Commit Graph

21472 Commits

Author SHA1 Message Date
Weijie Gao
ef523fdb07 kernel: modules: usb: adapt for kernel 6.6
Adapt usb kmods for building under kernel 6.6:
* Add kmod-phylink as dependency for usb-net-asix
* Add kmod-net-selftests as dependency for usb-net-smsc95xx
* Add kmod-iio-core as dependency for usb-hid-mcp2221 as ADC/DAC
support was added since 6.2 which requires IIO.

Signed-off-by: Weijie Gao <hackpascal@gmail.com>
2024-03-11 20:17:26 +01:00
Daniel Golle
ad2906b405 kernel: modules: netdevices: adapt for kernel 6.6
Adapt netdevices kmods for building under kernel 6.6:
* Add missing module dependency for kmod-stmmac-core on kmod-of-mdio.
* Invert criteria to allow Airoha EN8811H PHY driver to build with
  Linux 6.1 as well as Linux 6.6.
* Mellanox mlx5 driver started exposing thermal sensors and now it requires
  hwmon

Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-03-11 20:17:26 +01:00
Weijie Gao
48b52d51dc kernel: modules: netsupport: adapt for kernel 6.6
Adapt netsupport kmods for building under kernel 6.6:
* common part of mqprio was split into a new Kconfig since 6.3.
Add new kmod-sched-mqprio-common as dependency for kmod-sched-mqprio.

Signed-off-by: Weijie Gao <hackpascal@gmail.com>
2024-03-11 20:17:26 +01:00
Weijie Gao
0c98d99c5e kernel: modules: input: adapt for kernel 6.6
Adapt input kmods for building under kernel 6.6:
* kmod-input-touchscreen-edt-ft5x06 depends on kmod-regmap-i2c
from 6.3 as it starts to use regmap to access registers
* CONFIG_HID_SUPPORT needs to be set in addition to CONFIG_HID.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
2024-03-11 20:17:26 +01:00
Weijie Gao
8d83b9ee2d kernel: modules: iio: adapt for kernel 6.6
Adapt iio kmods for building under kernel 6.6:
* kmod-iio-lsm6dsx depends on kmod-kmod-industrialio-triggered-buffer
from 6.2

Signed-off-by: Weijie Gao <hackpascal@gmail.com>
2024-03-11 20:17:26 +01:00
Daniel Golle
5f230cd0b1 uboot-mediatek: fix typo patch filename
311-mt7986-select-roodisk.patch -> 311-mt7986-select-rootdisk.patch

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-03-11 19:14:14 +00:00
Daniel Golle
2302a7c5ad uboot-mediatek: fix patch order
Make sure patch sequence number is unique by moving patch
440-add-jdcloud_re-cp-03.patch -> 441-add-jdcloud_re-cp-03.patch

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-03-11 19:14:14 +00:00
Paul Donald
53252eeb3b lldpd: Implement location parameter
Previously only partially implemented. After commit
5007f488bb lldp_location was never removed

Now, add the value of lldp_location to the generated config.

The location param has a few syntaxes, so the config acquires the first
usage from the man page: 'address country EU'

Supplementary fix for PR #14193 (this param was included in the original
PR #13018 but the lldp_location fixes were absent from PR #14193).

Tested on 22.03.5, 22.03.6

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 15:35:58 +01:00
Paul Donald
79ee4cb039 lldpd: fix error "sh: XXXms: bad number"
from commit 3ce909914a

The lldpd man page says that "configure lldp tx-interval" can
specify an interval value in milliseconds by appending a "ms" suffix to
the figure. Thus mandating string handling, and not integer comparison.

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
228d4e7f1b lldpd: refactor out ifaces derivation; reuse function
from commit 909f063066

Now pass two params to get_config_cid_ifaces() for:

cid_interface
interface

Each of which is a CSV of interfaces.

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
4dcece46a7 lldpd: remove unneeded quotes
from commit a5f715da71

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
bd1b17d589 lldpd: remove unneeded quotes and variable quoting
from commit ac771313eb

portidsubtype takes 1 of 2 possible keywords which do not need quoting:

         configure lldp portidsubtype ifname | macaddress

The third keyword 'local' is used in the syntax when individual ports
are being defined:

         configure [ports ethX [,…]] lldp portidsubtype local value

When this syntax is used, quoting is useful (see test cases for lldpd).
In the init file, the 'local' syntax is unused.

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
24a4da527f lldpd: remove unneeded quotes and variable quoting
from commit c98ee4dbb3

agent-type takes 1 of 3 possible keywords which do not require quoting:

         configure lldp agent-type nearest-bridge | nearest-non-tpmr-bridge
         | nearest-customer-bridge

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
b039641071 lldpd: remove unneeded quotes and variable quoting
from commit 3ce909914a

'capabilities enabled x' where x is a string of CSV

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
82ec853284 lldpd: remove unneeded quotes
from commit 3ce909914a

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
20a4dddeb0 lldpd: remove unneeded quotes and variable quoting
from commit 24176a6bdd

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
4fb8fea6de lldpd: fix a paste error
from commit 1be2088a52

The original PR #13018 did not exhibit this.

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
1909b6f883 lldpd: spell fixes
Supplementary fix for PR #14193

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
97eb3bf76c lldpd: fix -k 'lldp_no_version' row
Supplementary fix for PR #14193 and commit
b67182008f

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Nathaniel Wesley Filardo
838a27f64f dnsmasq: version 2.90
Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).

Catch up our 200-ubus_dns.patch, too.

Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
2024-03-11 09:55:15 +01:00
Zoltan HERPAI
ce1138867c mac80211: select BRCMFMAC_SDIO on starfive
As the Visionfive V1 board has an Ampak module connected via SDIO, enable
support for SDIO in the brcmfmac module.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-03-10 18:21:50 +01:00
Zoltan HERPAI
db0d7cf6a1 usb: add cdns3 support
CDNS3 is a SuperSpeed (SS) USB 3.0 Dual-Role-Device (DRD) controller from
Cadence. Add support for this device, and add the required symbols into
the generic configs.

Compile-tested: apm821xx, bcm4908, imx, mpc85xx, pistachio, starfive

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-03-10 18:21:41 +01:00
Sungbo Eo
ec45f2f246 ramips: rename mtd partition of ipTIME NAND devices
Contrary to common ipTIME NOR devices, the "Config" partition of T5004
and AX2004M contain normal U-Boot environment variables. Renaming the
partition into "u-boot-env" serves for better description, and it also
conforms to common naming practice in OpenWrt.

This patch might also be extended to A3004T, but its u-boot-env
partition layout has not been confirmed yet.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2024-03-10 16:32:14 +09:00
Shiji Yang
97f542238a mac80211: rtl8xxxu: sync with linux-next 20240229
Backporting upstream patches to improve RTL8188F support.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2024-03-09 23:42:37 +01:00
Shiji Yang
860dd27617 firmware: add firmware package for Realtek RTL8188FU
Realtek RTL8188F is an 802.11n 1x1 USB Wi-Fi adapter. It has been
supported by the upstream rtl8xxxu driver since Linux 6.2 kernel.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2024-03-09 23:42:37 +01:00
Christian Lamparter
7241a91c94 firmware: intel-microcode: update to 20231114
Debian changelog:

intel-microcode (3.20231114.1) unstable; urgency=medium

  * New upstream microcode datafile 20231114 (closes: #1055962)
    Mitigations for "reptar", INTEL-SA-00950 (CVE-2023-23583)
    Sequence of processor instructions leads to unexpected behavior for some
    Intel(R) Processors, may allow an authenticated user to potentially enable
    escalation of privilege and/or information disclosure and/or denial of
    service via local access.
    Note: "retvar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen
    Core mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm
    0x01) were already mitigated by a previous microcode update.
  * Fixes for unspecified functional issues
  * Updated microcodes:
    sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008
    sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816
    sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664
    sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616
    sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304
    sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448
    sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416
    sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184
    sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208
    sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160
    sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430
    sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430
    sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760
    sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448
    sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944
    sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064
    sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c
    sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c
    sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192
  * Updated 2023-08-08 changelog entry:
    Mitigations for "retvar" on a few processors, refer to the 2023-11-14
    entry for details.  This information was disclosed in 2023-11-14.
  * source: update symlinks to reflect id of the latest release, 20231114

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 16 Nov 2023 08:09:43 -0300

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2024-03-09 20:00:11 +01:00
Christian Lamparter
0671803bc5 Revert "ipq-wifi: fix upstream board-2.bin ZTE M289F snafu"
This reverts commit 75505c5ec7.
The issue has been fixed upstream.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2024-03-09 20:00:11 +01:00
Daniel Golle
efa71c532e uboot-mediatek: add 'rootwait' to bootargs where needed
Probing of the fitblk driver in some situations happens after Linux
attempts to mount rootfs, which then fails.
Always use 'rootwait' kernel parameter when using fitblk for rootfs.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-03-09 13:59:58 +00:00
Felix Fietkau
1f5fd5cb97 mac80211: fix a regression in the broadcast AQL patch
The AQL limit for buffered broadcast packets is higher than the maximum
total pending airtime limit. This can get unicast data stuck whenever there
is too much pending broadcast data. Fix this by excluding broadcast AQL from
the total limit.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-03-08 22:46:32 +01:00
Felix Fietkau
e3bb01b30e mbedtls: enable threading support
Fixes libssh, which requires it. Bump ABI_VERSION, since enabling this
option affects data structures in mbedtls include files.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-03-08 22:46:32 +01:00
Robert Marko
ce2b302ca4 kernel: crypto: use ARM64 SHA256 CE optimized module for more targets
At start I only set qualcommax to use the Crypto Extensions optimized
version of SHA256 as I knew it supports the optional Crypto Extensions.

However, after looking into the tree there are more targets/subtargets
that I could find at least a specification sheet that says the support
Cryptographic Extensions, so lets add them.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-08 17:16:18 +01:00
Robert Marko
90c09ede93 kernel: crypto: use ARM64 SHA1 CE optimized module for more targets
At start I only set qualcommax to use the Crypto Extensions optimized
version of SHA1 as I knew it supports the optional Crypto Extensions.

However, after looking into the tree there are more targets/subtargets
that I could find at least a specification sheet that says the support
Cryptographic Extensions, so lets add them.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-08 17:16:18 +01:00
Christian Marangi
abbe909569
libiwinfo: update to Git HEAD (2024-03-08)
163a640fef30 devices: add device id for Qualcomm Atheros QCA6174
8ffb8bfd1115 devices: add add Qualcomm Atheros IPQ6018 WiSoC compatible

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-03-08 14:26:34 +01:00
Sergey Ponomarev
9da90971ab ubox: make logread as an alternative
The logread can be replaced with syslog-ng.
To support this it should be an alternative itself.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
2024-03-08 15:38:37 +08:00
Hauke Mehrtens
662e052588 linux-firmware: Update to version 20240220
This updates the following firmware files:
airoha-en8811h-firmware/lib/firmware/airoha/EthMD32.DSP.bin
airoha-en8811h-firmware/lib/firmware/airoha/EthMD32.dm.bin
amdgpu-firmware (Many files)
ar3k-firmware/lib/firmware/qca/hpnv21.bin
ar3k-firmware/lib/firmware/qca/hpnv21g.bin
ath10k-board-qca4019/lib/firmware/ath10k/QCA4019/hw1.0/board-2.bin
ath10k-board-qca9888/lib/firmware/ath10k/QCA9888/hw2.0/board-2.bin
ath10k-firmware-qca6174/lib/firmware/ath10k/QCA6174/hw3.0/firmware-6.bin
ath11k-firmware-wcn6750/lib/firmware/ath11k/WCN6750/hw1.0/board-2.bin
ath11k-firmware-wcn6855/lib/firmware/ath11k/WCN6855/hw2.0/amss.bin
ath11k-firmware-wcn6855/lib/firmware/ath11k/WCN6855/hw2.0/board-2.bin
ath11k-firmware-wcn6855/lib/firmware/ath11k/WCN6855/hw2.1/amss.bin
ath11k-firmware-wcn6855/lib/firmware/ath11k/WCN6855/hw2.1/board-2.bin
ibt-firmware/lib/firmware/intel/ibt-0040-0041.ddc
ibt-firmware/lib/firmware/intel/ibt-0040-0041.sfi
ibt-firmware/lib/firmware/intel/ibt-0040-1050.sfi
ibt-firmware/lib/firmware/intel/ibt-0040-4150.sfi
ibt-firmware/lib/firmware/intel/ibt-0041-0041.sfi
ibt-firmware/lib/firmware/intel/ibt-0180-0041.sfi
ibt-firmware/lib/firmware/intel/ibt-0180-1050.sfi
ibt-firmware/lib/firmware/intel/ibt-0180-4150.sfi
ibt-firmware/lib/firmware/intel/ibt-1040-0041.sfi
ibt-firmware/lib/firmware/intel/ibt-1040-4150.sfi
iwlwifi-firmware-be200/lib/firmware/iwlwifi-gl-c0-fm-c0-83.ucode
iwlwifi-firmware-be200/lib/firmware/iwlwifi-gl-c0-fm-c0.pnvm

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-07 19:37:36 +01:00
Robert Marko
e247763617 ath25: drop target
ath25 has been on life support for the last couple of releases, eventually
leading to marking it as source-only in 2023.

It has been basically only touched to do a kernel bump so that we can make
the new OpenWrt release which was a challenge due to small RAM amount.

However, with the attempt of kernel 6.1 update it turns out that kernel
cannot even finish booting due to RAM constraints, so its time to let this
target go.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-07 12:15:51 +01:00
Sven Eckelmann
71411cb8b8 ath11k-firmware: Move from kvalo to new upstream repository
It was announced [1] that the original staging repositories are no longer
used for staging of new firmware binaries. And that the old repository will
be removed [2] in June 2024.

The ath11k-firmware package must therefore point to the new repository
before the old one is no longer accessible.

[1] https://lore.kernel.org/r/bac97f31-4a70-4c4c-8179-4ede0b32f869@quicinc.com
[2] 8d2cc160f3

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2024-03-07 09:37:42 +01:00
Robert Marko
5b1d6d4607 kernel: crypto: add SHA512 ARM64 ASM optimized module
Kernel has an ASM optimized version of SHA512 that was ported from
OpenSSL, so lets package it as it provides significant perfomance
improvement compared to the generic implementation.

There is a Cryptographic Extension based version as well, but that relies
on ARMv8.2 ISA which I am not aware any of the OpenWrt supported SoC-s use.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-06 22:00:58 +01:00
Robert Marko
4443470a57 kernel: crypto: add SHA2(224 and 256) ARM64 CE optimized module
Kernel has optimized version of SHA2(224 and 256) using the ARMv8 Crypto
Extensions, so lets package it.

Use it by default for qualcommax as it uses Cortex-A53 core and has ARMv8
CE extensions present.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-06 18:38:28 +01:00
Robert Marko
09207c0348 kernel: crypto: add SHA256 ARM64 ASM optimized module
Kernel has an ASM optimized version of SHA256 that was ported from
OpenSSL, so lets package it as it provides significant perfomance
improvement compared to the generic implementation.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-06 18:30:21 +01:00
Robert Marko
9425064bdb kernel: crypto: add SHA1 ARM64 CE optimized module
Kernel has optimized version of SHA1 using the ARMv8 Crypto Extensions,
so lets package it.

Use it by default for qualcommax as it uses Cortex-A53 core and has ARMv8
CE extensions present.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-06 12:16:11 +01:00
Weijie Gao
d40d64fc62 cryptodev-linux: update to 1.13
Update to 1.13 with upstream backports.

Signed-off-by: Weijie Gao <hackpascal@gmail.com>
2024-03-06 10:17:45 +01:00
Robert Marko
fdb563c1a5 kernel: qca-ssdk: refresh PCS patch
Recently added PCS patch requires a refresh, so lets do it.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-05 21:43:54 +01:00
Robert Marko
3e6f64d443 kernel: crypto: package SHA3
SHA3 is now required by jitterentropy_rng in kernel 6.6, so lets start
preparing by packaging SHA3 support as its supported in 5.15 and 6.1
kernels as well.

AFAIK, only ARMv8.2 has a crypto extension for SHA3, however I am not aware
of any SoC we support that uses ARMv8.2 ISA so its not enabled currently.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-05 20:23:46 +01:00
Rafał Miłecki
4efbfcd996 base-files: sysupgrade: handle errors when generating backup
1. Return error if any step of generating tar file fails
2. Use pipefail to avoid calling "gzip" if tar failed

Fixes: e36cc53092 ("base-files: sysupgrade: use tar helper to include installed_packages.txt")
Reported-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-03-05 11:54:55 +01:00
Dirk Buchwalder
93610492b6 qualcommax: ipq60xx: add support for netgear wax214
Netgear WAX214 is a 802.11 ax dual-band AP
    with PoE. (similar to Engenius EWS357APV3)

    Specifications:

        •     CPU: Qualcomm IPQ6010 Quad core Cortex-A53
        •     RAM: 512MB of DDR3
        •     Storage: 128MB NAND (Macronix MX30UF1G18AC)
        •     Ethernet: 1x 1G RJ45 port (QCA8072) PoE
        •     WIFI:
              2.4GHz: Qualcomm QCN5022 2x2 802.11b/g/n/ax 574 Mbps PHY rate
              5GHz: Qualcomm QCN5052 2x2 802.11a/b/g/n/ac/ax 1201 PHY rate

        •     LEDs:
              4 x GPIO-controlled LEDs
                - 1 Power LED (orange)
                - 1 LAN LED (blue)
                - 1 WIFI 5g LED (blue)
                - 1 WIFI 2g LED (blue)
                black_small_square  Buttons: 1x soft reset
                black_small_square  Power: 12V DC jack or PoE (802.3af )

            An populated serial header is onboard, format is
             1.25mm 4p (DF13A-4P-1.25H)
            RX/TX is working, bootwait is active, secure boot is not
            enabled.

            The root password of the stock firmware is unknown,
            but failsafe mode can be entered to reset the password.

            Installation Instructions:

                - obtain serial access
                - stop auto boot (press "4", Entr boot command line
		  interface)
                - setenv active_fw 0 (to boot from the primary rootfs,
                  or set to 1 to boot from the secondary rootfs
                  partition)
                - saveenv

                - tftpboot the initramfs image
                - bootm

                - copy
		  openwrt-qualcommax-ipq60xx-netgear_wax214-squashfs-factory.ubi
                  to the device
                - write the image to the NAND:
                   - cat /proc/mtd and look for rootfs partition (should
		     be mtd11,
                     or mtd12 if you choose active_fw 1)
                   - ubiformat /dev/mtd11 -f -y
		     openwrt-qualcommax-ipq60xx-netgear_wax214-squashfs-factory.ubi
                - reboot

            Note: the firmware is senao-based. But I was unable to build
                  a valid senao-header into the image.
                  Maybe they changed the header format and senaoFW isn't
                  working any more.

Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
2024-03-05 06:34:35 +01:00
Dirk Buchwalder
e8a2fd241d ipq-wifi: update to version 2024-03-04
The new version adds support for the Netgear WAX214.

Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
2024-03-05 06:34:35 +01:00
John Audia
bd6b37f463 kernel: Remove dsmark support
dsmark support was removed in kernel 5.15.150 and 6.1.80. Remove it from
the kmod package as well

Signed-off-by: John Audia <therealgraysky@proton.me>
2024-03-05 00:23:59 +01:00
Matthias Schiffer
2b46cbef81
build: do not depend on $(STAGING_DIR)/.prepared when in SDK
The dependency can't be satisfied when building using the SDK, breaking
package builds. As the staging and bin dirs are distributed with the SDK
archive, ignoring the dependency is fine when SDK is set.

Fixes: fbb924abff ("build: add $(STAGING_DIR) and $(BIN_DIR) ...")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2024-03-04 23:45:15 +01:00
Álvaro Fernández Rojas
4b3c1251a4 base-files: sysupgrade: allow overriding config restore
Some platforms like Raspberry Pi require patching some backup files like
cmdline.txt in order to set the correct root PARTUUID.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-03-04 16:27:39 +01:00
Jo-Philipp Wich
6f6406a132 base-files: sysupgrade: fix streaming backup archives to stdout
Due to previous refactoring in sysupgrade, writing backup archives to
stdout became impossible since the hardcoded gzip output redirection
did not account for the `-` special case filename.

Fix this issue by substituting `-` with `/proc/self/fd/1` in the tar
archive output path variable.

Also remove a redundant `rm -f` of the target file path that occurs
before the file could've possibly been written.

Fixes: #14773
Fixes: https://github.com/openwrt/luci/issues/6961
Fixes: e36cc53092 ("base-files: sysupgrade: use tar helper to include installed_packages.txt")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-03-04 14:58:10 +01:00
Matthias Schiffer
fbb924abff
build: add $(STAGING_DIR) and $(BIN_DIR) preparation to target and package subdir compile dependencies
In a pristine build, these directories are created as dependencies of
the tools subdir compile, however this step never runs when the tools
compile stamp already exists. Since commit ed6ba2801c ("tools: keep
stamp file in $(STAGING_DIR_HOST)"), this will happen after `make clean`:
$(STAGING_DIR) has been deleted, but the tools stamp still exists, so
the next build will fail because $(STAGING_DIR) has not been set up
correctly.

Fix builds after `make clean` by adding the preparation as dependencies
for the target and package directories as well.

Fixes: ed6ba2801c ("tools: keep stamp file in $(STAGING_DIR_HOST)")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2024-03-03 23:13:59 +01:00
Daniel Golle
37bbed6f95 kernel: lantiq: ltq-vmmc: introduce user group for vmmc
asterisk-chan-lantiq is by now the only user of the VMMC interface.
And asterisk runs as user 'asterisk' which doesn't give it permission
to open the /dev/vmmc* devices.
Introduce a new user group 'vmmc' and give permission to access the
/dev/vmmc* devices to that group.
Another commit for asterisk-chan-lantiq will add the 'asterisk' user
to that group.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-03-03 15:44:52 +00:00
Tianling Shen
4f668091bf u-boot.mk: override default PATH to avoid pick hostpkg python
hostpkg python from packages feed can be picked when do a incremental
build because hostpkg has higher priority in PATH. It may lead build
faliure as it's heavily trimmed (e.g. lacks necessary modules).

For uboot which uses binman and intree dtc, this is forced as hostpkg
python will never provide those modules by default.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-03-02 14:17:31 +01:00
Pawel Dembicki
766e688b30 ls-mc: bump to 10.38.0
Update ls-mc to latest 10.38.0 version.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2024-03-02 14:08:08 +01:00
Pawel Dembicki
16d9d91fed ls-dpl: bump to 10.38.0
Update ls-dpl to latest 10.38.0 version.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2024-03-02 14:08:08 +01:00
Daniel Golle
f08e63bd83 uboot-mediatek: remove rootfs_data before attempting to replace fip
Make sure there is enough space to replace 'fip' volume and always
remove rootfs_data before.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-03-01 00:59:49 +00:00
Linus Walleij
ef34f8f5b5 kirkwood: Add Marvell RTC to all machines with nothing else
The Kirkwood SoCs all have an onchip RTC that can hold the time
over e.g. a reboot which will help if no NTP servers are available.

Create a kernel module package for the Marvell RTC, and add it to
all Kirkwood devices that do not have their own discrete
battery-backed RTC. Adding it to platforms with a proper RTC
is just surplus.

All Kirkwoods have at least one RTC so add RTC to the features
list for Kirkwood as well.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2024-02-29 23:01:38 +01:00
Zoltan HERPAI
55c7b2cdaf uboot-d1: cleanup Makefile
Clean up leftover PKG_HASH.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-02-29 17:06:04 +01:00
Zoltan HERPAI
d41d9befb9 uboot-d1: add bootloader for upcoming d1 target
Add u-boot bootloader based on 2023.01 to support D1-based boards, currently:

 - Dongshan Nezha STU
 - LicheePi RV Dock
 - MangoPi MQ-Pro
 - Nezha D1

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-02-29 16:50:20 +01:00
Zoltan HERPAI
f8436018fd opensbi: allow building on upcoming d1 target
U-boot on D1 also uses OpenSBI as its payload. As the current version of
OpenSBI already supports D1 with no further patches required, allow
building it on the upcoming TARGET_d1 too.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-02-29 16:50:19 +01:00
Rafał Miłecki
0ad062a21b base-files: sysupgrade: add uci-defaults script disabling services #2
Disabled services should be kept disabled after sysupgrade. This can be
easily handled using a proper uci-defaults script.

Extend sysupgrade to check for disabled services, generate uci-defaults
script disabling them and include it in backup.

Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2024-02-29 16:12:06 +01:00
Rafał Miłecki
e36cc53092 base-files: sysupgrade: use tar helper to include installed_packages.txt
Replace mount + overlay with manually built tar archive that gets
prepended to the actual config files backup. This allows more
flexibility with including extra backup files. They can be included at
any paths and don't require writing to flash or mounting an overlay
which has its own limitations (mount points).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2024-02-29 16:12:06 +01:00
Jo-Philipp Wich
08495b7f24 base-files: sysupgrade: add tar.sh with helpers for building archives
This allows building uncompressed tar archives from shell scripts (and
compressing them later if needed)

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
[rmilecki: adapt to sysupgrade needs]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-29 16:11:47 +01:00
Tianling Shen
d6e008ace9 uboot-mediatek: correct board name for BananaPi BPi-R3 Mini
It should be "BananaPi BPi-R3 Mini" instead of just "BananaPi BPi-R3".

Fixes: bc25519f98 ("uboot-mediatek: add builds for BananaPi BPi-R3 mini")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-02-28 12:48:43 +08:00
Paul Donald
dd8850756d umdns: prevent a few 'uci: Entry not found'
pass '-q' switch to uci to prevent spurious output

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-02-27 20:10:08 +01:00
Julius Lehmann
1d456c5e7a dnsmasq: Fix wrong format for --dhcp-boot option
dnsmasq --dhcp-boot option uses 'tag' instead of 'net' to specify tags

Signed-off-by: Julius Lehmann <lehmanju@devpi.de>
2024-02-26 21:24:37 +01:00
Oskari Rauta
597f9cf6b3 e2fsprogs: add libe2p and development headers
this patch separates libe2p from e2fsprogs package, like all other
provided libraries are their own packages. Also some development headers
were missing so I added those along with pkg-config files.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
2024-02-26 21:19:10 +01:00
Daniel Golle
0c18c5679a base-files: export whole disk of fitblk backing partition
After commit ad62247800 ("base-files: improve lib/upgrade/common.sh")
behavior of export_bootdevice has been made consistent in such way that
always the whole disk device is exported (as that was the case already
when matching via UUID) rather than the partition device.
Do the same for the device holding the fitblk backing partition.

Fixes: 5992f976b3 ("base-files: recognize bootdevice on devices using fitblk")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-26 04:01:10 +00:00
Daniel Golle
fc865eb3ae uboot-envtools: replace use of platform_get_bootdev
Use new function fitblk_get_bootdev in /lib/upgrade/common.sh instead.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-26 01:29:22 +00:00
Daniel Golle
5992f976b3 base-files: recognize bootdevice on devices using fitblk
Boards using the fitblk driver need special treatment when it comes to
detecting the actual block device used to store the image used to boot
from. Transparently handle this in 'export_bootdevice' and provide new
'fitblk_get_bootdev' function to replace implementations in
/lib/upgrade/platform.sh.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-26 01:29:22 +00:00
Paweł Owoc
c2537f3c8f ipq-wifi: update to version 2024-02-25, remove unused ipq8174 extension
fc30aee ipq8074: remove regdomain, update regdb and rename MX4200 BDF
Remove unused ipq8174 extension

Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
2024-02-25 15:04:31 +01:00
Daniel Golle
c378927ef8 procd: update to git HEAD
2f94972 hotplug-dispatch: don't filter empty env variables
 1901aba system: break infite loop resolving rootfs type

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-24 04:00:15 +00:00
Daniel Golle
6368ed1ae5 mediatek: mt7623: phase out uImage.FIT partition parser
Use the new fitblk driver on the BananaPi R2 as well as UniElec U7623.
Introduce boot device selection for fitblk's /chosen/rootdisk
handle, similar to how it is already done on MT7622, MT7986 and MT7988.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-24 03:02:35 +00:00
Daniel Golle
9b6427e908 uboot-mediatek: fix truncated patch
The default environment for the Linksys E8450 and Belkin RT3200 got
truncated by one line due to a broken patch. While the impact was
luckily only cosmetic, fix it so bootmenu title also shows U-Boot
version again.

Fixes: 6aec3c7b5b ("mediatek: mt7622: modernize Linksys E8450 / Belkin RT3200 UBI build")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-24 03:02:35 +00:00
Marcin Gajda
07b9186e88 ipq40xx: Add support Netgear LBR20
**Netgear LBR20** is a router with two gigabit ethernets , three wifi radios and integrated LTE cat.18 modem.

SoC Type: Qualcomm IPQ4019
RAM: 512 MiB
Flash: 256 MiB , SLC NAND, 2 Gbit (Macronix MX30LF2G18AC)
Bootloader: U-Boot
Modem: LTE CAT.18 Quectel EG-18EA ,  Max. 1.2Gbps downlink / 150Mbps uplink

WiFi class AC2200:
- radio0 : 5G on QCA9888 , WiFi5- 802.11a/n/ac MU-MIMO 2x2 , 887Mbps , 80MHz - limited for low channels
- radio1: 2,4G on IPQ4019 ,WiFi4- 802.11b/g/n MIMO2x2 300Mbps 40Mhz
- radio2: 5G on IPQ4019 , WiFi5- 802.11a/n/ac MU-MIMO 2x2 , 887Mbps ,80Mhz - limited for high channels  (from 100 up to 165) . Becouse of DFS remember to set country before turning on.

Ethernet: 2x1GbE (WAN/LAN1, LAN2)
LEDs:  section power : green and red  , section on top (orbi) drived by TLC59208F: red, green ,blue and white
USB ports: No
Buttons:  2 Reset and SYNC(WPS)
Power: 12 VDC, 2,5 A
Connector type: Barrel

OpenWRT Installation
1. Simplest way is just do upgrade from webpage with *factory.img
2. You can also do it with standard tool for Netgear's debricking - NMPRFlash
3. Most advanced way is to open device , connect to UART console and :
- Prepare OpenWrt initramfs image in TFTP server root (server IP 192.168.1.10)
- Connect serial console (115200,8n1) to UART connector
- Connect TFTP server to RJ-45 port
- Stop in u-Boot and run u-Boot command:

> setenv serverip 192.168.1.10
> set fdt_high 0x85000000
> tftpboot 0x83000000 openwrt-ipq40xx-generic-netgear_lbr20-initramfs-zImage.itb
> bootm 0x83000000

- Login via ssh
- upload or download *sysupgrade.bin ( like wget ... or scp transfer)
-  Install image via "sysupgrade -n" (like “sysupgrade -n /tmp/openwrt-ipq40xx-generic-netgear_lbr20-squashfs-sysupgrade.bin”)

Back to Stock
- Download firmware from official Netgear's webpage , it will be *.img file after decompressing.
- Use NMRPFlash tool  ( detailed insructions on project page https://github.com/jclehner/nmrpflash )

Open the case
- Unscrew nuts and remove washers from antenna's conectors.
- There are two Torx T10 screws under the label next to antenna conectors. You have to unglue this label from left and right corner to get it
- Two parts of shell covers will slide out from eachother , you have to unglue two small rubber pads and namplate sticker on bottom to do that.
- PCB is screwed with 4Pcs of Torx T10 screws
- Before lifting up PCB remove pigtiles for LTE antennas and release them from PCB and radiator (black and white wires)
- On other side of PCB ,in left bottom corner there is already soldered with 4 pins UART connector for console. Counting from left it is  +3,3V , TX , RX ,GND (reffer to this picture: https://i.ibb.co/Pmrf9KB/20240116-103524.jpg )

BDF's files are in firmware_qca-wireless  https://github.com/openwrt/firmware_qca-wireless/ and in parallel sent to ath10k@lists.infradead.org.

Signed-off-by: Marcin Gajda <mgajda@o2.pl>
2024-02-23 19:46:23 +01:00
Daniel Golle
ae2dced6ce
rpcd: update to latest git HEAD
8ef4c25 sys: use "Auto-Installed" field for packagelist

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-23 15:59:05 +01:00
Robert Marko
9bd7d8b756 ipq-wifi: fix archive hash
It seems that ipq-wifi bump included and incorrect PKG_MIRROR_HASH value,
so fix it by using:
make package/firmware/ipq-wifi/check FIXUP=1

Fixes: 70fd815e57 ("qualcommax: ipq807x: add support for Linksys MX5300")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-02-23 14:14:05 +01:00
Eneas U de Queiroz
375dd23011 mac80211: only build ath10k with smallbuffers
When both variants of ath10k drivers are selected, any driver that is
selected along is being built twice, one for each ath10k variant.

Avoid these redundant builds by introducing an optional second parameter
to config_package that lists the variants for which the package is to be
built.

If the symbol is to be set for all of the variants, $(ALL_VARIANTS) can
be used.  This is the case for the mac80211 and cfg80211 modules.  If
the parameter is empty, then the module will be selected and thus built
when the first variant is compiled.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2024-02-23 14:02:53 +01:00
Eneas U de Queiroz
4390ea484d mac80211: build each variant in its own dir
Having different build directories is the default when the package
Makefile defines more than one variant.

Mac80211 overrides PKG_BUILD_DIR, not taking different variants in
consideration, which causes clobbering the directories when both
variants are built.

When compiled with AUTOREMOVE=y, the effect is that the package is
unnecessarily rebuilt when the package is compiled again.

Wihout AUTOREMOVE, the problem is worse: the second variant will not be
rebuilt, and you end up with the smallbuffers variant being a copy of
the regular one.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2024-02-23 14:02:53 +01:00
Paweł Owoc
70fd815e57 qualcommax: ipq807x: add support for Linksys MX5300
Hardware specification:
========
SoC: Qualcomm IPQ8072A
Flash: 512MB (Winbond W29N04GZBIBA)
RAM: 1GB (2x Nanya DDR3L NT5CC256M16ER-EK)
Ethernet: 5x 10/100/1000Mbps (Qualcomm QCA8075)
WiFi1: 5GHz ac 4x4 (Qualcomm QCA9984 + Skyworks SKY85746-11) - channels 100-169
WiFi2: 5GHz ax 4x4 (Qualcomm QCN5054 + Skyworks SKY85755-11) - channels 36-64
WiFi3: 2.4GHz ax 4x4 (Qualcomm QCN5024 + Skyworks SKY8340-11)
IoT: Bluetooth 5, Zigbee and Thread (Qualcomm QCA4024 + Skyworks SE2433T-R)
IoT Flash: 4MB (Macronix MX25R3235F)
RTC: ST M41T00S
LED: 1x RGB status (NXP PCA9633)
USB: 1x USB 3.0
Button: WPS, Reset

Flash instructions:
========
1. Manually upgrade firmware using openwrt-qualcommax-ipq807x-linksys_mx5300-squashfs-factory.bin image.
More details can be found here: https://www.linksys.com/hk/support-article?articleNum=274497
After first boot check actual partition:
- fw_printenv -n boot_part
and install firmware on second partition using command in case of 2:
- mtd -r -e kernel -n write openwrt-qualcommax-ipq807x-linksys_mx5300-squashfs-factory.bin kernel
and in case of 1:
- mtd -r -e alt_kernel -n write openwrt-qualcommax-ipq807x-linksys_mx5300-squashfs-factory.bin alt_kernel

2. Installation using serial connection from OEM firmware (default login: root, password: admin):
- fw_printenv -n boot_part
In case of 2:
- flash_erase /dev/mtd21 0 0
  nandwrite -p /dev/mtd21 openwrt-qualcommax-ipq807x-linksys_mx5300-squashfs-factory.bin
or in case of 1:
- flash_erase /dev/mtd23 0 0
  nandwrite -p /dev/mtd23 openwrt-qualcommax-ipq807x-linksys_mx5300-squashfs-factory.bin
After first boot install firmware on second partition:
- mtd -r -e kernel -n write openwrt-qualcommax-ipq807x-linksys_mx5300-squashfs-factory.bin kernel
or:
- mtd -r -e alt_kernel -n write openwrt-qualcommax-ipq807x-linksys_mx5300-squashfs-factory.bin alt_kernel

3. Installation from initramfs image using USB FAT32 formatted drive:
Stop u-boot and run:
- usb start && fatload usb 0:1 $loadaddr openwrt-qualcommax-ipq807x-linksys_mx5300-initramfs-uImage.itb && bootm $loadaddr
Write firmware to the flash from initramfs:
- mtd -e kernel -n write openwrt-qualcommax-ipq807x-linksys_mx5300-squashfs-factory.bin kernel
and:
- mtd -r -e alt_kernel -n write openwrt-qualcommax-ipq807x-linksys_mx5300-squashfs-factory.bin alt_kernel

4. Back to the OEM firmware:
- mtd -e kernel -n write FW_MX5300_1.1.9.200251_prod.img kernel
and:
- mtd -r -e alt_kernel -n write FW_MX5300_1.1.9.200251_prod.img alt_kernel

5. USB recovery:
- fw_setenv usbimage 'openwrt-qualcommax-ipq807x-linksys_mx5300-initramfs-uImage.itb'
  fw_setenv bootusb 'usb start && fatload usb 0:1 $loadaddr $usbimage && bootm $loadaddr'
  fw_setenv bootcmd 'run bootusb; aq_load_fw && if test $auto_recovery = no; then bootipq; elif test $boot_part = 1; then run bootpart1; else run bootpart2; fi'

Notes:
========
IoT device is accesible over spi. Not yet supported.

Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2024-02-23 13:34:59 +01:00
Rafał Miłecki
788122cc12 base-files: sysupgrade: rename add_*files() functions
Usage of word "add" was somehow misleading in those functions:
1. They don't really add (as in: append) anything. Result files are
   created from scratch.
2. It wasn't clear what adding files means. It could be understood as
   adding actual files somewhere (to existing archive?).

Also the word "add" was also a bit ambiguous.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:19:13 +01:00
Rafał Miłecki
4a1b94adba base-files: sysupgrade: s/do_save_conffiles/create_backup_archive/
Rename function to more accurate and self-explanatory name:
1. Use "archive" in name as this functions creates tar archive
2. Avoid "conffiles" as this function may archive more than that

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:19:01 +01:00
Rafał Miłecki
4ba5eba94c base-files: sysupgrade: exit with no error for --help
Calling "sysupgrade --help" should result in printing help and exiting
with 0 code.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:18:36 +01:00
Rafał Miłecki
73da77fd00 base-files: sysupgrade: group & cleanup global variables
Group & describe them by type, drop unneeded exports.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:18:36 +01:00
Rafał Miłecki
57be93c16d base-files: sysupgrade: replace UMOUNT_ETCBACKUP_DIR with a local variable
It was used inside do_save_conffiles() only.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:18:36 +01:00
Luiz Angelo Daros de Luca
61ac147bb6 base-files: sysupgrade: fix error message and typo
Some minor error message and comment fixes.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2024-02-22 22:14:54 +01:00
Rafał Miłecki
157d6019df Revert "base-files: sysupgrade: always setup overlay when creating backup"
This reverts commit 4fa9aaf0be.

That seemed like a good idea allowing us to include any runtime
generated file in archive. Unfortuantely it broke backups with files
from mounted directories.

When mounting overlay with / as lowerdir its mounts don't propagete in
the mountpoint. That resulted in empty directories:
/tmp/overlay.XXXXXX/backup/tmp/
/tmp/overlay.XXXXXX/backup/var/
/tmp/overlay.XXXXXX/backup/dev/
/tmp/overlay.XXXXXX/backup/proc/
etc.

As some platforms / users try to backup files like /var/dhcp.leases or
/boot/cmdline.txt it means we can't use that solution.

Link: http://lists.openwrt.org/pipermail/openwrt-devel/2024-February/042320.html
Link: https://lore.kernel.org/linux-fsdevel/67bb0571-a6e0-44ea-9ab6-91c267d0642f@gmail.com/T/#u
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:08:14 +01:00
Rafał Miłecki
7bffa8ab10 Revert "base-files: sysupgrade: include uci-defaults script disabling services"
This reverts commit bf304d10e9.

That uci-defaults script worked great but generating it required
mounting root dir as overlay lowerdir that needs to be reverted.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:08:04 +01:00
Hauke Mehrtens
5df7a78e82 wifi-scripts: Support HE Iftypes with multiple entries
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
    HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-02-22 21:45:44 +01:00
Yegor Yefremov
62acd9a2f9 dnsmasq: rework network interface ignore
In some situations (slow protocol or interfaces with auto 0), the
interfaces are not available during the dnsmasq initialization and
hence, the ignore setting will be skipped.

Install an interface trigger for ignored interfaces in case their
ifname cannot be resolved.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-02-22 09:17:25 +01:00
Jo-Philipp Wich
97ad8501ad ucode: update to Git HEAD (2024-02-21)
ee4af9b55cb4 vm: rework object iteration
a275399dd8e2 uci: refactor uci.changes() to match documentation
ba3855ae3775 lib: fix documentation typo for `pop()` function

Fixes: https://github.com/jow-/ucode/issues/188
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-02-22 09:17:25 +01:00
Mantas Pucka
44168fda78 qualcommax: ipq60xx: Add 8devices Mango DVK
8devices Mango DVK is a single board computer / devkit for 8devices Mango
system-on-module (SoM).

Specifications:
* CPU: Qualcomm IPQ6010 Quad core Cortex-A53 1.8GHz
* RAM: 512 MB
* Storage:
    * 32 MB serial NOR flash (on SoM)
    * 256 MB parallel NAND flash (on DVK)
* Ethernet:
    * 2x1G RJ45 ports(QCA8072 or QCA8075)
    * 1x2.5G RJ45 port (QCA8081)
    * 1xSFP (shares SGMII with QCA8081)
* Switch: Qualcomm Atheros IPQ6010
* WLAN:
    * 2.4GHz: QCN5121 2x2 802.11b/g/n/ax 574 Mbps PHY rate
    * 5GHz: QCN5152 2x2 802.11a/n/ac/ax 1201 Mbps PHY rate
* USB:
    * 1x USB3.0 Type-A port
    * 1x USB2.0 available at mini PCIe slot
* PCIe: 1x mini PCIe slot 1xLane Gen3 (8GT/s)
* SD/eMMC (on a single shared bus - only one can be active):
    * micro SD slot
    * eMMC module connector
* LEDs:
    * Green power led (not controllable)
    * Green 2.4GHz radio led (GPIO 67)
    * Green 5GHz radio led (GPIO 66)
* Buttons:
    * 1x (WPS GPIO79) button
* GPIOs: 2.54mm header brings out 18 GPIOs (1.8V level)
* UART: 4-pin UART header (3.3V level)
    * 115200 8N1, 3.3V-Tx-Rx-GND (3.3V is pin 1 close to boot-switch SW2)
* Power:
    * PoE IN on 2.5G port (passive 24-48V)
    * DC power terminal (12-58V)

Installation instructions:

Vendor image format is compatible with squashfs-sysupgrade image. Run:

sysupgrade -n -F openwrt-qualcommax-ipq60xx-8devices_mango-dvk-squashfs-sysupgrade.bin

Signed-off-by: Mantas Pucka <mantas@8devices.com>
2024-02-21 21:42:23 +01:00
Mantas Pucka
10ba730b7b ipq-wifi: add support for 8devices Mango board
Add support for .ipq6018 BDF suffix and add Mango board entry

Signed-off-by: Mantas Pucka <mantas@8devices.com>
2024-02-21 21:42:23 +01:00
Mantas Pucka
03935cf7de ipq-wifi: update to Git HEAD (2024-02-19)
1cc59e1 ipq6018: add 8devices Mango BDF
10279cc ipq40xx:Add support for Netgear LBR20 with two BDF's

Signed-off-by: Mantas Pucka <mantas@8devices.com>
2024-02-21 21:42:23 +01:00
Mantas Pucka
586a051d4d ath11k-firmware: add wifi firmware for ipq6018
So far only stable FW is v2.4. It exists in a different
git repo, so add custom download routine.

Signed-off-by: Mantas Pucka <mantas@8devices.com>
2024-02-21 21:42:23 +01:00
Mantas Pucka
aa6cc0a52b mac80211: ath11k: disable coldboot for ipq6018
Coldboot calibration does not work at the moment and causes failure during
wifi startup.

Signed-off-by: Mantas Pucka <mantas@8devices.com>
2024-02-21 21:42:23 +01:00
Mantas Pucka
d08d53346b qca-ssdk: support selecting PCS channel for PORT3 on IPQ6018
When QCA8072 is used in PSGMII mode with IPQ6018, PCS used for second
PHY port would overlap with one used by SGMII+ port. SoC has register
to select different PCS in such case.

Original code used PHY_ID for this decision, which also had other
issues, but is no longer viable since we moved to upstream QCA807x
driver.

Introduce DT property port3_pcs_channel to allow describing this in DT.
Default value is <2>, and for some QCA8072 designs <4> would be needed.

Signed-off-by: Mantas Pucka <mantas@8devices.com>
2024-02-21 21:42:23 +01:00
Felix Fietkau
2a752ff028 mac80211: add a fix for racy drv_sta_rc_update calls
Fixes potential crash issues in mt76 and other drivers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-21 15:28:53 +01:00
Marius Durbaca
4821cb24ed uboot-rockchip: add Radxa CM3 IO board support
Add support for the Radxa CM3 IO board.

Reviewed-by: Tianling Shen <cnsztl@immortalwrt.org>
Signed-off-by: Marius Durbaca <mariusd84@gmail.com>
2024-02-21 13:29:26 +01:00
Marius Durbaca
eec0bec630 rkbin: add rk3566 atf/tpl blobs
Currently there are no atf/tpl blobs for rk3566 SoCs
so this commit adds the prebuilt firmware from the vendor.

Signed-off-by: Marius Durbaca <mariusd84@gmail.com>
2024-02-21 13:29:26 +01:00
Felix Fietkau
95e633efbd mac80211: add AQL support for broadcast/multicast packets
Should improve performance/reliability with lots of mcast packets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-21 10:56:22 +01:00
Robert Marko
fb45887e85 mac80211: update to 6.6.15
Update backports to the latest 6.6 point release.

Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-21 10:56:22 +01:00
Tianling Shen
afca1236f3 rockchip: add NanoPi R4S Enterprise Edition build
FriendlyElec renamed the NanoPi R4S board with EEPROM (mac address)
to "enterprise" edition, and it was added as a "new" board in upstream
kernel.

This patch switched to use that upstreamed dts and removed local
EEPROM patch.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-02-19 20:52:06 +01:00
Tianling Shen
23cb2b1636 uboot-rockchip: add NanoPi R2C Plus support
Add support for the FriendlyARM NanoPi R2C Plus.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-02-19 16:23:32 +01:00
Rafał Miłecki
bf304d10e9 base-files: sysupgrade: include uci-defaults script disabling services
Disabled services should be kept disabled after sysupgrade. This can be
easily handled using a proper uci-defaults script.

Extend sysupgrade to check for disabled services, generate uci-defaults
script disabling them and include it in backup.

Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2024-02-19 13:53:14 +01:00
Rafał Miłecki
4fa9aaf0be base-files: sysupgrade: always setup overlay when creating backup
Setting overlay while creating backup allows including extra files in
archive without actually writing them to flash. Right now this feature
is limited to /etc/backup/ directory and is used only for including
installed_packages.txt.

Extend this solution to make it more generic:
1. Always mount overlay while creating backup
2. Overlay whole / to don't limit it to /etc/backup/

This allows including any additional files in backups and adding more
sysupgrade features.

Cc: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-19 13:53:14 +01:00
Luiz Angelo Daros de Luca
700907bc63 base-files: sysupgrade: always cleanup after backups
When tar was failing, it was exiting immediately. Some files and the
tmpfs mount (-k) would remain breaking the next backup attempt.

Also remove redundant $? from exit builtin call as exit already returns
the last command exit code when called.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2024-02-19 12:41:40 +01:00
Luiz Angelo Daros de Luca
14ac91c68c base-files: sysupgrade: do not hide tar errors
tar stderr was probably discarded only to remove this message:

  tar: removing leading '/' from member names

However, together with that, any other error would also be discarded.
It is easier to fix that allowing the error message to be printed.

In sysupgrade, the backup file list only uses absolute paths. That way,
the solution is to remove the leading '/' from all files (sed) and chdir
to / (option -C /)

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2024-02-19 12:41:40 +01:00
Janusz Dziedzic
a56292d9f5 linux-firmware: intel: add BE200 wifi firmware
Add option to install Intel BE200 firmware
required by iwlwifi driver and Wifi7 hardware.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2024-02-18 13:49:12 +01:00
Seo Suchan
6b904fa95b ca-certificates: update to version 20240203
Update Mozilla certificate authority bundle to version 2.64

Signed-off-by: Seo Suchan <tjtncks@gmail.com>
2024-02-18 11:49:04 +01:00
Eneas U de Queiroz
472312f83f
wifi-scripts: fix FILS AKM selection with EAP-192
Fix netifd hostapd.sh selection of FILS-SHA384 algorithm with eap-192.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2024-02-17 08:36:48 -03:00
Rosen Penev
24d3eb7629
lua5.3: backport CVE fix
Also refreshed some patches

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2024-02-17 01:55:49 +01:00
Rosen Penev
78b0106f7d
lua: fix CVE-2014-5461
Patch taken from Debian.

Refresh patches

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2024-02-17 01:55:21 +01:00
Daniel Golle
f96289ddff uboot-mediatek: bpi-r3-mini: fix typo in bootmenu
Fix typo in eMMC bootmenu.

Fixes: bc25519f98 ("uboot-mediatek: add builds for BananaPi BPi-R3 mini")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-16 13:56:01 +00:00
Daniel Golle
ae1c0f1b15 mediatek: filogic: bpi-r3-mini: fix NAND flash layout
Fix NAND flash layout which was out-of-sync with the definition in
ARM TrustedFirmware-A which expects UBI to start at 0x200000.

Fixes: b03d3644cf ("mediatek: filogic: add BananaPi BPi-R3 mini")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-16 05:40:14 +00:00
Daniel Golle
b03d3644cf mediatek: filogic: add BananaPi BPi-R3 mini
Hardware specification
----------------------
 SoC: MediaTek MT7986A 4x A53
 Flash: 128MB SPI-NAND, 8GB eMMC
 RAM: 2GB DDR4
 Ethernet: 2x 2.5GbE (Airoha EN8811H)
 WiFi: MediaTek MT7976C 2x2 2.4G + 3x3 5G
 Interfaces:
  * M.2 Key-M: PCIe 2.0 x2 for NVMe SSD
  * M.2 Key-B: USB 3.0 with SIM slot
  * front USB 2.0 port
 LED: Power, Status, WLAN2G, WLAN5G, LTE, SSD
 Button: Reset, internal boot switch
 Fan: PWM-controlled 5V fan
 Power: 12V Type-C PD

Installation instructions for eMMC
----------------------------------
0. Set boot switch to boot from SPI-NAND (assuming stock rom or immortalwrt
   running there).
1. Write GPT partition table to eMMC
   Move openwrt-mediatek-filogic-bananapi_bpi-r3-mini-emmc-gpt.bin to
   the device /tmp using scp and write it to /dev/mmcblk0:
    dd if=/tmp/openwrt-*-r3-mini-emmc-gpt.bin of=/dev/mmcblk0
2. Reboot (to reload partition table)
3. Write bootloader and OpenWrt images
   Move files to the device /tmp using scp:
    - openwrt-*-bananapi_bpi-r3-mini-emmc-preloader.bin
    - openwrt-*-bananapi_bpi-r3-mini-emmc-bl31-uboot.fip
    - openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb
    - openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb
   Write them to the appropriate partitions:
    echo 0 > /sys/block/mmcblk0boot0/force_ro
    dd if=/tmp/openwrt-*-bananapi_bpi-r3-mini-emmc-preloader.bin of=/dev/mmcblk0boot0
    dd if=/tmp/openwrt-*-bananapi_bpi-r3-mini-emmc-bl31-uboot.fip of=/dev/mmcblk0p3
    dd if=/tmp/openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb of=/dev/mmcblk0p4
    dd if=/tmp/openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb of=/dev/mmcblk0p5
    sync

4. Remove the device from power, set boot switch to eMMC and boot into
   OpenWrt. The device will come up with IP 192.168.1.1 and assume the
   Ethernet port closer to the USB-C power connector as LAN port.

5. If you like to have Ethernet support inside U-Boot (eg. to boot via
   TFTP) you also need to write the PHY firmware to /dev/mmcblk0boot1:
    echo 0 > /sys/block/mmcblk0boot1/force_ro
    dd if=/lib/firmware/airoha/EthMD32.dm.bin of=/dev/mmcblk0boot1
    dd if=/lib/firmware/airoha/EthMD32.DSP.bin bs=16384 seek=1 of=/dev/mmcblk0boot1

Installation instructions for NAND
----------------------------------
0. Set boot switch to boot from eMMC (assuming OpenWrt is installed there
   by instructions above. Using stock rom or immortalwrt does NOT work!)

1. Write things to NAND
   Move files to the device /tmp using scp:
    - openwrt-*-bananapi_bpi-r3-mini-snand-preloader.bin
    - openwrt-*-bananapi_bpi-r3-mini-snand-bl31-uboot.fip
    - openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb
    - openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb
   Write them to the appropriate locations:
    mtd write /tmp/openwrt-*-bananapi_bpi-r3-mini-snand-preloader.bin /dev/mtd0
    ubidetach -m 1
    ubiformat /dev/mtd1
    ubiattach -m 1
    volsize=$(wc -c < /tmp/openwrt-*-bananapi_bpi-r3-mini-snand-bl31-uboot.fip)
    ubimkvol /dev/ubi0 -N fip -n 0 -s $volsize -t static
    ubiupdatevol /dev/ubi0_0 /tmp/openwrt-*-bananapi_bpi-r3-mini-snand-bl31-uboot.fip
    cd /lib/firmware/airoha
    cat EthMD32.dm.bin EthMD32.DSP.bin > /tmp/en8811h-fw.bin
    ubimkvol /dev/ubi0 -N en8811h-firmware -n 1 -s 147456 -t static
    ubiupdatevol /dev/ubi0_1 /tmp/en8811h-fw.bin
    ubimkvol /dev/ubi0 -n 2 -N ubootenv -s 126976
    ubimkvol /dev/ubi0 -n 3 -N ubootenv2 -s 126976
    volsize=$(wc -c < /tmp/openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb)
    ubimkvol /dev/ubi0 -n 4 -N recovery -s $volsize
    ubiupdatevol /dev/ubi0_4 /tmp/openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb
    volsize=$(wc -c < /tmp/openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb)
    ubimkvol /dev/ubi0 -n 4 -N recovery -s $volsize
    ubiupdatevol /dev/ubi0_4 /tmp/openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb

3. Remove the device from power, set boot switch to NAND, power up and
   boot into OpenWrt.

Partially based on immortalwrt support for the R3 mini, big thanks for
doing the ground work!

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
5a2eb8082f kernel: add driver for Airoha EN8811H PHY as module
Add PHY driver for Airoha EN8811H PHY and package it as kernel module.
The PHY needs to load firmware from rootfs, so there is no point in
having the driver built-into the kernel.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
bc25519f98 uboot-mediatek: add builds for BananaPi BPi-R3 mini
The R3 mini comes with two Airoha EN8811H PHYs for 2.5G Ethernet.
The driver added to U-Boot expects the firmware for the PHY to be
stored inside UBI volume en8811h-fw or MMC boot1 hardware partition.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
adb1e30b7e linux-firmware: package firmware for Airoha EN8811H PHY
Add package with firmware for Airoha EN8811H 2.5G Ethernet PHY which
needs to be loaded via MDIO before the PHY can be used.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
1e58ce7652 firmware: package firmware for built-in 2.5G PHY on MT7988
Firmware for the built-in 2.5G Ethernet PHY of the MediaTek MT7988 SoC
is now part of linux-firmware, so we can package it.
Only a single file is needed with recent driver.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
6aec3c7b5b mediatek: mt7622: modernize Linksys E8450 / Belkin RT3200 UBI build
Move fip and factory into UBI static volumes.
Use fitblk instead of partition parser.

 !! RUN INSTALLER FIRST !!
Existing users of previous OpenWrt releases or snapshot builds will
have to **re-run the updated installer** before upgrading to firmware
after this commit.
DO NOT flash or run even just the initramfs image unless you have
run the updated installer which moves the content of the 'factory'
partition into a UBI volume.

tl;dr: DON'T USE YET!

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
41c053141e mediatek: mt7622: convert unifi6lr-v{1,2,3}-ubootmod to fitblk
No bootloader changes needed in this case, smooth transition.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
208f6c1232 mediatek: mt7622: convert BPi-R64 to all-UBI layout and fitblk
Modernize bootloader and flash memory layout of the BPi-R64 similar to
how it has also been done for the BPi-R3.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
8f9b10d917 arm-trusted-firmware-mediatek: add UBI-enabled builds for MT7622
Use custom UBI start address 0x80000 on MT7622 which is more than
enough for a single bl2 (MT7622 BootROM doesn't support redundant bl2).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
8afce4893b uboot-envtools: mediatek_filogic: update bpi-r3
Unify env configuration now that BPi-R4 and BPi-R3 both use fitblk.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
033db3a95d uboot-mediatek: bpi-r3: all-UBI NAND layout, use fitblk
Modernize U-Boot to provide a better reference:
 * store fip image in UBI now that TF-A supports that
 * switch from uImage.FIT partition parser to new fitblk
   virtual firmware block driver (root=/dev/fit0)
 * automatically set root device according to boot_mode register

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
91b55ca4c8 arm-trusted-firmware-mediatek: add mt7986-spim-nand-ubi-ddr4
Add UBI-enabled build for MT7986 with SPIM-NAND and DDR4 for use with
the BananaPi R3 board.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
1192554d56 uboot-envtools: filogic: add support for BananaPi R4
Add environment settings for the BananaPi BPI-R4 router board which
can boot from (and store its bootloader environment on) micro SD card,
SPI-NAND and eMMC.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
13ddc65b2c uboot-envtools: filogic: de-duplicate UBI env settings
Use function instead of duplicating the env settings on UBI for
OpenWrt-built U-Boot over and over.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Daniel Golle
74a8f416f4 uboot-mediatek: update to U-Boot 2024.01 release
Rebase local patches on top of quarterly timed release, allowing to
drop numerous patches which have been accepted upstream since the
release of U-Boot 2023.07.02.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:06:37 +00:00
Daniel Golle
54f99ebe5c uboot-mediatek: add build for BPi-R4
Add build for the BananaPi R4 board which can boot from micro SD,
SPI-NAND or eMMC.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:06:37 +00:00
Daniel Golle
b165d451bd uboot-mediatek: mt7988: set rootdisk according to boot device
If nodes /chosen/rootdisk-${bootdevice} exists, set /chosen/rootdisk
phandle according to boot device selected by the bootstrap pins.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:06:37 +00:00
Daniel Golle
89fcf211cb uboot-mediatek: fix MMC erase timeout
When erasing large amounts of blocks at once this can take a long
time on slow cards. Instead of a fixed timeout, wait longer if more
blocks are being erased.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:06:37 +00:00
Daniel Golle
927334a8f7 uboot-mediatek: add basic build for ZBT-WG3526 (MT7621, 16M SPI-NOR)
Add basic U-Boot drop-in replacement compatible with the flash layout
of the vendor loader of the Zbtlink WG3526 (16M) MT7621 router board.
The idea here is a to have a reference build of uboot-mediatek also for
a simple MIPS boards more popular than MT7621 RFB.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:06:37 +00:00
Daniel Golle
ddcc8f9f4e package: add fitblk util to release /dev/fit* devices
Add minimalistic tool to allow releasing /dev/fit* devices which is
needed on sysupgrade when using the fitblk driver.
The package is hidden in menuconfig, it should only be selected by
adding it to the default package selection of boards using it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:06:36 +00:00
Daniel Golle
7cecabbe34 arm-trusted-firmware-mediatek: use UBI on new NAND targets
Make use of recently added UBI support in MediaTek's ARM
TrustedFirmware-A on new MT7988 SoC.

Load fip from static UBI volume instead of fixed offset on SPIM-NAND
and SNFI.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:06:36 +00:00
Daniel Golle
c55c56b3fd arm-trusted-firmware-mediatek: set HIDDEN=y
Hide arm-trusted-firmware-mediatek packages from interactive config.
Exposing them only causes confusion and needed variants are anyway
selected as dependencies by uboot-mediatek packages.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:06:36 +00:00
Chukun Pan
b61ecb7d75 ipq807x: add support for CMCC RM2-6
Hardware specifications:
  SoC: Qualcomm IPQ8070A
  RAM: 512MB of DDR3
  Flash: 256MB Micron NAND
  Ethernet: 2x 1G RJ45 port
  WiFi1: QCN5024 2x2 2.4GHz
  WiFi2: QCN5054 2x2 5GHz
  Fan: 1x GPIO controlled
  Button: Reset, WPS

Flash instructions:
  Upload factory.bin in stock firmware's upgrade page.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2024-02-15 18:44:35 +01:00
Robert Marko
588b5df50a qca-ssdk: drop not used Malibu PHY patch
Now that Malibu (QCA807x) PHY-s use an upstream driver we dont need support
for defining address of the first PHY in the package so drop the patch.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-02-15 18:25:48 +01:00
Petr Štetiar
79888f9127
ugps: update to Git HEAD (2024-02-14)
69561a074d6f ugps: add quality measurement parameters

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2024-02-14 10:02:25 +00:00
Felix Fietkau
2a2abed0be wifi-scripts: create the wlan object in board_data if not present
Fixes an error in wifi detection

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-13 19:26:58 +01:00
Jo-Philipp Wich
7a1fac2dda ucode: update to Git HEAD (2024-02-13)
7e5830edfb38 nl80211: fix datatype of NL80211_BAND_IFTYPE_ATTR_HE_CAP_{MAC,PHY} attrs
5c8fd34bac42 nl80211: fix parsing of NL80211_BAND_ATTR_VHT_MCS_SET attribute
e8d4e4fe967d nl80211: fix decoding of NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET attribute
30a3f7ad0433 rtnl: store callback in listener registry only on success
9cbe8294909f rtnl: optimize reception of rtnl events
534417132e18 rtnl: increase event socket rx buffer size limit to 1 MiB
3f9811d2f7b7 compiler: close upvalues on loop control statements

Fixes: https://github.com/jow-/ucode.git/issues/187
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-02-13 17:16:04 +01:00
Nick Hainke
c47b7571f0 libxml2: update to 2.12.5
Release Notes:
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5

Fixes: CVE-2024-25062
Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-02-13 12:34:56 +01:00
Nick Hainke
a42075435a binutils: update to 2.42
Refresh patch:
- 001-replace-attribute_const.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-02-12 23:41:03 +01:00
Sander Vanheule
6f83a708c8 base-files: move uci_set_poe() to uci-defaults.sh
PoE devices in the realtek target have the possibility to add PSE info
to the board description via 02_network. Make this available for all
targets, by moving the uci_set_poe() function to the globally available
uci-default.sh script.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2024-02-12 20:46:51 +01:00
Christian Marangi
dfc1e8cfee
qca-ssdk: drop deprecated Xiaomi LEDs quirk patch
Drop deprecated Xiaomi LEDs quirk patches as they are not needed anymore
as LEDs are now supported by the upstream qca807x driver.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-02-11 21:15:31 +01:00
Christian Marangi
c8aded65c1
qca-ssdk: add patch to support detection of PSGMII mode for PHY
If a PHY doesn't use the integrated driver, SSDK use poll the phydev to
get the real PHY mode. qca807x use PSGMII as PHY mode and this specific
mode is not detected in qca SSDK while used in the entire driver.

Add support for it in the hsl_port_phydev_interface_mode_status_get
function used to translate PHY mode to the internal SSDK value.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-02-11 21:12:29 +01:00
Christian Marangi
8d7f747757
qca-ssdk: disable Malibu PHY in favor of upstream version
Disable Malibu PHY driver in Qca SSDK in favor of the upstream version.
The same workaround are applied and the version upstream is just a drop
in replacement and is well tested from the ipq40xx target.

Also using the upstream version permits further support for LEDs.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-02-11 21:09:34 +01:00
Shiji Yang
3b74ae780c uboot-envtools: backport some usefull patches from v2024.04-rc1
Highlights:
- Silence small page read warning.
- Autodetect NAND erase size and env sectors.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2024-02-11 10:48:59 +01:00
Robert Marko
a79efe4cdf
qca-ssdk: add support for ipq60xx
IPQ60xx uses a different codename for SSDK, so lets pass the correct one
as otherwise SSDK asumes we are building for the old MIPS SoC-s.

Signed-off-by: Robert Marko <robimarko@gmail.com>
[ drop outdated commit description info ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-02-09 14:01:51 +01:00
Nick Hainke
5a016cc3af uboot-envtools: update to 2024.01
Update to latest version.

Refresh patches:
- 002-Revert-tools-env-use-run-to-store-lockfile.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-02-09 13:55:18 +01:00
Felix Fietkau
2b4941a6f1 wifi-scripts: fix fullmac phy detection
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.

Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-09 12:18:59 +01:00
Konstantin Demin
3f96246e97 dropbear: better handle interfaces
- introduce 'DirectInterface' option to bind exactly to specified interface;
  fixes #9666 and late IPv4/IPv6 address assignment
- option 'DirectInterface' takes precedence over 'Interface'
- improve interface/address handling,
  e.g. verify count of listening endpoints due to dropbear limit (10 for now)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
865ae1c10c dropbear: better handle receive window size
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog

improves f95eecfb

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
05100d8651 dropbear: adjust file permissions
runtime:
- adjust ownership/permissions while starting dropbear
build time:
- correct file permissions for preseed files in $(TOPDIR)/files/etc/dropbear/ (if any)

closes #10849

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
a97e0dad6e dropbear: 'rsakeyfile' -> 'keyfile' transition
end users should have done this since OpenWrt 19.07.
if they didn't do this yet - perform auto-transition.

schedule 'rsakeyfile' removal for next year release.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
ff1ccd85e8 dropbear: failsafe: handle all supported key types
dropbear may be configured and compiled with support for different host key types

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
55218bcedb dropbear: minor config reorder
move DROPBEAR_ASKPASS under DROPBEAR_DBCLIENT (in all meanings)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
c87a192386 dropbear: split U2F/FIDO support
these options allow one to configure U2F/FIDO support in more granular way

inspired by upstream commit aa6559db

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
bf900e02c7 dropbear: add option to enable modern crypto only
reduces binary/package size and increases overall performance

also:
- adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
  to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
88c8053d47 dropbear: adjust allowed shell list
this takes an effect only if getusershell(3) is missing

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
7f6fcaa3bf dropbear: honor CONFIG_TARGET_INIT_PATH
fixes 65256aee

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
2d9a0be307 dropbear: disable two weak kex/mac algorithms
hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms.
A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1]

It has no place in a potentially internet-facing daemon like dropbear.
Upstream has acknowledged this and offered this solution to disable
these two until this is made to be the default in the next release
of dropbear next year. [2]

1. https://www.openssh.com/txt/release-8.2
2. https://github.com/mkj/dropbear/issues/138

Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
0b277f8659 dropbear: minor config clarification
- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
  and DROPBEAR_DBCLIENT_AGENTFORWARD:
  describe why and where it should be disabled

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
fa849fd411 dropbear: better object cleanup
improves b78aae79

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
f2b2293663 dropbear: allow more complex configuration
- switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists:
  this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG
  which is more likely to be than values with commas;
  use $(comma) variable for values with commas.
- sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list.
- allow DB_OPT_COMMON to have values with commas.
- allow to replace multiline definitions in sysoptions.h.

improves e1bd9645

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
b5cde26048 dropbear: cherry-pick upstream patches
critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)

various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels

adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
d4dfb566e2 dropbear: bump to 2022.83
- update dropbear to latest stable 2022.83;
  for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop patches:
  - 001-fix-MAX_UNAUTH_CLIENTS-regression.patch
- rework patches:
  - 901-bundled-libs-cflags.patch
- refresh remaining patches

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Stephen Howell
d274867c21 lldpd: add option to force EDP
allow EDP support if compiled and add force EDP option

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
8b2d02e48c lldpd: only use snmp options when compiled in
prevent SNMP options being passed unless lldpd supports them

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
1b36d44323 lldpd: Update Makefile package release
increment Makefile package release to reflect changes to init script

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
a5f715da71 lldpd: add option for tx delay and tx hold
add option to set LLDP transmit delay, hold timers to set update frequency

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
4159acceeb lldpd: add option to set system platform
add option to override system platform instead of using kernel name

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
4ac134aa78 lldpd: add option to force SONMP enabled
add option to force SONMP to be enabled even when no peer detected

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
1be2088a52 lldpd: add option to force FDP on
add option to force FDP when no peers detected

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
b67182008f lldpd: set CDP version and allow forcing CDP on
add option to specify CDPv1 or CDPv2 and separately enable or force each

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
61dbe756d8 lldpd: allow disabling LLDP protcol
add option to allow LLDP disabling while using other supported protocols

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
ac771313eb lldpd: add portidsubtype option
add option portidsubtype to correct port identifiers and descriptions

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
c98ee4dbb3 lldpd: add agent-type option
add option to set agent-type to control propogation

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
24176a6bdd lldpd: add LLDP MED options
add option to enable LLDP MED fast-start and set fast-start timer

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
1753498b01 lldpd: option to disable LLDP-MED inventory TLV
add option to disable LLDP-MED inventory TLV transmission

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
058f284b1a lldpd: Init adds no-version option
add option to disable advertising kernel version

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
ac3ed75309 lldpd: Allow neighbour filtering
add filter option to init script.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
064b4999ad lldpd: LLDPD binds to only specified interfaces
Bind to the configured system interfaces only. Switchport interfaces
are no longer ignored and uci interface values for LLDPD are honored.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
e483c247dc lldpd: Init config read on reload
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Nick Hainke
21ca43d28a strace: update to 6.7
Release Notes:
https://github.com/strace/strace/releases/tag/v6.7

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-02-07 20:13:06 +01:00
Florian Eckert
c6fabd0bc3 base-files/leds: add setting the LED color via uci
Add the possibility that colored LEDs can also be configured via the uci.

config led 'led1'
	option name '<name>'
	option sysfs '<path>'
	option trigger 'default-on'
	option default '1'
-->	option color_{$color} '<0-255>'

The supported names of the variable "${color}" for the selected LED can be
queried in the file with the name 'multi_index'.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2024-02-07 15:34:43 +01:00
Florian Eckert
3aa812d8be base-files/leds: merging code sequences that belongs together
Setting the trigger and checking whether the trigger can be set belong
together and should not be interrupted by other lines of code.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2024-02-07 15:34:43 +01:00
Florian Eckert
102855b3c1 base-files/leds: save led color value if available
There are monochrome LEDs that can only display one color. However, there
are also LEDs that can display multiple colors. This can be tested in the
led subsystem of the kernel if the files 'multi_index' and 'multi_intensity'
are present in the folder '/sys/class/leds/<ledname>'.

Until now it was not possible to reset the default color. This commit adds
the missing information in the file '/var/run/led.state' so that the bootup
color can be seen on the LED again when the LED configuration has been changed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2024-02-07 15:34:43 +01:00
Nick Hainke
1c02b874fa kexec-tools: update to 2.0.28
Release Notes:
- https://www.spinics.net/lists/kexec/msg32139.html
- https://www.spinics.net/lists/kexec/msg33447.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-02-06 12:10:05 +01:00
Felix Fietkau
4cd8ae67c5 wifi-scripts: fix copy&paste issue in metadata
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-06 10:47:22 +01:00
Álvaro Fernández Rojas
c9e6045032 kernel: modules: video: add missing video-mem2mem symbol
v4l2-mem2mem.ko needs CONFIG_V4L2_MEM2MEM_DEV symbol.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-02-05 18:25:16 +01:00
Álvaro Fernández Rojas
ee79da92dc kernel: modules: video: add missing video-videobuf2 symbol
videobuf2-v4l2.ko needs CONFIG_VIDEOBUF2_V4L2 symbol.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-02-05 18:25:16 +01:00
Álvaro Fernández Rojas
5c48b65738 kernel: modules: video: remove v4l2-common from video-core
v4l2-common.ko was merged into videodev.ko and no longer exists.

Fixes: ac5671f46c ("kernel: remove obsolete kernel version switches for 4.19")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-02-05 18:25:16 +01:00
Yuu Toriyama
b463737826 wireless-regdb: update to 2024.01.23
The maintainer and repository of wireless-regdb has changed.
    https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/

Changes:
    37dcea0 wireless-regdb: Update keys and maintainer information
    9e0aee6 wireless-regdb: Makefile: Reproducible signatures
    8c784a1 wireless-regdb: Update regulatory rules for China (CN)
    149c709 wireless-regdb: Update regulatory rules for Japan (JP) for December 2023
    bd69898 wireless-regdb: Update regulatory rules for Singapore (SG) for September 2023
    d695bf2 wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)
    4541300 wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
2024-02-04 18:47:07 +01:00
Felix Fietkau
114190d8ae mt76: update to Git HEAD (2024-02-03)
a9693e1979c2 linux-firmware: add firmware for MT7996
0258dc90e3a1 wifi: mt76: mt7603: fix reading target power from eeprom
3e81173d9e2b wifi: mt76: mt7603: initialize chainmask
786a339bac36 wifi: mt76: mt7996: fix fortify warning
bc37a7ebc267 wifi: mt76: mt7996: fix fw loading timeout
027bab6a88a3 wifi: mt76: usb: create a dedicated queue for psd traffic
e8909c610c3b wifi: mt76: usb: store usb endpoint in mt76_queue
8b3d96fa4ead wifi: mt76: mt792xu: enable dmashdl support
7864d7ad0ed0 wifi: mt76: mt76x2u: add netgear wdna3100v3 to device table
27c81f7c1480 wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band
b7443c63069a wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band
bab721a65f5a wifi: mt76: mt7925: fix mcu query command fail
1f0f71ed81e8 wifi: mt76: mt7925: fix wmm queue mapping
bcfe2ad966f3 wifi: mt76: mt7925: fix fw download fail
f982c3d67a29 wifi: mt76: mt7925: fix WoW failed in encrypted mode
6a72716ec213 wifi: mt76: mt7925: fix the wrong header translation config
50928b7e1359 wifi: mt76: mt7925: add flow to avoid chip bt function fail
762ab4530e8f wifi: mt76: mt7925: add support to set ifs time by mcu command
87deaf82efa4 wifi: mt76: mt7925: update PCIe DMA settings
c190c1576522 wifi: mt76: mt7925: support temperature sensor
025d5734caba wifi: mt76: mt7996: check txs format before getting skb by pid
4768bfa2baca wifi: mt76: mt7996: fix TWT issues
a65e3eced907 wifi: mt76: mt7996: disable AMSDU for non-data frames
d71716d93aee wifi: mt76: mt7996: fix incorrect interpretation of EHT MCS caps
f21728f3f4bd wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands
68dad7dacd2a wifi: mt76: mt7996: fix HE beamformer phy cap for station vif
66a28f340cdc wifi: mt76: mt7996: mark GCMP IGTK unsupported
b47ad8a7764e wifi: mt76: mt7996: fix efuse reading issue
c2fc7dae7b72 wifi: mt76: mt7996: remove TXS queue setting
e0f1ed168ed5 wifi: mt76: mt7996: add locking for accessing mapped registers
d0cc92c1fd08 wifi: mt76: connac: set correct muar_idx for mt799x chipsets
ae0c62279adc wifi: mt76: mt7996: fix HIF_TXD_V2_1 value
ecc14276af54 wifi: mt76: mt792x: fix ethtool warning
9827df56b241 wifi: mt76: move wed common utilities in wed.c
dccbd2598505 wifi: mt76: mt7925: fix the wrong data type for scan command
9907f4f20261 wifi: mt76: mt792x: add the illegal value check for mtcl table of acpi
1b088a7ac06d wifi: mt76: mt7921e: fix use-after-free in free_irq()
f3c5b4820d7f wifi: mt76: mt7925e: fix use-after-free in free_irq()
d75eac9f5531 wifi: mt76: mt7921: fix incorrect type conversion for CLC command
7bd5401f5bb1 wifi: mt76: mt792x: fix a potential loading failure of the 6Ghz channel config from ACPI
ea55196bc4a0 wifi: mt76: mt792x: update the country list of EU for ACPI SAR
6124ea9135ed wifi: mt76: mt7921: fix the unfinished command of regd_notifier before suspend

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-03 16:21:16 +01:00
Felix Fietkau
e772b75d5d broadcom-wl: remove package
Also remove remaining wireless extension support, since this package
was the only in-tree user of it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-03 16:16:36 +01:00
Felix Fietkau
0e3f147574 wifi-scripts: add script to add phy capabilities to board.json
Useful for UI and config generators. Will be used as intermediate
step for generating the default wifi configuration

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-03 16:16:36 +01:00
Felix Fietkau
2716853132 wifi-scripts: add new package, move wifi scripts to a single place
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-03 16:16:36 +01:00
Tim Harvey
dd53aeaaa2
kernel: modules: video: fix video-coda for 6.1
The coda kernel modules were moved between 5.15 and 6.1.
Adapt the coda-vpu and imx-vdoa modules for that.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2024-02-02 17:31:44 +01:00
Tim Harvey
f91286a436
kernel: modules: video: fix drm-imx for 6.1
Linux 6.1 changed DRM_GEM_DMA_HELPER to a module (drm_dma_helper.ko).

Add this to the drm-imx to fix module dependencies.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2024-02-02 17:31:44 +01:00
Lech Perczak
93cc4f784d
kernel: modules: video: fix kmod-imx-pxp build for 6.1
Location of the module file was changed between 5.15 and 6.1. Adapt the
recipe for that.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2024-02-02 17:31:44 +01:00
Tim Harvey
76b0d24157
kernel: modules: video: fix video-core for 6.1
Linux 6.1 wraps core video drivers in a MEDIA_PLATFORM_DRIVERS submenu.
Enable that for 6.1 and add some new necessary undefines to
target/linux/generic/config-6.1 to avoid build failures.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2024-02-02 17:31:44 +01:00
Lech Perczak
6a78fb0a9e
kernel: modules: video: fix kmod-video-imx-ldb build under 6.1
drm_dp_aux_bus.ko isn't built or required anymore under kernel 6.1. Mark
that in the recipe.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2024-02-02 17:31:43 +01:00
Lech Perczak
92fb853bd7
kernel: modules: video: fix deps for kmod-drm-imx-hdmi for 6.1
kmod-drm-imx-hdmi depends on kmod-drm-display-helper since 6.1. Include
that in OpenWrt's recipes.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2024-02-02 17:31:43 +01:00
Nick Hainke
8456e84891 zlib: update to 1.3.1
Release Notes:
https://github.com/madler/zlib/releases/tag/v1.3.1

Refresh patch:
- 004-attach-sourcefiles-in-patch-002-to-buildsystem.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-02-02 17:26:29 +01:00
Daniel Kestrel
bb46f0484d lantiq: add support for AVM Fritzbox 7490
This adds support for the Fritzbox 7490 device. It contains two
SoCs, one Lantiq without WiFi and one QCA9558 with 2.4GHz
and 5 GHz WiFi. Only the Lantiq has access to the flash memory,
the Atheros runs fully from RAM and is booted by using a remoteproc
kernel module and is not supported with this commit.
The devices were manufactured with varying NAND chips which
requires Micron and non-Micron versions of the images.

Specifications:
 - SoC: Lantiq 500 MHz
 - RAM: 256 MB
 - Storage: 512 MB NAND, 1MB FLASH
 - Wireless, separate SOC QCA9558 with 128MB RAM (not supported yet):
   · Qualcomm-QCA9558 w/ 3×3 MIMO for 2.4GHz 802.11b/g/n
   · Qualcomm-QCA9880 w/ 3×3 MIMO for 5GHz 802.11a/ac
   · AG71xx ethernet
 - Ethernet: Built-in AR 803x, 7 port 4 phy switch,
   4x 1000/100/10 port, Port 5 is fixed and connected to the WASP SOC
 - Renesas µPD720202 USB3 PCIe, requires firmware binary on the device
 - VDSL2 modem

Unsupported:
 - DECT and ISDN telephony

Installation:
Check which NAND the device has by using the following procedure with
stock firmware:
Go to to http://<fritzbox_ip>/support.lua, download the support data
file and search for string "NAND device" to get the manufacturer kernel
output.
Use Micron image if Micron is displayed otherwise the non-Micron image.
Use the eva_ramboot.py script to boot the initramfs image. Follow the
procedure to interrupt booting by ftp into 192.168.178.1 within
5 seconds after poweron.
Then transfer the sysupgrade image to the device and run sysupgrade to
flash it to the NAND.
For making USB work, an renesas xhci firmware file (e.g. v2026) is
needed and it should be copied to /lib/firmware/ (file name
renesas_usb_fw.mem).

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2024-02-02 15:07:07 +01:00
David Bentham
d8f4453bf2 mediatek: add Comfast CF-E393AX support
Comfast CF-E393AX is a dual-band Wi-Fi 6 POE ceiling mount access point.

Oem firmware is a custom openwrt 21.02 snapshot version.

We can gain access via ssh once we remove the root password.

Hardware specification:
  SoC: MediaTek MT7981A 2x A53
  Flash: 128 MB SPI-NAND
  RAM: 256MB DDR3
  Ethernet: 1x 10/100/1000 Mbps built-in PHY (WAN)
            1x 10/100/1000/2500 Mbps MaxLinear GPY211C (LAN)
  Switch: MediaTek MT7531AE
  WiFi: MediaTek MT7976D
  LEDS: 1x (Red, Blue and Green)
  Button: Reset
  UART: 3.3v, 115200n8
  --------------------------
  | Layout |
  | ----------------- |
  | 4 | VCC GND TX RX | <= |
  | ----------------- |
  --------------------------

Gain SSH access:
1. Login into web interface (http://apipaddress/computer/login.html),
   and download the
   configuration(http://apipaddress/computer/config.html).

2. Rename downloaded backup config - 'backup.file to backup.tar.gz',
   Enter 'fakeroot' command then decompress the configuration:
   tar -zxf backup.tar.gz

3. Edit 'etc/shadow', update (remove) root password:
   With password =
   'root:$1$xf7D0Hfg$5gkjmvgQe4qJbe1fi/VLy1:19362:0:99999:7:::'
   'root:$1$xf7D0Hfg$5gkjmvgQe4qJbe1fi/VLy1:19362:0:99999:7:::'
   to
   Without password =
   'root::0:99999:7:::'
   'root::0:99999:7:::'

4. Repack 'etc' directory back to a new backup file:
   tar -zcf backup-ssh.tar.gz etc/
5. Rename new config tar.gz file to 'backup-ssh.file'
   Exit fakeroot - 'exit'

6. Upload new configuration via web interface, now you
   can SSH with the following:

   'ssh -vv -o HostKeyAlgorithms=+ssh-rsa \
   -o PubkeyAcceptedAlgorithms=+ssh-rsa root@192.168.10.1'.

   Backup the mtd partitions
   - https://openwrt.org/docs/guide-user/installation/generic.backup

7. Copy openwrt factory firmware to the tmp folder to install via ssh:

   'scp -o HostKeyAlgorithms=+ssh-rsa \
   -o PubkeyAcceptedAlgorithms=+ssh-rsa \
   *-mediatek-filogic-comfast_cf-e393ax-squashfs-factory.bin \
   root@192.168.10.1:/tmp/'

   'sysupgrade -n -F \
   /tmp/*--mediatek-filogic-comfast_cf-e393ax-squashfs-factory.bin'

8. Once led has stopped flashing - Connect via ssh with the
   default openwrt ip address - 'ssh root@192.168.1.1'

9. SSH copy the openwrt sysupgrade firmware and upgrade
   as per the default instructions.

Signed-off-by: David Bentham <db260179@gmail.com>
2024-02-02 13:01:38 +01:00
Ivan Pavlov
44cd90c49a openssl: update to 3.0.13
Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]

  * Fixed PKCS12 Decoding crashes
    ([CVE-2024-0727])
  * Fixed Excessive time spent checking invalid RSA public keys
    ([CVE-2023-6237])
  * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
    CPUs which support PowerISA 2.07
    ([CVE-2023-6129])
  * Fix excessive time spent in DH check / generation with large Q parameter
    value ([CVE-2023-5678])

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
2024-02-02 08:46:52 +03:00
Daniel Golle
7eee094f01 uhttpd: bump PKG_RELEASE
Bump PKG_RELEASE which should have been done by commit 7b1c3068b7
("uhttpd: restart when interface to listen becomes available").

Fixes: 7b1c3068b7 ("uhttpd: restart when interface to listen becomes available")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-02 04:22:17 +00:00
Chukun Pan
dbe2a0c091
kernel: move gpio packages to gpio menu
Move gpio packages to the 'GPIO support' menu.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2024-02-01 17:04:54 +01:00
Chukun Pan
3d24668f99
kernel: modules: move gpio modules to gpio menu
Since we have the 'GPIO support' menu, it is strange to look up
gpio related modules in 'Other modules' menu. So move these
modules and put them in the gpio menu.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2024-02-01 17:04:54 +01:00
Chukun Pan
45554ffb96
kernel: modules: gpio.mk: renamed from gpio-cascade.mk
This can be used to place the gpio module, so rename it.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2024-02-01 17:04:51 +01:00
Chad Monroe
5a3f6c50ef
ucode: add libjson-c/host dependency
ensure host libjson-c is built prior to ucode

Signed-off-by: Chad Monroe <chad@monroe.io>
2024-02-01 16:22:11 +01:00
Daniel Golle
efcc100ef0 base-files: upgrade: nand.sh: mute umount error
Send error output of umount to /dev/null to mute error in case
ubiblock device has already been unmounted (which is usually the
case).
Gets rid of bogus error message:
umount: can't unmount /dev/ubiblock0_4: Invalid argument

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-01 00:52:54 +00:00
Daniel Golle
7b1c3068b7 uhttpd: restart when interface to listen becomes available
Currently uhttpd won't start with a listening interface configured if
the interface isn't already up at the time uhttpd starts. Make sure we
attempt to start uhttpd when it comes up.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-01 00:52:54 +00:00
Nick Hainke
097f0f035e libbsd: update to 0.11.8
Changelog:
edddd80 Release libbsd 0.11.8
dd0bdb5 test: Close all descriptors before initializing them for closefrom()
0813f37 build: Check out-of-tree builds in CI
df116b5 Adjust strlcpy() and strlcat() per glibc adoption
ecb44e1 Do not add a pointer to the NULL constant
459b7f7 Do not confuse code analyzers with out-of-bounds array access look alike
a44f885 test: Fix short-lived memory leak
3f5ca0a build: Add a coverage regex to the CI job
9d3e59a man: Use VARIANTS instead of ALTERNATIVES in libbsd(7)
f02562d man: Markup function references with Xr instead of Fn
b7367c9 build: Add missing dash to macro title bar
6777eb6 pwcache: Do not declare uidtb and gidtb when not used
d4e0cdc fgetln: Include <stdio.h> after <sys/*>
f41d6c1 build: Refactor GNU .init_array support check into a new m4 function
30b48ed build: Refactor linker script detection into a new m4 function
d0d8d01 build: Do not provide prototypes for arc4random() on Solaris
cf61ebb build: Do not build the progname module if it is not needed
73b25a8 build: Sort entries alphabetically
5434ba1 build: Conditionalize wcslcpy() and wcslcat() functions on macOS
dc1bd1a build: Conditionalize only id-from-name functions not the entire pwcache
edc746e build: Conditionalize getprogname()/setprogname on macOS
8f998d1 progname: Include <procinfo.h> if available
d08163b build: Check whether we need libperfstat on AIX
1186cf8 build: Annotate droppable functions for musl on next SOVERSION bump
6385ccc build: Conditionalize bsd_getopt() on macOS
c120681 Move the version script comments before the symbols
9fa0676 Port getprogname() to AIX
92337b1 Make getprogname() porting mandatory
90b7f3a test: Do not use /dev/null as compiler output file
426bf45 build: Add generated *.sym files to .gitignore
21d12b0 build: On macOS do not build functions provided by the system
bc65806 build: Select whether to include funopen() in the build system
8b7a4d9 build: Move Windows OS detection to the OS features section
ccbfd1c build: Remove __MUSL__ definition from configure
e0976d7 build: Add a new libbsd_strong_alias() macro and switch users to it
49c7dd1 build: Only emit link warnings for ELF objects
8622767 build: Use an export symbols file if there is no version script support
8f61036 build: Add -no-undefined libtool flag
ae7942b build: Do not override the default DEPENDENCIES for libbsd
a5faf17 Only use <stdio_ext.h> if present
06e8a1b Define _NSIG if it is not defined by the system
44824ac Declare environ if the system does not do so
1fb6c3f Use lockf() when flock() is not available
fe16f38 test: Use open_memstream() only if available
7c652a9 test: Do not hardcode root:root user and group names
ed2eb31 test: Fix closefrom() test on macOS
0f8bcdf test: Fix closefrom() test to handle open file descriptor limits
07192b3 test: Disable blank_stack_side_effects() on non-Hurd systems
ca3db5e build: Do not enable ASAN for musl CI pipelines
ff46386 man: Add HISTORY section to arc4random(3bsd)
4c6da57 man: Switch arc4random(3bsd) man page from OpenBSD to NetBSD
830dd88 doc: Remove written-by attribution
257800a build: Add support for sanitizer compiler flags
536a7d4 test: Exempt blank_stack_side_effects() from sanitizer checks
7ed5de0 test: Import explicit_bzero() sanitizer support changes from OpenBSD
05a802a test: Fix memory leaks in fpurge test
5962e03 man: Fix BSD and glibc versions
59a21c7 man: Update STANDARDS and HISTORY sections
7b4ebd6 include: Adjust closefrom() per glibc adoption
0dfbe76 build: Switch to debian:latest Docker image
dec783d build: Fix version script linker support detection
fe21244 include: Use __has_builtin to detect __builtin_offsetof support
ec88b7b funopen: Replace off64_t with off_t in funopen_seek()
2337719 man: Prune unneeded <sys/types.h> include in setproctitle(3)
5dea9da build: Improve C99 compatibility of __progname configure check
b9bf42d build: Enable -Wall for automake
e57c078 build: Add missing AM_PROG_AR macro call to configure.ac
80f1927 build: Fix configure.ac indentation
b7a8bc2 build: Require automake 1.11
e508962 build: Do not require funopen() to be ported
00b538f build: Terminate lists in variables with «# EOL»
5cfa39e build: Use «yes» instead of «true» for AC_CHECK_FUNCS cache value

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-01-30 10:39:21 +01:00
orangepizza
920414ca88
mbedtls: security bump to version 2.28.7
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:

* Timing side channel in private key RSA operations (CVE-2024-23170)

  Mbed TLS is vulnerable to a timing side channel in private key RSA
  operations. This side channel could be sufficient for an attacker to
  recover the plaintext. A local attacker or a remote attacker who is
  close to the victim on the network might have precise enough timing
  measurements to exploit this. It requires the attacker to send a large
  number of messages for decryption.

* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)

  When writing x509 extensions we failed to validate inputs passed in to
  mbedtls_x509_set_extension(), which could result in an integer overflow,
  causing a zero-length buffer to be allocated to hold the extension. The
  extension would then be copied into the buffer, causing a heap buffer
  overflow.

Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
2024-01-29 09:28:41 +00:00
Álvaro Fernández Rojas
60ffcfdabc packages: drop bcm27xx-userland
bcm27xx-userland is deprecated and bcm27xx-utils should be used instead.
96a7334ae9

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-01-28 10:07:55 +01:00
Christian Marangi
7f0f838767
qca-ssdk: disable compiling qca8081 PHY driver in favor of upstream
Disable compiling qca8081 PHY driver in favor of upstream to better
support it and add better control of attached LEDs.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-01-27 19:04:11 +01:00
Álvaro Fernández Rojas
0c45d2cfc6 mac80211: brcm: fix warning on ARCH_BCM2835
Completely disable dump_survey code on ARCH_BCM2835 to fix defined but not
used warning.
512b762ddb (commitcomment-137899352)

Fixes: 512b762ddb ("mac80211: brcm: disable dump_survey on Raspberry Pi")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-01-27 10:30:47 +01:00
Felix Fietkau
5485d27f4d libubox: update to Git HEAD (2024-01-26)
6339204c212b CMakeLists.txt: bump minimum cmake version
c1be505732e6 udebug: fix crash in udebug_entry_vprintf with longer strings

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-26 21:08:07 +01:00
Álvaro Fernández Rojas
e5efc638a7 iwinfo: update to latest git HEAD
Adds MediaTek MT7916AN and Cypress CYW43455 (Raspberry Pi 5) devices.

a34977c devices: add device id for Cypress CYW43455
3eb34df devices: add device id for MediaTek MT7916AN

There are no ABI changes.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-01-26 18:29:54 +01:00
Álvaro Fernández Rojas
512b762ddb mac80211: brcm: disable dump_survey on Raspberry Pi
Enabling this causes slow iwinfo calls on Raspberry Pi and LuCI slows down
when wireless is enabled.
Fixes: https://github.com/openwrt/openwrt/issues/14013

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-01-26 18:29:22 +01:00
Álvaro Fernández Rojas
8dcc695633 mac80211: brcm: remove alternative DT firmware names patch
This patch has been reverted in the Raspberry Pi linux repository.
Also refresh the rest of the patches.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-01-26 18:29:22 +01:00
Christian Marangi
1b3259eb5c generic: 5.15: backport upstream Aquantia PHY firmware loader patches
Backport merged upstream patch that adds support for firmware loader
from NVMEM or attached filesystem for Aquantia PHYs.

Refresh all kernel patches affected by this change.

Also update the path for aquantia .ko that got moved to dedicated
directory upstream.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
[rmilecki: port to 5.15]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-01-26 17:52:24 +01:00
Felix Fietkau
e617fa33b5 mac80211: fix typo in getting path from board.json
Use json_get_vars in order to avoid getting bogus values when extra properties
are present

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-26 14:37:30 +01:00
Álvaro Fernández Rojas
a1364fcd09 bcm27xx: switch to bcm27xx-utils
bcm27xx-userland is now deprecated and utils should be used instead.
96a7334ae9

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-01-26 12:29:30 +01:00
Marty Jones
beccf65a93 linux-firmware: add Raspberry Pi 5 NVRAM
The RPi 5 expects the same NVRAM as the one from RPi 4 on a different file.

Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Reword commit description, add missing PKG_RELEASE bump]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-01-25 17:46:46 +01:00
Rany Hany
59f67b2010 hostapd: fail R0KH and R1KH derivation when wpa_psk_file is used
When wpa_psk_file is used, there is a chance that no PSK is set. This means
that the FT key will be generated using only the mobility domain which
could be considered a security vulnerability but only for a very specific
and niche config.

Signed-off-by: Rany Hany <rany_hany@riseup.net>
2024-01-25 20:02:40 +01:00
Jesus Fernandez Manzano
e2f6bfb833 hostapd: fix 11r defaults when using SAE
When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
2024-01-25 20:02:40 +01:00
Jesus Fernandez Manzano
cdc4c55175 hostapd: fix 11r defaults when using WPA
802.11r can not be used when selecting WPA. It needs at least WPA2.

This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.

Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
2024-01-25 20:02:40 +01:00
Felix Fietkau
195cf4b58d hostapd: remove obsolete function
Leftover from authsae, which was removed a long time ago

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-25 20:02:30 +01:00
Nick Hainke
aa06f68c52 libtracefs: update to 1.8
Changes:
67f3b2a libtracefs: version 1.8
8a1322f libtracefs utest: Add tests to use mapping if supported
0a65b79 libtracefs: Add tracefs_mapped_is_supported() API
805f650 libtracefs: Call mmap ioctl if a refresh happens
cf7e2a5 libtracefs: Fix tracefs_mmap() kbuf usage
3a26b26 libtracefs: Have nonblock tracefs_cpu reads set errno EAGAIN
2b5bb09 libtracefs: Have tracefs_mmap_read() include subbuf meta data
dee0448 libtracefs: Have mapping work with the other tracefs_cpu* functions
28eebc1 libtracefs: Have tracefs_cpu_flush(_buf)() use mapping
065d914 libtracefs: Use mmapping for iterating raw events
1124e0e libtracefs: Use tracefs_cpu_*_buf() calls for iterator
f43b293 libtracefs: Unmap mmap mapping on tracefs_cpu close
0d24516 libtracefs Documentation: Fix tracefs_cpu_snapshot_open() man pages
5ff31c0 libtracefs Documentation: Add tracefs_follow_events_clear() to main man page
0c7d9f7 libtracefs: Add man pages for tracefs_snapshot_*() functions
b2dc3e0 libtracefs sql: Rename TIMESTAMP_USECS_DELTA to TIMESTAMP_DELTA_USECS
585ec77 libtracefs: Force off trace mmapping
2ed14b5 libtracefs: Add ring buffer memory mapping APIs
173ffc0 libtracefs meson: Add option to disable samples
a55e2e8 libtracefs meson: Add option to disable documentation
93e20af libtracefs: Fix tracefs_instance_reset to clear synthetic events
a1ecbff libtracefs utest: Add more tests to test tracefs_sql()
975c37c libtracefs utest: Add matches to trace_sql() tests
0567e2d libtracefs synthetic: Handle hashed name variables
fcb3a83 libtracefs synthetic: Remove multiple adding of action in tracefs_synth_save()
a9dae65 libtracefs: Fix sqlhist used uninitialized error
fe7a467 libtracefs: Add updating and reading snapshot buffers
1ad57ab libtracefs: Add PID filtering API
d8726bf libtracefs: Also clear max_graph_depth on reset
eb4dd60 libtracefs: Add TIMESTAMP_USECS_DELTA to simplify SQL timestamp compares
8c57eb4 libtracefs: Add tracefs_instance_set/get_subbuf_size()
9bafb21 libtracefs: Add API to extract ring buffer statistics
141d25e libtracefs: Add tracefs_load_headers() API
ef3fae7 libtracefs: Add kerneldoc comments to tracefs_instance_set_buffer_size()
31acfe1 libtracefs utest: Add test to test tracefs_instance_set/get_buffer_percent()
3e6d975 libtracefs: Add tracefs_instance_clear() API
c4efaaf libtracefs: Add tracefs_instance_get/set_buffer_percent()
1e1cc54 libtracefs: Add API to read tracefs_cpu and return a kbuffer
7d395b1 libtracefs: Add tracefs_instance_file_write_number()
e34cbd8 libtracefs: Increase splice to use pipe max size
1f50965 libtracefs: Add API to remove followers from an instance or toplevel
576ee0b libtracefs: Reset tracing before and after unit tests
118b694 libtracefs: Free dynamic event list in utest
5159973 libtracefs: Free tracing_dir in case of remount
df563eb libtracefs: Free buf in clear_func_filter()
3cbac37 libtracefs: Free "missed_followers" of instance
0cbe56e libtracefs testing: Use one tep handle for most tests
adac30f libtracefs Documentation: Fix tracefs_event_file_exists() issues
07ab199 libtracefs: Pass enum value where expected instead of int
bb299b4 libtracefs: fix cscope makefile rule
420d677 libtracefs: Free "followers" when freeing instance
3f436fc libtracefs: Fix documentation of tracefs_trace_pipe_stream() flags
1fde9df libtracefs: Add explicit pthread dependency to meson
d1989ae tracefs-perf: Add missing headers for syscall() and SYS_* defines

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-01-25 17:31:50 +01:00
Nick Hainke
409052eade libtraceevent: update to 1.8.2
Changelog:
6f6d580 libtraceevent: 1.8.2
b29b192 kbuffer: Update kbuf->next in kbuffer_refresh
4b2286c kbuffer: Always walk the events to calculate timestamp in kbuffer_read_buffer()
ce0acec libtraceevent meson: Add libdl dependency to meson
15a0121 libtraceevent Documentation: Fix tep_kbuffer() prototype
85a2078 libtraceevent: 1.8.1
6b21b4c libtraceevent: Add tep_get_sub_buffer_data_size()
8cf5315 libtraceevent: 1.8
7a4d5b2 kbuffer: Add kbuffer_refresh() API
33bad32 kbuffer: Add kbuffer_subbuffer() API
f6bdff7 kbuffer: Add kbuffer_dup()
0582118 kbuffer: Add kbuffer_read_buffer()
014ca24 libtraceevent: Fix tep_kbuffer() to have kbuf assign long_size
afead9a libtraceevent: Add tep_get_sub_buffer_commit_offset()
3152506 libtraceevent plugins: Parse sched_switch "prev_state" field for state info
4be92aa libtraceevent: Bump meson version to >=0.58.0
9b2e543 libtraceevent: sync state char array with the kernel
5b89385 libtraceevent: Add option to disable documentation
a496a39 libtraceevent: Add tep_record_is_event() API

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-01-25 17:31:50 +01:00
Nick Hainke
6f90118533 iproute2: update to 6.7.0
Release Notes:
https://lwn.net/Articles/957171/

Remove patch "100-configure.patch" because support for ATM was dropped [0].

Manually refresh:
- 200-drop_libbsd_dependency.patch

Automatic refresh:
- 130-no_netem_tipc_dcb_man_vdpa.patch
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 190-fix-nls-rpath-link.patch
- 300-selinux-configurable.patch

[0] - https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=a66a73af6db74fdb64439316c69aa0e35dd02c47

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-01-25 16:08:25 +01:00
Nick Hainke
d82930c7c7 libxml2: update to 2.12.4
Release Notes:
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.4

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-01-24 16:40:15 +01:00
Christian Marangi
b34e6de7da
ubox: update to Git HEAD (2024-01-24)
2c5887cb4688 kmodloader: fix invalid read outside mapped region

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-01-24 13:08:36 +01:00
Chuanhong Guo
1b7e62b20b mediatek: drop NMBM layout for Xiaomi WR30U
This reverts commit dcdcfc1511.

This is a firmware for third-party u-boot mod, which should not
be carried here by us.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2024-01-23 19:24:32 +08:00
Jo-Philipp Wich
039f8a1241 wireguard-tools: avoid redundant jsonfilter calls
Use a single jsonfilter expression to yield the list of logical wireguard
interface names in shell compatible notation.

Supersedes: #12344
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-01-23 09:19:35 +01:00
Jo-Philipp Wich
33f15dd6d4 jsonfilter: update to Git HEAD (2024-01-23)
013b75ab0598 jsonfilter: drop legacy json-c support
594cfa86469c main: fix spurious premature parse aborts in array mode

Fixes: https://bugs.openwrt.org/?task_id=3683
Fixes: https://github.com/openwrt/openwrt/issues/8703
Fixes: https://github.com/openwrt/openwrt/issues/11649
Fixes: https://github.com/openwrt/openwrt/issues/12344
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-01-23 09:07:16 +01:00
Christian Marangi
b66a340837
fstools: update to Git HEAD (2024-01-22)
2171f6261556 libfstools: force mkfs when formatting overlay
08cd7083cac4 libfstools: fit: improve fit_volume_find string handling

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-01-22 01:46:43 +01:00
Christian Marangi
4d2a82a73c
ubox: update to Git HEAD (2024-01-22)
b2f6da671f7c kmodloader: Fix NULL pointer dereferences error
202d7c05029a kmodloader: fix memory leak in print_modinfo
6cf7d837ee7e kmodloader: fix TOCTOU problem with scan_builtin_modules

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-01-22 01:28:52 +01:00
Tianling Shen
7939df9587 uboot-rockchip: Update to 2024.01
Runtime tested on Orange Pi R1 Plus LTS and NanoPi R4S.

Removed upstreamed patches:
- 100-rockchip-rk3328-Add-support-for-Orange-Pi-R1-Plus.patch
- 101-rockchip-rk3328-Add-support-for-Orange-Pi-R1-Plus-LT.patch
- 103-rockchip-rk3568-Add-support-for-FriendlyARM-NanoPi-R.patch
- 104-rockchip-rk3568-Add-support-for-FriendlyARM-NanoPi-R.patch

Refreshed remaining patches.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-01-20 21:11:22 +01:00
Tianling Shen
d531c34479 arm-trusted-firmware-rockchip: Update to 2.10
Runtime tested on Orange Pi R1 Plus LTS (RK3328) and NanoPi R4S (RK3399).

Changelog: https://trustedfirmware-a.readthedocs.io/en/v2.10/change-log.html

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-01-20 21:11:22 +01:00
Linus Walleij
f1a447bdb5 uboot-bcm53xx: bump to 2024.01
Bump the U-Boot version used for BCM53xx to the 2024.01
version that includes all the needed patches upstream, so we
can get rid of those in the process.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2024-01-20 19:38:20 +01:00
Paul Spooren
10180295b8 busybox: switch to sha256 for passwd
Right now sha256 is considered more secure than md5, use it to harden
against password decryption.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-01-20 13:22:58 +00:00
Paul Spooren
86e3016896 busybox: enable sha hash for /etc/shadow
It appears `md5` is no longer state of the art. Let's switch it to
something slightly newer to increase security.

Suggested-by: abnoeh <abnoeh@mail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-01-20 13:22:58 +00:00
Christian Marangi
ced3fbcda1
ubox: update to Git HEAD (2024-01-15)
11cb29e15d68 kmodloader: remove unneeded uname() call
811ca6c2234a kmodloader: fix memory leak in scan_loaded_modules()
8c95fc7039cb kmodloader: support loadable module parameters in modinfo
4ffc29e4041c kmodloader: add basic support for builtin modules
ba3908351232 kmodloader: add modinfo support for builtin modules
c006dccecb6f kmodloader: cleanup duplicated mmap() code

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-01-19 21:45:19 +01:00