aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ath79: add support for Ubiquiti NanoBeam M5Jan-Niklas Burfeind2022-05-212-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ubiquiti NanoBeam M5 devices are CPE equipment for customer locations with one Ethernet port and a 5 GHz 300Mbps wireless interface. Specificatons: - Atheros AR9342 - 535 MHz CPU - 64 MB RAM - 8 MB Flash - 1x 10/100 Mbps Ethernet with passive PoE input (24 V) - 6 LEDs of which four are rssi - 1 reset button - UART (4-pin) header on PCB Notes: The device was supported by OpenWrt in ar71xx. Flash instructions (web/ssh/tftp): Loading the image via ssh vias a stock firmware prior "AirOS 5.6". Downgrading stock is possible. * Flashing is possible via AirOS software update page: The "factory" ROM image is recognized as non-native and then installed correctly. AirOS warns to better be familiar with the recovery procedure. * Flashing can be done via ssh, which is becoming difficult due to legacy keyexchange methods. This is an exempary ssh-config: KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms ssh-rsa PubkeyAcceptedKeyTypes ssh-rsa User ubnt The password is ubnt. Connecting via IPv6 link local worked best for me. 1. scp the factory image to /tmp 2. fwupdate.real -m /tmp/firmware_image_file.bin -d * Alternatively tftp is possible: 1. Configure PC with static IP 192.168.1.2/24. 2. Enter the rescue mode. Power off the device, push the reset button on the device (or the PoE) and keep it pressed. Power on the device, while still pushing the reset button. 3. When all the leds blink at the same time, release the reset button. 4. Upload the firmware image file via TFTP: tftp 192.168.1.20 tftp> bin tftp> trace Packet tracing on. tftp> put firmware_image.bin Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me> (cherry picked from commit 4cd3ff8a79738fa503150e52162c7df6d9bd3534)
* OpenWrt v22.03.0-rc2: revert to branch defaultsPaul Spooren2022-05-214-9/+7
| | | | Signed-off-by: Paul Spooren <mail@aparcar.org>
* OpenWrt v22.03.0-rc2: adjust config defaultsv22.03.0-rc2Paul Spooren2022-05-214-7/+9
| | | | Signed-off-by: Paul Spooren <mail@aparcar.org>
* ath79: add support for MikroTik hAP (RB951Ui-2nD)Maciej Krüger2022-05-216-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The MikroTik hAP (product code RB951Ui-2nD) is an indoor 2.4Ghz AP with a 2 dBi integrated antenna built around the Atheros QCA9531 SoC. Specifications: - SoC: Atheros QCA9531 - RAM: 64 MB - Storage: 16 MB NOR - Winbond 25Q128FVSG - Wireless: Atheros QCA9530 (SoC) 802.11b/g/n 2x2 - Ethernet: Atheros AR934X switch, 5x 10/100 ports, 10-28 V passive PoE in port 1, 500 mA PoE out on port 5 - 8 user-controllable LEDs: · 1x power (green) · 1x user (green) · 4x LAN status (green) · 1x WAN status (green) · 1x PoE power status (red) See https://mikrotik.com/product/RB951Ui-2nD for more details. Notes: The device was already supported in the ar71xx target. Flashing: TFTP boot initramfs image and then perform sysupgrade. Follow common MikroTik procedure as in https://openwrt.org/toh/mikrotik/common. Signed-off-by: Maciej Krüger <mkg20001@gmail.com> (cherry picked from commit 5ce64e0646fcd5c4f374b4de898b591560c32e18)
* ath79: add support for MikroTik RouterBOARD hAP ac liteThibaut VARÈNE2022-05-217-0/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The MikroTik RB952Ui-5ac2nD (sold as hAP ac lite) is an indoor 2.4Ghz and 5GHz AP/router with a 2 dBi integrated antenna. See https://mikrotik.com/product/RB952Ui-5ac2nD for more details. Specifications: - SoC: QCA9533 - RAM: 64MB - Storage: 16MB NOR - Wireless: QCA9533 802.11b/g/n 2x2 / QCA9887 802.11a/n/ac 2x2 - Ethernet: AR934X switch, 5x 10/100 ports, 10-28 V passive PoE in port 1, 500 mA PoE out on port 5 - 6 user-controllable LEDs: - 1x user (green) - 5x port status (green) Flashing: TFTP boot initramfs image and then perform sysupgrade. The "Internet" port (port number 1) must be used to upload the TFTP image, then connect to any other port to access the OpenWRT system. Follow common MikroTik procedure as in https://openwrt.org/toh/mikrotik/common. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> (cherry picked from commit 2bd33e8626bd04fd7115ee1a42aaf03aae2fffb8)
* firewall4: update to latest Git HEADJo-Philipp Wich2022-05-201-3/+3
| | | | | | | | | | | | | | | | | | | | c22eeef fw4: support negative CIDR bit notation 628d791 hotplug: reliably handle interfaces with ubus zone hints d005293 fw4: store zone associations from ubus in statefile as well b268225 fw4: filter non hw-offload capable devices when resolving lower devices 57984e0 fw4: always resolve lower flowtable devices 7782017 tests: fix mocked `fd.read("line")` api 72b196d config: remove restictions on DHCPv6 allow rule f0cc317 fw4: refactor family selection for forwarding rules b0b8122 treewide: use modern syntax 05995f1 fw4: fix emitting device jump rules for family restricted zones b479815 fw4: fix family auto-selection for config nat rules 2816a82 ruleset: ensure that family-agnostic ICMP rules cover ICMPv6 as well 2379c3d tests: add test coverage for zone family selection logic Fixes: #5066, #9611, #9765, #9854 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 2df17604a4f891447beb66988e3d83e23ab3a3b0)
* ucode: update to latest Git HEADJo-Philipp Wich2022-05-201-3/+3
| | | | | | | | | | 081871e compiler: fix segmentation fault on compiling unexpected unary expressions 090b426 fs: avoid input buffering with small limits in fs.readfile() 8da140f lib: introduce hexenc() and hexdec() 9a72423 Update README.md Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit e2ce2a8d3cd3c885eb61a8b577abf9508ffad7d2)
* kernel: bump 5.10 to 5.10.116Hauke Mehrtens2022-05-1810-95/+11
| | | | | | | | | | | | Removed upstreamed: generic/backport-5.10/900-regulator-consumer-Add-missing-stubs-to-regulator-co.patch All other patches automatically rebased. Compile-tested: lantiq/xrx200, armvirt/64 Run-tested: lantiq/xrx200, armvirt/64 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ath79: fix ar934x spi driver delaysOskari Lemmela2022-05-172-0/+89
| | | | | | | | | Backport spi driver delay fixes from the 5.17-rc1 kernel. Signed-off-by: Oskari Lemmela <oskari@lemmela.net> [port also to kernel 5.15] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit f8e65fecee1a60a5cde827d4f5df751a02916156)
* openssl: bump to 1.1.1oEneas U de Queiroz2022-05-172-6/+6
| | | | | | | | | | | This release comes with a security fix related to c_rehash. OpenWrt does not ship or use it, so it was not affected by the bug. There is a fix for a possible crash in ERR_load_strings() when configured with no-err, which OpenWrt does by default. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 7a5ddc0d06895bde7538d78c8dad2c863d70f946)
* wolfssl: bump to v5.3.0-stableEneas U de Queiroz2022-05-173-45/+2
| | | | | | | | | | This is mostly a bug fix release, including two that were already patched here: - 300-fix-SSL_get_verify_result-regression.patch - 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 73c1fe2890baa5c0bfa46f53c5387f5e47de1acb)
* ipq806x: add support for Arris TR4400 v2 / RAC2V1ARodrigo Balerdi2022-05-176-1/+447
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardware specs: SoC: Qualcomm IPQ8065 (dual core Cortex-A15) RAM: 512 MB DDR3 Flash: 256 MB NAND, 32 MB NOR WiFi: QCA9983 2.4 GHz, QCA9984 5 GHz Switch: QCA8337 Ethernet: 5x 10/100/1000 Mbit/s USB: 1x USB 3.0 Type-A Buttons: WPS, Reset Power: 12 VDC, 2.5 A Ethernet ports: 1x WAN: connected to eth2 4x LAN: connected via the switch to eth0 and eth1 (eth0 is disabled in OEM firmware) MAC addresses (OEM and OpenWrt): fw_env @ 0x00 d4:ab:82:??:??:?a LAN (eth1) fw_env @ 0x06 d4:ab:82:??:??:?b WAN (eth2) fw_env @ 0x0c d4:ab:82:??:??:?c WLAN 2.4 GHz (ath1) fw_env @ 0x12 d4:ab:82:??:??:?d WLAN 5 GHz (ath0) fw_env @ 0x18 d4:ab:82:??:??:?e OEM usage unknown (eth0 in OpenWrt) OID d4:ab:82 is registered to: ARRIS Group, Inc., 6450 Sequence Drive, San Diego CA 92121, US More info: https://openwrt.org/inbox/toh/arris/tr4400_v2 IMPORTANT: This port requires moving the 'fw_env' partition prior to first boot to consolidate 70% of the usable space in flash into a contiguous partition. 'fw_env' contains factory-programmed MAC addresses, SSIDs, and passwords. Its contents must be copied to 'rootfs_1' prior to booting via initramfs. Note that the stock 'fw_env' partition will be wiped during sysupgrade. A writable 'stock_fw_env' partition pointing to the old, stock location is included in the port to help rolling back this change if desired. Installation: - Requires serial access and a TFTP server. - Fully boot stock, press ENTER, type in: mtd erase /dev/mtd21 dd if=/dev/mtd22 bs=128K count=1 | mtd write - /dev/mtd21 umount /config && ubidetach -m 23 && mtd erase /dev/mtd23 - Reboot and interrupt U-Boot by pressing a key, type in: set mtdids 'nand0=nand0' set mtdparts 'mtdparts=nand0:155M@0x6500000(mtd_ubi)' set bootcmd 'ubi part mtd_ubi && ubi read 0x44000000 kernel && bootm' env save - Setup TFTP server serving initramfs image as 'recovery.bin', type in: set ipaddr 192.168.1.1 set serverip 192.168.1.2 tftpboot recovery.bin && bootm - Use sysupgrade to install squashfs image. This port is based on work done by AmadeusGhost <amadeus@jmu.edu.cn>. Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com> [add 5.15 changes for 0069-arm-boot-add-dts-files.patch] Signed-off-by: Sungbo Eo <mans0n@gorani.run> (cherry picked from commit f8b0010dfb548469686049f85076fd6a3a6bca2e)
* realtek: add support for ZyXEL GS1900-16Raylynn Knight2022-05-173-0/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ZyXEL GS1900-16 is a 16 port gigabit switch similar to other GS1900 switches. Specifications -------------- * Device: ZyXEL GS1900-16 * SoC: Realtek RTL8382M 500 MHz MIPS 4KEc * Flash: 16 MiB Macronix MX25L12835F * RAM: 128 MiB DDR2 SDRAM Nanya NT5TU128M8HE * Ethernet: 16x 10/100/1000 Mbps * LEDs: 1 PWR LED (green, not configurable) 1 SYS LED (green, configurable) 16 ethernet port link/activity LEDs (green, SoC controlled) * Buttons: 1 "RESET" button on front panel * Power 120-240V AC C13 * UART: 1 serial header (J12) with populated standard pin connector on the right back of the PCB. Pinout (front to back): + Pin 1 - VCC marked with white dot + Pin 2 - RX + Pin 3 - TX + PIn 4 - GND Serial connection parameters: 115200 8N1. Installation ------------ OEM upgrade method: * Log in to OEM management web interface * Navigate to Maintenance > Firmware * Select the HTTP radio button * Select the Active radio button * Use the browse button to locate the realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin file amd select open so File Path is update with filename. * Select the Apply button. Screen will display "Prepare for firmware upgrade ...". *Wait until screen shows "Do you really want to reboot?" then select the OK button * Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it: > sysupgrade -n /tmp/realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin it may be necessary to restart the network (/etc/init.d/network restart) on the running initramfs image. U-Boot TFTP method: * Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10). * Set up a TFTP server on your client and make it serve the initramfs image. * Connect serial, power up the switch, interrupt U-boot by hitting the space bar, and enable the network: > rtk network on * Since the GS1900-16 is a dual-partition device, you want to keep the OEM firmware on the backup partition for the time being. OpenWrt can only boot from the first partition anyway (hardcoded in the DTS). To make sure we are manipulating the first partition, issue the following commands: > setsys bootpartition 0 > savesys * Download the image onto the device and boot from it: > tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin > bootm * Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it: > sysupgrade -n /tmp/openwrt-realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin it may be necessary to restart the network (/etc/init.d/network restart) on the running initramfs image. Signed-off-by: Raylynn Knight <rayknight@me.com> [removed duplicate patch title, align RAM specification] Signed-off-by: Sander Vanheule <sander@svanheule.net> (cherry picked from commit 580723e86ae53f14273ff8c3a0ebf5d15b4ce1f1)
* ath79: add Netgear WNDAP360Nick Hainke2022-05-174-2/+189
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SoC: Atheros AR7161 RAM: DDR 128 MiB (hynix h5dU5162ETR-E3C) Flash: SPI-NOR 8 MiB (mx25l6406em2i-12g) WLAN: 2.4/5 GHz 2.4 GHz: Atheros AR9220 5 GHz: Atheros AR9223 Ethernet: 4x 10/100/1000 Mbps (Atheros AR8021) LEDs/Keys: 2/2 (Internet + System LED, Mesh button + Reset pin) UART: RJ45 9600,8N1 Power: 12 VDC, 1.0 A Installation instruction: 0. Make sure you have latest original firmware (3.7.11.4) 1. Connect to the Serial Port with a Serial Cable RJ45 to DB9/RS232 (9600,8N1) screen /dev/ttyUSB0 9600,cs8,-parenb,-cstopb,-hupcl,-crtscts,clocal 2. Configure your IP-Address to 192.168.1.42 3. When device boots hit spacebar 3. Configure the device for tftpboot setenv ipaddr 192.168.1.1 setenv serverip 192.168.1.42 saveenv 4. Reset the device reset 5. Hit again the spacebar 6. Now load the image via tftp: tftpboot 0x81000000 INITRAMFS.bin 7. Boot the image: bootm 0x81000000 8. Copy the squashfs-image to the device. 9. Do a sysupgrade. https://openwrt.org/toh/netgear/wndap360 The device should be converted from kmod-owl-loader to nvmem-cells in the future. Nvmem cells were not working. Maybe ATH9K_PCI_NO_EEPROM is missing. That is why this commit is still using kmod-owl-loader. In the future the device tree may look like this: &ath9k0 { nvmem-cells = <&macaddr_art_120c>, <&cal_art_1000>; nvmem-cell-names = "mac-address", "calibration"; }; &ath9k1 { nvmem-cells = <&macaddr_art_520c>, <&cal_art_5000>; nvmem-cell-names = "mac-address", "calibration"; }; &art { ... cal_art_1000: cal@1000 { reg = <0x1000 0xeb8>; }; cal_art_5000: cal@5000 { reg = <0x5000 0xeb8>; }; }; Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry picked from commit 88527294cda0a46d927b3bca6dbaab507fa1cb96)
* ath79: add support for TP-Link Deco M4R v1 and v2Foica David2022-05-174-0/+169
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds support for the TP-Link Deco M4R (it can also be M4, TP-Link uses both names) v1 and v2. It is similar hardware-wise to the Archer C6 v2. Software-wise it is very different. V2 has a bit different layout from V1 but the chips are the same and the OEM firmware is the same for both versions. Specifications: SoC: QCA9563-AL3A RAM: Zentel A3R1GE40JBF Wireless 2.4GHz: QCA9563-AL3A (main SoC) Wireless 5GHz: QCA9886 Ethernet Switch: QCA8337N-AL3C Flash: 16 MB SPI NOR Flashing: The device's bootloader only accepts images that are signed using TP-Link's RSA key, therefore this way of flashing is not possible. The device has a web GUI that should be accessible after setting up the device using the app (it requires the app to set it up first because the web GUI asks for the TP-Link account password) but for unknown reasons, the web GUI also refuses custom images. There is a debug firmware image that has been shared on the device's OpenWrt forum thread that has telnet unlocked, which the bootloader will accept because it is signed. It can be used to transfer an OpenWrt image file over to the device and then be used with mtd to flash the device. Pre-requisites: - Debug firmware. - A way of transferring the file to the router, you can use an FTP server as an example. - Set a static IP of 192.168.0.2/255.255.255.0 on your computer. - OpenWrt image. Installation: - Unplug your router and turn it upside down. Using a long and thin object like a SIM unlock tool, press and hold the reset button on the router and replug it. Keep holding it until the LED flashes yellow. - Open 192.168.0.1. You should see the bootloader recovery's webpage. Choose the debug firmware that you downloaded and flash it. Wait until the router reboots (at this stage you can remove the static IP). - Open a terminal window and connect to the router via telnet (the primary router should have a 192.168.0.1 IP address, secondary routers are different). - Transfer the file over to the router, you can use curl to download it from the internet (use the insecure flag and make sure your source accepts insecure downloads) or from an FTP server. - The router's default mtd partition scheme has kernel and rootfs separated. We can use dd to split the OpenWrt image file and flash it with mtd: dd if=openwrt.bin of=kernel.bin skip=0 count=8192 bs=256 dd if=openwrt.bin of=rootfs.bin skip=8192 bs=256 - Once the images are ready, you have to flash the device using mtd (make sure to flash the correct partitions or you may be left with a hard bricked router): mtd write kernel.bin kernel mtd write rootfs.bin rootfs - Flashing is done, reboot the device now. Signed-off-by: Foica David <superh552@gmail.com> (cherry picked from commit 063e9047cc8b247ea4b04ee3248b99f3212a42f8)
* ramips: add led_source for Asus RT-AC1200 devicesTamas Balogh2022-05-171-0/+1
| | | | | | | | | | | | | | | | this adds the mediatek,led_source dts binding for Asus RT-AC1200 devices' dtsi, for correct switch LED behavior. The dts-binding is introduced in commit: 65dc9e0980255b15402c45b840f239b85be59b3d Without this, we only have constantly very fast blinking LEDs, which don't react on any traffic or LAN events at all. Signed-off-by: Tamas Balogh <tamasbalogh@hotmail.com> (cherry picked from commit 771ea6f2e3868b208b5261ae676160d5ef6544e8)
* ramips: add support for Cudy X6Alessio Prescenzo2022-05-173-0/+192
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifications: SoC: MediaTek MT7621 RAM: 256 MB Flash: 32 MB WiFi: MediaTek MT7915E Switch: 1 WAN, 4 LAN (Gigabit) Ports: 1 USB 3.0 Buttons: Reset, WPS LEDs: Power, System, Wan, Lan 1-4, WiFi 2.4G, WiFi 5G, WPS, USB Power: DC 12V 1A tip positive Installation: Download and flash the manufacturer's built OpenWRT image available at http://www.cudytech.com/openwrt_software_download Install the new OpenWRT image via luci (System -> Backup/Flash firmware) Be sure to NOT keep settings. The force upgrade may need to be checked due to differences in router naming conventions. Recovery: Loads only signed manufacture firmware due to bootloader RSA verification serve tftp-recovery image as /recovery.bin on 192.168.1.88/24 connect to any lan ethernet port power on the device while holding the reset button wait at least 8 seconds before releasing reset button for image to download Signed-off-by: Alessio Prescenzo <alessioprescenzo@gmail.com> [ensure unique wireless MAC, fix GPIO pingroup] Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 4a8eaa5c7c9235212c4af022c18b2dfbadfe557f)
* ramips: Add support for SERCOMM NA502SAndreas Böhler2022-05-174-0/+379
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The SERCOMM NA502s is a smart home gateway manufactured by SERCOMM and sold under different brands (among others, A1 Telekom Austria SmartHome Premium Gateway). It has multi-protocol radio support in addition to LAN and WiFi. Note: BLE and audio are currently unsupported. Specifications -------------- - MT7621ST 880MHz, Single-Core, Dual-Thread - MT7603EN 2.4GHz WiFi - MT7662EN 5GHz WiFi + BLE - 128MiB NAND - 256MiB DDR3 RAM - SD3503 ZWave Controller - EM357 Zigbee Coordinator - Telit UMTS module - Rechargeable battery - speaker and microphone MAC address assignment ---------------------- LAN MAC is read from the config partition, WiFi 2.4GHz is LAN+2 and matches the OEM firmware. WiFi 5GHz with LAN+1 is an educated guess since the OEM firmware does not enable 5GHz WiFi. Installation ------------ Attach serial console, then boot the initramfs image via TFTP. Once inside OpenWrt, run sysupgrade -n with the sysupgrade file. Attention: The device has a dual-firmware design. We overwrite kernel2, since kernel1 contains an automatic recovery image. If you get NAND ECC errors and are stuck with bad eraseblocks, try to erase the mtd partition first with mtd unlock ubi mtd erase ubi This should only be needed once. Signed-off-by: Andreas Böhler <dev@aboehler.at> (cherry picked from commit 9ee6ac00c43cc253ac554495edb6214563ab1f31)
* ramips: add support for Wavlink WL-WN533A8Davide Fioravanti2022-05-173-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Wavlink WL-WN533A8 is an AC3000 router with 5 gigabit ethernet ports and one USB 3.0 port. It's also known as Wavlink QUANTUM T8. Hardware -------- SoC: Mediatek MT7621A RAM: 128MB (Nanya NT5CB64M16GP-EK) FLASH: 16MB NOR (GigaDevice GD25Q127CSIG3) ETH: - 5x 10/100/1000 Mbps Ethernet (4x LAN + 1x WAN) WIFI: - 1x MT7615DN (2x 2x2:2) 2.4GHz and 5GHz DBDC - 1x MT7615NE (4x4:4) 5GHz - 8 external antennas BTN: - 1x Reset button - 1x WPS button - 1x Turbo button - 1x Touchlink button - 1x ON/OFF switch LEDS: - 1x Red led (system status) - 1x Blue led (system status) - 7x Blue leds (wifi led + 5 ethernet ports + power) USB: - 1x USB 3.0 port UART: - 57600-8-N-1 J4 Everything works correctly. Installation ------------ Flash the initramfs image in the OEM firmware interface (http://192.168.10.1/update.shtml). When Openwrt boots, flash the sysupgrade image otherwise you won't be able to keep configuration between reboots. (Procedure tested on fw M33A8.V5030.190716 and M33A8.V5030.201204) Restore OEM Firmware -------------------- Flash the firmware update available online directly from LUCI. You can download it from: https://www.wavlink.com/en_us/firmware/details/f2d247ecba.html Warning: Remember to not keep settings! Warning2: Remember to force the flash. Notes ----- 1) Router mac addresses: LAN XX:XX:XX:XX:XX:63 (factory @ 0xe006) WAN XX:XX:XX:XX:XX:64 (factory @ 0xe000) WIFI 2G/5G XX:XX:XX:XX:XX:65 (factory @ 0x04) WIFI 5G XX:XX:XX:XX:XX:66 (factory @ 0x8004) LABEL XX:XX:XX:XX:XX:65 In OEM firmware the DBDC wifi interfaces have these mac addresses: 2G) 82:XX:XX:XX:XX:65 5G) 80:XX:XX:XX:XX:65 While in OpenWrt the addresses are: 2G) 80:XX:XX:XX:XX:65 5G) 02:XX:XX:XX:XX:65 2) radio0 will show as 2G/5G interface but only 2G is really usable. 3) There is just one wifi led for all wifi interfaces. It currently shows only the radio0 GHz wifi activity. 4) My unit was shipped with M33A8.V5030.190716 firmware which contains the http://192.168.10.1/webcmd.shtml page. Entering "telnetd" in the input box it will start the telnet daemon. Now you can access the telnet console on port 2323 with these credentials: username: admin2860 password: admin 5) The M33A8.V5030.201204 firmware version, doesn't contain anymore the webcmd.shtml page. If your router is shipped with a previous firmware version and you want to back it up, you can follow the back up procedure of the WS-WN583A6. Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com> (cherry picked from commit 32e6942d72b6426d65eaa4dc7f2ba949b3c32985)
* ramips: create shared DTSI for Wavlink WN53XAX devicesDavide Fioravanti2022-05-172-184/+207
| | | | | | | | Most of the definitions for WN531A6 will be shared with WN533A8 in a future commit, so put them in a shared DTSI. Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com> (cherry picked from commit 57b6dcd826b13eab2101f9c8e96d43ab251e8dc1)
* ramips: add support for TP-Link RE650 v2Marcin Gordziejewski2022-05-174-1/+209
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TP-Link RE650 v2 is largely similar to v1 that is already supported by OpenWrt. Notable differences is differnt SPI Flash - 8 MB instead of 16 MB (from cFeon instead of Winbond) and a different configuration of PCIE connections to wifi chips. Otherwise it's largely the same product as v1 Hardware specification: - SoC 880 MHz - MediaTek MT7621AT - 128 MB of DDR3 RAM - 8 MB - cFeon QH64A-104HIP - 4T4R 2.4 GHz - MediaTek MT7615E - 4T4R 5 GHz - MediaTek MT7615E - 1x 1 Gbps Ethernet - MT7621AT integrated - 7x LEDs (Power, 2G, 5G, WPS(x2), Lan(x2)) - 4x buttons (Reset, Power, WPS, LED) - UART pinout - GND, RX, TX, labeled in the middle of the PCB, requires soldering because they're not through holes. Serial console @ 57600,8n1 Flash instructions: Upload openwrt-ramips-mt7621-tplink_re650-v2-squashfs-factory.bin from the RE650 web interface. TFTP recovery to stock firmware: I didn't try recovering back to the stock firmware, however, if there is such process for other RExxx devices, it seems like it could be similar here. Signed-off-by: Marcin Gordziejewski <openwrt@flicksfix.com> (cherry picked from commit 39799974a372fb4333d21f077c670b8a56b9d696)
* ramips: add support for YunCore AX820/HWAP-AX820Clemens Hopfer2022-05-175-1/+164
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are two versions which are identical apart from the enclosure: YunCore AX820: indoor ceiling mount AP with integrated antennas YunCore HWAP-AX820: outdoor enclosure with external (N) connectors Hardware specs: SoC: MediaTek MT7621DAT Flash: 16 MiB SPI NOR RAM: 128MiB (DDR3, integrated) WiFi: MT7905DAN+MT7975DN 2.4/5GHz 2T2R 802.11ax Ethernet: 10/100/1000 Mbps x2 (WAN/PoE+LAN) LED: Status (green) Button: Reset Power: 802.11af/at PoE; DC 12V,1A Antennas: AX820(indoor): 4dBi internal; HWAP-AX820(outdoor): external Flash instructions: The "OpenWRT support" version of the AX820 comes with a LEDE-based firmware with proprietary MTK drivers and a luci webinterface and ssh accessible under 192.168.1.1 on LAN; user root, no password. The sysupgrade.bin can be flashed using luci or sysupgrade via ssh, you will have to force the upgrade due to a different factory name. Remember: Do *not* preserve factory configuration! MAC addresses as used by OEM firmware: use address source 2g 44:D1:FA:*:0b Factory 0x0004 (label) 5g 46:D1:FA:*:0b LAA of 2g lan 44:D1:FA:*:0c Factory 0xe000 wan 44:D1:FA:*:0d Factory 0xe000 + 1 The wan MAC can also be found in 0xe006 but is not used by OEM dtb. Due to different MAC handling in mt76 the LAA derived from lan is used for 2g to prevent duplicate MACs when creating multiple interfaces. Signed-off-by: Clemens Hopfer <openwrt@wireloss.net> (cherry picked from commit 4891b865380e2b7f32acf0893df9c1ca9db8d4ea)
* firmware-utils: bump to git HEADSander Vanheule2022-05-171-3/+3
| | | | | | | | | | Includes image support for new TP-Link devices: ddc3e00e314d tplink-safeloader: add TP-Link EAP265 HD support ceea1a7fe56e tplink-safeloader: add TP-Link Deco M4R v1 and v2 support Signed-off-by: Sander Vanheule <sander@svanheule.net> (cherry picked from commit 0f207ade12fdfffae3554c6a7214aa670a8d6854)
* firmware-utils: bump to git HEADHauke Mehrtens2022-05-171-3/+3
| | | | | | | 05fd700 tplink-safeloader: TP-Link RE650 v2 support Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 36790ca6940b84dede450c54df9f75500454b92b)
* kernel: Add missing devm_regulator_get_exclusive()Hauke Mehrtens2022-05-171-0/+79
| | | | | | | | | | | | This backports a patch from Linux 5.10.116 to fix a compile problem introduced in 5.10.114. drivers/usb/phy/phy-generic.c could not find devm_regulator_get_exclusive(). Fixes: 8592df67f40b ("kernel: bump 5.10 to 5.10.114") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 7400adae8d86dde3c60752bf66d487aa1b138bc1)
* kernel: bump 5.10 to 5.10.115John Audia2022-05-1728-161/+45
| | | | | | | | | | | | | | Removed upstreamed: backport-5.10/850-v5.17-0004-PCI-aardvark-Clear-all-MSIs-at-setup.patch pending-5.10/850-0002-PCI-aardvark-Fix-reading-MSI-interrupt-number.patch All other patches automatically rebased. Build system: x86_64 Build-tested: bcm2711/RPi4B Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit b754b0c721131005efa7127151088e9c23dc9053)
* kernel: bump 5.10 to 5.10.114John Audia2022-05-1717-32/+32
| | | | | | | | | | | All patches automatically rebased. Build system: x86_64 Build-tested: bcm2711/RPi4B Run-tested: bcm2711/RPi4B Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 8592df67f40b3afdee68e36dc3820187ec0f98fc)
* IPQ4019: AVM FRITZ!Box 7530: Remove NAND ECC restrictions from DTSAndreas Böhler2022-05-151-0/+3
| | | | | | | | | | Some revisions of the FRITZ!7530 use a Toshiba NAND with 8 bit ECC in contrast to the Macronix NAND with 4 bit ECC. This removes the hardcoded ECC strength and step size as set in qcom-ipq4019.dtsi, thus relying on the kernel NAND detection routines to correclty set up the ECC parameters. Signed-off-by: Andreas Böhler <dev@aboehler.at> (cherry picked from commit f167f4a9a42e6d1e186487883500299cc82b1b9f)
* kernel: add support for Toshiba TC58NVG0S3HTA00 NAND flashAndreas Böhler2022-05-151-0/+36
| | | | | | | | | The Toshiba TC58NVG0S3HTA00 is detected with 64 byte OOB while the flash has 128 byte OOB. This adds a static NAND ID entry to correct this. Signed-off-by: Andreas Böhler <dev@aboehler.at> (cherry picked from commit 0bc794a66845738eef7eeb7e13877ffb8aec17f7) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* uboot-fritz4040: Add support for Toshiba NANDChristian Lamparter2022-05-151-3/+3
| | | | | | | | | | | | | From Andreas Böhler: "Some revisions of the FRITZ!7530 use a Toshiba NAND with 8 bit ECC in contrast to the Macronix NAND with 4 bit ECC.". Uboot needs to know this in order to have a chance to load from the NAND. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 057bac2e1fc796fb4b2440a896be43bca138be84)
* ath79: ZTE MF286[A,R]: add "Power button blocker" GPIO switchLech Perczak2022-05-151-0/+20
| | | | | | | | | | | | | | | | ZTE MF286A and MF286R feature a "power switch override" GPIO in stock firmware as means to prevent power interruption during firmware update, especially when used with internal battery. To ensure that this GPIO is properly driven as in stock firmware, configure it with userspace GPIO switch. It was observed that on some units, the modem would not be restarted together with the board itself on reboot, this should help with that as well. Signed-off-by: Lech Perczak <lech.perczak@gmail.com> (cherry picked from commit 1fabeeb799abca1d4fb5ba541410ba847cdc20d9)
* ipq40xx: revert Cell-C RTL30VW to legacy caldata extractionPawel Dembicki2022-05-152-15/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This partially reverts commit cfc13c44595d ("ipq40xx: utilize nvmem-cells for macs & (pre-)calibration data"). After switching to nvmem RTL30VW, wifi was broken: [ 19.118319] ath10k_ahb a000000.wifi: qca4019 hw1.0 target 0x01000000 chip_id 0x003b00ff sub 0000:0000 [ 19.118377] ath10k_ahb a000000.wifi: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0 [ 19.130285] ath10k_ahb a000000.wifi: firmware ver 10.4b-ct-4019-fW-13-5ae337bb1 api 5 features mfp,peer-flow-ctrl,txstatus-noack,wmi-10.x-CT,ratemask-CT,regdump-CT,txrate-CT,flush-all-CT,pingpong-CT,ch-regs-CT,nop-CT,set-special-CT,tx-rc-CT,cust-stats-CT,txrate2-CT,beacon-cb-CT,wmi-block-ack-CT,wmi-bcn-rc-CT crc32 6b2b5c5b [ 19.159092] ath10k_ahb a000000.wifi: failed to fetch board data for bus=ahb,vendor=0000,device=0000,subsystem-vendor=0000,subsystem-device=0000,variant=cellc,rtl30vw from ath10k/QCA4019/hw1.0/board-2.bin [ 19.238764] ath10k_ahb a000000.wifi: failed to fetch board-2.bin or board.bin from ath10k/QCA4019/hw1.0 [ 19.238847] ath10k_ahb a000000.wifi: failed to fetch board file: -12 [ 19.247362] ath10k_ahb a000000.wifi: could not probe fw (-12) [ 20.190797] ath10k_ahb a800000.wifi: qca4019 hw1.0 target 0x01000000 chip_id 0x003b00ff sub 0000:0000 [ 20.190853] ath10k_ahb a800000.wifi: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0 [ 20.202893] ath10k_ahb a800000.wifi: firmware ver 10.4b-ct-4019-fW-13-5ae337bb1 api 5 features mfp,peer-flow-ctrl,txstatus-noack,wmi-10.x-CT,ratemask-CT,regdump-CT,txrate-CT,flush-all-CT,pingpong-CT,ch-regs-CT,nop-CT,set-special-CT,tx-rc-CT,cust-stats-CT,txrate2-CT,beacon-cb-CT,wmi-block-ack-CT,wmi-bcn-rc-CT crc32 6b2b5c5b [ 20.231357] ath10k_ahb a800000.wifi: failed to fetch board data for bus=ahb,vendor=0000,device=0000,subsystem-vendor=0000,subsystem-device=0000,variant=cellc,rtl30vw from ath10k/QCA4019/hw1.0/board-2.bin [ 20.317318] ath10k_ahb a800000.wifi: failed to fetch board-2.bin or board.bin from ath10k/QCA4019/hw1.0 [ 20.317399] ath10k_ahb a800000.wifi: failed to fetch board file: -12 [ 20.326098] ath10k_ahb a800000.wifi: could not probe fw (-12) Bootloader mangles in NAND partitions and removes precal@X nodes in working system: root@OpenWrt:~# echo $(cat /sys/firmware/devicetree/base/soc/spi@78b5000/flash@0/partitions/partition@170000/label) 0:ART root@OpenWrt:~# ls /sys/firmware/devicetree/base/soc/spi@78b5000/flash@0/partitions/partition@170000/ label name reg Revert to legacy method fixed the problem. Fixes: cfc13c44595d ("ipq40xx: utilize nvmem-cells for macs & (pre-)calibration data") Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com> (cherry picked from commit af425e42212d476dd95ec31f18d85b19004c9268)
* ath79: fix I2C on GL-AR300M devicesPtilopsis Leucotis2022-05-151-0/+9
| | | | | | | | | | | | On GL-AR300M Series GPIO17 described as I2C SDA in Device Tree. Because of GPIO_OUT_FUNCTION4 register was not initialized on start, GPIO17 was uncontrollable, it always in high state. According to QCA9531 documentation, default setting of GPIO17 is SYS_RST_L. In order to make GPIO17 controllable, it should write value 0x00 on bits [15:8] of GPIO_OUT_FUNCTION4 register, located at 0x1804003C address. Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com> (cherry picked from commit 57efdd6a2d815d2491c5b7f22ffaeb6a845bfd0a)
* ipq40xx: Lyra: update RGB LED-Controller node for 5.10+Christian Lamparter2022-05-152-47/+78
| | | | | | | | | | | | | | | | | | | | | | | Add the reg and color property to each channel node. This update is to accommodate the multicolor framework. Refer to: <https://lore.kernel.org/all/20200622185919.2131-9-dmurphy@ti.com> <https://lore.kernel.org/all/20210818070209.1540451-1-michal.vokac@ysoft.com> Note: There is only a single extremely bright RGB-LED. The RGB-color channels (i.e.: blue-0, blue-1 and blue-2) are running in parallel to increase the current delivery beyond what a single PWM-output on the LED controller could do. BugLink: https://github.com/openwrt/openwrt/issues/9851 Reported-By: Thomas Bøge <thomas@boegenielsen.dk> Tested-By: Thomas Bøge <thomas@boegenielsen.dk> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 834c9b3f055e5ea719f6adfb3fa979e32f2adbd0)
* lantiq: xway: disable unused switch driversAleksander Jan Bajkowski2022-05-151-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | None of the devices supported by target xway are using Realtek RTL8366S, RTL8367A and RTL8367B switches. The switches mentioned earlier were enabled when bumping the kernel version to 3.7 in commit 3a948770cf46 ("add linux-v3.7"). Switches used by individual devices are listed below. Device Switch PHY Arcadyan ARV4510PW Infineon ADM6996I int. switch Arcadyan ARV4519PW Atheros AR8216 int. switch Arcadyan ARV7506PW11 Realtek RTL8306G int. switch Arcadyan ARV7510PW22 Atheros AR8216 int. switch Arcadyan ARV7518PW Atheros AR8216 int. switch Arcadyan ARV7519PW Atheros RTL8306G int. switch Arcadyan ARV7525PW N/A IC+ IP101A Arcadyan ARV752DPW Realtek RTL8306G int. switch Arcadyan ARV752DPW22 Atheros AR8216 int. switch Arcadyan ARV8539PW22 Atheros AR8216 int. switch AVM Fritzbox 7312 int. SoC Atheros AR8030-A AVM Fritzbox 7320 int. SOC Lantiq PEF7071V AudioCodes MediaPack MP-252 Infineon ADM6996I int. switch BT Home Hub 2B Infineon ADM6996I int. switch BT Home Hub 3A Infineon PSB6972 Lantiq PEF7071V Buffalo WBMR-HP-G300H-A Atheros AR8316 int. switch Buffalo WBMR-HP-G300H-B Atheros AR8316 int. switch Lantiq EASY50712 Infinein ADM6996I int. switch Netgear DGN3500 Realtek RTL8366RB int. switch Netgear DGN3500B Realtek RTL8366RB int. switch Siemens Gigaset sx76x Infineon ADM6996I int. switch ZTE H201L Realtek RTL8306G int. switch ZyXEL P-2601HN-F1 Realtek RTL8306E int. switch ZyXEL P-2601HN-F3 Realtek RTL8306E int. switch Reduces uncompressed kernel size by 36 kB. Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> (checkpatch.pl fixes) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 8b5d2a73255298b916259ccbc609e4667a335844)
* realtek: do not reset SerDes on link changeBirger Koblitz2022-05-142-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not reset the RTL930x SerDes on link changes, instead set up the SDS with internal PHYs for the SFP+ ports only. This fixes the 8 1GBit ports on the Zyxel XGS1250 which do not work without this patch. A complete SerDes reset was performed on all SerDes links. For copper 1Gbit ports, this is commonly a single XGMII link to an RTL8218D. There is however no support for setting up the XGMII link on RTL9300/RTL9310, thereby wiping the (RX/TX) setup done by u-boot and breaking the 1GBit ports. No SerDes reset should be done for these links. The handling of SGMII/HiSGMII, 1000BX or 10GR links is actually entirely different. All these modes need to be suitably RX calibrated and the pre- main and post- amplifiers set up properly for TX. The 10GBit SFP+ fiber links are recalibrated instead of reset, which e.g. is necessary when someone pulls a module out and puts another in. This makes swapping out 10GBit fiber modules possible. 1GBit modules are not yet supported, nor any modules with an internal phy. Tested-by: Stijn Segers <foss@volatilesystems.org> Signed-off-by: Birger Koblitz <git@birger-koblitz.de> [rewrite commit message based on discussion] Link: http://lists.infradead.org/pipermail/openwrt-devel/2022-May/038623.html Signed-off-by: Sander Vanheule <sander@svanheule.net> (cherry picked from commit d1b824650f1ee694ec2dbdd2f4f9ec64e650cf86)
* realtek: Trap all frames with switch as destination to CPU-portBirger Koblitz2022-05-141-0/+9
| | | | | | | | | | | | | This fixes a bug where frames sent to the switch itself were flooded to all ports unless the MAC address of the CPU-port was learned otherwise. Tested-by: Wenli Looi <wlooi@ucalgary.ca> Tested-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: Birger Koblitz <git@birger-koblitz.de> [fix code formatting] Signed-off-by: Sander Vanheule <sander@svanheule.net> (cherry picked from commit 98bb26f9f762408e42bd8a906f0eb01c41ada10a)
* ramips: fix booting on Samknows SK-WB8Piotr Dymacz2022-05-131-0/+1
| | | | | | | | | This fixes a well known "LZMA ERROR 1" error, reported previously on numerous of similar devices. Fixes: #9824 Signed-off-by: Piotr Dymacz <pepe2k@gmail.com> (cherry picked from commit 064e7e57b483e6879de0facef4f1fce86ec4ad47)
* bcm27xx: include 'rtc' in target's 'FEATURES'Piotr Dymacz2022-05-071-1/+1
| | | | | | | | | | There are many ways to add external RTC to Raspberry Pi boards. Let's include support for this for the whole target and while at it, sort features alphabetically. Fixes: #9594 Signed-off-by: Piotr Dymacz <pepe2k@gmail.com> (cherry picked from commit ff09905a468b4cc44f039a76568e8fe6cbaea8d9)
* kernel: fix corrupted padding on small packets with mt753x dsaFelix Fietkau2022-05-061-0/+29
| | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 203ffc4ca75d43ac32b164c5a474e3ce36999809)
* kernel: fix flow offload issues with pppoeFelix Fietkau2022-05-066-150/+413
| | | | | | | sync xt_FLOWOFFLOAD code with latest version of nft_flow_offload Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 726ef8ba2dbe4d4a693c4d9300bc69e234e6d67d)
* mediatek: add patches for MT7622 WED (wireless ethernet dispatch)Felix Fietkau2022-05-0619-116/+3609
| | | | | | | This series also contains other improvement for hardware flow offload support Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 0f029b3d2b505b40aca9a24a002838ed1060f83d)
* firewall: config: remove restictions on DHCPv6 allow ruleTiago Gaspar2022-05-042-4/+2
| | | | | | | | | | | | | | | Remove restrictions on source and destination addresses, which aren't specified on RFC8415, and for some reason in openwrt are configured to allow both link-local and ULA addresses. As cleared out in issue #5066 there are some ISPs that use Gloabal Unicast addresses, so fix this rule to allow them. Fixes: #5066 Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com> [rebase onto firewall3, clarify subject, bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 65258f5d6093809c541050256646795bc0a460a9)
* fstools: update to git HEADDaniel Golle2022-05-031-3/+3
| | | | | | | 9e11b37 fstools: remove SELinux restorecon hack Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 4509b790f09183b2ac757371f6d79052f232e4cd)
* procd: update to git HEADDaniel Golle2022-05-031-3/+3
| | | | | | | 652e6df init: restore SELinux labels after policy is loaded Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit fb011118664756ee33bf16a39bf6e73d02cc2d3f)
* base-files: simplify restorecon logicDaniel Golle2022-05-031-2/+2
| | | | | | | | | | Remove forgotten redundant selinuxenabled call and skip the whole thing in case $IPKG_INSTROOT is set as labels are anyway applied only later on in fakeroot when squashfs is created. Fixes: 6d7272852e ("base-files: add missing $IPKG_INSTROOT to restorecon call") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 7b07c3cff57f057d6780d34adeb23c06123732db)
* selinux-policy: update to version 1.1Dominick Grift2022-05-031-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | try to clean up some labeling inconsistencies iwinfo loose ends ucode loose ends Makefile: adjust mintesttgt (adds blockmount/blockd) nftables: reads inherited netifd pipe ucode: reads inherited netifd pipes mountroot: fowner sandbox: writes inherited dropbear pipes unbound related to /tmp/etc/ssl unbound loose ends adds a sslconftmpfile for /tmp/etc/ssl README: maintain a wish list in the README iwinfo: netifd forgot write gptfdisk loose ends iwinfo: netifd wpad reads/writes inherited netifd fifo files netifd (mac80211.sh) executes iwinfo luci: executes wireguard luci-cgi: audits xtables execute access rcuhttpd: lists ssl certfile dirs iwinfo, wifi,nftables usage of ttyd pty if available urandomseed: seedrng needs cap_sys_admin iwinfo iwinfo, nftables and some chronyd rules related to ntp nts server nftables, wifi and adds iwinfo skel nftables, rpcd, ucode nftables, ucode and seedrng ucode, fw3/nftables, luci adds ucode skel and some fw3/nftables related urandomseed: some seedrng rules fw3 adds some support for fw4 urandomseed: /etc/seedrng is for seed.credit hotplugcal: runs ucode which is interpreter like adds a nftables skeleton and makes xtables optional agent: allow all agents to write inherited dropbear pipes urandomseed: this seems to be replaced by seedrng kmodloader: label /etc/modules.conf kmodloader.conffile Revert "shelexecfile: remove auditallow rule" Makefile: sort the modules to process by secilc Moves back to git.defensec.nl unbound odhcpd (ip) reads net proc tcp dump shelexecfile: remove auditallow rule rrd.cil: fixes indent Target rddtool from cgi-io instead of runnit it without transition rrd.cil related rrd, rpcd, cgiio clean ups related to luci-app-statistics Rules for rrd files and luci-statistics unboundcontrol ordering Several missing permissions blockmount, dnsmasq, hotplugcall, rpcd, unbound adds mctp_socket (linux 5.15) ip: forgot tc-tiny type transition to go along with the fc spec ip: adds a fc spec for tc-tiny (called by sqm) adds ttyACM fc spec and various assorted loose ends .gitattributes: do not export the github workflows workflow use selinux 3.3 project moved back to https://git.defensec.nl/selinux-policy.git Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 43794570986e33770d9039399d16a665f6c7c495)
* base-files: add missing $IPKG_INSTROOT to restorecon callDaniel Golle2022-05-031-1/+3
| | | | | | | | Update to overlooked v2 version of Dominick Grift's patch. Fixes: 5109bd164c ("base-files: address sed in-place without SELinux awareness") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 6d7272852e0b2634b2fa93a131ea8659ec87f079)
* base-files: address sed in-place without SELinux awarenessDominick Grift2022-05-031-0/+1
| | | | | | | | | | | | | sed(1) in busybox does not support this functionality: https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598 This causes /etc/group to become mislabeled when a package requests that a uid/gid be added on OpenWrt with SELinux Signed-off-by: Daniel Golle <daniel@makrotopia.org> [move restorecon inside lock] Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 5109bd164c8f2273329483f990188fb36cf3ad68)
* fstools: update to git HEADDaniel Golle2022-05-031-3/+3
| | | | | | | | | | | | | | f0fc66a libfstools: check for overlay mounting errors 128ecaf Update / fix extroot comments 8a0ba3b libfstools: get rid of "extroot_prefix" global variable 649cd3f libfstools: use variable for overlay mount-point 922f1b3 libfstools: avoid segfault in find_mount_point ce5eacb libfstools: mtd: improve error handling 898b328 blockd: restore device_move semantics 0917d22 block: don't probe mtdblock on NAND (with legacy exceptions) Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 4e8d095013fb822eaa4fd6b4512a434fc17ac901)