Commit Graph

7057 Commits

Author SHA1 Message Date
Robert Marko
832b8962de uboot-mvebu: backport patch to fix eMMC
v2022.01 has a regression that broke eMMC usage on most if not all Armada
SoC-s, thus breaking boards like uDPU which use eMMC for storage.

Fix it by backporting a recent upstream patch.

Fixes: 782d4c8306 ("uboot-mvebu: update to version 2022.01")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2022-03-24 16:49:22 +08:00
Richard Huynh
e1e8afc646 mediatek: Add support for Xiaomi Redmi Router AX6S
Also known as the "Xiaomi Router AX3200" in western markets,
but only the AX6S is widely installation-capable at this time.

SoC: MediaTek MT7622B
RAM: DDR3 256 MiB (ESMT M15T2G16128A)
Flash: SPI-NAND 128 MiB (ESMT F50L1G41LB or Gigadevice GD5F1GQ5xExxG)
WLAN: 2.4/5 GHz 4T4R
2.4 GHz: MediaTek MT7622B
5 GHz: MediaTek MT7915E
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531B
LEDs/Keys: 2/2 (Internet + System LED, Mesh button + Reset pin)
UART: Marked J1 on board VCC RX GND TX, beginning from "1". 3.3v, 115200n8
Power: 12 VDC, 1.5 A

Notes:
U-Boot passes through the ethaddr from uboot-env partition,
but also has been known to reset it to a generic mac address
hardcoded in the bootloader.

However, bdata is also populated with the ethernet mac addresses,
but is also typically never written to. Thus this is used instead.

Installation:
1. Flash stock Xiaomi "closed beta" image labelled
'miwifi_rb03_firmware_stable_1.2.7_closedbeta.bin'.
(MD5: 5eedf1632ac97bb5a6bb072c08603ed7)

2. Calculate telnet password from serial number and login

3. Execute commands to prepare device
nvram set ssh_en=1
nvram set uart_en=1
nvram set boot_wait=on
nvram set flag_boot_success=1
nvram set flag_try_sys1_failed=0
nvram set flag_try_sys2_failed=0
nvram commit

4. Download and flash image
On computer:
python -m http.server
On router:
cd /tmp
wget http://<IP>:8000/factory.bin
mtd -r write factory.bin firmware

Device should reboot at this point.

Reverting to stock:
Stock Xiaomi recovery tftp that accepts their signed images,
with default ips of 192.168.31.1 + 192.168.31.100.
Stock image should be renamed to tftp server ip in hex (Eg. C0A81F64.img)
Triggered by holding reset pin on powerup.

A simple implementation of this would be via dnsmasq's
dhcp-boot option or using the vendor's (Windows only)
recovery tool available on their website.

Signed-off-by: Richard Huynh <voxlympha@gmail.com>
2022-03-21 11:50:29 +08:00
Mikhail Zhilkin
a985eedd04 ramips: add support for Beeline SmartBox Flash
Beeline SmartBox Flash is a wireless AC1300 (WiFi 5) router manufactured
by Arcadyan company.

Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB, Winbond W632GU6NB
Flash: 128 MiB (NAND), Winbond W29N01HVSINF
Wireless 2.4 GHz (MT7615DN): b/g/n, 2x2
Wireless 5 GHz (MT7615DN): a/n/ac, 2x2
Ethernet: 3xGbE (WAN, LAN1, LAN2)
USB ports: 1xUSB3.0
Button: 1 (Reset/WPS)
LEDs: 1 RGB LED
Power: 12 VDC, 1.5 A
Connector type: Barrel
Bootloader: U-Boot (Ralink UBoot Version: 5.0.0.2)
OEM: Arcadyan WE42022

Installation
------------
1. Place *factory.trx on any web server (192.168.1.2 in this example)
2. Connect to the router using telnet shell (no password required)
3. Save MAC adresses to U-Boot environment:
   uboot_env --set --name eth2macaddr --value $(ifconfig | grep eth2 | \
    awk '{print $5}')
   uboot_env --set --name eth3macaddr --value $(ifconfig | grep eth3 | \
    awk '{print $5}')
   uboot_env --set --name ra0macaddr --value $(ifconfig | grep ra0 | \
    awk '{print $5}')
   uboot_env --set --name rax0macaddr --value $(ifconfig | grep rax0 | \
    awk '{print $5}')
4. Ensure that MACs were saved correctly:
   uboot_env --get --name eth2macaddr
   uboot_env --get --name eth3macaddr
   uboot_env --get --name ra0macaddr
   uboot_env --get --name rax0macaddr
5. Download and write the OpenWrt images:
   cd /tmp
   wget http://192.168.1.2/factory.trx
   mtd_write erase /dev/mtd4
   mtd_write write factory.trx /dev/mtd4
6. Set 1st boot partition and reboot:
   uboot_env --set --name bootpartition --value 0
   reboot

Back to Stock
-------------
1. Run in the OpenWrt shell:
   fw_setenv bootpartition 1
   reboot
2. Optional step. Upgrade the stock firmware with any version to
   overwrite the OpenWrt in Slot 1.

MAC addresses
-------------
+-----------+-------------------+----------------+
| Interface | MAC               | Source         |
+-----------+-------------------+----------------+
| label     | 30:xx:xx:51:xx:09 | No MACs was    |
| LAN       | 30:xx:xx:51:xx:09 | found on Flash |
| WAN       | 30:xx:xx:51:xx:06 | [1]            |
| WLAN_2g   | 30:xx:xx:51:xx:07 |                |
| WLAN_5g   | 32:xx:xx:41:xx:07 |                |
+-----------+-------------------+----------------+
[1]:
a. Label wasb't found neither in factory nor in other places.
b. MAC addresses are stored in encrypted partition "glbcfg". Encryption
   key hasn't known yet. To ensure the correct MACs in OpenWrt, a hack
   with saving of the MACs to u-boot-env during the installation was
   applied.
c. Default Ralink ethernet MAC address (00:0C:43:28:80:36) was found in
   "Factory" 0xfff0. It's the same for all Smartbox Flash devices. OEM
   firmware also uses this MAC when initialazes ethernet driver. In
   OpenWrt we use it only as internal GMAC (eth0), all other MACs are
   unique. Therefore, there is no any barriers to the operation of several
   Smartbox Flash devices even within the same broadcast domain.

Stock firmware image format
---------------------------
+--------------+---------------+----------------------------------------+
| Offset       | 1.0.15        | Description                            |
+==============+===============+========================================+
| 0x0          | 5d 43 6f 74   | TRX magic "]Cot"                       |
+--------------+---------------+----------------------------------------+
| 0x4          | 00 70 ff 00   | Length (reverse)                       |
+--------------+---------------+----------------------------------------+
|              |               | htonl(~crc) from 0xc ("flag_version")  |
| 0x8          | 72 b3 93 16   | to "Length"                            |
+--------------+---------------+----------------------------------------+
| 0xc          | 00 00 01 00   | Flags                                  |
+--------------+---------------+----------------------------------------+
|              |               | Offset (reverse) of Kernel partition   |
| 0x10         | 1c 00 00 00   | from the start of the header           |
+--------------+---------------+----------------------------------------+
|              |               | Offset (reverse) of RootFS partition   |
| 0x14         | 00 00 42 00   | from the start of the header           |
+--------------+---------------+----------------------------------------+
| 0x18         | 00 00 00 00   | Zeroes                                 |
+--------------+---------------+----------------------------------------+
| 0x1c         | 27 05 19 56 … | Kernel data + zero padding             |
+--------------+---------------+----------------------------------------+
|              |               | RootFS data (starting with "hsqs") +   |
| 0x420000     | 68 73 71 73 … | zero padding to "Length"               |
+--------------+---------------+----------------------------------------+
|              |               | Some signature data (format is         |
|              |               | unknown). Necessary for the fw         |
| "Lenght"     | 00 00 00 00 … | update via oem fw web interface.       |
+--------------+---------------+----------------------------------------+
| "Lenght" +   |               | TRX magic "HDR0". U-Boot is            |
| 0x10c        | 48 44 52 30   | checking it at every boot.             |
+--------------+---------------+----------------------------------------+
|              |               | 1.00:                                  |
|              |               |   Zero padding to ("Lenght" + 0x23000) |
|              |               | 1.0.12:                                |
|              |               |   Zero padding to ("Lenght" + 0x2a000) |
| "Lenght" +   |               | 1.0.13, 1.0.15, 1.0.16:                |
| 0x110        | 00 00 00 00   |   Zero padding to ("Lenght" + 0x10000) |
+--------------+---------------+----------------------------------------+

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-03-21 11:40:43 +08:00
Tianling Shen
ddf990bf82
Merge Mainline
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-03-17 19:53:20 +08:00
Tianling Shen
43f88fbf6c
r8125: bump to 9.008.00
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit d469e513cc)
2022-03-17 15:32:03 +08:00
Claudiu Beznea
c0bbcd6ac6 at91: add support for sam9x60-ek board
Add support for SAM9X60-EK board.

Hardware:
- SoC: SAM9X60
- RAM: Winbond W972GG6KB-25 (2Gbit DDR2)
- NAND Flash: Micron MT29F4G08ABAEA
- QSPI Flash: Microchip SST26VF064B
- EEPROM: Microchip 24AA02E48
- SDMMC: One standard 4-bit SD card interface
- USB: two stacked Type-A connectors with power switches, one micro-B
       USB device
- CAN: 2 interfaces (Microchip MCP2542)
- Ethernet: one 10/100Mbps
- WiFi/BT: one optional WiFi/Bluetooth interface
- Audio: one ClassD port
- Display: one 24-bit LCD interface
- Camera: one 12-bit image sensor interface
- IO: one IO expander (Microchip MCP23008)
- Debug ports: one J-Link-OB + CDC, one JTAG interface
- Leds: one RGB LED
- Buttons: 4 push button switches
- Expansion: one PIO connector, one mikrobus connector
- Power management: two power regulators, two power consumption measurement
                    devices

Flashing:
- follow the procedure at [1]

[1] https://www.linux4sam.org/bin/view/Linux4SAM/Sam9x60EKMainPage#Create_a_SD_card_with_the_demo

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-03-17 11:23:53 +08:00
Claudiu Beznea
1ebd615d42 at91: add support for sama5d27-wlsom1-ek board
Add support for SAMA5D27 WLSOM1-EK board.

Hardware:
- SIP: SAMA5D27C-LD2G-CU including SAMA5D27 MPU and 2Gbit LPDDR2-SDRAM
- MMC: one standard SD card interface
- Flash: 64 Mb serial quad I/O flash memory (SST26VF064BEUIT-104I/MF)
	 with embedded EUI-48 and EUI-64 MAC addresses
- USB: one USB device, one USB host one HSIC interface
- Ethernet: 1x10/100Mbps port
- WiFi/BT: IEEE 802.11 b/g/n Wi-Fi plus Bluetooth (Wi-Fi/BT) module
	   (ATWILC3000-MR110UA)
- Crypto: one ATECC608B-TNGTLS secure element
- Video: one LCD RGB 18-bit interface, one ISC 12-bit camera interface
- Debug port: one JTAG interface, one UART interface, one WILC UART
              interface
- Leds: one RGB LED
- Buttons: start, reset, wakeup, user buttons
- Expansion: one tamper connector, one mikrobus interface, 2 XPRO PTC
             connector
- Power managament: PMIC (MCP16502)

Flashing:
- follow procedure at [1]

[1] https://www.linux4sam.org/bin/view/Linux4SAM/Sama5d27WLSom1EKMainPage#Create_a_SD_card_with_the_demo

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-03-17 11:22:48 +08:00
Claudiu Beznea
350e41a6ff at91: add support for sama5d2 icp board
Add support for SAMA5D2 ICP board.

Hardware:
- SoC: SAMA5D27
- RAM: 512 MB DDR3L
- MMC: One stanard SD card interface
- USB: One USB host switch 4 ports with power switch,
       One USB device type Micro-AB
- CAN: 2 interfaces
- Ethernet: One Gigabit Ethernet PHY through HSIC,
	    One ETH switchport,
	    One EtherCAT interface
- WiFi/BT: Footprint for IEEE 802.11 b/g/n Wi-Fi plus
	   Bluetooth module (Wi-Fi/BT), suitable for
	   Microchip WILC3000-MR110CA or WILC3000-MR110UA
- Debug port: One J-Link-OB/J-Link-CDC, one JTAG interface
- Leds: one RGB LED
- Buttons: reset, wakeup, 2 user buttons
- Expansion: one PIOBU/PIO connector, 3 mikrobus sockets
- Power mangament: PMIC (MCP16502), one power consumption device
                   (PAC1934)

Not working in Linux:
- EtherCAT interface: there is no Linux support integrated
- PAC1934: driver available at [1] but not integrated in Linux

Flashing:
- follow the procedure at [2]

[1] https://ww1.microchip.com/downloads/en/DeviceDoc/pac193x_linux_driver.zip
[2] https://www.linux4sam.org/bin/view/Linux4SAM/Sama5d2IcpMainPage#Create_a_SD_card_with_the_demo

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-03-17 11:22:25 +08:00
Martin Schiller
fd505eab88 openssl: bump to 1.1.1n
This is a bugfix release. Changelog:

  *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
     forever for non-prime moduli. (CVE-2022-0778)

  *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
     (RFC 5489) to the list of ciphersuites providing Perfect Forward
     Secrecy as required by SECLEVEL >= 3.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2022-03-17 11:02:29 +08:00
Rosen Penev
a75b0a9c1b argp-standalone: fix compilation with Alpine Linux
This package is a C89 one. Add the proper CFLAG to fix compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-17 11:02:19 +08:00
Lech Perczak
a77acbd16d uqmi: set CID during 'query-data-status' operation
Modems used in ZTE mobile broadband routers require to query the data
session status using the same CID as one used to establish the session,
otherwise they will report the session as "disconnected" despite
reporting correct PDH in previous step. Without this change, IPv6
connection on these modems doesn't establish properly. In IPv4 this bug
is present as well, but for some reason querying of IPv4 status works
using temporary CID, this however seems noncompliant with QMI
specifications, so fix it as well.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-03-17 11:00:33 +08:00
Tianling Shen
71ca95a20c
base-files: tweak banner
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit be0ac56b63)
2022-03-15 20:36:37 +08:00
Rafał Miłecki
3338a5e835
base-files: call "sync" after initial setup
OpenWrt uses a lot of (b)ash scripts for initial setup. This isn't the
best solution as they almost never consider syncing files / data. Still
this is what we have and we need to try living with it.

Without proper syncing OpenWrt can easily get into an inconsistent state
on power cut. It's because:
1. Actual (flash) inode and data writes are not synchronized
2. Data writeback can take up to 30 seconds (dirty_expire_centisecs)
3. ubifs adds extra 5 seconds (dirty_writeback_centisecs) "delay"

Some possible cases (examples) for new files:
1. Power cut during 5 seconds after write() can result in all data loss
2. Power cut happening between 5 and 35 seconds after write() can result
   in empty file (inode flushed after 5 seconds, data flush queued)

Above affects e.g. uci-defaults. After executing some migration script
it may get deleted (whited out) without generated data getting actually
written. Power cut will result in missing data and deleted file.

There are three ways of dealing with that:
1. Rewriting all user-space init to proper C with syncs
2. Trying bash hacks (like creating tmp files & moving them)
3. Adding sync and hoping for no power cut during critical section

This change introduces the last solution that is the simplest. It
reduces time during which things may go wrong from ~35 seconds to
probably less than a second. Of course it applies only to IO operations
performed before /etc/init.d/boot . It's probably the stage when the
most new files get created.

All later changes are usually done using smarter C apps (e.g. busybox or
uci) that creates tmp files and uses rename() that is expected to be
atomic.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
(cherry picked from commit 9851d4b6ce)
2022-03-15 18:51:04 +08:00
msylgj
379ef63300
r8168: allow build for kernel 5.10
(cherry picked from commit 8dbec6a2fe)
2022-03-14 15:28:33 +08:00
msylgj
b54d7e67b8
r8168: add support for kernel over 5.10
(cherry picked from commit 92578caeca)
2022-03-14 15:28:11 +08:00
Tianling Shen
523163b6b7
Merge Mainline
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-03-14 15:27:39 +08:00
Tianling Shen
fd6bc38dd6
r8125/r8168: require PCI support
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 644bd5b27a)
2022-03-13 18:00:35 +08:00
Tianling Shen
80ee6a4538
base-files: update default banner
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 29c5695d92)
2022-03-13 16:56:50 +08:00
Langhua Ye
3101a18db9 uboot-envtools: mt7622: add support for Ruijie RG-EW3200GX PRO
Add U-Boot environment settings for Ruijie RG-EW3200GX PRO to allow
users to access the bootloader environment using fw_printenv/fw_setenv
while running OpenWrt.

Signed-off-by: Langhua Ye <y1248289414@outlook.com>
2022-03-10 09:02:15 +08:00
Tianling Shen
b091dedde6
kernel/modules: add kmod-inet-diag package
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 41d8f0e982)
2022-03-09 10:40:09 +08:00
Tianling Shen
e38cb49ef6
Merge Mainline
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-03-08 11:43:38 +08:00
Tianling Shen
0e4d13205d
i40e: disable on ramips
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-03-07 19:39:31 +08:00
Florian Eckert
5e01c687e3 ipset: update to 7.15
Update to the latest upstream version. In this version there is a new
tool with which you can convert ipsets into nftables sets. Since we are
now using nftables as default firewall, this could be a useful tool for
porting ipsets to nftables sets.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-06 23:57:08 +08:00
AmadeusGhost
155d61b65e mbedtls: refresh armv8ce_aes patches
Signed-off-by: AmadeusGhost <amadeus@immortalwrt.org>
2022-03-03 23:53:48 +08:00
Lucian Cristian
7fef22572f mbedtls: update to 2.28.0 LTS branch
<https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0>
"Mbed TLS 2.28 is a long-time support branch.
It will be supported with bug-fixes and security
fixes until end of 2024."

<https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md>
"Currently, the only supported LTS branch is: mbedtls-2.28.
For a short time we also have the previous LTS, which has
recently ended its support period, mbedtls-2.16.
This branch will move into the archive namespace around the
time of the next release."

this will also add support for uacme ualpn support.

size changes
221586 libmbedtls12_2.28.0-1_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(remark about 2.16's EOS, slightly reworded)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-03-03 23:50:14 +08:00
Tianling Shen
ec7b7129f4
Merge Mainline
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-03-03 10:37:24 +08:00
Hauke Mehrtens
d3e63a637e
ustream-ssl: update to Git version 2022-01-16
868fd88 ustream-openssl: wolfSSL: Add compatibility for wolfssl >= 5.0

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e74529552c)
2022-03-01 20:53:04 +08:00
Petr Štetiar
cb556fc0bb usbmode: update to version 2022-02-24
* usbmode: add config #0 and delay before actual config

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-28 16:11:03 +08:00
Vladislav Grigoryev
fafbcf2365 jsonfilter: update makefile url
Specify URL as PKG_SOURCE_URL in the jsonfilter Makefile.

Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
2022-02-28 16:10:09 +08:00
zxlhhyccc
aa85f5239a
mt-drivers: mt7603e: fix syntax error
(cherry picked from commit 3896b7d788)
2022-02-25 14:21:26 +08:00
Tianling Shen
c96b15cc4d
Merge Mainline
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-02-25 13:03:01 +08:00
Petr Štetiar
8c0a0ad598 wolfssl: fix API breakage of SSL_get_verify_result
Backport fix for API breakage of SSL_get_verify_result() introduced in
v5.1.1-stable.  In v4.8.1-stable SSL_get_verify_result() used to return
X509_V_OK when used on LE powered sites or other sites utilizing
relaxed/alternative cert chain validation feature. After an update to
v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA
error and thus rendered all such connection attempts imposible:

 $ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org"
 Downloading 'https://letsencrypt.org'
 Connecting to 18.159.128.50:443
 Connection error: Invalid SSL certificate

Fixes: #9283
References: https://github.com/wolfSSL/wolfssl/issues/4879
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-24 11:37:21 +08:00
Eneas U de Queiroz
03ceba473f openssl: configure engines with uci
This uses uci to configure engines, by generating a list of enabled
engines in /var/etc/ssl/engines.cnf from engines configured in
/etc/config/openssl:

    config engine 'devcrypto'
            option enabled '1'

Currently the only options implemented are 'enabled', which defaults to
true and enables the named engine, and the 'force' option, that enables
the engine even if the init script thinks the engine does not exist.

The existence test is to check for either a configuration file
/etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file
/usr/lib/engines-1.1/%ENGINE%.so.

The engine list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped.  It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-02-24 11:36:11 +08:00
Eneas U de Queiroz
f700fead14 openssl: configure engine packages during install
This enables an engine during its package's installation, by adding it
to the engines list in /etc/ssl/engines.cnf.d/engines.cnf.

The engine build system was reworked, with the addition of an engine.mk
file that groups some of the engine packages' definitions, and could be
used by out of tree engines as well.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-02-24 11:35:50 +08:00
Eneas U de Queiroz
1be742a1db openssl: config engines in /etc/ssl/engines.cnf.d
This changes the configuration of engines from the global openssl.cnf to
files in the /etc/ssl/engines.cnf.d directory.  The engines.cnf file has
the list of enabled engines, while each engine has its own configuration
file installed under /etc/ssl/engines.cnf.d.

Patches were refreshed with --zero-commit.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-02-24 11:35:33 +08:00
Mauri Sandberg
cbbef547e9 gpio-nxp-74hc153: remove package
This module was used solely by Buffalo WZR-HP-G300NH devices
and has become obsolete with the introduction of gpio-cascade.

Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
2022-02-21 11:15:40 +08:00
Mauri Sandberg
4deff7e9db kernel: add package kmod-gpio-cascade
Adds kernel module for Generic GPIO cascade.

Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [missing commit description]
2022-02-21 11:13:03 +08:00
Mauri Sandberg
b2b150d1b8 kernel: add package kmod-multiplexer
Adds new kernel module for GPIO controlled multiplexer support.

Signed-off-by: Mauri Sandberg <maukka@ext.kapsi.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [missing commit description]
2022-02-21 11:12:48 +08:00
Hauke Mehrtens
672481e01e hostapd: Apply SAE/EAP-pwd side-channel attack update 2
This fixes some recent security problems in hostapd.
See here for details: https://w1.fi/security/2022-1
* CVE-2022-23303
* CVE-2022-23304

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-21 11:02:00 +08:00
Leonardo Mörlein
e7fab4490f wireguard-tools: allow generating private_key
When the uci configuration is created automatically during a very early
stage, where no entropy daemon is set up, generating the key directly is
not an option. Therefore we allow to set the private_key to "generate"
and generate the private key directly before the interface is taken up.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
Tested-by: Jan-Niklas Burfeind <git@aiyionpri.me>
2022-02-18 18:35:16 +08:00
Sergey V. Lobanov
0d224e34ea wolfssl: update to 5.1.1-stable
Bump from 4.8.1-stable to 5.1.1-stable

Detailed release notes: https://github.com/wolfSSL/wolfssl/releases

Upstreamed patches:
001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch -
 fa8f23284d
002-Update-macro-guard-on-SHA256-transform-call.patch -
 f447e4c1fa

Refreshed patches:
100-disable-hardening-check.patch
200-ecc-rng.patch

CFLAG -DWOLFSSL_ALT_CERT_CHAINS replaced to --enable-altcertchains
configure option

The size of the ipk changed on aarch64 like this:
491341 libwolfssl4.8.1.31258522_4.8.1-stable-7_aarch64_cortex-a53.ipk
520322 libwolfssl5.1.1.31258522_5.1.1-stable-1_aarch64_cortex-a53.ipk

Tested-by: Alozxy <alozxy@users.noreply.github.com>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-02-18 18:33:23 +08:00
Hauke Mehrtens
9531fac7df strace: Update to version 5.16
The sizes of the ipk changed on MIPS 24Kc like this:
289764 strace_5.14-1_mips_24kc.ipk
310899 strace_5.16-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-18 18:32:40 +08:00
Hauke Mehrtens
8594d70671 ethtool: Update to version 5.16
795f420 cmis: Rename CMIS parsing functions
369b43a cmis: Initialize CMIS memory map
da16288 cmis: Use memory map during parsing
6acaeb9 cmis: Consolidate code between IOCTL and netlink paths
d7d15f7 sff-8636: Rename SFF-8636 parsing functions
4230597 sff-8636: Initialize SFF-8636 memory map
b74c040 sff-8636: Use memory map during parsing
799572f sff-8636: Consolidate code between IOCTL and netlink paths
9fdf45c sff-8079: Split SFF-8079 parsing function
2ccda25 netlink: eeprom: Export a function to request an EEPROM page
86792db cmis: Request specific pages for parsing in netlink path
6e2b32a sff-8636: Request specific pages for parsing in netlink path
c2170d4 sff-8079: Request specific pages for parsing in netlink path
9538f38 netlink: eeprom: Defer page requests to individual parsers
664586e Merge branch 'review/next/module-mem-map' into master
50fdaec ethtool: Set mask correctly for dumping advertised FEC modes
c5e7133 cable-test: Fix premature process termination
73091cd sff-8636: Use an SFF-8636 specific define for maximum number of channels
837c166 sff-common: Move OFFSET_TO_U16_PTR() to common header file
8658852 cmis: Initialize Page 02h in memory map
27b42a9 cmis: Initialize Banked Page 11h in memory map
340d88e cmis: Parse and print diagnostic information
eae6a99 cmis: Print Module State and Fault Cause
82012f2 cmis: Print Module-Level Controls
d7b1007 sff-8636: Print Power set and Power override bits
429f2fc Merge branch 'review/cmis-diag' into master
32457a9 monitor: do not show duplicate options in help text
c01963e Release version 5.16.

The sizes of the ipk changed on MIPS 24Kc like this:
34317 ethtool_5.15-1_mips_24kc.ipk
34311 ethtool_5.16-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-18 18:32:24 +08:00
Hans Dedecker
d127c7bf64 ethtool: update to version 5.15
cef54c4 Release version 5.15.
23beb39 update UAPI header copies
fd7db64 netlink: settings: Correct duplicate condition
88892ec Merge branch 'review/module-fixes-2-v2'
79cb4ab sff-8636: Remove extra blank lines
128e97c sff-8636: Convert if statement to switch-case
7ff603b sff-8636: Fix incorrect function name
86e9784 sff-8636: Remove incorrect comment
001aecd cmis: Correct comment
1bad83c cmis: Fix wrong define name
2c2fa88 cmis: Fix CLEI code parsing
d007b49 Merge branch 'review/module-fixes' into master
a7431bc netlink: eeprom: Fix compilation when pretty dump is disabled
d02409c ethtool: Fix compilation warning when pretty dump is disabled
2ddb1a1 netlink: eeprom: Fallback to IOCTL when a complete hex/raw dump is requested
7e153a7 cmis: Fix invalid memory access in IOCTL path
769a50e sff-8636: Fix parsing of Page 03h in IOCTL path

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-02-18 18:32:03 +08:00
Hauke Mehrtens
6ba4f6b8fa tcpdump: Fix CVE-2018-16301
This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-16 12:47:35 +08:00
Hauke Mehrtens
69b51ecb17 libcap: Update to version 2.63
The sizes of the ipk changed on MIPS 24Kc like this:
11248 libcap_2.51-1_mips_24kc.ipk
14461 libcap_2.63-1_mips_24kc.ipk

18864 libcap-bin_2.51-1_mips_24kc.ipk
20576 libcap-bin_2.63-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-16 12:45:15 +08:00
Hauke Mehrtens
e9173d63d1 e2fsprogs: Update to version 1.46.5
The sizes of the ipk changed on MIPS 24Kc like this:
  8788 badblocks_1.45.6-2_mips_24kc.ipk
  8861 badblocks_1.46.5-1_mips_24kc.ipk

  3652 chattr_1.45.6-2_mips_24kc.ipk
  3657 chattr_1.46.5-1_mips_24kc.ipk

 58128 debugfs_1.45.6-2_mips_24kc.ipk
 60279 debugfs_1.46.5-1_mips_24kc.ipk

  8551 dumpe2fs_1.45.6-2_mips_24kc.ipk
  8567 dumpe2fs_1.46.5-1_mips_24kc.ipk

  4797 e2freefrag_1.45.6-2_mips_24kc.ipk
  4791 e2freefrag_1.46.5-1_mips_24kc.ipk

159790 e2fsprogs_1.45.6-2_mips_24kc.ipk
168212 e2fsprogs_1.46.5-1_mips_24kc.ipk

  7083 e4crypt_1.45.6-2_mips_24kc.ipk
  7134 e4crypt_1.46.5-1_mips_24kc.ipk

  5749 filefrag_1.45.6-2_mips_24kc.ipk
  6233 filefrag_1.46.5-1_mips_24kc.ipk

  4361 libcomerr0_1.45.6-2_mips_24kc.ipk
  4355 libcomerr0_1.46.5-1_mips_24kc.ipk

168040 libext2fs2_1.45.6-2_mips_24kc.ipk
174209 libext2fs2_1.46.5-1_mips_24kc.ipk

  8514 libss2_1.45.6-2_mips_24kc.ipk
  8613 libss2_1.46.5-1_mips_24kc.ipk

  3148 lsattr_1.45.6-2_mips_24kc.ipk
  3227 lsattr_1.46.5-1_mips_24kc.ipk

 22530 resize2fs_1.45.6-2_mips_24kc.ipk
 22909 resize2fs_1.46.5-1_mips_24kc.ipk

 33315 tune2fs_1.45.6-2_mips_24kc.ipk
 34511 tune2fs_1.46.5-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-16 12:45:01 +08:00
Hauke Mehrtens
dd686f3315 util-linux: Update to version 2.37.3
This release fixes two security mount(8) and umount(8) issues:

CVE-2021-3996
    Improper UID check in libmount allows an unprivileged user to unmount FUSE
    filesystems of users with similar UID.

CVE-2021-3995
    This issue is related to parsing the /proc/self/mountinfo file allows an
    unprivileged user to unmount other user's filesystems that are either
    world-writable themselves or mounted in a world-writable directory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-16 12:44:43 +08:00
Hauke Mehrtens
31a75e7526 util-linux: Do not build raw any more.
The man page of the raw tool does not build because the disk-utils/raw.8
file is missing. It looks like it should be in the tar.xz file we
download, but it is missing.

We do not package the raw tool, so this is not a problem.

This fixes the following build error:
No rule to make target 'disk-utils/raw.8', needed by 'all-am'.  Stop.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-16 12:44:24 +08:00
Hauke Mehrtens
47f44d7504 mbedtls: Update to version 2.16.12
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
  value when verifying a MAC or AEAD tag. This hardens the library in
  case the value leaks through a memory disclosure vulnerability. For
  example, a memory disclosure vulnerability could have allowed a
  man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
  mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
  (out of memory). After that, calling mbedtls_ssl_session_free()
  and mbedtls_ssl_free() would cause an internal session buffer to
  be free()'d twice. CVE-2021-44732

The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-16 12:41:49 +08:00