aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* fman-ucode: bump to LSDK-21.08Martin Schiller2021-12-131-4/+4
| | | | | | | | | Just update PKG_VERSION/PKG_MIRROR_HASH since fman-ucode of LSDK-21.08 had no changes. Switched to AUTORELEASE for simplicity. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* tfa-layerscape: bump to LSDK-21.08Martin Schiller2021-12-134-56/+60
| | | | | | Update tfa package to latest LSDK-21.08. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* uboot-layerscape: bump to LSDK-21.08Martin Schiller2021-12-1321-49/+87
| | | | | | | | | | | | | Update layerscape u-boot package to LSDK-21.08 and drop patches which are no longer needed. The new env variable 'fsl_bootcmd_mcinitcmd_set' is needed to protect the configured bootcmd and mc_init values. See [1] for more informations. [1] https://source.denx.de/u-boot/u-boot/-/commit/b62c174e861bddc3c7131045ed018556645cecb9 Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* ls-rcw: bump to LSDK-21.08Martin Schiller2021-12-132-38/+3
| | | | | | | Update ls-rcw to latest LSDK-21.08. Drop patch 0001 since it had been integrated. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* otrx: update to the latest masterRafał Miłecki2021-12-131-3/+3
| | | | | | | | | | | 56e8e19 otrx: support TRX from stdin when extracting a37ccaf otrx: support unsorted partitions offsets 1fa145e otrx: extract shared code opening & parsing TRX format 4ecefda otrx: allow validating TRX from stdin cf01e69 otrx: avoid unneeded fseek() when calculating CRC32 Fixes: 80041dea7094 ("bcm53xx: sysupgrade: refactor handling different firmware formats") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* dtc: support printing binary data with fdtgetRafał Miłecki2021-12-131-0/+137
| | | | | | | It's needed for extracting binary images. Cc: Yousong Zhou <yszhou4tech@gmail.com> Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* dtc: import package for dtc & fdt from packages feedRafał Miłecki2021-12-131-0/+93
| | | | | | | | | | | | | | | fdt* utils are needed by targets that use U-Boot FIT images for sysupgrade. It includes all recent BCM4908 SoC routers as Broadcom switched from CFE to U-Boot. fdtget is required for extracting images (bootfs & rootfs) from Broadcom's ITB. Extracted images can be then flashed to UBI volumes. sysupgrade is core functionality so it needs dtc as part of base code base. Cc: Yousong Zhou <yszhou4tech@gmail.com> Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* procd: update to git HEADDaniel Golle2021-12-111-3/+3
| | | | | | bb95fe8 jail: make sure jailed process is terminated Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rtl8812au-ct: update driver to be ready for 5.15Janpieter Sollie2021-12-111-3/+3
| | | | | | | | update rtl8812au-ct driver to be ready for 5.15 Linux. Signed-off-by: Janpieter Sollie <janpieter.sollie@edpnet.be> [added commit message from PR with changes, added tag to subject] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* hostapd: add support for specifying the FILS DHCP serverFelix Fietkau2021-12-103-1/+18
| | | | | | | | The 'fils_dhcp' option can be set to '*' in order to autodetect the DHCP server For proto=dhcp networks, the discovered dhcp server will be used For all other networks, udhcpc is called to discover the address Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: on dhcp interfaces, store the dhcp server in interface dataFelix Fietkau2021-12-101-0/+1
| | | | | | | | Among other things, this can be used to auto-configure the DHCP server address for wireless APs using FILS, if the bridged interface is configured to DHCP Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for enabling FILS on AP and client interfacesFelix Fietkau2021-12-101-4/+37
| | | | | | This is only supported with WPA-enterprise Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: enable FILS support in the full config and add build feature discoveryFelix Fietkau2021-12-109-18/+42
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add kmod-video-gspca-sq930xJosef Schlehofer2021-12-051-0/+15
| | | | | | | | This module adds support for USB WebCams, which uses SQ930X chip [1]. [1] https://cateee.net/lkddb/web-lkddb/USB_GSPCA_SQ930X.html Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* kernel: btrfs: enable ACLJosef Schlehofer2021-12-051-1/+0
| | | | | | | | | | | | | | | | | By default CONFIG_BTRFS_FS_POSIX_ACL is disabled, it should be enabled only when you enable CONFIG_FS_POSIX_ACL. Right now, when you enable CONFIG_FS_POSIX_ACL it will enable CONFIG_BTRFS_FS_POSIX_ACL, but it will be disabled once you install kmod-btrfs. This should prevent it. Btrfs has enabled by default ACL for mount option. More details: https://cateee.net/lkddb/web-lkddb/BTRFS_FS_POSIX_ACL.html https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5) Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
* nat46: update to latest git HEADHans Dedecker2021-12-051-3/+3
| | | | | | | d9bc161 nat46-core: Fix typo since day one (#31) 840e235 Fix coverity issues observed so far (#30) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: fix service_running checkFlorian Eckert2021-12-041-3/+3
| | | | | | | | | | | | | | | | | | The following command checks if a instance of a service is running. /etc/init.d/<service> running <instance> In the variable `$@`, which is passed to the function `service_running`, the first argument is always the `instance` which should be checked. Because all other variables where removed from `$@` with `shift`. Before this change the first argument of `$@` was set to the `$service` Variable. So the function does not work as expected. The `$service` variable was always the instance which should be checked. This is not what we want. Signed-off-by: Florian Eckert <fe@dev.tdt.de> Reviewed-by: Sungbo Eo <mans0n@gorani.run>
* firmware: intel-microcode: update to 20210608Tan Zien2021-12-031-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | intel-microcode (3.20210608.2) * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and debian/changelog (3.20210608.1). intel-microcode (3.20210608.1) * New upstream microcode datafile 20210608 (closes: #989615) * Implements mitigations for CVE-2020-24511 CVE-2020-24512 (INTEL-SA-00464), information leakage through shared resources, and timing discrepancy sidechannels * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465), Domain-bypass transient execution vulnerability in some Intel Atom Processors, affects Intel SGX. * Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel VT-d privilege escalation * Fixes critical errata on several processors * New Microcodes: sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104 sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648 sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648 sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208 sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328 sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456 sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456 sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352 * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816 sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456 sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472 sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744 sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864 sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720 sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720 sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648 sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576 sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576 sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456 sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360 sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472 sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264 sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752 sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592 sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768 sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208 sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184 * source: update symlinks to reflect id of the latest release, 20210608 intel-microcode (3.20210216.1) * New upstream microcode datafile 20210216 * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx, and Cascade Lake Server (B0/B1) when using an active JTAG agent like In Target Probe (ITP), Direct Connect Interface (DCI) or a Baseboard Management Controller (BMC) to take the CPU JTAG/TAP out of reset and then returning it to reset. * This issue is related to the INTEL-SA-00381 mitigation. * Updated Microcodes: sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864 sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248 sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248 * source: update symlinks to reflect id of the latest release, 20210216 intel-microcode (3.20201118.1) * New upstream microcode datafile 20201118 * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake processors. Note that Debian already had removed this specific falty microcode update on the 3.20201110.1 release * Add a microcode update for the Pentium Silver N/J5xxx and Celeron N/J4xxx which didn't make it to release 20201110, fixing security issues (INTEL-SA-00381, INTEL-SA-00389) * Updated Microcodes: sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752 * Removed Microcodes: sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 intel-microcode (3.20201110.1) * New upstream microcode datafile 20201110 (closes: #974533) * Implements mitigation for CVE-2020-8696 and CVE-2020-8698, aka INTEL-SA-00381: AVX register information leakage; Fast-Forward store predictor information leakage * Implements mitigation for CVE-2020-8695, Intel SGX information disclosure via RAPL, aka INTEL-SA-00389 * Fixes critical errata on several processor models * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320) for Skylake-U/Y, Skylake Xeon E3 * New Microcodes sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648 sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768 sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208 sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184 * Updated Microcodes sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816 sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472 sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792 sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840 sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224 sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360 sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472 sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568 sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448 sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448 sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448 sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448 sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448 sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448 sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424 sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448 sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424 sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424 sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208 * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44 INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED FOR 0x806c1 TIGER LAKE PROCESSORS by this package update. Contact your system vendor for a firmware update, or wait fo a possible fix in a future Intel microcode release. * source: update symlinks to reflect id of the latest release, 20201110 * source: ship new upstream documentation (security.md, releasenote.md) Signed-off-by: Tan Zien <nabsdh9@gmail.com> [used different .tar.xz source, but with the same content] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* mt76: update to the latest versionFelix Fietkau2021-12-031-3/+3
| | | | | | | | | 71e08471ab56 mt76: eeprom: fix return code on corrected bit-flips 9a8fc6636d83 mt76: move sar_capa configuration in common code 7cdbea1dc82a mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr 678071ef7029 mt76: mt7615: clear mcu error interrupt status on mt7663 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ipq40xx: add support for GL.iNet GL-B2200TruongSinh Tran-Nguyen2021-12-024-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds supports for the GL-B2200 router. Specifications: - SOC: Qualcomm IPQ4019 ARM Quad-Core - RAM: 512 MiB - Flash: 16 MiB NOR - SPI0 - EMMC: 8GB EMMC - ETH: Qualcomm QCA8075 - WLAN1: Qualcomm Atheros QCA4019 2.4GHz 802.11b/g/n 2x2 - WLAN2: Qualcomm Atheros QCA4019 5GHz 802.11n/ac W2 2x2 - WLAN3: Qualcomm Atheros QCA9886 5GHz 802.11n/ac W2 2x2 - INPUT: Reset, WPS - LED: Power, Internet - UART1: On board pin header near to LED (3.3V, TX, RX, GND), 3.3V without pin - 115200 8N1 - UART2: On board with BLE module - SPI1: On board socket for Zigbee module Update firmware instructions: Please update the firmware via U-Boot web UI (by default at 192.168.1.1, following instructions found at https://docs.gl-inet.com/en/3/troubleshooting/debrick/). Normal sysupgrade, either via CLI or LuCI, is not possible from stock firmware. Please do use the *gl-b2200-squashfs-emmc.img file, gunzipping the produced *gl-b2200-squashfs-emmc.img.gz one first. What's working: - WiFi 2G, 5G - WPA2/WPA3 Not tested: - Bluetooth LE/Zigbee Credits goes to the original authors of this patch. V1->V2: - updates *arm-boot-add-dts-files.patch correctly (sorry, my mistake) - add uboot-envtools support V2->V3: - Li Zhang updated official patch to fix wrong MAC address on wlan0 (PCI) interface V3->V4: - wire up sysupgrade Signed-off-by: Li Zhang <li.zhang@gl-inet.com> [fix tab and trailing space, document what's working and what's not] Signed-off-by: TruongSinh Tran-Nguyen <i@truongsinh.pro> [rebase on top of master, address remaining comments] Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com> [remove redundant check in platform.sh] Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: add eMMC sysupgrade supportEnrico Mioso2021-12-022-0/+72
| | | | | | | | | | | | | | | | | | | | | | | | | Adds generic support for sysupgrading on eMMC-based devices. Provide function emmc_do_upgrade and emmc_copy_config to be used in /lib/upgrade/platform.sh instead of redundantly implementing the same logic over and over again. Similar to generic sysupgrade on NAND, use environment variables CI_KERNPART, CI_ROOTPART and newly introduce CI_DATAPART to indicate GPT partition names to be used. On devices with more than one MMC block device, CI_ROOTDEV can be used to specify the MMC device for partition name lookups. Also allow to select block devices directly using EMMC_KERN_DEV, EMMC_ROOT_DEV and EMMC_DATA_DEV, as using GPT partition names is not always an option (e.g. when forced to use MBR). To easily handle writing kernel and rootfs make use of sysupgrade.tar format convention which is also already used for generic NAND support. Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org> CC: Li Zhang <li.zhang@gl-inet.com> CC: TruongSinh Tran-Nguyen <i@truongsinh.pro>
* mac80211: fix tx aggregation locking issueFelix Fietkau2021-12-021-0/+79
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix queue assignment of aggregation start requestsFelix Fietkau2021-12-021-0/+28
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mt76: update to the latest versionFelix Fietkau2021-12-021-3/+3
| | | | | | | | | | | | | | | | | | | | | a6451fea5a3d mt76: mt7615: improve wmm index allocation 1911486414dc mt76: mt7915: improve wmm index allocation 7998a41d1321 mt76: clear sta powersave flag after notifying driver 664475574438 mt76: mt7603: introduce SAR support 5c0da39c940b mt76: mt7915: introduce SAR support 77fc6c439a32 mt76: mt7603: improve reliability of tx powersave filtering 094b3d800835 firmware: update mt7663 rebb firmware to 20200904171623 25237b19bcc1 mt76: eeprom: tolerate corrected bit-flips 1463cb4c6ac2 mt76: mt7921: fix boolreturn.cocci warning 586bad6020f7 mt76: mt7921: use correct iftype data on 6GHz cap init 8ec95c910425 mt76: mt7921s: fix bus hang with wrong privilege 688e30c7d854 firmware: update mt7921 firmware to version 20211014 6fad970893dd mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi 95acf972750c mt76: fix 802.3 RX fail by hdr_trans 3f402b0cf6c0 mt76: mt7921s: fix possible kernel crash due to invalid Rx count 929a03a8d65d mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ca-certificates: fix python3-cryptography woes in certdata2pem.pyChristian Lamparter2021-12-011-0/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch is a revert of the upstream patch to Debian's ca-certificate commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.") The reason is, that this change broke builds with the popular Ubuntu 20.04 LTS (focal) releases which are shipping with an older version of the python3-cryptography package that is not compatible. |Traceback (most recent call last): | File "certdata2pem.py", line 125, in <module> | cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend' |make[5]: *** [Makefile:6: all] Error 1 ...or if the python3-cryptography was missing all together: |Traceback (most recent call last): | File "/certdata2pem.py", line 31, in <module> | from cryptography import x509 |ModuleNotFoundError: No module named 'cryptography' More concerns were raised by Jo-Philipp Wich: "We don't want the build to depend on the local system time anyway. Right now it seems to be just a warning but I could imagine that eventually certs are simply omitted of found to be expired at build time which would break reproducibility." Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697> Reported-by: Chen Minqiang <ptpt52@gmail.com> Reported-by: Shane Synan <digitalcircuit36939@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* hostapd: make hostapd/supplicant/wpad packages depend on a specific version ↵Felix Fietkau2021-12-011-0/+3
| | | | | | | | | of hostapd-commoon This avoids potential version mismatch between packages when upgraded individually Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: remove bulk flow detection from default portsFelix Fietkau2021-12-011-3/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: add besteffort class and switch all default classifications to class ↵Felix Fietkau2021-12-012-13/+17
| | | | | | names Signed-off-by: Felix Fietkau <nbd@nbd.name>
* nftables: bump to 1.0.1Stijn Tintel2021-12-011-3/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* libnftnl: bump to 1.2.1Stijn Tintel2021-12-011-2/+2
| | | | | | This version is required by nftables 1.0.1. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ca-certicficates: Update to version 20211016Christian Lamparter2021-11-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the ca-certificates and ca-bundle package from version 20210119 to version 20211016. Debian change-log entry [1]: |[...] |[ Julien Cristau ] |* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority | bundle to version 2.50 | The following certificate authorities were added (+): | + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" | + "GlobalSign Root R46" | + "GlobalSign Root E46" | + "GLOBALTRUST 2020" | + "ANF Secure Server Root CA" | + "Certum EC-384 CA" | + "Certum Trusted Root CA" | The following certificate authorities were removed (-): | - "QuoVadis Root CA" | - "Sonera Class 2 Root CA" | - "GeoTrust Primary Certification Authority - G2" | - "VeriSign Universal Root Certification Authority" | - "Chambers of Commerce Root - 2008" | - "Global Chambersign Root - 2008" | - "Trustis FPS Root CA" | - "Staat der Nederlanden Root CA - G3" | * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) |[...] [1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* nftables: install package fileKevin Darbyshire-Bryant2021-11-301-0/+3
| | | | | | Install pc file so dnsmasq can find libnftables Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* mac80211: fixed missing cfg80211 dependency on kmod-rfkillOldřich Jedlička2021-11-291-1/+1
| | | | | | | | | | | | | | | | | | | When compiling with CONFIG_USE_RFKILL=y, the build fails and mentions that dependency on kmod-rfkill is missing, which is correct [1]. Add this dependency to the Makefile. Depend on +USE_RFKILL and not PACKAGE_kmod-rfkill, because it forces selection of kmod-rfkill package. Other combinations in DEPENDS like USE_RFKILL:kmod-rfkill or (+)PACKAGE_kmod-rfkill:kmod-rfkill do not force selection of kmod-rfkill package. The kmod-rfkill package itself depends on USE_RFKILL, so with +USE_RFKILL in kmod-cfg80211 package it is not possible to select wrong combination of packages. [1] https://linux-wireless.vger.kernel.narkive.com/m8JY9Iks/cfg80211-depends-on-rfkill-or-not Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
* ath10k-ct: Fix spectral scan NULL pointerRobert Marko2021-11-291-0/+32
| | | | | | | | | | | | If spectral scan support is enabled then ath10k-ct will cause a NULL pointer due to relay_open() being called with a const callback struct which is only supported in kernel 5.11 and later. So, simply check the kernel version and if 5.11 and newer use the const callback struct, otherwise use the regular struct. Fixes: 553a3ac ("ath10k-ct: use 5.15 version") Signed-off-by: Robert Marko <robimarko@gmail.com>
* uboot-omap: Remove omap3_overo configurationHauke Mehrtens2021-11-281-5/+1
| | | | | | | | | | | The configs/omap3_overo_defconfig file was removed from upstream U-Boot in commit ed3294d6d1f9 ("arm: Remove overo board"). Remove it in OpenWrt too. If someone needs this please add it also to upstream U-Boot. This fixes the compile of the omap target. Fixes: ffb807ec90d3 ("omap: update u-boot to 2021.07") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ipq40xx: Add support for Teltonika RUTX10Felix Matouschek2021-11-282-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds support for the Teltonika RUTX10. This device is an industrial DIN-rail router with 4 ethernet ports, 2.4G/5G dualband WiFi, Bluetooth, a USB 2.0 port and two GPIOs. The RUTX series devices are very similiar so common parts of the DTS are kept in a DTSI file. They are based on the QCA AP-DK01.1-C1 dev board. See https://teltonika-networks.com/product/rutx10 for more info. Hardware: SoC: Qualcomm IPQ4018 RAM: 256MB DDR3 SPI Flash 1: XTX XT25F128B (16MB, NOR) SPI Flash 2: XTX XT26G02AWS (256MB, NAND) Ethernet: Built-in IPQ4018 (SoC, QCA8075), 4x 10/100/1000 ports WiFi 1: Qualcomm QCA4019 IEEE 802.11b/g/n Wifi 2: Qualcomm QCA4019 IEEE 802.11a/n/ac USB Hub: Genesys Logic GL852GT Bluetooth: Qualcomm CSR8510 (A10U) LED/GPIO controller: STM32F030 with custom firmware Buttons: Reset button Leds: Power (green, cannot be controlled) WiFi 2.4G activity (green) WiFi 5G activity (green) MACs Details verified with the stock firmware: eth0: Partition 0:CONFIG Offset: 0x0 eth1: = eth0 + 1 radio0 (2.4 GHz): = eth0 + 2 radio1 (5.0 GHz): = eth0 + 3 Label MAC address is from eth0. The LED/GPIO controller needs a separate kernel driver to function. The driver was extracted from the Teltonika GPL sources and can be found at following feed: https://github.com/0xFelix/teltonika-rutx-openwrt USB detection of the bluetooth interface is sometimes a bit flaky. When not detected power cycle the device. When the bluetooth interface was detected properly it can be used with bluez / bluetoothctl. Flash instructions via stock web interface (sysupgrade based): 1. Set PC to fixed ip address 192.168.1.100 2. Push reset button and power on the device 3. Open u-boot HTTP recovery at http://192.168.1.1 4. Upload latest stock firmware and wait until the device is rebooted 5. Open stock web interface at http://192.168.1.1 6. Set some password so the web interface is happy 7. Go to firmware upgrade settings 8. Choose openwrt-ipq40xx-generic-teltonika_rutx10-squashfs-nand-factory.ubi 9. Set 'Keep settings' to off 10. Click update, when warned that it is not a signed image proceed Return to stock firmware: 1. Set PC to fixed ip address 192.168.1.100 2. Push reset button and power on the device 3. Open u-boot HTTP recovery at http://192.168.1.1 4. Upload latest stock firmware and wait until the device is rebooted Note: The DTS expects OpenWrt to be running from the second rootfs partition. u-boot on these devices hot-patches the DTS so running from the first rootfs partition should also be possible. If you want to be save follow the instructions above. u-boot HTTP recovery restores the device so that when flashing OpenWrt from stock firmware it is flashed to the second rootfs partition and the DTS matches. Signed-off-by: Felix Matouschek <felix@matouschek.org>
* kernel: add back kmod-leds-tlc591xxMatthew Hagan2021-11-281-0/+18
| | | | | | | | | | | Add back support for the TLC591xx series LEDs which are used in the ipq806x-based Meraki Cryptid series devices. This module previously existed for the mvebu platform but was removed at commit f849c2c83247340d623fdb549e2b75f4c1feea62 due to being enabled in that platform's kernel config. Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
* ipq40xx: add support for MikroTik hAP ac3Robert Marko2021-11-282-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for the MikroTik RouterBOARD RBD53iG-5HacD2HnD (hAP ac³), a indoor dual band, dual-radio 802.11ac wireless AP with external omnidirectional antennae, USB port, five 10/100/1000 Mbps Ethernet ports and PoE passthrough. See https://mikrotik.com/product/hap_ac3 for more info. Specifications: - SoC: Qualcomm Atheros IPQ4019 - RAM: 256 MB - Storage: 16 MB NOR + 128 MB NAND - Wireless: · Built-in IPQ4019 (SoC) 802.11b/g/n 2x2:2, 3 dBi antennae · Built-in IPQ4019 (SoC) 802.11a/n/ac 2x2:2, 5.5 dBi antennae - Ethernet: Built-in IPQ4019 (SoC, QCA8075) , 5x 1000/100/10 port, passive PoE in, PoE passtrough on port 5 - 1x USB Type A port Installation: 1. Boot the initramfs image via TFTP 2. Run "cat /proc/mtd" and look for "ubi" partition mtd device number, ex. "mtd1" 3. Use ubiformat to remove MikroTik specific UBI volumes * Detach the UBI partition by running: "ubidetach -d 0" * Format the partition by running: "ubiformat /dev/mtdN -y" Replace mtdN with the correct mtd index from step 2. 3. Flash the sysupgrade image using "sysupgrade -n" Signed-off-by: Robert Marko <robimarko@gmail.com> Tested-by: Mark Birss <markbirss@gmail.com> Tested-by: Michael Büchler <michael.buechler@posteo.net> Tested-by: Alex Tomkins <tomkins@darkzone.net>
* base-files: dont always create kernel UBI volumeRobert Marko2021-11-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently nand_upgrade_tar() will pass the kernel length to nand_upgrade_prepare_ubi() in all cases except for when the kernel is to be installed in a separate partition as a binary with the MTD tool. While this is fine for almost all cases newer MikroTik NAND devices like hAP ac3 require the kernel to be installed as a UBIFS packed UBI volume in its own partition. So, since we have a custom recipe to use ubiformat to flash the kernel in its partition it makes no sense for sysupgrade to also install the kernel as a UBI volume in the "ubi" partition as it only wastes space and will never be used. So, simply check whether CI_KERNPART is set to "none" and if so unset the "has_kernel" variable which will in turn prevent the kernel length from being passed on and then the kernel UBI volume wont be created for no usefull purpose. The ath79 MikroTik NAND target has been setting CI_KERNPART to "none" for a while now altough that was not preventing the kernel to be installed as UBI volume as well. Signed-off-by: Robert Marko <robimarko@gmail.com>
* ath10k-ct: update version to fix DFS for VHT160Hannu Nyman2021-11-282-4/+4
| | | | | | | | | | Update ath10k-ct to get the upstream fix for DFS support for VHT160 in the 5.15 based ath10k-ct. (Switch from 5.10 to 5.15 surfaced the upstream regression.) * refresh one patch Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* ath10k: support nvmem-cells for (pre-)calibrationChristian Lamparter2021-11-288-24/+348
| | | | | | refreshes mac80211 + ath10k-ct patches. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* uboot-lantiq: danube: fix hanging lzma kernel uncompression #2Mathias Kresin2021-11-271-0/+9
| | | | | | | Follow up to commit 565b62cca2fc7d27f1f1584c44830a6e5c4f0f61. Managed to hit the very same issue again while playing with the NOR SPL builds. Signed-off-by: Mathias Kresin <dev@kresin.me>
* uboot-mvebu: update to v2021.10Andre Heider2021-11-271-2/+2
| | | | Signed-off-by: Andre Heider <a.heider@gmail.com>
* arm-trusted-firmware-mvebu: bump mv-ddr-marvell to current versionAndre Heider2021-11-271-3/+3
| | | | | | | | | | | efcad0e Merge pull request #33 from Semihalf/cn913x_cex7_eval 91bed2c cn913x: Add cn913x_cex7_eval config 55139f6 Merge pull request #32 from pali/master e5573cc ARM: mvebu: a38x: Correct mismatched bound warnings d83c38b a3700: Remove duplicate check for DDR_TYPE c0c6bf7 a3700: Put temporary a3700_ddr_type file into $(OBJ_DIR) Signed-off-by: Andre Heider <a.heider@gmail.com>
* arm-trusted-firmware-mvebu: bump a3700-utils to current versionAndre Heider2021-11-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | With cryptocpp in place we can now update past the point of dropping the old tbb_linux binary and build it instead. Hauke confirmed that this also allows this firmware to be built on aarch64. 97f01f5 Wtpdownloader: Properly retrieve current tty options a33ff86 Wtpdownloader: Set CREAD tty cflag af461d2 Wtpdownloader: Fix stuck during opening UART tty device 38c2135 Makefile: Print error when specified CLOCKSPRESET is not valid f014428 TBB: Remove out-of-dated x86-64 ELF binary tbb_linux 1b6cb50 TBB: Fix compilation with Crypto++ 5.6.5 d9fb291 TBB: Fix memory corruptions by calling correct delete[] operator d575885 TBB: Fix initializing CCTIM object b9e1c4e Wtpdownloader: Fix makefile 8f61591 Wtpdownloader: Fix building with gcc 11 eabea5f TBB: Fix building with gcc 11 Signed-off-by: Andre Heider <a.heider@gmail.com>
* arm-trusted-firmware-mvebu: add cryptoppJosef Schlehofer2021-11-272-20/+18
| | | | | | | | | | | | | | | Based on the Build Instructions for Trusted-Firmware-A [1], there is a required cryptopp [2]. In the past, it used 'tbb_linux' image tool binary, which seems to be buggy, deprecated and removed from A3700-utils-marvell and it should not be used anymore. That's why I removed 001-imagetool.patch, which is no longer necessary. [1] https://trustedfirmware-a.readthedocs.io/en/v2.5/plat/marvell/armada/build.html [2] https://cryptopp.com/ Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* arm-trusted-firmware-mvebu: fix commit ids to for mv-ddr-marvellKerma Gérald2021-11-271-0/+12
| | | | | | | | | | without this patch a3700-utils/tim/ddr/ddr_tool.verstr contains the OpenWrt commit ID. this patch fix the mv_ddr version commit ID by using the global variable MV_DDR_COMMIT_ID. Upon boot it now prints "mv_ddr-devel-g02e23dbc-d DDR4 16b 1GB 1CS". Cc: Andre Heider <a.heider@gmail.com> Signed-off-by: Kerma Gérald <gandalf@gk2.net>
* ath10k-ct: use 5.15 versionAnsuel Smith2021-11-276-109/+72
| | | | | | | | | | | We switched to mac80211 5.15 backport version. Also switch ath10k-ct to 5.15 and drop the mac address patch that got merged upstream. Compile and tested on ipq806x Netgear R7800. Also update the ath10k-ct to latest version to fix a typo for the new version in the kernel log. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* mac80211: fix a regression in generating radiotap headersFelix Fietkau2021-11-261-0/+49
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: backport fix for dealing with stripped IV on rxFelix Fietkau2021-11-261-0/+26
| | | | | | This fixes potental rx drop issues Signed-off-by: Felix Fietkau <nbd@nbd.name>