d8b43985e4d7 ubus: fix token_create policy
7326459bd743 ubus: dump service information on network_get
6c9c8fbd8128 service: add @all as alias for all members, unless defined differently
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 84909c62c8455a08fb8bb29bd7809ab22c927bf0)
The M1300 v2 is similar to the WR1300 series from Cudy. Differences:
- Only 1 LAN port
- No USB
Specifications:
- MT7621
- MT7603E (2.4G b/g/n) and MT7613BE (5G ac/n) wifi
- 128 MB RAM
- 16 MB flash
MAC Addresses:
- There is one on the label, e.g. xx:xx:xx:xx:xx:1C
- LAN (bottom connector) is the same as the label, e.g. xx:xx:xx:xx:xx:1C
- WAN (top connector) is label +2, e.g. xx:xx:xx:xx:xx:1E
- WLAN (2.4G) is the same as the label, e.g. xx:xx:xx:xx:xx:1C
- WLAN (5G) is the same as WAN, e.g. xx:xx:xx:xx:xx:1E
UART:
- is available via the pin holes on the board
- From inner to outer pin: TX, RX, GND, VCC
- Do NOT connect VCC
- Settings: 3.3V, 115200, 8N1
GPIO:
- There are two LEDs: Red (GPIO 3) and White (GPIO 4)
- There are two buttons: Reset (GPIO 8) and WPS (GPIO 10)
Migration to OpenWrt:
- Download the migration image from the Cudy website (it should be available as soon as OpenWrt officially supports the device)
- The migration image is also available here until a image is provided by Cudy: https://github.com/RolandoMagico/openwrt-build/releases/tag/M1300_Build_20240222
- File: openwrt-ramips-mt7621-cudy_m1300-v2-squashfs-flash-signed.bin
- Connect computer to LAN (bottom connector) and flash the migration image via OEM web interface
- In the migration image, LAN and WAN are swapped. Computer must be connected to the other port after flashing
- OpenWrt is now accessible via 192.168.1.1
- After flashing an up to date OpenWrt image, LAN and WAN settings are again the same as in the OEM firmware
- So use the other connector again
Revert back to OEM firmware:
- Set up a TFTP server on IP 192.168.1.88 and connect to the LAN port (lower port)
- Provide the Cudy firmware as recovery.bin in the TFTP server
- Press the reset button while powering on the device
- Recovery process is started now
- When recovery process is done, OEM firmware is accessible via 192.168.10.1 again
General information:
- No possibility to load a initramfs image via U-Boot because there is no option to interrupt U-Boot
Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18139
(cherry picked from commit 8a7863767056ca0dec69a6b383b6e0c0d5fc3af7)
Link: https://github.com/openwrt/openwrt/pull/18204
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The fixes are only for the WRT1900X and WRT1200AC.
It contains:
Deletes the driver's ability to modify the debit table.
Remove skb_get(done_skb) in txdone
Reworking ISR
clean code
Napi replaces tasklet
Add rx_decrypt feature
Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
Link: https://github.com/openwrt/openwrt/pull/17997
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18145
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for Genexis Pulse EX400 / Inteno Pulse EX400. A branded
variant for the Finnish ISP DNA has already been added in fea2264d9fdd
(ramips: mt7621: Add DNA Valokuitu Plus EX400, 2023-07-31). This commit
adds support for the generic variants with Inteno and Genexis branding.
Inteno changed its name to Genexis and both brandings exist.
In terms of electronics, there is no difference between the DNA-branded
version and other brandings. LED markings on the case are different,
though. While the DNA-version has a "software-update" LED, the other
versions have a WPS LED. To reduce user confusion, create a separate
image.
Add the different device-tree with the different LED and rename things
to work the same way for both variants.
Specifications:
- Device: Genexis Pulse EX400 / Inteno Pulse EX400
- SoC: MT7621A
- Flash: 256 MB NAND
- RAM: 256 MB
- Ethernet: Built-in, 2 x 1 GbE
- Wifi: MT7603 2.4 GHz 2x2 MIMO, MT7615 5 GHz 4x4 MU-MIMO
- USB: 1x 2.0
- LEDs (GPIO): green/red status, green WPS
- LEDs (SX9512, unsupported): Broadband, Wi-Fi 2.4G, Wi-Fi 5G
- Buttons (GPIO): Reset
- Buttons (SX9512, unsupported): Wi-Fi 2.4G, Wi-Fi 5G, WPS
MAC addresses:
- LAN: U-Boot 'ethaddr' (label)
- WAN: label + 1
- 2.4 GHz: label + 6
- 5 GHz: label + 7
Serial:
There is a black block connector next to the red ethernet connector. It
is accessible also through holes in the casing.
Pinout (TTL 3.3V)
+---+---+
|Tx |Rx |
+---+---+
|Vcc|Gnd|
+---+---+
Firmware:
The vendor firmware is a fork of OpenWrt (Reboot) with a kernel version
4.4.93. The flash is arranged as below and there is a dual boot
mechanism alternating between rootfs_0 and rootfs_1.
+-------+------+------+-----------+-----------+
| | env1 | env2 | rootfs_0 | rootfs_1 |
| +------+------+-----------+-----------+
| | UBI volumes |
+-------+-------------------------------------+
|U-Boot | UBI |
+-------+-------------------------------------+
|mtd0 | mtd1 |
+-------+-------------------------------------+
| NAND |
+---------------------------------------------+
In OpenWrt rootfs_0 will be used as a boot partition that will contain the
kernel and the dtb. The squashfs rootfs and overlay are standard OpenWrt
behaviour.
+-------+------+------+-----------+--------+------------+
| | env1 | env2 | rootfs_0 | rootfs | rootfs_data|
| +------+------+-----------+--------+------------+
| | UBI volumes |
+-------+-----------------------------------------------+
|U-Boot | UBI |
+-------+-----------------------------------------------+
|mtd0 | mtd1 |
+-------+-----------------------------------------------+
| NAND |
+-------------------------------------------------------+
U-boot:
With proper serial access, booting can be halted to U-boot by pressing
any key. TFTP and flash writes are available, but only the first one has
been tested.
NOTE: Recovery mode can be accessed by holding down the reset button while
powering on the device. The led 'Update' will show a solid green light
once ready. A web server will be running at 192.168.1.1:80 and it will
allow flashing a firmware package. You can cycle between rootfs_0 and
rootfs_1 by pressing the reset button once.
Root password:
With the vendor web UI create a backup of your settings and download the
archive to your computer. Within the archive in the file
/etc/shadow replace the password hash for root with that of a password you
know. Restore the configuration with the vendor web UI and you will have
changed the root password.
SSH access:
You might need to enable the SSH service for LAN interface as by default
it's enabled for WAN only.
Installing OpenWrt:
With the vendor web UI, or from the U-Boot recovery UI, install the
OpenWrt factory image. Alternatively, ssh to the device and use
sysupgrade -n from cli.
Finalize by installing the OpenWrt sysupgrade image to get a fully
functioning system.
Reverting to the vendor firmware:
Boot with OpenWrt initramfs image
- Remove volumes rootfs_0, rootfs and rootfs_data and create vendor
volumes.
ubirmvol /dev/ubi0 -n 2
ubirmvol /dev/ubi0 -n 3
ubirmvol /dev/ubi0 -n 4
ubimkvol /dev/ubi0 -N rootfs_0 -S 990
ubimkvol /dev/ubi0 -N rootfs_1 -S 990
Power off and enter to the U-boot recovery to install the vendor
firmware.
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
Link: https://github.com/openwrt/openwrt/pull/17551
(cherry picked from commit 3e7337feead8e0a0f5a05f5b91d7d0fd7f14ec56)
Link: https://github.com/openwrt/openwrt/pull/18238
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Move common definitions for DNA Valokuitu Plus EX400 to a dtsi include.
This is in preparation of adding the non-branded variant of the device
produced by Genexis / Inteno in the next commit. The device with DNA
branding differs in the LED labling on the device.
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
Link: https://github.com/openwrt/openwrt/pull/17551
(cherry picked from commit e8603f3b5a15856fccee2e02a5406ca9c8b2ba1d)
Link: https://github.com/openwrt/openwrt/pull/18238
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is an industrial 4G router equipped with OpenWrt 14.07 OEM
customized version
WARNING: The original firmware device tree is common to multiple
boards, and the device tree name is H9350. This submitted device
tree is a modified version, which deletes the non-this-device parts
and adds GPIO watchdog.
Specification:
- SoC: MediaTek MT7620A
- Flash: 16 MB
- RAM: 128 MB
- Power: DC 5V-36V 1.5A
- Ethernet: 1x WAN, 4x LAN (10/100 Mbps)
- Wireless radio: 802.11n 2.4g-only
- LED:
System/Power (RUN): GPIO/26 active-low
Ethernet: 1x WAN, 4x LAN
Modem 1: GPIO/66 active-low
RF 1 (Modem 1 Signal): GPIO/67 active-low
Modem 2: GPIO 71 active-low
RF 2 (Modem 2 Signal): GPIO/24 active-low
WLAN: GPIO/72 active-low
WPS: GPIO/12 active-low
- Button:
WPS / RESET: GPIO/34 active-low
- UART: 1x UART on PCB - 115200 8N1
- GPIO Watchdog: GPIO/62 mode=toggle timeout=1s
- PCIe: 2x miniPCIe for modem
- SIM Slots: 2x SIM Slots
Issue:
- No factory partition, eeprom is located
at /lib/firmware/mt7620a.eeprom
Flash instruction:
Using UART:
1. Configure PC with a static IP address and setup an TFTP server.
2. Put rootfs into the tftp directory.
3. Connect the UART line as described on the PCB.
4. Power up the device and press Ctrl+C to break auto boot.
5. Use `system 6` command and follow the instruction to set device
and tftp server IP address and input the rootfs file name.
U-boot will then load the rootfs and write it into
the flash.
6. Use `system 1` command and follow the instruction to set device
and tftp server IP address and input the firmware file name.
U-boot will then load the firmware once.
7. Login to LuCI and use LuCI upgrade firmware.
Original Firmware Dump / More details:
https://blog.gov.cooking/archives/research-hongdian-h8922-and-flash.html
Signed-off-by: Coia Prant <coiaprant@gmail.com>
Tested-by: Coia Prant <coiaprant@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17472
Link: https://github.com/openwrt/openwrt/pull/18221
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6a1bdcf545eec8f9ed5130e7f5794fca6ee54cb3)
This board is also as known as SuperElectron ZN-M5 and ZN-M8. However,
for ZN-M5 and ZN-M8, there's another version uses ZX279128 as CPU
chip, which is unsupported.
You can check it in "高级设置" > "系统日志" > "内核日志" page from webUI.
Hardware specification:
SoC: MediaTek MT7981B 2x A53
Flash: 128 MB SPI-NAND
RAM: 256MB
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976C
Button: Reset, WPS
Power: DC 12V 1A
Stock layout flash instructions:
Login into webUI and upload sysupgrade firmware in "系统管理" > "升级固件" page.
Remember to unselect "保留配置" ("Keep configurations") first before doing that.
OpenWrt U-Boot layout flash instructions:
1. Flash stock layout firmware first.
2. Connect to the device via SSH, and backup everything,
especially 'Factory' partition.
3. Unlock MTD partitions:
opkg update && opkg install kmod-mtd-rw
insmod mtd-rw i_want_a_brick=1
4. Write new BL2 and FIP:
mtd write openwrt-mediatek-filogic-cmcc_a10-ubootmod-preloader.bin BL2
mtd write openwrt-mediatek-filogic-cmcc_a10-ubootmod-bl31-uboot.fip FIP
5. Set static IP on your PC:
IP 192.168.1.254/24, GW 192.168.1.1
6. Serve OpenWrt initramfs image using TFTP server.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt has booted, perform sysupgrade.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/18121
(cherry picked from commit 96c6608346758ceffebf30d74cab00db58874bb9)
[sync uboot defconfigs with 24.10 branch, change apk to opkg]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/18218
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Trying to tcpdump DSA conduits results in errors such as
"unsupported DSA tag: mtk".
Backport two commits adding support for various DSA tags to libpcap.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit fad94e8cda573389164827dc74e583d10eeae2e5)
Currently, enabling USB, BT or Netfilter support after initial compilation
will not trigger a rebuild, so add the missing PKG_CONFIG_DEPENDS so
that rebuild gets triggered.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit fe37574be63ef7c6c1c1e611f052ed25c99a8aa1)
I selected one subtarget after the other and refreshed their
configuration using this command:
make kernel_oldconfig CONFIG_TARGET=subtarget
For MT7629 I had to re-add CONFIG_LEDS_SMARTRG_LED manually.
Otherwise, building MT7629 with ALL_KMODS we get prompted for
LEDS_SMARTRG_LED and this will break CI and in future buildbot
compilation. See commit 6bdea8c7bd85 ("mediatek: mt7629: 6.6: disable
LEDS_SMARTRG_LED by default") for more details.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Link: https://github.com/openwrt/openwrt/pull/18182
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5013efc4f907550fadbf15e2fb1bdb2ead3325db)
Prior to commit 8a7d12d674,
cdc-ethernet USB LTE modems (e.g. Quectel EC200A) were consistently named
usb0. After 8a7d12d67, devices began renaming to eth1 due to an assumption
that local MAC addresses originate exclusively from the kernel. Some
devices provide driver-assigned local MACs, causing point-to-point
interfaces with driver-set MACs to adopt eth%d names instead of usb%d.
Restore the naming exception for point-to-point devices: interfaces
without driver MACs or with driver-provided local MACs will retain the
usb%d convention. This addresses issues reported in [1] and fixed in [2].
[1] https://lore.kernel.org/all/Z00udyMgW6XnAw6h@atmark-techno.com/
[2] https://lore.kernel.org/all/20241203130457.904325-1-asmadeus@codewreck.org/
Tested-by: Ahmed Naseef <naseefkm@gmail.com>
Signed-off-by: Ahmed Naseef <naseefkm@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17757
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit ecd609f509f29ed1f75db5c7a623f359c64efb72)
`ucv_array_set` releases the array's reference to the object being cleared.
If this is the last reference to the object, it will be freed, making our
pointer `val` invalid.
To avoid this, we need to obtain our own reference to the object so we
can safely return `val`.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
(cherry picked from commit 6a10da2934441a59283394a84917edf4983e3043)
Since `wpa_ucode_registry_add` collects its own reference to the values added, the
two functions `hostapd_ucode_bss_get_uval` and `hostapd_ucode_iface_get_uval` would
sometimes return a referenced object (from `uc_resource_new`) and sometimes return
an unreferenced object (from `wpa_ucode_registry_get`). Now, both functions always
return a referenced object.
This change also indirectly fixes `hostapd_ucode_bss_get_uval`, ensuring it now
always returns a referenced object.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 7729f960933a03c9eebd2b65a695ea57718ccb77)
Remove extra ucv_get calls when passing a referenced value to an object
without using it further.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 22eaf1864731dd29918357b26565dbd9420fd314)
This fixes a common reference counting bug typically along the lines of:
```
uc_value_push(ucv_get(ucv_string_new(...)));
```
This would leave our new string with a reference count of 2, one from
the construction of the string, the other from `ucv_get`. This would
prevent the strings from being correctly cleaned up when it goes out
of scope.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
(cherry picked from commit f79968ee0f76c41414fb0c08980b9c2a259964d3)
When a feed has submodules, all its submodules are fully cloned whereas
the feed itself is shallowed. Let's be consistent and perform shallow clones
as well for the submodules.
Signed-off-by: Cedric CHEDALEUX <cedric.chedaleux@orange.com>
Link: https://github.com/openwrt/openwrt/pull/18003
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 9ec32cfb2733856a2ab4caee07d9b3297568381d)
When a feed is referenced with a specific commit (i.e. <git_url>^<sha1>),
a full clone was performed and a branch was created from the sha1
and named with the sha1. Other git clones operations are shallowed.
As Git does not support clone at a specific commit, let's first perform
a shallow clone to latest commit, then fetch the relevant commit and
finally checkout it (no more 'pseudo' branch).
It saves bandwith and significantly speeds up the feed update process.
Signed-off-by: Cedric CHEDALEUX <cedric.chedaleux@orange.com>
Link: https://github.com/openwrt/openwrt/pull/18003
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 32d0a57dc10811a24816e51f10e55963f40fe462)
75a236be122a service: add missing null pointer check
f5341f327539 ubus: add api for generating and validating security tokens
3fab99eab4d5 add udebug support
28d86bd30e97 pex: only respond to update requests when we have network data
8e6f37cc361e pex-msg: ignore no-data responses if version is zero
12e6cf7f63e1 pex: create pex host from update responses
edc8fdae463a ubus: show the local addresses in network status
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit ce68f61cb67a4701a108f838f510e72ca63ed78e)
ethtool since version 6.9 introduced support for getting/setting RSS
input transformation supported in Linux since version 6.8.
The now changed kernel ioctl ABI, however, cannot be detected from
userland, and ethtool since version 6.9 simply assumes that a previously
reserved field is now used to set the input transformation.
Unfortunately the default value RXH_XFRM_NO_CHANGE (0xff) used by ethtool
userland creates an incompatibility with older kernels which cannot be
resolved easily without introducing even more ABI breakage.
Work-around the issue and fix support for --set-rxfh and --set-rxfh-indir
ethtool userland tool commands by making the support for input_xfrm
conditional on compile time, and keep it disabled for Linux 6.6.
Fixes: 8c2dcd1518 ("ethtool: update to 6.10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tested-by: Stijn Segers <foss@volatilesystems.org>
(cherry picked from commit 3a7467ffde413677de5465dde78a62dfa8d6774f)
Version 6.11 - October 8, 2024
* Feature: cmis: print active and inactive firmware versions
* Feature: flash transceiver module firmware (--flash-module-firmware)
* Feature: add T1BRR 10Mb/s mode to link mode tables
* Feature: support for disabling netlink from command line
* Fix: fix lanes parameter format specifier
* Fix: add missing clause 33 PSE manual description
* Fix: qsf: Better handling of Page A2h netlink read failure
* Fix: rss: retrieve ring count using ETHTOOL_GRXRINGS ioctl (-x)
* Misc: man page formatting fix
* changelog here: https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/commit/NEWS?id=c0ea4b70c71334ef038f7a3416b228a50dada406
Tested on gl.inet MT6000, retrieve ring count is now working
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17607
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 9454331b7fc896704a2c60b28767c282eb9ca0bd)
Specification:
* Mediatek MT7981BA
* 256 MB SPI-NAND
* 512 MB DDR4 RAM
* MT7976CN DBDC AX Wi-Fi
* MediaTek MT7531AE (3x LAN Gigabit ports) + Internal Gbe Phy (1x WAN Gigabit port)
* 4x LED (power, internet, fn, wifi)
* 3x buttons (wps, fn, reset)
* 1x USB 3.0 port
Serial Interface:
* 3 Pins GND, RX, TX
* Settings: 115200, 8N1
Notes:
* The device supports dual boot mode
* Fn led reassigned to wlan 2.4
Flash instruction:
The only way to flash OpenWrt image is to use tftp recovery mode in U-Boot:
1. Configure PC with static IP 192.168.1.2/24 and tftp server.
2. Rename "openwrt-mediatek-filogic-keenetic_kn-3811-squashfs-factory.bin"
to "KN-3811_recovery.bin" and place it in tftp server directory.
3. Connect PC with ethernet port, press the reset button, power up
the device and keep button pressed until status led start blinking.
4. Device will download file from server, write it to flash and reboot.
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17135
(cherry picked from commit d087a79b7b03fe93a221fd6246ce437c5c5325c3)
Link: https://github.com/openwrt/openwrt/pull/18055
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Specification:
- MT7981 CPU using 2.4GHz and 5GHz WiFi (both AX)
- 512MB RAM
- 128MB SPI NAND
- 2 LEDs (green, orange)
- 3 buttons (fn, reset, wps)
- 2 2.5Gbit ethernet ports based on Airoha EN8811H phy
Serial Interface:
- 3 Pins GND, RX, TX
- Settings: 115200, 8N1
Notes:
- The device supports dual boot mode
Flash instruction:
The only way to flash OpenWrt image is to use tftp recovery mode in U-Boot:
1. Configure PC with static IP 192.168.1.2/24 and tftp server.
2. Rename "openwrt-mediatek-filogic-keenetic_kn-3911-squashfs-factory.bin"
to "KN-3911_recovery.bin" and place it in tftp server directory.
3. Connect PC with ethernet port, press the reset button, power up
the device and keep button pressed until status led start blinking.
4. Device will download file from server, write it to flash and reboot.
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16830
(cherry picked from commit 5a4eb56a7bc7d1d8028d103d50b0dba2ff7808c4)
Link: https://github.com/openwrt/openwrt/pull/18055
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
CVE-2024-13176[1] - Fixed timing side-channel in ECDSA signature
computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In
particular the NIST P-521 curve is affected. To be able to measure this
leak, the attacker process must either be located in the same physical
computer or must have a very fast network connection with low latency.
CVE-2024-9143[2] - Fixed possible OOB memory access with invalid
low-level GF(2^m) elliptic curve parameters.
Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit
values for the field polynomial can lead to out-of-bounds memory reads
or writes. Applications working with "exotic" explicit binary (GF(2^m))
curve parameters, that make it possible to represent invalid field
polynomials with a zero constant term, via the above or similar APIs,
may terminate abruptly as a result of reading or writing outside of
array bounds. Remote code execution cannot easily be ruled out.
1. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
2. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/17947
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit b4e6fd7b76440076eeff3a0789d40acbb5363ecf)
b43aeb5 wireless-regdb: assert and correct maximum bandwidth within frequency difference
68588bf wireless-regdb: Update regulatory info for Syria (SY) for 2020
0dda57e wireless-regdb: Update regulatory info for Moldova (MD) on 6GHz for 2022
b19ab0b wireless-regdb: Update regulatory info for Azerbaijan (AZ) on 6GHz for 2024
f67f40d wireless-regdb: Update regulatory info for Oman (OM)
bd70876 wireless-regdb: Update regulatory rules for Armenia (AM) on 2.4 and 5 GHz
6c7cbcc wireless-regdb: Permit 320 MHz bandwidth in 6 GHz band in ETSI/CEPT
f9f6b30 wireless-regdb: Update regulatory rules for Austria (AT)
39b47ea wireless-regdb: Update regulatory info for Cayman Islands (KY) for 2024
3dd7ceb wireless-regdb: allow NO-INDOOR flag in db.txt
4d754a1 wireless-regdb: Update regulatory rules for Iran (IR) on both 2.4 and 5Ghz for 2021
8c8308a wireless-regdb: Update frequency range with NO-INDOOR for Oman (OM)
c2f11e2 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Rudy Andram <rmandrad@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17957
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit da2cc98458f46745de95e88b6066620fbd02b190)
The proposed detection method was based on reading the LAUNCH_FREADY core flag.
However, this method only works before the cores are launched.
For this reason, the core number detection method has been changed to a simpler one.
For mt6721s the 17th revision bit is zero, hence we know that it is this chip,
so the number of cores is 1.
Fixes: https://github.com/openwrt/openwrt/issues/17764
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
Tested-by: Simon Etzlstorfer <simon@etzi.at>
Tested-by: Mauri Sandberg <maukka@ext.kapsi.fi>
Co-authored-by: Shiji Yang <yangshiji66@qq.com>
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/17834
(cherry picked from commit bb84c256e701a21a97443ffe9dd1d510bd6c1c40)
Link: https://github.com/openwrt/openwrt/pull/18015
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Set the SUPPORTED_DEVICES Device var so that sysupgrade images
are supported without a force.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Link: https://github.com/openwrt/openwrt/pull/17964
(cherry picked from commit 5a124ff167ed42e28dba2805793b5ddcece0eb50)
Link: https://github.com/openwrt/openwrt/pull/18093
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The upstream device-tree files are now using 'gateworks' instead of 'gw'
for compatible. Add this pattern so that the newer boards support
sysupgrade.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Link: https://github.com/openwrt/openwrt/pull/17964
(cherry picked from commit ee73d35fbe0f18bfd0f710008de369236a220510)
Link: https://github.com/openwrt/openwrt/pull/18093
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>