57752 Commits

Author SHA1 Message Date
Álvaro Fernández Rojas
95b846fbc0 bmips: allow disabling mdio-mux-bcm6368
This controller is only present on SoCs with B53 MMAP switch.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Álvaro Fernández Rojas
f5adc5bafb kernel: disable CONFIG_HW_RANDOM_BCM2835
This HW RNG is present on some Broadcom 63XX SoCs, but not all of them.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Petr Štetiar
57392d6377 kernel: crypto: fix missing dependecies for CRYPTO_USER_API_ENABLE_OBSOLETE
CRYPTO_USER_API_ENABLE_OBSOLETE config symbol depends on CRYPTO_USER so
lets add this dependency to relevant modules.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-04-10 07:36:33 +02:00
Petr Štetiar
8a554a2878 kernel: crypto: fix architecture specific modules
While tracking one bug report related to wrong package dependencies I've
noticed, that a bunch of the crypto modules are actually not
architecture specific, but either board/subtarget (x86/64) or board
(mpc85xx) specific.

So lets fix it, by making those modules architecture specific:

 x86/64  -> x86_64
 mpc85xx -> powerpc

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-04-10 07:36:33 +02:00
John Audia
32f134fbdf kernel: bump 5.15 to 5.15.106
Removed upstreamed:
        generic/735-net-ethernet-mtk_eth_soc-fix-flow_offload-related-re.patch[1]
        pending-5.15/350-mips-bmips-BCM6358-disable-RAC-flush-for-TP1.patch[2]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.106&id=76f09582a191dcf11118fd4bdbf50f538c90fa8d

2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/arch/mips/bmips?h=v5.15.106&id=65b723644294f1d79770704162c0e8d1f700b6f1

Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod, ipq806x/R7800
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod, ipq806x/R7800

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-04-09 14:48:34 +02:00
Álvaro Fernández Rojas
8bee6a9f1d bmips: switch to LED kernel modules
Disable LED controllers from kernel config and switch to per device kernel
modules.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:52:32 +02:00
Álvaro Fernández Rojas
6e081e1778 bmips: add LED kernel modules
Add BCM6328 and BCM6358 LED kernel modules.
This allows selecting the LED controllers only for those devices using them.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:34:05 +02:00
Álvaro Fernández Rojas
aefeb34223 bmips: add support for Sercomm SHG2500
Sercomm SHG2500 is a BCM63168 with 128M of RAM, 256M of NAND, an external
BCM53124S switch for the LAN ports and internal/external Broadcom wifi.
LEDs are connected to an external MSP430G2513 MCU controlled via SPI.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:33:13 +02:00
Álvaro Fernández Rojas
d11a7c4d95 bmips: use sercomm-pid script
Make use of sercomm-pid script for generating the Sercomm PID, which avoids
having to add an array of hex bytes for every new Sercomm device.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:21:58 +02:00
Álvaro Fernández Rojas
d309160d30 bmips: image: rename SERCOMM_VERSION to SERCOMM_FSVER
SERCOMM_VERSION is ambiguous and it should be more clear that it refers to the
version used for the filesystem.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:06:26 +02:00
Álvaro Fernández Rojas
0cdc257b8d scripts: sercomm-pid: add bmips support
Apparently, Sercomm sets 2 padding bytes instead of 1 (ramips).
The HW version is a bit different than the one used for ramips.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:01:03 +02:00
Álvaro Fernández Rojas
8758438c27 ramips: sercomm-payload: use pide-file argument
Instead of passing an array of hex bytes for the Sercomm PID we can now use
the --pid-file parameter.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 09:59:21 +02:00
Álvaro Fernández Rojas
8382c5662e scripts: sercomm-payload: add PID file support
Allow passing Sercomm PID from file.
Until now, Sercomm PID could only be passed as an array of hex bytes.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 09:55:57 +02:00
Nick Hainke
0c53801968 libcap: update to 2.68
Release Notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.vdh3d47czmle

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-08 15:52:56 +02:00
Nick Hainke
48f5a98d50 tools/mtools: update to 4.0.43
Release Notes:
https://lists.gnu.org/archive/html/info-gnu/2023-03/msg00006.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-08 15:51:32 +02:00
John Audia
78a468f690 kernel: bump 5.10 to 5.10.177
All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-04-08 15:32:01 +02:00
Joe Mullally
2122c80b32 ramips: lower re305-v3 spi-max-frequency
Fix flash I/O instability observed in newer devices with cFeon
QH64A-104HIP (detected as en25qh64).

Ref: https://forum.openwrt.org/t/support-for-tp-link-re305-v3/75893/91

Reported-by: Dimitri Souza <dimitri.souza@gmail.com>
Tested-by: Dimitri Souza <dimitri.souza@gmail.com>
Signed-off-by: Joe Mullally <jwmullally@gmail.com>
[alter commit-message - target master]
Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
827a40502f mpc85xx: refresh patches
Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
765f66810a mpc85xx: add support for Enterasys WS-AP3715i
Hardware
--------

SoC:   NXP P1010 (1x e500 @ 800MHz)
RAM:   256M DDR3 (2x Samsung K4B1G1646G-BCH9)
FLASH: 32M NOR (Spansion S25FL256S)
BTN:   1x Reset
WiFi:  1x Atheros AR9590 2.4 bgn 3x3
       2x Atheros AR9590 5.0 an 3x3
ETH:   2x Gigabit Ethernet (Atheros AR8033 / AR8035)
UART:  115200 8N1 (RJ-45 Cisco)

Installation
------------
1. Grab the OpenWrt initramfs, rename it to ap3715.bin. Place it in
   the root directory of a TFTP server and serve it at
   192.168.1.66/24.

2. Connect to the serial port and boot the AP. Stop autoboot in U-Boot
   by pressing Enter when prompted. Credentials are identical to the one
   in the APs interface. By default it is admin / new2day.

3. Alter the bootcmd in U-Boot:

 $ setenv ramboot_openwrt "setenv ipaddr 192.168.1.1;
   setenv serverip 192.168.1.66; tftpboot 0x2000000 ap3715.bin; bootm"

 $ setenv boot_openwrt "sf probe 0; sf read 0x2000000 0x140000 0x1000000;
   bootm 0x2000000"

 $ setenv bootcmd "run boot_openwrt"

 $ saveenv

4. Boot the initramfs image

 $ run ramboot_openwrt

5. Transfer the OpenWrt sysupgrade image to the AP using SCP. Install
   using sysupgrade.

 $ sysupgrade -n <path-to-sysupgrade.bin>

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
f058dad1b6 mpc85xx: don't compress kernel image for WS-AP3825i
The kernel is already compressed with XZ by the bootwrapper, thus we
gain nothing by compressing it a second time.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
1d4d21481f mpc85xx: reserve upper 1MB of RAM for WS-AP3825i
The bootpage for the second core is placed by U-Boot in the upper 128k
of syste-memory.

This could either be a reserved-area or deducted from the total
system-memory. As only the latter is parsed by the bootwrapper, reduce
the available system memory for linux in order to preserve the bootpage
from being overwritten.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
e3f31ff20d mpc85xx: backport bootwrapper patch to kernel 5.10
Kernel 5.10 builds currently fail because the patch for using the
simpleImage bootwrapper were not added to 5.10.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
51046da7be mpc85xx: add properties normally added by U-Boot
This adds properties to PCIe as well as ethernet nodes which are
normally added by the Extreme Networks U-Boot.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
16e1bf509c mpc85xx: fix incorrect CPU node / properties
This adds properties normally filled by U-Boot. Also it fixes the node
name, which is incorrectly referring to a P1010 core.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
3d43d68333 mpc85xx: add localbus frequency for WS-AP3825i
This is normally filled by U-Boot.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
e81709af13 mpc85xx: add linux,stdout-path for WS-AP3825i
This is normally filled by U-Boot. Prevents double-printing of early
console messages. Also enables debug-output by the zImage wrapper.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
076da59f17 ramips: define remapping-range for DAP-X1860
Prevent the BBT translation layer from remapping the UBI used for
storing rootfs.

Explicitly define the number of blocks reserved for remapping.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
Paul Spooren
c8934099bf octeon: switch to Kernel 5.15 by default
Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2023-04-08 00:47:12 +02:00
Paul Spooren
596059266a kirkwood: switch to Kernel 5.15 by default
Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2023-04-08 00:43:25 +02:00
Paul Spooren
16565bc1ce tegra: switch to Kernel 5.15 by default
Getting ready for the next release.

Acked-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2023-04-08 00:30:22 +02:00
Eneas U de Queiroz
c3cb2d48da
openssl: fix CVE-2023-464 and CVE-2023-465
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:

- Excessive Resource Usage Verifying X.509 Policy Constraints
  (CVE-2023-0464)
  Severity: Low
  A security vulnerability has been identified in all supported versions
  of OpenSSL related to the verification of X.509 certificate chains
  that include policy constraints.  Attackers may be able to exploit
  this vulnerability by creating a malicious certificate chain that
  triggers exponential use of computational resources, leading to a
  denial-of-service (DoS) attack on affected systems.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

- Invalid certificate policies in leaf certificates are silently ignored
  (CVE-2023-0465)
  Severity: Low
  Applications that use a non-default option when verifying certificates
  may be vulnerable to an attack from a malicious CA to circumvent
  certain checks.
  Invalid certificate policies in leaf certificates are silently ignored
  by OpenSSL and other certificate policy checks are skipped for that
  certificate.  A malicious CA could use this to deliberately assert
  invalid certificate policies in order to circumvent policy checking on
  the certificate altogether.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466.  It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.

Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-07 11:26:26 +02:00
Raylynn Knight
036372c769
realtek: Fix typo for EnGenius EWS2910P
Fix mis-typed DEVICE-MODEL in mk file for EnGenius EWS2910P.

Signed-off-by: Raylynn Knight <rayknight@me.com>
[ fix wrong SoB format and improve commit title/description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-07 11:22:37 +02:00
Nick Hainke
aab736aafa
tools/zstd: update to 1.5.5
Release Notes:
https://github.com/facebook/zstd/releases/tag/v1.5.5

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-07 11:18:54 +02:00
Robert Marko
3188480092
mac80211: ath11k: Fix invalid mgmt rx frame length issue
FW 2.9 uses multiple TLV-s for the RX mgmt even which driver currently does
not support, so import a pending upstream patch to fix that [1].

[1] https://patchwork.kernel.org/project/linux-wireless/patch/20230320133840.30162-1-quic_nmaran@quicinc.com/

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-04-07 11:11:44 +02:00
Robert Marko
c1f39adaf9
ath11k-firmware: update to WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1
Current WLAN.HK.2.5.0.1 FW is quite old and buggy, but we had to hold off
from updating to 2.6.0.1 and 2.7.0.1 as they had compatibility regressions,
but now QCA finally released 2.9.0.1 FW which is working on all of the
boards.

So finally update IPQ8074 and QCN9074 FW to the latest
WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1 firmware.

In order to do so, we have to switch to using QCA-s QUIC repo instead of
Kalle-s.
QCA-s QUIC repo does not have BDF-s so we have to get the QCN9074 BDF from
Kalles repo.

Tested-by: Mireia Fernández Casals <meirin.f@gmail.com> # Xiaomi AX3600
Tested-by: Francisco G Luna <frangonlun@gmail.com> #Netgear WAX218
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-04-07 11:11:43 +02:00
Rafał Miłecki
9a62b3977f kernel: backport NVMEM patch for U-Boot env data "ethaddr" cell
Adjust our local code to avoid breakage.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-06 12:21:29 +02:00
Rafał Miłecki
323072f3a6 kernel: backport NVMEM patches queued for the v6.4
They add NVMEM layouts support. It allows handling NVMEM content
independently of NVMEM device access.

Skip U-Boot env data patch for now as it break our downstream MAC hacks.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-06 12:13:22 +02:00
Rafał Miłecki
b67ba02fc8 kernel: backport mtd fixes for nvmem
They are needed for NVMEM changes pending for v6.4.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-06 07:26:11 +02:00
Rafał Miłecki
3b212db232 kernel: backport of_request_module()
It's needed by NVMEM changes queued for 6.4.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-06 06:27:02 +02:00
Daniel Golle
e92b153e99 mediatek: introduce KERNEL_LOADADDR to Device/Default template
We need to reset KERNEL_LOADADDR if we use it on a per-device base.
Otherwise the previous value will be kept in case a device doesn't
define KERNEL_LOADADDR and relies on the default.

Move initializing KERNEL_LOADADDR to target/linux/mediatek/image/Makefile,
similar to how it's done also on the ramips target.

This fixes image size related breakage on devices which rely on the
default value of KERNEL_LOADADDR.

While at it use 0x48000000 which is more common than the previous default
0x44000000 for the filogic subtarget.

Fixed: e7c399bee6 ("filogic: add support for ASUS TUF-AX4200")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-05 17:12:55 +01:00
Eneas U de Queiroz
0dc5fc8fa5
openssl: add legacy provider
This adapts the engine build infrastructure to allow building providers,
and packages the legacy provider.  Providers are the successors of
engines, which have been deprecated.

The legacy provider supplies OpenSSL implementations of algorithms that
have been deemed legacy, including DES, IDEA, MDC2, SEED, and Whirlpool.

Even though these algorithms are implemented in a separate package,
their removal makes the regular library smaller by 3%, so the build
options will remain to allow lean custom builds.  Their defaults will
change to 'y' if not bulding for a small flash, so that the regular
legacy package will contain a complete set of algorithms.

The engine build and configuration structure was changed to accomodate
providers, and adapt to the new style of openssl.cnf in version 3.0.

There is not a clean upgrade path for the /etc/ssl/openssl.cnf file,
installed by the openssl-conf package.  It is recommended to rename or
remove the old config file when flashing an image with the updated
openssl-conf package, then apply the changes manually.

An old openssl.cnf file will silently work, but new engine or provider
packages will not be enabled.  Any remaining engine config files under
/etc/ssl/engines.cnf.d can be removed.

On the build side, the include file used by engine packages was renamed
to openssl-module.mk, so the engine packages in other feeds need to
adapt.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-05 08:24:49 -03:00
Eneas U de Queiroz
0b70d55a64
openssl: make UCI config aware of built-in engines
Engines that are built into the main libcrypto OpenSSL library can't be
disabled through UCI.  Add a 'builtin' setting to signal that the engine
can't be disabled through UCI, and show a message explaining this in
case buitin=1 and enabled=0.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-05 08:24:49 -03:00
Eneas U de Queiroz
975036f6f9
openssl: avoid OPENSSL_SMALL_FOOTPRINT, no-asm
Building openssl with OPENSSL_SMALL_FOOTPRINT yelds only from 1% to 3%
decrease in size, dropping performance from 2% to 91%, depending on the
target and algorithm.

For example, using AES256-GCM with 1456-bytes operations, X86_64 appears
to be the least affected with 2% performance penalty and 1% reduction in
size; mips drops performance by 13%, size by 3%;  Arm drops 29% in
performance, 2% in size.

On aarch64, it slows down ghash so much that I consider it broken
(-91%).  SMALL_FOOTPRINT will reduce AES256-GCM performance by 88%, and
size by only 1%.  It makes an AES-capable CPU run AES128-GCM at 35% of
the speed of Chacha20-Poly1305:

Block-size=1456 bytes   AES256-GCM   AES128-GCM  ChaCha20-Poly1305
SMALL_FOOTPRINT           62014.44     65063.23          177090.50
regular                  504220.08    565630.28          182706.16

OpenSSL 1.1.1 numbers are about the same, so this should have been
noticed a long time ago.

This creates an option to use OPENSSL_SMALL_FOOTPRINT, but it is turned
off by default unless SMALL_FLASH or LOW_MEMORY_FOOTPRINT is used.

Compiling with -O3 instead of -Os, for comparison, will increase size by
about 14-15%, with no measureable effect on AES256-GCM performance, and
about 2% increase in Chacha20-Poly1305 performance on Aarch64.

There are no Arm devices with the small flash feature, so drop the
conditional default.  The package is built on phase2, so even if we
include an Arm device with small flash later, a no-asm library would
have to be built from source anyway.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-05 08:24:49 -03:00
Christian Marangi
75f7e2d10b
odhcpd: bump to latest git HEAD
40ab806 config: use dedicated link local function to check interface
a84bff2 netlink: add support for getting interface linklocal
2ea065f Revert "config: recheck have_link_local on interface reload if already init"
4b38e6b config: fix feature for enabling service only when interface RUNNING

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-04 06:43:23 +02:00
David Bauer
f25abdf144 mediatek: make TUF-AX4200 KERNEL simply expanded
The KERNEL variable was recursively expanded, breaking other devices.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-04 02:08:32 +02:00
Daniel Golle
d98c8fc06d generic: disable SGMII in-band AN for RealTek 2.5G PHYs
MAC drivers don't use SGMII in-band autonegotiation unless told to do so
in device tree using 'managed = "in-band-status"'. When using MDIO to
access a PHY, in-band-status is unneeded as we have link-status via
MDIO. Switch off SGMII in-band autonegotiation using magic values.

Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Chukun Pan <amadeus@jmu.edu.cn>
Reported-by: Yevhen Kolomeiko <jarvis2709@gmail.com>
Tested-by: Yevhen Kolomeiko <jarvis2709@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-03 02:32:28 +01:00
Daniel Golle
7e3284eef7 generic: use genphy_soft_reset for RealTek 2.5G PHYs
Some vendor bootloaders do weird things with those PHYs which result in
link modes being reported wrongly. Start from a clean sheet by resetting
the PHY.

Reported-by: Yevhen Kolomeiko <jarvis2709@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-03 02:32:28 +01:00
Chukun Pan
db37999170 generic: interface mode switch for RTL8221B PHY
Add dynamic interface mode update for the rtl8221 phy to match various
wire speeds. 10M/100M/1000M use SGMII, 2500M uses 2500Base-X.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-03 02:32:28 +01:00
Daniel Golle
5a8741aee9 realtek: refresh patches
Refresh patches which were no longer applying cleanly after a recently
added SFP quirk.

Fixes: 658b45ce48 ("generic: add quirk for HG MXPD-483II 2500M fiber SFP")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-03 02:32:28 +01:00
David Bauer
f003217ddf Revert "mpc85xx: remove Watchguard T10 MAC override"
This reverts commit aa4a9058fbf4d2ca7ef3af9ebb5bbec896625e93.

The assumption the bootloader fills out the MAC-address is not
correct. The MAC-address has to be set from userspace based on
information found in the device_id partition.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-03 03:14:20 +02:00