openwrt/staging/dedeckeh.git
19 months agomediatek: bpi-r3: allow up to 3W per SFP module
Daniel Golle [Tue, 18 Apr 2023 18:09:01 +0000 (19:09 +0100)]
mediatek: bpi-r3: allow up to 3W per SFP module

According to SinoVoip up to 3A @ 3.3V are available for both
SFP modules together. Raise energy limit from 1W (default) to 3W,
however, be aware that using modules consuming more than 1W will
require active cooling!

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
20 months agotools/dwarves: update to 1.25
Nick Hainke [Wed, 12 Apr 2023 19:50:29 +0000 (21:50 +0200)]
tools/dwarves: update to 1.25

Remove AUTORELEASE and HOST_BUILD_PARALLEL.

Release Notes:
https://lore.kernel.org/dwarves/ZDG4qxirpIfmbiip@kernel.org/T/#u

Signed-off-by: Nick Hainke <vincent@systemli.org>
20 months agokernel: fix up qrtr packaging after 5.15.107 bump
Stefan Lippers-Hollmann [Sun, 16 Apr 2023 09:57:42 +0000 (05:57 -0400)]
kernel: fix up qrtr packaging after 5.15.107 bump

qrtr/ns.ko is now merged into qrtr/qrtr.ko, so drop the individual module packaging.

Fixes: f4989239cc91 ("kernel: bump 5.15 to 5.15.107")
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> #ipq807x/ax3600, x86_64/FW-7543B, mt7621/dap-x1860
20 months agokernel: bump 5.15 to 5.15.107
John Audia [Thu, 13 Apr 2023 17:28:17 +0000 (13:28 -0400)]
kernel: bump 5.15 to 5.15.107

All  patches automatically rebased.

Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod

Signed-off-by: John Audia <therealgraysky@proton.me>
20 months agotools/cmake: update to 3.26.3
Nick Hainke [Sun, 16 Apr 2023 21:05:05 +0000 (23:05 +0200)]
tools/cmake: update to 3.26.3

Release Notes:
- https://www.kitware.com/cmake-3-26-1-available-for-download/
- https://www.kitware.com/cmake-3-26-2-available-for-download/
- https://www.kitware.com/cmake-3-26-3-available-for-download/

Signed-off-by: Nick Hainke <vincent@systemli.org>
20 months agomwlwifi: update to version 10.3.9.0-20230311
Kabuli Chana [Tue, 11 Apr 2023 22:52:56 +0000 (16:52 -0600)]
mwlwifi: update to version 10.3.9.0-20230311

upstream PR 408 improvements:
 -Fix AMSDU packets unused
 -Removed the ASMDU packets queue
 -Add more info in the iw tool
 -fix is_hw_crypto_enabled
 -Optimization AMPDU_TX_OPERATIONAL (avoid a spinlock)

change to wongsyrone mod

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
20 months agobmips: pci-bcm6348: load IO resource from DT ranges
Álvaro Fernández Rojas [Tue, 18 Apr 2023 18:11:28 +0000 (20:11 +0200)]
bmips: pci-bcm6348: load IO resource from DT ranges

Correctly load IO resource from DT ranges and remove the specific IO resource.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agobmips: drop unneeded ath9k fixup
Álvaro Fernández Rojas [Mon, 10 Apr 2023 10:00:02 +0000 (12:00 +0200)]
bmips: drop unneeded ath9k fixup

We no longer need the custom ath9k fixup now that we're using the standard
kmod-owl-loader.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agobmips: hg556a: switch to kmod-owl-loader
Álvaro Fernández Rojas [Mon, 10 Apr 2023 09:54:02 +0000 (11:54 +0200)]
bmips: hg556a: switch to kmod-owl-loader

Stop using custom ath9k fixup and switch to standard kmod-owl-loader

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agotools/bzip2: add `bzip2` binaries
Tony Butler [Wed, 30 Nov 2022 14:19:37 +0000 (06:19 -0800)]
tools/bzip2: add `bzip2` binaries

`bzip2` is the standard executable for bzip2 compression

this includes development includes and both static and shared libs
(libbz2) which can be used by other packages

the initramfs generator offers the BZIP2 option but there was no
executable to support it, and worked only via side effect of having a
system-installed version of bzip2, which could be less predictable

Signed-off-by: Tony Butler <spudz76@gmail.com>
[ remove unintended change ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
20 months agoRevert "tools/bzip2: add `bzip2` binaries"
Christian Marangi [Tue, 18 Apr 2023 13:22:48 +0000 (15:22 +0200)]
Revert "tools/bzip2: add `bzip2` binaries"

This reverts commit 394d7134ec42f14ddb91769c737098753fa68266.

The commit has unintentded change that cause compilation error with SDK
or LZO compression.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
20 months agomac80211: ath11k: replace 160MHz fix with upstream pending one
Robert Marko [Tue, 18 Apr 2023 08:35:47 +0000 (10:35 +0200)]
mac80211: ath11k: replace 160MHz fix with upstream pending one

QCA has finally sent a proper fixup for the 160MHz regression upstream,
so lets use the pending fix which also properly sets center frequency 2
in case 80+80 MHz is used.

Signed-off-by: Robert Marko <robimarko@gmail.com>
20 months agobuild: fix incorrect initramfs gzip compression
Tony Butler [Tue, 18 Apr 2023 02:32:18 +0000 (19:32 -0700)]
build: fix incorrect initramfs gzip compression

Requires: tools/libdeflate

fix consistency of executable to use
`$(STAGING_DIR_HOST)/bin/libdeflate-gzip`, and not system-installed ones
from the usual environment `PATH`;
this affects option `CONFIG_KERNEL_INITRAMFS_COMPRESSION_GZIP`

this may have worked in the past but only via side effect of having the
binaries on the host system (and whatever unpredictable version or
patchset those might be), and did not use the improved but totally
compatible libdeflate-gzip

Fixes: 330bd380e8b6 ("image: allow building FIT and uImage with ramdisk")
Signed-off-by: Tony Butler <spudz76@gmail.com>
20 months agobuild: fix incorrect initramfs bzip2 compression
Tony Butler [Tue, 18 Apr 2023 02:28:36 +0000 (19:28 -0700)]
build: fix incorrect initramfs bzip2 compression

Requires: tools/bzip2

fix consistency of executable to use `$(STAGING_DIR_HOST)/bin/bzip2`, and
not system-installed ones from the usual environment `PATH`;
this affects option `CONFIG_KERNEL_INITRAMFS_COMPRESSION_BZIP2`

this may have worked in the past but only via side effect of having the
binaries on the host system (and whatever unpredictable version or
patchset those might be)

Fixes: 330bd380e8b6 ("image: allow building FIT and uImage with ramdisk")
Signed-off-by: Tony Butler <spudz76@gmail.com>
20 months agotools/bzip2: add `bzip2` binaries
Tony Butler [Wed, 30 Nov 2022 14:19:37 +0000 (06:19 -0800)]
tools/bzip2: add `bzip2` binaries

`bzip2` is the standard executable for bzip2 compression

this includes development includes and both static and shared libs
(libbz2) which can be used by other packages

the initramfs generator offers the BZIP2 option but there was no
executable to support it, and worked only via side effect of having a
system-installed version of bzip2, which could be less predictable

Signed-off-by: Tony Butler <spudz76@gmail.com>
20 months agoath79: mikrotik: update kernel on NAND using Yafut
Michał Kępień [Sat, 1 Apr 2023 18:54:14 +0000 (20:54 +0200)]
ath79: mikrotik: update kernel on NAND using Yafut

Instead of erasing the entire NAND partition holding the kernel during
every system upgrade and then flashing a Yaffs file system image
prepared using kernel2minor (not accounting for bad blocks in the
process), use the Yafut utility to replace the kernel executable on
MikroTik NAND devices, preserving the existing Yaffs file system
(including bad block information) on the partition holding the kernel.

Add Yafut to DEFAULT_PACKAGES for the ath79/mikrotik target, so that the
tool is included in the initramfs images created when building for
multiple profiles.  However, exclude Yafut from the images built for
MikroTik devices with NOR flash as the tool is currently only meant to
be used on devices with NAND flash.

As this addresses the concerns for MikroTik NAND devices discussed in
commit 9d96b6fb72 ("ath79/mikrotik: disable building NAND images"),
re-enable building images for these devices.

Signed-off-by: Michał Kępień <openwrt@kempniu.pl>
20 months agoyafut: add a kernel update tool for MikroTik NAND
Michał Kępień [Fri, 31 Mar 2023 10:40:31 +0000 (12:40 +0200)]
yafut: add a kernel update tool for MikroTik NAND

Commit 9d96b6fb72 ("ath79/mikrotik: disable building NAND images")
disabled building images for MikroTik devices with NAND flash due to a
less than satisfactory method used for updating the kernel on those
devices back then.

To address the problem, add support for updating the kernel on MikroTik
devices with NAND flash using a new tool, Yafut, which enables copying
files from/to Yaffs file systems even if the kernel does not have native
support for the Yaffs file system compiled in.  Instead of erasing the
entire NAND partition holding the kernel during every system upgrade
(which is what the previously-used approach employing kernel2minor
involved), Yafut preserves the Yaffs filesystem present on that
partition and only replaces the kernel executable.  This allows bad
block information to be preserved across sysupgrade runs and also
enables wear leveling on the NAND partition holding the kernel.  Yafut
does not rely on kernel2minor in any way and intends to eventually
supersede the latter for NAND devices.

Signed-off-by: Michał Kępień <openwrt@kempniu.pl>
20 months agokernel: backport MEMREAD ioctl
Michał Kępień [Fri, 31 Mar 2023 10:40:31 +0000 (12:40 +0200)]
kernel: backport MEMREAD ioctl

MEMREAD is a new ioctl for MTD character devices that was first included
in Linux 6.1.  It allows userspace applications to use the Linux
kernel's OOB autoplacement mechanism while reading data from NAND
devices.  The Yafut tool needs this ioctl to do its job.

Signed-off-by: Michał Kępień <openwrt@kempniu.pl>
20 months agoath79: mikrotik: drop unused files from ramdisk
Michał Kępień [Fri, 31 Mar 2023 10:40:31 +0000 (12:40 +0200)]
ath79: mikrotik: drop unused files from ramdisk

The ramdisk used by sysupgrade on MikroTik devices currently includes
U-Boot fw_* files that are not necessary for performing a system upgrade
on that platform.  The relevant lines were added to
target/linux/ath79/mikrotik/base-files/lib/upgrade/platform.sh by commit
a66eee6336 ("ath79: add mikrotik subtarget"), likely because they also
existed in target/linux/ath79/nand/base-files/lib/upgrade/platform.sh,
where the platform_do_upgrade_mikrotik_nand() function moved by commit
a66eee6336 originally lived.  However, these lines were added to
target/linux/ath79/nand/base-files/lib/upgrade/platform.sh by commit
55e6c903ae ("ath79: GL-AR300M: provide NAND support; increase to 4 MB
kernel"), which is not related to MikroTik devices in any way.

Remove the code adding unused U-Boot fw_* files to the ramdisk used by
sysupgrade on MikroTik devices.

Signed-off-by: Michał Kępień <openwrt@kempniu.pl>
20 months agomac80211: update to v6.1.24
Felix Fietkau [Mon, 17 Apr 2023 15:17:16 +0000 (17:17 +0200)]
mac80211: update to v6.1.24

Drop patches accepted upstream

Signed-off-by: Felix Fietkau <nbd@nbd.name>
20 months agoath79: create Aruba AP-105 APBoot compatible image
David Bauer [Mon, 17 Apr 2023 17:15:22 +0000 (19:15 +0200)]
ath79: create Aruba AP-105 APBoot compatible image

Alter the Aruba AP-105 image generation process so OpenWrt can be loaded
with the vendor Aruba APBoot.

This works by prepending the OpenWrt LZMA loader to the uImage and
jumping directly to the loader. Aruba does not offer bootm on these
boards.

This approach keeps compatibility to devices which had their U-Boot
replaced. Both bootloaders can boot the same image.

The same modification is most likely also possible for the Aruba AP-175.

With this patch, new installations do not require replacing the
bootloader and can be performed from the serial console without opening
the case.

Installation
------------

1. Attach to the serial console of the AP-105.
   Interrupt autoboot and change the U-Boot env.

   $ setenv apb_rb_openwrt "setenv ipaddr 192.168.1.1;
     setenv serverip 192.168.1.66;
     netget 0x84000000 ap105.bin; go 0x84000040"
   $ setenv apb_fb_openwrt "cp.b 0xbf040000 0x84000000 0x10000;
     go 0x84000040"
   $ setenv bootcmd "run apb_fb_openwrt"
   $ saveenv

2. Load the OpenWrt initramfs image on the device using TFTP.
   Place the initramfs image as "ap105.bin" in the TFTP server
   root directory, connect it to the AP and make the server reachable
   at 192.168.1.66/24.

   $ run apb_rb_openwrt

3. Once OpenWrt booted, transfer the sysupgrade image to the device
   using scp and use sysupgrade to install the firmware.

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agofirmware-utils: update to latest HEAD
David Bauer [Mon, 17 Apr 2023 16:58:15 +0000 (18:58 +0200)]
firmware-utils: update to latest HEAD

e8191eb tplink-safeloader: increase support-list size for AX23 v1

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agotools/libdeflate: update to 1.18
Nick Hainke [Thu, 6 Apr 2023 06:37:50 +0000 (08:37 +0200)]
tools/libdeflate: update to 1.18

Release Notes:
https://github.com/ebiggers/libdeflate/blob/master/NEWS.md#version-118

Signed-off-by: Nick Hainke <vincent@systemli.org>
20 months agoath79: fix LED pinout for Comfast CF-E314N v2
Mark Onstid [Fri, 7 Apr 2023 15:21:48 +0000 (11:21 -0400)]
ath79: fix LED pinout for Comfast CF-E314N v2

In addition to standardizing LED names to match the rest of the systems, this
commit fixes a possibly erroneous pinout for LEDs in Comfast CF-E314N v2.

In particular, rssimediumhigh and rssihigh are moved from pins 13 and 14 to
14 and 16 respectively. In addition to working on a test device, this pinout
better matches the one set out in the prototype support patch for the device
in Github PR #1873.

Signed-off-by: Mark Onstid <turretkeeper@mail.com>
20 months agoramips: add Xiaomi RA75 red signal led
Oleksandr Zharov [Sat, 15 Apr 2023 20:23:41 +0000 (23:23 +0300)]
ramips: add Xiaomi RA75 red signal led

RA75 has 5 physical LEDs under 2 indicators, mixed with light pipes:
Indicator "System":
  GPIO0: blue
  GPIO2: amber
Indicator "Signal":
  GPIO44: blue
  GPIO37: amber
  GPIO46: red

All except GPIO46 were already added by Jo Deisenhofer. GPIO46 is used for UART1 by
default, so it needs additional pin control change in devicetree to be operational.
Verified on my RA75.

Signed-off-by: Oleksandr Zharov <alex.zeed@gmail.com>
20 months agonetifd: update to the latest version
Felix Fietkau [Mon, 17 Apr 2023 11:14:41 +0000 (13:14 +0200)]
netifd: update to the latest version

7de5440a520f device: fix segfault when recreating devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
20 months agotcpdump: update to 4.99.4
Nick Hainke [Thu, 13 Apr 2023 09:20:05 +0000 (11:20 +0200)]
tcpdump: update to 4.99.4

Fixes CVE-2023-1801.

Changelog can be found here:
https://git.tcpdump.org/tcpdump/blob/55bc126b0216cfe409b8d6bd378f65679d136ddf:/CHANGES

Signed-off-by: Nick Hainke <vincent@systemli.org>
20 months agoipq40xx: convert AP-365 to DSA
David Bauer [Wed, 12 Apr 2023 20:06:18 +0000 (22:06 +0200)]
ipq40xx: convert AP-365 to DSA

Re-enable the Aruba AP-365 with DSA support. Changes are trvivial, as
the board design is pretty much the already updated AP-303.

Run-tested on the device.

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agokernel: backport fix for recently introduced UBI bug
Daniel Golle [Sat, 15 Apr 2023 00:35:17 +0000 (01:35 +0100)]
kernel: backport fix for recently introduced UBI bug

Import commit "ubi: Fix failure attaching when vid_hdr offset equals to
(sub)page size" which did not yet make it to stable upstream Linux trees.

Fixes: #12232
Fixes: #12339
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
20 months agouboot-mediatek: fix build for RAVPower RP-WD009
Daniel Golle [Fri, 14 Apr 2023 16:54:54 +0000 (17:54 +0100)]
uboot-mediatek: fix build for RAVPower RP-WD009

Updating to U-Boot 2023.04 broke the build for the RAVPower RP-WD009
MT7628 board. This was due to upstream conversion of CONFIG_* to CFG_*
which was not applied to our downstream patch adding support for the
RAVPower RP-WD009 device.

Apply CONFIG_* to CFG_* converion analog to what has been done also
for mt7928_rfb upstream.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
20 months agokernel: backport fix for a page pool related race condition
Felix Fietkau [Thu, 13 Apr 2023 19:28:07 +0000 (21:28 +0200)]
kernel: backport fix for a page pool related race condition

Signed-off-by: Felix Fietkau <nbd@nbd.name>
20 months agogeneric: move accepted patch to backport-5.15
Daniel Golle [Thu, 13 Apr 2023 19:16:05 +0000 (20:16 +0100)]
generic: move accepted patch to backport-5.15

The patch adding SFP quirk for MXPD 483II was accepted upstream and
will be part of Linux v6.3:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=ad651d68cee75e9ac20002254c4e5d09ee67a84b

Move the patch from pending-5.15 to backport-5.15.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
20 months agomediatek: sync pinctrl-mt7981 and pinctrl-mt7986 drivers
Daniel Golle [Thu, 13 Apr 2023 04:03:03 +0000 (05:03 +0100)]
mediatek: sync pinctrl-mt7981 and pinctrl-mt7986 drivers

Now that new pinconf features have been backported sync pinctrl-mt7981
and pinctrl-m7986 with bleeding-edge upstream versions.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
20 months agomediatek: backport new pinctrl features
Daniel Golle [Thu, 13 Apr 2023 04:01:30 +0000 (05:01 +0100)]
mediatek: backport new pinctrl features

Backport new features for MediaTek pinctrl/pinconf drivers from upstream.
This will serve as the base to improve pinconf bias/pull-up/pull-down on
MT7981 and MT7986, and also prepare for upcoming support for MT7988.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
20 months agouclient: update to Git version 2023-04-13
Matthias Schiffer [Thu, 13 Apr 2023 18:51:05 +0000 (20:51 +0200)]
uclient: update to Git version 2023-04-13

007d94546749 uclient: cancel state change timeout in uclient_disconnect()
644d3c7e13c6 ci: improve wolfSSL test coverage
dc54d2b544a1 tests: add certificate check against letsencrypt.org

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
20 months agomvebu: puzzle-mcu: add mcu write retry function
Ian Chang [Tue, 11 Apr 2023 08:07:24 +0000 (16:07 +0800)]
mvebu: puzzle-mcu: add mcu write retry function

Avoid MCU getting "command reply receive timed out" message when LED
configuration setting trigger function is enabled in heartbeat mode.

Signed-off-by: Ian Chang <ianchang@ieiworld.com>
20 months agouboot-mediatek: update to v2023.04
Daniel Golle [Tue, 11 Apr 2023 23:21:22 +0000 (00:21 +0100)]
uboot-mediatek: update to v2023.04

Update to next U-Boot timed release.
Remove now obsolete patch
100-01-board-mediatek-add-more-network-configurations.patch
Default IP addresses are now dealt with in Kconfig, no longer in board-
specific C header files.

Add patches to restore ANSI support in bootmenu which was broken upstream,
always use high-speed mode on serial UART for improved stability and fix
an issue with pinconf not being applied on MT7623 resulting in eMMC
being inaccessible when booting from micro SD card.

In order to keep the size of the bootloader on MT7623 below 512kB remove
some unneeded commands on both MT7623 boards.

Tested on:
 * BananaPi BPi-R2 (MT7623N)
 * BananaPi BPi-R3 (MT7986A)
 * BananaPi BPi-R64 (MT7622A)
 * Linksys E8450 (MT7622B)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
20 months agobase-files: add 'isup' to the wifi script
Andre Heider [Wed, 2 Nov 2022 07:50:20 +0000 (08:50 +0100)]
base-files: add 'isup' to the wifi script

This is a silent command that allows easy wifi up/down automation for
scripts.

It takes one or multiple devices as arguments (or all if none are passed),
and the exit code indicates if any of those is not up.

E.g.:
wifi isup && echo "all wifi devices are up"
wifi isup radio0 || echo "this wifi is down"

Signed-off-by: Andre Heider <a.heider@gmail.com>
20 months agobase-files: use named variables in the wifi script
Andre Heider [Wed, 2 Nov 2022 07:49:35 +0000 (08:49 +0100)]
base-files: use named variables in the wifi script

Use the already present but unused $cmd and $dev variables instead of
positional parameters in ubus_wifi_cmd() to improve readability.

Signed-off-by: Andre Heider <a.heider@gmail.com>
20 months agomac80211: ath11k: sync with ath-next
Robert Marko [Wed, 12 Apr 2023 11:17:03 +0000 (13:17 +0200)]
mac80211: ath11k: sync with ath-next

Synchronize the ath11k backports with the current ath-next tree.

This replaces the management TLV pending fix with the upstreamed one,
fixes traffic flooding when AP and monitor modes are used at the same time,
fixes QCN9074 always showing -95 dBm for station RSSI in dumps,
fixes potential crash on boot if spectral scan is enabled due to writing to
unitialized memory and adds 11d scan offloading for WCN6750 and WCN6855.

Signed-off-by: Robert Marko <robimarko@gmail.com>
20 months agofirmware-utils: update to latest HEAD
David Bauer [Sat, 8 Apr 2023 23:12:08 +0000 (01:12 +0200)]
firmware-utils: update to latest HEAD

6a58f45 tplink-safeloader: add US-CA-TW support-list entries for Archer AX23v1

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agotools/squashfs4: refresh multiple lzma configuration option patch
Christian Marangi [Wed, 12 Apr 2023 10:18:19 +0000 (12:18 +0200)]
tools/squashfs4: refresh multiple lzma configuration option patch

Refresh multiple lzma configuration option patch with new version
proposed upstream. (Reintroduce -Xe option and add more checks and
general better code quality)

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
20 months agoRevert "image: update LZMA_XZ_OPTIONS with new squashfs4 tool"
Christian Marangi [Wed, 12 Apr 2023 10:13:46 +0000 (12:13 +0200)]
Revert "image: update LZMA_XZ_OPTIONS with new squashfs4 tool"

This reverts commit a33b97dcb1bd6e68f01c571e92ef02c3ab721523.

A new version of the squashfs4 tool patch reintroduced the -Xe option.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
20 months agoipq-wifi: bump to latest git HEAD
Christian Marangi [Wed, 12 Apr 2023 10:02:57 +0000 (12:02 +0200)]
ipq-wifi: bump to latest git HEAD

b22487d ath11k: qcn8074: Update regDb in every BDF
3add8be ath11k: ipq8074: Update regDb in every BDF
8bb6039 ath11k: ipq8074: add Netgear RAX120v2

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
20 months agomac80211: ath11k: Remove regulatory intersection
Robert Marko [Tue, 11 Apr 2023 18:20:18 +0000 (20:20 +0200)]
mac80211: ath11k: Remove regulatory intersection

Currently, during initialization ath11k will receive a regulatory event
from the firmware in which it will receive the default regulatory domain
code and accompanying rules list and report those to the kernel.

Then if you try to change the regulatory domain to a different country code
it will do a weird thing in which it will send that to the FW and after
receiving the appropriate regulatory event it will parse the rules.
However, while its parsing there is a weird thing being done, and that is
that new raw rules from FW get intersected with the rules from the default
domain.
This is creating a big issue as the default domain is almost always set to
"US" or just "00" aka world so ath11k will unfairly limit you to the most
restrictive combination of rules based on the default domain and your
desired domain.
For example, in ETSI countries this is causing channels 12 and 13 on 2.4GHz
to not be usable since "US" limits 2.4GHz to 2472MHz instead of 2482MHz
like ETSI countries do.

So, lets do what TIP and even QCA do in their ath11k downstream tree and
completely get rid of the interesection code in ath11k.

Signed-off-by: Robert Marko <robimarko@gmail.com>
20 months agotools/mkimage: update to 2023.04
Nick Hainke [Sun, 9 Apr 2023 09:26:20 +0000 (11:26 +0200)]
tools/mkimage: update to 2023.04

Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
20 months agouboot-envtools: update to 2023.04
Nick Hainke [Sun, 9 Apr 2023 09:17:43 +0000 (11:17 +0200)]
uboot-envtools: update to 2023.04

Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
20 months agobase-files: fix nand_upgrade_ubinized()
Rafał Miłecki [Mon, 10 Apr 2023 17:01:35 +0000 (19:01 +0200)]
base-files: fix nand_upgrade_ubinized()

When using "ubiformat" with stdin it requires passing image size using
the -S argument. Provide it just like we do for "ubiupdatevol".

This fixes:
ubiformat: error!: must use '-S' with non-zero value when reading from stdin

This change fixes sysupgrade for bcm53xx and bcm4908 NAND devices
possibly some other targets too.

Cc: Rodrigo Balerdi <lanchon@gmail.com>
Cc: Daniel Golle <daniel@makrotopia.org>
Fixes: 971071212052 ("base-files: accept gzipped nand sysupgrade images")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Daniel Golle <daniel@makrotopia.org>
Tested-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
20 months agobase-files: fix Linksys upgrade, restore config step
Michael Trinidad [Fri, 7 Apr 2023 13:10:29 +0000 (09:10 -0400)]
base-files: fix Linksys upgrade, restore config step

It appears that the refactor of the upgrade process for NAND devices                                                                                                                            resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.

This corrects a typo in the call of nand_do_upgrade_failed for ipq40xx
and ipq806x devices using the linksys.sh script.

Fixes: 8634c1080d50 ("ipq40xx: Fix Linksys upgrade, restore config step")
Fixes: 2715aff5df83 ("ipq806x: Fix Linksys upgrade, restore config step")
Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
20 months agomvebu: cortexa9: fix Linksys upgrade, restore config step
Michael Trinidad [Fri, 7 Apr 2023 13:02:37 +0000 (09:02 -0400)]
mvebu: cortexa9: fix Linksys upgrade, restore config step

It appears that the refactor of the upgrade process for NAND devices                                                                                                                            resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.

This restores the preservation of configs for mvebu/cortexa9 devices using the
linksys.sh script.

Fixes: e25e6d8e5407 ("base-files: fix and clean up nand sysupgrade code")
Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
20 months agokirkwood: fix Linksys upgrade, restore config step
Michael Trinidad [Sat, 1 Apr 2023 19:04:02 +0000 (15:04 -0400)]
kirkwood: fix Linksys upgrade, restore config step

It appears that the refactor of the upgrade process for NAND devices
resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.

This restores the preservation of configs for kirkwood devices using the
linksys.sh script.

Fixes: e25e6d8e5407 ("base-files: fix and clean up nand sysupgrade code")
Fixes: #12298
Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
20 months agobcm53xx: switch to Kernel 5.15 by default
Paul Spooren [Wed, 22 Feb 2023 18:48:25 +0000 (19:48 +0100)]
bcm53xx: switch to Kernel 5.15 by default

Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Tested-by: Rafał Miłecki <rafal@milecki.pl>
20 months agobcm4908: switch to Kernel 5.15 by default
Paul Spooren [Wed, 22 Feb 2023 18:52:13 +0000 (19:52 +0100)]
bcm4908: switch to Kernel 5.15 by default

Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[rmilecki: tested on GT-AC5300: boot, sysupgrade & 940 Mbps NAT]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
20 months agouboot-sunxi: update support for FriendlyARM ZeroPI
Arturas Moskvinas [Sat, 8 Apr 2023 20:12:13 +0000 (23:12 +0300)]
uboot-sunxi: update support for FriendlyARM ZeroPI

Since commit torvalds/linux@bbc4d71 ("net: phy: realtek: fix rtl8211e rx/tx
delay config") network is broken on the FriendlyELEC(ARM) ZeroPi.

Replaces custom patches with upstream uboot patch:
https://source.denx.de/u-boot/u-boot/-/commit/2527b24f39d8f27ba2fd922ca27a1f14119cfa1b

Signed-off-by: Arturas Moskvinas <arturas.moskvinas@gmail.com>
20 months agombedtls: Update to version 2.28.3
Hauke Mehrtens [Sun, 2 Apr 2023 22:52:52 +0000 (00:52 +0200)]
mbedtls: Update to version 2.28.3

This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3

The 100-fix-compile.patch patch was merged upstream, see:
https://github.com/Mbed-TLS/mbedtls/issues/6243
https://github.com/Mbed-TLS/mbedtls/pull/7013

The code style of all files in mbedtls 2.28.3 was changed. I took a new
version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this
pull request: https://github.com/Mbed-TLS/mbedtls/pull/6475

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
20 months agobmips: dts: add missing phy modes
Álvaro Fernández Rojas [Mon, 10 Apr 2023 08:06:22 +0000 (10:06 +0200)]
bmips: dts: add missing phy modes

PHY modes should be defined in the device tree for the bcm63xx internal switch.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agobmips: remove source-only flag
Álvaro Fernández Rojas [Sun, 9 Apr 2023 19:06:54 +0000 (21:06 +0200)]
bmips: remove source-only flag

bmips target is now more stable and it's time to start generating buildbot
images in order to receive a wider testing, which will be essential to replace
bcm63xx target in the future.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agobmips: add subtargets for each SoC
Álvaro Fernández Rojas [Sun, 9 Apr 2023 19:01:11 +0000 (21:01 +0200)]
bmips: add subtargets for each SoC

BMIPS is a generic arch that can be used for multiple Broadcom SoCs, each one
with its own specific drivers, so instead of having a huge kernel supporting
all of them, let's switch to a subtarget per SoC like other OpenWrt targets.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agobmips: b43-sprom: fix build when SSB/BCMA disabled
Álvaro Fernández Rojas [Sun, 9 Apr 2023 19:00:03 +0000 (21:00 +0200)]
bmips: b43-sprom: fix build when SSB/BCMA disabled

Fix build of B43 SPROM fallback when SSB or BCMA are disabled.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agobmips: allow disabling mdio-mux-bcm6368
Álvaro Fernández Rojas [Sun, 9 Apr 2023 18:59:11 +0000 (20:59 +0200)]
bmips: allow disabling mdio-mux-bcm6368

This controller is only present on SoCs with B53 MMAP switch.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agokernel: disable CONFIG_HW_RANDOM_BCM2835
Álvaro Fernández Rojas [Sun, 9 Apr 2023 18:58:14 +0000 (20:58 +0200)]
kernel: disable CONFIG_HW_RANDOM_BCM2835

This HW RNG is present on some Broadcom 63XX SoCs, but not all of them.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agokernel: crypto: fix missing dependecies for CRYPTO_USER_API_ENABLE_OBSOLETE
Petr Štetiar [Sun, 9 Apr 2023 06:29:26 +0000 (08:29 +0200)]
kernel: crypto: fix missing dependecies for CRYPTO_USER_API_ENABLE_OBSOLETE

CRYPTO_USER_API_ENABLE_OBSOLETE config symbol depends on CRYPTO_USER so
lets add this dependency to relevant modules.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
20 months agokernel: crypto: fix architecture specific modules
Petr Štetiar [Sat, 8 Apr 2023 08:29:06 +0000 (10:29 +0200)]
kernel: crypto: fix architecture specific modules

While tracking one bug report related to wrong package dependencies I've
noticed, that a bunch of the crypto modules are actually not
architecture specific, but either board/subtarget (x86/64) or board
(mpc85xx) specific.

So lets fix it, by making those modules architecture specific:

 x86/64  -> x86_64
 mpc85xx -> powerpc

Signed-off-by: Petr Štetiar <ynezz@true.cz>
20 months agokernel: bump 5.15 to 5.15.106
John Audia [Sat, 8 Apr 2023 16:08:25 +0000 (12:08 -0400)]
kernel: bump 5.15 to 5.15.106

Removed upstreamed:
        generic/735-net-ethernet-mtk_eth_soc-fix-flow_offload-related-re.patch[1]
        pending-5.15/350-mips-bmips-BCM6358-disable-RAC-flush-for-TP1.patch[2]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.106&id=76f09582a191dcf11118fd4bdbf50f538c90fa8d

2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/arch/mips/bmips?h=v5.15.106&id=65b723644294f1d79770704162c0e8d1f700b6f1

Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod, ipq806x/R7800
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod, ipq806x/R7800

Signed-off-by: John Audia <therealgraysky@proton.me>
20 months agobmips: switch to LED kernel modules
Álvaro Fernández Rojas [Sun, 9 Apr 2023 08:40:56 +0000 (10:40 +0200)]
bmips: switch to LED kernel modules

Disable LED controllers from kernel config and switch to per device kernel
modules.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agobmips: add LED kernel modules
Álvaro Fernández Rojas [Sun, 9 Apr 2023 08:34:05 +0000 (10:34 +0200)]
bmips: add LED kernel modules

Add BCM6328 and BCM6358 LED kernel modules.
This allows selecting the LED controllers only for those devices using them.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agobmips: add support for Sercomm SHG2500
Álvaro Fernández Rojas [Thu, 30 Mar 2023 21:14:13 +0000 (23:14 +0200)]
bmips: add support for Sercomm SHG2500

Sercomm SHG2500 is a BCM63168 with 128M of RAM, 256M of NAND, an external
BCM53124S switch for the LAN ports and internal/external Broadcom wifi.
LEDs are connected to an external MSP430G2513 MCU controlled via SPI.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agobmips: use sercomm-pid script
Álvaro Fernández Rojas [Sun, 9 Apr 2023 08:10:28 +0000 (10:10 +0200)]
bmips: use sercomm-pid script

Make use of sercomm-pid script for generating the Sercomm PID, which avoids
having to add an array of hex bytes for every new Sercomm device.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agobmips: image: rename SERCOMM_VERSION to SERCOMM_FSVER
Álvaro Fernández Rojas [Sun, 9 Apr 2023 08:06:26 +0000 (10:06 +0200)]
bmips: image: rename SERCOMM_VERSION to SERCOMM_FSVER

SERCOMM_VERSION is ambiguous and it should be more clear that it refers to the
version used for the filesystem.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agoscripts: sercomm-pid: add bmips support
Álvaro Fernández Rojas [Sun, 9 Apr 2023 08:01:03 +0000 (10:01 +0200)]
scripts: sercomm-pid: add bmips support

Apparently, Sercomm sets 2 padding bytes instead of 1 (ramips).
The HW version is a bit different than the one used for ramips.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agoramips: sercomm-payload: use pide-file argument
Álvaro Fernández Rojas [Sun, 9 Apr 2023 07:59:21 +0000 (09:59 +0200)]
ramips: sercomm-payload: use pide-file argument

Instead of passing an array of hex bytes for the Sercomm PID we can now use
the --pid-file parameter.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agoscripts: sercomm-payload: add PID file support
Álvaro Fernández Rojas [Sun, 9 Apr 2023 07:55:57 +0000 (09:55 +0200)]
scripts: sercomm-payload: add PID file support

Allow passing Sercomm PID from file.
Until now, Sercomm PID could only be passed as an array of hex bytes.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
20 months agolibcap: update to 2.68
Nick Hainke [Sun, 2 Apr 2023 21:38:57 +0000 (23:38 +0200)]
libcap: update to 2.68

Release Notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.vdh3d47czmle

Signed-off-by: Nick Hainke <vincent@systemli.org>
20 months agotools/mtools: update to 4.0.43
Nick Hainke [Sun, 2 Apr 2023 22:04:04 +0000 (00:04 +0200)]
tools/mtools: update to 4.0.43

Release Notes:
https://lists.gnu.org/archive/html/info-gnu/2023-03/msg00006.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
20 months agokernel: bump 5.10 to 5.10.177
John Audia [Wed, 5 Apr 2023 15:56:48 +0000 (11:56 -0400)]
kernel: bump 5.10 to 5.10.177

All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
20 months agoramips: lower re305-v3 spi-max-frequency
Joe Mullally [Sun, 2 Apr 2023 18:51:21 +0000 (21:51 +0300)]
ramips: lower re305-v3 spi-max-frequency

Fix flash I/O instability observed in newer devices with cFeon
QH64A-104HIP (detected as en25qh64).

Ref: https://forum.openwrt.org/t/support-for-tp-link-re305-v3/75893/91

Reported-by: Dimitri Souza <dimitri.souza@gmail.com>
Tested-by: Dimitri Souza <dimitri.souza@gmail.com>
Signed-off-by: Joe Mullally <jwmullally@gmail.com>
[alter commit-message - target master]
Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agompc85xx: refresh patches
David Bauer [Tue, 4 Apr 2023 10:52:19 +0000 (12:52 +0200)]
mpc85xx: refresh patches

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agompc85xx: add support for Enterasys WS-AP3715i
David Bauer [Sat, 18 Mar 2023 01:28:23 +0000 (02:28 +0100)]
mpc85xx: add support for Enterasys WS-AP3715i

Hardware
--------

SoC:   NXP P1010 (1x e500 @ 800MHz)
RAM:   256M DDR3 (2x Samsung K4B1G1646G-BCH9)
FLASH: 32M NOR (Spansion S25FL256S)
BTN:   1x Reset
WiFi:  1x Atheros AR9590 2.4 bgn 3x3
       2x Atheros AR9590 5.0 an 3x3
ETH:   2x Gigabit Ethernet (Atheros AR8033 / AR8035)
UART:  115200 8N1 (RJ-45 Cisco)

Installation
------------
1. Grab the OpenWrt initramfs, rename it to ap3715.bin. Place it in
   the root directory of a TFTP server and serve it at
   192.168.1.66/24.

2. Connect to the serial port and boot the AP. Stop autoboot in U-Boot
   by pressing Enter when prompted. Credentials are identical to the one
   in the APs interface. By default it is admin / new2day.

3. Alter the bootcmd in U-Boot:

 $ setenv ramboot_openwrt "setenv ipaddr 192.168.1.1;
   setenv serverip 192.168.1.66; tftpboot 0x2000000 ap3715.bin; bootm"

 $ setenv boot_openwrt "sf probe 0; sf read 0x2000000 0x140000 0x1000000;
   bootm 0x2000000"

 $ setenv bootcmd "run boot_openwrt"

 $ saveenv

4. Boot the initramfs image

 $ run ramboot_openwrt

5. Transfer the OpenWrt sysupgrade image to the AP using SCP. Install
   using sysupgrade.

 $ sysupgrade -n <path-to-sysupgrade.bin>

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agompc85xx: don't compress kernel image for WS-AP3825i
David Bauer [Sun, 2 Apr 2023 16:57:09 +0000 (18:57 +0200)]
mpc85xx: don't compress kernel image for WS-AP3825i

The kernel is already compressed with XZ by the bootwrapper, thus we
gain nothing by compressing it a second time.

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agompc85xx: reserve upper 1MB of RAM for WS-AP3825i
David Bauer [Sun, 2 Apr 2023 15:52:16 +0000 (17:52 +0200)]
mpc85xx: reserve upper 1MB of RAM for WS-AP3825i

The bootpage for the second core is placed by U-Boot in the upper 128k
of syste-memory.

This could either be a reserved-area or deducted from the total
system-memory. As only the latter is parsed by the bootwrapper, reduce
the available system memory for linux in order to preserve the bootpage
from being overwritten.

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agompc85xx: backport bootwrapper patch to kernel 5.10
David Bauer [Sun, 2 Apr 2023 02:52:28 +0000 (04:52 +0200)]
mpc85xx: backport bootwrapper patch to kernel 5.10

Kernel 5.10 builds currently fail because the patch for using the
simpleImage bootwrapper were not added to 5.10.

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agompc85xx: add properties normally added by U-Boot
David Bauer [Sun, 2 Apr 2023 00:59:35 +0000 (02:59 +0200)]
mpc85xx: add properties normally added by U-Boot

This adds properties to PCIe as well as ethernet nodes which are
normally added by the Extreme Networks U-Boot.

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agompc85xx: fix incorrect CPU node / properties
David Bauer [Sat, 1 Apr 2023 22:45:31 +0000 (00:45 +0200)]
mpc85xx: fix incorrect CPU node / properties

This adds properties normally filled by U-Boot. Also it fixes the node
name, which is incorrectly referring to a P1010 core.

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agompc85xx: add localbus frequency for WS-AP3825i
David Bauer [Sun, 2 Apr 2023 02:25:00 +0000 (04:25 +0200)]
mpc85xx: add localbus frequency for WS-AP3825i

This is normally filled by U-Boot.

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agompc85xx: add linux,stdout-path for WS-AP3825i
David Bauer [Sun, 2 Apr 2023 02:11:12 +0000 (04:11 +0200)]
mpc85xx: add linux,stdout-path for WS-AP3825i

This is normally filled by U-Boot. Prevents double-printing of early
console messages. Also enables debug-output by the zImage wrapper.

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agoramips: define remapping-range for DAP-X1860
David Bauer [Thu, 30 Mar 2023 01:51:08 +0000 (03:51 +0200)]
ramips: define remapping-range for DAP-X1860

Prevent the BBT translation layer from remapping the UBI used for
storing rootfs.

Explicitly define the number of blocks reserved for remapping.

Signed-off-by: David Bauer <mail@david-bauer.net>
20 months agoocteon: switch to Kernel 5.15 by default
Paul Spooren [Wed, 22 Feb 2023 18:59:58 +0000 (19:59 +0100)]
octeon: switch to Kernel 5.15 by default

Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
20 months agokirkwood: switch to Kernel 5.15 by default
Paul Spooren [Wed, 22 Feb 2023 18:53:58 +0000 (19:53 +0100)]
kirkwood: switch to Kernel 5.15 by default

Getting ready for the next release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
20 months agotegra: switch to Kernel 5.15 by default
Paul Spooren [Wed, 22 Feb 2023 19:07:30 +0000 (20:07 +0100)]
tegra: switch to Kernel 5.15 by default

Getting ready for the next release.

Acked-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
20 months agoopenssl: fix CVE-2023-464 and CVE-2023-465
Eneas U de Queiroz [Tue, 4 Apr 2023 18:39:56 +0000 (15:39 -0300)]
openssl: fix CVE-2023-464 and CVE-2023-465

Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:

- Excessive Resource Usage Verifying X.509 Policy Constraints
  (CVE-2023-0464)
  Severity: Low
  A security vulnerability has been identified in all supported versions
  of OpenSSL related to the verification of X.509 certificate chains
  that include policy constraints.  Attackers may be able to exploit
  this vulnerability by creating a malicious certificate chain that
  triggers exponential use of computational resources, leading to a
  denial-of-service (DoS) attack on affected systems.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

- Invalid certificate policies in leaf certificates are silently ignored
  (CVE-2023-0465)
  Severity: Low
  Applications that use a non-default option when verifying certificates
  may be vulnerable to an attack from a malicious CA to circumvent
  certain checks.
  Invalid certificate policies in leaf certificates are silently ignored
  by OpenSSL and other certificate policy checks are skipped for that
  certificate.  A malicious CA could use this to deliberately assert
  invalid certificate policies in order to circumvent policy checking on
  the certificate altogether.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466.  It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.

Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
20 months agorealtek: Fix typo for EnGenius EWS2910P
Raylynn Knight [Sun, 2 Apr 2023 08:27:21 +0000 (04:27 -0400)]
realtek: Fix typo for EnGenius EWS2910P

Fix mis-typed DEVICE-MODEL in mk file for EnGenius EWS2910P.

Signed-off-by: Raylynn Knight <rayknight@me.com>
[ fix wrong SoB format and improve commit title/description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
20 months agotools/zstd: update to 1.5.5
Nick Hainke [Wed, 5 Apr 2023 11:30:14 +0000 (13:30 +0200)]
tools/zstd: update to 1.5.5

Release Notes:
https://github.com/facebook/zstd/releases/tag/v1.5.5

Signed-off-by: Nick Hainke <vincent@systemli.org>
20 months agomac80211: ath11k: Fix invalid mgmt rx frame length issue
Robert Marko [Tue, 4 Apr 2023 19:49:43 +0000 (21:49 +0200)]
mac80211: ath11k: Fix invalid mgmt rx frame length issue

FW 2.9 uses multiple TLV-s for the RX mgmt even which driver currently does
not support, so import a pending upstream patch to fix that [1].

[1] https://patchwork.kernel.org/project/linux-wireless/patch/20230320133840.30162-1-quic_nmaran@quicinc.com/

Signed-off-by: Robert Marko <robimarko@gmail.com>
20 months agoath11k-firmware: update to WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1
Robert Marko [Tue, 4 Apr 2023 19:48:42 +0000 (21:48 +0200)]
ath11k-firmware: update to WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1

Current WLAN.HK.2.5.0.1 FW is quite old and buggy, but we had to hold off
from updating to 2.6.0.1 and 2.7.0.1 as they had compatibility regressions,
but now QCA finally released 2.9.0.1 FW which is working on all of the
boards.

So finally update IPQ8074 and QCN9074 FW to the latest
WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1 firmware.

In order to do so, we have to switch to using QCA-s QUIC repo instead of
Kalle-s.
QCA-s QUIC repo does not have BDF-s so we have to get the QCN9074 BDF from
Kalles repo.

Tested-by: Mireia Fernández Casals <meirin.f@gmail.com> # Xiaomi AX3600
Tested-by: Francisco G Luna <frangonlun@gmail.com> #Netgear WAX218
Signed-off-by: Robert Marko <robimarko@gmail.com>
20 months agokernel: backport NVMEM patch for U-Boot env data "ethaddr" cell
Rafał Miłecki [Thu, 6 Apr 2023 10:14:30 +0000 (12:14 +0200)]
kernel: backport NVMEM patch for U-Boot env data "ethaddr" cell

Adjust our local code to avoid breakage.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
20 months agokernel: backport NVMEM patches queued for the v6.4
Rafał Miłecki [Thu, 6 Apr 2023 07:15:49 +0000 (09:15 +0200)]
kernel: backport NVMEM patches queued for the v6.4

They add NVMEM layouts support. It allows handling NVMEM content
independently of NVMEM device access.

Skip U-Boot env data patch for now as it break our downstream MAC hacks.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
20 months agokernel: backport mtd fixes for nvmem
Rafał Miłecki [Thu, 6 Apr 2023 05:26:11 +0000 (07:26 +0200)]
kernel: backport mtd fixes for nvmem

They are needed for NVMEM changes pending for v6.4.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
20 months agokernel: backport of_request_module()
Rafał Miłecki [Wed, 5 Apr 2023 21:32:57 +0000 (23:32 +0200)]
kernel: backport of_request_module()

It's needed by NVMEM changes queued for 6.4.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
20 months agomediatek: introduce KERNEL_LOADADDR to Device/Default template
Daniel Golle [Wed, 5 Apr 2023 15:56:54 +0000 (16:56 +0100)]
mediatek: introduce KERNEL_LOADADDR to Device/Default template

We need to reset KERNEL_LOADADDR if we use it on a per-device base.
Otherwise the previous value will be kept in case a device doesn't
define KERNEL_LOADADDR and relies on the default.

Move initializing KERNEL_LOADADDR to target/linux/mediatek/image/Makefile,
similar to how it's done also on the ramips target.

This fixes image size related breakage on devices which rely on the
default value of KERNEL_LOADADDR.

While at it use 0x48000000 which is more common than the previous default
0x44000000 for the filogic subtarget.

Fixed: e7c399bee6 ("filogic: add support for ASUS TUF-AX4200")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
20 months agoopenssl: add legacy provider
Eneas U de Queiroz [Fri, 10 Mar 2023 20:53:25 +0000 (17:53 -0300)]
openssl: add legacy provider

This adapts the engine build infrastructure to allow building providers,
and packages the legacy provider.  Providers are the successors of
engines, which have been deprecated.

The legacy provider supplies OpenSSL implementations of algorithms that
have been deemed legacy, including DES, IDEA, MDC2, SEED, and Whirlpool.

Even though these algorithms are implemented in a separate package,
their removal makes the regular library smaller by 3%, so the build
options will remain to allow lean custom builds.  Their defaults will
change to 'y' if not bulding for a small flash, so that the regular
legacy package will contain a complete set of algorithms.

The engine build and configuration structure was changed to accomodate
providers, and adapt to the new style of openssl.cnf in version 3.0.

There is not a clean upgrade path for the /etc/ssl/openssl.cnf file,
installed by the openssl-conf package.  It is recommended to rename or
remove the old config file when flashing an image with the updated
openssl-conf package, then apply the changes manually.

An old openssl.cnf file will silently work, but new engine or provider
packages will not be enabled.  Any remaining engine config files under
/etc/ssl/engines.cnf.d can be removed.

On the build side, the include file used by engine packages was renamed
to openssl-module.mk, so the engine packages in other feeds need to
adapt.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>