aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mediatek: mt7981: usb enable 3.0 by defaultChukun Pan2023-05-241-1/+0
| | | | | | | | | There is no reason to limit USB to 2.0 mode by default, delete this limit. Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn> (cherry picked from commit b2beb4c68849c804a8b9441f776a6918d433fb1e) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* kernel: enable (ARM|ARM64)_MODULE_PLTS in generic configTony Ambardar2023-05-2410-11/+2
| | | | | | | | | | | | | | | | | | | | | This allows loading modules with large memory requirements, recently needed while testing on armvirt/32. Past forum discussions [1] and bug reports [2] also raised this and the ipq806x target already set it in response [3]. Given this increases kernel image size by only ~1KB, is generally useful on multi-platform kernels, and enabled by default on upstream arm32 Linux, add it to the generic config. The setting has similar utility on arm64, is a requirement for KASLR, and already enabled on most OpenWrt aarch64 targets, so pull this into the top-level generic config. [1]: https://forum.openwrt.org/t/vmap-allocation-for-size-442368-failed-use-vmalloc-size-to-increase-size/34545/7 [2]: https://github.com/openwrt/openwrt/issues/8282 [3]: f81e148eb6 ("ipq806x: update 4.19 kernel config"). Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit c2d194a34eb1a62a610f0437287db6c3eca64d5a) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mediatek: mt7623: build SD card without all filesystemsDaniel Golle2023-05-241-0/+8
| | | | | | | | | Allow building SD card images without having both initramfs and squashfs present on the card, just like it has already been done for the mt7622 and filogic subtargets. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit d6fef27f2dd4a852ed7846e4aa5f06dcd8df91b6)
* busybox: update to 1.36.1Nick Hainke2023-05-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Release Notes: http://lists.busybox.net/pipermail/busybox-cvs/2023-May/041510.html Refresh commands, run after busybox is first built once (nothing changed compared to 1.36.0): cd package/utils/busybox/config/ ../convert_menuconfig.pl ../../../../build_dir/target-mipsel_24kc_musl/busybox-default/busybox-1.36.1 cd .. ./convert_defaults.pl ../../../build_dir/target-mipsel_24kc_musl/busybox-default/busybox-1.36.1/.config > Config-defaults.in Manual edits needed afterward: * Config-defaults.in: OpenWrt config symbol IPV6 logic applied to BUSYBOX_DEFAULT_FEATURE_IPV6 * Config-defaults.in: OpenWrt config TARGET_bcm53xx logic applied to BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec) * Config-defaults.in: OpenWrt logic applied to BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917) * Config-defaults.in: correct the default ports that get reset BUSYBOX_DEFAULT_FEATURE_HTTPD_PORT_DEFAULT 80 BUSYBOX_DEFAULT_FEATURE_TELNETD_PORT_DEFAULT 23 * config/editors/Config.in: Add USE_GLIBC dependency to BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090) * config/shell/Config.in: change at "Options common to all shells" the conditional symbol SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html Apparently our script does not see the hidden option while prepending config options with "BUSYBOX_CONFIG_" which leads to a missed dependency when the options are later evaluated.) * Edit a few Config.in files by adding quotes to sourced items in config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f) Tested-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry picked from commit 3b76f6eee430a107a0970583c1aa215b35f7e3e4) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libxml2: update to 2.11.4Nick Hainke2023-05-241-2/+2
| | | | | | | | | Release Notes: https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4 Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry picked from commit c520d682f02890afb38e43b862ca856e2b933507) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libcap: update to 2.69Nick Hainke2023-05-241-2/+2
| | | | | | | | | | Release Notes: https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe Fixes: CVE-2023-2602 CVE-2023-2603 Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry picked from commit 78c45c1e591ce5aeff9fb7eeae049662c4ac4ef2) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* lldpd: update to 1.0.17Nick Hainke2023-05-241-2/+2
| | | | | | | | | Release Notes: https://github.com/lldpd/lldpd/releases/tag/1.0.17 Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry picked from commit 17fbbafdcbc55d6ab3d357012f336941fa27d43e) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mediatek: add support for Zyxel EX5601-T0 routerPietro Ameruoso2023-05-244-0/+591
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Zyxel EX5601-T0 specifics -------------- The operator specific firmware running on the Zyxel branded EX5601-T0 includes U-Boot modifications affecting the OpenWrt installation. Partition Table | dev | size | erasesize | name | | ---- | -------- | --------- | ------------- | | mtd0 | 20000000 | 00040000 | "spi0.1" | | mtd1 | 00100000 | 00040000 | "BL2" | | mtd2 | 00080000 | 00040000 | "u-boot-env" | | mtd3 | 00200000 | 00040000 | "Factory" | | mtd4 | 001c0000 | 00040000 | "FIP" | | mtd5 | 00040000 | 00040000 | "zloader" | | mtd6 | 04000000 | 00040000 | "ubi" | | mtd7 | 04000000 | 00040000 | "ubi2" | | mtd8 | 15a80000 | 00040000 | "zyubi" | The router boots BL2 which than loads FIP (u-boot). U-boot has hardcoded a command to always launch Zloader "mtd read zloader 0x46000000" and than "bootm". Bootargs are deactivated. Zloader is the zyxel booloader which allow to dual-boot ubi or ubi2, by default access to zloader is blocked. Too zloader checks that the firmware contains a particolar file called zyfwinfo. Additional details regarding Zloader can be found here: https://hack-gpon.github.io/zyxel/ https://forum.openwrt.org/t/adding-openwrt-support-for-zyxel-ex5601-t0/155914 Hardware -------- SOC: MediaTek MT7986a CPU: 4 core cortex-a53 (2000MHz) RAM: 1GB DDR4 FLASH: 512MB SPI-NAND (Micron xxx) WIFI: Wifi6 Mediatek MT7976 802.11ax 5 GHz 4x4 + 2.4GHZ 4x4 ETH: MediaTek MT7531 Switch + SoC 3 x builtin 1G phy (lan1, lan2, lan3) 1 x MaxLinear GPY211B 2.5 N-Base-T phy5 (lan4) 1 x MaxLinear GPY211B 2.5Gbit xor SFP/N-Base-T phy6 (wan) USB: 1 x USB 3.2 Enhanced SuperSpeed port UART: 3V3 115200 8N1 (Pinout: GND KEY RX TX VCC) VOIP: 2 FXS ports for analog phones MAC Address Table ----------------- eth0/lan Factory 0x002a eth1/wan Factory 0x0024 wifi 2.4Ghz Factory 0x0004 wifi 5Ghz Factory 0x0004 + 1 Serial console (UART) --------------------- +-------+-------+-------+-------+-------+ | +3.3V | RX | TX | KEY | GND | +---+---+-------+-------+-------+-------+ | +--- Don't connect Installation ------------ Keep in mind that openwrt can only run on the UBI partition, the openwrt firmware is not able to understand the zloader bootargs. The procedure allows restoring the UBI partition with the Zyxel firmware and retains all the OEM functionalities. 1. Unlock Zloader (this will allow to swap manually between partitions UBI and UBI2): - Attach a usb-ttl adapter to your computer and boot the router. - While the router is booting at some point you will read the following: `Please press Enter to activate this console.` - As soon as you read that press enter, type root and than press enter again (just do it, don't care about the logs scrolling). - Most likely the router is still printing the boot log, leave it boot until it stops. - If everything went ok you should have full root access "root@EX5601-T0:/#". - Type the following command and press enter: "fw_setenv EngDebugFlag 0x1". - Reboot the router. - As soon as you read `Hit any key to stop autoboot:` press Enter. - If everything went ok you should have the following prompt: "ZHAL>". - You have successfully unlocked zloader access, this procedure must be done only once. 2. Check the current active partition: - Boot the router and repeat the steps above to gain root access. - Type the following command to check the current active image: "cat /proc/cmdline". - If `rootubi=ubi` it means that the active partition is `mtd6` - If `rootubi=ubi2` it means that the active partition is `mtd7` - As mentioned earlier we need to flash openwrt into ubi/mtd6 and never overwrite ubi2/mtd7 to be able to fully roll-back. - To activate and boot from mtd7 (ubi2) enter into ZHAL> command prompt and type the following commands: atbt 1 # unlock write atsw # swap boot partition atsr # reboot the router - After rebooting check again with "cat /proc/cmdline" that you are correctly booting from mtd7/ubi2 - If yes proceed with the installation guide. If not probably you don't have a firmware into ubi2 or you did something wrong. 3. Flashing: - Download the sysupgrade file for the router from openwrt, than we need to add the zyfwinfo file into the sysupgrade tar. Zloader only checks for the magic (which is a fixed value 'EXYZ') and the crc of the file itself (256bytes). I created a script to create a valid zyfwinfo file but you can use anything that does exactly the same: https://raw.githubusercontent.com/pameruoso/OpenWRT-Zyxel-EX5601-T0/main/gen_zyfwinfo.sh - Add the zyfwinfo file into the sysupgrade tar. - Enter via telnet or ssh into the router with admin credentials - Enter the following commands to disable the firmware and model checks "zycli fwidcheck off" and "zycli modelcheck off" - Open the router web interface and in the update firmware page select the "restore default settings option" - Select the sysupgrade file and click on upload. - The router will flash and reboot itself into openwrt from UBI 4. Restoring and going back to Zyxel firmware. - Use the ZHAL> command line to manually swap the boot parition to UBI2 with the following: atbt 1 # unlock write atsw # swap boot partition atsr # reboot the router - You will boot again the Zyxel firmware you have into UBI2 and you can flash the zyxel firmware to overwrite the UBI partition and openwrt. Working features ---------------- 3 gbit lan ports Wifi Zyxel partitioning for coexistance with Zloader and dual boot. WAN SFP port (only after exporting pins 57 and 10. gpiobase411) leds reset button serial interface usb port lan ethernet 2.5 gbit port (autosense) wan ethernet 2.5 gbit port (autosense) Not working ---------------- voip (missing drivers or proper zyxel platform software) Swapping the wan ethernet/sfp xor port ---------------- The way to swap the wan port between sfp and ethernet is the following: export the pins 57 and 10. Pin 57 is used to probe if an sfp is present. If pin 57 value is 0 it means that an sfp is present into the cage (cat /sys/class/gpio/gpio468/value). If pin 57 value is 1 it means that no sfp is inserted into the cage. In conclusion by default both 57 an 10 pins are by default 1, which means that the active port is the ethernet one. After inserting an SFP pin 57 will become 0 and you have to manually change the value of pin 10 to 0 too. This is totally scriptable of course. Leds description ------------ All the leds are working out of the box but the leds managed by the 2 maxlinear phy (phy 5 lan, phy6 wan). To activate the phy5 led (rj45 ethernet port led on the back of the router) you have to use mdio-tools. To activate the phy6 led (led on the front of the router for 2.5gbit link) you have to use mdio-tools. Example: Set lan5 led to fast blink on 2500/1000, slow blink on 10/100: mdio mdio-bus mmd 5:30 raw 0x0001 0x33FC Set wan 2.5gbit led to constant on when wan is 2.5gbit: mdio mdio-bus mmd 6:30 raw 0x0001 0x0080 Signed-off-by: Pietro Ameruoso <p.ameruoso@live.it> (cherry picked from commit 1c05388ab04c934ec240e8362321908f91381a90) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* CI: rework build workflow to have split target and subtarget directlyChristian Marangi2023-05-246-42/+44
| | | | | | | | | | | | | | | | | Instead of referring to a redundant job and ENV variables, rework build workflow to accept and require split target and subtarget and use them directly from inputs. Rework each user and pass a JSON of tuple to matrix include with each target/subtarget combination to test. Special notice this doesn't use the github actions matrix combination feature but reference each specific tuple of target and subtarget to test. Just a cleanup no behaviour change intended. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit eecc6e48117be26c2eefd9257cceb9d9b1e842f2) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* CI: check-kernel-patches: use buildbot user on git diff checkChristian Marangi2023-05-241-4/+1
| | | | | | | | | | | | | Use buildbot user on git diff check instead of using git config safe directory. This should accomplish the same result but should be a better approach following safe practice enforced by git. Fixes: a7747e8670cb ("ci: fix check kernel patches job") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 6c80a578a4428c81fd92e0a2abe95dacfa20c008) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ath79: add support for D-Link DIR-859 A3Shiji Yang2023-05-247-4/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifications: SOC: QCA9563 775 MHz + QCA9880 Switch: QCA8337N-AL3C RAM: Winbond W9751G6KB-25 64 MiB Flash: Winbond W25Q128FVSG 16 MiB WLAN: Wi-Fi4 2.4 GHz 3*3 + 5 GHz 3*3 LAN: LAN ports *4 WAN: WAN port *1 Buttons: reset *1 + wps *1 LEDs: ethernet *5, power, wlan, wps MAC Address: use address source1 source2 label 40:9b:xx:xx:xx:3c lan && wlan u-boot,env@ethaddr lan 40:9b:xx:xx:xx:3c devdata@0x3f $label wan 40:9b:xx:xx:xx:3f devdata@0x8f $label + 3 wlan2g 40:9b:xx:xx:xx:3c devdata@0x5b $label wlan5g 40:9b:xx:xx:xx:3e devdata@0x76 $label + 2 Install via Web UI: Apply factory image in the stock firmware's Web UI. Install via Emergency Room Mode: DIR-859 A1 will enter recovery mode when the system fails to boot or press reset button for about 10 seconds. First, set computer IP to 192.168.0.5 and Gateway to 192.168.0.1. Then we can open http://192.168.0.1 in the web browser to upload OpenWrt factory image or stock firmware. Some modern browsers may need to turn on compatibility mode. Signed-off-by: Shiji Yang <yangshiji66@qq.com> (cherry picked from commit 0ffbef9317a1dc049ad259c1ec1530355efc0552) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ath79: improve support for D-Link DIR-8x9 A1 seriesShiji Yang2023-05-245-10/+11
| | | | | | | | | | | | | | | | 1. Remove unnecessary new lines in the dts. 2. Remove duplicate included file "gpio.h" in the device dts. 3. Add missing button labels "reset" and "wps". 4. Unify the format of the reg properties. 5. Add u-boot environment support. 6. Reduce spi clock frequency since the max value suggested by the chip datasheet is only 25 MHz. 7. Add seama header fixup for DIR-859 A1. Without this header fixup, u-boot checksum for kernel will fail after the first boot. Signed-off-by: Shiji Yang <yangshiji66@qq.com> (cherry picked from commit e5d8739aa846db621b6368ba83db17c353a35dea) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ath79: enable NVMEM u-boot-env driver on generic subtargetINAGAKI Hiroshi2023-05-241-0/+2
| | | | | | | | | This patch enables NVMEM u-boot-env driver (COFNIG_NVMEM_U_BOOT_ENV) on generic subtarget to use from devices, for MAC address and etc. Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com> (cherry picked from commit e8f7957450e2dcbeb90492c711a973d2cf0ebbfc) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uml: exclude some /arch/x86 optimizationsChristian Lamparter2023-05-241-0/+6
| | | | | | | | | | | | | The x86_64 UML target wants to include SSSE3 optimized crypto code which lives under /arch/x86/crypto. However, these are not built and this causes an error. | ERROR: module '[...]/arch/x86/crypto/sha512-ssse3.ko' is missing. | make[3]: *** [modules/crypto.mk:990: [...]/kmod-crypto-sha512_5.15.112-1_x86_64.ipk] Error 1 Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 959563fb813890e478bf0a51523cd84d54b9af91) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uml: fix build error due to frame size > 1024Christian Lamparter2023-05-241-10/+14
| | | | | | | | | | | | | | | | | | | | | the UML build fails during the kernel build: | arch/um/drivers/net_kern.c: In function 'compute_hash': | arch/um/drivers/net_kern.c:322:1: error: the frame size of 1072 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] | 322 | } | | ^ |cc1: all warnings being treated as errors The compute_hash() function is added by our patch: 102-pseudo-random-mac.patch Instead of allocating a 1024 byte buffer on the stack for the SHA1 digest input, let's allocate the data on the heap. We should be able to do that since crypto_alloc_ahash and ahash_request_alloc also need to allocate structures on the heap. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit aed2569d3780cab1a1a2d75c9f9e3fe413a9844d) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mac80211: brcm: drop brcmfmac patch waiting for register_wiphy()Rafał Miłecki2023-05-242-65/+1
| | | | | | | | | | | | | | | | That was a workaround for OpenWrt generation of config files. This patch was used to postpone returning from probe function until loading firmware and calling register_wiphy(). All of that is not needed anymore thanks to the ieee80211 hotplug.d script introduced in the commit 5f8f8a366136 ("base-files, mac80211, broadcom-wl: wifi detection and configuration"). That takes care of generating /etc/config/wireless entries even if wireless device appears late in the booting process. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit bd262663142e90f64f1c256b3e6b2b979c1022c0) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* kernel: qca-ssdk: backport support for building as kernel moduleRobert Marko2023-05-234-2/+340
| | | | | | | | | | | | | | | Currently, SSDK is rather special in the sense that its not being built as a proper out of tree module at all but rather like a userspace application and that involves a lot of make magic which unfortunately broke with make version 4.4 and newer. Luckily QCA finally added a way to build SSDK as an out of tree module and it uses the kernel buildsystem which makes it compile with make 4.4 as well. So lets backport the support for it and switch to using it. Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 957f1ee85eb243c5c7397b1e3842a3c61a6b852f)
* ci: push-containers: trigger job on release branchingPetr Štetiar2023-05-231-0/+1
| | | | | | | | | Currently all 23.05 related CI jobs are failing as the containers are not available, so lets fix it by pushing those containers when the version.mk changes. Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 8fc2a0f00f7f62ded3c849e78742c3d87d52ec91)
* ci: tools: run the job on changes in include directory as wellPetr Štetiar2023-05-231-0/+2
| | | | | | | In order to prevent regressions like with #12617. Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 71ca2a31546d5f14faac03838bf700cf22f85215)
* prereq: SetupHostCommand: fix wrong check resultPetr Štetiar2023-05-231-1/+1
| | | | | | | | | | | | | | | Tony has reported, that CI tools job is failing for him in macOS container due to prereq check failure for GNU `install` utility. Michael diagnosed it and from his traces it was clear, that the issue is caused by a wrong return value in the success check case, so lets fix it accordingly. Fixes: f75204036ccc ("prereq-build: allow host command symlinks to update") Reported-by: Tony Ambardar <itugrok@yahoo.com> Diagnosed-by: Michael Pratt <mcpratt@pm.me> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 7855378fcd7ed7cb0a223238a99bac0b8e46c380)
* prereq-build: remove python 2 cleanup recipeMichael Pratt2023-05-212-14/+0
| | | | | | | | | | | This reverts commit 3b68fb57c938af3948ae4c2da61501183fbef649. After refactoring build checks to update old symlinks, and after a long time of no python 2 support, this is no longer needed. Signed-off-by: Michael Pratt <mcpratt@pm.me> (cherry picked from commit e2f9fa42044a2660f702a9b51b14cbde24a13702)
* prereq-build: allow host command symlinks to updateMichael Pratt2023-05-211-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes the prereq stage update the symlinks installed into staging_dir/host/bin by rearrainging the way they are verified. Before, seeing or installing a symlink would result in a successful exit code, and not installing a symlink would result is a failed exit code. However, that is not able to account for the difference between existing good and bad links, or whether the link would be the same if it was reinstalled, because the check can match the program to a different path. Instead, let a success exit code represent identifying an existing symlink as exactly the same as what would be installed if it did not exist, and let a fail exit code represent needing to install the symlink or not having a match to the check criteria. The failing exit code is caught by a new second attempt for all of the check-* targets which will then indicate to the user that there was an update by having a success exit code when the check is run again and the link is the same. When there is nothing to update, the checks will run only once. This relies on the ls command to be POSIX-conformant with long format: "path/to/link -> target/of/link" Also, make sure the symlink is executable, not just a file, and the directory only needs to be created once. Fixes: #12610 Signed-off-by: Michael Pratt <mcpratt@pm.me> (cherry picked from commit f75204036ccc56700df18258602cc65726dd653b)
* OpenWrt v23.05: set branch defaultsChristian Marangi2023-05-213-11/+7
| | | | Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* build: revert 54070a1 (all kernels are >= 5.10)Sebastian Kemper2023-05-211-7/+2
| | | | | | | Commit 54070a1 was added to allow building proper SDKs with kernels < 5.10. Now that all targets use at least kernel 5.10 it can be reverted. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* firmware: intel-microcode: update to 20230512Christian Lamparter2023-05-211-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Debian changelog: intel-microcode (3.20230512.1) unstable; urgency=medium * New upstream microcode datafile 20230512 (closes: #1036013) * Includes fixes or mitigations for an undisclosed security issue * New microcodes: sig 0x000906a4, pf_mask 0x40, 2022-10-12, rev 0x0004, size 115712 sig 0x000b06e0, pf_mask 0x01, 2022-12-19, rev 0x0010, size 134144 * Updated microcodes: sig 0x00050653, pf_mask 0x97, 2022-12-21, rev 0x1000171, size 36864 sig 0x00050654, pf_mask 0xb7, 2022-12-21, rev 0x2006f05, size 44032 sig 0x00050656, pf_mask 0xbf, 2022-12-21, rev 0x4003501, size 37888 sig 0x00050657, pf_mask 0xbf, 2022-12-21, rev 0x5003501, size 37888 sig 0x0005065b, pf_mask 0xbf, 2022-12-21, rev 0x7002601, size 29696 sig 0x000606a6, pf_mask 0x87, 2022-12-28, rev 0xd000390, size 296960 sig 0x000706e5, pf_mask 0x80, 2022-12-25, rev 0x00ba, size 113664 sig 0x000806a1, pf_mask 0x10, 2023-01-13, rev 0x0033, size 34816 sig 0x000806c1, pf_mask 0x80, 2022-12-28, rev 0x00aa, size 110592 sig 0x000806c2, pf_mask 0xc2, 2022-12-28, rev 0x002a, size 97280 sig 0x000806d1, pf_mask 0xc2, 2022-12-28, rev 0x0044, size 102400 sig 0x000806e9, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472 sig 0x000806e9, pf_mask 0x10, 2023-01-02, rev 0x00f2, size 105472 sig 0x000806ea, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472 sig 0x000806eb, pf_mask 0xd0, 2022-12-26, rev 0x00f2, size 105472 sig 0x000806ec, pf_mask 0x94, 2022-12-26, rev 0x00f6, size 105472 sig 0x000806f8, pf_mask 0x87, 2023-03-13, rev 0x2b000461, size 564224 sig 0x000806f7, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f6, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f5, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f4, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f8, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1, size 595968 sig 0x000806f6, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1 sig 0x000806f5, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1 sig 0x000806f4, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1 sig 0x000906a3, pf_mask 0x80, 2023-02-14, rev 0x042a, size 218112 sig 0x000906a4, pf_mask 0x80, 2023-02-14, rev 0x042a sig 0x000906e9, pf_mask 0x2a, 2022-12-26, rev 0x00f2, size 108544 sig 0x000906ea, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448 sig 0x000906eb, pf_mask 0x02, 2022-12-26, rev 0x00f2, size 105472 sig 0x000906ec, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448 sig 0x000906ed, pf_mask 0x22, 2023-02-05, rev 0x00f8, size 104448 sig 0x000a0652, pf_mask 0x20, 2022-12-27, rev 0x00f6, size 96256 sig 0x000a0653, pf_mask 0x22, 2023-01-01, rev 0x00f6, size 97280 sig 0x000a0655, pf_mask 0x22, 2022-12-26, rev 0x00f6, size 96256 sig 0x000a0660, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 97280 sig 0x000a0661, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 96256 sig 0x000a0671, pf_mask 0x02, 2022-12-25, rev 0x0058, size 103424 sig 0x000b0671, pf_mask 0x32, 2023-02-06, rev 0x0113, size 207872 sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992 sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112 * source: update symlinks to reflect id of the latest release, 20230512 -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 16 May 2023 00:13:02 -0300 intel-microcode (3.20230214.1) unstable; urgency=medium * Non-maintainer upload. * New upstream microcode datafile 20230214 - Includes Fixes for: (Closes: #1031334) - INTEL-SA-00700: CVE-2022-21216 - INTEL-SA-00730: CVE-2022-33972 - INTEL-SA-00738: CVE-2022-33196 - INTEL-SA-00767: CVE-2022-38090 * New Microcodes: sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064 sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152 sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992 sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e * Updated Microcodes: sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864 sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888 sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888 sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696 sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960 sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792 sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776 sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800 sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664 sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816 sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136 sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429 sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112 sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429 sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480 sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424 sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872 sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c -- Tobias Frost <tobi@debian.org> Sun, 12 Mar 2023 18:16:50 +0100 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: disable IGD (video DRM) supportPhilip Prindeville2023-05-211-1/+3
| | | | | | | | | | | | | IGD is only useful when accelerating a VM guest that wants to direct render to memory in the host's framebuffer, but since OpenWrt typically runs on headless hardware, this serves no purpose. Also build vfio with VFIO_NOIOMMU undefined (to get all of the code enabled), but allow it to be enabled via boot-time modparams settings (or at run-time via sysfs writes to "/sys/module/vfio/parameters/enable_unsafe_noiommu_mode". Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* treewide: Disable building 8M RAM devicesFelix Baumann2023-05-211-0/+1
| | | | | | | | Following deprecation notice[1] in 21.02, disable target with 8M of RAM [1] https://openwrt.org/supported_devices/864_warning Signed-off-by: Felix Baumann <felix.bau@gmx.de>
* treewide: Disable building 32M RAM devicesFelix Baumann2023-05-2116-0/+124
| | | | | | | | Following deprecation notice[1] in 21.02, disable targets with 32M of RAM [1] https://openwrt.org/supported_devices/864_warning Signed-off-by: Felix Baumann <felix.bau@gmx.de>
* treewide: Disable building 16M RAM devicesFelix Baumann2023-05-212-0/+29
| | | | | | | | Following deprecation notice[1] in 21.02, disable targets with 16M of RAM [1] https://openwrt.org/supported_devices/864_warning Signed-off-by: Felix Baumann <felix.bau@gmx.de>
* ramips: mt7621: fix Xiaomi Router 3G/Pro LEDsDENG Qingfang2023-05-202-20/+53
| | | | | | | | | | The PHY name has been changed to "mt7530-0" since IRQ support was added to MT7530 driver. Fixes: f9cfe7af1f1f ("kernel: backport MT7530 IRQ support") Signed-off-by: DENG Qingfang <dqfext@gmail.com> (node names, added color, function+function-enumerator properties) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* dropbear: add ForceCommand uci optionNozomi Miyamori2023-05-201-0/+2
| | | | | | | | adds ForceCommand option. If the command is specified, it forces users to execute the command when they log in. Signed-off-by: Nozomi Miyamori <inspc43313@yahoo.co.jp> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* x86: base-files add support for Sophos 135r3/135r3wStan Grishin2023-05-202-0/+11
| | | | | | | | | | | | | | The Sophos SG/XG-135 revision 3 has odd numbering of eth ports where the WAN port (as marked on the case) is: `eth6` and `eth0`, `eth1`, `eth2`, `eth3`, `eth5`, `eth7`, `eth8` are LAN ports. Port `eth4` seems to be the SFP port. Also add the missing LED definition for supported Sophos devices. Original discussion at: https://forum.openwrt.org/t/openwrt-on-revision-3-of-sophos-desktop-appliances/152912 Signed-off-by: Stan Grishin <stangri@melmac.ca>
* tfa-layerscape: fix fiptool's buildChristian Lamparter2023-05-202-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | A missing '\' caused the remaining parameters not to be passed to make. This fixes the following error: | gcc -c [...] fiptool.c -o fiptool.o | In file included from fiptool.h:16, | from fiptool.c:19: |fiptool_platform.h:19:11: fatal error: openssl/sha.h: No such file or directory | 19 | # include <openssl/sha.h> | | ^~~~~~~~~~~~~~~ |compilation terminated. |make[3]: *** [Makefile:58: fiptool.o] Error 1 as the HOST_CFLAGS are no longer passed. then, HOST_CFLAGS is specified as a command argument, this is a specific problem of our built since appending these needs the override directive. Fixes: df28bfe03247 ("tfa-layerscape: Change to github and use the latest tag") Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* tools/ccache: update to 4.8.1Linhui Liu2023-05-201-2/+2
| | | | | | | Release Notes: https://ccache.dev/releasenotes.html#_ccache_4_8_1 Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
* build: Allow specifying uImage timeDavid Yang2023-05-202-1/+3
| | | | | | | Some U-Boot checks for a specified uImage time and refuses to boot if mismatched. This patch fixes it by recognizing UIMAGE_TIME parameter. Signed-off-by: David Yang <mmyangfl@gmail.com>
* nettle: update to 3.9Nick Hainke2023-05-202-7/+7
| | | | | | | | | | Changelog: https://git.lysator.liu.se/nettle/nettle/-/blob/26cd0222fd09b8f5dc0edba30d6908722c7e9b09/NEWS Refresh patch: - 100-portability.patch Signed-off-by: Nick Hainke <vincent@systemli.org>
* kirkwood: add support for Iomega Storcenter ix4-200dSander van Deijck2023-05-203-0/+223
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Iomega Storcenter ix4-200d is a four-bay SATA NAS powered by a Marvell Kirkwood SoC clocked at 1.2GHz. It has 512MB of RAM and 32MB of flash memory, 3x USB 2.0 and 2x 1Gbit/s NIC Specification: - SoC: Marvell Kirkwood 88F6281 - CPU/Speed: 1200Mhz - Flash size: 32 MiB - RAM: 512MB - LAN: 2x 1Gbit/s - 3x USB 2.0 Notes: - The blue drive LED is triggered by HDD activity, it can not be controlled via GPIO. - The LCD screen requires proprietary code and does not function at this time. - Due to a kernel-related issue with the Marvell 88SE6121 SATA controller, currently only trays numbered #3 and #4 work, #1 and #2 do not. [1] Serial pinout: CN4 -------------- | 10 8 6 4 2 | | 9 7 5 3 1 | -------------- PIN 1 Mark (fat line) 1 = RXD 4 = TXD 6 = GND 9 = 3.3V (not necessary to connect) Installation instructions: 1. download initramfs-uImage and copy into tftp server 2. connect the tftp server to network port #1 3. access uboot environment with serial cable and run setenv mainlineLinux yes setenv arcNumber 1682 setenv console 'console=ttyS0,115200n8' setenv mtdparts 'mtdparts=orion_nand:0x100000@0x000000(u-boot)ro,0x20000@0xA0000(u-boot environment)ro,0x300000@0x100000(kernel),0x1C00000@0x400000(ubi)' setenv bootargs_root 'root=' setenv bootcmd 'setenv bootargs ${console} ${mtdparts} ${bootargs_root}; nand read.e 0x800000 0x100000 0x300000; bootm 0x00800000' saveenv setenv serverip 192.168.1.1 setenv ipaddr 192.168.1.2 tftpboot 0x00800000 [initramfs-uImage filename] bootm 0x00800000 4. connect to LAN on network port #2, log into openwrt and sysupgrade to install into flash [1] https://bugzilla.kernel.org/show_bug.cgi?id=216094 Signed-off-by: Sander van Deijck <sander@vandeijck.com> (aligned FROM from signed-off. LED+key rename, whitespace removal) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: remove obsolete kernel version switchesAleksander Jan Bajkowski2023-05-2012-154/+0
| | | | | | | This removes unneeded kernel version switches from the targets after kernel 5.10 has been dropped. Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
* tfa-layerscape: Change to github and use the latest tagWojciech Dubowik2023-05-204-37/+265
| | | | | | | | | | | | | | The default location of tfa-layerscape has been changed from codeuaurora to github. Also use the latest tag for Layerscape Linux Development POC from NXP. v2: * restored ls1021a-afrdm board * added platform defines to fiptool so ls-ddr-phy can be built Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch> (reset PKG_RELEASE) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ppfe-firmware: Bump to lf-6.1.1-1.0.0 and switch to githubWojciech Dubowik2023-05-201-5/+5
| | | | | | | | | | | | | The default location of ppfe-firmware has been changed from codeuaurora to github. Also use the latest tag for Layerscape Linux Development POC from NXP. Tested on: * NXP FRWY-LS1012A Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch> (reset PKG_RELEASE) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* fman-ucode: Bump to lf-6.1.1-1.0.0 and switch to githubWojciech Dubowik2023-05-201-5/+5
| | | | | | | | | | | | | The default location of fman-ucode has been changed from codeuaurora to github. Also use the latest tag for Layerscape Linux Development POC from NXP. Tested on: * NXP LS1046A-RDB Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch> (reset PKG_RELEASE) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* uboot-layerscape: Bump to lf-6.1.1-1.0.0 and switch to githubWojciech Dubowik2023-05-203-46/+5
| | | | | | | | | | | | | | | | | The default location of uboot-layerscape has been changed from codeuaurora to github. Also use the latest tag for Layerscape Linux Development POC from NXP. Tested on: * NXP FRWY-LS1012A * NXP LS1028A-RDB * NXP LS1046A-RDB V2: Remove ls1028ardb specifix fixups not needed with new uboot Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch> (reset PKG_RELEASE) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ls-rcw: Bump to lf-6.1.1-1.0.0 and switch to githubWojciech Dubowik2023-05-201-5/+5
| | | | | | | | | | | | | | | | The default location of ls-rcw has been changed from codeuaurora to github. The reason is that the old codeaurora source no longer resolves. Also use the latest tag for Layerscape Linux Development POC from NXP. Tested on: * NXP FRWY-LS1012A * NXP LS1046A-RDB Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch> (reset PKG_RELEASE, Mention that previous codeaurora source is no longer available) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: net: add support for kernel tlsTiago Gaspar2023-05-202-0/+21
| | | | | | | | | | Add ktls (Kernel TLS) kmods to enable TLS support in kernel (allowing TLS offload when the network card supports it) Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com> (added disabled symbols) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* build: escape whitespaces in VERSION_DIST for Netgear imagesSven Roederer2023-05-201-2/+2
| | | | | | | | | Prevents subshell commands from failing to parse options when having defined a whitespace in the VERSION_DIST. As the called resulting images unlikely will handle whitespace correctly, we replace them by "-". Signed-off-by: Sven Roederer <S.Roederer@colvistec.de>
* ipq40xx: convert EZVIZ CS-W3-WD1200G-EUP to DSAChristian Lamparter2023-05-203-2/+38
| | | | | | Convert the repeater to DSA. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ath79: fix 5GHz on QCA9886 variant of ZTE MF286Lech Perczak2023-05-202-4/+4
| | | | | | | | | | | Recently, a strange variant of ZTE MF286 was discovered, having QCA9886 radio instead of QCA9882 - like MF286A, but having MF286 flash layout and rest of hardware. To support both variants in one image, bind calibration data at offset 0x5000 both as "calibration" and "pre-calibration" nvmem-cells, so ath10k can load caldata for both at runtime. Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* ath79: Add support for D-Link DIR-869-A1Jan Forman2023-05-204-1/+51
| | | | | | | | | | | | | | | | | | | | Specifications The D-Link EXO AC1750 (DIR-869) router released in 2016. It is powered by Qualcomm Atheros QCA9563 @ 750 MHz chipset, 64 MB RAM and 16 MB flash. 10/100/1000 Gigabit Ethernet WAN port Four 10/100/1000 Gigabit Ethernet LAN ports Power Button, Reset Button, WPS Button, Mode Switch Flashing 1. Upload factory.bin via D-link web interface (Management/Upgrade). Revert to stock Upload original firmware via OpenWrt sysupgrade interface. Debricking D-Link Recovery GUI (192.168.0.1) Signed-off-by: Jan Forman <forman.jan96@gmail.com>
* ath79: Convert calibration data to nvmemJan Forman2023-05-203-7/+35
| | | | | | | | | For D-link DIR-859 and DIR-869 Replace the mtd-cal-data by an nvmem-cell. Add the PCIe node for the ath10k radio to the devicetree. Thanks to DragonBlue for this patch Signed-off-by: Jan Forman <jforman@tuta.io>
* ath79: Create shared dtsi for DIR-859Jan Forman2023-05-202-112/+119
| | | | | | Create a shared dtsi for the dir-859 and similarly device, it similarly as it done for the dir-842. Signed-off-by: Jan Forman <jforman@tuta.io>