Commit Graph

54589 Commits

Author SHA1 Message Date
Rafał Miłecki
28e5045f3a bcm4908: include usbport trigger
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cb2661844a)
2023-03-27 09:03:24 +02:00
Rafał Miłecki
836e3d1e5e bcm4908: backport v6.4 pending DTS changes
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ffaabee9b8)
2023-03-27 09:03:24 +02:00
Daniel González Cabanelas
b7c031d933 ipq40xx: Linksys MR8300: fix the USB port power
The USB port on the MR8300 randomly fails to feed bus-powered devices.

This is caused by a misconfigured pinmux. The GPIO68 should be used to
enable the USB power (active low), but it's inside the NAND pinmux.

This GPIO pin was found in the original firmware at a startup script in
both MR8300 and EA8300. Therefore apply the fix for both boards.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit ed64c33235)

Signed-off-by: Steffen Scheib <steffen@scheib.me>
2023-03-27 00:00:20 +02:00
Tony Butler
0170bc1af1 ramips: mt7621: enable lzma-loader for AFOUNDRY EW1200
Fixes boot loader LZMA decompression issues (LZMA ERROR 1)
As reported in issue #12208

Reported-by: Raúl M. <raul.m@sparkedhost.com>
Tested-by: Raúl M. <raul.m@sparkedhost.com>
Signed-off-by: Tony Butler <spudz76@gmail.com>
(cherry picked from commit 889bbf89bb)
2023-03-26 23:56:41 +02:00
Chuanhong Guo
96e3fee7ad
ramips: fix 5g mac for TOTOLINK X5000R
There's no valid mac address for the second band in the eeprom.
The vendor fw uses 2.4G mac + 4 as the mac for 5G radio.
Do the same in our firmware.

Fixes: 23be410b3d ("ramips: add support for TOTOLINK X5000R")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 2126325400)
2023-03-27 00:07:34 +08:00
David Bauer
f5db04e8ea ramips: add support for Mercusys MR70X
Hardware
========
- SoC: MediaTek MT7621AT (880MHz, Duel-Core)
- RAM: DDR3 128MB
- Flash: Winbond W25Q128JV (SPI-NOR 16MB)
- WiFi: MediaTek MT7915D (2.4GHz, 5GHz, DBDC)
- Ethernet: MediaTek MT7530 (WAN x1, LAN x3, SoC)
- UART: >TX RX GND 3v3 (115200 8N1, J1)
        Do not connect 3v3. TX is marked with an arrow.

Installation
============
Flash factory image. This can be done using stock web ui.

Revert to stock firmware
========================
Flash stock firmware via OEM Web UI Recovery mode.

Web UI Recovery method
======================
1. Unplug the router
2. Plug in and hold reset button 5~10 secs
3. Set your computer IP address manually to 192.168.1.x / 255.255.255.0
4. Flash image with web browser to 192.168.1.1

Co-authored-by: Robert Senderek <robert.senderek@10g.pl>
Co-authored-by: Yoonji Park <koreapyj@dcmys.kr>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 47de2c6862)
2023-03-24 16:04:38 +01:00
David Bauer
c58959dc45 firmware-utils: tplink-safeloader: add Mercusys MR70X
Signed-off-by: David Bauer <mail@david-bauer.net>
2023-03-24 16:04:38 +01:00
David Bauer
c1bfb704b1 ramips: fix Archer AX23 WiFi MAC address conflict
The original claim about conflicting MAC addresses is wrong. mac80211
does increment the first octet and sets the LA bit.

This means our "workaround" actually leads to the issue while
incrementing the last octet is safe.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit d52870125d)
2023-03-21 05:10:26 +01:00
David Bauer
3c6692ba03 ramips: add support for TP-Link Archer AX23 v1
Hardware
--------
CPU:    MediaTek MT7621 DAT
RAM:    128MB DDR3 (integrated)
FLASH:  16MB SPI-NOR ()
WiFi:   MediaTek MT7905 + MT7975 (2.4 / 5 DBDC) 802.11ax
SERIAL: 115200 8N1
        LEDs - (3V3 - GND - RX - TX) - ETH ports

Installation
------------

Upload the factory image using the Web-UI.

Web-Recovery
------------

The router supports a HTTP recovery mode by holding the reset-button
when powering on. The interface is reachable at 192.168.0.1 and supports
installation using the factory image.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7dceef5ee5)
2023-03-21 04:28:52 +01:00
David Bauer
a507243bfe firmware-utils: tplink-safeloader: add TP-Link Archer AX23 v1
Signed-off-by: David Bauer <mail@david-bauer.net>
2023-03-15 01:22:20 +01:00
David Bauer
788a0cf15c mpc85xx: add support for Watchguard Firebox T10
Hardware
--------
SoC:    Freescale P1010
RAM:    512MB
FLASH:  1 MB SPI-NOR
        512 MB NAND
ETH:    3x Gigabite Ethernet (Atheros AR8033)
SERIAL: Cisco RJ-45 (115200 8N1)
RTC:    Battery-Backed RTC (I2C)

Installation
------------

1. Patch U-Boot by dumping the content of the SPI-Flash using a SPI
   programmer. The SHA1 hash for the U-Boot password is currently
   unknown.

   A tool for patching U-Boot is available at
   https://github.com/blocktrron/t10-uboot-patcher/

   You can also patch the unknown password yourself. The SHA1 hash is
   E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA

2. Interrupt the bootmenu by pressing CTRL+C. A password prompt appears.
   The patched password is '1234' (without quotation marks)

3. Download the OpenWrt initramfs image. Copy it to a TFTP server
   reachable at 10.0.1.13/24 and rename it to uImage.

4. Connect the TFTP server to ethernet port 0 of the Watchguard T10.

5. Download and boot the initramfs image by entering "tftpboot; bootm;"
   in U-Boot.

6. After OpenWrt booted, create a UBI volume on the old data partition.
   The "ubi" mtd partition should be mtd7, check this using

   $ cat /proc/mtd

   Create a UBI partition by executing

   $ ubiformat /dev/mtd7 -y

7. Increase the loadable kernel-size of U-Boot by executing

   $ fw_setenv SysAKernSize 800000

8. Transfer the OpenWrt sysupgrade image to the Watchguard T10 using
   scp. Install the image by using sysupgrade:

   $ sysupgrade -n <path-to-sysupgrade>

   Note: The LAN ports of the T10 are 1 & 2 while 0 is WAN. You might
   have to change the ethernet-port.

9. OpenWrt should now boot from the internal NAND. Enjoy.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 35f6d79513)
2023-03-10 00:13:29 +01:00
David Bauer
0a32f66fea generic: remove patch for unused kernel version
Remove this stray patch, as OpenWrt 22.03 does not target kernel 5.15.

Fixes commit b18a0d0b92 ("generic: add support for EON EN25QX128A spi nor flash")

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-03-05 20:28:01 +01:00
David Bauer
ea6fb9c16d generic: MIPS: Add barriers between dcache & icache flushes
This fixes spurious boot-errors with some ath79 MIPS 74Kc boards such
as the AC Lite as well as Archer C7 v2.

The missing barrier leads to the icache flush being executed before the
dcache writeback, which results in the CPU executing the dummy infinite
loop in tlbmiss_handler_setup_pgd.

Applying this patch from upstream ensures the dcache is written back
before flushing the icache.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 26bc8f6876)
2023-03-05 20:22:10 +01:00
Felix Fietkau
7b05a8d05d kernel: fix mtk dsa tag padding
The padding intended to avoid corrupted non-zero padding payload was
accidentally adding too many padding bytes, tripping up some setups.
Fix this by using eth_skb_pad instead.
Fixes #11942.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 9307c27539)
2023-03-03 12:47:33 +01:00
Tim Harvey
cfce8ab388 kernel: can: fix MCP251x CAN controller module autoload
Fix autoload module name for can-mcp251x kmod.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
(cherry picked from commit 29d02d8ce5)
2023-02-26 18:18:52 +01:00
John Audia
55a48b0957 kernel: bump 5.10 to 5.10.168
Manually rebased:
  backport-5.10/804-v5.14-0001-nvmem-core-allow-specifying-of_node.patch

Removed upstreamed:
  generic-backport/807-v5.17-0003-nvmem-core-Fix-a-conflict-between-MTD-and-NVMEM-on-w.patch[1]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.168&id=34ec4c7831c416ac56619477f1701986634a7efc

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 461072fc7b)
[Refresh on OpenWrt 22.03]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-02-18 19:31:16 +01:00
John Audia
a66e53d8ed kernel: bump 5.10 to 5.10.167
All patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 712681458a)
2023-02-18 19:31:16 +01:00
John Audia
3167f7c9fa
openssl: bump to 1.1.1t
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]

  *) Fixed X.400 address type confusion in X.509 GeneralName.

     There is a type confusion vulnerability relating to X.400 address processing
     inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
     but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
     vulnerability may allow an attacker who can provide a certificate chain and
     CRL (neither of which need have a valid signature) to pass arbitrary
     pointers to a memcmp call, creating a possible read primitive, subject to
     some constraints. Refer to the advisory for more information. Thanks to
     David Benjamin for discovering this issue. (CVE-2023-0286)

     This issue has been fixed by changing the public header file definition of
     GENERAL_NAME so that x400Address reflects the implementation. It was not
     possible for any existing application to successfully use the existing
     definition; however, if any application references the x400Address field
     (e.g. in dead code), note that the type of this field has changed. There is
     no ABI change.
     [Hugo Landau]

  *) Fixed Use-after-free following BIO_new_NDEF.

     The public API function BIO_new_NDEF is a helper function used for
     streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
     to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
     be called directly by end user applications.

     The function receives a BIO from the caller, prepends a new BIO_f_asn1
     filter BIO onto the front of it to form a BIO chain, and then returns
     the new head of the BIO chain to the caller. Under certain conditions,
     for example if a CMS recipient public key is invalid, the new filter BIO
     is freed and the function returns a NULL result indicating a failure.
     However, in this case, the BIO chain is not properly cleaned up and the
     BIO passed by the caller still retains internal pointers to the previously
     freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
     then a use-after-free will occur. This will most likely result in a crash.
     (CVE-2023-0215)
     [Viktor Dukhovni, Matt Caswell]

  *) Fixed Double free after calling PEM_read_bio_ex.

     The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
     decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
     data. If the function succeeds then the "name_out", "header" and "data"
     arguments are populated with pointers to buffers containing the relevant
     decoded data. The caller is responsible for freeing those buffers. It is
     possible to construct a PEM file that results in 0 bytes of payload data.
     In this case PEM_read_bio_ex() will return a failure code but will populate
     the header argument with a pointer to a buffer that has already been freed.
     If the caller also frees this buffer then a double free will occur. This
     will most likely lead to a crash.

     The functions PEM_read_bio() and PEM_read() are simple wrappers around
     PEM_read_bio_ex() and therefore these functions are also directly affected.

     These functions are also called indirectly by a number of other OpenSSL
     functions including PEM_X509_INFO_read_bio_ex() and
     SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
     internal uses of these functions are not vulnerable because the caller does
     not free the header argument if PEM_read_bio_ex() returns a failure code.
     (CVE-2022-4450)
     [Kurt Roeckx, Matt Caswell]

  *) Fixed Timing Oracle in RSA Decryption.

     A timing based side channel exists in the OpenSSL RSA Decryption
     implementation which could be sufficient to recover a plaintext across
     a network in a Bleichenbacher style attack. To achieve a successful
     decryption an attacker would have to be able to send a very large number
     of trial messages for decryption. The vulnerability affects all RSA padding
     modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
     (CVE-2022-4304)
     [Dmitry Belyavsky, Hubert Kario]

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 4ae86b3358)

The original commit removed the upstreamed patch 010-padlock.patch, but
it's not on OpenWrt 22.03, so it doesn't have to be removed.

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2023-02-14 17:08:23 +01:00
Christian Marangi
f7541aecdc bpf: ignore missing LLVM bins on package for non compile steps
To download a package the LLVM bins are not strictly needed.
Currently with an example run of make package/bridger/download V=s, the
build fail with

make[2]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
bash: line 1: /home/ansuel/openwrt-ansuel/openwrt/staging_dir/host/llvm-bpf/bin/clang: No such file or directory
bash: line 1: [: : integer expression expected
/home/ansuel/openwrt-ansuel/openwrt/include/bpf.mk:71: *** ERROR: LLVM/clang version too old. Minimum required: 12, found: .  Stop.
make[2]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
time: package/network/services/bridger/download#0.04#0.00#0.06
    ERROR: package/network/services/bridger failed to build.

This is wrong since it may be needed to download the required packages
first and then compile them later.

Fix this by ignoring the LLVM bin check on non compile steps.

Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 116c73fd71)
2023-02-09 08:37:35 +00:00
Hauke Mehrtens
98b8507e83 bpf: check llvm version only when used
unetd always includes $(INCLUDE_DIR)/bpf.mk. This file always checks if
the LLVM version is supported in CLANG_VER_VALID. unetd only needs bpf
when UNETD_VXLAN_SUPPORT is set. It fails when UNETD_VXLAN_SUPPORT is
not set and llvm is not installed.

Fix it by only checking the LLVM version when a LLVM toolchain is
available.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit c58177b5dc)
2023-02-09 08:37:22 +00:00
Petr Štetiar
7370479224 at91: sam9x,sama5: fix racy SD card image generation
We've few low spec (make -j3) build workers attached to the 22.03
buildbot instance which from time to time exhibit following build
failure during image generation (shortened for brewity):

 + dd bs=512 if=root.ext4 of=openwrt-22.03...sdcard.img.gz.img
 dd: failed to open 'root.ext4': No such file or directory

Thats happening likely due to the fact, that on buildbots we've
`TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem
image in the SD card image target dependency chain:

 make_ext4fs -L rootfs ... root.ext4+pkg=68b329da

and that hardcoded `root.ext4` image filename becomes available from
other Make targets in the later stages. So lets fix this issue by using
IMAGE_ROOTFS Make variable which should contain proper path to the root
filesystem image.

Fixing remaining subtargets ommited in commit 5c3679e39b ("at91:
sama7: fix racy SD card image generation").

Fixes: 5c3679e39b ("at91: sama7: fix racy SD card image generation")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3b669bc3f3)
2023-02-08 09:16:43 +01:00
Petr Štetiar
52564e65d5 at91: sama7: fix racy SD card image generation
We've few low spec (make -j3) build workers attached to the 22.03
buildbot instance which from time to time exhibit following build
failure during image generation:

 + dd bs=512 if=root.ext4 of=openwrt-22.03-snapshot-r20028-43d71ad93e-at91-sama7-microchip_sama7g5-ek-ext4-sdcard.img.gz.img seek=135168 conv=notrunc
 dd: failed to open 'root.ext4': No such file or directory

Thats likely due to the fact, that on buildbots we've
`TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem
image in the SD card image target dependency chain:

 make_ext4fs -L rootfs ... root.ext4+pkg=68b329da

and that hardcoded root.ext4 becomes available from other target in the
later stages. So lets fix this issue by using IMAGE_ROOTFS Make variable
which should contain proper path to the root filesystem image.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5c3679e39b)
2023-02-08 09:16:43 +01:00
Hauke Mehrtens
863288b49d mac80211: Update to version 5.15.92-1
This update mac80211 to version 5.15.92-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-02-08 00:17:27 +01:00
John Audia
71cbc95111 kernel: bump 5.10 to 5.10.166
All patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 50324b949b)
2023-02-05 20:43:19 +01:00
Arınç ÜNAL
3fd3d99e3a ramips: mt7621-dts: fix phy-mode of external phy on GB-PC2
The phy-mode property must be defined on the MAC instead of the PHY. Define
phy-mode under gmac1 which the external phy is connected to.

Tested-by: Petr Louda <petr.louda@outlook.cz>
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit 5155200f97)
2023-02-03 14:20:33 +01:00
Tim Harvey
212c3ffdfc octeontx: add sqaushfs and ramdisk to features
Add squashfs and ramdisk to features as these are commonly used images
for the octeontx.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
(cherry picked from commit af5635e6ca)
2023-02-03 13:54:45 +01:00
Tom Herbers
2601873cc5 ath79: add LTE packages for GL-XE300
Add LTE packages required for operating the LTE modems shipped with
the GL-XE300.

Example configuration for an unauthenticated dual-stack APN:

network.wwan0=interface
network.wwan0.proto='qmi'
network.wwan0.device='/dev/cdc-wdm0'
network.wwan0.apn='internet'
network.wwan0.auth='none'
network.wwan0.delay='10'
network.wwan0.pdptype='IPV4V6'

Signed-off-by: Tom Herbers <mail@tomherbers.de>
(cherry picked from commit 67f283be44)
2023-02-03 11:49:18 +01:00
Tom Herbers
2702ef9427 ath79: add label-mac-device for GL-XE300
This adds an label-mac-device alias which refrences the mac which is
printed on the Label of the device.

Signed-off-by: Tom Herbers <mail@tomherbers.de>
(cherry picked from commit f83f5f8452)
2023-02-03 11:49:18 +01:00
Leo Soares
0657576ce1 ath79: add LTE led for GL.iNet GL-XE300
This commit adds the LTE led for GL.iNet GL-XE300
to the default leds config.

Signed-off-by: Leo Soares <leo@hyper.ag>
(cherry picked from commit 35a0f2b00c)
Signed-off-by: Tom Herbers <mail@tomherbers.de>
2023-02-03 11:49:18 +01:00
Etienne Champetier
428d720c7f kernel: backport some mv88e6xxx devlink patches
This should help debug mv88e6xxx issues

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2023-01-31 02:15:39 +02:00
John Audia
83a13b74f5 kernel: bump 5.10 to 5.10.165
All patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 257e9fc57c)
2023-01-28 20:08:14 +01:00
John Audia
10c79414db kernel: bump 5.10 to 5.10.164
All patches automatically rebased

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 9c3954bc46)
2023-01-28 20:08:14 +01:00
John Audia
15b9c02d6c kernel: bump 5.10 to 5.10.163
Removed upstreamed:
  generic/101-Use-stddefs.h-instead-of-compiler.h.patch[1]
  bcm27xx/patches-5.10/950-0194-drm-fourcc-Add-packed-10bit-YUV-4-2-0-format.patch

All patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.163&id=ddd2bb08bd99b7ee4442fbbe0f9b80236fdd71d2

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 2835df54ab)
2023-01-28 20:07:11 +01:00
John Audia
a8025bc2c2 kernel: bump 5.10 to 5.10.162
All patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 2621ddb0be)
2023-01-28 16:54:32 +01:00
David Bauer
ddeeb35007 mac80211: use 802.11ax iw modes
This adds missing HE modes to mac80211_prepare_ht_modes.

Previously mesh without wpa_supplicant would be initialized with 802.11g
/NO-HT only, as this method did not parse channel bandwidth for HE
operation.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit a63430eac3)
2023-01-28 15:11:52 +01:00
Chuanhong Guo
1f32774ded
kernel: mtk-bmt: fix usage of _oob_read
_oob_read returns number of bitflips on success while
bbt_nand_read should return 0.

Fixes: 2d49e49b18 ("mediatek: bmt: use generic mtd api")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit f183ce35b8)
2023-01-25 23:45:14 +08:00
Christian Marangi
28e1770a3b
tools/mkimage: build uboot with NO_SDL=1
From uboot Documentation for uboot-2022.01 for tools-only we can build
with NO_SDL=1 to skip installing the sdl2 package.

Follow this to fix compilation error on macos

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-22 01:35:16 +01:00
Florian Maurer
1bead4c521
lantiq: xrx200: Fix wifi LED on o2 box 6431
Wifi LED did not work using phy0radio, which somehow slipped through in
the previous testing

Signed-off-by: Florian Maurer <f.maurer@outlook.de>
(cherry picked from commit 2e3d1edf59)
2023-01-20 16:14:22 +01:00
David Bauer
9a12afc5e7 mbedtls: move source modification to patch
Patch the mbedtls source instead of modifying the compile-targets
in the prepare buildstep within OpenWrt.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 00f1463df7)
2023-01-18 23:39:11 +01:00
Petr Štetiar
c1a26341ab Revert "toolchaini/gcc: fix libstdc++ dual abi model"
This reverts commit c0b4303d2e as it was
reported, that it breaks all packages depending on libstdcpp due to
changed ABI.

References: https://github.com/openwrt/packages/issues/20340
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-01-18 07:51:56 +01:00
David Bauer
807483d336 dosfstools: switch to AC_CHECK_LIB
This fixes spurious build-errors on OpenWrt, where the AM_ICONV macro
is undefined while invoking autoconfig. Later in the build, the ICONV
LDOPTIONS are set to @LIBICONV@, failing the build.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 9300a20dcc)
2023-01-16 23:58:16 +01:00
Stijn Tintel
3bc6d2af76 tools/dosfstools: fix PKG_SOURCE
Both mirrors provided in the Makefile only serve gzipped tarballs.

Fixes: #10871
Fixes: 9edfe7dd13 ("source: Switch to xz for packages and tools where possible")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit bd911b4538)
2023-01-16 23:58:16 +01:00
Ivan Maslov
c0b4303d2e toolchaini/gcc: fix libstdc++ dual abi model
libstdcxx-dual-abi needs to be enabled to actually support C++11 ABI.
Enable the config flag to also permit support of .NET 6 development on
OpenWrt.

Signed-off-by: Ivan Maslov <avenger_msoft@mail.ru>
[ reword commit description and title ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3c06a344e9)
2023-01-16 08:45:38 +01:00
Christian Marangi
aa5023b9cd
scripts/dl_github_archieve.py: fix generating unreproducible tar
Allign dl_github_archieve.py to 8252511dc0
change. On supported system the sigid bit is applied to files and tar
archieve that on tar creation. This cause unreproducible tar for these
system and these bit should be dropped to produce reproducible tar.

Add the missing option following the command options used in other
scripts.

Fixes: 75ab064d2b ("build: download code from github using archive API")
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5f1758ef14)
2023-01-12 15:00:24 +01:00
Hauke Mehrtens
e88e0ace7a ksmbd: Fix ZDI-CAN-18259
This fixes a security problem in ksmbd. It currently has the
ZDI-CAN-18259 ID assigned, but no CVE yet.

Backported from:
8824b7af40
cc4f3b5a6a

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 76c67fcc66)
2023-01-11 22:10:25 +01:00
Nick Hainke
aca915e847 ksmbd: update to 3.4.6
Release Announcement:
https://github.com/cifsd-team/ksmbd/releases/tag/3.4.6

Remove upstreamed:
- 10-fix-build-on-kernel-5.15.52-or-higher.patch

This fixes the following security bugs:
* CVE-2022-47938, ZDI-22-1689
* CVE-2022-47939, ZDI-22-1690 (patch was already backported before)
* CVE-2022-47940, ZDI-22-1691
* CVE-2022-47941, ZDI-22-1687
* CVE-2022-47942, ZDI-22-1688
* CVE-2022-47943, ZDI-CAN-17817

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 78cbcc77cc)
2023-01-07 16:22:15 +01:00
Florian Maurer
4b7f9e42e2 lantiq-xrx200: fix wan LED on o2 box 6431
The WIFI LED already worked for me with the latest openwrt 22.03 version.
Wifi LED did not with an older 22.x version (in gluon - there phy0radio did nothing but phy0tpt did show activity

the WAN interface has the name "wan" and not "pppoe-wan" on this device

fixes #7757 (and FS#2987)

Signed-off-by: Florian Maurer <f.maurer@outlook.de>
(cherry picked from commit 0820d62012)
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
2023-01-06 19:38:22 +01:00
Christian Marangi
7c10b7b6f0
CI: build: fix external toolchain use with release tag tests
When a new tag for a release is created, the just checkout repo from
github actions will already have such tag locally created.

This will result in git fetch --tags failing with error rejecting the
remote tag with (would clobber existing tag).

Add -f option to overwrite any local tags and always fetch them from
remote.

Fixes: e24a1e6f6d ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f655923b36)
2023-01-04 19:34:44 +01:00
Hauke Mehrtens
b08e1e978c OpenWrt v22.03.3: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-03 22:03:42 +01:00
Hauke Mehrtens
221fbfa2d8 OpenWrt v22.03.3: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-03 22:03:37 +01:00