Hauke Mehrtens [Tue, 24 Oct 2023 20:42:19 +0000 (22:42 +0200)]
openssl: update to 3.0.12
Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
e4ebc7b5662d6436fcc84b8e1583204b96fb0503)
Rani Hod [Sat, 30 Sep 2023 23:05:19 +0000 (02:05 +0300)]
bcm53xx: Linksys EA9200 nvram and 02_network fixes
1) clear nvram partialboots upon successful boot
This behavior is already defined for EA9500; enabled for EA9200 too.
2) fix MAC address in board.d/02_network
Use the correct nvram variable to derive lan/wan MAC address.
Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit
9c42d23c5f7aa2b7f80af96921b2d5476626b8c6)
Rani Hod [Fri, 20 Oct 2023 13:15:38 +0000 (16:15 +0300)]
ramips: TP-link archer A6/C6 device tree updates
Set correct GPIO (10) for the WPS button. This matches GPIO settings in
vendor GPL sources. Note that GPL sources also mention a USB indicator
LED (GPIO 13) but the device has neither an external USB port nor a USB LED.
In addition, prefixes (button-, led-) are added to relevant DT entries,
as well as color and function specifications for LEDs.
Closes: #13736
Reported-by: Waldemar Czabaj <kaball@wp.pl>
Signed-off-by: Rani Hod <rani.hod@gmail.com>
(added led mitigations for wifi leds)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
fe5e4987776ef66c6788f70251dcbc0ca80a1c5f)
Christian Marangi [Fri, 4 Aug 2023 23:58:29 +0000 (01:58 +0200)]
CI: provide new required secret for S3 endpoint and bucket name
Provide new required secret for S3 endpoint and bucket name to permit an
easier migration to new services.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
881235c713fae8692190178561af4eb2dee4ead1)
Christian Marangi [Fri, 4 Aug 2023 23:55:11 +0000 (01:55 +0200)]
CI: generilize S3 secret keys name and rename to proper name
Generilize S3 secret keys and rename to make them not platform specific.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
f98dc5aa43e9d84b8ceef9414fd4f92e05c418d7)
Christian Marangi [Mon, 19 Jun 2023 11:39:42 +0000 (13:39 +0200)]
CI: drop unused reusable workflow and dockerfiles
Drop unused reusable workflow and dockerfiles now that we moved them to
a dedicated repository.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
14293dd901e5fdb0fd242945b5916ccbb33ab328)
Christian Marangi [Mon, 19 Jun 2023 11:55:32 +0000 (13:55 +0200)]
CI: migrate each workflow to use reusable workflow from dedicated repo
Migrate each workflow to use reusable workflow from dedicated repo to
skip pushing CI related commits to openwrt and better track versioning
of CI workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
38cc09165fd11caa9599d960280bd91dbaba7a62)
Christian Marangi [Thu, 3 Nov 2022 12:32:51 +0000 (13:32 +0100)]
CI: build-tools: build all host tools
Now that we build also core packages, we need more host tools. Compile
all of them to reduce compile time on other actions.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
de9955a62f6aab6eafb2cfdffc4829ee97e69c04)
Christian Marangi [Wed, 31 May 2023 15:40:11 +0000 (17:40 +0200)]
CI: label-kernel: support compile testing kernel version and all target
Add support to label-kernel for compiling testing kernel version and
check patches. To trigger this special build appent :testing to the
normal label.
Example:
- ci:kernel:ipq806x:generic:testing
Test will fail if the requested target doesn't have a defined kernel
testing version.
Also add support for testing all target and subtarget. To trigger this
some special pattern are added:
- ci:kernel:all:all
Trigger test for all target and subtarget
- ci:kernel:all:first
Trigger test for all target and the first subtarget in alphabetical
order for the target.
With these special case :testing can also be used and every target and
subtarget that supports kernel testing version will be selected:
- ci:kernel:all:all:testing
Trigger test for all target and subtarget that have a kernel testing
version defined.
- ci:kernel:all:first:testing
Trigger test for all target and the first subtarget in alphabetical
order for the target that, if they have a kernel testing version
defined.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
218deba503f38e2f44f5012baf96af91b3e00c6a)
Petr Štetiar [Fri, 26 May 2023 09:41:18 +0000 (11:41 +0200)]
ci: build: verify downloaded toolchain tarball
CDNs are known to ship outdated or corrupted files, if it unpacks
correctly, it necessarily doesn't mean, that we're using the desired
content. So lets fix it by checking the tarball as well.
I'm adding GPG checking explicitly, its not needed, but just double
checking, that everything is working as expected on build
infrastructure.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
95dde523297c652072ee96ac32d22912a43ef761)
Petr Štetiar [Fri, 26 May 2023 09:38:24 +0000 (11:38 +0200)]
ci: bump buildworker container to version v6
Its being used by buildbot workers, adds g++-multilib to fix node
cross-compilation from a 64-bit build machine to 32-bit host.
References: https://github.com/openwrt/buildbot/pull/7
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
567784127e92ba6f9291adb1a546f567e50d9850)
Christian Marangi [Tue, 30 May 2023 18:43:18 +0000 (20:43 +0200)]
CI: kernel: test each subtarget on push events
Test each subtarget on push events to improve testing and to refresh
ccache of each subtarget.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
5bafc4352fb543c03389b6237f0e2fe327f328fa)
Christian Marangi [Tue, 30 May 2023 16:57:42 +0000 (18:57 +0200)]
CI: add support for getting ccache cache from S3
Add support for getting ccache cache from S3.
ccache is archieved in a tar and downloaded from S3 Cloud Storage.
For push events, ccache is then uplodaed back to S3 to refresh and have
a ccache cache always fresh.
An additional workflow is added to upload files to an S3 Cloud Storage
from artifacts uplodaed to github. The minio tool is used to upload
files to S3.
If the ccache can't be downloaded from s3, we fallback to github cache
system.
Also limit s3 upload to the openwrt repository since external fork won't
have (obviously) the required secrtes to upload data to the S3 Cloud
Storage.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
ebbc806d30502ff003ae7a19098c6afaaf1295a5)
Christian Marangi [Sun, 28 May 2023 07:11:29 +0000 (09:11 +0200)]
CI: build: limit cache save/delete only on push events
Limit ccache cache save/delete only on push events. Saving ccache
cache for pull request will result in bloat and refreshing ccache is not
possible due to security measure on enforcing read permission on
pull_request events.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
ff66a7c1c0f012324c0d2d90f047e6976c4fba11)
Christian Marangi [Sun, 28 May 2023 01:30:12 +0000 (03:30 +0200)]
CI: coverity: disable ccache usage
Disable ccache usage for coverity workflow as it may cause side effect
in the produced bins.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
2129ee1879f564a9992a6761d4c9e77077c48e95)
Christian Marangi [Sun, 28 May 2023 01:15:50 +0000 (03:15 +0200)]
CI: build: fix ccache cache usage
CCache cache is currently broken due to a funny bug in ccache compiler
type detection. It seems ccache compiler type detection is very fragile
and with the use of external toolchain doesn't correctly detect the
type.
The type detected is set to other instead of gcc resulting in ccache
complaining for unsupported compiler options.
To handle this problem, force the compiler type to gcc to make ccache
correctly work and speedup compilation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
ae7b05328cf471780de8559fba845c4b564e059e)
Christian Marangi [Sun, 28 May 2023 01:12:54 +0000 (03:12 +0200)]
CI: build: add option to define custom ccache cache type
Add new input to define custom ccache cache type. This is useful to use
a different ccache cache for some special workflow that may do more test
than simple kernel compilation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
07b52a8a25f261e3cee03f4980e4bc868e9ee5cc)
Christian Marangi [Sun, 28 May 2023 01:22:51 +0000 (03:22 +0200)]
CI: build: add option to disable use of ccache
Add option to disable use of ccache. This can be useful for some
sensible test that should not use ccache as they can cause side effects
of any sort. (example Coverity Scan)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
b9a41c1e84067bcc63aac633b72e7dc808bfe6fe)
Christian Marangi [Sun, 28 May 2023 00:55:26 +0000 (02:55 +0200)]
CI: build: add job to remove previous ccache cache if already exist
Github Actions cache doesn't permit to overwrite cache if it does
already exist. As a trick to refresh and have fresh ccache pool,
delete the ccache cache if it does exist with the help of Github REST
API. An additional permission is needed to access this API. Add this
permittion to each user of the build workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
203cc0a7ef0bbf3b5a19db3caa96e91963ec154c)
Christian Marangi [Sat, 27 May 2023 15:25:29 +0000 (17:25 +0200)]
CI: build: split cache ccache in separate restore and save jobs
Split caching ccache in separate restore and save jobs to always refresh
the ccache across different runs. Currently if a key is restored, cache
is not saved resulting in a less useful ccache that benefits from
multiple runs.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
6321361c6b13a37b0cfa279a51a0cf8239a7852c)
Christian Marangi [Thu, 25 May 2023 11:52:03 +0000 (13:52 +0200)]
CI: ignore master branch for push events
Due to problem with migrating from master to main as the default branch
and downstream project still requiring the master branch to be present,
we currently have for push events double CI runs, one for main and one
for master. To solve this ignore any push event to the master branch for
every workflow that react on push events.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
f5a5ce8822e9add9627ecb6ea289c8de2b8a76a9)
Christian Marangi [Sat, 17 Dec 2022 14:07:28 +0000 (15:07 +0100)]
CI: build: Add support to use container included external toolchain
Add support to use container included external toolchain and skip
redownloading external sdk for each test.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
0fe5776f4a79a2b095912e258738e3203207e9dd)
Christian Marangi [Fri, 16 Dec 2022 23:21:31 +0000 (00:21 +0100)]
CI: push-containers: build and push container with external toolchain
Build and push container with external toolchain embedded in the
container image.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
e1370cdd497a07612413106d707973155ad3004b)
Christian Marangi [Tue, 23 May 2023 13:25:56 +0000 (15:25 +0200)]
CI: build: add checks to test if toolchain container can be used
Add checks to test if toolchain container can be used.
This is to handle case of new target or migration of any sort.
If the toolchain container can't be found, the tools container is used
instead.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
23a5c715a9296e828be5c32eadf68eacdb326a0a)
Christian Marangi [Sat, 17 Dec 2022 01:02:26 +0000 (02:02 +0100)]
CI: build: add option to configure container to use
Add option to configure container to use for build test.
By default the tools container is used if no option is provided.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
803b0110485a12c1119a51044d17979795ede966)
Christian Marangi [Tue, 20 Dec 2022 19:02:35 +0000 (20:02 +0100)]
CI: build: package external toolchain after build
Package external toolchain after correct build.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
ce2e7c52f8ebc7ea92a1436ee2dbeecf149132dc)
Christian Marangi [Sat, 27 May 2023 20:08:26 +0000 (22:08 +0200)]
CI: build: drop redundant generate ccache hash job
Drop redundant generare ccache hash job as that can be done by
integrated github expressions to generate an hash.
The only change is that the integrated way generate a sha256 hash
instead of an md5 sum.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
457f6b0b9c07772f529a9714a974f3eb74f9b99d)
Luca Barbato [Tue, 24 Oct 2023 11:10:51 +0000 (13:10 +0200)]
image: Fix the CONFIG_EXTERNAL_CPIO logic
Fix the qstrip call.
Fixes: #13776.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
330492a101cdb1608d1194496c1b620315ef8bd8)
Hauke Mehrtens [Sun, 8 Oct 2023 22:26:18 +0000 (00:26 +0200)]
Revert "lantiq: xrx200: mark subtarget as source-only"
This reverts commit
0c117e1f6ccbee684ea0589d9024ca9dec4679c9.
Activate the lantiq/xrx200 target again.
There are still some problems with the GSWIP, but it is not leaking
packets to the wrong bridge in normal operations.
It shows some error messages at configuration like these:
[ 54.308861] gswip
1e108000.switch: port 5 failed to add ce:9d:84:d1:81:f0 vid 1 to fdb: -22
[ 54.325633] gswip
1e108000.switch: port 5 failed to add e8:de:27:95:c1:b4 vid 0 to fdb: -22
[ 54.351242] gswip
1e108000.switch: port 5 failed to add e8:de:27:95:c1:b4 vid 1 to fdb: -22
[ 54.358311] gswip
1e108000.switch: port 5 failed to delete ce:9d:84:d1:81:f0 vid 1 from fdb: -2
The problems are described in this pull request:
https://github.com/openwrt/openwrt/pull/13200
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
e1aaa1defd2340be3544dc614f905795b4d52f81)
Christian Lamparter [Fri, 20 Oct 2023 14:20:27 +0000 (16:20 +0200)]
apm821xx: WNDR4700: fix broken sysupgrade, factory images
prepend-dtb got extended to handle the Meraki devices too,
the problem here was that the Netgear WNDR4700 expects an
u-boot header in front of the DTB, whereas Meraki devices
don't.
Since the header was dropped, the WNDR4700's uboot started
to complain:
Bad Magic Number,it is forbidden to be written to flash!!
when flashing the factory.img since it expects an u-boot
header there.
Fixes: 5dece2d9355a ("apm821xx: switch over from DTB_SIZE to DEVICE_DTC_FLAGS")
Fixes: #13716
Reported-by: @kisgezenguz
Reported-by: Tamas Szabo
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
d6a11833ad67c33ad10dadf396f6c30bb44ef30f)
Leon M. Busch-George [Mon, 16 Oct 2023 17:41:21 +0000 (19:41 +0200)]
ipq40xx: wpj428: switch to zimage to fit kernel partition
Like with some other ipq40xx devices, the kernel image size for the WPJ428
is limited in stock u-boot. For that reason, the current release doesn't
include an image for the board.
By switching to the zImage format, the kernel image size is reduced which
re-enables the build process. The image boots and behaved normally through
a few days of testing.
Before the switch to kernel version 6.1, it was possible to reduce the
image size by enough when disabling UBIFS and its otherwise unneeded
dependencies.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit
2657e8cab7f3d621b66cfdd4e228da3b912af32a)
Koen Vandeputte [Tue, 12 Sep 2023 13:38:27 +0000 (15:38 +0200)]
ipq40xx: switch to performance governor by default
Doing a simple ping to my device shows this:
64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=2.00 ms
64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=2.02 ms
64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=1.68 ms
64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=1.91 ms
64 bytes from 10.0.253.101: icmp_seq=5 ttl=64 time=1.92 ms
64 bytes from 10.0.253.101: icmp_seq=6 ttl=64 time=2.04 ms
Some users even report higher values on older kernels:
64 bytes from 192.168.1.10: seq=0 ttl=64 time=0.612 ms
64 bytes from 192.168.1.10: seq=1 ttl=64 time=2.852 ms
64 bytes from 192.168.1.10: seq=2 ttl=64 time=2.719 ms
64 bytes from 192.168.1.10: seq=3 ttl=64 time=2.741 ms
64 bytes from 192.168.1.10: seq=4 ttl=64 time=2.808 ms
The problem is that the governor is set to Ondemand, which causes
the CPU to clock all the way down to 48MHz in some cases.
Switching to performance governor:
64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=0.528 ms
64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=0.561 ms
64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=0.633 ms
64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=0.526 ms
In theory, using the Performance governor should increase power draw,
but it looks like it really does not matter for this soc.
Using a calibrated precision DC power supply (cpu idle):
Ondemand
24.00V * 0.134A = 3.216 Watts
48.00V * 0.096A = 4.608 Watts
Performance
24.00V * 0.135A = 3.240 Watts
48.00V * 0.096A = 4.608 Watts
Let's simply switch to the Performance governor by default
to fix the general jittery behaviour on devices using this soc.
Tested on: MikroTik wAP ac
Fixes: #13649
Reviewed-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(cherry picked from commit
b8e52852bd62236a2a84663b4592d221ebc64cb4)
Christian Marangi [Fri, 20 Oct 2023 11:00:00 +0000 (13:00 +0200)]
netifd: update to latest git HEAD
5590a80e2566 config: fix incompatible with jshn network-device entry
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
53039bf7f5aa16d2f69394a86d04b8442c743e77)
Michael 'ASAP' Weinrich [Fri, 6 Oct 2023 02:39:58 +0000 (19:39 -0700)]
base-files: fix wrong ucidef_set_network_device_mac network-device entry
The ucidef_set_network_device_* functions in uci-defaults.sh disagree
on whether to use "network-device" or "network_device" in board.json.
With the additional caveat that jshn will translate hyphens (-) into
underscores (_). This casues problems in netifd which expected
"network_device" causing boards which depend on assigning MACs in
board.json via uci-defaults.sh (or jshn in general) to fail.
This commit addresses the issue by using network_device in
uci-defaults.sh.
The bug was uncovered in the forums here:
https://forum.openwrt.org/t/support-for-rtl838x-based-managed-switches/57875/2596
This was exposed by commit
4ebba8a05d09 ("realtek: add support for HPE
1920-8g-poe+") where the board_config_load call from 03_gpio introduced
the key normalization by jshn.
Fixes: 9290539ca9c7 ("base-files: allow setting device and bridge macs")
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Michael 'ASAP' Weinrich <michael@a5ap.net>
[ improve commit title, description and fix wrong Tested-by tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
12bc79d6d521581e37a8b067ce8a562429aeefbd)
Christian Buschau [Tue, 17 Oct 2023 12:51:53 +0000 (14:51 +0200)]
armsr: preserve configuration during sysupgrade
Copy configuration to boot partition (partition 1) instead of root
partition (partition 2) because the root partition is not writable if
it's a suqashfs image.
Move configuration back to root during preinit.
Fixes: https://github.com/openwrt/openwrt/issues/13695
Signed-off-by: Christian Buschau <cbuschau@d00t.de>
(cherry picked from commit
67ce60c5f961c4248fa108cd0f949e2bade4536e)
Hauke Mehrtens [Fri, 13 Oct 2023 22:37:34 +0000 (00:37 +0200)]
mbedtls: Update to version 2.28.5
This fixes some minor security problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
9e1c5ad4b0c99c45927ccd44504cd8fdbbd03bb0)
Bjørn Mork [Sun, 15 Oct 2023 17:28:51 +0000 (19:28 +0200)]
ramips: fix ZyXEL NR7101 bricking typo
A typo snuck in with the addition of Cudy M1800, changing
"nr7101" to "nt7101". The result is a default network config
for NR7101 without the only ethernet interface on the NR7101,
thereby soft bricking it.
Fixes: f6d394e9f2fd ("ramips: add support for Cudy M1800")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit
2e57028424d0e914490a80178cd729adb17ba09b)
Kevin Jilissen [Sun, 8 Oct 2023 15:21:23 +0000 (17:21 +0200)]
realtek: add support for HPE 1920-8g-poe+ (65W)
Hardware information:
---------------------
- RTL8380 SoC
- 8 Gigabit RJ45 PoE ports (built-in RTL8218B)
- 2 SFP ports (built-in SerDes)
- RJ45 RS232 port on front panel
- 32 MiB NOR Flash
- 128 MiB DDR3 DRAM
- PT7A7514 watchdog
- PoE chip
- Fanless
Known issues:
---------------------
- PoE LEDs are uncontrolled.
(Manual taken from
f2f09bc)
Booting initramfs image:
------------------------
- Prepare a FTP or TFTP server serving the OpenWrt initramfs image and
connect the server to a switch port.
- Connect to the console port of the device and enter the extended
boot menu by typing Ctrl+B when prompted.
- Choose the menu option "<3> Enter Ethernet SubMenu".
- Set network parameters via the option "<5> Modify Ethernet Parameter".
Enter the FTP/TFTP filename as "Load File Name" ("Target File Name"
can be left blank, it is not required for booting from RAM). Note that
the configuration is saved on flash, so it only needs to be done once.
- Select "<1> Download Application Program To SDRAM And Run".
Initial installation:
---------------------
- Boot an initramfs image as described above, then use sysupgrade to
install OpenWrt permanently. After initial installation, the
bootloader needs to be configured to load the correct image file
- Enter the extended boot menu again and choose "<4> File Control",
then select "<2> Set Application File type".
- Enter the number of the file "openwrt-kernel.bin" (should be 1), and
use the option "<1> +Main" to select it as boot image.
- Choose "<0> Exit To Main Menu" and then "<1> Boot System".
NOTE: The bootloader on these devices can only boot from the VFS
filesystem which normally spans most of the flash. With OpenWrt, only
the first part of the firmware partition contains a valid filesystem,
the rest is used for rootfs. As the bootloader does not know about this,
you must not do any file operations in the bootloader, as this may
corrupt the OpenWrt installation (selecting the boot image is an
exception, as it only stores a flag in the bootloader data, but doesn't
write to the filesystem).
Example PoE config file (/etc/config/poe):
---------------------
config global
option budget '65'
config port
option enable '1'
option id '1'
option name 'lan8'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '2'
option name 'lan7'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '3'
option name 'lan6'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '4'
option name 'lan5'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '5'
option name 'lan4'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '6'
option name 'lan3'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '7'
option name 'lan2'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '8'
option name 'lan1'
option poe_plus '1'
option priority '2'
Signed-off-by: Kevin Jilissen <info@kevinjilissen.nl>
(cherry picked from commit
f4ee08677cdeefba7cfda40a830b6b747c6ea36e)
Kevin Jilissen [Sun, 8 Oct 2023 14:56:40 +0000 (16:56 +0200)]
realtek: rename hpe,1920-8g-poe to match hardware
There are two hardware models of the HPE 1920-8g-poe switch. The version
currently in the repository is the model with a PoE budget of 180W. In
preparation of the addition of the 65W model, the existing model is
renamed to clarify the hardware version it targets.
As suggested by Pawel, the 'SUPPORTED_DEVICES' includes the old target
name to enable an upgrade path of builds with the old name.
Suggested-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Kevin Jilissen <info@kevinjilissen.nl>
(cherry picked from commit
987c96e88927094ff61e83870f872f0560d8e5c1)
Koen Vandeputte [Fri, 13 Oct 2023 15:47:11 +0000 (17:47 +0200)]
ath79: wpj563: enable 2nd USB controller
The compex WPJ563 actually has both usb controllers wired:
usb0 --> pci-e slot
usb1 --> pin header
As the board exposes it for generic use, enable this controller too.
fixes: #13650
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(cherry picked from commit
9188c77cbee55a933d0fa75c74e175fbc52c556d)
Hauke Mehrtens [Wed, 11 Oct 2023 21:06:34 +0000 (23:06 +0200)]
OpenWrt v23.05.0: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Wed, 11 Oct 2023 21:06:24 +0000 (23:06 +0200)]
OpenWrt v23.05.0: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 7 Oct 2023 19:07:20 +0000 (21:07 +0200)]
bsdiff: Add patches for CVEs
Add two patches from Debian fixing CVEs in the bsdiff application.
CVE-2014-9862: Heap vulnerability in bspatch
CVE-2020-14315: Memory Corruption Vulnerability in bspatch
Copied the patches from this location:
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/20-CVE-2014-9862.patch
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/33-CVE-2020-14315.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
cac723e8b8748938b8d80603578c60189fc32b24)
John Audia [Sat, 7 Oct 2023 14:00:03 +0000 (10:00 -0400)]
kernel: bump 5.15 to 5.15.134
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.134
Removed upstreamed:
generic/backport-5.15/894-Fix-up-backport-for-
13619703038.patch[1]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.134&id=
d7acb7031758141225844bea073860b48fd92092
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
ac3a5911daeaecc04c6ffd03027b6b75fa4472d2)
John Audia [Sat, 23 Sep 2023 14:15:37 +0000 (10:15 -0400)]
kernel: bump 5.15 to 5.15.133
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.133
Removed upstreamed:
bcm47xx/patches-5.15/101-v5.18-mtd-rawnand-brcmnand-Allow-SoC-to-provide-I-O-operations.patch[1]
Cherry picked build fix.[2] All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.133&id=
56cf9f446b331414a15ef0e8dedf23583ec2c427
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.15/fix-up-backport-of-
136191703038-interconnect-teach-l.patch
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
89895937dd4a24446b7bfd067398b4f7e73dc7b5)
Hauke Mehrtens [Sat, 7 Oct 2023 10:29:57 +0000 (12:29 +0200)]
toolchain: glibc: Update glibc 2.37 to recent HEAD
This adds the following changes:
b4f76ecc9e Ignore MAP_VARIABLE in tst-mman-consts.py
f5d377c896 __check_pf: Add a cancellation cleanup handler [BZ #20975]
0e3e9dbb0e Document BZ #20975 fix
e2974d26ce io: Fix record locking contants on 32 bit arch with 64 bit default time_t (BZ#30477)
3593050c27 io: Fix F_GETLK, F_SETLK, and F_SETLKW for powerpc64
8dcb1a5181 hppa: xfail debug/tst-ssp-1 when have-ssp is yes (gcc-12 and later)
0930ff8eb3 realloc: Limit chunk reuse to only growing requests [BZ #30579]
3f4b4e2cdd elf: _dl_find_object may return 1 during early startup (bug 30515)
260d4b742b nptl: Fix tst-cancel30 on sparc64
58f7431fd7 sparc: Fix la_symbind for bind-now (BZ 23734)
1caf955269 x86: Increase `non_temporal_threshold` to roughly `sizeof_L3 / 4`
80a8c858a5 x86: Fix slight bug in `shared_per_thread` cache size calculation.
cc8243fb0b x86: Use `3/4*sizeof(per-thread-L3)` as low bound for NT threshold.
f94ff95e93 x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745]
0d500bfdc0 hurd: Make exception subcode a long
be26b29262 io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64
3d24d1903d elf: Do not run constructors for proxy objects
a7e34a6675 elf: Always call destructors in reverse constructor order (bug 30785)
bdb594afa5 elf: Remove unused l_text_end field from struct link_map
1a7cbe52c8 elf: Move l_init_called_next to old place of l_text_end in link map
b752934602 CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode
6529a7466c (HEAD) getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806)
79310b45af x86/dl-cacheinfo: remove unsused parameter from handle_amd
9d5c6e27ed x86: Fix for cache computation on AMD legacy cpus.
4473d1b87d Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
94ef701365 Document CVE-2023-4806 and CVE-2023-5156 in NEWS
2dfd8c77b5 i686: Regenerate ulps
b4e23c75ae tunables: Terminate if end of input is reached (CVE-2023-4911)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
e66eed033f9f9d27fc839d81d3a03d4fad1b9b5b)
Tobias Schramm [Sat, 23 Sep 2023 11:46:40 +0000 (13:46 +0200)]
realtek: 5.15: rtl93xx: support 2500baseT and 5000baseT on USXGMII links
The USXGMII implementation of Realtek switches can not only support
10GbE but also 2.5Gb and 5Gb on top of the usual data rates.
Mark those as supported to allow them to be negotiated.
This change has been tested on a ZyXEL XGS1250-12 with the following link
partners:
- NWA50AX Pro (2.5Gb)
- RTL8152 USB NIC (2.5Gb)
- AQC111 USB NIC (2.5Gb & 5Gb)
Gbit and 10GbE has also been tested to still work fine with a variety of
devices.
Signed-off-by: Tobias Schramm <tobias@t-sys.eu>
(cherry picked from commit
cd56a682326f9de4d77ee3afb99d13d25c478c08)
Rudolf Vesely [Mon, 2 Oct 2023 06:51:19 +0000 (06:51 +0000)]
rtl83xx: fix STP by trapping BPDUs
Fix Spanning Tree Protocol (STP) by changing COPY2CPU which currently
makes switch to ignore Bridge Protocol Data Units (BPDUs).
Tested on Zyxel GS1900-8, 24 and 48.
Signed-off-by: Rudolf Vesely <i@rudolfvesely.com>
[ improve commit description and add new line in different sections ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
41fcc617f94601072d304f2f68e12cf1dd058707)
Uwe Niethammer [Sun, 1 Oct 2023 10:26:51 +0000 (12:26 +0200)]
uqmi: added timeout to fix hanging qmi.sh
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi
supports a timeout parameter. Unfortunately qmi.sh didn't make use of
this parameter. So qmi.sh is now invoking an early dummy access to
unlock the modem
Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
(cherry picked from commit
32a696f9e419ebec5b166847a16a5a45d030acbd)
Christian Marangi [Mon, 2 Oct 2023 20:13:10 +0000 (22:13 +0200)]
yafut: add missing PKG_MIRROR_HASH
Add missing PKG_MIRROR_HASH. This is always needed as is used to
generate and use a tar instead of git clone and validate the hash of it.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
a181b9f0f9269525319024f53d83c7efe9da544b)
Christian Marangi [Thu, 28 Sep 2023 20:55:08 +0000 (22:55 +0200)]
generic: add patch for GPON-ONU-34-20BI quirk
Backport patch merged upstream adding quirk for SFP GPON-ONU-34-20BI.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
86dadeba482e2ed41f1ccc95fc7739d85a5709c0)
Christian Marangi [Wed, 4 Oct 2023 11:28:58 +0000 (13:28 +0200)]
CI: push-containers: refresh containers also on modify cmake options
Refresh containers also on modify of cmake options in the include file.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
b40c0b54bde81243974cada51cb9a44736c773b3)
Christian Marangi [Wed, 4 Oct 2023 11:27:55 +0000 (13:27 +0200)]
CI: push-containers: fix concurrency group
Fix concurrency group for push-containers workflow to handle running on
different branches.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
4c2eab1c27defd154adcd0c4454248112815ffcc)
Peter Körner [Sun, 24 Sep 2023 18:58:13 +0000 (20:58 +0200)]
rtl93xx: fix condition intended to only select internal serdes ports
This condition was introduced in commit
51c8f7661244 ("realtek: Improve
MAC config handling for all SoCs") to correctly report the speed of the
internal serdes ports as 10G, but instead makes all ports read 10G
because the or-operator should have been an and-operator.
Fixes: #9953
Fixes: 51c8f7661244 ("realtek: Improve MAC config handling for all SoCs")
Signed-off-by: Peter Körner <git@mazdermind.de>
[ wrap comment to 72 column and improve commit ref ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
9fb5082e258ac4672dc69636e5eb79f426defac8)
Andreas Böhler [Mon, 18 Sep 2023 09:55:57 +0000 (11:55 +0200)]
ramips: fix Mercusys MR70X LAN port assignments
A bug report in the forum found that the MR70X lists four LAN ports in LuCI
while it has only three. This adds the device to the network setup file
to fix the issue.
Identified-by: Forum User "Lexeyko"
Signed-off-by: Andreas Böhler <dev@aboehler.at>
Hauke Mehrtens [Fri, 29 Sep 2023 18:28:43 +0000 (20:28 +0200)]
OpenWrt v23.05.0-rc4: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Fri, 29 Sep 2023 18:28:35 +0000 (20:28 +0200)]
OpenWrt v23.05.0-rc4: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Nick Hainke [Fri, 29 Sep 2023 09:12:02 +0000 (11:12 +0200)]
hostapd: increase PKG_RELEASE to fix builds
Recent hostapd changes just edited the ucode files. It is required to
bump the PKG_RELEASE to include the newest changes in the latest builds.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
91d2ead3c3bf75b279f861ad5d11b64bf31478f0)
Felix Fietkau [Thu, 28 Sep 2023 08:28:43 +0000 (10:28 +0200)]
hostapd: fix wpa_supplicant mac address allocation on ap+sta
If the full interface is restarted while bringing up an AP, it can trigger a
wpa_supplicant interface start before wpa_supplicant is notified of the
allocated mac addresses.
Fix this by moving the iface_update_supplicant_macaddr call to just after
the point where mac addresses are allocated.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
abceef120d57bf066941882630a76788eb4985a9)
David Bauer [Wed, 27 Sep 2023 14:43:54 +0000 (16:43 +0200)]
mpc85xx: add Enterasys WS-AP3715i reset button
The reset button was missing from the Enterasys WS-AP3715i DTS.
Add the node required for making the reset button work.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
0e8641d3b08bf8b9eac8e3338faf11cc058a5124)
Hauke Mehrtens [Sun, 24 Sep 2023 18:16:21 +0000 (20:16 +0200)]
treewide: Add extra CPE identifier
This adds some Common Platform Enumerations (CPE) identifiers which I
found.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Arne Zachlod [Wed, 13 Sep 2023 16:20:03 +0000 (18:20 +0200)]
toolchain: musl: add PKG_CPE_ID
Vulnerabilities of musl libc are tracked as
cpe:/a:musl-libc:musl
Signed-off-by: Arne Zachlod <arne@nerdkeller.org>
Alexander Couzens [Mon, 18 Sep 2023 22:23:40 +0000 (00:23 +0200)]
toolchain: assign PKG_CPE_ID
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has a CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Alexander Couzens [Mon, 18 Sep 2023 22:10:03 +0000 (00:10 +0200)]
tools: assign PKG_CPE_ID
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining tools which have a CPE ID.
Not every tool has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Alexander Couzens [Mon, 18 Sep 2023 20:53:14 +0000 (22:53 +0200)]
packages: assign PKG_CPE_ID for all missing packages
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Felix Fietkau [Wed, 27 Sep 2023 13:03:16 +0000 (15:03 +0200)]
hostapd: fix mac address of interfaces created via wdev.uc
Use the wdev config with the generated MAC address
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
0c43a48735959245f18d79a6e908d3b45cff0a94)
Felix Fietkau [Mon, 25 Sep 2023 13:36:29 +0000 (15:36 +0200)]
hostapd: fix rare crash with AP+STA and ACS enabled
Ensure that the iface disable in uc_hostapd_iface_start also clears the ACS
state.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
f1bb528ae7631c60b95499b7e8a1948c3e6a42f0)
David Bauer [Mon, 25 Sep 2023 18:58:04 +0000 (20:58 +0200)]
mpc85xx: drop WS-AP3715i label-mac
Label MAC detection does not work properly, as MAC address is assigned
on preinit. Thus, remove the label-mac definition.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
cd14b17cb00cda45819739aa63422a090e3f80e1)
Oskari Lemmela [Mon, 21 Aug 2023 05:41:37 +0000 (08:41 +0300)]
ipq806x: 5.15: revert upstream commit to fix #11676
Commit
d5a05e69ac6e4 ("net: stmmac: Use hrtimer for TX coalescing") causes
high CPU usage due to hrtimer raw spin locks.
Fixes: #11676
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
[ renumber and rename revert patch ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
John Audia [Tue, 19 Sep 2023 19:04:14 +0000 (15:04 -0400)]
kernel: bump 5.15 to 5.15.132
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.132
Removed upstreamed:
bcm53xx/patches-5.15/037-v6.6-0006-ARM-dts-BCM53573-Add-cells-sizes-to-PCIe-node.patch[1]
bcm53xx/patches-5.15/037-v6.6-0007-ARM-dts-BCM53573-Use-updated-spi-gpio-binding-proper.patch[2]
bcm53xx/patches-5.15/037-v6.6-0008-ARM-dts-BCM5301X-Extend-RAM-to-full-256MB-for-Linksy.patch[3]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.132&id=
b35f3ca1877e024887df205ede952863d65dad36
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.132&id=
2840d9b9c8750be270fb1153ccd5b983cbb5d592
3. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.132&id=
f086e859ddc252c32f0438edff241859c0f022ce
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
ac422c9788fbb3510b1fddaefc8816bea6601479)
[Refresh on top of OpenWrt 23.05]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
John Audia [Thu, 7 Sep 2023 10:55:41 +0000 (06:55 -0400)]
kernel: bump 5.15 to 5.15.131
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.131
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
58bb5e147ae50391c29c53890f47e3a5420bbfad)
[Refresh on top of OpenWrt 23.05]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Andreas Böhler [Mon, 25 Sep 2023 18:16:22 +0000 (20:16 +0200)]
ipq40xx: ZTE MF287 fix sysupgrade
While refactoring support for the MF287 series, an entry in platform.sh
was overlooked - this fixes sysupgrade on this devices.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit
964b576fc133019d0379983df597e4eb343cd635)
Oskari Rauta [Sun, 24 Sep 2023 08:29:39 +0000 (11:29 +0300)]
ccache: add missing \
-DREDIS_STORAGE_BACKEND=OFF option is ignored due to missing \
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
b61ac68b67427ce2eb2c81fa647a21d88ddd2a82)
Ivan Pavlov [Sat, 23 Sep 2023 15:09:36 +0000 (18:09 +0300)]
openssl: update to 3.0.11
Changes between 3.0.10 and 3.0.11 [19 Sep 2023]
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows. ([CVE-2023-4807])
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit
bfd54529fac075eeb70f2408042e0da03b5ec8cc)
Erik Karlsson [Wed, 6 Sep 2023 10:33:17 +0000 (12:33 +0200)]
procd: create /dev/fd symlink
This is needed for ksh/bash style process substitution such as
<(command) and >(command) which was introduced in ash as of busybox
version 1.34.0 to work.
Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
(cherry picked from commit
fdce970dbb47a6f91b08bdac21a098e77926549f)
Yuu Toriyama [Sat, 2 Sep 2023 07:21:09 +0000 (16:21 +0900)]
wireless-regdb: update to 2023.09.01
Changes:
9dc0800 wireless-regdb: Update regulatory rules for Philippines (PH)
111ba89 wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines
ae1421f wireless-regdb: Update regulatory info for Türkiye (TR)
20e5b73 wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
991b1ef wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit
0e13363de6879a1a8b7d4d2739c92122f2df693e)
Tomasz Maciej Nowak [Wed, 20 Sep 2023 17:17:46 +0000 (19:17 +0200)]
mvebu: cortexa72: enable USB PHY
Since kernel 5.13 this is needed to enable USB ports on all devices in
subtarget. Previously TF-A and COMPHY driver might have set up this PHY,
but not anymore.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit
eac192843030d16046a0d603284c2b4c89822431)
Andreas Böhler [Mon, 18 Sep 2023 10:08:18 +0000 (12:08 +0200)]
ipq40xx: ZTE MF287 series: move to gpio-export for modem-reset GPIO
Turn the "gpio-restart" node into a "gpio-export" node for all MF287
variants, similar to the MF287 Pro. Unfortunately, there doesn't seem to be
a "power button blocker" GPIO for the MF287 and MF287 Plus, so a modem
reset always triggers a system reset.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit
053f8f92d1395fa5d33b0b8f2fef44a4b926c112)
Andreas Böhler [Sat, 16 Sep 2023 19:55:01 +0000 (21:55 +0200)]
ipq40xx: refactor ZTE MF287 series
The ZTE MF287 requires a different board calibration file for ath10k than
the ZTE MF287+. The two devices receive their own DTS, thus the device tree
is slightly refactored.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit
9c7578d560708c040dc04d0db37ef682db58f6b5)
Felix Fietkau [Fri, 22 Sep 2023 17:59:09 +0000 (19:59 +0200)]
hostapd: fix patch rebase after a crash fix
The patch refresh accidentally moved the hostapd_ucode_free_iface call to
the wrong function
Fixes: e9722aef9e84 ("hostapd: fix a crash when disabling an interface during channel list update")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
3a5ad6e3d74da713c0fc7d63b8026a56d16e198b)
Felix Fietkau [Fri, 22 Sep 2023 05:58:45 +0000 (07:58 +0200)]
hostapd: fix wpa_supplicant bringup with non-nl80211 drivers
Needed for wired 802.1x
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
fd6d7aafb2c3d335a3d192c308ffdace8d292e9f)
David Bauer [Wed, 20 Sep 2023 18:59:35 +0000 (20:59 +0200)]
mpc85xx: correct WS-AP3715i eth LED assignment
Ethernet LED assignments were incorrectly swapped. Fix the assignment
logic so the correct LED is illuminated for the LAN LEDs.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
80374177449ab7fadcf7c9cd9693cc0e92feba8d)
Felix Fietkau [Wed, 20 Sep 2023 16:40:17 +0000 (18:40 +0200)]
hostapd: add missing NULL pointer check in uc_hostapd_iface_stop
Avoid crashing if the interface has already been removed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
4145ff4d8a29c1c7a1569bb06fa4d1fe9808c94f)
Felix Fietkau [Wed, 20 Sep 2023 11:43:14 +0000 (13:43 +0200)]
hostapd: fix a crash when disabling an interface during channel list update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
e9722aef9e84110331706f74f7de0942c8d657ed)
Leon M. Busch-George [Sun, 20 Aug 2023 19:08:20 +0000 (21:08 +0200)]
package: base-files: turn error into warning
Some users have their routers configured to supply a DHCP range that
includes the local interface address.
That worked with dnsmasq because it automatically skips the local
address.
Re-enable those existing configurations for the release and hint at
possible future problems.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ wrap commit description and remove unecessary text ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Felix Fietkau [Tue, 19 Sep 2023 09:46:16 +0000 (11:46 +0200)]
netifd: update to the latest version
7a58b995fdbe wireless: update prev_config on SET_DATA notify
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
f52e008d045302976d2ff40f35e91b84a5678d12)
Felix Fietkau [Tue, 19 Sep 2023 09:02:54 +0000 (11:02 +0200)]
hostapd: use phy name for hostapd interfaces instead of first-bss ifname
Improves reliability in error handling
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
a511480368a03f754aa6ce7887633247a07ea166)
Felix Fietkau [Thu, 14 Sep 2023 11:28:14 +0000 (13:28 +0200)]
mac80211: fix AP reconfiguration on DFS channels in non-ETSI regdomain
Allow grace period for DFS available after shutting down beacons on the channel
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
16889141d99d3ec1410f3b4dc22de4022dbe9057)
Felix Fietkau [Mon, 18 Sep 2023 11:05:30 +0000 (13:05 +0200)]
netifd: update to the latest version
f429bd94f99e system-linux: switch to new ETHTOOL_xLINKSETTINGS API
1a07f1dff32b make_ethtool_modes_h.sh: apply anti-bashism
3d425f16d6a6 wireless: rework and fix vlan/station config reload handling
88a3a9e2be07 wireless: clean up prev_config handling
afcd3825dad9 wireless: dynamically enable/disable virtual interfaces base on network interface autostart
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
a33f1d35155cf9579065ed76bd17e991d165170e)
Felix Fietkau [Thu, 31 Aug 2023 11:12:23 +0000 (13:12 +0200)]
hostapd: select libopenssl-legacy for openssl variants
Without it, a lot of authentication modes fail without obvious error messages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
560965d5826626e3be8c1f1db194db43cc7002cf)
Felix Fietkau [Thu, 31 Aug 2023 11:04:19 +0000 (13:04 +0200)]
hostapd: remove eap-eap192 auth type value
It is no longer used
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
b0501d380f65ae9f82173b35b820c9c6adb92493)
Felix Fietkau [Thu, 31 Aug 2023 11:02:00 +0000 (13:02 +0200)]
netifd: update to the latest version
db3934d2f740 scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support
Support the following values for the different WPA3 Enterprise modes:
- wpa3-mixed: WPA3 Enterprise transitional mode
This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
This uses only GCMP-256 ciphers
Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
8c03dc962f8e10f9fef0877a0f8d8235f619ef7d)
Felix Fietkau [Thu, 31 Aug 2023 09:16:42 +0000 (11:16 +0200)]
hostapd: support eap-eap2 and eap2 auth_type values
WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
b63df6ce5d0639e6106967fd445c96518da52afb)
Felix Fietkau [Thu, 31 Aug 2023 09:16:04 +0000 (11:16 +0200)]
hostapd: fix FILS key mgmt type for WPA3 Enterprise 192 bit
Use the SHA384 variant to account for longer keys with more security
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
f0d1349b52983400e7526f3ab57dc6a0f2cc771a)
Felix Fietkau [Thu, 22 Jun 2023 13:58:30 +0000 (15:58 +0200)]
netifd: update to the latest version
077e05f2b129 vlan/vlandev: pass through extra vlan information passed via hotplug
40fad91eb5be wireless: add network_vlan config attribute
1571e18e4a69 bridge: add support for configuring extra tagged vlans on member devices
b719f189f243 bridge: make hotplug-added vlans default to tagged
edf3aced9f9a bridge: add support for adding vlan ranges via hotplug
493e1589bc8b bridge: fix coverity false positive report
03a619947717 bridge: add support for configuring extra vlans for the bridge itself
4bea6d21a9ab wireless: fix changing reconf/serialize options in configuration
255b4d5c472e wireless: fix handling config reload with reconf=1
1ab992a74b43 wireless: fix another reconf issue
e94f7a81a039 bridge: fix config reload on 32 bit systems
8c2758b4fbbb wireless: add support for replacing data blobs at runtime
0ff22a6a68ce wireless: enable dynamic reconfiguration by default
4711f74479e2 netifd: fix disabling radio via config if reconf is being used
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
09fd59938b673ca10d4b3c46d32f18164bcdb21a)
Felix Fietkau [Tue, 29 Aug 2023 12:32:42 +0000 (14:32 +0200)]
hostapd: backport from master, including ucode based reload support
This significantly improves config reload behavior and also fixes some
corner cases related to running AP + mesh interfaces at the same time.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 10 Aug 2023 16:11:09 +0000 (18:11 +0200)]
ubus: update to the latest version
f787c97b3489 libubus: add missing uloop_fd_delete call in ubus_shutdown
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
fdadfb633f8906478974aefbbc84fee1bf508e2f)
Felix Fietkau [Tue, 6 Jun 2023 13:05:27 +0000 (15:05 +0200)]
ucode: update to the latest version
9986b839595d ci: unbreak failing builds by using fixed gh-actions-openwrt-ci-sdk
77c961e20eda ci: fix broken imx6-generic SDK build
86107a647cb0 ci: cancel concurrent builds
ed543d8bf481 ci: update the workflows
11d5f8840002 Merge pull request #151 from ynezz/ynezz/unbreak-ci
b934ce815ff2 program: fix memory leak in read_sourceinfo
b0baf043e64c Merge pull request #152 from Ansuel/fix-memory-leak
740e2501fdca main: add user specified library search paths before default path
15f1a669e8e2 struct: remove state->len
29edb011caf1 ubus: add support for strings containing null bytes
2b4346bfdc67 vm: clear vm->alloc_refs in uc_gc_common
b213bd120d55 Merge pull request #150 from nbd168/misc-improvements
66520ebe27ae vm: immediately release arguments on calls with invalid spreads
07cc72a77e3b README.md: fix debian dependencies
d048ea88fe71 compiler: fix memory leak in uc_compiler_compile_import on early exit
7b7e22dcdf02 Merge pull request #155 from luizluca/luizluca-patch-1
d656d150905e types: implement ucv_object_sort()
d72eebeb168b lib: support object ordering in `uc_sort()`
ed1f0133c870 nl80211: add constants for iftypes
3ffb046c59a6 Merge pull request #156 from nbd168/nl80211-iftypes
c7d84aae0969 Merge pull request #153 from jow-/lib-sort-object-support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
9419a50242f81b73bae2b1105c0e370385682ad1)
Felix Fietkau [Mon, 4 Sep 2023 13:28:59 +0000 (15:28 +0200)]
kernel: backport support for renaming netdevs while up
Will be used in upcoming hostapd changes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
77c45ddd86b0dff7765e30f7846cbdef34fa93ce)
Andreas Böhler [Tue, 12 Sep 2023 17:57:55 +0000 (19:57 +0200)]
ipq40xx: fix image building for ZTE MF287 series
For the ZTE MF287 series, a special recovery image is built. The Makefile
worked fine on snapshot, but created corrupt images on the 23.05 images.
By using the appropriate variable, this should be fixed.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit
a9cc3708e0c3c4869711a9ba4b9c1437ed250721)