Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
The patch "210-pinctrl-mediatek-add-support-for-MT7986-SoC.patch" and
"212-clk-mediatek-add-mt7986-clock-support.patch" are upstreamed.
Signed-off-by: Nick Hainke <vincent@systemli.org>
The patches "191-arm64-dts-mt7622-specify-the-L2-cache-topology.patch"
and "192-arm64-dts-mt7622-specify-the-number-of-DMA-requests.patch" are
upstreamed to 5.19.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This subtarget supports 3 devices:
* Bananapi BPi-R3 (added in a96382c1bb),
* MediaTek MTK7986 rfba AP (added in cffc77ae55),
* MediaTek MTK7986 rfbb AP (added in cffc77ae55).
This subtarget supports DSA from the beginning. It looks like CONFIG_SWCONFIG
was copied from another config when the subtarget was created.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Calling /etc/init.d/uhttpd reload directly in the acme hotplug script
can inadvertently start a stopped instance.
Signed-off-by: Glen Huang <i@glenhuang.com>
Backport patches from net-next which fix possible memory and resource
leaks in the error codepaths of WED initialization.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The packet processing engine (PPE) found in newer ARM-based MediaTek
SoCs provides packet and byte counters for offloaded streams.
Import pending patch reading and using those counters.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The patch enabling hardware flow offloading support on the MT7623 SoC
has been merged upstream as of Linux 5.13. Remove our local patch which
wrongly got forward-ported and now actually enables hardware flow
offloading for the MT2701 SoC family (unsupported in OpenWrt).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This is necessary with firewall4 to avoid a hard-to-diagnose race
condition during boot, causing DNAT rules not to be taken into account
correctly.
The root cause is that, during boot, the ruleset is mostly empty, and
interface-related rules (including DNAT rules) are added incrementally.
If a packet hits the input chain before the DNAT rules are setup, it can
create buggy conntrack entries that will persist indefinitely.
This new default should be safe because firewall4 explicitly accepts
authorized traffic and rejects the rest. Thus, in normal operations, the
default policy is not used.
Fixes: #10749
Ref: https://github.com/openwrt/openwrt/issues/10749
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
The sector number must be stored in hex. Otherwise, the number (like 16)
will be parsed as hex and any write to the partition will end up with an
error like:
MTD erase error on /dev/mtd5: Invalid argument
Fixes: 9adfeccd84 ("uboot-envtools: Add support for IPQ806x AP148 and DB149")
Fixes: 54b275c8ed ("ipq40xx: add target")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@fungible.com>
Add a package for drm_ttm_helper.ko. CONFIG_DRM_TTM_HELPER is compiled
into the kernel on armvirt/64, x86/64, x86/generic and x86/legacy
because also some DRM drivers are compiled into the kernel. On x86/geode
it is not compiled into the kernel, but kmod-drm-amdgpu and
kmod-drm-radeon depend on it.
This fixes the x86/geode build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
After replacing the R4K event timer and clock source with the new
Realtek Otto timer, performance for RTL839x devices was severely
impacted, as reported by Hiroshi.
Research by Markus showed that after commit 4657a5301e ("realtek:
avoid busy waiting for RTL839x PHY read/write"), the ethernet driver
could only update a phy once per timer interval, which also heavily
impacted boot time. On e.g. a Zyxel GS1900-48, this added around a
minute to the time to fully initialise the switch.
By marking the otto clocksource as continuous, the kernel enables it to
be used for high resolution timers. This allows readx_poll_timeout() to
sleep for less than one system timer interval, reducing system dead
time.
Link: https://github.com/openwrt/openwrt/issues/11117
Reported-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Cc: Markus Stockhausen <markus.stockhausen@gmx.de>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Tested-by: INAGAKI Hiroshi <musashino.open@gmail.com> # Panasonic Switch-M48eG PN28480K
Tested-by: Jan Hoffmann <jan@3e8.eu> # HPE 1920-8G, HPE 1920-48G
The use of the adc_oe value stored in the efuse has been dropped in
MediaTek's SDK during a recent refactorization of the temperature
calculation formula. Don't ignore this offset value and again include
it in raw-to-deg-celsius calculation.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
It is an in-wall 802.11ax (Wi-Fi 6) router, based on MediaTek MT7621A.
Specifications:
- SoC: MT7621AT (880MHz, 2 Cores)
- RAM: 128 MB
- Flash: 16 MB SPI NOR
- Wi-Fi:
- MT7915DN + MT7905DAN: 2.4/5 GHz
- Ethernet: 1x 1GiE via MT7530
- UART: J4 (115200 baud)
- Pinout: [3V3] (TXD) (RXD) (GND)
- Bootloader: U-Boot
- Buttons:
- SW1 - no label on the box, combined with led
- Led: Status. RGB controlled by
- GPIO 14 - green color
- GPIO 15 - red color
- GPIO 16 - blue color
Installation:
OEM firmware is based on LEDE with custom UI and support standard sysupgrade
variant of firmware. However it requires "*.ubin" extension for sysupgrade file.
Always select "Factory reset" switch on upgrade to OpenWRT, otherwise
it will not boot.
MAC addresses as verified by OEM firmware:
vendor source
LAN factory 0x4 (label)
5g factory 0x4 (label)
2g label with flipped bits bit in 1-st byte and bits 5, 6, 7 in
4-th byte
Example
label: 44:xx:xx:b7:xx:xx
lan: 44:xx:xx:b7:xx:xx
2g 46:xx:xx:c7:xx:xx
5g 44:xx:xx:b7:xx:xx
Signed-off-by: Volodymyr Puiul <volodymyr.puiul@gmail.com>
For kernel versions before 5.2, the required IPsec modes have to be
enabled explicitly (they are built-in for newer kernels).
Commit 1556ed155a ("kernel: mode_beet mode_transport mode_tunnel xfram
modules") tried to handle this, but it does not really work.
Since we don't support these kernel versions anymore and the code is
also broken, let's remove it.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Remove old generic config options too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
a92c0a7 dhcpv6-ia: make tmp lease file hidden
4a673e1 fix null pointer dereference for INFORM messages
860ca90 odhcpd: Support for Option NTP and SNTP
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This will build OpenWrt for MIPS malta BE and x86 64 Bit with all
packages and kernel modules activated. It is triggered when something
changes in the build system or when a package definition is changed.
This task probably needs 90 minutes to execute, but I hope that it
will find build problems in pull requests early.
This intentionally does not activate the feeds, because building them
too would take too long. We only build x86/64 and malta/be to save
resources.
I would like to detect build problems when a package is changed. We
often had build breaks when a package version was increased sometime
even in other packages which used it as a dependency.
This is based on the .github/workflows/packages.yml workflow.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
unetd always includes $(INCLUDE_DIR)/bpf.mk. This file always checks if
the LLVM version is supported in CLANG_VER_VALID. unetd only needs bpf
when UNETD_VXLAN_SUPPORT is set. It fails when UNETD_VXLAN_SUPPORT is
not set and llvm is not installed.
Fix it by only checking the LLVM version when a LLVM toolchain is
available.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The CONFIG_PINCTRL_MCP23S08 configuration option is already unset in the
generic kernel configuration.
Fixes: f938512af6 ("target/at91: replace gpio-mcp23s08 with pinctrl-mcp23s08-spi update config")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds support for the MikroTik RouterBOARD RBD53GR-5HacD2HnD
(hAP ac³ LTE6 kit), an indoor dual band, dual-radio 802.11ac
wireless AP with built-in Mini PCI-E LTE modem, one USB port, five
10/100/1000 Mbps Ethernet ports.
See https://mikrotik.com/product/hap_ac3_lte6_kit for more info.
Specifications:
- SoC: Qualcomm Atheros IPQ4019
- RAM: 256 MB
- Storage: 16 MB NOR
- Wireless:
· Built-in IPQ4019 (SoC) 802.11b/g/n 2x2:2, 3 dBi internal antennae
· Built-in IPQ4019 (SoC) 802.11a/n/ac 2x2:2, 5.5 dBi internal antennae
- Ethernet: Built-in IPQ4019 (SoC, QCA8075) , 5x 1000/100/10 port
- 1x USB Type A port
- 1x Mini PCI-E port (supporting USB)
- 1x Mini PCI-E LTE modem (MikroTik R11e-LTE6, Cat.6)
Installation:
Make sure your unit is runnning RouterOS v6 and RouterBOOT v6 (tested on 6.49.6).
0. Export your MikroTik license key (in case you want to use the device with RouterOS later)
1. Boot the initramfs image via TFTP
2. Upload the "openwrt-ipq40xx-mikrotik-mikrotik_hap-ac3-lte6-kit-squashfs-sysupgrade.bin" via SCP to the /tmp folder
3. Use sysupgrade to flash the image: sysupgrade -n /tmp/openwrt-ipq40xx-mikrotik-mikrotik_hap-ac3-lte6-kit-squashfs-sysupgrade.bin
4. Recovery to factory software is possible via Netinstall:
https://help.mikrotik.com/docs/display/ROS/Netinstall
Signed-off-by: Csaba Sipos <metro4@freemail.hu>
The dependency on the kernel module gpio-mcp23s08 is replaced by
pinctrl-mcp23s08-spi and pinctrl-mcp23s08-i2c, as the gpio-mpc23s08 kernel
module no longer exists.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The kernel config option 'CONFIG_GPIO_MCP23S08' no longer exists.
Therefore, it is removed from the generic kernel configuration for
linux-5.10 and linux-5.15.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Adapt the device package to no longer use the gpio-mcp23s08 but instead
use the pinctrl-mcp23s08-spi. In addition, the kernel configuration was
adapted so that this can be built as a module and does not have to be
integrated directly into the kernel for this target.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The kernel module gpio-mcp23s08 has been replaced by the new
pinctrl-mcp23s08* kernel modules.
There are now 3 kernel modules for this device
- Common module for both I2C and SPI kmod-pinctrl-mcp23s08
- Module for I2C kmod-pinctrl-mcp23s08-i2c
- Module for SPI kmod-pinctrl-mcp23s08-spi
Signed-off-by: Florian Eckert <fe@dev.tdt.de>