Commit Graph

57011 Commits

Author SHA1 Message Date
Michael Trinidad
65f8089b7a kirkwood: fix Linksys upgrade, restore config step
It appears that the refactor of the upgrade process for NAND devices
resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.

This restores the preservation of configs for kirkwood devices using the
linksys.sh script.

Fixes: e25e6d8e54 ("base-files: fix and clean up nand sysupgrade code")
Fixes: #12298
Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
2023-04-11 12:21:15 +02:00
Paul Spooren
9cbc83726e bcm53xx: switch to Kernel 5.15 by default
Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Tested-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-10 23:13:12 +02:00
Paul Spooren
d10503060b bcm4908: switch to Kernel 5.15 by default
Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[rmilecki: tested on GT-AC5300: boot, sysupgrade & 940 Mbps NAT]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-10 21:21:03 +02:00
Arturas Moskvinas
21d02e598a uboot-sunxi: update support for FriendlyARM ZeroPI
Since commit torvalds/linux@bbc4d71 ("net: phy: realtek: fix rtl8211e rx/tx
delay config") network is broken on the FriendlyELEC(ARM) ZeroPi.

Replaces custom patches with upstream uboot patch:
2527b24f39

Signed-off-by: Arturas Moskvinas <arturas.moskvinas@gmail.com>
2023-04-10 13:50:58 +02:00
Hauke Mehrtens
d679b15d31 mbedtls: Update to version 2.28.3
This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3

The 100-fix-compile.patch patch was merged upstream, see:
https://github.com/Mbed-TLS/mbedtls/issues/6243
https://github.com/Mbed-TLS/mbedtls/pull/7013

The code style of all files in mbedtls 2.28.3 was changed. I took a new
version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this
pull request: https://github.com/Mbed-TLS/mbedtls/pull/6475

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-10 13:36:26 +02:00
Álvaro Fernández Rojas
457549665f bmips: dts: add missing phy modes
PHY modes should be defined in the device tree for the bcm63xx internal switch.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:06:22 +02:00
Álvaro Fernández Rojas
2c824b4615 bmips: remove source-only flag
bmips target is now more stable and it's time to start generating buildbot
images in order to receive a wider testing, which will be essential to replace
bcm63xx target in the future.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Álvaro Fernández Rojas
6fd8e0f943 bmips: add subtargets for each SoC
BMIPS is a generic arch that can be used for multiple Broadcom SoCs, each one
with its own specific drivers, so instead of having a huge kernel supporting
all of them, let's switch to a subtarget per SoC like other OpenWrt targets.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Álvaro Fernández Rojas
e76556d967 bmips: b43-sprom: fix build when SSB/BCMA disabled
Fix build of B43 SPROM fallback when SSB or BCMA are disabled.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Álvaro Fernández Rojas
95b846fbc0 bmips: allow disabling mdio-mux-bcm6368
This controller is only present on SoCs with B53 MMAP switch.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Álvaro Fernández Rojas
f5adc5bafb kernel: disable CONFIG_HW_RANDOM_BCM2835
This HW RNG is present on some Broadcom 63XX SoCs, but not all of them.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Petr Štetiar
57392d6377 kernel: crypto: fix missing dependecies for CRYPTO_USER_API_ENABLE_OBSOLETE
CRYPTO_USER_API_ENABLE_OBSOLETE config symbol depends on CRYPTO_USER so
lets add this dependency to relevant modules.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-04-10 07:36:33 +02:00
Petr Štetiar
8a554a2878 kernel: crypto: fix architecture specific modules
While tracking one bug report related to wrong package dependencies I've
noticed, that a bunch of the crypto modules are actually not
architecture specific, but either board/subtarget (x86/64) or board
(mpc85xx) specific.

So lets fix it, by making those modules architecture specific:

 x86/64  -> x86_64
 mpc85xx -> powerpc

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-04-10 07:36:33 +02:00
John Audia
32f134fbdf kernel: bump 5.15 to 5.15.106
Removed upstreamed:
        generic/735-net-ethernet-mtk_eth_soc-fix-flow_offload-related-re.patch[1]
        pending-5.15/350-mips-bmips-BCM6358-disable-RAC-flush-for-TP1.patch[2]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.106&id=76f09582a191dcf11118fd4bdbf50f538c90fa8d

2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/arch/mips/bmips?h=v5.15.106&id=65b723644294f1d79770704162c0e8d1f700b6f1

Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod, ipq806x/R7800
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod, ipq806x/R7800

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-04-09 14:48:34 +02:00
Álvaro Fernández Rojas
8bee6a9f1d bmips: switch to LED kernel modules
Disable LED controllers from kernel config and switch to per device kernel
modules.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:52:32 +02:00
Álvaro Fernández Rojas
6e081e1778 bmips: add LED kernel modules
Add BCM6328 and BCM6358 LED kernel modules.
This allows selecting the LED controllers only for those devices using them.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:34:05 +02:00
Álvaro Fernández Rojas
aefeb34223 bmips: add support for Sercomm SHG2500
Sercomm SHG2500 is a BCM63168 with 128M of RAM, 256M of NAND, an external
BCM53124S switch for the LAN ports and internal/external Broadcom wifi.
LEDs are connected to an external MSP430G2513 MCU controlled via SPI.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:33:13 +02:00
Álvaro Fernández Rojas
d11a7c4d95 bmips: use sercomm-pid script
Make use of sercomm-pid script for generating the Sercomm PID, which avoids
having to add an array of hex bytes for every new Sercomm device.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:21:58 +02:00
Álvaro Fernández Rojas
d309160d30 bmips: image: rename SERCOMM_VERSION to SERCOMM_FSVER
SERCOMM_VERSION is ambiguous and it should be more clear that it refers to the
version used for the filesystem.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:06:26 +02:00
Álvaro Fernández Rojas
0cdc257b8d scripts: sercomm-pid: add bmips support
Apparently, Sercomm sets 2 padding bytes instead of 1 (ramips).
The HW version is a bit different than the one used for ramips.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:01:03 +02:00
Álvaro Fernández Rojas
8758438c27 ramips: sercomm-payload: use pide-file argument
Instead of passing an array of hex bytes for the Sercomm PID we can now use
the --pid-file parameter.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 09:59:21 +02:00
Álvaro Fernández Rojas
8382c5662e scripts: sercomm-payload: add PID file support
Allow passing Sercomm PID from file.
Until now, Sercomm PID could only be passed as an array of hex bytes.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 09:55:57 +02:00
Nick Hainke
0c53801968 libcap: update to 2.68
Release Notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.vdh3d47czmle

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-08 15:52:56 +02:00
Nick Hainke
48f5a98d50 tools/mtools: update to 4.0.43
Release Notes:
https://lists.gnu.org/archive/html/info-gnu/2023-03/msg00006.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-08 15:51:32 +02:00
John Audia
78a468f690 kernel: bump 5.10 to 5.10.177
All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-04-08 15:32:01 +02:00
Joe Mullally
2122c80b32 ramips: lower re305-v3 spi-max-frequency
Fix flash I/O instability observed in newer devices with cFeon
QH64A-104HIP (detected as en25qh64).

Ref: https://forum.openwrt.org/t/support-for-tp-link-re305-v3/75893/91

Reported-by: Dimitri Souza <dimitri.souza@gmail.com>
Tested-by: Dimitri Souza <dimitri.souza@gmail.com>
Signed-off-by: Joe Mullally <jwmullally@gmail.com>
[alter commit-message - target master]
Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
827a40502f mpc85xx: refresh patches
Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
765f66810a mpc85xx: add support for Enterasys WS-AP3715i
Hardware
--------

SoC:   NXP P1010 (1x e500 @ 800MHz)
RAM:   256M DDR3 (2x Samsung K4B1G1646G-BCH9)
FLASH: 32M NOR (Spansion S25FL256S)
BTN:   1x Reset
WiFi:  1x Atheros AR9590 2.4 bgn 3x3
       2x Atheros AR9590 5.0 an 3x3
ETH:   2x Gigabit Ethernet (Atheros AR8033 / AR8035)
UART:  115200 8N1 (RJ-45 Cisco)

Installation
------------
1. Grab the OpenWrt initramfs, rename it to ap3715.bin. Place it in
   the root directory of a TFTP server and serve it at
   192.168.1.66/24.

2. Connect to the serial port and boot the AP. Stop autoboot in U-Boot
   by pressing Enter when prompted. Credentials are identical to the one
   in the APs interface. By default it is admin / new2day.

3. Alter the bootcmd in U-Boot:

 $ setenv ramboot_openwrt "setenv ipaddr 192.168.1.1;
   setenv serverip 192.168.1.66; tftpboot 0x2000000 ap3715.bin; bootm"

 $ setenv boot_openwrt "sf probe 0; sf read 0x2000000 0x140000 0x1000000;
   bootm 0x2000000"

 $ setenv bootcmd "run boot_openwrt"

 $ saveenv

4. Boot the initramfs image

 $ run ramboot_openwrt

5. Transfer the OpenWrt sysupgrade image to the AP using SCP. Install
   using sysupgrade.

 $ sysupgrade -n <path-to-sysupgrade.bin>

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
f058dad1b6 mpc85xx: don't compress kernel image for WS-AP3825i
The kernel is already compressed with XZ by the bootwrapper, thus we
gain nothing by compressing it a second time.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
1d4d21481f mpc85xx: reserve upper 1MB of RAM for WS-AP3825i
The bootpage for the second core is placed by U-Boot in the upper 128k
of syste-memory.

This could either be a reserved-area or deducted from the total
system-memory. As only the latter is parsed by the bootwrapper, reduce
the available system memory for linux in order to preserve the bootpage
from being overwritten.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
e3f31ff20d mpc85xx: backport bootwrapper patch to kernel 5.10
Kernel 5.10 builds currently fail because the patch for using the
simpleImage bootwrapper were not added to 5.10.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
51046da7be mpc85xx: add properties normally added by U-Boot
This adds properties to PCIe as well as ethernet nodes which are
normally added by the Extreme Networks U-Boot.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
16e1bf509c mpc85xx: fix incorrect CPU node / properties
This adds properties normally filled by U-Boot. Also it fixes the node
name, which is incorrectly referring to a P1010 core.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
3d43d68333 mpc85xx: add localbus frequency for WS-AP3825i
This is normally filled by U-Boot.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
e81709af13 mpc85xx: add linux,stdout-path for WS-AP3825i
This is normally filled by U-Boot. Prevents double-printing of early
console messages. Also enables debug-output by the zImage wrapper.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
076da59f17 ramips: define remapping-range for DAP-X1860
Prevent the BBT translation layer from remapping the UBI used for
storing rootfs.

Explicitly define the number of blocks reserved for remapping.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
Paul Spooren
c8934099bf octeon: switch to Kernel 5.15 by default
Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2023-04-08 00:47:12 +02:00
Paul Spooren
596059266a kirkwood: switch to Kernel 5.15 by default
Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2023-04-08 00:43:25 +02:00
Paul Spooren
16565bc1ce tegra: switch to Kernel 5.15 by default
Getting ready for the next release.

Acked-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2023-04-08 00:30:22 +02:00
Eneas U de Queiroz
c3cb2d48da
openssl: fix CVE-2023-464 and CVE-2023-465
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:

- Excessive Resource Usage Verifying X.509 Policy Constraints
  (CVE-2023-0464)
  Severity: Low
  A security vulnerability has been identified in all supported versions
  of OpenSSL related to the verification of X.509 certificate chains
  that include policy constraints.  Attackers may be able to exploit
  this vulnerability by creating a malicious certificate chain that
  triggers exponential use of computational resources, leading to a
  denial-of-service (DoS) attack on affected systems.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

- Invalid certificate policies in leaf certificates are silently ignored
  (CVE-2023-0465)
  Severity: Low
  Applications that use a non-default option when verifying certificates
  may be vulnerable to an attack from a malicious CA to circumvent
  certain checks.
  Invalid certificate policies in leaf certificates are silently ignored
  by OpenSSL and other certificate policy checks are skipped for that
  certificate.  A malicious CA could use this to deliberately assert
  invalid certificate policies in order to circumvent policy checking on
  the certificate altogether.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466.  It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.

Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-07 11:26:26 +02:00
Raylynn Knight
036372c769
realtek: Fix typo for EnGenius EWS2910P
Fix mis-typed DEVICE-MODEL in mk file for EnGenius EWS2910P.

Signed-off-by: Raylynn Knight <rayknight@me.com>
[ fix wrong SoB format and improve commit title/description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-07 11:22:37 +02:00
Nick Hainke
aab736aafa
tools/zstd: update to 1.5.5
Release Notes:
https://github.com/facebook/zstd/releases/tag/v1.5.5

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-07 11:18:54 +02:00
Robert Marko
3188480092
mac80211: ath11k: Fix invalid mgmt rx frame length issue
FW 2.9 uses multiple TLV-s for the RX mgmt even which driver currently does
not support, so import a pending upstream patch to fix that [1].

[1] https://patchwork.kernel.org/project/linux-wireless/patch/20230320133840.30162-1-quic_nmaran@quicinc.com/

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-04-07 11:11:44 +02:00
Robert Marko
c1f39adaf9
ath11k-firmware: update to WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1
Current WLAN.HK.2.5.0.1 FW is quite old and buggy, but we had to hold off
from updating to 2.6.0.1 and 2.7.0.1 as they had compatibility regressions,
but now QCA finally released 2.9.0.1 FW which is working on all of the
boards.

So finally update IPQ8074 and QCN9074 FW to the latest
WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1 firmware.

In order to do so, we have to switch to using QCA-s QUIC repo instead of
Kalle-s.
QCA-s QUIC repo does not have BDF-s so we have to get the QCN9074 BDF from
Kalles repo.

Tested-by: Mireia Fernández Casals <meirin.f@gmail.com> # Xiaomi AX3600
Tested-by: Francisco G Luna <frangonlun@gmail.com> #Netgear WAX218
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-04-07 11:11:43 +02:00
Rafał Miłecki
9a62b3977f kernel: backport NVMEM patch for U-Boot env data "ethaddr" cell
Adjust our local code to avoid breakage.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-06 12:21:29 +02:00
Rafał Miłecki
323072f3a6 kernel: backport NVMEM patches queued for the v6.4
They add NVMEM layouts support. It allows handling NVMEM content
independently of NVMEM device access.

Skip U-Boot env data patch for now as it break our downstream MAC hacks.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-06 12:13:22 +02:00
Rafał Miłecki
b67ba02fc8 kernel: backport mtd fixes for nvmem
They are needed for NVMEM changes pending for v6.4.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-06 07:26:11 +02:00
Rafał Miłecki
3b212db232 kernel: backport of_request_module()
It's needed by NVMEM changes queued for 6.4.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-06 06:27:02 +02:00
Daniel Golle
e92b153e99 mediatek: introduce KERNEL_LOADADDR to Device/Default template
We need to reset KERNEL_LOADADDR if we use it on a per-device base.
Otherwise the previous value will be kept in case a device doesn't
define KERNEL_LOADADDR and relies on the default.

Move initializing KERNEL_LOADADDR to target/linux/mediatek/image/Makefile,
similar to how it's done also on the ramips target.

This fixes image size related breakage on devices which rely on the
default value of KERNEL_LOADADDR.

While at it use 0x48000000 which is more common than the previous default
0x44000000 for the filogic subtarget.

Fixed: e7c399bee6 ("filogic: add support for ASUS TUF-AX4200")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-05 17:12:55 +01:00
Eneas U de Queiroz
0dc5fc8fa5
openssl: add legacy provider
This adapts the engine build infrastructure to allow building providers,
and packages the legacy provider.  Providers are the successors of
engines, which have been deprecated.

The legacy provider supplies OpenSSL implementations of algorithms that
have been deemed legacy, including DES, IDEA, MDC2, SEED, and Whirlpool.

Even though these algorithms are implemented in a separate package,
their removal makes the regular library smaller by 3%, so the build
options will remain to allow lean custom builds.  Their defaults will
change to 'y' if not bulding for a small flash, so that the regular
legacy package will contain a complete set of algorithms.

The engine build and configuration structure was changed to accomodate
providers, and adapt to the new style of openssl.cnf in version 3.0.

There is not a clean upgrade path for the /etc/ssl/openssl.cnf file,
installed by the openssl-conf package.  It is recommended to rename or
remove the old config file when flashing an image with the updated
openssl-conf package, then apply the changes manually.

An old openssl.cnf file will silently work, but new engine or provider
packages will not be enabled.  Any remaining engine config files under
/etc/ssl/engines.cnf.d can be removed.

On the build side, the include file used by engine packages was renamed
to openssl-module.mk, so the engine packages in other feeds need to
adapt.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-05 08:24:49 -03:00