openwrt/staging/pepe2k.git
2 years agolibnfnetlink: add PKG_CPE_ID
Nick Hainke [Sat, 3 Sep 2022 16:17:26 +0000 (18:17 +0200)]
libnfnetlink: add PKG_CPE_ID

Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agolibmnl: add PKG_CPE_ID
Nick Hainke [Sat, 3 Sep 2022 16:15:24 +0000 (18:15 +0200)]
libmnl: add PKG_CPE_ID

Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agof2fs-tools: add PKG_CPE_ID
Nick Hainke [Sat, 3 Sep 2022 16:11:51 +0000 (18:11 +0200)]
f2fs-tools: add PKG_CPE_ID

Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agolibnl: add PKG_CPE_ID
Nick Hainke [Sat, 3 Sep 2022 16:07:39 +0000 (18:07 +0200)]
libnl: add PKG_CPE_ID

Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agojansson: add PKG_CPE_ID
Nick Hainke [Sat, 3 Sep 2022 16:04:57 +0000 (18:04 +0200)]
jansson: add PKG_CPE_ID

Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agolibusb: add PKG_CPE_ID
Nick Hainke [Sat, 3 Sep 2022 16:02:34 +0000 (18:02 +0200)]
libusb: add PKG_CPE_ID

Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agolldpd: add PKG_CPE_ID
Nick Hainke [Sat, 3 Sep 2022 16:00:30 +0000 (18:00 +0200)]
lldpd: add PKG_CPE_ID

Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agostrace: replace PKG_CPE_ID
Nick Hainke [Sat, 3 Sep 2022 15:51:24 +0000 (17:51 +0200)]
strace: replace PKG_CPE_ID

Searching for strace in nvd.nist.gov/products/cpe/search [0] will result
in "cpe:/a:strace_project:strace". Replace the current PKG_CPE_ID with
it.

[0] - https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.2&keyword=strace

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agoethtool: add PKG_CPE_ID
Nick Hainke [Sat, 3 Sep 2022 15:42:56 +0000 (17:42 +0200)]
ethtool: add PKG_CPE_ID

Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agotools/bc: add PKG_CPE_ID
Nick Hainke [Sat, 3 Sep 2022 15:38:43 +0000 (17:38 +0200)]
tools/bc: add PKG_CPE_ID

Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agolibcap: add PKG_CPE_ID
Nick Hainke [Sat, 3 Sep 2022 10:13:36 +0000 (12:13 +0200)]
libcap: add PKG_CPE_ID

Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agonettle: add PKG_CPE_ID
Nick Hainke [Sat, 3 Sep 2022 10:00:26 +0000 (12:00 +0200)]
nettle: add PKG_CPE_ID

Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agokernel: rework Huawei-compatible OEM SFP GE-T
Daniel Golle [Mon, 5 Sep 2022 21:41:22 +0000 (22:41 +0100)]
kernel: rework Huawei-compatible OEM SFP GE-T

This patch was added in 09b086eecaa545cf7f30bc7e394a32751e25db65
("kernel: add quirk for Huawei-compatible OEM SFP GE-T"). Add patch
title, description and SoB to follow OpenWrt's developer guide for
working patches to prepare it for being sent upstream. This patch
should be discussed with Russell King and merged to Linux kernel.

Co-authored-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agokernel: add support for HALNy HL-GSFP and other related fixes
Josef Schlehofer [Fri, 26 Aug 2022 14:21:44 +0000 (16:21 +0200)]
kernel: add support for HALNy HL-GSFP and other related fixes

It was reported on Turris forum [1] that HALNy HL-GSFP module does not
work as it should with kernel 5.15. Russell King prepared this patch
series, which fixes broken SFP module to work.

Compile and run tested with Turris Omnia.

[1] https://forum.turris.cz/t/hbl-turrisos-6-0-alpha2-halny-hl-gsfp-sfp-gpon-stick-problems/17547

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agohostapd: rename hostapd multicast_to_unicast option to multicast_to_unicast_all
Felix Fietkau [Tue, 6 Sep 2022 10:12:12 +0000 (12:12 +0200)]
hostapd: rename hostapd multicast_to_unicast option to multicast_to_unicast_all

There are two feature currently altered by the multicast_to_unicast option.
1. bridge level multicast_to_unicast via IGMP snooping
2. hostapd/mac80211 config multicast_to_unicast setting

The hostapd/mac80211 setting has the side effect of converting *all* multicast
or broadcast traffic into per-station duplicated unicast traffic, which can
in some cases break expectations of various protocols.
It also has been observed to cause ARP lookup failure between stations
connected to the same interface.

The bridge level feature is much more useful, since it only covers actual
multicast traffic managed by IGMP, and it implicitly defaults to 1 already.

Renaming the hostapd/mac80211 option to multicast_to_unicast_all should avoid
unintentionally enabling this feature

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agotools: remove xxd package
Petr Štetiar [Tue, 30 Aug 2022 06:41:07 +0000 (08:41 +0200)]
tools: remove xxd package

It shouldn't be needed anymore as we've now `scripts/xxdi.pl`, which
should be self contained and fully compatible `xxd -i` replacement.

Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2 years agobuild: provide xxd -i with scripts/xxdi.pl
Petr Štetiar [Tue, 30 Aug 2022 06:45:39 +0000 (08:45 +0200)]
build: provide xxd -i with scripts/xxdi.pl

Dependency on xxd was added in commit c4dd2441e787 ("tools: add xxd
(from vim)") as U-Boot requires xxd to create the default environment
from an external file.

Later in commit 2b94aac7a128 ("tools: xxd: use more convenient source
tarball"), xxd from another source was used instead, but that source is
currently unavailable, so let's fix it by using simple xxdi.pl Perl
script instead.

Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2 years agoscripts: xxdi.pl: add xxd -i compat mode
Petr Štetiar [Tue, 30 Aug 2022 06:34:26 +0000 (08:34 +0200)]
scripts: xxdi.pl: add xxd -i compat mode

So it can serve as a standalone drop in replacement for xxd utility used
currently mostly in U-Boot packages with `xxd -i` mode which outputs C
include file style, with aim for byte to byte identical output, so the
eventual difference in the generated output is easily spottable.

Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jo-Philipp Wich <jo@mein.io> [perl-fu]
2 years agoscripts: xxdi.pl: remove File::Slurp dependency
Jo-Philipp Wich [Tue, 30 Aug 2022 16:20:04 +0000 (18:20 +0200)]
scripts: xxdi.pl: remove File::Slurp dependency

In order to make it more portable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2 years agoscripts: add xxdi.pl
Petr Štetiar [Tue, 30 Aug 2022 06:31:42 +0000 (08:31 +0200)]
scripts: add xxdi.pl

xxdi.pl is a Perl script that implements vim's 'xxd -i' mode so that
packages do not have to use all of vim just to get this functionality.

References: #10555
Source: https://github.com/gregkh/xxdi/blob/97a6bd5cee05d1b15851981ec38ef5a460ddfcb1/xxdi.pl
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2 years agomediatek: fix sysupgrade on MTK7986 rfba AP
Daniel Golle [Tue, 6 Sep 2022 02:27:16 +0000 (03:27 +0100)]
mediatek: fix sysupgrade on MTK7986 rfba AP

A line in platform.sh was accidentally removed when adding support
for the Bananapi BPi-R3.
Re-add it to fix sysupgrade on the MTK7986 rfba AP.

Fixes: a96382c1bb ("mediatek: add support for Bananapi BPi-R3")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agoath79: move 5.15 testing kernel to common Makefile
Nick Hainke [Tue, 23 Aug 2022 17:14:47 +0000 (19:14 +0200)]
ath79: move 5.15 testing kernel to common Makefile

All subtargets are using now 5.15 as testing kernel.
Move KERNEL_TESTING_PATCHVER:=5.15 to the common Makefile.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agoath79: tiny: add 5.15 support for tiny subtarget
Nick Hainke [Tue, 23 Aug 2022 16:44:21 +0000 (18:44 +0200)]
ath79: tiny: add 5.15 support for tiny subtarget

Tested on Ubiquiti Nanostation M5 XM with low_mem.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agoath79: add low_mem to tiny image
Nick Hainke [Fri, 19 Aug 2022 16:59:36 +0000 (18:59 +0200)]
ath79: add low_mem to tiny image

Devices with SMALL_FLASH enabled have "SQUASHFS_BLOCK_SIZE=1024" in
their config. This significantly increases the cache memory required by
squashfs [0]. This commit enables low_mem leading to a much better
performance because the SQUASHFS_BLOCK_SIZE is reduced to 256.

Example Nanostation M5 (XM):
The image size increases by 128 KiB. However, the memory statisitcs look
much better:

Default tiny build:
------
MemTotal:          26020 kB
MemFree:            5648 kB
MemAvailable:       6112 kB
Buffers:               0 kB
Cached:             3044 kB

low_mem enabled:
-----
MemTotal:          26976 kB
MemFree:            6748 kB
MemAvailable:      11504 kB
Buffers:               0 kB
Cached:             7204 kB

[0] - https://github.com/freifunk-gluon/gluon/commit/7e8af99cf504ca1dc389f282a0c94f4a911571be

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agoipq40xx: add support for Extreme Networks WS-AP3915i
David Bauer [Mon, 29 Aug 2022 12:30:01 +0000 (14:30 +0200)]
ipq40xx: add support for Extreme Networks WS-AP3915i

Hardware
--------
Qualcomm IPQ4029 WiSoC
2T2R 802.11 abgn
2T2R 802.11 nac
Macronix MX25L25635E SPI-NOR (32M)
512M DDR3 RAM
1x Gigabit LAN
1x Cisco RJ-45 Console port
Settings: 115200 8N1

Installation
------------

1. Attach to the Console port. Power up the device and press the s key
   to interrupt autoboot.

2. The default username / password to the bootloader is admin / new2day

3. Update the bootcommand to allow loading OpenWrt.

   $ setenv ramboot_openwrt "setenv serverip 192.168.1.66;
     setenv ipaddr 192.168.1.1; tftpboot 0x86000000 openwrt-3915.bin;
     bootm"
   $ setenv boot_openwrt "sf probe;
     sf read 0x88000000 0x280000 0xc00000; bootm 0x88000000"
   $ setenv bootcmd "run boot_openwrt"
   $ saveenv

4. Download the OpenWrt initramfs image. Serve it using a TFTP server as
   "openwrt-3915.bin" at 192.1681.66.

5. Download & boot the OpenWrt initramfs image on the access point.

   $ run ramboot_openwrt

6. Wait for OpenWrt to start.

7. Download and transfer the sysupgrade image to the device using e.g.
   SCP.

8. Install OpenWrt to the device using "sysupgrade"

   $ sysupgrade -n /path/to/openwrt.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
2 years agoipq-wifi: add Extreme Networks WS-AP3915i
David Bauer [Mon, 29 Aug 2022 15:36:46 +0000 (17:36 +0200)]
ipq-wifi: add Extreme Networks WS-AP3915i

Signed-off-by: David Bauer <mail@david-bauer.net>
2 years agoipq40xx: point to externally compiled dtbs in recipes
Tomasz Maciej Nowak [Thu, 25 Aug 2022 18:26:11 +0000 (20:26 +0200)]
ipq40xx: point to externally compiled dtbs in recipes

Adjusting dts will cause a rebuild of whole kernel as the buildroot
considers this a part of kernel source. It's a royal PITA when trying to
prepare support for new device, since this takes a lot of time on slower
systems. As it stands, buildroot itself, with own rule, also compiles
dtbs and the results are $(KDIR)/image-$(DEVICE_DTS).dtb. With setting
DEVICE_DTS_DIR to directory holding the device dts (similarly to some
other targets), buildroot doesn't consider changed dts as part of kernel
source and rebuilds only dtb. This really speeds up development. And
since the kernel built dts are no longer used, drop the paches adding
dtses to its build.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2 years agokernel: fix mvneta Ethernet after generic phylink validate
Daniel Golle [Mon, 5 Sep 2022 13:04:17 +0000 (14:04 +0100)]
kernel: fix mvneta Ethernet after generic phylink validate

Import patches from Linux v5.16 and v5.17 to get 2500Base-X SFP working
again with mvneta driver after the generic phylink validate backport.

Fixes: aab466f422 ("kernel: backport generic phylink validate")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agomediatek: fix fallout after etron spinand backport
Felix Fietkau [Mon, 5 Sep 2022 09:45:00 +0000 (11:45 +0200)]
mediatek: fix fallout after etron spinand backport

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agobuild: export STAGING_DIR_HOST in toplevel make code
Felix Fietkau [Sun, 28 Aug 2022 18:35:03 +0000 (20:35 +0200)]
build: export STAGING_DIR_HOST in toplevel make code

Fixes ncurses pkg-config check for menuconfig

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoairoha: Add new target platform
Daniel Danzberger [Wed, 3 Aug 2022 15:31:03 +0000 (17:31 +0200)]
airoha: Add new target platform

Airoha is a new ARM platform based on Cortex-A53 which has recently been
merged into linux-next.

Due to BootROM limitations on this platform, the Cortex-A53 can't run in
Aarch64 mode and code must be compiled for 32-Bit ARM.

This support is based mostly on those linux-next commits backported
for kernel 5.15.

Patches:
1 - platform support = linux-next
2 - clock driver = linux-next
3 - gpio driver = linux-next
4 - linux,usable-memory-range dts support = linux-next
5 - mtd spinand driver
6 - spi driver
7 - pci driver (kconfig only, uses mediatek PCI) = linux-next

Still missing:
- Ethernet driver
- Sysupgrade support

A.t.m there exists one subtarget EN7523 with only one evaluation
board.

The initramfs can be run with the following commands from u-boot:
-
u-boot> setenv bootfile \
openwrt-airoha-airoha_en7523-evb-initramfs-kernel.bin
u-boot> tftpboot
u-boot> bootm 0x81800000
-

Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
2 years agorealtek: replace fix for spurious GPIO interrupts
Sander Vanheule [Sun, 4 Sep 2022 18:21:11 +0000 (20:21 +0200)]
realtek: replace fix for spurious GPIO interrupts

8 and 16 bit writes to the GPIO peripheral are apparently not supported,
and only worked most of the time. This resulted in garbabe writes to the
interrupt mask registers, causing spurious unhandled interrupts, which
could lead to CPU lock-ups as these kept retriggering.

Instead of clearing these spurious interrupt when they occur, the
upstream patch will just make sure all register writes have the intended
result, so these don't happen at all.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2 years agobcm4908: fix Asus GT-AX6000 image
Rafał Miłecki [Sat, 3 Sep 2022 18:41:00 +0000 (20:41 +0200)]
bcm4908: fix Asus GT-AX6000 image

1. Include Linux DTB
2. Add 50991 variant (seems to differ by 1 PHY we don't support yet)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agomediatek: mt7622: fix DTS compatible of UniFi 6 LR variants
Daniel Golle [Sat, 3 Sep 2022 01:24:14 +0000 (02:24 +0100)]
mediatek: mt7622: fix DTS compatible of UniFi 6 LR variants

Make sure the compatible string in DTS matches the now v1/v2
differentiated board name in target/linux/mediatek/image/mt7622.mk.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-envtools: update to 2022.07
Nick Hainke [Mon, 29 Aug 2022 11:57:56 +0000 (13:57 +0200)]
uboot-envtools: update to 2022.07

Update to latest version.

Remove upstreamed patches:
- 100-fw_env-make-flash_io-take-buffer-as-an-argument.patch
- 101-fw_env-simplify-logic-code-paths-in-the-fw_env_open.patch
- 102-fw_env-add-fallback-to-Linux-s-NVMEM-based-access.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agokernel: build crypto md5/sha1/sha256 modules for powerpc
Josef Schlehofer [Tue, 30 Aug 2022 07:02:32 +0000 (09:02 +0200)]
kernel: build crypto md5/sha1/sha256 modules for powerpc

This builds and enables kernel optimized modules for mpc85xx target:
- CONFIG_CRYPTO_MD5_PPC [1]
- CONFIG_CRYPTO_SHA1_PPC_SPE [2]
- CONFIG_CRYPTO_SHA256_PPC_SPE [3]

Where it was possible, then use Signal Processing Engine, because
CONFIG_SPE is already enabled in mpc85xx config.

[1] https://cateee.net/lkddb/web-lkddb/CRYPTO_MD5_PPC.html
[2] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA1_PPC.html
[3] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA256_PPC_SPE.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agogdb: update to 12.1
Nick Hainke [Sat, 27 Aug 2022 17:53:17 +0000 (19:53 +0200)]
gdb: update to 12.1

Release Notes:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=gdb/NEWS;hb=gdb-12.1-release

Refresh patches:
- 110-shared_libgcc.patch
- 130-gdb-ctrl-c.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agotoolchain: gdb: update to 12.1
Nick Hainke [Mon, 29 Aug 2022 12:21:18 +0000 (14:21 +0200)]
toolchain: gdb: update to 12.1

Release Notes:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=gdb/NEWS;hb=gdb-12.1-release

Refreshed patch:
- 120-fix-compile-flag-mismatch.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agowolfssl: bump to 5.5.0
Ivan Pavlov [Wed, 31 Aug 2022 05:04:42 +0000 (08:04 +0300)]
wolfssl: bump to 5.5.0

Remove upstreamed: 101-update-sp_rand_prime-s-preprocessor-gating-to-match.patch

Some low severity vulnerabilities fixed
OpenVPN compatibility fixed (broken in 5.4.0)
Other fixes && improvements

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
2 years agobcm4908: use upstream patches for Asus GT-AC5300 LEDs
Rafał Miłecki [Fri, 2 Sep 2022 15:07:40 +0000 (17:07 +0200)]
bcm4908: use upstream patches for Asus GT-AC5300 LEDs

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agokernel: bump 5.15 to 5.15.64
John Audia [Wed, 31 Aug 2022 16:26:53 +0000 (12:26 -0400)]
kernel: bump 5.15 to 5.15.64

All patches automatically rebased

Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200

Signed-off-by: John Audia <therealgraysky@proton.me>
2 years agompc85xx: Drop pci aliases to avoid domain changes
Martin Kennedy [Tue, 30 Aug 2022 00:47:24 +0000 (20:47 -0400)]
mpc85xx: Drop pci aliases to avoid domain changes

As of upstream Linux commit 0fe1e96fef0a ("powerpc/pci: Prefer PCI
domain assignment via DT 'linux,pci-domain' and alias"), the PCIe
domain address is no longer numbered by the lowest 16 bits of the PCI
register address after a fallthrough. Instead of the fallthrough, the
enumeration process accepts the alias ID (as determined by
`of_alias_scan()`). This causes e.g.:

9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...

to become

0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...

... which then causes the sysfs path of the netdev to change,
invalidating the `wifi_device.path`s enumerated in
`/etc/config/wireless`.

One other solution might be to migrate the uci configuration, as was
done for mvebu in commit 0bd5aa89fcf2 ("mvebu: Migrate uci config to
new PCIe path"). However, there are concerns that the sysfs path will
change once again once some upstream patches[^2][^3] are merged and
backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled).

Instead, remove the aliases and allow the fallthrough to continue for
now. We will provide a migration in a later release.

This was first reported as a Github issue[^1].

[^1]: https://github.com/openwrt/openwrt/issues/10530
[^2]: https://lore.kernel.org/linuxppc-dev/20220706104308.5390-1-pali@kernel.org/t/#u
[^3]: https://lore.kernel.org/linuxppc-dev/20220706101043.4867-1-pali@kernel.org/

Fixes: #10530
Tested-by: Martin Kennedy <hurricos@gmail.com>
[Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i]
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
2 years agoat91bootstrap: use sdmmc0 as booting media for sama5d27_som1_ek
Claudiu Beznea [Thu, 28 Jul 2022 10:14:59 +0000 (13:14 +0300)]
at91bootstrap: use sdmmc0 as booting media for sama5d27_som1_ek

Commit 0b7c66c ("at91bootstrap: add sama5d27_som1_eksd1_uboot as
default defconfig") changed default booting media for sama5d27_som1_ek
board w/o any reason. Changed it back to sdmmc0 as it is for all the
other Microchip supported distributions for this board (Buildroot,
Yocto Project). The initial commit cannot be cleanly reverted.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2 years agouboot-at91: use sdmmc0 as booting media for sama5d27_som1_ek
Claudiu Beznea [Thu, 28 Jul 2022 10:12:34 +0000 (13:12 +0300)]
uboot-at91: use sdmmc0 as booting media for sama5d27_som1_ek

Commit adc69fe (""uboot-at91: changed som1 ek default defconfigs")
changed the booting media to sdmmc1 as default booting w/o any reason.
The Microchip releases for the rest of supported distributions (Buildroot,
Yocto Project) uses sdmmc0 as default booting media for this board.
Thus change it back to sdmmc0. With this remove references to sdmmc1
config. The initial commit cannot be cleanly reverted.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2 years agokernel: fix DSA mac_select_pcs backport
Daniel Golle [Thu, 1 Sep 2022 20:40:44 +0000 (21:40 +0100)]
kernel: fix DSA mac_select_pcs backport

Backport commit from Linux 5.18 fixing phylink with DSA drivers which
do not provide mac_select_pcs yet.

Fixes: aab466f422 ("kernel: backport generic phylink validate")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agounetd: update to the latest version
Felix Fietkau [Thu, 1 Sep 2022 18:41:42 +0000 (20:41 +0200)]
unetd: update to the latest version

f5d02c32f811 pex: add support for sending endpoint notification from the wg port via raw socket
c3b1127236a0 ubus: add support for querying active networks
8ad119715168 ubus: add support for adding auth_connect hosts at runtime
26dc52789d41 network: add support for configuring extra peers via a separate json file
d7fb9e5b065b ubus: add reload command

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agounetd: fix handling of connect/tunnel list
Felix Fietkau [Wed, 31 Aug 2022 11:29:32 +0000 (13:29 +0200)]
unetd: fix handling of connect/tunnel list

change the type to array, so that uci lists can be used

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agofirewall4: update to latest Git HEAD
Jo-Philipp Wich [Thu, 1 Sep 2022 10:37:58 +0000 (12:37 +0200)]
firewall4: update to latest Git HEAD

f5fcdcf cli: introduce test mode and refuse firewall restart on errors
a540f6d fw4: fix cosmetic issue with per-ruleset and per-table include paths
695e821 doc: fix swapped include positions in nftables.d README

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2 years agonettle: update to 3.8.1
Nick Hainke [Mon, 29 Aug 2022 06:08:40 +0000 (08:08 +0200)]
nettle: update to 3.8.1

Release Notes:
https://lists.gnu.org/archive/html/info-gnu/2022-07/msg00010.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agoreadline: update to 8.1.2
Nick Hainke [Mon, 29 Aug 2022 06:25:03 +0000 (08:25 +0200)]
readline: update to 8.1.2

Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agokernel: fix typo for tegra crypto-sha1 module
Josef Schlehofer [Tue, 30 Aug 2022 06:51:37 +0000 (08:51 +0200)]
kernel: fix typo for tegra crypto-sha1 module

Fixes: e889489bedfd2830411bd0cf6564b8272aa9c254 ("kernel: build
arm/neon-optimized sha1/512 modules")

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2 years agorealtek: Fix missing clock module CONFIG setting
Markus Stockhausen [Tue, 30 Aug 2022 14:48:46 +0000 (16:48 +0200)]
realtek: Fix missing clock module CONFIG setting

Since introduction of clock driver we have a new kernel config
setting. Provide an initial value for the 930x targets.

Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
2 years agorealtek: fix PLL register inconsistencies
Markus Stockhausen [Tue, 30 Aug 2022 14:44:02 +0000 (16:44 +0200)]
realtek: fix PLL register inconsistencies

Some devices have wrong/empty values in the PLL registers. Work
around that by reporting the default values.

Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
2 years agokernel: bump 5.10 to 5.10.139
John Audia [Mon, 29 Aug 2022 15:30:27 +0000 (11:30 -0400)]
kernel: bump 5.10 to 5.10.139

All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
2 years agoarm-trusted-firmware-mediatek: update to sources of 2022-08-31
Daniel Golle [Wed, 31 Aug 2022 20:10:39 +0000 (21:10 +0100)]
arm-trusted-firmware-mediatek: update to sources of 2022-08-31

Drop downstream patches which have been replaced with equivalent
upstream changes.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-mediatek: replace patches with updated versions
Daniel Golle [Wed, 31 Aug 2022 12:31:02 +0000 (13:31 +0100)]
uboot-mediatek: replace patches with updated versions

Weijie Gao has submitted an updated version of the patchset adding
support for MT7986 and MT7981 to U-Boot. Use that v2 patchset.

Changes of v2:
- Add cpu driver for print_cpuinfo()
- Fix NULL pointer dereference in mtk_image
  (was already fixed in OpenWrt)
- Fix coding style
- Minor changes

https://patchwork.ozlabs.org/project/uboot/list/?series=316148

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agomediatek: add support for Bananapi BPi-R3
Daniel Golle [Wed, 13 Jul 2022 03:30:32 +0000 (04:30 +0100)]
mediatek: add support for Bananapi BPi-R3

The Bananapi BPi-R3 is a development router board built around the
MediaTek Filogic 830 (MT7986A) SoC.
The board can boot either from microSD, SPI-NAND, SPI-NOR or eMMC.
Only either SPI-NAND or SPI-NOR can be used at the same time, also only
either microSD or eMMC can be used. The various storage options can be
selected using small SMD switches on the board.

Specs:
 * MediaTek MT7986A (Filogic 830) 4x ARM Cortex A53
 * 4T4R 2.4G 802.11bgnax (MT7975N)
 * 4T4R 5G 802.11anac/ax (MT7975P)
 * 2 GB DDR4 RAM
 * 8 GB eMMC
 * 128 MB SPI-NAND flash
 * 32 MB SPI-NOR flash
 * on-board MT7531 GbE switch
 * 2x SFP+ (1 GbE / 2.5 GbE)
 * 5x GbE network port
 * miniPCIe slot (only USB 2.0 connected)
 * uSIM slot (connected to miniPCIe interface)
 * M.2 KEY-E PCIe interface (PCIe x2)
 * microSD card interface
 * 26 PIN GPIO

Hardware details: https://wiki.banana-pi.org/Banana_Pi_BPI-R3

Working:
 * all 4 boot methods incl. installation via U-Boot, sysupgrade, ...
 * copper LAN and WAN ports
 * SFP1 (connected to gmac1, eth1 in Linux)
 * WiFi
 * LEDs
 * Buttons
 * PSTORE/ramoops based dual-boot

Not Working (missing driver features):
 * SFP2 (connected to MT7531 switch)

Untested:
 * M.2/NGFF slot (PCIe x2)
 * mPCIe slot (USB 2.0 + SIM)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-envtools: add support for Bananapi BPi-R3
Daniel Golle [Sat, 16 Jul 2022 20:07:20 +0000 (21:07 +0100)]
uboot-envtools: add support for Bananapi BPi-R3

Create new mediatek_filogic file and add entries for environment on
MMC, UBI and NOR for the Bananapi BPi-R3.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-mediatek: add support for Bananapi BPi-R3
Daniel Golle [Wed, 13 Jul 2022 03:29:34 +0000 (04:29 +0100)]
uboot-mediatek: add support for Bananapi BPi-R3

The Bananapi BPi-R3 board can boot from eMMC, SD card, SPI-NAND and
SPI-NOR, depending on the position of switches controlling the BOOTSEL
bootstrap pins as we as hard-wired chip-select lines. The position of the
chip-select switch SW6 decides whether either SD card or eMMC can be
accessed, SW5 selects either SPI-NAND or SPI-NOR.

Generate U-Boot for all 4 boot options. The SD card version allows
installation to SPI-NAND and SPI-NOR (eMMC cannot be accessed
simultanously with the SD card), the SPI-NAND version allows installation
to eMMC.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agokernel: add pending mtk_sgmii and phy improvements from @lynxis
Daniel Golle [Mon, 15 Aug 2022 16:50:10 +0000 (18:50 +0200)]
kernel: add pending mtk_sgmii and phy improvements from @lynxis

Add pending patches from Alexander 'lynxis' Couzens which are required
for RealTek NBase-T PHYs or SFP+ cages to work when connected to the
SGMII interface provided by recent MediaTek SoCs [1].
The patches for MT753x fix link speed limitation on CPU ports observed
by many users which is due to reset being carried out wrongly [2].

[1]: https://patchwork.kernel.org/project/netdevbpf/list/?series=669488&state=*
[2]: https://patchwork.kernel.org/project/netdevbpf/list/?series=669486&state=*

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agokernel: backport generic phylink validate
Daniel Golle [Mon, 25 Jul 2022 00:31:20 +0000 (02:31 +0200)]
kernel: backport generic phylink validate

Backport generic phylink validate series and make use of it for
mtk_eth_soc Ethernet driver as well as mt7530 DSA driver.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agomac80211: disable ft-over-ds by default
Felix Fietkau [Tue, 30 Aug 2022 08:57:26 +0000 (10:57 +0200)]
mac80211: disable ft-over-ds by default

Testing has shown it to be very unreliable in variety of configurations.
It is not mandatory, so let's disable it by default until we have a better
solution.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoupdate: update to latest Git HEAD
Jo-Philipp Wich [Mon, 29 Aug 2022 14:02:16 +0000 (16:02 +0200)]
update: update to latest Git HEAD

344fa9e lib: extend render() to support function values
89452b2 lib: improve getenv() and split() implementations

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2 years agounetd: update to the latest version, makes VXLAN/eBPF optional
Felix Fietkau [Mon, 29 Aug 2022 18:54:28 +0000 (20:54 +0200)]
unetd: update to the latest version, makes VXLAN/eBPF optional

b75791a6db25 scripts/update-cmd.pl: reorder add/remove calls to better deal with dynamic changes
c29e1ad045d0 scripts/update-cmd.pl: set device up before adding routes/addresses
5ad35ce4beea scripts/update-cmd.pl: run update two times
5d79b88f00c1 add support for overriding peer-exchange-port for individual hosts
0041fcacb624 add support for disabling VXLAN/eBPF support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoramips: define Yuncore AX820 switch LEDs
Thibaut VARÈNE [Wed, 17 Aug 2022 17:36:41 +0000 (19:36 +0200)]
ramips: define Yuncore AX820 switch LEDs

This patch defines the two switch LED to bring them under user control.

Fixes: a0e1d3ab7b4f ("ramips: improve YunCore AX820 LEDs")
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
[rmilecki: leave "label"s in place]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agorealtek: tl-sg2008p: fix labeling of lan ports
Alexandru Gagniuc [Sun, 28 Aug 2022 23:08:50 +0000 (18:08 -0500)]
realtek: tl-sg2008p: fix labeling of lan ports

The SG2008P has its ethernet ports in the rear, and LEDs in the front.
The ports should be labeled lan8->lan1, not lan1->lan8. To resolve
this, fix the phy mapping in the "ports" node.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2 years agorealtek: tl-sg2008p: use correct i2c address for TPS23861
Alexandru Gagniuc [Sun, 28 Aug 2022 23:04:08 +0000 (18:04 -0500)]
realtek: tl-sg2008p: use correct i2c address for TPS23861

Address 0x30 is a "broadcast" address for the TPS23861. It should not
be used by drivers, as all TPS23861 devices on the bus are supposed to
respond. Change this to the correct address, 0x28.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2 years agorealtek: ignore disabled switch ports
Sander Vanheule [Mon, 29 Aug 2022 06:23:49 +0000 (08:23 +0200)]
realtek: ignore disabled switch ports

When marking a switch port as disabled in the device tree, by using
'status = "disabled";', the switch driver fails on boot, causing a
restart:

    CPU 0 Unable to handle kernel paging request at virtual address
    00000000, epc == 802c3064, ra == 8022b4b4
        [ ... ]
    Call Trace:
    [<802c3064>] strlen+0x0/0x2c
    [<8022b4b4>] start_creating.part.0+0x78/0x194
    [<8022bd3c>] debugfs_create_dir+0x44/0x1c0
    [<80396dfc>] rtl838x_dbgfs_port_init+0x54/0x258
    [<80397508>] rtl838x_dbgfs_init+0xe0/0x56c

This is caused by the DSA subsystem (mostly) ignoring the port, while
rtl83xx_mdio_probe() still extracts some details on this disabled port
from the device tree, resulting in the usage of a NULL pointer where a
port name is expected.

By not probing ignoring disabled ports, no attempt is made to create a
debugfs directory later. The device then boots as expected without the
disabled port.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2 years agoath79: add support for Extreme Networks WS-AP3805i
Albin Hellström [Thu, 7 Jan 2021 21:51:06 +0000 (22:51 +0100)]
ath79: add support for Extreme Networks WS-AP3805i

Specifications:

 - SoC:    Qualcomm Atheros QCA9557-AT4A
 - RAM:    2x 128MB Nanya NT5TU64M16HG
 - FLASH:  64MB - SPANSION FL512SAIFG1
 - LAN:    Atheros AR8035-A (RGMII GbE with PoE+ IN)
 - WLAN2:  Qualcomm Atheros QCA9557 2x2 2T2R
 - WLAN5:  Qualcomm Atheros QCA9882-BR4A 2x2 2T2R
 - SERIAL: UART pins at J10 (115200 8n1)
           Pinout is 3.3V - GND - TX - RX (Arrow Pad is 3.3V)
 - LEDs: Power (Green/Amber)
   WiFi 5 (Green)
   WiFi 2 (Green)
 - BTN: Reset

Installation:

1. Download the OpenWrt initramfs-image.

Place it into a TFTP server root directory and rename it to 1D01A8C0.img
Configure the TFTP server to listen at 192.168.1.66/24.

2. Connect the TFTP server to the access point.

3. Connect to the serial console of the access point.

Attach power and interrupt the boot procedure when prompted.

Credentials are admin / new2day

4. Configure U-Boot for booting OpenWrt from ram and flash:

 $ setenv boot_openwrt 'setenv bootargs; bootm 0xa1280000'
 $ setenv ramboot_openwrt 'setenv serverip 192.168.1.66;
   tftpboot 0x89000000 1D01A8C0.img; bootm'
 $ setenv bootcmd 'run boot_openwrt'
 $ saveenv

5. Load OpenWrt into memory:

 $ run ramboot_openwrt

6. Transfer the OpenWrt sysupgrade image to the device.

Write the image to flash using sysupgrade:

 $ sysupgrade -n /path/to/openwrt-sysupgrade.bin

Signed-off-by: Albin Hellström <albin.hellstrom@gmail.com>
[rename vendor - minor style fixes - update commit message]
Signed-off-by: David Bauer <mail@david-bauer.net>
2 years agounetd: update to the latest version
Felix Fietkau [Sun, 28 Aug 2022 20:31:05 +0000 (22:31 +0200)]
unetd: update to the latest version

5cbd55f60346 unet-cli: fix formatting of help text
59b97448b636 build.sh: force use of -fPIC on static libraries to fix build error
74a14c00abb0 pex-msg: fix siphash key initializer

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agowolfssl: Rebuild when libwolfssl-benchmark gets changes
Hauke Mehrtens [Sun, 28 Aug 2022 12:15:31 +0000 (14:15 +0200)]
wolfssl: Rebuild when libwolfssl-benchmark gets changes

This forces a rebuild of the wolfssl package when the
libwolfssl-benchmark OpenWrt package gets activated or deactivated.
Without this change the wolfssl build will fail when it compiled without
libwolfssl-benchmark before and it gets activated for the next build.

Fixes: 18fd12edb810 ("wolfssl: add benchmark utility")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agokernel: enable inside secure driver for MediaTek platforms
Daniel Golle [Thu, 11 Aug 2022 15:03:43 +0000 (17:03 +0200)]
kernel: enable inside secure driver for MediaTek platforms

Older MT7623 ARMv7 SoC as well as new Filogic platforms come with
inside-secure,safexcel-eip97 units. Enable them in DTS and select the
driver kernel module by default on those platforms.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agomt76: add mt7986 wmac support
Felix Fietkau [Wed, 4 May 2022 10:51:55 +0000 (12:51 +0200)]
mt76: add mt7986 wmac support

Add firmware package for MT7986 and enable WMAC support in the driver

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomediatek: add filogic subtarget
Felix Fietkau [Wed, 6 Jul 2022 12:06:30 +0000 (14:06 +0200)]
mediatek: add filogic subtarget

Initially this covers MT7986 only, but it will later be expanded to cover other
Filogic branded platforms by MediaTek

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agomediatek: add mt7986 soc support to the target
Sam Shih [Sun, 10 Apr 2022 12:49:09 +0000 (20:49 +0800)]
mediatek: add mt7986 soc support to the target

It will be supported by the new filogic subtarget

Signed-off-by: Sam Shih <sam.shih@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-mediatek: no compression means IH_COMP_NONE
Daniel Golle [Mon, 15 Aug 2022 11:19:15 +0000 (13:19 +0200)]
uboot-mediatek: no compression means IH_COMP_NONE

Treat missing compression node in FIT image as IH_COMP_NONE.
This is implicentely already happening in most places, but for now
was still triggering an annoying warning about initramfs compression
being obsolete despite compression note being absent.
Fix this.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-mediatek: mt7986: add generic reset button support
Daniel Golle [Sun, 17 Jul 2022 20:42:05 +0000 (21:42 +0100)]
uboot-mediatek: mt7986: add generic reset button support

Allow resetting environment to default values when defined button
exists in device tree.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-mediatek: mt7986: support PSTORE/ramoops
Daniel Golle [Fri, 12 Aug 2022 21:31:49 +0000 (23:31 +0200)]
uboot-mediatek: mt7986: support PSTORE/ramoops

Assign reserved memory for PSTORE/ramoops for the MT7986 SoC.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-mediatek: additions from MTK SDK
Daniel Golle [Sun, 7 Aug 2022 10:06:56 +0000 (12:06 +0200)]
uboot-mediatek: additions from MTK SDK

 * updated SNAND/SNFI driver brings support for MT7981
 * add support for MediaTek NAND Memory bad Block Management (NMBM)
   (not used for any boards atm, but could be useful in future)
 * wire up NMBM support for MT7622, MT7629, MT7981 and MT7986
 * replace some local patches with updated version from SDK
 * bring some legacy precompiler symbols which haven't been converted
   into Kconfig symbols in U-Boot 2022.07, remove when bumbping to
   U-Boot 2022.10:
   100-28-include-configs-mt7986-h-from-SDK.patch

Source: https://github.com/mtk-openwrt/u-boot
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-mediatek: add support for MT798x platforms
Daniel Golle [Tue, 12 Jul 2022 02:41:30 +0000 (03:41 +0100)]
uboot-mediatek: add support for MT798x platforms

Import pending patches to support the upcoming Filogic platforms.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-mediatek: add support for compressed BL3/FIP image
Daniel Golle [Wed, 13 Jul 2022 20:06:36 +0000 (21:06 +0100)]
uboot-mediatek: add support for compressed BL3/FIP image

MediaTek's ARM Trusted Firmware v2.7+ allows the images inside a FIP
structure to be compressed. Make use of that for boards with NOR flash.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-mediatek: fix factory reset on UBI
Daniel Golle [Sun, 28 Aug 2022 19:20:31 +0000 (20:20 +0100)]
uboot-mediatek: fix factory reset on UBI

Truncating a UBI volume using `ubi write 0x0 volname 0x0` results in
segfault on newer U-Boot. Write 1MB of 0s instead.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agoarm-trusted-firmware-mediatek: update to v2.7+ from MediaTek
Daniel Golle [Sat, 13 Aug 2022 11:54:52 +0000 (12:54 +0100)]
arm-trusted-firmware-mediatek: update to v2.7+ from MediaTek

The updated sources bring support for the MT798x Filogic SoC family.

Add builds for MT7986 with most supported storage types, each for DDR3
and DDR4 configurations.

A better solution for skipping bad blocks on SPI-NAND connected via the
SNFI interface has been implemented upstream, so drop local patch.
Add pending patches [1] and [2] to fix boot on existing MT7622 boards.

Tested on BananaPi BPi-R64 (SDMMC, eMMC, SPI-NAND), Linksys E8450 and
Ubiquiti UniFi 6 LR as well as upcoming Bananapi BPi-R3 board for which
support will be added in future patches.

[1]: https://github.com/mtk-openwrt/arm-trusted-firmware/pulls/#3
[2]: https://github.com/mtk-openwrt/arm-trusted-firmware/pulls/#4

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agotrusted-firmware-a.mk: pass DTC path similar to u-boot.mk
Daniel Golle [Thu, 11 Aug 2022 21:29:52 +0000 (23:29 +0200)]
trusted-firmware-a.mk: pass DTC path similar to u-boot.mk

Instead of relying on dtc being provided by the build host use the
dtc from $(LINUX_DIR) similar to how it's done also in u-boot.mk.
For this to work kernel.mk now needs to be included before
trusted-firmware-a.mk, add this include to all affected packages.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agotools: mkimage: Add support for MediaTek MT798x
Daniel Golle [Fri, 5 Aug 2022 12:18:20 +0000 (14:18 +0200)]
tools: mkimage: Add support for MediaTek MT798x

Import pending patches for mtk_image to support BootROM headers of
newer MediaTek SoCs.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agopopt: update to 1.18
Nick Hainke [Tue, 23 Aug 2022 18:53:56 +0000 (20:53 +0200)]
popt: update to 1.18

Changes from popt 1.16:
- fix an ugly and ancient security issue with popt failing to drop privileges on alias exec from a SUID/SGID program
- perform rudimentary sanity checks when reading in popt config files
- collect accumulated misc fixes (memleaks etc) from distros
- convert translations to utf-8 encoding
- convert old postscript documentation to pdf
- dust off ten years worth of autotools sediment
- reorganize and clean up the source tree for clarity
- remove the obnoxious splint annotations from the sources

Switch to new mirror:
http://ftp.rpm.org/popt/releases/

Switch URL to:
https://github.com/rpm-software-management/popt

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agonftables: update to 1.0.5
Nick Hainke [Sat, 13 Aug 2022 20:41:54 +0000 (22:41 +0200)]
nftables: update to 1.0.5

Remove upstreamed patch:
- 0001-meta-don-t-use-non-POSIX-formats-in-strptime.patch

Changes:
13248670 build: Bump version to 1.0.5
3432eebd tests/py: disable arp family for queue statement
180ce4d7 meta: don't use non-POSIX formats in strptime()
c1c223f1 src: allow anon set concatenation with ether and vlan
87c3041b evaluate: search stacked header list for matching payload dep
b1e3ed03 netlink_delinearize: also postprocess OP_AND in set element context
f680055c tests: add a test case for ether and vlan listing
dbd5f348 debug: dump the l2 protocol stack
0d9daa04 proto: track full stack of seen l2 protocols, not just cumulative offset
89688c94 netlink_delinearize: postprocess binary ands in concatenations
0542a431 netlink_delinearize: allow postprocessing on concatenated elements
8efab552 parser_json: fix device parsing in netdev family
76fae8f5 src: proto: support DF, LE PHB, VA for DSCP
446e76db doc: Document limitations of ipsec expression with xfrm_interface
a2ddb38f cache: report an error message if cache initialization fails
649b8ce3 cache: validate handle string length
64c74ba5 cache: prepare nft_cache_evaluate() to return error
46980cdd rule: crash when uncollapsing command with unexisting table or set
8a6cdfaf cache: release pending rules when chain binding lookup fails
e17337df evaluate: report missing interval flag when using prefix/range in concatenation
45c097c6 scanner: allow prefix in ip6 scope
6c23bfa5 segtree: fix map listing with interface wildcard
8623772a scanner: don't pop active flex scanner scope
994bf500 parser: add missing synproxy scope closure
ed2426bc tests/py: Add a test for failing ipsec after counter
27107b49 evaluate: fix segfault when adding elements to invalid set
0f82b07f mnl: store netlink error location for set elements
15b3be2e src: remove NFT_NLATTR_LOC_MAX limit for netlink location error reporting
f56e901a parser_bison: fix error location for set elements
6d1ee926 intervals: check for EXPR_F_REMOVE in case of element mismatch
5357cb7b intervals: fix crash when trying to remove element in empty set
d54510f8 netlink_delinearize: memleak when parsing concatenation data
12a223ce libnftables: release top level scope
b91bbf88 optimize: limit statement is not supported yet
45a61a75 optimize: assume verdict is same when rules have no verdict
fa409176 optimize: only merge OP_IMPLICIT and OP_EQ relational
29e62111 tests: shell: run -c -o on ruleset
887405df optimize: add unsupported statement
8f61a69e optimize: add hash expression support
ca8fd77a optimize: add numgen expression support
721efd64 optimize: add binop expression support
f7e901a2 optimize: add fib expression support
54b1e49f optimize: add xfrm expression support
0beaea37 optimize: add osf expression support
d07fe8e8 optimize: fix verdict map merging
38d48fe5 optimize: fix reject statement
f9939f89 optimize: remove comment after merging
8f10f33a optimize: do not print stateful information
3ac932e9 optimize: do not merge rules with set reference in rhs
64ebb03a optimize: do not compare relational expression rhs when collecting statements
59e3a592 intervals: Do not sort cached set elements over and over again
d434de8b intervals: do not empty cache for maps
87ba510f intervals: do not report exact overlaps for new elements
498a5f0c rule: collapse set element commands
8fafe4e6 tests: shell: runtime set element automerge
638af0ce Revert "scanner: flags: move to own scope"

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agolibnftnl: update to 1.2.3
Nick Hainke [Sat, 13 Aug 2022 21:15:33 +0000 (23:15 +0200)]
libnftnl: update to 1.2.3

Changes:
817c8b6 build: libnftnl 1.2.3 release
84d12cf build: fix clang+glibc snprintf substitution error

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agoiproute2: replace musl-compilation-fix with upstream fix
Nick Hainke [Sat, 27 Aug 2022 12:09:16 +0000 (14:09 +0200)]
iproute2: replace musl-compilation-fix with upstream fix

Instead of defining the MIN version it is enough to include "#include
<sys/param.h>".

Delete patch:
- 105-ipstats-Define-MIN-function-to-fix-undefined-referen.patch

Add patch:
- 010-ipstats-Add-param.h-for-musl.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agowireguard-tools: update to v1.0.20210914
Nick Hainke [Tue, 23 Aug 2022 12:09:20 +0000 (14:09 +0200)]
wireguard-tools: update to v1.0.20210914

Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agoethtool: update to 5.19
Nick Hainke [Tue, 23 Aug 2022 11:53:16 +0000 (13:53 +0200)]
ethtool: update to 5.19

Release Notes:
https://lore.kernel.org/netdev/20220821234539.f7nslwyd53bsftsy@lion.mk-sys.cz/T/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agostrace: update to 5.19
Nick Hainke [Tue, 23 Aug 2022 12:00:18 +0000 (14:00 +0200)]
strace: update to 5.19

Release Notes:
https://strace.io/files/5.19/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agotoolchain: bump GCC 12 to 12.2.0
Nick Hainke [Mon, 22 Aug 2022 08:17:33 +0000 (10:17 +0200)]
toolchain: bump GCC 12 to 12.2.0

Refreshed patches:
- 910-mbsd_multi.patch
- 970-macos_arm64-building-fix.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agouboot-envtools: mt7622: use 4k sectors for UniFi 6 LR (ubootmod)
Daniel Golle [Sun, 28 Aug 2022 15:07:05 +0000 (16:07 +0100)]
uboot-envtools: mt7622: use 4k sectors for UniFi 6 LR (ubootmod)

Use 4k sectors when accessing the U-Boot environment on the 64MiB
SPI-NOR flash chip found in the UniFi 6 LR. The speeds up environment
write access as only 4kB instead of 64kB have to be written.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agomediatek: mt7622: use variable sector size for spi-nor
Daniel Golle [Sun, 28 Aug 2022 15:05:30 +0000 (16:05 +0100)]
mediatek: mt7622: use variable sector size for spi-nor

Make use of minor sector size (4k) on supported SPI-NOR flash chips.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agouboot-mediatek: fix Ubiquiti UniFi 6 LR U-Boot mod
Daniel Golle [Sun, 28 Aug 2022 15:01:12 +0000 (16:01 +0100)]
uboot-mediatek: fix Ubiquiti UniFi 6 LR U-Boot mod

Image names as well as the calculation of the padded image size did
not work as intended. Fix that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agokernel: replace downstream get_mtd_device_by_node() implementation
Rafał Miłecki [Wed, 17 Aug 2022 21:20:45 +0000 (23:20 +0200)]
kernel: replace downstream get_mtd_device_by_node() implementation

Use upstream of_get_mtd_device_by_node() which should behave pretty much
the same. Implementation differences:

get_mtd_device_by_node()  of_get_mtd_device_by_node()
----                      ----
np->dev.of_node           mtd_get_of_node(np)
-EPROBE_DEFER             -ENODEV

Cc: Bernhard Frauendienst <openwrt@nospam.obeliks.de>
Cc: Bernhard Frauendienst <kernel@nospam.obeliks.de>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agombedtls: update to version 2.28.1
Hauke Mehrtens [Sat, 27 Aug 2022 21:11:30 +0000 (23:11 +0200)]
mbedtls: update to version 2.28.1

Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.

The build problem was reported upstream:
https://github.com/Mbed-TLS/mbedtls/issues/6243

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2 years agorealtek: switch RTL838X/RTL839X DT to new clock driver
Markus Stockhausen [Thu, 25 Aug 2022 06:24:13 +0000 (08:24 +0200)]
realtek: switch RTL838X/RTL839X DT to new clock driver

Use new DT clockdriver syntax for RTL838X/RTL839X targets. To make it work
we need to change some nodes:
- define the external oscillator speed (25MHz)
- define SRAM
- add clock controller
- Add second CPU for RTL839X
- map all devices to new clocks
- Remove dummy LXB clock
- add CPU OPP table

Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
2 years agorealtek: activate clock driver for RTL838X/RTL839X targets
Markus Stockhausen [Thu, 25 Aug 2022 06:23:45 +0000 (08:23 +0200)]
realtek: activate clock driver for RTL838X/RTL839X targets

Make use the new clock driver for RTL838X and RTL839x target devices. Of course
we will enable their primary consumer (cpufreq-dt) too. To be careful just set
the default governor to userspace. As we rely on SRAM activate that module too.

Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>