Commit Graph

19218 Commits

Author SHA1 Message Date
Yousong Zhou
0225df1ec8 netfilter: add kmod-nft-socket
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2022-02-28 10:24:17 +08:00
Yousong Zhou
4f443c885d netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2022-02-28 10:24:17 +08:00
Piotr Dymacz
2d5b596b49 uboot-envtools: ath79: add support for ALFA Network Tube-2HQ
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2022-02-27 16:54:54 +01:00
Christian Lamparter
1753f8c14b firmware: intel-microcode: update to 20220207
Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>:

* upstream changelog: new upstream datafile 20220207
    * Mitigates (*only* when loaded from UEFI firmware through the FIT)
      CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through
      debug port, on Pentium, Celeron and Atom processors with signatures
      0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8
      https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
    * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint
      may cause a system hang, on many processors.
    * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due
      to improper sanitization of shared resources (fast-store forward
      predictor), on many processors.
    * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some
      Atom Processors may allow information disclosure or denial of service
      via network access.
    * Fixes critical errata (functional issues) on many processors
    * Adds a MSR switch to enable RAPL filtering (default off, once enabled
      it can only be disabled by poweroff or reboot).  Useful to protect
      SGX and other threads from side-channel info leak.  Improves the
      mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many
      processors.
    * Disables TSX in more processor models.
    * Fixes issue with WBINDV on multi-socket (server) systems which could
      cause resets and unpredictable system behavior.
    * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket
      Lake) processors, to control a fix for (hopefully rare) unpredictable
      processor behavior when HyperThreading is enabled.  This MSR switch
      is enabled by default on *server* processors.  On other processors,
      it needs to be explicitly enabled by an updated UEFI/BIOS (with added
      configuration logic).  An updated operating system kernel might also
      be able to enable it.  When enabled, this fix can impact performance.
    * Updated Microcodes:
      sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912
      sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552
      sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472
      sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816
      sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008
      sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840
      sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864
      sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672
      sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672
      sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648
      sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552
      sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408
      sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384
      sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544
      sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264
      sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840
      sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752
      sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776
      sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592
      sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816
      sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568
      sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256
      sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376
      sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448
      sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480
      sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480
      sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496
      sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400
      sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
      sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
      sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184
      sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208
      sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208
      sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208
      sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184
      sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400
    * Removed Microcodes:
      sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
  * update .gitignore and debian/.gitignore.
    Add some missing items from .gitignore and debian/.gitignore.
  * ucode-blacklist: do not late-load 0x406e3 and 0x506e3.
    When the BIOS microcode is older than revision 0x7f (and perhaps in some
    other cases as well), the latest microcode updates for 0x406e3 and
    0x506e3 must be applied using the early update method.  Otherwise, the
    system might hang.  Also: there must not be any other intermediate
    microcode update attempts [other than the one done by the BIOS itself],
    either.  It must go from the BIOS microcode update directly to the
    latest microcode update.
  * source: update symlinks to reflect id of the latest release, 20220207

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-26 19:52:41 +01:00
Sergey V. Lobanov
e6a4f30ed7 iucode-tool: fix host-compile on macos and non-x86 linux
iucode-tool/host is used by intel-microcode to manipulate with
microcode.bin file. iucode-tool requires cpuid.h at compile time
for autodection feature, but non-x86 build hosts does not have
this header file (e.g. ubuntu 20.04 aarch64) or this header
generates compile time error (#error macro) (e.g. macos arm64).

This patch provides compat cpuid.h to build iucode-tool/host on
non-x86 linux hosts and macos. CPU autodectection is not required
for intel-microcode package build so compat cpuid.h is ok for
OpenWrt purposes.

glibc and argp lib are not present in macos so iucode-tool/host
build fails. This patch adds argp-standalone/host as build
dependency if host os is macos.

Generated ucode (intel-microcode package) is exactly the same on
Linux x86_64 (Ubuntu 20.04), Linux aarch64 (Ubuntu 20.04) and
Darwin arm64 (MacOS 11.6) build hosts.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-02-26 19:52:41 +01:00
Sergey V. Lobanov
64d159cdad argp-standalone: add host-compile ability
This patch adds host-compile ability to argp-standalone for build
hosts without glibc and argp lib, e.g. MacOS.

iucode-tool/host can not be built on MacOS due to lack of argp.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-02-26 19:52:41 +01:00
Lucian Cristian
fbf485e6c6 mbedtls: update to 2.28.0 LTS branch
<https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0>
"Mbed TLS 2.28 is a long-time support branch.
It will be supported with bug-fixes and security
fixes until end of 2024."

<https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md>
"Currently, the only supported LTS branch is: mbedtls-2.28.
For a short time we also have the previous LTS, which has
recently ended its support period, mbedtls-2.16.
This branch will move into the archive namespace around the
time of the next release."

this will also add support for uacme ualpn support.

size changes
221586 libmbedtls12_2.28.0-1_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(remark about 2.16's EOS, slightly reworded)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-26 19:52:41 +01:00
Lech Perczak
7ac8da0060 ath79: support ZTE MF286A/R
ZTE MF286A and MF286R are indoor LTE category 6/7 CPE router with simultaneous
dual-band 802.11ac plus 802.11n Wi-Fi radios and quad-port gigabit
Ethernet switch, FXS and external USB 2.0 port.

Hardware highlights:
- CPU: QCA9563 SoC at 775MHz,
- RAM: 128MB DDR2,
- NOR Flash: MX25L1606E 2MB SPI Flash, for U-boot only,
- NAND Flash: W25N01GV 128MB SPI NAND-Flash, for all other data,
- Wi-Fi 5GHz: QCA9886 2x2 MIMO 802.11ac Wave2 radio,
- WI-Fi 2.4GHz: QCA9563 3x3 MIMO 802.11n radio,
- Switch: QCA8337v2 4-port gigabit Ethernet, with single SGMII CPU port,
- WWAN:
  [MF286A] MDM9230-based category 6 internal LTE modem
  [MF286R] PXA1826-based category 7 internal LTE modem
  in extended  mini-PCIE form factor, with 3 internal antennas and
  2 external antenna connections, single mini-SIM slot.
- FXS: one external ATA port (handled entirely by modem part) with two
  physical connections in parallel,
- USB: Single external USB 2.0 port,
- Switches: power switch, WPS, Wi-Fi and reset buttons,
- LEDs: Wi-Fi, Test (internal). Rest of LEDs (Phone, WWAN, Battery,
  Signal state) handled entirely by modem. 4 link status LEDs handled by
  the switch on the backside.
- Battery: 3Ah 1-cell Li-Ion replaceable battery, with charging and
  monitoring handled by modem.
- Label MAC device: eth0

The device shares many components with previous model, MF286, differing
mostly by a Wave2 5GHz radio, flash layout and internal LED color.
In case of MF286A, the modem is the same as in MF286. MF286R uses a
different modem based on Marvell PXA1826 chip.

Internal modem of MF286A is supported via uqmi, MF286R modem isn't fully
supported, but it is expected to use comgt-ncm for connection, as it
uses standard 3GPP AT commands for connection establishment.

Console connection: connector X2 is the console port, with the following
pinout, starting from pin 1, which is the topmost pin when the board is
upright:
- VCC (3.3V). Do not use unless you need to source power for the
  converer from it.
- TX
- RX
- GND
Default port configuration in U-boot as well as in stock firmware is
115200-8-N-1.

Installation:
Due to different flash layout from stock firmware, sysupgrade from
within stock firmware is impossible, despite it's based on QSDK which
itself is based on OpenWrt.

STEP 0: Stock firmware update:
As installing OpenWrt cuts you off from official firmware updates for
the modem part, it is recommended to update the stock firmware to latest
version before installation, to have built-in modem at the latest firmware
version.

STEP 1: gaining root shell:

Method 1:
This works if busybox has telnetd compiled in the binary.
If this does not work, try method 2.

Using well-known exploit to start telnetd on your router - works
only if Busybox on stock firmware has telnetd included:
- Open stock firmware web interface
- Navigate to "URL filtering" section by going to "Advanced settings",
  then "Firewall" and finally "URL filter".
- Add an entry ending with "&&telnetd&&", for example
  "http://hostname/&&telnetd&&".
- telnetd will immediately listen on port 4719.
- After connecting to telnetd use "admin/admin" as credentials.

Method 2:
This works if busybox does not have telnetd compiled in. Notably, this
is the case in DNA.fi firmware.
If this does not work, try method 3.

- Set IP of your computer to 192.168.0.22. (or appropriate subnet if
  changed)
- Have a TFTP server running at that address
- Download MIPS build of busybox including telnetd, for example from:
  https://busybox.net/downloads/binaries/1.21.1/busybox-mips
  and put it in it's root directory. Rename it as "telnetd".
- As previously, login to router's web UI and navigate to "URL
  filtering"
- Using "Inspect" feature, extend "maxlength" property of the input
  field named "addURLFilter", so it looks like this:
  <input type="text" name="addURLFilter" id="addURLFilter" maxlength="332"
    class="required form-control">
- Stay on the page - do not navigate anywhere
- Enter "http://aa&zte_debug.sh 192.168.0.22 telnetd" as a filter.
- Save the settings. This will download the telnetd binary over tftp and
  execute it. You should be able to log in at port 23, using
  "admin/admin" as credentials.

Method 3:
If the above doesn't work, use the serial console - it exposes root shell
directly without need for login. Some stock firmwares, notably one from
finnish DNA operator lack telnetd in their builds.

STEP 2: Backing up original software:
As the stock firmware may be customized by the carrier and is not
officially available in the Internet, IT IS IMPERATIVE to back up the
stock firmware, if you ever plan to returning to stock firmware.
It is highly recommended to perform backup using both methods, to avoid
hassle of reassembling firmware images in future, if a restore is
needed.

Method 1: after booting OpenWrt initramfs image via TFTP:
PLEASE NOTE: YOU CANNOT DO THIS IF USING INTERMEDIATE FIRMWARE FOR INSTALLATION.
- Dump stock firmware located on stock kernel and ubi partitions:

  ssh root@192.168.1.1: cat /dev/mtd4 > mtd4_kernel.bin
  ssh root@192.168.1.1: cat /dev/mtd9 > mtd9_ubi.bin

And keep them in a safe place, should a restore be needed in future.

Method 2: using stock firmware:
- Connect an external USB drive formatted with FAT or ext4 to the USB
  port.
- The drive will be auto-mounted to /var/usb_disk
- Check the flash layout of the device:

  cat /proc/mtd

  It should show the following:
  mtd0: 000a0000 00010000 "u-boot"
  mtd1: 00020000 00010000 "u-boot-env"
  mtd2: 00140000 00010000 "reserved1"
  mtd3: 000a0000 00020000 "fota-flag"
  mtd4: 00080000 00020000 "art"
  mtd5: 00080000 00020000 "mac"
  mtd6: 000c0000 00020000 "reserved2"
  mtd7: 00400000 00020000 "cfg-param"
  mtd8: 00400000 00020000 "log"
  mtd9: 000a0000 00020000 "oops"
  mtd10: 00500000 00020000 "reserved3"
  mtd11: 00800000 00020000 "web"
  mtd12: 00300000 00020000 "kernel"
  mtd13: 01a00000 00020000 "rootfs"
  mtd14: 01900000 00020000 "data"
  mtd15: 03200000 00020000 "fota"
  mtd16: 01d00000 00020000 "firmware"

  Differences might indicate that this is NOT a MF286A device but
  one of other variants.
- Copy over all MTD partitions, for example by executing the following:

  for i in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do cat /dev/mtd$i > \
  /var/usb_disk/mtd$i; done

  "Firmware" partition can be skipped, it is a concatenation
  of "kernel" and "rootfs".

- If the count of MTD partitions is different, this might indicate that
  this is not a MF286A device, but one of its other variants.
- (optionally) rename the files according to MTD partition names from
  /proc/mtd
- Unmount the filesystem:

  umount /var/usb_disk; sync

  and then remove the drive.
- Store the files in safe place if you ever plan to return to stock
  firmware. This is especially important, because stock firmware for
  this device is not available officially, and is usually customized by
  the mobile providers.

STEP 3: Booting initramfs image:

Method 1: using serial console (RECOMMENDED):
- Have TFTP server running, exposing the OpenWrt initramfs image, and
  set your computer's IP address as 192.168.0.22. This is the default
  expected by U-boot. You may wish to change that, and alter later
  commands accordingly.
- Connect the serial console if you haven't done so already,
- Interrupt boot sequence by pressing any key in U-boot when prompted
- Use the following commands to boot OpenWrt initramfs through TFTP:

  setenv serverip 192.168.0.22
  setenv ipaddr 192.168.0.1
  tftpboot 0x81000000 openwrt-ath79-nand-zte_mf286a-initramfs-kernel.bin
  bootm 0x81000000

  (Replace server IP and router IP as needed). There is no  emergency
  TFTP boot sequence triggered by buttons, contrary to MF283+.
- When OpenWrt initramfs finishes booting, proceed to actual
  installation.

Method 2: using initramfs image as temporary boot kernel
This exploits the fact, that kernel and rootfs MTD devices are
consecutive on NAND flash, so from within stock image, an initramfs can
be written to this area and booted by U-boot on next reboot, because it
uses "nboot" command which isn't limited by kernel partition size.
- Download the initramfs-kernel.bin image
- After backing up the previous MTD contents, write the images to the
  "firmware" MTD device, which conveniently concatenates "kernel" and
  "rootfs" partitions that can fit the initramfs image:

  nandwrite -p /dev/<firmware-mtd> \
  /var/usb_disk/openwrt-ath79-zte_mf286a-initramfs-kernel.bin

- If write is OK, reboot the device, it will reboot to OpenWrt
  initramfs:

  reboot -f

- After rebooting, SSH into the device and use sysupgrade to perform
  proper installation.

Method 3: using built-in TFTP recovery (LAST RESORT):
- With that method, ensure you have complete backup of system's NAND
  flash first. It involves deliberately erasing the kernel.
- Download "-initramfs-kernel.bin" image for the device.
- Prepare the recovery image by prepending 8MB of zeroes to the image,
  and name it root_uImage:

  dd if=/dev/zero of=padding.bin bs=8M count=1

  cat padding.bin openwrt-ath79-nand-zte_mf286a-initramfs-kernel.bin >
  root_uImage

- Set up a TFTP server at 192.0.0.1/8. Router will use random address
  from that range.
- Put the previously generated "root_uImage" into TFTP server root
  directory.
- Deliberately erase "kernel" partition" using stock firmware after
  taking backup. THIS IS POINT OF NO RETURN.
- Restart the device. U-boot will attempt flashing the recovery
  initramfs image, which will let you perform actual installation using
  sysupgrade. This might take a considerable time, sometimes the router
  doesn't establish Ethernet link properly right after booting. Be
  patient.
- After U-boot finishes flashing, the LEDs of switch ports will all
  light up. At this moment, perform power-on reset, and wait for OpenWrt
  initramfs to finish booting. Then proceed to actual installation.

STEP 4: Actual installation:
- Set your computer IP to 192.168.1.22/24
- scp the sysupgrade image to the device:

  scp openwrt-ath79-nand-zte_mf286a-squashfs-sysupgrade.bin \
  root@192.168.1.1:/tmp/

- ssh into the device and execute sysupgrade:

  sysupgrade -n /tmp/openwrt-ath79-nand-zte_mf286a-squashfs-sysupgrade.bin

- Wait for router to reboot to full OpenWrt.

STEP 5: WAN connection establishment
Since the router is equipped with LTE modem as its main WAN interface, it
might be useful to connect to the Internet right away after
installation. To do so, please put the following entries in
/etc/config/network, replacing the specific configuration entries with
one needed for your ISP:

config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option auth '<auth>' # As required, usually 'none'
        option pincode '<pin>' # If required by SIM
        option apn '<apn>' # As required by ISP
        option pdptype '<pdp>' # Typically 'ipv4', or 'ipv4v6' or 'ipv6'

For example, the following works for most polish ISPs
config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option auth 'none'
        option apn 'internet'
        option pdptype 'ipv4'

The required minimum is:
config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
In this case, the modem will use last configured APN from stock
firmware - this should work out of the box, unless your SIM requires
PIN which can't be switched off.

If you have build with LuCI, installing luci-proto-qmi helps with this
task.

Restoring the stock firmware:

Preparation:
If you took your backup using stock firmware, you will need to
reassemble the partitions into images to be restored onto the flash. The
layout might differ from ISP to ISP, this example is based on generic stock
firmware
The only partitions you really care about are "web", "kernel", and
"rootfs". These are required to restore the stock firmware through
factory TFTP recovery.

Because kernel partition was enlarged, compared to stock
firmware, the kernel and rootfs MTDs don't align anymore, and you need
to carve out required data if you only have backup from stock FW:
- Prepare kernel image
  cat mtd12_kernel.bin mtd13_rootfs.bin > owrt_kernel.bin
  truncate -s 4M owrt_kernel_restore.bin
- Cut off first 1MB from rootfs
  dd if=mtd13_rootfs.bin of=owrt_rootfs.bin bs=1M skip=1
- Prepare image to write to "ubi" meta-partition:
  cat mtd6_reserved2.bi mtd7_cfg-param.bin mtd8_log.bin mtd9_oops.bin \
  mtd10_reserved3.bin mtd11_web.bin owrt_rootfs.bin > \
  owrt_ubi_ubi_restore.bin

You can skip the "fota" partition altogether,
it is used only for stock firmware update purposes and can be overwritten
safely anyway. The same is true for "data" partition which on my device
was found to be unused at all. Restoring mtd5_cfg-param.bin will restore
the stock firmware configuration you had before.

Method 1: Using initramfs:
This method is recmmended if you took your backup from within OpenWrt
initramfs, as the reassembly is not needed.
- Boot to initramfs as in step 3:
- Completely detach ubi0 partition using ubidetach /dev/ubi0_0
- Look up the kernel and ubi partitions in /proc/mtd
- Copy over the stock kernel image using scp to /tmp
- Erase kernel and restore stock kernel:
  (scp mtd4_kernel.bin root@192.168.1.1:/tmp/)
  mtd write <kernel_mtd> mtd4_kernel.bin
  rm mtd4_kernel.bin
- Copy over the stock partition backups one-by-one using scp to /tmp, and
  restore them individually. Otherwise you might run out of space in
  tmpfs:

  (scp mtd3_ubiconcat0.bin root@192.168.1.1:/tmp/)

  mtd write <ubiconcat0_mtd> mtd3_ubiconcat0.bin
  rm mtd3_ubiconcat0.bin

  (scp mtd5_ubiconcat1.bin root@192.168.1.1:/tmp/)

  mtd write <ubiconcat1_mtd> mtd5_ubiconcat1.bin
  rm mtd5_ubiconcat1.bin

- If the write was correct, force a device reboot with

  reboot -f

Method 2: Using live OpenWrt system (NOT RECOMMENDED):
- Prepare a USB flash drive contatining MTD backup files
- Ensure you have kmod-usb-storage and filesystem driver installed for
  your drive
- Mount your flash drive

  mkdir /tmp/usb

  mount /dev/sda1 /tmp/usb

- Remount your UBI volume at /overlay to R/O

  mount -o remount,ro /overlay

- Write back the kernel and ubi partitions from USB drive

  cd /tmp/usb
  mtd write mtd4_kernel.bin /dev/<kernel_mtd>

  mtd write mtd9_ubi.bin /dev/<kernel_ubi>

- If everything went well, force a device reboot with
  reboot -f

Last image may be truncated a bit due to lack of space in RAM, but this will happen over "fota"
MTD partition which may be safely erased after reboot anyway.

Method 3: using built-in TFTP recovery:
This method is recommended if you took backups using stock firmware.
- Assemble a recovery rootfs image from backup of stock partitions by
  concatenating "web", "kernel", "rootfs" images dumped from the device,
  as "root_uImage"
- Use it in place of "root_uImage" recovery initramfs image as in the
  TFTP pre-installation method.

Quirks and known issuesa
- It was observed, that CH340-based USB-UART converters output garbage
  during U-boot phase of system boot. At least CP2102 is known to work
  properly.
- Kernel partition size is increased to 4MB compared to stock 3MB, to
  accomodate future kernel updates - at this moment OpenWrt 5.10 kernel
  image is at 2.5MB which is dangerously close to the limit. This has no
  effect on booting the system - but keep that in mind when reassembling
  an image to restore stock firmware.
- uqmi seems to be unable to change APN manually, so please use the one
  you used before in stock firmware first. If you need to change it,
  please use protocok '3g' to establish connection once, or use the
  following command to change APN (and optionally IP type) manually:
  echo -ne 'AT+CGDCONT=1,"IP","<apn>' > /dev/ttyUSB0
- The only usable LED as a "system LED" is the blue debug LED hidden
  inside the case. All other LEDs are controlled by modem, on which the
  router part has some influence only on Wi-Fi LED.
- Wi-Fi LED currently doesn't work while under OpenWrt, despite having
  correct GPIO mapping. All other LEDs are controlled by modem,
  including this one in stock firmware. GPIO19, mapped there only acts
  as a gate, while the actual signal source seems to be 5GHz Wi-Fi
  radio, however it seems it is not the LED exposed by ath10k as
  ath10k-phy0.
- GPIO5 used for modem reset is a suicide switch, causing a hardware
  reset of whole board, not only the modem. It is attached to
  gpio-restart driver, to restart the modem on reboot as well, to ensure
  QMI connectivity after reboot, which tends to fail otherwise.
- Modem, as in MF283+, exposes root shell over ADB - while not needed
  for OpenWrt operation at all - have fun lurking around.
  The same modem module is used as in older MF286.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-02-26 17:46:10 +01:00
Petr Štetiar
104e912c27 usbmode: update to version 2022-02-24
* usbmode: add config #0 and delay before actual config

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-26 13:36:30 +01:00
Vladislav Grigoryev
abd18bd033 jsonfilter: update makefile url
Specify URL as PKG_SOURCE_URL in the jsonfilter Makefile.

Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
2022-02-26 13:36:30 +01:00
Christian Lamparter
e126a1e413 mac80211: add #if guards against 5.4 compile failures
Both struct net_device_path_ctx and struct net_device_path
are not available in 5.4. This causes an build error on the
bcm63xx target.

|mac80211/driver-ops.h: In function 'drv_net_fill_forward_path':
|driver-ops.h:1502:57: error: passing argument 4 of
|'local->ops->net_fill_forward_path' from incompatible pointer type
| [-Werror=incompatible-pointer-types]
| 1502 |                          ctx, path);
|      |                          ^~~
|      |                            |
|      |                         struct net_device_path_ctx *

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-25 17:27:28 +01:00
Hannu Nyman
97158fe10e kernel: package ramoops pstore-ram crash log storage
Package the ability to log kernel crashes to 'ramoops' pstore
files into RAM in /sys/fs/pstore

Reference to the ramoops admin guide in upstream Linux:
https://www.kernel.org/doc/html/v5.10/admin-guide/ramoops.html

The files in RAM survive a warm reboot, but not a cold reboot.

Note: kmod-ramoops selects kmod-pstore and kmod-reed-solomon.

The feature can be used by selecting the kmod-ramoops and
adding a ramoops reserved-memory definition to the device DTS.
Example from R7800:

       reserved-memory {
                rsvd@5fe00000 {
                        reg = <0x5fe00000 0x200000>;
                        reusable;
                };

                ramoops@42100000 {
                        compatible = "ramoops";
                        reg = <0x42100000 0x40000>;
                        record-size = <0x4000>;
                        console-size = <0x4000>;
                        ftrace-size = <0x4000>;
                        pmsg-size = <0x4000>;
                };
        };

If no definition has been made in DTS, no crash log is stored
for the device.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(added CONFIG_EFI_VARS_PSTORE disable)
2022-02-24 20:45:12 +01:00
Jax Jiang
1050e66c8f x86: grub2: search for the "kernel" filesystem on all disks
Previously, grub2 was hardcoded to always look on "hd0" for the
kernel.

This works well when the system only had a single disk.
But if there was a second disk/stick present, it may have look
on the wrong drive because of enumeration races.

This patch utilizes grub2 search function to look for a filesystem
with the label "kernel". This works thanks to existing setup in
scripts/gen_image_generic.sh. Which sets the "kernel" label on
both the fat and ext4 filesystem variants.

Signed-off-by: Jax Jiang <jax.jiang.007@gmail.com>
Suggested-by: Alberto Bursi <bobafetthotmail@gmail.com> (MX100 WA)
(word wrapped, slightly rewritten commit message, removed MX100 WA)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-24 20:45:12 +01:00
Claudiu Beznea
3e53eec589 at91: add support for sama7g5-ek board
Add support for SAMA7G5-EK board.
Hardware:
- SoC: SAMA7G5
- RAM: Aliance Memory AS4C256M16D3LC (4 Gbit DDR3L)
- SD/MMC: 1 standard 4bit SD Card interface
- USB: 1 Micro-AB host/device, 1 Type-A host, 1 Type-C host
- CAN: 2 interfaces
- Ethernet: 10/100 port, 1Gbps port
- Wi-Fi/BT: 1 optional interface
- Audio: 1 SPDIF RX port, 1 SPDIF TX port, 4 digital microphones
- Camera: 1 RPi CSI camera interface
- Debug: 1 J-Link-OB + CDC, 1 JTAG
- LEDs: 1 RGB
- Buttons: 4 push buttons
- Expansions: 1 RPi Expansion connector, 2 mikroBUS connectors
- Power management: 1 power management IC, 1 power consumption
  measurement device

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-02-24 19:05:29 +01:00
Claudiu Beznea
3ed992a996 uboot-at91: update to linux4sam-2021.10
Update uboot-at91 to linux4sam-2021.10 version.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-02-24 19:05:28 +01:00
Claudiu Beznea
bf13b2da2a at91bootstrap: update to v3.10.4, v4.0.1
AT91Bootstrap version 4 is available only for SAM9X60, SAMA5D2, SAMA5D3,
SAMA5D4, SAMA7G5. Thus use v4.0.1 for the above targets and v3.10.4 for
the rest of them. With the switch to v4 AT91Bootstrap binaries are now
on build/binaries. Take also this into account. Also, patches directory
is not needed anymore with the version update.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-02-24 19:05:28 +01:00
Rucke Teg
e040d31177 base-file: remove password aging feature form /etc/shadow
In the default shadow file, as visible in the failsafe mode, the user
root has value of `0` set in  the 3rd field, the date of last password
change. This setting means that the password needs to be changed the
next time the user will log in the system. `dropbear` server is ignoring
this setting but `openssh-server` tries to enforce it and fails in the
failsafe mode because the rootfs is R/O.

Disable the password aging feature for user root by setting the 3rd
filed empty.

Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
2022-02-24 18:10:30 +01:00
Nick Lowe
e8d048c5e0 hostapd: SAE - Enable hunting-and-pecking and H2E
Enable both the hunting-and-pecking loop and hash-to-element mechanisms
by default in OpenWRT with SAE.

Commercial Wi-Fi solutions increasingly frequently now ship with both
hunting-and-pecking and hash-to-element (H2E) enabled by default as this
is more secure and more performant than offering hunting-and-pecking
alone for H2E capable clients.

The hunting and pecking loop mechanism is inherently fragile and prone to
timing-based side channels in its design and is more computationally
intensive to perform. Hash-to-element (H2E) is its long-term
replacement to address these concerns.

For clients that only support the hunting-and-pecking loop mechanism,
this is still available to use by default.

For clients that in addition support, or were to require, the
hash-to-element (H2E) mechanism, this is then available for use.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2022-02-24 18:04:05 +01:00
Petr Štetiar
b9251e3b40 wolfssl: fix API breakage of SSL_get_verify_result
Backport fix for API breakage of SSL_get_verify_result() introduced in
v5.1.1-stable.  In v4.8.1-stable SSL_get_verify_result() used to return
X509_V_OK when used on LE powered sites or other sites utilizing
relaxed/alternative cert chain validation feature. After an update to
v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA
error and thus rendered all such connection attempts imposible:

 $ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org"
 Downloading 'https://letsencrypt.org'
 Connecting to 18.159.128.50:443
 Connection error: Invalid SSL certificate

Fixes: #9283
References: https://github.com/wolfSSL/wolfssl/issues/4879
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-22 20:27:15 +01:00
Daniel Golle
2baded9ecc
base-files: make sure tools are present in sysupgrade ramdisk
Not all targets create /var/lock or touch /var/lock/fw_printenv.lock in
their platform.sh. This is problematic as fw_printenv then fails in
case /var/lock/fw_printenv.lock has not been created by previous calls
to fw_printenv/fw_setenv before sysupgrade is run.

Targets using fw_printenv/fw_setenv during sysupgrade:
 * ath79/*
 * ipq40xx/*
 * ipq806x/*
 * kirkwood/*
 * layerscape/*
 * mediatek/mt7622
 * mvebu/*
 * ramips/*
 * realtek/*

Targets currently using additional steps in /lib/upgrade/platform.sh
to make sure /var/lock/fw_printenv.lock (or at least /var/lock)
actually exists:
 * ath79/* (openmesh devices)
 * ipq40xx/* (linksys devices)
 * ipq806x/* (linksys devices)
 * kirkwood/* (linksys devices)
 * layerscape/*
 * mvebu/cortexa9 (linksys devices)

Given that accessing the U-Boot environment during sysupgrade is not
uncommon and the situation across targets is currently quite diverse,
just make sure both tools as well fw_env.config are always copied to
the ramdisk used for sysupgrade. Also make sure /var/lock always
exists.

This now allows to remove copying of fw_printenv/fw_setenv as well as
fw_env.config, creation of /var/lock or even /var/lock/fw_printenv.lock
from lib/upgrade/platform.sh or files included there.

As the same applies also to 'fwtool' which is used by generic eMMC
sysupgrade, also always copy that to ramdisk.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-22 19:16:03 +00:00
Eneas U de Queiroz
0134f845da openssl: configure engines with uci
This uses uci to configure engines, by generating a list of enabled
engines in /var/etc/ssl/engines.cnf from engines configured in
/etc/config/openssl:

    config engine 'devcrypto'
            option enabled '1'

Currently the only options implemented are 'enabled', which defaults to
true and enables the named engine, and the 'force' option, that enables
the engine even if the init script thinks the engine does not exist.

The existence test is to check for either a configuration file
/etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file
/usr/lib/engines-1.1/%ENGINE%.so.

The engine list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped.  It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-02-22 16:37:23 +01:00
Eneas U de Queiroz
30b0351039 openssl: configure engine packages during install
This enables an engine during its package's installation, by adding it
to the engines list in /etc/ssl/engines.cnf.d/engines.cnf.

The engine build system was reworked, with the addition of an engine.mk
file that groups some of the engine packages' definitions, and could be
used by out of tree engines as well.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-02-22 16:37:23 +01:00
Eneas U de Queiroz
17a6ca12d3 openssl: config engines in /etc/ssl/engines.cnf.d
This changes the configuration of engines from the global openssl.cnf to
files in the /etc/ssl/engines.cnf.d directory.  The engines.cnf file has
the list of enabled engines, while each engine has its own configuration
file installed under /etc/ssl/engines.cnf.d.

Patches were refreshed with --zero-commit.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-02-22 16:37:23 +01:00
Felix Fietkau
cbfce92367 qosify: update to the latest version
65b42032063f interface: add missing autorate-ingress options

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-20 18:13:14 +01:00
Josef Schlehofer
696f0a1cb4 uboot-mvebu: backport pending patches for Marvell A38x
100-ddr-marvell-a38x-fix-BYTE_HOMOGENEOUS_SPLIT_OUT-deci.patch [1]:
SoC Marvell A38x is used in Turris Omnia, and we thought that with recent
fiddling around DDR training to fix it once for all, there were
reproduced the issue in the upcoming new revision Turris Omnia boards.

101-arm-mvebu-spl-Add-option-to-reset-the-board-on-DDR-t.patch [2]:
This is useful when some board may occasionally fail with DDR training,
and it adds the option to reset the board on the DDR training failure

102-arm-mvebu-turris_omnia-Reset-the-board-immediately-o.patch [3]:
This enables the option CONFIG_DDR_RESET_ON_TRAINING_FAILURE (added by
101 patch), so the Turris Omnia board is restarted immediately, and it
does not require to reset the board manually or wait 120s for MCU to
reset the board

[1] https://patchwork.ozlabs.org/project/uboot/patch/20220217000837.13003-1-kabel@kernel.org/
[2] https://patchwork.ozlabs.org/project/uboot/patch/20220217000849.13028-1-kabel@kernel.org/
[3] https://patchwork.ozlabs.org/project/uboot/patch/20220217000849.13028-2-kabel@kernel.org/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-02-20 14:26:42 +01:00
Florian Eckert
808210d992 mac80211: add debug compile option for rtw88 devices
This commit adds the following package compile options.

CONFIG_PACKAGE_RTW88_DEBGUG:
Compile the driver with additional debug logging output

CONFIG_PACKAGE_RTW88_DEBGUGFS:
Add the possibility to map information about the driver rtw88 into
debugfs.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-02-20 14:26:40 +01:00
Lech Perczak
411940ded4 ath79: uboot-envtools: fix partition for ZTE MF286
By mistake, a wrong partition for U-boot environment was introduced for
ZTE MF286 while adding support, when flash layout wasn't finalized. Fix
that, according to the actual flash layout:
dev:    size   erasesize  name
mtd0: 00140000 00020000 "fota-flag"
mtd1: 00140000 00020000 "caldata"
mtd2: 00140000 00020000 "mac"
mtd3: 00f40000 00020000 "ubiconcat0"
mtd4: 00400000 00020000 "kernel"
mtd5: 06900000 00020000 "ubiconcat1"
mtd6: 00080000 00010000 "u-boot"
mtd7: 00020000 00010000 "u-boot-env"
mtd8: 07840000 00020000 "ubi"

Fixes: 8c78a13bfc ("ath79: support ZTE MF286")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-02-20 14:04:38 +01:00
Petr Štetiar
d8bf730fe0 netifd: bump to version 2022-02-20
Contains following changes:

 136006b88826 cmake: fix usage of implicit library and include paths
 bc0e84d689e2 netifd: interface-ip: don't set fib6 policies if ipv6 disabled

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-20 10:52:55 +01:00
Sungbo Eo
19a90262df wireless-regdb: update to version 2022.02.18
e061299 wireless-regdb: Raise DFS TX power limit to 250 mW (24 dBm) for the US
2ce78ed wireless-regdb: Update regulatory rules for Croatia (HR) on 6GHz
0d39f4c wireless-regdb: Update regulatory rules for South Korea (KR)
acad231 wireless-regdb: Update regulatory rules for France (FR) on 6 and 60 GHz
ea83a82 wireless-regdb: add support for US S1G channels
4408149 wireless-regdb: add 802.11ah bands to world regulatory domain
5f3cadc wireless-regdb: Update regulatory rules for Spain (ES) on 6GHz
e0ac69b Revert "wireless-regdb: Update regulatory rules for South Korea (KR)"
40e5e80 wireless-regdb: Update regulatory rules for South Korea (KR)
e427ff2 wireless-regdb: Update regulatory rules for China (CN)
0970116 wireless-regdb: Update regulatory rules for the Netherlands (NL) on 6GHz
4dac44b wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-02-20 13:47:57 +09:00
Christian Lamparter
2aa97ecb59 kernel: add kmod-hwmon-lm70 support
package hwmon's lm70.ko. This module supports the
National Semiconductor/TI LM70,LM71,LM74 and
TI TMP121,TMP122,TMP123 and TMP124 chips (all SPI).

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-19 19:34:18 +01:00
Martin Kennedy
cfe79f2eb8 mpc85xx: Patch HiveAP 330 u-boot to fix boot
When Kernel 5.10 was enabled for mpc85xx, the kernel once again became too
large upon decompression (>7MB or so) to decompress itself on boot (see
FS#4110[1]).

There have been many attempts to fix booting from a compressed kernel on
the HiveAP-330:

- b683f1c36d ("mpc85xx: Use gzip compressed kernel on HiveAP-330")
- 98089bb8ba ("mpc85xx: Use uncompressed kernel on the HiveAP-330")
- 26cb167a5c ("mpc85xx: Fix Aerohive HiveAP-330 initramfs image")

We can no longer compress the kernel due to size, and the stock bootloader
does not support any other types of compression. Since an uncompressed
kernel no longer fits in the 8MiB kernel partition at 0x2840000, we need to
patch u-boot to autoboot by running variable which isn't set by the
bootloader on each autoboot.

This commit repartitions the HiveAP, requiring a new COMPAT_VERSION,
and uses the DEVICE_COMPAT_MESSAGE to guide the user to patch u-boot,
which changes the variable run on boot to be `owrt_boot`; the user can
then set the value of that variable appropriately.

The following has been documented in the device's OpenWrt wiki page:
<https://openwrt.org/toh/aerohive/hiveap-330>. Please look there
first/too for more information.

The from-stock and upgrade from a previous installation now becomes:

0) setup a network with a dhcp server and a tftp server at serverip
(192.168.1.101) with the initramfs image in the servers root directory.

1) Hook into UART (9600 baud) and enter U-Boot. You may need to enter
a password of administrator or AhNf?d@ta06 if prompted. If the password
doesn't work. Try reseting the device by pressing and holding the reset
button with the stock OS.

2) Once in U-Boot, set the new owrt_boot and tftp+boot the initramfs image:
   Use copy and paste!

 # fw_setenv owrt_boot 'setenv bootargs \"console=ttyS0,$baudrate\";bootm 0xEC040000 - 0xEC000000'
 # save
 # dhcp
 # setenv bootargs console=ttyS0,$baudrate
 # tftpboot 0x1000000 192.168.1.101:openwrt-mpc85xx-p1020-aerohive_hiveap-330-initramfs-kernel.bin
 # bootm

3) Once openwrt booted:
carefully copy and paste this into the root shell. One step at a time

  # 3.0 install kmod-mtd-rw from the internet and load it

  opkg update; opkg install kmod-mtd-rw
  insmod mtd-rw i_want_a_brick=y

  # 3.1 create scripts that modifies uboot

cat <<- "EOF" > /tmp/uboot-update.sh
  . /lib/functions/system.sh
  cp "/dev/mtd$(find_mtd_index 'u-boot')" /tmp/uboot
  cp /tmp/uboot /tmp/uboot_patched
  ofs=$(strings -n80 -td < /tmp/uboot | grep '^ [0-9]* setenv bootargs.*cp\.l' | cut -f2 -d' ')
  for off in $ofs; do
    printf "run owrt_boot;            " | dd of=/tmp/uboot_patched bs=1 seek=${off} conv=notrunc
  done
  md5sum /tmp/uboot*
EOF

  # 3.2 run the script to do the modification

  sh /tmp/uboot-update.sh

  # verify that /tmp/uboot and /tmp/uboot_patched are good
  #
  # my uboot was: (is printed during boot)
  # U-Boot 2009.11 (Jan 12 2017 - 00:27:25), Build: jenkins-HiveOS-Honolulu_AP350_Rel-245
  #
  # d84b45a2e8aca60d630fbd422efc6b39  /tmp/uboot
  # 6dc420f24c2028b9cf7f0c62c0c7f692  /tmp/uboot_patched
  # 98ebc7e7480ce9148cd2799357a844b0  /tmp/uboot-update.sh <-- just for reference

  # 3.3 this produces the /tmp/u-boot_patched file.

  mtd write /tmp/uboot_patched u-boot

3) scp over the sysupgrade file to /tmp/ and run sysupgrade to flash OpenWrt:

  sysupgrade -n /tmp/openwrt-mpc85xx-p1020-aerohive_hiveap-330-squashfs-sysupgrade.bin

4) after the reboot, you are good to go.

Other notes:

- Note that after this sysupgrade, the AP will be unavailable for 7 minutes
  to reformat flash. The tri-color LED does not blink in any way to
  indicate this, though there is no risk in interrupting this process,
  other than the jffs2 reformat being reset.

- Add a uci-default to fix the compat version. This will prevent updates
  from previous versions without going through the installation process.

- Enable CONFIG_MTD_SPLIT_UIMAGE_FW and adjust partitioning to combine
  the kernel and rootfs into a single dts partition to maximize storage
  space, though in practice the kernel can grow no larger than 16MiB due
  to constraints of the older mpc85xx u-boot platform.

- Because of that limit, KERNEL_SIZE has been raised to 16m.

- A .tar.gz of the u-boot source for the AP330 (a.k.a. Goldengate) can
  be found here[2].

- The stock-jffs2 partition is also removed to make more space -- this
  is possible only now that it is no longer split away from the rootfs.

- the console-override is gone. The device will now get the console
  through the bootargs. This has the advantage that you can set a different
  baudrate in uboot and the linux kernel will stick with it!

- due to the repartitioning, the partition layout and names got a makeover.

- the initramfs+fdt method is now combined into a MultiImage initramfs.
  The separate fdt download is no longer needed.

- added uboot-envtools to the mpc85xx target. All targets have uboot and
  this way its available in the initramfs.

[1]: https://bugs.openwrt.org/index.php?do=details&task_id=4110
[2]: magnet:?xt=urn:btih:e53b27006979afb632af5935fa0f2affaa822a59

Tested-by: Martin Kennedy <hurricos@gmail.com>
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
(rewrote parts of the commit message, Initramfs-MultiImage,
dropped bootargs-override, added wiki entry + link, uboot-envtools)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-19 19:20:29 +01:00
Rosen Penev
fbb8e1ef45 ksmbd: add out-of-tree module
ksmbd is an upstream linux alternative to Samba which is lighterweight
and more performant, especially on underpowered devices.

Moving it here from the packages feed as it is now an upstream kernel
module. Also easier to update as version updates can be coordinated better

The next LTS kernel (5.15) has this included. A depend on kernel < 5.15
will need to be added later.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-19 18:29:42 +01:00
Rosen Penev
666d427652 linux/modules: split up oid_registry
This will be needed by ksmbd in a following commit.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-19 18:29:42 +01:00
Eneas U de Queiroz
e6df13d0e1 hostapd: fallback to psk when generating r0kh/r1kh
The 80211r r0kh and r1kh defaults are generated from the md5sum of
"$mobility_domain/$auth_secret".  auth_secret is only set when using EAP
authentication, but the default key is used for SAE/PSK as well.  In
this case,  auth_secret is empty, and the default value of the key can
be computed from the SSID alone.

Fallback to using $key when auth_secret is empty.  While at it, rename
the variable holding the generated key from 'key' to 'ft_key', to avoid
clobbering the PSK.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[make ft_key local]
Signed-off-by: David Bauer <mail@david-bauer.net>
2022-02-19 16:14:52 +01:00
David Bauer
6f78723977 hostapd: add STA extended capabilities to get_clients
Add the STAs extended capabilities to the ubus STA information. This
way, external daemons can be made aware of a STAs capabilities.

This field is of an array type and contains 0 or more bytes of a STAs
advertised extended capabilities.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-02-19 16:14:45 +01:00
Alexey Smirnov
66071729a2 base-files: add support for heartbeat led trigger
This patch adds support for creation heartbeat led trigger with,
for example, this command:

	ucidef_set_led_heartbeat "..." "..." "..."

from /etc/board.d/01_leds.

Signed-off-by: Alexey Smirnov <s.alexey@gmail.com>
2022-02-19 13:10:01 +01:00
Mauri Sandberg
2c211a901d gpio-nxp-74hc153: remove package
This module was used solely by Buffalo WZR-HP-G300NH devices
and has become obsolete with the introduction of gpio-cascade.

Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
2022-02-19 13:10:01 +01:00
Mauri Sandberg
2f50d65161 kernel: add package kmod-gpio-cascade
Adds kernel module for Generic GPIO cascade.

Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [missing commit description]
2022-02-19 13:10:01 +01:00
Mauri Sandberg
15f0074beb kernel: add package kmod-multiplexer
Adds new kernel module for GPIO controlled multiplexer support.

Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [missing commit description]
2022-02-19 13:10:01 +01:00
Daniel Golle
48ace62114
procd: update to git HEAD
a87d010 uxc: remove unused printf parameter
 ad65249 instance: exit in case asprintf() fails

Build with glibc should again work after this commit.

Fixes: e9e61d76fd ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-19 00:11:55 +00:00
Daniel Golle
e9e61d76fd
procd: update to git HEAD
df1123e uxc: add support for user-defined settings
 0272c7c uxc: allow editing settings using 'create'
 a839518 uxc: clean up error handling

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-18 03:03:34 +00:00
Daniel Golle
397de50089
base-files: Make sure rootfs_data_max is considered
For sysupgrade on NAND/UBI devices there is the U-Boot environment
variable rootfs_data_max which can be used to limit the size of the
rootfs_data volume created on sysupgrade.
This stopped working reliable with recent kernels, probably due to a
race condition when reading the number of free erase blocks from sysfs
just after removing a volume.
Change the script to just try creating rootfs_data with the desired
size and retry with maximum size in case that fails. Hence calculating
the available size in the script can be dropped which works around the
problem.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-17 15:15:42 +00:00
Stijn Tintel
add7884cd0 libnetfilter-conntrack: bump to 1.0.9
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2022-02-17 13:59:44 +02:00
Felix Fietkau
5a0975f7ef mt76: update to the latest version
ddd3c2f38b30 mt76: redefine mt76_for_each_q_rx to adapt mt7986 changes
7fa5229a4228 mt76: improve signal strength reporting
025a72cd2d24 mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU
8c765fd92d97 mt76: mt7615: introduce SAR support
799a15bb68f9 mt76: fix endianness errors in reverse_frag0_hdr_trans
c114919f0c08 mt76: mt7915: Fix channel state update error issue
93191a37e59a mt76: mt7915: fix potential memory leak of fw monitor packets
cde589b2efb7 mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts
6ef22f4dc4e4 mt76: mt7915: add support for MT7986
7f1818cd8f2d mt76: mt7915: introduce band_idx in mt7915_phy
1d57a0d506db mt76: mt7915: initialize smps mode in mt7915_mcu_sta_rate_ctrl_tlv()
1f2a4816a3de mt76: mt7615: fix compiler warning on frame size
d60f335e785b mt76: mt7915: fix endianness warnings in mt7915_debugfs_rx_fw_monitor
d0ab636cb61c mt76: mt7915: fix endianness warnings in mt7915_mac_tx_free()
9d9bd7b3c48c mt76: connac: adjust wlan_idx size from u8 to u16
be1091f1172d mt76: mt7615: Fix assigning negative values to unsigned variable
d4fc42889a30 mt76: mt7915: check band idx for bcc event
98ee3e2889ea mt76: mt7915: fix logic error and remove the unused member of mt7915_dev
bbbbafb67bac mt76: mt7915: fix compiler warning
abd80cf68db1 mt76: mt7915: fix the muru tlv issue
a050c14b5631 mt76: mt7915: use min_t() to make code cleaner
9fee8f3736eb mt76: mt7915e: Fix degraded performance after temporary overheat
f2e1a62cf0d0 mt76: mt7915e: Add a hwmon attribute to get the actual throttle state.
c67df0d3130a mt76: mt7915e: Enable thermal management by default

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-15 15:18:22 +01:00
Felix Fietkau
eae0dbf68c mac80211: fix traffic stalls on forwarded mesh packets due to wrong AC selection
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-15 15:17:01 +01:00
Daniel Golle
5205010a54
procd: simplify uxc init script
'uxc boot' is inteded to be called multiple times, so there is not need
to guard the first call on boot -- the actual code anyway didn't do
that, so just remove it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-13 23:31:27 +00:00
Hauke Mehrtens
8f5875c4e2 tcpdump: Fix CVE-2018-16301
This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-12 23:22:05 +01:00
Felix Fietkau
2fd208e272 mac80211: fix rekey failure in drivers with 802.3 decap offload
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-12 23:03:51 +01:00
Jo-Philipp Wich
0d1220acdf firewall4: update to latest Git HEAD
53caa1a fw4: resolve zone layer 2 devices for hw flow offloading
9fe58f5 fw4: rework and fix family inheritance logic
8795296 tests: mocklib: fix infinite recursion in wrapped print()
281b1bc tests: change mocked wan interface type to PPPoE
93b710d tests: mocklib: forward compatibility change
1a94915 fw4: only stage reflection rules if all required addrs are known
5c21714 fw4: add device iifname/oifname matches to DSCP and MARK rules
3eacc97 tests: adjust 01_ruleset test case to latest changes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-12 20:51:22 +01:00
Jo-Philipp Wich
4aea6d231b ucode: update to latest Git HEAD
a29bad9 compiler: fix patchlist corruption on switch statement syntax errors
86f0662 lib: change `ord()` to always return single byte value
116a8ce vallist: fix storing/retrieving short strings with 8bit byte value

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-12 20:51:22 +01:00
Felix Fietkau
8072bf3322 qosify: update to the latest version
e230e71e0a12 map: fix copy-paste error in codepoints map
580d2ccf89f3 bpf: declare tcp_ports/udp_ports without typedef
8d6c19a81f3f ubus: fix a use-after-free bug

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-10 21:08:09 +01:00
Jo-Philipp Wich
1847382456 ucode: update to latest Git HEAD
a317c17 compiler: fix incorrect loop break targets

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-08 23:46:21 +01:00
Leonardo Mörlein
5406684087 wireguard-tools: allow generating private_key
When the uci configuration is created automatically during a very early
stage, where no entropy daemon is set up, generating the key directly is
not an option. Therefore we allow to set the private_key to "generate"
and generate the private key directly before the interface is taken up.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
Tested-by: Jan-Niklas Burfeind <git@aiyionpri.me>
2022-02-08 12:52:14 +01:00
David Bauer
04ed224543 hostapd: refresh patches
Refresh patches after updating to hostapd v2.10.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-02-08 00:21:41 +01:00
David Bauer
adb8c09a83 hostapd: update to v2.10
Upstreamed patches:
020-mesh-make-forwarding-configurable.patch
e6db1bc5da3fd7d5f4dba24aa102543b4749912f
550-WNM-allow-specifying-dialog-token.patch
979f19716539362f8ce60a77bf1b88fdcf5ba8e5
720-ACS-fix-channel-100-frequency.patch
2341585c349231af00cdef8d51458df01bc6965f
741-proxyarp-fix-compilation-with-Hotspot-2.0-disabled.patch
08bdf4f90de61a84ed8f4dd918272dd9d36e2e1f

Compile-tested: wpad-wolfssl hostapd-openssl
Run-tested: ath79-generic

Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-08 00:21:27 +01:00
Jo-Philipp Wich
ae75541594 firewall4: update to latest Git HEAD
a0518b6 fw4: gracefully handle unsupported hardware offloading
ac99eba init: fix boot action in init script

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 23:36:06 +01:00
Felix Fietkau
46e0eeb760 hostapd: automatically calculate channel center freq on chan_switch
Simplifies switching to different channels when on >= VHT80

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-07 17:01:18 +01:00
Jo-Philipp Wich
07eccc29ab rpcd: update to latest Git HEAD
909f2a0 ucode: adjust to latest ucode api
4c532bf ucode: add ucode interpreter plugin
9c6ba38 treewide: adjust ubus object type names
75a96dc build: honour CMake install prefix in hardcoded paths

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:37 +01:00
Jo-Philipp Wich
881a059977 uhttpd: update to latest Git HEAD
2f8b136 main: fix leaking -p/-s argument values
881fd3b ucode: adjust to latest ucode api
8b2868e file: specify UTF-8 as charset for dirlists, add option to override
3a5bd84 main: add ucode options to help text
16aa142 examples: add ucode handler example
3ceccd0 ucode: add ucode plugin support
f0f1406 examples: add example Lua handler script
9e87095 listen: avoid invalid memory access

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Jo-Philipp Wich
2dd6777f15 firewall4: update to latest Git HEAD
b54f462 fw4: parse traffic rules before forwarding rules
4d5af8b fw4: consolidate helper code
300c737 fw4: fix applying zone family restrictions to forwardings
eb9c25a tests: implement fs.opendir() mock interface
d30ff48 tests: fix mocked fs.popen() trace log
52831a0 fw4: improve flowtable handling
7cb10c8 fw4: disable "flow_offloading_hw" option for now
b2241a1 fw4: fix enabling NAT reflection rules for DNATs without explicit family

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Jo-Philipp Wich
134c88c689 ucode: update to latest Git HEAD
11adf0c source: convert source objects into proper uc_value_t type
3a49192 treewide: rework function memory model
7edad5c tests: add functional tests for builtin functions
d5003fd lib: fix leaking tokener in uc_json() on parse exception
5d0ecd9 lib: fix infinite loop on empty regexp matches in uc_replace()
3ad57f1 lib: fix infinite loop on empty regexp matches in uc_match()
32d596d lib: fix infinite loop on empty regexp matches in uc_split()
3e3f38d vm: ensure consistent trace output between gcc and clang compiled ucode
3600ded vm: fix leaking function value on call exception
3059295 vm: NULL-initialize pointer to make cppcheck happy
98e59bf source: zero-initialize conversion union to make cppcheck happy
7a65c14 run_tests.sh: change workdir to testcase directory during execution
afec8d7 run_tests.sh: support placing supplemental testcase files
3ada6e0 run_tests.sh: always treat outputs as text data
2cb627f program: rename bytecode load/write functions, track path of executed file
1094ffa lib: fix memory leak in uc_require_ucode()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Jo-Philipp Wich
3b1692c463 netifd: update to latest Git HEAD
fd4c9e1 system-linux: expose hw-tc-offload ethtool feature in device status dump
3d76f2e system-linux: add wrapper function for creating link config messages
88af2f1 system-linux: delete bridge devices using netlink
85c3548 system-linux: create bridge devices using netlink

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Raymond Wang
3343ca7e68 ramips: add support for Xiaomi Mi Router CR660x series
Xiaomi Mi Router CR6606 is a Wi-Fi6 AX1800 Router with 4 GbE Ports.
Alongside the general model, it has three carrier customized models:
CR6606 (China Unicom), CR6608 (China Mobile), CR6609 (China Telecom)

Specifications:
- SoC: MediaTek MT7621AT
- RAM: 256MB DDR3 (ESMT M15T2G16128A)
- Flash: 128MB NAND (ESMT F59L1G81MB)
- Ethernet: 1000Base-T x4 (MT7530 SoC)
- WLAN: 2x2 2.4GHz 574Mbps + 2x2 5GHz 1201Mbps (MT7905DAN + MT7975DN)
- LEDs: System (Blue, Yellow), Internet (Blue, Yellow)
- Buttons: Reset, WPS
- UART: through-hole on PCB ([VCC 3.3v](RX)(GND)(TX) 115200, 8n1)
- Power: 12VDC, 1A

Jailbreak Notes:
1. Get shell access.
   1.1. Get yourself a wireless router that runs OpenWrt already.
   1.2. On the OpenWrt router:
      1.2.1. Access its console.
      1.2.2. Create and edit
             /usr/lib/lua/luci/controller/admin/xqsystem.lua
             with the following code (exclude backquotes and line no.):
```
     1  module("luci.controller.admin.xqsystem", package.seeall)
     2
     3  function index()
     4      local page   = node("api")
     5      page.target  = firstchild()
     6      page.title   = ("")
     7      page.order   = 100
     8      page.index = true
     9      page   = node("api","xqsystem")
    10      page.target  = firstchild()
    11      page.title   = ("")
    12      page.order   = 100
    13      page.index = true
    14      entry({"api", "xqsystem", "token"}, call("getToken"), (""),
103, 0x08)
    15  end
    16
    17  local LuciHttp = require("luci.http")
    18
    19  function getToken()
    20      local result = {}
    21      result["code"] = 0
    22      result["token"] = "; nvram set ssh_en=1; nvram commit; sed -i
's/channel=.*/channel=\"debug\"/g' /etc/init.d/dropbear; /etc/init.d/drop
bear start;"
    23      LuciHttp.write_json(result)
    24  end
```
      1.2.3. Browse http://{OWRT_ADDR}/cgi-bin/luci/api/xqsystem/token
             It should give you a respond like this:
             {"code":0,"token":"; nvram set ssh_en=1; nvram commit; ..."}
             If so, continue; Otherwise, check the file, reboot the rout-
             er, try again.
      1.2.4. Set wireless network interface's IP to 169.254.31.1, turn
             off DHCP of wireless interface's zone.
      1.2.5. Connect to the router wirelessly, manually set your access
             device's IP to 169.254.31.3, make sure
             http://169.254.31.1/cgi-bin/luci/api/xqsystem/token
             still have a similar result as 1.2.3 shows.
   1.3. On the Xiaomi CR660x:
        1.3.1. Login to the web interface. Your would be directed to a
               page with URL like this:
               http://{ROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/web/home#r-
               outer
        1.3.2. Browse this URL with {STOK} from 1.3.1, {WIFI_NAME}
               {PASSWORD} be your OpenWrt router's SSID and password:
               http://{MIROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/api/misy-
               stem/extendwifi_connect?ssid={WIFI_NAME}&password={PASSWO-
               RD}
               It should return 0.
        1.3.3. Browse this URL with {STOK} from 1.3.1:
               http://{MIROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/api/xqsy-
               stem/oneclick_get_remote_token?username=xxx&password=xxx&-
               nonce=xxx
   1.4. Before rebooting, you can now access your CR660x via SSH.
        For CR6606, you can calculate your root password by this project:
        https://github.com/wfjsw/xiaoqiang-root-password, or at
        https://www.oxygen7.cn/miwifi.
        The root password for carrier-specific models should be the admi-
        nistration password or the default login password on the label.
        It is also feasible to change the root password at the same time
        by modifying the script from step 1.2.2.
        You can treat OpenWrt Router however you like from this point as
        long as you don't mind go through this again if you have to expl-
        oit it again. If you do have to and left your OpenWrt router unt-
        ouched, start from 1.3.
2. There's no official binary firmware available, and if you lose the
   content of your flash, no one except Xiaomi can help you.
   Dump these partitions in case you need them:
   "Bootloader" "Nvram" "Bdata" "crash" "crash_log"
   "firmware" "firmware1" "overlay" "obr"
   Find the corespond block device from /proc/mtd
   Read from read-only block device to avoid misoperation.
   It's recommended to use /tmp/syslogbackup/ as destination, since files
   would be available at http://{ROUTER_ADDR}/backup/log/YOUR_DUMP
   Keep an eye on memory usage though.
3. Since UART access is locked ootb, you should get UART access by modify
   uboot env. Otherwise, your router may become bricked.
   Excute these in stock firmware shell:
    a. nvram set boot_wait=on
    b. nvram set bootdelay=3
    c. nvram commit
   Or in OpenWrt:
    a. opkg update && opkg install kmod-mtd-rw
    b. insmod mtd-rw i_want_a_brick=1
    c. fw_setenv boot_wait on
    d. fw_setenv bootdelay 3
    e. rmmod mtd-rw

Migrate to OpenWrt:
 1. Transfer squashfs-firmware.bin to the router.
 2. nvram set flag_try_sys1_failed=0
 3. nvram set flag_try_sys2_failed=1
 4. nvram commit
 5. mtd -r write /path/to/image/squashfs-firmware.bin firmware

Additional Info:
 1. CR660x series routers has a different nand layout compared to other
    Xiaomi nand devices.
 2. This router has a relatively fresh uboot (2018.09) compared to other
    Xiaomi devices, and it is capable of booting fit image firmware.
    Unfortunately, no successful attempt of booting OpenWrt fit image
    were made so far. The cause is still yet to be known. For now, we use
    legacy image instead.

Signed-off-by: Raymond Wang <infiwang@pm.me>
2022-02-07 00:03:27 +01:00
Wenli Looi
c32008a37b ath79: add partial support for Netgear EX7300v2
Hardware
--------
SoC: QCN5502
Flash: 16 MiB
RAM: 128 MiB
Ethernet: 1 gigabit port
Wireless No1: QCN5502 on-chip 2.4GHz 4x4
Wireless No2: QCA9984 pcie 5GHz 4x4
USB: none

Installation
------------
Flash the factory image using the stock web interface or TFTP the
factory image to the bootloader.

What works
----------
- LEDs
- Ethernet port
- 5GHz wifi (QCA9984 pcie)

What doesn't work
-----------------
- 2.4GHz wifi (QCN5502 on-chip)
  (I was not able to make this work, probably because ath9k requires
  some changes to support QCN5502.)

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2022-02-07 00:03:27 +01:00
Rosen Penev
7994461a5a base-files: replace fgrep with grep -F
fgrep is deprecated and replaced by grep -F. The latter is used
throughout the tree whereas this is the only usage of the former.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-06 23:09:15 +01:00
Ansuel Smith
4d904524ef kernel: bpf-headers: fix build error when testing kernel is used
Now that we have separate files for each kernel version,
only the version/hash for the target kernel are available.
This cause a missing hash error (and wrong kernel version) for
bpf-headers when a testing kernel version is used for the current target.

Fix this error by manually including the kernel version/hash file for the
specific kernel version requested.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2022-02-06 12:43:57 +01:00
Stijn Tintel
2c929f8105 util-linux: package ipcs command
Add a package for util-linux' ipcs command, to show information about
System V inter-process communication facilities.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-05 17:48:56 +02:00
Lech Perczak
8c78a13bfc ath79: support ZTE MF286
ZTE MF286 is an indoor LTE category 6 CPE router with simultaneous
dual-band 802.11ac plus 802.11n Wi-Fi radios and quad-port gigabit
Ethernet switch, FXS and external USB 2.0 port.

Hardware highlights:
- CPU: QCA9563 SoC at 775MHz,
- RAM: 128MB DDR2,
- NOR Flash: MX25L1606E 2MB SPI Flash, for U-boot only,
- NAND Flash: GD5F1G04UBYIG 128MB SPI NAND-Flash, for all other data,
- Wi-Fi 5GHz: QCA9882 2x2 MIMO 802.11ac radio,
- WI-Fi 2.4GHz: QCA9563 3x3 MIMO 802.11n radio,
- Switch: QCA8337v2 4-port gigabit Ethernet, with single SGMII CPU port,
- WWAN: MDM9230-based category 6 internal LTE modem in extended
  mini-PCIE form factor, with 3 internal antennas and 2 external antenna
  connections, single mini-SIM slot. Modem model identified as MF270,
- FXS: one external ATA port (handled entirely by modem part) with two
  physical connections in parallel,
- USB: Single external USB 2.0 port,
- Switches: power switch, WPS, Wi-Fi and reset buttons,
- LEDs: Wi-Fi, Test (internal). Rest of LEDs (Phone, WWAN, Battery,
  Signal state) handled entirely by modem. 4 link status LEDs handled by
  the switch on the backside.
- Battery: 3Ah 1-cell Li-Ion replaceable battery, with charging and
  monitoring handled by modem.
- Label MAC device: eth0

Console connection: connector X2 is the console port, with the following
pinout, starting from pin 1, which is the topmost pin when the board is
upright:
- VCC (3.3V). Do not use unless you need to source power for the
  converer from it.
- TX
- RX
- GND
Default port configuration in U-boot as well as in stock firmware is
115200-8-N-1.

Installation:
Due to different flash layout from stock firmware, sysupgrade from
within stock firmware is impossible, despite it's based on QSDK which
itself is based on OpenWrt.

STEP 0: Stock firmware update:
As installing OpenWrt cuts you off from official firmware updates for
the modem part, it is recommended to update the stock firmware to latest
version before installation, to have built-in modem at the latest firmware
version.

STEP 1: gaining root shell:

Method 1:
This works if busybox has telnetd compiled in the binary.
If this does not work, try method 2.

Using well-known exploit to start telnetd on your router - works
only if Busybox on stock firmware has telnetd included:
- Open stock firmware web interface
- Navigate to "URL filtering" section by going to "Advanced settings",
  then "Firewall" and finally "URL filter".
- Add an entry ending with "&&telnetd&&", for example
  "http://hostname/&&telnetd&&".
- telnetd will immediately listen on port 4719.
- After connecting to telnetd use "admin/admin" as credentials.

Method 2:
This works if busybox does not have telnetd compiled in. Notably, this
is the case in DNA.fi firmware.
If this does not work, try method 3.

- Set IP of your computer to 192.168.1.22.
- Have a TFTP server running at that address
- Download MIPS build of busybox including telnetd, for example from:
  https://busybox.net/downloads/binaries/1.21.1/busybox-mips
  and put it in it's root directory. Rename it as "telnetd".
- As previously, login to router's web UI and navigate to "URL
  filtering"
- Using "Inspect" feature, extend "maxlength" property of the input
  field named "addURLFilter", so it looks like this:
  <input type="text" name="addURLFilter" id="addURLFilter" maxlength="332"
    class="required form-control">
- Stay on the page - do not navigate anywhere
- Enter "http://aa&zte_debug.sh 192.168.1.22 telnetd" as a filter.
- Save the settings. This will download the telnetd binary over tftp and
  execute it. You should be able to log in at port 23, using
  "admin/admin" as credentials.

Method 3:
If the above doesn't work, use the serial console - it exposes root shell
directly without need for login. Some stock firmwares, notably one from
finnish DNA operator lack telnetd in their builds.

STEP 2: Backing up original software:
As the stock firmware may be customized by the carrier and is not
officially available in the Internet, IT IS IMPERATIVE to back up the
stock firmware, if you ever plan to returning to stock firmware.

Method 1: after booting OpenWrt initramfs image via TFTP:
PLEASE NOTE: YOU CANNOT DO THIS IF USING INTERMEDIATE FIRMWARE FOR INSTALLATION.
- Dump stock firmware located on stock kernel and ubi partitions:

  ssh root@192.168.1.1: cat /dev/mtd4 > mtd4_kernel.bin
  ssh root@192.168.1.1: cat /dev/mtd8 > mtd8_ubi.bin

And keep them in a safe place, should a restore be needed in future.

Method 2: using stock firmware:
- Connect an external USB drive formatted with FAT or ext4 to the USB
  port.
- The drive will be auto-mounted to /var/usb_disk
- Check the flash layout of the device:

  cat /proc/mtd

  It should show the following:
  mtd0: 00080000 00010000 "uboot"
  mtd1: 00020000 00010000 "uboot-env"
  mtd2: 00140000 00020000 "fota-flag"
  mtd3: 00140000 00020000 "caldata"
  mtd4: 00140000 00020000 "mac"
  mtd5: 00600000 00020000 "cfg-param"
  mtd6: 00140000 00020000 "oops"
  mtd7: 00800000 00020000 "web"
  mtd8: 00300000 00020000 "kernel"
  mtd9: 01f00000 00020000 "rootfs"
  mtd10: 01900000 00020000 "data"
  mtd11: 03200000 00020000 "fota"

  Differences might indicate that this is NOT a vanilla MF286 device but
  one of its later derivatives.
- Copy over all MTD partitions, for example by executing the following:

  for i in 0 1 2 3 4 5 6 7 8 9 10 11; do cat /dev/mtd$i > \
  /var/usb_disk/mtd$i; done

- If the count of MTD partitions is different, this might indicate that
  this is not a standard MF286 device, but one of its later derivatives.
- (optionally) rename the files according to MTD partition names from
  /proc/mtd
- Unmount the filesystem:

  umount /var/usb_disk; sync

  and then remove the drive.
- Store the files in safe place if you ever plan to return to stock
  firmware. This is especially important, because stock firmware for
  this device is not available officially, and is usually customized by
  the mobile providers.

STEP 3: Booting initramfs image:

Method 1: using serial console (RECOMMENDED):
- Have TFTP server running, exposing the OpenWrt initramfs image, and
  set your computer's IP address as 192.168.1.22. This is the default
  expected by U-boot. You may wish to change that, and alter later
  commands accordingly.
- Connect the serial console if you haven't done so already,
- Interrupt boot sequence by pressing any key in U-boot when prompted
- Use the following commands to boot OpenWrt initramfs through TFTP:

  setenv serverip 192.168.1.22
  setenv ipaddr 192.168.1.1
  tftpboot 0x81000000 openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin
  bootm 0x81000000

  (Replace server IP and router IP as needed). There is no  emergency
  TFTP boot sequence triggered by buttons, contrary to MF283+.
- When OpenWrt initramfs finishes booting, proceed to actual
  installation.

Method 2: using initramfs image as temporary boot kernel
This exploits the fact, that kernel and rootfs MTD devices are
consecutive on NAND flash, so from within stock image, an initramfs can
be written to this area and booted by U-boot on next reboot, because it
uses "nboot" command which isn't limited by kernel partition size.
- Download the initramfs-kernel.bin image
- Split the image into two parts on 3MB partition size boundary, which
  is the size of kernel partition. Pad the output of second file to
  eraseblock size:

  dd if=openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin \
  bs=128k count=24 \
  of=openwrt-ath79-zte_mf286-intermediate-kernel.bin

  dd if=openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin \
  bs=128k skip=24 conv=sync \
  of=openwrt-ath79-zte_mf286-intermediate-rootfs.bin

- Copy over /usr/bin/flash_eraseall and /usr/bin/nandwrite utilities to
  /tmp. This is CRITICAL for installation, as erasing rootfs will cut
  you off from those tools on flash!

- After backing up the previous MTD contents, write the images to the
  respective MTD devices:

  /tmp/flash_eraseall /dev/<kernel-mtd>

  /tmp/nandwrite /dev/<kernel-mtd> \
  /var/usb_disk/openwrt-ath79-zte_mf286-intermediate-kernel.bin

  /tmp/flash_eraseall /dev/<kernel-mtd>

  /tmp/nandwrite /dev/<rootfs-mtd> \
  /var/usb_disk/openwrt-ath79-zte_mf286-intermediate-rootfs.bin

- Ensure that no bad blocks were present on the devices while writing.
  If they were present, you may need to vary the split  between
  kernel and rootfs parts, so U-boot reads a valid uImage after skipping
  the bad blocks. If it fails, you will be left with method 3 (below).
- If write is OK, reboot the device, it will reboot to OpenWrt
  initramfs:

  reboot -f

- After rebooting, SSH into the device and use sysupgrade to perform
  proper installation.

Method 3: using built-in TFTP recovery (LAST RESORT):
- With that method, ensure you have complete backup of system's NAND
  flash first. It involves deliberately erasing the kernel.
- Download "-initramfs-kernel.bin" image for the device.
- Prepare the recovery image by prepending 8MB of zeroes to the image,
  and name it root_uImage:

  dd if=/dev/zero of=padding.bin bs=8M count=1

  cat padding.bin openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin >
  root_uImage

- Set up a TFTP server at 192.0.0.1/8. Router will use random address
  from that range.
- Put the previously generated "root_uImage" into TFTP server root
  directory.
- Deliberately erase "kernel" partition" using stock firmware after
  taking backup. THIS IS POINT OF NO RETURN.
- Restart the device. U-boot will attempt flashing the recovery
  initramfs image, which will let you perform actual installation using
  sysupgrade. This might take a considerable time, sometimes the router
  doesn't establish Ethernet link properly right after booting. Be
  patient.
- After U-boot finishes flashing, the LEDs of switch ports will all
  light up. At this moment, perform power-on reset, and wait for OpenWrt
  initramfs to finish booting. Then proceed to actual installation.

STEP 4: Actual installation:
- scp the sysupgrade image to the device:

  scp openwrt-ath79-nand-zte_mf286-squashfs-sysupgrade.bin \
  root@192.168.1.1:/tmp/

- ssh into the device and execute sysupgrade:

  sysupgrade -n /tmp/openwrt-ath79-nand-zte_mf286-squashfs-sysupgrade.bin

- Wait for router to reboot to full OpenWrt.

STEP 5: WAN connection establishment
Since the router is equipped with LTE modem as its main WAN interface, it
might be useful to connect to the Internet right away after
installation. To do so, please put the following entries in
/etc/config/network, replacing the specific configuration entries with
one needed for your ISP:

config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option auth '<auth>' # As required, usually 'none'
        option pincode '<pin>' # If required by SIM
        option apn '<apn>' # As required by ISP
        option pdptype '<pdp>' # Typically 'ipv4', or 'ipv4v6' or 'ipv6'

For example, the following works for most polish ISPs
config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option auth 'none'
        option apn 'internet'
        option pdptype 'ipv4'

If you have build with LuCI, installing luci-proto-qmi helps with this
task.

Restoring the stock firmware:

Preparation:
If you took your backup using stock firmware, you will need to
reassemble the partitions into images to be restored onto the flash. The
layout might differ from ISP to ISP, this example is based on generic stock
firmware.
The only partitions you really care about are "web", "kernel", and
"rootfs". For easy padding and possibly restoring configuration, you can
concatenate most of them into images written into "ubi" meta-partition
in OpenWrt. To do so, execute something like:

cat mtd5_cfg-param.bin mtd6-oops.bin mtd7-web.bin mtd9-rootfs.bin > \
mtd8-ubi_restore.bin

You can skip the "fota" partition altogether,
it is used only for stock firmware update purposes and can be overwritten
safely anyway. The same is true for "data" partition which on my device
was found to be unused at all. Restoring mtd5_cfg-param.bin will restore
the stock firmware configuration you had before.

Method 1: Using initramfs:
- Boot to initramfs as in step 3:
- Completely detach ubi0 partition using ubidetach /dev/ubi0_0
- Look up the kernel and ubi partitions in /proc/mtd
- Copy over the stock kernel image using scp to /tmp
- Erase kernel and restore stock kernel:
  (scp mtd4_kernel.bin root@192.168.1.1:/tmp/)
  mtd write <kernel_mtd> mtd4_kernel.bin
  rm mtd4_kernel.bin
- Copy over the stock partition backups one-by-one using scp to /tmp, and
  restore them individually. Otherwise you might run out of space in
  tmpfs:

  (scp mtd3_ubiconcat0.bin root@192.168.1.1:/tmp/)

  mtd write <ubiconcat0_mtd> mtd3_ubiconcat0.bin
  rm mtd3_ubiconcat0.bin

  (scp mtd5_ubiconcat1.bin root@192.168.1.1:/tmp/)

  mtd write <ubiconcat1_mtd> mtd5_ubiconcat1.bin
  rm mtd5_ubiconcat1.bin

- If the write was correct, force a device reboot with

  reboot -f

Method 2: Using live OpenWrt system (NOT RECOMMENDED):
- Prepare a USB flash drive contatining MTD backup files
- Ensure you have kmod-usb-storage and filesystem driver installed for
  your drive
- Mount your flash drive

  mkdir /tmp/usb

  mount /dev/sda1 /tmp/usb

- Remount your UBI volume at /overlay to R/O

  mount -o remount,ro /overlay

- Write back the kernel and ubi partitions from USB drive

  cd /tmp/usb
  mtd write mtd4_kernel.bin /dev/<kernel_mtd>

  mtd write mtd8_ubi.bin /dev/<kernel_ubi>

- If everything went well, force a device reboot with
  reboot -f

Last image may be truncated a bit due to lack of space in RAM, but this will happen over "fota"
MTD partition which may be safely erased after reboot anyway.

Method 3: using built-in TFTP recovery (LAST RESORT):
- Assemble a recovery rootfs image from backup of stock partitions by
  concatenating "web", "kernel", "rootfs" images dumped from the device,
  as "root_uImage"
- Use it in place of "root_uImage" recovery initramfs image as in the
  TFTP pre-installation method.

Quirks and known issues
- Kernel partition size is increased to 4MB compared to stock 3MB, to
  accomodate future kernel updates - at this moment OpenWrt 5.10 kernel
  image is at 2.5MB which is dangerously close to the limit. This has no
  effect on booting the system - but keep that in mind when reassembling
  an image to restore stock firmware.
- uqmi seems to be unable to change APN manually, so please use the one
  you used before in stock firmware first. If you need to change it,
  please use protocok '3g' to establish connection once, or use the
  following command to change APN (and optionally IP type) manually:
  echo -ne 'AT+CGDCONT=1,"IP","<apn>' > /dev/ttyUSB0
- The only usable LED as a "system LED" is the green debug LED hidden
  inside the case. All other LEDs are controlled by modem, on which the
  router part has some influence only on Wi-Fi LED.
- Wi-Fi LED currently doesn't work while under OpenWrt, despite having
  correct GPIO mapping. All other LEDs are controlled by modem,
  including this one in stock firmware. GPIO19, mapped there only acts
  as a gate, while the actual signal source seems to be 5GHz Wi-Fi
  radio, however it seems it is not the LED exposed by ath10k as
  ath10k-phy0.
- GPIO5 used for modem reset is a suicide switch, causing a hardware
  reset of whole board, not only the modem. It is attached to
  gpio-restart driver, to restart the modem on reboot as well, to ensure
  QMI connectivity after reboot, which tends to fail otherwise.
- Modem, as in MF283+, exposes root shell over ADB - while not needed
  for OpenWrt operation at all - have fun lurking around.
- MAC address shift for 5GHz Wi-Fi used in stock firmware is
  0x320000000000, which is impossible to encode in the device tree, so I
  took the liberty of using MAC address increment of 1 for it, to ensure
  different BSSID for both Wi-Fi interfaces.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-02-05 12:14:08 +01:00
Pawel Dembicki
a91ab8bc05 ipq40xx: add support for ZTE MF286D
ZTE MF286D is a LTE router with four gigabit ethernet ports
and integrated QMI mPCIE modem.

Hardware specification:

  - CPU: IPQ4019
  - RAM: 256MB
  - Flash: NAND 128MB + NOR 2MB
  - WLAN1:  Qualcomm Atheros QCA4019 2.4GHz 802.11bgn 2x2:2
  - WLAN2:  Qualcomm Atheros QCA4019 5GHz 802.11anac 2x2:2
  - LTE: mPCIe cat 12 card (Modem chipset MDM9250)
  - LAN: 4 Gigabit Ports
  - USB: 1x USB2.0 (regular port). 1x USB3.0 (mpcie - used by the modem)
  - Serial console: X8 connector 115200 8n1

Known issues:

  - Many LEDs are driven by the modem. Only internal LEDs and wifi LEDs
    are driven by cpu.
  - Wifi LED is triggered by phy0tpt only
  - No VoIP support
  - LAN1/WAN port is configured as WAN
  - ZTE gives only one MAC per device. Use +1/+2/+3 increment for WAN
    and WLAN0/1

Opening the case:

1. Take of battery lid (no battery support for this model, battery cage
   is dummy).
2. Unscrew screw placed behind battery lid.
3. Take off back cover. It attached with multiple plastic clamps.
4. Unscrew four more screws hidden behind back case.
5. Remove front panel from blue chassis. There are more plastic
   clamps.
6. Unscrew two boards, which secures the PCB in the chassis.
7. Extract board from blue chassis.

Console connection (X8 connector):

1. Parameters: 115200 8N1
2. Pin description: (from closest pin to X8 descriptor to farthest)
    - VCC (3.3V)
    - TX
    - RX
    - GND

Install Instructions:

Serial + initramfs:
1. Place OpenWrt initramfs image for the device on a TFTP in
   the server's root. This example uses Server IP: 192.168.1.3
2. Connect serial console (115200,8n1) to X8 connector.
3. Connect TFTP server to RJ-45 port.
4. Stop in u-Boot and run u-Boot commands:
	setenv serverip 192.168.1.3
	setenv ipaddr 192.168.1.72
	set fdt_high 0x85000000
	tftp openwrt-ipq40xx-generic-zte_mf286d-initramfs-fit-zImage.itb
	bootm $loadaddr
5. Please make backup of original partitions, if you think about revert
   to stock.
6. Login via ssh or serial and remove stock partitions:
	ubiattach -m 9
	ubirmvol /dev/ubi0 -N ubi_rootfs
	ubirmvol /dev/ubi0 -N ubi_rootfs_data
7. Install image via "sysupgrade -n".

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cosmetic changes to the commit message)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-05 00:44:35 +01:00
Christian Lamparter
c2630ac910 linux-firmware: qca99x0 update package
Kalle Valo ath10k-firmware repository no longer provides the
legacy board.bin files for the qca99x0 chips. Instead he
copied over the codeaurora version and add more board files.

In the future, this board-2.bin should find its way to
linux-firmware.git, which would allow us to remove the
extra download code completely.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-05 00:44:35 +01:00
Christian Lamparter
fcd5fd49c5 kernel: usb: remove left-over LINUX_5_10 dependency symbol
this should have been removed together with linux 5.4 APM821XX
support. Currently, this didn't hurt or broke something. But it
will in the next stable kernel release.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-04 21:13:15 +01:00
Felix Fietkau
8c1d5129ee bpf-headers: fix build error from within the SDK
The SDK does not ship the generic platform files. Use relative path for
GENERIC_PLATFORM_DIR to make it work. This points it at the files from
the feed directory instead of the base SDK path

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-04 12:51:48 +01:00
Sven Eckelmann
8a8b7b4234 om-watchdog: Drop unused package
All devices which used this package migrated to the kernel GPIO-line
watchdog driver and configure it over their DT.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2022-02-03 22:27:15 +01:00
Josef Schlehofer
d16bd89c71 uboot-mvebu: backport two patches for Marvell A38x
This solves issue with DDR training on Turris Omnia.

Log:
********   DRAM initialization Failed (res 0x1)   ********
DDR3 Training Sequence - FAILED
ERROR ### Please RESET the board ###

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-02-03 21:24:26 +01:00
Josef Schlehofer
5c804bc199 uboot-mvebu: Add U-boot for Turris Omnia
* Add U-boot support for Turris Omnia

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-02-03 21:24:26 +01:00
Josef Schlehofer
782d4c8306 uboot-mvebu: update to version 2022.01
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Tested-by: Andre Heider <a.heider@gmail.com> # ESPRESSObin
2022-02-03 21:24:26 +01:00
Felix Fietkau
e045e40671 mt76: update to the latest version
833b9d7fcf7f mt76: allow drivers to drop rx packets early
f703084f31cb mt76: mt7915: process txfree and txstatus without allocating skbs
047b9a9e78b3 mt76: mt7615: in debugfs queue stats, skip wmm index 3 on mt7663
fea36e02075c mt76: only kick tx queue if frames were queued
8381e54ebfb5 linux-firmware: update firmware for MT7921 WiFi device
d57dadb8c861 Revert "mt76: only kick tx queue if frames were queued"
3a21d6e2153b mt76: mt7663: disable 4addr capability
f1d66cf7a6c5 mt76: connac: fix possible NULL pointer dereference in mt76_connac_get_phy_mode_v2
c9a4146404d4 sync with upstream
4ed8c910b94e mt76: mt7921: fix possible resume failure
bf105aa6cd2f mt76: mt7921: fix network buffer leak by txs missing
e2b454b6fb30 mt76: connac: introduce MCU_EXT macros
5a87f5497c9b mt76: connac: align MCU_EXT definitions with 7915 driver
720ddc32507d mt76: connac: remove MCU_FW_PREFIX bit
da5128a59eda mt76: connac: introduce MCU_UNI_CMD macro
116109bee7cb mt76: connac: introduce MCU_CE_CMD macro
f96fbdf038d5 mt76: connac: rely on MCU_CMD macro
922f0d408413 mt76: mt7915: rely on mt76_connac definitions
b4ae1da1d1e0 mt76: mt7921: reduce log severity levels for informative messages
db105a722b87 mt76: mt7921s: make pm->suspended usage consistent
e2cc063238c0 mt76: mt7921s: fix suspend error with enlarging mcu timeout value
812b73f2f1e0 mt76: mt7915: introduce mt76_vif in mt7915_vif
b041a8a30055 mt76: mt7915: add mu-mimo and ofdma debugfs knobs
b851a3e7839d mt76: mt7921: remove dead definitions
266c7a9f2994 mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv
19cc7d83190c mt76: mt7921: clear pm->suspended in mt7921_mac_reset_work
928c4550e413 mt76: mt7921s: make pm->suspended usage consistent [update]
8d6c68a7d0d1 mt76: mt7921: fix possible resume failure [update]
26fb105e538c mt76: mt7921s: fix cmd timeout in throughput test
9db482264389 mt76: mt7921: fix build regression
3edb87cdf138 mt7915: formatting change to sync with upstream
5cad38ba247d mt76: mt7915: add mt7915_mmio_probe() as a common probing function
15f9f88b362a mt76: mt7915: refine register definition
de49cf43ef34 mt76: add MT_RXQ_MAIN_WA for mt7916
6032c35f1306 mt76: mt7915: rework dma.c to adapt mt7916 changes
074d7c5381ed mt76: mt7915: add firmware support for mt7916
27b3253318e7 mt76: mt7915: rework eeprom.c to adapt mt7916 changes
030540246088 mt76: mt7915: enlarge wcid size to 544
400129c69f91 mt76: mt7915: add txfree event v3
cbbb3f65fcd0 mt76: mt7915: update rx rate reporting for mt7916
eb51c4deef0e mt76: mt7915: update mt7915_chan_mib_offs for mt7916
fb4709222028 mt76: mt7915: add mt7916 calibrated data support
e758feeaf1d6 mt76: mt7915: add device id for mt7916
115ea27a5cab mt76: connac: fix sta_rec_wtbl tag len
b3f922266685 mt76: mt7915: rely on mt76_connac_mcu_alloc_sta_req
bac5eda1f5b2 mt76: mt7915: rely on mt76_connac_mcu_alloc_wtbl_req
b44485d5c8ac mt76: mt7915: rely on mt76_connac_mcu_add_tlv routine
9cc58e254d53 mt76: connac: move mt76_connac_mcu_get_cipher in common code
60dcd9f09ff6 mt76: connac: move mt76_connac_chan_bw in common code
a8d0b7d0cc60 mt76: mt7915: rely on mt76_connac_get_phy utilities
4441db30c1c1 mt76: connac: move mt76_connac_mcu_add_key in connac module
794b6f18d0fb mt76: mt7915: fix code defect
9d2a01b6cb60 mt76: set wlan_idx_hi on mt7916
2c89977b32c2 mt76: mt7915: fix kernel build warning
6c4874839830 mt76: make mt76_sar_capa static
215fdcc7ca6c mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode
bc254718b40e mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv
22fcff5ff21a mt76: sdio: lock sdio when it is needed
4669882aa595 mt76: mt7921s: clear MT76_STATE_MCU_RUNNING immediately after reset
944545855e0f mt76: mt7921s: update mt7921s_wfsys_reset sequence
854c8d076a34 mt76: mt7915: move pci specific code back to pci.c
a77da27796f2 mt76: mt7915: fix warning: variable 'base' is used uninitialized
7b5e69961c71 mt76: mt7915: fix warning: variable 'flags' set but not used
b5138e7b89f9 mt76: mt7921: fix a possible race enabling/disabling runtime-pm
af218fbe2500 linux-firmware: update firmware for MT7921 WiFi device
31c19c467950 mt76: mt7915: remove duplicated defs in mcu.h
9198eca1b16f mt76: connac: move mt76_connac_mcu_bss_omac_tlv in connac module
829d87a93a51 mt76: connac: move mt76_connac_mcu_bss_ext_tlv in connac module
50956cf17901 mt76: connac: move mt76_connac_mcu_bss_basic_tlv in connac module
bda40f4e1d5e mt76: mt7915: rely on mt76_connac_mcu_sta_ba_tlv
4728939c1d48 mt76: mt7915: rely on mt76_connac_mcu_wtbl_ba_tlv
e3ae1828068b mt76: mt7915: rely on mt76_connac_mcu_sta_ba
d9e9989eca07 mt76: mt7915: rely on mt76_connac_mcu_wtbl_generic_tlv
168713595fff mt76: mt7915: rely on mt76_connac_mcu_sta_basic_tlv
60394d3e3504 mt76: mt7915: rely on mt76_connac_mcu_sta_uapsd
3a79454d078d mt76: mt7915: rely on mt76_connac_mcu_wtbl_smps_tlv
9ae9aa6c1aea mt76: mt7915: rely on mt76_connac_mcu_wtbl_ht_tlv
fd8cdfab91e4 mt76: mt7915: rely on mt76_connac_mcu_wtbl_hdr_trans_tlv
a92024c5a5b5 mt76: connac: move mt76_connac_mcu_wtbl_update_hdr_trans in connac module
6dc585a3a274 mt76: connac: introduce is_connac_v1 utility routine
0f29d2aa5a72 mt76: connac: move mt76_connac_mcu_set_pm in connac module
dcf408ff8a5e mt76: mt7921: get rid of mt7921_mcu_get_eeprom
77b2a8601fc1 mt76: mt7915: rely on mt76_connac_mcu_start_firmware
65f78dee243a mt76: connac: move mt76_connac_mcu_restart in common module
5adf5b14040b mt76: mt7915: rely on mt76_connac_mcu_patch_sem_ctrl/mt76_connac_mcu_start_patch
69bf1dabe78f mt76: mt7915: rely on mt76_connac_mcu_init_download
951b1ddd370e mt76: connac: move mt76_connac_mcu_gen_dl_mode in mt76-connac module
0826b3992238 mt76: mt7915: rely on mt76_connac_mcu_set_rts_thresh
058de6d36fa9 mt76: connac: move mt76_connac_mcu_rdd_cmd in mt76-connac module
aafda86aed2b mt76: mt7921e: make dev->fw_assert usage consistent
def12bef91a3 mt76: mt7921: forbid the doze mode when coredump is in progress
009414d27d37 mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error
3c5856eca223 mt76: mt7921: set EDCA parameters with the MCU CE command
01a3d73b452e mt76: mt7615: fix a possible race enabling/disabling runtime-pm
123ed864d1ae mt76: mt7921e: process txfree and txstatus without allocating skbs
018f98abba68 mt76: connac: add support for passing the cipher field in bss_info
288e7443e35c mt76: mt7615: update bss_info with cipher after setting the group key
36e1577cb3d3 mt76: mt7915: update bss_info with cipher after setting the group key
d42590d8fcc8 mt76: make cipher in struct mt76_vif u8 instead of enum
11602b8505c6 mt76: mt7615e: process txfree and txstatus without allocating skbs
2ef775c10bd3 linux-firmware: add firmware for MT7916
976ea3879730 mt76: mt7915: add support for passing chip/firmware debug data to user space
d11bd7bd83f4 tools: add support for sending firmware debug data via udp
dc8e2e8dcd34 mt76: mt7921: do not always disable fw runtime-pm
7063127f852b mt76: mt7921: fix a leftover race in runtime-pm
f78f4334b0b2 mt76: mt7615: fix a leftover race in runtime-pm
f1f94d19c160 mt76: mt7915: fix ht mcs in mt7915_mac_add_txs_skb()
c2ff2f0d6d19 mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb()
3e7954a0b32e mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl
3c2cc9034376 mt76: mt7921e: fix possible probe failure after reboot
f7f6c6dcc6eb mt76: mt7921: fix crash when startup fails.
8656198c925b mt76: sdio: disable interrupt in mt76s_sdio_irq
6204d61ab821 mt76: mt7921: fix endianness issues in mt7921_mcu_set_tx()
68c5aa56f5f2 mt76: mt7921: toggle runtime-pm adding a monitor vif
541e4e8d3c3e mt76: mt7915: set bssinfo/starec command when adding interface
78770f741af9 mt76: mt7915: introduce mt7915_set_radar_background routine
93c03778f92e mt76: mt7915: enable radar trigger on rdd2
4c76a6c3a1f2 mt76: mt7915: introduce rdd_monitor debugfs node
5b94045f927e mt76: mt7915: report radar pattern if detected by rdd2
22094b27ff6a mt76: mt7915: enable radar background detection
4282ca57a143 mt76: connac: move mt76_connac_lmac_mapping in mt76-connac module
0f16c67657a2 mt76: mt7915: add missing DATA4_TB_SPTL_REUSE1 to mt7915_mac_decode_he_radiotap
9a16d33311a7 mt76: mt7921: remove duplicated code in mt7921_mac_decode_he_radiotap
639b55fdc95e mt76: mt7615: add support for LG LGSBWAC02 (MT7663BUN)
ebbd2717a16e mt76: mt7663s: flush runtime-pm queue after waking up the device
37c3bf2256de mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update
96959bd15eef mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update
4e42e55ce636 mt76: stop the radar detector after leaving dfs channel
8b32439d5a86 mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta
b4e6f0d6f15a mt76: mt7921s: fix a possible memory leak in mt7921_load_patch
15398f1e8385 mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs()
607eda6eb032 mt76: mt7915: update max_mpdu_size in mt7915_mcu_sta_amsdu_tlv()
69d20f2e6cb0 mt76: mt7915: fix the nss setting in bitrates
c3ffa536249a mt76: sdio: honor the largest Tx buffer the hardware can support
e3e3562f8fa0 mt76: mt7921s: run sleep mode by default
553200cf63fd firmware: update mt7662 firmware to version 2.3
20d1fed838b9 mt76x02: improve mac error check/reset reliability
9b2ac62d6f31 mt76: mt76x02: improve tx hang detection
fae295af31eb mt76: mt7915: fix/rewrite the dfs state handling logic
e0f9479bf893 mt76: mt7615: fix/rewrite the dfs state handling logic
822e1135e7e1 mt76: mt76x02: use mt76_phy_dfs_state to determine radar detector state
f8c0ed1e6bdf mt76: do not always copy ethhdr in reverse_frag0_hdr_trans
ab9b8078427a mt76: dma: initialize skip_unmap in mt76_dma_rx_fill

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Felix Fietkau
0b5a547ef0 mac80211: backport support for background radar detection
Will be used in an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Felix Fietkau
03ea0405a6 mac80211: backport MBSSID/EMA support patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Felix Fietkau
543ada64ed mac80211: reorganize patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Felix Fietkau
02b9b6872a mac80211: backport support for ndo_fill_forward_path
Will be used in an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Etienne Champetier
0e32c6baf3 iptables: add ip{,6}tables-legacy{,-restore,-save} symlinks
Now that we can have both legacy and nft iptables variants
installed at the same time, install the legacy symlinks

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
Etienne Champetier
3a5df36cf6 iptables: use ALTERNATIVES for ip(6)tables(-nft)
As nftables is now the default, ip(6)tables-nft gets higher priority

The removed symlinks ("$(CP)" line) will now be installed by the
ALTERNATIVES mechanism

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
Etienne Champetier
b0bd6599e8 iptables: rework ip(6)tables-nft dependencies
according to iptables-nft man page,
"These tools use the libxtables framework extensions and hook to the nf_tables
kernel subsystem using the nft_compat module."

This means that to work, iptables-nft needs the same modules as
iptables legacy except the ip(6)table-{filter,mangle,nat,raw}
ip_tables, ip6tables.
When those modules are loaded iptables-nft-save output contains
"# Warning: iptables-legacy tables present, use iptables-legacy-save to see them"
But as long as it's empty it should not be a problem.

To have nft properly display the rules created by ip(6)tables-nft we need
all iptables targets and matches to be built as extension and not built-in
(/usr/lib/iptables/libip(6)t_*.so)

When switching a package to iptables-nft, you need to keep the
iptables-mod-* dependencies

This patch does minimal changes:
- remove the direct iptables-nft -> iptables dependency
- and more important add nft-compat dependency

The rule
iptables-nft -A OUTPUT -d 8.8.8.8 -m comment --comment "aaa" -j REJECT
becomes
table ip filter {
	chain OUTPUT {
		type filter hook output priority filter; policy accept;
		ip daddr 8.8.8.8 # xt_comment counter packets 0 bytes 0 # xt_REJECT
	}
}

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
Etienne Champetier
1ebb8e3b6b netfilter: add kmod-nft-compat
This modules is required by iptables-nft

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-02 23:24:03 +01:00
Etienne Champetier
4e7ad15904 iptables: fix ip6tables-nft description
ip6tables-nft packages ip6tables* utils not iptables*

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-02 23:24:03 +01:00
Etienne Champetier
a5c8811c04 iptables: fix ip6tables-extra description
The define was referencing ip6tables-mod-extra instead of ip6tables-extra

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-02 23:24:03 +01:00
Daniel Golle
4367d4f869
uqmi: update to git HEAD
f254fc5 uqmi: add support for get operating mode

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-02 02:37:21 +00:00
Alar Aun
70eedac9b3 ipq40xx: add MikroTik cAP ac support
This adds support for the MikroTik RouterBOARD RBcAPGi-5acD2nD
(cAP ac), a  indoor dual band, dual-radio 802.11ac wireless AP, two
10/100/1000 Mbps Ethernet ports.

See https://mikrotik.com/product/cap_ac for more info.

Specifications:
 - SoC: Qualcomm Atheros IPQ4018
 - RAM: 128 MB
 - Storage: 16 MB NOR
 - Wireless:
   · Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, 2.5 dBi antennae
   · Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 2.5 dBi antennae
 - Ethernet: Built-in IPQ4018 (SoC, QCA8075) , 2x 1000/100/10 port,
   PoE in and passive PoE out

Unsupported:
 - PoE out

Installation:
Boot the initramfs image via TFTP and then flash the sysupgrade
image using "sysupgrade -n"

Signed-off-by: Alar Aun <alar.aun@gmail.com>
2022-02-01 23:18:58 +01:00
Sergey V. Lobanov
93d91197b9 wolfssl: update to 5.1.1-stable
Bump from 4.8.1-stable to 5.1.1-stable

Detailed release notes: https://github.com/wolfSSL/wolfssl/releases

Upstreamed patches:
001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch -
 fa8f23284d
002-Update-macro-guard-on-SHA256-transform-call.patch -
 f447e4c1fa

Refreshed patches:
100-disable-hardening-check.patch
200-ecc-rng.patch

CFLAG -DWOLFSSL_ALT_CERT_CHAINS replaced to --enable-altcertchains
configure option

The size of the ipk changed on aarch64 like this:
491341 libwolfssl4.8.1.31258522_4.8.1-stable-7_aarch64_cortex-a53.ipk
520322 libwolfssl5.1.1.31258522_5.1.1-stable-1_aarch64_cortex-a53.ipk

Tested-by: Alozxy <alozxy@users.noreply.github.com>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-02-01 23:18:01 +01:00
Marek Behún
45d541bb40 kernel: add kmod-vrf
Add option to compile kmod-vrf, support for Virtual Routing and
Forwarding (Lite).

This module depends on NET_L3_MASTER_DEV, which is a boolean kernel
option, so we need to create a configuration option also for this, and
make kmod-vrf depend on it.

Signed-off-by: Marek Behún <kabel@kernel.org>
2022-02-01 22:59:09 +01:00
Hauke Mehrtens
6cab21bd6d kernel: Make kmod-usb-net-lan78xx depend on kmod-of-mdio
kmod-usb-net-lan78xx depends on kmod-of-mdio when this package is
activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
8c1a84aada uboot-envtools: Update to version 2022.01
The sizes of the ipk changed on MIPS 24Kc like this:
13281 uboot-envtools_2021.01-54_mips_24kc.ipk
13308 uboot-envtools_2022.01-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
392609543d libcap: Update to version 2.63
The sizes of the ipk changed on MIPS 24Kc like this:
11248 libcap_2.51-1_mips_24kc.ipk
14461 libcap_2.63-1_mips_24kc.ipk

18864 libcap-bin_2.51-1_mips_24kc.ipk
20576 libcap-bin_2.63-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
8c2445a0e4 e2fsprogs: Update to version 1.46.5
The sizes of the ipk changed on MIPS 24Kc like this:
  8788 badblocks_1.45.6-2_mips_24kc.ipk
  8861 badblocks_1.46.5-1_mips_24kc.ipk

  3652 chattr_1.45.6-2_mips_24kc.ipk
  3657 chattr_1.46.5-1_mips_24kc.ipk

 58128 debugfs_1.45.6-2_mips_24kc.ipk
 60279 debugfs_1.46.5-1_mips_24kc.ipk

  8551 dumpe2fs_1.45.6-2_mips_24kc.ipk
  8567 dumpe2fs_1.46.5-1_mips_24kc.ipk

  4797 e2freefrag_1.45.6-2_mips_24kc.ipk
  4791 e2freefrag_1.46.5-1_mips_24kc.ipk

159790 e2fsprogs_1.45.6-2_mips_24kc.ipk
168212 e2fsprogs_1.46.5-1_mips_24kc.ipk

  7083 e4crypt_1.45.6-2_mips_24kc.ipk
  7134 e4crypt_1.46.5-1_mips_24kc.ipk

  5749 filefrag_1.45.6-2_mips_24kc.ipk
  6233 filefrag_1.46.5-1_mips_24kc.ipk

  4361 libcomerr0_1.45.6-2_mips_24kc.ipk
  4355 libcomerr0_1.46.5-1_mips_24kc.ipk

168040 libext2fs2_1.45.6-2_mips_24kc.ipk
174209 libext2fs2_1.46.5-1_mips_24kc.ipk

  8514 libss2_1.45.6-2_mips_24kc.ipk
  8613 libss2_1.46.5-1_mips_24kc.ipk

  3148 lsattr_1.45.6-2_mips_24kc.ipk
  3227 lsattr_1.46.5-1_mips_24kc.ipk

 22530 resize2fs_1.45.6-2_mips_24kc.ipk
 22909 resize2fs_1.46.5-1_mips_24kc.ipk

 33315 tune2fs_1.45.6-2_mips_24kc.ipk
 34511 tune2fs_1.46.5-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
18c6b99666 util-linux: Update to version 2.37.3
This release fixes two security mount(8) and umount(8) issues:

CVE-2021-3996
    Improper UID check in libmount allows an unprivileged user to unmount FUSE
    filesystems of users with similar UID.

CVE-2021-3995
    This issue is related to parsing the /proc/self/mountinfo file allows an
    unprivileged user to unmount other user's filesystems that are either
    world-writable themselves or mounted in a world-writable directory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
693d7c12e8 util-linux: Do not build raw any more.
The man page of the raw tool does not build because the disk-utils/raw.8
file is missing. It looks like it should be in the tar.xz file we
download, but it is missing.

We do not package the raw tool, so this is not a problem.

This fixes the following build error:
No rule to make target 'disk-utils/raw.8', needed by 'all-am'.  Stop.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
64866ba474 strace: Update to version 5.16
The sizes of the ipk changed on MIPS 24Kc like this:
289764 strace_5.14-1_mips_24kc.ipk
310899 strace_5.16-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
cec4614df8 ethtool: Update to version 5.16
795f420 cmis: Rename CMIS parsing functions
369b43a cmis: Initialize CMIS memory map
da16288 cmis: Use memory map during parsing
6acaeb9 cmis: Consolidate code between IOCTL and netlink paths
d7d15f7 sff-8636: Rename SFF-8636 parsing functions
4230597 sff-8636: Initialize SFF-8636 memory map
b74c040 sff-8636: Use memory map during parsing
799572f sff-8636: Consolidate code between IOCTL and netlink paths
9fdf45c sff-8079: Split SFF-8079 parsing function
2ccda25 netlink: eeprom: Export a function to request an EEPROM page
86792db cmis: Request specific pages for parsing in netlink path
6e2b32a sff-8636: Request specific pages for parsing in netlink path
c2170d4 sff-8079: Request specific pages for parsing in netlink path
9538f38 netlink: eeprom: Defer page requests to individual parsers
664586e Merge branch 'review/next/module-mem-map' into master
50fdaec ethtool: Set mask correctly for dumping advertised FEC modes
c5e7133 cable-test: Fix premature process termination
73091cd sff-8636: Use an SFF-8636 specific define for maximum number of channels
837c166 sff-common: Move OFFSET_TO_U16_PTR() to common header file
8658852 cmis: Initialize Page 02h in memory map
27b42a9 cmis: Initialize Banked Page 11h in memory map
340d88e cmis: Parse and print diagnostic information
eae6a99 cmis: Print Module State and Fault Cause
82012f2 cmis: Print Module-Level Controls
d7b1007 sff-8636: Print Power set and Power override bits
429f2fc Merge branch 'review/cmis-diag' into master
32457a9 monitor: do not show duplicate options in help text
c01963e Release version 5.16.

The sizes of the ipk changed on MIPS 24Kc like this:
34317 ethtool_5.15-1_mips_24kc.ipk
34311 ethtool_5.16-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
57f38e2c82 mbedtls: Update to version 2.16.12
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
  value when verifying a MAC or AEAD tag. This hardens the library in
  case the value leaks through a memory disclosure vulnerability. For
  example, a memory disclosure vulnerability could have allowed a
  man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
  mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
  (out of memory). After that, calling mbedtls_ssl_session_free()
  and mbedtls_ssl_free() would cause an internal session buffer to
  be free()'d twice. CVE-2021-44732

The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
5b96048de1 gdb: Update gdb to version 11.2
This is a minor corrective release over GDB 11.1, fixing the following issues:
* PR sim/28302 (gdb fails to build with glibc 2.34)
* PR build/28318 (std::thread support configure check does not use CXX_DIALECT)
* PR gdb/28405 (arm-none-eabi: internal-error: ptid_t remote_target::select_thread_for_ambiguous_stop_reply(const target_waitstatus*): Assertion `first_resumed_thread != nullptr' failed)
* PR tui/28483 ([gdb/tui] breakpoint creation not displayed)
* PR build/28555 (uclibc compile failure since commit 4655f8509fd44e6efabefa373650d9982ff37fd6)
* PR rust/28637 (Rust characters will be encoded using DW_ATE_UTF)
* PR gdb/28758 (GDB 11 doesn't work correctly on binaries with a SHT_RELR (.relr.dyn) section)
* PR gdb/28785 (Support SHT_RELR (.relr.dyn) section)

The sizes of the ipk changed on mips 24Kc like this:
2285775 gdb_11.1-3_mips_24kc.ipk
2287441 gdb_11.2-4_mips_24kc.ipk
191828 gdbserver_11.1-3_mips_24kc.ipk
191811 gdbserver_11.2-4_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Sungbo Eo
0c635cf830 linux-firmware: intel: add firmware for AX210
Add the most recent supported firmware file for Intel Wi-Fi 6E AX210
wireless chip. The API version 67 is not yet supported by the driver.
Additional PNVM file is required since API version 62.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-01-31 18:59:10 +00:00
Daniel Golle
b6a2cee4b7
ubox: fix broken deferred start of logfile writer
Just use 'start' action which will have the desired effect instead of
trying to introduce a 'start_file' action which didn't work that way
because procd jshn magic would have to wrap around it.

Fixes: 88baf6ce2c ("ubox: only start log to file when filesystem has been mounted")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-31 15:03:25 +00:00
Daniel Golle
5d110c0161
procd: seccomp/jail: Fix build error on arm with glibc
From: Peter Lundkvist <peter.lundkvist@gmail.com>

This fixes the make_syscall_h.sh script to recognize both
__NR_Linux, used by mips, and __NR_SYSCALL_BASE and
__ARM_NR_BASE used by arm.

Run-tested on arm (ipq806x) and mips (ath79), both with glibc.
Compile-tested and checked resulting syscall_names.h file wuth
glibc: aarch64, powerpc, x86_64, i486
musl: arm, mips

Fixes: FS#4194, FS#4195

Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-31 00:10:42 +00:00
Daniel Golle
88baf6ce2c
ubox: only start log to file when filesystem has been mounted
If log_file is on an filesystem mounted using /etc/config/fstab we have
to wait for that to happen before starting the logread process.
Inhibit the start of the file-writer process and use a mount trigger to
fire it up once the filesystem actually becomes available.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-30 20:19:37 +00:00
Daniel Golle
6d76ec3872
procd: support generic mount triggers and clean up
Allow init scripts to trigger free-form actions by exposing
procd_add_action_mount_trigger.
Clean up mount trigger wrappers while at it to reduce code duplication.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-30 20:16:25 +00:00
Roman Azarenko
5bd926efa9 util-linux: add lslocks
This change adds the "lslocks" utility from util-linux.

Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
2022-01-28 22:12:18 +01:00
Hauke Mehrtens
fcb29171bc arc770: Remove arc770 target
The arc700 target is not booting up since some time, see here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/issues/400

It looks like there is a problem in the toolchain when using glibc.

Currently no one is working on fixing this problem, remove the target
instead. This target also does not have many users we are aware of.

If someone wants to have this target back, feel free to add a fixed
version of this target again.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-01-28 21:58:24 +01:00
Jo-Philipp Wich
edb41fea66 firewall4: update to latest Git HEAD
16a1070 fw4.uc: handle zone masq6 option
5f61dbf ruleset: fix chain selection for mark and dscp targets
0bc844b ruleset: properly deal with wildcards in zone device selectors
101988d fw4: fix family comparisons
127dbc0 ruleset: emit AF specific rules for DSCP matches
d63cb89 fw4: fix parsing inverted numeric DSCP values
8c8a867 fw4: fix wrong `parse_network()` return value on `parse_subnet()` failure
f85bb2d ruleset: consolidate zone matches for raw_prerouting and raw_output chains
5669bc7 fw4: consolidate device grouping logic
94f03e0 ruleset: properly render redirect targets without port
fff9779 fw4: fix family selection logic for redirect rules
ca88fcd tests: update interface dump mock data
e60bb4b ruleset: support non-contiguous address masks
8fec51a fw4: fix potential crashes when parsing invalid redirect sections
c08eb44 fw4: fix redirect destination zone resolving
0df6ba0 fw4: fix address selection logic for DNAT reflection rules
60a2518 tests: add test coverage for redirect rules
e479eff fw4: add RFC-8622 'Least Effort' (LE) DSCP mark
ac8a737 ruleset: remove redundant syn check
bd5dc4b tests: run testcases in strict mode
3ee6a5c ruleset: fix undeclared variable access uncovered by strict mode

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-28 19:13:37 +01:00
Jo-Philipp Wich
0a29133b1f ucode: update to latest Git HEAD
c6dae42 LICENSE: add ISC license file
402f603 lib: introduce struct library
dcb6ffd struct: fix PowerPC specific compiler pragma name
a0512ea treewide: fix typo in exported function names and types
eaaaf88 nl80211: fix wiphy dump reply merge logic
e6efadb fs: add utility functions
54ef6c0 nl80211: fix premature netlink reply receive abort
07802f3 syntax: disallow keywords in object property shorthand notation
3489b75 vm: support object property access on resource value types
dc8027c types: consider resource prototypes when marking reachable objects
5680fab treewide: fix upvalue reference type name
0d29b25 treewide: fix "resource" misspellings
99fdafd vm: introduce value registry
66f7c00 ubus: add support for async requests
5c77dd5 fs: implement fdopen(), file.fileno() and proc.fileno()
b605dbf treewide: rework numeric value handling
599d233 vallist: store double values in a platform neutral manner
5bb9ab7 struct: reuse double packing routines from core
2fd7ab5 vm: optimize string concatenation
eafa321 lib: implement uniq() function
6b2e79a types: add initial infrastructure for function serialization
725bb75 compiler, vm: use a program wide constant list
6c2caf9 source: refactor source file handling
371ba45 program: implement support for precompiling source files
3578afe build: support building without compile capabilities
61d0a34 lib: replace usages of vasprintf() with xvasprintf()
03b6a8e syntax: drop legacy syntax support
01132db lib: fix %J string formats with precision specifier
3f44c42 lib: rework format string handling
a1b3c5d struct: implement `*` format, fix invalid memory accesses
34a04a2 run_tests.sh: fix exitcode evaluation
abe38e7 run_tests.sh: add ability to define environment variables for testcases
04fa2ba tests: reorganize testcase files
6a55d10 lib: fix exists() error return value
aa860a3 vm: fix `null` loose equality/inequality checks
3f6d199 vallist: uc_number_parse(): parse empty strings as `0`, not `NaN`
ddc5aa7 vm: fix NaN strict equality tests

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-28 19:13:37 +01:00
Florian Fainelli
17135ae091 perf: Depend on libbfd and libopcodes when enabled
bpftool will enabled libbfd and libopcodes which gets picked up by perf
as libraries to link against. Add those missing dependencies when either
of these packages are enabled.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2022-01-27 20:16:57 -08:00
Tiago Gaspar
ef4c97576b netfilter: correct some dependencies
nf-nathelper-extra and nf-conntrack-netlink had iptables related
dependencies, yet, when looking for the respective kernel symbols and
checking it's dependencies it was confirmed that iptables wasn't
required and that these were either it's own moodule or tool independent
(nftables or iptables).

Correct these and make sure no unneeded extras are pulled in.

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
2022-01-27 09:56:40 +01:00
Daniel Golle
145d896e0e
uboot-mediatek: update to version 2022.01
Tested on BananaPi R2 (SD, eMMC), BananaPi R64 (SD, eMMC, SPI-NAND) and
UniElec U7623-02 (eMMC).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 20:20:53 +00:00
Daniel Golle
31872a38be
uboot-envtools: add configuration for UniElec U7623 board
Add U-Boot env settings to allow accessing the environment using
fw_printenv and fw_setenv tools on the UniElec U7623 board.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 20:20:42 +00:00
Daniel Golle
213b406ae3
uboot-mediatek: update build for the U7623-02 board
Brings bootmenu and production/recovery dual-boot scheme like on
the BPi-R2, BPi-R64, E8450 and UniFi 6 LR.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 19:48:42 +00:00
Hans Dedecker
7edd10f9df netifd: update to git HEAD
ed71876 iprule: add support for uidrange

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-01-23 18:54:16 +01:00
Jo-Philipp Wich
3d3d03479d ucode: add temporary fix for integer formatting on 32bit systems
The ucode VM always passes 64bit integer values to sprintf implementation
while the `%d` format expects 32bit integers on 32bit platforms, leading
to incorrect formatting results.

Temporarily solve the issue by casting the numeric argument to int until
a more thorough fix arrives with the next update.

Fixes: FS#4234
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-23 00:57:58 +01:00
Hauke Mehrtens
6ae657e459 util-linux: Add taskset
This adds the taskset application from util Linux.
It is already built, but not packaged yet.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
2022-01-21 23:53:00 +01:00
Hauke Mehrtens
71bdff9139 ltq-vdsl-mei: Remove static linking
This removes -static compile option. The -static option tells GCC to
link this statically with the libc, which we do not want in OpenWrt. We
want to link everything dynamically to the libc. This fixes a compile
problem with glibc.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-01-21 23:09:24 +01:00
Matthew Hagan
46ce629fe0 ipip: add 'nohostroute' option
Add the nohostroute option as available for gre and wg tunnels to
allow the user to prevent explicit creation of a route to the peer
address.

Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
2022-01-19 20:57:59 +01:00
Hauke Mehrtens
e74529552c ustream-ssl: update to Git version 2022-01-16
868fd88 ustream-openssl: wolfSSL: Add compatibility for wolfssl >= 5.0

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-01-16 21:51:21 +01:00
Sven Eckelmann
8143709c90 ath79: Add support for OpenMesh OM2P v1
Device specifications:
======================

* Qualcomm/Atheros AR7240 rev 2
* 350/350/175 MHz (CPU/DDR/AHB)
* 32 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 1T1R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + 18-24V passive POE (mode B)
    + used as WAN interface
  - eth1
    + builtin switch port 4
    + used as LAN interface
* 12-24V 1A DC
* external antenna

The device itself requires the mtdparts from the uboot arguments to
properly boot the flashed image and to support dual-boot (primary +
recovery image). Unfortunately, the name of the mtd device in mtdparts is
still using the legacy name "ar7240-nor0" which must be supplied using the
Linux-specfic DT parameter linux,mtd-name to overwrite the generic name
"spi0.0".

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2022-01-16 21:42:19 +01:00
Nick Hainke
607f06f81c mtd-utils: update to 2.1.4
Changes from 2.1.3 to 2.1.4:

Features:
      - ubiscan debugging and statistics utility

Fixes:
      - Some mtd-tests erroneously using sub-pages instead of the full page size
      - Buffer overrun in fectest
      - Missing jffs2 kernel header in the last release, leading to build
        failures on some systems.

Changes from 2.1.2 to 2.1.3:

Features:
       flashcp: Add new function that copy only different blocks
       flash_erase: Add flash erase chip
       Add flash_otp_erase
       Add an ubifs mount helper
       Add nandflipbits tool

Fixes:
       mkfs.ubifs: Fix runtime assertions when running without crypto
       mtd-utils: Use AC_SYS_LARGEFILE
       Fix test binary installation
       libmtd: avoid divide by zero
       ubihealthd: fix UBIFS build dependency
       mkfs.ubifs: remove OPENSSL_no_config()
       misc-utils: Add fectest to build system
       mkfs.ubifs: Fix build with SELinux
       Fix typos found by Debian's lintian tool
       Fix jffs2 build if zlib or lzo headers are not in default paths

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-01-16 20:51:14 +01:00
Christian Lamparter
0a08d4faad kernel: add missing kmod+regmap-i2c dependency for NCT7802Y module
x86, mt7623 and others buildbot failed due to:
|Package kmod-hwmon-nct7802 is missing dependencies for the following libraries:
|regmap-core.ko
|regmap-i2c.ko

Fixes: 1ed50b92d1 ("package: kernel: add driver module for NCT7802Y")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-15 19:55:14 +01:00
Pawel Dembicki
9149ed4f05 mvebu: cortexa9: Add support for Ctera C200-V2
2-Bay NAS - maximum two 3.5" Harddisks

Hardware:
  - SoC: Marvell 88F6707-A1 ARMv7 Processor 1,2GHz (ARMADA 370 SoC)
  - Ram: 1GB (2x Nanya NT5CC512M8DN-D1)
  - NAND Flash: 256MB (ESMT F59L2G81A-25T)
  - Lan: 1x GBE (Marvell 88E1318-NNB2)
  - Storage: 2x SATA HDD 3.5" Slot
  - USB: 2x USB 3.0 port (Renesas uPD720202)
  - Console: Internal J3 connector (1: Vcc, 2: Rx, 3: Tx, 4: GND)
  - LEDs: 13x GPIO controlled
  - Buttons: 2x GPIO controlled

Known issues:
  - Buzzer is unused due lack of proper driver
  - USB1/2 usbport ledtrigger won't work (through DT)
  - Renesas uPD720202 requires firmware file. It's possible to find
    non-free binary. Please look for 'UPDATE.mem' file and put in into
    '/lib/firmware/renesas_usb_fw.mem' file.

Installation:
  - Apply factory initramfs image via stock web-gui.
  - Do sysupgrade to make installation complete.

Back to stock:
  - OpenWrt rootfs partition use unused space after stock firmware.
  - Full revert is possible.
  - Login via ssh and run:

 ## ctera_c200-v2_back_to_factory start ##
 . /lib/functions.sh
 part=$(find_mtd_part "active_bank")
 active_bank=$(strings "$part" | grep bank)
 if [ "$active_bank" = "bank1" ]; then
 	echo "bank2" > /tmp/change_bank
 else
 	echo "bank1" > /tmp/change_bank
 fi
 mtd write /tmp/change_bank active_bank
 reboot
 ## ctera_c200-v2_back_to_factory end ##

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(put back-to-stock script into commit message, removed dup. SUBPAGESIZE var,
added 01_leds for non-working dt-usb-port trigger)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-15 17:41:19 +01:00
Pawel Dembicki
1ed50b92d1 package: kernel: add driver module for NCT7802Y
This commit add package with hwmon-nct7802 module.

This driver implements support for the Nuvoton NCT7802Y hardware monitoring
chip. NCT7802Y supports 6 temperature sensors, 5 voltage sensors, and 3 fan
speed sensors.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(fixed c&p'ed module description)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-15 17:41:19 +01:00
Joshua Roys
51b9aef553 ipq40xx: add support for ASUS RT-ACRH17/RT-AC42U
SOC:	IPQ4019
CPU:	Quad-core ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
DRAM:	256 MB
NAND:	128 MiB Macronix MX30LF1G18AC
ETH:	Qualcomm Atheros QCA8075 Gigabit Switch (4x LAN, 1x WAN)
USB:	1x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1:	Qualcomm Atheros QCA4019 2.4GHz 802.11bgn 2x2:2
WLAN2:	Qualcomm Atheros QCA9984 5GHz 802.11nac 4x4:4
INPUT:	1x WPS, 1x Reset
LEDS:	Status, WIFI1, WIFI2, WAN (red & blue), 4x LAN

This board is very similar to the RT-ACRH13/RT-AC58U. It must be flashed
with an intermediary initramfs image, the jffs2 ubi volume deleted, and
then finally a sysupgrade with the final image performed.

Signed-off-by: Joshua Roys <roysjosh@gmail.com>
(added ALT0)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-15 17:21:01 +01:00
David Bauer
2a31e9ca97 hostapd: add op-class to get_status output
Include the current operation class to hostapd get_status interface.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-01-14 22:12:44 +01:00
Hans Dedecker
d9064c31ca netifd: update to git HEAD
3043206 system: fix compilation with glibc 2.34

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-01-14 21:46:29 +01:00
Paul Spooren
0637093e8c iptables: enable nftable support by default
OpenWrt plans to move over to firewall4 which uses nftables under the
hood. To allow a smooth migration the package `iptables-nft` offer a
transparent wrapper to apply iptables rules to nftables.

Without the config option for nftables the package isn't installed and
therefore can't be tested. This commit enabled it and therefore provides
the wrapper.

The size of the iptables package increases from 25436 to 26500 Bytes.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-01-14 00:42:28 +01:00
Hans Dedecker
7f2052ef22 netifd: update to git HEAD
96902e8 Revert "netifd: add devtype to ubus call"
29e6acf netifd: add devtype to ubus call
7ccbf08 netifd: add devtype to ubus call

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-01-12 21:14:29 +01:00
Daniel Golle
8c31f6bcab
procd: update to git HEAD
ca6c35c uxc: usage message cosmetics
 e083dd4 uxc: fix two minor issues reported by Coverity
 35dfbff procd: jail/cgroups: correctly enable "rdma" when requested
 3b3ac64 procd: mount /dev with noexec
 ac2b8b3 procd: clean up /dev/pts mounts

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-12 19:17:21 +00:00
Kevin Darbyshire-Bryant
e955a08340 firewall: update to latest HEAD
0f16ea5 options.c: add DSCP code LE Least Effort
24ba465 firewall3: remove redundant syn check
df1306a firewall3: fix locking issue
3624c37 firewall3: support table load on access on Linux 5.15+

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-01-10 11:45:15 +00:00
Sven Eckelmann
97f5617259 ath79: Add support for OpenMesh OM5P-AC v1
Device specifications:
======================

* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi (11n)
* 2T2R 5 GHz Wi-Fi (11ac)
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* TI tmp423 (package kmod-hwmon-tmp421) for temperature monitoring
* 2x ethernet
  - eth0
    + AR8035 ethernet PHY (RGMII)
    + 10/100/1000 Mbps Ethernet
    + 802.3af POE
    + used as LAN interface
  - eth1
    + AR8035 ethernet PHY (SGMII)
    + 10/100/1000 Mbps Ethernet
    + 18-24V passive POE (mode B)
    + used as WAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2022-01-09 21:12:28 +01:00
Sven Eckelmann
72ef594550 ath79: Add support for OpenMesh OM5P-AN
Device specifications:
======================

* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 1T1R 2.4 GHz Wi-Fi
* 2T2R 5 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* TI tmp423 (package kmod-hwmon-tmp421) for temperature monitoring
* 2x ethernet
  - eth0
    + AR8035 ethernet PHY
    + 10/100/1000 Mbps Ethernet
    + 802.3af POE
    + used as LAN interface
  - eth1
    + 10/100 Mbps Ethernet
    + builtin switch port 1
    + 18-24V passive POE (mode B)
    + used as WAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2022-01-09 21:12:28 +01:00
Daniel Golle
000825d792
opkg: update to git HEAD of 2022-01-09
db7fb64 libopkg: pkg_hash: prefer to-be-installed packages
 2edcfad libopkg: set 'const' attribute for argv

This should fix the ImageBuilder problems people are having since we
introduced the 'uci-firewall' providers.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-09 20:10:32 +00:00
Stijn Tintel
0f50d3daff firewall4: bump to git HEAD
9a509d4 ruleset.uc: consolidate ip and ip6 offload
 21f311d ruleset.uc: don't trim newline before comment sign
 f121383 tests: enable flow offloading in tests
 550df40 tests: add test for unknown defaults option
 47c5a5b tests: add test for deprecated rule option
 69a89d6 tests: add test for unknown rule option
 07579df fw4.uc: handle interface zone option

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-01-09 17:38:18 +02:00
Josef Schlehofer
31647d8be8 kernel: add kmod-usb-net-lan78xx
Add kernel module for Microchip LAN78XX based USB 2 & USB 3
10/100/1000 Ethernet adapters. [1]

This kernel module is required for the Seeed Studio's Mini Router
based on RPI CM4 [2].

[1] <https://cateee.net/lkddb/web-lkddb/USB_LAN78XX.html>
[2] <https://www.seeedstudio.com/Dual-GbE-Carrier-Board-with-4GB-RAM-32GB-eMMC-RPi-CM4-Case-p-5029.html>

Link: <https://github.com/openwrt/openwrt/pull/4893>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(added kmod-phy-microchip and kmod-fixed-phy dependencies,
rpi3 needs lan78xx but has it built-in)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-08 23:23:22 +01:00
Christian Lamparter
3fabca8894 kernel: provide kmod-fixed-phy as separate kmod
Almost all targets have the fixed-phy feature built into the kernel.
One big exception is x86. This caused a problem with the upcoming
LAN78xx usb driver. Hence this patch breaks out the fixed-phy from
of_mdio (which didn't include the .ko) and puts into a separate
module.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-08 23:20:21 +01:00
Christian Lamparter
d9ff9a4270 kernel: add kmod-phy-microchip
phy drivers for Microchip's LAN88xx PHYs.
This is needed for the "LAN7801" variant
of the upstream lan78xx usb ethernet driver.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-08 23:17:18 +01:00
Florian Fainelli
a372946e60 elfutils: Add missing musl-fts dependency
libdw depends on libfts.so when building with the musl-libc library, add
this missing dependency.

Fixes: 6835ea13f0 ("elfutils: update to 0.186")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2022-01-07 20:50:50 -08:00
Marty Jones
3fe253c6ab linux-firmware: add new package r8152-firmware
Linux upstream commit 9370f2d05a
add load firmware file through request_firmware,this affect the
nanopi r2s and some USB adapters in kernel 5.10 with this error:
'r8152 4-1:1.0: unable to load firmware patch rtl_nic/rtl8153b-2.fw'
This patch split the USB NIC firmware files from r8169 firmware,
and adds r8152-firmware to r8152 driver.
Add kmod-usb-net-cdc-ncm to support RTL8156A and RTL8156B 2.5G ethernet
adapters supported since v5.13-rc1.
195aae321c

Signed-off-by: Marty Jones <mj8263788@gmail.com>
2022-01-08 00:49:59 +01:00
Jan Hoffmann
9d878d8422 ltq-ifxos: update to 1.7.1
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[fix warnings, switch to tag tarball, update patches]
Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-01-08 00:49:59 +01:00
Andre Heider
5ee1e04517 ltq-vdsl: move to the default device name /dev/dsl_cpe_api/0
This makes patching it for ltq-vdsl-app unnecessary and paves the way
for VRX518 support.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-01-08 00:49:59 +01:00
Hannu Nyman
a54b406ccb busybox: update to 1.35.0
Update busybox to 1.35.0

* refresh patches

Config refresh:

Refresh commands, run after busybox is first built once:

cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0
cd ..
./convert_defaults.pl ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0/.config > Config-defaults.in

Manual edits needed after config refresh:

* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6

* Config-defaults.in: OpenWrt configTARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)

* Config-defaults.in: OpenWrt logic applied to
  BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)

* config/editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)

* config/shell/Config.in : change at "Options common to all shells" the symbol
  SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
  (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
  Apparently our script does not see the hidden option while
  prepending config options with "BUSYBOX_CONFIG_" which leads to a
  missed dependency when the options are later evaluated.)

* Edit Config.in files by adding quotes to sourced items in
  config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2022-01-08 00:49:59 +01:00
Glenn Strauss
a8513e2461 mbedtls: enable session tickets
session tickets are a feature of TLSv1.2 and require less memory
and overhead on the server than does managing a session cache

Building mbedtls with support for session tickets will allow the
feature to be used with lighttpd-1.4.56 and later.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-08 00:49:59 +01:00
Sergey V. Lobanov
6835ea13f0 elfutils: update to 0.186
Upstreamed patches (deleted):
0001-ppc_initreg.c-Incliude-asm-ptrace.h-for-pt_regs-defi.patch -
 https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=8382833a257b57b0d288be07d2d5e7af6c102869
110-no-cdefs.patch -
 https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=d390548df1942e98a1d836269a5e41ba52e121f1

Auto-refreshed:
006-Fix-build-on-aarch64-musl.patch
101-no-fts.patch

Manually updated and refreshed:
005-build_only_libs.patch
003-libintl-compatibility.patch
100-musl-compat.patch

Disabled _obstack_free check (via configure vars)

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-01-08 00:49:59 +01:00
Nick McKinney
e0a574d4b7 ramips: add support for Linksys EA6350 v4
Specifications:
- SoC: MT7621DAT (880MHz, 2 Cores)
- RAM: 128 MB
- Flash: 128 MB NAND
- Ethernet: 5x 1GiE MT7530
- WiFi: MT7603/MT7613
- USB: 1x USB 3.0

This is another MT7621 device, very similar to other Linksys EA7300
series devices.

Installation:

Upload the generated factory.bin image via the stock web firmware
updater.

Reverting to factory firmware:

Like other EA7300 devices, this device has an A/B router configuration
to prevent bricking.  Hard-resetting this device three (3) times will
put the device in failsafe (default) mode.  At this point, flash the
OEM image to itself and reboot.  This puts the router back into the 'B'
image and allows for a firmware upgrade.

Troubleshooting:

If the firmware will not boot, first restore the factory as described
above.  This will then allow the factory.bin update to be applied
properly.

Signed-off-by: Nick McKinney <nick@ndmckinney.net>
2022-01-08 00:49:59 +01:00
Sergey V. Lobanov
04e6434c62 utils/mdadm: fix build on hosts without /run dir
CHECK_RUN_DIR=0 must be a part of MAKE_FLAGS, not MAKE_VARS, otherwise
it is not possible to compile mdadm on host without /run dir.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-01-08 00:49:59 +01:00
Hauke Mehrtens
e708bf76d5 toolchain: glibc: Update to version 2.34
glibc version 2.34 does not provide versioned shared libraries any more,
it only provides shared libraries using the ABI version. Do not try to
copy them any more.

The functions from libpthread and librt were integrated into the main
binary, the libpthread.so and librt.so are only used for backwards
compatibility any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-01-07 22:30:40 +01:00
Stijn Tintel
4d1f133561 firewall4: bump to git HEAD
main.uc: fix device gathering

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-01-06 21:30:14 +02:00
Jo-Philipp Wich
7881dce7d8 firewall4: fix syntax error in dependency spec
Fixes: ae60af8572 ("firewall4: order DEPENDS alphabetically")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 16:58:06 +01:00
Stijn Tintel
53b87a7a28 firewall/firewall4: provide uci-firewall
Provide uci-firewall via PROVIDES in both firewall and firewall4. This
will allow us to change the dependency of luci-app-firewall to
uci-firewall, making it possible to use it with either implementation.

Move CONFLICTS from firewall4 to firewall, to solve this recursive
dependency problem:

tmp/.config-package.in:307:error: recursive dependency detected!
tmp/.config-package.in:307:     symbol PACKAGE_firewall is selected by PACKAGE_firewall4
tmp/.config-package.in:328:     symbol PACKAGE_firewall4 depends on PACKAGE_firewall

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:54:50 +02:00
Stijn Tintel
3ec25a657d firewall4: bump to git HEAD
4ead2a6 treewide: move executables to /sbin
 9ebc2f4 fw4.uc: filter duplicates in fw4.set
 85b74f3 treewide: support flow offloading
 be3b4e6 treewide: support hardware flow offloading
 38889b7 treewide: support set timeout
 31c7550 fw4.uc: do not skip defaults with invalid option
 334a127 fw4.uc: introduce DEPRECATED flag
 7a0d38f fw4.uc: add _name as deprecated option
 5e7ad3b fw4.uc: don't fail on unknown options
 be5f4e3 fw4.uc: allow use of cidr in ipsets

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:54:43 +02:00
Stijn Tintel
ae60af8572 firewall4: order DEPENDS alphabetically
Add some line breaks while at at, to improve readability.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:54:06 +02:00
Stijn Tintel
3d4acc34bb firewall4: drop kmod-ipt-nat from CONFLICTS
The limitation of not being able to use iptables and nft nat at the same
time exists only in kernels before 4.18.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:53:47 +02:00
Daniel Kestrel
b61d756b6c ltq-deu: disable arc4 algorithm
ARC4 was used for WEP, which is not secure anymore. Therefor it is
disabled in the driver, but the code is not removed for now.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
fc4d88cf73 ltq-deu: add aes_gcm algorithm
The lantiq AES hardware does not support the gcm algorithm. But it
can be implemented in the driver as a combination of the aes_ctr
algorithm and the xor plus gfmul operations for the hashing.
Due to the wrapping of the several algorithms and the inefficient
16 byte block by 16 byte block invokation in the kernel
implementations, this driver is about 3 times faster for the larger
block sizes.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
973e28f248 ltq-deu: change PKG_RELEASE to AUTORELEASE
As per suggestion by adschm, PKG_RELEASE is set to AUTORELEASE.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
a0d6b09c36 ltq-deu: remove redundant code for setting the key in aes
After adding xts and cbcmac the aes algorithm source had three sections
for setting the aes key to the hardware which are identical.
Method aes_set_key_hw was created which is now called from within the
spinlock secured control sections in methods ifx_deu_aes, ifx_deu_aes_xts
and aes_cbcmac_final_impl and reduces the size of ifxmips_aes.c.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
79efaa7f8f ltq-deu: add shash cbcmac-aes algorithm to the driver
Since commit 53b6783 hostapd is using the kernel api which includes the
cbcmac-aes shash algorithm. The kernels implementation is a wrapper around
the aes encryption algorithm, which encrypts block (16 bytes) by block.
When the ltq-deu driver is present, it uses hardware aes, but every 16 byte
encrypt requires setting the key. This is very inefficient and is a huge
overhead. Since the cbcmac-aes is simply a hash that uses the cbc aes
algorithm starting with an iv set to x'00' with an optional ecb aes
encryption of a possible last incomplete block that is padded with the
positional bytes of the last cbc encrypted block, this algorithm is now
added to the driver. Most of the code is derived from md5-hmac and
tailored for aes. Tested with the kernels crypto testmgr including extra
tests against the kernels generic ccm module implementation.
This patch also fixes the overallocation in the aes_ctx that is caused
by using u32 instead of u8 for the aes keys.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
f8e5c6080c ltq-deu: remove driver disablement for kernel 5.4 and above
Remove the dependency on kernel 5.4 from the Makefile to allow the
driver to compile with kernel 5.10 or kernel versions higher than
5.4.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
43422deed3 ltq-deu: add aes_xts algorithm
The lantiq AES hardware does not support the xts algorithm. Apart
from the cipher text stealing (XTS), the AES XTS implementation is
just an XOR with the IV, followed by AES ECB, followed by another
XOR with the IV and as such can be also implemented by using the
lantiq hardware's CBC AES implemention plus one additional XOR with
the IV in the driver. The output IV by CBC AES is also not usable
and the gfmul operation not supported by lantiq hardware. Both need
to be done in the driver too in addition to the IV treatment which is
the initial encryption by the other half of the input key and to
set the IV to the IV registers for every block.
In the generic kernel implementation, the block size for XTS is set
to 16 bytes, although the algorithm is designed to process any size
of input larger than 16 bytes. But since there is no way to
indicate a minimum input length, the block size is used. This leads
to certain issues when the skcipher walk functions are used, e.g.
processing less than block size bytes is not supported by calling
skcipher_walk_done.
The walksize is 2 AES blocks because otherwise for splitted input
or output data, less than blocksize is to be returned in some cases,
which cannot be processed. Another issue was that depending on
possible split of input/output data, just 16 bytes are returned while
less than 16 bytes were remaining, while cipher text stealing
requires 17 bytes or more for processing.
For example, if the input is 60 bytes and the walk is 48, then
processing 48 bytes leads to a return code of -EINVAL for
skcipher_walk_done. Therefor the processed counter is used to
figure out, when the actual cipher text stealing for the remaining
bytes less than blocksize needs to be applied.
Measured with cryptsetup benchmark, this XTS AES implementation is
about 19% faster than the kernels XTS implementation that uses the
hardware ECB AES (ca. 18.6 MiB/s vs. 15.8 MiB/s decryption 256b key).
The implementation was tested with the kernels crypto testmgr against
the kernels generic XTS AES implementation including extended tests.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:08 +01:00
Daniel Kestrel
006fee0dad ltq-deu: update initialisations for hmac algorithms
The processing in the hmac algorithms depends on the status fields:
count, dbn and started. Not all were initialised in the init method
and after finishing the final method. Added missing fields to init
method and call init method after finishing final.
The memsets have the wrong size in the original driver and did not
clear everything and are not necessary. Since no memset is done in
the kernels generic implementation, memsets were removed.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:05 +01:00
Daniel Kestrel
6ade9d1dda ltq-deu: remove compiler warning and shorten locked sections
Removing hash pointer in _hmac_setkey since its not needed and causes
a compiler warning.
Make the spinlock control sections shorter and move initializations
out of the control sections to free the spinlock faster for allowing
other threads to use the hash engine.
Minor improvements for indentation and removal of blanks and blank
lines in some areas.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:02 +01:00
Daniel Kestrel
0470b05b56 ltq-deu: fix temp size exceed in hmac algorithms
Exceeding the temp array size was not checked and instead storage not
allocated by the driver was used/overwritten which in most cases
resulted in reboots. This patch implements processing the input to the
hash algorithm in tempsize chunks.
The _hmac_final methods were changed to _hmac_final_impl adding a
parameter that indicates intermediate or final processing. The started
variable was added to the context to indicate, if there is an
intermediate result in the context. For sha1_hmac the variable to store
the intermediate hash was added to the context too.
In order to avoid md5_hmac_final_impl being recursively called if the
padding of the input and the resulting last transform during the hmac
algorighms final processing causes the temp array to overflow and to
make sure that there is at least one block in the temp array when the
_hmac_final for final processing is called, the check for exceeding
the temp array in _hmac_transform was moved before copying the block
and incrementing dbn. dbn needs to be at least 1 at final processing
time to let the hash engine apply the opad operation.
To make the hash engine not apply the hmac algorithms final opad
operation, for intermediate processing the dbn in the control register
is set to a higher value than number of dbns are actually processed.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:59 +01:00
Daniel Kestrel
85383b3112 ltq-deu: fix setkey errors and static shared temp for hmac algos
The hmac algorithms state, that keys larger than the key size should be
hashed with the underlying hash algorithms and then those hashes are to
be used as keys. This patch implements this. In order to avoid allocating
a descriptor during setkey, a shash_desc pointer is added to the context.
Another issue for multithreaded callers is the shared temp array.
The temp array is static and as such would be shared among multithreaded
callers, which obviously would neither work nor produce correct results.
The temp array (4k size) is moved to the context and since the size of
the context is limited, it can only be defined as pointer otherwise the
initialisation of the hash algorithm fails.
The allocations and freeing of both the temp and the desc pointer in the
context are done by implementing cra_init and cra_exit functions for
the hmac algorithms.
Also improved indentation in some areas.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:57 +01:00
Daniel Kestrel
9cb1875d2f ltq-deu: fix ifxdeu-ctr-rfc3686(aes) not matching generic impl
Error ifxdeu-ctr-rfc3686(aes) (16) doesn't match generic impl (20) occurs
when running the cryptomgr extra tests that compare against the linux
kernels generic implementation.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:53 +01:00
Daniel Kestrel
34a3eaf07f ltq-deu: changes for hash multithread callers and md5 endianess
The algorithms sha1, sha1_hmac and md5_hmac all use ENDI=1. The md5
algorithm uses ENDI=0 and the endian_swap methods to reverse the
endianess switch by using user CPU time, which is unnecessary overhead.
Danube and AR9 devices do not set endianess for SHA1, so is done for
MD5.
Furthermore the patch replaces endian_swap with le32_to_cpu for md5 and
md5 hmac algorithms and removes endian_swap for them.
The init functions initialize the algorithm in the hardware. The lock is
not used to write to the control register. If another thread calls
another hash algo before update or final, the result will be wrong.
Therefore move the algorithm init to the lock protected sections in the
transform or final methods.
Setting the hw key for the hmac algorithms is now done from within the
lock protected sections in their final methods. The lock protecting is
removed from the _hmac_setkey_hw functions.
In final for md5 and sha1 the lock section is removed, because all the
work was already done in transform (which is called from final). As such
only copying the hash to the output is required.
MD5 and MD5_HMAC produce 16 byte hashes (4 DWORDS) only, therefor
writing register D5R to the hash output is removed for MD5_HMAC.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:50 +01:00
Daniel Kestrel
87a19c9345 ltq-deu: make deu hash lock global and remove md5_hmac_ exports
All hash algorithms use the same base IFX_HASH_CON to access the hash unit.
Parallel threads should not be able to call different hash algorithms and
therefor a global lock is required.
Fixed linker warning, that md5_hmac_init, md5_hmac_update and
md5_hmac_final are static export symbols. The export symbols are not
required, because the functions are exposed using shash_alg structure.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:48 +01:00
Daniel Kestrel
536dc6f164 ltq-deu: add aes_ofb and aes_cfb algorithms
The functions ifx_deu_aes_cfg and ifx_deu_aes_ofb have been part of the
driver ever since. But the functions and definitions to make the
algorithms actually usable were missing.
This patch adds the neccessary code for aes_ofb and aes_cfb algorithms.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:45 +01:00
Daniel Kestrel
cd01d41c77 ltq-deu: fix cryptomgr test errors for aes
When running cryptomgr tests against the driver, there are several
occurences of different errors for even and uneven splitted data in the
underlying scatterlists for the ctr and ctr_rfc3686 algorithms which are
now fixed.
Fixed error in ctr_rfc3686_aes_decrypt function which was introduced with
the previous commit by using CRYPTO_DIR_ENCRYPT in the decrypt function.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:42 +01:00
Daniel Kestrel
19cb3c9dff ltq-deu: fix cryptomgr test errors for des
When running cryptomgr tests against the driver, there are several
occurences of different errors for setkey of des and des3-ede
algorithms.
Those key checks are already implemented in the kernels des
implementation, so this is added as dependency and the kernel methods
are called. It also required adding the kernels des/des3 context
definitions to the des_ctx internal structure to be able to call the
kernel methods.
Fixed ifxdeu-des... setkey unexpectedly succeeded on test vector x;
expected_error=-22.
Fixed ifxdeu-des... setkey failed on test vector x; expected_error=0,
actual_error=-22.
Renamed des_ctx internal structure and des_encrypt/des_decrypt methods
because they are already defined in the kernel module.
Fixed wrong DES_xxx constant definitions in crypto_alg definition for
ifxdeu_des3_ede_alg.
Fixed method comment errors.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:38 +01:00
Daniel Kestrel
e84c4b54f3 ltq-deu: convert SHA1 after library impl of SHA1 was removed
The <linux/cryptohash.h> was removed with Linux 5.8, because it only
contained the library implementation of SHA1, which was folded
into <crypto/sha.h>.
So switch this driver away from using <linux/cryptohash.h>.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:35 +01:00
Daniel Kestrel
737bd4f296 ltq-deu: convert blkcipher to skcipher
Convert blkcipher to skcipher for the synchronous versions of AES,
DES and ARC4.
The Block Cipher API was depracated for a while and was removed with
Linux 5.5. So switch this driver to the skcipher API.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:30 +01:00
Daniel Kestrel
c8967d6d12 ltq-deu: set correct control register for AES
Some devices initialize AES during boot and AES works out of the box
and the correct endianess is set.
NDC means (No Danube Compatibility Mode) and the endianess setting has
no effect if its set to 0.
NDC 0: OFF ENDI bit cannot be written as in Danube
To make it work for other devices, the NDC control register needs to
be set to 1.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:18 +01:00
Mathias Kresin
8dafa98bfb ltq-deu: make cipher/digest usable by openssl
OpenSSL with cryptdev support uses the data encryption unit (DEU) driver
for hard accelerated processing of ciphers/digests, if the flag
CRYPTO_ALG_KERN_DRIVER_ONLY is set.

Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-05 23:05:38 +01:00
Mathias Kresin
17656f21f3 ltq-deu: aes-ctr: process all input data
Even if the minimum blocksize is set to 16 (AES_BLOCK_SIZE), the crypto
manager tests pass 499 bytes of data to the aes-ctr encryption, from
which only 496 bytes are actually encrypted.

Reading the comment regarding the minimum blocksize, it only states that
it's the "smallest possible unit which can be transformed with this
algorithm". Which doesn't necessarily mean, the data have to be a
multiple of the minimal blocksize.

All kernel hardware crypto driver enforce a minimum blocksize of 1,
which perfect fine works for the lantiq data encryption unit as well.

Lower the blocksize limit to 1, to process not padded data as well.
In AES for processing the remaining bytes, uninitialized pointers
were used.
This patch fixes using uninitialized pointers and wrong offsets.

Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-05 23:05:38 +01:00
Mathias Kresin
ab270c6fbc ltq-deu: aes: do not read/write behind buffer
When handling non-aligned remaining data (not padded to 16 byte
[AES_BLOCK_SIZE]), a full 16 byte block is read from the input buffer
and written to the output buffer after en-/decryption.

While code already assumes that an input buffer could have less than 16
byte remaining, as it can be seen by the code zeroing the remaining
bytes till AES_BLOCK_SIZE, the full AES_BLOCK_SIZE is read.

An output buffer size of a multiple of AES_BLOCK_SIZE is expected but
never validated.

To get rid of the read/write behind buffer, use a temporary buffer when
dealing with not padded data and only write as much bytes to the output
as we read.

Do not memcpy directly to the register, to make used of the endian swap
macro and to trigger the crypto start operator via the ID0R to trigger
the register. Since we might need an endian swap for the output in
future, use a temporary buffer for the output as well.

The issue could not be observed so far, since all caller of ifx_deu_aes
will ignore the padded (remaining) data. Considering that the minimum
blocksize for the algorithm is set to AES_BLOCK_SIZE, the behaviour
could be called expected.

Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-05 23:05:38 +01:00
Mathias Kresin
11d2c71538 ltq-deu: init des/aes before registering crpyto algorithms
The crypto algorithms are registered and available to the system before
the chip is actually powered on and the generic parameter for the DEU
behaviour set.

The issue can mainly be observed if the crypto manager tests are enabled
in the kernel config. The crypto manager test run directly after an
algorithm is registered.

Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-05 23:05:38 +01:00
Paul Spooren
6ba8d510b8 lua: add HOST_FPIC for host builds
Compiling without fPIC causes linking issues for packages using liblua.

Add $(HOST_FPIC) to host builds for both lua and lua5.3.

Suggested-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-01-03 10:34:31 +01:00
Nick Hainke
7df80be410 binutils: fix compiling with arch-based distros
Arch Linux users have encountered problems with packages that have a dependency on binutils. This error happens when libtool is doing:
  libtool: relink: ...
So change PKG_FIXUP to "patch-libtool".

Fixes error in the form of:
  libtool: install: error: relink `libctf.la' with the above command
           before installing it

Upstream Bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=28545

OpenWrt Bug:
https://bugs.openwrt.org/index.php?do=details&task_id=4149

Acked-by: John Audia <graysky@archlinux.us>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-01-02 20:33:28 +01:00
Eneas U de Queiroz
def9565be6 openssl: bump to 1.1.1m
This is a bugfix release.  Changelog:

  *) Avoid loading of a dynamic engine twice.
  *) Fixed building on Debian with kfreebsd kernels
  *) Prioritise DANE TLSA issuer certs over peer certs
  *) Fixed random API for MacOS prior to 10.12

Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-01-01 18:02:49 +01:00
Nick Hainke
f61816fdff hostapd: refresh patchset
Recently the hostapd has undergone many changes. The patches were not refreshed.
Refreshed with
    make package/hostapd/{clean,refresh}

Refreshed:
    - 380-disable_ctrl_iface_mib.patch
    - 600-ubus_support.patch
    - 700-wifi-reload.patch
    - 720-iface_max_num_sta.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-12-31 12:11:59 +01:00
Stijn Tintel
9ba6ee4e25 nftables: allow quoted string in flowtable_expr_member
This is required to be able to use flow offloading on devices with
ifnames that start with a digit, like 6in4-wan6.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-31 02:07:13 +02:00
Sergey V. Lobanov
6bfc8bb4a3 utils/px5g-wolfssl: make selfsigned certicates compatible with chromium
Chromium based web-browsers (version >58) checks x509v3 extended attributes.
If this check fails then chromium does not allow to click "Proceed to ...
(unsafe)" link. This patch add three x509v3 extended attributes to self-signed
certificate:
1. SAN (Subject Alternative Name) (DNS Name) = CN (common name)
2. Key Usage = Digital Signature, Non Repudiation, Key Encipherment
3. Extended Key Usage = TLS Web Server Authentication

SAN will be added only if CONFIG_WOLFSSL_ALT_NAMES=y

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2021-12-29 22:55:16 +01:00
Sergey V. Lobanov
dfd695f4b9 libs/wolfssl: add SAN (Subject Alternative Name) support
x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)

It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2021-12-29 22:55:16 +01:00
Pawel Dembicki
4e46ae1f69 kirkwood: add support for NETGEAR ReadyNAS Duo v2
NETGEAR ReadyNAS Duo v2 is a NAS based on Marvell kirkwood SoC.

Specification:
 - Processor Marvell 88F6282 (1.6 GHz)
 - 256MB RAM
 - 128MB NAND
 - 1x GBE LAN port (PHY: Marvell 88E1318)
 - 1x USB 2.0
 - 2x USB 3.0
 - 2x SATA
 - 3x button
 - 5x leds
 - serial on J5 connector accessible from rear panel
   (115200 8N1) (VCC,TX,RX,GND) (3V3 LOGIC!)

Installation by USB + serial:
  - Copy initramfs image to fat32 usb drive
  - Connect pendrive to USB 2.0 front socket
  - Connect serial console
  - Stop booting in u-boot
  - Do:
	usb reset
        setenv bootargs 'console=ttyS0,115200n8 earlyprintk'
        setenv bootcmd 'nand read.e 0x1200000 0x200000 0x600000;bootm 0x1200000'
        saveenv
	fatload usb 0:1 0x1200000 openwrt-kirkwood-netgear_readynas-duo-v2-initramfs-uImage
	bootm 0x1200000
  - copy sysupgrade image via ssh.
  - run sysupgrade

Installation by TFTP + serial:
  - Setup TFTP server and copy initramfs image
  - Connect serial console
  - Stop booting in u-boot
  - Do:
	setenv bootargs 'console=ttyS0,115200n8 earlyprintk'
	setenv bootcmd 'nand read.e 0x1200000 0x200000 0x600000;bootm 0x1200000'
	saveenv
	setenv serverip 192.168.1.1
	setenv ipaddr 192.168.1.2
	tftpboot 0x1200000 openwrt-kirkwood-netgear_readynas-duo-v2-initramfs-uImage
	bootm 0x1200000
  - copy sysupgrade image via ssh.
  - run sysupgrade

Known issues:
  - Power button and PHY INTn pin are connected to the same GPIO. It
    causes that every network restart button is pressed in system.
    As workaround, button is used as regular BTN_1.

For more info please look at file:
RND_5.3.13_WW.src/u-boot/board/mv_feroceon/mv_hal/usibootup/usibootup.c
from Netgear GPL sources.

Tested-by: Raylynn Knight <rayknight@me.com>
Tested-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2021-12-29 20:35:57 +01:00
Pawel Dembicki
c6ab514863 packages: kernel: add i2c hwmon g762 kmod package
This patch adds kernel module for Global Mixed-mode Technology Inc
G762 and G763 fan speed PWM controller chips.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2021-12-29 20:35:57 +01:00
Hauke Mehrtens
d0501dc7fc tfa-layerscape: fix build on systems without openssl headers
The build fails when the openssl/sha.h header file is not installed on
the host system. Fix this by setting the HOSTCCFLAGS variable to the
OpenWrt HOST_CFLAGS variable, without setting this the include paths and
other modifications in the host flags done by OpenWrt will be ignored by
the build.

This fixes the following build problem:
gcc -c -D_GNU_SOURCE -D_XOPEN_SOURCE=700 -Wall -Werror -pedantic -std=c99 -O2 -I../../include/tools_share fiptool.c -o fiptool.o
In file included from fiptool.h:16,
                 from fiptool.c:19:
fiptool_platform.h:19:11: fatal error: openssl/sha.h: No such file or directory
   19 | # include <openssl/sha.h>
      |           ^~~~~~~~~~~~~~~

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-28 18:04:13 +01:00
Hauke Mehrtens
137a7607ec layerscape: restool: Remove build of manpages
The build of the manpages needs the pandoc tool, this is not in the
minimal requirements of OpenWrt, just remove the build of the restool
manpage. This fixes the build on systems without pandoc like the OpenWrt build bots.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-28 16:09:12 +01:00
Raphaël Mélotte
69ce75fb12 hostapd: add fallback for WPS on stations
Up to now the WPS script triggered WPS on the stations only if it
could not trigger it successfully on any hostapd instance.

In a Multi-AP context, there can be a need (to establish a new
wireless backhaul link) to trigger WPS on the stations, regardless of
whether there is already a hostapd instance configured or not. The
current script makes it impossible, as if hostapd is running and
configured, WPS would always be triggered on hostapd only.

To allow both possibilities, the following changes are made:

- Change the "pressed" action to "release", so that we can make use of
the "$SEEN" variables (to know for how long the button was pressed).

- If the button is pressed for less than 3 seconds, keep the original
behavior.

- If the button is pressed for 3 seconds or more, trigger WPS on the
stations, regardless of the status of any running hostapd instance.

- Add comments explaining both behaviors.

- While at it, replace the usage of '-a' with a '[] && []'
construct (see [1]).

This gives users a "fallback" mechanism to onboard a device to a
Multi-AP network, even if the device already has a configured hostapd
instance running.

[1]: https://github.com/koalaman/shellcheck/wiki/SC2166

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-12-27 16:32:02 +00:00
Christian Lamparter
cf8ee49c9b linux-firmware: amd: consolidate amd's linux-firmware entries
this patch consolidates the amd64-microcode
(moved to linux-firmware.git, previously this was an extra
debian source package download), amdgpu and radeon firmwares
into a shared "amd" makefile.

With the upcoming 20211216 linux-firmware bump,
this will include a microcode update for ZEN 3 CPUs.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-27 13:51:41 +01:00
Martin Schiller
a0ad1f36f0 umbim: add missing json_close_object call
Otherwise, connection setup may fail due to JSON parse error in netifd.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Updated commit description]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2021-12-27 13:51:41 +01:00
Martin Schiller
6d1cca7e65 umbim: explicitly check for PIN1 state
PIN2 is used only to restrict changing of fixed dialling feature,
does not affect network registration. Therefore explicitly check for
PIN1 state during connection setup, which is required for network
registration.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Updated commit description]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2021-12-27 13:51:41 +01:00
Martin Schiller
049870a7fe umbim: call umbim disconnect in error case
This is needed to properly close the control channel.

Otherwise, on the next try the caps call may fail.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-27 13:51:41 +01:00
Javier Marcet
018ada5403 base-files: upgrade: fix efi partitions size calculation
We were missing (not using) the last sector of each partition,
compared with the output of gparted.

Signed-off-by: Javier Marcet <javier@marcet.info>
[moved the dot]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-27 13:51:41 +01:00
David Bauer
5ca7793418 hostapd: add missing function declaration
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-27 03:13:36 +01:00
Hauke Mehrtens
18bdfc803b tcpdump: libpcap: Remove http://www.us.tcpdump.org mirror
The http://www.us.tcpdump.org mirror will go offline soon, only use the
normal download URL.

Reported-by: Denis Ovsienko <denis@ovsienko.info>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-27 00:49:08 +01:00
Hauke Mehrtens
397dfe4a97 linux-firmware: Update to version 20121216
The rtl8723bs firmware was removed and a symlink to the rtl8723bu
firmware was created like it is done in upstream linux-firmware.

The following OpenWrt packages are changing:
* amdgpu-firmware: Multiple updates and new files
* ar3k-firmware: Multiple updates and new files
* ath10k-firmware-qca6174: Updated ath10k/QCA6174/hw3.0/board-2.bin
* bnx2x-firmware: Added bnx2x-e1-7.13.21.0.fw, bnx2x-e1h-7.13.21.0.fw and bnx2x-e2-7.13.21.0.fw
* iwlwifi-firmware-iwl8260c: Updated iwlwifi-8000C-36.ucode
* iwlwifi-firmware-iwl8265: Updated iwlwifi-8265-36.ucode
* iwlwifi-firmware-iwl9000: Updated iwlwifi-9000-pu-b0-jf-b0-46.ucode
* iwlwifi-firmware-iwl9260: Updated iwlwifi-9260-th-b0-jf-b0-46.ucode
* r8169-firmware: Updated rtl8153c-1.fw
* rtl8723bs-firmware: removed
* rtl8723bu-firmware: Added rtlwifi/rtl8723bs_nic.bin symlink
* rtl8822ce-firmware: Updated rtw8822c_fw.bin

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-27 00:10:29 +01:00
Nick Hainke
236c3ea730 kernel: mac80211: refresh patchset
Refreshed:
- 311-mac80211-use-coarse-boottime-for-airtime-fairness-co.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-12-24 22:15:50 +00:00
Nick Hainke
694757a08f kernel: ath10k: provide a build variant for small RAM devices
Based on: 1ac627024d ("kernel: ath10k-ct: provide a build variant for
small RAM devices")

Like described in the ath10k-ct-smallbuffers version, oom-killer gets
triggered frequently by devices with small RAM.

That change is necessary for many community mesh networks which use
ath10k based devices with too little RAM. The -ct driver has been
proven unstable if used with 11s meshing and only wave2 chipsets are
supporting 11s. Freifunk Berlin is nowadays assembling its
firmware-based completely of vanilla OpenWRT with some package additions
which are made through the imagebuilder. Therefore we cannot take the
approach other freifunk communities have taken to maintain that patch
downstream [1]. Other communities consider these devices as broken and
that change would pretty much give those devices a second life [2].
[1] - 450b306e54
[2] - https://github.com/freifunk-gluon/gluon/issues/1988#issuecomment-619532909

Signed-off-by: Simon Polack <spolack+git@mailbox.org>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-12-24 22:15:50 +00:00
Rafał Miłecki
f18288e267 arm-trusted-firmware-bcm63xx: add ATF for Broadcom devices
Right now it includes bcm4908 variant only that is required by BCM4908
family devices with U-Boot.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-12-24 22:42:03 +01:00
Felix Fietkau
5e67cd63c4 hostapd: only attempt to set qos map if supported by the driver
Fixes issues with brcmfmac

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-23 19:18:56 +01:00
Arnout Vandecappelle (Essensium/Mind)
0210f37534 hostapd: keep HE capability after channel switch in AP+STA/Mesh
The auto-ht option already kept HT and VHT support, but wasn't updated
to support HE (11ax).

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-12-21 22:21:38 +00:00
Stijn Tintel
3fda16078b qoriq: add support for WatchGuard Firebox M300
This device is based on NXP's QorIQ T2081QDS board, with a quad-core
dual-threaded 1.5 GHz ppc64 CPU and 4GB ECC RAM. The board has 5
ethernet interfaces, of which 3 are connected to the ethernet ports on
the front panel. The other 2 are internally connected to a Marvell
88E6171 switch; the other 5 ports of this switch are also connected to
the ethernet ports on the front panel.

Installation: write the sdcard image to an SD card. Stock U-Boot will
not boot, wait for it to fail then run these commands:

setenv OpenWrt_fdt image-watchguard-firebox-m300.dtb
setenv OpenWrt_kernel watchguard_firebox-m300-kernel.bin
setenv wgBootSysA 'setenv bootargs root=/dev/mmcblk0p2 rw rootdelay=2 console=$consoledev,$baudrate fsl_dpaa_fman.fsl_fm_max_frm=1530; ext2load mmc 0:1 $fdtaddr $OpenWrt_fdt; ext2load mmc 0:1 $loadaddr $OpenWrt_kernel; bootm $loadaddr - $fdtaddr'
saveenv
reset

The default U-Boot boot entry will now boot OpenWrt from the SD card.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-12-21 21:37:46 +02:00
Stijn Tintel
080a769b4d qoriq: new target
Add a new target named "qoriq", that will support boards using PowerPC
processors from NXP's QorIQ brand.

This doesn't actually add support for any board yet, so that
installation instructions can go in the commit message of the commit
that adds actual support for a board.

Using CONFIG_E6500_CPU here due to the kernel using -mcpu=powerpc64
rather than -mcpu=e5500 when selecting CONFIG_E5500_CPU. The only
difference between e5500 and e6500 is AltiVec support, and the kernel
checks for it at runtime. Musl will only check at runtime if AltiVec
support is disabled at compile-time, so we need to use e5500 in CPU_TYPE
to avoid SIGILL.

Math emulation (CONFIG_MATH_EMULATION_HW_UNIMPLEMENTED) is required, as
neither e5500 nor e6500 implement fsqrt nor fsqrts, and musl hardcodes
sqrt and sqrtf to use these ASM instructions on PowerPC64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-12-21 21:37:39 +02:00
Stijn Tintel
052e31ed47 libunwind: add ppc64 support
Backport an upstream patch to make libunwind build on ppc64, and add
powerpc64 to the dependencies.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-12-21 21:37:05 +02:00
Stijn Tintel
38c3ead820 nettle: disable assembler on ppc64
As of version 3.7, Nettle added PowerPC64 assembly for several
algorithms. Unfortunately, they cause build to fail due to ABI mismatch:

gcm-hash.o: ABI version 1 is not compatible with ABI version 2 output

Disable assembler when ppc64 and musl are used for now.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-12-21 21:36:55 +02:00
Stijn Tintel
ac8673ff85 openssl: add ppc64 support
Backport an upstream patch that adds support for ELFv2 ABI on big endian
ppc64. As musl only supports ELFv2 ABI on ppc64 regardless of
endianness, this is required to be able to build OpenSSL for ppc64be.

Modify our targets patch to add linux-powerpc64-openwrt, which will use
the linux64v2 perlasm scheme. This will probably break the combination
ppc64 with glibc, but as we really only want to support musl, this
shouldn't be a problem.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-12-21 21:36:38 +02:00
Lorenzo Bianconi
3eff363ec3 mt76: fix Makefile dependencies for mt7921
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2021-12-21 11:29:09 +01:00
Stijn Tintel
7e54e9f860 kernel: drop obsolete kmod-video-core dependencies
These dependencies do not exist in any of the supported kernel versions.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-20 19:57:01 +02:00
Stijn Tintel
a47c82b556 kernel: drop obsolete symbols from kmod-video-core
These symbols don't exist in any of the supported kernel versions.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-20 19:57:01 +02:00
Daniel Golle
15d0c4d5cd
procd: update to git HEAD
eb522fc uxc: consider uvol and etc location for configurations
 16a6ee9 uxc: integrate console into uxc
 129d050 remove ujail-console

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-12-20 02:23:47 +00:00
David Bauer
54cfe0774c hostapd: make OpenWrt statistics per-BSS
WNM and RRM statistics were incorrectly per-PHY, leading to shared
statistic counters per BSS.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-20 00:15:03 +01:00
David Bauer
6d1e380666 hostapd: provide BSS-transition-queries to ubus subscribers
Provide incoming BSS transition queries to ubus subscribers.

This allows external steering daemons to provide clients with
an optimal list of transition candidates.

This commit has no functional state in case no ubus subscriber is
present or it does not handle this ubus message.

To prevent hostapd from sending out a generic response by itself, a
subscribing daemon has to return a non-zero response code to hostapd.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-20 00:15:03 +01:00
David Bauer
dd39249f08 hostapd: WNM: allow specifying dialog-token
Backport a patch to allow extending the ubus BSS-transition method
for specifying individual dialog tokens for BSS transition
management requests.

This is required for handling BSS transition queries in the future.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-20 00:15:03 +01:00
Hans Dedecker
df9a62a085 odhcp6c: update to latest git HEAD
39b584b Revert "dhcpv6: add a minimum valid lifetime for IA_PD updates"
c9578e1 dhcpv6: add support for null IA_PD valid lifetime
ca43ea3 dhcpv6: add a minimum valid lifetime for IA_PD updates

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-12-17 21:06:34 +01:00
Hans Dedecker
1e57d52e2f netifd: update to latest git HEAD
5ca5e0b netifd: allow disabling rule/rule6 config sections
8875960 interface-ip: add support for IPv6 prefix invalidation
e589c05 interface-ip: use metric when looking for a route
b54ffde main: fix hotplug script usage message

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-12-17 21:06:24 +01:00
Felix Fietkau
87def9efd8 mac80211: optimize airtime fairness code to reduce cpu usage
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-17 15:03:05 +01:00
David Bauer
9090e0be4d hostapd: close correct blobmsg table
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-16 20:27:07 +01:00
David Bauer
16bcaa71fa hostapd: add OpenWrt specific statistic counters
This adds a new struct for storing statistics not (yet) tracked by
hostapd regarding RRM and WNM activity.

These statistics can be read using the get_status hostapd interface ubus
method.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-15 00:13:40 +01:00
Hauke Mehrtens
a5cc9e033c iw: Update to version 5.16
Revert a commit to allow providing CFLAGS and LIBS from OpenWrt package
Makefile.

This downgrades the nl80211.h to kernel 5.15 and removes FILS_CRYPTO_OFFLOAD.
This is needed to make it compatible with our patched mac80211 from
kernel 5.15

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-14 22:59:10 +01:00
Hauke Mehrtens
954e1278a9 libnl-tiny: update to the latest version
8e0555f attr.h: Add NLA_PUT_S32

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-14 22:59:10 +01:00
Hauke Mehrtens
3531a96df7 mac80211: Update to version 5.15.8
The following patches were backported from upstream before and are not
needed any more:
  package/kernel/mac80211/patches/ath10k/081-ath10k-fix-module-load-regression-with-iram-recovery-feature.patch
  package/kernel/mac80211/patches/ath10k/980-ath10k-fix-max-antenna-gain-unit.patch
  package/kernel/mac80211/patches/build/010-headers-Add-devm_platform_get_and_ioremap_resource.patch
  package/kernel/mac80211/patches/subsys/300-mac80211-drop-check-for-DONT_REORDER-in-__ieee80211_.patch
  package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch
  package/kernel/mac80211/patches/subsys/308-mac80211-fix-radiotap-header-generation.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-14 22:15:06 +01:00
Martin Schiller
210128240b ls-ddr-phy: bump to LSDK-21.08
Update ls-ddr-phy to latest LSDK-21.08.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
4002a6aa76 restool: bump to LSDK-21.08
Update restool to latest LSDK-21.08.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
693923030c ls-dpl: bump to LSDK-21.08
Update ls-dpl to latest LSDK-21.08.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
a82e766f17 ls-mc: bump to LSDK-21.08
Update ls-mc to latest LSDK-21.08.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
5df38cc7ba ppfe-firmware: bump to LSDK-21.08
Update ppfe-firmware to latest LSDK-21.08.

Switched to AUTORELEASE for simplicity.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
d6ca827043 fman-ucode: bump to LSDK-21.08
Just update PKG_VERSION/PKG_MIRROR_HASH since fman-ucode
of LSDK-21.08 had no changes.

Switched to AUTORELEASE for simplicity.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
294140c124 tfa-layerscape: bump to LSDK-21.08
Update tfa package to latest LSDK-21.08.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
674af9c1f6 uboot-layerscape: bump to LSDK-21.08
Update layerscape u-boot package to LSDK-21.08 and drop patches which
are no longer needed.

The new env variable 'fsl_bootcmd_mcinitcmd_set' is needed to protect
the configured bootcmd and mc_init values. See [1] for more
informations.

[1] b62c174e86

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
8ef768c2ef ls-rcw: bump to LSDK-21.08
Update ls-rcw to latest LSDK-21.08.
Drop patch 0001 since it had been integrated.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 22:25:28 +01:00
Rafał Miłecki
942facd14f otrx: update to the latest master
56e8e19 otrx: support TRX from stdin when extracting
a37ccaf otrx: support unsorted partitions offsets
1fa145e otrx: extract shared code opening & parsing TRX format
4ecefda otrx: allow validating TRX from stdin
cf01e69 otrx: avoid unneeded fseek() when calculating CRC32

Fixes: 80041dea70 ("bcm53xx: sysupgrade: refactor handling different firmware formats")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-12-13 13:48:08 +01:00
Rafał Miłecki
a2cf659ad8 dtc: support printing binary data with fdtget
It's needed for extracting binary images.

Cc: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-12-13 08:51:09 +01:00
Rafał Miłecki
80fe8d027c dtc: import package for dtc & fdt from packages feed
fdt* utils are needed by targets that use U-Boot FIT images for
sysupgrade. It includes all recent BCM4908 SoC routers as Broadcom
switched from CFE to U-Boot.

fdtget is required for extracting images (bootfs & rootfs) from
Broadcom's ITB. Extracted images can be then flashed to UBI volumes.

sysupgrade is core functionality so it needs dtc as part of base code
base.

Cc: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-12-13 08:36:26 +01:00
Daniel Golle
56b14fdeb2
procd: update to git HEAD
bb95fe8 jail: make sure jailed process is terminated

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-12-11 03:16:57 +00:00
Janpieter Sollie
03c0049774 rtl8812au-ct: update driver to be ready for 5.15
update rtl8812au-ct driver to be ready for 5.15 Linux.

Signed-off-by: Janpieter Sollie <janpieter.sollie@edpnet.be>
[added commit message from PR with changes, added tag to subject]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-11 00:50:02 +01:00
Felix Fietkau
ea49690ff4 hostapd: add support for specifying the FILS DHCP server
The 'fils_dhcp' option can be set to '*' in order to autodetect the DHCP server
For proto=dhcp networks, the discovered dhcp server will be used
For all other networks, udhcpc is called to discover the address

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-10 11:33:49 +01:00
Felix Fietkau
baba2fdaa6 netifd: on dhcp interfaces, store the dhcp server in interface data
Among other things, this can be used to auto-configure the DHCP server
address for wireless APs using FILS, if the bridged interface is
configured to DHCP

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-10 11:33:49 +01:00
Felix Fietkau
b7d9bced30 hostapd: add support for enabling FILS on AP and client interfaces
This is only supported with WPA-enterprise

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-10 11:33:49 +01:00
Felix Fietkau
5b66dfaf6c hostapd: enable FILS support in the full config and add build feature discovery
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-10 11:33:49 +01:00
Josef Schlehofer
362695acdf kernel: add kmod-video-gspca-sq930x
This module adds support for USB WebCams, which uses SQ930X chip [1].

[1] https://cateee.net/lkddb/web-lkddb/USB_GSPCA_SQ930X.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2021-12-05 18:49:14 +01:00
Josef Schlehofer
fcb82e42df kernel: btrfs: enable ACL
By default CONFIG_BTRFS_FS_POSIX_ACL is disabled, it should be enabled
only when you enable CONFIG_FS_POSIX_ACL.

Right now, when you enable CONFIG_FS_POSIX_ACL it will enable
CONFIG_BTRFS_FS_POSIX_ACL, but it will be disabled once you install
kmod-btrfs. This should prevent it.

Btrfs has enabled by default ACL for mount option.

More details:
https://cateee.net/lkddb/web-lkddb/BTRFS_FS_POSIX_ACL.html
https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5)

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
2021-12-05 18:49:14 +01:00
Hans Dedecker
eddb51392a nat46: update to latest git HEAD
d9bc161 nat46-core: Fix typo since day one (#31)
840e235 Fix coverity issues observed so far (#30)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-12-05 18:40:19 +01:00
Florian Eckert
dd681838d3 base-files: fix service_running check
The following command checks if a instance of a service is running.
/etc/init.d/<service> running <instance>

 In the variable `$@`, which is passed to the function
`service_running`, the first argument is always the `instance` which
should be checked. Because all other variables where removed from `$@`
with `shift`.

Before this change the first argument of `$@` was set to the `$service`
Variable. So the function does not work as expected. The `$service`
variable was always the instance which should be checked. This is not
what we want.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
2021-12-04 09:39:11 +09:00
Tan Zien
1add2c0d95 firmware: intel-microcode: update to 20210608
intel-microcode (3.20210608.2)

  * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and
    debian/changelog (3.20210608.1).

intel-microcode (3.20210608.1)

  * New upstream microcode datafile 20210608 (closes: #989615)
    * Implements mitigations for CVE-2020-24511 CVE-2020-24512
      (INTEL-SA-00464), information leakage through shared resources,
      and timing discrepancy sidechannels
    * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465),
      Domain-bypass transient execution vulnerability in some Intel Atom
      Processors, affects Intel SGX.
    * Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel
      VT-d privilege escalation
    * Fixes critical errata on several processors
    * New Microcodes:
      sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104
      sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648
      sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648
      sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568
      sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208
      sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328
      sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456
      sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456
      sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352
    * Updated Microcodes:
      sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816
      sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456
      sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472
      sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744
      sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816
      sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864
      sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720
      sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720
      sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648
      sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576
      sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576
      sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456
      sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408
      sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360
      sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472
      sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264
      sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752
      sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776
      sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592
      sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768
      sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400
      sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
      sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
      sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184
      sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208
      sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208
      sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208
      sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184
  * source: update symlinks to reflect id of the latest release, 20210608

intel-microcode (3.20210216.1)

  * New upstream microcode datafile 20210216
    * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
      and Cascade Lake Server (B0/B1) when using an active JTAG
      agent like In Target Probe (ITP), Direct Connect Interface
      (DCI) or a Baseboard Management Controller (BMC) to take the
      CPU JTAG/TAP out of reset and then returning it to reset.
    * This issue is related to the INTEL-SA-00381 mitigation.
    * Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
  * source: update symlinks to reflect id of the latest release, 20210216

intel-microcode (3.20201118.1)

  * New upstream microcode datafile 20201118
    * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake
      processors.  Note that Debian already had removed this specific falty
      microcode update on the 3.20201110.1 release
    * Add a microcode update for the Pentium Silver N/J5xxx and Celeron
      N/J4xxx which didn't make it to release 20201110, fixing security issues
      (INTEL-SA-00381, INTEL-SA-00389)
    * Updated Microcodes:
      sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
    * Removed Microcodes:
      sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520

intel-microcode (3.20201110.1)

  * New upstream microcode datafile 20201110 (closes: #974533)
    * Implements mitigation for CVE-2020-8696 and CVE-2020-8698,
      aka INTEL-SA-00381: AVX register information leakage;
      Fast-Forward store predictor information leakage
    * Implements mitigation for CVE-2020-8695, Intel SGX information
      disclosure via RAPL, aka INTEL-SA-00389
    * Fixes critical errata on several processor models
    * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320)
      for Skylake-U/Y, Skylake Xeon E3
    * New Microcodes
      sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648
      sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768
      sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
      sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184
      sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208
      sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184
      sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184
    * Updated Microcodes
      sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816
      sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472
      sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792
      sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840
      sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224
      sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224
      sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408
      sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360
      sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472
      sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776
      sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568
      sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448
      sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448
      sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448
      sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448
      sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424
      sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448
      sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424
      sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424
      sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208
  * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot
    https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
    INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED
    FOR 0x806c1 TIGER LAKE PROCESSORS by this package update.  Contact your
    system vendor for a firmware update, or wait fo a possible fix in a future
    Intel microcode release.
  * source: update symlinks to reflect id of the latest release, 20201110
  * source: ship new upstream documentation (security.md, releasenote.md)

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
[used different .tar.xz source, but with the same content]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-03 22:40:13 +01:00
Felix Fietkau
fc4398fe71 mt76: update to the latest version
71e08471ab56 mt76: eeprom: fix return code on corrected bit-flips
9a8fc6636d83 mt76: move sar_capa configuration in common code
7cdbea1dc82a mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr
678071ef7029 mt76: mt7615: clear mcu error interrupt status on mt7663

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-03 10:56:49 +01:00
TruongSinh Tran-Nguyen
febc2b831f
ipq40xx: add support for GL.iNet GL-B2200
This patch adds supports for the GL-B2200 router.

Specifications:
  - SOC: Qualcomm IPQ4019 ARM Quad-Core
  - RAM: 512 MiB
  - Flash: 16 MiB NOR - SPI0
  - EMMC: 8GB EMMC
  - ETH: Qualcomm QCA8075
  - WLAN1: Qualcomm Atheros QCA4019 2.4GHz 802.11b/g/n 2x2
  - WLAN2: Qualcomm Atheros QCA4019 5GHz 802.11n/ac W2 2x2
  - WLAN3: Qualcomm Atheros QCA9886 5GHz 802.11n/ac W2 2x2
  - INPUT: Reset, WPS
  - LED: Power, Internet
  - UART1: On board pin header near to LED (3.3V, TX, RX, GND), 3.3V without pin - 115200 8N1
  - UART2: On board with BLE module
  - SPI1: On board socket for Zigbee module

Update firmware instructions:
Please update the firmware via U-Boot web UI (by default at 192.168.1.1, following instructions found at
https://docs.gl-inet.com/en/3/troubleshooting/debrick/).
Normal sysupgrade, either via CLI or LuCI, is not possible from stock firmware.
Please do use the *gl-b2200-squashfs-emmc.img file, gunzipping the produced *gl-b2200-squashfs-emmc.img.gz one first.

What's working:
- WiFi 2G, 5G
- WPA2/WPA3

Not tested:
- Bluetooth LE/Zigbee

Credits goes to the original authors of this patch.

V1->V2:
- updates *arm-boot-add-dts-files.patch correctly (sorry, my mistake)
- add uboot-envtools support
V2->V3:
- Li Zhang updated official patch to fix wrong MAC address on wlan0 (PCI) interface
V3->V4:
- wire up sysupgrade

Signed-off-by: Li Zhang <li.zhang@gl-inet.com>
[fix tab and trailing space, document what's working and what's not]
Signed-off-by: TruongSinh Tran-Nguyen <i@truongsinh.pro>
[rebase on top of master, address remaining comments]
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
[remove redundant check in platform.sh]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-12-02 20:43:07 +00:00
Enrico Mioso
57c1f3f9c5
base-files: add eMMC sysupgrade support
Adds generic support for sysupgrading on eMMC-based devices.

Provide function emmc_do_upgrade and emmc_copy_config to be used in
/lib/upgrade/platform.sh instead of redundantly implementing the same
logic over and over again.
Similar to generic sysupgrade on NAND, use environment variables
CI_KERNPART, CI_ROOTPART and newly introduce CI_DATAPART to indicate
GPT partition names to be used. On devices with more than one MMC
block device, CI_ROOTDEV can be used to specify the MMC device for
partition name lookups.

Also allow to select block devices directly using EMMC_KERN_DEV,
EMMC_ROOT_DEV and EMMC_DATA_DEV, as using GPT partition names is not
always an option (e.g. when forced to use MBR).

To easily handle writing kernel and rootfs make use of sysupgrade.tar
format convention which is also already used for generic NAND support.

Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
CC: Li Zhang <li.zhang@gl-inet.com>
CC: TruongSinh Tran-Nguyen <i@truongsinh.pro>
2021-12-02 20:42:58 +00:00
Felix Fietkau
a1a71a7199 mac80211: fix tx aggregation locking issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-02 14:11:21 +01:00
Felix Fietkau
15d8c7aa74 mac80211: fix queue assignment of aggregation start requests
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-02 13:52:18 +01:00
Felix Fietkau
7e15390056 mt76: update to the latest version
a6451fea5a3d mt76: mt7615: improve wmm index allocation
1911486414dc mt76: mt7915: improve wmm index allocation
7998a41d1321 mt76: clear sta powersave flag after notifying driver
664475574438 mt76: mt7603: introduce SAR support
5c0da39c940b mt76: mt7915: introduce SAR support
77fc6c439a32 mt76: mt7603: improve reliability of tx powersave filtering
094b3d800835 firmware: update mt7663 rebb firmware to 20200904171623
25237b19bcc1 mt76: eeprom: tolerate corrected bit-flips
1463cb4c6ac2 mt76: mt7921: fix boolreturn.cocci warning
586bad6020f7 mt76: mt7921: use correct iftype data on 6GHz cap init
8ec95c910425 mt76: mt7921s: fix bus hang with wrong privilege
688e30c7d854 firmware: update mt7921 firmware to version 20211014
6fad970893dd mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi
95acf972750c mt76: fix 802.3 RX fail by hdr_trans
3f402b0cf6c0 mt76: mt7921s: fix possible kernel crash due to invalid Rx count
929a03a8d65d mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-02 12:44:34 +01:00
Christian Lamparter
25bc66eb40 ca-certificates: fix python3-cryptography woes in certdata2pem.py
This patch is a revert of the upstream patch to Debian's ca-certificate
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")

The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.

|Traceback (most recent call last):
|  File "certdata2pem.py", line 125, in <module>
|    cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1

...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
|  File "/certdata2pem.py", line 31, in <module>
|    from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'

More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."

Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-01 17:52:35 +01:00
Felix Fietkau
fbc9ce779f hostapd: make hostapd/supplicant/wpad packages depend on a specific version of hostapd-commoon
This avoids potential version mismatch between packages when upgraded
individually

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-01 16:39:12 +01:00
Felix Fietkau
b7ce8a8c17 qosify: remove bulk flow detection from default ports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-01 16:39:12 +01:00
Felix Fietkau
ac83015621 qosify: add besteffort class and switch all default classifications to class names
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-01 16:39:12 +01:00
Stijn Tintel
6832271ee7 nftables: bump to 1.0.1
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-01 00:39:36 +02:00
Stijn Tintel
7f7034d79f libnftnl: bump to 1.2.1
This version is required by nftables 1.0.1.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-01 00:39:26 +02:00
Christian Lamparter
7c99085bd6 ca-certicficates: Update to version 20211016
Update the ca-certificates and ca-bundle package from version 20210119 to
version 20211016.

Debian change-log entry [1]:
|[...]
|[ Julien Cristau ]
|* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
|    bundle to version 2.50
|    The following certificate authorities were added (+):
|    + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
|    + "GlobalSign Root R46"
|    + "GlobalSign Root E46"
|    + "GLOBALTRUST 2020"
|    + "ANF Secure Server Root CA"
|    + "Certum EC-384 CA"
|    + "Certum Trusted Root CA"
|    The following certificate authorities were removed (-):
|    - "QuoVadis Root CA"
|    - "Sonera Class 2 Root CA"
|    - "GeoTrust Primary Certification Authority - G2"
|    - "VeriSign Universal Root Certification Authority"
|    - "Chambers of Commerce Root - 2008"
|    - "Global Chambersign Root - 2008"
|    - "Trustis FPS Root CA"
|    - "Staat der Nederlanden Root CA - G3"
|  * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
|[...]

[1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-11-30 20:14:26 +01:00
Kevin Darbyshire-Bryant
7a48dfc90c nftables: install package file
Install pc file so dnsmasq can find libnftables

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-11-30 15:16:17 +00:00
Oldřich Jedlička
8d6a534cc1 mac80211: fixed missing cfg80211 dependency on kmod-rfkill
When compiling with CONFIG_USE_RFKILL=y, the build fails and mentions that
dependency on kmod-rfkill is missing, which is correct [1]. Add this
dependency to the Makefile.

Depend on +USE_RFKILL and not PACKAGE_kmod-rfkill, because it forces
selection of kmod-rfkill package. Other combinations in DEPENDS like
USE_RFKILL:kmod-rfkill or (+)PACKAGE_kmod-rfkill:kmod-rfkill do not force
selection of kmod-rfkill package.

The kmod-rfkill package itself depends on USE_RFKILL, so with +USE_RFKILL
in kmod-cfg80211 package it is not possible to select wrong combination of
packages.

[1] https://linux-wireless.vger.kernel.narkive.com/m8JY9Iks/cfg80211-depends-on-rfkill-or-not

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
2021-11-29 22:11:15 +01:00
Robert Marko
040c02497c ath10k-ct: Fix spectral scan NULL pointer
If spectral scan support is enabled then ath10k-ct will cause a NULL
pointer due to relay_open() being called with a const callback struct
which is only supported in kernel 5.11 and later.

So, simply check the kernel version and if 5.11 and newer use the const
callback struct, otherwise use the regular struct.

Fixes: 553a3ac ("ath10k-ct: use 5.15 version")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-11-29 21:48:03 +01:00
Hauke Mehrtens
889043a155 uboot-omap: Remove omap3_overo configuration
The configs/omap3_overo_defconfig file was removed from upstream U-Boot
in commit ed3294d6d1f9 ("arm: Remove overo board"). Remove it in OpenWrt
too. If someone needs this please add it also to upstream U-Boot.

This fixes the compile of the omap target.

Fixes: ffb807ec90 ("omap: update u-boot to 2021.07")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-28 22:26:27 +01:00
Felix Matouschek
1cc3b95efc ipq40xx: Add support for Teltonika RUTX10
This patch adds support for the Teltonika RUTX10.
This device is an industrial DIN-rail router with 4 ethernet ports,
2.4G/5G dualband WiFi, Bluetooth, a USB 2.0 port and two GPIOs.

The RUTX series devices are very similiar so common parts of the DTS
are kept in a DTSI file. They are based on the QCA AP-DK01.1-C1 dev
board.

See https://teltonika-networks.com/product/rutx10 for more info.

Hardware:
  SoC:                 Qualcomm IPQ4018
  RAM:                 256MB DDR3
  SPI Flash 1:         XTX XT25F128B (16MB, NOR)
  SPI Flash 2:         XTX XT26G02AWS (256MB, NAND)
  Ethernet:            Built-in IPQ4018 (SoC, QCA8075), 4x 10/100/1000 ports
  WiFi 1:              Qualcomm QCA4019 IEEE 802.11b/g/n
  Wifi 2:              Qualcomm QCA4019 IEEE 802.11a/n/ac
  USB Hub:             Genesys Logic GL852GT
  Bluetooth:           Qualcomm CSR8510 (A10U)
  LED/GPIO controller: STM32F030 with custom firmware
  Buttons:             Reset button
  Leds:                Power (green, cannot be controlled)
                       WiFi 2.4G activity (green)
                       WiFi 5G activity (green)

MACs Details verified with the stock firmware:
   eth0:             Partition 0:CONFIG Offset: 0x0
   eth1:             = eth0 + 1
   radio0 (2.4 GHz): = eth0 + 2
   radio1 (5.0 GHz): = eth0 + 3
Label MAC address is from eth0.

The LED/GPIO controller needs a separate kernel driver to function.
The driver was extracted from the Teltonika GPL sources and can be
found at following feed: https://github.com/0xFelix/teltonika-rutx-openwrt

USB detection of the bluetooth interface is sometimes a bit flaky. When
not detected power cycle the device. When the bluetooth interface was
detected properly it can be used with bluez / bluetoothctl.

Flash instructions via stock web interface (sysupgrade based):
  1. Set PC to fixed ip address 192.168.1.100
  2. Push reset button and power on the device
  3. Open u-boot HTTP recovery at http://192.168.1.1
  4. Upload latest stock firmware and wait until the device is rebooted
  5. Open stock web interface at http://192.168.1.1
  6. Set some password so the web interface is happy
  7. Go to firmware upgrade settings
  8. Choose
     openwrt-ipq40xx-generic-teltonika_rutx10-squashfs-nand-factory.ubi
  9. Set 'Keep settings' to off
  10. Click update, when warned that it is not a signed image proceed

Return to stock firmware:
  1. Set PC to fixed ip address 192.168.1.100
  2. Push reset button and power on the device
  3. Open u-boot HTTP recovery at http://192.168.1.1
  4. Upload latest stock firmware and wait until the device is rebooted

Note: The DTS expects OpenWrt to be running from the second rootfs
partition. u-boot on these devices hot-patches the DTS so running from the
first rootfs partition should also be possible. If you want to be save follow
the instructions above. u-boot HTTP recovery restores the device so that when
flashing OpenWrt from stock firmware it is flashed to the second rootfs
partition and the DTS matches.

Signed-off-by: Felix Matouschek <felix@matouschek.org>
2021-11-28 18:39:01 +01:00
Matthew Hagan
529eac5371 kernel: add back kmod-leds-tlc591xx
Add back support for the TLC591xx series LEDs which are used in the
ipq806x-based Meraki Cryptid series devices.

This module previously existed for the mvebu platform but was removed
at commit f849c2c832 due to being enabled
in that platform's kernel config.

Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
2021-11-28 17:41:18 +01:00
Robert Marko
3ad229db0b ipq40xx: add support for MikroTik hAP ac3
This adds support for the MikroTik RouterBOARD RBD53iG-5HacD2HnD
(hAP ac³), a  indoor dual band, dual-radio 802.11ac
wireless AP with external omnidirectional antennae, USB port, five
10/100/1000 Mbps Ethernet ports and PoE passthrough.

See https://mikrotik.com/product/hap_ac3 for more info.

Specifications:
 - SoC: Qualcomm Atheros IPQ4019
 - RAM: 256 MB
 - Storage: 16 MB NOR + 128 MB NAND
 - Wireless:
   · Built-in IPQ4019 (SoC) 802.11b/g/n 2x2:2, 3 dBi antennae
   · Built-in IPQ4019 (SoC) 802.11a/n/ac 2x2:2, 5.5 dBi antennae
 - Ethernet: Built-in IPQ4019 (SoC, QCA8075) , 5x 1000/100/10 port,
             passive PoE in, PoE passtrough on port 5
- 1x USB Type A port

Installation:
1. Boot the initramfs image via TFTP
2. Run "cat /proc/mtd" and look for "ubi" partition mtd device number, ex. "mtd1"
3. Use ubiformat to remove MikroTik specific UBI volumes
* Detach the UBI partition by running: "ubidetach -d 0"
* Format the partition by running: "ubiformat /dev/mtdN -y"
Replace mtdN with the correct mtd index from step 2.
3. Flash the sysupgrade image using "sysupgrade -n"

Signed-off-by: Robert Marko <robimarko@gmail.com>
Tested-by: Mark Birss <markbirss@gmail.com>
Tested-by: Michael Büchler <michael.buechler@posteo.net>
Tested-by: Alex Tomkins <tomkins@darkzone.net>
2021-11-28 17:19:52 +01:00
Robert Marko
f2c4064ecb base-files: dont always create kernel UBI volume
Currently nand_upgrade_tar() will pass the kernel length
to nand_upgrade_prepare_ubi() in all cases except for when
the kernel is to be installed in a separate partition as a
binary with the MTD tool.

While this is fine for almost all cases newer MikroTik NAND
devices like hAP ac3 require the kernel to be installed as a
UBIFS packed UBI volume in its own partition.

So, since we have a custom recipe to use ubiformat to flash
the kernel in its partition it makes no sense for sysupgrade
to also install the kernel as a UBI volume in the "ubi"
partition as it only wastes space and will never be used.

So, simply check whether CI_KERNPART is set to "none" and
if so unset the "has_kernel" variable which will in turn
prevent the kernel length from being passed on and then
the kernel UBI volume wont be created for no usefull purpose.

The ath79 MikroTik NAND target has been setting CI_KERNPART
to "none" for a while now altough that was not preventing
the kernel to be installed as UBI volume as well.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-11-28 17:17:22 +01:00
Hannu Nyman
26a7a385bb ath10k-ct: update version to fix DFS for VHT160
Update ath10k-ct to get the upstream fix for
DFS support for VHT160 in the 5.15 based ath10k-ct.
(Switch from 5.10 to 5.15 surfaced the upstream regression.)

* refresh one patch

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2021-11-28 13:57:41 +01:00
Christian Lamparter
49d400191d ath10k: support nvmem-cells for (pre-)calibration
refreshes mac80211 + ath10k-ct patches.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-11-28 01:13:08 +01:00
Mathias Kresin
b7befd8d81 uboot-lantiq: danube: fix hanging lzma kernel uncompression #2
Follow up to commit 565b62cca2. Managed to
hit the very same issue again while playing with the NOR SPL builds.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-11-27 21:49:10 +01:00
Andre Heider
1404ed25b8 uboot-mvebu: update to v2021.10
Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-11-27 19:39:17 +01:00
Andre Heider
50f65a9c46 arm-trusted-firmware-mvebu: bump mv-ddr-marvell to current version
efcad0e Merge pull request #33 from Semihalf/cn913x_cex7_eval
91bed2c cn913x: Add cn913x_cex7_eval config
55139f6 Merge pull request #32 from pali/master
e5573cc ARM: mvebu: a38x: Correct mismatched bound warnings
d83c38b a3700: Remove duplicate check for DDR_TYPE
c0c6bf7 a3700: Put temporary a3700_ddr_type file into $(OBJ_DIR)

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-11-27 19:36:36 +01:00
Andre Heider
b18e87cc39 arm-trusted-firmware-mvebu: bump a3700-utils to current version
With cryptocpp in place we can now update past the point of dropping
the old tbb_linux binary and build it instead.

Hauke confirmed that this also allows this firmware to be built on
aarch64.

97f01f5 Wtpdownloader: Properly retrieve current tty options
a33ff86 Wtpdownloader: Set CREAD tty cflag
af461d2 Wtpdownloader: Fix stuck during opening UART tty device
38c2135 Makefile: Print error when specified CLOCKSPRESET is not valid
f014428 TBB: Remove out-of-dated x86-64 ELF binary tbb_linux
1b6cb50 TBB: Fix compilation with Crypto++ 5.6.5
d9fb291 TBB: Fix memory corruptions by calling correct delete[] operator
d575885 TBB: Fix initializing CCTIM object
b9e1c4e Wtpdownloader: Fix makefile
8f61591 Wtpdownloader: Fix building with gcc 11
eabea5f TBB: Fix building with gcc 11

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-11-27 19:36:36 +01:00
Josef Schlehofer
8d9f462731 arm-trusted-firmware-mvebu: add cryptopp
Based on the Build Instructions for Trusted-Firmware-A [1],
there is a required cryptopp [2].

In the past, it used 'tbb_linux' image tool binary, which seems to
be buggy, deprecated and removed from A3700-utils-marvell and it should
not be used anymore. That's why I removed 001-imagetool.patch, which is
no longer necessary.

[1] https://trustedfirmware-a.readthedocs.io/en/v2.5/plat/marvell/armada/build.html
[2] https://cryptopp.com/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2021-11-27 19:36:36 +01:00
Kerma Gérald
35b0dc36a3 arm-trusted-firmware-mvebu: fix commit ids to for mv-ddr-marvell
without this patch a3700-utils/tim/ddr/ddr_tool.verstr contains the OpenWrt commit ID.
this patch fix the mv_ddr version commit ID by using the global variable MV_DDR_COMMIT_ID.

Upon boot it now prints "mv_ddr-devel-g02e23dbc-d DDR4 16b 1GB 1CS".

Cc: Andre Heider <a.heider@gmail.com>
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
2021-11-27 19:36:36 +01:00
Ansuel Smith
553a3ac221 ath10k-ct: use 5.15 version
We switched to mac80211 5.15 backport version.
Also switch ath10k-ct to 5.15 and drop the mac address patch
that got merged upstream.
Compile and tested on ipq806x Netgear R7800.
Also update the ath10k-ct to latest version to fix a typo
for the new version in the kernel log.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2021-11-27 01:11:05 +01:00
Felix Fietkau
b92a9f607b mac80211: fix a regression in generating radiotap headers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-26 08:42:37 +01:00
Felix Fietkau
68189835ac mac80211: backport fix for dealing with stripped IV on rx
This fixes potental rx drop issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-26 08:42:36 +01:00
David Bauer
3ba9846842 hostapd: add beacon_interval to get_status ubus output
Add the beacon interval to hostapd status output. This allows external
services to discover the beacon interval for a specific VAP.

This way, external wireless management daemons can correctly calculate
fields containing TBTT value from absolute time-values.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-11-25 02:41:42 +01:00
Felix Fietkau
f84053af5c hostapd: add a patch that allows processing auth requests for peers in blocked state
If authentication fails repeatedly e.g. because of a weak signal, the link
can end up in blocked state. If one of the nodes tries to establish a link
again before it is unblocked on the other side, it will block the link to
that other side. The same happens on the other side when it unblocks the
link. In that scenario, the link never recovers on its own.

To fix this, allow restarting authentication even if the link is in blocked
state, but don't initiate the attempt until the blocked period is over.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-24 18:26:47 +01:00
Felix Fietkau
d439c7d85a mac80211: add a fix for kernel warnings when forwarding packets in mesh mode
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-24 15:39:34 +01:00
Felix Fietkau
ddd977fcc5 mac80211: fix regression in SSN handling of addba tx
Some drivers that do their own sequence number allocation (e.g. ath9k, mwlwifi) rely
on being able to modify params->ssn on starting tx ampdu sessions.
This was broken by a change that modified it to use sta->tid_seq[tid] instead.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-24 15:39:34 +01:00
Mark Mentovai
398cbb76fa
hostapd: allow hostapd under ujail to communicate with hostapd_cli
When procd-ujail is available, 1f78538387 runs hostapd as user
"network", with only limited additional capabilities (CAP_NET_ADMIN and
CAP_NET_RAW).

hostapd_cli (CONFIG_PACKAGE_hostapd-utils) communicates with hostapd
over a named UNIX-domain socket. hostapd_cli is responsible for creating
this socket at /tmp/wpa_ctrl_$pid_$counter. Since it typically runs as
root, this endpoint is normally created with uid root, gid root, mode
0755. As a result, hostapd running as uid network is able to receive
control messages sent through this interface, but is not able to respond
to them. If debug-level logging is enabled (CONFIG_WPA_MSG_MIN_PRIORITY
<= 2 at build, and log_level <= 2 in /etc/config/wireless wifi-device),
this message will appear from hostapd:

CTRL: sendto failed: Permission denied

As a fix, hostapd_cli should create the socket node in the filesystem
with uid network, gid network, mode 0770. This borrows the presently
Android-only strategy already in hostapd intended to solve the same
problem on Android.

If procd-ujail is not available and hostapd falls back to running as
root, it will still be able to read from and write to the socket even if
the node in the filesystem has been restricted to the network user and
group. This matches the logic in
package/network/services/hostapd/files/wpad.init, which sets the uid and
gid of /var/run/hostapd to network regardless of whether procd-ujail is
available.

As it appears that the "network" user and group are statically allocated
uid 101 and gid 101, respectively, per
package/base-files/files/etc/passwd and USERID in
package/network/services/hostapd/Makefile, this patch also uses a
constant 101 for the uid and gid.

Signed-off-by: Mark Mentovai <mark@moxienet.com>
[refreshed patch]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-23 18:53:31 +00:00
Felix Fietkau
5aa62cb799 mt76: update to the latest version
f0a5b1118fa4 mt76: mt7915: fix decap offload corner case with 4-addr VLAN frames
67f93aa9a207 mt76: mt7615: fix decap offload corner case with 4-addr VLAN frames
46261d4bbfb5 mt76: fix possible pktid leak
a7fdd272efee mt76: mt7921: move mt76_connac_mcu_set_hif_suspend to bus-related files
3d9e13f567a4 mt76: mt7921s: fix the device cannot sleep deeply in suspend
99225b985cbc mt76: mt7615: fix unused tx antenna mask in testmode

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-23 16:59:54 +01:00
Felix Fietkau
d1ea575baa mac80211: fix crash in drivers relying on mac80211 retransmitting packets for powersave clients
This showed up primarily on rt2x00

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-23 16:49:37 +01:00
Oldřich Jedlička
1818157daa dnsmasq: fix ismounted check
Fix the return value, shell return codes should be 0 to indicate success
(i.e. mount point found), 1 should be failure (i.e. mount point not-found).

Fixes: ac4e8aa ("dnsmasq: fix more dnsmasq jail issues")
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
2021-11-23 14:57:52 +00:00
Jo-Philipp Wich
50bc06e774 procd: setup /dev/stdin, /dev/stdout and /dev/stderr symlinks
Extend the hotplug.json ruleset to setup the common /dev/std{in,out,err}
symbolic links which are needed by some applications, e.g. nftables when
applying rulesets from stdin.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-11-23 14:03:39 +00:00
Daniel Golle
507f50df07
procd: update to git HEAD
8de12de system: add diskfree infos to ubus
 bf3fe0e service: move jail parsing to end of instance parser
 87b5836 procd: add full service shutdown prior to sysupgrade
 01ac2c4 procd: service_stop_all: also kill inittab actions

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-23 14:03:23 +00:00
Felix Fietkau
7a496e4b4b qosify: update to the latest version
06872673c10f map: allow referring to a class index directly in tcp/udp default entries

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-22 17:23:15 +01:00
Felix Fietkau
3a1597c7bd qosify: install hotplug handler into /etc/hotplug.d/iface as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-22 17:23:15 +01:00
Felix Fietkau
24bb494b6c mt76: update to the latest version
5dd32475c859 mt76: mt7915: get rid of mt7915_mcu_set_fixed_rate routine
f5cfaaff3dd1 mt76: mt7921: drop offload_flags overwritten
f5ad840ca5c0 mt76: mt7615: fix possible deadlock while mt7615_register_ext_phy()
29a8a08827b1 mt76: mt7921: fix MT7921E reset failure
f44685f2faee mt76: mt7915: fix return condition in mt7915_tm_reg_backup_restore()
ae8e02ddd2b0 mt76: mt7915: fix SMPS operation fail
e814e15716b0 mt76: reverse the first fragmented frame to 802.11
c9bca3ed9566 mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode
dd054b7e16e7 mt76: only set rx radiotap flag from within decoder functions
f1520c9bb332 mt76: mt7915: add default calibrated data support
0c489ea2865a mt76: testmode: add support to set MAC
91c5da3d0a7c mt76: mt7921: add support for PCIe ID 0x0608/0x0616
ca39b4bbc227 mt76: debugfs: fix queue reporting for mt76-usb
00b6f497e2e8 mt76: mt7921: introduce 160 MHz channel bandwidth support
c1574466c733 mt76: fix possible OOB issue in mt76_calculate_default_rate
9680a17b0aed mt76: mt7921: fix possible NULL pointer dereference in mt7921_mac_write_txwi
78fc0dcdcef0 mt76: connac: fix a theoretical NULL pointer dereference in mt76_connac_get_phy_mode
05953e7d6fe7 mt76: mt7615: remove dead code in get_omac_idx
39f6c37127c1 mt76: connac: remove PHY_MODE_AX_6G configuration in mt76_connac_get_phy_mode
526591b203f3 mt76: do not pass the received frame with decryption error
256789bb400f mt76: fix the wiphy's available antennas to the correct value
fa187f5cf068 mt76: fix timestamp check in tx_status
11ebf11a3587 mt76: mt7915: fix the wrong SMPS mode
8c69b815ee7f mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in mt7921_config
bc6798f729f9 mt76: move sar utilities to mt76-core module
b1d0ad2e74fe mt76: mt76x02: introduce SAR support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-22 16:08:09 +01:00
Felix Fietkau
e2c4998f6d mac80211: set beamformer/beamformee number of antennas in VHT caps
Without this, beamforming is probably not working

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-22 13:04:34 +01:00
Daniel Golle
8f45849876
uqmi: update to git HEAD
20cd907 uqmi: use unmodified upstream JSON files
 b2c53dc command-nas: fix out-of-bounds read

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-22 01:30:03 +00:00
Felix Fietkau
e9610794fd qosify: add support for configuring overhead
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-21 13:47:18 +01:00
Felix Fietkau
9962585f2d qosify: update to the latest version
2743e58741b3 bpf: work around a verifier issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-21 13:47:18 +01:00
Hans Dedecker
9b29c14b0e ethtool: update to version 5.15
cef54c4 Release version 5.15.
23beb39 update UAPI header copies
fd7db64 netlink: settings: Correct duplicate condition
88892ec Merge branch 'review/module-fixes-2-v2'
79cb4ab sff-8636: Remove extra blank lines
128e97c sff-8636: Convert if statement to switch-case
7ff603b sff-8636: Fix incorrect function name
86e9784 sff-8636: Remove incorrect comment
001aecd cmis: Correct comment
1bad83c cmis: Fix wrong define name
2c2fa88 cmis: Fix CLEI code parsing
d007b49 Merge branch 'review/module-fixes' into master
a7431bc netlink: eeprom: Fix compilation when pretty dump is disabled
d02409c ethtool: Fix compilation warning when pretty dump is disabled
2ddb1a1 netlink: eeprom: Fallback to IOCTL when a complete hex/raw dump is requested
7e153a7 cmis: Fix invalid memory access in IOCTL path
769a50e sff-8636: Fix parsing of Page 03h in IOCTL path

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-11-21 12:52:39 +01:00
Daniel Golle
c1ab687349
fstools: update to git HEAD
77c0288 fstools: fix a couple of minor code problems

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-20 21:09:59 +00:00
Daniel Danzberger
0e96e06867 nftables: install libnftables to staging dir
Makes libnftables library and headers available for other packages.

Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
2021-11-20 21:08:25 +01:00