toolchain: glibc: Update glibc 2.37 to recent HEAD
23021eda75 malloc: Use __get_nprocs on arena_get2 (BZ 30945) 9a1bdd7df7 S390: Do not clobber r7 in clone [BZ #31402] 2fadb0d9b4 support: use 64-bit time_t (bug 30111) 08ac41cf08 make ‘struct pthread’ a complete type 9da8174362 nptl: Unconditionally use a 32-byte rseq area a11c8d521d Include sys/rseq.h in tst-rseq-disable.c 829b64598b linux: Use rseq area unconditionally in sched_getcpu (bug 31479) 6f28bfa4a0 LoongArch: Correct {__ieee754, _}_scalb -> {__ieee754, _}_scalbf 314b731dd8 AArch64: Improve SVE memcpy and memmove d0da4fb615 Add HWCAP2_MOPS from Linux 6.5 to AArch64 bits/hwcap.h 4c3985b4c8 AArch64: Add support for MOPS memcpy/memmove/memset e7f8117b60 AArch64: Cleanup ifuncs 455b1b2b7f AArch64: Cleanup emag memset cb48c2603a AArch64: Add memset_zva64 3dcb8fde81 AArch64: Remove Falkor memcpy 882b7dc2ab aarch64: correct CFI in rawmemchr (bug 31113) bbc290aad4 aarch64: fix check for SVE support in assembler fb8f66c22d AArch64: Check kernel version for SVE ifuncs 6eab323a3c powerpc: Fix ld.so address determination for PCREL mode (bug 31640) 89ce64b269 iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961) ae014a15b4 nptl: Fix tst-cancel30 on kernels without ppoll_time64 support f75c298e74 CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677) 5eea50c440 CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678) a8070b3104 CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678) 6e106dc214 CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680) 1aa819a693 elf: Also compile dl-misc.os with $(rtld-early-cflags) bcd2bf36b4 sparc: Remove 64 bit check on sparc32 wordsize (BZ 27574) 2a41cb9c71 login: Check default sizes of structs utmp, utmpx, lastlog 36ef0d2f2f login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701) 90304900c3 nscd: Use time_t for return type of addgetnetgrentX f4de99ea83 hurd: fix build of tst-system.c 3956fd48d3 Force DT_RPATH for --enable-hardcoded-path-in-tests 340ca2d514 s390x: Fix segfault in wcsncmp [BZ #31934] 182f4a8c75 Add AT_RSEQ_* from Linux 6.3 to elf.h a858172cf9 nptl: fix potential merge of __rseq_* relro symbols 643709c6ee elf: Make dl-rseq-symbols Linux only 7f769dd008 Linux: Make __rseq_size useful for feature detection (bug 31965) 40a1e1798b resolv: Allow short error responses to match any query (bug 31890) 3da1b0064a resolv: Do not wait for non-existing second DNS response after error (bug 30081) 708f507e30 resolv: Track single-request fallback via _res._flags (bug 31476) 88b3554ed9 tests: replace system by xsystem 40fb943e12 linux: Update the mremap C implementation [BZ #31968] aaed1cc9fc mremap: Update manual entry 590e58b652 Add mremap tests aca9c7d5de resolv: Fix tst-resolv-short-response for older GCC (bug 32042) 6e642a47fa Fix name space violation in fortify wrappers (bug 32052) f82e0922de x86: Fix bug in strchrnul-evex512 [BZ #32078] 6eb9420551 support: Add FAIL test failure helper 5784740194 stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650] bb6cfec3dd Make tst-ungetc use libsupport 810fa2488c ungetc: Fix uninitialized read when putting into unused streams [BZ #27821] 5259c8f052 ungetc: Fix backup buffer leak on program exit [BZ #27821] 5b853745fd posix: Use <support/check.h> facilities in tst-truncate and tst-truncate64 3d0acc5b20 nptl: Use <support/check.h> facilities in tst-setuid3 0141e7c794 libio: Attempt wide backup free only for non-legacy code a4d9258090 elf: Change ldconfig auxcache magic number (bug 32231) 4b2b81deb4 nptl: initialize rseq area prior to registration b2ab6ce0f5 nptl: initialize cpu_id_start prior to rseq registration 71fca07505 x86: Avoid integer truncation with large cache sizes (bug 32470) d5ff2fa5af x86_64: Sort fpu/multiarch/Makefile 3607863050 x86_64: Add log2 with FMA c0cae389fb x86_64: Add expm1 with FMA f2947239b6 x86_64: Add log1p with FMA ec7c01efee x86: Check the lower byte of EAX of CPUID leaf 2 [BZ #30643] 0c6f7cd550 elf: Fix slow tls access after dlopen [BZ #19924] f0c2fcce5f x86: Only align destination to 1x VEC_SIZE in memset 4x loop ec40bb7938 sysdeps/x86/Makefile: Split and sort tests b0eef2f27f x86_64: Fix missing wcsncat function definition without multiarch (x86-64-v4) 7e84df6892 x86: Improve large memset perf with non-temporal stores [RHEL-29312] 7d1c950582 x86/string: Fixup alignment of main loop in str{n}cmp-evex [BZ #32212] 19d8959b4d elf: Avoid some free (NULL) calls in _dl_update_slotinfo abe2bb2b47 elf: Support recursive use of dynamic TLS in interposed malloc 9083997843 misc: Add support for Linux uio.h RWF_NOAPPEND flag a3d7865b09 Fix underallocation of abort_msg_s struct (CVE-2025-0395) 24d69e33fc stdlib: Test using setenv with updated environ [BZ #32588] 5288c29247 assert: Reformat Makefile. b989519fe1 assert: Add test for CVE-2025-0395 7feb4c414e AArch64: Improve generic strlen 7d16ea8b42 AArch64: Optimize memset 06eafb057a AArch64: Remove zva_128 from memset 93e4b0796e math: Improve layout of expf data c747695762 AArch64: Add SVE memset b4a783aa30 AArch64: Use prefer_sve_ifuncs for SVE memset 032545ebd3 math: Improve layout of exp/exp10 data 7403ede2d7 elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static 5b1ea2a223 support: Use const char * argument in support_capture_subprogram_self_sgid 1e29775735 support: Add support_record_failure_barrier e8e6c54353 elf: Test case for bug 32976 (CVE-2025-4802) 0f4e5f764b x86_64: Fix typo in ifunc-impl-list.c. fba1c47cb5 elf: Fix subprocess status handling for tst-dlopen-sgid (bug 32987) 9643281f9c support: Don't fail on fchown when spawning sgid processes 245dffa9ed support: Pick group in support_capture_subprogram_self_sgid if UID == 0 ea179f9a37 Fix error reporting (false negatives) in SGID tests 58b768addb posix: Fix double-free after allocation failure in regcomp (bug 33185)
6953f19 wireless-regdb: Update regulatory info for Indonesia (ID) for 2025 2e8214e wireless-regdb: Permit 320 MHz bandwidth in 6 GHz band for GB a94f685 wireless-regdb: Update regulatory info for Egypt (EG) for 2024 7628ce2 wireless-regdb: Update regulatory rules for Brazil (BR) on 6GHz 4411b39 wireless-regdb: Update regulatory info for Vietnam (VN) for 2025 490f136 wireless-regdb: Update regulatory info for Estonia (EE) for 2024 c56c663 wireless-regdb: update regulatory rules for Paraguay (PY) on 6 GHz for 2025 5a8ced5 wireless-regdb: Update regulatory info for CEPT countries for 6GHz listed by WiFi Alliance 5fd8ee3 wireless-regdb: update regulatory rules for Bosnia and Herzegovina (BA) for 6 GHz e05260a wireless-regdb: update regulatory database based on preceding changes
Ivan Romanov [Mon, 26 Aug 2024 07:45:38 +0000 (12:45 +0500)]
build: fix CMake generator for non-Ninja builds
OpenWRT by default uses the Ninja generator, but some packages disable
Ninja and use the default Unix Makefiles generator. This generator can
be overridden in the user environment with `CMAKE_GENERATOR`. This patch
explicitly sets the correct generator when `PKG_USE_NINJA:=0`.
In particular, the `mt76` package uses the Makefiles generator.
Hauke Mehrtens [Fri, 15 Nov 2024 23:08:28 +0000 (00:08 +0100)]
mac80211: Update to version 6.1.145-1
This updates mac80211 to version 6.1.145-1. This code is based on Linux
6.1.145 and contains all fixes included in the upstream wireless
subsystem from that kernel version. This includes many bugfixes and also
some security fixes.
Pavel Kubelun [Wed, 16 Apr 2025 18:07:32 +0000 (21:07 +0300)]
kernel: r8125: disable ASPM
Disable ASPM support for this NIC, fixing strange behavior problems, such as
increased latency, strange uneven throughput, etc.
With this option disabled the NIC achieves stable performance.
Upsteam r8169 driver disables ASPM by default for this NIC.
This allows the network interface naming to be stable, free from any
possible interaction from external USB network devices that might
claim usb* interface names.
This allows the network interface naming to be stable, free from any
possible interaction from external USB network devices that might
claim usb* interface names.
This allows the network interface naming to be stable, free from any
possible interaction from external USB network devices that might
claim usb* interface names.
This allows the network interface naming to be stable, free from any
possible interaction from external USB network devices that might
claim usb* interface names.
This allows the network interface naming to be stable, free from any
possible interaction from external USB network devices that might
claim usb* interface names.
John Audia [Wed, 12 Feb 2025 13:56:47 +0000 (08:56 -0500)]
openssl: update to 3.0.16
Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
CVE-2024-13176[1] - Fixed timing side-channel in ECDSA signature
computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In
particular the NIST P-521 curve is affected. To be able to measure this
leak, the attacker process must either be located in the same physical
computer or must have a very fast network connection with low latency.
CVE-2024-9143[2] - Fixed possible OOB memory access with invalid
low-level GF(2^m) elliptic curve parameters.
Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit
values for the field polynomial can lead to out-of-bounds memory reads
or writes. Applications working with "exotic" explicit binary (GF(2^m))
curve parameters, that make it possible to represent invalid field
polynomials with a zero constant term, via the above or similar APIs,
may terminate abruptly as a result of reading or writing outside of
array bounds. Remote code execution cannot easily be ruled out.
Robert Marko [Fri, 2 May 2025 09:07:54 +0000 (11:07 +0200)]
toolchain: binutils: fix compilation with GCC15
GCC15 has switched the C language default from GNU17 to GNU23[1] and this
causes builds to fail with:
In file included from mips-opc.c:29:
mips-opc.c: In function 'decode_mips_operand':
mips-formats.h:86:7: error: expected identifier or '(' before 'static_assert'
86 | static_assert[(1 << (SIZE)) == ARRAY_SIZE (MAP)]; \
| ^~~~~~~~~~~~~
mips-opc.c:214:15: note: in expansion of macro 'MAPPED_REG'
214 | case 'z': MAPPED_REG (0, 0, GP, reg_0_map);
| ^~~~~~~~~~
So, backport upstream fix for this[2] to fix compilation with GCC15.
Patch for 2.40 was manually refreshed as part of the S390 code does not
exist in 2.40 as it was added after it.
Robert Marko [Wed, 16 Apr 2025 12:04:26 +0000 (14:04 +0200)]
tools: gmp: fix compilation with GCC15
Fedora 42 updated to GCC15 which now defaults to GNU23 as the default
instead of GNU17[1], and this breaks GMP compilation by failing to find
a working compiler test.
Its been fixed upstream [2][3], so backport the fix to fix GCC15 compilation.
Nick Hainke [Sun, 4 May 2025 20:38:10 +0000 (22:38 +0200)]
tools/b43-tools: update to latest version, fix C23 build
Update b43-tools to the latest upstream version to fix a
compilation error with C23:
util.h:25:15: error: 'bool' cannot be defined via 'typedef'
25 | typedef _Bool bool;
| ^~~~
Changelog: c6fc53f replace custom bool typedef with <stdbool.h> dadf30c fix format warning in compilation 2fe10ea b43-fwdump: Fix forwarding of arguments to disassembler
Hauke Mehrtens [Sun, 18 May 2025 13:09:41 +0000 (15:09 +0200)]
tools: elfutils: fix compilation with GCC15
Backport fix from upstream to fix compilation with host GCC 15.
https://sourceware.org/git/?p=elfutils.git;a=commitdiff_plain;h=7508696d107ca01b65ce8273c881462a8658f90f
Robert Marko [Sat, 24 May 2025 10:20:54 +0000 (12:20 +0200)]
image: only filter out images when ImageBuilder is used
Currently, we are filtering out images if DEFAULT:=n or BROKEN:=y are set,
so if you are building from scratch and want to build custom images that
are stripped down to fit, you must edit the image recipe or its just
filtered out.
So, to allow this behaviour when building from scratch as we can assume
that person doing that knows what they are attempting to do lets just limit
the filtering to ImageBuilder.
Fixes: f060615a78e5 ("image: respect DEFAULT and BROKEN when Default profile is selected") Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit d0d1f190683ad5923182140c40afb479907a1c2b)
Robert Marko [Fri, 16 May 2025 11:18:46 +0000 (13:18 +0200)]
image: respect DEFAULT and BROKEN when Default profile is selected
Currently, when you select the Default profile it does not honor DEFAULT:=n
nor BROKEN:=y in device profiles but rather just tries to build all of them.
This may work when building directly, but when using Image Builder it will
always fail since no kernel or anything else is present for devices that
have DEFAULT:=n or BROKEN:=Y set since those are skipped during build.
So, lets look for DEFAULT being set to "n" or BROKEN being set to "y" and
then remove clear _PROFILE_SET so they dont end up being marked for
installation.
Eric Fahlgren [Thu, 8 May 2025 22:28:52 +0000 (15:28 -0700)]
imagebuilder: exclude metadata for profiles that have no kernel
Device profiles that specify 'DEFAULT := n' are being included
in the imagebuilder metadata, specifically in .profiles.mk, even
though there is no kernel built for the device. This results in
'make info' showing the device as valid, but then 'make image
PROFILE=xxx' failing with 'No rule to make target xxx-kernel.bin ...'
We exclude these profiles from the imagebuilder, avoiding these
errors.
Antony Kolitsos [Sat, 17 May 2025 18:18:55 +0000 (11:18 -0700)]
kernel: Update to version 5.15.182
Manually adapted the following patches:
generic/backport-5.15/828-v6.4-0002-of-Update-of_device_get_modalias.patch
generic/backport-5.15/828-v6.4-0004-of-Move-of_modalias-to-module.c.patch
* Update Mozilla certificate authority bundle to version 2.70.
The following certificate authorities were added (+):
+ Telekom Security TLS ECC Root 2020
+ Telekom Security TLS RSA Root 2023
+ FIRMAPROFESIONAL CA ROOT-A WEB
+ TWCA CYBER Root CA
+ SecureSign Root CA12
+ SecureSign Root CA14
+ SecureSign Root CA15
The following certificate authorities were removed (-):
- Security Communication Root CA (closes: #1063093)
Antony Kolitsos [Thu, 8 May 2025 23:20:58 +0000 (16:20 -0700)]
generic: drop extra-old-deprecated pending fix patch for sch codel
Remove patch 620-net_sched-codel-do-not-defer-queue-length-update from openwrt-23.05 as well.
Patch is actually an ancient patch that somehow manage to be ported for 7 solid years.
This comes from [1] where a fix patch was proposed. Nobody notice that the proposed patch was actually rejected upstream in favor of [2]. And the upstream fix patch is present in kernel from version 4.18.
This means that we were actually fixing for a non existant bug and maybe introducing regression down the line.
Drop the patch for good as we already have a fix for it in flace for a long time.
Rudy Andram [Wed, 12 Feb 2025 19:28:49 +0000 (19:28 +0000)]
wireless-regdb: Update to version 2025.02.20
b43aeb5 wireless-regdb: assert and correct maximum bandwidth within frequency difference 68588bf wireless-regdb: Update regulatory info for Syria (SY) for 2020 0dda57e wireless-regdb: Update regulatory info for Moldova (MD) on 6GHz for 2022 b19ab0b wireless-regdb: Update regulatory info for Azerbaijan (AZ) on 6GHz for 2024 f67f40d wireless-regdb: Update regulatory info for Oman (OM) bd70876 wireless-regdb: Update regulatory rules for Armenia (AM) on 2.4 and 5 GHz 6c7cbcc wireless-regdb: Permit 320 MHz bandwidth in 6 GHz band in ETSI/CEPT f9f6b30 wireless-regdb: Update regulatory rules for Austria (AT) 39b47ea wireless-regdb: Update regulatory info for Cayman Islands (KY) for 2024 3dd7ceb wireless-regdb: allow NO-INDOOR flag in db.txt 4d754a1 wireless-regdb: Update regulatory rules for Iran (IR) on both 2.4 and 5Ghz for 2021 8c8308a wireless-regdb: Update frequency range with NO-INDOOR for Oman (OM) c2f11e2 wireless-regdb: update regulatory database based on preceding changes
Antony Kolitsos [Tue, 13 May 2025 03:20:13 +0000 (20:20 -0700)]
mbedtls: update to 2.28.10
This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues.
Mbed TLS 2.28.10 is the last release of the 2.28 LTS and won't receive bug fixes or security fixes anymore.
Users are advised to upgrade to a maintained version.
* CVE-2025-27810: Potential authentication bypass in TLS handshake [1]
* CVE-2025-27809: TLS clients should generally call mbedtls_ssl_set_hostname [2]
Andrew MacIntyre [Mon, 21 Apr 2025 13:18:40 +0000 (23:18 +1000)]
kernel: add missing symbol (BLOCK_LEGACY_AUTOLOAD)
As of kernel v5.15.179 kernel configuration fails without a
reference to BLOCK_LEGACY_AUTOLOAD, apparently as a consequence
of commit 3e9899c12d5ab3a8ce376bf4365175ea3dbaffc0 (backport of 6c0f5898836c05c6d850a750ed7940ba29e4e6c5), so add this symbol as
unset which is the same state the symbol has in the 6.6 kernel
config for 24.10.
Fixes: dfe1b5e82a35 ("kernel: Update to version 5.15.179") Signed-off-by: Andrew MacIntyre <andymac@pcug.org.au> Link: https://github.com/openwrt/openwrt/pull/18552 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Removed the following patches because they were upstreamed:
bcm27xx/patches-5.15/950-0020-drm-probe-helper-Create-a-HPD-IRQ-event-helper-for-a.patch [0]
bcm47xx/patches-5.15/701-bgmac-reduce-max-frame-size-to-support-just-MTU-1500.patch [1]
bcm53xx/patches-5.15/700-bgmac-reduce-max-frame-size-to-support-just-MTU-1500.patch [1]
Manually adapted the following patches:
bcm27xx/patches-5.15/950-0151-usb-add-plumbing-for-updating-interrupt-endpoint-int.patch
bcm27xx/patches-5.15/950-0600-xhci-quirks-add-link-TRB-quirk-for-VL805.patch
Hauke Mehrtens [Sun, 16 Feb 2025 16:59:58 +0000 (16:59 +0000)]
kernel: Update to version 5.15.174
Manually adapted the following patches:
bcm27xx/patches-5.15/950-0156-drm-v3d-Skip-MMU-flush-if-the-device-is-currently-of.patch
bcm27xx/patches-5.15/950-0173-drm-v3d-Delete-pm_runtime-support.patch
generic/hack-5.15/780-usb-net-MeigLink_modem_support.patch
mac80211: fix compilation error for old stable kernel version
Fix compilation error for old stable version caused by
genlmsg_multicast_allns backport fix pushed middle version.
Version 5.15 version 0-169, 6.1 version 0-115, 6.6 version 0-58 have the
old genlmsg_multicast_allns version with flags variable.
Compiling backport project with these version result in a compilation
error. To handle this, introduce a backport function for the affected
kernel version.
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op replace oui 33:44:55 subtype fe
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:44 subtype e8
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c
Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3322'
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command
Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3312'
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: lldpd should resume operations
( The last two TLV are invalid: their oui must be three hex bytes, comma
separated. Only the first hex byte of oui-info 5555555555 is used )
Quoting the kconfig description for CONFIG_PCPU_DEV_REFCNT:
network device refcount are using per cpu variables if this option is
set. This can be forced to N to detect underflows (with a performance
drop).
This was introduced from kernel 5.13 and was wrongly set as disabled.
Some target actually enables it but this should be always enabled unless
refcount needs to be debugged (unlikely for production images)
Enable in generic and drop the entry in every other target.
Cedric CHEDALEUX [Mon, 17 Feb 2025 09:44:36 +0000 (10:44 +0100)]
scripts/feeds: shallow clone submodules
When a feed has submodules, all its submodules are fully cloned whereas
the feed itself is shallowed. Let's be consistent and perform shallow clones
as well for the submodules.
Cedric CHEDALEUX [Mon, 17 Feb 2025 09:41:32 +0000 (10:41 +0100)]
scripts/feeds: shallow clone for specific commit update
When a feed is referenced with a specific commit (i.e. <git_url>^<sha1>),
a full clone was performed and a branch was created from the sha1
and named with the sha1. Other git clones operations are shallowed.
As Git does not support clone at a specific commit, let's first perform
a shallow clone to latest commit, then fetch the relevant commit and
finally checkout it (no more 'pseudo' branch).
It saves bandwith and significantly speeds up the feed update process.
Daniel Golle [Sat, 1 Feb 2025 05:03:50 +0000 (05:03 +0000)]
mediatek: mt7622: fix SATA on BPi-R64
A commit which made their way into Linux stable down to 5.15 broke the
SATA support on the BPi-R64.
Fix this by importing a (still pending) patch re-adding the 'syscon'
compatible to the pciesys clock-controller which also contains phy-mode
bits referenced by the ahci_mtk driver expecting to access them using
syscon_regmap_lookup_by_phandle().
Sander Vanheule [Fri, 24 Jan 2025 16:07:21 +0000 (17:07 +0100)]
realtek: Fix old compatible for HPE 1920-8G PoE
Supported devices are listed in the metadata as the first part of the
DTS compatible. This normally follows the format "vendor,device".
When updating the device name of the 180W 1920-8G PoE an underscore was
used, instead of a comma, to join the vendor and device name. This will
lead to warnings for users wanting to sysupgrade a device with an older
compatible, as the device's info does not match the one the metadata.
Fixes: 987c96e88927 ("realtek: rename hpe,1920-8g-poe to match hardware") Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit 6a7fa68569ac11bb2c2abb14026e8b84acd3a12f)
This patch is needed on bmips since it fixes issues with GPIOs not being
properly configured due to gpio_request_enable not being called on bcm63xx
devices. Therefore we can now drop the bcm63268 gpio function patch.
David Lutz [Tue, 5 Nov 2024 09:55:43 +0000 (10:55 +0100)]
ath79: Add support for Sophos AP15C
The Sophos AP15C uses the same hardware as the AP15, but has a reset button.
Based on:
commit 6f1efb289837 ("ath79: add support for Sophos AP100/AP55 family")
author Andrew Powers-Holmes <andrew@omnom.net>
Fri, 3 Sep 2021 15:53:57 +0200 (23:53 +1000)
committer Hauke Mehrtens <hauke@hauke-m.de>
Sat, 16 Apr 2022 16:59:29 +0200 (16:59 +0200)
Unique to AP15C:
- Reset button
- External RJ45 serial console port
Flashing instructions:
This firmware can be flashed either via a compatible Sophos SG or XG
firewall appliance, which does not require disassembling the device, or via
the U-Boot console available on the internal UART header.
To flash via XG appliance:
- Register on Sophos' website for a no-cost Home Use XG firewall license
- Download and install the XG software on a compatible PC or virtual
machine, complete initial appliance setup, and enable SSH console access
- Connect the target AP device to the XG appliance's LAN interface
- Approve the AP from the XG Web UI and wait until it shows as Active
(this can take 3-5 minutes)
- Connect to the XG appliance over SSH and access the Advanced Console
(Menu option 5, then menu option 3)
- Run `sudo awetool` and select the menu option to connect to an AP via
SSH. When prompted to enable SSH on the target AP, select Yes.
- Wait 2-3 minutes, then select the AP from the awetool menu again. This
will connect you to a root shell on the target AP.
- Copy the firmware to /tmp/openwrt.bin on the target AP via SCP/TFTP/etc
- Run `mtd -r write /tmp/openwrt.bin astaro_image`
- When complete, the access point will reboot to OpenWRT.
To flash via U-Boot serial console:
- Configure a TFTP server on your PC, and set IP address 192.168.99.8 with
netmask 255.255.255.0
- Copy the firmware .bin to the TFTP server and rename to 'uImage_AP15C'
- Open the target AP's enclosure and locate the 4-pin 3.3V UART header [4]
- Connect the AP ethernet to your PC's ethernet port
- Connect a terminal to the UART at 115200 8/N/1 as usual
- Power on the AP and press a key to cancel autoboot when prompted
- Run the following commands at the U-Boot console:
- `tftpboot`
- `cp.b $fileaddr 0x9f070000 $filesize`
- `boot`
- The access point will boot to OpenWRT.
Kyle Hendry [Sun, 17 Nov 2024 02:16:31 +0000 (18:16 -0800)]
bmips: dts: fix pinctrl error
The kernel logs the error "bcm6368_nand 10000200.nand: there is not valid
maps for state default" on boot and all nand pins show as UNCLAIMED in
sysfs pinmux-pins.
bcm6362.dtsi, bcm6368.dtsi and bcm63268.dtsi use the undocumented property
group which the driver doesn't understand. This has been documented upstream
in commit caf963efd4b0b9ff42ca12e52b8efe277264d35b.
Replacing group with pins allows the nand pins to be properly configured.
Signed-off-by: Kyle Hendry <kylehendrydev@gmail.com>
[add bcm636/bcm6368 and fix commit title] Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit d1e9c50d06a8cb618cb85ab489cbcccaec220636)
Chris Jones [Sat, 19 Oct 2024 20:50:54 +0000 (21:50 +0100)]
ipq40xx: make GL.iNet A1300 switch functional
Set the physical switch to KEY_RFKILL, since its previous value
(KEY_SETUP) is unsupported. This should also make the KEY_RESET button
functional, by allowing the gpio-button-hotplug kmod to load.
build: Unconditionally append kmod feed for BuildBot
Recent changes to BuildBot config moved the kmods to a dedicated
directory and dropped them from the packages dir. This was needed as
both OPKG and APK gets confused if both entry are present.
To fix this, unconditionally append the kmod feed line if
CONFIG_BUILDBOT is enabled.
Michael Pratt [Fri, 24 Nov 2023 10:10:12 +0000 (05:10 -0500)]
build: ensure silent Make behavior for json scripts
Run the invocation of Make with verbosity in order to
prevent the printing of Makefile level and subtarget status.
e.g. make[3] -C target/linux val.DEFAULT_PACKAGES val.ARCH_PACKAGES
Remove piping of stderr, which is only useful when using
the "communicate" method over the "run" method,
and this script would not be written to handle a captured error anyway.
For error testing, stdout and stderr can be set to a file object
with the open() function like this:
out = open('json_out', 'w')
err = open('json_err', 'w')
Hauke Mehrtens [Fri, 22 Nov 2024 23:34:30 +0000 (00:34 +0100)]
wifi-scripts: Fix parsing of Capabilities
Fixup capabilities parsing in iw output.
In addition to the normal capabilities iw now also outputs HE MAC, HE
PHY and EHT MAC and EHT PHY capabilities. Exclude them in the parsing.
The grep returns this with mac80211-hwsim:
```
root@OpenWrt:~# iw phy phy0 info | grep 'Capabilities:'
Capabilities: 0x107e
HE PHY Capabilities: (0x02bfce0000000000000000):
EHT PHY Capabilities: (0x7c0000feffff7f01):
HE PHY Capabilities: (0x02bfce0000000000000000):
EHT PHY Capabilities: (0x7c0000feffff7f01):
HE PHY Capabilities: (0x02bf000000000000000000):
Capabilities: 0x107e
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfc1f3ffeffff7f37):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfc1f3ffeffff7f37):
HE PHY Capabilities: (0x1cbf000000000000000000):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfefffffeffffff7f):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfefffffeffffff7f):
HE PHY Capabilities: (0x1cbf000000000000000000):
Capabilities: 0x107e
```
With busybox 1.36.1 the ht_cap_mask variable will be set to
-72057598332895361. With busybox 1.37.0 it will be set to -1.
Both values are wrong, after this change it will be set to 4222
(0x107E).
Huawei AP6010DN is a dual-band, dual-radio 802.11a/b/g/n 2x2 MIMO
enterprise access point with one Gigabit Ethernet port and PoE
support.
Hardware highlights:
- CPU: AR9344 SoC at 480MHz
- RAM: 128MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: AR9344-internal radio
- Wi-Fi 5GHz: AR9580 PCIe WLAN SoC
- Ethernet: 10/100/1000 Mbps Ethernet through Atheros AR8035 PHY
- PoE: yes
- Standalone 12V/2A power input
- Serial console externally available through RJ45 port
- External watchdog: CAT706SVI (1.6s timeout)
Serial console:
9600n8 (9600 baud, no stop bits, no parity, 8 data bits)
MAC addresses:
Each device has 32 consecutive MAC addresses allocated by
the vendor, which don't overlap between devices.
This was confirmed with multiple devices with consecutive
serial numbers.
The MAC address range starts with the address on the label.
To be able to distinguish between the interfaces,
the following MAC address scheme is used:
- eth0 = label MAC
- radio0 (Wi-Fi 2.4GHz) = label MAC + 1
- radio1 (Wi-Fi 5GHz) = label MAC + 2
Installation:
0. Connect some sort of RJ45-to-USB adapter to "Console" port of the AP
1. Power up the AP
2. At prompt "Press f or F to stop Auto-Boot in 3 seconds",
do what they say.
Log in with default admin password "admin@huawei.com".
3. Boot the OpenWrt initramfs from TFTP using the hidden script "run ramboot".
Replace IP address as needed:
4. Optional but recommended as the factory firmware cannot be downloaded publicly:
Back up contents of "firmware" partition using the web interface or ssh:
5. Run sysupgrade using sysupgrade image. OpenWrt
shall boot from flash afterwards.
Return to factory firmware (using firmware upgrade package downloaded from non-public Huawei website):
1. Start a TFTP server in the directory where
the firmware upgrade package is located
2. Boot to u-boot as described above
3. Install firmware upgrade package and format the config partitions:
> update system FatAP6X10XN_SOMEVERSION.bin
> format_fs
Return to factory firmware (from previously created backup):
1. Copy over the firmware partition backup to /tmp,
for example using scp
2. Use sysupgrade with force to restore the backup:
sysupgrade -F huawei_ap6010dn_fw_backup.bin
3. Boot AP to U-Boot as described above
Quirks and known issues:
- The stock firmware has a semi dual boot concept where the primary
kernel uses a squashfs as root partition and the secondary kernel uses
an initramfs. This dual boot concept is circumvented on purpose to gain
more flash space and since the stock firmware's flash layout isn't
compatible with mtdsplit.
- The external watchdog's timeout of 1.6s is very hard to satisfy
during bootup. This is why the GPIO15 pin connected to the watchdog input
is configured directly in the LZMA loader to output the AHB_CLK/2 signal
which keeps the watchdog happy until the wdt-gpio kernel driver takes
over. Because it would also take too long to read the whole kernel image
from flash, the uImage header only includes the loader which then reads
the kernel image from flash after GPIO15 is configured.
Hauke Mehrtens [Sun, 17 Nov 2024 21:15:21 +0000 (22:15 +0100)]
kernel: bump 5.15 to 5.15.173
Removed because they are upstream:
generic/backport-5.15/430-v6.3-udf-Allocate-name-buffer-in-directory-iterator-on-he.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=5ea4b73e268bf9e1d26271943f2f7c4517253395
Fix genlmsg_multicast_allns() build error on kernel 6.6.59.
Based on kernel patch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?h=v6.6.59&id=e0f83d268974dab0361d11904dfc9acec53f96a6
Hauke Mehrtens [Mon, 4 Nov 2024 22:45:25 +0000 (23:45 +0100)]
kernel: bump 5.15 to 5.15.170
Removed because they are upstream:
generic/backport-5.15/777-netfilter-xtables-fix-typo-causing-some-targets-to-not-load-on-IPv6.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=90baa455aa7e099152898cfa5eb3928d6152da12
Hauke Mehrtens [Mon, 4 Nov 2024 21:12:03 +0000 (22:12 +0100)]
kernel: bump 5.15 to 5.15.169
Added patch:
generic/backport-5.15/430-v6.3-udf-Allocate-name-buffer-in-directory-iterator-on-he.patch
This patch fixes the following compile warning:
```
CC [M] fs/udf/namei.o
fs/udf/namei.c: In function 'udf_rename':
fs/udf/namei.c:878:1: error: the frame size of 1144 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
878 | }
| ^
cc1: all warnings being treated as errors
make[7]: *** [scripts/Makefile.build:289: fs/udf/namei.o] Error 1
```