Commit Graph

53839 Commits

Author SHA1 Message Date
David Bauer
a5995272ed ath79: fix link for long cables with OCEDO Raccoon
The OCEDO Raccoon had significant packet-loss with cables longer than 50
meter. Disabling EEE restores normal operation.

Also change the ethernet config to reduce loss on sub-1G links.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 4551bfd91f)
2022-03-26 19:09:59 +01:00
Matthias Schiffer
58242ef347
ath79: fix TPLINK_HWREV field for TL-WR1043ND v4
Required to allow sysupgrades from OpenWrt 19.07.

Closes #7071

Fixes: 98fbf2edc0 ("ath79: move TPLINK_HWID/_HWREV to parent for tplink-safeloader")
Tested-by: J. Burfeind <git@aiyionpri.me>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 8ba71f1f6f)
2022-03-25 18:14:51 +01:00
Petr Štetiar
ec9af870f3 imagebuilder: fix broken image generation with external targets
When using external targets there is a symlink being created for the
target under target/linux which then becomes dangling under Image
Builder. Fix it by dereferencing the possible symlink.

Tested on IB with external target, ipq40xx and mvebu.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 621f39d1f4)
2022-03-25 14:54:41 +01:00
Petr Štetiar
161ff660fc openwrt-keyring: add OpenWrt 22.03 GPG/usign keys
62471e693b4f usign: add 22.03 release build public key
 70817cffc905 gpg: add OpenWrt 22.03 signing key

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 759886345d)
2022-03-25 14:28:50 +01:00
Matthias Schiffer
a5141a9ed8
ath79: change Ubiquiti UniFi AP model name to include "AP"
While it hasn't always been clear whether the "AP" is part of the model
name on the Ubiquiti website, we include it for all other pre-AC
variants (AP Pro and the AP Outdoor+). Add it to the original UniFi AP
as well for consistency.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit dc23df8a8c)
2022-03-24 09:35:26 +01:00
Matthias Schiffer
3666958c2a
ath79: fix label MAC address for Ubiquiti UniFi
The label has the MAC address of eth0, not the WLAN PHY address.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 2a02b70499)
2022-03-24 09:35:24 +01:00
Robert Marko
d65269a732 mvebu: udpu: fix initramfs booting
uDPU provides a FIT based initramfs, but currently gets stuck after U-boot
starts the kernel at "Starting kernel..".

It is due to the load address being too low, so increase it in order to get
the initramfs booting again.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit 80f21e5336)
2022-03-24 08:19:47 +01:00
Robert Marko
b9e90935db mvebu: udpu: include LM75 kmod by default
uDPU has 2 LM75 compatible temperature sensors, so include the driver for
them by default in order to utilize them.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit a8b2d35903)
2022-03-24 08:19:47 +01:00
Marek Behún
88ad61a292 kernel: Fix patch header
Remove "a" character from the first line of patch
  738-v5.14-01-net-dsa-qca8k-fix-an-endian-bug-in-qca8k-get-ethtool.patch

Otherwise `git am` fails to apply this patch which is annoying when
trying to do some development / rebasing.

Signed-off-by: Marek Behún <kabel@kernel.org>
(cherry picked from commit f811c33b19)
2022-03-24 08:19:47 +01:00
Petr Štetiar
12758b6906 sunxi: cortexa7: fix ethernet link detection on a20-olinuxino-lime2
a20-olinuxino-lime2 is currently having hard time with link detection of
certain 1000Mbit partners due to usage of generic PHY driver, probably
due to following missing workaround introduced in upstream in commit
3aed3e2a143c ("net: phy: micrel: add Asym Pause workaround"):

 The Micrel KSZ9031 PHY may fail to establish a link when the Asymmetric
 Pause capability is set. This issue is described in a Silicon Errata
 (DS80000691D or DS80000692D), which advises to always disable the
 capability. This patch implements the workaround by defining a KSZ9031
 specific get_feature callback to force the Asymmetric Pause capability
 bit to be cleared.

 This fixes issues where the link would not come up at boot time, or when
 the Asym Pause bit was set later on.

As a20-olinuxino-lime2 has Micrel KSZ9031RNXCC-TR Gigabit PHY since
revision H, so we need to use Micrel PHY driver on those devices.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ffa1088f63)
2022-03-24 08:18:46 +01:00
Petr Štetiar
3965dda0fa zlib: backport security fix for a reproducible crash in compressor
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.

Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.

Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b3aa2909a7)
2022-03-24 08:18:21 +01:00
Felix Fietkau
68b008756f qosify: update to the latest version
391a9fbd5ace dns: fix parsing vlan encapsulated protocol
6aeeddbc91ad interface: extend dns filters to cover vlan tagged traffic as well
1ab53d4ca601 bpf: return TC_ACT_UNSPEC to allow other filters to proceed
ca21e729af23 interface: switch to using clsact for filters
5d158f6b3c15 interface: run ingress bpf filter on main device ingress instead of ifb egress
bdfcb11847ce interface: fix duplicated dns filter line
b97405aa632a Revert "ubus: remove dnsmasq subscriber"
8fbaf39dbc95 interface: rework adding/removing filters, do not delete clsact
d7ba5804eae4 interface: replace open-coded ifb-dns string with QOSIFY_DNS_IFNAME
91cf440db9e2 loader: fix use of deprecated functions
57c7817f91c2 qosify: fix dscp values of ubus-added dns host entries

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit af434e0da2)
2022-03-22 10:29:18 +01:00
Rui Salvaterra
714ed05a41 kmod-lzo: include the lzo-rle kmod in the package
Albeit a separate crypto module, lzo-rle uses the same kernel library as lzo.
Crypto API users (zram, for example) expect both lzo and lzo-rle to be
available, so let's include lzo-rle (about 5.5 kiB) in the lib-lzo package.

Based on e9hack's original patch: https://patchwork.ozlabs.org/project/openwrt/patch/541cbfbd-76f2-59b3-a867-47b6f0fc7da9@gmail.com/

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit aaa0c09785)
2022-03-22 09:25:40 +00:00
Daniel Golle
786bf7fdac kernel: delete Linux 5.4 config and patches
As the upcoming release will be based on Linux 5.10 only, remove all
kernel configuration as well as patches for Linux 5.4.
There were no targets still actively using Linux 5.4.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3a14580411)
2022-03-21 13:11:56 +00:00
Richard Huynh
9470160c35 mediatek: Add support for Xiaomi Redmi Router AX6S
Also known as the "Xiaomi Router AX3200" in western markets,
but only the AX6S is widely installation-capable at this time.

SoC: MediaTek MT7622B
RAM: DDR3 256 MiB (ESMT M15T2G16128A)
Flash: SPI-NAND 128 MiB (ESMT F50L1G41LB or Gigadevice GD5F1GQ5xExxG)
WLAN: 2.4/5 GHz 4T4R
2.4 GHz: MediaTek MT7622B
5 GHz: MediaTek MT7915E
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531B
LEDs/Keys: 2/2 (Internet + System LED, Mesh button + Reset pin)
UART: Marked J1 on board VCC RX GND TX, beginning from "1". 3.3v, 115200n8
Power: 12 VDC, 1.5 A

Notes:
U-Boot passes through the ethaddr from uboot-env partition,
but also has been known to reset it to a generic mac address
hardcoded in the bootloader.

However, bdata is also populated with the ethernet mac addresses,
but is also typically never written to. Thus this is used instead.

Installation:
1. Flash stock Xiaomi "closed beta" image labelled
'miwifi_rb03_firmware_stable_1.2.7_closedbeta.bin'.
(MD5: 5eedf1632ac97bb5a6bb072c08603ed7)

2. Calculate telnet password from serial number and login

3. Execute commands to prepare device
nvram set ssh_en=1
nvram set uart_en=1
nvram set boot_wait=on
nvram set flag_boot_success=1
nvram set flag_try_sys1_failed=0
nvram set flag_try_sys2_failed=0
nvram commit

4. Download and flash image
On computer:
python -m http.server
On router:
cd /tmp
wget http://<IP>:8000/factory.bin
mtd -r write factory.bin firmware

Device should reboot at this point.

Reverting to stock:
Stock Xiaomi recovery tftp that accepts their signed images,
with default ips of 192.168.31.1 + 192.168.31.100.
Stock image should be renamed to tftp server ip in hex (Eg. C0A81F64.img)
Triggered by holding reset pin on powerup.

A simple implementation of this would be via dnsmasq's
dhcp-boot option or using the vendor's (Windows only)
recovery tool available on their website.

Signed-off-by: Richard Huynh <voxlympha@gmail.com>
(cherry picked from commit 9f9477b275)
2022-03-21 13:11:56 +00:00
Richard Huynh
4b51fa0d80 mediatek: Add GD5F1GQ5xExxG to mtk-snand
Some units of the Xiaomi Redmi Router AX6S/Xiaomi Router AX3200 contain this part.

Signed-off-by: Richard Huynh <voxlympha@gmail.com>
(cherry picked from commit 4177de10df)
2022-03-21 13:11:56 +00:00
Paul Spooren
a036c1d43b build: switch VERSION_REPO again to HTTPS
The maintainer-tools.git script still defaults to `http` while
eveyrthing moved over to `https`. This commit switches VERSION_REPO
again back to encrypted connections.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-20 13:34:22 +00:00
Paul Spooren
43e6d979b8 OpenWrt v22.03: set branch defaults
Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-20 13:05:00 +00:00
Nicholas Smith
7ea2f3d6e2 ipq40xx: add support for Telco X1 Pro
Telco X1 Pro is a Cat12 LTE-A Pro modem router.
Vendor firmware is based on a recent version of OpenWrt.
Flashing is possible via CLI using sysupgrade -F -n
The serial headers allow bootloader and console access
Serial setting: 115200  8N1

Brief Specifications:
IPQ4019 SoC
32MB flash
512MB RAM
4x gigabit LAN
1x gigabit WAN
Dual-band Wave-2 wifi
2x SMA LTE antenna connectors
2x RP-SMA wifi antennas
1x USB 2.0 port
1x Reset button
Serial headers installed
1x Nano SIM tray
1x Quectel EM-12G LTE-A Pro modem
1x M.2 slot attached to USB 3.0
1x internal micro SD card slot

Signed-off-by: Nicholas Smith <nicholas@nbembedded.com>
2022-03-19 20:05:00 +01:00
Igor Nazarov
42626aef67 ramips: add support for D-Link DIR-878 R1
Specifications:
- SoC: MediaTek MT7621AT
- RAM: 128 MB (DDR3)
- Flash: 16 MB (SPI NOR)
- WiFi: MT7615N (2.4GHz) and MT7615N (5Ghz)
- Switch: 1 WAN, 4 LAN (Gigabit)
- Buttons: Reset, WiFi Toggle, WPS
- LEDs: Power, Internet, WiFi 2.4G WiFi 5G

The R1 revision is identical to the A1 revision except
- No Config2 Parition, therefore
- factory partition resized to 64k from 128K
- Firmware partition offset is 0x50000 not 0x60000
- Firmware partitions size increased by 64K
- Firmware partition type is "denx,uimage", not "sge,uimage"
- Padding of image creation "uimage-padhdr 96" removed

Installation:
Update to the last D-Link firmware through web-ui before OpenWRT
installation then follow the instructions to patch your device using
D-Link FailsafeUI.

- D-Link FailsafeUI:
Power down the router, press and hold the reset button, then
re-plug it. Keep the reset button pressed until the internet LED stops
flashing, then jack into any lan port and manually assign a static IP
address in 192.168.0.0/24 other than 192.168.0.1 (e.g. 192.168.0.2)
and go to http://192.168.0.1
Flash with the factory image.

Signed-off-by: Igor Nazarov <tigron.dev@gmail.com>
2022-03-19 19:51:20 +01:00
John Audia
1eb5d50fd3 kernel: bump 5.10 to 5.10.107
All patches automatically rebased.

Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200

Signed-off-by: John Audia <graysky@archlinux.us>
2022-03-19 17:42:41 +01:00
Huangbin Zhan
3bf10bac11 ncurses: update to 6.3
release notes: https://invisible-island.net/ncurses/announce-6.3.html

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2022-03-19 17:42:29 +01:00
Mikhail Zhilkin
f8b02130d2 ramips: add support for Beeline SmartBox Flash
Beeline SmartBox Flash is a wireless AC1300 (WiFi 5) router manufactured
by Arcadyan company.

Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB, Winbond W632GU6NB
Flash: 128 MiB (NAND), Winbond W29N01HVSINF
Wireless 2.4 GHz (MT7615DN): b/g/n, 2x2
Wireless 5 GHz (MT7615DN): a/n/ac, 2x2
Ethernet: 3xGbE (WAN, LAN1, LAN2)
USB ports: 1xUSB3.0
Button: 1 (Reset/WPS)
LEDs: 1 RGB LED
Power: 12 VDC, 1.5 A
Connector type: Barrel
Bootloader: U-Boot (Ralink UBoot Version: 5.0.0.2)
OEM: Arcadyan WE42022

Installation
------------
1. Place *factory.trx on any web server (192.168.1.2 in this example)
2. Connect to the router using telnet shell (no password required)
3. Save MAC adresses to U-Boot environment:
   uboot_env --set --name eth2macaddr --value $(ifconfig | grep eth2 | \
    awk '{print $5}')
   uboot_env --set --name eth3macaddr --value $(ifconfig | grep eth3 | \
    awk '{print $5}')
   uboot_env --set --name ra0macaddr --value $(ifconfig | grep ra0 | \
    awk '{print $5}')
   uboot_env --set --name rax0macaddr --value $(ifconfig | grep rax0 | \
    awk '{print $5}')
4. Ensure that MACs were saved correctly:
   uboot_env --get --name eth2macaddr
   uboot_env --get --name eth3macaddr
   uboot_env --get --name ra0macaddr
   uboot_env --get --name rax0macaddr
5. Download and write the OpenWrt images:
   cd /tmp
   wget http://192.168.1.2/factory.trx
   mtd_write erase /dev/mtd4
   mtd_write write factory.trx /dev/mtd4
6. Set 1st boot partition and reboot:
   uboot_env --set --name bootpartition --value 0
   reboot

Back to Stock
-------------
1. Run in the OpenWrt shell:
   fw_setenv bootpartition 1
   reboot
2. Optional step. Upgrade the stock firmware with any version to
   overwrite the OpenWrt in Slot 1.

MAC addresses
-------------
+-----------+-------------------+----------------+
| Interface | MAC               | Source         |
+-----------+-------------------+----------------+
| label     | 30:xx:xx:51:xx:09 | No MACs was    |
| LAN       | 30:xx:xx:51:xx:09 | found on Flash |
| WAN       | 30:xx:xx:51:xx:06 | [1]            |
| WLAN_2g   | 30:xx:xx:51:xx:07 |                |
| WLAN_5g   | 32:xx:xx:41:xx:07 |                |
+-----------+-------------------+----------------+
[1]:
a. Label wasb't found neither in factory nor in other places.
b. MAC addresses are stored in encrypted partition "glbcfg". Encryption
   key hasn't known yet. To ensure the correct MACs in OpenWrt, a hack
   with saving of the MACs to u-boot-env during the installation was
   applied.
c. Default Ralink ethernet MAC address (00:0C:43:28:80:36) was found in
   "Factory" 0xfff0. It's the same for all Smartbox Flash devices. OEM
   firmware also uses this MAC when initialazes ethernet driver. In
   OpenWrt we use it only as internal GMAC (eth0), all other MACs are
   unique. Therefore, there is no any barriers to the operation of several
   Smartbox Flash devices even within the same broadcast domain.

Stock firmware image format
---------------------------
+--------------+---------------+----------------------------------------+
| Offset       | 1.0.15        | Description                            |
+==============+===============+========================================+
| 0x0          | 5d 43 6f 74   | TRX magic "]Cot"                       |
+--------------+---------------+----------------------------------------+
| 0x4          | 00 70 ff 00   | Length (reverse)                       |
+--------------+---------------+----------------------------------------+
|              |               | htonl(~crc) from 0xc ("flag_version")  |
| 0x8          | 72 b3 93 16   | to "Length"                            |
+--------------+---------------+----------------------------------------+
| 0xc          | 00 00 01 00   | Flags                                  |
+--------------+---------------+----------------------------------------+
|              |               | Offset (reverse) of Kernel partition   |
| 0x10         | 1c 00 00 00   | from the start of the header           |
+--------------+---------------+----------------------------------------+
|              |               | Offset (reverse) of RootFS partition   |
| 0x14         | 00 00 42 00   | from the start of the header           |
+--------------+---------------+----------------------------------------+
| 0x18         | 00 00 00 00   | Zeroes                                 |
+--------------+---------------+----------------------------------------+
| 0x1c         | 27 05 19 56 … | Kernel data + zero padding             |
+--------------+---------------+----------------------------------------+
|              |               | RootFS data (starting with "hsqs") +   |
| 0x420000     | 68 73 71 73 … | zero padding to "Length"               |
+--------------+---------------+----------------------------------------+
|              |               | Some signature data (format is         |
|              |               | unknown). Necessary for the fw         |
| "Lenght"     | 00 00 00 00 … | update via oem fw web interface.       |
+--------------+---------------+----------------------------------------+
| "Lenght" +   |               | TRX magic "HDR0". U-Boot is            |
| 0x10c        | 48 44 52 30   | checking it at every boot.             |
+--------------+---------------+----------------------------------------+
|              |               | 1.00:                                  |
|              |               |   Zero padding to ("Lenght" + 0x23000) |
|              |               | 1.0.12:                                |
|              |               |   Zero padding to ("Lenght" + 0x2a000) |
| "Lenght" +   |               | 1.0.13, 1.0.15, 1.0.16:                |
| 0x110        | 00 00 00 00   |   Zero padding to ("Lenght" + 0x10000) |
+--------------+---------------+----------------------------------------+

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-03-19 16:14:01 +01:00
Florian Eckert
09c41ea679 base-files: add wrapper for procd service list command
A service managed by procd does have a json object with usefull information.
This information could by dumped with the following command.

ubus call service list "{ 'verbose':true, 'name': '<service-name>)'". }"

This line is long and complicated to enter. This commit adds a wrapper
call to the procd service section tool to simplify the input and get the
output faster.

We could now enter the command /etc/initd/<service> info to get the info
faster.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-19 16:13:58 +01:00
Florian Eckert
b9017384ca procd: move service command to procd
The service command belongs to the procd and does not belong in the
shinit. In the course of the move, the script was also checked with
shellcheck and cleaned up.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-19 16:13:58 +01:00
John Audia
b04d38a2ea kernel: bump 5.10 to 5.10.106
All patches automatically rebased.

Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200

Signed-off-by: John Audia <graysky@archlinux.us>
2022-03-19 16:13:58 +01:00
John Audia
048f0b1702 kernel: bump 5.10 to 5.10.105
Updated default config with new sym (CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y).

Manually rebased:
    generic/hack-5.10/220-arm-gc_sections.patch

All other patches automatically rebased.

Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200

Signed-off-by: John Audia <graysky@archlinux.us>
2022-03-19 16:13:58 +01:00
Etienne Champetier
30c15d06e8 iptables: bump PKG_RELEASE
Following {arp,eb}tables-nft addition, bump PKG_RELEASE

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
66bb6dde36 iptables: add {arp,eb}tables-nft
Add a patch to add some missing init_extensions{a,b}() calls
Package lib{arp,eb}t_*.so

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
c913be1da1 iptables: add xtables-nft package
This allows to install ip6tables-nft without iptables-nft
This prepare the addition of {arp,eb}tables-nft

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
afb6824a2c iptables: add xtables-legacy package
This allows to install ip6tables-legacy without iptables-legacy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
905b49920f ebtables: rename to ebtables-legacy
This prepare the introduction of ebtables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
2f5088ef5f arptables: rename package to arptables-legacy
This prepare the introduction of arptables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Rosen Penev
9586a270a0 quilt.mk: fix typo in the Host section
HOST_PATCH_DIR is used for host patches, not PATCH_DIR.

Fixes refreshing patches with a custom HOST_PATCH_DIR.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-19 16:13:58 +01:00
Josef Schlehofer
7ca7e0b22d cypress-firmware: update it to version 5.4.18-2021_0812
- Binary files were renamed to cyfmac from brcmfmac, but the files needs
  to be on the router with the previous naming

[    6.656165] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
[    6.665182] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.bin failed with error -2
[    6.674928] brcmfmac mmc1:0001:1: Falling back to sysfs fallback for: brcm/brcmfmac43455-sdio.bin

- Cypress were acquired by Infineon Technologies
Thus change the project URL and switch to download files from their
GitHub repository. This is much better than the previous solution, which
requires finding new threads on their community forum about new driver
updates, and it will be necessary to change the URL each time.

Unfortunately, it seems that there is not published changelog, but
according to this forum thread [1], be careful by opening the link from
solution since it contains ending bracket ), it brings fixes for various
security vulnerabilities, which were fixed in 7_45_234.

Fixes:
- FragAttacks
- Kr00k

Also add LICENSE file

Run tested on Seeedstudio router powered by Raspberry Pi 4 CM with
package cypress-firmware-43455-sdio.

Before:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[    6.895050] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Mar 23 2020 02:20:01 version 7.45.206 (r725000 CY) FWID 01-febaba43

After:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[    6.829805] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID 01-996384e2

[1] https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/Outdated-brcmfmac-firmware-for-Raspberry-Pi-4-in-OpenWrt-21-02-1/m-p/331593#M2269

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-03-19 16:13:58 +01:00
Josef Schlehofer
31ccc27f41 bcm27xx: bcm2711: add kmod-usb-net-lan78xx
Some vendors like Seeedstudio in their product [1] with Raspberry Pi
Compute Module 4 uses Microchip LAN7800 (USB 3.0 to Gigabit
Ethernet Bridge) - USB 3.0 extended from PCIe of CM4.

lsusb output:
```
Bus 002 Device 002: ID 0424:7800 Microchip LAN7800
```

Raspberry Pi 4 and even Compute Module 4 has many resources available
and for just one kernel module it is not necessary to add additional specific CM4 profiles.
Let's include it by default, so the both Ethernet ports will be usable
to have better user-experience. Because previous generation of Raspberry
Pi included LAN7800 Gigabit Ethernet by default and it is enabled there
[2] in kernel without additional kernel module, which was added recently [3].

After this commit in dmesg can be found this:

```
root@OpenWrt:~# dmesg | grep lan
[    7.038889] lan78xx 2-3:1.0 (unnamed net_device) (uninitialized): int urb period 64
[    7.090484] usbcore: registered new interface driver lan78xx
```

Tested and works with sysupgrade image.

[1] https://www.seeedstudio.com/Dual-GbE-Carrier-Board-with-4GB-RAM-32GB-eMMC-RPi-CM4-Case-p-5029.html
[2] 32c74552b2/target/linux/bcm27xx/bcm2709/config-5.4 (L437)
[3] 31647d8be8

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-03-19 16:13:58 +01:00
Josef Schlehofer
013b043564 iwinfo: update to latest Git head
Changelog:
90bfbb9 devices: Add Cypress CYW43455
234075b devices: fix AMD RZ608 format
0e2a318 devices: add AMD RZ608 device-id

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-03-19 16:13:58 +01:00
Felix Fietkau
54aab4e719 bpftools: fix library path on 64 bit systems
drop the use of LIB_SUFFIX

Fixes: 00cbf6f6ab ("bpftools: update to standalone bpftools + libbpf, use the latest version")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-19 13:29:15 +01:00
Felix Fietkau
00cbf6f6ab bpftools: update to standalone bpftools + libbpf, use the latest version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-19 07:30:06 +01:00
Felix Fietkau
9c8cd1462d mac80211: backport MBSSID support
Required for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-18 14:38:27 +01:00
Stijn Tintel
4ecf8346c0 kernel: enable SERIAL_8250_16550A_VARIANTS
Kernel 5.6 introduced a new config symbol SERIAL_8250_16550A_VARIANTS.
In kernel 5.8, this symbol was changed to default to on on !x86, as some
embedded devices still use 16650A variants. Let's play safe here and
enable this symbol in the generic config, to avoid others from running
into this problem and having to spend several hours trying to bisect
this problem. While we could disable the symbol in the x86 target
configs, a 20ms boot time reduction really isn't worth the time wasted
on bisecting this issue.

Matt discovered this problem while working on adding support for the
WatchGuard Firebox M200 to the qoriq target, where it caused some
characters to be missing on the console output.

Reported-by: Matt Fawcett <mattytap@icloud.com>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Rui Salvaterra <rsalvaterra@gmail.com>
2022-03-18 14:44:39 +02:00
Pascal Coudurier
0905b07139 ath79: improve support for GL.iNet GL-XE300
- fix eth0 eth1 sharing same mac so it conforms to the behavior stated
  in the original commit and the way it is in vendor firmware :
  WAN is label, LAN is label +1 and WLAN is label +2
- add default leds config
- add default network config

Signed-off-by: Pascal Coudurier <coudu@wanadoo.fr>
2022-03-17 21:55:10 +01:00
Petr Štetiar
83ca16fc43 mpc85xx: fix missing kernel config symbol and DTS whitespace issue
Buildbot has reported following issue while crunching mpc85xx/p1010
subtarget:

 Extreme Networks WS-AP3825i (WS_AP3825I) [N/y/?] (NEW)

Fix it by disabling that config symbol in target kernel config and while
at it fix DTS whitespace issue.

Fixes: 7e614820a8 ("mpc85xx: add support for Extreme Networks WS-AP3825i")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-03-17 08:05:03 +01:00
Jan Hoffmann
a622273876 lantiq: fritz7362sl: add partition subnode for SPI flash
Without a partition subnode ofpart_core still parses direct subnodes as
partitions, but it ignores nodes with a compatible property. Due to
this, the switch to nvmem-cells made the urlader partition inaccessible.
As a result, the wireless network was broken, as the calibration data
is read from that partition by a script.

Fixes: #8983
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2022-03-16 20:48:01 +01:00
Martin Blumenstingl
dadedd5580 lantiq: fritz7362sl: fix SPI flash node reg property
The &spi node has #address-cells = <1> and #size-cells = <0>. Drop the
extra 0 in the reg property from the SPI flash node to ensure it's
number of cells matches the definition in the parent node. This also
makes the reg property for the SPI flash node consistent with all other
VR9 boards.

Fixes: eae6cac6a3 ("lantiq: add support for AVM FRITZ!Box 7362 SL")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2022-03-16 20:48:01 +01:00
Christian Lamparter
621b0589fb ipq806x: fix TP-Link Archer VR2600v bootlooping
Timo Schroeder reported:
"The TP-Link Archer VR2600v is stuck in a boot loop on written
snapshot image. It's able to boot using the snapshot uimage
though, but there ath10k firmware can't be found.
21.02.2 release version doesn't have either problem."

The VR2600v has a 512 byte header at the beginning of the
firmware that needs to be accounted for.

Fixes: f6a01d7f5c ("ipq806x: convert TP-Link Archer VR2600v to denx,uimage")
Reported-by: Timo Schroeder <der.timosch@gmail.com>
References: <https://github.com/openwrt/openwrt/issues/9467>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-03-16 20:48:01 +01:00
Martin Kennedy
7e614820a8 mpc85xx: add support for Extreme Networks WS-AP3825i
Hardware:

- SoC:     Freescale P1020
  - CPU:     2x e500v2 @ 800MHz
- Flash:   64MiB NOR (1x Intel JS28F512)
- Memory:  256MiB (2x ProMOS DDR3 V73CAG01168RBJ-I9H 1Gb)
- WiFi1:   2.4+5GHz abgn 3x3 (Atheros AR9590)
- Wifi2:   5GHz an+ac 3x3 (Qualcomm Atheros QCA9890)
- ETH:     2x PoE Gigabit Ethernet (2x Atheros AR8035)
- Power:   12V (center-positive barrel) or 48V PoE (active or passive)
- Serial:  Cisco-compatible RJ45 next to 12V power socket (115200 baud)
- LED Driver: TI LV164A
  - LEDs: (not functioning)
    - 2x Power (Green + Orange)
    - 4x ETH (ETH1 + ETH2) x (Green + Orange)
    - 2x WiFi (WiFi2 + WiFi1)

Installation:

1. Grab the OpenWrt initramfs <openwrt-initramfs-bin>, e.g.
   openwrt-mpc85xx-p1020-extreme-networks_ws-ap3825i-initramfs-kernel.bin.
   Place it in the root directory of a DHCP+TFTP server, e.g. OpenWrt
   `dnsmasq` with configuration `dhcp.server.enable_tftp='1'`.

2. Connect to the serial port and boot the AP with options
   e.g. 115200,N,8. Stop autoboot in U-Boot by pressing Enter after
   'Scanning JFFS2 FS:' begins, then waiting for the prompt to be
   interrupted. Credentials are identical to the one in the APs
   interface. By default it is admin / new2day: if these do not work,
   follow the OEM's reset procedure using the reset button.

3. Set the bootcmd so the AP can boot OpenWrt by executing:

```uboot
setenv boot_openwrt "cp.b 0xEC000000 0x2000000 0x2000000; interrupts off; bootm start 0x2000000; bootm loados; fdt resize; fdt boardsetup; fdt chosen; bootm prep; bootm go;"
setenv bootcmd "run boot_openwrt"
saveenv
```

   If you plan on going back to the vendor firmware - the bootcmd for it
   is stored in the boot_flash variable.

4. Load the initramfs image to RAM and boot by executing

```uboot
setenv ipaddr <ipv4 client address>;
setenv serverip <tftp server address>;
tftpboot 0x2000000 <openwrt-initramfs-bin>;
interrupts off;
bootm start 0x2000000;
bootm loados;
fdt resize;
fdt boardsetup;
fdt chosen;
bootm prep;
bootm go;
```

5. Make a backup of the "firmware" partition if you ever wish to go back
   to the vendor firmware.

6. Upload the OpenWrt sysupgrade image via SCP to the devices /tmp
   folder.

7. Flash OpenWrt using sysupgrade.

```ash
sysupgrade /tmp/<openwrt-sysupgrade-bin>
```

Notes:

- We must step through the `bootm` process manually to avoid fdt
  relocation. To explain: the stock U-boot (and stock Linux) are configured
  with a very large CONFIG_SYS_BOOTMAPSZ (and the device's stock Linux
  kernel is configured to be able to handle it). The U-boot version
  predates the check for the `fdt_high` variable, meaning that upon fdt
  relocation, the fdt can (and will) be moved to a very high address; the
  default appears to be 0x9ffa000. This address is so high that when the
  Linux kernel starts reading the fdt at the beginning of the boot process,
  it encounters a memory access exception and panics[5]. While it is
  possible to reduce the highest address the fdt will be relocated to by
  setting `bootm_size`, this also has the side effect of limiting the
  amount of RAM the kernel can use[3].

- Because it is not relocated, the flattened device tree needs to be
  padded in the build process to guarantee that `fdt resize` has
  enough space.

- The primary ethernet MAC address is stored (and set) in U-boot; they are
  shimmed into the device tree by 'fdt boardsetup' through the
  'local-mac-address' property of the respective ethernet node, so OpenWrt
  does not need to set this at runtime. Note that U-boot indexes the
  ethernet nodes by alias, which is why the device tree explicitly aliases
  ethernet1 to enet2.

- LEDs do not function under OpenWrt. Each of 8 LEDs is connected to an
  output of a TI LV164A shift register, which is wired to GPIO lines and
  operates through bit-banged SPI. Unfortunately, I am unable to get the
  spi-gpio driver to recognize the `led_spi` device tree node at all, as
  confirmed by patching in printk messages demonstrating
  spi-gpio.c::spi_gpio_probe never runs. It is possible to manually
  articulate the shift register by exporting the GPIO lines and stepping
  their values through the sysfs.

- Though they do not function under OpenWrt, I have left the pinout details
  of the LEDs and shift register in the device tree to represent real
  hardware.

- An archive of the u-boot and Linux source for the AP3825i (which is one
  device of a range of devices code-named 'CHANTRY') be found here[1].

- The device has an identical case to both the Enterasys WS-AP3725i and
  Adtran BSAP-2030[2] (and potentially other Adtran BSAPs). Given that
  there is no FCC ID for the board itself (only its WLAN modules), it's
  likely these are generic boards, and even that the WS-AP3725i is
  identical, with only a change in WLAN card. I have ordered one to confirm
  this.

- For additional information: the process of porting the board is
  documented in an OpenWrt forum thread[4].

[1]: magnet:?xt=urn:btih:f5306a5dfd06d42319e4554565429f84dde96bbc
[2]: https://forum.openwrt.org/t/support-for-adtran-bluesocket-bsap-2030/48538
[3]: https://forum.openwrt.org/t/adding-openwrt-support-for-ws-ap3825i/101168/29
[4]: https://forum.openwrt.org/t/adding-openwrt-support-for-ws-ap3825i/101168
[5]: https://forum.openwrt.org/t/adding-openwrt-support-for-ws-ap3825i/101168/26

Tested-by: Martin Kennedy <hurricos@gmail.com>
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
2022-03-16 18:53:44 +01:00
Rosen Penev
80b88b083a argp-standalone: fix compilation with Alpine Linux
This package is a C89 one. Add the proper CFLAG to fix compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-16 17:58:24 +01:00
Brian Norris
e8a0c55909 base-files: Align rootfs_data upgrades to 64KiB on eMMC
Rootfs overlays get created at a ROOTDEV_OVERLAY_ALIGN (64KiB)
alignment after the rootfs, but emmc_do_upgrade() is assuming
it comes at the very next 512-byte sector.

Suggested-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
(move spaces around, mention fstools' libtoolfs)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-03-16 17:50:06 +01:00
Martin Schiller
e17c6ee627 openssl: bump to 1.1.1n
This is a bugfix release. Changelog:

  *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
     forever for non-prime moduli. (CVE-2022-0778)

  *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
     (RFC 5489) to the list of ciphersuites providing Perfect Forward
     Secrecy as required by SECLEVEL >= 3.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2022-03-16 16:28:16 +01:00