Commit Graph

19032 Commits

Author SHA1 Message Date
Mauri Sandberg
2c211a901d gpio-nxp-74hc153: remove package
This module was used solely by Buffalo WZR-HP-G300NH devices
and has become obsolete with the introduction of gpio-cascade.

Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
2022-02-19 13:10:01 +01:00
Mauri Sandberg
2f50d65161 kernel: add package kmod-gpio-cascade
Adds kernel module for Generic GPIO cascade.

Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [missing commit description]
2022-02-19 13:10:01 +01:00
Mauri Sandberg
15f0074beb kernel: add package kmod-multiplexer
Adds new kernel module for GPIO controlled multiplexer support.

Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [missing commit description]
2022-02-19 13:10:01 +01:00
Daniel Golle
48ace62114
procd: update to git HEAD
a87d010 uxc: remove unused printf parameter
 ad65249 instance: exit in case asprintf() fails

Build with glibc should again work after this commit.

Fixes: e9e61d76fd ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-19 00:11:55 +00:00
Daniel Golle
e9e61d76fd
procd: update to git HEAD
df1123e uxc: add support for user-defined settings
 0272c7c uxc: allow editing settings using 'create'
 a839518 uxc: clean up error handling

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-18 03:03:34 +00:00
Daniel Golle
397de50089
base-files: Make sure rootfs_data_max is considered
For sysupgrade on NAND/UBI devices there is the U-Boot environment
variable rootfs_data_max which can be used to limit the size of the
rootfs_data volume created on sysupgrade.
This stopped working reliable with recent kernels, probably due to a
race condition when reading the number of free erase blocks from sysfs
just after removing a volume.
Change the script to just try creating rootfs_data with the desired
size and retry with maximum size in case that fails. Hence calculating
the available size in the script can be dropped which works around the
problem.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-17 15:15:42 +00:00
Stijn Tintel
add7884cd0 libnetfilter-conntrack: bump to 1.0.9
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2022-02-17 13:59:44 +02:00
Felix Fietkau
5a0975f7ef mt76: update to the latest version
ddd3c2f38b30 mt76: redefine mt76_for_each_q_rx to adapt mt7986 changes
7fa5229a4228 mt76: improve signal strength reporting
025a72cd2d24 mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU
8c765fd92d97 mt76: mt7615: introduce SAR support
799a15bb68f9 mt76: fix endianness errors in reverse_frag0_hdr_trans
c114919f0c08 mt76: mt7915: Fix channel state update error issue
93191a37e59a mt76: mt7915: fix potential memory leak of fw monitor packets
cde589b2efb7 mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts
6ef22f4dc4e4 mt76: mt7915: add support for MT7986
7f1818cd8f2d mt76: mt7915: introduce band_idx in mt7915_phy
1d57a0d506db mt76: mt7915: initialize smps mode in mt7915_mcu_sta_rate_ctrl_tlv()
1f2a4816a3de mt76: mt7615: fix compiler warning on frame size
d60f335e785b mt76: mt7915: fix endianness warnings in mt7915_debugfs_rx_fw_monitor
d0ab636cb61c mt76: mt7915: fix endianness warnings in mt7915_mac_tx_free()
9d9bd7b3c48c mt76: connac: adjust wlan_idx size from u8 to u16
be1091f1172d mt76: mt7615: Fix assigning negative values to unsigned variable
d4fc42889a30 mt76: mt7915: check band idx for bcc event
98ee3e2889ea mt76: mt7915: fix logic error and remove the unused member of mt7915_dev
bbbbafb67bac mt76: mt7915: fix compiler warning
abd80cf68db1 mt76: mt7915: fix the muru tlv issue
a050c14b5631 mt76: mt7915: use min_t() to make code cleaner
9fee8f3736eb mt76: mt7915e: Fix degraded performance after temporary overheat
f2e1a62cf0d0 mt76: mt7915e: Add a hwmon attribute to get the actual throttle state.
c67df0d3130a mt76: mt7915e: Enable thermal management by default

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-15 15:18:22 +01:00
Felix Fietkau
eae0dbf68c mac80211: fix traffic stalls on forwarded mesh packets due to wrong AC selection
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-15 15:17:01 +01:00
Daniel Golle
5205010a54
procd: simplify uxc init script
'uxc boot' is inteded to be called multiple times, so there is not need
to guard the first call on boot -- the actual code anyway didn't do
that, so just remove it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-13 23:31:27 +00:00
Hauke Mehrtens
8f5875c4e2 tcpdump: Fix CVE-2018-16301
This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-12 23:22:05 +01:00
Felix Fietkau
2fd208e272 mac80211: fix rekey failure in drivers with 802.3 decap offload
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-12 23:03:51 +01:00
Jo-Philipp Wich
0d1220acdf firewall4: update to latest Git HEAD
53caa1a fw4: resolve zone layer 2 devices for hw flow offloading
9fe58f5 fw4: rework and fix family inheritance logic
8795296 tests: mocklib: fix infinite recursion in wrapped print()
281b1bc tests: change mocked wan interface type to PPPoE
93b710d tests: mocklib: forward compatibility change
1a94915 fw4: only stage reflection rules if all required addrs are known
5c21714 fw4: add device iifname/oifname matches to DSCP and MARK rules
3eacc97 tests: adjust 01_ruleset test case to latest changes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-12 20:51:22 +01:00
Jo-Philipp Wich
4aea6d231b ucode: update to latest Git HEAD
a29bad9 compiler: fix patchlist corruption on switch statement syntax errors
86f0662 lib: change `ord()` to always return single byte value
116a8ce vallist: fix storing/retrieving short strings with 8bit byte value

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-12 20:51:22 +01:00
Felix Fietkau
8072bf3322 qosify: update to the latest version
e230e71e0a12 map: fix copy-paste error in codepoints map
580d2ccf89f3 bpf: declare tcp_ports/udp_ports without typedef
8d6c19a81f3f ubus: fix a use-after-free bug

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-10 21:08:09 +01:00
Jo-Philipp Wich
1847382456 ucode: update to latest Git HEAD
a317c17 compiler: fix incorrect loop break targets

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-08 23:46:21 +01:00
Leonardo Mörlein
5406684087 wireguard-tools: allow generating private_key
When the uci configuration is created automatically during a very early
stage, where no entropy daemon is set up, generating the key directly is
not an option. Therefore we allow to set the private_key to "generate"
and generate the private key directly before the interface is taken up.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
Tested-by: Jan-Niklas Burfeind <git@aiyionpri.me>
2022-02-08 12:52:14 +01:00
David Bauer
04ed224543 hostapd: refresh patches
Refresh patches after updating to hostapd v2.10.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-02-08 00:21:41 +01:00
David Bauer
adb8c09a83 hostapd: update to v2.10
Upstreamed patches:
020-mesh-make-forwarding-configurable.patch
e6db1bc5da3fd7d5f4dba24aa102543b4749912f
550-WNM-allow-specifying-dialog-token.patch
979f19716539362f8ce60a77bf1b88fdcf5ba8e5
720-ACS-fix-channel-100-frequency.patch
2341585c349231af00cdef8d51458df01bc6965f
741-proxyarp-fix-compilation-with-Hotspot-2.0-disabled.patch
08bdf4f90de61a84ed8f4dd918272dd9d36e2e1f

Compile-tested: wpad-wolfssl hostapd-openssl
Run-tested: ath79-generic

Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-08 00:21:27 +01:00
Jo-Philipp Wich
ae75541594 firewall4: update to latest Git HEAD
a0518b6 fw4: gracefully handle unsupported hardware offloading
ac99eba init: fix boot action in init script

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 23:36:06 +01:00
Felix Fietkau
46e0eeb760 hostapd: automatically calculate channel center freq on chan_switch
Simplifies switching to different channels when on >= VHT80

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-07 17:01:18 +01:00
Jo-Philipp Wich
07eccc29ab rpcd: update to latest Git HEAD
909f2a0 ucode: adjust to latest ucode api
4c532bf ucode: add ucode interpreter plugin
9c6ba38 treewide: adjust ubus object type names
75a96dc build: honour CMake install prefix in hardcoded paths

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:37 +01:00
Jo-Philipp Wich
881a059977 uhttpd: update to latest Git HEAD
2f8b136 main: fix leaking -p/-s argument values
881fd3b ucode: adjust to latest ucode api
8b2868e file: specify UTF-8 as charset for dirlists, add option to override
3a5bd84 main: add ucode options to help text
16aa142 examples: add ucode handler example
3ceccd0 ucode: add ucode plugin support
f0f1406 examples: add example Lua handler script
9e87095 listen: avoid invalid memory access

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Jo-Philipp Wich
2dd6777f15 firewall4: update to latest Git HEAD
b54f462 fw4: parse traffic rules before forwarding rules
4d5af8b fw4: consolidate helper code
300c737 fw4: fix applying zone family restrictions to forwardings
eb9c25a tests: implement fs.opendir() mock interface
d30ff48 tests: fix mocked fs.popen() trace log
52831a0 fw4: improve flowtable handling
7cb10c8 fw4: disable "flow_offloading_hw" option for now
b2241a1 fw4: fix enabling NAT reflection rules for DNATs without explicit family

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Jo-Philipp Wich
134c88c689 ucode: update to latest Git HEAD
11adf0c source: convert source objects into proper uc_value_t type
3a49192 treewide: rework function memory model
7edad5c tests: add functional tests for builtin functions
d5003fd lib: fix leaking tokener in uc_json() on parse exception
5d0ecd9 lib: fix infinite loop on empty regexp matches in uc_replace()
3ad57f1 lib: fix infinite loop on empty regexp matches in uc_match()
32d596d lib: fix infinite loop on empty regexp matches in uc_split()
3e3f38d vm: ensure consistent trace output between gcc and clang compiled ucode
3600ded vm: fix leaking function value on call exception
3059295 vm: NULL-initialize pointer to make cppcheck happy
98e59bf source: zero-initialize conversion union to make cppcheck happy
7a65c14 run_tests.sh: change workdir to testcase directory during execution
afec8d7 run_tests.sh: support placing supplemental testcase files
3ada6e0 run_tests.sh: always treat outputs as text data
2cb627f program: rename bytecode load/write functions, track path of executed file
1094ffa lib: fix memory leak in uc_require_ucode()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Jo-Philipp Wich
3b1692c463 netifd: update to latest Git HEAD
fd4c9e1 system-linux: expose hw-tc-offload ethtool feature in device status dump
3d76f2e system-linux: add wrapper function for creating link config messages
88af2f1 system-linux: delete bridge devices using netlink
85c3548 system-linux: create bridge devices using netlink

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Raymond Wang
3343ca7e68 ramips: add support for Xiaomi Mi Router CR660x series
Xiaomi Mi Router CR6606 is a Wi-Fi6 AX1800 Router with 4 GbE Ports.
Alongside the general model, it has three carrier customized models:
CR6606 (China Unicom), CR6608 (China Mobile), CR6609 (China Telecom)

Specifications:
- SoC: MediaTek MT7621AT
- RAM: 256MB DDR3 (ESMT M15T2G16128A)
- Flash: 128MB NAND (ESMT F59L1G81MB)
- Ethernet: 1000Base-T x4 (MT7530 SoC)
- WLAN: 2x2 2.4GHz 574Mbps + 2x2 5GHz 1201Mbps (MT7905DAN + MT7975DN)
- LEDs: System (Blue, Yellow), Internet (Blue, Yellow)
- Buttons: Reset, WPS
- UART: through-hole on PCB ([VCC 3.3v](RX)(GND)(TX) 115200, 8n1)
- Power: 12VDC, 1A

Jailbreak Notes:
1. Get shell access.
   1.1. Get yourself a wireless router that runs OpenWrt already.
   1.2. On the OpenWrt router:
      1.2.1. Access its console.
      1.2.2. Create and edit
             /usr/lib/lua/luci/controller/admin/xqsystem.lua
             with the following code (exclude backquotes and line no.):
```
     1  module("luci.controller.admin.xqsystem", package.seeall)
     2
     3  function index()
     4      local page   = node("api")
     5      page.target  = firstchild()
     6      page.title   = ("")
     7      page.order   = 100
     8      page.index = true
     9      page   = node("api","xqsystem")
    10      page.target  = firstchild()
    11      page.title   = ("")
    12      page.order   = 100
    13      page.index = true
    14      entry({"api", "xqsystem", "token"}, call("getToken"), (""),
103, 0x08)
    15  end
    16
    17  local LuciHttp = require("luci.http")
    18
    19  function getToken()
    20      local result = {}
    21      result["code"] = 0
    22      result["token"] = "; nvram set ssh_en=1; nvram commit; sed -i
's/channel=.*/channel=\"debug\"/g' /etc/init.d/dropbear; /etc/init.d/drop
bear start;"
    23      LuciHttp.write_json(result)
    24  end
```
      1.2.3. Browse http://{OWRT_ADDR}/cgi-bin/luci/api/xqsystem/token
             It should give you a respond like this:
             {"code":0,"token":"; nvram set ssh_en=1; nvram commit; ..."}
             If so, continue; Otherwise, check the file, reboot the rout-
             er, try again.
      1.2.4. Set wireless network interface's IP to 169.254.31.1, turn
             off DHCP of wireless interface's zone.
      1.2.5. Connect to the router wirelessly, manually set your access
             device's IP to 169.254.31.3, make sure
             http://169.254.31.1/cgi-bin/luci/api/xqsystem/token
             still have a similar result as 1.2.3 shows.
   1.3. On the Xiaomi CR660x:
        1.3.1. Login to the web interface. Your would be directed to a
               page with URL like this:
               http://{ROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/web/home#r-
               outer
        1.3.2. Browse this URL with {STOK} from 1.3.1, {WIFI_NAME}
               {PASSWORD} be your OpenWrt router's SSID and password:
               http://{MIROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/api/misy-
               stem/extendwifi_connect?ssid={WIFI_NAME}&password={PASSWO-
               RD}
               It should return 0.
        1.3.3. Browse this URL with {STOK} from 1.3.1:
               http://{MIROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/api/xqsy-
               stem/oneclick_get_remote_token?username=xxx&password=xxx&-
               nonce=xxx
   1.4. Before rebooting, you can now access your CR660x via SSH.
        For CR6606, you can calculate your root password by this project:
        https://github.com/wfjsw/xiaoqiang-root-password, or at
        https://www.oxygen7.cn/miwifi.
        The root password for carrier-specific models should be the admi-
        nistration password or the default login password on the label.
        It is also feasible to change the root password at the same time
        by modifying the script from step 1.2.2.
        You can treat OpenWrt Router however you like from this point as
        long as you don't mind go through this again if you have to expl-
        oit it again. If you do have to and left your OpenWrt router unt-
        ouched, start from 1.3.
2. There's no official binary firmware available, and if you lose the
   content of your flash, no one except Xiaomi can help you.
   Dump these partitions in case you need them:
   "Bootloader" "Nvram" "Bdata" "crash" "crash_log"
   "firmware" "firmware1" "overlay" "obr"
   Find the corespond block device from /proc/mtd
   Read from read-only block device to avoid misoperation.
   It's recommended to use /tmp/syslogbackup/ as destination, since files
   would be available at http://{ROUTER_ADDR}/backup/log/YOUR_DUMP
   Keep an eye on memory usage though.
3. Since UART access is locked ootb, you should get UART access by modify
   uboot env. Otherwise, your router may become bricked.
   Excute these in stock firmware shell:
    a. nvram set boot_wait=on
    b. nvram set bootdelay=3
    c. nvram commit
   Or in OpenWrt:
    a. opkg update && opkg install kmod-mtd-rw
    b. insmod mtd-rw i_want_a_brick=1
    c. fw_setenv boot_wait on
    d. fw_setenv bootdelay 3
    e. rmmod mtd-rw

Migrate to OpenWrt:
 1. Transfer squashfs-firmware.bin to the router.
 2. nvram set flag_try_sys1_failed=0
 3. nvram set flag_try_sys2_failed=1
 4. nvram commit
 5. mtd -r write /path/to/image/squashfs-firmware.bin firmware

Additional Info:
 1. CR660x series routers has a different nand layout compared to other
    Xiaomi nand devices.
 2. This router has a relatively fresh uboot (2018.09) compared to other
    Xiaomi devices, and it is capable of booting fit image firmware.
    Unfortunately, no successful attempt of booting OpenWrt fit image
    were made so far. The cause is still yet to be known. For now, we use
    legacy image instead.

Signed-off-by: Raymond Wang <infiwang@pm.me>
2022-02-07 00:03:27 +01:00
Wenli Looi
c32008a37b ath79: add partial support for Netgear EX7300v2
Hardware
--------
SoC: QCN5502
Flash: 16 MiB
RAM: 128 MiB
Ethernet: 1 gigabit port
Wireless No1: QCN5502 on-chip 2.4GHz 4x4
Wireless No2: QCA9984 pcie 5GHz 4x4
USB: none

Installation
------------
Flash the factory image using the stock web interface or TFTP the
factory image to the bootloader.

What works
----------
- LEDs
- Ethernet port
- 5GHz wifi (QCA9984 pcie)

What doesn't work
-----------------
- 2.4GHz wifi (QCN5502 on-chip)
  (I was not able to make this work, probably because ath9k requires
  some changes to support QCN5502.)

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2022-02-07 00:03:27 +01:00
Rosen Penev
7994461a5a base-files: replace fgrep with grep -F
fgrep is deprecated and replaced by grep -F. The latter is used
throughout the tree whereas this is the only usage of the former.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-06 23:09:15 +01:00
Ansuel Smith
4d904524ef kernel: bpf-headers: fix build error when testing kernel is used
Now that we have separate files for each kernel version,
only the version/hash for the target kernel are available.
This cause a missing hash error (and wrong kernel version) for
bpf-headers when a testing kernel version is used for the current target.

Fix this error by manually including the kernel version/hash file for the
specific kernel version requested.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2022-02-06 12:43:57 +01:00
Stijn Tintel
2c929f8105 util-linux: package ipcs command
Add a package for util-linux' ipcs command, to show information about
System V inter-process communication facilities.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-05 17:48:56 +02:00
Lech Perczak
8c78a13bfc ath79: support ZTE MF286
ZTE MF286 is an indoor LTE category 6 CPE router with simultaneous
dual-band 802.11ac plus 802.11n Wi-Fi radios and quad-port gigabit
Ethernet switch, FXS and external USB 2.0 port.

Hardware highlights:
- CPU: QCA9563 SoC at 775MHz,
- RAM: 128MB DDR2,
- NOR Flash: MX25L1606E 2MB SPI Flash, for U-boot only,
- NAND Flash: GD5F1G04UBYIG 128MB SPI NAND-Flash, for all other data,
- Wi-Fi 5GHz: QCA9882 2x2 MIMO 802.11ac radio,
- WI-Fi 2.4GHz: QCA9563 3x3 MIMO 802.11n radio,
- Switch: QCA8337v2 4-port gigabit Ethernet, with single SGMII CPU port,
- WWAN: MDM9230-based category 6 internal LTE modem in extended
  mini-PCIE form factor, with 3 internal antennas and 2 external antenna
  connections, single mini-SIM slot. Modem model identified as MF270,
- FXS: one external ATA port (handled entirely by modem part) with two
  physical connections in parallel,
- USB: Single external USB 2.0 port,
- Switches: power switch, WPS, Wi-Fi and reset buttons,
- LEDs: Wi-Fi, Test (internal). Rest of LEDs (Phone, WWAN, Battery,
  Signal state) handled entirely by modem. 4 link status LEDs handled by
  the switch on the backside.
- Battery: 3Ah 1-cell Li-Ion replaceable battery, with charging and
  monitoring handled by modem.
- Label MAC device: eth0

Console connection: connector X2 is the console port, with the following
pinout, starting from pin 1, which is the topmost pin when the board is
upright:
- VCC (3.3V). Do not use unless you need to source power for the
  converer from it.
- TX
- RX
- GND
Default port configuration in U-boot as well as in stock firmware is
115200-8-N-1.

Installation:
Due to different flash layout from stock firmware, sysupgrade from
within stock firmware is impossible, despite it's based on QSDK which
itself is based on OpenWrt.

STEP 0: Stock firmware update:
As installing OpenWrt cuts you off from official firmware updates for
the modem part, it is recommended to update the stock firmware to latest
version before installation, to have built-in modem at the latest firmware
version.

STEP 1: gaining root shell:

Method 1:
This works if busybox has telnetd compiled in the binary.
If this does not work, try method 2.

Using well-known exploit to start telnetd on your router - works
only if Busybox on stock firmware has telnetd included:
- Open stock firmware web interface
- Navigate to "URL filtering" section by going to "Advanced settings",
  then "Firewall" and finally "URL filter".
- Add an entry ending with "&&telnetd&&", for example
  "http://hostname/&&telnetd&&".
- telnetd will immediately listen on port 4719.
- After connecting to telnetd use "admin/admin" as credentials.

Method 2:
This works if busybox does not have telnetd compiled in. Notably, this
is the case in DNA.fi firmware.
If this does not work, try method 3.

- Set IP of your computer to 192.168.1.22.
- Have a TFTP server running at that address
- Download MIPS build of busybox including telnetd, for example from:
  https://busybox.net/downloads/binaries/1.21.1/busybox-mips
  and put it in it's root directory. Rename it as "telnetd".
- As previously, login to router's web UI and navigate to "URL
  filtering"
- Using "Inspect" feature, extend "maxlength" property of the input
  field named "addURLFilter", so it looks like this:
  <input type="text" name="addURLFilter" id="addURLFilter" maxlength="332"
    class="required form-control">
- Stay on the page - do not navigate anywhere
- Enter "http://aa&zte_debug.sh 192.168.1.22 telnetd" as a filter.
- Save the settings. This will download the telnetd binary over tftp and
  execute it. You should be able to log in at port 23, using
  "admin/admin" as credentials.

Method 3:
If the above doesn't work, use the serial console - it exposes root shell
directly without need for login. Some stock firmwares, notably one from
finnish DNA operator lack telnetd in their builds.

STEP 2: Backing up original software:
As the stock firmware may be customized by the carrier and is not
officially available in the Internet, IT IS IMPERATIVE to back up the
stock firmware, if you ever plan to returning to stock firmware.

Method 1: after booting OpenWrt initramfs image via TFTP:
PLEASE NOTE: YOU CANNOT DO THIS IF USING INTERMEDIATE FIRMWARE FOR INSTALLATION.
- Dump stock firmware located on stock kernel and ubi partitions:

  ssh root@192.168.1.1: cat /dev/mtd4 > mtd4_kernel.bin
  ssh root@192.168.1.1: cat /dev/mtd8 > mtd8_ubi.bin

And keep them in a safe place, should a restore be needed in future.

Method 2: using stock firmware:
- Connect an external USB drive formatted with FAT or ext4 to the USB
  port.
- The drive will be auto-mounted to /var/usb_disk
- Check the flash layout of the device:

  cat /proc/mtd

  It should show the following:
  mtd0: 00080000 00010000 "uboot"
  mtd1: 00020000 00010000 "uboot-env"
  mtd2: 00140000 00020000 "fota-flag"
  mtd3: 00140000 00020000 "caldata"
  mtd4: 00140000 00020000 "mac"
  mtd5: 00600000 00020000 "cfg-param"
  mtd6: 00140000 00020000 "oops"
  mtd7: 00800000 00020000 "web"
  mtd8: 00300000 00020000 "kernel"
  mtd9: 01f00000 00020000 "rootfs"
  mtd10: 01900000 00020000 "data"
  mtd11: 03200000 00020000 "fota"

  Differences might indicate that this is NOT a vanilla MF286 device but
  one of its later derivatives.
- Copy over all MTD partitions, for example by executing the following:

  for i in 0 1 2 3 4 5 6 7 8 9 10 11; do cat /dev/mtd$i > \
  /var/usb_disk/mtd$i; done

- If the count of MTD partitions is different, this might indicate that
  this is not a standard MF286 device, but one of its later derivatives.
- (optionally) rename the files according to MTD partition names from
  /proc/mtd
- Unmount the filesystem:

  umount /var/usb_disk; sync

  and then remove the drive.
- Store the files in safe place if you ever plan to return to stock
  firmware. This is especially important, because stock firmware for
  this device is not available officially, and is usually customized by
  the mobile providers.

STEP 3: Booting initramfs image:

Method 1: using serial console (RECOMMENDED):
- Have TFTP server running, exposing the OpenWrt initramfs image, and
  set your computer's IP address as 192.168.1.22. This is the default
  expected by U-boot. You may wish to change that, and alter later
  commands accordingly.
- Connect the serial console if you haven't done so already,
- Interrupt boot sequence by pressing any key in U-boot when prompted
- Use the following commands to boot OpenWrt initramfs through TFTP:

  setenv serverip 192.168.1.22
  setenv ipaddr 192.168.1.1
  tftpboot 0x81000000 openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin
  bootm 0x81000000

  (Replace server IP and router IP as needed). There is no  emergency
  TFTP boot sequence triggered by buttons, contrary to MF283+.
- When OpenWrt initramfs finishes booting, proceed to actual
  installation.

Method 2: using initramfs image as temporary boot kernel
This exploits the fact, that kernel and rootfs MTD devices are
consecutive on NAND flash, so from within stock image, an initramfs can
be written to this area and booted by U-boot on next reboot, because it
uses "nboot" command which isn't limited by kernel partition size.
- Download the initramfs-kernel.bin image
- Split the image into two parts on 3MB partition size boundary, which
  is the size of kernel partition. Pad the output of second file to
  eraseblock size:

  dd if=openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin \
  bs=128k count=24 \
  of=openwrt-ath79-zte_mf286-intermediate-kernel.bin

  dd if=openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin \
  bs=128k skip=24 conv=sync \
  of=openwrt-ath79-zte_mf286-intermediate-rootfs.bin

- Copy over /usr/bin/flash_eraseall and /usr/bin/nandwrite utilities to
  /tmp. This is CRITICAL for installation, as erasing rootfs will cut
  you off from those tools on flash!

- After backing up the previous MTD contents, write the images to the
  respective MTD devices:

  /tmp/flash_eraseall /dev/<kernel-mtd>

  /tmp/nandwrite /dev/<kernel-mtd> \
  /var/usb_disk/openwrt-ath79-zte_mf286-intermediate-kernel.bin

  /tmp/flash_eraseall /dev/<kernel-mtd>

  /tmp/nandwrite /dev/<rootfs-mtd> \
  /var/usb_disk/openwrt-ath79-zte_mf286-intermediate-rootfs.bin

- Ensure that no bad blocks were present on the devices while writing.
  If they were present, you may need to vary the split  between
  kernel and rootfs parts, so U-boot reads a valid uImage after skipping
  the bad blocks. If it fails, you will be left with method 3 (below).
- If write is OK, reboot the device, it will reboot to OpenWrt
  initramfs:

  reboot -f

- After rebooting, SSH into the device and use sysupgrade to perform
  proper installation.

Method 3: using built-in TFTP recovery (LAST RESORT):
- With that method, ensure you have complete backup of system's NAND
  flash first. It involves deliberately erasing the kernel.
- Download "-initramfs-kernel.bin" image for the device.
- Prepare the recovery image by prepending 8MB of zeroes to the image,
  and name it root_uImage:

  dd if=/dev/zero of=padding.bin bs=8M count=1

  cat padding.bin openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin >
  root_uImage

- Set up a TFTP server at 192.0.0.1/8. Router will use random address
  from that range.
- Put the previously generated "root_uImage" into TFTP server root
  directory.
- Deliberately erase "kernel" partition" using stock firmware after
  taking backup. THIS IS POINT OF NO RETURN.
- Restart the device. U-boot will attempt flashing the recovery
  initramfs image, which will let you perform actual installation using
  sysupgrade. This might take a considerable time, sometimes the router
  doesn't establish Ethernet link properly right after booting. Be
  patient.
- After U-boot finishes flashing, the LEDs of switch ports will all
  light up. At this moment, perform power-on reset, and wait for OpenWrt
  initramfs to finish booting. Then proceed to actual installation.

STEP 4: Actual installation:
- scp the sysupgrade image to the device:

  scp openwrt-ath79-nand-zte_mf286-squashfs-sysupgrade.bin \
  root@192.168.1.1:/tmp/

- ssh into the device and execute sysupgrade:

  sysupgrade -n /tmp/openwrt-ath79-nand-zte_mf286-squashfs-sysupgrade.bin

- Wait for router to reboot to full OpenWrt.

STEP 5: WAN connection establishment
Since the router is equipped with LTE modem as its main WAN interface, it
might be useful to connect to the Internet right away after
installation. To do so, please put the following entries in
/etc/config/network, replacing the specific configuration entries with
one needed for your ISP:

config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option auth '<auth>' # As required, usually 'none'
        option pincode '<pin>' # If required by SIM
        option apn '<apn>' # As required by ISP
        option pdptype '<pdp>' # Typically 'ipv4', or 'ipv4v6' or 'ipv6'

For example, the following works for most polish ISPs
config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option auth 'none'
        option apn 'internet'
        option pdptype 'ipv4'

If you have build with LuCI, installing luci-proto-qmi helps with this
task.

Restoring the stock firmware:

Preparation:
If you took your backup using stock firmware, you will need to
reassemble the partitions into images to be restored onto the flash. The
layout might differ from ISP to ISP, this example is based on generic stock
firmware.
The only partitions you really care about are "web", "kernel", and
"rootfs". For easy padding and possibly restoring configuration, you can
concatenate most of them into images written into "ubi" meta-partition
in OpenWrt. To do so, execute something like:

cat mtd5_cfg-param.bin mtd6-oops.bin mtd7-web.bin mtd9-rootfs.bin > \
mtd8-ubi_restore.bin

You can skip the "fota" partition altogether,
it is used only for stock firmware update purposes and can be overwritten
safely anyway. The same is true for "data" partition which on my device
was found to be unused at all. Restoring mtd5_cfg-param.bin will restore
the stock firmware configuration you had before.

Method 1: Using initramfs:
- Boot to initramfs as in step 3:
- Completely detach ubi0 partition using ubidetach /dev/ubi0_0
- Look up the kernel and ubi partitions in /proc/mtd
- Copy over the stock kernel image using scp to /tmp
- Erase kernel and restore stock kernel:
  (scp mtd4_kernel.bin root@192.168.1.1:/tmp/)
  mtd write <kernel_mtd> mtd4_kernel.bin
  rm mtd4_kernel.bin
- Copy over the stock partition backups one-by-one using scp to /tmp, and
  restore them individually. Otherwise you might run out of space in
  tmpfs:

  (scp mtd3_ubiconcat0.bin root@192.168.1.1:/tmp/)

  mtd write <ubiconcat0_mtd> mtd3_ubiconcat0.bin
  rm mtd3_ubiconcat0.bin

  (scp mtd5_ubiconcat1.bin root@192.168.1.1:/tmp/)

  mtd write <ubiconcat1_mtd> mtd5_ubiconcat1.bin
  rm mtd5_ubiconcat1.bin

- If the write was correct, force a device reboot with

  reboot -f

Method 2: Using live OpenWrt system (NOT RECOMMENDED):
- Prepare a USB flash drive contatining MTD backup files
- Ensure you have kmod-usb-storage and filesystem driver installed for
  your drive
- Mount your flash drive

  mkdir /tmp/usb

  mount /dev/sda1 /tmp/usb

- Remount your UBI volume at /overlay to R/O

  mount -o remount,ro /overlay

- Write back the kernel and ubi partitions from USB drive

  cd /tmp/usb
  mtd write mtd4_kernel.bin /dev/<kernel_mtd>

  mtd write mtd8_ubi.bin /dev/<kernel_ubi>

- If everything went well, force a device reboot with
  reboot -f

Last image may be truncated a bit due to lack of space in RAM, but this will happen over "fota"
MTD partition which may be safely erased after reboot anyway.

Method 3: using built-in TFTP recovery (LAST RESORT):
- Assemble a recovery rootfs image from backup of stock partitions by
  concatenating "web", "kernel", "rootfs" images dumped from the device,
  as "root_uImage"
- Use it in place of "root_uImage" recovery initramfs image as in the
  TFTP pre-installation method.

Quirks and known issues
- Kernel partition size is increased to 4MB compared to stock 3MB, to
  accomodate future kernel updates - at this moment OpenWrt 5.10 kernel
  image is at 2.5MB which is dangerously close to the limit. This has no
  effect on booting the system - but keep that in mind when reassembling
  an image to restore stock firmware.
- uqmi seems to be unable to change APN manually, so please use the one
  you used before in stock firmware first. If you need to change it,
  please use protocok '3g' to establish connection once, or use the
  following command to change APN (and optionally IP type) manually:
  echo -ne 'AT+CGDCONT=1,"IP","<apn>' > /dev/ttyUSB0
- The only usable LED as a "system LED" is the green debug LED hidden
  inside the case. All other LEDs are controlled by modem, on which the
  router part has some influence only on Wi-Fi LED.
- Wi-Fi LED currently doesn't work while under OpenWrt, despite having
  correct GPIO mapping. All other LEDs are controlled by modem,
  including this one in stock firmware. GPIO19, mapped there only acts
  as a gate, while the actual signal source seems to be 5GHz Wi-Fi
  radio, however it seems it is not the LED exposed by ath10k as
  ath10k-phy0.
- GPIO5 used for modem reset is a suicide switch, causing a hardware
  reset of whole board, not only the modem. It is attached to
  gpio-restart driver, to restart the modem on reboot as well, to ensure
  QMI connectivity after reboot, which tends to fail otherwise.
- Modem, as in MF283+, exposes root shell over ADB - while not needed
  for OpenWrt operation at all - have fun lurking around.
- MAC address shift for 5GHz Wi-Fi used in stock firmware is
  0x320000000000, which is impossible to encode in the device tree, so I
  took the liberty of using MAC address increment of 1 for it, to ensure
  different BSSID for both Wi-Fi interfaces.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-02-05 12:14:08 +01:00
Pawel Dembicki
a91ab8bc05 ipq40xx: add support for ZTE MF286D
ZTE MF286D is a LTE router with four gigabit ethernet ports
and integrated QMI mPCIE modem.

Hardware specification:

  - CPU: IPQ4019
  - RAM: 256MB
  - Flash: NAND 128MB + NOR 2MB
  - WLAN1:  Qualcomm Atheros QCA4019 2.4GHz 802.11bgn 2x2:2
  - WLAN2:  Qualcomm Atheros QCA4019 5GHz 802.11anac 2x2:2
  - LTE: mPCIe cat 12 card (Modem chipset MDM9250)
  - LAN: 4 Gigabit Ports
  - USB: 1x USB2.0 (regular port). 1x USB3.0 (mpcie - used by the modem)
  - Serial console: X8 connector 115200 8n1

Known issues:

  - Many LEDs are driven by the modem. Only internal LEDs and wifi LEDs
    are driven by cpu.
  - Wifi LED is triggered by phy0tpt only
  - No VoIP support
  - LAN1/WAN port is configured as WAN
  - ZTE gives only one MAC per device. Use +1/+2/+3 increment for WAN
    and WLAN0/1

Opening the case:

1. Take of battery lid (no battery support for this model, battery cage
   is dummy).
2. Unscrew screw placed behind battery lid.
3. Take off back cover. It attached with multiple plastic clamps.
4. Unscrew four more screws hidden behind back case.
5. Remove front panel from blue chassis. There are more plastic
   clamps.
6. Unscrew two boards, which secures the PCB in the chassis.
7. Extract board from blue chassis.

Console connection (X8 connector):

1. Parameters: 115200 8N1
2. Pin description: (from closest pin to X8 descriptor to farthest)
    - VCC (3.3V)
    - TX
    - RX
    - GND

Install Instructions:

Serial + initramfs:
1. Place OpenWrt initramfs image for the device on a TFTP in
   the server's root. This example uses Server IP: 192.168.1.3
2. Connect serial console (115200,8n1) to X8 connector.
3. Connect TFTP server to RJ-45 port.
4. Stop in u-Boot and run u-Boot commands:
	setenv serverip 192.168.1.3
	setenv ipaddr 192.168.1.72
	set fdt_high 0x85000000
	tftp openwrt-ipq40xx-generic-zte_mf286d-initramfs-fit-zImage.itb
	bootm $loadaddr
5. Please make backup of original partitions, if you think about revert
   to stock.
6. Login via ssh or serial and remove stock partitions:
	ubiattach -m 9
	ubirmvol /dev/ubi0 -N ubi_rootfs
	ubirmvol /dev/ubi0 -N ubi_rootfs_data
7. Install image via "sysupgrade -n".

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cosmetic changes to the commit message)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-05 00:44:35 +01:00
Christian Lamparter
c2630ac910 linux-firmware: qca99x0 update package
Kalle Valo ath10k-firmware repository no longer provides the
legacy board.bin files for the qca99x0 chips. Instead he
copied over the codeaurora version and add more board files.

In the future, this board-2.bin should find its way to
linux-firmware.git, which would allow us to remove the
extra download code completely.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-05 00:44:35 +01:00
Christian Lamparter
fcd5fd49c5 kernel: usb: remove left-over LINUX_5_10 dependency symbol
this should have been removed together with linux 5.4 APM821XX
support. Currently, this didn't hurt or broke something. But it
will in the next stable kernel release.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-04 21:13:15 +01:00
Felix Fietkau
8c1d5129ee bpf-headers: fix build error from within the SDK
The SDK does not ship the generic platform files. Use relative path for
GENERIC_PLATFORM_DIR to make it work. This points it at the files from
the feed directory instead of the base SDK path

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-04 12:51:48 +01:00
Sven Eckelmann
8a8b7b4234 om-watchdog: Drop unused package
All devices which used this package migrated to the kernel GPIO-line
watchdog driver and configure it over their DT.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2022-02-03 22:27:15 +01:00
Josef Schlehofer
d16bd89c71 uboot-mvebu: backport two patches for Marvell A38x
This solves issue with DDR training on Turris Omnia.

Log:
********   DRAM initialization Failed (res 0x1)   ********
DDR3 Training Sequence - FAILED
ERROR ### Please RESET the board ###

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-02-03 21:24:26 +01:00
Josef Schlehofer
5c804bc199 uboot-mvebu: Add U-boot for Turris Omnia
* Add U-boot support for Turris Omnia

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-02-03 21:24:26 +01:00
Josef Schlehofer
782d4c8306 uboot-mvebu: update to version 2022.01
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Tested-by: Andre Heider <a.heider@gmail.com> # ESPRESSObin
2022-02-03 21:24:26 +01:00
Felix Fietkau
e045e40671 mt76: update to the latest version
833b9d7fcf7f mt76: allow drivers to drop rx packets early
f703084f31cb mt76: mt7915: process txfree and txstatus without allocating skbs
047b9a9e78b3 mt76: mt7615: in debugfs queue stats, skip wmm index 3 on mt7663
fea36e02075c mt76: only kick tx queue if frames were queued
8381e54ebfb5 linux-firmware: update firmware for MT7921 WiFi device
d57dadb8c861 Revert "mt76: only kick tx queue if frames were queued"
3a21d6e2153b mt76: mt7663: disable 4addr capability
f1d66cf7a6c5 mt76: connac: fix possible NULL pointer dereference in mt76_connac_get_phy_mode_v2
c9a4146404d4 sync with upstream
4ed8c910b94e mt76: mt7921: fix possible resume failure
bf105aa6cd2f mt76: mt7921: fix network buffer leak by txs missing
e2b454b6fb30 mt76: connac: introduce MCU_EXT macros
5a87f5497c9b mt76: connac: align MCU_EXT definitions with 7915 driver
720ddc32507d mt76: connac: remove MCU_FW_PREFIX bit
da5128a59eda mt76: connac: introduce MCU_UNI_CMD macro
116109bee7cb mt76: connac: introduce MCU_CE_CMD macro
f96fbdf038d5 mt76: connac: rely on MCU_CMD macro
922f0d408413 mt76: mt7915: rely on mt76_connac definitions
b4ae1da1d1e0 mt76: mt7921: reduce log severity levels for informative messages
db105a722b87 mt76: mt7921s: make pm->suspended usage consistent
e2cc063238c0 mt76: mt7921s: fix suspend error with enlarging mcu timeout value
812b73f2f1e0 mt76: mt7915: introduce mt76_vif in mt7915_vif
b041a8a30055 mt76: mt7915: add mu-mimo and ofdma debugfs knobs
b851a3e7839d mt76: mt7921: remove dead definitions
266c7a9f2994 mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv
19cc7d83190c mt76: mt7921: clear pm->suspended in mt7921_mac_reset_work
928c4550e413 mt76: mt7921s: make pm->suspended usage consistent [update]
8d6c68a7d0d1 mt76: mt7921: fix possible resume failure [update]
26fb105e538c mt76: mt7921s: fix cmd timeout in throughput test
9db482264389 mt76: mt7921: fix build regression
3edb87cdf138 mt7915: formatting change to sync with upstream
5cad38ba247d mt76: mt7915: add mt7915_mmio_probe() as a common probing function
15f9f88b362a mt76: mt7915: refine register definition
de49cf43ef34 mt76: add MT_RXQ_MAIN_WA for mt7916
6032c35f1306 mt76: mt7915: rework dma.c to adapt mt7916 changes
074d7c5381ed mt76: mt7915: add firmware support for mt7916
27b3253318e7 mt76: mt7915: rework eeprom.c to adapt mt7916 changes
030540246088 mt76: mt7915: enlarge wcid size to 544
400129c69f91 mt76: mt7915: add txfree event v3
cbbb3f65fcd0 mt76: mt7915: update rx rate reporting for mt7916
eb51c4deef0e mt76: mt7915: update mt7915_chan_mib_offs for mt7916
fb4709222028 mt76: mt7915: add mt7916 calibrated data support
e758feeaf1d6 mt76: mt7915: add device id for mt7916
115ea27a5cab mt76: connac: fix sta_rec_wtbl tag len
b3f922266685 mt76: mt7915: rely on mt76_connac_mcu_alloc_sta_req
bac5eda1f5b2 mt76: mt7915: rely on mt76_connac_mcu_alloc_wtbl_req
b44485d5c8ac mt76: mt7915: rely on mt76_connac_mcu_add_tlv routine
9cc58e254d53 mt76: connac: move mt76_connac_mcu_get_cipher in common code
60dcd9f09ff6 mt76: connac: move mt76_connac_chan_bw in common code
a8d0b7d0cc60 mt76: mt7915: rely on mt76_connac_get_phy utilities
4441db30c1c1 mt76: connac: move mt76_connac_mcu_add_key in connac module
794b6f18d0fb mt76: mt7915: fix code defect
9d2a01b6cb60 mt76: set wlan_idx_hi on mt7916
2c89977b32c2 mt76: mt7915: fix kernel build warning
6c4874839830 mt76: make mt76_sar_capa static
215fdcc7ca6c mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode
bc254718b40e mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv
22fcff5ff21a mt76: sdio: lock sdio when it is needed
4669882aa595 mt76: mt7921s: clear MT76_STATE_MCU_RUNNING immediately after reset
944545855e0f mt76: mt7921s: update mt7921s_wfsys_reset sequence
854c8d076a34 mt76: mt7915: move pci specific code back to pci.c
a77da27796f2 mt76: mt7915: fix warning: variable 'base' is used uninitialized
7b5e69961c71 mt76: mt7915: fix warning: variable 'flags' set but not used
b5138e7b89f9 mt76: mt7921: fix a possible race enabling/disabling runtime-pm
af218fbe2500 linux-firmware: update firmware for MT7921 WiFi device
31c19c467950 mt76: mt7915: remove duplicated defs in mcu.h
9198eca1b16f mt76: connac: move mt76_connac_mcu_bss_omac_tlv in connac module
829d87a93a51 mt76: connac: move mt76_connac_mcu_bss_ext_tlv in connac module
50956cf17901 mt76: connac: move mt76_connac_mcu_bss_basic_tlv in connac module
bda40f4e1d5e mt76: mt7915: rely on mt76_connac_mcu_sta_ba_tlv
4728939c1d48 mt76: mt7915: rely on mt76_connac_mcu_wtbl_ba_tlv
e3ae1828068b mt76: mt7915: rely on mt76_connac_mcu_sta_ba
d9e9989eca07 mt76: mt7915: rely on mt76_connac_mcu_wtbl_generic_tlv
168713595fff mt76: mt7915: rely on mt76_connac_mcu_sta_basic_tlv
60394d3e3504 mt76: mt7915: rely on mt76_connac_mcu_sta_uapsd
3a79454d078d mt76: mt7915: rely on mt76_connac_mcu_wtbl_smps_tlv
9ae9aa6c1aea mt76: mt7915: rely on mt76_connac_mcu_wtbl_ht_tlv
fd8cdfab91e4 mt76: mt7915: rely on mt76_connac_mcu_wtbl_hdr_trans_tlv
a92024c5a5b5 mt76: connac: move mt76_connac_mcu_wtbl_update_hdr_trans in connac module
6dc585a3a274 mt76: connac: introduce is_connac_v1 utility routine
0f29d2aa5a72 mt76: connac: move mt76_connac_mcu_set_pm in connac module
dcf408ff8a5e mt76: mt7921: get rid of mt7921_mcu_get_eeprom
77b2a8601fc1 mt76: mt7915: rely on mt76_connac_mcu_start_firmware
65f78dee243a mt76: connac: move mt76_connac_mcu_restart in common module
5adf5b14040b mt76: mt7915: rely on mt76_connac_mcu_patch_sem_ctrl/mt76_connac_mcu_start_patch
69bf1dabe78f mt76: mt7915: rely on mt76_connac_mcu_init_download
951b1ddd370e mt76: connac: move mt76_connac_mcu_gen_dl_mode in mt76-connac module
0826b3992238 mt76: mt7915: rely on mt76_connac_mcu_set_rts_thresh
058de6d36fa9 mt76: connac: move mt76_connac_mcu_rdd_cmd in mt76-connac module
aafda86aed2b mt76: mt7921e: make dev->fw_assert usage consistent
def12bef91a3 mt76: mt7921: forbid the doze mode when coredump is in progress
009414d27d37 mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error
3c5856eca223 mt76: mt7921: set EDCA parameters with the MCU CE command
01a3d73b452e mt76: mt7615: fix a possible race enabling/disabling runtime-pm
123ed864d1ae mt76: mt7921e: process txfree and txstatus without allocating skbs
018f98abba68 mt76: connac: add support for passing the cipher field in bss_info
288e7443e35c mt76: mt7615: update bss_info with cipher after setting the group key
36e1577cb3d3 mt76: mt7915: update bss_info with cipher after setting the group key
d42590d8fcc8 mt76: make cipher in struct mt76_vif u8 instead of enum
11602b8505c6 mt76: mt7615e: process txfree and txstatus without allocating skbs
2ef775c10bd3 linux-firmware: add firmware for MT7916
976ea3879730 mt76: mt7915: add support for passing chip/firmware debug data to user space
d11bd7bd83f4 tools: add support for sending firmware debug data via udp
dc8e2e8dcd34 mt76: mt7921: do not always disable fw runtime-pm
7063127f852b mt76: mt7921: fix a leftover race in runtime-pm
f78f4334b0b2 mt76: mt7615: fix a leftover race in runtime-pm
f1f94d19c160 mt76: mt7915: fix ht mcs in mt7915_mac_add_txs_skb()
c2ff2f0d6d19 mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb()
3e7954a0b32e mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl
3c2cc9034376 mt76: mt7921e: fix possible probe failure after reboot
f7f6c6dcc6eb mt76: mt7921: fix crash when startup fails.
8656198c925b mt76: sdio: disable interrupt in mt76s_sdio_irq
6204d61ab821 mt76: mt7921: fix endianness issues in mt7921_mcu_set_tx()
68c5aa56f5f2 mt76: mt7921: toggle runtime-pm adding a monitor vif
541e4e8d3c3e mt76: mt7915: set bssinfo/starec command when adding interface
78770f741af9 mt76: mt7915: introduce mt7915_set_radar_background routine
93c03778f92e mt76: mt7915: enable radar trigger on rdd2
4c76a6c3a1f2 mt76: mt7915: introduce rdd_monitor debugfs node
5b94045f927e mt76: mt7915: report radar pattern if detected by rdd2
22094b27ff6a mt76: mt7915: enable radar background detection
4282ca57a143 mt76: connac: move mt76_connac_lmac_mapping in mt76-connac module
0f16c67657a2 mt76: mt7915: add missing DATA4_TB_SPTL_REUSE1 to mt7915_mac_decode_he_radiotap
9a16d33311a7 mt76: mt7921: remove duplicated code in mt7921_mac_decode_he_radiotap
639b55fdc95e mt76: mt7615: add support for LG LGSBWAC02 (MT7663BUN)
ebbd2717a16e mt76: mt7663s: flush runtime-pm queue after waking up the device
37c3bf2256de mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update
96959bd15eef mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update
4e42e55ce636 mt76: stop the radar detector after leaving dfs channel
8b32439d5a86 mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta
b4e6f0d6f15a mt76: mt7921s: fix a possible memory leak in mt7921_load_patch
15398f1e8385 mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs()
607eda6eb032 mt76: mt7915: update max_mpdu_size in mt7915_mcu_sta_amsdu_tlv()
69d20f2e6cb0 mt76: mt7915: fix the nss setting in bitrates
c3ffa536249a mt76: sdio: honor the largest Tx buffer the hardware can support
e3e3562f8fa0 mt76: mt7921s: run sleep mode by default
553200cf63fd firmware: update mt7662 firmware to version 2.3
20d1fed838b9 mt76x02: improve mac error check/reset reliability
9b2ac62d6f31 mt76: mt76x02: improve tx hang detection
fae295af31eb mt76: mt7915: fix/rewrite the dfs state handling logic
e0f9479bf893 mt76: mt7615: fix/rewrite the dfs state handling logic
822e1135e7e1 mt76: mt76x02: use mt76_phy_dfs_state to determine radar detector state
f8c0ed1e6bdf mt76: do not always copy ethhdr in reverse_frag0_hdr_trans
ab9b8078427a mt76: dma: initialize skip_unmap in mt76_dma_rx_fill

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Felix Fietkau
0b5a547ef0 mac80211: backport support for background radar detection
Will be used in an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Felix Fietkau
03ea0405a6 mac80211: backport MBSSID/EMA support patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Felix Fietkau
543ada64ed mac80211: reorganize patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Felix Fietkau
02b9b6872a mac80211: backport support for ndo_fill_forward_path
Will be used in an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Etienne Champetier
0e32c6baf3 iptables: add ip{,6}tables-legacy{,-restore,-save} symlinks
Now that we can have both legacy and nft iptables variants
installed at the same time, install the legacy symlinks

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
Etienne Champetier
3a5df36cf6 iptables: use ALTERNATIVES for ip(6)tables(-nft)
As nftables is now the default, ip(6)tables-nft gets higher priority

The removed symlinks ("$(CP)" line) will now be installed by the
ALTERNATIVES mechanism

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
Etienne Champetier
b0bd6599e8 iptables: rework ip(6)tables-nft dependencies
according to iptables-nft man page,
"These tools use the libxtables framework extensions and hook to the nf_tables
kernel subsystem using the nft_compat module."

This means that to work, iptables-nft needs the same modules as
iptables legacy except the ip(6)table-{filter,mangle,nat,raw}
ip_tables, ip6tables.
When those modules are loaded iptables-nft-save output contains
"# Warning: iptables-legacy tables present, use iptables-legacy-save to see them"
But as long as it's empty it should not be a problem.

To have nft properly display the rules created by ip(6)tables-nft we need
all iptables targets and matches to be built as extension and not built-in
(/usr/lib/iptables/libip(6)t_*.so)

When switching a package to iptables-nft, you need to keep the
iptables-mod-* dependencies

This patch does minimal changes:
- remove the direct iptables-nft -> iptables dependency
- and more important add nft-compat dependency

The rule
iptables-nft -A OUTPUT -d 8.8.8.8 -m comment --comment "aaa" -j REJECT
becomes
table ip filter {
	chain OUTPUT {
		type filter hook output priority filter; policy accept;
		ip daddr 8.8.8.8 # xt_comment counter packets 0 bytes 0 # xt_REJECT
	}
}

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
Etienne Champetier
1ebb8e3b6b netfilter: add kmod-nft-compat
This modules is required by iptables-nft

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-02 23:24:03 +01:00
Etienne Champetier
4e7ad15904 iptables: fix ip6tables-nft description
ip6tables-nft packages ip6tables* utils not iptables*

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-02 23:24:03 +01:00
Etienne Champetier
a5c8811c04 iptables: fix ip6tables-extra description
The define was referencing ip6tables-mod-extra instead of ip6tables-extra

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-02 23:24:03 +01:00
Daniel Golle
4367d4f869
uqmi: update to git HEAD
f254fc5 uqmi: add support for get operating mode

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-02 02:37:21 +00:00
Alar Aun
70eedac9b3 ipq40xx: add MikroTik cAP ac support
This adds support for the MikroTik RouterBOARD RBcAPGi-5acD2nD
(cAP ac), a  indoor dual band, dual-radio 802.11ac wireless AP, two
10/100/1000 Mbps Ethernet ports.

See https://mikrotik.com/product/cap_ac for more info.

Specifications:
 - SoC: Qualcomm Atheros IPQ4018
 - RAM: 128 MB
 - Storage: 16 MB NOR
 - Wireless:
   · Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, 2.5 dBi antennae
   · Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 2.5 dBi antennae
 - Ethernet: Built-in IPQ4018 (SoC, QCA8075) , 2x 1000/100/10 port,
   PoE in and passive PoE out

Unsupported:
 - PoE out

Installation:
Boot the initramfs image via TFTP and then flash the sysupgrade
image using "sysupgrade -n"

Signed-off-by: Alar Aun <alar.aun@gmail.com>
2022-02-01 23:18:58 +01:00
Sergey V. Lobanov
93d91197b9 wolfssl: update to 5.1.1-stable
Bump from 4.8.1-stable to 5.1.1-stable

Detailed release notes: https://github.com/wolfSSL/wolfssl/releases

Upstreamed patches:
001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch -
 fa8f23284d
002-Update-macro-guard-on-SHA256-transform-call.patch -
 f447e4c1fa

Refreshed patches:
100-disable-hardening-check.patch
200-ecc-rng.patch

CFLAG -DWOLFSSL_ALT_CERT_CHAINS replaced to --enable-altcertchains
configure option

The size of the ipk changed on aarch64 like this:
491341 libwolfssl4.8.1.31258522_4.8.1-stable-7_aarch64_cortex-a53.ipk
520322 libwolfssl5.1.1.31258522_5.1.1-stable-1_aarch64_cortex-a53.ipk

Tested-by: Alozxy <alozxy@users.noreply.github.com>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-02-01 23:18:01 +01:00
Marek Behún
45d541bb40 kernel: add kmod-vrf
Add option to compile kmod-vrf, support for Virtual Routing and
Forwarding (Lite).

This module depends on NET_L3_MASTER_DEV, which is a boolean kernel
option, so we need to create a configuration option also for this, and
make kmod-vrf depend on it.

Signed-off-by: Marek Behún <kabel@kernel.org>
2022-02-01 22:59:09 +01:00
Hauke Mehrtens
6cab21bd6d kernel: Make kmod-usb-net-lan78xx depend on kmod-of-mdio
kmod-usb-net-lan78xx depends on kmod-of-mdio when this package is
activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
8c1a84aada uboot-envtools: Update to version 2022.01
The sizes of the ipk changed on MIPS 24Kc like this:
13281 uboot-envtools_2021.01-54_mips_24kc.ipk
13308 uboot-envtools_2022.01-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
392609543d libcap: Update to version 2.63
The sizes of the ipk changed on MIPS 24Kc like this:
11248 libcap_2.51-1_mips_24kc.ipk
14461 libcap_2.63-1_mips_24kc.ipk

18864 libcap-bin_2.51-1_mips_24kc.ipk
20576 libcap-bin_2.63-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
8c2445a0e4 e2fsprogs: Update to version 1.46.5
The sizes of the ipk changed on MIPS 24Kc like this:
  8788 badblocks_1.45.6-2_mips_24kc.ipk
  8861 badblocks_1.46.5-1_mips_24kc.ipk

  3652 chattr_1.45.6-2_mips_24kc.ipk
  3657 chattr_1.46.5-1_mips_24kc.ipk

 58128 debugfs_1.45.6-2_mips_24kc.ipk
 60279 debugfs_1.46.5-1_mips_24kc.ipk

  8551 dumpe2fs_1.45.6-2_mips_24kc.ipk
  8567 dumpe2fs_1.46.5-1_mips_24kc.ipk

  4797 e2freefrag_1.45.6-2_mips_24kc.ipk
  4791 e2freefrag_1.46.5-1_mips_24kc.ipk

159790 e2fsprogs_1.45.6-2_mips_24kc.ipk
168212 e2fsprogs_1.46.5-1_mips_24kc.ipk

  7083 e4crypt_1.45.6-2_mips_24kc.ipk
  7134 e4crypt_1.46.5-1_mips_24kc.ipk

  5749 filefrag_1.45.6-2_mips_24kc.ipk
  6233 filefrag_1.46.5-1_mips_24kc.ipk

  4361 libcomerr0_1.45.6-2_mips_24kc.ipk
  4355 libcomerr0_1.46.5-1_mips_24kc.ipk

168040 libext2fs2_1.45.6-2_mips_24kc.ipk
174209 libext2fs2_1.46.5-1_mips_24kc.ipk

  8514 libss2_1.45.6-2_mips_24kc.ipk
  8613 libss2_1.46.5-1_mips_24kc.ipk

  3148 lsattr_1.45.6-2_mips_24kc.ipk
  3227 lsattr_1.46.5-1_mips_24kc.ipk

 22530 resize2fs_1.45.6-2_mips_24kc.ipk
 22909 resize2fs_1.46.5-1_mips_24kc.ipk

 33315 tune2fs_1.45.6-2_mips_24kc.ipk
 34511 tune2fs_1.46.5-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
18c6b99666 util-linux: Update to version 2.37.3
This release fixes two security mount(8) and umount(8) issues:

CVE-2021-3996
    Improper UID check in libmount allows an unprivileged user to unmount FUSE
    filesystems of users with similar UID.

CVE-2021-3995
    This issue is related to parsing the /proc/self/mountinfo file allows an
    unprivileged user to unmount other user's filesystems that are either
    world-writable themselves or mounted in a world-writable directory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
693d7c12e8 util-linux: Do not build raw any more.
The man page of the raw tool does not build because the disk-utils/raw.8
file is missing. It looks like it should be in the tar.xz file we
download, but it is missing.

We do not package the raw tool, so this is not a problem.

This fixes the following build error:
No rule to make target 'disk-utils/raw.8', needed by 'all-am'.  Stop.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
64866ba474 strace: Update to version 5.16
The sizes of the ipk changed on MIPS 24Kc like this:
289764 strace_5.14-1_mips_24kc.ipk
310899 strace_5.16-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
cec4614df8 ethtool: Update to version 5.16
795f420 cmis: Rename CMIS parsing functions
369b43a cmis: Initialize CMIS memory map
da16288 cmis: Use memory map during parsing
6acaeb9 cmis: Consolidate code between IOCTL and netlink paths
d7d15f7 sff-8636: Rename SFF-8636 parsing functions
4230597 sff-8636: Initialize SFF-8636 memory map
b74c040 sff-8636: Use memory map during parsing
799572f sff-8636: Consolidate code between IOCTL and netlink paths
9fdf45c sff-8079: Split SFF-8079 parsing function
2ccda25 netlink: eeprom: Export a function to request an EEPROM page
86792db cmis: Request specific pages for parsing in netlink path
6e2b32a sff-8636: Request specific pages for parsing in netlink path
c2170d4 sff-8079: Request specific pages for parsing in netlink path
9538f38 netlink: eeprom: Defer page requests to individual parsers
664586e Merge branch 'review/next/module-mem-map' into master
50fdaec ethtool: Set mask correctly for dumping advertised FEC modes
c5e7133 cable-test: Fix premature process termination
73091cd sff-8636: Use an SFF-8636 specific define for maximum number of channels
837c166 sff-common: Move OFFSET_TO_U16_PTR() to common header file
8658852 cmis: Initialize Page 02h in memory map
27b42a9 cmis: Initialize Banked Page 11h in memory map
340d88e cmis: Parse and print diagnostic information
eae6a99 cmis: Print Module State and Fault Cause
82012f2 cmis: Print Module-Level Controls
d7b1007 sff-8636: Print Power set and Power override bits
429f2fc Merge branch 'review/cmis-diag' into master
32457a9 monitor: do not show duplicate options in help text
c01963e Release version 5.16.

The sizes of the ipk changed on MIPS 24Kc like this:
34317 ethtool_5.15-1_mips_24kc.ipk
34311 ethtool_5.16-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
57f38e2c82 mbedtls: Update to version 2.16.12
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
  value when verifying a MAC or AEAD tag. This hardens the library in
  case the value leaks through a memory disclosure vulnerability. For
  example, a memory disclosure vulnerability could have allowed a
  man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
  mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
  (out of memory). After that, calling mbedtls_ssl_session_free()
  and mbedtls_ssl_free() would cause an internal session buffer to
  be free()'d twice. CVE-2021-44732

The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
5b96048de1 gdb: Update gdb to version 11.2
This is a minor corrective release over GDB 11.1, fixing the following issues:
* PR sim/28302 (gdb fails to build with glibc 2.34)
* PR build/28318 (std::thread support configure check does not use CXX_DIALECT)
* PR gdb/28405 (arm-none-eabi: internal-error: ptid_t remote_target::select_thread_for_ambiguous_stop_reply(const target_waitstatus*): Assertion `first_resumed_thread != nullptr' failed)
* PR tui/28483 ([gdb/tui] breakpoint creation not displayed)
* PR build/28555 (uclibc compile failure since commit 4655f8509fd44e6efabefa373650d9982ff37fd6)
* PR rust/28637 (Rust characters will be encoded using DW_ATE_UTF)
* PR gdb/28758 (GDB 11 doesn't work correctly on binaries with a SHT_RELR (.relr.dyn) section)
* PR gdb/28785 (Support SHT_RELR (.relr.dyn) section)

The sizes of the ipk changed on mips 24Kc like this:
2285775 gdb_11.1-3_mips_24kc.ipk
2287441 gdb_11.2-4_mips_24kc.ipk
191828 gdbserver_11.1-3_mips_24kc.ipk
191811 gdbserver_11.2-4_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Sungbo Eo
0c635cf830 linux-firmware: intel: add firmware for AX210
Add the most recent supported firmware file for Intel Wi-Fi 6E AX210
wireless chip. The API version 67 is not yet supported by the driver.
Additional PNVM file is required since API version 62.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-01-31 18:59:10 +00:00
Daniel Golle
b6a2cee4b7
ubox: fix broken deferred start of logfile writer
Just use 'start' action which will have the desired effect instead of
trying to introduce a 'start_file' action which didn't work that way
because procd jshn magic would have to wrap around it.

Fixes: 88baf6ce2c ("ubox: only start log to file when filesystem has been mounted")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-31 15:03:25 +00:00
Daniel Golle
5d110c0161
procd: seccomp/jail: Fix build error on arm with glibc
From: Peter Lundkvist <peter.lundkvist@gmail.com>

This fixes the make_syscall_h.sh script to recognize both
__NR_Linux, used by mips, and __NR_SYSCALL_BASE and
__ARM_NR_BASE used by arm.

Run-tested on arm (ipq806x) and mips (ath79), both with glibc.
Compile-tested and checked resulting syscall_names.h file wuth
glibc: aarch64, powerpc, x86_64, i486
musl: arm, mips

Fixes: FS#4194, FS#4195

Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-31 00:10:42 +00:00
Daniel Golle
88baf6ce2c
ubox: only start log to file when filesystem has been mounted
If log_file is on an filesystem mounted using /etc/config/fstab we have
to wait for that to happen before starting the logread process.
Inhibit the start of the file-writer process and use a mount trigger to
fire it up once the filesystem actually becomes available.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-30 20:19:37 +00:00
Daniel Golle
6d76ec3872
procd: support generic mount triggers and clean up
Allow init scripts to trigger free-form actions by exposing
procd_add_action_mount_trigger.
Clean up mount trigger wrappers while at it to reduce code duplication.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-30 20:16:25 +00:00
Roman Azarenko
5bd926efa9 util-linux: add lslocks
This change adds the "lslocks" utility from util-linux.

Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
2022-01-28 22:12:18 +01:00
Hauke Mehrtens
fcb29171bc arc770: Remove arc770 target
The arc700 target is not booting up since some time, see here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/issues/400

It looks like there is a problem in the toolchain when using glibc.

Currently no one is working on fixing this problem, remove the target
instead. This target also does not have many users we are aware of.

If someone wants to have this target back, feel free to add a fixed
version of this target again.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-01-28 21:58:24 +01:00
Jo-Philipp Wich
edb41fea66 firewall4: update to latest Git HEAD
16a1070 fw4.uc: handle zone masq6 option
5f61dbf ruleset: fix chain selection for mark and dscp targets
0bc844b ruleset: properly deal with wildcards in zone device selectors
101988d fw4: fix family comparisons
127dbc0 ruleset: emit AF specific rules for DSCP matches
d63cb89 fw4: fix parsing inverted numeric DSCP values
8c8a867 fw4: fix wrong `parse_network()` return value on `parse_subnet()` failure
f85bb2d ruleset: consolidate zone matches for raw_prerouting and raw_output chains
5669bc7 fw4: consolidate device grouping logic
94f03e0 ruleset: properly render redirect targets without port
fff9779 fw4: fix family selection logic for redirect rules
ca88fcd tests: update interface dump mock data
e60bb4b ruleset: support non-contiguous address masks
8fec51a fw4: fix potential crashes when parsing invalid redirect sections
c08eb44 fw4: fix redirect destination zone resolving
0df6ba0 fw4: fix address selection logic for DNAT reflection rules
60a2518 tests: add test coverage for redirect rules
e479eff fw4: add RFC-8622 'Least Effort' (LE) DSCP mark
ac8a737 ruleset: remove redundant syn check
bd5dc4b tests: run testcases in strict mode
3ee6a5c ruleset: fix undeclared variable access uncovered by strict mode

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-28 19:13:37 +01:00
Jo-Philipp Wich
0a29133b1f ucode: update to latest Git HEAD
c6dae42 LICENSE: add ISC license file
402f603 lib: introduce struct library
dcb6ffd struct: fix PowerPC specific compiler pragma name
a0512ea treewide: fix typo in exported function names and types
eaaaf88 nl80211: fix wiphy dump reply merge logic
e6efadb fs: add utility functions
54ef6c0 nl80211: fix premature netlink reply receive abort
07802f3 syntax: disallow keywords in object property shorthand notation
3489b75 vm: support object property access on resource value types
dc8027c types: consider resource prototypes when marking reachable objects
5680fab treewide: fix upvalue reference type name
0d29b25 treewide: fix "resource" misspellings
99fdafd vm: introduce value registry
66f7c00 ubus: add support for async requests
5c77dd5 fs: implement fdopen(), file.fileno() and proc.fileno()
b605dbf treewide: rework numeric value handling
599d233 vallist: store double values in a platform neutral manner
5bb9ab7 struct: reuse double packing routines from core
2fd7ab5 vm: optimize string concatenation
eafa321 lib: implement uniq() function
6b2e79a types: add initial infrastructure for function serialization
725bb75 compiler, vm: use a program wide constant list
6c2caf9 source: refactor source file handling
371ba45 program: implement support for precompiling source files
3578afe build: support building without compile capabilities
61d0a34 lib: replace usages of vasprintf() with xvasprintf()
03b6a8e syntax: drop legacy syntax support
01132db lib: fix %J string formats with precision specifier
3f44c42 lib: rework format string handling
a1b3c5d struct: implement `*` format, fix invalid memory accesses
34a04a2 run_tests.sh: fix exitcode evaluation
abe38e7 run_tests.sh: add ability to define environment variables for testcases
04fa2ba tests: reorganize testcase files
6a55d10 lib: fix exists() error return value
aa860a3 vm: fix `null` loose equality/inequality checks
3f6d199 vallist: uc_number_parse(): parse empty strings as `0`, not `NaN`
ddc5aa7 vm: fix NaN strict equality tests

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-28 19:13:37 +01:00
Florian Fainelli
17135ae091 perf: Depend on libbfd and libopcodes when enabled
bpftool will enabled libbfd and libopcodes which gets picked up by perf
as libraries to link against. Add those missing dependencies when either
of these packages are enabled.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2022-01-27 20:16:57 -08:00
Tiago Gaspar
ef4c97576b netfilter: correct some dependencies
nf-nathelper-extra and nf-conntrack-netlink had iptables related
dependencies, yet, when looking for the respective kernel symbols and
checking it's dependencies it was confirmed that iptables wasn't
required and that these were either it's own moodule or tool independent
(nftables or iptables).

Correct these and make sure no unneeded extras are pulled in.

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
2022-01-27 09:56:40 +01:00
Daniel Golle
145d896e0e
uboot-mediatek: update to version 2022.01
Tested on BananaPi R2 (SD, eMMC), BananaPi R64 (SD, eMMC, SPI-NAND) and
UniElec U7623-02 (eMMC).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 20:20:53 +00:00
Daniel Golle
31872a38be
uboot-envtools: add configuration for UniElec U7623 board
Add U-Boot env settings to allow accessing the environment using
fw_printenv and fw_setenv tools on the UniElec U7623 board.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 20:20:42 +00:00
Daniel Golle
213b406ae3
uboot-mediatek: update build for the U7623-02 board
Brings bootmenu and production/recovery dual-boot scheme like on
the BPi-R2, BPi-R64, E8450 and UniFi 6 LR.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 19:48:42 +00:00
Hans Dedecker
7edd10f9df netifd: update to git HEAD
ed71876 iprule: add support for uidrange

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-01-23 18:54:16 +01:00
Jo-Philipp Wich
3d3d03479d ucode: add temporary fix for integer formatting on 32bit systems
The ucode VM always passes 64bit integer values to sprintf implementation
while the `%d` format expects 32bit integers on 32bit platforms, leading
to incorrect formatting results.

Temporarily solve the issue by casting the numeric argument to int until
a more thorough fix arrives with the next update.

Fixes: FS#4234
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-23 00:57:58 +01:00
Hauke Mehrtens
6ae657e459 util-linux: Add taskset
This adds the taskset application from util Linux.
It is already built, but not packaged yet.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
2022-01-21 23:53:00 +01:00
Hauke Mehrtens
71bdff9139 ltq-vdsl-mei: Remove static linking
This removes -static compile option. The -static option tells GCC to
link this statically with the libc, which we do not want in OpenWrt. We
want to link everything dynamically to the libc. This fixes a compile
problem with glibc.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-01-21 23:09:24 +01:00
Matthew Hagan
46ce629fe0 ipip: add 'nohostroute' option
Add the nohostroute option as available for gre and wg tunnels to
allow the user to prevent explicit creation of a route to the peer
address.

Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
2022-01-19 20:57:59 +01:00
Hauke Mehrtens
e74529552c ustream-ssl: update to Git version 2022-01-16
868fd88 ustream-openssl: wolfSSL: Add compatibility for wolfssl >= 5.0

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-01-16 21:51:21 +01:00
Sven Eckelmann
8143709c90 ath79: Add support for OpenMesh OM2P v1
Device specifications:
======================

* Qualcomm/Atheros AR7240 rev 2
* 350/350/175 MHz (CPU/DDR/AHB)
* 32 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 1T1R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
  - eth0
    + 18-24V passive POE (mode B)
    + used as WAN interface
  - eth1
    + builtin switch port 4
    + used as LAN interface
* 12-24V 1A DC
* external antenna

The device itself requires the mtdparts from the uboot arguments to
properly boot the flashed image and to support dual-boot (primary +
recovery image). Unfortunately, the name of the mtd device in mtdparts is
still using the legacy name "ar7240-nor0" which must be supplied using the
Linux-specfic DT parameter linux,mtd-name to overwrite the generic name
"spi0.0".

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2022-01-16 21:42:19 +01:00
Nick Hainke
607f06f81c mtd-utils: update to 2.1.4
Changes from 2.1.3 to 2.1.4:

Features:
      - ubiscan debugging and statistics utility

Fixes:
      - Some mtd-tests erroneously using sub-pages instead of the full page size
      - Buffer overrun in fectest
      - Missing jffs2 kernel header in the last release, leading to build
        failures on some systems.

Changes from 2.1.2 to 2.1.3:

Features:
       flashcp: Add new function that copy only different blocks
       flash_erase: Add flash erase chip
       Add flash_otp_erase
       Add an ubifs mount helper
       Add nandflipbits tool

Fixes:
       mkfs.ubifs: Fix runtime assertions when running without crypto
       mtd-utils: Use AC_SYS_LARGEFILE
       Fix test binary installation
       libmtd: avoid divide by zero
       ubihealthd: fix UBIFS build dependency
       mkfs.ubifs: remove OPENSSL_no_config()
       misc-utils: Add fectest to build system
       mkfs.ubifs: Fix build with SELinux
       Fix typos found by Debian's lintian tool
       Fix jffs2 build if zlib or lzo headers are not in default paths

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-01-16 20:51:14 +01:00
Christian Lamparter
0a08d4faad kernel: add missing kmod+regmap-i2c dependency for NCT7802Y module
x86, mt7623 and others buildbot failed due to:
|Package kmod-hwmon-nct7802 is missing dependencies for the following libraries:
|regmap-core.ko
|regmap-i2c.ko

Fixes: 1ed50b92d1 ("package: kernel: add driver module for NCT7802Y")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-15 19:55:14 +01:00
Pawel Dembicki
9149ed4f05 mvebu: cortexa9: Add support for Ctera C200-V2
2-Bay NAS - maximum two 3.5" Harddisks

Hardware:
  - SoC: Marvell 88F6707-A1 ARMv7 Processor 1,2GHz (ARMADA 370 SoC)
  - Ram: 1GB (2x Nanya NT5CC512M8DN-D1)
  - NAND Flash: 256MB (ESMT F59L2G81A-25T)
  - Lan: 1x GBE (Marvell 88E1318-NNB2)
  - Storage: 2x SATA HDD 3.5" Slot
  - USB: 2x USB 3.0 port (Renesas uPD720202)
  - Console: Internal J3 connector (1: Vcc, 2: Rx, 3: Tx, 4: GND)
  - LEDs: 13x GPIO controlled
  - Buttons: 2x GPIO controlled

Known issues:
  - Buzzer is unused due lack of proper driver
  - USB1/2 usbport ledtrigger won't work (through DT)
  - Renesas uPD720202 requires firmware file. It's possible to find
    non-free binary. Please look for 'UPDATE.mem' file and put in into
    '/lib/firmware/renesas_usb_fw.mem' file.

Installation:
  - Apply factory initramfs image via stock web-gui.
  - Do sysupgrade to make installation complete.

Back to stock:
  - OpenWrt rootfs partition use unused space after stock firmware.
  - Full revert is possible.
  - Login via ssh and run:

 ## ctera_c200-v2_back_to_factory start ##
 . /lib/functions.sh
 part=$(find_mtd_part "active_bank")
 active_bank=$(strings "$part" | grep bank)
 if [ "$active_bank" = "bank1" ]; then
 	echo "bank2" > /tmp/change_bank
 else
 	echo "bank1" > /tmp/change_bank
 fi
 mtd write /tmp/change_bank active_bank
 reboot
 ## ctera_c200-v2_back_to_factory end ##

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(put back-to-stock script into commit message, removed dup. SUBPAGESIZE var,
added 01_leds for non-working dt-usb-port trigger)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-15 17:41:19 +01:00
Pawel Dembicki
1ed50b92d1 package: kernel: add driver module for NCT7802Y
This commit add package with hwmon-nct7802 module.

This driver implements support for the Nuvoton NCT7802Y hardware monitoring
chip. NCT7802Y supports 6 temperature sensors, 5 voltage sensors, and 3 fan
speed sensors.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(fixed c&p'ed module description)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-15 17:41:19 +01:00
Joshua Roys
51b9aef553 ipq40xx: add support for ASUS RT-ACRH17/RT-AC42U
SOC:	IPQ4019
CPU:	Quad-core ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
DRAM:	256 MB
NAND:	128 MiB Macronix MX30LF1G18AC
ETH:	Qualcomm Atheros QCA8075 Gigabit Switch (4x LAN, 1x WAN)
USB:	1x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1:	Qualcomm Atheros QCA4019 2.4GHz 802.11bgn 2x2:2
WLAN2:	Qualcomm Atheros QCA9984 5GHz 802.11nac 4x4:4
INPUT:	1x WPS, 1x Reset
LEDS:	Status, WIFI1, WIFI2, WAN (red & blue), 4x LAN

This board is very similar to the RT-ACRH13/RT-AC58U. It must be flashed
with an intermediary initramfs image, the jffs2 ubi volume deleted, and
then finally a sysupgrade with the final image performed.

Signed-off-by: Joshua Roys <roysjosh@gmail.com>
(added ALT0)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-15 17:21:01 +01:00
David Bauer
2a31e9ca97 hostapd: add op-class to get_status output
Include the current operation class to hostapd get_status interface.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-01-14 22:12:44 +01:00
Hans Dedecker
d9064c31ca netifd: update to git HEAD
3043206 system: fix compilation with glibc 2.34

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-01-14 21:46:29 +01:00
Paul Spooren
0637093e8c iptables: enable nftable support by default
OpenWrt plans to move over to firewall4 which uses nftables under the
hood. To allow a smooth migration the package `iptables-nft` offer a
transparent wrapper to apply iptables rules to nftables.

Without the config option for nftables the package isn't installed and
therefore can't be tested. This commit enabled it and therefore provides
the wrapper.

The size of the iptables package increases from 25436 to 26500 Bytes.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-01-14 00:42:28 +01:00
Hans Dedecker
7f2052ef22 netifd: update to git HEAD
96902e8 Revert "netifd: add devtype to ubus call"
29e6acf netifd: add devtype to ubus call
7ccbf08 netifd: add devtype to ubus call

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-01-12 21:14:29 +01:00
Daniel Golle
8c31f6bcab
procd: update to git HEAD
ca6c35c uxc: usage message cosmetics
 e083dd4 uxc: fix two minor issues reported by Coverity
 35dfbff procd: jail/cgroups: correctly enable "rdma" when requested
 3b3ac64 procd: mount /dev with noexec
 ac2b8b3 procd: clean up /dev/pts mounts

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-12 19:17:21 +00:00
Kevin Darbyshire-Bryant
e955a08340 firewall: update to latest HEAD
0f16ea5 options.c: add DSCP code LE Least Effort
24ba465 firewall3: remove redundant syn check
df1306a firewall3: fix locking issue
3624c37 firewall3: support table load on access on Linux 5.15+

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-01-10 11:45:15 +00:00
Sven Eckelmann
97f5617259 ath79: Add support for OpenMesh OM5P-AC v1
Device specifications:
======================

* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi (11n)
* 2T2R 5 GHz Wi-Fi (11ac)
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* TI tmp423 (package kmod-hwmon-tmp421) for temperature monitoring
* 2x ethernet
  - eth0
    + AR8035 ethernet PHY (RGMII)
    + 10/100/1000 Mbps Ethernet
    + 802.3af POE
    + used as LAN interface
  - eth1
    + AR8035 ethernet PHY (SGMII)
    + 10/100/1000 Mbps Ethernet
    + 18-24V passive POE (mode B)
    + used as WAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2022-01-09 21:12:28 +01:00
Sven Eckelmann
72ef594550 ath79: Add support for OpenMesh OM5P-AN
Device specifications:
======================

* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
  - 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 1T1R 2.4 GHz Wi-Fi
* 2T2R 5 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* TI tmp423 (package kmod-hwmon-tmp421) for temperature monitoring
* 2x ethernet
  - eth0
    + AR8035 ethernet PHY
    + 10/100/1000 Mbps Ethernet
    + 802.3af POE
    + used as LAN interface
  - eth1
    + 10/100 Mbps Ethernet
    + builtin switch port 1
    + 18-24V passive POE (mode B)
    + used as WAN interface
* 12-24V 1A DC
* internal antennas

Flashing instructions:
======================

Various methods can be used to install the actual image on the flash.
Two easy ones are:

ap51-flash
----------

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.

initramfs from TFTP
-------------------

The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):

   setenv serverip 192.168.1.21
   setenv ipaddr 192.168.1.1
   tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr

The actual sysupgrade image can then be transferred (on the LAN port) to the
device via

  scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/

On the device, the sysupgrade must then be started using

  sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2022-01-09 21:12:28 +01:00
Daniel Golle
000825d792
opkg: update to git HEAD of 2022-01-09
db7fb64 libopkg: pkg_hash: prefer to-be-installed packages
 2edcfad libopkg: set 'const' attribute for argv

This should fix the ImageBuilder problems people are having since we
introduced the 'uci-firewall' providers.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-09 20:10:32 +00:00
Stijn Tintel
0f50d3daff firewall4: bump to git HEAD
9a509d4 ruleset.uc: consolidate ip and ip6 offload
 21f311d ruleset.uc: don't trim newline before comment sign
 f121383 tests: enable flow offloading in tests
 550df40 tests: add test for unknown defaults option
 47c5a5b tests: add test for deprecated rule option
 69a89d6 tests: add test for unknown rule option
 07579df fw4.uc: handle interface zone option

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-01-09 17:38:18 +02:00
Josef Schlehofer
31647d8be8 kernel: add kmod-usb-net-lan78xx
Add kernel module for Microchip LAN78XX based USB 2 & USB 3
10/100/1000 Ethernet adapters. [1]

This kernel module is required for the Seeed Studio's Mini Router
based on RPI CM4 [2].

[1] <https://cateee.net/lkddb/web-lkddb/USB_LAN78XX.html>
[2] <https://www.seeedstudio.com/Dual-GbE-Carrier-Board-with-4GB-RAM-32GB-eMMC-RPi-CM4-Case-p-5029.html>

Link: <https://github.com/openwrt/openwrt/pull/4893>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(added kmod-phy-microchip and kmod-fixed-phy dependencies,
rpi3 needs lan78xx but has it built-in)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-08 23:23:22 +01:00
Christian Lamparter
3fabca8894 kernel: provide kmod-fixed-phy as separate kmod
Almost all targets have the fixed-phy feature built into the kernel.
One big exception is x86. This caused a problem with the upcoming
LAN78xx usb driver. Hence this patch breaks out the fixed-phy from
of_mdio (which didn't include the .ko) and puts into a separate
module.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-08 23:20:21 +01:00
Christian Lamparter
d9ff9a4270 kernel: add kmod-phy-microchip
phy drivers for Microchip's LAN88xx PHYs.
This is needed for the "LAN7801" variant
of the upstream lan78xx usb ethernet driver.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-08 23:17:18 +01:00
Florian Fainelli
a372946e60 elfutils: Add missing musl-fts dependency
libdw depends on libfts.so when building with the musl-libc library, add
this missing dependency.

Fixes: 6835ea13f0 ("elfutils: update to 0.186")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2022-01-07 20:50:50 -08:00
Marty Jones
3fe253c6ab linux-firmware: add new package r8152-firmware
Linux upstream commit 9370f2d05a
add load firmware file through request_firmware,this affect the
nanopi r2s and some USB adapters in kernel 5.10 with this error:
'r8152 4-1:1.0: unable to load firmware patch rtl_nic/rtl8153b-2.fw'
This patch split the USB NIC firmware files from r8169 firmware,
and adds r8152-firmware to r8152 driver.
Add kmod-usb-net-cdc-ncm to support RTL8156A and RTL8156B 2.5G ethernet
adapters supported since v5.13-rc1.
195aae321c

Signed-off-by: Marty Jones <mj8263788@gmail.com>
2022-01-08 00:49:59 +01:00
Jan Hoffmann
9d878d8422 ltq-ifxos: update to 1.7.1
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[fix warnings, switch to tag tarball, update patches]
Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-01-08 00:49:59 +01:00
Andre Heider
5ee1e04517 ltq-vdsl: move to the default device name /dev/dsl_cpe_api/0
This makes patching it for ltq-vdsl-app unnecessary and paves the way
for VRX518 support.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-01-08 00:49:59 +01:00
Hannu Nyman
a54b406ccb busybox: update to 1.35.0
Update busybox to 1.35.0

* refresh patches

Config refresh:

Refresh commands, run after busybox is first built once:

cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0
cd ..
./convert_defaults.pl ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0/.config > Config-defaults.in

Manual edits needed after config refresh:

* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6

* Config-defaults.in: OpenWrt configTARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)

* Config-defaults.in: OpenWrt logic applied to
  BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)

* config/editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)

* config/shell/Config.in : change at "Options common to all shells" the symbol
  SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
  (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
  Apparently our script does not see the hidden option while
  prepending config options with "BUSYBOX_CONFIG_" which leads to a
  missed dependency when the options are later evaluated.)

* Edit Config.in files by adding quotes to sourced items in
  config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2022-01-08 00:49:59 +01:00
Glenn Strauss
a8513e2461 mbedtls: enable session tickets
session tickets are a feature of TLSv1.2 and require less memory
and overhead on the server than does managing a session cache

Building mbedtls with support for session tickets will allow the
feature to be used with lighttpd-1.4.56 and later.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-08 00:49:59 +01:00
Sergey V. Lobanov
6835ea13f0 elfutils: update to 0.186
Upstreamed patches (deleted):
0001-ppc_initreg.c-Incliude-asm-ptrace.h-for-pt_regs-defi.patch -
 https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=8382833a257b57b0d288be07d2d5e7af6c102869
110-no-cdefs.patch -
 https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=d390548df1942e98a1d836269a5e41ba52e121f1

Auto-refreshed:
006-Fix-build-on-aarch64-musl.patch
101-no-fts.patch

Manually updated and refreshed:
005-build_only_libs.patch
003-libintl-compatibility.patch
100-musl-compat.patch

Disabled _obstack_free check (via configure vars)

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-01-08 00:49:59 +01:00
Nick McKinney
e0a574d4b7 ramips: add support for Linksys EA6350 v4
Specifications:
- SoC: MT7621DAT (880MHz, 2 Cores)
- RAM: 128 MB
- Flash: 128 MB NAND
- Ethernet: 5x 1GiE MT7530
- WiFi: MT7603/MT7613
- USB: 1x USB 3.0

This is another MT7621 device, very similar to other Linksys EA7300
series devices.

Installation:

Upload the generated factory.bin image via the stock web firmware
updater.

Reverting to factory firmware:

Like other EA7300 devices, this device has an A/B router configuration
to prevent bricking.  Hard-resetting this device three (3) times will
put the device in failsafe (default) mode.  At this point, flash the
OEM image to itself and reboot.  This puts the router back into the 'B'
image and allows for a firmware upgrade.

Troubleshooting:

If the firmware will not boot, first restore the factory as described
above.  This will then allow the factory.bin update to be applied
properly.

Signed-off-by: Nick McKinney <nick@ndmckinney.net>
2022-01-08 00:49:59 +01:00
Sergey V. Lobanov
04e6434c62 utils/mdadm: fix build on hosts without /run dir
CHECK_RUN_DIR=0 must be a part of MAKE_FLAGS, not MAKE_VARS, otherwise
it is not possible to compile mdadm on host without /run dir.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-01-08 00:49:59 +01:00
Hauke Mehrtens
e708bf76d5 toolchain: glibc: Update to version 2.34
glibc version 2.34 does not provide versioned shared libraries any more,
it only provides shared libraries using the ABI version. Do not try to
copy them any more.

The functions from libpthread and librt were integrated into the main
binary, the libpthread.so and librt.so are only used for backwards
compatibility any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-01-07 22:30:40 +01:00
Stijn Tintel
4d1f133561 firewall4: bump to git HEAD
main.uc: fix device gathering

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-01-06 21:30:14 +02:00
Jo-Philipp Wich
7881dce7d8 firewall4: fix syntax error in dependency spec
Fixes: ae60af8572 ("firewall4: order DEPENDS alphabetically")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 16:58:06 +01:00
Stijn Tintel
53b87a7a28 firewall/firewall4: provide uci-firewall
Provide uci-firewall via PROVIDES in both firewall and firewall4. This
will allow us to change the dependency of luci-app-firewall to
uci-firewall, making it possible to use it with either implementation.

Move CONFLICTS from firewall4 to firewall, to solve this recursive
dependency problem:

tmp/.config-package.in:307:error: recursive dependency detected!
tmp/.config-package.in:307:     symbol PACKAGE_firewall is selected by PACKAGE_firewall4
tmp/.config-package.in:328:     symbol PACKAGE_firewall4 depends on PACKAGE_firewall

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:54:50 +02:00
Stijn Tintel
3ec25a657d firewall4: bump to git HEAD
4ead2a6 treewide: move executables to /sbin
 9ebc2f4 fw4.uc: filter duplicates in fw4.set
 85b74f3 treewide: support flow offloading
 be3b4e6 treewide: support hardware flow offloading
 38889b7 treewide: support set timeout
 31c7550 fw4.uc: do not skip defaults with invalid option
 334a127 fw4.uc: introduce DEPRECATED flag
 7a0d38f fw4.uc: add _name as deprecated option
 5e7ad3b fw4.uc: don't fail on unknown options
 be5f4e3 fw4.uc: allow use of cidr in ipsets

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:54:43 +02:00
Stijn Tintel
ae60af8572 firewall4: order DEPENDS alphabetically
Add some line breaks while at at, to improve readability.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:54:06 +02:00
Stijn Tintel
3d4acc34bb firewall4: drop kmod-ipt-nat from CONFLICTS
The limitation of not being able to use iptables and nft nat at the same
time exists only in kernels before 4.18.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:53:47 +02:00
Daniel Kestrel
b61d756b6c ltq-deu: disable arc4 algorithm
ARC4 was used for WEP, which is not secure anymore. Therefor it is
disabled in the driver, but the code is not removed for now.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
fc4d88cf73 ltq-deu: add aes_gcm algorithm
The lantiq AES hardware does not support the gcm algorithm. But it
can be implemented in the driver as a combination of the aes_ctr
algorithm and the xor plus gfmul operations for the hashing.
Due to the wrapping of the several algorithms and the inefficient
16 byte block by 16 byte block invokation in the kernel
implementations, this driver is about 3 times faster for the larger
block sizes.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
973e28f248 ltq-deu: change PKG_RELEASE to AUTORELEASE
As per suggestion by adschm, PKG_RELEASE is set to AUTORELEASE.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
a0d6b09c36 ltq-deu: remove redundant code for setting the key in aes
After adding xts and cbcmac the aes algorithm source had three sections
for setting the aes key to the hardware which are identical.
Method aes_set_key_hw was created which is now called from within the
spinlock secured control sections in methods ifx_deu_aes, ifx_deu_aes_xts
and aes_cbcmac_final_impl and reduces the size of ifxmips_aes.c.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
79efaa7f8f ltq-deu: add shash cbcmac-aes algorithm to the driver
Since commit 53b6783 hostapd is using the kernel api which includes the
cbcmac-aes shash algorithm. The kernels implementation is a wrapper around
the aes encryption algorithm, which encrypts block (16 bytes) by block.
When the ltq-deu driver is present, it uses hardware aes, but every 16 byte
encrypt requires setting the key. This is very inefficient and is a huge
overhead. Since the cbcmac-aes is simply a hash that uses the cbc aes
algorithm starting with an iv set to x'00' with an optional ecb aes
encryption of a possible last incomplete block that is padded with the
positional bytes of the last cbc encrypted block, this algorithm is now
added to the driver. Most of the code is derived from md5-hmac and
tailored for aes. Tested with the kernels crypto testmgr including extra
tests against the kernels generic ccm module implementation.
This patch also fixes the overallocation in the aes_ctx that is caused
by using u32 instead of u8 for the aes keys.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
f8e5c6080c ltq-deu: remove driver disablement for kernel 5.4 and above
Remove the dependency on kernel 5.4 from the Makefile to allow the
driver to compile with kernel 5.10 or kernel versions higher than
5.4.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
43422deed3 ltq-deu: add aes_xts algorithm
The lantiq AES hardware does not support the xts algorithm. Apart
from the cipher text stealing (XTS), the AES XTS implementation is
just an XOR with the IV, followed by AES ECB, followed by another
XOR with the IV and as such can be also implemented by using the
lantiq hardware's CBC AES implemention plus one additional XOR with
the IV in the driver. The output IV by CBC AES is also not usable
and the gfmul operation not supported by lantiq hardware. Both need
to be done in the driver too in addition to the IV treatment which is
the initial encryption by the other half of the input key and to
set the IV to the IV registers for every block.
In the generic kernel implementation, the block size for XTS is set
to 16 bytes, although the algorithm is designed to process any size
of input larger than 16 bytes. But since there is no way to
indicate a minimum input length, the block size is used. This leads
to certain issues when the skcipher walk functions are used, e.g.
processing less than block size bytes is not supported by calling
skcipher_walk_done.
The walksize is 2 AES blocks because otherwise for splitted input
or output data, less than blocksize is to be returned in some cases,
which cannot be processed. Another issue was that depending on
possible split of input/output data, just 16 bytes are returned while
less than 16 bytes were remaining, while cipher text stealing
requires 17 bytes or more for processing.
For example, if the input is 60 bytes and the walk is 48, then
processing 48 bytes leads to a return code of -EINVAL for
skcipher_walk_done. Therefor the processed counter is used to
figure out, when the actual cipher text stealing for the remaining
bytes less than blocksize needs to be applied.
Measured with cryptsetup benchmark, this XTS AES implementation is
about 19% faster than the kernels XTS implementation that uses the
hardware ECB AES (ca. 18.6 MiB/s vs. 15.8 MiB/s decryption 256b key).
The implementation was tested with the kernels crypto testmgr against
the kernels generic XTS AES implementation including extended tests.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:08 +01:00
Daniel Kestrel
006fee0dad ltq-deu: update initialisations for hmac algorithms
The processing in the hmac algorithms depends on the status fields:
count, dbn and started. Not all were initialised in the init method
and after finishing the final method. Added missing fields to init
method and call init method after finishing final.
The memsets have the wrong size in the original driver and did not
clear everything and are not necessary. Since no memset is done in
the kernels generic implementation, memsets were removed.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:05 +01:00
Daniel Kestrel
6ade9d1dda ltq-deu: remove compiler warning and shorten locked sections
Removing hash pointer in _hmac_setkey since its not needed and causes
a compiler warning.
Make the spinlock control sections shorter and move initializations
out of the control sections to free the spinlock faster for allowing
other threads to use the hash engine.
Minor improvements for indentation and removal of blanks and blank
lines in some areas.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:02 +01:00
Daniel Kestrel
0470b05b56 ltq-deu: fix temp size exceed in hmac algorithms
Exceeding the temp array size was not checked and instead storage not
allocated by the driver was used/overwritten which in most cases
resulted in reboots. This patch implements processing the input to the
hash algorithm in tempsize chunks.
The _hmac_final methods were changed to _hmac_final_impl adding a
parameter that indicates intermediate or final processing. The started
variable was added to the context to indicate, if there is an
intermediate result in the context. For sha1_hmac the variable to store
the intermediate hash was added to the context too.
In order to avoid md5_hmac_final_impl being recursively called if the
padding of the input and the resulting last transform during the hmac
algorighms final processing causes the temp array to overflow and to
make sure that there is at least one block in the temp array when the
_hmac_final for final processing is called, the check for exceeding
the temp array in _hmac_transform was moved before copying the block
and incrementing dbn. dbn needs to be at least 1 at final processing
time to let the hash engine apply the opad operation.
To make the hash engine not apply the hmac algorithms final opad
operation, for intermediate processing the dbn in the control register
is set to a higher value than number of dbns are actually processed.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:59 +01:00
Daniel Kestrel
85383b3112 ltq-deu: fix setkey errors and static shared temp for hmac algos
The hmac algorithms state, that keys larger than the key size should be
hashed with the underlying hash algorithms and then those hashes are to
be used as keys. This patch implements this. In order to avoid allocating
a descriptor during setkey, a shash_desc pointer is added to the context.
Another issue for multithreaded callers is the shared temp array.
The temp array is static and as such would be shared among multithreaded
callers, which obviously would neither work nor produce correct results.
The temp array (4k size) is moved to the context and since the size of
the context is limited, it can only be defined as pointer otherwise the
initialisation of the hash algorithm fails.
The allocations and freeing of both the temp and the desc pointer in the
context are done by implementing cra_init and cra_exit functions for
the hmac algorithms.
Also improved indentation in some areas.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:57 +01:00
Daniel Kestrel
9cb1875d2f ltq-deu: fix ifxdeu-ctr-rfc3686(aes) not matching generic impl
Error ifxdeu-ctr-rfc3686(aes) (16) doesn't match generic impl (20) occurs
when running the cryptomgr extra tests that compare against the linux
kernels generic implementation.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:53 +01:00
Daniel Kestrel
34a3eaf07f ltq-deu: changes for hash multithread callers and md5 endianess
The algorithms sha1, sha1_hmac and md5_hmac all use ENDI=1. The md5
algorithm uses ENDI=0 and the endian_swap methods to reverse the
endianess switch by using user CPU time, which is unnecessary overhead.
Danube and AR9 devices do not set endianess for SHA1, so is done for
MD5.
Furthermore the patch replaces endian_swap with le32_to_cpu for md5 and
md5 hmac algorithms and removes endian_swap for them.
The init functions initialize the algorithm in the hardware. The lock is
not used to write to the control register. If another thread calls
another hash algo before update or final, the result will be wrong.
Therefore move the algorithm init to the lock protected sections in the
transform or final methods.
Setting the hw key for the hmac algorithms is now done from within the
lock protected sections in their final methods. The lock protecting is
removed from the _hmac_setkey_hw functions.
In final for md5 and sha1 the lock section is removed, because all the
work was already done in transform (which is called from final). As such
only copying the hash to the output is required.
MD5 and MD5_HMAC produce 16 byte hashes (4 DWORDS) only, therefor
writing register D5R to the hash output is removed for MD5_HMAC.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:50 +01:00
Daniel Kestrel
87a19c9345 ltq-deu: make deu hash lock global and remove md5_hmac_ exports
All hash algorithms use the same base IFX_HASH_CON to access the hash unit.
Parallel threads should not be able to call different hash algorithms and
therefor a global lock is required.
Fixed linker warning, that md5_hmac_init, md5_hmac_update and
md5_hmac_final are static export symbols. The export symbols are not
required, because the functions are exposed using shash_alg structure.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:48 +01:00
Daniel Kestrel
536dc6f164 ltq-deu: add aes_ofb and aes_cfb algorithms
The functions ifx_deu_aes_cfg and ifx_deu_aes_ofb have been part of the
driver ever since. But the functions and definitions to make the
algorithms actually usable were missing.
This patch adds the neccessary code for aes_ofb and aes_cfb algorithms.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:45 +01:00
Daniel Kestrel
cd01d41c77 ltq-deu: fix cryptomgr test errors for aes
When running cryptomgr tests against the driver, there are several
occurences of different errors for even and uneven splitted data in the
underlying scatterlists for the ctr and ctr_rfc3686 algorithms which are
now fixed.
Fixed error in ctr_rfc3686_aes_decrypt function which was introduced with
the previous commit by using CRYPTO_DIR_ENCRYPT in the decrypt function.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:42 +01:00
Daniel Kestrel
19cb3c9dff ltq-deu: fix cryptomgr test errors for des
When running cryptomgr tests against the driver, there are several
occurences of different errors for setkey of des and des3-ede
algorithms.
Those key checks are already implemented in the kernels des
implementation, so this is added as dependency and the kernel methods
are called. It also required adding the kernels des/des3 context
definitions to the des_ctx internal structure to be able to call the
kernel methods.
Fixed ifxdeu-des... setkey unexpectedly succeeded on test vector x;
expected_error=-22.
Fixed ifxdeu-des... setkey failed on test vector x; expected_error=0,
actual_error=-22.
Renamed des_ctx internal structure and des_encrypt/des_decrypt methods
because they are already defined in the kernel module.
Fixed wrong DES_xxx constant definitions in crypto_alg definition for
ifxdeu_des3_ede_alg.
Fixed method comment errors.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:38 +01:00
Daniel Kestrel
e84c4b54f3 ltq-deu: convert SHA1 after library impl of SHA1 was removed
The <linux/cryptohash.h> was removed with Linux 5.8, because it only
contained the library implementation of SHA1, which was folded
into <crypto/sha.h>.
So switch this driver away from using <linux/cryptohash.h>.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:35 +01:00
Daniel Kestrel
737bd4f296 ltq-deu: convert blkcipher to skcipher
Convert blkcipher to skcipher for the synchronous versions of AES,
DES and ARC4.
The Block Cipher API was depracated for a while and was removed with
Linux 5.5. So switch this driver to the skcipher API.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:30 +01:00
Daniel Kestrel
c8967d6d12 ltq-deu: set correct control register for AES
Some devices initialize AES during boot and AES works out of the box
and the correct endianess is set.
NDC means (No Danube Compatibility Mode) and the endianess setting has
no effect if its set to 0.
NDC 0: OFF ENDI bit cannot be written as in Danube
To make it work for other devices, the NDC control register needs to
be set to 1.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:18 +01:00
Mathias Kresin
8dafa98bfb ltq-deu: make cipher/digest usable by openssl
OpenSSL with cryptdev support uses the data encryption unit (DEU) driver
for hard accelerated processing of ciphers/digests, if the flag
CRYPTO_ALG_KERN_DRIVER_ONLY is set.

Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-05 23:05:38 +01:00
Mathias Kresin
17656f21f3 ltq-deu: aes-ctr: process all input data
Even if the minimum blocksize is set to 16 (AES_BLOCK_SIZE), the crypto
manager tests pass 499 bytes of data to the aes-ctr encryption, from
which only 496 bytes are actually encrypted.

Reading the comment regarding the minimum blocksize, it only states that
it's the "smallest possible unit which can be transformed with this
algorithm". Which doesn't necessarily mean, the data have to be a
multiple of the minimal blocksize.

All kernel hardware crypto driver enforce a minimum blocksize of 1,
which perfect fine works for the lantiq data encryption unit as well.

Lower the blocksize limit to 1, to process not padded data as well.
In AES for processing the remaining bytes, uninitialized pointers
were used.
This patch fixes using uninitialized pointers and wrong offsets.

Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-05 23:05:38 +01:00
Mathias Kresin
ab270c6fbc ltq-deu: aes: do not read/write behind buffer
When handling non-aligned remaining data (not padded to 16 byte
[AES_BLOCK_SIZE]), a full 16 byte block is read from the input buffer
and written to the output buffer after en-/decryption.

While code already assumes that an input buffer could have less than 16
byte remaining, as it can be seen by the code zeroing the remaining
bytes till AES_BLOCK_SIZE, the full AES_BLOCK_SIZE is read.

An output buffer size of a multiple of AES_BLOCK_SIZE is expected but
never validated.

To get rid of the read/write behind buffer, use a temporary buffer when
dealing with not padded data and only write as much bytes to the output
as we read.

Do not memcpy directly to the register, to make used of the endian swap
macro and to trigger the crypto start operator via the ID0R to trigger
the register. Since we might need an endian swap for the output in
future, use a temporary buffer for the output as well.

The issue could not be observed so far, since all caller of ifx_deu_aes
will ignore the padded (remaining) data. Considering that the minimum
blocksize for the algorithm is set to AES_BLOCK_SIZE, the behaviour
could be called expected.

Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-05 23:05:38 +01:00
Mathias Kresin
11d2c71538 ltq-deu: init des/aes before registering crpyto algorithms
The crypto algorithms are registered and available to the system before
the chip is actually powered on and the generic parameter for the DEU
behaviour set.

The issue can mainly be observed if the crypto manager tests are enabled
in the kernel config. The crypto manager test run directly after an
algorithm is registered.

Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-05 23:05:38 +01:00
Paul Spooren
6ba8d510b8 lua: add HOST_FPIC for host builds
Compiling without fPIC causes linking issues for packages using liblua.

Add $(HOST_FPIC) to host builds for both lua and lua5.3.

Suggested-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-01-03 10:34:31 +01:00
Nick Hainke
7df80be410 binutils: fix compiling with arch-based distros
Arch Linux users have encountered problems with packages that have a dependency on binutils. This error happens when libtool is doing:
  libtool: relink: ...
So change PKG_FIXUP to "patch-libtool".

Fixes error in the form of:
  libtool: install: error: relink `libctf.la' with the above command
           before installing it

Upstream Bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=28545

OpenWrt Bug:
https://bugs.openwrt.org/index.php?do=details&task_id=4149

Acked-by: John Audia <graysky@archlinux.us>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-01-02 20:33:28 +01:00
Eneas U de Queiroz
def9565be6 openssl: bump to 1.1.1m
This is a bugfix release.  Changelog:

  *) Avoid loading of a dynamic engine twice.
  *) Fixed building on Debian with kfreebsd kernels
  *) Prioritise DANE TLSA issuer certs over peer certs
  *) Fixed random API for MacOS prior to 10.12

Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-01-01 18:02:49 +01:00
Nick Hainke
f61816fdff hostapd: refresh patchset
Recently the hostapd has undergone many changes. The patches were not refreshed.
Refreshed with
    make package/hostapd/{clean,refresh}

Refreshed:
    - 380-disable_ctrl_iface_mib.patch
    - 600-ubus_support.patch
    - 700-wifi-reload.patch
    - 720-iface_max_num_sta.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-12-31 12:11:59 +01:00
Stijn Tintel
9ba6ee4e25 nftables: allow quoted string in flowtable_expr_member
This is required to be able to use flow offloading on devices with
ifnames that start with a digit, like 6in4-wan6.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-31 02:07:13 +02:00
Sergey V. Lobanov
6bfc8bb4a3 utils/px5g-wolfssl: make selfsigned certicates compatible with chromium
Chromium based web-browsers (version >58) checks x509v3 extended attributes.
If this check fails then chromium does not allow to click "Proceed to ...
(unsafe)" link. This patch add three x509v3 extended attributes to self-signed
certificate:
1. SAN (Subject Alternative Name) (DNS Name) = CN (common name)
2. Key Usage = Digital Signature, Non Repudiation, Key Encipherment
3. Extended Key Usage = TLS Web Server Authentication

SAN will be added only if CONFIG_WOLFSSL_ALT_NAMES=y

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2021-12-29 22:55:16 +01:00