Commit Graph

54714 Commits

Author SHA1 Message Date
Nick Hainke
ad3d63b273 linux-firmware: update to 20221012
Changes:
cfbd668 rtl_bt: Update RTL8852C BT USB firmware to 0xD5B8_A40A
f49effc amdgpu: update GC 10.3.6 RLC firmware
f9a1c7f amdgpu: update GC 10.3.7 RLC firmware
eb1e45c amdgpu: update Yellow Carp RLC firmware
88557e1 amdgpu: update Beige Goby RLC firmware
2d3c1f8 amdgpu: update Dimgrey Cavefish RLC firmware
d513825 amdgpu: update Navy Flounder RLC firmware
c132bef amdgpu: update Sienna Cichlid RLC firmware
675bd6a mediatek: Update mt8195 SOF firmware to v0.4.1
44fa25d qcom: add squashed version of a530 zap shader
d2aac63 rtw89: 8852c: update fw to v0.27.56.1
c9a1ddf rtw89: 8852c: update fw to v0.27.56.0
b7d6c9f mediatek: Update mt8186 SCP firmware
fdf1a65 linux-firmware: Update AMD cpu microcode
375d450 mediatek: mt8195: Update scp.img to v2.0.11956
daee413 mediatek: Add new mt8195 SOF firmware
213255f mediatek: Update mt8186 SOF firmware to v0.2.1
9f88ec4 linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
bb3f948 rtl_bt: Update RTL8852A BT USB firmware to 0xD9B8_8207
6be4c4c linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
ea94bda linux-firmware: update firmware for MT7922 WiFi device
9490e8a linux-firmware: update firmware for MT7921 WiFi device
e6e48db cxgb4: Update firmware to revision 1.27.0.0
51fff4e i915: Add versionless HuC files for current platforms
067440c i915: Add GuC v70.5.1 for DG1, DG2, TGL and ADL-P
0e8f546 qca: Update firmware files for BT chip WCN3991.
3593bb7 Removing crnv32

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 555cd82c22)
2023-05-27 22:05:14 +02:00
Nick Hainke
91de737e9b linux-firmware: update to 20220913
Changes:
f09bebf amdgpu: update yellow carp DMCUB firmware
db6db36 amdgpu: add firmware for VCN 3.1.2 IP block
3647da5 amdgpu: add firmware for SDMA 5.2.6 IP block
639b5c1 amdgpu: add firmware for PSP 13.0.5 IP block
7658946 amdgpu: add firmware for GC 10.3.6 IP block
427ca6c amdgpu: add firmware for DCN 3.1.5 IP block
edf9a2b qcom: rename Lenovo ThinkPad X13s firmware paths
9ebd5a5 rtw89: 8852c: update fw to v0.27.42.0
7546432 rtw89: 8852c: update fw to v0.27.36.0
2f2f018 Mellanox: Add new mlxsw_spectrum firmware xx.2010.3146
706a462 amdgpu: update beige goby VCN firmware
09ec438 amdgpu: update dimgrey cavefish VCN firmware
647021b amdgpu: update navy flounder VCN firmware
3c1662d amdgpu: update sienna cichlid VCN firmware
d3c9228 rtl_bt: Update RTL8852C BT USB firmware to 0xDFB8_5A33
a1c4b15 mediatek: reference the LICENCE file for MediaTek firmwares

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 181dc64a82)
2023-05-27 22:05:14 +02:00
Nick Hainke
d1365629e5 linux-firmware: update to 20220815
Changes:
12ca075 mediatek: Add new mt8186 SOF firmware
aed71f2 ice: Update package to 1.3.30.0
1ee415b QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00438
c58f001 brcm: Add nvram for Lenovo Yoga Tablet 2 830F/L and 1050F/L tablets
d4a4224 brcm: Add nvram for the Xiaomi Mi Pad 2 tablet
7220731 brcm: Add nvram for the Asus TF103C tablet
89ec619 Add amd-ucode README file
4f8f67e qca: Update firmware files for BT chip WCN6750.
        This commit will update required firmware files for WCN6750.
e6857b6 amdgpu: Update Yellow Carp VCN firmware
e6185d5 linux-firmware: Update firmware file for Intel Bluetooth 9462
140beaf linux-firmware: Update firmware file for Intel Bluetooth 9462
045847e linux-firmware: Update firmware file for Intel Bluetooth 9560
f7f3d1f linux-firmware: Update firmware file for Intel Bluetooth 9560
45c5e53 linux-firmware: Update firmware file for Intel Bluetooth AX201
1068c45 linux-firmware: Update firmware file for Intel Bluetooth AX201
b93bf2c linux-firmware: Update firmware file for Intel Bluetooth AX211
31d24ca linux-firmware: Update firmware file for Intel Bluetooth AX211
447ca4a linux-firmware: Update firmware file for Intel Bluetooth AX210
87d07fd linux-firmware: Update firmware file for Intel Bluetooth AX200
63a87d2 linux-firmware: Update firmware file for Intel Bluetooth AX201
a45053c Mellanox: Add new mlxsw_spectrum firmware xx.2010.3020
4ae4ae8 qcom: Add firmware for Lenovo ThinkPad X13s
feda199 linux-firmware: Add firmware for Cirrus CS35L41
a4235e0 i915: Add GuC v70.4.1 for DG2
3ab394a i915: Add DMC v2.07 for DG2
150864a amdgpu partially revert "amdgpu: update beige goby to release 22.20"
56cf646 mediatek: Update mt8183/mt8192/mt8195 SCP firmware
4421586 amdgpu: update renoir to release 22.20
06cead1 amdgpu: update beige goby to release 22.20
d3e37b7 amdgpu: update yellow carp to release 22.20
9149732 amdgpu: update dimgrey cavefish to release 22.20
c2f5699 amdgpu: update vega20 to release 22.20
c3afe6a amdgpu: update vega12 to release 22.20
e840fe5 amdgpu: update raven to release 22.20
efe98d4 amdgpu: update navy flounder to release 22.20
5f13921 amdgpu: update vega10 to release 22.20
8da4640 amdgpu: update sienna cichlid to release 22.20
3fbfd89 amdgpu: update navi14 to release 22.20
8fe4b42 amdgpu: update green sardine to release 22.20
ca36bb9 amdgpu: update vangogh to release 22.20
21ba56c amdgpu: update navi12 to release 22.20
e9918d2 amdgpu: update navi10 to release 22.20
f379030 amdgpu: update picasso to release 22.20
1826c07 amdgpu: update aldebaran to release 22.20
1cbf1c6 amdgpu: update psp 13.0.8 TA firmware
35bb3bd WHENCE: Fix the dangling symlinks fix
84661a3 amdgpu: update DMCUB firmware for DCN 3.1.6
dfa2931 WHENCE: Correct dangling symlinks

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 58271ed057)
2023-05-27 22:05:14 +02:00
Christian Lamparter
9c54ac6224 linux-firmware: Update to version 20220610
git log --pretty=oneline --abbrev-commit 20220509..20220610 (sorted)

amdgpu:
4458bb4 amdgpu: update yellow carp DMCUB firmware
9ed4d42 amdgpu: update Yellow Carp VCN firmware
251d290 amdgpu: update beige goby firmware for 22.10
d4346b3 amdgpu: update renoir firmware for 22.10
b3df9c4 amdgpu: update dimgrey cavefish firmware for 22.10
e1b0a1c amdgpu: update vega20 firmware for 22.10
4a0d163 amdgpu: update yellow carp firmware for 22.10
e8f2e54 amdgpu: update vega12 firmware for 22.10
7a7f84a amdgpu: update navy flounder firmware for 22.10
5a6a482 amdgpu: update vega10 firmware for 22.10
4ee52ee amdgpu: update raven2 firmware for 22.10
e2d460f amdgpu: update raven firmware for 22.10
5b52a90 amdgpu: update sienna cichlid firmware for 22.10
c8268e6 amdgpu: update green sardine firmware for 22.10
f29f5b5 amdgpu: update PCO firmware for 22.10
95b5b3f amdgpu: update vangogh firmware for 22.10
6dcbd01 amdgpu: update navi14 firmware for 22.10
f803fbd amdgpu: update navi12 firmware for 22.10
8923000 amdgpu: update navi10 firmware for 22.10
4b2af01 amdgpu: update aldebaran firmware for 22.10

ath10k:
2aa4da3 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00157
f7cc4b4 ath10k: QCA9888 hw2.0: update board-2.bin
e9e987d ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00157
866b5b2 ath10k: QCA4019 hw1.0: update board-2.bin

intel:
ac640f0 linux-firmware: Update firmware file for Intel Bluetooth 9462
38dd3f2 linux-firmware: Update firmware file for Intel Bluetooth 9462
72e1216 linux-firmware: Update firmware file for Intel Bluetooth 9560
94c49b4 linux-firmware: Update firmware file for Intel Bluetooth 9560
e4971d1 linux-firmware: Update firmware file for Intel Bluetooth AX201
78c3731 linux-firmware: Update firmware file for Intel Bluetooth AX201
12564a2 linux-firmware: Update firmware file for Intel Bluetooth AX211
edc709e linux-firmware: Update firmware file for Intel Bluetooth AX211
9546d55 linux-firmware: Update firmware file for Intel Bluetooth AX210
111bd14 linux-firmware: Update firmware file for Intel Bluetooth AX200
ac67ec3 linux-firmware: Update firmware file for Intel Bluetooth AX201
99cb4b0 iwlwifi: add new FWs from core70-87 release
7073b8a iwlwifi: update 9000-family firmwares to core70-87
f9e0b9f iwlwifi: remove old unsupported 3160/7260/7265/8000/8265 firmware
7d118ce linux-firmware: Update firmware file for Intel Bluetooth 9462
30dcf82 linux-firmware: Update firmware file for Intel Bluetooth 9462
7d141a6 linux-firmware: Update firmware file for Intel Bluetooth 9560
741fee8 linux-firmware: Update firmware file for Intel Bluetooth 9560
e7214a2 linux-firmware: Update firmware file for Intel Bluetooth AX201
0e3e49a linux-firmware: Update firmware file for Intel Bluetooth AX201
46cfae6 linux-firmware: Update firmware file for Intel Bluetooth AX211
16c926e linux-firmware: Update firmware file for Intel Bluetooth AX211
f293900 linux-firmware: Update firmware file for Intel Bluetooth AX210
41386cc linux-firmware: Update firmware file for Intel Bluetooth AX200
62235c9 linux-firmware: Update firmware file for Intel Bluetooth AX201

realtek:
7eef50f rtw88: 8822c: Update normal firmware to v9.9.13
23b5428 rtw88: 8822c: Update normal firmware to v9.9.12

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit fffb8cacf1)
2023-05-27 22:05:14 +02:00
Christian Lamparter
f3ccdf7ad6 linux-firmware: take linux-firmware.git's qca99x0 boardfile
Kalle Valo managed to add the qca9980's boardfile in the
upstream repository. Sourcing the file from his repository
is no longer needed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 4ba7f6d9cb)
2023-05-27 22:05:14 +02:00
Christian Lamparter
8da1ba2c25 linux-firmware: Update to version 20220509
git log --pretty=oneline --abbrev-commit 20220411..20220509 (sorted)

amdgpu:
480d6c2 amdgpu: update dcn_3_1_6_dmcub firmware
b4994be amdgpu: update gc_10_3_7_rlc firmware
61eb408 amdgpu: update psp_13_0_8 firmware
fcf9d8c amdgpu: update yellow carp DMCUB firmware

ath10k:
73743b8 ath10k: QCA4019 hw1.0: update board-2.bin
6ad0930 ath10k: QCA6174 hw3.0: update board-2.bin
729bd7f ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00288-QCARMSWPZ-1
9fce09f ath10k: QCA9888 hw2.0: update board-2.bin
b155d85 ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00156
44b8aee ath10k: QCA9984 hw1.0: update board-2.bin
4ad3bd3 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00156
1962cba ath10k: QCA99X0 hw2.0: add board-2.bin

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 25b29b53f0)
2023-05-27 22:05:14 +02:00
Shiji Yang
80fbad19ef ramips: correct page read return value of the mt7621 nand driver
read_page() need to return maximum number of bitflips instead of the
accumulated number. Change takes from upstream mt7621 u-boot [1].

 * @read_page:  function to read a page according to the ECC generator
 *              requirements; returns maximum number of bitflips
 *              corrected in any single ECC step, -EIO hw error

[1] https://lore.kernel.org/all/cover.1653015383.git.weijie.gao@mediatek.com/

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 2fbb91d73f)
2023-05-27 22:05:14 +02:00
Sven Roederer
80a99d9cf7 build: escape whitespaces in VERSION_DIST for Netgear images
Prevents subshell commands from failing to parse options
when having defined a whitespace in the VERSION_DIST.
As the called resulting images unlikely will handle
whitespace correctly, we replace them by "-".

Signed-off-by: Sven Roederer <S.Roederer@colvistec.de>
(cherry picked from commit 4071398b13)
2023-05-27 21:32:47 +02:00
Georgi Valkov
30fca5413b fortify-headers: fix build error when _REDIR_TIME64 is not defined
some targets do not define the _REDIR_TIME64 macro resulting in a
build error regression since ddfe5678a4
fix by checking if the macro is defined

[1] https://github.com/openwrt/openwrt/issues/12587

Fixes: #12587
Fixes: ddfe5678a4 ("fortify-headers: fix inconsistent time_t version of ppoll")
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
(cherry picked from commit 9145c4fbcb)
2023-05-18 17:36:12 +02:00
Georgi Valkov
4d6638464c fortify-headers: fix inconsistent time_t version of ppoll
Bug:
fortify/poll.h includes poll.h, which redirects ppoll to __ppoll_time64
if the _REDIR_TIME64 macro is 1. Then fortify/poll.h will #undef ppoll
and use the 32 bit version.

Fix: we should not do this when _REDIR_TIME64 is 1.

[1] https://forum.openwrt.org/t/idle-cpu-usage-of-usbmuxd/140331/15
[2] https://github.com/openwrt/openwrt/issues/12574

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
(cherry picked from commit ddfe5678a4)
2023-05-18 17:36:03 +02:00
Paul Spooren
695a22ab15 build: generate index.json
The index.json file lies next to Packages index files and contains a
json dict with the package architecture and a dict of package names and
versions.

This can be used for downstream project to know what packages in which
versions are available.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 218ce40cd7)
2023-05-10 00:07:15 +02:00
Yuu Toriyama
e500494771 wireless-regdb: update to 2023.05.03
Changes:
  43f81b4 wireless-regdb: update regulatory database based on preceding changes
  66f245d wireless-regdb: Update regulatory rules for Hong Kong (HK)
  e78c450 wireless-regdb: update regulatory rules for India (IN)
  1647bb6 wireless-regdb: Update regulatory rules for Russia (RU). Remove DFS requirement.
  c076f21 Update regulatory info for Russia (RU) on 6GHz

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 97d20525b2)
2023-05-06 15:02:29 +02:00
John Audia
2677220d81 kernel: bump 5.10 to 5.10.179
All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
[Refresh patches on openwrt-22.03 branch]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 80c1105b03)
2023-05-06 14:56:00 +02:00
John Audia
5cc1bd5b21 kernel: bump 5.10 to 5.10.178
Removed upstreamed:
	backport-5.10/430-v6.3-ubi-Fix-failure-attaching-when-vid_hdr-offset-equals.patch[1]

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.178&id=0279e82e148407feec88466990de14bcba9e12c0

All other patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
[Refresh patches on openwrt-22.03 branch]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 126c64df2b)
2023-05-06 14:56:00 +02:00
John Audia
dcdd8e9dee kernel: bump 5.10 to 5.10.177
All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
[Refresh patches on openwrt-22.03 branch]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 78a468f690)
2023-05-06 14:56:00 +02:00
Felix Baumann
5f583d31c7 ramips: mt7621: add support for Cudy X6 v2
Rename existing device to v1 and create common .dtsi
Difference to v1: 16MB Flash

Specifications:

SoC: MediaTek MT7621
RAM: 256 MB
Flash: 16 MB (SPI NOR, XM25QH128C on my device)
WiFi: MediaTek MT7915E
Switch: 1 WAN, 4 LAN (Gigabit)
Buttons: Reset, WPS
LEDs: Two Power LEDs (blue and red; together they form purple)
Power: DC 12V 1A center positive
Serial: 115200 8N1
        C440 - (3V3 - GND - RX - TX) - C41 | v1 and v2
               (P   - G   - R  - T)        | v2 labels them on the board
Installation:

Download and flash the manufacturer's built OpenWrt image available at
http://www.cudytech.com/openwrt_software_download
Install the new OpenWrt image via luci (System -> Backup/Flash firmware)
Be sure to NOT keep settings.

Recovery:

Loads only signed manufacture firmware due to bootloader RSA verification
Serve tftp-recovery image as /recovery.bin on 192.168.1.88/24
Connect to any lan ethernet port
Power on the device while holding the reset button
Wait at least 8 seconds before releasing reset button for image to
download

MAC addresses as verified by OEM firmware:

use   address             source
LAN   f4:a4:54:86:75:a2   label
WAN   f4:a4:54:86:75:a3   label + 1
2g    f4:a4:54:86:75:a2   label
5g    f6:a4:54:b6:75:a2   label + LA-Bit set + 4th oktet increased

The label MAC address is found in bdinfo 0xde00.

Signed-off-by: Felix Baumann <felix.bau@gmx.de>
(cherry picked from commit e38de40f8d)
2023-05-04 00:07:11 +02:00
Felix Baumann
749cc6ffc4 ramips: Cudy X6 fixes / improvements
- Correct WiFi MACs, they didn't match oem firmware
- Move nvmem-cells to bdinfo partition and remove &bdinfo reference
- Add OEM device model name R13 to SUPPORTED_DEVICES
  This allows sysupgrading from Cudy's OpenWrt fork without force
- Label red_led and use it during failsafe mode and upgrades

MAC addresses as verified by OEM firmware:

use   address             source
LAN   b4:4b:d6:2d:c8:4a   label
WAN   b4:4b:d6:2d:c8:4b   label + 1
2g    b4:4b:d6:2d:c8:4a   label
5g    b6:4b:d6:3d:c8:4a   label + LA-Bit set + 4th oktet increased

The label MAC address is found in bdinfo 0xde00.

Signed-off-by: Felix Baumann <felix.bau@gmx.de>
[read wifi mac from flash offset]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 45cf200b2e)
2023-04-30 21:08:51 +02:00
Hauke Mehrtens
3960c220da OpenWrt v22.03.5: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-27 23:05:29 +02:00
Hauke Mehrtens
863f769b75 OpenWrt v22.03.5: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-27 23:05:23 +02:00
David Bauer
5f15225c1e ramips: reduce Archer AX23 / MR70X SPI-frequency
It was brought to attention the Archer AX23 v1 fails to read jffs2 data
from time to time. While this is not reproducible on my unit, it is on
others.

Reducing the SPI frequency does the trick. While it worked with at lest
40 MHz, opt for the cautious side and choose a save frequency of 25 MHz.

Apply the same treatment to the Mercusys MR70X which uses a similar
design just in case.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2c530fcb97)
2023-04-27 22:28:15 +02:00
Nick Hainke
c1ccae54ce ccache: update to 4.6.3
Release Notes:
https://ccache.dev/releasenotes.html#_ccache_4_6_3

Refresh patch:
- 100-honour-copts.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 83ea2e11b4)
2023-04-27 21:02:10 +02:00
Nick Hainke
80653f0c07 tools/ccache: update to 4.6.2
Release notes:
https://ccache.dev/releasenotes.html#_ccache_4_6_2

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit ac61cf596c)
2023-04-27 20:57:58 +02:00
Nick Hainke
eeff8b3be1 tools/ccache: update to 4.6.1
Release notes:
https://ccache.dev/releasenotes.html#_ccache_4_6_1

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 2e87e24e43)
2023-04-27 20:52:55 +02:00
Haoan Li
31b1366bc6 ramips: fix lzma-loader for buffalo_WSR_600DHP
This fixes a well known "LZMA ERROR 1" error, reported previously on
numerous of similar devices.

Fixes: #11919
Signed-off-by: Haoan Li <lihaoan1001@163.com>
(cherry picked from commit c7b484f364)
2023-04-23 14:15:54 +02:00
David Bauer
bf81a92171 ath79: create Aruba AP-105 APBoot compatible image
Alter the Aruba AP-105 image generation process so OpenWrt can be loaded
with the vendor Aruba APBoot.

This works by prepending the OpenWrt LZMA loader to the uImage and
jumping directly to the loader. Aruba does not offer bootm on these
boards.

This approach keeps compatibility to devices which had their U-Boot
replaced. Both bootloaders can boot the same image.

The same modification is most likely also possible for the Aruba AP-175.

With this patch, new installations do not require replacing the
bootloader and can be performed from the serial console without opening
the case.

Installation
------------

1. Attach to the serial console of the AP-105.
   Interrupt autoboot and change the U-Boot env.

   $ setenv apb_rb_openwrt "setenv ipaddr 192.168.1.1;
     setenv serverip 192.168.1.66;
     netget 0x84000000 ap105.bin; go 0x84000040"
   $ setenv apb_fb_openwrt "cp.b 0xbf040000 0x84000000 0x10000;
     go 0x84000040"
   $ setenv bootcmd "run apb_fb_openwrt"
   $ saveenv

2. Load the OpenWrt initramfs image on the device using TFTP.
   Place the initramfs image as "ap105.bin" in the TFTP server
   root directory, connect it to the AP and make the server reachable
   at 192.168.1.66/24.

   $ run apb_rb_openwrt

3. Once OpenWrt booted, transfer the sysupgrade image to the device
   using scp and use sysupgrade to install the firmware.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit e11d00d44c)
2023-04-18 12:08:45 +02:00
Eneas U de Queiroz
b6cbab1ad7
openssl: fix CVE-2023-464 and CVE-2023-465
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:

- Excessive Resource Usage Verifying X.509 Policy Constraints
  (CVE-2023-0464)
  Severity: Low
  A security vulnerability has been identified in all supported versions
  of OpenSSL related to the verification of X.509 certificate chains
  that include policy constraints.  Attackers may be able to exploit
  this vulnerability by creating a malicious certificate chain that
  triggers exponential use of computational resources, leading to a
  denial-of-service (DoS) attack on affected systems.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

- Invalid certificate policies in leaf certificates are silently ignored
  (CVE-2023-0465)
  Severity: Low
  Applications that use a non-default option when verifying certificates
  may be vulnerable to an attack from a malicious CA to circumvent
  certain checks.
  Invalid certificate policies in leaf certificates are silently ignored
  by OpenSSL and other certificate policy checks are skipped for that
  certificate.  A malicious CA could use this to deliberately assert
  invalid certificate policies in order to circumvent policy checking on
  the certificate altogether.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466.  It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.

Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-17 12:05:29 -03:00
Daniel Golle
074db57936 kernel: backport fix for recently introduced UBI bug
Import commit "ubi: Fix failure attaching when vid_hdr offset equals to
(sub)page size" which did not yet make it to stable upstream Linux trees.

Fixes: #12232
Fixes: #12339
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit aad34818b5)
2023-04-15 03:32:41 +01:00
Matthias Schiffer
9af29da281
uclient: update to Git version 2023-04-13
007d94546749 uclient: cancel state change timeout in uclient_disconnect()
644d3c7e13c6 ci: improve wolfSSL test coverage
dc54d2b544a1 tests: add certificate check against letsencrypt.org

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 4f1c2e8dee)
2023-04-13 20:54:06 +02:00
Daniel Golle
1d4db4e4db OpenWrt v22.03.4: revert to branch defaults
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-09 23:35:24 +01:00
Daniel Golle
94adc23fa6 OpenWrt v22.03.4: adjust config defaults
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-09 23:35:19 +01:00
Paul Spooren
38ccc47687 imagebuilder: allow to specific ROOTFS_PARTSIZE
Setting this options modifies the rootfs size of created images. When
installing a large number of packages it may become necessary to
increase the size to have enough storage.

This option is only useful for supported devices, i.e. with an attached
SD Card or installed on a hard drive.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 7b7edd25a5)
2023-04-09 14:27:46 +02:00
David Bauer
deafcf9162 ramips: define remapping-range for DAP-X1860
Prevent the BBT translation layer from remapping the UBI used for
storing rootfs.

Explicitly define the number of blocks reserved for remapping.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 076da59f17)
2023-04-08 18:10:34 +02:00
Sebastian Schaper
711e45e158 ramips: add support for D-Link DAP-X1860 A1
The DAP-X1860 is a wall-plug AX1800 repeater.

Specifications:
- MT7621, 256 MiB RAM, 128 MiB SPI NAND
- MT7915 + MT7975 2x2 802.11ax (DBDC)
- Ethernet: 1 port 10/100/1000
- LED RSSI bargraph (2x green, 1x red/orange), status
  and RSSI LEDs are incorrectly populated red/orange
  (should be red/green according to documentation)

Installation:
- Keep reset button pressed during plug-in
- Web Recovery Updater is at 192.168.0.50
- Upload factory.bin, confirm flashing
  (seems to work best with Chromium-based browsers)

Revert to OEM firmware:
- tar -xvf DAP-X1860_RevA_Firmware_101b94.bin
- openssl enc -d -md md5 -aes-256-cbc -in FWImage.st2 \
  -out FWImage.st1 -k MB0dBx62oXJXDvt12lETWQ==
- tar -xvf FWImage.st1
- flash kernel_DAP-X1860.bin via Recovery

Signed-off-by: Sebastian Schaper <openwrt@sebastianschaper.net>
(cherry picked from commit 3c31f6b521)
2023-04-08 18:10:33 +02:00
Joe Mullally
2a4a6372d3 ramips: lower re305-v3 spi-max-frequency
Fix flash I/O instability observed in newer devices with cFeon
QH64A-104HIP (detected as en25qh64).

Ref: https://forum.openwrt.org/t/support-for-tp-link-re305-v3/75893/91

Reported-by: Dimitri Souza <dimitri.souza@gmail.com>
Tested-by: Dimitri Souza <dimitri.souza@gmail.com>
Signed-off-by: Joe Mullally <jwmullally@gmail.com>
[alter commit-message - target master]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2122c80b32)
2023-04-08 14:56:28 +02:00
Maik Goette
50d707e344 lantiq: fix lzma-loader for Netgear DGN 3500(B)
Fixes Uncompressing Kernel Image ... ERROR: LzmaDecode.c, 561

Fixes: #11701 for both 3500(B)
Signed-off-by: Maik Goette <github@beeit.de>
(cherry picked from commit 4d9c38d654)
2023-04-02 23:01:44 +02:00
Kien Truong
fea7478f2d iproute2: add missing libbpf dependency
This patch adds libbpf to the dependencies of tc-mod-iptables.

The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491

    LIBBPF_FORCE=on set, but couldn't find a usable libbpf

The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.

Fixes: #9491
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit fa468d4bcd)
2023-04-02 22:25:49 +02:00
Joe Mullally
b2db4fa956 ath79: tiny: Do not build TPLink WPA8630Pv2 by default
22.03.1+ and snapshot builds no longer fit the 6M flash space
available for these models.

This disables failing buildbot image builds for these devices.
Images can still be built manually with ImageBuilder.

Signed-off-by: Joe Mullally <jwmullally@gmail.com>
(cherry picked from commit 4965cbd259)
2023-04-02 22:25:49 +02:00
John Thomson
c6b6cab858 ramips: mt7621: mikrotik 760igs (hEX S) fix SFP
This device uses an AR8031/AR8033 chip to convert SoC gmac1
RGMII to 1000base-x or sgmii for the SFP fibre cage.
The SFP cage requires phy-mode rgmii-rxid, and without it will not
recieve any packets: ethtool -S sfp rx_fcs_errors will increase when
packets should be being received, but no other _rx counters will change.

Fixes: c77858aa79 ("ramips: mt7621-dts: change phy-mode of gmac1 to rgmii")
Reviewed-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Arınç ÜNAL <arinc.unal@arinc9.com>
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
(cherry picked from commit 7ea965b578)
2023-04-02 22:25:49 +02:00
Eneas U de Queiroz
2faa7ff09e openssl: fix variable reference in conffiles
Fix the trivial abscence of $() when assigning engine config files to
the main libopenssl-config package even if the corresponding engines
were not built into the main library.

This is mostly cosmetic, since scripts/ipkg-build tests the file's
presence before it is actually included in the package's conffiles.

Fixes: 30b0351039 "openssl: configure engine packages during install"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c75cd5f602)
2023-04-02 22:07:28 +02:00
Michael Pratt
0636d6b925 ath79: use lzma-loader for Senao initramfs images
Some vendors of Senao boards have put a bootloader
that cannot handle both large gzip or large lzma files.

There is no disadvantage by doing this for all of them.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit 8342c092a0)
2023-04-02 22:07:28 +02:00
Luo Chongjun
70d2e8b4db ath79: Fix glinet ar300m usb not working
glinet forum users reported the problem at
https://forum.gl-inet.com/t/gl-ar300m16-openwrt-22-03-0-rc5-usb-port-power-off-by-default/23199

The current code uses the regulator framework to control the USB power
supply. Although usb0 described in DTS refers to the regulator by
vbus-supply, but there is no code related to regulator implemented
in the USB driver of QCA953X, so the USB of the device cannot work.

Under the regulator framework, adding the regulator-always-on attribute
fixes this problem, but it means that USB power will not be able to be
turned off. Since we need to control the USB power supply in user space,
I didn't find any other better way under the regulator framework of Linux,
so I directly export gpio.

Signed-off-by: Luo Chongjun <luochongjun@gl-inet.com>
(cherry picked from commit b352124cd2)
2023-04-02 22:07:28 +02:00
Hauke Mehrtens
9aaeaa8d2a toolchain: musl: Fix symbol loading in gdb
Fix DT_DEBUG handling on MIPS in musl libc.
With this change gdb will load the symbol files for shared libraries on MIPS too.

This patch was taken from this thread: https://www.openwall.com/lists/musl/2022/01/09/4

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit fcdd407e8e)
2023-04-02 22:07:28 +02:00
Yuu Toriyama
99fddbe4fd wireless-regdb: update to 2023.02.13
Changes:
  7f7a9f7 wireless-regdb: update regulatory database based on preceding changes
  660a1ae wireless-regdb: Update regulatory info for Russia (RU) on 5GHz
  fe05cc9 wireless-regdb: Update regulatory rules for Japan (JP) on 6GHz
  d8584dc wireless-regdb: Update regulatory rules for Japan (JP) on 5GHz
  c04fd9b wireless-regdb: update regulatory rules for Switzerland (CH)
  f29772a wireless-regdb: Update regulatory rules for Brazil (BR)

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 1173edf23b)
2023-04-02 22:07:28 +02:00
Prasun Maiti
f677302cc4 build: fix for sourcing targets image config installed via feeds
Sourcing of image/Config.in will not happen
When a target is installed from target/linux/feeds/

Signed-off-by: Prasun Maiti <prasunmaiti87@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 522a60cd31)
2023-04-02 22:07:28 +02:00
Sergio Paracuellos
50d37b0b37 ramips: rt5350: enable lzma-loader for ALLNET ALL5003
Fixes the boot loader LZMA decompression issue:
LZMA ERROR 1 - must RESET board to recover

Signed-off-by: Sergio Paracuellos <sergio.paracuellos@gmail.com>
(cherry picked from commit 84c04ff406)
2023-04-02 22:07:28 +02:00
Chukun Pan
13d3fb3c20 bpf-headers: fix package category
This removes the non-selectable 'Kernel' item
when make menuconfig.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 3e4c014008)
2023-04-02 22:07:28 +02:00
Tomasz Maciej Nowak
7531ef7f1c sdk: expose PATENTED an NLS build options
Some packages offer functionalities guarded by these options and it'll
be impossible to reach them without changing Config-build.in. So allow
to toggle these in more friendly way, by exposing them in configuration
menu.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit 477ff0821a)
2023-04-02 22:07:27 +02:00
Rosen Penev
4ed98849a5 ksmbd: update to 3.4.7
Remove upstreamed patches.

Switch to normal tarballs. Codeload recently had a reproducibility issue.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 44c24b3ac5)
2023-04-02 22:07:27 +02:00
Felix Fietkau
51cf5aa731 hostapd: add missing return code for the bss_mgmt_enable ubus method
Fixes bogus errors on ubus calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit cf992ca862)
2023-04-02 22:07:27 +02:00
Robert Marko
d2f3422e9d kernel: filter out pahole version
Pahole version is being autodetected during runtime since kernel 5.15.96
via in-kernel scripts/pahole-version.sh so add CONFIG_PAHOLE_VERSION to
kernel filter in order to prevent it from being added to target configs.

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 5d8f14bfef)
2023-04-02 22:07:27 +02:00