| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ubiquiti NanoBeam M5 devices are CPE equipment for customer locations
with one Ethernet port and a 5 GHz 300Mbps wireless interface.
Specificatons:
- Atheros AR9342
- 535 MHz CPU
- 64 MB RAM
- 8 MB Flash
- 1x 10/100 Mbps Ethernet with passive PoE input (24 V)
- 6 LEDs of which four are rssi
- 1 reset button
- UART (4-pin) header on PCB
Notes:
The device was supported by OpenWrt in ar71xx.
Flash instructions (web/ssh/tftp):
Loading the image via ssh vias a stock firmware prior "AirOS 5.6".
Downgrading stock is possible.
* Flashing is possible via AirOS software update page:
The "factory" ROM image is recognized as non-native and then installed correctly.
AirOS warns to better be familiar with the recovery procedure.
* Flashing can be done via ssh, which is becoming difficult due to legacy
keyexchange methods.
This is an exempary ssh-config:
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa
PubkeyAcceptedKeyTypes ssh-rsa
User ubnt
The password is ubnt.
Connecting via IPv6 link local worked best for me.
1. scp the factory image to /tmp
2. fwupdate.real -m /tmp/firmware_image_file.bin -d
* Alternatively tftp is possible:
1. Configure PC with static IP 192.168.1.2/24.
2. Enter the rescue mode. Power off the device, push the reset button on
the device (or the PoE) and keep it pressed.
Power on the device, while still pushing the reset button.
3. When all the leds blink at the same time, release the reset button.
4. Upload the firmware image file via TFTP:
tftp 192.168.1.20
tftp> bin
tftp> trace
Packet tracing on.
tftp> put firmware_image.bin
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
(cherry picked from commit 4cd3ff8a79738fa503150e52162c7df6d9bd3534)
|
|
|
|
| |
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
|
|
|
| |
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The MikroTik hAP (product code RB951Ui-2nD) is
an indoor 2.4Ghz AP with a 2 dBi integrated antenna built around the
Atheros QCA9531 SoC.
Specifications:
- SoC: Atheros QCA9531
- RAM: 64 MB
- Storage: 16 MB NOR - Winbond 25Q128FVSG
- Wireless: Atheros QCA9530 (SoC) 802.11b/g/n 2x2
- Ethernet: Atheros AR934X switch, 5x 10/100 ports,
10-28 V passive PoE in port 1, 500 mA PoE out on port 5
- 8 user-controllable LEDs:
· 1x power (green)
· 1x user (green)
· 4x LAN status (green)
· 1x WAN status (green)
· 1x PoE power status (red)
See https://mikrotik.com/product/RB951Ui-2nD for more details.
Notes:
The device was already supported in the ar71xx target.
Flashing:
TFTP boot initramfs image and then perform sysupgrade. Follow common
MikroTik procedure as in https://openwrt.org/toh/mikrotik/common.
Signed-off-by: Maciej Krüger <mkg20001@gmail.com>
(cherry picked from commit 5ce64e0646fcd5c4f374b4de898b591560c32e18)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The MikroTik RB952Ui-5ac2nD (sold as hAP ac lite) is an indoor 2.4Ghz
and 5GHz AP/router with a 2 dBi integrated antenna.
See https://mikrotik.com/product/RB952Ui-5ac2nD for more details.
Specifications:
- SoC: QCA9533
- RAM: 64MB
- Storage: 16MB NOR
- Wireless: QCA9533 802.11b/g/n 2x2 / QCA9887 802.11a/n/ac 2x2
- Ethernet: AR934X switch, 5x 10/100 ports,
10-28 V passive PoE in port 1, 500 mA PoE out on port 5
- 6 user-controllable LEDs:
- 1x user (green)
- 5x port status (green)
Flashing:
TFTP boot initramfs image and then perform sysupgrade. The "Internet"
port (port number 1) must be used to upload the TFTP image, then
connect to any other port to access the OpenWRT system.
Follow common MikroTik procedure as in
https://openwrt.org/toh/mikrotik/common.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit 2bd33e8626bd04fd7115ee1a42aaf03aae2fffb8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
c22eeef fw4: support negative CIDR bit notation
628d791 hotplug: reliably handle interfaces with ubus zone hints
d005293 fw4: store zone associations from ubus in statefile as well
b268225 fw4: filter non hw-offload capable devices when resolving lower devices
57984e0 fw4: always resolve lower flowtable devices
7782017 tests: fix mocked `fd.read("line")` api
72b196d config: remove restictions on DHCPv6 allow rule
f0cc317 fw4: refactor family selection for forwarding rules
b0b8122 treewide: use modern syntax
05995f1 fw4: fix emitting device jump rules for family restricted zones
b479815 fw4: fix family auto-selection for config nat rules
2816a82 ruleset: ensure that family-agnostic ICMP rules cover ICMPv6 as well
2379c3d tests: add test coverage for zone family selection logic
Fixes: #5066, #9611, #9765, #9854
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 2df17604a4f891447beb66988e3d83e23ab3a3b0)
|
|
|
|
|
|
|
|
|
|
| |
081871e compiler: fix segmentation fault on compiling unexpected unary expressions
090b426 fs: avoid input buffering with small limits in fs.readfile()
8da140f lib: introduce hexenc() and hexdec()
9a72423 Update README.md
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e2ce2a8d3cd3c885eb61a8b577abf9508ffad7d2)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed upstreamed:
generic/backport-5.10/900-regulator-consumer-Add-missing-stubs-to-regulator-co.patch
All other patches automatically rebased.
Compile-tested: lantiq/xrx200, armvirt/64
Run-tested: lantiq/xrx200, armvirt/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
Backport spi driver delay fixes from the 5.17-rc1 kernel.
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
[port also to kernel 5.15]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit f8e65fecee1a60a5cde827d4f5df751a02916156)
|
|
|
|
|
|
|
|
|
|
|
| |
This release comes with a security fix related to c_rehash. OpenWrt
does not ship or use it, so it was not affected by the bug.
There is a fix for a possible crash in ERR_load_strings() when
configured with no-err, which OpenWrt does by default.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7a5ddc0d06895bde7538d78c8dad2c863d70f946)
|
|
|
|
|
|
|
|
|
|
| |
This is mostly a bug fix release, including two that were already
patched here:
- 300-fix-SSL_get_verify_result-regression.patch
- 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 73c1fe2890baa5c0bfa46f53c5387f5e47de1acb)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hardware specs:
SoC: Qualcomm IPQ8065 (dual core Cortex-A15)
RAM: 512 MB DDR3
Flash: 256 MB NAND, 32 MB NOR
WiFi: QCA9983 2.4 GHz, QCA9984 5 GHz
Switch: QCA8337
Ethernet: 5x 10/100/1000 Mbit/s
USB: 1x USB 3.0 Type-A
Buttons: WPS, Reset
Power: 12 VDC, 2.5 A
Ethernet ports:
1x WAN: connected to eth2
4x LAN: connected via the switch to eth0 and eth1
(eth0 is disabled in OEM firmware)
MAC addresses (OEM and OpenWrt):
fw_env @ 0x00 d4:ab:82:??:??:?a LAN (eth1)
fw_env @ 0x06 d4:ab:82:??:??:?b WAN (eth2)
fw_env @ 0x0c d4:ab:82:??:??:?c WLAN 2.4 GHz (ath1)
fw_env @ 0x12 d4:ab:82:??:??:?d WLAN 5 GHz (ath0)
fw_env @ 0x18 d4:ab:82:??:??:?e OEM usage unknown (eth0 in OpenWrt)
OID d4:ab:82 is registered to:
ARRIS Group, Inc., 6450 Sequence Drive, San Diego CA 92121, US
More info:
https://openwrt.org/inbox/toh/arris/tr4400_v2
IMPORTANT:
This port requires moving the 'fw_env' partition prior to first boot to
consolidate 70% of the usable space in flash into a contiguous partition.
'fw_env' contains factory-programmed MAC addresses, SSIDs, and passwords.
Its contents must be copied to 'rootfs_1' prior to booting via initramfs.
Note that the stock 'fw_env' partition will be wiped during sysupgrade.
A writable 'stock_fw_env' partition pointing to the old, stock location
is included in the port to help rolling back this change if desired.
Installation:
- Requires serial access and a TFTP server.
- Fully boot stock, press ENTER, type in:
mtd erase /dev/mtd21
dd if=/dev/mtd22 bs=128K count=1 | mtd write - /dev/mtd21
umount /config && ubidetach -m 23 && mtd erase /dev/mtd23
- Reboot and interrupt U-Boot by pressing a key, type in:
set mtdids 'nand0=nand0'
set mtdparts 'mtdparts=nand0:155M@0x6500000(mtd_ubi)'
set bootcmd 'ubi part mtd_ubi && ubi read 0x44000000 kernel && bootm'
env save
- Setup TFTP server serving initramfs image as 'recovery.bin', type in:
set ipaddr 192.168.1.1
set serverip 192.168.1.2
tftpboot recovery.bin && bootm
- Use sysupgrade to install squashfs image.
This port is based on work done by AmadeusGhost <amadeus@jmu.edu.cn>.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
[add 5.15 changes for 0069-arm-boot-add-dts-files.patch]
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit f8b0010dfb548469686049f85076fd6a3a6bca2e)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ZyXEL GS1900-16 is a 16 port gigabit switch similar to other GS1900 switches.
Specifications
--------------
* Device: ZyXEL GS1900-16
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB Macronix MX25L12835F
* RAM: 128 MiB DDR2 SDRAM Nanya NT5TU128M8HE
* Ethernet: 16x 10/100/1000 Mbps
* LEDs: 1 PWR LED (green, not configurable)
1 SYS LED (green, configurable)
16 ethernet port link/activity LEDs (green, SoC controlled)
* Buttons: 1 "RESET" button on front panel
* Power 120-240V AC C13
* UART: 1 serial header (J12) with populated standard pin connector on
the right back of the PCB.
Pinout (front to back):
+ Pin 1 - VCC marked with white dot
+ Pin 2 - RX
+ Pin 3 - TX
+ PIn 4 - GND
Serial connection parameters: 115200 8N1.
Installation
------------
OEM upgrade method:
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware
* Select the HTTP radio button
* Select the Active radio button
* Use the browse button to locate the
realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin
file amd select open so File Path is update with filename.
* Select the Apply button. Screen will display "Prepare
for firmware upgrade ...".
*Wait until screen shows "Do you really want to reboot?"
then select the OK button
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-16 is a dual-partition device, you want to keep the OEM
firmware on the backup partition for the time being. OpenWrt can only boot
from the first partition anyway (hardcoded in the DTS). To make sure we are
manipulating the first partition, issue the following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/openwrt-realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
Signed-off-by: Raylynn Knight <rayknight@me.com>
[removed duplicate patch title, align RAM specification]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit 580723e86ae53f14273ff8c3a0ebf5d15b4ce1f1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SoC: Atheros AR7161
RAM: DDR 128 MiB (hynix h5dU5162ETR-E3C)
Flash: SPI-NOR 8 MiB (mx25l6406em2i-12g)
WLAN: 2.4/5 GHz
2.4 GHz: Atheros AR9220
5 GHz: Atheros AR9223
Ethernet: 4x 10/100/1000 Mbps (Atheros AR8021)
LEDs/Keys: 2/2 (Internet + System LED, Mesh button + Reset pin)
UART: RJ45 9600,8N1
Power: 12 VDC, 1.0 A
Installation instruction:
0. Make sure you have latest original firmware (3.7.11.4)
1. Connect to the Serial Port with a Serial Cable RJ45 to DB9/RS232
(9600,8N1)
screen /dev/ttyUSB0 9600,cs8,-parenb,-cstopb,-hupcl,-crtscts,clocal
2. Configure your IP-Address to 192.168.1.42
3. When device boots hit spacebar
3. Configure the device for tftpboot
setenv ipaddr 192.168.1.1
setenv serverip 192.168.1.42
saveenv
4. Reset the device
reset
5. Hit again the spacebar
6. Now load the image via tftp:
tftpboot 0x81000000 INITRAMFS.bin
7. Boot the image:
bootm 0x81000000
8. Copy the squashfs-image to the device.
9. Do a sysupgrade.
https://openwrt.org/toh/netgear/wndap360
The device should be converted from kmod-owl-loader to nvmem-cells in the
future. Nvmem cells were not working. Maybe ATH9K_PCI_NO_EEPROM is missing.
That is why this commit is still using kmod-owl-loader. In the future
the device tree may look like this:
&ath9k0 {
nvmem-cells = <&macaddr_art_120c>, <&cal_art_1000>;
nvmem-cell-names = "mac-address", "calibration";
};
&ath9k1 {
nvmem-cells = <&macaddr_art_520c>, <&cal_art_5000>;
nvmem-cell-names = "mac-address", "calibration";
};
&art {
...
cal_art_1000: cal@1000 {
reg = <0x1000 0xeb8>;
};
cal_art_5000: cal@5000 {
reg = <0x5000 0xeb8>;
};
};
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 88527294cda0a46d927b3bca6dbaab507fa1cb96)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds support for the TP-Link Deco M4R (it can also be M4,
TP-Link uses both names) v1 and v2. It is similar hardware-wise to the
Archer C6 v2. Software-wise it is very different. V2 has a bit different
layout from V1 but the chips are the same and the OEM firmware is the same
for both versions.
Specifications:
SoC: QCA9563-AL3A
RAM: Zentel A3R1GE40JBF
Wireless 2.4GHz: QCA9563-AL3A (main SoC)
Wireless 5GHz: QCA9886
Ethernet Switch: QCA8337N-AL3C
Flash: 16 MB SPI NOR
Flashing:
The device's bootloader only accepts images that are signed using
TP-Link's RSA key, therefore this way of flashing is not possible. The
device has a web GUI that should be accessible after setting up the device
using the app (it requires the app to set it up first because the web GUI
asks for the TP-Link account password) but for unknown reasons, the web
GUI also refuses custom images.
There is a debug firmware image that has been shared on the device's
OpenWrt forum thread that has telnet unlocked, which the bootloader will
accept because it is signed. It can be used to transfer an OpenWrt image
file over to the device and then be used with mtd to flash the device.
Pre-requisites:
- Debug firmware.
- A way of transferring the file to the router, you can use an FTP server
as an example.
- Set a static IP of 192.168.0.2/255.255.255.0 on your computer.
- OpenWrt image.
Installation:
- Unplug your router and turn it upside down. Using a long and thin object
like a SIM unlock tool, press and hold the reset button on the router and
replug it. Keep holding it until the LED flashes yellow.
- Open 192.168.0.1. You should see the bootloader recovery's webpage.
Choose the debug firmware that you downloaded and flash it. Wait until the
router reboots (at this stage you can remove the static IP).
- Open a terminal window and connect to the router via telnet (the primary
router should have a 192.168.0.1 IP address, secondary routers are
different).
- Transfer the file over to the router, you can use curl to download it
from the internet (use the insecure flag and make sure your source accepts
insecure downloads) or from an FTP server.
- The router's default mtd partition scheme has kernel and rootfs
separated. We can use dd to split the OpenWrt image file and flash it with
mtd:
dd if=openwrt.bin of=kernel.bin skip=0 count=8192 bs=256
dd if=openwrt.bin of=rootfs.bin skip=8192 bs=256
- Once the images are ready, you have to flash the device using mtd
(make sure to flash the correct partitions or you may be left with a
hard bricked router):
mtd write kernel.bin kernel
mtd write rootfs.bin rootfs
- Flashing is done, reboot the device now.
Signed-off-by: Foica David <superh552@gmail.com>
(cherry picked from commit 063e9047cc8b247ea4b04ee3248b99f3212a42f8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this adds the mediatek,led_source dts binding for
Asus RT-AC1200 devices' dtsi, for correct switch LED
behavior.
The dts-binding is introduced in commit:
65dc9e0980255b15402c45b840f239b85be59b3d
Without this, we only have constantly very fast
blinking LEDs, which don't react on any traffic or
LAN events at all.
Signed-off-by: Tamas Balogh <tamasbalogh@hotmail.com>
(cherry picked from commit 771ea6f2e3868b208b5261ae676160d5ef6544e8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Specifications:
SoC: MediaTek MT7621
RAM: 256 MB
Flash: 32 MB
WiFi: MediaTek MT7915E
Switch: 1 WAN, 4 LAN (Gigabit)
Ports: 1 USB 3.0
Buttons: Reset, WPS
LEDs: Power, System, Wan, Lan 1-4, WiFi 2.4G, WiFi 5G, WPS, USB
Power: DC 12V 1A tip positive
Installation:
Download and flash the manufacturer's built OpenWRT image available at
http://www.cudytech.com/openwrt_software_download
Install the new OpenWRT image via luci (System -> Backup/Flash firmware)
Be sure to NOT keep settings. The force upgrade may need to be checked
due to differences in router naming conventions.
Recovery:
Loads only signed manufacture firmware due to bootloader RSA verification
serve tftp-recovery image as /recovery.bin on 192.168.1.88/24
connect to any lan ethernet port
power on the device while holding the reset button
wait at least 8 seconds before releasing reset button for image to
download
Signed-off-by: Alessio Prescenzo <alessioprescenzo@gmail.com>
[ensure unique wireless MAC, fix GPIO pingroup]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 4a8eaa5c7c9235212c4af022c18b2dfbadfe557f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SERCOMM NA502s is a smart home gateway manufactured by SERCOMM and sold
under different brands (among others, A1 Telekom Austria SmartHome Premium
Gateway). It has multi-protocol radio support in addition to LAN and WiFi.
Note: BLE and audio are currently unsupported.
Specifications
--------------
- MT7621ST 880MHz, Single-Core, Dual-Thread
- MT7603EN 2.4GHz WiFi
- MT7662EN 5GHz WiFi + BLE
- 128MiB NAND
- 256MiB DDR3 RAM
- SD3503 ZWave Controller
- EM357 Zigbee Coordinator
- Telit UMTS module
- Rechargeable battery
- speaker and microphone
MAC address assignment
----------------------
LAN MAC is read from the config partition, WiFi 2.4GHz is LAN+2 and matches
the OEM firmware. WiFi 5GHz with LAN+1 is an educated guess since the
OEM firmware does not enable 5GHz WiFi.
Installation
------------
Attach serial console, then boot the initramfs image via TFTP.
Once inside OpenWrt, run sysupgrade -n with the sysupgrade file.
Attention: The device has a dual-firmware design. We overwrite kernel2,
since kernel1 contains an automatic recovery image.
If you get NAND ECC errors and are stuck with bad eraseblocks, try to
erase the mtd partition first with
mtd unlock ubi
mtd erase ubi
This should only be needed once.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 9ee6ac00c43cc253ac554495edb6214563ab1f31)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Wavlink WL-WN533A8 is an AC3000 router with 5 gigabit ethernet ports
and one USB 3.0 port.
It's also known as Wavlink QUANTUM T8.
Hardware
--------
SoC: Mediatek MT7621A
RAM: 128MB (Nanya NT5CB64M16GP-EK)
FLASH: 16MB NOR (GigaDevice GD25Q127CSIG3)
ETH:
- 5x 10/100/1000 Mbps Ethernet (4x LAN + 1x WAN)
WIFI:
- 1x MT7615DN (2x 2x2:2) 2.4GHz and 5GHz DBDC
- 1x MT7615NE (4x4:4) 5GHz
- 8 external antennas
BTN:
- 1x Reset button
- 1x WPS button
- 1x Turbo button
- 1x Touchlink button
- 1x ON/OFF switch
LEDS:
- 1x Red led (system status)
- 1x Blue led (system status)
- 7x Blue leds (wifi led + 5 ethernet ports + power)
USB:
- 1x USB 3.0 port
UART:
- 57600-8-N-1
J4
Everything works correctly.
Installation
------------
Flash the initramfs image in the OEM firmware interface
(http://192.168.10.1/update.shtml).
When Openwrt boots, flash the sysupgrade image otherwise you won't be
able to keep configuration between reboots.
(Procedure tested on fw M33A8.V5030.190716 and M33A8.V5030.201204)
Restore OEM Firmware
--------------------
Flash the firmware update available online directly from LUCI.
You can download it from:
https://www.wavlink.com/en_us/firmware/details/f2d247ecba.html
Warning: Remember to not keep settings!
Warning2: Remember to force the flash.
Notes
-----
1) Router mac addresses:
LAN XX:XX:XX:XX:XX:63 (factory @ 0xe006)
WAN XX:XX:XX:XX:XX:64 (factory @ 0xe000)
WIFI 2G/5G XX:XX:XX:XX:XX:65 (factory @ 0x04)
WIFI 5G XX:XX:XX:XX:XX:66 (factory @ 0x8004)
LABEL XX:XX:XX:XX:XX:65
In OEM firmware the DBDC wifi interfaces have these mac addresses:
2G) 82:XX:XX:XX:XX:65
5G) 80:XX:XX:XX:XX:65
While in OpenWrt the addresses are:
2G) 80:XX:XX:XX:XX:65
5G) 02:XX:XX:XX:XX:65
2) radio0 will show as 2G/5G interface but only 2G is really usable.
3) There is just one wifi led for all wifi interfaces.
It currently shows only the radio0 GHz wifi activity.
4) My unit was shipped with M33A8.V5030.190716 firmware which contains
the http://192.168.10.1/webcmd.shtml page. Entering "telnetd" in
the input box it will start the telnet daemon. Now you can access
the telnet console on port 2323 with these credentials:
username: admin2860
password: admin
5) The M33A8.V5030.201204 firmware version, doesn't contain anymore the
webcmd.shtml page. If your router is shipped with a previous firmware
version and you want to back it up, you can follow the back up
procedure of the WS-WN583A6.
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
(cherry picked from commit 32e6942d72b6426d65eaa4dc7f2ba949b3c32985)
|
|
|
|
|
|
|
|
| |
Most of the definitions for WN531A6 will be shared with WN533A8 in a
future commit, so put them in a shared DTSI.
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
(cherry picked from commit 57b6dcd826b13eab2101f9c8e96d43ab251e8dc1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TP-Link RE650 v2 is largely similar to v1 that
is already supported by OpenWrt. Notable differences
is differnt SPI Flash - 8 MB instead of 16 MB
(from cFeon instead of Winbond) and a different
configuration of PCIE connections to wifi chips.
Otherwise it's largely the same product as v1
Hardware specification:
- SoC 880 MHz - MediaTek MT7621AT
- 128 MB of DDR3 RAM
- 8 MB - cFeon QH64A-104HIP
- 4T4R 2.4 GHz - MediaTek MT7615E
- 4T4R 5 GHz - MediaTek MT7615E
- 1x 1 Gbps Ethernet - MT7621AT integrated
- 7x LEDs (Power, 2G, 5G, WPS(x2), Lan(x2))
- 4x buttons (Reset, Power, WPS, LED)
- UART pinout - GND, RX, TX, labeled in the middle of the PCB,
requires soldering because they're not through holes.
Serial console @ 57600,8n1
Flash instructions:
Upload
openwrt-ramips-mt7621-tplink_re650-v2-squashfs-factory.bin
from the RE650 web interface.
TFTP recovery to stock firmware:
I didn't try recovering back to the stock firmware, however,
if there is such process for other RExxx devices, it seems like
it could be similar here.
Signed-off-by: Marcin Gordziejewski <openwrt@flicksfix.com>
(cherry picked from commit 39799974a372fb4333d21f077c670b8a56b9d696)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two versions which are identical apart from the enclosure:
YunCore AX820: indoor ceiling mount AP with integrated antennas
YunCore HWAP-AX820: outdoor enclosure with external (N) connectors
Hardware specs:
SoC: MediaTek MT7621DAT
Flash: 16 MiB SPI NOR
RAM: 128MiB (DDR3, integrated)
WiFi: MT7905DAN+MT7975DN 2.4/5GHz 2T2R 802.11ax
Ethernet: 10/100/1000 Mbps x2 (WAN/PoE+LAN)
LED: Status (green)
Button: Reset
Power: 802.11af/at PoE; DC 12V,1A
Antennas: AX820(indoor): 4dBi internal; HWAP-AX820(outdoor): external
Flash instructions:
The "OpenWRT support" version of the AX820 comes with a LEDE-based
firmware with proprietary MTK drivers and a luci webinterface and
ssh accessible under 192.168.1.1 on LAN; user root, no password.
The sysupgrade.bin can be flashed using luci or sysupgrade via ssh,
you will have to force the upgrade due to a different factory name.
Remember: Do *not* preserve factory configuration!
MAC addresses as used by OEM firmware:
use address source
2g 44:D1:FA:*:0b Factory 0x0004 (label)
5g 46:D1:FA:*:0b LAA of 2g
lan 44:D1:FA:*:0c Factory 0xe000
wan 44:D1:FA:*:0d Factory 0xe000 + 1
The wan MAC can also be found in 0xe006 but is not used by OEM dtb.
Due to different MAC handling in mt76 the LAA derived from lan is used
for 2g to prevent duplicate MACs when creating multiple interfaces.
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
(cherry picked from commit 4891b865380e2b7f32acf0893df9c1ca9db8d4ea)
|
|
|
|
|
|
|
|
|
|
| |
Includes image support for new TP-Link devices:
ddc3e00e314d tplink-safeloader: add TP-Link EAP265 HD support
ceea1a7fe56e tplink-safeloader: add TP-Link Deco M4R v1 and v2 support
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit 0f207ade12fdfffae3554c6a7214aa670a8d6854)
|
|
|
|
|
|
|
| |
05fd700 tplink-safeloader: TP-Link RE650 v2 support
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 36790ca6940b84dede450c54df9f75500454b92b)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This backports a patch from Linux 5.10.116 to fix a compile problem
introduced in 5.10.114.
drivers/usb/phy/phy-generic.c could not find
devm_regulator_get_exclusive().
Fixes: 8592df67f40b ("kernel: bump 5.10 to 5.10.114")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7400adae8d86dde3c60752bf66d487aa1b138bc1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed upstreamed:
backport-5.10/850-v5.17-0004-PCI-aardvark-Clear-all-MSIs-at-setup.patch
pending-5.10/850-0002-PCI-aardvark-Fix-reading-MSI-interrupt-number.patch
All other patches automatically rebased.
Build system: x86_64
Build-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit b754b0c721131005efa7127151088e9c23dc9053)
|
|
|
|
|
|
|
|
|
|
|
| |
All patches automatically rebased.
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 8592df67f40b3afdee68e36dc3820187ec0f98fc)
|
|
|
|
|
|
|
|
|
|
| |
Some revisions of the FRITZ!7530 use a Toshiba NAND with 8 bit ECC in
contrast to the Macronix NAND with 4 bit ECC. This removes the hardcoded
ECC strength and step size as set in qcom-ipq4019.dtsi, thus relying on the
kernel NAND detection routines to correclty set up the ECC parameters.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit f167f4a9a42e6d1e186487883500299cc82b1b9f)
|
|
|
|
|
|
|
|
|
| |
The Toshiba TC58NVG0S3HTA00 is detected with 64 byte OOB while the flash
has 128 byte OOB. This adds a static NAND ID entry to correct this.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 0bc794a66845738eef7eeb7e13877ffb8aec17f7)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From Andreas Böhler:
"Some revisions of the FRITZ!7530 use a Toshiba NAND with 8 bit ECC
in contrast to the Macronix NAND with 4 bit ECC.".
Uboot needs to know this in order to have a chance to load from
the NAND.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 057bac2e1fc796fb4b2440a896be43bca138be84)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ZTE MF286A and MF286R feature a "power switch override" GPIO in stock
firmware as means to prevent power interruption during firmware update,
especially when used with internal battery.
To ensure that this GPIO is
properly driven as in stock firmware, configure it with userspace GPIO
switch.
It was observed that on some units, the modem would not be
restarted together with the board itself on reboot, this should help
with that as well.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 1fabeeb799abca1d4fb5ba541410ba847cdc20d9)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This partially reverts
commit cfc13c44595d ("ipq40xx: utilize nvmem-cells for macs & (pre-)calibration data").
After switching to nvmem RTL30VW, wifi was broken:
[ 19.118319] ath10k_ahb a000000.wifi: qca4019 hw1.0 target 0x01000000 chip_id 0x003b00ff sub 0000:0000
[ 19.118377] ath10k_ahb a000000.wifi: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0
[ 19.130285] ath10k_ahb a000000.wifi: firmware ver 10.4b-ct-4019-fW-13-5ae337bb1 api 5 features mfp,peer-flow-ctrl,txstatus-noack,wmi-10.x-CT,ratemask-CT,regdump-CT,txrate-CT,flush-all-CT,pingpong-CT,ch-regs-CT,nop-CT,set-special-CT,tx-rc-CT,cust-stats-CT,txrate2-CT,beacon-cb-CT,wmi-block-ack-CT,wmi-bcn-rc-CT crc32 6b2b5c5b
[ 19.159092] ath10k_ahb a000000.wifi: failed to fetch board data for bus=ahb,vendor=0000,device=0000,subsystem-vendor=0000,subsystem-device=0000,variant=cellc,rtl30vw from ath10k/QCA4019/hw1.0/board-2.bin
[ 19.238764] ath10k_ahb a000000.wifi: failed to fetch board-2.bin or board.bin from ath10k/QCA4019/hw1.0
[ 19.238847] ath10k_ahb a000000.wifi: failed to fetch board file: -12
[ 19.247362] ath10k_ahb a000000.wifi: could not probe fw (-12)
[ 20.190797] ath10k_ahb a800000.wifi: qca4019 hw1.0 target 0x01000000 chip_id 0x003b00ff sub 0000:0000
[ 20.190853] ath10k_ahb a800000.wifi: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0
[ 20.202893] ath10k_ahb a800000.wifi: firmware ver 10.4b-ct-4019-fW-13-5ae337bb1 api 5 features mfp,peer-flow-ctrl,txstatus-noack,wmi-10.x-CT,ratemask-CT,regdump-CT,txrate-CT,flush-all-CT,pingpong-CT,ch-regs-CT,nop-CT,set-special-CT,tx-rc-CT,cust-stats-CT,txrate2-CT,beacon-cb-CT,wmi-block-ack-CT,wmi-bcn-rc-CT crc32 6b2b5c5b
[ 20.231357] ath10k_ahb a800000.wifi: failed to fetch board data for bus=ahb,vendor=0000,device=0000,subsystem-vendor=0000,subsystem-device=0000,variant=cellc,rtl30vw from ath10k/QCA4019/hw1.0/board-2.bin
[ 20.317318] ath10k_ahb a800000.wifi: failed to fetch board-2.bin or board.bin from ath10k/QCA4019/hw1.0
[ 20.317399] ath10k_ahb a800000.wifi: failed to fetch board file: -12
[ 20.326098] ath10k_ahb a800000.wifi: could not probe fw (-12)
Bootloader mangles in NAND partitions and removes precal@X nodes in
working system:
root@OpenWrt:~# echo $(cat /sys/firmware/devicetree/base/soc/spi@78b5000/flash@0/partitions/partition@170000/label)
0:ART
root@OpenWrt:~# ls /sys/firmware/devicetree/base/soc/spi@78b5000/flash@0/partitions/partition@170000/
label name reg
Revert to legacy method fixed the problem.
Fixes: cfc13c44595d ("ipq40xx: utilize nvmem-cells for macs & (pre-)calibration data")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit af425e42212d476dd95ec31f18d85b19004c9268)
|
|
|
|
|
|
|
|
|
|
|
|
| |
On GL-AR300M Series GPIO17 described as I2C SDA in Device Tree.
Because of GPIO_OUT_FUNCTION4 register was not initialized on start,
GPIO17 was uncontrollable, it always in high state. According to QCA9531
documentation, default setting of GPIO17 is SYS_RST_L. In order to make
GPIO17 controllable, it should write value 0x00 on bits [15:8] of
GPIO_OUT_FUNCTION4 register, located at 0x1804003C address.
Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
(cherry picked from commit 57efdd6a2d815d2491c5b7f22ffaeb6a845bfd0a)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the reg and color property to each channel node. This
update is to accommodate the multicolor framework.
Refer to:
<https://lore.kernel.org/all/20200622185919.2131-9-dmurphy@ti.com>
<https://lore.kernel.org/all/20210818070209.1540451-1-michal.vokac@ysoft.com>
Note:
There is only a single extremely bright RGB-LED.
The RGB-color channels (i.e.: blue-0, blue-1 and blue-2)
are running in parallel to increase the current delivery
beyond what a single PWM-output on the LED controller
could do.
BugLink: https://github.com/openwrt/openwrt/issues/9851
Reported-By: Thomas Bøge <thomas@boegenielsen.dk>
Tested-By: Thomas Bøge <thomas@boegenielsen.dk>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 834c9b3f055e5ea719f6adfb3fa979e32f2adbd0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
None of the devices supported by target xway are using Realtek
RTL8366S, RTL8367A and RTL8367B switches. The switches mentioned
earlier were enabled when bumping the kernel version to 3.7 in
commit 3a948770cf46 ("add linux-v3.7").
Switches used by individual devices are listed below.
Device Switch PHY
Arcadyan ARV4510PW Infineon ADM6996I int. switch
Arcadyan ARV4519PW Atheros AR8216 int. switch
Arcadyan ARV7506PW11 Realtek RTL8306G int. switch
Arcadyan ARV7510PW22 Atheros AR8216 int. switch
Arcadyan ARV7518PW Atheros AR8216 int. switch
Arcadyan ARV7519PW Atheros RTL8306G int. switch
Arcadyan ARV7525PW N/A IC+ IP101A
Arcadyan ARV752DPW Realtek RTL8306G int. switch
Arcadyan ARV752DPW22 Atheros AR8216 int. switch
Arcadyan ARV8539PW22 Atheros AR8216 int. switch
AVM Fritzbox 7312 int. SoC Atheros AR8030-A
AVM Fritzbox 7320 int. SOC Lantiq PEF7071V
AudioCodes MediaPack MP-252 Infineon ADM6996I int. switch
BT Home Hub 2B Infineon ADM6996I int. switch
BT Home Hub 3A Infineon PSB6972 Lantiq PEF7071V
Buffalo WBMR-HP-G300H-A Atheros AR8316 int. switch
Buffalo WBMR-HP-G300H-B Atheros AR8316 int. switch
Lantiq EASY50712 Infinein ADM6996I int. switch
Netgear DGN3500 Realtek RTL8366RB int. switch
Netgear DGN3500B Realtek RTL8366RB int. switch
Siemens Gigaset sx76x Infineon ADM6996I int. switch
ZTE H201L Realtek RTL8306G int. switch
ZyXEL P-2601HN-F1 Realtek RTL8306E int. switch
ZyXEL P-2601HN-F3 Realtek RTL8306E int. switch
Reduces uncompressed kernel size by 36 kB.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(checkpatch.pl fixes)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 8b5d2a73255298b916259ccbc609e4667a335844)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not reset the RTL930x SerDes on link changes, instead set up
the SDS with internal PHYs for the SFP+ ports only.
This fixes the 8 1GBit ports on the Zyxel XGS1250 which
do not work without this patch.
A complete SerDes reset was performed on all SerDes links. For copper
1Gbit ports, this is commonly a single XGMII link to an RTL8218D. There
is however no support for setting up the XGMII link on RTL9300/RTL9310,
thereby wiping the (RX/TX) setup done by u-boot and breaking the 1GBit
ports. No SerDes reset should be done for these links.
The handling of SGMII/HiSGMII, 1000BX or 10GR links is actually entirely
different. All these modes need to be suitably RX calibrated and the
pre- main and post- amplifiers set up properly for TX.
The 10GBit SFP+ fiber links are recalibrated instead of reset, which
e.g. is necessary when someone pulls a module out and puts another in.
This makes swapping out 10GBit fiber modules possible. 1GBit modules are
not yet supported, nor any modules with an internal phy.
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Birger Koblitz <git@birger-koblitz.de>
[rewrite commit message based on discussion]
Link: http://lists.infradead.org/pipermail/openwrt-devel/2022-May/038623.html
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit d1b824650f1ee694ec2dbdd2f4f9ec64e650cf86)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a bug where frames sent to the switch itself were
flooded to all ports unless the MAC address of the CPU-port
was learned otherwise.
Tested-by: Wenli Looi <wlooi@ucalgary.ca>
Tested-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Birger Koblitz <git@birger-koblitz.de>
[fix code formatting]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit 98bb26f9f762408e42bd8a906f0eb01c41ada10a)
|
|
|
|
|
|
|
|
|
| |
This fixes a well known "LZMA ERROR 1" error, reported previously on
numerous of similar devices.
Fixes: #9824
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 064e7e57b483e6879de0facef4f1fce86ec4ad47)
|
|
|
|
|
|
|
|
|
|
| |
There are many ways to add external RTC to Raspberry Pi boards. Let's
include support for this for the whole target and while at it, sort
features alphabetically.
Fixes: #9594
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit ff09905a468b4cc44f039a76568e8fe6cbaea8d9)
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 203ffc4ca75d43ac32b164c5a474e3ce36999809)
|
|
|
|
|
|
|
| |
sync xt_FLOWOFFLOAD code with latest version of nft_flow_offload
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 726ef8ba2dbe4d4a693c4d9300bc69e234e6d67d)
|
|
|
|
|
|
|
| |
This series also contains other improvement for hardware flow offload support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 0f029b3d2b505b40aca9a24a002838ed1060f83d)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.
Fixes: #5066
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 65258f5d6093809c541050256646795bc0a460a9)
|
|
|
|
|
|
|
| |
9e11b37 fstools: remove SELinux restorecon hack
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4509b790f09183b2ac757371f6d79052f232e4cd)
|
|
|
|
|
|
|
| |
652e6df init: restore SELinux labels after policy is loaded
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit fb011118664756ee33bf16a39bf6e73d02cc2d3f)
|
|
|
|
|
|
|
|
|
|
| |
Remove forgotten redundant selinuxenabled call and skip the whole
thing in case $IPKG_INSTROOT is set as labels are anyway applied only
later on in fakeroot when squashfs is created.
Fixes: 6d7272852e ("base-files: add missing $IPKG_INSTROOT to restorecon call")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7b07c3cff57f057d6780d34adeb23c06123732db)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
try to clean up some labeling inconsistencies
iwinfo loose ends
ucode loose ends
Makefile: adjust mintesttgt (adds blockmount/blockd)
nftables: reads inherited netifd pipe
ucode: reads inherited netifd pipes
mountroot: fowner
sandbox: writes inherited dropbear pipes
unbound related to /tmp/etc/ssl
unbound loose ends
adds a sslconftmpfile for /tmp/etc/ssl
README: maintain a wish list in the README
iwinfo: netifd forgot write
gptfdisk loose ends
iwinfo: netifd wpad reads/writes inherited netifd fifo files
netifd (mac80211.sh) executes iwinfo
luci: executes wireguard
luci-cgi: audits xtables execute access
rcuhttpd: lists ssl certfile dirs
iwinfo, wifi,nftables usage of ttyd pty if available
urandomseed: seedrng needs cap_sys_admin
iwinfo iwinfo, nftables and some chronyd rules related to ntp nts server
nftables, wifi and adds iwinfo skel
nftables, rpcd, ucode
nftables, ucode and seedrng ucode, fw3/nftables, luci
adds ucode skel and some fw3/nftables related
urandomseed: some seedrng rules
fw3 adds some support for fw4
urandomseed: /etc/seedrng is for seed.credit
hotplugcal: runs ucode which is interpreter like
adds a nftables skeleton and makes xtables optional
agent: allow all agents to write inherited dropbear pipes
urandomseed: this seems to be replaced by seedrng
kmodloader: label /etc/modules.conf kmodloader.conffile
Revert "shelexecfile: remove auditallow rule"
Makefile: sort the modules to process by secilc
Moves back to git.defensec.nl
unbound odhcpd (ip) reads net proc
tcp dump
shelexecfile: remove auditallow rule
rrd.cil: fixes indent
Target rddtool from cgi-io instead of runnit it without transition
rrd.cil related
rrd, rpcd, cgiio clean ups related to luci-app-statistics
Rules for rrd files and luci-statistics
unboundcontrol ordering
Several missing permissions
blockmount, dnsmasq, hotplugcall, rpcd, unbound
adds mctp_socket (linux 5.15)
ip: forgot tc-tiny type transition to go along with the fc spec
ip: adds a fc spec for tc-tiny (called by sqm)
adds ttyACM fc spec and various assorted loose ends
.gitattributes: do not export the github workflows
workflow use selinux 3.3
project moved back to https://git.defensec.nl/selinux-policy.git
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 43794570986e33770d9039399d16a665f6c7c495)
|
|
|
|
|
|
|
|
| |
Update to overlooked v2 version of Dominick Grift's patch.
Fixes: 5109bd164c ("base-files: address sed in-place without SELinux awareness")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6d7272852e0b2634b2fa93a131ea8659ec87f079)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sed(1) in busybox does not support this functionality:
https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598
This causes /etc/group to become mislabeled when a package requests
that a uid/gid be added on OpenWrt with SELinux
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[move restorecon inside lock]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 5109bd164c8f2273329483f990188fb36cf3ad68)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
f0fc66a libfstools: check for overlay mounting errors
128ecaf Update / fix extroot comments
8a0ba3b libfstools: get rid of "extroot_prefix" global variable
649cd3f libfstools: use variable for overlay mount-point
922f1b3 libfstools: avoid segfault in find_mount_point
ce5eacb libfstools: mtd: improve error handling
898b328 blockd: restore device_move semantics
0917d22 block: don't probe mtdblock on NAND (with legacy exceptions)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4e8d095013fb822eaa4fd6b4512a434fc17ac901)
|