APK (Alpine Package Keeper) is the package manager of Alpine Linux and
has multiple advantages over OPKG. While Alpine uses APK version 2, this
commit adds version 3 with a heavily optimised database structure and
additional feature making it suitable for OpenWrt.
This commit will be followed by many more to add APK build capabilities
to the OpenWrt build system, firstly enabling side by side builds of APK
and OPKG packages, later replacing OPKG entirely.
Signed-off-by: Paul Spooren <mail@aparcar.org>
These options are not available in mbedtls 3.6.0 and selecting them
causes an error.
MBEDTLS_CERTS_C was removed in:
1aec64642c
MBEDTLS_XTEA_C was removed in:
10e8cf5fef
MBEDTLS_SSL_TRUNCATED_HMAC was removed in:
4a7010d1aa
Fixes: 0e06642643 ("mbedtls: Update to version 3.6.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes:
- new URL for sources (old address is dead)
- daemon and utils from packages feed are merged in here
- only build once
- no need to update at the same time in both places
- update to v3.1.4
- removed unneeded patches
- added audisp-syslog
- removed audispd (no longer exists)
- rename and move to package/utils/audit
- update new path in one dependent package
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
With "ebfe8b4 CMakeLists: set no-dangling-pointer" the compilation
option is set in uqmi, and can therefore be removed from no-error.
Signed-off-by: Jean Thomas <jean.thomas@wifirst.fr>
e7207be uqmi: print radio interfaces in serving system command
6ef41d6 uqmi: create function to print radio interface string
e25d042 uqmi: Add basic 5G NR support
3e782be uqmi: sync data from libqmi project
368d46c uqmi: support C reserved keywords in upstream JSON files
02e42c0 reorganize source code in common and uqmi specific parts
4591f0a .gitignore build/ directories
2b57ee1 uqmi: commands-uim: fix uninitialized use of card_application_state
7c77e77 data/code-gen: add support for indications
ddbf864 qmi-struct.h: add missing includes
5320c1d move qmi_get_error_str to into utils.c
1503bc7 dev.c: add missing import strings.h
bae945f commands-nas: add missing includes
9ffd0e2 commands: make `struct blob_buf status` public
a4fbdcc commands-nas: fix gcc warning
8ff632a dev.c: add comment to qmi_request_wait()
a043a74 CMakeLists: refactor SOURCES variable to allow later adding uqmid
ebfe8b4 CMakeLists: set no-dangling-pointer
c47125d CMakeLists: improve generated files
0f64b69 CMakeLists: update cmake minimum version to 3.5
As the built uqmi binary is now moved to a dedicated directory,
update the Makefile accordingly.
Signed-off-by: Jean Thomas <jean.thomas@wifirst.fr>
This adds support for mbedtls 3.6.0.
The 3.6 version is the next LTS version of mbedtls.
This version supports TLS 1.3.
This switches to download using git. The codeload tar file misses some
git submodules.
Add some extra options added in mbedtls 3.6.0.
The size of the compressed ipkg increases:
230933 bin/packages/mips_24kc/base/libmbedtls13_2.28.7-r2_mips_24kc.ipk
300154 bin/packages/mips_24kc/base/libmbedtls14_3.6.0-r1_mips_24kc.ipk
The removed patch was integrated upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
It seems that somehow a wrong hash has been used for ipq-wifi, so refresh
it.
Fixes: f10d55df9e ("ipq-wifi: update to Git HEAD (2024-04-26)")
Signed-off-by: Robert Marko <robimarko@gmail.com>
Because these capability advertisements default to on in lldpd, they
became absent at reload, and not restart, due to how the reload logic
works ( keep daemon running, send unconfigured and then the new config
via socket ), and it was not evident unless you happened to be looking
for it (e.g. via pcap or tcpdump). It was also not evident from the
manpage ( have now sent patches upstream ).
At reload time, the unconfigure logic disabled them unless they were
explicitly enabled (compare with other settings where 'unconfigure' just
resets them). Now they default to on/enabled at init time, and are
explicitly 'unconfigure'd at startup if the user disables them via:
lldp_mgmt_addr_advertisements=0
lldp_capability_advertisements=0
In other words: explicit is necessary to disable the advertisements.
The same applies to 'configure system capabilities enabled'. Technically
'unconfigure'd is the default but now it is explicit at reload.
Tested on: 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Building perf's intel-pt-decoder fails on both PPC32 and PPC64:
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-13.2.0_musl/lib/gcc/powerpc64-openwrt-linux-musl/13.2.0/../../../../powerpc64-openwrt-linux-musl/bin/ld.bfd:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-powerpc64_e5500_musl/linux-qoriq_generic/linux-6.1.86/tools/
perf-target-powerpc64_e5500_musl/perf-in.o: in function `insn_set_byte':
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-powerpc64_e5500_musl/linux-qoriq_generic/linux-6.1.86/tools/perf/util/intel-pt-decoder/../../../arch/x86/include/asm/insn.h:64:
undefined reference to `__le32_to_cpu'
Add NO_AUXTRACE=1 to MAKE_FLAGS for LINUX_KARCH powerpc, which disables
build of intel-pt-decoder on both PPC32 and PPC64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
fab9e29f6b92 ipq6018: update regdb in TPLink EAP610-Outdoor BDF
6d02b65fadf3 ipq8074: update RegDB in new submitted BDF
644ba9ea2e66 ipq6018: update RegDB in new submitted BDF
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
uboot-envtools is currently missing config for Edgerouter-X
and its not immediately obvious what settings to manually
apply.
Provide default configuration for envtools on Edgerouter-X.
Signed-off-by: Tim Lunn <tim@feathertop.org>
This adds a kernel module package for the Marvell
MV88E6XXX DSA switch and a separate module package for
the DSA tagger since it can in theory be used by multiple
DSA switches. Enable both DSA and EDSA tags in the
tagger.
We can't just compile this in because just a few devices
has this DSA, and it depends on e.g. the I2C and SFP
to be loaded as modules first.
We have no examples of DSA switches being packaged as
modules before, all seem to be compiled in, but it
actually works just fine to do this.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
This fixes multiple security problems:
* [High] CVE-2024-0901 Potential denial of service and out of bounds
read. Affects TLS 1.3 on the server side when accepting a connection
from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
it is recommended to update the version of wolfSSL used.
* [Med] CVE-2024-1545 Fault Injection vulnerability in
RsaPrivateDecryption function that potentially allows an attacker
that has access to the same system with a victims process to perform
a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
Zhang, Qingni Shen for the report (Peking University, The University
of Western Australia)."
* [Med] Fault injection attack with EdDSA signature operations. This
affects ed25519 sign operations where the system could be susceptible
to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
Qingni Shen for the report (Peking University, The University of
Western Australia).
Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This contains a fix for:
CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
API mishandles shared memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The Upstream Linux community has discontinued support for the target.
Maintaining support for it downstream would require too much effort.
Moreover, it seems that the supported hardware is no longer deemed worthy
of it.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add new functions for ath11k caldata:
- ath11k_patch_mac (from 0 to 5)
- ath11k_remove_regdomain
- ath11k_set_macflag (some pre-caldata have the nvMacFlag flag unset which is needed to change the MAC address)
Additionaly for ath10k caldata:
- ath10k_remove_regdomain
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
This update contains a minor fix to resolve "detected write beyond size
of field" warning during compilation:
* "replace [0] with []" (1d0d08c)
All patches still apply.
References:
* https://github.com/openwrt/openwrt/issues/15108
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
Spectrum SAX1V1K is a AX WIFI router with 3 1G and 1 2.5G ports.
The router is provided to Spectrum customers.
It is OEM of Askey RT5010W
https://forum.openwrt.org/t/spectrum-sax1v1k-askey-rt5010w-openwrt-support/149923
It continues the original work by @MeisterLone to get this device supported.
Specifications:
```
• CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
• RAM: 2048MB of DDR3
• Storage: 1024MB eMMC
• Ethernet: 3x 1G RJ45 ports (QCA8075) + 1 2.5G Port (QCA8081)
• WLAN:
• 2.4GHz: Qualcomm QCN5024 4x4 802.11b/g/n/ax 1174 Mbps PHY rate
• 5GHz: Qualcomm QCN5054 4x4 802.11a/b/g/n/ac/ax 2402 PHY rate
• LED: 1 gpio-controlled dual color led (blue/red)
• Buttons: 1x reset
• Power: 12V DC jack
```
Notes:
```
• This commit adds only single partition support, that means
sysupgrade is upgrading the current rootfs partition.
• Installation can be done by serial connection only.
• A poulated serial header is onboard
https://forum.openwrt.org/t/spectrum-sax1v1k-askey-rt5010w-openwrt-support/149923/6
• RX/TX is working, u-boot bootwait is active, secure boot is enabled.
```
Installation Instructions:
**Most part of the installation is performed from an initramfs image.**
Boot initramfs : Using serial connection
1. Boot up the device and wait till it displays "VERIFY_IB: Success. verify IB ok"
2. Once that message appears,
login with username 'root'
password serial number of your router in uppercase.
3. Use vi to paste the 'open.sh' script from @MeisterLone github on your device
https://github.com/MeisterLone/Askey-RT5010W-D187-REV6/blob/master/Patch/open.sh
4. chmod 755 open.sh
5. ./open.sh
6. Set your ip to 192.168.0.1
7. Run a TFTP server and host the initramfs image on the TFTP server and name it "recovery.img"
8. Reboot device. On boot it will try TFTP.
Install OpenWrt from initramfs image:
1. Use SCP (or other way) to transfer OpenWrt factory image
2. Connect to device using SSH (on a LAN port)
3. Flash firmware: sysupgrade
# sysupgrade -n -v /tmp/openwrt_sysupgrade.bin
4. Set U-boot env variable: bootcmd
# fw_setenv bootcmd "run fix_uboot; run setup_and_boot"
5. Reboot the device
# reboot
6. Once device is booted, residue of previous firmware will prevent openwrt to work properly.
Factory Reset is MUST required
# Once serial console is displaying to login, hold reset button for 10 sec
7. Now everything should be operational.
Note: this PR adds only single partition support, that means sysupgrade is
upgrading the current rootfs partition
Signed-off-by: Connor Yoon <j_connor@taliaent.com>
ec8c620fd5f4 split bridge-local disable into rx and tx
40b1c5b6be4e flow: do not attempt to offload bridge-local flows
Signed-off-by: Felix Fietkau <nbd@nbd.name>
For interface type parameters, the man page documents patterns:
```
*,!eth*,!!eth1
uses all interfaces, except interfaces starting with "eth",
but including "eth1".
```
* Renamed `_ifname` to `_l2dev`.
* get the l2dev via network_get_physdev (and not l3dev)
* Glob pattern `*` is also valid - use noglob for this
The net result is that now interface 'names' including globs '*' and '!'
inversions are included in the generated lldpd configs.
Temporarily `set -o noglob` and then `set +o noglob` to disable & enable
globbing respectively, because when we pass `*` as an interface choice,
other file and pathnames get sucked in from where the init script runs,
and the `*` never makes it to lldpd.
Tested extensively on: 22.03.6, 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
[ squash with commit bumping release version ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Lets update to 2024.04 in order to drop all of the patches as they have
been merged upstream.
Tested on Methode eDPU.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
f9a28a9ce864 ustream-ssl: poll connection on incomplete reads
3c49e70c4622 ustream-ssl: increase number of read buffers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Reduce calls and pipes and read from urandom once directly with hexdump
for the necessary 5 bytes of random data to build the 48 bit ULA Prefix.
Fewer calls and forks; finish quicker; less memory used.
Tested on: 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
It seems that move to kernel 6.6 somehow fixed the remoteproc restart so
now it properly restarts and thus coldboot calibration works as well.
ipq60xx still seems to be broken in a different way so keep it disabled.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add patch fixing rmmod and insmod. Lots of flawed logic fixed that
permits the module to correctly rmmod and insmod later.
Just to quote some change, use phy_detach instead of phy_disconnect, fix
exclusive reset_control that could only be used once, fix kernel panic
on second edma_cleanup, stop traffic before module exit...
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>