Commit Graph

21576 Commits

Author SHA1 Message Date
Felix Fietkau
52a5f4491c hostapd: fix a null pointer dereference in wpa_supplicant on teardown
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-05-01 19:00:21 +02:00
Tianling Shen
790082098e
mediatek: switch to fitblk for JDCloud RE-CP-03
Use the new fitblk driver.

Tested-By: Yangyu Chen <cyy@cyyself.name>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-04-30 03:28:13 +01:00
Christian Marangi
4b04304713
procd: make mDNS TXT record parsing more solid
mDNS broadcast can't accept empty TXT record and would fail
registration.

Current procd_add_mdns_service checks only if the first passed arg is
empty but don't make any verification on the other args permittins
insertion of empty values in TXT record.

Example:

	procd_add_mdns "blah" \
				"tcp" "50" \
				"1" \
				"" \
				"3"

Produce:

{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "", "3" ] } }

The middle empty TXT record should never be included as it's empty.

This can happen with scripts that make fragile parsing and include
variables even if they are empty.

Prevent this and make the TXT record more solid by checking every
provided TXT record and include only the non-empty ones.

The fixed JSON is the following:

{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "3" ] } }

Fixes: b0d9dcf84d ("procd: update to latest git HEAD")
Reported-by: Paul Donald <newtwen@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15331
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-29 23:24:58 +02:00
Robert Marko
5c833329ce
arm-trusted-firmware-mvebu: refresh cryptopp hash
Well, it seems that cryptopp hash was never refreshed since calling
make package/boot/arm-trusted-firmware-mvebu/check FIXUP=1 V=s does not
actually refresh the download calls hashes so refresh it manually.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2024-04-29 13:02:23 +02:00
Robert Marko
e909746665
arm-trusted-firmware-mvebu: use SOURCE_VERSION instead of VERSION
Since ("download: don't overwrite VERSION variable") trying to download the
required sources for mvebu ATF will fail with:
Makefile:247: *** Download/mox-boot-builder is missing the SOURCE_VERSION field..  Stop.

This also broke the buildbot mvebu/cortex-a53 builds.

So, fix it by switching to SOURCE_VERSION instead.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2024-04-29 12:05:45 +02:00
Paul Spooren
00b86168bd apk: add package
APK (Alpine Package Keeper) is the package manager of Alpine Linux and
has multiple advantages over OPKG. While Alpine uses APK version 2, this
commit adds version 3 with a heavily optimised database structure and
additional feature making it suitable for OpenWrt.

This commit will be followed by many more to add APK build capabilities
to the OpenWrt build system, firstly enabling side by side builds of APK
and OPKG packages, later replacing OPKG entirely.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-04-29 11:36:03 +02:00
Hauke Mehrtens
adc29202c2 mbedtls: Remove Kconfig options removed from mbedtls 3.6.0
These options are not available in mbedtls 3.6.0 and selecting them
causes an error.

MBEDTLS_CERTS_C was removed in:
1aec64642c

MBEDTLS_XTEA_C was removed in:
10e8cf5fef

MBEDTLS_SSL_TRUNCATED_HMAC was removed in:
4a7010d1aa

Fixes: 0e06642643 ("mbedtls: Update to version 3.6.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-29 01:32:36 +02:00
Marius Dinu
ff0bb196eb libaudit: update to 3.1.4, join with daemon and utils, rename
Changes:
- new URL for sources (old address is dead)
- daemon and utils from packages feed are merged in here
  - only build once
  - no need to update at the same time in both places
- update to v3.1.4
  - removed unneeded patches
  - added audisp-syslog
  - removed audispd (no longer exists)
- rename and move to package/utils/audit
  - update new path in one dependent package

Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
2024-04-29 00:53:43 +02:00
Jean Thomas
30245a869e uqmi: set dangling-pointer as error
With "ebfe8b4 CMakeLists: set no-dangling-pointer" the compilation
option is set in uqmi, and can therefore be removed from no-error.

Signed-off-by: Jean Thomas <jean.thomas@wifirst.fr>
2024-04-28 23:51:19 +02:00
Jean Thomas
4d058d5e4d uqmi: update to git HEAD
e7207be uqmi: print radio interfaces in serving system command
6ef41d6 uqmi: create function to print radio interface string
e25d042 uqmi: Add basic 5G NR support
3e782be uqmi: sync data from libqmi project
368d46c uqmi: support C reserved keywords in upstream JSON files
02e42c0 reorganize source code in common and uqmi specific parts
4591f0a .gitignore build/ directories
2b57ee1 uqmi: commands-uim: fix uninitialized use of card_application_state
7c77e77 data/code-gen: add support for indications
ddbf864 qmi-struct.h: add missing includes
5320c1d move qmi_get_error_str to into utils.c
1503bc7 dev.c: add missing import strings.h
bae945f commands-nas: add missing includes
9ffd0e2 commands: make `struct blob_buf status` public
a4fbdcc commands-nas: fix gcc warning
8ff632a dev.c: add comment to qmi_request_wait()
a043a74 CMakeLists: refactor SOURCES variable to allow later adding uqmid
ebfe8b4 CMakeLists: set no-dangling-pointer
c47125d CMakeLists: improve generated files
0f64b69 CMakeLists: update cmake minimum version to 3.5

As the built uqmi binary is now moved to a dedicated directory,
update the Makefile accordingly.

Signed-off-by: Jean Thomas <jean.thomas@wifirst.fr>
2024-04-28 23:51:19 +02:00
Weijie Gao
f9e3fb59c7 libunwind: update to 1.8.1
Rebased patches:
- 003-fix-missing-ef_reg-defs-with-musl.patch
- 004-ppc-musl.patch

Signed-off-by: Weijie Gao <hackpascal@gmail.com>
2024-04-28 23:32:08 +02:00
Weijie Gao
8968675247 grub2: update to 2.12
compile tested: x86_64,i386,loongarch64

Signed-off-by: Weijie Gao <hackpascal@gmail.com>
{Refresh patches}
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-28 23:26:35 +02:00
Hauke Mehrtens
0e06642643 mbedtls: Update to version 3.6.0
This adds support for mbedtls 3.6.0.
The 3.6 version is the next LTS version of mbedtls.
This version supports TLS 1.3.

This switches to download using git. The codeload tar file misses some
git submodules.

Add some extra options added in mbedtls 3.6.0.

The size of the compressed ipkg increases:
230933 bin/packages/mips_24kc/base/libmbedtls13_2.28.7-r2_mips_24kc.ipk
300154 bin/packages/mips_24kc/base/libmbedtls14_3.6.0-r1_mips_24kc.ipk

The removed patch was integrated upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-28 21:42:37 +02:00
Hauke Mehrtens
00a1671248 hostapd: Fix compile against mbedtsl 3.6
Fix compile of the mbedtls extension for hostapd.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-28 21:42:18 +02:00
Hauke Mehrtens
6c80f34c07 uencrypt: Fix mbedtls 3.6 compatibility
This makes it compile with mbedtls 3.6.0.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-28 21:42:18 +02:00
Hauke Mehrtens
0fd9acb471 uencrypt: Fix compile warnings
keylen and ivlen are of type long and not size_t.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-28 21:42:18 +02:00
Josef Schlehofer
1b190dfd3a uboot-mvebu: backport patch for Turris Omnia to enable LTO
Fixes issue while building package uboot-mvebu on OpenWrt 23.05:

u-boot-with-spl.kwb exceeds file size limit:
  limit:  0xf0000 bytes
  actual: 0xf0100 bytes
  excess: 0x100 bytes
make[3]: *** [Makefile:1466: u-boot-with-spl.kwb] Error 1
make[3]: *** Deleting file 'u-boot-with-spl.kwb'
make[3]: Leaving directory '/workspaces/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/u-boot-omnia/u-boot-2024.04'
make[2]: *** [Makefile:83: /workspaces/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/u-boot-omnia/u-boot-2024.04/.built] Error 2

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15307
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-28 11:39:42 +02:00
Fabrice Fontaine
6e5edec159 package/network/utils/iptables: fix PKG_CPE_ID
cpe:/a:netfilter:iptables is the correct CPE ID for iptables:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3🅰️netfilter:iptables

Fixes: c61a239514 (add PKG_CPE_ID ids to package and tools)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15297
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-27 23:44:48 +02:00
Fabrice Fontaine
a4f723e04e package/libs/libjson-c: fix PKG_CPE_ID
cpe:/a:json-c:json-c is the correct CPE ID for libjson-c:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3🅰️json-c:json-c

Fixes: c61a239514 (add PKG_CPE_ID ids to package and tools)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15292
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-27 23:44:20 +02:00
Fabrice Fontaine
289f811abb package/network/services/dropbear: fix PKG_CPE_ID
cpe:/a:dropbear_ssh_project:dropbear_ssh is the correct CPE ID for dropbear:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3🅰️dropbear_ssh_project:dropbear_ssh

Fixes: c61a239514 (add PKG_CPE_ID ids to package and tools)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15290
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-27 23:43:58 +02:00
Robert Marko
cf3520ba66 ipq-wifi: correct PKG_MIRROR_HASH
It seems that somehow a wrong hash has been used for ipq-wifi, so refresh
it.

Fixes: f10d55df9e ("ipq-wifi: update to Git HEAD (2024-04-26)")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-27 23:29:48 +02:00
Felix Fietkau
2d6fd937c3 netifd: packet_steering: fix shell error on unset steering_flows option
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-27 20:59:52 +02:00
Felix Fietkau
994f71e0f0 netifd: fix bogus warnings in packet_steering init script
Avoids warnings if options are unset

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-27 20:57:19 +02:00
Robert Marko
0fc87ddf44
ubox: update to Git HEAD (2024-04-26)
85f1053019ca kmodloader: fix insmod path logic

Signed-off-by: Robert Marko <robimarko@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15288
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-27 13:34:13 +02:00
Paul Donald
708101c141 lldpd: fix reload bug: advertisements shall default to on
Because these capability advertisements default to on in lldpd, they
became absent at reload, and not restart, due to how the reload logic
works ( keep daemon running, send unconfigured and then the new config
via socket ), and it was not evident unless you happened to be looking
for it (e.g. via pcap or tcpdump). It was also not evident from the
manpage ( have now sent patches upstream ).

At reload time, the unconfigure logic disabled them unless they were
explicitly enabled (compare with other settings where 'unconfigure' just
resets them). Now they default to on/enabled at init time, and are
explicitly 'unconfigure'd at startup if the user disables them via:

lldp_mgmt_addr_advertisements=0
lldp_capability_advertisements=0

In other words: explicit is necessary to disable the advertisements.

The same applies to 'configure system capabilities enabled'. Technically
'unconfigure'd is the default but now it is explicit at reload.

Tested on: 23.05.3

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2024-04-27 12:11:27 +02:00
Fabrice Fontaine
27d1ebb46a package/libs/pcre2: fix PKG_CPE_ID
cpe:/a:pcre:pcre2 is the correct CPE ID for pcre2:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3🅰️pcre:pcre2

Fixes: c39b0646f3 (pcre2: import pcre2 from packages feed)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2024-04-27 12:05:43 +02:00
Paul Donald
01cdeb531b ustp: update to Git HEAD (2023-05-29)
a85a5bc83bde netif_utils: correctly close fd on read error

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2024-04-27 11:40:04 +02:00
Stijn Tintel
f434643857 perf: fix build on PowerPC
Building perf's intel-pt-decoder fails on both PPC32 and PPC64:

/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-13.2.0_musl/lib/gcc/powerpc64-openwrt-linux-musl/13.2.0/../../../../powerpc64-openwrt-linux-musl/bin/ld.bfd:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-powerpc64_e5500_musl/linux-qoriq_generic/linux-6.1.86/tools/
perf-target-powerpc64_e5500_musl/perf-in.o: in function `insn_set_byte':
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-powerpc64_e5500_musl/linux-qoriq_generic/linux-6.1.86/tools/perf/util/intel-pt-decoder/../../../arch/x86/include/asm/insn.h:64:
undefined reference to `__le32_to_cpu'

Add NO_AUXTRACE=1 to MAKE_FLAGS for LINUX_KARCH powerpc, which disables
build of intel-pt-decoder on both PPC32 and PPC64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2024-04-26 15:19:48 +03:00
Christian Marangi
f10d55df9e
ipq-wifi: update to Git HEAD (2024-04-26)
fab9e29f6b92 ipq6018: update regdb in TPLink EAP610-Outdoor BDF
6d02b65fadf3 ipq8074: update RegDB in new submitted BDF
644ba9ea2e66 ipq6018: update RegDB in new submitted BDF

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-26 13:28:09 +02:00
Felix Fietkau
7ebcf2fb9c netifd: add flow steering mode to the packet steering script
This allows directing processing of locally received packets to the CPUs
of the tasks receiving them

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-26 06:31:27 +02:00
Felix Fietkau
c4d394c6cc netifd: add a packet steering mode matching the old script
This spreads packet processing across all cores

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-26 06:31:27 +02:00
Tony Ambardar
098bde1f3e gettext-full: update to 0.22.5
Release Announcement:
https://savannah.gnu.org/news/?group_id=425

Refresh:
- 200-libunistring-missing-link.patch

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Tim Lunn
99eb0d0e33 uboot-envtools: add env settings for Edgerouter-X
uboot-envtools is currently missing config for Edgerouter-X
and its not immediately obvious what settings to manually
apply.

Provide default configuration for envtools on Edgerouter-X.

Signed-off-by: Tim Lunn <tim@feathertop.org>
2024-04-25 21:33:16 +02:00
Linus Walleij
9c8f2d7c2d modules: Add kernel module for MV88E6xxx DSA switch
This adds a kernel module package for the Marvell
MV88E6XXX DSA switch and a separate module package for
the DSA tagger since it can in theory be used by multiple
DSA switches. Enable both DSA and EDSA tags in the
tagger.

We can't just compile this in because just a few devices
has this DSA, and it depends on e.g. the I2C and SFP
to be loaded as modules first.

We have no examples of DSA switches being packaged as
modules before, all seem to be compiled in, but it
actually works just fine to do this.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2024-04-24 23:15:58 +02:00
Hauke Mehrtens
f475a44c03 wolfssl: Update to 5.7.0
This fixes multiple security problems:
 * [High] CVE-2024-0901 Potential denial of service and out of bounds
   read. Affects TLS 1.3 on the server side when accepting a connection
   from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
   it is recommended to update the version of wolfSSL used.

 * [Med] CVE-2024-1545 Fault Injection vulnerability in
   RsaPrivateDecryption function that potentially allows an attacker
   that has access to the same system with a victims process to perform
   a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
   Zhang, Qingni Shen for the report (Peking University, The University
   of Western Australia)."

 * [Med] Fault injection attack with EdDSA signature operations. This
   affects ed25519 sign operations where the system could be susceptible
   to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
   Qingni Shen for the report (Peking University, The University of
   Western Australia).

Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-24 23:01:03 +02:00
Hauke Mehrtens
360ac07eb9 mbedtls: Update to 2.28.8
This contains a fix for:
CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
API mishandles shared memory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-24 22:24:11 +02:00
Nick Hainke
6ca8305598 oxnas: drop target
The Upstream Linux community has discontinued support for the target.
Maintaining support for it downstream would require too much effort.
Moreover, it seems that the supported hardware is no longer deemed worthy
of it.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-04-24 14:12:15 +02:00
Paweł Owoc
652a6677d5 base-files: Add new functions for ath11k caldata
Add new functions for ath11k caldata:
- ath11k_patch_mac (from 0 to 5)
- ath11k_remove_regdomain
- ath11k_set_macflag (some pre-caldata have the nvMacFlag flag unset which is needed to change the MAC address)

Additionaly for ath10k caldata:
- ath10k_remove_regdomain

Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
2024-04-23 22:35:57 +02:00
Stefan Kalscheuer
63dd3f74ac mwlwifi: update to version 10.4.10-20240419
This update contains a minor fix to resolve "detected write beyond size
of field" warning during compilation:
* "replace [0] with []" (1d0d08c)

All patches still apply.

References:
* https://github.com/openwrt/openwrt/issues/15108

Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
2024-04-23 22:33:56 +02:00
Connor Yoon
3569b37b15 ipq807x: add Spectrum SAX1V1K
Spectrum SAX1V1K is a AX WIFI router with 3 1G and 1 2.5G ports.
The router is provided to Spectrum customers.
It is OEM of Askey RT5010W
https://forum.openwrt.org/t/spectrum-sax1v1k-askey-rt5010w-openwrt-support/149923

It continues the original work by @MeisterLone to get this device supported.

Specifications:
```
  •  CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
  •  RAM: 2048MB of DDR3
  •  Storage: 1024MB eMMC
  •  Ethernet: 3x 1G RJ45 ports (QCA8075) + 1 2.5G Port (QCA8081)
  •  WLAN:
     • 2.4GHz: Qualcomm QCN5024 4x4 802.11b/g/n/ax 1174 Mbps PHY rate
     • 5GHz: Qualcomm QCN5054 4x4 802.11a/b/g/n/ac/ax 2402 PHY rate

  •  LED: 1 gpio-controlled dual color led (blue/red)
  •  Buttons: 1x reset
  •  Power: 12V DC jack
```

Notes:
```
  •  This commit adds only single partition support, that means
     sysupgrade is upgrading the current rootfs partition.
  •  Installation can be done by serial connection only.
  •  A poulated serial header is onboard
     https://forum.openwrt.org/t/spectrum-sax1v1k-askey-rt5010w-openwrt-support/149923/6
  •  RX/TX is working, u-boot bootwait is active, secure boot is enabled.
```

Installation Instructions:

	**Most part of the installation is performed from an initramfs image.**

	Boot initramfs : Using serial connection
	1. Boot up the device and wait till it displays "VERIFY_IB: Success. verify IB ok"
	2. Once that message appears,
	    login with username 'root'
	    password serial number of your router in uppercase.
	3. Use vi to paste the 'open.sh' script from @MeisterLone github on your device
	    https://github.com/MeisterLone/Askey-RT5010W-D187-REV6/blob/master/Patch/open.sh
	4. chmod 755 open.sh
	5. ./open.sh
	6. Set your ip to 192.168.0.1
	7. Run a TFTP server and host the initramfs image on the TFTP server and name it "recovery.img"
	8. Reboot device. On boot it will try TFTP.

	Install OpenWrt from initramfs image:
	1. Use SCP (or other way) to transfer OpenWrt factory image
	2. Connect to device using SSH (on a LAN port)
	3. Flash firmware: sysupgrade
	   # sysupgrade -n -v /tmp/openwrt_sysupgrade.bin
	4. Set U-boot env variable: bootcmd
	   # fw_setenv bootcmd "run fix_uboot; run setup_and_boot"
	5. Reboot the device
	   # reboot
	6. Once device is booted, residue of previous firmware will prevent openwrt to work properly.
	    Factory Reset is MUST required
	    # Once serial console is displaying to login, hold reset button for 10 sec
	7. Now everything should be operational.

        Note: this PR adds only single partition support, that means sysupgrade is
              upgrading the current rootfs partition

Signed-off-by: Connor Yoon <j_connor@taliaent.com>
2024-04-23 21:48:34 +02:00
Tony Ambardar
c6e6d26f4b ubox: update to Git HEAD (2024-03-02)
d413903016c4 kmodloader: support duplicate module names and aliases
1c9aaefc119a kmodloader: fix memleak adding to avl tree
4c5c45c6beac kmodloader: fix invalid write during insmod, CodeQL warnings
6a59975afc2c kmodloader: improve memory accounting and deallocation

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-23 20:58:18 +02:00
Felix Fietkau
786e3dec01 bridger: update to Git HEAD (2024-04-22)
ec8c620fd5f4 split bridge-local disable into rx and tx
40b1c5b6be4e flow: do not attempt to offload bridge-local flows

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-22 11:02:52 +02:00
Chen Minqiang
3416144418 ppp: add sourcefilter option support
This make source based IPv6 routing option available for
ppp/pptp/pppoe/pppoa

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2024-04-22 15:11:44 +08:00
Paul Donald
4a81d868db
lldpd: extended interface(s) parsing to handle patterns
For interface type parameters, the man page documents patterns:
```
*,!eth*,!!eth1

uses all interfaces, except interfaces starting with "eth",
but including "eth1".
```

* Renamed `_ifname` to `_l2dev`.
* get the l2dev via network_get_physdev (and not l3dev)
* Glob pattern `*` is also valid - use noglob for this

The net result is that now interface 'names' including globs '*' and '!'
inversions are included in the generated lldpd configs.

Temporarily `set -o noglob` and then `set +o noglob` to disable & enable
globbing respectively, because when we pass `*` as an interface choice,
other file and pathnames get sucked in from where the init script runs,
and the `*` never makes it to lldpd.

Tested extensively on: 22.03.6, 23.05.3

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
[ squash with commit bumping release version ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-21 17:57:03 +02:00
Felix Fietkau
ea609fe486 uclient: update to Git HEAD (2024-04-19)
e8780fa7792a uclient: fix http regression

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-19 20:06:47 +02:00
Felix Fietkau
a339894691 uclient: update to Git HEAD (2024-04-19)
704c78111a92 uclient-http: use ustream_ssl without ustream_fd

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-19 18:00:23 +02:00
Felix Fietkau
7334337064 ustream-ssl: update to Git HEAD (2024-04-19)
524a76e5af78 ustream-ssl: add support for using a fd instead of ustream as backing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-19 18:00:23 +02:00
Robert Marko
040af127e7
uboot-mvebu: update to version 2024.04
Lets update to 2024.04 in order to drop all of the patches as they have
been merged upstream.

Tested on Methode eDPU.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2024-04-19 10:50:55 +02:00
Felix Fietkau
66019e456f uclient: update to Git HEAD (2024-04-18)
c2bf660d88ec lib: add log_msg callback to get more detailed log messages
9adb4ca5219d uclient-fetch: add uclient / ustream-ssl log messages (enabled via -v)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-18 22:27:51 +02:00
Felix Fietkau
8992767956 ustream-ssl: update to Git HEAD (2024-04-18)
f9a28a9ce864 ustream-ssl: poll connection on incomplete reads
3c49e70c4622 ustream-ssl: increase number of read buffers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-18 22:27:50 +02:00
Felix Fietkau
e4453d1f81 ustream-ssl: update to Git HEAD (2024-04-18)
60d8fbb5e669 mbedtls: handle session tickets for TLS 1.3
ac42af7981ae mbedtls: add ifdefs to fix legacy compatibility
af7c3532ad49 mbedtls: another cosmetic ifdef fix

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-18 13:18:48 +02:00
Paul Donald
27edf28b11
base-files: reduce IPv6 ULA prefix generation to a single call
Reduce calls and pipes and read from urandom once directly with hexdump
for the necessary 5 bytes of random data to build the 48 bit ULA Prefix.

Fewer calls and forks; finish quicker; less memory used.

Tested on: 23.05.3

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2024-04-18 12:55:31 +02:00
Robert Marko
b0422af1b3
mac80211: ath11k: re-enable ipq807x coldboot calibration
It seems that move to kernel 6.6 somehow fixed the remoteproc restart so
now it properly restarts and thus coldboot calibration works as well.

ipq60xx still seems to be broken in a different way so keep it disabled.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-18 11:55:36 +02:00
Christian Marangi
918e2fca1e
qca-nss-dp: add patch fixing rmmod and insmod
Add patch fixing rmmod and insmod. Lots of flawed logic fixed that
permits the module to correctly rmmod and insmod later.

Just to quote some change, use phy_detach instead of phy_disconnect, fix
exclusive reset_control that could only be used once, fix kernel panic
on second edma_cleanup, stop traffic before module exit...

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-18 11:54:21 +02:00
Chukun Pan
9cef2bc224 ipq807x: add support for Zbtlink ZBT-Z800AX
Hardware specifications:
  SoC: Qualcomm IPQ8072A
  RAM: 1GB of DDR4 600MHz
  Flash1: Winbond W25Q64DW 8MB
  Flash2: MX30UF2G28AD 256MB
  WiFi1: QCN5024 2.4GHz AX 4x4
  WiFi2: QCN5054 5GHz AX 4x4
  Ethernet: 5x 1G RJ45 port
  USB: 2x USB 3.0 (1x M.2)
  Button: Reset, WPS

Flash instructions:
  Upload factory.bin in stock firmware's
  upgrade page, do not preserve settings.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2024-04-17 12:08:56 +02:00
Chukun Pan
74eb718871 ipq-wifi: update to version 2024-04-16
Contains following updates:

 * ipq8074: add Spectrum SAX1V1K BDF
 * ipq8074: add Zbtlink ZBT-Z800AX BDF
 * ipq8074: update regdb in Spectrum SAX1V1K BDF
 * ipq6018: add Linksys MR7350 BDF

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2024-04-17 12:08:56 +02:00
Chen Minqiang
44a3c18a31 qmi: add sourcefilter option support
This make source based IPv6 routing option available for qmi

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2024-04-17 12:34:27 +08:00
Chen Minqiang
044fb8fc13 mbim: add sourcefilter option support
This make source based IPv6 routing option available for mbim

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2024-04-17 12:34:27 +08:00
Chen Minqiang
01e8d822e8 ncm: add sourcefilter option support
This make source based IPv6 routing option available for ncm

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2024-04-17 12:34:27 +08:00
Chuanhong Guo
9f6a28b91e ipset: update to 7.21
release notes:
7.21: https://www.spinics.net/lists/netfilter-devel/msg85299.html
7.20: https://www.spinics.net/lists/netfilter-devel/msg85120.html
7.19: https://www.spinics.net/lists/netfilter-devel/msg82985.html

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2024-04-17 12:14:20 +08:00
Chuanhong Guo
c7fb5d4cac ipset: include libgen.h for basename
musl dropped the GNU version of basename prototype from string.h
in 1.2.5.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2024-04-17 12:14:20 +08:00
Felix Fietkau
d4742de1d7 Revert "elfutils: fix a missing typedef in the last update"
This reverts commit a9e22ffa50.
After doing a clean rebuild, it turns out that this change is not necessary

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 22:05:24 +02:00
Felix Fietkau
123282d9f9 netifd: add missing error checks to packet steering script
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 13:46:05 +02:00
Felix Fietkau
a9e22ffa50 elfutils: fix a missing typedef in the last update
Fixes perf

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 13:46:05 +02:00
Felix Fietkau
93d75f8401 bridger: update to Git HEAD (2024-04-15)
3159bbe0a2eb improve isolation when selecting a fixed output port
c77a7a1ff74d nl: fix getting flow offload stats
a08e51e679dd add support for disabling bridge-local flows via config

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 11:29:24 +02:00
Tianling Shen
a65fceb078 uboot-rockchip: Update to 2024.04
Removed upstreamed patch.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-04-14 18:29:44 +02:00
Tianling Shen
d2d064e06e rkbin: bump to latest git HEAD
Fixed bugs for memory initialization/training,
improved memory compatibility/stability.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-04-14 18:29:44 +02:00
Tony Ambardar
e609b7486f elfutils: update to 1.91
Release Notes:
https://sourceware.org/pipermail/elfutils-devel/2024q1/006876.html

Refresh patch:
- 005-build_only_libs.patch

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-14 17:38:09 +02:00
Felix Fietkau
a205a5734e netifd: rewrite packet steering script
The new script uses a different strategy compared to the previous one.
Instead of trying to split flows by hash and spread them to all CPUs,
use RPS to redirect packets to a single core only.
Try to spread NAPI thread and RPS target CPUs across available CPUs
and try to ensure that the NAPI thread is on a different CPU than the
RPS target. This significantly reduces cycles wasted on the scheduler.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-14 16:24:37 +02:00
Robert Marko
5fe0d296c1 mac80211: ath11k: support DT property to limit channels
Limiting allowed channels per device may be required and is commonly
supported on other drivers, so include a pending patch to add support for
the same.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-13 20:05:01 +02:00
Felix Fietkau
ab9a29a320 mac80211: improve mesh fast tx patch
Change hash key struct size for faster lookup.
Fix clearing cache entries for forwarding

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-13 16:33:45 +02:00
Felix Fietkau
1ee5b7e506 hostapd: fix a crash corner case
On some setup failures, iface->bss can be NULL

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-13 16:33:45 +02:00
Tianling Shen
0db68a789f uboot-d1: define default BUILD_SUBTARGET
As commit 3ce1e4c3d3 ("d1: define subtarget specifically") added the
'generic' subtarget, without 'BUILD_SUBTARGET' the correspond U-Boot
package will be no longer selected automatically.

Fixes: 3ce1e4c3d3 ("d1: define subtarget specifically")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-04-13 13:41:41 +02:00
Tony Ambardar
4d8a9a954a bpftool: Update to v7.4.0
Update to the latest upstream release to include recent improvements and
bugfixes. Update copyright, fix typo in PKG_NAME, and remove unneeded use
of MAKE_VARS definition in Makefile. Drop 001-cflags.patch and simplify
002-includes.patch after refreshing. Also simplify LTO/DCE build flags.

Link: https://github.com/libbpf/bpftool/releases/tag/v7.4.0
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-13 11:20:41 +02:00
Tony Ambardar
5b07c37dfa libbpf: Update to v1.4.0
Update to the latest upstream release to include recent improvements and
bugfixes, and update copyright. Remove MAKE_VARS usage in Makefile and drop
001-cflags.patch which are no longer needed. Also add flags to disable LTO,
mistakenly dropped earlier.

Link: https://github.com/libbpf/libbpf/releases/tag/v1.4.0
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-13 11:20:41 +02:00
Paul Donald
50021d3222
lldpd: make management address advertisement controllable
Defaults to off.

Available from >= 0.7.15

These are sent in TLV

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2024-04-12 13:45:48 +02:00
Paul Donald
4d8f56bd59
lldpd: make capabilities advertisement controllable
Defaults to off.

Only available from >= 1.0.15

These capabilities are sent in TLV.

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2024-04-12 13:45:48 +02:00
Paul Donald
b476917502
lldpd: note about capabilities
only available from >= 1.0.15

Comments are useful. Apparently this config parameter was committed when
openwrt used an older version of lldpd which did not yet support it.

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2024-04-12 13:20:40 +02:00
Paul Donald
8cf1dce428
lldpd: fix restart
Redirection broke in 5364fe0f01 ("lldpd: shellcheck fixes")

redirects to /dev/null shall be handled correctly (i.e. last).

This fixes these errors on `/etc/init.d/lldpd reload`:

2024-03-16T20:39:00 [WARN/lldpctl] unknown command from argument 1: `/dev/null`
2024-03-16T20:39:00 [WARN/lldpctl] unknown command from argument 1: `/dev/null`
2024-03-16T20:39:00 [WARN/lldpctl] unknown command from argument 1: `/dev/null`
2024-03-16T20:39:00 [WARN/lldpctl] unknown command from argument 1: `/dev/null`

Tested-on: 22.03.6
Fixes: 5364fe0f01 ("lldpd: shellcheck fixes")
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
[ improve commit description, add fixes tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-12 13:20:06 +02:00
Daniel Golle
07918e6612 package: kernel: leds-gca230718: fix build with Linux 6.6
Starting with Linux 6.3 the .probe call no longer got the id parameter,
see also commit torvalds/linux@03c835f498
("i2c: Switch .probe() to not take an id parameter").

As the parameter is anyway unused by the driver, drop it when
building the GCA230718 LED driver for newer kernels.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-04-12 02:07:30 +01:00
Robert Marko
923d7c5531
mediatek: filogic: add support for Edgecore EAP111
HW specifications:
* Mediatek MT7981A
* 256MB SPI-NAND
* 512MB DRAM
* Uplink: 1 x 10/100/1000Base-T Ethernet, Auto MDIX, RJ-45 with 802.3at
PoE (Built-in GBe PHY)
* LAN: 1 x 10/100/1000Base-T Ethernet, Auto MDIX, RJ-45 (Airoha EN8801SC)
* 1 Tricolor LED
* Reset button
* 12V/2.0A DC input

Installation:
Board comes with OpenWifi/TIP which is OpenWrt based, so sysupgrade can
be used directly over SSH.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2024-04-11 13:25:11 +02:00
Oleg S
d668c74fe6 kernel: add kmod-hwmon-emc2305 support
This module supports the Microchip Technology Inc (SMSC)
EMC2301/EMC2302/EMC2303/EMC2305 fan speed PWM controller chips.

Signed-off-by: Oleg S <remittor@gmail.com>
2024-04-10 10:50:17 +02:00
Felix Fietkau
08639a5e47 ucode: update to Git HEAD (2024-04-07)
1220992631d5 ubus: automatically clear error information
d6fd94014eea uci: automatically clear error information
99837f280b61 uloop: automatically clear error information
be767ae197ba vm: rework `in` operator semantics
4ade84e8fb81 ubus: add explicit support for deferring incoming requests

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-09 21:33:02 +02:00
Paul Spooren
d997477775 treewide: remove implicit SUBTARGET
Historically it's possible to leave the `SUBTARGETS` undefined and
automatically fallback to a "generic" subtarget. This however breaks
various downstream scripts which may have expectations around filenames:

While some targets with an explicit generic subtarget contain `generic`
in the filenames of artifacts, implicit "subtargets" don't.

Right now this breaks the CI[1], possibly also scripts using the ImageBuilders.

This commit removes all code that support implicit handling of
subtargets and instead requires every target to define "SUBTARGETS".

[1]: https://github.com/openwrt/openwrt/actions/runs/8592821105/job/23548273630

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-04-08 21:53:05 +02:00
Felix Fietkau
5e0587b8d1 uclient: update to Git HEAD (2024-04-05)
e209a4ced1d8 add strdupa macro for compatibility
af1962b9a609 uclient: add helper function for getting ustream-ssl context/ops
488f1d52cfd2 http: add helper function for checking redirect status
b6e5548a3ecc uclient: defer read notifications to uloop timer
352fb3eeb408 http: call ustream_poll if not enough read data is available
e611e6d0ff0b add ucode binding
ddb18d265757 uclient: add function for getting the amount of pending read/write data
980220ad1762 ucode: fix a few ucode binding issues
6c16331e4bf5 ucode: add support for using a prototype for cb, pass it to callbacks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-07 23:29:59 +02:00
Rodrigo Balerdi
8cf4ac5195 base-files: minor fix to mmc_get_mac_ascii function
This is mostly a cosmetic cleanup. The absence of
the return statement was not causing any problems.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2024-04-07 20:06:11 +01:00
Felix Fietkau
507b0286d9 ustream-ssl: update to Git HEAD (2024-04-07)
7621339d7694 mbedtls: fix build on non-linux systems
268050964b08 ustream-mbedtls: add missing psa_crypto_init call
956fba242ac0 add callbacks for debug messages
9fdf3fb87af5 mbedtls: add TLS 1.3 ciphers
28c4c1e6471b mbedtls: disable TLS 1.3 in client mode when skipping verification
d61493a44204 mbedtls: add missing ifdef for build with disabled debug

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-07 20:01:09 +02:00
Robert Marko
57c9cb421e at91bootstrap: update PKG_MIRROR_HASH to zstd for v3 at91bootstrap
So, when updating the hash for at91bootstrap it was done via CHECK_ALL=1
so that updated the PKG_MIRROR_HASH for the main v4 version hash, but
at91bootstrap checkout version depends on the subtarget as well.

Choosing to build for sam9x will change the at91bootstrap version to v3
and this hash was not refreshed thus causing the CI to fail.

Fixes: 6918c637b7 ("treewide: package: update missed hashes after switch to ZSTD")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-07 17:10:30 +02:00
Robert Marko
6918c637b7 treewide: package: update missed hashes after switch to ZSTD
With the switch to ZSTD for git clone packaging, hashes have changed so
fixup remaining package hashes that were missed in the inital update.

Fixes: b3c1c57 ("treewide: update PKG_MIRROR_HASH to zst")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-07 14:56:04 +02:00
Robert Marko
1ea6ddacc2 nu801: update PKG_MIRROR_HASH to zst
When using zst instead of xz, the hash changes.
This was missed in the initial treewide updated.

Fixes: b3c1c57a35 ("treewide: update PKG_MIRROR_HASH to zst")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-07 11:49:53 +02:00
Alexandru Gagniuc
cee9fcdb73 wifi-scripts: fix creation of IBSS in legacy (non-HT) mode
When an IBBS interface is configured for IBSS legacy mode, wdev.htmode
is empty. This is empty string results in an empty positional argument
to the "ibbs join" command, for example:

    iw dev phy0-ibss0 ibss join crymesh 2412 '' fixed-freq beacon-interval 100

This empty argument is interpreted as an invalid HT mode by 'iw',
causing the entire command to fail and print a "usage" message:

    daemon.notice netifd: radio0 (4527): Usage:    iw [options] \
        dev <devname> ibss join <SSID> <freq in MHz> ...

Although nobody will ever need more than 640K of IBSS, explicitly use
"NOHT" if an HT mode is not given. This fixes the problem.

Fixes: e56c5f7b27 ("hostapd: add ucode support, use ucode for the main ubus object")
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [extend to cover more cases]
2024-04-07 11:12:43 +02:00
Paul Spooren
b3c1c57a35 treewide: update PKG_MIRROR_HASH to zst
When using zst instead of xz, the hash changes. This commit fixes the
hash for packages and tools in core.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-04-06 11:24:18 +02:00
Yanase Yuki
63dd14b906 gettext-full: link libiconv when building host pkg
On Fedora 40 system, some compile error happens when
building iconv-ostream.c. Linking to libiconv-full
fixes this.

Signed-off-by: Yanase Yuki <dev@zpc.st>
2024-04-05 15:08:38 +02:00
Felix Fietkau
27a2b54cba hostapd: fix Config.in dependencies
hostapd packages were accidentally left out. Clean up this mess by
changing the dependencies to hostapd-common

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-05 14:55:59 +02:00
Christian Lamparter
82c8c38a5c apm821xx: prepare WNDR4700 for 6.6 - add preliminary u-boot-env access
With the default BUILD_BOT configuration on a linux 6.6 kernel,
the WNDR4700's kernel no longer fits into the alloted ~3.5MiB,
even with LZMA compression.

Bigger kernels are possible, but there's a problem with Netgear's
"bootcmd":

> if loadn_dniimg 0 0x180000 0x4e0000 && chk_dniimg 0x4e0000; then nand read 0x800000 0x180000 0x20000;bootm 0x500000 - 0x800040;else fw_recovery; fi"

This loads the dni-image starting offset 0x180000 from the NAND
flash (which is the DTB partition) to 0x4e0000 in the RAM. It then
checks whenever the provided image is "valid". If it is then it
reads the DTB again to 0x800000 in the RAM and starts the extraction
and boot process. (If the image wasn't valid then it starts the
automated firmware recovery).

The issues here are that first: the kernel image gets "squeezed"
between 0x500040 and 0x7fffff... And second, the decompressor
only has area 0x0 - 0x500000 for decompression.

Hence the image now requires to update the bootcmd by providing
new values (which have been successfully tested with the original
Netgear WNDR4700 v1.0.0.56 firmware) for the RAM locations and
make full use of the fact that loadn_dniimg loads the DTB as well.

This needs to be done only once. Just connect a serial adapter to
interface with uboot and overwrite (and save) the new bootcmd.

WARNING: The serial port needs a TTL/RS-232 3.3v level converter!

Steps:
 0. Power-off the WNDR4700
 1. Connect the serial interface (you need to open the WNDR4700)
 2. Power-up the WNDR4700
 3. Monitor the boot-sequence and hit "Enter"-key when it says:

  "Hit any key to stop autoboot" (Be quick, you have a ~2 second window)

 4. in the Prompt enter the following commands (copy & paste)

 setenv bootcmd "if loadn_dniimg 0 0x180000 0xce0000 && chk_dniimg 0xce0000; then bootm 0xd00000 - 0xce0040;else fw_recovery; fi"
 saveenv
 run bootcmd

Note: This new bootcmd will also unbrick devices that were bricked
by the bigger 4.19-6.1 kernels.

Note2: This method was tested with a WNDR4700. A big kernel with most
debug features enabled on v6.6.22 measured 4.30 MiB when compressed
with lzma. The uncompressed kernel is 12.34 MiB. This is over the 3 MiB,
the device reserves for the kernel... But it booted! For bigger kernels,
the device needs repartitioning of the the ubi partition due to the
kernel+dtb not fitting into the partition.

Note3: For initramfs development. I would advice to load the initramfs
images to 0x800000 (or higher). i.e.: tftp 800000 wndr4700.bin

Note4: the fw_recovery uboot command to transfer the factory image to
the flash still works.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2024-04-05 09:26:26 +02:00
Paul Spooren
b906a9c78e libubox: fix PKG_MIRROR_HASH of 2024-03-29
The PKG_MIRROR_HASH was wrong (again), likely due to an old set of tools
which did not contain the downgrade of xz.

Ref 2070049 unetd: fix PKG_MIRROR_HASH
Fix 89c594e libubox: update to Git HEAD (2024-03-29)"

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-04-04 22:39:27 +02:00
Daniel Golle
000d25c312 kernel: ltq-vmmc: fix compilation warning/error
Fix compilation warning enum-int-mismatch which results in failure to
build kmod-ltq-vmmc in case CONFIG_KERNEL_WERROR is set.
.../build_dir/target-mips_24kc_musl/linux-lantiq_xrx200/drv_vmmc-1.9.0/src/mps/drv_mps_vmmc_common.c:392:14: error: conflicting types for 'ifx_mps_fastbuf_init' due to enum/integer mismatch; have 'IFX_return_t(void)' [-Werror=enum-int-mismatch]
  392 | IFX_return_t ifx_mps_fastbuf_init (IFX_void_t)
      |              ^~~~~~~~~~~~~~~~~~~~
.../build_dir/target-mips_24kc_musl/linux-lantiq_xrx200/drv_vmmc-1.9.0/src/mps/drv_mps_vmmc_common.c:120:13: note: previous declaration of 'ifx_mps_fastbuf_init' with type 'IFX_int32_t(void)' {aka 'int(void)'}
  120 | IFX_int32_t ifx_mps_fastbuf_init (IFX_void_t);
      |             ^~~~~~~~~~~~~~~~~~~~
.../build_dir/target-mips_24kc_musl/linux-lantiq_xrx200/drv_vmmc-1.9.0/src/mps/drv_mps_vmmc_common.c:420:14: error: conflicting types for 'ifx_mps_fastbuf_close' due to enum/integer mismatch; have 'IFX_return_t(void)' [-Werror=enum-int-mismatch]
  420 | IFX_return_t ifx_mps_fastbuf_close (IFX_void_t)
      |              ^~~~~~~~~~~~~~~~~~~~~
.../build_dir/target-mips_24kc_musl/linux-lantiq_xrx200/drv_vmmc-1.9.0/src/mps/drv_mps_vmmc_common.c:121:13: note: previous declaration of 'ifx_mps_fastbuf_close' with type 'IFX_int32_t(void)' {aka 'int(void)'}
  121 | IFX_int32_t ifx_mps_fastbuf_close (IFX_void_t);
      |             ^~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

Refresh patches and bump PKG_RELEASE while at it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-04-04 15:12:45 +01:00
Felix Fietkau
4ef13c4a49 libxml2: add host build dependency on libiconv-full
Fixes build on macOS

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-04 13:45:46 +02:00
Felix Fietkau
5aab43f933 hostapd: slightly clean up patches
- move build/ifdef related changes together to the 200 patch range
- reduce adding/removing include statements across patches
- move patches away from the 99x patch range to simplify maintenance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-04 13:38:18 +02:00
Felix Fietkau
7b9996d107 hostapd: replace "argument list too long" fix with a simpler version
Less convoluted and more robust

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-04 13:38:18 +02:00
Felix Fietkau
6e391325af hostapd: remove workaround for broken WPA IEs in ancient devices
Affected devices were already quite old when this patch was added.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-04 13:38:18 +02:00
Eneas U de Queiroz
92379080ea hostapd: adjust patches to work with git am
This adds From:, Date: and Subject: to patches, allowing one to run 'git
am' to import the patches to a hostapd git repository.

From: and Date: fields were taken from the OpenWrt commit where the
patches were first introduced.

Most of the Subject: also followed suit, except for:
 - 300-noscan.patch: Took the description from the LuCI web interface
 - 350-nl80211_del_beacon_bss.patch: Used the file name

The order of the files in the patch was changed to match what git
format-patch does.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2024-04-04 12:12:43 +02:00
Eneas U de Queiroz
3f5a9e80da hostapd: remove unused fix
Patch 050-build_fix.patch fixes the abscence of sha384-kdf.o from the
list of needed objetct files when FILS is selected without any other
option that will select the .o file.

While it is a bug waiting to be fixes upstream, it is not needed for
OpenWrt use case, because OWE already selects sha384-kdf.o, and FILS is
selected along with OWE.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2024-04-04 12:12:43 +02:00
Eneas U de Queiroz
24d0e74627 hostapd: bump to 2024-03-09
This brings many changes, including fixes for a couple of memory leaks,
and improved interoperability with 802.11r.  There are also many changes
related to 802.11be, which is not enabled at this time.

Fixed upstream:
 - 022-hostapd-fix-use-of-uninitialized-stack-variables.patch
 - 180-driver_nl80211-fix-setting-QoS-map-on-secondary-BSSs.patch
 - 993-2023-10-28-ACS-Fix-typo-in-bw_40-frequency-array.patch

Switch PKG_SOURCE_URL to https, since http is not currently working.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Ilya Katsnelson <me@0upti.me>
Tested by: Andrew Sim <andrewsimz@gmail.com>
2024-04-04 12:12:43 +02:00
Felix Fietkau
89c594e8b2 libubox: update to Git HEAD (2024-03-29)
a2fce001819e CI: add build test run
12bda4bdb197 CI: add CodeQL workflow tests
eb9bcb64185a ustream: prevent recursive calls to the read callback

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-04 11:15:03 +02:00
Robert Marko
b01d9bcc9d ipq-wifi: fixup hash
It seems that somehow a wrong hash has slipped past PR CI again.

Fixes: 9ef4f7f919 ("qualcommax: ipq60xx: add yuncore fap650 support")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-04 10:00:57 +02:00
Isaev Ruslan
9ef4f7f919 qualcommax: ipq60xx: add yuncore fap650 support
This commit adds support for the Yuncore FAP650 device.

Specifications:
- Qualcomm IPQ6018+QCA8075+QCN5022+QCN5052
- 512 MB of RAM (DDR3)
- 8 MB of serial flash (SPI NOR)
- 128 MB of parallel flash (NAND)
- 2x2 2.4 GHz WiFi (IPQ6010)
- 2x2 5 GHz WiFi (IPQ6010)
- 2x 2dBi 2.4G MIMO antenna
- 2x 3dBi 5.8G MIMO antenna
- 5x 1 Gbps Ethernet (QCA8075)
- POE: 48V (IEEE 802.3af)
- power: 12V (~1.5A)
- 1x passthru port (rj45 - rj45)
- 1x cisco rj45 console port
- size: 160mm*86mm*29mm

BACKUP YOUR STOCK FIRMWARE:
```
export device=fap650
mkdir -p /tmp/fw_dump_$device
cd /tmp/fw_dump_$device
dmesg > dmesg_$device.log
dtc -I fs /sys/firmware/devicetree/base > $device.dts
cat /proc/device-tree/model > model
cat /proc/mtd > proc_mtd
while read p; do
mtd_dev=$(echo $p | cut -d: -f1)
echo $mtd_dev
dd if=/dev/$mtd_dev of=$mtd_dev
done < proc_mtd
md5sum * > md5sum.log
tar -cvzf ../$device.tar.gz .
export sum=$(md5sum /tmp/$device.tar.gz | cut -d' ' -f1)
mv ../$device.tar.gz /tmp/${device}_${sum}.tar.gz
echo fw backup saved to: /tmp/${device}_${sum}.tar.gz
```
Upload your backup via tftp to the safe place.

INSTALLATION:
1. stock firmware web ui
Rename factory.bin fw image file to factory.ubin. Flash this image
like ordinary stock fw upgrade.

2. stock firmware telnet method
Enter telnet cli (login: root, password: 476t*_f0%g09y) and upload
 factory.bin fw image and rename it to factory.ubin
`cd /tmp && wget <your_web_server_ip>/factory.ubin`
`sysupgrade factory.ubin

3. initramfs method
    Put imitramfs image to your TFTP server and rename it for example to fap650.initram
    Enable serial console and enter to the u-boot cli.
    Exec these commands:
    `tftpboot <your_tftp_server_ip>:fap650.initram`
    `dhcp`

    When downloading is finished:
    `bootm`
    After booting the device, you need to upload to the device factory.ubi fw image.
    ```
    cd /tmp && wget <your_web_server_ip>/factory.ubi`
    export rootfs=$(cat /proc/mtd | grep rootfs | cut -d: -f1)
    export rootfs_1=$(cat /proc/mtd | grep rootfs_1 | cut -d: -f1)
    ubiformat /dev/${rootfs} -y -f factory.ubi
    ubiformat /dev/${rootfs_1} -y -f factory.ubi
    reboot
    ```

4. u-boot factory.ubi image method
    Put factory.ubi to your TFTP server
    Enter u-boot cli and exec these commands:
    `tftpboot <your_tftp_server_ip>:factory.ubi`
    `dhcp`
    After downloading is finished:
    `flash rootfs`
    `flash rootfs_1`
    `reset`

STOCK FIRMWARE RECOVERY:
Boot initramfs image.
Upload your rootfs mtd partition to the device using scp or download
it from the device using wget.
Enter device ssh cli and exec:
```
cd /tmp && wget <your_web_server_ip>/rootfs_mtd`
export rootfs=$(cat /proc/mtd | grep rootfs | cut -d: -f1)
export rootfs_1=$(cat /proc/mtd | grep rootfs_1 | cut -d: -f1)
ubiformat /dev/${rootfs} -y -f /tmp/rootfs_mtd
ubiformat /dev/${rootfs_1} -y -f /tmp/rootfs_mtd
reboot
```

Signed-off-by: Isaev Ruslan <legale.legale@gmail.com>
2024-04-04 09:29:17 +02:00
Mieczyslaw Nalewaj
667baaf1d9 x86: 6.6: enable System Management Mode emulation on KVM
Include the CONFIG_KVM_SMM option in the kvm-x86 package to enable system management mode emulation on KVM.

Co-authored-by: Stefan Hellermann <stefan@the2masters.de>
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
2024-04-04 08:56:10 +02:00
Mieczyslaw Nalewaj
7e5cf372a4 kernel: 6.6: modules: netdevices: lan743x: add missing dependency
Fix error: Package kmod-lan743x is missing dependencies for the following libraries:
fixed_phy.ko

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
2024-04-04 08:56:10 +02:00
Mathew McBride
77e03f3c83 kernel: vfio: flag vfio_virqfd as only kernel 6.2 and earlier
Kernel 6.2 folded virqfd (eventd interface for VFIO interrupts)
into the base vfio module, it is no longer a tristate option.

Change suggested by vincejv on GitHub:
https://github.com/openwrt/openwrt/pull/14868#issuecomment-1998260124

Signed-off-by: Mathew McBride <matt@traverse.com.au>
2024-04-04 08:56:10 +02:00
Felix Fietkau
766ec55966 mbedtls: copy psa includes in InstallDev
They are required for some of the crypto API

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-03 22:42:46 +02:00
Paul Spooren
7bb9663dfe cryptodev: follow kernel.mk versioning
Instead of redefining the version schema in cryptodev, use the one
automatically defined via `kernel.mk`.

Specifically this changes the version from <kernel>+<package> to
<kernel>.<package> and thereby making it compatible with APK.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-04-03 18:41:40 +02:00
Paul Spooren
2070049c1c unetd: fix PKG_MIRROR_HASH
Our CI on GitHub as well as my local machine generates a different
PKG_MIRROR_HASH from what Felix uploaded the other day.

After receiving Felix file, both have indeed different hashes, however
when unpackaged via `xz -d` both have the same tarball content.

Below the checksums to compare:

a62bef497078c7b825f11fc8358c1a43f5db3e6d4b97812044f7653d60747d5b  dl/unetd-2024.03.31~80645766.tar.xz
fbdac59581742bf208c18995b1d69d9848c93bfce487e57ba780d959e0d62fc4  dl/unetd-2024.03.31~80645766_felix.tar.xz

After unpacking:

a7189cae90bc600abf3a3bff3620dc17a9143be8c27d27412de6eb66a1cf1b7d  dl/unetd-2024.03.31~80645766.tar
a7189cae90bc600abf3a3bff3620dc17a9143be8c27d27412de6eb66a1cf1b7d  dl/unetd-2024.03.31~80645766_felix.tar

The tarball with the wrong hash was accidentally generated without the xz
revert to version 5.4.6

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-04-03 13:27:20 +02:00
Felix Fietkau
a10a6fbac7 mt76: update to Git HEAD (2024-04-03)
605624a4e17b mt76: fix path to page_pool helper include
e4de3592c4e3 wifi: mt76: mt7603: fix tx queue of loopback packets
446f652c967c wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset
669aba47a145 wifi: mt76: mt7915: fix HE PHY capability regression
5914ea57a31f wifi: mt76: mt7915: workaround dubious x | !y warning
e8b5991f7dac wifi: mt76: mt7915: workaround too long expansion sparse warnings
e507b4e32ead wifi: mt76: mt7921: fix fw used for offload check for mt7922
725f531c1459 wifi: mt76: connac: check for null before dereferencing
b108dda7e201 wifi: mt76: mt7996: fix size of txpower MCU command
5b7616491f07 wifi: mt76: mt7921: introduce mt7920 PCIe support
0436995feca9 wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
75759dca73d5 wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command
b96ab5e62010 wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet()
7ff11c7259a3 wifi: mt76: sdio: move mcu queue size check inside critical section
02846a5d0f0f wifi: mt76: mt7915: Remove unused of_gpio.h
cb8df32e0475 wifi: mt76: mt7996: disable rx header translation for BMC entry
a4c4b550512e wifi: mt76: connac: use peer address for station BMC entry
260c5b7c3ba0 wifi: mt76: mt7996: set RCPI value in rate control command
0b7e645db9c2 wifi: mt76: connac: enable HW CSO module for mt7996
f19035fe0b4d wifi: mt76: mt7996: fix non-main BSS no beacon issue for MBSS scenario
424e9df466ce wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature
f70cb4f0508e wifi: mt76: connac: enable critical packet mode support for mt7992
5f1bf8865247 wifi: mt76: mt7996: add sanity checks for background radar trigger
1e336a8582dc wifi: mt76: connac: use muar idx 0xe for non-mt799x as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-03 13:09:15 +02:00
Christian Marangi
844a41f745
ltq-vdsl-vr11-mei: add patch fixing compilation with kernel 6.6
Add patch fixing compilation with kernel 6.6.

class_create now require only the name instead of the module ownership
reference.

Also the kernel enabled checks for enum.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-02 23:45:22 +02:00
Christian Marangi
3b7169f786
ltq-vdsl-vr11: add patch fixing compilation with kernel 6.6
Add patch fixing compilation with kernel 6.6.

class_create now require only the name instead of the module ownership
reference.

Also the kernel enabled checks for enum.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-02 23:45:22 +02:00
Robert Marko
d1eb0bec39 procd: update to Git HEAD (2024-03-30)
254810d16cf1 watchdog: always close fd on watchdog stop
946552a7b598 trace: use standard POSIX header for basename()

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-02 18:35:55 +02:00
Rafał Miłecki
7236d4f82b mt76: add mt7603 possible workaround for MT7603EN / MT7628AN stability
Add debugfs entry for disabling frames buffering that may be a reason
for mt7603 instability. This patch was sent upstream for review and at
least wasn't rejected yet. Let's add it to let OpenWrt users test if it
really helps.

Example usage:
echo N > /sys/kernel/debug/ieee80211/phy0/mt76/frames_buffering

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-04-02 07:30:27 +02:00
Sean Khan
a0962e8c04 qca-nss-dp: cp instead of symlink for nss_dp_arch.h
Build files shouldn't be symlinked into the staging directory, as doing so
would create a race condition if the build folder for 'qca-nss-dp' gets
deleted for any reason.

We should instead just copy over the required platform file to avoid
breaking compilation for any dependent packages.

Signed-off-by: Sean Khan <datapronix@protonmail.com>
2024-04-01 19:44:45 +02:00
Sean Khan
00f8c86624 qca-ssdk: rework make to allow parallel building
The current build procedure always wipes away build files, this is
costly as ssdk is a parent dependency on a whole host of packages and
will always end up rebuilding (and in serial) the whole package.

This patch includes:

1. Module Building Optimization: Instead of creating a temporary
directory (temp) and copying files into it for module building,
the directly invoke the module build command with the
necessary paths. This simplifies the build process
and avoids unnecessary file operations, speeding up
the build process and reducing disk usage.

2. Parallel Build Support: By removing the explicit creation of
the temporary directory and associated file copying operations,
and passing in $(MAKE) $(PKG_JOBS) allows building in parallel.

3. Fix `EXTRA_CFLAGS`: This variable is referenced and set within MAKE_FLAGS,
so doesn't preserve spaces. Should have its defined value quoted.

Signed-off-by: Sean Khan <datapronix@protonmail.com>
2024-04-01 11:08:57 +02:00
Tianling Shen
cc6c3a6ee8 mediatek: add support for OpenEmbed SOM7981
Hardware specification:
  SoC: MediaTek MT7981B 2x A53
  Flash: 256 MiB SPI-NAND, 32 GB eMMC optional
  RAM: 0.5/1 GB DDR4
  Ethernet: 1x 1GbE, 1x 2.5GbE (RTL8221B)
  WiFi: MediaTek MT7976C
  USB: 1x USB 3.0
  GPIO: 26-Pin header
  UART: 6 GND, 8 TX, 10 RX (in Pin header)
  Button: Reset, WPS
  Power: Type-C PD

Installation:
The board comes with a third-party custom OpenWrt image, you can upload
sysupgrade image via LuCI directly WITHOUT keeping configurations.

Or power on the board with pressing reset button for 5 second, then visit
http://192.168.1.1 and upload -factory.bin firmware.

Signed-off-by: Tianling Shen <cnsztl@gmail.com>
2024-03-31 20:20:59 +02:00
Felix Fietkau
a112ed4126 unetd: update to Git HEAD (2024-03-31)
52144f723bec pex: after receiving data update req, notify peer of local address/port
29aacb9386e0 pex: track indirect hosts (reachable via gateway) as peers without adding them to wg
48049524d4fc pex: do not send peer notifications for hosts with a gateway
12ac684ee22a pex: do not query for hosts with a gateway
203c88857354 pex: fix endian issues on config transfer
a29d45c71bca network: fix endian issue in converting port to network id
cbbe9d337a17 unet-cli: emit id by default
806457664ab6 unet-cli: strip initial newline in usage message

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-03-31 19:42:30 +02:00
Roland Reinl
29cca6cfee filogic: Add support for D-Link AQUILA PRO AI M30
Specification:
 - MT7981 CPU using 2.4GHz and 5GHz WiFi (both AX)
 - MT7531 switch
 - 512MB RAM
 - 128MB NAND flash with two UBI partitions with identical size
 - 1 multi color LED (red, green, blue, white) connected via GCA230718
 - 3 buttons (WPS, reset, LED on/off)
 - 1 1Gbit WAN port
 - 4 1Gbit LAN ports

Disassembly:
 - There are four screws at the bottom: 2 under the rubber feets, 2 under the label.
 - After removing the screws, the white plastic part can be shifted out of the blue part.
 - Be careful because the antennas are mounted on the side and the top of the white part.

Serial Interface
 - The serial interface can be connected to the 4 pin holes on the side of the board.
 - Pins (from front to rear):
   - 3.3V
   - RX
   - TX
   - GND
 - Settings: 115200, 8N1

MAC addresses:
 - WAN MAC is stored in partition "Odm" at offset 0x81
 - LAN (as printed on the device) is WAN MAC + 1
 - WLAN MAC (2.4 GHz) is WAN MAC + 2
 - WLAN MAC (5GHz) is WAN MAC + 3

Flashing via Recovery Web Interface:
 - The recovery web interface always flashes to the currently active partition.
 - If OpenWrt is flahsed to the second partition, it will not boot.
 - Ensure that you have an OEM image available (encrypted and decrypted version). Decryption is described in the end.
 - Set your IP address to 192.168.200.10, subnetmask 255.255.255.0
 - Press the reset button while powering on the device
 - Keep the reset button pressed until the LED blinks red
 - Open a Chromium based and goto http://192.168.200.1 (recovery web interface)
 - Download openwrt-mediatek-filogic-dlink_aquila-pro-ai-m30-a1-squashfs-recovery.bin
 - The recovery web interface always reports successful flashing, even if it fails
 - After flashing, the recovery web interface will try to forward the browser to 192.168.0.1 (can be ignored)
 - If OpenWrt was flashed to the first partition, OpenWrt will boot (The status LED will start blinking white and stay white in the end). In this case you're done and can use OpenWrt.
 - If OpenWrt was flashed to the second partition, OpenWrt won't boot (The status LED will stay red forever). In this case, the following steps are reuqired:
   - Start the web recovery interface again and flash the **decrypted OEM image**. This will be flashed to the second partition as well. The OEM firmware web interface is afterwards accessible via http://192.168.200.1.
   - Now flash the **encrypted OEM image** via OEM firmware web interface. In this case, the new firmware is flashed to the first partition. After flashing and the following reboot, the OEM firmware web interface should still be accessible via http://192.168.200.1.
   - Start the web recovery interface again and flash the OpenWrt recovery image. Now it will be flashed to the first partition, OpenWrt will boot correctly afterwards and is accessible via 192.168.1.1.

Flashing via U-Boot:
 - Open the case, connect to the UART console
 - Set your IP address to 192.168.200.2, subnet mask 255.255.255.0. Connect to one of the LAN interfaces of the router
 - Run a tftp server which provides openwrt-mediatek-filogic-dlink_aquila-pro-ai-m30-a1-initramfs-kernel.bin.
 - Power on the device and select "7. Load image" in the U-Boot menu
 - Enter image file, tftp server IP and device IP (if they differ from the default).
 - TFTP download to RAM will start. After a few seconds OpenWrt initramfs should start
 - The initramfs is accessible via 192.168.1.1, change your IP address accordingly (or use multiple IP addresses on your interface)
 - Perform a sysupgrade using openwrt-mediatek-filogic-dlink_aquila-pro-ai-m30-a1-squashfs-sysupgrade.bin
 - Reboot the device. OpenWrt should start from flash now

Revert back to stock using the Recovery Web Interface:
 - Set your IP address to 192.168.200.2, subnetmask 255.255.255.0
 - Press the reset button while powering on the device
 - Keep the reset button pressed until the LED blinks red
 - Open a Chromium based and goto http://192.168.200.1 (recovery web interface)
 - Flash a decrypted firmware image from D-Link. Decrypting an firmware image is described below.

Decrypting a D-Link firmware image:
 - Download https://github.com/RolandoMagico/firmware-utils/blob/M32/src/m32-firmware-util.c
 - Compile a binary from the downloaded file, e.g. gcc m32-firmware-util.c -lcrypto -o m32-firmware-util
 - Run ./m32-firmware-util M30 --DecryptFactoryImage <OriginalFirmware> <OutputFile>
 - Example for firmware M30A1_FW101B05: ./m32-firmware-util M30 --DecryptFactoryImage M30A1_FW101B05\(0725091522\).bin M30A1_FW101B05\(0725091522\)_decrypted.bin

Flashing via OEM web interface is not possible, as it will change the active partition and OpenWrt is only running on the first UBI partition.

Controlling the LEDs:
 - The LEDs are controlled by a chip called "GCA230718" which is connected to the main CPU via I2C (address 0x40)
 - I didn't find any documentation or driver for it, so the information below is purely based on my investigations
 - If there is already I driver for it, please tell me. Maybe I didn't search enough
 - I implemented a kernel module (leds-gca230718) to access the LEDs via DTS
 - The LED controller supports PWM for brightness control and ramp control for smooth blinking. This is not implemented in the driver
 - The LED controller supports toggling (on -> off -> on -> off) where the brightness of the LEDs can be set individually for each on cycle
 - Until now, only simple active/inactive control is implemented (like when the LEDs would have been connected via GPIO)
 - Controlling the LEDs requires three sequences sent to the chip. Each sequence consists of
   - A reset command (0x81 0xE4) written to register 0x00
   - A control command (for example 0x0C 0x02 0x01 0x00 0x00 0x00 0xFF 0x01 0x00 0x00 0x00 0xFF 0x87 written to register 0x03)
 - The reset command is always the same
 - In the control command
   - byte 0 is always the same
   - byte 1 (0x02 in the example above) must be changed in every sequence: 0x02 -> 0x01 -> 0x03)
   - byte 2 is set to 0x01 which disables toggling. 0x02 would be LED toggling without ramp control, 0x03 would be toggling with ramp control
   - byte 3 to 6 define the brightness values for the LEDs (R,G,B,W) for the first on cycle when toggling
   - byte 7 defines the toggling frequency (if toggling enabled)
   - byte 8 to 11 define the brightness values for the LEDs (R,G,B,W) for the second on cycle when toggling
   - byte 12 is constant 0x87

Comparison to M32/R32:
 - The algorithms for decrypting the OEM firmware are the same for M30/M32/R32, only the keys differ
 - The keys are available in the GPL sources for the M32
 - The M32/R32 contained raw data in the firmware images (kernel, rootfs), the R30 uses a sysupgrade tar instead
 - Creation of the recovery image is quite similar, only the header start string changes. So mostly takeover from M32/R32 for that.
 - Turned out that the bytes at offset 0x0E and 0x0F in the recovery image header are the checksum over the data area
 - This checksum was not checked in the recovery web interface of M32/R32 devices, but is now active in R30
 - I adapted the recovery image creation to also calculate the checksum over the data area
 - The recovery image header for M30 contains addresses which don't match the memory layout in the DTS. The same addresses are also present in the OEM images
 - The recovery web interface either calculates the correct addresses from it or has it's own logic to determine where which information must be written

Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
2024-03-31 19:01:20 +02:00
Roland Reinl
0682974aa8 filogic: Add LED driver for GCA230718
Add basic support for the LED driver for GCA230718.

 - I didn't find any documentation or driver for it, so the information below is purely based on my investigations
 - If there is already I driver for it, please tell me. Maybe I didn't search enough
 - I implemented a kernel module (leds-gca230718) to access the LEDs via DTS
 - The LED controller supports PWM for brightness control and ramp control for smooth blinking. This is not implemented in the driver
 - The LED controller supports toggling (on -> off -> on -> off) where the brightness of the LEDs can be set individually for each on cycle
 - Until now, only simple active/inactive control is implemented (like when the LEDs would have been connected via GPIO)
 - Controlling the LEDs requires three sequences sent to the chip. Each sequence consists of
   - A reset command (0x81 0xE4) written to register 0x00
   - A control command (for example 0x0C 0x02 0x01 0x00 0x00 0x00 0xFF 0x01 0x00 0x00 0x00 0xFF 0x87 written to register 0x03)
 - The reset command is always the same
 - In the control command
   - byte 0 is always the same
   - byte 1 (0x02 in the example above) must be changed in every sequence: 0x02 -> 0x01 -> 0x03)
   - byte 2 is set to 0x01 which disables toggling. 0x02 would be LED toggling without ramp control, 0x03 would be toggling with ramp control
   - byte 3 to 6 define the brightness values for the LEDs (R,G,B,W) for the first on cycle when toggling
   - byte 7 defines the toggling frequency (if toggling enabled)
   - byte 8 to 11 define the brightness values for the LEDs (R,G,B,W) for the second on cycle when toggling
   - byte 12 is constant 0x87

Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
2024-03-31 19:01:19 +02:00
Marco von Rosenberg
06cdc07f8c ath79: add support for Huawei AP5030DN
Huawei AP5030DN is a dual-band, dual-radio 802.11ac Wave 1 3x3 MIMO
enterprise access point with two Gigabit Ethernet ports and PoE
support.

Hardware highlights:
- CPU: QCA9550 SoC at 720MHz
- RAM: 256MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: QCA9550-internal radio
- Wi-Fi 5GHz: QCA9880 PCIe WLAN SoC
- Ethernet 1: 10/100/1000 Mbps Ethernet through Broadcom B50612E PHY
- Ethernet 2: 10/100/1000 Mbps Ethernet through Marvell 88E1510 PHY
- PoE: input through Ethernet 1 port
- Standalone 12V/2A power input
- Serial console externally available through RJ45 port
- External watchdog: SGM706 (1.6s timeout)

Serial console:
  9600n8 (9600 baud, no stop bits, no parity, 8 data bits)

MAC addresses:
  Each device has 32 consecutive MAC addresses allocated by
  the vendor, which don't overlap between devices.
  This was confirmed with multiple devices with consecutive
  serial numbers.
  The MAC address range starts with the address on the label.
  To be able to distinguish between the interfaces,
  the following MAC address scheme is used:
    - eth0 = label MAC
    - eth1 = label MAC + 1
    - radio0 (Wi-Fi 5GHz) = label MAC + 2
    - radio1 (Wi-Fi 2.4GHz) = label MAC + 3

Installation:
0. Connect some sort of RJ45-to-USB adapter to "Console" port of the AP

1. Power up the AP

2. At prompt "Press f or F  to stop Auto-Boot in 3 seconds",
   do what they say.
   Log in with default admin password "admin@huawei.com".

3. Boot the OpenWrt initramfs from TFTP using the hidden script
   "run ramboot". Replace IP address as needed:

   > setenv serverip 192.168.1.10
   > setenv ipaddr 192.168.1.1
   > setenv rambootfile
     openwrt-ath79-generic-huawei_ap5030dn-initramfs-kernel.bin
   > saveenv
   > run ramboot

4. Optional but recommended as the factory firmware cannot
   be downloaded publicly:
   Back up contents of "firmware" partition using the web interface or ssh:

   $ ssh root@192.168.1.1 cat /dev/mtd11 > huawei_ap5030dn_fw_backup.bin

5. Run sysupgrade using sysupgrade image. OpenWrt
   shall boot from flash afterwards.

Return to factory firmware (using firmware upgrade package downloaded from
non-public Huawei website):
1. Start a TFTP server in the directory where
   the firmware upgrade package is located

2. Boot to u-boot as described above

3. Install firmware upgrade package and format the config partitions:

   > update system FatAP5X30XN_SOMEVERSION.bin
   > format_fs

Return to factory firmware (from previously created backup):
1. Copy over the firmware partition backup to /tmp,
   for example using scp

2. Use sysupgrade with force to restore the backup:
   sysupgrade -F huawei_ap5030dn_fw_backup.bin

3. Boot AP to U-Boot as described above

Quirks and known issues
-----------------------

- On initial power-up, the Huawei-modified bootloader suspends both
ethernet PHYs (it sets the "Power Down" bit in the MII control
register). Unfortunately, at the time of the initial port, the kernel
driver for the B50612E/BCM54612E PHY behind eth0 doesn't have a resume
callback defined which would clear this bit. This makes the PHY unusable
since it remains suspended forever. This is why the backported kernel
patches in this commit are required which add this callback and for
completeness also a suspend callback.

- The stock firmware has a semi dual boot concept where the primary
kernel uses a squashfs as root partition and the secondary kernel uses
an initramfs. This dual boot concept is circumvented on purpose to gain
more flash space and since the stock firmware's flash layout isn't
compatible with mtdsplit.

- The external watchdog's timeout of 1.6s is very hard to satisfy
during bootup. This is why the GPIO15 pin connected to the watchdog input
is configured directly in the LZMA loader to output the CPU_CLK/4 signal
which keeps the watchdog happy until the wdt-gpio kernel driver takes
over. Because it would also take too long to read the whole kernel image
from flash, the uImage header only includes the loader which then reads
the kernel image from flash after GPIO15 is configured.

Signed-off-by: Marco von Rosenberg <marcovr@selfnet.de>
[fixed 6.6 backport patch naming]
Signed-off-by: David Bauer <mail@david-bauer.net>
2024-03-31 18:09:43 +02:00
Shiji Yang
d7d94a8d91 uboot-envtools: ath79: remove D-Link DIR-8x9 and DAP-1720 env config
The uboot-envtools can automatically parse the dts 'u-boot,env'
compatible string. So the env config file is now useless.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2024-03-30 01:04:17 +01:00
Rosen Penev
cd5c0054bd dtc: fix compilation with both libraries
Upstream backports.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2024-03-29 23:42:22 +01:00
Chukun Pan
0170666d89 uboot-mediatek: add Netcore N60 support
The vendor uboot requires special fit verification.
So add a custom uboot build for this device.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2024-03-29 22:53:53 +01:00
Tomasz Maciej Nowak
d506ea3e80 kernel: kmod-phy-smsc: add dependency on crc16
Introduced WoL feature needs CRC16 support.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2024-03-29 17:32:26 +01:00
Felix Fietkau
87de62dcb8 perf: fix build on linux 6.6
- use Makefile.perf to prevent overriding MAKEFLAGS
- fix path to PKG_CONFIG
- link libstdc++ statically (only used for demangling)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-03-29 15:41:16 +01:00
Florian Eckert
535d487c41 linux-firmware: add missing LICENSE_FILES info
Where it is clear which lincense the firmware package has, the missing
information are added.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2024-03-29 13:11:47 +01:00
Florian Eckert
5c14de1d7e linux-firmware: add LICENSE_FILES and LICENSE file handling
The firmware blobs have all different licenses from the different
manufacturers of the binary blobs. This information is contained in the
upstream 'linux-firmware' repositroy.

This commit extends the package handling so that this information can be
added as an additional argument during packages generation.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2024-03-29 13:11:47 +01:00
Chukun Pan
29b8ba75fa sunxi: add support for Orange Pi Zero 3
Key features:
  Allwinner H618 SoC (Quad core Cortex-A53)
  1/1.5/2/4 GiB LPDDR4 DRAM
  1 USB 2.0 type C port (Power + OTG)
  1 USB 2.0 host port
  1Gbps Ethernet port
  Micro-HDMI port
  MicroSD slot

Installation:
  Write the image to SD Card with dd.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2024-03-26 21:56:57 +01:00
Chukun Pan
9a19ec79f9 uboot-sunxi: bump to 2024.01
This version supports LPDDR4 DRAM of H618 SoC.

Runtime-tested:
  Olimex Olinuxino Micro (A20)
  Orange Pi Zero 3 (H618)
  Pine64 SoPine (A64)

Tested-by: Zoltan HERPAI <wigyori@uid0.hu>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2024-03-26 21:56:57 +01:00
Robert Marko
1d33ee019f kernel: qca-ssdk: fix C45 MDIO support on kernel 6.6
Kernel 6.3 has introduced separate C45 read/write operations, and thus
split them out of the C22 operations completely so the old way of marking
C45 reads and writes via the register value does not work anymore.

This is causing SSDK to fail and find C45 only PHY-s such as Aquantia ones:
[   22.187877] ssdk_phy_driver_init[371]:INFO:dev_id = 0, phy_adress = 8, phy_id = 0x0 phytype doesn't match
[   22.209924] ssdk_phy_driver_init[371]:INFO:dev_id = 0, phy_adress = 0, phy_id = 0x0 phytype doesn't match

This in turn causes USXGMII MAC autoneg bit to not get set and then UNIPHY
autoneg will time out, causing the 10G ports not to work:
[   37.292784] uniphy autoneg time out!

So, lets detect C45 reads and writes by the magic BIT(30) in the register
argument and if so call separate C45 mdiobus read/write functions.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-26 18:10:50 +01:00
Robert Marko
ff064b68d4 procd: update to Git HEAD (2024-03-25)
79f8cfa58ee7 ci: add github test workflow
428f40e7984f test commit fixing warnings
63058d1f81a5 ci: enable ujail builds
49ea930a862c utils: add key-value offset support to get_cmdline_val()
ca8c30208d5e inittab: fallback when multiple "console=" is detected

Required for the recent Elecom multiple console commits.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-25 11:50:19 +01:00
Robert Marko
bf4c04a4d0 hostapd: fix Argument list too long build error
Currently, both CI and local builds of wpa-supplicant will fail with:
/bin/sh: Argument list too long

Its happening as the argument list for mkdir in build.rules is too large
and over the MAX_ARG_STRLEN limit.

It seems that recent introduction of APK compatible version schema has
increased the argument size and thus pushed it over the limit uncovering
the issue.

Fixes: e8725a932e ("treewide: use APK compatible version schema")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-25 11:02:16 +01:00
Paul Spooren
c02a2db05e treewide: update PKG_MIRROR_HASH after APK version schema
With the change in version schema the downloaded files changed, too,
mostly the hash is now prefixed with a tilde `~` instead of a dash `-`.

Since each downloaded archive contains folder with the same name as the
archive, the checksum changed.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-03-25 09:32:48 +01:00
Tim Harvey
ae8bf1a26e imx: add imx8m support
Add imx8m support:
 - add a cortexa53 subtarget to imx
 - move ARCH and KERNELNAME to subtargets
 - account for kernel modules that are not used for cortexa53

No device-specific targets or firmware images are created yet but all
imx8m* dtbs will be built.

enabling CONFIG_TARGET_ROOTFS_INITRAMFS results in
openwrt-imx-cortexa53-imx8m-initramfs-kernel.bin which has been
successfully booted on an imx8mm-evk using the following:

u-boot=> tftpboot $fdt_addr_r image-imx8mm-evk.dtb && \
tftpboot $kernel_addr_r openwrt-imx-cortexa53-imx8m-initramfs-kernel.bin && \
booti $kernel_addr_r - $fdt_addr_r

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2024-03-24 21:19:10 +01:00
Petr Štetiar
8db83d4cc0 linux-firmware: package Intel AX201 firmware
Alexander reported following:

 iwlwifi 0000:00:14.3: Detected crf-id 0x3617, cnv-id 0x20000302 wfpm id 0x80000000
 iwlwifi 0000:00:14.3: PCI dev a0f0/0074, rev=0x351, rfid=0x10a100
 iwlwifi 0000:00:14.3: Direct firmware load for iwlwifi-QuZ-a0-hr-b0-77.ucode failed with error -2

It seems, that as of the current date, the highest firmware API version
supported by Linux 6.8-rc7 is still 77.

Closes: #14771
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2024-03-24 21:12:13 +01:00
Hauke Mehrtens
a693291ca9 libiwinfo: update to Git HEAD (2024-03-23)
3aa2b6b devices: add device id for MediaTek MT7601U
79a9615 devices: add device id for Realtek RTL8188CU and RTL8188FTV

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-23 19:36:34 +01:00
Paweł Owoc
a91b79fd04 mac80211: add missing config for third 160MHz width for 5GHz radio
Without this configuration it is not possible to run the radio using HE160 on channels 149-177.

Fixes: #14906
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
2024-03-23 16:57:24 +01:00
Hauke Mehrtens
f403824a6f firmware-utils: update to git HEAD
9067281 tplink-safeloader: add RE365 v1
e87f238 zycast: new tool for ZyXEL bootloader flashing
c1e69e6 tplink-safeloader: show compat_level with FW info
335d063 tplink-safeloader: bump EAP225-Outdoor v1 compat
c1e06da tplink-safeloader: bump EAP225-V3 compat_level
a5dfb5f tplink-safeloader: add TP-Link RE205 v3 support
17de365 zycast: disable build on non-Linux OS
6b24299 ptgen: fix limitation for active partition in GPT

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-23 15:51:15 +01:00
Sander van Deijck
2cfe86d383 kirkwood: add ix4-200d support to uboot-envtools
This adds support for the Iomega ix4-200d device in uboot-envtools.

Signed-off-by: Sander van Deijck <sander@vandeijck.com>
2024-03-23 14:56:50 +01:00
Mieczyslaw Nalewaj
bce7b4f8e5 mac80211: carl9170: re-fix fortified-memset warning
The carl9170_tx_release() function sometimes triggers a fortified-memset
warning in my randconfig builds:

In file included from include/linux/string.h:254,
                 from drivers/net/wireless/ath/carl9170/tx.c:40:
In function 'fortify_memset_chk',
    inlined from 'carl9170_tx_release' at drivers/net/wireless/ath/carl9170/tx.c:283:2,
    inlined from 'kref_put' at include/linux/kref.h:65:3,
    inlined from 'carl9170_tx_put_skb' at drivers/net/wireless/ath/carl9170/tx.c:342:9:
include/linux/fortify-string.h:493:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
  493 |                         __write_overflow_field(p_size_field, size);

Kees previously tried to avoid this by using memset_after(), but it seems
this does not fully address the problem. I noticed that the memset_after()
here is done on a different part of the union (status) than the original
cast was from (rate_driver_data), which may confuse the compiler.

Unfortunately, the memset_after() trick does not work on driver_rates[]
because that is part of an anonymous struct, and I could not get
struct_group() to do this either. Using two separate memset() calls
on the two members does address the warning though.

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
2024-03-23 14:26:05 +01:00
Marius Durbaca
ce5661e455 uboot-rockchip: add Radxa E25 board support
add Radxa E25 board support in uboot-rockchip

Signed-off-by: Marius Durbaca <mariusd84@gmail.com>
Reviewed-by: Tianling Shen <cnsztl@immortalwrt.org>
2024-03-23 07:55:43 +01:00
Marius Durbaca
28ee115673 kernel: kmod-ata-ahci-platform: enable support for RK35xx
enable support for RK35xx in kmod-ata-ahci-platform kernel module

Suggested-by: Tianling Shen <cnsztl@immortalwrt.org>
Signed-off-by: Marius Durbaca <mariusd84@gmail.com>
2024-03-23 07:55:43 +01:00
Paul Spooren
e8725a932e treewide: use APK compatible version schema
Different from OPKG, APK uses a deterministic version schema which chips
the version into chunks and compares them individually. This enforces a
certain schema which was previously entirely flexible.

 - Releases are added at the very and end prefixed with an `r` like
`1.2.3-r3`.
- Hashes are prefixed with a `~` like `1.2.3~abc123`.
- Dates become semantic versions, like `2024.04.01`
- Extra tags are possible like `_git`, `_alpha` and more.

For full details see the APK test list:
https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/test/version.data

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-03-22 22:14:22 +01:00
Robert Marko
d9a2886263 kernel: qca-nss-dp: enable compiling against 6.6
Since 6.5 netdev_rx_queue was moved out of netdevice.h so include the new
header since that is where it lives now.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-22 21:19:21 +01:00
Robert Marko
6a44115338 kernel: qca-ssdk: allow compiling against 6.6
Add a patch that makes SSDK recognize kernel 6.6 and thus allows
compiling against it.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-22 21:19:21 +01:00