This is mostly a bug fix release, including two that were already
patched here:
- 300-fix-SSL_get_verify_result-regression.patch
- 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 73c1fe2890)
This release comes with a security fix related to c_rehash. OpenWrt
does not ship or use it, so it was not affected by the bug.
There is a fix for a possible crash in ERR_load_strings() when
configured with no-err, which OpenWrt does by default.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7a5ddc0d06)
Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.
Fixes: #5066
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 65258f5d60)
The 2.4GHz interface doesn't come up properly with the log showing:
mt7621-pci 1e140000.pcie: pcie1 no card, disable it (RST & CLK)
As seen on other MT7621 boards this is caused by a missing reset GPIO.
The MT7621 dtsi set GPIO 19 as PCIe reset GPIO, which on this board
reset the 5GHz interface on port 0. Add GPIO 8 to the PCIe reset GPIO
list to also reset the 2.4GHz interface on port 1.
Signed-off-by: Alban Bedel <albeu@free.fr>
(cherry picked from commit f953a1a4bf)
This commit is completely based on the work of adron-s:
https://github.com/openwrt/openwrt/pull/4721#issuecomment-1101108651
The commit fixes the data corruption on TX packets. Packets are
transmitted, but their contents are replaced with zeros. This error is
caused by the lack of guard (50 ms) intervals between calibration phases.
This error is treated by adding mdelay(50) to the calibration function
code. In the original qca-ssda code [0], these mdelays were existing, but
in the ar41xx.c they are gone.
Tested on:
- Fritz!Box 4040
- Fritz!Box 7530
- Mikrotik SXTsq 5AC
- ZyXEL NBG6617
- [0] https://git.codelinaro.org/clo/qsdk/oss/lklm/qca-ssdk/-/blob/NHSS.QSDK.11.4/src/init/ssdk_init.c#L2072
Suggested-by: Serhii Serhieiev <adron@mstnt.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit ab7e53e5cc)
[Deleted 5.10 from commit title]
Signed-off-by: Nick Hainke <vincent@systemli.org>
Notify external ubus subscribers of received link-measurement reports.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f6445cfa1a)
Add a ubus method to request link-measurements from connected STAs.
In addition to the STAs address, the used and maximum transmit power can
be provided by the external process for the link-measurement. If they
are not provided, 0 is used as the default value.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 965aa33a18)
Allow external processes to enable advertisement of link-measurement RRM
capability.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2ca5c3da04)
aa0e3c4bbe12 iwinfo: nl80211: add support for printing the device path for a phy
dd6d6d2dec35 iwinfo: nl80211: use new path lookup function for nl80211_phy_idx_from_uci_path
268bb26d2e2a iwinfo: nl80211: support looking up phy by path=.. and macaddr=...
c0414642fead iwinfo: nl80211: fix typo
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from commit 6e8475bbd0)
The NanoPi R4S leaves the SD card in 1.8V signalling when rebooting
while U-Boot requires the card to be in 3.3V mode.
Remove UHS support from the SD controller so the card remains in 3.3V
mode. This reduces transfer speeds but ensures a reboot whether from
userspace or following a kernel panic is always working.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2b583ab8a7)
Drop the -processors argument from the mksquashfs4 call, so it will use
all available processors. This dramatically reduces the time to create
squashfs filesystems.
The times below are observed when building an image for my main router,
the WatchGuard Firebox M300 (qoriq target):
Before:
real 4m45,973s
After:
real 0m23,497s
With this commit `mksquashfs` may use more cores than defined via `-j`.
This is the same behaviour as for archive creation of ImageBuilder, SDK
or toolchain. There is no trivial way to limit `mksquashfs` CPU core
usage to the amount of "free" make jobs since two running `mksquashfs`
instances would each run with the total allowed number (-j) of threads.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[extended reasoning in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit df2ae8826c)
Added support to generate dynamic-sized VHDX images for Hyper-V.
Compile-tested on x86 and run-tested on Windows 10 21H2 (Hyper-V).
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
(cherry picked from commit fd4ad6cae8)
This patch is a revert of the upstream patch to Debian's ca-certificate
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.
|Traceback (most recent call last):
| File "certdata2pem.py", line 125, in <module>
| cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1
...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
| File "/certdata2pem.py", line 31, in <module>
| from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'
More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."
Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 25bc66eb40)
Previously, grub2 was hardcoded to always look on "hd0" for the
kernel.
This works well when the system only had a single disk.
But if there was a second disk/stick present, it may have look
on the wrong drive because of enumeration races.
This patch utilizes grub2 search function to look for a filesystem
with the label "kernel". This works thanks to existing setup in
scripts/gen_image_generic.sh. Which sets the "kernel" label on
both the fat and ext4 filesystem variants.
Signed-off-by: Jax Jiang <jax.jiang.007@gmail.com>
Suggested-by: Alberto Bursi <bobafetthotmail@gmail.com> (MX100 WA)
(word wrapped, slightly rewritten commit message, removed MX100 WA)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 1050e66c8f)
This is trivial fix of a duplicate definition of 'int ret'.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit df622768da10f36ceeb20346b4c4ee4eb9a8a9ad)
MPLS feature symbols are normally only set when kmod-mpls is enabled, but the
CONFIG_MPLS symbol they depend on could also have been selected by openvswitch
instead
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 92add80414)
These boards have AR8327 or QCA8337 external ethernet switch.
The SOC also has it's own internal switch
where VLAN is now enabled by default.
Changes to preinit caused all switches to have VLANs enabled by default
even if they are not configured with a topology in uci_defaults
(see commit f017f617ae)
When both internal and external switches have VLANs,
and the external switch has both LAN and WAN,
the TX traffic from the SOC cannot flow to the tagged port on the external switch
because the VLAN IDs are not matching.
So disable the internal switch VLANs by default on these boards.
Also, add a topology for the internal switch,
so that on LuCI there is not an "unknown topology" warning.
In theory, it may be possible to have LAN ports on both switches
through internal and external PHYs, but there are no known boards that have this.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit 2adeada045)
Define and use some missing macros,
and use them instead of BIT() or numbers for more readable code.
Add comment for a bit change that seems unrelated to ethernet
but is actually needed (PCIe Root Complex mode).
Remove unknown and unused macro RST_CTRL_MCM
(probably from MT7621 / MT7622)
This is the last of a series of fixes, so bump version.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit 88a0cebadf)
the register bits for TX delay and RX delay are opposites:
when TX delay bit is set, delay is enabled
when RX delay bit is set, delay is disabled
So, when both bits are unset, it is RX delay
and when both bits are set, it is TX delay
Note: TXID is the default RGMII mode of the SOC
Fixes: 5410a8e295 ("ramips: mt7620: add rgmii delays support")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit 26c84b2e46)
Add back the register write to disable internal PHYs
as a separate option in the code that can be set using a DTS property.
Set the option to true by default
when an external mt7530 switch is identified.
This makes the driver more in sync with original SDK code
while keeping the lines separated into different options
to accommodate any board with any PHY layout.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit cc6fd6fbb5)
The function mt7620_mdio_mode is only called once
and both the function and mdio_mode block have been named incorrectly,
leading to confusion and useless commits.
These lines in the mdio_mode block of mt7620_hw_init
are only intended for boards with an external mt7530 switch.
(see commit 194ca6127e)
Therefore, move lines from mdio_mode to the place in soc_mt7620.c
where the type of mt7530 switch is identified,
and move lines from mt7620_mdio_mode to a main function.
mt7620_mdio_mode was called from mt7620_gsw_init
where the priv struct is available,
so the lines must stay in mt7620_gsw_init function.
In order to keep things as simple as possible,
keep the DTS property related function calls together,
by moving them from mt7620_gsw_probe to init.
Remove the now useless DTS properties and extra phy nodes.
Fixes: 5a6229a93d ("ramips: remove superfluous & confusing DT binding")
Fixes: b85fe43ec8 ("ramips: mt7620: add force use of mdio-mode")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit 6972e498d3)
Set the PHY base address to 12 for mt7530 and 8 for others,
which is based on the default setting for some devices
from printing the register with the following command
after it is written to by uboot during the boot cycle.
`md 0x10117014 1`
PHY_BASE option only uses 5 bits of the register,
bits 16 to 20, so use 8-bit integer type.
Set the option using the DTS property mediatek,ephy-base
and create the gsw node if missing.
Also, added a kernel message to display the EPHY base address.
Note:
If anything is written to a PHY address that is greater than 1 hex char (greater than 0xf)
then there is adverse effects with Atheros switches.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit 0976b6c426)
When the new variable ephy_base was introduced,
it was not applied to the if block for mdio_mode.
The first line in the mdio_mode if block
sets the EPHY base address to 12 in the SOC by writing a register,
but the corresponding variable in the driver
was still set to the default of 0.
This causes subsequent lines that write registers with the function
_mt7620_mii_write
to write to PHY addresses 0 through 4
while internal PHYs have been moved to addresses 12 through 16.
All of these lines are intended only for PHYs on the SOC internal switch,
however, they are being written to external ethernet switches
if they exist at those PHY addresses 0 through 4.
This causes some ethernet ports to be broken on boards with AR8327 or QCA8337 switch.
Other suggested fixes move those lines to the else block of mdio_mode,
but removing the else block completely also fixes it.
Therefore, move the lines to the mt7620_hw_init function main block,
and have only one instance of the function mtk_switch_w32
for writing the register with the EPHY base address.
In theory, this also allows for boards that have both external switches
and internal PHYs that lead to ethernet ports to be supported.
Fixes: 391df37829 ("ramips: mt7620: add EPHY base mdio address changing possibility")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit de5394a29d)
