openwrt/openwrt.git
3 months agouhttpd: Decrease the default validity time of certificate
Hannu Nyman [Wed, 1 May 2024 10:53:34 +0000 (13:53 +0300)]
uhttpd: Decrease the default validity time of certificate

The recommended maximum validity period is currently 397 days
and some browsers throw warning with longer periods.

Reference to
https://cabforum.org/working-groups/server/baseline-requirements/
 6.3.2 Certificate operational periods and key pair usage periods
 Subscriber Certificates issued on or after 1 September 2020
 SHOULD NOT have a Validity Period greater than 397 days and
 MUST NOT have a Validity Period greater than 398 days.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/15366
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agouhttpd: Include new extensions in uhttpd self-signed certs
Pat Fruth [Wed, 1 May 2024 10:50:23 +0000 (13:50 +0300)]
uhttpd: Include new extensions in uhttpd self-signed certs

The introduction of MacOS Catalina includes new requirements for self-signed certificates.
See: https://support.apple.com/en-us/HT210176
These new requirements include the addition of two TLS server certificate extensions.
- extendedKeyUsage
- subjectAltName
The extendedKeyUsage must be set to serverAuth.
The subjectAltName must be set to the DNS name of the server.
In the absense of these new extensions, when the LUCI web interface is configured to use HTTPS and
self-signed certs, MacOS user running Google Chrome browsers will not be able to access the LUCI web enterface.
If you are generating self-signed certs which do not include that extension, Chrome will
report "NET::ERR_CERT_INVALID" instead of "NET::ERR_CERT_AUTHORITY_INVALID".  You can click through to
ignore the latter, but not the former.

This change updates the uhttpd init script to generate self-signed cert that meets the new requirements.
Signed-off-by: Pat Fruth <pat@patfruth.com>
Link: https://github.com/openwrt/openwrt/pull/15366
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agopx5g-mbedtls: add subjectAltName and extendedKeyUsage to SSL certs
Hannu Nyman [Wed, 1 May 2024 11:49:46 +0000 (14:49 +0300)]
px5g-mbedtls: add subjectAltName and extendedKeyUsage to SSL certs

To better acommodate with the current browsers' requirements, also
self-signed certificates should have subjectAltName and
extendedKeyUsage defined in the self-signed x509 SSL certificates.

The following case sensitive options are now possible:
-addext subjectAltName=DNS:...
-addext subjectAltName=EMAIL:...
-addext subjectAltName=IP:...
-addext subjectAltName=URI:...
-addext extendedKeyUsage=serverAuth OR -addext extendedKeyUsage=any

Initial draft by Paul Donald <newtwen@gmail.com>

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/15366
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agofirmware: omnia-mcu-firmware: Bump to 4.1
Marek Behún [Tue, 13 Aug 2024 07:24:11 +0000 (09:24 +0200)]
firmware: omnia-mcu-firmware: Bump to 4.1

Bump `omnia-mcu-firmware` to version 4.1.

This version fixes the following issue on boards with GD32 MCU:
* the user has old GD32 MCU bootloader and application (version 2.0)
* the user upgraded MCU application firmware to newer version (from
  2.99 to 4.0)
* the user wants to upgrade application again, but it is impossible,
  because when MCU application firmware jumps into the old MCU
  bootloader firmware (2.0), the old bootloader firmware gets stuck in
  exception
* the user has to restart the board and upgrade the bootloader firmware
  first, which is not ideal, since if bootloader firmware upgrade is
  interrupted, the board gets bricked

Therefore the `omnia-mcutool` utility version 0.3-rc3 will refuse to
upgrade MCU application firmware to versions 2.99 to 4.0 if the MCU
bootloader firmware is at version 2.0.

For users to be able to upgrade MCU application firmware on GD32
boards, they will need this new 4.1 version.

Users that already upgraded the MCU application firmware to a version
version between 2.99 and 4.0 (using a previous version of the
`omnia-mcutool` utility) have no other choice but to upgrade MCU
bootloader firmware as well.

Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/16159
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agotools/cmake: Update to 3.30.2
Hannu Nyman [Sat, 3 Aug 2024 06:46:18 +0000 (09:46 +0300)]
tools/cmake: Update to 3.30.2

Update cmake to version 3.30.2
Release notes: https://cmake.org/cmake/help/v3.30/release/3.30.html

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/16059
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agompc85xx: fix wdr4900 ethernet
Rosen Penev [Mon, 12 Aug 2024 17:23:06 +0000 (10:23 -0700)]
mpc85xx: fix wdr4900 ethernet

997acc7f86ca985cba52f7ea8b72f0661a1e3c52 split this PHY driver up such
that external QCA switches now use CONFIG_QCA83XX_PHY. Fix it here so
that ethernet works again.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16154
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agoramips: add support for Xiaomi R4AC v2 (intl)
Anton Stratonnikov [Mon, 25 Dec 2023 22:35:24 +0000 (01:35 +0300)]
ramips: add support for Xiaomi R4AC v2 (intl)

The second edition of international version of Mi Router 4A 100M is
very similar to the non-international one, but has another wireless chip.

 Installation
--------------

1. Initialize build-in firmware (use webgui for 192.168.31.1)
  You should install root password

2. Run OpenWRTInvasion for the first time (probably it will fail)
  Version 0.0.10 is working as well as 0.0.1.

3. Run OpenWRTInvasion for the second time
  It will create an access to your router

4. Upload sysupgrade image to router (/tmp/fw.bin)
  pc# nc -l 8080 < …/ramips/mt76x8/…-100m-intl-v2-squashfs-sysupgrade.bin
  router# nc 192.168.31.175 8080 > /tmp/fw.bin

5. Flash new firmware
  router# run mtd -r write /tmp/fw.bin OS1

6. Check result
  Wait about 5-10 minutes after flash. Router should reboot itself and
  turn left led from orange to blue.

In case of failure one can use Xiaomi 4a 100m debrick tool
(it uploads special image via tftpd in recovery mode)
After that you can start again from step 1.

Another actions are very similar to original Mi Router 4A 100M

 Original mtd paritions:
-------------------------

```
Creating 9 MTD partitions on "raspi":
0x000000000000-0x000001000000 : "ALL"
0x000000000000-0x000000020000 : "Bootloader"
0x000000020000-0x000000030000 : "Config"
0x000000030000-0x000000040000 : "Factory"
0x000000040000-0x000000050000 : "crash"
0x000000050000-0x000000060000 : "cfg_bak"
0x000000060000-0x000000160000 : "overlay"
0x000000160000-0x000000dc0000 : "OS1"
0x000000dc0000-0x000001000000 : "disk"
with special sub-partition
0x0000002c0000-0x000000dc0000 : "rootfs"
```

We will use OS1+disk space:
```
0x000000160000-0x000001000000 : "firmware"
```

Co-authored-by: Nita Vesa <nita.vesa@elektrik.link>
Signed-off-by: Anton Stratonnikov <billic@yandex.ru>
Link: https://github.com/openwrt/openwrt/pull/14304
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: bump 6.1 to 6.1.104
Zxl hhyccc [Sun, 11 Aug 2024 12:40:56 +0000 (20:40 +0800)]
kernel: bump 6.1 to 6.1.104

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.104

All patches automatically rebased.

1 mm: restrict the pcp batch scale factor to avoid too long latency
a new kconfig option (PCP_BATCH_SCALE_MAX) is added to
set the max batch scale factor.Whose default value is 5,
and users can reduce it when necessary.

https://lore.kernel.org/all/20231016053002.756205-5-ying.huang@intel.com/T/#u

Build system: bcm4908 bcm53xx

Signed-off-by: Zxl hhyccc <zxlhhy@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16141
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: bump 6.6 to 6.6.45 and update config-6.6
John Audia [Sun, 11 Aug 2024 14:57:59 +0000 (10:57 -0400)]
kernel: bump 6.6 to 6.6.45 and update config-6.6

Build on at leasst x86/64 failed without adding the new ksym:
CONFIG_PCP_BATCH_SCALE_MAX=5

According to www.kernelconfig.io[1], this option seems to apply
to all arches so I placed it in target/linux/generic/config-6.6

Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.45

Removed upstreamed:
generic/backport-6.6/719-v6.11-net-phy-realtek-add-support-for-RTL8366S-Gigabit-PHY.patch[2]

All other patches automatically rebased.

1. https://www.kernelconfig.io/config_pcp_batch_scale_max?q=&kernelversion=6.10.3&arch=x86
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.6.45&id=b45cbfa204b2a0985eb85dcb33d51714ee089bb9

Build system: x86/64
Build-tested: x86/64/AMD Cezanne, flogic/xiaomi_redmi-router-ax6000-ubootmod, ramips/tplink_archer-a6-v3
Run-tested: x86/64/AMD Cezanne, flogic/xiaomi_redmi-router-ax6000-ubootmod, ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/16144
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agotoolchain: gcc: update GCC 14 to 14.2.0
Thomas Weißschuh [Thu, 1 Aug 2024 15:59:42 +0000 (17:59 +0200)]
toolchain: gcc: update GCC 14 to 14.2.0

All patches automatically rebased.

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
Link: https://github.com/openwrt/openwrt/pull/16047
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agohostapd: Add support for APuP
Gioacchino Mazzurco [Wed, 20 Mar 2024 10:06:54 +0000 (11:06 +0100)]
hostapd: Add support for APuP

Add support for hostapd Access Point Micro Peering

Signed-off-by: Gioacchino Mazzurco <gio@polymathes.cc>
Link: https://gitlab.com/g10h4ck/hostap/-/commits/APuP
Link: https://github.com/openwrt/openwrt/pull/15442
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agolantiq: arv7525pw: use nvmem for eeprom
Rosen Penev [Tue, 6 Aug 2024 01:18:49 +0000 (18:18 -0700)]
lantiq: arv7525pw: use nvmem for eeprom

NVMEM is the upstream replacement for this. ralink,mtd-eeprom is
deprecated. The others need to stay as there's byte swapping going on.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16084
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agouboot-envtools: Add support for Orange Pi R1 Plus & LTS
Vyacheslav Ivanov [Tue, 6 Aug 2024 09:44:49 +0000 (12:44 +0300)]
uboot-envtools: Add support for Orange Pi R1 Plus & LTS

Add support this boards to envtools config
This commit integrates the latest changes from new U-Boot, which includes important updates to the DTSI files for the Orange Pi R1 Plus and Orange Pi R1 Plus LTS boards.

Signed-off-by: Vyacheslav Ivanov <islavaivanov76@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16090
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agoimx: drop 6.1 support
Mieczyslaw Nalewaj [Wed, 7 Aug 2024 19:01:22 +0000 (21:01 +0200)]
imx: drop 6.1 support

Drop config and files for Linux 6.1.

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/16107
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agoimx: use kernel 6.6 by default
Mieczyslaw Nalewaj [Wed, 7 Aug 2024 18:58:52 +0000 (20:58 +0200)]
imx: use kernel 6.6 by default

Switch to Linux kernel version 6.6.

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/16107
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agoath10k-ct: bump to version 6.9
Hannu Nyman [Tue, 30 Jul 2024 16:17:31 +0000 (19:17 +0300)]
ath10k-ct: bump to version 6.9

Use ath10k-ct 6.9 to better match mac80211 backports 6.9.x

Drop patch 010 that is merged upstream.
Add patch 001 to fix version to 6.9 (overlooked by upstream).
Refresh patches.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/16036
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agomediatek: mt7623: get rid of fitblk_get_bootdev
Daniel Golle [Sun, 11 Aug 2024 17:14:40 +0000 (18:14 +0100)]
mediatek: mt7623: get rid of fitblk_get_bootdev

Also migrate mt7623 to new fitblk support scripts which simplify
sysupgrade when using uImage.FIT. This had been forgotten previously.

Fixes: 4448d6325f ("mediatek: make use of common uImage.FIT upgrade functions")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 months agobase-files: get rid of forgotten traces of fitblk_get_bootdev
Daniel Golle [Sun, 11 Aug 2024 17:14:12 +0000 (18:14 +0100)]
base-files: get rid of forgotten traces of fitblk_get_bootdev

The function fitblk_get_bootdev doesn't exist any more, using it in
export_bootdevice anyway never made much sense and only worked for
classic block devices.
Just drop /dev/fit* handling there, it isn't needed anywhere.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 months agoramips: mt7621_nand: use clk_get_optional_enabled
Rosen Penev [Sun, 11 Aug 2024 01:05:28 +0000 (18:05 -0700)]
ramips: mt7621_nand: use clk_get_optional_enabled

Simplifies the code by removing clk_disable_unprepare.

Also removed gotos and used dev_err_probe.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16133
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agomediatek: fix a use-after-free kernel panic in wed code
Zheng Zhang [Sat, 10 Aug 2024 11:52:15 +0000 (19:52 +0800)]
mediatek: fix a use-after-free kernel panic in wed code

Fix a use-after-free bug in mtk_wed_setup_tc_block_cb()
which leads to kernel panic when setup multiple ap
interfaces on one band of mt798x.

Signed-off-by: Zheng Zhang <everything411@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16118
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agomediatek: add script to trigger scrubbing of FIP-in-UBI
Daniel Golle [Sun, 11 Aug 2024 22:45:46 +0000 (23:45 +0100)]
mediatek: add script to trigger scrubbing of FIP-in-UBI

Read the 'fip' static volume in order to trigger scrubbing in case of
detecting flipped bits while reading.
We have to do this in Linux because we never read or touch the 'fip'
volume and the UBISPL implementation in ARM TrustedFirmware-A does NOT
handle scrubbing itself.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 months agogeneric: import patch lowering bitflip_threshold on SPI-NAND
Daniel Golle [Mon, 12 Aug 2024 02:06:14 +0000 (03:06 +0100)]
generic: import patch lowering bitflip_threshold on SPI-NAND

Reporting an unclean read from SPI-NAND only when the maximum number
of correctable bitflip errors has been hit seems a bit late.
UBI LEB scrubbing, which depends on the lower MTD device reporting
correctable bitflips, then only kicks in when it's almost too late.

Set bitflip_threshold to 75% of the ECC strength, which is also the
default for raw NAND.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 months agoarm-trusted-firmware-mediatek: fix NAND read failure on SNFI
Daniel Golle [Sun, 11 Aug 2024 22:18:53 +0000 (23:18 +0100)]
arm-trusted-firmware-mediatek: fix NAND read failure on SNFI

A bug has plagued bl2 which caused failure to boot and bricked Linksys
E8450 and Belkin RT3200 devices in case of correctable bitflips being
detected during a read operation. A simple logic error resulted in read
to be considered errornous instead of just continueing in case of
correctable bitflips.

Address this by importing a patch fixing that logic error.

The issue, which has been dubbed as the "OpenWrt Kiss of Death", and is
now a thing of the past.

Users should preemptively update bl2 to prevent their devices being at
risk.

Link: https://github.com/mtk-openwrt/arm-trusted-firmware/pull/11
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 months agogeneric: 6.6: add Winbond W25N01KV support
Robert Marko [Mon, 29 Jul 2024 12:40:46 +0000 (14:40 +0200)]
generic: 6.6: add Winbond W25N01KV support

It seems that some Xiaomi AX3000T boards changed to using Winbond W25N01KV
SPI-NAND which is not supported in OpenWrt nor upstream kernel.

So, add a pending patch to support it as upstream supports rest of the KV
revision models.

Fixes: #16002
Link: https://github.com/openwrt/openwrt/pull/16088
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agorockchip: add led and network config to nanopi r6s
Ben Whitten [Tue, 4 Jun 2024 18:21:36 +0000 (19:21 +0100)]
rockchip: add led and network config to nanopi r6s

We need to configure the led and network config for this board on
start as per the others

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15607
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agorockchip: add NanoPi R6S support
Ben Whitten [Tue, 4 Jun 2024 18:22:45 +0000 (19:22 +0100)]
rockchip: add NanoPi R6S support

Add patches for the nanopi r6s board, backporting from 6.9 where
basic support is landing.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15607
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agouboot-rockchip: add nanopi r6s rk3588s board support
Ben Whitten [Thu, 13 Jul 2023 20:52:58 +0000 (21:52 +0100)]
uboot-rockchip: add nanopi r6s rk3588s board support

Backporting support for the NanoPi R6S from upstream
uboot.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15607
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agouboot-rockchip: backport upstream dts sync
Ben Whitten [Tue, 6 Aug 2024 20:57:48 +0000 (21:57 +0100)]
uboot-rockchip: backport upstream dts sync

Upstream uboot have merged in kernel dts files, we need
the update for the rk3588 boards.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15607
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agorkbin: add rk3588 support
Ben Whitten [Thu, 13 Jul 2023 20:41:27 +0000 (21:41 +0100)]
rkbin: add rk3588 support

Adding support for the rk3588 platform

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15607
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: r8126: add RSS variant
Álvaro Fernández Rojas [Sun, 11 Aug 2024 13:30:07 +0000 (15:30 +0200)]
kernel: r8126: add RSS variant

Instead of enabling RSS support, let's introduce a variant and let users
choose between both variants since it can cause network issues.

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
3 months agokernel: r8125: add RSS variant
Álvaro Fernández Rojas [Sun, 11 Aug 2024 13:29:32 +0000 (15:29 +0200)]
kernel: r8125: add RSS variant

Instead of enabling RSS support, let's introduce a variant and let users
choose between both variants since it can cause network issues.

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
3 months agopackage: add kmod-r8168 ethernet driver
Álvaro Fernández Rojas [Sat, 22 Jun 2024 14:04:24 +0000 (16:04 +0200)]
package: add kmod-r8168 ethernet driver

r8168 is an out of tree driver provided by Realtek for RTL8168 devices.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
3 months agopackage: add kmod-r8125 ethernet driver
Álvaro Fernández Rojas [Sat, 22 Jun 2024 14:04:24 +0000 (16:04 +0200)]
package: add kmod-r8125 ethernet driver

r8125 is an out of tree driver provided by Realtek for RTL8125 devices.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
3 months agopackage: add kmod-r8126 ethernet driver
Álvaro Fernández Rojas [Sat, 22 Jun 2024 14:04:24 +0000 (16:04 +0200)]
package: add kmod-r8126 ethernet driver

r8126 is an out of tree driver provided by Realtek for RTL8126 devices.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
3 months agouboot-envtools: add env settings for ubnt,unifi-6-lr-v3
Joel Low [Sat, 10 Aug 2024 04:08:56 +0000 (12:08 +0800)]
uboot-envtools: add env settings for ubnt,unifi-6-lr-v3

Using the same configuration as my earlier Unifi 6-LRv2s:

```bash
$ cat /etc/fw_env.config
/dev/mtd3 0x0 0x1000 0x1000 1
$ fw_printenv
arch=arm
baudrate=115200
board=mt7622_evb
board_name=mt7622_evb
bootcmd=bootubnt
bootdelay=3
bootfile=uImage
cpu=armv7
device_model=U6-LR
ethact=mtk_eth
ethaddr=<redacted>
ipaddr=<redacted>
is_ble_stp=true
is_default=true
loadaddr=0x5007FF28
macaddr=<redacted>
serverip=<redacted>
soc=mt7622
stderr=serial
stdin=serial
stdout=serial
vendor=mediatek
```

Signed-off-by: Joel Low <joel@joelsplace.sg>
Link: https://github.com/openwrt/openwrt/pull/16127
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agomediatek: EAP111: add label-mac-device
Robert Marko [Fri, 9 Aug 2024 11:30:42 +0000 (13:30 +0200)]
mediatek: EAP111: add label-mac-device

Add the label-mac-device alias so that label MAC is set and can later
be used in userspace.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
3 months agosdk: fix APK key creation
Paul Spooren [Thu, 8 Aug 2024 15:31:18 +0000 (17:31 +0200)]
sdk: fix APK key creation

The keys are created differently compared to the old OPKG keys. Instead
of being part of base-files/configure, they are created as a Makefile
requirement of `package/compile`, which is a cleaner solution.

This requirement would only be added to non SDK environments, however
APK always requires keys to be available. Add an `else` case for the SDK
and create keys.

Signed-off-by: Paul Spooren <mail@aparcar.org>
3 months agotools: firmware-utils: update to Git HEAD (2024-08-09)
Hauke Mehrtens [Thu, 8 Aug 2024 22:14:06 +0000 (00:14 +0200)]
tools: firmware-utils: update to Git HEAD (2024-08-09)

26c7f05 nec-usbatermfw: add tool for NEC "USB ATERM" format

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agoqualcommax: ipq60xx: add support for Cambium Networks XE3-4
Kristian Skramstad [Mon, 20 May 2024 07:49:31 +0000 (09:49 +0200)]
qualcommax: ipq60xx: add support for Cambium Networks XE3-4

Cambium Networks XE3-4 is a tri-radio Wi-Fi 6/6E 4×4/2×2 AP.

Hardware:
    Model:    Cambium Networks XE3-4
    CPU:      IPQ6010/AP-CP01-C3, SoC Version: 1.0 @ 800 MHz
    Memory:   1 GiB
    Flash:    512 MiB Macronix MX30UF2G18AC + W25Q128FW
    Ethernet: 1x 1 GbE   (QCA8072)
              1x 2.5 GbE (QCA8081)
    Buttons:  1x Reset
    Serial:   TX, RX, GND
    Baudrate: 115200
    Radios:   Qualcomm Atheros IPQ6018 802.11ax - 2x2 - 2GHz
              Qualcomm Atheros IPQ6018 802.11ax - 2x2 - 5GHz
              Qualcomm Atheros QCN9074 802.11ax - 4x4 - 5GHz or 6GHz
              BLE 4.1
    Power:    32.0W 802.3bt5 PoE++
              25.5W 802.3at with USB, BT disabled
    Size:     215mm x 215mm
    Ports:    1x USB 2.0
    Antenna:  6 GHz: 6.29 dBi, Omni    30 dBm
              5 GHz: 6.12 dBi, Omni    31 dBm
              2.4 GHz: 4.85 dBi, Omni  29 dBm
    LEDs:     Multi-color status LEDs
    Mounting: Wall, ceiling or T-bar

Installation: Serial connection
1. Open the AP to get access to the board. Connect RX, TX and GND.
2. Power on the AP, and short the CS pin of the SPI flash with
   one of the APs GND pins.
3. Transfer the initramfs image with TFTP
   (Default server IP is 192.168.0.120)
   # tftpboot factory.ubi
4. Flash the rootfs partition
   # flash rootfs
5. Reboot the AP
   # reset

Signed-off-by: Kristian Skramstad <kristian+github@83.no>
Link: https://github.com/openwrt/openwrt/pull/15633
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agorockchip: rock 3a: fix image check failed
Tomas Lara [Sat, 3 Aug 2024 19:16:15 +0000 (19:16 +0000)]
rockchip: rock 3a: fix image check failed

Fixes the image check failed on system upgrade
  "Image check failed:
   upgrade: Device radxa,rock3a not supported by this image
   upgrade: Supported devices: radxa,rock-3a"

Signed-off-by: Tomas Lara <tl849670@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16064
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agomediatek: increase phy assert time for jdcloud re-cp-03
Tianling Shen [Wed, 7 Aug 2024 18:53:51 +0000 (02:53 +0800)]
mediatek: increase phy assert time for jdcloud re-cp-03

According to RTL8221B's datasheet, the PHY requires at least 10ms
for assert and 68ms (recommended) for de-assert. So increase the
assert/de-assert time to 15ms and 68ms respectively.

Fixes: c0c3234e1720 ("mediatek: add support for JDCloud RE-CP-03")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/16106
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: rtl8367b: restore rlvid definitions
Mieczyslaw Nalewaj [Wed, 7 Aug 2024 20:44:46 +0000 (22:44 +0200)]
kernel: rtl8367b: restore rlvid definitions

Restore RTL8367B_CHIP_VER_RLVID_SHIFT and RTL8367B_CHIP_VER_RLVID_MASK definitions
removed in commit c30e0eb2a33e.

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/16108
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agotoolchain: mold: Update to 2.33.0
Carsten Schuette [Thu, 1 Aug 2024 16:40:24 +0000 (18:40 +0200)]
toolchain: mold: Update to 2.33.0

Update mold to 2.33.0
Link: https://github.com/rui314/mold/releases/tag/v2.33.0
Signed-off-by: Carsten Schuette <schuettecarsten@googlemail.com>
Link: https://github.com/openwrt/openwrt/pull/16048
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agobmips: refactor Inteno XG6846 device tree
Álvaro Fernández Rojas [Tue, 25 Jun 2024 15:41:19 +0000 (17:41 +0200)]
bmips: refactor Inteno XG6846 device tree

Refactor Inteno XG6846 device tree to be in line with other bmips devices.
Also expose USB LED automatically.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
3 months agobcm27xx: align and enable hwmon/thermal symbols
Álvaro Fernández Rojas [Wed, 7 Aug 2024 15:04:43 +0000 (17:04 +0200)]
bcm27xx: align and enable hwmon/thermal symbols

- Enable CONFIG_HWMON and CONFIG_THERMAL_HWMON on all subtargets.
- Drop kmod-thermal from bcm2712.
- Add CONFIG_SENSORS_RASPBERRYPI_HWMON generic symbol.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
3 months agolibunistring: update to 1.2
Aleksey Vasilenko [Sun, 4 Aug 2024 08:20:31 +0000 (11:20 +0300)]
libunistring: update to 1.2

Release notes:
  https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob_plain;f=NEWS

Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16065
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agoarchs38: enable features rootfs-part
Thomas Weißschuh [Tue, 6 Aug 2024 20:44:55 +0000 (22:44 +0200)]
archs38: enable features rootfs-part

target/linux/archs38/image/Makefile calls gen_axs10x_sdcard_img.sh
with $(CONFIG_TARGET_ROOTFS_PARTSIZE).
Make sure a rootfs partition is built and usable.

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
Link: https://github.com/openwrt/openwrt/pull/16098
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agokernel: mtdtests: update for 6.1 as well
Zxl hhyccc [Tue, 6 Aug 2024 15:36:04 +0000 (23:36 +0800)]
kernel: mtdtests: update for 6.1 as well

6.1.103 and 6.6.44 introduced breakage complaining about missing mtd_test.ko
for some targets.

Signed-off-by: Zxl hhyccc <zxlhhy@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16093
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agokernel: bump 6.1 to 6.1.103
Zxl hhyccc [Tue, 6 Aug 2024 11:41:33 +0000 (19:41 +0800)]
kernel: bump 6.1 to 6.1.103

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.103

Removed upstreamed:
generic/backport-6.1/412-v6.3-01-spidev-Add-Silicon-Labs-EM3581-device-compatible.patch

See: See: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.1.103&id=c6c419ed94788ca13334b4acd50167b7f6d00a06

All other patches automatically rebased.

Build system: bcm4908 bcm53xx

Signed-off-by: Zxl hhyccc <zxlhhy@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16093
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agokernel: switch crc32 implementation back to default
Qingfang Deng [Fri, 28 Jun 2024 08:20:09 +0000 (16:20 +0800)]
kernel: switch crc32 implementation back to default

Commit ec885796c05a switched the crc32 implementation from default to
byte-at-a-time algorithm, which runs slower but consumes less memory.
A decade has passed, and we have already abandoned targets that had
small memory, so switch it back to default for faster speed.

Signed-off-by: Qingfang Deng <qingfang.deng@siflower.com.cn>
3 months agomvebu: GL-MV1000: let u-boot-env be writable again
Enrico Mioso [Tue, 2 Jul 2024 16:09:09 +0000 (18:09 +0200)]
mvebu: GL-MV1000: let u-boot-env be writable again

Allows easily changing boot media for GL-MV1000.

Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
3 months agomvebu: enable CONFIG_MTD_SPI_NOR_USE_VARIABLE_ERASE=y config option
Enrico Mioso [Tue, 2 Jul 2024 16:09:08 +0000 (18:09 +0200)]
mvebu: enable CONFIG_MTD_SPI_NOR_USE_VARIABLE_ERASE=y config option

Enable the CONFIG_MTD_SPI_NOR_USE_VARIABLE_ERASE kernel option to allow for
U-Boot environment writing. This might be hiding a problem somewhere else,
since the w25q128fw chip supports 32K erases, still this change makes it
much easier to switch the GL-MV1000 boot media without an UART cable
connection.

Thanks to @robimarko and @hacks for the precious hints and suggesting a
better approach.

Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
3 months agomvebu: GL-MV1000: add custom boot script
Enrico Mioso [Tue, 2 Jul 2024 16:09:07 +0000 (18:09 +0200)]
mvebu: GL-MV1000: add custom boot script

This allows booting from internal eMMC or SD card just changing the
U-Boot mmc_dev variable.
In particular, setting mmc_dev to 1 will result in booting from the SD card.
Setting the variable to 0 will result in internal eMMC boot (the default).
Should the variable be unset or an error condition occur while reading
from SD card, internal MMC booting will be tried.

Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
3 months agompc85xx: remove 6.1 kernel support
Pawel Dembicki [Tue, 6 Aug 2024 08:43:42 +0000 (10:43 +0200)]
mpc85xx: remove 6.1 kernel support

mpc85xx was switched to 6.6. We can remove 6.1 support now.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16087
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agompc85xx: switch to kernel 6.6
Pawel Dembicki [Tue, 6 Aug 2024 08:42:27 +0000 (10:42 +0200)]
mpc85xx: switch to kernel 6.6

It's time for wide tests.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16087
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agobcm27xx: update to latest RPi patches
Álvaro Fernández Rojas [Wed, 3 Jul 2024 18:30:59 +0000 (20:30 +0200)]
bcm27xx: update to latest RPi patches

The patches were generated from the RPi repo with the following command:
git format-patch v6.6.44..rpi-6.6.y

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
3 months agoapk: switch to index-trust branch
Paul Spooren [Tue, 6 Aug 2024 12:22:00 +0000 (14:22 +0200)]
apk: switch to index-trust branch

Initially APK would sign packages and package index and verify
signatures individually. With the latest change, all packages inside a
trusted index are automatically trusted.

This is important within the OpenWrt eco-system since signing the index
happens on another machine than the package creation.

Signed-off-by: Paul Spooren <mail@aparcar.org>
3 months agobase-files: improve Dell EMC Edge620 (x86) product support
Stan Grishin [Mon, 22 Jul 2024 08:05:51 +0000 (08:05 +0000)]
base-files: improve Dell EMC Edge620 (x86) product support

This adds auto-configuration of network ports on Dell EMC Edge620 (x86) product.
It is similar in specs/features to some of the Sophos x86-based appliances, but:

1. Serial console terminal is built in and requires just the micro-USB cable
2. Comes with both MMC (16Gb) and SSD (256Gb) installed
3. Comes with 6 ethernet ports all 6 are functional when no SFP is used
4. Comes with two SFP cages and not one, like some of revision 3 Sophos products
5. Unlike Sophos devices, there are no non-wireless models of Edge 620,
   it comes with Qualcomm Atheros QCA9880 radio

These devices can be now found both second-hand and new at online marketplaces below
(sometimes well below) US $100, I believe they make great candidates for running OpenWrt.

The ethernet network ports on the case are marked GE1 thru to GE6 with the
following mapping once booted into OpenWrt:

```
GE1: eth2: pci0000:00/0000:00:0b.0/0000:02:00.2
GE2: eth3: pci0000:00/0000:00:0b.0/0000:02:00.3
GE3: eth0: pci0000:00/0000:00:0b.0/0000:02:00.0
GE4: eth1: pci0000:00/0000:00:0b.0/0000:02:00.1
GE5: eth7: pci0000:00/0000:00:17.0/0000:07:00.1
GE6: eth6: pci0000:00/0000:00:17.0/0000:07:00.0
```

Dell's instructions for [standard configuration](https://infohub.delltechnologies.com/en-us/l/dell-emc-edge-620-advanced-activation-guide/dell-emc-sd-wan-edge-620-standard-configuration/)
recommend using GE3, GE4, GE5, or GE6 for WAN, I've selected the GE6 as the sole
WAN port under OpenWrt with the rest of ethernet ports assigned to LAN.

Please merge before 24.xx is forked and if possible, cherry-pick for 23.05
if there's no ETA for 24.xx forking.

PS. @Hurricos I'm struggling with ixgbe mappings on Sophos devices which use
very similar hardware to Dell EMC, so even tho I know the sys paths for ethernet ports,
I'd prefer to do a separate commit to properly map ethernet ports to match the case markings
for this device at some point later.

Signed-off-by: Stan Grishin <stangri@melmac.ca>
3 months agogeneric: 6.6: add backported bmips CBR patches
Álvaro Fernández Rojas [Tue, 6 Aug 2024 10:33:48 +0000 (12:33 +0200)]
generic: 6.6: add backported bmips CBR patches

Move v6.11 backported bmips CBR patches from bmips target to generic.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
3 months agokernel: Add kmod-mfd-test for kernel 6.6 only
Mieczyslaw Nalewaj [Tue, 6 Aug 2024 05:36:10 +0000 (07:36 +0200)]
kernel: Add kmod-mfd-test for kernel 6.6 only

Compilation of mtd_test.ko should be added only for kernel 6.6 or above.

Fixes 26df88a ("kernel: Add kmod-mfd-test")

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/16085
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agoutils: omnia-mcutool: Bump to 0.3-rc3
Marek Behún [Tue, 6 Aug 2024 07:21:42 +0000 (09:21 +0200)]
utils: omnia-mcutool: Bump to 0.3-rc3

Bump omnia-mcutool to 0.3-rc3:

* The `--upgrade` option will now work even if MCU is in bootloader (for
  example if previous upgrade was aborted).

* On boards with GD32 MCUs, `omnia-mcutool` will now refuse to upgrade
  application firmware to version lower than 4.1 if bootloader version
  is 2.0 (the original for first batch of boards with GD32 MCUs) since
  these versions of application and bootloader are not compatible.

  If user already upgraded to such a combination, an upgrade of
  bootloader firmware is required.

  The `--upgrade` option will inform about this and will automatically
  upgrade bootloader firmware if the `--force` option is given.

  (Note that version 4.1 of the MCU firmware was will be released soon,
   once it is properly tested.)

* Various other improvements.

Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/16086
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agokernel: bump 6.6 to 6.6.44
John Audia [Sat, 3 Aug 2024 15:44:35 +0000 (11:44 -0400)]
kernel: bump 6.6 to 6.6.44

Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.44

Removed upstreamed:
rockchip/patches-6.6/044-v6.11-arm64-dts-rockchip-Add-sdmmc-related-properties-on-r.patch[1]
rockchip/patches-6.6/045-v6.11-arm64-dts-rockchip-Add-pinctrl-for-UART0-to-rk3308-r.patch[2]
rockchip/patches-6.6/046-v6.11-arm64-dts-rockchip-Add-mdio-and-ethernet-phy-nodes-t.patch[3]
rockchip/patches-6.6/048-v6.11-arm64-dts-rockchip-Update-WIFi-BT-related-nodes-on-r.patch[4]
rockchip/patches-6.6/310-PCI-dw-rockchip-Fix-initial-PERST-GPIO-value.patch[5]

Manually rebased:
bcm27xx/patches-6.6/950-0526-mfd-Add-rp1-driver.patch
ramips/patches-6.6/810-uvc-add-iPassion-iP2970-support.patch

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.6.44&id=96155dc8c99e76a0e58932ca5f88148a37af3617
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.6.44&id=30ee9e5ecc5fd6854a1690ab11e6e6b4851ac9ab
3. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.6.44&id=0c4c1b7daf23bccf0da5b65b3cd5b32bfa5a5af4
4. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.6.44&id=a86a5685675834732789df202e73153db59d8dcc
5. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.6.44&id=a30211c6704899de0616ac0f97601122d899c86d

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/16061
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: Add kmod-mfd-test
John Audia [Sat, 3 Aug 2024 18:23:42 +0000 (14:23 -0400)]
kernel: Add kmod-mfd-test

6.6.44 introduced breakage complaining about missing mtd_test.ko
for some targets.

Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/16061
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: rtl8367b: use realtek,extif property
Mieczyslaw Nalewaj [Sat, 27 Jul 2024 12:50:04 +0000 (14:50 +0200)]
kernel: rtl8367b: use realtek,extif property

Use realtek,extif property instead of realtek,extif0 to extif2
by extending it with the cpu_port parameter.
The extif number is automatically calculated based on cpu_port.

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/15749
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: rtl8367b: store chip in smi->rtl8367b_chip
Mieczyslaw Nalewaj [Sun, 4 Aug 2024 16:25:04 +0000 (18:25 +0200)]
kernel: rtl8367b: store chip in smi->rtl8367b_chip

Store the chip type in smi->rtl8367b_chip

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/15749
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: rtl8367b: remove rlvid analysis
Mieczyslaw Nalewaj [Sat, 27 Jul 2024 10:52:04 +0000 (12:52 +0200)]
kernel: rtl8367b: remove rlvid analysis

Remove the rlvid analysis because for the rtl8367b family chips supported
by the driver (rtl8367rb and rtl8367r-vb), rlvid is always equal to 1.
So the code for rlvid equal to 0 is completely unnecessary.

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/15749
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: rtl8367: use realtek,extif property
Mieczyslaw Nalewaj [Sun, 21 Jul 2024 19:46:49 +0000 (21:46 +0200)]
kernel: rtl8367: use realtek,extif property

Use realtek,extif property instead of realtek,extif0 and realtek,extif1
by extending it with the cpu_port parameter.
The extif number is automatically calculated based on cpu_port.

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/15749
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: add missing symbol
Stijn Tintel [Sat, 3 Aug 2024 12:55:18 +0000 (15:55 +0300)]
kernel: add missing symbol

Enabling KERNEL_DEBUG_INFO_BTF and KERNEL_KPROBE_EVENTS on 6.6 exposes
CONFIG_PROBE_EVENTS_BTF_ARGS in the kernel config. Add a build option
for it to fix build failures with KERNEL_DEBUG_INFO_BTF and
KERNEL_KPROBE_EVENTS enabled on targets using the 6.6 kernel.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
3 months agozynq: drop 6.1 support
Mieczyslaw Nalewaj [Mon, 29 Jul 2024 09:11:07 +0000 (11:11 +0200)]
zynq: drop 6.1 support

Drop config for Linux 6.1.

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/16030
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agozynq: use kernel 6.6 by default
Mieczyslaw Nalewaj [Mon, 29 Jul 2024 09:07:45 +0000 (11:07 +0200)]
zynq: use kernel 6.6 by default

Switch to Linux kernel version 6.6.

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/16030
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agohostapd: fix SAE H2E security vulnerability
Rany Hany [Wed, 31 Jul 2024 17:16:55 +0000 (17:16 +0000)]
hostapd: fix SAE H2E security vulnerability

This patch backports fixes for a security vulnerability impacting the
hostapd implementation of SAE H2E.

As upgrading hostapd would require more testing, the second mitigation
step which involves backporting several patches was adopted as outlined
in the official advisory[1].

An explanation of the impact of the vulnerability is provided from the
advisory[1]:

This vulnerability allows the attacker to downgrade the negotiated group
to another enabled group if both the AP and STA have enabled SAE H2E and
multiple groups. It should be noted that the H2E option is not enabled
by default and the attack is not applicable to the default option, i.e.,
hunting-and-pecking, since it does not have any downgrade protection for
group negotiation. In addition, the default configuration for enabled
SAE groups in hostapd is to enable only a single group, so the
vulnerability is not applicable unless hostapd has been explicitly
configured to enable more groups for SAE.

[1]: https://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt

Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16042
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agoutils: Add the omnia-mcutool utility
Marek Mojík [Thu, 26 Oct 2023 11:46:11 +0000 (13:46 +0200)]
utils: Add the omnia-mcutool utility

Add a new utility, omnia-mcutool, which main purpose is to upgrade the
firmware on the microcontroller on the Turris Omnia router. Depends on
omnia-mcu-firmware, and the upgrade process is pretty simple:

  omnia-mcutool --upgrade

Besides firmware upgrade, the utility can be used to show and configure
various firmware settings.

Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agofirmware: Add CZ.NIC Turris Omnia MCU firmware
Marek Mojík [Fri, 20 Oct 2023 15:06:19 +0000 (17:06 +0200)]
firmware: Add CZ.NIC Turris Omnia MCU firmware

Add a new package, omnia-mcu-firmware, containing firmware binaries for
the microcontroller on the Turris Omnia router.

Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agomvebu: Add kmod-turris-omnia-mcu
Marek Mojík [Fri, 20 Oct 2023 09:29:37 +0000 (11:29 +0200)]
mvebu: Add kmod-turris-omnia-mcu

Add support for the MCU driver on CZ.NIC's Turris Omnia. This adds
the ability to do a true board poweroff, and to configure various
features (for example the user may configure that after poweroff, the
router should automatically wake up at a specific time).

Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agogpio-button-hotplug: add vendor button handling
Marek Behún [Mon, 22 Jul 2024 13:33:17 +0000 (15:33 +0200)]
gpio-button-hotplug: add vendor button handling

Handle the KEY_VENDOR key in gpio-button-hotplug driver. This is used
by Turris Omnia.

Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agomvebu: 6.6: Backport Turris Omnia MCU patches from 6.11
Marek Behún [Mon, 22 Jul 2024 10:58:20 +0000 (12:58 +0200)]
mvebu: 6.6: Backport Turris Omnia MCU patches from 6.11

This backports patches
  dt-bindings: firmware: add cznic,turris-omnia-mcu binding
  platform: cznic: Add preliminary support for Turris Omnia MCU
  platform: cznic: turris-omnia-mcu: Add support for MCU connected GPIOs
  platform: cznic: turris-omnia-mcu: Add support for poweroff and wakeup
  platform: cznic: turris-omnia-mcu: Add support for MCU watchdog
  platform: cznic: turris-omnia-mcu: Add support for MCU provided TRNG
  ARM: dts: turris-omnia: Add MCU system-controller node
  ARM: dts: turris-omnia: Add GPIO key node for front button
  platform: cznic: turris-omnia-mcu: Depend on OF
  platform: cznic: turris-omnia-mcu: Depend on WATCHDOG
  platform: cznic: turris-omnia-mcu: fix Kconfig dependencies
that will be released in 6.11 into mvebu/patches-6.6.

Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agoipq40xx: Drop nand features from Chromium image
Brian Norris [Mon, 7 Nov 2022 06:14:22 +0000 (22:14 -0800)]
ipq40xx: Drop nand features from Chromium image

This target doesn't actually use NAND.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16001
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agoRevert "ath79: remove GPIO driver earlier registration hack"
Joan Moreau [Tue, 30 Jul 2024 14:20:20 +0000 (14:20 +0000)]
Revert "ath79: remove GPIO driver earlier registration hack"

This reverts commit f444dea428cdcafd78fb75004a942da24cabd48c.

It seems that some devices using GPIO WDT have really short WDT timeouts
and when using module_platform_driver registration it happens too late
and thus WDT will timeout and reset the board.

So, for now lets return the postcore_initcall hack for now.

Fixes: f444dea428cd ("ath79: remove GPIO driver earlier registration hack")
Signed-off-by: Joan Moreau <jom@grosjo.net>
Link: https://github.com/openwrt/openwrt/pull/16035
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agogeneric: 6.6: backport upstream RealTek PHY patches
Álvaro Fernández Rojas [Mon, 24 Jun 2024 17:22:51 +0000 (19:22 +0200)]
generic: 6.6: backport upstream RealTek PHY patches

Replace downstream RealTek PHY patches with backported ones.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
3 months agolayerscape: remove kernel 6.1 support
Pawel Dembicki [Wed, 31 Jul 2024 07:19:47 +0000 (09:19 +0200)]
layerscape: remove kernel 6.1 support

Layerscape was switched to 6.6 kernel. Now is time to remove 6.1
support.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16037
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agolayerscape: switch to 6.6 kernel
Pawel Dembicki [Wed, 31 Jul 2024 07:16:49 +0000 (09:16 +0200)]
layerscape: switch to 6.6 kernel

Let's start wide tests 6.6 kernel.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16037
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agomediatek: refresh patches
Robert Marko [Fri, 2 Aug 2024 08:01:26 +0000 (10:01 +0200)]
mediatek: refresh patches

CI says patches need to be refreshed, so do so.

Fixes: 6bb334c5cf1c ("mediatek: fix u-boot env layout NVMEM definitions")
Link: https://github.com/openwrt/openwrt/pull/16051
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agonetifd: update to git HEAD
Daniel Golle [Thu, 1 Aug 2024 19:43:41 +0000 (20:43 +0100)]
netifd: update to git HEAD

 68c8a4f system-linux: re-apply ethtool on phy attachment
 890929b wireless: add support for defining wifi interfaces via procd service data
 b57e40b wireless: use blobmsg_parse_attr
 7a6532f proto-shell: add proto property for skipping device config
 33ec3da CMake: bump the minimum required CMake version to 3.5

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 months agogeneric: 6.6: update block nvmem patchset
Daniel Golle [Fri, 28 Jun 2024 02:39:36 +0000 (03:39 +0100)]
generic: 6.6: update block nvmem patchset

While discussions are still ongoing, update the block NVMEM provider
patchset to the level submitted upstream to allow testing and validation.

Link: https://patchwork.kernel.org/project/linux-block/list/?series=875202
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 months agomediatek: fix u-boot env layout NVMEM definitions
Enrico Mioso [Tue, 30 Jul 2024 08:44:19 +0000 (10:44 +0200)]
mediatek: fix u-boot env layout NVMEM definitions

s/u-boot,env-layout/u-boot,env/g

Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
3 months agokirkwood: remove 6.1 support
Pawel Dembicki [Wed, 24 Jul 2024 08:35:28 +0000 (10:35 +0200)]
kirkwood: remove 6.1 support

Kirkwood was switched to 6.6. We can remove 6.1 support now.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15998
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agokirkwood: remove accidentally commited file
Pawel Dembicki [Wed, 24 Jul 2024 08:29:44 +0000 (10:29 +0200)]
kirkwood: remove accidentally commited file

generic.mk was commited by mistake. It isn't used. Let's remove it.

Fixes: ccbdb212f36f ("kirkwood: Add missing package dependency")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15998
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agokirkwood: switch to kernel 6.6
Pawel Dembicki [Wed, 24 Jul 2024 08:20:56 +0000 (10:20 +0200)]
kirkwood: switch to kernel 6.6

Let's switch to kernel 6.6 for wide tests.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15998
Signed-off-by: Robert Marko <robimarko@gmail.com>
3 months agorockchip: add RTL8723DU support for Radxa ROCK Pi E v3.0
FUKAUMI Naoki [Thu, 25 Jul 2024 22:03:21 +0000 (07:03 +0900)]
rockchip: add RTL8723DU support for Radxa ROCK Pi E v3.0

Radxa ROCK Pi E v3.0 has a RTL8723DU Wi-Fi 4 on-board device. enable
it.

Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15910
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agorockchip: add RTL8723DS support for Radxa ROCK Pi S
FUKAUMI Naoki [Thu, 25 Jul 2024 22:03:18 +0000 (07:03 +0900)]
rockchip: add RTL8723DS support for Radxa ROCK Pi S

Radxa ROCK Pi S has a RTL8723DS Wi-Fi 4 on-board device. enable it.

Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15910
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agomac80211: realtek: rtw88: add support for RTL8723DS and RTL8723DU
FUKAUMI Naoki [Tue, 30 Jul 2024 20:30:01 +0000 (05:30 +0900)]
mac80211: realtek: rtw88: add support for RTL8723DS and RTL8723DU

add Realtek RTL8723DS and RTL8723DU support to rtw88 package.

Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15910
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agolinux-firmware: amd64-microcode: Remove TARGET_x86 dependency
Hauke Mehrtens [Mon, 29 Jul 2024 22:36:06 +0000 (00:36 +0200)]
linux-firmware: amd64-microcode: Remove TARGET_x86 dependency

Build the amd64-microcode package on all architectures even if it only
makes sense to use it on x86. If the package build is done by a builder
not building for x86 it will not include the package otherwise.

Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agofirmware-utils: Mark as nonshared to build in step 1
Hauke Mehrtens [Mon, 29 Jul 2024 22:34:14 +0000 (00:34 +0200)]
firmware-utils: Mark as nonshared to build in step 1

Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different  target.

Fixes: 24d6abe2d7cd ("firmware-utils: new package replacing otrx")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agodns320l-mcu: Mark as nonshared to build in step 1
Hauke Mehrtens [Mon, 29 Jul 2024 22:33:21 +0000 (00:33 +0200)]
dns320l-mcu: Mark as nonshared to build in step 1

Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different  target.

Fixes: 8619d7af67c2 ("kirkwood: add D-Link DNS-320L support")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokobs-ng: Mark as nonshared to build in step 1
Hauke Mehrtens [Mon, 29 Jul 2024 22:32:10 +0000 (00:32 +0200)]
kobs-ng: Mark as nonshared to build in step 1

Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different  target.

Fixes: 1eb21b87bdd6 ("kobs-ng: add new package")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agoimx-bootlets: Mark as nonshared to build in step 1
Hauke Mehrtens [Mon, 29 Jul 2024 22:29:11 +0000 (00:29 +0200)]
imx-bootlets: Mark as nonshared to build in step 1

Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different  target.

Fixes: 07043a853a34 ("imx23: rename imx23 to mxs for upcoming imx23/28 support")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agofirmware: Mark Intel/Lantiq firmware packages as nonshared
Hauke Mehrtens [Mon, 29 Jul 2024 21:43:06 +0000 (23:43 +0200)]
firmware: Mark Intel/Lantiq firmware packages as nonshared

Package the firmware files in the target specific build step and not in
the architecture common step. The architecture common step is not
necessary build for the ipq40xx target. If it is build for a different
target these packages are not packaged at all. This moves the build to
the ipq40xx target specific build step. This change is needed to make
the firmware files show up in the buildbot images.

Fixes: 02db8a19cb8d ("firmware: add Intel/Lantiq VRX518 ACA firmware package")
Fixes: 07b0e6f3d9bc ("firmware: add Intel/Lantiq VRX518 PPE firmware package")
Fixes: 13eb1f564ad7 ("firmware: add Intel/Lantiq VRX518 DSL firmware package")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agorockchip: dw-rockchip: Fix initial PERST# GPIO value
Daniel Golle [Mon, 29 Jul 2024 23:37:21 +0000 (00:37 +0100)]
rockchip: dw-rockchip: Fix initial PERST# GPIO value

Import patch from mainline Linux to fix issue with PERST# signal
polarity.

Quote from commit message:
"This extra, very short, PERST# assertion + deassertion has been
reported to cause issues with certain WLAN controllers, e.g. RTL8822CE."

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 months agorockchip: only use HWRNG on RK3568 for now
Daniel Golle [Mon, 29 Jul 2024 23:29:53 +0000 (00:29 +0100)]
rockchip: only use HWRNG on RK3568 for now

Testing turned out that the HWRNG quality varies greatly on RK3566,
even on supposedly identical boards and SoC revisions.
Hence enable the HWRNG driver only on RK3568 for now.
Allow users to simply tune sample_count and quality to allow easily
testing results on different boards and SoCs.

Link: https://patchwork.kernel.org/project/linux-arm-kernel/cover/cover.1720969799.git.daniel@makrotopia.org/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 months agokernel: rtl8366s: don't handle unsupported MMD register operations
Mark Mentovai [Thu, 25 Jul 2024 17:10:24 +0000 (13:10 -0400)]
kernel: rtl8366s: don't handle unsupported MMD register operations

This is a backport of netdev/net [1]/[2], expected to be in kernel 6.11
(if not backported to a stable branch).

Since 4fdc7bb8f13f (2024-06-14, switching ath79 from kernel 6.1 to 6.6),
the rtl8366s driver was made to write to bogus PHY MII registers on
ath79/netgear,wndr3800 and family, and likely on other systems using
this switch in a similar manner. The writes were directed to PHY 4 MII
registers 0x0d (13) and 0x0e (14). The rtl8366s data sheet claims these
registers are reserved. These register writes were causing the device to
not maintain link, track link status, or pass traffic on eth1 (labeled
WAN), as eth1 is connected to PHY 4.

0x0d is MII_MMD_CTRL, and 0x0e is MII_MMD_DATA. rtl8366s doesn't appear
to support MMD in any way, and certainly not via the IEEE 802.3 annex
22D "clause 45 over clause 22" protocol implemented by mmd_phy_indirect.
This patch intercepts those attempted register accesses and returns
-EOPNOTSUPP without touching the switch chip. This is implemented by
defining phy_driver::{read,write}_mmd as
genphy_{read,write}_mmd_unsupported for this PHY. A new PHY driver for
this PHY is introduced to achieve that, because this PHY was previously
using genphy_driver, and there is otherwise no clean way to declare lack
of support for these operations.

This was caused by kernel 9b01c885be36 (2023-02-13, in 6.3). The new
genphy_c45_read_eee_abilities call in genphy_read_abilities (called
during phy_probe) was causing an attempted MMD read of (MMIO_MMD_PCS,
MDIO_PCS_EEE_ABLE), which was transformed into an annex 22D
mmd_phy_indirect operation that performed MII register writes to
MII_MMD_CTRL, MII_MMD_DATA, and MII_MMD_CTRL again, followed by another
read from MII_MMD_DATA. This was enough to "scramble" the state of those
two MII registers, which are in fact not used for annex 22D MMD register
access on this device but are reserved and have some other function,
rendering the PHY unusable while so configured. The result of the
bungled MMD read attempt caused the genphy driver to incorrectly believe
that the PHY supported standard EEE, which led to several more attempted
MMD writes and reads, in turn being transformed into writes to these two
MII registers.

rtl8366s does support some pre-IEEE 802.3az EEE standard form of "Green
Ethernet" which the switch driver (local to OpenWrt) already has some
support for. No attempt is made to map the standard operations for this
device.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=225990c487c1
[2] https://lore.kernel.org/netdev/20240725204147.69730-1-mark@mentovai.com/

Fixes: https://github.com/openwrt/openwrt/issues/15981
Link: https://github.com/openwrt/openwrt/issues/15739
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Mark Mentovai <mark@mentovai.com>
Link: https://github.com/openwrt/openwrt/pull/16012
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>