Refresh multiple lzma configuration option patch with new version
proposed upstream. (Reintroduce -Xe option and add more checks and
general better code quality)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Robert Marko [Tue, 11 Apr 2023 18:20:18 +0000 (20:20 +0200)]
mac80211: ath11k: Remove regulatory intersection
Currently, during initialization ath11k will receive a regulatory event
from the firmware in which it will receive the default regulatory domain
code and accompanying rules list and report those to the kernel.
Then if you try to change the regulatory domain to a different country code
it will do a weird thing in which it will send that to the FW and after
receiving the appropriate regulatory event it will parse the rules.
However, while its parsing there is a weird thing being done, and that is
that new raw rules from FW get intersected with the rules from the default
domain.
This is creating a big issue as the default domain is almost always set to
"US" or just "00" aka world so ath11k will unfairly limit you to the most
restrictive combination of rules based on the default domain and your
desired domain.
For example, in ETSI countries this is causing channels 12 and 13 on 2.4GHz
to not be usable since "US" limits 2.4GHz to 2472MHz instead of 2482MHz
like ETSI countries do.
So, lets do what TIP and even QCA do in their ath11k downstream tree and
completely get rid of the interesection code in ath11k.
It appears that the refactor of the upgrade process for NAND devices resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.
This corrects a typo in the call of nand_do_upgrade_failed for ipq40xx
and ipq806x devices using the linksys.sh script.
It appears that the refactor of the upgrade process for NAND devices resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.
This restores the preservation of configs for mvebu/cortexa9 devices using the
linksys.sh script.
Fixes: e25e6d8e5407 ("base-files: fix and clean up nand sysupgrade code") Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
It appears that the refactor of the upgrade process for NAND devices
resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.
This restores the preservation of configs for kirkwood devices using the
linksys.sh script.
Fixes: e25e6d8e5407 ("base-files: fix and clean up nand sysupgrade code") Fixes: #12298 Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3
The 100-fix-compile.patch patch was merged upstream, see:
https://github.com/Mbed-TLS/mbedtls/issues/6243
https://github.com/Mbed-TLS/mbedtls/pull/7013
The code style of all files in mbedtls 2.28.3 was changed. I took a new
version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this
pull request: https://github.com/Mbed-TLS/mbedtls/pull/6475
bmips target is now more stable and it's time to start generating buildbot
images in order to receive a wider testing, which will be essential to replace
bcm63xx target in the future.
BMIPS is a generic arch that can be used for multiple Broadcom SoCs, each one
with its own specific drivers, so instead of having a huge kernel supporting
all of them, let's switch to a subtarget per SoC like other OpenWrt targets.
Petr Štetiar [Sat, 8 Apr 2023 08:29:06 +0000 (10:29 +0200)]
kernel: crypto: fix architecture specific modules
While tracking one bug report related to wrong package dependencies I've
noticed, that a bunch of the crypto modules are actually not
architecture specific, but either board/subtarget (x86/64) or board
(mpc85xx) specific.
So lets fix it, by making those modules architecture specific:
Sercomm SHG2500 is a BCM63168 with 128M of RAM, 256M of NAND, an external
BCM53124S switch for the LAN ports and internal/external Broadcom wifi.
LEDs are connected to an external MSP430G2513 MCU controlled via SPI.
Installation
------------
1. Grab the OpenWrt initramfs, rename it to ap3715.bin. Place it in
the root directory of a TFTP server and serve it at
192.168.1.66/24.
2. Connect to the serial port and boot the AP. Stop autoboot in U-Boot
by pressing Enter when prompted. Credentials are identical to the one
in the APs interface. By default it is admin / new2day.
David Bauer [Sun, 2 Apr 2023 15:52:16 +0000 (17:52 +0200)]
mpc85xx: reserve upper 1MB of RAM for WS-AP3825i
The bootpage for the second core is placed by U-Boot in the upper 128k
of syste-memory.
This could either be a reserved-area or deducted from the total
system-memory. As only the latter is parsed by the bootwrapper, reduce
the available system memory for linux in order to preserve the bootpage
from being overwritten.
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:
- Excessive Resource Usage Verifying X.509 Policy Constraints
(CVE-2023-0464)
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit
this vulnerability by creating a malicious certificate chain that
triggers exponential use of computational resources, leading to a
denial-of-service (DoS) attack on affected systems.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
- Invalid certificate policies in leaf certificates are silently ignored
(CVE-2023-0465)
Severity: Low
Applications that use a non-default option when verifying certificates
may be vulnerable to an attack from a malicious CA to circumvent
certain checks.
Invalid certificate policies in leaf certificates are silently ignored
by OpenSSL and other certificate policy checks are skipped for that
certificate. A malicious CA could use this to deliberately assert
invalid certificate policies in order to circumvent policy checking on
the certificate altogether.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466. It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.
Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Fix mis-typed DEVICE-MODEL in mk file for EnGenius EWS2910P.
Signed-off-by: Raylynn Knight <rayknight@me.com>
[ fix wrong SoB format and improve commit title/description ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Robert Marko [Tue, 4 Apr 2023 19:48:42 +0000 (21:48 +0200)]
ath11k-firmware: update to WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1
Current WLAN.HK.2.5.0.1 FW is quite old and buggy, but we had to hold off
from updating to 2.6.0.1 and 2.7.0.1 as they had compatibility regressions,
but now QCA finally released 2.9.0.1 FW which is working on all of the
boards.
So finally update IPQ8074 and QCN9074 FW to the latest
WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1 firmware.
In order to do so, we have to switch to using QCA-s QUIC repo instead of
Kalle-s.
QCA-s QUIC repo does not have BDF-s so we have to get the QCN9074 BDF from
Kalles repo.
Tested-by: Mireia Fernández Casals <meirin.f@gmail.com> # Xiaomi AX3600 Tested-by: Francisco G Luna <frangonlun@gmail.com> #Netgear WAX218 Signed-off-by: Robert Marko <robimarko@gmail.com>
Daniel Golle [Wed, 5 Apr 2023 15:56:54 +0000 (16:56 +0100)]
mediatek: introduce KERNEL_LOADADDR to Device/Default template
We need to reset KERNEL_LOADADDR if we use it on a per-device base.
Otherwise the previous value will be kept in case a device doesn't
define KERNEL_LOADADDR and relies on the default.
Move initializing KERNEL_LOADADDR to target/linux/mediatek/image/Makefile,
similar to how it's done also on the ramips target.
This fixes image size related breakage on devices which rely on the
default value of KERNEL_LOADADDR.
While at it use 0x48000000 which is more common than the previous default
0x44000000 for the filogic subtarget.
Fixed: e7c399bee6 ("filogic: add support for ASUS TUF-AX4200") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This adapts the engine build infrastructure to allow building providers,
and packages the legacy provider. Providers are the successors of
engines, which have been deprecated.
The legacy provider supplies OpenSSL implementations of algorithms that
have been deemed legacy, including DES, IDEA, MDC2, SEED, and Whirlpool.
Even though these algorithms are implemented in a separate package,
their removal makes the regular library smaller by 3%, so the build
options will remain to allow lean custom builds. Their defaults will
change to 'y' if not bulding for a small flash, so that the regular
legacy package will contain a complete set of algorithms.
The engine build and configuration structure was changed to accomodate
providers, and adapt to the new style of openssl.cnf in version 3.0.
There is not a clean upgrade path for the /etc/ssl/openssl.cnf file,
installed by the openssl-conf package. It is recommended to rename or
remove the old config file when flashing an image with the updated
openssl-conf package, then apply the changes manually.
An old openssl.cnf file will silently work, but new engine or provider
packages will not be enabled. Any remaining engine config files under
/etc/ssl/engines.cnf.d can be removed.
On the build side, the include file used by engine packages was renamed
to openssl-module.mk, so the engine packages in other feeds need to
adapt.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
openssl: make UCI config aware of built-in engines
Engines that are built into the main libcrypto OpenSSL library can't be
disabled through UCI. Add a 'builtin' setting to signal that the engine
can't be disabled through UCI, and show a message explaining this in
case buitin=1 and enabled=0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Building openssl with OPENSSL_SMALL_FOOTPRINT yelds only from 1% to 3%
decrease in size, dropping performance from 2% to 91%, depending on the
target and algorithm.
For example, using AES256-GCM with 1456-bytes operations, X86_64 appears
to be the least affected with 2% performance penalty and 1% reduction in
size; mips drops performance by 13%, size by 3%; Arm drops 29% in
performance, 2% in size.
On aarch64, it slows down ghash so much that I consider it broken
(-91%). SMALL_FOOTPRINT will reduce AES256-GCM performance by 88%, and
size by only 1%. It makes an AES-capable CPU run AES128-GCM at 35% of
the speed of Chacha20-Poly1305:
OpenSSL 1.1.1 numbers are about the same, so this should have been
noticed a long time ago.
This creates an option to use OPENSSL_SMALL_FOOTPRINT, but it is turned
off by default unless SMALL_FLASH or LOW_MEMORY_FOOTPRINT is used.
Compiling with -O3 instead of -Os, for comparison, will increase size by
about 14-15%, with no measureable effect on AES256-GCM performance, and
about 2% increase in Chacha20-Poly1305 performance on Aarch64.
There are no Arm devices with the small flash feature, so drop the
conditional default. The package is built on phase2, so even if we
include an Arm device with small flash later, a no-asm library would
have to be built from source anyway.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
40ab806 config: use dedicated link local function to check interface a84bff2 netlink: add support for getting interface linklocal 2ea065f Revert "config: recheck have_link_local on interface reload if already init" 4b38e6b config: fix feature for enabling service only when interface RUNNING
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Daniel Golle [Sun, 2 Apr 2023 22:21:57 +0000 (01:21 +0300)]
generic: disable SGMII in-band AN for RealTek 2.5G PHYs
MAC drivers don't use SGMII in-band autonegotiation unless told to do so
in device tree using 'managed = "in-band-status"'. When using MDIO to
access a PHY, in-band-status is unneeded as we have link-status via
MDIO. Switch off SGMII in-band autonegotiation using magic values.
Reported-by: Chen Minqiang <ptpt52@gmail.com> Reported-by: Chukun Pan <amadeus@jmu.edu.cn> Reported-by: Yevhen Kolomeiko <jarvis2709@gmail.com> Tested-by: Yevhen Kolomeiko <jarvis2709@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 2 Apr 2023 22:20:28 +0000 (01:20 +0300)]
generic: use genphy_soft_reset for RealTek 2.5G PHYs
Some vendor bootloaders do weird things with those PHYs which result in
link modes being reported wrongly. Start from a clean sheet by resetting
the PHY.
Reported-by: Yevhen Kolomeiko <jarvis2709@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The assumption the bootloader fills out the MAC-address is not
correct. The MAC-address has to be set from userspace based on
information found in the device_id partition.
Daniel Golle [Sun, 2 Apr 2023 23:06:46 +0000 (00:06 +0100)]
generic: add quirk for HG MXPD-483II 2500M fiber SFP
The HG MXPD-483II 1310nm SFP module is meant to operate with 2500Base-X,
however, in their EEPROM they incorrectly specify:
Transceiver type : Ethernet: 1000BASE-LX
...
BR, Nominal : 2600MBd
Use sfp_quirk_2500basex for this module to allow 2500Base-X mode anyway.
Olliver Schinagl [Thu, 16 Feb 2023 14:25:12 +0000 (15:25 +0100)]
tools/7z: Allow building on alpine
When using alpine as host, things start to fail. Lets pull in the
upstream alpine patches to make things work. This should not affect
other hosts.
Note, that Alpine has the '_GNU_SOURCE' define in the APKBUILD file, but
here we add this flag to the needed fix flags patch, which does similar
things too.
Install via SSH:
Original firmware is based on OpenWRT, but SSH is not start by default,
You should enable it first
1. Login into web admin (10.168.1.1), default password is 'admin'
2. Open the following link, and the result should be {"code":0};
SSH is now started, username is root, password is same as web admin password
http://10.168.1.1/cgi-bin/oraybox?_api=ssh_set&enabled=1
4. You can flash firmware via mtd: mtd write /tmp/firmware_image.bin firmware
Lech Perczak [Tue, 15 Mar 2022 18:27:48 +0000 (19:27 +0100)]
uqmi: explicitly disconnect IPv6 address family
Some modems (namely, Telit LE910C4) require the IPv6 connection state to
be cleared explicitly, to avoid reporting "no effect" if IPv6
connection is already connected through autoconnect mechanism, or during
LTE default bearer attach, which would lead to established session, but
without a way to inform protocol handler of the status.
Lech Perczak [Tue, 15 Mar 2022 18:29:59 +0000 (19:29 +0100)]
uqmi: set IPv6 family explicitly in status check
Some modems require CID to be set explicitly during IPv6 connection
status check, others require IPv6 address family to be checked explicitly
after establishing connection, in order to provide correct status.
Set both fields in the request to satisfy them.
Fixes: c8a88118af46 ("uqmi: set CID during 'query-data-status' operation") Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Thomas Nixon [Sun, 26 Mar 2023 10:19:21 +0000 (10:19 +0000)]
lantiq: nand: don't yield while holding spinlock
The nand driver normally while waiting for the device to become ready;
this is normally fine, but xway_nand holds the ebu_lock spinlock, and
this can cause lockups if other threads which use ebu_lock are
interleaved. Fix this by waiting instead of polling.
This mainly showed up as crashes in ath9k_pci_owl_loader (see
https://github.com/openwrt/openwrt/issues/9829 ), but turning on
spinlock debugging shows this happening in other places too.
This doesn't seem to measurably impact boot time.
Tested on bt_homehub-v5a with 5.10 and 5.15.
Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
[Add commit description into patch] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Georgi Valkov [Tue, 21 Mar 2023 09:39:21 +0000 (11:39 +0200)]
tools/coreutils: update to 9.2
This resolves an error when building toolchain/musl on macOS due to
improper hole-detection caused by a bug in macOS/APFS [1].
As long as we don't reconfigure, 001-m4.patch is not needed.
If we keep it, it will force reconfigure the project,
since m4 files are changed. This works, but may not be optimal,
because the build should use files from coreutils/m4, but
OpenWRT uses legacy files from staging_dir/host/share/aclocal [2].
backport a couple of upstream patches
date: diagnose -f read errors
copy: fix --reflink=auto to fallback in more cases
Jacob Aharon [Mon, 27 Mar 2023 01:12:48 +0000 (12:12 +1100)]
ipq806x: Fix Linksys upgrade, restore config step
It appears that the refactor of the upgrade process for NAND devices
resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration
was not preserved over sysupgrade steps.
This restores the preservation of configs for ipq806x devices using the
linksys.sh script. Other devices and targets have not been examined.
This commit uses the same functionality and terminology used in commit 8634c10 ("ipq40xx: Fix Linksys upgrade, restore config step")
Fixes: e25e6d8 ("base-files: fix and clean up nand sysupgrade code")
Tested-on: EA8500
Ian Dall [Fri, 10 Mar 2023 06:32:34 +0000 (17:02 +1030)]
dnsmasq: configure dynamic dhcp6 and dhcp4 independently
Given ipv6 has SLAAC it is quite plausible to wish to use dynamic
dhcp4 but static dhcp6. This patch keeps dynamicdhcp as the default
option for both, but is overridden by dynamicdhcpv6 or dynamicdhcpv4
Signed-off-by: Ian Dall <ian@beware.dropbear.id.au>
```
Please choose the operation:
1: Load system code to SDRAM via TFTP.
2: Load system code then write to Flash via TFTP.
3: Boot system code via Flash (default).
4: Entr boot command line interface.
7: Load Boot Loader code then write to Flash via Serial.
9: Load Boot Loader code then write to Flash via TFTP.
```
**Steps**
Press 4: Entr boot command line interface.
On the pormpt enter.
`setenv firmware_size 0xf60000`
Then enter.
`saveenv`
Then enter.
`reset`
**Device will reboot**
Set your IP 192.168.100.100/24
Connect your lan cable to wan port.
**On the UART Menu**
Press 2: Load system code then write to Flash via TFTP.
Warning!! Erase Linux in Flash then burn new one. Are you sure?(Y/N) **enter** `Y`
Please Input new ones /or Ctrl-C to discard
Input device IP (192.168.100.55) ==:`192.168.100.55`
Input server IP (192.168.100.100) ==:`192.168.100.100`
Input Linux Kernel filename () ==:`openwrt-22.03.0-ramips-mt7621-hanyang_hyc-g920-squashfs-sysupgrade.bin`
After uploading firmware image, device will boot Openwrt.
Signed-off-by: Muhammad AL-Qadhy <m.ismael@gmail.com>
kernel: modules: hfcpci: limit to devices with pci support
Kmod-hfcpci and kmod-hfcmulti supports ISDN adapters over PCI. On targets
without PCI support, this package is empty. Symbol CONFIG_MISDN_HFCMULTI
and CONFIG_MISDN_HFCPCI depends on CONFIG_PCI.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Nick Hainke [Tue, 28 Mar 2023 22:29:47 +0000 (00:29 +0200)]
libtraceevent: update to 1.7.2
Changes: 1c6f0f3 libtraceevent: version 1.7.2 73f6a8a libtraceevent: Fix some missing commas in big endian blocks da2ea6b libtraceevent: Rename "ok" to "token_has_paren" in process_sizeof() e6f7cfa libtraceevent: No need for testing ok in else if (!ok) in process_sizeof() a4b1ba5 libtraceevent: Fix double free in parsing sizeof()
Linhui Liu [Fri, 31 Mar 2023 13:34:01 +0000 (21:34 +0800)]
tools/squashfs4: enable parallel builds
Run `time make tools/squashfs4/{clean,compile} -j$(nproc)`
Before:
real 0m8.803s
user 0m12.415s
sys 0m1.317s
After:
real 0m13.781s
user 0m13.290s
sys 0m1.528s
Rosen Penev [Tue, 28 Mar 2023 22:29:19 +0000 (15:29 -0700)]
ramips: mt7621: remove set-affinity script
From https://github.com/openwrt/openwrt/pull/12280#issuecomment-1489279860
On Ethernet and WLAN, NAPI is threaded for all queues. This means that the
processing work is not stuck on the CPU that fired the IRQ. Under heavy
load, IRQs get disabled anyway, so it should not matter at all which CPUs
the IRQs fire on.
Basic testing indicates this to be true. There's no speedup or slowdown.
Felix Baumann [Fri, 31 Mar 2023 04:16:04 +0000 (06:16 +0200)]
ramips: mt7621: ASUS RT-AX53U add NMBM, nest firmware
Nests kernel and ubi into firmware partition in-order to be compatible
with OEM firmware. This allows restoring oem firmware from a backup of
firmware2. Add jffs2 partition which is present in the oem firmware.
Add support for mediatek NMBM (wear leveling on newer mediatek devices).
Exclude UBI partition from NMBM management.
Continues PR #10685.
Tested-by: Felix Baumann <felix.bau@gmx.de> Signed-off-by: Felix Baumann <felix.bau@gmx.de>
Joe Mullally [Sun, 26 Feb 2023 22:01:22 +0000 (22:01 +0000)]
kernel: add support for XMC XM25QH64C
The XMC XM25QH64C is a 8MB SPI NOR chip. The patch is verified on TL-WPA8631P v3.
Datasheet available at https://www.xmcwh.com/uploads/442/XM25QH64C.pdf
Signed-off-by: Joe Mullally <jwmullally@gmail.com>
Robert Marko [Tue, 28 Mar 2023 11:38:57 +0000 (13:38 +0200)]
mac80211: ath11k: restore 160MHz support
Recent ath11k sync introduced a regression causing 80+80 and 160MHz to
stop being advertised and thus not selectable due to the respective feature
flags being cleared.
So, until we get answers upstream to what was the reasoning behind this and
it gets fixed, lets just remove the flag clearing to reanable 160MHz.
Fixes: 789a0bac3535 ("mac80211: ath11k: sync with ath-next") Signed-off-by: Robert Marko <robimarko@gmail.com>
Stijn Tintel [Tue, 20 Dec 2022 18:05:40 +0000 (20:05 +0200)]
arm-trusted-firmware-sunxi: bump to 2.8
Use latest release build instead of a git snapshot. As this tarball
extracts in a trusted-firmware-a-2.8 subdirectory, we no longer need to
override the PKG_NAME defined in trusted-firmware-a.mk. The actual
package name is still the same, so we don't need to update any
dependencies.
projects / thirdparty / openwrt.git / log
