openwrt/staging/jow.git
18 months agoopenssl: update to 3.0.9
Ivan Pavlov [Sun, 4 Jun 2023 19:34:39 +0000 (22:34 +0300)]
openssl: update to 3.0.9

CVE-2023-2650 fix
Remove upstreamed patches

Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
 * Mitigate for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
 * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms (CVE-2023-1255)
 * Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
 * Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
 * Limited the number of nodes created in a policy tree (CVE-2023-0464)

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 6348850f10545aac70db94d3a9555a4f2eb84281)

18 months agovalgrind: update to 3.21.0
Hauke Mehrtens [Wed, 31 May 2023 20:51:12 +0000 (22:51 +0200)]
valgrind: update to 3.21.0

Release Notes:
https://valgrind.org/docs/manual/dist.news.html

This improves support for the memory allocator used in musl libc 1.2.2
and later which is currently used by OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d85013460d47b538389b08506fda49e96a1968b5)

18 months agokselftests-bpf: add kernel BPF tests
Tony Ambardar [Mon, 17 May 2021 18:57:40 +0000 (11:57 -0700)]
kselftests-bpf: add kernel BPF tests

Build and package kernel self-tests used for BPF testing, program and JIT
development. This package, together with the existing 'kmod-bpf-test', was
extensively used for past upstream Linux JIT submissions [1].

Currently this includes only 'test_verifier'; building 'test_progs' will
fail due to known endian limitations with bpftool skeletons.

[1]:https://lore.kernel.org/bpf/cover.1633392335.git.Tony.Ambardar@gmail.com

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 3886ea9b87c416c080078603fedea95bcc144442)

18 months agokernel: backport libcap workaround for BPF selftests
Tony Ambardar [Tue, 29 Nov 2022 04:43:19 +0000 (20:43 -0800)]
kernel: backport libcap workaround for BPF selftests

Recent libcap versions (>= 2.60) cause problems with BPF kselftests, so
backport an upstream patch that replaces libcap and drops the dependency.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 04981c716acab6b7a81f672f217e5c47ee42a0b6)

18 months agobase-files: enable BPF JIT kallsyms by default
Tony Ambardar [Fri, 26 May 2023 08:41:18 +0000 (01:41 -0700)]
base-files: enable BPF JIT kallsyms by default

Set net.core.bpf_jit_kallsyms=1 in /etc/sysctl.d/10-default.conf.

For privileged users, this exports addresses of JIT-compiled programs to
appear in /proc/kallsyms when present, allowing their use for debugging
and in traces.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit b3aaede2a7b14f2be850db8ae0c826e2782a60e8)

18 months agorockchip: add Orange Pi R1 Plus LTS support
Tianling Shen [Tue, 30 May 2023 04:59:07 +0000 (12:59 +0800)]
rockchip: add Orange Pi R1 Plus LTS support

The OrangePi R1 Plus LTS is a minor variant of OrangePi R1 Plus with
the on-board NIC chip changed from rtl8211e to yt8531c, and otherwise
identical to OrangePi R1 Plus.

Tested-by: Volkan Yetik <no3iverson@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 32d5921b8b5508a99680ecf1626667517c2cbdb8)
[Removed patches for kernel 6.1]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
18 months agouboot-rockchip: add Orange Pi R1 Plus LTS support
Tianling Shen [Tue, 30 May 2023 04:59:07 +0000 (12:59 +0800)]
uboot-rockchip: add Orange Pi R1 Plus LTS support

Add support for the Xunlong Orange Pi R1 Plus LTS.
Manually generated of-platdata files to avoid swig dependency.

Tested-by: Volkan Yetik <no3iverson@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 37fed89166e6e21c20ef92b36106f7184a0476c6)

18 months agorockchip: add Orange Pi R1 Plus support
Tianling Shen [Tue, 30 May 2023 04:59:07 +0000 (12:59 +0800)]
rockchip: add Orange Pi R1 Plus support

Orange Pi R1 Plus is a Rockchip RK3328 based SBC by Xunlong.

This device is similar to the NanoPi R2S, and has a 16MB
SPI NOR (mx25l12805d). The reset button is changed to
directly reset the power supply, another detail is that
both network ports have independent MAC addresses.

Note: booting from SPI is currently unsupported, you have to install
the image on a SD card.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ab641efe698f4412319fcbcfe6ffde64c929cd97)
[Removed patches for kernel 6.1]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
18 months agouboot-rockchip: add Orange Pi R1 Plus support
Tianling Shen [Tue, 30 May 2023 04:59:07 +0000 (12:59 +0800)]
uboot-rockchip: add Orange Pi R1 Plus support

Add support for the Xunlong Orange Pi R1 Plus.
Manually generated of-platdata files to avoid swig dependency.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 043f8a4f5ecf00e8a62b5a5d48baba48e620ea6a)

18 months agogeneric: drop useless binfmt patch fixing compilation warning
Christian Marangi [Thu, 8 Jun 2023 01:23:53 +0000 (03:23 +0200)]
generic: drop useless binfmt patch fixing compilation warning

The compilation warning was triggered by wrongly set FRAME_WARN to 1024
even for 64bit. This was recently fix by correctly setting the
FRAME_WARN to 2048 for 64bit systems.

The compilation warning would still be triggered on 32bit system but the
actual code is never reached as ARCH_USE_GNU_PROPERTY is only set on
arm64 arch.

Drop the patch as kmalloc cause perf regression as suggested by upstream
maintainers.

Fixes: fa79baf4a6e2 ("generic: copy backport, hack, pending patch and config from 5.15 to 6.1")
Fixes: 5913ea1ba2fa ("generic: 5.15: add pending patch fixing binfmt compilation warning")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 62338f41625074640a4de9e26e5e67b010fe0ebe)

18 months agooxnas: Enable CONFIG_CRYPTO_LZ4
Jitao Lu [Sun, 4 Jun 2023 05:54:01 +0000 (13:54 +0800)]
oxnas: Enable CONFIG_CRYPTO_LZ4

Previously, CONFIG_LZ4_DECOMPRESS=y was selected by CONFIG_RD_LZ4 only.

When building kernel for initramfs, CONFIG_RD_LZ4 will be unset by
Kernel/SetInitramfs if the chosen compression method is not lz4, then
CONFIG_LZ4_DECOMPRESS will become a *module* in the newly generated
kernel config.

However, the newly added module won't be built after
38c150612cc9be488527e342db92d5c74093213f, so packaging kmod-lib-lz4
fails due to missing lz4_decompress.ko.

CONFIG_CRYPTO_LZ4=y makes CONFIG_LZ4_DECOMPRESS=y being selected w/o
CONFIG_RD_LZ4, so that the modules of the default kernel and initramfs
kernel are consistent.

Fixes: #12766
Fixes: 38c150612cc ("build: revert 54070a1 (all kernels are >= 5.10)")
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
(cherry picked from commit cc87f6629b8a120420075cd984a4e6ece6c669df)

18 months agoramips: enable LED button for TP-Link EC330-G5u v1
Mikhail Zhilkin [Sat, 3 Jun 2023 08:37:54 +0000 (08:37 +0000)]
ramips: enable LED button for TP-Link EC330-G5u v1

The device already has LED push button (KEY_LIGHTS_TOGGLE)
and exported GPIO control "led-light". This commit adds
button handler script for switching on/off all device LEDs.

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit d955b41275eaf93b7600f8eb7d706f40302f26c2)

18 months agoopenssl: fix uci config for built-in engines
Tianling Shen [Thu, 1 Jun 2023 07:22:26 +0000 (15:22 +0800)]
openssl: fix uci config for built-in engines

Built-in engine configs are added in libopenssl-conf/install stage
already, postinst/add_engine_config is just duplicating them, and
due to the lack of `config` header it results a broken uci config:

> uci: Parse error (invalid command) at line 3, byte 0

```
config engine 'devcrypto'
        option enabled '1'
engine 'devcrypto'
        option enabled '1'
        option builtin '1'
```

Add `builtin` option in libopenssl-conf/install stage and remove
duplicate engine configuration in postinst/add_engine_config to
fix this issue.

Fixes: 0b70d55a64c39d ("openssl: make UCI config aware of built-in engines")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a0d71934253f599f4ac651b1b3a429901049e802)

18 months agonetfilter: fix typo in kmod-nft-dup-inet
Kevin Darbyshire-Bryant [Mon, 29 May 2023 17:17:38 +0000 (18:17 +0100)]
netfilter: fix typo in kmod-nft-dup-inet

Fix typo of 'family' in a7e9445975

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 191742eb8ddc4353eedf71a327fb17a11c5a3a99)

18 months agox86/64: Enable IOMMU_V2 support for later CPUs
Philip Prindeville [Wed, 17 May 2023 23:12:18 +0000 (17:12 -0600)]
x86/64: Enable IOMMU_V2 support for later CPUs

Support newer IOMMU_V2 on AMD platforms, useful for DPDK and KVM.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 1eb02ce3254ef6f115640df8ac470574d6903588)

18 months agokernel: Backport mvneta crash fix to 5.15
Marek Behún [Wed, 12 Apr 2023 11:01:25 +0000 (13:01 +0200)]
kernel: Backport mvneta crash fix to 5.15

Backport Russell King's series [1]
  net: mvneta: reduce size of TSO header allocation
to pending-5.15 to fix random crashes on Turris Omnia.

This also backports two patches that are dependencies to this series:
  net: mvneta: Delete unused variable
  net: mvneta: fix potential double-frees in mvneta_txq_sw_deinit()

[1] https://lore.kernel.org/netdev/ZCsbJ4nG+So%2Fn9qY@shell.armlinux.org.uk/

Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (squashed)
(cherry picked from commit 7b31c2e9ed4da7bfeecbd393c17c249eca870717)

18 months agoapm821xx: mx60: drop nand-is-boot-medium
Christian Lamparter [Mon, 29 May 2023 22:54:16 +0000 (00:54 +0200)]
apm821xx: mx60: drop nand-is-boot-medium

it was reported that this flag caused the mx60
not to boot anymore.

Fixes: f095822699cc ("apm821xx: convert legacy nand partition layou")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
18 months agoipq40xx: convert Buffalo WTR-M2133HP to DSA
Yanase Yuki [Wed, 31 May 2023 07:41:59 +0000 (16:41 +0900)]
ipq40xx: convert Buffalo WTR-M2133HP to DSA

This commit convert WTR-M2133HP to DSA setup.

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit edb3a4162c0763ecc9d5e7660700a68a25bf28e3)

18 months agoipq806x: use new package name for NEC WG2600HP3
Yanase Yuki [Wed, 31 May 2023 07:28:31 +0000 (16:28 +0900)]
ipq806x: use new package name for NEC WG2600HP3

commit 0c45ad41e15e2255 changes ipq806x usb kmod name
from usb-phy-qcom-dwc3 to phy-qcom-ipq806x-usb, so
use new name.

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
(cherry picked from commit 93147443502e61d0a824406bef13b0b9fe250f71)

18 months agoubnt-ledbar: depend on mediatek and ramips subtargets
Tomasz Maciej Nowak [Thu, 27 Apr 2023 14:34:49 +0000 (16:34 +0200)]
ubnt-ledbar: depend on mediatek and ramips subtargets

It's only used on devices in mt7621 and mt7622 subtargets, so no reason
to compile it for others.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit e81298463ed45cd03d45837c12f4c0a4b85f6cd4)

18 months agoramips: tplink,mr600v2: fix image generation for sysupgrade image
Andreas Böhler [Sun, 2 Apr 2023 08:40:47 +0000 (10:40 +0200)]
ramips: tplink,mr600v2: fix image generation for sysupgrade image

The MR600v2 does not find its rootfs if it is neither directly after the
kernel or aligned to an erase block boundary (64k).

This aligns the rootfs to 0x10000 allowing the device to boot again. Based
on investigation by forum user relghuar.

Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 46b51e9e992884c81f4838440cd2967e67db3a79)

18 months agonetifd: update to the latest version
Felix Fietkau [Sun, 4 Jun 2023 16:37:21 +0000 (18:37 +0200)]
netifd: update to the latest version

ec9dba721245 system-linux: fix memory leak in system_bridge_vlan_check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 20ce21866e482c132df7085061f28dfdafc8a48a)

18 months agonetifd: Fix PKG_MIRROR_HASH
Hauke Mehrtens [Sat, 3 Jun 2023 12:37:37 +0000 (14:37 +0200)]
netifd: Fix PKG_MIRROR_HASH

Fix the PKG_MIRROR_HASH value for netifd.

Fixes: d2ecaaca3404 ("netifd: update to version 2023-05-31")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 21f713d5abf86fc5639b41d7f4e7535a5538d63a)

18 months agonetifd: update to version 2023-05-31
Petr Štetiar [Wed, 29 Mar 2023 08:57:17 +0000 (10:57 +0200)]
netifd: update to version 2023-05-31

Contains following changes:

 * bridge: bridge_dump_info: add dumping of bridge attributes
 * bridge: make it more clear why the config was applied
 * cmake: fix build by reordering the cflags definitions
 * treewide: fix multiple compiler warnings

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d2ecaaca3404a05ba65bb6756bc5fbd05389ed2f)

18 months agoramips: fix lzma-loader for ASIARF boards
Daniel Danzberger [Fri, 2 Jun 2023 17:36:28 +0000 (19:36 +0200)]
ramips: fix lzma-loader for ASIARF boards

This fixes a well known "LZMA ERROR 1" error, reported previously on
numerous of similar devices.

Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
(cherry picked from commit 29a5cb7a8b105ca6534bba63edcec48ae935c078)

18 months agosdk: Expose CCACHE_DIR option
Jeffery To [Mon, 5 Jun 2023 04:57:51 +0000 (12:57 +0800)]
sdk: Expose CCACHE_DIR option

As the CCACHE option is already exposed, it would be helpful to also
make the ccache directory easily customizable.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 897691fdce27868aa4c0c68de8b67e8af6f209e1)

18 months agobuild: export GIT_CEILING_DIRECTORIES for package builds
Jeffery To [Wed, 31 May 2023 13:58:34 +0000 (21:58 +0800)]
build: export GIT_CEILING_DIRECTORIES for package builds

A package may run git as part of its build process, and if the package
source code is not from a git checkout, then git may traverse up the
directory tree to find buildroot's repository directory (.git).

For instance, Poetry Core, a Python build backend, will read the
contents of .gitignore for paths to exclude when creating a Python
package. If it finds buildroot's .gitignore file, then Poetry Core will
exclude all of the package's files[1].

This exports GIT_CEILING_DIRECTORIES for both package and host builds so
that git will not traverse beyond $(BUILD_DIR)/$(BUILD_DIR_HOST).

[1]: https://github.com/python-poetry/poetry/issues/5547

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit f597f34f3afa7bba8a2606490617688f1cea5a44)

18 months agoOpenWrt v23.05.0-rc1: revert to branch defaults
Hauke Mehrtens [Tue, 6 Jun 2023 23:06:59 +0000 (01:06 +0200)]
OpenWrt v23.05.0-rc1: revert to branch defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
18 months agoOpenWrt v23.05.0-rc1: adjust config defaults
Hauke Mehrtens [Tue, 6 Jun 2023 23:06:48 +0000 (01:06 +0200)]
OpenWrt v23.05.0-rc1: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
18 months agokernel: bump 5.15 to 5.15.114
John Audia [Tue, 30 May 2023 16:17:13 +0000 (12:17 -0400)]
kernel: bump 5.15 to 5.15.114

All patches automatically rebased.

Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 223004b4d6e5d17c0ae99e15d0f4c591676b4f44)

18 months agokernel: Set CONFIG_FRAME_WARN depending on target
Hauke Mehrtens [Tue, 30 May 2023 18:21:43 +0000 (20:21 +0200)]
kernel: Set CONFIG_FRAME_WARN depending on target

This set the CONFIG_FRAME_WARN option depending on some target settings.
It will use the default from the upstream kernel and not the hard coded
value of 1024 now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 16a20512d852f6ecebf8c57cd7fa2572a06a9d0b)

18 months agoipq40xx: e2600ac-c1 remove KERNEL_SIZE
张 鹏 [Fri, 24 Feb 2023 00:58:28 +0000 (08:58 +0800)]
ipq40xx: e2600ac-c1 remove KERNEL_SIZE

Currently, e2600ac-c1 cannot be built as the kernel is larger than the defined KERNEL_SIZE,
however, there is no bootloader limit for the kernel size so remove KERNEL_SIZE completely.

Signed-off-by: 张 鹏 <sd20@qxwlan.com>
[ improve commit title, fix merge conflict ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b764268acb7ed410d1d81e783f1b0ce407efda82)

18 months agoipq40xx: add e2600ac c2 to dsa
张 鹏 [Wed, 22 Feb 2023 12:55:44 +0000 (20:55 +0800)]
ipq40xx: add e2600ac c2 to dsa

Convert E2600ac c2 to DSA and enable it.

Signed-off-by: 张 鹏 <sd20@qxwlan.com>
[ rename port to more generic name ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0dca52cf595cedcabec5d384ddc83f1954cca46d)

18 months agoipq40xx: add e2600ac c1 to dsa
张 鹏 [Wed, 22 Feb 2023 12:46:28 +0000 (20:46 +0800)]
ipq40xx: add e2600ac c1 to dsa

Convert E2600ac c1 to DSA and enable it.

Signed-off-by: 张 鹏 <sd20@qxwlan.com>
[ rename port to more generic name ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 7f2ecab0f4623e9b437b1a6656275695ac063fe4)

18 months agoairoha: spi-en7523: Fix compile warning
Hauke Mehrtens [Sat, 20 May 2023 11:56:00 +0000 (13:56 +0200)]
airoha: spi-en7523: Fix compile warning

The set_spi_clock_speed() function is not used, this causes a compile
warning which results in a build error with -WError.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2d5f3b3c4ce4c6221299f2362b3029783048f649)

18 months agoselinux-policy: update to 1.2.5
Linhui Liu [Sat, 27 May 2023 05:13:25 +0000 (13:13 +0800)]
selinux-policy: update to 1.2.5

30d503a uci jsonfilter: pipe and leak
e13cb64 rpcd leds
144781f jsonfilter, luci, ubus
1210762 rpcd and all agents get fd's leaked
ab9227c rpcd
2f99e0e luci rpcd
b43aaf3 rpcd (enable/disable services) luci peeraddr
f20f03e rpcd
7bc74f6 rpcd reads all subj state and luci-bwc leaks
9634b17 adds inotify perms to anon_inode
3d3c17c adds bare anon_inode (linux 5.15)
7104b20 dnsmasq and luci
0de2c66 luci,rpcd, ucode, wpad
14f5cf9 luci and ucode
e3ce84c rpcd, ucode and cgiio loose ends
96a2401 misc updates
9fe0490 initscript: remove redundant rules
71bd77e allow all init scripts to log to logd
f697331 sandbox: make ttydev handling more robust
a471877 simplify pty tty console access
f738984 sandbox: also remove TIOSCTI from all ttydevs

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
(cherry picked from commit 4c5a9da8699a7982b8f03b28561f955d9d1313f1)

18 months agoca-certificates: Update to version 20230311
Tianling Shen [Fri, 26 May 2023 04:09:47 +0000 (12:09 +0800)]
ca-certificates: Update to version 20230311

Update the ca-certificates and ca-bundle package from version 20211016 to
version 20230311.

Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches.

Debian change-log entry [1]:
|[...]
|[ Đoàn Trần Công Danh ]
|* ca-certificates: compat with non-GNU mktemp (closes: #1000847)
|
|[ Ilya Lipnitskiy ]
|* certdata2pem.py: use UTC time when checking cert validity
|
|[ Julien Cristau ]
|* Update Mozilla certificate authority bundle to version 2.60
|   The following certificate authorities were added (+):
|   + "Autoridad de Certificacion Firmaprofesional CIF A62634068"
|   + "Certainly Root E1"
|   + "Certainly Root R1"
|   + "D-TRUST BR Root CA 1 2020"
|   + "D-TRUST EV Root CA 1 2020"
|   + "DigiCert TLS ECC P384 Root G5"
|   + "DigiCert TLS RSA4096 Root G5"
|   + "E-Tugra Global Root CA ECC v3"
|   + "E-Tugra Global Root CA RSA v3"
|   + "HARICA TLS ECC Root CA 2021"
|   + "HARICA TLS RSA Root CA 2021"
|   + "HiPKI Root CA - G1"
|   + "ISRG Root X2"
|   + "Security Communication ECC RootCA1"
|   + "Security Communication RootCA3"
|   + "Telia Root CA v2"
|   + "TunTrust Root CA"
|   + "vTrus ECC Root CA"
|   + "vTrus Root CA"
|  The following certificate authorities were removed (-):
|  - "Cybertrust Global Root" (expired)
|  - "EC-ACC"
|  - "GlobalSign Root CA - R2" (expired)
|  - "Hellenic Academic and Research Institutions RootCA 2011"
|  - "Network Solutions Certificate Authority"
|  - "Staat der Nederlanden EV Root CA" (expired)
|* Drop trailing space from debconf template causing misformatting
|  (closes: #980821)
|
|[ Wataru Ashihara ]
|* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244)
|[...]

[1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7c83b6ac8656f9a3b005554d25857e8ed5faf3f6)

18 months agopcre2: fix host compilation of libselinux by enabling PIC
Petr Štetiar [Fri, 26 May 2023 11:08:06 +0000 (13:08 +0200)]
pcre2: fix host compilation of libselinux by enabling PIC

libselinux-3.5 fails to compile in Fedora 38 container due to the
following:

 cc -O2 -I/openwrt/staging_dir/host/include -I/openwrt/staging_dir/hostpkg/include -I/openwrt/staging_dir/target-x86_64_musl/host/include -I../include -D_GNU_SOURCE -DNO_ANDROID_BACKEND -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -I/openwrt/staging_dir/hostpkg/include -L/openwrt/staging_dir/host/lib -L/openwrt/staging_dir/hostpkg/lib -L/openwrt/staging_dir/target-x86_64_musl/host/lib -Wl,-rpath=/openwrt/staging_dir/hostpkg/lib -shared -o libselinux.so.1 avc.lo avc_internal.lo avc_sidtab.lo booleans.lo callbacks.lo canonicalize_context.lo checkAccess.lo check_context.lo checkreqprot.lo compute_av.lo compute_create.lo compute_member.lo compute_relabel.lo compute_user.lo context.lo deny_unknown.lo disable.lo enabled.lo fgetfilecon.lo freecon.lo freeconary.lo fsetfilecon.lo get_context_list.lo get_default_type.lo get_initial_context.lo getenforce.lo getfilecon.lo getpeercon.lo init.lo is_customizable_type.lo label.lo label_db.lo label_file.lo label_media.lo label_support.lo label_x.lo lgetfilecon.lo load_policy.lo lsetfilecon.lo mapping.lo matchmediacon.lo matchpathcon.lo policyvers.lo procattr.lo query_user_context.lo regex.lo reject_unknown.lo selinux_check_securetty_context.lo selinux_config.lo selinux_internal.lo selinux_restorecon.lo sestatus.lo setenforce.lo setexecfilecon.lo setfilecon.lo setrans_client.lo seusers.lo sha1.lo stringrep.lo validatetrans.lo -L/openwrt/staging_dir/hostpkg/lib -lpcre2-8 -lfts -ldl -Wl,-soname,libselinux.so.1,--version-script=libselinux.map,-z,defs,-z,relro
 /usr/bin/ld: /openwrt/staging_dir/hostpkg/lib/libpcre2-8.a(pcre2_compile.c.o): relocation R_X86_64_32S against symbol `_pcre2_ucd_stage1_8' can not be used when making a shared object; recompile with -fPIC
 /usr/bin/ld: failed to set dynamic section sizes: bad value

So lets fix it by enabling build of host static library with the
position independent code option enabled.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 12494f5b8a7bb48cbf7b2fba7d17a53981173120)

18 months agonetfilter: add kmod-nft-dup-inet
Michał Kwiatek [Thu, 18 May 2023 19:40:24 +0000 (21:40 +0200)]
netfilter: add kmod-nft-dup-inet

Add kmod-nft-dup-inet package to allow packet duplication in ip/ip6/inet nftables family

Signed-off-by: Michał Kwiatek <michal@kwiatek.it>
(cherry picked from commit a7e9445975f832db887e6044d7e84220d2a68cf1)

18 months agoRevert "feeds: use git-src-full to allow Git versioning"
Petr Štetiar [Sat, 27 May 2023 08:31:58 +0000 (10:31 +0200)]
Revert "feeds: use git-src-full to allow Git versioning"

This partially reverts commit 7fae1e5677e9bb4979c8d4ac99be4de6955b13d0
as it should be no longer necessary to do a full clone since commit
48ed07bc0b94 ("treewide: replace AUTORELEASE with real PKG_RELEASE").

Suggested-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 11bb5337b8d8b5018e48f0df415efb99e2f49d0d)
[adjusted to 23.05]
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
18 months agox86: disable CONFIG_X86_PLATFORM_DRIVERS_HP
John Audia [Thu, 25 May 2023 07:29:58 +0000 (03:29 -0400)]
x86: disable CONFIG_X86_PLATFORM_DRIVERS_HP

New config option defaulted to N for this bump.

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 3664c57e34454ce50ac7ab6de9e3983a86cde052)

18 months agoramips: correct page read return value of the mt7621 nand driver
Shiji Yang [Sun, 21 May 2023 14:51:16 +0000 (22:51 +0800)]
ramips: correct page read return value of the mt7621 nand driver

read_page() need to return maximum number of bitflips instead of the
accumulated number. Change takes from upstream mt7621 u-boot [1].

 * @read_page:  function to read a page according to the ECC generator
 *              requirements; returns maximum number of bitflips
 *              corrected in any single ECC step, -EIO hw error

[1] https://lore.kernel.org/all/cover.1653015383.git.weijie.gao@mediatek.com/

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 2fbb91d73ffecc7d033e5bb0b550d664ef9e0f91)

18 months agobase-files: x86 fix 01_leds Syntax error
Stan Grishin [Sun, 28 May 2023 04:48:26 +0000 (04:48 +0000)]
base-files: x86 fix 01_leds Syntax error

Cezary Jackiewicz reported:
| Syntax error in line /etc/board.d/01_leds#L22 - missing "\"

Fixes: c191c2d46f00 ("x86: base-files add support for Sophos 135r3/135r3w")
Reported-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(buffed up commit message)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 4b8b2f4f978d6df586dd7ce4dcc3e1286b93bd48)

18 months agolayerscape: kernel: enable MC userspace support
Pawel Dembicki [Fri, 28 Apr 2023 07:24:24 +0000 (09:24 +0200)]
layerscape: kernel: enable MC userspace support

Management Complex (MC) userspace support is required for userspace
helpers working with DPAA2 objects exported by the Management Complex BUS.

Without it, there is the error:

```
root@OpenWrt:/# ls-addni dpmac.1
error: Did not find a device file
Restool wrapper scripts only support the latest major MC version
that currently is MC10.x. Use with caution.
error: Did not find a device file
```

This patch fixes it.

Suggested-by: Alexandra Alth <alexandra@alth.de>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit d04d6a82da70f6b691409972ffd4503f339105b7)

18 months agopackage: layerscape: change loadaddr address
Pawel Dembicki [Tue, 18 Apr 2023 09:37:04 +0000 (11:37 +0200)]
package: layerscape: change loadaddr address

At this moment loadaddr in most layerscape boards are configured to
0x81000000. 5.15 kernel on some boards is bigger than 5.10 and it cause error:

Loading kernel from FIT Image at 81000000 ...

Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: ARM64 OpenWrt Linux-5.15.112
Created: 2023-05-21 17:39:35 UTC
Type: Kernel Image
Compression: gzip compressed
Data Start: 0x810000ec
Data Size: 7513944 Bytes = 7.2 MiB
Architecture: AArch64
OS: Linux
Load Address: 0x80000000
Entry Point: 0x80000000
Hash algo: crc32
Hash value: 6fd69550
Hash algo: sha1
Hash value: ee34c753ffb615e199a428762824ad4a0aaef90a
Verifying Hash Integrity ... crc32+ sha1+ OK
Loading fdt from FIT Image at 81000000 ...

Using 'config-1' configuration
Trying 'fdt-1' fdt subimage
Description: ARM64 OpenWrt fsl_ls1088a-rdb-sdboot device tree blob
Created: 2023-05-21 17:39:35 UTC
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x8172a98c
Data Size: 19794 Bytes = 19.3 KiB
Architecture: AArch64
Hash algo: crc32
Hash value: 59792ba3
Hash algo: sha1
Hash value: 135585a49f86cd85acea559b78b0098ae99d5e12
Verifying Hash Integrity ... crc32+ sha1+ OK
Booting using the fdt blob at 0x8172a98c
Uncompressing Kernel Image
ERROR: new format image overwritten - must RESET the board to recover
resetting ...

This patch changes loadaddr to 0x88000000 (like LS1012A-FRDM board) to
avoid overlapping for bigger images (like initramfs) too.

Tested-by: Alexandra Alth <alexandra@alth.de> [LS1088ARDB]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit 0822040671e6177020892e0ddbdfafd4bb3690e0)

18 months agomediatek: sync MT7988 USXGMII with SDK driver
Daniel Golle [Sat, 27 May 2023 20:03:40 +0000 (21:03 +0100)]
mediatek: sync MT7988 USXGMII with SDK driver

The USXGMII driver in SDK was heavily refactored, some bugs have been
fixed and it has switched to use phylink_pcs. Follow up with changes
in SDK driver and sync our on-top-of-mainline driver with the SDK
driver.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ba58245e83714de5f47b4b0fc0369930c3661cab)

18 months agomediatek: follow-up with renamed Build/bl2 and Build/bl31-uboot
Daniel Golle [Sat, 27 May 2023 20:49:55 +0000 (21:49 +0100)]
mediatek: follow-up with renamed Build/bl2 and Build/bl31-uboot

Use renamed build step names for all boards which were not handled by
commit c620409d58 ("mediatek: filogic: add uboot build for mt7981")
and now breaking the build.

Fixes: c620409d58 ("mediatek: filogic: add uboot build for mt7981")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 037ce27244b52fe4c0e2bd15f4a16973c64df93f)

18 months agomediatek: filogic: add Qihoo 360T7 support
Chukun Pan [Sat, 29 Apr 2023 15:08:26 +0000 (23:08 +0800)]
mediatek: filogic: add Qihoo 360T7 support

Hardware specification:
  SoC: MediaTek MT7981B 2x A53
  Flash: ESMT F50L1G41LB 128MB
  RAM: MT5CC128M16JR-EK 256MB
  Ethernet: 4x 10/100/1000 Mbps
  Switch: MediaTek MT7531AE
  WiFi: MediaTek MT7976C
  Button: Reset, WPS
  Power: DC 12V 1A

Flash instructions:
  1. Attach UART, boot the stock firmware until
     the message about failsafe mode appears.
  2. Enter failsafe mode by pressing "f" and "Enter"
  3. Type "mount_root", then run
     "fw_setenv bootmenu_delay 3"
  4. Back up all mtd partitions before flashing.
  5. Reboot, U-Boot now presents a menu.
  6. Connect to your PC via the Gigabit port of the router,
     set a static ip on the ethernet interface of your PC.
     (ip 192.168.1.254, gateway 192.168.1.1)
  7. Select "Upgrade ATF BL2", then use this file:
     openwrt-mediatek-filogic-qihoo_360t7-preloader.bin
  8. Select "Upgrade ATF FIP", then use this file:
     openwrt-mediatek-filogic-qihoo_360t7-bl31-uboot.fip
  9. Download the initramfs image, and type "reset",
     waiting for tftp recovery to complete.
  a. After openwrt boots up, perform sysupgrade.

Note:
  1. Since NMBM is disabled, we must back up all partitions.
  2. Flash instructions is based on commit 28df7f7.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit dc2d4d73939c3d86a8e9d968c5c3462f92771bc6)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agouboot-mediatek: add Qihoo 360T7 support
Chukun Pan [Fri, 28 Apr 2023 15:36:17 +0000 (23:36 +0800)]
uboot-mediatek: add Qihoo 360T7 support

The vendor uboot will verify firmware at boot.
So add a custom uboot build for this device.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit c51eb177308835f811ae43b17dde0ea962ed1df1)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agoarm-trusted-firmware-mediatek: add build for MT7981 DDR3
Chukun Pan [Wed, 26 Apr 2023 15:28:31 +0000 (23:28 +0800)]
arm-trusted-firmware-mediatek: add build for MT7981 DDR3

Add new build option BOARD_QFN/BOARD_BGA.
This option is only useful for MT7981 device.
MT7981A/B: BOARD_BGA, MT7981C: BOARD_QFN.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 602cb4f3259cb676fcf6fa6c459d598df643653b)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomediatek: filogic: add uboot build for mt7981
Chukun Pan [Tue, 25 Apr 2023 15:06:20 +0000 (23:06 +0800)]
mediatek: filogic: add uboot build for mt7981

Rename previous uboot build to mt7986-*.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit c620409d58a29d49ceccf838e90e030610c06611)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomediatek: mt7981: add reserved memory to support pstore
Alexander Couzens [Sun, 19 Mar 2023 18:00:51 +0000 (19:00 +0100)]
mediatek: mt7981: add reserved memory to support pstore

Add reserved memory for pstore/ramoops to device tree used by Linux
as well as U-Boot.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3eb354f999a3687f9ae547899b0f5ec2b10185ab)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomediatek: cleanly backport and add fix for I2C driver
Daniel Golle [Fri, 26 May 2023 12:49:02 +0000 (13:49 +0100)]
mediatek: cleanly backport and add fix for I2C driver

Pick accepted patches from upstream Linux tree instead of having to
maintain our slightly different downstream patches.
Import pending patch fixing I2C on MT7981 by making sure all clocks
are enabled before accessing I2C registers.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 213b7282760506ffab9151a20347d65ea70ed916)

18 months agoramips: mark patches accepted upstream
Nick Hainke [Tue, 23 May 2023 14:47:42 +0000 (16:47 +0200)]
ramips: mark patches accepted upstream

Add kernel tags to the patches that got accepted upstream.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 2388b119de9279d7adaa525c7ba502fcae1fe187)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomediatek: fix, clean and unify SD card image generation
Daniel Golle [Fri, 26 May 2023 09:26:49 +0000 (10:26 +0100)]
mediatek: fix, clean and unify SD card image generation

Make sure sub-images on the SD card are size-checked, allow
generating SD card without squashfs and/or initramfs.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 43d27b02522c100b0c625d4b22f4bb6ad83c166f)

18 months agokernel: bump 5.15 to 5.15.113
John Audia [Wed, 24 May 2023 19:10:44 +0000 (15:10 -0400)]
kernel: bump 5.15 to 5.15.113

All patches automatically rebased.

Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit c815ecdebd77c3484f2cd0ef21e4c69d274ef33a)

18 months agoCI: use toolchain container for label workflow
Christian Marangi [Sun, 28 May 2023 01:44:01 +0000 (03:44 +0200)]
CI: use toolchain container for label workflow

Use toolchain container for label workflow to skip downloading external
toolchain from openwrt servers.

Fixes: 0fe5776f4a79 ("CI: build: Add support to use container included external toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 66fd0aa6efac3690fdc46c94a4657faacf3070dd)

18 months agoCI: don't add "" in target and subtarget for label workflow
Christian Marangi [Sat, 27 May 2023 17:53:15 +0000 (19:53 +0200)]
CI: don't add "" in target and subtarget for label workflow

Don't add "" in target and subtarget for label workflow from label
detection as it does cause problem in build workflow on container
target/subtarget matching.

Fixes: bf8187d5dc4d ("CI: use split target and subtarget in label workflow")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1fa84354a963eb71eca9e67a1fc7f99a53016a5c)

18 months agoCI: build: fix parse toolchain step failing for git strict rules
Christian Marangi [Thu, 25 May 2023 00:44:21 +0000 (02:44 +0200)]
CI: build: fix parse toolchain step failing for git strict rules

Commit 1cb8cdb ("ci: use new buildbot worker images with Debian 11")
introduced new Git version with strict rules for owner of the git
directory.

To handle this and not cause major change, just move the parsing before
the change of ownership of the openwrt directory permitting the correct
run of git fetch command with the same user that did the repository
checkout.

Fixes: 1cb8cdb ("ci: use new buildbot worker images with Debian 11")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0063e71d66766818fba286efe2a0ed8746c265e5)

18 months agoCI: correctly output subtarget in label workflow
Christian Marangi [Thu, 25 May 2023 21:09:59 +0000 (23:09 +0200)]
CI: correctly output subtarget in label workflow

Commit bf8187d5dc4d ("CI: use split target and subtarget in label
workflow") didn't correctly output subtarget resulting in calling with
an empty subtarget. Fix this and correctly output generated subtarget.

Fixes: bf8187d5dc4d ("CI: use split target and subtarget in label workflow")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 8aa5a860101cc3f8d35ca968746320495c4b469e)

18 months agoCI: use split target and subtarget in label workflow
Christian Marangi [Thu, 25 May 2023 16:24:00 +0000 (18:24 +0200)]
CI: use split target and subtarget in label workflow

With eecc6e48117b ("CI: rework build workflow to have split target and
subtarget directly") target and subtarget are split in 2 different
variables. Label workflow were not aligned to this change and are
currently broken.

Fix them and correctly pass split target and subtarget.

Fixes: eecc6e48117b ("CI: rework build workflow to have split target and subtarget directly")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit bf8187d5dc4d4bbb23770955744bca1787f32ac0)

18 months agogeneric: filter out CONFIG_PAHOLE_HAS_SPLIT_BTF
Robert Marko [Mon, 22 May 2023 21:42:13 +0000 (23:42 +0200)]
generic: filter out CONFIG_PAHOLE_HAS_SPLIT_BTF

CONFIG_PAHOLE_HAS_SPLIT_BTF should be runtime detected as it depends on
pahole being available on the host, so filter it out of configs.

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 3591353f5143fc46e31f921484177a9d6f1089a2)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agobpftools: update, split off bpftool and libbpf packages
Tony Ambardar [Sun, 21 May 2023 09:14:37 +0000 (02:14 -0700)]
bpftools: update, split off bpftool and libbpf packages

My original bpftools package made "variant" builds of bpftool and libbpf
as a convenience, since both used the same local kernel sources with the
same versioning. This is no longer the case, since the commit below
switched to using an out-of-tree build mirror hosting repos for each.

Replace bpftools with separate bpftool and libbpf packages, each simplified
and correctly versioned. Also fix the broken libbpf ABI introduced in the
same commit. Existing build .config files are not impacted.

Fixes: 00cbf6f6ab1d ("bpftools: update to standalone bpftools + libbpf, use the latest version")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit afe1bf11f2539f75e30ab3206891dbe6f8c43bd5)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agoRevert "kernel: add MODULE_ALLOW_BTF_MISMATCH option"
Daniel Golle [Wed, 24 May 2023 08:27:29 +0000 (09:27 +0100)]
Revert "kernel: add MODULE_ALLOW_BTF_MISMATCH option"

This reverts commit c07038da27cefa5a93e433909b9aca594386ddc1.
MODULE_ALLOW_BTF_MISMATCH is not available in Linux 5.15.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomediatek: add basic mt7988 device tree support
Sam Shih [Sun, 19 Feb 2023 02:18:36 +0000 (10:18 +0800)]
mediatek: add basic mt7988 device tree support

This add basic device tree support for mediatek MT7988 SoC

Signed-off-by: Sam Shih <sam.shih@mediatek.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e3a681bab4b2c193704e76b8a6091e57f0fab14e)

18 months agomediatek: backport cpufreq changes to support MT7988
Daniel Golle [Sun, 30 Apr 2023 17:03:00 +0000 (18:03 +0100)]
mediatek: backport cpufreq changes to support MT7988

Backport cpufreq changes from upstream so that the MediaTek MT7988 SoC
can be supported.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e4555d69a1c7c811188d8e257e77ac917d15f492)

18 months agomediatek: filogic: add driver for Richtek RT5190A regulator
Daniel Golle [Sun, 30 Apr 2023 16:13:33 +0000 (17:13 +0100)]
mediatek: filogic: add driver for Richtek RT5190A regulator

The Richtek RT5190A is used on the MT7988 reference board. Backport and
enable the driver on the filogic subtarget, so we can support cpufreq
on the MT7988 reference board.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit a3cf3e2c489d5b6f534d1b4d6f7b462f81c9c141)

18 months agomediatek: add driver for built-in 2.5G Ethernet PHY
Daniel Golle [Sun, 30 Apr 2023 16:41:22 +0000 (17:41 +0100)]
mediatek: add driver for built-in 2.5G Ethernet PHY

Add driver for the built-in 2.5G Ethernet PHY found in the MT7988 SoC.
To function the PHY also needs firmware files which have not yet been
published via linux-firmware.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ef2a831dabacfda6c36c79b8f963b5fdd9b2d080)

18 months agomediatek: update pending SoC Ethernet PHY driver
Daniel Golle [Sun, 30 Apr 2023 16:34:55 +0000 (17:34 +0100)]
mediatek: update pending SoC Ethernet PHY driver

Update driver for MediaTek's built-in Gigabit Ethernet PHYs which can be
found in the MT7981 and MT7988 SoCs.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 987a0b2b3011a9e5ee3e4120b068fb2f113628a7)

18 months agogeneric: mt7530: backport support for the MT7988 built-in switch
Daniel Golle [Sun, 30 Apr 2023 13:32:03 +0000 (14:32 +0100)]
generic: mt7530: backport support for the MT7988 built-in switch

Backport commits adding support for the MT7988 built-in switch to the
mt7530 driver.

This change results in the Kconfig symbol NET_DSA_MT7530 to be extended
by NET_DSA_MT7530_MDIO (everything formally covered by NET_DSA_MT7530)
and NET_DSA_MT7530_MMIO (a new driver for the MMIO-connected built-in
switch of the MT7988 SoC).

Select NET_DSA_MT7530_MDIO for all targets previously selecting
NET_DSA_MT7530, with the exception of mediatek/filogic which also
selects NET_DSA_MT7530_MMIO.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 958fdf36e35c814eb83faf2c39db4ca379c921b5)

18 months agogeneric: add support for MediaTek NETSYS v3
Daniel Golle [Sun, 30 Apr 2023 16:16:12 +0000 (17:16 +0100)]
generic: add support for MediaTek NETSYS v3

In order to support Ethernet on the MT7988 SoC add support for NETSYS v3
as well as new paths and USXGMII SerDes to the mtk_eth_soc driver.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6983a215d9d1966f95bc5b1c0045c200948b2079)

18 months agomediatek: add mt7988 pinctrl driver support
Sam Shih [Sun, 19 Feb 2023 02:15:10 +0000 (10:15 +0800)]
mediatek: add mt7988 pinctrl driver support

This adds provisional pinctrl driver support for the MediaTek MT7988 SoC.

Signed-off-by: Sam Shih <sam.shih@mediatek.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9e6a7e808f2e9dd02733ccc41827940fb421091d)

18 months agomediatek: add mt7988 clock drivers support
Sam Shih [Sun, 19 Feb 2023 02:11:50 +0000 (10:11 +0800)]
mediatek: add mt7988 clock drivers support

This adds clock drivers for the MediaTek MT7988 SoC

Signed-off-by: Sam Shih <sam.shih@mediatek.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit b33c1858767e5109913ac2195ec2b2b8ef0e726a)

18 months agomediatek: mt7981: setup all clocks needed for eMMC
Daniel Golle [Tue, 23 May 2023 01:14:32 +0000 (02:14 +0100)]
mediatek: mt7981: setup all clocks needed for eMMC

Setup all necessary clocks to get MMC to work on MT7981, similar to
how it is done also on MT7986.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit a9989b30d01e534288928d7ef48df3eb9fe3150b)

18 months agomediatek: mt7981: usb enable 3.0 by default
Chukun Pan [Mon, 1 May 2023 15:20:28 +0000 (23:20 +0800)]
mediatek: mt7981: usb enable 3.0 by default

There is no reason to limit USB to 2.0 mode
by default, delete this limit.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit b2beb4c68849c804a8b9441f776a6918d433fb1e)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agokernel: enable (ARM|ARM64)_MODULE_PLTS in generic config
Tony Ambardar [Fri, 5 May 2023 02:17:35 +0000 (19:17 -0700)]
kernel: enable (ARM|ARM64)_MODULE_PLTS in generic config

This allows loading modules with large memory requirements, recently needed
while testing on armvirt/32. Past forum discussions [1] and bug reports [2]
also raised this and the ipq806x target already set it in response [3].
Given this increases kernel image size by only ~1KB, is generally useful on
multi-platform kernels, and enabled by default on upstream arm32 Linux, add
it to the generic config.

The setting has similar utility on arm64, is a requirement for KASLR, and
already enabled on most OpenWrt aarch64 targets, so pull this into the
top-level generic config.

[1]: https://forum.openwrt.org/t/vmap-allocation-for-size-442368-failed-use-vmalloc-size-to-increase-size/34545/7
[2]: https://github.com/openwrt/openwrt/issues/8282
[3]: f81e148eb6 ("ipq806x: update 4.19 kernel config").

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit c2d194a34eb1a62a610f0437287db6c3eca64d5a)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomediatek: mt7623: build SD card without all filesystems
Daniel Golle [Mon, 22 May 2023 21:58:58 +0000 (22:58 +0100)]
mediatek: mt7623: build SD card without all filesystems

Allow building SD card images without having both initramfs and squashfs
present on the card, just like it has already been done for the mt7622
and filogic subtargets.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d6fef27f2dd4a852ed7846e4aa5f06dcd8df91b6)

18 months agobusybox: update to 1.36.1
Nick Hainke [Sun, 21 May 2023 21:54:31 +0000 (23:54 +0200)]
busybox: update to 1.36.1

Release Notes:
http://lists.busybox.net/pipermail/busybox-cvs/2023-May/041510.html

Refresh commands, run after busybox is first built once (nothing changed
compared to 1.36.0):

  cd package/utils/busybox/config/
  ../convert_menuconfig.pl ../../../../build_dir/target-mipsel_24kc_musl/busybox-default/busybox-1.36.1
  cd ..
  ./convert_defaults.pl ../../../build_dir/target-mipsel_24kc_musl/busybox-default/busybox-1.36.1/.config > Config-defaults.in

Manual edits needed afterward:

* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6

* Config-defaults.in: OpenWrt config TARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)

* Config-defaults.in: OpenWrt logic applied to
  BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)

* Config-defaults.in: correct the default ports that get reset
  BUSYBOX_DEFAULT_FEATURE_HTTPD_PORT_DEFAULT    80
  BUSYBOX_DEFAULT_FEATURE_TELNETD_PORT_DEFAULT  23

* config/editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)

* config/shell/Config.in: change at "Options common to all shells" the conditional symbol
  SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
  (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
  Apparently our script does not see the hidden option while
  prepending config options with "BUSYBOX_CONFIG_" which leads to a
  missed dependency when the options are later evaluated.)

* Edit a few Config.in files by adding quotes to sourced items in
  config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)

Tested-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 3b76f6eee430a107a0970583c1aa215b35f7e3e4)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agolibxml2: update to 2.11.4
Nick Hainke [Sun, 21 May 2023 21:21:14 +0000 (23:21 +0200)]
libxml2: update to 2.11.4

Release Notes:
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit c520d682f02890afb38e43b862ca856e2b933507)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agolibcap: update to 2.69
Nick Hainke [Sun, 21 May 2023 21:25:52 +0000 (23:25 +0200)]
libcap: update to 2.69

Release Notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe

Fixes: CVE-2023-2602 CVE-2023-2603
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 78c45c1e591ce5aeff9fb7eeae049662c4ac4ef2)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agolldpd: update to 1.0.17
Nick Hainke [Sun, 21 May 2023 21:36:01 +0000 (23:36 +0200)]
lldpd: update to 1.0.17

Release Notes:
https://github.com/lldpd/lldpd/releases/tag/1.0.17

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 17fbbafdcbc55d6ab3d357012f336941fa27d43e)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomediatek: add support for Zyxel EX5601-T0 router
Pietro Ameruoso [Mon, 22 May 2023 07:52:47 +0000 (09:52 +0200)]
mediatek: add support for Zyxel EX5601-T0 router

Zyxel EX5601-T0 specifics
--------------
The operator specific firmware running on the Zyxel branded
EX5601-T0 includes  U-Boot modifications affecting the OpenWrt
installation.

Partition Table
| dev  | size     | erasesize | name          |
| ---- | -------- | --------- | ------------- |
| mtd0 | 20000000 | 00040000  | "spi0.1"      |
| mtd1 | 00100000 | 00040000  | "BL2"         |
| mtd2 | 00080000 | 00040000  | "u-boot-env"  |
| mtd3 | 00200000 | 00040000  | "Factory"     |
| mtd4 | 001c0000 | 00040000  | "FIP"         |
| mtd5 | 00040000 | 00040000  | "zloader"     |
| mtd6 | 04000000 | 00040000  | "ubi"         |
| mtd7 | 04000000 | 00040000  | "ubi2"        |
| mtd8 | 15a80000 | 00040000  | "zyubi"       |

The router boots BL2 which than loads FIP (u-boot).
U-boot has hardcoded a command to always launch Zloader "mtd read zloader 0x46000000" and than "bootm". Bootargs are deactivated.
Zloader is the zyxel booloader which allow to dual-boot ubi or ubi2, by default access to zloader is blocked.
Too zloader checks that the firmware contains a particolar file called zyfwinfo.
Additional details regarding Zloader can be found here:
https://hack-gpon.github.io/zyxel/
https://forum.openwrt.org/t/adding-openwrt-support-for-zyxel-ex5601-t0/155914

Hardware
--------
SOC: MediaTek MT7986a
CPU: 4 core cortex-a53 (2000MHz)
RAM: 1GB DDR4
FLASH: 512MB SPI-NAND (Micron xxx)
WIFI: Wifi6 Mediatek MT7976 802.11ax 5 GHz 4x4 + 2.4GHZ 4x4
ETH: MediaTek MT7531 Switch + SoC
3 x builtin 1G phy (lan1, lan2, lan3)
1 x MaxLinear GPY211B 2.5 N-Base-T phy5 (lan4)
1 x MaxLinear GPY211B 2.5Gbit xor SFP/N-Base-T phy6 (wan)
USB: 1 x USB 3.2 Enhanced SuperSpeed port
UART: 3V3 115200 8N1 (Pinout: GND KEY RX TX VCC)
VOIP: 2 FXS ports for analog phones

MAC Address Table
-----------------
eth0/lan    Factory 0x002a
eth1/wan    Factory 0x0024
wifi 2.4Ghz Factory 0x0004
wifi 5Ghz   Factory 0x0004 + 1

Serial console (UART)
---------------------
+-------+-------+-------+-------+-------+
| +3.3V |  RX   |  TX   |  KEY  |  GND  |
+---+---+-------+-------+-------+-------+
    |
    +--- Don't connect

Installation
------------
Keep in mind that openwrt can only run on the UBI partition, the openwrt firmware is not able to understand the zloader bootargs.
The procedure allows restoring the UBI partition with the Zyxel firmware and retains all the OEM functionalities.

1. Unlock Zloader (this will allow to swap manually between partitions UBI and UBI2):
- Attach a usb-ttl adapter to your computer and boot the router.
- While the router is booting at some point you will read the following: `Please press Enter to activate this console.`
- As soon as you read that press enter, type root and than press enter again (just do it, don't care about the logs scrolling).
- Most likely the router is still printing the boot log, leave it boot until it stops.
- If everything went ok you should have full root access "root@EX5601-T0:/#".
- Type the following command and press enter: "fw_setenv EngDebugFlag 0x1".
- Reboot the router.
- As soon as you read `Hit any key to stop autoboot:` press Enter.
- If everything went ok you should have the following prompt: "ZHAL>".
- You have successfully unlocked zloader access, this procedure must be done only once.

2. Check the current active partition:
- Boot the router and repeat the steps above to gain root access.
- Type the following command to check the current active image: "cat /proc/cmdline".
- If `rootubi=ubi` it means that the active partition is `mtd6`
- If `rootubi=ubi2` it means that the active partition is `mtd7`
- As mentioned earlier we need to flash openwrt into ubi/mtd6 and never overwrite ubi2/mtd7 to be able to fully roll-back.
- To activate and boot from mtd7 (ubi2) enter into ZHAL> command prompt and type the following commands:
atbt 1  # unlock write
atsw    # swap boot partition
atsr    # reboot the router
- After rebooting check again with "cat /proc/cmdline" that you are correctly booting from mtd7/ubi2
- If yes proceed with the installation guide. If not probably you don't have a firmware into ubi2 or you did something wrong.

3. Flashing:
- Download the sysupgrade file for the router from openwrt, than we need to add the zyfwinfo file into the sysupgrade tar.
Zloader only checks for the magic (which is a fixed value 'EXYZ') and the crc of the file itself (256bytes).
I created a script to create a valid zyfwinfo file but you can use anything that does exactly the same:
https://raw.githubusercontent.com/pameruoso/OpenWRT-Zyxel-EX5601-T0/main/gen_zyfwinfo.sh
- Add the zyfwinfo file into the sysupgrade tar.
- Enter via telnet or ssh into the router with admin credentials
- Enter the following commands to disable the firmware and model checks
"zycli fwidcheck off" and "zycli modelcheck off"
- Open the router web interface and in the update firmware page select the "restore default settings option"
- Select the sysupgrade file and click on upload.
- The router will flash and reboot itself into openwrt from UBI

4. Restoring and going back to Zyxel firmware.
- Use the ZHAL> command line to manually swap the boot parition to UBI2 with the following:
atbt 1  # unlock write
atsw    # swap boot partition
atsr    # reboot the router
- You will boot again the Zyxel firmware you have into UBI2 and you can flash the zyxel firmware to overwrite the UBI partition and openwrt.

Working features
----------------
3 gbit lan ports
Wifi
Zyxel partitioning for coexistance with Zloader and dual boot.
WAN SFP port (only after exporting pins 57 and 10. gpiobase411)
leds
reset button
serial interface
usb port
lan ethernet 2.5 gbit port (autosense)
wan ethernet 2.5 gbit port (autosense)

Not working
----------------
voip (missing drivers or proper zyxel platform software)

Swapping the wan ethernet/sfp xor port
----------------
The way to swap the wan port between sfp and ethernet is the following:
export the pins 57 and 10.
Pin 57 is used to probe if an sfp is present.
If pin 57 value is 0 it means that an sfp is present into the cage (cat /sys/class/gpio/gpio468/value).
If pin 57 value is 1 it means that no sfp is inserted into the cage.
In conclusion by default both 57 an 10 pins are by default 1, which means that the active port is the ethernet one.
After inserting an SFP pin 57 will become 0 and you have to manually change the value of pin 10 to 0 too.
This is totally scriptable of course.

Leds description
------------
All the leds are working out of the box but the leds managed by the 2 maxlinear phy (phy 5 lan, phy6 wan).
To activate the phy5 led (rj45 ethernet port led on the back of the router) you have to use mdio-tools.
To activate the phy6 led (led on the front of the router for 2.5gbit link) you have to use mdio-tools.
Example:
Set lan5 led to fast blink on 2500/1000, slow blink on 10/100:
mdio mdio-bus mmd 5:30 raw 0x0001 0x33FC

Set wan 2.5gbit led to constant on when wan is 2.5gbit:
mdio mdio-bus mmd 6:30 raw 0x0001 0x0080

Signed-off-by: Pietro Ameruoso <p.ameruoso@live.it>
(cherry picked from commit 1c05388ab04c934ec240e8362321908f91381a90)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agoCI: rework build workflow to have split target and subtarget directly
Christian Marangi [Mon, 22 May 2023 14:47:08 +0000 (16:47 +0200)]
CI: rework build workflow to have split target and subtarget directly

Instead of referring to a redundant job and ENV variables, rework build
workflow to accept and require split target and subtarget and use them
directly from inputs.

Rework each user and pass a JSON of tuple to matrix include with each
target/subtarget combination to test. Special notice this doesn't use
the github actions matrix combination feature but reference each
specific tuple of target and subtarget to test.

Just a cleanup no behaviour change intended.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit eecc6e48117be26c2eefd9257cceb9d9b1e842f2)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agoCI: check-kernel-patches: use buildbot user on git diff check
Christian Marangi [Mon, 22 May 2023 13:27:48 +0000 (15:27 +0200)]
CI: check-kernel-patches: use buildbot user on git diff check

Use buildbot user on git diff check instead of using git config
safe directory.

This should accomplish the same result but should be a better approach
following safe practice enforced by git.

Fixes: a7747e8670cb ("ci: fix check kernel patches job")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6c80a578a4428c81fd92e0a2abe95dacfa20c008)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agoath79: add support for D-Link DIR-859 A3
Shiji Yang [Fri, 5 May 2023 01:50:36 +0000 (01:50 +0000)]
ath79: add support for D-Link DIR-859 A3

Specifications:
  SOC:      QCA9563 775 MHz + QCA9880
  Switch:   QCA8337N-AL3C
  RAM:      Winbond W9751G6KB-25 64 MiB
  Flash:    Winbond W25Q128FVSG 16 MiB
  WLAN:     Wi-Fi4 2.4 GHz 3*3 + 5 GHz 3*3
  LAN:      LAN ports *4
  WAN:      WAN port *1
  Buttons:  reset *1 + wps *1
  LEDs: ethernet *5, power, wlan, wps

MAC Address:
  use      address               source1          source2
  label    40:9b:xx:xx:xx:3c     lan && wlan      u-boot,env@ethaddr
  lan      40:9b:xx:xx:xx:3c     devdata@0x3f     $label
  wan      40:9b:xx:xx:xx:3f     devdata@0x8f     $label + 3
  wlan2g   40:9b:xx:xx:xx:3c     devdata@0x5b     $label
  wlan5g   40:9b:xx:xx:xx:3e     devdata@0x76     $label + 2

Install via Web UI:
  Apply factory image in the stock firmware's Web UI.

Install via Emergency Room Mode:
  DIR-859 A1 will enter recovery mode when the system fails to boot
  or press reset button for about 10 seconds.

  First, set computer IP to 192.168.0.5 and Gateway to 192.168.0.1.
  Then we can open http://192.168.0.1 in the web browser to upload
  OpenWrt factory image or stock firmware. Some modern browsers may
  need to turn on compatibility mode.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 0ffbef9317a1dc049ad259c1ec1530355efc0552)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agoath79: improve support for D-Link DIR-8x9 A1 series
Shiji Yang [Sat, 20 May 2023 12:35:51 +0000 (20:35 +0800)]
ath79: improve support for D-Link DIR-8x9 A1 series

1. Remove unnecessary new lines in the dts.
2. Remove duplicate included file "gpio.h" in the device dts.
3. Add missing button labels "reset" and "wps".
4. Unify the format of the reg properties.
5. Add u-boot environment support.
6. Reduce spi clock frequency since the max value suggested by the
   chip datasheet is only 25 MHz.
7. Add seama header fixup for DIR-859 A1. Without this header fixup,
   u-boot checksum for kernel will fail after the first boot.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit e5d8739aa846db621b6368ba83db17c353a35dea)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agoath79: enable NVMEM u-boot-env driver on generic subtarget
INAGAKI Hiroshi [Thu, 13 Oct 2022 02:20:10 +0000 (11:20 +0900)]
ath79: enable NVMEM u-boot-env driver on generic subtarget

This patch enables NVMEM u-boot-env driver (COFNIG_NVMEM_U_BOOT_ENV) on
generic subtarget to use from devices, for MAC address and etc.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
(cherry picked from commit e8f7957450e2dcbeb90492c711a973d2cf0ebbfc)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agouml: exclude some /arch/x86 optimizations
Christian Lamparter [Sun, 21 May 2023 17:05:03 +0000 (19:05 +0200)]
uml: exclude some /arch/x86 optimizations

The x86_64 UML target wants to include SSSE3 optimized
crypto code which lives under /arch/x86/crypto.

However, these are not built and this causes an error.
| ERROR: module '[...]/arch/x86/crypto/sha512-ssse3.ko' is missing.
| make[3]: *** [modules/crypto.mk:990: [...]/kmod-crypto-sha512_5.15.112-1_x86_64.ipk] Error 1

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 959563fb813890e478bf0a51523cd84d54b9af91)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agouml: fix build error due to frame size > 1024
Christian Lamparter [Sun, 21 May 2023 16:30:14 +0000 (18:30 +0200)]
uml: fix build error due to frame size > 1024

the UML build fails during the kernel build:
| arch/um/drivers/net_kern.c: In function 'compute_hash':
| arch/um/drivers/net_kern.c:322:1: error: the frame size of 1072 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
|  322 | }
|      | ^
|cc1: all warnings being treated as errors

The compute_hash() function is added by our patch:
102-pseudo-random-mac.patch

Instead of allocating a 1024 byte buffer on the stack for the SHA1
digest input, let's allocate the data on the heap. We should be
able to do that since crypto_alloc_ahash and ahash_request_alloc
also need to allocate structures on the heap.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit aed2569d3780cab1a1a2d75c9f9e3fe413a9844d)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agomac80211: brcm: drop brcmfmac patch waiting for register_wiphy()
Rafał Miłecki [Wed, 17 May 2023 09:58:16 +0000 (11:58 +0200)]
mac80211: brcm: drop brcmfmac patch waiting for register_wiphy()

That was a workaround for OpenWrt generation of config files. This patch
was used to postpone returning from probe function until loading
firmware and calling register_wiphy().

All of that is not needed anymore thanks to the ieee80211 hotplug.d
script introduced in the commit 5f8f8a366136 ("base-files, mac80211,
broadcom-wl: wifi detection and configuration"). That takes care of
generating /etc/config/wireless entries even if wireless device appears
late in the booting process.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit bd262663142e90f64f1c256b3e6b2b979c1022c0)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
18 months agokernel: qca-ssdk: backport support for building as kernel module
Robert Marko [Tue, 23 May 2023 12:55:48 +0000 (14:55 +0200)]
kernel: qca-ssdk: backport support for building as kernel module

Currently, SSDK is rather special in the sense that its not being built as
a proper out of tree module at all but rather like a userspace application
and that involves a lot of make magic which unfortunately broke with make
version 4.4 and newer.

Luckily QCA finally added a way to build SSDK as an out of tree module
and it uses the kernel buildsystem which makes it compile with make 4.4
as well.
So lets backport the support for it and switch to using it.

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 957f1ee85eb243c5c7397b1e3842a3c61a6b852f)

18 months agoci: push-containers: trigger job on release branching
Petr Štetiar [Tue, 23 May 2023 14:56:09 +0000 (16:56 +0200)]
ci: push-containers: trigger job on release branching

Currently all 23.05 related CI jobs are failing as the containers are
not available, so lets fix it by pushing those containers when the
version.mk changes.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8fc2a0f00f7f62ded3c849e78742c3d87d52ec91)

18 months agoci: tools: run the job on changes in include directory as well
Petr Štetiar [Tue, 23 May 2023 12:27:05 +0000 (14:27 +0200)]
ci: tools: run the job on changes in include directory as well

In order to prevent regressions like with #12617.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 71ca2a31546d5f14faac03838bf700cf22f85215)

18 months agoprereq: SetupHostCommand: fix wrong check result
Petr Štetiar [Tue, 23 May 2023 12:17:47 +0000 (14:17 +0200)]
prereq: SetupHostCommand: fix wrong check result

Tony has reported, that CI tools job is failing for him in macOS
container due to prereq check failure for GNU `install` utility.

Michael diagnosed it and from his traces it was clear, that the issue is
caused by a wrong return value in the success check case, so lets fix it
accordingly.

Fixes: f75204036ccc ("prereq-build: allow host command symlinks to update")
Reported-by: Tony Ambardar <itugrok@yahoo.com>
Diagnosed-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 7855378fcd7ed7cb0a223238a99bac0b8e46c380)

19 months agoprereq-build: remove python 2 cleanup recipe
Michael Pratt [Tue, 16 May 2023 07:22:09 +0000 (03:22 -0400)]
prereq-build: remove python 2 cleanup recipe

This reverts commit 3b68fb57c938af3948ae4c2da61501183fbef649.

After refactoring build checks to update old symlinks,
and after a long time of no python 2 support,
this is no longer needed.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit e2f9fa42044a2660f702a9b51b14cbde24a13702)

19 months agoprereq-build: allow host command symlinks to update
Michael Pratt [Sun, 22 May 2022 10:10:56 +0000 (06:10 -0400)]
prereq-build: allow host command symlinks to update

This makes the prereq stage update the symlinks
installed into staging_dir/host/bin
by rearrainging the way they are verified.

Before, seeing or installing a symlink would result in
a successful exit code, and not installing a symlink
would result is a failed exit code. However,
that is not able to account for the difference
between existing good and bad links, or whether
the link would be the same if it was reinstalled,
because the check can match the program to a different path.

Instead, let a success exit code represent
identifying an existing symlink as exactly the same
as what would be installed if it did not exist,
and let a fail exit code represent
needing to install the symlink
or not having a match to the check criteria.

The failing exit code is caught by a new second attempt
for all of the check-* targets which will then indicate
to the user that there was an update by having a success
exit code when the check is run again and the link is the same.

When there is nothing to update, the checks will run only once.

This relies on the ls command to be POSIX-conformant with long format:
"path/to/link -> target/of/link"

Also, make sure the symlink is executable, not just a file,
and the directory only needs to be created once.

Fixes: #12610
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit f75204036ccc56700df18258602cc65726dd653b)

19 months agoOpenWrt v23.05: set branch defaults
Christian Marangi [Sun, 21 May 2023 13:30:04 +0000 (15:30 +0200)]
OpenWrt v23.05: set branch defaults

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
19 months agobuild: revert 54070a1 (all kernels are >= 5.10)
Sebastian Kemper [Wed, 17 Aug 2022 20:13:56 +0000 (22:13 +0200)]
build: revert 54070a1 (all kernels are >= 5.10)

Commit 54070a1 was added to allow building proper SDKs with kernels <
5.10. Now that all targets use at least kernel 5.10 it can be reverted.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
19 months agofirmware: intel-microcode: update to 20230512
Christian Lamparter [Sun, 21 May 2023 11:11:14 +0000 (13:11 +0200)]
firmware: intel-microcode: update to 20230512

Debian changelog:

intel-microcode (3.20230512.1) unstable; urgency=medium

  * New upstream microcode datafile 20230512 (closes: #1036013)
    * Includes fixes or mitigations for an undisclosed security issue
    * New microcodes:
      sig 0x000906a4, pf_mask 0x40, 2022-10-12, rev 0x0004, size 115712
      sig 0x000b06e0, pf_mask 0x01, 2022-12-19, rev 0x0010, size 134144
    * Updated microcodes:
      sig 0x00050653, pf_mask 0x97, 2022-12-21, rev 0x1000171, size 36864
      sig 0x00050654, pf_mask 0xb7, 2022-12-21, rev 0x2006f05, size 44032
      sig 0x00050656, pf_mask 0xbf, 2022-12-21, rev 0x4003501, size 37888
      sig 0x00050657, pf_mask 0xbf, 2022-12-21, rev 0x5003501, size 37888
      sig 0x0005065b, pf_mask 0xbf, 2022-12-21, rev 0x7002601, size 29696
      sig 0x000606a6, pf_mask 0x87, 2022-12-28, rev 0xd000390, size 296960
      sig 0x000706e5, pf_mask 0x80, 2022-12-25, rev 0x00ba, size 113664
      sig 0x000806a1, pf_mask 0x10, 2023-01-13, rev 0x0033, size 34816
      sig 0x000806c1, pf_mask 0x80, 2022-12-28, rev 0x00aa, size 110592
      sig 0x000806c2, pf_mask 0xc2, 2022-12-28, rev 0x002a, size 97280
      sig 0x000806d1, pf_mask 0xc2, 2022-12-28, rev 0x0044, size 102400
      sig 0x000806e9, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806e9, pf_mask 0x10, 2023-01-02, rev 0x00f2, size 105472
      sig 0x000806ea, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806eb, pf_mask 0xd0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806ec, pf_mask 0x94, 2022-12-26, rev 0x00f6, size 105472
      sig 0x000806f8, pf_mask 0x87, 2023-03-13, rev 0x2b000461, size 564224
      sig 0x000806f7, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f6, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f5, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f4, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f8, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1, size 595968
      sig 0x000806f6, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000806f5, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000806f4, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000906a3, pf_mask 0x80, 2023-02-14, rev 0x042a, size 218112
      sig 0x000906a4, pf_mask 0x80, 2023-02-14, rev 0x042a
      sig 0x000906e9, pf_mask 0x2a, 2022-12-26, rev 0x00f2, size 108544
      sig 0x000906ea, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
      sig 0x000906eb, pf_mask 0x02, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000906ec, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
      sig 0x000906ed, pf_mask 0x22, 2023-02-05, rev 0x00f8, size 104448
      sig 0x000a0652, pf_mask 0x20, 2022-12-27, rev 0x00f6, size 96256
      sig 0x000a0653, pf_mask 0x22, 2023-01-01, rev 0x00f6, size 97280
      sig 0x000a0655, pf_mask 0x22, 2022-12-26, rev 0x00f6, size 96256
      sig 0x000a0660, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 97280
      sig 0x000a0661, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 96256
      sig 0x000a0671, pf_mask 0x02, 2022-12-25, rev 0x0058, size 103424
      sig 0x000b0671, pf_mask 0x32, 2023-02-06, rev 0x0113, size 207872
      sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992
      sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112
  * source: update symlinks to reflect id of the latest release, 20230512

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 16 May 2023 00:13:02 -0300

intel-microcode (3.20230214.1) unstable; urgency=medium

  * Non-maintainer upload.
  * New upstream microcode datafile 20230214
    - Includes Fixes for: (Closes: #1031334)
       - INTEL-SA-00700: CVE-2022-21216
       - INTEL-SA-00730: CVE-2022-33972
       - INTEL-SA-00738: CVE-2022-33196
       - INTEL-SA-00767: CVE-2022-38090
  * New Microcodes:
    sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
    sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
    sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e
    sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
    sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e
  * Updated Microcodes:
    sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864
    sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888
    sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888
    sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696
    sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960
    sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792
    sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776
    sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800
    sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664
    sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816
    sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
    sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429
    sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
    sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429
    sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480
    sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424
    sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872
    sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c

 -- Tobias Frost <tobi@debian.org>  Sun, 12 Mar 2023 18:16:50 +0100

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
19 months agokernel: disable IGD (video DRM) support
Philip Prindeville [Wed, 17 May 2023 15:38:48 +0000 (09:38 -0600)]
kernel: disable IGD (video DRM) support

IGD is only useful when accelerating a VM guest that wants to direct
render to memory in the host's framebuffer, but since OpenWrt
typically runs on headless hardware, this serves no purpose.

Also build vfio with VFIO_NOIOMMU undefined (to get all of the code
enabled), but allow it to be enabled via boot-time modparams
settings (or at run-time via sysfs writes to
"/sys/module/vfio/parameters/enable_unsafe_noiommu_mode".

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>