openwrt/staging/rmilecki.git
2 years agoiptables: add ip{,6}tables-legacy{,-restore,-save} symlinks
Etienne Champetier [Wed, 26 Jan 2022 19:23:23 +0000 (14:23 -0500)]
iptables: add ip{,6}tables-legacy{,-restore,-save} symlinks

Now that we can have both legacy and nft iptables variants
installed at the same time, install the legacy symlinks

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2 years agoiptables: use ALTERNATIVES for ip(6)tables(-nft)
Etienne Champetier [Wed, 26 Jan 2022 22:09:44 +0000 (17:09 -0500)]
iptables: use ALTERNATIVES for ip(6)tables(-nft)

As nftables is now the default, ip(6)tables-nft gets higher priority

The removed symlinks ("$(CP)" line) will now be installed by the
ALTERNATIVES mechanism

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2 years agoiptables: rework ip(6)tables-nft dependencies
Etienne Champetier [Wed, 26 Jan 2022 19:33:52 +0000 (14:33 -0500)]
iptables: rework ip(6)tables-nft dependencies

according to iptables-nft man page,
"These tools use the libxtables framework extensions and hook to the nf_tables
kernel subsystem using the nft_compat module."

This means that to work, iptables-nft needs the same modules as
iptables legacy except the ip(6)table-{filter,mangle,nat,raw}
ip_tables, ip6tables.
When those modules are loaded iptables-nft-save output contains
"# Warning: iptables-legacy tables present, use iptables-legacy-save to see them"
But as long as it's empty it should not be a problem.

To have nft properly display the rules created by ip(6)tables-nft we need
all iptables targets and matches to be built as extension and not built-in
(/usr/lib/iptables/libip(6)t_*.so)

When switching a package to iptables-nft, you need to keep the
iptables-mod-* dependencies

This patch does minimal changes:
- remove the direct iptables-nft -> iptables dependency
- and more important add nft-compat dependency

The rule
iptables-nft -A OUTPUT -d 8.8.8.8 -m comment --comment "aaa" -j REJECT
becomes
table ip filter {
chain OUTPUT {
type filter hook output priority filter; policy accept;
ip daddr 8.8.8.8 # xt_comment counter packets 0 bytes 0 # xt_REJECT
}
}

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2 years agonetfilter: add kmod-nft-compat
Etienne Champetier [Thu, 27 Jan 2022 21:00:21 +0000 (16:00 -0500)]
netfilter: add kmod-nft-compat

This modules is required by iptables-nft

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2 years agoiptables: fix ip6tables-nft description
Etienne Champetier [Thu, 27 Jan 2022 19:03:02 +0000 (14:03 -0500)]
iptables: fix ip6tables-nft description

ip6tables-nft packages ip6tables* utils not iptables*

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2 years agoiptables: fix ip6tables-extra description
Etienne Champetier [Wed, 26 Jan 2022 19:20:37 +0000 (14:20 -0500)]
iptables: fix ip6tables-extra description

The define was referencing ip6tables-mod-extra instead of ip6tables-extra

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2 years agouqmi: update to git HEAD
Daniel Golle [Wed, 2 Feb 2022 02:35:04 +0000 (02:35 +0000)]
uqmi: update to git HEAD

 f254fc5 uqmi: add support for get operating mode

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agobcm63xx: Remove patch already in Linux stable
Hauke Mehrtens [Tue, 1 Feb 2022 22:00:50 +0000 (23:00 +0100)]
bcm63xx: Remove patch already in Linux stable

Remove the 434-nand-brcmnand-fix-OOB-R-W-with-Hamming-ECC.patch, it was
already applied to Linux 5.10.37 and is not needed any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agokernel: bump 5.10 to 5.10.96
Rui Salvaterra [Tue, 1 Feb 2022 20:07:47 +0000 (20:07 +0000)]
kernel: bump 5.10 to 5.10.96

Patches automatically rebased.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2 years agokernel: bump 5.10 to 5.10.95
Rui Salvaterra [Sun, 30 Jan 2022 20:25:58 +0000 (20:25 +0000)]
kernel: bump 5.10 to 5.10.95

Patches automatically rebased.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2 years agokernel: bump 5.10 to 5.10.94
Rui Salvaterra [Thu, 27 Jan 2022 12:08:41 +0000 (12:08 +0000)]
kernel: bump 5.10 to 5.10.94

Deleted (upstreamed):
bcm27xx/patches-5.10/950-0669-drm-vc4-hdmi-Make-sure-the-device-is-powered-with-CE.patch [1]
bcm27xx/patches-5.10/950-0672-drm-vc4-hdmi-Move-initial-register-read-after-pm_run.patch [1]
gemini/patches-5.10/0003-ARM-dts-gemini-NAS4220-B-fis-index-block-with-128-Ki.patch [2]

Manually rebased:
bcm27xx/patches-5.10/950-0675-drm-vc4-hdmi-Drop-devm-interrupt-handler-for-CEC-int.patch

Manually reverted:
generic/pending-5.10/860-Revert-ASoC-mediatek-Check-for-error-clk-pointer.patch [3]

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.94&id=55b10b88ac8654fc2f31518aa349a2e643b37f18
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.94&id=958a8819d41420d7a74ed922a09cacc0ba3a4218
[3] https://lore.kernel.org/all/trinity-2a727d96-0335-4d03-8f30-e22a0e10112d-1643363480085@3c-app-gmx-bap33/

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agokernel: bump 5.10 to 5.10.93
Rui Salvaterra [Thu, 20 Jan 2022 10:45:31 +0000 (10:45 +0000)]
kernel: bump 5.10 to 5.10.93

No patches required rebasing.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2 years agoipq40xx: add MikroTik cAP ac support
Alar Aun [Tue, 6 Apr 2021 16:38:31 +0000 (19:38 +0300)]
ipq40xx: add MikroTik cAP ac support

This adds support for the MikroTik RouterBOARD RBcAPGi-5acD2nD
(cAP ac), a  indoor dual band, dual-radio 802.11ac wireless AP, two
10/100/1000 Mbps Ethernet ports.

See https://mikrotik.com/product/cap_ac for more info.

Specifications:
 - SoC: Qualcomm Atheros IPQ4018
 - RAM: 128 MB
 - Storage: 16 MB NOR
 - Wireless:
   · Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, 2.5 dBi antennae
   · Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 2.5 dBi antennae
 - Ethernet: Built-in IPQ4018 (SoC, QCA8075) , 2x 1000/100/10 port,
   PoE in and passive PoE out

Unsupported:
 - PoE out

Installation:
Boot the initramfs image via TFTP and then flash the sysupgrade
image using "sysupgrade -n"

Signed-off-by: Alar Aun <alar.aun@gmail.com>
2 years agowolfssl: update to 5.1.1-stable
Sergey V. Lobanov [Sat, 1 Jan 2022 19:37:13 +0000 (22:37 +0300)]
wolfssl: update to 5.1.1-stable

Bump from 4.8.1-stable to 5.1.1-stable

Detailed release notes: https://github.com/wolfSSL/wolfssl/releases

Upstreamed patches:
001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch -
 https://github.com/wolfSSL/wolfssl/commit/fa8f23284d4689c2a737204b337b58d966dcbd8c
002-Update-macro-guard-on-SHA256-transform-call.patch -
 https://github.com/wolfSSL/wolfssl/commit/f447e4c1fa4c932c0286fa0331966756e243db81

Refreshed patches:
100-disable-hardening-check.patch
200-ecc-rng.patch

CFLAG -DWOLFSSL_ALT_CERT_CHAINS replaced to --enable-altcertchains
configure option

The size of the ipk changed on aarch64 like this:
491341 libwolfssl4.8.1.31258522_4.8.1-stable-7_aarch64_cortex-a53.ipk
520322 libwolfssl5.1.1.31258522_5.1.1-stable-1_aarch64_cortex-a53.ipk

Tested-by: Alozxy <alozxy@users.noreply.github.com>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2 years agokernel: add kmod-vrf
Marek Behún [Thu, 20 Jan 2022 13:21:36 +0000 (14:21 +0100)]
kernel: add kmod-vrf

Add option to compile kmod-vrf, support for Virtual Routing and
Forwarding (Lite).

This module depends on NET_L3_MASTER_DEV, which is a boolean kernel
option, so we need to create a configuration option also for this, and
make kmod-vrf depend on it.

Signed-off-by: Marek Behún <kabel@kernel.org>
2 years agokernel: bump 5.4 to 5.4.175
John Audia [Sat, 29 Jan 2022 17:25:48 +0000 (12:25 -0500)]
kernel: bump 5.4 to 5.4.175

All patches automatically rebased.

Signed-off-by: John Audia <graysky@archlinux.us>
2 years agotoolchain: glibc: Remove patch for ARC700
Hauke Mehrtens [Sat, 29 Jan 2022 12:37:23 +0000 (13:37 +0100)]
toolchain: glibc: Remove patch for ARC700

The ARC700 target was renoved, this patch is not needed any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agokernel: Make kmod-usb-net-lan78xx depend on kmod-of-mdio
Hauke Mehrtens [Sat, 29 Jan 2022 16:32:42 +0000 (17:32 +0100)]
kernel: Make kmod-usb-net-lan78xx depend on kmod-of-mdio

kmod-usb-net-lan78xx depends on kmod-of-mdio when this package is
activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agouboot-envtools: Update to version 2022.01
Hauke Mehrtens [Sat, 29 Jan 2022 12:10:00 +0000 (13:10 +0100)]
uboot-envtools: Update to version 2022.01

The sizes of the ipk changed on MIPS 24Kc like this:
13281 uboot-envtools_2021.01-54_mips_24kc.ipk
13308 uboot-envtools_2022.01-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agolibcap: Update to version 2.63
Hauke Mehrtens [Sat, 29 Jan 2022 11:23:56 +0000 (12:23 +0100)]
libcap: Update to version 2.63

The sizes of the ipk changed on MIPS 24Kc like this:
11248 libcap_2.51-1_mips_24kc.ipk
14461 libcap_2.63-1_mips_24kc.ipk

18864 libcap-bin_2.51-1_mips_24kc.ipk
20576 libcap-bin_2.63-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agoe2fsprogs: Update to version 1.46.5
Hauke Mehrtens [Sat, 29 Jan 2022 11:15:20 +0000 (12:15 +0100)]
e2fsprogs: Update to version 1.46.5

The sizes of the ipk changed on MIPS 24Kc like this:
  8788 badblocks_1.45.6-2_mips_24kc.ipk
  8861 badblocks_1.46.5-1_mips_24kc.ipk

  3652 chattr_1.45.6-2_mips_24kc.ipk
  3657 chattr_1.46.5-1_mips_24kc.ipk

 58128 debugfs_1.45.6-2_mips_24kc.ipk
 60279 debugfs_1.46.5-1_mips_24kc.ipk

  8551 dumpe2fs_1.45.6-2_mips_24kc.ipk
  8567 dumpe2fs_1.46.5-1_mips_24kc.ipk

  4797 e2freefrag_1.45.6-2_mips_24kc.ipk
  4791 e2freefrag_1.46.5-1_mips_24kc.ipk

159790 e2fsprogs_1.45.6-2_mips_24kc.ipk
168212 e2fsprogs_1.46.5-1_mips_24kc.ipk

  7083 e4crypt_1.45.6-2_mips_24kc.ipk
  7134 e4crypt_1.46.5-1_mips_24kc.ipk

  5749 filefrag_1.45.6-2_mips_24kc.ipk
  6233 filefrag_1.46.5-1_mips_24kc.ipk

  4361 libcomerr0_1.45.6-2_mips_24kc.ipk
  4355 libcomerr0_1.46.5-1_mips_24kc.ipk

168040 libext2fs2_1.45.6-2_mips_24kc.ipk
174209 libext2fs2_1.46.5-1_mips_24kc.ipk

  8514 libss2_1.45.6-2_mips_24kc.ipk
  8613 libss2_1.46.5-1_mips_24kc.ipk

  3148 lsattr_1.45.6-2_mips_24kc.ipk
  3227 lsattr_1.46.5-1_mips_24kc.ipk

 22530 resize2fs_1.45.6-2_mips_24kc.ipk
 22909 resize2fs_1.46.5-1_mips_24kc.ipk

 33315 tune2fs_1.45.6-2_mips_24kc.ipk
 34511 tune2fs_1.46.5-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agoutil-linux: Update to version 2.37.3
Hauke Mehrtens [Sat, 29 Jan 2022 11:01:19 +0000 (12:01 +0100)]
util-linux: Update to version 2.37.3

This release fixes two security mount(8) and umount(8) issues:

CVE-2021-3996
    Improper UID check in libmount allows an unprivileged user to unmount FUSE
    filesystems of users with similar UID.

CVE-2021-3995
    This issue is related to parsing the /proc/self/mountinfo file allows an
    unprivileged user to unmount other user's filesystems that are either
    world-writable themselves or mounted in a world-writable directory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agoutil-linux: Do not build raw any more.
Hauke Mehrtens [Sat, 29 Jan 2022 16:35:19 +0000 (17:35 +0100)]
util-linux: Do not build raw any more.

The man page of the raw tool does not build because the disk-utils/raw.8
file is missing. It looks like it should be in the tar.xz file we
download, but it is missing.

We do not package the raw tool, so this is not a problem.

This fixes the following build error:
No rule to make target 'disk-utils/raw.8', needed by 'all-am'.  Stop.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agostrace: Update to version 5.16
Hauke Mehrtens [Sat, 29 Jan 2022 10:59:19 +0000 (11:59 +0100)]
strace: Update to version 5.16

The sizes of the ipk changed on MIPS 24Kc like this:
289764 strace_5.14-1_mips_24kc.ipk
310899 strace_5.16-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agoethtool: Update to version 5.16
Hauke Mehrtens [Sat, 29 Jan 2022 10:57:25 +0000 (11:57 +0100)]
ethtool: Update to version 5.16

795f420 cmis: Rename CMIS parsing functions
369b43a cmis: Initialize CMIS memory map
da16288 cmis: Use memory map during parsing
6acaeb9 cmis: Consolidate code between IOCTL and netlink paths
d7d15f7 sff-8636: Rename SFF-8636 parsing functions
4230597 sff-8636: Initialize SFF-8636 memory map
b74c040 sff-8636: Use memory map during parsing
799572f sff-8636: Consolidate code between IOCTL and netlink paths
9fdf45c sff-8079: Split SFF-8079 parsing function
2ccda25 netlink: eeprom: Export a function to request an EEPROM page
86792db cmis: Request specific pages for parsing in netlink path
6e2b32a sff-8636: Request specific pages for parsing in netlink path
c2170d4 sff-8079: Request specific pages for parsing in netlink path
9538f38 netlink: eeprom: Defer page requests to individual parsers
664586e Merge branch 'review/next/module-mem-map' into master
50fdaec ethtool: Set mask correctly for dumping advertised FEC modes
c5e7133 cable-test: Fix premature process termination
73091cd sff-8636: Use an SFF-8636 specific define for maximum number of channels
837c166 sff-common: Move OFFSET_TO_U16_PTR() to common header file
8658852 cmis: Initialize Page 02h in memory map
27b42a9 cmis: Initialize Banked Page 11h in memory map
340d88e cmis: Parse and print diagnostic information
eae6a99 cmis: Print Module State and Fault Cause
82012f2 cmis: Print Module-Level Controls
d7b1007 sff-8636: Print Power set and Power override bits
429f2fc Merge branch 'review/cmis-diag' into master
32457a9 monitor: do not show duplicate options in help text
c01963e Release version 5.16.

The sizes of the ipk changed on MIPS 24Kc like this:
34317 ethtool_5.15-1_mips_24kc.ipk
34311 ethtool_5.16-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agombedtls: Update to version 2.16.12
Hauke Mehrtens [Sat, 29 Jan 2022 10:56:27 +0000 (11:56 +0100)]
mbedtls: Update to version 2.16.12

This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
  value when verifying a MAC or AEAD tag. This hardens the library in
  case the value leaks through a memory disclosure vulnerability. For
  example, a memory disclosure vulnerability could have allowed a
  man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
  mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
  (out of memory). After that, calling mbedtls_ssl_session_free()
  and mbedtls_ssl_free() would cause an internal session buffer to
  be free()'d twice. CVE-2021-44732

The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agogdb: Update gdb to version 11.2
Hauke Mehrtens [Sat, 29 Jan 2022 10:54:49 +0000 (11:54 +0100)]
gdb: Update gdb to version 11.2

This is a minor corrective release over GDB 11.1, fixing the following issues:
* PR sim/28302 (gdb fails to build with glibc 2.34)
* PR build/28318 (std::thread support configure check does not use CXX_DIALECT)
* PR gdb/28405 (arm-none-eabi: internal-error: ptid_t remote_target::select_thread_for_ambiguous_stop_reply(const target_waitstatus*): Assertion `first_resumed_thread != nullptr' failed)
* PR tui/28483 ([gdb/tui] breakpoint creation not displayed)
* PR build/28555 (uclibc compile failure since commit 4655f8509fd44e6efabefa373650d9982ff37fd6)
* PR rust/28637 (Rust characters will be encoded using DW_ATE_UTF)
* PR gdb/28758 (GDB 11 doesn't work correctly on binaries with a SHT_RELR (.relr.dyn) section)
* PR gdb/28785 (Support SHT_RELR (.relr.dyn) section)

The sizes of the ipk changed on mips 24Kc like this:
2285775 gdb_11.1-3_mips_24kc.ipk
2287441 gdb_11.2-4_mips_24kc.ipk
191828 gdbserver_11.1-3_mips_24kc.ipk
191811 gdbserver_11.2-4_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agotoolchain: gdb: Update to version 11.2
Hauke Mehrtens [Sat, 29 Jan 2022 10:55:03 +0000 (11:55 +0100)]
toolchain: gdb: Update to version 11.2

This is a minor corrective release over GDB 11.1, fixing the following issues:
* PR sim/28302 (gdb fails to build with glibc 2.34)
* PR build/28318 (std::thread support configure check does not use CXX_DIALECT)
* PR gdb/28405 (arm-none-eabi: internal-error: ptid_t remote_target::select_thread_for_ambiguous_stop_reply(const target_waitstatus*): Assertion `first_resumed_thread != nullptr' failed)
* PR tui/28483 ([gdb/tui] breakpoint creation not displayed)
* PR build/28555 (uclibc compile failure since commit 4655f8509fd44e6efabefa373650d9982ff37fd6)
* PR rust/28637 (Rust characters will be encoded using DW_ATE_UTF)
* PR gdb/28758 (GDB 11 doesn't work correctly on binaries with a SHT_RELR (.relr.dyn) section)
* PR gdb/28785 (Support SHT_RELR (.relr.dyn) section)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agoRevert "ramips: add support for ipTIME AX2004M"
Stijn Tintel [Tue, 1 Feb 2022 19:35:06 +0000 (21:35 +0200)]
Revert "ramips: add support for ipTIME AX2004M"

Commit f4a79148f8cb ("ramips: add support for ipTIME AX2004M") seems to
leak KERNEL_LOADADDR 0x82000000 to other devices, causing the to no
longer boot. The leak is visible in u-boot:

   Using 'config-1' configuration
   Trying 'kernel-1' kernel subimage
     Description:  MIPS OpenWrt Linux-5.10.92
     Type:         Kernel Image
     Compression:  lzma compressed
     Data Start:   0x840000e4
     Data Size:    10750165 Bytes = 10.3 MiB
     Architecture: MIPS
     OS:           Linux
     Load Address: 0x82000000
     Entry Point:  0x82000000

Normally, it should look like this:

   Using 'config-1' configuration
   Trying 'kernel-1' kernel subimage
     Description:  MIPS OpenWrt Linux-5.10.92
     Type:         Kernel Image
     Compression:  lzma compressed
     Data Start:   0xbfca00e4
     Data Size:    2652547 Bytes = 2.5 MiB
     Architecture: MIPS
     OS:           Linux
     Load Address: 0x80001000
     Entry Point:  0x80001000

Revert the commit to avoid more people soft-bricking their devices.

This reverts commit f4a79148f8cbb7dfbcddfb0c1128caec45a01596.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2 years agobcm4908: backport first 5.18 DTS changes
Rafał Miłecki [Tue, 1 Feb 2022 09:45:38 +0000 (10:45 +0100)]
bcm4908: backport first 5.18 DTS changes

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agoath79: convert remaining mtd-mac-address-increment
Sungbo Eo [Mon, 31 Jan 2022 17:36:11 +0000 (02:36 +0900)]
ath79: convert remaining mtd-mac-address-increment

Commit d284e6ef0f06 ("treewide: convert mtd-mac-address-increment* to
generic implementation") renamed "mtd-mac-address-increment" property
to "mac-address-increment". Convert remaining usages that have been
added after that.

Fixes: af8a059bb41d ("ath79: add support for GL.iNet GL-XE300")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agoipq806x: convert remaining mtd-mac-address-increment
Sungbo Eo [Mon, 31 Jan 2022 17:35:26 +0000 (02:35 +0900)]
ipq806x: convert remaining mtd-mac-address-increment

Commit d284e6ef0f06 ("treewide: convert mtd-mac-address-increment* to
generic implementation") renamed "mtd-mac-address-increment" property
to "mac-address-increment". Convert remaining usages that have been
added after that.

Fixes: f44e933458b1 ("ipq806x: provide WiFI mac-addresses from dts")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agoath79: improve support for Dongwon T&I DW02-412H
Sungbo Eo [Mon, 31 Jan 2022 04:21:47 +0000 (13:21 +0900)]
ath79: improve support for Dongwon T&I DW02-412H

* Move &nand node to DTSI
* Utilize nvmem for fetching caldata
* Rename build recipe, clean before build
* Simplify KERNEL definition

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agolinux-firmware: intel: add firmware for AX210
Sungbo Eo [Mon, 31 Jan 2022 17:10:01 +0000 (02:10 +0900)]
linux-firmware: intel: add firmware for AX210

Add the most recent supported firmware file for Intel Wi-Fi 6E AX210
wireless chip. The API version 67 is not yet supported by the driver.
Additional PNVM file is required since API version 62.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agoubox: fix broken deferred start of logfile writer
Daniel Golle [Mon, 31 Jan 2022 15:00:13 +0000 (15:00 +0000)]
ubox: fix broken deferred start of logfile writer

Just use 'start' action which will have the desired effect instead of
trying to introduce a 'start_file' action which didn't work that way
because procd jshn magic would have to wrap around it.

Fixes: 88baf6ce2c ("ubox: only start log to file when filesystem has been mounted")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agomediatek: mt7623: simplify partition generation
Daniel Golle [Mon, 31 Jan 2022 00:45:10 +0000 (00:45 +0000)]
mediatek: mt7623: simplify partition generation

The two options 'emmc' and 'sdmmc' now became identical lines after
introducing CONFIG_TARGET_ROOTFS_PARTSIZE.
Remove the now useless if-clauses.

Fixes: a40b4d335a ("mediatek: use CONFIG_TARGET_ROOTFS_PARTSIZE")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agoprocd: seccomp/jail: Fix build error on arm with glibc
Daniel Golle [Mon, 31 Jan 2022 00:07:32 +0000 (00:07 +0000)]
procd: seccomp/jail: Fix build error on arm with glibc

From: Peter Lundkvist <peter.lundkvist@gmail.com>

This fixes the make_syscall_h.sh script to recognize both
__NR_Linux, used by mips, and __NR_SYSCALL_BASE and
__ARM_NR_BASE used by arm.

Run-tested on arm (ipq806x) and mips (ath79), both with glibc.
Compile-tested and checked resulting syscall_names.h file wuth
glibc: aarch64, powerpc, x86_64, i486
musl: arm, mips

Fixes: FS#4194, FS#4195
Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agomediatek: u7623-02: enable early console also in legacy image
Daniel Golle [Sun, 30 Jan 2022 22:46:44 +0000 (22:46 +0000)]
mediatek: u7623-02: enable early console also in legacy image

Append 'earlycon=uart8250,mmio32,0x11004000' to the boot arguments
embedded in device-tree in order to enable early console on the
UniElec U7623 board when using the vendor/stock bootloader.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agobcm4908: backport bcm_sf2 patch for better LED registers support
Rafał Miłecki [Sun, 30 Jan 2022 23:57:17 +0000 (00:57 +0100)]
bcm4908: backport bcm_sf2 patch for better LED registers support

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agobcm4908: fixup pinctrl patches for kernel 5.4
Rafał Miłecki [Sun, 30 Jan 2022 23:34:01 +0000 (00:34 +0100)]
bcm4908: fixup pinctrl patches for kernel 5.4

Fixes: b0145891676f ("bcm4908: backport BCM4908 pinctrl driver")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agobcm4908: backport BCM4908 pinctrl driver
Rafał Miłecki [Sun, 30 Jan 2022 22:30:16 +0000 (23:30 +0100)]
bcm4908: backport BCM4908 pinctrl driver

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agoglibc: update to 2.34 HEAD
Hans Dedecker [Sun, 30 Jan 2022 21:19:34 +0000 (22:19 +0100)]
glibc: update to 2.34 HEAD

72123e1b56 NEWS: Add a bug entry for BZ #28755
08beb3a3f4 x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755]
b50d5b746c x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755]
1b9cd6a721 NEWS: add bug entry for BZ #28769 and BZ #28770
3438bbca90 Linux: Detect user namespace support in io/tst-getcwd-smallbuff
d084965adc realpath: Avoid overwriting preexisting error (CVE-2021-3998)
472e799a5f getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)
8c8a71c85f tst-realpath-toolong: Fix hurd build
f7a79879c0 realpath: Set errno to ENAMETOOLONG for result larger than PATH_MAX [BZ #28770]
73c362840c stdlib: Fix formatting of tests list in Makefile
269eb9d930 stdlib: Sort tests in Makefile
062ff490c1 support: Add helpers to create paths longer than PATH_MAX
82b1acd9de powerpc: Fix unrecognized instruction errors with recent binutils
1d401d1fcc x86: use default cache size if it cannot be determined [BZ #28784]
6890b8a3ae CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)
1081f1d3dd sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542)
7b5d433fd0 CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542)
5575daae50 socket: Add the __sockaddr_un_set function
03e6e02e6a Disable debuginfod in printer tests [BZ #28757]
705f1e4606 Update syscall lists for Linux 5.16
2fe2af88ab i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bug 28771)
73558ffe84 Update syscall lists for Linux 5.15
e64235ff42 powerpc: Fix unrecognized instruction errors with recent GCC

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2 years agoubox: only start log to file when filesystem has been mounted
Daniel Golle [Sun, 30 Jan 2022 19:39:21 +0000 (19:39 +0000)]
ubox: only start log to file when filesystem has been mounted

If log_file is on an filesystem mounted using /etc/config/fstab we have
to wait for that to happen before starting the logread process.
Inhibit the start of the file-writer process and use a mount trigger to
fire it up once the filesystem actually becomes available.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agoprocd: support generic mount triggers and clean up
Daniel Golle [Sun, 30 Jan 2022 19:37:41 +0000 (19:37 +0000)]
procd: support generic mount triggers and clean up

Allow init scripts to trigger free-form actions by exposing
procd_add_action_mount_trigger.
Clean up mount trigger wrappers while at it to reduce code duplication.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agoath79: ASUS RP-AC66 use flash till the end
Tamas Balogh [Tue, 25 Jan 2022 13:16:37 +0000 (14:16 +0100)]
ath79: ASUS RP-AC66 use flash till the end

This makes available the additional space,
which was occupied by OEM's jffs2 partition before:
"0x000000f80000-0x000001000000 : jffs2"

Reverting to the OEM firmware will also recover
this partition, i.e. it is not needed and can be
used by OpenWrt.

Signed-off-by: Tamas Balogh <tamasbalogh@hotmail.com>
2 years agoramips: add support for Wavlink WL-WN535K1
Davide Fioravanti [Sat, 4 Dec 2021 03:15:30 +0000 (04:15 +0100)]
ramips: add support for Wavlink WL-WN535K1

The Wavlink WL-WN535K1 is a "mesh" router with 2 gigabit ethernet ports
and one fast ethernet port. Mine is branded as Talius TAL-WMESH1.
It can be found in kits of 2 or 3 (WL-WN535K2 or WL-WN535K3).
The motherboard is labelled as WS-WN535G3-B-V1.2 so this image could
potentially work for WL-WN535G3R and WS-WN535G3R with little to none
effort, but it's untested.

Hardware
--------
SoC:   Mediatek MT7620A
RAM:   64MB
FLASH: 8MB NOR (GigaDevice GD25Q64CS)
ETH:
  - 2x 10/100/1000 Mbps Ethernet (RTL8211F)
  - 1x 10/100 Mbps Ethernet (integrated in SOC)
WIFI:
  - 2.4GHz: 1x (integrated in SOC) (2x2:2)
  - 5GHz:   1x MT7612E (2x2:2)
  - 4 internal antennas
BTN:
  - 1x Reset button
  - 1x Touchlink button (set to WPS)
  - 1x ON/OFF switch
LEDS:
  - 1x Red led (system status)
  - 1x Blue led (system status)
  - 3x Green leds (ethernet port status/act)
UART:
  - 57600-8-N-1

Everything works correctly.

Currently there is no firmware update available. Because of this, in
order to restore the OEM firmware, you must firstly dump the OEM
firmware from your router before you flash the OpenWrt image.

Backup the OEM Firmware
-----------------------
The following steps are to be intended for users having little to none
experience in linux. Obviously there are many ways to backup the OEM
firmware, but probably this is the easiest way for this router.
Procedure tested on WN535K1_V1510_200916 firmware version.

1) Go to http://192.168.10.1/webcmd.shtml

2) Type the following line in the "Command" input box and then press enter:
mkdir /etc_ro/lighttpd/www/dev; dd if=/dev/mtd0ro of=/etc_ro/lighttpd/www/dev/mtd0ro

3) After few seconds in the textarea should appear this output:
16384+0 records in
16384+0 records out

   If your output doesn't match mine, stop reading and ask for
   help in the forum.

4) Open in another tab http://192.168.10.1/dev/mtd0ro to download the
   content of the whole NOR. If the file size is 0 byte, stop reading
   and ask for help in the forum.

5) Come back to the http://192.168.10.1/webcmd.shtml webpage and type:
rm /etc_ro/lighttpd/www/dev/mtd0ro;for i in 1 2 3 4 5; do dd if=/dev/mtd${i}ro of=/etc_ro/lighttpd/www/dev/mtd${i}ro; done

6) After few seconds, in the textarea should appear this output:
384+0 records in
384+0 records out
128+0 records in
128+0 records out
128+0 records in
128+0 records out
14720+0 records in
14720+0 records out
1024+0 records in
1024+0 records out

   If your output doesn't match mine, stop reading and ask for
   help in the forum.

7) Open the following links to download the partitions of the OEM FW:
http://192.168.10.1/dev/mtd1ro
http://192.168.10.1/dev/mtd2ro
http://192.168.10.1/dev/mtd3ro
http://192.168.10.1/dev/mtd4ro
http://192.168.10.1/dev/mtd5ro

   If one (or more) of these files are 0 byte, stop reading and ask
   for help in the forum.

8) Store these downloaded files in a safe place.

9) Reboot your router to remove any temporary file in ram.

Installation
------------
Flash the initramfs image in the OEM firmware interface
(http://192.168.10.1/update_mesh.shtml).
When Openwrt boots, flash the sysupgrade image otherwise you won't be
able to keep configuration between reboots.

Restore OEM Firmware
--------------------
Flash the "mtd4ro" file you previously backed-up directly from LUCI.
Warning: Remember to not keep settings!
Warning2: Remember to force the flash.

Notes
-----
1) Router mac addresses:
   LAN XX:XX:XX:XX:XX:E2 (factory @ 0x28)
   WAN XX:XX:XX:XX:XX:E3 (factory @ 0x2e)
   WIFI 2G XX:XX:XX:XX:XX:E4 (factory @ 0x04)
   WIFI 5G XX:XX:XX:XX:XX:E5 (factory @ 0x8004)

   LABEL XX:XX:XX:XX:XX:E5

2) The OEM firmware upgrade page accepts only files containing the
   string "WN535K1" in the filename.

3) Additional notes 1,2,3 in the WS-WN583A6 commit are still valid
(https://github.com/openwrt/openwrt/commit/92780d80ab6f5f03fac2407c06eb267dd83914a1)

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
[remove trailing whitespace]
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agoCI: add formal checks
Paul Spooren [Thu, 27 Jan 2022 09:25:19 +0000 (10:25 +0100)]
CI: add formal checks

The formal checks verify the following things:
- Commits does not contain any merge commits
- Signed by a real name
- Commit titles starts with an `<area>:`
- Author name matches signed of name
- Commit message is not empty

Signed-off-by: Paul Spooren <mail@aparcar.org>
2 years agoramips: add support for ipTIME AX2004M
Sungbo Eo [Sat, 29 Jan 2022 14:25:32 +0000 (23:25 +0900)]
ramips: add support for ipTIME AX2004M

ipTIME AX2004M is an 802.11ax (Wi-Fi 6) router, based on MediaTek
MT7621A.

Specification:
* SoC: MT7621A
* RAM: 256 MiB
* Flash: NAND 128 MiB
* Wi-Fi:
  * MT7915D: 2.4/5 GHz (DBDC)
* Ethernet: 5x 1GbE
  * Switch: SoC built-in
* USB: 1x 3.0
* UART: J4 (115200 baud)
  * Pinout: [3V3] (TXD) (RXD) (GND)

MAC address:

| interface |        MAC        |     source     | comment
|-----------|-------------------|----------------|---------
|       LAN | 58:XX:XX:00:XX:9B |                | [1]
|       WAN | 58:XX:XX:00:XX:99 |                |
|   WLAN 2G | 58:XX:XX:00:XX:98 | factory 0x4    |
|   WLAN 5G | 5A:XX:XX:40:XX:98 |                |
|           |                   |                |
|           | 58:XX:XX:00:XX:98 | config ethaddr |

[1] Used in this patch as WLAN 5G MAC address with the local bit set

Load address:
* stock
  * 0x80010000: FIT image
  * 0x81001000: kernel image -> entry
* OpenWrt
  * 0x80010000: FIT image
  * 0x82000000: uncompressed kernel+relocate image
  * 0x80001000: relocated kernel image -> entry

Installation via **recovery** mode:
1.  Press reset button, power up the device, wait >10s for CPU LED
    to stop blinking.
2.  Upload recovery image through the recovery web page at 192.168.0.1.

Revert to stock firmware:
1.  Install stock image via recovery mode.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agoramips: make the relocation address configurable
Sungbo Eo [Sat, 29 Jan 2022 14:24:07 +0000 (23:24 +0900)]
ramips: make the relocation address configurable

If no argument is given to relocate-kernel, KERNEL_LOADADDR will be used
just as before.

This is a preparation for ramips support of ipTIME AX2004M.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agomvebu: add support for ipTIME NAS1dual
Sungbo Eo [Sat, 1 Jan 2022 14:47:43 +0000 (23:47 +0900)]
mvebu: add support for ipTIME NAS1dual

ipTIME NAS1dual is a 1-bay NAS, based on Marvell Armada 385 SoC.

Specifications:
* SoC: 88F6820
* RAM: 2 GiB
* Flash: SPI NOR 64 MiB
* SATA: 1x 3Gb/s
* Ethernet: 2x 1GbE
* USB: 1x 3.0
* Fan: 2 speed level
* UART: J11 (115200 8N1)
  * Pinout: [3V3] (TXD) (RXD) (GND)

Installation via web interface:
1.  Flash **initramfs** image through the stock web interface.
2.  Boot into OpenWrt and perform sysupgrade with sysupgrade image.

Revert to stock firmware:
1.  Perform sysupgrade with stock image.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agomvebu: remove duplicate CONFIG_POWER_RESET entries
Sungbo Eo [Sat, 1 Jan 2022 13:00:56 +0000 (22:00 +0900)]
mvebu: remove duplicate CONFIG_POWER_RESET entries

The option is already enabled in the target config since 9149ed4f05f8
("mvebu: cortexa9: Add support for Ctera C200-V2").

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agokernel: add disabled POWER_RESET_QNAP
Sungbo Eo [Sat, 1 Jan 2022 12:57:47 +0000 (21:57 +0900)]
kernel: add disabled POWER_RESET_QNAP

Move the disabled symbol from target configs to generic configs.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agokirkwood: add support for ipTIME NAS1
Sungbo Eo [Sat, 1 Jan 2022 12:00:36 +0000 (21:00 +0900)]
kirkwood: add support for ipTIME NAS1

ipTIME NAS1 is a 1-bay NAS, based on Marvell Kirkwood SoC.

Specifications:
* SoC: 88F6281
* RAM: 256 MiB
* Flash: SPI NOR 16 MiB
* SATA: 1x 3Gb/s
* Ethernet: 1x 1GbE
* USB: 1x 2.0
* Fan: 2 speed level
* UART: JP1 (115200 8N1)
  * Pinout: [3V3] (TXD) (RXD) (GND)

Notes:
* There are several variants of the model name: "NAS-I", "NASI", "NAS1".
  Here "NAS1" is adopted for consistent naming scheme.
* The reset button is also a USB copy button in stock FW,
  but in this patch the former is the only default behavior.

Installation via web interface:
1.  Flash sysupgrade image through the stock web interface.

Revert to stock firmware:
1.  Perform sysupgrade with stock image.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agokirkwood: rework 02_network
Sungbo Eo [Sat, 22 Jan 2022 11:30:05 +0000 (20:30 +0900)]
kirkwood: rework 02_network

Just like other targets do, introduce two setup functions for interfaces
and MAC addresses.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agokirkwood: drop kernel 5.4 support
Sungbo Eo [Sat, 1 Jan 2022 09:46:39 +0000 (18:46 +0900)]
kirkwood: drop kernel 5.4 support

It has been 3 months since we switched this target to 5.10, now we can
remove the 5.4 files.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agokernel: move bootargs-append patch to generic
Sungbo Eo [Tue, 4 Jan 2022 15:36:13 +0000 (00:36 +0900)]
kernel: move bootargs-append patch to generic

This moves bootargs-append support patch from ipq40xx and ipq806x to
generic. This way we can append additional boot arguments from DTS instead
of only being able to overwrite them.

This is a preparation for kirkwood support of ipTIME NAS1.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agofirmware-utils: bump to git HEAD
Sungbo Eo [Sat, 29 Jan 2022 14:49:39 +0000 (23:49 +0900)]
firmware-utils: bump to git HEAD

0c15cad iptime-naspkg: add image header tool for ipTIME NAS series
872c87c iptime-crc32: add image header tool for new ipTIME models

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2 years agoutil-linux: add lslocks
Roman Azarenko [Tue, 25 Jan 2022 17:16:30 +0000 (18:16 +0100)]
util-linux: add lslocks

This change adds the "lslocks" utility from util-linux.

Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
2 years agokernel: bump 5.4 to 5.4.174
John Audia [Thu, 27 Jan 2022 10:44:38 +0000 (05:44 -0500)]
kernel: bump 5.4 to 5.4.174

Removed upstreamed patches:
  layerscape/patches-5.4/302-dts-0083-arm64-ls1028a-qds-correct-bus-of-rtc.patch[1]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.4.174&id=65816c1034769e714edb70f59a33bc5472d9e55f

Build system: x86_64
Build-tested: ramips/mt7621

Signed-off-by: John Audia <graysky@archlinux.us>
2 years agokernel: bump 5.4 to 5.4.173
John Audia [Thu, 20 Jan 2022 21:41:22 +0000 (16:41 -0500)]
kernel: bump 5.4 to 5.4.173

All patches automatically rebased.

Signed-off-by: John Audia <graysky@archlinux.us>
2 years agonetfilter.mk: add conntrack support to nft bridge
Etienne Champetier [Mon, 24 Jan 2022 22:30:43 +0000 (17:30 -0500)]
netfilter.mk: add conntrack support to nft bridge

This allows to implement statefull bridge filtering

As the uncompressed size is only 7.6k (arm64), just add
nf_conntrack_bridge.ko to kmod-nft-bridge package

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2 years agoocteontx: Refresh kernel configuration
Hauke Mehrtens [Sun, 23 Jan 2022 16:04:26 +0000 (17:04 +0100)]
octeontx: Refresh kernel configuration

Refresh the kernel configuration.
No manual changes done.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agokernel: Add CONFIG_CRYPTO_DEV_OCTEONTX_CPT kernel config option
Hauke Mehrtens [Sun, 23 Jan 2022 16:02:04 +0000 (17:02 +0100)]
kernel: Add CONFIG_CRYPTO_DEV_OCTEONTX_CPT kernel config option

This new kernel configuration option is available when building the
octeontx target.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agokernel: Fix compile warning
Hauke Mehrtens [Sun, 23 Jan 2022 00:48:28 +0000 (01:48 +0100)]
kernel: Fix compile warning

This fixes the following compile warning:
  CC      init/do_mounts.o
init/do_mounts.c:478:19: warning: 'mount_ubi_rootfs' defined but not used [-Wunused-function]
  478 | static int __init mount_ubi_rootfs(void)
      |                   ^~~~~~~~~~~~~~~~

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agoarc770: Remove arc770 target
Hauke Mehrtens [Sat, 22 Jan 2022 18:57:49 +0000 (19:57 +0100)]
arc770: Remove arc770 target

The arc700 target is not booting up since some time, see here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/issues/400

It looks like there is a problem in the toolchain when using glibc.

Currently no one is working on fixing this problem, remove the target
instead. This target also does not have many users we are aware of.

If someone wants to have this target back, feel free to add a fixed
version of this target again.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
2 years agofirewall4: update to latest Git HEAD
Jo-Philipp Wich [Fri, 28 Jan 2022 10:14:01 +0000 (11:14 +0100)]
firewall4: update to latest Git HEAD

16a1070 fw4.uc: handle zone masq6 option
5f61dbf ruleset: fix chain selection for mark and dscp targets
0bc844b ruleset: properly deal with wildcards in zone device selectors
101988d fw4: fix family comparisons
127dbc0 ruleset: emit AF specific rules for DSCP matches
d63cb89 fw4: fix parsing inverted numeric DSCP values
8c8a867 fw4: fix wrong `parse_network()` return value on `parse_subnet()` failure
f85bb2d ruleset: consolidate zone matches for raw_prerouting and raw_output chains
5669bc7 fw4: consolidate device grouping logic
94f03e0 ruleset: properly render redirect targets without port
fff9779 fw4: fix family selection logic for redirect rules
ca88fcd tests: update interface dump mock data
e60bb4b ruleset: support non-contiguous address masks
8fec51a fw4: fix potential crashes when parsing invalid redirect sections
c08eb44 fw4: fix redirect destination zone resolving
0df6ba0 fw4: fix address selection logic for DNAT reflection rules
60a2518 tests: add test coverage for redirect rules
e479eff fw4: add RFC-8622 'Least Effort' (LE) DSCP mark
ac8a737 ruleset: remove redundant syn check
bd5dc4b tests: run testcases in strict mode
3ee6a5c ruleset: fix undeclared variable access uncovered by strict mode

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2 years agoucode: update to latest Git HEAD
Jo-Philipp Wich [Mon, 1 Nov 2021 18:27:00 +0000 (19:27 +0100)]
ucode: update to latest Git HEAD

c6dae42 LICENSE: add ISC license file
402f603 lib: introduce struct library
dcb6ffd struct: fix PowerPC specific compiler pragma name
a0512ea treewide: fix typo in exported function names and types
eaaaf88 nl80211: fix wiphy dump reply merge logic
e6efadb fs: add utility functions
54ef6c0 nl80211: fix premature netlink reply receive abort
07802f3 syntax: disallow keywords in object property shorthand notation
3489b75 vm: support object property access on resource value types
dc8027c types: consider resource prototypes when marking reachable objects
5680fab treewide: fix upvalue reference type name
0d29b25 treewide: fix "resource" misspellings
99fdafd vm: introduce value registry
66f7c00 ubus: add support for async requests
5c77dd5 fs: implement fdopen(), file.fileno() and proc.fileno()
b605dbf treewide: rework numeric value handling
599d233 vallist: store double values in a platform neutral manner
5bb9ab7 struct: reuse double packing routines from core
2fd7ab5 vm: optimize string concatenation
eafa321 lib: implement uniq() function
6b2e79a types: add initial infrastructure for function serialization
725bb75 compiler, vm: use a program wide constant list
6c2caf9 source: refactor source file handling
371ba45 program: implement support for precompiling source files
3578afe build: support building without compile capabilities
61d0a34 lib: replace usages of vasprintf() with xvasprintf()
03b6a8e syntax: drop legacy syntax support
01132db lib: fix %J string formats with precision specifier
3f44c42 lib: rework format string handling
a1b3c5d struct: implement `*` format, fix invalid memory accesses
34a04a2 run_tests.sh: fix exitcode evaluation
abe38e7 run_tests.sh: add ability to define environment variables for testcases
04fa2ba tests: reorganize testcase files
6a55d10 lib: fix exists() error return value
aa860a3 vm: fix `null` loose equality/inequality checks
3f6d199 vallist: uc_number_parse(): parse empty strings as `0`, not `NaN`
ddc5aa7 vm: fix NaN strict equality tests

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2 years agoramips: enable I2C_CHARDEV in mt7621/config-5.10
Stijn Tintel [Fri, 28 Jan 2022 16:56:34 +0000 (18:56 +0200)]
ramips: enable I2C_CHARDEV in mt7621/config-5.10

I2C_CHARDEV used to be enabled in mt7621/config-5.4. Enable it in the
5.10 config, as it's required for PoE control on Unifi Switch Flex.

Fixes: b4aad29a1d7a ("ramips: add support for kernel 5.10")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2 years agokernel: 5.10: drop broken-flash-reset patch
Chuanhong Guo [Fri, 28 Jan 2022 11:46:51 +0000 (19:46 +0800)]
kernel: 5.10: drop broken-flash-reset patch

Flash accessing instruction templates are determined during probe since
v5.6 for spimem-dirmap support in spi-nor driver in upstream commit:
df5c21002cf4 ("mtd: spi-nor: use spi-mem dirmap API")
As a result, changing bus_width on the fly doesn't work anymore and this
patch will cause executing spi-mem ops with 3-byte address on 16-32M
flash area.
We can't easily revert that behavioral change upstream so drop the patch
to prevent u-boot and eeprom from being erased.

Fixes: b10d604459("kernel: add linux 5.10 support")
Reported-by: Frank Di Matteo <dimatto@foxmail.com>
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2 years agofirmware-utils: update to git HEAD of 2022-01-28
Daniel Golle [Fri, 28 Jan 2022 12:58:45 +0000 (12:58 +0000)]
firmware-utils: update to git HEAD of 2022-01-28

 6c95945 ptgen: add Chromium OS kernel partition support
 8e7274e cros-vbutil: add Chrome OS vboot kernel-signing utility

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agoperf: Depend on libbfd and libopcodes when enabled
Florian Fainelli [Sat, 8 Jan 2022 16:45:29 +0000 (08:45 -0800)]
perf: Depend on libbfd and libopcodes when enabled

bpftool will enabled libbfd and libopcodes which gets picked up by perf
as libraries to link against. Add those missing dependencies when either
of these packages are enabled.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2 years agotools: build bash on macOS and use it for ipkg-build
Felix Fietkau [Thu, 27 Jan 2022 12:25:39 +0000 (13:25 +0100)]
tools: build bash on macOS and use it for ipkg-build

On macOS, system binaries silently drop the environment variables for injecting
extra shared libraries (used by fakeroot). This is done for security reasons.
Work around this by building bash from source, so that it gets an ad-hoc signature
and does not have these restrictions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agotools/coreutils: build chown
Felix Fietkau [Thu, 27 Jan 2022 12:21:04 +0000 (13:21 +0100)]
tools/coreutils: build chown

On ARM macOS, injecting extra shared libraries does not work for system
binaries. This causes fakeroot to fail for chown calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agotools/fakeroot: fix unresolved symbols on arm64 macOS
Felix Fietkau [Thu, 27 Jan 2022 12:20:15 +0000 (13:20 +0100)]
tools/fakeroot: fix unresolved symbols on arm64 macOS

The $INODE64 symbol variants are not present, since the base system
always uses 64-bit file offsets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agosdk: ship llvm toolchain
Felix Fietkau [Wed, 26 Jan 2022 12:52:07 +0000 (13:52 +0100)]
sdk: ship llvm toolchain

This allows ebpf packages like qosify to be built with it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agonetfilter: correct some dependencies
Tiago Gaspar [Sun, 23 Jan 2022 00:44:01 +0000 (00:44 +0000)]
netfilter: correct some dependencies

nf-nathelper-extra and nf-conntrack-netlink had iptables related
dependencies, yet, when looking for the respective kernel symbols and
checking it's dependencies it was confirmed that iptables wasn't
required and that these were either it's own moodule or tool independent
(nftables or iptables).

Correct these and make sure no unneeded extras are pulled in.

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
2 years agorockchip: disable UHS modes for NanoPi R4S
David Bauer [Tue, 25 Jan 2022 20:46:54 +0000 (21:46 +0100)]
rockchip: disable UHS modes for NanoPi R4S

The NanoPi R4S leaves the SD card in 1.8V signalling when rebooting
while U-Boot requires the card to be in 3.3V mode.

Remove UHS support from the SD controller so the card remains in 3.3V
mode. This reduces transfer speeds but ensures a reboot whether from
userspace or following a kernel panic is always working.

Signed-off-by: David Bauer <mail@david-bauer.net>
2 years agometa: create FUNDING.yml
Paul Spooren [Tue, 25 Jan 2022 09:53:20 +0000 (10:53 +0100)]
meta: create FUNDING.yml

By adding this file a badge should appear in the GitHub web interface to
motivate people donate money to the OpenWrt project.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2 years agomediatek: mt7623: include regular AHCI PCI driver
Daniel Golle [Tue, 25 Jan 2022 00:05:43 +0000 (00:05 +0000)]
mediatek: mt7623: include regular AHCI PCI driver

The legacy image for the UniElec U7623-02 until now included
kmod-ata-ahci-mtk. The MT7623 chip doesn't have that IP and that
board uses a PCIe-connected AHCI controller for the SATA port and
mSATA-pins of the mPCIe socket. Hence include kmod-ata-ahci instead.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agoscripts/feeds: install targets to target/linux/feeds and support overriding
Felix Fietkau [Mon, 24 Jan 2022 12:28:36 +0000 (13:28 +0100)]
scripts/feeds: install targets to target/linux/feeds and support overriding

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoscripts/feeds: fix installing targets without explicitly specifying the feed
Felix Fietkau [Mon, 24 Jan 2022 12:16:00 +0000 (13:16 +0100)]
scripts/feeds: fix installing targets without explicitly specifying the feed

Add similar code to what is done on packages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agobuild: increase scan depth for finding targets
Felix Fietkau [Mon, 24 Jan 2022 10:23:57 +0000 (11:23 +0100)]
build: increase scan depth for finding targets

This allows targets to be put into target/linux/feeds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agobuild: change PYTHON to python3
Felix Fietkau [Mon, 24 Jan 2022 10:22:31 +0000 (11:22 +0100)]
build: change PYTHON to python3

On recent macOS, /usr/bin/python3 is a wrapper that finds the right python executable
It checks argv[0] to determine if python2 or python3 should be called. Always execute
it as python3 to ensure it calls the right version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoipq40xx: drop 5.4 kernel
Robert Marko [Tue, 19 Oct 2021 18:27:37 +0000 (20:27 +0200)]
ipq40xx: drop 5.4 kernel

Since 5.10 is now default, no point in keeping
5.4 around.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2 years agouboot-mediatek: update to version 2022.01
Daniel Golle [Tue, 11 Jan 2022 21:26:43 +0000 (21:26 +0000)]
uboot-mediatek: update to version 2022.01

Tested on BananaPi R2 (SD, eMMC), BananaPi R64 (SD, eMMC, SPI-NAND) and
UniElec U7623-02 (eMMC).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agomediatek: store random MAC address in U-Boot env on first boot
Daniel Golle [Tue, 11 Jan 2022 12:58:50 +0000 (12:58 +0000)]
mediatek: store random MAC address in U-Boot env on first boot

For devboards without a MAC address assigned from factory, store
the random MAC in U-Boot env on first boot to make it persistent.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-envtools: add configuration for UniElec U7623 board
Daniel Golle [Mon, 10 Jan 2022 17:09:27 +0000 (17:09 +0000)]
uboot-envtools: add configuration for UniElec U7623 board

Add U-Boot env settings to allow accessing the environment using
fw_printenv and fw_setenv tools on the UniElec U7623 board.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agomediatek: mt7623: rework images for U7623-02 board
Daniel Golle [Fri, 20 Aug 2021 20:11:32 +0000 (21:11 +0100)]
mediatek: mt7623: rework images for U7623-02 board

Users of older OpenWrt versions need sysupgrade using the *emmc.img.gz
file once which will upgrade U-Boot and switch to the new image layout.
Users of the vendor firmware need to first flash the legacy image to
then sunsequently carry out a full-flash upgrade.

Alternatively the board can also be flashed using MediaTek's
proprietary SP Flash Tool.

Configuration as well as persistent MAC address will be lost once at
this point and you will have to redo (or restore) all configuration
manually. To restore the previous persistent MAC address users may set
it manually using

fw_setenv ethaddr 00:11:22:33:44:55

For future upgrades once running OpenWrt past this commit, the usual
*sysupgrade.itb file can be used.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-mediatek: update build for the U7623-02 board
Daniel Golle [Fri, 20 Aug 2021 20:12:28 +0000 (21:12 +0100)]
uboot-mediatek: update build for the U7623-02 board

Brings bootmenu and production/recovery dual-boot scheme like on
the BPi-R2, BPi-R64, E8450 and UniFi 6 LR.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agomediatek: add common DTS aliases for UniElec U7623 board
Daniel Golle [Mon, 10 Jan 2022 17:05:26 +0000 (17:05 +0000)]
mediatek: add common DTS aliases for UniElec U7623 board

 * Use serial0 instead of serial2 for the only serial port
 * Add LED aliases
 * Add ethernet0 alias to inherit ethaddr from U-Boot env

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouml: make use of 'rootfs-part' feature
Daniel Golle [Sat, 22 Jan 2022 00:26:52 +0000 (00:26 +0000)]
uml: make use of 'rootfs-part' feature

Use 'rootfs-part' feature instead of referencing the TARGET_uml in
Config-images.in.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agosunxi: make use of 'rootfs-part' feature
Daniel Golle [Sat, 22 Jan 2022 00:25:52 +0000 (00:25 +0000)]
sunxi: make use of 'rootfs-part' feature

Use 'rootfs-part' feature instead of referencing the TARGET_sunxi in
Config-images.in.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agoomap: make use of 'rootfs-part' feature
Daniel Golle [Sat, 22 Jan 2022 00:24:02 +0000 (00:24 +0000)]
omap: make use of 'rootfs-part' feature

Use 'rootfs-part' feature instead of referencing the TARGET_omap in
Config-images.in.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agomediatek: use CONFIG_TARGET_ROOTFS_PARTSIZE
Daniel Golle [Sat, 22 Jan 2022 00:20:53 +0000 (00:20 +0000)]
mediatek: use CONFIG_TARGET_ROOTFS_PARTSIZE

Enable 'rootfs-part' feature to make the size of the partition of the
production image configurable instead of hard-coding it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agonetifd: update to git HEAD
Hans Dedecker [Sun, 23 Jan 2022 17:52:53 +0000 (18:52 +0100)]
netifd: update to git HEAD

ed71876 iprule: add support for uidrange

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2 years agoucode: add temporary fix for integer formatting on 32bit systems
Jo-Philipp Wich [Sat, 22 Jan 2022 23:51:11 +0000 (00:51 +0100)]
ucode: add temporary fix for integer formatting on 32bit systems

The ucode VM always passes 64bit integer values to sprintf implementation
while the `%d` format expects 32bit integers on 32bit platforms, leading
to incorrect formatting results.

Temporarily solve the issue by casting the numeric argument to int until
a more thorough fix arrives with the next update.

Fixes: FS#4234
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2 years agoath79: add support for GL.iNet GL-XE300
Victorien Molle [Fri, 20 Aug 2021 19:41:19 +0000 (21:41 +0200)]
ath79: add support for GL.iNet GL-XE300

The GL.iNet GL-XE300 is a 4G LTE Wireless router, based on QCA9531 SoC.

Specifications:

 - SoC: QCA9531 (650MHz)
 - RAM: DDR2 128M
 - Flash: SPI NOR 16M + SPI NAND 128M
 - WiFi: 2.4GHz with 2 antennas
 - Ethernet:
   - 1x LAN (10/100M)
   - 1x WAN (10/100M)
 - LTE:
 - USB: 1x USB 2.0 port
 - UART:
   - 3.3V, TX, RX, GND / 115200 8N1

MAC addresses as verified by OEM firmware:

 use    address   source
 LAN    *:c5      art 0x0 (label)
 WAN    *:c6      label + 1
 WLAN   *:c7      art 0x1002

Installation via U-Boot rescue:

1. Press and hold reset and power buttons simultaneously
2. Wait for the LAN led to blink 5 times
3. Release reset and power buttons
4. The rescue page is accessible via http://192.168.1.1
5. Select the OpenWrt factory image and start upgrade
6. Wait for the router to flash new firmware and reboot

Revert to stock firmware:

 i. Download the stock firmware from GL.Inet website
 ii. Use the same method explained above to flash the stock firmware

Signed-off-by: Victorien Molle <victorien.molle@wifirst.fr>
[update commit message]
Signed-off-by: David Bauer <mail@david-bauer.net>
2 years agoramips: correct vendor name for COMFAST/Joowin
Rodrigo Araujo [Tue, 18 Jan 2022 14:43:28 +0000 (14:43 +0000)]
ramips: correct vendor name for COMFAST/Joowin

When Joowin WR758AC V1 and V2 devices were added, they should have been
added with the primary manufacturer name which is COMFAST, since Joowin
is just an alternate vendor name on some coutries or stores.

Fix this by changing the the vendor name on the respective files and set
Joowin as ALT0 variants while ensuring compatibility for early users.
Also adjust the model names to better follow the naming rules.

As a side effect, fix mt76x8 network script which was left incorrectly
unsorted on the case block conditions.

Fixes: 766733e172 ("ramips: add support for Joowin WR758AC V1 and V2")
Signed-off-by: Rodrigo Araujo <araujo.rm@gmail.com>
2 years agoramips: read Tenbay T-MB5EU address from single location
David Bauer [Wed, 19 Jan 2022 21:58:17 +0000 (22:58 +0100)]
ramips: read Tenbay T-MB5EU address from single location

Currently the WAN MAC address is read from a different offset contrary
to all other addresses.

There's conflicting information whether offset 0x28 on the factory
partition contains the valid WAN mac for all devices while 0x4 seems to
be uniform.

Read the WAN mac from this location and calculate it.

Signed-off-by: David Bauer <mail@david-bauer.net>
2 years agoramips: update Tenbay T-MB5EU wireless MAC address
David Bauer [Wed, 19 Jan 2022 21:47:37 +0000 (22:47 +0100)]
ramips: update Tenbay T-MB5EU wireless MAC address

The current MAC address assignment is still incorrect.

Use the same MAC address as seen on the stock firmware
for both wireless interfaces.

The 5GHz MAC address OUI is +2 in the first EUI octet. We currently
don't do this in OpenWrt. Ignore this offset for now. With the current
assignment, recurring MAC addresses between radios is already taken care
of.

Signed-off-by: David Bauer <mail@david-bauer.net>