| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
The Asus RT-AX1800U is identical to the already supported Asus RT-AX53U.
Use the ALT0 buildroot tags to show both devices.
Tested-by: Marian Sarcinschi <znevna@gmail.com>
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
(cherry picked from commit acd3b5e83b99879b326a940907a9ff334586f86b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the missing LEDs to Asus RT-AX53U.
Based on PR #10400 and patch provided in #11068
- enable the two LEDs controlled by mt7915e for wireless;
- add label to power LED so it works properly and fix formatting;
- add the USB LED;
- switch LEDs are best left to be controlled by hardware for now.
Co-Authored-By: Ivan Rozhuk <rozhuk.im@gmail.com>
Co-Authored-By: Shiji Yang <yangshiji66@qq.com>
Co-Authored-By: Hartmut Birr <e9hack@gmail.com>
Tested-by: Felix Baumann <felix.bau@gmx.de>
Tested-by: Marian Sarcinschi <znevna@gmail.com>
Signed-off-by: Marian Sarcinschi <znevna@gmail.com>
(cherry picked from commit c4b806d5c4ccc653968620e6e9aec93bc4e370e5)
|
| |
|
|
|
|
|
|
|
|
| |
Adds uboot-envtools support for ramips Asus RX-AX53U now that partition
can be correctly read.
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
[ improve commit title and description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 75451681d03e609ac8a3d1cd7469eefa53e18ca4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for read/writing uboot env by renaming the second partition
to its stock label "nvram" and remove the deemed unnecessary
"read-only". Split the first partition "u-boot" in two, in order
to allow `fw_setenv` safe write-access to the uboot environment
variables.
This implements hauke's request from [1].
Based on the patch provided by Shiji Yang.
[1] https://github.com/openwrt/openwrt/pull/10400#discussion_r945153224
Co-Authored-By: Shiji Yang <yangshiji66@qq.com>
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
[ improve commit title and description, fix some whitespace problem ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3f1e9f6f3b14385cab7ca6d1dcc2a4b658475bc3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Mikrotik R11e-LTE6 modem is similar to ZTE MF286R modem, added
earlier: it has a Marvel chip, able to work in ACM+RNDIS mode, knows ZTE
specific commands, runs OpenWrt Barrier Breaker fork.
While the modem is able to offer IPv6 address, the RNDIS setup is unable
to complete if there is an IPv6 adress.
While it works in ACM+RNDIS mode, the user experience isn't as good as
with "proto 3g": the modem happily serves a local IP (192.168.1.xxx)
without internet access. Of course, if the modem has enough time
(for example at the second dialup), it will serve a public IP.
Modifing the DHCP Lease (to a short interval before connect and back to
default while finalizing) is a workaround to get a public IP at the
first try.
A safe workaround for this is to excercise an offline script of the
pingcheck program: simply restart (ifdown - ifup) the connection.
Another pitfall is that the modem writes a few messages at startup,
which confuses the manufacturer detection algorithm and got disabled.
daemon.notice netifd: Interface 'mikrotik' is setting up now
daemon.notice netifd: mikrotik (2366): Failed to parse message data
daemon.notice netifd: mikrotik (2366): WARNING: Variable 'ok' does not exist or is not an array/object
daemon.notice netifd: mikrotik (2366): Unsupported modem
daemon.notice netifd: mikrotik (2426): Stopping network mikrotik
daemon.notice netifd: mikrotik (2426): Failed to parse message data
daemon.notice netifd: mikrotik (2426): WARNING: Variable '*simdetec:1,sim' does not exist or is not an array/object
daemon.notice netifd: mikrotik (2426): Unsupported modem
daemon.notice netifd: Interface 'mikrotik' is now down
A workaround for this is to use the "delay" option in the interface
configuration.
I want to thank Forum members dchard (in topic Adding support for
MikroTik hAP ac3 LTE6 kit (D53GR_5HacD2HnD)) [1]
and mrhaav (in topic OpenWrt X86_64 + Mikrotik R11e-LTE6) [2]
for sharing their experiments and works.
Another information page was found at eko.one.pl [3].
[1]: https://forum.openwrt.org/t/137555
[2]: https://forum.openwrt.org/t/151743
[3]: https://eko.one.pl/?p=modem-r11elte
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit dbd6ebd6d84b35599a0446559576df41f487200e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The MikroTik R11e-LTE6 modem goes into flight mode (CFUN=4) at startup
and the radio is off (*RADIOPOWER: 0):
AT+RESET
OK
OK
*SIMDETEC:2,NOS
*SIMDETEC:1,SIM
*ICCID: 8936500119010596302
*EUICC: 1
+MSTK: 11, D025....74F3
*ADMINDATA: 0, 2, 0
+CPIN: READY
*EUICC: 1
*ECCLIST: 5, 0, 112, 0, 000, 0, 08, 0, 118, 0, 911
+CREG: 0
$CREG: 0
+CESQ: 99,99,255,255,255,255
*CESQ: 99,99,255,255,255,255,0
+CGREG: 0
+CEREG: 0
+CESQ: 99,99,255,255,255,255
*CESQ: 99,99,255,255,255,255,0
*RADIOPOWER: 0
+MMSG: 0, 0
+MMSG: 0, 0
+MMSG: 1, 0
+MPBK: 1
While the chat script is able to establish the PPP connection,
it's closed instantly by the modem: LCP terminated by peer.
local2.info chat[7000]: send (ATD*99***1#^M)
local2.info chat[7000]: expect (CONNECT)
local2.info chat[7000]: ^M
local2.info chat[7000]: ATD*99***1#^M^M
local2.info chat[7000]: CONNECT
local2.info chat[7000]: -- got it
local2.info chat[7000]: send ( ^M)
daemon.info pppd[6997]: Serial connection established.
kern.info kernel: [ 453.659146] 3g-mikrotik: renamed from ppp0
daemon.info pppd[6997]: Renamed interface ppp0 to 3g-mikrotik
daemon.info pppd[6997]: Using interface 3g-mikrotik
daemon.notice pppd[6997]: Connect: 3g-mikrotik <--> /dev/ttyACM0
daemon.info pppd[6997]: LCP terminated by peer
daemon.notice pppd[6997]: Connection terminated.
daemon.notice pppd[6997]: Modem hangup
daemon.info pppd[6997]: Exit.
daemon.notice netifd: Interface 'mikrotik' is now down
Sending "AT+CFUN=1" to modem deactivates the flight mode and
solves the issue:
daemon.notice netifd: Interface 'mikrotik' is setting up now
daemon.notice netifd: mikrotik (7051): sending -> AT+CFUN=1
daemon.notice pppd[7137]: pppd 2.4.9 started by root, uid 0
local2.info chat[7140]: abort on (BUSY)
local2.info chat[7140]: abort on (NO CARRIER)
local2.info chat[7140]: abort on (ERROR)
local2.info chat[7140]: report (CONNECT)
local2.info chat[7140]: timeout set to 10 seconds
local2.info chat[7140]: send (AT&F^M)
local2.info chat[7140]: expect (OK)
local2.info chat[7140]: ^M
local2.info chat[7140]: +CESQ: 99,99,255,255,255,255^M
local2.info chat[7140]: ^M
local2.info chat[7140]: *CESQ: 99,99,255,255,255,255,0^M
local2.info chat[7140]: AT&F^MAT&F^M^M
local2.info chat[7140]: OK
local2.info chat[7140]: -- got it
...
local2.info chat[7140]: send (ATD*99***1#^M)
local2.info chat[7140]: expect (CONNECT)
local2.info chat[7140]: ^M
local2.info chat[7140]: ATD*99***1#^M^M
local2.info chat[7140]: CONNECT
local2.info chat[7140]: -- got it
local2.info chat[7140]: send ( ^M)
daemon.info pppd[7137]: Serial connection established.
kern.info kernel: [ 463.094254] 3g-mikrotik: renamed from ppp0
daemon.info pppd[7137]: Renamed interface ppp0 to 3g-mikrotik
daemon.info pppd[7137]: Using interface 3g-mikrotik
daemon.notice pppd[7137]: Connect: 3g-mikrotik <--> /dev/ttyACM0
daemon.warn pppd[7137]: Could not determine remote IP address: defaulting to 10.64.64.64
daemon.notice pppd[7137]: local IP address 100.112.63.62
daemon.notice pppd[7137]: remote IP address 10.64.64.64
daemon.notice pppd[7137]: primary DNS address 185.29.83.64
daemon.notice pppd[7137]: secondary DNS address 185.62.131.64
daemon.notice netifd: Network device '3g-mikrotik' link is up
daemon.notice netifd: Interface 'mikrotik' is now up
To send this AT command to the modem the "runcommand.gcom" script
dependency is moved from comgt-ncm to comgt.
As the comgt-ncm package depends on comgt already, this change
is a NOOP from that point of view.
But from the modem's point it is a low hanging fruit as the modem
is usable with installing comgt and kmod-usb-ncm packages.
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit 91eca7b04ff1309c7408baa1f1631d7623ce50cf)
|
| |
|
|
|
|
|
|
| |
The XMC XM25QH64C is a 8MB SPI NOR chip. The patch is verified on TL-WPA8631P v3.
Datasheet available at https://www.xmcwh.com/uploads/442/XM25QH64C.pdf
Signed-off-by: Joe Mullally <jwmullally@gmail.com>
(cherry picked from commit 19752bdfa3e75da8290f525186e9fd8349df9c93)
|
| |
|
|
|
|
|
| |
Refresh the kernel patches.
Fixes: c2331038b257 ("kernel: remove obsolete netfilter tcp window size check bypass patch")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
| |
On any currently supported hardware, the performance impact should not
matter anymore.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 75e78bcaab847557ce1782eb2dea9dff9a029171)
|
| |
|
|
|
|
|
| |
Fixes CVE-2022-47522
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d54c91bd9ab3c54ee06923eafbd67047816a37e4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch solves the problem of receiving "error" responses when
initially calling gcom. This avoids unnecessary NO_DEVICE failures.
A retry loop retries the call after an "error" response within the
specified delay. A successful response will continue with the connection
immediately without waiting for max specified delay, bringing the
interface up sooner.
Signed-off-by: Mike Wilson <mikewse@hotmail.com>
(cherry picked from commit 8f27093ce784daad5a9b1c89f51d0a76a8bbb07b)
|
| |
|
|
|
|
|
| |
All patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit f598880162e83ddc0139e00c5248497d06f5fff7)
|
| |
|
|
|
|
|
|
|
|
| |
Manually rebased:
backport-5.10/611-v5.12-net-ethernet-mediatek-support-setting-MTU.patch
All other patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 3ca98495897126113912f7ee4537f69459d21332)
|
| |
|
|
|
|
|
| |
No patches needed to be rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 72d9d2b923b389f09e2ba43f4aba22c068e6cbb7)
|
| |
|
|
|
|
|
|
|
|
| |
Manually rebased:
ramips/patches-5.10/810-uvc-add-iPassion-iP2970-support.patch
All other patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit d4aad642ff80750ec16a58058eb6da718e2129cd)
|
| |
|
|
|
|
|
| |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.10.173&id=18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit fbfec3286e8bfce3a78749b7bcb67e658665f197)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We use late loading[1] so need to set this option despite upstream adding a
kernel taint when this option is set. See discussion in PR#12149 for more details.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/arch/x86/Kconfig?id=v5.10.173&id2=v5.10.172
1. https://github.com/openwrt/openwrt/blob/master/target/linux/x86/base-files/lib/preinit/02_load_x86_ucode
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 0c5ffe1ab2b4843635555e2a234f8bd5cb4d6978)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Removed upstreamed:
backport-5.10/804-0001-net-Remove-WARN_ON_ONCE-sk-sk_forward_alloc-from-sk_.patch[1]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.171&id=3e4bbd1f38a8d35bd2d3aaffdb5f6ada546b669a
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 50cb897d251133752ea2cd338153a6dcb011ea98)
|
| |
|
|
|
|
|
| |
No patches modified for this bump
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit a14cc979a2a081c31763b994219ae0d0ddebd9f2)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add fix:
target/linux/generic/backport-5.10/804-0001-net-Remove-WARN_ON_ONCE-sk-sk_forward_alloc-from-sk_.patch[3]
All other patches automatically rebased.
3. https://lore.kernel.org/stable/20230227211548.13923-1-kuniyu@amazon.com
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit b88955aa2294c61f21bdf7014e10d8ea29d0c346)
|
| |
|
|
|
| |
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cb2661844a5d54d44230ee564d4f17605a794a49)
|
| |
|
|
|
| |
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ffaabee9b8d9da7c15a50f52897ae5f70b40b4e7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The USB port on the MR8300 randomly fails to feed bus-powered devices.
This is caused by a misconfigured pinmux. The GPIO68 should be used to
enable the USB power (active low), but it's inside the NAND pinmux.
This GPIO pin was found in the original firmware at a startup script in
both MR8300 and EA8300. Therefore apply the fix for both boards.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit ed64c3323590e3c9fa8b423bf37689023a7a101f)
Signed-off-by: Steffen Scheib <steffen@scheib.me>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes boot loader LZMA decompression issues (LZMA ERROR 1)
As reported in issue #12208
Reported-by: Raúl M. <raul.m@sparkedhost.com>
Tested-by: Raúl M. <raul.m@sparkedhost.com>
Signed-off-by: Tony Butler <spudz76@gmail.com>
(cherry picked from commit 889bbf89bb679f0c5b0fa432e27a3e0dd8940a4e)
|
| |
|
|
|
|
|
|
|
|
| |
There's no valid mac address for the second band in the eeprom.
The vendor fw uses 2.4G mac + 4 as the mac for 5G radio.
Do the same in our firmware.
Fixes: 23be410b3d ("ramips: add support for TOTOLINK X5000R")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 212632540043cc9b911c2efb86156479f2710836)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hardware
========
- SoC: MediaTek MT7621AT (880MHz, Duel-Core)
- RAM: DDR3 128MB
- Flash: Winbond W25Q128JV (SPI-NOR 16MB)
- WiFi: MediaTek MT7915D (2.4GHz, 5GHz, DBDC)
- Ethernet: MediaTek MT7530 (WAN x1, LAN x3, SoC)
- UART: >TX RX GND 3v3 (115200 8N1, J1)
Do not connect 3v3. TX is marked with an arrow.
Installation
============
Flash factory image. This can be done using stock web ui.
Revert to stock firmware
========================
Flash stock firmware via OEM Web UI Recovery mode.
Web UI Recovery method
======================
1. Unplug the router
2. Plug in and hold reset button 5~10 secs
3. Set your computer IP address manually to 192.168.1.x / 255.255.255.0
4. Flash image with web browser to 192.168.1.1
Co-authored-by: Robert Senderek <robert.senderek@10g.pl>
Co-authored-by: Yoonji Park <koreapyj@dcmys.kr>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 47de2c686291e69afc9f443e27e1dfd11ed5fbe7)
|
| |
|
|
| |
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
The original claim about conflicting MAC addresses is wrong. mac80211
does increment the first octet and sets the LA bit.
This means our "workaround" actually leads to the issue while
incrementing the last octet is safe.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit d52870125d57d39e73e6c305dd36fad44fe4a773)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hardware
--------
CPU: MediaTek MT7621 DAT
RAM: 128MB DDR3 (integrated)
FLASH: 16MB SPI-NOR ()
WiFi: MediaTek MT7905 + MT7975 (2.4 / 5 DBDC) 802.11ax
SERIAL: 115200 8N1
LEDs - (3V3 - GND - RX - TX) - ETH ports
Installation
------------
Upload the factory image using the Web-UI.
Web-Recovery
------------
The router supports a HTTP recovery mode by holding the reset-button
when powering on. The interface is reachable at 192.168.0.1 and supports
installation using the factory image.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7dceef5ee554ec4ab5d2dd2ff999f4a60bf2e0f4)
|
| |
|
|
| |
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hardware
--------
SoC: Freescale P1010
RAM: 512MB
FLASH: 1 MB SPI-NOR
512 MB NAND
ETH: 3x Gigabite Ethernet (Atheros AR8033)
SERIAL: Cisco RJ-45 (115200 8N1)
RTC: Battery-Backed RTC (I2C)
Installation
------------
1. Patch U-Boot by dumping the content of the SPI-Flash using a SPI
programmer. The SHA1 hash for the U-Boot password is currently
unknown.
A tool for patching U-Boot is available at
https://github.com/blocktrron/t10-uboot-patcher/
You can also patch the unknown password yourself. The SHA1 hash is
E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA
2. Interrupt the bootmenu by pressing CTRL+C. A password prompt appears.
The patched password is '1234' (without quotation marks)
3. Download the OpenWrt initramfs image. Copy it to a TFTP server
reachable at 10.0.1.13/24 and rename it to uImage.
4. Connect the TFTP server to ethernet port 0 of the Watchguard T10.
5. Download and boot the initramfs image by entering "tftpboot; bootm;"
in U-Boot.
6. After OpenWrt booted, create a UBI volume on the old data partition.
The "ubi" mtd partition should be mtd7, check this using
$ cat /proc/mtd
Create a UBI partition by executing
$ ubiformat /dev/mtd7 -y
7. Increase the loadable kernel-size of U-Boot by executing
$ fw_setenv SysAKernSize 800000
8. Transfer the OpenWrt sysupgrade image to the Watchguard T10 using
scp. Install the image by using sysupgrade:
$ sysupgrade -n <path-to-sysupgrade>
Note: The LAN ports of the T10 are 1 & 2 while 0 is WAN. You might
have to change the ethernet-port.
9. OpenWrt should now boot from the internal NAND. Enjoy.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 35f6d795134e9b089c4e763a7f58cba7d4e15e42)
|
| |
|
|
|
|
|
|
| |
Remove this stray patch, as OpenWrt 22.03 does not target kernel 5.15.
Fixes commit b18a0d0b92963 ("generic: add support for EON EN25QX128A spi nor flash")
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes spurious boot-errors with some ath79 MIPS 74Kc boards such
as the AC Lite as well as Archer C7 v2.
The missing barrier leads to the icache flush being executed before the
dcache writeback, which results in the CPU executing the dummy infinite
loop in tlbmiss_handler_setup_pgd.
Applying this patch from upstream ensures the dcache is written back
before flushing the icache.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 26bc8f68767e1ec6e33a84ef397e4c38d5968462)
|
| |
|
|
|
|
|
|
|
|
| |
The padding intended to avoid corrupted non-zero padding payload was
accidentally adding too many padding bytes, tripping up some setups.
Fix this by using eth_skb_pad instead.
Fixes #11942.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 9307c27539805de021fb7163f6ad6dc08992331b)
|
| |
|
|
|
|
|
| |
Fix autoload module name for can-mcp251x kmod.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
(cherry picked from commit 29d02d8ce584fa7e420204e04dde1e17e14e009c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manually rebased:
backport-5.10/804-v5.14-0001-nvmem-core-allow-specifying-of_node.patch
Removed upstreamed:
generic-backport/807-v5.17-0003-nvmem-core-Fix-a-conflict-between-MTD-and-NVMEM-on-w.patch[1]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.168&id=34ec4c7831c416ac56619477f1701986634a7efc
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 461072fc7b3d8fa77347a884fe5d36c81f660da8)
[Refresh on OpenWrt 22.03]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 712681458a65736d3fc625bb9c481c31b23c1f97)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 4ae86b3358a149a17411657b12103ccebfbdb11b)
The original commit removed the upstreamed patch 010-padlock.patch, but
it's not on OpenWrt 22.03, so it doesn't have to be removed.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To download a package the LLVM bins are not strictly needed.
Currently with an example run of make package/bridger/download V=s, the
build fail with
make[2]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
bash: line 1: /home/ansuel/openwrt-ansuel/openwrt/staging_dir/host/llvm-bpf/bin/clang: No such file or directory
bash: line 1: [: : integer expression expected
/home/ansuel/openwrt-ansuel/openwrt/include/bpf.mk:71: *** ERROR: LLVM/clang version too old. Minimum required: 12, found: . Stop.
make[2]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
time: package/network/services/bridger/download#0.04#0.00#0.06
ERROR: package/network/services/bridger failed to build.
This is wrong since it may be needed to download the required packages
first and then compile them later.
Fix this by ignoring the LLVM bin check on non compile steps.
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 116c73fd71c75e38c4d707dc5a74e6993874098f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
unetd always includes $(INCLUDE_DIR)/bpf.mk. This file always checks if
the LLVM version is supported in CLANG_VER_VALID. unetd only needs bpf
when UNETD_VXLAN_SUPPORT is set. It fails when UNETD_VXLAN_SUPPORT is
not set and llvm is not installed.
Fix it by only checking the LLVM version when a LLVM toolchain is
available.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit c58177b5dcb3461efef0adefe570dd8a8d966ec4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've few low spec (make -j3) build workers attached to the 22.03
buildbot instance which from time to time exhibit following build
failure during image generation (shortened for brewity):
+ dd bs=512 if=root.ext4 of=openwrt-22.03...sdcard.img.gz.img
dd: failed to open 'root.ext4': No such file or directory
Thats happening likely due to the fact, that on buildbots we've
`TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem
image in the SD card image target dependency chain:
make_ext4fs -L rootfs ... root.ext4+pkg=68b329da
and that hardcoded `root.ext4` image filename becomes available from
other Make targets in the later stages. So lets fix this issue by using
IMAGE_ROOTFS Make variable which should contain proper path to the root
filesystem image.
Fixing remaining subtargets ommited in commit 5c3679e39b61 ("at91:
sama7: fix racy SD card image generation").
Fixes: 5c3679e39b61 ("at91: sama7: fix racy SD card image generation")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3b669bc3f32f7594f38187a284a65ca2c35a0121)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've few low spec (make -j3) build workers attached to the 22.03
buildbot instance which from time to time exhibit following build
failure during image generation:
+ dd bs=512 if=root.ext4 of=openwrt-22.03-snapshot-r20028-43d71ad93e-at91-sama7-microchip_sama7g5-ek-ext4-sdcard.img.gz.img seek=135168 conv=notrunc
dd: failed to open 'root.ext4': No such file or directory
Thats likely due to the fact, that on buildbots we've
`TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem
image in the SD card image target dependency chain:
make_ext4fs -L rootfs ... root.ext4+pkg=68b329da
and that hardcoded root.ext4 becomes available from other target in the
later stages. So lets fix this issue by using IMAGE_ROOTFS Make variable
which should contain proper path to the root filesystem image.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5c3679e39b615ff29c9315f810e8e15775cc2d01)
|
| |
|
|
|
|
|
| |
This update mac80211 to version 5.15.92-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 50324b949b91cfb70ced3869b09b895e45a5ae37)
|
| |
|
|
|
|
|
|
|
| |
The phy-mode property must be defined on the MAC instead of the PHY. Define
phy-mode under gmac1 which the external phy is connected to.
Tested-by: Petr Louda <petr.louda@outlook.cz>
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit 5155200f97adaeaaac7b752b5a6a5e41cba3db6a)
|
| |
|
|
|
|
|
|
| |
Add squashfs and ramdisk to features as these are commonly used images
for the octeontx.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
(cherry picked from commit af5635e6ca12d3be275560a58ac6e2793e218fcd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add LTE packages required for operating the LTE modems shipped with
the GL-XE300.
Example configuration for an unauthenticated dual-stack APN:
network.wwan0=interface
network.wwan0.proto='qmi'
network.wwan0.device='/dev/cdc-wdm0'
network.wwan0.apn='internet'
network.wwan0.auth='none'
network.wwan0.delay='10'
network.wwan0.pdptype='IPV4V6'
Signed-off-by: Tom Herbers <mail@tomherbers.de>
(cherry picked from commit 67f283be4430ebfb46be6c00fcc7c12a6adabce3)
|
| |
|
|
|
|
|
|
| |
This adds an label-mac-device alias which refrences the mac which is
printed on the Label of the device.
Signed-off-by: Tom Herbers <mail@tomherbers.de>
(cherry picked from commit f83f5f8452edd3115aacf333b0038da89639a218)
|
| |
|
|
|
|
|
|
|
| |
This commit adds the LTE led for GL.iNet GL-XE300
to the default leds config.
Signed-off-by: Leo Soares <leo@hyper.ag>
(cherry picked from commit 35a0f2b00c44a43ad087327f0cbdb1c9c5e60c49)
Signed-off-by: Tom Herbers <mail@tomherbers.de>
|
| |
|
|
|
|
| |
This should help debug mv88e6xxx issues
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
|
