Add u-boot support based on the kernel dts introduced in d1016446 and
the GL-MT6000 u-boot support in fe10f974.
The pcie-mediatek-gen3 kernel driver doesn't like hotplug, so to work in
PCIe mode, the 5G modem on this device needs to be switched on by u-boot
before starting the kernel. Include an init_modem step in the boot_system
action to set the relevant gpios. (The factory bootloader does the same,
using Mediatek SDK-specific gpio_power_clr and gpio_pull_up.)
Ideally the modem would be started using gpio-hog in the device tree, but
this will need to wait until mediatek gpio-hog support is fixed upstream:
https://lore.kernel.org/u-boot/6ef2583e85eea60560d7776377d662779e7c44e5.1722419839.git.chris@arachsys.com/
The bootloader can be replaced using the built-in web interface of the
factory bootloader. Hold the reset button for five seconds while powering
on the device and it will boot into a recovery http server.
http://192.168.1.1/uboot.html and http://192.168.1.1/bl2.html can then
be used to upload openwrt-mediatek-filogic-glinet_gl-x3000-bl31-uboot.fip
and openwrt-mediatek-filogic-glinet_gl-x3000-preloader.bin respectively.
Alternatively, from a root shell on the running system, unlock the boot
partition with
echo 0 >/sys/block/mmcblk0boot0/force_ro
then write openwrt-mediatek-filogic-glinet_gl-x3000-bl31-uboot.fip to
/dev/mmcblk0p4 and openwrt-mediatek-filogic-glinet_gl-x3000-preloader.bin
to /dev/mmcblk0boot0.
Signed-off-by: Chris Webb <chris@arachsys.com>
Link: https://github.com/openwrt/openwrt/pull/15645
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Ipv6 delegate option is not respected by proto directip
this add support for it.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This make source based IPv6 routing option available for directip
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Ipv6 delegate option is not respected by proto qmi
this add support for it.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Ipv6 delegate option is not respected by proto ncm
this add support for it.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Ipv6 delegate option is not respected by proto mbim
this add support for it.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Ipv6 delegate option is not respected by proto of ppp/pptp/pppoe/pppoa
this add support for them.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
If the `intval` obtained from `info` is indeed 0, it cannot be set to `conf`.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15495
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The support for assigning PCIe eeprom via device tree was
accidentally removed when adding NVMEM eeprom patches.
Fixes: bea4f50207 ("mac80211: rt2x00: improve EEPROM load patches")
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16318
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Compile LED support to swconfig and phy modules
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
Link: https://github.com/openwrt/openwrt/pull/15926
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for building DSA switch drivers as kernel modules.
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
Link: https://github.com/openwrt/openwrt/pull/15926
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for building multiple phy drivers as kernel modules
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
Link: https://github.com/openwrt/openwrt/pull/15926
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for building both upstream and downstream ag71xx drivers
as modules.
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
Link: https://github.com/openwrt/openwrt/pull/15926
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch add a version to uboot patches to help identify in
futures updates when they were upstreamed.
Signed-off-by: Antonio Flores <antflores627@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16275
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
1- The NanoPi R6C is a SBC by FriendlyElec based on the Rockchip RK3588s.
It comes with 4GB or 8GB of RAM, a microSD card slot, optional 32GB eMMC
storage, one M.2 M-Key connector, one RTL8211F 1GbE and one RTL8125
2.5GbE Ethernet port, one USB 2.0 Type-A and one USB 3.0 Type-A port, a
HDMI port, a 30-pin GPIO header as well as multiple buttons and LEDs.
2- Renamed 000-backport-upstream-dts-sync.patch -> 000-v2024.10-rc1-backport-upstream-dts-sync.patch
to add the version when was applied upstream
Signed-off-by: Antonio Flores <antflores627@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16275
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Same as 'nohostroute' option for GRE tunnels (commit 0f8b9addfc)
and IPIP tunnels (commit 46ce629fe0)
Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15961
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
link: https://lore.kernel.org/all/2024091842-CVE-2024-46760-1eb3@gregkh
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw88: usb: schedule rx work after everything is set up
Right now it's possible to hit NULL pointer dereference in
rtw_rx_fill_rx_status on hw object and/or its fields because
initialization routine can start getting USB replies before
rtw_dev is fully setup.
The stack trace looks like this:
rtw_rx_fill_rx_status
rtw8821c_query_rx_desc
rtw_usb_rx_handler
...
queue_work
rtw_usb_read_port_complete
...
usb_submit_urb
rtw_usb_rx_resubmit
rtw_usb_init_rx
rtw_usb_probe
So while we do the async stuff rtw_usb_probe continues and calls
rtw_register_hw, which does all kinds of initialization (e.g.
via ieee80211_register_hw) that rtw_rx_fill_rx_status relies on.
Fix this by moving the first usb_submit_urb after everything
is set up.
For me, this bug manifested as:
[ 8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped
[ 8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status
because I'm using Larry's backport of rtw88 driver with the NULL
checks in rtw_rx_fill_rx_status.
The Linux kernel CVE team has assigned CVE-2024-46760 to this issue.
Affected and fixed versions
===========================
Fixed in 6.6.51 with commit c83d464b82a8
Fixed in 6.10.10 with commit 25eaef533bf3
Fixed in 6.11 with commit adc539784c98
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-46760
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/net/wireless/realtek/rtw88/usb.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635ahttps://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343ehttps://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3
Signed-off-by: Antonio Flores <antflores627@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16420
Signed-off-by: Robert Marko <robimarko@gmail.com>
Specification is similar to other devices of the MT Stuart series:
* Mediatek MT7988D (3x Cortex-A73, up to 1.8 GHz clock speed)
* 8 GiB eMMC
* 2 GiB DDR4 RAM
* 2500M/1000M/100M LAN port
* 10000M/5000M/2500M/1000M/100M/10M WAN port
* MT7992 Tri-band (2.4G, 5G, 6G) 2T2R+3T3R+3T3R 802.11be Wi-Fi
* Renesas DA14531MOD Bluetooth
* 2 buttons (Reset, Mesh/WPS)
* uC-controlled RGB LED via I2C
* 2x LED for the 2.5G port, 3x LED for the 10G port
* 3.3V-level 115200 baud UART console via 4-pin Dupont connector
exposed at the bottom of the device
* USB-C PD power input
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
850cc271083d qosify: add support for keeping stats
1501e0935175 bpf_skb_utils.h: add missing include to fix build against newer kernel headers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The previous host installation fix accidentally moved the rpath settings
out of CMAKE_HOST_OPTIONS and into CMAKE_OPTIONS.
Fixes: ae42ecaad4 ("ucode: fix host installation")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit adds support for netis N6 WiFi 6 router.
Specification
-------------
- SoC : MediaTek MT7621AT, MIPS, 880 MHz
- RAM : 256 MiB
- Flash : NAND 128 MiB (ESMT PSU1GA30DT)
- WLAN : MT7905DAN + MT7975DN
- 2.4 GHz : b/g/n/ax, 574 Mbps, MIMO 2x2
- 5 GHz : a/n/ac/ax, 1201 Mbps, MIMO 2x2
- Ethernet : 10/100/1000 Mbps x5 (1x WAN, 4x LAN)
- USB : 1x 3.0
- UART : 3.3V, 115200n8
- Buttons : 1x Reset
1x WPS
- LEDs : 1x Power (green)
1x System (green)
1x WAN (green)
1x WiFi 2.4 GHz (green), controlled by phy
1x WiFi 5 GHz (green), controlled by phy
1x WPS (green)
1x USB (green)
5x ethernet leds (green), controlled by switch
- Power : 12 VDC, 1.5 A
Installation
------------
1. Update the router using stock firmware web interface and OpenWrt
factory.bin image.
Recovery and return to stock
----------------------------
1. Assign your PC a static IP 192.168.1.2 and connect to the router using
the ethernet cable;
2. Power off the router;
3. Press Reset button, power on the router and wait until ethernet led
start blinking;
4. Release the button;
5. Open http://192.168.1.1/ (N6 System Recovery Mode) in your browser;
6. Upload OpenWrt factory.bin (or stock firmware *.bin) image and proceed
with upgrade.
MAC addresses
-------------
+---------+-------------------+
| | MAC example |
+---------+-------------------+
| LAN | dc:xx:xx:49:xx:04 |
| WAN | dc:xx:xx:49:xx:05 |
| WLAN 2g | dc:xx:xx:19:xx:06 |
| WLAN 5g | dc:xx:xx:79:xx:06 |
+---------+-------------------+
The WLAN MAC prototype was found in 'Factory', 0x4
The LAN MAC was found in 'Factory', 0x7ef20
The WAN MAC was found in 'Factory', 0x7ef26
Known issue
-----------
2.4 GHz WLAN doesn't start with mt76 driver.
Probable reason:
Original Netis N6 EEPROM contains wrong MT_EE_WIFI_CONF value (0xd2).
Other routers with the same WLAN hardware (e.g., Routerich AX1800)
have MT_EE_WIFI_CONF = 0x92.
Workaround (already included in this commit):
Extract EEPROM to a file at the first time boot and change
MT_EE_WIFI_CONF (offset 0x190) value from 0xd2 to 0x92. See
/etc/hotplug.d/firmware/11-mt76-caldata for details.
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16322
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
bcc091d session: Fix crash when the UCI option 'password' or 'username' is missing
9f4b86e rpcd: iwinfo: add IEEE 802.11be support
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add support for 802.11be (HE) radios.
4b7c47c iwinfo: sync with upstream nl80211.h
268a662 iwinfo: add basic IEEE 802.11be support
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The busybox built with mips16 enabled has broken seq command.
Disassembling shows that the call to hard-float strtod in mips16
code is generated without the __call_stub_fp:
```
0x00406d6f <+118>: lw v0,32(sp)
0x00406d71 <+120>: sll s0,2
0x00406d73 <+122>: addu s0,v0,s0
0x00406d75 <+124>: lw a0,-4(s0)
0x00406d79 <+128>: jal 0x44ebc1 <strtod@mips16plt>
0x00406d7d <+132>: addiu a1,sp,84
0x00406d7f <+134>: sw v0,64(sp)
0x00406d81 <+136>: lw v0,0(s1)
0x00406d83 <+138>: sw v1,68(sp)
```
As a result, strtod returns the result in float point registers
while the calling mips16 code expect the result in v0/v1.
Disable mips16 on hard-float targets for now. The built .ipk goes
from 213316 bytes to 251419 bytes.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Remove upstreamed from 2.11 release:
060-nl80211-fix-crash-when-adding-an-interface-fails.patch
Rebase all other patches
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16338
Signed-off-by: Robert Marko <robimarko@gmail.com>
Release 2.11 has been quite a few new features and fixes since the 2.10
release. The following ChangeLog entries highlight some of the main
changes:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
- use Secure=1 in message 3 during PTK rekeying
...and many more
Remove upstreamed patches:
023-ndisc_snoop-call-dl_list_del-before-freeing-ipv6-add.patch
030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
040-mesh-allow-processing-authentication-frames-in-block.patch
181-driver_nl80211-update-drv-ifindex-on-removing-the-fi.patch
182-nl80211-move-nl80211_put_freq_params-call-outside-of.patch
183-hostapd-cancel-channel_list_update_timeout-in-hostap.patch
210-build-de-duplicate-_DIRS-before-calling-mkdir.patch
253-qos_map_set_without_interworking.patch
751-qos_map_ignore_when_unsupported.patch
800-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
801-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
802-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch
Other patches has been updated.
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16338
Signed-off-by: Robert Marko <robimarko@gmail.com>
Specifications:
- Device: DNA Valokuitu Plus EX400
- SoC: MT7621A
- Flash: 256MB NAND
- RAM: 256MB
- Ethernet: Built-in, 2 x 1GbE
- Wifi: MT7603 2.4 GHz, MT7615 5 GHz (4x internal antennas)
- USB: 1x 3.0
- LED: 1x green/red, 1x green
- Buttons: Reset
MAC addresses:
- LAN: u-boot 'ethaddr' (label)
- WAN: label + 1
- 2.4 GHz: label + 6
- 5 GHz: label + 7
Serial:
There is a black block connector next to the red ethernet connector. It
is accessible also through holes in the casing.
Pinout (TTL 3.3V)
+---+---+
|Tx |Rx |
+---+---+
|Vcc|Gnd|
+---+---+
Firmware:
The vendor firmware is a fork of OpenWrt (Reboot) with a kernel version
4.4.93. The flash is arranged as below and there is a dual boot
mechanism alternating between rootfs_0 and rootfs_1.
+-------+------+------+-----------+-----------+
| | env1 | env2 | rootfs_0 | rootfs_1 |
| +------+------+-----------+-----------+
| | UBI volumes |
+-------+-------------------------------------+
|U-Boot | UBI |
+-------+-------------------------------------+
|mtd0 | mtd1 |
+-------+-------------------------------------+
| NAND |
+---------------------------------------------+
In OpenWrt rootfs_0 will be used as a boot partition that will contain the
kernel and the dtb. The squashfs rootfs and overlay are standard OpenWrt
behaviour.
+-------+------+------+-----------+--------+------------+
| | env1 | env2 | rootfs_0 | rootfs | rootfs_data|
| +------+------+-----------+--------+------------+
| | UBI volumes |
+-------+-----------------------------------------------+
|U-Boot | UBI |
+-------+-----------------------------------------------+
|mtd0 | mtd1 |
+-------+-----------------------------------------------+
| NAND |
+-------------------------------------------------------+
U-boot:
With proper serial access booting can be halted to U-boot by pressing any
key. TFTP and flash writes are available, but only the first one has been
tested.
NOTE: Recovery mode can be accessed by holding down the reset button while
powering on the device. The led 'Update' will show a solid green light
once ready. A web server will be running at 192.168.1.1:80 and it will
allow flashing a firmware package. You can cycle between rootfs_0 and
rootfs_1 by pressing the reset button once.
Root password:
With the vendor web UI create a backup of your settings and download the
archive to your computer. Within the archive in the file
/etc/shadow replace the password hash for root with that of a password you
know. Restore the configuration with the vendor web UI and you will have
changed the root password.
SSH access:
You might need to enable the SSH service for LAN interface as by default
it's enabled for WAN only.
Installing OpenWrt:
With the vendor web UI install the OpenWrt factory image. Alternatively,
ssh to the device and use sysupgrade -n from cli.
Finalize by installing the OpenWrt sysupgrade image to get a fully
functioning system.
Reverting to the vendor firmware:
Boot with OpenWrt initramfs image
- Remove volumes rootfs_0, rootfs and rootfs_data and create vendor
volumes.
ubirmvol /dev/ubi0 -n 2
ubirmvol /dev/ubi0 -n 3
ubirmvol /dev/ubi0 -n 4
ubimkvol /dev/ubi0 -N rootfs_0 -S 990
ubimkvol /dev/ubi0 -N rootfs_1 -S 990
Power off and enter to the U-boot recovery to install the vendor
firmware.
Known issues:
- MACs for wifi are stored in currently unknown place but it seems
to persist over power-off. They might be stored on the chip.
Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
[rmilecki: try NVMEM for MACs]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
- specify CC target explicitly
- define KBUILD_SYM32=n to select "native" build format (if building with 64-bit arch)
- rewrap lines (for good)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15702
Signed-off-by: Robert Marko <robimarko@gmail.com>
The path for linking libucode.so was not specified for the ucode binary.
This breaks execution of ucode in the host context.
Signed-off-by: David Bauer <david.bauer@uniberg.com>
move nanopc-t6 recipes above rock 5b.
Fixes: 9482341a47 ("rockchip: add support for nanopc t6")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/16340
Signed-off-by: Robert Marko <robimarko@gmail.com>
Specifications:
* SoC: Qualcomm IPQ8072A (64-bit Quad-core Arm Cortex-A53 @ 2200MHz)
* Memory: 2x ESMT M15T4G16256A-DEBG2G (1 GiB DDR3-1866 13-13-13)
* Serial Port: 3v3 TTL 115200n8
* Wi-Fi: QCN5054 (4x4 5 GHz 802.11ax)
* Wi-Fi: QCN5024 (4x4 2.4 GHz 802.11b/g/n/ax)
* Ethernet: QCA8081 (10/100/1000/2.5GBASE-T)
* Flash: Winbond W29N01HZSINF (128 MiB)
* LEDs: 1x Blue Status (GPIO 42 Active High)
* Buttons: 1x Reset (GPIO 50 Active Low)
Installation Instructions (Serial+TFTP):
1. Solder 4 pin header to JP1 and bridge pads of R58 and R62.
2. Connect 3V3 TTL port to TX, RX, and GND, which are positions 1, 2,
and 3 respectively. Be sure to crossover TX and RX.
3. Copy RAM firmware image
openwrt-qualcommax-ipq807x-tplink_eap660hd-v1-initramfs-uImage.itb
to TFTP server root, available at 192.168.10.1.
4. Connect PoE ethernet cable to the RJ45 port and hold Ctrl+B in the
serial console (115200 baud) until autoboot is halted.
5. Run the following commands in the U-boot prompt:
# tftpboot 0x44000000 openwrt-qualcommax-ipq807x-tplink_eap660hd-v1-initramfs-uImage.itb
# bootm
You may need to type Ctrl+C and Enter before running these commands
to clear invisible characters from the buffer.
6. Run the following command in a terminal to copy the sysupgrade image
to be installed (check IP address):
$ scp openwrt-qualcommax-ipq807x-tplink_eap660hd-v1-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/
7. Activate the OpenWrt serial console and run the following commands:
# cd /tmp
# sysupgrade -n openwrt-qualcommax-ipq807x-tplink_eap660hd-v1-squashfs-sysupgrade.bin
8. The AP will reboot and OpenWrt will be successfully installed.
Signed-off-by: George Witt <george.witt@nltsproject.org>
Link: https://github.com/openwrt/openwrt/pull/15832
Signed-off-by: Robert Marko <robimarko@gmail.com>
GCC errors on returning int in void function now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16348
Signed-off-by: Robert Marko <robimarko@gmail.com>
OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this release is Moderate.
This release incorporates the following bug fixes and mitigations:
* Fixed possible denial of service in X.509 name checks (CVE-2024-6119)
* Fixed possible buffer overread in SSL_select_next_proto() (CVE-2024-5535)
Added github releases url as source mirror
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16332
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Adds u-boot config for access to system env variables on this board
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16312
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
If the user has ip-tiny or ip-full installed there is no need to depend on
BusyBox having any form of `ip` or `ip link` applets.
Signed-off-by: Christian Svensson <blue@cmd.nu>
Link: https://github.com/openwrt/openwrt/pull/16062
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Include hotfix suggested by Sebastian Gottschall to fix bug introduced
with APuP patchset
Signed-off-by: Gioacchino Mazzurco <gio@polymathes.cc>
Link: 0c3001a69e
Link: https://github.com/openwrt/openwrt/pull/16298
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Instead of avoiding returning, propagate error so that the kernel
infrastructure can handle it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16262
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Instead of ignoring errors, let the linux infrastructure handle it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16262
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Besides probing BPF information in running system, bpftool is also used in
generating skeleton, dumping BTF, etc. that is widely used in modern BPF
development. Make it available as a host tool so that we can use it in
package build.
Tested build targeting malta/le on Arch Linux x86_64. bpftools currently
does not support processing cross-endian BPF objects, so big-endian host
is needed to build for big-endian targets using bpftools.
Signed-off-by: Eric Long <i@hack3r.moe>
Link: https://github.com/openwrt/openwrt/pull/16122
Signed-off-by: Robert Marko <robimarko@gmail.com>
480551a3adc4 interface: add support for disabling renew on topology change
b7b294266781 device: add more debugging code
595094f5c213 device: do not pull device present state from hotplug events
4e11e52e9b98 main: add messages to udebug regardless of their log level
091d063f4a9d wireless: handle link updates even if devices are present already
a8e90853c936 interface: improve hotplug handling reliability
cdb41673ceea device: remove redundant newlines from debug messages
cd2a7964f2c0 device: revert to explicit device_set_present calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Try to do a clean disconnection via L3 request before the connection is
stopped.
Because this might take up to 6 seconds (the driver does 3 attempts with
a timeout of 2 seconds each), a termination timeout needs to be defined
in the init script.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Move the code for disconnection on exit to a separate function, and also
call it in the code paths for SIGINT and the "quit" CLI command.
While at it, make the patch description a bit clearer.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Move the code for disconnection on exit to a separate function, and also
call it in the code path for the "quit" CLI command.
While at it, make the patch description a bit clearer.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Use the correct return value in error message.
Fixes: 6e4c9738be ("ltq-vdsl-vr11-app: add version 4.23.1 for vr11 targets")
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Use the correct return value in error message.
Fixes: 1daaef31b3 ("ltq-vdsl-app: disconnect when service is stopped")
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Empty trailing fields get lost when the lines are split and merged again
at colons, resulting in unparsable entries. Only use the split fields for
matching against the other file, but emit the original line unchanged
to fix the issue.
Fixes: de7ca7dafa ("base-files: merge /etc/passwd et al at sysupgrade config restore")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* Adds the x86_64 dependency for mlxsw_core
* Removes the redundant mlxsw_core dependency
from mlxsw-minimal and mlxsw-spectrum
* Removes the DCB configuration symbols because
they were moved into the generic configuration
Signed-off-by: Til Kaiser <mail@tk154.de>
Link: https://github.com/openwrt/openwrt/pull/15362
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit adds the currently missing Mellanox
Spectrum-2, Spectrum-3, and Spectrum-4 firmware files.
Signed-off-by: Til Kaiser <mail@tk154.de>
Link: https://github.com/openwrt/openwrt/pull/15362
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit adds the missing x86 dependency for
the Mellanox mlxcpld LED driver.
Signed-off-by: Til Kaiser <mail@tk154.de>
Link: https://github.com/openwrt/openwrt/pull/15362
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Radxa ROCK 3B is a Pico-ITX form factor SBC[1] using the Rockchip
RK3568(J).
Hardware
--------
- Rockchip RK3568(J) SoC
- Quad A55 CPU
- Mali-G52 GPU
- 1 TOPS @ INT8 NPU
- 2GB/4GB/8GB LPDDR4 RAM
- eMMC connector
- Micro SD Card slot
- NVMe SSD through the M.2 M Key (2-lane PCIe 3.0)
- SPI Flash for bootloader
- 2x Gigabit ethernet port (one supports PoE with add-on PoE HAT)
- 1x M.2 E Key socket with SDIO, UART and USB interfaces
- 1x M.2 B Key socket with PCIe, SATA, and USB interfaces
- 1x SIM card socket
- 1x USB 3.0 Type-A HOST port
- 1x USB 3.0 Type-A OTG port
- 2x USB 2.0 Type-A HOST ports
- 40 Pin GPIO header
[1] https://radxa.com/products/rock3/3b
Installation
------------
Uncompress the OpenWrt sysupgrade and write it to a micro SD card or
internal eMMC using dd.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/16185
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Radxa ROCK 3C is a high-performance, low-cost SBC[1] using the
Rockchip RK3566.
Hardware
--------
- Rockchip RK3566 SoC
- Quad A55 CPU
- Mali-G52-2EE GPU
- 1 TOPS @ INT8 NPU
- 1GB/2GB/4GB LPDDR4 RAM
- eMMC connector
- Micro SD Card slot
- NVMe SSD through the M.2 M Key connector(2230) or M.2 Extension
board(2232/2260/2280)
- SATA through the Radxa Penta SATA HAT
- 1x Gigabit ethernet port(supports PoE with add-on PoE HAT)
- WiFi6/BT5.4 (not supported yet on OpenWrt)
- 1x USB 3.0 Type-A HOST port
- 2x USB 2.0 Type-A HOST ports
- 1x USB 2.0 Type-A OTG port
- 40 Pin GPIO header
[1] https://radxa.com/products/rock3/3c
Installation
------------
Uncompress the OpenWrt sysupgrade and write it to a micro SD card or
internal eMMC using dd.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/16185
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch fixes the list delimiter between 3GPP networks
passed to hostapd.
> list iw_anqp_3gpp_cell_net '262,001'
> list iw_anqp_3gpp_cell_net '262,002'
When passing a list of "iw_anqp_3gpp_cell_net" parameters via UCI,
hostapd would crash at startup:
> daemon.err hostapd: Line 73: Invalid anqp_3gpp_cell_net: 262,001:262,002
Using a semicolon as a delimiter, hostapd will start as expected.
Signed-off-by: Sarah Maedel <git@tbspace.de>
28b48a1 uim: add support for ICC communication channel
f582e00 qmi: fix dynamic array macro
d381f80 data: add support for ICC channel
Signed-off-by: David Bauer <mail@david-bauer.net>
The company Zyxel rebranded some years ago.
Currently the casing is according to the old branding even
for newer devices which already use the new branding.
This commit aligns the casing of Zyxel everywhere.
Signed-off-by: Goetz Goerisch <ggoerisch@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15652
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch fixes model name in dts as below:
Radxa ROCK3 model A -> Radxa ROCK 3A
Radxa ROCK 5 model A -> Radxa ROCK 5A
Radxa ROCK 5 model B -> Radxa ROCK 5B
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/16232
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Use local tarballs instead of upstream generated ones. Smaller.
Fix version to be compatible with apk.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16219
Signed-off-by: Robert Marko <robimarko@gmail.com>
Forward client mac address and subnet on dns queries. Pi-hole and Adguard use this feature to send the originators ip address/subnet so it can be logged and not just the nat address of the router. This feature has been added since version 2.56 of dnsmasq and would be nice to expose this feature in openwrt.
Signed-off-by: Carsten Schuette <schuettecarsten@googlemail.com>
Link: https://github.com/openwrt/openwrt/pull/15965
Signed-off-by: Robert Marko <robimarko@gmail.com>
There was a typo done for mt7925e and mt7925u in the KernelPackage
definitions, which caused the system to load the wrong kernel modules.
Signed-off-by: Daniel Pawlik <pawlik.dan@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16236
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The firmware binaries were missing in kmod-mt7925-firmware package.
Signed-off-by: Daniel Pawlik <pawlik.dan@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16239
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
On latest Intel x86 CPUs, DMC firmware is required for the iGPU to reach
its lowest power states. If the driver cannot load it, it will print a
warning and unnecessarily make the iGPU draw a bit more power when idle.
GUC firmware (various "offload" mechanisms that deal with scheduling GPU
workloads) and HUC firmware (required for accelerated media codec
operations for HEVC/H.265) are probably more niche, but could also
provde useful for some - for example, when building an
Intel/OpenWrt-based security camera.
Signed-off-by: Johannes Truschnigg <johannes@truschnigg.info>
Link: https://github.com/openwrt/openwrt/pull/16069
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for the Radxa ROCK 5B board.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/16149
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for the Radxa ROCK 5A board.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/16149
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
When running a failsafe shell on a console, job control was unavailable,
and ^C did not function correctly.
This change invokes console failsafe shells via `setsid`, making them
session leaders and allowing them to claim controlling terminals, which
makes job control function properly. To support this, the busybox
`setsid` utility is enabled. This has a minimal 149-byte size impact on
a test x86_64 squashfs rootfs image.
^C was ignored in subprocesses of failsafe shells: it was not possible
to ^C out of a program that would not exit on its own, such as many
typical `ping` invocations. As job control was unavailable, it was not
possible to suspend these subprocesses either, causing a hung program to
tie up a console indefinitely, unless another means to signal the
program was available. This was caused by SIGINT being placed at
disposition SIG_IGN by the shell running preinit, which it did because
the console shell was executed asynchronously with &. That disposition
was inherited by the console shell and its subprocesses, generally
causing ^C to have no effect.
As there is no way in busybox `ash` to reset the disposition of a signal
already ignored at shell entry, and no apparent way to avoid SIGINT
being placed at SIG_IGN when & is used in preinit, an alternative
construct is needed. Now, `start-stop-daemon` is used to start (-S) the
console failsafe shell in the background (-b). This approach does not
alter SIGINT, allowing the console shell to be started with that
signal's handling intact, and normal ^C processing to occur.
busybox `ash` has some behaviors conditional on SHLVL, and while the
console shells ought to run at SHLVL=1, they were not by virtue of being
started by the shell-based preinit system. Additionally, a variety of
detritus was present in the console shell's environment, carried over
from preinit. These conditions are corrected by running the console
shell via `env -i` to clear the environment and establish a minimum and
correct set of environment variables for operation, in the same manner
as `login`. HOME is not explicitly set, because it's addressed in
/etc/profile. For non-failsafe console shells when
system.@system[0].ttylogin = 0, `login -f root` achieves a similar
effect. (`login` already started non-failsafe console shells when
ttylogin = 1 and behaved correctly. This brings the ttylogin = 0 case to
parity.) Note that even `login -f` is somewhat undesirable for failsafe
shells because it requires a viable /etc/passwd, hence the `env -i`
construct in that case.
The TERM environment variable from the preinit environment, with value
"linux", would rarely be correct for serial consoles. Now, the preinit
TERM value is preserved (or set to "linux" if unset) only when the
console is /dev/console or /dev/tty[0-9]*. Otherwise, it will be set to
a safe default appropriate for serial consoles, "vt102", as used for
serial consoles by busybox init. This "linux"/"vt102" TERM setting is
also duplicated for non-failsafe console shells.
This also indicates failsafe mode by showing "- failsafe -" on all
consoles (not just the last-defined one). It sets a hostname of
"OpenWrt-failsafe" in failsafe mode which is rendered in the shell's
prompt as a reminder of the mode during interactive failsafe use.
Previously, no hostname was set, which resulted in the kernel-default
hostname, "(none)", appearing in failsafe shell prompts.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
Link: https://github.com/openwrt/openwrt/pull/16113
Signed-off-by: Robert Marko <robimarko@gmail.com>
Fixes#16075
When the SSL certificate used by uhttpd has been changed, calling
`/etc/init.d/uhttpd reload` will now have the effect of restarting the
daemon to make the change effective.
Signed-off-by: Sylvain Monné <sylvain@monne.contact>
Link: https://github.com/openwrt/openwrt/pull/16076
Signed-off-by: Robert Marko <robimarko@gmail.com>
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This log is noisy and useless, just ignore it.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
This log is noisy and useless, just ignore it.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
r8168, r8125 and r8126 have been transferred from https://github.com/noltari to
https://github.com/openwrt.
The old URL should still work after the transfer, but let's update it anyway.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
There is no need to build BL31 as anyway only the bl2 image is
relevant for use with mtk_uartboot. Build only bl2 in this case.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Specification:
- MT7629 CPU
- MT7531 switch
- MT7761N and MT7762N wifi
- 256 MB RAM
- 128 MB NAND flash with dual-boot partitions
- 2 buttons: WPS and reset
- 1 WAN port (1G)
- 4 LAN ports (1G)
- 1 USB port
Limitations (same as other MT7629/MT7761N/MT7762N devices):
- Wifi is not working
- Second core is not working (kernel error message "CPU1: failed to come online")
Disassembly:
- There are two screws under the front rubber feet and two under the label on the bottom (in the corners towards the back, you should be able to feel them).
Serial Interface:
- UART pin header is already soldered on the board. Pinning from front to back:
1 - VCC
2 - TX
3 - RX
4 - n/a
5 - GND
GPIO:
- 1 white LED, connected to GPIO 52
- 1 reset button, connected to GPIO 60
- 1 WPS button, connected to GPIO 58
MAC Adresses:
- The MAC address printed on the device label is used for LAN and WAN
- The MAC address is stored in the devinfo partition in ASCII format (hw_mac_addr=aa:bb:cc:dd:ee)
- 2.4 GHz wifi uses MAC of the device label + 1
- 5 GHz wifi uses MAC of the device label + 2
Flashing:
- OpenWrt is only runnig in the first partition of dual boot
- To ensure to be able to go back to the factory image, flash the last OEM firmware via OEM web interface. This will ensure that the OEM firmware is present on both partitions
- Because of dual boot partitions, flashing via OEM interface is not supported
- Start a TFTP server and provide the initramfs image. Default settings:
- Router IP: 192.168.1.1
- TFTP server IP: 192.168.1.100
- TFTP file name: 7531.bin
- Open the device, connect UART and select " 1. System Load Linux to SDRAM via TFTP." during startup
- Adapt the settings to your environment, if required
- After initramfs is booted, flash the sysupgrade image
Return to OEM firmware:
- Run the following commands in OpenWrt to switch to the second partition
fw_setenv boot_part 2
fw_setenv bootimage 2
- Reboot the device. OEM firmware will start up again
Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16067
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commits adds the RTW89 driver from Realtek.
Supports the Realtek 8851BE/8852AE/8852BE/8852CE PCIe wireless chips.
Signed-off-by: Antonio Flores <antflores627@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16131
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The recommended maximum validity period is currently 397 days
and some browsers throw warning with longer periods.
Reference to
https://cabforum.org/working-groups/server/baseline-requirements/
6.3.2 Certificate operational periods and key pair usage periods
Subscriber Certificates issued on or after 1 September 2020
SHOULD NOT have a Validity Period greater than 397 days and
MUST NOT have a Validity Period greater than 398 days.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/15366
Signed-off-by: Robert Marko <robimarko@gmail.com>
The introduction of MacOS Catalina includes new requirements for self-signed certificates.
See: https://support.apple.com/en-us/HT210176
These new requirements include the addition of two TLS server certificate extensions.
- extendedKeyUsage
- subjectAltName
The extendedKeyUsage must be set to serverAuth.
The subjectAltName must be set to the DNS name of the server.
In the absense of these new extensions, when the LUCI web interface is configured to use HTTPS and
self-signed certs, MacOS user running Google Chrome browsers will not be able to access the LUCI web enterface.
If you are generating self-signed certs which do not include that extension, Chrome will
report "NET::ERR_CERT_INVALID" instead of "NET::ERR_CERT_AUTHORITY_INVALID". You can click through to
ignore the latter, but not the former.
This change updates the uhttpd init script to generate self-signed cert that meets the new requirements.
Signed-off-by: Pat Fruth <pat@patfruth.com>
Link: https://github.com/openwrt/openwrt/pull/15366
Signed-off-by: Robert Marko <robimarko@gmail.com>
To better acommodate with the current browsers' requirements, also
self-signed certificates should have subjectAltName and
extendedKeyUsage defined in the self-signed x509 SSL certificates.
The following case sensitive options are now possible:
-addext subjectAltName=DNS:...
-addext subjectAltName=EMAIL:...
-addext subjectAltName=IP:...
-addext subjectAltName=URI:...
-addext extendedKeyUsage=serverAuth OR -addext extendedKeyUsage=any
Initial draft by Paul Donald <newtwen@gmail.com>
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/15366
Signed-off-by: Robert Marko <robimarko@gmail.com>
Bump `omnia-mcu-firmware` to version 4.1.
This version fixes the following issue on boards with GD32 MCU:
* the user has old GD32 MCU bootloader and application (version 2.0)
* the user upgraded MCU application firmware to newer version (from
2.99 to 4.0)
* the user wants to upgrade application again, but it is impossible,
because when MCU application firmware jumps into the old MCU
bootloader firmware (2.0), the old bootloader firmware gets stuck in
exception
* the user has to restart the board and upgrade the bootloader firmware
first, which is not ideal, since if bootloader firmware upgrade is
interrupted, the board gets bricked
Therefore the `omnia-mcutool` utility version 0.3-rc3 will refuse to
upgrade MCU application firmware to versions 2.99 to 4.0 if the MCU
bootloader firmware is at version 2.0.
For users to be able to upgrade MCU application firmware on GD32
boards, they will need this new 4.1 version.
Users that already upgraded the MCU application firmware to a version
version between 2.99 and 4.0 (using a previous version of the
`omnia-mcutool` utility) have no other choice but to upgrade MCU
bootloader firmware as well.
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/16159
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add support this boards to envtools config
This commit integrates the latest changes from new U-Boot, which includes important updates to the DTSI files for the Orange Pi R1 Plus and Orange Pi R1 Plus LTS boards.
Signed-off-by: Vyacheslav Ivanov <islavaivanov76@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16090
Signed-off-by: Robert Marko <robimarko@gmail.com>
Use ath10k-ct 6.9 to better match mac80211 backports 6.9.x
Drop patch 010 that is merged upstream.
Add patch 001 to fix version to 6.9 (overlooked by upstream).
Refresh patches.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/16036
Signed-off-by: Robert Marko <robimarko@gmail.com>
The function fitblk_get_bootdev doesn't exist any more, using it in
export_bootdevice anyway never made much sense and only worked for
classic block devices.
Just drop /dev/fit* handling there, it isn't needed anywhere.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
A bug has plagued bl2 which caused failure to boot and bricked Linksys
E8450 and Belkin RT3200 devices in case of correctable bitflips being
detected during a read operation. A simple logic error resulted in read
to be considered errornous instead of just continueing in case of
correctable bitflips.
Address this by importing a patch fixing that logic error.
The issue, which has been dubbed as the "OpenWrt Kiss of Death", and is
now a thing of the past.
Users should preemptively update bl2 to prevent their devices being at
risk.
Link: https://github.com/mtk-openwrt/arm-trusted-firmware/pull/11
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Backporting support for the NanoPi R6S from upstream
uboot.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15607
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Upstream uboot have merged in kernel dts files, we need
the update for the rk3588 boards.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15607
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Adding support for the rk3588 platform
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15607
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Instead of enabling RSS support, let's introduce a variant and let users
choose between both variants since it can cause network issues.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Instead of enabling RSS support, let's introduce a variant and let users
choose between both variants since it can cause network issues.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The keys are created differently compared to the old OPKG keys. Instead
of being part of base-files/configure, they are created as a Makefile
requirement of `package/compile`, which is a cleaner solution.
This requirement would only be added to non SDK environments, however
APK always requires keys to be available. Add an `else` case for the SDK
and create keys.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Cambium Networks XE3-4 is a tri-radio Wi-Fi 6/6E 4×4/2×2 AP.
Hardware:
Model: Cambium Networks XE3-4
CPU: IPQ6010/AP-CP01-C3, SoC Version: 1.0 @ 800 MHz
Memory: 1 GiB
Flash: 512 MiB Macronix MX30UF2G18AC + W25Q128FW
Ethernet: 1x 1 GbE (QCA8072)
1x 2.5 GbE (QCA8081)
Buttons: 1x Reset
Serial: TX, RX, GND
Baudrate: 115200
Radios: Qualcomm Atheros IPQ6018 802.11ax - 2x2 - 2GHz
Qualcomm Atheros IPQ6018 802.11ax - 2x2 - 5GHz
Qualcomm Atheros QCN9074 802.11ax - 4x4 - 5GHz or 6GHz
BLE 4.1
Power: 32.0W 802.3bt5 PoE++
25.5W 802.3at with USB, BT disabled
Size: 215mm x 215mm
Ports: 1x USB 2.0
Antenna: 6 GHz: 6.29 dBi, Omni 30 dBm
5 GHz: 6.12 dBi, Omni 31 dBm
2.4 GHz: 4.85 dBi, Omni 29 dBm
LEDs: Multi-color status LEDs
Mounting: Wall, ceiling or T-bar
Installation: Serial connection
1. Open the AP to get access to the board. Connect RX, TX and GND.
2. Power on the AP, and short the CS pin of the SPI flash with
one of the APs GND pins.
3. Transfer the initramfs image with TFTP
(Default server IP is 192.168.0.120)
# tftpboot factory.ubi
4. Flash the rootfs partition
# flash rootfs
5. Reboot the AP
# reset
Signed-off-by: Kristian Skramstad <kristian+github@83.no>
Link: https://github.com/openwrt/openwrt/pull/15633
Signed-off-by: Robert Marko <robimarko@gmail.com>
6.1.103 and 6.6.44 introduced breakage complaining about missing mtd_test.ko
for some targets.
Signed-off-by: Zxl hhyccc <zxlhhy@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16093
Signed-off-by: Robert Marko <robimarko@gmail.com>
Initially APK would sign packages and package index and verify
signatures individually. With the latest change, all packages inside a
trusted index are automatically trusted.
This is important within the OpenWrt eco-system since signing the index
happens on another machine than the package creation.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Compilation of mtd_test.ko should be added only for kernel 6.6 or above.
Fixes 26df88a ("kernel: Add kmod-mfd-test")
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/16085
Signed-off-by: Robert Marko <robimarko@gmail.com>
Bump omnia-mcutool to 0.3-rc3:
* The `--upgrade` option will now work even if MCU is in bootloader (for
example if previous upgrade was aborted).
* On boards with GD32 MCUs, `omnia-mcutool` will now refuse to upgrade
application firmware to version lower than 4.1 if bootloader version
is 2.0 (the original for first batch of boards with GD32 MCUs) since
these versions of application and bootloader are not compatible.
If user already upgraded to such a combination, an upgrade of
bootloader firmware is required.
The `--upgrade` option will inform about this and will automatically
upgrade bootloader firmware if the `--force` option is given.
(Note that version 4.1 of the MCU firmware was will be released soon,
once it is properly tested.)
* Various other improvements.
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/16086
Signed-off-by: Robert Marko <robimarko@gmail.com>
6.6.44 introduced breakage complaining about missing mtd_test.ko
for some targets.
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/16061
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch backports fixes for a security vulnerability impacting the
hostapd implementation of SAE H2E.
As upgrading hostapd would require more testing, the second mitigation
step which involves backporting several patches was adopted as outlined
in the official advisory[1].
An explanation of the impact of the vulnerability is provided from the
advisory[1]:
This vulnerability allows the attacker to downgrade the negotiated group
to another enabled group if both the AP and STA have enabled SAE H2E and
multiple groups. It should be noted that the H2E option is not enabled
by default and the attack is not applicable to the default option, i.e.,
hunting-and-pecking, since it does not have any downgrade protection for
group negotiation. In addition, the default configuration for enabled
SAE groups in hostapd is to enable only a single group, so the
vulnerability is not applicable unless hostapd has been explicitly
configured to enable more groups for SAE.
[1]: https://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16042
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add a new utility, omnia-mcutool, which main purpose is to upgrade the
firmware on the microcontroller on the Turris Omnia router. Depends on
omnia-mcu-firmware, and the upgrade process is pretty simple:
omnia-mcutool --upgrade
Besides firmware upgrade, the utility can be used to show and configure
various firmware settings.
Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add a new package, omnia-mcu-firmware, containing firmware binaries for
the microcontroller on the Turris Omnia router.
Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
Handle the KEY_VENDOR key in gpio-button-hotplug driver. This is used
by Turris Omnia.
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
68c8a4f system-linux: re-apply ethtool on phy attachment
890929b wireless: add support for defining wifi interfaces via procd service data
b57e40b wireless: use blobmsg_parse_attr
7a6532f proto-shell: add proto property for skipping device config
33ec3da CMake: bump the minimum required CMake version to 3.5
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Build the amd64-microcode package on all architectures even if it only
makes sense to use it on x86. If the package build is done by a builder
not building for x86 it will not include the package otherwise.
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different target.
Fixes: 24d6abe2d7 ("firmware-utils: new package replacing otrx")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different target.
Fixes: 8619d7af67 ("kirkwood: add D-Link DNS-320L support")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different target.
Fixes: 1eb21b87bd ("kobs-ng: add new package")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different target.
Fixes: 07043a853a ("imx23: rename imx23 to mxs for upcoming imx23/28 support")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Package the firmware files in the target specific build step and not in
the architecture common step. The architecture common step is not
necessary build for the ipq40xx target. If it is build for a different
target these packages are not packaged at all. This moves the build to
the ipq40xx target specific build step. This change is needed to make
the firmware files show up in the buildbot images.
Fixes: 02db8a19cb ("firmware: add Intel/Lantiq VRX518 ACA firmware package")
Fixes: 07b0e6f3d9 ("firmware: add Intel/Lantiq VRX518 PPE firmware package")
Fixes: 13eb1f564a ("firmware: add Intel/Lantiq VRX518 DSL firmware package")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Radxa ROCK Pi E v3.0 is a compact networking SBC[1] using the Rockchip
RK3328 SoC.
Hardware
--------
- Rockchip RK3328 SoC
- Quad A53 CPU
- 512MB/1GB/2GB DDR4 RAM
- 4/8/16/32GB eMMC
- Micro SD Card slot
- WiFi 4 and BT 4, or WiFi 5 and BT 5 (not supported yet)
- 1x 1000M Ethernet with PoE support (additional PoE HAT required)
- 1x 100M Ethernet
- 1x USB 3.0 Type-A port (Host)
- 1x 4-ring 3.5mm headphone jack
- 40 Pin GPIO header
[1] https://radxa.com/products/rockpi/pie
Installation
------------
Uncompress the OpenWrt sysupgrade and write it to a micro SD card or
internal eMMC using dd.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15984
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The file contains the the /usr/lib path from the toolchain directory and
not from the target directory. The /usr/lib directory for the toolchain
is empty and the shared library is not in the specified paths. On RISCV
the linker of util-linux was finding the libncursesw.so in my host
system, tried to link against it and failed. Fix the .pc file.
Fixes: #15942
Co-authored-by: Thomas Weißschuh <thomas@t-8ch.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://github.com/openwrt/openwrt/pull/16018
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add support for NEC Aterm series devices based on Atheros AR9344.
The following devices have almost the same hardware, so the same U-Boot
binary can be used for them.
- NEC Aterm WR8750N
- NEC Aterm WR9500N
- NEC Aterm WG600HP
By the way, on NetBSD-based NEC Aterm devices, only 0x20000 (128KiB) is
available for a bootloader on the flash chip and that limitation is too
small for mainline U-Boot with the default options. So many
features/commands not required for booting OpenWrt and recoverying are
disabled on that devices, like the followings.
- networking support
- FIT support
- all decompression methods support
etc...
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15432
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add U-Boot package for the devices that based on Atheros/Qualcomm
Atheros SoCs.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15432
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
By default nand_do_upgrade() can only deal with raw and gzipped firmware
files. Vendors often use custom firmware containers. Allow passing
custom extraction command to allow using nand_do_upgrade() with vendor
firmwares.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Same as TP-Link TL-XDR608x, this router comes with locked vendor
loader. Add U-Boot build for replacement loader for this device.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/15930
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Radxa ROCK Pi S is a small in size, full in features SBC[1] using the
Rockchip RK3308B SoC.
Hardware
--------
- Rockchip RK3308B SoC
- Quad A35 CPU
- 256/512MB DDR3 RAM
- Optional 4/8GB eMMC
- Micro SD Card slot
- Optional WiFi 4 and BT 4 (not supported yet)
- 1x 100M Ethernet with PoE support (additional PoE HAT required)
- 1x USB 2.0 Type-A port (Host)
- 1x USB 2.0 Type-C port (OTG)
- 2x 26 Pin GPIO header
[1] https://radxa.com/products/rockpi/pis
Installation
------------
Uncompress the OpenWrt sysupgrade and write it to a micro SD card or
internal eMMC using dd.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15933
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is required by the DSL CPE API driver.
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[update for new license]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15550
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This firmware is used by the vrx518 tc driver.
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[update for new license]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15550
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This firmware is used by the vrx518 ep driver.
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[update for new license]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15550
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add the package for the Pixart PAC7302 USB Camera Driver kernel module.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15886
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
If we're being paranoid and quote all the arguments to ipcalc.sh,
it's possible to pass in empty start and range arguments. This
should be handled the same as their being absent.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Link: https://github.com/openwrt/openwrt/pull/15946
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Huawei AP6010DN is a dual-band, dual-radio 802.11a/b/g/n 2x2 MIMO
enterprise access point with one Gigabit Ethernet port and PoE
support.
Hardware highlights:
- CPU: AR9344 SoC at 480MHz
- RAM: 128MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: AR9344-internal radio
- Wi-Fi 5GHz: AR9580 PCIe WLAN SoC
- Ethernet: 10/100/1000 Mbps Ethernet through Atheros AR8035 PHY
- PoE: yes
- Standalone 12V/2A power input
- Serial console externally available through RJ45 port
- External watchdog: CAT706SVI (1.6s timeout)
Serial console:
9600n8 (9600 baud, no stop bits, no parity, 8 data bits)
MAC addresses:
Each device has 32 consecutive MAC addresses allocated by
the vendor, which don't overlap between devices.
This was confirmed with multiple devices with consecutive
serial numbers.
The MAC address range starts with the address on the label.
To be able to distinguish between the interfaces,
the following MAC address scheme is used:
- eth0 = label MAC
- radio0 (Wi-Fi 2.4GHz) = label MAC + 1
- radio1 (Wi-Fi 5GHz) = label MAC + 2
Installation:
0. Connect some sort of RJ45-to-USB adapter to "Console" port of the AP
1. Power up the AP
2. At prompt "Press f or F to stop Auto-Boot in 3 seconds",
do what they say.
Log in with default admin password "admin@huawei.com".
3. Boot the OpenWrt initramfs from TFTP using the hidden script "run ramboot".
Replace IP address as needed:
> setenv serverip 192.168.1.10
> setenv ipaddr 192.168.1.1
> setenv rambootfile openwrt-ath79-generic-huawei_ap6010dn-initramfs-kernel.bin
> saveenv
> run ramboot
4. Optional but recommended as the factory firmware cannot be downloaded publicly:
Back up contents of "firmware" partition using the web interface or ssh:
$ ssh root@192.168.1.1 cat /dev/mtd11 > huawei_ap6010dn_fw_backup.bin
5. Run sysupgrade using sysupgrade image. OpenWrt
shall boot from flash afterwards.
Return to factory firmware (using firmware upgrade package downloaded from non-public Huawei website):
1. Start a TFTP server in the directory where
the firmware upgrade package is located
2. Boot to u-boot as described above
3. Install firmware upgrade package and format the config partitions:
> update system FatAP6X10XN_SOMEVERSION.bin
> format_fs
Return to factory firmware (from previously created backup):
1. Copy over the firmware partition backup to /tmp,
for example using scp
2. Use sysupgrade with force to restore the backup:
sysupgrade -F huawei_ap6010dn_fw_backup.bin
3. Boot AP to U-Boot as described above
Quirks and known issues:
- The stock firmware has a semi dual boot concept where the primary
kernel uses a squashfs as root partition and the secondary kernel uses
an initramfs. This dual boot concept is circumvented on purpose to gain
more flash space and since the stock firmware's flash layout isn't
compatible with mtdsplit.
- The external watchdog's timeout of 1.6s is very hard to satisfy
during bootup. This is why the GPIO15 pin connected to the watchdog input
is configured directly in the LZMA loader to output the AHB_CLK/2 signal
which keeps the watchdog happy until the wdt-gpio kernel driver takes
over. Because it would also take too long to read the whole kernel image
from flash, the uImage header only includes the loader which then reads
the kernel image from flash after GPIO15 is configured.
Signed-off-by: Marco von Rosenberg <marcovr@selfnet.de>
Link: https://github.com/openwrt/openwrt/pull/15941
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hardware specification:
SoC: MediaTek MT7981B 2x A53
Flash: 128 MB SPI-NAND
RAM: 256MB
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976C
Button: Reset, Mesh
Power: DC 12V 1A
Gain telnet access:
1. Login into web interface, and download the configuration.
2. Decode and uncompress the configuration:
* Enter fakeroot if you are not login as root.
base64 -d e-xxxxxxxxxxxx-cfg.tar.gz | tar -zx
3. Edit 'etc/passwd', remove root password: 'root::1:0:99999:7:::'.
4. Edit 'etc/rc.local', insert telnetd command before 'exit 0':
( sleep 3s; /usr/sbin/telnetd; ) &
5. Repack the configuration:
tar -zc etc/ | base64 > e-xxxxxxxxxxxx-cfg.tar.gz
6. Upload new configuration via web interface, now you can connect to
ASR3000 via telnet.
Flash instructions:
1. Connect to ASR3000, backup everything, especially 'Factory' part.
2. Write new BL2:
mtd write openwrt-mediatek-filogic-abt_asr3000-preloader.bin BL2
3. Write new FIP:
mtd write openwrt-mediatek-filogic-abt_asr3000-bl31-uboot.fip FIP
4. Set static IP on your PC:
IP 192.168.1.254/24, GW 192.168.1.1
5. Serve OpenWrt initramfs image using TFTP server.
6. Cut off the power and re-engage, wait for TFTP recovery to complete.
7. After OpenWrt has booted, perform sysupgrade.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/15887
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch cleans up the following warnings during build:
"warning: format not a string literal"
```
conf.c: In function 'conf_askvalue':
conf.c:89:17: warning: format not a string literal and no format arguments [-Wformat-security]
89 | printf(_("(NEW) "));
| ^~~~~~
conf.c: In function 'conf_choice':
conf.c:285:33: warning: format not a string literal and no format arguments [-Wformat-security]
285 | printf(_(" (NEW)"));
| ^~~~~~
conf.c: In function 'check_conf':
conf.c:440:41: warning: format not a string literal and no format arguments [-Wformat-security]
440 | printf(_("*\n* Restart config...\n*\n"));
| ^~~~~~
conf.c: In function 'main':
conf.c:617:41: warning: format not a string literal and no format arguments [-Wformat-security]
617 | _("\n*** The configuration requires explicit update.\n\n"));
| ^
conf.c:669:25: warning: format not a string literal and no format arguments [-Wformat-security]
669 | fprintf(stderr, _("\n*** Error during writing of the configuration.\n\n"));
| ^~~~~~~
conf.c:673:25: warning: format not a string literal and no format arguments [-Wformat-security]
673 | fprintf(stderr, _("\n*** Error during update of the configuration.\n\n"));
| ^~~~~~~
conf.c:684:25: warning: format not a string literal and no format arguments [-Wformat-security]
684 | fprintf(stderr, _("\n*** Error during writing of the configuration.\n\n"));
| ^~~~~~~
```
And POSIX Yacc warnings
```
lex -ozconf.lex.c -L zconf.l
yacc -ozconf.tab.c -t -l zconf.y
zconf.y:34.1-7: warning: POSIX Yacc does not support %expect [-Wyacc]
34 | %expect 32
| ^~~~~~~
zconf.y:97.1-11: warning: POSIX Yacc does not support %destructor [-Wyacc]
97 | %destructor {
| ^~~~~~~~~~~
gcc -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -DKBUILD_NO_NLS -c -o zconf.tab.o zconf.tab.c
gcc conf.o zconf.tab.o -o conf
```
After:
gcc -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -DKBUILD_NO_NLS -c -o conf.o conf.c
yacc -Wno-yacc -ozconf.tab.c -t -l zconf.y
gcc -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -DKBUILD_NO_NLS -c -o zconf.tab.o zconf.tab.c
gcc conf.o zconf.tab.o -o conf
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/15953
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
NAND code uses either "cat" or "zcat" for getting firmware image
content. Code was full of duplicated ${gz}cat calls. Use "cmd" variable
that is determined by a caller and passed to lower level functions. This
avoids code duplication and allows adding support for more formats.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The function was moved to /lib/upgrade/fit.sh which is part of the fitblk
package. Remove it from /lib/upgrade/common.sh to safe space on boards
not using unified uImage.FIT images.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use export_fitblk_bootdev() in /lib/upgrade/fit.sh instead of now
deprecated fitblk_get_bootdev() function. Include /lib/upgrade/fit.sh
instead of /lib/upgrade/common.sh to allow removing the function there.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Move shell functions used for sysupgrade into /lib/upgrade/fit.sh.
Introduce improved fitblk boot device detection function which
works also in case ubiblock devices have not yet been created or
even UBI itself not yet being attached.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes multiple security problems:
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.
* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.
* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.
Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.
Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
408c2cc libfstools: skip JFFS2 padding when BLOCKSIZE was given
013050f fstools: remove redundant F2FS_MINSIZE definition
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There is no point in hard-coding the UBI volume numbers as we are
dynamically looking up the volume by volume name in all cases by now.
Remove this relict as it causes problems without being useful for
anything.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1. Rename function _do_env_set() to env_do_env_set().
2. Replace kwbimage hack with UBOOT_CUSTOMIZE_CONFIG:
"--disable TOOLS_KWBIMAGE" and "--disable TOOLS_LIBCRYPTO".
3. Disable CONFIG_CMD_BOOTEFI_BOOTMGR for all supported devices
because the newly added UEFI bootmenu entries doesn't work.
4. Enable CONFIG_VERSION_VARIABLE for the OpenWrt One.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>