Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).
Catch up our 200-ubus_dns.patch, too.
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
As the Visionfive V1 board has an Ampak module connected via SDIO, enable
support for SDIO in the brcmfmac module.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
CDNS3 is a SuperSpeed (SS) USB 3.0 Dual-Role-Device (DRD) controller from
Cadence. Add support for this device, and add the required symbols into
the generic configs.
Compile-tested: apm821xx, bcm4908, imx, mpc85xx, pistachio, starfive
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Contrary to common ipTIME NOR devices, the "Config" partition of T5004
and AX2004M contain normal U-Boot environment variables. Renaming the
partition into "u-boot-env" serves for better description, and it also
conforms to common naming practice in OpenWrt.
This patch might also be extended to A3004T, but its u-boot-env
partition layout has not been confirmed yet.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Realtek RTL8188F is an 802.11n 1x1 USB Wi-Fi adapter. It has been
supported by the upstream rtl8xxxu driver since Linux 6.2 kernel.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Probing of the fitblk driver in some situations happens after Linux
attempts to mount rootfs, which then fails.
Always use 'rootwait' kernel parameter when using fitblk for rootfs.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The AQL limit for buffered broadcast packets is higher than the maximum
total pending airtime limit. This can get unicast data stuck whenever there
is too much pending broadcast data. Fix this by excluding broadcast AQL from
the total limit.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes libssh, which requires it. Bump ABI_VERSION, since enabling this
option affects data structures in mbedtls include files.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
At start I only set qualcommax to use the Crypto Extensions optimized
version of SHA256 as I knew it supports the optional Crypto Extensions.
However, after looking into the tree there are more targets/subtargets
that I could find at least a specification sheet that says the support
Cryptographic Extensions, so lets add them.
Signed-off-by: Robert Marko <robimarko@gmail.com>
At start I only set qualcommax to use the Crypto Extensions optimized
version of SHA1 as I knew it supports the optional Crypto Extensions.
However, after looking into the tree there are more targets/subtargets
that I could find at least a specification sheet that says the support
Cryptographic Extensions, so lets add them.
Signed-off-by: Robert Marko <robimarko@gmail.com>
ath25 has been on life support for the last couple of releases, eventually
leading to marking it as source-only in 2023.
It has been basically only touched to do a kernel bump so that we can make
the new OpenWrt release which was a challenge due to small RAM amount.
However, with the attempt of kernel 6.1 update it turns out that kernel
cannot even finish booting due to RAM constraints, so its time to let this
target go.
Signed-off-by: Robert Marko <robimarko@gmail.com>
It was announced [1] that the original staging repositories are no longer
used for staging of new firmware binaries. And that the old repository will
be removed [2] in June 2024.
The ath11k-firmware package must therefore point to the new repository
before the old one is no longer accessible.
[1] https://lore.kernel.org/r/bac97f31-4a70-4c4c-8179-4ede0b32f869@quicinc.com
[2] 8d2cc160f3
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Kernel has an ASM optimized version of SHA512 that was ported from
OpenSSL, so lets package it as it provides significant perfomance
improvement compared to the generic implementation.
There is a Cryptographic Extension based version as well, but that relies
on ARMv8.2 ISA which I am not aware any of the OpenWrt supported SoC-s use.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has optimized version of SHA2(224 and 256) using the ARMv8 Crypto
Extensions, so lets package it.
Use it by default for qualcommax as it uses Cortex-A53 core and has ARMv8
CE extensions present.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has an ASM optimized version of SHA256 that was ported from
OpenSSL, so lets package it as it provides significant perfomance
improvement compared to the generic implementation.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has optimized version of SHA1 using the ARMv8 Crypto Extensions,
so lets package it.
Use it by default for qualcommax as it uses Cortex-A53 core and has ARMv8
CE extensions present.
Signed-off-by: Robert Marko <robimarko@gmail.com>
SHA3 is now required by jitterentropy_rng in kernel 6.6, so lets start
preparing by packaging SHA3 support as its supported in 5.15 and 6.1
kernels as well.
AFAIK, only ARMv8.2 has a crypto extension for SHA3, however I am not aware
of any SoC we support that uses ARMv8.2 ISA so its not enabled currently.
Signed-off-by: Robert Marko <robimarko@gmail.com>
1. Return error if any step of generating tar file fails
2. Use pipefail to avoid calling "gzip" if tar failed
Fixes: e36cc53092 ("base-files: sysupgrade: use tar helper to include installed_packages.txt")
Reported-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Netgear WAX214 is a 802.11 ax dual-band AP
with PoE. (similar to Engenius EWS357APV3)
Specifications:
• CPU: Qualcomm IPQ6010 Quad core Cortex-A53
• RAM: 512MB of DDR3
• Storage: 128MB NAND (Macronix MX30UF1G18AC)
• Ethernet: 1x 1G RJ45 port (QCA8072) PoE
• WIFI:
2.4GHz: Qualcomm QCN5022 2x2 802.11b/g/n/ax 574 Mbps PHY rate
5GHz: Qualcomm QCN5052 2x2 802.11a/b/g/n/ac/ax 1201 PHY rate
• LEDs:
4 x GPIO-controlled LEDs
- 1 Power LED (orange)
- 1 LAN LED (blue)
- 1 WIFI 5g LED (blue)
- 1 WIFI 2g LED (blue)
black_small_square Buttons: 1x soft reset
black_small_square Power: 12V DC jack or PoE (802.3af )
An populated serial header is onboard, format is
1.25mm 4p (DF13A-4P-1.25H)
RX/TX is working, bootwait is active, secure boot is not
enabled.
The root password of the stock firmware is unknown,
but failsafe mode can be entered to reset the password.
Installation Instructions:
- obtain serial access
- stop auto boot (press "4", Entr boot command line
interface)
- setenv active_fw 0 (to boot from the primary rootfs,
or set to 1 to boot from the secondary rootfs
partition)
- saveenv
- tftpboot the initramfs image
- bootm
- copy
openwrt-qualcommax-ipq60xx-netgear_wax214-squashfs-factory.ubi
to the device
- write the image to the NAND:
- cat /proc/mtd and look for rootfs partition (should
be mtd11,
or mtd12 if you choose active_fw 1)
- ubiformat /dev/mtd11 -f -y
openwrt-qualcommax-ipq60xx-netgear_wax214-squashfs-factory.ubi
- reboot
Note: the firmware is senao-based. But I was unable to build
a valid senao-header into the image.
Maybe they changed the header format and senaoFW isn't
working any more.
Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
The dependency can't be satisfied when building using the SDK, breaking
package builds. As the staging and bin dirs are distributed with the SDK
archive, ignoring the dependency is fine when SDK is set.
Fixes: fbb924abff ("build: add $(STAGING_DIR) and $(BIN_DIR) ...")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Some platforms like Raspberry Pi require patching some backup files like
cmdline.txt in order to set the correct root PARTUUID.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Due to previous refactoring in sysupgrade, writing backup archives to
stdout became impossible since the hardcoded gzip output redirection
did not account for the `-` special case filename.
Fix this issue by substituting `-` with `/proc/self/fd/1` in the tar
archive output path variable.
Also remove a redundant `rm -f` of the target file path that occurs
before the file could've possibly been written.
Fixes: #14773
Fixes: https://github.com/openwrt/luci/issues/6961
Fixes: e36cc53092 ("base-files: sysupgrade: use tar helper to include installed_packages.txt")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
In a pristine build, these directories are created as dependencies of
the tools subdir compile, however this step never runs when the tools
compile stamp already exists. Since commit ed6ba2801c ("tools: keep
stamp file in $(STAGING_DIR_HOST)"), this will happen after `make clean`:
$(STAGING_DIR) has been deleted, but the tools stamp still exists, so
the next build will fail because $(STAGING_DIR) has not been set up
correctly.
Fix builds after `make clean` by adding the preparation as dependencies
for the target and package directories as well.
Fixes: ed6ba2801c ("tools: keep stamp file in $(STAGING_DIR_HOST)")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
asterisk-chan-lantiq is by now the only user of the VMMC interface.
And asterisk runs as user 'asterisk' which doesn't give it permission
to open the /dev/vmmc* devices.
Introduce a new user group 'vmmc' and give permission to access the
/dev/vmmc* devices to that group.
Another commit for asterisk-chan-lantiq will add the 'asterisk' user
to that group.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
hostpkg python from packages feed can be picked when do a incremental
build because hostpkg has higher priority in PATH. It may lead build
faliure as it's heavily trimmed (e.g. lacks necessary modules).
For uboot which uses binman and intree dtc, this is forced as hostpkg
python will never provide those modules by default.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The Kirkwood SoCs all have an onchip RTC that can hold the time
over e.g. a reboot which will help if no NTP servers are available.
Create a kernel module package for the Marvell RTC, and add it to
all Kirkwood devices that do not have their own discrete
battery-backed RTC. Adding it to platforms with a proper RTC
is just surplus.
All Kirkwoods have at least one RTC so add RTC to the features
list for Kirkwood as well.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Add u-boot bootloader based on 2023.01 to support D1-based boards, currently:
- Dongshan Nezha STU
- LicheePi RV Dock
- MangoPi MQ-Pro
- Nezha D1
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
U-boot on D1 also uses OpenSBI as its payload. As the current version of
OpenSBI already supports D1 with no further patches required, allow
building it on the upcoming TARGET_d1 too.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Disabled services should be kept disabled after sysupgrade. This can be
easily handled using a proper uci-defaults script.
Extend sysupgrade to check for disabled services, generate uci-defaults
script disabling them and include it in backup.
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Replace mount + overlay with manually built tar archive that gets
prepended to the actual config files backup. This allows more
flexibility with including extra backup files. They can be included at
any paths and don't require writing to flash or mounting an overlay
which has its own limitations (mount points).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
This allows building uncompressed tar archives from shell scripts (and
compressing them later if needed)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
[rmilecki: adapt to sysupgrade needs]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It should be "BananaPi BPi-R3 Mini" instead of just "BananaPi BPi-R3".
Fixes: bc25519f98 ("uboot-mediatek: add builds for BananaPi BPi-R3 mini")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
this patch separates libe2p from e2fsprogs package, like all other
provided libraries are their own packages. Also some development headers
were missing so I added those along with pkg-config files.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
After commit ad62247800 ("base-files: improve lib/upgrade/common.sh")
behavior of export_bootdevice has been made consistent in such way that
always the whole disk device is exported (as that was the case already
when matching via UUID) rather than the partition device.
Do the same for the device holding the fitblk backing partition.
Fixes: 5992f976b3 ("base-files: recognize bootdevice on devices using fitblk")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>