Commit Graph

20640 Commits

Author SHA1 Message Date
Rafał Miłecki
d6b62611b8 firmware-utils: package oseama
It's required by bcm53xx. This allows dropping separated oseama package
and avoids some code duplication.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1d9d0ca376)
2023-11-24 14:02:29 +01:00
Rafał Miłecki
40bd2bb3d6 firmware-utils: new package replacing otrx
Some of firmware utils may be required on target devices. It's useful
e.g. for dealing with some firmware formats. That is often required
(supporting specific format) to provide an option to revert to original
firmware.

So far we had packaged "otrx" util only for use on Broadcom targets.
Refactor that to package the whole firmware-utils project so we can
package any single util needed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 24d6abe2d7)
2023-11-24 14:02:29 +01:00
Hauke Mehrtens
6cb1cb1b13 OpenWrt v23.05.2: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-15 00:00:58 +01:00
Hauke Mehrtens
1c26bcb108 OpenWrt v23.05.2: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-15 00:00:53 +01:00
Jo-Philipp Wich
842932a63d netifd: fix IPv4 route target masking
A previous commit supposed to mask out excess host bits in route targets
failed to correctly calculate the mask value, causing it to produce
improper results for certain mask lengths.

Fixes: https://github.com/openwrt/netifd/issues/17
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-11-14 14:38:11 +01:00
Daniel Golle
ce62536aca uboot-envtools: add environment config for MeiG SLT866
Add configuration to access U-Boot environment on MeiG SLT866.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f8414f1a6f)
2023-11-13 00:58:08 +00:00
Hauke Mehrtens
ce62c25c08 OpenWrt v23.05.1: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-12 21:21:21 +01:00
Hauke Mehrtens
a58a86693f OpenWrt v23.05.1: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-12 21:20:49 +01:00
Christian Marangi
b7e81d210b
iptables: backport patch fixing bug with string module
Backport patch fixing critical bug with string module merged upstream.

Fixes: #13812
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3d6b89c514)
2023-11-12 14:14:25 +01:00
Nick Hainke
3d006f95f2 wolfssl: update to 5.6.4
Releae Notes:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.4-stable

Remove upstreamed patch:
- 001-fix-detection-of-cut-tool-in-configure.ac.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit d83231603c)
2023-11-11 18:18:29 +01:00
Felix Fietkau
46385eb7f8 netifd: update to the latest version
eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d45d72a6da)
2023-11-11 10:20:17 +01:00
Christian Marangi
11a41bc4b2 netifd: update to Git HEAD (2023-11-09)
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1714087442)
2023-11-11 10:20:15 +01:00
Christian Marangi
f6a9f0c57b
ipq-wifi: update to Git HEAD (2023-11-10)
c9db9d0b3027 ipq8074: add Asus RT-AX89X BDF
33154283e54a ipq8074: update RegDB in new submitted BDF
2b034415ac3d ipq40xx: add YYeTs LE1 BDF
a9c253ebe926 ipq8074: add Netgear WAX620 Board file for Netgear WAX620, extracted from stock (bdwlan.b290) firmware and repacked.
ec0960967999 qca-wireless: ipq40xx: add BDFs for ZTE MF287
57aa1b1562ac ipq8174: Add Linksys MX4200
52a1c2940605 ipq8074: add Netgear WAX630 Board file for Netgear WAX630. Extracted from stock (WAX630_BDF.bin) firmware and repacked.
e7701b85d46d ipq8074: update RegDB in new submitted BDF
cd04ab7f984f qcn9074: update RegDB in new submitted BDF
f70fdf9438ae ipq8074: add Arcadyan AW1000 BDF
21c4d976b1e6 ipq8074: add CMCC RM2-6 BDF
f92fa0a2bdcf ipq8074: add ZTE MF269 BDF
371d4dce9b9a ipq8074: add Yuncore AX880 BDF
0c2e810e71ed qcn9074: fix prpl Foundation Haze BDF for old mac80211 version

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 13:48:46 +01:00
Jo-Philipp Wich
2285eb732a ucode: update to Git HEAD (2023-11-07)
0352a33 uloop: support new interval and signal APIs
1468cc4 syntax: don't treat `as` and `from` as reserved keywords

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 551963662b)
2023-11-09 16:38:02 +01:00
Christian Marangi
f5e9fd624d
hostapd: refresh patches
Refresh patches for hostapd using make package/hostapd/refresh.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 05e516b12d)
2023-11-09 16:10:27 +01:00
Christian Marangi
85d1b43be4
hostapd: permit 40MHz in 802.1s only also for 2.4GHz g/n with noscan
Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never
permitted.

This is probably due to the complexity of setting periodic check for the
intolerant bit. When noscan option is set, we ignore the presence of the
intoleran bit in near AP, so we can enable 40MHz and ignore any complex
logic for checking.

Fixes: #13112
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6c9ac57d58)
2023-11-09 16:10:26 +01:00
Christian Marangi
1cab0d74b3
hostapd: permit also channel 7 for 2.5GHz to be set to HT40PLUS
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b1c7b1bd67)
2023-11-09 16:10:26 +01:00
Christian Marangi
c9e8453de7
hostapd: fix broke noscan option for mesh
noscan option for mesh was broken and actually never applied.

This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1b5ea2e199)
2023-11-09 16:10:26 +01:00
Christian Marangi
2ef625e769
mac80211: fix not set noscan option for wpa_supplicant
noscan option was changed to hostapd_noscan but the entry in
wpa_supplicant was never updated resulting in the noscan option actually
never set.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1070fbce6e)
2023-11-09 16:10:25 +01:00
Hauke Mehrtens
5106f554bb px5g-wolfssl: Fix permission of private key
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.

OpenSSL does this in the same way already.

With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.*
-rw-r--r--    1 root     root           749 Nov  6 23:14 /etc/uhttpd.crt
-rw-------    1 root     root           121 Nov  6 23:14 /etc/uhttpd.key

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6aad5ab099)
2023-11-08 19:04:11 +01:00
Hauke Mehrtens
6fd16b0d27 px5g-mbedtls: Fix permission of private key
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.

OpenSSL does this in the same way already.

With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r--    1 root     root           519 Nov  6 22:58 /etc/uhttpd.crt
-rw-------    1 root     root           121 Nov  6 22:58 /etc/uhttpd.key

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 929c9a58c9)
2023-11-08 19:04:11 +01:00
Felix Fietkau
6de0e0d01a hostapd: use rtnl to set up interfaces
In wpa_supplicant, set up wlan interfaces before adding them

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit c2a30b6e01)
2023-11-08 12:47:46 +01:00
Felix Fietkau
bbfb920e99 wifi: fix applying mesh parameters when wpa_supplicant is in use
Apply them directly using nl80211 after setting up the interface.
Use the same method in wdev.uc as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 531314260d)
2023-11-08 12:47:42 +01:00
Felix Fietkau
f780cfb92f netifd: update to the latest version
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 41d7439af5)
2023-11-08 12:47:34 +01:00
Tianling Shen
d3c193525e mediatek: add CMCC RAX3000M support
Hardware specification:
  SoC: MediaTek MT7981B 2x A53
  Flash: 64GB eMMC or 128 MB SPI-NAND
  RAM: 512MB
  Ethernet: 4x 10/100/1000 Mbps
  Switch: MediaTek MT7531AE
  WiFi: MediaTek MT7976C
  Button: Reset, Mesh
  Power: DC 12V 1A
- UART: 3.3v, 115200n8
  --------------------------
  |         Layout         |
  |   -----------------    |
  | 4 | GND TX VCC RX | <= |
  |   -----------------    |
  --------------------------

Gain SSH access:
1. Login into web interface, and download the configuration.
2. Enter fakeroot, decompress the configuration:
   tar -zxf cfg_export_config_file.conf
3. Edit 'etc/config/dropbear', set 'enable' to '1'.
4. Edit 'etc/shadow', update (remove) root password:
   'root::19523:0:99999:7:::'
5. Repack 'etc' directory:
   tar -zcf cfg_export_config_file.conf etc/
   * If you find an error about 'etc/wireless/mediatek/DBDC_card0.dat',
     just ignore it.
6. Upload new configuration via web interface, now you can SSH to RAX3000M.

Check stroage type:
Check the label on the back of the device:
"CH EC CMIIT ID: xxxx" is eMMC version
"CH    CMIIT ID: xxxx" is NAND version

eMMC Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'factory' part.
   ('data' partition can be ignored, it's useless.)
2. Write new GPT table:
   dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-gpt.bin of=/dev/mmcblk0 bs=512 seek=0 count=34 conv=fsync
3. Erase and write new BL2:
   echo 0 > /sys/block/mmcblk0boot0/force_ro
   dd if=/dev/zero of=/dev/mmcblk0boot0 bs=512 count=8192 conv=fsync
   dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-preloader.bin of=/dev/mmcblk0boot0 bs=512 conv=fsync
4. Erase and write new FIP:
   dd if=/dev/zero of=/dev/mmcblk0 bs=512 seek=13312 count=8192 conv=fsync
   dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-bl31-uboot.fip of=/dev/mmcblk0 bs=512 seek=13312 conv=fsync
5. Set static IP on your PC:
   IP 192.168.1.254, GW 192.168.1.1
6. Serve OpenWrt initramfs image using TFTP server.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt has booted, perform sysupgrade.
9. Additionally, if you want to have eMMC recovery boot feature:
     (Don't worry! You will always have TFTP recovery boot feature.)
   dd if=openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb of=/dev/mmcblk0p4 bs=512 conv=fsync

NAND Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'Factory' part.
2. Erase and write new BL2:
   mtd erase BL2
   mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-preloader.bin BL2
3. Erase and write new FIP:
   mtd erase FIP
   mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-bl31-uboot.fip FIP
4. Set static IP on your PC:
   IP 192.168.1.254, GW 192.168.1.1
5. Serve OpenWrt initramfs image using TFTP server.
6. Cut off the power and re-engage, wait for TFTP recovery to complete.
7. After OpenWrt has booted, erase UBI volumes:
   ubidetach -p /dev/mtd0
   ubiformat -y /dev/mtd0
   ubiattach -p /dev/mtd0
8. Create new ubootenv volumes:
   ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
   ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Additionally, if you want to have NAND recovery boot feature:
     (Don't worry! You will always have TFTP recovery boot feature.)
   ubimkvol /dev/ubi0 -n 2 -N recovery -s 20MiB
   ubiupdatevol /dev/ubi0_2 openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb
10. Perform sysupgrade.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 423186d7d8)
[rebased to 23.05]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-11-07 00:46:00 +01:00
Tianling Shen
429715a237 uboot-mediatek: add support for CMCC RAX3000M
The OEM U-Boot uses dual boot and signature verification which does not
support by OpenWrt. So add a custom U-Boot build for OpenWrt.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit fddd735dd5)
2023-11-07 00:45:43 +01:00
Tianling Shen
b209f45640 arm-trusted-firmware-mediatek: add emmc/spim-nand ddr4 build for mt7981
They will be used on CMCC RAX3000M.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7d8ffe941d)
2023-11-07 00:43:33 +01:00
Hauke Mehrtens
3223f31fd3 mbedtls: Activate secp521r1 curve by default
Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110

This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk

Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3c17cdbc36)
2023-11-07 00:37:20 +01:00
Koen Vandeputte
7c43ced160 libnl: add support for cli
Some packages (like wavemon >= 0.9.4) depend on libnl-cli. Add support
for this part of the lib. libnl-cli itself depends on libnl-genl and
libnl-nf. On MIPS, this component adds 81kB.

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(punctuation correction and reorganisation of commit message)
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 4bdd1c1a13)
2023-11-05 12:22:47 +01:00
Kevin Darbyshire-Bryant
610ae4d344 odhcpd: Bump to latest commits
d8118f6 config: make sure timer is not on the timeouts list before freeing
4bbc6e7 add hostsfile output in addition to statefile

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 0221b86032)
2023-11-03 08:27:52 +01:00
Nicolò Veronese
8ed934f371
uboot-mediatek: fix global pll clock override on mtk_spim
With patch 101-03-spi-mtk_spim-get-spi-clk-rate-only-once.patch
 a new system to calculate the SPI clocks has been added.

Unfortunately, the do_div macro overrides the global
 priv->pll_clk_rate field. This will cause to have a reduced
 clock rate on each subsequent SPI call.

Signed-off-by: Valerio 'ftp21' Mancini <ftp21@ftp21.eu>
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit 8849ccb995)
2023-11-03 04:13:33 +01:00
Petr Štetiar
65a10c8230
hostapd: fix broken WPS on broadcom-wl and ath11k
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl/ath11k
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.

The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.

Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
Bug-Debian: https://bugs.debian.org/1004524
Bug-ArchLinux: https://bugs.archlinux.org/task/73495
Upstream-Status: Changes Requested [https://patchwork.ozlabs.org/project/hostap/patch/20220130192200.10883-1-mail@david-bauer.net]
Reported-by: Étienne Morice <neon.emorice@mail.com>
Tested-by: Étienne Morice <neon.emorice@mail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 6dca88aa4a)
2023-11-02 14:44:48 +00:00
Petr Štetiar
21e5db97c4
build: add CycloneDX SBOM JSON support
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.

So lets add support for CycloneDX SBOM for packages and images
manifests.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d604a07225)
2023-11-02 14:44:47 +00:00
Felix Fietkau
40203cdbde firewall4: update to the latest version
23a434d0d15d tests: fix expected test output
840ccdeeabce fw4: avoid emitting invalid rule jump targets
20da9933fd7e fw4: fix another instance of invalid rule jump targets
598d9fbb5179 fw4: remove special cases around hw flow offloading

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 7049ea9e95)
2023-11-02 12:11:38 +01:00
Jo-Philipp Wich
f34ccb10dd ucode: update to latest Git HEAD
cfb24ea build: avoid redefining _FORTIFY_SOURCE
448c763 lib: enforce consistent `index()` behavior with empty needle argument
cdc0203 nl80211: fix maybe uninitialized variable
a69b5c8 vm: fix unused result warning
ea046bd build: enable source fortification by default

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 262554f12cbcc4e3bea2440ce1e696ce8791e732)
2023-11-02 10:38:48 +01:00
Felix Fietkau
51b1d5950e ucode: fix build on macos
Remove ABI version, since its format is not accepted by the linker.
Enable rpath to avoid clash with system libraries

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 5eb8a21ba5)
2023-11-02 10:38:48 +01:00
Jo-Philipp Wich
b549880815 ucode: update to latest Git HEAD
- Introduces signal handling facilities
 - Fixes potentially incorrect object equality tests
 - Introduces debug library
 - Introduces log library
 - ABI version bump due to changed VM structure layout
 - Revised packaging

Changelog:

07c0317 jsdoc: switch to own custom theme
6ca08b0 jsdoc: properly handle indented documentation blocks
2a67f22 lib: add/improve documentation for require(), loadfile(), loadstring()
9993ccb uci: fix potential memory leaks in `configs()`
f56394f ci: re-trigger workflows on pull request pushes
1c18993 lib: various documentation fixes
d25dcb1 uci: add module documentation
4a8ece2 docs: use CSS and local JavaScript fixups to improve formatting
8f21cfa lib: introduce log library
8a3aefe build: auto-enable module depending on present libraries
6a01adc build: convert CMakeLists.txt into lowercase
8700665 ci: don't skip pull request workflows for `master` branch
0184d23 include: fix execvpe compat function on macOS
8b23884 uloop: rename environ variable to avoid clashing with system macro on macOS
7c209d7 types: ensure double serializatiion with decimal places
d150425 rtnl: update the link attr TODOs
d394174 rtnl: add IFLA_TARGET_NETNSID for operating in other namespaces
1227733 lib: fix documented return value for `splice()`
c9982de docs: add struct module documentation
7dde493 docs: add missing headline to debug module documentation
8f852ea types: improve comparison reliability of binary strings
6940c28 lib: introduce debug library
be07107 treewide: consolidate platform specific code in platform.c
2593270 uloop: interrupt on VM signals
97a5292 lib: add `signal()` stdlib function
1dbbb6a main: enable signal dispatching in the standalone cli interpreter
1623245 types: treat signal handler array as GC root
29b1c0d vm: introduce basic signal handling infrastructure
093684d fs: explicitly compare isatty() result
4f4f38f types: don't rely on implicit type conversion in ucv_compare()
4bee0ef docs: disable GitHub Jekyll post processing
5efb7a0 docs: further rework
33bc7bf docs: fix markup quirks
9d5e420 docs: add information about memory management and operator precedence
f1190ef docs: various improvements
f0cc841 fs: use `fseeko()` and `ftello()`
cba0c3c fs: complete function documentation coverage
f9260f7 github: drop superfluous CNAME file
c85bc74 Create CNAME
5309294 lib: add JSDoc documentation
b0f2f90 fs: add JSDoc documentation
fe086da math: add JSDoc documentation
70f9348 docs: add initial JSDoc infrastructure
24f1a56 source: fix source offset accounting
9df9160 lexer: don't count EOF token as newline
b9d8f06 ci: switch to official openwrt/gh-action-sdk

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit eacc885816)
2023-11-02 10:38:48 +01:00
Hauke Mehrtens
e465592155 urngd: update to version 2023-11-01
Fix compilation with glibc

44365eb Deactivate _FORTIFY_SOURCE in jitterentropy-base.c

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d62726b1e4)
2023-11-01 22:22:45 +01:00
Jianhui Zhao
1157b8c1f1 uboot-mediatek: fix determine the size of an uImage.FIT using 'imsz' or 'imszb'.
It must read the entire image for previous code of 'imsz' or 'imszb'.

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Suggested-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 3bbc1d5fba)
2023-10-31 22:18:19 +00:00
Daniel Golle
25bb84e273 uboot-mediatek: add build for mt7981 rfb
Improve and package builds for various boot media configurations of the
MediaTek MT7981 reference board.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 8428bed15d)
2023-10-31 22:16:53 +00:00
Daniel Golle
3f6e28e39c arm-trusted-firmware-mediatek: fix copy&paste error in Makefile
When adding builds for MT7981 the related Makefile sections for MT7986
have apparently been copied, but in one instance the rename from 7986 to
7981 has been omitted. Fix that now.

Fixes: 602cb4f325 ("arm-trusted-firmware-mediatek: add build for MT7981 DDR3")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit be6e257fe6)
2023-10-31 22:16:53 +00:00
David Bauer
16fcad47a4 hostapd: fix OWE association with mbedtls
The code for hostapd-mbedtls did not work when used for OWE association.

When handling association requests, the buffer offsets and length
assumptions were incorrect, leading to never calculating the y point,
thus denying association.

Also when crafting the association response, the buffer contained the
trailing key-type.

Fix up both issues to adhere to the specification and make
hostapd-mbedtls work with the OWE security type.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 39341f422f)
2023-10-31 21:15:57 +01:00
Felix Fietkau
eaf44c5696 hostapd: do not trim trailing whitespace, except for newline
Fixes adding SSID or key with trailing whitespace

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a2d8226c4f)
2023-10-31 13:30:11 +01:00
Anari Jalakas
26164312b4 iptables: opt-out of lto usage
This fixes building with USE_LTO enabled.

<artificial>:(.text+0xc22): relocation R_MIPS16_26 against `libxt_DNAT_init' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol printf
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status

Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 5dbdf3bb3a)
2023-10-31 00:44:03 +01:00
Anari Jalakas
f1ea45f853 lua: opt-out of lto usage
This fixes building with USE_LTO enabled.

<artificial>:(.text+0xcc8): relocation R_MIPS16_26 against `luaL_argerror' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol strcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status

Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 246b97b607)
2023-10-31 00:44:03 +01:00
Anari Jalakas
1d5d149330 libsepol: opt-out of lto usage
This fixes building with USE_LTO enabled.

<artificial>:(.text+0x4194): relocation R_MIPS16_26 against `cil_printf.lto_priv.0' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol memcmp
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status

Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 1925a183a3)
2023-10-31 00:44:03 +01:00
Anari Jalakas
b5817d14c9 libselinux: opt-out of lto usage
This fixes building with USE_LTO enabled:

<artificial>:(.text.exit+0x6e): relocation R_MIPS16_26 against `pthread_key_delete' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol stpcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status

Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 2a33d26d21)
2023-10-31 00:44:03 +01:00
Anari Jalakas
fefa446127 iwinfo: opt-out of lto usage
This fixes building with USE_LTO enabled.

<artificial>:(.text+0x400c): relocation R_MIPS16_26 against `iwinfo_close' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol strcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status

Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit fbacc5ae52)
2023-10-31 00:44:03 +01:00
Rani Hod
07e9c27bde build: hide kmod-zram config unless enabled
Currently the zram default compressor choice is displayed whether or not
zram is activated. Since the default choice is lzo-rle, this adds a
false dependency on kmod-lib-lzo.
With this patch, the choice options appear only when activating zram.

Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit 62ada26de2)
2023-10-31 00:44:03 +01:00
Furong Xu
620721f642 uboot-mediatek: Sync phy-mode for Xiaomi Redmi Router AX6000
Commit 572ea68070 ("uboot-mediatek: add patches for MT7988 and
builds for RFB") renamed HSGMII to 2500basex, but forgot to update
the dts of Redmi Router AX6000, makes the network unusable.
This patch makes the network usable again.

Fixes: #13724
Fixes: 572ea68070 ("uboot-mediatek: add patches for MT7988 and builds for RFB")
Signed-off-by: Furong Xu <xfr@outlook.com>
(cherry picked from commit 03987d2d11)
2023-10-31 00:44:03 +01:00
Felix Fietkau
5368066e9b umdns: update to the latest version
479c7f8676d9 cache: make record/hostname lookup case-insensitive
26c97a5a50bf ubus: add a browse flag for suppressing cached ip addresses
c286c51a9bd9 Fix AVL tree traversal in cache_record_find and cache_host_is_known
4035fe42df58 interface: use a global socket instead of per-interface ones
c63d465698c7 cache: dump hostname target from srv records
b42b22152d73 use hostname from SRV record to look up IP addresses
d45c443aa1e6 ubus: add array flag support for the hosts method

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3e1ac00ccb)
2023-10-28 09:19:46 +02:00
David Bauer
525adac8ee uqmi: update to latest HEAD
c8c9f10 uim: fix help formatting
aac0776 uqmi: add APN profile commands
ffc5eea uim: support SIM card power-up/down
d6c963d uim: add application state to SIM status

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 0da74dbb45)
2023-10-27 05:03:00 +02:00
Hauke Mehrtens
cdf7c3a16e openssl: update to 3.0.12
Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
 * Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e4ebc7b566)
2023-10-26 00:14:10 +02:00
Rani Hod
6a1b92b024 bcm53xx: Linksys EA9200 nvram and 02_network fixes
1) clear nvram partialboots upon successful boot
This behavior is already defined for EA9500; enabled for EA9200 too.

2) fix MAC address in board.d/02_network
Use the correct nvram variable to derive lan/wan MAC address.

Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit 9c42d23c5f)
2023-10-26 00:14:10 +02:00
Christian Marangi
1304234dd7
netifd: update to latest git HEAD
5590a80e2566 config: fix incompatible with jshn network-device entry

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 53039bf7f5)
2023-10-20 13:09:55 +02:00
Michael 'ASAP' Weinrich
0da199f60c
base-files: fix wrong ucidef_set_network_device_mac network-device entry
The ucidef_set_network_device_* functions in uci-defaults.sh disagree
on whether to use "network-device" or "network_device" in board.json.
With the additional caveat that jshn will translate hyphens (-) into
underscores (_). This casues problems in netifd which expected
"network_device" causing boards which depend on assigning MACs in
board.json via uci-defaults.sh (or jshn in general) to fail.

This commit addresses the issue by using network_device in
uci-defaults.sh.

The bug was uncovered in the forums here:
https://forum.openwrt.org/t/support-for-rtl838x-based-managed-switches/57875/2596

This was exposed by commit 4ebba8a05d ("realtek: add support for HPE
1920-8g-poe+") where the board_config_load call from 03_gpio introduced
the key normalization by jshn.

Fixes: 9290539ca9 ("base-files: allow setting device and bridge macs")
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Michael 'ASAP' Weinrich <michael@a5ap.net>
[ improve commit title, description and fix wrong Tested-by tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 12bc79d6d5)
2023-10-20 13:09:47 +02:00
Hauke Mehrtens
72f7f18d2b mbedtls: Update to version 2.28.5
This fixes some minor security problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9e1c5ad4b0)
2023-10-15 19:51:39 +02:00
Hauke Mehrtens
86e852bcd0 OpenWrt v23.05.0: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-10-11 23:06:34 +02:00
Hauke Mehrtens
bd4f415efa OpenWrt v23.05.0: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-10-11 23:06:24 +02:00
Hauke Mehrtens
6637af95aa bsdiff: Add patches for CVEs
Add two patches from Debian fixing CVEs in the bsdiff application.
CVE-2014-9862: Heap vulnerability in bspatch
CVE-2020-14315: Memory Corruption Vulnerability in bspatch

Copied the patches from this location:
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/20-CVE-2014-9862.patch
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/33-CVE-2020-14315.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cac723e8b8)
2023-10-09 23:45:35 +02:00
Uwe Niethammer
5b00873f5d uqmi: added timeout to fix hanging qmi.sh
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi
supports a timeout parameter. Unfortunately qmi.sh didn't make use of
this parameter. So qmi.sh is now invoking an early dummy access to
unlock the modem

Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
(cherry picked from commit 32a696f9e4)
2023-10-08 14:14:50 +02:00
Christian Marangi
76758a8694 yafut: add missing PKG_MIRROR_HASH
Add missing PKG_MIRROR_HASH. This is always needed as is used to
generate and use a tar instead of git clone and validate the hash of it.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit a181b9f0f9)
2023-10-08 14:14:50 +02:00
Hauke Mehrtens
b742216dc8 OpenWrt v23.05.0-rc4: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-09-29 20:28:43 +02:00
Hauke Mehrtens
50690dd5cc OpenWrt v23.05.0-rc4: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-09-29 20:28:35 +02:00
Nick Hainke
7fe85ce1f2 hostapd: increase PKG_RELEASE to fix builds
Recent hostapd changes just edited the ucode files. It is required to
bump the PKG_RELEASE to include the newest changes in the latest builds.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 91d2ead3c3)
2023-09-29 11:29:36 +02:00
Felix Fietkau
02ed2b0271 hostapd: fix wpa_supplicant mac address allocation on ap+sta
If the full interface is restarted while bringing up an AP, it can trigger a
wpa_supplicant interface start before wpa_supplicant is notified of the
allocated mac addresses.
Fix this by moving the iface_update_supplicant_macaddr call to just after
the point where mac addresses are allocated.

Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit abceef120d)
2023-09-28 10:32:59 +02:00
Hauke Mehrtens
679f89ab65
treewide: Add extra CPE identifier
This adds some Common Platform Enumerations (CPE) identifiers which I
found.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-09-27 22:37:13 +02:00
Alexander Couzens
388d213392 packages: assign PKG_CPE_ID for all missing packages
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has CPE id.

Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2023-09-27 22:37:01 +02:00
Felix Fietkau
782341458c hostapd: fix mac address of interfaces created via wdev.uc
Use the wdev config with the generated MAC address

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 0c43a48735)
2023-09-27 15:04:36 +02:00
Felix Fietkau
849f0ea65c hostapd: fix rare crash with AP+STA and ACS enabled
Ensure that the iface disable in uc_hostapd_iface_start also clears the ACS
state.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f1bb528ae7)
2023-09-27 14:05:40 +02:00
Ivan Pavlov
912eded06c openssl: update to 3.0.11
Changes between 3.0.10 and 3.0.11 [19 Sep 2023]
 * Fix POLY1305 MAC implementation corrupting XMM registers on Windows. ([CVE-2023-4807])

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit bfd54529fa)
2023-09-24 13:22:34 +02:00
Erik Karlsson
2d812f0b72 procd: create /dev/fd symlink
This is needed for ksh/bash style process substitution such as
<(command) and >(command) which was introduced in ash as of busybox
version 1.34.0 to work.

Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
(cherry picked from commit fdce970dbb)
2023-09-24 13:22:34 +02:00
Yuu Toriyama
4c2f44c859 wireless-regdb: update to 2023.09.01
Changes:
    9dc0800 wireless-regdb: Update regulatory rules for Philippines (PH)
    111ba89 wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines
    ae1421f wireless-regdb: Update regulatory info for Türkiye (TR)
    20e5b73 wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
    991b1ef wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 0e13363de6)
2023-09-24 13:22:33 +02:00
Andreas Böhler
a684b512e5 ipq40xx: refactor ZTE MF287 series
The ZTE MF287 requires a different board calibration file for ath10k than
the ZTE MF287+. The two devices receive their own DTS, thus the device tree
is slightly refactored.

Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 9c7578d560)
2023-09-24 12:55:18 +02:00
Felix Fietkau
2f30dec3cb hostapd: fix patch rebase after a crash fix
The patch refresh accidentally moved the hostapd_ucode_free_iface call to
the wrong function

Fixes: e9722aef9e ("hostapd: fix a crash when disabling an interface during channel list update")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3a5ad6e3d7)
2023-09-22 20:01:43 +02:00
Felix Fietkau
fe1028e89c hostapd: fix wpa_supplicant bringup with non-nl80211 drivers
Needed for wired 802.1x

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit fd6d7aafb2)
2023-09-22 08:11:04 +02:00
Felix Fietkau
eda1545e6e hostapd: add missing NULL pointer check in uc_hostapd_iface_stop
Avoid crashing if the interface has already been removed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 4145ff4d8a)
2023-09-20 18:43:35 +02:00
Felix Fietkau
6019945e96 hostapd: fix a crash when disabling an interface during channel list update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit e9722aef9e)
2023-09-20 14:11:53 +02:00
Leon M. Busch-George
83bf45ea5c
package: base-files: turn error into warning
Some users have their routers configured to supply a DHCP range that
includes the local interface address.
That worked with dnsmasq because it automatically skips the local
address.

Re-enable those existing configurations for the release and hint at
possible future problems.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ wrap commit description and remove unecessary text ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-09-19 15:38:59 +02:00
Felix Fietkau
829196e1b1 netifd: update to the latest version
7a58b995fdbe wireless: update prev_config on SET_DATA notify

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f52e008d04)
2023-09-19 11:57:19 +02:00
Felix Fietkau
09b9d732ec hostapd: use phy name for hostapd interfaces instead of first-bss ifname
Improves reliability in error handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a511480368)
2023-09-19 11:57:18 +02:00
Felix Fietkau
8b385a45a6 mac80211: fix AP reconfiguration on DFS channels in non-ETSI regdomain
Allow grace period for DFS available after shutting down beacons on the channel

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 16889141d9)
2023-09-18 16:52:25 +02:00
Felix Fietkau
0d1859c258 netifd: update to the latest version
f429bd94f99e system-linux: switch to new ETHTOOL_xLINKSETTINGS API
1a07f1dff32b make_ethtool_modes_h.sh: apply anti-bashism
3d425f16d6a6 wireless: rework and fix vlan/station config reload handling
88a3a9e2be07 wireless: clean up prev_config handling
afcd3825dad9 wireless: dynamically enable/disable virtual interfaces base on network interface autostart

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a33f1d3515)
2023-09-18 16:52:25 +02:00
Felix Fietkau
5e3f86a101 hostapd: select libopenssl-legacy for openssl variants
Without it, a lot of authentication modes fail without obvious error messages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 560965d582)
2023-09-18 16:52:25 +02:00
Felix Fietkau
90d5961751 hostapd: remove eap-eap192 auth type value
It is no longer used

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b0501d380f)
2023-09-18 16:52:25 +02:00
Felix Fietkau
6e09f88d29 netifd: update to the latest version
db3934d2f740 scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support

Support the following values for the different WPA3 Enterprise modes:

- wpa3-mixed: WPA3 Enterprise transitional mode
	This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
	This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
	This uses only GCMP-256 ciphers

Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8c03dc962f)
2023-09-18 16:52:25 +02:00
Felix Fietkau
6798f156f9 hostapd: support eap-eap2 and eap2 auth_type values
WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b63df6ce5d)
2023-09-18 16:52:25 +02:00
Felix Fietkau
98d0ee9dbf hostapd: fix FILS key mgmt type for WPA3 Enterprise 192 bit
Use the SHA384 variant to account for longer keys with more security

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f0d1349b52)
2023-09-18 16:52:25 +02:00
Felix Fietkau
a701e6e1c2 netifd: update to the latest version
077e05f2b129 vlan/vlandev: pass through extra vlan information passed via hotplug
40fad91eb5be wireless: add network_vlan config attribute
1571e18e4a69 bridge: add support for configuring extra tagged vlans on member devices
b719f189f243 bridge: make hotplug-added vlans default to tagged
edf3aced9f9a bridge: add support for adding vlan ranges via hotplug
493e1589bc8b bridge: fix coverity false positive report
03a619947717 bridge: add support for configuring extra vlans for the bridge itself
4bea6d21a9ab wireless: fix changing reconf/serialize options in configuration
255b4d5c472e wireless: fix handling config reload with reconf=1
1ab992a74b43 wireless: fix another reconf issue
e94f7a81a039 bridge: fix config reload on 32 bit systems
8c2758b4fbbb wireless: add support for replacing data blobs at runtime
0ff22a6a68ce wireless: enable dynamic reconfiguration by default
4711f74479e2 netifd: fix disabling radio via config if reconf is being used

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 09fd59938b)
2023-09-18 16:52:25 +02:00
Felix Fietkau
9720b094ae hostapd: backport from master, including ucode based reload support
This significantly improves config reload behavior and also fixes some
corner cases related to running AP + mesh interfaces at the same time.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-18 16:52:25 +02:00
Felix Fietkau
263583dc1e ubus: update to the latest version
f787c97b3489 libubus: add missing uloop_fd_delete call in ubus_shutdown

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit fdadfb633f)
2023-09-18 14:25:18 +02:00
Felix Fietkau
9af2ad5111 ucode: update to the latest version
9986b839595d ci: unbreak failing builds by using fixed gh-actions-openwrt-ci-sdk
77c961e20eda ci: fix broken imx6-generic SDK build
86107a647cb0 ci: cancel concurrent builds
ed543d8bf481 ci: update the workflows
11d5f8840002 Merge pull request #151 from ynezz/ynezz/unbreak-ci
b934ce815ff2 program: fix memory leak in read_sourceinfo
b0baf043e64c Merge pull request #152 from Ansuel/fix-memory-leak
740e2501fdca main: add user specified library search paths before default path
15f1a669e8e2 struct: remove state->len
29edb011caf1 ubus: add support for strings containing null bytes
2b4346bfdc67 vm: clear vm->alloc_refs in uc_gc_common
b213bd120d55 Merge pull request #150 from nbd168/misc-improvements
66520ebe27ae vm: immediately release arguments on calls with invalid spreads
07cc72a77e3b README.md: fix debian dependencies
d048ea88fe71 compiler: fix memory leak in uc_compiler_compile_import on early exit
7b7e22dcdf02 Merge pull request #155 from luizluca/luizluca-patch-1
d656d150905e types: implement ucv_object_sort()
d72eebeb168b lib: support object ordering in `uc_sort()`
ed1f0133c870 nl80211: add constants for iftypes
3ffb046c59a6 Merge pull request #156 from nbd168/nl80211-iftypes
c7d84aae0969 Merge pull request #153 from jow-/lib-sort-object-support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 9419a50242)
2023-09-18 14:25:18 +02:00
Mathew McBride
3c8825e5f8 kernel: enable vfio and vfio-pci for armsr-armv8
Arm platforms with the right hardware blocks (such as
GICv3.0+ interrupt controller and SMMU/IOMMU) are
able to use vfio-pci to pass through PCI devices
to a VM.

Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 9ac01aac0a)
2023-09-16 21:00:38 +02:00
Mathew McBride
c79854e9fc kernel: vfio: remove unneeded enable_unsafe_noiommu_mode parameter
The vfio module only exposes the enable_unsafe_noiommu_mode parameter
if CONFIG_VFIO_NOIOMMU is enabled. When it isn't, the module
will complain about an unknown parameter:

vfio: unknown parameter 'enable_unsafe_noiommu_mode' ignored

As CONFIG_VFIO_NOIOMMU is disabled by the module package,
we can remove the module loading parameter.

Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 7ad8612a23)
2023-09-16 21:00:38 +02:00
Mathew McBride
5edeb1ee0c kernel: add vhost-net module
vhost-net is used to accelerate traffic to virtualisation
guests that use the virtio-net network card in QEMU.

Generally it is invoked by specifying "vhost=on" to a
QEMU -netdev device:

qemu-system-aarch64 -nographic -M virt -cpu host \
        --enable-kvm -bios u-boot.bin -smp 1 -m 2048 \
        -drive file=openwrt-armsr-armv8.img,format=raw,index=0,media=disk \
        -device "virtio-net,netdev=landev,disable-legacy=off,disable-modern=off" \
        -netdev "tap,id=landev,helper=/usr/lib/qemu-bridge-helper --br=br-lan,vhost=on"

Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit d188db8aed)
2023-09-16 21:00:38 +02:00
Hannu Nyman
6577b550df
base-files: sysupgrade: Add 2 sec sleep into process KILL loop
Add 2 seconds sleep after each forcibly killed/tried-to-kill process
in the final process termination loop in sysupgrade stage2.

This is needed especially for qualcommax/ipq807x, where ath11k
wireless driver may have a long 10-20 seconds delay after termination
before actually getting killed. This often breaks sysupgrade.

The current KILL loop in kill_remaining does all 10 kill attempts
consecutively without any delay, as evidenced here in a failing sysupgrade.
It does not allow any time for the process to finalize its internal
termination.

Sat Sep  2 19:05:56 EEST 2023 upgrade: Sending TERM to remaining processes ...
Sat Sep  2 19:05:56 EEST 2023 upgrade: Sending signal TERM to hostapd (2122)
Sat Sep  2 19:05:56 EEST 2023 upgrade: Sending signal TERM to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending KILL to remaining processes ...
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2122)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Failed to kill all processes.
sysupgrade aborted with return code: 256

The change in this commit adds a 2 seconds delay after each kill attempt
in order to allow some processes to more gracefully handle their
internal termination.

The result is like this:

Sun Sep  3 11:15:10 EEST 2023 upgrade: Sending TERM to remaining processes ...
Sun Sep  3 11:15:10 EEST 2023 upgrade: Sending signal TERM to hostapd (2309)
Sun Sep  3 11:15:10 EEST 2023 upgrade: Sending signal TERM to hostapd (2324)
Sun Sep  3 11:15:14 EEST 2023 upgrade: Sending KILL to remaining processes ...
Sun Sep  3 11:15:14 EEST 2023 upgrade: Sending signal KILL to hostapd (2309)
[  699.827521] br-lan: port 7(hn5wpa2r) entered disabled state
[  699.908673] device hn5wpa2r left promiscuous mode
[  699.908721] br-lan: port 7(hn5wpa2r) entered disabled state
[  701.038029] br-lan: port 6(hn5wpa3) entered disabled state
Sun Sep  3 11:15:16 EEST 2023 upgrade: Sending signal KILL to hostapd (2324)
[  702.058256] br-lan: port 5(hn2wlan) entered disabled state
[  709.250063] stage2 (8237): drop_caches: 3
Sun Sep  3 11:15:25 EEST 2023 upgrade: Switching to ramdisk...

The delay introduced here only kicks in if there is some process that
does not get terminated by the first TERM call. Then there is at least
one 2 sec wait after the first KILL loop round.

This commit is related to discussion in PRs #12235 and #12632

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 47d56ae546)
2023-09-12 14:53:40 +02:00
Piotr Dymacz
0165daf569 uboot-envtools: ramips: add support for ALFA Network AX1800RM
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(backported from commit 69f12c2f23)
2023-09-11 13:49:07 +02:00
Daniel Golle
a7449e5e95 arm-trusted-firmware-mediatek: fix hang on reboot on MT7622
With recent updates of TF-A the previously already fixed bug slipped
back into the source tree. Again, reorder bl2 init for MT7622 and
initialize WDT only after DRAM init has completed to avoid the
notorious hang.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 948ad2ec7a)
2023-09-11 00:03:56 +01:00
Daniel Golle
0cb2ff5d08 uboot-mediatek: sync mtk-snand driver with SDK
Sync SPI-NAND/ECC controller driver for MT7622, MT7981, MT7986 and MT7988:
 * Platform data for MT7981 was actually missing and is now added.
 * Add support for Winbond W25N01KV 1Gbit chip.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9725524235)
2023-09-11 00:03:56 +01:00
Shiji Yang
cdc8470aec mac80211: fix MT7620 Wi-Fi channel scanning function
During the channel scanning process, the driver will continuously
switch channels. It seems that the full RF calibration step in
rt2800_config_channel() caused the channel scanning function to
timeout. To fix it, move the RF calibration to rt2800_enable_radio()
so that it is only executed once. This commit also includes some
coding format adjustments to follow the Linux recommended style.

Fixes: 2824fa6963 ("mac80211: rework MT7620 PA/LNA RF calibration")
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit ce6ad123e7)
2023-09-05 22:57:42 +01:00