Commit Graph

19218 Commits

Author SHA1 Message Date
Daniel Golle
7cd482662f
procd: update to git HEAD
6343c3a procd: completely remove tmp-on-zram support
 5c5e63f uxc: fix potential NULL-pointer dereference
 eb03f03 jail: include necessary files for per-netns netifd instance

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2c8873033e)
2022-04-15 14:12:04 +01:00
Daniel Golle
6fe3852d47
base-files: more robust sysupgrade on NAND
Make sure sysupgrade on NAND also works in case of UBI volumes having
index >9. While at it, also make sure UBI device is detected and abort
in case it isn't. Use Shell built-in shorthand ':' instead of 'true'.

Fixes #9708
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0dbca1b2ba)
2022-04-15 14:11:59 +01:00
Thibaut VARÈNE
321ec22f52 ath79: add support for Yuncore A930
Specification:

- QCA9533 (650 MHz), 64 or 128MB RAM, 16MB SPI NOR
- 2x 10/100 Mbps Ethernet, with 802.3at PoE support (WAN)
- 2T2R 802.11b/g/n 2.4GHz

Flash instructions:

If your device comes with generic QSDK based firmware, you can login
over telnet (login: root, empty password, default IP: 192.168.188.253),
issue first (important!) 'fw_setenv' command and then perform regular
upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download
image to the device, SSH server is not available):

  fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
  sysupgrade -n -F openwrt-...-yuncore_...-squashfs-sysupgrade.bin

In case your device runs firmware with YunCore custom GUI, you can use
U-Boot recovery mode:

1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with
   'tftp' image renamed to 'upgrade.bin'
2. Power the device with reset button pressed and release it after 5-7
   seconds, recovery mode should start downloading image from server
   (unfortunately, there is no visible indication that recovery got
   enabled - in case of problems check TFTP server logs)

Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit a05dcb0724)
2022-04-15 08:14:50 +02:00
Thibaut VARÈNE
708b883168 ath79: add support for Yuncore XD3200
Specification:

- QCA9563 (775MHz), 128MB RAM, 16MB SPI NOR
- 2T2R 802.11b/g/n 2.4GHz
- 2T2R 802.11n/ac 5GHz
- 2x 10/100/1000 Mbps Ethernet, with 802.3at PoE support (WAN port)

LED for 5 GHz WLAN is currently not supported as it is connected directly
to the QCA9882 radio chip.

Flash instructions:

If your device comes with generic QSDK based firmware, you can login
over telnet (login: root, empty password, default IP: 192.168.188.253),
issue first (important!) 'fw_setenv' command and then perform regular
upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download
image to the device, SSH server is not available):

  fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
  sysupgrade -n -F openwrt-...-yuncore_...-squashfs-sysupgrade.bin

In case your device runs firmware with YunCore custom GUI, you can use
U-Boot recovery mode:

1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with
   'tftp' image renamed to 'upgrade.bin'
2. Power the device with reset button pressed and release it after 5-7
   seconds, recovery mode should start downloading image from server
   (unfortunately, there is no visible indication that recovery got
   enabled - in case of problems check TFTP server logs)

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit c91df224f5)
2022-04-15 08:14:50 +02:00
Felix Fietkau
968c1dedc2 mac80211: backport minstrel_ht fix for legacy rates
Fixes OFDM rates on 5 GHz

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 5d5afd5177)
2022-04-12 09:34:07 +02:00
Rosen Penev
724a9bb3ea musl-fts: add host build
This will be used for libselinux.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 1fb099341e)
2022-04-11 23:17:55 +02:00
Eneas U de Queiroz
fb597a9d4c nftables: add CONFLICT between versions
Have nftables-json conflict with nftables-nojson.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 1135b75d1f)
2022-04-11 22:45:16 +02:00
Hauke Mehrtens
706c7706a3 mac80211: Update to version 5.15.33-1
This updates mac80211 to version 5.15.33-1 which is based on kernel
5.15.33.
The removed patches were applied upstream.

This new release contains many fixes which were merged into the upstream
Linux kernel.
This also contains the following new drivers which are needed for ath11k:
* net/qrtr/
* drivers/bus/mhi/

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3aa96efa24)
2022-04-11 22:44:17 +02:00
Eneas U de Queiroz
2393b09b59 wolfssl: bump to 5.2.0
Fixes two high-severity vulnerabilities:

- CVE-2022-25640: A TLS v1.3 server who requires mutual authentication
  can be bypassed.  If a malicious client does not send the
  certificate_verify message a client can connect without presenting a
  certificate even if the server requires one.

- CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS
  v1.3 server can have its certificate heck bypassed. If the sig_algo in
  the certificate_verify message is different than the certificate
  message checking may be bypassed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit e89f3e85eb)
2022-04-11 22:44:17 +02:00
Daniel Golle
1a2689a460 arm-trusted-firmware-mediatek: remove no longer needed Configure step
As anyway only the default is called now we can as well also just remove
the override for Build/Configure.

Fixes: e2cffbb805 ("arm-trusted-firmware-mediatek: update to 2021-03-10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit dffad93d3e)
2022-04-10 16:32:20 +01:00
Konstantin Demin
d118e57b35 dropbear: bump to 2022.82
- update dropbear to latest stable 2022.82;
  for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- use $(AUTORELEASE) in PKG_RELEASE
- use https for all uris
- refresh all patches
- rewrite patches:
  - 100-pubkey_path.patch
  - 130-ssh_ignore_x_args.patch

binary/pkg size changes:
- ath79/generic, mips:
  - binary: 215112 -> 219228 (+4116)
  - pkg: 111914 -> 113404 (+1490)
- ath79/tiny, mips:
  - binary: 172501 -> 172485 (-16)
  - pkg: 89871 -> 90904 (+1033)

Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit 65256aee23)
2022-04-10 16:26:01 +01:00
Nick Hainke
53c2874e07 libmnl: update to 1.0.5
Changes:

Duncan Roe (5):
      nlmsg: Fix a missing doxygen section trailer
      build: doc: "make" builds & installs a full set of man pages
      build: doc: get rid of the need for manual updating of Makefile
      build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
      src: doc: Fix messed-up Netlink message batch diagram

Fernando Fernandez Mancera (1):
      src: fix doxygen function documentation

Florian Westphal (1):
      libmnl: zero attribute padding

Guillaume Nault (1):
      callback: mark cb_ctl_array 'const' in mnl_cb_run2()

Kylie McClain (1):
      examples: nfct-daemon: Fix test building on musl libc

Laura Garcia Liebana (4):
      examples: add arp cache dump example
      examples: fix neigh max attributes
      examples: fix print line format
      examples: reduce LOCs during neigh attributes validation

Pablo Neira Ayuso (3):
      doxygen: remove EXPORT_SYMBOL from the output
      include: add MNL_SOCKET_DUMP_SIZE definition
      build: libmnl 1.0.5 release

Petr Vorel (1):
      examples: Add rtnl-addr-add.c

Stephen Hemminger (1):
      examples: rtnl-addr-dump: fix typo

igo95862 (1):
      doxygen: Fixed link to the git source tree on the website.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit c3b7389339)
2022-04-10 16:26:01 +01:00
Nick Hainke
8215bba00e libnfnetlink: update to 1.0.2
Changes:

c63f193 bump version to 1.0.2
3cffa84 libnfnetlink: Check getsockname() return code
90ba679 include: Silence gcc warning in linux_list.h
bb4f6c8 Make it clear that this library is deprecated
e46569c Minimally resurrect doxygen documentation
5087de4 libnfnetlink: hide private symbols
62ca426 autogen: don't convert __u16 to u_int16_t
efa1d8e src: Use stdint types everywhere
7a1a07c include: Sync with kernel headers
7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings
94b68f3 configure: uclinux is also linux
617fe82 src: get source code license header in sync with current licensing terms
97a3960 build: resolve automake-1.12 warnings

Removed the patch 100-missing_include.patch, libnfnetlink compiles fine
with musl without this patch.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit aecf088b37)
2022-04-10 16:26:01 +01:00
Andrey Erokhin
8f4124c252 gpio-button-hotplug: fix data race
bh_event_add_var can be called by multiple threads concurrently,
so it shall not use a static char buffer

Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
(cherry picked from commit 1e991e09b7)
2022-04-10 16:26:01 +01:00
Daniel Golle
dbec41685b libselinux: add missing host-build dependency on libsepol/host
The host-build of libselinux requires libsepol/host.
Add the libsepol/host to HOST_BUILD_DEPENDS to allow build on hosts
which don't have libsepol installed.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0d3850dc5a)
2022-04-10 16:26:01 +01:00
Valentyn Datsko
660923cd74 dnsmasq: add procd interface index tracking
Problem exist when dnsmasq is exclusively bind to particular interface.
After reconfiguring or restarting this interface, its index changes, but
dnsmasq uses the old one. When this problem occurs, dnsmasq does not
listen on the correct interface so DHCP does not work, and clients do not
get an IP address. Procd netdev param can be added to restart dnsmasq when
the interface index is changed.

Signed-off-by: Valentyn Datsko <valikk.d@gmail.com>
[combined into a single &&-connected statement]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 76f55e3c3f)
2022-04-10 16:26:01 +01:00
Rosen Penev
ce7ee54c55 libselinux: use musl-fts for host builds
Fixes compilation under musl based distros like Alpine Linux.

Also add pcre/host as a build dependency as it's needed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit abb2683de3)
2022-04-10 16:26:01 +01:00
Paul Spooren
f56ddb0f58 toolchain: reproducible libstdcpp
A Python script containing an unreproducible path is copied by default.
Remove it before generating the package.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 950bd40a27)
2022-04-06 13:59:44 +01:00
Paul Spooren
fd81c052f7 grub2: add missing license
The PKG_LICENSE field was missing.
While at it, normalize the Makefile a bit.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 839b1ff1fc)
2022-04-05 23:33:35 +02:00
Daniel Golle
2dafc04b4d kernel: load device-mapper early on boot
Previously commit openwrt/packages@3abb7cb ("lvm2: Added script and updated Makefile[...]")
couldn't actually work and allow rootfs_data to be stored on a LVM2 as
the necessary kernel modules had not been loaded at this point.
Fix this by loading device-mapper modules early at boot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 82f9ad6ab2)
2022-04-05 23:33:35 +02:00
Piotr Dymacz
66c075c5d2 kernel: modules: drop 'AddDepends/bluetooth' calls
Function 'AddDepends/bluetooth' doesn't exist in our codebase.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 173198e35a)
2022-04-05 23:33:35 +02:00
Hauke Mehrtens
d18e365b17 busybox: Fix snprintf arguments in lock
The first argument for snprintf is the buffer and the 2. one is the
size. Fix the order. This broke the lock application.

Fixes: 9d2b26d5a7 ("busybox: fix busybox lock applet pidstr buffer overflow")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d80336e1a9)
2022-04-05 23:33:16 +02:00
Qichao Zhang
9d2b26d5a7 busybox: fix busybox lock applet pidstr buffer overflow
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.

Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
(cherry picked from commit 34567750db)
2022-04-05 00:20:24 +02:00
Rosen Penev
56463b0221 pcre: disable shared libraries for host builds
Getting rid of shared libraries for hostpkg avoids having to use rpath
hacks to find the library. It also fixes compilation with host glib2
binaries.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f8571749a7)
2022-04-05 00:20:24 +02:00
Rosen Penev
308adb76d2 musl-fts: remove shared libraries from host
Avoids having to add rpath to the various packages using it. Also add
PIC to fix compilation as static libraries do not use PIC by default.

Fixes: 1fb099341e ("musl-fts: add host build")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8a75ed4ba0)
2022-04-05 00:20:24 +02:00
Stijn Tintel
3a3fdd6239 gettext-full: add gmsgfmt symlink in host install
Some configure scripts look for msgfmt and gmsgfmt. As we don't install
the latter, configure might pick up one from staging_dir/hostpkg, and
the other from the host:

checking for msgfmt... /home/stijn/Development/OpenWrt/openwrt/staging_dir/hostpkg/bin/msgfmt
checking for gmsgfmt... /usr/bin/gmsgfmt

This could potentially lead to hard to debug undefined behaviour.
Install a symlink in the host install phase to avoid this.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 636cb00ecc)
2022-04-05 00:20:24 +02:00
Robert Marko
9ae93c14fb uboot-mvebu: backport patch to fix eMMC
v2022.01 has a regression that broke eMMC usage on most if not all Armada
SoC-s, thus breaking boards like uDPU which use eMMC for storage.

Fix it by backporting a recent upstream patch.

Fixes: 782d4c8306 ("uboot-mvebu: update to version 2022.01")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit a703830806)
2022-04-05 00:20:24 +02:00
Daniel Golle
d7354297bb uqmi: fix acquiring PIN status
Evaluating the return value of 'json_load' didn't work in the
intended way resulting in PIN status no longer being read on modems
where --get-pin-status doesn't fail.
Fix this by trying --get-pin-status first and checking if pin1_status
field exists in JSON, and if it doesn't try again with
--uim-get-sim-state.

Fixes: #9501
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ee7cb5e885)
2022-03-27 16:14:00 +01:00
Felix Fietkau
52e0ce2327 mac80211: backport patch that allows receiving packets with non-standard VHT MCS10-11 rates
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 56ae4eb908)
2022-03-27 16:14:00 +01:00
Daniel Golle
64fd2713a3 uboot-mediatek: add patch to allow accessing bootconf from Linux
Store selected boot configuration in '/chosen' node in device tree, so
it can be accessed by Linux (and used for fine-tuning the FIT partition
parser).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit dfc3ea6810)
2022-03-27 16:14:00 +01:00
Daniel Golle
ef822ac8d8 uboot-envtools: oxnas: fix wrong eraseblock size for shuttle,kd20
Shuttle KD20 has NAND flash with 0x20000 (128KiB) erase blocks.
Correctly set that in uboot-envtools as well to allow writing to the
bootloader environment using fw_setenv.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit fa67639513)
2022-03-27 16:14:00 +01:00
Petr Štetiar
b8f076c9a4 openwrt-keyring: fix broken install step
In commit 2d03f27f0f ("openwrt-keyring: make opkg use 22.03 usign
key") I've accidentally removed the `endef` keyword, so fix it by adding
it back.

Fixes: 2d03f27f0f ("openwrt-keyring: make opkg use 22.03 usign key")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-03-27 11:48:31 +02:00
Petr Štetiar
2d03f27f0f openwrt-keyring: make opkg use 22.03 usign key
In order to make opkg usable with artifacts produced by project's
buildbot:

 Downloading https://downloads.openwrt.org/releases/22.03-SNAPSHOT/packages/x86_64/luci/Packages.sig
 Signature check failed.
 Remove wrong Signature file.

References: https://gitlab.com/openwrt/docker/-/jobs/2255191689
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-03-27 11:06:40 +02:00
张 鹏
e93af247a3 ipq40xx: update E2600AC c1/c2 board
Modified the radio frequency hardware part of e2600ac c1/c2,
need to cooperate with the modified board.bin file, the device
can work normally.

Signed-off-by: 张 鹏 <sd20@qxwlan.com>
(cherry picked from commit bdc786e82c)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-03-26 21:28:41 +01:00
Josef Schlehofer
2ce4ae55db cypress-firmware: drop several packages
1. Drop package: cypress-firmware-4359-pcie
This binary is no longer provided and there are not many details what
happened.

2. Drop package: cypress-firmware-4359-sdio
This binary is no longer provided, but in this case, to compare it with
PCIe package mention as first, there was added
support in Linux-firmware [1], but no sign of firmware file.

4. Drop package: cypress-firmware-89459-pcie [2]
According to Infineon: "CYW89459 is an automotive Wi-Fi chip which is not
supported in the broad market community."

[1] https://patchwork.kernel.org/project/linux-wireless/patch/20191211235253.2539-6-smoch@web.de/

[2] https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/the-wifi-driver-for-CYW89459-in-linux4-14-98-2-3-00/m-p/138971

Fixes: 7ca7e0b22d ("cypress-firmware: update it to version 5.4.18-2021_0812")

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 51dee3f4f7)
2022-03-26 21:28:41 +01:00
Petr Štetiar
161ff660fc openwrt-keyring: add OpenWrt 22.03 GPG/usign keys
62471e693b4f usign: add 22.03 release build public key
 70817cffc905 gpg: add OpenWrt 22.03 signing key

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 759886345d)
2022-03-25 14:28:50 +01:00
Petr Štetiar
3965dda0fa zlib: backport security fix for a reproducible crash in compressor
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.

Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.

Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b3aa2909a7)
2022-03-24 08:18:21 +01:00
Felix Fietkau
68b008756f qosify: update to the latest version
391a9fbd5ace dns: fix parsing vlan encapsulated protocol
6aeeddbc91ad interface: extend dns filters to cover vlan tagged traffic as well
1ab53d4ca601 bpf: return TC_ACT_UNSPEC to allow other filters to proceed
ca21e729af23 interface: switch to using clsact for filters
5d158f6b3c15 interface: run ingress bpf filter on main device ingress instead of ifb egress
bdfcb11847ce interface: fix duplicated dns filter line
b97405aa632a Revert "ubus: remove dnsmasq subscriber"
8fbaf39dbc95 interface: rework adding/removing filters, do not delete clsact
d7ba5804eae4 interface: replace open-coded ifb-dns string with QOSIFY_DNS_IFNAME
91cf440db9e2 loader: fix use of deprecated functions
57c7817f91c2 qosify: fix dscp values of ubus-added dns host entries

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit af434e0da2)
2022-03-22 10:29:18 +01:00
Rui Salvaterra
714ed05a41 kmod-lzo: include the lzo-rle kmod in the package
Albeit a separate crypto module, lzo-rle uses the same kernel library as lzo.
Crypto API users (zram, for example) expect both lzo and lzo-rle to be
available, so let's include lzo-rle (about 5.5 kiB) in the lib-lzo package.

Based on e9hack's original patch: https://patchwork.ozlabs.org/project/openwrt/patch/541cbfbd-76f2-59b3-a867-47b6f0fc7da9@gmail.com/

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit aaa0c09785)
2022-03-22 09:25:40 +00:00
Richard Huynh
9470160c35 mediatek: Add support for Xiaomi Redmi Router AX6S
Also known as the "Xiaomi Router AX3200" in western markets,
but only the AX6S is widely installation-capable at this time.

SoC: MediaTek MT7622B
RAM: DDR3 256 MiB (ESMT M15T2G16128A)
Flash: SPI-NAND 128 MiB (ESMT F50L1G41LB or Gigadevice GD5F1GQ5xExxG)
WLAN: 2.4/5 GHz 4T4R
2.4 GHz: MediaTek MT7622B
5 GHz: MediaTek MT7915E
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531B
LEDs/Keys: 2/2 (Internet + System LED, Mesh button + Reset pin)
UART: Marked J1 on board VCC RX GND TX, beginning from "1". 3.3v, 115200n8
Power: 12 VDC, 1.5 A

Notes:
U-Boot passes through the ethaddr from uboot-env partition,
but also has been known to reset it to a generic mac address
hardcoded in the bootloader.

However, bdata is also populated with the ethernet mac addresses,
but is also typically never written to. Thus this is used instead.

Installation:
1. Flash stock Xiaomi "closed beta" image labelled
'miwifi_rb03_firmware_stable_1.2.7_closedbeta.bin'.
(MD5: 5eedf1632ac97bb5a6bb072c08603ed7)

2. Calculate telnet password from serial number and login

3. Execute commands to prepare device
nvram set ssh_en=1
nvram set uart_en=1
nvram set boot_wait=on
nvram set flag_boot_success=1
nvram set flag_try_sys1_failed=0
nvram set flag_try_sys2_failed=0
nvram commit

4. Download and flash image
On computer:
python -m http.server
On router:
cd /tmp
wget http://<IP>:8000/factory.bin
mtd -r write factory.bin firmware

Device should reboot at this point.

Reverting to stock:
Stock Xiaomi recovery tftp that accepts their signed images,
with default ips of 192.168.31.1 + 192.168.31.100.
Stock image should be renamed to tftp server ip in hex (Eg. C0A81F64.img)
Triggered by holding reset pin on powerup.

A simple implementation of this would be via dnsmasq's
dhcp-boot option or using the vendor's (Windows only)
recovery tool available on their website.

Signed-off-by: Richard Huynh <voxlympha@gmail.com>
(cherry picked from commit 9f9477b275)
2022-03-21 13:11:56 +00:00
Paul Spooren
43e6d979b8 OpenWrt v22.03: set branch defaults
Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-20 13:05:00 +00:00
Huangbin Zhan
3bf10bac11 ncurses: update to 6.3
release notes: https://invisible-island.net/ncurses/announce-6.3.html

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2022-03-19 17:42:29 +01:00
Mikhail Zhilkin
f8b02130d2 ramips: add support for Beeline SmartBox Flash
Beeline SmartBox Flash is a wireless AC1300 (WiFi 5) router manufactured
by Arcadyan company.

Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB, Winbond W632GU6NB
Flash: 128 MiB (NAND), Winbond W29N01HVSINF
Wireless 2.4 GHz (MT7615DN): b/g/n, 2x2
Wireless 5 GHz (MT7615DN): a/n/ac, 2x2
Ethernet: 3xGbE (WAN, LAN1, LAN2)
USB ports: 1xUSB3.0
Button: 1 (Reset/WPS)
LEDs: 1 RGB LED
Power: 12 VDC, 1.5 A
Connector type: Barrel
Bootloader: U-Boot (Ralink UBoot Version: 5.0.0.2)
OEM: Arcadyan WE42022

Installation
------------
1. Place *factory.trx on any web server (192.168.1.2 in this example)
2. Connect to the router using telnet shell (no password required)
3. Save MAC adresses to U-Boot environment:
   uboot_env --set --name eth2macaddr --value $(ifconfig | grep eth2 | \
    awk '{print $5}')
   uboot_env --set --name eth3macaddr --value $(ifconfig | grep eth3 | \
    awk '{print $5}')
   uboot_env --set --name ra0macaddr --value $(ifconfig | grep ra0 | \
    awk '{print $5}')
   uboot_env --set --name rax0macaddr --value $(ifconfig | grep rax0 | \
    awk '{print $5}')
4. Ensure that MACs were saved correctly:
   uboot_env --get --name eth2macaddr
   uboot_env --get --name eth3macaddr
   uboot_env --get --name ra0macaddr
   uboot_env --get --name rax0macaddr
5. Download and write the OpenWrt images:
   cd /tmp
   wget http://192.168.1.2/factory.trx
   mtd_write erase /dev/mtd4
   mtd_write write factory.trx /dev/mtd4
6. Set 1st boot partition and reboot:
   uboot_env --set --name bootpartition --value 0
   reboot

Back to Stock
-------------
1. Run in the OpenWrt shell:
   fw_setenv bootpartition 1
   reboot
2. Optional step. Upgrade the stock firmware with any version to
   overwrite the OpenWrt in Slot 1.

MAC addresses
-------------
+-----------+-------------------+----------------+
| Interface | MAC               | Source         |
+-----------+-------------------+----------------+
| label     | 30:xx:xx:51:xx:09 | No MACs was    |
| LAN       | 30:xx:xx:51:xx:09 | found on Flash |
| WAN       | 30:xx:xx:51:xx:06 | [1]            |
| WLAN_2g   | 30:xx:xx:51:xx:07 |                |
| WLAN_5g   | 32:xx:xx:41:xx:07 |                |
+-----------+-------------------+----------------+
[1]:
a. Label wasb't found neither in factory nor in other places.
b. MAC addresses are stored in encrypted partition "glbcfg". Encryption
   key hasn't known yet. To ensure the correct MACs in OpenWrt, a hack
   with saving of the MACs to u-boot-env during the installation was
   applied.
c. Default Ralink ethernet MAC address (00:0C:43:28:80:36) was found in
   "Factory" 0xfff0. It's the same for all Smartbox Flash devices. OEM
   firmware also uses this MAC when initialazes ethernet driver. In
   OpenWrt we use it only as internal GMAC (eth0), all other MACs are
   unique. Therefore, there is no any barriers to the operation of several
   Smartbox Flash devices even within the same broadcast domain.

Stock firmware image format
---------------------------
+--------------+---------------+----------------------------------------+
| Offset       | 1.0.15        | Description                            |
+==============+===============+========================================+
| 0x0          | 5d 43 6f 74   | TRX magic "]Cot"                       |
+--------------+---------------+----------------------------------------+
| 0x4          | 00 70 ff 00   | Length (reverse)                       |
+--------------+---------------+----------------------------------------+
|              |               | htonl(~crc) from 0xc ("flag_version")  |
| 0x8          | 72 b3 93 16   | to "Length"                            |
+--------------+---------------+----------------------------------------+
| 0xc          | 00 00 01 00   | Flags                                  |
+--------------+---------------+----------------------------------------+
|              |               | Offset (reverse) of Kernel partition   |
| 0x10         | 1c 00 00 00   | from the start of the header           |
+--------------+---------------+----------------------------------------+
|              |               | Offset (reverse) of RootFS partition   |
| 0x14         | 00 00 42 00   | from the start of the header           |
+--------------+---------------+----------------------------------------+
| 0x18         | 00 00 00 00   | Zeroes                                 |
+--------------+---------------+----------------------------------------+
| 0x1c         | 27 05 19 56 … | Kernel data + zero padding             |
+--------------+---------------+----------------------------------------+
|              |               | RootFS data (starting with "hsqs") +   |
| 0x420000     | 68 73 71 73 … | zero padding to "Length"               |
+--------------+---------------+----------------------------------------+
|              |               | Some signature data (format is         |
|              |               | unknown). Necessary for the fw         |
| "Lenght"     | 00 00 00 00 … | update via oem fw web interface.       |
+--------------+---------------+----------------------------------------+
| "Lenght" +   |               | TRX magic "HDR0". U-Boot is            |
| 0x10c        | 48 44 52 30   | checking it at every boot.             |
+--------------+---------------+----------------------------------------+
|              |               | 1.00:                                  |
|              |               |   Zero padding to ("Lenght" + 0x23000) |
|              |               | 1.0.12:                                |
|              |               |   Zero padding to ("Lenght" + 0x2a000) |
| "Lenght" +   |               | 1.0.13, 1.0.15, 1.0.16:                |
| 0x110        | 00 00 00 00   |   Zero padding to ("Lenght" + 0x10000) |
+--------------+---------------+----------------------------------------+

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-03-19 16:14:01 +01:00
Florian Eckert
09c41ea679 base-files: add wrapper for procd service list command
A service managed by procd does have a json object with usefull information.
This information could by dumped with the following command.

ubus call service list "{ 'verbose':true, 'name': '<service-name>)'". }"

This line is long and complicated to enter. This commit adds a wrapper
call to the procd service section tool to simplify the input and get the
output faster.

We could now enter the command /etc/initd/<service> info to get the info
faster.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-19 16:13:58 +01:00
Florian Eckert
b9017384ca procd: move service command to procd
The service command belongs to the procd and does not belong in the
shinit. In the course of the move, the script was also checked with
shellcheck and cleaned up.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-19 16:13:58 +01:00
Etienne Champetier
30c15d06e8 iptables: bump PKG_RELEASE
Following {arp,eb}tables-nft addition, bump PKG_RELEASE

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
66bb6dde36 iptables: add {arp,eb}tables-nft
Add a patch to add some missing init_extensions{a,b}() calls
Package lib{arp,eb}t_*.so

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
c913be1da1 iptables: add xtables-nft package
This allows to install ip6tables-nft without iptables-nft
This prepare the addition of {arp,eb}tables-nft

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
afb6824a2c iptables: add xtables-legacy package
This allows to install ip6tables-legacy without iptables-legacy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
905b49920f ebtables: rename to ebtables-legacy
This prepare the introduction of ebtables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
2f5088ef5f arptables: rename package to arptables-legacy
This prepare the introduction of arptables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Josef Schlehofer
7ca7e0b22d cypress-firmware: update it to version 5.4.18-2021_0812
- Binary files were renamed to cyfmac from brcmfmac, but the files needs
  to be on the router with the previous naming

[    6.656165] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
[    6.665182] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.bin failed with error -2
[    6.674928] brcmfmac mmc1:0001:1: Falling back to sysfs fallback for: brcm/brcmfmac43455-sdio.bin

- Cypress were acquired by Infineon Technologies
Thus change the project URL and switch to download files from their
GitHub repository. This is much better than the previous solution, which
requires finding new threads on their community forum about new driver
updates, and it will be necessary to change the URL each time.

Unfortunately, it seems that there is not published changelog, but
according to this forum thread [1], be careful by opening the link from
solution since it contains ending bracket ), it brings fixes for various
security vulnerabilities, which were fixed in 7_45_234.

Fixes:
- FragAttacks
- Kr00k

Also add LICENSE file

Run tested on Seeedstudio router powered by Raspberry Pi 4 CM with
package cypress-firmware-43455-sdio.

Before:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[    6.895050] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Mar 23 2020 02:20:01 version 7.45.206 (r725000 CY) FWID 01-febaba43

After:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[    6.829805] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID 01-996384e2

[1] https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/Outdated-brcmfmac-firmware-for-Raspberry-Pi-4-in-OpenWrt-21-02-1/m-p/331593#M2269

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-03-19 16:13:58 +01:00
Josef Schlehofer
013b043564 iwinfo: update to latest Git head
Changelog:
90bfbb9 devices: Add Cypress CYW43455
234075b devices: fix AMD RZ608 format
0e2a318 devices: add AMD RZ608 device-id

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-03-19 16:13:58 +01:00
Felix Fietkau
54aab4e719 bpftools: fix library path on 64 bit systems
drop the use of LIB_SUFFIX

Fixes: 00cbf6f6ab ("bpftools: update to standalone bpftools + libbpf, use the latest version")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-19 13:29:15 +01:00
Felix Fietkau
00cbf6f6ab bpftools: update to standalone bpftools + libbpf, use the latest version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-19 07:30:06 +01:00
Felix Fietkau
9c8cd1462d mac80211: backport MBSSID support
Required for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-18 14:38:27 +01:00
Rosen Penev
80b88b083a argp-standalone: fix compilation with Alpine Linux
This package is a C89 one. Add the proper CFLAG to fix compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-16 17:58:24 +01:00
Brian Norris
e8a0c55909 base-files: Align rootfs_data upgrades to 64KiB on eMMC
Rootfs overlays get created at a ROOTDEV_OVERLAY_ALIGN (64KiB)
alignment after the rootfs, but emmc_do_upgrade() is assuming
it comes at the very next 512-byte sector.

Suggested-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
(move spaces around, mention fstools' libtoolfs)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-03-16 17:50:06 +01:00
Martin Schiller
e17c6ee627 openssl: bump to 1.1.1n
This is a bugfix release. Changelog:

  *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
     forever for non-prime moduli. (CVE-2022-0778)

  *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
     (RFC 5489) to the list of ciphersuites providing Perfect Forward
     Secrecy as required by SECLEVEL >= 3.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2022-03-16 16:28:16 +01:00
Rafał Miłecki
f4c2dab544 uboot-bcm4908: add BCM4912 build
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-03-15 18:43:41 +01:00
Rafał Miłecki
3592aa8566 uboot-bcm4908: update to the latest generic
0625aad74d arm: dts: add ASUS GT-AX6000
6fb1cb624d arm: dts: add Netgear RAXE450 / RAXE550

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-03-15 14:31:02 +01:00
Rafał Miłecki
9dbca6bf6e uboot-bcm4908: use "xxd" from staging_dir
This fixes:
bash: xxd: command not found
on hosts without xxd installed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-03-15 12:43:04 +01:00
Felix Fietkau
da2b97210c mt76: update to the latest version
378b638c70c0 mt76: mt7915: fix unused variable with testmode disabled
4f4309542862 mt76: mt7915: only use u32_get_bits with constant value
de06d828a0bf mt76: mt7921: fix injected MPDU transmission to not use HW A-MSDU
c007ba3ec7a9 mt76: mt7915: simplify conditional
64c74dc93f68 mt76: fix dfs state issue with 160 MHz channels
d3471b0d92c1 mt76: mt7615: honor ret from mt7615_mcu_restart in mt7663u_mcu_init
f4c87b32e0e9 mt76: mt7663u: introduce mt7663u_mcu_power_on routine
82de5987af54 mt76: mt7921: fix up the monitor mode
c501df4086e1 mt76: mt7921: use mt76_hw instead of open coding it
594ee03d5a11 mt76: mt7915: fix DFS no radar detection event
d8d2b383a241 mt76: split single ldpc cap bit into bits
0f336fba20fe mt76: mt7921: make mt7921_init_tx_queues static
00a066ce9914 mt76: mt7921: fix xmit-queue dump for usb and sdio
d6d2479568b2 mt76: mt7921: fix mt7921_queues_acq implementation
d17b74420199 mt76: fix monitor mode crash with sdio driver
c374559eae6f mt76: mt7915: allow beaconing on all chains
b219af63b9ce mt76: connac: add 6 GHz support for wtbl and starec configuration
630384cb3246 mt76: mt7915: add 6 GHz support
28ff1bddc7e8 mt76: mt7915: fix eeprom fields of txpower init values
d4b226cc15e7 mt76: mt7915: add txpower init for 6GHz
31e820d4ce4b mt76: mt7921: get rid of mt7921_wait_for_mcu_init declaration
9fee1faf6028 mt76: mt7915: check for devm_pinctrl_get() failure
31a970940b97 mt76: connac: make read-only array ba_range static const
e49af7036bbc mt76: use le32/16_get_bits() whenever possible
0664d39039c2 mt76: fix invalid rssi report
f16fc9d96105 mt76: mt7915: set band1 TGID field in tx descriptor
67ce2708dcef mt76: mt7915: fix beamforming mib stats
6e899abec818 mt76: mt7915: fix phy cap in mt7915_set_stream_he_txbf_caps()
c6780c85cff2 mt76: mt7915: fix typos in comments
aa6eadc09a83 mt76: usb: add req_type to ___mt76u_rr signature
74a519ab8353 mt76: usb: add req_type to ___mt76u_wr signature
2651d2c66cbd mt76: usb: introduce __mt76u_init utility routine
c03e095eee27 mt76: mt7921: disable runtime pm for usb
41085cdcd7e3 mt76: mt7921: update mt7921_skb_add_usb_sdio_hdr to support usb
e700aba6bae3 mt76: mt7921: move mt7921_usb_sdio_tx_prepare_skb in common mac code
056b7f4ebcc6 mt76: mt7921: move mt7921_usb_sdio_tx_complete_skb in common mac code.
0abf682a3def mt76: mt7921: move mt7921_usb_sdio_tx_status_data in mac common code.
b0c60d5252de mt76: mt7921: add mt7921u driver
053668acdaf8 mt76: mt7921: move mt7921_init_hw in a dedicated work

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-15 10:46:10 +01:00
Petr Štetiar
9cdd15d8a5 mac80211: headers: fix lockdep_assert_not_held()
LOCK_STATE_HELD define was omitted during backport of
lockdep_assert_not_held() which leads to build failures of kernels with
CONFIG_LOCKDEP=y:

 backports-5.15.8-1/backport-include/linux/lockdep.h:16:47: error: 'LOCK_STATE_HELD' undeclared (first use in this function)

Fix it by adding missing LOCK_STATE_HELD define.

References: PR#9373
Reported-by: Oskari Rauta <oskari.rauta@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-03-15 08:33:45 +01:00
Michael Pratt
41be1a2de2 ath79: add support for Araknis AN-700-AP-I-AC
FCC ID: 2AG6R-AN700APIAC

Araknis AN-700-AP-I-AC is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+

this board is a Senao device:
the hardware is equivalent to EnGenius EAP1750
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails

**Specification:**

  - QCA9558 SOC		MIPS 74kc, 2.4 GHz WMAC, 3x3
  - QCA9880 WLAN	PCI card, 5 GHz, 3x3, 26dBm
  - AR8035-A PHY	RGMII GbE with PoE+ IN
  - 40 MHz clock
  - 16 MB FLASH		MX25L12845EMI-10G
  - 2x 64 MB RAM	NT5TU32M16
  - UART console	J10, populated, RX shorted to ground
  - 4 antennas		5 dBi, internal omni-directional plates
  - 4 LEDs		power, 2G, 5G, wps
  - 1 button		reset

  NOTE: all 4 gpio controlled LEDS are viewed through the same lightguide
	therefore, the power LED is off for default state

**MAC addresses:**

  MAC address labeled as ETH
  Only one Vendor MAC address in flash at art 0x0

  eth0 ETH  *:xb art 0x0
  phy1 2.4G *:xc ---
  phy0 5GHz *:xd ---

**Serial Access:**

  the RX line on the board for UART is shorted to ground by resistor R176
  therefore it must be removed to use the console
  but it is not necessary to remove to view boot log

  optionally, R175 can be replaced with a solder bridge short

  the resistors R175 and R176 are next to the UART RX pin at J10

**Installation:**

  Method 1: Firmware upgrade page:

    (if you cannot access the APs webpage)
    factory reset with the reset button
    connect ethernet to a computer
    OEM webpage at 192.168.20.253
    username and password 'araknis'
    make a new password, login again...

    Navigate to 'File Management' page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm
    wait about 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fd70000`
    wait a minute
    connect to ethernet and navigate to
    192.168.20.253
    Select the factory.bin image and upload
    wait about 3 minutes

**Return to OEM:**

  Method 1: Serial to load Failsafe webpage (above)

  Method 2: delete a checksum from uboot-env
  this will make uboot load the failsafe image at next boot
  because it will fail the checksum verification of the image

    ssh into openwrt and run
    `fw_setenv rootfs_checksum 0`
    reboot, wait a minute
    connect to ethernet and navigate to
    192.168.20.253
    select OEM firmware image and click upgrade

  Method 3: backup mtd partitions before upgrade

**TFTP recovery:**

  Requires serial console, reset button does nothing

  rename initramfs-kernel.bin to '0101A8C0.img'
  make available on TFTP server at 192.168.1.101
  power board, interrupt boot with serial console
  execute `tftpboot` and `bootm 0x81000000`

  NOTE: TFTP may not be reliable due to bugged bootloader
	set MTU to 600 and try many times

**Format of OEM firmware image:**

  The OEM software is built using SDKs from Senao
  which is based on a heavily modified version
  of Openwrt Kamikaze or Altitude Adjustment.
  One of the many modifications is sysupgrade being performed by a custom script.
  Images are verified through successful unpackaging, correct filenames
  and size requirements for both kernel and rootfs files, and that they
  start with the correct magic numbers (first 2 bytes) for the respective headers.

  Newer Senao software requires more checks but their script
  includes a way to skip them.

  The OEM upgrade script is at
  /etc/fwupgrade.sh

  OKLI kernel loader is required because the OEM software
  expects the kernel to be less than 1536k
  and the OEM upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  The clock delay required for RGMII can be applied at the PHY side,
  using the at803x driver `phy-mode` setting through the DTS.
  Therefore, the Ethernet Configuration registers for GMAC0
  do not need the bits for RGMII delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-03-13 19:54:58 +01:00
Michael Pratt
56716b578e ath79: add support for Araknis AN-500-AP-I-AC
FCC ID: 2AG6R-AN500APIAC

Araknis AN-500-AP-I-AC is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+

this board is a Senao device:
the hardware is equivalent to EnGenius EAP1200
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails

**Specification:**

  - QCA9557 SOC		MIPS 74kc, 2.4 GHz WMAC, 2x2
  - QCA9882 WLAN	PCI card 168c:003c, 5 GHz, 2x2, 26dBm
  - AR8035-A PHY	RGMII GbE with PoE+ IN
  - 40 MHz clock
  - 16 MB FLASH		MX25L12845EMI-10G
  - 2x 64 MB RAM	NT5TU32M16
  - UART console	J10, populated, RX shorted to ground
  - 4 antennas		5 dBi, internal omni-directional plates
  - 4 LEDs		power, 2G, 5G, wps
  - 1 button		reset

  NOTE: all 4 gpio controlled LEDS are viewed through the same lightguide
	therefore, the power LED is off for default state

**MAC addresses:**

  MAC address labeled as ETH
  Only one Vendor MAC address in flash at art 0x0

  eth0 ETH  *:e1 art 0x0
  phy1 2.4G *:e2 ---
  phy0 5GHz *:e3 ---

**Serial Access:**

  the RX line on the board for UART is shorted to ground by resistor R176
  therefore it must be removed to use the console
  but it is not necessary to remove to view boot log

  optionally, R175 can be replaced with a solder bridge short

  the resistors R175 and R176 are next to the UART RX pin at J10

**Installation:**

  Method 1: Firmware upgrade page:

    (if you cannot access the APs webpage)
    factory reset with the reset button
    connect ethernet to a computer
    OEM webpage at 192.168.20.253
    username and password 'araknis'
    make a new password, login again...

    Navigate to 'File Management' page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm
    wait about 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fd70000`
    wait a minute
    connect to ethernet and navigate to
    192.168.20.253
    Select the factory.bin image and upload
    wait about 3 minutes

**Return to OEM:**

  Method 1: Serial to load Failsafe webpage (above)

  Method 2: delete a checksum from uboot-env
  this will make uboot load the failsafe image at next boot
  because it will fail the checksum verification of the image

    ssh into openwrt and run
    `fw_setenv rootfs_checksum 0`
    reboot, wait a minute
    connect to ethernet and navigate to
    192.168.20.253
    select OEM firmware image and click upgrade

  Method 3: backup mtd partitions before upgrade

**TFTP recovery:**

  Requires serial console, reset button does nothing

  rename initramfs-kernel.bin to '0101A8C0.img'
  make available on TFTP server at 192.168.1.101
  power board, interrupt boot with serial console
  execute `tftpboot` and `bootm 0x81000000`

  NOTE: TFTP may not be reliable due to bugged bootloader
	set MTU to 600 and try many times

**Format of OEM firmware image:**

  The OEM software is built using SDKs from Senao
  which is based on a heavily modified version
  of Openwrt Kamikaze or Altitude Adjustment.
  One of the many modifications is sysupgrade being performed by a custom script.
  Images are verified through successful unpackaging, correct filenames
  and size requirements for both kernel and rootfs files, and that they
  start with the correct magic numbers (first 2 bytes) for the respective headers.

  Newer Senao software requires more checks but their script
  includes a way to skip them.

  The OEM upgrade script is at
  /etc/fwupgrade.sh

  OKLI kernel loader is required because the OEM software
  expects the kernel to be less than 1536k
  and the OEM upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  The clock delay required for RGMII can be applied at the PHY side,
  using the at803x driver `phy-mode` setting through the DTS.
  Therefore, the Ethernet Configuration registers for GMAC0
  do not need the bits for RGMII delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-03-13 19:54:57 +01:00
Michael Pratt
561f46bd02 ath79: add support for Araknis AN-300-AP-I-N
FCC ID: U2M-AN300APIN

Araknis AN-300-AP-I-N is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+

this board is a Senao device:
the hardware is equivalent to EnGenius EWS310AP
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails

**Specification:**

  - AR9344 SOC		MIPS 74kc, 2.4 GHz WMAC, 2x2
  - AR9382 WLAN		PCI on-board 168c:0030, 5 GHz, 2x2
  - AR8035-A PHY	RGMII GbE with PoE+ IN
  - 40 MHz clock
  - 16 MB FLASH		MX25L12845EMI-10G
  - 2x 64 MB RAM	1839ZFG V59C1512164QFJ25
  - UART console	J10, populated, RX shorted to ground
  - 4 antennas		5 dBi, internal omni-directional plates
  - 4 LEDs		power, 2G, 5G, wps
  - 1 button		reset

  NOTE: all 4 gpio controlled LEDS are viewed through the same lightguide
	therefore, the power LED is off for default state

**MAC addresses:**

  MAC address labeled as ETH
  Only one Vendor MAC address in flash at art 0x0

  eth0 ETH  *:7d art 0x0
  phy1 2.4G *:7e ---
  phy0 5GHz *:7f ---

**Serial Access:**

  the RX line on the board for UART is shorted to ground by resistor R176
  therefore it must be removed to use the console
  but it is not necessary to remove to view boot log

  optionally, R175 can be replaced with a solder bridge short

  the resistors R175 and R176 are next to the UART RX pin at J10

**Installation:**

  Method 1: Firmware upgrade page:

    (if you cannot access the APs webpage)
    factory reset with the reset button
    connect ethernet to a computer
    OEM webpage at 192.168.20.253
    username and password 'araknis'
    make a new password, login again...

    Navigate to 'File Management' page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm
    wait about 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt uboot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fd70000`
    wait a minute
    connect to ethernet and navigate to
    192.168.20.253
    Select the factory.bin image and upload
    wait about 3 minutes

**Return to OEM:**

  Method 1: Serial to load Failsafe webpage (above)

  Method 2: delete a checksum from uboot-env
  this will make uboot load the failsafe image at next boot
  because it will fail the checksum verification of the image

    ssh into openwrt and run
    `fw_setenv rootfs_checksum 0`
    reboot, wait a minute
    connect to ethernet and navigate to
    192.168.20.253
    select OEM firmware image and click upgrade

  Method 3: backup mtd partitions before upgrade

**TFTP recovery:**

  Requires serial console, reset button does nothing

  rename initramfs-kernel.bin to '0101A8C0.img'
  make available on TFTP server at 192.168.1.101
  power board, interrupt boot with serial console
  execute `tftpboot` and `bootm 0x81000000`

  NOTE: TFTP may not be reliable due to bugged bootloader
	set MTU to 600 and try many times

**Format of OEM firmware image:**

  The OEM software is built using SDKs from Senao
  which is based on a heavily modified version
  of Openwrt Kamikaze or Altitude Adjustment.
  One of the many modifications is sysupgrade being performed by a custom script.
  Images are verified through successful unpackaging, correct filenames
  and size requirements for both kernel and rootfs files, and that they
  start with the correct magic numbers (first 2 bytes) for the respective headers.

  Newer Senao software requires more checks but their script
  includes a way to skip them.

  The OEM upgrade script is at
  /etc/fwupgrade.sh

  OKLI kernel loader is required because the OEM software
  expects the kernel to be less than 1536k
  and the OEM upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

Note on PLL-data cells:

  The default PLL register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  The clock delay required for RGMII can be applied at the PHY side,
  using the at803x driver `phy-mode` setting through the DTS.
  Therefore, the Ethernet Configuration registers for GMAC0
  do not need the bits for RGMII delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-03-13 19:54:57 +01:00
Martin Kennedy
d1a8690742 realtek: add ZyXEL GS1900-24 v1 support
The ZyXEL GS1900-24 v1 is a 24 port switch with two SFP ports, similar to
the other GS1900 switches.

Specifications
--------------
* Device:    ZyXEL GS1900-24 v1
* SoC:       Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash:     16 MiB
* RAM:       Winbond W9751G8KB-25 64 MiB DDR2 SDRAM
* Ethernet:  24x 10/100/1000 Mbps, 2x SFP 100/1000 Mbps
* LEDs:
  * 1 PWR LED (green, not configurable)
  * 1 SYS LED (green, configurable)
  * 24 ethernet port link/activity LEDs (green, SoC controlled)
  * 2 SFP status/activity LEDs (green, SoC controlled)
* Buttons:
  * 1 "RESET" button on front panel (soft reset)
  * 1 button ('SW1') behind right hex grate (hardwired power-off)
* Power:     120-240V AC C13
* UART:      Internal populated 10-pin header ('J5') providing RS232;
             connected to SoC UART through a SIPEX 3232EC for voltage
             level shifting.

* 'J5' RS232 Pinout (dot as pin 1):
  2) SoC RXD
  3) GND
  10) SoC TXD

Serial connection parameters: 115200 8N1.

Installation
------------

OEM upgrade method:

* Log in to OEM management web interface

* Navigate to Maintenance > Firmware > Management

* If "Active Image" has the first option selected, OpenWrt will need to be
  flashed to the "Active" partition. If the second option is selected,
  OpenWrt will need to be flashed to the "Backup" partition.

* Navigate to Maintenance > Firmware > Upload

* Upload the openwrt-realtek-rtl838x-zyxel_gs1900-24-v1-initramfs-kernel.bin
  file by your preferred method to the previously determined partition.
  When prompted, select to boot from the newly flashed image, and reboot
  the switch.

* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:

  > sysupgrade /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24-v1-squashfs-sysupgrade.bin

U-Boot TFTP method:

* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).

* Set up a TFTP server on your client and make it serve the initramfs
  image.

* Connect serial, power up the switch, interrupt U-boot by hitting the
  space bar, and enable the network:

  > rtk network on

> Since the GS1900-24 v1 is a dual-partition device, you want to keep the
  OEM firmware on the backup partition for the time being. OpenWrt can
  only be installed in the first partition anyway (hardcoded in the
  DTS). To ensure we are set to boot from the first partition, issue the
  following commands:

  > setsys bootpartition 0
  > savesys

* Download the image onto the device and boot from it:

  > tftpboot 0x81f00000 192.168.1.10:openwrt-realtek-rtl838x-zyxel_gs1900-24-v1-initramfs-kernel.bin
  > bootm

* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:

  > sysupgrade /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24-v1-squashfs-sysupgrade.bin

Signed-off-by: Martin Kennedy <hurricos@gmail.com>
2022-03-13 19:24:13 +01:00
Tianling Shen
efc8aff62c kernel/modules: add kmod-inet-diag package
Add option to compile kmod-inet-diag, support for INET (TCP, DCCP, etc)
socket monitoring interface used by native Linux tools such as ss.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-03-13 19:24:13 +01:00
Etienne Champetier
e9c99e0f7f iptables: backport missing init_extensions6() calls
This fixes ip6tables-nft no being able to use built-in
extensions like icmp6.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-13 19:24:13 +01:00
Florian Eckert
e5440ec871 ipset: add backport patch for IPv6 nftables ipset-translation
When porting mwan3 from iptables to nftables I tried the new translation
tool for ipset ipset-translate. I noticed that no IPv6 ipset can be
created with the tool. I have reported the problem to the upstream
project and the following patch fixes the problem.

Until this upsream is included in a new release, this patch should be
used in Openwrt.

https://lore.kernel.org/netfilter-devel/20220228190217.2256371-1-pablo@netfilter.org/T/#m09cc3cb738f2e42024c7aecf5b7240d9f6bbc19c

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-13 19:24:13 +01:00
Rafał Miłecki
9851d4b6ce base-files: call "sync" after initial setup
OpenWrt uses a lot of (b)ash scripts for initial setup. This isn't the
best solution as they almost never consider syncing files / data. Still
this is what we have and we need to try living with it.

Without proper syncing OpenWrt can easily get into an inconsistent state
on power cut. It's because:
1. Actual (flash) inode and data writes are not synchronized
2. Data writeback can take up to 30 seconds (dirty_expire_centisecs)
3. ubifs adds extra 5 seconds (dirty_writeback_centisecs) "delay"

Some possible cases (examples) for new files:
1. Power cut during 5 seconds after write() can result in all data loss
2. Power cut happening between 5 and 35 seconds after write() can result
   in empty file (inode flushed after 5 seconds, data flush queued)

Above affects e.g. uci-defaults. After executing some migration script
it may get deleted (whited out) without generated data getting actually
written. Power cut will result in missing data and deleted file.

There are three ways of dealing with that:
1. Rewriting all user-space init to proper C with syncs
2. Trying bash hacks (like creating tmp files & moving them)
3. Adding sync and hoping for no power cut during critical section

This change introduces the last solution that is the simplest. It
reduces time during which things may go wrong from ~35 seconds to
probably less than a second. Of course it applies only to IO operations
performed before /etc/init.d/boot . It's probably the stage when the
most new files get created.

All later changes are usually done using smarter C apps (e.g. busybox or
uci) that creates tmp files and uses rename() that is expected to be
atomic.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2022-03-12 11:13:54 +00:00
Daniel Golle
2a801ee562
uqmi: update to git HEAD
44dd095 uqmi: corrected too short received SMS

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-03-12 11:07:27 +00:00
Lech Perczak
c8a88118af uqmi: set CID during 'query-data-status' operation
Modems used in ZTE mobile broadband routers require to query the data
session status using the same CID as one used to establish the session,
otherwise they will report the session as "disconnected" despite
reporting correct PDH in previous step. Without this change, IPv6
connection on these modems doesn't establish properly. In IPv4 this bug
is present as well, but for some reason querying of IPv4 status works
using temporary CID, this however seems noncompliant with QMI
specifications, so fix it as well.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-03-12 10:38:11 +00:00
Rafał Miłecki
0d45e1ea96 uboot-bcm4908: add package with BCM4908 U-Boot
New BCM4908 devices come with U-Boot instead of CFE. Firmwares for such
devices has to include U-Boot.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-03-11 08:02:30 +01:00
Yousong Zhou
289fbc5102 iptables: add iptables-mod-socket
Previously libxt_socket.so was included in iptables-mod-tproxy.  It was
missed out when trying to make kmod-ipt-socket and kmod-ipt-tproxy
separate packages

Fixes: 4f443c88 ("netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2022-03-10 10:43:32 +08:00
INAGAKI Hiroshi
98113220fa uboot-envtools: add support for I-O DATA BSH-G24MB
This patch adds the device-specific configuration to u-boot-envtools for
I-O DATA BSH-G24MB switch.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2022-03-07 21:44:53 +01:00
Josef Schlehofer
d71928c1e3 nftables: update to version 1.0.2
Changelog:
https://lwn.net/ml/netdev/YhO5Pn+6+dgAgSd9@salvia/

Patches:

removed:
- 001-parser-allow-quoted-string-in-flowtable_expr_member:
it is now part of upstream release [1]

added:
- 001-examples-compile-with-make-check.patch:
backported from [2], it fixes:

nft-json-file.c:3:10: fatal error: nftables/libnftables.h: No such file or directory
    3 | #include <nftables/libnftables.h>
      |          ^~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

[1] https://git.netfilter.org/nftables/commit/?h=v1.0.2&id=07af4429241c9832a613cb8620331ac54257d9df
[2] https://git.netfilter.org/nftables/commit/?id=18a08fb7f0443f8bde83393bd6f69e23a04246b3

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-03-07 21:44:53 +01:00
Hauke Mehrtens
baea8255e0 linux-firmware: Update to version 20220209
This switches the iwlwifi-firmware-ax200 file to API version 66, this is
the most recent version supported by our driver.

The following files used in OpenWrt changed:
 amdgpu-firmware/lib/firmware/amdgpu/yellow_carp_dmcub.bin
 ar3k-firmware/lib/firmware/qca/nvm_usb_00130201.bin
 ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_010a.bin
 ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_010b.bin
 ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_0303.bin
 ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_gf.bin
 ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_gf_010a.bin
 ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_gf_010b.bin
 ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_gf_0303.bin
 ar3k-firmware/lib/firmware/qca/rampatch_usb_00130200.bin
 ar3k-firmware/lib/firmware/qca/rampatch_usb_00130201.bin
 iwlwifi-firmware-ax200/lib/firmware/iwlwifi-cc-a0-66.ucode
 iwlwifi-firmware-ax210/lib/firmware/iwlwifi-ty-a0-gf-a0-66.ucode
 iwlwifi-firmware-ax210/lib/firmware/iwlwifi-ty-a0-gf-a0.pnvm
 iwlwifi-firmware-iwl9000/lib/firmware/iwlwifi-9000-pu-b0-jf-b0-46.ucode
 iwlwifi-firmware-iwl9260/lib/firmware/iwlwifi-9260-th-b0-jf-b0-46.ucode
 rtl8822ce-firmware/lib/firmware/rtw88/rtw8822c_fw.bin

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-03-07 18:07:29 +01:00
Felix Fietkau
1b46333895 bpf-headers: ship a modified version of stdarg.h from musl to fix ebpf build on glibc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-07 10:38:41 +01:00
Felix Fietkau
759149977e qosify: update to the latest version
3276aed81c73 move run_cmd() to main.c
558eabc13c64 map: move dns host based lookup code to a separate function
6ff06d66c36c dns: add code for snooping dns packets
a78bd43c4a54 ubus: remove dnsmasq subscriber
9773ffa70f1f map: process dns patterns in the order in which they were defined
f13b67c9a786 dns: allow limiting dns entry matching to cname name

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-06 23:01:24 +01:00
Hauke Mehrtens
921392e216 iproute2: Remove libxtables from some tc variants
This adds the new tc-bpf variant and removes libxtables dependency from
the tc-tiny variant. The tc-full variant stays like before and contains
everything.

This allows to use tc without libxtables.

The variants have the following sizes:
root@OpenWrt:/# ls -al /usr/libexec/tc-*
-rwxr-xr-x    1 root     root        282453 Mar  1 21:55 /usr/libexec/tc-bpf
-rwxr-xr-x    1 root     root        282533 Mar  1 21:55 /usr/libexec/tc-full
-rwxr-xr-x    1 root     root        266037 Mar  1 21:55 /usr/libexec/tc-tiny

They are linking the following shared libraries:
root@OpenWrt:/# ldd /usr/libexec/tc-tiny
        /lib/ld-musl-mips-sf.so.1 (0x77d6e000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d4a000)
        libc.so => /lib/ld-musl-mips-sf.so.1 (0x77d6e000)
root@OpenWrt:/# ldd /usr/libexec/tc-bpf
        /lib/ld-musl-mips-sf.so.1 (0x77da6000)
        libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77d60000)
        libelf.so.1 => /usr/lib/libelf.so.1 (0x77d3e000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d1a000)
        libc.so => /lib/ld-musl-mips-sf.so.1 (0x77da6000)
        libz.so.1 => /usr/lib/libz.so.1 (0x77cf6000)
root@OpenWrt:/# ldd /usr/libexec/tc-full
        /lib/ld-musl-mips-sf.so.1 (0x77de8000)
        libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77da2000)
        libelf.so.1 => /usr/lib/libelf.so.1 (0x77d80000)
        libxtables.so.12 => /usr/lib/libxtables.so.12 (0x77d66000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d42000)
        libc.so => /lib/ld-musl-mips-sf.so.1 (0x77de8000)
        libz.so.1 => /usr/lib/libz.so.1 (0x77d1e000)

This is based on a patch from Tiago Gaspar.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-03-05 21:06:35 +01:00
Langhua Ye
d15f9b9043 uboot-envtools: mt7622: add support for Ruijie RG-EW3200GX PRO
Add U-Boot environment settings for Ruijie RG-EW3200GX PRO to allow
users to access the bootloader environment using fw_printenv/fw_setenv
while running OpenWrt.

Signed-off-by: Langhua Ye <y1248289414@outlook.com>
2022-03-05 21:06:35 +01:00
Ansuel Smith
4393d8c090 libnetfilter-conntrack: backport patch fixing compilation with 5.15
Backport patch fixing compilation with 5.15 and musl provided by Robert Marko

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2022-03-05 21:05:45 +01:00
Oskari Rauta
ef4bf8b403 util-linux: add lsns
lsns lists system namespaces

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
2022-03-05 21:05:45 +01:00
Josef Schlehofer
0f432fa3a9 uboot-mvebu: backport patch to fix nvme detail crash
Steps to reproduce:
1. Insert NVMe disk with a reduction to Turris Omnia
2. Go to U-boot
3. Run these two commands:
a) ``nvme scan``
b) ``nvme detail``
4. Wait for crash

This is backported from U-boot upstream repository.
It should be included in the upcoming release - 2022.04 [1].

It was tested on Turris Omnia, mvebu, cortex-a9, OpenWrt master.

[1] https://patchwork.ozlabs.org/project/uboot/patch/20211209100639.21530-1-pali@kernel.org/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[Export the patch from U-Boot git]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-03-05 21:05:24 +01:00
Stijn Tintel
c2d7896a65 qosify: bump to git HEAD
interface: disable autorate-ingress by default

Also change the example config to reflect this.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-03-04 20:37:05 +02:00
Stijn Tintel
1848b25cdd qosify: add PKG_RELEASE
Without PKG_RELEASE, it's impossible to trigger package updates when
changing files included in the package that are not in the qosify git
repository.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Felix Fietkau <nbd@nbd.name>
2022-03-04 20:25:05 +02:00
Rui Salvaterra
247eaa4416 procd: remove support for mounting /tmp in zram
The /tmp directory is mounted as tmpfs. The tmpfs filesystem is backed by
anonymous memory, which means it can be swapped out at any time, if there is
memory pressure [1]. For this reason, a zram swap device is a much better
choice than mounting /tmp on zram, since it's able to compress all anonymous
memory, and not just the memory assigned to /tmp. We already have the zram-swap
package for this specific purpose, which means procd's tmp-on-zram is both
redundant and more limited.

A follow-up patch will remove support for mounting /tmp in zram from procd
itself.

[1] https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2022-03-03 20:22:25 +00:00
Catalin Toda
02e42f0650 kernel: kmod-tcp-scalable: add scalable tcp congestion algorithm
Signed-off-by: Catalin Toda <catalinii@gmail.com>
2022-03-01 21:25:47 +01:00
Florian Eckert
ba6a48366f ipset: update to 7.15
Update to the latest upstream version. In this version there is a new
tool with which you can convert ipsets into nftables sets. Since we are
now using nftables as default firewall, this could be a useful tool for
porting ipsets to nftables sets.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-01 21:17:30 +01:00
Paul Spooren
038d5bdab1 layerscape: use semantic versions for LSDK
PKG_VERSION should not contain the package name but the version only.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-01 00:01:18 +01:00
Etienne Champetier
d95b74f7c9 iptables: bump PKG_RELEASE
Following dependencies rework, bump PKG_RELEASE

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
39d50a2008 iptables: move libiptext* to their own packages
iptables-nft doesn't depend on libip{4,6}tc, so move
libiptext* libs in their own packages to clean up dependencies
Rename libxtables-nft to libiptext-nft

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
795e7155cb iptables: rename to ip(6)tables-legacy, add PROVIDES
Using PROVIDES allows to have other packages continue to
depend on iptables and users to pick between legacy and nft
version.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
316c406e62 iptables: move IPTABLES_{CONNLABEL,NFTABLES} to libxtables
Those 2 configs are not specific to iptables(-legacy)

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
d35a573004 iptables: make mod depend on libxtables
'iptables-mod-' can be used directly by firewall3, by
iptables and by iptables-nft. They are not linked to
iptables but to libxtables, so fix the dependencies to allow
to remove iptables(-legacy)

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
50d3271966 iptables: fix libnftnl/IPTABLES_NFTABLES dependency
libxtables doesn't depend on libnftnl, iptables-nft does,
so move the dependency to not pull libnftnl with firewall3/iptables-legacy

Also libxtables-nft depends on IPTABLES_NFTABLES

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Stijn Tintel
58212a6194 ubus: bump to git HEAD
66baa44 libubus: introduce new status messages
  b3cd5ab cli: use UBUS_STATUS_PARSE_ERROR
  584f56a cli: improve error logging for call command

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-28 16:18:37 +02:00
Yousong Zhou
43276b60c6 netfilter: add kmod-nft-tproxy
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2022-02-28 10:24:17 +08:00
Yousong Zhou
0225df1ec8 netfilter: add kmod-nft-socket
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2022-02-28 10:24:17 +08:00
Yousong Zhou
4f443c885d netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2022-02-28 10:24:17 +08:00
Piotr Dymacz
2d5b596b49 uboot-envtools: ath79: add support for ALFA Network Tube-2HQ
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2022-02-27 16:54:54 +01:00
Christian Lamparter
1753f8c14b firmware: intel-microcode: update to 20220207
Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>:

* upstream changelog: new upstream datafile 20220207
    * Mitigates (*only* when loaded from UEFI firmware through the FIT)
      CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through
      debug port, on Pentium, Celeron and Atom processors with signatures
      0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8
      https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
    * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint
      may cause a system hang, on many processors.
    * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due
      to improper sanitization of shared resources (fast-store forward
      predictor), on many processors.
    * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some
      Atom Processors may allow information disclosure or denial of service
      via network access.
    * Fixes critical errata (functional issues) on many processors
    * Adds a MSR switch to enable RAPL filtering (default off, once enabled
      it can only be disabled by poweroff or reboot).  Useful to protect
      SGX and other threads from side-channel info leak.  Improves the
      mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many
      processors.
    * Disables TSX in more processor models.
    * Fixes issue with WBINDV on multi-socket (server) systems which could
      cause resets and unpredictable system behavior.
    * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket
      Lake) processors, to control a fix for (hopefully rare) unpredictable
      processor behavior when HyperThreading is enabled.  This MSR switch
      is enabled by default on *server* processors.  On other processors,
      it needs to be explicitly enabled by an updated UEFI/BIOS (with added
      configuration logic).  An updated operating system kernel might also
      be able to enable it.  When enabled, this fix can impact performance.
    * Updated Microcodes:
      sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912
      sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552
      sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472
      sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816
      sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008
      sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840
      sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864
      sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672
      sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672
      sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648
      sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552
      sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408
      sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384
      sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544
      sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264
      sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840
      sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752
      sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776
      sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592
      sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816
      sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568
      sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256
      sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376
      sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448
      sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480
      sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480
      sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496
      sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400
      sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
      sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
      sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184
      sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208
      sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208
      sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208
      sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184
      sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400
    * Removed Microcodes:
      sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
  * update .gitignore and debian/.gitignore.
    Add some missing items from .gitignore and debian/.gitignore.
  * ucode-blacklist: do not late-load 0x406e3 and 0x506e3.
    When the BIOS microcode is older than revision 0x7f (and perhaps in some
    other cases as well), the latest microcode updates for 0x406e3 and
    0x506e3 must be applied using the early update method.  Otherwise, the
    system might hang.  Also: there must not be any other intermediate
    microcode update attempts [other than the one done by the BIOS itself],
    either.  It must go from the BIOS microcode update directly to the
    latest microcode update.
  * source: update symlinks to reflect id of the latest release, 20220207

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-26 19:52:41 +01:00
Sergey V. Lobanov
e6a4f30ed7 iucode-tool: fix host-compile on macos and non-x86 linux
iucode-tool/host is used by intel-microcode to manipulate with
microcode.bin file. iucode-tool requires cpuid.h at compile time
for autodection feature, but non-x86 build hosts does not have
this header file (e.g. ubuntu 20.04 aarch64) or this header
generates compile time error (#error macro) (e.g. macos arm64).

This patch provides compat cpuid.h to build iucode-tool/host on
non-x86 linux hosts and macos. CPU autodectection is not required
for intel-microcode package build so compat cpuid.h is ok for
OpenWrt purposes.

glibc and argp lib are not present in macos so iucode-tool/host
build fails. This patch adds argp-standalone/host as build
dependency if host os is macos.

Generated ucode (intel-microcode package) is exactly the same on
Linux x86_64 (Ubuntu 20.04), Linux aarch64 (Ubuntu 20.04) and
Darwin arm64 (MacOS 11.6) build hosts.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-02-26 19:52:41 +01:00
Sergey V. Lobanov
64d159cdad argp-standalone: add host-compile ability
This patch adds host-compile ability to argp-standalone for build
hosts without glibc and argp lib, e.g. MacOS.

iucode-tool/host can not be built on MacOS due to lack of argp.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-02-26 19:52:41 +01:00
Lucian Cristian
fbf485e6c6 mbedtls: update to 2.28.0 LTS branch
<https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0>
"Mbed TLS 2.28 is a long-time support branch.
It will be supported with bug-fixes and security
fixes until end of 2024."

<https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md>
"Currently, the only supported LTS branch is: mbedtls-2.28.
For a short time we also have the previous LTS, which has
recently ended its support period, mbedtls-2.16.
This branch will move into the archive namespace around the
time of the next release."

this will also add support for uacme ualpn support.

size changes
221586 libmbedtls12_2.28.0-1_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(remark about 2.16's EOS, slightly reworded)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-26 19:52:41 +01:00
Lech Perczak
7ac8da0060 ath79: support ZTE MF286A/R
ZTE MF286A and MF286R are indoor LTE category 6/7 CPE router with simultaneous
dual-band 802.11ac plus 802.11n Wi-Fi radios and quad-port gigabit
Ethernet switch, FXS and external USB 2.0 port.

Hardware highlights:
- CPU: QCA9563 SoC at 775MHz,
- RAM: 128MB DDR2,
- NOR Flash: MX25L1606E 2MB SPI Flash, for U-boot only,
- NAND Flash: W25N01GV 128MB SPI NAND-Flash, for all other data,
- Wi-Fi 5GHz: QCA9886 2x2 MIMO 802.11ac Wave2 radio,
- WI-Fi 2.4GHz: QCA9563 3x3 MIMO 802.11n radio,
- Switch: QCA8337v2 4-port gigabit Ethernet, with single SGMII CPU port,
- WWAN:
  [MF286A] MDM9230-based category 6 internal LTE modem
  [MF286R] PXA1826-based category 7 internal LTE modem
  in extended  mini-PCIE form factor, with 3 internal antennas and
  2 external antenna connections, single mini-SIM slot.
- FXS: one external ATA port (handled entirely by modem part) with two
  physical connections in parallel,
- USB: Single external USB 2.0 port,
- Switches: power switch, WPS, Wi-Fi and reset buttons,
- LEDs: Wi-Fi, Test (internal). Rest of LEDs (Phone, WWAN, Battery,
  Signal state) handled entirely by modem. 4 link status LEDs handled by
  the switch on the backside.
- Battery: 3Ah 1-cell Li-Ion replaceable battery, with charging and
  monitoring handled by modem.
- Label MAC device: eth0

The device shares many components with previous model, MF286, differing
mostly by a Wave2 5GHz radio, flash layout and internal LED color.
In case of MF286A, the modem is the same as in MF286. MF286R uses a
different modem based on Marvell PXA1826 chip.

Internal modem of MF286A is supported via uqmi, MF286R modem isn't fully
supported, but it is expected to use comgt-ncm for connection, as it
uses standard 3GPP AT commands for connection establishment.

Console connection: connector X2 is the console port, with the following
pinout, starting from pin 1, which is the topmost pin when the board is
upright:
- VCC (3.3V). Do not use unless you need to source power for the
  converer from it.
- TX
- RX
- GND
Default port configuration in U-boot as well as in stock firmware is
115200-8-N-1.

Installation:
Due to different flash layout from stock firmware, sysupgrade from
within stock firmware is impossible, despite it's based on QSDK which
itself is based on OpenWrt.

STEP 0: Stock firmware update:
As installing OpenWrt cuts you off from official firmware updates for
the modem part, it is recommended to update the stock firmware to latest
version before installation, to have built-in modem at the latest firmware
version.

STEP 1: gaining root shell:

Method 1:
This works if busybox has telnetd compiled in the binary.
If this does not work, try method 2.

Using well-known exploit to start telnetd on your router - works
only if Busybox on stock firmware has telnetd included:
- Open stock firmware web interface
- Navigate to "URL filtering" section by going to "Advanced settings",
  then "Firewall" and finally "URL filter".
- Add an entry ending with "&&telnetd&&", for example
  "http://hostname/&&telnetd&&".
- telnetd will immediately listen on port 4719.
- After connecting to telnetd use "admin/admin" as credentials.

Method 2:
This works if busybox does not have telnetd compiled in. Notably, this
is the case in DNA.fi firmware.
If this does not work, try method 3.

- Set IP of your computer to 192.168.0.22. (or appropriate subnet if
  changed)
- Have a TFTP server running at that address
- Download MIPS build of busybox including telnetd, for example from:
  https://busybox.net/downloads/binaries/1.21.1/busybox-mips
  and put it in it's root directory. Rename it as "telnetd".
- As previously, login to router's web UI and navigate to "URL
  filtering"
- Using "Inspect" feature, extend "maxlength" property of the input
  field named "addURLFilter", so it looks like this:
  <input type="text" name="addURLFilter" id="addURLFilter" maxlength="332"
    class="required form-control">
- Stay on the page - do not navigate anywhere
- Enter "http://aa&zte_debug.sh 192.168.0.22 telnetd" as a filter.
- Save the settings. This will download the telnetd binary over tftp and
  execute it. You should be able to log in at port 23, using
  "admin/admin" as credentials.

Method 3:
If the above doesn't work, use the serial console - it exposes root shell
directly without need for login. Some stock firmwares, notably one from
finnish DNA operator lack telnetd in their builds.

STEP 2: Backing up original software:
As the stock firmware may be customized by the carrier and is not
officially available in the Internet, IT IS IMPERATIVE to back up the
stock firmware, if you ever plan to returning to stock firmware.
It is highly recommended to perform backup using both methods, to avoid
hassle of reassembling firmware images in future, if a restore is
needed.

Method 1: after booting OpenWrt initramfs image via TFTP:
PLEASE NOTE: YOU CANNOT DO THIS IF USING INTERMEDIATE FIRMWARE FOR INSTALLATION.
- Dump stock firmware located on stock kernel and ubi partitions:

  ssh root@192.168.1.1: cat /dev/mtd4 > mtd4_kernel.bin
  ssh root@192.168.1.1: cat /dev/mtd9 > mtd9_ubi.bin

And keep them in a safe place, should a restore be needed in future.

Method 2: using stock firmware:
- Connect an external USB drive formatted with FAT or ext4 to the USB
  port.
- The drive will be auto-mounted to /var/usb_disk
- Check the flash layout of the device:

  cat /proc/mtd

  It should show the following:
  mtd0: 000a0000 00010000 "u-boot"
  mtd1: 00020000 00010000 "u-boot-env"
  mtd2: 00140000 00010000 "reserved1"
  mtd3: 000a0000 00020000 "fota-flag"
  mtd4: 00080000 00020000 "art"
  mtd5: 00080000 00020000 "mac"
  mtd6: 000c0000 00020000 "reserved2"
  mtd7: 00400000 00020000 "cfg-param"
  mtd8: 00400000 00020000 "log"
  mtd9: 000a0000 00020000 "oops"
  mtd10: 00500000 00020000 "reserved3"
  mtd11: 00800000 00020000 "web"
  mtd12: 00300000 00020000 "kernel"
  mtd13: 01a00000 00020000 "rootfs"
  mtd14: 01900000 00020000 "data"
  mtd15: 03200000 00020000 "fota"
  mtd16: 01d00000 00020000 "firmware"

  Differences might indicate that this is NOT a MF286A device but
  one of other variants.
- Copy over all MTD partitions, for example by executing the following:

  for i in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do cat /dev/mtd$i > \
  /var/usb_disk/mtd$i; done

  "Firmware" partition can be skipped, it is a concatenation
  of "kernel" and "rootfs".

- If the count of MTD partitions is different, this might indicate that
  this is not a MF286A device, but one of its other variants.
- (optionally) rename the files according to MTD partition names from
  /proc/mtd
- Unmount the filesystem:

  umount /var/usb_disk; sync

  and then remove the drive.
- Store the files in safe place if you ever plan to return to stock
  firmware. This is especially important, because stock firmware for
  this device is not available officially, and is usually customized by
  the mobile providers.

STEP 3: Booting initramfs image:

Method 1: using serial console (RECOMMENDED):
- Have TFTP server running, exposing the OpenWrt initramfs image, and
  set your computer's IP address as 192.168.0.22. This is the default
  expected by U-boot. You may wish to change that, and alter later
  commands accordingly.
- Connect the serial console if you haven't done so already,
- Interrupt boot sequence by pressing any key in U-boot when prompted
- Use the following commands to boot OpenWrt initramfs through TFTP:

  setenv serverip 192.168.0.22
  setenv ipaddr 192.168.0.1
  tftpboot 0x81000000 openwrt-ath79-nand-zte_mf286a-initramfs-kernel.bin
  bootm 0x81000000

  (Replace server IP and router IP as needed). There is no  emergency
  TFTP boot sequence triggered by buttons, contrary to MF283+.
- When OpenWrt initramfs finishes booting, proceed to actual
  installation.

Method 2: using initramfs image as temporary boot kernel
This exploits the fact, that kernel and rootfs MTD devices are
consecutive on NAND flash, so from within stock image, an initramfs can
be written to this area and booted by U-boot on next reboot, because it
uses "nboot" command which isn't limited by kernel partition size.
- Download the initramfs-kernel.bin image
- After backing up the previous MTD contents, write the images to the
  "firmware" MTD device, which conveniently concatenates "kernel" and
  "rootfs" partitions that can fit the initramfs image:

  nandwrite -p /dev/<firmware-mtd> \
  /var/usb_disk/openwrt-ath79-zte_mf286a-initramfs-kernel.bin

- If write is OK, reboot the device, it will reboot to OpenWrt
  initramfs:

  reboot -f

- After rebooting, SSH into the device and use sysupgrade to perform
  proper installation.

Method 3: using built-in TFTP recovery (LAST RESORT):
- With that method, ensure you have complete backup of system's NAND
  flash first. It involves deliberately erasing the kernel.
- Download "-initramfs-kernel.bin" image for the device.
- Prepare the recovery image by prepending 8MB of zeroes to the image,
  and name it root_uImage:

  dd if=/dev/zero of=padding.bin bs=8M count=1

  cat padding.bin openwrt-ath79-nand-zte_mf286a-initramfs-kernel.bin >
  root_uImage

- Set up a TFTP server at 192.0.0.1/8. Router will use random address
  from that range.
- Put the previously generated "root_uImage" into TFTP server root
  directory.
- Deliberately erase "kernel" partition" using stock firmware after
  taking backup. THIS IS POINT OF NO RETURN.
- Restart the device. U-boot will attempt flashing the recovery
  initramfs image, which will let you perform actual installation using
  sysupgrade. This might take a considerable time, sometimes the router
  doesn't establish Ethernet link properly right after booting. Be
  patient.
- After U-boot finishes flashing, the LEDs of switch ports will all
  light up. At this moment, perform power-on reset, and wait for OpenWrt
  initramfs to finish booting. Then proceed to actual installation.

STEP 4: Actual installation:
- Set your computer IP to 192.168.1.22/24
- scp the sysupgrade image to the device:

  scp openwrt-ath79-nand-zte_mf286a-squashfs-sysupgrade.bin \
  root@192.168.1.1:/tmp/

- ssh into the device and execute sysupgrade:

  sysupgrade -n /tmp/openwrt-ath79-nand-zte_mf286a-squashfs-sysupgrade.bin

- Wait for router to reboot to full OpenWrt.

STEP 5: WAN connection establishment
Since the router is equipped with LTE modem as its main WAN interface, it
might be useful to connect to the Internet right away after
installation. To do so, please put the following entries in
/etc/config/network, replacing the specific configuration entries with
one needed for your ISP:

config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option auth '<auth>' # As required, usually 'none'
        option pincode '<pin>' # If required by SIM
        option apn '<apn>' # As required by ISP
        option pdptype '<pdp>' # Typically 'ipv4', or 'ipv4v6' or 'ipv6'

For example, the following works for most polish ISPs
config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option auth 'none'
        option apn 'internet'
        option pdptype 'ipv4'

The required minimum is:
config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
In this case, the modem will use last configured APN from stock
firmware - this should work out of the box, unless your SIM requires
PIN which can't be switched off.

If you have build with LuCI, installing luci-proto-qmi helps with this
task.

Restoring the stock firmware:

Preparation:
If you took your backup using stock firmware, you will need to
reassemble the partitions into images to be restored onto the flash. The
layout might differ from ISP to ISP, this example is based on generic stock
firmware
The only partitions you really care about are "web", "kernel", and
"rootfs". These are required to restore the stock firmware through
factory TFTP recovery.

Because kernel partition was enlarged, compared to stock
firmware, the kernel and rootfs MTDs don't align anymore, and you need
to carve out required data if you only have backup from stock FW:
- Prepare kernel image
  cat mtd12_kernel.bin mtd13_rootfs.bin > owrt_kernel.bin
  truncate -s 4M owrt_kernel_restore.bin
- Cut off first 1MB from rootfs
  dd if=mtd13_rootfs.bin of=owrt_rootfs.bin bs=1M skip=1
- Prepare image to write to "ubi" meta-partition:
  cat mtd6_reserved2.bi mtd7_cfg-param.bin mtd8_log.bin mtd9_oops.bin \
  mtd10_reserved3.bin mtd11_web.bin owrt_rootfs.bin > \
  owrt_ubi_ubi_restore.bin

You can skip the "fota" partition altogether,
it is used only for stock firmware update purposes and can be overwritten
safely anyway. The same is true for "data" partition which on my device
was found to be unused at all. Restoring mtd5_cfg-param.bin will restore
the stock firmware configuration you had before.

Method 1: Using initramfs:
This method is recmmended if you took your backup from within OpenWrt
initramfs, as the reassembly is not needed.
- Boot to initramfs as in step 3:
- Completely detach ubi0 partition using ubidetach /dev/ubi0_0
- Look up the kernel and ubi partitions in /proc/mtd
- Copy over the stock kernel image using scp to /tmp
- Erase kernel and restore stock kernel:
  (scp mtd4_kernel.bin root@192.168.1.1:/tmp/)
  mtd write <kernel_mtd> mtd4_kernel.bin
  rm mtd4_kernel.bin
- Copy over the stock partition backups one-by-one using scp to /tmp, and
  restore them individually. Otherwise you might run out of space in
  tmpfs:

  (scp mtd3_ubiconcat0.bin root@192.168.1.1:/tmp/)

  mtd write <ubiconcat0_mtd> mtd3_ubiconcat0.bin
  rm mtd3_ubiconcat0.bin

  (scp mtd5_ubiconcat1.bin root@192.168.1.1:/tmp/)

  mtd write <ubiconcat1_mtd> mtd5_ubiconcat1.bin
  rm mtd5_ubiconcat1.bin

- If the write was correct, force a device reboot with

  reboot -f

Method 2: Using live OpenWrt system (NOT RECOMMENDED):
- Prepare a USB flash drive contatining MTD backup files
- Ensure you have kmod-usb-storage and filesystem driver installed for
  your drive
- Mount your flash drive

  mkdir /tmp/usb

  mount /dev/sda1 /tmp/usb

- Remount your UBI volume at /overlay to R/O

  mount -o remount,ro /overlay

- Write back the kernel and ubi partitions from USB drive

  cd /tmp/usb
  mtd write mtd4_kernel.bin /dev/<kernel_mtd>

  mtd write mtd9_ubi.bin /dev/<kernel_ubi>

- If everything went well, force a device reboot with
  reboot -f

Last image may be truncated a bit due to lack of space in RAM, but this will happen over "fota"
MTD partition which may be safely erased after reboot anyway.

Method 3: using built-in TFTP recovery:
This method is recommended if you took backups using stock firmware.
- Assemble a recovery rootfs image from backup of stock partitions by
  concatenating "web", "kernel", "rootfs" images dumped from the device,
  as "root_uImage"
- Use it in place of "root_uImage" recovery initramfs image as in the
  TFTP pre-installation method.

Quirks and known issuesa
- It was observed, that CH340-based USB-UART converters output garbage
  during U-boot phase of system boot. At least CP2102 is known to work
  properly.
- Kernel partition size is increased to 4MB compared to stock 3MB, to
  accomodate future kernel updates - at this moment OpenWrt 5.10 kernel
  image is at 2.5MB which is dangerously close to the limit. This has no
  effect on booting the system - but keep that in mind when reassembling
  an image to restore stock firmware.
- uqmi seems to be unable to change APN manually, so please use the one
  you used before in stock firmware first. If you need to change it,
  please use protocok '3g' to establish connection once, or use the
  following command to change APN (and optionally IP type) manually:
  echo -ne 'AT+CGDCONT=1,"IP","<apn>' > /dev/ttyUSB0
- The only usable LED as a "system LED" is the blue debug LED hidden
  inside the case. All other LEDs are controlled by modem, on which the
  router part has some influence only on Wi-Fi LED.
- Wi-Fi LED currently doesn't work while under OpenWrt, despite having
  correct GPIO mapping. All other LEDs are controlled by modem,
  including this one in stock firmware. GPIO19, mapped there only acts
  as a gate, while the actual signal source seems to be 5GHz Wi-Fi
  radio, however it seems it is not the LED exposed by ath10k as
  ath10k-phy0.
- GPIO5 used for modem reset is a suicide switch, causing a hardware
  reset of whole board, not only the modem. It is attached to
  gpio-restart driver, to restart the modem on reboot as well, to ensure
  QMI connectivity after reboot, which tends to fail otherwise.
- Modem, as in MF283+, exposes root shell over ADB - while not needed
  for OpenWrt operation at all - have fun lurking around.
  The same modem module is used as in older MF286.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-02-26 17:46:10 +01:00
Petr Štetiar
104e912c27 usbmode: update to version 2022-02-24
* usbmode: add config #0 and delay before actual config

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-26 13:36:30 +01:00
Vladislav Grigoryev
abd18bd033 jsonfilter: update makefile url
Specify URL as PKG_SOURCE_URL in the jsonfilter Makefile.

Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
2022-02-26 13:36:30 +01:00
Christian Lamparter
e126a1e413 mac80211: add #if guards against 5.4 compile failures
Both struct net_device_path_ctx and struct net_device_path
are not available in 5.4. This causes an build error on the
bcm63xx target.

|mac80211/driver-ops.h: In function 'drv_net_fill_forward_path':
|driver-ops.h:1502:57: error: passing argument 4 of
|'local->ops->net_fill_forward_path' from incompatible pointer type
| [-Werror=incompatible-pointer-types]
| 1502 |                          ctx, path);
|      |                          ^~~
|      |                            |
|      |                         struct net_device_path_ctx *

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-25 17:27:28 +01:00
Hannu Nyman
97158fe10e kernel: package ramoops pstore-ram crash log storage
Package the ability to log kernel crashes to 'ramoops' pstore
files into RAM in /sys/fs/pstore

Reference to the ramoops admin guide in upstream Linux:
https://www.kernel.org/doc/html/v5.10/admin-guide/ramoops.html

The files in RAM survive a warm reboot, but not a cold reboot.

Note: kmod-ramoops selects kmod-pstore and kmod-reed-solomon.

The feature can be used by selecting the kmod-ramoops and
adding a ramoops reserved-memory definition to the device DTS.
Example from R7800:

       reserved-memory {
                rsvd@5fe00000 {
                        reg = <0x5fe00000 0x200000>;
                        reusable;
                };

                ramoops@42100000 {
                        compatible = "ramoops";
                        reg = <0x42100000 0x40000>;
                        record-size = <0x4000>;
                        console-size = <0x4000>;
                        ftrace-size = <0x4000>;
                        pmsg-size = <0x4000>;
                };
        };

If no definition has been made in DTS, no crash log is stored
for the device.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(added CONFIG_EFI_VARS_PSTORE disable)
2022-02-24 20:45:12 +01:00
Jax Jiang
1050e66c8f x86: grub2: search for the "kernel" filesystem on all disks
Previously, grub2 was hardcoded to always look on "hd0" for the
kernel.

This works well when the system only had a single disk.
But if there was a second disk/stick present, it may have look
on the wrong drive because of enumeration races.

This patch utilizes grub2 search function to look for a filesystem
with the label "kernel". This works thanks to existing setup in
scripts/gen_image_generic.sh. Which sets the "kernel" label on
both the fat and ext4 filesystem variants.

Signed-off-by: Jax Jiang <jax.jiang.007@gmail.com>
Suggested-by: Alberto Bursi <bobafetthotmail@gmail.com> (MX100 WA)
(word wrapped, slightly rewritten commit message, removed MX100 WA)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-24 20:45:12 +01:00
Claudiu Beznea
3e53eec589 at91: add support for sama7g5-ek board
Add support for SAMA7G5-EK board.
Hardware:
- SoC: SAMA7G5
- RAM: Aliance Memory AS4C256M16D3LC (4 Gbit DDR3L)
- SD/MMC: 1 standard 4bit SD Card interface
- USB: 1 Micro-AB host/device, 1 Type-A host, 1 Type-C host
- CAN: 2 interfaces
- Ethernet: 10/100 port, 1Gbps port
- Wi-Fi/BT: 1 optional interface
- Audio: 1 SPDIF RX port, 1 SPDIF TX port, 4 digital microphones
- Camera: 1 RPi CSI camera interface
- Debug: 1 J-Link-OB + CDC, 1 JTAG
- LEDs: 1 RGB
- Buttons: 4 push buttons
- Expansions: 1 RPi Expansion connector, 2 mikroBUS connectors
- Power management: 1 power management IC, 1 power consumption
  measurement device

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-02-24 19:05:29 +01:00
Claudiu Beznea
3ed992a996 uboot-at91: update to linux4sam-2021.10
Update uboot-at91 to linux4sam-2021.10 version.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-02-24 19:05:28 +01:00
Claudiu Beznea
bf13b2da2a at91bootstrap: update to v3.10.4, v4.0.1
AT91Bootstrap version 4 is available only for SAM9X60, SAMA5D2, SAMA5D3,
SAMA5D4, SAMA7G5. Thus use v4.0.1 for the above targets and v3.10.4 for
the rest of them. With the switch to v4 AT91Bootstrap binaries are now
on build/binaries. Take also this into account. Also, patches directory
is not needed anymore with the version update.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-02-24 19:05:28 +01:00
Rucke Teg
e040d31177 base-file: remove password aging feature form /etc/shadow
In the default shadow file, as visible in the failsafe mode, the user
root has value of `0` set in  the 3rd field, the date of last password
change. This setting means that the password needs to be changed the
next time the user will log in the system. `dropbear` server is ignoring
this setting but `openssh-server` tries to enforce it and fails in the
failsafe mode because the rootfs is R/O.

Disable the password aging feature for user root by setting the 3rd
filed empty.

Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
2022-02-24 18:10:30 +01:00
Nick Lowe
e8d048c5e0 hostapd: SAE - Enable hunting-and-pecking and H2E
Enable both the hunting-and-pecking loop and hash-to-element mechanisms
by default in OpenWRT with SAE.

Commercial Wi-Fi solutions increasingly frequently now ship with both
hunting-and-pecking and hash-to-element (H2E) enabled by default as this
is more secure and more performant than offering hunting-and-pecking
alone for H2E capable clients.

The hunting and pecking loop mechanism is inherently fragile and prone to
timing-based side channels in its design and is more computationally
intensive to perform. Hash-to-element (H2E) is its long-term
replacement to address these concerns.

For clients that only support the hunting-and-pecking loop mechanism,
this is still available to use by default.

For clients that in addition support, or were to require, the
hash-to-element (H2E) mechanism, this is then available for use.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2022-02-24 18:04:05 +01:00
Petr Štetiar
b9251e3b40 wolfssl: fix API breakage of SSL_get_verify_result
Backport fix for API breakage of SSL_get_verify_result() introduced in
v5.1.1-stable.  In v4.8.1-stable SSL_get_verify_result() used to return
X509_V_OK when used on LE powered sites or other sites utilizing
relaxed/alternative cert chain validation feature. After an update to
v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA
error and thus rendered all such connection attempts imposible:

 $ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org"
 Downloading 'https://letsencrypt.org'
 Connecting to 18.159.128.50:443
 Connection error: Invalid SSL certificate

Fixes: #9283
References: https://github.com/wolfSSL/wolfssl/issues/4879
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-22 20:27:15 +01:00
Daniel Golle
2baded9ecc
base-files: make sure tools are present in sysupgrade ramdisk
Not all targets create /var/lock or touch /var/lock/fw_printenv.lock in
their platform.sh. This is problematic as fw_printenv then fails in
case /var/lock/fw_printenv.lock has not been created by previous calls
to fw_printenv/fw_setenv before sysupgrade is run.

Targets using fw_printenv/fw_setenv during sysupgrade:
 * ath79/*
 * ipq40xx/*
 * ipq806x/*
 * kirkwood/*
 * layerscape/*
 * mediatek/mt7622
 * mvebu/*
 * ramips/*
 * realtek/*

Targets currently using additional steps in /lib/upgrade/platform.sh
to make sure /var/lock/fw_printenv.lock (or at least /var/lock)
actually exists:
 * ath79/* (openmesh devices)
 * ipq40xx/* (linksys devices)
 * ipq806x/* (linksys devices)
 * kirkwood/* (linksys devices)
 * layerscape/*
 * mvebu/cortexa9 (linksys devices)

Given that accessing the U-Boot environment during sysupgrade is not
uncommon and the situation across targets is currently quite diverse,
just make sure both tools as well fw_env.config are always copied to
the ramdisk used for sysupgrade. Also make sure /var/lock always
exists.

This now allows to remove copying of fw_printenv/fw_setenv as well as
fw_env.config, creation of /var/lock or even /var/lock/fw_printenv.lock
from lib/upgrade/platform.sh or files included there.

As the same applies also to 'fwtool' which is used by generic eMMC
sysupgrade, also always copy that to ramdisk.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-22 19:16:03 +00:00
Eneas U de Queiroz
0134f845da openssl: configure engines with uci
This uses uci to configure engines, by generating a list of enabled
engines in /var/etc/ssl/engines.cnf from engines configured in
/etc/config/openssl:

    config engine 'devcrypto'
            option enabled '1'

Currently the only options implemented are 'enabled', which defaults to
true and enables the named engine, and the 'force' option, that enables
the engine even if the init script thinks the engine does not exist.

The existence test is to check for either a configuration file
/etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file
/usr/lib/engines-1.1/%ENGINE%.so.

The engine list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped.  It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-02-22 16:37:23 +01:00
Eneas U de Queiroz
30b0351039 openssl: configure engine packages during install
This enables an engine during its package's installation, by adding it
to the engines list in /etc/ssl/engines.cnf.d/engines.cnf.

The engine build system was reworked, with the addition of an engine.mk
file that groups some of the engine packages' definitions, and could be
used by out of tree engines as well.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-02-22 16:37:23 +01:00
Eneas U de Queiroz
17a6ca12d3 openssl: config engines in /etc/ssl/engines.cnf.d
This changes the configuration of engines from the global openssl.cnf to
files in the /etc/ssl/engines.cnf.d directory.  The engines.cnf file has
the list of enabled engines, while each engine has its own configuration
file installed under /etc/ssl/engines.cnf.d.

Patches were refreshed with --zero-commit.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-02-22 16:37:23 +01:00
Felix Fietkau
cbfce92367 qosify: update to the latest version
65b42032063f interface: add missing autorate-ingress options

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-20 18:13:14 +01:00
Josef Schlehofer
696f0a1cb4 uboot-mvebu: backport pending patches for Marvell A38x
100-ddr-marvell-a38x-fix-BYTE_HOMOGENEOUS_SPLIT_OUT-deci.patch [1]:
SoC Marvell A38x is used in Turris Omnia, and we thought that with recent
fiddling around DDR training to fix it once for all, there were
reproduced the issue in the upcoming new revision Turris Omnia boards.

101-arm-mvebu-spl-Add-option-to-reset-the-board-on-DDR-t.patch [2]:
This is useful when some board may occasionally fail with DDR training,
and it adds the option to reset the board on the DDR training failure

102-arm-mvebu-turris_omnia-Reset-the-board-immediately-o.patch [3]:
This enables the option CONFIG_DDR_RESET_ON_TRAINING_FAILURE (added by
101 patch), so the Turris Omnia board is restarted immediately, and it
does not require to reset the board manually or wait 120s for MCU to
reset the board

[1] https://patchwork.ozlabs.org/project/uboot/patch/20220217000837.13003-1-kabel@kernel.org/
[2] https://patchwork.ozlabs.org/project/uboot/patch/20220217000849.13028-1-kabel@kernel.org/
[3] https://patchwork.ozlabs.org/project/uboot/patch/20220217000849.13028-2-kabel@kernel.org/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-02-20 14:26:42 +01:00
Florian Eckert
808210d992 mac80211: add debug compile option for rtw88 devices
This commit adds the following package compile options.

CONFIG_PACKAGE_RTW88_DEBGUG:
Compile the driver with additional debug logging output

CONFIG_PACKAGE_RTW88_DEBGUGFS:
Add the possibility to map information about the driver rtw88 into
debugfs.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-02-20 14:26:40 +01:00
Lech Perczak
411940ded4 ath79: uboot-envtools: fix partition for ZTE MF286
By mistake, a wrong partition for U-boot environment was introduced for
ZTE MF286 while adding support, when flash layout wasn't finalized. Fix
that, according to the actual flash layout:
dev:    size   erasesize  name
mtd0: 00140000 00020000 "fota-flag"
mtd1: 00140000 00020000 "caldata"
mtd2: 00140000 00020000 "mac"
mtd3: 00f40000 00020000 "ubiconcat0"
mtd4: 00400000 00020000 "kernel"
mtd5: 06900000 00020000 "ubiconcat1"
mtd6: 00080000 00010000 "u-boot"
mtd7: 00020000 00010000 "u-boot-env"
mtd8: 07840000 00020000 "ubi"

Fixes: 8c78a13bfc ("ath79: support ZTE MF286")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-02-20 14:04:38 +01:00
Petr Štetiar
d8bf730fe0 netifd: bump to version 2022-02-20
Contains following changes:

 136006b88826 cmake: fix usage of implicit library and include paths
 bc0e84d689e2 netifd: interface-ip: don't set fib6 policies if ipv6 disabled

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-20 10:52:55 +01:00
Sungbo Eo
19a90262df wireless-regdb: update to version 2022.02.18
e061299 wireless-regdb: Raise DFS TX power limit to 250 mW (24 dBm) for the US
2ce78ed wireless-regdb: Update regulatory rules for Croatia (HR) on 6GHz
0d39f4c wireless-regdb: Update regulatory rules for South Korea (KR)
acad231 wireless-regdb: Update regulatory rules for France (FR) on 6 and 60 GHz
ea83a82 wireless-regdb: add support for US S1G channels
4408149 wireless-regdb: add 802.11ah bands to world regulatory domain
5f3cadc wireless-regdb: Update regulatory rules for Spain (ES) on 6GHz
e0ac69b Revert "wireless-regdb: Update regulatory rules for South Korea (KR)"
40e5e80 wireless-regdb: Update regulatory rules for South Korea (KR)
e427ff2 wireless-regdb: Update regulatory rules for China (CN)
0970116 wireless-regdb: Update regulatory rules for the Netherlands (NL) on 6GHz
4dac44b wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-02-20 13:47:57 +09:00
Christian Lamparter
2aa97ecb59 kernel: add kmod-hwmon-lm70 support
package hwmon's lm70.ko. This module supports the
National Semiconductor/TI LM70,LM71,LM74 and
TI TMP121,TMP122,TMP123 and TMP124 chips (all SPI).

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-19 19:34:18 +01:00
Martin Kennedy
cfe79f2eb8 mpc85xx: Patch HiveAP 330 u-boot to fix boot
When Kernel 5.10 was enabled for mpc85xx, the kernel once again became too
large upon decompression (>7MB or so) to decompress itself on boot (see
FS#4110[1]).

There have been many attempts to fix booting from a compressed kernel on
the HiveAP-330:

- b683f1c36d ("mpc85xx: Use gzip compressed kernel on HiveAP-330")
- 98089bb8ba ("mpc85xx: Use uncompressed kernel on the HiveAP-330")
- 26cb167a5c ("mpc85xx: Fix Aerohive HiveAP-330 initramfs image")

We can no longer compress the kernel due to size, and the stock bootloader
does not support any other types of compression. Since an uncompressed
kernel no longer fits in the 8MiB kernel partition at 0x2840000, we need to
patch u-boot to autoboot by running variable which isn't set by the
bootloader on each autoboot.

This commit repartitions the HiveAP, requiring a new COMPAT_VERSION,
and uses the DEVICE_COMPAT_MESSAGE to guide the user to patch u-boot,
which changes the variable run on boot to be `owrt_boot`; the user can
then set the value of that variable appropriately.

The following has been documented in the device's OpenWrt wiki page:
<https://openwrt.org/toh/aerohive/hiveap-330>. Please look there
first/too for more information.

The from-stock and upgrade from a previous installation now becomes:

0) setup a network with a dhcp server and a tftp server at serverip
(192.168.1.101) with the initramfs image in the servers root directory.

1) Hook into UART (9600 baud) and enter U-Boot. You may need to enter
a password of administrator or AhNf?d@ta06 if prompted. If the password
doesn't work. Try reseting the device by pressing and holding the reset
button with the stock OS.

2) Once in U-Boot, set the new owrt_boot and tftp+boot the initramfs image:
   Use copy and paste!

 # fw_setenv owrt_boot 'setenv bootargs \"console=ttyS0,$baudrate\";bootm 0xEC040000 - 0xEC000000'
 # save
 # dhcp
 # setenv bootargs console=ttyS0,$baudrate
 # tftpboot 0x1000000 192.168.1.101:openwrt-mpc85xx-p1020-aerohive_hiveap-330-initramfs-kernel.bin
 # bootm

3) Once openwrt booted:
carefully copy and paste this into the root shell. One step at a time

  # 3.0 install kmod-mtd-rw from the internet and load it

  opkg update; opkg install kmod-mtd-rw
  insmod mtd-rw i_want_a_brick=y

  # 3.1 create scripts that modifies uboot

cat <<- "EOF" > /tmp/uboot-update.sh
  . /lib/functions/system.sh
  cp "/dev/mtd$(find_mtd_index 'u-boot')" /tmp/uboot
  cp /tmp/uboot /tmp/uboot_patched
  ofs=$(strings -n80 -td < /tmp/uboot | grep '^ [0-9]* setenv bootargs.*cp\.l' | cut -f2 -d' ')
  for off in $ofs; do
    printf "run owrt_boot;            " | dd of=/tmp/uboot_patched bs=1 seek=${off} conv=notrunc
  done
  md5sum /tmp/uboot*
EOF

  # 3.2 run the script to do the modification

  sh /tmp/uboot-update.sh

  # verify that /tmp/uboot and /tmp/uboot_patched are good
  #
  # my uboot was: (is printed during boot)
  # U-Boot 2009.11 (Jan 12 2017 - 00:27:25), Build: jenkins-HiveOS-Honolulu_AP350_Rel-245
  #
  # d84b45a2e8aca60d630fbd422efc6b39  /tmp/uboot
  # 6dc420f24c2028b9cf7f0c62c0c7f692  /tmp/uboot_patched
  # 98ebc7e7480ce9148cd2799357a844b0  /tmp/uboot-update.sh <-- just for reference

  # 3.3 this produces the /tmp/u-boot_patched file.

  mtd write /tmp/uboot_patched u-boot

3) scp over the sysupgrade file to /tmp/ and run sysupgrade to flash OpenWrt:

  sysupgrade -n /tmp/openwrt-mpc85xx-p1020-aerohive_hiveap-330-squashfs-sysupgrade.bin

4) after the reboot, you are good to go.

Other notes:

- Note that after this sysupgrade, the AP will be unavailable for 7 minutes
  to reformat flash. The tri-color LED does not blink in any way to
  indicate this, though there is no risk in interrupting this process,
  other than the jffs2 reformat being reset.

- Add a uci-default to fix the compat version. This will prevent updates
  from previous versions without going through the installation process.

- Enable CONFIG_MTD_SPLIT_UIMAGE_FW and adjust partitioning to combine
  the kernel and rootfs into a single dts partition to maximize storage
  space, though in practice the kernel can grow no larger than 16MiB due
  to constraints of the older mpc85xx u-boot platform.

- Because of that limit, KERNEL_SIZE has been raised to 16m.

- A .tar.gz of the u-boot source for the AP330 (a.k.a. Goldengate) can
  be found here[2].

- The stock-jffs2 partition is also removed to make more space -- this
  is possible only now that it is no longer split away from the rootfs.

- the console-override is gone. The device will now get the console
  through the bootargs. This has the advantage that you can set a different
  baudrate in uboot and the linux kernel will stick with it!

- due to the repartitioning, the partition layout and names got a makeover.

- the initramfs+fdt method is now combined into a MultiImage initramfs.
  The separate fdt download is no longer needed.

- added uboot-envtools to the mpc85xx target. All targets have uboot and
  this way its available in the initramfs.

[1]: https://bugs.openwrt.org/index.php?do=details&task_id=4110
[2]: magnet:?xt=urn:btih:e53b27006979afb632af5935fa0f2affaa822a59

Tested-by: Martin Kennedy <hurricos@gmail.com>
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
(rewrote parts of the commit message, Initramfs-MultiImage,
dropped bootargs-override, added wiki entry + link, uboot-envtools)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-19 19:20:29 +01:00
Rosen Penev
fbb8e1ef45 ksmbd: add out-of-tree module
ksmbd is an upstream linux alternative to Samba which is lighterweight
and more performant, especially on underpowered devices.

Moving it here from the packages feed as it is now an upstream kernel
module. Also easier to update as version updates can be coordinated better

The next LTS kernel (5.15) has this included. A depend on kernel < 5.15
will need to be added later.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-19 18:29:42 +01:00
Rosen Penev
666d427652 linux/modules: split up oid_registry
This will be needed by ksmbd in a following commit.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-19 18:29:42 +01:00
Eneas U de Queiroz
e6df13d0e1 hostapd: fallback to psk when generating r0kh/r1kh
The 80211r r0kh and r1kh defaults are generated from the md5sum of
"$mobility_domain/$auth_secret".  auth_secret is only set when using EAP
authentication, but the default key is used for SAE/PSK as well.  In
this case,  auth_secret is empty, and the default value of the key can
be computed from the SSID alone.

Fallback to using $key when auth_secret is empty.  While at it, rename
the variable holding the generated key from 'key' to 'ft_key', to avoid
clobbering the PSK.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[make ft_key local]
Signed-off-by: David Bauer <mail@david-bauer.net>
2022-02-19 16:14:52 +01:00
David Bauer
6f78723977 hostapd: add STA extended capabilities to get_clients
Add the STAs extended capabilities to the ubus STA information. This
way, external daemons can be made aware of a STAs capabilities.

This field is of an array type and contains 0 or more bytes of a STAs
advertised extended capabilities.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-02-19 16:14:45 +01:00
Alexey Smirnov
66071729a2 base-files: add support for heartbeat led trigger
This patch adds support for creation heartbeat led trigger with,
for example, this command:

	ucidef_set_led_heartbeat "..." "..." "..."

from /etc/board.d/01_leds.

Signed-off-by: Alexey Smirnov <s.alexey@gmail.com>
2022-02-19 13:10:01 +01:00
Mauri Sandberg
2c211a901d gpio-nxp-74hc153: remove package
This module was used solely by Buffalo WZR-HP-G300NH devices
and has become obsolete with the introduction of gpio-cascade.

Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
2022-02-19 13:10:01 +01:00
Mauri Sandberg
2f50d65161 kernel: add package kmod-gpio-cascade
Adds kernel module for Generic GPIO cascade.

Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [missing commit description]
2022-02-19 13:10:01 +01:00
Mauri Sandberg
15f0074beb kernel: add package kmod-multiplexer
Adds new kernel module for GPIO controlled multiplexer support.

Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [missing commit description]
2022-02-19 13:10:01 +01:00
Daniel Golle
48ace62114
procd: update to git HEAD
a87d010 uxc: remove unused printf parameter
 ad65249 instance: exit in case asprintf() fails

Build with glibc should again work after this commit.

Fixes: e9e61d76fd ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-19 00:11:55 +00:00
Daniel Golle
e9e61d76fd
procd: update to git HEAD
df1123e uxc: add support for user-defined settings
 0272c7c uxc: allow editing settings using 'create'
 a839518 uxc: clean up error handling

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-18 03:03:34 +00:00
Daniel Golle
397de50089
base-files: Make sure rootfs_data_max is considered
For sysupgrade on NAND/UBI devices there is the U-Boot environment
variable rootfs_data_max which can be used to limit the size of the
rootfs_data volume created on sysupgrade.
This stopped working reliable with recent kernels, probably due to a
race condition when reading the number of free erase blocks from sysfs
just after removing a volume.
Change the script to just try creating rootfs_data with the desired
size and retry with maximum size in case that fails. Hence calculating
the available size in the script can be dropped which works around the
problem.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-17 15:15:42 +00:00
Stijn Tintel
add7884cd0 libnetfilter-conntrack: bump to 1.0.9
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2022-02-17 13:59:44 +02:00
Felix Fietkau
5a0975f7ef mt76: update to the latest version
ddd3c2f38b30 mt76: redefine mt76_for_each_q_rx to adapt mt7986 changes
7fa5229a4228 mt76: improve signal strength reporting
025a72cd2d24 mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU
8c765fd92d97 mt76: mt7615: introduce SAR support
799a15bb68f9 mt76: fix endianness errors in reverse_frag0_hdr_trans
c114919f0c08 mt76: mt7915: Fix channel state update error issue
93191a37e59a mt76: mt7915: fix potential memory leak of fw monitor packets
cde589b2efb7 mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts
6ef22f4dc4e4 mt76: mt7915: add support for MT7986
7f1818cd8f2d mt76: mt7915: introduce band_idx in mt7915_phy
1d57a0d506db mt76: mt7915: initialize smps mode in mt7915_mcu_sta_rate_ctrl_tlv()
1f2a4816a3de mt76: mt7615: fix compiler warning on frame size
d60f335e785b mt76: mt7915: fix endianness warnings in mt7915_debugfs_rx_fw_monitor
d0ab636cb61c mt76: mt7915: fix endianness warnings in mt7915_mac_tx_free()
9d9bd7b3c48c mt76: connac: adjust wlan_idx size from u8 to u16
be1091f1172d mt76: mt7615: Fix assigning negative values to unsigned variable
d4fc42889a30 mt76: mt7915: check band idx for bcc event
98ee3e2889ea mt76: mt7915: fix logic error and remove the unused member of mt7915_dev
bbbbafb67bac mt76: mt7915: fix compiler warning
abd80cf68db1 mt76: mt7915: fix the muru tlv issue
a050c14b5631 mt76: mt7915: use min_t() to make code cleaner
9fee8f3736eb mt76: mt7915e: Fix degraded performance after temporary overheat
f2e1a62cf0d0 mt76: mt7915e: Add a hwmon attribute to get the actual throttle state.
c67df0d3130a mt76: mt7915e: Enable thermal management by default

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-15 15:18:22 +01:00
Felix Fietkau
eae0dbf68c mac80211: fix traffic stalls on forwarded mesh packets due to wrong AC selection
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-15 15:17:01 +01:00
Daniel Golle
5205010a54
procd: simplify uxc init script
'uxc boot' is inteded to be called multiple times, so there is not need
to guard the first call on boot -- the actual code anyway didn't do
that, so just remove it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-13 23:31:27 +00:00
Hauke Mehrtens
8f5875c4e2 tcpdump: Fix CVE-2018-16301
This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-12 23:22:05 +01:00
Felix Fietkau
2fd208e272 mac80211: fix rekey failure in drivers with 802.3 decap offload
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-12 23:03:51 +01:00
Jo-Philipp Wich
0d1220acdf firewall4: update to latest Git HEAD
53caa1a fw4: resolve zone layer 2 devices for hw flow offloading
9fe58f5 fw4: rework and fix family inheritance logic
8795296 tests: mocklib: fix infinite recursion in wrapped print()
281b1bc tests: change mocked wan interface type to PPPoE
93b710d tests: mocklib: forward compatibility change
1a94915 fw4: only stage reflection rules if all required addrs are known
5c21714 fw4: add device iifname/oifname matches to DSCP and MARK rules
3eacc97 tests: adjust 01_ruleset test case to latest changes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-12 20:51:22 +01:00
Jo-Philipp Wich
4aea6d231b ucode: update to latest Git HEAD
a29bad9 compiler: fix patchlist corruption on switch statement syntax errors
86f0662 lib: change `ord()` to always return single byte value
116a8ce vallist: fix storing/retrieving short strings with 8bit byte value

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-12 20:51:22 +01:00
Felix Fietkau
8072bf3322 qosify: update to the latest version
e230e71e0a12 map: fix copy-paste error in codepoints map
580d2ccf89f3 bpf: declare tcp_ports/udp_ports without typedef
8d6c19a81f3f ubus: fix a use-after-free bug

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-10 21:08:09 +01:00
Jo-Philipp Wich
1847382456 ucode: update to latest Git HEAD
a317c17 compiler: fix incorrect loop break targets

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-08 23:46:21 +01:00
Leonardo Mörlein
5406684087 wireguard-tools: allow generating private_key
When the uci configuration is created automatically during a very early
stage, where no entropy daemon is set up, generating the key directly is
not an option. Therefore we allow to set the private_key to "generate"
and generate the private key directly before the interface is taken up.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
Tested-by: Jan-Niklas Burfeind <git@aiyionpri.me>
2022-02-08 12:52:14 +01:00
David Bauer
04ed224543 hostapd: refresh patches
Refresh patches after updating to hostapd v2.10.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-02-08 00:21:41 +01:00
David Bauer
adb8c09a83 hostapd: update to v2.10
Upstreamed patches:
020-mesh-make-forwarding-configurable.patch
e6db1bc5da3fd7d5f4dba24aa102543b4749912f
550-WNM-allow-specifying-dialog-token.patch
979f19716539362f8ce60a77bf1b88fdcf5ba8e5
720-ACS-fix-channel-100-frequency.patch
2341585c349231af00cdef8d51458df01bc6965f
741-proxyarp-fix-compilation-with-Hotspot-2.0-disabled.patch
08bdf4f90de61a84ed8f4dd918272dd9d36e2e1f

Compile-tested: wpad-wolfssl hostapd-openssl
Run-tested: ath79-generic

Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-08 00:21:27 +01:00
Jo-Philipp Wich
ae75541594 firewall4: update to latest Git HEAD
a0518b6 fw4: gracefully handle unsupported hardware offloading
ac99eba init: fix boot action in init script

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 23:36:06 +01:00
Felix Fietkau
46e0eeb760 hostapd: automatically calculate channel center freq on chan_switch
Simplifies switching to different channels when on >= VHT80

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-07 17:01:18 +01:00
Jo-Philipp Wich
07eccc29ab rpcd: update to latest Git HEAD
909f2a0 ucode: adjust to latest ucode api
4c532bf ucode: add ucode interpreter plugin
9c6ba38 treewide: adjust ubus object type names
75a96dc build: honour CMake install prefix in hardcoded paths

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:37 +01:00
Jo-Philipp Wich
881a059977 uhttpd: update to latest Git HEAD
2f8b136 main: fix leaking -p/-s argument values
881fd3b ucode: adjust to latest ucode api
8b2868e file: specify UTF-8 as charset for dirlists, add option to override
3a5bd84 main: add ucode options to help text
16aa142 examples: add ucode handler example
3ceccd0 ucode: add ucode plugin support
f0f1406 examples: add example Lua handler script
9e87095 listen: avoid invalid memory access

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Jo-Philipp Wich
2dd6777f15 firewall4: update to latest Git HEAD
b54f462 fw4: parse traffic rules before forwarding rules
4d5af8b fw4: consolidate helper code
300c737 fw4: fix applying zone family restrictions to forwardings
eb9c25a tests: implement fs.opendir() mock interface
d30ff48 tests: fix mocked fs.popen() trace log
52831a0 fw4: improve flowtable handling
7cb10c8 fw4: disable "flow_offloading_hw" option for now
b2241a1 fw4: fix enabling NAT reflection rules for DNATs without explicit family

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Jo-Philipp Wich
134c88c689 ucode: update to latest Git HEAD
11adf0c source: convert source objects into proper uc_value_t type
3a49192 treewide: rework function memory model
7edad5c tests: add functional tests for builtin functions
d5003fd lib: fix leaking tokener in uc_json() on parse exception
5d0ecd9 lib: fix infinite loop on empty regexp matches in uc_replace()
3ad57f1 lib: fix infinite loop on empty regexp matches in uc_match()
32d596d lib: fix infinite loop on empty regexp matches in uc_split()
3e3f38d vm: ensure consistent trace output between gcc and clang compiled ucode
3600ded vm: fix leaking function value on call exception
3059295 vm: NULL-initialize pointer to make cppcheck happy
98e59bf source: zero-initialize conversion union to make cppcheck happy
7a65c14 run_tests.sh: change workdir to testcase directory during execution
afec8d7 run_tests.sh: support placing supplemental testcase files
3ada6e0 run_tests.sh: always treat outputs as text data
2cb627f program: rename bytecode load/write functions, track path of executed file
1094ffa lib: fix memory leak in uc_require_ucode()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Jo-Philipp Wich
3b1692c463 netifd: update to latest Git HEAD
fd4c9e1 system-linux: expose hw-tc-offload ethtool feature in device status dump
3d76f2e system-linux: add wrapper function for creating link config messages
88af2f1 system-linux: delete bridge devices using netlink
85c3548 system-linux: create bridge devices using netlink

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Raymond Wang
3343ca7e68 ramips: add support for Xiaomi Mi Router CR660x series
Xiaomi Mi Router CR6606 is a Wi-Fi6 AX1800 Router with 4 GbE Ports.
Alongside the general model, it has three carrier customized models:
CR6606 (China Unicom), CR6608 (China Mobile), CR6609 (China Telecom)

Specifications:
- SoC: MediaTek MT7621AT
- RAM: 256MB DDR3 (ESMT M15T2G16128A)
- Flash: 128MB NAND (ESMT F59L1G81MB)
- Ethernet: 1000Base-T x4 (MT7530 SoC)
- WLAN: 2x2 2.4GHz 574Mbps + 2x2 5GHz 1201Mbps (MT7905DAN + MT7975DN)
- LEDs: System (Blue, Yellow), Internet (Blue, Yellow)
- Buttons: Reset, WPS
- UART: through-hole on PCB ([VCC 3.3v](RX)(GND)(TX) 115200, 8n1)
- Power: 12VDC, 1A

Jailbreak Notes:
1. Get shell access.
   1.1. Get yourself a wireless router that runs OpenWrt already.
   1.2. On the OpenWrt router:
      1.2.1. Access its console.
      1.2.2. Create and edit
             /usr/lib/lua/luci/controller/admin/xqsystem.lua
             with the following code (exclude backquotes and line no.):
```
     1  module("luci.controller.admin.xqsystem", package.seeall)
     2
     3  function index()
     4      local page   = node("api")
     5      page.target  = firstchild()
     6      page.title   = ("")
     7      page.order   = 100
     8      page.index = true
     9      page   = node("api","xqsystem")
    10      page.target  = firstchild()
    11      page.title   = ("")
    12      page.order   = 100
    13      page.index = true
    14      entry({"api", "xqsystem", "token"}, call("getToken"), (""),
103, 0x08)
    15  end
    16
    17  local LuciHttp = require("luci.http")
    18
    19  function getToken()
    20      local result = {}
    21      result["code"] = 0
    22      result["token"] = "; nvram set ssh_en=1; nvram commit; sed -i
's/channel=.*/channel=\"debug\"/g' /etc/init.d/dropbear; /etc/init.d/drop
bear start;"
    23      LuciHttp.write_json(result)
    24  end
```
      1.2.3. Browse http://{OWRT_ADDR}/cgi-bin/luci/api/xqsystem/token
             It should give you a respond like this:
             {"code":0,"token":"; nvram set ssh_en=1; nvram commit; ..."}
             If so, continue; Otherwise, check the file, reboot the rout-
             er, try again.
      1.2.4. Set wireless network interface's IP to 169.254.31.1, turn
             off DHCP of wireless interface's zone.
      1.2.5. Connect to the router wirelessly, manually set your access
             device's IP to 169.254.31.3, make sure
             http://169.254.31.1/cgi-bin/luci/api/xqsystem/token
             still have a similar result as 1.2.3 shows.
   1.3. On the Xiaomi CR660x:
        1.3.1. Login to the web interface. Your would be directed to a
               page with URL like this:
               http://{ROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/web/home#r-
               outer
        1.3.2. Browse this URL with {STOK} from 1.3.1, {WIFI_NAME}
               {PASSWORD} be your OpenWrt router's SSID and password:
               http://{MIROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/api/misy-
               stem/extendwifi_connect?ssid={WIFI_NAME}&password={PASSWO-
               RD}
               It should return 0.
        1.3.3. Browse this URL with {STOK} from 1.3.1:
               http://{MIROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/api/xqsy-
               stem/oneclick_get_remote_token?username=xxx&password=xxx&-
               nonce=xxx
   1.4. Before rebooting, you can now access your CR660x via SSH.
        For CR6606, you can calculate your root password by this project:
        https://github.com/wfjsw/xiaoqiang-root-password, or at
        https://www.oxygen7.cn/miwifi.
        The root password for carrier-specific models should be the admi-
        nistration password or the default login password on the label.
        It is also feasible to change the root password at the same time
        by modifying the script from step 1.2.2.
        You can treat OpenWrt Router however you like from this point as
        long as you don't mind go through this again if you have to expl-
        oit it again. If you do have to and left your OpenWrt router unt-
        ouched, start from 1.3.
2. There's no official binary firmware available, and if you lose the
   content of your flash, no one except Xiaomi can help you.
   Dump these partitions in case you need them:
   "Bootloader" "Nvram" "Bdata" "crash" "crash_log"
   "firmware" "firmware1" "overlay" "obr"
   Find the corespond block device from /proc/mtd
   Read from read-only block device to avoid misoperation.
   It's recommended to use /tmp/syslogbackup/ as destination, since files
   would be available at http://{ROUTER_ADDR}/backup/log/YOUR_DUMP
   Keep an eye on memory usage though.
3. Since UART access is locked ootb, you should get UART access by modify
   uboot env. Otherwise, your router may become bricked.
   Excute these in stock firmware shell:
    a. nvram set boot_wait=on
    b. nvram set bootdelay=3
    c. nvram commit
   Or in OpenWrt:
    a. opkg update && opkg install kmod-mtd-rw
    b. insmod mtd-rw i_want_a_brick=1
    c. fw_setenv boot_wait on
    d. fw_setenv bootdelay 3
    e. rmmod mtd-rw

Migrate to OpenWrt:
 1. Transfer squashfs-firmware.bin to the router.
 2. nvram set flag_try_sys1_failed=0
 3. nvram set flag_try_sys2_failed=1
 4. nvram commit
 5. mtd -r write /path/to/image/squashfs-firmware.bin firmware

Additional Info:
 1. CR660x series routers has a different nand layout compared to other
    Xiaomi nand devices.
 2. This router has a relatively fresh uboot (2018.09) compared to other
    Xiaomi devices, and it is capable of booting fit image firmware.
    Unfortunately, no successful attempt of booting OpenWrt fit image
    were made so far. The cause is still yet to be known. For now, we use
    legacy image instead.

Signed-off-by: Raymond Wang <infiwang@pm.me>
2022-02-07 00:03:27 +01:00
Wenli Looi
c32008a37b ath79: add partial support for Netgear EX7300v2
Hardware
--------
SoC: QCN5502
Flash: 16 MiB
RAM: 128 MiB
Ethernet: 1 gigabit port
Wireless No1: QCN5502 on-chip 2.4GHz 4x4
Wireless No2: QCA9984 pcie 5GHz 4x4
USB: none

Installation
------------
Flash the factory image using the stock web interface or TFTP the
factory image to the bootloader.

What works
----------
- LEDs
- Ethernet port
- 5GHz wifi (QCA9984 pcie)

What doesn't work
-----------------
- 2.4GHz wifi (QCN5502 on-chip)
  (I was not able to make this work, probably because ath9k requires
  some changes to support QCN5502.)

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2022-02-07 00:03:27 +01:00
Rosen Penev
7994461a5a base-files: replace fgrep with grep -F
fgrep is deprecated and replaced by grep -F. The latter is used
throughout the tree whereas this is the only usage of the former.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-06 23:09:15 +01:00
Ansuel Smith
4d904524ef kernel: bpf-headers: fix build error when testing kernel is used
Now that we have separate files for each kernel version,
only the version/hash for the target kernel are available.
This cause a missing hash error (and wrong kernel version) for
bpf-headers when a testing kernel version is used for the current target.

Fix this error by manually including the kernel version/hash file for the
specific kernel version requested.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2022-02-06 12:43:57 +01:00
Stijn Tintel
2c929f8105 util-linux: package ipcs command
Add a package for util-linux' ipcs command, to show information about
System V inter-process communication facilities.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-05 17:48:56 +02:00
Lech Perczak
8c78a13bfc ath79: support ZTE MF286
ZTE MF286 is an indoor LTE category 6 CPE router with simultaneous
dual-band 802.11ac plus 802.11n Wi-Fi radios and quad-port gigabit
Ethernet switch, FXS and external USB 2.0 port.

Hardware highlights:
- CPU: QCA9563 SoC at 775MHz,
- RAM: 128MB DDR2,
- NOR Flash: MX25L1606E 2MB SPI Flash, for U-boot only,
- NAND Flash: GD5F1G04UBYIG 128MB SPI NAND-Flash, for all other data,
- Wi-Fi 5GHz: QCA9882 2x2 MIMO 802.11ac radio,
- WI-Fi 2.4GHz: QCA9563 3x3 MIMO 802.11n radio,
- Switch: QCA8337v2 4-port gigabit Ethernet, with single SGMII CPU port,
- WWAN: MDM9230-based category 6 internal LTE modem in extended
  mini-PCIE form factor, with 3 internal antennas and 2 external antenna
  connections, single mini-SIM slot. Modem model identified as MF270,
- FXS: one external ATA port (handled entirely by modem part) with two
  physical connections in parallel,
- USB: Single external USB 2.0 port,
- Switches: power switch, WPS, Wi-Fi and reset buttons,
- LEDs: Wi-Fi, Test (internal). Rest of LEDs (Phone, WWAN, Battery,
  Signal state) handled entirely by modem. 4 link status LEDs handled by
  the switch on the backside.
- Battery: 3Ah 1-cell Li-Ion replaceable battery, with charging and
  monitoring handled by modem.
- Label MAC device: eth0

Console connection: connector X2 is the console port, with the following
pinout, starting from pin 1, which is the topmost pin when the board is
upright:
- VCC (3.3V). Do not use unless you need to source power for the
  converer from it.
- TX
- RX
- GND
Default port configuration in U-boot as well as in stock firmware is
115200-8-N-1.

Installation:
Due to different flash layout from stock firmware, sysupgrade from
within stock firmware is impossible, despite it's based on QSDK which
itself is based on OpenWrt.

STEP 0: Stock firmware update:
As installing OpenWrt cuts you off from official firmware updates for
the modem part, it is recommended to update the stock firmware to latest
version before installation, to have built-in modem at the latest firmware
version.

STEP 1: gaining root shell:

Method 1:
This works if busybox has telnetd compiled in the binary.
If this does not work, try method 2.

Using well-known exploit to start telnetd on your router - works
only if Busybox on stock firmware has telnetd included:
- Open stock firmware web interface
- Navigate to "URL filtering" section by going to "Advanced settings",
  then "Firewall" and finally "URL filter".
- Add an entry ending with "&&telnetd&&", for example
  "http://hostname/&&telnetd&&".
- telnetd will immediately listen on port 4719.
- After connecting to telnetd use "admin/admin" as credentials.

Method 2:
This works if busybox does not have telnetd compiled in. Notably, this
is the case in DNA.fi firmware.
If this does not work, try method 3.

- Set IP of your computer to 192.168.1.22.
- Have a TFTP server running at that address
- Download MIPS build of busybox including telnetd, for example from:
  https://busybox.net/downloads/binaries/1.21.1/busybox-mips
  and put it in it's root directory. Rename it as "telnetd".
- As previously, login to router's web UI and navigate to "URL
  filtering"
- Using "Inspect" feature, extend "maxlength" property of the input
  field named "addURLFilter", so it looks like this:
  <input type="text" name="addURLFilter" id="addURLFilter" maxlength="332"
    class="required form-control">
- Stay on the page - do not navigate anywhere
- Enter "http://aa&zte_debug.sh 192.168.1.22 telnetd" as a filter.
- Save the settings. This will download the telnetd binary over tftp and
  execute it. You should be able to log in at port 23, using
  "admin/admin" as credentials.

Method 3:
If the above doesn't work, use the serial console - it exposes root shell
directly without need for login. Some stock firmwares, notably one from
finnish DNA operator lack telnetd in their builds.

STEP 2: Backing up original software:
As the stock firmware may be customized by the carrier and is not
officially available in the Internet, IT IS IMPERATIVE to back up the
stock firmware, if you ever plan to returning to stock firmware.

Method 1: after booting OpenWrt initramfs image via TFTP:
PLEASE NOTE: YOU CANNOT DO THIS IF USING INTERMEDIATE FIRMWARE FOR INSTALLATION.
- Dump stock firmware located on stock kernel and ubi partitions:

  ssh root@192.168.1.1: cat /dev/mtd4 > mtd4_kernel.bin
  ssh root@192.168.1.1: cat /dev/mtd8 > mtd8_ubi.bin

And keep them in a safe place, should a restore be needed in future.

Method 2: using stock firmware:
- Connect an external USB drive formatted with FAT or ext4 to the USB
  port.
- The drive will be auto-mounted to /var/usb_disk
- Check the flash layout of the device:

  cat /proc/mtd

  It should show the following:
  mtd0: 00080000 00010000 "uboot"
  mtd1: 00020000 00010000 "uboot-env"
  mtd2: 00140000 00020000 "fota-flag"
  mtd3: 00140000 00020000 "caldata"
  mtd4: 00140000 00020000 "mac"
  mtd5: 00600000 00020000 "cfg-param"
  mtd6: 00140000 00020000 "oops"
  mtd7: 00800000 00020000 "web"
  mtd8: 00300000 00020000 "kernel"
  mtd9: 01f00000 00020000 "rootfs"
  mtd10: 01900000 00020000 "data"
  mtd11: 03200000 00020000 "fota"

  Differences might indicate that this is NOT a vanilla MF286 device but
  one of its later derivatives.
- Copy over all MTD partitions, for example by executing the following:

  for i in 0 1 2 3 4 5 6 7 8 9 10 11; do cat /dev/mtd$i > \
  /var/usb_disk/mtd$i; done

- If the count of MTD partitions is different, this might indicate that
  this is not a standard MF286 device, but one of its later derivatives.
- (optionally) rename the files according to MTD partition names from
  /proc/mtd
- Unmount the filesystem:

  umount /var/usb_disk; sync

  and then remove the drive.
- Store the files in safe place if you ever plan to return to stock
  firmware. This is especially important, because stock firmware for
  this device is not available officially, and is usually customized by
  the mobile providers.

STEP 3: Booting initramfs image:

Method 1: using serial console (RECOMMENDED):
- Have TFTP server running, exposing the OpenWrt initramfs image, and
  set your computer's IP address as 192.168.1.22. This is the default
  expected by U-boot. You may wish to change that, and alter later
  commands accordingly.
- Connect the serial console if you haven't done so already,
- Interrupt boot sequence by pressing any key in U-boot when prompted
- Use the following commands to boot OpenWrt initramfs through TFTP:

  setenv serverip 192.168.1.22
  setenv ipaddr 192.168.1.1
  tftpboot 0x81000000 openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin
  bootm 0x81000000

  (Replace server IP and router IP as needed). There is no  emergency
  TFTP boot sequence triggered by buttons, contrary to MF283+.
- When OpenWrt initramfs finishes booting, proceed to actual
  installation.

Method 2: using initramfs image as temporary boot kernel
This exploits the fact, that kernel and rootfs MTD devices are
consecutive on NAND flash, so from within stock image, an initramfs can
be written to this area and booted by U-boot on next reboot, because it
uses "nboot" command which isn't limited by kernel partition size.
- Download the initramfs-kernel.bin image
- Split the image into two parts on 3MB partition size boundary, which
  is the size of kernel partition. Pad the output of second file to
  eraseblock size:

  dd if=openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin \
  bs=128k count=24 \
  of=openwrt-ath79-zte_mf286-intermediate-kernel.bin

  dd if=openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin \
  bs=128k skip=24 conv=sync \
  of=openwrt-ath79-zte_mf286-intermediate-rootfs.bin

- Copy over /usr/bin/flash_eraseall and /usr/bin/nandwrite utilities to
  /tmp. This is CRITICAL for installation, as erasing rootfs will cut
  you off from those tools on flash!

- After backing up the previous MTD contents, write the images to the
  respective MTD devices:

  /tmp/flash_eraseall /dev/<kernel-mtd>

  /tmp/nandwrite /dev/<kernel-mtd> \
  /var/usb_disk/openwrt-ath79-zte_mf286-intermediate-kernel.bin

  /tmp/flash_eraseall /dev/<kernel-mtd>

  /tmp/nandwrite /dev/<rootfs-mtd> \
  /var/usb_disk/openwrt-ath79-zte_mf286-intermediate-rootfs.bin

- Ensure that no bad blocks were present on the devices while writing.
  If they were present, you may need to vary the split  between
  kernel and rootfs parts, so U-boot reads a valid uImage after skipping
  the bad blocks. If it fails, you will be left with method 3 (below).
- If write is OK, reboot the device, it will reboot to OpenWrt
  initramfs:

  reboot -f

- After rebooting, SSH into the device and use sysupgrade to perform
  proper installation.

Method 3: using built-in TFTP recovery (LAST RESORT):
- With that method, ensure you have complete backup of system's NAND
  flash first. It involves deliberately erasing the kernel.
- Download "-initramfs-kernel.bin" image for the device.
- Prepare the recovery image by prepending 8MB of zeroes to the image,
  and name it root_uImage:

  dd if=/dev/zero of=padding.bin bs=8M count=1

  cat padding.bin openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin >
  root_uImage

- Set up a TFTP server at 192.0.0.1/8. Router will use random address
  from that range.
- Put the previously generated "root_uImage" into TFTP server root
  directory.
- Deliberately erase "kernel" partition" using stock firmware after
  taking backup. THIS IS POINT OF NO RETURN.
- Restart the device. U-boot will attempt flashing the recovery
  initramfs image, which will let you perform actual installation using
  sysupgrade. This might take a considerable time, sometimes the router
  doesn't establish Ethernet link properly right after booting. Be
  patient.
- After U-boot finishes flashing, the LEDs of switch ports will all
  light up. At this moment, perform power-on reset, and wait for OpenWrt
  initramfs to finish booting. Then proceed to actual installation.

STEP 4: Actual installation:
- scp the sysupgrade image to the device:

  scp openwrt-ath79-nand-zte_mf286-squashfs-sysupgrade.bin \
  root@192.168.1.1:/tmp/

- ssh into the device and execute sysupgrade:

  sysupgrade -n /tmp/openwrt-ath79-nand-zte_mf286-squashfs-sysupgrade.bin

- Wait for router to reboot to full OpenWrt.

STEP 5: WAN connection establishment
Since the router is equipped with LTE modem as its main WAN interface, it
might be useful to connect to the Internet right away after
installation. To do so, please put the following entries in
/etc/config/network, replacing the specific configuration entries with
one needed for your ISP:

config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option auth '<auth>' # As required, usually 'none'
        option pincode '<pin>' # If required by SIM
        option apn '<apn>' # As required by ISP
        option pdptype '<pdp>' # Typically 'ipv4', or 'ipv4v6' or 'ipv6'

For example, the following works for most polish ISPs
config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option auth 'none'
        option apn 'internet'
        option pdptype 'ipv4'

If you have build with LuCI, installing luci-proto-qmi helps with this
task.

Restoring the stock firmware:

Preparation:
If you took your backup using stock firmware, you will need to
reassemble the partitions into images to be restored onto the flash. The
layout might differ from ISP to ISP, this example is based on generic stock
firmware.
The only partitions you really care about are "web", "kernel", and
"rootfs". For easy padding and possibly restoring configuration, you can
concatenate most of them into images written into "ubi" meta-partition
in OpenWrt. To do so, execute something like:

cat mtd5_cfg-param.bin mtd6-oops.bin mtd7-web.bin mtd9-rootfs.bin > \
mtd8-ubi_restore.bin

You can skip the "fota" partition altogether,
it is used only for stock firmware update purposes and can be overwritten
safely anyway. The same is true for "data" partition which on my device
was found to be unused at all. Restoring mtd5_cfg-param.bin will restore
the stock firmware configuration you had before.

Method 1: Using initramfs:
- Boot to initramfs as in step 3:
- Completely detach ubi0 partition using ubidetach /dev/ubi0_0
- Look up the kernel and ubi partitions in /proc/mtd
- Copy over the stock kernel image using scp to /tmp
- Erase kernel and restore stock kernel:
  (scp mtd4_kernel.bin root@192.168.1.1:/tmp/)
  mtd write <kernel_mtd> mtd4_kernel.bin
  rm mtd4_kernel.bin
- Copy over the stock partition backups one-by-one using scp to /tmp, and
  restore them individually. Otherwise you might run out of space in
  tmpfs:

  (scp mtd3_ubiconcat0.bin root@192.168.1.1:/tmp/)

  mtd write <ubiconcat0_mtd> mtd3_ubiconcat0.bin
  rm mtd3_ubiconcat0.bin

  (scp mtd5_ubiconcat1.bin root@192.168.1.1:/tmp/)

  mtd write <ubiconcat1_mtd> mtd5_ubiconcat1.bin
  rm mtd5_ubiconcat1.bin

- If the write was correct, force a device reboot with

  reboot -f

Method 2: Using live OpenWrt system (NOT RECOMMENDED):
- Prepare a USB flash drive contatining MTD backup files
- Ensure you have kmod-usb-storage and filesystem driver installed for
  your drive
- Mount your flash drive

  mkdir /tmp/usb

  mount /dev/sda1 /tmp/usb

- Remount your UBI volume at /overlay to R/O

  mount -o remount,ro /overlay

- Write back the kernel and ubi partitions from USB drive

  cd /tmp/usb
  mtd write mtd4_kernel.bin /dev/<kernel_mtd>

  mtd write mtd8_ubi.bin /dev/<kernel_ubi>

- If everything went well, force a device reboot with
  reboot -f

Last image may be truncated a bit due to lack of space in RAM, but this will happen over "fota"
MTD partition which may be safely erased after reboot anyway.

Method 3: using built-in TFTP recovery (LAST RESORT):
- Assemble a recovery rootfs image from backup of stock partitions by
  concatenating "web", "kernel", "rootfs" images dumped from the device,
  as "root_uImage"
- Use it in place of "root_uImage" recovery initramfs image as in the
  TFTP pre-installation method.

Quirks and known issues
- Kernel partition size is increased to 4MB compared to stock 3MB, to
  accomodate future kernel updates - at this moment OpenWrt 5.10 kernel
  image is at 2.5MB which is dangerously close to the limit. This has no
  effect on booting the system - but keep that in mind when reassembling
  an image to restore stock firmware.
- uqmi seems to be unable to change APN manually, so please use the one
  you used before in stock firmware first. If you need to change it,
  please use protocok '3g' to establish connection once, or use the
  following command to change APN (and optionally IP type) manually:
  echo -ne 'AT+CGDCONT=1,"IP","<apn>' > /dev/ttyUSB0
- The only usable LED as a "system LED" is the green debug LED hidden
  inside the case. All other LEDs are controlled by modem, on which the
  router part has some influence only on Wi-Fi LED.
- Wi-Fi LED currently doesn't work while under OpenWrt, despite having
  correct GPIO mapping. All other LEDs are controlled by modem,
  including this one in stock firmware. GPIO19, mapped there only acts
  as a gate, while the actual signal source seems to be 5GHz Wi-Fi
  radio, however it seems it is not the LED exposed by ath10k as
  ath10k-phy0.
- GPIO5 used for modem reset is a suicide switch, causing a hardware
  reset of whole board, not only the modem. It is attached to
  gpio-restart driver, to restart the modem on reboot as well, to ensure
  QMI connectivity after reboot, which tends to fail otherwise.
- Modem, as in MF283+, exposes root shell over ADB - while not needed
  for OpenWrt operation at all - have fun lurking around.
- MAC address shift for 5GHz Wi-Fi used in stock firmware is
  0x320000000000, which is impossible to encode in the device tree, so I
  took the liberty of using MAC address increment of 1 for it, to ensure
  different BSSID for both Wi-Fi interfaces.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-02-05 12:14:08 +01:00
Pawel Dembicki
a91ab8bc05 ipq40xx: add support for ZTE MF286D
ZTE MF286D is a LTE router with four gigabit ethernet ports
and integrated QMI mPCIE modem.

Hardware specification:

  - CPU: IPQ4019
  - RAM: 256MB
  - Flash: NAND 128MB + NOR 2MB
  - WLAN1:  Qualcomm Atheros QCA4019 2.4GHz 802.11bgn 2x2:2
  - WLAN2:  Qualcomm Atheros QCA4019 5GHz 802.11anac 2x2:2
  - LTE: mPCIe cat 12 card (Modem chipset MDM9250)
  - LAN: 4 Gigabit Ports
  - USB: 1x USB2.0 (regular port). 1x USB3.0 (mpcie - used by the modem)
  - Serial console: X8 connector 115200 8n1

Known issues:

  - Many LEDs are driven by the modem. Only internal LEDs and wifi LEDs
    are driven by cpu.
  - Wifi LED is triggered by phy0tpt only
  - No VoIP support
  - LAN1/WAN port is configured as WAN
  - ZTE gives only one MAC per device. Use +1/+2/+3 increment for WAN
    and WLAN0/1

Opening the case:

1. Take of battery lid (no battery support for this model, battery cage
   is dummy).
2. Unscrew screw placed behind battery lid.
3. Take off back cover. It attached with multiple plastic clamps.
4. Unscrew four more screws hidden behind back case.
5. Remove front panel from blue chassis. There are more plastic
   clamps.
6. Unscrew two boards, which secures the PCB in the chassis.
7. Extract board from blue chassis.

Console connection (X8 connector):

1. Parameters: 115200 8N1
2. Pin description: (from closest pin to X8 descriptor to farthest)
    - VCC (3.3V)
    - TX
    - RX
    - GND

Install Instructions:

Serial + initramfs:
1. Place OpenWrt initramfs image for the device on a TFTP in
   the server's root. This example uses Server IP: 192.168.1.3
2. Connect serial console (115200,8n1) to X8 connector.
3. Connect TFTP server to RJ-45 port.
4. Stop in u-Boot and run u-Boot commands:
	setenv serverip 192.168.1.3
	setenv ipaddr 192.168.1.72
	set fdt_high 0x85000000
	tftp openwrt-ipq40xx-generic-zte_mf286d-initramfs-fit-zImage.itb
	bootm $loadaddr
5. Please make backup of original partitions, if you think about revert
   to stock.
6. Login via ssh or serial and remove stock partitions:
	ubiattach -m 9
	ubirmvol /dev/ubi0 -N ubi_rootfs
	ubirmvol /dev/ubi0 -N ubi_rootfs_data
7. Install image via "sysupgrade -n".

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cosmetic changes to the commit message)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-05 00:44:35 +01:00
Christian Lamparter
c2630ac910 linux-firmware: qca99x0 update package
Kalle Valo ath10k-firmware repository no longer provides the
legacy board.bin files for the qca99x0 chips. Instead he
copied over the codeaurora version and add more board files.

In the future, this board-2.bin should find its way to
linux-firmware.git, which would allow us to remove the
extra download code completely.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-05 00:44:35 +01:00
Christian Lamparter
fcd5fd49c5 kernel: usb: remove left-over LINUX_5_10 dependency symbol
this should have been removed together with linux 5.4 APM821XX
support. Currently, this didn't hurt or broke something. But it
will in the next stable kernel release.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-04 21:13:15 +01:00
Felix Fietkau
8c1d5129ee bpf-headers: fix build error from within the SDK
The SDK does not ship the generic platform files. Use relative path for
GENERIC_PLATFORM_DIR to make it work. This points it at the files from
the feed directory instead of the base SDK path

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-04 12:51:48 +01:00
Sven Eckelmann
8a8b7b4234 om-watchdog: Drop unused package
All devices which used this package migrated to the kernel GPIO-line
watchdog driver and configure it over their DT.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2022-02-03 22:27:15 +01:00
Josef Schlehofer
d16bd89c71 uboot-mvebu: backport two patches for Marvell A38x
This solves issue with DDR training on Turris Omnia.

Log:
********   DRAM initialization Failed (res 0x1)   ********
DDR3 Training Sequence - FAILED
ERROR ### Please RESET the board ###

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-02-03 21:24:26 +01:00
Josef Schlehofer
5c804bc199 uboot-mvebu: Add U-boot for Turris Omnia
* Add U-boot support for Turris Omnia

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-02-03 21:24:26 +01:00
Josef Schlehofer
782d4c8306 uboot-mvebu: update to version 2022.01
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Tested-by: Andre Heider <a.heider@gmail.com> # ESPRESSObin
2022-02-03 21:24:26 +01:00
Felix Fietkau
e045e40671 mt76: update to the latest version
833b9d7fcf7f mt76: allow drivers to drop rx packets early
f703084f31cb mt76: mt7915: process txfree and txstatus without allocating skbs
047b9a9e78b3 mt76: mt7615: in debugfs queue stats, skip wmm index 3 on mt7663
fea36e02075c mt76: only kick tx queue if frames were queued
8381e54ebfb5 linux-firmware: update firmware for MT7921 WiFi device
d57dadb8c861 Revert "mt76: only kick tx queue if frames were queued"
3a21d6e2153b mt76: mt7663: disable 4addr capability
f1d66cf7a6c5 mt76: connac: fix possible NULL pointer dereference in mt76_connac_get_phy_mode_v2
c9a4146404d4 sync with upstream
4ed8c910b94e mt76: mt7921: fix possible resume failure
bf105aa6cd2f mt76: mt7921: fix network buffer leak by txs missing
e2b454b6fb30 mt76: connac: introduce MCU_EXT macros
5a87f5497c9b mt76: connac: align MCU_EXT definitions with 7915 driver
720ddc32507d mt76: connac: remove MCU_FW_PREFIX bit
da5128a59eda mt76: connac: introduce MCU_UNI_CMD macro
116109bee7cb mt76: connac: introduce MCU_CE_CMD macro
f96fbdf038d5 mt76: connac: rely on MCU_CMD macro
922f0d408413 mt76: mt7915: rely on mt76_connac definitions
b4ae1da1d1e0 mt76: mt7921: reduce log severity levels for informative messages
db105a722b87 mt76: mt7921s: make pm->suspended usage consistent
e2cc063238c0 mt76: mt7921s: fix suspend error with enlarging mcu timeout value
812b73f2f1e0 mt76: mt7915: introduce mt76_vif in mt7915_vif
b041a8a30055 mt76: mt7915: add mu-mimo and ofdma debugfs knobs
b851a3e7839d mt76: mt7921: remove dead definitions
266c7a9f2994 mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv
19cc7d83190c mt76: mt7921: clear pm->suspended in mt7921_mac_reset_work
928c4550e413 mt76: mt7921s: make pm->suspended usage consistent [update]
8d6c68a7d0d1 mt76: mt7921: fix possible resume failure [update]
26fb105e538c mt76: mt7921s: fix cmd timeout in throughput test
9db482264389 mt76: mt7921: fix build regression
3edb87cdf138 mt7915: formatting change to sync with upstream
5cad38ba247d mt76: mt7915: add mt7915_mmio_probe() as a common probing function
15f9f88b362a mt76: mt7915: refine register definition
de49cf43ef34 mt76: add MT_RXQ_MAIN_WA for mt7916
6032c35f1306 mt76: mt7915: rework dma.c to adapt mt7916 changes
074d7c5381ed mt76: mt7915: add firmware support for mt7916
27b3253318e7 mt76: mt7915: rework eeprom.c to adapt mt7916 changes
030540246088 mt76: mt7915: enlarge wcid size to 544
400129c69f91 mt76: mt7915: add txfree event v3
cbbb3f65fcd0 mt76: mt7915: update rx rate reporting for mt7916
eb51c4deef0e mt76: mt7915: update mt7915_chan_mib_offs for mt7916
fb4709222028 mt76: mt7915: add mt7916 calibrated data support
e758feeaf1d6 mt76: mt7915: add device id for mt7916
115ea27a5cab mt76: connac: fix sta_rec_wtbl tag len
b3f922266685 mt76: mt7915: rely on mt76_connac_mcu_alloc_sta_req
bac5eda1f5b2 mt76: mt7915: rely on mt76_connac_mcu_alloc_wtbl_req
b44485d5c8ac mt76: mt7915: rely on mt76_connac_mcu_add_tlv routine
9cc58e254d53 mt76: connac: move mt76_connac_mcu_get_cipher in common code
60dcd9f09ff6 mt76: connac: move mt76_connac_chan_bw in common code
a8d0b7d0cc60 mt76: mt7915: rely on mt76_connac_get_phy utilities
4441db30c1c1 mt76: connac: move mt76_connac_mcu_add_key in connac module
794b6f18d0fb mt76: mt7915: fix code defect
9d2a01b6cb60 mt76: set wlan_idx_hi on mt7916
2c89977b32c2 mt76: mt7915: fix kernel build warning
6c4874839830 mt76: make mt76_sar_capa static
215fdcc7ca6c mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode
bc254718b40e mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv
22fcff5ff21a mt76: sdio: lock sdio when it is needed
4669882aa595 mt76: mt7921s: clear MT76_STATE_MCU_RUNNING immediately after reset
944545855e0f mt76: mt7921s: update mt7921s_wfsys_reset sequence
854c8d076a34 mt76: mt7915: move pci specific code back to pci.c
a77da27796f2 mt76: mt7915: fix warning: variable 'base' is used uninitialized
7b5e69961c71 mt76: mt7915: fix warning: variable 'flags' set but not used
b5138e7b89f9 mt76: mt7921: fix a possible race enabling/disabling runtime-pm
af218fbe2500 linux-firmware: update firmware for MT7921 WiFi device
31c19c467950 mt76: mt7915: remove duplicated defs in mcu.h
9198eca1b16f mt76: connac: move mt76_connac_mcu_bss_omac_tlv in connac module
829d87a93a51 mt76: connac: move mt76_connac_mcu_bss_ext_tlv in connac module
50956cf17901 mt76: connac: move mt76_connac_mcu_bss_basic_tlv in connac module
bda40f4e1d5e mt76: mt7915: rely on mt76_connac_mcu_sta_ba_tlv
4728939c1d48 mt76: mt7915: rely on mt76_connac_mcu_wtbl_ba_tlv
e3ae1828068b mt76: mt7915: rely on mt76_connac_mcu_sta_ba
d9e9989eca07 mt76: mt7915: rely on mt76_connac_mcu_wtbl_generic_tlv
168713595fff mt76: mt7915: rely on mt76_connac_mcu_sta_basic_tlv
60394d3e3504 mt76: mt7915: rely on mt76_connac_mcu_sta_uapsd
3a79454d078d mt76: mt7915: rely on mt76_connac_mcu_wtbl_smps_tlv
9ae9aa6c1aea mt76: mt7915: rely on mt76_connac_mcu_wtbl_ht_tlv
fd8cdfab91e4 mt76: mt7915: rely on mt76_connac_mcu_wtbl_hdr_trans_tlv
a92024c5a5b5 mt76: connac: move mt76_connac_mcu_wtbl_update_hdr_trans in connac module
6dc585a3a274 mt76: connac: introduce is_connac_v1 utility routine
0f29d2aa5a72 mt76: connac: move mt76_connac_mcu_set_pm in connac module
dcf408ff8a5e mt76: mt7921: get rid of mt7921_mcu_get_eeprom
77b2a8601fc1 mt76: mt7915: rely on mt76_connac_mcu_start_firmware
65f78dee243a mt76: connac: move mt76_connac_mcu_restart in common module
5adf5b14040b mt76: mt7915: rely on mt76_connac_mcu_patch_sem_ctrl/mt76_connac_mcu_start_patch
69bf1dabe78f mt76: mt7915: rely on mt76_connac_mcu_init_download
951b1ddd370e mt76: connac: move mt76_connac_mcu_gen_dl_mode in mt76-connac module
0826b3992238 mt76: mt7915: rely on mt76_connac_mcu_set_rts_thresh
058de6d36fa9 mt76: connac: move mt76_connac_mcu_rdd_cmd in mt76-connac module
aafda86aed2b mt76: mt7921e: make dev->fw_assert usage consistent
def12bef91a3 mt76: mt7921: forbid the doze mode when coredump is in progress
009414d27d37 mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error
3c5856eca223 mt76: mt7921: set EDCA parameters with the MCU CE command
01a3d73b452e mt76: mt7615: fix a possible race enabling/disabling runtime-pm
123ed864d1ae mt76: mt7921e: process txfree and txstatus without allocating skbs
018f98abba68 mt76: connac: add support for passing the cipher field in bss_info
288e7443e35c mt76: mt7615: update bss_info with cipher after setting the group key
36e1577cb3d3 mt76: mt7915: update bss_info with cipher after setting the group key
d42590d8fcc8 mt76: make cipher in struct mt76_vif u8 instead of enum
11602b8505c6 mt76: mt7615e: process txfree and txstatus without allocating skbs
2ef775c10bd3 linux-firmware: add firmware for MT7916
976ea3879730 mt76: mt7915: add support for passing chip/firmware debug data to user space
d11bd7bd83f4 tools: add support for sending firmware debug data via udp
dc8e2e8dcd34 mt76: mt7921: do not always disable fw runtime-pm
7063127f852b mt76: mt7921: fix a leftover race in runtime-pm
f78f4334b0b2 mt76: mt7615: fix a leftover race in runtime-pm
f1f94d19c160 mt76: mt7915: fix ht mcs in mt7915_mac_add_txs_skb()
c2ff2f0d6d19 mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb()
3e7954a0b32e mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl
3c2cc9034376 mt76: mt7921e: fix possible probe failure after reboot
f7f6c6dcc6eb mt76: mt7921: fix crash when startup fails.
8656198c925b mt76: sdio: disable interrupt in mt76s_sdio_irq
6204d61ab821 mt76: mt7921: fix endianness issues in mt7921_mcu_set_tx()
68c5aa56f5f2 mt76: mt7921: toggle runtime-pm adding a monitor vif
541e4e8d3c3e mt76: mt7915: set bssinfo/starec command when adding interface
78770f741af9 mt76: mt7915: introduce mt7915_set_radar_background routine
93c03778f92e mt76: mt7915: enable radar trigger on rdd2
4c76a6c3a1f2 mt76: mt7915: introduce rdd_monitor debugfs node
5b94045f927e mt76: mt7915: report radar pattern if detected by rdd2
22094b27ff6a mt76: mt7915: enable radar background detection
4282ca57a143 mt76: connac: move mt76_connac_lmac_mapping in mt76-connac module
0f16c67657a2 mt76: mt7915: add missing DATA4_TB_SPTL_REUSE1 to mt7915_mac_decode_he_radiotap
9a16d33311a7 mt76: mt7921: remove duplicated code in mt7921_mac_decode_he_radiotap
639b55fdc95e mt76: mt7615: add support for LG LGSBWAC02 (MT7663BUN)
ebbd2717a16e mt76: mt7663s: flush runtime-pm queue after waking up the device
37c3bf2256de mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update
96959bd15eef mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update
4e42e55ce636 mt76: stop the radar detector after leaving dfs channel
8b32439d5a86 mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta
b4e6f0d6f15a mt76: mt7921s: fix a possible memory leak in mt7921_load_patch
15398f1e8385 mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs()
607eda6eb032 mt76: mt7915: update max_mpdu_size in mt7915_mcu_sta_amsdu_tlv()
69d20f2e6cb0 mt76: mt7915: fix the nss setting in bitrates
c3ffa536249a mt76: sdio: honor the largest Tx buffer the hardware can support
e3e3562f8fa0 mt76: mt7921s: run sleep mode by default
553200cf63fd firmware: update mt7662 firmware to version 2.3
20d1fed838b9 mt76x02: improve mac error check/reset reliability
9b2ac62d6f31 mt76: mt76x02: improve tx hang detection
fae295af31eb mt76: mt7915: fix/rewrite the dfs state handling logic
e0f9479bf893 mt76: mt7615: fix/rewrite the dfs state handling logic
822e1135e7e1 mt76: mt76x02: use mt76_phy_dfs_state to determine radar detector state
f8c0ed1e6bdf mt76: do not always copy ethhdr in reverse_frag0_hdr_trans
ab9b8078427a mt76: dma: initialize skip_unmap in mt76_dma_rx_fill

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Felix Fietkau
0b5a547ef0 mac80211: backport support for background radar detection
Will be used in an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Felix Fietkau
03ea0405a6 mac80211: backport MBSSID/EMA support patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Felix Fietkau
543ada64ed mac80211: reorganize patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Felix Fietkau
02b9b6872a mac80211: backport support for ndo_fill_forward_path
Will be used in an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Etienne Champetier
0e32c6baf3 iptables: add ip{,6}tables-legacy{,-restore,-save} symlinks
Now that we can have both legacy and nft iptables variants
installed at the same time, install the legacy symlinks

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
Etienne Champetier
3a5df36cf6 iptables: use ALTERNATIVES for ip(6)tables(-nft)
As nftables is now the default, ip(6)tables-nft gets higher priority

The removed symlinks ("$(CP)" line) will now be installed by the
ALTERNATIVES mechanism

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
Etienne Champetier
b0bd6599e8 iptables: rework ip(6)tables-nft dependencies
according to iptables-nft man page,
"These tools use the libxtables framework extensions and hook to the nf_tables
kernel subsystem using the nft_compat module."

This means that to work, iptables-nft needs the same modules as
iptables legacy except the ip(6)table-{filter,mangle,nat,raw}
ip_tables, ip6tables.
When those modules are loaded iptables-nft-save output contains
"# Warning: iptables-legacy tables present, use iptables-legacy-save to see them"
But as long as it's empty it should not be a problem.

To have nft properly display the rules created by ip(6)tables-nft we need
all iptables targets and matches to be built as extension and not built-in
(/usr/lib/iptables/libip(6)t_*.so)

When switching a package to iptables-nft, you need to keep the
iptables-mod-* dependencies

This patch does minimal changes:
- remove the direct iptables-nft -> iptables dependency
- and more important add nft-compat dependency

The rule
iptables-nft -A OUTPUT -d 8.8.8.8 -m comment --comment "aaa" -j REJECT
becomes
table ip filter {
	chain OUTPUT {
		type filter hook output priority filter; policy accept;
		ip daddr 8.8.8.8 # xt_comment counter packets 0 bytes 0 # xt_REJECT
	}
}

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
Etienne Champetier
1ebb8e3b6b netfilter: add kmod-nft-compat
This modules is required by iptables-nft

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-02 23:24:03 +01:00
Etienne Champetier
4e7ad15904 iptables: fix ip6tables-nft description
ip6tables-nft packages ip6tables* utils not iptables*

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-02 23:24:03 +01:00
Etienne Champetier
a5c8811c04 iptables: fix ip6tables-extra description
The define was referencing ip6tables-mod-extra instead of ip6tables-extra

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-02 23:24:03 +01:00
Daniel Golle
4367d4f869
uqmi: update to git HEAD
f254fc5 uqmi: add support for get operating mode

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-02 02:37:21 +00:00
Alar Aun
70eedac9b3 ipq40xx: add MikroTik cAP ac support
This adds support for the MikroTik RouterBOARD RBcAPGi-5acD2nD
(cAP ac), a  indoor dual band, dual-radio 802.11ac wireless AP, two
10/100/1000 Mbps Ethernet ports.

See https://mikrotik.com/product/cap_ac for more info.

Specifications:
 - SoC: Qualcomm Atheros IPQ4018
 - RAM: 128 MB
 - Storage: 16 MB NOR
 - Wireless:
   · Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, 2.5 dBi antennae
   · Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 2.5 dBi antennae
 - Ethernet: Built-in IPQ4018 (SoC, QCA8075) , 2x 1000/100/10 port,
   PoE in and passive PoE out

Unsupported:
 - PoE out

Installation:
Boot the initramfs image via TFTP and then flash the sysupgrade
image using "sysupgrade -n"

Signed-off-by: Alar Aun <alar.aun@gmail.com>
2022-02-01 23:18:58 +01:00
Sergey V. Lobanov
93d91197b9 wolfssl: update to 5.1.1-stable
Bump from 4.8.1-stable to 5.1.1-stable

Detailed release notes: https://github.com/wolfSSL/wolfssl/releases

Upstreamed patches:
001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch -
 fa8f23284d
002-Update-macro-guard-on-SHA256-transform-call.patch -
 f447e4c1fa

Refreshed patches:
100-disable-hardening-check.patch
200-ecc-rng.patch

CFLAG -DWOLFSSL_ALT_CERT_CHAINS replaced to --enable-altcertchains
configure option

The size of the ipk changed on aarch64 like this:
491341 libwolfssl4.8.1.31258522_4.8.1-stable-7_aarch64_cortex-a53.ipk
520322 libwolfssl5.1.1.31258522_5.1.1-stable-1_aarch64_cortex-a53.ipk

Tested-by: Alozxy <alozxy@users.noreply.github.com>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-02-01 23:18:01 +01:00
Marek Behún
45d541bb40 kernel: add kmod-vrf
Add option to compile kmod-vrf, support for Virtual Routing and
Forwarding (Lite).

This module depends on NET_L3_MASTER_DEV, which is a boolean kernel
option, so we need to create a configuration option also for this, and
make kmod-vrf depend on it.

Signed-off-by: Marek Behún <kabel@kernel.org>
2022-02-01 22:59:09 +01:00
Hauke Mehrtens
6cab21bd6d kernel: Make kmod-usb-net-lan78xx depend on kmod-of-mdio
kmod-usb-net-lan78xx depends on kmod-of-mdio when this package is
activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
8c1a84aada uboot-envtools: Update to version 2022.01
The sizes of the ipk changed on MIPS 24Kc like this:
13281 uboot-envtools_2021.01-54_mips_24kc.ipk
13308 uboot-envtools_2022.01-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
392609543d libcap: Update to version 2.63
The sizes of the ipk changed on MIPS 24Kc like this:
11248 libcap_2.51-1_mips_24kc.ipk
14461 libcap_2.63-1_mips_24kc.ipk

18864 libcap-bin_2.51-1_mips_24kc.ipk
20576 libcap-bin_2.63-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
8c2445a0e4 e2fsprogs: Update to version 1.46.5
The sizes of the ipk changed on MIPS 24Kc like this:
  8788 badblocks_1.45.6-2_mips_24kc.ipk
  8861 badblocks_1.46.5-1_mips_24kc.ipk

  3652 chattr_1.45.6-2_mips_24kc.ipk
  3657 chattr_1.46.5-1_mips_24kc.ipk

 58128 debugfs_1.45.6-2_mips_24kc.ipk
 60279 debugfs_1.46.5-1_mips_24kc.ipk

  8551 dumpe2fs_1.45.6-2_mips_24kc.ipk
  8567 dumpe2fs_1.46.5-1_mips_24kc.ipk

  4797 e2freefrag_1.45.6-2_mips_24kc.ipk
  4791 e2freefrag_1.46.5-1_mips_24kc.ipk

159790 e2fsprogs_1.45.6-2_mips_24kc.ipk
168212 e2fsprogs_1.46.5-1_mips_24kc.ipk

  7083 e4crypt_1.45.6-2_mips_24kc.ipk
  7134 e4crypt_1.46.5-1_mips_24kc.ipk

  5749 filefrag_1.45.6-2_mips_24kc.ipk
  6233 filefrag_1.46.5-1_mips_24kc.ipk

  4361 libcomerr0_1.45.6-2_mips_24kc.ipk
  4355 libcomerr0_1.46.5-1_mips_24kc.ipk

168040 libext2fs2_1.45.6-2_mips_24kc.ipk
174209 libext2fs2_1.46.5-1_mips_24kc.ipk

  8514 libss2_1.45.6-2_mips_24kc.ipk
  8613 libss2_1.46.5-1_mips_24kc.ipk

  3148 lsattr_1.45.6-2_mips_24kc.ipk
  3227 lsattr_1.46.5-1_mips_24kc.ipk

 22530 resize2fs_1.45.6-2_mips_24kc.ipk
 22909 resize2fs_1.46.5-1_mips_24kc.ipk

 33315 tune2fs_1.45.6-2_mips_24kc.ipk
 34511 tune2fs_1.46.5-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
18c6b99666 util-linux: Update to version 2.37.3
This release fixes two security mount(8) and umount(8) issues:

CVE-2021-3996
    Improper UID check in libmount allows an unprivileged user to unmount FUSE
    filesystems of users with similar UID.

CVE-2021-3995
    This issue is related to parsing the /proc/self/mountinfo file allows an
    unprivileged user to unmount other user's filesystems that are either
    world-writable themselves or mounted in a world-writable directory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
693d7c12e8 util-linux: Do not build raw any more.
The man page of the raw tool does not build because the disk-utils/raw.8
file is missing. It looks like it should be in the tar.xz file we
download, but it is missing.

We do not package the raw tool, so this is not a problem.

This fixes the following build error:
No rule to make target 'disk-utils/raw.8', needed by 'all-am'.  Stop.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
64866ba474 strace: Update to version 5.16
The sizes of the ipk changed on MIPS 24Kc like this:
289764 strace_5.14-1_mips_24kc.ipk
310899 strace_5.16-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
cec4614df8 ethtool: Update to version 5.16
795f420 cmis: Rename CMIS parsing functions
369b43a cmis: Initialize CMIS memory map
da16288 cmis: Use memory map during parsing
6acaeb9 cmis: Consolidate code between IOCTL and netlink paths
d7d15f7 sff-8636: Rename SFF-8636 parsing functions
4230597 sff-8636: Initialize SFF-8636 memory map
b74c040 sff-8636: Use memory map during parsing
799572f sff-8636: Consolidate code between IOCTL and netlink paths
9fdf45c sff-8079: Split SFF-8079 parsing function
2ccda25 netlink: eeprom: Export a function to request an EEPROM page
86792db cmis: Request specific pages for parsing in netlink path
6e2b32a sff-8636: Request specific pages for parsing in netlink path
c2170d4 sff-8079: Request specific pages for parsing in netlink path
9538f38 netlink: eeprom: Defer page requests to individual parsers
664586e Merge branch 'review/next/module-mem-map' into master
50fdaec ethtool: Set mask correctly for dumping advertised FEC modes
c5e7133 cable-test: Fix premature process termination
73091cd sff-8636: Use an SFF-8636 specific define for maximum number of channels
837c166 sff-common: Move OFFSET_TO_U16_PTR() to common header file
8658852 cmis: Initialize Page 02h in memory map
27b42a9 cmis: Initialize Banked Page 11h in memory map
340d88e cmis: Parse and print diagnostic information
eae6a99 cmis: Print Module State and Fault Cause
82012f2 cmis: Print Module-Level Controls
d7b1007 sff-8636: Print Power set and Power override bits
429f2fc Merge branch 'review/cmis-diag' into master
32457a9 monitor: do not show duplicate options in help text
c01963e Release version 5.16.

The sizes of the ipk changed on MIPS 24Kc like this:
34317 ethtool_5.15-1_mips_24kc.ipk
34311 ethtool_5.16-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
57f38e2c82 mbedtls: Update to version 2.16.12
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
  value when verifying a MAC or AEAD tag. This hardens the library in
  case the value leaks through a memory disclosure vulnerability. For
  example, a memory disclosure vulnerability could have allowed a
  man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
  mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
  (out of memory). After that, calling mbedtls_ssl_session_free()
  and mbedtls_ssl_free() would cause an internal session buffer to
  be free()'d twice. CVE-2021-44732

The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00