Hardware
--------
SOC: MediaTek MT7986
RAM: 1024MB DDR3
FLASH: 128MB SPI-NAND (Winbond)
WIFI: Mediatek MT7986 DBDC 802.11ax 2.4/5 GHz
ETH: Realtek RTL8221B-VB-CG 2.5 N-Base-T PHY with PoE
UART: 3V3 115200 8N1 (Pinout silkscreened / Do not connect VCC)
Installation
------------
1. Download the OpenWrt initramfs image. Copy the image to a TFTP server
2. Connect the TFTP server to the WAX220. Conect to the serial console,
interrupt the autoboot process by pressing '0' when prompted.
3. Download & Boot the OpenWrt initramfs image.
$ setenv ipaddr 192.168.2.1
$ setenv serverip 192.168.2.2
$ tftpboot openwrt.bin
$ bootm
4. Wait for OpenWrt to boot. Transfer the sysupgrade image to the device
using scp and install using sysupgrade.
$ sysupgrade -n <path-to-sysupgrade.bin>
Signed-off-by: Flole Systems <flole@flole.de>
Signed-off-by: Stefan Agner <stefan@agner.ch>
(cherry picked from commit 984786a2f7)
34a8a74 uhttpd/file: fix string out of buffer range on uh_defer_script
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7a6f6b8126)
5211264 odhcpd: add support for dhcpv6_pd_min_len parameter
c6bff6f router: Add PREF64 (RFC 8781) support
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit acd9981b4e)
Fix a typo where the wrong KCONFIG was used and fix selecting the
correct kernel config option to use these packages.
Fixes: 4f443c885d ("netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3ebebf08be)
ath10k does not report excessive loss in case of broken block-ack
sessions. The loss is communicated to the host-os, but ath10k does not
trigger a low-ack events by itself.
The mac80211 framework for loss detection however detects this
circumstance well in case of ath10k. So use it regardless of ath10k's
own loss detection mechanism.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit ed816f6ba8)
Hardware
========
CPU Qualcomm Atheros QCA9558
RAM 256MB DDR2
FLASH 2x 16M SPI-NOR (Macronix MX25L12805D)
WIFI Qualcomm Atheros QCA9558
Atheros AR9590
Installation
============
1. Attach to the serial console of the AP-105.
Interrupt autoboot and change the U-Boot env.
$ setenv rb_openwrt "setenv ipaddr 192.168.1.1;
setenv serverip 192.168.1.66;
netget 0x80060000 ap115.bin; go 0x80060000"
$ setenv fb_openwrt "bank 1;
cp.b 0xbf100040 0x80060000 0x10000; go 0x80060000"
$ setenv bootcmd "run fb_openwrt"
$ saveenv
2. Load the OpenWrt initramfs image on the device using TFTP.
Place the initramfs image as "ap105.bin" in the TFTP server
root directory, connect it to the AP and make the server reachable
at 192.168.1.66/24.
$ run rb_openwrt
3. Once OpenWrt booted, transfer the sysupgrade image to the device
using scp and use sysupgrade to install the firmware.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 1b467a902e)
This adds support for Beeline Smart Box TURBO+ (Serсomm S3 CQR) router.
Device specification
--------------------
SoC Type: MediaTek MT7621AT (880 MHz, 2 cores)
RAM (Nanya NT5CC64M16GP): 128 MiB
Flash (Macronix MX30LF1G18AC): 128 MiB
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7615N): a/n/ac, 4x4
Ethernet: 5 ports - 5×GbE (WAN, LAN1-4)
USB ports: 1xUSB3.0
Buttons: 2 button (reset, wps)
LEDs: Red, Green, Blue
Zigbee (EFR32MG1B232GG): 3.0
Stock bootloader: U-Boot 1.1.3
Power: 12 VDC, 1.5 A
Installation (fw 2.0.9)
-----------------------
1. Login to the web interface under SuperUser (root) credentials.
Password: SDXXXXXXXXXX, where SDXXXXXXXXXX is serial number of the
device written on the backplate stick.
2. Navigate to Setting -> WAN. Add:
Name - WAN1
Connection Type - Static
IP Address - 172.16.0.1
Netmask - 255.255.255.0
Save -> Apply. Set default: WAN1
3. Enable SSH and HTTP on WAN. Setting -> Remote control. Add:
Protocol - SSH
Port - 22
IP Address - 172.16.0.1
Netmask - 255.255.255.0
WAN Interface - WAN1
Save ->Apply
Add:
Protocol - HTTP
Port - 80
IP Address - 172.16.0.1
Netmask - 255.255.255.0
WAN interface - WAN1
Save -> Apply
4. Set up your PC ethernet:
Connection Type - Static
IP Address - 172.16.0.2
Netmask - 255.255.255.0
Gateway - 172.16.0.1
5. Connect PC using ethernet cable to the WAN port of the router
6. Connect to the router using SSH shell under SuperUser account
7. Make a mtd backup (optional, see related section)
8. Change bootflag to Sercomm1 and reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
reboot
9. Login to the router web interface under admin account
10. Remove dots from the OpenWrt factory image filename
11. Update firmware via web using OpenWrt factory image
Revert to stock
---------------
Change bootflag to Sercomm1 in OpenWrt CLI and then reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
mtd backup
----------
1. Set up a tftp server (e.g. tftpd64 for windows)
2. Connect to a router using SSH shell and run the following commands:
cd /tmp
for i in 0 1 2 3 4 5 6 7 8 9 10; do nanddump -f mtd$i /dev/mtd$i; \
tftp -l mtd$i -p 172.16.0.2; md5sum mtd$i >> mtd.md5; rm mtd$i; done
tftp -l mtd.md5 -p 171.16.0.2
Recovery
--------
Use sercomm-recovery tool.
Link: https://github.com/danitool/sercomm-recovery
MAC Addresses (fw 2.0.9)
------------------------
+-----+------------+---------+
| use | address | example |
+-----+------------+---------+
| LAN | label | *:e8 |
| WAN | label + 1 | *:e9 |
| 2g | label + 4 | *:ec |
| 5g | label + 5 | *:ed |
+-----+------------+---------+
The label MAC address was found in Factory 0x21000
Factory image format
--------------------
+---+-------------------+-------------+--------------------+
| # | Offset | Size | Description |
+---+-------------------+-------------+--------------------+
| 1 | 0x0 | 0x200 | Tag Header Factory |
| 2 | 0x200 | 0x100 | Tag Header Kernel1 |
| 3 | 0x300 | 0x100 | Tag Header Kernel2 |
| 4 | 0x400 | SIZE_KERNEL | Kernel |
| 5 | 0x400+SIZE_KERNEL | SIZE_ROOTFS | RootFS(UBI) |
+---+-------------------+-------------+--------------------+
Co-authored-by: Mikhail Zhilkin <csharper2005@gmail.com>
Signed-off-by: Maximilian Weinmann <x1@disroot.org>
(cherry picked from commit 8fcfb21b16)
openssl sets additional cflags in its configuration script. We need to
make it aware of our custom cflags to avoid adding conflicting cflags.
Fixes: #12866
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
(cherry picked from commit 51f57e7c2d)
Some Broadcom MIPS devices require JFFS2 cleanmarkers to be present on the
kernel partition or the bootloader will identify the partition as corrupt and
won't boot the kernel.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 434df8df54)
Add new package for building bootloader for the SiFive U-series boards. Supported
boards at this stage are the HiFive Unleashed and HiFive Unmatched.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit 91406797f9)
Add "linux-riscv64-openwrt" into openssl configurations to enable building
on riscv64.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit a0840ecd53)
OpenSBI is a form of a first-stage bootloader, which initializes
certain parts of an SoC and then passes on control to the second
stage bootloader i.e. an u-boot image.
We're introducing the package with release v1.2, which provides
SBI v0.3 and the SBI SRST extensions which helps to gracefully
reboot/shutdown various HiFive-U SoCs.
Tested on SiFive Unleashed and Unmatched boards.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit 944b13b3ee)
armvirt target has been renamed to armsr (Arm SystemReady).
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 203deef82c)
The armvirt target has been renamed to armsr (Arm SystemReady),
so the GRUB configuration also needs to change.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 4ce7d6c888)
The Amazon ENA network devices are also used on the
AWS Arm (Graviton) instance types, so move it from
the x86-only module file to the top level netdevices.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 3a7c8fd15e)
This adds a separate package for EFI on Arm SystemReady
compatible machines. 32-bit Arm UEFI is supported as well.
It is very similar to x86-64 EFI setup, without the
need for BIOS backward compatibility and slightly
different default modules.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 8f29b1573d)
Contains following updates:
* ipq8074: update RegDB in new submitted BDF
* Revert "ipq8074: update RegDB in new submitted BDF"
* qcn9074: update RegDB in new submitted BDF
* ipq8074: update RegDB in new submitted BDF
* qca-wireless: ipq40xx: add BDFs for ZTE MF287+
* Add BDFs for prpl Foundation Haze board
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit c2bb9f055b)
Currently kernel crashes when of_phy_connect has issues:
Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000308
...
pc : phy_attached_print+0x28/0x1b0
lr : phy_attached_info+0x14/0x20
...
Call trace:
phy_attached_print+0x28/0x1b0
phy_attached_info+0x14/0x20
nss_dp_adjust_link+0x544/0x6c4 [qca_nss_dp]
of_phy_connect returns either pointer or NULL, so can't be checked with
IS_ERR macro.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 38c7cf0e69)
b09b316aeaf6 blobmsg: add blobmsg_parse_attr function
eac92a4d5d82 blobmsg: add blobmsg_parse_array_attr
ef5e8e38bd38 usock: fix poll return code check
6fc29d1c4292 jshn.sh: Add pretty-printing to json_dump
5893cf78da40 blobmsg: Don't do at run-time what can be done at compile-time
362951a2d96e uloop: fix uloop_run_timeout
75a3b870cace uloop: add support for integrating with a different event loop
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b6e0a24c49)
412d03012f13 network: prevent adding endpoint routes for addresses on the network
faaf9cee6ef4 utils: fix ipv4 checksum issue
0e1c2fad3540 pex-msg: fix memory leak on fread fail in pex_msg_update_request_init
51be0ed659d0 host: fix crash parsing gateway when no endpoint is specified
ca17601dc24e wg-linux: add support for splitting netlink messages for allowed ips
7d3986b7a5a2 wg-linux: increase default messages size
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 7b1e898336)
Synchronize the ath11k backports with the current ath-next tree.
This introduces support for MBSSID and EMA, adds factory test mode and
some new HTT stats.
Tested-by: Francisco G Luna <frangonlun@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit acde5271a6)
Backport EMA beacon support from kernel 6.4.
It is required for MBSSID/EMA suport in ath11k that will follow.
Tested-by: Francisco G Luna <frangonlun@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 84b5735b4c)
The MDIO bus multiplexing framework is used by some drivers
such as dwmac-sun8i.
As this is a per-driver requirement, set it to be hidden in the menu.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 2dbeb60725)
source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0a1ee53235)
source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 52fd8d8ba3)
Update bootloader environment for BPi-R3 and BPi-R64 to adapt to new
device tree overlay mechanism now that support for multiple device
tree overlays has been added.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ec50d2d366)
CVE-2023-2650 fix
Remove upstreamed patches
Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
* Mitigate for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms (CVE-2023-1255)
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
* Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
* Limited the number of nodes created in a policy tree (CVE-2023-0464)
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 6348850f10)
Release Notes:
https://valgrind.org/docs/manual/dist.news.html
This improves support for the memory allocator used in musl libc 1.2.2
and later which is currently used by OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d85013460d)
Build and package kernel self-tests used for BPF testing, program and JIT
development. This package, together with the existing 'kmod-bpf-test', was
extensively used for past upstream Linux JIT submissions [1].
Currently this includes only 'test_verifier'; building 'test_progs' will
fail due to known endian limitations with bpftool skeletons.
[1]:https://lore.kernel.org/bpf/cover.1633392335.git.Tony.Ambardar@gmail.com
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 3886ea9b87)
Set net.core.bpf_jit_kallsyms=1 in /etc/sysctl.d/10-default.conf.
For privileged users, this exports addresses of JIT-compiled programs to
appear in /proc/kallsyms when present, allowing their use for debugging
and in traces.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit b3aaede2a7)
Add support for the Xunlong Orange Pi R1 Plus LTS.
Manually generated of-platdata files to avoid swig dependency.
Tested-by: Volkan Yetik <no3iverson@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 37fed89166)
Add support for the Xunlong Orange Pi R1 Plus.
Manually generated of-platdata files to avoid swig dependency.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 043f8a4f5e)
Built-in engine configs are added in libopenssl-conf/install stage
already, postinst/add_engine_config is just duplicating them, and
due to the lack of `config` header it results a broken uci config:
> uci: Parse error (invalid command) at line 3, byte 0
```
config engine 'devcrypto'
option enabled '1'
engine 'devcrypto'
option enabled '1'
option builtin '1'
```
Add `builtin` option in libopenssl-conf/install stage and remove
duplicate engine configuration in postinst/add_engine_config to
fix this issue.
Fixes: 0b70d55a64 ("openssl: make UCI config aware of built-in engines")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a0d7193425)
It's only used on devices in mt7621 and mt7622 subtargets, so no reason
to compile it for others.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit e81298463e)
Fix the PKG_MIRROR_HASH value for netifd.
Fixes: d2ecaaca34 ("netifd: update to version 2023-05-31")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 21f713d5ab)
Contains following changes:
* bridge: bridge_dump_info: add dumping of bridge attributes
* bridge: make it more clear why the config was applied
* cmake: fix build by reordering the cflags definitions
* treewide: fix multiple compiler warnings
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d2ecaaca34)
Add kmod-nft-dup-inet package to allow packet duplication in ip/ip6/inet nftables family
Signed-off-by: Michał Kwiatek <michal@kwiatek.it>
(cherry picked from commit a7e9445975)
At this moment loadaddr in most layerscape boards are configured to
0x81000000. 5.15 kernel on some boards is bigger than 5.10 and it cause error:
Loading kernel from FIT Image at 81000000 ...
Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: ARM64 OpenWrt Linux-5.15.112
Created: 2023-05-21 17:39:35 UTC
Type: Kernel Image
Compression: gzip compressed
Data Start: 0x810000ec
Data Size: 7513944 Bytes = 7.2 MiB
Architecture: AArch64
OS: Linux
Load Address: 0x80000000
Entry Point: 0x80000000
Hash algo: crc32
Hash value: 6fd69550
Hash algo: sha1
Hash value: ee34c753ffb615e199a428762824ad4a0aaef90a
Verifying Hash Integrity ... crc32+ sha1+ OK
Loading fdt from FIT Image at 81000000 ...
Using 'config-1' configuration
Trying 'fdt-1' fdt subimage
Description: ARM64 OpenWrt fsl_ls1088a-rdb-sdboot device tree blob
Created: 2023-05-21 17:39:35 UTC
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x8172a98c
Data Size: 19794 Bytes = 19.3 KiB
Architecture: AArch64
Hash algo: crc32
Hash value: 59792ba3
Hash algo: sha1
Hash value: 135585a49f86cd85acea559b78b0098ae99d5e12
Verifying Hash Integrity ... crc32+ sha1+ OK
Booting using the fdt blob at 0x8172a98c
Uncompressing Kernel Image
ERROR: new format image overwritten - must RESET the board to recover
resetting ...
This patch changes loadaddr to 0x88000000 (like LS1012A-FRDM board) to
avoid overlapping for bigger images (like initramfs) too.
Tested-by: Alexandra Alth <alexandra@alth.de> [LS1088ARDB]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit 0822040671)
