Remove flags from wget and curl instructing them to ignore bad server
certificates. Although other mechanisms can protect against malicious
modifications of downloads, other vectors of attack may be available
to an adversary.
TLS certificate verification can be disabled by turning oof the
"Enable TLS certificate verification during package download" option
enabled by default in the "Global build settings" in "make menuconfig"
Signed-off-by: Josh Roys <roysjosh@gmail.com>
[ add additional info on how to disable this option ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 90c6e3aedf)
It shouldn't be needed anymore as we've now `scripts/xxdi.pl`, which
should be self contained and fully compatible `xxd -i` replacement.
Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 88c9056a70)
Dependency on xxd was added in commit c4dd2441e7 ("tools: add xxd
(from vim)") as U-Boot requires xxd to create the default environment
from an external file.
Later in commit 2b94aac7a1 ("tools: xxd: use more convenient source
tarball"), xxd from another source was used instead, but that source is
currently unavailable, so let's fix it by using simple xxdi.pl Perl
script instead.
Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit eae2fb8027)
So it can serve as a standalone drop in replacement for xxd utility used
currently mostly in U-Boot packages with `xxd -i` mode which outputs C
include file style, with aim for byte to byte identical output, so the
eventual difference in the generated output is easily spottable.
Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jo-Philipp Wich <jo@mein.io> [perl-fu]
(cherry picked from commit 06e01e817e)
In order to make it more portable.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8b278a76d9)
xxdi.pl is a Perl script that implements vim's 'xxd -i' mode so that
packages do not have to use all of vim just to get this functionality.
References: #10555
Source: 97a6bd5cee/xxdi.pl
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 2117d04a3a)
Re-introduce the queue wake fix that was reverted due to a regression,
but this time with the follow-up fixes that take care of the regression.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 9a93b62f31)
(cherry-picked from commit 8b804cae5e)
(cherry-picked from commit 8b06e06832)
Backport upstream solution that permits to declare nvmem cells with
dynamic partition defined by special parser.
This provide an OF node for NVMEM and connect it to the defined dynamic
partition.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1a9ee36734)
Add the aliases sections required to detect LEDs specific to OpenWrt
boot / update indication for the NanoPi R4S.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 1588069612)
Ensure the MAC address for all NanoPi R4S boards is assigned unique for
each board.
FriendlyElec ship two versions of the R4S: The standard as well as the
enterprise edition with only the enterprise edition including the EEPROM
chip that stores the unique MAC address.
In order to assign both board types unique MAC addresses, fall back on
the same method used for the NanoPi R2S in case the EEPROM chip is not
present by generating the board MAC from the SD card CID.
[0] https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R4S#Differences_Between_R4S_Standard_Version_.26_R4S_Enterprise_Version
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit b5675f500d)
The previous fixup was incomplete, and the offsets for the
queue and crc_error cpu_tag bitfields were still wrong on
RTL839x.
Fixes: 545c6113c9 ("realtek: fix RTL838x receive tag decoding")
Suggested-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Add LTE packages required for operating the LTE modem optionally shipped
with the GL-AP1300.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit c7c3509226)
Add support for the ZTE MF281 battery-powered WiFi router.
Hardware
--------
SoC: Qualcomm Atheros QCA9563
RAM: 128M DDR2
FLASH: 2M SPI-NOR (GigaDevice GD25Q16)
128M SPI-NAND (GigaDevice)
WLAN: QCA9563 2T2R 802.11 abgn
QCA9886 2T2R 802.11 nac
WWAN: ASRMicro ASR1826
ETH: Qualcomm Atheros QCA8337
UART: 115200 8n1
Unpopulated connector next to SIM slot
(SIM) GND - RX - TX - 3V3
Don't connect 3V3
BUTTON: Reset - WPS
LED: 1x debug-LED (internal)
LEDs on front of the device are controlled
using the modem CPU and can not be controlled
by OpenWrt
Installation
------------
1. Connect to the serial console. Power up the device and interrupt
autoboot when prompted
2. Connect a TFTP server reachable at 192.168.1.66 to the ethernet port.
Serve the OpenWrt initramfs image as "speedbox-2.bin"
3. Boot the initramfs image using U-Boot
$ setenv serverip 192.168.1.66
$ setenv ipaddr 192.168.1.154
$ tftpboot 0x84000000 speedbox-2.bin
$ bootm
4. Copy the OpenWrt factory image to the device using scp and write to
the NAND flash
$ mtd write /path/to/openwrt/factory.bin firmware
WWAN
----
The WWAN card can be used with OpenWrt. Example configuration for
connection with a unauthenticated dual-stack APN:
network.lte=interface
network.lte.proto='ncm'
network.lte.device='/dev/ttyACM0'
network.lte.pdptype='IPV4V6'
network.lte.apn='internet.telekom'
network.lte.ipv6='auto'
network.lte.delay='10'
The WWAN card is running a modified version of OpenWrt and handles
power-management as well as the LED controller (AW9523). A root shell
can be acquired by installing adb using opkg and executing "adb shell".
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 1e1695f959)
Commit dc9cc0d3e2 ("realtek: add QoS and rate control") replaced a
16 bit reserved field in the RTL83xx packet header with the initial
cpu_tag word, shifting the real cpu_tag fields by one. Adjusting for
this new shift was partially forgotten in the new RX tag decoders.
This caused the switch to block IGMP, effectively blocking IPv4
multicast.
The bug was partially fixed by commit 9d847244d9 ("realtek: fix
RTL839X receive tag decoding")
Fix on RTL838x too, including correct NIC_RX_REASON_SPECIAL_TRAP value.
Suggested-by: Jan Hoffmann <jan@3e8.eu>
Fixes: dc9cc0d3e2 ("realtek: add QoS and rate control")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit 545c6113c9)
There are two feature currently altered by the multicast_to_unicast option.
1. bridge level multicast_to_unicast via IGMP snooping
2. hostapd/mac80211 config multicast_to_unicast setting
The hostapd/mac80211 setting has the side effect of converting *all* multicast
or broadcast traffic into per-station duplicated unicast traffic, which can
in some cases break expectations of various protocols.
It also has been observed to cause ARP lookup failure between stations
connected to the same interface.
The bridge level feature is much more useful, since it only covers actual
multicast traffic managed by IGMP, and it implicitly defaults to 1 already.
Renaming the hostapd/mac80211 option to multicast_to_unicast_all should avoid
unintentionally enabling this feature
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 09ea1db93b)
Import patch which removes the default pinctrl of uart0 to suppress
the unwanted warning. Apply also to downstream boards.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make sure the compatible string in DTS matches the now v1/v2
differentiated board name in target/linux/mediatek/image/mt7622.mk.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit be555b9dd8)
Import pending patch "arm: dts: mt7622: force high-speed mode for uart"
from Weijie Gao <weijie.gao@mediatek.com> fixing the UART problems on
MT7622 which made it hard to use the U-Boot menu on devices with this
SoC.
This patch is also contained in commit
c09eb08dad ("uboot-mediatek: add support for MT798x platforms")
in the development branch.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Treat missing compression node in FIT image as IH_COMP_NONE.
This is implicentely already happening in most places, but for now
was still triggering an annoying warning about initramfs compression
being obsolete despite compression note being absent.
Fix this.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0a18456ffc)
Truncating a UBI volume using `ubi write 0x0 volname 0x0` results in
segfault on newer U-Boot. Write 1MB of 0s instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d118cbdfec)
Use 4k sectors when accessing the U-Boot environment on the 64MiB
SPI-NOR flash chip found in the UniFi 6 LR. The speeds up environment
write access as only 4kB instead of 64kB have to be written.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f0adf253fd)
Make use of minor sector size (4k) on supported SPI-NOR flash chips.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 51f4c84178)
Image names as well as the calculation of the padded image size did
not work as intended. Fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0bc8889e7b)
As of upstream Linux commit 0fe1e96fef0a ("powerpc/pci: Prefer PCI
domain assignment via DT 'linux,pci-domain' and alias"), the PCIe
domain address is no longer numbered by the lowest 16 bits of the PCI
register address after a fallthrough. Instead of the fallthrough, the
enumeration process accepts the alias ID (as determined by
`of_alias_scan()`). This causes e.g.:
9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
to become
0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
... which then causes the sysfs path of the netdev to change,
invalidating the `wifi_device.path`s enumerated in
`/etc/config/wireless`.
One other solution might be to migrate the uci configuration, as was
done for mvebu in commit 0bd5aa89fc ("mvebu: Migrate uci config to
new PCIe path"). However, there are concerns that the sysfs path will
change once again once some upstream patches[^2][^3] are merged and
backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled).
Instead, remove the aliases and allow the fallthrough to continue for
now. We will provide a migration in a later release.
This was first reported as a Github issue[^1].
[^1]: https://github.com/openwrt/openwrt/issues/10530
[^2]: https://lore.kernel.org/linuxppc-dev/20220706104308.5390-1-pali@kernel.org/t/#u
[^3]: https://lore.kernel.org/linuxppc-dev/20220706101043.4867-1-pali@kernel.org/Fixes: #10530
Tested-by: Martin Kennedy <hurricos@gmail.com>
[Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i]
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
(cherry picked from commit 7f4b4c29f3)
Commit 0b7c66c ("at91bootstrap: add sama5d27_som1_eksd1_uboot as
default defconfig") changed default booting media for sama5d27_som1_ek
board w/o any reason. Changed it back to sdmmc0 as it is for all the
other Microchip supported distributions for this board (Buildroot,
Yocto Project). The initial commit cannot be cleanly reverted.
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
(cherry picked from commit e9f12931e6)
Commit adc69fe (""uboot-at91: changed som1 ek default defconfigs")
changed the booting media to sdmmc1 as default booting w/o any reason.
The Microchip releases for the rest of supported distributions (Buildroot,
Yocto Project) uses sdmmc0 as default booting media for this board.
Thus change it back to sdmmc0. With this remove references to sdmmc1
config. The initial commit cannot be cleanly reverted.
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
(cherry picked from commit 9a49788008)
platform_nand_pre_upgrade() is gone since commit 790692dde2
("base-files: drop support for the platform_nand_pre_upgrade()").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a6dc0f680d)
f5fcdcf cli: introduce test mode and refuse firewall restart on errors
a540f6d fw4: fix cosmetic issue with per-ruleset and per-table include paths
695e821 doc: fix swapped include positions in nftables.d README
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ab31ffc425)
Testing has shown it to be very unreliable in variety of configurations.
It is not mandatory, so let's disable it by default until we have a better
solution.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2984a04206)
This patch defines the two switch LED to bring them under user control.
Fixes: 158a5af801 ("ramips: improve YunCore AX820 LEDs")
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
[rmilecki: leave "label"s in place]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7bee10a7d2)
Specifications:
- SoC: Qualcomm Atheros QCA9557-AT4A
- RAM: 2x 128MB Nanya NT5TU64M16HG
- FLASH: 64MB - SPANSION FL512SAIFG1
- LAN: Atheros AR8035-A (RGMII GbE with PoE+ IN)
- WLAN2: Qualcomm Atheros QCA9557 2x2 2T2R
- WLAN5: Qualcomm Atheros QCA9882-BR4A 2x2 2T2R
- SERIAL: UART pins at J10 (115200 8n1)
Pinout is 3.3V - GND - TX - RX (Arrow Pad is 3.3V)
- LEDs: Power (Green/Amber)
WiFi 5 (Green)
WiFi 2 (Green)
- BTN: Reset
Installation:
1. Download the OpenWrt initramfs-image.
Place it into a TFTP server root directory and rename it to 1D01A8C0.img
Configure the TFTP server to listen at 192.168.1.66/24.
2. Connect the TFTP server to the access point.
3. Connect to the serial console of the access point.
Attach power and interrupt the boot procedure when prompted.
Credentials are admin / new2day
4. Configure U-Boot for booting OpenWrt from ram and flash:
$ setenv boot_openwrt 'setenv bootargs; bootm 0xa1280000'
$ setenv ramboot_openwrt 'setenv serverip 192.168.1.66;
tftpboot 0x89000000 1D01A8C0.img; bootm'
$ setenv bootcmd 'run boot_openwrt'
$ saveenv
5. Load OpenWrt into memory:
$ run ramboot_openwrt
6. Transfer the OpenWrt sysupgrade image to the device.
Write the image to flash using sysupgrade:
$ sysupgrade -n /path/to/openwrt-sysupgrade.bin
Signed-off-by: Albin Hellström <albin.hellstrom@gmail.com>
[rename vendor - minor style fixes - update commit message]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f8c87aa2d2)
Refresh all patches on top of kernel 5.10.138.
The following patches were applied upstream:
bcm27xx/patches-5.10/950-0311-drm-vc4-Adopt-the-dma-configuration-from-the-HVS-or-.patch
bcm27xx/patches-5.10/950-0317-vc4_hdmi-Remove-firmware-logic-for-MAI-threshold-set.patch
bcm27xx/patches-5.10/950-0346-drm-vc4-A-present-but-empty-dmas-disables-audio.patch
bcm27xx/patches-5.10/950-0354-drm-vc4-Add-the-2711-HVS-as-a-suitable-DMA-node.patch
bcm27xx/patches-5.10/950-0413-drm-vc4-hdmi-Don-t-access-the-connector-state-in-res.patch
bcm27xx/patches-5.10/950-0505-vc4-drm-Avoid-full-hdmi-audio-fifo-writes.patch
bcm27xx/patches-5.10/950-0512-vc4-drm-vc4_plane-Remove-subpixel-positioning-check.patch
bcm27xx/patches-5.10/950-0560-drm-vc4-drv-Remove-the-DSI-pointer-in-vc4_drv.patch
bcm27xx/patches-5.10/950-0561-drm-vc4-dsi-Use-snprintf-for-the-PHY-clocks-instead-.patch
bcm27xx/patches-5.10/950-0562-drm-vc4-dsi-Introduce-a-variant-structure.patch
bcm27xx/patches-5.10/950-0565-drm-vc4-Correct-pixel-order-for-DSI0.patch
bcm27xx/patches-5.10/950-0566-drm-vc4-Register-dsi0-as-the-correct-vc4-encoder-typ.patch
bcm27xx/patches-5.10/950-0567-drm-vc4-Fix-dsi0-interrupt-support.patch
bcm27xx/patches-5.10/950-0568-drm-vc4-Add-correct-stop-condition-to-vc4_dsi_encode.patch
bcm27xx/patches-5.10/950-0647-drm-vc4-Fix-timings-for-interlaced-modes.patch
bcm27xx/patches-5.10/950-0695-drm-vc4-Fix-margin-calculations-for-the-right-bottom.patch
Upstream sets the pixel clock to 340MHz now, do not set it to 600MHz any more.
bcm27xx/patches-5.10/950-0576-drm-vc4-hdmi-Raise-the-maximum-clock-rate.patch
Fixes: 89956c6532 ("kernel: bump 5.10 to 5.10.138")
Fixes: 4209c33ae2 ("kernel: bump 5.10 to 5.10.137")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit 5a81e00063 as it was
backported upstream in commit a1e238690916 ("arm64: dts: mt7622: fix
BPI-R64 WPS button").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
