Commit Graph

18725 Commits

Author SHA1 Message Date
Josef Schlehofer
362695acdf kernel: add kmod-video-gspca-sq930x
This module adds support for USB WebCams, which uses SQ930X chip [1].

[1] https://cateee.net/lkddb/web-lkddb/USB_GSPCA_SQ930X.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2021-12-05 18:49:14 +01:00
Josef Schlehofer
fcb82e42df kernel: btrfs: enable ACL
By default CONFIG_BTRFS_FS_POSIX_ACL is disabled, it should be enabled
only when you enable CONFIG_FS_POSIX_ACL.

Right now, when you enable CONFIG_FS_POSIX_ACL it will enable
CONFIG_BTRFS_FS_POSIX_ACL, but it will be disabled once you install
kmod-btrfs. This should prevent it.

Btrfs has enabled by default ACL for mount option.

More details:
https://cateee.net/lkddb/web-lkddb/BTRFS_FS_POSIX_ACL.html
https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5)

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
2021-12-05 18:49:14 +01:00
Hans Dedecker
eddb51392a nat46: update to latest git HEAD
d9bc161 nat46-core: Fix typo since day one (#31)
840e235 Fix coverity issues observed so far (#30)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-12-05 18:40:19 +01:00
Florian Eckert
dd681838d3 base-files: fix service_running check
The following command checks if a instance of a service is running.
/etc/init.d/<service> running <instance>

 In the variable `$@`, which is passed to the function
`service_running`, the first argument is always the `instance` which
should be checked. Because all other variables where removed from `$@`
with `shift`.

Before this change the first argument of `$@` was set to the `$service`
Variable. So the function does not work as expected. The `$service`
variable was always the instance which should be checked. This is not
what we want.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
2021-12-04 09:39:11 +09:00
Tan Zien
1add2c0d95 firmware: intel-microcode: update to 20210608
intel-microcode (3.20210608.2)

  * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and
    debian/changelog (3.20210608.1).

intel-microcode (3.20210608.1)

  * New upstream microcode datafile 20210608 (closes: #989615)
    * Implements mitigations for CVE-2020-24511 CVE-2020-24512
      (INTEL-SA-00464), information leakage through shared resources,
      and timing discrepancy sidechannels
    * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465),
      Domain-bypass transient execution vulnerability in some Intel Atom
      Processors, affects Intel SGX.
    * Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel
      VT-d privilege escalation
    * Fixes critical errata on several processors
    * New Microcodes:
      sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104
      sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648
      sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648
      sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568
      sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208
      sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328
      sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456
      sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456
      sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352
    * Updated Microcodes:
      sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816
      sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456
      sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472
      sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744
      sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816
      sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864
      sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720
      sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720
      sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648
      sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576
      sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576
      sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456
      sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408
      sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360
      sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472
      sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264
      sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752
      sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776
      sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592
      sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768
      sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400
      sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
      sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
      sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184
      sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208
      sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208
      sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208
      sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184
  * source: update symlinks to reflect id of the latest release, 20210608

intel-microcode (3.20210216.1)

  * New upstream microcode datafile 20210216
    * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
      and Cascade Lake Server (B0/B1) when using an active JTAG
      agent like In Target Probe (ITP), Direct Connect Interface
      (DCI) or a Baseboard Management Controller (BMC) to take the
      CPU JTAG/TAP out of reset and then returning it to reset.
    * This issue is related to the INTEL-SA-00381 mitigation.
    * Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
  * source: update symlinks to reflect id of the latest release, 20210216

intel-microcode (3.20201118.1)

  * New upstream microcode datafile 20201118
    * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake
      processors.  Note that Debian already had removed this specific falty
      microcode update on the 3.20201110.1 release
    * Add a microcode update for the Pentium Silver N/J5xxx and Celeron
      N/J4xxx which didn't make it to release 20201110, fixing security issues
      (INTEL-SA-00381, INTEL-SA-00389)
    * Updated Microcodes:
      sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
    * Removed Microcodes:
      sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520

intel-microcode (3.20201110.1)

  * New upstream microcode datafile 20201110 (closes: #974533)
    * Implements mitigation for CVE-2020-8696 and CVE-2020-8698,
      aka INTEL-SA-00381: AVX register information leakage;
      Fast-Forward store predictor information leakage
    * Implements mitigation for CVE-2020-8695, Intel SGX information
      disclosure via RAPL, aka INTEL-SA-00389
    * Fixes critical errata on several processor models
    * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320)
      for Skylake-U/Y, Skylake Xeon E3
    * New Microcodes
      sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648
      sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768
      sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
      sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184
      sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208
      sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184
      sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184
    * Updated Microcodes
      sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816
      sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472
      sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792
      sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840
      sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224
      sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224
      sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408
      sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360
      sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472
      sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776
      sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568
      sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448
      sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448
      sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448
      sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448
      sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424
      sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448
      sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424
      sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424
      sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208
  * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot
    https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
    INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED
    FOR 0x806c1 TIGER LAKE PROCESSORS by this package update.  Contact your
    system vendor for a firmware update, or wait fo a possible fix in a future
    Intel microcode release.
  * source: update symlinks to reflect id of the latest release, 20201110
  * source: ship new upstream documentation (security.md, releasenote.md)

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
[used different .tar.xz source, but with the same content]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-03 22:40:13 +01:00
Felix Fietkau
fc4398fe71 mt76: update to the latest version
71e08471ab56 mt76: eeprom: fix return code on corrected bit-flips
9a8fc6636d83 mt76: move sar_capa configuration in common code
7cdbea1dc82a mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr
678071ef7029 mt76: mt7615: clear mcu error interrupt status on mt7663

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-03 10:56:49 +01:00
TruongSinh Tran-Nguyen
febc2b831f
ipq40xx: add support for GL.iNet GL-B2200
This patch adds supports for the GL-B2200 router.

Specifications:
  - SOC: Qualcomm IPQ4019 ARM Quad-Core
  - RAM: 512 MiB
  - Flash: 16 MiB NOR - SPI0
  - EMMC: 8GB EMMC
  - ETH: Qualcomm QCA8075
  - WLAN1: Qualcomm Atheros QCA4019 2.4GHz 802.11b/g/n 2x2
  - WLAN2: Qualcomm Atheros QCA4019 5GHz 802.11n/ac W2 2x2
  - WLAN3: Qualcomm Atheros QCA9886 5GHz 802.11n/ac W2 2x2
  - INPUT: Reset, WPS
  - LED: Power, Internet
  - UART1: On board pin header near to LED (3.3V, TX, RX, GND), 3.3V without pin - 115200 8N1
  - UART2: On board with BLE module
  - SPI1: On board socket for Zigbee module

Update firmware instructions:
Please update the firmware via U-Boot web UI (by default at 192.168.1.1, following instructions found at
https://docs.gl-inet.com/en/3/troubleshooting/debrick/).
Normal sysupgrade, either via CLI or LuCI, is not possible from stock firmware.
Please do use the *gl-b2200-squashfs-emmc.img file, gunzipping the produced *gl-b2200-squashfs-emmc.img.gz one first.

What's working:
- WiFi 2G, 5G
- WPA2/WPA3

Not tested:
- Bluetooth LE/Zigbee

Credits goes to the original authors of this patch.

V1->V2:
- updates *arm-boot-add-dts-files.patch correctly (sorry, my mistake)
- add uboot-envtools support
V2->V3:
- Li Zhang updated official patch to fix wrong MAC address on wlan0 (PCI) interface
V3->V4:
- wire up sysupgrade

Signed-off-by: Li Zhang <li.zhang@gl-inet.com>
[fix tab and trailing space, document what's working and what's not]
Signed-off-by: TruongSinh Tran-Nguyen <i@truongsinh.pro>
[rebase on top of master, address remaining comments]
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
[remove redundant check in platform.sh]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-12-02 20:43:07 +00:00
Enrico Mioso
57c1f3f9c5
base-files: add eMMC sysupgrade support
Adds generic support for sysupgrading on eMMC-based devices.

Provide function emmc_do_upgrade and emmc_copy_config to be used in
/lib/upgrade/platform.sh instead of redundantly implementing the same
logic over and over again.
Similar to generic sysupgrade on NAND, use environment variables
CI_KERNPART, CI_ROOTPART and newly introduce CI_DATAPART to indicate
GPT partition names to be used. On devices with more than one MMC
block device, CI_ROOTDEV can be used to specify the MMC device for
partition name lookups.

Also allow to select block devices directly using EMMC_KERN_DEV,
EMMC_ROOT_DEV and EMMC_DATA_DEV, as using GPT partition names is not
always an option (e.g. when forced to use MBR).

To easily handle writing kernel and rootfs make use of sysupgrade.tar
format convention which is also already used for generic NAND support.

Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
CC: Li Zhang <li.zhang@gl-inet.com>
CC: TruongSinh Tran-Nguyen <i@truongsinh.pro>
2021-12-02 20:42:58 +00:00
Felix Fietkau
a1a71a7199 mac80211: fix tx aggregation locking issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-02 14:11:21 +01:00
Felix Fietkau
15d8c7aa74 mac80211: fix queue assignment of aggregation start requests
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-02 13:52:18 +01:00
Felix Fietkau
7e15390056 mt76: update to the latest version
a6451fea5a3d mt76: mt7615: improve wmm index allocation
1911486414dc mt76: mt7915: improve wmm index allocation
7998a41d1321 mt76: clear sta powersave flag after notifying driver
664475574438 mt76: mt7603: introduce SAR support
5c0da39c940b mt76: mt7915: introduce SAR support
77fc6c439a32 mt76: mt7603: improve reliability of tx powersave filtering
094b3d800835 firmware: update mt7663 rebb firmware to 20200904171623
25237b19bcc1 mt76: eeprom: tolerate corrected bit-flips
1463cb4c6ac2 mt76: mt7921: fix boolreturn.cocci warning
586bad6020f7 mt76: mt7921: use correct iftype data on 6GHz cap init
8ec95c910425 mt76: mt7921s: fix bus hang with wrong privilege
688e30c7d854 firmware: update mt7921 firmware to version 20211014
6fad970893dd mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi
95acf972750c mt76: fix 802.3 RX fail by hdr_trans
3f402b0cf6c0 mt76: mt7921s: fix possible kernel crash due to invalid Rx count
929a03a8d65d mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-02 12:44:34 +01:00
Christian Lamparter
25bc66eb40 ca-certificates: fix python3-cryptography woes in certdata2pem.py
This patch is a revert of the upstream patch to Debian's ca-certificate
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")

The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.

|Traceback (most recent call last):
|  File "certdata2pem.py", line 125, in <module>
|    cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1

...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
|  File "/certdata2pem.py", line 31, in <module>
|    from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'

More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."

Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-01 17:52:35 +01:00
Felix Fietkau
fbc9ce779f hostapd: make hostapd/supplicant/wpad packages depend on a specific version of hostapd-commoon
This avoids potential version mismatch between packages when upgraded
individually

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-01 16:39:12 +01:00
Felix Fietkau
b7ce8a8c17 qosify: remove bulk flow detection from default ports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-01 16:39:12 +01:00
Felix Fietkau
ac83015621 qosify: add besteffort class and switch all default classifications to class names
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-01 16:39:12 +01:00
Stijn Tintel
6832271ee7 nftables: bump to 1.0.1
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-01 00:39:36 +02:00
Stijn Tintel
7f7034d79f libnftnl: bump to 1.2.1
This version is required by nftables 1.0.1.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-01 00:39:26 +02:00
Christian Lamparter
7c99085bd6 ca-certicficates: Update to version 20211016
Update the ca-certificates and ca-bundle package from version 20210119 to
version 20211016.

Debian change-log entry [1]:
|[...]
|[ Julien Cristau ]
|* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
|    bundle to version 2.50
|    The following certificate authorities were added (+):
|    + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
|    + "GlobalSign Root R46"
|    + "GlobalSign Root E46"
|    + "GLOBALTRUST 2020"
|    + "ANF Secure Server Root CA"
|    + "Certum EC-384 CA"
|    + "Certum Trusted Root CA"
|    The following certificate authorities were removed (-):
|    - "QuoVadis Root CA"
|    - "Sonera Class 2 Root CA"
|    - "GeoTrust Primary Certification Authority - G2"
|    - "VeriSign Universal Root Certification Authority"
|    - "Chambers of Commerce Root - 2008"
|    - "Global Chambersign Root - 2008"
|    - "Trustis FPS Root CA"
|    - "Staat der Nederlanden Root CA - G3"
|  * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
|[...]

[1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-11-30 20:14:26 +01:00
Kevin Darbyshire-Bryant
7a48dfc90c nftables: install package file
Install pc file so dnsmasq can find libnftables

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-11-30 15:16:17 +00:00
Oldřich Jedlička
8d6a534cc1 mac80211: fixed missing cfg80211 dependency on kmod-rfkill
When compiling with CONFIG_USE_RFKILL=y, the build fails and mentions that
dependency on kmod-rfkill is missing, which is correct [1]. Add this
dependency to the Makefile.

Depend on +USE_RFKILL and not PACKAGE_kmod-rfkill, because it forces
selection of kmod-rfkill package. Other combinations in DEPENDS like
USE_RFKILL:kmod-rfkill or (+)PACKAGE_kmod-rfkill:kmod-rfkill do not force
selection of kmod-rfkill package.

The kmod-rfkill package itself depends on USE_RFKILL, so with +USE_RFKILL
in kmod-cfg80211 package it is not possible to select wrong combination of
packages.

[1] https://linux-wireless.vger.kernel.narkive.com/m8JY9Iks/cfg80211-depends-on-rfkill-or-not

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
2021-11-29 22:11:15 +01:00
Robert Marko
040c02497c ath10k-ct: Fix spectral scan NULL pointer
If spectral scan support is enabled then ath10k-ct will cause a NULL
pointer due to relay_open() being called with a const callback struct
which is only supported in kernel 5.11 and later.

So, simply check the kernel version and if 5.11 and newer use the const
callback struct, otherwise use the regular struct.

Fixes: 553a3ac ("ath10k-ct: use 5.15 version")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-11-29 21:48:03 +01:00
Hauke Mehrtens
889043a155 uboot-omap: Remove omap3_overo configuration
The configs/omap3_overo_defconfig file was removed from upstream U-Boot
in commit ed3294d6d1f9 ("arm: Remove overo board"). Remove it in OpenWrt
too. If someone needs this please add it also to upstream U-Boot.

This fixes the compile of the omap target.

Fixes: ffb807ec90 ("omap: update u-boot to 2021.07")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-28 22:26:27 +01:00
Felix Matouschek
1cc3b95efc ipq40xx: Add support for Teltonika RUTX10
This patch adds support for the Teltonika RUTX10.
This device is an industrial DIN-rail router with 4 ethernet ports,
2.4G/5G dualband WiFi, Bluetooth, a USB 2.0 port and two GPIOs.

The RUTX series devices are very similiar so common parts of the DTS
are kept in a DTSI file. They are based on the QCA AP-DK01.1-C1 dev
board.

See https://teltonika-networks.com/product/rutx10 for more info.

Hardware:
  SoC:                 Qualcomm IPQ4018
  RAM:                 256MB DDR3
  SPI Flash 1:         XTX XT25F128B (16MB, NOR)
  SPI Flash 2:         XTX XT26G02AWS (256MB, NAND)
  Ethernet:            Built-in IPQ4018 (SoC, QCA8075), 4x 10/100/1000 ports
  WiFi 1:              Qualcomm QCA4019 IEEE 802.11b/g/n
  Wifi 2:              Qualcomm QCA4019 IEEE 802.11a/n/ac
  USB Hub:             Genesys Logic GL852GT
  Bluetooth:           Qualcomm CSR8510 (A10U)
  LED/GPIO controller: STM32F030 with custom firmware
  Buttons:             Reset button
  Leds:                Power (green, cannot be controlled)
                       WiFi 2.4G activity (green)
                       WiFi 5G activity (green)

MACs Details verified with the stock firmware:
   eth0:             Partition 0:CONFIG Offset: 0x0
   eth1:             = eth0 + 1
   radio0 (2.4 GHz): = eth0 + 2
   radio1 (5.0 GHz): = eth0 + 3
Label MAC address is from eth0.

The LED/GPIO controller needs a separate kernel driver to function.
The driver was extracted from the Teltonika GPL sources and can be
found at following feed: https://github.com/0xFelix/teltonika-rutx-openwrt

USB detection of the bluetooth interface is sometimes a bit flaky. When
not detected power cycle the device. When the bluetooth interface was
detected properly it can be used with bluez / bluetoothctl.

Flash instructions via stock web interface (sysupgrade based):
  1. Set PC to fixed ip address 192.168.1.100
  2. Push reset button and power on the device
  3. Open u-boot HTTP recovery at http://192.168.1.1
  4. Upload latest stock firmware and wait until the device is rebooted
  5. Open stock web interface at http://192.168.1.1
  6. Set some password so the web interface is happy
  7. Go to firmware upgrade settings
  8. Choose
     openwrt-ipq40xx-generic-teltonika_rutx10-squashfs-nand-factory.ubi
  9. Set 'Keep settings' to off
  10. Click update, when warned that it is not a signed image proceed

Return to stock firmware:
  1. Set PC to fixed ip address 192.168.1.100
  2. Push reset button and power on the device
  3. Open u-boot HTTP recovery at http://192.168.1.1
  4. Upload latest stock firmware and wait until the device is rebooted

Note: The DTS expects OpenWrt to be running from the second rootfs
partition. u-boot on these devices hot-patches the DTS so running from the
first rootfs partition should also be possible. If you want to be save follow
the instructions above. u-boot HTTP recovery restores the device so that when
flashing OpenWrt from stock firmware it is flashed to the second rootfs
partition and the DTS matches.

Signed-off-by: Felix Matouschek <felix@matouschek.org>
2021-11-28 18:39:01 +01:00
Matthew Hagan
529eac5371 kernel: add back kmod-leds-tlc591xx
Add back support for the TLC591xx series LEDs which are used in the
ipq806x-based Meraki Cryptid series devices.

This module previously existed for the mvebu platform but was removed
at commit f849c2c832 due to being enabled
in that platform's kernel config.

Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
2021-11-28 17:41:18 +01:00
Robert Marko
3ad229db0b ipq40xx: add support for MikroTik hAP ac3
This adds support for the MikroTik RouterBOARD RBD53iG-5HacD2HnD
(hAP ac³), a  indoor dual band, dual-radio 802.11ac
wireless AP with external omnidirectional antennae, USB port, five
10/100/1000 Mbps Ethernet ports and PoE passthrough.

See https://mikrotik.com/product/hap_ac3 for more info.

Specifications:
 - SoC: Qualcomm Atheros IPQ4019
 - RAM: 256 MB
 - Storage: 16 MB NOR + 128 MB NAND
 - Wireless:
   · Built-in IPQ4019 (SoC) 802.11b/g/n 2x2:2, 3 dBi antennae
   · Built-in IPQ4019 (SoC) 802.11a/n/ac 2x2:2, 5.5 dBi antennae
 - Ethernet: Built-in IPQ4019 (SoC, QCA8075) , 5x 1000/100/10 port,
             passive PoE in, PoE passtrough on port 5
- 1x USB Type A port

Installation:
1. Boot the initramfs image via TFTP
2. Run "cat /proc/mtd" and look for "ubi" partition mtd device number, ex. "mtd1"
3. Use ubiformat to remove MikroTik specific UBI volumes
* Detach the UBI partition by running: "ubidetach -d 0"
* Format the partition by running: "ubiformat /dev/mtdN -y"
Replace mtdN with the correct mtd index from step 2.
3. Flash the sysupgrade image using "sysupgrade -n"

Signed-off-by: Robert Marko <robimarko@gmail.com>
Tested-by: Mark Birss <markbirss@gmail.com>
Tested-by: Michael Büchler <michael.buechler@posteo.net>
Tested-by: Alex Tomkins <tomkins@darkzone.net>
2021-11-28 17:19:52 +01:00
Robert Marko
f2c4064ecb base-files: dont always create kernel UBI volume
Currently nand_upgrade_tar() will pass the kernel length
to nand_upgrade_prepare_ubi() in all cases except for when
the kernel is to be installed in a separate partition as a
binary with the MTD tool.

While this is fine for almost all cases newer MikroTik NAND
devices like hAP ac3 require the kernel to be installed as a
UBIFS packed UBI volume in its own partition.

So, since we have a custom recipe to use ubiformat to flash
the kernel in its partition it makes no sense for sysupgrade
to also install the kernel as a UBI volume in the "ubi"
partition as it only wastes space and will never be used.

So, simply check whether CI_KERNPART is set to "none" and
if so unset the "has_kernel" variable which will in turn
prevent the kernel length from being passed on and then
the kernel UBI volume wont be created for no usefull purpose.

The ath79 MikroTik NAND target has been setting CI_KERNPART
to "none" for a while now altough that was not preventing
the kernel to be installed as UBI volume as well.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-11-28 17:17:22 +01:00
Hannu Nyman
26a7a385bb ath10k-ct: update version to fix DFS for VHT160
Update ath10k-ct to get the upstream fix for
DFS support for VHT160 in the 5.15 based ath10k-ct.
(Switch from 5.10 to 5.15 surfaced the upstream regression.)

* refresh one patch

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2021-11-28 13:57:41 +01:00
Christian Lamparter
49d400191d ath10k: support nvmem-cells for (pre-)calibration
refreshes mac80211 + ath10k-ct patches.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-11-28 01:13:08 +01:00
Mathias Kresin
b7befd8d81 uboot-lantiq: danube: fix hanging lzma kernel uncompression #2
Follow up to commit 565b62cca2. Managed to
hit the very same issue again while playing with the NOR SPL builds.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-11-27 21:49:10 +01:00
Andre Heider
1404ed25b8 uboot-mvebu: update to v2021.10
Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-11-27 19:39:17 +01:00
Andre Heider
50f65a9c46 arm-trusted-firmware-mvebu: bump mv-ddr-marvell to current version
efcad0e Merge pull request #33 from Semihalf/cn913x_cex7_eval
91bed2c cn913x: Add cn913x_cex7_eval config
55139f6 Merge pull request #32 from pali/master
e5573cc ARM: mvebu: a38x: Correct mismatched bound warnings
d83c38b a3700: Remove duplicate check for DDR_TYPE
c0c6bf7 a3700: Put temporary a3700_ddr_type file into $(OBJ_DIR)

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-11-27 19:36:36 +01:00
Andre Heider
b18e87cc39 arm-trusted-firmware-mvebu: bump a3700-utils to current version
With cryptocpp in place we can now update past the point of dropping
the old tbb_linux binary and build it instead.

Hauke confirmed that this also allows this firmware to be built on
aarch64.

97f01f5 Wtpdownloader: Properly retrieve current tty options
a33ff86 Wtpdownloader: Set CREAD tty cflag
af461d2 Wtpdownloader: Fix stuck during opening UART tty device
38c2135 Makefile: Print error when specified CLOCKSPRESET is not valid
f014428 TBB: Remove out-of-dated x86-64 ELF binary tbb_linux
1b6cb50 TBB: Fix compilation with Crypto++ 5.6.5
d9fb291 TBB: Fix memory corruptions by calling correct delete[] operator
d575885 TBB: Fix initializing CCTIM object
b9e1c4e Wtpdownloader: Fix makefile
8f61591 Wtpdownloader: Fix building with gcc 11
eabea5f TBB: Fix building with gcc 11

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-11-27 19:36:36 +01:00
Josef Schlehofer
8d9f462731 arm-trusted-firmware-mvebu: add cryptopp
Based on the Build Instructions for Trusted-Firmware-A [1],
there is a required cryptopp [2].

In the past, it used 'tbb_linux' image tool binary, which seems to
be buggy, deprecated and removed from A3700-utils-marvell and it should
not be used anymore. That's why I removed 001-imagetool.patch, which is
no longer necessary.

[1] https://trustedfirmware-a.readthedocs.io/en/v2.5/plat/marvell/armada/build.html
[2] https://cryptopp.com/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2021-11-27 19:36:36 +01:00
Kerma Gérald
35b0dc36a3 arm-trusted-firmware-mvebu: fix commit ids to for mv-ddr-marvell
without this patch a3700-utils/tim/ddr/ddr_tool.verstr contains the OpenWrt commit ID.
this patch fix the mv_ddr version commit ID by using the global variable MV_DDR_COMMIT_ID.

Upon boot it now prints "mv_ddr-devel-g02e23dbc-d DDR4 16b 1GB 1CS".

Cc: Andre Heider <a.heider@gmail.com>
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
2021-11-27 19:36:36 +01:00
Ansuel Smith
553a3ac221 ath10k-ct: use 5.15 version
We switched to mac80211 5.15 backport version.
Also switch ath10k-ct to 5.15 and drop the mac address patch
that got merged upstream.
Compile and tested on ipq806x Netgear R7800.
Also update the ath10k-ct to latest version to fix a typo
for the new version in the kernel log.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2021-11-27 01:11:05 +01:00
Felix Fietkau
b92a9f607b mac80211: fix a regression in generating radiotap headers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-26 08:42:37 +01:00
Felix Fietkau
68189835ac mac80211: backport fix for dealing with stripped IV on rx
This fixes potental rx drop issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-26 08:42:36 +01:00
David Bauer
3ba9846842 hostapd: add beacon_interval to get_status ubus output
Add the beacon interval to hostapd status output. This allows external
services to discover the beacon interval for a specific VAP.

This way, external wireless management daemons can correctly calculate
fields containing TBTT value from absolute time-values.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-11-25 02:41:42 +01:00
Felix Fietkau
f84053af5c hostapd: add a patch that allows processing auth requests for peers in blocked state
If authentication fails repeatedly e.g. because of a weak signal, the link
can end up in blocked state. If one of the nodes tries to establish a link
again before it is unblocked on the other side, it will block the link to
that other side. The same happens on the other side when it unblocks the
link. In that scenario, the link never recovers on its own.

To fix this, allow restarting authentication even if the link is in blocked
state, but don't initiate the attempt until the blocked period is over.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-24 18:26:47 +01:00
Felix Fietkau
d439c7d85a mac80211: add a fix for kernel warnings when forwarding packets in mesh mode
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-24 15:39:34 +01:00
Felix Fietkau
ddd977fcc5 mac80211: fix regression in SSN handling of addba tx
Some drivers that do their own sequence number allocation (e.g. ath9k, mwlwifi) rely
on being able to modify params->ssn on starting tx ampdu sessions.
This was broken by a change that modified it to use sta->tid_seq[tid] instead.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-24 15:39:34 +01:00
Mark Mentovai
398cbb76fa
hostapd: allow hostapd under ujail to communicate with hostapd_cli
When procd-ujail is available, 1f78538387 runs hostapd as user
"network", with only limited additional capabilities (CAP_NET_ADMIN and
CAP_NET_RAW).

hostapd_cli (CONFIG_PACKAGE_hostapd-utils) communicates with hostapd
over a named UNIX-domain socket. hostapd_cli is responsible for creating
this socket at /tmp/wpa_ctrl_$pid_$counter. Since it typically runs as
root, this endpoint is normally created with uid root, gid root, mode
0755. As a result, hostapd running as uid network is able to receive
control messages sent through this interface, but is not able to respond
to them. If debug-level logging is enabled (CONFIG_WPA_MSG_MIN_PRIORITY
<= 2 at build, and log_level <= 2 in /etc/config/wireless wifi-device),
this message will appear from hostapd:

CTRL: sendto failed: Permission denied

As a fix, hostapd_cli should create the socket node in the filesystem
with uid network, gid network, mode 0770. This borrows the presently
Android-only strategy already in hostapd intended to solve the same
problem on Android.

If procd-ujail is not available and hostapd falls back to running as
root, it will still be able to read from and write to the socket even if
the node in the filesystem has been restricted to the network user and
group. This matches the logic in
package/network/services/hostapd/files/wpad.init, which sets the uid and
gid of /var/run/hostapd to network regardless of whether procd-ujail is
available.

As it appears that the "network" user and group are statically allocated
uid 101 and gid 101, respectively, per
package/base-files/files/etc/passwd and USERID in
package/network/services/hostapd/Makefile, this patch also uses a
constant 101 for the uid and gid.

Signed-off-by: Mark Mentovai <mark@moxienet.com>
[refreshed patch]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-23 18:53:31 +00:00
Felix Fietkau
5aa62cb799 mt76: update to the latest version
f0a5b1118fa4 mt76: mt7915: fix decap offload corner case with 4-addr VLAN frames
67f93aa9a207 mt76: mt7615: fix decap offload corner case with 4-addr VLAN frames
46261d4bbfb5 mt76: fix possible pktid leak
a7fdd272efee mt76: mt7921: move mt76_connac_mcu_set_hif_suspend to bus-related files
3d9e13f567a4 mt76: mt7921s: fix the device cannot sleep deeply in suspend
99225b985cbc mt76: mt7615: fix unused tx antenna mask in testmode

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-23 16:59:54 +01:00
Felix Fietkau
d1ea575baa mac80211: fix crash in drivers relying on mac80211 retransmitting packets for powersave clients
This showed up primarily on rt2x00

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-23 16:49:37 +01:00
Oldřich Jedlička
1818157daa dnsmasq: fix ismounted check
Fix the return value, shell return codes should be 0 to indicate success
(i.e. mount point found), 1 should be failure (i.e. mount point not-found).

Fixes: ac4e8aa ("dnsmasq: fix more dnsmasq jail issues")
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
2021-11-23 14:57:52 +00:00
Jo-Philipp Wich
50bc06e774 procd: setup /dev/stdin, /dev/stdout and /dev/stderr symlinks
Extend the hotplug.json ruleset to setup the common /dev/std{in,out,err}
symbolic links which are needed by some applications, e.g. nftables when
applying rulesets from stdin.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-11-23 14:03:39 +00:00
Daniel Golle
507f50df07
procd: update to git HEAD
8de12de system: add diskfree infos to ubus
 bf3fe0e service: move jail parsing to end of instance parser
 87b5836 procd: add full service shutdown prior to sysupgrade
 01ac2c4 procd: service_stop_all: also kill inittab actions

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-23 14:03:23 +00:00
Felix Fietkau
7a496e4b4b qosify: update to the latest version
06872673c10f map: allow referring to a class index directly in tcp/udp default entries

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-22 17:23:15 +01:00
Felix Fietkau
3a1597c7bd qosify: install hotplug handler into /etc/hotplug.d/iface as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-22 17:23:15 +01:00
Felix Fietkau
24bb494b6c mt76: update to the latest version
5dd32475c859 mt76: mt7915: get rid of mt7915_mcu_set_fixed_rate routine
f5cfaaff3dd1 mt76: mt7921: drop offload_flags overwritten
f5ad840ca5c0 mt76: mt7615: fix possible deadlock while mt7615_register_ext_phy()
29a8a08827b1 mt76: mt7921: fix MT7921E reset failure
f44685f2faee mt76: mt7915: fix return condition in mt7915_tm_reg_backup_restore()
ae8e02ddd2b0 mt76: mt7915: fix SMPS operation fail
e814e15716b0 mt76: reverse the first fragmented frame to 802.11
c9bca3ed9566 mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode
dd054b7e16e7 mt76: only set rx radiotap flag from within decoder functions
f1520c9bb332 mt76: mt7915: add default calibrated data support
0c489ea2865a mt76: testmode: add support to set MAC
91c5da3d0a7c mt76: mt7921: add support for PCIe ID 0x0608/0x0616
ca39b4bbc227 mt76: debugfs: fix queue reporting for mt76-usb
00b6f497e2e8 mt76: mt7921: introduce 160 MHz channel bandwidth support
c1574466c733 mt76: fix possible OOB issue in mt76_calculate_default_rate
9680a17b0aed mt76: mt7921: fix possible NULL pointer dereference in mt7921_mac_write_txwi
78fc0dcdcef0 mt76: connac: fix a theoretical NULL pointer dereference in mt76_connac_get_phy_mode
05953e7d6fe7 mt76: mt7615: remove dead code in get_omac_idx
39f6c37127c1 mt76: connac: remove PHY_MODE_AX_6G configuration in mt76_connac_get_phy_mode
526591b203f3 mt76: do not pass the received frame with decryption error
256789bb400f mt76: fix the wiphy's available antennas to the correct value
fa187f5cf068 mt76: fix timestamp check in tx_status
11ebf11a3587 mt76: mt7915: fix the wrong SMPS mode
8c69b815ee7f mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in mt7921_config
bc6798f729f9 mt76: move sar utilities to mt76-core module
b1d0ad2e74fe mt76: mt76x02: introduce SAR support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-22 16:08:09 +01:00