The fix in commit 847fad476f ("target.mk: improve handling of default
enabled SECCOMP") unfortunately does not work for targets where the ARCH
variable is set in ./$(SUBTARGET)/target.mk.
To get this working, the ./$(SUBTARGET)/target.mk must be included
before the check.
Fixes: 847fad476f ("target.mk: improve handling of default enabled SECCOMP")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Also use env variables exported by export_fitblk_rootdev() in
platform_copy_config().
Fixes: 4448d6325f ("mediatek: make use of common uImage.FIT upgrade functions")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The function was moved to /lib/upgrade/fit.sh which is part of the fitblk
package. Remove it from /lib/upgrade/common.sh to safe space on boards
not using unified uImage.FIT images.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use export_fitblk_bootdev() in /lib/upgrade/fit.sh instead of now
deprecated fitblk_get_bootdev() function. Include /lib/upgrade/fit.sh
instead of /lib/upgrade/common.sh to allow removing the function there.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Move shell functions used for sysupgrade into /lib/upgrade/fit.sh.
Introduce improved fitblk boot device detection function which
works also in case ubiblock devices have not yet been created or
even UBI itself not yet being attached.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The target was marked source-only due do the broken Ethernet port on
some devices. With that fixed, it can be enabled again.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
The new cpsw-switch driver reserves VLAN 1 for internal use, which
conflicts with the default network configuration of OpenWrt.
Switch back to the older cpsw driver to make the network connection on
the affected devices (BeagleBone Black and AM335x EVM) usable again.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Initramfs images are not supported by imagebuilder. With recent changes
to support Per Device Rootfs, we now generate an image and a vmlinux for
each Rootfs and these additional files are all shipped in the
imagebuilder tar.
Drop these new file and any vmlinux-initramfs as they are not used and
increase the final size of the imagebuilder archive.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This fixes multiple security problems:
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.
* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.
* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.
Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.
Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The eMMC chip used in a small batch of these devices has issues operating
in HS400 mode. Reducing to HS200 mode works around the problem and does
not cause any noticeable performance penalties as smaller chips are not fast
enough to saturate the bus. Root cause analysis is pending.
Signed-off-by: Chad Monroe <chad@monroe.io>
408c2cc libfstools: skip JFFS2 padding when BLOCKSIZE was given
013050f fstools: remove redundant F2FS_MINSIZE definition
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add entry for the BananaPi R3 mini to the platform_check_image()
function where it has been missing.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There is no point in hard-coding the UBI volume numbers as we are
dynamically looking up the volume by volume name in all cases by now.
Remove this relict as it causes problems without being useful for
anything.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1. Rename function _do_env_set() to env_do_env_set().
2. Replace kwbimage hack with UBOOT_CUSTOMIZE_CONFIG:
"--disable TOOLS_KWBIMAGE" and "--disable TOOLS_LIBCRYPTO".
3. Disable CONFIG_CMD_BOOTEFI_BOOTMGR for all supported devices
because the newly added UEFI bootmenu entries doesn't work.
4. Enable CONFIG_VERSION_VARIABLE for the OpenWrt One.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
73644a036f5a nl80211: move access to tb array out of uc_nl_convert_attr and below
6e3cf83a77a7 nl80211: add support for multi-attribute arrays
6ff24d5488a9 nl80211: update nl80211.h to latest wireless-next
abc2aef28641 nl80211: add wiphy multi-radio support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Brings lots of driver updates and API changes needed for mt76 updates.
Disable iwlwifi and ath11k on 5.15, since backport is too difficult,
and the only remaining targets won't need those drivers.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
There is no reason not to wire up the default netdev trigger for the SFP
LED since we have a separate SFP interface visible.
Link: https://github.com/openwrt/openwrt/pull/15927
Signed-off-by: Robert Marko <robimarko@gmail.com>
Since we are trying to get rid of using labels, lets convert RB5009 to the
function/color combo.
Link: https://github.com/openwrt/openwrt/pull/15927
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, QCA8081 LED is never configured and the default configuration
has the LED polarity inverted so it will be lit when there is nothing
connected to the PHY.
So lets define the LED as active-low and configure the trigger via 01_leds.
Fixes: 85d9fd6f0e ("mvebu: add support for RB5009UG+S+IN")
Link: https://github.com/openwrt/openwrt/pull/15927
Signed-off-by: Robert Marko <robimarko@gmail.com>
stop "heartbeat" which happens before OpenWrt controls LED. instead,
just turn LED on.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15913
Signed-off-by: Robert Marko <robimarko@gmail.com>
The switch to the upstream mmc-mtk driver caused problems with MT7621
because of unstable too high clock frequency:
[ 49.643291] mmc0: error -88 whilst initialising SD card
[ 49.890047] mmc0: error -88 whilst initialising SD card
[ 50.142414] mmc0: error -88 whilst initialising SD card
[ 50.419218] mmc0: error -88 whilst initialising SD card
...
Fix this by reducing the clock speed to 48 MHz instead of 50 MHz, which
is also the value used in upstream Linux mt7621.dtsi.
With that change applied SD cards work as expected on MT7621 devices
also with the new driver.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1. Override max clock frequency to a stable value 24 MHz.
2. Use voltage regulator to control the power supply.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Now that the SDHC of MT762{0,1,8} has been supported upstream, it's
time to switch the default driver to the upstream one. We will still
keep the old driver for users to choose from.
Tested on HiWiFi HC5861 (MT7620A) and HiWiFi HC5661A (MT7628N).
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Add all essential MTK SDHC properties to support the new mmc-mtk
driver. Since this driver relies on power regulators, we also
need to enable this feature for MT7620, just like MT762{1,8}.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Co-authored-by: John Thomson <git@johnthomson.fastmail.com.au>
This is the upstream implementation of the MTK SD/SDIO/MMC card
reader driver. It is an alternative solution for the downstream
driver package "kmod-sdhci-mt7620".
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Co-authored-by: John Thomson <git@johnthomson.fastmail.com.au>
"cd-inverted" is an upstream documented property used to indicate
the CD line is actived high. We will introduce a new upstream SDHC
driver, and this change will make them compatible with each other.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Changes:
2a768c4 wireless-regdb: Update regulatory rules for Mongolia (MN) on 6GHz
04875d9 wireless-regdb: Update regulatory rules for Saudi Arabia (SA) on 6GHz
b7bced8 wireless-regdb: Update regulatory rules for South Africa (ZA) on 6GHz
7bc8615 wireless-regdb: Update regulatory info for Thailand (TH) on 6GHz
f901fa9 wireless-regdb: Update regulatory info for Malaysia (MY) for 2022
d72d288 wireless-regdb: Update regulatory info for Morocco (MA) on 6GHz
414face wireless-regdb: Update regulatory info for Chile (CL) on 6GHz
1156a08 wireless-regdb: Update regulatory info for Mexico (MX) on 6GHz
cc6cf7c wireless-regdb: Update regulatory info for Iceland (IS) on 6GHz
ce03cc0 wireless-regdb: Update regulatory info for Mauritius(MU) on 6GHz
7e37778 wireless-regdb: Update regulatory info for Argentina (AR) on 6GHz
56f3a43 wireless-regdb: Update regulatory info for United Arab Emirates (AE) on 6GHz
3cb8b91 wireless-regdb: Update regulatory info for Colombia (CO) on 6GHz
3682ce5 wireless-regdb: Update regulatory info for Costa Rica (CR) for 2021
dd4ffe7 wireless-regdb: Update regulatory info for Dominican Republic (DO) on 6GHz
f8ef7da wireless-regdb: Update regulatory info for Liechtenstein (LI) on 6GHz
a9ecabe wireless-regdb: Update regulatory info for Jordan (JO) for 2022
5a9fdad wireless-regdb: Update regulatory info for Kenya (KE) for 2022
19326c3 wireless-regdb: Update regulatory info for Macao (MO) for 2024
4838054 wireless-regdb: update regulatory database based on preceding changes
Link: https://github.com/openwrt/openwrt/pull/15921
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.38
Removed target/linux/generic/hack-6.6/900-fix-build-to-handle-return-value.patch
which was introduced as a hacky attempt to fix an upstream issue related to 6.6.37.
Build system: x86/64
Build-tested: x86/64/AMD Cezanne, flogic/xiaomi_redmi-router-ax6000-ubootmod, ramips/tplink_archer-a6-v3
Run-tested: x86/64/AMD Cezanne, flogic/xiaomi_redmi-router-ax6000-ubootmod, ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/15879
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In the past few years, we have received several reports about SPI
Flash not working properly. This is caused by excessively fast
clock frequency. It's really annoying to fix them one by one. Let's
reduce these aggressive frequencies to 50 MHz. This is a safe and
suggested value in the vendor SDK.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>