Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
CVE-2024-13176[1] - Fixed timing side-channel in ECDSA signature
computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In
particular the NIST P-521 curve is affected. To be able to measure this
leak, the attacker process must either be located in the same physical
computer or must have a very fast network connection with low latency.
CVE-2024-9143[2] - Fixed possible OOB memory access with invalid
low-level GF(2^m) elliptic curve parameters.
Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit
values for the field polynomial can lead to out-of-bounds memory reads
or writes. Applications working with "exotic" explicit binary (GF(2^m))
curve parameters, that make it possible to represent invalid field
polynomials with a zero constant term, via the above or similar APIs,
may terminate abruptly as a result of reading or writing outside of
array bounds. Remote code execution cannot easily be ruled out.
1. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
2. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/17947
Signed-off-by: Robert Marko <robimarko@gmail.com>
Upgrade the OpenSBI firmware used by RISC-V CPUs to 1.6.
Runtime-tested:
- d1 (LicheeRV Dock)
- sifiveu (SiFive Unleashed)
Updates since last release:
1.6:
Support for parsing riscv,isa-extensions DT property
Setup serial console very early in cold boot path
Support for multiple heaps and aligned memory allocation
Support for shadow stacks (Zicfiss) ISA extension
Support for landing pads (Zicfilp) ISA extension
Support for per-domain data
Support for double-trap (Smdbltrp/Ssdbltrp) ISA extensions
DT-based configurable heap size
Common fdt_driver and helpers for driver initialization
Support for SBI PMU raw event v2 (Experimental)
Simple FDT based mailbox driver framework
RPMI shared memory transport driver (Experimental)
RPMI system reset driver (Experimental)
Simple FDT based system suspend driver framework
RPMI system suspend driver (Experimental)
Simple FDT based HSM driver framework
RPMI HSM driver (Experimental)
Simple FDT based CPPC driver framework
RPMI CPPC driver (Experimental)
SBI Message Proxy (MPXY) extension (Experimental)
Simple FDT based MPXY driver framework
Common RPMI client driver for MPXY (Experimental)
Support for vector misaligned load/store
1.5.1:
Save/restore menvcfg only when it exists
Adjust Sscofpmf mhpmevent mask for upper 8 bits
Fix potential NULL pointer dereferences in SBI DBTR
Fix incorrect size passed to sbi_zalloc() in SBI FWFT
Check result of pmp_get() in is_pmp_entry_mapped()
1.5:
SBI debug triggers (DBTR) extension (Experimental)
Support to specify coldboot harts in DT
Relocatable FW_JUMP_ADDR and FW_JUMP_FDT_ADDR
Smcsrind and Smcdeleg extensions support
SBIUnit testing framework
Initial domain context management support
Platform specific load/store emulation callbacks
New trap context
Improved sbi_trap_error() to dump state in a nested trap
SBI supervisor software events (SSE) extension (Experimental)
Simplified wait_for_coldboot() implementation
Early wakeup of non-coldboot HART in the coldboot path
Sophgo CV18XX/SG200X series support
APLIC delegation DT property fix
Svade and Svadu extensions support
SBI firmware features (FWFT) extension (Experimental)
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
The FDB roaming issues were observed on ipq807x and ipq60xx boards.
The fix depends on API exposed only when NSS_DP_PPE_SUPPORT is enabled.
However, this flag applies to above mentioned platforms only and is
causing the logs to be flooded on other QCA platforms, including ipq50xx,
with:
[ 34.893418] nss-dp 39c00000.dp1 lan: cannot get VSI ID for port 1
[ 34.898370] nss-dp 39c00000.dp1 lan: cannot get VSI ID for port 1
[ 34.904598] nss-dp 39c00000.dp1 lan: cannot get VSI ID for port 1
[ 34.910661] nss-dp 39c00000.dp1 lan: cannot get VSI ID for port 1
So let's apply a dependency on the NSS_DP_PPE_SUPPORT flag and contain
the patch code for ipq807x and ipq60xx within conditional directives.
Tested on: Linksys SPNMX56
Signed-off-by: George Moussalem <george.moussalem@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/17966
Signed-off-by: Robert Marko <robimarko@gmail.com>
This vastly simplifies creating and managing unet networks.
It also adds support for the unetd protocol for onboarding new nodes
over the network.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This provides an easy to use modular CLI that can be used to interact with
OpenWrt services. It has full support for context sensitive tab completion
and help.
Extra modules can be provided by packages and can extend the existing node
structure in any place.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
It provides a ucode module with similar functionality as libreadline,
however with much smaller code and no dependencies aside from ucode and
libubox.
It also provides shell-style parsing/escaping code useful for building
a CLI.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
`$(( ))` will convert uninitialized variable to "0". If we want to
use "-n" to check the string length, it's necessary to make sure the
converted variable is not empty.
Fixes: 652a6677d5fa ("base-files: Add new functions for ath11k caldata")
Fixes: https://github.com/openwrt/openwrt/issues/17818
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/17892
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
It seems the that this was forgotten during initial adding of the
device in 0688cf5aebe1dc9a2e7f3820861783c2a7a75d44
Thanks to
https://forum.openwrt.org/t/zyxel-gs1900-10hp-revision-b1-support-openwrt-firmware/131841/32
for putting me on the right track for this problem
Error that is being fixed - running fw_printenv results in:
"Warning: Bad CRC, using default environment"
and not showing boardmodel
Workaround, manually changing /etc/fw_env.config to
"/dev/mtd1 0x0 0x400 0x10000"
Signed-off-by: Klaas Demter <psychic-stool-cozy@duck.com>
Link: https://github.com/openwrt/openwrt/pull/17920
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Depending on the config / circumstances, the get_psk call can be called
multiple times from differnt places, which can lead to wrong sta->psk_idx
values. The correct call is the one that is also interested in the vlan_id,
so use the vlan_id pointer as indication of when to set sta->psk_idx.
Also fix off-by-one error for secondary PSKs
Fixes: b2a2c286170d ("hostapd: add support for authenticating with multiple PSKs via ubus helper")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The 00 address_mask needs to be inverted, otherwise the mac address
allocation will modify the last byte instead of the first one.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Backport FORESEE NAND chip support from upstream Linux. The newly
introduced FORESEE F35SQA001G was found on the Xiaomi AX3000T.
Signed-off-by: Erik Servili <serverror@serverror.com>
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
The Xiaomi AX3000T has two hardware revisions. One uses MT7531
switch, and the other uses AN8855 switch. Set "mediatek,switch"
property to "auto" to be compatible with different switches.
Tested-by: Mikhail Zhilkin <csharper2005@gmail.com>
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Synchronize the latest MTK u-boot patches[1]. Some patches have
been amended since last synchronization.
Changes:
* Minor NMBM layer fixes and improvements.
* A new bootmenu shortkey implementation.
* New SPI flash support for en25qx128.
[1] https://github.com/mtk-openwrt/u-boot/tree/mtksoc-20230719
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Remove upstreamed patches:
010-menu-fix-the-logic-checking-whether-ESC-key-is-press.patch [1]
011-menu-add-support-to-check-if-menu-needs-to-be-reprin.patch [2]
012-bootmenu-add-reprint-check.patch [3]
Remove outdated patches:
455-arm-provide-noncached_set_region-prototype-to-fix-build.patch
Some patches have been manually rebased to match the upstream
changes. This patch also fixes the dtc warning for reserved-memory
dts node. If #address-cells and #size-cells are not same as the
root node definitions, the dtc will complain about it.
All defconfigs are refreshed by `make "$board"_defconfig` and
`make savedefconfig`.
[1] ddac69885e
[2] ccdd7948e2
[3] 599652cff1
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Do the same code simplification as was done for ipq807x to avoid code
duplication.
Link: https://github.com/openwrt/openwrt/pull/17907
Signed-off-by: Robert Marko <robimarko@gmail.com>
Unless another toolchain is present (or selected), build the bpf toolchain
whenever a package is selected that needs it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
9ff15f7ee3a0 devices: add device id for MediaTek MT7992E
94b3a3c1a6c4 devices: add device id for Qualcomm Atheros IPQ5018
9cec6b4dd2df devices: add device id for Qualcomm Atheros QCN6122
Link: https://github.com/openwrt/openwrt/pull/17878
Signed-off-by: Robert Marko <robimarko@gmail.com>
This downstream patch fixes a bug which could flood the logs with the
following message and would eventually lead to a crash.
ath11k c000000.wifi: failed to send HAL_REO_CMD_UPDATE_RX_QUEUE cmd, tid 0 (-105)
Signed-off-by: George Moussalem <george.moussalem@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/17182
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add support for Linksys MX2000 (Atlas 6) and MX5500 (Atlas 6 Pro).
These devices are completely identical except for the secondary wifi
chip used for 5Ghz: QCN6102 is used on MX2000 while QCN9024 is used
on MX5500
Speficiations:
* SoC: Qualcomm IPQ5018 (64-bit dual-core ARM Cortex-A53 @ 1.0Ghz)
* Memory: Winbond W634GU6NB-11 (512 MiB DDR3-933)
* Serial Port: 3v3 TTL 115200n8
* Wi-Fi: IPQ5018 (2x2 2.4 Ghz 802.11b/g/n/ax)
* Wi-Fi: MX2000: QCN6102 (2x2:2 5 Ghz 802.11an/ac/ax)
MX5500: QCN9024 (4x4:4 5 Ghz 802.11an/ac/ax)
* Ethernet: IPQ5018 integrated virtual switch connected to an external
QCA8337 switch (4 Ports 10/100/1000 GBASE-T)
* Flash: Macronix MX35UF2GE4AD (256 MiB)
* LEDs: 1x multi-color PWM LED
* Buttons: 1x WPS (GPIO 27 Active Low)
1x Reset (GPIO 28 Acive Low)
Flash instructions (in case of MX2000, else replace with MX5500 images):
1. On OEM firmware, login to the device (typically at http://192.168.1.1) and click 'CA'
in the bottom right corner -> Connectivity -> Manual Upgrade. Alternatively, browse to
http://<router IP>/fwupdate.html.
Upgrade firmware using openwrt-qualcommax-ipq50xx-linksys_mx2000-squashfs-factory.bin image.
Optionally install on second partition, after first boot check actual partition:
fw_printenv -n boot_part
and install firmware on second partition using command in case of 2:
mtd -r -e kernel -n write openwrt-qualcommax-ipq50xx-linksys_mx2000-squashfs-factory.bin kernel
and in case of 1:
mtd -r -e alt_kernel -n write openwrt-qualcommax-ipq50xx-linksys_mx2000-squashfs-factory.bin alt_kernel
2. Installation using serial connection from OEM firmware (default login: root, password: admin):
fw_printenv -n boot_part
In case of 2:
flash_erase /dev/mtd12 0 0
nandwrite -p /dev/mtd12 openwrt-qualcommax-ipq50xx-linksys_mx2000-squashfs-factory.bin
or in case of 1:
flash_erase /dev/mtd14 0 0
nandwrite -p /dev/mtd14 openwrt-qualcommax-ipq50xx-linksys_mx2000-squashfs-factory.bin
After first boot install firmware on second partition:
mtd -r -e kernel -n write openwrt-qualcommax-ipq50xx-linksys_mx2000-squashfs-factory.bin kernel
or:
mtd -r -e alt_kernel -n write openwrt-qualcommax-ipq50xx-linksys_mx2000-squashfs-factory.bin alt_kernel
3. Back to the OEM firmware.
Download firmware from OEM website:
MX2000: https://support.linksys.com/kb/article/585-en/
MX5500: https://support.linksys.com/kb/article/587-en/
From serial or SSH:
fw_printenv boot_part
in case of 1:
mtd -r -e alt_kernel -n write FW_MX2000_1.1.7.210469_prod.img alt_kernel
else in case of 2:
mtd -r -e kernel -n write FW_MX2000_1.1.7.210469_prod.img kernel
Signed-off-by: George Moussalem <george.moussalem@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/17182
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add QCN6122 platform support.
QCN6122 is a PCIe based solution that is attached to and enumerated
by the WPSS (Wireless Processor SubSystem) Q6 processor.
Though it is a PCIe device, since it is not attached to APSS processor
(Application Processor SubSystem), APSS will be unaware of such a decice
and hence it is registered to the APSS processor as a platform device(AHB).
Because of this hybrid nature, it is called as a hybrid bus device.
As such, QCN6122 is a hybrid bus type device and follows the same codepath
as for WCN6750.
This is a reversed engineered and heavily simplified version of below
downstream patch:
https://git.codelinaro.org/clo/qsdk/oss/system/feeds/wlan-open/-/ \
blob/NHSS.QSDK.12.4.5.r2/mac80211/patches/232-ath11k-qcn6122-support.patch
Co-developed-by: George Moussalem <george.moussalem@outlook.com>
Signed-off-by: Sowmiya Sree Elavalagan <ssreeela@codeaurora.org>
Signed-off-by: George Moussalem <george.moussalem@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/17182
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add ability to download and package ath11k firmware for QCN6122.
QCN6122 is specific/exclusive to the IPQ5018 platform and firmware
files are publishes in a subdirectory of the IPQ5018 firmware files.
While at it, add support for packaging BDFs for QCN6122 wifi and
update iwinfo to recognize QCN6122 wifi.
Signed-off-by: George Moussalem <george.moussalem@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/17182
Signed-off-by: Robert Marko <robimarko@gmail.com>
IPQ5018 uses different BDF and caldb addresses for vairous boards,
so let's support reading these addresses from the device tree.
Signed-off-by: Ziyang Huang <hzyitc@outlook.com>
Signed-off-by: George Moussalem <george.moussalem@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/17182
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add ability to download and package ath11k firmware for IPQ5018.
As part of commit 172ccf7, the source is pointed to the new QCA repo.
Until QCA publishes updated firmware for IPQ5018 and QCN6122, we need
to download the firmware from the old QUIC repo. As such, add a new
download routine for IPQ5018/QCN6122 to fetch the firmware files from
the old repo.
While at it, add support for packaging BDFs for IPQ5018-based boards
and update iwinfo to recognize IPQ5018 wifi.
Signed-off-by: George Moussalem <george.moussalem@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/17182
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add support for the Qualcomm IPQ50xx in the QCA NSS dataplane driver.
The QCA implementation uses depracated DMA api calls and a downstream SCM
call, so convert to proper Linux DMA and SCM api calls.
In addition, add fixed-link support to support SGMII which is used to
connect the internal IPQ50xx switch to an external switch (ex. QCA8337)
Co-developed-by: Ziyang Huang <hzyitc@outlook.com>
Signed-off-by: Ziyang Huang <hzyitc@outlook.com>
Signed-off-by: George Moussalem <george.moussalem@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/17182
Signed-off-by: Robert Marko <robimarko@gmail.com>
The codename for IPQ50xx is Maple (abbreviated as 'MP'), so let's pass
the codename to allow the QCA-SSDK to build for the IPQ50xx SoC.
In addition, disable compiling the MP_PHY driver in favor of a native
driver being upstreamed.
Co-developed-by: Ziyang Huang <hzyitc@outlook.com>
Signed-off-by: Ziyang Huang <hzyitc@outlook.com>
Signed-off-by: George Moussalem <george.moussalem@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/17182
Signed-off-by: Robert Marko <robimarko@gmail.com>
Uses upstream DSA switch modules (rtl8365mb, rtl8366), similar to
RTL8367C and rtl8366rb swconfig drivers.
The package dependencies exclude targets built without kernel CONFIG_OF.
It also fixes the rtl8366rb LED support.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17182
Signed-off-by: Robert Marko <robimarko@gmail.com>
The three packages base-files, libc and kernel are special, the former
can't be upgraded in place since it's content are modified on startup,
the latter two are virtual packages only used as constraints for the
package manager.
Historically base-files was "locked" via a special OPKG function, the
latter two were hidden from the package index and thereby never picked
as possible upgrade.
Time moved forward and we now have APK and tools like OWUT. The latter
compares available packages with installed packages and generates user
readable output, requiring versions for libc and kernel, too. At the
same time, APK uses a different looking mechanism, which is set during
installation instead of part of the package metadata.
In short, this patch adds version constraints to the three packages,
allowing them to be part of the package index.
Fixes: #17774Fixes: #17775Fixes: efahl/owut#31
Signed-off-by: Paul Spooren <mail@aparcar.org>
This new value points to where firmware can be downloaded. It's not
about a single release but all available firmware releases.
In the next step, this URL should be exposed via `ubus call system
board` as an entry of the `distribution` field. With that value, the
running firmware can check for newer releases.
We already have VERSION_REPO however that's different and only meant for
package managers to download their fitting package indexes/packages.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Link: https://github.com/openwrt/openwrt/pull/17780
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Update URL variable to reflect switch to Github for development
The old URL returns HTTP 404
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
Link: https://github.com/openwrt/openwrt/pull/17752
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add new option to be able to perform upgrade on current partition for dual firmware devices:
"-s stay on current partition (for dual firmware devices)"
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14720
Signed-off-by: Robert Marko <robimarko@gmail.com>
The syntax error prevented the correct creation of all ipq60xx U-Boot environment files: /etc/config/ubootenv and /etc/fw_env.config
Signed-off-by: Ivan Deng <hongba@rocketmail.com>
Link: https://github.com/openwrt/openwrt/pull/17755
Signed-off-by: Robert Marko <robimarko@gmail.com>
