aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ipq40xx: add support for Netgear SRR60/SRS60 and RBR50/RBS50Davide Fioravanti2021-11-0112-5/+591
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Netgear SRS60 and SRR60 (sold together as SRK60) are two almost identical AC3000 routers. The SRR60 has one port labeled as wan while the SRS60 not. The RBR50 and RBS50 (sold together as RBK50) have a different external shape but they have an USB 2.0 port on the back. This patch has been tested only on SRS60 and RBR50, but should work on SRR60 and RBS50. Hardware -------- SoC: Qualcomm IPQ4019 (717 MHz, 4 cores 4 threads) RAM: 512MB DDR3 FLASH: 4GB EMMC ETH: - 3x 10/100/1000 Mbps Ethernet - 1x 10/100/1000 Mbps Ethernet (WAN) WIFI: - 2.4GHz: 1x IPQ4019 (2x2:2) - 5GHz: 1x IPQ4019 (2x2:2) - 5GHz: 1x QCA9984 (4x4:4) - 6 internal antennas BTN: - 1x Reset button - 1x Sync button - 1x ON/OFF button LEDS: - 8 leds controlled by TLC59208F (they can be switched on/off independendently but the color can by changed by GPIOs) - 1x Red led (Power) - 1x Green led (Power) UART: - 115200-8-N-1 Everything works correctly. Installation ------------ These routers have a dual partition system. However this firmware works only on boot partition 1 and the OEM web interface will always flash on the partition currently not booted. The following steps will use the SRS60 firmware, but you have to chose the right firmware for your router. There are 2 ways to install Openwrt the first time: 1) Using NMRPflash 1. Download nmrpflash (https://github.com/jclehner/nmrpflash) 2. Put the openwrt-ipq40xx-generic-netgear_srs60-squashfs-factory.img file in the same folder of the nmrpflash executable 3. Connect your pc to the router using the port near the power button. 4. Run "nmrpflash -i XXX -f openwrt-ipq40xx-generic-netgear_srs60-squashfs-factory.img". Replace XXX with your network interface (can be identified by running "nmrpflash -L") 5. Power on the router and wait for the flash to complete. After about a minute the router should boot directly to Openwrt. If nothing happens try to reboot the router. If you have problems flashing try to set "10.164.183.253" as your computer IP address 2) Without NMRPflash The OEM web interface will always flash on the partition currently not booted, so to flash OpenWrt for the first time you have to switch to boot partition 2 and then flash the factory image directly from the OEM web interface. To switch on partition 2 you have to enable telnet first: 1. Go to http://192.168.1.250/debug.htm and check "Enable Telnet". 2. Connect through telent ("telnet 192.168.1.250") and login using admin/password. To read the current boot_part: artmtd -r boot_part To write the new boot_part: artmtd -w boot_part 02 Then reboot the router and then check again the current booted partition Now that you are on boot partition 2 you can flash the factory Openwrt image directly from the OEM web interface. Restore OEM Firmware -------------------- 1. Download the stock firmware from official netgear support. 2. Follow the nmrpflash procedure like above, using the official Netgear firmware (for example SRS60-V2.2.1.210.img) nmrpflash -i XXX -f SRS60-V2.2.1.210.img Notes ----- 1) You can check and edit the boot partition in the Uboot shell using the UART connection. "boot_partition_show" shows the current boot partition "boot_partition_set 1" sets the current boot partition to 1 2) Router mac addresses: LAN XX:XX:XX:XX:XX:69 WAN XX:XX:XX:XX:XX:6a WIFI 2G XX:XX:XX:XX:XX:69 WIFI 5G XX:XX:XX:XX:XX:6b WIFI 5G (2nd) XX:XX:XX:XX:XX:6c LABEL XX:XX:XX:XX:XX:69 Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com> Signed-off-by: Robert Marko <robimarko@gmail.com> [added 5.10 changes for 901-arm-boot-add-dts-files.patch, moved sysupgrade mmc.sh to here and renamed it, various dtsi changes] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* base-files: add minimal mmc supportDavide Fioravanti2021-11-013-0/+35
| | | | | | | | | | | | | | | | Added minimal mmc support for helper functions: - find_mmc_part: Look for a given partition name. Returns the coresponding partition path - caldata_extract_mmc: Look for a given partition name and then extracts the calibration data - mmc_get_mac_binary: Returns the mac address from a given partition name and offset Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com> Signed-off-by: Robert Marko <robimarko@gmail.com> [replace dd with caldata_dd, moved sysupgrade mmc to orbi] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ipq40xx: enable CONFIG_CMDLINE_PARTITION and CONFIG_LEDS_TLC591XXDavide Fioravanti2021-11-012-0/+4
| | | | | | | | | | | | | | | | CONFIG_CMDLINE_PARTITION: Some devices with mmc like the Netgear Orbi Pro SRS60 or Netgear Orbi RBR50 needs to hardcode the partitions layout in the cmdline boot correctly CONFIG_LEDS_TLC591XX: This is needed for the led driver found in the Netgear Orbi Pro SRS60 Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com> Signed-off-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Shang Jia <jiash416@gmail.com> [added 5.10 config] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* realtek: backport GPIO IRQ index fixSander Vanheule2021-11-011-0/+21
| | | | | | | | Backport the patch queued upstream for 5.16. The patch differs slightly from the upstream patch due to an upstream change that added a convenience function. Signed-off-by: Sander Vanheule <sander@svanheule.net>
* kernel/modules: prevent bonding driver to create default bond0 interfaceFlorian Eckert2021-11-011-0/+1
| | | | | | | | | | | | | | | | | | | | When loading the bonding driver, bonding interface are automatically created on bonding module load. > ip a s bond0 > 14: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN > group default qlen 1000 > link/ether a6:f2:20:64:c1:b9 brd ff:ff:ff:ff:ff:ff This is not necessary in openwrt as we do not use this created interface. The netifd creates a bonding interface based on its network configuration name and configures this over the netifd bonding proto handler. In order to keep the overview of the interfaces clear, bonding interfaces should not be created automatically when loading this module, because they are not used anyway. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* elfutils: enable host buildLucian Cristian2021-11-011-0/+8
| | | | | | | | | | frr 8.0 needs host libelf dev add option for host build tested on x86, ramips, kirkwood Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com> [changed commit author's email] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ipq40xx: fix sleep clockPavel Kubelun2021-11-012-0/+58
| | | | | | | | It seems like sleep_clk was copied from ipq806x. Fix ipq40xx sleep_clk to the value QSDK defines. Signed-off-by: Pavel Kubelun <be.dissent@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [5.4+5.10]
* apm821xx: MBL: MR24: fetch IP address over dhcp by defaultChristian Lamparter2021-11-011-1/+1
| | | | | | | | This patch changes the default network configuration to fetch the IP addresses over dhcp instead of being statically assigned. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ath79: fix UBNT Aircube AC gpiosNicolò Veronese2021-11-012-4/+4
| | | | | | | | | | GPIOs on the Aircube AC are wrong: - Reset GPIO moved from 17 to 12 - PoE Pass Through GPIO for Aircube AC is 3 Fixes: 491ae3357e10 ("ath79: add support for Ubiquiti airCube AC") Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
* ath79: add support for Letv LBA-047-CHShiji Yang2021-11-013-0/+178
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifications: SOC: QCA9531 650 MHz ROM: 16 MiB Flash (Winbond W25Q128FV) RAM: 128 MiB DDR2 (Winbond W971GG6SB) LAN: 10/100M *2 WAN: 10/100M *1 LED: BGR color *1 Mac address: label C8:0E:77:xx:xx:68 art@0x0 lan C8:0E:77:xx:xx:62 art@0x6 wan C8:0E:77:xx:xx:68 art@0x0 (same as the label) wlan C8:0E:77:xx:xx:B2 art@0x1002 (load automatically) TFTP installation: * Set local IP to 192.168.67.100 and open tftpd64, link lan port to computer. Rename "xxxx-factory.bin" to "openwrt-ar71xx-generic-ap147-16M-rootfs-squashfs.bin". * Make sure firmware file is in the tftpd's directory, push reset button and plug in, hold it for 5 seconds, and then it will download firmware from tftp server automatically. More information: * This device boot from flash@0xe80000 so we need a okli loader to deal with small kernel partition issue. In order to make full use of the storage space, connect a part of the previous kernel partition to the firmware. Stock Modify 0x000000-0x040000(u-boot) 0x000000-0x040000(u-boot) 0x040000-0x050000(u-boot-env) 0x000000-0x050000(u-boot-env) 0x050000-0xe80000(rootfs) 0x050000-0xe80000(firmware part1) 0xe80000-0xff0000(kernel) 0xe80000-0xe90000(okli-loader) 0xe90000-0xff0000(firmware part2) 0xff0000-0x1000000(art) 0xff0000-0x1000000(art) Signed-off-by: Shiji Yang <yangshiji66@qq.com>
* ath79: add support for Dongwon T&I DW02-412HJihoon Han2021-10-318-3/+315
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Dongwon T&I DW02-412H is a 2.4/5GHz band 11ac (WiFi-5) router, based on Qualcomm Atheros QCA9557. Specifications -------------- - SoC: Qualcomm Atheros QCA9557-AT4A - RAM: DDR2 128MB - Flash: SPI NOR 2MB (Winbond W25Q16DVSSIG / ESMT F25L16PA(2S)) + NAND 64/128MB - WiFi: - 2.4GHz: QCA9557 WMAC - 5GHz: QCA9882-BR4A - Ethernet: 5x 10/100/1000Mbps - Switch: QCA8337N-AL3C - USB: 1x USB 2.0 - UART: - JP2: 3.3V, TX, RX, GND (3.3V is the square pad) / 115200 8N1 Installation -------------- 1. Connect a serial interface to UART header and interrupt the autostart of kernel. 2. Transfer the factory image via TFTP and write it to the NAND flash. 3. Update U-Boot environment variable. > tftpboot 0x81000000 <your image>-factory.img > nand erase 0x1000000 > nand write 0x81000000 0x1000000 ${filesize} > setenv bootpart 2 > saveenv Revert to stock firmware -------------- 1. Revert to stock U-Boot environment variable. > setenv bootpart 1 > saveenv MAC addresses as verified by OEM firmware -------------- WAN: *:XX (label) LAN: *:XX + 1 2.4G: *:XX + 3 5G: *:XX + 4 The label MAC address was found in art 0x0. Credits -------------- Credit goes to the @manatails who first developed how to port OpenWRT to this device and had a significant impact on this patch. And thanks to @adschm and @mans0n for guiding me to revise the code in many ways. Signed-off-by: Jihoon Han <rapid_renard@renard.ga> Reviewed-by: Sungbo Eo <mans0n@gorani.run> Tested-by: Sungbo Eo <mans0n@gorani.run>
* kernel: add support for ESMT F25L16PA(2S) SPI-NORJihoon Han2021-10-313-2/+23
| | | | | | | | | This fixes support for Dongwon T&I DW02-412H which uses F25L16PA(2S) flash. Signed-off-by: Jihoon Han <rapid_renard@renard.ga> Reviewed-by: Sungbo Eo <mans0n@gorani.run> [refresh patches] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* build: fix various typosJosh Soref2021-10-312-2/+2
| | | | | | | | Fix typos in comment and user-facing help text. Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> [split out config changes, adjust commit message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* scripts: fix various typosJosh Soref2021-10-319-14/+14
| | | | | | | | | This only affects typos in comments or user-facing output. Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> [only picks changes to scripts, drop "commandline" replacement, fix case for "arbitrary", improve commit message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ipq806x: ecw5410: use bootloader provided MAC-sRobert Marko2021-10-312-4/+2
| | | | | | | | | | | Currently, we are overriding the bootloader provided MAC-s as the ethernet aliases are reversed so MAC-s were fixed up in userspace. There is no need to do that as we can just fix the aliases instead and get rid of MAC setting via userspace helper. Fixes: 59f0a0f ("ipq806x: add Edgecore ECW5410 support") Signed-off-by: Robert Marko <robert.marko@sartura.hr>
* ipq806x: ecw5410: fix PCI1 radio caldataRobert Marko2021-10-311-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | ECW5410 has 2 QCA9984 cards, one per PCI controller. They are located at PCI adresses 0001:01:00.0 and 0002:01:00.0. Currently, pre-cal is not provided for 0001:01:00.0 at all,but for 0000:01:00.0 which is incorrect and causes the ath10k driver to not be able to fetch the BMI ID and use that to fetch the proper BDF but rather fail with: [ 12.029708] ath10k 5.10 driver, optimized for CT firmware, probing pci device: 0x46. [ 12.031816] ath10k_pci 0001:01:00.0: enabling device (0140 -> 0142) [ 12.037660] ath10k_pci 0001:01:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0 [ 13.173898] ath10k_pci 0001:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe [ 13.174015] ath10k_pci 0001:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0 [ 13.189304] ath10k_pci 0001:01:00.0: firmware ver 10.4b-ct-9984-fW-13-5ae337bb1 api 5 features mfp,peer-flow-ctrl,txstatus-noack,wmi-10.x-CT,ratemask-CT,regdump-CT,txrate-CT,flush-all-CT,pingpong-CT,ch-regs-CT,nop-CT,set-special-CT,tx-rc-CT,cust-stats-CT,txrate2-CT,beacon-cb-CT,wmi-block-ack-CT,wmi-bcn-rc-CT crc35 [ 15.492322] ath10k_pci 0001:01:00.0: failed to fetch board data for bus=pci,vendor=168c,device=0046,subsystem-vendor=168c,subsystem-device=cafe,variant=Edgecore-ECW541 from ath10k/QCA9984/hw1.0/board-2.bin [ 15.543883] ath10k_pci 0001:01:00.0: failed to fetch board-2.bin or board.bin from ath10k/QCA9984/hw1.0 [ 15.543920] ath10k_pci 0001:01:00.0: failed to fetch board file: -12 [ 15.552281] ath10k_pci 0001:01:00.0: could not probe fw (-12) So, provide the pre-cal for the actual PCI card and not the non-existent one. Fixes: 59f0a0f ("ipq806x: add Edgecore ECW5410 support") Signed-off-by: Robert Marko <robert.marko@sartura.hr>
* ipq806x: ecw5410: drop GPIO based MDIO1 nodeRobert Marko2021-10-311-19/+10
| | | | | | | | | | | | It looks like this is a leftover before there was a proper MDIO driver. Since both PHY-s are connected to the HW MDIO bus there is no reason for this to exist anymore, especially since it uses the same pins as the HW controller and has the pinmux for the set to "MDIO" so this worked by pure luck as GPIO MDIO would probe first and override the HW driver. Move the GMAC3 to simply use the same MDIO bus phandle. Signed-off-by: Robert Marko <robert.marko@sartura.hr>
* ath79: fix parallel image generation for Zyxel NBG6716André Valentin2021-10-311-5/+4
| | | | | | | | | This changes the image generation to use a unique directory. With parallel building it may occur that two concurrent jobs try to create an image which leds to errors. It also removes a needless subdirecory. Signed-off-by: André Valentin <avalentin@marcant.net>
* ramips: add support for HiLink HLK-7621A evaluation boardSergio Paracuellos2021-10-312-0/+119
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifications: - SoC: MediaTek MT7621AT - RAM: 256 MB (DDR3) - Flash: 32 MB SPI NOR 44MHz - Switch: 1 WAN, 4 LAN (Gigabit) - LEDs: 1 WAN, 4 LAN (controlled by PHY) - USB Ports: 1 x USB2, 1 x USB3 - WLAN: 1 x 2.4, 5 GHz 866Mbps (MT7612E) - Button: 1 button (reset) - UART Serial: UART1 as console : 57600 baud - Power: 12VDC, 1A Installation: Update openWRT firmware using internal GNUBEE uboot: https://github.com/gnubee-git/GnuBee-MT7621-uboot By HTTP: Initial uboot address is http://10.10.10.123, your address needs to be 10.10.10.x, and mask 255.255.255.0. By TFTP: Uboot is in client mode, the address of the firmware must be tftp://10.10.10.3/uboot.bin Recovery: Manufacturer provides MTK OpenWrt 14.07 source code, compile then flash it by uboot. HLK-7621A is a stamp hole package module for embedded development, users have to design IO boards to use it. MAC addresses: - u-boot-env contains a placeholder address: > mtd_get_mac_ascii u-boot-env ethaddr 03:17:73:ab:cd:ef - phy0 gets a valid-looking address: > cat /sys/class/ieee80211/phy0/macaddress f8:62:aa:**:**:a8 - Calibration data for &pcie2 contains a valid address, however the zeros in the right half look like it's not real: 8c:88:2b:00:00:1b - Since it's an evaluation board and there is no solid information about the MAC address assignment, the ethernet MAC address is left random. Signed-off-by: Chen Yijun <cyjason@bupt.edu.cn> [add keys and pcie nodes to properly support evaluation board] Signed-off-by: Sergio Paracuellos <sergio.paracuellos@gmail.com> [remove ethernet address, wrap lines properly] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ramips: add support for Xiaomi MiWifi 3CEduardo Santos2021-10-314-0/+169
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds support for Xiaomi MiWiFi 3C device. Xiaomi MiWifi 3C has almost the same system architecture as the Xiaomi Mi WiFi Nano, which is already officially supported by OpenWrt. The differences are: - Numbers of antennas (4 instead of 2). The antenna management is done via the µC. There is no configuration needed in the software code. - LAN port assignments are different. LAN1 and WAN are interchanged. OpenWrt Wiki: https://openwrt.org/toh/xiaomi/mir3c OpenWrt developers forum page: https://forum.openwrt.org/t/support-for-xiaomi-mi-3c Specifications: - CPU: MediaTek MT7628AN (575MHz) - Flash: 16MB - RAM: 64MB DDR2 - 2.4 GHz: IEEE 802.11b/g/n with Integrated LNA and PA - Antennas: 4x external single band antennas - WAN: 1x 10/100M - LAN: 2x 10/100M - LED: 1x amber/blue/red. Programmable - Button: Reset MAC addresses as verified by OEM firmware: use address source LAN *:92 factory 0x28 WAN *:92 factory 0x28 2g *:93 factory 0x4 OEM firmware uses VLAN's to create the network interface for WAN and LAN. Bootloader info: The stock bootloader uses a "Dual ROM Partition System". OS1 is a deep copy of OS2. The bootloader start OS2 by default. To force start OS1 it is needed to set "flag_try_sys2_failed=1". How to install: 1- Use OpenWRTInvasion to gain telnet, ssh and ftp access. https://github.com/acecilia/OpenWRTInvasion (IP: 192.168.31.1 - Username: root - Password: root) 2- Connect to router using telnet or ssh. 3- Backup all partitions. Use command "dd if=/dev/mtd0 of=/tmp/mtd0". Copy /tmp/mtd0 to computer using ftp. 4- Copy openwrt-ramips-mt76x8-xiaomi_miwifi-3c-squashfs-sysupgrade.bin to /tmp in router using ftp. 5- Enable UART access and change start image for OS1. ``` nvram set uart_en=1 nvram set flag_last_success=1 nvram set boot_wait=on nvram set flag_try_sys2_failed=1 nvram commit ``` 6- Installing Openwrt on OS1 and free OS2. ``` mtd erase OS1 mtd erase OS2 mtd -r write /tmp/openwrt-ramips-mt76x8-xiaomi_miwifi-3c-squashfs-sysupgrade.bin OS1 ``` Limitations: For the first install the image size needs to be less than 7733248 bits. Thanks for all community and especially for this device: minax007, earth08, S.Farid Signed-off-by: Eduardo Santos <edu.2000.kill@gmail.com> [wrap lines, remove whitespace errors, add mediatek,mtd-eeprom to &wmac, convert to nvmem] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ath79: mikrotik: enable SFP on RB921GS-5HPacD (mANTBox 15s)Roger Pueyo Centelles2021-10-314-51/+51
| | | | | | | | | | | | This patch enables the SFP cage on the MikroTik RouterBOARD 921GS-5HPacD (mANTBox 15s). The RB922UAGS-5HPacD had it already working, so the support code is moved to the common DTSI file both devices share. Tested on a RouterBOARD 921GS-5HPacD with a MikroTik S-53LC20D module. Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
* dnsmasq: improve init scriptDaniel Golle2021-10-311-1/+4
| | | | | | | | * fix restart in LuCI (inherited umask was to restrictive) * make directory of hosts-file (!= /tmp) accessible in ujail Reported-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* secilc: update to version 3.3Dominick Grift2021-10-311-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | Update VERSIONs to 3.3 for release. Update VERSIONs to 3.3-rc3 for release. Correct some typos Update VERSIONs to 3.3-rc2 for release. Update VERSIONs and Python bindings version to 3.3-rc1 for release libsepol/secilc/docs: Update the CIL documentation secilc: fix memory leaks in secilc2conf secilc: fix memory leaks in secilc libsepol/cil: Add support for using qualified names to secil2conf libsepol/cil: Add support for using qualified names to secil2tree secilc: Add support for using qualified names to secilc secilc/test: Add test for anonymous args secilc/docs: Relocate and reword macro call name resolution order secilc/docs: Document the order that inherited rules are resolved in secilc: Create the new program called secil2tree to write out CIL AST secilc/docs: Update the CIL documentation for various blocks secilc.c: Don't fail if input file is empty cil_conditional_statements.md: fix expr definition secilc/docs: Lists are now allowed in constraint expressions Signed-off-by: Daniel Golle <daniel@makrotopia.org> [re-apply now that libsepol is up-to-date as well] Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libsepol: update to version 3.3Dominick Grift2021-10-311-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update VERSIONs to 3.3 for release. libsepol/cil: Fix potential undefined shifts libsepol: Fix potential undefined shifts Update VERSIONs to 3.3-rc3 for release. libsepol/cil: Do not skip macros when resolving until later passes libsepol/cil: Limit the amount of reporting for bounds failures libsepol/cil: silence clang void-pointer-to-enum-cast warning libsepol: resolve GCC warning about null-dereference libsepol: use correct cast libsepol: ebitmap: mark nodes of const ebitmaps const Update VERSIONs to 3.3-rc2 for release. libsepol/cil: Handle operations in a class mapping when verifying libsepol/cil: Do not use original type and typeattribute datums libsepol: free memory after policy validation libsepol: avoid implicit conversions libsepol: fix typo libsepol/cil: Free duplicate datums in original calling function libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) Update VERSIONs and Python bindings version to 3.3-rc1 for release libsepol/cil: Limit the number of active line marks libsepol/cil: Add function to get number of items in a stack libsepol: Fix detected RESOURCE_LEAKs libsepol/cil: Fix syntax checking in __cil_verify_syntax() libsepol/cil: Use size_t for len in __cil_verify_syntax() libsepol/cil: Remove redundant syntax checking libsepol/cil: Improve in-statement to allow use after inheritance libsepol/cil: Simplify cil_tree_children_destroy() libsepol/cil: Refactor the function __cil_build_ast_node_helper() libsepol/cil: Don't destroy optionals whose parent will be destroyed libsepol/cil: Properly check for parameter when inserting name libsepol/cil: Reset expandtypeattribute rules when resetting AST libsepol/cil: Properly check parse tree when printing error messages libsepol/cil: Allow some duplicate macro and block declarations libsepol/cil: When writing AST use line marks for src_info nodes libsepol/cil: Report correct high-level language line numbers libsepol/cil: Add line mark kind and line number to src info libsepol/cil: Create common string-to-unsigned-integer functions libsepol/cil: Push line mark state first when processing a line mark libsepol/cil: Check for valid line mark type immediately libsepol/cil: Check the token type after getting the next token libsepol/cil: Check syntax of src_info statement libsepol/cil: move the fuzz target and build script to the selinux repository libsepol: replace strerror by %m libsepol/cil: remove obsolete comment libsepol/cil: do not allow \0 in quoted strings libsepol/cil: Fix handling category sets in an expression libsepol: assure string NUL-termination of ibdev_name libsepol: avoid implicit conversions libsepol: ignore UBSAN false-positives libsepol: avoid unsigned integer overflow libsepol/cil: Improve checking for bad inheritance patterns libsepol: silence -Wextra-semi-stmt warning libsepol/cil: do not override previous results of __cil_verify_classperms libsepol/cil: Provide option to allow qualified names in declarations libsepol/cil: make array cil_sym_sizes const libsepol/cil: Only reset AST if optional has a declaration libsepol/cil: Add function to determine if a subtree has a declaration libsepol/cil: Improve degenerate inheritance check libsepol/cil: Reduce the initial symtab sizes for blocks libsepol/cil: Check for empty list when marking neverallow attributes libsepol/cil: Fix syntax checking of defaultrange rule libsepol/cil: Properly check for loops in sets libsepol/cil: Allow duplicate optional blocks in most cases libsepol: declare read-only arrays const libsepol: declare file local variable static libsepol: drop unnecessary casts libsepol: drop repeated semicolons libsepol/cil: avoid using maybe uninitialized variables libsepol/cil: drop unnecessary casts libsepol/cil: drop dead store libsepol/cil: drop extra semicolon libsepol/cil: silence cast warning libsepol: remove dead stores libsepol: do not allocate memory of size 0 libsepol: mark read-only parameters of type_set_ interfaces const libsepol: mark read-only parameters of ebitmap interfaces const libsepol: remove dead stores libsepol/cil: follow declaration-after-statement libsepol: follow declaration-after-statement libsepol: avoid unsigned integer overflow libsepol: remove unused functions libsepol: resolve missing prototypes libsepol: fix typos libsepol: Quote paths when generating policy.conf from binary policy libsepol/cil: Account for anonymous category sets in an expression libsepol/cil: Fix anonymous IP address call arguments libsepol: quote paths in CIL conversion libsepol/cil: Resolve anonymous levels only once libsepol/cil: Pointers to datums should be set to NULL when resetting libsepol/cil: Resolve anonymous class permission sets only once libsepol/cil: Limit the number of open parenthesis allowed libsepol/cil: Destroy the permission nodes when exiting with an error libsepol/cil: Handle disabled optional blocks in earlier passes libsepol/cil: Do not resolve arguments to declarations in the call libsepo/cil: Refactor macro call resolution libsepol/cil: Do not add NULL node when inserting key into symtab libsepol/cil: Make name resolution in macros work as documented libsepol/cil: Fix name resolution involving inherited blocks libsepol/cil: Check for self-referential loops in sets libsepol/cil: Return an error if a call argument fails to resolve libsepol/cil: Check datum in ordered list for expected flavor libsepol/cil: Detect degenerate inheritance and exit with an error libsepol/cil: Fix instances where an error returns SEPOL_OK libsepol/cil: Properly reset an anonymous classperm set libsepol: use checked arithmetic builtin to perform safe addition libsepol/cil: Add functions to make use of cil_write_ast() libsepol/cil: Create functions to write the CIL AST libsepol/cil: Use CIL_ERR for error messages in cil_compile() libsepol/cil: Make invalid statement error messages consistent libsepol/cil: Do not allow tunable declarations in in-statements libsepol/cil: Sync checks for invalid rules in macros libsepol/cil: Check for statements not allowed in optional blocks libsepol/cil: Sync checks for invalid rules in booleanifs libsepol/cil: Reorder checks for invalid rules when resolving AST libsepol/cil: Use AST to track blocks and optionals when resolving libsepol/cil: Create new first child helper function for building AST libsepol/cil: Cleanup build AST helper functions libsepol/cil: Reorder checks for invalid rules when building AST libsepol/cil: Move check for the shadowing of macro parameters libsepol/cil: Create function cil_add_decl_to_symtab() and refactor libsepol/cil: Refactor helper function for cil_gen_node() libsepol/cil: Allow permission expressions when using map classes libsepol/cil: Exit with an error if declaration name is a reserved word libsepol/cil: More strict verification of constraint leaf expressions libsepol/cil: Set class field to NULL when resetting struct cil_classperms libsepol/cil: cil_reset_classperms_set() should not reset classpermission libsepol/cil: Destroy classperm list when resetting map perms libsepol/cil: Destroy classperms list when resetting classpermission libsepol/cil: Fix out-of-bound read of file context pattern ending with "\" libsepol/cil: Check for duplicate blocks, optionals, and macros libsepol: Write "NO_IDENTIFIER" for empty CIL constraint expression libsepol: Enclose identifier lists in CIL constraint expressions libsepol/cil: Allow lists in constraint expressions libsepol: Enclose identifier lists in constraint expressions libsepol: Write "NO_IDENTIFIER" for empty constraint expression libsepol: make num_* unsigned int in module_to_cil libsepol/cil: do not leak avrulex_ioctl_table memory when an error occurs libsepol/cil: fix NULL pointer dereference in __cil_insert_name libsepol/cil: replace printf with proper cil_tree_log libsepol/cil: remove stray printf libsepol/cil: make cil_post_fc_fill_data static libsepol: Check kernel to CIL and Conf functions for supported versions libsepol: Remove unnecessary copying of declarations from link.c libsepol: Properly handle types associated to role attributes libsepol: Expand role attributes in constraint expressions Signed-off-by: Daniel Golle <daniel@makrotopia.org> [re-apply now that buildbot phase1 has caught up] Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* ramips: fix LAVA LR-25G001 broken wifi led triggersJani Partanen2021-10-302-4/+2
| | | | | | | | | | | | | | | LED labels for this device are different in 01_leds file and in device DTS. Switch to DT triggers, which works on Telewell TW-4 (LTE) clone device. This has not been tested on the LR-25G001 itself, just on the clone mentioned above. Fixes: 20b09a2125f5 ("ramips: add support for Lava LR-25G001") Signed-off-by: Jani Partanen <rtfm@iki.fi> [rephrase commit title/message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ipq806x: consolidate 11-ath10k-caldataAdrian Schmutzler2021-10-301-26/+12
| | | | | | | After the ath10k_patch_mac lines have been removed, a lot of blocks can be consolidated. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ipq806x: remove transition workarounds for qcom-smem partitionsAdrian Schmutzler2021-10-304-56/+10
| | | | | | | | | | | | | | | | | | The out-of-tree qcom-smem patches traditionally displayed mtd partition names in upper case, starting with the new mainline qcom-smem support in kernel v5.10, it switched to normalizing the partition names to lower case. While both 5.4 and 5.10 were supported in the target, we carried a workaround to support both of them. Since the target has dropped 5.4 recently, those can be removed now. Ref: 2db9dded0a1a ("ipq806x: nbg6817: case-insensitive qcom-smem partitions") 435dc2e77e3b ("ipq806x: ecw5410: case-insensitive qcom-smem partitions") f70e11cd974e ("ipq806x: g10: case-insensitive qcom-smem partitions") Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ipq806x: provide WiFI mac-addresses from dtsAnsuel Smith2021-10-308-12/+216
| | | | | | | | | | Use nvmem framework for supported mac-address stored in nvmem cells and drop mac patch function for hotplug script for supported devices. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> [rebase, move to correct node for d7800, include xr500] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ramips: add support for TP-Link RE305 v3Michal Kozuch2021-10-305-81/+183
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specs (same as in v1): - MT7628AN (575 MHz) - 64MB RAM - 8MB of flash (SPI NOR) - 1x 10/100Mbps Ethernet (MT7628AN built-in switch with vlan) - 1x 2.4GHz wifi (MT7628AN) - 1x 5Ghz wifi (MT7612E) - 4x LEDs (5 GPIO-controlled) - 1x reset button - 1x WPS button The only and important difference between v1 & v3 is in flash memory layout, so pls don't interchange these 2 builds! Installation through web-ui (on OEM factory firmware): 1. Visit http://tplinkrepeater.net or the configured IP address of your RE305 v3 (default 192.168.0.254). 2. Log in with the password you've set during initial setup of the RE305 (there is no default password). 3. Go to Settings -> System Tools -> Firmware upgrade 4. Click Browse and select the OpenWRT image with factory.bin suffix (not sysupgrade.bin) 5. A window with a progress bar will appear. Wait until it completes. 6. The RE305 will reboot into OpenWRT and serve DHCP requests on the ethernet port. 7. Connect an RJ45 cable from the RE305 to your computer and access LuCI at http://192.168.1.1/ to configure (or use ssh). Disassembly: Just unscrew 4 screws in the corners & take off the back cover. Serial is exposed to the right side of the main board (in the middle) and marked with TX/RX/3V3/GND, but the holes are filled with solder. Installation through serial: 1. connect trough serial (1n8, baudrate=57600) 2. setup the TFTP server and connect it via ethernet (ipaddr=192.168.0.254 of device, serverip=192.168.0.184 - your pc) 3. boot from a initramfs image first (choose 1 in the bootloader options) 4. test it a bit with that, then proceed to run sysupgrade build MAC addresses as verified by OEM firmware: use OpenWrt address reference LAN eth0 *:d2 label 2g wlan0 *:d1 label - 1 5g wlan1 *:d0 label - 2 The label MAC address can be found in config 0x2008. Signed-off-by: Michal Kozuch <servitkar@gmail.com> [redistribute WLAN node properties between DTS/DTSI, remove compatible on DTSI, fix indent/wrapping, split out firmware-utils change] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* firmware-utils: bump to latest git HEADAdrian Schmutzler2021-10-301-4/+4
| | | | | | | 7073760 ramips: add support for TP-Link RE305 v3 86739f2 Add more missing include for byte swap operations Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* build: move elecom-wrc-gs-factory to image-commands.mkINAGAKI Hiroshi2021-10-302-13/+13
| | | | | | | | ELECOM WRC-X3200GST3 uses the same header/footer as WRC-GS/GST devices in ramips/mt7621 subtarget, so move "Build/elecom-wrc-gs-factory" to image-commands.mk to use from mediatek/mt7622 subtarget. Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
* sunxi: Nanopi R1S H5: enable LAN LED configurationChukun Pan2021-10-302-0/+60
| | | | | | This enables the LEDs on the LAN interfaces. Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
* sunxi: add support for FriendlyARM NanoPi R1S H5Chukun Pan2021-10-309-19/+587
| | | | | | | | | | | | | | | | | | | | | | | | | | | Specification: CPU: Allwinner H5, Quad-core Cortex-A53 DDR3 RAM: 512MB Network: 10/100/1000M Ethernet x 2 USB Host: Type-A x 1 MicroSD Slot x 1 MicroUSB: for power input Debug Serial Port: 3Pin pin-header LED: WAN, LAN, SYS KEY: Reset Power Supply: DC 5V/2A Installation: Write the image to SD Card with dd. Note: 1. OpenWrt currently does not support LED_FUNCTION, change back to the previous practice (Consistent with NanoPi R1). 2. Since the upstream commit https://github.com/torvalds/linux/bbc4d71 ("net: phy: realtek: fix rtl8211e rx/tx delay config"), we need to change the phy-mode from rgmii to rgmii-id. So set phy-mode for 5.4 and 5.10 respectively. Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
* uboot-sunxi: add support for FriendlyARM NanoPi R1S H5Chukun Pan2021-10-302-0/+281
| | | | | | | Merged in https://github.com/u-boot/u-boot/commit/e7510d2, adjust back to the current 2020.04 version. Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
* rockchip: move r8152 related patches to genericChukun Pan2021-10-304-0/+0
| | | | | | | These patches can be used on other platforms, so move it to generic. Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
* tools/meson: update to 0.60.0Rosen Penev2021-10-304-2/+6
| | | | | | Add cmake support to meson. Otherwise only pkgconfig can be used. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* kernel: bump 5.10 to 5.10.76Rui Salvaterra2021-10-3026-135/+45
| | | | | | | | | | | | | | | | Deleted (upstreamed): bcm27xx/patches-5.10/950-0145-xhci-add-quirk-for-host-controllers-that-don-t-updat.patch [1] Manually rebased: bcm27xx/patches-5.10/950-0355-xhci-quirks-add-link-TRB-quirk-for-VL805.patch bcm53xx/patches-5.10/180-usb-xhci-add-support-for-performing-fake-doorbell.patch Note: although automatically rebaseable, the last patch has been edited to avoid conflicting bit definitions. [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=b6f32897af190d4716412e156ee0abcc16e4f1e5 Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* ath10k: backport fix for module load regression with iram-recoveryZhijun You2021-10-304-5/+126
| | | | | | | | Backport upstream fix for module load regression caused by IRAM recovery. Without this patch devices using mainline ath10k driver could lost wireless function because ath10k module failed to load. Signed-off-by: Zhijun You <hujy652@gmail.com>
* 6in4: remove 6in4 tunnel delete workaround (FS#3690)Hans Dedecker2021-10-302-3/+1
| | | | | | | | Remove 6in4 tunnel delete workaround as the real issue is now solved in netifd (https://git.openwrt.org/?p=project/netifd.git;a=commit;h=8f82742ca4f47f459284f3a07323d04da72ea5f6) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* 6rd : remove 6rd tunnel delete workaroundHans Dedecker2021-10-302-3/+1
| | | | | | | | Remove 6rd tunnel delete workaround in as the real issue is now solved in netifd (https://git.openwrt.org/?p=project/netifd.git;a=commit;h=8f82742ca4f47f459284f3a07323d04da72ea5f6) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: fix deletion of ip tunnels (FS#4058)Hans Dedecker2021-10-301-3/+3
| | | | | | 8f82742 system-linux: fix deletion of ip tunnels (FS#4058) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipq40xx: detangle ath10k-board-qca4019 from ath10k-firmware-qca4019*Christian Lamparter2021-10-303-5/+2
| | | | | | | | | | | | | | | | | | | | | | Back in the day, the board-2.bin came with ath10k-firmware-qca4019. This changed with commit c3b2efaf24b5 ("linux-firmware: ath10k: add board firmware packages") which placed the board-2.bin into a separate package: ath10k-board-qca4019. This was great, because it addressed one of the caveat of the original ipq-wifi package: commit fa03d441e96e ("firmware: add custom IPQ wifi board definitions") | 2. updating ath10k-firmware-qca4019 will also replace | the board-2.bin. For this cases the user needs to | manually reinstall the wifi-board package once the | ath10k-firmware-qca4019 is updated. This could be extended further so that ipq-wifi packages no longer use "install-override" and the various QCA4019 variants list the ath10k-board-qca4019 as a CONFLICT package. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ath9k: OF: qca,disable-(2|5)ghz => ieee80211-freq-limitChristian Lamparter2021-10-309-30/+38
| | | | | | | | | | | | | | | | | | OpenWrt maintains two special out-of-tree DT properties: "qca,disable-5ghz" and "qca,disable-2ghz". These are implemented in a mac80211 ath9k patch "550-ath9k-disable-bands-via-dt.patch". With the things being what they are, now might be a good point to switch the devices to the generic and upstream "ieee80211-freq-limit" property. This property is much broader and works differently. Instead of disabling the drivers logic which would add the affected band and channels. It now disables all channels which are not within the specified frequency range. Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> # HH5A Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* dropbear: add config options for agent-forwarding supportSven Roederer2021-10-302-1/+13
| | | | | | | | | | * SSH agent forwarding might cause security issues, locally and on the jump machine (https://defn.io/2019/04/12/ssh-forwarding/). So allow to completely disabling it. * separate options for client and server * keep it enabled by default Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* scripts: eva_ramboot.py: remove unused importJan-Niklas Burfeind2021-10-301-1/+0
| | | | | | | concludes: commit e7bc8984d9ca ("scripts: make eva_ramboot.py offset configurable") Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
* realtek: re-enable IPv6 routingBjørn Mork2021-10-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Commit 03e1d93e0779 ("realtek: add driver support for routing offload") added routing offload for IPv4, but broke IPv6 routing completely. The routing table is empty and cannot be updated: root@gs1900-10hp:~# ip -6 route root@gs1900-10hp:~# ip -6 route add unreachable default RTNETLINK answers: Invalid argument As a side effect, this breaks opkg on IPv4 only systems too, since uclient-fetch fails when there are no IPv6 routes: root@gs1900-10hp:~# uclient-fetch http://192.168.99.1 Downloading 'http://192.168.99.1' Failed to send request: Operation not permitted Fix by returning NOTIFY_DONE when offloading is unsupported, falling back to default behaviour. Fixes: 03e1d93e0779 ("realtek: add driver support for routing offload") Signed-off-by: Bjørn Mork <bjorn@mork.no>
* realtek: fix ZyXEL initramfs image generationBjørn Mork2021-10-301-2/+2
| | | | | | | | | | | | | | | | The current rule produces empty trailers, causing the OEM firmware update application to reject our images. The double expansion of a makefile variable does not work inside shell code. The second round is interpreted as a shell expansion, attempting to run the command ZYXEL_VERS instead of expanding the $(ZYXEL_VERS) makefile variable. Fix by removing one level of variable indirection. Fixes: c6c8d597e183 ("realtek: Add generic zyxel_gs1900 image definition") Tested-by: Sander Vanheule <sander@svanheule.net> Signed-off-by: Bjørn Mork <bjorn@mork.no>
* bcm53xx: MR32: replace i2c-gpio with SoC's i2cChristian Lamparter2021-10-303-1/+118
| | | | | | | | | During review of the MR32, Florian Fainelli pointed out that the SoC has a real I2C-controller. Furthermore, the connected pins (SDA and SCL) would line up perfectly for use. This patch swaps out the the bitbanged i2c-gpio with the real deal. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* sunxi: deselect CONFIG_VIDEO_SUN6I_CSI by defaultDaniel Golle2021-10-291-0/+1
| | | | | | | | Deselect CONFIG_VIDEO_SUN6I_CSI Kconfig symbol for now. If anyone wants to use CSI (camera interface) they should package the kernel module. After this change, sunxi targets build again. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* sunxi: add CONFIG_ARM_CRYPTO Kconfig symbolDaniel Golle2021-10-291-0/+1
| | | | | | | And another missing symbol... Reported-by: Chen Minqiang <ptpt52@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>