shutting down beacons on the channel
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 16889141d9)
Without it, a lot of authentication modes fail without obvious error messages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 560965d582)
db3934d2f740 scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support
Support the following values for the different WPA3 Enterprise modes:
- wpa3-mixed: WPA3 Enterprise transitional mode
This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
This uses only GCMP-256 ciphers
Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8c03dc962f)
WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b63df6ce5d)
Use the SHA384 variant to account for longer keys with more security
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f0d1349b52)
077e05f2b129 vlan/vlandev: pass through extra vlan information passed via hotplug
40fad91eb5be wireless: add network_vlan config attribute
1571e18e4a69 bridge: add support for configuring extra tagged vlans on member devices
b719f189f243 bridge: make hotplug-added vlans default to tagged
edf3aced9f9a bridge: add support for adding vlan ranges via hotplug
493e1589bc8b bridge: fix coverity false positive report
03a619947717 bridge: add support for configuring extra vlans for the bridge itself
4bea6d21a9ab wireless: fix changing reconf/serialize options in configuration
255b4d5c472e wireless: fix handling config reload with reconf=1
1ab992a74b43 wireless: fix another reconf issue
e94f7a81a039 bridge: fix config reload on 32 bit systems
8c2758b4fbbb wireless: add support for replacing data blobs at runtime
0ff22a6a68ce wireless: enable dynamic reconfiguration by default
4711f74479e2 netifd: fix disabling radio via config if reconf is being used
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 09fd59938b)
This significantly improves config reload behavior and also fixes some
corner cases related to running AP + mesh interfaces at the same time.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Arm platforms with the right hardware blocks (such as
GICv3.0+ interrupt controller and SMMU/IOMMU) are
able to use vfio-pci to pass through PCI devices
to a VM.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 9ac01aac0a)
The vfio module only exposes the enable_unsafe_noiommu_mode parameter
if CONFIG_VFIO_NOIOMMU is enabled. When it isn't, the module
will complain about an unknown parameter:
vfio: unknown parameter 'enable_unsafe_noiommu_mode' ignored
As CONFIG_VFIO_NOIOMMU is disabled by the module package,
we can remove the module loading parameter.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 7ad8612a23)
vhost-net is used to accelerate traffic to virtualisation
guests that use the virtio-net network card in QEMU.
Generally it is invoked by specifying "vhost=on" to a
QEMU -netdev device:
qemu-system-aarch64 -nographic -M virt -cpu host \
--enable-kvm -bios u-boot.bin -smp 1 -m 2048 \
-drive file=openwrt-armsr-armv8.img,format=raw,index=0,media=disk \
-device "virtio-net,netdev=landev,disable-legacy=off,disable-modern=off" \
-netdev "tap,id=landev,helper=/usr/lib/qemu-bridge-helper --br=br-lan,vhost=on"
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit d188db8aed)
Add 2 seconds sleep after each forcibly killed/tried-to-kill process
in the final process termination loop in sysupgrade stage2.
This is needed especially for qualcommax/ipq807x, where ath11k
wireless driver may have a long 10-20 seconds delay after termination
before actually getting killed. This often breaks sysupgrade.
The current KILL loop in kill_remaining does all 10 kill attempts
consecutively without any delay, as evidenced here in a failing sysupgrade.
It does not allow any time for the process to finalize its internal
termination.
Sat Sep 2 19:05:56 EEST 2023 upgrade: Sending TERM to remaining processes ...
Sat Sep 2 19:05:56 EEST 2023 upgrade: Sending signal TERM to hostapd (2122)
Sat Sep 2 19:05:56 EEST 2023 upgrade: Sending signal TERM to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending KILL to remaining processes ...
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2122)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Failed to kill all processes.
sysupgrade aborted with return code: 256
The change in this commit adds a 2 seconds delay after each kill attempt
in order to allow some processes to more gracefully handle their
internal termination.
The result is like this:
Sun Sep 3 11:15:10 EEST 2023 upgrade: Sending TERM to remaining processes ...
Sun Sep 3 11:15:10 EEST 2023 upgrade: Sending signal TERM to hostapd (2309)
Sun Sep 3 11:15:10 EEST 2023 upgrade: Sending signal TERM to hostapd (2324)
Sun Sep 3 11:15:14 EEST 2023 upgrade: Sending KILL to remaining processes ...
Sun Sep 3 11:15:14 EEST 2023 upgrade: Sending signal KILL to hostapd (2309)
[ 699.827521] br-lan: port 7(hn5wpa2r) entered disabled state
[ 699.908673] device hn5wpa2r left promiscuous mode
[ 699.908721] br-lan: port 7(hn5wpa2r) entered disabled state
[ 701.038029] br-lan: port 6(hn5wpa3) entered disabled state
Sun Sep 3 11:15:16 EEST 2023 upgrade: Sending signal KILL to hostapd (2324)
[ 702.058256] br-lan: port 5(hn2wlan) entered disabled state
[ 709.250063] stage2 (8237): drop_caches: 3
Sun Sep 3 11:15:25 EEST 2023 upgrade: Switching to ramdisk...
The delay introduced here only kicks in if there is some process that
does not get terminated by the first TERM call. Then there is at least
one 2 sec wait after the first KILL loop round.
This commit is related to discussion in PRs #12235 and #12632
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 47d56ae546)
With recent updates of TF-A the previously already fixed bug slipped
back into the source tree. Again, reorder bl2 init for MT7622 and
initialize WDT only after DRAM init has completed to avoid the
notorious hang.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 948ad2ec7a)
Sync SPI-NAND/ECC controller driver for MT7622, MT7981, MT7986 and MT7988:
* Platform data for MT7981 was actually missing and is now added.
* Add support for Winbond W25N01KV 1Gbit chip.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9725524235)
During the channel scanning process, the driver will continuously
switch channels. It seems that the full RF calibration step in
rt2800_config_channel() caused the channel scanning function to
timeout. To fix it, move the RF calibration to rt2800_enable_radio()
so that it is only executed once. This commit also includes some
coding format adjustments to follow the Linux recommended style.
Fixes: 2824fa6963 ("mac80211: rework MT7620 PA/LNA RF calibration")
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit ce6ad123e7)
This patch makes some improvements to the MT7620 RF calibration.
1. Move MT7620 PA/LNA calibration code to dedicated functions.
2. Restore RF and BBP registers before R-Calibration.
3. Do Rx DCOC calibration again before RXIQ calibration.
4. Use SoC specific AGC initial LNA value.
5. Correct MAC_RX_EN mask in rt2800_r_calibration()[1].
[1] This change may fix the "BBP/RF register access failed" error:
ieee80211 phy0: rt2800_wait_bbp_rf_ready: Error - BBP/RF register access failed, aborting
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 2824fa6963)
Always enable built-in 2.5G PHY on MT7988 for now, so that it can be
used. In future it would be nice to be able to switch power and MDIO
access via address 0 at run-time in Linux, both, to be able to use
external PHYs at address 0 and to reduce power consumption on systems
not using the built-in 2.5G PHY.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 33046d2a47)
The U-Boot build for the MT7988 reference board booting from SD card
wrongly depended on the 'ddr4' variant of the ARM TrustedFirmware-A build
even though the 'comb' variant is used. Fix that dependency.
Fixes: 572ea68070 ("uboot-mediatek: add patches for MT7988 and builds for RFB")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 78e3adcaf9)
While the v2 is nearly identical to v1, v3 uses a different PHY and
needs a different build for Ethernet to work in U-Boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit fff4441135)
Select many potentially useful options for the MT7988 RFB U-Boot builds.
The resulting loader is intended as a development tool and intends to be
generic. It does *not* have a default bootcmd set, but allows to boot
pretty much everything, including EFI executables.
To install this U-Boot build to the eMMC:
opkg install mmc-utils partx-utils
mmc bootpart enable 1 1 /dev/mmcblk0
echo 0 > /sys/block/mmcblk0boot0/force_ro
dd if=*mediatek_mt7988a-rfb-nand-emmc-preloader.bin of=/dev/mmcblk0boot0
dd if=*mediatek_mt7988a-rfb-nand-emmc-gpt.bin of=/dev/mmcblk0
partx -a /dev/mmcblk0
dd if=*mediatek_mt7988a-rfb-nand-emmc-bl31-uboot.fip of=/dev/mmcblk0p3
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 1d5778e18d)
7aefb47 jitterentropy-rngd: update to the v1.2.0
What's interesting about jitterentropy-rngd v1.2.0 release is that it
bumps its copy of jitterentropy-library from v2.2.0 to the v3.0.0. That
bump includes a relevant commit 3130cd9 ("replace LSFR with SHA-3 256").
When initializing entropy jent calculates time delta. Time values are
obtained using clock_gettime() + CLOCK_REALTIME. There is no guarantee
from CLOCK_REALTIME of unique values and slow devices often return
duplicated ones.
A switch from jent_lfsr_time() to jent_hash_time() resulted in many less
cases of zero delta and avoids ECOARSETIME.
Long story short: on some system this fixes:
[ 6.722725] urngd: jent-rng init failed, err: 2
This is important change for BCM53573 which doesn't include hwrng and
seems to have arch_timer running at 36,8 Hz.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c74b5e09e6)
This reverts commit 23953cfa5a.
01837 seems to be having multiple issues, one being broken multicast so
lets revert to the last version that was better for the stable branch.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Fix compatible string to match what is supported upstream, fix alignment
and order MTD partitions according to offset.
Signed-off-by: Stefan Agner <stefan@agner.ch>
(cherry picked from commit 4af06aaf33)
Commit e978072baaca ("Do prune_association only after the STA is
authorized") causes issues when an STA roams from one interface to
another interface on the same PHY. The mt7915 driver is not able to
handle this properly. While the commits fixes a DoS, there are other
devices and drivers with the same limitation, so revert to the orginal
behavior for now, until we have a better solution in place.
Fixes: #13156
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 324673914d)
