openwrt/openwrt.git
17 months agorealtek: eth: Do not write directly to dev->addr
Olliver Schinagl [Wed, 24 May 2023 10:58:37 +0000 (12:58 +0200)]
realtek: eth: Do not write directly to dev->addr

One is never to write to dev->addr directly. In 6.1 it will be a const and
with the newly enabled WERROR, we get a failing grade.

Lets fix this ahead of time.

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
(cherry picked from commit d881f65da1e6f3bc4237b39cf2373bef51c3828c)

17 months agorealtek: Add missing headers
Olliver Schinagl [Thu, 25 May 2023 11:38:47 +0000 (13:38 +0200)]
realtek: Add missing headers

We are missing a bunch of headers, which trigger errors on 6.1, probably
due to changed header-in-header dependencies. Best add them now.

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
(cherry picked from commit 9fb1dbb1df35911b407fa0faaa2443fbc0f0ddde)

17 months agogeneric: b53: rename exported symbols to avoid upstream conflict
Robert Marko [Fri, 2 Jun 2023 10:27:19 +0000 (12:27 +0200)]
generic: b53: rename exported symbols to avoid upstream conflict

Upstream DSA driver is exporting symbols with the same name as our
downstream swconfig driver, so lets rename the downstream symbols to make
them unique and avoid the conflict on 6.1 kernel.

Without this change, building 6.1 with kmod-switch-bcm53xx would conflict
with the B53 DSA driver and CI would fail.

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit effccdd444a956afc5493ef8f1c79a7e7ffa8490)

17 months agokernel: add mdio-bus-mux support
Mathew McBride [Mon, 20 Mar 2023 04:16:04 +0000 (04:16 +0000)]
kernel: add mdio-bus-mux support

The MDIO bus multiplexing framework is used by some drivers
such as dwmac-sun8i.

As this is a per-driver requirement, set it to be hidden in the menu.

Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 2dbeb607251b75b506dcc8f1294cd9ed0bac9694)

17 months agokernel: fix wrong detection of Linux-Testing-Version in makefile DUMP
Christian Marangi [Wed, 31 May 2023 13:19:31 +0000 (15:19 +0200)]
kernel: fix wrong detection of Linux-Testing-Version in makefile DUMP

When the split was done, the case for testing kernel version wasn't
handled and only the to-be-compiled kernel version details files was
included. This cause the kernel Linux-Testing-Version output from
makefile target DUMP to report only the kernel version without the minor
version (example 6.1 instead of 6.1.29).

This value is expected with the full kernel version and this cause the
dump-target-info.pl script to not correctly identify if a target have a
testing kernel for the kernels calls.

Fix this regression by correctly including the kernel details files if
the target declare support for a testing kernel version.

Fixes: 0765466a42f4 ("kernel: split kernel version to dedicated files")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 595608eb3f05cba31da59e0d5d82504ab6731c0b)

17 months agobmips: add support for Comtrend AR-5381u
Álvaro Fernández Rojas [Sun, 11 Jun 2023 16:44:36 +0000 (18:44 +0200)]
bmips: add support for Comtrend AR-5381u

The Comtrend AR-5381u is a wifi fast ethernet router, 2.4 GHz single band with
two internal antennas.

Hardware:
 - SoC: Broadcom BCM6328
 - CPU: single core BMIPS4350 @ 320Mhz
 - RAM: 64 MB DDR
 - Flash: 16 MB SPI NOR
 - Ethernet LAN: 4x 100Mbit
 - Wifi 2.4 GHz: miniPCI Broadcom BCM43225 802.11bgn
 - USB: 1x 2.0
 - Buttons: 1x (reset)
 - LEDs: yes
 - UART: yes

Installation via CFE web UI:
  1. Power off the router.
  2. Press reset button near the power switch.
  3. Keep it pressed while powering up during ~20+ seconds.
  4. Browse to http://192.168.1.1 and upload the firmware.
  5. Wait a few minutes for it to finish.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit bcdf861519)

17 months agorestool: update source.codeaurora.org repository link
Christian Marangi [Sun, 11 Jun 2023 13:22:49 +0000 (15:22 +0200)]
restool: update source.codeaurora.org repository link

source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0a1ee5323549bfce30b4d42be2dcc461f694881c)

17 months agols-dpl: update source.codeaurora.org repository link
Christian Marangi [Sun, 11 Jun 2023 13:20:01 +0000 (15:20 +0200)]
ls-dpl: update source.codeaurora.org repository link

source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 52fd8d8ba3ed4d34ed1dbc9d14fc7754960a576d)

17 months agolayerscape: 5.15: update source.codeaurora.org ppfe driver reference
Christian Marangi [Sun, 11 Jun 2023 13:12:05 +0000 (15:12 +0200)]
layerscape: 5.15: update source.codeaurora.org ppfe driver reference

source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the link reference to the
new location.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 52d86ac6eb82b17769ce130eab5f4ba4efed06d2)

17 months agobmips: add support for Comtrend WAP-5813n
Álvaro Fernández Rojas [Sun, 11 Jun 2023 10:30:57 +0000 (12:30 +0200)]
bmips: add support for Comtrend WAP-5813n

The Comtrend WAP-5813n is a wifi gigabit router, 2.4 GHz single band with
two external antennas.

Hardware:
 - SoC: Broadcom BCM6369
 - CPU: dual core BMIPS4350 @ 400Mhz
 - RAM: 64 MB DDR
 - Flash: 8 MB parallel NOR
 - LAN switch: Broadcom BCM53115, 5x 1Gbit
 - Wifi 2.4 GHz: miniPCI Broadcom BCM4322 802.11bgn
 - USB: 1x 2.0 (optional)
 - Buttons: 3x (reset)
 - LEDs: yes
 - UART: yes

Installation via CFE web UI:
  1. Power off the router.
  2. Press reset button near the power switch.
  3. Keep it pressed while powering up during ~20+ seconds.
  4. Browse to http://192.168.1.1 and upload the firmware.
  5. Wait a few minutes for it to finish.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit c3b1ef2dfd)

17 months agoramips: mt7621-dts: move wan port to gmac1 YunCore FAP-640
Volodymyr Puiul [Sat, 10 Jun 2023 14:23:17 +0000 (18:23 +0400)]
ramips: mt7621-dts: move wan port to gmac1 YunCore FAP-640

move wan port to gmac1 to achieve 2Gbps CPU bandwidth between wan and
lan on YunCore FAP-640

Signed-off-by: Volodymyr Puiul <volodymyr.puiul@gmail.com>
(cherry picked from commit 47c2d50c0312412582fff7950b843d619400da9f)

17 months agobmips: add support for Comtrend VR-3025un
Álvaro Fernández Rojas [Sun, 11 Jun 2023 08:53:10 +0000 (10:53 +0200)]
bmips: add support for Comtrend VR-3025un

The Comtrend VR-3025un is a wifi gigabit router, 2.4 GHz single band with
two external antennas.

Hardware:
 - SoC: Broadcom BCM6368
 - CPU: dual core BMIPS4350 @ 400Mhz
 - RAM: 64 MB DDR
 - Flash: 8 MB parallel NOR
 - Ethernet LAN: 4x 100Mbit
 - Wifi 2.4 GHz: miniPCI Broadcom BCM43222 802.11bgn
 - USB: 1x 2.0
 - Buttons: 1x (reset)
 - LEDs: yes
 - UART: yes

Installation via CFE web UI:
  1. Power off the router.
  2. Press reset button near the antenna.
  3. Keep it pressed while powering up during ~20+ seconds.
  4. Browse to http://192.168.1.1 and upload the firmware.
  5. Wait a few minutes for it to finish.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 3baa45fbd8)

17 months agobmips: dgnd3700v1/dgnd3800b: add missing kmod-leds-gpio
Álvaro Fernández Rojas [Sun, 11 Jun 2023 08:25:03 +0000 (10:25 +0200)]
bmips: dgnd3700v1/dgnd3800b: add missing kmod-leds-gpio

Commit ed79519b8d89 missed adding kmod-leds-gpio to these devices.

Fixes: ed79519b8d89 ("bmips: add support for Netgear DGND3700 v1, DGND3800B")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
17 months agobmips: image: rename Device/bcm63xx_netgear
Álvaro Fernández Rojas [Sun, 11 Jun 2023 08:17:50 +0000 (10:17 +0200)]
bmips: image: rename Device/bcm63xx_netgear

Every other Device definition in the target is using hyphens instead of
underscores.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
17 months agobmips: dts: improve and align device tree files
Álvaro Fernández Rojas [Sun, 11 Jun 2023 08:14:25 +0000 (10:14 +0200)]
bmips: dts: improve and align device tree files

Align all the device tree files and follow the same criteria before more
devices are ported from bcm63xx and this goes out of control.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
17 months agobmips: add support for Netgear EVG2000
Daniel González Cabanelas [Sat, 10 Jun 2023 19:05:33 +0000 (21:05 +0200)]
bmips: add support for Netgear EVG2000

The Netgear EVG2000 is a wifi gigabit router, 2.4 GHz single band with
two internal antennas integrated in the main PCB.

Hardware:
 - SoC: Broadcom BCM6369
 - CPU: dual core BMIPS4350 V3.1 @400Mhz
 - RAM: 64 MB DDR
 - Flash: 16 MB parallel NOR
 - LAN switch: Broadcom BCM53115, 5x 1Gbit
 - Wifi 2.4 GHz: Broadcom BCM4322 802.11bgn
 - USB: 2x 2.0
 - Buttons: 2x, 1 reset
 - LEDs: 10x
 - FXS: 2x
 - UART: yes

Installation via CFE web UI:
  1. Power off the router and make a temporal TX-RX shortcircuit on the
     serial pins.
  2. Power on the router and wait 3 or more seconds
  3. Remove the TX-RX shortcircuit
  4. Browse to http://192.168.1.1 or http://192.168.0.1 and upload the
     firmware
  5. Wait a few minutes for it to finish

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
17 months agoramips: fix button definitions for Zyxel WSM20
Thomas Schröder [Fri, 9 Jun 2023 10:03:31 +0000 (12:03 +0200)]
ramips: fix button definitions for Zyxel WSM20

Setting the events of the WPS and LED buttons to
the best matching values based from the documentation:
<https://openwrt.org/docs/guide-user/hardware/hardware.button#procd_buttons>

Signed-off-by: Thomas Schröder <tschroeder_github@outlook.com>
(cherry picked from commit b0120f7c8bb35088f298f00eb4a630f62fb4183f)

17 months agoramips: fix first boot network configuration for TOZED ZLT S12 PRO
Arınç ÜNAL [Fri, 9 Jun 2023 08:55:21 +0000 (11:55 +0300)]
ramips: fix first boot network configuration for TOZED ZLT S12 PRO

The network configuration at first boot for TOZED ZLT S12 PRO lacks setting
up the LAN and WAN network interfaces. Address this. The WAN port is
advertised as WAN/LAN on the device and is put on LAN on stock firmware so
put it on LAN here as well.

Fixes: ce1f9fa625 ("ramips: add support for TOZED ZLT S12 PRO")
Reported-by: Andre Cruz <me@1conan.com>
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit b61253f92abb4c0d21ec7358a74438eae8d7e6b4)

17 months agokernel: use struct group to wipe psb6970 volatile priv data
Aleksander Jan Bajkowski [Thu, 25 May 2023 20:20:15 +0000 (22:20 +0200)]
kernel: use struct group to wipe psb6970 volatile priv data

Instead of reference vlan and do strange subtraction, use the handy
struct_group() to create a virtual struct of the same size of the
members. This permits to have a more secure memset and fix compilation
warning in 6.1 where additional checks are done.

Fix compilation warning:
| inlined from 'psb6970_reset_switch' at drivers/net/phy/psb6970.c:275:2:
| ./include/linux/fortify-string.h:314:25: error: call to '__write_overflow_field'
| declared with attribute warning: detected write beyond size of field
| (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
|  314 |                         __write_overflow_field(p_size_field, size);
|      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|cc1: all warnings being treated as errors

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
(cherry picked from commit d69becd3071d560cd1c9ea655cbba26adce91f61)

17 months agoapm821xx: switch over from DTB_SIZE to DEVICE_DTC_FLAGS
Christian Lamparter [Thu, 8 Jun 2023 16:12:05 +0000 (18:12 +0200)]
apm821xx: switch over from DTB_SIZE to DEVICE_DTC_FLAGS

DEVICE_DTC_FLAGS is more flexible and can be used in
place of APM821xx own DTB_SIZE.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit a5fc132aa3e43c8cc3a3beac3479b003e1a8f16a)

17 months agobmips: add support for Netgear DGND3700 v1, DGND3800B
Daniel González Cabanelas [Sat, 10 Jun 2023 09:54:59 +0000 (11:54 +0200)]
bmips: add support for Netgear DGND3700 v1, DGND3800B

The Netgear DGND3700 v1 and DGND3800B are the same device but with
different factory firmwares. It's an xDSL wifi router with a slim black
shiny casing and 4 PCB internal antennas connected via UFL to a miniPCI
detachable card.

Hardware:
 - SoC: Broadcom BCM6368
 - CPU: dual core BMIPS4350 V3.1 @400Mhz
 - RAM: 128 MB DDR
 - NOR Flash: 32 MB parallel (CFE and OS)
 - NAND flash: 128 MB (empty)
 - Ethernet LAN: 5x 1Gbit
 - Wifi 2.4 GHz: Broadcom BCM43222 802.11bgn
 - Wifi 5 GHz: Broadcom BCM43222 802.11abgn
 - USB: 2x 2.0
 - Buttons: 3x, 1 reset
 - LEDs: 11x
 - UART: yes

Installation via OEM web UI:
  1. Open the Netgear administration web interface, by default:
        http://192.168.0.1
user: admin
        password: password
  2. Look for "upgrade firmware" and proceed
  3. Wait some minutes until it finishes

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
17 months agobmips: add support for Observa VH4032N
Daniel González Cabanelas [Thu, 8 Jun 2023 22:09:33 +0000 (00:09 +0200)]
bmips: add support for Observa VH4032N

The Observa VH4032N is an xDSL wifi router with a vertical white casing
and two internal antennas connected via UFL.

Hardware:
 - SoC: Broadcom BCM6368
 - CPU: dual core BMIPS4350 V3.1 @400MHz
 - RAM: 128 MB DDR
 - Flash: 32 MB parallel NOR
 - Ethernet LAN: 4x 100Mbit
 - Wifi 2.4/5 GHz: onboard Broadcom BCM43222 802.11abgn
 - USB: 3x 2.0
 - Buttons: 2x, 1 reset
 - LEDs: 8x, blue and red
 - UART: 1x

Installation via OEM web UI:
  1. Use the admin credentials to login via web UI
  2. Go to Managament->Update firmware and select the OpenWrt CFE firmware
  3. Press "Update Firmware" button and wait some minutes until it finish

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
17 months agobmips: bump LZMA Loader address
Álvaro Fernández Rojas [Fri, 9 Jun 2023 17:48:42 +0000 (19:48 +0200)]
bmips: bump LZMA Loader address

This allows booting bigger ramdisk images via TFTP at the cost of breaking 32M
RAM compatibility, but those devices have been unable to boot ramdisks on this
target for some time anyway due to not having enough RAM.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
17 months agomediatek: use DEVICE_DTC_FLAGS and drop DTC_FLAGS where not needed
Daniel Golle [Tue, 6 Jun 2023 12:05:50 +0000 (13:05 +0100)]
mediatek: use DEVICE_DTC_FLAGS and drop DTC_FLAGS where not needed

The MT7986 RFB was intended to use device tree overlays and for that
reason modified DTC_FLAGS. zyxel_ex5601-t0-stock later on probably
copied it from there. Both boards do not actually use device tree
overlays, so remove setting DTC_FLAGS from both.

The BPi-R3 does use device tree overlays, use DEVICE_DTC_FLAGS to give
it an extra 4kb of padding for overlays to be applied.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 98e6ea32a400b10b425e0efdf5a8109a0dfd48fe)

17 months agomediatek: use DEVICE_DTC_FLAGS for BPi-R64
Daniel Golle [Tue, 6 Jun 2023 12:04:08 +0000 (13:04 +0100)]
mediatek: use DEVICE_DTC_FLAGS for BPi-R64

Make sure there is an extra 4kb of padding to apply device tree overlays
on the BPi-R64.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7b536c4ec9f1a56a92dc5d96b7579cb514341dbf)

17 months agoimage: introduce DEVICE_DTC_FLAGS and DEVICE_DTCO_FLAGS
Daniel Golle [Tue, 6 Jun 2023 12:01:15 +0000 (13:01 +0100)]
image: introduce DEVICE_DTC_FLAGS and DEVICE_DTCO_FLAGS

Handle compiling device tree overlay blobs separate to allow for
overlays being compiled with different parameters, mostly to safe
space.
Allow defining DEVICE_DTC_FLAGS and DEVICE_DTCO_FLAGS as per-device
parameters to be passed to dtc. Previously some boards directly used
DTC_FLAGS in their build recipe which then also affected other boards.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 56f409c4e4df8b365b39a0bf9d2919814cc556a4)

17 months agomediatek: set new compat version if booted on R64 and R3
Daniel Golle [Tue, 6 Jun 2023 00:14:27 +0000 (01:14 +0100)]
mediatek: set new compat version if booted on R64 and R3

If the board comes up with OpenWrt that means that the bootloader is
recent enough and knows about the new device tree overlays.

Using /etc/board.d/ is not enough in this case because it doesn't
overwrite existing configuration which may exist (and is fine to exist)
if the user updated with 'sysupgrade -F *.itb' and has kept
configuration. They would still need to manually set compat_version
even though the fact that the bootloader env has been updated can be
implied by the fact that the system has started.

Hence we can always set compat_version=1.1 for those two boards using
uci-defaults.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 25e27c4af3f1de872aadbaada434437cba3b0a75)

17 months agomediatek: sync MT7986 device trees with upstream
Daniel Golle [Sun, 4 Jun 2023 14:56:15 +0000 (15:56 +0100)]
mediatek: sync MT7986 device trees with upstream

Sync device tree files for MT7986 boards with what landed in upstream
Linux tree to easy maintainance and also allow for a smooth update to
Linux 6.1.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7a0ec001ff79b12beefb8f3773820bfedebbb340)

17 months agomediatek: use updated device tree overlay mechanism for BPi-R64
Daniel Golle [Sun, 4 Jun 2023 18:55:11 +0000 (19:55 +0100)]
mediatek: use updated device tree overlay mechanism for BPi-R64

Use new device tree overlay mechanism for the BananaPi BPi-R64 board.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 34bb33094a5e49c727b76b20394d252f3e2ba70d)

17 months agouboot-mediatek: adapt BPi-R3 and BPi-R64 to new device tree overlay
Daniel Golle [Sun, 4 Jun 2023 17:55:17 +0000 (18:55 +0100)]
uboot-mediatek: adapt BPi-R3 and BPi-R64 to new device tree overlay

Update bootloader environment for BPi-R3 and BPi-R64 to adapt to new
device tree overlay mechanism now that support for multiple device
tree overlays has been added.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ec50d2d366fecb6f4bac2ae9d5cfa4aba9cf7bbc)

17 months agogeneric: use only first element in bootconf for uImage.FIT
Daniel Golle [Sun, 4 Jun 2023 17:21:29 +0000 (18:21 +0100)]
generic: use only first element in bootconf for uImage.FIT

Now that it is possible to load several device tree overlays by
appending their config names to bootconf the uImage.FIT partition
parser need to discard everything after the first '#' character in
bootconf when looking up the config node to be used.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 07bca1adaa0de71d0aefcf83bff2e1d90616cd3d)

17 months agoimage: improve uImage.FIT device tree overlay support
Daniel Golle [Sun, 4 Jun 2023 14:57:25 +0000 (15:57 +0100)]
image: improve uImage.FIT device tree overlay support

Instead of generating full config nodes incl. kernel, generate minimal
config nodes for device tree overlays to be applied to the main config.
In this way, multiple device tree overlays can be applied more easily.
While at it change filenames to upstream style, ie. use dtso and dtbo
suffix for device tree overlays.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6b01d40bfedb42323a1324e1b5624f192a4c91de)

17 months agomediatek: convert mt7986a-zyxel-ex5601-t0-stock.dts to UNIX
Daniel Golle [Sun, 4 Jun 2023 15:05:29 +0000 (16:05 +0100)]
mediatek: convert mt7986a-zyxel-ex5601-t0-stock.dts to UNIX

The device tree file was in DOS format (CR-LF). Convert it to UNIX style.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d28534545edfa29e9529f9c9cd5960889a9d4018)

17 months agomediatek: use existing I2C clock names
Daniel Golle [Thu, 1 Jun 2023 09:32:19 +0000 (10:32 +0100)]
mediatek: use existing I2C clock names

PCK and MCK should really be P=PMIC and M=MEM, which means that they
should effectively be CLK_PMIC and CLK_ARB.

Suggested-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0580747adab2094862c18b5e762c908dd3b43236)

17 months agomediatek: use cpufreq fix suggested by MediaTek
Daniel Golle [Fri, 26 May 2023 12:31:26 +0000 (13:31 +0100)]
mediatek: use cpufreq fix suggested by MediaTek

Use suggested fix for mediatek-cpufreq, patch will also be sent
upstream.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7e93f520d6b12bc04391f987b63c633d3b113e26)

17 months agoopenssl: update to 3.0.9
Ivan Pavlov [Sun, 4 Jun 2023 19:34:39 +0000 (22:34 +0300)]
openssl: update to 3.0.9

CVE-2023-2650 fix
Remove upstreamed patches

Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
 * Mitigate for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
 * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms (CVE-2023-1255)
 * Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
 * Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
 * Limited the number of nodes created in a policy tree (CVE-2023-0464)

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 6348850f10545aac70db94d3a9555a4f2eb84281)

17 months agovalgrind: update to 3.21.0
Hauke Mehrtens [Wed, 31 May 2023 20:51:12 +0000 (22:51 +0200)]
valgrind: update to 3.21.0

Release Notes:
https://valgrind.org/docs/manual/dist.news.html

This improves support for the memory allocator used in musl libc 1.2.2
and later which is currently used by OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d85013460d47b538389b08506fda49e96a1968b5)

17 months agokselftests-bpf: add kernel BPF tests
Tony Ambardar [Mon, 17 May 2021 18:57:40 +0000 (11:57 -0700)]
kselftests-bpf: add kernel BPF tests

Build and package kernel self-tests used for BPF testing, program and JIT
development. This package, together with the existing 'kmod-bpf-test', was
extensively used for past upstream Linux JIT submissions [1].

Currently this includes only 'test_verifier'; building 'test_progs' will
fail due to known endian limitations with bpftool skeletons.

[1]:https://lore.kernel.org/bpf/cover.1633392335.git.Tony.Ambardar@gmail.com

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 3886ea9b87c416c080078603fedea95bcc144442)

17 months agokernel: backport libcap workaround for BPF selftests
Tony Ambardar [Tue, 29 Nov 2022 04:43:19 +0000 (20:43 -0800)]
kernel: backport libcap workaround for BPF selftests

Recent libcap versions (>= 2.60) cause problems with BPF kselftests, so
backport an upstream patch that replaces libcap and drops the dependency.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 04981c716acab6b7a81f672f217e5c47ee42a0b6)

17 months agobase-files: enable BPF JIT kallsyms by default
Tony Ambardar [Fri, 26 May 2023 08:41:18 +0000 (01:41 -0700)]
base-files: enable BPF JIT kallsyms by default

Set net.core.bpf_jit_kallsyms=1 in /etc/sysctl.d/10-default.conf.

For privileged users, this exports addresses of JIT-compiled programs to
appear in /proc/kallsyms when present, allowing their use for debugging
and in traces.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit b3aaede2a7b14f2be850db8ae0c826e2782a60e8)

17 months agorockchip: add Orange Pi R1 Plus LTS support
Tianling Shen [Tue, 30 May 2023 04:59:07 +0000 (12:59 +0800)]
rockchip: add Orange Pi R1 Plus LTS support

The OrangePi R1 Plus LTS is a minor variant of OrangePi R1 Plus with
the on-board NIC chip changed from rtl8211e to yt8531c, and otherwise
identical to OrangePi R1 Plus.

Tested-by: Volkan Yetik <no3iverson@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 32d5921b8b5508a99680ecf1626667517c2cbdb8)
[Removed patches for kernel 6.1]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
17 months agouboot-rockchip: add Orange Pi R1 Plus LTS support
Tianling Shen [Tue, 30 May 2023 04:59:07 +0000 (12:59 +0800)]
uboot-rockchip: add Orange Pi R1 Plus LTS support

Add support for the Xunlong Orange Pi R1 Plus LTS.
Manually generated of-platdata files to avoid swig dependency.

Tested-by: Volkan Yetik <no3iverson@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 37fed89166e6e21c20ef92b36106f7184a0476c6)

17 months agorockchip: add Orange Pi R1 Plus support
Tianling Shen [Tue, 30 May 2023 04:59:07 +0000 (12:59 +0800)]
rockchip: add Orange Pi R1 Plus support

Orange Pi R1 Plus is a Rockchip RK3328 based SBC by Xunlong.

This device is similar to the NanoPi R2S, and has a 16MB
SPI NOR (mx25l12805d). The reset button is changed to
directly reset the power supply, another detail is that
both network ports have independent MAC addresses.

Note: booting from SPI is currently unsupported, you have to install
the image on a SD card.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ab641efe698f4412319fcbcfe6ffde64c929cd97)
[Removed patches for kernel 6.1]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
17 months agouboot-rockchip: add Orange Pi R1 Plus support
Tianling Shen [Tue, 30 May 2023 04:59:07 +0000 (12:59 +0800)]
uboot-rockchip: add Orange Pi R1 Plus support

Add support for the Xunlong Orange Pi R1 Plus.
Manually generated of-platdata files to avoid swig dependency.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 043f8a4f5ecf00e8a62b5a5d48baba48e620ea6a)

17 months agogeneric: drop useless binfmt patch fixing compilation warning
Christian Marangi [Thu, 8 Jun 2023 01:23:53 +0000 (03:23 +0200)]
generic: drop useless binfmt patch fixing compilation warning

The compilation warning was triggered by wrongly set FRAME_WARN to 1024
even for 64bit. This was recently fix by correctly setting the
FRAME_WARN to 2048 for 64bit systems.

The compilation warning would still be triggered on 32bit system but the
actual code is never reached as ARCH_USE_GNU_PROPERTY is only set on
arm64 arch.

Drop the patch as kmalloc cause perf regression as suggested by upstream
maintainers.

Fixes: fa79baf4a6e2 ("generic: copy backport, hack, pending patch and config from 5.15 to 6.1")
Fixes: 5913ea1ba2fa ("generic: 5.15: add pending patch fixing binfmt compilation warning")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 62338f41625074640a4de9e26e5e67b010fe0ebe)

17 months agooxnas: Enable CONFIG_CRYPTO_LZ4
Jitao Lu [Sun, 4 Jun 2023 05:54:01 +0000 (13:54 +0800)]
oxnas: Enable CONFIG_CRYPTO_LZ4

Previously, CONFIG_LZ4_DECOMPRESS=y was selected by CONFIG_RD_LZ4 only.

When building kernel for initramfs, CONFIG_RD_LZ4 will be unset by
Kernel/SetInitramfs if the chosen compression method is not lz4, then
CONFIG_LZ4_DECOMPRESS will become a *module* in the newly generated
kernel config.

However, the newly added module won't be built after
38c150612cc9be488527e342db92d5c74093213f, so packaging kmod-lib-lz4
fails due to missing lz4_decompress.ko.

CONFIG_CRYPTO_LZ4=y makes CONFIG_LZ4_DECOMPRESS=y being selected w/o
CONFIG_RD_LZ4, so that the modules of the default kernel and initramfs
kernel are consistent.

Fixes: #12766
Fixes: 38c150612cc ("build: revert 54070a1 (all kernels are >= 5.10)")
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
(cherry picked from commit cc87f6629b8a120420075cd984a4e6ece6c669df)

17 months agoramips: enable LED button for TP-Link EC330-G5u v1
Mikhail Zhilkin [Sat, 3 Jun 2023 08:37:54 +0000 (08:37 +0000)]
ramips: enable LED button for TP-Link EC330-G5u v1

The device already has LED push button (KEY_LIGHTS_TOGGLE)
and exported GPIO control "led-light". This commit adds
button handler script for switching on/off all device LEDs.

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit d955b41275eaf93b7600f8eb7d706f40302f26c2)

17 months agoopenssl: fix uci config for built-in engines
Tianling Shen [Thu, 1 Jun 2023 07:22:26 +0000 (15:22 +0800)]
openssl: fix uci config for built-in engines

Built-in engine configs are added in libopenssl-conf/install stage
already, postinst/add_engine_config is just duplicating them, and
due to the lack of `config` header it results a broken uci config:

> uci: Parse error (invalid command) at line 3, byte 0

```
config engine 'devcrypto'
        option enabled '1'
engine 'devcrypto'
        option enabled '1'
        option builtin '1'
```

Add `builtin` option in libopenssl-conf/install stage and remove
duplicate engine configuration in postinst/add_engine_config to
fix this issue.

Fixes: 0b70d55a64c39d ("openssl: make UCI config aware of built-in engines")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a0d71934253f599f4ac651b1b3a429901049e802)

17 months agonetfilter: fix typo in kmod-nft-dup-inet
Kevin Darbyshire-Bryant [Mon, 29 May 2023 17:17:38 +0000 (18:17 +0100)]
netfilter: fix typo in kmod-nft-dup-inet

Fix typo of 'family' in a7e9445975

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 191742eb8ddc4353eedf71a327fb17a11c5a3a99)

17 months agox86/64: Enable IOMMU_V2 support for later CPUs
Philip Prindeville [Wed, 17 May 2023 23:12:18 +0000 (17:12 -0600)]
x86/64: Enable IOMMU_V2 support for later CPUs

Support newer IOMMU_V2 on AMD platforms, useful for DPDK and KVM.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 1eb02ce3254ef6f115640df8ac470574d6903588)

17 months agokernel: Backport mvneta crash fix to 5.15
Marek Behún [Wed, 12 Apr 2023 11:01:25 +0000 (13:01 +0200)]
kernel: Backport mvneta crash fix to 5.15

Backport Russell King's series [1]
  net: mvneta: reduce size of TSO header allocation
to pending-5.15 to fix random crashes on Turris Omnia.

This also backports two patches that are dependencies to this series:
  net: mvneta: Delete unused variable
  net: mvneta: fix potential double-frees in mvneta_txq_sw_deinit()

[1] https://lore.kernel.org/netdev/ZCsbJ4nG+So%2Fn9qY@shell.armlinux.org.uk/

Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (squashed)
(cherry picked from commit 7b31c2e9ed4da7bfeecbd393c17c249eca870717)

17 months agoapm821xx: mx60: drop nand-is-boot-medium
Christian Lamparter [Mon, 29 May 2023 22:54:16 +0000 (00:54 +0200)]
apm821xx: mx60: drop nand-is-boot-medium

it was reported that this flag caused the mx60
not to boot anymore.

Fixes: f095822699cc ("apm821xx: convert legacy nand partition layou")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
17 months agoipq40xx: convert Buffalo WTR-M2133HP to DSA
Yanase Yuki [Wed, 31 May 2023 07:41:59 +0000 (16:41 +0900)]
ipq40xx: convert Buffalo WTR-M2133HP to DSA

This commit convert WTR-M2133HP to DSA setup.

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit edb3a4162c0763ecc9d5e7660700a68a25bf28e3)

17 months agoipq806x: use new package name for NEC WG2600HP3
Yanase Yuki [Wed, 31 May 2023 07:28:31 +0000 (16:28 +0900)]
ipq806x: use new package name for NEC WG2600HP3

commit 0c45ad41e15e2255 changes ipq806x usb kmod name
from usb-phy-qcom-dwc3 to phy-qcom-ipq806x-usb, so
use new name.

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit 93147443502e61d0a824406bef13b0b9fe250f71)

17 months agoubnt-ledbar: depend on mediatek and ramips subtargets
Tomasz Maciej Nowak [Thu, 27 Apr 2023 14:34:49 +0000 (16:34 +0200)]
ubnt-ledbar: depend on mediatek and ramips subtargets

It's only used on devices in mt7621 and mt7622 subtargets, so no reason
to compile it for others.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit e81298463ed45cd03d45837c12f4c0a4b85f6cd4)

17 months agoramips: tplink,mr600v2: fix image generation for sysupgrade image
Andreas Böhler [Sun, 2 Apr 2023 08:40:47 +0000 (10:40 +0200)]
ramips: tplink,mr600v2: fix image generation for sysupgrade image

The MR600v2 does not find its rootfs if it is neither directly after the
kernel or aligned to an erase block boundary (64k).

This aligns the rootfs to 0x10000 allowing the device to boot again. Based
on investigation by forum user relghuar.

Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 46b51e9e992884c81f4838440cd2967e67db3a79)

17 months agonetifd: update to the latest version
Felix Fietkau [Sun, 4 Jun 2023 16:37:21 +0000 (18:37 +0200)]
netifd: update to the latest version

ec9dba721245 system-linux: fix memory leak in system_bridge_vlan_check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 20ce21866e482c132df7085061f28dfdafc8a48a)

17 months agonetifd: Fix PKG_MIRROR_HASH
Hauke Mehrtens [Sat, 3 Jun 2023 12:37:37 +0000 (14:37 +0200)]
netifd: Fix PKG_MIRROR_HASH

Fix the PKG_MIRROR_HASH value for netifd.

Fixes: d2ecaaca3404 ("netifd: update to version 2023-05-31")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 21f713d5abf86fc5639b41d7f4e7535a5538d63a)

17 months agonetifd: update to version 2023-05-31
Petr Štetiar [Wed, 29 Mar 2023 08:57:17 +0000 (10:57 +0200)]
netifd: update to version 2023-05-31

Contains following changes:

 * bridge: bridge_dump_info: add dumping of bridge attributes
 * bridge: make it more clear why the config was applied
 * cmake: fix build by reordering the cflags definitions
 * treewide: fix multiple compiler warnings

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d2ecaaca3404a05ba65bb6756bc5fbd05389ed2f)

17 months agoramips: fix lzma-loader for ASIARF boards
Daniel Danzberger [Fri, 2 Jun 2023 17:36:28 +0000 (19:36 +0200)]
ramips: fix lzma-loader for ASIARF boards

This fixes a well known "LZMA ERROR 1" error, reported previously on
numerous of similar devices.

Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
(cherry picked from commit 29a5cb7a8b105ca6534bba63edcec48ae935c078)

17 months agosdk: Expose CCACHE_DIR option
Jeffery To [Mon, 5 Jun 2023 04:57:51 +0000 (12:57 +0800)]
sdk: Expose CCACHE_DIR option

As the CCACHE option is already exposed, it would be helpful to also
make the ccache directory easily customizable.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 897691fdce27868aa4c0c68de8b67e8af6f209e1)

17 months agobuild: export GIT_CEILING_DIRECTORIES for package builds
Jeffery To [Wed, 31 May 2023 13:58:34 +0000 (21:58 +0800)]
build: export GIT_CEILING_DIRECTORIES for package builds

A package may run git as part of its build process, and if the package
source code is not from a git checkout, then git may traverse up the
directory tree to find buildroot's repository directory (.git).

For instance, Poetry Core, a Python build backend, will read the
contents of .gitignore for paths to exclude when creating a Python
package. If it finds buildroot's .gitignore file, then Poetry Core will
exclude all of the package's files[1].

This exports GIT_CEILING_DIRECTORIES for both package and host builds so
that git will not traverse beyond $(BUILD_DIR)/$(BUILD_DIR_HOST).

[1]: https://github.com/python-poetry/poetry/issues/5547

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit f597f34f3afa7bba8a2606490617688f1cea5a44)

17 months agoOpenWrt v23.05.0-rc1: revert to branch defaults
Hauke Mehrtens [Tue, 6 Jun 2023 23:06:59 +0000 (01:06 +0200)]
OpenWrt v23.05.0-rc1: revert to branch defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
17 months agoOpenWrt v23.05.0-rc1: adjust config defaults v23.05.0-rc1
Hauke Mehrtens [Tue, 6 Jun 2023 23:06:48 +0000 (01:06 +0200)]
OpenWrt v23.05.0-rc1: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
17 months agokernel: bump 5.15 to 5.15.114
John Audia [Tue, 30 May 2023 16:17:13 +0000 (12:17 -0400)]
kernel: bump 5.15 to 5.15.114

All patches automatically rebased.

Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 223004b4d6e5d17c0ae99e15d0f4c591676b4f44)

17 months agokernel: Set CONFIG_FRAME_WARN depending on target
Hauke Mehrtens [Tue, 30 May 2023 18:21:43 +0000 (20:21 +0200)]
kernel: Set CONFIG_FRAME_WARN depending on target

This set the CONFIG_FRAME_WARN option depending on some target settings.
It will use the default from the upstream kernel and not the hard coded
value of 1024 now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 16a20512d852f6ecebf8c57cd7fa2572a06a9d0b)

18 months agoipq40xx: e2600ac-c1 remove KERNEL_SIZE
张 鹏 [Fri, 24 Feb 2023 00:58:28 +0000 (08:58 +0800)]
ipq40xx: e2600ac-c1 remove KERNEL_SIZE

Currently, e2600ac-c1 cannot be built as the kernel is larger than the defined KERNEL_SIZE,
however, there is no bootloader limit for the kernel size so remove KERNEL_SIZE completely.

Signed-off-by: 张 鹏 <sd20@qxwlan.com>
[ improve commit title, fix merge conflict ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b764268acb7ed410d1d81e783f1b0ce407efda82)

18 months agoipq40xx: add e2600ac c2 to dsa
张 鹏 [Wed, 22 Feb 2023 12:55:44 +0000 (20:55 +0800)]
ipq40xx: add e2600ac c2 to dsa

Convert E2600ac c2 to DSA and enable it.

Signed-off-by: 张 鹏 <sd20@qxwlan.com>
[ rename port to more generic name ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0dca52cf595cedcabec5d384ddc83f1954cca46d)

18 months agoipq40xx: add e2600ac c1 to dsa
张 鹏 [Wed, 22 Feb 2023 12:46:28 +0000 (20:46 +0800)]
ipq40xx: add e2600ac c1 to dsa

Convert E2600ac c1 to DSA and enable it.

Signed-off-by: 张 鹏 <sd20@qxwlan.com>
[ rename port to more generic name ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 7f2ecab0f4623e9b437b1a6656275695ac063fe4)

18 months agoairoha: spi-en7523: Fix compile warning
Hauke Mehrtens [Sat, 20 May 2023 11:56:00 +0000 (13:56 +0200)]
airoha: spi-en7523: Fix compile warning

The set_spi_clock_speed() function is not used, this causes a compile
warning which results in a build error with -WError.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2d5f3b3c4ce4c6221299f2362b3029783048f649)

18 months agoselinux-policy: update to 1.2.5
Linhui Liu [Sat, 27 May 2023 05:13:25 +0000 (13:13 +0800)]
selinux-policy: update to 1.2.5

30d503a uci jsonfilter: pipe and leak
e13cb64 rpcd leds
144781f jsonfilter, luci, ubus
1210762 rpcd and all agents get fd's leaked
ab9227c rpcd
2f99e0e luci rpcd
b43aaf3 rpcd (enable/disable services) luci peeraddr
f20f03e rpcd
7bc74f6 rpcd reads all subj state and luci-bwc leaks
9634b17 adds inotify perms to anon_inode
3d3c17c adds bare anon_inode (linux 5.15)
7104b20 dnsmasq and luci
0de2c66 luci,rpcd, ucode, wpad
14f5cf9 luci and ucode
e3ce84c rpcd, ucode and cgiio loose ends
96a2401 misc updates
9fe0490 initscript: remove redundant rules
71bd77e allow all init scripts to log to logd
f697331 sandbox: make ttydev handling more robust
a471877 simplify pty tty console access
f738984 sandbox: also remove TIOSCTI from all ttydevs

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
(cherry picked from commit 4c5a9da8699a7982b8f03b28561f955d9d1313f1)

18 months agoca-certificates: Update to version 20230311
Tianling Shen [Fri, 26 May 2023 04:09:47 +0000 (12:09 +0800)]
ca-certificates: Update to version 20230311

Update the ca-certificates and ca-bundle package from version 20211016 to
version 20230311.

Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches.

Debian change-log entry [1]:
|[...]
|[ Đoàn Trần Công Danh ]
|* ca-certificates: compat with non-GNU mktemp (closes: #1000847)
|
|[ Ilya Lipnitskiy ]
|* certdata2pem.py: use UTC time when checking cert validity
|
|[ Julien Cristau ]
|* Update Mozilla certificate authority bundle to version 2.60
|   The following certificate authorities were added (+):
|   + "Autoridad de Certificacion Firmaprofesional CIF A62634068"
|   + "Certainly Root E1"
|   + "Certainly Root R1"
|   + "D-TRUST BR Root CA 1 2020"
|   + "D-TRUST EV Root CA 1 2020"
|   + "DigiCert TLS ECC P384 Root G5"
|   + "DigiCert TLS RSA4096 Root G5"
|   + "E-Tugra Global Root CA ECC v3"
|   + "E-Tugra Global Root CA RSA v3"
|   + "HARICA TLS ECC Root CA 2021"
|   + "HARICA TLS RSA Root CA 2021"
|   + "HiPKI Root CA - G1"
|   + "ISRG Root X2"
|   + "Security Communication ECC RootCA1"
|   + "Security Communication RootCA3"
|   + "Telia Root CA v2"
|   + "TunTrust Root CA"
|   + "vTrus ECC Root CA"
|   + "vTrus Root CA"
|  The following certificate authorities were removed (-):
|  - "Cybertrust Global Root" (expired)
|  - "EC-ACC"
|  - "GlobalSign Root CA - R2" (expired)
|  - "Hellenic Academic and Research Institutions RootCA 2011"
|  - "Network Solutions Certificate Authority"
|  - "Staat der Nederlanden EV Root CA" (expired)
|* Drop trailing space from debconf template causing misformatting
|  (closes: #980821)
|
|[ Wataru Ashihara ]
|* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244)
|[...]

[1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7c83b6ac8656f9a3b005554d25857e8ed5faf3f6)

18 months agopcre2: fix host compilation of libselinux by enabling PIC
Petr Štetiar [Fri, 26 May 2023 11:08:06 +0000 (13:08 +0200)]
pcre2: fix host compilation of libselinux by enabling PIC

libselinux-3.5 fails to compile in Fedora 38 container due to the
following:

 cc -O2 -I/openwrt/staging_dir/host/include -I/openwrt/staging_dir/hostpkg/include -I/openwrt/staging_dir/target-x86_64_musl/host/include -I../include -D_GNU_SOURCE -DNO_ANDROID_BACKEND -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -I/openwrt/staging_dir/hostpkg/include -L/openwrt/staging_dir/host/lib -L/openwrt/staging_dir/hostpkg/lib -L/openwrt/staging_dir/target-x86_64_musl/host/lib -Wl,-rpath=/openwrt/staging_dir/hostpkg/lib -shared -o libselinux.so.1 avc.lo avc_internal.lo avc_sidtab.lo booleans.lo callbacks.lo canonicalize_context.lo checkAccess.lo check_context.lo checkreqprot.lo compute_av.lo compute_create.lo compute_member.lo compute_relabel.lo compute_user.lo context.lo deny_unknown.lo disable.lo enabled.lo fgetfilecon.lo freecon.lo freeconary.lo fsetfilecon.lo get_context_list.lo get_default_type.lo get_initial_context.lo getenforce.lo getfilecon.lo getpeercon.lo init.lo is_customizable_type.lo label.lo label_db.lo label_file.lo label_media.lo label_support.lo label_x.lo lgetfilecon.lo load_policy.lo lsetfilecon.lo mapping.lo matchmediacon.lo matchpathcon.lo policyvers.lo procattr.lo query_user_context.lo regex.lo reject_unknown.lo selinux_check_securetty_context.lo selinux_config.lo selinux_internal.lo selinux_restorecon.lo sestatus.lo setenforce.lo setexecfilecon.lo setfilecon.lo setrans_client.lo seusers.lo sha1.lo stringrep.lo validatetrans.lo -L/openwrt/staging_dir/hostpkg/lib -lpcre2-8 -lfts -ldl -Wl,-soname,libselinux.so.1,--version-script=libselinux.map,-z,defs,-z,relro
 /usr/bin/ld: /openwrt/staging_dir/hostpkg/lib/libpcre2-8.a(pcre2_compile.c.o): relocation R_X86_64_32S against symbol `_pcre2_ucd_stage1_8' can not be used when making a shared object; recompile with -fPIC
 /usr/bin/ld: failed to set dynamic section sizes: bad value

So lets fix it by enabling build of host static library with the
position independent code option enabled.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 12494f5b8a7bb48cbf7b2fba7d17a53981173120)

18 months agonetfilter: add kmod-nft-dup-inet
Michał Kwiatek [Thu, 18 May 2023 19:40:24 +0000 (21:40 +0200)]
netfilter: add kmod-nft-dup-inet

Add kmod-nft-dup-inet package to allow packet duplication in ip/ip6/inet nftables family

Signed-off-by: Michał Kwiatek <michal@kwiatek.it>
(cherry picked from commit a7e9445975f832db887e6044d7e84220d2a68cf1)

18 months agoRevert "feeds: use git-src-full to allow Git versioning"
Petr Štetiar [Sat, 27 May 2023 08:31:58 +0000 (10:31 +0200)]
Revert "feeds: use git-src-full to allow Git versioning"

This partially reverts commit 7fae1e5677e9bb4979c8d4ac99be4de6955b13d0
as it should be no longer necessary to do a full clone since commit
48ed07bc0b94 ("treewide: replace AUTORELEASE with real PKG_RELEASE").

Suggested-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 11bb5337b8d8b5018e48f0df415efb99e2f49d0d)
[adjusted to 23.05]
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
18 months agox86: disable CONFIG_X86_PLATFORM_DRIVERS_HP
John Audia [Thu, 25 May 2023 07:29:58 +0000 (03:29 -0400)]
x86: disable CONFIG_X86_PLATFORM_DRIVERS_HP

New config option defaulted to N for this bump.

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 3664c57e34454ce50ac7ab6de9e3983a86cde052)

18 months agoramips: correct page read return value of the mt7621 nand driver
Shiji Yang [Sun, 21 May 2023 14:51:16 +0000 (22:51 +0800)]
ramips: correct page read return value of the mt7621 nand driver

read_page() need to return maximum number of bitflips instead of the
accumulated number. Change takes from upstream mt7621 u-boot [1].

 * @read_page:  function to read a page according to the ECC generator
 *              requirements; returns maximum number of bitflips
 *              corrected in any single ECC step, -EIO hw error

[1] https://lore.kernel.org/all/cover.1653015383.git.weijie.gao@mediatek.com/

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 2fbb91d73ffecc7d033e5bb0b550d664ef9e0f91)

18 months agobase-files: x86 fix 01_leds Syntax error
Stan Grishin [Sun, 28 May 2023 04:48:26 +0000 (04:48 +0000)]
base-files: x86 fix 01_leds Syntax error

Cezary Jackiewicz reported:
| Syntax error in line /etc/board.d/01_leds#L22 - missing "\"

Fixes: c191c2d46f00 ("x86: base-files add support for Sophos 135r3/135r3w")
Reported-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(buffed up commit message)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 4b8b2f4f978d6df586dd7ce4dcc3e1286b93bd48)

18 months agolayerscape: kernel: enable MC userspace support
Pawel Dembicki [Fri, 28 Apr 2023 07:24:24 +0000 (09:24 +0200)]
layerscape: kernel: enable MC userspace support

Management Complex (MC) userspace support is required for userspace
helpers working with DPAA2 objects exported by the Management Complex BUS.

Without it, there is the error:

```
root@OpenWrt:/# ls-addni dpmac.1
error: Did not find a device file
Restool wrapper scripts only support the latest major MC version
that currently is MC10.x. Use with caution.
error: Did not find a device file
```

This patch fixes it.

Suggested-by: Alexandra Alth <alexandra@alth.de>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit d04d6a82da70f6b691409972ffd4503f339105b7)

18 months agopackage: layerscape: change loadaddr address
Pawel Dembicki [Tue, 18 Apr 2023 09:37:04 +0000 (11:37 +0200)]
package: layerscape: change loadaddr address

At this moment loadaddr in most layerscape boards are configured to
0x81000000. 5.15 kernel on some boards is bigger than 5.10 and it cause error:

Loading kernel from FIT Image at 81000000 ...

Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: ARM64 OpenWrt Linux-5.15.112
Created: 2023-05-21 17:39:35 UTC
Type: Kernel Image
Compression: gzip compressed
Data Start: 0x810000ec
Data Size: 7513944 Bytes = 7.2 MiB
Architecture: AArch64
OS: Linux
Load Address: 0x80000000
Entry Point: 0x80000000
Hash algo: crc32
Hash value: 6fd69550
Hash algo: sha1
Hash value: ee34c753ffb615e199a428762824ad4a0aaef90a
Verifying Hash Integrity ... crc32+ sha1+ OK
Loading fdt from FIT Image at 81000000 ...

Using 'config-1' configuration
Trying 'fdt-1' fdt subimage
Description: ARM64 OpenWrt fsl_ls1088a-rdb-sdboot device tree blob
Created: 2023-05-21 17:39:35 UTC
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x8172a98c
Data Size: 19794 Bytes = 19.3 KiB
Architecture: AArch64
Hash algo: crc32
Hash value: 59792ba3
Hash algo: sha1
Hash value: 135585a49f86cd85acea559b78b0098ae99d5e12
Verifying Hash Integrity ... crc32+ sha1+ OK
Booting using the fdt blob at 0x8172a98c
Uncompressing Kernel Image
ERROR: new format image overwritten - must RESET the board to recover
resetting ...

This patch changes loadaddr to 0x88000000 (like LS1012A-FRDM board) to
avoid overlapping for bigger images (like initramfs) too.

Tested-by: Alexandra Alth <alexandra@alth.de> [LS1088ARDB]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit 0822040671e6177020892e0ddbdfafd4bb3690e0)

18 months agomediatek: sync MT7988 USXGMII with SDK driver
Daniel Golle [Sat, 27 May 2023 20:03:40 +0000 (21:03 +0100)]
mediatek: sync MT7988 USXGMII with SDK driver

The USXGMII driver in SDK was heavily refactored, some bugs have been
fixed and it has switched to use phylink_pcs. Follow up with changes
in SDK driver and sync our on-top-of-mainline driver with the SDK
driver.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ba58245e83714de5f47b4b0fc0369930c3661cab)

18 months agomediatek: follow-up with renamed Build/bl2 and Build/bl31-uboot
Daniel Golle [Sat, 27 May 2023 20:49:55 +0000 (21:49 +0100)]
mediatek: follow-up with renamed Build/bl2 and Build/bl31-uboot

Use renamed build step names for all boards which were not handled by
commit c620409d58 ("mediatek: filogic: add uboot build for mt7981")
and now breaking the build.

Fixes: c620409d58 ("mediatek: filogic: add uboot build for mt7981")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 037ce27244b52fe4c0e2bd15f4a16973c64df93f)

18 months agomediatek: filogic: add Qihoo 360T7 support
Chukun Pan [Sat, 29 Apr 2023 15:08:26 +0000 (23:08 +0800)]
mediatek: filogic: add Qihoo 360T7 support

Hardware specification:
  SoC: MediaTek MT7981B 2x A53
  Flash: ESMT F50L1G41LB 128MB
  RAM: MT5CC128M16JR-EK 256MB
  Ethernet: 4x 10/100/1000 Mbps
  Switch: MediaTek MT7531AE
  WiFi: MediaTek MT7976C
  Button: Reset, WPS
  Power: DC 12V 1A

Flash instructions:
  1. Attach UART, boot the stock firmware until
     the message about failsafe mode appears.
  2. Enter failsafe mode by pressing "f" and "Enter"
  3. Type "mount_root", then run
     "fw_setenv bootmenu_delay 3"
  4. Back up all mtd partitions before flashing.
  5. Reboot, U-Boot now presents a menu.
  6. Connect to your PC via the Gigabit port of the router,
     set a static ip on the ethernet interface of your PC.
     (ip 192.168.1.254, gateway 192.168.1.1)
  7. Select "Upgrade ATF BL2", then use this file:
     openwrt-mediatek-filogic-qihoo_360t7-preloader.bin
  8. Select "Upgrade ATF FIP", then use this file:
     openwrt-mediatek-filogic-qihoo_360t7-bl31-uboot.fip
  9. Download the initramfs image, and type "reset",
     waiting for tftp recovery to complete.
  a. After openwrt boots up, perform sysupgrade.

Note:
  1. Since NMBM is disabled, we must back up all partitions.
  2. Flash instructions is based on commit 28df7f7.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit dc2d4d73939c3d86a8e9d968c5c3462f92771bc6)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agouboot-mediatek: add Qihoo 360T7 support
Chukun Pan [Fri, 28 Apr 2023 15:36:17 +0000 (23:36 +0800)]
uboot-mediatek: add Qihoo 360T7 support

The vendor uboot will verify firmware at boot.
So add a custom uboot build for this device.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit c51eb177308835f811ae43b17dde0ea962ed1df1)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agoarm-trusted-firmware-mediatek: add build for MT7981 DDR3
Chukun Pan [Wed, 26 Apr 2023 15:28:31 +0000 (23:28 +0800)]
arm-trusted-firmware-mediatek: add build for MT7981 DDR3

Add new build option BOARD_QFN/BOARD_BGA.
This option is only useful for MT7981 device.
MT7981A/B: BOARD_BGA, MT7981C: BOARD_QFN.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 602cb4f3259cb676fcf6fa6c459d598df643653b)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomediatek: filogic: add uboot build for mt7981
Chukun Pan [Tue, 25 Apr 2023 15:06:20 +0000 (23:06 +0800)]
mediatek: filogic: add uboot build for mt7981

Rename previous uboot build to mt7986-*.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit c620409d58a29d49ceccf838e90e030610c06611)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomediatek: mt7981: add reserved memory to support pstore
Alexander Couzens [Sun, 19 Mar 2023 18:00:51 +0000 (19:00 +0100)]
mediatek: mt7981: add reserved memory to support pstore

Add reserved memory for pstore/ramoops to device tree used by Linux
as well as U-Boot.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3eb354f999a3687f9ae547899b0f5ec2b10185ab)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomediatek: cleanly backport and add fix for I2C driver
Daniel Golle [Fri, 26 May 2023 12:49:02 +0000 (13:49 +0100)]
mediatek: cleanly backport and add fix for I2C driver

Pick accepted patches from upstream Linux tree instead of having to
maintain our slightly different downstream patches.
Import pending patch fixing I2C on MT7981 by making sure all clocks
are enabled before accessing I2C registers.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 213b7282760506ffab9151a20347d65ea70ed916)

18 months agoramips: mark patches accepted upstream
Nick Hainke [Tue, 23 May 2023 14:47:42 +0000 (16:47 +0200)]
ramips: mark patches accepted upstream

Add kernel tags to the patches that got accepted upstream.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 2388b119de9279d7adaa525c7ba502fcae1fe187)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomediatek: fix, clean and unify SD card image generation
Daniel Golle [Fri, 26 May 2023 09:26:49 +0000 (10:26 +0100)]
mediatek: fix, clean and unify SD card image generation

Make sure sub-images on the SD card are size-checked, allow
generating SD card without squashfs and/or initramfs.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 43d27b02522c100b0c625d4b22f4bb6ad83c166f)

18 months agokernel: bump 5.15 to 5.15.113
John Audia [Wed, 24 May 2023 19:10:44 +0000 (15:10 -0400)]
kernel: bump 5.15 to 5.15.113

All patches automatically rebased.

Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit c815ecdebd77c3484f2cd0ef21e4c69d274ef33a)

18 months agoCI: use toolchain container for label workflow
Christian Marangi [Sun, 28 May 2023 01:44:01 +0000 (03:44 +0200)]
CI: use toolchain container for label workflow

Use toolchain container for label workflow to skip downloading external
toolchain from openwrt servers.

Fixes: 0fe5776f4a79 ("CI: build: Add support to use container included external toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 66fd0aa6efac3690fdc46c94a4657faacf3070dd)

18 months agoCI: don't add "" in target and subtarget for label workflow
Christian Marangi [Sat, 27 May 2023 17:53:15 +0000 (19:53 +0200)]
CI: don't add "" in target and subtarget for label workflow

Don't add "" in target and subtarget for label workflow from label
detection as it does cause problem in build workflow on container
target/subtarget matching.

Fixes: bf8187d5dc4d ("CI: use split target and subtarget in label workflow")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1fa84354a963eb71eca9e67a1fc7f99a53016a5c)

18 months agoCI: build: fix parse toolchain step failing for git strict rules
Christian Marangi [Thu, 25 May 2023 00:44:21 +0000 (02:44 +0200)]
CI: build: fix parse toolchain step failing for git strict rules

Commit 1cb8cdb ("ci: use new buildbot worker images with Debian 11")
introduced new Git version with strict rules for owner of the git
directory.

To handle this and not cause major change, just move the parsing before
the change of ownership of the openwrt directory permitting the correct
run of git fetch command with the same user that did the repository
checkout.

Fixes: 1cb8cdb ("ci: use new buildbot worker images with Debian 11")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0063e71d66766818fba286efe2a0ed8746c265e5)

18 months agoCI: correctly output subtarget in label workflow
Christian Marangi [Thu, 25 May 2023 21:09:59 +0000 (23:09 +0200)]
CI: correctly output subtarget in label workflow

Commit bf8187d5dc4d ("CI: use split target and subtarget in label
workflow") didn't correctly output subtarget resulting in calling with
an empty subtarget. Fix this and correctly output generated subtarget.

Fixes: bf8187d5dc4d ("CI: use split target and subtarget in label workflow")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 8aa5a860101cc3f8d35ca968746320495c4b469e)

18 months agoCI: use split target and subtarget in label workflow
Christian Marangi [Thu, 25 May 2023 16:24:00 +0000 (18:24 +0200)]
CI: use split target and subtarget in label workflow

With eecc6e48117b ("CI: rework build workflow to have split target and
subtarget directly") target and subtarget are split in 2 different
variables. Label workflow were not aligned to this change and are
currently broken.

Fix them and correctly pass split target and subtarget.

Fixes: eecc6e48117b ("CI: rework build workflow to have split target and subtarget directly")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit bf8187d5dc4d4bbb23770955744bca1787f32ac0)

18 months agogeneric: filter out CONFIG_PAHOLE_HAS_SPLIT_BTF
Robert Marko [Mon, 22 May 2023 21:42:13 +0000 (23:42 +0200)]
generic: filter out CONFIG_PAHOLE_HAS_SPLIT_BTF

CONFIG_PAHOLE_HAS_SPLIT_BTF should be runtime detected as it depends on
pahole being available on the host, so filter it out of configs.

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 3591353f5143fc46e31f921484177a9d6f1089a2)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agobpftools: update, split off bpftool and libbpf packages
Tony Ambardar [Sun, 21 May 2023 09:14:37 +0000 (02:14 -0700)]
bpftools: update, split off bpftool and libbpf packages

My original bpftools package made "variant" builds of bpftool and libbpf
as a convenience, since both used the same local kernel sources with the
same versioning. This is no longer the case, since the commit below
switched to using an out-of-tree build mirror hosting repos for each.

Replace bpftools with separate bpftool and libbpf packages, each simplified
and correctly versioned. Also fix the broken libbpf ABI introduced in the
same commit. Existing build .config files are not impacted.

Fixes: 00cbf6f6ab1d ("bpftools: update to standalone bpftools + libbpf, use the latest version")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit afe1bf11f2539f75e30ab3206891dbe6f8c43bd5)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agoRevert "kernel: add MODULE_ALLOW_BTF_MISMATCH option"
Daniel Golle [Wed, 24 May 2023 08:27:29 +0000 (09:27 +0100)]
Revert "kernel: add MODULE_ALLOW_BTF_MISMATCH option"

This reverts commit c07038da27cefa5a93e433909b9aca594386ddc1.
MODULE_ALLOW_BTF_MISMATCH is not available in Linux 5.15.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomediatek: add basic mt7988 device tree support
Sam Shih [Sun, 19 Feb 2023 02:18:36 +0000 (10:18 +0800)]
mediatek: add basic mt7988 device tree support

This add basic device tree support for mediatek MT7988 SoC

Signed-off-by: Sam Shih <sam.shih@mediatek.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e3a681bab4b2c193704e76b8a6091e57f0fab14e)