Commit Graph

20069 Commits

Author SHA1 Message Date
Hauke Mehrtens
2a104365dc netifd: update to the latest version
ed65a00 netifd: bridge: Fix format string position
19372d8 netifd: Fix multiple -Wsign-compare warnings
8ebf033 netifd: Do not return values in void function
c77417a netifd: Explicitly zero initialize variables
463a120 netifd: Activate -Wextra compile warnings

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-02-25 19:57:47 +01:00
Hauke Mehrtens
32a9fdfc02 ustream-ssl: update to Git version 2023-02-25
498f6e2 ustream-mbedtls: Use getrandom() instead of /dev/urandom

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-02-25 18:37:26 +01:00
Nick Hainke
638ebd3067 iproute2: update to 6.2
Release Notes:
https://lwn.net/Articles/923952/

Refresh patches:
- 110-darwin_fixes.patch
- 115-add-config-xtlibdir.patch
- 140-allow_pfifo_fast.patch
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 170-ip_tiny.patch
- 175-reduce-dynamic-syms.patch
- 180-drop_FAILED_POLICY.patch
- 190-fix-nls-rpath-link.patch
- 195-build_variant_ip_tc.patch
- 200-drop_libbsd_dependency.patch
- 300-selinux-configurable.patch

Remove upstreamed:
- 320-configure-Remove-include-sys-stat.h.patch

While working on it remove AUTORELEASE.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-25 13:32:35 +01:00
Nick Hainke
c98a202446 ethtool: update to 6.2
Release notes:
- Feature: link down event statistics (no option)
- Feature: JSON output for coalesce (-c)
- Feature: new link modes (no option)
- Feature: JSON output for ring (-g)
- Feature: netlink handler for RSS get (-x)
- Fix: fix boolean value output in JSON output
- Fix: fix build errors and warnings

Remove upstreamed patches:
- 100-uapi-Bring-in-if-h.patch
- 101-netlink-Fix-maybe-uninitialized-meters-variable.patch
- 102-raw-marvell-c-Fix-build-with-musl-libc.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-25 13:29:07 +01:00
Nick Hainke
530f5c2fda libcap: update to 2.67
Release notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.o8papfkfh1x9

While working on it, remove $(AUTORELEASE).

Tested-by: Linhui Liu liulinhui36@gmail.com # Xiaomi AX3600
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-25 00:14:38 +01:00
Mark Baker
f35e2422b8 base-files: add support for retrieving IPv6 assignments
In DHCPv6-PD enabled environments, addresses are assigned to interfaces.
These new functions retrieve the IPv6 assigned prefix(es).

Signed-off-by: Mark Baker <mark@vpost.net>
2023-02-24 23:56:36 +01:00
Robert Marko
524704e677
mac80211: ath11k: sync with ath-next
Synchronize the ath11k backports with the current ath-next tree.

This backports several memory leak issues, PCI IRQ fixup, peer add locking
fix as well as IPQ5018 support, though IPQ5018 support is unused for now.

This allows to easily backport further fixes as cherry picking them has
started requiring manual conflict resolution.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-02-22 10:31:48 +01:00
Eneas U de Queiroz
595509cc78
openssl: fix powerpc & arc libatomic dependencies
PowerPC CONFIG_ARCH is defined as powerpc, not ppc.  Fix that in the
DEPENDS condition.

Arc needs to be built with libatomic.  Change the OpenSSL configuration
file, and add it to the libatomic DEPENDS condition.

Fixes: 7e7e76afca "openssl: bump to 3.0.8"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-22 11:05:06 -03:00
Eneas U de Queiroz
7e7e76afca
openssl: bump to 3.0.8
This is a major update to the current LTS version, supported until
2026-09-07.

Changelog:
https://github.com/openssl/openssl/blob/openssl-3.0.8/CHANGES.md

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-20 11:24:17 +01:00
Felix Fietkau
57db2280a2 mac80211: fix mesh issues and improve performance
fix forwarding received mesh a-msdu packets
add fast xmit support for mesh to improve performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-20 12:59:51 +01:00
Leon M. Busch-George
ae751535de
hostapd: always use sae_password for mesh/SAE auth
This patch fixes a corner case when using passwords that are exactly 64
characters in length with mesh mode or passwords longer than 63 characters
with SAE because 'psk' is used instead of 'sae_password'.
SAE is obligatory for 802.11s (mesh point).

The 'psk' option for hostapd is suited for WPA2 and enforces length
restrictions on passwords. Values of 64 characters are treated as PMKs.
With SAE, PMKs are always generated during the handshake and there are no
length restrictions.
The 'sae_password' option is more suited for SAE and should be used
instead.

Before this patch, the 'sae_password' option is only used with mesh mode
passwords that are not 64 characters long.
As a consequence:
- mesh passwords can't be 64 characters in length
- SAE only works with passwords with lengths >8 and <=63 (due to psk
  limitation).

Fix this by always using 'sae_password' with SAE/mesh and applying the PMK
differentiation only when PSK is used.

Fixes: #11324
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ improve commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-19 19:43:57 +01:00
Leon M. Busch-George
3c10c42ddd
hostapd: add quotes in assignments
It's generally advised to use quotes for variable assignments in bash.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-02-19 19:43:54 +01:00
Yuan Tao
fa08d900d4 base-files: sysfixtime: Fix time on the fake RTC
On some devices the chip has RTC but no battery save time.
This leads back to getting the wrong time
and skipping the check of the last file modification date.

This commit ensures that the file time is checked even
if the RTC exists.
which would ordinarily return an approbiate
system time used for e.g. certificate generation.

Tested-on: NanoPi R2S

Signed-off-by: Yuan Tao <ty@wevs.org>
2023-02-19 20:04:59 +08:00
Andre Heider
78dc8e2b13 wireguard-tools: remove unnecessary .mk includes
Including kernel.mk moves the package build folder in the linux one, which
is confusing since this isn't building any kernel modules.

package-defaults.mk is already included my package.mk.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-02-18 19:59:12 +01:00
Brian Norris
a3adbec370 kernel: kmod-ramoops: Include pstore console support
Pstore ramoops support is useful even when there isn't an explicit
panic/crash. We can log all kernel messages via a "console", and then
retrieve them in the event of some non-kernel-panic reset (e.g.,
watchdog).

Since the buffer memory is already reserved, there isn't much overhead
to doing this.

The new console files will show up as:

  /sys/fs/pstore/console-ramoops-N

Cc: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-02-18 19:58:22 +01:00
Andre Heider
0859c7129f elfutils: fix build with GCC 11
GCC 11 doesn't know about -Wno-error=use-after-free and aborts
compilation.

Fixes: 2748c45d "elfutils: Ignore wrong use-after-free error"
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-02-18 19:55:37 +01:00
Tim Harvey
29d02d8ce5 kernel: can: fix MCP251x CAN controller module autoload
Fix autoload module name for can-mcp251x kmod.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2023-02-18 19:54:08 +01:00
Aviana Cruz
144fa4d4e7 netfilter: add kmod-nf-conntrack
There have been some demands for the `ct count` expression,
like https://forum.openwrt.org/t/22-03-2-unable-to-use-ct-count-nft-rules/146680.

This adds the required kernel modules for the expression to work.

Signed-off-by: Aviana Cruz <gwencroft@proton.me>
2023-02-18 17:12:30 +01:00
Michael Pratt
4ef86c620f ramips: add support for Senao Engenius EPG600
FCC ID: A8J-EPG600

Engenius EPG600 is an indoor wireless router with
1 Gb ethernet switch, dual-band wireless,
internal antenna plates, USB, and phone lines (not supported)

this board is a Senao device:
the hardware is equivalent to EnGenius ESR600 (except for phone lines)
the software is Senao SDK which is based on openwrt and uboot
which uses the legacy Senao header with Vendor / Product IDs
to verify the firmware upgrade image.

**Specification:**

  - MT7620 SOC		MIPS 24kec, 2.4 GHz WMAC, 2x2
  - RT5592N WLAN	PCI chip, 5 GHz, 2x2
  - QCA8337N Gb SW	RGMII GbE, SW P0 -- SOC P5, 5 LEDs
  - 40 MHz clock
  - 16 MB FLASH		MX25L12845EMI-10G
  - 64 MB RAM		NT5TU32M16
  - UART console	J2, populated
  - USB 2.0 port	direct to SOC
  - 6 GPIO LEDs		power, 2G, 5G, wps2g, wps5g, line
  - 3 buttons		reset, wps, "reg" (registeration)
  - 4 antennas		internal omni-directional plates

NOT YET SUPPORTED: VoIP

  - Si3050-FT + Si3019-FT	Voice DAA, SPI control, PCM data
  - Phone Ports "TEL", "LINE"	RJ11, 4P2C (2 pins)

**MAC addresses:**

  MAC address labeled as MAC ADDRESS
  MACs present in both wifi cal data and uboot environment

  eth0.1/phy1	----	*:82	rf 0x4
  phy0		----	*:83	factory 0x4
  eth0.2	MAC	*:b8	"wanaddr"

**Installation:**

  Method 1: Firmware upgrade page:

    (if you cannot access the APs webpage)
    factory reset with the reset button
    connect ethernet to a computer
    OEM webpage at 192.168.0.1
    username and password 'admin'

    Navigate to gear icon, "Device Management", "Tools"
    select the factory.dlf image
    Upload and verify checksum

  Method 2: Serial to upload initramfs:

    Follow directions for TFTP recovery
    upload and boot initramfs and do a sysupgrade

**TFTP recovery:**

  Requires UART serial console, reset button does nothing

  rename initramfs-kernel.bin to 'uImageEPG600'
  make available on TFTP server at 192.168.99.8
  power board, interrupt boot with "4"
  execute `tftpboot` and `bootm` (with the load address)

**Return to OEM:**

  Images from OEM are provided, but not compatible
  with openwrt sysupgrade. So it must be modified.

  Alternatively, back up all mtd partitions before flashing

**Note on switch registers:**

  The necessary registers needed for the QCA8337 switch
  can be read from interrupted boot (tftpboot, bootm)
  by using the following lines in the switch driver ar8327.c
  in the function 'ar8327_hw_config_of'
  where 'qca,ar8327-initvals' is parsed from DTS
  before the new register values are written:

    pr_info("0x04 %08x\n", ar8xxx_read(priv, AR8327_REG_PAD0_MODE));
    pr_info("0x08 %08x\n", ar8xxx_read(priv, AR8327_REG_PAD5_MODE));
    pr_info("0x0c %08x\n", ar8xxx_read(priv, AR8327_REG_PAD6_MODE));
    pr_info("0x10 %08x\n", ar8xxx_read(priv, AR8327_REG_POWER_ON_STRAP));

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-02-18 16:55:35 +01:00
Yuu Toriyama
1173edf23b wireless-regdb: update to 2023.02.13
Changes:
  7f7a9f7 wireless-regdb: update regulatory database based on preceding changes
  660a1ae wireless-regdb: Update regulatory info for Russia (RU) on 5GHz
  fe05cc9 wireless-regdb: Update regulatory rules for Japan (JP) on 6GHz
  d8584dc wireless-regdb: Update regulatory rules for Japan (JP) on 5GHz
  c04fd9b wireless-regdb: update regulatory rules for Switzerland (CH)
  f29772a wireless-regdb: Update regulatory rules for Brazil (BR)

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
2023-02-18 16:27:37 +01:00
Stijn Tintel
65c9b5ffb0 odhcpd: bump to git HEAD
dfab0fa dhcpv4: detect noarp interfaces
  5a17751 router: improve RA logging
  edc5e17 router: always check ra_default

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-02-17 16:30:03 +02:00
Stijn Tintel
baf76634f3 build: add option to use preinit IP as LAN IP
We currently have build options to customize the IP address used in the
preinit phase of the boot process, but not to set the default LAN IP.

Introduce a boolean build option that, when enabled, results in the IP
address configured for the preinit phase, to be also used as the default
LAN IP address.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-02-17 16:20:03 +02:00
Robert Marko
061e863bae
kernel: modules: package Aquantia PHY driver
Package the Aquantia AQR PHY driver as kmod.

This enables using the Aquantia driver with hwmon support on targets where
hwmon is not compiled-in.

Currently, in case when AQR driver is compiled-in but hwmon core is not
hwmon code in AQR driver will not get compiled because of macro
IS_REACHABLE(CONFIG_HWMON) evaluating to false.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-02-15 23:28:57 +01:00
Rafał Miłecki
3c66ac7e22 iptables: iptables-mod-conntrack-extra: don't select kmod-ipt-raw
Package kmod-ipt-raw enables CONFIG_IP_NF_RAW and packages
iptable_raw.ko

According to kernel's net/netfilter/Kconfig there are only 3 kernel
symbols that depend on the IP_NF_RAW:
1. NETFILTER_XT_TARGET_CT (xt_CT.ko)
2. NETFILTER_XT_TARGET_NOTRACK (unused symbol?!)
3. NETFILTER_XT_TARGET_TRACE (xt_TRACE.ko)

Now: iptables-mod-conntrack-extra selects kmod-ipt-conntrack-extra which
provides: xt_helper.ko nf_conncount.ko xt_connlimit.ko xt_connmark.ko
xt_recent.ko and xt_connbytes.ko (none of them seems to require
iptable_raw.ko).

It seems there is no explicit reason for iptables-mod-conntrack-extra to
require kmod-ipt-raw (iptables_raw.ko).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-02-15 14:28:08 +01:00
Rafał Miłecki
601257e388 netifd: refactor packet steering init
1. Move setup code to independent script file
2. Add init.d script to allow automatic updates
3. Support platform specific /usr/libexec/platform/packet-steering.sh

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-02-15 14:25:38 +01:00
Daniel Golle
e8625c89ef treewide: replace /sys/devices/virtual/ubi by /sys/class/ubi
Starting from Linux Kernel version 6.3 UBI devices will no longer be
considered virtual, but rather have an MTD device parent. Hence they
will no longer be listed under /sys/devices/virtual/ubi which is
used in multiple places in OpenWrt. Prepare for future kernels by
using /sys/class/ubi instead of /sys/devuces/virtual/ubi.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-02-15 03:27:59 +00:00
Daniel Golle
62e583ddb9 fstools: update to git HEAD
12155d3 libfstools: use class interface to iterate over ubi devices

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-02-15 03:27:35 +00:00
Felix Fietkau
ac4fae2338 ucode: update to the latest version
08c709c58187 rtnl: add support for registering an uloop based listener
599a7fb59380 Merge pull request #140 from nbd168/rtnl
c4125c516e0a nl80211: fix NL80211_ATTR_SURVEY_INFO
c43bb9d8fe8d Merge pull request #141 from dhewg/master
c1342d934b2d nl80211: add missing ucv_get() calls
9022b270683a rtnl: add missing ucv_get() calls
837cffec5a5c Merge pull request #142 from nbd168/ref-fixes
65b1f181e642 rtnl: add missing uc_vm_registry_set call
ab2f3f70257d Merge pull request #143 from nbd168/rtnl-fix

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-14 09:59:16 +01:00
INAGAKI Hiroshi
f490295bf2
ipq807x: add support for Buffalo WXR-5950AX12
Buffalo WXR-5950AX12 is a 2.4/5 GHz band 11ax (Wi-Fi 6) router, based on
IPQ8074A.

Specification:

- SoC         : Qualcomm IPQ8074A
- RAM         : DDR3 1024 MiB (2x Nanya NT5CC256M16ER-EK)
- Flash       : RAW NAND 256 MiB (Winbond W29N02GZBIBA)
- WLAN        : 2.4/5 GHz (IPQ8074A)
- Ethernet    : 5 ports
  - WAN       : 100/1000/2500/10000 Mbps x1 (AQR113C)
  - LAN       : 100/1000/2500/10000 Mbps x1 (AQR113C),
                10/100/1000 Mbps x3 (QCA8075)
- LED/Keys    : 8x/5x
- UART        : pin header on PCB (J7)
  - assignment: 3.3V, GND, TX, RX from disc marking
  - settings  : 115200n8
- Power       : 12 VDC, 4 A

Flash instruction using initramfs image:

1. Prepare TFTP server with IP address 192.168.11.10
2. Rename OpenWrt initramfs image to "WXR-5950AX12-initramfs.uImage and
   place it to TFTP directory
3. Hold AOSS (WPS) button and power on WXR-5950AX12
4. WXR-5950AX12 downloads initramfs image from TFTP server and boots
   with it automatically
5. Upload sysupgrade image to WXR-5950AX12 and perform sysupgrade
6. Wait ~120 seconds to complete flashing

Partition layout:

0x000000000000-0x000000100000 : "0:sbl1"
0x000000100000-0x000000200000 : "0:mibib"
0x000000200000-0x000000280000 : "0:bootconfig"
0x000000280000-0x000000300000 : "0:bootconfig1"
0x000000300000-0x000000600000 : "0:qsee"
0x000000600000-0x000000900000 : "0:qsee_1"
0x000000900000-0x000000980000 : "0:devcfg"
0x000000980000-0x000000a00000 : "0:devcfg_1"
0x000000a00000-0x000000a80000 : "0:apdp"
0x000000a80000-0x000000b00000 : "0:apdp_1"
0x000000b00000-0x000000b80000 : "0:rpm"
0x000000b80000-0x000000c00000 : "0:rpm_1"
0x000000c00000-0x000000c80000 : "0:cdt"
0x000000c80000-0x000000d00000 : "0:cdt_1"
0x000000d00000-0x000000d80000 : "0:appsblenv"
0x000000d80000-0x000000e80000 : "0:appsbl"
0x000000e80000-0x000000f80000 : "0:appsbl_1"
0x000000f80000-0x000001000000 : "0:art"
0x000001000000-0x000001080000 : "0:art_1"
0x000001080000-0x000001100000 : "0:orgdata"
0x000001100000-0x000001180000 : "0:orgdata_1"
0x000001180000-0x000005180000 : "rootfs"
0x000005180000-0x000009180000 : "rootfs_recover"
0x000009180000-0x000010000000 : "user_property"

Notes:

- WXR-5950AX12 has 2x OS images on NAND flash. The 1st image is for
  normal operation and the 2nd one is for recoverying or firmware
  upgrading on stock.

- Stock U-Boot checks MD5 hashes in "fw_hash" volume in each "root*"
  partition when booting. This is just a comparation of hash strings.

  Behaviors:

  - both "fw_hash" volumes exist, hashes are rootfs == rootfs_recover
    ---> boot from rootfs

  - both "fw_hash" volumes exist, hashes are rootfs != rootfs_recover
    ---> boot from rootfs_recover

    Note: this behavior is used for firmware upgrading on stock

  - "fw_hash" volume in rootfs is missing
    ---> boot from rootfs_recover

  - "fw_hash" volume in rootfs_recover is missing
    ---> boot from rootfs

  - "fw_hash" volumes in both root* partition are missing
    ---> boot from rootfs_recover

Reverting to stock firmware:

1. Decrypt official image by buffalo-enc and remove header

   example of decryption:

   $ buffalo-enc -i wxr_5950ax12_jp_305 -o wxr_5950ax12_jp_305.dec \
                 -d -k olaffuB -O 0xc8

   example of removing header (v3.05):

   - before

   $ hexdump -n 64 -v -C wxr_5950ax12_jp_305.dec
   00000000  57 58 52 2d 35 39 35 30  41 58 31 32 5f 33 2e 30  |WXR-5950AX12_3.0|
   00000010  35 5f 31 2e 30 31 5f 4a  50 5f 6a 70 5f 71 63 61  |5_1.01_JP_jp_qca|
   00000020  0a 66 69 6c 65 6c 65 6e  3d 34 35 33 35 30 39 31  |.filelen=4535091|
   00000030  32 0a 55 42 49 23 01 00  00 00 00 00 00 00 00 00  |2.UBI#..........|
   00000040

   - after

   $ hexdump -n 64 -v -C wxr_5950ax12_jp_305.ubi
   00000000  55 42 49 23 01 00 00 00  00 00 00 00 00 00 00 00  |UBI#............|
   00000010  00 00 08 00 00 00 10 00  78 cf c4 91 00 00 00 00  |........x.......|
   00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
   00000030  00 00 00 00 00 00 00 00  00 00 00 00 3d 2a 64 fd  |............=*d.|
   00000040

2. Boot WXR-5950AX12 with OpenWrt initramfs image

3. Upload modified stock image to WXR-5950AX12

4. Find partitions "rootfs" and "rootfs_recover"

   example:

   root@OpenWrt:/# cat /proc/mtd
   dev:    size   erasesize  name
   ...
   mtd22: 04000000 00020000 "rootfs"
   mtd23: 04000000 00020000 "rootfs_recover"
   ...

   in this case, "rootfs" is mtd22 and "rootfs_recover" is mtd23

5. Format "rootfs"/"rootfs_recover" partition with the uploaded image

   example:

   ubiformat /dev/mtd22 -f /tmp/wxr_5950ax12_jp_305.ubi
   ubiformat /dev/mtd23 -f /tmp/wxr_5950ax12_jp_305.ubi

6. Remove "rootfs"/"rootfs_data" volume from user_property partition

   example:

   . /lib/upgrade/nand.sh
   UBI=$(nand_attach_ubi user_property)
   ubirmvol /dev/$UBI -N rootfs
   ubirmvol /dev/$UBI -N rootfs_data

7. Reboot

MAC addresses:

LAN    : 50:C4:DD:xx:xx:28 (0:APPSBLENV, ethaddr (text))
WAN    : 50:C4:DD:xx:xx:28 (0:APPSBLENV, ethaddr (text))
2.4 GHz: 50:C4:DD:xx:xx:30 (0:APPSBLENV, wlan0addr (text))
5 GHz  : 50:C4:DD:xx:xx:38 (0:APPSBLENV, wlan1addr (text))

Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2023-02-12 01:18:39 +01:00
INAGAKI Hiroshi
54c5f33b30 uboot-envtools: add support for APRESIA ApresiaLightGS120GT-SS
This patch adds support for APRESIA ApresiaLightGS120GT-SS to
uboot-envtools.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2023-02-13 12:22:17 +01:00
Felix Fietkau
ec33a6ca2c mac80211: add fixes for receiving A-MSDU packets on mesh interfaces
The standard defines the A-MSDU header length field differently for mesh
compared to other modes. Deal with this accordingly and work around broken
implementations (e.g. ath10k, ath11k).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-13 11:45:43 +01:00
Nick Hainke
9639ef2a5b e2fsprogs: update to 1.47.0
Release notes:
https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.47.0

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-13 00:48:25 +01:00
Karl Chan
92276eef70 ramips: add support for ASUS RT-AX54
Specifications:
- Device: ASUS RT-AX54 (AX1800S/HP,AX54HP)
- SoC: MT7621AT
- Flash: 128MB
- RAM: 256MB
- Switch: 1 WAN, 4 LAN (10/100/1000 Mbps)
- WiFi: MT7905 2x2 2.4G + MT7975 2x2 5G
- LEDs: 1x POWER (blue, configurable)
        1x LAN (blue, configurable)
        1x WAN (blue, configurable)
	1x 2.4G (blue, not configurable)
	1x 5G (blue, not configurable)

Flash by U-Boot TFTP method:
- Configure your PC with IP 192.168.1.2
- Set up TFTP server and put the factory.bin image on your PC
- Connect serial port(rate:115200) and turn on AP, then interrupt "U-Boot Boot Menu" by hitting any key
   Select "2. Upgrade firmware"
   Press enter when show "Run firmware after upgrading? (Y/n):"
   Select 0 for TFTP method
   Input U-Boot's IP address: 192.168.1.1
   Input TFTP server's IP address: 192.168.1.2
   Input IP netmask: 255.255.255.0
   Input file name: openwrt-ramips-mt7621-asus_rt-ax1800hp-squashfs-factory.bin
- Restart AP aftre see the log "Firmware upgrade completed!"

Signed-off-by: Karl Chan <exkc@exkc.moe>
2023-02-12 18:27:45 +01:00
John Audia
4ae86b3358 openssl: bump to 1.1.1t
Removed upstreamed patch: 010-padlock.patch

Changes between 1.1.1s and 1.1.1t [7 Feb 2023]

  *) Fixed X.400 address type confusion in X.509 GeneralName.

     There is a type confusion vulnerability relating to X.400 address processing
     inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
     but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
     vulnerability may allow an attacker who can provide a certificate chain and
     CRL (neither of which need have a valid signature) to pass arbitrary
     pointers to a memcmp call, creating a possible read primitive, subject to
     some constraints. Refer to the advisory for more information. Thanks to
     David Benjamin for discovering this issue. (CVE-2023-0286)

     This issue has been fixed by changing the public header file definition of
     GENERAL_NAME so that x400Address reflects the implementation. It was not
     possible for any existing application to successfully use the existing
     definition; however, if any application references the x400Address field
     (e.g. in dead code), note that the type of this field has changed. There is
     no ABI change.
     [Hugo Landau]

  *) Fixed Use-after-free following BIO_new_NDEF.

     The public API function BIO_new_NDEF is a helper function used for
     streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
     to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
     be called directly by end user applications.

     The function receives a BIO from the caller, prepends a new BIO_f_asn1
     filter BIO onto the front of it to form a BIO chain, and then returns
     the new head of the BIO chain to the caller. Under certain conditions,
     for example if a CMS recipient public key is invalid, the new filter BIO
     is freed and the function returns a NULL result indicating a failure.
     However, in this case, the BIO chain is not properly cleaned up and the
     BIO passed by the caller still retains internal pointers to the previously
     freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
     then a use-after-free will occur. This will most likely result in a crash.
     (CVE-2023-0215)
     [Viktor Dukhovni, Matt Caswell]

  *) Fixed Double free after calling PEM_read_bio_ex.

     The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
     decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
     data. If the function succeeds then the "name_out", "header" and "data"
     arguments are populated with pointers to buffers containing the relevant
     decoded data. The caller is responsible for freeing those buffers. It is
     possible to construct a PEM file that results in 0 bytes of payload data.
     In this case PEM_read_bio_ex() will return a failure code but will populate
     the header argument with a pointer to a buffer that has already been freed.
     If the caller also frees this buffer then a double free will occur. This
     will most likely lead to a crash.

     The functions PEM_read_bio() and PEM_read() are simple wrappers around
     PEM_read_bio_ex() and therefore these functions are also directly affected.

     These functions are also called indirectly by a number of other OpenSSL
     functions including PEM_X509_INFO_read_bio_ex() and
     SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
     internal uses of these functions are not vulnerable because the caller does
     not free the header argument if PEM_read_bio_ex() returns a failure code.
     (CVE-2022-4450)
     [Kurt Roeckx, Matt Caswell]

  *) Fixed Timing Oracle in RSA Decryption.

     A timing based side channel exists in the OpenSSL RSA Decryption
     implementation which could be sufficient to recover a plaintext across
     a network in a Bleichenbacher style attack. To achieve a successful
     decryption an attacker would have to be able to send a very large number
     of trial messages for decryption. The vulnerability affects all RSA padding
     modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
     (CVE-2022-4304)
     [Dmitry Belyavsky, Hubert Kario]

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-02-12 00:08:29 +01:00
Xu Yiming
1a145ccb0a
kernel: kmod-fs-ntfs3: fix typo
Fix typo that mistaken the description of ntfs3 for fuse.

Signed-off-by: Xu Yiming <xuyiming.open@outlook.com>
2023-02-09 03:16:51 +01:00
Nick Hainke
b6bc924b19 e2fsprogs: update to 1.46.6
Release information:
https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6

Remove upstreamed patch:
- 004-CVE-2022-1304-libext2fs-add-sanity-check-to-extent-manipulation.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-08 00:14:53 +01:00
Leon M. George
67d2a7ef9e
base-files: ipcalc.sh: fix awk regex syntax
It worked fine before but gawk warns about it.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:58 +01:00
Leon M. George
2903924b57
base-files: ipcalc.sh: trim for statement
For gawk compatibility.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
e4bd3de1be
dnsmasq: refuse to add empty DHCP range
Use ipcalc's return value to react to invalid range specifications.
By simply ignoring the range instead of aborting with an error code,
dnsmasq should still start when there's an error (best effort).
Aborting the config generation or working with invalid range specs leaves
dnsmasq crash-looping which is the right thing to do concerning that
particular interface but it also hinders DHCP service on other interfaces
and DNS on the router itself.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
6ce9f42b98
base-files: ipcalc.sh: use shebang to invoke awk
There's hardly an shell logic in ipcalc.sh and a $* that would garble
parameter positions.
Move the awk invokation to the shebang.

A rename from "ipcalc.sh" to "ipcalc" is desirable but could prove tricky
with packages in other repositories depending on the filename.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
a40a96e54b
base-files: ipcalc.sh: fail when network is too small
It's possible to move range boundaries in a way that the start address
lies behind the end address.
Detect this condition and exit with an error message.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:56 +01:00
Leon M. George
4fe106afd1
base-files: ipcalc.sh: don't include own address in range
Make sure our own address doesn't lie in the calculated range.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:56 +01:00
Leon M. George
00a20335ba
base-files: ipcalc.sh: check for params before calculating start/end
With this patch, ipcalc only calculates range boundaries if the
corresponding parameters are supplied.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:52 +01:00
Christian Marangi
f28a604df4
iwinfo: bump to latest git HEAD
c7eb8eb nl80211: restore iterating over all devices in nl80211_phy2ifname()

Fixes: #11902
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-06 21:36:51 +01:00
Christian Marangi
3ef655375a
fstools: bump to latest Git HEAD
14d535e partname: Correct fstools_partname_fallback_scan comparison

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-04 20:04:58 +01:00
Brian Norris
3cd882744d base-files: upgrade: Fix export_partdevice() quoting
$BOOTDEV_MAJOR may be empty for many of the uevents parsed in this
function. This condition thus tends to fail benignly (we just skip to
the next device), but it can really clutter the stage2 sysupgrade
stderr, since it looks like the "=" operand doesn't have an appropriate
left-hand argument.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-02-03 14:09:46 +01:00
Brian Norris
ecafdfa894 kernel: modules: add lkdtm module
Useful for debugging panic/error handling, crash logging, and more.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-02-03 13:48:11 +01:00
Jan Hoffmann
b91d7d9d78 ltq-*-app: extend ubus metrics/statistics
Expose a few additional useful values via ubus:

- Channel error counters (CRC, FEC)
- Retransmission counters (MINEFTR, LEFTRS)
- Impulse noise protection level
- Rate adaptation mode
- OLR statistics (Bitswap, SRA, SOS)
- Pilot tones
- Upstream/downstream band information

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2023-02-03 13:40:47 +01:00
Jan Hoffmann
723963543a ltq-vdsl-vr9: fix upstream MINEFTR
The upstream value read from the device seems to already be in bits per
second, so there is no need to multiply by 1000 again (which for typical
values causes an overflow of the 32-bit unsigned integer).

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2023-02-03 13:33:36 +01:00
Chen Minqiang
fcde517d35 wolfssl: fix build with make < 4.2
Inline the preinst.arm-ce script. Support for including was added in
make 4.2 and is not working with older make versions.

Fixes: https://github.com/openwrt/openwrt/issues/11866
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2023-02-03 12:18:19 +01:00