Commit Graph

57681 Commits

Author SHA1 Message Date
Nick Hainke
ea9a7f1250 libxml2: update to 2.11.4
Release Notes:
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit c520d682f0)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:26:28 +01:00
Nick Hainke
f1fbf61fcf libcap: update to 2.69
Release Notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe

Fixes: CVE-2023-2602 CVE-2023-2603
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 78c45c1e59)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:26:24 +01:00
Nick Hainke
60b6220028 lldpd: update to 1.0.17
Release Notes:
https://github.com/lldpd/lldpd/releases/tag/1.0.17

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 17fbbafdcb)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:26:19 +01:00
Pietro Ameruoso
22d7148689 mediatek: add support for Zyxel EX5601-T0 router
Zyxel EX5601-T0 specifics
--------------
The operator specific firmware running on the Zyxel branded
EX5601-T0 includes  U-Boot modifications affecting the OpenWrt
installation.

Partition Table
| dev  | size     | erasesize | name          |
| ---- | -------- | --------- | ------------- |
| mtd0 | 20000000 | 00040000  | "spi0.1"      |
| mtd1 | 00100000 | 00040000  | "BL2"         |
| mtd2 | 00080000 | 00040000  | "u-boot-env"  |
| mtd3 | 00200000 | 00040000  | "Factory"     |
| mtd4 | 001c0000 | 00040000  | "FIP"         |
| mtd5 | 00040000 | 00040000  | "zloader"     |
| mtd6 | 04000000 | 00040000  | "ubi"         |
| mtd7 | 04000000 | 00040000  | "ubi2"        |
| mtd8 | 15a80000 | 00040000  | "zyubi"       |

The router boots BL2 which than loads FIP (u-boot).
U-boot has hardcoded a command to always launch Zloader "mtd read zloader 0x46000000" and than "bootm". Bootargs are deactivated.
Zloader is the zyxel booloader which allow to dual-boot ubi or ubi2, by default access to zloader is blocked.
Too zloader checks that the firmware contains a particolar file called zyfwinfo.
Additional details regarding Zloader can be found here:
https://hack-gpon.github.io/zyxel/
https://forum.openwrt.org/t/adding-openwrt-support-for-zyxel-ex5601-t0/155914

Hardware
--------
SOC: MediaTek MT7986a
CPU: 4 core cortex-a53 (2000MHz)
RAM: 1GB DDR4
FLASH: 512MB SPI-NAND (Micron xxx)
WIFI: Wifi6 Mediatek MT7976 802.11ax 5 GHz 4x4 + 2.4GHZ 4x4
ETH: MediaTek MT7531 Switch + SoC
3 x builtin 1G phy (lan1, lan2, lan3)
1 x MaxLinear GPY211B 2.5 N-Base-T phy5 (lan4)
1 x MaxLinear GPY211B 2.5Gbit xor SFP/N-Base-T phy6 (wan)
USB: 1 x USB 3.2 Enhanced SuperSpeed port
UART: 3V3 115200 8N1 (Pinout: GND KEY RX TX VCC)
VOIP: 2 FXS ports for analog phones

MAC Address Table
-----------------
eth0/lan    Factory 0x002a
eth1/wan    Factory 0x0024
wifi 2.4Ghz Factory 0x0004
wifi 5Ghz   Factory 0x0004 + 1

Serial console (UART)
---------------------
+-------+-------+-------+-------+-------+
| +3.3V |  RX   |  TX   |  KEY  |  GND  |
+---+---+-------+-------+-------+-------+
    |
    +--- Don't connect

Installation
------------
Keep in mind that openwrt can only run on the UBI partition, the openwrt firmware is not able to understand the zloader bootargs.
The procedure allows restoring the UBI partition with the Zyxel firmware and retains all the OEM functionalities.

1. Unlock Zloader (this will allow to swap manually between partitions UBI and UBI2):
- Attach a usb-ttl adapter to your computer and boot the router.
- While the router is booting at some point you will read the following: `Please press Enter to activate this console.`
- As soon as you read that press enter, type root and than press enter again (just do it, don't care about the logs scrolling).
- Most likely the router is still printing the boot log, leave it boot until it stops.
- If everything went ok you should have full root access "root@EX5601-T0:/#".
- Type the following command and press enter: "fw_setenv EngDebugFlag 0x1".
- Reboot the router.
- As soon as you read `Hit any key to stop autoboot:` press Enter.
- If everything went ok you should have the following prompt: "ZHAL>".
- You have successfully unlocked zloader access, this procedure must be done only once.

2. Check the current active partition:
- Boot the router and repeat the steps above to gain root access.
- Type the following command to check the current active image: "cat /proc/cmdline".
- If `rootubi=ubi` it means that the active partition is `mtd6`
- If `rootubi=ubi2` it means that the active partition is `mtd7`
- As mentioned earlier we need to flash openwrt into ubi/mtd6 and never overwrite ubi2/mtd7 to be able to fully roll-back.
- To activate and boot from mtd7 (ubi2) enter into ZHAL> command prompt and type the following commands:
atbt 1  # unlock write
atsw    # swap boot partition
atsr    # reboot the router
- After rebooting check again with "cat /proc/cmdline" that you are correctly booting from mtd7/ubi2
- If yes proceed with the installation guide. If not probably you don't have a firmware into ubi2 or you did something wrong.

3. Flashing:
- Download the sysupgrade file for the router from openwrt, than we need to add the zyfwinfo file into the sysupgrade tar.
Zloader only checks for the magic (which is a fixed value 'EXYZ') and the crc of the file itself (256bytes).
I created a script to create a valid zyfwinfo file but you can use anything that does exactly the same:
https://raw.githubusercontent.com/pameruoso/OpenWRT-Zyxel-EX5601-T0/main/gen_zyfwinfo.sh
- Add the zyfwinfo file into the sysupgrade tar.
- Enter via telnet or ssh into the router with admin credentials
- Enter the following commands to disable the firmware and model checks
"zycli fwidcheck off" and "zycli modelcheck off"
- Open the router web interface and in the update firmware page select the "restore default settings option"
- Select the sysupgrade file and click on upload.
- The router will flash and reboot itself into openwrt from UBI

4. Restoring and going back to Zyxel firmware.
- Use the ZHAL> command line to manually swap the boot parition to UBI2 with the following:
atbt 1  # unlock write
atsw    # swap boot partition
atsr    # reboot the router
- You will boot again the Zyxel firmware you have into UBI2 and you can flash the zyxel firmware to overwrite the UBI partition and openwrt.

Working features
----------------
3 gbit lan ports
Wifi
Zyxel partitioning for coexistance with Zloader and dual boot.
WAN SFP port (only after exporting pins 57 and 10. gpiobase411)
leds
reset button
serial interface
usb port
lan ethernet 2.5 gbit port (autosense)
wan ethernet 2.5 gbit port (autosense)

Not working
----------------
voip (missing drivers or proper zyxel platform software)

Swapping the wan ethernet/sfp xor port
----------------
The way to swap the wan port between sfp and ethernet is the following:
export the pins 57 and 10.
Pin 57 is used to probe if an sfp is present.
If pin 57 value is 0 it means that an sfp is present into the cage (cat /sys/class/gpio/gpio468/value).
If pin 57 value is 1 it means that no sfp is inserted into the cage.
In conclusion by default both 57 an 10 pins are by default 1, which means that the active port is the ethernet one.
After inserting an SFP pin 57 will become 0 and you have to manually change the value of pin 10 to 0 too.
This is totally scriptable of course.

Leds description
------------
All the leds are working out of the box but the leds managed by the 2 maxlinear phy (phy 5 lan, phy6 wan).
To activate the phy5 led (rj45 ethernet port led on the back of the router) you have to use mdio-tools.
To activate the phy6 led (led on the front of the router for 2.5gbit link) you have to use mdio-tools.
Example:
Set lan5 led to fast blink on 2500/1000, slow blink on 10/100:
mdio mdio-bus mmd 5:30 raw 0x0001 0x33FC

Set wan 2.5gbit led to constant on when wan is 2.5gbit:
mdio mdio-bus mmd 6:30 raw 0x0001 0x0080

Signed-off-by: Pietro Ameruoso <p.ameruoso@live.it>
(cherry picked from commit 1c05388ab0)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:26:11 +01:00
Christian Marangi
b79ed14dd1 CI: rework build workflow to have split target and subtarget directly
Instead of referring to a redundant job and ENV variables, rework build
workflow to accept and require split target and subtarget and use them
directly from inputs.

Rework each user and pass a JSON of tuple to matrix include with each
target/subtarget combination to test. Special notice this doesn't use
the github actions matrix combination feature but reference each
specific tuple of target and subtarget to test.

Just a cleanup no behaviour change intended.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit eecc6e4811)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:26:06 +01:00
Christian Marangi
bf82648bf7 CI: check-kernel-patches: use buildbot user on git diff check
Use buildbot user on git diff check instead of using git config
safe directory.

This should accomplish the same result but should be a better approach
following safe practice enforced by git.

Fixes: a7747e8670 ("ci: fix check kernel patches job")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6c80a578a4)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:26:02 +01:00
Shiji Yang
635d5488c9 ath79: add support for D-Link DIR-859 A3
Specifications:
  SOC:      QCA9563 775 MHz + QCA9880
  Switch:   QCA8337N-AL3C
  RAM:      Winbond W9751G6KB-25 64 MiB
  Flash:    Winbond W25Q128FVSG 16 MiB
  WLAN:     Wi-Fi4 2.4 GHz 3*3 + 5 GHz 3*3
  LAN:      LAN ports *4
  WAN:      WAN port *1
  Buttons:  reset *1 + wps *1
  LEDs: ethernet *5, power, wlan, wps

MAC Address:
  use      address               source1          source2
  label    40:9b:xx:xx:xx:3c     lan && wlan      u-boot,env@ethaddr
  lan      40:9b:xx:xx:xx:3c     devdata@0x3f     $label
  wan      40:9b:xx:xx:xx:3f     devdata@0x8f     $label + 3
  wlan2g   40:9b:xx:xx:xx:3c     devdata@0x5b     $label
  wlan5g   40:9b:xx:xx:xx:3e     devdata@0x76     $label + 2

Install via Web UI:
  Apply factory image in the stock firmware's Web UI.

Install via Emergency Room Mode:
  DIR-859 A1 will enter recovery mode when the system fails to boot
  or press reset button for about 10 seconds.

  First, set computer IP to 192.168.0.5 and Gateway to 192.168.0.1.
  Then we can open http://192.168.0.1 in the web browser to upload
  OpenWrt factory image or stock firmware. Some modern browsers may
  need to turn on compatibility mode.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 0ffbef9317)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:25:56 +01:00
Shiji Yang
f0b2fdb82e ath79: improve support for D-Link DIR-8x9 A1 series
1. Remove unnecessary new lines in the dts.
2. Remove duplicate included file "gpio.h" in the device dts.
3. Add missing button labels "reset" and "wps".
4. Unify the format of the reg properties.
5. Add u-boot environment support.
6. Reduce spi clock frequency since the max value suggested by the
   chip datasheet is only 25 MHz.
7. Add seama header fixup for DIR-859 A1. Without this header fixup,
   u-boot checksum for kernel will fail after the first boot.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit e5d8739aa8)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:25:52 +01:00
INAGAKI Hiroshi
84a4601ca6 ath79: enable NVMEM u-boot-env driver on generic subtarget
This patch enables NVMEM u-boot-env driver (COFNIG_NVMEM_U_BOOT_ENV) on
generic subtarget to use from devices, for MAC address and etc.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
(cherry picked from commit e8f7957450)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:25:49 +01:00
Christian Lamparter
7613efde8e uml: exclude some /arch/x86 optimizations
The x86_64 UML target wants to include SSSE3 optimized
crypto code which lives under /arch/x86/crypto.

However, these are not built and this causes an error.
| ERROR: module '[...]/arch/x86/crypto/sha512-ssse3.ko' is missing.
| make[3]: *** [modules/crypto.mk:990: [...]/kmod-crypto-sha512_5.15.112-1_x86_64.ipk] Error 1

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 959563fb81)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:25:44 +01:00
Christian Lamparter
e22fba1694 uml: fix build error due to frame size > 1024
the UML build fails during the kernel build:
| arch/um/drivers/net_kern.c: In function 'compute_hash':
| arch/um/drivers/net_kern.c:322:1: error: the frame size of 1072 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
|  322 | }
|      | ^
|cc1: all warnings being treated as errors

The compute_hash() function is added by our patch:
102-pseudo-random-mac.patch

Instead of allocating a 1024 byte buffer on the stack for the SHA1
digest input, let's allocate the data on the heap. We should be
able to do that since crypto_alloc_ahash and ahash_request_alloc
also need to allocate structures on the heap.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit aed2569d37)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:25:39 +01:00
Rafał Miłecki
6b9f405324 mac80211: brcm: drop brcmfmac patch waiting for register_wiphy()
That was a workaround for OpenWrt generation of config files. This patch
was used to postpone returning from probe function until loading
firmware and calling register_wiphy().

All of that is not needed anymore thanks to the ieee80211 hotplug.d
script introduced in the commit 5f8f8a3661 ("base-files, mac80211,
broadcom-wl: wifi detection and configuration"). That takes care of
generating /etc/config/wireless entries even if wireless device appears
late in the booting process.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit bd26266314)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:25:26 +01:00
Robert Marko
4a6847ce4e
kernel: qca-ssdk: backport support for building as kernel module
Currently, SSDK is rather special in the sense that its not being built as
a proper out of tree module at all but rather like a userspace application
and that involves a lot of make magic which unfortunately broke with make
version 4.4 and newer.

Luckily QCA finally added a way to build SSDK as an out of tree module
and it uses the kernel buildsystem which makes it compile with make 4.4
as well.
So lets backport the support for it and switch to using it.

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 957f1ee85e)
2023-05-23 23:52:58 +02:00
Petr Štetiar
7df43979d1
ci: push-containers: trigger job on release branching
Currently all 23.05 related CI jobs are failing as the containers are
not available, so lets fix it by pushing those containers when the
version.mk changes.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8fc2a0f00f)
2023-05-23 21:41:49 +02:00
Petr Štetiar
7d226e13e2
ci: tools: run the job on changes in include directory as well
In order to prevent regressions like with #12617.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 71ca2a3154)
2023-05-23 21:41:44 +02:00
Petr Štetiar
56ffc5a866
prereq: SetupHostCommand: fix wrong check result
Tony has reported, that CI tools job is failing for him in macOS
container due to prereq check failure for GNU `install` utility.

Michael diagnosed it and from his traces it was clear, that the issue is
caused by a wrong return value in the success check case, so lets fix it
accordingly.

Fixes: f75204036c ("prereq-build: allow host command symlinks to update")
Reported-by: Tony Ambardar <itugrok@yahoo.com>
Diagnosed-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 7855378fcd)
2023-05-23 21:41:39 +02:00
Michael Pratt
7f0db09513
prereq-build: remove python 2 cleanup recipe
This reverts commit 3b68fb57c9.

After refactoring build checks to update old symlinks,
and after a long time of no python 2 support,
this is no longer needed.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit e2f9fa4204)
2023-05-21 19:57:06 +02:00
Michael Pratt
fdfb848402
prereq-build: allow host command symlinks to update
This makes the prereq stage update the symlinks
installed into staging_dir/host/bin
by rearrainging the way they are verified.

Before, seeing or installing a symlink would result in
a successful exit code, and not installing a symlink
would result is a failed exit code. However,
that is not able to account for the difference
between existing good and bad links, or whether
the link would be the same if it was reinstalled,
because the check can match the program to a different path.

Instead, let a success exit code represent
identifying an existing symlink as exactly the same
as what would be installed if it did not exist,
and let a fail exit code represent
needing to install the symlink
or not having a match to the check criteria.

The failing exit code is caught by a new second attempt
for all of the check-* targets which will then indicate
to the user that there was an update by having a success
exit code when the check is run again and the link is the same.

When there is nothing to update, the checks will run only once.

This relies on the ls command to be POSIX-conformant with long format:
"path/to/link -> target/of/link"

Also, make sure the symlink is executable, not just a file,
and the directory only needs to be created once.

Fixes: #12610
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit f75204036c)
2023-05-21 19:57:00 +02:00
Christian Marangi
8192380288
OpenWrt v23.05: set branch defaults
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-05-21 15:30:04 +02:00
Sebastian Kemper
38c150612c build: revert 54070a1 (all kernels are >= 5.10)
Commit 54070a1 was added to allow building proper SDKs with kernels <
5.10. Now that all targets use at least kernel 5.10 it can be reverted.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2023-05-21 14:25:52 +02:00
Christian Lamparter
8182c7edcb firmware: intel-microcode: update to 20230512
Debian changelog:

intel-microcode (3.20230512.1) unstable; urgency=medium

  * New upstream microcode datafile 20230512 (closes: #1036013)
    * Includes fixes or mitigations for an undisclosed security issue
    * New microcodes:
      sig 0x000906a4, pf_mask 0x40, 2022-10-12, rev 0x0004, size 115712
      sig 0x000b06e0, pf_mask 0x01, 2022-12-19, rev 0x0010, size 134144
    * Updated microcodes:
      sig 0x00050653, pf_mask 0x97, 2022-12-21, rev 0x1000171, size 36864
      sig 0x00050654, pf_mask 0xb7, 2022-12-21, rev 0x2006f05, size 44032
      sig 0x00050656, pf_mask 0xbf, 2022-12-21, rev 0x4003501, size 37888
      sig 0x00050657, pf_mask 0xbf, 2022-12-21, rev 0x5003501, size 37888
      sig 0x0005065b, pf_mask 0xbf, 2022-12-21, rev 0x7002601, size 29696
      sig 0x000606a6, pf_mask 0x87, 2022-12-28, rev 0xd000390, size 296960
      sig 0x000706e5, pf_mask 0x80, 2022-12-25, rev 0x00ba, size 113664
      sig 0x000806a1, pf_mask 0x10, 2023-01-13, rev 0x0033, size 34816
      sig 0x000806c1, pf_mask 0x80, 2022-12-28, rev 0x00aa, size 110592
      sig 0x000806c2, pf_mask 0xc2, 2022-12-28, rev 0x002a, size 97280
      sig 0x000806d1, pf_mask 0xc2, 2022-12-28, rev 0x0044, size 102400
      sig 0x000806e9, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806e9, pf_mask 0x10, 2023-01-02, rev 0x00f2, size 105472
      sig 0x000806ea, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806eb, pf_mask 0xd0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806ec, pf_mask 0x94, 2022-12-26, rev 0x00f6, size 105472
      sig 0x000806f8, pf_mask 0x87, 2023-03-13, rev 0x2b000461, size 564224
      sig 0x000806f7, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f6, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f5, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f4, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f8, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1, size 595968
      sig 0x000806f6, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000806f5, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000806f4, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000906a3, pf_mask 0x80, 2023-02-14, rev 0x042a, size 218112
      sig 0x000906a4, pf_mask 0x80, 2023-02-14, rev 0x042a
      sig 0x000906e9, pf_mask 0x2a, 2022-12-26, rev 0x00f2, size 108544
      sig 0x000906ea, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
      sig 0x000906eb, pf_mask 0x02, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000906ec, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
      sig 0x000906ed, pf_mask 0x22, 2023-02-05, rev 0x00f8, size 104448
      sig 0x000a0652, pf_mask 0x20, 2022-12-27, rev 0x00f6, size 96256
      sig 0x000a0653, pf_mask 0x22, 2023-01-01, rev 0x00f6, size 97280
      sig 0x000a0655, pf_mask 0x22, 2022-12-26, rev 0x00f6, size 96256
      sig 0x000a0660, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 97280
      sig 0x000a0661, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 96256
      sig 0x000a0671, pf_mask 0x02, 2022-12-25, rev 0x0058, size 103424
      sig 0x000b0671, pf_mask 0x32, 2023-02-06, rev 0x0113, size 207872
      sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992
      sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112
  * source: update symlinks to reflect id of the latest release, 20230512

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 16 May 2023 00:13:02 -0300

intel-microcode (3.20230214.1) unstable; urgency=medium

  * Non-maintainer upload.
  * New upstream microcode datafile 20230214
    - Includes Fixes for: (Closes: #1031334)
       - INTEL-SA-00700: CVE-2022-21216
       - INTEL-SA-00730: CVE-2022-33972
       - INTEL-SA-00738: CVE-2022-33196
       - INTEL-SA-00767: CVE-2022-38090
  * New Microcodes:
    sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
    sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
    sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e
    sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
    sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e
  * Updated Microcodes:
    sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864
    sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888
    sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888
    sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696
    sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960
    sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792
    sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776
    sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800
    sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664
    sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816
    sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
    sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429
    sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
    sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429
    sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480
    sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424
    sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872
    sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c

 -- Tobias Frost <tobi@debian.org>  Sun, 12 Mar 2023 18:16:50 +0100

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-21 14:25:52 +02:00
Philip Prindeville
3b2337b467 kernel: disable IGD (video DRM) support
IGD is only useful when accelerating a VM guest that wants to direct
render to memory in the host's framebuffer, but since OpenWrt
typically runs on headless hardware, this serves no purpose.

Also build vfio with VFIO_NOIOMMU undefined (to get all of the code
enabled), but allow it to be enabled via boot-time modparams
settings (or at run-time via sysfs writes to
"/sys/module/vfio/parameters/enable_unsafe_noiommu_mode".

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-05-21 14:25:52 +02:00
Felix Baumann
066441b5e4 treewide: Disable building 8M RAM devices
Following deprecation notice[1] in 21.02, disable target with 8M of RAM

[1] https://openwrt.org/supported_devices/864_warning

Signed-off-by: Felix Baumann <felix.bau@gmx.de>
2023-05-21 01:08:31 +02:00
Felix Baumann
f5cb556d4f treewide: Disable building 32M RAM devices
Following deprecation notice[1] in 21.02, disable targets with 32M of RAM

[1] https://openwrt.org/supported_devices/864_warning

Signed-off-by: Felix Baumann <felix.bau@gmx.de>
2023-05-21 01:08:22 +02:00
Felix Baumann
3f297be1ed treewide: Disable building 16M RAM devices
Following deprecation notice[1] in 21.02, disable targets with 16M of RAM

[1] https://openwrt.org/supported_devices/864_warning

Signed-off-by: Felix Baumann <felix.bau@gmx.de>
2023-05-21 01:07:51 +02:00
DENG Qingfang
09d0643c18 ramips: mt7621: fix Xiaomi Router 3G/Pro LEDs
The PHY name has been changed to "mt7530-0" since IRQ support
was added to MT7530 driver.

Fixes: f9cfe7af1f ("kernel: backport MT7530 IRQ support")
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
(node names, added color, function+function-enumerator properties)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 23:24:50 +02:00
Nozomi Miyamori
d728d05c6c dropbear: add ForceCommand uci option
adds ForceCommand option. If the command is specified,
it forces users to execute the command when they log in.

Signed-off-by: Nozomi Miyamori <inspc43313@yahoo.co.jp>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 23:24:50 +02:00
Stan Grishin
c191c2d46f x86: base-files add support for Sophos 135r3/135r3w
The Sophos SG/XG-135 revision 3 has odd numbering of eth ports
where the WAN port (as marked on the case) is:
`eth6` and `eth0`, `eth1`, `eth2`, `eth3`, `eth5`, `eth7`, `eth8` are LAN ports.
Port `eth4` seems to be the SFP port.

Also add the missing LED definition for supported Sophos devices.

Original discussion at:
https://forum.openwrt.org/t/openwrt-on-revision-3-of-sophos-desktop-appliances/152912

Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-05-20 23:24:00 +02:00
Christian Lamparter
857345496b tfa-layerscape: fix fiptool's build
A missing '\' caused the remaining parameters not to be passed to make.

This fixes the following error:

| gcc -c [...] fiptool.c -o fiptool.o
| In file included from fiptool.h:16,
|                 from fiptool.c:19:
|fiptool_platform.h:19:11: fatal error: openssl/sha.h: No such file or directory
|   19 | # include <openssl/sha.h>
|      |           ^~~~~~~~~~~~~~~
|compilation terminated.
|make[3]: *** [Makefile:58: fiptool.o] Error 1

as the HOST_CFLAGS are no longer passed.

then, HOST_CFLAGS is specified as a command argument, this
is a specific problem of our built since appending these
needs the override directive.

Fixes: df28bfe03247 ("tfa-layerscape: Change to github and use the latest tag")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 23:20:48 +02:00
Linhui Liu
3f9526957b tools/ccache: update to 4.8.1
Release Notes:
https://ccache.dev/releasenotes.html#_ccache_4_8_1

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
2023-05-20 22:12:06 +02:00
David Yang
a8a2a95351
build: Allow specifying uImage time
Some U-Boot checks for a specified uImage time and refuses to boot if
mismatched. This patch fixes it by recognizing UIMAGE_TIME parameter.

Signed-off-by: David Yang <mmyangfl@gmail.com>
2023-05-20 21:29:25 +02:00
Nick Hainke
aa28e91404 nettle: update to 3.9
Changelog:
26cd0222fd/NEWS

Refresh patch:
- 100-portability.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-05-20 21:02:18 +02:00
Sander van Deijck
4642d8abdc kirkwood: add support for Iomega Storcenter ix4-200d
Iomega Storcenter ix4-200d is a four-bay SATA NAS powered by a Marvell
Kirkwood SoC clocked at 1.2GHz. It has 512MB of RAM and 32MB of
flash memory, 3x USB 2.0 and 2x 1Gbit/s NIC

Specification:
- SoC: Marvell Kirkwood 88F6281
- CPU/Speed: 1200Mhz
- Flash size: 32 MiB
- RAM: 512MB
- LAN: 2x 1Gbit/s
- 3x USB 2.0

Notes:
- The blue drive LED is triggered by HDD activity, it can not be controlled
  via GPIO.
- The LCD screen requires proprietary code and does not function at this time.
- Due to a kernel-related issue with the Marvell 88SE6121 SATA controller,
  currently only trays numbered #3 and #4 work, #1 and #2 do not. [1]

Serial pinout:

    CN4
    --------------
    | 10 8 6 4 2 |
    |  9 7 5 3 1 |
    -------------- PIN 1 Mark (fat line)

     1 = RXD
     4 = TXD
     6 = GND
     9 = 3.3V (not necessary to connect)

Installation instructions:
1. download initramfs-uImage and copy into tftp server
2. connect the tftp server to network port #1
3. access uboot environment with serial cable and run

    setenv mainlineLinux yes
    setenv arcNumber 1682
    setenv console 'console=ttyS0,115200n8'
    setenv mtdparts 'mtdparts=orion_nand:0x100000@0x000000(u-boot)ro,0x20000@0xA0000(u-boot environment)ro,0x300000@0x100000(kernel),0x1C00000@0x400000(ubi)'
    setenv bootargs_root 'root='
    setenv bootcmd 'setenv bootargs ${console} ${mtdparts} ${bootargs_root}; nand read.e 0x800000 0x100000 0x300000; bootm 0x00800000'
    saveenv
    setenv serverip 192.168.1.1
    setenv ipaddr 192.168.1.2
    tftpboot 0x00800000 [initramfs-uImage filename]
    bootm 0x00800000

4. connect to LAN on network port #2, log into openwrt and sysupgrade to install into flash

[1] https://bugzilla.kernel.org/show_bug.cgi?id=216094

Signed-off-by: Sander van Deijck <sander@vandeijck.com>
(aligned FROM from signed-off. LED+key rename, whitespace removal)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 15:35:37 +02:00
Aleksander Jan Bajkowski
7365e6b00a kernel: remove obsolete kernel version switches
This removes unneeded kernel version switches from the targets after
kernel 5.10 has been dropped.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2023-05-20 15:19:14 +02:00
Wojciech Dubowik
5e91b4507c tfa-layerscape: Change to github and use the latest tag
The default location of tfa-layerscape has been changed from
codeuaurora to github. Also use the latest tag for Layerscape
Linux Development POC from NXP.

v2:
* restored ls1021a-afrdm board
* added platform defines to fiptool so ls-ddr-phy can be built

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch>
(reset PKG_RELEASE)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 15:19:14 +02:00
Wojciech Dubowik
f6eae517ae ppfe-firmware: Bump to lf-6.1.1-1.0.0 and switch to github
The default location of ppfe-firmware has been changed
from codeuaurora to github. Also use the latest tag for
Layerscape Linux Development POC from NXP.

Tested on:
  * NXP FRWY-LS1012A

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch>
(reset PKG_RELEASE)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 15:19:14 +02:00
Wojciech Dubowik
6b5496aef1 fman-ucode: Bump to lf-6.1.1-1.0.0 and switch to github
The default location of fman-ucode has been changed from
codeuaurora to github. Also use the latest tag for Layerscape
Linux Development POC from NXP.

Tested on:
  * NXP LS1046A-RDB

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch>
(reset PKG_RELEASE)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 15:19:14 +02:00
Wojciech Dubowik
69c430aa2c uboot-layerscape: Bump to lf-6.1.1-1.0.0 and switch to github
The default location of uboot-layerscape has been changed
from codeuaurora to github. Also use the latest tag for
Layerscape Linux Development POC from NXP.

Tested on:
  * NXP FRWY-LS1012A
  * NXP LS1028A-RDB
  * NXP LS1046A-RDB

V2: Remove ls1028ardb specifix fixups not needed with new uboot

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch>
(reset PKG_RELEASE)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 15:19:14 +02:00
Wojciech Dubowik
2afabe6779 ls-rcw: Bump to lf-6.1.1-1.0.0 and switch to github
The default location of ls-rcw has been changed from codeuaurora
to github. The reason is that the old codeaurora source no longer
resolves. Also use the latest tag for Layerscape Linux Development
POC from NXP.

Tested on:
  * NXP FRWY-LS1012A
  * NXP LS1046A-RDB

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch>
(reset PKG_RELEASE, Mention that previous codeaurora source is
no longer available)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 15:19:14 +02:00
Tiago Gaspar
3f99b2b3f7 kernel: net: add support for kernel tls
Add ktls (Kernel TLS) kmods to enable TLS support
in kernel (allowing TLS offload when the network
card supports it)

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(added disabled symbols)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 15:19:14 +02:00
Sven Roederer
4071398b13 build: escape whitespaces in VERSION_DIST for Netgear images
Prevents subshell commands from failing to parse options
when having defined a whitespace in the VERSION_DIST.
As the called resulting images unlikely will handle
whitespace correctly, we replace them by "-".

Signed-off-by: Sven Roederer <S.Roederer@colvistec.de>
2023-05-20 15:19:14 +02:00
Christian Lamparter
eab9de0c9c ipq40xx: convert EZVIZ CS-W3-WD1200G-EUP to DSA
Convert the repeater to DSA.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 15:19:14 +02:00
Lech Perczak
25eead21c5 ath79: fix 5GHz on QCA9886 variant of ZTE MF286
Recently, a strange variant of ZTE MF286 was discovered, having QCA9886
radio instead of QCA9882 - like MF286A, but having MF286 flash layout
and rest of hardware.
To support both variants in one image, bind calibration data at offset
0x5000 both as "calibration" and "pre-calibration" nvmem-cells, so
ath10k can load caldata for both at runtime.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-05-20 15:19:14 +02:00
Jan Forman
8d618a3186 ath79: Add support for D-Link DIR-869-A1
Specifications
	The D-Link EXO AC1750 (DIR-869) router released in 2016.
	It is powered by Qualcomm Atheros QCA9563 @ 750 MHz chipset, 64 MB RAM and 16 MB flash.
	10/100/1000 Gigabit Ethernet WAN port
	Four 10/100/1000 Gigabit Ethernet LAN ports
	Power Button, Reset Button, WPS Button, Mode Switch

Flashing
	1. Upload factory.bin via D-link web interface (Management/Upgrade).

Revert to stock
	Upload original firmware via OpenWrt sysupgrade interface.

Debricking
	D-Link Recovery GUI (192.168.0.1)

Signed-off-by: Jan Forman <forman.jan96@gmail.com>
2023-05-20 13:43:09 +02:00
Jan Forman
2f4b6d0f89 ath79: Convert calibration data to nvmem
For D-link DIR-859 and DIR-869
Replace the mtd-cal-data by an nvmem-cell.
Add the PCIe node for the ath10k radio to the devicetree.
Thanks to DragonBlue for this patch

Signed-off-by: Jan Forman <jforman@tuta.io>
2023-05-20 13:43:09 +02:00
Jan Forman
6ea910ab54 ath79: Create shared dtsi for DIR-859
Create a shared dtsi for the dir-859 and similarly device, it similarly as it done for the dir-842.

Signed-off-by: Jan Forman <jforman@tuta.io>
2023-05-20 13:43:09 +02:00
Jan Forman
7a29230752 ath79: Replace reset-button for DIR-859
gpio-export for the switch reset pin replaced with a reset pin definition for the driver, within the phy node.

Signed-off-by: Jan Forman <forman.jan96@gmail.com>
Tested-By: Sebastian Schaper <openwrt@sebastianschaper.net>
2023-05-20 13:43:09 +02:00
Linhui Liu
c0ef48814e pcre2: switch to Github Releases and bump to 10.42
The mirror at SourceForge is an unofficial mirror and no longer maintained.

ChangeLogs:
https://github.com/PCRE2Project/pcre2/blob/pcre2-10.42/ChangeLog

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
2023-05-20 13:20:53 +08:00
Shiji Yang
ab7e251303 ramips: fix build error on Airlink AR670W
The 'KERNEL' is not referenced by other objects, so double '$$' will
cause shell unable to parse the variable 'BLOCKSIZE':
  dd ... bs=$(BLOCKSIZE) conv=sync
  bash: line 1: BLOCKSIZE: command not found

Fixes: 09a0efbe83(ramips: set default BLOCKSIZE to 64k for nor flash devices)
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2023-05-19 23:33:49 +02:00
Hauke Mehrtens
3a935f7ea9 util-linux: Use SYS_getrandom in randutils.c
The getrandom syscall is not hanging at bootup any more if there is
not enough entropy. This was fixed upstream in 2018 in commit:
a9cf659e05

This OpenWrt patch is not needed any more.
This reverts commit e64463ebde ("util-linux: avoid using the getrandom syscall")

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-05-19 22:43:45 +02:00