This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3
The 100-fix-compile.patch patch was merged upstream, see:
https://github.com/Mbed-TLS/mbedtls/issues/6243
https://github.com/Mbed-TLS/mbedtls/pull/7013
The code style of all files in mbedtls 2.28.3 was changed. I took a new
version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this
pull request: https://github.com/Mbed-TLS/mbedtls/pull/6475
Adam Bailey [Tue, 4 Jul 2023 01:16:14 +0000 (20:16 -0500)]
lua: fix integer overflow in LNUM patch
Safely detect integer overflow in try_addint() and try_subint().
Old code relied on undefined behavior, and recent versions of GCC on x86
optimized away the if-statements.
This caused integer overflow in Lua code instead of falling back to
floating-point numbers.
At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...
Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.
Removed because already in upstream:
bcm53xx/patches-5.10/039-v6.5-0003-ARM-dts-BCM5301X-Drop-clock-names-from-the-SPI-node.patch
bcm53xx/patches-5.10/039-v6.5-0015-ARM-dts-BCM5301X-fix-duplex-full-full-duplex.patch
generic/backport-5.10/765-v6.5-net-bgmac-postpone-turning-IRQs-off-to-avoid-SoC-han.patch
bcm53xx: add BCM53573 Ethernet fix sent upstream for v6.6
It seems that DSA-based b53 driver never worked with BCM53573 SoCs and
BCM53125.
In case of swconfig-based b53 this fixes a regression. Switching bgmac
from using mdiobus_register() to of_mdiobus_register() resulted in MDIO
device (BCM53125) having of_node set (see of_mdiobus_register_phy()).
That made downstream b53 driver read invalid data from DT and broke
Ethernet support.
removed redundant eeprom partition nodes from
cn7130_ubnt_edgerouter-4.dts and cn7130_ubnt_edgerouter-6p.dts
as they are identically defined in cn7130_ubnt_edgerouter-e300.dtsi.
Signed-off-by: Carsten Spieß <mail@carsten-spiess.de>
(integrated eeprom referenced node in the .dtsi) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 700f11aaadb7baa38285ed8f928e976a29a72eed)
Some device recipes remove default target packages. If user tries to add
them back they will be ignored, since packages list is processed in one
go. Process the device recipe packages first and do user ones later, so
additions won't get filtered out.
Instead of loading the whole image into the memory when generating the
sha256 sum, we load the file in chunks and update the hash incrementally
to avoid MemoryError in python. Also remove a stray empty line.
Fixes: #13056 Signed-off-by: Adones Pitogo <pitogo.adones@gmail.com>
(mention empty line removal, adds Fixes from PR) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit bdb4b78210cfb6bc8a6cda62fc990dd45ec3054c)
Fixes: e17f9fd0e8a9 ("bcm47xx: revert bgmac back to the old limited max frame size") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 83aeb0bbd47638b42ee6cdda351d0c51e014d790)
Rafał Miłecki [Tue, 7 Feb 2023 17:09:40 +0000 (18:09 +0100)]
bcm47xx: revert bgmac back to the old limited max frame size
Bumping max frame size has significantly affected network performance
and memory usage. It was done by upstream commit that first appeared in
the 5.7 release.
Allocating 512 (BGMAC_RX_RING_SLOTS) buffers, 10 k each, is clearly a
bad idea on 32 MiB devices. This commit fixes support for Linksys E1000
V2.1 which gives up after allocating ~346 such buffers running 5.15
kernel.
The upstream board-2.bin file in the linux-firmware.git
repository for the QCA4019 contains a packed board-2.bin
for this device for both 2.4G and 5G wifis. This isn't
something that the ath10k driver supports.
Until this feature either gets implemented - which is
very unlikely -, or the upstream boardfile is mended
(both, the original submitter and ath10k-firmware
custodian have been notified). OpenWrt will go back
and use its own bespoke boardfile. This unfortunately
means that 2.4G and on some revisions the 5G WiFi is
not available in the initramfs image for this device.
qca9984 isn't affected.
Fixes: #12886 Reported-by: Christian Heuff <christian@heuff.at> Debugged-by: Georgios Kourachanis <geo.kourachanis@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 75505c5ec724b9b961dcb411bac1d4b9aede3e1d)
netfilter: fix typo in nf-socket and nf-tproxy kconfig
Fix a typo where the wrong KCONFIG was used and fix selecting the
correct kernel config option to use these packages.
Fixes: 4f443c885ded ("netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3ebebf08be950a8a0f3bf5b2c3db910621f2cc21)
The DGND3700v2 renames the cferam bootloader from cferam to cfeXXX, where XXX
is the number of firmware upgrades performed by the bootloader. Other bcm63xx
devices rename cferam.000 to cferam.XXX, but this device is special because
the cferam name isn't changed on the first firmware flashing but it's changed
on the subsequent ones.
Therefore, we need to look for "cfe" instead of "cferam" to properly detect
the cferam partition and fix the bootlop.
The DGND3700v2 renames the cferam bootloader from cferam to cfeXXX, where XXX
is the number of firmware upgrades performed by the bootloader. Other bcm63xx
devices rename cferam.000 to cferam.XXX, but this device is special because
the cferam name isn't changed on the first firmware flashing but it's changed
on the subsequent ones.
Therefore, we need to look for "cfe" instead of "cferam" to properly detect
the cferam partition and fix the bootlop.
Some devices rename cferam bootloader using specific patterns and don't follow
broadcom standards for renaming cferam files. This requires supporting
different cferam file names.
Hannu Nyman [Sun, 28 May 2023 11:13:47 +0000 (14:13 +0300)]
bpf-headers: fix compilation with LLVM_IAS=1
Linux 5.10.178 includes backported commits that break the compilation
of bpf-headers, as the compilation gets confused which assembler to use.
Caused by Linux upstream commits just before the .178 tag:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/?h=v5.10.178
2023-04-20 kbuild: check CONFIG_AS_IS_LLVM instead of LLVM_IAS
2023-04-20 kbuild: Switch to 'f' variants of integrated assembler flag
2023-04-20 kbuild: check the minimum assembler version in Kconfig
Hauke Mehrtens [Wed, 7 Jun 2023 20:37:47 +0000 (22:37 +0200)]
openssl: bump to 1.1.1u
Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]
o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
o Fixed handling of invalid certificate policies in leaf certificates
(CVE-2023-0465)
o Limited the number of nodes created in a policy tree ([CVE-2023-0464])
MAC in stock:
|- + |
| LAN | RF-EEPROM + 0x04 |
| WLAN | RF-EEPROM + 0x04 |
| WAN | RF-EEPROM + 0x28 |
OEM easy installation
1. Use a PC to browse to http://my.keenetic.net.
2. Go to the System section and open the Files tab.
3. Under the Files tab, there will be a list of system
files. Click on the Firmware file.
4. When a modal window appears, click on the Choose File
button and upload the firmware image.
5. Wait for the router to flash and reboot.
OEM installation using the TFTP method
1. Download the latest firmware image and rename it to
klite3_recovery.bin.
2. Set up a Tftp server on a PC (e.g. Tftpd32) and place the
firmware image to the root directory of the server.
3. Power off the router and use a twisted pair cable to connect
the PC to any of the router's LAN ports.
4. Configure the network adapter of the PC to use IP address
192.168.1.2 and subnet mask 255.255.255.0.
5. Power up the router while holding the reset button pressed.
6. Wait approximately for 5 seconds and then release the
reset button.
7. The router should download the firmware via TFTP and
complete flashing in a few minutes.
After flashing is complete, use the PC to browse to
http://192.168.1.1 or ssh to proceed with the configuration.
Changelog:
* New Microcodes:
sig 0x000606c1, pf_mask 0x10, 2022-08-07, rev 0x1000201, size 286720
sig 0x000b0671, pf_mask 0x32, 2022-09-07, rev 0x010e, size 204800
* Updated Microcodes:
sig 0x000706e5, pf_mask 0x80, 2022-08-02, rev 0x00b6, size 113664
sig 0x000806c1, pf_mask 0x80, 2022-06-28, rev 0x00a6, size 110592
sig 0x000806d1, pf_mask 0xc2, 2022-06-28, rev 0x0042, size 102400
sig 0x000806ec, pf_mask 0x94, 2022-07-31, rev 0x00f4, size 105472
sig 0x00090661, pf_mask 0x01, 2022-07-15, rev 0x0017, size 20480
sig 0x00090672, pf_mask 0x07, 2022-09-19, rev 0x0026, size 218112
sig 0x00090675, pf_mask 0x07, 2022-09-19, rev 0x0026
sig 0x000b06f2, pf_mask 0x07, 2022-09-19, rev 0x0026
sig 0x000b06f5, pf_mask 0x07, 2022-09-19, rev 0x0026
sig 0x000906a3, pf_mask 0x80, 2022-09-19, rev 0x0424, size 217088
sig 0x000906a4, pf_mask 0x80, 2022-09-19, rev 0x0424
sig 0x000906ed, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 104448
sig 0x000a0652, pf_mask 0x20, 2022-07-31, rev 0x00f4, size 96256
sig 0x000a0653, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 97280
sig 0x000a0655, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 96256
sig 0x000a0660, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 97280
sig 0x000a0661, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 96256
sig 0x000a0671, pf_mask 0x02, 2022-08-02, rev 0x0056, size 103424
We need to update to this version because
https://ftp.debian.org/debian/pool/non-free/i/intel-microcode/intel-microcode_3.20220809.1.tar.xz
has been removed.
ipq40xx: R619AC: replace space with - separator in variant string
Kalle:
"I see that variant has a space in it, does that work it correctly? My
original idea was that spaces would not be allowed, but didn't realise
to add a check for that."
Is this an easy change? Because the original author (Tim Davis) noted:
"You may substitute the & and space with something else saner if they
prove to be problematic."
Daniel Golle [Mon, 15 May 2023 19:56:27 +0000 (21:56 +0200)]
linux-firmware: move firmware file for mt7601u
The firmware file for mt7601u (MediaTek MT7601U Wireless MACs) has
been moved to the mediatek/ folder by commit 8451c2b1 mt76xx: Move the old Mediatek WiFi firmware to mediatek
Address this by updating the location of the firmware file in our
linux-firmware Makefile generating the mt7601u-firmware package.
All other MediaTek Wi-Fi firmware files are supplied by OpenWrt's
own repository rather than being taken from linux-firmware.
Fixes: d53fe5d9ce ("linux-firmware: update to 20230515") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d26ecbcf95e2c2ecf5380fdee733c6b46276e265)
Robert Marko [Wed, 28 Dec 2022 21:57:49 +0000 (22:57 +0100)]
linux-firmware: disable stripping
It has been brought to my attention that recently added WCN6855 firmware
is broken as it is getting stripped during building due to being 2 ELF
binaries.
I am sure WCN6750 and any other ELF binaries are having the same issue,
so since stripping firmware binaries is clearly unwanted disable it.
Fixes: b4d3694f81f4 ("linux-firmware: package ath11k consumer cards firmware") Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 9d8eff6799469e2ed8a5d2e4decd194902c1ec1b)
Changes: 712460c linux-firmware: Update firmware file for Intel Bluetooth 9462 90d5f7e linux-firmware: Update firmware file for Intel Bluetooth 9462 48954ba linux-firmware: Update firmware file for Intel Bluetooth 9560 0e205fd linux-firmware: Update firmware file for Intel Bluetooth 9560 06b941e linux-firmware: Update firmware file for Intel Bluetooth AX201 ba958ff linux-firmware: Update firmware file for Intel Bluetooth AX201 02bdea2 linux-firmware: Update firmware file for Intel Bluetooth AX211 7044d46 linux-firmware: Update firmware file for Intel Bluetooth AX211 1b99bcd linux-firmware: Update firmware file for Intel Bluetooth AX210 4668ae9 linux-firmware: Update firmware file for Intel Bluetooth AX200 5bdfdba linux-firmware: Update firmware file for Intel Bluetooth AX201 b0f995c amdgpu: update DMCUB firmware for DCN 3.1.6 d991031 rtl_bt: Update RTL8822C BT UART firmware to 0xFFB8_ABD6 fd62f01 rtl_bt: Update RTL8822C BT USB firmware to 0xFFB8_ABD3 b15fc21 WHENCE: mrvl: prestera: Add WHENCE entries for newly updated 4.1 FW images bf5a337 mrvl: prestera: Update Marvell Prestera Switchdev FW to v4.1 4a733c2 iwlwifi: add new FWs from core74_pv-60 release 7d2bb50 qcom: drop split a530_zap firmware file 7d56713 qcom/vpu-1.0: drop split firmware in favour of the mbn file 1431496 qcom/venus-4.2: drop split firmware in favour of the mbn file cf95783 qcom/venus-4.2: replace split firmware with the mbn file 1fe6f49 qcom/venus-1.8: replace split firmware with the mbn file abc0302 linux-firmware: Add firmware for Cirrus CS35L41 on new ASUS Laptop 20d9516 iwlwifi: add new PNVM binaries from core74-44 release 06dbfbc iwlwifi: add new FWs from core69-81 release 05df8e6 qcom: update venus firmware files for VPU-2.0 cd6fcdb qcom: remove split SC7280 venus firmware images 1612706 qcom: update venus firmware file for v5.4 ad9fdba qcom: replace split SC7180 venus firmware images with symlink dae5d46 rtw89: 8852b: update fw to v0.27.32.1 a8e86ec rtlwifi: update firmware for rtl8192eu to v35.7 9aa8db1 rtlwifi: Add firmware v4.0 for RTL8188FU 8f86b5a i915: Add HuC 7.10.3 for DG2 48407ff cnm: update chips&media wave521c firmware. bd31846 brcm: add symlink for Pi Zero 2 W NVRAM file 771968c linux-firmware: Add firmware for Cirrus CS35L41 on ASUS Laptops 6f9620e linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops 1d18cb9 linux-firmware: Add firmware for Cirrus CS35L41 on HP Laptops e497757 rtw89: 8852b: add initial fw v0.27.32.0 98b5577 iwlwifi: add new FWs from core72-129 release 604026c iwlwifi: update 9000-family firmwares to core72-129
intel: ac640f0 linux-firmware: Update firmware file for Intel Bluetooth 9462 38dd3f2 linux-firmware: Update firmware file for Intel Bluetooth 9462 72e1216 linux-firmware: Update firmware file for Intel Bluetooth 9560 94c49b4 linux-firmware: Update firmware file for Intel Bluetooth 9560 e4971d1 linux-firmware: Update firmware file for Intel Bluetooth AX201 78c3731 linux-firmware: Update firmware file for Intel Bluetooth AX201 12564a2 linux-firmware: Update firmware file for Intel Bluetooth AX211 edc709e linux-firmware: Update firmware file for Intel Bluetooth AX211 9546d55 linux-firmware: Update firmware file for Intel Bluetooth AX210 111bd14 linux-firmware: Update firmware file for Intel Bluetooth AX200 ac67ec3 linux-firmware: Update firmware file for Intel Bluetooth AX201 99cb4b0 iwlwifi: add new FWs from core70-87 release 7073b8a iwlwifi: update 9000-family firmwares to core70-87 f9e0b9f iwlwifi: remove old unsupported 3160/7260/7265/8000/8265 firmware 7d118ce linux-firmware: Update firmware file for Intel Bluetooth 9462 30dcf82 linux-firmware: Update firmware file for Intel Bluetooth 9462 7d141a6 linux-firmware: Update firmware file for Intel Bluetooth 9560 741fee8 linux-firmware: Update firmware file for Intel Bluetooth 9560 e7214a2 linux-firmware: Update firmware file for Intel Bluetooth AX201 0e3e49a linux-firmware: Update firmware file for Intel Bluetooth AX201 46cfae6 linux-firmware: Update firmware file for Intel Bluetooth AX211 16c926e linux-firmware: Update firmware file for Intel Bluetooth AX211 f293900 linux-firmware: Update firmware file for Intel Bluetooth AX210 41386cc linux-firmware: Update firmware file for Intel Bluetooth AX200 62235c9 linux-firmware: Update firmware file for Intel Bluetooth AX201
realtek: 7eef50f rtw88: 8822c: Update normal firmware to v9.9.13 23b5428 rtw88: 8822c: Update normal firmware to v9.9.12
Shiji Yang [Sun, 21 May 2023 14:51:16 +0000 (22:51 +0800)]
ramips: correct page read return value of the mt7621 nand driver
read_page() need to return maximum number of bitflips instead of the
accumulated number. Change takes from upstream mt7621 u-boot [1].
* @read_page: function to read a page according to the ECC generator
* requirements; returns maximum number of bitflips
* corrected in any single ECC step, -EIO hw error
Sven Roederer [Thu, 11 May 2023 10:42:12 +0000 (12:42 +0200)]
build: escape whitespaces in VERSION_DIST for Netgear images
Prevents subshell commands from failing to parse options
when having defined a whitespace in the VERSION_DIST.
As the called resulting images unlikely will handle
whitespace correctly, we replace them by "-".
Georgi Valkov [Fri, 12 May 2023 23:22:12 +0000 (02:22 +0300)]
fortify-headers: fix build error when _REDIR_TIME64 is not defined
some targets do not define the _REDIR_TIME64 macro resulting in a
build error regression since ddfe5678a448ac8875e94f2fb4ddca67416fa14a
fix by checking if the macro is defined
Fixes: #12587 Fixes: ddfe5678a448 ("fortify-headers: fix inconsistent time_t version of ppoll") Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
(cherry picked from commit 9145c4fbcb655b2f56c76012da85cb203fdbc72b)
Georgi Valkov [Wed, 10 May 2023 00:02:29 +0000 (03:02 +0300)]
fortify-headers: fix inconsistent time_t version of ppoll
Bug:
fortify/poll.h includes poll.h, which redirects ppoll to __ppoll_time64
if the _REDIR_TIME64 macro is 1. Then fortify/poll.h will #undef ppoll
and use the 32 bit version.
Fix: we should not do this when _REDIR_TIME64 is 1.
Yuu Toriyama [Thu, 4 May 2023 10:26:13 +0000 (19:26 +0900)]
wireless-regdb: update to 2023.05.03
Changes: 43f81b4 wireless-regdb: update regulatory database based on preceding changes 66f245d wireless-regdb: Update regulatory rules for Hong Kong (HK) e78c450 wireless-regdb: update regulatory rules for India (IN) 1647bb6 wireless-regdb: Update regulatory rules for Russia (RU). Remove DFS requirement. c076f21 Update regulatory info for Russia (RU) on 6GHz
Felix Baumann [Fri, 21 Apr 2023 01:39:38 +0000 (03:39 +0200)]
ramips: mt7621: add support for Cudy X6 v2
Rename existing device to v1 and create common .dtsi
Difference to v1: 16MB Flash
Specifications:
SoC: MediaTek MT7621
RAM: 256 MB
Flash: 16 MB (SPI NOR, XM25QH128C on my device)
WiFi: MediaTek MT7915E
Switch: 1 WAN, 4 LAN (Gigabit)
Buttons: Reset, WPS
LEDs: Two Power LEDs (blue and red; together they form purple)
Power: DC 12V 1A center positive
Serial: 115200 8N1
C440 - (3V3 - GND - RX - TX) - C41 | v1 and v2
(P - G - R - T) | v2 labels them on the board
Installation:
Download and flash the manufacturer's built OpenWrt image available at
http://www.cudytech.com/openwrt_software_download
Install the new OpenWrt image via luci (System -> Backup/Flash firmware)
Be sure to NOT keep settings.
Recovery:
Loads only signed manufacture firmware due to bootloader RSA verification
Serve tftp-recovery image as /recovery.bin on 192.168.1.88/24
Connect to any lan ethernet port
Power on the device while holding the reset button
Wait at least 8 seconds before releasing reset button for image to
download
MAC addresses as verified by OEM firmware:
use address source
LAN f4:a4:54:86:75:a2 label
WAN f4:a4:54:86:75:a3 label + 1
2g f4:a4:54:86:75:a2 label
5g f6:a4:54:b6:75:a2 label + LA-Bit set + 4th oktet increased
Felix Baumann [Fri, 21 Apr 2023 01:07:58 +0000 (03:07 +0200)]
ramips: Cudy X6 fixes / improvements
- Correct WiFi MACs, they didn't match oem firmware
- Move nvmem-cells to bdinfo partition and remove &bdinfo reference
- Add OEM device model name R13 to SUPPORTED_DEVICES
This allows sysupgrading from Cudy's OpenWrt fork without force
- Label red_led and use it during failsafe mode and upgrades
MAC addresses as verified by OEM firmware:
use address source
LAN b4:4b:d6:2d:c8:4a label
WAN b4:4b:d6:2d:c8:4b label + 1
2g b4:4b:d6:2d:c8:4a label
5g b6:4b:d6:3d:c8:4a label + LA-Bit set + 4th oktet increased
The label MAC address is found in bdinfo 0xde00.
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
[read wifi mac from flash offset] Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 45cf200b2e22c34f2ae043b87e24230de526fefc)
2. Load the OpenWrt initramfs image on the device using TFTP.
Place the initramfs image as "ap105.bin" in the TFTP server
root directory, connect it to the AP and make the server reachable
at 192.168.1.66/24.
$ run apb_rb_openwrt
3. Once OpenWrt booted, transfer the sysupgrade image to the device
using scp and use sysupgrade to install the firmware.
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:
- Excessive Resource Usage Verifying X.509 Policy Constraints
(CVE-2023-0464)
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit
this vulnerability by creating a malicious certificate chain that
triggers exponential use of computational resources, leading to a
denial-of-service (DoS) attack on affected systems.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
- Invalid certificate policies in leaf certificates are silently ignored
(CVE-2023-0465)
Severity: Low
Applications that use a non-default option when verifying certificates
may be vulnerable to an attack from a malicious CA to circumvent
certain checks.
Invalid certificate policies in leaf certificates are silently ignored
by OpenSSL and other certificate policy checks are skipped for that
certificate. A malicious CA could use this to deliberately assert
invalid certificate policies in order to circumvent policy checking on
the certificate altogether.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466. It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.
Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Paul Spooren [Sun, 12 Mar 2023 15:56:41 +0000 (16:56 +0100)]
imagebuilder: allow to specific ROOTFS_PARTSIZE
Setting this options modifies the rootfs size of created images. When
installing a large number of packages it may become necessary to
increase the size to have enough storage.
This option is only useful for supported devices, i.e. with an attached
SD Card or installed on a hard drive.
Specifications:
- MT7621, 256 MiB RAM, 128 MiB SPI NAND
- MT7915 + MT7975 2x2 802.11ax (DBDC)
- Ethernet: 1 port 10/100/1000
- LED RSSI bargraph (2x green, 1x red/orange), status
and RSSI LEDs are incorrectly populated red/orange
(should be red/green according to documentation)
Installation:
- Keep reset button pressed during plug-in
- Web Recovery Updater is at 192.168.0.50
- Upload factory.bin, confirm flashing
(seems to work best with Chromium-based browsers)
Revert to OEM firmware:
- tar -xvf DAP-X1860_RevA_Firmware_101b94.bin
- openssl enc -d -md md5 -aes-256-cbc -in FWImage.st2 \
-out FWImage.st1 -k MB0dBx62oXJXDvt12lETWQ==
- tar -xvf FWImage.st1
- flash kernel_DAP-X1860.bin via Recovery
Kien Truong [Sat, 10 Sep 2022 08:25:35 +0000 (15:25 +0700)]
iproute2: add missing libbpf dependency
This patch adds libbpf to the dependencies of tc-mod-iptables.
The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491
LIBBPF_FORCE=on set, but couldn't find a usable libbpf
The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.
Fixes: #9491 Signed-off-by: Kien Truong <duckientruong@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit fa468d4bcdc7e6eb84ea51d9b05368ed87c43aae)
John Thomson [Wed, 9 Nov 2022 23:55:11 +0000 (09:55 +1000)]
ramips: mt7621: mikrotik 760igs (hEX S) fix SFP
This device uses an AR8031/AR8033 chip to convert SoC gmac1
RGMII to 1000base-x or sgmii for the SFP fibre cage.
The SFP cage requires phy-mode rgmii-rxid, and without it will not
recieve any packets: ethtool -S sfp rx_fcs_errors will increase when
packets should be being received, but no other _rx counters will change.
Fixes: c77858aa792 ("ramips: mt7621-dts: change phy-mode of gmac1 to rgmii") Reviewed-by: Robert Marko <robimarko@gmail.com> Reviewed-by: Arınç ÜNAL <arinc.unal@arinc9.com> Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
(cherry picked from commit 7ea965b57803ceec20222279377e611652ac217f)
Fix the trivial abscence of $() when assigning engine config files to
the main libopenssl-config package even if the corresponding engines
were not built into the main library.
This is mostly cosmetic, since scripts/ipkg-build tests the file's
presence before it is actually included in the package's conffiles.
Fixes: 30b0351039 "openssl: configure engine packages during install" Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c75cd5f6028da6ceb1fb3438da93e2305cd720b1)
Luo Chongjun [Thu, 15 Dec 2022 09:25:15 +0000 (17:25 +0800)]
ath79: Fix glinet ar300m usb not working
glinet forum users reported the problem at
https://forum.gl-inet.com/t/gl-ar300m16-openwrt-22-03-0-rc5-usb-port-power-off-by-default/23199
The current code uses the regulator framework to control the USB power
supply. Although usb0 described in DTS refers to the regulator by
vbus-supply, but there is no code related to regulator implemented
in the USB driver of QCA953X, so the USB of the device cannot work.
Under the regulator framework, adding the regulator-always-on attribute
fixes this problem, but it means that USB power will not be able to be
turned off. Since we need to control the USB power supply in user space,
I didn't find any other better way under the regulator framework of Linux,
so I directly export gpio.
projects / thirdparty / openwrt.git / log
