openwrt/openwrt.git
19 months agomac80211: fix invalid calls to drv_sta_pre_rcu_remove
Felix Fietkau [Fri, 24 Mar 2023 12:32:36 +0000 (13:32 +0100)]
mac80211: fix invalid calls to drv_sta_pre_rcu_remove

Potentially fixes some driver data structure corruption issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 9779ee021d30508eb9e7ebf1ec0a28a4be3c4c19)
[Change patch number]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
19 months agoramips: mt7621: ASUS RT-AX53U add NMBM, nest firmware
Felix Baumann [Fri, 31 Mar 2023 04:16:04 +0000 (06:16 +0200)]
ramips: mt7621: ASUS RT-AX53U add NMBM, nest firmware

Nests kernel and ubi into firmware partition in-order to be compatible
with OEM firmware. This allows restoring oem firmware from a backup of
firmware2. Add jffs2 partition which is present in the oem firmware.
Add support for mediatek NMBM (wear leveling on newer mediatek devices).
Exclude UBI partition from NMBM management.
Continues PR #10685.

Tested-by: Felix Baumann <felix.bau@gmx.de>
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
(cherry picked from commit 787ecdf66de6798540fb8b756404566341b4733c)

19 months agoramips: Alternative name Asus RT-AX1800U for Asus RT-AX53U
Felix Baumann [Sun, 8 Jan 2023 00:47:21 +0000 (01:47 +0100)]
ramips: Alternative name Asus RT-AX1800U for Asus RT-AX53U

The Asus RT-AX1800U is identical to the already supported Asus RT-AX53U.
Use the ALT0 buildroot tags to show both devices.

Tested-by: Marian Sarcinschi <znevna@gmail.com>
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
(cherry picked from commit acd3b5e83b99879b326a940907a9ff334586f86b)

19 months agoramips: add missing LEDs to Asus RT-AX53U
Marian Sarcinschi [Thu, 22 Dec 2022 23:56:09 +0000 (01:56 +0200)]
ramips: add missing LEDs to Asus RT-AX53U

This patch adds the missing LEDs to Asus RT-AX53U.
Based on PR #10400 and patch provided in #11068
 - enable the two LEDs controlled by mt7915e for wireless;
 - add label to power LED so it works properly and fix formatting;
 - add the USB LED;
 - switch LEDs are best left to be controlled by hardware for now.

Co-Authored-By: Ivan Rozhuk <rozhuk.im@gmail.com>
Co-Authored-By: Shiji Yang <yangshiji66@qq.com>
Co-Authored-By: Hartmut Birr <e9hack@gmail.com>
Tested-by: Felix Baumann <felix.bau@gmx.de>
Tested-by: Marian Sarcinschi <znevna@gmail.com>
Signed-off-by: Marian Sarcinschi <znevna@gmail.com>
(cherry picked from commit c4b806d5c4ccc653968620e6e9aec93bc4e370e5)

19 months agouboot-envtools: add support for ramips Asus RX-AX53U
Felix Baumann [Mon, 26 Dec 2022 20:44:45 +0000 (21:44 +0100)]
uboot-envtools: add support for ramips Asus RX-AX53U

Adds uboot-envtools support for ramips Asus RX-AX53U now that partition
can be correctly read.

Signed-off-by: Felix Baumann <felix.bau@gmx.de>
[ improve commit title and description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 75451681d03e609ac8a3d1cd7469eefa53e18ca4)

19 months agoramips: add support for read/write uboot env to Asus RX-AX53U
Felix Baumann [Mon, 26 Dec 2022 20:40:43 +0000 (21:40 +0100)]
ramips: add support for read/write uboot env to Asus RX-AX53U

Add support for read/writing uboot env by renaming the second partition
to its stock label "nvram" and remove the deemed unnecessary
"read-only". Split the first partition "u-boot" in two, in order
to allow `fw_setenv` safe write-access to the uboot environment
variables.

This implements hauke's request from [1].
Based on the patch provided by Shiji Yang.

[1] https://github.com/openwrt/openwrt/pull/10400#discussion_r945153224

Co-Authored-By: Shiji Yang <yangshiji66@qq.com>
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
[ improve commit title and description, fix some whitespace problem ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3f1e9f6f3b14385cab7ca6d1dcc2a4b658475bc3)

20 months agocomgt: ncm: support Mikrotik R11e-LTE6 modem
Szabolcs Hubai [Fri, 24 Mar 2023 23:00:27 +0000 (00:00 +0100)]
comgt: ncm: support Mikrotik R11e-LTE6 modem

The Mikrotik R11e-LTE6 modem is similar to ZTE MF286R modem, added
earlier: it has a Marvel chip, able to work in ACM+RNDIS mode, knows ZTE
specific commands, runs OpenWrt Barrier Breaker fork.
While the modem is able to offer IPv6 address, the RNDIS setup is unable
to complete if there is an IPv6 adress.

While it works in ACM+RNDIS mode, the user experience isn't as good as
with "proto 3g": the modem happily serves a local IP (192.168.1.xxx)
without internet access. Of course, if the modem has enough time
(for example at the second dialup), it will serve a public IP.

Modifing the DHCP Lease (to a short interval before connect and back to
default while finalizing) is a workaround to get a public IP at the
first try.

A safe workaround for this is to excercise an offline script of the
pingcheck program: simply restart (ifdown - ifup) the connection.

Another pitfall is that the modem writes a few messages at startup,
which confuses the manufacturer detection algorithm and got disabled.

    daemon.notice netifd: Interface 'mikrotik' is setting up now
    daemon.notice netifd: mikrotik (2366): Failed to parse message data
    daemon.notice netifd: mikrotik (2366): WARNING: Variable 'ok' does not exist or is not an array/object
    daemon.notice netifd: mikrotik (2366): Unsupported modem
    daemon.notice netifd: mikrotik (2426): Stopping network mikrotik
    daemon.notice netifd: mikrotik (2426): Failed to parse message data
    daemon.notice netifd: mikrotik (2426): WARNING: Variable '*simdetec:1,sim' does not exist or is not an array/object
    daemon.notice netifd: mikrotik (2426): Unsupported modem
    daemon.notice netifd: Interface 'mikrotik' is now down

A workaround for this is to use the "delay" option in the interface
configuration.

I want to thank Forum members dchard (in topic Adding support for
MikroTik hAP ac3 LTE6 kit (D53GR_5HacD2HnD)) [1]
and mrhaav (in topic OpenWrt X86_64 + Mikrotik R11e-LTE6) [2]
for sharing their experiments and works.
Another information page was found at eko.one.pl [3].

[1]: https://forum.openwrt.org/t/137555
[2]: https://forum.openwrt.org/t/151743
[3]: https://eko.one.pl/?p=modem-r11elte

Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit dbd6ebd6d84b35599a0446559576df41f487200e)

20 months agocomgt: add quirk for Mikrotik modems based on Mikrotik R11e-LTE6
Szabolcs Hubai [Fri, 24 Mar 2023 21:24:26 +0000 (22:24 +0100)]
comgt: add quirk for Mikrotik modems based on Mikrotik R11e-LTE6

The MikroTik R11e-LTE6 modem goes into flight mode (CFUN=4) at startup
and the radio is off (*RADIOPOWER: 0):

    AT+RESET
    OK

    OK

    *SIMDETEC:2,NOS

    *SIMDETEC:1,SIM

    *ICCID: 8936500119010596302

    *EUICC: 1

    +MSTK: 11, D025....74F3

    *ADMINDATA: 0, 2, 0

    +CPIN: READY

    *EUICC: 1

    *ECCLIST: 5, 0, 112, 0, 000, 0, 08, 0, 118, 0, 911

    +CREG: 0

    $CREG: 0

    +CESQ: 99,99,255,255,255,255

    *CESQ: 99,99,255,255,255,255,0

    +CGREG: 0

    +CEREG: 0

    +CESQ: 99,99,255,255,255,255

    *CESQ: 99,99,255,255,255,255,0

    *RADIOPOWER: 0

    +MMSG: 0, 0

    +MMSG: 0, 0

    +MMSG: 1, 0

    +MPBK: 1

While the chat script is able to establish the PPP connection,
it's closed instantly by the modem: LCP terminated by peer.

    local2.info chat[7000]: send (ATD*99***1#^M)
    local2.info chat[7000]: expect (CONNECT)
    local2.info chat[7000]: ^M
    local2.info chat[7000]: ATD*99***1#^M^M
    local2.info chat[7000]: CONNECT
    local2.info chat[7000]:  -- got it
    local2.info chat[7000]: send ( ^M)
    daemon.info pppd[6997]: Serial connection established.
    kern.info kernel: [  453.659146] 3g-mikrotik: renamed from ppp0
    daemon.info pppd[6997]: Renamed interface ppp0 to 3g-mikrotik
    daemon.info pppd[6997]: Using interface 3g-mikrotik
    daemon.notice pppd[6997]: Connect: 3g-mikrotik <--> /dev/ttyACM0
    daemon.info pppd[6997]: LCP terminated by peer
    daemon.notice pppd[6997]: Connection terminated.
    daemon.notice pppd[6997]: Modem hangup
    daemon.info pppd[6997]: Exit.
    daemon.notice netifd: Interface 'mikrotik' is now down

Sending "AT+CFUN=1" to modem deactivates the flight mode and
solves the issue:

    daemon.notice netifd: Interface 'mikrotik' is setting up now
    daemon.notice netifd: mikrotik (7051): sending -> AT+CFUN=1
    daemon.notice pppd[7137]: pppd 2.4.9 started by root, uid 0
    local2.info chat[7140]: abort on (BUSY)
    local2.info chat[7140]: abort on (NO CARRIER)
    local2.info chat[7140]: abort on (ERROR)
    local2.info chat[7140]: report (CONNECT)
    local2.info chat[7140]: timeout set to 10 seconds
    local2.info chat[7140]: send (AT&F^M)
    local2.info chat[7140]: expect (OK)
    local2.info chat[7140]: ^M
    local2.info chat[7140]: +CESQ: 99,99,255,255,255,255^M
    local2.info chat[7140]: ^M
    local2.info chat[7140]: *CESQ: 99,99,255,255,255,255,0^M
    local2.info chat[7140]: AT&F^MAT&F^M^M
    local2.info chat[7140]: OK
    local2.info chat[7140]:  -- got it
    ...
    local2.info chat[7140]: send (ATD*99***1#^M)
    local2.info chat[7140]: expect (CONNECT)
    local2.info chat[7140]: ^M
    local2.info chat[7140]: ATD*99***1#^M^M
    local2.info chat[7140]: CONNECT
    local2.info chat[7140]:  -- got it
    local2.info chat[7140]: send ( ^M)
    daemon.info pppd[7137]: Serial connection established.
    kern.info kernel: [  463.094254] 3g-mikrotik: renamed from ppp0
    daemon.info pppd[7137]: Renamed interface ppp0 to 3g-mikrotik
    daemon.info pppd[7137]: Using interface 3g-mikrotik
    daemon.notice pppd[7137]: Connect: 3g-mikrotik <--> /dev/ttyACM0
    daemon.warn pppd[7137]: Could not determine remote IP address: defaulting to 10.64.64.64
    daemon.notice pppd[7137]: local  IP address 100.112.63.62
    daemon.notice pppd[7137]: remote IP address 10.64.64.64
    daemon.notice pppd[7137]: primary   DNS address 185.29.83.64
    daemon.notice pppd[7137]: secondary DNS address 185.62.131.64
    daemon.notice netifd: Network device '3g-mikrotik' link is up
    daemon.notice netifd: Interface 'mikrotik' is now up

To send this AT command to the modem the "runcommand.gcom" script
dependency is moved from comgt-ncm to comgt.
As the comgt-ncm package depends on comgt already, this change
is a NOOP from that point of view.
But from the modem's point it is a low hanging fruit as the modem
is usable with installing comgt and kmod-usb-ncm packages.

Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit 91eca7b04ff1309c7408baa1f1631d7623ce50cf)

20 months agokernel: add support for XMC XM25QH64C
Joe Mullally [Sun, 26 Feb 2023 22:01:22 +0000 (22:01 +0000)]
kernel: add support for XMC XM25QH64C

The XMC XM25QH64C is a 8MB SPI NOR chip. The patch is verified on TL-WPA8631P v3.
Datasheet available at https://www.xmcwh.com/uploads/442/XM25QH64C.pdf

Signed-off-by: Joe Mullally <jwmullally@gmail.com>
(cherry picked from commit 19752bdfa3e75da8290f525186e9fd8349df9c93)

20 months agoath79: Refresh patches
Hauke Mehrtens [Sat, 1 Apr 2023 17:46:06 +0000 (19:46 +0200)]
ath79: Refresh patches

Refresh the kernel patches.

Fixes: c2331038b257 ("kernel: remove obsolete netfilter tcp window size check bypass patch")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
20 months agokernel: remove obsolete netfilter tcp window size check bypass patch
Felix Fietkau [Thu, 30 Mar 2023 12:16:35 +0000 (14:16 +0200)]
kernel: remove obsolete netfilter tcp window size check bypass patch

On any currently supported hardware, the performance impact should not
matter anymore.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 75e78bcaab847557ce1782eb2dea9dff9a029171)

20 months agomac80211, mt76: add fixes for recently discovered security issues
Felix Fietkau [Wed, 29 Mar 2023 15:54:19 +0000 (17:54 +0200)]
mac80211, mt76: add fixes for recently discovered security issues

Fixes CVE-2022-47522

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d54c91bd9ab3c54ee06923eafbd67047816a37e4)

20 months agoncm: add error check and retry mechanism for gcom call
Mike Wilson [Mon, 20 Jul 2020 20:25:33 +0000 (22:25 +0200)]
ncm: add error check and retry mechanism for gcom call

This patch solves the problem of receiving "error" responses when
initially calling gcom. This avoids unnecessary NO_DEVICE failures.

A retry loop retries the call after an "error" response within the
specified delay. A successful response will continue with the connection
immediately without waiting for max specified delay, bringing the
interface up sooner.

Signed-off-by: Mike Wilson <mikewse@hotmail.com>
(cherry picked from commit 8f27093ce784daad5a9b1c89f51d0a76a8bbb07b)

20 months agokernel: bump 5.10 to 5.10.176
John Audia [Wed, 22 Mar 2023 16:07:50 +0000 (12:07 -0400)]
kernel: bump 5.10 to 5.10.176

All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit f598880162e83ddc0139e00c5248497d06f5fff7)

20 months agokernel: bump 5.10 to 5.10.175
John Audia [Sat, 18 Mar 2023 19:05:11 +0000 (15:05 -0400)]
kernel: bump 5.10 to 5.10.175

Manually rebased:
backport-5.10/611-v5.12-net-ethernet-mediatek-support-setting-MTU.patch

All other patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 3ca98495897126113912f7ee4537f69459d21332)

20 months agokernel: bump 5.10 to 5.10.174
John Audia [Mon, 13 Mar 2023 13:02:52 +0000 (09:02 -0400)]
kernel: bump 5.10 to 5.10.174

No patches needed to be rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 72d9d2b923b389f09e2ba43f4aba22c068e6cbb7)

20 months agokernel: bump 5.10 to 5.10.173
John Audia [Sun, 12 Mar 2023 14:03:16 +0000 (10:03 -0400)]
kernel: bump 5.10 to 5.10.173

Manually rebased:
        ramips/patches-5.10/810-uvc-add-iPassion-iP2970-support.patch

All other patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit d4aad642ff80750ec16a58058eb6da718e2129cd)

20 months agokernel: tcindex classifier has been retired
John Audia [Sat, 11 Mar 2023 15:42:26 +0000 (10:42 -0500)]
kernel: tcindex classifier has been retired

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.10.173&id=18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit fbfec3286e8bfce3a78749b7bcb67e658665f197)

20 months agox86: fix deprecated CONFIG_MICROCODE_OLD_INTERACE
John Audia [Sat, 11 Mar 2023 19:03:00 +0000 (14:03 -0500)]
x86: fix deprecated CONFIG_MICROCODE_OLD_INTERACE

We use late loading[1] so need to set this option despite upstream adding a
kernel taint when this option is set.  See discussion in PR#12149 for more details.

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/arch/x86/Kconfig?id=v5.10.173&id2=v5.10.172

1. https://github.com/openwrt/openwrt/blob/master/target/linux/x86/base-files/lib/preinit/02_load_x86_ucode

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 0c5ffe1ab2b4843635555e2a234f8bd5cb4d6978)

20 months agokernel: bump 5.10 to 5.10.172
John Audia [Fri, 3 Mar 2023 18:37:30 +0000 (13:37 -0500)]
kernel: bump 5.10 to 5.10.172

Removed upstreamed:
backport-5.10/804-0001-net-Remove-WARN_ON_ONCE-sk-sk_forward_alloc-from-sk_.patch[1]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.171&id=3e4bbd1f38a8d35bd2d3aaffdb5f6ada546b669a

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 50cb897d251133752ea2cd338153a6dcb011ea98)

20 months agokernel: bump 5.10 to 5.10.170
John Audia [Mon, 27 Feb 2023 22:58:42 +0000 (17:58 -0500)]
kernel: bump 5.10 to 5.10.170

No patches modified for this bump

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit a14cc979a2a081c31763b994219ae0d0ddebd9f2)

20 months agokernel: bump 5.10 to 5.10.169
John Audia [Sat, 25 Feb 2023 21:20:28 +0000 (16:20 -0500)]
kernel: bump 5.10 to 5.10.169

Add fix:
target/linux/generic/backport-5.10/804-0001-net-Remove-WARN_ON_ONCE-sk-sk_forward_alloc-from-sk_.patch[3]

All other patches automatically rebased.

3. https://lore.kernel.org/stable/20230227211548.13923-1-kuniyu@amazon.com

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit b88955aa2294c61f21bdf7014e10d8ea29d0c346)

20 months agobcm4908: include usbport trigger
Rafał Miłecki [Thu, 16 Mar 2023 21:01:51 +0000 (22:01 +0100)]
bcm4908: include usbport trigger

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cb2661844a5d54d44230ee564d4f17605a794a49)

20 months agobcm4908: backport v6.4 pending DTS changes
Rafał Miłecki [Thu, 16 Mar 2023 19:28:47 +0000 (20:28 +0100)]
bcm4908: backport v6.4 pending DTS changes

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ffaabee9b8d9da7c15a50f52897ae5f70b40b4e7)

20 months agoipq40xx: Linksys MR8300: fix the USB port power
Daniel González Cabanelas [Thu, 16 Feb 2023 22:04:20 +0000 (23:04 +0100)]
ipq40xx: Linksys MR8300: fix the USB port power

The USB port on the MR8300 randomly fails to feed bus-powered devices.

This is caused by a misconfigured pinmux. The GPIO68 should be used to
enable the USB power (active low), but it's inside the NAND pinmux.

This GPIO pin was found in the original firmware at a startup script in
both MR8300 and EA8300. Therefore apply the fix for both boards.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit ed64c3323590e3c9fa8b423bf37689023a7a101f)

Signed-off-by: Steffen Scheib <steffen@scheib.me>
20 months agoramips: mt7621: enable lzma-loader for AFOUNDRY EW1200
Tony Butler [Sun, 19 Mar 2023 09:34:07 +0000 (02:34 -0700)]
ramips: mt7621: enable lzma-loader for AFOUNDRY EW1200

Fixes boot loader LZMA decompression issues (LZMA ERROR 1)
As reported in issue #12208

Reported-by: Raúl M. <raul.m@sparkedhost.com>
Tested-by: Raúl M. <raul.m@sparkedhost.com>
Signed-off-by: Tony Butler <spudz76@gmail.com>
(cherry picked from commit 889bbf89bb679f0c5b0fa432e27a3e0dd8940a4e)

20 months agoramips: fix 5g mac for TOTOLINK X5000R
Chuanhong Guo [Sun, 26 Mar 2023 15:50:43 +0000 (23:50 +0800)]
ramips: fix 5g mac for TOTOLINK X5000R

There's no valid mac address for the second band in the eeprom.
The vendor fw uses 2.4G mac + 4 as the mac for 5G radio.
Do the same in our firmware.

Fixes: 23be410b3d ("ramips: add support for TOTOLINK X5000R")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 212632540043cc9b911c2efb86156479f2710836)

20 months agoramips: add support for Mercusys MR70X
David Bauer [Thu, 23 Mar 2023 22:53:47 +0000 (23:53 +0100)]
ramips: add support for Mercusys MR70X

Hardware
========
- SoC: MediaTek MT7621AT (880MHz, Duel-Core)
- RAM: DDR3 128MB
- Flash: Winbond W25Q128JV (SPI-NOR 16MB)
- WiFi: MediaTek MT7915D (2.4GHz, 5GHz, DBDC)
- Ethernet: MediaTek MT7530 (WAN x1, LAN x3, SoC)
- UART: >TX RX GND 3v3 (115200 8N1, J1)
        Do not connect 3v3. TX is marked with an arrow.

Installation
============
Flash factory image. This can be done using stock web ui.

Revert to stock firmware
========================
Flash stock firmware via OEM Web UI Recovery mode.

Web UI Recovery method
======================
1. Unplug the router
2. Plug in and hold reset button 5~10 secs
3. Set your computer IP address manually to 192.168.1.x / 255.255.255.0
4. Flash image with web browser to 192.168.1.1

Co-authored-by: Robert Senderek <robert.senderek@10g.pl>
Co-authored-by: Yoonji Park <koreapyj@dcmys.kr>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 47de2c686291e69afc9f443e27e1dfd11ed5fbe7)

20 months agofirmware-utils: tplink-safeloader: add Mercusys MR70X
David Bauer [Fri, 24 Mar 2023 14:35:47 +0000 (15:35 +0100)]
firmware-utils: tplink-safeloader: add Mercusys MR70X

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agoramips: fix Archer AX23 WiFi MAC address conflict
David Bauer [Tue, 21 Mar 2023 04:07:30 +0000 (05:07 +0100)]
ramips: fix Archer AX23  WiFi MAC address conflict

The original claim about conflicting MAC addresses is wrong. mac80211
does increment the first octet and sets the LA bit.

This means our "workaround" actually leads to the issue while
incrementing the last octet is safe.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit d52870125d57d39e73e6c305dd36fad44fe4a773)

20 months agoramips: add support for TP-Link Archer AX23 v1
David Bauer [Tue, 14 Mar 2023 01:06:40 +0000 (02:06 +0100)]
ramips: add support for TP-Link Archer AX23 v1

Hardware
--------
CPU:    MediaTek MT7621 DAT
RAM:    128MB DDR3 (integrated)
FLASH:  16MB SPI-NOR ()
WiFi:   MediaTek MT7905 + MT7975 (2.4 / 5 DBDC) 802.11ax
SERIAL: 115200 8N1
        LEDs - (3V3 - GND - RX - TX) - ETH ports

Installation
------------

Upload the factory image using the Web-UI.

Web-Recovery
------------

The router supports a HTTP recovery mode by holding the reset-button
when powering on. The interface is reachable at 192.168.0.1 and supports
installation using the factory image.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7dceef5ee554ec4ab5d2dd2ff999f4a60bf2e0f4)

20 months agofirmware-utils: tplink-safeloader: add TP-Link Archer AX23 v1
David Bauer [Wed, 15 Mar 2023 00:22:16 +0000 (01:22 +0100)]
firmware-utils: tplink-safeloader: add TP-Link Archer AX23 v1

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agompc85xx: add support for Watchguard Firebox T10
David Bauer [Sat, 18 Feb 2023 01:06:54 +0000 (02:06 +0100)]
mpc85xx: add support for Watchguard Firebox T10

Hardware
--------
SoC:    Freescale P1010
RAM:    512MB
FLASH:  1 MB SPI-NOR
        512 MB NAND
ETH:    3x Gigabite Ethernet (Atheros AR8033)
SERIAL: Cisco RJ-45 (115200 8N1)
RTC:    Battery-Backed RTC (I2C)

Installation
------------

1. Patch U-Boot by dumping the content of the SPI-Flash using a SPI
   programmer. The SHA1 hash for the U-Boot password is currently
   unknown.

   A tool for patching U-Boot is available at
   https://github.com/blocktrron/t10-uboot-patcher/

   You can also patch the unknown password yourself. The SHA1 hash is
   E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA

2. Interrupt the bootmenu by pressing CTRL+C. A password prompt appears.
   The patched password is '1234' (without quotation marks)

3. Download the OpenWrt initramfs image. Copy it to a TFTP server
   reachable at 10.0.1.13/24 and rename it to uImage.

4. Connect the TFTP server to ethernet port 0 of the Watchguard T10.

5. Download and boot the initramfs image by entering "tftpboot; bootm;"
   in U-Boot.

6. After OpenWrt booted, create a UBI volume on the old data partition.
   The "ubi" mtd partition should be mtd7, check this using

   $ cat /proc/mtd

   Create a UBI partition by executing

   $ ubiformat /dev/mtd7 -y

7. Increase the loadable kernel-size of U-Boot by executing

   $ fw_setenv SysAKernSize 800000

8. Transfer the OpenWrt sysupgrade image to the Watchguard T10 using
   scp. Install the image by using sysupgrade:

   $ sysupgrade -n <path-to-sysupgrade>

   Note: The LAN ports of the T10 are 1 & 2 while 0 is WAN. You might
   have to change the ethernet-port.

9. OpenWrt should now boot from the internal NAND. Enjoy.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 35f6d795134e9b089c4e763a7f58cba7d4e15e42)

20 months agogeneric: remove patch for unused kernel version
David Bauer [Sun, 5 Mar 2023 19:26:21 +0000 (20:26 +0100)]
generic: remove patch for unused kernel version

Remove this stray patch, as OpenWrt 22.03 does not target kernel 5.15.

Fixes commit b18a0d0b92963 ("generic: add support for EON EN25QX128A spi nor flash")

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agogeneric: MIPS: Add barriers between dcache & icache flushes
David Bauer [Thu, 2 Mar 2023 15:53:59 +0000 (16:53 +0100)]
generic: MIPS: Add barriers between dcache & icache flushes

This fixes spurious boot-errors with some ath79 MIPS 74Kc boards such
as the AC Lite as well as Archer C7 v2.

The missing barrier leads to the icache flush being executed before the
dcache writeback, which results in the CPU executing the dummy infinite
loop in tlbmiss_handler_setup_pgd.

Applying this patch from upstream ensures the dcache is written back
before flushing the icache.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 26bc8f68767e1ec6e33a84ef397e4c38d5968462)

20 months agokernel: fix mtk dsa tag padding
Felix Fietkau [Thu, 2 Mar 2023 11:58:16 +0000 (12:58 +0100)]
kernel: fix mtk dsa tag padding

The padding intended to avoid corrupted non-zero padding payload was
accidentally adding too many padding bytes, tripping up some setups.
Fix this by using eth_skb_pad instead.
Fixes #11942.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 9307c27539805de021fb7163f6ad6dc08992331b)

21 months agokernel: can: fix MCP251x CAN controller module autoload
Tim Harvey [Sat, 18 Feb 2023 00:53:18 +0000 (16:53 -0800)]
kernel: can: fix MCP251x CAN controller module autoload

Fix autoload module name for can-mcp251x kmod.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
(cherry picked from commit 29d02d8ce584fa7e420204e04dde1e17e14e009c)

21 months agokernel: bump 5.10 to 5.10.168
John Audia [Wed, 15 Feb 2023 19:05:27 +0000 (14:05 -0500)]
kernel: bump 5.10 to 5.10.168

Manually rebased:
  backport-5.10/804-v5.14-0001-nvmem-core-allow-specifying-of_node.patch

Removed upstreamed:
  generic-backport/807-v5.17-0003-nvmem-core-Fix-a-conflict-between-MTD-and-NVMEM-on-w.patch[1]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.168&id=34ec4c7831c416ac56619477f1701986634a7efc

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 461072fc7b3d8fa77347a884fe5d36c81f660da8)
[Refresh on OpenWrt 22.03]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agokernel: bump 5.10 to 5.10.167
John Audia [Mon, 6 Feb 2023 11:28:36 +0000 (06:28 -0500)]
kernel: bump 5.10 to 5.10.167

All patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 712681458a65736d3fc625bb9c481c31b23c1f97)

21 months agoopenssl: bump to 1.1.1t
John Audia [Tue, 7 Feb 2023 19:56:52 +0000 (14:56 -0500)]
openssl: bump to 1.1.1t

Changes between 1.1.1s and 1.1.1t [7 Feb 2023]

  *) Fixed X.400 address type confusion in X.509 GeneralName.

     There is a type confusion vulnerability relating to X.400 address processing
     inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
     but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
     vulnerability may allow an attacker who can provide a certificate chain and
     CRL (neither of which need have a valid signature) to pass arbitrary
     pointers to a memcmp call, creating a possible read primitive, subject to
     some constraints. Refer to the advisory for more information. Thanks to
     David Benjamin for discovering this issue. (CVE-2023-0286)

     This issue has been fixed by changing the public header file definition of
     GENERAL_NAME so that x400Address reflects the implementation. It was not
     possible for any existing application to successfully use the existing
     definition; however, if any application references the x400Address field
     (e.g. in dead code), note that the type of this field has changed. There is
     no ABI change.
     [Hugo Landau]

  *) Fixed Use-after-free following BIO_new_NDEF.

     The public API function BIO_new_NDEF is a helper function used for
     streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
     to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
     be called directly by end user applications.

     The function receives a BIO from the caller, prepends a new BIO_f_asn1
     filter BIO onto the front of it to form a BIO chain, and then returns
     the new head of the BIO chain to the caller. Under certain conditions,
     for example if a CMS recipient public key is invalid, the new filter BIO
     is freed and the function returns a NULL result indicating a failure.
     However, in this case, the BIO chain is not properly cleaned up and the
     BIO passed by the caller still retains internal pointers to the previously
     freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
     then a use-after-free will occur. This will most likely result in a crash.
     (CVE-2023-0215)
     [Viktor Dukhovni, Matt Caswell]

  *) Fixed Double free after calling PEM_read_bio_ex.

     The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
     decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
     data. If the function succeeds then the "name_out", "header" and "data"
     arguments are populated with pointers to buffers containing the relevant
     decoded data. The caller is responsible for freeing those buffers. It is
     possible to construct a PEM file that results in 0 bytes of payload data.
     In this case PEM_read_bio_ex() will return a failure code but will populate
     the header argument with a pointer to a buffer that has already been freed.
     If the caller also frees this buffer then a double free will occur. This
     will most likely lead to a crash.

     The functions PEM_read_bio() and PEM_read() are simple wrappers around
     PEM_read_bio_ex() and therefore these functions are also directly affected.

     These functions are also called indirectly by a number of other OpenSSL
     functions including PEM_X509_INFO_read_bio_ex() and
     SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
     internal uses of these functions are not vulnerable because the caller does
     not free the header argument if PEM_read_bio_ex() returns a failure code.
     (CVE-2022-4450)
     [Kurt Roeckx, Matt Caswell]

  *) Fixed Timing Oracle in RSA Decryption.

     A timing based side channel exists in the OpenSSL RSA Decryption
     implementation which could be sufficient to recover a plaintext across
     a network in a Bleichenbacher style attack. To achieve a successful
     decryption an attacker would have to be able to send a very large number
     of trial messages for decryption. The vulnerability affects all RSA padding
     modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
     (CVE-2022-4304)
     [Dmitry Belyavsky, Hubert Kario]

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 4ae86b3358a149a17411657b12103ccebfbdb11b)

The original commit removed the upstreamed patch 010-padlock.patch, but
it's not on OpenWrt 22.03, so it doesn't have to be removed.

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
21 months agobpf: ignore missing LLVM bins on package for non compile steps
Christian Marangi [Wed, 18 Jan 2023 11:22:12 +0000 (12:22 +0100)]
bpf: ignore missing LLVM bins on package for non compile steps

To download a package the LLVM bins are not strictly needed.
Currently with an example run of make package/bridger/download V=s, the
build fail with

make[2]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
bash: line 1: /home/ansuel/openwrt-ansuel/openwrt/staging_dir/host/llvm-bpf/bin/clang: No such file or directory
bash: line 1: [: : integer expression expected
/home/ansuel/openwrt-ansuel/openwrt/include/bpf.mk:71: *** ERROR: LLVM/clang version too old. Minimum required: 12, found: .  Stop.
make[2]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
time: package/network/services/bridger/download#0.04#0.00#0.06
    ERROR: package/network/services/bridger failed to build.

This is wrong since it may be needed to download the required packages
first and then compile them later.

Fix this by ignoring the LLVM bin check on non compile steps.

Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 116c73fd71c75e38c4d707dc5a74e6993874098f)

21 months agobpf: check llvm version only when used
Hauke Mehrtens [Wed, 26 Oct 2022 21:05:31 +0000 (23:05 +0200)]
bpf: check llvm version only when used

unetd always includes $(INCLUDE_DIR)/bpf.mk. This file always checks if
the LLVM version is supported in CLANG_VER_VALID. unetd only needs bpf
when UNETD_VXLAN_SUPPORT is set. It fails when UNETD_VXLAN_SUPPORT is
not set and llvm is not installed.

Fix it by only checking the LLVM version when a LLVM toolchain is
available.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit c58177b5dcb3461efef0adefe570dd8a8d966ec4)

21 months agoat91: sam9x,sama5: fix racy SD card image generation
Petr Štetiar [Tue, 3 Jan 2023 11:44:51 +0000 (12:44 +0100)]
at91: sam9x,sama5: fix racy SD card image generation

We've few low spec (make -j3) build workers attached to the 22.03
buildbot instance which from time to time exhibit following build
failure during image generation (shortened for brewity):

 + dd bs=512 if=root.ext4 of=openwrt-22.03...sdcard.img.gz.img
 dd: failed to open 'root.ext4': No such file or directory

Thats happening likely due to the fact, that on buildbots we've
`TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem
image in the SD card image target dependency chain:

 make_ext4fs -L rootfs ... root.ext4+pkg=68b329da

and that hardcoded `root.ext4` image filename becomes available from
other Make targets in the later stages. So lets fix this issue by using
IMAGE_ROOTFS Make variable which should contain proper path to the root
filesystem image.

Fixing remaining subtargets ommited in commit 5c3679e39b61 ("at91:
sama7: fix racy SD card image generation").

Fixes: 5c3679e39b61 ("at91: sama7: fix racy SD card image generation")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3b669bc3f32f7594f38187a284a65ca2c35a0121)

21 months agoat91: sama7: fix racy SD card image generation
Petr Štetiar [Tue, 3 Jan 2023 11:44:51 +0000 (12:44 +0100)]
at91: sama7: fix racy SD card image generation

We've few low spec (make -j3) build workers attached to the 22.03
buildbot instance which from time to time exhibit following build
failure during image generation:

 + dd bs=512 if=root.ext4 of=openwrt-22.03-snapshot-r20028-43d71ad93e-at91-sama7-microchip_sama7g5-ek-ext4-sdcard.img.gz.img seek=135168 conv=notrunc
 dd: failed to open 'root.ext4': No such file or directory

Thats likely due to the fact, that on buildbots we've
`TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem
image in the SD card image target dependency chain:

 make_ext4fs -L rootfs ... root.ext4+pkg=68b329da

and that hardcoded root.ext4 becomes available from other target in the
later stages. So lets fix this issue by using IMAGE_ROOTFS Make variable
which should contain proper path to the root filesystem image.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5c3679e39b615ff29c9315f810e8e15775cc2d01)

21 months agomac80211: Update to version 5.15.92-1
Hauke Mehrtens [Sun, 29 Jan 2023 17:55:38 +0000 (18:55 +0100)]
mac80211: Update to version 5.15.92-1

This update mac80211 to version 5.15.92-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agokernel: bump 5.10 to 5.10.166
John Audia [Wed, 1 Feb 2023 20:44:56 +0000 (15:44 -0500)]
kernel: bump 5.10 to 5.10.166

All patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 50324b949b91cfb70ced3869b09b895e45a5ae37)

21 months agoramips: mt7621-dts: fix phy-mode of external phy on GB-PC2
Arınç ÜNAL [Mon, 28 Nov 2022 21:33:37 +0000 (00:33 +0300)]
ramips: mt7621-dts: fix phy-mode of external phy on GB-PC2

The phy-mode property must be defined on the MAC instead of the PHY. Define
phy-mode under gmac1 which the external phy is connected to.

Tested-by: Petr Louda <petr.louda@outlook.cz>
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit 5155200f97adaeaaac7b752b5a6a5e41cba3db6a)

21 months agoocteontx: add sqaushfs and ramdisk to features
Tim Harvey [Wed, 28 Dec 2022 21:38:15 +0000 (13:38 -0800)]
octeontx: add sqaushfs and ramdisk to features

Add squashfs and ramdisk to features as these are commonly used images
for the octeontx.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
(cherry picked from commit af5635e6ca12d3be275560a58ac6e2793e218fcd)

21 months agoath79: add LTE packages for GL-XE300
Tom Herbers [Sat, 10 Sep 2022 14:45:42 +0000 (16:45 +0200)]
ath79: add LTE packages for GL-XE300

Add LTE packages required for operating the LTE modems shipped with
the GL-XE300.

Example configuration for an unauthenticated dual-stack APN:

network.wwan0=interface
network.wwan0.proto='qmi'
network.wwan0.device='/dev/cdc-wdm0'
network.wwan0.apn='internet'
network.wwan0.auth='none'
network.wwan0.delay='10'
network.wwan0.pdptype='IPV4V6'

Signed-off-by: Tom Herbers <mail@tomherbers.de>
(cherry picked from commit 67f283be4430ebfb46be6c00fcc7c12a6adabce3)

21 months agoath79: add label-mac-device for GL-XE300
Tom Herbers [Tue, 24 Jan 2023 13:14:58 +0000 (14:14 +0100)]
ath79: add label-mac-device for GL-XE300

This adds an label-mac-device alias which refrences the mac which is
printed on the Label of the device.

Signed-off-by: Tom Herbers <mail@tomherbers.de>
(cherry picked from commit f83f5f8452edd3115aacf333b0038da89639a218)

21 months agoath79: add LTE led for GL.iNet GL-XE300
Leo Soares [Sun, 31 Jul 2022 14:28:47 +0000 (15:28 +0100)]
ath79: add LTE led for GL.iNet GL-XE300

This commit adds the LTE led for GL.iNet GL-XE300
to the default leds config.

Signed-off-by: Leo Soares <leo@hyper.ag>
(cherry picked from commit 35a0f2b00c44a43ad087327f0cbdb1c9c5e60c49)
Signed-off-by: Tom Herbers <mail@tomherbers.de>
22 months agokernel: backport some mv88e6xxx devlink patches
Etienne Champetier [Mon, 30 Jan 2023 21:43:00 +0000 (23:43 +0200)]
kernel: backport some mv88e6xxx devlink patches

This should help debug mv88e6xxx issues

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
22 months agokernel: bump 5.10 to 5.10.165
John Audia [Tue, 24 Jan 2023 12:36:07 +0000 (07:36 -0500)]
kernel: bump 5.10 to 5.10.165

All patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 257e9fc57cf2c0391f8d99c25e82d75b73695c8a)

22 months agokernel: bump 5.10 to 5.10.164
John Audia [Wed, 18 Jan 2023 19:45:07 +0000 (14:45 -0500)]
kernel: bump 5.10 to 5.10.164

All patches automatically rebased

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 9c3954bc46fce58a0f2dbe8bf6d3f507cfcd1dfb)

22 months agokernel: bump 5.10 to 5.10.163
John Audia [Sat, 14 Jan 2023 11:31:07 +0000 (06:31 -0500)]
kernel: bump 5.10 to 5.10.163

Removed upstreamed:
  generic/101-Use-stddefs.h-instead-of-compiler.h.patch[1]
  bcm27xx/patches-5.10/950-0194-drm-fourcc-Add-packed-10bit-YUV-4-2-0-format.patch

All patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.163&id=ddd2bb08bd99b7ee4442fbbe0f9b80236fdd71d2

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 2835df54ab84a8709057df156932497b19cda449)

22 months agokernel: bump 5.10 to 5.10.162
John Audia [Thu, 5 Jan 2023 10:51:15 +0000 (05:51 -0500)]
kernel: bump 5.10 to 5.10.162

All patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 2621ddb0bef7f5f8eedc49437dfa23b66e810af6)

22 months agomac80211: use 802.11ax iw modes
David Bauer [Sat, 28 Jan 2023 12:50:17 +0000 (13:50 +0100)]
mac80211: use 802.11ax iw modes

This adds missing HE modes to mac80211_prepare_ht_modes.

Previously mesh without wpa_supplicant would be initialized with 802.11g
/NO-HT only, as this method did not parse channel bandwidth for HE
operation.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit a63430eac33ceb1dbf96d3667e2a0f2e04ba391f)

22 months agokernel: mtk-bmt: fix usage of _oob_read
Chuanhong Guo [Sat, 21 Jan 2023 02:47:59 +0000 (10:47 +0800)]
kernel: mtk-bmt: fix usage of _oob_read

_oob_read returns number of bitflips on success while
bbt_nand_read should return 0.

Fixes: 2d49e49b18 ("mediatek: bmt: use generic mtd api")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit f183ce35b8ea2fd991ac489fb223b09a1ecb4db0)

22 months agotools/mkimage: build uboot with NO_SDL=1
Christian Marangi [Sun, 22 Jan 2023 00:35:16 +0000 (01:35 +0100)]
tools/mkimage: build uboot with NO_SDL=1

From uboot Documentation for uboot-2022.01 for tools-only we can build
with NO_SDL=1 to skip installing the sdl2 package.

Follow this to fix compilation error on macos

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
22 months agolantiq: xrx200: Fix wifi LED on o2 box 6431
Florian Maurer [Sun, 15 Jan 2023 20:22:22 +0000 (20:22 +0000)]
lantiq: xrx200: Fix wifi LED on o2 box 6431

Wifi LED did not work using phy0radio, which somehow slipped through in
the previous testing

Signed-off-by: Florian Maurer <f.maurer@outlook.de>
(cherry picked from commit 2e3d1edf59109d6329a00d90b1e953261d602af5)

22 months agombedtls: move source modification to patch
David Bauer [Wed, 18 Jan 2023 21:06:36 +0000 (22:06 +0100)]
mbedtls: move source modification to patch

Patch the mbedtls source instead of modifying the compile-targets
in the prepare buildstep within OpenWrt.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 00f1463df7e690862403208082f71fb4741baf02)

22 months agoRevert "toolchaini/gcc: fix libstdc++ dual abi model"
Petr Štetiar [Wed, 18 Jan 2023 06:51:45 +0000 (07:51 +0100)]
Revert "toolchaini/gcc: fix libstdc++ dual abi model"

This reverts commit c0b4303d2e2f4a9e1d4684fd584e6b6548666f0f as it was
reported, that it breaks all packages depending on libstdcpp due to
changed ABI.

References: https://github.com/openwrt/packages/issues/20340
Signed-off-by: Petr Štetiar <ynezz@true.cz>
22 months agodosfstools: switch to AC_CHECK_LIB
David Bauer [Mon, 16 Jan 2023 00:30:29 +0000 (01:30 +0100)]
dosfstools: switch to AC_CHECK_LIB

This fixes spurious build-errors on OpenWrt, where the AM_ICONV macro
is undefined while invoking autoconfig. Later in the build, the ICONV
LDOPTIONS are set to @LIBICONV@, failing the build.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 9300a20dcce2217b121bd2020cc1a4ea41fa4475)

22 months agotools/dosfstools: fix PKG_SOURCE
Stijn Tintel [Wed, 14 Dec 2022 18:11:45 +0000 (20:11 +0200)]
tools/dosfstools: fix PKG_SOURCE

Both mirrors provided in the Makefile only serve gzipped tarballs.

Fixes: #10871
Fixes: 9edfe7dd13d9 ("source: Switch to xz for packages and tools where possible")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit bd911b45389b3da299948b457a1fc645febd2248)

22 months agotoolchaini/gcc: fix libstdc++ dual abi model
Ivan Maslov [Sat, 29 Jan 2022 20:11:30 +0000 (23:11 +0300)]
toolchaini/gcc: fix libstdc++ dual abi model

libstdcxx-dual-abi needs to be enabled to actually support C++11 ABI.
Enable the config flag to also permit support of .NET 6 development on
OpenWrt.

Signed-off-by: Ivan Maslov <avenger_msoft@mail.ru>
[ reword commit description and title ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3c06a344e9c7c03c49c9153342e68a5390651323)

22 months agoscripts/dl_github_archieve.py: fix generating unreproducible tar
Christian Marangi [Thu, 12 Jan 2023 13:46:58 +0000 (14:46 +0100)]
scripts/dl_github_archieve.py: fix generating unreproducible tar

Allign dl_github_archieve.py to 8252511dc0b5a71e9e64b96f233a27ad73e28b7f
change. On supported system the sigid bit is applied to files and tar
archieve that on tar creation. This cause unreproducible tar for these
system and these bit should be dropped to produce reproducible tar.

Add the missing option following the command options used in other
scripts.

Fixes: 75ab064d2b38 ("build: download code from github using archive API")
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5f1758ef14575df4e86896526b1c2035c231899e)

22 months agoksmbd: Fix ZDI-CAN-18259
Hauke Mehrtens [Sat, 7 Jan 2023 13:41:04 +0000 (14:41 +0100)]
ksmbd: Fix ZDI-CAN-18259

This fixes a security problem in ksmbd. It currently has the
ZDI-CAN-18259 ID assigned, but no CVE yet.

Backported from:
https://github.com/cifsd-team/ksmbd/commit/8824b7af409f51f1316e92e9887c2fd48c0b26d6
https://github.com/cifsd-team/ksmbd/commit/cc4f3b5a6ab4693aba94a45cc073188df4d67175

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 76c67fcc66116381c69439f20159b636573080ba)

22 months agoksmbd: update to 3.4.6
Nick Hainke [Fri, 21 Oct 2022 12:23:47 +0000 (14:23 +0200)]
ksmbd: update to 3.4.6

Release Announcement:
https://github.com/cifsd-team/ksmbd/releases/tag/3.4.6

Remove upstreamed:
- 10-fix-build-on-kernel-5.15.52-or-higher.patch

This fixes the following security bugs:
* CVE-2022-47938, ZDI-22-1689
* CVE-2022-47939, ZDI-22-1690 (patch was already backported before)
* CVE-2022-47940, ZDI-22-1691
* CVE-2022-47941, ZDI-22-1687
* CVE-2022-47942, ZDI-22-1688
* CVE-2022-47943, ZDI-CAN-17817

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 78cbcc77cc33638b185f85c0e40daee1906a2c3c)

22 months agolantiq-xrx200: fix wan LED on o2 box 6431
Florian Maurer [Thu, 5 Jan 2023 14:29:24 +0000 (15:29 +0100)]
lantiq-xrx200: fix wan LED on o2 box 6431

The WIFI LED already worked for me with the latest openwrt 22.03 version.
Wifi LED did not with an older 22.x version (in gluon - there phy0radio did nothing but phy0tpt did show activity

the WAN interface has the name "wan" and not "pppoe-wan" on this device

fixes #7757 (and FS#2987)

Signed-off-by: Florian Maurer <f.maurer@outlook.de>
(cherry picked from commit 0820d620123a03b6db6642acb6e950d22ffb030f)
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
22 months agoCI: build: fix external toolchain use with release tag tests
Christian Marangi [Wed, 4 Jan 2023 18:26:16 +0000 (19:26 +0100)]
CI: build: fix external toolchain use with release tag tests

When a new tag for a release is created, the just checkout repo from
github actions will already have such tag locally created.

This will result in git fetch --tags failing with error rejecting the
remote tag with (would clobber existing tag).

Add -f option to overwrite any local tags and always fetch them from
remote.

Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f655923b362e9f2d70672eee9c1fa82550a145a6)

22 months agoOpenWrt v22.03.3: revert to branch defaults
Hauke Mehrtens [Tue, 3 Jan 2023 21:03:42 +0000 (22:03 +0100)]
OpenWrt v22.03.3: revert to branch defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
22 months agoOpenWrt v22.03.3: adjust config defaults v22.03.3
Hauke Mehrtens [Tue, 3 Jan 2023 21:03:37 +0000 (22:03 +0100)]
OpenWrt v22.03.3: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
22 months agomac80211: Do not build brcmsmac on bcm47xx_legacy
Hauke Mehrtens [Sat, 24 Dec 2022 13:39:17 +0000 (14:39 +0100)]
mac80211: Do not build brcmsmac on bcm47xx_legacy

brcmsmac needs bcma. bcma is build into the kernel for the other bcm47xx
subtargets, but not for the legacy target because it only uses ssb. We
could build bcma as a module for bcm47xx_legacy, but none of these old
devices uses a wifi card supported by brcsmac.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cb7d662dac897dd7df6ba6ba60417db822bd68f2)

22 months agouml: fix 5.10 build
Christian Lamparter [Sat, 24 Sep 2022 21:42:42 +0000 (23:42 +0200)]
uml: fix 5.10 build

the 5.10 uml build currently breaks with:

/usr/bin/ld: arch/um/os-Linux/signal.o: in function `sigusr1_handler':
arch/um/os-Linux/signal.c:141: undefined reference to `uml_pm_wake'

But there's an upstream fix for this. Backport the fix
for now but also let upstream know so it finds its way
through the -stable releases.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 8bea5edf89e57c32b98620540a457441f5f8ddeb)

22 months agokernel: Add missing kernel configuration options
Hauke Mehrtens [Wed, 21 Dec 2022 13:22:46 +0000 (13:22 +0000)]
kernel: Add missing kernel configuration options

This fixes compile of the bmips target.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f620eb70f1a10385c33a9833e1c97d8c7fef0093)

22 months agogdb: Do not link against xxhash
Hauke Mehrtens [Sat, 17 Dec 2022 21:10:39 +0000 (22:10 +0100)]
gdb: Do not link against xxhash

libxxhash is now available in the OpenWrt package feed and gdb will link
against it if gdb finds this library. Explicitly deactivate the usage
of xxhash.

This should fix the build of gdb in build bots.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a442974cfa89c7182c37b3b422b2d49319e2b339)

22 months agoodhcpd: fix null pointer dereference for INFORM messages
Hans Dedecker [Mon, 2 Jan 2023 12:49:24 +0000 (13:49 +0100)]
odhcpd: fix null pointer dereference for INFORM messages

4a673e1 fix null pointer dereference for INFORM messages

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
22 months agoipq40xx: sysupgrade: allow flashing Linksys factory firmware
Tony Ambardar [Fri, 2 Dec 2022 02:00:30 +0000 (18:00 -0800)]
ipq40xx: sysupgrade: allow flashing Linksys factory firmware

Allow forced flashing of a factory firmware image, after checking for the
correct FIT magic header and Linksys board-specific footer. Details of the
footer are already described in scripts/linksys-image.sh.

This is convenient as it avoids using a TFTP server or OEM GUI, and allows
restoring OEM firmware or installing a "breaking" OpenWrt update (e.g DSA
migration and kernel repartition) directly from the command line.

Devices supported at this time include EA6350v3, EA8300, MR8300 and WHW01.

Reviewed-by: Robert Marko <robimarko@gmail.com>
Tested-by: Wyatt Martin <wawowl@gmail.com> # WHW01
Tested-by: Tony Ambardar <itugrok@yahoo.com> # EA6350v3
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 6fc334cbdc2b1716786768c545b761b338962b43)

22 months agobase-files: stage2: add 'tail' to sysupgrade environment
Tony Ambardar [Sat, 3 Dec 2022 07:13:22 +0000 (23:13 -0800)]
base-files: stage2: add 'tail' to sysupgrade environment

This is used to access footer data in firmare files, and is simpler and
less error-prone than using 'dd' with calculated offsets.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 9cbc825b30a60c4c4b466301b87e15e59b107f24)

22 months agotreewide: Trigger reinstall of all wolfssl dependencies
Hauke Mehrtens [Sat, 31 Dec 2022 18:32:41 +0000 (19:32 +0100)]
treewide: Trigger reinstall of all wolfssl dependencies

The ABI of the wolfssl library changed a bit between version 5.5.3 and
5.5.4. This release update will trigger a rebuild of all packages which
are using wolfssl to make sure they are adapted to the new ABI.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ee47a28cec01c7943238bae45f65a98e4fc9abbe)

22 months agowolfssl: update to 5.5.4-stable
Nick Hainke [Thu, 29 Dec 2022 22:11:37 +0000 (23:11 +0100)]
wolfssl: update to 5.5.4-stable

Remove upstreamed:
- 001-Fix-enable-devcrypto-build-error.patch

Refresh patch:
- 100-disable-hardening-check.patch

Release notes:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.4-stable

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 04634b2d8253972a3e7b663231474eb564e69077)

23 months agombedtls: update to version 2.28.2
Hauke Mehrtens [Thu, 29 Dec 2022 20:26:28 +0000 (21:26 +0100)]
mbedtls: update to version 2.28.2

Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.

Fixes the following CVEs:
* CVE-2022-46393: Fix potential heap buffer overread and overwrite in
DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

* CVE-2022-46392: An adversary with access to precise enough information
about memory accesses (typically, an untrusted operating system
attacking a secure enclave) could recover an RSA private key after
observing the victim performing a single private-key operation if the
window size used for the exponentiation was 3 or smaller.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit af3c9b74e177019b18055c263099a42c1c6c3453)

23 months agotoolchain: gcc: import patch fixing asm machine directive for powerpc
Nick Hainke [Tue, 27 Dec 2022 23:02:41 +0000 (00:02 +0100)]
toolchain: gcc: import patch fixing asm machine directive for powerpc

Applications with libmbedtls, e.g. curl, fail on mpc85xx with:
  curl[7227]: illegal instruction (4) at b7c94288 nip b7c94288 lr b7c6b528 code 1 in libmbedcrypto.so.2.28.1[b7c3e000+7e000]
  curl[7227]: code: 3d7e0000 809e8004 91490000 816b814c 7d6903a6 4e800421 80010024 83c10018
  curl[7227]: code: 38210020 7c0803a6 4e800020 9421fff0 <7d4d42e67c6c42e6 7d2d42e6 7c0a4840

This is due to a bug in gcc-11.2.0. It is fixed with gcc-11.3.0.
Import the patch that is fixing the issue.

Signed-off-by: Nick Hainke <vincent@systemli.org>
23 months agokernel: remove hack patch, move kirkwood specific kmods to target modules.mk
Felix Fietkau [Fri, 30 Sep 2022 09:42:06 +0000 (11:42 +0200)]
kernel: remove hack patch, move kirkwood specific kmods to target modules.mk

Tweaking the KCONFIG line of kmod-ata-marvell-sata makes the hack patch
unnecessary

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 2e375e9b3148cfdb9b19494a25eebc2fa7b256a3)

23 months agokernel: bump 5.10 to 5.10.161
John Audia [Wed, 21 Dec 2022 19:19:12 +0000 (14:19 -0500)]
kernel: bump 5.10 to 5.10.161

All patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 59254010077c9086afee8a8b4c490943d6749065)

23 months agouhttpd: update to latest Git HEAD
Hauke Mehrtens [Mon, 26 Dec 2022 12:58:47 +0000 (13:58 +0100)]
uhttpd: update to latest Git HEAD

2397755 client: fix incorrectly emitting HTTP 413 for certain content lengths

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 73dca49f355fe10d1d5e629b0df584b03a1849b3)

23 months agokernel: backport ksmbd security fix ZDI-22-1690
Daniel Graña [Fri, 23 Dec 2022 18:24:34 +0000 (15:24 -0300)]
kernel: backport ksmbd security fix ZDI-22-1690

Fix zero day vulnerability reported as ZDI-22-1690, no CVE assigned yet.
Picked from https://github.com/cifsd-team/ksmbd/commit/1f9d85a340

Signed-off-by: Daniel Graña <dangra@gmail.com>
23 months agoRevert "image-commands.mk: Be consistent in command invocation"
Hauke Mehrtens [Thu, 22 Dec 2022 12:02:07 +0000 (13:02 +0100)]
Revert "image-commands.mk: Be consistent in command invocation"

This reverts commit fcff234fd89e8b24aa3ad2f352ddbb5304c38dc1.

$(STAGING_DIR_HOST)/bin/gzip is not available in openwrt-22.03. The
change broke the build because the build process could not find this
file. For example ath79/generic netgear_wndap360 was affected.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
23 months agosunxi: remove frequency for NanoPi R1
Jan-Niklas Burfeind [Sun, 11 Dec 2022 13:04:46 +0000 (14:04 +0100)]
sunxi: remove frequency for NanoPi R1

The frequency appears as unlisted initial frequency.
Removed it as Hauke suggested.

Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
(cherry picked from commit 5b82eeb320d9f8e543232bb5dd004e644b35983e)

23 months agoarm-trusted-firmware-sunxi: drop CPE ID
Stijn Tintel [Tue, 20 Dec 2022 18:04:54 +0000 (20:04 +0200)]
arm-trusted-firmware-sunxi: drop CPE ID

The CPE ID is already set in trusted-firmware-a.mk.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 9ed1830bdc1e58efb3e5b17c0e484e1a2655b550)

23 months agotrusted-firmware-a.mk: use correct CPE ID
Stijn Tintel [Tue, 20 Dec 2022 18:04:53 +0000 (20:04 +0200)]
trusted-firmware-a.mk: use correct CPE ID

There are 2 different CPE IDs on the NVD website:
cpe:/a:arm:trusted_firmware-a
cpe:/o:arm:arm_trusted_firmware

The ID as currently used in trusted-firmware-a.mk does not exist. The
CPE ID using the arm_trusted_firmware product name only lists a few
records for versions 2.2 and 2.3 on the NVD site. The CPE ID using the
trusted_firmware-a product name lists many more records, and actually
has a CVE linked to it. Therefore, use the CPE ID using the
trusted_firmware-a product name.

Fixes: 104d60fe94ce ("trusted-firmware-a.mk: add PKG_CPE_ID")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit c8c6508c22c59a09b7acce63bed28947788a46d4)

23 months agokernel: bump 5.10 to 5.10.160
John Audia [Mon, 19 Dec 2022 14:18:02 +0000 (09:18 -0500)]
kernel: bump 5.10 to 5.10.160

No patches affected by this update.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 1e375c8fbd6a3259ffbbbde13eb0c106bedbcd1c)

23 months agoath79: image: don't depend on other COMPILE targets
Alexander Couzens [Sat, 3 Dec 2022 14:25:12 +0000 (15:25 +0100)]
ath79: image: don't depend on other COMPILE targets

A device COMPILE target should not depend on another COMPILE.
Otherwise race condition may happen.
The loader is very small. Compiling it twice shouldn't
have a huge impact.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit 17c6fb1054e3dde8fa573195acaac42a5edf0942)

23 months agoimage: fix device profile specific COMPILE targets
Michael Pratt [Tue, 22 Nov 2022 00:37:39 +0000 (00:37 +0000)]
image: fix device profile specific COMPILE targets

Commit a01d23e75 ("image: always rebuild kernel loaders")
is a step in the right direction, but exposed some issues
and regressions in the makefile.

Some of the files made by device specific COMPILE targets
start with an "append" command (i.e. >> instead of > redirection)
and if the file already exists, the target file is the
input to itself before the first recipe-specified input.

Fixes: a01d23e75 ("image: always rebuild kernel loaders")
Fixes: a7fb589e8 ("image: always rebuild kernel loaders")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit 1bff0752bd5e7feb0f311224a09b3bf217a9aeb3)

23 months agorules: fix broken commitcount on alpine system
Christian Marangi [Sat, 17 Dec 2022 15:39:00 +0000 (16:39 +0100)]
rules: fix broken commitcount on alpine system

To generate commitcount we use grep --max-count. This is not present on
alpine grep and cause wrong generation. Use -m as it's just the short
version of --max-count and more portable.

Fixes: #11200
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit eb7ffeafbfa78235b05abb4ae479376150d7a814)

23 months agoimage-commands.mk: Be consistent in command invocation
Olliver Schinagl [Wed, 14 Dec 2022 10:39:17 +0000 (11:39 +0100)]
image-commands.mk: Be consistent in command invocation

Most/all other tools use the staging dir prefix, gzip should as well.

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Acked-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 47df168dd279d52127f6bbc623e79bdeeb6c8fd4)

23 months agosunxi: fix typo in device packages for MarsBoard A10
Chukun Pan [Sun, 9 Oct 2022 15:15:28 +0000 (23:15 +0800)]
sunxi: fix typo in device packages for MarsBoard A10

The kmod prefix for sound-soc-sunxi is missing, fix it.
Also add kmod-sound-core as dependence.

Fixes: 6a35659 ("sunxi: Added profile for HAOYU Electronics Marsboard A10")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 7bcf6b54fc819c26fc2cea32c464e87614cc2d26)

23 months agokernel: Make KERNEL_MAKEOPTS recursively expanded
Hauke Mehrtens [Wed, 14 Dec 2022 15:29:16 +0000 (16:29 +0100)]
kernel: Make KERNEL_MAKEOPTS recursively expanded

KERNEL_MAKEOPTS will get expanded when it is used and not when it is
defined in the kernel.mk file now. This fixes problems finding dependent
kernel modules when it is used by a kernel module package.

Without this change the build of packages which depend on other out of
tree modules failed when they used KERNEL_MAKE because some symbols could
not be found. This happened because KERNEL_MAKE_FLAGS which contains a
"if $(__package_mk)" was  evaluated where KERNEL_MAKEOPTS was defined
and not when the KERNEL_MAKE was used. For packages which included
kernel.mk before package.mk we saw this problem. One workaround
was to use the correct include order and the other one was to not
use KERNEL_MAKE_FLAGS, but copy its content.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 06ad3adeecc27859313e60c173c435d45ac2b345)

23 months agolantiq: vr9: include usb driver for fritz 7430
Tony Butler [Fri, 9 Dec 2022 11:13:16 +0000 (03:13 -0800)]
lantiq: vr9: include usb driver for fritz 7430

Reported by user: missing driver for USB; add to image definition
https://github.com/openwrt/openwrt/issues/11326

Resolves: #11326

Signed-off-by: Tony Butler <spudz76@gmail.com>
Acked-by: Aleksander Jan Bajkowski <olek2@wp.pl>
(cherry picked from commit 9a1ab8aa0398f93360bf54d81bcd332cd413c03f)

23 months agowolfssl: fix build with /dev/crypto
Chukun Pan [Thu, 1 Dec 2022 15:28:38 +0000 (23:28 +0800)]
wolfssl: fix build with /dev/crypto

Backport upstream patch to fix build error when
/dev/crypto enabled.

https://github.com/wolfSSL/wolfssl/commit/dc9f46a3be00b5e82684a158605189d1278e324c

Fixes: #10944
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 171691500eca0737c59d4fff50578b74a90583be)