aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* OpenWrt v22.03.0-rc6: adjust config defaultsv22.03.0-rc6Hauke Mehrtens2022-08-015-9/+11
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.15.58-1Hauke Mehrtens2022-07-3128-206/+70
| | | | | | | | | This updates mac80211 to version 5.15.58-1 which is based on kernel 5.15.58. The removed patches were applied upstream. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 3aa18f71f9c8a5447bdd2deda4e681175338164f)
* wolfssl: fix math library buildJohn Audia2022-07-311-0/+23
| | | | | | | | | | | | | | Apply upstream patch[1] to fix breakage around math libraries. This can likely be removed when 5.5.0-stable is tagged and released. Build system: x86_64 Build-tested: bcm2711/RPi4B Run-tested: bcm2711/RPi4B 1. https://github.com/wolfSSL/wolfssl/pull/5390 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit c2aa816f28e0fe2f6f77d0c6da4eba19ea8db4ea)
* odhcp6c: update to latest git HEADDávid Benko2022-07-311-3/+3
| | | | | | | 9212bfc odhcp6c: fix IA discard when T1 > 0 and T2 = 0 Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev> (cherry picked from commit f9209086264a5c5c55f1eb3cbd2399cf47e29f22)
* firewall3: update file hashMichael Pratt2022-07-311-1/+1
| | | | | | | | | the hash and timestamp of the remote copy of the archive has changed since last bump meaning the remote archive copy was recreated Signed-off-by: Michael Pratt <mcpratt@pm.me> (cherry picked from commit ba7da7368086d0721da7cd4d627209dffda5c1d6)
* uboot-at91: fix build on buildbotsClaudiu Beznea2022-07-311-1/+2
| | | | | | | | | | | | | | | | Buidbots are throwing the following compile error: In file included from tools/aisimage.c:9: include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory ^~~~~~~~~~~~~~~ compilation terminated. Fix it by passing `UBOOT_MAKE_FLAGS` variable to make. Suggested-by: Petr Štetiar <ynezz@true.cz> Fixes: 6d5611af2813 ("uboot-at91: update to linux4sam-2022.04") Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com> (cherry picked from commit 95a24b54792ccf072c029edad495deb529383478)
* uboot-at91: update to linux4sam-2022.04Claudiu Beznea2022-07-312-16/+6
| | | | | | | | | | Update uboot-at91 to linux4sam-2022.04. As linux4sam-2022.04 is based on U-Boot v2022.01 which contains commit 93b196532254 ("Makefile: Only build dtc if needed") removed also the DTC variable passed to MAKE to force the compilation of DTC. Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com> (cherry picked from commit 6d5611af2813e5f06fbf9b400ef0fe642f16c566)
* at91bootstrap: update at91bootstrap v4 targets to v4.0.3Claudiu Beznea2022-07-311-3/+3
| | | | | | | Update AT91Bootstrap v4 capable targets to v4.0.3. Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com> (cherry picked from commit 859f5f9aec23c96ec3151175c349ffdbe6b108ef)
* wolfssl: make shared againJo-Philipp Wich2022-07-302-2/+0
| | | | | | | | | | | | | | | Disable the usage of target specific CPU crypto instructions by default to allow the package being shared again. Since WolfSSL does not offer a stable ABI or a long term support version suitable for OpenWrt release timeframes, we're forced to frequently update it which is greatly complicated by the package being nonshared. People who want or need CPU crypto instruction support can enable it in menuconfig while building custom images for the few platforms that support them. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 0063e3421de4575e088bb428e758751931bbe6fd)
* kernel: bump 5.10 to 5.10.134John Audia2022-07-3012-16/+16
| | | | | | | All patches automatically rebased. Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 7be62b1187bb7e21bcdaadfc3d47713a91f05898)
* x86: update defconfig for 5.10.133John Audia2022-07-301-1/+7
| | | | | | | | | Add some new/missing symbols relating to speculative execution mitigations[1]. 1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/arch/x86/Kconfig?id=v5.10.133&id2=v5.10.132 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 56760c0b1316a0e379ff141b895c2929f0dace8d)
* kernel: bump 5.10 to 5.10.133John Audia2022-07-305-6/+6
| | | | | | | | | | All patches automatically rebased. Build system: x86_64 Build-tested: ipq806x/R7800 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 913f160ac6c4dcf69ec0eb805c8a1cee809ace45)
* kernel: bump 5.10 to 5.10.132John Audia2022-07-3011-81/+20
| | | | | | | | | | All patches automatically rebased. The following patch was replaced by a similar version upstream: bcm27xx/patches-5.10/950-0036-tty-amba-pl011-Add-un-throttle-support.patch Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 7d3c0928de191b203dd5b27ddf208698d08639e3)
* octeon: add SUPPORTED_DEVICES to er/erlitePaul Spooren2022-07-291-0/+2
| | | | | | | | | | | | | | | | | Using the BOARD_NAME variable results for both er and erlite devices to identify themselfs as `er` and `erlite` (via `ubus call system board`). This is problematic when devices search for firmware upgrades since the OpenWrt profile is actually called `ubnt_edgerouter` and `ubnt_edgerouter-lite`. By adding the `SUPPORTED_DEVICE` a mapping is created to point devices called `er` or `erlite` to the corresponding profile. FIXES: https://github.com/openwrt/asu/issues/348 Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit 2a07270180ed0e295d854d6e9e59c78c40549efc)
* uboot-bcm4908: include SoC in output filesRafał Miłecki2022-07-283-6/+8
| | | | | | | | | This fixes problem of overwriting BCM4908 U-Boot and DTB files by BCM4912 ones. That bug didn't allow booting BCM4908 devices. Fixes: f4c2dab544ec2 ("uboot-bcm4908: add BCM4912 build") Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit a8e1e30543239e85ff5dc220368164b66cf73fba)
* bcm4908: build bootfs image per-SoCRafał Miłecki2022-07-284-59/+92
| | | | | | | | | | | | | | | | | In theory we could have just 1 bootfs image for all devices as each device has its own entry in the "configurations" node. It doesn't work well with default configuration though. If something goes wrong U-Boot SPL can be interrupted (by pressing A) to enter its minimalistic menu. It allows ignoring boardid. In such case bootfs default configuration is used. For above reason each SoC family (BCM4908, BCM4912) should have its own bootfs built. It allows each of them to have working default configuration. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 6ae2f7ff4737ec8dbec026fc6c02f7d1850b521c)
* lantiq: fix network port GPIO settings for Fritzbox 3390Daniel Kestrel2022-07-231-2/+2
| | | | | | | | There are forum reports that 2 LAN ports are not working, the GPIO settings are adjusted to fix the problem. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de> (cherry picked from commit 0f301b0b1d7ca4b5fe290a72f0434525405f5a26)
* ipq806x: Archer VR2600: fix switch ports numberingChristian Lamparter2022-07-231-3/+3
| | | | | | | | | The order of LAN ports shown in Luci is reversed compared to what is written on the case of the device. Fix the order so that they match. Fixes: #10275 Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 69ea671320c936e72f554348475eeebcab383b42)
* layerscape: update PKG_HASH / PKG_MIRROR_HASHChristian Lamparter2022-07-239-9/+9
| | | | | | | | | | | The change of the PKG_VERSION caused the hash of the package to change. This is because the PKG_VERSION is present in the internal directory structure of the archive. Fixes: 038d5bdab117 ("layerscape: use semantic versions for LSDK") Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit e879cccaa21563a7cdf47797b18fb86723720158) (cherry picked from commit d4391ef073825f5817cdbcc3fc215311f1bbb461)
* sdk: add spidev-test to the bundle of userspace sourcesChristian Lamparter2022-07-222-4/+16
| | | | | | | | | | | | | | moves and extends the current facilities, which have been added some time ago for the the usbip utility, to support more utilites that are shipped with the Linux kernel tree to the SDK. this allows to drop all the hand-waving and code for failed previous attempts to mitigate the SDK build failures. Fixes: bdaaf66e28bd ("utils/spidev_test: build package directly from Linux") Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit b479db9062b721776be44b976961a1031c1344ea)
* realtek: correct egress frame port verificationSander Vanheule2022-07-212-39/+36
| | | | | | | | | | | | | | | | | | | | | Destination switch ports for outgoing frame can range from 0 to CPU_PORT-1. Refactor the code to only generate egress frame CPU headers when a valid destination port number is available, and make the code a bit more consistent between different switch generations. Change the dest_port argument's type to 'unsigned int', since only positive values are valid. This fixes the issue where egress frames on switch port 0 did not receive a VLAN tag, because they are sent out without a CPU header. Also fixes a potential issue with invalid (negative) egress port numbers on RTL93xx switches. Reported-by: Arınç ÜNAL <arinc.unal@xeront.com> Suggested-by: Birger Koblitz <mail@birger-koblitz.de> Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> Signed-off-by: Sander Vanheule <sander@svanheule.net> (cherry picked from commit 1773264a0c6da099af7f36046f95f0126d6de1eb)
* realtek: correct egress frame priority assignmentSander Vanheule2022-07-211-12/+14
| | | | | | | | | | | | | | | | | | | | | | | | | Priority values passed to the egress (TX) frame header initialiser are invalid when smaller than 0, and should not be assigned to the frame. Queue assignment is then left to the switch core logic. Current code for RTL83xx forces the passed priority value to be positive, by always masking it to the lower bits, resulting in the priority always being set and enabled. RTL93xx code doesn't even check the value and unconditionally assigns the (32 bit) value to the (5 bit) QID field without masking. Fix priority assignment by only setting the AS_QID/AS_PRI flag when a valid value is passed, and properly mask the value to not overflow the QID/PRI field. For RTL839x, also assign the priority to the right part of the frame header. Counting from the leftmost bit, AS_PRI and PRI are in bits 36 and 37-39. The means they should be assigned to the third 16 bit value, containing bits 32-47. Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> Signed-off-by: Sander Vanheule <sander@svanheule.net> (cherry picked from commit 0b35a08a057848d909156604c4391a5d9f1d97e5)
* realtek: fix egress L2 learning on rtl839xSander Vanheule2022-07-211-1/+1
| | | | | | | | | | | | | The flag to enable L2 address learning on egress frames is in CPU header bit 40, with bit 0 being the leftmost bit of the header. This corresponds to BIT(7) in the third 16-bit value of the header. Correctly set L2LEARNING by fixing the off-by-one error. Fixes: 9eab76c84e31 ("realtek: Improve TX CPU-Tag usage") Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> Signed-off-by: Sander Vanheule <sander@svanheule.net> (cherry picked from commit d6165ea75baea4f9039f3a378d55219c74b932a7)
* realtek: fix egress port mask on rtl839xSander Vanheule2022-07-211-1/+1
| | | | | | | | | | | | | The flag to enable the outgoing port mask is in CPU header bit 43, with bit 0 being the leftmost bit of the header. This corresponds to BIT(4) in the third 16-bit value of the header. Correctly set AS_DPM by fixing the off-by-one error. Fixes: 9eab76c84e31 ("realtek: Improve TX CPU-Tag usage") Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> Signed-off-by: Sander Vanheule <sander@svanheule.net> (cherry picked from commit d9516cacb087fed7716b34b1e02ce956bb6c27f1)
* ramips: add support for Netgear WAX202Wenli Looi2022-07-216-0/+318
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Netgear WAX202 is an 802.11ax (Wi-Fi 6) router. Specifications: * SoC: MT7621A * RAM: 512 MiB NT5CC256M16ER-EK * Flash: NAND 128 MiB F59L1G81MB-25T * Wi-Fi: * MT7915D: 2.4/5 GHz (DBDC) * Ethernet: 4x 1GbE * Switch: SoC built-in * USB: None * UART: 115200 baud (labeled on board) Load addresses (same as ipTIME AX2004M): * stock * 0x80010000: FIT image * 0x81001000: kernel image -> entry * OpenWrt * 0x80010000: FIT image * 0x82000000: uncompressed kernel+relocate image * 0x80001000: relocated kernel image -> entry Installation: * Flash the factory image through the stock web interface, or TFTP to the bootloader. NMRP can be used to TFTP without opening the case. * Note that the bootloader accepts both encrypted and unencrypted images, while the stock web interface only accepts encrypted ones. Revert to stock firmware: * Flash the stock firmware to the bootloader using TFTP/NMRP. References in WAX202 GPL source: https://www.downloads.netgear.com/files/GPL/WAX202_V1.0.5.1_Source.rar * openwrt/target/linux/ramips/dts/mt7621-ax-nand-wax202.dts DTS file for this device. Signed-off-by: Wenli Looi <wlooi@ucalgary.ca> (cherry picked from commit 0f068e7c4a83bcbf20c4e52a5f8a3f1fe2af2246)
* image: add support for Netgear encrypted imageWenli Looi2022-07-212-0/+90
| | | | | | | | | | | | | | | | | | | | | | | | | Netgear encrypted image is used in various devices including WAX202, WAX206, and EX6400v3. This image format also requires a dummy squashfs4 image which is added here as well. References in WAX202 GPL source: https://www.downloads.netgear.com/files/GPL/WAX202_V1.0.5.1_Source.rar * openwrt/bootloader/u-boot-mt7621-2018.09-gitb178829-20200526/board/ralink/common/dual_image.c Bootloader code that verifies the presence of a squashfs4 image, thus a dummy image is added here. * openwrt/tools/imgencoder/src/gj_enc.c Contains code that generates the encrypted image. There is support for adding an RSA signature, but it does not look like the signature is verified by the stock firmware or bootloader. * openwrt/tools/imgencoder/src/imagekey.h Contains the encryption key and IV. It appears the same key/IV is used for other Netgear devices including WAX206 and EX6400v3. Signed-off-by: Wenli Looi <wlooi@ucalgary.ca> (cherry picked from commit efca76ffce5cf464e82d8269d79877f442209a0a)
* wolfssl: Do not activate HW acceleration on armvirt by defaultHauke Mehrtens2022-07-201-1/+1
| | | | | | | | | | | | | | The armvirt target is also used to run OpenWrt in lxc on other targets like a Raspberry Pi. If we set WOLFSSL_HAS_CPU_CRYPTO by default the wolfssl binray is only working when the CPU supports the hardware crypto extension. Some targets like the Raspberry Pi do not support the ARM CPU crypto extension, compile wolfssl without it by default. It is still possible to activate it in custom builds. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit d1b5d17d03c844ad578bb53b90ea17377bdc5eee)
* libpcap: fix PKG_CONFIG_DEPENDS for rpcapdJianhui Zhao2022-07-201-0/+2
| | | | | | | | This fix allows trigger a rerun of Build/Configure when rpcapd was selected. Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com> (cherry picked from commit 6902af4f3075154b5d1de207452a8a5668f95203)
* wolfssl: WOLFSSL_HAS_WPAS requires WOLFSSL_HAS_DHPascal Ernster2022-07-201-0/+1
| | | | | | | | | | Without this, WOLFSSL_HAS_DH can be disabled even if WOLFSSL_HAS_WPAS is enabled, resulting in an "Anonymous suite requires DH" error when trying to compile wolfssl. Signed-off-by: Pascal Ernster <git@hardfalcon.net> Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 21825af2dad0070affc2444ff56dc84a976945a2)
* kernel: Refresh kernel patchesHauke Mehrtens2022-07-194-11/+11
| | | | | | No manual changes needed. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 5.10 to 5.10.131John Audia2022-07-191-2/+2
| | | | | | All patches automatically rebased. Signed-off-by: John Audia <therealgraysky@proton.me>
* kernel: bump 5.10 to 5.10.130John Audia2022-07-194-8/+8
| | | | | | | | | All patches automatically rebased. Build system: x86_64 Build-tested: ipq806x/R7800 Signed-off-by: John Audia <therealgraysky@proton.me>
* kernel: bump 5.10 to 5.10.129John Audia2022-07-199-22/+22
| | | | | | | | | All patches automatically rebased. Build system: x86_64 Build-tested: ipq806x/R7800 Signed-off-by: John Audia <therealgraysky@proton.me>
* kernel: bump 5.10 to 5.10.128John Audia2022-07-191-2/+2
| | | | | | No patches needed to be rebased, just updated checksums Signed-off-by: John Audia <therealgraysky@proton.me>
* firewall3: bump to latest git HEADRui Salvaterra2022-07-191-3/+3
| | | | | | | | | 4cd7d4f Revert "firewall3: support table load on access on Linux 5.15+" 50979cc firewall3: remove unnecessary fw3_has_table Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> (cherry-picked from commit 435d7a052bf1b6a3a01cb3ad6cda6ba4b25b1879) Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
* mt7622: remove 300 MHz from dtsJohn Audia2022-07-191-0/+25
| | | | | | | | | | | | | | | | | Due to the bug described here[1], remove the 300 MHz clock to avoid a low voltage condition that can cause a hang when rebooting the RT3200/E8450. This solution is probably better than the script-based work-around[2]. 1. https://forum.openwrt.org/t/belkin-rt3200-linksys-e8450-wifi-ax-discussion/94302/1490 2. https://github.com/openwrt/openwrt/pull/5025 Signed-off-by: John Audia <therealgraysky@proton.me> Tested-by: Rui Salvaterra <rsalvaterra@gmail.com> Tested-by: John Audia <therealgraysky@proton.me> (cherry picked from commit d0d6b8e1833c587d0c50cac4f6324aa93b0bc8fc) [ fix the conflict by apply the patch to kernel 5.10 ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* bcm4908: use upstream-accepted watchdog patchesRafał Miłecki2022-07-182-1/+11
| | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 864fdf2bf3f4b5c71e57a27c514672b966580148)
* bcm4908: backport latest DT patchesRafał Miłecki2022-07-187-1/+363
| | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 001856fa51eaa704a254955138f76907eb02c2b4)
* kernel: update leds-bcm63138 driverRafał Miłecki2022-07-183-0/+85
| | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit bb2a2b1dbe9c03d2abbb6989b6c4041e765543b0)
* kernel: backport LEDs driver for BCMBCA devicesRafał Miłecki2022-07-185-0/+499
| | | | | | | This includes BCM63xx and BCM4908 families. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit d9ab1e56d8d16182bd292f393c012d7e6873ed89)
* opkg: update to 2022-02-24Josef Schlehofer2022-07-171-3/+3
| | | | | | | | | | | Changes: 9c44557 opkg_remove: avoid remove pkg repeatly with option --force-removal-of-dependent-packages 2edcfad libopkg: set 'const' attribute for argv This should fix the CI error in the packages repository, which happens with perl. Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit e21fea92891fbdfb4eb14e9fe836530b6225cb1f)
* firmware: intel-microcode: update to 20220510Christian Lamparter2022-07-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>: * New upstream microcode datafile 20220419 * Fixes errata APLI-11 in Atom E3900 series processors * Updated Microcodes: sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384 * New upstream microcode datafile 20220510 * Fixes INTEL-SA-000617, CVE-2022-21151: Processor optimization removal or modification of security-critical code may allow an authenticated user to potentially enable information disclosure via local access (closes: #1010947) * Fixes several errata (functional issues) on Xeon Scalable, Atom C3000, Atom E3900 * New Microcodes: sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992 sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992 sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 * Updated Microcodes: sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224 sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496 sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888 sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888 sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696 sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408 sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568 sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264 sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912 sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776 sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776 sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640 sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816 sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280 sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400 sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472 sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472 sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472 sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472 sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472 sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480 sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544 sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448 sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472 sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448 sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448 sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256 sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280 sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256 sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256 sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256 sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424 Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 2747a94f0977b36c4c29cc4596879b9127cfaf5f)
* openssl: bump to 1.1.1qDustin Lundquist2022-07-171-2/+2
| | | | | | | | | | | | | | | | | | Changes between 1.1.1p and 1.1.1q [5 Jul 2022] *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation would not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. (CVE-2022-2097) [Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño] Signed-off-by: Dustin Lundquist <dustin@null-ptr.net> (cherry picked from commit 3899f68b54b31de4b4fef4f575f7ea56dc93d965)
* wolfssl: bump to 5.4.0Eneas U de Queiroz2022-07-164-48/+4
| | | | | | | | | | | | This version fixes two vulnerabilities: -CVE-2022-34293[high]: Potential for DTLS DoS attack -[medium]: Ciphertext side channel attack on ECC and DH operations. The patch fixing x86 aesni build has been merged upstream. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 9710fe70a68e0a004b1906db192d7a6c8f810ac5) Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* ath79: bsap18x0: pad rootfs imageTomasz Maciej Nowak2022-07-151-1/+1
| | | | | | | | | | | This image is supposed to be written with help of bootloader to the flash, but as it stands, it's not aligned to block size and RedBoot will happily create non-aligned partition size in FIS directory. This could lead to kernel to mark the partition as read-only, therefore pad the image to block erase size boundary. Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com> (cherry picked from commit 9decd2a8436d2bb6b5f436268c92a6e6728486ce)
* ath79: ja76pf2: use nvmem cells to specify MAC addressesTomasz Maciej Nowak2022-07-152-4/+15
| | | | | | | | | | | | | The bootloader on this board hid the partition containig MAC addresses and prevented adding this space to FIS directory, therefore those had to be stored in RedBoot configuration as aliases to be able to assigne them to proper interfaces. Now that fixed partition size are used instead of redboot-fis parser, the partition containig MAC addresses could be specified, and with marking it as nvmem cell, we can assign them without userspace involvement. Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com> (cherry picked from commit b52719b71a3337e5ae840c7a50fe41ebdc070f4e)
* ath79: move image check for devices with RedBootTomasz Maciej Nowak2022-07-152-31/+46
| | | | | | | | | | | Don't comence the switch to RAMFS when the image format is wrong. This led to rebooting the device, which could lead to false impression that upgrade succeded. Being here, factor out the code responsible for upgrading RedBoot devices to separate file. Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com> (cherry picked from commit 5897c52e78e3cd3846db083d48dd9d6b47ff3a08)
* ath79: switch some RedBoot based devices to OKLI loaderTomasz Maciej Nowak2022-07-157-37/+119
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After the kernel has switched version to 5.10, JA76PF2 and RouterStations lost the capability to sysupgrade the OpenWrt version. The cause is the lack of porting the patches responsible for partial flash erase block writing and these boards FIS directory and RedBoot config partitions share the same erase block. Because of that the FIS directory can't be updated to accommodate kernel/rootfs partition size changes. This could be remedied by bootloader update, but it is very intrusive and could potentially lead to non-trivial recovery procedure, if something went wrong. The less difficult option is to use OpenWrt kernel loader, which will let us use static partition sizes and employ mtd splitter to dynamically adjust kernel and rootfs partition sizes. On sysupgrade from ath79 19.07 or 21.02 image, which still let to modify FIS directory, the loader will be written to kernel partition, while the kernel+rootfs to rootfs partition. The caveats are: * image format changes, no possible upgrade from ar71xx target images * downgrade to any older OpenWrt version will require TFTP recovery or usage of bootloader command line interface To downgrade to 19.07 or 21.02, or to upgrade if one is already on OpenWrt with kernel 5.10, for RouterStations use TFTP recovery procedure. For JA76PF2 use instructions from this commit message: commit 0cc87b3bacee ("ath79: image: disable sysupgrade images for routerstations and ja76pf2"), replacing kernel image with loader (loader.bin suffix) and rootfs image with firmware (firmware.bin suffix). Fixes: b10d6044599d ("kernel: add linux 5.10 support") Fixes: 15aa53d7ee65 ("ath79: switch to Kernel 5.10") Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com> (mkubntimage was moved to generic-ubnt.mk) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 5c142aad7bc018fe000789740a486c49973035b8)
* rockchip: reliably distribute net interruptsRonny Kotzschmar2022-07-151-2/+9
| | | | | | | | | | On the NanoPI R4S it takes an average of 3..5 seconds for the network devices to appear in '/proc/interrupts'. Wait up to 10 seconds to ensure that the distribution of the interrupts really happens. Signed-off-by: Ronny Kotzschmar <ro.ok@me.com> (cherry picked from commit 9b00e9795660f53caf1f4f5fd932bbbebd2eeeb1)
* wolfssl: re-enable AES-NI by default for x86_64Eneas U de Queiroz2022-07-152-6/+45
| | | | | | | | | | | Apply an upstream patch that removes unnecessary CFLAGs, avoiding generation of incompatible code. Commit 0bd536723303ccd178e289690d073740c928bb34 is reverted so the accelerated version builds by default on x86_64. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 639419ec4fd1501a9b9857cea96474271ef737b1)