Commit Graph

54855 Commits

Author SHA1 Message Date
Wenli Looi
efca76ffce
image: add support for Netgear encrypted image
Netgear encrypted image is used in various devices including WAX202,
WAX206, and EX6400v3. This image format also requires a dummy squashfs4
image which is added here as well.

References in WAX202 GPL source:
https://www.downloads.netgear.com/files/GPL/WAX202_V1.0.5.1_Source.rar

* openwrt/bootloader/u-boot-mt7621-2018.09-gitb178829-20200526/board/ralink/common/dual_image.c
  Bootloader code that verifies the presence of a squashfs4 image, thus
  a dummy image is added here.

* openwrt/tools/imgencoder/src/gj_enc.c
  Contains code that generates the encrypted image. There is support for
  adding an RSA signature, but it does not look like the signature is
  verified by the stock firmware or bootloader.

* openwrt/tools/imgencoder/src/imagekey.h
  Contains the encryption key and IV. It appears the same key/IV is used
  for other Netgear devices including WAX206 and EX6400v3.

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2022-07-19 14:49:03 +02:00
Oleg S
6c7e337c80
ramips: Add support command fw_setsys for Xiaomi routers
The system parameters are contained in the Bdata partition.
To use the fw_setsys command, you need to create a file
fw_sys.config.
This file is created after calling the functions
ubootenv_add_uci_sys_config and ubootenv_add_app_config.

Signed-off-by: Oleg S <remittor@gmail.com>
[ wrapped commit description to 72 char ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-07-19 14:40:21 +02:00
John Audia
d0d6b8e183
mt7622: remove 300 MHz from dts
Due to the bug described here[1], remove the 300 MHz clock to avoid a low
voltage condition that can cause a hang when rebooting the RT3200/E8450.

This solution is probably better than the script-based work-around[2].

1. https://forum.openwrt.org/t/belkin-rt3200-linksys-e8450-wifi-ax-discussion/94302/1490
2. https://github.com/openwrt/openwrt/pull/5025

Signed-off-by: John Audia <therealgraysky@proton.me>
Tested-by: Rui Salvaterra <rsalvaterra@gmail.com>
Tested-by: John Audia <therealgraysky@proton.me>
2022-07-19 14:26:30 +02:00
Rafał Miłecki
79af0593a3 kernel: switch back 5.15 to fw_devlink=permissive
Kernel switching to fw_devlink=on as default broke probing some devices.
Revert it until we get a proper fix.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-07-19 06:26:32 +02:00
John Audia
c50d462e34 kernel: bump 5.10 to 5.10.131
All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-07-18 23:14:30 +02:00
John Audia
c600d1cb00 kernel: bump 5.10 to 5.10.130
All patches automatically rebased.

Build system: x86_64
Build-tested: ipq806x/R7800

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-07-18 23:14:30 +02:00
John Audia
06c9e8bfdf kernel: bump 5.10 to 5.10.129
All patches automatically rebased.

Build system: x86_64
Build-tested: ipq806x/R7800

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-07-18 23:14:30 +02:00
John Audia
6dc3efe14b kernel: bump 5.10 to 5.10.128
No patches needed to be rebased, just updated checksums

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-07-18 23:14:30 +02:00
Rafał Miłecki
864fdf2bf3 bcm4908: use upstream-accepted watchdog patches
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-07-18 18:39:20 +02:00
Rafał Miłecki
001856fa51 bcm4908: backport latest DT patches
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-07-18 18:39:20 +02:00
Rafał Miłecki
bb2a2b1dbe kernel: update leds-bcm63138 driver
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-07-18 18:39:20 +02:00
Felix Fietkau
af8771751c kernel: backport mtk wlan flow offloading fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-07-18 15:14:16 +02:00
Mark Mentovai
7f54bf6fe2
ipq40xx: add MikroTik wAP ac (RBwAPG-5HacD2HnD) support
The MikroTik wAP ac (RBwAPG-5HacD2HnD) is a dual-band dual-radio
802.11ac wireless access point with integrated antenna and two Ethernet
ports in a weatherproof enclosure. See
https://mikrotik.com/product/wap_ac for more information.

Important: this is the new ipq40xx-based wAP ac, not the older
ath79-based wAP ac (RBwAPG-5HacT2HnD), already supported in OpenWrt.

Specifications:
 - SoC: Qualcomm Atheros IPQ4018
 - CPU: 4x ARM Cortex A7
 - RAM: 128MB
 - Storage: 16MB NOR flash
 - Wireless
    - 2.4GHz: Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, 2.5 dBi antennae
    - 5GHz: Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 2.5 dBi antennae
 - Ethernet: Built-in IPQ4018 (SoC, QCA8075), 2x 1000/100/10Mb/s ports,
   one with 802.3af/at PoE in

Installation:
Boot the initramfs image via TFTP, then flash the sysupgrade image using
sysupgrade. Details at https://openwrt.org/toh/mikrotik/common.

Notes:
This preserves the MAC addresses of the physical Ethernet ports:
 - eth0 corresponds to the physical port labeled ETH1 and has the base
   MAC address. This port can be used to power the device.
 - eth1 corresponds to the physical port labeled ETH2 and has a MAC
   address one greater than the base.

MAC addresses are set from /lib/preinit/05_set_iface_mac_ipq40xx.sh
rather than /etc/board.d/02_network so that they are in effect for
preinit. This should likely be done for other MikroTik devices and
possibly other non-MikroTik devices as well.

As this device has 2 physical ports, they are each connected to their
respective PHYs, allowing the link status to be visible to software.
Since they are not marked on the case with any role (such as LAN or
WAN), both are bridged to the lan network by default, although this can
easily be changed if needed.

Signed-off-by: Mark Mentovai <mark@mentovai.com>
2022-07-18 01:45:47 +02:00
Rafał Miłecki
d9ab1e56d8 kernel: backport LEDs driver for BCMBCA devices
This includes BCM63xx and BCM4908 families.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-07-17 18:44:41 +02:00
Rosen Penev
5ad67cc513 libiconv-full: add host build
Now that libiconv-stub is gone, a replacement for its host build is
needed.

Fixes: c0ba4201f8 ("libiconv-stub: remove")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-17 14:21:03 +02:00
Christian Lamparter
b479db9062 sdk: add spidev-test to the bundle of userspace sources
moves and extends the current facilities, which have been
added some time ago for the the usbip utility, to support
more utilites that are shipped with the Linux kernel tree
to the SDK.

this allows to drop all the hand-waving and code for
failed previous attempts to mitigate the SDK build failures.

Fixes: bdaaf66e28 ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-17 14:19:21 +02:00
Catalin Toda
488b25f5ac kernel: netconsole: add network console logging support
Accessing the console on many devices is difficult.
netconsole eases debugging on devices that crash
after the network is up.

Reference to the netconsole documentation in upstream Linux:
<https://www.kernel.org/doc/html/latest/networking/netconsole.html>
|
|netconsole=[+][src-port]@[src-ip]/[<dev>],[tgt-port]@<tgt-ip>/[tgt-macaddr]
|
| where
|  +            if present, enable extended console support
|  src-port     source for UDP packets (defaults to 6665)
|  src-ip       source IP to use (interface address)
|  dev          network interface (eth0)
|  tgt-port     port for logging agent (6666)
|  tgt-ip       IP address for logging agent
|  tgt-macaddr  ethernet MAC address for logging agent (broadcast)

OpenWrt specific notes:

OpenWrt's device userspace scripts are attaching the network
interface (i.e. eth0) to a (virtual) bridge (br-lan) device.
This will cause netconsole to report:
|network logging stopped on interface eth0 as it is joining a master device
(and unfortunately the traffic/logs to stop at this point)

As a workaround, the netconsole module can be manually loaded
again after the bridge has been setup with:

 insmod netconsole netconsole=@/br-lan,@192.168.1.x/MA:C...

One way of catching errors before the handoff, try to
append the /etc/modules.conf file with the following extra line:
 options netconsole netconsole=@/eth0,@192.168.1.x/MA:C...

and install the kmod-netconsole (=y) into the base image.

Signed-off-by: Catalin Toda <catalinii@yahoo.com>
(Added commit message from PR, added links to documentation)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-17 14:18:42 +02:00
Christian Lamparter
e879cccaa2 uboot-layerscape: update PKG_HASH
The change of the PKG_VERSION caused the hash of the package to
change. This is because the PKG_VERSION is present in the
internal directory structure of the uboot-layerscape-21.08.tar.xz
archive.

i.e:
 # tar tf uboot-layerscape-21.08.tar.xz:

uboot-layerscape-21.08/
uboot-layerscape-21.08/.azure-pipelines.yml
uboot-layerscape-21.08/.checkpatch.conf
uboot-layerscape-21.08/.gitattributes
uboot-layerscape-21.08/.github/
[...]

vs.

 # tar tf uboot-layerscape-LSDK-21.08.tar.xz
uboot-layerscape-LSDK-21.08/
uboot-layerscape-LSDK-21.08/.azure-pipelines.yml
uboot-layerscape-LSDK-21.08/.checkpatch.conf
uboot-layerscape-LSDK-21.08/.gitattributes
uboot-layerscape-LSDK-21.08/.github/
[...]

the (file) content of both archives are otherwise the same.

The PKG_HASH was taken from the builder log:
| Hash of the local file uboot-layerscape-21.08.tar.xz does not match
|(file: 54909a98bdcc26c7f9b35b35fcae09b977ecbf044be7bffa6dad9306c47cccf6,
|requested: 874e871755ef84ebbf3[...]) - deleting download.

without this update, the uboot-layerscape-21.08 package would
always try to download (from git), repacked the archive and
reupload to sources.openwrt.org (~14 MiB saved).

Fixes: 038d5bdab1 ("layerscape: use semantic versions for LSDK")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-17 14:14:54 +02:00
Rosen Penev
5dca7d7015 mbedtls: build with PIC
Fixes compilation with GCC12 and dependent packages for some reason.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-07-17 13:43:48 +02:00
Christian Lamparter
e3a1d3ba15 ipq-wifi: remove dangling GL.iNet GL-B2200 boardfiles
those board files can/should be dropped now too.

Fixes: 50c232d6f4 ("ipq-wifi: drop upstreamed board-2.bin")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-17 13:43:48 +02:00
Christian Lamparter
e0e6444930 nu801: fix DEPENDS on bcm53xx
the tacked on @TARGET_bcm53xx causes warnings:
tmp/.config-package.in:14027:warning: ignoring unsupported character '@'
tmp/.config-package.in:26028:warning: ignoring unsupported character '@'

this was wrong.

Fixes: be1761fa14 ("nu801: add MR26 to the table")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-17 13:43:48 +02:00
Christian Marangi
e62d1edd6b
procd: update to git HEAD
ef5d3e3 jail: fix various ignoring return value compilation warning
8e4a956 jail: add WARNING macro to log non critical warning message

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-07-17 13:21:45 +02:00
Christian Marangi
d58ce80080
fstools: update to git HEAD
ebf7e90 libfstools: handle gzip return value in block_volume_format

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-07-17 13:21:45 +02:00
Sander Vanheule
1773264a0c realtek: correct egress frame port verification
Destination switch ports for outgoing frame can range from 0 to
CPU_PORT-1.

Refactor the code to only generate egress frame CPU headers when a valid
destination port number is available, and make the code a bit more
consistent between different switch generations. Change the dest_port
argument's type to 'unsigned int', since only positive values are valid.

This fixes the issue where egress frames on switch port 0 did not
receive a VLAN tag, because they are sent out without a CPU header.
Also fixes a potential issue with invalid (negative) egress port numbers
on RTL93xx switches.

Reported-by: Arınç ÜNAL <arinc.unal@xeront.com>
Suggested-by: Birger Koblitz <mail@birger-koblitz.de>
Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-07-17 10:06:51 +02:00
Sander Vanheule
0b35a08a05 realtek: correct egress frame priority assignment
Priority values passed to the egress (TX) frame header initialiser are
invalid when smaller than 0, and should not be assigned to the frame.
Queue assignment is then left to the switch core logic.

Current code for RTL83xx forces the passed priority value to be
positive, by always masking it to the lower bits, resulting in the
priority always being set and enabled. RTL93xx code doesn't even check
the value and unconditionally assigns the (32 bit) value to the (5 bit)
QID field without masking.

Fix priority assignment by only setting the AS_QID/AS_PRI flag when a
valid value is passed, and properly mask the value to not overflow the
QID/PRI field.

For RTL839x, also assign the priority to the right part of the frame
header. Counting from the leftmost bit, AS_PRI and PRI are in bits 36
and 37-39. The means they should be assigned to the third 16 bit value,
containing bits 32-47.

Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-07-17 10:06:46 +02:00
Sander Vanheule
d6165ea75b realtek: fix egress L2 learning on rtl839x
The flag to enable L2 address learning on egress frames is in CPU header
bit 40, with bit 0 being the leftmost bit of the header. This
corresponds to BIT(7) in the third 16-bit value of the header.

Correctly set L2LEARNING by fixing the off-by-one error.

Fixes: 9eab76c84e ("realtek: Improve TX CPU-Tag usage")
Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-07-17 10:06:40 +02:00
Sander Vanheule
d9516cacb0 realtek: fix egress port mask on rtl839x
The flag to enable the outgoing port mask is in CPU header bit 43, with
bit 0 being the leftmost bit of the header. This corresponds to BIT(4)
in the third 16-bit value of the header.

Correctly set AS_DPM by fixing the off-by-one error.

Fixes: 9eab76c84e ("realtek: Improve TX CPU-Tag usage")
Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-07-17 10:06:32 +02:00
Christian Marangi
ef3d0a3029
ubox: update to latest git HEAD
46a33b8 kmodloader: fix compilation warning with not checking return of asprintf

Also switch PKG_RELEASE to AUTORELEASE.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-07-17 03:12:45 +02:00
Eneas U de Queiroz
9710fe70a6
wolfssl: bump to 5.4.0
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.

The patch fixing x86 aesni build has been merged upstream.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-07-16 22:22:40 +02:00
Christian Lamparter
e37ba80633 bcm53xx: add support for Meraki MR26
Meraki MR26 is an EOL wireless access point featuring a
PoE ethernet port and two dual-band 3x3 MIMO 802.11n
radios and 1x1 dual-band WIFI dedicated to scanning.

Thank you Amir for the unit and PSU.

Hardware info:
SOC   : Broadcom BCM53015A1KFEBG (dual-core Cortex-A9 CPU at 800 MHz)
RAM   : SK hynix Inc. H5TQ1G63EFR, 1 Gbit DDR3 SDRAM = 128 MiB
NAND  : Spansion S34ML01G100TF100, 1 Gbit SLC NAND Flash = 128 MiB
ETH   : 1 GBit Ethernet Port - PoE
WIFI1 : Broadcom BCM43431KMLG, BCM43431 802.11 abgn
WIFI1 : Broadcom BCM43431KMLG, BCM43431 802.11 abgn
WIFI3 : Broadcom BCM43428 abgn (1x1:1 - id: 43428)
BUTTON: one reset button
LEDS  : RGB-LED
MISC  : Atmel AT24C64 8KiB EEPROM (i2c - seems empty)
      : Ti INA219 26V, 12-bit, i2c output current/voltage/power monitor
      : TPS23754, High Power/High Efficiency PoE Interface+DC/DC Controller

SERIAL:
	WARNING: The serial port needs a TTL/RS-232 3V3 level converter!
	The Serial setting is 115200-8-N-1. The board has a populated
	right angle 1x4 0.1" pinheader.
	The pinout is: VCC (next to J3, has little white arrow), RX, TX, GND.

This flashing procedure for the MR26 was tested with firmware:
    "22-143410M-gf25cbf5a-asa".
    U-Boot 2012.10-00063-g83f9fe4 (Jun 04 2014 - 21:22:39)

A guide how to open up the device is available on the wiki:
<https://openwrt.org/toh/meraki/mr26>

Notes:
 - The WIFI do work to a degree. Limited to 802.11bg in the 2.4GHz band.
 - the WIFI macs are made up.

0. Create a separate Ethernet LAN which can't have access to the internet.
   Ideally use 192.168.1.2 for your PC. The new OpenWrt firmware will setup
   the network via DHCP Discovery, so make sure your PC is running
   a DHCP-Server (i.e.: dnsmasq)
   '# dnsmasq -i eth# -F 192.168.1.5,192.168.1.50
   Download the openwrt-meraki-mr26 initramfs file from openwrt.org and
   rename it to something simple like mr26.bin. Then put it into the tftp's
   server directory.

1. Disassemble the MR26 device by removing all screws (4 screws are located
   under the 4 rubber feets!) and prying open the plastic covers without
   breaking the plastic retention clips. Once inside, remove the plastic
   back casing. Be careful, there some "hidden" retention clips on both
   sides of the LAN port, you need a light to see those. Next, you want to
   remove all the screws on the outer metal shielding to get to the PCB.
   It's not necessary to remove the antennas!

2. Connect the serial cable to the serial header and Ethernet patch cable
   to the device.

4. Before connecting the power, get ready flood the serial console program
   with the magic:   xyzzy  . This is necessary in order to get into the
   u-boot prompt. Once Ready: connect power cable.

5. If you don't get the "u-boot>" prompt within the first few seconds,
   you have to disconnect and reconnect the power cable and try again.

6. In the u-boot prompt enter:

   setenv ipaddr 192.168.1.4
   setenv serverip 192.168.1.2
   tftpboot ${meraki_loadaddr} mr26.bin; bootm

   this will boot a in-ram-only OpenWrt image.

7. Once it booted use sysupgrade to permanently install OpenWrt.
   To do this: Download the latest sysupgrade.bin file and move
   it to the device. Then use sysupgrade *sysupgrade.bin to install it.

    WARNING: DO NOT DELETE the "storage" ubi volume!

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-15 15:21:44 +02:00
Christian Lamparter
be1761fa14 nu801: add MR26 to the table
The MR26 uses a NU801 for the RGB-Leds. Make the LEDs
available.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-15 15:21:44 +02:00
Christian Lamparter
cb3d0250db module/firmware: remove intersil PRISM54 support
the legacy driver was dropped in linux 5.14-rc3:
commit d249ff28b1d8 ("intersil: remove obsolete prism54 wireless driver")

Quoting Lukas Bulwahn:
"p54 replaces prism54 so users should be unaffected."

Reported-by: Marius Dinu <m95d+git@psihoexpert.ro>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-15 15:21:44 +02:00
Christian Lamparter
f0c1d26738 utils/spidev_test: side-step build-system woes
The spidev_test is build in phase2 even though it should be disabled.
My best guess is that we hit the same issue that I had with nu801.
The build-system thinks it's a tool that is necessary for
building the kernel.

In this case, the same fix (adding a dependency on the presence of
the module) could work in this case as well?

Fixes: bdaaf66e28 ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-15 15:21:44 +02:00
Christian Lamparter
50c232d6f4 ipq-wifi: drop upstreamed board-2.bin
The BDFs for the:
	GL.iNet GL-B2200

were upstreamed to the ath10k-firmware repository
and landed in linux-firmware.git

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-15 15:21:44 +02:00
Christian Lamparter
fffb8cacf1 linux-firmware: Update to version 20220610
git log --pretty=oneline --abbrev-commit 20220509..20220610 (sorted)

amdgpu:
4458bb4 amdgpu: update yellow carp DMCUB firmware
9ed4d42 amdgpu: update Yellow Carp VCN firmware
251d290 amdgpu: update beige goby firmware for 22.10
d4346b3 amdgpu: update renoir firmware for 22.10
b3df9c4 amdgpu: update dimgrey cavefish firmware for 22.10
e1b0a1c amdgpu: update vega20 firmware for 22.10
4a0d163 amdgpu: update yellow carp firmware for 22.10
e8f2e54 amdgpu: update vega12 firmware for 22.10
7a7f84a amdgpu: update navy flounder firmware for 22.10
5a6a482 amdgpu: update vega10 firmware for 22.10
4ee52ee amdgpu: update raven2 firmware for 22.10
e2d460f amdgpu: update raven firmware for 22.10
5b52a90 amdgpu: update sienna cichlid firmware for 22.10
c8268e6 amdgpu: update green sardine firmware for 22.10
f29f5b5 amdgpu: update PCO firmware for 22.10
95b5b3f amdgpu: update vangogh firmware for 22.10
6dcbd01 amdgpu: update navi14 firmware for 22.10
f803fbd amdgpu: update navi12 firmware for 22.10
8923000 amdgpu: update navi10 firmware for 22.10
4b2af01 amdgpu: update aldebaran firmware for 22.10

ath10k:
2aa4da3 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00157
f7cc4b4 ath10k: QCA9888 hw2.0: update board-2.bin
e9e987d ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00157
866b5b2 ath10k: QCA4019 hw1.0: update board-2.bin

intel:
ac640f0 linux-firmware: Update firmware file for Intel Bluetooth 9462
38dd3f2 linux-firmware: Update firmware file for Intel Bluetooth 9462
72e1216 linux-firmware: Update firmware file for Intel Bluetooth 9560
94c49b4 linux-firmware: Update firmware file for Intel Bluetooth 9560
e4971d1 linux-firmware: Update firmware file for Intel Bluetooth AX201
78c3731 linux-firmware: Update firmware file for Intel Bluetooth AX201
12564a2 linux-firmware: Update firmware file for Intel Bluetooth AX211
edc709e linux-firmware: Update firmware file for Intel Bluetooth AX211
9546d55 linux-firmware: Update firmware file for Intel Bluetooth AX210
111bd14 linux-firmware: Update firmware file for Intel Bluetooth AX200
ac67ec3 linux-firmware: Update firmware file for Intel Bluetooth AX201
99cb4b0 iwlwifi: add new FWs from core70-87 release
7073b8a iwlwifi: update 9000-family firmwares to core70-87
f9e0b9f iwlwifi: remove old unsupported 3160/7260/7265/8000/8265 firmware
7d118ce linux-firmware: Update firmware file for Intel Bluetooth 9462
30dcf82 linux-firmware: Update firmware file for Intel Bluetooth 9462
7d141a6 linux-firmware: Update firmware file for Intel Bluetooth 9560
741fee8 linux-firmware: Update firmware file for Intel Bluetooth 9560
e7214a2 linux-firmware: Update firmware file for Intel Bluetooth AX201
0e3e49a linux-firmware: Update firmware file for Intel Bluetooth AX201
46cfae6 linux-firmware: Update firmware file for Intel Bluetooth AX211
16c926e linux-firmware: Update firmware file for Intel Bluetooth AX211
f293900 linux-firmware: Update firmware file for Intel Bluetooth AX210
41386cc linux-firmware: Update firmware file for Intel Bluetooth AX200
62235c9 linux-firmware: Update firmware file for Intel Bluetooth AX201

realtek:
7eef50f rtw88: 8822c: Update normal firmware to v9.9.13
23b5428 rtw88: 8822c: Update normal firmware to v9.9.12

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-15 15:21:44 +02:00
Rosen Penev
c0ba4201f8 libiconv-stub: remove
No longer used.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-07-15 15:21:44 +02:00
Rosen Penev
b37ef4b8ab nls.mk: remove libiconv-stub
This was previously needed for uClibc-ng. Now that it's gone, it can go
away in nls.mk too.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-07-15 15:21:44 +02:00
Sebastian Kemper
92f0b7d4d2 nls.mk: clean up INTL flags
gettext (libintl-stub) was removed in commit [1], so the libintl-stub
lib and include directories aren't existing anymore. This commit cleans
up the INTL flags for the BUILD_NLS=n case.

[1] e6f569406f

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Reviewed-by: Rosen Penev <rosenp@gmail.com>
2022-07-15 15:21:44 +02:00
Christian Lamparter
2747a94f09 firmware: intel-microcode: update to 20220510
Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>:

 * New upstream microcode datafile 20220419
  * Fixes errata APLI-11 in Atom E3900 series processors
  * Updated Microcodes:
    sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384

 * New upstream microcode datafile 20220510
  * Fixes INTEL-SA-000617, CVE-2022-21151:
    Processor optimization removal or modification of security-critical
    code may allow an authenticated user to potentially enable information
    disclosure via local access (closes: #1010947)
  * Fixes several errata (functional issues) on Xeon Scalable, Atom C3000,
    Atom E3900
  * New Microcodes:
    sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
    sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
    sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
  * Updated Microcodes:
    sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224
    sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496
    sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816
    sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008
    sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888
    sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888
    sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696
    sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408
    sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568
    sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264
    sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912
    sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776
    sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776
    sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640
    sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816
    sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568
    sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280
    sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400
    sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472
    sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472
    sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480
    sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480
    sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544
    sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
    sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
    sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448
    sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256
    sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280
    sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256
    sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256
    sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256
    sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-15 15:21:44 +02:00
Christian Lamparter
3b3eaf31cb ipq40xx: R619AC: replace space with - separator in variant string
Kalle:
"I see that variant has a space in it, does that work it correctly? My
original idea was that spaces would not be allowed, but didn't realise
to add a check for that."

Is this an easy change? Because the original author (Tim Davis) noted:
"You may substitute the & and space with something else saner if they
prove to be problematic."

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-15 15:21:44 +02:00
Manuel Giganto
d12eb103e8
hostapd: add ppsk option (private psk)
This PR allows a user to enable a private psk, where each station
may have it's own psk or use a common psk if it is not defined.
The private psk is defined using the sta's mac and a radius server
is required.

ppsk option should be enabled in the wireless configuration along with
radius server details. When using PPSK, the key is ignored, it will be
retrieved from radius server. SAE is not yet supported (private sae) in
hostapd.

Wireless example configuration:
	option encryption 'psk2+ccmp'
	option ppsk '1'
	option auth_server '127.0.0.1'
	option auth_secret 'radiusServerPassword'

If you want to use dynamic VLAN on PPSK also include:
	option dynamic_vlan '2'
	option vlan_tagged_interface 'eth0'
	option vlan_bridge 'br-vlan'
	option vlan_naming '0'

It works enabling mac address verification on radius server and
requiring the tunnel-password (the private psk) from radius server.

In the radius server we need to configure the users. In case of
freeradius: /etc/freeradius3/mods-config/files/authorize
The user and Cleartext-Password should be the mac lower case using the
format "aabbccddeeff"

<sta mac> Cleartext-Password := "<sta mac>"
	Tunnel-Password = <Private Password>

Example of a user configured in radius and using dynamic VLAN5:

8cb84a000000 Cleartext-Password := "8cb84a000000"
	Tunnel-Type = VLAN,
	Tunnel-Medium-Type = IEEE-802,
	Tunnel-Private-Group-ID = 5,
	Tunnel-Password = MyPrivPw

If we want to have a default or shared psk, used when the mac is not
found in the list, we need to add the following at the end of the radius
authorize file:

DEFAULT Auth-Type := Accept
	Tunnel-Password = SharedPw

And if using VLANs, for example VLAN6 for default users:
DEFAULT Auth-Type := Accept
	Tunnel-Type = VLAN,
	Tunnel-Medium-Type = IEEE-802,
	Tunnel-Private-Group-ID = 6,
	Tunnel-Password = SharedPw

Signed-off-by: Manuel Giganto <mgigantoregistros@gmail.com>
2022-07-15 08:20:36 +02:00
Rosen Penev
4dc198a74e
strace: add nls.mk
Needed when building with libdw and CONFIG_BUILD_NLS, mostly for the
rpath-link.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-07-15 07:07:59 +02:00
Leonardo Mörlein
ffd9bd7b9b
automake: always use correct path for aclocal.real
Before this commit, it was assumed that aclocal.real is in the PATH. While
this was fine for the normal build workflow, this led to some issues if

    make TOPDIR="$(pwd)" -C "$pkgdir" compile

was called manually. The command failed with:

    /home/.../openwrt/staging_dir/host/bin/aclocal: line 2: aclocal.real: command not found
    autoreconf: /home/.../openwrt/staging_dir/host/bin/aclocal failed with exit status: 127

After the commit, the package is built sucessfully.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
2022-07-14 12:57:12 +02:00
Sieng-Piaw Liew
3acd2ea148
ath79: fix Tx cleanup when NAPI poll budget is zero
NAPI poll() function may be passed a budget value of zero, i.e. during
netpoll, which isn't NAPI context.
Therefore, napi_consume_skb() must be given budget value instead of
!flush to truly discern netpoll-like scenarios.

https://lore.kernel.org/netdev/20220707141056.2644-1-liew.s.piaw@gmail.com/t/#m470f5c20225e76fb08c44d6cfa2f1b739ffaaea4
Signed-off-by: Sieng-Piaw Liew <liew.s.piaw@gmail.com>
2022-07-14 12:51:16 +02:00
Michael Pratt
ba7da73680 firewall3: update file hash
the hash and timestamp of the remote copy of the archive
has changed since last bump
meaning the remote archive copy was recreated

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-07-14 17:09:06 +01:00
Nick Hainke
e34ed3a833
mediatek: mt7622: add linux-next tag to bpi-wps-button fix
920-dts-mt7622-bpi-r64-fix-wps-button.patch is now merged upstream in
linux-next [0]. Add "linux-next" as tag so people know it is upstreamed.

[0] - https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/arch/arm64/boot/dts?id=c98e6e683632386a3bd284acda4342e68aec4c41

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-07-14 08:35:55 +02:00
Christian Marangi
4b924fe6df
generic: fix warning orphan section from module exports in aarch64
kernel linux now have 2 different export.h include, one from
linux/export.h and one from asm-generic/export.h

While most of our target user linux/export.h, aarch64 based target use
asm-generic/export.h that is not patched with the changes of
221-module_exports.

Patch also this additional header to fix multiple

aarch64-openwrt-linux-musl-ld: warning: orphan section `__ksymtab_strings' from `arch/arm64/kernel/head.o' being placed in section `__ksymtab_strings'

warning during kernel compilation.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-07-14 07:15:35 +02:00
Florian Eckert
8857387913
linux/generic/hack-5.15: add missing patch headers
This patches does not have a valid patch headers and does not apply on
an external git tree with 'git am'. To fix this add the missing headers.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-07-14 06:45:24 +02:00
Florian Eckert
2ed7f6cbb0
linux/generic/pending-5.15: add missing patch headers
This patches does not have a valid patch headers and does not apply on
an external git tree with 'git am'. To fix this add the missing headers.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-07-14 06:45:24 +02:00
Florian Eckert
a9573a029a
target/linux/pending-5.15: rename patches
The consecutive number 483 is assigned twice.
This change fixes this.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-07-14 06:45:21 +02:00