This fixes multiple security problems:
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.
* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.
* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.
Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.
Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3a0232ffd3)
Changes:
2a768c4 wireless-regdb: Update regulatory rules for Mongolia (MN) on 6GHz
04875d9 wireless-regdb: Update regulatory rules for Saudi Arabia (SA) on 6GHz
b7bced8 wireless-regdb: Update regulatory rules for South Africa (ZA) on 6GHz
7bc8615 wireless-regdb: Update regulatory info for Thailand (TH) on 6GHz
f901fa9 wireless-regdb: Update regulatory info for Malaysia (MY) for 2022
d72d288 wireless-regdb: Update regulatory info for Morocco (MA) on 6GHz
414face wireless-regdb: Update regulatory info for Chile (CL) on 6GHz
1156a08 wireless-regdb: Update regulatory info for Mexico (MX) on 6GHz
cc6cf7c wireless-regdb: Update regulatory info for Iceland (IS) on 6GHz
ce03cc0 wireless-regdb: Update regulatory info for Mauritius(MU) on 6GHz
7e37778 wireless-regdb: Update regulatory info for Argentina (AR) on 6GHz
56f3a43 wireless-regdb: Update regulatory info for United Arab Emirates (AE) on 6GHz
3cb8b91 wireless-regdb: Update regulatory info for Colombia (CO) on 6GHz
3682ce5 wireless-regdb: Update regulatory info for Costa Rica (CR) for 2021
dd4ffe7 wireless-regdb: Update regulatory info for Dominican Republic (DO) on 6GHz
f8ef7da wireless-regdb: Update regulatory info for Liechtenstein (LI) on 6GHz
a9ecabe wireless-regdb: Update regulatory info for Jordan (JO) for 2022
5a9fdad wireless-regdb: Update regulatory info for Kenya (KE) for 2022
19326c3 wireless-regdb: Update regulatory info for Macao (MO) for 2024
4838054 wireless-regdb: update regulatory database based on preceding changes
Link: https://github.com/openwrt/openwrt/pull/15921
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 0a24fd9155)
802.11r can not be used when selecting WPA. It needs at least WPA2.
This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.
Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit cdc4c55175)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Debian changelog:
intel-microcode (3.20240531.1) unstable; urgency=medium
* New upstream microcode datafile 20240531
* Fix unspecified functional issues on Pentium Silver N/J5xxx,
Celeron N/J4xxx
* Updated Microcodes:
sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800
* source: update symlinks to reflect id of the latest release, 20240531
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 01 Jun 2024 11:49:47 -0300
intel-microcode (3.20240514.1) unstable; urgency=medium
* New upstream microcode datafile 20240514
* Mitigations for INTEL-SA-01051 (CVE-2023-45733)
Hardware logic contains race conditions in some Intel Processors may
allow an authenticated user to potentially enable partial information
disclosure via local access.
* Mitigations for INTEL-SA-01052 (CVE-2023-46103)
Sequence of processor instructions leads to unexpected behavior in
Intel Core Ultra Processors may allow an authenticated user to
potentially enable denial of service via local access.
* Mitigations for INTEL-SA-01036 (CVE-2023-45745, CVE-2023-47855)
Improper input validation in some Intel TDX module software before
version 1.5.05.46.698 may allow a privileged user to potentially enable
escalation of privilege via local access.
* Fix for unspecified functional issues on 4th gen and 5th gen Xeon
Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for
Core i3 N-series processors.
* Updated microcodes:
sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632
sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400
sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256
sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208
sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433
sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808
sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040
sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240
sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960
sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230
* source: update symlinks to reflect id of the latest release, 20240514
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 16 May 2024 21:40:52 -0300
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7d9b9762c9)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Debian changelog:
intel-microcode (3.20240312.1) unstable; urgency=medium
* New upstream microcode datafile 20240312 (closes: #1066108)
- Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
Protection mechanism failure of bus lock regulator for some Intel
Processors may allow an unauthenticated user to potentially enable
denial of service via network access.
- Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
Non-transparent sharing of return predictor targets between contexts in
some Intel Processors may allow an authorized user to potentially
enable information disclosure via local access. Affects SGX as well.
- Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
Information exposure through microarchitectural state after transient
execution from some register files for some Intel Atom Processors and
E-cores of Intel Core Processors may allow an authenticated user to
potentially enable information disclosure via local access. Enhances
VERW instruction to clear stale register buffers. Affects SGX as well.
Requires kernel update to be effective.
- Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
Processors when using Intel SGX or Intel TDX may allow a privileged
user to potentially enable escalation of privilege via local access.
NOTE: effective only when loaded by firmware. Allows SMM firmware to
attack SGX/TDX.
- Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
Incorrect calculation in microcode keying mechanism for some Intel
Xeon D Processors with Intel SGX may allow a privileged user to
potentially enable information disclosure via local access.
* Fixes for other unspecified functional issues on many processors
* Updated microcodes:
sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
* New microcodes:
sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
* source: update symlinks to reflect id of the latest release, 20240312
* changelog, debian/changelog: fix typos
-- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 12 Mar 2024 20:28:17 -0300
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7b911a9c49)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes:
73529a8 Revert "wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)"
87941e4 wireless-regdb: Update regulatory rules for Taiwan (TW) on 6GHz
33797ae wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 65c1f0d433)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This contains a fix for:
CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
API mishandles shared memory.
(cherry picked from commit 360ac07eb9)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes multiple security problems:
* [High] CVE-2024-0901 Potential denial of service and out of bounds
read. Affects TLS 1.3 on the server side when accepting a connection
from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
it is recommended to update the version of wolfSSL used.
* [Med] CVE-2024-1545 Fault Injection vulnerability in
RsaPrivateDecryption function that potentially allows an attacker
that has access to the same system with a victims process to perform
a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
Zhang, Qingni Shen for the report (Peking University, The University
of Western Australia)."
* [Med] Fault injection attack with EdDSA signature operations. This
affects ed25519 sign operations where the system could be susceptible
to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
Qingni Shen for the report (Peking University, The University of
Western Australia).
Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk
(cherry picked from commit f475a44c03)
Link: https://github.com/openwrt/openwrt/pull/15874
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In kernel 5.10.220 many file system related patches were backported. One
of them changed the signature of vfs_rename(). Extend the version check
for 5.10.220.
Link: https://github.com/openwrt/openwrt/pull/15843
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The EnGenius EAP1300 and EAP1300EXT use identical boards and firmware
(as flashed) from the vendor.
As with the EAP1300, the EAP1300EXT requires a specific firmware version
to flash OpenWRT. Unfortunately, the required firmware is truncated on
the vendor's website.
A working file can be created as follows:
```
curl \
https://www.engeniustech.com/wp_firmware/eap1300-all-v3.5.3.5_c1.9.04.bin \
| perl -pe 's/\x09EAP1300_A/\x0cEAP1300EXT_A/' \
> eap1300ext-all-v3.5.3.5_c1.9.04.bin
```
The file should have sha256:
`58a1197a426139a12b03fd432334e677124cbe3384349bd7337f2ee71f1dcfd4`.
Please see commit 2b4ac79 for further
details.
The vendor firmware must be decrypted before it can be flashed from
OpenWRT. A tool able to do that is available from:
https://github.com/ryancdotorg/enfringement/blob/main/decrypt.py
Signed-off-by: Ryan Castellucci <code@ryanc.org>
(cherry picked from commit 85f6f88223)
The patch "710-pci-pcie-mediatek-add-support-for-coherent-DMA.patch"
makes use of "syscon_regmap_lookup_by_phandle" which requires that
"syscon" be in the compatible list.
Without this patch, PCIe probe will fail with the following error:
[ 1.287467] mtk-pcie 1a143000.pcie: host bridge /pcie@1a143000 ranges:
[ 1.294019] mtk-pcie 1a143000.pcie: Parsing ranges property...
[ 1.299901] mtk-pcie 1a143000.pcie: MEM 0x0020000000..0x0027ffffff -> 0x0020000000
[ 1.307954] mtk-pcie 1a143000.pcie: missing hifsys node
[ 1.313185] mtk-pcie: probe of 1a143000.pcie failed with error -22
Fixes: 01c58a0d2a ("kernel: bump 5.15 to 5.15.158")
Signed-off-by: Rany Hany <rany_hany@riseup.net>
(cherry picked from commit 8607372b41)
mDNS broadcast can't accept empty TXT record and would fail
registration.
Current procd_add_mdns_service checks only if the first passed arg is
empty but don't make any verification on the other args permittins
insertion of empty values in TXT record.
Example:
procd_add_mdns "blah" \
"tcp" "50" \
"1" \
"" \
"3"
Produce:
{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "", "3" ] } }
The middle empty TXT record should never be included as it's empty.
This can happen with scripts that make fragile parsing and include
variables even if they are empty.
Prevent this and make the TXT record more solid by checking every
provided TXT record and include only the non-empty ones.
The fixed JSON is the following:
{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "3" ] } }
Fixes: b0d9dcf84d ("procd: update to latest git HEAD")
Reported-by: Paul Donald <newtwen@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15331
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 4b04304713)
GCC14 no longer treats integer types and pointer types as equivalent in
assignments (including implied assignments of function arguments and return
values), and instead fails the compilation with a type error.
So, as a workaround lets disable the newly introduced error
-Werror=int-conversion and just make it print a warning to enable compiling
with GCC14 as Fedora 40 now defaults to it.
(cherry picked from commit 0c96d20bf9)
Link: https://github.com/openwrt/openwrt/pull/15309
Signed-off-by: Robert Marko <robimarko@gmail.com>
Now that GH has changed their runner to macOS 14 current recipe will fail
so lets sync the required changes for macOS 14.
Signed-off-by: Robert Marko <robimarko@gmail.com>
It's the A13-based Olinuxino Micro which has only wireless interfaces. The
A20-based board is a fully-fledged one which has an ethernet interface.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit 3ed8927cf5)
The maintainer and repository of wireless-regdb has changed.
https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/
Changes:
37dcea0 wireless-regdb: Update keys and maintainer information
9e0aee6 wireless-regdb: Makefile: Reproducible signatures
8c784a1 wireless-regdb: Update regulatory rules for China (CN)
149c709 wireless-regdb: Update regulatory rules for Japan (JP) for December 2023
bd69898 wireless-regdb: Update regulatory rules for Singapore (SG) for September 2023
d695bf2 wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)
4541300 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit b463737826)
Manually adapted the following patch:
octeontx/patches-5.10/0004-PCI-add-quirk-for-Gateworks-PLX-PEX860x-switch-with-.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
WRT320N V1 is not detected by the initial network configuration script.
The switch remains unconfigured and WAN/LAN VLANs are not created.
This adds the correct setup for the device.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
dsmark support was removed in kernel 5.15.150 and 6.1.80. Remove it from
the kmod package as well
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit bd6b37f463)
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5df7a78e82)
The mac80211-hwsim and the Intel iwlwifi driver support ieee80211ax, add
the missing DRIVER_11AX_SUPPORT dependency too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 576b62712f)
Fix a authentication bypass problem in WPA Enterprise client mode. See
here for details: https://www.top10vpn.com/research/wifi-vulnerabilities/
This problem was assigned CVE-2023-52160
This problem was fixed in upstream hostapd in June 2023. Hostapd used in
OpenWrt 23.05 and later already contains this fix..
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
When `log.showSignature` is set, it causes the `SOURCE_DATE_EPOCH` to
include a textual signature description on OpenPGP-signed commits,
because Git prints the description into stdout. This then causes some
scripts to fail because they cannot parse the date from the variable.
Adding an explicit `--no-show-signature` prevents the signatures from
being displayed even when one has Git configured to show them by
default, fixing the scripts.
Signed-off-by: Oto Šťáva <oto.stava@gmail.com>
(cherry picked from commit 1e93208bd2)
This update mac80211 to version 5.15.148-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.
The following patch was integrated into upstream Linux:
package/kernel/mac80211/patches/subsys/352-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Ubiquiti Rocket M XW is a single-band, 2x2:2 external Wi-Fi AP, with optional
GPS receiver, with two external RP-SMA antenna connections, based on
AR9342 SoC. Two band variants exists, for 2.4GHz and 5GHz band, usable
with the same image.
Specs:
- CPU: Atheros AR9342 MIPS SoC at 535MHz
- RAM: 64MB DDR400
- ROM: 8MB SPI-NOR in SO16W package, MX25L6408E
- Wi-Fi Atheros AR9342 built-in 2x2:2 radio
- Ethernet: Atheros AR8035 PHY, limited to 100Mbps speeds due to
magnetics
- Power: 24V passive PoE input.
Installation: please refer to Ubiquiti Bullet M2HP for documentation.
The device runs with exactly same image as the Bullet, and after fixes
in preceding commit, is fully functional again. Add the alternative name
to the build system.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 54387fddea)
Since commit 6f2e1b7485 ("ath79: disable delays on AT803X config init")
Ubiquiti XW boards equipped with AR8035 PHY suffered from lack of
outbound traffic on the Ethernet port. This was caused by the fact, the
U-boot has set this during boot and it wasn't reset by the PHY driver,
and the corresponding setting in device tree was wrong.
Set the 'phy-mode = "rgmii-txid"' at the ð0, and drop this property
from PHY node, as it is not parsed there. This causes the device to
connect using Ethernet once again.
Fixes: db4b6535f8 ("ath79: Add support for Ubiquity Bullet M (XW)")
Fixes: 6f2e1b7485 ("ath79: disable delays on AT803X config init")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit a9b2ba4d7b)
Onboard AR8035 PHY supports 1000Base-T operation, but onboard
Ethernet magnetics do not. Reduce advertised link speeds to 100Mbps and
lower.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit d406777fb1)
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:
* Timing side channel in private key RSA operations (CVE-2024-23170)
Mbed TLS is vulnerable to a timing side channel in private key RSA
operations. This side channel could be sufficient for an attacker to
recover the plaintext. A local attacker or a remote attacker who is
close to the victim on the network might have precise enough timing
measurements to exploit this. It requires the attacker to send a large
number of messages for decryption.
* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)
When writing x509 extensions we failed to validate inputs passed in to
mbedtls_x509_set_extension(), which could result in an integer overflow,
causing a zero-length buffer to be allocated to hold the extension. The
extension would then be copied into the buffer, causing a heap buffer
overflow.
Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
(cherry picked from commit 920414ca88)
(cherry picked from commit b5c728948c)
Read back the reset register in order to flush the cache. This fixes
spurious reboot hangs on TP-Link TL-WDR3600 and TL-WDR4300 with Zentel
DRAM chips.
This issue was fixed in the past, but switching to the reset-driver
specific implementation removed the cache barrier which was previously
implicitly added by reading back the register in question.
Link: freifunk-gluon/gluon#2904
Link: openwrt#13043
Link: https://dev.archive.openwrt.org/ticket/17839
Link: f8a7bfe1cb2c ("MIPS: ath79: fix system restart")
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2fe8ecd880)
The ESW core needs to be reset together with FE core, so after the
relevant reset controller lines are moved under FE, drop rst_esw and all
related code, which would not execute anyway, because rst_esw would be
NULL. While at that, ensure that if reset line for EPHY cannot be
claimed, a proper error message is reported.
Fixes: 60fadae62b ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Co-developed-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
[Split out of the bigger commit, provide commit mesage, refactor error
handling]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit f393ffcac1)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Failing to do so will cause the DMA engine to not initialize properly
and fail to forward packets between them, and in some cases will cause
spurious transmission with size exceeding allowed packet size, causing a
kernel panic.
Fixes: 60fadae62b ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
[Provide commit description, split into logical changes]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit f87b66507e)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Failing to do so will cause the DMA engine to not initialize properly
and fail to forward packets between them, and in some cases will cause
spurious transmission with size exceeding allowed packet size, causing a
kernel panic.
This is behaviour of downstream driver as well, however I
haven't observed bug reports about this SoC in the wild, so this
commit's purpose is to align this chip with all other SoC's - MT7620
were already using this arrangement.
Fixes: #9284
Fixes: 60fadae62b ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit fc92fecfc7)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Failing to do so will cause the DMA engine to not initialize properly
and fail to forward packets between them, and in some cases will cause
spurious transmission with size exceeding allowed packet size, causing a
kernel panic.
This is behaviour of downstream driver as well, however I
haven't observed bug reports about this SoC in the wild, so this
commit's purpose is to align this chip with all other SoC's - MT7620
were already using this arrangement.
Fixes: 60fadae62b ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit c5a399f372)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Failing to do so will cause the DMA engine to not initialize properly
and fail to forward packets between them, and in some cases will cause
spurious transmission with size exceeding allowed packet size, causing a
kernel panic.
Fixes: 60fadae62b ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
[Provide commit description, split into logical changes]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 8d75b1de0f)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Enabling the FE core too early causes the system to hang during boot
uncondtionally, after the reset is released. Increate it to 1-1.2ms
range.
Fixes: 60fadae62b ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
[Split previous commit, provide rationale]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 7eb0458c1f)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Use devm_reset_control_array_get_exclusive to register multiple
reset lines in FE driver. This is required to reattach ESW reset to FE
driver again, based on device tree bindings.
While at that, remove unused fe_priv.rst_ppe field, and add error
message if getting the reset fails.
Fixes: 60fadae62b ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Co-developed-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
[Split out of the bigger commit, provide commit mesage, refactor error
handling]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 3f1be8edee)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Fix typo calling lua53 instead of lua5.3 for Package Default definition.
This cause only missing description of the package and doesn't cause
any build regression.
Fixes: c52ca08d40 ("lua5.3: build shared library")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 25e215c14e)
[ fix conflict with changed URL value ]
General specification:
- SoC Type: MediaTek MT7620N (580MHz)
- ROM: 8 MB SPI-NOR (W25Q64FV)
- RAM: 64 MB DDR (M13S5121632A)
- Switch: MediaTek MT7530
- Ethernet: 5 ports - 5×100MbE (WAN, LAN1-4)
- Wireless 2.4 GHz: b/g/n
- Buttons: 1 button (RESET)
- Bootloader: U-Boot 1.1.3, MediaTek U-Boot: 5.0.0.5
- Power: 12 VDC, 1.0 A
Flash by the native uploader in 2 stages:
1. Use the native uploader to flash an initramfs image. Choose
openwrt-ramips-mt7620-snr_cpe-w4n-mt-initramfs-kernel.bin file by
"Administration/Management/Firmware update/Choose File" in vendor's
web interface (ip: 192.168.1.10, login: Admin, password: Admin).
Wait ~160 seconds.
2. Flash a sysupgrade image via the initramfs image. Choose
openwrt-ramips-mt7620-snr_cpe-w4n-mt-squashfs-sysupgrade.bin
file by "System/Backup/Flash Firmware/Flash image..." in
LuCI web interface (ip: 192.168.1.1, login: root, no password).
Wait ~240 seconds.
Flash by U-Boot TFTP method:
1. Configure your PC with IP 192.168.1.131
2. Set up TFTP server and put the
openwrt-ramips-mt7620-snr_cpe-w4n-mt-squashfs-sysupgrade.bin
image on your PC
3. Connect serial port (57600 8N1) and turn on the router.
Then interrupt "U-Boot Boot Menu" by hitting 2 key (select "2:
Load system code then write to Flash via TFTP.").
Press Y key when show "Warning!! Erase Linux in Flash then burn
new one. Are you sure? (Y/N)"
Input device IP (192.168.1.1) ==:192.168.1.1
Input server IP (192.168.1.131) ==:192.168.1.131
Input Linux Kernel filename () ==:
openwrt-ramips-mt7620-snr_cpe-w4n-mt-squashfs-sysupgrade.bin
3. Wait ~120 seconds to complete flashing
Signed-off-by: Alexey Bartenev <41exey@proton.me>
(cherry picked from commit 7796c2d7ef)
[Fix merging conflict]
Signed-off-by: Alexey Bartenev <41exey@proton.me>
When firmware-utils was converted to use cmake, the dependency was not
updated.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit b71affaf8b)
Saves a little bit of time when compiling cmake.
Added patches to fix searching liblzma and zlib. The issue is that
because pkgconfig is not used, the system libraries get used.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 3848cf458e)
Allows to set expat as a dependency to cmake and save on compilation
time.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 89df3589e6)
Changes:
9dc0800 wireless-regdb: Update regulatory rules for Philippines (PH)
111ba89 wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines
ae1421f wireless-regdb: Update regulatory info for Türkiye (TR)
20e5b73 wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
991b1ef wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 0e13363de6)
Backport didn't include changes to mkubntimage invocation, which allowed
to pass arguments. This in result produces broken routerstation factory
images, which have kernel embedded as kernel partition instead of LZMA
loader.
Fixes: #13260
Fixes: 8e09f9ffc3 ("ath79: switch some RedBoot based devices to OKLI loader")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Add new function to dump-targer-info.pl to DUMP devices provided a
matching target/subtarget.
Example:
./scripts/dump-targer-info.pl devices ipq806x/generic
will produce the sorted list of devices defined in the following format:
device_id device_name
Devices may have alternative names, the script will dump each
alternative name in the same line of device_id.
Following the pattern:
device_id "PRIMARY DEVICE NAME" "ALT0 DEVICE NAME" "ALT1 DEVICE NAME" ...
Example:
tplink_ad7200 "TP-Link AD7200 v1/v2" "TP-Link Talon AD7200 v1/v2"
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 943c153cdd)
With the case of asking an invalid version that is too big, getver.sh
might return an invalid output in the form of HEAD~-2260475641.
This is caused by BASE_REV - GET_REV using a negative number.
Prevent this by checking if BASE_REV - GET_REV actually return 0 or a
positive number and set REV variable accordingly. With the following
change, invalid revision number will result in unknown printed instead
of the invalid HEAD~-NUMBERS output.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 9e49e0a6c4)
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b1c7b1bd67)
[ rework for openwrt-22.03 ]
noscan option for mesh was broken and actually never applied.
This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1b5ea2e199)
[ rework for openwrt-22.03 ]
noscan option was changed to hostapd_noscan but the entry in
wpa_supplicant was never updated resulting in the noscan option actually
never set.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1070fbce6e)
[ rework for openwrt-22.03 ]
A package may run git as part of its build process, and if the package
source code is not from a git checkout, then git may traverse up the
directory tree to find buildroot's repository directory (.git).
For instance, Poetry Core, a Python build backend, will read the
contents of .gitignore for paths to exclude when creating a Python
package. If it finds buildroot's .gitignore file, then Poetry Core will
exclude all of the package's files[1].
This exports GIT_CEILING_DIRECTORIES for both package and host builds so
that git will not traverse beyond $(BUILD_DIR)/$(BUILD_DIR_HOST).
[1]: https://github.com/python-poetry/poetry/issues/5547
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit f597f34f3a)
If the vla parameter has a const specifier, the compiler will warn about
mismatched bounds:
$ cat mwe.c
extern void mwe(const int len, char buf[len]);
void mwe(const int len, char buf[len]) {}
$ make CFLAGS=-Wvla-parameter mwe.o
cc -Wvla-parameter -c -o mwe.o mwe.c
mwe.c:2:30: warning: argument 2 of type ‘char[len]’ declared with mismatched bound ‘len’ [-Wvla-parameter]
2 | void mwe(const int len, char buf[len]) {}
| ~~~~~^~~~~~~~
mwe.c:1:37: note: previously declared as ‘char[len]’ with bound ‘len’
1 | extern void mwe(const int len, char buf[len]);
| ~~~~~^~~~~~~~
On some code bases it might result in a lot of false positive warnings,
which can indeed be easily disabled, but on the other this workaround
might hide some real issues, so lets rather fix the compiler and make it
more reliable.
References: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101289
Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [commit message]
Due to circuit issue or silicon defect, sometimes the WiFi switch button
of the Archer C7 v2 can be accidentally triggered multiple times in one
second. This will cause WiFi to be unexpectedly shut down and trigger
'irq 23: nobody cared'[1] warning. Increasing the key debounce interval
to 1000 ms can fix this issue. This patch also add the missing rfkill
key label.
[1] Warning Log:
```
[87765.218511] irq 23: nobody cared (try booting with the "irqpoll" option)
[87765.225331] CPU: 0 PID: 317 Comm: irq/23-keys Not tainted 5.15.118 #0
...
[87765.486246] handlers:
[87765.488543] [<85257547>] 0x800c29a0 threaded [<5c6328a2>] 0x80ffe0b8 [gpio_button_hotplug@4cf73d00+0x1a00]
[87765.498364] Disabling IRQ #23
```
Fixes: https://github.com/openwrt/openwrt/issues/13010
Fixes: https://github.com/openwrt/openwrt/issues/12167
Fixes: https://github.com/openwrt/openwrt/issues/11191
Fixes: https://github.com/openwrt/openwrt/issues/7835
Tested-by: Hans Hasert
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit e32f70e706)
Among other changes this commit makes Linux use correct switch ports
again.
Fixes: e3d0c7097e ("bcm53xx: backport DT changes from v6.5")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a67af19bc8)
We now have all raw ports defined in bcm-ns.dtsi. Leave only lables in
custom device files.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 08ce0c76d7)
So far every build of a single bcm53xx Target Profile (it means: when
NOT using CONFIG_TARGET_MULTI_PROFILE) resulted in all target devices
images being built. Now it only builds the one matching selected
profile.
Fixes: #13572
Suggested-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rani Hod <rani.hod@gmail.com>
[rmilecki: update commit subject + body & move PROFILES line]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 802a5f5cb4)
ASUS RT-AC3100 is ASUS RT-AC88U without the external switch.
OpenWrt forum users effortless and ktmakwana have confirmed that there are
revisions with either 4366b1 or 4366c0 wireless chips.
Therefore, include firmware for 4366b1 along with 4366c0. This way, all
hardware revisions of the router will be supported by having brcmfmac use
the firmware file for the wireless chip it detects.
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit 2214bab350)
Doing a simple ping to my device shows this:
64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=2.00 ms
64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=2.02 ms
64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=1.68 ms
64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=1.91 ms
64 bytes from 10.0.253.101: icmp_seq=5 ttl=64 time=1.92 ms
64 bytes from 10.0.253.101: icmp_seq=6 ttl=64 time=2.04 ms
Some users even report higher values on older kernels:
64 bytes from 192.168.1.10: seq=0 ttl=64 time=0.612 ms
64 bytes from 192.168.1.10: seq=1 ttl=64 time=2.852 ms
64 bytes from 192.168.1.10: seq=2 ttl=64 time=2.719 ms
64 bytes from 192.168.1.10: seq=3 ttl=64 time=2.741 ms
64 bytes from 192.168.1.10: seq=4 ttl=64 time=2.808 ms
The problem is that the governor is set to Ondemand, which causes
the CPU to clock all the way down to 48MHz in some cases.
Switching to performance governor:
64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=0.528 ms
64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=0.561 ms
64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=0.633 ms
64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=0.526 ms
In theory, using the Performance governor should increase power draw,
but it looks like it really does not matter for this soc.
Using a calibrated precision DC power supply (cpu idle):
Ondemand
24.00V * 0.134A = 3.216 Watts
48.00V * 0.096A = 4.608 Watts
Performance
24.00V * 0.135A = 3.240 Watts
48.00V * 0.096A = 4.608 Watts
Let's simply switch to the Performance governor by default
to fix the general jittery behaviour on devices using this soc.
Tested on: MikroTik wAP ac
Fixes: #13649
Reviewed-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(cherry picked from commit b8e52852bd)
The compex WPJ563 actually has both usb controllers wired:
usb0 --> pci-e slot
usb1 --> pin header
As the board exposes it for generic use, enable this controller too.
fixes: #13650
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(cherry picked from commit 9188c77cbe)
This adds the following changes:
42eb735a5d Use LFS and 64 bit time for installed programs (BZ #15333)
d910ba48f4 nis: Build libnsl with 64 bit time_t
01c0a0405c nscd: Use 64 bit time_t on libc nscd routines (BZ# 29402)
e14a91e59d time: Use 64 bit time on tzfile
d0e2ac0c59 elf/tst-tlsopt-powerpc fails when compiled with -mcpu=power10 (BZ# 29776)
71d4fe94a1 time: Set daylight to 1 for matching DST/offset change (bug 29951)
bbe4bbb6e8 elf: Drop elf/tls-macros.h in favor of __thread and tls_model attributes [BZ #28152] [BZ #28205]
d36f457870 intl: Avoid -Wuse-after-free [BZ #26779]
92d5c52aaa resolv: Avoid GCC 12 false positive warning [BZ #28439].
26c7c6bac9 Fix stdlib/tst-setcontext.c for GCC 12 -Warray-compare
6ff61a5145 Fix stdio-common tests for GCC 12 -Waddress
803c959745 Fix build of nptl/tst-thread_local1.cc with GCC 12
88b3228d9f Avoid -Wuse-after-free in tests [BZ #26779].
dd0c72fb46 Regenerate ulps on x86_64 with GCC 12
80b24b8654 math: Properly cast X_TLOSS to float [BZ #28713]
c5c666f349 s_sincosf.h: Change pio4 type to float [BZ #28713]
6484ae5b8c malloc: Fix -Wuse-after-free warning in tst-mallocalign1 [BZ #26779]
c5c792092b cdefs: Limit definition of fortification macros
0b962177ee Use 64-bit time_t interfaces in strftime and strptime (bug 30053)
48059f2b21 Fix NEWS bug entry for 0b962177ee3b45cf775176eb454fcf6aa1b0f6e3
11ad405fd4 elf: Fix 64 time_t support for installed statically binaries
2d7550e6cf elf: Smoke-test ldconfig -p against system /etc/ld.so.cache
16c6a89c17 stdlib: Undo post review change to 16adc58e73f3 [BZ #27749]
89c017de2f x86: Check minimum/maximum of non_temporal_threshold [BZ #29953]
6a0d56b009 gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling (bug 30151)
71eb9cc1ff x86_64: Fix asm constraints in feraiseexcept (bug 30305)
567f7413fb posix: Fix system blocks SIGCHLD erroneously [BZ #30163]
8e1a8e04b1 gmon: Fix allocated buffer overflow (bug 29444)
4dd89b2a8f gmon: improve mcount overflow handling [BZ# 27576]
f1b15d2005 gmon: fix memory corruption issues [BZ# 30101]
0ea8174d62 gmon: Revert addition of tunables to preserve GLIBC_PRIVATE ABI
1cd6626a89 __check_pf: Add a cancellation cleanup handler [BZ #20975]
cad3adf4dd Document BZ #20975 fix
23ee92deea debug: Mark libSegFault.so as NODELETE
c8c0aac68f x86: Increase `non_temporal_threshold` to roughly `sizeof_L3 / 4`
521afc9637 x86: Fix slight bug in `shared_per_thread` cache size calculation.
a07ab67a88 x86: Use `3/4*sizeof(per-thread-L3)` as low bound for NT threshold.
7a6b1f06e7 x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745]
228cdb00a0 Simplify allocations and fix merge and continue actions [BZ #28931]
51948fdf0f nss: Sort tests and tests-container and put one test per line
01671608a3 gethosts: Remove unused argument _type
b195fd86c6 gaih_inet: Simplify canon name resolution
f7efb43738 getaddrinfo: Fix leak with AI_ALL [BZ #28852]
e05e5889b8 gaih_inet: Simplify service resolution
922f2614d6 gaih_inet: make numeric lookup a separate routine
3b5a3e5009 gaih_inet: Split simple gethostbyname into its own function
5914a1d55b gaih_inet: Split nscd lookup code into its own function.
ec71cb9611 gaih_inet: separate nss lookup loop into its own function
4d59769087 gaih_inet: make gethosts into a function
6e3fed9d20 gaih_inet: split loopback lookup into its own function
92478a808f gaih_inet: Split result generation into its own function
cc4544ef80 gethosts: Return EAI_MEMORY on allocation failure
e09ee267c0 getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806)
8006457ab7 Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
c3b99f8328 Document CVE-2023-4806 and CVE-2023-5156 in NEWS
dcc367f148 tunables: Terminate if end of input is reached (CVE-2023-4911)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has a CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Removed because already in upstream:
target/linux/bcm53xx/patches-5.10/030-v5.11-0002-ARM-dts-BCM5301X-Harmonize-EHCI-OHCI-DT-nodes-name.patch
target/linux/bcm53xx/patches-5.10/033-v5.16-0019-ARM-dts-BCM53573-Describe-on-SoC-BCM53125-rev-4-swit.patch
target/linux/bcm53xx/patches-5.10/040-v6.6-0005-ARM-dts-BCM53573-Drop-nonexistent-usb-cells.patch
target/linux/bcm53xx/patches-5.10/040-v6.6-0006-ARM-dts-BCM53573-Add-cells-sizes-to-PCIe-node.patch
target/linux/bcm53xx/patches-5.10/040-v6.6-0007-ARM-dts-BCM53573-Use-updated-spi-gpio-binding-proper.patch
target/linux/bcm53xx/patches-5.10/040-v6.6-0008-ARM-dts-BCM5301X-Extend-RAM-to-full-256MB-for-Linksy.patch
All other patches automatically rebased.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
On some WLR-7100 routers, significant packet loss was observed. This is
fixed by configuring a delay on the GMAC0 RXD and RXDV lines.
The values used in this commit are copied from the values used by the
stock firmare (based on register dumping).
Out of four test routers, the problem was consistently observed on two.
It is unclear what the relevant difference is exactly (the two working
routers were v1 001 with AR1022 and v1 002 with AR9342, the two broken
routers were both v1 002 with AR1022). All PCB routing also seems
identical, so maybe there is some stray capacitance on some of these
that adds just enough delay or so...
With this change, the packet loss disappears on the broken routers,
without introducing new packet loss on the previously working routers.
Note that the PHY *also* has delays enabled (through
`qca,ar8327-initvals`) on both RX and TX lines, but apparently that is
not enough, or it is not effective (registers have been verified to be
written).
For detailed discussion of this issue and debug history, see
https://forum.openwrt.org/t/sitecom-wlr-7100-development-progress/79641
Signed-off-by: Matthijs Kooijman <matthijs@stdin.nl>
(cherry picked from commit d2ce3a61aa)
When the membase and pci_dev pointer were moved to a new struct in priv,
the actual membase users were left untouched, and they started reading
out arbitrary memory behind the struct instead of registers. This
unfortunately turned the RNG into a constant number generator, depending
on the content of what was at that offset.
To fix this, update geode_rng_data_{read,present}() to also get the
membase via amd_geode_priv, and properly read from the right addresses
again.
Closes#13417.
Reported-by: Timur I. Davletshin <timur.davletshin@gmail.com>
Tested-by: Timur I. Davletshin <timur.davletshin@gmail.com>
Suggested-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit 09d13cd8d8)
Removed because already in upstream:
rockchip/patches-5.10/104-rockchip-use-USB-host-by-default-on-rk3399-rock-pi-4.patch
All other patches automatically rebased.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7aefb47 jitterentropy-rngd: update to the v1.2.0
What's interesting about jitterentropy-rngd v1.2.0 release is that it
bumps its copy of jitterentropy-library from v2.2.0 to the v3.0.0. That
bump includes a relevant commit 3130cd9 ("replace LSFR with SHA-3 256").
When initializing entropy jent calculates time delta. Time values are
obtained using clock_gettime() + CLOCK_REALTIME. There is no guarantee
from CLOCK_REALTIME of unique values and slow devices often return
duplicated ones.
A switch from jent_lfsr_time() to jent_hash_time() resulted in many less
cases of zero delta and avoids ECOARSETIME.
Long story short: on some system this fixes:
[ 6.722725] urngd: jent-rng init failed, err: 2
This is important change for BCM53573 which doesn't include hwrng and
seems to have arch_timer running at 36,8 Hz.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c74b5e09e6)
Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023]
o Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Safely detect integer overflow in try_addint() and try_subint().
Old code relied on undefined behavior, and recent versions of GCC on x86
optimized away the if-statements.
This caused integer overflow in Lua code instead of falling back to
floating-point numbers.
Signed-off-by: Adam Bailey <aebailey@gmail.com>
(cherry picked from commit 3a2e7c30d3)
At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...
Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 6ac61dead9)
34a8a74 uhttpd/file: fix string out of buffer range on uh_defer_script
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7a6f6b8126)
47561aa mimetypes: add audio/video support for apple airplay
6341357 ucode: respect all arguments passed to send()
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d14559e9df)
It seems that DSA-based b53 driver never worked with BCM53573 SoCs and
BCM53125.
In case of swconfig-based b53 this fixes a regression. Switching bgmac
from using mdiobus_register() to of_mdiobus_register() resulted in MDIO
device (BCM53125) having of_node set (see of_mdiobus_register_phy()).
That made downstream b53 driver read invalid data from DT and broke
Ethernet support.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 79fd3e62b4)
removed redundant eeprom partition nodes from
cn7130_ubnt_edgerouter-4.dts and cn7130_ubnt_edgerouter-6p.dts
as they are identically defined in cn7130_ubnt_edgerouter-e300.dtsi.
Signed-off-by: Carsten Spieß <mail@carsten-spiess.de>
(integrated eeprom referenced node in the .dtsi)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 700f11aaad)
The MAC addresses should be read from 3rd MTD partition,
but only two MTD partitions are populated.
To fix it, a partitions node has to surround the partition
nodes in device tree.
Tested with Edgerouter 6P
Signed-off-by: Carsten Spieß <mail@carsten-spiess.de>
(fixed checkpatch complains)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 2b1d7965c7)
LEDs on Edgerouter 6P didn't work correctly:
blue /white LED swapped, on/off state inverted
Fixed in device tree:
swap the GPIO ports for power:blue and power:white LEDs
change LED activity from LOW to HIGH
Tested on Edgerouter 6P
Signed-off-by: Carsten Spieß <mail@carsten-spiess.de>
(cherry picked from commit 9009672930)
Some device recipes remove default target packages. If user tries to add
them back they will be ignored, since packages list is processed in one
go. Process the device recipe packages first and do user ones later, so
additions won't get filtered out.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit e40b9a7fa0)
'help' target fails not finding a file, so follow up on a change[2] made
as a fix for main README[1].
1. d0113711a3 ("README: port to 21st century")
2. 751486b31f ("build: fix README.md reference after rename")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit 2d5f7035cf)
(cherry picked from commit e9911f10e4)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Instead of loading the whole image into the memory when generating the
sha256 sum, we load the file in chunks and update the hash incrementally
to avoid MemoryError in python. Also remove a stray empty line.
Fixes: #13056
Signed-off-by: Adones Pitogo <pitogo.adones@gmail.com>
(mention empty line removal, adds Fixes from PR)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit bdb4b78210)
Fixes: e17f9fd0e8 ("bcm47xx: revert bgmac back to the old limited max frame size")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 83aeb0bbd4)
Bumping max frame size has significantly affected network performance
and memory usage. It was done by upstream commit that first appeared in
the 5.7 release.
Allocating 512 (BGMAC_RX_RING_SLOTS) buffers, 10 k each, is clearly a
bad idea on 32 MiB devices. This commit fixes support for Linksys E1000
V2.1 which gives up after allocating ~346 such buffers running 5.15
kernel.
Ref: 230c9da963 ("bcm53xx: revert bgmac back to the old limited max frame size")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4970dd027b)
The upstream board-2.bin file in the linux-firmware.git
repository for the QCA4019 contains a packed board-2.bin
for this device for both 2.4G and 5G wifis. This isn't
something that the ath10k driver supports.
Until this feature either gets implemented - which is
very unlikely -, or the upstream boardfile is mended
(both, the original submitter and ath10k-firmware
custodian have been notified). OpenWrt will go back
and use its own bespoke boardfile. This unfortunately
means that 2.4G and on some revisions the 5G WiFi is
not available in the initramfs image for this device.
qca9984 isn't affected.
Fixes: #12886
Reported-by: Christian Heuff <christian@heuff.at>
Debugged-by: Georgios Kourachanis <geo.kourachanis@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 75505c5ec7)
Removed because upstreamed:
uml/patches-5.10/001-um-Fix-build-w-o-CONFIG_PM_SLEEP.patch
All other patches automatically rebased.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fix a typo where the wrong KCONFIG was used and fix selecting the
correct kernel config option to use these packages.
Fixes: 4f443c885d ("netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3ebebf08be)
openssl sets additional cflags in its configuration script. We need to
make it aware of our custom cflags to avoid adding conflicting cflags.
Fixes: #12866
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
(cherry picked from commit 51f57e7c2d)
The DGND3700v2 renames the cferam bootloader from cferam to cfeXXX, where XXX
is the number of firmware upgrades performed by the bootloader. Other bcm63xx
devices rename cferam.000 to cferam.XXX, but this device is special because
the cferam name isn't changed on the first firmware flashing but it's changed
on the subsequent ones.
Therefore, we need to look for "cfe" instead of "cferam" to properly detect
the cferam partition and fix the bootlop.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit cdfcac6e24)
The DGND3700v2 renames the cferam bootloader from cferam to cfeXXX, where XXX
is the number of firmware upgrades performed by the bootloader. Other bcm63xx
devices rename cferam.000 to cferam.XXX, but this device is special because
the cferam name isn't changed on the first firmware flashing but it's changed
on the subsequent ones.
Therefore, we need to look for "cfe" instead of "cferam" to properly detect
the cferam partition and fix the bootlop.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 915e914cfa)
Some devices rename cferam bootloader using specific patterns and don't follow
broadcom standards for renaming cferam files. This requires supporting
different cferam file names.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 8813edd8d9)
source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0a1ee53235)
source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 52fd8d8ba3)
Linux 5.10.178 includes backported commits that break the compilation
of bpf-headers, as the compilation gets confused which assembler to use.
Caused by Linux upstream commits just before the .178 tag:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/?h=v5.10.178
2023-04-20 kbuild: check CONFIG_AS_IS_LLVM instead of LLVM_IAS
2023-04-20 kbuild: Switch to 'f' variants of integrated assembler flag
2023-04-20 kbuild: check the minimum assembler version in Kconfig
Explicitly use LLVM_IAS=1 to fix things.
Fixes#12748
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]
o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
o Fixed handling of invalid certificate policies in leaf certificates
(CVE-2023-0465)
o Limited the number of nodes created in a policy tree ([CVE-2023-0464])
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Deleted because it was applied upstream
ipq806x/patches-5.10/103-ARM-dts-qcom-reduce-pci-IO-size-to-64K.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
General specification:
SoC Type: MediaTek MT7620N (580MHz)
ROM: 8 MB SPI-NOR (W25Q64FV)
RAM: 64 MB DDR (EM6AB160TSD-5G)
Switch: MediaTek MT7530
Ethernet: 5 ports - 5×100MbE (WAN, LAN1-4)
Wireless: 2.4 GHz (MediaTek RT5390): b/g/n
Buttons: 3 button (POWER, RESET, WPS)
Slide switch: 4 position (BASE, ADAPTER, BOOSTER, ACCESS POINT)
Bootloader: U-Boot 1.1.3
Power: 9 VDC, 0.6 A
MAC in stock:
|- + |
| LAN | RF-EEPROM + 0x04 |
| WLAN | RF-EEPROM + 0x04 |
| WAN | RF-EEPROM + 0x28 |
OEM easy installation
1. Use a PC to browse to http://my.keenetic.net.
2. Go to the System section and open the Files tab.
3. Under the Files tab, there will be a list of system
files. Click on the Firmware file.
4. When a modal window appears, click on the Choose File
button and upload the firmware image.
5. Wait for the router to flash and reboot.
OEM installation using the TFTP method
1. Download the latest firmware image and rename it to
klite3_recovery.bin.
2. Set up a Tftp server on a PC (e.g. Tftpd32) and place the
firmware image to the root directory of the server.
3. Power off the router and use a twisted pair cable to connect
the PC to any of the router's LAN ports.
4. Configure the network adapter of the PC to use IP address
192.168.1.2 and subnet mask 255.255.255.0.
5. Power up the router while holding the reset button pressed.
6. Wait approximately for 5 seconds and then release the
reset button.
7. The router should download the firmware via TFTP and
complete flashing in a few minutes.
After flashing is complete, use the PC to browse to
http://192.168.1.1 or ssh to proceed with the configuration.
Signed-off-by: Alexey Bartenev <41exey@proton.me>
(cherry picked from commit dc79b51533)
The BDFs for all boards were upstreamed to the ath10k-firmware
repository and linux-firmware.git.
We switched to the upstream board-2.bin, hence the files can be removed
here.
Keep the ipq-wifi package in case new boards are added. It might take
some time till board-2.bins send upstream are merged.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Kalle:
"I see that variant has a space in it, does that work it correctly? My
original idea was that spaces would not be allowed, but didn't realise
to add a check for that."
Is this an easy change? Because the original author (Tim Davis) noted:
"You may substitute the & and space with something else saner if they
prove to be problematic."
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 3b3eaf31cb)
The firmware file for mt7601u (MediaTek MT7601U Wireless MACs) has
been moved to the mediatek/ folder by commit
8451c2b1 mt76xx: Move the old Mediatek WiFi firmware to mediatek
Address this by updating the location of the firmware file in our
linux-firmware Makefile generating the mt7601u-firmware package.
All other MediaTek Wi-Fi firmware files are supplied by OpenWrt's
own repository rather than being taken from linux-firmware.
Fixes: d53fe5d9ce ("linux-firmware: update to 20230515")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d26ecbcf95)
It has been brought to my attention that recently added WCN6855 firmware
is broken as it is getting stripped during building due to being 2 ELF
binaries.
I am sure WCN6750 and any other ELF binaries are having the same issue,
so since stripping firmware binaries is clearly unwanted disable it.
Fixes: b4d3694f81 ("linux-firmware: package ath11k consumer cards firmware")
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 9d8eff6799)
Changes:
712460c linux-firmware: Update firmware file for Intel Bluetooth 9462
90d5f7e linux-firmware: Update firmware file for Intel Bluetooth 9462
48954ba linux-firmware: Update firmware file for Intel Bluetooth 9560
0e205fd linux-firmware: Update firmware file for Intel Bluetooth 9560
06b941e linux-firmware: Update firmware file for Intel Bluetooth AX201
ba958ff linux-firmware: Update firmware file for Intel Bluetooth AX201
02bdea2 linux-firmware: Update firmware file for Intel Bluetooth AX211
7044d46 linux-firmware: Update firmware file for Intel Bluetooth AX211
1b99bcd linux-firmware: Update firmware file for Intel Bluetooth AX210
4668ae9 linux-firmware: Update firmware file for Intel Bluetooth AX200
5bdfdba linux-firmware: Update firmware file for Intel Bluetooth AX201
b0f995c amdgpu: update DMCUB firmware for DCN 3.1.6
d991031 rtl_bt: Update RTL8822C BT UART firmware to 0xFFB8_ABD6
fd62f01 rtl_bt: Update RTL8822C BT USB firmware to 0xFFB8_ABD3
b15fc21 WHENCE: mrvl: prestera: Add WHENCE entries for newly updated 4.1 FW images
bf5a337 mrvl: prestera: Update Marvell Prestera Switchdev FW to v4.1
4a733c2 iwlwifi: add new FWs from core74_pv-60 release
7d2bb50 qcom: drop split a530_zap firmware file
7d56713 qcom/vpu-1.0: drop split firmware in favour of the mbn file
1431496 qcom/venus-4.2: drop split firmware in favour of the mbn file
cf95783 qcom/venus-4.2: replace split firmware with the mbn file
1fe6f49 qcom/venus-1.8: replace split firmware with the mbn file
abc0302 linux-firmware: Add firmware for Cirrus CS35L41 on new ASUS Laptop
20d9516 iwlwifi: add new PNVM binaries from core74-44 release
06dbfbc iwlwifi: add new FWs from core69-81 release
05df8e6 qcom: update venus firmware files for VPU-2.0
cd6fcdb qcom: remove split SC7280 venus firmware images
1612706 qcom: update venus firmware file for v5.4
ad9fdba qcom: replace split SC7180 venus firmware images with symlink
dae5d46 rtw89: 8852b: update fw to v0.27.32.1
a8e86ec rtlwifi: update firmware for rtl8192eu to v35.7
9aa8db1 rtlwifi: Add firmware v4.0 for RTL8188FU
8f86b5a i915: Add HuC 7.10.3 for DG2
48407ff cnm: update chips&media wave521c firmware.
bd31846 brcm: add symlink for Pi Zero 2 W NVRAM file
771968c linux-firmware: Add firmware for Cirrus CS35L41 on ASUS Laptops
6f9620e linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops
1d18cb9 linux-firmware: Add firmware for Cirrus CS35L41 on HP Laptops
e497757 rtw89: 8852b: add initial fw v0.27.32.0
98b5577 iwlwifi: add new FWs from core72-129 release
604026c iwlwifi: update 9000-family firmwares to core72-129
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 63d5a6deca)
Kalle Valo managed to add the qca9980's boardfile in the
upstream repository. Sourcing the file from his repository
is no longer needed.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 4ba7f6d9cb)
read_page() need to return maximum number of bitflips instead of the
accumulated number. Change takes from upstream mt7621 u-boot [1].
* @read_page: function to read a page according to the ECC generator
* requirements; returns maximum number of bitflips
* corrected in any single ECC step, -EIO hw error
[1] https://lore.kernel.org/all/cover.1653015383.git.weijie.gao@mediatek.com/
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 2fbb91d73f)
Prevents subshell commands from failing to parse options
when having defined a whitespace in the VERSION_DIST.
As the called resulting images unlikely will handle
whitespace correctly, we replace them by "-".
Signed-off-by: Sven Roederer <S.Roederer@colvistec.de>
(cherry picked from commit 4071398b13)
The index.json file lies next to Packages index files and contains a
json dict with the package architecture and a dict of package names and
versions.
This can be used for downstream project to know what packages in which
versions are available.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 218ce40cd7)
Changes:
43f81b4 wireless-regdb: update regulatory database based on preceding changes
66f245d wireless-regdb: Update regulatory rules for Hong Kong (HK)
e78c450 wireless-regdb: update regulatory rules for India (IN)
1647bb6 wireless-regdb: Update regulatory rules for Russia (RU). Remove DFS requirement.
c076f21 Update regulatory info for Russia (RU) on 6GHz
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 97d20525b2)
Rename existing device to v1 and create common .dtsi
Difference to v1: 16MB Flash
Specifications:
SoC: MediaTek MT7621
RAM: 256 MB
Flash: 16 MB (SPI NOR, XM25QH128C on my device)
WiFi: MediaTek MT7915E
Switch: 1 WAN, 4 LAN (Gigabit)
Buttons: Reset, WPS
LEDs: Two Power LEDs (blue and red; together they form purple)
Power: DC 12V 1A center positive
Serial: 115200 8N1
C440 - (3V3 - GND - RX - TX) - C41 | v1 and v2
(P - G - R - T) | v2 labels them on the board
Installation:
Download and flash the manufacturer's built OpenWrt image available at
http://www.cudytech.com/openwrt_software_download
Install the new OpenWrt image via luci (System -> Backup/Flash firmware)
Be sure to NOT keep settings.
Recovery:
Loads only signed manufacture firmware due to bootloader RSA verification
Serve tftp-recovery image as /recovery.bin on 192.168.1.88/24
Connect to any lan ethernet port
Power on the device while holding the reset button
Wait at least 8 seconds before releasing reset button for image to
download
MAC addresses as verified by OEM firmware:
use address source
LAN f4:a4:54:86:75:a2 label
WAN f4:a4:54:86:75:a3 label + 1
2g f4:a4:54:86:75:a2 label
5g f6:a4:54:b6:75:a2 label + LA-Bit set + 4th oktet increased
The label MAC address is found in bdinfo 0xde00.
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
(cherry picked from commit e38de40f8d)
- Correct WiFi MACs, they didn't match oem firmware
- Move nvmem-cells to bdinfo partition and remove &bdinfo reference
- Add OEM device model name R13 to SUPPORTED_DEVICES
This allows sysupgrading from Cudy's OpenWrt fork without force
- Label red_led and use it during failsafe mode and upgrades
MAC addresses as verified by OEM firmware:
use address source
LAN b4:4b:d6:2d:c8:4a label
WAN b4:4b:d6:2d:c8:4b label + 1
2g b4:4b:d6:2d:c8:4a label
5g b6:4b:d6:3d:c8:4a label + LA-Bit set + 4th oktet increased
The label MAC address is found in bdinfo 0xde00.
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
[read wifi mac from flash offset]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 45cf200b2e)
It was brought to attention the Archer AX23 v1 fails to read jffs2 data
from time to time. While this is not reproducible on my unit, it is on
others.
Reducing the SPI frequency does the trick. While it worked with at lest
40 MHz, opt for the cautious side and choose a save frequency of 25 MHz.
Apply the same treatment to the Mercusys MR70X which uses a similar
design just in case.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2c530fcb97)
This fixes a well known "LZMA ERROR 1" error, reported previously on
numerous of similar devices.
Fixes: #11919
Signed-off-by: Haoan Li <lihaoan1001@163.com>
(cherry picked from commit c7b484f364)
Alter the Aruba AP-105 image generation process so OpenWrt can be loaded
with the vendor Aruba APBoot.
This works by prepending the OpenWrt LZMA loader to the uImage and
jumping directly to the loader. Aruba does not offer bootm on these
boards.
This approach keeps compatibility to devices which had their U-Boot
replaced. Both bootloaders can boot the same image.
The same modification is most likely also possible for the Aruba AP-175.
With this patch, new installations do not require replacing the
bootloader and can be performed from the serial console without opening
the case.
Installation
------------
1. Attach to the serial console of the AP-105.
Interrupt autoboot and change the U-Boot env.
$ setenv apb_rb_openwrt "setenv ipaddr 192.168.1.1;
setenv serverip 192.168.1.66;
netget 0x84000000 ap105.bin; go 0x84000040"
$ setenv apb_fb_openwrt "cp.b 0xbf040000 0x84000000 0x10000;
go 0x84000040"
$ setenv bootcmd "run apb_fb_openwrt"
$ saveenv
2. Load the OpenWrt initramfs image on the device using TFTP.
Place the initramfs image as "ap105.bin" in the TFTP server
root directory, connect it to the AP and make the server reachable
at 192.168.1.66/24.
$ run apb_rb_openwrt
3. Once OpenWrt booted, transfer the sysupgrade image to the device
using scp and use sysupgrade to install the firmware.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit e11d00d44c)
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:
- Excessive Resource Usage Verifying X.509 Policy Constraints
(CVE-2023-0464)
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit
this vulnerability by creating a malicious certificate chain that
triggers exponential use of computational resources, leading to a
denial-of-service (DoS) attack on affected systems.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
- Invalid certificate policies in leaf certificates are silently ignored
(CVE-2023-0465)
Severity: Low
Applications that use a non-default option when verifying certificates
may be vulnerable to an attack from a malicious CA to circumvent
certain checks.
Invalid certificate policies in leaf certificates are silently ignored
by OpenSSL and other certificate policy checks are skipped for that
certificate. A malicious CA could use this to deliberately assert
invalid certificate policies in order to circumvent policy checking on
the certificate altogether.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466. It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.
Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Import commit "ubi: Fix failure attaching when vid_hdr offset equals to
(sub)page size" which did not yet make it to stable upstream Linux trees.
Fixes: #12232Fixes: #12339
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit aad34818b5)
Setting this options modifies the rootfs size of created images. When
installing a large number of packages it may become necessary to
increase the size to have enough storage.
This option is only useful for supported devices, i.e. with an attached
SD Card or installed on a hard drive.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 7b7edd25a5)
Prevent the BBT translation layer from remapping the UBI used for
storing rootfs.
Explicitly define the number of blocks reserved for remapping.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 076da59f17)
The DAP-X1860 is a wall-plug AX1800 repeater.
Specifications:
- MT7621, 256 MiB RAM, 128 MiB SPI NAND
- MT7915 + MT7975 2x2 802.11ax (DBDC)
- Ethernet: 1 port 10/100/1000
- LED RSSI bargraph (2x green, 1x red/orange), status
and RSSI LEDs are incorrectly populated red/orange
(should be red/green according to documentation)
Installation:
- Keep reset button pressed during plug-in
- Web Recovery Updater is at 192.168.0.50
- Upload factory.bin, confirm flashing
(seems to work best with Chromium-based browsers)
Revert to OEM firmware:
- tar -xvf DAP-X1860_RevA_Firmware_101b94.bin
- openssl enc -d -md md5 -aes-256-cbc -in FWImage.st2 \
-out FWImage.st1 -k MB0dBx62oXJXDvt12lETWQ==
- tar -xvf FWImage.st1
- flash kernel_DAP-X1860.bin via Recovery
Signed-off-by: Sebastian Schaper <openwrt@sebastianschaper.net>
(cherry picked from commit 3c31f6b521)
This patch adds libbpf to the dependencies of tc-mod-iptables.
The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491
LIBBPF_FORCE=on set, but couldn't find a usable libbpf
The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.
Fixes: #9491
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit fa468d4bcd)
22.03.1+ and snapshot builds no longer fit the 6M flash space
available for these models.
This disables failing buildbot image builds for these devices.
Images can still be built manually with ImageBuilder.
Signed-off-by: Joe Mullally <jwmullally@gmail.com>
(cherry picked from commit 4965cbd259)
This device uses an AR8031/AR8033 chip to convert SoC gmac1
RGMII to 1000base-x or sgmii for the SFP fibre cage.
The SFP cage requires phy-mode rgmii-rxid, and without it will not
recieve any packets: ethtool -S sfp rx_fcs_errors will increase when
packets should be being received, but no other _rx counters will change.
Fixes: c77858aa79 ("ramips: mt7621-dts: change phy-mode of gmac1 to rgmii")
Reviewed-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Arınç ÜNAL <arinc.unal@arinc9.com>
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
(cherry picked from commit 7ea965b578)
Fix the trivial abscence of $() when assigning engine config files to
the main libopenssl-config package even if the corresponding engines
were not built into the main library.
This is mostly cosmetic, since scripts/ipkg-build tests the file's
presence before it is actually included in the package's conffiles.
Fixes: 30b0351039 "openssl: configure engine packages during install"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c75cd5f602)
Some vendors of Senao boards have put a bootloader
that cannot handle both large gzip or large lzma files.
There is no disadvantage by doing this for all of them.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit 8342c092a0)
glinet forum users reported the problem at
https://forum.gl-inet.com/t/gl-ar300m16-openwrt-22-03-0-rc5-usb-port-power-off-by-default/23199
The current code uses the regulator framework to control the USB power
supply. Although usb0 described in DTS refers to the regulator by
vbus-supply, but there is no code related to regulator implemented
in the USB driver of QCA953X, so the USB of the device cannot work.
Under the regulator framework, adding the regulator-always-on attribute
fixes this problem, but it means that USB power will not be able to be
turned off. Since we need to control the USB power supply in user space,
I didn't find any other better way under the regulator framework of Linux,
so I directly export gpio.
Signed-off-by: Luo Chongjun <luochongjun@gl-inet.com>
(cherry picked from commit b352124cd2)
Changes:
7f7a9f7 wireless-regdb: update regulatory database based on preceding changes
660a1ae wireless-regdb: Update regulatory info for Russia (RU) on 5GHz
fe05cc9 wireless-regdb: Update regulatory rules for Japan (JP) on 6GHz
d8584dc wireless-regdb: Update regulatory rules for Japan (JP) on 5GHz
c04fd9b wireless-regdb: update regulatory rules for Switzerland (CH)
f29772a wireless-regdb: Update regulatory rules for Brazil (BR)
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 1173edf23b)
Sourcing of image/Config.in will not happen
When a target is installed from target/linux/feeds/
Signed-off-by: Prasun Maiti <prasunmaiti87@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 522a60cd31)
This removes the non-selectable 'Kernel' item
when make menuconfig.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 3e4c014008)
Some packages offer functionalities guarded by these options and it'll
be impossible to reach them without changing Config-build.in. So allow
to toggle these in more friendly way, by exposing them in configuration
menu.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit 477ff0821a)
Remove upstreamed patches.
Switch to normal tarballs. Codeload recently had a reproducibility issue.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 44c24b3ac5)
Pahole version is being autodetected during runtime since kernel 5.15.96
via in-kernel scripts/pahole-version.sh so add CONFIG_PAHOLE_VERSION to
kernel filter in order to prevent it from being added to target configs.
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 5d8f14bfef)
The dhcphostsfile must be mounted into the (ujail) sandbox.
The file can not be accessed without this mount.
Signed-off-by: Ruben Jenster <rjenster@gmail.com>
(cherry picked from commit 936df715de)
ipaddr option can be in CIDR notation,
but udhcp wants just an IP address
Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
(cherry picked from commit 506bb436c6)
The nand driver normally while waiting for the device to become ready;
this is normally fine, but xway_nand holds the ebu_lock spinlock, and
this can cause lockups if other threads which use ebu_lock are
interleaved. Fix this by waiting instead of polling.
This mainly showed up as crashes in ath9k_pci_owl_loader (see
https://github.com/openwrt/openwrt/issues/9829 ), but turning on
spinlock debugging shows this happening in other places too.
This doesn't seem to measurably impact boot time.
Tested on bt_homehub-v5a with 5.10 and 5.15.
Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
[Add commit description into patch]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d3b47909b1)
Nests kernel and ubi into firmware partition in-order to be compatible
with OEM firmware. This allows restoring oem firmware from a backup of
firmware2. Add jffs2 partition which is present in the oem firmware.
Add support for mediatek NMBM (wear leveling on newer mediatek devices).
Exclude UBI partition from NMBM management.
Continues PR #10685.
Tested-by: Felix Baumann <felix.bau@gmx.de>
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
(cherry picked from commit 787ecdf66d)
The Asus RT-AX1800U is identical to the already supported Asus RT-AX53U.
Use the ALT0 buildroot tags to show both devices.
Tested-by: Marian Sarcinschi <znevna@gmail.com>
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
(cherry picked from commit acd3b5e83b)
This patch adds the missing LEDs to Asus RT-AX53U.
Based on PR #10400 and patch provided in #11068
- enable the two LEDs controlled by mt7915e for wireless;
- add label to power LED so it works properly and fix formatting;
- add the USB LED;
- switch LEDs are best left to be controlled by hardware for now.
Co-Authored-By: Ivan Rozhuk <rozhuk.im@gmail.com>
Co-Authored-By: Shiji Yang <yangshiji66@qq.com>
Co-Authored-By: Hartmut Birr <e9hack@gmail.com>
Tested-by: Felix Baumann <felix.bau@gmx.de>
Tested-by: Marian Sarcinschi <znevna@gmail.com>
Signed-off-by: Marian Sarcinschi <znevna@gmail.com>
(cherry picked from commit c4b806d5c4)
Adds uboot-envtools support for ramips Asus RX-AX53U now that partition
can be correctly read.
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
[ improve commit title and description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 75451681d0)
Add support for read/writing uboot env by renaming the second partition
to its stock label "nvram" and remove the deemed unnecessary
"read-only". Split the first partition "u-boot" in two, in order
to allow `fw_setenv` safe write-access to the uboot environment
variables.
This implements hauke's request from [1].
Based on the patch provided by Shiji Yang.
[1] https://github.com/openwrt/openwrt/pull/10400#discussion_r945153224
Co-Authored-By: Shiji Yang <yangshiji66@qq.com>
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
[ improve commit title and description, fix some whitespace problem ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3f1e9f6f3b)
The Mikrotik R11e-LTE6 modem is similar to ZTE MF286R modem, added
earlier: it has a Marvel chip, able to work in ACM+RNDIS mode, knows ZTE
specific commands, runs OpenWrt Barrier Breaker fork.
While the modem is able to offer IPv6 address, the RNDIS setup is unable
to complete if there is an IPv6 adress.
While it works in ACM+RNDIS mode, the user experience isn't as good as
with "proto 3g": the modem happily serves a local IP (192.168.1.xxx)
without internet access. Of course, if the modem has enough time
(for example at the second dialup), it will serve a public IP.
Modifing the DHCP Lease (to a short interval before connect and back to
default while finalizing) is a workaround to get a public IP at the
first try.
A safe workaround for this is to excercise an offline script of the
pingcheck program: simply restart (ifdown - ifup) the connection.
Another pitfall is that the modem writes a few messages at startup,
which confuses the manufacturer detection algorithm and got disabled.
daemon.notice netifd: Interface 'mikrotik' is setting up now
daemon.notice netifd: mikrotik (2366): Failed to parse message data
daemon.notice netifd: mikrotik (2366): WARNING: Variable 'ok' does not exist or is not an array/object
daemon.notice netifd: mikrotik (2366): Unsupported modem
daemon.notice netifd: mikrotik (2426): Stopping network mikrotik
daemon.notice netifd: mikrotik (2426): Failed to parse message data
daemon.notice netifd: mikrotik (2426): WARNING: Variable '*simdetec:1,sim' does not exist or is not an array/object
daemon.notice netifd: mikrotik (2426): Unsupported modem
daemon.notice netifd: Interface 'mikrotik' is now down
A workaround for this is to use the "delay" option in the interface
configuration.
I want to thank Forum members dchard (in topic Adding support for
MikroTik hAP ac3 LTE6 kit (D53GR_5HacD2HnD)) [1]
and mrhaav (in topic OpenWrt X86_64 + Mikrotik R11e-LTE6) [2]
for sharing their experiments and works.
Another information page was found at eko.one.pl [3].
[1]: https://forum.openwrt.org/t/137555
[2]: https://forum.openwrt.org/t/151743
[3]: https://eko.one.pl/?p=modem-r11elte
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit dbd6ebd6d8)
The MikroTik R11e-LTE6 modem goes into flight mode (CFUN=4) at startup
and the radio is off (*RADIOPOWER: 0):
AT+RESET
OK
OK
*SIMDETEC:2,NOS
*SIMDETEC:1,SIM
*ICCID: 8936500119010596302
*EUICC: 1
+MSTK: 11, D025....74F3
*ADMINDATA: 0, 2, 0
+CPIN: READY
*EUICC: 1
*ECCLIST: 5, 0, 112, 0, 000, 0, 08, 0, 118, 0, 911
+CREG: 0
$CREG: 0
+CESQ: 99,99,255,255,255,255
*CESQ: 99,99,255,255,255,255,0
+CGREG: 0
+CEREG: 0
+CESQ: 99,99,255,255,255,255
*CESQ: 99,99,255,255,255,255,0
*RADIOPOWER: 0
+MMSG: 0, 0
+MMSG: 0, 0
+MMSG: 1, 0
+MPBK: 1
While the chat script is able to establish the PPP connection,
it's closed instantly by the modem: LCP terminated by peer.
local2.info chat[7000]: send (ATD*99***1#^M)
local2.info chat[7000]: expect (CONNECT)
local2.info chat[7000]: ^M
local2.info chat[7000]: ATD*99***1#^M^M
local2.info chat[7000]: CONNECT
local2.info chat[7000]: -- got it
local2.info chat[7000]: send ( ^M)
daemon.info pppd[6997]: Serial connection established.
kern.info kernel: [ 453.659146] 3g-mikrotik: renamed from ppp0
daemon.info pppd[6997]: Renamed interface ppp0 to 3g-mikrotik
daemon.info pppd[6997]: Using interface 3g-mikrotik
daemon.notice pppd[6997]: Connect: 3g-mikrotik <--> /dev/ttyACM0
daemon.info pppd[6997]: LCP terminated by peer
daemon.notice pppd[6997]: Connection terminated.
daemon.notice pppd[6997]: Modem hangup
daemon.info pppd[6997]: Exit.
daemon.notice netifd: Interface 'mikrotik' is now down
Sending "AT+CFUN=1" to modem deactivates the flight mode and
solves the issue:
daemon.notice netifd: Interface 'mikrotik' is setting up now
daemon.notice netifd: mikrotik (7051): sending -> AT+CFUN=1
daemon.notice pppd[7137]: pppd 2.4.9 started by root, uid 0
local2.info chat[7140]: abort on (BUSY)
local2.info chat[7140]: abort on (NO CARRIER)
local2.info chat[7140]: abort on (ERROR)
local2.info chat[7140]: report (CONNECT)
local2.info chat[7140]: timeout set to 10 seconds
local2.info chat[7140]: send (AT&F^M)
local2.info chat[7140]: expect (OK)
local2.info chat[7140]: ^M
local2.info chat[7140]: +CESQ: 99,99,255,255,255,255^M
local2.info chat[7140]: ^M
local2.info chat[7140]: *CESQ: 99,99,255,255,255,255,0^M
local2.info chat[7140]: AT&F^MAT&F^M^M
local2.info chat[7140]: OK
local2.info chat[7140]: -- got it
...
local2.info chat[7140]: send (ATD*99***1#^M)
local2.info chat[7140]: expect (CONNECT)
local2.info chat[7140]: ^M
local2.info chat[7140]: ATD*99***1#^M^M
local2.info chat[7140]: CONNECT
local2.info chat[7140]: -- got it
local2.info chat[7140]: send ( ^M)
daemon.info pppd[7137]: Serial connection established.
kern.info kernel: [ 463.094254] 3g-mikrotik: renamed from ppp0
daemon.info pppd[7137]: Renamed interface ppp0 to 3g-mikrotik
daemon.info pppd[7137]: Using interface 3g-mikrotik
daemon.notice pppd[7137]: Connect: 3g-mikrotik <--> /dev/ttyACM0
daemon.warn pppd[7137]: Could not determine remote IP address: defaulting to 10.64.64.64
daemon.notice pppd[7137]: local IP address 100.112.63.62
daemon.notice pppd[7137]: remote IP address 10.64.64.64
daemon.notice pppd[7137]: primary DNS address 185.29.83.64
daemon.notice pppd[7137]: secondary DNS address 185.62.131.64
daemon.notice netifd: Network device '3g-mikrotik' link is up
daemon.notice netifd: Interface 'mikrotik' is now up
To send this AT command to the modem the "runcommand.gcom" script
dependency is moved from comgt-ncm to comgt.
As the comgt-ncm package depends on comgt already, this change
is a NOOP from that point of view.
But from the modem's point it is a low hanging fruit as the modem
is usable with installing comgt and kmod-usb-ncm packages.
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit 91eca7b04f)
On any currently supported hardware, the performance impact should not
matter anymore.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 75e78bcaab)
This patch solves the problem of receiving "error" responses when
initially calling gcom. This avoids unnecessary NO_DEVICE failures.
A retry loop retries the call after an "error" response within the
specified delay. A successful response will continue with the connection
immediately without waiting for max specified delay, bringing the
interface up sooner.
Signed-off-by: Mike Wilson <mikewse@hotmail.com>
(cherry picked from commit 8f27093ce7)
Manually rebased:
backport-5.10/611-v5.12-net-ethernet-mediatek-support-setting-MTU.patch
All other patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 3ca9849589)
Manually rebased:
ramips/patches-5.10/810-uvc-add-iPassion-iP2970-support.patch
All other patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit d4aad642ff)
The USB port on the MR8300 randomly fails to feed bus-powered devices.
This is caused by a misconfigured pinmux. The GPIO68 should be used to
enable the USB power (active low), but it's inside the NAND pinmux.
This GPIO pin was found in the original firmware at a startup script in
both MR8300 and EA8300. Therefore apply the fix for both boards.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit ed64c33235)
Signed-off-by: Steffen Scheib <steffen@scheib.me>
There's no valid mac address for the second band in the eeprom.
The vendor fw uses 2.4G mac + 4 as the mac for 5G radio.
Do the same in our firmware.
Fixes: 23be410b3d ("ramips: add support for TOTOLINK X5000R")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 2126325400)
Hardware
========
- SoC: MediaTek MT7621AT (880MHz, Duel-Core)
- RAM: DDR3 128MB
- Flash: Winbond W25Q128JV (SPI-NOR 16MB)
- WiFi: MediaTek MT7915D (2.4GHz, 5GHz, DBDC)
- Ethernet: MediaTek MT7530 (WAN x1, LAN x3, SoC)
- UART: >TX RX GND 3v3 (115200 8N1, J1)
Do not connect 3v3. TX is marked with an arrow.
Installation
============
Flash factory image. This can be done using stock web ui.
Revert to stock firmware
========================
Flash stock firmware via OEM Web UI Recovery mode.
Web UI Recovery method
======================
1. Unplug the router
2. Plug in and hold reset button 5~10 secs
3. Set your computer IP address manually to 192.168.1.x / 255.255.255.0
4. Flash image with web browser to 192.168.1.1
Co-authored-by: Robert Senderek <robert.senderek@10g.pl>
Co-authored-by: Yoonji Park <koreapyj@dcmys.kr>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 47de2c6862)
The original claim about conflicting MAC addresses is wrong. mac80211
does increment the first octet and sets the LA bit.
This means our "workaround" actually leads to the issue while
incrementing the last octet is safe.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit d52870125d)
Hardware
--------
CPU: MediaTek MT7621 DAT
RAM: 128MB DDR3 (integrated)
FLASH: 16MB SPI-NOR ()
WiFi: MediaTek MT7905 + MT7975 (2.4 / 5 DBDC) 802.11ax
SERIAL: 115200 8N1
LEDs - (3V3 - GND - RX - TX) - ETH ports
Installation
------------
Upload the factory image using the Web-UI.
Web-Recovery
------------
The router supports a HTTP recovery mode by holding the reset-button
when powering on. The interface is reachable at 192.168.0.1 and supports
installation using the factory image.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7dceef5ee5)
Hardware
--------
SoC: Freescale P1010
RAM: 512MB
FLASH: 1 MB SPI-NOR
512 MB NAND
ETH: 3x Gigabite Ethernet (Atheros AR8033)
SERIAL: Cisco RJ-45 (115200 8N1)
RTC: Battery-Backed RTC (I2C)
Installation
------------
1. Patch U-Boot by dumping the content of the SPI-Flash using a SPI
programmer. The SHA1 hash for the U-Boot password is currently
unknown.
A tool for patching U-Boot is available at
https://github.com/blocktrron/t10-uboot-patcher/
You can also patch the unknown password yourself. The SHA1 hash is
E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA
2. Interrupt the bootmenu by pressing CTRL+C. A password prompt appears.
The patched password is '1234' (without quotation marks)
3. Download the OpenWrt initramfs image. Copy it to a TFTP server
reachable at 10.0.1.13/24 and rename it to uImage.
4. Connect the TFTP server to ethernet port 0 of the Watchguard T10.
5. Download and boot the initramfs image by entering "tftpboot; bootm;"
in U-Boot.
6. After OpenWrt booted, create a UBI volume on the old data partition.
The "ubi" mtd partition should be mtd7, check this using
$ cat /proc/mtd
Create a UBI partition by executing
$ ubiformat /dev/mtd7 -y
7. Increase the loadable kernel-size of U-Boot by executing
$ fw_setenv SysAKernSize 800000
8. Transfer the OpenWrt sysupgrade image to the Watchguard T10 using
scp. Install the image by using sysupgrade:
$ sysupgrade -n <path-to-sysupgrade>
Note: The LAN ports of the T10 are 1 & 2 while 0 is WAN. You might
have to change the ethernet-port.
9. OpenWrt should now boot from the internal NAND. Enjoy.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 35f6d79513)
Remove this stray patch, as OpenWrt 22.03 does not target kernel 5.15.
Fixes commit b18a0d0b92 ("generic: add support for EON EN25QX128A spi nor flash")
Signed-off-by: David Bauer <mail@david-bauer.net>
This fixes spurious boot-errors with some ath79 MIPS 74Kc boards such
as the AC Lite as well as Archer C7 v2.
The missing barrier leads to the icache flush being executed before the
dcache writeback, which results in the CPU executing the dummy infinite
loop in tlbmiss_handler_setup_pgd.
Applying this patch from upstream ensures the dcache is written back
before flushing the icache.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 26bc8f6876)
The padding intended to avoid corrupted non-zero padding payload was
accidentally adding too many padding bytes, tripping up some setups.
Fix this by using eth_skb_pad instead.
Fixes#11942.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 9307c27539)
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 4ae86b3358)
The original commit removed the upstreamed patch 010-padlock.patch, but
it's not on OpenWrt 22.03, so it doesn't have to be removed.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
To download a package the LLVM bins are not strictly needed.
Currently with an example run of make package/bridger/download V=s, the
build fail with
make[2]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
bash: line 1: /home/ansuel/openwrt-ansuel/openwrt/staging_dir/host/llvm-bpf/bin/clang: No such file or directory
bash: line 1: [: : integer expression expected
/home/ansuel/openwrt-ansuel/openwrt/include/bpf.mk:71: *** ERROR: LLVM/clang version too old. Minimum required: 12, found: . Stop.
make[2]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
time: package/network/services/bridger/download#0.04#0.00#0.06
ERROR: package/network/services/bridger failed to build.
This is wrong since it may be needed to download the required packages
first and then compile them later.
Fix this by ignoring the LLVM bin check on non compile steps.
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 116c73fd71)
unetd always includes $(INCLUDE_DIR)/bpf.mk. This file always checks if
the LLVM version is supported in CLANG_VER_VALID. unetd only needs bpf
when UNETD_VXLAN_SUPPORT is set. It fails when UNETD_VXLAN_SUPPORT is
not set and llvm is not installed.
Fix it by only checking the LLVM version when a LLVM toolchain is
available.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit c58177b5dc)
We've few low spec (make -j3) build workers attached to the 22.03
buildbot instance which from time to time exhibit following build
failure during image generation (shortened for brewity):
+ dd bs=512 if=root.ext4 of=openwrt-22.03...sdcard.img.gz.img
dd: failed to open 'root.ext4': No such file or directory
Thats happening likely due to the fact, that on buildbots we've
`TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem
image in the SD card image target dependency chain:
make_ext4fs -L rootfs ... root.ext4+pkg=68b329da
and that hardcoded `root.ext4` image filename becomes available from
other Make targets in the later stages. So lets fix this issue by using
IMAGE_ROOTFS Make variable which should contain proper path to the root
filesystem image.
Fixing remaining subtargets ommited in commit 5c3679e39b ("at91:
sama7: fix racy SD card image generation").
Fixes: 5c3679e39b ("at91: sama7: fix racy SD card image generation")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3b669bc3f3)
We've few low spec (make -j3) build workers attached to the 22.03
buildbot instance which from time to time exhibit following build
failure during image generation:
+ dd bs=512 if=root.ext4 of=openwrt-22.03-snapshot-r20028-43d71ad93e-at91-sama7-microchip_sama7g5-ek-ext4-sdcard.img.gz.img seek=135168 conv=notrunc
dd: failed to open 'root.ext4': No such file or directory
Thats likely due to the fact, that on buildbots we've
`TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem
image in the SD card image target dependency chain:
make_ext4fs -L rootfs ... root.ext4+pkg=68b329da
and that hardcoded root.ext4 becomes available from other target in the
later stages. So lets fix this issue by using IMAGE_ROOTFS Make variable
which should contain proper path to the root filesystem image.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5c3679e39b)
This update mac80211 to version 5.15.92-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The phy-mode property must be defined on the MAC instead of the PHY. Define
phy-mode under gmac1 which the external phy is connected to.
Tested-by: Petr Louda <petr.louda@outlook.cz>
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit 5155200f97)
Add squashfs and ramdisk to features as these are commonly used images
for the octeontx.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
(cherry picked from commit af5635e6ca)
Add LTE packages required for operating the LTE modems shipped with
the GL-XE300.
Example configuration for an unauthenticated dual-stack APN:
network.wwan0=interface
network.wwan0.proto='qmi'
network.wwan0.device='/dev/cdc-wdm0'
network.wwan0.apn='internet'
network.wwan0.auth='none'
network.wwan0.delay='10'
network.wwan0.pdptype='IPV4V6'
Signed-off-by: Tom Herbers <mail@tomherbers.de>
(cherry picked from commit 67f283be44)
This adds an label-mac-device alias which refrences the mac which is
printed on the Label of the device.
Signed-off-by: Tom Herbers <mail@tomherbers.de>
(cherry picked from commit f83f5f8452)
This commit adds the LTE led for GL.iNet GL-XE300
to the default leds config.
Signed-off-by: Leo Soares <leo@hyper.ag>
(cherry picked from commit 35a0f2b00c)
Signed-off-by: Tom Herbers <mail@tomherbers.de>
This adds missing HE modes to mac80211_prepare_ht_modes.
Previously mesh without wpa_supplicant would be initialized with 802.11g
/NO-HT only, as this method did not parse channel bandwidth for HE
operation.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit a63430eac3)
_oob_read returns number of bitflips on success while
bbt_nand_read should return 0.
Fixes: 2d49e49b18 ("mediatek: bmt: use generic mtd api")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit f183ce35b8)
From uboot Documentation for uboot-2022.01 for tools-only we can build
with NO_SDL=1 to skip installing the sdl2 package.
Follow this to fix compilation error on macos
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Wifi LED did not work using phy0radio, which somehow slipped through in
the previous testing
Signed-off-by: Florian Maurer <f.maurer@outlook.de>
(cherry picked from commit 2e3d1edf59)
Patch the mbedtls source instead of modifying the compile-targets
in the prepare buildstep within OpenWrt.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 00f1463df7)
This fixes spurious build-errors on OpenWrt, where the AM_ICONV macro
is undefined while invoking autoconfig. Later in the build, the ICONV
LDOPTIONS are set to @LIBICONV@, failing the build.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 9300a20dcc)
Both mirrors provided in the Makefile only serve gzipped tarballs.
Fixes: #10871
Fixes: 9edfe7dd13 ("source: Switch to xz for packages and tools where possible")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit bd911b4538)
libstdcxx-dual-abi needs to be enabled to actually support C++11 ABI.
Enable the config flag to also permit support of .NET 6 development on
OpenWrt.
Signed-off-by: Ivan Maslov <avenger_msoft@mail.ru>
[ reword commit description and title ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3c06a344e9)
Allign dl_github_archieve.py to 8252511dc0
change. On supported system the sigid bit is applied to files and tar
archieve that on tar creation. This cause unreproducible tar for these
system and these bit should be dropped to produce reproducible tar.
Add the missing option following the command options used in other
scripts.
Fixes: 75ab064d2b ("build: download code from github using archive API")
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5f1758ef14)
This fixes a security problem in ksmbd. It currently has the
ZDI-CAN-18259 ID assigned, but no CVE yet.
Backported from:
8824b7af40cc4f3b5a6a
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 76c67fcc66)
The WIFI LED already worked for me with the latest openwrt 22.03 version.
Wifi LED did not with an older 22.x version (in gluon - there phy0radio did nothing but phy0tpt did show activity
the WAN interface has the name "wan" and not "pppoe-wan" on this device
fixes#7757 (and FS#2987)
Signed-off-by: Florian Maurer <f.maurer@outlook.de>
(cherry picked from commit 0820d62012)
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
When a new tag for a release is created, the just checkout repo from
github actions will already have such tag locally created.
This will result in git fetch --tags failing with error rejecting the
remote tag with (would clobber existing tag).
Add -f option to overwrite any local tags and always fetch them from
remote.
Fixes: e24a1e6f6d ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f655923b36)
brcmsmac needs bcma. bcma is build into the kernel for the other bcm47xx
subtargets, but not for the legacy target because it only uses ssb. We
could build bcma as a module for bcm47xx_legacy, but none of these old
devices uses a wifi card supported by brcsmac.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cb7d662dac)
the 5.10 uml build currently breaks with:
/usr/bin/ld: arch/um/os-Linux/signal.o: in function `sigusr1_handler':
arch/um/os-Linux/signal.c:141: undefined reference to `uml_pm_wake'
But there's an upstream fix for this. Backport the fix
for now but also let upstream know so it finds its way
through the -stable releases.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 8bea5edf89)
libxxhash is now available in the OpenWrt package feed and gdb will link
against it if gdb finds this library. Explicitly deactivate the usage
of xxhash.
This should fix the build of gdb in build bots.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a442974cfa)
Allow forced flashing of a factory firmware image, after checking for the
correct FIT magic header and Linksys board-specific footer. Details of the
footer are already described in scripts/linksys-image.sh.
This is convenient as it avoids using a TFTP server or OEM GUI, and allows
restoring OEM firmware or installing a "breaking" OpenWrt update (e.g DSA
migration and kernel repartition) directly from the command line.
Devices supported at this time include EA6350v3, EA8300, MR8300 and WHW01.
Reviewed-by: Robert Marko <robimarko@gmail.com>
Tested-by: Wyatt Martin <wawowl@gmail.com> # WHW01
Tested-by: Tony Ambardar <itugrok@yahoo.com> # EA6350v3
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 6fc334cbdc)
This is used to access footer data in firmare files, and is simpler and
less error-prone than using 'dd' with calculated offsets.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 9cbc825b30)
The ABI of the wolfssl library changed a bit between version 5.5.3 and
5.5.4. This release update will trigger a rebuild of all packages which
are using wolfssl to make sure they are adapted to the new ABI.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ee47a28cec)
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Fixes the following CVEs:
* CVE-2022-46393: Fix potential heap buffer overread and overwrite in
DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
* CVE-2022-46392: An adversary with access to precise enough information
about memory accesses (typically, an untrusted operating system
attacking a secure enclave) could recover an RSA private key after
observing the victim performing a single private-key operation if the
window size used for the exponentiation was 3 or smaller.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit af3c9b74e1)
Applications with libmbedtls, e.g. curl, fail on mpc85xx with:
curl[7227]: illegal instruction (4) at b7c94288 nip b7c94288 lr b7c6b528 code 1 in libmbedcrypto.so.2.28.1[b7c3e000+7e000]
curl[7227]: code: 3d7e0000 809e8004 91490000 816b814c 7d6903a6 4e800421 80010024 83c10018
curl[7227]: code: 38210020 7c0803a6 4e800020 9421fff0 <7d4d42e6> 7c6c42e6 7d2d42e6 7c0a4840
This is due to a bug in gcc-11.2.0. It is fixed with gcc-11.3.0.
Import the patch that is fixing the issue.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Tweaking the KCONFIG line of kmod-ata-marvell-sata makes the hack patch
unnecessary
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 2e375e9b31)
This reverts commit fcff234fd8.
$(STAGING_DIR_HOST)/bin/gzip is not available in openwrt-22.03. The
change broke the build because the build process could not find this
file. For example ath79/generic netgear_wndap360 was affected.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The frequency appears as unlisted initial frequency.
Removed it as Hauke suggested.
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
(cherry picked from commit 5b82eeb320)
There are 2 different CPE IDs on the NVD website:
cpe:/a:arm:trusted_firmware-a
cpe:/o:arm:arm_trusted_firmware
The ID as currently used in trusted-firmware-a.mk does not exist. The
CPE ID using the arm_trusted_firmware product name only lists a few
records for versions 2.2 and 2.3 on the NVD site. The CPE ID using the
trusted_firmware-a product name lists many more records, and actually
has a CVE linked to it. Therefore, use the CPE ID using the
trusted_firmware-a product name.
Fixes: 104d60fe94 ("trusted-firmware-a.mk: add PKG_CPE_ID")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit c8c6508c22)
No patches affected by this update.
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 1e375c8fbd)
A device COMPILE target should not depend on another COMPILE.
Otherwise race condition may happen.
The loader is very small. Compiling it twice shouldn't
have a huge impact.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit 17c6fb1054)
Commit a01d23e75 ("image: always rebuild kernel loaders")
is a step in the right direction, but exposed some issues
and regressions in the makefile.
Some of the files made by device specific COMPILE targets
start with an "append" command (i.e. >> instead of > redirection)
and if the file already exists, the target file is the
input to itself before the first recipe-specified input.
Fixes: a01d23e75 ("image: always rebuild kernel loaders")
Fixes: a7fb589e8 ("image: always rebuild kernel loaders")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit 1bff0752bd)
To generate commitcount we use grep --max-count. This is not present on
alpine grep and cause wrong generation. Use -m as it's just the short
version of --max-count and more portable.
Fixes: #11200
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit eb7ffeafbf)
Most/all other tools use the staging dir prefix, gzip should as well.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Acked-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 47df168dd2)
The kmod prefix for sound-soc-sunxi is missing, fix it.
Also add kmod-sound-core as dependence.
Fixes: 6a35659 ("sunxi: Added profile for HAOYU Electronics Marsboard A10")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 7bcf6b54fc)
KERNEL_MAKEOPTS will get expanded when it is used and not when it is
defined in the kernel.mk file now. This fixes problems finding dependent
kernel modules when it is used by a kernel module package.
Without this change the build of packages which depend on other out of
tree modules failed when they used KERNEL_MAKE because some symbols could
not be found. This happened because KERNEL_MAKE_FLAGS which contains a
"if $(__package_mk)" was evaluated where KERNEL_MAKEOPTS was defined
and not when the KERNEL_MAKE was used. For packages which included
kernel.mk before package.mk we saw this problem. One workaround
was to use the correct include order and the other one was to not
use KERNEL_MAKE_FLAGS, but copy its content.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 06ad3adeec)
This adds the following changes:
a88f07f71f stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265]
4bc889c01c stdlib: Fixup mbstowcs NULL __dst handling. [BZ #29279]
1fcc7bfee2 alpha: Fix generic brk system call emulation in __brk_call (bug 29490)
68507377f2 socket: Check lengths before advancing pointer in CMSG_NXTHDR
536ddc5c02 elf: Call __libc_early_init for reused namespaces (bug 29528)
2a44960cbc Apply asm redirections in stdio.h before first use [BZ #27087]
b41c535f46 Apply asm redirections in wchar.h before first use
2b3d020055 nscd: Fix netlink cache invalidation if epoll is used [BZ #29415]
bc5cb538e5 elf: Run tst-audit-tlsdesc, tst-audit-tlsdesc-dlopen everywhere
2ff6775ad3 elf: Fix hwcaps string size overestimation
f50a6c843a gconv: Use 64-bit interfaces in gconv_parseconfdir (bug 29583)
1a3afdfe31 resolv: Add tst-resolv-byaddr for testing reverse lookup
6a833d798e resolv: Add tst-resolv-aliases
4d2e67d6e5 resolv: Add internal __res_binary_hnok function
bb8adbba4f resolv: Add the __ns_samebinaryname function
c288e032ae resolv: Add internal __ns_name_length_uncompressed function
e7c03f4765 resolv: Add DNS packet parsing helpers geared towards wire format
d9c979abf9 nss_dns: Split getanswer_ptr from getanswer_r
32e5db3768 nss_dns: Rewrite _nss_dns_gethostbyaddr2_r and getanswer_ptr
7267341ec1 nss_dns: Remove remnants of IPv6 address mapping
9abc40d9b5 nss_dns: Rewrite getanswer_r to match getanswer_ptr (bug 12154, bug 29305)
c36e7cca35 nss_dns: In gaih_getanswer_slice, skip strange aliases (bug 12154)
480c820493 resolv: Add new tst-resolv-invalid-cname
2def56a349 nss_dns: Rewrite _nss_dns_gethostbyname4_r using current interfaces
044755e2fa resolv: Fix building tst-resolv-invalid-cname for earlier C standards
a2e259014f Avoid extra load with CAS in __pthread_mutex_lock_full [BZ #28537]
ed8300c054 Avoid extra load with CAS in __pthread_mutex_clocklock_common [BZ #28537]
a6b81f605d Add LLL_MUTEX_READ_LOCK [BZ #28537]
6bcfbee727 Move assignment out of the CAS condition
43760d33d7 nptl: Effectively skip CAS in spinlock loop
04efdcfac4 sysdeps: Add 'get_fast_jitter' interace in fast-jitter.h
ea69248445 nptl: Add backoff mechanism to spinlock loop
95f5089d4a x86: include BMI1 and BMI2 in x86-64-v3 level
414fc856ff x86-64: Require BMI2 for AVX2 str(n)casecmp implementations
e1561d8cf0 x86-64: Require BMI2 for AVX2 strcmp implementation
b9cbb8dd48 x86-64: Require BMI2 for AVX2 strncmp implementation
67e863742d x86-64: Require BMI2 for AVX2 wcs(n)cmp implementations
94b9c1b640 x86-64: Require BMI2 for AVX2 (raw|w)memchr implementations
36d6b9be3d x86-64: Require BMI2 and LZCNT for AVX2 memrchr implementation
e570b865b5 x86-64: Require BMI1/BMI2 for AVX2 strrchr and wcsrchr implementations
e3976287b2 nscd: Drop local address tuple variable [BZ #29607]
c95ef423d7 nss: Implement --no-addrconfig option for getent
16c7ed6e68 nss: Fix tst-nss-files-hosts-long on single-stack hosts (bug 24816)
d5313bcb7e nss: Use shared prefix in IPv4 address in tst-reload1
9f55d2e7c4 elf: Do not completely clear reused namespace in dlmopen (bug 29600)
ca5df79545 linux: Fix generic struct_stat for 64 bit time (BZ# 29657)
f42d871b22 Makerules: fix MAKEFLAGS assignment for upcoming make-4.4 [BZ# 29564]
675ba1f361 mktime: improve heuristic for ca-1986 Indiana DST
6e8044e910 Fix memmove call in vfprintf-internal.c:group_number
291d440206 Allow #pragma GCC in headers in conformtest
86a701a204 regex: copy back from Gnulib
fa5044f1e3 regex: fix buffer read overrun in search [BZ#28470]
06afa5e09f io: Fix ftw internal realloc buffer (BZ #28126)
deea6ab1bc io: Fix use-after-free in ftw [BZ #26779]
d57cdc1b5a Linux: Support __IPC_64 in sysvctl *ctl command arguments (bug 29771)
75b0edb7ef Update NEWS file in the right place
691f70b84a elf: Fix rtld-audit trampoline for aarch64
e3255e7d21 x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591]
309c4708ac elf: Fix wrong fscanf usage on tst-pldd
42b9d7def8 Allow for unpriviledged nested containers
405b8ae135 elf: Fix wrong fscanf usage on tst-pldd
a1c12fdf3f _Static_assert needs two arguments for compatibility with GCC before 9
a4217408a3 Apply asm redirections in syslog.h before first use [BZ #27087]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The commit was pushed into the branch to early. It does not help fixing
illegal instruction bug on mpc85xx. That's why it should be reverted.
This reverts commit de6c3cca4d.
Signed-off-by: Nick Hainke <vincent@systemli.org>
8d15809 cli: print current HT mode
8f86dd6 cli: use IWINFO_HTMODE_COUNT
f36b72b cli: use IWINFO_KMGMT_NAMES
91be7e0 cli: use IWINFO_CIPHER_NAMES
49b6ec9 cli: fix printing the scan channel width
b1c8873 cli: fix marking the active channel
9e14e64 utils: add iwinfo_band2ghz() and iwinfo_ghz2band() helpers
e084781 utils: add helper functions to get names by values
d09a77a utils: add iwinfo_htmode_is_{ht|vht|he} helpers
8752977 utils: add and use iwinfo_format_hwmodes()
02f433e lib: add IWINFO_80211_COUNT and IWINFO_80211_NAMES
1d30df1 lib: add IWINFO_BAND_COUNT and IWINFO_BAND_NAMES
aefd0ef lib: use common IWINFO_CIPHER_NAMES strings
a5b30de lib: add IWINFO_OPMODE_COUNT and use it for IWINFO_OPMODE_NAMES
9f29e79 lib: constify and fixup the string array definitions
fddc015 nl80211: mark frequencies where HE operation in not allowed
6d50a7c nl80211: add support for HE htmodes
4ba5713 nl80211: properly get available bands for the hwmode
91b2ada nl80211: update the kernel header nl80211.h
3f619a5 nl80211: fix frequency/channel conversion for the 6G band
a77d915 nl80211: don't guess if a name is an ifname
c27ce71 devices: add usb device MediaTek MT7921AU
14f864e nl80211: add ability to describe USB devices
a5a75fd nl80211: remove ancient wpa_supplicant ctrl socket path
dd4e1ff nl80211: fix wpa supplicant ctrl socket permissions
d638163 fix -Wdangling-else warnings
4aa6c5a fix -Wreturn-type warning
3112726 fix -Wpointer-sign warning
ebd5f84 fix -Wmaybe-uninitialized warning
5469898 fix -Wunused-variable warnings
462b679 fix -Wduplicate-decl-specifier warnings
ccaabb4 fix -Wformat-truncation warnings
50380db enable useful compiler warnings via -Wall
Fixes: https://github.com/openwrt/openwrt/issues/10158
Fixes: https://github.com/openwrt/openwrt/issues/10687
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4a4d0bf78d)
0496c722f1d7 nl80211: fix issues with renamed wiphy and multiple phy per device
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 735f5f18dd)
46f04f3808e8 devices: add MediaTek MT7986 WiSoC
b3e08c8b5a8f ops: make support for wireless extensions optional
1f695d9c7f82 nl80211: allow phy names that don't start with 'phy'
b7f9f06e1594 nl80211: fix phy/netdev index lookup
4a43b0d40ba5 nl80211: look up the phy name instead of assuming name == phy<idx>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit c787962e1d)
This symbol is added by the bcm27xx target patches so it should depend
on that target.
Fixes: efd9463dcf ("kernel: add missing symbol for bcm27xx")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit d5dc6cdc53)
When KERNEL_PERF_EVENTS is enabled in OpenWrt, the RPI_AXIPERF symbol is
exposed. Add a build option for it to fix build failures with
KERNEL_PERF_EVENTS enabled.
Fixes: 3564c22e46 ("bcm27xx: disable duplicate sdhost driver")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit efd9463dcf)
Add support for EON EN25QX128A spi nor flash with no flags as it does
support SFDP parsing.
Fixes: #9442
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Tested-by: Szabolcs Hubai <szab.hu@gmail.com> [ramips/mt7621: xiaomi_mi-router-4a-gigabit]
(cherry picked from commit d7876daf65)
The R8712U driver depends on cfg80211. cfg80211 is provided by mac80211
backports, we can not build any in kernel drivers which depend on
cfg80211 which is an out of tree module in OpenWrt.
The cfg80211 dependency was added with kernel 5.9.
We could add rtl8192su to backports and build it from there.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7ebe1dca47)
Allow registration if the SIM is roaming or partner mode, by adding two
new options to the protocol.
Until now, such registration failed because umbim returns exit codes 4 and
5 for such situations.
Signed-off-by: Julio Gonzalez Gil <git@juliogonzalez.es>
(cherry picked from commit 840ce0a65b)
In my commit da5c45f4d8 ("kernel: remove handling of xfrm[4|6]_mode_*
modules") I missed a few default config options and description entries.
Those should be gone as well.
Fixes: da5c45f4d8 ("kernel: remove handling of xfrm[4|6]_mode_* modules")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 1e028ac51e)
For kernel versions before 5.2, the required IPsec modes have to be
enabled explicitly (they are built-in for newer kernels).
Commit 1556ed155a ("kernel: mode_beet mode_transport mode_tunnel xfram
modules") tried to handle this, but it does not really work.
Since we don't support these kernel versions anymore and the code is
also broken, let's remove it.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Remove old generic config options too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit da5c45f4d8)
Add package supporting Bluetooth HCI interfaces connected over SDIO.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[pepe2k@gmail.com: dropped rfkill dependency, other minor text fixes]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit fb75476845)
CONFIG_MMC_BLOCK_BOUNCE was removed in kernel v4.13-rc1
c3dccb74be
Signed-off-by: Tomas Lara <tl849670@gmail.com>
(cherry picked from commit 24307b0351)
The MAC-Address setup for the Teltonika RUT230 v1 was swapped for the
LAN / WAN ports. Also the Label-MAC was assigned incorrect, as the WiFi
MAC is printed on the case as part of the SSID, however only the LAN
MAC-Address is designated as a MAC-Address.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 4c0919839d)
Wavlink WS-WN572HP3 4G is an 802.11ac
dual-band outdoor router with LTE support.
Specifications;
* Soc: MT7621DAT
* RAM: 128MiB
* Flash: NOR 16MiB GD-25Q128ESIG3
* Wi-Fi:
* MT7613BEN: 5GHz
* MT7603EN: 2.4GHz
* Ethernet: 2x 1GbE
* USB: None - only used internally
* LTE Modem: Quectel EC200T-EU
* UART: 115200 baud
* LEDs:
* 7 blue at the front
* 1 Power
* 2 LAN / WAN
* 1 Status
* 3 RSSI (annotated 4G)
* 1 green at the bottom (4G LED)
* Buttons: 1 reset button
Installation:
* press and hold the reset button while powering on the device
* keep it pressed for ten seconds
* connect to 192.168.10.1 via webbrowser (chromium/chrome works, at
least Firefox 106.0.3 does not)
* upload the sysupgrade image, confirm the checksum, wait 2 minutes
until the device reboots
Revert to stock firmware:
* same as installation but use the recovery image for WL-WN572HP3
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
Acked-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit dce66899bf)
add three missing LEDs
- PoE-Max
- Link/Act
- PoE
add two missing buttons
- mode
- reset
The last was dropped in
commit 61a3d0075b ("realtek: update GPIO bindings in the dts files in dts-5.10")
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
(cherry picked from commit dbc93d280c)
9217ab4 ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
2ce1d48 ci: fix building with i.MX6 SDK
584f1f6 ustream-openssl: wolfSSL: provide detailed information in debug builds
aa8c48e cmake: add a possibility to set library version
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 69f0c29b8b)
We don't need to checkout feed and install feeds for kernel tests. This
saves up to 2 minutes for each target kernel build test.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 925e2a155e)
On cache hit, skip sdk adapt to external toolchain. This is needed because we
cache the already extracted sdk and that is already adapted to be used
as external toolchain.
Rerunning the adap step will result in the test to fail for missing file
as the file are already got wrapped to the external toolchain format.
Fixes: 42f0ab028e ("CI: build: fix use of sdk as toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 99eaedfe39)
The toolchain included in a sdk have a different format than an external
toolchain tar.
Since sdk is a more integrated setup doesn't use and include wrapper bin
that use the external toolchain config and use an alternative and more
standard way to include all the toolchain headers.
External toolchain use wrapper.sh to append the configured include
header when each tool is called.
Fix the sdk toolchain by reverting their own sdk wrapper scripts and to
simulate an external toolchain build copying what is done in the
toolchain target makefile.
This handle compilation error and warning caused by not using fortify
header on building packages.
Fixes: 006e52545d ("CI: build: add support to fallback to sdk for external toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 42f0ab028e)
This fixes CVE-2022-1304:
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.
This issue leads to a segmentation fault and possibly arbitrary code
execution via a specially crafted filesystem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 60e335b76e)
Refresh the kernel patches for this target. No manual changes.
Fixes: 45ac906c64 ("bcm4908: update DTS files with the latest changes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b97e5ac785)
[ dropped 5.15 change not present in 22.03 ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Accessing the console on many devices is difficult.
netconsole eases debugging on devices that crash
after the network is up.
Reference to the netconsole documentation in upstream Linux:
<https://www.kernel.org/doc/html/latest/networking/netconsole.html>
|
|netconsole=[+][src-port]@[src-ip]/[<dev>],[tgt-port]@<tgt-ip>/[tgt-macaddr]
|
| where
| + if present, enable extended console support
| src-port source for UDP packets (defaults to 6665)
| src-ip source IP to use (interface address)
| dev network interface (eth0)
| tgt-port port for logging agent (6666)
| tgt-ip IP address for logging agent
| tgt-macaddr ethernet MAC address for logging agent (broadcast)
OpenWrt specific notes:
OpenWrt's device userspace scripts are attaching the network
interface (i.e. eth0) to a (virtual) bridge (br-lan) device.
This will cause netconsole to report:
|network logging stopped on interface eth0 as it is joining a master device
(and unfortunately the traffic/logs to stop at this point)
As a workaround, the netconsole module can be manually loaded
again after the bridge has been setup with:
insmod netconsole netconsole=@/br-lan,@192.168.1.x/MA:C...
One way of catching errors before the handoff, try to
append the /etc/modules.conf file with the following extra line:
options netconsole netconsole=@/eth0,@192.168.1.x/MA:C...
and install the kmod-netconsole (=y) into the base image.
Signed-off-by: Catalin Toda <catalinii@yahoo.com>
(Added commit message from PR, added links to documentation)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 488b25f5ac)
The isdn4linux drivers and subsystem was removed in kernel 5.3, remove
the kernel package also from OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit db55dea5fc)
The w1_ds2760.ko driver was merged into the ds2760_battery.ko driver.
The driver was removed and this package was never build any more.
This happened with kernel 4.19.
Remove this unused package.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5808973d14)
The rtc-pt7c4338.ko was never upstream under this name, the driver was
removed from OpenWrt some years ago, remove the kmod-rtc-pt7c4338
package too.
Fixes: 74d00a8c38 ("kernel: split patches folder up into backport, pending and hack folders")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5ccf4dcf88)
Several users have reported, that devices using mv88e6176 switch are
seriously broken, basically turning that switch into a hub. Until fixed
those devices should be disabled.
I've used TOH with "Switch 88E6176" filter, which provided me with the
following list of likely affected devices:
* Linksys WRT1200AC v1/v2, WRT1900AC v1/v2
* SolidRun ClearFog Pro
* Turris Omnia
That device list more or less corresponds with the list of devices
mentioned in the linked bug reports.
References: https://github.com/openwrt/openwrt/issues/11077
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Since kernel and packages workflow now use a shared build workflow, they
also need to react on changes on these shared workflow.
Fix this and add these shared workflow to the event paths to check.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 644175c29c)
The current match logic doesn't handle test for push events related to
stable release (example openwrt-22.03) but only fork with the related
prefix (example openwrt-22.03-fixup)
Fix wrong matching and while at it also add extra checks to other
matching (check if the branch name actually start with the requested
prefix)
Fixes: e24a1e6f6d ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit e3cf2b84e5)
The current match logic doesn't handle test for push events related to
stable release (example openwrt-22.03) but only fork with the related
prefix (example openwrt-22.03-fixup)
Fix wrong matching and while at it also add extra checks to other
matching (check if the branch name actually start with the requested
prefix)
Fixes: abe8a48242 ("CI: build: add support for per branch tools container")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 65c3d19c4b)
Add support to use sdk as external toolchain if the packaged external
toolchain tar is not found on openwrt servers for build shared workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b59ac2a7d0)
Add support to use external toolchains from stable branch if we are
testing commit targeting stable openwrt branch in kernel and packages
workflow.
With pr the target branch is parsed and the right toolchain is used.
To use the stable toolchain for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9]- (example openwrt-21.02-fixup)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit e24a1e6f6d)
Add support in build shared workflow for per branch tools container.
With pr the target branch is parsed and the right container is used.
To use the stable container for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9]- (example openwrt-21.02-fixup)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit abe8a48242)
Add support to push per branch container tools.
For anything not official stick to latest tag that correspond to test
run from master.
If we are testing something for one of the openwrt stable branch, parse
the branch name or the tag and push dedicated tools containers.
To use the stable container for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9] (example openwrt-21.02-fixup)
Any branch that will match this pattern openwrt-[0-9][0-9].[0-9][0-9]
will refresh the tools container with the matching tag.
(example branch openwrt-22.03 -> tools:openwrt-22.03)
(example branch openwrt-22.03-test -> tools:openwrt-22.03)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 75550771ae)
This adds options to build all boards of a selected target and an
additional option to build the testing kernel instead of the normal
kernel. This can be used by other trigger work flows.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cf361b8509)
This adds an option to build with internal toolchain. This can be used
to build targets which are currently not build by the OpenWrt build bots
and which needs their own toolchain build for every build.
Building the toolchain takes about 30 minutes compared to using the
external toolchain which takes some seconds.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 08f5283392)
Extract the building of OpenWrt into an own workflow which is then
triggered by the kernel.yml and packages.yml workflow with different
inputs. This allows us to share much of the code of the workflow.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7c406a5f08)
Activate CONFIG_AUTOREMOVE to match the settings used to build the
pre-build tools. This has to match the pre-build tools to not rebuild
them.
This prevents the tools being rebuild in packages.yml.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6645a019f8)
This will build OpenWrt for MIPS malta BE and x86 64 Bit with all
packages and kernel modules activated. It is triggered when something
changes in the build system or when a package definition is changed.
This task probably needs 90 minutes to execute, but I hope that it
will find build problems in pull requests early.
This intentionally does not activate the feeds, because building them
too would take too long. We only build x86/64 and malta/be to save
resources.
I would like to detect build problems when a package is changed. We
often had build breaks when a package version was increased sometime
even in other packages which used it as a dependency.
This is based on the .github/workflows/packages.yml workflow.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b99d377886)
Enforce refreshed patch for each target with kernel pr tests.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 689cfaeb7c)
Bump actions/download,upload-artifact action to v3 on every workflow
to mute node deprecation warning.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 77b24012db)
Bump actions/checkout action to v3 on every workflow to mute node
deprecation warning.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 87c69d73bb)
To actually use ccache cache on kernel test from pr, the kernel workflow
has to be run first from a push action.
This will permit as a side effect to test merged commits and catch commit
that may cause regression in kernel compilation even outside the github
system.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 23e946d1ad)
Grant pull-requests write permission to the labeler workflow and
read-only to everything else.
Signed-off-by: Alex Low <aleksandrosansan@gmail.com>
[ wrap to 80 columns and fix wrong author as requested by author itself ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 7152599407)
This reverts commit 008e9a335d.
We now have the full CI backported to openwrt-22.03. We need to revert
this subset and apply the full backport commit.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Use ccache to speedup kernel compilation.
Ccache dir is cached across each build test. To refresh ccache directory
we generate an hash of the kernel include files, that includes the
kernel versions of every kernel supported and the kernel compile
includes.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 137ba15e6e)
Enable ccache support for tools container, useful to speedup other
workflow even more.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 2781e3839e)
Use tools:latest container with prebuilt host tools to speedup kernel
compilation in kernel workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5d09118f8e)
Currently each Kernel compilation takes about 30 minutes of which 20
minutes are used to compile our tools. While the toolchain is downloaded
and instantly ready the tools are missing.
This commit starts uploading a Docker container including compiled tools
which are ready to use. It is automatically updated whenever any tools
are changed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 25b65f548d)
Instead of using a fresh Linux installation which is setup every time
use the Buildbot container which is used for our own Buildbot
infrastructure, too.
While at it also tidy up the workflow to make it more consistent with
other workflow.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3b23227d43)
Instead of waiting for complete workflow finish, then downloading the
artifacts, unpacking them and inspecting them, lets try to make the
build failure immediately visible in the log output:
====== Make errors from logs/target/linux/compile.txt ======
* Legacy (non-UHI/non-FIT) Boards
*
Support MIPS SEAD-3 boards (LEGACY_BOARD_SEAD3) [N/y/?] (NEW)
Error in reading or end of file.
make[6]: *** [scripts/kconfig/Makefile:77: syncconfig] Error 1
make[5]: *** [Makefile:616: syncconfig] Error 2
make[4]: *** [Makefile:736: include/config/auto.conf.cmd] Error 2
make[3]: *** [Makefile:24: build_dir/target-mipsel-openwrt-linux-musl_musl/linux-ramips_mt7620/linux-5.15.62/.modules] Error 2
make[2]: *** [Makefile:11: compile] Error 2
time: target/linux/compile#30.09#11.30#37.92
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f4ca4187cd)
Actually package kmods in kernel workflow to catch dependency error and
other problem that may arise from kmods packaging.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0c45db5560)
Cache external toolchain for each target to remove load from openwrt cdn
server and make the external toolchain setup quicker.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f522c27385)
Activate building all kernel modules.
This builds all kernel modules from the core packages and the feeds.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit fed325f463)
Instead of cloning the feeds from the default location at
git.openwrt.org use the github action to clone them directly from
github. We saw some error messages when cloning from git.openwrt.org,
probably related to some rate limiting applied. Cloning from github
within a github action should work more stable.
The "./scripts/feeds update -a" script will use the already checked out
feed repositories and not clone them again from git.openwrt.org, but it
will also not change the branch name.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b120e78917)
Show the configuration used to build OpenWrt before starting the build.
This should make it easier for people to reproduce problems when it
fails.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 43afaf6149)
Use downloads.cdn.openwrt.org to download the toolchain. This should
reduce the load on the servers.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7b4daf0076)
Run github actions insider buildbot docker container.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[ run container under buildbot user ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 8a77adb048)
Add Github Actions yaml script to build test kernel PR changes for
each target.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[ add commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit c17c931a90)
* Always store build logs
* Store .config as an artifact
* Rename job to `tools-{ os }` for log archive without spaces
* Run CI job on changes to the CI file itself
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 80f79beb95)
Package with whitespace in their build directory are not correctly
removed when CONFIG_AUTOREMOVE is enabled. This is caused by xargs that
use whitespace as delimiters. To handle this use \0 as the delimiter and
set find to use \0 as the delimiter.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit dccee21792)
Add a simple script to make it easier to install a prebuilt tools tar.
Currently it will be used by our tools container and kernel workflow on
github.
Simple script that take a tar that contains prebuilt host tools, extract
them and refresh the timestamps to skip recompilation of such host
tools.
By default it refresh timestamps of build_dir/host and
staging_dir/host/stamp.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5428bdc2df)
While experimenting with the AUTOREMOVE option in search of a way to use
prebuilt host tools in different buildroot, it was discovered that the
md5 generated by find_md5 in depends.mk is not reproducible.
Currently the hash is generated by the path of the file in addition to
the file mod time. Out of confusion, probably, there was an idea that
such command was used on the package build_dir. Reality is that this
command is run on the package files. (Makefile, patches, src)
This is problematic because the package Makefile (for example) change at
each git clone and base the hash on the Makefile mtime doesn't really
reflect if the Makefile actually changes across a buildroot or not.
A better approach is to generate an hash of each file and then generate
an hash on the sort hash list. This way we remove the problem of git
clone setting a wrong mtime while keeping the integrity of checking if a
file changed for the package as any change will result in a different
hash.
Introduce a new kind of find_md5 function, find_md5_reproducible that
apply this new logic and limit it only with AUTOREMOVE option set to
prevent any kind of slowdown due to additional hash generation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 53a08e3743)
Expand currently unused flash space to roofs for DIR-825-B1 by using the same
flash space as the old ar71xx big image without moving the caldata.
With some testing this partition is use by the OEM firmware
but if changed is regenerated which allows reverting to OEM firmware
Signed-off-by: Alan Luck <luckyhome2008@gmail.com>
(cherry picked from commit aca8bb5cc3)
It allows prepopulating /etc/config/network interface-s with predefined
metric. It may be useful for devices with multiple WAN ports.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7f443d2d9a)
The most affecting change is move of files from bcm4908/ to the bcmbca/.
That required updating few paths.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 45ac906c64)
1. Include Linux DTB
2. Add 50991 variant (seems to differ by 1 PHY we don't support yet)
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b8f8c6f2dd)
The label used for stable branch is in the form of
release/[0-9][0-9].[0-9][0-9]
Currently we apply the name of the target branch as the label, fix this
and correctly use the current label.
(cherry picked from commit af8bc8e51b)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add support to tag pr targeting stable branch matching the simple regex
of openwrt-[0-9][0-9].[0-9][0-9]. The tag that will be added will match
the pr target branch.
(cherry picked from commit b67d284e93)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit e7497d1083.
The solution is problematic since the action always take the
configuration from the master branch. Revert as suppressed by a better
solution.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
For some reason LS1012A and LS1046A devboards don't work well with
Spansion SPI NOR flash. It cause read and write errors like:
[ 27.285887] jffs2: Newly-erased block contained word 0xc20031985 at offset 0x025ae000
[ 27.468922] jffs2: Newly-erased block contained word 0x0 at offset 0x02573000
[ 27.502615] jffs2: Newly-erased block contained word 0xe723f41e5823f110 at offset 0x02572000
[ 27.541550] jffs2: Newly-erased block contained word 0x1a7d266ee6 at offset 0x02571000
[ 27.577195] jffs2: Newly-erased block contained word 0x5d000bae8d52fec6 at offset 0x02570000
[ 27.611800] jffs2: Newly-erased block contained word 0x63515aee63515a4b at offset 0x0256f000
[ 27.651749] jffs2: Newly-erased block contained word 0xc20031985 at offset 0x0256e000
[ 27.825593] jffs2: Newly-erased block contained word 0xc20031985 at offset 0x0252e000
NXP have found workarround and applied in their vendor kernel version.
They force 1x tx and 1x rx lines in qspi. That method fix issues.
This patch ports patches from NXP LSDK tree.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit 2e4fe289ce)
It's not just required for the PCI version, but for USB and presumably
SDIO as well.
Tested with 0e8d:7961 Comfast CF-953AX (MT7921AU).
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 6f729163b1)
Target major version of labeler to include minor fixes and use always
the latest major version with included fixes.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5fb7232bc0)
Grant pull-requests write permission to the labeler workflow and
read-only to everything else.
Signed-off-by: Alex Low <aleksandrosansan@gmail.com>
[ wrap to 80 columns and fix wrong author as requested by author itself ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 7152599407)
This adds GitHub CI action which makes use of 'Labeler', allowing
automatic labeling of new PRs, based on the modified files paths.
Below labels are supported and more can be added later:
- 'target/*'
- 'target/imagebuilder'
- 'kernel'
- 'core packages'
- 'build/scripts/tools'
- 'toolchain'
- 'GitHub/CI'
For more information:
https://github.com/marketplace/actions/labeler
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 4f42566d47)
Adjust them according to OEM firmware.
Fixes: e24635710c (" ipq40xx: add support for Luma Home WRTQ-329ACN")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Return to using the OpenWrt kernel loader to decompress and load kernel
initram image.
Continue to use the vmlinuz kernel for squashfs.
Mikrotik's bootloader RouterBOOT on some ath79 devices is
failing to boot the current initram, due to the size of the initram image.
On the ath79 wAP-ac:
a 5.7MiB initram image would fail to boot
After this change:
a 6.6MiB initram image successfully loads
This partially reverts commit e91344776b.
An alternative of using RouterBOOT's capability of loading an initrd ELF
section was investigated, but the OpenWrt kernel loader allows larger image.
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
(cherry picked from commit 62b72eafe4)
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Fixes: #9954
The driver supports the temperature and humidity sensors chips SHT3x and
STS3x by Sensirion.
Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
(cherry picked from commit cec9cbef44)
Passing all arguments to /etc/init.d/$service restores the
behaviour of openwrt 21.02. This is relevant for services
such as etherwake which take more then one argument, e.g.:
"service etherwake start <list of devices to wake>"
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
(cherry picked from commit b2e83c16e1)
On TP-Link TL-WR740N/TL-WR741ND v4 LAN MAC address (eth1 in DTS) is main
device MAC address, so do not increment it. WAN MAC is LAN MAC + 1.
Signed-off-by: Will Moss <willormos@gmail.com>
(cherry picked from commit 288b0004bf)
When compiling OpenWRT on a compressed btrfs volume the build fails in
libtool.
The file `libltdl/config/ltmain.m4sh` from `libtool-2.4.2.tar.xz` is
missing write permissions, therefore patch falls back to copying the
file and patching that. During this patch tries to preserve all file
attribute on the new copy.
However the attribute `btrfs.compression` is privileged and btrfs return
EACCES.
While patch ignores multiple other error codes during the copy of xattr
copy it is not prepared for EACCES and aborts.
EACCES should be ignored the same way as the other errors.
Build log:
```
...
Applying ./patches/000-relocatable.patch using plaintext:
patching file libltdl/config/general.m4sh
patching file libtoolize.in
patching file libtoolize.m4sh
patching file libltdl/m4/libtool.m4
Applying ./patches/100-libdir-fixes.patch using plaintext:
patching file libltdl/config/ltmain.m4sh
File libltdl/config/ltmain.sh is read-only; trying to patch anyway
patching file libltdl/config/ltmain.sh
patch: setting attribute btrfs.compression for btrfs.compression: Permission denied
Patch failed! Please fix ./patches/100-libdir-fixes.patch!
```
Link: https://lists.gnu.org/archive/html/bug-patch/2022-11/msg00000.html
Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
(cherry picked from commit 0d375de10d)
- Bring back factory.bin image which was missing after porting device to ath79 target
- Use default sysupgrade.bin image recipe
- Adjust max image size according to new firmware partition size after
"ath79: expand rootfs for DIR-825-B1 with unused space (aca8bb5)" changes
- Remove support of upgrading from version 19.07, because partition size changes mentioned above
Signed-off-by: Will Moss <willormos@gmail.com>
(cherry picked from commit a58146d452)
Add kernel package 'mt7916-firmware' with firmware files for MT7916E devices.
These share the same driver as the MT7915 chipset, but use their own firmware.
Tested using a pair of AsiaRF AW7916-NPD cards.
Signed-off-by: Andrew Powers-Holmes <aholmes@omnom.net>
(cherry picked from commit 94d0cb9d2e)
The downstream OpenWrt driver for the BCM53128 switch ceased to work,
rendering the 8 LAN ports of the device unusable. This commit disables
image building while the problem is being solved.
See issue #10374 for more details.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(cherry picked from commit 5a1d7d8c1b)
Add 6.1 tag to upstream patch now that 6.1 got tagged. This permits to
track patch in a better way and directly drop them on kernel bump.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
(cherry picked from commit 802ca492d8)
This patch is needed to handle interrupts by the second VPE on the Lantiq
ARX100, xRX200, xRX300 and xRX330 SoCs. Switching some ICU interrupts to
the second VPE results in a hang. Currently, the vsmp_init_secondary()
function is responsible for enabling these interrupts. It only enables
Malta-specific interrupts (SW0, SW1, HW4 and HW5).
The MIPS core has 8 interrupts defined. On Lantiq SoCs, hardware
interrupts are wired to an ICU instance. Each VPE has an independent
instance of the ICU. The mapping of the ICU interrupts is shown below:
SW0(IP0) - IPI call,
SW1(IP1) - IPI resched,
HW0(IP2) - ICU 0-31,
HW1(IP3) - ICU 32-63,
HW2(IP4) - ICU 64-95,
HW3(IP5) - ICU 96-127,
HW4(IP6) - ICU 128-159,
HW5(IP7) - timer.
This patch enables all interrupt lines on the second VPE.
This problem affects multithreaded SoCs with a custom interrupt controller.
SOCs with 1004Kc core and newer use the MIPS GIC. At this point, I am aware
that the Realtek RTL839x and RTL930x SoCs may need a similar fix. In the
future, this may be replaced with some generic solution.
Tested on Lantiq xRX200.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
(cherry picked from commit fbd33d6164)
This series contains bug fixes that may occur under
memory pressure.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
(cherry picked from commit 9423fc424c)
Manually rebased: ath79/patches-5.10/910-unaligned_access_hacks.patch
All other patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit acb10faa35)
Some copper SFP modules come with Marvell's 88E1xxx PHY and need this
module to function. Package it, so users can easily install this PHY
driver and use e.g. FINISAR CORP. FCLF-8521-3-HC SFP.
Without marvell PHY driver:
sfp sfp2: module FINISAR CORP. FCLF-8521-3-HC rev A sn XXXXXXX dc XXXXXX
mt7530 mdio-bus:1f sfp2: validation with support 0000000,00000000,00000000 failed: -22
sfp sfp2: sfp_add_phy failed: -22
With marvell PHY driver:
sfp sfp2: module FINISAR CORP. FCLF-8521-3-HC rev A sn XXXXXXX dc XXXXXX
mt7530 mdio-bus:1f sfp2: switched to inband/sgmii link mode
mt7530 mdio-bus:1f sfp2: PHY [i2c:sfp2:16] driver [Marvell 88E1111] (irq=POLL)
mt7530 mdio-bus:1f sfp2: Link is Up - 1Gbps/Full - flow control rx/tx
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ebe2b7190b)
Enabling both CONFIG_MMC_BCM2835 and CONFIG_MMC_BCM2835_SDHOST causes this
error in dmesg:
Error: Driver 'sdhost-bcm2835' is already registered, aborting...
Disabling CONFIG_MMC_BCM2835 and leaving CONFIG_MMC_BCM2835_SDHOST enabled
avoids this error.
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
[Disable driver for all subtargets, refresh configs, tweak description]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 3f7cc9d014)
OpenWrt's support for splitting rootfs (to create an extra "rootfs_data"
partition) is limited to partitions called "rootfs". Upstream kernel
allows any name partition to be rootfs if it has "linux,rootfs" property
set. Add split support to such partitions in OpenWrt code.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e4770db163)
This helps choosing the right NTFS driver from two available options.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b066ad7d9a)
This DT property allows marking flash partition that Linux should use as
a root device. It's useful for devices that don't use U-Boot and cmdline
parser for partitioning. It may be used with "fixed-partitions" or some
dynamic partitioning based on flash content.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d33e49857e)
This is some hack on top of our old hack. Use separated patch for it so
it's easier to understand and actually possible to describe. We should
ideally get rid of this (and we actually did with kernels 5.15+).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 6a64eb2664)
Add UIMAGE_NAME and UIMAGE_MAGIC to allow users to directly install
initramfs-kernel.bin from the stock firmware Web UI. At the same time,
this change makes it possible to boot OpenWrt with the official u-boot.
Notice:
Since the stock firmware is based on OpenWrt and the configuration
will be retained by default during the upgrade process, so we must use
initramfs-kernel.bin to do a initial installation. After the system
restarts, install sysupgrade.bin and do not retain any configuration.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit eba0a8deb6)
The SPI max frequency was set to 80MHz, considerably higher than the
vendor clocks it in their firmware (10MHz). Multiple users reported
jffs2 corruption/instability in GitHub issue #10461.
My unit has a W25Q256; datasheet specifies maximum SPI frequency for
read command of 50MHz.
Thanks to @DragonBlueP for suggesting to eliminate m25p,fast-read;
and @MPannen1979 for identifying the problem.
Fixes: #10461
Signed-off-by: Michael Lyle <mlyle@lyle.org>
(cherry picked from commit 961e01fc67)
Fix the LZMA ERROR 1 with a single line of recipe instead of duplicating
"uimage-lzma-loader".
While reviewing my original submission of commit ce19571004 David
suggested to use $(Device/uimage-lzma-loader), but due to the specific
needs of the vendor bootloader that simple oneliner didn't work.
The new $(Device/seama-lzma-loader) is for those SEAMA capable
bootloaders.
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit 18801f2648)
In the support topic [0] of the GitHub issue #10634 it was found out
(based on boot logs) that the uimage-lzma-loader (commit 09faa73c53)
never worked, as an earlier workaround (commit 6fba88de19) negated
the recipe:
3: System Boot system code via Flash.
## Booting image at bc050000 ...
raspi_read: from:50000 len:40
.raspi_read: from:50000 len:c
.raspi_read: from:50000 len:1fa000
................................We have SEAMA, Image Size = 2072512
Verifying Checksum ...
Uncompressing SEAMA linux.lzma ... OK
## Transferring control to Linux (at address 80000000) ...
## Giving linux memsize in MB, 64
Starting kernel ...
[ 0.000000] Linux version 5.4.188 (builder@buildhost) (gcc version 8.4.0 (OpenWrt GCC 8.4.0 r16554-1d4dea6d4f)) #0 Sat Apr 16 12:59:34 2022
[ 0.000000] SoC Type: Ralink RT3883 ver:1 eco:5
[ 0.000000] printk: bootconsolde [early0] enabled
[ 0.000000] CPU0 revision is: 0001974c (MIPS 74Kc)
[ 0.000000] MIPS: machine is D-Link DIR-645
[ 0.000000] Initrd not found or empty - disabling initrd
Using the new seama-lzma-loader it's able to boot OpenWrt 22.03
and OpenWrt SNAPSHOT too:
3: System Boot system code via Flash.
## Booting image at bc050000 ...
raspi_read: from:50000 len:40
.raspi_read: from:50000 len:c
.raspi_read: from:50000 len:48b004
.........................................................................We have SEAMA, Image Size = 4763588
Verifying Checksum ...
Uncompressing SEAMA linux.lzma ... OK
## Transferring control to Linux (at address 80000000) ...
## Giving linux memsize in MB, 64
Starting kernel ...
OpenWrt kernel loader for MIPS based SoC
Copyright (C) 2011 Gabor Juhos <juhosg@openwrt.org>
Decompressing kernel... done!
Starting kernel at 80000000...
[ 0.000000] Linux version 5.10.144 (xabolcs@ut2004) (mipsel-openwrt-linux-musl-gcc (OpenWrt GCC 11.3.0 r20774+2-b71affaf8b) 11.3.0, GNU ld (GNU Binutils) 2.37) #0 Tue Sep 27 23:02:30 2022
[ 0.000000] SoC Type: Ralink RT3883 ver:1 eco:5
[ 0.000000] printk: bootconsole [early0] enabled
[ 0.000000] CPU0 revision is: 0001974c (MIPS 74Kc)
[ 0.000000] MIPS: machine is D-Link DIR-645
[ 0.000000] Initrd not found or empty - disabling initrd
[ 0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
[ 0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[ 0.000000] Zone ranges:
[ 0.000000] Normal [mem 0x0000000000000000-0x0000000003ffffff]
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x0000000000000000-0x0000000003ffffff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x0000000003ffffff]
[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 16256
[ 0.000000] Kernel command line: console=ttyS0,57600 rootfstype=squashfs,jffs2
The OKLI Loader is unable to read the flash on this SoC:
Looking for OpenWrt image... not found! ('0xddbaddba' at 0xbc051000)
0: https://forum.openwrt.org/t/136435
Fixes: GitHub issue #10634 ("V22.03.0 release currently does not work on D-Link DIR-645")
Fixes: 09faa73c53 ("ramips: rt3883: use lzma-loader for DIR-645")
Tested-by: Glenn Fowler <gfowler1@outlook.com>
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit c293b492df)
Define "Device/seama-lzma-loader" recipe for SEAMA devices to help
contributors avoid doing recipe mistakes.
In a forum topic [0] I was under the impression that the good old
uimage-lzma-loader didn't fix the LZMA ERROR 1 for a device.
It was found out, that the uimage-lzma-loader never worked because the
KERNEL variable was overriden earlier (also an LZMA ERROR 1 related
commit, 6fba88de19), and the "use lzma-loader" fix (commit
09faa73c53) didn't catch that to include the "loader-kernel" part.
I contributed an LZMA ERROR 1 fix (commit ce19571004) for the SEAMA
device D-Link DIR-860L B1, where I had to duplicate the whole
uimage-lzma-loader recipe because of the special needs of the vendor
bootloader.
This new recipe reuse most of uimage-lzma-loader's KERNEL definiton to
avoid duplication.
It uses "relocate-kernel" as it needed for D-Link DIR-860L B1 to
boot from flash, and it's compatible with D-Link DIR-645 too.
It repacks lzma-loader with lzma for kernel (without uImage), because
these weird hacked vendor bootloaders accepts only LZMA compressed
kernels from flash:
We have SEAMA, Image Size = 4759794
Verifying Checksum ...
Uncompressing SEAMA linux.lzma ... OK
It uses uImage header for initramfs kernel to be little bit verbose.
0: https://forum.openwrt.org/t/136435/10
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit e7ad68d682)
On TP-Link ar7241 devices LAN and WAN interfaces are swapped. Keeping
that in mind fix MAC address assignment as used in vendor firmware:
LAN MAC - main MAC stored in u-boot and printed on label
WAN MAC - LAN MAC + 1
Signed-off-by: Will Moss <willormos@gmail.com>
(cherry picked from commit 5a1af6ed62)
Add support for the Linksys EA4500 v3 wireless router
Hardware
--------
SoC: Qualcomm Atheros QCA9558
RAM: 128M DDR2 (Winbond W971GG6KB-25)
FLASH: 128M SPI-NAND (Spansion S34ML01G100TFI00)
WLAN: QCA9558 3T3R 802.11 bgn
QCA9580 3T3R 802.11 an
ETH: Qualcomm Atheros QCA8337
UART: 115200 8n1, same as ea4500 v2
USB: 1 single USB 2.0 host port
BUTTON: Reset - WPS
LED: 1x system-LED
LEDs besides the ethernet ports are controlled
by the ethernet switch
MAC Address:
use address(sample 1) source
label 94:10:3e:xx:xx:6f caldata@cal_macaddr
lan 94:10:3e:xx:xx:6f $label
wan 94:10:3e:xx:xx:6f $label
WiFi4_2G 94:10:3e:xx:xx:70 caldata@cal_ath9k_soc
WiFi4_5G 94:10:3e:xx:xx:71 caldata@cal_ath9k_pci
Installation from Serial Console
------------
1. Connect to the serial console. Power up the device and interrupt
autoboot when prompted
2. Connect a TFTP server reachable at 192.168.1.0/24
(e.g. 192.168.1.66) to the ethernet port. Serve the OpenWrt
initramfs image as "openwrt.bin"
3. To test OpenWrt only, go to step 4 and never execute step 5;
To install, auto_recovery should be disabled first, and boot_part
should be set to 1 if its current value is not.
ath> setenv auto_recovery no
ath> setenv boot_part 1
ath> saveenv
4. Boot the initramfs image using U-Boot
ath> setenv serverip 192.168.1.66
ath> tftpboot 0x84000000 openwrt.bin
ath> bootm
5. Copy the OpenWrt sysupgrade image to the device using scp and
install it like a normal upgrade (with no need to keeping config
since no config from "previous OpenWRT installation" could be kept
at all)
# sysupgrade -n /path/to/openwrt/sysupgrade.bin
Note: Like many other routers produced by Linksys, it has a dual
firmware flash layout, but because I do not know how to handle
it, I decide to disable it for more usable space. (That is why
the "auto_recovery" above should be disabled before installing
OpenWRT.) If someone is interested in generating factory
firmware image capable to flash from stock firmware, as well as
restoring the dual firmware layout, commented-out layout for the
original secondary partitions left in the device tree may be a
useful hint.
Installation from Web Interface
------------
1. Login to the router via its web interface (default password: admin)
2. Find the firmware update interface under "Connectivity/Basic"
3. Choose the OpenWrt factory image and click "Start"
4. If the router still boots into the stock firmware, it means that
the OpenWrt factory image has been installed to the secondary
partitions and failed to boot (since OpenWrt on EA4500 v3 does not
support dual boot yet), and the router switched back to the stock
firmware on the primary partitions. You have to install a stock
firmware (e.g. 3.1.6.172023, downloadable from
https://www.linksys.com/support-article?articleNum=148385 ) first
(to the secondary partitions) , and after that, install OpenWrt
factory image (to the primary partitions). After successful
installation of OpenWrt, auto_recovery will be automatically
disabled and router will only boot from the primary partitions.
Signed-off-by: Edward Chow <equu@openmail.cc>
(cherry picked from commit 50f727b773)
Add support for the TrendNet TEW-673GRU to ath79.
This device was supported in 19.07.9 but was deprecated with ar71xx.
This is mostly a copy of D-Link DIR-825 B1.
Updates have been completed to enable factory.bin and sysupgrade.bin both.
Code improvements to DTS file and makefile.
Architecture | MIPS
Vendor | Qualcomm Atheros
bootloader | U-Boot
System-On-Chip | AR7161 rev 2 (MIPS 24Kc V7.4)
CPU/Speed | 24Kc V7.4 680 MHz
Flash-Chip | Macronix MX25L6405D
Flash size | 8192 KiB
RAM Chip: | ProMOS V58C2256164SCI5 × 2
RAM size | 64 MiB
Wireless | 2 x Atheros AR922X 2.4GHz/5.0GHz 802.11abgn
Ethernet | RealTek RTL8366S Gigabit w/ port based vlan support
USB | Yes 2 x 2.0
Initial Flashing Process:
1) Download 22.03 tew-673gru factory bin
2) Flash 22.03 using TrendNet GUI
OpenWRT Upgrade Process
3) Download 22.03 tew-673gru sysupgrade.bin
4) Flash 22.03 using OpenWRT GUI
Signed-off-by: Korey Caro <korey.caro@gmail.com>
(cherry picked from commit 12cee86989)
fix reading the per-packet rate on devices with firmware rate control
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 161b22d103)
dtim_period is a bss property, not a device one.
It is already handled properly in mac80211.sh
Fixes: 30c64825c7 ("hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_required")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit ddf736e543)
This backports a commit which fixes LEDs vor the RE200 like this:
Set power LED to gpio 43 instead of 44 for v3 and v4.
Set red wifi LED to gpio 40 (was assigned to `red:wifi5g`).
Tested by the author of the initial v3 and v4 commit.
Tested-by: Richard Fröhning <misanthropos@gmx.de>
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
(cherry picked from commit 02aa7a2bb9)
Needed when building with libdw and CONFIG_BUILD_NLS, mostly for the
rpath-link.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 4dc198a74e)
Improvements
- Added an interface of raising des Strausses awareness.
- Added --tips option to print strace tips, tricks, and tweaks at the end of the tracing session.
- Enhanced decoding of bpf and io_uring_register syscalls.
- Implemented decoding of COUNTER_*, RTC_PARAM_GET, and RTC_PARAM_SET ioctl commands.
- Updated lists of BPF_*, BR_*, BTRFS_*, IFA_*, IFLA_*, IORING_*, KEY_*, KVM_*, MADV_*, and UFFD_* constants.
- Updated lists of ioctl commands from Linux 5.18.
Bug fixes
- Fixed printing of the updated value of union bpf_attr.next_id on the exiting of bpf(BPF_*_GET_NEXT_ID) calls.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 6d423ffbd1)
Improvements
- Added 64-bit LoongArch architecture support.
- Extended personality designation syntax of syscall specification expressions to support all@pers and %class@pers.
- Enhanced rejection of invalid syscall numbers in syscall specification expressions.
- Implemented decoding of set_mempolicy_home_node syscall, introduced in Linux 5.17.
- Implemented decoding of IFLA_GRO_MAX_SIZE and TCA_ACT_IN_HW_COUNT netlink attributes.
- Implemented decoding of PR_SET_VMA operation of prctl syscall.
- Implemented decoding of siginfo_t.si_pkey field.
- Implemented decoding of LIRC ioctl commands.
- Updated lists of FAN_*, IORING_*, IOSQE_*, KEY_*, KVM_*, MODULE_INIT_*, TCA_ACT_*, and *_MAGIC constants.
- Updated lists of ioctl commands from Linux 5.17.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 36f3238dcb)
add Flow Queuing with Proportional Integral controller Enhanced (FQ-PIE) as an
optional kmod in network support and extract sched-pie from kmod-sched to
allow dependency on just kmod-sched-pie (PIE).
Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
(cherry picked from commit c3e4a0d99b)
There is only one module in kmod-sched that depends on iptables. Move it
to its own kmod package so we can drop the kmod-ipt-core dependency from
kmod-sched. This makes it possible to disable all kmod-ipt-* packages
without having to disable kmod-sched. Since we now default to firewall4
and nftables, we should avoid iptables dependencies where we can.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 05775e38a5)
This extracts kmod-sched-act-police to allow using it without adding all
the packages from the big kmod-sched package.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 0582acf429)
This adds the act_sample.ko and psample.ko kernel module which allows
traffic sampling.
Signed-off-by: Thomas Langer <tlanger@maxlinear.com>
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit aba1bdaed8)
Extract the kmod-sched-prio and kmod-sched-red kernel modules from the
big kmod-sched package. This allows adding the two kernel modules to
OpenWrt without adding the kmod-sched and all its depdnecy.
Signed-off-by: Thomas Langer <tlanger@maxlinear.com>
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 0e3911b608)
This puts the kmod-sched packages into an alphabetical order.
I kept the kmod-sched-core at the top as this is the main package.
No changes other than reordering were done.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit c94ba95e6c)
With initial support, the mapping of LAN1/WAN and LAN2 ports was
swapped. Fix it to match labels on the device, keeping the "WAN"
personality of the first port - in line with current state of DSA setup
in master for this device.
Tested-by: Marcin Gajda <mgajda@o2.pl>
Tested-by: Christian Heuff <christian@heuff.at>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
It's a 4G Cat.20 router used by Vodafone Italy (called Vodafone FWA)
and Vodafone DE\T-Mobile PL (called GigaCube).
Modem is a MiniPCIe-to-USB based on Snapdragon X24,
it supports 4CA aggregation.
There are currently two hardware revisions, which
differ on the 5Ghz radio:
AT1 = QCA9984 5Ghz Radio on PCI-E bus
AT2 = IPQ4019 5Ghz Radio inside IPQ4019 like 2.4Ghz
Device specification
--------------------
SoC Type: Qualcomm IPQ4019
RAM: 256 MiB
Flash: 128 MiB SPI NAND (Winbond W25N01GV)
ROM: 2MiB SPI Flash (GD25Q16)
Wireless 2.4 GHz (IP4019): b/g/n, 2x2
Wireless 5 GHz:
(QCA9984): a/n/ac, 4x4 HW REV AT1
(IPA4019): a/n/ac, 2x2 HW REV AT2
Ethernet: 2xGbE (WAN/LAN1, LAN2)
USB ports: No
Button: 2 (Reset/WPS)
LEDs: 3 external leds: Network (white or red), Wifi, Power and 1 internal (blue)
Power: 12 VDC, 1 A
Connector type: Barrel
Bootloader: U-Boot
Installation
------------
1. Place OpenWrt initramfs image for the device on a TFTP
in the server's root. This example uses Server IP: 192.168.0.2
2. Connect serial console (115200,8n1) to serial connector
GND (which is right next to the thing with MF289F MIMO-V1.0), RX, TX
(refer to this image: https://ibb.co/31Gngpr).
3. Connect TFTP server to RJ-45 port (WAN/LAN1).
4. Stop in u-Boot (using ESC button) and run u-Boot commands:
setenv serverip 192.168.0.2
setenv ipaddr 192.168.0.1
set fdt_high 0x85000000
tftp openwrt-ipq40xx-generic-zte_mf289f-initramfs-fit-zImage.itb
bootm $loadaddr
5. Please make backup of original partitions, if you think about revert to
stock, specially mtd16 (Web UI) and mtd17 (rootFS).
Use /tmp as temporary storage and do:
WEB PARITION
--------------------------------------
cat /dev/mtd16 > /tmp/mtd16.bin
scp /tmp/mtd16.bin root@YOURSERVERIP:/
rm /tmp/mtd16.bin
ROOT PARITION
--------------------------------------
cat /dev/mtd17 > /tmp/mtd17.bin
scp /tmp/mtd17.bin root@YOURSERVERIP:/
rm /tmp/mtd17.bin
6. Login via ssh or serial and remove stock partitions
(default IP 192.168.0.1):
# this can return an error, if ubi was attached before
# or rootfs part was erased before.
ubiattach -m 17
# it could return error if rootfs part was erased before
ubirmvol /dev/ubi0 -N ubi_rootfs
# some devices doesn't have it
ubirmvol /dev/ubi0 -N ubi_rootfs_data
7. download and install image via sysupgrade -n
(either use wget/scp to copy the mf289f's squashfs-sysupgrade.bin
to the device's /tmp directory)
sysupgrade -n /tmp/openwrt-...-zte_mf289f-squashfs-sysupgrade.bin
Sometimes it could print ubi attach error, but please ignore it
if process goes forward.
Flash Layout
NAND:
mtd8: 000a0000 00020000 "fota-flag"
mtd9: 00080000 00020000 "0:ART"
mtd10: 00080000 00020000 "mac"
mtd11: 000c0000 00020000 "reserved2"
mtd12: 00400000 00020000 "cfg-param"
mtd13: 00400000 00020000 "log"
mtd14: 000a0000 00020000 "oops"
mtd15: 00500000 00020000 "reserved3"
mtd16: 00800000 00020000 "web"
mtd17: 01d00000 00020000 "rootfs"
mtd18: 01900000 00020000 "data"
mtd19: 03200000 00020000 "fota"
mtd20: 0041e000 0001f000 "kernel"
mtd21: 0101b000 0001f000 "ubi_rootfs"
SPI:
mtd0: 00040000 00010000 "0:SBL1"
mtd1: 00020000 00010000 "0:MIBIB"
mtd2: 00060000 00010000 "0:QSEE"
mtd3: 00010000 00010000 "0:CDT"
mtd4: 00010000 00010000 "0:DDRPARAMS"
mtd5: 00010000 00010000 "0:APPSBLENV"
mtd6: 000c0000 00010000 "0:APPSBL"
mtd7: 00050000 00010000 "0:reserved1"
Back to Stock (!!! need original dump taken from initramfs !!!)
-------------
1. Place mtd16.bin and mtd17.bin initramfs image
for the device on a TFTP in the server's root.
This example uses Server IP: 192.168.0.2
2. Connect serial console (115200,8n1) to serial console
connector (refer to the pin-out from above).
3. Connect TFTP server to RJ-45 port (WAN/LAN1).
4. rename mtd16.bin to web.img and mtd17.bin to root_uImage_s
5. Stop in u-Boot (using ESC button) and run u-Boot commands:
This will erase RootFS+Web:
nand erase 0x1000000 0x800000
nand erase 0x1800000 0x1D00000
This will restore RootFS:
tftpboot 0x84000000 ${dir}root_uImage_s
nand erase 0x1800000 0x1D00000
nand write $fileaddr 0x1800000 $filesize
This will restore Web Interface:
tftpboot 0x84000000 ${dir}web.img
nand erase 0x1000000 0x800000
nand write $fileaddr 0x1000000 $filesize
After first boot on stock firwmare, do a factory reset.
Push reset button for 5 seconds so all parameters will
be reverted to the one printed on label on bottom of the router
Signed-off-by: Giammarco Marzano <stich86@gmail.com>
Reviewed-by: Lech Perczak <lech.perczak@gmail.com>
(Warning: commit message did not conform to UTF-8 - hopefully fixed?,
added description of the pin-out if image goes down, reformatted
commit message to be hopefully somewhat readable on git-web,
redid some of the gpio-buttons & leds DT nodes, etc.)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 0de6a3339f)
[Backported to 22.03: added DTS to the makefile patch, fixed ipq-wifi
inclusion for MF286D]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
The sector number must be stored in hex. Otherwise, the number (like 16)
will be parsed as hex and any write to the partition will end up with an
error like:
MTD erase error on /dev/mtd5: Invalid argument
Fixes: 9adfeccd84 ("uboot-envtools: Add support for IPQ806x AP148 and DB149")
Fixes: 54b275c8ed ("ipq40xx: add target")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@fungible.com>
(cherry picked from commit 8d3e932b65)
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit a0814f04ed)
In a254279a6c LS1012A-IOT kernel image was switched to FIT.
But u-boot config is lack of FIT and ext4 support.
This patch enables it.
It also fix envs, because for some reason this board need to use "loadaddr"
variable in brackets.
Fixes: #9894
Fixes: a254279a6c ("layerscape: Change to combined rootfs on sd images")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit d75ed3726d)
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.
CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 002a99eccd)
This backports a commit which fixes a use after free bug in awk.
CVE-2022-30065 description:
A use-after-free in Busybox 1.35-x's awk applet leads to denial of
service and possibly code execution when processing a crafted awk
pattern in the copyvar function.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8b383ee2a0)
This update contains only a security fix for an issue in chsh and chfn,
but OpenWrt is not packaging these applications so OpenWrt is not
affected. In OpenWrt master this was already fixed by the update to
util-linux 2.38.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Manually rebased:
bcm53xx/patches-5.10/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
All patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
[Move gro_skip in 680-NET-skip-GRO-for-foreign-MAC-addresses.patch to old position]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit aa2fa2eb76)
Recent backport patch b5cb5f352d had missed changing the macaddr_factory address location.
This patch corrects the address location.
Fixes: b5cb5f352d ("ramips: fix WAN mac address allocation for Unielec 01 and 06 models")
Signed-off-by: David Bentham <db260179@gmail.com>
[Fix dts node name too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This should slightly improve performance thanks to the better cache
usage.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 6a02205a4d)
This gets rid of "nvmem-cells" limitation. Dynamic partitions can be
defined for any (sub)partitions layout.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4eda414b09)
This updates mac80211 to version 5.15.74-1 which is based on kernel
5.15.74.
The removed patches were applied upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 58b65525f3)
This fixes reference clock frequency of RB912. 25 MHz frequency leads
to system clock running too fast, uptime incrementing too fast and
delays (like `sleep 10`) returning too early.
Board has quartz with NSK 3KHAA Z 40 000 marking.
Signed-off-by: Pavel Kamaev <pavel@kamaev.me>
(cherry picked from commit a716ac5564)
Manufacturer has predetermined mac address values for lan and wan ports.
This change keeps inline with other mt7621 devices mac address allocation
from factory mtd partition.
Example from hexdump output:
0xe000 0x6 (lan) - 0xe006 0x6 (wan)
0000e000 70 b3 d5 10 02 96 70 b3 d5 10 02 95 ff ff ff ff
Previous change had created an overlapping mac address situation as it
would increment by one based on the lan mac address location found in the
factory partition, which would sometimes increment to the same as the
mt7603 wifi chip.
Tested on Unielec u7621-01 model
Signed-off-by: David Bentham <db260179@gmail.com>
(cherry picked from commit 67660d3667)
Fixes boot loader LZMA decompression issues.
Without this change the board end up in a boot loop.
Signed-off-by: Alex Khodin <mxktz1@gmail.com>
(cherry picked from commit f6099d7974)
On some of the hardware revisions of Asus RT-AC88U, brcmfmac detects the
4366b1 wireless chip and tries to load the firmware file which doesn't
exist because it's not included in the image.
Therefore, include firmware for 4366b1 along with 4366c0. This way, all
hardware revisions of the router will be supported by having brcmfmac use
the firmware file for the wireless chip it detects.
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit 2b9bb5b187)
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit a80e198cd3)
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3826e72b8e)
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 0671e78a65)
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit efb4324c36)
The generic imagebuilder does not have a generic in the name, although
this is the default naming scheme. Use bcm53xx as template for this fix.
Before the fix:
openwrt-imagebuilder-octeon.Linux-x86_64.tar.xz
After:
openwrt-imagebuilder-octeon-generic.Linux-x86_64.tar.xz
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit a67f484e67)
Ruckus ZoneFlex 7321 is a dual-band, single radio 802.11n 2x2 MIMO enterprise
access point. It is very similar to its bigger brother, ZoneFlex 7372.
Hardware highligts:
- CPU: Atheros AR9342 SoC at 533 MHz
- RAM: 64MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi: AR9342 built-in dual-band 2x2 MIMO radio
- Ethernet: single Gigabit Ethernet port through AR8035 gigabit PHY
- PoE: input through Gigabit port
- Standalone 12V/1A power input
- USB: optional single USB 2.0 host port on the 7321-U variant.
Serial console: 115200-8-N-1 on internal H1 header.
Pinout:
H1 ----------
|1|x3|4|5|
----------
Pin 1 is near the "H1" marking.
1 - RX
x - no pin
3 - VCC (3.3V)
4 - GND
5 - TX
JTAG: Connector H5, unpopulated, similar to MIPS eJTAG, standard,
but without the key in pin 12 and not every pin routed:
------- H5
|1 |2 |
-------
|3 |4 |
-------
|5 |6 |
-------
|7 |8 |
-------
|9 |10|
-------
|11|12|
-------
|13|14|
-------
3 - TDI
5 - TDO
7 - TMS
9 - TCK
2,4,6,8,10 - GND
14 - Vref
1,11,12,13 - Not connected
Installation:
There are two methods of installation:
- Using serial console [1] - requires some disassembly, 3.3V USB-Serial
adapter, TFTP server, and removing a single T10 screw,
but with much less manual steps, and is generally recommended, being
safer.
- Using stock firmware root shell exploit, SSH and TFTP [2]. Does not
work on some rare versions of stock firmware. A more involved, and
requires installing `mkenvimage` from u-boot-tools package if you
choose to rebuild your own environment, but can be used without
disassembly or removal from installation point, if you have the
credentials.
If for some reason, size of your sysupgrade image exceeds 13312kB,
proceed with method [1]. For official images this is not likely to
happen ever.
[1] Using serial console:
0. Connect serial console to H1 header. Ensure the serial converter
does not back-power the board, otherwise it will fail to boot.
1. Power-on the board. Then quickly connect serial converter to PC and
hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
you'll enter U-boot shell. Then skip to point 3.
Connection parameters are 115200-8-N-1.
2. Allow the board to boot. Press the reset button, so the board
reboots into U-boot again and go back to point 1.
3. Set the "bootcmd" variable to disable the dual-boot feature of the
system and ensure that uImage is loaded. This is critical step, and
needs to be done only on initial installation.
> setenv bootcmd "bootm 0x9f040000"
> saveenv
4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:
> setenv serverip 192.168.1.2
> setenv ipaddr 192.168.1.1
> tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7321-initramfs-kernel.bin
> bootm 0x81000000
5. Optional, but highly recommended: back up contents of "firmware" partition:
$ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7321_fw1_backup.bin
$ ssh root@192.168.1.1 cat /dev/mtd5 > ruckus_zf7321_fw2_backup.bin
6. Copy over sysupgrade image, and perform actual installation. OpenWrt
shall boot from flash afterwards:
$ ssh root@192.168.1.1
# sysupgrade -n openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin
[2] Using stock root shell:
0. Reset the device to factory defaullts. Power-on the device and after
it boots, hold the reset button near Ethernet connectors for 5
seconds.
1. Connect the device to the network. It will acquire address over DHCP,
so either find its address using list of DHCP leases by looking for
label MAC address, or try finding it by scanning for SSH port:
$ nmap 10.42.0.0/24 -p22
From now on, we assume your computer has address 10.42.0.1 and the device
has address 10.42.0.254.
2. Set up a TFTP server on your computer. We assume that TFTP server
root is at /srv/tftp.
3. Obtain root shell. Connect to the device over SSH. The SSHD ond the
frmware is pretty ancient and requires enabling HMAC-MD5.
$ ssh 10.42.0.254 \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyCheking=no \
-o MACs=hmac-md5
Login. User is "super", password is "sp-admin".
Now execute a hidden command:
Ruckus
It is case-sensitive. Copy and paste the following string,
including quotes. There will be no output on the console for that.
";/bin/sh;"
Hit "enter". The AP will respond with:
grrrr
OK
Now execute another hidden command:
!v54!
At "What's your chow?" prompt just hit "enter".
Congratulations, you should now be dropped to Busybox shell with root
permissions.
4. Optional, but highly recommended: backup the flash contents before
installation. At your PC ensure the device can write the firmware
over TFTP:
$ sudo touch /srv/tftp/ruckus_zf7321_firmware{1,2}.bin
$ sudo chmod 666 /srv/tftp/ruckus_zf7321_firmware{1,2}.bin
Locate partitions for primary and secondary firmware image.
NEVER blindly copy over MTD nodes, because MTD indices change
depending on the currently active firmware, and all partitions are
writable!
# grep rcks_wlan /proc/mtd
Copy over both images using TFTP, this will be useful in case you'd
like to return to stock FW in future. Make sure to backup both, as
OpenWrt uses bot firmwre partitions for storage!
# tftp -l /dev/<rcks_wlan.main_mtd> -r ruckus_zf7321_firmware1.bin -p 10.42.0.1
# tftp -l /dev/<rcks_wlan.bkup_mtd> -r ruckus_zf7321_firmware2.bin -p 10.42.0.1
When the command finishes, copy over the dump to a safe place for
storage.
$ cp /srv/tftp/ruckus_zf7321_firmware{1,2}.bin ~/
5. Ensure the system is running from the BACKUP image, i.e. from
rcks_wlan.bkup partition or "image 2". Otherwise the installation
WILL fail, and you will need to access mtd0 device to write image
which risks overwriting the bootloader, and so is not covered here
and not supported.
Switching to backup firmware can be achieved by executing a few
consecutive reboots of the device, or by updating the stock firmware. The
system will boot from the image it was not running from previously.
Stock firmware available to update was conveniently dumped in point 4 :-)
6. Prepare U-boot environment image.
Install u-boot-tools package. Alternatively, if you build your own
images, OpenWrt provides mkenvimage in host staging directory as well.
It is recommended to extract environment from the device, and modify
it, rather then relying on defaults:
$ sudo touch /srv/tftp/u-boot-env.bin
$ sudo chmod 666 /srv/tftp/u-boot-env.bin
On the device, find the MTD partition on which environment resides.
Beware, it may change depending on currently active firmware image!
# grep u-boot-env /proc/mtd
Now, copy over the partition
# tftp -l /dev/mtd<N> -r u-boot-env.bin -p 10.42.0.1
Store the stock environment in a safe place:
$ cp /srv/tftp/u-boot-env.bin ~/
Extract the values from the dump:
$ strings u-boot-env.bin | tee u-boot-env.txt
Now clean up the debris at the end of output, you should end up with
each variable defined once. After that, set the bootcmd variable like
this:
bootcmd=bootm 0x9f040000
You should end up with something like this:
bootcmd=bootm 0x9f040000
bootargs=console=ttyS0,115200 rootfstype=squashfs init=/sbin/init
baudrate=115200
ethaddr=0x00:0xaa:0xbb:0xcc:0xdd:0xee
mtdparts=mtdparts=ar7100-nor0:256k(u-boot),13312k(rcks_wlan.main),2048k(datafs),256k(u-boot-env),512k(Board Data),13312k(rcks_wlan.bkup)
mtdids=nor0=ar7100-nor0
bootdelay=2
ethact=eth0
filesize=78a000
fileaddr=81000000
partition=nor0,0
mtddevnum=0
mtddevname=u-boot
ipaddr=10.0.0.1
serverip=10.0.0.5
stdin=serial
stdout=serial
stderr=serial
These are the defaults, you can use most likely just this as input to
mkenvimage.
Now, create environment image and copy it over to TFTP root:
$ mkenvimage -s 0x40000 -b -o u-boot-env.bin u-boot-env.txt
$ sudo cp u-boot-env.bin /srv/tftp
This is the same image, gzipped and base64-encoded:
H4sIAAAAAAAAA+3QQW7TQBQAUF8EKRtQI6XtJDS0VJoN4gYcAE3iCbWS2MF2Sss1ORDYqVq6YMEB3rP0
Z/7Yf+aP3/56827VNP16X8Zx3E/Cw8dNuAqDYlxI7bcurpu6a3Y59v3jlzCbz5eLECbt8HbT9Y+HHLvv
x9TdbbpJVVd9vOxWVX05TotVOpZt6nN8qilyf5fKso3hIYTb8JDSEFarIazXQyjLIeRc7PvykNq+iy+T
1F7PQzivmzbcLpYftmfH87G56Wz+/v18sT1r19vu649dqi/2qaqns0W4utmelalPm27I/lac5/p+OluO
NZ+a1JaTz8M3/9hmtT0epmMjVdnF8djXLZx+TJl36TEuTlda93EYQrGpdrmrfuZ4fZPGHzjmp/vezMNJ
MV6n6qumPm06C+MRZb6vj/v4Mk/7HJ+6LarDqXweLsZnXnS5vc9tdXheWRbd0GIdh/Uq7cakOfavsty2
z1nxGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAD+1x9eTkHLAAAEAA==
7. Perform actual installation. Copy over OpenWrt sysupgrade image to
TFTP root:
$ sudo cp openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin /srv/tftp
Now load both to the device over TFTP:
# tftp -l /tmp/u-boot-env.bin -r u-boot-env.bin -g 10.42.0.1
# tftp -l /tmp/openwrt.bin -r openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin -g 10.42.0.1
Vverify checksums of both images to ensure the transfer over TFTP
was completed:
# sha256sum /tmp/u-boot-env.bin /tmp/openwrt.bin
And compare it against source images:
$ sha256sum /srv/tftp/u-boot-env.bin /srv/tftp/openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin
Locate MTD partition of the primary image:
# grep rcks_wlan.main /proc/mtd
Now, write the images in place. Write U-boot environment last, so
unit still can boot from backup image, should power failure occur during
this. Replace MTD placeholders with real MTD nodes:
# flashcp /tmp/openwrt.bin /dev/<rcks_wlan.main_mtd>
# flashcp /tmp/u-boot-env.bin /dev/<u-boot-env_mtd>
Finally, reboot the device. The device should directly boot into
OpenWrt. Look for the characteristic power LED blinking pattern.
# reboot -f
After unit boots, it should be available at the usual 192.168.1.1/24.
Return to factory firmware:
1. Boot into OpenWrt initramfs as for initial installation. To do that
without disassembly, you can write an initramfs image to the device
using 'sysupgrade -F' first.
2. Unset the "bootcmd" variable:
fw_setenv bootcmd ""
3. Write factory images downloaded from manufacturer website into
fwconcat0 and fwconcat1 MTD partitions, or restore backup you took
before installation:
mtd write ruckus_zf7321_fw1_backup.bin /dev/mtd1
mtd write ruckus_zf7321_fw2_backup.bin /dev/mtd5
4. Reboot the system, it should load into factory firmware again.
Quirks and known issues:
- Flash layout is changed from the factory, to use both firmware image
partitions for storage using mtd-concat, and uImage format is used to
actually boot the system, which rules out the dual-boot capability.
- The 5GHz radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
OpenWrt by choice.
It is controlled by data in the top 64kB of RAM which is unmapped,
to avoid the interference in the boot process and accidental
switch to the inactive image, although boot script presence in
form of "bootcmd" variable should prevent this entirely.
- U-boot disables JTAG when starting. To re-enable it, you need to
execute the following command before booting:
mw.l 1804006c 40
And also you need to disable the reset button in device tree if you
intend to debug Linux, because reset button on GPIO0 shares the TCK
pin.
- On some versions of stock firmware, it is possible to obtain root shell,
however not much is available in terms of debugging facitilies.
1. Login to the rkscli
2. Execute hidden command "Ruckus"
3. Copy and paste ";/bin/sh;" including quotes. This is required only
once, the payload will be stored in writable filesystem.
4. Execute hidden command "!v54!". Press Enter leaving empty reply for
"What's your chow?" prompt.
5. Busybox shell shall open.
Source: https://alephsecurity.com/vulns/aleph-2019014
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit f1d112ee5a)
Ruckus ZoneFlex 7372 is a dual-band, dual-radio 802.11n 2x2 MIMO enterprise
access point.
Ruckus ZoneFlex 7352 is also supported, lacking the 5GHz radio part.
Hardware highligts:
- CPU: Atheros AR9344 SoC at 560 MHz
- RAM: 128MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: AR9344 built-in 2x2 MIMO radio
- Wi-Fi 5Ghz: AR9582 2x2 MIMO radio (Only in ZF7372)
- Antennas:
- Separate internal active antennas with beamforming support on both
bands with 7 elements per band, each controlled by 74LV164 GPIO
expanders, attached to GPIOs of each radio.
- Two dual-band external RP-SMA antenna connections on "7372-E"
variant.
- Ethernet 1: single Gigabit Ethernet port through AR8035 gigabit PHY
- Ethernet 2: single Fast Ethernet port through AR9344 built-in switch
- PoE: input through Gigabit port
- Standalone 12V/1A power input
- USB: optional single USB 2.0 host port on "-U" variants.
The same image should support:
- ZoneFlex 7372E (variant with external antennas, without beamforming
capability)
- ZoneFlex 7352 (single-band, 2.4GHz-only variant).
which are based on same baseboard (codename St. Bernard),
with different populated components.
Serial console: 115200-8-N-1 on internal H1 header.
Pinout:
H1
---
|5|
---
|4|
---
|3|
---
|x|
---
|1|
---
Pin 5 is near the "H1" marking.
1 - RX
x - no pin
3 - VCC (3.3V)
4 - GND
5 - TX
JTAG: Connector H2, similar to MIPS eJTAG, standard,
but without the key in pin 12 and not every pin routed:
------- H2
|1 |2 |
-------
|3 |4 |
-------
|5 |6 |
-------
|7 |8 |
-------
|9 |10|
-------
|11|12|
-------
|13|14|
-------
3 - TDI
5 - TDO
7 - TMS
9 - TCK
2,4,6,8,10 - GND
14 - Vref
1,11,12,13 - Not connected
Installation:
There are two methods of installation:
- Using serial console [1] - requires some disassembly, 3.3V USB-Serial
adapter, TFTP server, and removing a single T10 screw,
but with much less manual steps, and is generally recommended, being
safer.
- Using stock firmware root shell exploit, SSH and TFTP [2]. Does not
work on some rare versions of stock firmware. A more involved, and
requires installing `mkenvimage` from u-boot-tools package if you
choose to rebuild your own environment, but can be used without
disassembly or removal from installation point, if you have the
credentials.
If for some reason, size of your sysupgrade image exceeds 13312kB,
proceed with method [1]. For official images this is not likely to
happen ever.
[1] Using serial console:
0. Connect serial console to H1 header. Ensure the serial converter
does not back-power the board, otherwise it will fail to boot.
1. Power-on the board. Then quickly connect serial converter to PC and
hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
you'll enter U-boot shell. Then skip to point 3.
Connection parameters are 115200-8-N-1.
2. Allow the board to boot. Press the reset button, so the board
reboots into U-boot again and go back to point 1.
3. Set the "bootcmd" variable to disable the dual-boot feature of the
system and ensure that uImage is loaded. This is critical step, and
needs to be done only on initial installation.
> setenv bootcmd "bootm 0x9f040000"
> saveenv
4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:
> setenv serverip 192.168.1.2
> setenv ipaddr 192.168.1.1
> tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7372-initramfs-kernel.bin
> bootm 0x81000000
5. Optional, but highly recommended: back up contents of "firmware" partition:
$ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7372_fw1_backup.bin
$ ssh root@192.168.1.1 cat /dev/mtd5 > ruckus_zf7372_fw2_backup.bin
6. Copy over sysupgrade image, and perform actual installation. OpenWrt
shall boot from flash afterwards:
$ ssh root@192.168.1.1
# sysupgrade -n openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin
[2] Using stock root shell:
0. Reset the device to factory defaullts. Power-on the device and after
it boots, hold the reset button near Ethernet connectors for 5
seconds.
1. Connect the device to the network. It will acquire address over DHCP,
so either find its address using list of DHCP leases by looking for
label MAC address, or try finding it by scanning for SSH port:
$ nmap 10.42.0.0/24 -p22
From now on, we assume your computer has address 10.42.0.1 and the device
has address 10.42.0.254.
2. Set up a TFTP server on your computer. We assume that TFTP server
root is at /srv/tftp.
3. Obtain root shell. Connect to the device over SSH. The SSHD ond the
frmware is pretty ancient and requires enabling HMAC-MD5.
$ ssh 10.42.0.254 \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyCheking=no \
-o MACs=hmac-md5
Login. User is "super", password is "sp-admin".
Now execute a hidden command:
Ruckus
It is case-sensitive. Copy and paste the following string,
including quotes. There will be no output on the console for that.
";/bin/sh;"
Hit "enter". The AP will respond with:
grrrr
OK
Now execute another hidden command:
!v54!
At "What's your chow?" prompt just hit "enter".
Congratulations, you should now be dropped to Busybox shell with root
permissions.
4. Optional, but highly recommended: backup the flash contents before
installation. At your PC ensure the device can write the firmware
over TFTP:
$ sudo touch /srv/tftp/ruckus_zf7372_firmware{1,2}.bin
$ sudo chmod 666 /srv/tftp/ruckus_zf7372_firmware{1,2}.bin
Locate partitions for primary and secondary firmware image.
NEVER blindly copy over MTD nodes, because MTD indices change
depending on the currently active firmware, and all partitions are
writable!
# grep rcks_wlan /proc/mtd
Copy over both images using TFTP, this will be useful in case you'd
like to return to stock FW in future. Make sure to backup both, as
OpenWrt uses bot firmwre partitions for storage!
# tftp -l /dev/<rcks_wlan.main_mtd> -r ruckus_zf7372_firmware1.bin -p 10.42.0.1
# tftp -l /dev/<rcks_wlan.bkup_mtd> -r ruckus_zf7372_firmware2.bin -p 10.42.0.1
When the command finishes, copy over the dump to a safe place for
storage.
$ cp /srv/tftp/ruckus_zf7372_firmware{1,2}.bin ~/
5. Ensure the system is running from the BACKUP image, i.e. from
rcks_wlan.bkup partition or "image 2". Otherwise the installation
WILL fail, and you will need to access mtd0 device to write image
which risks overwriting the bootloader, and so is not covered here
and not supported.
Switching to backup firmware can be achieved by executing a few
consecutive reboots of the device, or by updating the stock firmware. The
system will boot from the image it was not running from previously.
Stock firmware available to update was conveniently dumped in point 4 :-)
6. Prepare U-boot environment image.
Install u-boot-tools package. Alternatively, if you build your own
images, OpenWrt provides mkenvimage in host staging directory as well.
It is recommended to extract environment from the device, and modify
it, rather then relying on defaults:
$ sudo touch /srv/tftp/u-boot-env.bin
$ sudo chmod 666 /srv/tftp/u-boot-env.bin
On the device, find the MTD partition on which environment resides.
Beware, it may change depending on currently active firmware image!
# grep u-boot-env /proc/mtd
Now, copy over the partition
# tftp -l /dev/mtd<N> -r u-boot-env.bin -p 10.42.0.1
Store the stock environment in a safe place:
$ cp /srv/tftp/u-boot-env.bin ~/
Extract the values from the dump:
$ strings u-boot-env.bin | tee u-boot-env.txt
Now clean up the debris at the end of output, you should end up with
each variable defined once. After that, set the bootcmd variable like
this:
bootcmd=bootm 0x9f040000
You should end up with something like this:
bootcmd=bootm 0x9f040000
bootargs=console=ttyS0,115200 rootfstype=squashfs init=/sbin/init
baudrate=115200
ethaddr=0x00:0xaa:0xbb:0xcc:0xdd:0xee
bootdelay=2
mtdids=nor0=ar7100-nor0
mtdparts=mtdparts=ar7100-nor0:256k(u-boot),13312k(rcks_wlan.main),2048k(datafs),256k(u-boot-env),512k(Board Data),13312k(rcks_wlan.bkup)
ethact=eth0
filesize=1000000
fileaddr=81000000
ipaddr=192.168.0.7
serverip=192.168.0.51
partition=nor0,0
mtddevnum=0
mtddevname=u-boot
stdin=serial
stdout=serial
stderr=serial
These are the defaults, you can use most likely just this as input to
mkenvimage.
Now, create environment image and copy it over to TFTP root:
$ mkenvimage -s 0x40000 -b -o u-boot-env.bin u-boot-env.txt
$ sudo cp u-boot-env.bin /srv/tftp
This is the same image, gzipped and base64-encoded:
H4sIAAAAAAAAA+3QTW7TQBQAYB+AQ2TZSGk6Tpv+SbNBrNhyADSJHWolsYPtlJaDcAWOCXaqQhdIXOD7
Fm/ee+MZ+/nHu58fV03Tr/dFHNf9JDzdbcJVGGRjI7Vfurhu6q7ZlbHvnz+FWZ4vFyFM2mF30/XPhzJ2
X4+pe9h0k6qu+njRrar6YkyzVToWberL+HImK/uHVBRtDE8h3IenlIawWg1hvR5CUQyhLE/vLcpdeo6L
bN8XVdHFumlDTO1NHsL5mI/9Q2r7Lv5J3uzeL5bX27Pj+XjRdJZfXuaL7Vm73nafv+1SPd+nqp7OFuHq
dntWpD5tuqH6e+K8rB+ns+V45n2T2mLyYXjmH9estsfD9DTSuo/DErJNtSu76vswbjg5NU4D3752qsOp
zu8W8/z6dh7mN1lXto9lWx3eNJd5Ng5V9VVTn2afnSYuysf6uI9/8rQv48s3Z93wn+o4XFWl3Vg0x/5N
Vbbta5X9AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAID/+Q2Z/B7cAAAEAA==
7. Perform actual installation. Copy over OpenWrt sysupgrade image to
TFTP root:
$ sudo cp openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin /srv/tftp
Now load both to the device over TFTP:
# tftp -l /tmp/u-boot-env.bin -r u-boot-env.bin -g 10.42.0.1
# tftp -l /tmp/openwrt.bin -r openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin -g 10.42.0.1
Verify checksums of both images to ensure the transfer over TFTP
was completed:
# sha256sum /tmp/u-boot-env.bin /tmp/openwrt.bin
And compare it against source images:
$ sha256sum /srv/tftp/u-boot-env.bin /srv/tftp/openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin
Locate MTD partition of the primary image:
# grep rcks_wlan.main /proc/mtd
Now, write the images in place. Write U-boot environment last, so
unit still can boot from backup image, should power failure occur during
this. Replace MTD placeholders with real MTD nodes:
# flashcp /tmp/openwrt.bin /dev/<rcks_wlan.main_mtd>
# flashcp /tmp/u-boot-env.bin /dev/<u-boot-env_mtd>
Finally, reboot the device. The device should directly boot into
OpenWrt. Look for the characteristic power LED blinking pattern.
# reboot -f
After unit boots, it should be available at the usual 192.168.1.1/24.
Return to factory firmware:
1. Boot into OpenWrt initramfs as for initial installation. To do that
without disassembly, you can write an initramfs image to the device
using 'sysupgrade -F' first.
2. Unset the "bootcmd" variable:
fw_setenv bootcmd ""
3. Write factory images downloaded from manufacturer website into
fwconcat0 and fwconcat1 MTD partitions, or restore backup you took
before installation:
mtd write ruckus_zf7372_fw1_backup.bin /dev/mtd1
mtd write ruckus_zf7372_fw2_backup.bin /dev/mtd5
4. Reboot the system, it should load into factory firmware again.
Quirks and known issues:
- This is first device in ath79 target to support link state reporting
on FE port attached trough the built-in switch.
- Flash layout is changed from the factory, to use both firmware image
partitions for storage using mtd-concat, and uImage format is used to
actually boot the system, which rules out the dual-boot capability.
The 5GHz radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
OpenWrt by choice.
It is controlled by data in the top 64kB of RAM which is unmapped,
to avoid the interference in the boot process and accidental
switch to the inactive image, although boot script presence in
form of "bootcmd" variable should prevent this entirely.
- U-boot disables JTAG when starting. To re-enable it, you need to
execute the following command before booting:
mw.l 1804006c 40
And also you need to disable the reset button in device tree if you
intend to debug Linux, because reset button on GPIO0 shares the TCK
pin.
- On some versions of stock firmware, it is possible to obtain root shell,
however not much is available in terms of debugging facitilies.
1. Login to the rkscli
2. Execute hidden command "Ruckus"
3. Copy and paste ";/bin/sh;" including quotes. This is required only
once, the payload will be stored in writable filesystem.
4. Execute hidden command "!v54!". Press Enter leaving empty reply for
"What's your chow?" prompt.
5. Busybox shell shall open.
Source: https://alephsecurity.com/vulns/aleph-2019014
- Stock firmware has beamforming functionality, known as BeamFlex,
using active multi-segment antennas on both bands - controlled by
RF analog switches, driven by a pair of 74LV164 shift registers.
Shift registers used for each radio are connected to GPIO14 (clock)
and GPIO15 of the respective chip.
They are mapped as generic GPIOs in OpenWrt - in stock firmware,
they were most likely handled directly by radio firmware,
given the real-time nature of their control.
Lack of this support in OpenWrt causes the antennas to behave as
ordinary omnidirectional antennas, and does not affect throughput in
normal conditions, but GPIOs are available to tinker with nonetheless.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 59cb4dc91d)
Add driver for NVM Express block devices, ie. PCIe connected SSDs.
Targets which allow booting from NVMe (x86, maybe some mvebu boards come
to mind) should have it built-in, so rootfs can be mounted from there.
For targets without NVMe support in bootloader or BIOS/firmware it's
sufficient to provide the kernel module package.
On targets having the NVMe driver built-in the resulting kmod package
is an empty dummy. In any case, depending on or installing kmod-nvme
results in driver support being available (either because it was already
built-in or because the relevant kernel modules are added and loaded).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit dbe53352e3)
This fixes a well known "LZMA ERROR 1" error, reported previously on
numerous of similar devices.
Fixes: #10645
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 7dd1cab1c1)
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
