Eneas U de Queiroz [Wed, 8 Jun 2022 23:30:39 +0000 (20:30 -0300)]
wolfssl: make WOLFSSL_HAS_OPENVPN default to y
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it. Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.
Fixes: #9738
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Christian 'Ansuel' Marangi [Wed, 8 Jun 2022 23:35:45 +0000 (01:35 +0200)]
Revert "wolfssl: set nonshared flag global"
This reverts commit
e0cc5b9b3ae65113f0e0dd9249dae4776b65c503.
A better and correct solution was found.
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Christian 'Ansuel' Marangi [Wed, 8 Jun 2022 22:40:47 +0000 (00:40 +0200)]
wolfssl: set nonshared flag global
libwolfssl-benchmark should NOT be compiled as nonshared but
currently there is a bug where, on buildbot stage2, the package
is recompiled to build libwolfssl-benchmark and the dependency
change to the new libwolfssl version.
Each dependant package will now depend on the new wolfssl package
instead of the one previously on stage1 that has a different package
HASH.
Set the nonshared PKGFLAGS global while this gets investigated
and eventually fixed.
Fixes: 0a2edc2714dc ("wolfssl: enable CPU crypto instructions")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
David Bauer [Sun, 7 Nov 2021 21:25:07 +0000 (22:25 +0100)]
hostapd: fix missing HS20 support for hostapd-full
commit
c3a4cddaaf45 ("hostapd: remove hostapd-hs20 variant")
as well as
commit
9f1927173ac6 ("hostapd: wpas: add missing config symbols")
indicate hostapd-full should support Hotspot 2.0 already, but only
wpa_supplicant (and wpad) do.
How this happened is not really clear, as no commit adding support for
Hotspot 2.0 is in the history.
Fix this and add Hotspot 2.0 capability to hostapd-full.
Signed-off-by: David Bauer <mail@david-bauer.net>
David Bauer [Sat, 14 May 2022 19:50:51 +0000 (21:50 +0200)]
hostapd: ubus: add bss-color to get_status
Add the current BSS color to hostapd get_status method. This field is
set to -1 in case BSS color is not active for the BSS.
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
David Bauer [Sat, 14 May 2022 19:43:15 +0000 (21:43 +0200)]
hostapd: randomize default BSS color
In case no specific BSS color is configured, set it to a random value.
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
David Bauer [Thu, 12 May 2022 20:18:49 +0000 (22:18 +0200)]
hostapd: update to 2022-05-08
Update hostapd to Git HEAD from 2022-05-08. This allows us to take
advantage of background radar-detection as well as BSS color collision
detection.
Suggested-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
Bernd Naumann [Wed, 16 Feb 2022 22:07:09 +0000 (23:07 +0100)]
hostapd: Radius based VLANs on AP with PSK
This patch allows the user to set `auth_server` and related settings on
non WPA2 Enterprise AP modes in `/etc/config/wireless`, too, so the
Radius Attributes for Dynamic VLAN Assignment can be fetched from Radius.
Without this patch, `auth_server` and other needed options are only
written to `hostapd-phy<n>.conf` when `option encryption wpa2` is set.
`hostapd` however supports "Station MAC address -based authentication" for
non WPA Enterprise Modes, too.
A classic approch is to use `accept_mac_file` which contains MAC addr
and VLAN-ID pairs. But, using `accept_mac_file` does not support
VLAN assignment for unknown stations.
This is a sample `freeradius3` config, where a known station
("7e:a6:a7:2a:93:d2") is assigned to VLAN `65` and unknown stations are
assigned to VLAN `67`.
```
"
7ea6a72a93d2" Cleartext-Password := "
7ea6a72a93d2"
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-Id = 65
DEFAULT Cleartext-Password := "%{User-Name}"
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-Id = 67
```
Other option is to configure known stations via `accept_mac_file` and
using only Radius for unknown stations.
I tested this patch only with `wpa_key_mgmt=WPA-PSK`, and assumed that
it should work with other Encryption/Access Mode, too.
Signed-off-by: Bernd Naumann <bernd.naumann@kr217.de>
Luiz Angelo Daros de Luca [Wed, 1 Jun 2022 22:20:22 +0000 (19:20 -0300)]
realtek: add gpio-restart for D-Link DGS-1210-28
A GPIO assert is required to reset the system. Otherwise, the system
will hang on reboot.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Luiz Angelo Daros de Luca [Wed, 1 Jun 2022 20:20:08 +0000 (17:20 -0300)]
realtek: add reset button for D-Link DGS-1210-28
Tested in a DGS-1210-28 F3, both triggering failsafe and reboot.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Arınç ÜNAL [Wed, 1 Jun 2022 07:42:33 +0000 (10:42 +0300)]
bcm53xx: remove BROKEN flag from Asus RT-AC88U
The image builds and works fine on Asus RT-AC88U. Therefore, remove the
BROKEN flag from the makefile.
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
Eneas U de Queiroz [Tue, 19 Apr 2022 15:02:09 +0000 (12:02 -0300)]
wolfssl: enable CPU crypto instructions
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures. Add this to the hardware acceleration choice, since they
can't be enabled at the same time.
The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them. There is no run-time detection of this for arm.
NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Tue, 19 Apr 2022 21:23:05 +0000 (18:23 -0300)]
wolfssl: add benchmark utility
This packages the wolfssl benchmark utility.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Mon, 25 Apr 2022 12:09:23 +0000 (09:09 -0300)]
wolfssl: don't change ABI because of hw crypto
Enabling different hardware crypto acceleration should not change the
library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Rui Salvaterra [Mon, 6 Jun 2022 07:46:34 +0000 (08:46 +0100)]
kernel: bump 5.15 to 5.15.45
Patches automatically rebased.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Rui Salvaterra [Mon, 30 May 2022 09:30:24 +0000 (10:30 +0100)]
kernel: bump 5.15 to 5.15.44
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Rui Salvaterra [Wed, 25 May 2022 16:08:52 +0000 (17:08 +0100)]
kernel: bump 5.15 to 5.15.43
No patches needed rebasing.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Rui Salvaterra [Wed, 25 May 2022 10:21:59 +0000 (11:21 +0100)]
kernel: bump 5.15 to 5.15.42
Deleted (upstreamed):
generic/backport-5.15/610-v5.18-netfilter-flowtable-move-dst_check-to-packet-path.patch [1]
generic/pending-5.15/704-00-netfilter-flowtable-fix-excessive-hw-offload-attempt.patch [2]
generic/pending-5.15/704-01-netfilter-nft_flow_offload-skip-dst-neigh-lookup-for.patch [3]
generic/pending-5.15/704-02-net-fix-dev_fill_forward_path-with-pppoe-bridge.patch [4]
generic/pending-5.15/704-03-netfilter-nft_flow_offload-fix-offload-with-pppoe-vl.patch [5]
Manually rebased:
generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.42&id=
88b937673b3552d54da20f648e61a123f4c1fa67
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.42&id=
5f4197a020c049a59ea7907c31f9ab037dcefefe
[3] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.42&id=
7613dcaceee281973145588f4244f2f78ef85b7f
[4] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.42&id=
f96b2e06721249ebf8da3254cfef29dcb6583948
[5] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.42&id=
b329889974aed47e1167c85653c07097013e01a7
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Rui Salvaterra [Wed, 18 May 2022 14:32:03 +0000 (15:32 +0100)]
kernel: bump 5.15 to 5.15.41
Deleted (upstreamed):
generic/backport-5.15/890-v5.19-net-sfp-Add-tx-fault-workaround-for-Huawei-MA5671A-SFP-ON.patch [1]
Other patches automatically rebased.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.41&id=
99858114a3b2c8f5f8707d9bbd46c50f547c87c0
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
John Audia [Mon, 6 Jun 2022 11:05:18 +0000 (07:05 -0400)]
kernel: bump 5.10 to 5.10.120
All patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800, x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
John Audia [Mon, 30 May 2022 12:45:46 +0000 (08:45 -0400)]
kernel: bump 5.10 to 5.10.119
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800, x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
John Audia [Wed, 25 May 2022 17:09:23 +0000 (13:09 -0400)]
kernel: bump 5.10 to 5.10.118
Removed upstreamed:
generic-backport/774-v5.15-1-igc-remove-_I_PHY_ID-checking.patch
generic-backport/774-v5.15-2-igc-remove-phy-type-checking.patch
All patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800
Signed-off-by: John Audia <therealgraysky@proton.me>
John Audia [Sun, 22 May 2022 11:12:09 +0000 (07:12 -0400)]
kernel: bump 5.10 to 5.10.117
Removed upstreamed:
backport-5.10/890-v5.19-net-sfp-Add-tx-fault-workaround-for-Huawei-MA5671A-SFP-ON.patch
All patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800
Signed-off-by: John Audia <therealgraysky@proton.me>
Hauke Mehrtens [Tue, 10 May 2022 18:32:52 +0000 (18:32 +0000)]
kernel: bump 5.10 to 5.10.116
Removed upstreamed:
generic/backport-5.10/900-regulator-consumer-Add-missing-stubs-to-regulator-co.patch
All other patches automatically rebased.
Compile-tested: lantiq/xrx200, armvirt/64
Run-tested: lantiq/xrx200, armvirt/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Raylynn Knight [Tue, 17 May 2022 03:15:54 +0000 (23:15 -0400)]
realtek: add support for ZyXEL GS1900-24E
The ZyXEL GS1900-24E is a 24 port gigabit switch similar to other GS1900
switches.
Specifications
--------------
* Device: ZyXEL GS1900-24E
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB Macronix MX25L12835F
* RAM: 128 MiB DDR2 SDRAM Nanya NT5TU128M8GE
* Ethernet: 24x 10/100/1000 Mbps
* LEDs: 1 PWR LED (green, not configurable)
1 SYS LED (green, configurable)
24 ethernet port link/activity LEDs (green, SoC controlled)
* Buttons: 1 "RESET" button on front panel
* Switch: 1 Power switch on rear of device
* Power 120-240V AC C13
* UART: 1 serial header (JP2) with populated standard pin connector on
the left side of the PCB.
Pinout (front to back):
+ Pin 1 - VCC marked with white dot
+ Pin 2 - RX
+ Pin 3 - TX
+ PIn 4 - GND
Serial connection parameters: 115200 8N1.
Installation
------------
OEM upgrade method:
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware
* Select the HTTP radio button
* Select the Active radio button
* Use the browse button to locate the
realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin
file and select open so File Path is updated with filename.
* Select the Apply button. Screen will display "Prepare
for firmware upgrade ...".
*Wait until screen shows "Do you really want to reboot?"
then select the OK button
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-24E is a dual-partition device, you want to keep the OEM
firmware on the backup partition for the time being. OpenWrt can only boot
from the first partition anyway (hardcoded in the DTS). To make sure we are
manipulating the first partition, issue the following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
Signed-off-by: Raylynn Knight <rayknight@me.com>
Stijn Tintel [Fri, 3 Jun 2022 10:32:01 +0000 (13:32 +0300)]
hostapd: drop wnm_disassoc_imminent
All known users of this ubus method have been updated to use the new
bss_transition_request method instead.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Rosen Penev [Fri, 3 Jun 2022 23:08:10 +0000 (16:08 -0700)]
ksmbd: update to 3.4.5
Major changes are:
Add support for smbd-direct multi-desctriptor.
Add support for dkms.
Add support for key exchange.
Fix seveal bugs.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Ptilopsis Leucotis [Sun, 15 May 2022 16:15:03 +0000 (19:15 +0300)]
ath79: allow use GPIO17 as regular gpio on GL-AR300M devices
Small update to my previous path 'fix I2C on GL-AR300M devices'.
This update allow using GPIO17 as regular GPIO in case it not used
as I2C SDA line.
Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
Lech Perczak [Mon, 23 May 2022 18:37:47 +0000 (20:37 +0200)]
ath79: ZTE MF286[,A,R]: use GPIO19 as ath9k LED
With the pinctrl configuration set properly by the previous commit, the
LED stays lit regardless of status of 2.4GHz radio, even if 5GHz radio
is disabled. Map GPIO19 as LED for ath9k, this way the LED will show
activity for both bands, as it is bound by logical AND with output of
ath10k-phy0 LED. This works well because during management traffic,
phy*tpt triggers typically cause LEDs to blink in unison.
Link: <https://github.com/openwrt/openwrt/pull/9941>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Lech Perczak [Mon, 23 May 2022 17:51:54 +0000 (19:51 +0200)]
ath79: ZTE MF286[,A,R]: fix WLAN LED mapping
The default configuration of pinctrl for GPIO19 set by U-boot was not a
GPIO, but an alternate function, which prevented the GPIO hog from
working. Set GPIO19 into GPIO mode to allow the hog to work, then the
ath10k LED output can control the state of actual LED properly.
Link: <https://github.com/openwrt/openwrt/pull/9941>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Peter Adkins [Wed, 9 Jun 2021 20:35:46 +0000 (21:35 +0100)]
ipq40xx: add support for Linksys WHW01 v1
This patch adds support for Linksys WHW01 v1 ("Velop") [FCC ID Q87-03331].
Specification
-------------
SOC: Qualcomm IPQ4018
WiFi 1: Qualcomm QCA4019 IEEE 802.11b/g/n
WiFi 2: Qualcomm QCA4019 IEEE 802.11a/n/ac
Bluetooth: Qualcomm CSR8811 (A12U)
Ethernet: Qualcomm QCA8072 (2-port)
SPI Flash 1: Mactronix MX25L1605D (2MB)
SPI Flash 2: Winbond W25M02GV (256MB)
DRAM: Nanya NT5CC128M16IP-DI (256MB)
LED Controller: NXP PCA963x (I2C)
Buttons: Single reset button (GPIO).
Notes
-----
There does not appear to be a way to trigger TFTP recovery without entering
U-Boot. The device must be opened to access the serial console in order to
first flash OpenWrt onto a device from factory.
The device has automatic recovery backed by a second set of partitions on
the larger of the two SPI flash ICs. Both the primary and secondary must
be flashed to prevent accidental rollback to "factory" after 3 failed boot
attempts.
Serial console
--------------
A serial console is available on the following pins of the populated J2
connector on the device mainboard (115200 8n1).
(<-- Top of PCB / Device)
J2
[o o o o o o]
| | |
| | `-- GND
| `---- TX
`--------- RX
Installation instructions
-------------------------
1. Setup TFTP server with server IP set to 192.168.1.236.
2. Copy compiled `...squashfs-factory.bin` to `nodes-jr.img` in tftp root.
3. Connect to console using pinout detailed in the serial console section.
4. Power on device and press enter when prompted to drop into U-Boot.
5. Flash first partition device via `run flashimg`.
6. Once complete, reset device and allow to power up completely.
7. Once comfortable with device upgrade reboot and drop back into U-Boot.
8. Flash the second partition (recovery) via `run flashimg2`.
Revert to "factory"
-------------------
1. Download latest firmware update from vendor support site.
2. Copy extracted `.img` file to `nodes-jr.img` in tftp root.
3. Connect to console using pinout detailed in the serial console section.
4. Power on device and press enter when prompted to drop into U-Boot.
5. Flash first partition device via `run flashimg`.
6. Once complete, reset device and allow to power up completely.
7. Once comfortable with device upgrade reboot and drop back into U-Boot.
8. Flash the second partition (recovery) via `run flashimg2`.
Link: https://github.com/openwrt/openwrt/pull/3682
Signed-off-by: Peter Adkins <peter@sunkenlab.com>
(calibration from nvmem, updated to 5.10+5.15)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Josef Schlehofer [Tue, 24 May 2022 19:53:23 +0000 (21:53 +0200)]
generic: remove patch to fix vlan setup on mv88e6xxx
This patch was present in Linux kernel [1] since version 5.11rc1, but it
was superseded by another patch, which set configure_vlan_while_not_filtering
to true by default since kernel v5.12-rc2 [2].
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/net/dsa/mv88e6xxx/chip.c?h=v5.15.41&id=
b8b79c414eca4e9bcab645e02cb92c48db974ce9
[2] https://github.com/torvalds/linux/commit/
0ee2af4ebbe3c4364429859acd571018ebfb3424#
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Christian Lamparter [Sun, 5 Jun 2022 18:44:27 +0000 (20:44 +0200)]
kernel: move Toshiba-TC58NVG0S3H patch to ipq40xx
Hannu Nyman wrote in openwrt's github issue #9962:
|Based on forum discussion, the commit
0bc794a
|"kernel: add support for Toshiba TC58NVG0S3HTA00 NAND flash"
|causes flash memory chip misdetection for some other
|Fritzbox devices, as the commit only defines a 4-byte flash
|memory chip ID that matches several chips used in the devices.
|
|See discussion from this onward
|<https://forum.openwrt.org/t/openwrt-22-03-0-rc1-first-release-candidate/126045/182>
|
|OpenWrt 22.03.0-rc2 and rc3 are causing on a Fritzbox 7412
|bootloops due to a misdetected flash chip.
|
|Yup, that patch is missing the 5th ID byte entirely - both chips
|share the same first 4;
|
| TC58NVG0S3HTA00 = 0x98 0xf1 0x80 0x15 0x72 (digikey datasheet, page 35)
| TC58BVG0S3HTA00 = 0x98 0xf1 0x80 0x15 0xf2 (digikey datasheet, page 28)
|
|The commit has also been backported to openwrt-22.03 after rc1,
|so both rc2 and rc3 suffer from this bug."
Andreas' TC58NVG0S3H seems not to follow Toshibas/Kioxa's own datasheet.
It only reports the first four bytes: "98 f1 80 15 00 00 00 00".
This patch changes the id_len in the entry to 8. This makes it so that
Andreas' NAND is still detected. At the same time, this prevents other
Toshiba NAND flash chips - that share the same four bytes - from being
misdetected.
The issue has been reported upstream, since they also accepted the initial
patch... so if not addressed, 5.19/5.20 will also break those affected
devices again.
Reported-by: Peter-vdL
Fixes: 0bc794a66845 ("kernel: add support for Toshiba TC58NVG0S3HTA00 NAND flash")
Link: <https://github.com/openwrt/openwrt/issues/9962>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian 'Ansuel' Marangi [Sat, 22 Jan 2022 01:03:18 +0000 (02:03 +0100)]
kernel: modules: make ar8216/8327 modularizable
Make ar8216/8327 swconfig driver modularizable and add
entry to the netdevices.mk kernel modules file.
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Christian 'Ansuel' Marangi [Sun, 5 Jun 2022 13:58:19 +0000 (15:58 +0200)]
generic: 5.15: fix wrong PACKET_MANGLE select in swconfig switch patch
In the rebase process of 5.15 hack patch the ETHERNET_PACKET_MANGLE got
wrongly swapped from AR8216_PHY to PSB6970_PHY.
Restore the ETHERNET_PACKET_MANGLE select to the right place.
Fixes: 1f302afd7350 ("generic: 5.15: rework hack patch")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Leo Chung [Thu, 31 Mar 2022 01:14:35 +0000 (09:14 +0800)]
build: fix find warning with SCAN_EXTRA
If you change SCAN_EXTRA variable with "-path target/linux/xxxx" in
include/toplevel.mk for speed up scan, find will warn with:
find: warning: you have specified the global option -maxdepth after
the argument -path, but global options are not positional, i.e.,
-maxdepth affects tests specified before it as well as those specified
after it. Please specify global options before other arguments.
The find option -mindepth -maxdepth are global options and must be
before any path option. Change order of $(SCAN_EXTRA) after -mindepth
and -maxdepth to fix this.
Signed-off-by: Leo Chung <gewalalb@gmail.com>
[capitalize Description, Author and Sob and minor description tweak]
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Daniel Golle [Sun, 5 Jun 2022 10:28:11 +0000 (11:28 +0100)]
tools/mkimage: increase tmpfile name length limit
mkimage limits the length of the file paths in can deal with to 256
characters. Turns out that in automated builds by asu we break this
limit, so increase it to 1024 characters.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
sunxi/cortexa53: enable armv8-CE crypto algorithms
This enables armv8 crypto extensions version of AES, GHASH, SHA1, and
CRC T10 algorithms in the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Wed, 20 Apr 2022 19:04:33 +0000 (16:04 -0300)]
sunxi/cortexa53: refresh kernel 5.15 config
This is result of a make kernel_oldconfig CONFIG_TARGET=subtarget.
One new option popped up:
Support for the Allwinner H616 CCU (SUN50I_H616_CCU) [Y/n/?] (NEW) n
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
rockchip/armv8: enable armv8-CE crypto algorithms
This enables armv8 crypto extensions version of AES, GHASH, and CRC T10
algorithms in the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Wed, 20 Apr 2022 19:23:47 +0000 (16:23 -0300)]
octeontx: add armv8-CE version of CRC T10
Adds the crypto extensions version of the CRC T10 algorithm that is
already built into the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
mvebu/cortexa72: enable armv8-CE crypto algos
This enables armv8 crypto extensions version of AES, GHASH, SHA1,
SHA256, and SHA512 algorithms in the kernel.
The choice of algorithms match the 32-bit versions that are enabled in
the target config-5.10 file, but were only used by the cortexa9
subtarget.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Wed, 20 Apr 2022 19:04:33 +0000 (16:04 -0300)]
mvebu/cortexa72: refresh kernel 5.10 config
This is result of a plain make kernel_oldconfig CONFIG_TARGET=subtarget.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
mvebu/cortexa53: enable armv8-CE crypto algos
This enables armv8 crypto extensions version of AES, GHASH, SHA1,
SHA256, and SHA512 algorithms in the kernel.
The choice of algorithms match the 32-bit versions that are enabled in
the target config-5.10 file, but were only used by the cortexa9
subtarget.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Wed, 20 Apr 2022 19:04:33 +0000 (16:04 -0300)]
mvebu/cortexa53: refresh kernel 5.10 config
This is result of a plain make kernel_oldconfig CONFIG_TARGET=subtarget.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
layerscape/armv8_64b: enable armv8-CE crypto algos
This enables armv8 crypto extensions version of AES, GHASH, SHA256 and
CRC T10 algorithms in the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
bcm4908: enable armv8-CE crypto algorithms
This enables armv8 crypto extensions version of AES and GHASH algorithms
in the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Tue, 17 May 2022 15:06:12 +0000 (12:06 -0300)]
bcm27xx/bcm2711: enable asm crypto algorithms
This enables arm64/neon version of AES, SHA256 and SHA512 algorithms in
the kernel. bcm2711 does not support armv8 crypto extensions, so they
are not included.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Tue, 17 May 2022 15:00:41 +0000 (12:00 -0300)]
bcm27xx/bcm2710: enable asm crypto algorithms
This enables arm64/neon version of AES, SHA256 and SHA512 algorithms in
the kernel. bcm2710 does not support armv8 crypto extensions, so they
are not included.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Felix Fietkau [Sun, 29 May 2022 09:04:03 +0000 (11:04 +0200)]
mac80211: add airtime fairness rework/fixes
latency and short-term fairness is improved by fixing the tx queue sorting
so that it considers the pending AQL budget
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Stijn Tintel [Tue, 17 May 2022 14:57:07 +0000 (17:57 +0300)]
ramips: use hotplug script for EAP615-Wall MACs
Using nvmem-cells to set the MAC address for a DBDC device results in
both PHY devices using the same MAC address. This in turn will result in
multiple BSSes using the same BSSID, which can cause various problems.
Use the hotplug script for the EAP615-Wall instead to avoid this.
Fixes: a1b8a4d7b3ff ("ramips: support TP-Link EAP615-Wall")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Stijn Segers <foss@volatilesystems.org>
Tested-By: Andrew Powers-Holmes <aholmes@omnom.net>
Xu Wang [Fri, 27 May 2022 22:21:43 +0000 (22:21 +0000)]
kernel: crypto: add kmod-crypto-chacha20poly1305
Needed by strongSwan IPsec VPN for strongswan-mod-chapoly. Not to be confused with
kmod-crypto-LIB-chacha20poly1305, which is an 8-byte nonce version used
by wireguard.
Signed-off-by: Xu Wang <xwang1498@gmx.com>
Felix Fietkau [Wed, 4 May 2022 10:49:07 +0000 (12:49 +0200)]
mt76: update to the latest version
6da21a0b7280 linux-firmware: update firmware for MT7921 WiFi device
4876688c41dc linux-firmware: update firmware for MT7915
79b1b86040de linux-firmware: add firmware for MT7986
784c27b159b9 linux-firmware: add firmware for MT7922
079e41dc71a1 mt76: mt7915: configure soc clocks in mt7986_wmac_init
747c70fc6c89 mt76: connac: use skb_put_data instead of open coding
e98f58815018 mt76: mt7915: update mt7986 patch in mt7986_wmac_adie_patch_7976()
b7104b4b2f2d mt76: mt7915: fix twt table_mask to u16 in mt7915_dev
d39368f336ee mt76: mt7915: reject duplicated twt flows
4718ed04a655 mt76: mt7915: limit minimum twt duration
84319691b742 mt76: mt7915: reowrk SER debugfs knob
bac5f22365a2 mt76: mt7915: introduce mt7915_mac_severe_check()
81524067686c mt76: mt7915: move MT_INT_MASK_CSR to init.c
2b7f5e85290e mt76: mt7915: add support for 6G in-band discovery
31273183ea0a mt76: mt7615/mt7915: do reset_work with mt76's work queue
bb54f5e1c115 mt76: mt7915: improve error handling for fw_debug knobs
838529da6470 mt76: mt7915: add more statistics from fw_util debugfs knobs
3a65deb93737 mt76: add gfp to mt76_mcu_msg_alloc signature
8e87669eefcf mt76: mt7921: add ipv6 NS offload support
e1b2c18eee29 mt76: mt7915: fix endianness in mt7915_rf_regval_get
0742eaeafee2 mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
d299ad96d867 mt76: mt7915: fix endian bug in mt7915_rf_regval_set()
380eac6f31ec mt76: add 6 GHz band support in mt76_sar_freq_ranges
268ce38e9e36 mt76: mt7921: introduce ACPI SAR support
8c27300b4271 mt76: mt7921: introduce ACPI SAR config in tx power
54b6504a3ef8 mt76: mt7915: add more ethtool stats
cdd66d642977 mt76: add DBDC rxq handlings into mac_reset_work
b284684f5cba mt76: mt7921: add PATCH_FINISH_REQ cmd response handling
f8b9be4287cc mt76: mt7921s: fix firmware download random fail
28b19d2cc53f mt76: mt7915: add missing bh-disable around tx napi enable/schedule
1d8af168e86f mt76: mt7615: add missing bh-disable around rx napi enable/schedule
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 26 Mar 2022 23:05:49 +0000 (00:05 +0100)]
mac80211: add a bug fix for a rare crash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 31 May 2022 12:01:21 +0000 (14:01 +0200)]
kernel: fix crashes in bridge offload code
- fix an issues when accessing the port pointer of an expired/invalid fdb entry
Signed-off-by: Felix Fietkau <nbd@nbd.name>
David Bauer [Wed, 25 May 2022 20:07:10 +0000 (22:07 +0200)]
ipq40xx: add Aruba AP-365 specific BDF
Aruba deploys a BDF in the root filesystem, however this matches the one
used for the DK04 reference board.
The board-specific BDFs are built into the kernel. The AP-365 shows
sinificant degraded performance with increased range when used with the
reference BDF.
Replace the BDF with the one extracted from Arubas kernel.
Signed-off-by: David Bauer <mail@david-bauer.net>
Daniel Golle [Thu, 2 Jun 2022 07:00:44 +0000 (08:00 +0100)]
fstools: update to git HEAD
93369be Revert "fstools: remove SELinux restorecon hack"
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 1 Jun 2022 21:31:01 +0000 (22:31 +0100)]
ubus: update to git HEAD
2f793a4 lua: add optional path filter to objects() method
2bebf93 ubusd: handle invoke on event object without data
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 1 Jun 2022 19:47:37 +0000 (20:47 +0100)]
netifd: update to git HEAD
2e1fcf4 netifd: fix hwmode for 60g band
39ef9fe interface-ip: fix memory corruption bug when using jail network namespaces
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 1 Jun 2022 19:44:04 +0000 (20:44 +0100)]
procd: update to git HEAD
557c98e init: selinux: don't relabel virtual filesystems
7a00968 init: only relabel rootfs if started from initramfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Christian 'Ansuel' Marangi [Wed, 1 Jun 2022 13:24:06 +0000 (15:24 +0200)]
rpcd: update to latest Git HEAD
1c48257 iwinfo: fix compilation error with GCC 12
[remove extra change in Makefile]
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Christian 'Ansuel' Marangi [Wed, 1 Jun 2022 13:21:34 +0000 (15:21 +0200)]
Revert "rpcd: update to latest Git HEAD"
This reverts commit
8885cf88279fd131c163d0ac34aeeef0bbff0ceb.
Rui Salvaterra [Wed, 18 May 2022 08:01:17 +0000 (09:01 +0100)]
kernel: add two ksyms to the generic kconfigs
These will be prompted for with GCC 12.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Rui Salvaterra [Fri, 6 May 2022 14:42:06 +0000 (15:42 +0100)]
toolchain: add support for GCC 12
GCC 12.1 is out. Add support for it.
Deleted (upstreamed):
011-v12-configure-define-TARGET_LIBC_GNUSTACK-on-musl.patch
931-libffi-fix-MIPS-softfloat-build-issue.patch
Deleted (unneeded?)
970-macos_arm64-building-fix.patch
Other patches manually rebased due to C++ conversion and consequent file name
changing (.c to .cc).
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Christian 'Ansuel' Marangi [Wed, 1 Jun 2022 12:46:04 +0000 (14:46 +0200)]
rpcd: update to latest Git HEAD
1c48257 iwinfo: fix compilation error with GCC 12
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Christian 'Ansuel' Marangi [Wed, 1 Jun 2022 12:41:46 +0000 (14:41 +0200)]
uhttpd: update to latest Git HEAD
d59d732 client: fix compilation error with GCC 12
51283f9 fix compiler uninitialized variable
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Rui Salvaterra [Thu, 28 Apr 2022 21:44:40 +0000 (22:44 +0100)]
toolchain: bump GCC 11 to 11.3.0
Remove an upstreamed patch and rebase all remaining patches.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Jo-Philipp Wich [Wed, 1 Jun 2022 11:26:42 +0000 (13:26 +0200)]
ucode: update to latest Git HEAD
d996047 syntax: adjust number literal parsing and string to number conversion
9efbe18 lib: refactor `uc_int()`
Fixes: #9923
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 31 May 2022 08:43:53 +0000 (10:43 +0200)]
firewall4: update to latest Git HEAD
210991d fw4: prefer /dev/stdin if available
4e5e322 fw4: make `fw4 restart` behavior more robust
221040e ruleset: emit time ranges when both start and stop times are specified
30a7d47 fw4: fix datetime parsing
fb9a6b2 ruleset: correct mangle_output chain type
6dd2617 fw4: fix logic flaw in testing hw flow offloading support
c7c9c84 fw4: ensure that negative bitcounts are properly translated
c4a78ed fw4: fix typo in emitted set types
Fixes: #9764, #9923, #9927, #9935, #9955
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 31 May 2022 08:59:47 +0000 (10:59 +0200)]
ucode: update to latest Git HEAD
da3f089 lib: rework uc_index() implementation
559029e ci: make jobs faster during pull request testing
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Christian 'Ansuel' Marangi [Sat, 14 May 2022 17:42:24 +0000 (19:42 +0200)]
generic: 5.15: fix panic on tcp_no_window_check set with interface up
The current reworked version cause kernel panic when the value is changes and
an interface is up. Following the tcp_be_liberal impelementation,
reimplement this to permit a safe change of this value without any
panic.
This has been tested with a QSDK package where tcp_no_window_check is used.
Fixes: 92fb51bc9881 ("generic: 5.15: standardize tcp_no_window_check pending patch")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Sander Vanheule [Sun, 29 May 2022 17:38:09 +0000 (19:38 +0200)]
realtek: don't unmask non-maskable GPIO IRQs
On uniprocessor builds, for_each_cpu(cpu, mask) will assume 'mask'
always contains exactly one CPU, and ignore the actual mask contents.
This causes the loop to run, even when it shouldn't on an empty mask,
and tries to access an uninitialised pointer.
Fix this by wrapping the loop in a cpumask_empty() check, to ensure it
will not run on uniprocessor builds if the CPU mask is empty.
Fixes: af6cd37f42f3 ("realtek: replace RTL93xx GPIO patches")
Reported-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Reported-by: Robert Marko <robimarko@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Sebastian Schaper [Fri, 27 May 2022 15:22:52 +0000 (17:22 +0200)]
ath79: fix label MAC address for D-Link DIR-825B1
The label MAC address for DIR-825 Rev. B1 is the WAN address located
at 0xffb4 in `caldata`, which equals LAN MAC at 0xffa0 incremented by 1.
Signed-off-by: Sebastian Schaper <openwrt@sebastianschaper.net>
David Bauer [Fri, 22 Apr 2022 00:02:48 +0000 (02:02 +0200)]
ramips: disable unsupported background-radar
The UniFi 6 Lite as well as the Tenbay T-MB5EU do not have the third
background-radar chain. For the Tenbay, the connector is present,
however no antenna is connected to it.
Signed-off-by: David Bauer <mail@david-bauer.net>
David Bauer [Tue, 17 May 2022 22:10:43 +0000 (00:10 +0200)]
mac80211: introduce BSS color collision detection
Add ieee80211_rx_check_bss_color_collision routine in order to introduce
BSS color collision detection in mac80211 if it is not supported in HW/FW
(e.g. for mt7915 chipset).
Add IEEE80211_HW_DETECTS_COLOR_COLLISION flag to let the driver notify
BSS color collision detection is supported in HW/FW. Set this for ath11k
which apparently didn't need this code.
Tested-by: Peter Chiu <Chui-Hao.Chiu@mediatek.com>
Co-developed-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://lore.kernel.org/r/a05eeeb1841a84560dc5aaec77894fcb69a54f27.1648204871.git.lorenzo@kernel.org
[clarify commit message a bit, move flag to mac80211]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Hauke Mehrtens [Sat, 28 May 2022 12:32:08 +0000 (14:32 +0200)]
malta: use default OpenWrt network configuration
Currently malta configures the first Ethernet device as WAN interface.
If it finds a second one it will configure it as LAN.
This commit reverses it to match armvirt and x86. If there is only one
network device it will be configured as LAN device now. If we find two
network devices the 2. one will be WAN.
If no board.d network configuration is given it will be configured in
package/base-files/files/etc/board.d/99-default_network
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[minor typos]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Petr Štetiar [Sat, 28 May 2022 12:18:06 +0000 (14:18 +0200)]
uboot-imx: fix wrong make flags overriding
Buidbots are currently choking on the following compile error:
In file included from tools/aisimage.c:9:
include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
# include <openssl/evp.h>
^~~~~~~~~~~~~~~
compilation terminated.
This is caused by a complete overriding of make flags which are provided
correctly in `UBOOT_MAKE_FLAGS` variable, but currently overriden
instead of extended. This then leads to the usage of build host include
dirs, which are not available.
Fix it by extending `UBOOT_MAKE_FLAGS` variable in all device recipes.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Ritaro Takenaka [Tue, 24 May 2022 17:51:19 +0000 (02:51 +0900)]
kernel: backport flow offload fixes
Some dst in IPv6 flow offload table become invalid after the table is created.
So check_dst is needed in packet path.
Signed-off-by: Ritaro Takenaka <ritarot634@gmail.com>
[Add patch for kernel 5.15 too and rename file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
John Thomson [Fri, 20 May 2022 22:13:21 +0000 (08:13 +1000)]
ipq40xx: cut ath10k board file for mikrotik subtarget
Avoid shipping ath10k board file in Mikrotik initram images
Most will only ever need to use these initram images once—to initially
load OpenWrt, but fix these images for more consistent Wi-Fi performance
between the initram and installed squashfs images.
OpenWrt BUILDBOT config ignores -cut packages in the initram images build.
This results in BUILDBOT initram images including the linux-firmware
qca4019 board-2.bin, and (initram image booted) Mikrotik devices loading
a generic BDF, rather than the intended BDF data loaded
from NOR as an api 1 board_file.
buildbot snapshot booted as initram image:
cat /etc/openwrt_version
r19679-
810eac8c7f
dmesg | grep ath10k | grep -E board\|BDF
[ 9.794556] ath10k_ahb
a000000.wifi: Loading BDF type 0
[ 9.807192] ath10k_ahb
a000000.wifi: board_file api 2 bmi_id 0:16
crc32
11892f9b
[ 12.457105] ath10k_ahb
a800000.wifi: Loading BDF type 0
[ 12.464945] ath10k_ahb
a800000.wifi: board_file api 2 bmi_id 0:17
crc32
11892f9b
CC: Robert Marko <robimarko@gmail.com>
Fixes: 5eee67a72fed ("ipq40xx: mikrotik: dont include ath10k-board-qca4019 by default")
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Marius Dinu [Wed, 18 May 2022 09:28:59 +0000 (12:28 +0300)]
ksmbd: fix ipc error and crash
Original patch: https://github.com/cifsd-team/ksmbd-tools/issues/227
adapted for ksmbd kernel module v3.4.3 by me.
Fixes crash in v3.4.3 only. Use original patch when updating to v3.4.4
as this one will fail hunk #1.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
Sander Vanheule [Fri, 27 May 2022 08:14:21 +0000 (10:14 +0200)]
firmware-utils: bump to git HEAD
Fixes an out of bounds issue, adds support for TP-Link safeloader images
with non-default partition names, and adds image generation support for:
- TP-Link Archer A6 v2 (EU)
- TP-Link EAP225 v4
- TP-Link EAP225-Outdoor v3
365458e00ed7 tplink-safeloader: join EAP225-V3 compatible devices
0277810d353d tplink-safeloader: fix chunked support-list prints
a64f89c66318 tplink-safeloader: Patch to handle partitions with alternate names.
07f78f071075 firmware-utils: tplink-safeloader: add support for Archer A6 v2 (EU)
49ea62160d21 tplink-safeloader: fix alphabetical order
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Álvaro Fernández Rojas [Mon, 23 May 2022 19:05:59 +0000 (21:05 +0200)]
bmips: dgnd3700v2: fix network config
ucidef_set_bridge_device is needed for DGND3700v2 network config since VLAN 1
must be used for the switch to be correctly configured.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Felix Fietkau [Mon, 23 May 2022 12:12:28 +0000 (14:12 +0200)]
netifd: update to the latest version
4b4849cf5e5a interface-ip: unify host and proto route handling
507c0513d176 interface-ip: add support for excluding interfaces in host route lookup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 17 May 2022 18:17:11 +0000 (20:17 +0200)]
libnl-tiny: update to the latest version
b5b2ba09c4f1 netlink: add NLA_F_NESTED to all nested attributes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Álvaro Fernández Rojas [Sun, 22 May 2022 20:04:08 +0000 (22:04 +0200)]
bcm27xx: add pwm-fan dependency to RPi PoE
This is needed for the fan in the PoE hat to work.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Sander Vanheule [Thu, 14 Apr 2022 19:57:54 +0000 (21:57 +0200)]
realtek: replace RTL93xx GPIO patches
Patches to support the SoC's GPIO controller for RTL930x and RTL931x
devices have been accepted upstream. Replace the current preliminary
patch with the upstream ones, excluding devictree binding changes.
The updated patches add GPIO IRQ balancing support on RTL930x, but this
cannot be used until these devices also support SMP.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
INAGAKI Hiroshi [Fri, 23 Apr 2021 09:32:11 +0000 (18:32 +0900)]
mediatek: mt7622: add support for ELECOM WRC-X3200GST3
ELECOM WRC-X3200GST3 is a 2.4/5 GHz band 11ax (Wi-Fi 6) router, based on
MT7622B.
Specifications:
- SoC : MediaTek MT7622B
- RAM : DDR3 512 MiB (Nanya NT5CC256M16ER-EK)
- Flash : SPI-NAND 128 MiB (Winbond W25N01GVZEIG)
- WLAN : 2.4/5 GHz 4T4R
- 2.4 GHz : MediaTek MT7622B (SoC)
- 5 GHz : MediaTek MT7915A
- Ethernet : 5x 10/100/1000 Mbps
- Switch : MediaTek MT7531
- LEDs/Keys : 6x/4x (2x buttons, 1x slide-switch)
- UART : through-hole on PCB
- J19: 3.3V, GND, TX, RX from power jack side
- 115200n8
- Power : 12 VDC, 1.5 A
Flash instruction using factory image:
1. Boot WRC-X3200GST3 normally with "Router" mode
2. Access to "http://192.168.2.1/" and open firmware update page
("ファームウェア更新")
3. Select the OpenWrt factory image and click apply ("適用") button
4. Wait ~120 seconds to complete flashing
MAC Addresses:
LAN : 04:AB:18:xx:xx:77 (Factory, 0x7FFF4 (hex))
WAN : 04:AB:18:xx:xx:78 (Factory, 0x7FFFA (hex))
2.4 GHz: 04:AB:18:xx:xx:79 (Factory, 0x4 (hex))
5 GHz : 04:AB:18:xx:xx:7A (none)
Note:
- currently, there is no "phy1tpt" trigger for 5 GHz wlan (MT7915) in
"trigger" file of LEDs, use "phy1radio" trigger instead
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Dominick Grift [Thu, 19 May 2022 16:50:16 +0000 (18:50 +0200)]
selinux-policy: update to version 1.2.3
86ca9c6 devstatus: prints to terminal
95de949 deal with /rom/dev/console label inconsistencies
ab6b6ee uci: hack to deal with potentially mislabeled char files
acf9172 dnsmasq this can't be right
021db5b luci-app-tinyproxy
cf3a9c4 support/secmark: removes duplicate loopback rules
eeb2610 dhcp servers: recv dhcp client packets
d5a5fc3 more support/secmark "fixes"
35d8604 update support secmark
4c155c0 packets these were caused by labeling issues with loopback
fad35a5 nftables reads routing table
f9c5a04 umurmur: kill an mumur instance that does not run as root
10a10c6 mmc stordev make this consistent
ab3ec5b Makefile: sort with LC_ALL=C
b34eaa5 fwenv rules
8c2960f adds rfkill nodedev and some mmc partitions to stordev
5a9ffe9 rcboot runs fwenv with a transition
9954bf6 dnsmasq in case of tcp
ab66468 dnsmasq try this
5bfcb88 dnsmasq stubby not sure why this is happening
863f549 luci not sure why it recv and send server packets
d5cddb0 uhttpd sends sigkill luci cgi
44cc04d stubby: it does not maintain anything in there
db730b4 Adds stubby
ccbcf0e tor simplify network access
a308065 tor basic
a9c0163 znc loose ends
327a9af acme: allow acme_cleanup.sh to restart znc
4015614 basic znc
7ef14a2 support/secmark: clarify some things
3107afe README: todo qrencode
943035a README and secmark doc
4c90937 ttyd: fix that socket leak again
3239adf dnsmasq icmp packets and fix a tty leak issue
b41d38f Makefile: optimize
95d05b1 sandbox dontaudit ttyd leak
0b7d670 rpcd: reads mtu
e754bf1 opkg-lists try this
35fb530 opkg-lists: custom
4328754 opkg try to address mislabeled /tmp/opkg-lists
3e2385c rcnftqos
95eae2d ucode
c86d366 luci diagnostics
e10b443 rpcd packets and wireguard/luci
a25e020 igmpproxt packets
0106f00 luci
dcef79c nftqos related
3c9bc90 related to nft-qos and luci
f8502d4 dnsmasq more related to /usr/lib/dnsmasq/dhcp-script.sh
29a4271 dnsmasq: related to /usr/lib/dnsmasq/dhcp-script.sh
0c5805a some nft-qos
1100b41 adds a label for /tmp/.ujailnoafile
e141a83 initscript: i labeled ujail procd.execfile
a3b0302 Makefile: adds a default target + packets target
6a3f8ef label usign as opkg and label fwtool and sysupgrade
04d1cc7 sysupgrade: i meant don't do the fc spec
763bec0 sysupgrade: dont do /tmp/sysupgrade.img
af2306f adds a failsafe.tmpfile and labels validate_firmware_image
5b15760 fwenv: comment doesnt make sense
370ac3b fwenv: executes shell
67e3fcb fwenv: adds fw_setsys
544d211 adds procd execfile module to label procd related exec files
99d5f13 rclocalconffile: treat /etc/rc.button like /etc/rc.local
4dfd662 label uclient-fetch the same as wget
75d8212 osreleasemiscfile: adds /etc/device_info
0c1f116 adds a rcbuttonconffile for /etc/rc.button (base-files)
ccd23f8 adds a syslog.conffile for /etc/syslog.conf (busybox)
f790600 adds a libattr.conffile for /etc/xattr.conf
fcc028e fwenv: adds fwsys
1255470 xtables: various iptables alternatives
a7c4035 Revert "sqm: runs xtables, so also allow nftables"
0d331c3 sqm: runs xtables, so also allow nftables
f34076b acme: will run nftables in the near future
6217046 allow ssl.read types to read /tmp/etc/ssl/engines.cnf
d0deea3 fixes dns packets
8399efc Revert "sandbox: see if dontauditing this affects things"
73d716a sandbox: see if dontauditing this affects things
b5ee097 sandbox: also allow readinherited dropbear pipes
12ee46b iwinfo traverses /tmp/run/wpa_supplicant
4a4d724 agent.cil: also reads inherited dropbear pipes
d48013f support/secmark: i tightened my dns packet policy
645ad9e dns packets redone
4790b25 dnsnetpacket: fix obj macro template
d9fafff redo dns packets
0a68498 ttyd: leaks a netlink route socket
1d2e6be .gitattributes: remove todo
e1bb954 usbutil: reads bus sysfile symlinks
d275a32 support/secmark: clean it up a little
af5ce12 Makefile: exclude packet types in default make target
3caacdf support/secmark: document tunable/boolean
e3dd3e6 invalidpacketselinuxbool: make it build-time again
54f0ccf odhcpd packet fix
4a864ba contrib/secmark: add a big FAT warning
bead937 contrib/secmark: adds note about secmark support
146ae16 netpacket remove test
2ce9899 dns packets, odhcp6c raw packet, 4123 ntpnts for netnod
070a45f chrony and unbound packets
eba894f rawip socket packets cannot be labeled
656ae0b adds isakmp (500), ipsec-nat-t (4500) and rawip packet types
35325db adds igmp packet type
5cf444c adds icmp packet type
2e41304 sandbox some more packet access for sandbox net
12caad6 packet accesses
b8eb9a8 adds a trunkload of packet types
a42a336 move rules related to invalid netpeers and ipsec associations
a9e40e0 xtables/nftables allow relabelto all packet types
aa5a52c README: adds item to wish list
3a96eec experiment: simple label based packet filtering
26d6f95 nftables reads/writes fw pipes
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Jan-Niklas Burfeind [Sat, 21 May 2022 15:17:34 +0000 (17:17 +0200)]
ath79: NanoBeam M5 fix target_devices
Update the name of for the Ubiquiti NanoBeam M5 to match the
auto-generated one at runtime. Otherwise sysupgrade complains about
mismatching device names.
This also required renaming the DTS.
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
Jan-Niklas Burfeind [Sat, 23 Apr 2022 15:49:34 +0000 (17:49 +0200)]
ath79: add support for Ubiquiti NanoBeam M5
Ubiquiti NanoBeam M5 devices are CPE equipment for customer locations
with one Ethernet port and a 5 GHz 300Mbps wireless interface.
Specificatons:
- Atheros AR9342
- 535 MHz CPU
- 64 MB RAM
- 8 MB Flash
- 1x 10/100 Mbps Ethernet with passive PoE input (24 V)
- 6 LEDs of which four are rssi
- 1 reset button
- UART (4-pin) header on PCB
Notes:
The device was supported by OpenWrt in ar71xx.
Flash instructions (web/ssh/tftp):
Loading the image via ssh vias a stock firmware prior "AirOS 5.6".
Downgrading stock is possible.
* Flashing is possible via AirOS software update page:
The "factory" ROM image is recognized as non-native and then installed correctly.
AirOS warns to better be familiar with the recovery procedure.
* Flashing can be done via ssh, which is becoming difficult due to legacy
keyexchange methods.
This is an exempary ssh-config:
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa
PubkeyAcceptedKeyTypes ssh-rsa
User ubnt
The password is ubnt.
Connecting via IPv6 link local worked best for me.
1. scp the factory image to /tmp
2. fwupdate.real -m /tmp/firmware_image_file.bin -d
* Alternatively tftp is possible:
1. Configure PC with static IP 192.168.1.2/24.
2. Enter the rescue mode. Power off the device, push the reset button on
the device (or the PoE) and keep it pressed.
Power on the device, while still pushing the reset button.
3. When all the leds blink at the same time, release the reset button.
4. Upload the firmware image file via TFTP:
tftp 192.168.1.20
tftp> bin
tftp> trace
Packet tracing on.
tftp> put firmware_image.bin
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
Maciej Krüger [Thu, 19 May 2022 18:00:53 +0000 (20:00 +0200)]
ath79: add support for MikroTik hAP (RB951Ui-2nD)
The MikroTik hAP (product code RB951Ui-2nD) is
an indoor 2.4Ghz AP with a 2 dBi integrated antenna built around the
Atheros QCA9531 SoC.
Specifications:
- SoC: Atheros QCA9531
- RAM: 64 MB
- Storage: 16 MB NOR - Winbond 25Q128FVSG
- Wireless: Atheros QCA9530 (SoC) 802.11b/g/n 2x2
- Ethernet: Atheros AR934X switch, 5x 10/100 ports,
10-28 V passive PoE in port 1, 500 mA PoE out on port 5
- 8 user-controllable LEDs:
· 1x power (green)
· 1x user (green)
· 4x LAN status (green)
· 1x WAN status (green)
· 1x PoE power status (red)
See https://mikrotik.com/product/RB951Ui-2nD for more details.
Notes:
The device was already supported in the ar71xx target.
Flashing:
TFTP boot initramfs image and then perform sysupgrade. Follow common
MikroTik procedure as in https://openwrt.org/toh/mikrotik/common.
Signed-off-by: Maciej Krüger <mkg20001@gmail.com>
Thibaut VARÈNE [Mon, 2 May 2022 15:07:45 +0000 (17:07 +0200)]
ath79: add support for MikroTik RouterBOARD hAP ac lite
The MikroTik RB952Ui-5ac2nD (sold as hAP ac lite) is an indoor 2.4Ghz
and 5GHz AP/router with a 2 dBi integrated antenna.
See https://mikrotik.com/product/RB952Ui-5ac2nD for more details.
Specifications:
- SoC: QCA9533
- RAM: 64MB
- Storage: 16MB NOR
- Wireless: QCA9533 802.11b/g/n 2x2 / QCA9887 802.11a/n/ac 2x2
- Ethernet: AR934X switch, 5x 10/100 ports,
10-28 V passive PoE in port 1, 500 mA PoE out on port 5
- 6 user-controllable LEDs:
- 1x user (green)
- 5x port status (green)
Flashing:
TFTP boot initramfs image and then perform sysupgrade. The "Internet"
port (port number 1) must be used to upload the TFTP image, then
connect to any other port to access the OpenWRT system.
Follow common MikroTik procedure as in
https://openwrt.org/toh/mikrotik/common.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Álvaro Fernández Rojas [Fri, 20 May 2022 18:59:36 +0000 (20:59 +0200)]
bcm27xx: sound-soc-rpi-cirrus: fix package
Fix kmod-sound-soc-rpi-cirrus package dependencies.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Jo-Philipp Wich [Tue, 17 May 2022 19:01:46 +0000 (21:01 +0200)]
firewall4: update to latest Git HEAD
c22eeef fw4: support negative CIDR bit notation
628d791 hotplug: reliably handle interfaces with ubus zone hints
d005293 fw4: store zone associations from ubus in statefile as well
b268225 fw4: filter non hw-offload capable devices when resolving lower devices
57984e0 fw4: always resolve lower flowtable devices
7782017 tests: fix mocked `fd.read("line")` api
72b196d config: remove restictions on DHCPv6 allow rule
f0cc317 fw4: refactor family selection for forwarding rules
b0b8122 treewide: use modern syntax
05995f1 fw4: fix emitting device jump rules for family restricted zones
b479815 fw4: fix family auto-selection for config nat rules
2816a82 ruleset: ensure that family-agnostic ICMP rules cover ICMPv6 as well
2379c3d tests: add test coverage for zone family selection logic
Fixes: #5066, #9611, #9765, #9854
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Fri, 20 May 2022 17:51:02 +0000 (19:51 +0200)]
ucode: update to latest Git HEAD
081871e compiler: fix segmentation fault on compiling unexpected unary expressions
090b426 fs: avoid input buffering with small limits in fs.readfile()
8da140f lib: introduce hexenc() and hexdec()
9a72423 Update README.md
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Álvaro Fernández Rojas [Fri, 20 May 2022 12:27:22 +0000 (14:27 +0200)]
bcm63xx: add linux v5.15 support
Build system: x86_64
Build-tested: generic, smp
Run-tested: generic/AR-5387un, smp/VR-3032u
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Álvaro Fernández Rojas [Fri, 20 May 2022 06:06:03 +0000 (08:06 +0200)]
bcm27xx: modules: video: fix whitespace
No idea how this ended up here v2...
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Álvaro Fernández Rojas [Thu, 19 May 2022 18:11:08 +0000 (20:11 +0200)]
bcm27xx: enable PWM drivers in config
Removes PWM module package.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Álvaro Fernández Rojas [Fri, 20 May 2022 11:09:26 +0000 (13:09 +0200)]
bmips: rework ARCH_HAS_SYNC_DMA_FOR_CPU_ALL patch
Let's disable ARCH_HAS_SYNC_DMA_FOR_CPU_ALL only for BCM6358.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Álvaro Fernández Rojas [Fri, 20 May 2022 10:39:34 +0000 (12:39 +0200)]
bmips: remove linux 5.10 compatibility
A devent amount of patches have been upstreamed, so maintaining linux 5.10 on
this target makes no sense.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>