Daniel Golle [Fri, 14 Apr 2023 16:54:54 +0000 (17:54 +0100)]
uboot-mediatek: fix build for RAVPower RP-WD009
Updating to U-Boot 2023.04 broke the build for the RAVPower RP-WD009
MT7628 board. This was due to upstream conversion of CONFIG_* to CFG_*
which was not applied to our downstream patch adding support for the
RAVPower RP-WD009 device.
Apply CONFIG_* to CFG_* converion analog to what has been done also
for mt7928_rfb upstream.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Thu, 13 Apr 2023 19:16:05 +0000 (20:16 +0100)]
generic: move accepted patch to backport-5.15
The patch adding SFP quirk for MXPD 483II was accepted upstream and
will be part of Linux v6.3:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=ad651d68cee75e9ac20002254c4e5d09ee67a84b
Move the patch from pending-5.15 to backport-5.15.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Thu, 13 Apr 2023 04:01:30 +0000 (05:01 +0100)]
mediatek: backport new pinctrl features
Backport new features for MediaTek pinctrl/pinconf drivers from upstream.
This will serve as the base to improve pinconf bias/pull-up/pull-down on
MT7981 and MT7986, and also prepare for upcoming support for MT7988.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 11 Apr 2023 23:21:22 +0000 (00:21 +0100)]
uboot-mediatek: update to v2023.04
Update to next U-Boot timed release.
Remove now obsolete patch
100-01-board-mediatek-add-more-network-configurations.patch
Default IP addresses are now dealt with in Kconfig, no longer in board-
specific C header files.
Add patches to restore ANSI support in bootmenu which was broken upstream,
always use high-speed mode on serial UART for improved stability and fix
an issue with pinconf not being applied on MT7623 resulting in eMMC
being inaccessible when booting from micro SD card.
In order to keep the size of the bootloader on MT7623 below 512kB remove
some unneeded commands on both MT7623 boards.
Robert Marko [Wed, 12 Apr 2023 11:17:03 +0000 (13:17 +0200)]
mac80211: ath11k: sync with ath-next
Synchronize the ath11k backports with the current ath-next tree.
This replaces the management TLV pending fix with the upstreamed one,
fixes traffic flooding when AP and monitor modes are used at the same time,
fixes QCN9074 always showing -95 dBm for station RSSI in dumps,
fixes potential crash on boot if spectral scan is enabled due to writing to
unitialized memory and adds 11d scan offloading for WCN6750 and WCN6855.
Refresh multiple lzma configuration option patch with new version
proposed upstream. (Reintroduce -Xe option and add more checks and
general better code quality)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Robert Marko [Tue, 11 Apr 2023 18:20:18 +0000 (20:20 +0200)]
mac80211: ath11k: Remove regulatory intersection
Currently, during initialization ath11k will receive a regulatory event
from the firmware in which it will receive the default regulatory domain
code and accompanying rules list and report those to the kernel.
Then if you try to change the regulatory domain to a different country code
it will do a weird thing in which it will send that to the FW and after
receiving the appropriate regulatory event it will parse the rules.
However, while its parsing there is a weird thing being done, and that is
that new raw rules from FW get intersected with the rules from the default
domain.
This is creating a big issue as the default domain is almost always set to
"US" or just "00" aka world so ath11k will unfairly limit you to the most
restrictive combination of rules based on the default domain and your
desired domain.
For example, in ETSI countries this is causing channels 12 and 13 on 2.4GHz
to not be usable since "US" limits 2.4GHz to 2472MHz instead of 2482MHz
like ETSI countries do.
So, lets do what TIP and even QCA do in their ath11k downstream tree and
completely get rid of the interesection code in ath11k.
It appears that the refactor of the upgrade process for NAND devices resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.
This corrects a typo in the call of nand_do_upgrade_failed for ipq40xx
and ipq806x devices using the linksys.sh script.
It appears that the refactor of the upgrade process for NAND devices resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.
This restores the preservation of configs for mvebu/cortexa9 devices using the
linksys.sh script.
Fixes: e25e6d8e5407 ("base-files: fix and clean up nand sysupgrade code") Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
It appears that the refactor of the upgrade process for NAND devices
resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.
This restores the preservation of configs for kirkwood devices using the
linksys.sh script.
Fixes: e25e6d8e5407 ("base-files: fix and clean up nand sysupgrade code") Fixes: #12298 Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3
The 100-fix-compile.patch patch was merged upstream, see:
https://github.com/Mbed-TLS/mbedtls/issues/6243
https://github.com/Mbed-TLS/mbedtls/pull/7013
The code style of all files in mbedtls 2.28.3 was changed. I took a new
version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this
pull request: https://github.com/Mbed-TLS/mbedtls/pull/6475
bmips target is now more stable and it's time to start generating buildbot
images in order to receive a wider testing, which will be essential to replace
bcm63xx target in the future.
BMIPS is a generic arch that can be used for multiple Broadcom SoCs, each one
with its own specific drivers, so instead of having a huge kernel supporting
all of them, let's switch to a subtarget per SoC like other OpenWrt targets.
Petr Štetiar [Sat, 8 Apr 2023 08:29:06 +0000 (10:29 +0200)]
kernel: crypto: fix architecture specific modules
While tracking one bug report related to wrong package dependencies I've
noticed, that a bunch of the crypto modules are actually not
architecture specific, but either board/subtarget (x86/64) or board
(mpc85xx) specific.
So lets fix it, by making those modules architecture specific:
Sercomm SHG2500 is a BCM63168 with 128M of RAM, 256M of NAND, an external
BCM53124S switch for the LAN ports and internal/external Broadcom wifi.
LEDs are connected to an external MSP430G2513 MCU controlled via SPI.
Installation
------------
1. Grab the OpenWrt initramfs, rename it to ap3715.bin. Place it in
the root directory of a TFTP server and serve it at
192.168.1.66/24.
2. Connect to the serial port and boot the AP. Stop autoboot in U-Boot
by pressing Enter when prompted. Credentials are identical to the one
in the APs interface. By default it is admin / new2day.
David Bauer [Sun, 2 Apr 2023 15:52:16 +0000 (17:52 +0200)]
mpc85xx: reserve upper 1MB of RAM for WS-AP3825i
The bootpage for the second core is placed by U-Boot in the upper 128k
of syste-memory.
This could either be a reserved-area or deducted from the total
system-memory. As only the latter is parsed by the bootwrapper, reduce
the available system memory for linux in order to preserve the bootpage
from being overwritten.
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:
- Excessive Resource Usage Verifying X.509 Policy Constraints
(CVE-2023-0464)
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit
this vulnerability by creating a malicious certificate chain that
triggers exponential use of computational resources, leading to a
denial-of-service (DoS) attack on affected systems.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
- Invalid certificate policies in leaf certificates are silently ignored
(CVE-2023-0465)
Severity: Low
Applications that use a non-default option when verifying certificates
may be vulnerable to an attack from a malicious CA to circumvent
certain checks.
Invalid certificate policies in leaf certificates are silently ignored
by OpenSSL and other certificate policy checks are skipped for that
certificate. A malicious CA could use this to deliberately assert
invalid certificate policies in order to circumvent policy checking on
the certificate altogether.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466. It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.
Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Fix mis-typed DEVICE-MODEL in mk file for EnGenius EWS2910P.
Signed-off-by: Raylynn Knight <rayknight@me.com>
[ fix wrong SoB format and improve commit title/description ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Robert Marko [Tue, 4 Apr 2023 19:48:42 +0000 (21:48 +0200)]
ath11k-firmware: update to WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1
Current WLAN.HK.2.5.0.1 FW is quite old and buggy, but we had to hold off
from updating to 2.6.0.1 and 2.7.0.1 as they had compatibility regressions,
but now QCA finally released 2.9.0.1 FW which is working on all of the
boards.
So finally update IPQ8074 and QCN9074 FW to the latest
WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1 firmware.
In order to do so, we have to switch to using QCA-s QUIC repo instead of
Kalle-s.
QCA-s QUIC repo does not have BDF-s so we have to get the QCN9074 BDF from
Kalles repo.
Tested-by: Mireia Fernández Casals <meirin.f@gmail.com> # Xiaomi AX3600 Tested-by: Francisco G Luna <frangonlun@gmail.com> #Netgear WAX218 Signed-off-by: Robert Marko <robimarko@gmail.com>
Daniel Golle [Wed, 5 Apr 2023 15:56:54 +0000 (16:56 +0100)]
mediatek: introduce KERNEL_LOADADDR to Device/Default template
We need to reset KERNEL_LOADADDR if we use it on a per-device base.
Otherwise the previous value will be kept in case a device doesn't
define KERNEL_LOADADDR and relies on the default.
Move initializing KERNEL_LOADADDR to target/linux/mediatek/image/Makefile,
similar to how it's done also on the ramips target.
This fixes image size related breakage on devices which rely on the
default value of KERNEL_LOADADDR.
While at it use 0x48000000 which is more common than the previous default
0x44000000 for the filogic subtarget.
Fixed: e7c399bee6 ("filogic: add support for ASUS TUF-AX4200") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This adapts the engine build infrastructure to allow building providers,
and packages the legacy provider. Providers are the successors of
engines, which have been deprecated.
The legacy provider supplies OpenSSL implementations of algorithms that
have been deemed legacy, including DES, IDEA, MDC2, SEED, and Whirlpool.
Even though these algorithms are implemented in a separate package,
their removal makes the regular library smaller by 3%, so the build
options will remain to allow lean custom builds. Their defaults will
change to 'y' if not bulding for a small flash, so that the regular
legacy package will contain a complete set of algorithms.
The engine build and configuration structure was changed to accomodate
providers, and adapt to the new style of openssl.cnf in version 3.0.
There is not a clean upgrade path for the /etc/ssl/openssl.cnf file,
installed by the openssl-conf package. It is recommended to rename or
remove the old config file when flashing an image with the updated
openssl-conf package, then apply the changes manually.
An old openssl.cnf file will silently work, but new engine or provider
packages will not be enabled. Any remaining engine config files under
/etc/ssl/engines.cnf.d can be removed.
On the build side, the include file used by engine packages was renamed
to openssl-module.mk, so the engine packages in other feeds need to
adapt.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
openssl: make UCI config aware of built-in engines
Engines that are built into the main libcrypto OpenSSL library can't be
disabled through UCI. Add a 'builtin' setting to signal that the engine
can't be disabled through UCI, and show a message explaining this in
case buitin=1 and enabled=0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Building openssl with OPENSSL_SMALL_FOOTPRINT yelds only from 1% to 3%
decrease in size, dropping performance from 2% to 91%, depending on the
target and algorithm.
For example, using AES256-GCM with 1456-bytes operations, X86_64 appears
to be the least affected with 2% performance penalty and 1% reduction in
size; mips drops performance by 13%, size by 3%; Arm drops 29% in
performance, 2% in size.
On aarch64, it slows down ghash so much that I consider it broken
(-91%). SMALL_FOOTPRINT will reduce AES256-GCM performance by 88%, and
size by only 1%. It makes an AES-capable CPU run AES128-GCM at 35% of
the speed of Chacha20-Poly1305:
OpenSSL 1.1.1 numbers are about the same, so this should have been
noticed a long time ago.
This creates an option to use OPENSSL_SMALL_FOOTPRINT, but it is turned
off by default unless SMALL_FLASH or LOW_MEMORY_FOOTPRINT is used.
Compiling with -O3 instead of -Os, for comparison, will increase size by
about 14-15%, with no measureable effect on AES256-GCM performance, and
about 2% increase in Chacha20-Poly1305 performance on Aarch64.
There are no Arm devices with the small flash feature, so drop the
conditional default. The package is built on phase2, so even if we
include an Arm device with small flash later, a no-asm library would
have to be built from source anyway.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
40ab806 config: use dedicated link local function to check interface a84bff2 netlink: add support for getting interface linklocal 2ea065f Revert "config: recheck have_link_local on interface reload if already init" 4b38e6b config: fix feature for enabling service only when interface RUNNING
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Daniel Golle [Sun, 2 Apr 2023 22:21:57 +0000 (01:21 +0300)]
generic: disable SGMII in-band AN for RealTek 2.5G PHYs
MAC drivers don't use SGMII in-band autonegotiation unless told to do so
in device tree using 'managed = "in-band-status"'. When using MDIO to
access a PHY, in-band-status is unneeded as we have link-status via
MDIO. Switch off SGMII in-band autonegotiation using magic values.
Reported-by: Chen Minqiang <ptpt52@gmail.com> Reported-by: Chukun Pan <amadeus@jmu.edu.cn> Reported-by: Yevhen Kolomeiko <jarvis2709@gmail.com> Tested-by: Yevhen Kolomeiko <jarvis2709@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 2 Apr 2023 22:20:28 +0000 (01:20 +0300)]
generic: use genphy_soft_reset for RealTek 2.5G PHYs
Some vendor bootloaders do weird things with those PHYs which result in
link modes being reported wrongly. Start from a clean sheet by resetting
the PHY.
Reported-by: Yevhen Kolomeiko <jarvis2709@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The assumption the bootloader fills out the MAC-address is not
correct. The MAC-address has to be set from userspace based on
information found in the device_id partition.
Daniel Golle [Sun, 2 Apr 2023 23:06:46 +0000 (00:06 +0100)]
generic: add quirk for HG MXPD-483II 2500M fiber SFP
The HG MXPD-483II 1310nm SFP module is meant to operate with 2500Base-X,
however, in their EEPROM they incorrectly specify:
Transceiver type : Ethernet: 1000BASE-LX
...
BR, Nominal : 2600MBd
Use sfp_quirk_2500basex for this module to allow 2500Base-X mode anyway.
Olliver Schinagl [Thu, 16 Feb 2023 14:25:12 +0000 (15:25 +0100)]
tools/7z: Allow building on alpine
When using alpine as host, things start to fail. Lets pull in the
upstream alpine patches to make things work. This should not affect
other hosts.
Note, that Alpine has the '_GNU_SOURCE' define in the APKBUILD file, but
here we add this flag to the needed fix flags patch, which does similar
things too.
Install via SSH:
Original firmware is based on OpenWRT, but SSH is not start by default,
You should enable it first
1. Login into web admin (10.168.1.1), default password is 'admin'
2. Open the following link, and the result should be {"code":0};
SSH is now started, username is root, password is same as web admin password
http://10.168.1.1/cgi-bin/oraybox?_api=ssh_set&enabled=1
4. You can flash firmware via mtd: mtd write /tmp/firmware_image.bin firmware
Lech Perczak [Tue, 15 Mar 2022 18:27:48 +0000 (19:27 +0100)]
uqmi: explicitly disconnect IPv6 address family
Some modems (namely, Telit LE910C4) require the IPv6 connection state to
be cleared explicitly, to avoid reporting "no effect" if IPv6
connection is already connected through autoconnect mechanism, or during
LTE default bearer attach, which would lead to established session, but
without a way to inform protocol handler of the status.
Lech Perczak [Tue, 15 Mar 2022 18:29:59 +0000 (19:29 +0100)]
uqmi: set IPv6 family explicitly in status check
Some modems require CID to be set explicitly during IPv6 connection
status check, others require IPv6 address family to be checked explicitly
after establishing connection, in order to provide correct status.
Set both fields in the request to satisfy them.
Fixes: c8a88118af46 ("uqmi: set CID during 'query-data-status' operation") Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Thomas Nixon [Sun, 26 Mar 2023 10:19:21 +0000 (10:19 +0000)]
lantiq: nand: don't yield while holding spinlock
The nand driver normally while waiting for the device to become ready;
this is normally fine, but xway_nand holds the ebu_lock spinlock, and
this can cause lockups if other threads which use ebu_lock are
interleaved. Fix this by waiting instead of polling.
This mainly showed up as crashes in ath9k_pci_owl_loader (see
https://github.com/openwrt/openwrt/issues/9829 ), but turning on
spinlock debugging shows this happening in other places too.
This doesn't seem to measurably impact boot time.
Tested on bt_homehub-v5a with 5.10 and 5.15.
Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
[Add commit description into patch] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Georgi Valkov [Tue, 21 Mar 2023 09:39:21 +0000 (11:39 +0200)]
tools/coreutils: update to 9.2
This resolves an error when building toolchain/musl on macOS due to
improper hole-detection caused by a bug in macOS/APFS [1].
As long as we don't reconfigure, 001-m4.patch is not needed.
If we keep it, it will force reconfigure the project,
since m4 files are changed. This works, but may not be optimal,
because the build should use files from coreutils/m4, but
OpenWRT uses legacy files from staging_dir/host/share/aclocal [2].
backport a couple of upstream patches
date: diagnose -f read errors
copy: fix --reflink=auto to fallback in more cases
Jacob Aharon [Mon, 27 Mar 2023 01:12:48 +0000 (12:12 +1100)]
ipq806x: Fix Linksys upgrade, restore config step
It appears that the refactor of the upgrade process for NAND devices
resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration
was not preserved over sysupgrade steps.
This restores the preservation of configs for ipq806x devices using the
linksys.sh script. Other devices and targets have not been examined.
This commit uses the same functionality and terminology used in commit 8634c10 ("ipq40xx: Fix Linksys upgrade, restore config step")
Fixes: e25e6d8 ("base-files: fix and clean up nand sysupgrade code")
Tested-on: EA8500
Ian Dall [Fri, 10 Mar 2023 06:32:34 +0000 (17:02 +1030)]
dnsmasq: configure dynamic dhcp6 and dhcp4 independently
Given ipv6 has SLAAC it is quite plausible to wish to use dynamic
dhcp4 but static dhcp6. This patch keeps dynamicdhcp as the default
option for both, but is overridden by dynamicdhcpv6 or dynamicdhcpv4
Signed-off-by: Ian Dall <ian@beware.dropbear.id.au>
```
Please choose the operation:
1: Load system code to SDRAM via TFTP.
2: Load system code then write to Flash via TFTP.
3: Boot system code via Flash (default).
4: Entr boot command line interface.
7: Load Boot Loader code then write to Flash via Serial.
9: Load Boot Loader code then write to Flash via TFTP.
```
**Steps**
Press 4: Entr boot command line interface.
On the pormpt enter.
`setenv firmware_size 0xf60000`
Then enter.
`saveenv`
Then enter.
`reset`
**Device will reboot**
Set your IP 192.168.100.100/24
Connect your lan cable to wan port.
**On the UART Menu**
Press 2: Load system code then write to Flash via TFTP.
Warning!! Erase Linux in Flash then burn new one. Are you sure?(Y/N) **enter** `Y`
Please Input new ones /or Ctrl-C to discard
Input device IP (192.168.100.55) ==:`192.168.100.55`
Input server IP (192.168.100.100) ==:`192.168.100.100`
Input Linux Kernel filename () ==:`openwrt-22.03.0-ramips-mt7621-hanyang_hyc-g920-squashfs-sysupgrade.bin`
After uploading firmware image, device will boot Openwrt.
Signed-off-by: Muhammad AL-Qadhy <m.ismael@gmail.com>
projects / thirdparty / openwrt.git / log
