The two device strings were not ordered properly.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
There's no kernel 4.9 support on this branch.
Reported-by: AmadeusGhost <amadeus@immortalwrt.org>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Includes fix for CVE-2020-24588
c7dd54a22e30 mt76: connac: skip wtbl reset on sta disconnect
3511fd430356 mt76: validate rx A-MSDU subframes
aedc3145de6e mt76: fix possible NULL pointer dereference in mt76_tx
5c2baab92cd0 mt76: mt7615: fix NULL pointer dereference in tx_prepare_skb()
af21659ee834 mt76: mt76x0: use dev_debug instead of dev_err for hw_rf_ctrl
e423c16f16f7 mt76: mt7615: free irq if mt7615_mmio_probe fails
f2d0da8da9b7 mt76: mt7663: enable hw rx header translation
d2713a5d9de9 mt76: mt7921: fix mt7921_wfsys_reset sequence
ce5f32d84f33 mt76: mt7921: Don't alter Rx path classifier
8ab8c7747197 mt76: connac: fw_own rely on all packet memory all being free
a747b0bb4956 mt76: mt7921: enable deep sleep at runtime
2e6e999509b1 mt76: mt7921: add deep sleep control to runtime-pm knob
30bcb2338ce2 mt76: connac: fix WoW with disconnetion and bitmap pattern
56518f4a126e mt76: mt7921: consider the invalid value for to_rssi
e969ab10a034 mt76: mt7921: add back connection monitor support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
From the patch series description:
Several security issues in the 802.11 implementations were found by
Mathy Vanhoef (New York University Abu Dhabi), who has published all
the details at
https://papers.mathyvanhoef.com/usenix2021.pdf
Specifically, the following CVEs were assigned:
* CVE-2020-24586 - Fragmentation cache not cleared on reconnection
* CVE-2020-24587 - Reassembling fragments encrypted under different
keys
* CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to
payload being parsed as an L2 frame under an
A-MSDU bit toggling attack
* CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
* CVE-2020-26140 - Accepting plaintext data frames in protected
networks
* CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
* CVE-2020-26142 - Processing fragmented frames as full frames
* CVE-2020-26143 - Accepting fragmented plaintext frames in
protected networks
* CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that
start with RFC1042 header with EAPOL ethertype
* CVE-2020-26145 - Accepting plaintext broadcast fragments as full
frames
* CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive
packet numbers
* CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments
In general, the scope of these attacks is that they may allow an
attacker to
* inject L2 frames that they can more or less control (depending on the
vulnerability and attack method) into an otherwise protected network;
* exfiltrate (some) network data under certain conditions, this is
specific to the fragmentation issues.
A subset of these issues is known to apply to the Linux IEEE 802.11
implementation (mac80211). Where it is affected, the attached patches
fix the issues, even if not all of them reference the exact CVE IDs.
In addition, driver and/or firmware updates may be necessary, as well
as potentially more fixes to mac80211, depending on how drivers are
using it.
Specifically, for Intel devices, firmware needs to be updated to the
most recently released versions (which was done without any reference
to the security issues) to address some of the vulnerabilities.
To have a single set of patches, I'm also including patches for the
ath10k and ath11k drivers here.
We currently don't have information about how other drivers are, if
at all, affected.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The final Python 3.5 release was 3.5.10 in September 2020 [0].
This release series is now End-of-Life (EOL).
The only LTS distribution that still only ships Python 3.5 is Ubuntu 16.04,
which will be EOL in April 2021 [1].
The meson build system bumped their python requirement to 3.6 for the 0.57.0
release. This patch ensures that OpenWrt can update meson while still
relying on the host python.
[0] https://www.python.org/dev/peps/pep-0478/#id4
[1] https://ubuntu.com/about/release-cycle
[2] https://mesonbuild.com/Release-notes-for-0-57-0.html#minimum-required-python-version-updated-to-36
Signed-off-by: Andre Heider <a.heider@gmail.com>
[python3.6+ in README.md]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Before this commit, it was assumed that mkhash is in the PATH. While
this was fine for the normal build workflow, this led to some issues if
make TOPDIR="$(pwd)" -C "$pkgdir" compile
was called manually. In most of the cases, I just saw warnings like this:
make: Entering directory '/home/.../package/gluon-status-page'
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
[...]
While these were only warnings and the package still compiled sucessfully,
I also observed that some package even fail to build because of this.
After applying this commit, the variable $(MKHASH) is introduced. This
variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the
correct path.
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The code uses get_mtd_device_nm() which must be followed by a call to
put_mtd_device() once the handle is no longer used.
This fixes spurious shutdown console messages such as:
[ 2256.334562] Removing MTD device #7 (soft_config) with use count 1
Reported-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
When building for MikroTik devices the kernel2minor tool will sometimes
fail with:
Can't get lstat from kernel file!: No such file or directory.
This is because kernel2minor expects paths no longer than 250 chars.
To work around this the include/image-commands.mk has been modified
to copy the kernel to a temporary file (/tmp/tmp.XXXXXXXXXX) before
calling kernel2minor.
Signed-off-by: François Chavant <francois@chavant.info>
Add support for querying and parsing SRV DNS records to nslookup_lede.c
This patch is based on http://lists.busybox.net/pipermail/busybox/2019-June/087359.html
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
[reword subject, bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
When the list of packages to be installed in a built image exceeds a certain
number, then 'opkg install' executed for target '$(curdir)/install' in
package/Makefile fails with: /usr/bin/env: Argument list too long.
On Linux, the length of a command-line parameter is limited by
MAX_ARG_STRLEN to max 128 kB.
* https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/binfmts.h#L15
* https://www.in-ulm.de/~mascheck/various/argmax/
To solve the problem, store the package list being passed to 'opkg install'
in a temporary file and use the shell command substitution to pass the
content of the file to 'opkg install'. This guarantees that the length of
the command-line parameters passed to the bash shell is short.
The following bash script demonstrates the problem:
----------------------------------------------------------------------------
count=${1:-1000}
FILES=""
a_file="/home/egorenar/Repositories/openwrt-rel/bin/targets/alpine/generic/packages/base-files_1414-r16464+19-e887049fbb_arm_cortex-a15_neon-vfpv4.ipk"
for i in $(seq 1 $count); do
FILES="$FILES $a_file"
done
env bash -c "echo $FILES >/dev/null"
echo "$FILES" | wc -c
----------------------------------------------------------------------------
Test run:
----------------------------------------------------------------------------
$ ./test.sh 916
130989
$ ./test.sh 917
./test.sh: line 14: /bin/env: Argument list too long
131132
----------------------------------------------------------------------------
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
[reword commit subject]
Signed-off-by: Paul Spooren <mail@aparcar.org>
The allows userspace LEDs to be created and controlled. This can be useful
for testing triggers and can also be used to implement virtual LEDs.
Signed-off-by: Keith T. Garner <kgarner@kgarner.com>
[squash fixup commit and improve option wording]
Signed-off-by: Paul Spooren <mail@aparcar.org>
The code uses get_mtd_device_nm() which must be followed by a call to
put_mtd_device() once the handle is no longer used.
This fixes spurious shutdown console messages such as:
[ 2256.334562] Removing MTD device #7 (soft_config) with use count 1
Reported-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Refresh kernel patches.
Built under MacOS
Run tested: x86_64 (apu2)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
311-MIPS-zboot-put-appended-dtb-into-a-section.patch
commit d2e850e96183 in kernel, part of v5.11
499-mtd-don-t-lock-when-recursively-deleting-partitions.patch
commit cb4543054c5c in kernel, part of v5.13
103-MIPS-select-CPU_MIPS64-for-remaining-MIPS64-CPUs.patch
commit 5a4fa44f5e1b in kernel, part of v5.13
Move them to backports folder to make maintainance easier.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Kernel 5.10 support for ipq806x was added at the same time that these
patches were developed for kernel 5.4. This carries the patches forward
to kernel 5.10.
fa731838c5 ipq806x: dwmac: clear forced speed during probe
75ca641f1b ipq806x: Add "snps,dwmac" to all gmac compatible=
d62825dd77 ipq806x: dwmac: set forced speed when using fixed-link
Signed-off-by: Mark Mentovai <mark@moxienet.com>
Run-tested: ipq806x/ubnt,unifi-ac-hd
Cc: Ansuel Smith <ansuelsmth@gmail.com>
d53be2a2e9 migrated 0069-arm-boot-add-dts-files.patch from patches-5.4
to patches-5.10, but a subsequent patch in that set, 1e25423be8,
erroneously removed several devices:
ipq8062/nec,wg2600hp3 from 3bb1618573
ipq8064/asrock,g10 from 98b86296e6
ipq8064/ubnt,unifi-ac-hd from 4e46beb313
Signed-off-by: Mark Mentovai <mark@moxienet.com>
Run-tested: ipq806x/ubnt,unifi-ac-hd
Cc: Ansuel Smith <ansuelsmth@gmail.com>
The out-of-tree qcom-smem patches traditionally displayed mtd partition names
in upper case, starting with the new mainline qcom-smem support in kernel v5.10,
it switches to normalizing the partition names to lower case.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
fa731838c5 cleared the forced speed in the QSGMII PCS_ALL_CH_CTL
register during probe, but this is only correct for GMACs that are not
configured with fixed-link. This prevented GMACs configured with both
phy-mode = "sgmii" and fixed-link from working properly, as discussed at
https://github.com/openwrt/openwrt/pull/3954#issuecomment-834625090 and
the comments that follow. Notably, this prevented all communication
between gmac2 and the switch on the Netgear R7800.
The correct behavior is to set the QSGMII PCS_ALL_CH_CTL register by
considering the gmac's fixed-link child, setting the speed as directed by
fixed-link if present, and otherwise clearing it as was done previously.
Fixes: fa731838c5 ("ipq806x: dwmac: clear forced speed during probe")
Signed-off-by: Mark Mentovai <mark@moxienet.com>
Tested-by: Hannu Nyman <hannu.nyman@iki.fi>
Run-tested: ipq806x/ubnt,unifi-ac-hd, ipq806x/netgear,r7800
Cc: Petr Štetiar <ynezz@true.cz>
Cc: Ansuel Smith <ansuelsmth@gmail.com>
Tested-by: Ansuel Smith <ansuelsmth@gmail.com>
wakeup-source is required for gpio keys to fix error
genirq: irq_chip msmgpio did not update eff. affinity mask
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
- Add new tsens node
- Add new cpufreq required nodes
- Drop arm cpuidle compatible
- Fix duplicate node set upstream
- Add voltage tolerance value for cpu opp
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
ipq806x have different ecc configuration for boot partition and rootfs partition. Add support for this to fix IO error on mtd block scan.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
The spm driver now has dedicated support for krait cpu idle state. We don't need to add generic arm cpuidle support for qcom.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Patch 0030 wrongly disables gsbi1 instead of gsbi4.
Fix the wrong patch and also include other fix from the original qsdk source.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
This was introduced to gmac2 and gmac3 in 57ea767a53 without fanfare.
There's no indication of why it was added to those devices, but not to
gmac0 or gmac1. It was probably an unintentional omission. It should be
present on all four gmac devices.
This property is considered by
drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c
stmmac_probe_config_dt.
Signed-off-by: Mark Mentovai <mark@moxienet.com>
Build-tested: ipq806x/ubnt,unifi-ac-hd
Run-tested: ipq806x/ubnt,unifi-ac-hd
On a Ubiquiti UniFi AC HD (ubnt,unifi-ac-hd, UAP-AC-HD, UAP301), a
forced speed on gmac1 is set in the QSGMII PCS_ALL_CH_CTL register,
presumably by the bootloader (4.3.28), preventing the interface from
being usable. The QSDK NSS GMAC driver takes care to clear the forced
speed in nss_gmac_qsgmii_dev_init
(https://source.codeaurora.org/quic/qsdk/oss/lklm/nss-gmac/tree/ipq806x/nss_gmac_init.c?h=nss
at d5bb14925861).
gmac1 is connected to the port on the device labeled SECONDARY, and is
currently eth0 but will be switched to eth1 by a subsequent patch. By
clearing the QSGMII PCS forced speed during dwmac initialization when
SGMII is in use, this port becomes usable.
This patch is upstreamable, and will be sent upstream after successful
testing in OpenWrt.
Signed-off-by: Mark Mentovai <mark@moxienet.com>
Build-tested: ipq806x/ubnt,unifi-ac-hd
Run-tested: ipq806x/ubnt,unifi-ac-hd
