Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).
Catch up our 200-ubus_dns.patch, too.
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
As the Visionfive V1 board has an Ampak module connected via SDIO, enable
support for SDIO in the brcmfmac module.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
CDNS3 is a SuperSpeed (SS) USB 3.0 Dual-Role-Device (DRD) controller from
Cadence. Add support for this device, and add the required symbols into
the generic configs.
Compile-tested: apm821xx, bcm4908, imx, mpc85xx, pistachio, starfive
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Contrary to common ipTIME NOR devices, the "Config" partition of T5004
and AX2004M contain normal U-Boot environment variables. Renaming the
partition into "u-boot-env" serves for better description, and it also
conforms to common naming practice in OpenWrt.
This patch might also be extended to A3004T, but its u-boot-env
partition layout has not been confirmed yet.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Realtek RTL8188F is an 802.11n 1x1 USB Wi-Fi adapter. It has been
supported by the upstream rtl8xxxu driver since Linux 6.2 kernel.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Probing of the fitblk driver in some situations happens after Linux
attempts to mount rootfs, which then fails.
Always use 'rootwait' kernel parameter when using fitblk for rootfs.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The AQL limit for buffered broadcast packets is higher than the maximum
total pending airtime limit. This can get unicast data stuck whenever there
is too much pending broadcast data. Fix this by excluding broadcast AQL from
the total limit.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes libssh, which requires it. Bump ABI_VERSION, since enabling this
option affects data structures in mbedtls include files.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
At start I only set qualcommax to use the Crypto Extensions optimized
version of SHA256 as I knew it supports the optional Crypto Extensions.
However, after looking into the tree there are more targets/subtargets
that I could find at least a specification sheet that says the support
Cryptographic Extensions, so lets add them.
Signed-off-by: Robert Marko <robimarko@gmail.com>
At start I only set qualcommax to use the Crypto Extensions optimized
version of SHA1 as I knew it supports the optional Crypto Extensions.
However, after looking into the tree there are more targets/subtargets
that I could find at least a specification sheet that says the support
Cryptographic Extensions, so lets add them.
Signed-off-by: Robert Marko <robimarko@gmail.com>
ath25 has been on life support for the last couple of releases, eventually
leading to marking it as source-only in 2023.
It has been basically only touched to do a kernel bump so that we can make
the new OpenWrt release which was a challenge due to small RAM amount.
However, with the attempt of kernel 6.1 update it turns out that kernel
cannot even finish booting due to RAM constraints, so its time to let this
target go.
Signed-off-by: Robert Marko <robimarko@gmail.com>
It was announced [1] that the original staging repositories are no longer
used for staging of new firmware binaries. And that the old repository will
be removed [2] in June 2024.
The ath11k-firmware package must therefore point to the new repository
before the old one is no longer accessible.
[1] https://lore.kernel.org/r/bac97f31-4a70-4c4c-8179-4ede0b32f869@quicinc.com
[2] 8d2cc160f3
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Kernel has an ASM optimized version of SHA512 that was ported from
OpenSSL, so lets package it as it provides significant perfomance
improvement compared to the generic implementation.
There is a Cryptographic Extension based version as well, but that relies
on ARMv8.2 ISA which I am not aware any of the OpenWrt supported SoC-s use.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has optimized version of SHA2(224 and 256) using the ARMv8 Crypto
Extensions, so lets package it.
Use it by default for qualcommax as it uses Cortex-A53 core and has ARMv8
CE extensions present.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has an ASM optimized version of SHA256 that was ported from
OpenSSL, so lets package it as it provides significant perfomance
improvement compared to the generic implementation.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has optimized version of SHA1 using the ARMv8 Crypto Extensions,
so lets package it.
Use it by default for qualcommax as it uses Cortex-A53 core and has ARMv8
CE extensions present.
Signed-off-by: Robert Marko <robimarko@gmail.com>
SHA3 is now required by jitterentropy_rng in kernel 6.6, so lets start
preparing by packaging SHA3 support as its supported in 5.15 and 6.1
kernels as well.
AFAIK, only ARMv8.2 has a crypto extension for SHA3, however I am not aware
of any SoC we support that uses ARMv8.2 ISA so its not enabled currently.
Signed-off-by: Robert Marko <robimarko@gmail.com>
1. Return error if any step of generating tar file fails
2. Use pipefail to avoid calling "gzip" if tar failed
Fixes: e36cc53092 ("base-files: sysupgrade: use tar helper to include installed_packages.txt")
Reported-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Netgear WAX214 is a 802.11 ax dual-band AP
with PoE. (similar to Engenius EWS357APV3)
Specifications:
• CPU: Qualcomm IPQ6010 Quad core Cortex-A53
• RAM: 512MB of DDR3
• Storage: 128MB NAND (Macronix MX30UF1G18AC)
• Ethernet: 1x 1G RJ45 port (QCA8072) PoE
• WIFI:
2.4GHz: Qualcomm QCN5022 2x2 802.11b/g/n/ax 574 Mbps PHY rate
5GHz: Qualcomm QCN5052 2x2 802.11a/b/g/n/ac/ax 1201 PHY rate
• LEDs:
4 x GPIO-controlled LEDs
- 1 Power LED (orange)
- 1 LAN LED (blue)
- 1 WIFI 5g LED (blue)
- 1 WIFI 2g LED (blue)
black_small_square Buttons: 1x soft reset
black_small_square Power: 12V DC jack or PoE (802.3af )
An populated serial header is onboard, format is
1.25mm 4p (DF13A-4P-1.25H)
RX/TX is working, bootwait is active, secure boot is not
enabled.
The root password of the stock firmware is unknown,
but failsafe mode can be entered to reset the password.
Installation Instructions:
- obtain serial access
- stop auto boot (press "4", Entr boot command line
interface)
- setenv active_fw 0 (to boot from the primary rootfs,
or set to 1 to boot from the secondary rootfs
partition)
- saveenv
- tftpboot the initramfs image
- bootm
- copy
openwrt-qualcommax-ipq60xx-netgear_wax214-squashfs-factory.ubi
to the device
- write the image to the NAND:
- cat /proc/mtd and look for rootfs partition (should
be mtd11,
or mtd12 if you choose active_fw 1)
- ubiformat /dev/mtd11 -f -y
openwrt-qualcommax-ipq60xx-netgear_wax214-squashfs-factory.ubi
- reboot
Note: the firmware is senao-based. But I was unable to build
a valid senao-header into the image.
Maybe they changed the header format and senaoFW isn't
working any more.
Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
The dependency can't be satisfied when building using the SDK, breaking
package builds. As the staging and bin dirs are distributed with the SDK
archive, ignoring the dependency is fine when SDK is set.
Fixes: fbb924abff ("build: add $(STAGING_DIR) and $(BIN_DIR) ...")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Some platforms like Raspberry Pi require patching some backup files like
cmdline.txt in order to set the correct root PARTUUID.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Due to previous refactoring in sysupgrade, writing backup archives to
stdout became impossible since the hardcoded gzip output redirection
did not account for the `-` special case filename.
Fix this issue by substituting `-` with `/proc/self/fd/1` in the tar
archive output path variable.
Also remove a redundant `rm -f` of the target file path that occurs
before the file could've possibly been written.
Fixes: #14773
Fixes: https://github.com/openwrt/luci/issues/6961
Fixes: e36cc53092 ("base-files: sysupgrade: use tar helper to include installed_packages.txt")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
In a pristine build, these directories are created as dependencies of
the tools subdir compile, however this step never runs when the tools
compile stamp already exists. Since commit ed6ba2801c ("tools: keep
stamp file in $(STAGING_DIR_HOST)"), this will happen after `make clean`:
$(STAGING_DIR) has been deleted, but the tools stamp still exists, so
the next build will fail because $(STAGING_DIR) has not been set up
correctly.
Fix builds after `make clean` by adding the preparation as dependencies
for the target and package directories as well.
Fixes: ed6ba2801c ("tools: keep stamp file in $(STAGING_DIR_HOST)")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
asterisk-chan-lantiq is by now the only user of the VMMC interface.
And asterisk runs as user 'asterisk' which doesn't give it permission
to open the /dev/vmmc* devices.
Introduce a new user group 'vmmc' and give permission to access the
/dev/vmmc* devices to that group.
Another commit for asterisk-chan-lantiq will add the 'asterisk' user
to that group.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
hostpkg python from packages feed can be picked when do a incremental
build because hostpkg has higher priority in PATH. It may lead build
faliure as it's heavily trimmed (e.g. lacks necessary modules).
For uboot which uses binman and intree dtc, this is forced as hostpkg
python will never provide those modules by default.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The Kirkwood SoCs all have an onchip RTC that can hold the time
over e.g. a reboot which will help if no NTP servers are available.
Create a kernel module package for the Marvell RTC, and add it to
all Kirkwood devices that do not have their own discrete
battery-backed RTC. Adding it to platforms with a proper RTC
is just surplus.
All Kirkwoods have at least one RTC so add RTC to the features
list for Kirkwood as well.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Add u-boot bootloader based on 2023.01 to support D1-based boards, currently:
- Dongshan Nezha STU
- LicheePi RV Dock
- MangoPi MQ-Pro
- Nezha D1
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
U-boot on D1 also uses OpenSBI as its payload. As the current version of
OpenSBI already supports D1 with no further patches required, allow
building it on the upcoming TARGET_d1 too.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Disabled services should be kept disabled after sysupgrade. This can be
easily handled using a proper uci-defaults script.
Extend sysupgrade to check for disabled services, generate uci-defaults
script disabling them and include it in backup.
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Replace mount + overlay with manually built tar archive that gets
prepended to the actual config files backup. This allows more
flexibility with including extra backup files. They can be included at
any paths and don't require writing to flash or mounting an overlay
which has its own limitations (mount points).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
This allows building uncompressed tar archives from shell scripts (and
compressing them later if needed)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
[rmilecki: adapt to sysupgrade needs]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It should be "BananaPi BPi-R3 Mini" instead of just "BananaPi BPi-R3".
Fixes: bc25519f98 ("uboot-mediatek: add builds for BananaPi BPi-R3 mini")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
this patch separates libe2p from e2fsprogs package, like all other
provided libraries are their own packages. Also some development headers
were missing so I added those along with pkg-config files.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
After commit ad62247800 ("base-files: improve lib/upgrade/common.sh")
behavior of export_bootdevice has been made consistent in such way that
always the whole disk device is exported (as that was the case already
when matching via UUID) rather than the partition device.
Do the same for the device holding the fitblk backing partition.
Fixes: 5992f976b3 ("base-files: recognize bootdevice on devices using fitblk")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Boards using the fitblk driver need special treatment when it comes to
detecting the actual block device used to store the image used to boot
from. Transparently handle this in 'export_bootdevice' and provide new
'fitblk_get_bootdev' function to replace implementations in
/lib/upgrade/platform.sh.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use the new fitblk driver on the BananaPi R2 as well as UniElec U7623.
Introduce boot device selection for fitblk's /chosen/rootdisk
handle, similar to how it is already done on MT7622, MT7986 and MT7988.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The default environment for the Linksys E8450 and Belkin RT3200 got
truncated by one line due to a broken patch. While the impact was
luckily only cosmetic, fix it so bootmenu title also shows U-Boot
version again.
Fixes: 6aec3c7b5b ("mediatek: mt7622: modernize Linksys E8450 / Belkin RT3200 UBI build")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
**Netgear LBR20** is a router with two gigabit ethernets , three wifi radios and integrated LTE cat.18 modem.
SoC Type: Qualcomm IPQ4019
RAM: 512 MiB
Flash: 256 MiB , SLC NAND, 2 Gbit (Macronix MX30LF2G18AC)
Bootloader: U-Boot
Modem: LTE CAT.18 Quectel EG-18EA , Max. 1.2Gbps downlink / 150Mbps uplink
WiFi class AC2200:
- radio0 : 5G on QCA9888 , WiFi5- 802.11a/n/ac MU-MIMO 2x2 , 887Mbps , 80MHz - limited for low channels
- radio1: 2,4G on IPQ4019 ,WiFi4- 802.11b/g/n MIMO2x2 300Mbps 40Mhz
- radio2: 5G on IPQ4019 , WiFi5- 802.11a/n/ac MU-MIMO 2x2 , 887Mbps ,80Mhz - limited for high channels (from 100 up to 165) . Becouse of DFS remember to set country before turning on.
Ethernet: 2x1GbE (WAN/LAN1, LAN2)
LEDs: section power : green and red , section on top (orbi) drived by TLC59208F: red, green ,blue and white
USB ports: No
Buttons: 2 Reset and SYNC(WPS)
Power: 12 VDC, 2,5 A
Connector type: Barrel
OpenWRT Installation
1. Simplest way is just do upgrade from webpage with *factory.img
2. You can also do it with standard tool for Netgear's debricking - NMPRFlash
3. Most advanced way is to open device , connect to UART console and :
- Prepare OpenWrt initramfs image in TFTP server root (server IP 192.168.1.10)
- Connect serial console (115200,8n1) to UART connector
- Connect TFTP server to RJ-45 port
- Stop in u-Boot and run u-Boot command:
> setenv serverip 192.168.1.10
> set fdt_high 0x85000000
> tftpboot 0x83000000 openwrt-ipq40xx-generic-netgear_lbr20-initramfs-zImage.itb
> bootm 0x83000000
- Login via ssh
- upload or download *sysupgrade.bin ( like wget ... or scp transfer)
- Install image via "sysupgrade -n" (like “sysupgrade -n /tmp/openwrt-ipq40xx-generic-netgear_lbr20-squashfs-sysupgrade.bin”)
Back to Stock
- Download firmware from official Netgear's webpage , it will be *.img file after decompressing.
- Use NMRPFlash tool ( detailed insructions on project page https://github.com/jclehner/nmrpflash )
Open the case
- Unscrew nuts and remove washers from antenna's conectors.
- There are two Torx T10 screws under the label next to antenna conectors. You have to unglue this label from left and right corner to get it
- Two parts of shell covers will slide out from eachother , you have to unglue two small rubber pads and namplate sticker on bottom to do that.
- PCB is screwed with 4Pcs of Torx T10 screws
- Before lifting up PCB remove pigtiles for LTE antennas and release them from PCB and radiator (black and white wires)
- On other side of PCB ,in left bottom corner there is already soldered with 4 pins UART connector for console. Counting from left it is +3,3V , TX , RX ,GND (reffer to this picture: https://i.ibb.co/Pmrf9KB/20240116-103524.jpg )
BDF's files are in firmware_qca-wireless https://github.com/openwrt/firmware_qca-wireless/ and in parallel sent to ath10k@lists.infradead.org.
Signed-off-by: Marcin Gajda <mgajda@o2.pl>
It seems that ipq-wifi bump included and incorrect PKG_MIRROR_HASH value,
so fix it by using:
make package/firmware/ipq-wifi/check FIXUP=1
Fixes: 70fd815e57 ("qualcommax: ipq807x: add support for Linksys MX5300")
Signed-off-by: Robert Marko <robimarko@gmail.com>
When both variants of ath10k drivers are selected, any driver that is
selected along is being built twice, one for each ath10k variant.
Avoid these redundant builds by introducing an optional second parameter
to config_package that lists the variants for which the package is to be
built.
If the symbol is to be set for all of the variants, $(ALL_VARIANTS) can
be used. This is the case for the mac80211 and cfg80211 modules. If
the parameter is empty, then the module will be selected and thus built
when the first variant is compiled.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Having different build directories is the default when the package
Makefile defines more than one variant.
Mac80211 overrides PKG_BUILD_DIR, not taking different variants in
consideration, which causes clobbering the directories when both
variants are built.
When compiled with AUTOREMOVE=y, the effect is that the package is
unnecessarily rebuilt when the package is compiled again.
Wihout AUTOREMOVE, the problem is worse: the second variant will not be
rebuilt, and you end up with the smallbuffers variant being a copy of
the regular one.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Usage of word "add" was somehow misleading in those functions:
1. They don't really add (as in: append) anything. Result files are
created from scratch.
2. It wasn't clear what adding files means. It could be understood as
adding actual files somewhere (to existing archive?).
Also the word "add" was also a bit ambiguous.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rename function to more accurate and self-explanatory name:
1. Use "archive" in name as this functions creates tar archive
2. Avoid "conffiles" as this function may archive more than that
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This reverts commit 4fa9aaf0be.
That seemed like a good idea allowing us to include any runtime
generated file in archive. Unfortuantely it broke backups with files
from mounted directories.
When mounting overlay with / as lowerdir its mounts don't propagete in
the mountpoint. That resulted in empty directories:
/tmp/overlay.XXXXXX/backup/tmp/
/tmp/overlay.XXXXXX/backup/var/
/tmp/overlay.XXXXXX/backup/dev/
/tmp/overlay.XXXXXX/backup/proc/
etc.
As some platforms / users try to backup files like /var/dhcp.leases or
/boot/cmdline.txt it means we can't use that solution.
Link: http://lists.openwrt.org/pipermail/openwrt-devel/2024-February/042320.html
Link: https://lore.kernel.org/linux-fsdevel/67bb0571-a6e0-44ea-9ab6-91c267d0642f@gmail.com/T/#u
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This reverts commit bf304d10e9.
That uci-defaults script worked great but generating it required
mounting root dir as overlay lowerdir that needs to be reverted.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In some situations (slow protocol or interfaces with auto 0), the
interfaces are not available during the dnsmasq initialization and
hence, the ignore setting will be skipped.
Install an interface trigger for ignored interfaces in case their
ifname cannot be resolved.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When QCA8072 is used in PSGMII mode with IPQ6018, PCS used for second
PHY port would overlap with one used by SGMII+ port. SoC has register
to select different PCS in such case.
Original code used PHY_ID for this decision, which also had other
issues, but is no longer viable since we moved to upstream QCA807x
driver.
Introduce DT property port3_pcs_channel to allow describing this in DT.
Default value is <2>, and for some QCA8072 designs <4> would be needed.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Currently there are no atf/tpl blobs for rk3566 SoCs
so this commit adds the prebuilt firmware from the vendor.
Signed-off-by: Marius Durbaca <mariusd84@gmail.com>
FriendlyElec renamed the NanoPi R4S board with EEPROM (mac address)
to "enterprise" edition, and it was added as a "new" board in upstream
kernel.
This patch switched to use that upstreamed dts and removed local
EEPROM patch.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Disabled services should be kept disabled after sysupgrade. This can be
easily handled using a proper uci-defaults script.
Extend sysupgrade to check for disabled services, generate uci-defaults
script disabling them and include it in backup.
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Setting overlay while creating backup allows including extra files in
archive without actually writing them to flash. Right now this feature
is limited to /etc/backup/ directory and is used only for including
installed_packages.txt.
Extend this solution to make it more generic:
1. Always mount overlay while creating backup
2. Overlay whole / to don't limit it to /etc/backup/
This allows including any additional files in backups and adding more
sysupgrade features.
Cc: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
When tar was failing, it was exiting immediately. Some files and the
tmpfs mount (-k) would remain breaking the next backup attempt.
Also remove redundant $? from exit builtin call as exit already returns
the last command exit code when called.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
tar stderr was probably discarded only to remove this message:
tar: removing leading '/' from member names
However, together with that, any other error would also be discarded.
It is easier to fix that allowing the error message to be printed.
In sysupgrade, the backup file list only uses absolute paths. That way,
the solution is to remove the leading '/' from all files (sed) and chdir
to / (option -C /)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Fix NAND flash layout which was out-of-sync with the definition in
ARM TrustedFirmware-A which expects UBI to start at 0x200000.
Fixes: b03d3644cf ("mediatek: filogic: add BananaPi BPi-R3 mini")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hardware specification
----------------------
SoC: MediaTek MT7986A 4x A53
Flash: 128MB SPI-NAND, 8GB eMMC
RAM: 2GB DDR4
Ethernet: 2x 2.5GbE (Airoha EN8811H)
WiFi: MediaTek MT7976C 2x2 2.4G + 3x3 5G
Interfaces:
* M.2 Key-M: PCIe 2.0 x2 for NVMe SSD
* M.2 Key-B: USB 3.0 with SIM slot
* front USB 2.0 port
LED: Power, Status, WLAN2G, WLAN5G, LTE, SSD
Button: Reset, internal boot switch
Fan: PWM-controlled 5V fan
Power: 12V Type-C PD
Installation instructions for eMMC
----------------------------------
0. Set boot switch to boot from SPI-NAND (assuming stock rom or immortalwrt
running there).
1. Write GPT partition table to eMMC
Move openwrt-mediatek-filogic-bananapi_bpi-r3-mini-emmc-gpt.bin to
the device /tmp using scp and write it to /dev/mmcblk0:
dd if=/tmp/openwrt-*-r3-mini-emmc-gpt.bin of=/dev/mmcblk0
2. Reboot (to reload partition table)
3. Write bootloader and OpenWrt images
Move files to the device /tmp using scp:
- openwrt-*-bananapi_bpi-r3-mini-emmc-preloader.bin
- openwrt-*-bananapi_bpi-r3-mini-emmc-bl31-uboot.fip
- openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb
- openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb
Write them to the appropriate partitions:
echo 0 > /sys/block/mmcblk0boot0/force_ro
dd if=/tmp/openwrt-*-bananapi_bpi-r3-mini-emmc-preloader.bin of=/dev/mmcblk0boot0
dd if=/tmp/openwrt-*-bananapi_bpi-r3-mini-emmc-bl31-uboot.fip of=/dev/mmcblk0p3
dd if=/tmp/openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb of=/dev/mmcblk0p4
dd if=/tmp/openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb of=/dev/mmcblk0p5
sync
4. Remove the device from power, set boot switch to eMMC and boot into
OpenWrt. The device will come up with IP 192.168.1.1 and assume the
Ethernet port closer to the USB-C power connector as LAN port.
5. If you like to have Ethernet support inside U-Boot (eg. to boot via
TFTP) you also need to write the PHY firmware to /dev/mmcblk0boot1:
echo 0 > /sys/block/mmcblk0boot1/force_ro
dd if=/lib/firmware/airoha/EthMD32.dm.bin of=/dev/mmcblk0boot1
dd if=/lib/firmware/airoha/EthMD32.DSP.bin bs=16384 seek=1 of=/dev/mmcblk0boot1
Installation instructions for NAND
----------------------------------
0. Set boot switch to boot from eMMC (assuming OpenWrt is installed there
by instructions above. Using stock rom or immortalwrt does NOT work!)
1. Write things to NAND
Move files to the device /tmp using scp:
- openwrt-*-bananapi_bpi-r3-mini-snand-preloader.bin
- openwrt-*-bananapi_bpi-r3-mini-snand-bl31-uboot.fip
- openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb
- openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb
Write them to the appropriate locations:
mtd write /tmp/openwrt-*-bananapi_bpi-r3-mini-snand-preloader.bin /dev/mtd0
ubidetach -m 1
ubiformat /dev/mtd1
ubiattach -m 1
volsize=$(wc -c < /tmp/openwrt-*-bananapi_bpi-r3-mini-snand-bl31-uboot.fip)
ubimkvol /dev/ubi0 -N fip -n 0 -s $volsize -t static
ubiupdatevol /dev/ubi0_0 /tmp/openwrt-*-bananapi_bpi-r3-mini-snand-bl31-uboot.fip
cd /lib/firmware/airoha
cat EthMD32.dm.bin EthMD32.DSP.bin > /tmp/en8811h-fw.bin
ubimkvol /dev/ubi0 -N en8811h-firmware -n 1 -s 147456 -t static
ubiupdatevol /dev/ubi0_1 /tmp/en8811h-fw.bin
ubimkvol /dev/ubi0 -n 2 -N ubootenv -s 126976
ubimkvol /dev/ubi0 -n 3 -N ubootenv2 -s 126976
volsize=$(wc -c < /tmp/openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb)
ubimkvol /dev/ubi0 -n 4 -N recovery -s $volsize
ubiupdatevol /dev/ubi0_4 /tmp/openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb
volsize=$(wc -c < /tmp/openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb)
ubimkvol /dev/ubi0 -n 4 -N recovery -s $volsize
ubiupdatevol /dev/ubi0_4 /tmp/openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb
3. Remove the device from power, set boot switch to NAND, power up and
boot into OpenWrt.
Partially based on immortalwrt support for the R3 mini, big thanks for
doing the ground work!
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add PHY driver for Airoha EN8811H PHY and package it as kernel module.
The PHY needs to load firmware from rootfs, so there is no point in
having the driver built-into the kernel.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The R3 mini comes with two Airoha EN8811H PHYs for 2.5G Ethernet.
The driver added to U-Boot expects the firmware for the PHY to be
stored inside UBI volume en8811h-fw or MMC boot1 hardware partition.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add package with firmware for Airoha EN8811H 2.5G Ethernet PHY which
needs to be loaded via MDIO before the PHY can be used.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Firmware for the built-in 2.5G Ethernet PHY of the MediaTek MT7988 SoC
is now part of linux-firmware, so we can package it.
Only a single file is needed with recent driver.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Move fip and factory into UBI static volumes.
Use fitblk instead of partition parser.
!! RUN INSTALLER FIRST !!
Existing users of previous OpenWrt releases or snapshot builds will
have to **re-run the updated installer** before upgrading to firmware
after this commit.
DO NOT flash or run even just the initramfs image unless you have
run the updated installer which moves the content of the 'factory'
partition into a UBI volume.
tl;dr: DON'T USE YET!
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Modernize bootloader and flash memory layout of the BPi-R64 similar to
how it has also been done for the BPi-R3.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use custom UBI start address 0x80000 on MT7622 which is more than
enough for a single bl2 (MT7622 BootROM doesn't support redundant bl2).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Modernize U-Boot to provide a better reference:
* store fip image in UBI now that TF-A supports that
* switch from uImage.FIT partition parser to new fitblk
virtual firmware block driver (root=/dev/fit0)
* automatically set root device according to boot_mode register
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add environment settings for the BananaPi BPI-R4 router board which
can boot from (and store its bootloader environment on) micro SD card,
SPI-NAND and eMMC.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use function instead of duplicating the env settings on UBI for
OpenWrt-built U-Boot over and over.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rebase local patches on top of quarterly timed release, allowing to
drop numerous patches which have been accepted upstream since the
release of U-Boot 2023.07.02.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If nodes /chosen/rootdisk-${bootdevice} exists, set /chosen/rootdisk
phandle according to boot device selected by the bootstrap pins.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When erasing large amounts of blocks at once this can take a long
time on slow cards. Instead of a fixed timeout, wait longer if more
blocks are being erased.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add basic U-Boot drop-in replacement compatible with the flash layout
of the vendor loader of the Zbtlink WG3526 (16M) MT7621 router board.
The idea here is a to have a reference build of uboot-mediatek also for
a simple MIPS boards more popular than MT7621 RFB.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add minimalistic tool to allow releasing /dev/fit* devices which is
needed on sysupgrade when using the fitblk driver.
The package is hidden in menuconfig, it should only be selected by
adding it to the default package selection of boards using it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make use of recently added UBI support in MediaTek's ARM
TrustedFirmware-A on new MT7988 SoC.
Load fip from static UBI volume instead of fixed offset on SPIM-NAND
and SNFI.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hide arm-trusted-firmware-mediatek packages from interactive config.
Exposing them only causes confusion and needed variants are anyway
selected as dependencies by uboot-mediatek packages.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Now that Malibu (QCA807x) PHY-s use an upstream driver we dont need support
for defining address of the first PHY in the package so drop the patch.
Signed-off-by: Robert Marko <robimarko@gmail.com>
PoE devices in the realtek target have the possibility to add PSE info
to the board description via 02_network. Make this available for all
targets, by moving the uci_set_poe() function to the globally available
uci-default.sh script.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Drop deprecated Xiaomi LEDs quirk patches as they are not needed anymore
as LEDs are now supported by the upstream qca807x driver.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
If a PHY doesn't use the integrated driver, SSDK use poll the phydev to
get the real PHY mode. qca807x use PSGMII as PHY mode and this specific
mode is not detected in qca SSDK while used in the entire driver.
Add support for it in the hsl_port_phydev_interface_mode_status_get
function used to translate PHY mode to the internal SSDK value.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Disable Malibu PHY driver in Qca SSDK in favor of the upstream version.
The same workaround are applied and the version upstream is just a drop
in replacement and is well tested from the ipq40xx target.
Also using the upstream version permits further support for LEDs.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
IPQ60xx uses a different codename for SSDK, so lets pass the correct one
as otherwise SSDK asumes we are building for the old MIPS SoC-s.
Signed-off-by: Robert Marko <robimarko@gmail.com>
[ drop outdated commit description info ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.
Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- introduce 'DirectInterface' option to bind exactly to specified interface;
fixes#9666 and late IPv4/IPv6 address assignment
- option 'DirectInterface' takes precedence over 'Interface'
- improve interface/address handling,
e.g. verify count of listening endpoints due to dropbear limit (10 for now)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog
improves f95eecfb
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
end users should have done this since OpenWrt 19.07.
if they didn't do this yet - perform auto-transition.
schedule 'rsakeyfile' removal for next year release.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
these options allow one to configure U2F/FIDO support in more granular way
inspired by upstream commit aa6559db
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
reduces binary/package size and increases overall performance
also:
- adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms.
A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1]
It has no place in a potentially internet-facing daemon like dropbear.
Upstream has acknowledged this and offered this solution to disable
these two until this is made to be the default in the next release
of dropbear next year. [2]
1. https://www.openssh.com/txt/release-8.2
2. https://github.com/mkj/dropbear/issues/138
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
and DROPBEAR_DBCLIENT_AGENTFORWARD:
describe why and where it should be disabled
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists:
this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG
which is more likely to be than values with commas;
use $(comma) variable for values with commas.
- sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list.
- allow DB_OPT_COMMON to have values with commas.
- allow to replace multiline definitions in sysoptions.h.
improves e1bd9645
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- update dropbear to latest stable 2022.83;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop patches:
- 001-fix-MAX_UNAUTH_CLIENTS-regression.patch
- rework patches:
- 901-bundled-libs-cflags.patch
- refresh remaining patches
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Bind to the configured system interfaces only. Switchport interfaces
are no longer ignored and uci interface values for LLDPD are honored.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
Add the possibility that colored LEDs can also be configured via the uci.
config led 'led1'
option name '<name>'
option sysfs '<path>'
option trigger 'default-on'
option default '1'
--> option color_{$color} '<0-255>'
The supported names of the variable "${color}" for the selected LED can be
queried in the file with the name 'multi_index'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Setting the trigger and checking whether the trigger can be set belong
together and should not be interrupted by other lines of code.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
There are monochrome LEDs that can only display one color. However, there
are also LEDs that can display multiple colors. This can be tested in the
led subsystem of the kernel if the files 'multi_index' and 'multi_intensity'
are present in the folder '/sys/class/leds/<ledname>'.
Until now it was not possible to reset the default color. This commit adds
the missing information in the file '/var/run/led.state' so that the bootup
color can be seen on the LED again when the LED configuration has been changed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
v4l2-common.ko was merged into videodev.ko and no longer exists.
Fixes: ac5671f46c ("kernel: remove obsolete kernel version switches for 4.19")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The maintainer and repository of wireless-regdb has changed.
https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/
Changes:
37dcea0 wireless-regdb: Update keys and maintainer information
9e0aee6 wireless-regdb: Makefile: Reproducible signatures
8c784a1 wireless-regdb: Update regulatory rules for China (CN)
149c709 wireless-regdb: Update regulatory rules for Japan (JP) for December 2023
bd69898 wireless-regdb: Update regulatory rules for Singapore (SG) for September 2023
d695bf2 wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)
4541300 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
Useful for UI and config generators. Will be used as intermediate
step for generating the default wifi configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The coda kernel modules were moved between 5.15 and 6.1.
Adapt the coda-vpu and imx-vdoa modules for that.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Linux 6.1 changed DRM_GEM_DMA_HELPER to a module (drm_dma_helper.ko).
Add this to the drm-imx to fix module dependencies.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Linux 6.1 wraps core video drivers in a MEDIA_PLATFORM_DRIVERS submenu.
Enable that for 6.1 and add some new necessary undefines to
target/linux/generic/config-6.1 to avoid build failures.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
kmod-drm-imx-hdmi depends on kmod-drm-display-helper since 6.1. Include
that in OpenWrt's recipes.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
This adds support for the Fritzbox 7490 device. It contains two
SoCs, one Lantiq without WiFi and one QCA9558 with 2.4GHz
and 5 GHz WiFi. Only the Lantiq has access to the flash memory,
the Atheros runs fully from RAM and is booted by using a remoteproc
kernel module and is not supported with this commit.
The devices were manufactured with varying NAND chips which
requires Micron and non-Micron versions of the images.
Specifications:
- SoC: Lantiq 500 MHz
- RAM: 256 MB
- Storage: 512 MB NAND, 1MB FLASH
- Wireless, separate SOC QCA9558 with 128MB RAM (not supported yet):
· Qualcomm-QCA9558 w/ 3×3 MIMO for 2.4GHz 802.11b/g/n
· Qualcomm-QCA9880 w/ 3×3 MIMO for 5GHz 802.11a/ac
· AG71xx ethernet
- Ethernet: Built-in AR 803x, 7 port 4 phy switch,
4x 1000/100/10 port, Port 5 is fixed and connected to the WASP SOC
- Renesas µPD720202 USB3 PCIe, requires firmware binary on the device
- VDSL2 modem
Unsupported:
- DECT and ISDN telephony
Installation:
Check which NAND the device has by using the following procedure with
stock firmware:
Go to to http://<fritzbox_ip>/support.lua, download the support data
file and search for string "NAND device" to get the manufacturer kernel
output.
Use Micron image if Micron is displayed otherwise the non-Micron image.
Use the eva_ramboot.py script to boot the initramfs image. Follow the
procedure to interrupt booting by ftp into 192.168.178.1 within
5 seconds after poweron.
Then transfer the sysupgrade image to the device and run sysupgrade to
flash it to the NAND.
For making USB work, an renesas xhci firmware file (e.g. v2026) is
needed and it should be copied to /lib/firmware/ (file name
renesas_usb_fw.mem).
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Comfast CF-E393AX is a dual-band Wi-Fi 6 POE ceiling mount access point.
Oem firmware is a custom openwrt 21.02 snapshot version.
We can gain access via ssh once we remove the root password.
Hardware specification:
SoC: MediaTek MT7981A 2x A53
Flash: 128 MB SPI-NAND
RAM: 256MB DDR3
Ethernet: 1x 10/100/1000 Mbps built-in PHY (WAN)
1x 10/100/1000/2500 Mbps MaxLinear GPY211C (LAN)
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976D
LEDS: 1x (Red, Blue and Green)
Button: Reset
UART: 3.3v, 115200n8
--------------------------
| Layout |
| ----------------- |
| 4 | VCC GND TX RX | <= |
| ----------------- |
--------------------------
Gain SSH access:
1. Login into web interface (http://apipaddress/computer/login.html),
and download the
configuration(http://apipaddress/computer/config.html).
2. Rename downloaded backup config - 'backup.file to backup.tar.gz',
Enter 'fakeroot' command then decompress the configuration:
tar -zxf backup.tar.gz
3. Edit 'etc/shadow', update (remove) root password:
With password =
'root:$1$xf7D0Hfg$5gkjmvgQe4qJbe1fi/VLy1:19362:0:99999:7:::'
'root:$1$xf7D0Hfg$5gkjmvgQe4qJbe1fi/VLy1:19362:0:99999:7:::'
to
Without password =
'root::0:99999:7:::'
'root::0:99999:7:::'
4. Repack 'etc' directory back to a new backup file:
tar -zcf backup-ssh.tar.gz etc/
5. Rename new config tar.gz file to 'backup-ssh.file'
Exit fakeroot - 'exit'
6. Upload new configuration via web interface, now you
can SSH with the following:
'ssh -vv -o HostKeyAlgorithms=+ssh-rsa \
-o PubkeyAcceptedAlgorithms=+ssh-rsa root@192.168.10.1'.
Backup the mtd partitions
- https://openwrt.org/docs/guide-user/installation/generic.backup
7. Copy openwrt factory firmware to the tmp folder to install via ssh:
'scp -o HostKeyAlgorithms=+ssh-rsa \
-o PubkeyAcceptedAlgorithms=+ssh-rsa \
*-mediatek-filogic-comfast_cf-e393ax-squashfs-factory.bin \
root@192.168.10.1:/tmp/'
'sysupgrade -n -F \
/tmp/*--mediatek-filogic-comfast_cf-e393ax-squashfs-factory.bin'
8. Once led has stopped flashing - Connect via ssh with the
default openwrt ip address - 'ssh root@192.168.1.1'
9. SSH copy the openwrt sysupgrade firmware and upgrade
as per the default instructions.
Signed-off-by: David Bentham <db260179@gmail.com>
Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]
* Fixed PKCS12 Decoding crashes
([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07
([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q parameter
value ([CVE-2023-5678])
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Bump PKG_RELEASE which should have been done by commit 7b1c3068b7
("uhttpd: restart when interface to listen becomes available").
Fixes: 7b1c3068b7 ("uhttpd: restart when interface to listen becomes available")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Since we have the 'GPIO support' menu, it is strange to look up
gpio related modules in 'Other modules' menu. So move these
modules and put them in the gpio menu.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Send error output of umount to /dev/null to mute error in case
ubiblock device has already been unmounted (which is usually the
case).
Gets rid of bogus error message:
umount: can't unmount /dev/ubiblock0_4: Invalid argument
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Currently uhttpd won't start with a listening interface configured if
the interface isn't already up at the time uhttpd starts. Make sure we
attempt to start uhttpd when it comes up.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changelog:
edddd80 Release libbsd 0.11.8
dd0bdb5 test: Close all descriptors before initializing them for closefrom()
0813f37 build: Check out-of-tree builds in CI
df116b5 Adjust strlcpy() and strlcat() per glibc adoption
ecb44e1 Do not add a pointer to the NULL constant
459b7f7 Do not confuse code analyzers with out-of-bounds array access look alike
a44f885 test: Fix short-lived memory leak
3f5ca0a build: Add a coverage regex to the CI job
9d3e59a man: Use VARIANTS instead of ALTERNATIVES in libbsd(7)
f02562d man: Markup function references with Xr instead of Fn
b7367c9 build: Add missing dash to macro title bar
6777eb6 pwcache: Do not declare uidtb and gidtb when not used
d4e0cdc fgetln: Include <stdio.h> after <sys/*>
f41d6c1 build: Refactor GNU .init_array support check into a new m4 function
30b48ed build: Refactor linker script detection into a new m4 function
d0d8d01 build: Do not provide prototypes for arc4random() on Solaris
cf61ebb build: Do not build the progname module if it is not needed
73b25a8 build: Sort entries alphabetically
5434ba1 build: Conditionalize wcslcpy() and wcslcat() functions on macOS
dc1bd1a build: Conditionalize only id-from-name functions not the entire pwcache
edc746e build: Conditionalize getprogname()/setprogname on macOS
8f998d1 progname: Include <procinfo.h> if available
d08163b build: Check whether we need libperfstat on AIX
1186cf8 build: Annotate droppable functions for musl on next SOVERSION bump
6385ccc build: Conditionalize bsd_getopt() on macOS
c120681 Move the version script comments before the symbols
9fa0676 Port getprogname() to AIX
92337b1 Make getprogname() porting mandatory
90b7f3a test: Do not use /dev/null as compiler output file
426bf45 build: Add generated *.sym files to .gitignore
21d12b0 build: On macOS do not build functions provided by the system
bc65806 build: Select whether to include funopen() in the build system
8b7a4d9 build: Move Windows OS detection to the OS features section
ccbfd1c build: Remove __MUSL__ definition from configure
e0976d7 build: Add a new libbsd_strong_alias() macro and switch users to it
49c7dd1 build: Only emit link warnings for ELF objects
8622767 build: Use an export symbols file if there is no version script support
8f61036 build: Add -no-undefined libtool flag
ae7942b build: Do not override the default DEPENDENCIES for libbsd
a5faf17 Only use <stdio_ext.h> if present
06e8a1b Define _NSIG if it is not defined by the system
44824ac Declare environ if the system does not do so
1fb6c3f Use lockf() when flock() is not available
fe16f38 test: Use open_memstream() only if available
7c652a9 test: Do not hardcode root:root user and group names
ed2eb31 test: Fix closefrom() test on macOS
0f8bcdf test: Fix closefrom() test to handle open file descriptor limits
07192b3 test: Disable blank_stack_side_effects() on non-Hurd systems
ca3db5e build: Do not enable ASAN for musl CI pipelines
ff46386 man: Add HISTORY section to arc4random(3bsd)
4c6da57 man: Switch arc4random(3bsd) man page from OpenBSD to NetBSD
830dd88 doc: Remove written-by attribution
257800a build: Add support for sanitizer compiler flags
536a7d4 test: Exempt blank_stack_side_effects() from sanitizer checks
7ed5de0 test: Import explicit_bzero() sanitizer support changes from OpenBSD
05a802a test: Fix memory leaks in fpurge test
5962e03 man: Fix BSD and glibc versions
59a21c7 man: Update STANDARDS and HISTORY sections
7b4ebd6 include: Adjust closefrom() per glibc adoption
0dfbe76 build: Switch to debian:latest Docker image
dec783d build: Fix version script linker support detection
fe21244 include: Use __has_builtin to detect __builtin_offsetof support
ec88b7b funopen: Replace off64_t with off_t in funopen_seek()
2337719 man: Prune unneeded <sys/types.h> include in setproctitle(3)
5dea9da build: Improve C99 compatibility of __progname configure check
b9bf42d build: Enable -Wall for automake
e57c078 build: Add missing AM_PROG_AR macro call to configure.ac
80f1927 build: Fix configure.ac indentation
b7a8bc2 build: Require automake 1.11
e508962 build: Do not require funopen() to be ported
00b538f build: Terminate lists in variables with «# EOL»
5cfa39e build: Use «yes» instead of «true» for AC_CHECK_FUNCS cache value
Signed-off-by: Nick Hainke <vincent@systemli.org>
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:
* Timing side channel in private key RSA operations (CVE-2024-23170)
Mbed TLS is vulnerable to a timing side channel in private key RSA
operations. This side channel could be sufficient for an attacker to
recover the plaintext. A local attacker or a remote attacker who is
close to the victim on the network might have precise enough timing
measurements to exploit this. It requires the attacker to send a large
number of messages for decryption.
* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)
When writing x509 extensions we failed to validate inputs passed in to
mbedtls_x509_set_extension(), which could result in an integer overflow,
causing a zero-length buffer to be allocated to hold the extension. The
extension would then be copied into the buffer, causing a heap buffer
overflow.
Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
Disable compiling qca8081 PHY driver in favor of upstream to better
support it and add better control of attached LEDs.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Completely disable dump_survey code on ARCH_BCM2835 to fix defined but not
used warning.
512b762ddb (commitcomment-137899352)
Fixes: 512b762ddb ("mac80211: brcm: disable dump_survey on Raspberry Pi")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
6339204c212b CMakeLists.txt: bump minimum cmake version
c1be505732e6 udebug: fix crash in udebug_entry_vprintf with longer strings
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Adds MediaTek MT7916AN and Cypress CYW43455 (Raspberry Pi 5) devices.
a34977c devices: add device id for Cypress CYW43455
3eb34df devices: add device id for MediaTek MT7916AN
There are no ABI changes.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Enabling this causes slow iwinfo calls on Raspberry Pi and LuCI slows down
when wireless is enabled.
Fixes: https://github.com/openwrt/openwrt/issues/14013
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This patch has been reverted in the Raspberry Pi linux repository.
Also refresh the rest of the patches.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Backport merged upstream patch that adds support for firmware loader
from NVMEM or attached filesystem for Aquantia PHYs.
Refresh all kernel patches affected by this change.
Also update the path for aquantia .ko that got moved to dedicated
directory upstream.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
[rmilecki: port to 5.15]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The RPi 5 expects the same NVRAM as the one from RPi 4 on a different file.
Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Reword commit description, add missing PKG_RELEASE bump]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
When wpa_psk_file is used, there is a chance that no PSK is set. This means
that the FT key will be generated using only the mobility domain which
could be considered a security vulnerability but only for a very specific
and niche config.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
802.11r can not be used when selecting WPA. It needs at least WPA2.
This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.
Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
Changes:
67f3b2a libtracefs: version 1.8
8a1322f libtracefs utest: Add tests to use mapping if supported
0a65b79 libtracefs: Add tracefs_mapped_is_supported() API
805f650 libtracefs: Call mmap ioctl if a refresh happens
cf7e2a5 libtracefs: Fix tracefs_mmap() kbuf usage
3a26b26 libtracefs: Have nonblock tracefs_cpu reads set errno EAGAIN
2b5bb09 libtracefs: Have tracefs_mmap_read() include subbuf meta data
dee0448 libtracefs: Have mapping work with the other tracefs_cpu* functions
28eebc1 libtracefs: Have tracefs_cpu_flush(_buf)() use mapping
065d914 libtracefs: Use mmapping for iterating raw events
1124e0e libtracefs: Use tracefs_cpu_*_buf() calls for iterator
f43b293 libtracefs: Unmap mmap mapping on tracefs_cpu close
0d24516 libtracefs Documentation: Fix tracefs_cpu_snapshot_open() man pages
5ff31c0 libtracefs Documentation: Add tracefs_follow_events_clear() to main man page
0c7d9f7 libtracefs: Add man pages for tracefs_snapshot_*() functions
b2dc3e0 libtracefs sql: Rename TIMESTAMP_USECS_DELTA to TIMESTAMP_DELTA_USECS
585ec77 libtracefs: Force off trace mmapping
2ed14b5 libtracefs: Add ring buffer memory mapping APIs
173ffc0 libtracefs meson: Add option to disable samples
a55e2e8 libtracefs meson: Add option to disable documentation
93e20af libtracefs: Fix tracefs_instance_reset to clear synthetic events
a1ecbff libtracefs utest: Add more tests to test tracefs_sql()
975c37c libtracefs utest: Add matches to trace_sql() tests
0567e2d libtracefs synthetic: Handle hashed name variables
fcb3a83 libtracefs synthetic: Remove multiple adding of action in tracefs_synth_save()
a9dae65 libtracefs: Fix sqlhist used uninitialized error
fe7a467 libtracefs: Add updating and reading snapshot buffers
1ad57ab libtracefs: Add PID filtering API
d8726bf libtracefs: Also clear max_graph_depth on reset
eb4dd60 libtracefs: Add TIMESTAMP_USECS_DELTA to simplify SQL timestamp compares
8c57eb4 libtracefs: Add tracefs_instance_set/get_subbuf_size()
9bafb21 libtracefs: Add API to extract ring buffer statistics
141d25e libtracefs: Add tracefs_load_headers() API
ef3fae7 libtracefs: Add kerneldoc comments to tracefs_instance_set_buffer_size()
31acfe1 libtracefs utest: Add test to test tracefs_instance_set/get_buffer_percent()
3e6d975 libtracefs: Add tracefs_instance_clear() API
c4efaaf libtracefs: Add tracefs_instance_get/set_buffer_percent()
1e1cc54 libtracefs: Add API to read tracefs_cpu and return a kbuffer
7d395b1 libtracefs: Add tracefs_instance_file_write_number()
e34cbd8 libtracefs: Increase splice to use pipe max size
1f50965 libtracefs: Add API to remove followers from an instance or toplevel
576ee0b libtracefs: Reset tracing before and after unit tests
118b694 libtracefs: Free dynamic event list in utest
5159973 libtracefs: Free tracing_dir in case of remount
df563eb libtracefs: Free buf in clear_func_filter()
3cbac37 libtracefs: Free "missed_followers" of instance
0cbe56e libtracefs testing: Use one tep handle for most tests
adac30f libtracefs Documentation: Fix tracefs_event_file_exists() issues
07ab199 libtracefs: Pass enum value where expected instead of int
bb299b4 libtracefs: fix cscope makefile rule
420d677 libtracefs: Free "followers" when freeing instance
3f436fc libtracefs: Fix documentation of tracefs_trace_pipe_stream() flags
1fde9df libtracefs: Add explicit pthread dependency to meson
d1989ae tracefs-perf: Add missing headers for syscall() and SYS_* defines
Signed-off-by: Nick Hainke <vincent@systemli.org>
This reverts commit dcdcfc1511.
This is a firmware for third-party u-boot mod, which should not
be carried here by us.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Use a single jsonfilter expression to yield the list of logical wireguard
interface names in shell compatible notation.
Supersedes: #12344
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Bump the U-Boot version used for BCM53xx to the 2024.01
version that includes all the needed patches upstream, so we
can get rid of those in the process.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
It appears `md5` is no longer state of the art. Let's switch it to
something slightly newer to increase security.
Suggested-by: abnoeh <abnoeh@mail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
[Upstream Backport]
The range for the 5 GHz channel 118 was encoded with an incorrect
channel number.
Fixes: ed8e13decc71 (ACS: Extract bw40/80/160 freqs out of acs_usable_bwXXX_chan())
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
The raspberypi/userland repository has been deprecated and the RPi tools have
been moved to the raspberrypi/utils repository.
96a7334ae9
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
raspberrypi/firmware is about 40G, so getting the full history log isn't an
option.
There have been multiple improvements and also support for the RPi 5 has been
added.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This is the last update for bcm27xx-userland as it has been
deprecated but funcional up to raspberry pi 5.
96a7334 README: Update to make it clear that most code in this repo is deprecated
3c97f76 userland: dtoverlay: /boot/firmware is a valid path
153a235 Assorted clang static analysis fixes
eca070c bcm_host: Update kms/fkms check for pi5
06a7618 dtoverlay: Support bcm2712 as a platform
0489c07 dtoverlay: Add dtoverlay_first/next_subnode
a1c7f81 dtoverlay: Support literal assignments of path strings
44a3953 raspivid: Also flush PTS file if flush is enabled
cc1ca18 userland: dtoverlay: Use os_prefix if set
9d5250f libfdt: Add null-ptr check for prop-data to resolve clang --analyzer warning
50527c6 mmal: Only include Videocore components if not running on Videocore
df245ea tvservice: Update unsupported message to recommend kmsprint
de0cfe8 dtoverlay: Fix clang warnings
0182f05 dtoverlay: Fix various compiler warnings
2a6306b dtoverlay: Fix path rebasing and exports
d1e92d7 dtoverlay: Add support for string escape sequences
b1ee39e gencmd: Add a fallback to mailbox interface if vchiq is not available
54fd97a hello_pi: Fix some build issues
Signed-off-by: Marty Jones <mj8263788@gmail.com>
It shouldn't gate on the value, since the value will ostensibly
always be set; instead it should depend on the variable being
prepended to being non-empty.
Fixes#14403
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
To prevent use of host's library path on Void Linux:
/usr/lib/libacl.so: file not recognized: file format not recognized
collect2: error: ld returned 1 exit status
libtool: error: error: relink 'libgettextlib.la' with the above command before installing it
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Add kernel module for lp5562 LED driver.
The kmod-leds-lp5562 depends on kmod-leds-lp55xx-common.
Signed-off-by: CheWei Chien <chewei.chien@wnc.com.tw>
Add support for configuring rootfs mount options from cmdline.
Rootfs mount options can be passed by declaring in the kernel
cmdline as much options as needed prefixed with "rootfs_mount_options."
An example usage is with rootfs with F2FS filesystem to enable
compress_algorithm to reduce flash wear by compressing the files before
writing to flash.
Example usage:
"... rootfs_mount_options.compress_algorithm=zstd ..."
To pass multiple options:
"... rootfs_mount_options.compress_algorithm=zstd rootfs_mount_options.noinline_data ..."
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
97bacb70138a libfstools: query drivers by priority
41e619ed1352 block: recognize /dev/fit* block devices
bc3b8cdd3de3 libfstools: add uImage.FIT fitblk driver
846302d09246 libfstools: partname: raise priority to 25
1a5695925ecf mount_root: add support for passing args to mount_root start
1858a492c300 mount_root: permit to pass mount options for rootfs mount
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Make the call deferred instead of blocking to avoid deadlock issues
Fixes: 3df9322771 ("hostapd: make ubus calls to wpa_supplicant asynchronous")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit b7f9742da8.
There are several reports of regressions with this commit. Will be added
back once I've figured out and fixed the cause
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When hitting a timing window where ubus configuration calls are hitting hostapd
and wpa_supplicant simultaneously, they can deadlock waiting for each other.
Fix this by using a lock around the ubus calls.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes a deadlock issue where depending on the setup order, hostapd and
wpa_supplicant could end up waiting for each other
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. Sometimes uqmi is hanging - even when using an early
dummy access to unlock the modem. To always guarantee a proper
initialisation, running or hanging uqmi processes must be stopped
before. All uqmi calls have now a timeout option -t to avoid hanging.
Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
Use postinst script to reload service instead of uci-defaults hack. It's
possible thanks to recent base-files change that executes postinst after
uci-defaults.
This fixes support for uhttpd customizations. It's possible (again) to
adjust uhttpd config with custom uci-defaults before it gets started.
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: d25d281fd6 ("uhttpd: Reload config after uhttpd-mod-ubus was added")
Ref: b799dd3c70 ("base-files: execute package's "postinst" after executing uci-defaults")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
rpath handling seems to be more restrictive now. To deal with this,
link the libubox library from STAGING_DIR_HOST to STAGING_DIR_HOSTPKG, so that
packages installed to STAGING_DIR_HOSTPKG can pick it up. This mainly affects
ucode, but possibly other host builds as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Incorrect PKG_MIRROR_HASH introduced on #14356
Fixes: 934873f451 ("ipq-wifi: bump version to 2024-01-06-71f45cff")
Signed-off-by: Manuel Fombuena <mfombuena@innovara.co.uk>
Frequent crashes have been observed on MT7916 based platforms. While the
root of these crashes are currently unknown, they happen when decoding
rate information of connected STAs in AP mode. The rate-information is
associated with a band which is not available on the PHY.
Check for this condition in order to avoid crashing the whole system.
This patch should be removed once the roout cause has been found and
fixed.
Link: https://github.com/freifunk-gluon/gluon/issues/2980
Signed-off-by: David Bauer <mail@david-bauer.net>
Add modules.builtin.modinfo to the kernel package, to support presence
testing using module aliases and printing module details with 'modinfo'.
With related kmodloader changes this adds ~2 KB to compressed image sizes.
root@OpenWrt:/# modinfo unix
name: unix
filename: (builtin)
alias: net-pf-1
license: GPL
root@OpenWrt:/# modprobe net-pf-1 && echo SUCCESS || echo FAIL
SUCCESS
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Add modules.builtin to the kernel package for improved handling of loadable
and builtin modules. As with other distros, this allows 'modprobe <module>'
to consistently return success for both loaded/built-in modules, a useful
feature for presence-testing.
Given OpenWrt's few built-in modules, this change and related kmodloader
support add ~1 KB to the compressed image size.
Using sch_fq_codel (builtin) and sch_cake (loadable) for example:
root@OpenWrt:/# modprobe sch_fq_codel && echo SUCCESS || echo FAIL
SUCCESS
root@OpenWrt:/# modprobe sch_cake && echo SUCCESS || echo FAIL
SUCCESS
root@OpenWrt:/# rmmod sch_fq_codel
module is builtin
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Linksys MX4200 is a 802.11ax Tri-band router/AP.
Specifications:
* CPU: Qualcomm IPQ8174 Quad core Cortex-A53 1.4GHz
* RAM: 512MB of DDR3
* Storage: 512Mb NAND
* Ethernet: 4x1G RJ45 ports (QCA8075)
* WLAN:
* 2.4GHz: Qualcomm QCN5024 2x2 802.11b/g/n/ax 574 Mbps PHY rate
* 5GHz: Qualcomm QCN5054 2x2@80MHz or 2x2@160MHz 802.11a/b/g/n/ac/ax 2402 PHY rate
* 5GHz: Qualcomm QCN5054 4x4@80MHz or 2x2@160MHz 802.11a/b/g/n/ac/ax 2402 PHY rate
* LED-s:
* RGB system led
* Buttons: 1x Soft reset 1x WPS
* Power: 12V DC Jack
Installation instructions:
Open Linksys Web UI - http://192.168.1.1/ca or http://10.65.1.1/ca depending on your setup.
Login with your admin password. The default password can be found on a sticker under the device.
To enter into the support mode, click on the “CA” link and the bottom of the page.
Open the “Connectivity” menu and upload the squash-factory image with the “Choose file” button.
Click start. Ignore all the prompts and warnings by click “yes” in all the popups.
The Wifi radios are turned off by default. To configure the router, you will need to connect your computer to the LAN port of the device.
Then you would need to write openwrt to the other partition for it to work
- First Check booted partition
fw_printenv -n boot_part
- Then install Openwrt to the other partition if booted in slot 1:
mtd -r -e alt_kernel -n write openwrt-qualcommax-ipq807x-linksys_mx4200v(X)-squashfs-factory.bin alt_kernel
- If in slot 2:
mtd -r -e kernel -n write openwrt-qualcommax-ipq807x-linksys_mx4200v(X)-squashfs-factory.bin kernel
Replace (X) with your model version either 1 or 2
Signed-off-by: Mohammad Sayful Islam <sayf.mohammad01@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Update the gdb package to 14.1
* mpfr is now required, remove the 'without' and add dependency
* remove mpc 'without' that is parsed wrongly, causing "-Lno/lib"
* refresh patches
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
fast-xmit must only be enabled after the sta has been uploaded to the driver,
otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls
to the driver, leading to potential crashes because of uninitialized drv_priv
data.
Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
R32 is like the M32 part of the EAGLE PRO AI series from D-Link.
Specification:
- MT7622BV SoC with 2.4GHz wifi
- MT7975AN + MT7915AN for 5GHz
- MT7531BE Switch
- 512MB RAM
- 128 MB flash
- 2 LEDs (Status and Internet, both can be either orange or white)
- 2 buttons (WPS and Reset)
Compared to M32, the R32 has the following differences:
- 4 LAN ports instead of 2
- The recory image starts with DLK6E6015001 instaed of DLK6E6010001
- Individual LEDs for power and internet
- MAC address is stored at another offset in the ODM partition
MAC addresses:
- WAN MAC is stored in partition "Odm" at offset 0x81
- LAN (as printed on the device) is WAN MAC + 1
- WLAN MAC (2.4 GHz) is WAN MAC + 2
- WLAN MAC (5GHz) is WAN MAC + 3
Flashing via Recovery Web Interface:
- Set your IP address to 192.168.0.10, subnetmask 255.255.255.0
- Press the reset button while powering on the deivce
- Keep the reset button pressed until the internet LED blinks fast
- Open a Chromium based and goto http://192.168.0.1
- Download openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-a1-squashfs-recovery.bin
Flashing via uBoot:
- Open the case, connect to the UART console
- Set your IP address to 10.10.10.3, subnet mask 255.255.255.0. Connect to one of the LAN interfaces of the router
- Run a tftp server which provides openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-initramfs-kernel.bin.
- You can rename the file to iverson_uImage (no extension), then you don't have to enter the whole file name in uboot later.
- Power on the device and select "1. System Load Linux to SDRAM via TFTP." in the boot menu
- Enter image file, tftp server IP and device IP (if they differ from the default).
- TFTP download to RAM will start. After a few seconds OpenWrt initramfs should start
- The initramfs is accessible via 192.168.1.1, change your IP address accordingly (or use multiple IP addresses on your interface)
- Create a backup of the Kernel1 partition, this file is required if a revert to stock should be done later
- Perform a sysupgrade using openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-squashfs-sysupgrade.bin
- Reboot the device. OpenWrt should start from flash now
Revert back to stock using the Recovery Web Interface:
- Set your IP address to 192.168.0.10, subnetmask 255.255.255.0
- Press the reset button while powering on the deivce
- Keep the reset button pressed until the internet LED blinks fast
- Open a Chromium based and goto http://192.168.0.1
- Flash a decrypted firmware image from D-Link. Decrypting an firmware image is described below.
Decrypting a D-Link firmware image:
- Download https://github.com/RolandoMagico/firmware-utils/blob/M32/src/m32-firmware-util.c
- Compile a binary from the downloaded file, e.g. gcc m32-firmware-util.c -lcrypto -o m32-firmware-util
- Run ./m32-firmware-util R32 --DecryptFactoryImage <OriginalFirmware> <OutputFile>
- Example for firmware R32A1_FW103B01: ./m32-firmware-util R32 --DecryptFactoryImage R32A1_FW103B01.bin R32A1_FW103B01.decrypted.bin
Revert back to stock using uBoot:
- Open the case, connect to the UART console
- Set your IP address to 10.10.10.3, subnet mask 255.255.255.0. Connect to one of the LAN interfaces of the router
- Run a tftp server which provides the previously created backup of the Kernel1 partition.
- You can rename the file to iverson_uImage (no extension), then you don't have to enter the whole file name in uboot later.
- Power on the device and select "2. System Load Linux Kernel then write to Flash via TFTP." in the boot menu
- Enter image file, tftp server IP and device IP (if they differ from the default).
- TFTP download to FLASH will start. After a few seconds the stock firmware should start again
There is also an image openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-a1-squashfs-tftp.bin which can directly be flashed via U-Boot and TFTP.
It can be used if no backup of the Kernel1 partition is reuqired.
Flahsing via OEM web interface is currently not possible, the OEM images are encrypted. Creating images is only possible manually at the moment.
The support for the M32/R32 already includes support for flashing from the OEM web interface:
- The device tree contains both partitions (Kernel1 and Kernel2) with conditions to select the correct one based on the kernel command line
- The U-Boot variable "boot_part" is set accordingly during startup to finish the partition swap after flashing from the OEM web interface
- OpenWrt sysupgrade flashing always uses the partition where it was initially flashed to (no partition swap)
Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
(based on support for ASUS RT-AX59U by liushiyou006)
SOC: MediaTek MT7986
RAM: 512MB DDR4
FLASH: 128MB SPI-NAND (Winbond W25N01GV)
WIFI: Mediatek MT7986 DBDC 802.11ax 2.4/5 GHz
ETH: MediaTek MT7531 Switch
UART: 3V3 115200 8N1 (Pinout silkscreened / Do not connect VCC)
Upgrade from AsusWRT to OpenWRT using UART
Download the OpenWrt initramfs image.
Copy the image to a TFTP server reachable at 192.168.1.70/24. Rename the image to rtax59u.bin.
Connect the PC with TFTP server to the RT-AX59U.
Set a static ip on the ethernet interface of your PC.
(ip address: 192.168.1.70, subnet mask:255.255.255.0)
Conect to the serial console, interrupt the autoboot process by pressing '4' when prompted.
Download & Boot the OpenWrt initramfs image.
$ setenv ipaddr 192.168.1.1
$ setenv serverip 192.168.1.70
$ tftpboot 0x46000000 rtax59u.bin
$ bootm 0x46000000
Wait for OpenWrt to boot. Transfer the sysupgrade image to the device using scp and install using sysupgrade.
$ sysupgrade -n <path-to-sysupgrade.bin>
Upgrade from AsusWRT to OpenWRT using WebUI
Download transit TRX file from https://drive.google.com/drive/folders/1A20QdjK7Udagu31FSszpWAk8-cGlCwsq
Upgrade firmware from WebUI (192.168.50.1) using downloaded TRX file
Wait for OpenWRT to boot (192.168.1.1).
Upgrade system with sysupgrade image using luci or uploading it through scp and executing sysupgrade command
MAC Address for WLAN 5g is not following the same algorithm as in AsusWRT.
We have increased by one the WLAN 5g to avoid collisions with other networks from WLAN 2g
when bit 28 is already set.
: Stock : OpenWrt
WLAN 2g (1) : C8:xx:xx:0D:xx:D4 : C8:xx:xx:0D:xx:D4
WLAN 2g (2) : : CA:xx:xx:0D:xx:D4
WLAN 2g (3) : : CE:xx:xx:0D:xx:D4
WLAN 5g (1) : CA:xx:xx:1D:xx:D4 : CA:xx:xx:1D:xx:D5
WLAN 5g (2) : : CE:xx:xx:1D:xx:D5
WLAN 5g (3) : : C2:xx:xx:1D:xx:D5
WLAN 2g (1) : 08:xx:xx:76:xx:BE : 08:xx:xx:76:xx:BE
WLAN 2g (2) : : 0A:xx:xx:76:xx:BE
WLAN 2g (3) : : 0E:xx:xx:76:xx:BE
WLAN 5g (1) : 0A:xx:xx:76:xx:BE : 0A:xx:xx:76:xx:BF
WLAN 5g (2) : : 0E:xx:xx:76:xx:BF
WLAN 5g (3) : : 02:xx:xx:76:xx:BF
Signed-off-by: Xavier Franquet <xavier@franquet.es>
Increasing the receive window size improves throughout on higher-latency
links such as WAN connections. The current default of 24KB caps out at
around 500 KB/s.
Increasing the receive buffer to 256KB increases the throughput to at
least 11 MB/s.
Signed-off-by: David Bauer <mail@david-bauer.net>
Setting up usb gadgets using g_* kernel modules are considered a
legacy approach, but the usb_gadget configfs is a bit annoying
to use directly.
The usb_gadget configfs works by creating magic directories
and writing to magic files under /sys/kernel/config/usbgadget.
This new package is an init script to setup usb_gadget configfs
using uci. In the config file, gadget/configuration/function
sections create corresponding directories. UCI options are magic
files available in the configfs and strings/0x409 directories,
grabbed with a 'find' command. UDC option in gadget writes
the UDC file under the 'gadget' directory to attach the
generated gadget config.
It's also possible to apply pre-made config templates under
/usr/share/usbgadget. The templates use the same UCI config
format, with the 'gadget' entry named 'g1'. Currently, there
are templates for CDC-ACM and CDC-NCM gadgets written based
on existing g_*.ko module code.
Certain SBCs come with only a USB device port (e.g. Raspberry Pi
Zero). With this script, it's now possible to perform initial
setup on them by adding a default NCM gadget.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Allow "postinst" scripts to perform extra actions after applying all
kind of fixups implemented using uci-defaults.
This is needed e.g. by uhttpd-mod-ubus which after installation in a
running systems needs to:
1. Update uhttpd config using its uci-defaults script
2. Reload uhttpd
While this approach makes sense there is a risk it'll blow up some
corner case postinst usages. There is only 1 way to find out.
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Specifications:
SoC: MediaTek MT7981B
RAM: 256MiB
Flash: SPI-NAND 128 MiB
Switch: 1 WAN, 3 LAN (Gigabit)
Buttons: Reset, Mesh
Power: DC 12V 1A
WiFi: MT7976CN
UART: 115200n8
UART Layout:
VCC-RX-TX-GND
No. of Antennas: 6
Note: Upon opening the router, only 5 antennas were connected
to the mainboard.
Led Layout:
Power-Mesh-5gwifi-WAN-LAN3-LAN2-LAN1-2gWiFi
Buttons:
Reset-Mesh
Installation:
A. Through OpenWrt Dashboard:
If your router comes with OpenWrt preinstalled (modified by the seller),
you can easily upgrade by going to the dashboard (192.168.1.1) and then
navigate to System -> Backup/Flash firmware, then flash the firmware
B. Through TFTP
Standard installation via UART:
1. Connect USB Serial Adapter to the UART, (NOTE: Don't connect the VCC pin).
2. Power on the router. Make sure that you can access your router via UART.
3. Restart the router then repeatedly press ctrl + c to skip default boot.
4. Type > bootmenu
5. Press '2' to select upgrade firmware
6. Press 'Y' on 'Run image after upgrading?'
7. Press '0' and hit 'enter' to select TFTP client (default)
8. Fill the U-Boot's IP address and TFTP server's IP address.
9. Finally, enter the 'firmware' filename.
Signed-off-by: Ian Oderon <ianoderon@gmail.com>
This fixes WARN_ONs when using AP_VLANs after station removal. The flush
call passed AP_VLAN vif to driver, but because these vifs are virtual and
not registered with drivers, we need to translate to the correct AP vif
first.
Fixes: openwrt#12420
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
730b4656e6b1 netifd: fix undefined va_list value which can cause crashes
c59457f69709 device: Log error message if device initialization failed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Prior to this commit, "localuse" (which enables local resolving through
dnsmsasq) was off by "default". That default was in turn overridden when
"noresolv" was unset (which itself is the default for "noresolv") *and*
"resolvfile" was "/tmp/resolv.conf.d/resolv.conf.auto" (also the default
for this parameter).
In other words, the "default" unset value for "localuse" would only be
ever used in specific *non-default* configurations.
However, the problem with that logic is that a user who wants to ignore
their ISP-provided resolvers by setting "noresolv" to true ends up with
a device that will *only use* said resolvers for local DNS queries,
serving clients' queries via dnsmasq (which now ignores the ISP
resolvers). This can lead to confusion and break random setups as the
DNS lookup performed on clients behalf can differ in their replies from
DNS lookups performed locally on the router.
Furthermore, "localuse" is not configurable through Luci, contrary to
the other two involved settings, adding further confusion for the end
user.
To work around this situation, the logic that sets "localuse" is
inverted: "localuse" now defaults to on by default, and IFF "noresolv"
is unset (default) AND "resolvfile" is changed from default THEN
"localuse" gets turned back off, allowing for more sensible behaviour.
"localuse" value set in config/dhcp still overrides the logic in all
cases, as it did already.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Hardware specifications:
SoC: Qualcomm IPQ8071A
RAM: 512MB of DDR3
Flash1: Eon EN25S64 8MB
Flash2: MX30UF2G18AC 256MB
Ethernet: 2x 2.5G RJ45 port
Phone: 1x RJ11 port (SPI)
USB: 1x Type-C 2.0 port
WiFi1: QCN5024 2.4GHz
WiFi2: QCN5054 5GHz
Button: Reset, WPS
Flash instructions:
1. Connect the router via serial port (115200 8N1 1.8V)
2. Download the initramfs image, rename it to initramfs.bin,
and host it with the tftp server.
3. Interrupt U-Boot and run these commands:
tftpboot initramfs.bin
bootm
4. After openwrt boots up, use scp or luci web
to upload sysupgrade.bin to upgrade.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Hardware specification:
SoC: Qualcomm IPQ8072A
Flash: Toshiba NAND 1GiB
RAM: 1 GiB of DDR3 466 MHz
Ethernet: 4x 1Gbps + 1x 2.5Gbps
WiFi1: QCN5024 2.4GHz ax 4x4
WiFi2: QCN5054 5GHz ax 4x4
Button: WiFi, WPS, Reset
Modem: RG500Q-EA
USB: 1 x USB 3.0
Power: DC 12V 4A
Flash instructions:
1. Download the initramfs image, rename it to
initramfs.bin, and host it with tftp server.
2. Interrupt U-Boot and run these commands:
tftpboot initramfs.bin
bootm
3. After openwrt boots up, use scp or luci web
to upload sysupgrade.bin to upgrade.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Detach of-mdio dependency from stmmac-core kmod to fix support for
x86_64 target. This target doesn't use OpenFirmware infrastructure and
stmmac-core for the dwmac-intel driver doesn't depends on it.
Add kmod-of-mdio to any other user of stmmac-core as it's not inherit
from stmmac-core anymore.
Fixes: #14209
Fixes: 4b4c940fbc ("x86: Add kmod-dwmac-intel")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Move pcs-xpcs kmod from armsr modules.mk to generic modules package.
Also add additional dependency to x86_64 as stmmac-core it's now used
by x86_64 target and depends on this package.
Fixes: 4b4c940fbc ("x86: Add kmod-dwmac-intel")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Explain some of the more obscure logic, or where we deviate from
what the original awk code did. Also, give a count of the usable
addresses on the subnet.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This is useful if you later need to perform numeric range-checking
on addresses, i.e. to see if an address falls inside a CIDR range,
etc. and what interface it corresponds to.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
ledumon:
This program creates a new userspace LED class device and monitors it.
For this it es using the kmod-leds-uled.ko kernel module.
ledhwbmon:
This program monitors LED brightness level changes having its origin
in hardware/firmware, i.e. outside of kernel control.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
8f2806a37fe1 system-linux: set master early on apply settings
e3fc2b0026a5 system-linux: skip refreshing MAC on master change if custom MAC
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Fix typo calling lua53 instead of lua5.3 for Package Default definition.
This cause only missing description of the package and doesn't cause
any build regression.
Fixes: c52ca08d40 ("lua5.3: build shared library")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Similar to the *_get_mac_binary function, also split the common parts
off mtd_get_mac_ascii into new get_mac_ascii function and introduce
mmc_get_mac_ascii which uses it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Let ucode-mod-* packages select the ucode interpreter instead of depending
on it to avoid recursive dependency chains in unrelated packages.
Fixes: https://github.com/openwrt/packages/issues/22837
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rostelecom RT-FE-1A is a wireless WiFi 5 router manufactured by Sercomm
company.
Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB
Flash: 128 MiB
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7615E): a/n/ac, 4x4
Ethernet: 5x GbE (WAN, LAN1, LAN2, LAN3, LAN4)
USB ports: No
Button: 2 buttons (Reset & WPS)
LEDs:
- 1x Power (green, unmanaged)
- 1x Status (green, gpio)
- 1x 2.4G (green, hardware, mt76-phy0)
- 1x 2.4G (blue, gpio)
- 1x 5G (green, hardware, mt76-phy1)
- 1x 5G (blue, gpio)
- 5x Ethernet (green, hardware, 4x LAN & WAN)
Power: 12 VDC, 1.5 A
Connector type: barrel
Bootloader: U-Boot
Installation
-----------------
1. Login to the router web interface (default http://192.168.0.1/)
under "admin" account
2. Navigate to Settings -> Configuration -> Save to Computer
3. Decode the configuration. For example, using cfgtool.py tool (see
related section):
cfgtool.py -u configurationBackup.cfg
4. Open configurationBackup.xml and find the following block:
<OBJECT name="User." type="object" writable="1" encryption="0" >
<OBJECT name="1." type="object" writable="1" encryption="0" >
<PARAMETER name="Password" type="string" value="<some value>" writable="1" encryption="1" password="1" />
</OBJECT>
5. Replace <some value> by a new superadmin password and add a line
which enabling superadmin login after. For example, the block after
the changes:
<OBJECT name="User." type="object" writable="1" encryption="0" >
<OBJECT name="1." type="object" writable="1" encryption="0" >
<PARAMETER name="Password" type="string" value="s0meP@ss" writable="1" encryption="1" password="1" />
<PARAMETER name="Enable" type="boolean" value="1" writable="1" encryption="0"/>
</OBJECT>
6. Encode the configuration. For example, using cfgtool.py tool:
cfgtool.py -p configurationBackup.xml
7. Upload the changed configuration (configurationBackup_changed.cfg) to
the router
8. Login to the router web interface (superadmin:xxxxxxxxxx, where
xxxxxxxxxx is a new password from the p.5)
9. Enable SSH access to the router (Settings -> Access control -> SSH)
10. Connect to the router using SSH shell using superadmin account
11. Run in SSH shell:
sh
12. Make a mtd backup (optional, see related section)
13. Change bootflag to Sercomm1 and reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
reboot
14. Login to the router web interface under admin account
15. Remove dots from the OpenWrt factory image filename
16. Update firmware via web using OpenWrt factory image
Revert to stock
---------------
Change bootflag to Sercomm1 in OpenWrt CLI and then reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
mtd backup
----------
1. Set up a tftp server (e.g. tftpd64 for windows)
2. Connect to a router using SSH shell and run the following commands:
cd /tmp
for i in 0 1 2 3 4 5 6 7 8 9; do nanddump -f mtd$i /dev/mtd$i; \
tftp -l mtd$i -p 192.168.0.2; md5sum mtd$i >> mtd.md5; rm mtd$i; done
tftp -l mtd.md5 -p 192.168.0.2
MAC Addresses
-------------
+-----+------------+---------+
| use | address | example |
+-----+------------+---------+
| LAN | label | f4:*:66 |
| WAN | label + 11 | f4:*:71 |
| 2g | label + 2 | f4:*:68 |
| 5g | label + 3 | f4:*:69 |
+-----+------------+---------+
The label MAC address was found in Factory, 0x21000
cfgtool.py
----------
A tool for decoding and encoding Sercomm configs.
Link: https://github.com/r3d5ky/sercomm_cfg_unpacker
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Might be a typo in drv->txtstamp function:
+ phy_rxtstamp(ndev->phydev, skb, 0);
to
+ phy_txtstamp(ndev->phydev, skb, 0);
Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Kristian Skramstad <kristian+github@83.no>
Add the 'tmon' packages. This is as a tool to help visualize,
tune, and test the complex thermal subsystem.
We get a compile warning for the tool that the printf format does not
fit. This commit contains a patch that fixes this warning. This patch
has also been sent upstream to the Linux kernel [1].
Links:
[1] https://lore.kernel.org/all/20231204141335.2798194-1-fe@dev.tdt.de/
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
af57bb123f93 socket: add debug callbacks for rx/tx
785e11aee7dd socket: call rx debug callback once per packet instead of per batch
965c4bf49658 socket: change debug callbacks to pass struct nl_msg
Signed-off-by: Felix Fietkau <nbd@nbd.name>
d27acfe416d6 udebug: add more checks for uninitialized buffers
df5b7147f47a udebug: add mips specific quirk
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The previous offsets did also work, as they've wrapped back to 0x0.
However, in reality the environment starts at offset 0x0 of the
u-boot-env MMC partition.
Signed-off-by: David Bauer <mail@david-bauer.net>
The 'label' property in led node has been deprecated and we'd better
to avoid using it. This patch allows us to extract DT OF LED name
from the newly introduced LED properties "color", "function" and
"function-enumerator".
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Remove upstreamed patches:
* replace usage of the deprecated "pci-dma-compat.h" API (6c03b27)
* remove uaccess and get_fs calls from PCIe for Kenel >= 5.18 (1d0d08c)
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
Update to the latest upstream release to include recent improvements and
bugfixes. Also refresh local patches.
Link: https://github.com/libbpf/bpftool/releases/tag/v7.3.0
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Update to the latest upstream release to include recent improvements and
bugfixes. Also refresh local patches.
Link: https://github.com/libbpf/libbpf/releases/tag/v1.3.0
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
d852f877920b service: Fix retriggering of init.d-scripts.
7e6c6efd6fbc udebug: add support for logging via udebug
Signed-off-by: Felix Fietkau <nbd@nbd.name>
325fea5c57cf udebug: add functions for manipulating entry length
e84c000c4756 udebug: add inline helper function to test if a buffer is allocated
40acbe34632b udebug: wait for response after buffer add/remove
Signed-off-by: Felix Fietkau <nbd@nbd.name>
d49aadabb7a1 lib: fix dealing with udebugd restarts
9ec5fbb6aaad ubus: report ring size and data size via ubus api
86b4396baa44 ring: add debug messages for ring alloc errors
e02306af7c50 lib: add helper function for applying ring config
b613879cb049 client: send confirmation messages for ring add/remove
Signed-off-by: Felix Fietkau <nbd@nbd.name>
b77f2a4ce903 uloop: fix build using C++ compilers
260ad5bd1566 udebug: add ulog support
e80dc00ee90c link librt if needed for shm_open
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2b39a27d8bcc libubus: fix reconnect with auto subscribe
f84eb5998c6e libubus: fix initial subscribe with autosubscribe
Signed-off-by: Felix Fietkau <nbd@nbd.name>
82fa6480de7a uloop: add support for interval timers
13d9b04fb09d uloop: add support for user defined signal handlers
f7d156911311 uloop: properly initialize signal handler mask
8a5a4319a85c uloop: fix typo in signal handling rework
b3fa3d92e3eb uloop: reset flags after __uloop_fd_delete call
d4c3066e7c5e udebug: add udebug library code
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Hardware
--------
SoC: MediaTek MT7981BA
RAM: 1GB DDR4 (NANYA NT5AD512M16C4-JR)
MMC: 8GB eMMC (Samsung 8GTF4R)
ETH: 1000Base-T LAN (ePHY)
2500Base-T WAN (MaxLinear GPY211C)
BTN: 1x Reset Button
LED: System (blue/white)
VPN (white)
USB: 1x USB-A (USB 3.0)
UART: 115200 8N1 - Pinout on board next to LAN port
Don't connect 3.3V!
Known Issues
------------
U-Boot vendor recovery does not seem to accept any images, neither
GL.iNet images nor OpenWrt images. Recovery requires serial access!
Installation
------------
Upload the OpenWrt sysupgrade image to the Gl.iNet Web-UI. Make sure to
not retain existing settings.
Signed-off-by: David Bauer <mail@david-bauer.net>
91666a3 ustream-mbedtls: Add compatibility with Mbed TLS 3.0.0
263b9a9 cmake: Fail if undefined symbols are used
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
If the dnsmasq process forks to handle TCP connections, it closes the ubus
context. But instead of changing the daemon wide pointer to NULL, only the
local variable was adjusted - and this portion of the code was even dropped
(dead store) by some optimizing compilers.
It makes more sense to change the daemon->ubus pointer because various
functions are already checking it for NULL. It is also the behavior which
ubus_destroy() implements.
Fixes: d8b33dad0b ("dnsmasq: add support for monitoring and modifying dns lookup results via ubus")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Currently there's no usable mainline (open source) TF-A implementation
for rk35xx SoCs, so pack the prebuilt firmware from the vendor.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
D-Link DAP-1720 rev A1 is a mains-powered AC1750 Wi-Fi range extender,
manufactured by Alpha Networks [8WAPAC28.1A1G].
(in square brackets: PCB silkscreen markings)
Specifications:
* CPU (Qualcomm Atheros QCA9563-AL3A [U5]):
775 MHz single core MIPS 74Kc;
* RAM (Winbond W9751G6KB-25J [U3]):
64 MiB DDR2;
* ROM (Winbond W25Q128FV [U16]):
16 MiB SPI NOR flash;
* Ethernet (AR8033-AL1A PHY [U1], no switch):
1 GbE RJ45 port (no PHY LEDs);
* Wi-Fi
* 2.4 GHz (Qualcomm Atheros QCA9563-AL3A [U5]):
3x3 802.11n;
* 5 GHz (Qualcomm Atheros QCA9880-BR4A [U9]):
3x3 802.11ac Wave 1;
* 3 foldable dual-band antennas (U.fl) [P1],[P2],[P3];
* GPIO LEDs:
* RSSI low (red/green) [D2];
* RSSI medium (green) [D3];
* RSSI high (green) [D4];
* status (red/green) [D5];
* GPIO buttons:
* WPS [SW1], co-located with status LED;
* reset [SW4], accessible via hole in the side;
* Serial/UART:
Tx-Gnd-3v3-Rx [JP1], Tx is the square pin, 1.25mm pitch;
125000-8-n-1 in U-boot, 115200-8-n-1 in kernel;
* Misc:
* 12V VCC [JP2], fed from internal 12V/1A AC to DC converter;
* on/off slide switch [SW2] (disconnects VCC mechanically);
* unpopulated footprints for a Wi-Fi LED [D1];
* unpopulated footprints for a 4-pin 3-position slide switch (SW3);
MAC addresses:
* Label = LAN;
* 2.4 GHz WiFi = LAN;
* 5 GHz WiFi = LAN+2;
Installation:
* `factory.bin` can be used to install OpenWrt from OEM firmware via the
standard upgrade webpage at http://192.168.0.50/UpdateFirmware.html
* `recovery.bin` can be used to install OpenWrt (or revert to OEM
firmware) from D-Link Web Recovery. To enter web recovery, keep reset
button pressed and then power on the device. Reset button can be
released when the red status LED is bright; it will then blink slowly.
Set static IP to 192.168.0.10, navigate to http://192.168.0.50 and
upload 'recovery.bin'. Note that in web recovery mode the device
ignores ping and DHCP requests.
Note: 802.11s is not supported by the default `ath10k` driver and
firmware, but is supported by the non-CT driver and firmware variants.
The `-smallbuffers` driver variant is recommended due to RAM size.
Co-developed-by: Anthony Sepa <protectivedad@gmail.com>
Signed-off-by: Rani Hod <rani.hod@gmail.com>
The ubootmod bootlaoder for EX5601-T0 uses two partitions
in ubi to store enviroment variables. so proper config
is needed.
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
Flash procedure is described in next commit.
TLDR:
Copy preloader and uboot to /tmp and write them in the mtd.
This will also require new UBI partition and
volumes to boot openwrt.
mtd write /tmp/openwrt-mediatek-filogic-zyxel_ex5601-t0-ubootmod-preloader.bin bl2
mtd write /tmp/openwrt-mediatek-filogic-zyxel_ex5601-t0-ubootmod-bl31-uboot.fip fip
Changelist:
- Added profile for 4k+256 SPI NAND_TYPE
- Added basic Zyxel EX5601-T0 uboot profile
Backported from hitech95 branch:
- Button RESET pin fix
- Button WPS pin fix
Signed-off-by: Valerio 'ftp21' Mancini <ftp21@ftp21.eu>
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
iwlwifi from 6.5 supports API version up to 83, but 81 is the latest one
available from linux-firmware 20230804.
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
Specifications:
SoC: MediaTek MT7981B
RAM: 1024MiB
Flash: SPI-NAND 128 MiB
Switch: 1 WAN, 4 LAN (Gigabit)
USB: two M.2 slots for 5G modems via USB 3.0 hub, external USB 3.0 port
Buttons: Reset, Mesh
Power: DC 12V 1A
WiFi: MT7976CN
UART: 115200n8
UART Layout:
VCC-RX-TX-GND
Installation:
A. Through OpenWrt Dashboard:
If your router comes with OpenWrt preinstalled (modified by the seller),
you can easily upgrade by going to the dashboard (192.168.1.1) and then
navigate to System -> Backup/Flash firmware, then flash the firmware
B. Through TFTP
Standard installation via UART:
1. Connect USB Serial Adapter to the UART, (NOTE: Don't connect the VCC pin).
2. Power on the router. Make sure that you can access your router via UART.
3. Restart the router then repeatedly press ctrl + c to skip default boot.
4. Type > bootmenu
5. Press '2' to select upgrade firmware
6. Press 'Y' on 'Run image after upgrading?'
7. Press '0' and hit 'enter' to select TFTP client (default)
8. Fill the U-Boot's IP address and TFTP server's IP address.
9. Finally, enter the 'firmware' filename.
Based on patch adding support for similar Zbtlink ZBT-Z8103AX device by
Ian Ishmael C. Oderon.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Backport merged upstream patch that adds support for firmware loader
from NVMEM or attached filesystem for Aquantia PHYs.
Refresh all kernel patches affected by this change.
Also update the path for aquantia .ko that got moved to dedicated
directory upstream.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This fixes the mirror hash to the version of the file uploaded to the
download mirror and which my build calculated.
Fixes: b117e7244f ("firmware-utils: update to Git HEAD (2023-11-21)")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
1d42292d8063 tplink-safeloader: Add TP-Link Archer A6 V3.20
3338f5389d72 tplink-safeloader: add TL-WPA8635P v3
17ca5eeb1c10 tplink-safeloader: add TL-WPA8631P v4
f730ad2fa0b4 bcmblob: new tool for reading Broadcom's BLOBs
cb1ddac98124 firmware-utils: fix typo in error message when no OpenSSL library found
916633160dc9 bcmclm: new tool for reading Broadcom's CLM data
a2d49fb1e188 tplink-safeloader: add RU support-list entry for Archer C6U v1
bb12cf5c3fa9 tplink-safeloader: Add support for TP-Link Deco M5 The special_id values are the same for EU and Asian models, and they apply to all models: v1, v2, and v3. They are not sorted as they are currently in the same order as extracted from the official firmware image.
9e2de8515be1 tplink-safeloader: add EAP610 v3 and EAP613 v1
a170683c0e11 firmware-utils: fix use of NULL string progname
89875fc18b57 tplink-safeloader: CPE510: add Canadian support
9e211d2980fe mktplinkfw2: add support to extract bootloader images
c18f662f3c74 mktplinkfw2: add support to pack bootloader
3dc133915f87 mktplinkfw2: show exact exceed bytes when the image is to big
d16ff798d58a tplink-safeloader: WPA8631: add v4 AU, US
0fa1cc51013f zytrx: add LTE5398-M904
635466123429 firmware-utils: ptgen: add SiFive GPT partition support
ba5bc4e1ae9d add dlink-sge-image for D-Link devices by SGE
3b114de29cf7 lxlfw: move code opening LXL to helper function
8e149e480391 lxlfw: move code copying data to helper function
16fa89076122 lxlfw: fix struct lxl_hdr attribute
d770cab82e58 lxlfw: support embedding blobs
eaf2ea28dbe6 lxlfw: support extracting image
12bf1a99bd6e lxlfw: support certificate & signature blobs
Fixes: https://github.com/openwrt/openwrt/issues/12939
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This is not activated by default and must be explicitly enabled via ubus
It supports reporting log messages and netlink packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
dnmasq.init now invokes ipcalc.sh as either:
ipcalc.sh address/netmask ...
or:
ipcalc.sh address/prefix
but the existing version doesn't accept the 2nd notation. We're
trying to rationalize the usage of ipcalc.sh, and here we add
support for the 2nd format.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The new rewritten ipcalc.sh understands 3 notations:
ipaddr/prefix ...
ipaddr/dotted-netmask ...
ipaddr dotted-netmask ...
meaning that the previous 4th non-standard notation of "ipaddr prefix"
will be dropped, alas that's the notation that dnsmasq currently uses.
This change has us using the first notation which is the most common.
This behavior came in as
eda27e8382
a long time ago.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
ISISC is the QCA codename for their Atheros switch family including
AR237, QCA8337 etc.
Since we have qca8k support in OpenWrt, there is no need to have SSDK
support for these switches, and boards that also have external switches
can just use qca8k.
Disable QCA803x PHY support as well, since all of those are supportable
via at803x driver.
Signed-off-by: Robert Marko <robimarko@gmail.com>
PTP and swconfig support in SSDK require kernel modifications we dont need
nor we want to support for now, so move the PTP and swconfig disablement
into general build options as they are not ipq807x specific.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Recent SSDK versions started also parsing the "SoC" variable to identify
the SoC along with the "CHIP_TYPE".
We are not passing "SoC" currently and this leads to components we dont
need like MHT (New 2.5G quad port switch) being compiled and then unused,
so lets just pass the "SoC" as well.
Signed-off-by: Robert Marko <robimarko@gmail.com>
The RTW88 PCI/USB driver uses the same firmware,
so add firmware dependencies.
Also CI report that:
Package kmod-rtw88-usb is missing dependencies for the following libraries:
usbcore.ko
This commit fixes it.
Fixes: 3538a19 ("mac80211: split rtw88 configuration for each supported chip")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
New gdb has got libzstd support, and libzstd gets detected
at buildbot build. Explicitly disable it to avoid dependency.
Fixes: f79de8ec65 ("gdb: Update to 13.2")
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Commit 947b44d ("ipq807x: fix wrong define for LAN and WAN ess mask")
started fixing wrong switch_lan_bmp that defined lan there weren't
actually present. This displayed a fragility in the malibu phy init code
in qca-ssdk.
Add patch to fix this. Also update each DTS with the new required
property if needed.
The new binding malibu_phy_start_addr is required with devices that
place the malibu first PHY referring port1 on a different PHY addres
than 0. The most common configuration is 0 but some device (for example
Qnap 301W) place the malibu PHY at an offset to address 16.
Refer to ipq8074-ess dtsi for extensive description on how to derive
this value.
Quoting the patch detailed description:
The usage of first_phy_addr is EXTREMELY FRAGILE and results
in dangerous results if the OEM (or anyone that by chance try to
implement things in a logical manner) deviates from the default values
from the "magical template".
To be in more details. With QSDK 12.4, some tweaks were done to improve
autoneg and now on every call of port status, the phydev is tried to
add. This resulted in the call and log spam of an error with ports that
are actually not present on the system with qsdk reporting phydev is
NULL. This itself is not an error and printing the error is correct.
What is actually an error from ages is setting generic bitmap reporting
presence of port that are actually not present. This is very common on
OEM where the switch_lan_bmp is always a variant of 0x1e (that on bitmap
results in PORT1 PORT2 PORT3 PORT4 present) or 0x3e (PORT1 PORT2 PORT3
PORT4 PORT5). Reality is that many device are used as AP with one LAN
port or one WAN port. (or even exotic configuration with PORT1 not
present and PORT2 PORT3 PORT4 present (Xiaomi 3600)
With this finding one can say... ok nice, then lets update the DT and
set the correct bitmap...
Again world is a bad place and reality is that this cause wonderful
regression in some case of by extreme luck the first ever connected
port working and the rest of the switch dead.
The problem has been bisected to all the device that doesn't have the
PORT1 declared in any of the bitmap.
With this prefaction in mind, on to the REAL problem.
malibu_phy_hw_init FOR SOME REASON, set a global variable first_phy_addr
to the first detected PHY addr that coincidentally is always PORT1.
PORT1 addr is 0x0. The entire code in malibu_phy use this variable to
derive the phy addrs in some function.
Declaring a bitmap where the PORT1 is missing (or worse PORT4 the only
one connected) result in first_phy_addr set to 1 or whatever phy addr is
detected first setting wrong value all over the init stage.
To fix this, introduce a new binding malibu_first_phy_addr to manually
declare the first phy that the malibu PHY driver should use and permit
to detach it from port bmp detection. The legacy detection is kept for
compatibility reason.
Fixes: #13945
Fixes: 947b44d9ae ("ipq807x: fix wrong define for LAN and WAN ess mask")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com> # Qnap 301W
Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit 8cce00bc9d.
The confusion was real and this change cause regression on other
advanced devices that makes actual use of the first_phy_addr value.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Some local patches have been sent to upstream and they are slightly
different from the upstream version. So it's better to replace them
to avoid conflicts with the new mac80211 backport driver. The
different parts have been merged into patch 996.
This commit also includes some additional fixes:
* Fix watchdog function.
* Improve MT7620 register initialization.
* Introduce DMA busy watchdog for rt2800.
P.S.
Sometimes rt2800 series chips may fall into a DMA busy state. The
tx queues become very slow and the client cannot connect to the AP.
Usually, We can see a lot of hostapd warnings at this point:
'hostapd: IEEE 802.11: did not acknowledge authentication response'
The DMA busy watchdog can help the driver automatically recover
from this abnormal state. By the way, setting higer 'cell_density'
and disabling 'disassoc_low_ack' can significantly reduce the
probability of the DMA busy.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Kernel 6.1 has introduced support for RTW8822BU network adapter, which
is an USB variant of the rtw8822b 802.11ac chipset family.
Build and install the corresponding module in the rtw88 package
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Current rtw88 build configuration builds modules for all chips supported by
rtw88 driver family. This brings the following issues:
- adding a chip with a different bus is not convenient (all chips currently
depends on PCI)
- some features requirements are not relevant for all chips in family (eg
802.11AC is enforced but RTW88-8723DE is only a 802.11b/g/n chip)
Remove those constraints/issues by adding one module build option per
supported chip, and add intermediate options to properly cascade
dependencies.
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
If /root is created with too permissive permissions, then sshd won't
trust the contents of /root/.ssh as being adequately protected.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
ath9k-htc USB-based adapters also support 5/10MHz channel bandwidth.
Move the code handling the features in debugfs to common-debug.c,
and create proper registration functions to use in debug.c and
htc_drv_debug.c, leaving only debugfs registration there.
While at that, refresh one patch that would conflict otherwise.
Tested on TP-Link Archer C7v2 (ath79) and TP-Link WN722Nv1 (AR9287)
and WN822Nv2 (AR7010+AR9287).
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
ath9k-htc USB-based adapterssupport 5/10MHz channel bandwidth, the
same as standard ath9k ones.
Move the code handling the features in debugfs to common-debug.c,
and create proper registration functions to use in debug.c and
htc_drv_debug.c, leaving only debugfs registration there.
While at that, refresh one patch that would conflict otherwise.
Tested on TP-Link Archer C7v2 (ath79) and TP-Link WN722Nv1 (AR9287)
and WN822Nv2 (AR7010+AR9287).
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
In-kernel driver for MCS7715 USB-serial bridge has a bool option,
enabling support for parallel port on that chip - which is tied to the
same kernel module. Enable it and select kmod-ppdev, as the image size
increase is minimal and the package isn't bundled in the images by
default.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Adjust our local ath10k-ct patches to the change
from the -ct 6.2 version to 6.4.
This restores e.g. the LED functionality.
Fixes: 7d3651f1b9 ("ath10k-ct: switch to 6.4")
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Commit 947b44d9ae ("ipq807x: fix wrong define for LAN and WAN ess mask")
started fixing wrong switch_lan_bmp that defined lan there weren't
actually present. This displayed a fragility in the malibu phy init code
in qca-ssdk.
Add patch to fix this.
Quoting the patch detailed description:
I'm very confused by this and to me it's not clear the real usage of
this logic.
From what I can see the usage of this is EXTREMELY FRAGILE and results
in dangerous results if the OEM (or anyone that by chance try to
implement things in a logical manner) deviates from the default values
from the "magical template".
To be in more details. With QSDK 12.4, some tweaks were done to improve
autoneg and now on every call of port status, the phydev is tried to
add. This resulted in the call and log spam of an error with ports that
are actually not present on the system with qsdk reporting phydev is
NULL. This itself is not an error and printing the error is correct.
What is actually an error from ages is setting generic bitmap reporting
presence of port that are actually not present. This is very common on
OEM where the switch_lan_bmp is always a variant of 0x1e (that on bitmap
results in PORT1 PORT2 PORT3 PORT4 present) or 0x3e (PORT1 PORT2 PORT3
PORT4 PORT5). Reality is that many device are used as AP with one LAN
port or one WAN port. (or even exotic configuration with PORT1 not
present and PORT2 PORT3 PORT4 present (Xiaomi 3600)
With this finding one can say... ok nice, then lets update the DT and
set the correct bitmap...
Again world is a bad place and reality is that this cause wonderful
regression in some case of by extreme luck the first ever connected
port working and the rest of the switch dead.
The problem has been bisected to all the device that doesn't have the
PORT1 declared in any of the bitmap.
With this perfection in mind, on to the REAL problem.
malibu_phy_hw_init FOR SOME REASON, set a global variable first_phy_addr
to the first detected PHY addr that coincidentally is always PORT1.
PORT1 addr is 0x0. The entire code in malibu_phy use this variable to
derive the phy addrs in some function.
Declaring a bitmap where the PORT1 is missing (or worse PORT4 the only
one connected) result in first_phy_addr set to 1 or whatever phy addr is
detected first setting wrong value all over the init stage.
To fix this, just drop this variable and hardcode everything to assume
the first phy adrr is ALWAYS 0 and remove calculation and use define for
special case.
With the following change normal switch traffic is restored and ports
function is recovered.
Fixes: #13945
Fixes: 947b44d9ae ("ipq807x: fix wrong define for LAN and WAN ess mask")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Information about package license is important, so lets add it.
Fixes: 79ee0d2cee ("debugcc: add new package to debug IPQ based SoC clocks")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
I find myself manually compiling dtc as a staticly linked binary rather
often while porting a new device to OpenWrt as dtc is rarely included in
various vendor modifications of OpenWrt.
So, since dtc offers a convenient meson option to build it as staticaly
linked binary, lets make it a compile time option.
Signed-off-by: Robert Marko <robimarko@gmail.com>
eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add additional uci-defaults function for configuring GRO settings and
conduit for network devices.
Tweaking the GRO values might increase performance on some low spec
device that lack some offload feature on gmac.
Tweaking conduit interface is specific to DSA based devices and is
useful for multi-CPU scenario where one CPU is dedicated to one single
port.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Generalize ucidef_set_network_device functions to use a more generic
_ucidef_set_network_device_common that takes as args the option and the
value to apply instead of hardcoding.
This is to reduce duplicated code in preparation for addition of
additional option for board.d usage.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Update the devel/gdb package to version 13.2
* Remove the upstreamed patch 001-Add-support-for-readline-8.2.patch
* Adjust 130-gdb-ctrl-c.patch to upstream changes
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never
permitted.
This is probably due to the complexity of setting periodic check for the
intolerant bit. When noscan option is set, we ignore the presence of the
intoleran bit in near AP, so we can enable 40MHz and ignore any complex
logic for checking.
Fixes: #13112
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
noscan option for mesh was broken and actually never applied.
This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
noscan option was changed to hostapd_noscan but the entry in
wpa_supplicant was never updated resulting in the noscan option actually
never set.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Update SSDK version to 12.4, this fixes weird SFP port link up/downs
while there is no SFP module plugged in.
Signed-off-by: Robert Marko <robimarko@gmail.com>
0352a33 uloop: support new interval and signal APIs
1468cc4 syntax: don't treat `as` and `from` as reserved keywords
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
3a07943 block: support skipping uuid check
56a9b4e block: consider currently mounted root device first
9cd09d4 block: try to find the root device on both / and /rom
c1a8d95 block: support extroot on already mounted overlay
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.*
-rw-r--r-- 1 root root 749 Nov 6 23:14 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 23:14 /etc/uhttpd.key
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r-- 1 root root 519 Nov 6 22:58 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 22:58 /etc/uhttpd.key
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes the download of the kernel 5.15 for the bpf-headers when
kernel 6.1 is build for the target.
Even if kernel 6.1 was selected for the target we still use kernel 5.15
for the bpf-headers. The download script tried to download the 5.15
kernel from the 6.x directory on kernel,org and this failed. Define
PKG_SOURCE_URL based on PKG_PATCHVER and not KERNEL_BASE like done in
kernel.mk.
Without this change it tries to download the kernel from this URL:
ttps://cdn.kernel.org/pub/linux/kernel/v6.x/linux-5.15.129.tar.xz
Fixes: #13190Fixes: #13671Fixes: #13814
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110
This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk
Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4101dd4 fw4: perform strict validation of zone and set names
a923c88 fw4: pass zone to templates whenever possible
597dc90 fw4: add support for zone log_limit
1874050 fw4: add log_limit to rules and redirects
19a8caf ruleset: dispatch ct states using verdict map
a5553da ruleset: reduce ksoftirqd load by refering to looopback by numeric id
de3483c tests: adjust zone log limit testcases
7392792 ruleset: do not emit redundant drop invalid rules
698a533 ruleset: apply egress MSS fixup later to apply final MTU before wire
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
ath10k-ct based on kernel 6.4 doesn't have a fix present in previous
kernel. Add patch that port the compilation error fix from previous
kernel in the new 6.4 kernel.
Fixes: 7d3651f1b9 ("ath10k-ct: switch to 6.4")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Switch to the latest version so we match as close as possible to
our own mac80211 version.
Run-time tested on hundreds of devices in the field for months now:
- qca988x (wave 1)
- qca4019 (wave 2)
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
It's already pulled in from /etc/rc.common.
Fixes: #13758
Fixes: 6b23836071 ("package: avoid the use of eval to parse ipcalc.sh output")
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This reverts commit 3cc57ba462 as it
should be fixed in commit 78cbd5a57e11 ("tools: macOS: types.h: fix
missing unsigned types").
References: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This reverts commit 997ff740dc.
78cbd5apick as it should be fixed in commit 78cbd5a57e11 ("tools: macOS:
types.h: fix missing unsigned types").
References: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl/ath11k
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.
The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.
Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
Bug-Debian: https://bugs.debian.org/1004524
Bug-ArchLinux: https://bugs.archlinux.org/task/73495
Upstream-Status: Changes Requested [https://patchwork.ozlabs.org/project/hostap/patch/20220130192200.10883-1-mail@david-bauer.net]
Reported-by: Étienne Morice <neon.emorice@mail.com>
Tested-by: Étienne Morice <neon.emorice@mail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>