Enable access to uboot menu (needed in wvrtm-130acn):
- The access to uboot menu is blocked by `bootdelay = 0` set in ubootenv.
With stock firmware version 01.01.02.163 and previous, you can use CVE 2020-24365
command injection https://nvd.nist.gov/vuln/detail/CVE-2020-24365
python3 exploit.py -t 192.168.1.1 -c "fw_setenv bootdelay 3; fw_saveenv"
Backup the stock firmware:
- Connect via uart
- Connect via ethernet and assign your pc the address 192.168.15.x/24
- Power on the device; and start typing '4' to enter uboot menu
- Set factory mode and boot
MT7621 # setenv factory 2; saveenv
MT7621 # nand read 2800000200000081000000; bootm
- Telnet and copy all mtd blocks
telnet 192.168.15.1
- Copy all mtd blocks and start webserver
for N in $(seq 0 6); do dd if=/dev/mtd$N of=/tmp/eeprom_mtd$N.bin; done
mount -o bind /tmp /www
lighttpd -f /etc/lighttpd.conf
- Backup stock rootfs_data (optional)
dd if=/dev/mtd7 of=/tmp/eeprom_mtd7.bin
dd if=/dev/mtd8 of=/tmp/eeprom_mtd8.bin
- Download to your pc from http://192.168.15.1/eeprom_mtd$N.bin
Installation:
- Connect via uart
- Connect via ethernet and assign your pc the address 10.10.10.3/24
- Start a tftp server and serve the image initramfs-kernel.bin
mkdir /tmp/ftpd;
cp initramfs-kernel.bin /tmp/ftpd/kernel.bin
dnsmasq --enable-tftp --tftp-root=/tmp/ftpd
- Power on the device; and start typing '4' to halt the bootloader
- Change the active mtd partition from mtd6 to mtd5 (needed by uboot)
MT7621 # setenv mtddevnum 5; saveenv
- Write the openwrt initramfs in ram via tftp and boot it
MT7621 # tftpboot 81000000 kernel.bin; bootm
- From the initramfs create the ubi device and install openwrt via sysupgrade
ubiformat /dev/mtd11 -y
sysupgrade -n -v /tmp/sysupgrade.bin
Recovery:
Restore the stock firmware from the backup of the mtd blocks
mtd write eeprom_mtd5.bin firmware
mtd write eeprom_mtd6.bin Kernel2
mtd write eeprom_mtd7.bin Storage1
mtd write eeprom_mtd8.bin Storage2
ubiformat /dev/mtd8 -y
reboot
Links to previous works on wvrtm-127acn:
https://github.com/digiampietro/hacking-gemtek
https://forum.openwrt.org/t/add-support-for-gemtek-wvrtm-127acn-linkem-provider/168757
Hannu Nyman [Thu, 17 Oct 2024 17:33:36 +0000 (20:33 +0300)]
base-files: increase default system log size to 128 kB
Increase the default system log buffer size option
in /etc/config/system from 64 kB to 128 kB.
64 kB is barely enough for the boot items of a modern router
with a few add-on packages, but any subsequent logging will
quickly cause the early boot items to get overwritten in the
round-robin log buffer. Double the buffer size to 128 kB.
(Note: built-in default in ubox logd itself is still 16 kB)
ath79: Upstream b53 DSA driver for Ubiquiti EdgeSwitch 8XP
The swconfig-based b53 driver for the BCM53128 switch stopped working
after commits b2cfed48f6 (Revert "swconfig: fix Broadcom b53 support")
and e4e410733f (kernel: export switch_generic_set_link() symbol). This
rendered the 8 LAN ports of the EdgeSwitch 8XP non-functional, so the
image compilation for the device was disabled (5a1d7d8c1b).
This commit adds the kmod-dsa-b53-mdio and kmod-dsa-b53 packages
with the upstream B53 DSA driver, replacing the swconfig-based
kmod and kmod-switch-bcm53xx-mdio downstream ones that are not used by
any other device.
The 8 LAN ports of the EdgeSwitch 8XP are usable again. The 02_network
init script has been updated with the new DSA interfaces lan1 .. lan8.
Image building has been reenabled for the device, adding the usual DSA
incompatibility notice.
Daniel Golle [Fri, 18 Oct 2024 11:38:21 +0000 (12:38 +0100)]
mediatek: filogic: convert Acer Predator W6 to use NVMEM framework
Read WiFi calibration data via NVMEM framework. The MAC addresses are
stored inside a file on a filesystem and hence still have to be
extracted in userspace.
WiFI EEPROM extraction has already accidentally been partially removed
by commit 3e6de5d77a ("mediatek: use NVMEM framework on all Adtran
devices").
Fixes: 3e6de5d77a ("mediatek: use NVMEM framework on all Adtran devices") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Felix Fietkau [Fri, 18 Oct 2024 06:03:21 +0000 (08:03 +0200)]
firewall: update to Git HEAD (2024-10-18)
ffba75c9cd8f iptables: free xtables_match if found in need_protomatch bf1d5fdf6234 iptables: fix regression with unintended free in need_protomatch 1aef9791a21e defaults.c: fix ipv6 flow offloading
Jack Sun [Thu, 17 Oct 2024 11:37:38 +0000 (19:37 +0800)]
package: busybox: update download link
There is no file named busybox-1.36.1.tar.bz2 in the root directory of the website
The actual download link is “https://sources.buildroot.net/busybox/busybox-1.36.1.tar.bz2”
Hannu Nyman [Wed, 16 Oct 2024 19:03:34 +0000 (22:03 +0300)]
base-files: Increase failsafe trigger wait time from 2 to 4 sec
Increase the failsafe waiting timeout period from 2 seconds
to 4 seconds.
Since commit 29207748b in 2015 we have had a rapid LED blinking
indication for the failsafe triggering period. But the really short
timeout of 2 seconds requires snappy reaction time from the user to
notice the LED blinking and to push button inside the short window.
Relax the timeout to 4 seconds, which more easily allows to notice
the change in LED blinking and push a button.
Robert Marko [Thu, 17 Oct 2024 12:27:04 +0000 (14:27 +0200)]
ath11k-firmware: update IPQ8074 and QCN9074 to 2.9.0.1-02146
After a long time QCA has pushed an updated release of 2.9.0.1 firmware
for IPQ8074 and QCN9074, so lets update to 2.9.0.1-02146.
Sadly, still nothing new for IPQ6018.
QCA has also moved the repository where they will be posting firmware to
their CodeLinaro instance, so we move to using that and it allows us to
remove the manual download of QCN9074 board-2.bin.
David Bauer [Wed, 22 Nov 2023 01:45:13 +0000 (02:45 +0100)]
mpc85xx: convert Watchguard T10 mac-assignment to NVMEM
MAC-addresses are stored with colons, thus they can now be referenced
using NVMEM.
Signed-off-by: David Bauer <mail@david-bauer.net> Signed-off-by: Rosen Penev <rosenp@gmail.com> Link: https://github.com/openwrt/openwrt/pull/16310 Signed-off-by: Robert Marko <robimarko@gmail.com>
Rosen Penev [Wed, 16 Oct 2024 22:31:20 +0000 (15:31 -0700)]
mpc85xx: p1010: fix NAND devices
Upstream commit 9ba0cae3cac07c21c583f9ff194f74043f90d29c made FSL_IFC
visible and selectable, which means that in order for MTD_NAND_FSL_IFC
to work, it needs these two extra CONFIG options.
Chukun Pan [Wed, 9 Oct 2024 15:10:26 +0000 (23:10 +0800)]
linux-firmware: update Realtek RTW89 firmware
Add RealTek RTL8922AE firmware package. The rtw89 driver uses
rtw8852b_fw-1.bin starting from kernel 6.4[1], remove the old
one. Also note that in the kernel 6.12, rtw8852c and rtw8922a
should use fw-1.bin [2][3].
Felix Fietkau [Wed, 16 Oct 2024 07:55:18 +0000 (09:55 +0200)]
ramips: disable CONFIG_LIST_HARDENED on MT7620
In #16396, crashes were reported on MT7620, which were introduced by enabling
CONFIG_LIST_HARDENED. The cause seems to be random memory corruption somewhere
in the kernel. Unfortunately the crash traces do not point to the real cause
of the crash in any way.
Since MT7620 is really ancient hardware that likely only has few users left,
I don't expect that anybody will invest a significant amount of time to track
down the real cause. Because of that, let's disable CONFIG_LIST_HARDENED on
this target only, and leave it enabled on all other platforms.
Fixes: #16396 Signed-off-by: Felix Fietkau <nbd@nbd.name>
Jonas Jelonek [Tue, 15 Oct 2024 18:52:35 +0000 (20:52 +0200)]
uboot-mediatek: add noncached_set_region prototype to fix build
Building uboot-mediatek fails with GCC-14, uboot v2024.10 and
CONFIG_SYS_NONCACHED_MEMORY defined with error:
cmd/cache.c: In function 'do_dcache':
cmd/cache.c:57:25: error: implicit declaration of function
'noncached_set_region' [-Wimplicit-function-declaration]
This is caused by upstream commit 7d6cee2cd0e2e2507aca1e3a6fe0e2cb241a116e
("cmd: cache: Remove weak functions") as this removes weak functions in
favor of arch-specific definitions.
This patch adds the function prototype for `noncached_set_region` to
arch-specific header for ARM. It also adds an include in cmd/cache.c to
make the function available there.
Fixes: #16697 Fixes: f8c22c9bff ("uboot-mediatek: update to U-Boot 2024.10") Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
[@dangowrt refreshed patch] Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 5 Oct 2024 21:19:43 +0000 (22:19 +0100)]
generic: phy: aquantia: correctly describe LED polarity
Backport newly introduced support for 'active-high' property and use
it to correctly implement polarity assignment for Aquantia PHY LEDs.
Previously the 'active-low' property was used to switch a LED PIN to
active-high ("drive VDD" in Aquantia-speak) mode.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Stijn Tintel [Mon, 14 Oct 2024 21:23:36 +0000 (00:23 +0300)]
qoriq: add missing kernel config symbol
Dropping the source-only flag from qoriq and adding it to the buildbots
exposed a missing kernel config symbol: CONFIG_DRM_OFDRM. Addd it as
disabled to the qoriq kernel config, as the only device currently
supported in the qoriq target does not have any display hardware.
Michael Pratt [Sat, 12 Oct 2024 18:55:04 +0000 (14:55 -0400)]
tools/ninja: update to 1.12.1
Update to the most recent stable release,
including a new job scheduler and bug fixes.
Backport a patch to assist in reworking jobserver support.
The original patch for jobserver support requires reworking
due to the function CanRunMore() and its usage
being significantly changed, including the return
becoming an integer instead of a boolean.
AcquireToken() must now be used in CanRunMore()
in order to quantify how much the job searching loop
is able to run at any time, and in order to do so
CanRunMore() cannot be a constant function anymore.
Robert Marko [Mon, 14 Oct 2024 11:02:24 +0000 (13:02 +0200)]
mvebu: cortex-a9: add upgrade methode to nas1dual
The blamed commit adds a upgrade recipe for nas1dual to specify the
firmware partition name, but does not actually include the recipe that
will be called.
Since it previously relied on the default one, add that one.
Stijn Tintel [Sun, 13 Oct 2024 19:25:10 +0000 (22:25 +0300)]
qoriq: drop source-only flag
While the qoriq target currently supports only one device, the
WatchGuard Firebox M300, the feedback from people using it is that it's
a great bang for the buck. Additionally, people suggest having no
snapshots available hurts adoption.
Fixes: #16148 Fixes: 715634e6d144 ("base-files: upgrade: nand: use "cmd" argument for extracting command") Signed-off-by: Boris Krasnovskiy <borkra@gmail.com> Link: https://github.com/openwrt/openwrt/pull/16690 Signed-off-by: Robert Marko <robimarko@gmail.com>
The firmware partition name is specifc to ipTIME NAS1dual and should not be
set globally.
Fixes: #16148 Fixes: 6ff970bb51f5 ("mvebu: add support for ipTIME NAS1dual") Signed-off-by: Boris Krasnovskiy <borkra@gmail.com> Link: https://github.com/openwrt/openwrt/pull/16690 Signed-off-by: Robert Marko <robimarko@gmail.com>
Linus Walleij [Fri, 9 Aug 2024 09:45:04 +0000 (11:45 +0200)]
linux: generic: net: dsa: mv88e6xxx LED support
This solution that is needed for some routers to provide proper
LED activity when controlled directly by the MV88E6xxx switch,
has just been merged in upstream Linux.
Make this patch 901 as other backports from earlier kernels
are in patch 896 and this is the first free number after
that.
Patch offsets in pending patches are augmented as part of
the refresh.
Itay Shoshani [Sat, 12 Oct 2024 09:56:35 +0000 (09:56 +0000)]
wireless-regdb: Update to version 2024.10.07
b66b9a1 wireless-regdb: update regulatory database based on preceding changes 5097b4a wireless-regdb: Update regulatory info for Tanzania (TZ) for 2024 29633a6 wireless-regdb: Update regulatory info for Pakistan (PK) for 2024 b44edb2 wireless-regdb: Update regulatory info for Serbia (RS) for 2024 dbfae47 Revert "wireless-regdb: Update regulatory info for Serbia (SR) for 2024" 8e3d27c wireless-regdb: Correct regulatory rules of 6GHz frequency for Türkiye (TR) 8760bc3 wireless-regdb: Update regulatory info for Honduras (HN) for 2023 3ba2c53 wireless-regdb: Update regulatory info for Israel (IL) for 2021 83c175c wireless-regdb: Update regulatory info for Kuwait (KW) for 2022 388c80c wireless-regdb: Update regulatory info for Serbia (SR) for 2024 bf55ed4 wireless-regdb: Add .b4-config 3afe172 wireless-regdb: Update .gitignore 3b34761 wireless-regdb: Correct regulatory rules for China (CN) 003c282 wireless-regdb: Update regulatory info for Philippines (PH) on 6GHz 21fcb86 wireless-regdb: Update regulatory info for Guatemala (GT) for 2020 158f105 wireless-regdb: Update regulatory info for Bahrain (BH) for 2024 218d146 wireless-regdb: Add regulatory info for Namibia (NA) for 2023 aad0c26 wireless-regdb: Update regulatory info for Togo (TG) for 2022 983f551 wireless-regdb: Update regulatory info for El Salvador (SV) on 6GHz 58575b4 wireless-regdb: Update regulatory info for Peru (PE) on 6GHz bad3985 wireless-regdb: Update regulatory info for New Zealand (NZ) for 2022 c7d1083 wireless-regdb: Update regulatory info for Qatar (QA) on 6GHz
Hauke Mehrtens [Thu, 10 Oct 2024 20:20:49 +0000 (22:20 +0200)]
gdb: Remove upstreamed SIGINT patch
The problem was fixed upstream, see:
https://sourceware.org/bugzilla/show_bug.cgi?id=18945
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=4c35c4c6a779c79e456b7a5311f74aafc9026bd5
The ase subtarget supports two devices. ALLNET ALL0333CJ has one
Ethernet port and uses only the built-in MAC and PHY. The second
device is the Netgear DGN1000, which uses an AR8216 switch.
The driver for the adm6996 switch was probably accidentally
enabled instead of the ar8216 in commit that restores ase support 9b321bc60de3 ("lantiq: add Amazon-SE subtarget").
Before removing the ase subtarget, only ar8216 was enabled c82183639512 ("lantiq: remove unmaintained code").
Shiji Yang [Fri, 4 Oct 2024 14:40:11 +0000 (22:40 +0800)]
ppp: remove discovery phase timeout hack patch
In the original code, the entire time delay of the discovery phase
is only 5+5x2+5x2x2 = 35s. Increasing timeout may be necessary if
discovery phase fails on first attempt. There is a chance to fix
the "Timeout waiting for PADO packets" issue by removing this patch.
Petr Štetiar [Sat, 28 Sep 2024 13:27:19 +0000 (13:27 +0000)]
openwrt-keyring: add apk public key for signing of package indexes
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which
is going to be used for signing of apk's package.adb package indexes
after the builds using `apk adbsign --sign-key <key> packages.adb`
command on the buildbot.
For some reason the new belkin-header.py script works without issues
in a local Fedora build environment. In the OpenWrt build pipeline it
produces the following errors:
Traceback (most recent call last):
File "/builder/shared-workdir/build/scripts/belkin-header.py", line 92, in <module>
head = create_header(buf, args.belkin_header, args.belkin_model)
File "/builder/shared-workdir/build/scripts/belkin-header.py", line 68, in create_header
head[28:29] = VERSION1.to_bytes(1)
TypeError: to_bytes() missing required argument 'byteorder' (pos 2)
This may be related due to different python version. Fix this by
handing over the needed parameters
Added the following default ksym to target/linux/generic/config-6.6:
CONFIG_PROC_MEM_ALWAYS_FORCE=y
# CONFIG_PROC_MEM_FORCE_PTRACE is not set
# CONFIG_PROC_MEM_NO_FORCE is not set
Felix Fietkau [Fri, 11 Oct 2024 16:50:32 +0000 (18:50 +0200)]
mt76: update to Git HEAD (2024-10-11)
513bd7683746 Revert "wifi: mt76: mt7915: disable the second PCIe link for MT7915" 703c6b78c133 wifi: mt76: mt7915: firmware restart on devices with a second pcie link
Thomas Richard [Tue, 24 Sep 2024 16:27:16 +0000 (18:27 +0200)]
scripts/feeds: force kernel package scan after a target installation
When a target is installed from a feed, the linux kernel package is scanned
before the installation of this target.
If some kernel module packages are defined in this feeds at the target
level, there were not parsed during the scan of linux kernel package, as
the target didn't exist yet. So these kernel module packages don't exist.
Once the target is installed, clean the linux kernel packageinfo to force
the scan of the linux kernel package next time this script (or the make
command) is called.
Robert Marko [Mon, 7 Oct 2024 13:07:39 +0000 (15:07 +0200)]
kernel: netdevices: add RmNet MAP support
RmNet driver provides a transport agnostic MAP (multiplexing and
aggregation protocol) support in embedded module. Module provides
virtual network devices which can be attached to any IP-mode
physical device.
This is commonly used on Qualcomm based modems for data aggregation.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Daniel Golle [Tue, 8 Oct 2024 23:23:53 +0000 (00:23 +0100)]
generic: net: phy: use all SerDes MAC interface modes
Instead of forcing 2.5G PHYs into rate-adapter mode which results higher
energy consumption, lack of support for half-duplex modes and typically
worse performance when linked at speeds less than 2.5G, use SGMII mode
which allows the MAC to follow the PHY speed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 8 Oct 2024 23:19:26 +0000 (00:19 +0100)]
generic: net: phy: realtek: various improvements
Follow the advise of Russell King allows to greatly improve the driver
for RealTek's 1G and 2.5G Ethernet PHYs. The results are full/half
duplex as well as Gbit master/slave property being read from PHY
Specific Status Register (PHYSR), and fixes regarding link-partner
advertisement.
Fixes: #14504 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 8 Oct 2024 18:33:49 +0000 (19:33 +0100)]
mediatek: update MediaTek PHY patchset
The previous iteration of MediaTek's PHY patches caused various weird bugs.
Drop culprit patch 733-10-net-phy-mediatek-Extend-1G-TX-RX-link-pulse-time.patch
and use the most recent iteration of the patchset which has been posted to the
netdev mailing list.
Thomas Richard [Thu, 19 Sep 2024 10:27:27 +0000 (12:27 +0200)]
toplevel.mk: add target feeds in 'make distclean'
When 'make distclean' is called, remove the target feeds.
Otherwise the directory target/linux/feeds/ (with broken symlinks) still
exists after a distclean.
Hauke Mehrtens [Mon, 7 Oct 2024 21:28:20 +0000 (23:28 +0200)]
valgrind: Fix build on ARMv7
The valgrind configure script checks if host_cpu is set to armv7 or arm.
By default --host is set to arm-openwrt-linux and the host_cpu variable
is set to arm. Then the valgrind build tries to compile valgrind for
armv6 and fails. Set it explicitly to armv7 to compile valgrind with
armv7 support.
Shiji Yang [Tue, 24 Sep 2024 11:15:56 +0000 (19:15 +0800)]
ipq40xx: add support for SKSpruce WIA3300-20
Specification
-------------
- SoC : Qualcomm IPQ4019
- RAM : 256 MiB DDR3 (NT5CC128M16JR-EK)
- Flash : 64 MiB SPI NOR (Winbond W25Q512JVFQ)
- WLAN : IPQ4019 built-in
- 2.4 GHz : 2x2 MIMO WiFi4
- 5 GHz : 2x2 MIMO WiFi5
- Ethernet : QCA8075 10/100/1000 Mbps 1x WAN (ETH1, PoE); 1x LAN (ETH2)
- USB : 1x 2.0 Type-A
- UART : 3.3V, 115200n8
- Buttons : 1x Reset
- LEDs : 1x RUN (lime & red)
1x WiFi 2.4 GHz (lime)
1x WiFi 5 GHz (lime)
2x ETH (lime), controlled by the QCA8075 phy
- Power : DC 12V & 802.3at PoE
- FCC ID : 2AHKT-WIA3300-20
- TFTP IP :
- client : 192.168.18.254
- router : 192.168.18.1
Installation
------------
1. Open uart console and start TFTP server. Copy initramfs image to
the TFTP root directory and rename it to 'ipqinitramfs.bin'.
2. Power on and press 'Enter' to exit to the u-boot console according
to the TTL log prompt.
3. Execute commands to load the initramfs image:
tftpboot && bootm
4. Enter into OpenWrt to backup the partitions if you want to restore
the stock firmware one day.
5. Override default 'bootcmd' environment variable in u-boot console:
env set bootcmd 'sf probe && sf read $loadaddr 0x980000 0x800000 && bootm $loadaddr'
env save
6. Repeat step 3 and flash 'sysupgrade' image in OpenWrt.
Recovery and return to stock
----------------------------
1. Restore the backup firmware partitions in the installation step 4.
2. Restore `bootcmd` environment variable via commands:
env set bootcmd bootipq && env save
MAC addresses
-------------
+---------+-------------------+
| | MAC example |
+---------+-------------------+
| LABEL | xx:xx:xx:xx:xx:25 |
| LAN | xx:xx:xx:xx:xx:26 |
| WAN | xx:xx:xx:xx:xx:25 |
| WLAN 2g | xx:xx:xx:xx:xx:28 |
| WLAN 5g | xx:xx:xx:xx:xx:29 |
+---------+-------------------+
Notice
-----------
1. Some CH340 USB-TTL module doesn't work on this device.
2. The 'firmware' partition consists of four parts in the vendor
layout:
* Name Start Size
* rootfs 0x980000 0x1680000
* 0:HLOS1 0x2000000 0x800000
* rootfs_1 0x2800000 0x1400000
* rootfs_data 0x3c00000 0x350000
3. User can control the USB power supply via commands:
echo enabled > /sys/devices/platform/output-usb-power/state
echo disabled > /sys/devices/platform/output-usb-power/state
projects / thirdparty / openwrt.git / log
