d996047 syntax: adjust number literal parsing and string to number conversion
9efbe18 lib: refactor `uc_int()`
da3f089 lib: rework uc_index() implementation
559029e ci: make jobs faster during pull request testing
Fixes: #9923
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commits 251e70c887 and
7f998088f0)
c22eeef fw4: support negative CIDR bit notation
628d791 hotplug: reliably handle interfaces with ubus zone hints
d005293 fw4: store zone associations from ubus in statefile as well
b268225 fw4: filter non hw-offload capable devices when resolving lower devices
57984e0 fw4: always resolve lower flowtable devices
7782017 tests: fix mocked `fd.read("line")` api
72b196d config: remove restictions on DHCPv6 allow rule
f0cc317 fw4: refactor family selection for forwarding rules
b0b8122 treewide: use modern syntax
05995f1 fw4: fix emitting device jump rules for family restricted zones
b479815 fw4: fix family auto-selection for config nat rules
2816a82 ruleset: ensure that family-agnostic ICMP rules cover ICMPv6 as well
2379c3d tests: add test coverage for zone family selection logic
Fixes: #5066, #9611, #9765, #9854
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 2df17604a4)
This release comes with a security fix related to c_rehash. OpenWrt
does not ship or use it, so it was not affected by the bug.
There is a fix for a possible crash in ERR_load_strings() when
configured with no-err, which OpenWrt does by default.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7a5ddc0d06)
This is mostly a bug fix release, including two that were already
patched here:
- 300-fix-SSL_get_verify_result-regression.patch
- 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 73c1fe2890)
Hardware specs:
SoC: Qualcomm IPQ8065 (dual core Cortex-A15)
RAM: 512 MB DDR3
Flash: 256 MB NAND, 32 MB NOR
WiFi: QCA9983 2.4 GHz, QCA9984 5 GHz
Switch: QCA8337
Ethernet: 5x 10/100/1000 Mbit/s
USB: 1x USB 3.0 Type-A
Buttons: WPS, Reset
Power: 12 VDC, 2.5 A
Ethernet ports:
1x WAN: connected to eth2
4x LAN: connected via the switch to eth0 and eth1
(eth0 is disabled in OEM firmware)
MAC addresses (OEM and OpenWrt):
fw_env @ 0x00 d4🆎82:??:??:?a LAN (eth1)
fw_env @ 0x06 d4🆎82:??:??:?b WAN (eth2)
fw_env @ 0x0c d4🆎82:??:??:?c WLAN 2.4 GHz (ath1)
fw_env @ 0x12 d4🆎82:??:??:?d WLAN 5 GHz (ath0)
fw_env @ 0x18 d4🆎82:??:??:?e OEM usage unknown (eth0 in OpenWrt)
OID d4🆎82 is registered to:
ARRIS Group, Inc., 6450 Sequence Drive, San Diego CA 92121, US
More info:
https://openwrt.org/inbox/toh/arris/tr4400_v2
IMPORTANT:
This port requires moving the 'fw_env' partition prior to first boot to
consolidate 70% of the usable space in flash into a contiguous partition.
'fw_env' contains factory-programmed MAC addresses, SSIDs, and passwords.
Its contents must be copied to 'rootfs_1' prior to booting via initramfs.
Note that the stock 'fw_env' partition will be wiped during sysupgrade.
A writable 'stock_fw_env' partition pointing to the old, stock location
is included in the port to help rolling back this change if desired.
Installation:
- Requires serial access and a TFTP server.
- Fully boot stock, press ENTER, type in:
mtd erase /dev/mtd21
dd if=/dev/mtd22 bs=128K count=1 | mtd write - /dev/mtd21
umount /config && ubidetach -m 23 && mtd erase /dev/mtd23
- Reboot and interrupt U-Boot by pressing a key, type in:
set mtdids 'nand0=nand0'
set mtdparts 'mtdparts=nand0:155M@0x6500000(mtd_ubi)'
set bootcmd 'ubi part mtd_ubi && ubi read 0x44000000 kernel && bootm'
env save
- Setup TFTP server serving initramfs image as 'recovery.bin', type in:
set ipaddr 192.168.1.1
set serverip 192.168.1.2
tftpboot recovery.bin && bootm
- Use sysupgrade to install squashfs image.
This port is based on work done by AmadeusGhost <amadeus@jmu.edu.cn>.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
[add 5.15 changes for 0069-arm-boot-add-dts-files.patch]
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit f8b0010dfb)
The ZyXEL GS1900-16 is a 16 port gigabit switch similar to other GS1900 switches.
Specifications
--------------
* Device: ZyXEL GS1900-16
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB Macronix MX25L12835F
* RAM: 128 MiB DDR2 SDRAM Nanya NT5TU128M8HE
* Ethernet: 16x 10/100/1000 Mbps
* LEDs: 1 PWR LED (green, not configurable)
1 SYS LED (green, configurable)
16 ethernet port link/activity LEDs (green, SoC controlled)
* Buttons: 1 "RESET" button on front panel
* Power 120-240V AC C13
* UART: 1 serial header (J12) with populated standard pin connector on
the right back of the PCB.
Pinout (front to back):
+ Pin 1 - VCC marked with white dot
+ Pin 2 - RX
+ Pin 3 - TX
+ PIn 4 - GND
Serial connection parameters: 115200 8N1.
Installation
------------
OEM upgrade method:
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware
* Select the HTTP radio button
* Select the Active radio button
* Use the browse button to locate the
realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin
file amd select open so File Path is update with filename.
* Select the Apply button. Screen will display "Prepare
for firmware upgrade ...".
*Wait until screen shows "Do you really want to reboot?"
then select the OK button
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-16 is a dual-partition device, you want to keep the OEM
firmware on the backup partition for the time being. OpenWrt can only boot
from the first partition anyway (hardcoded in the DTS). To make sure we are
manipulating the first partition, issue the following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/openwrt-realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
Signed-off-by: Raylynn Knight <rayknight@me.com>
[removed duplicate patch title, align RAM specification]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit 580723e86a)
There are two versions which are identical apart from the enclosure:
YunCore AX820: indoor ceiling mount AP with integrated antennas
YunCore HWAP-AX820: outdoor enclosure with external (N) connectors
Hardware specs:
SoC: MediaTek MT7621DAT
Flash: 16 MiB SPI NOR
RAM: 128MiB (DDR3, integrated)
WiFi: MT7905DAN+MT7975DN 2.4/5GHz 2T2R 802.11ax
Ethernet: 10/100/1000 Mbps x2 (WAN/PoE+LAN)
LED: Status (green)
Button: Reset
Power: 802.11af/at PoE; DC 12V,1A
Antennas: AX820(indoor): 4dBi internal; HWAP-AX820(outdoor): external
Flash instructions:
The "OpenWRT support" version of the AX820 comes with a LEDE-based
firmware with proprietary MTK drivers and a luci webinterface and
ssh accessible under 192.168.1.1 on LAN; user root, no password.
The sysupgrade.bin can be flashed using luci or sysupgrade via ssh,
you will have to force the upgrade due to a different factory name.
Remember: Do *not* preserve factory configuration!
MAC addresses as used by OEM firmware:
use address source
2g 44:D1:FA:*:0b Factory 0x0004 (label)
5g 46:D1:FA:*:0b LAA of 2g
lan 44:D1:FA:*:0c Factory 0xe000
wan 44:D1:FA:*:0d Factory 0xe000 + 1
The wan MAC can also be found in 0xe006 but is not used by OEM dtb.
Due to different MAC handling in mt76 the LAA derived from lan is used
for 2g to prevent duplicate MACs when creating multiple interfaces.
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
(cherry picked from commit 4891b86538)
From Andreas Böhler:
"Some revisions of the FRITZ!7530 use a Toshiba NAND with 8 bit ECC
in contrast to the Macronix NAND with 4 bit ECC.".
Uboot needs to know this in order to have a chance to load from
the NAND.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 057bac2e1f)
Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.
Fixes: #5066
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 65258f5d60)
Remove forgotten redundant selinuxenabled call and skip the whole
thing in case $IPKG_INSTROOT is set as labels are anyway applied only
later on in fakeroot when squashfs is created.
Fixes: 6d7272852e ("base-files: add missing $IPKG_INSTROOT to restorecon call")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7b07c3cff5)
try to clean up some labeling inconsistencies
iwinfo loose ends
ucode loose ends
Makefile: adjust mintesttgt (adds blockmount/blockd)
nftables: reads inherited netifd pipe
ucode: reads inherited netifd pipes
mountroot: fowner
sandbox: writes inherited dropbear pipes
unbound related to /tmp/etc/ssl
unbound loose ends
adds a sslconftmpfile for /tmp/etc/ssl
README: maintain a wish list in the README
iwinfo: netifd forgot write
gptfdisk loose ends
iwinfo: netifd wpad reads/writes inherited netifd fifo files
netifd (mac80211.sh) executes iwinfo
luci: executes wireguard
luci-cgi: audits xtables execute access
rcuhttpd: lists ssl certfile dirs
iwinfo, wifi,nftables usage of ttyd pty if available
urandomseed: seedrng needs cap_sys_admin
iwinfo iwinfo, nftables and some chronyd rules related to ntp nts server
nftables, wifi and adds iwinfo skel
nftables, rpcd, ucode
nftables, ucode and seedrng ucode, fw3/nftables, luci
adds ucode skel and some fw3/nftables related
urandomseed: some seedrng rules
fw3 adds some support for fw4
urandomseed: /etc/seedrng is for seed.credit
hotplugcal: runs ucode which is interpreter like
adds a nftables skeleton and makes xtables optional
agent: allow all agents to write inherited dropbear pipes
urandomseed: this seems to be replaced by seedrng
kmodloader: label /etc/modules.conf kmodloader.conffile
Revert "shelexecfile: remove auditallow rule"
Makefile: sort the modules to process by secilc
Moves back to git.defensec.nl
unbound odhcpd (ip) reads net proc
tcp dump
shelexecfile: remove auditallow rule
rrd.cil: fixes indent
Target rddtool from cgi-io instead of runnit it without transition
rrd.cil related
rrd, rpcd, cgiio clean ups related to luci-app-statistics
Rules for rrd files and luci-statistics
unboundcontrol ordering
Several missing permissions
blockmount, dnsmasq, hotplugcall, rpcd, unbound
adds mctp_socket (linux 5.15)
ip: forgot tc-tiny type transition to go along with the fc spec
ip: adds a fc spec for tc-tiny (called by sqm)
adds ttyACM fc spec and various assorted loose ends
.gitattributes: do not export the github workflows
workflow use selinux 3.3
project moved back to https://git.defensec.nl/selinux-policy.git
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 4379457098)
Update to overlooked v2 version of Dominick Grift's patch.
Fixes: 5109bd164c ("base-files: address sed in-place without SELinux awareness")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6d7272852e)
sed(1) in busybox does not support this functionality:
https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598
This causes /etc/group to become mislabeled when a package requests
that a uid/gid be added on OpenWrt with SELinux
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[move restorecon inside lock]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 5109bd164c)
After the switch to pre-calibration, ath10k would fail to initialize
the PCIE Wi-Fi on the GL-B200 as follows:
ath10k_pci 0000:01:00.0: enabling device (0140 -> 0142)
ath10k_pci 0000:01:00.0: qca9888 hw2.0 target 0x01000000 chip_id 0x00000000 sub 0000:0000
[...]
ath10k_pci 0000:01:00.0: failed to fetch board data for bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=GL-B2200 from ath10k/QCA9888/hw2.0/board-2.bin
ath10k_pci 0000:01:00.0: failed to fetch board-2.bin or board.bin from ath10k/QCA9888/hw2.0
ath10k_pci 0000:01:00.0: failed to fetch board file: -12
ath10k_pci 0000:01:00.0: could not probe fw (-12)
Repackage the BDF file after renaming relevant fields and files to
allow for the Wi-Fi interface to start again.
Fixes: 80d34d9d59 ("ipq40xx: document pcie wifi chip on the GL.Inet GL-B2200")
CC: Christian Lamparter <chunkeey@gmail.com>
CC: Robert Marko <robimarko@gmail.com>
Reviewed-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
(cherry picked from commit e3f9af4fb6)
If logfacility is a path to a file it needs to be r/w mounted in the
sandbox as well for dnsmasq to work.
Reported-by: @iointerrupt
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2b5fa44f60)
Add configuration to use uboot-envtools with the Extreme Networks
WS-AP3825i.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit fb7ff6b027)
e14b099 syntax: implement support for ES6 template literals
111cf06 vm: stop executing bytecode on return of nested calls
33f1e0b treewide: move json-c compat shims into internal header file
e0e9431 vm: move unhandled exception reporting out of `uc_vm_execute_chunk()`
2b59140 vm: fix callframe double free on unhanded exceptions
7d7e950 main: abort when failing to load a preload library
1032a67 lib: let `json()` accept input objects implementing `read()` method
5ee68d5 fs: implement `fs.readfile()` and `fs.writefile()`
df6b861 ci: debian: change path before attempting to invoke Git operations
dfaf05a ci: debian: automatically update changelog from Git tag
34f3c45 ci: fix YAML syntax of Debian workflow
e956bcf fs: fix off-by-one in fs.dirname() function
6fc4b6c .gitignore: fix overmatching patterns, blacklist cram .venv
7c2e082 build: remove legacy json-c check
77942af build: add polyfills for older libjson-c versions
0b4aaa3 CI: build Debian package
f404285 debian: Add package definition
a37f654 types: fix escape sequence encoding of high byte values in JSON strings
aae5312 Update README.md
8134e25 build: fix symlink install target
87c7296 treewide: replace some leftover "utpl" occurrences, update .gitignore
7d27ad5 build: only stage ucc symlink if compile support is enabled
171402f lib: add date and time related functions
8b5dc60 lib: provide API function to obtain stdlib function implementations
eb0d2f1 main: turn ucode into multicall executable
28ee7e1 uloop: add support for tasks
753dea9 CI: build on macOS
668c5c0 lib: add argument position support (`%m$`) to `sprintf()` and `printf()`
ab46fdf treewide: remove legacy json-c include directives
b8f49b1 tests: 21_regex_literals: generalize syntax error test case
fd2e5e7 tests: 16_sort: fix logic flaw exposed on OS X
2c71bf2 tests: run_tests.sh: pass dummy value to `-T` flag
55c4a90 lib: disallow zero padding for %s formats
0d05cb5 tests: run_tests.sh: use greadlink if available
271e520 resolv: make OS X compatible
d13c320 fs: avoid Linux specific sys/sysmacros.h include on OS X
33397a3 uloop: use execvp() on OS X
bafdc8f lib: add naive sigtimedwait() stub for OS X
ada1585 build: consolidate CMakeLists.txt and cover OS X deviations
befbb69 include: add OS X compatible endian.h header
49838a8 include: rename include guards to avoid clashes with system headers
91f65de nl80211: add missing attributes and correct some attribute flags
b4a1fd5 lib: adjust require(), render() and include() raw mode semantics
4618807 main: rework CLI frontend
73dcd78 lib: fix potential integer underflow on empty render output
c402551 vm: fix crash on object literals with non-string computed properties
efe8a02 syntax: support add new operators
078d686 ubus: add event support
6c66c83 ubus: refactor error and argument handling
1cb04f9 ubus: add object publishing, notify and subscribe support
0e85974 uloop: clear errno before integer conversion attempts
05bd7ed types: treat resource type prototypes as GC roots
a2a26ca lib: introduce uloop binding
6b6d01f vm: release this context on exception in managed method call
1af23a9 tests: fix proto() testcase
4ce69a8 fs: implement access(), mkstemp(), file.flush() and proc.flush()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commits cef3e6a69c,
0400774a10 and
c59704334c)
Remove '0x' prefix from pstore node in dts, just like it was done
for the device tree used by Linux on MT7622.
This change is done in preparation to update U-Boot to 2022.04.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 810b48e793)
Both legacy iptables and nftables require nf-log modules for rule logging,
so move them into a separate package both firewall implementations can
depend on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit bea01fa57f)
The ZyXEL GS1900-24HP v1 is a 24 port PoE switch with two SFP ports,
similar to the other GS1900 switches.
Specifications
--------------
* Device: ZyXEL GS1900-24HP v1
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB
* RAM: Winbond W9751G8KB-25 64 MiB DDR2 SDRAM
* Ethernet: 24x 10/100/1000 Mbps, 2x SFP 100/1000 Mbps
* LEDs:
* 1 PWR LED (green, not configurable)
* 1 SYS LED (green, configurable)
* 24 ethernet port link/activity LEDs (green, SoC controlled)
* 24 ethernet port PoE status LEDs
* 2 SFP status/activity LEDs (green, SoC controlled)
* Buttons:
* 1 "RESET" button on front panel (soft reset)
* 1 button ('SW1') behind right hex grate (hardwired power-off)
* PoE:
* Management MCU: ST Micro ST32F100 Microcontroller
* 6 BCM59111 PSE chips
* 170W power budget
* Power: 120-240V AC C13
* UART: Internal populated 10-pin header ('J5') providing RS232;
connected to SoC UART through a TI or SIPEX 3232C for voltage
level shifting.
* 'J5' RS232 Pinout (dot as pin 1):
2) SoC RXD
3) GND
10) SoC TXD
Serial connection parameters: 115200 8N1.
Installation
------------
OEM upgrade method:
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware > Management
* If "Active Image" has the first option selected, OpenWrt will need to be
flashed to the "Active" partition. If the second option is selected,
OpenWrt will need to be flashed to the "Backup" partition.
* Navigate to Maintenance > Firmware > Upload
* Upload the openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-initramfs-kernel.bin
file by your preferred method to the previously determined partition.
When prompted, select to boot from the newly flashed image, and reboot
the switch.
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-squashfs-sysupgrade.bin
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs
image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-24HP v1 is a dual-partition device, you want to keep the
OEM firmware on the backup partition for the time being. OpenWrt can
only be installed in the first partition anyway (hardcoded in the
DTS). To ensure we are set to boot from the first partition, issue the
following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x81f00000 192.168.1.10:openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-squashfs-sysupgrade.bin
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
[Add info on PoE hardware to commit message]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit a5ac8ad0ba)
The Sophos AP100, AP100C, AP55, and AP55C are dual-band 802.11ac access
points based on the Qualcomm QCA9558 SoC. They share PCB designs with
several devices that already have partial or full support, most notably the
Devolo DVL1750i/e.
The AP100 and AP100C are hardware-identical to the AP55 and AP55C, however
the 55 models' ART does not contain calibration data for their third chain
despite it being present on the PCB.
Specifications common to all models:
- Qualcomm QCA9558 SoC @ 720 MHz (MIPS 74Kc Big-endian processor)
- 128 MB RAM
- 16 MB SPI flash
- 1x 10/100/1000 Mbps Ethernet port, 802.3af PoE-in
- Green and Red status LEDs sharing a single external light-pipe
- Reset button on PCB[1]
- Piezo beeper on PCB[2]
- Serial UART header on PCB
- Alternate power supply via 5.5x2.1mm DC jack @ 12 VDC
Unique to AP100 and AP100C:
- 3T3R 2.4GHz 802.11b/g/n via SoC WMAC
- 3T3R 5.8GHz 802.11a/n/ac via QCA9880 (PCI Express)
AP55 and AP55C:
- 2T2R 2.4GHz 802.11b/g/n via SoC WMAC
- 2T2R 5.8GHz 802.11a/n/ac via QCA9880 (PCI Express)
AP100 and AP55:
- External RJ45 serial console port[3]
- USB 2.0 Type A port, power controlled via GPIO 11
Flashing instructions:
This firmware can be flashed either via a compatible Sophos SG or XG
firewall appliance, which does not require disassembling the device, or via
the U-Boot console available on the internal UART header.
To flash via XG appliance:
- Register on Sophos' website for a no-cost Home Use XG firewall license
- Download and install the XG software on a compatible PC or virtual
machine, complete initial appliance setup, and enable SSH console access
- Connect the target AP device to the XG appliance's LAN interface
- Approve the AP from the XG Web UI and wait until it shows as Active
(this can take 3-5 minutes)
- Connect to the XG appliance over SSH and access the Advanced Console
(Menu option 5, then menu option 3)
- Run `sudo awetool` and select the menu option to connect to an AP via
SSH. When prompted to enable SSH on the target AP, select Yes.
- Wait 2-3 minutes, then select the AP from the awetool menu again. This
will connect you to a root shell on the target AP.
- Copy the firmware to /tmp/openwrt.bin on the target AP via SCP/TFTP/etc
- Run `mtd -r write /tmp/openwrt.bin astaro_image`
- When complete, the access point will reboot to OpenWRT.
To flash via U-Boot serial console:
- Configure a TFTP server on your PC, and set IP address 192.168.99.8 with
netmask 255.255.255.0
- Copy the firmware .bin to the TFTP server and rename to 'uImage_AP100C'
- Open the target AP's enclosure and locate the 4-pin 3.3V UART header [4]
- Connect the AP ethernet to your PC's ethernet port
- Connect a terminal to the UART at 115200 8/N/1 as usual
- Power on the AP and press a key to cancel autoboot when prompted
- Run the following commands at the U-Boot console:
- `tftpboot`
- `cp.b $fileaddr 0x9f070000 $filesize`
- `boot`
- The access point will boot to OpenWRT.
MAC addresses as verified by OEM firmware:
use address source
LAN label config 0x201a (label)
2g label + 1 art 0x1002 (also found at config 0x2004)
5g label + 9 art 0x5006
Increments confirmed across three AP55C, two AP55, and one AP100C.
These changes have been tested to function on both current master and
21.02.0 without any obvious issues.
[1] Button is present but does not alter state of any GPIO on SoC
[2] Buzzer and driver circuitry is present on PCB but is not connected to
any GPIO. Shorting an unpopulated resistor next to the driver circuitry
should connect the buzzer to GPIO 4, but this is unconfirmed.
[3] This external RJ45 serial port is disabled in the OEM firmware, but
works in OpenWRT without additional configuration, at least on my
three test units.
[4] On AP100/AP55 models the UART header is accessible after removing
the device's top cover. On AP100C/AP55C models, the PCB must be removed
for access; three screws secure it to the case.
Pin 1 is marked on the silkscreen. Pins from 1-4 are 3.3V, GND, TX, RX
Signed-off-by: Andrew Powers-Holmes <andrew@omnom.net>
(cherry picked from commit 6f1efb2898)
This device is from now-defunct BOLT! ISP in Indonesia.
The original firmware is based on mediatek SDK running linux 2.6 or 3.x in later revision.
Specifications:
- SoC: MediaTek MT7621
- Flash: 32 MiB NOR SPI
- RAM: 128 MiB DDR3
- Ethernet: 2x 10/100/1000 Mbps (switched, LAN + WAN)
- WIFI0: MT7603E 2.4GHz 802.11b/g/n
- WIFI1: MT7612E 5GHz 802.11ac
- Antennas: 2x internal, non-detachable
- LEDs: Programmable LEDs: 5 blue LEDs (wlan, tel, sig1-3) and 2 red LEDs (wlan and sig1)
Non-programmable "Power" LED
- Buttons: Reset and WPS
Instalation:
Install from TFTP
Set your PC IP to 10.10.10.3 and gateway to 10.10.10.123
Press "1" when turning on the router, and type the initramfs file name
You also need to solder pin header or cable to J4 or neighboring test points (T19-T21)
Pinouts from top to bottom: GND, TX, RX, VCC (3.3v)
Baudrate: 57600n8
There's also an additional gigabit transformer and RTL8211FD managed by the LTE module on the backside of the PCB.
Signed-off-by: Abdul Aziz Amar <abdulaziz.amar@gmail.com>
(cherry picked from commit 78c3534645)
Python seems to fail to link to libreadline properly because of this.
Not a fatal error but an error nontheless.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit b363f74886)
The modem is based on Marvell PXA1826 and uses ACM+RNDIS interface to
establish connection with custom commands specific to ZTE modems.
Two variants of modems were discovered, some identifying themselves
as "ZTE", and others as plain "Marvell", the chipset manufacturer.
The modem itself runs a fork of OpenWrt inside, which root shell can be
accessed via ADB interface.
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit e02fb42c53)
Some modems expose ttyACM as their control ports, which have the
"device" symlink pointing one level down in sysfs tree. Try to find
network interfaces for them as well, this is commonly used for modems
exposing ACM + RNDIS or ACM + ECM interface combinations.
Co-developed-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit ed7957810c)
Some modems expose multiple network interfaces on the same USB device,
causing the connection setup script to fail, because glob matching in
the detection phase causes 'ls' to output more than one interface name
plus their base directories in sysfs. Avoid that by listing the
directories explicitly and then selecting first available interface.
This is the case for some variants of ZTE MF286R built-in modem, which
exposes both RNDIS and CDC-ECM network interfaces, causing the
connection setup to fail.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit b2940bb8b2)
Add ifname property to UCI, which can be used to override the
autodetected interface name in case the detection fails due to having
none or more than one interface exposed by the modem, which is not
explicitly linked to TTY port. This is needed on certain variants of ZTE
MF286R built-in modem, which exposes both RNDIS and CDC-ECM interfaces
on the modem, on which the automatic detection may select the wrong
network interface.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit a67629bbe2)
Notify external ubus subscribers of received link-measurement reports.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f6445cfa1a)
Add a ubus method to request link-measurements from connected STAs.
In addition to the STAs address, the used and maximum transmit power can
be provided by the external process for the link-measurement. If they
are not provided, 0 is used as the default value.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 965aa33a18)
Allow external processes to enable advertisement of link-measurement RRM
capability.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2ca5c3da04)
Checking whether /sbin/udhcpc is a symbolic link breaks using the
DHCP proto handler inside procd-ujail where bind-mounts are used for
the resolved link. Check whether /sbin/udhcpc is executable instead
to allow using the proto handler for DHCP-provisioned containers.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c5f113c43f)
Make sure sysupgrade on NAND also works in case of UBI volumes having
index >9. While at it, also make sure UBI device is detected and abort
in case it isn't. Use Shell built-in shorthand ':' instead of 'true'.
Fixes#9708
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0dbca1b2ba)
Specification:
- QCA9533 (650 MHz), 64 or 128MB RAM, 16MB SPI NOR
- 2x 10/100 Mbps Ethernet, with 802.3at PoE support (WAN)
- 2T2R 802.11b/g/n 2.4GHz
Flash instructions:
If your device comes with generic QSDK based firmware, you can login
over telnet (login: root, empty password, default IP: 192.168.188.253),
issue first (important!) 'fw_setenv' command and then perform regular
upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download
image to the device, SSH server is not available):
fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
sysupgrade -n -F openwrt-...-yuncore_...-squashfs-sysupgrade.bin
In case your device runs firmware with YunCore custom GUI, you can use
U-Boot recovery mode:
1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with
'tftp' image renamed to 'upgrade.bin'
2. Power the device with reset button pressed and release it after 5-7
seconds, recovery mode should start downloading image from server
(unfortunately, there is no visible indication that recovery got
enabled - in case of problems check TFTP server logs)
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit a05dcb0724)
Specification:
- QCA9563 (775MHz), 128MB RAM, 16MB SPI NOR
- 2T2R 802.11b/g/n 2.4GHz
- 2T2R 802.11n/ac 5GHz
- 2x 10/100/1000 Mbps Ethernet, with 802.3at PoE support (WAN port)
LED for 5 GHz WLAN is currently not supported as it is connected directly
to the QCA9882 radio chip.
Flash instructions:
If your device comes with generic QSDK based firmware, you can login
over telnet (login: root, empty password, default IP: 192.168.188.253),
issue first (important!) 'fw_setenv' command and then perform regular
upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download
image to the device, SSH server is not available):
fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
sysupgrade -n -F openwrt-...-yuncore_...-squashfs-sysupgrade.bin
In case your device runs firmware with YunCore custom GUI, you can use
U-Boot recovery mode:
1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with
'tftp' image renamed to 'upgrade.bin'
2. Power the device with reset button pressed and release it after 5-7
seconds, recovery mode should start downloading image from server
(unfortunately, there is no visible indication that recovery got
enabled - in case of problems check TFTP server logs)
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit c91df224f5)
This updates mac80211 to version 5.15.33-1 which is based on kernel
5.15.33.
The removed patches were applied upstream.
This new release contains many fixes which were merged into the upstream
Linux kernel.
This also contains the following new drivers which are needed for ath11k:
* net/qrtr/
* drivers/bus/mhi/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3aa96efa24)
Fixes two high-severity vulnerabilities:
- CVE-2022-25640: A TLS v1.3 server who requires mutual authentication
can be bypassed. If a malicious client does not send the
certificate_verify message a client can connect without presenting a
certificate even if the server requires one.
- CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS
v1.3 server can have its certificate heck bypassed. If the sig_algo in
the certificate_verify message is different than the certificate
message checking may be bypassed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit e89f3e85eb)
As anyway only the default is called now we can as well also just remove
the override for Build/Configure.
Fixes: e2cffbb805 ("arm-trusted-firmware-mediatek: update to 2021-03-10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit dffad93d3e)
Changes:
Duncan Roe (5):
nlmsg: Fix a missing doxygen section trailer
build: doc: "make" builds & installs a full set of man pages
build: doc: get rid of the need for manual updating of Makefile
build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
src: doc: Fix messed-up Netlink message batch diagram
Fernando Fernandez Mancera (1):
src: fix doxygen function documentation
Florian Westphal (1):
libmnl: zero attribute padding
Guillaume Nault (1):
callback: mark cb_ctl_array 'const' in mnl_cb_run2()
Kylie McClain (1):
examples: nfct-daemon: Fix test building on musl libc
Laura Garcia Liebana (4):
examples: add arp cache dump example
examples: fix neigh max attributes
examples: fix print line format
examples: reduce LOCs during neigh attributes validation
Pablo Neira Ayuso (3):
doxygen: remove EXPORT_SYMBOL from the output
include: add MNL_SOCKET_DUMP_SIZE definition
build: libmnl 1.0.5 release
Petr Vorel (1):
examples: Add rtnl-addr-add.c
Stephen Hemminger (1):
examples: rtnl-addr-dump: fix typo
igo95862 (1):
doxygen: Fixed link to the git source tree on the website.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit c3b7389339)
Changes:
c63f193 bump version to 1.0.2
3cffa84 libnfnetlink: Check getsockname() return code
90ba679 include: Silence gcc warning in linux_list.h
bb4f6c8 Make it clear that this library is deprecated
e46569c Minimally resurrect doxygen documentation
5087de4 libnfnetlink: hide private symbols
62ca426 autogen: don't convert __u16 to u_int16_t
efa1d8e src: Use stdint types everywhere
7a1a07c include: Sync with kernel headers
7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings
94b68f3 configure: uclinux is also linux
617fe82 src: get source code license header in sync with current licensing terms
97a3960 build: resolve automake-1.12 warnings
Removed the patch 100-missing_include.patch, libnfnetlink compiles fine
with musl without this patch.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit aecf088b37)
bh_event_add_var can be called by multiple threads concurrently,
so it shall not use a static char buffer
Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
(cherry picked from commit 1e991e09b7)
The host-build of libselinux requires libsepol/host.
Add the libsepol/host to HOST_BUILD_DEPENDS to allow build on hosts
which don't have libsepol installed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0d3850dc5a)
Problem exist when dnsmasq is exclusively bind to particular interface.
After reconfiguring or restarting this interface, its index changes, but
dnsmasq uses the old one. When this problem occurs, dnsmasq does not
listen on the correct interface so DHCP does not work, and clients do not
get an IP address. Procd netdev param can be added to restart dnsmasq when
the interface index is changed.
Signed-off-by: Valentyn Datsko <valikk.d@gmail.com>
[combined into a single &&-connected statement]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 76f55e3c3f)
Fixes compilation under musl based distros like Alpine Linux.
Also add pcre/host as a build dependency as it's needed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit abb2683de3)
A Python script containing an unreproducible path is copied by default.
Remove it before generating the package.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 950bd40a27)
The PKG_LICENSE field was missing.
While at it, normalize the Makefile a bit.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 839b1ff1fc)
Previously commit openwrt/packages@3abb7cb ("lvm2: Added script and updated Makefile[...]")
couldn't actually work and allow rootfs_data to be stored on a LVM2 as
the necessary kernel modules had not been loaded at this point.
Fix this by loading device-mapper modules early at boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 82f9ad6ab2)
The first argument for snprintf is the buffer and the 2. one is the
size. Fix the order. This broke the lock application.
Fixes: 9d2b26d5a7 ("busybox: fix busybox lock applet pidstr buffer overflow")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d80336e1a9)
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.
Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
(cherry picked from commit 34567750db)
Getting rid of shared libraries for hostpkg avoids having to use rpath
hacks to find the library. It also fixes compilation with host glib2
binaries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f8571749a7)
Avoids having to add rpath to the various packages using it. Also add
PIC to fix compilation as static libraries do not use PIC by default.
Fixes: 1fb099341e ("musl-fts: add host build")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8a75ed4ba0)
Some configure scripts look for msgfmt and gmsgfmt. As we don't install
the latter, configure might pick up one from staging_dir/hostpkg, and
the other from the host:
checking for msgfmt... /home/stijn/Development/OpenWrt/openwrt/staging_dir/hostpkg/bin/msgfmt
checking for gmsgfmt... /usr/bin/gmsgfmt
This could potentially lead to hard to debug undefined behaviour.
Install a symlink in the host install phase to avoid this.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 636cb00ecc)
v2022.01 has a regression that broke eMMC usage on most if not all Armada
SoC-s, thus breaking boards like uDPU which use eMMC for storage.
Fix it by backporting a recent upstream patch.
Fixes: 782d4c8306 ("uboot-mvebu: update to version 2022.01")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit a703830806)
Evaluating the return value of 'json_load' didn't work in the
intended way resulting in PIN status no longer being read on modems
where --get-pin-status doesn't fail.
Fix this by trying --get-pin-status first and checking if pin1_status
field exists in JSON, and if it doesn't try again with
--uim-get-sim-state.
Fixes: #9501
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ee7cb5e885)
Store selected boot configuration in '/chosen' node in device tree, so
it can be accessed by Linux (and used for fine-tuning the FIT partition
parser).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit dfc3ea6810)
Shuttle KD20 has NAND flash with 0x20000 (128KiB) erase blocks.
Correctly set that in uboot-envtools as well to allow writing to the
bootloader environment using fw_setenv.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit fa67639513)
In commit 2d03f27f0f ("openwrt-keyring: make opkg use 22.03 usign
key") I've accidentally removed the `endef` keyword, so fix it by adding
it back.
Fixes: 2d03f27f0f ("openwrt-keyring: make opkg use 22.03 usign key")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Modified the radio frequency hardware part of e2600ac c1/c2,
need to cooperate with the modified board.bin file, the device
can work normally.
Signed-off-by: 张 鹏 <sd20@qxwlan.com>
(cherry picked from commit bdc786e82c)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.
Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.
Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b3aa2909a7)
391a9fbd5ace dns: fix parsing vlan encapsulated protocol
6aeeddbc91ad interface: extend dns filters to cover vlan tagged traffic as well
1ab53d4ca601 bpf: return TC_ACT_UNSPEC to allow other filters to proceed
ca21e729af23 interface: switch to using clsact for filters
5d158f6b3c15 interface: run ingress bpf filter on main device ingress instead of ifb egress
bdfcb11847ce interface: fix duplicated dns filter line
b97405aa632a Revert "ubus: remove dnsmasq subscriber"
8fbaf39dbc95 interface: rework adding/removing filters, do not delete clsact
d7ba5804eae4 interface: replace open-coded ifb-dns string with QOSIFY_DNS_IFNAME
91cf440db9e2 loader: fix use of deprecated functions
57c7817f91c2 qosify: fix dscp values of ubus-added dns host entries
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit af434e0da2)
Albeit a separate crypto module, lzo-rle uses the same kernel library as lzo.
Crypto API users (zram, for example) expect both lzo and lzo-rle to be
available, so let's include lzo-rle (about 5.5 kiB) in the lib-lzo package.
Based on e9hack's original patch: https://patchwork.ozlabs.org/project/openwrt/patch/541cbfbd-76f2-59b3-a867-47b6f0fc7da9@gmail.com/
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit aaa0c09785)
Also known as the "Xiaomi Router AX3200" in western markets,
but only the AX6S is widely installation-capable at this time.
SoC: MediaTek MT7622B
RAM: DDR3 256 MiB (ESMT M15T2G16128A)
Flash: SPI-NAND 128 MiB (ESMT F50L1G41LB or Gigadevice GD5F1GQ5xExxG)
WLAN: 2.4/5 GHz 4T4R
2.4 GHz: MediaTek MT7622B
5 GHz: MediaTek MT7915E
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531B
LEDs/Keys: 2/2 (Internet + System LED, Mesh button + Reset pin)
UART: Marked J1 on board VCC RX GND TX, beginning from "1". 3.3v, 115200n8
Power: 12 VDC, 1.5 A
Notes:
U-Boot passes through the ethaddr from uboot-env partition,
but also has been known to reset it to a generic mac address
hardcoded in the bootloader.
However, bdata is also populated with the ethernet mac addresses,
but is also typically never written to. Thus this is used instead.
Installation:
1. Flash stock Xiaomi "closed beta" image labelled
'miwifi_rb03_firmware_stable_1.2.7_closedbeta.bin'.
(MD5: 5eedf1632ac97bb5a6bb072c08603ed7)
2. Calculate telnet password from serial number and login
3. Execute commands to prepare device
nvram set ssh_en=1
nvram set uart_en=1
nvram set boot_wait=on
nvram set flag_boot_success=1
nvram set flag_try_sys1_failed=0
nvram set flag_try_sys2_failed=0
nvram commit
4. Download and flash image
On computer:
python -m http.server
On router:
cd /tmp
wget http://<IP>:8000/factory.bin
mtd -r write factory.bin firmware
Device should reboot at this point.
Reverting to stock:
Stock Xiaomi recovery tftp that accepts their signed images,
with default ips of 192.168.31.1 + 192.168.31.100.
Stock image should be renamed to tftp server ip in hex (Eg. C0A81F64.img)
Triggered by holding reset pin on powerup.
A simple implementation of this would be via dnsmasq's
dhcp-boot option or using the vendor's (Windows only)
recovery tool available on their website.
Signed-off-by: Richard Huynh <voxlympha@gmail.com>
(cherry picked from commit 9f9477b275)
A service managed by procd does have a json object with usefull information.
This information could by dumped with the following command.
ubus call service list "{ 'verbose':true, 'name': '<service-name>)'". }"
This line is long and complicated to enter. This commit adds a wrapper
call to the procd service section tool to simplify the input and get the
output faster.
We could now enter the command /etc/initd/<service> info to get the info
faster.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The service command belongs to the procd and does not belong in the
shinit. In the course of the move, the script was also checked with
shellcheck and cleaned up.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Add a patch to add some missing init_extensions{a,b}() calls
Package lib{arp,eb}t_*.so
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This allows to install ip6tables-nft without iptables-nft
This prepare the addition of {arp,eb}tables-nft
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This prepare the introduction of ebtables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This prepare the introduction of arptables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
- Binary files were renamed to cyfmac from brcmfmac, but the files needs
to be on the router with the previous naming
[ 6.656165] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
[ 6.665182] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.bin failed with error -2
[ 6.674928] brcmfmac mmc1:0001:1: Falling back to sysfs fallback for: brcm/brcmfmac43455-sdio.bin
- Cypress were acquired by Infineon Technologies
Thus change the project URL and switch to download files from their
GitHub repository. This is much better than the previous solution, which
requires finding new threads on their community forum about new driver
updates, and it will be necessary to change the URL each time.
Unfortunately, it seems that there is not published changelog, but
according to this forum thread [1], be careful by opening the link from
solution since it contains ending bracket ), it brings fixes for various
security vulnerabilities, which were fixed in 7_45_234.
Fixes:
- FragAttacks
- Kr00k
Also add LICENSE file
Run tested on Seeedstudio router powered by Raspberry Pi 4 CM with
package cypress-firmware-43455-sdio.
Before:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[ 6.895050] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Mar 23 2020 02:20:01 version 7.45.206 (r725000 CY) FWID 01-febaba43
After:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[ 6.829805] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID 01-996384e2
[1] https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/Outdated-brcmfmac-firmware-for-Raspberry-Pi-4-in-OpenWrt-21-02-1/m-p/331593#M2269
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
