Testing OpenWrt is important, and there is a test suite in the making.
For maximum convenience and minimal CI over-usage, make it simple to run
tests locally. The main Makefile now attempts to include
`tests/Makefile` and silently fails if it doesn't.
While the test suite[1] is still young, it provides good examples of how
to test things around OpenWrt: starting with shell scripts using
`bats`[2], followed by QEMU tests, and finally real device tests using
LabGrid[3]. This could lead to the creation of the best OpenWrt version
yet.
Please consult the `openwrt-tests.git` README.md for details on the
setup. Once installed you may run commands like the following:
* make tests/shell # run shell tests
* make tests/x86-64 # run and test x86/64 in QEMU
[1]: http://github.com/aparcar/openwrt-tests/
[2]: https://bats-core.readthedocs.io
[3]: https://labgrid.readthedocs.io
Signed-off-by: Paul Spooren <mail@aparcar.org>
Link: https://github.com/openwrt/openwrt/pull/15647
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit a8ff0c1b7e)
This fixes multiple security problems:
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.
* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.
* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.
Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.
Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3a0232ffd3)
The vendor U-Boot on the Cudy M3000 and the Yuncore AX835 assign random
mac addresses on boot and set the 'local-mac-address' property which
prevents Openwrt from assigning the correct address from evmem.
This patch removes the alias for ethernet0 so that U-Boot doesn't add the
property, removes the workaround from 02_network, and adds back the nvmem
definition for the M3000.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit a55ab9e134)
Hardware:
SoC: MT7981b
RAM: 256 MB
Flash: 128 MB SPI NAND
Ethernet:
1x 2.5Gbps (rtl8221b)
1x 1Gbps (integrated phy)
WiFi: 2x2 MT7981
Buttons: Reset, WPS
LED: 1x multicolor
Solder on UART:
- remove rubber ring on the bottom
- remove screws
- pull up the cylinder, maybe help by push on an ethernet socket with a screwdriver
- remove the (3) screws holding the board in the frame
- remove the board from the frame to get to the screws for the silver, flat heat shield
- remove the (3) screws holding the heat shield
- solder UART pins to the back of the board
- make sure to have the pins point out on side with the black, finned heat spread
- the markings for the pins are going to be below the silver heat shield
- Vcc is not needed
If you don't intend on using the UART outside of the installation process, you might not
want to solder:
- carefully scrape off the thin layer of epoxy on the holes (not the copper)
- place your pin header with the UART attached in the holes
- the pins, starting with the one closest to the socket:
- Vcc (not required)
- GND
- RX
- TX
- either wedge the header or hold it with your fingers so that the pins stay in contact with the board
Installation (UART):
- attach an Ethernet cable to the 1Gbps port (black) on the router
- hold the reset button while powering the router
- press CTRL-C or wait for the timeout to get to the U-Boot prompt
- prepare a TFTP server on the network to supply ..-initramfs-kernel.bin
- use 'tftpboot' in the U-Boot shell to pull the image
- boot the image using 'bootm'
- push the ..-sysupgrade to the router using your preferred method
- perform the upgrade with 'sysupgrade -n'
There is a recovery mechanism that involves fetching a file called 'recovery.bin' but that is not understood yet.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit 20e4a18feb)
Sometimes the mmc deivce may come up later than kernel attempts to
mount rootfs, resulting kernel panic. Enable rootwait to fix it.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Make sure patch sequence number is unique by moving patch
440-add-jdcloud_re-cp-03.patch -> 441-add-jdcloud_re-cp-03.patch
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2302a7c5ad)
The MAC address assigned to lan/wan was reversed.
Fixes: 6e51ff88b0 ("mediatek: add support for JDCloud RE-CP-03")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Make sure patch sequence number is unique by moving patch
440-add-jdcloud_re-cp-03.patch -> 441-add-jdcloud_re-cp-03.patch
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2302a7c5ad)
The recent kernel v6.6.31 update broke BTF-enabled builds since upstream
Linux added a prompt for config option DEBUG_INFO_BTF_MODULES in commit
2166cb2e21 ("bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition").
Fix by updating Config-kernel.in to add the option, cleaning up a related
dependency and whitespace also.
Fixes: 10d77b9bc3 ("kernel: bump 6.6 to 6.6.31")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit ab9bb79d8e)
Changes:
2a768c4 wireless-regdb: Update regulatory rules for Mongolia (MN) on 6GHz
04875d9 wireless-regdb: Update regulatory rules for Saudi Arabia (SA) on 6GHz
b7bced8 wireless-regdb: Update regulatory rules for South Africa (ZA) on 6GHz
7bc8615 wireless-regdb: Update regulatory info for Thailand (TH) on 6GHz
f901fa9 wireless-regdb: Update regulatory info for Malaysia (MY) for 2022
d72d288 wireless-regdb: Update regulatory info for Morocco (MA) on 6GHz
414face wireless-regdb: Update regulatory info for Chile (CL) on 6GHz
1156a08 wireless-regdb: Update regulatory info for Mexico (MX) on 6GHz
cc6cf7c wireless-regdb: Update regulatory info for Iceland (IS) on 6GHz
ce03cc0 wireless-regdb: Update regulatory info for Mauritius(MU) on 6GHz
7e37778 wireless-regdb: Update regulatory info for Argentina (AR) on 6GHz
56f3a43 wireless-regdb: Update regulatory info for United Arab Emirates (AE) on 6GHz
3cb8b91 wireless-regdb: Update regulatory info for Colombia (CO) on 6GHz
3682ce5 wireless-regdb: Update regulatory info for Costa Rica (CR) for 2021
dd4ffe7 wireless-regdb: Update regulatory info for Dominican Republic (DO) on 6GHz
f8ef7da wireless-regdb: Update regulatory info for Liechtenstein (LI) on 6GHz
a9ecabe wireless-regdb: Update regulatory info for Jordan (JO) for 2022
5a9fdad wireless-regdb: Update regulatory info for Kenya (KE) for 2022
19326c3 wireless-regdb: Update regulatory info for Macao (MO) for 2024
4838054 wireless-regdb: update regulatory database based on preceding changes
Link: https://github.com/openwrt/openwrt/pull/15921
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 0a24fd9155)
In the past few years, we have received several reports about SPI
Flash not working properly. This is caused by excessively fast
clock frequency. It's really annoying to fix them one by one. Let's
reduce these aggressive frequencies to 50 MHz. This is a safe and
suggested value in the vendor SDK.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 73eeac49be)
Link: https://github.com/openwrt/openwrt/pull/15919
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The firmware blobs have all different licenses from the different
manufacturers of the binary blobs. This information is contained in the
upstream 'linux-firmware' repositroy.
This commit extends the package handling so that this information can be
added as an additional argument during packages generation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 5c14de1d7e)
Link: https://github.com/openwrt/openwrt/pull/15918
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update the deprecated license information from GPL-2.0 to GPL-2.0-only
as written in the COPYING file of the linux source tree.
Also add the 'COPYING' file to the PKG_LICENSE_FILES variable.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 879826154f)
Link: https://github.com/openwrt/openwrt/pull/15918
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The WLAN + WED reset sequence relies on being able to receive interrupts from
the card, in order to synchronize individual steps with the firmware.
When WED is stopped, leave interrupts running and rely on the driver turning
off unwanted ones.
WED DMA also needs to be disabled before resetting.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 2c5b3bee38)
Add patch implementing operations to get and set flow-control link
parameters of mtk_eth_soc via ethtool.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4a2f712f85)
Import patch accepted upstream.
Initial import:
- net: ethernet: mtk_ppe: Change PPE entries number to 16K
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 27b6838afa)
