Zip always try to generate new encryption header depending on execution
time and process id, which is far from being reproducible. This commit
changes the zip srand() seed to a predictable value to generate
reproducible random bytes for the encryption header. This will compromise
the goal of secure archive encryption, but it would not be a big problem
for our purpose.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Remove "--mtime" option introduced in commit 18c9faa032 ("tools: zip:
add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH
environment variable directly in the code.
Ref: https://sourceforge.net/p/infozip/patches/25/
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Zip uses DOS timestamp for mtime which is stored in local time and hence
depends on the timezone of the build system. Force zip to use UTC timezone
to make image builds more reproducible.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
This adds support for the Renkforce WS-WN530HP3-A ceiling-
mountable Wireless Access Point, which is powered over PoE.
Hardware:
- SoC: Mediatek MT7621DAT
- RAM: 128MiB on SoC
- Flash: 16MiB GigaDevice GD25Q128C
- 2.4Ghz Wifi: Mediatek MT603EN
- 5GHz Wifi: MT613BEN
- Ethernet:
- 1x 1GBit WAN port, passive PoE capable
- 2x 1GBit LAN ports
LEDs: 1x Bi-Color LED (red/blue)
Buttons: 1x Reset Button, 1x Power Button
Installation:
Power on the access point and immedately press the reset
button for 10 seconds. Connect web-browser to 192.168.10.1
and upload sysupgrade image. Flash uploaded image and wait
about 2 minutes for reboot.
Signed-off-by: Birger Koblitz <mail@birger-koblitz.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [fixed SoB]
These were present in ar71xx but overlooked when porting to ath79.
Fixes: 480bf28273 ("ath79: add support for Buffalo WZR-HP-AG300H")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The MikroTik RouterBOARD mAPL-2nd (sold as mAP Lite) is a small
2.4 GHz 802.11b/g/n PoE-capable AP.
See https://mikrotik.com/product/RBmAPL-2nD for more info.
Specifications:
- SoC: Qualcomm Atheros QCA9533
- RAM: 64 MB
- Storage: 16 MB NOR
- Wireless: Atheros AR9531 (SoC) 802.11b/g/n 2x2:2, 1.5 dBi antenna
- Ethernet: Atheros AR8229 (SoC), 1x 10/100 port, 802.3af/at PoE in
- 4 user-controllable LEDs:
· 1x power (green)
· 1x user (green)
· 1x lan (green)
· 1x wlan (green)
Flashing:
TFTP boot initramfs image and then perform sysupgrade. Follow common
MikroTik procedure as in https://openwrt.org/toh/mikrotik/common.
Note: following 781d4bfb39
The network setup avoids using the integrated switch and connects the
single Ethernet port directly. This way, link speed (10/100 Mbps) is
properly reported by eth0.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Add kmod-ramoops to the default set of device packages in
R7800 and XR500, so that the ramoops kernel crash logs
are provided by default for these routers.
The capability was earlier defined by 97158fe1 and cf346dfa,
but the feature was not yet turned on by default.
The possible kernel crashes are stored into /sys/fs/pstore/*
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
In addition to the missing green LED definition, the polarity of the
amber power LED was incorrect which is fixed here.
Signed-off-by: Sven Schwermer <sven@svenschwermer.de>
The skb->len field is read after the packet is sent to the network
stack. In the meantime, skb can be freed. This patch fixes this bug.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
This patch adds the device-specific configuration to u-boot-envtools for
I-O DATA BSH-G24MB switch.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
I-O DATA BSH-G24MB is a 24 port gigabit switch, based on RTL8382M.
Specification:
- SoC : Realtek RTL8382M
- RAM : DDR2 128 MiB (Nanya NT5TU128M8HE-AC)
- Flash : SPI-NOR 16 MiB (Macronix MX25L12835FM2I-10G)
- Ethernet : 10/100/1000 Mbps x24
- port 1-8 : RTL8218B
- port 9-16 : RTL8218B (SoC)
- port 17-24 : RTL8218B
- LEDs/Keys : 2x, 1x
- UART : pin header on PCB
- JP2: 3.3V, TX, RX, GND from rear side
- 115200n8
- Power : 100 VAC, 50/60 Hz
- Plug : IEC 60320-C13
Flash instruction using sysupgrade image:
1. Boot BSH-G24MB normally
2. Connect BSH-G24MB to the DHCP enabled network
3. Find the device's IP address and open the WebUI and login
Note: by default, the device obtains IP address from DHCP server of
the network
4. Open firmware update page ("ファームウェア アップデート")
5. Rename the OpenWrt sysupgrade image to "bsh-g24mb_v100.image" and
select it
6. Press apply ("適用") button to perform update
7. Wait ~150 seconds to complete flashing
Note:
- BSH-G24MB has a power-related LED ("電源"), but it's not connected to
the GPIO of the SoC or RTL8231 and cannot be controlled. Instead of
it, use system status LED on other than running-state.
- "sys_loop" LED indicates system status and loop-detection status in
stock firmware.
- BSH-G24MB has 2x os-image partitions named as "RUNTIME"/"RUNTIME2" in
16 MiB SPI-NOR flash and the size of image per partition is only
6848 KiB. The secondary image is never used on stock firmware, so also
use it on OpenWrt to get more space.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
This switches the iwlwifi-firmware-ax200 file to API version 66, this is
the most recent version supported by our driver.
The following files used in OpenWrt changed:
amdgpu-firmware/lib/firmware/amdgpu/yellow_carp_dmcub.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_010a.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_010b.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_0303.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_gf.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_gf_010a.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_gf_010b.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_gf_0303.bin
ar3k-firmware/lib/firmware/qca/rampatch_usb_00130200.bin
ar3k-firmware/lib/firmware/qca/rampatch_usb_00130201.bin
iwlwifi-firmware-ax200/lib/firmware/iwlwifi-cc-a0-66.ucode
iwlwifi-firmware-ax210/lib/firmware/iwlwifi-ty-a0-gf-a0-66.ucode
iwlwifi-firmware-ax210/lib/firmware/iwlwifi-ty-a0-gf-a0.pnvm
iwlwifi-firmware-iwl9000/lib/firmware/iwlwifi-9000-pu-b0-jf-b0-46.ucode
iwlwifi-firmware-iwl9260/lib/firmware/iwlwifi-9260-th-b0-jf-b0-46.ucode
rtl8822ce-firmware/lib/firmware/rtw88/rtw8822c_fw.bin
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
exit in preinit script was stopping whole process
Fixes: 93259e8ca2 ("bcm4908: support "rootfs_data" on U-Boot devices")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
3276aed81c73 move run_cmd() to main.c
558eabc13c64 map: move dns host based lookup code to a separate function
6ff06d66c36c dns: add code for snooping dns packets
a78bd43c4a54 ubus: remove dnsmasq subscriber
9773ffa70f1f map: process dns patterns in the order in which they were defined
f13b67c9a786 dns: allow limiting dns entry matching to cname name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Ensures that the DSA driver sets exactly the same default flags as the
bridge when a port joins or leaves. Without this we end up with a
confusing flag mismatch, where DSA and bridge ports use different sets
of flags.
This is critical as the "learning" mismatch will be harmful to the
network, causing all traffic to be flooded on all ports.
The original commit was buggy, trying to set the flags one-by-one in a
loop. This was not supported by the API and the end result was that
all but the last flag were cleared. This bug was implicitly fixed
upstream by commit e18f4c18ab5b ("net: switchdev: pass flags and mask
to both {PRE_,}BRIDGE_FLAGS attributes").
This is a minimum temporary stop measure fix for the critical lack of
"learning" only. The major API change associated with a full v5.12+
backport is neither required nor wanted. A simpler fix, moving the
call to dsa_port_bridge_flags() out of the loop, has therefore been
merged into this modified backport.
Fixes: afa3ab54c0 ("realtek: Backport bridge configuration for DSA")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Acked-by: Daniel Golle <daniel@makrotopia.org>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
[fix typos in commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This patch enable parser_trx and disable mtdsplit_trx for mt76x8
subtarget.
The trx format is used only on Buffalo WCR-1166DS in mt76x8 subtarget
and the parser need to be switched to parser_trx to use the custom magic
number in the header for WCR-1166DS.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
This patch adds a patch to allow using parser_trx from ramips target,
mainly for Buffalo devices.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
This patch moves the patches of parser_trx in mediatek target to
generic/backport-5.10 to use the changes from ramips target and
backport the additional patch of the parser.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
This patch converts MAC address configuration of Buffalo WCR-1166DS in
02_network to use the generic function of OpenWrt. And also, add
label_mac.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
AV1300 Gigabit Passthrough Powerline ac Wi-Fi Extender
Specifications
--------------
* SoC: MediaTek MT7621AT
* CPU: 880 MHz MIPS 1004KEc dual-core CPU
* RAM: 64 MiB DDR2 (Zentel A3R12E40DBF-8E)
* Flash: 8 MiB SPI NOR (GigaDevice GD25Q64CSIG)
* Ethernet: SoC built-in Switch 5x 1GbE
* Port 0: PLC (connected through AR8035-A)
* Port 1-3: LAN
* WLAN: 2x2 2.4GHz 300 Mbps + 2x2 5GHz 867 Mbps (MT7603EN + MT7613BEN)
* PLC: HomePlug AV2 (Qualcomm QCA7500)
* PLC Flash: 2MiB SPI NOR (GigaDevice GD25Q16CSIG)
* Buttons: Reset, LED, Pair, Wi-Fi
* LEDs: Power (green), PLC (green/amber), LAN (green), 2.4G (green),
5G (green)
* UART: J1 (57600 baud)
* Pinout: (3V3) (GND) (RX) (TX)
* Visually identify GND from connection to PCB ground plane
Installation
------------
Installation is possible from the OEM web interface. Make sure to install
the latest OEM firmware first, so that the PLC firmware is at the latest
version. However, please first check the OpenWRT Wiki page for
confirmation that your OEM firmware version is supported.
Signed-off-by: Joe Mullally <jwmullally@gmail.com>
This adds the new tc-bpf variant and removes libxtables dependency from
the tc-tiny variant. The tc-full variant stays like before and contains
everything.
This allows to use tc without libxtables.
The variants have the following sizes:
root@OpenWrt:/# ls -al /usr/libexec/tc-*
-rwxr-xr-x 1 root root 282453 Mar 1 21:55 /usr/libexec/tc-bpf
-rwxr-xr-x 1 root root 282533 Mar 1 21:55 /usr/libexec/tc-full
-rwxr-xr-x 1 root root 266037 Mar 1 21:55 /usr/libexec/tc-tiny
They are linking the following shared libraries:
root@OpenWrt:/# ldd /usr/libexec/tc-tiny
/lib/ld-musl-mips-sf.so.1 (0x77d6e000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d4a000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77d6e000)
root@OpenWrt:/# ldd /usr/libexec/tc-bpf
/lib/ld-musl-mips-sf.so.1 (0x77da6000)
libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77d60000)
libelf.so.1 => /usr/lib/libelf.so.1 (0x77d3e000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d1a000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77da6000)
libz.so.1 => /usr/lib/libz.so.1 (0x77cf6000)
root@OpenWrt:/# ldd /usr/libexec/tc-full
/lib/ld-musl-mips-sf.so.1 (0x77de8000)
libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77da2000)
libelf.so.1 => /usr/lib/libelf.so.1 (0x77d80000)
libxtables.so.12 => /usr/lib/libxtables.so.12 (0x77d66000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d42000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77de8000)
libz.so.1 => /usr/lib/libz.so.1 (0x77d1e000)
This is based on a patch from Tiago Gaspar.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add U-Boot environment settings for Ruijie RG-EW3200GX PRO to allow
users to access the bootloader environment using fw_printenv/fw_setenv
while running OpenWrt.
Signed-off-by: Langhua Ye <y1248289414@outlook.com>
X32 Pro is another product name for it in the Chinese market.
Specifications:
- SoC: MT7622B
- RAM: 256MB
- Flash: XMC XM25QH128C or Winbond WQ25Q128JVSQ 16MB SPI NOR
- Ethernet: 5x1GbE
- Switch: MT7531BE
- WiFi: 2.4G: MT7622 5G: MT7915AN+MT7975AN
- 3LEDs: System LED(blue) + Mesh LED(green) + Mesh LED(red)
- 2Keys: Mesh button + Reset button
- UART: Marked J19 on board. 3.3v, 115200n1
- Power: 12V 2.5A
MAC addresses as verified by OEM firmware:
use address source
WAN *:F4 ethaddr@product_info
LAN *:F5
5g *:F6
2g *:F7
Flash instruction:
1. Serve the initramfs.img using a TFTP server with address 10.10.10.3.
2. Interrupt the uboot startup process via UART.
3. Select "System Load Linux to SDRAM via TFTP" item.
4. (important) Back up firmware(mtd7) partitions with:
dd if=/dev/mtd7 of=/tmp/firmware.bin
and then download the firmware.bin image via SCP.
5. Flash the OpenWrt sysupgrade firmware.
Recovery stock firmware:
1. Transfer the firmware.bin image to the device.
2. Flash the image with:
mtd write firmware.bin firmware
Signed-off-by: Langhua Ye <y1248289414@outlook.com>
The XMC XM25QH128C is a 16MB SPI NOR chip. The patch is verified on Ruijie RG-EW3200GX PRO.
Datasheet available at https://www.xmcwh.com/uploads/435/XM25QH128C.pdf
Signed-off-by: Langhua Ye <y1248289414@outlook.com>
Steps to reproduce:
1. Insert NVMe disk with a reduction to Turris Omnia
2. Go to U-boot
3. Run these two commands:
a) ``nvme scan``
b) ``nvme detail``
4. Wait for crash
This is backported from U-boot upstream repository.
It should be included in the upcoming release - 2022.04 [1].
It was tested on Turris Omnia, mvebu, cortex-a9, OpenWrt master.
[1] https://patchwork.ozlabs.org/project/uboot/patch/20211209100639.21530-1-pali@kernel.org/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[Export the patch from U-Boot git]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
be64enc, be16dec, and be32dec are declared on FreeBSD 13.0, in
/usr/include/sys/endian.h so we should not declare them.
Fixes the following error during feeds update:
staging_dir/host/bin/mkhash: No such file or directory
gcc scripts/mkhash.c
scripts/mkhash.c:111:1: error: redefinition of 'be64enc'
111 | be64enc(void *buf, uint64_t u)
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
Without PKG_RELEASE, it's impossible to trigger package updates when
changing files included in the package that are not in the qosify git
repository.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Felix Fietkau <nbd@nbd.name>
1. Create "rootfs_data" dynamicaly
U-Boot firmware images can contain only 2 UBI volumes: bootfs (container
with U-Boot + kernel + DTBs) and rootfs (e.g. squashfs). There is no way
to include "rootfs_data" UBI volume or make firmware file tell U-Boot to
create one.
For that reason "rootfs_data" needs to be created dynamically. Use
preinit script to handle that. Fire it right before "mount_root" one.
2. Relate "rootfs_data" to flashed firmware
As already explained flashing new firmware with U-Boot will do nothing
to the "rootfs_data". It could result in new firmware reusing old
"rootfs_data" overlay UBI volume and its file. Users expect a clean
state after flashing firmware (even if flashing the same one).
Solve that by reading flash counter of running firmware and storing it
in "rootfs_data" UBI volume. Every mismatch will result in wiping old
data.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The /tmp directory is mounted as tmpfs. The tmpfs filesystem is backed by
anonymous memory, which means it can be swapped out at any time, if there is
memory pressure [1]. For this reason, a zram swap device is a much better
choice than mounting /tmp on zram, since it's able to compress all anonymous
memory, and not just the memory assigned to /tmp. We already have the zram-swap
package for this specific purpose, which means procd's tmp-on-zram is both
redundant and more limited.
A follow-up patch will remove support for mounting /tmp in zram from procd
itself.
[1] https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Enable support for allocating user space page table entries in high memory [1],
for the targets which support this feature. This saves precious low memory
(permanently mapped, the only type of memory directly accessible by the kernel).
[1] https://www.kernel.org/doc/html/latest/vm/highmem.html
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Update to the latest upstream version. In this version there is a new
tool with which you can convert ipsets into nftables sets. Since we are
now using nftables as default firewall, this could be a useful tool for
porting ipsets to nftables sets.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt
```
It includes the following security fix
* In some situations the X.509 verifier would discard an error on an
unverified certificate chain, resulting in an authentication bypass.
Thanks to Ilya Shipitsin and Timo Steinlein for reporting.
```
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Remove macOS stuff. Upstream has fixed it in the same way.
Add SOL_TCP define. Taken from elsewhere in the code.
Refreshed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Switched to CMake for faster compilation and greater parallel
friendliness.
Added CMake options from the packages feed.
This release fixes various CVEs.
Signed-off-by: Rosen Penev <rosenp@gmail.com>