RepoMirrors/openwrt
1
0
Fork 0
mirror of git://git.openwrt.org/openwrt/openwrt.git synced 2024-12-30 18:52:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
54,659 Commits 10 Branches 76 Tags 240 MiB
7012f2e18f
Commit Graph

19404 Commits

Author SHA1 Message Date
Hauke Mehrtens
3aa18f71f9 mac80211: Update to version 5.15.58-1 
This updates mac80211 to version 5.15.58-1 which is based on kernel
5.15.58.
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2022-07-31 16:22:08 +02:00
Boris Krasnovskiy
d94c94d795 ustream-ssl: prevent unused crypto lib dependencies from being compiled 
Prevented unused crypto lib dependencies from being compiled

Signed-off-by: Boris Krasnovskiy <borkra@gmail.com>
 2022-07-31 00:11:21 +02:00
Boris Krasnovskiy
00718b9d7a hostapd: prevent unused crypto lib dependencies from being compiled 
Prevented unused crypto lib dependencies from being compiled

Signed-off-by: Boris Krasnovskiy <borkra@gmail.com>
 2022-07-31 00:11:21 +02:00
John Audia
c2aa816f28 wolfssl: fix math library build 
Apply upstream patch[1] to fix breakage around math libraries.
This can likely be removed when 5.5.0-stable is tagged and released.

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

1. https://github.com/wolfSSL/wolfssl/pull/5390

Signed-off-by: John Audia <therealgraysky@proton.me>
 2022-07-31 00:11:21 +02:00
Nick Hainke
7455457893 libcap: update to 2.65 
Changes:
a47d86d Up the release version to 2.65
fc99e56 Include more signatures in pgp.keys.asc.
52288cc Close out this comment in the go/Makefile
eb0f1df Prevent 'capsh --user=xxx --' from generating a bash error.
9a95791 Improve documentation for cap_get_pid and cap_reset_ambient.
21d08b0 Fix syntax error in DEBUG protected setcap.c code.
9425048 More useful captree usage string and man page.

Signed-off-by: Nick Hainke <vincent@systemli.org>
 2022-07-30 23:50:44 +02:00
Nick Hainke
97daddffd0 libcap: update to 2.64 
Changes:
38cfa2e Up the release version to 2.64
7617af6 Avoid a deadlock in forked psx thread exit.
fc029cb Include LIBCAP_{MAJOR,MINOR} #define's in sys/capability.h
ceaa591 Clarify how the cap_get_pid() argument is interpreted.
15cacf2 Fix prctl return code/errno handling in libcap.
aae9374 Be explicit about CGO_ENABLED=1 for compare-cap build.
66a8a14 psx: free allocated memory at exit.

Signed-off-by: Nick Hainke <vincent@systemli.org>
 2022-07-30 23:50:44 +02:00
Dávid Benko
f920908626 odhcp6c: update to latest git HEAD 
9212bfc odhcp6c: fix IA discard when T1 > 0 and T2 = 0

Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
 2022-07-30 23:50:44 +02:00
Daniel Golle
dbe53352e3 kernel: add kmod-nvme package 
Add driver for NVM Express block devices, ie. PCIe connected SSDs.

Targets which allow booting from NVMe (x86, maybe some mvebu boards come
to mind) should have it built-in, so rootfs can be mounted from there.
For targets without NVMe support in bootloader or BIOS/firmware it's
sufficient to provide the kernel module package.

On targets having the NVMe driver built-in the resulting kmod package
is an empty dummy. In any case, depending on or installing kmod-nvme
results in driver support being available (either because it was already
built-in or because the relevant kernel modules are added and loaded).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2022-07-30 19:04:36 +02:00
Daniel Golle
603aaceb42 uboot-mediatek: reorder patches 
Rename/reorder patches to avoid duplicate usage of 300-* prefix.
No functional changes.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2022-07-30 19:03:54 +02:00
Jo-Philipp Wich
0063e3421d wolfssl: make shared again 
Disable the usage of target specific CPU crypto instructions by default
to allow the package being shared again. Since WolfSSL does not offer
a stable ABI or a long term support version suitable for OpenWrt release
timeframes, we're forced to frequently update it which is greatly
complicated by the package being nonshared.

People who want or need CPU crypto instruction support can enable it in
menuconfig while building custom images for the few platforms that support
them.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2022-07-30 12:21:54 +02:00
Rafał Miłecki
a8e1e30543 uboot-bcm4908: include SoC in output files 
This fixes problem of overwriting BCM4908 U-Boot and DTB files by
BCM4912 ones. That bug didn't allow booting BCM4908 devices.

Fixes: f4c2dab544 ("uboot-bcm4908: add BCM4912 build")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
 2022-07-25 18:13:12 +02:00
Christian Lamparter
d4391ef073 layerscape: update remaining PKG_HASH / PKG_MIRROR_HASH 
The change of the PKG_VERSION caused the hash of the package to
change. This is because the PKG_VERSION is present in the
internal directory structure of the archive.

Fixes: e879cccaa215 ("uboot-layerscape: update PKG_HASH")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-22 22:03:27 +02:00
David Bauer
a0b7fef0ff ramips: add support for ZyXEL NWA50AX / NWA55AXE 
Hardware
--------
CPU:    Mediatek MT7621
RAM:    256M DDR3
FLASH:  128M NAND
ETH:    1x Gigabit Ethernet
WiFi:   Mediatek MT7915 (2.4/5GHz 802.11ax 2x2 DBDC)
BTN:    1x Reset (NWA50AX only)
LED:    1x Multi-Color (NWA50AX only)

UART Console
------------
NWA50AX:
Available below the rubber cover next to the ethernet port.
NWA55AXE:
Available on the board when disassembling the device.

Settings: 115200 8N1

Layout:

<12V> <LAN> GND-RX-TX-VCC

Logic-Level is 3V3. Don't connect VCC to your UART adapter!

Installation Web-UI
-------------------
Upload the Factory image using the devices Web-Interface.

As the device uses a dual-image partition layout, OpenWrt can only
installed on Slot A. This requires the current active image prior
flashing the device to be on Slot B.

If the currently installed image is started from Slot A, the device will
flash OpenWrt to Slot B. OpenWrt will panic upon first boot in this case
and the device will return to the ZyXEL firmware upon next boot.

If this happens, first install a ZyXEL firmware upgrade of any version
and install OpenWrt after that.

Installation TFTP
-----------------
This installation routine is especially useful in case
 * unknown device password (NWA55AXE lacks reset button)
 * bricked device

Attach to the UART console header of the device. Interrupt the boot
procedure by pressing Enter.

The bootloader has a reduced command-set available from CLI, but more
commands can be executed by abusing the atns command.

Boot a OpenWrt initramfs image available on a TFTP server at
192.168.1.66. Rename the image to owrt.bin

 $ atnf owrt.bin
 $ atna 192.168.1.88
 $ atns "192.168.1.66; tftpboot; bootm"

Upon booting, set the booted image to the correct slot:

 $ zyxel-bootconfig /dev/mtd10 get-status
 $ zyxel-bootconfig /dev/mtd10 set-image-status 0 valid
 $ zyxel-bootconfig /dev/mtd10 set-active-image 0

Copy the OpenWrt ramboot-factory image to the device using scp.
Write the factory image to NAND and reboot the device.

 $ mtd write ramboot-factory.bin firmware
 $ reboot

Signed-off-by: David Bauer <mail@david-bauer.net>
 2022-07-20 21:52:06 +02:00
Hauke Mehrtens
d1b5d17d03 wolfssl: Do not activate HW acceleration on armvirt by default 
The armvirt target is also used to run OpenWrt in lxc on other targets
like a Raspberry Pi. If we set WOLFSSL_HAS_CPU_CRYPTO by default the
wolfssl binray is only working when the CPU supports the hardware crypto
extension.

Some targets like the Raspberry Pi do not support the ARM CPU crypto
extension, compile wolfssl without it by default. It is still possible
to activate it in custom builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2022-07-20 17:02:45 +02:00
Eneas U de Queiroz
bc43ad88ed
uencrypt: add package to decrypt WG4хх223 config 
This adds a simple AES-128-CBC encryption/decryption program using
either wolfSSL or OpenSSL as backend to decrypt Arcadyan WG4xx223
configuration partitions.  The ipk size is 3,355 bytes.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
 2022-07-19 14:53:29 +02:00
Oleg S
6c7e337c80
ramips: Add support command fw_setsys for Xiaomi routers 
The system parameters are contained in the Bdata partition.
To use the fw_setsys command, you need to create a file
fw_sys.config.
This file is created after calling the functions
ubootenv_add_uci_sys_config and ubootenv_add_app_config.

Signed-off-by: Oleg S <remittor@gmail.com>
[ wrapped commit description to 72 char ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
 2022-07-19 14:40:21 +02:00
Rosen Penev
5ad67cc513 libiconv-full: add host build 
Now that libiconv-stub is gone, a replacement for its host build is
needed.

Fixes: c0ba4201f837 ("libiconv-stub: remove")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-17 14:21:03 +02:00
Christian Lamparter
b479db9062 sdk: add spidev-test to the bundle of userspace sources 
moves and extends the current facilities, which have been
added some time ago for the the usbip utility, to support
more utilites that are shipped with the Linux kernel tree
to the SDK.

this allows to drop all the hand-waving and code for
failed previous attempts to mitigate the SDK build failures.

Fixes: bdaaf66e28bd ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-17 14:19:21 +02:00
Catalin Toda
488b25f5ac kernel: netconsole: add network console logging support 
Accessing the console on many devices is difficult.
netconsole eases debugging on devices that crash
after the network is up.

Reference to the netconsole documentation in upstream Linux:
<https://www.kernel.org/doc/html/latest/networking/netconsole.html>
|
|netconsole=[+][src-port]@[src-ip]/[<dev>],[tgt-port]@<tgt-ip>/[tgt-macaddr]
|
| where
|  +            if present, enable extended console support
|  src-port     source for UDP packets (defaults to 6665)
|  src-ip       source IP to use (interface address)
|  dev          network interface (eth0)
|  tgt-port     port for logging agent (6666)
|  tgt-ip       IP address for logging agent
|  tgt-macaddr  ethernet MAC address for logging agent (broadcast)

OpenWrt specific notes:

OpenWrt's device userspace scripts are attaching the network
interface (i.e. eth0) to a (virtual) bridge (br-lan) device.
This will cause netconsole to report:
|network logging stopped on interface eth0 as it is joining a master device
(and unfortunately the traffic/logs to stop at this point)

As a workaround, the netconsole module can be manually loaded
again after the bridge has been setup with:

 insmod netconsole netconsole=@/br-lan,@192.168.1.x/MA:C...

One way of catching errors before the handoff, try to
append the /etc/modules.conf file with the following extra line:
 options netconsole netconsole=@/eth0,@192.168.1.x/MA:C...

and install the kmod-netconsole (=y) into the base image.

Signed-off-by: Catalin Toda <catalinii@yahoo.com>
(Added commit message from PR, added links to documentation)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-17 14:18:42 +02:00
Christian Lamparter
e879cccaa2 uboot-layerscape: update PKG_HASH 
The change of the PKG_VERSION caused the hash of the package to
change. This is because the PKG_VERSION is present in the
internal directory structure of the uboot-layerscape-21.08.tar.xz
archive.

i.e:
 # tar tf uboot-layerscape-21.08.tar.xz:

uboot-layerscape-21.08/
uboot-layerscape-21.08/.azure-pipelines.yml
uboot-layerscape-21.08/.checkpatch.conf
uboot-layerscape-21.08/.gitattributes
uboot-layerscape-21.08/.github/
[...]

vs.

 # tar tf uboot-layerscape-LSDK-21.08.tar.xz
uboot-layerscape-LSDK-21.08/
uboot-layerscape-LSDK-21.08/.azure-pipelines.yml
uboot-layerscape-LSDK-21.08/.checkpatch.conf
uboot-layerscape-LSDK-21.08/.gitattributes
uboot-layerscape-LSDK-21.08/.github/
[...]

the (file) content of both archives are otherwise the same.

The PKG_HASH was taken from the builder log:
| Hash of the local file uboot-layerscape-21.08.tar.xz does not match
|(file: 54909a98bdcc26c7f9b35b35fcae09b977ecbf044be7bffa6dad9306c47cccf6,
|requested: 874e871755ef84ebbf3[...]) - deleting download.

without this update, the uboot-layerscape-21.08 package would
always try to download (from git), repacked the archive and
reupload to sources.openwrt.org (~14 MiB saved).

Fixes: 038d5bdab117 ("layerscape: use semantic versions for LSDK")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-17 14:14:54 +02:00
Rosen Penev
5dca7d7015 mbedtls: build with PIC 
Fixes compilation with GCC12 and dependent packages for some reason.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2022-07-17 13:43:48 +02:00
Christian Lamparter
e3a1d3ba15 ipq-wifi: remove dangling GL.iNet GL-B2200 boardfiles 
those board files can/should be dropped now too.

Fixes: 50c232d6f446 ("ipq-wifi: drop upstreamed board-2.bin")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-17 13:43:48 +02:00
Christian Lamparter
e0e6444930 nu801: fix DEPENDS on bcm53xx 
the tacked on @TARGET_bcm53xx causes warnings:
tmp/.config-package.in:14027:warning: ignoring unsupported character '@'
tmp/.config-package.in:26028:warning: ignoring unsupported character '@'

this was wrong.

Fixes: be1761fa14 ("nu801: add MR26 to the table")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-17 13:43:48 +02:00
Christian Marangi
e62d1edd6b
procd: update to git HEAD 
ef5d3e3 jail: fix various ignoring return value compilation warning
8e4a956 jail: add WARNING macro to log non critical warning message

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
 2022-07-17 13:21:45 +02:00
Christian Marangi
d58ce80080
fstools: update to git HEAD 
ebf7e90 libfstools: handle gzip return value in block_volume_format

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
 2022-07-17 13:21:45 +02:00
Christian Marangi
ef3d0a3029
ubox: update to latest git HEAD 
46a33b8 kmodloader: fix compilation warning with not checking return of asprintf

Also switch PKG_RELEASE to AUTORELEASE.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
 2022-07-17 03:12:45 +02:00
Eneas U de Queiroz
9710fe70a6
wolfssl: bump to 5.4.0 
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.

The patch fixing x86 aesni build has been merged upstream.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
 2022-07-16 22:22:40 +02:00
Christian Lamparter
be1761fa14 nu801: add MR26 to the table 
The MR26 uses a NU801 for the RGB-Leds. Make the LEDs
available.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-15 15:21:44 +02:00
Christian Lamparter
cb3d0250db module/firmware: remove intersil PRISM54 support 
the legacy driver was dropped in linux 5.14-rc3:
commit d249ff28b1d8 ("intersil: remove obsolete prism54 wireless driver")

Quoting Lukas Bulwahn:
"p54 replaces prism54 so users should be unaffected."

Reported-by: Marius Dinu <m95d+git@psihoexpert.ro>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-15 15:21:44 +02:00
Christian Lamparter
f0c1d26738 utils/spidev_test: side-step build-system woes 
The spidev_test is build in phase2 even though it should be disabled.
My best guess is that we hit the same issue that I had with nu801.
The build-system thinks it's a tool that is necessary for
building the kernel.

In this case, the same fix (adding a dependency on the presence of
the module) could work in this case as well?

Fixes: bdaaf66e28 ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-15 15:21:44 +02:00
Christian Lamparter
50c232d6f4 ipq-wifi: drop upstreamed board-2.bin 
The BDFs for the:
	GL.iNet GL-B2200

were upstreamed to the ath10k-firmware repository
and landed in linux-firmware.git

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-15 15:21:44 +02:00
Christian Lamparter
fffb8cacf1 linux-firmware: Update to version 20220610 
git log --pretty=oneline --abbrev-commit 20220509..20220610 (sorted)

amdgpu:
4458bb4 amdgpu: update yellow carp DMCUB firmware
9ed4d42 amdgpu: update Yellow Carp VCN firmware
251d290 amdgpu: update beige goby firmware for 22.10
d4346b3 amdgpu: update renoir firmware for 22.10
b3df9c4 amdgpu: update dimgrey cavefish firmware for 22.10
e1b0a1c amdgpu: update vega20 firmware for 22.10
4a0d163 amdgpu: update yellow carp firmware for 22.10
e8f2e54 amdgpu: update vega12 firmware for 22.10
7a7f84a amdgpu: update navy flounder firmware for 22.10
5a6a482 amdgpu: update vega10 firmware for 22.10
4ee52ee amdgpu: update raven2 firmware for 22.10
e2d460f amdgpu: update raven firmware for 22.10
5b52a90 amdgpu: update sienna cichlid firmware for 22.10
c8268e6 amdgpu: update green sardine firmware for 22.10
f29f5b5 amdgpu: update PCO firmware for 22.10
95b5b3f amdgpu: update vangogh firmware for 22.10
6dcbd01 amdgpu: update navi14 firmware for 22.10
f803fbd amdgpu: update navi12 firmware for 22.10
8923000 amdgpu: update navi10 firmware for 22.10
4b2af01 amdgpu: update aldebaran firmware for 22.10

ath10k:
2aa4da3 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00157
f7cc4b4 ath10k: QCA9888 hw2.0: update board-2.bin
e9e987d ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00157
866b5b2 ath10k: QCA4019 hw1.0: update board-2.bin

intel:
ac640f0 linux-firmware: Update firmware file for Intel Bluetooth 9462
38dd3f2 linux-firmware: Update firmware file for Intel Bluetooth 9462
72e1216 linux-firmware: Update firmware file for Intel Bluetooth 9560
94c49b4 linux-firmware: Update firmware file for Intel Bluetooth 9560
e4971d1 linux-firmware: Update firmware file for Intel Bluetooth AX201
78c3731 linux-firmware: Update firmware file for Intel Bluetooth AX201
12564a2 linux-firmware: Update firmware file for Intel Bluetooth AX211
edc709e linux-firmware: Update firmware file for Intel Bluetooth AX211
9546d55 linux-firmware: Update firmware file for Intel Bluetooth AX210
111bd14 linux-firmware: Update firmware file for Intel Bluetooth AX200
ac67ec3 linux-firmware: Update firmware file for Intel Bluetooth AX201
99cb4b0 iwlwifi: add new FWs from core70-87 release
7073b8a iwlwifi: update 9000-family firmwares to core70-87
f9e0b9f iwlwifi: remove old unsupported 3160/7260/7265/8000/8265 firmware
7d118ce linux-firmware: Update firmware file for Intel Bluetooth 9462
30dcf82 linux-firmware: Update firmware file for Intel Bluetooth 9462
7d141a6 linux-firmware: Update firmware file for Intel Bluetooth 9560
741fee8 linux-firmware: Update firmware file for Intel Bluetooth 9560
e7214a2 linux-firmware: Update firmware file for Intel Bluetooth AX201
0e3e49a linux-firmware: Update firmware file for Intel Bluetooth AX201
46cfae6 linux-firmware: Update firmware file for Intel Bluetooth AX211
16c926e linux-firmware: Update firmware file for Intel Bluetooth AX211
f293900 linux-firmware: Update firmware file for Intel Bluetooth AX210
41386cc linux-firmware: Update firmware file for Intel Bluetooth AX200
62235c9 linux-firmware: Update firmware file for Intel Bluetooth AX201

realtek:
7eef50f rtw88: 8822c: Update normal firmware to v9.9.13
23b5428 rtw88: 8822c: Update normal firmware to v9.9.12

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-15 15:21:44 +02:00
Rosen Penev
c0ba4201f8 libiconv-stub: remove 
No longer used.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2022-07-15 15:21:44 +02:00
Christian Lamparter
2747a94f09 firmware: intel-microcode: update to 20220510 
Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>:

 * New upstream microcode datafile 20220419
  * Fixes errata APLI-11 in Atom E3900 series processors
  * Updated Microcodes:
    sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384

 * New upstream microcode datafile 20220510
  * Fixes INTEL-SA-000617, CVE-2022-21151:
    Processor optimization removal or modification of security-critical
    code may allow an authenticated user to potentially enable information
    disclosure via local access (closes: #1010947)
  * Fixes several errata (functional issues) on Xeon Scalable, Atom C3000,
    Atom E3900
  * New Microcodes:
    sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
    sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
    sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
  * Updated Microcodes:
    sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224
    sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496
    sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816
    sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008
    sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888
    sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888
    sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696
    sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408
    sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568
    sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264
    sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912
    sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776
    sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776
    sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640
    sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816
    sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568
    sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280
    sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400
    sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472
    sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472
    sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480
    sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480
    sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544
    sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
    sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
    sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448
    sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256
    sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280
    sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256
    sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256
    sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256
    sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-15 15:21:44 +02:00
Christian Lamparter
3b3eaf31cb ipq40xx: R619AC: replace space with - separator in variant string 
Kalle:
"I see that variant has a space in it, does that work it correctly? My
original idea was that spaces would not be allowed, but didn't realise
to add a check for that."

Is this an easy change? Because the original author (Tim Davis) noted:
"You may substitute the & and space with something else saner if they
prove to be problematic."

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 2022-07-15 15:21:44 +02:00
Manuel Giganto
d12eb103e8
hostapd: add ppsk option (private psk) 
This PR allows a user to enable a private psk, where each station
may have it's own psk or use a common psk if it is not defined.
The private psk is defined using the sta's mac and a radius server
is required.

ppsk option should be enabled in the wireless configuration along with
radius server details. When using PPSK, the key is ignored, it will be
retrieved from radius server. SAE is not yet supported (private sae) in
hostapd.

Wireless example configuration:
	option encryption 'psk2+ccmp'
	option ppsk '1'
	option auth_server '127.0.0.1'
	option auth_secret 'radiusServerPassword'

If you want to use dynamic VLAN on PPSK also include:
	option dynamic_vlan '2'
	option vlan_tagged_interface 'eth0'
	option vlan_bridge 'br-vlan'
	option vlan_naming '0'

It works enabling mac address verification on radius server and
requiring the tunnel-password (the private psk) from radius server.

In the radius server we need to configure the users. In case of
freeradius: /etc/freeradius3/mods-config/files/authorize
The user and Cleartext-Password should be the mac lower case using the
format "aabbccddeeff"

<sta mac> Cleartext-Password := "<sta mac>"
	Tunnel-Password = <Private Password>

Example of a user configured in radius and using dynamic VLAN5:

8cb84a000000 Cleartext-Password := "8cb84a000000"
	Tunnel-Type = VLAN,
	Tunnel-Medium-Type = IEEE-802,
	Tunnel-Private-Group-ID = 5,
	Tunnel-Password = MyPrivPw

If we want to have a default or shared psk, used when the mac is not
found in the list, we need to add the following at the end of the radius
authorize file:

DEFAULT Auth-Type := Accept
	Tunnel-Password = SharedPw

And if using VLANs, for example VLAN6 for default users:
DEFAULT Auth-Type := Accept
	Tunnel-Type = VLAN,
	Tunnel-Medium-Type = IEEE-802,
	Tunnel-Private-Group-ID = 6,
	Tunnel-Password = SharedPw

Signed-off-by: Manuel Giganto <mgigantoregistros@gmail.com>
 2022-07-15 08:20:36 +02:00
Rosen Penev
4dc198a74e
strace: add nls.mk 
Needed when building with libdw and CONFIG_BUILD_NLS, mostly for the
rpath-link.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2022-07-15 07:07:59 +02:00
Michael Pratt
ba7da73680 firewall3: update file hash 
the hash and timestamp of the remote copy of the archive
has changed since last bump
meaning the remote archive copy was recreated

Signed-off-by: Michael Pratt <mcpratt@pm.me>
 2022-07-14 17:09:06 +01:00
Daniel Golle
e0e74d8a2c uboot-mediatek: unbreak build with binman 
swig has been installed on the buildbots a while a ago and
Petr Štetiar got a fix for the pylibfdt error. Use that and re-enable
the builds for mt7620 and mt7621.
Refresh patches while at it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2022-07-13 11:38:57 +01:00
Daniel Golle
7659ee1e27 uboot-mediatek: add support for UBI EOF marker 
Let U-Boot handle free space in UBI partitions by recognizing the EOF
marker OpenWrt is using as well for that purpose.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2022-07-13 11:38:57 +01:00
Felix Fietkau
9f1d622328 mac80211: fix AQL issue with multicast traffic 
Exclude multicast from pending AQL budget

Signed-off-by: Felix Fietkau <nbd@nbd.name>
 2022-07-13 10:35:39 +02:00
Claudiu Beznea
95a24b5479 uboot-at91: fix build on buildbots 
Buidbots are throwing the following compile error:

In file included from tools/aisimage.c:9:
include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
            ^~~~~~~~~~~~~~~
compilation terminated.

Fix it by passing `UBOOT_MAKE_FLAGS` variable to make.

Suggested-by: Petr Štetiar <ynezz@true.cz>
Fixes: 6d5611af28 ("uboot-at91: update to linux4sam-2022.04")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
 2022-07-13 09:00:59 +02:00
Daniel Golle
a7a3a04a2c
uboot-mediatek: mark mt7620 build as @BROKEN 
Turns out also mt7620 build has a more hidden dependency on binman.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2022-07-12 21:31:38 +01:00
Daniel Golle
e760f065c6
uboot-mediatek: mark MT7621 variants as @BROKEN 
Building U-Boot for the MT7621 SoC requires binman, a Python-based
host tool to generate images. For now, binman cannot work inside the
OpenWrt build system because it requires swig, so mark the MT7621
boards as borken to fix the ramips/mt7621 build until someone with
knowledge about Python and swig fixes the underlaying issue.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2022-07-12 19:58:13 +01:00
Petr Štetiar
64fb5ae67a uboot-imx: pico-pi-imx7d: fix wrong make flags overriding 
Buidbots are currently choking on the following compile error:

 In file included from tools/aisimage.c:9:
 include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
  #  include <openssl/evp.h>
             ^~~~~~~~~~~~~~~
 compilation terminated.

This is caused by a complete overriding of make flags which are provided
correctly in `UBOOT_MAKE_FLAGS` variable, but currently overriden
instead of extended. This then leads to the usage of build host include
dirs, which are not available.

Fix it by extending `UBOOT_MAKE_FLAGS` variable like it was done in
commit 481339a042 ("uboot-imx: fix wrong make flags overriding").

Fixes: 7094e65503 ("uboot-imx: add support for TechNexion PICO-PI-IMX7D")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
 2022-07-12 09:25:43 +02:00
Daniel Golle
2f7fb57c12
uboot-ramips: add support for MT7621, merge into uboot-mediatek 
* Merge uboot-ramips into uboot-mediatek.
* Port support for the RAVPower RP WD009 to U-Boot 2022.07.
* Add support for MT7621 and add builds for the reference boards.
* Add builds for MT7620 and MT7628 reference boards.

This should help to make development of U-Boot-level board support for
all MediaTek targets much easier.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2022-07-11 21:27:24 +01:00
Daniel Golle
fa75a3a935
uboot-mediatek: update to 2022.07 release 
Add patch to fix host-build of the mkimage tool without
CONFIG_TOOLS_LIBCRYPTO.
Update and refresh all patches.

Tested on BananaPi R64 (MT7622) successfully booting from SD card,
eMMC and SPI-NAND.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2022-07-11 17:13:22 +01:00
Lech Perczak
e62f1388c3 uboot-envtools: imx: cortexa7: add TechNexion PICO-PI-IMX7D 
Add configuration for upstream U-Boot environment for booting from eMMC.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
 2022-07-11 14:28:03 +02:00
Lech Perczak
7094e65503 uboot-imx: add support for TechNexion PICO-PI-IMX7D 
Add mainline U-Boot flavour for TechNexion PICO-PI-IMX7D board, using
DM and upstream default configuration, storing payload in sector 138
of eMMC.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[pepe2k@gmail.com: fixed BUILD_DEVICES value]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
 2022-07-11 14:18:40 +02:00
Lech Perczak
2e297377bf cypress-nvram: support BCM4339 on TechNexion PICO-PI-IMX7D 
This board features an AP6335 system-in-package combination of Wi-Fi and
Bluetooth module based on BCM4339.

Support is borrowed directly from the following Buildroot commit:
095420e05ae5: ("configs/imx7dpico: Add Wifi support").

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
 2022-07-11 14:18:40 +02:00