Commit Graph

57021 Commits

Author SHA1 Message Date
David Bauer
e04356362c firmware-utils: update to latest HEAD
6a58f45 tplink-safeloader: add US-CA-TW support-list entries for Archer AX23v1

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-12 15:07:50 +02:00
Christian Marangi
4532919711
tools/squashfs4: refresh multiple lzma configuration option patch
Refresh multiple lzma configuration option patch with new version
proposed upstream. (Reintroduce -Xe option and add more checks and
general better code quality)

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-12 12:31:13 +02:00
Christian Marangi
ee1bfd3034
Revert "image: update LZMA_XZ_OPTIONS with new squashfs4 tool"
This reverts commit a33b97dcb1.

A new version of the squashfs4 tool patch reintroduced the -Xe option.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-12 12:25:18 +02:00
Christian Marangi
69812bf8ed
ipq-wifi: bump to latest git HEAD
b22487d ath11k: qcn8074: Update regDb in every BDF
3add8be ath11k: ipq8074: Update regDb in every BDF
8bb6039 ath11k: ipq8074: add Netgear RAX120v2

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-12 12:02:57 +02:00
Robert Marko
7475321f46 mac80211: ath11k: Remove regulatory intersection
Currently, during initialization ath11k will receive a regulatory event
from the firmware in which it will receive the default regulatory domain
code and accompanying rules list and report those to the kernel.

Then if you try to change the regulatory domain to a different country code
it will do a weird thing in which it will send that to the FW and after
receiving the appropriate regulatory event it will parse the rules.
However, while its parsing there is a weird thing being done, and that is
that new raw rules from FW get intersected with the rules from the default
domain.
This is creating a big issue as the default domain is almost always set to
"US" or just "00" aka world so ath11k will unfairly limit you to the most
restrictive combination of rules based on the default domain and your
desired domain.
For example, in ETSI countries this is causing channels 12 and 13 on 2.4GHz
to not be usable since "US" limits 2.4GHz to 2472MHz instead of 2482MHz
like ETSI countries do.

So, lets do what TIP and even QCA do in their ath11k downstream tree and
completely get rid of the interesection code in ath11k.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-04-11 20:20:18 +02:00
Nick Hainke
cd8c698f78 tools/mkimage: update to 2023.04
Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-11 17:30:32 +02:00
Nick Hainke
fea4ffdef2 uboot-envtools: update to 2023.04
Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-11 17:24:29 +02:00
Rafał Miłecki
c798adad6b base-files: fix nand_upgrade_ubinized()
When using "ubiformat" with stdin it requires passing image size using
the -S argument. Provide it just like we do for "ubiupdatevol".

This fixes:
ubiformat: error!: must use '-S' with non-zero value when reading from stdin

This change fixes sysupgrade for bcm53xx and bcm4908 NAND devices
possibly some other targets too.

Cc: Rodrigo Balerdi <lanchon@gmail.com>
Cc: Daniel Golle <daniel@makrotopia.org>
Fixes: 9710712120 ("base-files: accept gzipped nand sysupgrade images")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Daniel Golle <daniel@makrotopia.org>
Tested-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-04-11 13:42:47 +01:00
Michael Trinidad
ff91a12c8d base-files: fix Linksys upgrade, restore config step
It appears that the refactor of the upgrade process for NAND devices                                                                                                                            resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.

This corrects a typo in the call of nand_do_upgrade_failed for ipq40xx
and ipq806x devices using the linksys.sh script.

Fixes: 8634c1080d ("ipq40xx: Fix Linksys upgrade, restore config step")
Fixes: 2715aff5df ("ipq806x: Fix Linksys upgrade, restore config step")
Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
2023-04-11 12:22:35 +02:00
Michael Trinidad
d1c1e10e89 mvebu: cortexa9: fix Linksys upgrade, restore config step
It appears that the refactor of the upgrade process for NAND devices                                                                                                                            resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.

This restores the preservation of configs for mvebu/cortexa9 devices using the
linksys.sh script.

Fixes: e25e6d8e54 ("base-files: fix and clean up nand sysupgrade code")
Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
2023-04-11 12:22:09 +02:00
Michael Trinidad
65f8089b7a kirkwood: fix Linksys upgrade, restore config step
It appears that the refactor of the upgrade process for NAND devices
resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.

This restores the preservation of configs for kirkwood devices using the
linksys.sh script.

Fixes: e25e6d8e54 ("base-files: fix and clean up nand sysupgrade code")
Fixes: #12298
Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
2023-04-11 12:21:15 +02:00
Paul Spooren
9cbc83726e bcm53xx: switch to Kernel 5.15 by default
Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Tested-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-10 23:13:12 +02:00
Paul Spooren
d10503060b bcm4908: switch to Kernel 5.15 by default
Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[rmilecki: tested on GT-AC5300: boot, sysupgrade & 940 Mbps NAT]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-10 21:21:03 +02:00
Arturas Moskvinas
21d02e598a uboot-sunxi: update support for FriendlyARM ZeroPI
Since commit torvalds/linux@bbc4d71 ("net: phy: realtek: fix rtl8211e rx/tx
delay config") network is broken on the FriendlyELEC(ARM) ZeroPi.

Replaces custom patches with upstream uboot patch:
2527b24f39

Signed-off-by: Arturas Moskvinas <arturas.moskvinas@gmail.com>
2023-04-10 13:50:58 +02:00
Hauke Mehrtens
d679b15d31 mbedtls: Update to version 2.28.3
This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3

The 100-fix-compile.patch patch was merged upstream, see:
https://github.com/Mbed-TLS/mbedtls/issues/6243
https://github.com/Mbed-TLS/mbedtls/pull/7013

The code style of all files in mbedtls 2.28.3 was changed. I took a new
version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this
pull request: https://github.com/Mbed-TLS/mbedtls/pull/6475

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-10 13:36:26 +02:00
Álvaro Fernández Rojas
457549665f bmips: dts: add missing phy modes
PHY modes should be defined in the device tree for the bcm63xx internal switch.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:06:22 +02:00
Álvaro Fernández Rojas
2c824b4615 bmips: remove source-only flag
bmips target is now more stable and it's time to start generating buildbot
images in order to receive a wider testing, which will be essential to replace
bcm63xx target in the future.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Álvaro Fernández Rojas
6fd8e0f943 bmips: add subtargets for each SoC
BMIPS is a generic arch that can be used for multiple Broadcom SoCs, each one
with its own specific drivers, so instead of having a huge kernel supporting
all of them, let's switch to a subtarget per SoC like other OpenWrt targets.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Álvaro Fernández Rojas
e76556d967 bmips: b43-sprom: fix build when SSB/BCMA disabled
Fix build of B43 SPROM fallback when SSB or BCMA are disabled.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Álvaro Fernández Rojas
95b846fbc0 bmips: allow disabling mdio-mux-bcm6368
This controller is only present on SoCs with B53 MMAP switch.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Álvaro Fernández Rojas
f5adc5bafb kernel: disable CONFIG_HW_RANDOM_BCM2835
This HW RNG is present on some Broadcom 63XX SoCs, but not all of them.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Petr Štetiar
57392d6377 kernel: crypto: fix missing dependecies for CRYPTO_USER_API_ENABLE_OBSOLETE
CRYPTO_USER_API_ENABLE_OBSOLETE config symbol depends on CRYPTO_USER so
lets add this dependency to relevant modules.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-04-10 07:36:33 +02:00
Petr Štetiar
8a554a2878 kernel: crypto: fix architecture specific modules
While tracking one bug report related to wrong package dependencies I've
noticed, that a bunch of the crypto modules are actually not
architecture specific, but either board/subtarget (x86/64) or board
(mpc85xx) specific.

So lets fix it, by making those modules architecture specific:

 x86/64  -> x86_64
 mpc85xx -> powerpc

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-04-10 07:36:33 +02:00
John Audia
32f134fbdf kernel: bump 5.15 to 5.15.106
Removed upstreamed:
        generic/735-net-ethernet-mtk_eth_soc-fix-flow_offload-related-re.patch[1]
        pending-5.15/350-mips-bmips-BCM6358-disable-RAC-flush-for-TP1.patch[2]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.106&id=76f09582a191dcf11118fd4bdbf50f538c90fa8d

2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/arch/mips/bmips?h=v5.15.106&id=65b723644294f1d79770704162c0e8d1f700b6f1

Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod, ipq806x/R7800
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod, ipq806x/R7800

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-04-09 14:48:34 +02:00
Álvaro Fernández Rojas
8bee6a9f1d bmips: switch to LED kernel modules
Disable LED controllers from kernel config and switch to per device kernel
modules.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:52:32 +02:00
Álvaro Fernández Rojas
6e081e1778 bmips: add LED kernel modules
Add BCM6328 and BCM6358 LED kernel modules.
This allows selecting the LED controllers only for those devices using them.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:34:05 +02:00
Álvaro Fernández Rojas
aefeb34223 bmips: add support for Sercomm SHG2500
Sercomm SHG2500 is a BCM63168 with 128M of RAM, 256M of NAND, an external
BCM53124S switch for the LAN ports and internal/external Broadcom wifi.
LEDs are connected to an external MSP430G2513 MCU controlled via SPI.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:33:13 +02:00
Álvaro Fernández Rojas
d11a7c4d95 bmips: use sercomm-pid script
Make use of sercomm-pid script for generating the Sercomm PID, which avoids
having to add an array of hex bytes for every new Sercomm device.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:21:58 +02:00
Álvaro Fernández Rojas
d309160d30 bmips: image: rename SERCOMM_VERSION to SERCOMM_FSVER
SERCOMM_VERSION is ambiguous and it should be more clear that it refers to the
version used for the filesystem.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:06:26 +02:00
Álvaro Fernández Rojas
0cdc257b8d scripts: sercomm-pid: add bmips support
Apparently, Sercomm sets 2 padding bytes instead of 1 (ramips).
The HW version is a bit different than the one used for ramips.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 10:01:03 +02:00
Álvaro Fernández Rojas
8758438c27 ramips: sercomm-payload: use pide-file argument
Instead of passing an array of hex bytes for the Sercomm PID we can now use
the --pid-file parameter.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 09:59:21 +02:00
Álvaro Fernández Rojas
8382c5662e scripts: sercomm-payload: add PID file support
Allow passing Sercomm PID from file.
Until now, Sercomm PID could only be passed as an array of hex bytes.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-09 09:55:57 +02:00
Nick Hainke
0c53801968 libcap: update to 2.68
Release Notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.vdh3d47czmle

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-08 15:52:56 +02:00
Nick Hainke
48f5a98d50 tools/mtools: update to 4.0.43
Release Notes:
https://lists.gnu.org/archive/html/info-gnu/2023-03/msg00006.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-08 15:51:32 +02:00
John Audia
78a468f690 kernel: bump 5.10 to 5.10.177
All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-04-08 15:32:01 +02:00
Joe Mullally
2122c80b32 ramips: lower re305-v3 spi-max-frequency
Fix flash I/O instability observed in newer devices with cFeon
QH64A-104HIP (detected as en25qh64).

Ref: https://forum.openwrt.org/t/support-for-tp-link-re305-v3/75893/91

Reported-by: Dimitri Souza <dimitri.souza@gmail.com>
Tested-by: Dimitri Souza <dimitri.souza@gmail.com>
Signed-off-by: Joe Mullally <jwmullally@gmail.com>
[alter commit-message - target master]
Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
827a40502f mpc85xx: refresh patches
Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
765f66810a mpc85xx: add support for Enterasys WS-AP3715i
Hardware
--------

SoC:   NXP P1010 (1x e500 @ 800MHz)
RAM:   256M DDR3 (2x Samsung K4B1G1646G-BCH9)
FLASH: 32M NOR (Spansion S25FL256S)
BTN:   1x Reset
WiFi:  1x Atheros AR9590 2.4 bgn 3x3
       2x Atheros AR9590 5.0 an 3x3
ETH:   2x Gigabit Ethernet (Atheros AR8033 / AR8035)
UART:  115200 8N1 (RJ-45 Cisco)

Installation
------------
1. Grab the OpenWrt initramfs, rename it to ap3715.bin. Place it in
   the root directory of a TFTP server and serve it at
   192.168.1.66/24.

2. Connect to the serial port and boot the AP. Stop autoboot in U-Boot
   by pressing Enter when prompted. Credentials are identical to the one
   in the APs interface. By default it is admin / new2day.

3. Alter the bootcmd in U-Boot:

 $ setenv ramboot_openwrt "setenv ipaddr 192.168.1.1;
   setenv serverip 192.168.1.66; tftpboot 0x2000000 ap3715.bin; bootm"

 $ setenv boot_openwrt "sf probe 0; sf read 0x2000000 0x140000 0x1000000;
   bootm 0x2000000"

 $ setenv bootcmd "run boot_openwrt"

 $ saveenv

4. Boot the initramfs image

 $ run ramboot_openwrt

5. Transfer the OpenWrt sysupgrade image to the AP using SCP. Install
   using sysupgrade.

 $ sysupgrade -n <path-to-sysupgrade.bin>

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
f058dad1b6 mpc85xx: don't compress kernel image for WS-AP3825i
The kernel is already compressed with XZ by the bootwrapper, thus we
gain nothing by compressing it a second time.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
1d4d21481f mpc85xx: reserve upper 1MB of RAM for WS-AP3825i
The bootpage for the second core is placed by U-Boot in the upper 128k
of syste-memory.

This could either be a reserved-area or deducted from the total
system-memory. As only the latter is parsed by the bootwrapper, reduce
the available system memory for linux in order to preserve the bootpage
from being overwritten.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
e3f31ff20d mpc85xx: backport bootwrapper patch to kernel 5.10
Kernel 5.10 builds currently fail because the patch for using the
simpleImage bootwrapper were not added to 5.10.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
51046da7be mpc85xx: add properties normally added by U-Boot
This adds properties to PCIe as well as ethernet nodes which are
normally added by the Extreme Networks U-Boot.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
16e1bf509c mpc85xx: fix incorrect CPU node / properties
This adds properties normally filled by U-Boot. Also it fixes the node
name, which is incorrectly referring to a P1010 core.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
3d43d68333 mpc85xx: add localbus frequency for WS-AP3825i
This is normally filled by U-Boot.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
e81709af13 mpc85xx: add linux,stdout-path for WS-AP3825i
This is normally filled by U-Boot. Prevents double-printing of early
console messages. Also enables debug-output by the zImage wrapper.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
David Bauer
076da59f17 ramips: define remapping-range for DAP-X1860
Prevent the BBT translation layer from remapping the UBI used for
storing rootfs.

Explicitly define the number of blocks reserved for remapping.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-04-08 14:41:01 +02:00
Paul Spooren
c8934099bf octeon: switch to Kernel 5.15 by default
Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2023-04-08 00:47:12 +02:00
Paul Spooren
596059266a kirkwood: switch to Kernel 5.15 by default
Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2023-04-08 00:43:25 +02:00
Paul Spooren
16565bc1ce tegra: switch to Kernel 5.15 by default
Getting ready for the next release.

Acked-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2023-04-08 00:30:22 +02:00
Eneas U de Queiroz
c3cb2d48da
openssl: fix CVE-2023-464 and CVE-2023-465
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:

- Excessive Resource Usage Verifying X.509 Policy Constraints
  (CVE-2023-0464)
  Severity: Low
  A security vulnerability has been identified in all supported versions
  of OpenSSL related to the verification of X.509 certificate chains
  that include policy constraints.  Attackers may be able to exploit
  this vulnerability by creating a malicious certificate chain that
  triggers exponential use of computational resources, leading to a
  denial-of-service (DoS) attack on affected systems.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

- Invalid certificate policies in leaf certificates are silently ignored
  (CVE-2023-0465)
  Severity: Low
  Applications that use a non-default option when verifying certificates
  may be vulnerable to an attack from a malicious CA to circumvent
  certain checks.
  Invalid certificate policies in leaf certificates are silently ignored
  by OpenSSL and other certificate policy checks are skipped for that
  certificate.  A malicious CA could use this to deliberately assert
  invalid certificate policies in order to circumvent policy checking on
  the certificate altogether.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466.  It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.

Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-07 11:26:26 +02:00