It's required by bcm53xx. This allows dropping separated oseama package
and avoids some code duplication.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1d9d0ca376)
Some of firmware utils may be required on target devices. It's useful
e.g. for dealing with some firmware formats. That is often required
(supporting specific format) to provide an option to revert to original
firmware.
So far we had packaged "otrx" util only for use on Broadcom targets.
Refactor that to package the whole firmware-utils project so we can
package any single util needed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 24d6abe2d7)
A previous commit supposed to mask out excess host bits in route targets
failed to correctly calculate the mask value, causing it to produce
improper results for certain mask lengths.
Fixes: https://github.com/openwrt/netifd/issues/17
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add configuration to access U-Boot environment on MeiG SLT866.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f8414f1a6f)
eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d45d72a6da)
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1714087442)
0352a33 uloop: support new interval and signal APIs
1468cc4 syntax: don't treat `as` and `from` as reserved keywords
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 551963662b)
Refresh patches for hostapd using make package/hostapd/refresh.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 05e516b12d)
Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never
permitted.
This is probably due to the complexity of setting periodic check for the
intolerant bit. When noscan option is set, we ignore the presence of the
intoleran bit in near AP, so we can enable 40MHz and ignore any complex
logic for checking.
Fixes: #13112
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6c9ac57d58)
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b1c7b1bd67)
noscan option for mesh was broken and actually never applied.
This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1b5ea2e199)
noscan option was changed to hostapd_noscan but the entry in
wpa_supplicant was never updated resulting in the noscan option actually
never set.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1070fbce6e)
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.*
-rw-r--r-- 1 root root 749 Nov 6 23:14 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 23:14 /etc/uhttpd.key
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6aad5ab099)
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r-- 1 root root 519 Nov 6 22:58 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 22:58 /etc/uhttpd.key
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 929c9a58c9)
Apply them directly using nl80211 after setting up the interface.
Use the same method in wdev.uc as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 531314260d)
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 41d7439af5)
Hardware specification:
SoC: MediaTek MT7981B 2x A53
Flash: 64GB eMMC or 128 MB SPI-NAND
RAM: 512MB
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976C
Button: Reset, Mesh
Power: DC 12V 1A
- UART: 3.3v, 115200n8
--------------------------
| Layout |
| ----------------- |
| 4 | GND TX VCC RX | <= |
| ----------------- |
--------------------------
Gain SSH access:
1. Login into web interface, and download the configuration.
2. Enter fakeroot, decompress the configuration:
tar -zxf cfg_export_config_file.conf
3. Edit 'etc/config/dropbear', set 'enable' to '1'.
4. Edit 'etc/shadow', update (remove) root password:
'root::19523:0:99999:7:::'
5. Repack 'etc' directory:
tar -zcf cfg_export_config_file.conf etc/
* If you find an error about 'etc/wireless/mediatek/DBDC_card0.dat',
just ignore it.
6. Upload new configuration via web interface, now you can SSH to RAX3000M.
Check stroage type:
Check the label on the back of the device:
"CH EC CMIIT ID: xxxx" is eMMC version
"CH CMIIT ID: xxxx" is NAND version
eMMC Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'factory' part.
('data' partition can be ignored, it's useless.)
2. Write new GPT table:
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-gpt.bin of=/dev/mmcblk0 bs=512 seek=0 count=34 conv=fsync
3. Erase and write new BL2:
echo 0 > /sys/block/mmcblk0boot0/force_ro
dd if=/dev/zero of=/dev/mmcblk0boot0 bs=512 count=8192 conv=fsync
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-preloader.bin of=/dev/mmcblk0boot0 bs=512 conv=fsync
4. Erase and write new FIP:
dd if=/dev/zero of=/dev/mmcblk0 bs=512 seek=13312 count=8192 conv=fsync
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-bl31-uboot.fip of=/dev/mmcblk0 bs=512 seek=13312 conv=fsync
5. Set static IP on your PC:
IP 192.168.1.254, GW 192.168.1.1
6. Serve OpenWrt initramfs image using TFTP server.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt has booted, perform sysupgrade.
9. Additionally, if you want to have eMMC recovery boot feature:
(Don't worry! You will always have TFTP recovery boot feature.)
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb of=/dev/mmcblk0p4 bs=512 conv=fsync
NAND Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'Factory' part.
2. Erase and write new BL2:
mtd erase BL2
mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-preloader.bin BL2
3. Erase and write new FIP:
mtd erase FIP
mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-bl31-uboot.fip FIP
4. Set static IP on your PC:
IP 192.168.1.254, GW 192.168.1.1
5. Serve OpenWrt initramfs image using TFTP server.
6. Cut off the power and re-engage, wait for TFTP recovery to complete.
7. After OpenWrt has booted, erase UBI volumes:
ubidetach -p /dev/mtd0
ubiformat -y /dev/mtd0
ubiattach -p /dev/mtd0
8. Create new ubootenv volumes:
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Additionally, if you want to have NAND recovery boot feature:
(Don't worry! You will always have TFTP recovery boot feature.)
ubimkvol /dev/ubi0 -n 2 -N recovery -s 20MiB
ubiupdatevol /dev/ubi0_2 openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb
10. Perform sysupgrade.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 423186d7d8)
[rebased to 23.05]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The OEM U-Boot uses dual boot and signature verification which does not
support by OpenWrt. So add a custom U-Boot build for OpenWrt.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit fddd735dd5)
Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110
This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk
Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3c17cdbc36)
Some packages (like wavemon >= 0.9.4) depend on libnl-cli. Add support
for this part of the lib. libnl-cli itself depends on libnl-genl and
libnl-nf. On MIPS, this component adds 81kB.
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(punctuation correction and reorganisation of commit message)
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 4bdd1c1a13)
d8118f6 config: make sure timer is not on the timeouts list before freeing
4bbc6e7 add hostsfile output in addition to statefile
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 0221b86032)
With patch 101-03-spi-mtk_spim-get-spi-clk-rate-only-once.patch
a new system to calculate the SPI clocks has been added.
Unfortunately, the do_div macro overrides the global
priv->pll_clk_rate field. This will cause to have a reduced
clock rate on each subsequent SPI call.
Signed-off-by: Valerio 'ftp21' Mancini <ftp21@ftp21.eu>
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit 8849ccb995)
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl/ath11k
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.
The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.
Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
Bug-Debian: https://bugs.debian.org/1004524
Bug-ArchLinux: https://bugs.archlinux.org/task/73495
Upstream-Status: Changes Requested [https://patchwork.ozlabs.org/project/hostap/patch/20220130192200.10883-1-mail@david-bauer.net]
Reported-by: Étienne Morice <neon.emorice@mail.com>
Tested-by: Étienne Morice <neon.emorice@mail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 6dca88aa4a)
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.
So lets add support for CycloneDX SBOM for packages and images
manifests.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d604a07225)
Remove ABI version, since its format is not accepted by the linker.
Enable rpath to avoid clash with system libraries
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 5eb8a21ba5)
It must read the entire image for previous code of 'imsz' or 'imszb'.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Suggested-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 3bbc1d5fba)
Improve and package builds for various boot media configurations of the
MediaTek MT7981 reference board.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 8428bed15d)
When adding builds for MT7981 the related Makefile sections for MT7986
have apparently been copied, but in one instance the rename from 7986 to
7981 has been omitted. Fix that now.
Fixes: 602cb4f325 ("arm-trusted-firmware-mediatek: add build for MT7981 DDR3")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit be6e257fe6)
The code for hostapd-mbedtls did not work when used for OWE association.
When handling association requests, the buffer offsets and length
assumptions were incorrect, leading to never calculating the y point,
thus denying association.
Also when crafting the association response, the buffer contained the
trailing key-type.
Fix up both issues to adhere to the specification and make
hostapd-mbedtls work with the OWE security type.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 39341f422f)
This fixes building with USE_LTO enabled.
<artificial>:(.text+0xc22): relocation R_MIPS16_26 against `libxt_DNAT_init' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol printf
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 5dbdf3bb3a)
This fixes building with USE_LTO enabled.
<artificial>:(.text+0xcc8): relocation R_MIPS16_26 against `luaL_argerror' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol strcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 246b97b607)
This fixes building with USE_LTO enabled.
<artificial>:(.text+0x4194): relocation R_MIPS16_26 against `cil_printf.lto_priv.0' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol memcmp
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 1925a183a3)
This fixes building with USE_LTO enabled:
<artificial>:(.text.exit+0x6e): relocation R_MIPS16_26 against `pthread_key_delete' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol stpcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 2a33d26d21)
This fixes building with USE_LTO enabled.
<artificial>:(.text+0x400c): relocation R_MIPS16_26 against `iwinfo_close' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol strcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit fbacc5ae52)
Currently the zram default compressor choice is displayed whether or not
zram is activated. Since the default choice is lzo-rle, this adds a
false dependency on kmod-lib-lzo.
With this patch, the choice options appear only when activating zram.
Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit 62ada26de2)
Commit 572ea68070 ("uboot-mediatek: add patches for MT7988 and
builds for RFB") renamed HSGMII to 2500basex, but forgot to update
the dts of Redmi Router AX6000, makes the network unusable.
This patch makes the network usable again.
Fixes: #13724
Fixes: 572ea68070 ("uboot-mediatek: add patches for MT7988 and builds for RFB")
Signed-off-by: Furong Xu <xfr@outlook.com>
(cherry picked from commit 03987d2d11)
479c7f8676d9 cache: make record/hostname lookup case-insensitive
26c97a5a50bf ubus: add a browse flag for suppressing cached ip addresses
c286c51a9bd9 Fix AVL tree traversal in cache_record_find and cache_host_is_known
4035fe42df58 interface: use a global socket instead of per-interface ones
c63d465698c7 cache: dump hostname target from srv records
b42b22152d73 use hostname from SRV record to look up IP addresses
d45c443aa1e6 ubus: add array flag support for the hosts method
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3e1ac00ccb)
c8c9f10 uim: fix help formatting
aac0776 uqmi: add APN profile commands
ffc5eea uim: support SIM card power-up/down
d6c963d uim: add application state to SIM status
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 0da74dbb45)
Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e4ebc7b566)
1) clear nvram partialboots upon successful boot
This behavior is already defined for EA9500; enabled for EA9200 too.
2) fix MAC address in board.d/02_network
Use the correct nvram variable to derive lan/wan MAC address.
Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit 9c42d23c5f)
The ucidef_set_network_device_* functions in uci-defaults.sh disagree
on whether to use "network-device" or "network_device" in board.json.
With the additional caveat that jshn will translate hyphens (-) into
underscores (_). This casues problems in netifd which expected
"network_device" causing boards which depend on assigning MACs in
board.json via uci-defaults.sh (or jshn in general) to fail.
This commit addresses the issue by using network_device in
uci-defaults.sh.
The bug was uncovered in the forums here:
https://forum.openwrt.org/t/support-for-rtl838x-based-managed-switches/57875/2596
This was exposed by commit 4ebba8a05d ("realtek: add support for HPE
1920-8g-poe+") where the board_config_load call from 03_gpio introduced
the key normalization by jshn.
Fixes: 9290539ca9 ("base-files: allow setting device and bridge macs")
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Michael 'ASAP' Weinrich <michael@a5ap.net>
[ improve commit title, description and fix wrong Tested-by tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 12bc79d6d5)
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi
supports a timeout parameter. Unfortunately qmi.sh didn't make use of
this parameter. So qmi.sh is now invoking an early dummy access to
unlock the modem
Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
(cherry picked from commit 32a696f9e4)
Add missing PKG_MIRROR_HASH. This is always needed as is used to
generate and use a tar instead of git clone and validate the hash of it.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit a181b9f0f9)
Recent hostapd changes just edited the ucode files. It is required to
bump the PKG_RELEASE to include the newest changes in the latest builds.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 91d2ead3c3)
If the full interface is restarted while bringing up an AP, it can trigger a
wpa_supplicant interface start before wpa_supplicant is notified of the
allocated mac addresses.
Fix this by moving the iface_update_supplicant_macaddr call to just after
the point where mac addresses are allocated.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit abceef120d)
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Ensure that the iface disable in uc_hostapd_iface_start also clears the ACS
state.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f1bb528ae7)
Changes between 3.0.10 and 3.0.11 [19 Sep 2023]
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows. ([CVE-2023-4807])
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit bfd54529fa)
This is needed for ksh/bash style process substitution such as
<(command) and >(command) which was introduced in ash as of busybox
version 1.34.0 to work.
Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
(cherry picked from commit fdce970dbb)
Changes:
9dc0800 wireless-regdb: Update regulatory rules for Philippines (PH)
111ba89 wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines
ae1421f wireless-regdb: Update regulatory info for Türkiye (TR)
20e5b73 wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
991b1ef wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 0e13363de6)
The ZTE MF287 requires a different board calibration file for ath10k than
the ZTE MF287+. The two devices receive their own DTS, thus the device tree
is slightly refactored.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 9c7578d560)
The patch refresh accidentally moved the hostapd_ucode_free_iface call to
the wrong function
Fixes: e9722aef9e ("hostapd: fix a crash when disabling an interface during channel list update")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3a5ad6e3d7)
Some users have their routers configured to supply a DHCP range that
includes the local interface address.
That worked with dnsmasq because it automatically skips the local
address.
Re-enable those existing configurations for the release and hint at
possible future problems.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ wrap commit description and remove unecessary text ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Allow grace period for DFS available after shutting down beacons on the channel
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 16889141d9)
Without it, a lot of authentication modes fail without obvious error messages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 560965d582)
db3934d2f740 scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support
Support the following values for the different WPA3 Enterprise modes:
- wpa3-mixed: WPA3 Enterprise transitional mode
This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
This uses only GCMP-256 ciphers
Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8c03dc962f)
WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b63df6ce5d)
Use the SHA384 variant to account for longer keys with more security
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f0d1349b52)
077e05f2b129 vlan/vlandev: pass through extra vlan information passed via hotplug
40fad91eb5be wireless: add network_vlan config attribute
1571e18e4a69 bridge: add support for configuring extra tagged vlans on member devices
b719f189f243 bridge: make hotplug-added vlans default to tagged
edf3aced9f9a bridge: add support for adding vlan ranges via hotplug
493e1589bc8b bridge: fix coverity false positive report
03a619947717 bridge: add support for configuring extra vlans for the bridge itself
4bea6d21a9ab wireless: fix changing reconf/serialize options in configuration
255b4d5c472e wireless: fix handling config reload with reconf=1
1ab992a74b43 wireless: fix another reconf issue
e94f7a81a039 bridge: fix config reload on 32 bit systems
8c2758b4fbbb wireless: add support for replacing data blobs at runtime
0ff22a6a68ce wireless: enable dynamic reconfiguration by default
4711f74479e2 netifd: fix disabling radio via config if reconf is being used
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 09fd59938b)
This significantly improves config reload behavior and also fixes some
corner cases related to running AP + mesh interfaces at the same time.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Arm platforms with the right hardware blocks (such as
GICv3.0+ interrupt controller and SMMU/IOMMU) are
able to use vfio-pci to pass through PCI devices
to a VM.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 9ac01aac0a)
The vfio module only exposes the enable_unsafe_noiommu_mode parameter
if CONFIG_VFIO_NOIOMMU is enabled. When it isn't, the module
will complain about an unknown parameter:
vfio: unknown parameter 'enable_unsafe_noiommu_mode' ignored
As CONFIG_VFIO_NOIOMMU is disabled by the module package,
we can remove the module loading parameter.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 7ad8612a23)
vhost-net is used to accelerate traffic to virtualisation
guests that use the virtio-net network card in QEMU.
Generally it is invoked by specifying "vhost=on" to a
QEMU -netdev device:
qemu-system-aarch64 -nographic -M virt -cpu host \
--enable-kvm -bios u-boot.bin -smp 1 -m 2048 \
-drive file=openwrt-armsr-armv8.img,format=raw,index=0,media=disk \
-device "virtio-net,netdev=landev,disable-legacy=off,disable-modern=off" \
-netdev "tap,id=landev,helper=/usr/lib/qemu-bridge-helper --br=br-lan,vhost=on"
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit d188db8aed)
Add 2 seconds sleep after each forcibly killed/tried-to-kill process
in the final process termination loop in sysupgrade stage2.
This is needed especially for qualcommax/ipq807x, where ath11k
wireless driver may have a long 10-20 seconds delay after termination
before actually getting killed. This often breaks sysupgrade.
The current KILL loop in kill_remaining does all 10 kill attempts
consecutively without any delay, as evidenced here in a failing sysupgrade.
It does not allow any time for the process to finalize its internal
termination.
Sat Sep 2 19:05:56 EEST 2023 upgrade: Sending TERM to remaining processes ...
Sat Sep 2 19:05:56 EEST 2023 upgrade: Sending signal TERM to hostapd (2122)
Sat Sep 2 19:05:56 EEST 2023 upgrade: Sending signal TERM to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending KILL to remaining processes ...
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2122)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep 2 19:06:00 EEST 2023 upgrade: Failed to kill all processes.
sysupgrade aborted with return code: 256
The change in this commit adds a 2 seconds delay after each kill attempt
in order to allow some processes to more gracefully handle their
internal termination.
The result is like this:
Sun Sep 3 11:15:10 EEST 2023 upgrade: Sending TERM to remaining processes ...
Sun Sep 3 11:15:10 EEST 2023 upgrade: Sending signal TERM to hostapd (2309)
Sun Sep 3 11:15:10 EEST 2023 upgrade: Sending signal TERM to hostapd (2324)
Sun Sep 3 11:15:14 EEST 2023 upgrade: Sending KILL to remaining processes ...
Sun Sep 3 11:15:14 EEST 2023 upgrade: Sending signal KILL to hostapd (2309)
[ 699.827521] br-lan: port 7(hn5wpa2r) entered disabled state
[ 699.908673] device hn5wpa2r left promiscuous mode
[ 699.908721] br-lan: port 7(hn5wpa2r) entered disabled state
[ 701.038029] br-lan: port 6(hn5wpa3) entered disabled state
Sun Sep 3 11:15:16 EEST 2023 upgrade: Sending signal KILL to hostapd (2324)
[ 702.058256] br-lan: port 5(hn2wlan) entered disabled state
[ 709.250063] stage2 (8237): drop_caches: 3
Sun Sep 3 11:15:25 EEST 2023 upgrade: Switching to ramdisk...
The delay introduced here only kicks in if there is some process that
does not get terminated by the first TERM call. Then there is at least
one 2 sec wait after the first KILL loop round.
This commit is related to discussion in PRs #12235 and #12632
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 47d56ae546)
With recent updates of TF-A the previously already fixed bug slipped
back into the source tree. Again, reorder bl2 init for MT7622 and
initialize WDT only after DRAM init has completed to avoid the
notorious hang.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 948ad2ec7a)
Sync SPI-NAND/ECC controller driver for MT7622, MT7981, MT7986 and MT7988:
* Platform data for MT7981 was actually missing and is now added.
* Add support for Winbond W25N01KV 1Gbit chip.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9725524235)
During the channel scanning process, the driver will continuously
switch channels. It seems that the full RF calibration step in
rt2800_config_channel() caused the channel scanning function to
timeout. To fix it, move the RF calibration to rt2800_enable_radio()
so that it is only executed once. This commit also includes some
coding format adjustments to follow the Linux recommended style.
Fixes: 2824fa6963 ("mac80211: rework MT7620 PA/LNA RF calibration")
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit ce6ad123e7)