Commit Graph

20665 Commits

Author SHA1 Message Date
Felix Fietkau
5c4c9ae059 mt76: update to the latest version
b5d13611d35e mt76: mt7915: fix monitor mode issues
bbbac7deee3d wifi: mt76: rename mt76_packet_id_init/flush to mt76_wcid_init/cleanup
f1e1e67d97d1 wifi: mt76: fix race condition related to checking tx queue fill status
b3f739a64e6b wifi: mt76: mt7996: add eht rx rate support
ca4917062f17 wifi: mt76: mt76x0: remove dead code in mt76x0_phy_get_target_power
325a0c493199 wifi: mt76: mt7996: fill txd by host driver
cd371fcc98d4 mt76: mt7996: sync with upstream
d71f8d1b172b wifi: mt76: use atomic iface iteration for pre-TBTT work
8d5ea32d4895 wifi: mt76: remove unused error path in mt76_connac_tx_complete_skb
01860c02c505 wifi: mt76: add DMA mapping error check in mt76_alloc_txwi()
62ddb6d46a97 wifi: mt76: connac: introduce helper for mt7925 chipset
0837f37e998b wifi: mt76: mt792x: support mt7925 chip init
899ff378082b wifi: mt76: connac: export functions for mt7925
c3858b5bf347 wifi: mt76: connac: add eht support for phy mode config
5df6b26a9fc5 wifi: mt76: connac: add eht support for tx power
a8081345c636 wifi: mt76: connac: add data field in struct tlv
9b38aebecf78 wifi: mt76: connac: add more unified command IDs
84984e6dc87d wifi: mt76: connac: add more unified event IDs
6fe92398c9ce wifi: mt76: mt7996: set correct wcid in txp
2cfe2fb0bb80 wifi: mt76: mt7996: fix beamform mcu cmd configuration
e512241bb5bb wifi: mt76: mt7996: fix beamformee ss subfield in EHT PHY cap
719a98f832c7 wifi: mt76: mt7996: fix wmm queue mapping
9723562f2a5b wifi: mt76: mt7996: fix rx rate report for CBW320-2
1bb5a6a54943 wifi: mt76: mt7996: fix TWT command format
751b054891f6 wifi: mt76: mt7996: only set vif teardown cmds at remove interface
fea1e10c7741 wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask()
d497ee8aa2f5 wifi: mt76: mt7996: support per-band LED control
8ccc84111141 wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code
161f70217edf wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023)
7d25bfc3f0cc wifi: mt76: fix clang-specific fortify warnings
5971aa968401 wifi: mt76: connac: add MBSSID support for mt7996
5a47dd323be1 wifi: mt76: update beacon size limitation
d5b4b81dcc9e wifi: mt76: check sta rx control frame to multibss capability
af0e1f6dafb5 wifi: mt76: fix potential memory leak of beacon commands
65d91a833b01 wifi: mt76: get rid of false alamrs of tx emission issues
29411e52059f wifi: mt76: fix per-band IEEE80211_CONF_MONITOR flag comparison
4da62774038a wifi: mt76: check vif type before reporting cca and csa
4a85678fe089 wifi: mt76: mt7915: update mpdu density capability
791a45cffadf wifi: mt76: mt7915: fix beamforming availability check
08e1e6cb7d41 wifi: mt76: Drop unnecessary error check for debugfs_create_dir()
d1881b1b2bf6 wifi: mt76: move struct ieee80211_chanctx_conf up to struct mt76_vif
66d5694e1898 wifi: mt76: mt7921: fix the wrong rate pickup for the chanctx driver
9fc37b0ac546 wifi: mt76: mt7921: fix the wrong rate selected in fw for the chanctx driver
2afc7285f75d wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit ef8e2f66f5)
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-05-08 13:39:34 +02:00
Rosen Penev
507f9439e7 lua: fix CVE-2014-5461
Patch taken from Debian.

Refresh patches

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 78b0106f7d)
2024-04-30 23:46:11 +02:00
Christian Marangi
2541ff391f
procd: make mDNS TXT record parsing more solid
mDNS broadcast can't accept empty TXT record and would fail
registration.

Current procd_add_mdns_service checks only if the first passed arg is
empty but don't make any verification on the other args permittins
insertion of empty values in TXT record.

Example:

	procd_add_mdns "blah" \
				"tcp" "50" \
				"1" \
				"" \
				"3"

Produce:

{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "", "3" ] } }

The middle empty TXT record should never be included as it's empty.

This can happen with scripts that make fragile parsing and include
variables even if they are empty.

Prevent this and make the TXT record more solid by checking every
provided TXT record and include only the non-empty ones.

The fixed JSON is the following:

{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "3" ] } }

Fixes: b0d9dcf84d ("procd: update to latest git HEAD")
Reported-by: Paul Donald <newtwen@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15331
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 4b04304713)
2024-04-29 23:30:04 +02:00
Petr Štetiar
8695bc3442
Revert "uboot-mediatek: fix build on Mac OS X"
This reverts commit 997ff740dc.
78cbd5apick as it should be fixed in commit 78cbd5a57e11 ("tools: macOS:
types.h: fix missing unsigned types").

References: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f691830307)
2024-04-27 06:53:23 +00:00
Petr Štetiar
c19f5076a5
Revert "uboot-sunxi: add missing type __u64"
This reverts commit 3cc57ba462 as it
should be fixed in commit 78cbd5a57e11 ("tools: macOS: types.h: fix
missing unsigned types").

References: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit bc47613cf0)
2024-04-27 06:53:22 +00:00
Rafał Miłecki
c69482a912 mac80211: backport ieee80211_set_sband_iftype_data()
It's needed by some drivers, e.g. mt7925, see:
mt7925/main.c:264:9: error: implicit declaration of function '_ieee80211_set_sband_iftype_data' [-Werror=implicit-function-declaration]

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-04-26 11:37:07 +02:00
Rafał Miłecki
17501f822f mac80211: backport ieee80211_vif_is_mld()
It's needed by some drivers, e.g. mt7925, see:
mt7925/mcu.c:2181:23: error: implicit declaration of function 'ieee80211_vif_is_mld' [-Werror=implicit-function-declaration]

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-04-26 11:37:07 +02:00
Christian Marangi
afb5fdd79a
netifd: packet-steering: silence error on applying queue mask
Some queues can't be tweaked and return -ENOENT if it's not multiqueue.

Silence any error from echo to produce a more clean bootlog.

Fixes: #12095
Suggested-by: Andris PE <neandris@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-18 12:43:06 +02:00
CheWei Chien
726d4be297
kernel: add kmod-leds-lp5562 and kmod-leds-lp55xx-common
Add kernel module for lp5562 LED driver.
The kmod-leds-lp5562 depends on kmod-leds-lp55xx-common.

Signed-off-by: CheWei Chien <chewei.chien@wnc.com.tw>
(cherry picked from commit b33fa6ac90)
2024-04-17 10:43:54 +00:00
Felix Fietkau
11d88dee1c kernel: backport upstream mediatek WED changes
Reorder and update existing patches

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 6407ef8d2b)
[rmilecki: rebase & fix mt76 compilation]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-04-09 08:48:08 +02:00
Rafał Miłecki
afe2ddf827 mac80211: backport some upstream EHT patches
Those changes are needed by Wi-Fi 7 drivers.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-04-09 08:48:08 +02:00
Marco von Rosenberg
f314debd4f ath79: add support for Huawei AP5030DN
Huawei AP5030DN is a dual-band, dual-radio 802.11ac Wave 1 3x3 MIMO
enterprise access point with two Gigabit Ethernet ports and PoE
support.

Hardware highlights:
- CPU: QCA9550 SoC at 720MHz
- RAM: 256MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: QCA9550-internal radio
- Wi-Fi 5GHz: QCA9880 PCIe WLAN SoC
- Ethernet 1: 10/100/1000 Mbps Ethernet through Broadcom B50612E PHY
- Ethernet 2: 10/100/1000 Mbps Ethernet through Marvell 88E1510 PHY
- PoE: input through Ethernet 1 port
- Standalone 12V/2A power input
- Serial console externally available through RJ45 port
- External watchdog: SGM706 (1.6s timeout)

Serial console:
  9600n8 (9600 baud, no stop bits, no parity, 8 data bits)

MAC addresses:
  Each device has 32 consecutive MAC addresses allocated by
  the vendor, which don't overlap between devices.
  This was confirmed with multiple devices with consecutive
  serial numbers.
  The MAC address range starts with the address on the label.
  To be able to distinguish between the interfaces,
  the following MAC address scheme is used:
    - eth0 = label MAC
    - eth1 = label MAC + 1
    - radio0 (Wi-Fi 5GHz) = label MAC + 2
    - radio1 (Wi-Fi 2.4GHz) = label MAC + 3

Installation:
0. Connect some sort of RJ45-to-USB adapter to "Console" port of the AP

1. Power up the AP

2. At prompt "Press f or F  to stop Auto-Boot in 3 seconds",
   do what they say.
   Log in with default admin password "admin@huawei.com".

3. Boot the OpenWrt initramfs from TFTP using the hidden script
   "run ramboot". Replace IP address as needed:

   > setenv serverip 192.168.1.10
   > setenv ipaddr 192.168.1.1
   > setenv rambootfile
     openwrt-ath79-generic-huawei_ap5030dn-initramfs-kernel.bin
   > saveenv
   > run ramboot

4. Optional but recommended as the factory firmware cannot
   be downloaded publicly:
   Back up contents of "firmware" partition using the web interface or ssh:

   $ ssh root@192.168.1.1 cat /dev/mtd11 > huawei_ap5030dn_fw_backup.bin

5. Run sysupgrade using sysupgrade image. OpenWrt
   shall boot from flash afterwards.

Return to factory firmware (using firmware upgrade package downloaded from
non-public Huawei website):
1. Start a TFTP server in the directory where
   the firmware upgrade package is located

2. Boot to u-boot as described above

3. Install firmware upgrade package and format the config partitions:

   > update system FatAP5X30XN_SOMEVERSION.bin
   > format_fs

Return to factory firmware (from previously created backup):
1. Copy over the firmware partition backup to /tmp,
   for example using scp

2. Use sysupgrade with force to restore the backup:
   sysupgrade -F huawei_ap5030dn_fw_backup.bin

3. Boot AP to U-Boot as described above

Quirks and known issues
-----------------------

- On initial power-up, the Huawei-modified bootloader suspends both
ethernet PHYs (it sets the "Power Down" bit in the MII control
register). Unfortunately, at the time of the initial port, the kernel
driver for the B50612E/BCM54612E PHY behind eth0 doesn't have a resume
callback defined which would clear this bit. This makes the PHY unusable
since it remains suspended forever. This is why the backported kernel
patches in this commit are required which add this callback and for
completeness also a suspend callback.

- The stock firmware has a semi dual boot concept where the primary
kernel uses a squashfs as root partition and the secondary kernel uses
an initramfs. This dual boot concept is circumvented on purpose to gain
more flash space and since the stock firmware's flash layout isn't
compatible with mtdsplit.

- The external watchdog's timeout of 1.6s is very hard to satisfy
during bootup. This is why the GPIO15 pin connected to the watchdog input
is configured directly in the LZMA loader to output the CPU_CLK/4 signal
which keeps the watchdog happy until the wdt-gpio kernel driver takes
over. Because it would also take too long to read the whole kernel image
from flash, the uImage header only includes the loader which then reads
the kernel image from flash after GPIO15 is configured.

Signed-off-by: Marco von Rosenberg <marcovr@selfnet.de>
[fixed 6.6 backport patch naming]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 06cdc07f8c)
2024-04-03 02:56:56 +02:00
Felix Fietkau
26548c4254 unetd: update to Git HEAD (2024-03-31)
52144f723bec pex: after receiving data update req, notify peer of local address/port
29aacb9386e0 pex: track indirect hosts (reachable via gateway) as peers without adding them to wg
48049524d4fc pex: do not send peer notifications for hosts with a gateway
12ac684ee22a pex: do not query for hosts with a gateway
203c88857354 pex: fix endian issues on config transfer
a29d45c71bca network: fix endian issue in converting port to network id
cbbe9d337a17 unet-cli: emit id by default
806457664ab6 unet-cli: strip initial newline in usage message

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a112ed4126)
2024-03-31 19:57:22 +02:00
Sander van Deijck
0a2047cf77 kirkwood: add ix4-200d support to uboot-envtools
This adds support for the Iomega ix4-200d device in uboot-envtools.

Signed-off-by: Sander van Deijck <sander@vandeijck.com>
(cherry picked from commit 2cfe86d383)
2024-03-23 14:58:33 +01:00
Hauke Mehrtens
2b61e258b4 OpenWrt v23.05.3: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-22 23:26:12 +01:00
Hauke Mehrtens
01170d518d OpenWrt v23.05.3: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-22 23:26:03 +01:00
Hauke Mehrtens
234f1a2efa mt76: Fix PKG_MIRROR_HASH
Fix the PKG_MIRROR_HASH after the last upgrade.

Fixes: 5ef41b1f91 ("mt76: update to latest HEAD")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-22 23:09:42 +01:00
David Bauer
5ef41b1f91 mt76: update to latest HEAD
f1e1e67d wifi: mt76: fix race condition related to checking tx queue fill status
bbbac7de wifi: mt76: rename mt76_packet_id_init/flush to mt76_wcid_init/cleanup
b5d13611 mt76: mt7915: fix monitor mode issues

Signed-off-by: David Bauer <mail@david-bauer.net>
2024-03-22 19:59:24 +01:00
Hauke Mehrtens
03a3a729ec dnsmasq: Backport 2 upstream patches
These two patches are fixing minor problems with DNSSEC found shortly
after the dnsmasq 2.90 release.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 28c87d7ecd)
2024-03-20 01:22:10 +01:00
Robert Marko
853b638f85 dnsmasq: reset PKG_RELEASE
dnsmasq was recently updated to 2.90, but PKG_RELEASE was not reset to 1.

Fixes: 838a27f64f ("dnsmasq: version 2.90")
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 694e647784)
2024-03-18 21:55:47 +01:00
Nathaniel Wesley Filardo
875822f283 dnsmasq: version 2.90
Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).

Catch up our 200-ubus_dns.patch, too.

Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
(cherry picked from commit 838a27f64f)
2024-03-18 21:55:47 +01:00
Sven Eckelmann
af22a169c1 dnsmasq: mark global ubus context as closed after fork
If the dnsmasq process forks to handle TCP connections, it closes the ubus
context. But instead of changing the daemon wide pointer to NULL, only the
local variable was adjusted - and this portion of the code was even dropped
(dead store) by some optimizing compilers.

It makes more sense to change the daemon->ubus pointer because various
functions are already checking it for NULL. It is also the behavior which
ubus_destroy() implements.

Fixes: d8b33dad0b ("dnsmasq: add support for monitoring and modifying dns lookup results via ubus")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 711dcb7763)
2024-03-18 21:55:47 +01:00
Christian Lamparter
100a5606d6 firmware: intel-microcode: update to 20240312
Debian changelog:

intel-microcode (3.20240312.1) unstable; urgency=medium

  * New upstream microcode datafile 20240312 (closes: #1066108)
    - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
      Protection mechanism failure of bus lock regulator for some Intel
      Processors may allow an unauthenticated user to potentially enable
      denial of service via network access.
    - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
      Non-transparent sharing of return predictor targets between contexts in
      some Intel Processors may allow an authorized user to potentially
      enable information disclosure via local access.  Affects SGX as well.
    - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
      Information exposure through microarchitectural state after transient
      execution from some register files for some Intel Atom Processors and
      E-cores of Intel Core Processors may allow an authenticated user to
      potentially enable information disclosure via local access.  Enhances
      VERW instruction to clear stale register buffers.  Affects SGX as well.
      Requires kernel update to be effective.
    - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
      Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
      Processors when using Intel SGX or Intel TDX may allow a privileged
      user to potentially enable escalation of privilege via local access.
      NOTE: effective only when loaded by firmware.  Allows SMM firmware to
      attack SGX/TDX.
    - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
      Incorrect calculation in microcode keying mechanism for some Intel
      Xeon D Processors with Intel SGX may allow a privileged user to
      potentially enable information disclosure via local access.
  * Fixes for other unspecified functional issues on many processors
  * Updated microcodes:
    sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
    sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
    sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
    sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
    sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
    sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
    sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
    sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
    sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
    sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
    sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
    sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
    sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
    sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
    sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
    sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
    sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
    sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
    sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
    sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
    sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
    sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
    sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
    sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
    sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
    sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
    sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
    sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
    sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
    sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
    sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
    sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
    sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
    sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
    sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
    sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
    sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
    sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
    sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
    sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
    sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
    sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
  * New microcodes:
    sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
    sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
    sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
    sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
  * source: update symlinks to reflect id of the latest release, 20240312
  * changelog, debian/changelog: fix typos

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 12 Mar 2024 20:28:17 -0300

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7b911a9c49)
2024-03-16 00:42:38 +01:00
Christian Lamparter
e0bae5e5fe firmware: intel-microcode: update to 20231114
Debian changelog:

intel-microcode (3.20231114.1) unstable; urgency=medium

  * New upstream microcode datafile 20231114 (closes: #1055962)
    Mitigations for "reptar", INTEL-SA-00950 (CVE-2023-23583)
    Sequence of processor instructions leads to unexpected behavior for some
    Intel(R) Processors, may allow an authenticated user to potentially enable
    escalation of privilege and/or information disclosure and/or denial of
    service via local access.
    Note: "retvar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen
    Core mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm
    0x01) were already mitigated by a previous microcode update.
  * Fixes for unspecified functional issues
  * Updated microcodes:
    sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008
    sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816
    sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664
    sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616
    sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304
    sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448
    sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416
    sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184
    sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208
    sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160
    sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430
    sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430
    sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760
    sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448
    sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944
    sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064
    sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c
    sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c
    sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192
  * Updated 2023-08-08 changelog entry:
    Mitigations for "retvar" on a few processors, refer to the 2023-11-14
    entry for details.  This information was disclosed in 2023-11-14.
  * source: update symlinks to reflect id of the latest release, 20231114

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 16 Nov 2023 08:09:43 -0300

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7241a91c94)
2024-03-16 00:42:38 +01:00
Konstantin Demin
6549a711be dropbear: cherry-pick upstream patches
critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)

various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels

adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit b5cde26048)
[Only add the patches fixing security problems]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stijn Segers <foss@volatilesystems.org>
2024-03-15 23:53:01 +01:00
Nicolò Veronese
02272df01c uboot-envtools: add support for Zyxel EX5601-T0 ubootmod
The ubootmod bootlaoder for EX5601-T0 uses two partitions
 in ubi to store enviroment variables. so proper config
 is needed.

Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit 2a0805fd3d)
2024-03-12 23:13:38 +01:00
Valerio 'ftp21' Mancini
401d8c7051 uboot-mediatek: add initial Zyxel EX5601-T0 support
Flash procedure is described in next commit.

TLDR:
Copy preloader and uboot to /tmp and write them in the mtd.
This will also require new UBI partition and
 volumes to boot openwrt.

mtd write /tmp/openwrt-mediatek-filogic-zyxel_ex5601-t0-ubootmod-preloader.bin bl2
mtd write /tmp/openwrt-mediatek-filogic-zyxel_ex5601-t0-ubootmod-bl31-uboot.fip fip

Changelist:
 - Added profile for 4k+256 SPI NAND_TYPE
 - Added basic Zyxel EX5601-T0 uboot profile

Backported from hitech95 branch:
 - Button RESET pin fix
 - Button WPS pin fix

Signed-off-by: Valerio 'ftp21' Mancini <ftp21@ftp21.eu>
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit a9cf87027e)
2024-03-12 22:58:06 +01:00
John Audia
3062b186bf kernel: Remove dsmark support
dsmark support was removed in kernel 5.15.150 and 6.1.80. Remove it from
the kmod package as well

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit bd6b37f463)
2024-03-08 11:28:10 +01:00
Petr Štetiar
0844937947
umdns: update to Git 7c675979 (2024-03-04)
Backport of single commit 9040335e102 ("interface: fix interface memory
corruption").

Fixes: openwrt/openwrt/issues/14120
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2024-03-08 07:56:44 +00:00
Sven Eckelmann
97f6a6bfaa ath11k-firmware: Move to new upstream repository for board-2.bin
It was announced [1] that the original staging repositories are no longer
used for staging of new firmware binaries. And that the old repository will
be removed [2] in June 2024.

The ath11k-firmware package must therefore point to the new repository
before the old one is no longer accessible.

[1] https://lore.kernel.org/r/bac97f31-4a70-4c4c-8179-4ede0b32f869@quicinc.com
[2] 8d2cc160f3

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2024-03-07 09:35:15 +01:00
Jesus Fernandez Manzano
503f78f91c hostapd: fix 11r defaults when using WPA
802.11r can not be used when selecting WPA. It needs at least WPA2.

This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.

Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit cdc4c55175)
2024-03-06 14:05:22 +01:00
Jesus Fernandez Manzano
e5a12edb88 hostapd: fix 11r defaults when using SAE
When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit e2f6bfb833)
Fixes: https://github.com/openwrt/luci/issues/6930
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-03-06 14:01:41 +01:00
Matthias Schiffer
a527b34390
build: do not depend on $(STAGING_DIR)/.prepared when in SDK
The dependency can't be satisfied when building using the SDK, breaking
package builds. As the staging and bin dirs are distributed with the SDK
archive, ignoring the dependency is fine when SDK is set.

Fixes: fbb924abff ("build: add $(STAGING_DIR) and $(BIN_DIR) ...")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 2b46cbef81)
2024-03-04 23:59:24 +01:00
Matthias Schiffer
81f8b93e36
build: add $(STAGING_DIR) and $(BIN_DIR) preparation to target and package subdir compile dependencies
In a pristine build, these directories are created as dependencies of
the tools subdir compile, however this step never runs when the tools
compile stamp already exists. Since commit ed6ba2801c ("tools: keep
stamp file in $(STAGING_DIR_HOST)"), this will happen after `make clean`:
$(STAGING_DIR) has been deleted, but the tools stamp still exists, so
the next build will fail because $(STAGING_DIR) has not been set up
correctly.

Fix builds after `make clean` by adding the preparation as dependencies
for the target and package directories as well.

Fixes: ed6ba2801c ("tools: keep stamp file in $(STAGING_DIR_HOST)")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit fbb924abff)
2024-03-03 23:17:03 +01:00
Daniel Golle
c8898f46f9 kernel: lantiq: ltq-vmmc: introduce user group for vmmc
asterisk-chan-lantiq is by now the only user of the VMMC interface.
And asterisk runs as user 'asterisk' which doesn't give it permission
to open the /dev/vmmc* devices.
Introduce a new user group 'vmmc' and give permission to access the
/dev/vmmc* devices to that group.
Another commit for asterisk-chan-lantiq will add the 'asterisk' user
to that group.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 37bbed6f95)
2024-03-03 16:18:02 +00:00
Chukun Pan
e94052bfee mac80211: ath11k: sync with upstream
Synchronize the ath11k backports with upstream linux.
Most of them are changes in kernel 6.5, the rest are
fixes for the ath11k_pci. The most important one is
"Revert 'wifi: ath11k: Enable threaded NAPI'", which
fixes the problem that QCN9074 cannot be used after
restarting on the x86 platform.

[   23.462718] ath11k_pci 0000:02:00.0: failed to vdev 0 create peer for AP: -110
[   28.503020] ath11k_pci 0000:02:00.0: Timeout in receiving vdev delete response

Changes to ipq8074 coldboot part pick from commit
b33bfcf ("mac80211: ath11k: sync with ath-next").

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2024-02-26 21:35:29 +01:00
Hauke Mehrtens
48c81b80b2 wifi-scripts: Support HE Iftypes with multiple entries
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
    HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5df7a78e82)
2024-02-22 22:18:42 +01:00
Eneas U de Queiroz
31ae9728ff
hostapd: fix FILS AKM selection with EAP-192
Fix netifd hostapd.sh selection of FILS-SHA384 algorithm with eap-192.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 472312f83f)
2024-02-17 11:41:01 -03:00
Christian Marangi
eda5930d43 generic: 5.15: backport upstream Aquantia PHY firmware loader patches
Backport merged upstream patch that adds support for firmware loader
from NVMEM or attached filesystem for Aquantia PHYs.

Refresh all kernel patches affected by this change.

Also update the path for aquantia .ko that got moved to dedicated
directory upstream.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
[rmilecki: port to 5.15]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1b3259eb5c)
2024-02-13 05:41:32 +01:00
Felix Fietkau
b79583c975 wifi-scripts: fix fullmac phy detection
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.

Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 2b4941a6f1)
2024-02-09 12:20:48 +01:00
Yuu Toriyama
c51d49ba39 wireless-regdb: update to 2024.01.23
The maintainer and repository of wireless-regdb has changed.
    https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/

Changes:
    37dcea0 wireless-regdb: Update keys and maintainer information
    9e0aee6 wireless-regdb: Makefile: Reproducible signatures
    8c784a1 wireless-regdb: Update regulatory rules for China (CN)
    149c709 wireless-regdb: Update regulatory rules for Japan (JP) for December 2023
    bd69898 wireless-regdb: Update regulatory rules for Singapore (SG) for September 2023
    d695bf2 wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)
    4541300 wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit b463737826)
2024-02-04 19:18:17 +01:00
Ivan Pavlov
aa762ada80 openssl: update to 3.0.13
Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]

  * Fixed PKCS12 Decoding crashes
    ([CVE-2024-0727])
  * Fixed Excessive time spent checking invalid RSA public keys
    ([CVE-2023-6237])
  * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
    CPUs which support PowerISA 2.07
    ([CVE-2023-6129])
  * Fix excessive time spent in DH check / generation with large Q parameter
    value ([CVE-2023-5678])

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 44cd90c49a)
2024-02-04 19:18:17 +01:00
Chad Monroe
9ee626f945 ucode: add libjson-c/host dependency
ensure host libjson-c is built prior to ucode

Signed-off-by: Chad Monroe <chad@monroe.io>
(cherry picked from commit 5a3f6c50ef)
2024-02-04 19:18:17 +01:00
orangepizza
b5c728948c
mbedtls: security bump to version 2.28.7
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:

* Timing side channel in private key RSA operations (CVE-2024-23170)

  Mbed TLS is vulnerable to a timing side channel in private key RSA
  operations. This side channel could be sufficient for an attacker to
  recover the plaintext. A local attacker or a remote attacker who is
  close to the victim on the network might have precise enough timing
  measurements to exploit this. It requires the attacker to send a large
  number of messages for decryption.

* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)

  When writing x509 extensions we failed to validate inputs passed in to
  mbedtls_x509_set_extension(), which could result in an integer overflow,
  causing a zero-length buffer to be allocated to hold the extension. The
  extension would then be copied into the buffer, causing a heap buffer
  overflow.

Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
(cherry picked from commit 920414ca88)
2024-01-29 09:41:19 +00:00
Rafał Miłecki
1ca61b7b37 uhttpd: handle reload after uhttpd-mod-ubus installation using postinst
Use postinst script to reload service instead of uci-defaults hack. It's
possible thanks to recent base-files change that executes postinst after
uci-defaults.

This fixes support for uhttpd customizations. It's possible (again) to
adjust uhttpd config with custom uci-defaults before it gets started.

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: d25d281fd6 ("uhttpd: Reload config after uhttpd-mod-ubus was added")
Ref: b799dd3c70 ("base-files: execute package's "postinst" after executing uci-defaults")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1f11a4e283)
2024-01-27 10:36:43 +01:00
Rafał Miłecki
6b7c4739c4 base-files: execute package's "postinst" after executing uci-defaults
Allow "postinst" scripts to perform extra actions after applying all
kind of fixups implemented using uci-defaults.

This is needed e.g. by uhttpd-mod-ubus which after installation in a
running systems needs to:
1. Update uhttpd config using its uci-defaults script
2. Reload uhttpd

While this approach makes sense there is a risk it'll blow up some
corner case postinst usages. There is only 1 way to find out.

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b799dd3c70)
2024-01-27 10:36:43 +01:00
Álvaro Fernández Rojas
1da896f706 bcm27xx-gpu-fw: update to latest version
raspberrypi/firmware is about 40G, so getting the full history log isn't an
option.
There have been multiple improvements and also support for the RPi 5 has been
added.

(cherry picked from commit e8f5581701)
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-01-26 12:13:36 +01:00
Marty Jones
e05659ef59 bcm27xx-userland: update to latest version
This is the last update for bcm27xx-userland as it has been
deprecated but funcional up to raspberry pi 5.

96a7334 README: Update to make it clear that most code in this repo is deprecated
3c97f76 userland: dtoverlay: /boot/firmware is a valid path
153a235 Assorted clang static analysis fixes
eca070c bcm_host: Update kms/fkms check for pi5
06a7618 dtoverlay: Support bcm2712 as a platform
0489c07 dtoverlay: Add dtoverlay_first/next_subnode
a1c7f81 dtoverlay: Support literal assignments of path strings
44a3953 raspivid: Also flush PTS file if flush is enabled
cc1ca18 userland: dtoverlay: Use os_prefix if set
9d5250f libfdt: Add null-ptr check for prop-data to resolve clang --analyzer warning
50527c6 mmal: Only include Videocore components if not running on Videocore
df245ea tvservice: Update unsupported message to recommend kmsprint
de0cfe8 dtoverlay: Fix clang warnings
0182f05 dtoverlay: Fix various compiler warnings
2a6306b dtoverlay: Fix path rebasing and exports
d1e92d7 dtoverlay: Add support for string escape sequences
b1ee39e gencmd: Add a fallback to mailbox interface if vchiq is not available
54fd97a hello_pi: Fix some build issues

Signed-off-by: Marty Jones <mj8263788@gmail.com>
(cherry picked from commit 3df664101a)
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-01-26 12:13:35 +01:00
Jo-Philipp Wich
78beef6aee jsonfilter: update to Git HEAD (2024-01-23)
013b75ab0598 jsonfilter: drop legacy json-c support
594cfa86469c main: fix spurious premature parse aborts in array mode

Fixes: https://bugs.openwrt.org/?task_id=3683
Fixes: https://github.com/openwrt/openwrt/issues/8703
Fixes: https://github.com/openwrt/openwrt/issues/11649
Fixes: https://github.com/openwrt/openwrt/issues/12344
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 33f15dd6d4)
2024-01-23 09:09:45 +01:00
Xavier Franquet
7338733dc9 mediatek: filogic: add support ASUS RT-AX59U
(based on support for ASUS RT-AX59U by liushiyou006)

SOC: MediaTek MT7986
RAM: 512MB DDR4
FLASH: 128MB SPI-NAND (Winbond W25N01GV)
WIFI: Mediatek MT7986 DBDC 802.11ax 2.4/5 GHz
ETH: MediaTek MT7531 Switch
UART: 3V3 115200 8N1 (Pinout silkscreened / Do not connect VCC)

Upgrade from AsusWRT to OpenWRT using UART

    Download the OpenWrt initramfs image.
    Copy the image to a TFTP server reachable at 192.168.1.70/24. Rename the image to rtax59u.bin.

    Connect the PC with TFTP server to the RT-AX59U.
    Set a static ip on the ethernet interface of your PC.
    (ip address: 192.168.1.70, subnet mask:255.255.255.0)
    Conect to the serial console, interrupt the autoboot process by pressing '4' when prompted.

    Download & Boot the OpenWrt initramfs image.

    $ setenv ipaddr 192.168.1.1
    $ setenv serverip 192.168.1.70
    $ tftpboot 0x46000000 rtax59u.bin
    $ bootm 0x46000000

    Wait for OpenWrt to boot. Transfer the sysupgrade image to the device using scp and install using sysupgrade.

    $ sysupgrade -n <path-to-sysupgrade.bin>

Upgrade from AsusWRT to OpenWRT using WebUI

    Download transit TRX file from https://drive.google.com/drive/folders/1A20QdjK7Udagu31FSszpWAk8-cGlCwsq

    Upgrade firmware from WebUI (192.168.50.1) using downloaded TRX file

    Wait for OpenWRT to boot (192.168.1.1).

    Upgrade system with sysupgrade image using luci or uploading it through scp and executing sysupgrade command

MAC Address for WLAN 5g is not following the same algorithm as in AsusWRT.
We have increased by one the WLAN 5g to avoid collisions with other networks from WLAN 2g
when bit 28 is already set.

              : Stock             : OpenWrt
  WLAN 2g (1) : C8:xx:xx:0D:xx:D4 : C8:xx:xx:0D:xx:D4
  WLAN 2g (2) :                   : CA:xx:xx:0D:xx:D4
  WLAN 2g (3) :                   : CE:xx:xx:0D:xx:D4
  WLAN 5g (1) : CA:xx:xx:1D:xx:D4 : CA:xx:xx:1D:xx:D5
  WLAN 5g (2) :                   : CE:xx:xx:1D:xx:D5
  WLAN 5g (3) :                   : C2:xx:xx:1D:xx:D5

  WLAN 2g (1) : 08:xx:xx:76:xx:BE : 08:xx:xx:76:xx:BE
  WLAN 2g (2) :                   : 0A:xx:xx:76:xx:BE
  WLAN 2g (3) :                   : 0E:xx:xx:76:xx:BE
  WLAN 5g (1) : 0A:xx:xx:76:xx:BE : 0A:xx:xx:76:xx:BF
  WLAN 5g (2) :                   : 0E:xx:xx:76:xx:BF
  WLAN 5g (3) :                   : 02:xx:xx:76:xx:BF

Signed-off-by: Xavier Franquet <xavier@franquet.es>
(cherry picked from commit 782eb05008)
2024-01-20 19:07:15 +01:00